Transcription of Catalyst 2960 Switch Software Configuration Guide
1 Americas HeadquartersCisco Systems, West Tasman DriveSan Jose, CA 95134-1706 : 408 526-4000800 553-NETS (6387)Fax: 408 527-0883 Catalyst 2960 Switch Software Configuration GuideCisco IOS Release (37)SEMay 2007 Text Part Number: OL-8603-02 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY Software LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE.
2 IF YOU ARE UNABLE TO LOCATE THE Software LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB s public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND Software OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH , the Cisco Logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.
3 ; Changing the Way We Work, Live, Play, and Learn is a service mark ofCisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst , CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo,Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step,Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study,LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StackWise,The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc.
4 And/or its affiliates in the United States and certain othercountries. All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationshipbetween Cisco and any other company. (0704R)Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and 2960 Switch Software Configuration Guide 2006-2007 Cisco Systems, Inc. All rights reserved. iiiCatalyst 2960 Switch Software Configuration GuideOL-8603-02 CONTENTSP refacexxixAudiencexxixPurposexxixConvent ionsxxxRelated PublicationsxxxObtaining Documentation, Obtaining Support, and Security GuidelinesxxxiiCHAPTER 1 Overview1-1 Features1-1 Ease-of-Deployment and Ease-of-Use Features1-2 Performance Features1-3 Management Options1-4 Manageability Features1-4 Availability and Redundancy Features1-5 VLAN Features1-6 Security Features1-7 QoS and CoS Features1-8 Monitoring Features1-9 Default Settings After Initial Switch Configuration1-9 Network Configuration Examples1-12 Design Concepts for Using the Switch1-12 Small to Medium-Sized Network Using Catalyst 2960 Switches1-15 Long-Distance.
5 High-Bandwidth Transport Configuration1-16 Where to Go Next1-17 CHAPTER 2 Using the Command-Line Interface2-1 Understanding Command Modes2-1 Understanding the Help System2-3 Understanding Abbreviated Commands2-4 Understanding no and default Forms of Commands2-4 Understanding CLI Error Messages2-5 Using Configuration Logging2-5 ContentsivCatalyst 2960 Switch Software Configuration GuideOL-8603-02 Using Command History2-6 Changing the Command History Buffer Size2-6 Recalling Commands2-6 Disabling the Command History Feature2-7 Using Editing Features2-7 Enabling and Disabling Editing Features2-7 Editing Commands through Keystrokes2-8 Editing Command Lines that Wrap2-9 Searching and Filtering Output of show and more Commands2-10 Accessing the CLI2-10 Accessing the CLI through a Console Connection or through Telnet2-10 CHAPTER 3 Assigning the Switch IP Address and Default Gateway3-1 Understanding the Boot Process3-1 Assigning Switch Information3-2 Default Switch Information3-3 Understanding DHCP-Based Autoconfiguration3-3 DHCP Client Request Process3-4 Configuring DHCP-Based Autoconfiguration3-5 DHCP Server Configuration Guidelines3-5 Configuring the TFTP Server3-6 Configuring the DNS3-6 Configuring the Relay Device3-6 Obtaining Configuration Files3-7 Example Configuration3-8 Manually Assigning IP Information3-10 Checking and Saving the Running Configuration3-11 Modifying the Startup Configuration3-12 Default Boot Configuration3-12 Automatically Downloading a Configuration File3-12 Specifying the Filename to Read and
6 Write the System Configuration3-12 Booting Manually3-13 Booting a Specific Software Image3-14 Controlling Environment Variables3-14 Scheduling a Reload of the Software Image3-16 Configuring a Scheduled Reload3-16 Displaying Scheduled Reload Information3-17 ContentsvCatalyst 2960 Switch Software Configuration GuideOL-8603-02 CHAPTER 4 Configuring Cisco IOS CNS Agents4-1 Understanding Cisco Configuration Engine Software4-1 Configuration Service4-2 Event Service4-3 NameSpace Mapper4-3 What You Should Know About the CNS IDs and Device Hostnames4-3 ConfigID4-3 DeviceID4-4 Hostname and DeviceID4-4 Using Hostname, DeviceID, and ConfigID4-4 Understanding Cisco IOS Agents4-5 Initial Configuration4-5 Incremental (Partial) Configuration4-6 Synchronized Configuration4-6 Configuring Cisco IOS Agents4-6 Enabling Automated CNS Configuration4-6 Enabling the CNS Event Agent4-8 Enabling the Cisco IOS CNS Agent4-9 Enabling an Initial Configuration4-9 Enabling a Partial Configuration4-11 Displaying CNS Configuration4-12 CHAPTER 5 Clustering Switches5-1 Understanding Switch Clusters5-2 Cluster Command Switch Characteristics5-3 Standby Cluster Command Switch Characteristics5-3 Candidate Switch and Cluster Member Switch Characteristics5-3 Planning a Switch Cluster5-4 Automatic Discovery of Cluster Candidates and Members5-4 Discovery Through CDP Hops5-5 Discovery Through Non-CDP-Capable and Noncluster-Capable Devices5-6 Discovery Through Different VLANs5-6 Discovery Through Different
