-
Catalyst 2918 Switch Software Configuration GuideCisco IOS
Release 15.0(2)SE and LaterJanuary 2013
Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan
Jose, CA 95134-1706 USAhttp://www.cisco.comTel: 408 526-4000
800 553-NETS (6387)Fax: 408 527-0883
Text Part Number: OL-27298-02
http://www.cisco.com
-
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN
THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE
ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION
OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING
PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU
ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an
adaptation of a program developed by the University of California,
Berkeley (UCB) as part of UCB’s public domain version of the UNIX
operating system. All rights reserved. Copyright © 1981, Regents of
the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES
AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL
FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL
WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION,
THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR
TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY
INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING
OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR
ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
Any Internet Protocol (IP) addresses used in this document are
not intended to be actual addresses. Any examples, command display
output, and figures included in the document are shown for
illustrative purposes only. Any use of actual IP addresses in
illustrative content is unintentional and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks
of Cisco and/or its affiliates in the U.S. and other countries. To
view a list of Cisco trademarks, go to this URL:
www.cisco.com/go/trademarks. Third-party trademarks mentioned are
the property of their respective owners. The use of the word
partner does not imply a partnership relationship between Cisco and
any other company. (1110R)
Catalyst 2918 Switch Software Configuration Guide
©2009-2013 Cisco Systems, Inc. All rights reserved.
http://www.cisco.com/go/trademarks
-
OL-27298-02
C O N T E N T S
Preface xxvii
Audience xxvii
Purpose xxvii
Conventions xxvii
Related Publications xxviii
Obtaining Documentation, Obtaining Support, and Security
Guidelines xxix
C H A P T E R 1 Overview 1-1
Features 1-1Ease-of-Deployment and Ease-of-Use Features
1-1Performance Features 1-2Management Options 1-3Manageability
Features 1-4Availability and Redundancy Features 1-5VLAN Features
1-6Security Features 1-6QoS and CoS Features 1-7Monitoring Features
1-7
Default Settings After Initial Switch Configuration 1-8
Network Configuration Examples 1-10Design Concepts for Using the
Switch 1-10Small to Medium-Sized Network Using Catalyst 2918
Switches 1-13
Where to Go Next 1-14
C H A P T E R 2 Using the Command-Line Interface 2-1
Understanding Command Modes 2-1
Understanding the Help System 2-3
Understanding Abbreviated Commands 2-3
Understanding no and default Forms of Commands 2-4
Understanding CLI Error Messages 2-4
Using Configuration Logging 2-5
Using Command History 2-5Changing the Command History Buffer
Size 2-5
iiiCatalyst 2918 Switch Software Configuration Guide
-
Contents
Recalling Commands 2-6Disabling the Command History Feature
2-6
Using Editing Features 2-6Enabling and Disabling Editing
Features 2-6Editing Commands through Keystrokes 2-7Editing Command
Lines that Wrap 2-8
Searching and Filtering Output of show and more Commands 2-9
Accessing the CLI 2-9Accessing the CLI through a Console
Connection or through Telnet 2-9
C H A P T E R 3 Assigning the Switch IP Address and Default
Gateway 3-1
Understanding the Boot Process 3-1
Assigning Switch Information 3-2Default Switch Information
3-3Understanding DHCP-Based Autoconfiguration 3-3
DHCP Client Request Process 3-4Understanding DHCP-based
Autoconfiguration and Image Update 3-5
DHCP Autoconfiguration 3-5DHCP Auto-Image Update 3-5Limitations
and Restrictions 3-5
Configuring DHCP-Based Autoconfiguration 3-6DHCP Server
Configuration Guidelines 3-6Configuring the TFTP Server
3-7Configuring the DNS 3-7Configuring the Relay Device 3-7Obtaining
Configuration Files 3-8Example Configuration 3-9
Configuring the DHCP Auto Configuration and Image Update
Features 3-11Configuring DHCP Autoconfiguration (Only Configuration
File) 3-11Configuring DHCP Auto-Image Update (Configuration File
and Image) 3-12Configuring the Client 3-13
Manually Assigning IP Information 3-14
Checking and Saving the Running Configuration 3-14
Modifying the Startup Configuration 3-15Default Boot
Configuration 3-16Automatically Downloading a Configuration File
3-16Specifying the Filename to Read and Write the System
Configuration 3-16Booting Manually 3-17Booting a Specific Software
Image 3-18
ivCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
Controlling Environment Variables 3-18
Scheduling a Reload of the Software Image 3-20Configuring a
Scheduled Reload 3-20Displaying Scheduled Reload Information
3-21
C H A P T E R 4 Configuring Cisco IOS CNS Agents 4-1
Understanding Cisco Configuration Engine Software
4-1Configuration Service 4-2Event Service 4-3
NameSpace Mapper 4-3What You Should Know About the CNS IDs and
Device Hostnames 4-3
ConfigID 4-3DeviceID 4-4Hostname and DeviceID 4-4Using Hostname,
DeviceID, and ConfigID 4-4
Understanding Cisco IOS Agents 4-5Initial Configuration
4-5Incremental (Partial) Configuration 4-6Synchronized
Configuration 4-6
Configuring Cisco IOS Agents 4-6Enabling Automated CNS
Configuration 4-6Enabling the CNS Event Agent 4-8Enabling the Cisco
IOS CNS Agent 4-9
Enabling an Initial Configuration 4-9Enabling a Partial
Configuration 4-11
Displaying CNS Configuration 4-12
C H A P T E R 5 Clustering Switches 5-1
Understanding Switch Clusters 5-1Cluster Command Switch
Characteristics 5-2Standby Cluster Command Switch Characteristics
5-3Candidate Switch and Cluster Member Switch Characteristics
5-3
Planning a Switch Cluster 5-4Automatic Discovery of Cluster
Candidates and Members 5-4
Discovery Through CDP Hops 5-4Discovery Through Non-CDP-Capable
and Noncluster-Capable Devices 5-5Discovery Through Different VLANs
5-6Discovery Through Different Management VLANs 5-7Discovery of
Newly Installed Switches 5-8
vCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
HSRP and Standby Cluster Command Switches 5-9Virtual IP
Addresses 5-10Other Considerations for Cluster Standby Groups
5-10Automatic Recovery of Cluster Configuration 5-11
IP Addresses 5-12Hostnames 5-12Passwords 5-12SNMP Community
Strings 5-13TACACS+ and RADIUS 5-13LRE Profiles 5-13
Using the CLI to Manage Switch Clusters 5-13Catalyst 1900 and
Catalyst 2820 CLI Considerations 5-14
Using SNMP to Manage Switch Clusters 5-14
C H A P T E R 6 Configuring SDM Templates 6-1
Understanding the SDM Templates 6-1
Configuring the Switch SDM Template 6-2
Displaying the SDM Templates 6-2
C H A P T E R 7 Administering the Switch 7-1
Managing the System Time and Date 7-1Understanding the System
Clock 7-1Understanding Network Time Protocol 7-2NTP Version 4
7-3Configuring Time and Date Manually 7-4
Setting the System Clock 7-4Displaying the Time and Date
Configuration 7-4Configuring the Time Zone 7-5Configuring Summer
Time (Daylight Saving Time) 7-6
Configuring a System Name and Prompt 7-7Default System Name and
Prompt Configuration 7-8Configuring a System Name 7-8Understanding
DNS 7-8
Default DNS Configuration 7-9Setting Up DNS 7-9Displaying the
DNS Configuration 7-10
Creating a Banner 7-10Default Banner Configuration
7-10Configuring a Message-of-the-Day Login Banner 7-11
viCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
Configuring a Login Banner 7-12
Managing the MAC Address Table 7-12Building the Address Table
7-13MAC Addresses and VLANs 7-13Default MAC Address Table
Configuration 7-13Changing the Address Aging Time 7-14Removing
Dynamic Address Entries 7-14Configuring MAC Address Notification
Traps 7-15Adding and Removing Static Address Entries
7-16Configuring Unicast MAC Address Filtering 7-17Displaying
Address Table Entries 7-19
Managing the ARP Table 7-19
C H A P T E R 8 Configuring Switch-Based Authentication 8-1
Preventing Unauthorized Access to Your Switch 8-1
Protecting Access to Privileged EXEC Commands 8-2Default
Password and Privilege Level Configuration 8-2Setting or Changing a
Static Enable Password 8-3Protecting Enable and Enable Secret
Passwords with Encryption 8-3Disabling Password Recovery 8-5Setting
a Telnet Password for a Terminal Line 8-6Configuring Username and
Password Pairs 8-6Configuring Multiple Privilege Levels 8-7
Setting the Privilege Level for a Command 8-8Changing the
Default Privilege Level for Lines 8-9Logging into and Exiting a
Privilege Level 8-9
Controlling Switch Access with TACACS+ 8-10Understanding TACACS+
8-10TACACS+ Operation 8-12Configuring TACACS+ 8-12
Default TACACS+ Configuration 8-13Identifying the TACACS+ Server
Host and Setting the Authentication Key 8-13Configuring TACACS+
