Inhaltszusammenfassung zur Seite Nr. 1
Catalyst 2960 Switch
Software Configuration Guide
Cisco IOS Release 12.2(25)FX
September 2005
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Customer Order Number: DOC-7816881=
Text Part Number: 78-16881-01
Inhaltszusammenfassung zur Seite Nr. 2
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE
Inhaltszusammenfassung zur Seite Nr. 3
CONTENTS Preface xxvii Audience xxvii Purpose xxvii Conventions xxviii Related Publications xxviii Obtaining Documentation xxix Cisco.com xxix Product Documentation DVD xxx Ordering Documentation xxx Documentation Feedback xxx Cisco Product Security Overview xxxi Reporting Security Problems in Cisco Products xxxi Obtaining Technical Assistance xxxii Cisco Technical Support & Documentation Website xxxii Submitting a Service Request xxxii Definitions of Service Request Severity xxxiii Obtaining
Inhaltszusammenfassung zur Seite Nr. 4
Contents Where to Go Next 1-16 CHAPTER 2 Using the Command-Line Interface 2-1 Understanding Command Modes 2-1 Understanding the Help System 2-3 Understanding Abbreviated Commands 2-4 Understanding no and default Forms of Commands 2-4 Understanding CLI Error Messages 2-5 Using Command History 2-5 Changing the Command History Buffer Size 2-5 Recalling Commands 2-6 Disabling the Command History Feature 2-6 Using Editing Features 2-6 Enabling and Disabling Editing Features 2-7 Editing Commands thr
Inhaltszusammenfassung zur Seite Nr. 5
Contents Specifying the Filename to Read and Write the System Configuration 3-12 Booting Manually 3-13 Booting a Specific Software Image 3-13 Controlling Environment Variables 3-14 Scheduling a Reload of the Software Image 3-15 Configuring a Scheduled Reload 3-16 Displaying Scheduled Reload Information 3-17 CHAPTER 4 Configuring IE2100 CNS Agents 4-1 Understanding IE2100 Series Configuration Registrar Software 4-1 CNS Configuration Service 4-2 CNS Event Service 4-3 NameSpace Mapper 4-3 What Yo
Inhaltszusammenfassung zur Seite Nr. 6
Contents CHAPTER 6 Administering the Switch 6-1 Managing the System Time and Date 6-1 Understanding the System Clock 6-2 Understanding Network Time Protocol 6-2 Configuring NTP 6-4 Default NTP Configuration 6-4 Configuring NTP Authentication 6-5 Configuring NTP Associations 6-6 Configuring NTP Broadcast Service 6-7 Configuring NTP Access Restrictions 6-8 Configuring the Source IP Address for NTP Packets 6-10 Displaying the NTP Configuration 6-11 Configuring Time and Date Manually 6-11 Setting
Inhaltszusammenfassung zur Seite Nr. 7
Contents CHAPTER 7 Configuring SDM Templates 7-1 Understanding the SDM Templates 7-1 Configuring the Switch SDM Template 7-2 Default SDM Template 7-2 SDM Template Configuration Guidelines 7-2 Setting the SDM Template 7-2 Displaying the SDM Templates 7-3 CHAPTER 8 Configuring Switch-Based Authentication 8-1 Preventing Unauthorized Access to Your Switch 8-1 Protecting Access to Privileged EXEC Commands 8-2 Default Password and Privilege Level Configuration 8-2 Setting or Changing a Static Enable
Inhaltszusammenfassung zur Seite Nr. 8
Contents Configuring RADIUS Authorization for User Privileged Access and Network Services 8-27 Starting RADIUS Accounting 8-28 Configuring Settings for All RADIUS Servers 8-29 Configuring the Switch to Use Vendor-Specific RADIUS Attributes 8-29 Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 8-30 Displaying the RADIUS Configuration 8-31 Configuring the Switch for Local Authentication and Authorization 8-32 Configuring the Switch for Secure Shell 8-33 Understanding SS
