Page 1 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) First Published: 2015-09-21 Last Modified: 2016-06-30 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
Page 2 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
Page 3: Table Of Contents
Searching and Filtering Output of show and more Commands Accessing the CLI on a Switch Stack Accessing the CLI Through a Console Connection or Through Telnet Interface and Hardware P A R T I Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 4 Setting the Interface Speed and Duplex Parameters Configuring IEEE 802.3x Flow Control Configuring SVI Autostate Exclude Shutting Down and Restarting the Interface Configuring the Console Media Type Configuring the USB Inactivity Timeout Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 5 Supported Features on the Ethernet Management Port How to Configure the Ethernet Management Port Disabling and Enabling the Ethernet Management Port Additional References Feature Information for Ethernet Management Ports Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 6 Information about the MTU System MTU Guidelines How to Configure MTU Configuring the System MTU Configuration Examples for System MTU Additional References for System MTU Feature Information for System MTU Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 7 Configuration Examples for Configuring PoE Budgeting Power: Example Additional References Configuring 2-event Classification C H A P T E R 9 Finding Feature Information Information about 2-event Classification Configuring 2-event Classification Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 8 IGMP Snooping IGMP Versions Joining a Multicast Group Leaving a Multicast Group Immediate Leave IGMP Configurable-Leave Timer IGMP Report Suppression IGMP Snooping and Switch Stacks Default IGMP Snooping Configuration Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) viii...
Page 9 Monitoring IGMP Filtering and Throttling Configuration Configuration Examples for IGMP Snooping and MVR Example: Configuring IGMP Snooping Using CGMP Packets Example: Enabling a Static Connection to a Multicast Router Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 10 Enabling or Disabling MLD Snooping on the Switch (CLI) Enabling or Disabling MLD Snooping on a VLAN (CLI) Configuring a Static Multicast Group (CLI) Configuring a Multicast Router Port (CLI) Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 11 Configuring Static Routing for IPv6 (CLI) Displaying IPv6 Configuration Examples for IPv6 Unicast Routing Configuring IPv6 Addressing and Enabling IPv6 Routing: Example Configuring IPv6 ICMP Rate Limiting: Example Configuring Static Routing for IPv6: Example Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 12 Spanning-Tree Topology and BPDUs Bridge ID, Device Priority, and Extended System ID Port Priority Versus Path Cost Spanning-Tree Interface States Blocking State Listening State Learning State Forwarding State Disabled State Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 13 C H A P T E R 1 6 Finding Feature Information Prerequisites for MSTP Restrictions for MSTP Information About MSTP MSTP Configuration MSTP Configuration Guidelines Root Switch Multiple Spanning-Tree Regions Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xiii...
Page 14 Configuring the Root Switch Configuring a Secondary Root Switch Configuring Port Priority Configuring Path Cost Configuring the Switch Priority Configuring the Hello Time Configuring the Forwarding-Delay Time Configuring the Maximum-Aging Time Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 15 STP PortFast Port Types Bridge Assurance How to Configure Optional Spanning-Tree Features Enabling PortFast Enabling BPDU Guard Enabling BPDU Filtering Enabling UplinkFast for Use with Redundant Links Disabling UplinkFast Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 16 PAgP Learn Method and Priority PAgP Interaction with Virtual Switches and Dual-Active Detection PAgP Interaction with Other Features Link Aggregation Control Protocol LACP Modes LACP Interaction with Other Features EtherChannel On Mode Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 17 Example: Configuring Port Channel Load Deferral Configuring Auto LAG: Examples Configuring LACP Port Channel Min-Links: Examples Configuring LACP Fast Rate Timer: Examples Additional References for EtherChannels Feature Information for EtherChannels Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xvii...
Page 18 Configuring MAC Address-Table Move Update Configuring a Switch to Obtain and Process MAC Address-Table Move Update Messages Monitoring Flex Links, Multicast Fast Convergence, and MAC Address-Table Move Update Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xviii...
Page 19 C H A P T E R 2 2 Finding Feature Information Prerequisites for Configuring the Configuration Engine Restrictions for Configuring the Configuration Engine Information About Configuring the Configuration Engine Cisco Configuration Engine Software Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 20 CDP Overview CDP and Stacks Default CDP Configuration How to Configure CDP Configuring CDP Characteristics Disabling CDP Enabling CDP Disabling CDP on an Interface Enabling CDP on an Interface Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 21 Configuring SPAN and RSPAN C H A P T E R 2 5 Finding Feature Information Prerequisites for SPAN and RSPAN Restrictions for SPAN and RSPAN Information About SPAN and RSPAN Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 22 Example: Configuring Local SPAN Examples: Creating an RSPAN VLAN Additional References Feature History and Information for SPAN and RSPAN Cisco Flexible NetFlow P A R T V I Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xxii...
Page 23 Example: Configuring a Flow Additional References Feature Information for Flexible NetFlow P A R T V I I Configuring QoS C H A P T E R 2 7 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xxiii...
Page 24 Configurable Ingress Queue Types WTD Thresholds Buffer and Bandwidth Allocation Priority Queueing Queueing and Scheduling on Egress Queues Egress Expedite Queue Egress Queue Buffer Allocation Buffer and Memory Allocation Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xxiv...
Page 25 Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps Classifying, Policing, and Marking Traffic by Using Aggregate Policers Configuring DSCP Maps Configuring the CoS-to-DSCP Map Configuring the IP-Precedence-to-DSCP Map Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 26 Examples: Classifying, Policing, and Marking Traffic by Using Aggregate Policers Examples: Configuring DSCP Maps Examples: Configuring Ingress Queue Characteristics Examples: Configuring Egress Queue Characteristics Where to Go Next Additional References Feature History and Information for QoS Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xxvi...
Page 27 Where to Go Next for Auto-QoS Additional References for Auto-QoS Feature History and Information for Auto-QoS Routing P A R T V I I I Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xxvii...
Page 28 How to Configure an IPv6 Router Advertisement Guard Policy How to Attach an IPv6 Router Advertisement Guard Policy to an Interface How to Attach an IPv6 Router Advertisement Guard Policy to a Layer 2 EtherChannel Interface Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xxviii...
Page 29 Stack Member Numbers Stack Member Priority Values Switch Stack Bridge ID and MAC Address Persistent MAC Address on the Switch Stack Stack MasterActive and Standby Switch Election and Reelection Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xxix...
Page 30 Monitoring the Switch Stack Configuration Examples for Switch Stacks Switch Stack Configuration Scenarios Enabling the Persistent MAC Address Feature: Example Provisioning a New Member for a Switch Stack: Example Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 31 Example: Protecting Enable and Enable Secret Passwords with Encryption Example: Setting a Telnet Password for a Terminal Line Example: Setting the Privilege Level for a Command Additional References Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xxxi...
Page 32 Establishing a Session with a Router if the AAA Server is Unreachable Configuring Per VRF on a TACACS Server Verifying Per VRF for TACACS Servers Monitoring TACACS+ Configuration Examples for TACACS+ Example: TACACS Authorization Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xxxii...
Page 33 Configuring RADIUS Authorization for User Privileged Access and Network Services Starting RADIUS Accounting Verifying Attribute 196 Configuring the Switch to Use Vendor-Specific RADIUS Attributes Configuring the Switch for Vendor-Proprietary RADIUS Server Communication Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xxxiii...
Page 34 Example: Enabling Load Balancing for a Global RADIUS Server Group Example: Monitoring Idle Timer Example: Configuring the Preferred Server with the Same Authentication and Authorization Server Example: Configuring the Preferred Server with Different Authentication and Authorization Servers Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xxxiv...
Page 35 CoA Session Reauthenticate Command CoA Session Terminate Command Stacking Guidelines for Session Termination Stacking Guidelines for CoA-Request Bounce-Port Stacking Guidelines for CoA-Request Disable-Port How to Configure RADIUS Change-of-Authorization Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xxxv...
Page 36 Enabling Kerberos Instance Mapping Monitoring the Kerberos Configuration Configuration Examples for Kerberos Example: Defining a Kerberos Realm Example: Copying a SRVTAB File Example: Configuring Kerberos Example: Encrypting a Telnet Session 1000 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xxxvi...
Page 37 Suppressing Generation of Accounting Records for Null Username Sessions 1021 Generating Interim Accounting Records 1022 Generating Accounting Records for Failed Login or Session 1022 Specifying Accounting NETWORK-Stop Records Before EXEC-Stop Records 1022 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xxxvii...
Page 38 Overview of the Cisco IOS Auth Manager 1042 Overview of the Configurable MAB Username and Password 1042 How to Configure MAC Authentication Bypass 1044 Enabling MAC Authentication Bypass 1044 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xxxviii...
Page 39 Finding Feature Information 1063 Prerequisites for AAA-SERVER-MIB Set Operation 1063 Restrictions for AAA-SERVER-MIB Set Operation 1064 Information About AAA-SERVER-MIB Set Operation 1064 CISCO-AAA-SERVER-MIB 1064 CISCO-AAA-SERVER-MIB Set Operation 1064 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xxxix...
Page 40 Troubleshooting Reverse SSH on the Server 1082 Monitoring the SSH Configuration and Status 1083 Configuring Secure Copy 1083 Configuration Examples for Secure Shell 1085 Example: Secure Copy Configuration Using Local Authentication 1085 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 41 Configuring a Device for SSH Version 2 Using RSA Key Pairs 1094 Configuring the Cisco SSH Server to Perform RSA-Based User Authentication 1096 Configuring the Cisco IOS SSH Client to Perform RSA-Based Server Authentication 1098 Starting an Encrypted Session with a Remote Device 1100...
Page 42 SSL Configuration Guidelines 1130 How to Configure Secure Socket Layer HTTP 1131 Configuring the Secure HTTP Server 1131 Configuring the Secure HTTP Client 1134 Configuring a CA Trustpoint 1135 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xlii...
Page 43 Querying a Certification Revocation List 1154 Deleting RSA Keys from a Device 1155 Deleting Public Keys for a Peer 1156 Deleting Certificates from the Configuration 1157 Viewing Keys and Certificates 1158 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xliii...
Page 44 ACL Overview 1175 Standard and Extended IPv4 ACLs 1175 IPv4 ACL Switch Unsupported Features 1176 Access List Numbers 1176 Numbered Standard IPv4 ACLs 1177 Numbered Extended IPv4 ACLs 1177 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xliv...
Page 45 Example: Configuring an Access Control Entry with Noncontiguous Ports 1208 Example: Consolidating Access List Entries with Noncontiguous Ports into One Access List Entry 1208 Example Resequencing Entries in an Access List 1209 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 46 Example: Applying IPv6 ACLs 1231 Example: Configuring PACL Mode and Applying IPv6 PACL on an Interface 1231 Example: IPv6 ACL Extensions for Hop by Hop Filtering 1231 Additional References 1232 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xlvi...
Page 47 Configuring VLAN Maps 1251 Creating a VLAN Map 1253 Applying a VLAN Map to a VLAN 1255 Configuring VACL Logging 1256 Configuration Examples for ACLs and VLAN Maps 1257 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xlvii...
Page 48 Specifying the Packet Forwarding Address 1275 Prerequisites for Configuring DHCP Snooping and Option 82 1277 Enabling DHCP Snooping and Option 82 1278 Enabling the Cisco IOS DHCP Server Database 1282 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xlviii...
Page 49 Default Dynamic ARP Inspection Configuration 1304 Relative Priority of ARP ACLs and DHCP Snooping Entries 1305 Configuring ARP ACLs for Non-DHCP Environments 1305 Configuring Dynamic ARP Inspection in DHCP Environments 1308 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) xlix...
Page 50 Cisco Secure ACS and Attribute-Value Pairs for the Redirect URL 1338 Cisco Secure ACS and Attribute-Value Pairs for Downloadable ACLs 1338 VLAN ID-based MAC Authentication 1339 802.1x Authentication with Guest VLAN 1339 802.1x Authentication with Restricted VLAN 1340 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 51 Configuring Voice Aware 802.1x Security 1358 Configuring 802.1x Violation Modes 1359 Configuring 802.1x Authentication 1361 Configuring 802.1x Port-Based Authentication 1362 Configuring the Switch-to-RADIUS-Server Communication 1365 Configuring the Host Mode 1366 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 52 Monitoring 802.1x Statistics and Status 1411 Additional References 1412 Feature Information for 802.1x Port-Based Authentication 1413 Configuring Web-Based Authentication 1415 C H A P T E R 5 9 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 53 Configuring Switch-to-RADIUS-Server Communication 1435 Configuring the HTTP Server 1437 Customizing the Authentication Proxy Web Pages 1438 Specifying a Redirection URL for Successful Login 1440 Configuring the Web-Based Authentication Parameters 1441 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) liii...
Page 54 Configuring Auto Identity at an Interface Level 1458 Configuration Examples for Auto Identity 1459 Example: Configuring Auto Identity Globally 1459 Example: Configuring Auto Identity at an Interface Level 1460 Verifying Auto Identity 1460 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 55 Monitoring Port Blocking 1479 Where to Go Next 1479 Additional References 1480 Feature Information 1481 Prerequisites for Port Security 1481 Restrictions for Port Security 1481 Information About Port Security 1482 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 56 Where to Go Next 1503 Additional References 1503 Feature Information 1504 Finding Feature Information 1504 Information About Port Blocking 1504 Port Blocking 1504 How to Configure Port Blocking 1505 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 57 C H A P T E R 6 4 Information About Administering the Switch 1523 System Time and Date Management 1523 System Clock 1523 Real Time Clock 1524 Network Time Protocol 1524 NTP Stratum 1526 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) lvii...
Page 58 1548 Adding and Removing Static Address Entries 1550 Configuring Unicast MAC Address Filtering 1551 Monitoring and Maintaining Administration of the Switch 1553 Configuration Examples for Switch Administration 1554 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) lviii...
Page 59 Configuring DHCP Autoconfiguration (Only Configuration File) 1570 Configuring DHCP Auto-Image Update (Configuration File and Image) 1572 Configuring the Client to Download Files from DHCP Server 1576 Manually Assigning IP Information to Multiple SVIs 1577 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 60 Configuring System Message Logs 1597 C H A P T E R 6 7 Information About Configuring System Message Logs 1597 System Messsage Logging 1597 System Log Message Format 1598 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 61 1619 Starting Online Diagnostic Tests 1619 Example: Configure a Health Monitoring Test 1620 Examples: Schedule Diagnostic Test 1620 Displaying Online Diagnostics: Examples 1620 Additional References for Online Diagnostics 1622 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 62 1643 Monitoring SFP Module Status 1643 Executing Ping 1643 Monitoring Temperature 1644 Monitoring the Physical Path 1644 Executing IP Traceroute 1644 Running TDR and Displaying the Results 1645 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) lxii...
Page 63 Embedded Event Manager 3.2 1666 Embedded Event Manager 4.0 1666 EEM Event Detectors Available by Cisco IOS Release 1667 Event Detectors 1669 EEM Actions Available by Cisco IOS Release 1673 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) lxiii...
Page 64 Clearing Pending EEM Policy Events or Event Queues 1715 Modifying the Scheduling Parameters of EEM Policy Events or Event Queues 1717 Verifying Class-Based Active EEM Policies 1718 Verifying Class-Based Active EEM Policies 1719 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) lxiv...
Page 65 Example MAT Event Detector 1749 Example Neighbor-Discovery Event Detector 1749 Embedded Event Manager Manual Policy Execution Examples 1749 Embedded Event Manager Watchdog System Monitor (Cisco IOS) Event Detector Configuration Example 1750 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 66 Configuring Description of an EEM Applet Examples 1759 Additional References 1759 Feature Information for Writing EEM 4.0 Policies Using the Cisco IOS CLI 1760 Writing Embedded Event Manager Policies Using Tcl 1763 C H A P T E R 7 2...
Page 67 Tracing Tcl set Command Operations Example 1821 RPC Event Detector Example 1821 Additional References 1823 Feature Information for Writing EEM 4.0 Policies Using the Cisco IOS CLI 1824 Signed Tcl Scripts 1825 C H A P T E R 7 3 Finding Feature Information...
Page 68 1861 context_save 1864 EEM Event Registration Tcl Command Extensions 1869 C H A P T E R 7 6 event_register_appl 1870 event_register_cli 1873 event_register_counter 1877 event_register_gold 1879 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) lxviii...
Page 69 C H A P T E R 7 8 cli_debug 1985 smtp_debug 1986 EEM Multiple Event Support Tcl Command Extensions 1987 C H A P T E R 7 9 attribute 1987 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) lxix...
Page 70 2012 description 2013 fts_get_stamp 2014 register_counter 2014 register_timer 2016 timer_arm 2017 timer_cancel 2019 unregister_counter 2020 Configuring Cisco IOS IP SLAs 2023 P A R T X I I Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 71 2032 Feature History and Information for Service Level Agreements 2033 Working with the Cisco IOS File System, Configuration Files, and Software Images 2035 P A R T X I I I Working with the Cisco IOS File System, Configuration Files, and Software Images...
Page 72 Preparing to Download or Upload an Image File By Using TFTP 2066 Downloading an Image File By Using TFTP 2067 Uploading an Image File Using TFTP 2068 Copying Image Files Using FTP 2069 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) lxxii...
Page 73 Default VTP Configuration 2092 How to Configure VTP 2093 Configuring VTP Mode 2093 Configuring a VTP Version 3 Password 2095 Configuring a VTP Version 3 Primary Server 2097 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) lxxiii...
Page 74 Creating or Modifying an Ethernet VLAN 2117 Deleting a VLAN 2119 Assigning Static-Access Ports to a VLAN 2121 How to Configure Extended-Range VLANs 2122 Creating an Extended-Range VLAN 2122 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) lxxiv...
Page 75 Configuring Load Sharing Using STP Path Cost 2145 Configuration Examples for VLAN Trunking 2148 Example: Configuring a Trunk Port 2148 Example: Removing a VLAN from a Port 2149 Where to Go Next 2149 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) lxxv...
Page 76 Information About Voice VLAN 2168 Voice VLANs 2168 Cisco IP Phone Voice Traffic 2168 Cisco IP Phone Data Traffic 2169 Voice VLAN Configuration Guidelines 2169 Default Voice VLAN Configuration 2170 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) lxxvi...
Page 77 A P P E N D I X A Disclaimer 2179 Statement 361—VoIP and Emergency Calling Services do not Function if Power Fails 2179 Statement 1071—Warning Definition 2181 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) lxxvii...
Page 78 Contents Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) lxxviii...
Page 79: Document Conventions
An ellipsis (three consecutive nonbolded periods without spaces) after a syntax element indicates that the element can be repeated. A vertical line, called a pipe, indicates a choice within a set of keywords or arguments. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) lxxix...
Page 80 Means reader be careful. In this situation, you might do something that could result in equipment damage Caution or loss of data. Means the described action saves time. You can save time by performing the action described in the Timesaver paragraph. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) lxxx...
Page 81: Related Documentation
Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html...
Page 82 Preface Obtaining Documentation and Submitting a Service Request Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches) lxxxii...
Page 83: Information About Using The Command-Line Interface
Command Modes The Cisco IOS user interface is divided into many different modes. The commands available to you depend on which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a list of commands available for each command mode.
Page 84: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Interface While in global Use this mode to Switch(config-if)# configuration configuration configure parameters mode, enter the for the Ethernet interface command ports. (with a specific interface). Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 85: Understanding Abbreviated Commands
However, some commands are enabled by default and have variables set to certain default values. In these cases, the default command enables the command and sets variables to their default values. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 86: Cli Error Messages
You can enter a question mark (?) at the system prompt to display a list of commands available for each command mode. You can also obtain a list of associated keywords and arguments for any command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 87: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 6 command keyword ? Lists the associated arguments for a keyword. Example: Switch(config)# cdp holdtime ? <10-255> Length of time (in sec) that receiver must keep this packet Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 88: How To Use The Cli To Configure Features
The arrow keys function only on ANSI-compatible terminals such as VT100s. SUMMARY STEPS 1. Ctrl-P or use the up arrow key 2. Ctrl-N or use the down arrow key 3. show history Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 89: Disabling The Command History Feature
Switch# terminal no history Enabling and Disabling Editing Features Although enhanced editing mode is automatically enabled, you can disable it and reenable it. SUMMARY STEPS 1. terminal editing 2. terminal no editing Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 90: Editing Commands Through Keystrokes
Transposes the character to the left of the cursor with the character located at the cursor. Delete or Backspace key Erases the character to the left of the cursor. Ctrl-D Deletes the character at the cursor. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 91: Editing Command Lines That Wrap
The arrow keys function only on ANSI-compatible terminals such as VT100s. Note The following example shows how to wrap a command line that extends beyond a single line on the screen. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 92: Searching And Filtering Output Of Show And More Commands
Using these commands is optional. SUMMARY STEPS 1. {show | more} command | {begin | include | exclude} regular-expression Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 93: Accessing The Cli On A Switch Stack
Before you can access the CLI, you must connect a terminal or a PC to the switch console or connect a PC to the Ethernet management port and then power on the switch, as described in the hardware installation guide that shipped with your switch. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 94: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
After you connect through the console port, through the Ethernet management port, through a Telnet session or through an SSH session, the user EXEC prompt appears on the management station. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 95 P A R T Interface and Hardware • Configuring Interface Characteristics, page 15 • Configuring Auto-MDIX, page 45 • Configuring Ethernet Management Port, page 51 • Configuring LLDP, LLDP-MED, and Wired Location Service, page 57 • Configuring System MTU, page 77 •...
Page 97: Finding Feature Information
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 98: Port-Based Vlans
VLAN, and forwarding to and from the port is enabled only when the VLAN membership of the port is discovered. Dynamic access ports on the switch are assigned to a Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 99: Trunk Ports
VMPS server. You can also configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone.
Page 100: Etherchannel Port Groups
A PoE-capable switch port automatically supplies power to one of these connected devices if the switch senses that there is no power on the circuit: • a Cisco pre-standard powered device (such as a Cisco IP Phone or a Cisco Aironet Access Point) • an IEEE 802.3af-compliant powered device A powered device can receive redundant power when it is connected to a PoE switch port and to an AC power source.
Page 101: Usb Mini-Type B Console Port
The USB Type A ports provide access to external USB flash devices, also known as thumb drives or USB keys. The switch supports Cisco 64 MB, 256 MB, 512 MB, 1 GB, 4 GB, and 8 GB flash drives. You can use standard Cisco IOS command- line interface (CLI) commands to read, write, erase, and copy to or from the flash device.