Login Authentication 8-14Configuring TACACS+ Authorization for
Privileged EXEC Access and Network Services 8-16Starting TACACS+
Accounting 8-17
Displaying the TACACS+ Configuration 8-17
Controlling Switch Access with RADIUS 8-17Understanding RADIUS
8-18RADIUS Operation 8-19
viiCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
Configuring RADIUS 8-20Default RADIUS Configuration
8-20Identifying the RADIUS Server Host 8-20Configuring RADIUS Login
Authentication 8-23Defining AAA Server Groups 8-25Configuring
RADIUS Authorization for User Privileged Access and Network
Services 8-27Starting RADIUS Accounting 8-28Configuring Settings
for All RADIUS Servers 8-29Configuring the Switch to Use
Vendor-Specific RADIUS Attributes 8-29Configuring the Switch for
Vendor-Proprietary RADIUS Server Communication 8-31
Displaying the RADIUS Configuration 8-31
Configuring the Switch for Local Authentication and
Authorization 8-32
Configuring the Switch for Secure Shell 8-33Understanding SSH
8-33
SSH Servers, Integrated Clients, and Supported Versions
8-33Limitations 8-34
Configuring SSH 8-34Configuration Guidelines 8-34Setting Up the
Switch to Run SSH 8-35Configuring the SSH Server 8-36
Displaying the SSH Configuration and Status 8-36
Configuring the Switch for Secure Socket Layer HTTP
8-37Understanding Secure HTTP Servers and Clients 8-37
Certificate Authority Trustpoints 8-37CipherSuites 8-39
Configuring Secure HTTP Servers and Clients 8-39Default SSL
Configuration 8-39SSL Configuration Guidelines 8-40Configuring a CA
Trustpoint 8-40Configuring the Secure HTTP Server 8-41Configuring
the Secure HTTP Client 8-42
Displaying Secure HTTP Server and Client Status 8-43
Configuring the Switch for Secure Copy Protocol 8-43Information
About Secure Copy 8-44
C H A P T E R 9 Configuring IEEE 802.1x Port-Based
Authentication 9-1
Understanding IEEE 802.1x Port-Based Authentication 9-1Device
Roles 9-2Authentication Process 9-3
viiiCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
Authentication Initiation and Message Exchange 9-5Ports in
Authorized and Unauthorized States 9-6IEEE 802.1x Host Mode 9-7IEEE
802.1x Accounting 9-8IEEE 802.1x Accounting Attribute-Value Pairs
9-8Using IEEE 802.1x Authentication with VLAN Assignment 9-9Using
IEEE 802.1x Authentication with Guest VLAN 9-10Using IEEE 802.1x
Authentication with Restricted VLAN 9-11Using IEEE 802.1x
Authentication with Voice VLAN Ports 9-12Using IEEE 802.1x
Authentication with Port Security 9-13Using IEEE 802.1x
Authentication with Wake-on-LAN 9-13Using IEEE 802.1x
Authentication with MAC Authentication Bypass 9-13Common Session ID
9-14
Configuring IEEE 802.1x Authentication 9-15Default IEEE 802.1x
Authentication Configuration 9-16IEEE 802.1x Authentication
Configuration Guidelines 9-17
IEEE 802.1x Authentication 9-17VLAN Assignment and Guest VLAN
9-18MAC Authentication Bypass 9-18
Upgrading from a Previous Software Release 9-19Configuring IEEE
802.1x Authentication 9-19Configuring the Switch-to-RADIUS-Server
Communication 9-21Configuring the Host Mode 9-22Configuring
Periodic Re-Authentication 9-23Manually Re-Authenticating a Client
Connected to a Port 9-24Changing the Quiet Period 9-24Changing the
Switch-to-Client Retransmission Time 9-24Setting the
Switch-to-Client Frame-Retransmission Number 9-25Setting the
Re-Authentication Number 9-26Configuring IEEE 802.1x Accounting
9-27Configuring a Guest VLAN 9-28Configuring a Restricted VLAN
9-29Configuring 802.1x Authentication with Wake-on-LAN
9-30Configuring MAC Authentication Bypass 9-31Disabling IEEE 802.1x
Authentication on the Port 9-31Resetting the IEEE 802.1x
Authentication Configuration to the Default Values 9-32
Displaying IEEE 802.1x Statistics and Status 9-32
ixCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
C H A P T E R 10 Configuring Interface Characteristics 10-1
Understanding Interface Types 10-1Port-Based VLANs 10-1Switch
Ports 10-2
Access Ports 10-2Trunk Ports 10-3
Connecting Interfaces 10-3
Using Interface Configuration Mode 10-4Procedures for
Configuring Interfaces 10-5Configuring a Range of Interfaces
10-5Configuring and Using Interface Range Macros 10-7
Configuring Ethernet Interfaces 10-9Default Ethernet Interface
Configuration 10-9Setting the Type of a Dual-Purpose Uplink Port
10-10Configuring Interface Speed and Duplex Mode 10-11
Speed and Duplex Configuration Guidelines 10-11Setting the
Interface Speed and Duplex Parameters 10-12
Configuring IEEE 802.3x Flow Control 10-13Configuring Auto-MDIX
on an Interface 10-14Adding a Description for an Interface
10-15
Configuring the System MTU 10-16
Monitoring and Maintaining the Interfaces 10-17Monitoring
Interface Status 10-18Clearing and Resetting Interfaces and
Counters 10-18Shutting Down and Restarting the Interface 10-19
C H A P T E R 11 Configuring VLANs 11-1
Understanding VLANs 11-1Supported VLANs 11-2VLAN Port Membership
Modes 11-3
Configuring Normal-Range VLANs 11-4Token Ring VLANs
11-5Normal-Range VLAN Configuration Guidelines 11-5Saving VLAN
Configuration 11-6Default Ethernet VLAN Configuration 11-6Creating
or Modifying an Ethernet VLAN 11-7Deleting a VLAN 11-8Assigning
Static-Access Ports to a VLAN 11-9
xCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
Configuring Extended-Range VLANs 11-9Default VLAN Configuration
11-10Extended-Range VLAN Configuration Guidelines 11-10Creating an
Extended-Range VLAN 11-11
Displaying VLANs 11-12
Configuring VLAN Trunks 11-12Trunking Overview 11-12
IEEE 802.1Q Configuration Considerations 11-13Default Layer 2
Ethernet Interface VLAN Configuration 11-14Configuring an Ethernet
Interface as a Trunk Port 11-14
Interaction with Other Features 11-14Configuring a Trunk Port
11-15Defining the Allowed VLANs on a Trunk 11-16Changing the
Pruning-Eligible List 11-17Configuring the Native VLAN for Untagged
Traffic 11-17
Configuring Trunk Ports for Load Sharing 11-18Load Sharing Using
STP Port Priorities 11-18Load Sharing Using STP Path Cost 11-20
Configuring VMPS 11-21Understanding VMPS 11-22
Dynamic-Access Port VLAN Membership 11-22Default VMPS Client
Configuration 11-23VMPS Configuration Guidelines 11-23Configuring
the VMPS Client 11-24
Entering the IP Address of the VMPS 11-24Configuring
Dynamic-Access Ports on VMPS Clients 11-24Reconfirming VLAN
Memberships 11-25Changing the Reconfirmation Interval 11-25Changing
the Retry Count 11-26
Monitoring the VMPS 11-26Troubleshooting Dynamic-Access Port
VLAN Membership 11-27VMPS Configuration Example 11-27
C H A P T E R 12 Configuring VTP 12-1
Understanding VTP 12-1The VTP Domain 12-2VTP Modes 12-3VTP
Advertisements 12-3VTP Version 2 12-4
xiCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
VTP Pruning 12-4
Configuring VTP 12-6Default VTP Configuration 12-6VTP
Configuration Guidelines 12-7
Domain Names 12-7Passwords 12-7VTP Version 12-8Configuration
Requirements 12-8
Configuring a VTP Server 12-8Configuring a VTP Client
12-9Disabling VTP (VTP Transparent Mode) 12-10Enabling VTP Version
2 12-11Enabling VTP Pruning 12-12Adding a VTP Client Switch to a
VTP Domain 12-12
Monitoring VTP 12-14
C H A P T E R 13 Configuring Voice VLAN 13-1
Understanding Voice VLAN 13-1Cisco IP Phone Voice Traffic
13-2Cisco IP Phone Data Traffic 13-2
Configuring Voice VLAN 13-3Default Voice VLAN Configuration
13-3Voice VLAN Configuration Guidelines 13-3Configuring a Port
Connected to a Cisco 7960 IP Phone 13-4
Configuring Cisco IP Phone Voice Traffic 13-5
Displaying Voice VLAN 13-6
C H A P T E R 14 Configuring STP 14-1
Understanding Spanning-Tree Features 14-1STP Overview
14-2Spanning-Tree Topology and BPDUs 14-2Bridge ID, Switch
Priority, and Extended System ID 14-3Spanning-Tree Interface States
14-4
Blocking State 14-5Listening State 14-6Learning State
14-6Forwarding State 14-6Disabled State 14-6
How a Switch or Port Becomes the Root Switch or Root Port
14-7
xiiCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
Spanning Tree and Redundant Connectivity 14-7Spanning-Tree
Address Management 14-8Accelerated Aging to Retain Connectivity
14-8Spanning-Tree Modes and Protocols 14-9Supported Spanning-Tree
Instances 14-9Spanning-Tree Interoperability and Backward
Compatibility 14-10STP and IEEE 802.1Q Trunks 14-10
Configuring Spanning-Tree Features 14-10Default Spanning-Tree
Configuration 14-11Spanning-Tree Configuration Guidelines
14-12Changing the Spanning-Tree Mode. 14-13Disabling Spanning Tree
14-14Configuring the Root Switch 14-14Configuring a Secondary Root
Switch 14-16Configuring Port Priority 14-16Configuring Path Cost
14-18Configuring the Switch Priority of a VLAN 14-19Configuring
Spanning-Tree Timers 14-20
Configuring the Hello Time 14-20Configuring the Forwarding-Delay
Time for a VLAN 14-21Configuring the Maximum-Aging Time for a VLAN
14-21Configuring the Transmit Hold-Count 14-22
Displaying the Spanning-Tree Status 14-22
C H A P T E R 15 Configuring MSTP 15-1
Understanding MSTP 15-2Multiple Spanning-Tree Regions 15-2IST,
CIST, and CST 15-2
Operations Within an MST Region 15-3Operations Between MST