Inhaltszusammenfassung zur Seite Nr. 9
Contents Using IEEE 802.1x with VLAN Assignment 9-8 Using IEEE 802.1x with Guest VLAN 9-10 Configuring IEEE 802.1x Authentication 9-10 Default IEEE 802.1x Configuration 9-11 IEEE 802.1x Configuration Guidelines 9-12 Configuring IEEE 802.1x Authentication 9-12 Configuring the Switch-to-RADIUS-Server Communication 9-14 Configuring Periodic Re-Authentication 9-15 Manually Re-Authenticating a Client Connected to a Port 9-15 Changing the Quiet Period 9-16 Changing the Switch-to-Client Retransmissi
Inhaltszusammenfassung zur Seite Nr. 10
Contents Configuring IEEE 802.3x Flow Control 10-14 Configuring Auto-MDIX on an Interface 10-15 Adding a Description for an Interface 10-16 Configuring the System MTU 10-16 Monitoring and Maintaining the Interfaces 10-18 Monitoring Interface Status 10-18 Clearing and Resetting Interfaces and Counters 10-19 Shutting Down and Restarting the Interface 10-19 CHAPTER 11 Configuring Smartports Macros 11-1 Understanding Smartports Macros 11-1 Configuring Smartports Macros 11-2 Default Smartports Macr
Inhaltszusammenfassung zur Seite Nr. 11
Contents Displaying VLANs 12-13 Configuring VLAN Trunks 12-14 Trunking Overview 12-14 IEEE 802.1Q Configuration Considerations 12-15 Default Layer 2 Ethernet Interface VLAN Configuration 12-16 Configuring an Ethernet Interface as a Trunk Port 12-16 Interaction with Other Features 12-16 Configuring a Trunk Port 12-17 Defining the Allowed VLANs on a Trunk 12-18 Changing the Pruning-Eligible List 12-19 Configuring the Native VLAN for Untagged Traffic 12-19 Configuring Trunk Ports for Load Sharing
Inhaltszusammenfassung zur Seite Nr. 12
Contents VTP Configuration in Global Configuration Mode 13-7 VTP Configuration in VLAN Database Configuration Mode 13-7 VTP Configuration Guidelines 13-8 Domain Names 13-8 Passwords 13-8 VTP Version 13-8 Configuration Requirements 13-9 Configuring a VTP Server 13-9 Configuring a VTP Client 13-11 Disabling VTP (VTP Transparent Mode) 13-12 Enabling VTP Version 2 13-13 Enabling VTP Pruning 13-14 Adding a VTP Client Switch to a VTP Domain 13-14 Monitoring VTP 13-16 CHAPTER 14 Configuring Voice VLA
Inhaltszusammenfassung zur Seite Nr. 13
Contents How a Switch or Port Becomes the Root Switch or Root Port 15-7 Spanning Tree and Redundant Connectivity 15-8 Spanning-Tree Address Management 15-8 Accelerated Aging to Retain Connectivity 15-8 Spanning-Tree Modes and Protocols 15-9 Supported Spanning-Tree Instances 15-9 Spanning-Tree Interoperability and Backward Compatibility 15-10 STP and IEEE 802.1Q Trunks 15-10 Configuring Spanning-Tree Features 15-10 Default Spanning-Tree Configuration 15-11 Spanning-Tree Configuration Guidelines
Inhaltszusammenfassung zur Seite Nr. 14
Contents Bridge Protocol Data Unit Format and Processing 16-9 Processing Superior BPDU Information 16-10 Processing Inferior BPDU Information 16-10 Topology Changes 16-10 Configuring MSTP Features 16-11 Default MSTP Configuration 16-11 MSTP Configuration Guidelines 16-12 Specifying the MST Region Configuration and Enabling MSTP 16-13 Configuring the Root Switch 16-14 Configuring a Secondary Root Switch 16-15 Configuring Port Priority 16-16 Configuring Path Cost 16-17 Configuring the Switch Pri