Page 102: Interface Connections
To configure a physical interface (port), specify the interface type, module number, and switch port number, and enter interface configuration mode. • Type—Gigabit Ethernet (gigabitethernet or gi) for 10/100/1000 Mb/s Ethernet ports, or small form-factor pluggable (SFP) module Gigabit Ethernet interfaces (gigabitethernet or gi). Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 103: Default Ethernet Interface Configuration
Native VLAN (for IEEE 802.1Q trunks) VLAN 1. 802.1p priority-tagged traffic Drop all packets tagged with VLAN 0. VLAN trunking Switchport mode dynamic auto (supports DTP). Port enable state All ports are enabled. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 104: Interface Speed And Duplex Mode
Switch models include Gigabit Ethernet (10/100/1000-Mb/s) ports and small form-factor pluggable (SFP) module slots supporting SFP modules. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 105: Speed And Duplex Configuration Guidelines
The switch ports can receive, but not send, pause frames. Note You use the flowcontrol interface configuration command to set the interface’s ability to receive pause frames to on, off, or desired. The default state is off. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 106: How To Configure Interface Characteristics
EXEC mode. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 107: Adding A Description For An Interface
Enters global configuration mode. Example: Switch# configure terminal Step 3 interface interface-id Specifies the interface for which you are adding a description, and enter interface configuration mode. Example: Switch(config)# interface gigabitethernet1/0/2 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 108: Configuring A Range Of Interfaces
3. interface range {port-range | macro macro_name} 4. end 5. show interfaces [interface-id] 6. copy running-config startup-config DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 109: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Verifies the configuration of the interfaces in the range. Example: Switch# show interfaces Step 6 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 110: Configuring And Using Interface Range Macros
Example: You can now use the normal configuration commands to apply the configuration to all interfaces in the defined macro. Switch(config)# interface range macro Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 111: Configuring Ethernet Interfaces
4. speed {10 | 100 | 1000 | 2500 | 5000 | 10000 | auto [10 | 100 | 1000 | 2500 | 5000 | 10000] | nonegotiate} 5. duplex {auto | full | half} 6. end 7. show interfaces interface-id 8. copy running-config startup-config 9. copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 112: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
100 Mb/s). You cannot configure half-duplex mode for interfaces operating at 1000 Mb/s. You can configure the duplex setting when the speed is set to auto. Step 6 Returns to privileged EXEC mode. Example: Switch(config-if)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 113: Configuring Ieee 802.3X Flow Control
3. flowcontrol {receive} {on | off | desired} 4. end 5. show interfaces interface-id 6. copy running-config startup-config DETAILED STEPS Command or Action Purpose Step 1 configure terminal Enters global configuration mode Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 114: Configuring Svi Autostate Exclude
Configuring SVI Autostate Exclude SUMMARY STEPS 1. enable 2. configure terminal 3. interface interface-id 4. switchport autostate exclude 5. end 6. show running config interface interface-id 7. copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 115: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(Optional) Shows the running configuration. Verifies the configuration. Step 7 (Optional) Saves your entries in the configuration file. copy running-config startup-config Example: Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 116: Shutting Down And Restarting The Interface
{vlan vlan-id} | { gigabitethernetinterface-id} | Selects the interface to be configured. {port-channel port-channel-number} Example: Switch(config)# interface gigabitethernet1/0/2 Step 4 shutdown Shuts down an interface. Example: Switch(config-if)# shutdown Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 117: Configuring The Console Media Type
4. media-type rj45 5. end 6. copy running-config startup-config DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 118: Configuring The Usb Inactivity Timeout
Note The configured inactivity timeout applies to all switches in a stack. However, a timeout on one switch does not cause a timeout on other switches in the stack. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 119: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
1 to 240 minutes. The default is to have no timeout configured. Example: Switch(config-line)# usb-inactivity-timeout 30 Step 5 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 120: Monitoring Interface Characteristics
Displays the hardware configuration, software version, the names and sources of configuration files, and the boot images. show controllers ethernet-controller interface-id Displays the operational state of the auto-MDIX feature on the interface. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 121: Clearing And Resetting Interfaces And Counters
Ethernet ports 1 to 3 and 10-Gigabit Ethernet ports 1 and 2 to receive flow-control pause frames: Switch# configure terminal Switch(config)# interface range gigabitethernet1/0/1 - 3 , tengigabitethernet1/0/1 - 2 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 122: Configuring And Using Interface Range Macros: Examples
Switch(config-if)# duplex half This example shows how to set the interface speed to 100 Mb/s on a 10/100/1000 Mb/s port: Switch# configure terminal Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# speed 100 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 123: Configuring The Console Media Type: Example
At this point, the only way to reactivate the USB console port is to disconnect and reconnect the cable. When the USB cable on the switch has been disconnected and reconnected, a log similar to this appears: *Mar 1 00:48:28.640: %USB_CONSOLE-6-MEDIA_USB: Console media-type is USB. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 124: Additional References For The Interface Characteristics Feature
Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 125: Feature History And Information For Configuring Interface Characteristics
Feature History and Information for Configuring Interface Characteristics Feature History and Information for Configuring Interface Characteristics Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 126: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Feature History and Information for Configuring Interface Characteristics Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 127: Prerequisites For Auto-Mdix
(SFP)-module interfaces. It is not supported on 1000BASE-SX or -LX SFP module interfaces. Restrictions for Auto-MDIX The switch might not support a pre-standard powered device—such as Cisco IP phones and access points that do not fully support IEEE 802.3af—if that powered device is connected to the switch through a crossover cable.
Page 128: How To Configure Auto-Mdix
5. duplex auto 6. end 7. copy running-config startup-config DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 129: Example For Configuring Auto-Mdix
Example for Configuring Auto-MDIX This example shows how to enable auto-MDIX on a port: Switch# configure terminal Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# speed auto Switch(config-if)# duplex auto Switch(config-if)# mdix auto Switch(config-if)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 130: Additional References
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Feature History and Information for Auto-MDIX Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 131: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Feature History and Information for Auto-MDIX Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 132: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Feature History and Information for Auto-MDIX Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 133: Finding Feature Information
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 134: Ethernet Management Port Direct Connection To A Switch
Supported Features on the Ethernet Management Port The Ethernet management port supports these features: • Express Setup (only in switch stacks) • Network Assistant • Telnet with passwords • TFTP Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 135: How To Configure The Ethernet Management Port
3. shutdown 4. no shutdown 5. exit 6. show interfaces fastethernet0 DETAILED STEPS Command or Action Purpose Step 1 Enters global configuration mode. configure terminal Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 136: Additional References
Switch Network Management Configuration Guide. Additional References Related Documents Related Topic Document Title Bootloader configuration Catalyst 2960-X Switch System Management Configuration Guide Bootloader commands Catalyst 2960-X Switch System Management Configuration Guide Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 137: Feature Information For Ethernet Management Ports
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Feature Information for Ethernet Management Ports Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 138: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Feature Information for Ethernet Management Ports Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 139: Finding Feature Information
LLDP, LLDP-MED, and Wired Location Service Overview LLDP The Cisco Discovery Protocol (CDP) is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, switches, and controllers). CDP allows network management applications to automatically discover and learn about other Cisco devices connected to the network.
Page 140: Lldp Supported Tlvs
A switch stack appears as a single switch in the network. Therefore, LLDP discovers the switch stack, not the individual stack members. LLDP and Cisco Medianet When you configure LLDP or CDP location information on a per-port basis, remote devices can send Cisco Medianet location information to the switch. For information, go to http://www.cisco.com/en/US/docs/ios/ netmgmt/configuration/guide/nm_cdp_discover.html.
Page 141: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(ELIN), which is a phone number that routes an emergency call to the local public safety answering point (PSAP) and which the PSAP can use to call back the emergency caller. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 142: Wired Location Service
The switch uses the location service feature to send location and attachment tracking information for its connected devices to a Cisco Mobility Services Engine (MSE). The tracked device can be a wireless endpoint, a wired endpoint, or a wired switch or controller. The switch notifies the MSE of device link up and link down events through the Network Mobility Services Protocol (NMSP) location and attachment notifications.
Page 143: Default Lldp Configuration
This way the interface has the voice or voice-signaling VLAN network-policy profile applied on the interface. • You cannot configure static secure MAC addresses on an interface that has a network-policy profile. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 144: How To Configure Lldp, Lldp-Med, And Wired Location Service
Enables LLDP globally on the switch. Example: Switch (config)# lldp run Step 4 interface interface-id Specifies the interface on which you are enabling LLDP, and enter interface configuration mode. Example: Switch (config)# interface gigabitethernet2/0/1 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 145: Configuring Lldp Characteristics
You can also select the LLDP and LLDP-MED TLVs to send and receive. Steps 2 through 5 are optional and can be performed in any order. Note Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 146: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(Optional) Sets the sending frequency of LLDP updates in seconds. Example: The range is 5 to 65534 seconds; the default is 30 seconds. Switch(config)# lldp timer 30 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 147: Configuring Lldp-Med Tlvs
It then sends LLDP packets with MED TLVs, as well. When the LLDP-MED entry has been aged out, it again only sends LLDP packets. By using the lldp interface configuration command, you can configure the interface not to send the TLVs listed in the following table. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 148: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Enters global configuration mode. Example: Switch# configure terminal Step 3 interface interface-id Specifies the interface on which you are enabling LLDP, and enter interface configuration mode. Example: Switch (config)# interface gigabitethernet2/0/1 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 149: Configuring Network-Policy Tlv
8. lldp med-tlv-select network-policy 9. end 10. show network-policy profile 11. copy running-config startup-config DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 150: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• untagged—(Optional) Configures the telephone to send untagged voice traffic. This is the default for the telephone. • untagged—(Optional) Configures the telephone to send untagged voice traffic. This is the default for the telephone. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 151: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Verifies the configuration. show network-policy profile Example: Switch# show network-policy profile Step 11 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 152: Configuring Location Tlv And Wired Location Service
{id | host} | geo-location information. identifier {id | host}} • civic-location—Specifies civic location information. Example: • elin-location—Specifies emergency location information (ELIN). Switch(config)# location civic-location identifier 1 • custom-location—Specifies custom location information. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 153: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• id—Specifies the ID for the civic, ELIN, custom, or geo location. The ID range is 1 to 4095. Step 6 Returns to privileged EXEC mode. Example: Switch(config-if)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 154: Enabling Wired Location Service On The Switch
For wired location to function, you must first enter the ip device tracking global configuration command. SUMMARY STEPS 1. enable 2. configure terminal 3. nmsp notification interval {attachment | location} interval-seconds 4. end 5. show network-policy profile 6. copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 155: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Verifies the configuration. Example: Switch# show network-policy profile Step 6 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 156: Configuration Examples For Lldp, Lldp-Med, And Wired Location Service
You can enter an asterisk (*) to display all neighbors, or you can enter the neighbor name. show lldp interface [interface-id] Displays information about interfaces with LLDP enabled. You can limit the display to a specific interface. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 157: Additional References For Lldp, Lldp-Med, And Wired Location Service
All supported MIBs for this release. To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 158: Feature Information For Lldp, Lldp-Med, And Wired Location Service
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Feature Information for LLDP, LLDP-MED, and Wired Location Service Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 159: Finding Feature Information
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 160: System Mtu Guidelines
(Optional) Change the MTU size for all interfaces on the switch stack that are operating at 10 or 100 Mb/s. Example: The range is 1500 to 1998 bytes; the default is 1500 bytes. Switch(config)# system mtu 2500 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 161: Configuration Examples For System Mtu
% Invalid input detected at '^' marker. This is an example of output from the show system mtu command: Switch# show system mtu Global Ethernet MTU is 1500 bytes. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 162: Additional References For System Mtu
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Feature Information for System MTU Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 163: Configuring Boot Fast
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 164: Configuring Boot Fast On The Switch
Example: Switch(config)# end Disabling Boot Fast To disable the boot fast feature, perform the following steps: SUMMARY STEPS 1. enable 2. configure terminal 3. no boot fast 4. end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 165: Configuring Boot Fast On The Switch
Example: Switch# configure terminal Step 3 no boot fast Disables the boot fast feature. Example: Switch(config)# no boot fast Step 4 Returns to privileged EXEC mode. Example: Switch(config)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 166: Configuring Boot Fast On The Switch
Configuring Boot Fast on the switch Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 167: Configuring Poe
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 168: Information About Poe
A PoE-capable switch port automatically supplies power to one of these connected devices if the switch senses that there is no power on the circuit: • a Cisco pre-standard powered device (such as a Cisco IP Phone or a Cisco Aironet Access Point) • an IEEE 802.3af-compliant powered device A powered device can receive redundant power when it is connected to a PoE switch port and to an AC power source.
Page 169: Information About Poe
After power is applied to the port, the switch uses CDP to determine the CDP-specific power consumption requirement of the connected Cisco powered devices, which is the amount of power to allocate based on the CDP messages. The switch adjusts the power budget accordingly. This does not apply to third-party PoE devices.
Page 170: Information About Poe
If you do not specify a wattage, the switch pre-allocates the maximum value. The switch powers the port only if it discovers a powered device. Use the static setting on a high-priority interface. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 171: Information About Poe
The switch also polices the power usage with the power policing feature. Power monitoring is backward-compatible with Cisco intelligent power management and CDP-based power consumption. It works with these features to ensure that the PoE port can supply power to the powered device.
Page 172: Information About Poe
PoE ports. Because the switch supports internal power supplies and the Cisco Redundant Power System 2300 (also referred to as the RPS 2300), the total amount of power available for the powered devices varies depending on the power supply configuration.
Page 173: How To Configure Poe
10 W, the switch removes power from the port and then redetects the powered device. The switch repowers the port only if the powered device is a class 1, class 2, or a Cisco-only powered device. SUMMARY STEPS 1.
Page 174: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
4000 to 30000 mW. If no value is specified, the maximum is allowed. • never —Disables device detection, and disable power to the port. If a port has a Cisco powered device connected to it, do not use the Note power inline never command to configure the port.
Page 175: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Specifies the physical port to be configured, and enters interface configuration mode. Example: Switch(config)# interface gigabitethernet2/0/1 Step 4 Configures POE High Availability. power inline port poe-ha Example: Switch(config-if)# power inline port poe-ha Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 176: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Budgeting Power for Devices Connected to a PoE Port When Cisco powered devices are connected to PoE ports, the switch uses Cisco Discovery Protocol (CDP) to determine the CDP-specific power consumption of the devices, and the switch adjusts the power budget accordingly.
Page 177: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 5 Returns to privileged EXEC mode. Example: Switch(config)# end Step 6 show power inline consumption default Displays the power consumption status. Example: Switch# show power inline consumption default Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 178: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Example: Switch> enable Step 2 Enters global configuration mode. configure terminal Example: Switch# configure terminal Step 3 (Optional) Disables CDP. no cdp run Example: Switch(config)# no cdp run Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 179: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Configuring Power Policing By default, the switch monitors the real-time power consumption of connected powered devices. You can configure the switch to police the power usage. By default, policing is disabled. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 180: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Example: Switch(config-if)# power inline police • power inline police—Shuts down the PoE port, turns off power to it, and puts it in the error-disabled state. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 181: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch(config)# exit Step 8 Use one of the following: Displays the power monitoring status, and verify the error recovery settings. • show power inline police • show errdisable recovery Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 182: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Budgeting Power: Example When you enter one of the following commands, • [no] power inline consumption default wattage global configuration command • [no] power inline consumption wattage interface configuration command Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 183: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 184: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Additional References Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 185: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 186: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Configures 2-event classification on the switch. Example: Switch(config-if)# power inline port 2-event Step 5 Returns to privileged EXEC mode. Example: Switch(config-if)# end Related Topics Example: Configuring 2-Event Classification, on page 105 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 187: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This example shows how you can configure 2-event classification. Switch> enable Switch# configure terminal interface gigabitethernet2/0/1 Switch(config)# Switch(config-if)# power inline port 2-event Switch(config-if)# end Related Topics Configuring 2-event Classification, on page 103 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 188: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Example: Configuring 2-Event Classification Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 189: Configuring Eee
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 190: Default Eee Configuration
4. no power efficient-ethernet auto 5. end 6. copy running-config startup-config DETAILED STEPS Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 191: Monitoring Eee
Table 12: Commands for Displaying EEE Settings Command Purpose show eee capabilities interface interface-id Displays EEE capabilities for the specified interface. show eee status interface interface-id Displays EEE status information for the specified interface. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 192: Configuration Examples For Configuring Eee
All supported MIBs for this release. To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 193: Feature History And Information For Configuring Eee
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Feature History and Information for Configuring EEE Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 194: Feature History And Information For Configuring Eee
Feature History and Information for Configuring EEE Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 195: Ip Multicast Routing
P A R T IP Multicast Routing • Configuring IGMP Snooping and Multicast VLAN Registration, page 115...
Page 197: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 198: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This feature is not supported when the query includes IGMPv3 reports. • The IGMP configurable leave time is only supported on hosts running IGMP Version 2. IGMP version 2 is the default version for the switch. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 199: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
MVR is cancelled, and you receive an error message • MVR data received on an MVR receiver port is not forwarded to MVR source ports. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 200: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Related Topics Configuring the IGMP Snooping Querier , on page 142 Prerequisites for IGMP Snooping, on page 115 Example: Setting the IGMP Snooping Querier Source Address, on page 162 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 201: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Router A sends a general query to the switch, which forwards the query to ports 2 through 5, all of which are members of the same VLAN. Host 1 wants to join multicast group 224.1.2.3 and multicasts an IGMP Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 202: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Table 14: Updated IGMP Snooping Forwarding Table Destination Address Type of Packet Ports 224.1.2.3 IGMP 1, 2, 5 Related Topics Configuring a Host Statically to Join a Group , on page 133 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 203: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
The IGMP leave response time can be configured from 100 to 32767 milliseconds. Related Topics Configuring the IGMP Leave Timer , on page 137 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 204: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Table 15: Default IGMP Snooping Configuration Feature Default Setting IGMP snooping Enabled globally and per VLAN Multicast routers None configured IGMP snooping Immediate Leave Disabled Static groups None configured flood query count Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 205: Multicast Vlan Registration
This forwarding behavior selectively allows traffic to cross between different VLANs. Modes of Operation You can set the switch for compatible or dynamic mode of MVR operation: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 206: Mvr And Switch Stacks
In a multicast television application, a PC or a television with a set-top box can receive the multicast stream. Multiple set-top boxes or PCs can be connected to one subscriber port, which is a switch port configured as an MVR receiver port. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 207: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Without Immediate Leave, when the switch receives an IGMP leave message from a subscriber on a receiver port, it sends out an IGMP query on that port and waits for IGMP group membership reports. If no reports Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 208: Default Mvr Configuration
IGMP join report requesting the stream of IP multicast traffic is dropped, and the port is not allowed to receive IP multicast traffic from that group. If the filtering Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 209: Default Igmp Filtering And Throttling Configuration
When the maximum number of groups is in the forwarding table, the default IGMP throttling action is to deny the IGMP report. IGMP profiles None defined. IGMP profile action Deny the range addresses. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 210: How To Configure Igmp Snooping And Mvr
To globally disable IGMP snooping on all VLAN Note interfaces, use the no ip igmp snooping global Switch(config)# ip igmp snooping configuration command. Step 4 Returns to privileged EXEC mode. Example: Switch(config)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 211: Enabling Or Disabling Igmp Snooping On A Vlan Interface
Enables IGMP snooping on the VLAN interface. The VLAN ID range is 1 to 1001 and 1006 to 4094. Example: IGMP snooping must be globally enabled before you can enable VLAN snooping. Switch(config)# ip igmp snooping vlan 7 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 212: Setting The Snooping Method
• Snooping on IGMP queries, Protocol-Independent Multicast (PIM) packets, and Distance Vector Multicast Routing Protocol (DVMRP) packets. • Listening to Cisco Group Management Protocol (CGMP) packets from other routers. • Statically connecting to a multicast router port using the ip igmp snooping mrouter global configuration command.
Page 213: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 4 Returns to privileged EXEC mode. Example: Switch(config)# end Step 5 show ip igmp snooping Verifies the configuration. Example: Switch# show ip igmp snooping Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 214: Configuring A Multicast Router Port
Enters the global configuration mode. Example: Switch# configure terminal Step 3 ip igmp snooping vlan vlan-id mrouter interface Specifies the multicast router VLAN ID and the interface to the interface-id multicast router. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 215: Configuring A Host Statically To Join A Group
Hosts or Layer 2 ports normally join multicast groups dynamically, but you can also statically configure a host on an interface. Follow these steps to add a Layer 2 port as a member of a multicast group: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 216: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
To remove the Layer 2 port from the multicast group, Note use the no ip igmp snooping vlan vlan-id static mac-address interface interface-id global configuration command. Step 4 Returns to privileged EXEC mode. Example: Switch(config)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 217: Enabling Igmp Immediate Leave
Immediate Leave is supported only on IGMP Version 2 hosts. IGMP Version 2 is the default version for Note the switch. SUMMARY STEPS 1. enable 2. configure terminal 3. ip igmp snooping vlan vlan-id immediate-leave 4. end 5. show ip igmp snooping vlan vlan-id 6. end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 218: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch# show ip igmp snooping vlan 21 Step 6 Returns to privileged EXEC mode. Example: Switch(config)# end Related Topics Immediate Leave , on page 121 Example: Enabling IGMP Immediate Leave, on page 162 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 219: Configuring The Igmp Leave Timer
To remove the configured IGMP leave-time setting from Note Switch(config)# ip igmp snooping vlan 210 the specified VLAN, use the no ip igmp snooping vlan last-member-query-interval 1000 vlan-id last-member-query-interval global configuration command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 220: Configuring Tcn-Related Commands
Follow these steps to configure the TCN flood query count: SUMMARY STEPS 1. enable 2. configure terminal 3. ip igmp snooping tcn flood query count count 4. end 5. show ip igmp snooping 6. copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 221: Recovering From Flood Mode
0.0.0.0. However, you can enable the switch to send the global leave message whether it is the spanning-tree root or not. When the router receives this special leave, it Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 222: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 4 Returns to privileged EXEC mode. Example: Switch(config)# end Step 5 show ip igmp snooping Verifies the TCN settings. Example: Switch# show ip igmp snooping Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 223: Disabling Multicast Flooding During A Tcn Event
Enters the global configuration mode. Example: Switch# configure terminal Step 3 interface interface-id Specifies the interface to be configured, and enters interface configuration mode. Example: Switch(config)# interface gigabitethernet Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 224: Configuring The Igmp Snooping Querier
(Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Configuring the IGMP Snooping Querier Follow these steps to enable the IGMP snooping querier feature in a VLAN: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 225: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
The IGMP snooping querier does not generate an Note Switch(config)# ip igmp snooping querier IGMP general query if it cannot find an IP address address 172.16.24.1 on the switch. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 226: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
1006 to 4094. Example: Switch# show ip igmp snooping vlan 30 Step 11 (Optional) Saves your entries in the configuration file. copy running-config startup-config Example: Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 227: Disabling Igmp Report Suppression
When IGMP report supression is enabled, the switch forwards only Switch(config)# no ip igmp snooping report-suppression one IGMP report per multicast router query. To re-enable IGMP report suppression, use the ip igmp Note snooping report-suppression global configuration command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 228: Configuring Mvr Global Parameters
(except for the MVR VLAN), you must first enable MVR. For complete syntax and usage information for the commands used in this section, see the command Note reference for this release. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 229: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
To return the switch to its default settings, use the no mvr [mode Note | group ip-address | querytime | vlan] global configuration commands. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 230: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• show mvr members Example: Switch# show mvr Switch# show mvr members Step 10 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy running-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 231: Configuring Mvr Interfaces
Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Step 2 configure terminal Enters the global configuration mode. Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 232: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(Optional) Enables the Immediate-Leave feature of MVR on the port. Note This command applies to only receiver ports and should only Example: be enabled on receiver ports to which a single receiver device is connected. Switch(config-if)# mvr immediate Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 233: Configuring Igmp Profiles
(Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Configuring IGMP Profiles Follow these steps to create an IGMP profile: This task is optional. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 234: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
IP address or a range with a start and an end address. The default is for the switch to have no IGMP profiles configured. To delete a profile, use the no ip igmp profile profile number Note global configuration command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 235: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(Optional) Saves your entries in the configuration file. copy running-config startup-config Example: Switch# copy running-config startup-config Related Topics IGMP Filtering and Throttling, on page 126 Restrictions for IGMP Snooping, on page 116 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 236: Applying Igmp Profiles
1 to 4294967295. Example: Note To remove a profile from an interface, use the no ip igmp filter profile number interface configuration Switch(config-if)# ip igmp filter 321 command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 237: Setting The Maximum Number Of Igmp Groups
EtherChannel port group. SUMMARY STEPS 1. enable 2. configure terminal 3. interface interface-id 4. ip igmp max-groups number 5. end 6. show running-config interface interface-id 7. copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 238: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Verifies your entries. Example: Switch# show running-config interface gigabitethernet1/0/1 Step 7 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 239: Configuring The Igmp Throttling Action
{deny | When an interface receives an IGMP report and the maximum number of entries is in the forwarding table, specifies the action that the interface takes: replace} Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 240: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Related Topics IGMP Filtering and Throttling, on page 126 Restrictions for IGMP Snooping, on page 116 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 241: Monitoring Igmp Snooping And Mvr
• dynamic—Displays entries learned through IGMP snooping. • ip_address—Displays characteristics of the multicast group with the specified group IP address. • user—Displays only the user-configured multicast entries. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 242: Monitoring Mvr
VLAN identification is entered, all multicast group members on the VLAN. The VLAN ID range is 1 to 1001 and 1006 to 4094. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 243: Monitoring Igmp Filtering And Throttling Configuration
This example shows how to enable a static connection to a multicast router: Switch configure terminal Switch ip igmp snooping vlan 200 mrouter interface gigabitethernet1/0/2 Switch end Related Topics Configuring a Multicast Router Port , on page 132 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 244: Example: Configuring A Host Statically To Join A Group
This example shows how to set the IGMP snooping querier maximum response time to 25 seconds: Switch# configure terminal Switch(config)# ip igmp snooping querier query-interval 25 Switch(config)# end Related Topics Configuring the IGMP Snooping Querier , on page 142 IGMP Snooping, on page 118 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 245: Example: Setting The Igmp Snooping Querier Timeout
Example: Setting the Maximum Number of IGMP Groups This example shows how to limit to 25 the number of IGMP groups that a port can join: Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# ip igmp max-groups 25 Switch(config-if)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 246: Example: Configuring Mvr Global Parameters
Cisco IOS commands Cisco IOS Master Commands List, All Releases Standards and RFCs Standard/RFC Title RFC 1112 Host Extensions for IP Multicasting RFC 2236 Internet Group Management Protocol, Version 2 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 247: Feature History And Information For Igmp Snooping
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Feature History and Information for IGMP Snooping Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 248: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Feature History and Information for IGMP Snooping Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 249 P A R T IPv6 • Configuring MLD Snooping, page 169 • Configuring IPv6 Unicast Routing, page 185 • Configuring IPv6 ACL, page 199...
Page 251: Finding Feature Information
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 252: Understanding Mld Snooping
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release or the Cisco IOS documentation referenced in the procedures. Understanding MLD Snooping In IP Version 4 (IPv4), Layer 2 switches can use Internet Group Management Protocol (IGMP) snooping to limit the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast devices.