Regions 15-3IEEE 802.1s Terminology 15-5
Hop Count 15-5Boundary Ports 15-6IEEE 802.1s Implementation
15-6
Port Role Naming Change 15-6Interoperation Between Legacy and
Standard Switches 15-7Detecting Unidirectional Link Failure
15-7
Interoperability with IEEE 802.1D STP 15-8
Understanding RSTP 15-8
xiiiCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
Port Roles and the Active Topology 15-9Rapid Convergence
15-9Synchronization of Port Roles 15-11Bridge Protocol Data Unit
Format and Processing 15-12
Processing Superior BPDU Information 15-12Processing Inferior
BPDU Information 15-13
Topology Changes 15-13
Configuring MSTP Features 15-13Default MSTP Configuration
15-14MSTP Configuration Guidelines 15-14Specifying the MST Region
Configuration and Enabling MSTP 15-15Configuring the Root Switch
15-17Configuring a Secondary Root Switch 15-18Configuring Port
Priority 15-19Configuring Path Cost 15-20Configuring the Switch
Priority 15-21Configuring the Hello Time 15-22Configuring the
Forwarding-Delay Time 15-23Configuring the Maximum-Aging Time
15-23Configuring the Maximum-Hop Count 15-24Specifying the Link
Type to Ensure Rapid Transitions 15-24Designating the Neighbor Type
15-25Restarting the Protocol Migration Process 15-25
Displaying the MST Configuration and Status 15-26
C H A P T E R 16 Configuring Optional Spanning-Tree Features
16-1
Understanding Optional Spanning-Tree Features 16-1Understanding
Port Fast 16-2Understanding BPDU Guard 16-2Understanding BPDU
Filtering 16-3Understanding UplinkFast 16-3Understanding
BackboneFast 16-5Understanding EtherChannel Guard 16-7Understanding
Root Guard 16-8Understanding Loop Guard 16-9
Configuring Optional Spanning-Tree Features 16-9Default Optional
Spanning-Tree Configuration 16-9Optional Spanning-Tree
Configuration Guidelines 16-10Enabling Port Fast 16-10
xivCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
Enabling BPDU Guard 16-11Enabling BPDU Filtering 16-12Enabling
UplinkFast for Use with Redundant Links 16-13Enabling BackboneFast
16-13Enabling EtherChannel Guard 16-14Enabling Root Guard
16-15Enabling Loop Guard 16-15
Displaying the Spanning-Tree Status 16-16
C H A P T E R 17 Configuring DHCP Features and IP Source Guard
Features 17-1
Understanding DHCP Snooping 17-1DHCP Server 17-2DHCP Relay Agent
17-2DHCP Snooping 17-2Option-82 Data Insertion 17-3DHCP Snooping
Binding Database 17-6
Configuring DHCP Snooping 17-7Default DHCP Snooping
Configuration 17-8DHCP Snooping Configuration Guidelines
17-8Configuring the DHCP Relay Agent 17-9Enabling DHCP Snooping and
Option 82 17-10Enabling the DHCP Snooping Binding Database Agent
17-11
Displaying DHCP Snooping Information 17-12
Understanding DHCP Server Port-Based Address Allocation
17-13
Configuring DHCP Server Port-Based Address Allocation
17-14Default Port-Based Address Allocation Configuration
17-14Port-Based Address Allocation Configuration Guidelines
17-14Enabling DHCP Server Port-Based Address Allocation 17-15
Displaying DHCP Server Port-Based Address Allocation 17-17
C H A P T E R 18 Configuring IGMP Snooping 18-1
Understanding IGMP Snooping 18-1IGMP Versions 18-2Joining a
Multicast Group 18-3Leaving a Multicast Group 18-4Immediate Leave
18-5IGMP Configurable-Leave Timer 18-5IGMP Report Suppression
18-5
xvCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
Configuring IGMP Snooping 18-6Default IGMP Snooping
Configuration 18-6Enabling or Disabling IGMP Snooping 18-6Setting
the Snooping Method 18-7Configuring a Multicast Router Port
18-8Configuring a Host Statically to Join a Group 18-9Enabling IGMP
Immediate Leave 18-9Configuring the IGMP Leave Timer
18-10Configuring TCN-Related Commands 18-11
Controlling the Multicast Flooding Time After a TCN Event
18-11Recovering from Flood Mode 18-12Disabling Multicast Flooding
During a TCN Event 18-12
Configuring the IGMP Snooping Querier 18-13Disabling IGMP Report
Suppression 18-14
Displaying IGMP Snooping Information 18-15
Configuring IGMP Filtering and Throttling 18-16Default IGMP
Filtering and Throttling Configuration 18-17Configuring IGMP
Profiles 18-17Applying IGMP Profiles 18-18Setting the Maximum
Number of IGMP Groups 18-19Configuring the IGMP Throttling Action
18-19
Displaying IGMP Filtering and Throttling Configuration 18-21
C H A P T E R 19 Configuring IPv6 MLD Snooping 19-1
Understanding MLD Snooping 19-1MLD Messages 19-2MLD Queries
19-2Multicast Client Aging Robustness 19-3Multicast Router
Discovery 19-3MLD Reports 19-3MLD Done Messages and Immediate-Leave
19-4Topology Change Notification Processing 19-4
Configuring IPv6 MLD Snooping 19-4Default MLD Snooping
Configuration 19-5MLD Snooping Configuration Guidelines
19-5Enabling or Disabling MLD Snooping 19-6Configuring a Static
Multicast Group 19-7Configuring a Multicast Router Port
19-7Enabling MLD Immediate Leave 19-8
xviCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
Configuring MLD Snooping Queries 19-9Disabling MLD Listener
Message Suppression 19-10
Displaying MLD Snooping Information 19-11
C H A P T E R 20 Configuring Port-Based Traffic Control 20-1
Configuring Storm Control 20-1Understanding Storm Control
20-1Default Storm Control Configuration 20-3Configuring Storm
Control and Threshold Levels 20-3Configuring Small-Frame Arrival
Rate 20-5
Configuring Protected Ports 20-6Default Protected Port
Configuration 20-6Protected Port Configuration Guidelines
20-6Configuring a Protected Port 20-7
Configuring Port Blocking 20-7Default Port Blocking
Configuration 20-7Blocking Flooded Traffic on an Interface 20-7
Configuring Port Security 20-8Understanding Port Security
20-8
Secure MAC Addresses 20-9Security Violations 20-9
Default Port Security Configuration 20-11Port Security
Configuration Guidelines 20-11Enabling and Configuring Port
Security 20-12Enabling and Configuring Port Security Aging
20-16
Configuring Protocol Storm Protection 20-17Understanding
Protocol Storm Protection 20-17Default Protocol Storm Protection
Configuration 20-18Enabling Protocol Storm Protection 20-18
Displaying Port-Based Traffic Control Settings 20-19
C H A P T E R 21 Configuring CDP 21-1
Understanding CDP 21-1
Configuring CDP 21-2Default CDP Configuration 21-2Configuring
the CDP Characteristics 21-2Disabling and Enabling CDP
21-3Disabling and Enabling CDP on an Interface 21-4
xviiCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
Monitoring and Maintaining CDP 21-5
C H A P T E R 22 Configuring LLDP and LLDP-MED 22-1
Understanding LLDP and LLDP-MED 22-1LLDP 22-1LLDP-MED 22-2
Configuring LLDP and LLDP-MED 22-3Default LLDP Configuration
22-3Configuration Guidelines 22-3Enabling LLDP 22-4Configuring LLDP
Characteristics 22-4Configuring LLDP-MED TLVs 22-5Configuring
Network-Policy TLV 22-6
Monitoring and Maintaining LLDP and LLDP-MED 22-8
C H A P T E R 23 Configuring UDLD 23-1
Understanding UDLD 23-1Modes of Operation 23-1Methods to Detect
Unidirectional Links 23-2
Configuring UDLD 23-3Default UDLD Configuration
23-4Configuration Guidelines 23-4Enabling UDLD Globally
23-4Enabling UDLD on an Interface 23-5Resetting an Interface
Disabled by UDLD 23-5
Displaying UDLD Status 23-6
C H A P T E R 24 Configuring SPAN 24-1
Understanding SPAN 24-1Local SPAN 24-2SPAN Concepts and
Terminology 24-2
SPAN Sessions 24-2Monitored Traffic 24-3Source Ports 24-4Source
VLANs 24-4VLAN Filtering 24-5Destination Port 24-5
SPAN Interaction with Other Features 24-6
xviiiCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
Configuring SPAN 24-7Default SPAN Configuration 24-7Configuring
Local SPAN 24-7
SPAN Configuration Guidelines 24-7Creating a Local SPAN Session
24-8Creating a Local SPAN Session and Configuring Incoming Traffic
24-10Specifying VLANs to Filter 24-12
Displaying SPAN Status 24-13
C H A P T E R 25 Configuring RMON 25-1
Understanding RMON 25-1
Configuring RMON 25-2Default RMON Configuration 25-3Configuring
RMON Alarms and Events 25-3Collecting Group History Statistics on
an Interface 25-5Collecting Group Ethernet Statistics on an
Interface 25-5
Displaying RMON Status 25-6
C H A P T E R 26 Configuring System Message Logging 26-1
Understanding System Message Logging 26-1
Configuring System Message Logging 26-2System Log Message Format
26-2Default System Message Logging Configuration 26-3Disabling
Message Logging 26-3Setting the Message Display Destination Device
26-4Synchronizing Log Messages 26-5Enabling and Disabling Time
Stamps on Log Messages 26-7Enabling and Disabling Sequence Numbers
in Log Messages 26-7Defining the Message Severity Level
26-8Limiting Syslog Messages Sent to the History Table and to SNMP
26-9Enabling the Configuration-Change Logger 26-10Configuring UNIX
Syslog Servers 26-11
Logging Messages to a UNIX Syslog Daemon 26-11Configuring the
UNIX System Logging Facility 26-12
Displaying the Logging Configuration 26-13
C H A P T E R 27 Configuring SNMP 27-1
Understanding SNMP 27-1
xixCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
SNMP Versions 27-2SNMP Manager Functions 27-3SNMP Agent
Functions 27-4SNMP Community Strings 27-4Using SNMP to Access MIB