Inhaltszusammenfassung zur Seite Nr. 15
Contents Enabling EtherChannel Guard 17-14 Enabling Root Guard 17-15 Enabling Loop Guard 17-15 Displaying the Spanning-Tree Status 17-16 CHAPTER 18 Configuring Flex Links 18-1 Understanding Flex Links 18-1 Configuring Flex Links 18-2 Default Flex Link Configuration 18-2 Flex Link Configuration Guidelines 18-2 Configuring Flex Links 18-3 Monitoring Flex Links 18-3 CHAPTER 19 Configuring DHCP Features 19-1 Understanding DHCP Features 19-1 DHCP Server 19-2 DHCP Relay Agent 19-2 DHCP Snooping 19-2
Inhaltszusammenfassung zur Seite Nr. 16
Contents Configuring IGMP Snooping 20-6 Default IGMP Snooping Configuration 20-6 Enabling or Disabling IGMP Snooping 20-6 Setting the Snooping Method 20-7 Configuring a Multicast Router Port 20-8 Configuring a Host Statically to Join a Group 20-9 Enabling IGMP Immediate Leave 20-9 Configuring the IGMP Leave Timer 20-10 Configuring TCN-Related Commands 20-11 Controlling the Multicast Flooding Time After a TCN Event 20-11 Recovering from Flood Mode 20-12 Disabling Multicast Flooding During a TCN
Inhaltszusammenfassung zur Seite Nr. 17
Contents Configuring a Protected Port 21-6 Configuring Port Blocking 21-6 Default Port Blocking Configuration 21-6 Blocking Flooded Traffic on an Interface 21-7 Configuring Port Security 21-7 Understanding Port Security 21-8 Secure MAC Addresses 21-8 Security Violations 21-9 Default Port Security Configuration 21-10 Port Security Configuration Guidelines 21-10 Enabling and Configuring Port Security 21-11 Enabling and Configuring Port Security Aging 21-15 Displaying Port-Based Traffic Control S
Inhaltszusammenfassung zur Seite Nr. 18
Contents SPAN Configuration Guidelines 23-10 Creating a Local SPAN Session 23-10 Creating a Local SPAN Session and Configuring Incoming Traffic 23-13 Specifying VLANs to Filter 23-15 Configuring RSPAN 23-16 RSPAN Configuration Guidelines 23-16 Configuring a VLAN as an RSPAN VLAN 23-17 Creating an RSPAN Source Session 23-18 Creating an RSPAN Destination Session 23-19 Creating an RSPAN Destination Session and Configuring Incoming Traffic 23-20 Specifying VLANs to Filter 23-22 Displaying SPAN and
Inhaltszusammenfassung zur Seite Nr. 19
Contents Default System Message Logging Configuration 26-3 Disabling Message Logging 26-3 Setting the Message Display Destination Device 26-4 Synchronizing Log Messages 26-5 Enabling and Disabling Time Stamps on Log Messages 26-7 Enabling and Disabling Sequence Numbers in Log Messages 26-7 Defining the Message Severity Level 26-8 Limiting Syslog Messages Sent to the History Table and to SNMP 26-9 Configuring UNIX Syslog Servers 26-10 Logging Messages to a UNIX Syslog Daemon 26-11 Configuring t
Inhaltszusammenfassung zur Seite Nr. 20
Contents Configuring IPv4 ACLs 28-4 Creating Standard and Extended IPv4 ACLs 28-5 Access List Numbers 28-6 Creating a Numbered Standard ACL 28-7 Creating a Numbered Extended ACL 28-8 Resequencing ACEs in an ACL 28-12 Creating Named Standard and Extended ACLs 28-12 Using Time Ranges with ACLs 28-14 Including Comments in ACLs 28-15 Applying an IPv4 ACL to a Terminal Line 28-16 Applying an IPv4 ACL to an Interface 28-17 Hardware and Software Treatment of IP ACLs 28-17 IPv4 ACL Configuration Examp