Page 253: Mld Queries
5 minutes. • IPv6 multicast router discovery only takes place when MLD snooping is enabled on the switch. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 254: Mld Reports
MLDv1 snooping sets the VLAN to flood all IPv6 multicast traffic with a configured number of MLDv1 queries before it begins sending multicast data only to selected ports. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 255: Mld Snooping In Switch Stacks
Global: 1000 (1 second); VLAN: 0. The VLAN value overrides the global setting. When Note the VLAN value is 0, the VLAN uses the global interval. TCN query solicit Disabled. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 256: Mld Snooping Configuration Guidelines
Beginning in privileged EXEC mode, follow these steps to globally enable MLD snooping on the switch: DETAILED STEPS Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 257: Enabling Or Disabling Mld Snooping On A Vlan (Cli)
Purpose Step 1 configure terminal Enters global configuration mode. Example: Switch# configure terminal Step 2 Enables MLD snooping on the switch. ipv6 mld snooping Example: Switch(config)# ipv6 mld snooping Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 258: Configuring A Static Multicast Group (Cli)
The address must be in the form specified in RFC 2373. • interface-id is the member port. It can be a physical interface or a port channel (1 to 48). Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 259: Configuring A Multicast Router Port (Cli)
Example: • The interface can be a physical interface or a port Switch(config)# ipv6 mld snooping vlan 1 mrouter interface gigabitethernet channel. The port-channel range is 1 to 48. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 260: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Example: Switch(config)# end Step 4 show ipv6 mld snooping vlan vlan-id Verifies that Immediate Leave is enabled on the VLAN interface. Example: Switch# show ipv6 mld snooping vlan 1 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 261: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 7 ipv6 mld snooping vlan vlan-id (Optional) Sets the last-listener query interval on a VLAN basis. last-listener-query-interval interval This value overrides the value configured globally. The range is 0 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 262: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Beginning in privileged EXEC mode, follow these steps to disable MLD listener message suppression: DETAILED STEPS Command or Action Purpose Step 1 configure terminal Enter global configuration mode. Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 263: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
These are dynamically learned interfaces. (Optional) Enters vlan vlan-id to display information for a single VLAN. The VLAN ID range is 1 to 1001 and 1006 to 4094. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 264: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Configuring a Multicast Router Port: Example This example shows how to add a multicast router port to VLAN 200: Switch# configure terminal Switch(config)# ipv6 mld snooping vlan 200 mrouter interface gigabitethernet Switch(config)# exit Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 265: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This example shows how to set the MLD snooping last-listener query interval (maximum response time) to 2000 (2 seconds): Switch# configure terminal Switch(config)# ipv6 mld snooping last-listener-query-interval 2000 Switch(config)# exit Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 266: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Configuration Examples for Configuring MLD Snooping Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 267: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This template is not required on Catalyst 2960-S switches. Note For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS documentation referenced in the procedures. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 268: Understanding Ipv6
• See the Cisco IOS IPv6 Configuration Library. • Use the Search field on Cisco.com to locate the Cisco IOS software documentation. For example, if you want information about static routes, you can enter Implementing Static Routes for IPv6 in the search field to learn about static routes.
Page 269: Bit Wide Unicast Addresses
For more information, see the section about IPv6 unicast addresses in the “Implementing IPv6 Addressing and Basic Connectivity” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com. DNS for IPv6 IPv6 supports Domain Name System (DNS) record types in the DNS name-to-address and address-to-name lookup processes.
Page 270: Ipv6 Applications
• HTTP server access over IPv6 transport • DNS resolver for AAAA over IPv4 transport • Cisco Discovery Protocol (CDP) support for IPv6 addresses For more information about managing these applications, see the Cisco IOS IPv6 Configuration Library on Cisco.com. Dual IPv4 and IPv6 Protocol Stacks On a Catalyst 2960-X switch, you must use the dual IPv4 and IPv6 template to allocate ternary content addressable memory (TCAM) usage to both IPv4 and IPv6 protocols.
Page 271: Snmp And Syslog Over Ipv6
Basic network connectivity (ping) must exist between the client and the server hosts before HTTP connections can be made. For more information, see the “Managing Cisco IOS Applications over IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Page 272: Default Ipv6 Configuration
For more information about configuring IPv6 routing, see the “Implementing Addressing and Basic Connectivity for IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com. Beginning in privileged EXEC mode, follow these steps to assign an IPv6 address to a Layer 3 interface and enable IPv6 forwarding: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 273: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• Manually configures an IPv6 address on the interface. • ipv6 enable • Specifies a link-local address on the interface to be used instead of the link-local address that is automatically Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 274: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(maximum number of tokens to be stored in a bucket) of 10. Beginning in privileged EXEC mode, follow these steps to change the ICMP rate-limiting parameters: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 275: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
IPv6 on at least one Layer 3 interface by configuring an IPv6 address on the interface. For more information about configuring static IPv6 routing, see the “Implementing Static Routes for IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 276: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Verifies your entries by displaying the contents of the IPv6 routing table. • show ipv6 static [ ipv6-address | • interface interface-id—(Optional) Displays only those static routes with ipv6-prefix/prefix length ] the specified interface as an egress interface. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 277: Displaying Ipv6
(Optional) Saves your entries in the configuration file. copy running-config startup-config Example: Switch# copy running-config startup-config Displaying IPv6 For complete syntax and usage information on these commands, see the Cisco IOS command reference publications. Table 24: Command for Monitoring IPv6 Command Purpose show ipv6 access-list Displays a summary of access lists.
Page 278: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Configuring IPv6 ICMP Rate Limiting: Example This example shows how to configure an IPv6 ICMP error message interval of 50 milliseconds and a bucket size of 20 tokens. Switch(config)#ipv6 icmp error-interval 50 20 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 279: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds <output truncated> Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 280: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Configuration Examples for IPv6 Unicast Routing Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 281: Configuring Ipv6 Acl
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 282: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
With IPv4, you can configure standard and extended numbered IP ACLs, named IP ACLs, and MAC ACLs. IPv6 supports only named ACLs. The switch supports most Cisco IOS-supported IPv6 ACLs with some exceptions: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 283: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 3 Apply the IPv6 ACL to an interface. For router ACLs, you must also configure an IPv6 address on the Layer 3 interface to which the ACL is applied. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 284: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Step 2 Enters the global configuration mode. configure terminal Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 285: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Traffic Class field of each IPv6 packet header. The acceptable range is from 0 to 63. • (Optional) Enter fragments to check noninitial fragments. This keyword is visible only if the protocol is ipv6. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 286: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
[operator [port-number]]{destination-ipv6-prefix/prefix-length valid for UDP. | any | hostdestination-ipv6-address} [operator [port-number]][dscp value] [log][log-input] [neq {port |protocol}] [range {port |protocol}] [routing][sequence value][time-range name] Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 287: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 10 show running-config Verifies your entries. Example: Switch# show running-config Step 11 (Optional) Saves your entries in the configuration file. copy running-config startup-config Example: Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 288: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Displaying IPv6 ACLs You can display information about all configured access lists, all IPv6 access lists, or a specific access list by using one or more of the privileged EXEC commands. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 289: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Example: Creating IPv6 ACL This example configures the IPv6 access list named CISCO. The first deny entry in the list denies all packets that have a destination TCP port number greater than 5000. The second deny entry denies packets that have a source UDP port number less than 5000.
Page 290: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(15 matches) sequence 20 permit udp any any sequence 30 IPv6 access list outbound deny udp any any sequence 10 deny tcp any any eq telnet sequence 20 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 291 P A R T Layer 2 • Configuring Spanning Tree Protocol, page 211 • Configuring Multiple Spanning-Tree Protocol, page 241 • Configuring Optional Spanning-Tree Features, page 287 • Configuring EtherChannels, page 323 • Configuring Link-State Tracking, page 365 • Configuring Flex Links and the MAC Address-Table Move Update Feature, page 373 •...
Page 293: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 294: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
By default, the switch sends keepalive messages (to ensure the connection is up) only on interfaces that Note do not have small form-factor pluggable (SFP) modules. You can change the default for an interface by entering the [no] keepalive interface configuration command with no keywords. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 295: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• A designated switch for each LAN segment is selected. The designated switch incurs the lowest path cost when forwarding packets from that LAN to the root switch. The port through which the designated switch is attached to the LAN is called the designated port. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 296: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
ID. The 2 bytes previously used for the switch priority are reallocated into a 4-bit priority value and a 12-bit extended system ID value equal to the VLAN ID. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 297: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
For details, see Related Topics. Related Topics Configuring Port Priority , on page 230 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 298: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• From blocking to listening or to disabled • From listening to learning or to disabled • From learning to forwarding or to disabled • From forwarding to disabled Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 299: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
An interface in the blocking state performs these functions: • Discards frames received on the interface • Discards frames switched from another interface for forwarding • Does not learn addresses • Receives BPDUs Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 300: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
A disabled interface performs these functions: • Discards frames received on the interface • Discards frames switched from another interface for forwarding • Does not learn addresses • Does not receive BPDUs Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 301: How A Switch Or Port Becomes The Root Switch Or Root Port
Spanning tree automatically disables one interface but enables it if the other one fails. If one link is high-speed and the other is low-speed, the low-speed link is always disabled. If the speeds Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 302: Spanning-Tree Address Management
Dynamic addresses on other VLANs can be unaffected and remain subject to the aging interval entered for the switch. Related Topics Configuring the Root Switch , on page 227 Restrictions for STP, on page 211 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 303: Spanning-Tree Modes And Protocols
The switch supports these spanning-tree modes and protocols: • PVST+—This spanning-tree mode is based on the IEEE 802.1D standard and Cisco proprietary extensions. The PVST+ runs on each VLAN on the switch up to the maximum supported, ensuring that each has a loop-free path through the network.
Page 304: Spanning-Tree Interoperability And Backward Compatibility
VLAN allowed on the trunks. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch uses PVST+ to provide spanning-tree interoperability. If Rapid PVST+ is enabled, the switch uses it instead of PVST+.
Page 305: Spanning Tree And Switch Stacks
Default Setting Enable state Enabled on VLAN 1. Spanning-tree mode Rapid PVST+ ( PVST+ and MSTP are disabled.) Switch priority 32768 Spanning-tree port priority (configurable on a per-interface basis) Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 306: How To Configure Spanning-Tree Features
(MSTP). By default, the switch runs the Rapid PVST+ protocol. If you want to enable a mode that is different from the default mode, this procedure is required. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 307: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch(config-if)# spanning-tree port to the forwarding state. link-type point-to-point Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 308: Disabling Spanning Tree
2. configure terminal 3. no spanning-tree vlan vlan-id 4. end DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 309: Configuring The Root Switch
You can use the hello keyword to override the automatically calculated hello time. This procedure is optional. SUMMARY STEPS 1. enable 2. configure terminal 3. spanning-tree vlan vlan-id root primary [diameter net-diameter 4. end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 310: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Bridge ID, Device Priority, and Extended System ID, on page 214 Spanning-Tree Topology and BPDUs, on page 213 Accelerated Aging to Retain Connectivity, on page 220 Restrictions for STP, on page 211 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 311: Configuring A Secondary Root Device
The range is 2 to 7. Use the same network diameter value that you used when configuring the primary root switch. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 312: Configuring Port Priority
Purpose Step 1 Enables privileged EXEC mode. Enter your password if prompted. enable Example: Switch> enable Step 2 configure terminal Enters the global configuration mode. Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 313: Configuring Path Cost
Port Priority Versus Path Cost, on page 215 How a Switch or Port Becomes the Root Switch or Root Port, on page 219 Configuring Path Cost This procedure is optional. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 314: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
VLANs separated by a comma. The range is 1 to 4094. • For cost, the range is 1 to 200000000; the default value is derived from the media speed of the interface. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 315: Configuring The Device Priority Of A Vlan
3. spanning-tree vlan vlan-id priority priority 4. end DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 316: Configuring The Hello Time
SUMMARY STEPS 1. enable 2. spanning-tree vlan vlan-id hello-time seconds 3. end DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 317: Configuring The Forwarding-Delay Time For A Vlan
3. spanning-tree vlan vlan-id forward-time seconds 4. end DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 318: Configuring The Maximum-Aging Time For A Vlan
3. spanning-tree vlan vlan-id max-age seconds 4. end DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 319: Configuring The Transmit Hold-Count
Rapid PVST+ mode. Lowering this value can slow down convergence in certain scenarios. We recommend that you maintain the default setting. This procedure is optional. SUMMARY STEPS 1. enable 2. configure terminal 3. spanning-tree transmit hold-count value 4. end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 320: Monitoring Spanning-Tree Status
Displays spanning-tree portfast information for the specified interface. interface-id portfast show spanning-tree summary [totals] Displays a summary of interface states or displays the total lines of the STP state section. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 321: Feature Information For Stp
Feature Information for STP To clear spanning-tree counters, use the clear spanning-tree [interface interface-id] privileged EXEC command. Feature Information for STP Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 322: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Feature Information for STP Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 323: Finding Feature Information
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 324: Restrictions For Mstp
MSTP Rapid PVST+ PVST+ Yes (with restrictions) Yes (reverts to PVST+) MSTP Yes (with restrictions) Yes (reverts to PVST+) Rapid PVST+ Yes (reverts to PVST+) Yes (reverts to PVST+) Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 325: Information About Mstp
Both MSTP and RSTP improve the spanning-tree operation and maintain backward compatibility with equipment that is based on the (original) IEEE 802.1D spanning tree, with existing Cisco-proprietary Multiple Instance STP (MISTP), and with existing Cisco PVST+ and rapid per-VLAN spanning-tree plus (Rapid PVST+).
Page 326: Root Switch
(that is, the maximum number of switch hops between any two end stations in the Layer 2 network). When you specify the network diameter, the switch automatically sets an optimal hello time, forward-delay Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 327: Multiple Spanning-Tree Regions
M-records, which are encapsulated within MSTP BPDUs. Because the MSTP BPDU carries information for all instances, the number of BPDUs that need to be processed to support multiple spanning-tree instances is significantly reduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 328: Operations Within An Mst Region
BPDU transmission (for example, hello time, forward time, max-age, and max-hops) are configured only on the CST instance but affect all MST instances. Parameters Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 329: Ieee 802.1S Terminology
Illustration of MST Regions, on page 248 IEEE 802.1s Terminology Some MST naming conventions used in Cisco’s prestandard implementation have been changed to identify some internal or regional parameters. These parameters are significant only within an MST region, as opposed to external parameters that are relevant to the whole network.
Page 330: Illustration Of Mst Regions
(triggers a reconfiguration). The root switch of the instance always sends a BPDU (or M-record) with a cost of 0 and the hop count set to the maximum value. When a Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 331: Boundary Ports
The primary change from the Cisco prestandard implementation is that a designated port is not defined as boundary, unless it is running in an STP-compatible mode.
Page 332: Port Role Naming Change
Port Role Naming Change The boundary role is no longer in the final MST standard, but this boundary concept is maintained in Cisco’s implementation. However, an MST instance port at a boundary of the region might not follow the state of the corresponding CIST port.
Page 333: Detecting Unidirectional Link Failure
Detecting Unidirectional Link Failure This feature is not yet present in the IEEE MST standard, but it is included in this Cisco IOS release. The software checks the consistency of the port role and state in the received BPDUs to detect unidirectional link failures that could cause bridging loops.
Page 334: Interoperability With Ieee 802.1D Stp
A backup port can exist only when two ports are connected in a loopback by a point-to-point link or when a switch has two or more connections to a shared LAN segment. • Disabled port—Has no role within the operation of the spanning tree. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 335: Rapid Convergence
Disabled Disabled Discarding To be consistent with Cisco STP implementations, this guide defines the port state as blocking instead of discarding. Designated ports start in the listening state. Rapid Convergence The RSTP provides for rapid recovery of connectivity following the failure of a switch, a switch port, or a LAN.
Page 336: Synchronization Of Port Roles
An individual port on the switch is synchronized if • That port is in the blocking state. • It is an edge port (a port configured to be at the edge of the network). Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 337: Bridge Protocol Data Unit Format And Processing
2. A new 1-byte Version 1 Length field is set to zero, which means that no version 1 protocol information is present. Table 32: RSTP BPDU Flags Function Topology change (TC) Proposal Port role: 2–3: Unknown Alternate port Root port Designated port Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 338: Processing Superior Bpdu Information
When an RSTP switch detects a topology change, it deletes the learned information on all of its nonedge ports except on those from which it received the TC notification. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 339: Protocol Migration Process
Related Topics Restarting the Protocol Migration Process , on page 278 Default MSTP Configuration Table 33: Default MSTP Configuration Feature Default Setting Spanning-tree mode MSTP Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 340: About Mst-To-Pvst+ Interoperability (Pvst+ Simulation)
• Configure the root for all VLANs inside the MST region as shown in this example: Switch# show spanning-tree mst interface gigabitethernet 1/1 GigabitEthernet1/1 of MST00 is root forwarding Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 341: About Detecting Unidirectional Link Failure
VLAN is mapped. The topology change stays local to the first MST region, and the Cisco Access Manager (CAM) entries in the other region are not flushed. To make the topology change visible throughout other MST regions, you can map that VLAN to IST or connect the PVST+ switch to the two regions through access links.
Page 342: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
1 and sends inferior designated information on segment 1. Both r1 and a1 can detect this inconsistency. However, with the current dispute mechanism, only r1 will revert to discarding while the root port a1 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 343: How To Configure Mstp Features
2. configure terminal 3. spanning-tree mst configuration 4. instance instance-id vlan vlan-range 5. name name 6. revision version 7. show pending 8. exit 9. spanning-tree mode mst 10. end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 344: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Specifies the configuration revision number. The range is 0 to 65535. Example: Switch(config-mst)# revision 1 Step 7 show pending Verifies your configuration by displaying the pending configuration. Example: Switch(config-mst)# show pending Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 345: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Configuring the Forwarding-Delay Time , on page 272 Configuring the Maximum-Aging Time , on page 273 Configuring the Maximum-Hop Count , on page 274 Specifying the Link Type to Ensure Rapid Transitions , on page 275 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 346: Configuring The Root Switch
The range is 0 to 4094. Switch(config)# spanning-tree mst 0 root primary Step 4 Returns to privileged EXEC mode. Example: Switch(config)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 347: Configuring A Secondary Root Switch
3. spanning-tree mst instance-id root secondary 4. end DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 348: Configuring Port Priority
Related Topics. This procedure is optional. Before You Begin A multiple spanning tree (MST) must be specified and enabled on the switch. For instructions, see Related Topics. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 349: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
The priority values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and 240. All other values are rejected. Step 5 Returns to privileged EXEC mode. Example: Switch(config-if)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 350: Configuring Path Cost
4. spanning-tree mst instance-id cost cost 5. end DETAILED STEPS Command or Action Purpose Step 1 Enables privileged EXEC mode. Enter your password if prompted. enable Example: Switch> enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 351: Configuring The Switch Priority
Changing the priority of a switch makes it more likely to be chosen as the root switch whether it is a standalone switch or a switch in the stack. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 352: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Priority values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. These are the only acceptable values. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 353: Configuring The Hello Time
Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Step 2 Enters the global configuration mode. configure terminal Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 354: Configuring The Forwarding-Delay Time
2. configure terminal 3. spanning-tree mst forward-time seconds 4. end DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 355: Configuring The Maximum-Aging Time
1. enable 2. configure terminal 3. spanning-tree mst max-age seconds 4. end DETAILED STEPS Command or Action Purpose Step 1 Enables privileged EXEC mode. Enter your password if prompted. enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 356: Configuring The Maximum-Hop Count
A multiple spanning tree (MST) must be specified and enabled on the switch. For instructions, see Related Topics. SUMMARY STEPS 1. enable 2. configure terminal 3. spanning-tree mst max-hops hop-count 4. end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 357: Specifying The Link Type To Ensure Rapid Transitions
This procedure is optional. Before You Begin A multiple spanning tree (MST) must be specified and enabled on the switch. For instructions, see Related Topics. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 358: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Example: Switch(config-if)# spanning-tree link-type point-to-point Step 5 Returns to privileged EXEC mode. Example: Switch(config-if)# end Related Topics Specifying the MST Region Configuration and Enabling MSTP , on page 261 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 359: Designating The Neighbor Type
Valid interfaces include physical ports. Example: Switch(config)# interface GigabitEthernet1/0/1 Step 4 spanning-tree mst pre-standard Specifies that the port can send only prestandard BPDUs. Example: Switch(config-if)# spanning-tree mst pre-standard Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 360: Restarting The Protocol Migration Process
• clear spanning-tree detected-protocols • clear spanning-tree detected-protocols interface interface-id DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 361: Configuring Pvst+ Simulation
Rapid PVST+ mode. If you disabled the feature and want to re-configure it, refer to the following tasks. To enable PVST+ simulation globally, perform this task: SUMMARY STEPS 1. enable 2. configure terminal 3. spanning-tree mst simulate pvst global 4. end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 362: Enabling Pvst+ Simulation On A Port
To enable PVST+ simulation on a port, perform this task: SUMMARY STEPS 1. enable 2. configure terminal 3. interface interface-id 4. spanning-tree mst simulate pvst 5. end 6. show spanning-tree summary Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 363: Examples
This example shows how to prevent the switch from automatically interoperating with a connecting switch that is running Rapid PVST+: Switch# configure terminal Switch(config)# no spanning-tree mst simulate pvst global Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 364: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
---------------- ---- --- --------- -------- ------------------------- Gi1/0/1 Desg BKN*4 128.270 P2p *PVST_Peer_Inc This example shows the spanning tree summary when PVST+ simulation is enabled in the MSTP mode: Switch# show spanning-tree summary Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 365: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Pathcost method used is short PVST Simulation Default is enabled but inactive in rapid-pvst mode Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- VLAN0001 VLAN2001 VLAN2002 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 366: Examples: Detecting Unidirectional Link Failure
This example shows the spanning tree status when port 1/0/1 detail has been configured to disable PVST+ simulation and the port is currently in the peer type inconsistent state: Switch# show spanning-tree Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 367: Monitoring Mst Configuration And Status
Displays MST information for the specified interface. interface-id Feature Information for MSTP Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 368: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Feature Information for MSTP Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 369: Finding Feature Information
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 370: Information About Optional Spanning-Tree Features
When you enable BPDU guard at the interface level on any port without also enabling the PortFast edge feature, and the port receives a BPDU, it is put in the error-disabled state. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 371: Bpdu Filtering
Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in spanning-tree loops. You can enable the BPDU filtering feature for the entire switch or for an interface. Related Topics Enabling BPDU Filtering , on page 305 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 372: Uplinkfast
Specifically, an uplink group consists of the root port (which is forwarding) and a set of blocked ports, except for self-looping ports. The uplink group provides an alternate path in case the currently forwarding link fails. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 373: Cross-Stack Uplinkfast
During the fast transition, an alternate redundant link on the switch stack is placed in the forwarding state without causing temporary spanning-tree loops or loss Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 374: How Cross-Stack Uplinkfast Works
If Switch 1 fails, if its stack-root port fails, or if Link 1 fails, CSUF selects either the alternate stack-root port on Switch 2 or Switch 3 and puts it into the forwarding state in less than 1 second. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 375: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
The Fast Uplink Transition Protocol is implemented on a per-VLAN basis and affects only one spanning-tree instance at a time. Related Topics Enabling UplinkFast for Use with Redundant Links , on page 307 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 376: Events That Cause Fast Convergence
When a switch receives an inferior BPDU, it means that a link to which the switch is not directly connected (an indirect link) has failed (that is, the designated switch has lost its connection to the root Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 377: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
BPDUs to Switch C, identifying itself as the root. When Switch C receives the inferior BPDUs from Switch B, Switch C assumes that an indirect failure has occurred. At that point, BackboneFast Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 378: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Specifying the MST Region Configuration and Enabling MSTP , on page 261 MSTP Configuration Guidelines, on page 243 Multiple Spanning-Tree Regions, on page 245 Enabling BackboneFast , on page 309 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 379: Etherchannel Guard
If a boundary port is blocked in an internal spanning-tree (IST) instance because of root guard, the interface also is blocked in all MST instances. A boundary port is an interface that connects to a Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 380: Loop Guard
Spanning tree sets the port’s operating state to non-port fast even if the configured state remains port fast edge and starts participating in the topology change. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 381: Bridge Assurance
• A PortFast normal port—is the default type of spanning tree port. Beginning with Cisco IOS Release 15.2(4)E, or IOS XE 3.8.0E, if you enter the Note spanning-tree portfast [trunk] command in the global or interface configuration mode, the system automatically saves it as spanning-tree portfast edge [trunk].