Variables 27-4SNMP Notifications 27-5SNMP ifIndex MIB Object Values
27-5
Configuring SNMP 27-6Default SNMP Configuration 27-6SNMP
Configuration Guidelines 27-7Disabling the SNMP Agent
27-7Configuring Community Strings 27-8Configuring SNMP Groups and
Users 27-9Configuring SNMP Notifications 27-11Setting the Agent
Contact and Location Information 27-15Limiting TFTP Servers Used
Through SNMP 27-15SNMP Examples 27-16
Displaying SNMP Status 27-17
C H A P T E R 28 Configuring Network Security with ACLs 28-1
Understanding ACLs 28-1ACL Overview 28-2Handling Fragmented and
Unfragmented Traffic 28-3
Configuring IPv4 ACLs 28-4Creating Standard and Extended IPv4
ACLs 28-4
Access List Numbers 28-5Creating a Numbered Standard ACL
28-6Creating a Numbered Extended ACL 28-7Resequencing ACEs in an
ACL 28-11Creating Named Standard and Extended ACLs 28-11Using Time
Ranges with ACLs 28-13Including Comments in ACLs 28-14
Applying an IPv4 ACL to a Terminal Line 28-15Applying an IPv4
ACL to a VLAN Interface 28-15Hardware and Software Treatment of IP
ACLs 28-16Troubleshooting ACLs 28-17IPv4 ACL Configuration Examples
28-17
Numbered ACLs 28-18Extended ACLs 28-18
xxCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
Named ACLs 28-18Time Range Applied to an IP ACL 28-19Commented
IP ACL Entries 28-19
Displaying IPv4 ACL Configuration 28-20
C H A P T E R 29 Configuring QoS 29-1
Understanding QoS 29-1Basic QoS Model 29-3Classification
29-3Queueing Overview 29-4
Weighted Tail Drop 29-4Queueing on Ingress Queues 29-4Queueing
on Egress Queues 29-5
Packet Modification 29-6
Configuring Standard QoS 29-6Default Standard QoS Configuration
29-7
Default Ingress Queue Configuration 29-7Default Egress Queue
Configuration 29-7
General QoS Guidelines 29-8Enabling QoS Globally 29-8Configuring
Classification Using Port Trust States 29-9
Configuring the Trust State on Ports within the QoS Domain
29-9Configuring the CoS Value for an Interface 29-10Enabling DSCP
Transparency Mode 29-11
Configuring Ingress Queue Characteristics 29-12Mapping CoS
Values to an Ingress Queue 29-12Configuring the Ingress Priority
Queue 29-13
Configuring Egress Queue Characteristics 29-14Configuration
Guidelines 29-14Mapping CoS Values to an Egress Queue and to a
Threshold ID 29-14Configuring the Egress Expedite Queue 29-15
Displaying Standard QoS Information 29-16
C H A P T E R 30 Configuring EtherChannels 30-1
Understanding EtherChannels 30-1EtherChannel Overview
30-2Port-Channel Interfaces 30-3Port Aggregation Protocol 30-4
PAgP Modes 30-4
xxiCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
PAgP Interaction with Other Features 30-5Link Aggregation
Control Protocol 30-5
LACP Modes 30-5LACP Interaction with Other Features 30-6
EtherChannel On Mode 30-6Load Balancing and Forwarding Methods
30-6
Configuring EtherChannels 30-8Default EtherChannel Configuration
30-9EtherChannel Configuration Guidelines 30-9Configuring Layer 2
EtherChannels 30-10Configuring EtherChannel Load Balancing
30-12Configuring the PAgP Learn Method and Priority
30-13Configuring LACP Hot-Standby Ports 30-14
Configuring the LACP System Priority 30-15Configuring the LACP
Port Priority 30-15
Displaying EtherChannel, PAgP, and LACP Status 30-16
C H A P T E R 31 Troubleshooting 31-1
Recovering from a Software Failure 31-2
Recovering from a Lost or Forgotten Password 31-3Procedure with
Password Recovery Enabled 31-4Procedure with Password Recovery
Disabled 31-6
Recovering from a Command Switch Failure 31-7Replacing a Failed
Command Switch with a Cluster Member 31-8Replacing a Failed Command
Switch with Another Switch 31-9
Recovering from Lost Cluster Member Connectivity 31-11
Preventing Autonegotiation Mismatches 31-11
SFP Module Security and Identification 31-11
Monitoring SFP Module Status 31-12
Using Ping 31-12Understanding Ping 31-12Executing Ping 31-13
Using Layer 2 Traceroute 31-13Understanding Layer 2 Traceroute
31-14Usage Guidelines 31-14Displaying the Physical Path 31-15
Using IP Traceroute 31-15Understanding IP Traceroute 31-15
xxiiCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
Executing IP Traceroute 31-16
Using TDR 31-17Understanding TDR 31-17Running TDR and Displaying
the Results 31-17
Using Debug Commands 31-17Enabling Debugging on a Specific
Feature 31-18Enabling All-System Diagnostics 31-18Redirecting Debug
and Error Message Output 31-19
Using the show platform forward Command 31-19
Using the crashinfo Files 31-21Basic crashinfo Files
31-21Extended crashinfo Files 31-21
Memory Consistency Check Routines 31-22Displaying TCAM Memory
Consistency Check Errors 31-22
Troubleshooting Tables 31-23Troubleshooting CPU Utilization
31-23
Possible Symptoms of High CPU Utilization 31-23Verifying the
Problem and Cause 31-23
A P P E N D I X A Working with the Cisco IOS File System,
Configuration Files, and Software Images A-1
Working with the Flash File System A-1Displaying Available File
Systems A-2Setting the Default File System A-3Displaying
Information about Files on a File System A-3Changing Directories
and Displaying the Working Directory A-3Creating and Removing
Directories A-4Copying Files A-4Deleting Files A-5Creating,
Displaying, and Extracting tar Files A-5
Creating a tar File A-6Displaying the Contents of a tar File
A-6Extracting a tar File A-7
Displaying the Contents of a File A-7
Working with Configuration Files A-8Guidelines for Creating and
Using Configuration Files A-8Configuration File Types and Location
A-9Creating a Configuration File By Using a Text Editor A-9Copying
Configuration Files By Using TFTP A-10
Preparing to Download or Upload a Configuration File By Using
TFTP A-10
xxiiiCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
Downloading the Configuration File By Using TFTP A-11Uploading
the Configuration File By Using TFTP A-11
Copying Configuration Files By Using FTP A-12Preparing to
Download or Upload a Configuration File By Using FTP
A-12Downloading a Configuration File By Using FTP A-13Uploading a
Configuration File By Using FTP A-14
Copying Configuration Files By Using RCP A-15Preparing to
Download or Upload a Configuration File By Using RCP
A-16Downloading a Configuration File By Using RCP A-16Uploading a
Configuration File By Using RCP A-17
Clearing Configuration Information A-18Clearing the Startup
Configuration File A-18Deleting a Stored Configuration File
A-18
Working with Software Images A-19Image Location on the Switch
A-19tar File Format of Images on a Server or Cisco.com A-20Copying
Image Files By Using TFTP A-21
Preparing to Download or Upload an Image File By Using TFTP
A-21Downloading an Image File By Using TFTP A-22Uploading an Image
File By Using TFTP A-23
Copying Image Files By Using FTP A-24Preparing to Download or
Upload an Image File By Using FTP A-24Downloading an Image File By
Using FTP A-25Uploading an Image File By Using FTP A-27
Copying Image Files By Using RCP A-28Preparing to Download or
Upload an Image File By Using RCP A-28Downloading an Image File By
Using RCP A-29Uploading an Image File By Using RCP A-31
A P P E N D I X B Unsupported Commands in Cisco IOS Release
15.0(2)SE B-1
Access Control Lists B-1Unsupported Privileged EXEC Commands
B-1Unsupported Global Configuration Commands B-1Unsupported
Route-Map Configuration Commands B-1
Boot Loader Commands B-2Unsupported Global Configuration
Commands B-2
Debug Commands B-2Unsupported Privileged EXEC Commands B-2
Embedded Syslog Manager B-2
xxivCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
Unsupported Global Configuration Commands B-2Unsupported
Privileged EXEC Commands B-2
IEEE 802.1x Commands B-2Unsupported Privileged EXEC Command
B-2Unsupported Global Configuration Command B-2
IGMP Snooping Commands B-3Unsupported Global Configuration
Commands B-3
Interface Commands B-3Unsupported Privileged EXEC Commands
B-3Unsupported Global Configuration Commands B-3Unsupported
Interface Configuration Commands B-3
MAC Address Commands B-3Unsupported Privileged EXEC Commands
B-3Unsupported Global Configuration Commands B-4
Miscellaneous B-4Unsupported Privileged EXEC Commands
B-4Unsupported Global Configuration Commands B-4
Network Address Translation (NAT) Commands B-4Unsupported
Privileged EXEC Commands B-4
QoS B-4Unsupported Global Configuration Command B-4Unsupported
Interface Configuration Commands B-5Unsupported Policy-Map
Configuration Command B-5
RADIUS B-5Unsupported Global Configuration Commands B-5
SNMP B-5Unsupported Global Configuration Commands B-5
Spanning Tree B-5Unsupported Global Configuration Command
B-5Unsupported Interface Configuration Command B-6
VLAN B-6Unsupported Global Configuration Command B-6Unsupported
vlan-config Command B-6Unsupported User EXEC Commands B-6
VTP B-6Unsupported Privileged EXEC Commands B-6
I N D E X
xxvCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Contents
xxviCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Preface
AudienceThis guide is for the networking professional managing
the Catalyst 2918 switch, hereafter referred to as the switch.