7 Management VLANs5-7 Discovery of Newly Installed Switches5-8 HSRP and Standby Cluster Command Switches5-9 Virtual IP Addresses5-10 Other Considerations for Cluster Standby Groups5-10 Automatic Recovery of Cluster Configuration5-11 ContentsviCatalyst 2960 Switch Software Configuration GuideOL-8603-02IP Addresses5-12 Hostnames5-12 Passwords5-12 SNMP Community Strings5-13 TACACS+ and RADIUS5-13 LRE Profiles 5-13 Using the CLI to Manage Switch Clusters5-13 Catalyst 1900 and Catalyst 2820 CLI Considerations5-14 Using SNMP to Manage Switch Clusters5-14 CHAPTER 6 Administering the Switch6-1 Managing the System Time and Date6-1 Understanding the System Clock 6-1 Understanding Network Time Protocol6-2 Configuring NTP6-3 Default NTP Configuration6-4 Configuring NTP Authentication6-4 Configuring NTP Associations6-5 Configuring NTP Broadcast Service6-6 Configuring NTP Access Restrictions6-8 Configuring the Source IP Address for NTP Packets6-10 Displaying the NTP Configuration6-11 Configuring Time and Date Manually6-11 Setting the System Clock6-11 Displaying the Time and Date Configuration6-12 Configuring the Time Zone 6-12 Configuring Summer Time (Daylight Saving Time)
8 6-13 Configuring a System Name and Prompt6-14 Default System Name and Prompt Configuration6-15 Configuring a System Name6-15 Understanding DNS6-15 Default DNS Configuration6-16 Setting Up DNS6-16 Displaying the DNS Configuration6-17 Creating a Banner6-17 Default Banner Configuration6-17 Configuring a Message-of-the-Day Login Banner6-18 Configuring a Login Banner6-19 ContentsviiCatalyst 2960 Switch Software Configuration GuideOL-8603-02 Managing the MAC Address Table6-19 Building the Address Table6-20 MAC Addresses and VLANs6-20 Default MAC Address Table Configuration6-21 Changing the Address Aging Time6-21 Removing Dynamic Address Entries6-22 Configuring MAC Address Notification Traps6-22 Adding and Removing Static Address Entries6-24 Configuring Unicast MAC Address Filtering6-25 Displaying Address Table Entries6-26 Managing the ARP Table6-26 CHAPTER 7 Configuring SDM Templates7-1 Understanding the SDM Templates7-1.
9 Configuring the Switch SDM Template7-2 Default SDM Template7-2 SDM Template Configuration Guidelines7-2 Setting the SDM Template7-2 Displaying the SDM Templates7-3 CHAPTER 8 Configuring Switch -Based Authentication8-1 Preventing Unauthorized Access to Your Switch8-1 Protecting Access to Privileged EXEC Commands8-2 Default Password and Privilege Level Configuration8-2 Setting or Changing a Static Enable Password8-3 Protecting Enable and Enable Secret Passwords with Encryption8-3 Disabling Password Recovery8-5 Setting a Telnet Password for a Terminal Line8-6 Configuring Username and Password Pairs8-6 Configuring Multiple Privilege Levels8-7 Setting the Privilege Level for a Command8-8 Changing the Default Privilege Level for Lines8-9 Logging into and Exiting a Privilege Level8-9 Controlling Switch Access with TACACS+8-10 Understanding TACACS+8-10 TACACS+ Operation8-12 ContentsviiiCatalyst 2960 Switch Software Configuration GuideOL-8603-02 Configuring TACACS+8-12 Default TACACS+ Configuration8-13 Identifying the TACACS+ Server Host and Setting the Authentication Key8-13 Configuring TACACS+ Login Authentication8-14 Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services8-16 Starting TACACS+ Accounting8-17 Displaying the TACACS+ Configuration8-17 Controlling Switch Access with RADIUS8-18 Understanding RADIUS8-18 RADIUS Operation8-19 Configuring RADIUS8-20 Default RADIUS Configuration8-20 Identifying the RADIUS Server Host 8-20 Configuring RADIUS Login Authentication8-23 Defining AAA Server
10 Groups8-25 Configuring RADIUS Authorization for User Privileged Access and Network Services8-27 Starting RADIUS Accounting8-28 Configuring Settings for All RADIUS Servers8-29 Configuring the Switch to Use Vendor-Specific RADIUS Attributes8-29 Configuring the Switch for Vendor-Proprietary RADIUS Server Communication8-31 Displaying the RADIUS Configuration8-31 Configuring the Switch for Local Authentication and Authorization8-32 Configuring the Switch for Secure Shell8-33 Understanding SSH8-33 SSH Servers, Integrated Clients, and Supported Versions8-33 Limitations8-34 Configuring SSH8-34 Configuration Guidelines8-34 Setting Up the Switch to Run SSH8-35 Configuring the SSH Server8-36 Displaying the SSH Configuration and Status