Page 382: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
The following figure demonstrates a potential network problem when the device fails (brain dead) and Bridge Assurance is not enabled on the network. Figure 30: Network Loop Due to a Malfunctioning Switch Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 383: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Sep 17 09:48:16.249 PDT: %SPANTREE-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port GigabitEthernet1/0/1 on VLAN0001. BRIDGE_ASSURANCE_UNBLOCK Sep 17 09:48:58.426 PDT: %SPANTREE-2-BRIDGE_ASSURANCE_UNBLOCK: Bridge Assurance unblocking port GigabitEthernet1/0/1 on VLAN0001. Follow these guidelines when enabling Bridge Assurance: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 384: How To Configure Optional Spanning-Tree Features
This procedure is optional. SUMMARY STEPS 1. enable 2. configure terminal 3. interface interface-id 4. spanning-tree portfast [trunk] 5. end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 385: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
What to Do Next You can use the spanning-tree portfast default global configuration command to globally enable the PortFast feature on all nontrunking ports. Related Topics PortFast, on page 288 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 386: Enabling Bpdu Guard
By default, BPDU guard is disabled. Example: Switch(config)# spanning-tree portfast edge bpduguard default Step 4 interface interface-id Specifies the interface connected to an end station, and enters interface configuration mode. Example: Switch(config)# interface gigabitethernet1/0/2 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 387: Enabling Bpdu Filtering
Configure PortFast edge only on interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data packet loop and disrupt switch and network operation. This procedure is optional. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 388: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 5 spanning-tree portfast edge Enables the PortFast edge feature on the specified interface. Example: Switch(config-if)# spanning-tree portfast edge Step 6 Returns to privileged EXEC mode. Example: Switch(config-if)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 389: Enabling Uplinkfast For Use With Redundant Links
Step 3 spanning-tree uplinkfast [max-update-rate Enables UplinkFast. pkts-per-second] (Optional) For pkts-per-second, the range is 0 to 32000 packets per second; the default is 150. Example: Switch(config)# spanning-tree uplinkfast max-update-rate 200 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 390: Disabling Uplinkfast
Follow these steps to disable UplinkFast and Cross-Stack UplinkFast (CSUF). Before You Begin UplinkFast must be enabled. SUMMARY STEPS 1. enable 2. configure terminal 3. no spanning-tree uplinkfast 4. end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 391: Enabling Backbonefast
If you use BackboneFast, you must enable it on all switches in the network. BackboneFast is not supported on Token Ring VLANs. This feature is supported for use with third-party switches. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 392: Enabling Etherchannel Guard
You can enable EtherChannel guard to detect an EtherChannel misconfiguration if your switch is running PVST+, Rapid PVST+, or MSTP. This procedure is optional. Follow these steps to enable EtherChannel Guard on the switch. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 393: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
EXEC command to verify the EtherChannel configuration. After the configuration is corrected, enter the shutdown and no shutdown interface configuration commands on the port-channel interfaces that were misconfigured. Related Topics EtherChannel Guard, on page 297 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 394: Enabling Root Guard
Step 3 interface interface-id Specifies an interface to configure, and enters interface configuration mode. Example: Switch(config)# interface gigabitethernet1/0/2 Step 4 Enables root guard on the interface. spanning-tree guard root Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 395: Enabling Loop Guard
This procedure is optional. Follow these steps to enable loop guard on the switch. SUMMARY STEPS 1. Enter one of the following commands: • show spanning-tree active • show spanning-tree mst 2. configure terminal 3. spanning-tree loopguard default 4. end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 396: Enabling Portfast Port Types
This section describes the different steps to enable Portfast Port types. Related Topics STP PortFast Port Types, on page 298 Configuring the Default Port State Globally To configure the default PortFast state, perform this task: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 397: Configuring Portfast Edge On A Specified Interface
Switch(config)# end Configuring PortFast Edge on a Specified Interface Interfaces configured as edge ports immediately transition to the forwarding state, without passing through the blocking or learning states, on linkup. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 398: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
VLANs and from which the port should never receive STP BPDUs. Such end host devices include workstations, servers, and ports on routers that are not configured to support bridging. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 399: Configuring A Portfast Network Port On A Specified Interface
To configure a port as a network port, perform this task. SUMMARY STEPS 1. enable 2. configure terminal 3. interface interface-id | port-channel port_channel_number 4. spanning-tree portfast network 5. end 6. show running interface interface-id | port-channel port_channel_number Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 400: Enabling Bridge Assurance
| port-channel Verifies the configuration. port_channel_number Example: Switch# show running interface gigabitethernet 1/0/1 | port-channel port_channel_number Enabling Bridge Assurance To configure the Bridge Assurance, perform the steps given below: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 401: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch(config)# end Step 5 show spanning-tree summary Displays spanning tree information and shows if Bridge Assurance is enabled. Example: Switch# show spanning-tree summary Related Topics Bridge Assurance, on page 299 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 402: Examples
This example shows how to verify the configuration: Switch# show running-config interface gigabitethernet1/0/1 Building configuration... Current configuration: 1/0/1 interface GigabitEthernet no ip address switchport switchport access vlan 200 switchport mode access Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 403: Example: Configuring Bridge Assurance
Portfast Edge BPDU Filter Default is disabled Loopguard Default is enabled PVST Simulation Default is enabled but inactive in rapid-pvst mode Bridge Assurance is enabled UplinkFast is disabled Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 404: Monitoring The Spanning-Tree Status
Displays spanning-tree portfast information for the specified interface. interface-id portfast edge Feature Information for Optional Spanning-Tree Features Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 405: Finding Feature Information
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 406: Information About Etherchannels
Related Topics Configuring Layer 2 EtherChannels , on page 342 EtherChannel Configuration Guidelines, on page 338 Default EtherChannel Configuration, on page 337 Layer 2 EtherChannel Configuration Guidelines, on page 340 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 407: Etherchannel Modes
Related Topics Configuring Layer 2 EtherChannels , on page 342 EtherChannel Configuration Guidelines, on page 338 Default EtherChannel Configuration, on page 337 Layer 2 EtherChannel Configuration Guidelines, on page 340 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 408: Etherchannel On Switches
You can create an EtherChannel on a switch, on a single switch in the stack, or on multiple switches in the stack (known as cross-stack EtherChannel). Figure 34: Single-Switch EtherChannel Figure 35: Cross-Stack EtherChannel Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 409: Etherchannel Link Failover
An EtherChannel comprises a channel group and a port-channel interface. The channel group binds physical ports to the port-channel interface. Configuration changes applied to the port-channel interface apply to all the physical ports bound together in the channel group. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 410: Port Aggregation Protocol
Layer 2 EtherChannel Configuration Guidelines, on page 340 Port Aggregation Protocol The Port Aggregation Protocol (PAgP) is a Cisco-proprietary protocol that can be run only on Cisco switches and on those switches licensed by vendors to support PAgP. PAgP facilitates the automatic creation of EtherChannels by exchanging PAgP packets between Ethernet ports.
Page 411: Pagp Modes
EtherChannel Configuration Guidelines, on page 338 Default EtherChannel Configuration, on page 337 Layer 2 EtherChannel Configuration Guidelines, on page 340 Creating Port-Channel Logical Interfaces EtherChannel Configuration Guidelines, on page 338 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 412: Silent Mode
You also can configure a single port within the group for all transmissions and use other ports for hot-standby. The unused ports in the group can be swapped into operation in just a few seconds if the selected single port Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 413: Pagp Interaction With Virtual Switches And Dual-Active Detection
PAgP Interaction with Other Features The Dynamic Trunking Protocol (DTP) and the Cisco Discovery Protocol (CDP) send and receive packets over the physical ports in the EtherChannel. Trunk ports send and receive PAgP protocol data units (PDUs) on the lowest numbered VLAN.
Page 414: Link Aggregation Control Protocol
Link Aggregation Control Protocol The LACP is defined in IEEE 802.3ad and enables Cisco switches to manage Ethernet channels between switches that conform to the IEEE 802.3ad protocol. LACP facilitates the automatic creation of EtherChannels by exchanging LACP packets between Ethernet ports.
Page 415: Lacp Interaction With Other Features
With source-MAC address forwarding, when packets are forwarded to an EtherChannel, they are distributed across the ports in the channel based on the source-MAC address of the incoming packet. Therefore, to provide Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 416: Ip Address Forwarding
Different load-balancing methods have different advantages, and the choice of a particular load-balancing method should be based on the position of the switch in the network and the kind of traffic that needs to be load-distributed. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 417: Etherchannel Load Deferral Overview
(SSO). Cisco Catalyst Instant Access creates a single network touch point and a single point of configuration across distribution and access layer switches. Instant Access enables the merging of physical distribution and access...
Page 418: Etherchannel And Switch Stacks
PAgP or LACP configuration on the losing switch stack is lost after the stack reboots. For a mixed stack containing one or more Catalyst 2960-S switches, we recommend that you configure no more than six EtherChannels on the stack. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 419: Switch Stack And Pagp
LACP system priority and the switch or stack MAC address. Load-balancing Load distribution on the switch is based on the source-MAC address of the incoming packet. Related Topics Configuring Layer 2 EtherChannels , on page 342 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 420: Etherchannel Configuration Guidelines
• Enable all ports in an EtherChannel. A port in an EtherChannel that is disabled by using the shutdown interface configuration command is treated as a link failure, and its traffic is transferred to one of the remaining ports in the EtherChannel. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 421: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
PAgP Modes , on page 329 Silent Mode, on page 330 Configuring the Physical Interfaces Channel Groups and Port-Channel Interfaces, on page 327 PAgP Modes , on page 329 Silent Mode, on page 330 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 422: Layer 2 Etherchannel Configuration Guidelines
Channel Groups and Port-Channel Interfaces, on page 327 PAgP Modes , on page 329 Silent Mode, on page 330 Configuring EtherChannel Load-Balancing Load-Balancing and Forwarding Methods, on page 333 MAC Address Forwarding, on page 333 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 423: Auto-Lag
Auto-LAG uses the LACP protocol to create auto EtherChannel. Only one EtherChannel can be Note automatically created with the unique partner devices. Related Topics Configuring Auto-LAG Globally, on page 355 Configuring Auto LAG: Examples, on page 360 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 424: Auto-Lag Configuration Guidelines
If you enabled PAgP on a port in the auto or desirable mode, you must reconfigure it for either the on mode or the LACP mode before adding this port to a cross-stack EtherChannel. PAgP does not support cross-stack EtherChannels. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 425: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• auto —Enables PAgP only if a PAgP device is detected. It places the port into Example: a passive negotiating state, in which the port responds to PAgP packets it receives but does not start PAgP packet negotiation.This keyword is not Switch(config-if)# Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 426: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
PAgP Modes , on page 329 Silent Mode, on page 330 EtherChannel Configuration Guidelines, on page 338 Default EtherChannel Configuration, on page 337 Layer 2 EtherChannel Configuration Guidelines, on page 340 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 427: Configuring Etherchannel Load-Balancing
• src-dst-mac—Specifies the source and destination host MAC address. • src-ip—Specifies the source host IP address. • src-mac—Specifies the source MAC address of the incoming packet. Step 3 Returns to privileged EXEC mode. Example: Switch(config)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 428: Configuring Port Channel Load Deferral
Enables port load share deferral on the port channel. Example: Switch(config-if)# port-channel load-defer Step 6 Exits interface configuration mode and returns to privileged EXEC mode. Example: Switch(config-if)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 429: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Group #ports group frame-dist slot port mask interface index -------------------------------------------------------------------- src-mac src-mac src-mac src-mac src-mac src-mac src-mac src-mac src-mac src-mac 0000 Gi1/0/12 FFFF Gi1/0/10 FFFF Gi1/0/11 src-mac src-mac src-mac src-mac src-mac Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 430: Configuring The Pagp Learn Method And Priority
For priority, the range is 0 to 255. The default is 128. The higher the priority, the more likely that the port will be used for PAgP transmission. Switch(config-if)# pagp port-priority Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 431: Configuring Lacp Hot-Standby Ports
The port priority and port number values for the other system are not used. You can change the default values of the LACP system priority and the LACP port priority to affect how the software selects active and standby links. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 432: Configuring The Lacp System Priority
The range is 1 to 65535. The default is 32768. Example: The lower the value, the higher the system priority. Switch(config)# lacp system-priority 32000 Step 4 Returns to privileged EXEC mode. Example: Switch(config)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 433: Configuring The Lacp Port Priority
Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Step 2 configure terminal Enters global configuration mode. Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 434: Configuring The Lacp Port Channel Min-Links Feature
To configure the minimum number of links that are required for a port channel. Perform the following tasks. SUMMARY STEPS 1. enable 2. configure terminal 3. interface port-channel channel-number 4. port-channel min-links min-links-number 5. end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 435: Configuring Lacp Fast Rate Timer
LACP control packets are received by an LACP-supported interface. You can change the timeout rate from the default rate (30 seconds) to the fast rate (1 second). This command is supported only on LACP-enabled interfaces. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 436: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch(config-if)# lacp rate fast Step 5 Returns to privileged EXEC mode. Example: Switch(config)# end Step 6 Verifies your configuration. show lacp internal Example: Switch# show lacp internal Switch# show lacp counters Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 437: Configuring Auto-Lag Globally
By default, the auto-LAG feature is enabled on the Note port. Step 4 Returns to privileged EXEC mode. Example: Switch(config)# end Step 5 show etherchannel auto Displays that EtherChannel is created automatically. Example: Switch# show etherchannel auto Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 438: Configuring Auto-Lag On A Port Interface
Use the no form of this command to disable the auto-LAG feature on individual port interface. Example: Switch(config-if)# channel-group auto By default, the auto-LAG feature is enabled on the Note port. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 439: Configuring Persistence With Auto-Lag
2. port-channel channel-number persistent 3. show etherchannel summary DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 440: Monitoring Etherchannel, Pagp, And Lacp Status
Displays PAgP information such as traffic | internal | neighbor } information, the internal PAgP configuration, and neighbor information. show pagp [ channel-group-number ] dual-active Displays the dual-active detection status. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 441: Configuration Examples For Configuring Etherchannels
1 and one port on stack member 2 as static-access ports in VLAN 10 to channel Switch# configure terminal Switch(config)# interface range gigabitethernet2/0/4 -5 Switch(config-if-range)# switchport mode access Switch(config-if-range)# switchport access vlan 10 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 442: Example: Configuring Port Channel Load Deferral
- unsuitable for bundling w - waiting to be aggregated d - default port A - formed by Auto LAG Number of channel-groups in use: 1 Number of aggregators: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 443: Configuring Lacp Port Channel Min-Links: Examples
Configuring LACP Fast Rate Timer: Examples This example shows you how to configure the LACP rate: switch > enable switch# configure terminal switch(config)# interface gigabitEthernet 2/1 switch(config-if)# lacp rate fast switch(config-if)# exit switch(config)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 444: Additional References For Etherchannels
Description Link To help you research and resolve system error https://www.cisco.com/cgi-bin/Support/Errordecoder/ messages in this release, use the Error Message index.cgi Decoder tool. Standards and RFCs Standard/RFC Title None — Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 445: Feature Information For Etherchannels
Cisco.com user ID and password. Feature Information for EtherChannels Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Cisco IOS 15.2(3)E2, Cisco IOS XE 3.7.2E Auto-LAG feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 446: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Feature Information for EtherChannels Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 447: Finding Feature Information
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 448: Understanding Link-State Tracking
An interface can be an aggregation of ports (an EtherChannel) or a single physical port in either access Note or trunk mode . Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 449: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
◦ Switch A provides primary links to server 1 and server 2 through link-state group 1. Port 1 is connected to server 1, and port 2 is connected to server 2. Port 1 and port 2 are the downstream interfaces in link-state group 1. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 450: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
You can recover a downstream interface link-down condition by removing the failed downstream port from the link-state group. To recover multiple downstream interfaces, disable the link-state group. Related Topics How to Configure Link-State Tracking , on page 369 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 451: How To Configure Link-State Tracking
[ number ]{upstream | Specifies a link-state group and configures the interface as either an upstream or downstream interface in the group. downstream} Example: Switch(config-if)# link state group 2 upstream Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 452: Monitoring Link-State Tracking
Switch(config-if)# link state group 1 downstream Switch(config-if)# end Related Topics Understanding Link-State Tracking, on page 366 How to Configure Link-State Tracking , on page 369 Monitoring Link-State Tracking Status Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 453: Additional References For Link-State Tracking
Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 454: Feature Information For Link-State Tracking
Feature Information for Link-State Tracking Feature Information for Link-State Tracking Releases Feature Information Cisco IOS Release 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 455: Finding Feature Information
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 456: Information About Flex Links And Mac Address-Table Move Update
When the active link comes back up, it goes into standby mode and does not forward traffic. STP is disabled on Flex Links interfaces. Related Topics Configuring a Preemption Scheme for a Pair of Flex Links , on page 381 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 457: Flex Links Configuration
VLANs. In addition to providing the redundancy, this Flex Links pair can be used for load balancing. Flex Links VLAN load balancing does not impose any restrictions on uplink switches. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 458: Multicast Fast Convergence With Flex Links Failover
When the backup link starts forwarding, to achieve faster convergence of multicast data, the downstream switch immediately sends proxy reports for all the learned groups on this port without waiting for a general query. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 459: Leaking Igmp Reports
In the following figure, switch A is an access switch, and ports 1 and 2 on switch A are connected to uplink switches B and D through a Flex Links pair. Port 1 is forwarding traffic, and port 2 is in the backup state. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 460: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch A does not need to wait for the MAC address-table update. The switch detects a failure on port 1 and immediately starts forwarding server traffic from port 2, the new forwarding port. This change occurs in less Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 461: Flex Links Vlan Load Balancing Configuration Guidelines
Related Topics Configuring a Preemption Scheme for a Pair of Flex Links , on page 381 Configuring Flex Links , on page 380 Configuring Flex Links: Examples, on page 387 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 462: How To Configure Flex Links And The Mac Address-Table Move Update Feature
Step 4 Returns to privileged EXEC mode. Example: Switch(conf-if)# end Related Topics Flex Links, on page 374 Default Flex Links and MAC Address-Table Move Update Configuration, on page 379 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 463: Configuring A Preemption Scheme For A Pair Of Flex Links
Configures a preemption mechanism and delay for a Flex Links mode [forced | bandwidth | off] interface pair. You can configure the preemption as: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 464: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Configuring Flex Links: Examples, on page 387 Flex Links Configuration, on page 375 Monitoring Flex Links, Multicast Fast Convergence, and MAC Address-Table Move Update, on page Configuring Flex Links: Examples, on page 387 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 465: Configuring Vlan Load Balancing On Flex Links
Restrictions for Configuring Flex Links and MAC Address-Table Move Update, on page 373 Configuring VLAN Load Balancing on Flex Links: Examples, on page 387 Configuring VLAN Load Balancing on Flex Links: Examples, on page 387 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 466: Configuring Mac Address-Table Move Update
VLAN ID on the interface, which is used for sending the MAC address-table move update. When one link is forwarding traffic, the other interface is in standby Example: mode. Switch(config-if)# switchport backup interface gigabitethernet0/2 mmu primary vlan 2 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 467: Configuring A Switch To Obtain And Process Mac Address-Table Move Update Messages
Configuring a Switch to Obtain and Process MAC Address-Table Move Update Messages SUMMARY STEPS 1. configure terminal 2. mac address-table move update receive 3. end DETAILED STEPS Command or Action Purpose Step 1 Enters global configuration mode configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 468: Monitoring Flex Links, Multicast Fast Convergence, And Mac Address-Table Move Update
Displays the specified IGMP profile or all the IGMP profiles move update profile-id defined on the switch. Displays the MAC address-table move update information on the show mac address-table move update switch. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 469: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
In the following example, VLANs 1 to 50, 60, and 100 to 120 are configured on the switch: Switch(config)# interface gigabitethernet 2/0/6 Switch(config-if)# switchport backup interface gigabitethernet 2/0/8 prefer vlan 60,100-120 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 470: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Configuring VLAN Load Balancing on Flex Links , on page 383 Flex Links VLAN Load Balancing Configuration Guidelines, on page 379 Restrictions for Configuring Flex Links and MAC Address-Table Move Update, on page 373 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 471: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch(config-if)# switchport trunk encapsulation dot1q Switch(config-if)# switchport mode trunk Switch(config-if)# end Switch# show interfaces switchport backup detail Switch Backup Interface Pairs: Active Interface Backup Interface State GigabitEthernet1/0/11 GigabitEthernet1/0/12 Active Up/Backup Standby Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 472: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
GigabitEthernet1/0/11 GigabitEthernet1/0/12 Active Up/Backup Standby Preemption Mode : off Multicast Fast Convergence : On Bandwidth : 100000 Kbit (Gi1/0/11), 100000 Kbit (Gi1/0/12) Mac Address Move Update Vlan : auto Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 473: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Related Documents Related Topic Document Title Layer 2 command reference Catalyst 2960-X Switch Layer 2 Command Reference switchport backup interface command Catalyst 2960-X Switch Interface and Hardware Component Command Reference Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 474: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 475: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Feature Information for Flex Links and MAC Address-Table Move Update Feature Information for Flex Links and MAC Address-Table Move Update Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 476: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Feature Information for Flex Links and MAC Address-Table Move Update Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 477: Finding Feature Information
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 478: Information About Udld
In this case, UDLD does not take any action and the logical link is considered undetermined. Related Topics Enabling UDLD Globally , on page 399 Enabling UDLD on an Interface , on page 400 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 479: Aggressive Mode
UDLD sends at least one message to inform the neighbors to flush the part of their caches affected by the status change. The message is intended to keep the caches synchronized. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 480: Event-Driven Detection And Echoing
UDLD per-port enable state for fiber-optic media Disabled on all Ethernet fiber-optic ports UDLD per-port enable state for twisted-pair (copper) Disabled on all Ethernet 10/100 and 1000BASE-TX media ports Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 481: How To Configure Udld
UDLD probe messages on ports that are in the advertisement phase and are detected to be bidirectional. The range is from 1 to 90 seconds; the default value is 15. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 482: Enabling Udld On An Interface
1. configure terminal 2. interface interface-id 3. udld port [aggressive] 4. end DETAILED STEPS Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 483: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Default UDLD Configuration, on page 398 Monitoring and Maintaining UDLD Command Purpose show udld [interface-id | neighbors] Displays the UDLD status for the specified port or for all ports. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 484: Additional References For Udld
All supported MIBs for this release. To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 485: Feature Information For Udld
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Feature Information for UDLD Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 486: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Feature Information for UDLD Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 487: Network Management
P A R T Network Management • Configuring Cisco IOS Configuration Engine, page 407 • Configuring the Cisco Discovery Protocol, page 431 • Configuring Simple Network Management Protocol, page 445 • Configuring SPAN and RSPAN, page 471...
Page 489: Finding Feature Information
• All switches configured with the cns config partial global configuration command must access the event bus. The DeviceID, as originated on the switch, must match the DeviceID of the corresponding switch definition in the Cisco Configuration Engine. You must know the hostname of the event bus to which you are connecting.
Page 490: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Each Cisco Configuration Engine manages a group of Cisco devices (switches and routers) and the services that they deliver, storing their configurations and delivering them as needed. The Cisco Configuration Engine automates initial configurations and configuration updates by generating device-specific configuration changes, sending them to the device, executing the configuration change, and logging the results.
Page 491: Configuration Service
The Cisco IOS agent can perform a syntax check on received configuration files and publish events to show the success or failure of the syntax check. The configuration agent can either apply configurations immediately or delay the application until receipt of a synchronization event from the configuration server.
Page 492: Event Service
The event service uses namespace content for subject-based addressing of messages. The Cisco Configuration Engine intersects two namespaces, one for the event bus and the other for the configuration server. Within the scope of the configuration server namespace, the term ConfigID is the unique identifier for a device.
Page 493: Deviceid
The logical Cisco IOS termination point on the event bus is embedded in the event gateway, which in turn functions as a proxy on behalf of the switch. The event gateway represents the switch and its corresponding DeviceID to the event bus.
Page 494: Cisco Ios Cns Agents
The CNS event agent feature allows the switch to publish and subscribe to events on the event bus and works with the Cisco IOS CNS agent. These agents, embedded in the switch Cisco IOS software, allow the switch to be connected and automatically configured.
Page 495: Incremental (Partial) Configuration
Incremental (Partial) Configuration After the network is running, new services can be added by using the Cisco IOS CNS agent. Incremental (partial) configurations can be sent to the switch. The actual configuration can be sent as an event payload by way of the event gateway (push operation) or as a signal event that triggers the switch to initiate a pull operation.
Page 496: How To Configure The Configuration Engine
You must enable the CNS event agent on the switch before you enable the CNS configuration agent. Note Follow these steps to enable the CNS event agent on the switch. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 497: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• (Optional) Enter backup to show that this is the backup gateway. (If omitted, this is the primary gateway.) Though visible in the command-line help string, the encrypt Note and the clock-timeout time keywords are not supported. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 498: Enabling The Cisco Ios Cns Agent
Event Service, on page 410 Enabling the Cisco IOS CNS Agent Follow these steps to enable the Cisco IOS CNS agent on the switch. Before You Begin You must enable the CNS event agent on the switch before you enable this agent.
Page 499: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch(config)# cns config initial • (Optional) For port number, enter the port number for the 10.180.1.27 10 configuration server. This command enables the Cisco IOS CNS agent and initiates an initial configuration on the switch. Step 4 cns config partial {hostname | ip-address}...