Before using this guide, you should have experience working with
the Cisco IOS software and be familiar with the concepts and
terminology of Ethernet and local area networking.
PurposeThis guide provides the information that you need to
configure Cisco IOS software features on your switch. The Catalyst
2918 software provides enterprise-class intelligent services.
This guide provides procedures for using the commands that have
been created or changed for use with the Catalyst 2918 switch. It
does not provide detailed information about these commands. For
detailed information about these commands, see the Catalyst 2918
Switch Command Reference for this release. For information about
the standard Cisco IOS Release 15.0 commands, see the Cisco IOS
documentation set available from Cisco.com.
This guide does not provide detailed information on the
graphical user interfaces (GUIs) for the embedded device manager
that you can use to manage the switch. However, the concepts in
this guide are applicable to the GUI user. For information about
the device manager, see the switch online help. This guide does not
describe system messages you might encounter or how to install your
switch. For more information, see the Catalyst 2918 Switch System
Message Guide for this release and the Catalyst 2918 Switch
Hardware Installation Guide.
For documentation updates, see the release notes for this
release.
ConventionsThis publication uses these conventions to convey
instructions and information:
Command descriptions use these conventions:
• Commands and keywords are in boldface text.
• Arguments for which you supply values are in italic.
• Square brackets ([ ]) mean optional elements.
xxviiCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Preface
• Braces ({ }) group required choices, and vertical bars ( | )
separate the alternative elements.
• Braces and vertical bars within square brackets ([{ | }]) mean
a required choice within an optional element.
Interactive examples use these conventions:
• Terminal sessions and system displays are in screen font.
• Information you enter is in boldface screen font.
• Nonprinting characters, such as passwords or tabs, are in
angle brackets (< >).
Notes, cautions, and timesavers use these conventions and
symbols:
Note Means reader take note. Notes contain helpful suggestions
or references to materials not contained in this manual.
Caution Means reader be careful. In this situation, you might do
something that could result in equipment damage or loss of
data.
Related PublicationsThese documents provide complete information
about the switch and are available from this Cisco.com site:
http://www.cisco.com/web/CN/products/products_netsol/switches/products/ca2928/index.html
• Release Notes for the Catalyst 2918 Switch
Note Before installing, configuring, or upgrading the switch,
refer to the release notes on Cisco.com for the latest
information.
• Catalyst 2918 Switch Software Configuration Guide
• Catalyst 2918 Switch Command Reference
• Catalyst 2918 Switch System Message Guide
• Auto Smartports Configuration Guide
• Catalyst 2918 Switch Getting Started Guide
• Catalyst 2918 Switch Hardware Installation Guide
• Regulatory Compliance and Safety Information for the Catalyst
2918 Switch
• Cisco Small Form-Factor Pluggable Modules Installation
Notes
xxviiiCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
http://www.cisco.com/web/CN/products/products_netsol/switches/products/ca2928/index.htmlhttp://www.cisco.com/web/CN/products/products_netsol/switches/products/ca2928/index.html
-
Preface
Obtaining Documentation, Obtaining Support, and Security
Guidelines
For information on obtaining documentation, submitting a service
request, and gathering additional information, see the monthly
What’s New in Cisco Product Documentation, which also lists all new
and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a
Really Simple Syndication (RSS) feed and set content to be
delivered directly to your desktop using a reader application. The
RSS feeds are a free service and Cisco currently supports RSS
version 2.0.
xxixCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
-
Preface
xxxCatalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
OL-27298-02
C H A P T E R 1
Overview
This chapter provides these topics about the Catalyst 2918
switch software:
• Features, page 1-1
• Default Settings After Initial Switch Configuration, page
1-8
• Network Configuration Examples, page 1-10
• Where to Go Next, page 1-14
In this document, unless otherwise indicated, IP refers to IP
Version 4 (IPv4).
FeaturesSome features described in this chapter are available
only on the cryptographic (supports encryption) version of the
software. You must obtain authorization to use this feature and to
download the cryptographic version of the software from Cisco.com.
For more information, see the release notes for this release.
• Ease-of-Deployment and Ease-of-Use Features, page 1-1
• Performance Features, page 1-2
• Management Options, page 1-3
• Manageability Features, page 1-4 (includes a feature requiring
the cryptographic version of the software)
• Availability and Redundancy Features, page 1-5
• VLAN Features, page 1-6
• Security Features, page 1-6 (includes a feature requiring the
cryptographic version of the software)
• QoS and CoS Features, page 1-7
• Monitoring Features, page 1-7
Ease-of-Deployment and Ease-of-Use Features• Express Setup for
quickly configuring a switch for the first time with basic IP
information, contact
information, switch and Telnet passwords, and Simple Network
Management Protocol (SNMP) information through a browser-based
program. For more information about Express Setup, see the getting
started guide.
1-1Catalyst 2918 Switch Software Configuration Guide
-
Chapter 1 OverviewFeatures
• User-defined and Cisco-default Smartports macros for creating
custom switch configurations for simplified deployment across the
network.
• Auto Smartports
– Cisco-default and user-defined macros for dynamic port
configuration based on the device type detected on the port.
– Enhancements to add support for global macros, last-resort
macros, event trigger control, access points, EtherChannels,
auto-QoS with Cisco Medianet, and IP phones.
– Auto Smartports enhancement to enable auto-QoS on a
CDP-capable Cisco digital media player.
• An embedded device manager GUI for configuring and monitoring
a single switch through a web browser. For information about
launching the device manager, see the getting started guide. For
more information about the device manager, see the switch online
help.
• Switch clustering technology for
– Unified configuration, monitoring, authentication, and
software upgrade of multiple, cluster-capable switches, regardless
of their geographic proximity and interconnection media, including
Ethernet, Fast Ethernet, Fast EtherChannel, small form-factor
pluggable (SFP) modules, Gigabit Ethernet, and Gigabit EtherChannel
connections. For a list of cluster-capable switches, see the
release notes.
– Automatic discovery of candidate switches and creation of
clusters of up to 16 switches that can be managed through a single
IP address.
– Extended discovery of cluster candidates that are not directly
connected to the command switch.
• Smart Install to allow a single point of management (director)
in a network. You can use Smart Install to provide zero touch image
and configuration upgrade of newly deployed switches and image and
configuration downloads for any client switches. For more
information, see the Cisco Smart Install Configuration Guide.
• Smart Install enhancements in Cisco IOS Release 12.2(55)SE
supporting client backup files, zero-touch replacement for clients
with the same product-ID, automatic generation of the image list
file, configurable file repository, hostname changes, transparent
connection of the director to client, and USB storage for image and
seed configuration.
Performance Features• Autosensing of port speed and
autonegotiation of duplex mode on all switch ports for
optimizing
bandwidth
• Automatic-medium-dependent interface crossover (auto-MDIX)
capability on 10/100 and 10/100/1000 Mb/s interfaces and on
10/100/1000 BASE-TX SFP module interfaces that enables the
interface to automatically detect the required cable connection
type (straight-through or crossover) and to configure the
connection appropriately
• Support for up to 9000 bytes for frames that are bridged in
hardware, and up to 2000 bytes for frames that are bridged by
software
• IEEE 802.3x flow control on all ports (the switch does not
send pause frames)
• EtherChannel for enhanced fault tolerance and for providing up
to 8 Gb/s (Gigabit EtherChannel) or 800 Mb/s (Fast EtherChannel)
full-duplex bandwidth among switches, routers, and servers
• Port Aggregation Protocol (PAgP) and Link Aggregation Control
Protocol (LACP) for automatic creation of EtherChannel links
1-2Catalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Chapter 1 OverviewFeatures
• Forwarding of Layer 2 packets at Gigabit line rate
• Per-port storm control for preventing broadcast, multicast,
and unicast storms
• Port blocking on forwarding unknown Layer 2 unknown unicast,
multicast, and bridged broadcast traffic
• Protocol storm protection to control the rate of incoming
protocol traffic to a switch by dropping packets that exceed a
specified ingress rate
• Internet Group Management Protocol (IGMP) snooping for IGMP
Versions 1, 2, and 3 for efficiently forwarding multimedia and
multicast traffic
• IGMP report suppression for sending only one IGMP report per
multicast router query to the multicast devices (supported only for
IGMPv1 or IGMPv2 queries)
• IGMP snooping querier support to configure switch to generate
periodic IGMP general query messages
• IGMP filtering for controlling the set of multicast groups to
which hosts on a switch port can belong
• IGMP throttling for configuring the action when the maximum
number of entries is in the IGMP forwarding table
• IGMP leave timer for configuring the leave latency for the
network
• Support for Multicast Listener Discovery (MLD) snooping on LAN
Lite images with the dual-ipv4-ipv6 template. This enables
efficient distribution of IPv6 multicast data to clients and
routers in a switched network
• Switch Database Management (SDM) templates for allocating
system resources to maximize support for user-selected features
• Configurable small-frame arrival threshold to prevent storm
control when small frames (64 bytes or less) arrive on an interface
at a specified rate (the threshold)
• Memory consistency check routines to detect and correct
invalid ternary content addressable memory (TCAM) table
entries.