Page 500: Enabling An Initial Configuration For Cisco Ios Cns Agent
Step 8 Start the Cisco IOS CNS agent on the switch. What to Do Next You can now use the Cisco Configuration Engine to remotely send incremental configurations to the switch. Related Topics Cisco IOS CNS Agents, on page 412 Enabling an Initial Configuration for Cisco IOS CNS Agent Follow these steps to enable the CNS configuration agent and initiate an initial configuration on the switch.
Page 501: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Purpose Step 1 Enables privileged EXEC mode. Enter your password if prompted. enable Example: Switch> enable Step 2 configure terminal Enters the global configuration mode. Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 502: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(Optional) For subinterface subinterface-number, specify the point-to-point subinterface number that is used to search for active Switch(config-cns-conn)# discover DLCIs. interface gigabitethernet • For interface [interface-type], enter the type of interface. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 503: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• (Optional) Enter image to set the ID to be the image-id value used to identify the switch. Note If both the event and image keywords are omitted, the image-id value is used to identify the switch. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 504: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 17 Returns to privileged EXEC mode. Example: Switch(config)# end Step 18 show running-config Verifies your entries. Example: Switch# show running-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 505: Refreshing Deviceids
To verify information about the configuration agent, use the show cns config connections command in privileged EXEC mode. To disable the CNS Cisco IOS agent, use the no cns config initial { ip-address | hostname } global configuration command. Related Topics...
Page 506: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Specifies the IP address and port number that you recorded in Step 5 in this command. Example: This command reestablishes the connection between the Switch(config)# cns event 172.28.129.22 2012 switch and the event gateway. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 507: Enabling A Partial Configuration For Cisco Ios Cns Agent
Related Topics Hostname and DeviceID, on page 411 Enabling a Partial Configuration for Cisco IOS CNS Agent Follow these steps to enable the Cisco IOS CNS agent and to initiate a partial configuration on the switch. SUMMARY STEPS 1. enable 2.
Page 508: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
What to Do Next To verify information about the configuration agent, use either the show cns config stats or the show cns config outstanding command in privileged EXEC mode. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 509: Monitoring Cns Configurations
Monitoring CNS Configurations To disable the Cisco IOS agent, use the no cns config partial { ip-address | hostname } global configuration command. To cancel a partial configuration, use the cns config cancel global configuration command. Related Topics Incremental (Partial) Configuration, on page 413...
Page 510: Additional References
All supported MIBs for this release. To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 511: Feature History And Information For The Configuration Engine
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Feature History and Information for the Configuration Engine Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 512: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Feature History and Information for the Configuration Engine Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 513: Finding Feature Information
Information About CDP CDP Overview CDP is a device discovery protocol that runs over Layer 2 (the data-link layer) on all Cisco-manufactured devices (routers, bridges, access servers, controllers, and switches) and allows network management applications to discover Cisco devices that are neighbors of already known devices. With CDP, network management applications can learn the device type and the Simple Network Management Protocol (SNMP) agent address of neighboring devices running lower-layer, transparent protocols.
Page 514: Cdp And Stacks
Enabling CDP on an Interface, on page 439 Disabling CDP on an Interface, on page 437 How to Configure CDP Configuring CDP Characteristics You can configure these CDP characteristics: • Frequency of CDP updates Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 515: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Example: The range is 10 to 255 seconds; the default is 180 seconds. Switch(config)# cdp holdtime 60 Step 5 cdp advertise-v2 (Optional) Configures CDP to send Version-2 advertisements. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 516: Disabling Cdp
Monitoring and Maintaining CDP, on page 441 Disabling CDP CDP is enabled by default. Switch clusters and other Cisco devices (such as Cisco IP Phones) regularly exchange CDP messages. Note Disabling CDP can interrupt cluster discovery and device connectivity. Follow these steps to disable the CDP device discovery capability.
Page 517: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 5 Verifies your entries. show running-config Example: Switch# show running-config Step 6 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 518: Enabling Cdp
Default CDP Configuration, on page 432 Enabling CDP CDP is enabled by default. Switch clusters and other Cisco devices (such as Cisco IP Phones) regularly exchange CDP messages. Note Disabling CDP can interrupt cluster discovery and device connectivity. Follow these steps to enable CDP when it has been disabled.
Page 519: Disabling Cdp On An Interface
Disabling CDP on an Interface CDP is enabled by default on all supported interfaces to send and to receive CDP information. Switch clusters and other Cisco devices (such as Cisco IP Phones) regularly exchange CDP messages. Note Disabling CDP can interrupt cluster discovery and device connectivity.
Page 520: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Disables CDP on the interface specified in Step 3. Example: Switch(config-if)# no cdp enable Step 5 Returns to privileged EXEC mode. Example: Switch(config)# end Step 6 show running-config Verifies your entries. Example: Switch# show running-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 521: Enabling Cdp On An Interface
Enabling CDP on an Interface CDP is enabled by default on all supported interfaces to send and to receive CDP information. Switch clusters and other Cisco devices (such as Cisco IP Phones) regularly exchange CDP messages. Note Disabling CDP can interrupt cluster discovery and device connectivity.
Page 522: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Related Topics Default CDP Configuration, on page 432 Disabling CDP on an Interface, on page 437 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 523: Monitoring And Maintaining Cdp
Displays CDP counters, including the number of packets sent and received and checksum errors. Related Topics Configuring CDP Characteristics, on page 432 CDP Overview, on page 431 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 524: Additional References
All supported MIBs for this release. To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 525: Feature History And Information For Cisco Discovery Protocol
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Feature History and Information for Cisco Discovery Protocol Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 526: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Feature History and Information for Cisco Discovery Protocol Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 527: Configuring Simple Network Management Protocol
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 528: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Table 46: SNMP Security Models and Levels Model Level Authentication Encryption Result SNMPv1 noAuthNoPriv Community string Uses a community string match for authentication. SNMPv2C noAuthNoPriv Community string Uses a community string match for authentication. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 529: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
You must configure the SNMP agent to use the SNMP version supported by the management station. Because an agent can communicate with multiple managers, you can configure the software to support communications using SNMPv1, SNMPv2C, or SNMPv3. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 530: Restrictions For Snmp
The SNMP system consists of an SNMP manager, an SNMP agent, and a management information base (MIB). The SNMP manager can be part of a network management system (NMS) such as Cisco Prime Infrastructure. The agent and MIB reside on the switch. To configure SNMP on the switch, you define the relationship between the manager and the agent.
Page 531: Snmp Agent Functions
Configuring Community Strings, on page 454 SNMP MIB Variables Access An example of an NMS is the Cisco Prime Infrastructure network management software. Cisco Prime Infrastructure 2.0 software uses the switch MIB variables to set device variables and to poll devices on the network for specific information.
Page 532: Snmp Notifications
10003, this value is the same after the switch reboots. The switch uses one of the values in the following table to assign an ifIndex value to an interface: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 533: Default Snmp Configuration
Modifying the group's notify view affects all users associated with that group. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 534: How To Configure Snmp
The no snmp-server global configuration command disables all running versions (Version 1, Version 2C, and Version 3) of the SNMP agent on the device. You reenable all versions of the SNMP agent by the first snmp-server global configuration command that you enter. There is no Cisco IOS command specifically designated for enabling SNMP.
Page 535: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(Optional) Saves your entries in the configuration copy running-config startup-config file. Example: Switch# copy running-config startup-config Related Topics SNMP Agent Functions, on page 449 Monitoring SNMP Status, on page 467 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 536: Configuring Community Strings
SNMP protocol. You can configure one or more community strings community comaccess ro 4 of any length. • (Optional) For view, specify the view record accessible to the community. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 537: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 6 show running-config Verifies your entries. Example: Switch# show running-config Step 7 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 538: Configuring Snmp Groups And Users
6. end 7. show running-config 8. copy running-config startup-config DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 539: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(Optional) Enter access access-list with a string (not to exceed 64 characters) that is the name of the access list. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 540: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 7 show running-config Verifies your entries. Example: Switch# show running-config Step 8 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 541: Configuring Snmp Notifications
By default, no trap manager is defined, and no traps are sent. Switches running this Cisco IOS release can have an unlimited number of trap managers. Many commands use the word traps in the command syntax. Unless there is an option in the command Note to select either traps or informs, the keyword traps refers to traps, informs, or both.
Page 542: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Generates a trap for Open Shortest Path First (OSPF) changes. You can enable any or all of these traps: Cisco specific, errors, link-state advertisement, rate limit, retransmit, and state changes. Generates a trap for Protocol-Independent Multicast (PIM) changes.
Page 543: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
You cannot configure a remote user for an address without access-list] [auth {md5 | sha} auth-password] } first configuring the engine ID for the remote host. Otherwise, you receive an error message, and the command is not executed. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 544: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
When you configure a trap by using the notification type Note port-security, configure the port security trap first, and then configure the port security trap rate: 1 snmp-server enable traps port-security 2 snmp-server enable traps port-security trap-rate rate Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 545: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
The no snmp-server host command with no keywords disables traps, but not informs, to the host. To disable informs, use the no snmp-server host informs global configuration command. To disable a specific trap type, use the no snmp-server enable traps notification-types global configuration command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 546: Setting The Agent Contact And Location Information
Sets the system contact string. Example: Switch(config)# snmp-server contact Dial System Operator at beeper 21555 Step 4 snmp-server location text Sets the system location string. Example: Switch(config)# snmp-server location Building 3/Room Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 547: Limiting Tftp Servers Used Through Snmp
4. access-list access-list-number {deny | permit} source [source-wildcard] 5. end 6. show running-config 7. copy running-config startup-config DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 548: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
The access list is always terminated by an implicit deny statement for everything. Step 5 Returns to privileged EXEC mode. Example: Switch(config)# end Step 6 Verifies your entries. show running-config Example: Switch# show running-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 549: Monitoring Snmp Status
Disabling the SNMP Agent, on page 452 SNMP Agent Functions, on page 449 Configuring SNMP Groups and Users, on page 456 SNMP Configuration Guidelines, on page 451 Configuring SNMP Notifications, on page 459 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 550: Snmp Examples
Switch(config)# snmp-server enable traps entity Switch(config)# snmp-server host cisco.com restricted entity This example shows how to enable the switch to send all traps to the host myhost.cisco.com using the community string public: Switch(config)# snmp-server enable traps Switch(config)# snmp-server host myhost.cisco.com public...
Page 551: Additional References
All supported MIBs for this release. To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 552: Feature History And Information For Simple Network Management Protocol
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Feature History and Information for Simple Network Management Protocol Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 553: Configuring Span And Rspan
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 554: Restrictions For Span And Rspan
SPAN source ports and VLANs. Both switched and routed ports can be configured as SPAN sources and destinations. • You can have multiple destination ports in a SPAN session, but no more than 64 destination ports per switch stack. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 555: Information About Span And Rspan
Only traffic that enters or leaves source ports or traffic that enters or leaves source VLANs can be monitored by using SPAN; traffic routed to a source VLAN cannot be monitored. For example, if incoming traffic is Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 556: Local Span
You can use the SPAN or RSPAN destination port to inject traffic from a network security device. For example, if you connect a Cisco Intrusion Detection System (IDS) sensor appliance to a destination port, the IDS device can send TCP reset packets to close down the TCP session of a suspected attacker.
Page 557: Remote Span
The RSPAN traffic from the source ports or VLANs is copied into the RSPAN VLAN and forwarded over trunk ports carrying the RSPAN VLAN to a destination session monitoring the RSPAN VLAN. Each RSPAN Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 558: Span And Rspan Concepts And Terminology
Examples: Creating an RSPAN VLAN, on page 503 SPAN and RSPAN Concepts and Terminology • SPAN Sessions • Monitored Traffic • Source Ports • Source VLANs • VLAN Filtering • Destination Port • RSPAN VLAN Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 559: Span Sessions
• The switch does not support a combination of local SPAN and RSPAN in a single session. ◦ An RSPAN source session cannot have a local destination port. ◦ An RSPAN destination session cannot have a local source port. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 560: Monitored Traffic
The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP).
Page 561: Source Ports
• If ports are added to or removed from the source VLANs, the traffic on the source VLAN received by those ports is added to or removed from the sources being monitored. • You cannot use filter VLANs in the same session with VLAN sources. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 562: Vlan Filtering
• If ingress traffic forwarding is enabled for a network security device, the destination port forwards traffic at Layer 2. • It does not participate in any of the Layer 2 protocols (STP, VTP, CDP, DTP, PagP). Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 563: Rspan Vlan
• Routing—SPAN does not monitor routed traffic. VSPAN only monitors traffic that enters or exits the switch, not traffic that is routed between VLANs. For example, if a VLAN is being Rx-monitored and Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 564: Span And Rspan And Device Stacks
Therefore, the addition or deletion of switches in the stack can affect a local SPAN session, as well as an RSPAN source or destination session. An active session can become Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 565: Default Span And Rspan Configuration
• As RSPAN VLANs have special properties, you should reserve a few VLANs across your network for use as RSPAN VLANs; do not assign access ports to these VLANs. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 566: How To Configure Span And Rspan
6. end 7. show running-config 8. copy running-config startup-config DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 567: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Specifies the SPAN session and the destination port (monitoring port). destination {interface interface-id [, | -] Note For local SPAN, you must use the same session number for the source [encapsulation replicate]} and destination interfaces. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 568: Creating A Local Span Session And Configuring Incoming Traffic
Follow these steps to create a SPAN session, to specify the source ports or VLANs and the destination ports, and to enable incoming traffic on the destination port for a network security device (such as a Cisco IDS Sensor Appliance).
Page 569: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
VLAN and encapsulation. {interface interface-id [, | -] [encapsulation replicate] [ingress {dot1q vlan vlan-id | • For session_number, specify the session number entered in Step untagged vlan vlan-id | vlan vlan-id}]} Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 570: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch# copy running-config startup-config Related Topics Local SPAN, on page 474 SPAN Sessions, on page 477 SPAN Configuration Guidelines, on page 483 Example: Configuring Local SPAN, on page 501 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 571: Specifying Vlans To Filter
Example: • For interface-id, specify the source port to monitor. The interface Switch(config)# monitor session 2 source specified must already be configured as a trunk port. interface gigabitethernet1/0/2 rx Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 572: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 8 show running-config Verifies your entries. Example: Switch# show running-config Step 9 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 573: Configuring A Vlan As An Rspan Vlan
VLAN IDs 1002 through 1005 (reserved for Token Ring and FDDI VLANs). Step 4 remote-span Configures the VLAN as an RSPAN VLAN. Example: Switch(config-vlan)# remote-span Step 5 Returns to privileged EXEC mode. Example: Switch(config-vlan)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 574: Creating An Rspan Source Session
4. monitor session session_number source {interface interface-id | vlan vlan-id} [, | -] [both | rx | tx] 5. monitor session session_number destination remote vlan vlan-id 6. end 7. show running-config 8. copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 575: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• (Optional) both | rx | tx—Specifies the direction of traffic to monitor. If you do not specify a traffic direction, the source interface sends both sent and received traffic. ◦both—Monitors both received and sent traffic. ◦rx—Monitors received traffic. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 576: Specifying Vlans To Filter
RSPAN VLAN, on page 481 RSPAN Configuration Guidelines, on page 483 Specifying VLANs to Filter Follow these steps to configure the RSPAN source session to limit RSPAN source traffic to specific VLANs. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 577: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 5 monitor session session_number filter vlan Limits the SPAN source traffic to specific VLANs. vlan-id [, | -] • For session_number, enter the session number specified in step 4. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 578: Creating An Rspan Destination Session
Follow these steps to define the RSPAN VLAN on that switch, to create an RSPAN destination session, and to specify the source RSPAN VLAN and the destination port. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 579: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
RSPAN VLAN ID is propagated through the VTP network. Step 4 remote-span Identifies the VLAN as the RSPAN VLAN. Example: Switch(config-vlan)# remote-span Step 5 exit Returns to global configuration mode. Example: Switch(config-vlan)# exit Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 580: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 10 show running-config Verifies your entries. Example: Switch# show running-config Step 11 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 581: Creating An Rspan Destination Session And Configuring Incoming Traffic
• For session_number, the range is 1 to 66. • all—Removes all SPAN sessions. Example: • local—Removes all local sessions. Switch(config)# no monitor session 2 • remote—Removes all remote SPAN sessions. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 582: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
VLAN as the default VLAN. Step 6 Returns to privileged EXEC mode. Example: Switch(config)# end Step 7 show running-config Verifies your entries. Example: Switch# show running-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 583: Monitoring Span And Rspan Operations
Gigabit Ethernet port 1 to destination Gigabit Ethernet port 2, retaining the encapsulation method. Switch> enable Switch# configure terminal Switch(config)# no monitor session 1 Switch(config)# monitor session 1 source interface gigabitethernet1/0/1 Switch(config)# monitor session 1 destination interface gigabitethernet1/0/2 encapsulation replicate Switch(config)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 584: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Related Topics Creating a Local SPAN Session and Configuring Incoming Traffic, on page 486 Local SPAN, on page 474 SPAN Sessions, on page 477 SPAN Configuration Guidelines, on page 483 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 585: Examples: Creating An Rspan Vlan
Related Topics Creating an RSPAN Destination Session and Configuring Incoming Traffic, on page 499 Remote SPAN, on page 475 RSPAN VLAN, on page 481 RSPAN Configuration Guidelines, on page 483 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 586: Additional References
All supported MIBs for this release. To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 587: Feature History And Information For Span And Rspan
SPAN already been distributed to line cards. By distributing egress SPAN functionalities onto line cards, the performance of the system is improved. This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 588: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Feature History and Information for SPAN and RSPAN Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 589 P A R T Cisco Flexible NetFlow • Configuring NetFlow Lite, page 509...
Page 591: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 592: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
◦ You must associate a sampler with a monitor while attaching it to an interface. Otherwise, the command will be rejected. Use the ip flow monitor monitor_name sampler sampler_name input interface configuration command to perform this task. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 593: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• The switch supports homogeneous stacking, but does not support mixed stacking. Information About NetFlow Lite NetFlow Lite Overview NetFlow Lite uses flows to provide statistics for accounting, network monitoring, and network planning. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 594: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• match ipv6—IPv6 attributes • match transport—Transport layer fields • match wireless—Wireless fields Related Topics Creating a Flow Record, on page 520 Example: Configuring a Flow, on page 534 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 595: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• Transport field source and destination ports to identify the type of application: ICMP, IGMP, or TCP traffic. The following table describes NetFlow Lite match parameters. You must configure at least one of the following match parameters for the flow records. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 596: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
{destination-port | source-port} Specifies a match to the Transport Layer fields. The following command options are available: • destination-port—Matches to the transport destination port. • source-port—Matches to the transport source port. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 597: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
{first | last} Collects the fields for the time the first packet was seen or the time the most recent packet was last seen (in milliseconds). Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 598: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
The Version 9 export format consists of a packet header followed by one or more template flow or data flow sets. A template flow set provides a description of the fields that will be present in future data flow sets. These Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 599: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
The figure below is a detailed example of the NetFlow Version 9 export format, including the header, template flow, and data flow sets. Figure 49: Detailed Example of the NetFlow Version 9 Export Format Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 600: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
1 is analyzed using a record designed for standard traffic analysis on the input interface and a record designed for security analysis on the output interface. Figure 50: Example of Using Two Flow Monitors to Analyze the Same Traffic Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 601: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Samplers are combined with flow monitors when they are applied to an interface with the ip flow monitor command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 602: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
5 Apply the flow monitor to a Layer 2 port, Layer 3 port, or VLAN. Creating a Flow Record You can create a flow record and add keys to match on and fields to collect in the flow. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 603: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Specifies a match key. Example: Switch(config-flow-record)# match ipv4 source address Switch(config-flow-record)# match ipv4 destination address Switch(config-flow-record)# match flow direction Step 5 collect type Specifies the collection field. Example: Switch(config-flow-record)# collect counter Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 604: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(Optional) Displays information about NetFlow flow records. Example: Switch show flow record test Step 8 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 605: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
11. show flow exporter [name record-name] 12. copy running-config startup-config DETAILED STEPS Command or Action Purpose Step 1 configure terminal Enters the global configuration mode. Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 606: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(Optional) Configures the time-to-live (TTL) value for datagrams sent by the exporter. The range is from 1 to 255 seconds. The default is 255. Example: Switch(config-flow-exporter)# ttl 210 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 607: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Exporters Example: Configuring a Flow, on page 534 Creating a Flow Monitor You can create a flow monitor and associate it with a flow record and a flow exporter. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 608: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Associates a flow record with the specified flow monitor. Example: Switch(config-flow-monitor)# record test Step 6 cache { timeout {active | inactive} seconds | type normal Associates a flow cache with the specified flow monitor. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 609: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Apply the flow monitor to a Layer 2 interface, Layer 3 interface, or VLAN. Related Topics Monitors Example: Configuring a Flow, on page 534 Creating a Sampler You can create a sampler to define the NetFlow sampling rate for a flow. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 610: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• In contrast, when you attach a monitor using random sampler (for example-again, s1), only the first attachment uses a new sampler from the switch (hardware). The rest of all attachments using the same sampler s1, share the same sampler. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 611: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
2. interface type 3. {ip flow monitor | ipv6 flow monitor}name [|sampler name] { input |output } 4. end 5. show flow interface [interface-type number] 6. copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 612: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(Optional) Displays information about NetFlow on an interface. Example: Switch# show flow interface Step 6 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 613: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
VLAN for input or output packets. Example: Switch(config-vlan-config)# ip flow monitor MonitorTest input Step 5 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 614: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Specifies additional Layer 2 attributes as a key. In this example, the keys are IPv4 protocol and ToS. {destination | flow-label| protocol| source| traffic-class } | transport {destination-port | source-port} } Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 615: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Displays information about NetFlow interfaces. show flow monitor [ name exporter-name] Displays information about NetFlow flow monitors and statistics. show flow monitor statistics Displays the statistics for the flow monitor Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 616: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch(config-sampler)# mode random 1 out-of 100 Switch(config-sampler)# exit Switch(config)# flow monitor monitor1 Switch(config-flow-monitor)# cache timeout active 300 Switch(config-flow-monitor)# cache timeout inactive 120 Switch(config-flow-monitor)# record record1 Switch(config-flow-monitor)# exporter export1 Switch(config-flow-monitor)# exit Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 617: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
To help you research and resolve system error https://www.cisco.com/cgi-bin/Support/Errordecoder/ messages in this release, use the Error Message index.cgi Decoder tool. Standards and RFCs Standard/RFC Title RFC 3954 Cisco Systems NetFlow Services Export Version 9 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 618: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Feature Information for Flexible NetFlow Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 619 P A R T • Configuring QoS, page 539 • Configuring Auto-QoS, page 645...