Management Options• An embedded device manager—The device
manager is a GUI that is integrated in the software
image. You use it to configure and to monitor a single switch.
For information about launching the device manager, see the getting
started guide. For more information about the device manager, see
the switch online help.
• CLI—The Cisco IOS software supports desktop- and
multilayer-switching features. You can access the CLI either by
connecting your management station directly to the switch console
port or by using Telnet from a remote management station. For more
information about the CLI, see Chapter 2, “Using the Command-Line
Interface.”
• SNMP—SNMP management applications such as CiscoWorks2000 LAN
Management Suite (LMS) and HP OpenView. You can manage from an
SNMP-compatible management station that is running platforms such
as HP OpenView or SunNet Manager. The switch supports a
comprehensive set of MIB extensions and four remote monitoring
(RMON) groups. For more information about using SNMP, see Chapter
27, “Configuring SNMP.”
1-3Catalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Chapter 1 OverviewFeatures
• Cisco IOS Configuration Engine (previously known to as the
Cisco IOS CNS agent)-—Configuration service automates the
deployment and management of network devices and services. You can
automate initial configurations and configuration updates by
generating switch-specific configuration changes, sending them to
the switch, executing the configuration change, and logging the
results.
For more information about CNS, see Chapter 4, “Configuring
Cisco IOS CNS Agents.”
Manageability Features• CNS embedded agents for automating
switch management, configuration storage, and delivery
• DHCP for automating configuration of switch information (such
as IP address, default gateway, hostname, and Domain Name System
[DNS] and TFTP server names)
• DHCP relay for forwarding User Datagram Protocol (UDP)
broadcasts, including IP address requests, from DHCP clients
• DHCP server for automatic assignment of IP addresses and other
DHCP options to IP hosts
• DHCP-based autoconfiguration and image update to download a
specified configuration a new image to a large number of
switches
• Directed unicast requests to a DNS server for identifying a
switch through its IP address and its corresponding hostname and to
a TFTP server for administering software upgrades from a TFTP
server
• Address Resolution Protocol (ARP) for identifying a switch
through its IP address and its corresponding MAC address
• Unicast MAC address filtering to drop packets with specific
source or destination MAC addresses
• Cisco Discovery Protocol (CDP) Versions 1 and 2 for network
topology discovery and mapping between the switch and other Cisco
devices on the network
• Link Layer Discovery Protocol (LLDP) for interoperability with
third-party IP phones
• Support for the LLDP-MED location TLV that provides location
information from the switch to the endpoint device
• CDP and LLDP enhancements for exchanging location information
with video end points for dynamic location-based content
distribution from servers
• Network Time Protocol (NTP) version 4 for NTP time
synchronization for both IPv4 and IPv6
• Network Time Protocol version 4 (NTPv4) to support both IPv4
and IPv6 and compatibility with NTPv3
• Cisco IOS File System (IFS) for providing a single interface
to all file systems that the switch uses
• Configuration logging to log and to view changes to the switch
configuration
• Unique device identifier to provide product identification
information through a show inventory user EXEC command display
• In-band management access through the device manager over a
Netscape Navigator or Microsoft Internet Explorer browser
session
• In-band management access for up to 16 simultaneous Telnet
connections for multiple CLI-based sessions over the network
1-4Catalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Chapter 1 OverviewFeatures
• In-band management access for up to five simultaneous,
encrypted Secure Shell (SSH) connections for multiple CLI-based
sessions over the network (requires the cryptographic version of
the software)
• Support for SSH over both IPv4 and IPv6
• In-band management access through SNMP Versions 1, 2c, and 3
get and set requests
• Out-of-band management access through the switch console port
to a directly attached terminal or to a remote terminal through a
serial connection or a modem
• Secure Copy Protocol (SCP) feature to provide a secure and
authenticated method for copying switch configuration or switch
image files (requires the cryptographic version of the
software)
• DHCP Snooping enhancement to support the selection of a fixed
string-based format for the circuit-id sub-option of the Option 82
DHCP field
Availability and Redundancy Features• UniDirectional Link
Detection (UDLD) and aggressive UDLD for detecting and
disabling
unidirectional links on fiber-optic interfaces caused by
incorrect fiber-optic wiring or port faults
• IEEE 802.1D Spanning Tree Protocol (STP) for redundant
backbone connections and loop-free networks. STP has these
features:
– Up to 64 spanning-tree instances supported
– Per-VLAN spanning-tree plus (PVST+) for load balancing across
VLANs
– Rapid PVST+ for load balancing across VLANs and providing
rapid convergence of spanning-tree instances
– UplinkFast and BackboneFast for fast convergence after a
spanning-tree topology change and for achieving load balancing
between redundant uplinks, including Gigabit uplinks
• IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) for
grouping VLANs into a spanning-tree instance and for providing
multiple forwarding paths for data traffic and load balancing and
rapid per-VLAN Spanning-Tree plus (rapid-PVST+) based on the IEEE
802.1w Rapid Spanning Tree Protocol (RSTP) for rapid convergence of
the spanning tree by immediately changing root and designated ports
to the forwarding state
• Optional spanning-tree features available in PVST+,
rapid-PVST+, and MSTP mode:
– Port Fast for eliminating the forwarding delay by enabling a
port to immediately change from the blocking state to the
forwarding state
– BPDU guard for shutting down Port Fast-enabled ports that
receive bridge protocol data units (BPDUs)
– BPDU filtering for preventing a Port Fast-enabled port from
sending or receiving BPDUs
– Root guard for preventing switches outside the network core
from becoming the spanning-tree root
– Loop guard for preventing alternate or root ports from
becoming designated ports because of a failure that leads to a
unidirectional link
1-5Catalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Chapter 1 OverviewFeatures
VLAN Features• Support for up to 64 VLANs for assigning users to
VLANs associated with appropriate network
resources, traffic patterns, and bandwidth
• Support for VLAN IDs in the 1 to 4094 range as allowed by the
IEEE 802.1Q standard
• VLAN Query Protocol (VQP) for dynamic VLAN membership
• IEEE 802.1Q trunking encapsulation on all ports for network
moves, adds, and changes; management and control of broadcast and
multicast traffic; and network security by establishing VLAN groups
for high-security users and network resources
• Dynamic Trunking Protocol (DTP) for negotiating trunking on a
link between two devices and for negotiating the type of trunking
encapsulation (IEEE 802.1Q) to be used
• VLAN Trunking Protocol (VTP) and VTP pruning for reducing
network traffic by restricting flooded traffic to links destined
for stations receiving the traffic
• Voice VLAN for creating subnets for voice traffic from Cisco
IP Phones
• VLAN 1 minimization for reducing the risk of spanning-tree
loops or storms by allowing VLAN 1 to be disabled on any individual
VLAN trunk link. With this feature enabled, no user traffic is sent
or received on the trunk. The switch CPU continues to send and
receive control protocol frames.
• Port security on a PVLAN host to limit the number of MAC
addresses learned on a port, or define which MAC addresses may be
learned on a port
Security Features• Password-protected access (read-only and
read-write access) to management interfaces (device
manager, Network Assistant, and the CLI) for protection against
unauthorized configuration changes
• Multilevel security for a choice of security level,
notification, and resulting actions
• Static MAC addressing for ensuring security
• Protected port option for restricting the forwarding of
traffic to designated ports on the same switch
• Port security option for limiting and identifying MAC
addresses of the stations allowed to access the port
• VLAN aware port security option to shut down the VLAN on the
port when a violation occurs, instead of shutting down the entire
port
• Port security aging to set the aging time for secure addresses
on a port
• BPDU guard for shutting down a Port Fast-configured port when
an invalid configuration occurs
• IEEE 802.1x port-based authentication to prevent unauthorized
devices (clients) from gaining access to the network. These
features are supported:
– VLAN assignment for restricting IEEE 802.1x-authenticated
users to a specified VLAN
– Port security for controlling access to IEEE 802.1x ports
– Voice VLAN to permit a Cisco IP Phone to access the voice VLAN
regardless of the authorized or unauthorized state of the port
– IP phone detection enhancement to detect and recognize a Cisco
IP phone.
– Guest VLAN to provide limited services to non-IEEE
802.1x-compliant users
1-6Catalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Chapter 1 OverviewFeatures
– IEEE 802.1x accounting to track network usage
– Support for 802.1x Wake-on-LAN on the LAN Lite image
• TACACS+, a proprietary feature for managing network security
through a TACACS server for both IPv4 and IPv6
• RADIUS for verifying the identity of, granting access to, and
tracking the actions of remote users through authentication,
authorization, and accounting (AAA) services for both IPv4 and
IPv6
• Secure Socket Layer (SSL) Version 3.0 support for the HTTP 1.1
server authentication, encryption, and message integrity and HTTP
client authentication to allow secure HTTP communications (requires
the cryptographic version of the software)
• Voice aware IEEE 802.1x security
QoS and CoS Features• Classification
– IEEE 802.1p CoS marking priorities on a per-port basis for
protecting the performance of mission-critical applications
– Trusted port states (CoS and IP precedence) within a QoS
domain and with a port bordering another QoS domain
• Ingress queueing and scheduling
– Two configurable ingress queues for user traffic (one queue
can be the priority queue)
– Weighted tail drop (WTD) as the congestion-avoidance mechanism
for managing the queue lengths and providing drop precedences for
different traffic classifications
– Thresholds and queue-lengths are predefined and fixed
– Shaped round robin (SRR) as the scheduling service for
specifying the rate at which packets are sent to the internal
ring
– Ratios and buffers/thresholds are predefined and fixed
• Egress queues and scheduling
– Four egress queues per port
– WTD as the congestion-avoidance mechanism for managing the
queue lengths and providing drop precedences for different traffic
classifications
– Thresholds and queue-lengths are predefined and fixed
– SRR as the scheduling service for specifying the rate at which
packets are dequeued to the egress interface
– Ratios and buffers/thresholds are predefined and fixed
Monitoring Features• Switch LEDs that provide port- and
switch-level status
• MAC address notification traps and RADIUS accounting for
tracking users on a network by storing the MAC addresses that the
switch has learned or removed
• Switched Port Analyzer (SPAN) for traffic monitoring on any
port or VLAN
1-7Catalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Chapter 1 OverviewDefault Settings After Initial Switch
Configuration
• SPAN support of Intrusion Detection Systems (IDS) to monitor,
repel, and report network security violations
• Four groups (history, statistics, alarms, and events) of
embedded RMON agents for network monitoring and traffic
analysis
• Syslog facility for logging system messages about
authentication or authorization errors, resource issues, and
time-out events
• Layer 2 traceroute to identify the physical path that a packet
takes from a source device to a destination device
• Time Domain Reflector (TDR) to diagnose and resolve cabling
problems on 10/100 and 10/100/1000 copper Ethernet ports
• SFP module diagnostic management interface to monitor physical
or operational status of an SFP module
Default Settings After Initial Switch ConfigurationThe switch is
designed for plug-and-play operation, requiring only that you
assign basic IP information to the switch and connect it to the
other devices in your network. If you have specific network needs,
you can change the interface-specific and system-wide settings.