Page 621: Configuring Qos
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 622: Qos Acl Guidelines
• If you need to modify a policy map of an existing QoS policy, first remove the policy map from all interfaces, and then modify or copy the policy map. After you finish the modification, apply the modified Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 623: General Qos Guidelines
◦ Configure ACLs, but you cannot attach them to physical interfaces. You can attach them to VLAN interfaces to filter traffic to the CPU. ◦ Enable only cos trust at interface level. ◦ Enable SRR shaping and sharing at interface level. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 624: Information About Qos
The classification is carried in the IP packet header, using 6 bits from the deprecated IP type of service (ToS) field to carry the classification (class) information. Classification can also be carried in the Layer 2 frame. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 625: Layer 2 Frame Prioritization Bits
QoS supports the use of either value because DSCP values are backward-compatible with IP precedence values. IP precedence values range from 0 to 7. DSCP values range from 0 to 63. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 626: End-To-End Qos Solution Using Classification
• Policing determines whether a packet is in or out of profile by comparing the rate of the incoming traffic to the configured policer. The policer limits the bandwidth consumed by a flow of traffic. The result is passed to the marker. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 627: Actions At Egress Port
Ingress Port Activity Egress Port Activity Configuring a QoS Policy, on page 584 Non-IP Traffic Classification The following table describes the non-IP traffic classification options for your QoS configuration. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 628: Ip Traffic Classification
You can also classify IP traffic based on IPv6 DSCP. For ports that are on the boundary between two QoS administrative domains, you can modify the DSCP to another value by using the configurable DSCP-to-DSCP-mutation map. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 629: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
CoS-to-DSCP map and by using the default CoS of the port. You can do this for both IPv4 and IPv6 traffic. After classification, the packet is sent to the policing and marking stages. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 630: Classification Flowchart
(class). You can also classify IP traffic based on IPv6 ACLs. In the QoS context, the permit and deny actions in the access control entries (ACEs) have different meanings from security ACLs: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 631: Classification Based On Class Maps And Policy Maps
When you enter the class-map command, the switch enters the class-map configuration mode. In this mode, you define the match criterion for the traffic by using the match class-map configuration command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 632: Policing And Marking Overview
• Individual—QoS applies the bandwidth limits specified in the policer separately to each matched traffic class. You configure this type of policer within a policy map by using the police policy-map class configuration command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 633: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
You configure how fast (the average rate) that the tokens are removed from the bucket by using the rate-bps option of the police policy-map class configuration command or the mls qos aggregate-policer global configuration command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 634: Mapping Tables Overview
During QoS processing, the switch represents the priority of all traffic (including non-IP traffic) with a QoS label based on the DSCP or CoS value from the classification stage. The following table describes QoS processing and mapping tables. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 635: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
All other maps apply to the entire switch. Related Topics Configuring DSCP Maps, on page 604 Queueing and Scheduling on Ingress Queues, on page 556 Queueing and Scheduling on Egress Queues Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 636: Queueing And Scheduling Overview
The following figure shows an example of WTD operating on a queue whose size is 1000 frames. Three drop percentages are configured: 40 percent (400 frames), 60 percent (600 frames), and 100 percent (1000 frames). Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 637: Srr Shaping And Sharing
Allocating Bandwidth Between the Ingress Queues, on page 616 Configuring SRR Shaped Weights on Egress Queues, on page 623 Configuring SRR Shared Weights on Egress Queues, on page 625 Shaped or Shared Mode, on page 562 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 638: Queueing And Scheduling On Ingress Queues
The following figure shows queueing and scheduling flowcharts for ingress ports on Catalyst 3750-E and 3750-X switches. Figure 58: Queueing and Scheduling Flowchart for Ingress Ports on Catalyst 3750-E and 3750-X Switches Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 639: Configurable Ingress Queue Types
Configuring the Ingress Priority Queue Mapping Tables Overview, on page 552 Configurable Ingress Queue Types The switch supports two configurable ingress queue types, which are serviced by SRR in shared mode only. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 640: Wtd Thresholds
Each threshold value is a percentage of the total number of allocated buffers for the queue. The drop threshold for threshold ID 3 is preset to the queue-full state, and you cannot modify it. Related Topics Weighted Tail Drop, on page 554 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 641: Buffer And Bandwidth Allocation
Related Topics Configuring Ingress Queue Characteristics, on page 612 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 642: Queueing And Scheduling On Egress Queues
Figure 60: Queueing and Scheduling Flowchart for Egress Ports on the Switch If the expedite queue is enabled, SRR services it until it is empty before servicing the other three queues. Note Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 643: Egress Expedite Queue
100 buffers for a queue, you can reserve 50 percent (50 buffers). The switch returns the remaining 50 buffers to the common pool. You also can enable a queue in the full condition to obtain more buffers than Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 644: Queues And Wtd Thresholds
DSCPs or CoSs into certain queues, by allocating a large queue size or by servicing the queue more frequently, and by adjusting queue thresholds so that packets with lower priorities are dropped. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 645: Packet Modification
IP precedence values in the packet are not changed. Traffic is switched in pass-through mode. The packets are switched without any rewrites and classified as best effort without any policing. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 646: Default Ingress Queue Configuration
Table 62: Default CoS Input Queue Threshold Map CoS Value Queue ID–Threshold ID 0–4 1–1 2–1 6, 7 1–1 The following table shows the default DSCP input queue threshold map when QoS is enabled. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 647: Default Egress Queue Configuration
100 percent Reserved threshold 50 percent 50 percent 50 percent 50 percent Maximum threshold 400 percent 400 percent 400 percent 400 percent SRR shaped weights (absolute) SRR shared weights Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 648: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Table 67: Default 8 Egress Queue Configuration Feature Queue 1 Queue 2 Queue 3 Queue 4 Queue 5 Queue 6 Queue 7 Queue 8 Buffer allocation 1600 drop threshold Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 649: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
The following table displays the default DSCP output queue threshold map when QoS is enabled and the 8 egress queue configuration is enabled using the mls qos srr-queue output queues 8 command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 650: Default Mapping Table Configuration
The following table shows the default CoS-to-DSCP map. If these values are not appropriate for your network, you need to modify them. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 651: Default Ip-Precedence-To-Dscp Map
QoS uses internally to represent the priority of the traffic. The following table shows the default IP-precedence-to-DSCP map. If these values are not appropriate for your network, you need to modify them. Table 71: Default IP-Precedence-to-DSCP Map IP Precedence Value DSCP Value Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 652: Default Dscp-To-Cos Map
16–23 24–31 32–39 40–47 48–55 56–63 Related Topics Default Mapping Table Configuration, on page 568 Configuring the DSCP-to-CoS Map, on page 608 Configuring the Policed-DSCP Map, on page 607 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 653: How To Configure Qos
Verifies the QoS configuration. show mls qos Example: Switch# show mls qos Step 5 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy running-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 654: Enabling Vlan-Based Qos On Physical Ports
Step 2 interface interface-id Specifies the physical port, and enter interface configuration mode. Example: Switch(config)# interface gigabitethernet 1/0/1 Step 3 mls qos vlan-based Enables VLAN-based QoS on the port. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 655: Configuring Classification Using Port Trust States
Depending on your network configuration, you must perform one or more of these tasks in this module Note or one or more of the tasks in the Configuring a QoS Policy. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 656: Configuring The Trust State On Ports Within The Qos Domain
Figure 62: Port Trusted States on Ports Within the QoS Domain SUMMARY STEPS 1. configure terminal 2. interface interface-id 3. mls qos trust [cos | dscp | ip-precedence] 4. end 5. show mls qos interface 6. copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 657: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
CoS-to-DSCP map. To return a port to its untrusted state, use the no mls qos trust interface configuration command. Step 4 Returns to privileged EXEC mode. Example: Switch(config-if)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 658: Configuring The Cos Value For An Interface
4. end 5. show mls qos interface 6. copy running-config startup-config DETAILED STEPS Command or Action Purpose Step 1 configure terminal Enters the global configuration mode. Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 659: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Verifies your entries. Example: Switch# show mls qos interface Step 6 (Optional) Saves your entries in the configuration file. copy running-config startup-config Example: Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 660: Configuring A Trusted Boundary To Ensure Port Security
Note that the trusted boundary feature is not effective if the PC and Cisco IP Phone are connected to a hub that is connected to the switch.
Page 661: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Enables CDP globally. By default, CDP is enabled. cdp run Example: Switch(config)# cdp run Step 3 interface interface-id Specifies the port connected to the Cisco IP Phone, and enters interface configuration mode. Example: Valid interfaces include physical ports. Switch(config)# interface gigabitethernet 2/1/1...
Page 662: Enabling Dscp Transparency Mode
DSCP value to select an egress queue and threshold. SUMMARY STEPS 1. configure terminal 2. mls qos 3. no mls qos rewrite ip dscp 4. end 5. show mls qos interface [interface-id] 6. copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 663: Dscp Transparency Mode
If you enter the no mls qos rewrite ip dscp global configuration command to enable DSCP transparency and then enter the mls qos trust [cos | dscp] interface configuration command, DSCP transparency is still enabled. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 664: Configuring The Dscp Trust State On A Port Bordering Another Qos Domain
2. mls qos map dscp-mutation dscp-mutation-name in-dscp to out-dscp 3. interface interface-id 4. mls qos trust dscp 5. mls qos dscp-mutation dscp-mutation-name 6. end 7. show mls qos maps dscp-mutation 8. copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 665: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
To return to the default DSCP-to-DSCP-mutation map values, Note use the no mls qos map dscp-mutation dscp-mutation-name global configuration command. Step 6 Returns to privileged EXEC mode. Example: Switch(config-if)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 666: Configuring A Qos Policy
You can classify non-IP traffic by using Layer 2 MAC ACLs. Creating an IP Standard ACL for IPv4 Traffic Before You Begin Before you perform this task, determine which access lists you will be using for your QoS configuration. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 667: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Note To delete an access list, use the no access-list access-list-number global configuration command. Step 3 Returns to privileged EXEC mode. Example: Switch(config)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 668: Creating An Ip Extended Acl For Ipv4 Traffic
Enters global configuration mode. configure terminal Example: Switch# configure terminal Step 2 access-list access-list-number {deny | Creates an IP extended ACL, repeating the command as many times as necessary. permit} protocol source Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 669: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch(config)# end Step 4 show access-lists Verifies your entries. Example: Switch# show access-lists Step 5 (Optional) Saves your entries in the configuration file. copy running-config startup-config Example: Switch# copy-running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 670: Creating An Ipv6 Acl For Ipv6 Traffic
IPv6 network or class of networks for which to [log] [log-input] [routing] [sequence set deny or permit conditions, specified in hexadecimal and using 16-bit value] [time-range name] values between colons (see RFC 2373). Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 671: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 4 Returns to privileged EXEC mode. Example: Switch(config-ipv6-acl)# end Step 5 show ipv6 access-list Verifies the access list configuration. Example: Switch# show ipv6 access-list Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 672: Creating A Layer 2 Mac Acl For Non-Ip Traffic
After entering this command, the mode changes to extended MAC ACL Example: configuration. To delete an access list, use the no mac access-list extended Switch(config)# mac access-list Note access-list-name global configuration command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 673: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
[access-list-number | Verifies your entries. access-list-name] Example: Switch# show access-lists Step 6 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy-running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 674: Classifying Traffic By Using Class Maps
| dst-MAC-addr mask} [type mask] 3. class-map [match-all | match-any] class-map-name 4. match {access-group acl-index-or-name | ip dscp dscp-list | ip precedence ip-precedence-list} 5. end 6. show class-map 7. copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 675: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• (Optional) Use the match-any keyword to perform a logical-OR of all matching statements under this class map. One or more match criteria must be matched. • For class-map-name, specify the name of the class map. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 676: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch(config-cmap)# end Step 6 Verifies your entries. show class-map Example: Switch# show class-map Step 7 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy-running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 677: Classifying Traffic By Using Class Maps And Filtering Ipv6 Traffic
If neither the match-all or match-any keyword is specified, the default is match-all. Note To delete an existing class map, use the no class-map [match-all | match-any] class-map-name global configuration command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 678: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 7 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy-running-config startup-config Related Topics Examples: Classifying Traffic by Using Class Maps, on page 632 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 679: Classifying, Policing, And Marking Traffic On Physical Ports By Using Policy Maps
• When you configure a default traffic class by using the class class-default policy-map configuration command, unclassified traffic (traffic that does not meet the match criteria specified in the traffic classes) is treated as the default traffic class (class-default). Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 680: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 3 policy-map policy-map-name Creates a policy map by entering the policy map name, and enters policy-map configuration mode. Example: By default, no policy maps are defined. Switch(config-cmap)# policy-map Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 681: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Classifies IP traffic by setting a new value in the packet. new-precedence} • For dscp new-dscp, enter a new DSCP value to be assigned to the classified traffic. The range is 0 to 63. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 682: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Only one policy map per ingress port is supported. Note To remove the policy map and port association, use the no service-policy Example: input policy-map-name interface configuration command. Switch(config-if)# service-policy Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 683: Classifying, Policing, And Marking Traffic By Using Aggregate Policers
However, you cannot use the aggregate policer across different policy maps or ports. You can configure aggregate policers only in nonhierarchical policy maps on physical ports. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 684: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
DSCP value (by using the policed-DSCP map) and to send the packet. Step 3 class-map [match-all | match-any] Creates a class map to classify traffic as necessary. class-map-name Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 685: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 9 service-policy input policy-map-name Specifies the policy-map name, and applies it to an ingress port. Only one policy map per ingress port is supported. Example: Switch(config-if)# service-policy input aggflow1 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 686: Configuring Dscp Maps
You use the CoS-to-DSCP map to map CoS values in incoming packets to a DSCP value that QoS uses internally to represent the priority of the traffic. Beginning in privileged EXEC mode, follow these steps to modify the CoS-to-DSCP map. This procedure is optional. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 687: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch# show mls qos maps cos-dscp Step 5 (Optional) Saves your entries in the configuration file. copy running-config startup-config Example: Switch# copy-running-config startup-config Related Topics Default CoS-to-DSCP Map, on page 568 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 688: Configuring The Ip-Precedence-To-Dscp Map
Step 3 Returns to privileged EXEC mode. Example: Switch(config)# end Step 4 show mls qos maps ip-prec-dscp Verifies your entries. Example: Switch# show mls qos maps ip-prec-dscp Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 689: Configuring The Policed-Dscp Map
Modifies the policed-DSCP map. • For dscp-list, enter up to eight DSCP values separated Example: by spaces. Then enter the to keyword. Switch(config)# mls qos map Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 690: Configuring The Dscp-To-Cos Map
You use the DSCP-to-CoS map to generate a CoS value, which is used to select one of the four egress queues. Beginning in privileged EXEC mode, follow these steps to modify the DSCP-to-CoS map. This procedure is optional. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 691: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Verifies your entries. Example: Switch# show mls qos maps dscp-to-cos Step 5 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy-running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 692: Configuring The Dscp-To-Dscp-Mutation Map
• For in-dscp, enter up to eight DSCP values separated by mutation1 1 2 3 4 5 6 7 to 0 spaces. Then enter the to keyword. • For out-dscp, enter a single DSCP value. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 693: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch# show mls qos maps dscp-mutation Step 8 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy-running-config startup-config Related Topics Examples: Configuring DSCP Maps, on page 637 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 694: Configuring Ingress Queue Characteristics
Beginning in privileged EXEC mode, follow these steps to map DSCP or CoS values to an ingress queue and to set WTD thresholds. This procedure is optional. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 695: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Separate each value with a space. Switch(config)# mls qos srr-queue input threshold 1 50 70 Each threshold value is a percentage of the total number of queue descriptors allocated for the queue. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 696: Allocating Buffer Space Between The Ingress Queues
The buffer and the bandwidth allocation control how much data can be buffered before packets are dropped. Beginning in privileged EXEC mode, follow these steps to allocate the buffers between the ingress queues. This procedure is optional. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 697: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Use one of the following: Verifies your entries. • show mls qos interface buffer • show mls qos input-queue Example: Switch# show mls qos interface buffer Switch# show mls qos input-queue Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 698: Allocating Bandwidth Between The Ingress Queues
2. mls qos srr-queue input bandwidth weight1 weight2 3. end 4. Use one of the following: • show mls qos interface queueing • show mls qos input-queue 5. copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 699: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(Optional) Saves your entries in the configuration file. copy running-config startup-config To return to the default setting, use the no mls qos srr-queue input Example: bandwidth global configuration command. Switch# copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 700: Configuring Egress Queue Characteristics
Each threshold value is a percentage of the queue’s allocated buffers, which you specify by using the mls qos queue-set output qset-id buffers allocation1 ... allocation4 global configuration command. The queues use WTD to support distinct drop percentages for different traffic classes. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 701: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
4 queues. Any existing egress queue configuration commands are then modified srr-queue output queues 8 to support the additional queue parameters. The option to enable 8 queues is only available on a standalone switch. Note Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 702: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This is the maximum memory the queue can have before the packets are dropped if the common pool is not empty. The range is 1 to 3200 percent. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 703: Mapping Dscp Or Cos Values To An Egress Queue And To A Threshold Id
You can prioritize traffic by placing packets with particular DSCPs or costs of service into certain queues and adjusting the queue thresholds so that packets with lower priorities are dropped. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 704: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
3 is predefined. It is set to the queue-full state. • For dscp1...dscp8, enter up to eight values, and separate each value with a space. The range is 0 to 63. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 705: Configuring Srr Shaped Weights On Egress Queues
Beginning in privileged EXEC mode, follow these steps to assign the shaped weights and to enable bandwidth shaping on the four egress queues mapped to a port. This procedure is optional. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 706: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
If you enabled 8 egress queues using the mls qos srr-queue output Note queues 8 global configuration command, then you would be able to assign SRR weights to a total of 8 queues. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 707: Configuring Srr Shared Weights On Egress Queues
Beginning in privileged EXEC mode, follow these steps to assign the shared weights and to enable bandwidth sharing on the four egress queues mapped to a port. This procedure is optional. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 708: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 4 Returns to privileged EXEC mode. Example: Switch(config-id)# end Step 5 show mls qos interface interface-id queueing Verifies your entries. Example: Switch# show mls qos interface interface_id queuing Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 709: Configuring The Egress Expedite Queue
4. priority-queue out 5. end 6. show running-config 7. copy running-config startup-config DETAILED STEPS Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 710: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
To disable the egress expedite queue, use the no priority-queue Example: out interface configuration command. Switch# copy running-config startup-config Related Topics Queueing and Scheduling on Egress Queues Examples: Configuring Egress Queue Characteristics, on page 640 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 711: Limiting The Bandwidth On An Egress Interface
By default, the port is not rate-limited and is set to 100 percent. Switch(config-if)# srr-queue Note To return to the default setting, use the no srr-queue bandwidth limit 80 bandwidth limit interface configuration command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 712: Monitoring Standard Qos
Displays QoS information at the port level, including policers | queueing | statistics] the buffer allocation, which ports have configured policers, the queueing strategy, and the ingress and egress statistics. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 713: Configuration Examples For Qos
Switch(config)# access-list 1 permit 192.5.255.0 0.0.0.255 Switch(config)# access-list 1 permit 128.88.0.0 0.0.255.255 Switch(config)# access-list 1 permit 36.0.0.0 0.0.0.255 ! (Note: all other access implicitly denied) Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 714: Examples: Classifying Traffic By Using Class Maps
103. It permits traffic from any host to any destination that matches a DSCP value of 10. Switch(config)# access-list 103 permit ip any any dscp 10 Switch(config)# class-map class1 Switch(config-cmap)# match access-group 103 Switch(config-cmap)# end Switch# Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 715: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch(config-if)# switch mode access Switch(config-if)# service-policy input pm1 Related Topics Classifying Traffic by Using Class Maps, on page 592 Classifying Traffic by Using Class Maps and Filtering IPv6 Traffic, on page 595 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 716: Examples: Classifying, Policing, And Marking Traffic On Physical Ports Using Policy Maps
Switch(config)# class-map cm-1 Switch(config-cmap)# match access-group 101 Switch(config-cmap)# exit Switch(config)# class-map cm-2 Switch(config-cmap)# match access-group name ipv6-any Switch(config-cmap)# exit Switch(config)# policy-map pm1 Switch(config-pmap)# class cm-1 Switch(config-pmap-c)# set dscp 4 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 717: Examples: Classifying, Policing, And Marking Traffic On Svis By Using Hierarchical Policy Maps
Switch(config-pmap)# exit Switch(config-pmap)# class cm-3 Switch(config-pmap-c)# service-policy port-plcmap-2 Switch(config-pmap-c)# set dscp 20 Switch(config-pmap)# exit Switch(config-pmap)# class cm-4 Switch(config-pmap-c)# trust dscp Switch(config-pmap)# exit Switch(config)# interface vlan 10 Switch(config-if)# service-policy input vlan-plcmap Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 718: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This example shows how the default traffic class is automatically placed at the end of policy-map pm3 even though class-default was configured first: Switch# show policy-map pm3 Policy Map pm3 Class cm-3 set dscp 4 Class cm-4 trust cos Class class-default Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 719: Examples: Classifying, Policing, And Marking Traffic By Using Aggregate Policers
This example shows how to modify and display the CoS-to-DSCP map: Switch(config)# mls qos map cos-dscp 10 15 20 25 30 35 40 45 Switch(config)# end Switch# show mls qos maps cos-dscp Cos-dscp map: cos: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 720: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
DSCP. The intersection of the d1 and d2 values provides the CoS value. For example, in the DSCP-to-CoS map, a DSCP value of 08 corresponds to a CoS value of 0. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 721: Examples: Configuring Ingress Queue Characteristics
In this example, the DSCP values (0 to 6) are assigned the WTD threshold of 50 percent and will be dropped sooner than the DSCP values (20 to 26) assigned to the WTD threshold of 70 percent. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 722: Examples: Configuring Egress Queue Characteristics
This example shows how to configure the weight ratio of the SRR scheduler running on an egress port. Four queues are used, and the bandwidth ratio allocated for each queue in shared mode is 1/(1+2+3+4), 2/(1+2+3+4), Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 723: Where To Go Next
Queueing and Scheduling on Egress Queues Queueing and Scheduling on Egress Queues Where to Go Next Review the auto-QoS documentation to see if you can use these automated capabilities for your QoS configuration. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 724: Additional References
Cisco EnergyWise domain members support the To locate and download MIBs for selected platforms, CISCO-ENERGYWISE-MIB. Cisco IOS releases, and feature sets, use Cisco IOS MIB Locator found at the following URL: http://www.cisco.com/go/mibs Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 725: Feature History And Information For Qos
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Feature History and Information for QoS Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 726: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Feature History and Information for QoS Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 727: Configuring Auto-Qos
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 728: Restrictions For Auto-Qos
When you enable auto-QoS, it automatically classifies traffic based on the traffic type and ingress packet label. The switch uses the classification results to choose the appropriate egress queue. You can use auto-QoS commands to identify ports connected to the following Cisco devices: • Cisco IP Phones •...
Page 729: Generated Auto-Qos Configuration
The following activities occur when you issue these auto-QoS commands on a port: • When you enter the auto qos voip cisco-phone command on a port at the network edge connected to a Cisco IP Phone, the switch enables the trusted boundary feature. If the packet does not have a DSCP value of 24, 26, or 46 or is out of profile, the switch changes the DSCP value to 0.
Page 730: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
25 percent 20 percent • When you enable auto-QoS by using the auto qos voip cisco-phone, the auto qos voip cisco-softphone, or the auto qos voip trust interface configuration command, the switch automatically generates a QoS configuration based on the traffic type and ingress packet label and applies the commands listed in Examples: Global Auto-QoS Configuration, on page 655 to the port.
Page 731: Enhanced Auto-Qos For Video, Trust, And Classification
• You can enable auto-QoS on static, dynamic-access, voice VLAN access, and trunk ports. • By default, the CDP is enabled on all ports. For auto-QoS to function properly, do not disable CDP. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 732: Auto-Qos Voip Considerations
Note switch supports only one Cisco SoftPhone application per port. • When enabling auto-QoS with a Cisco IP Phone on a routed port, you must assign a static IP address to the IP phone. • This release supports only Cisco IP SoftPhone Version 1.3(3) or later.
Page 733: How To Configure Auto-Qos
• auto qos classify [police] • auto qos trust {cos | dscp} 4. exit 5. interface interface-id 6. auto qos trust 7. end 8. show auto qos interface interface-id Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 734: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Use one of the following: Enables auto-QoS for VoIP. • auto qos voip {cisco-phone | • cisco-phone—If the port is connected to a Cisco IP Phone, the QoS cisco-softphone | trust} labels of incoming packets are trusted only when the telephone is detected.
Page 735: Enabling Auto-Qos Compact
EXEC command to display the auto-QoS configuration and the user Switch# show auto qos interface modifications. gigabitethernet 2/0/1 Enabling Auto-Qos Compact To enable auto-Qos compact, enter this command: SUMMARY STEPS 1. configure terminal 2. auto qos global compact Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 736: Troubleshooting Auto-Qos
If this is the last port on which auto-QoS is enabled and you enter the no auto qos voip command, auto-QoS is considered disabled even though the auto-QoS-generated global configuration commands remain (to avoid disrupting traffic on other ports affected by the global configuration). Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 737: Monitoring Auto-Qos
QoS settings. Configuration Examples for Auto-Qos Examples: Global Auto-QoS Configuration The following table describes the automatically generated commands for auto-QoS and enhanced auto-QoS by the switch. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 738: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
2 1 Switch(config)# mls qos srr-queue output cos-map queue 4 threshold 3 0 The switch automatically maps DSCP values to an egress queue and to a threshold ID. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 739: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
4 threshold 2 9 10 11 12 13 14 15 Switch(config)# mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 740: Examples: Auto-Qos Generated Configuration For Voip Devices
10 10 60 20 Examples: Auto-QoS Generated Configuration for VoIP Devices The following table describes the automatically generated commands for auto-QoS for VoIP devices by the switch. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 741: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
3 0 1 2 3 4 5 6 7 The switch automatically configures the egress queue buffer sizes. It configures the bandwidth and the SRR mode (shaped or shared) on the egress queues mapped to the port. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 742: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
If you entered the auto qos voip cisco-phone command, the switch automatically enables the trusted boundary feature, which uses the CDP to detect the presence or absence of a Cisco IP Phone (as shown below). Switch(config-if)# mls qos trust device cisco-phone If you entered the auto qos voip cisco-softphone command, the switch automatically creates class maps and policy maps (as shown below).
Page 743: Examples: Auto-Qos Generated Configuration For Voip Devices
Configuration Examples for Auto-Qos Examples: Auto-QoS Generated Configuration for VoIP Devices If you entered the auto qos voip cisco-phone command, the switch automatically enables the trusted boundary feature, which uses the CDP to detect the presence or absence of a Cisco IP Phone.