Note For information about assigning an IP address by using the
browser-based Express Setup program, see the getting started guide.
For information about assigning an IP address by using the
CLI-based setup program, see the hardware installation guide.
If you do not configure the switch at all, the switch operates
with these default settings:
• Default switch IP address, subnet mask, and default gateway is
0.0.0.0. For more information, see Chapter 3, “Assigning the Switch
IP Address and Default Gateway.”
• Default domain name is not configured. For more information,
see Chapter 3, “Assigning the Switch IP Address and Default
Gateway.”
• Switch cluster is disabled. For more information about switch
clusters, see Chapter 5, “Clustering Switches.”
• No passwords are defined. For more information, see Chapter 7,
“Administering the Switch.”
• System name and prompt is Switch. For more information, see
Chapter 7, “Administering the Switch.”
• NTP is enabled. For more information, see Chapter 7,
“Administering the Switch.”
• DNS is enabled. For more information, see Chapter 7,
“Administering the Switch.”
• TACACS+ is disabled. For more information, see Chapter 8,
“Configuring Switch-Based Authentication.”
• RADIUS is disabled. For more information, see Chapter 8,
“Configuring Switch-Based Authentication.”
• The standard HTTP server and Secure Socket Layer (SSL) HTTPS
server are both enabled. For more information, see Chapter 8,
“Configuring Switch-Based Authentication.”
• IEEE 802.1x is disabled. For more information, see Chapter 9,
“Configuring IEEE 802.1x Port-Based Authentication.”
1-8Catalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Chapter 1 OverviewDefault Settings After Initial Switch
Configuration
• Port parameters
– Interface speed and duplex mode is autonegotiate. For more
information, see Chapter 10, “Configuring Interface
Characteristics.”
– Auto-MDIX is enabled. For more information, see Chapter 10,
“Configuring Interface Characteristics.”
– Flow control is off. For more information, see
• No Smartports macros are defined. For more information, see
the Auto Smartports Configuration Guide.
• VLANs
– Default VLAN is VLAN 1. For more information, see Chapter 11,
“Configuring VLANs.”
– VLAN trunking setting is dynamic auto (DTP). For more
information, see Chapter 11, “Configuring VLANs.”
– Trunk encapsulation is negotiate. For more information, see
Chapter 11, “Configuring VLANs.”
– VTP mode is server. For more information, see Chapter 12,
“Configuring VTP.”
– VTP version is Version 1. For more information, see Chapter
12, “Configuring VTP.”
– Voice VLAN is disabled. For more information, see Chapter 13,
“Configuring Voice VLAN.”
• STP, PVST+ is enabled on VLAN 1. For more information, see
Chapter 14, “Configuring STP.”
• MSTP is disabled. For more information, see Chapter 15,
“Configuring MSTP.”
• Optional spanning-tree features are disabled. For more
information, see Chapter 16, “Configuring Optional Spanning-Tree
Features.”
• IGMP snooping is enabled. No IGMP filters are applied. For
more information, see Chapter 18, “Configuring IGMP Snooping.”
• IGMP throttling setting is deny. For more information, see
Chapter 18, “Configuring IGMP Snooping.”
• The IGMP snooping querier feature is disabled. For more
information, see Chapter 18, “Configuring IGMP Snooping.”
• Port-based traffic
– Broadcast, multicast, and unicast storm control is disabled.
For more information, see Chapter 20, “Configuring Port-Based
Traffic Control.”
– No protected ports are defined. For more information, see
Chapter 20, “Configuring Port-Based Traffic Control.”
– Unicast and multicast traffic flooding is not blocked. For
more information, see Chapter 20, “Configuring Port-Based Traffic
Control.”
– No secure ports are configured. For more information, see
Chapter 20, “Configuring Port-Based Traffic Control.”
• CDP is enabled. For more information, see Chapter 21,
“Configuring CDP.”
• UDLD is disabled. For more information, see Chapter 23,
“Configuring UDLD.”
• SPAN disabled. For more information, see Chapter 24,
“Configuring SPAN.”
• RMON is disabled. For more information, see Chapter 25,
“Configuring RMON.”
• Syslog messages are enabled and appear on the console. For
more information, see Chapter 26, “Configuring System Message
Logging.”
1-9Catalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Chapter 1 OverviewNetwork Configuration Examples
• SNMP is enabled (Version 1). For more information, see Chapter
27, “Configuring SNMP.”
• QoS is disabled. For more information, see Chapter 29,
“Configuring QoS.”
• No EtherChannels are configured. For more information, see
Chapter 30, “Configuring EtherChannels.”
Network Configuration ExamplesThis section provides network
configuration concepts and includes examples of using the switch to
create dedicated network segments and interconnecting the segments
through Fast Ethernet and Gigabit Ethernet connections.
• “Design Concepts for Using the Switch” section on page
1-10
• “Small to Medium-Sized Network Using Catalyst 2918 Switches”
section on page 1-13
Design Concepts for Using the SwitchIAs your network users
compete for network bandwidth, it takes longer to send and receive
data. When you configure your network, consider the bandwidth
required by your network users and the relative priority of the
network applications that they use.
Table 1-1 describes what can cause network performance to
degrade and how you can configure your network to increase the
bandwidth available to your network users.
Table 1-1 Increasing Network Performance
Network Demands Suggested Design Methods
Too many users on a single network segment and a growing number
of users accessing the Internet
• Create smaller network segments so that fewer users share the
bandwidth, and use VLANs and IP subnets to place the network
resources in the same logical network as the users who access those
resources most.
• Use full-duplex operation between the switch and its connected
workstations.
• Increased power of new PCs, workstations, and servers
• High bandwidth demand from networked applications (such as
e-mail with large attached files) and from bandwidth-intensive
applications (such as multimedia)
• Connect global resources—such as servers and routers to which
the network users require equal access—directly to the high-speed
switch ports so that they have their own high-speed segment.
• Use the EtherChannel feature between the switch and its
connected servers and routers.
1-10Catalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Chapter 1 OverviewNetwork Configuration Examples
Bandwidth alone is not the only consideration when designing
your network. As your network traffic profiles evolve, consider
providing network services that can support applications for voice
and data integration, multimedia integration, application
prioritization, and security. Table 1-2 describes some network
demands and how you can meet them.
You can use the switches to create the following:
• Cost-effective Gigabit-to-the-desktop for high-performance
workgroups (Figure 1-1)—For high-speed access to network resources,
you can use the Cisco Catalyst 2918 switches in the access layer to
provide Gigabit Ethernet to the desktop. To prevent congestion, use
QoS DSCP marking priorities on these switches. For high-speed IP
forwarding at the distribution layer, connect the switches in the
access layer to a Gigabit multilayer switch with routing
capability, such as a Catalyst 3750 switch, or to a router.
The first illustration is of an isolated high-performance
workgroup, where the Catalyst 2918 switches are connected to
Catalyst 3750 switches in the distribution layer. The second
illustration is of a high-performance workgroup in a branch office,
where the Catalyst 2918 switches are connected to a router in the
distribution layer.
Each switch in this configuration provides users with a
dedicated 1-Gb/s connection to network resources. Using SFP modules
also provides flexibility in media and distance options through
fiber-optic connections.
Table 1-2 Providing Network Services
Network Demands Suggested Design Methods
Efficient bandwidth usage for multimedia applications and
guaranteed bandwidth for critical applications
• Use IGMP snooping to efficiently forward multimedia and
multicast traffic.
• Use other QoS mechanisms such as packet classification,
marking, scheduling, and congestion avoidance to classify traffic
with the appropriate priority level, thereby providing maximum
flexibility and support for mission-critical, unicast, and
multicast and multimedia applications.
High demand on network redundancy and availability to provide
always on mission-critical applications
• Use VLAN trunks and BackboneFast for traffic-load balancing on
the uplink ports so that the uplink port with a lower relative port
cost is selected to carry the VLAN traffic.
An evolving demand for IP telephony • Use QoS to prioritize
applications such as IP telephony during congestion and to help
control both delay and jitter within the network.
• Use switches that support at least two queues per port to
prioritize voice and data traffic as either high- or low-priority,
based on IEEE 802.1p/Q. The switch supports at least four queues
per port.