Page 744: Examples: Auto-Qos Generated Configuration For Enhanced Video, Trust, And Classify Devices
Switch(config-pmap-c)# set dscp af21 Switch(config-pmap)# class AUTOQOS_SCAVANGER_CLASS Switch(config-pmap-c)# set dscp cs1 Switch(config-pmap)# class AUTOQOS_SIGNALING_CLASS Switch(config-pmap-c)# set dscp cs3 Switch(config-pmap)# class AUTOQOS_DEFAULT_CLASS Switch(config-pmap-c)# set dscp default Switch(config-if)# service-policy input AUTOQOS-SRND4-CLASSIFY-POLICY Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 745: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch(config-pmap-c)# police 10000000 8000 exceed-action policed-dscp-transmit Switch(config-if)# service-policy input AUTOQOS-SRND4-CLASSIFY-POLICE-POLICY This is the enhanced configuration for the auto qos voip cisco-phone command: Switch(config)# mls qos map policed-dscp 0 10 18 24 26 46 to 8 Switch(config)# mls qos map cos-dscp 0 8 16 24 32 46 48 56...
Page 746: Auto Qos Global Compact
Switch(config)# auto qos global compact Switch(config)# interface GigabitEthernet1/2 Switch(config-if)# auto qos voip cisco-phone Switch# show auto-qos GigabitEthernet1/2 auto qos voip cisco-phone Switch# show running-config interface GigabitEthernet 1/0/2 interface GigabitEthernet1/0/2 auto qos voip cisco-phone Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 747: Where To Go Next For Auto-Qos
All supported MIBs for this release. To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 748: Feature History And Information For Auto-Qos
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Feature History and Information for Auto-QoS Release Modification Cisco IOS 15.0(2)EX This feature was introduced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 749: Routing
VIII P A R T Routing • Configuring IP Unicast Routing, page 669 • Configuring IPv6 First Hop Security, page 677...
Page 751: Finding Feature Information
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 752: Information About Ip Routing
The active switch performs these functions: • It initializes and configures the routing protocols. • It sends routing protocol messages and updates to other routers. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 753: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• It processes routing protocol messages and updates received from peer routers. • It generates, maintains, and distributes the distributed Cisco Express Forwarding (dCEF) database to all stack members. The routes are programmed on all switches in the stack bases on this database.
Page 754: Configuring Ip Unicast Routing
By default, IP routing is disabled on the switch. For detailed IP routing configuration information, see the Cisco IOS IP Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software Releases > 12.2 Mainline > Configuration Guides.
Page 755: Assigning Ip Addresses To Svis
IP address. When you use the mask to subnet a network, the mask is referred to as a subnet mask. To receive an assigned network number, contact your Internet service provider. Follow these steps to assign an IP address and a network mask to an SVI: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 756: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch# show ip interface gigabitethernet 1/0/1 Step 7 show ip interface [interface-id] Verifies your entries. Example: Switch# show ip interface gigabitethernet 1/0/1 Step 8 show running-config Verifies your entries. Example: Switch# show running-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 757: Configuring Static Unicast Routes
{address | interface} [distance] Establish a static route. Example: Switch(config)# ip route prefix mask gigabitethernet 1/0/4 Step 4 Returns to privileged EXEC mode. Example: Switch(config)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 758: Monitoring And Maintaining The Ip Network
Displays the current state of the routing table. [longer-prefixes]] Displays the current state of the routing table in summary show ip route summary form. show platform ip unicast Displays platform-dependent IP unicast information. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 759: Finding Feature Information
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 760: Prerequisites For First Hop Security In Ipv6
Layer 2 neighbor tables. IPv6 ND inspection analyzes neighbor discovery messages in order to build a trusted binding table database and IPv6 neighbor discovery messages that Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 761: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
◦ PVLAN and Source/Prefix Guard cannot be applied together. For more information on IPv6 Source Guard, see the IPv6 Source Guard chapter of the Cisco IOS IPv6 Configuration Guide Library on Cisco.com. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 762: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
For more information about DHCPv6 Relay, See the DHCPv6 Relay—Lightweight DHCPv6 Relay Agent section of the IP Addressing: DHCP Configuration Guide, Cisco IOS Release 15.1SG. Related Topics How to Configure an IPv6 Snooping Policy, on page 681 How to Attach an IPv6 Snooping Policy to an Interface, on page 683...
Page 763: How To Configure An Ipv6 Snooping Policy
Enables data address gleaning, validates messages against various criteria, [limit address-count value] | [no] | [protocol specifies the security level for messages. {dhcp | ndp} ] | [security-level {glean | guard Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 764: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch#show ipv6 snooping policy example_policy What to Do Next Attach an IPv6 Snooping policy to interfaces or VLANs. Related Topics Information about First Hop Security in IPv6, on page 678 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 765: How To Attach An Ipv6 Snooping Policy To An Interface
| exceptvlan_ids | none | remove vlan_ids | all} ] To attach the default policy to VLANs on the interface, use the ipv6 snooping vlan command. The default policy is, security-level guard, device-role node, protocol ndp and dhcp. Example: Switch(config-if)# ipv6 snooping Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 766: How To Attach An Ipv6 Snooping Policy To A Layer 2 Etherchannel Interface
| all} ] | vlan [ {vlan_ids | add vlan_ids | exceptvlan_ids | none | remove vlan_ids | all} ] 4. do show running-config interfaceportchannel_interface_name DETAILED STEPS Command or Action Purpose Step 1 configure terminal Enters the global configuration mode. Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 767: How To Configure The Ipv6 Binding Table Content
Information about First Hop Security in IPv6, on page 678 How to Configure the IPv6 Binding Table Content Beginning in privileged EXEC mode, follow these steps to configure IPv6 Binding Table Content : Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 768: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Enables the logging of binding table main events. Example: Switch(config)# ipv6 neighbor binding logging Step 5 exit Exits global configuration mode, and places the router in privileged EXEC mode. Example: Switch(config)# exit Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 769: How To Configure An Ipv6 Neighbor Discovery Inspection Policy
| validate source-mac} 12. do show ipv6 nd inspection policy policy_name DETAILED STEPS Command or Action Purpose Step 1 configure terminal Enters the global configuration mode. Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 770: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Switch(config-nd-inspection)# no validate source-mac Step 11 default {device-role | drop-unsecure | limit address-count | Restores configuration to the default values. sec-level minimum | tracking | trusted-port | validate source-mac} Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 771: How To Attach An Ipv6 Neighbor Discovery Inspection Policy To An Interface
| add vlan_ids | except vlan_ids | none | remove vlan_ids | all} to the interface or the specified VLANs on that interface. The default policy is attached if the attach-policy option is not used. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 772: How To Attach An Ipv6 Neighbor Discovery Inspection Policy To A Layer 2 Etherchannel Interface
3. ipv6 nd inspection [attach-policy policy_name [ vlan {vlan_ids | add vlan_ids | except vlan_ids | none | remove vlan_ids | all} ] | vlan [ {vlan_ids | add vlan_ids | exceptvlan_ids | none | remove vlan_ids | all} ] 4. do show running-config interfaceportchannel_interface_name Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 773: How To Attach An Ipv6 Neighbor Discovery Multicast Suppress Policy On A Device
How to Attach an IPv6 Neighbor Discovery Multicast Suppress Policy on a Device To attach an IPV6 Neighbor Discovery Multicast Suppress policy on a device, complete the following steps: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 774: How To Attach An Ipv6 Neighbor Discovery Multicast Suppress Policy On An Interface
How to Attach an IPv6 Neighbor Discovery Multicast Suppress Policy on an Interface To attach an IPv6 Neighbor Discovery Multicast Suppress policy on an interface, complete the following steps: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 775: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• ipv6 nd inspection [attach-policy policy_name [ vlan { add | except | none | remove | all} vlan [ vlan1, vlan2, vlan3...]]] Step 4 exit Exists the interface configuration mode. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 776: How To Attach An Ipv6 Neighbor Discovery Multicast Suppress Policy To A Layer
VLAN. • ipv6 nd inspection [attach-policy policy_name [ vlan { add | except | none | remove | all} vlan [ vlan1, vlan2, vlan3...]]] • vlan configuration vlan-id Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 777: How To Configure An Ipv6 Router Advertisement Guard Policy
| ra prefix-list } | other-config-flag | router-preference maximum| trusted-port} 11. do show ipv6 nd raguard policy policy_name DETAILED STEPS Command or Action Purpose Step 1 Enters the global configuration mode. configure terminal Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 778: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
On—Accepts and forwards RA messages with an O value of 1, blocks those with 0. Off—Accepts and forwards RA messages with an O value of 0, blocks those with 1. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 779: How To Attach An Ipv6 Router Advertisement Guard Policy To An Interface
How to Attach an IPv6 Router Advertisement Guard Policy to an Interface Beginning in privileged EXEC mode, follow these steps to attach an IPv6 Router Advertisement policy to an interface or to VLANs on the interface : Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 780: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Confirms that the policy is attached to the specified interface without exiting the configuration mode. Example: Switch#(config-if)# do show running-config Related Topics Information about First Hop Security in IPv6, on page 678 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 781: How To Attach An Ipv6 Router Advertisement Guard Policy To A Layer 2 Etherchannel Interface
] | vlan [ {vlan_ids | add vlan_ids | exceptvlan_ids | none | remove vlan_ids | all} ] Example: Switch(config-if-range)# ipv6 nd raguard attach-policy example_policy Switch(config-if-range)# ipv6 nd raguard attach-policy example_policy vlan 222,223,224 Switch(config-if-range)#ipv6 nd raguard vlan 222, 223,224 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 782: How To Configure An Ipv6 Dhcp Guard Policy
Switch# configure terminal Step 2 [no]ipv6 dhcp guard policy policy-name Specifies the DHCPv6 Guard policy name and enters DHCPv6 Guard Policy configuration mode. Example: Switch(config)# ipv6 dhcp guard policy example_policy Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 783: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(Optional) trusted-port—Sets the port to a trusted mode. No further policing takes place on the port. Example: Note If you configure a trusted port then the device-role option Switch(config-dhcp-guard)# trusted-port is not available. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 784: How To Attach An Ipv6 Dhcp Guard Policy To An Interface Or A Vlan On An Interface
| all} ] | vlan [ {vlan_ids | add vlan_ids | exceptvlan_ids | none | remove vlan_ids | all} ] 4. do show running-config interface Interface_type stack/module/port Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 785: How To Attach An Ipv6 Dhcp Guard Policy To A Layer 2 Etherchannel Interface
How to Attach an IPv6 DHCP Guard Policy to a Layer 2 EtherChannel Interface Beginning in privileged EXEC mode, follow these steps to attach an IPv6 DHCP Guard policy on an EtherChannel interface or VLAN: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 786: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
223,224 Step 4 do show running-config interfaceportchannel_interface_name Confirms that the policy is attached to the specified interface without exiting the configuration mode. Example: Switch#(config-if-range)# do show running-config int po11 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 787: How To Configure Ipv6 Source Guard
• permit link-local—Allows all data traffic that is sourced by a link-local address. Trusted option under source guard policy is not Note supported. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 788: How To Attach An Ipv6 Source Guard Policy To An Interface
Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Step 2 configure terminal Enters the global configuration mode. Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 789: How To Attach An Ipv6 Source Guard Policy To A Layer 2 Etherchannel Interface
4. ipv6 source-guard [attach-policy <policy_name> ] 5. show ipv6 source-guard policy policy_name DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 790: How To Configure Ipv6 Prefix Guard
SUMMARY STEPS 1. enable 2. configure terminal 3. [no] ipv6 source-guard policy source-guard-policy 4. [ no ] validate address 5. validate prefix 6. exit 7. show ipv6 source-guard policy [source-guard-policy] Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 791: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
[source-guard-policy] Displays the IPv6 source-guard policy configuration. Example: Switch # show ipv6 source-guard policy policy1 Related Topics Information about First Hop Security in IPv6, on page 678 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 792: How To Attach An Ipv6 Prefix Guard Policy To An Interface
Shows the policy configuration and all the interfaces where the policy is applied. Example: Switch(config-if)# show ipv6 source-guard policy example_policy Related Topics Information about First Hop Security in IPv6, on page 678 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 793: How To Attach An Ipv6 Prefix Guard Policy To A Layer 2 Etherchannel Interface
Related Topics Information about First Hop Security in IPv6, on page 678 Examples: How to attach an IPv6 Prefix Guard Policy to a Layer 2 EtherChannel Interface, on page 712 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 794: Configuration Examples For Ipv6 First Hop Security
Implementing IPv6 Addressing and Basic Connectivity http://www.cisco.com/en/US/docs/ ios-xml/ios/ipv6/configuration/ 15-0sy/ip6-addrg-bsc-con.html IPv6 network management and security topics IPv6 Configuration Library, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) http://www.cisco.com/en/US/docs/ ios-xml/ios/ipv6/config_library/ xe-3se/3850/ ipv6-xe-3se-3850-library.html Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 795: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 796: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Additional References Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 797 P A R T Security • Managing Switch Stacks, page 717 • Security Features Overview, page 749 • Preventing Unauthorized Access , page 753 • Controlling Switch Access with Passwords and Privilege Levels , page 755 • Configuring TACACS+, page 775 •...
Page 798 • Configuring Secure Socket Layer HTTP, page 1127 • Certification Authority Interoperability, page 1141 • Access Control List Overview, page 1161 • Configuring IPv4 Access Control Lists, page 1173 • IPv6 Access Control Lists, page 1217 • ACL Support for Filtering IP Options, page 1235 •...
Page 799: Finding Feature Information
Prerequisites for Switch Stacks All stack members must run the same Cisco IOS software image to ensure compatibility among stack members. For switch stack hardware considerations, see the Catalyst 2960-X Switch Hardware Installation Guide. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 800: Restrictions For Switch Stacks
1 to 2 seconds. • Auto-upgrade of stack can not be done when one of the switch in stack is with version Cisco IOS 15.2(3)E. This means that whenever any of the switches in the stack goes into a version mismatch, and if either master is running Cisco IOS 15.2(3)E, or if a member is running Cisco 15.2(3)E, the member...
Page 801: Encryption Features
FlexStack-Plus The stack members use the Cisco FlexStack-Plus technology to work together as a unified system. Layer 2 protocols support the entire switch stack as a single entity in the network.
Page 802: Changes To Switch Stack Membership
The operation of the switch stack continues uninterrupted during membership changes unless you remove the active switchstack master or you add powered-on standalone switches or switch stacks. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 803: Stack Member Numbers
1. When it joins a Switch stack, its default stack member number changes to the lowest available member number in the stack. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 804: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• Port-3 : Green • Port-4 : Amber • Port-5 : Green Similarly first five LEDs will glow in amber or green, depending on the switch number on all stack members. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 805: Stack Member Priority Values
MAC address. By default, the stack MAC address will be the MAC address of the first active switch, even if a new active switch takes over. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 806: Stack Masteractive And Standby Switch Election And Reelection
When the previous active switch becomes available, it does not resume its role as the active switch. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 807: Switch Stack Configuration Files
• System-level (global) configuration settings such as IP, STP, VLAN, and SNMP settings that apply to all stack members • Stack member interface-specific configuration settings that are specific for each stack member Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 808: Offline Configuration To Provision A Stack Member
You can save the provisioned configuration to the startup configuration file by entering the copy running-config startup-config privileged EXEC command. The startup configuration Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 809: Effects Of Adding A Provisioned Switch To A Switch Stack
The stack member number of the The switch stack applies the default provisioned switch is not found in configuration to the provisioned the provisioned configuration. switch and adds it to the stack. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 810: Effects Of Replacing A Provisioned Switch In A Switch Stack
The switches with the same Cisco IOS software version have the same stack protocol version. Such switches are fully compatible, and all features function properly across the switch stack. A switch with the same Cisco IOS software version as the active switchstack master can immediately join the switch stack.
Page 811: Minor Stack Protocol Version Number Incompatibility Among Stack-Capable Switches
When the auto-upgrade process is complete, the new switch reloads and joins the stack as a fully functioning member. If you have both stack cables connected during the reload, network downtime does not occur because the switch stack operates on two rings. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 812: Auto-Advise
*Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:archiving c2960x-universalk9-mz.150-2.EX.bin (4945851 bytes) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:archiving c2960x-universalk9-mz.150-2.EX/info(450 bytes) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:archiving info (104 bytes) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:examining image... *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:extracting info (104 bytes) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:extracting c2960x-universalk9-mz.150-2.EX/info(450 bytes) Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 813: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
*Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW:been determined that the stack can be *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW:repaired by issuing the following *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW:command(s): *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW: *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW: archive download-sw /force-reload /overwrite /dest 1 flash1:c2960x-universalk9-mz.150-2.EX.tar *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 814: Sdm Template Mismatch In Switch Stacks
If you download your image by using the copy tftp: boot loader command instead of the archive download-sw privileged EXEC command, the proper directory structure is not created. For more information about the info file, see the Catalyst 2960-X Switch Managing Cisco IOS Image Files Configuration Guide.
Page 815: Connectivity To The Switch Stack Through An Ip Address
You should use this feature cautiously. Using the old active switchstack master MAC address elsewhere in the same domain could result in lost traffic. Follow these steps to enable persistent MAC address: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 816: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
MAC address changes to the new active switchstack master. The stack MAC address of the previous active switchstack master is used until the configured time period expires or until you enter the no stack-mac persistent timer command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 817: Assigning A Stack Member Number
Follow these steps to assign a member number to a stack member: SUMMARY STEPS 1. enable 2. configure terminal 3. switch current-stack-member-number renumber new-stack-member-number 4. end 5. reload slot stack-member-number 6. show switch 7. copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 818: Setting The Stack Member Priority Value
Setting the Stack Member Priority Value This optional task is available only from the active switchstack master. Follow these steps to assign a priority value to a stack member: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 819: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Step 4 Returns to priviledge EXEC mode. Example: Switch(config)# end Step 5 show switch stack-member-number Verify the stack member priority value. Example: Switch(config)# show switch Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 820: Setting The Stack Port Speed To 10 Gbps
Step 2 switch stack port-speed 10 Sets the stack port speed to 10 Gbps. Example: Switch(config)# switch stack port-speed 10 Step 3 Returns to privileged EXEC mode. Example: Switch(config)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 821: Provisioning A New Member For A Switch Stack
For stack-member-number, the range is 1 to 8. Specify a stack Switch(config)# switch 3 provision WS-xxxx member number that is not already used in the switch stack. See Step 1. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 822: Removing Provisioned Switch Information
Enters global configuration mode. Example: Switch# configure terminal Step 2 no switch stack-member-number provision Removes the provisioning information for the specified member. Example: Switch(config)# no switch 3 provision Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 823: Troubleshooting The Switch Stack
If a stack port is flapping and causing instability in the stack ring, to disable the port, enter the switch stack-member-number stack port port-number disable privileged EXEC command. To reenable the port, enter the switch stack-member-number stack port port-number enable command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 824: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
When you disable a stack port and the stack is in the partial-ring state, you cannot disable the port. This message appears: Disabling stack port not allowed with current stack configuration. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 825: Reenabling A Stack Port While Another Member Starts
Displays information about HULC feature compatibility. show platform stack manager all Displays all stack manager information, such as the stack protocol version. Displays information about stack passive links. show platform stack passive-links Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 826: Configuration Examples For Switch Stacks
2 Use the switch stack-member-number priority new-priority-number global configuration command to set one stack member with a higher member priority value. 3 Restart both stack members at the same time. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 827: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Remove (or power off) the active The standby switch becomes the switchstack master. new active switch. All other stack members in the stack remain as stack members and do not reboot. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 828: Enabling The Persistent Mac Address Feature: Example
Switch(config)# switch 2 provision switch_PID Switch(config)# end Switch# show running-config | include switch 2 switch 2 provision switch_PID Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 829: Additional References For Switch Stacks
All supported MIBs for this release. To locate and download MIBs for selected platforms, Cisco IOS releases, and software images, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 830: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 831: Security Features Overview
• Port security aging to set the aging time for secure addresses on a port. • Protocol storm protection to control the rate of incoming protocol traffic to a switch by dropping packets that exceed a specified ingress rate. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 832: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
VLAN. Voice VLAN assignment is supported for one IP phone. ◦ Port security for controlling access to 802.1x ports. ◦ Voice VLAN to permit a Cisco IP Phone to access the voice VLAN regardless of the authorized or unauthorized state of the port.
Page 833: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
◦ IEEE 802.1x authentication with downloadable ACLs and redirect URLs to allow per-user ACL downloads from a Cisco Secure ACS server to an authenticated switch. ◦ Support for dynamic creation or attachment of an auth-default ACL on a port that has no configured static ACLs.
Page 834: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Security Features Overview the RADIUS CoA packets from the AAA server, such as Cisco Identity Services Engine, or Cisco Secure ACS to reinitialize authentication, and apply to the new policies. • IEEE 802.1x User Distribution to allow deployments with multiple VLANs (for a group of users) to improve scalability of the network by load balancing users across different VLANs.
Page 835: Finding Feature Information
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 836: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• You can also enable the login enhancements feature, which logs both failed and unsuccessful login attempts. Login enhancements can also be configured to block future login attempts after a set number of unsuccessful attempts are made. For more information, see the Cisco IOS Login Enhancements documentation.
Page 837: Finding Feature Information
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 838: Information About Passwords And Privilege Levels
Related Topics Protecting Enable and Enable Secret Passwords with Encryption, on page 760 Example: Protecting Enable and Enable Secret Passwords with Encryption, on page 772 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 839: Password Recovery
Configuring Username and Password Pairs, on page 765 Privilege Levels Cisco switches (and other devices) use privilege levels to provide password security for different levels of switch operation. By default, the Cisco IOS software operates in two modes (privilege levels) of password...
Page 840: How To Control Switch Access With Passwords And Privilege Levels
The enable password controls access to the privileged EXEC mode. Follow these steps to set or change a static enable password: SUMMARY STEPS 1. enable 2. configure terminal 3. enable password password 4. end 5. show running-config 6. copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 841: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Ctrl-v; you can simply enter abc?123 at the password prompt. Step 4 Returns to privileged EXEC mode. Example: Switch(config)# end Step 5 show running-config Verifies your entries. Example: Switch# show running-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 842: Protecting Enable And Enable Secret Passwords With Encryption
5. end 6. show running-config 7. copy running-config startup-config DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Example: Switch> enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 843: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Example: Encryption prevents the password from being readable in the configuration file. Switch(config)# service password-encryption Step 5 Returns to privileged EXEC mode. Example: Switch(config)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 844: Disabling Password Recovery
Xmodem protocol. SUMMARY STEPS 1. enable 2. configure terminal 3. no service password-recovery 4. end 5. show running-config 6. copy running-config startup-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 845: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This setting is saved in an area of the flash memory that is Example: accessible by the boot loader and the Cisco IOS image, but it is not part of the file system and is not accessible by any Switch(config)# no service password-recovery user.
Page 846: Setting A Telnet Password For A Terminal Line
Sets a Telnet password for the line or lines. For password, specify a string from 1 to 25 alphanumeric characters. Example: The string cannot start with a number, is case sensitive, and allows Switch(config-line)# password abcxyz543 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 847: Configuring Username And Password Pairs
Terminal Line Telnet Configuration, on page 757 Example: Setting a Telnet Password for a Terminal Line, on page 772 Configuring Username and Password Pairs Follow these steps to configure username and password pairs: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 848: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• For password, specify the password the user must enter to gain access to the Switch. The password must be from 1 to 25 characters, can contain embedded spaces, and must be the last option specified in the username command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 849: Setting The Privilege Level For A Command
Preventing Unauthorized Access, on page 753 Username and Password Pairs, on page 757 Setting the Privilege Level for a Command Follow these steps to set the privilege level for a command: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 850: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• For password, specify a string from 1 to 25 alphanumeric 14 SecretPswd14 characters. The string cannot start with a number, is case sensitive, and allows spaces but ignores leading spaces. By default, no password is defined. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 851: Changing The Default Privilege Level For Lines
4. privilege level level 5. end 6. copy running-config startup-config DETAILED STEPS Command or Action Purpose Step 1 Enables privileged EXEC mode. Enter your password if enable prompted. Example: Switch> enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 852: Logging Into And Exiting A Privilege Level
Privilege Levels, on page 757 Logging into and Exiting a Privilege Level Beginning in user EXEC mode, follow these steps to log into a specified privilege level and exit a specified privilege level. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 853: Monitoring Switch Access
This example shows how to change the enable password to l1u2c3k4y5. The password is not encrypted and provides access to level 15 (traditional privileged EXEC mode access): Switch(config)# enable password l1u2c3k4y5 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 854: Example: Protecting Enable And Enable Secret Passwords With Encryption
Switch(config)# privilege exec level 14 configure Switch(config)# enable password level 14 SecretPswd14 Related Topics Setting the Privilege Level for a Command, on page 767 Privilege Levels, on page 757 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 855: Additional References
Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 856: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Additional References Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 857: Finding Feature Information
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 858: Restrictions For Tacacs
• Use TACACS+ for privileged EXEC access authorization if authentication was performed by using TACACS+. • Use the local database if authentication was not performed by using TACACS+. Restrictions for TACACS+ TACACS+ can be enabled only through AAA commands. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 859: Information About Tacacs
Each service can be tied into its own database to take advantage of other services available on that server or on the network, depending on the capabilities of the daemon. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 860: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Information About TACACS+ The goal of TACACS+ is to provide a method for managing multiple network access points from a single management service. Your switch can be a network access server along with other Cisco routers and access servers. Figure 67: Typical TACACS+ Network Configuration TACACS+, administered through the AAA security services, can provide these services: •...
Page 861: Tacacs+ Operation
This process continues until there is successful communication with a listed method or the method list is exhausted. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 862: Tacacs Av Pairs
TACACS Authentication and Authorization AV Pairs The following table lists and describes the supported TACACS+ authentication and authorization AV pairs and specifies the Cisco IOS release in which they are implemented. Table 86: Supported TACACS+ Authentication and Authorization AV Pairs...
Page 863: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Information About TACACS+ Attribute Description 11.0 11.1 11.2 11.3 12.0 12.1 12.2 addr-pool=x Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 864: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
For example: address-pool local ip local pool boo 10.0.0.1 10.0.0.10 ip local pool moo 10.0.0.1 10.0.0.20 You can then TACACS+ to return Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 865: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Specifies an autocommand to be executed at EXEC startup (for example, autocmd=telnet example.com). Used only with service=shell. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 866: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Not valid for ISDN. callback-line The number of a TTY line to use for callback (for example: callback-line=4). Used with service=arap, service=slip, service=ppp, service=shell. Not valid for ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 867: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Multiple cmd-arg attributes can be specified, and they are order dependent. Note This T A C A C S + pair cannot be used with RADIUS attribute Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 868: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
T A C A C S + pair cannot be used with RADIUS attribute data-service Used with service=outbound protocol=ip. dial-number Defines the number to dial. Used with the service=outbound protocol=ip. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 869: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
PPP clients from the network access server during IPCP negotiation. To be used with service=ppp protocol=ip. The IP address identifying each DNS server is entered in dotted decimal format. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 870: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
L2F tunnel authentication. Used with service=ppp protocol=vpdn. idletime=x Sets a value, in minutes, after which an idle session is terminated. A value of zero indicates no timeout. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 871: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
ISDN interfaces. inacl=x ASCII identifier for an interface input access list. Used with service=ppp protocol=ip. Per-user access lists do not currently work with ISDN interfaces. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 872: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This attribute Note replaces the “interface-config=” attribute. ip-addresses Space-separated list of possible IP addresses that can be used for the end-point of a tunnel. Used with service=ppp protocol=vpdn. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 873: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
If the attribute is true (the default), the session will disconnected by the LNS. Otherwise, a interface will be cloned from the virtual-template. Used with service=ppp protocol=vpdn. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 874: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This does not ensure that sequence numbers will be sent on data packets, just how to handle them if they are received. Used with service=ppp protocol=vpdn. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 875: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Specifies the timeout number of seconds that a tunnel will stay active with no sessions before timing out and shutting down. Used with service=ppp protocol=vpdn. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 876: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
L2TP tunnel authentication. Used with service=ppp protocol=vpdn. l2tp-tunnel- Shared secret password used for L2TP tunnel authentication and AVP hiding. Used with service=ppp protocol=vpdn. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 877: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Used with service=ppp. Link compression is defined as a numeric value as follows: • 0: None • 1: Stac • 2: St a c-Draft - 9 • 3: MS-Stac Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 878: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Allows the user profile to reference information configured in a map class of the same name on the network access server that dials out. Used with the service=outbound protocol=ip. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 879: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
MLP. Used with service=ppp protocol=multilink, protocol=vpdn. nas-password Specifies the password for the network access server during the L2F tunnel authentication. Used with service=ppp protocol=vpdn. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 880: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
There is no authentication on callback. Not valid for ISDN. noescape=x Prevents user from using an escape character. Used with service=shell. Can be either true or false (for example, noescape=true). Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 881: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
TACACS+ appear identical to those of earlier systems (TACACS Extended TACACS). This allows administrators to upgrade from TACACS or Extended TACACS to TACACS+ transparently to users. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 882: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Used with service=ppp protocol=ip, and service service=ppp protocol=ipx. Per-user access lists do not currently work with ISDN interfaces. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 883: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Per-user access lists do not currently work with ISDN interfaces. pool-def#<n> Defines IP address pools on the network access server. Used with service=ppp protocol=ip. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 884: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
If it is, the pool is consulted for an IP address. Used with service=ppp protocol=ip. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 885: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
A s y n c h r o n o u s (V.110) • 5: Virtual Used with service=any protocol=aaa. ppp-vj-slot- Instructs the compression Cisco router not to use slot compression when sending VJ-compressed packets over a PPP link. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 886: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
PPP NCP. Currently known values are lcp, ip, ipx, atalk, vines, lat, xremote, tn3270, telnet, rlogin, pad, vpdn, osicp, deccp, ccp, cdp, bridging, xns, nbf, bap, multilink, unknown. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 887: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(dynamic ACLs) by using the authentication proxy feature so that users can have the configured authorization to permit traffic going through the configured interfaces. Used with service=shell protocol=exec. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 888: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Information About TACACS+ Attribute Description 11.0 11.1 11.2 11.3 12.0 12.1 12.2 route Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 889: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
The dst_address, mask, and gateway are expected to be in the usual dotted-decimal notation, with the same meanings as in the familiar ip route configuration command on a network Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 890: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
AV pair, this specifies a route to be applied to an interface, but these routes numbered, allowing multiple routes to be applied. Used with service=ppp protocol=ip, service=ppp protocol=ipx. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 891: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Used with service=ppp protocol=ip, and with service=ppp protocol=ipx. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 892: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Used with service=ppp protocol=ip, and with service=ppp protocol=ipx. sap#<n> Specifies static Service Advertising Protocol (SAP) entries to be installed for the duration of a connection. Used with service=ppp protocol=ipx. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 893: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Used with service=ppp protocol=ipx. send-auth Defines the protocol to use (PAP or CHAP) for username-password authentication following CLID authentication. Used with service=any protocol=aaa. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 894: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Current values are slip, ppp, arap, shell, tty-daemon, connection, and system. This attribute must always be included. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 895: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Used as the source IP address of all VPDN packets generated as part of a VPDN tunnel. This is equivalent to the Cisco vpdn outgoing global configuration command. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 896: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
It provides the Security Parameter Index (SPI), key, authentication algorithm, authentication mode, and replay protection timestamp range. Used with the service=mobileip protocol=ip. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 897: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
MID will be projected. This is analogous to the remote name in the vpdn outgoing command. Used with service=ppp protocol=vpdn. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 898: Tacacs Accounting Av Pairs
TACACS Accounting AV Pairs The following table lists and describes the supported TACACS+ accounting AV pairs and specifies the Cisco IOS release in which they are implemented. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 899: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
ESMTP client, or ESMTP server. bytes_in The number of input bytes transferred during this connection. bytes_out The number of output bytes transferred during this connection. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 900: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
11.2 11.3 12.0 12.1 12.2 Call-Type Describes the type of fax activity: fax receive or fax send. command the user executed. data-rate This AV pair has been renamed. nas-rx-speed. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 901: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(Disconnect Cause Extensions) for a list of Disconnect-Cause values and their meanings. disc-cause-ext Extends the disc-cause attribute to support vendor-specific reasons why a connection was taken off-line. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 902: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Information included in accounting packet that describes a state change in the router. Events described are accounting starting and accounting stopping. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 903: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Fax-Connect-Speed Indicates the modem speed at which this fax-mail was initially transmitted or received. Possible values are 1200, 4800, 9600, and 14400. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 904: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
DSN has been enabled. True indicates that DSN has been enabled; false means that DSN has not been enabled. Fax-Mdn-Address Indicates the address to which MDNs will be sent. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 905: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
PSTN time, in the form x/y. For example, 10/15 means that the transfer time took 10 seconds, and the total fax session took 15 seconds. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 906: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Fax-Reci p i e nt - Count Indicates the number of recipients for this fax transmission. Until e-mail servers support Session mode, the number should be 1. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 907: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This attribute applies to sessions that are part of a multilink bundle. This attribute is sent in aut h ent i c at i o n-response packets. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 908: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
The port the user was logged in to. Port-Used Indicates the slot/port number of the Cisco AS5300 used to either transmit or receive this fax-mail. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 909: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This attribute is sent in accounting-stop records. pre-paks-out Records the number of output packets before authentication. Pre-Output-Packets attribute is sent in accounting-stop records. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 910: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Events described are system reload, system shutdown, or when accounting is reconfigured (turned on or off). service The service the user used. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 911: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(unique) task_id numbers. timezone The time zone abbreviation for all timestamps included in this packet. xmit-rate This AV pair has been renamed. nas-tx-speed. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 912: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
1003 - Call The call Disconnect disconnected. 1004 - Calling line CLID Auth ID (CLID) Fail authentication has failed. 1009 - No Modem modem is Available available. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 913: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
1012 - No The result Modem codes could Results not be parsed. This code can appear if a disconnect occurs during the initial modem connection. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 914: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
1021 - Idle The user Timeout exited from terminal server because the idle timer expired. This code is related to immediate Telnet and raw TCP disconnects during a terminal server session. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 915: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
IP address or because the dynamic pool could not assign one. This code is related to immediate Telnet and raw TCP disconnects during a terminal server session. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 916: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code is related to immediate Telnet and raw TCP disconnects during a terminal server session. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 917: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
1028 - TS Session terminal server session has ended. This code is related to immediate Telnet and raw TCP disconnects during a terminal server session. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 918: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
1031 - TS The user Rlogin Exit exited normally from an Rlogin session. This code is related to immediate Telnet and raw TCP disconnects during a terminal server session. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 919: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
The access Insuff server has Resources insufficient resources for the terminal server session. This code is related to immediate Telnet and raw TCP disconnects during a terminal server session. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 920: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
There was LCP Fail a failure to converge on PPP negotiations. This code concerns connections. 1042 - PPP Pap Fail Password Authentication Protocol (PAP) authentication failed. This code concerns connections. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 921: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code concerns connections. PPP LCP LCP got a Close close (1046) request from the upper layer while LCP was in an open state. This code concerns connections. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 922: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code concerns connections. 1049 - PPP LCP closed because the Channels access server could not add any more channels to an MP session. This code concerns connections. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 923: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Full are full. This code relates to immediate Telnet and raw TCP disconnects contains more specific information than the Telnet and TCP codes listed earlier in this table. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 924: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code relates to immediate Telnet and raw TCP disconnects contains more specific information than the Telnet and TCP codes listed earlier in this table. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 925: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
1060 - TCP The host Reset reset the connection. The TCP stack can return this disconnect code during immediate Telnet or raw TCP session. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 926: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
1063 - TCP A foreign Foreign host closed Host Close the TCP connection. The TCP stack can return this disconnect code during immediate Telnet or raw TCP session. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 927: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
TCP session. 1066 - TCP The TCP Net Admin network Unreachable administratively unreachable. The TCP stack can return this disconnect code during immediate Telnet or raw TCP session. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 928: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Telnet or raw TCP session. 1100 - The session Session timed out Timeout because there was no activity on a PPP link. This code applies to all session types. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 929: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code applies to all session types. 1150 - Radius RADIUS Disc server requested disconnect. 1151 - The local Local administrator Admin Disc disconnected. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 930: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
1185 - The call Remote disconnected Hangup because the remote end hung up. 1190 - T1 The call Quiesced disconnected because the T1 line that carried it quiesced. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 931: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
1601 - Carrier loss VPDN Carrier occurred. Loss This code applies to VPDN sessions. 1602 - There are VPDN No Resources resources. This code applies to VPDN sessions. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 932: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Local PPP disconnect. Disconnect This code applies to VPDN sessions. 1607 - VPDN sessions Softshut/Session cannot be Limit established on the VPN tunnel. This code applies to VPDN sessions. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 933: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code applies to VPDN sessions. 1801 - Q850 number has Unassigned not been Number assigned. This code applies to ISDN or modem calls that came in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 934: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Information About TACACS+ Cause Description 11.0 11.1 11.2 11.3 12.0 12.1 12.2 12.3 Codes 1802 - Q850 No Route Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 935: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code applies to ISDN or Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 936: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Unacceptable been most recently identified is acceptable to the sending entity for use in this call. This code applies to ISDN or modem calls that came in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 937: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code applies to ISDN or modem calls that came in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 938: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
In the case of the user, the user equipment compatible with the call. This code applies to ISDN or modem calls that came in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 939: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Answer alerted but does not respond with a connect indication within a prescribed period of time. This code applies to ISDN or modem calls that came in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 940: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Information About TACACS+ Cause Description 11.0 11.1 11.2 11.3 12.0 12.1 12.2 12.3 Codes 1821 - Q850 Call Rejected Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 941: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code applies to ISDN or Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 942: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
The new called party number optionally be included in the diagnostic field. This code applies to ISDN or modem calls that came in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 943: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code applies to ISDN or modem calls that came in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 944: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Rejected supplementary service that requested by the user cannot be provided by the network. This code applies to ISDN or modem calls that have come in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 945: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
1834 - No circuit Q850 No or channel Circuit is available Available to handle the call. This code applies to ISDN or modem calls that came in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 946: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Failure functioning correctly and the condition is not likely to last a long period of time. This code applies to ISDN or modem calls that came in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 947: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Access Info that the Discarded network could not deliver access information to the remote user requested. This code applies to ISDN or modem calls that came in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 948: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
ISDN or modem calls that came in over ISDN. 1845 - The call Q850 Call Pre-empted preempted. This code applies to ISDN or modem calls that came in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 949: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
ISDN. 1850 - Not a Q850 subscribed Facility facility. This code Subscribed applies to ISDN or modem calls that came in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 950: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code applies to ISDN or modem calls that have come in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 951: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
- avai l a bl e class applies. This code applies to ISDN or modem calls that have come in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 952: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Channel that is sending Implemented this code does not support the channel type that requested. This code applies to ISDN or modem calls that have come in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 953: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code applies to ISDN or modem calls that have come in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 954: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code applies to ISDN or modem calls that have come in over ISDN. This code applies to ISDN or modem calls that have come in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 955: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code applies to ISDN or modem calls that have come in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 956: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code applies to ISDN or modem calls that have come in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 957: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code applies to ISDN or modem calls that have come in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 958: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
ISDN. 1899 - Q850 Bad information Info element not Element recognized. This code applies to ISDN or modem calls that have come in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 959: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code applies to ISDN or modem calls that have come in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 960: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Timer initiated by Expiration expiration of a timer association with error-handling procedures. This code applies to ISDN or modem calls that have come in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 961: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
This code applies to ISDN or modem calls that have come in over ISDN. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 962: Configuring Aaa Server Group Selection Based On Dnis
Configuring AAA Server Group Selection Based on DNIS Cisco software allows you to authenticate users to a particular AAA server group based on the Dialed Number Identification Service (DNIS) number of the session. Any phone line (a regular home phone or a commercial T1/PRI line) can be associated with several phone numbers.
Page 963: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
DNIS allows you to know which customer is calling when you answer. Cisco devices with either ISDN or internal modems can receive the DNIS number. This functionality allows users to assign different TACACS+ server groups for different customers (that is, different TACACS+ servers for different DNIS numbers).
Page 964: Tacacs+ Configuration Options
The user is granted access to a requested service only if the information in the user profile allows it. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 965: Tacacs+ Authentication
TACACS+ servers. TACACS+ server access is required to configure this feature. How to Configure TACACS+ Identifying the TACACS+ Server Host and Setting the Authentication Key Follow these steps to identify the TACACS+ server host and set the authentication key: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 966: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
(Optional) Defines the AAA server-group with a group name. This command puts the Switch in a server group Example: subconfiguration mode. Switch(config)# aaa group server tacacs+ your_server_group Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 967: Configuring Tacacs+ Login Authentication
Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods. For more information about the ip http authentication command, see the Cisco IOS Security Command Reference, Release 12.4. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 968: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• For method1..., specify the actual method the authentication algorithm tries. The additional methods of authentication are used only if the previous method returns an error, not if it fails. Select one of these methods: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 969: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
• For list-name, specify the list created with the aaa authentication login Switch(config-line)# login command. authentication default Step 7 Returns to privileged EXEC mode. Example: Switch(config-line)# end Step 8 show running-config Verifies your entries. Example: Switch# show running-config Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 970: Configuring Tacacs+ Authorization For Privileged Exec Access And Network Services
5. end 6. show running-config 7. copy running-config startup-config DETAILED STEPS Command or Action Purpose Step 1 Enables privileged EXEC mode. Enter your password if enable prompted. Example: Switch> enable Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 971: Starting Tacacs+ Accounting
Switch# show running-config Step 7 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Switch# copy running-config startup-config Starting TACACS+ Accounting Follow these steps to start TACACS+ Accounting: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 972: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
EXEC process and a stop-record at the end. Example: Switch(config)# aaa accounting exec start-stop tacacs+ Step 5 Returns to privileged EXEC mode. Example: Switch(config)# end Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 973: Establishing A Session With A Router If The Aaa Server Is Unreachable
The initial steps in this procedure are used to configure AAA and a server group, create a VRF routing table, and configure an interface. Steps 10 through 13 are used to configure the per VRF on a TACACS+ server feature: Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 974: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Configures a VRF table and enters VRF configuration mode. Example: Device(config)# ip vrf cisco Step 4 rd route-distinguisher Creates routing and forwarding tables for a VRF instance. Example: Device(config-vrf)# rd 100:1 Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 975: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Device(config-sg-tacacs+)# server-private 10.1.1.1 port 19 key cisco Step 12 ip vrf forwarding vrf-name Configures the VRF reference of a AAA TACACS+ server group. Example: Device(config-sg-tacacs+)# ip vrf forwarding cisco Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 976: Verifying Per Vrf For Tacacs Servers
Enables privileged EXEC mode. • Enter your password if prompted. Example: Device> enable Step 2 debug tacacs authentication Displays information about AAA/TACACS+ authentication. Example: Device# debug tacacs authentication Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 977: Monitoring Tacacs
• The aaa authentication command defines a method list, “default,” to be used on serial interfaces running PPP. The keyword default means that PPP authentication is applied by default to all interfaces. The Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 978: Example: Tacacs Accounting
The tacacs-server key command defines the shared encryption key to be “goaway.” • The interface command selects the line, and the ppp authentication command applies the default method list to this line. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 979: Example: Tacacs Authentication
The following example shows how to create the same authentication algorithm for PAP, but it calls the method list “MIS-access” instead of “default”: aaa new-model Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 980: Example: Configuring Per Vrf For Tacacs Servers
10.1.1.1 port 19 key cisco ip vrf forwarding cisco ip tacacs source-interface Loopback0 ip vrf cisco rd 100:1 interface Loopback0 ip address 10.0.0.2 255.0.0.0 ip vrf forwarding cisco Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 981: Additional References For Tacacs
Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 982: Feature Information For Tacacs
Cisco IOS 15.2(1)E configured for authentication, authorization, and accounting (AAA) on TACACS+ servers. The following commands were introduced or modified: ip tacacs source-interface, ip vrf forwarding (server-group), server-private (TACACS+). Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 983: Finding Feature Information
The RADIUS security system is a distributed client/server system that secures networks against unauthorized access. In the Cisco implementation, RADIUS clients run on Cisco devices and send authentication requests to a central RADIUS server that contains all user authentication and network service access information.
Page 984: Restrictions For Configuring Radius
PAD connections. • Switch-to-switch or router-to-router situations. RADIUS does not provide two-way authentication. RADIUS can be used to authenticate from one device to a non-Cisco device if the non-Cisco device requires authentication. • Networks using a variety of services. RADIUS generally binds a user to one service model.
Page 985: Information About Radius
Enigma’s security cards to validates users and to grant access to network resources. • Networks already using RADIUS. You can add a Cisco Switch containing a RADIUS client to the network. This might be the first step when you make a transition to a TACACS+ server. See Figure 2: Transitioning from RADIUS to TACACS+ Services below.
Page 986: Radius Operation
The additional data included with the ACCEPT or REJECT packets includes these items: • Telnet, SSH, rlogin, or privileged EXEC services • Connection parameters, including the host or client IP address, access list, and user timeouts Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 987: Default Radius Configuration
This process continues until there is successful communication with a listed authentication method or until all Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 988: Aaa Server Groups
: attribute sep value * Protocol is a value of the Cisco protocol attribute for a particular type of authorization. Attribute and value are an appropriate attributevalue (AV) pair defined in the Cisco TACACS+ specification, and sep is = for mandatory attributes and is * for optional attributes.
Page 989: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Information about RADIUS For example, the following AV pair causes Cisco’s “multiple named IP address pools” feature to be activated during IP authorization (during PPP’s Internet Protocol Control Protocol (IPCP) address assignment): cisco-avpair= ”ip:addr-pool=first“ If you insert an “*”, the AV pair “ip:addr-pool=first” becomes optional. Note that any AV pair can be made optional: cisco-avpair= ”ip:addr-pool*first“...
Page 990: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Contains the challenge sent by a network access server to an MS-CHAP user. It can be used in both Access-Request and Access-Challenge packets. ( RFC 2548 ) VPDN Attributes Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 991: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
IP header of the tunnel packet for packets entering the tunnel at the LNS. l2tp-tunnel-authen If this attribute is set, it performs L2TP tunnel authentication. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 992: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
True indicates that a cover page was generated; false means that a cover page was not generated. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 993: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
DSN has been enabled. True indicates that DSN has been enabled; false means that DSN has not been enabled. Fax-Mdn-Address Indicates the address to which MDNs will be sent. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 994: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Call-Type Describes the type of fax activity: fax receive or fax send. Port-Used Indicates the slot/port number of the Cisco AS5300 used to either transmit or receive this fax-mail. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 995: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Possible values are (h323-call-type) telephony and VoIP. Connect-Time Indicates the connection time for this call leg in (h323-connect-time) UTC. Disconnect-Time Indicates the time this call leg was disconnected in (h323-disconnect-time) UTC. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 996: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Defines the protocol to use (PAP or CHAP) for username-password authentication following CLID authentication. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 997: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Initially, it performed the functions now provided by both the send-name and remote-name attributes. Because the remote-name attribute has been added, the send-name attribute is restricted to its current behavior. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 998: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
RADIUS misconfiguration. (For example, dialing a valid phone number but connecting to the wrong device.) Miscellaneous Attributes Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 999: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Allows users to configure the downloadable user profiles (dynamic ACLs) by using the authentication proxy feature so that users can have the configured authorization to permit traffic going through the configured interfaces. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 1000: Radius Disconnect-Cause Attribute Values
Table 92: Disconnect-Cause Attribute Values Cause Code Value Description No-Reason No reason is given for the disconnect. No-Disconnect The event was not disconnected. Unknown Reason unknown. Call-Disconnect The call has been disconnected. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 1001: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Control-C detected. EXEC-Process-Destroyed EXEC process destroyed. Close-Virtual-Connection User closes a virtual connection. End-Virtual-Connection Virtual connected has ended. Exit-Rlogin User exists Rlogin. Invalid-Rlogin-Option Invalid Rlogin option selected. Insufficient-Resources Insufficient resources. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 1002: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
Telnet or raw TCP sessions. TCP-Connection-Refused TCP connection has been refused by the host. Timeout-TCP TCP connection has timed out. Foreign-Host-Close-TCP TCP connection has been closed. TCP-Network-Unreachable TCP network is unreachable. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 1003: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
VPN-Carrier-Loss Loss of carrier. This can be the result of a physical line going dead. Code is sent when a client is unable to dial out using a dialer. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 1004: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
VPN soft shutdown is enabled. Code is sent when a call has been refused due to any of the soft shutdown restrictions previously mentioned. VPN-Call-Redirect VPN call redirect is enabled. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 1005: Radius Progress Codes
Progress codes 33, 30, and 67 are generated and seen through debugs on the NAS; all other codes are Note generated and seen through debugs and the accounting record on the RADIUS server. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 1006: Vendor-Proprietary Radius Server Communication
RADIUS server, some vendors have extended the RADIUS attribute set in a unique way. Cisco IOS software supports a subset of vendor-proprietary RADIUS attributes. As mentioned earlier, to configure RADIUS (whether vendor-proprietary or IETF draft-compliant), you must specify the host running the RADIUS server daemon and the secret text string it shares with the switch.
Page 1007: Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches
UDP port number is different. The Switch software searches for hosts in the order in which you specify them. Set the timeout, retransmit, and encryption key values to use with the specific RADIUS host. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Page 1008: Configuring Settings For All Radius Servers
5. radius-server deadtime minutes 6. end 7. show running-config 8. copy running-config startup-config DETAILED STEPS Command or Action Purpose Step 1 configure terminal Enters the global configuration mode. Example: Switch# configure terminal Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)

Cisco Catalyst 2960 series Configuration Manual

Quick Links

Troubleshooting

Related Manuals for Cisco Catalyst 2960 series

Summary of Contents for Cisco Catalyst 2960 series