• Use voice VLAN IDs (VVIDs) to provide separate VLANs for voice
traffic.
1-11Catalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Chapter 1 OverviewNetwork Configuration Examples
Figure 1-1 High-Performance Workgroup
(Gigabit-to-the-Desktop)
• Server aggregation (Figure 1-2)—You can use the switches to
interconnect groups of servers, centralizing physical security and
administration of your network. For high-speed IP forwarding at the
distribution layer, connect the switches in the access layer to
multilayer switches with routing capability. The Gigabit
interconnections minimize latency in the data flow.
QoS and policing on the switches provide preferential treatment
for certain data streams. They segment traffic streams into
different paths for processing. Security features on the switch
ensure rapid handling of packets.
Fault tolerance from the server racks to the core is achieved
through dual homing of servers connected to switches, which have
redundant Gigabit EtherChannels.
Using dual SFP module uplinks from the switches provides
redundant uplinks to the network core. Using SFP modules provides
flexibility in media and distance options through fiber-optic
connections.
Figure 1-2 Server Aggregation
8937
3
Access-layerCatalystswitches
Catalyst 3750switches
8937
6
Campuscore
Catalyst6500 switches
Catalyst 3750StackWiseswitch stacks
Access-layerCatalystswitches
Server racks
1-12Catalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Chapter 1 OverviewNetwork Configuration Examples
Small to Medium-Sized Network Using Catalyst 2918 SwitchesFigure
1-3 shows a configuration for a network of up to 500 employees.
This network uses Catalyst 2918 switches with high-speed
connections to two routers. This ensures connectivity to the
Internet, WAN, and mission-critical network resources in case one
of the routers fails. The switches are using EtherChannel for load
sharing.
The switches are connected to workstations and local servers.
The server farm includes a call-processing server running Cisco
CallManager software. Cisco CallManager controls call processing,
routing, and Cisco IP Phone features and configuration. The
switches are interconnected through Gigabit interfaces.
This network uses VLANs to logically segment the network into
well-defined broadcast groups and for security management. Data and
multimedia traffic are configured on the same VLAN. Voice traffic
from the Cisco IP Phones are configured on separate VVIDs. If data,
multimedia, and voice traffic are assigned to the same VLAN, only
one VLAN can be configured per wiring closet.
When an end station in one VLAN needs to communicate with an end
station in another VLAN, a router routes the traffic to the
destination VLAN. In this network, the routers are providing
inter-VLAN routing. VLAN access control lists (VLAN maps) on the
switch provide intra-VLAN security and prevent unauthorized users
from accessing critical areas of the network.
In addition to inter-VLAN routing, the routers provide QoS
mechanisms such as DSCP priorities to prioritize the different
types of network traffic and to deliver high-priority traffic. If
congestion occurs, QoS drops low-priority traffic to allow delivery
of high-priority traffic.
Cisco CallManager controls call processing, routing, and Cisco
IP Phone features and configuration. Users with workstations
running Cisco SoftPhone software can place, receive, and control
calls from their PCs. Using Cisco IP Phones, Cisco CallManager
software, and Cisco SoftPhone software integrates telephony and IP
networks, and the IP network supports both voice and data.
The routers also provide firewall services, Network Address
Translation (NAT) services, voice-over-IP (VoIP) gateway services,
and WAN and Internet access.
Figure 1-3 Catalyst 2918 Switches in a Collapsed Backbone
Configuration
Gigabitservers
1013
88
Cisco 2600 or3700 routers
Internet
Cisco IPphones Workstations
runningCisco SoftPhone
software
Aironet wirelessaccess points
IP IP
1-13Catalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Chapter 1 OverviewWhere to Go Next
Where to Go NextBefore configuring the switch, review these
sections for startup information:
• Chapter 2, “Using the Command-Line Interface”
• Chapter 3, “Assigning the Switch IP Address and Default
Gateway”
To locate and download MIBs for a specific Cisco product and
release, use the Cisco MIB
Locator:http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
1-14Catalyst 2918 Switch Software Configuration Guide
OL-27298-02
http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
-
OL-27298-02
C H A P T E R 2
Using the Command-Line Interface
This chapter describes the Cisco IOS command-line interface
(CLI) and how to use it to configure your Catalyst 2918 switch. It
contains these sections:
• Understanding Command Modes, page 2-1
• Understanding the Help System, page 2-3
• Understanding Abbreviated Commands, page 2-3
• Understanding no and default Forms of Commands, page 2-4
• Understanding CLI Error Messages, page 2-4
• Using Configuration Logging, page 2-5
• Using Command History, page 2-5
• Using Editing Features, page 2-6
• Searching and Filtering Output of show and more Commands, page
2-9
• Accessing the CLI, page 2-9
Understanding Command ModesThe Cisco IOS user interface is
divided into many different modes. The commands available to you
depend on which mode you are currently in. Enter a question mark
(?) at the system prompt to obtain a list of commands available for
each command mode.
When you start a session on the switch, you begin in user mode,
often called user EXEC mode. Only a limited subset of the commands
are available in user EXEC mode. For example, most of the user EXEC
commands are one-time commands, such as show commands, which show
the current configuration status, and clear commands, which clear
counters or interfaces. The user EXEC commands are not saved when
the switch reboots.
To have access to all commands, you must enter privileged EXEC
mode. Normally, you must enter a password to enter privileged EXEC
mode. From this mode, you can enter any privileged EXEC command or
enter global configuration mode.
Using the configuration modes (global, interface, and line), you
can make changes to the running configuration. If you save the
configuration, these commands are stored and used when the switch
reboots. To access the various configuration modes, you must start
at global configuration mode. From global configuration mode, you
can enter interface configuration mode and line configuration
mode.
2-1Catalyst 2918 Switch Software Configuration Guide
-
Chapter 2 Using the Command-Line InterfaceUnderstanding Command
Modes
Table 2-1 describes the main command modes, how to access each
one, the prompt you see in that mode, and how to exit the mode. The
examples in the table use the hostname Switch.
Table 2-1 Command Mode Summary
Mode Access Method Prompt Exit Method About This Mode
User EXEC Begin a session with your switch.
Switch> Enter logout or quit.
Use this mode to
• Change terminal settings.
• Perform basic tests.
• Display system information.
Privileged EXEC While in user EXEC mode, enter the enable
command.
Switch# Enter disable to exit.
Use this mode to verify commands that you have entered. Use a
password to protect access to this mode.
Global configuration While in privileged EXEC mode, enter the
configure command.
Switch(config)# To exit to privileged EXEC mode, enter exit or
end, or press Ctrl-Z.
Use this mode to configure parameters that apply to the entire
switch.
VLAN configuration While in global configuration mode, enter the
vlan vlan-id command.
Switch(config-vlan)# To exit to global configuration mode, enter
the exit command.
To return to privileged EXEC mode, press Ctrl-Z or enter
end.
Use this mode to configure VLAN parameters. When VTP mode is
transparent, you can create extended-range VLANs (VLAN IDs greater
than 1005) and save configurations in the switch startup
configuration file.
Interface configuration
While in global configuration mode, enter the interface command
(with a specific interface).
Switch(config-if)# To exit to global configuration mode, enter
exit.
To return to privileged EXEC mode, press Ctrl-Z or enter
end.
Use this mode to configure parameters for the Ethernet
ports.
For information about defining interfaces, see the “Using
Interface Configuration Mode” section on page 10-4.
To configure multiple interfaces with the same parameters, see
the “Configuring a Range of Interfaces” section on page 10-5.
Line configuration While in global configuration mode, specify a
line with the line vty or line console command.
Switch(config-line)# To exit to global configuration mode, enter
exit.
To return to privileged EXEC mode, press Ctrl-Z or enter
end.
Use this mode to configure parameters for the terminal line.
2-2Catalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Chapter 2 Using the Command-Line InterfaceUnderstanding the Help
System
For more detailed information on the command modes, see the
command reference guide for this release.
Understanding the Help SystemYou can enter a question mark (?)
at the system prompt to display a list of commands available for
each command mode. You can also obtain a list of associated
keywords and arguments for any command, as shown in Table 2-2.
Understanding Abbreviated CommandsYou need to enter only enough
characters for the switch to recognize the command as unique.
This example shows how to enter the show configuration
privileged EXEC command in an abbreviated form:
Switch# show conf
Table 2-2 Help Summary
Command Purpose
help Obtain a brief description of the help system in any
command mode.
abbreviated-command-entry? Obtain a list of commands that begin
with a particular character string.
For example:
Switch# di?dir disable disconnect
abbreviated-command-entry Complete a partial command name.
For example:
Switch# sh confSwitch# show configuration
? List all commands available for a particular command mode.
For example:
Switch> ?
command ? List the associated keywords for a command.
For example:
Switch> show ?
command keyword ? List the associated arguments for a
keyword.
For example:
Switch(config)# cdp holdtime ? Length of time (in sec) that
receiver must keep this packet
2-3Catalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Chapter 2 Using the Command-Line InterfaceUnderstanding no and
default Forms of Commands
Understanding no and default Forms of CommandsAlmost every
configuration command also has a no form. In general, use the no
form to disable a feature or function or reverse the action of a
command. For example, the no shutdown interface configuration
command reverses the shutdown of an interface. Use the command
without the keyword no to re-enable a disabled feature or to enable
a feature that is disabled by default.
Configuration commands can also have a default form. The default
form of a command returns the command setting to its default. Most
commands are disabled by default, so the default form is the same
as the no form. However, some commands are enabled by default and
have variables set to certain default values. In these cases, the
default command enables the command and sets variables to their
default values.
Understanding CLI Error MessagesTable 2-3 lists some error
messages that you might encounter while using the CLI to configure
your switch.
Table 2-3 Common CLI Error Messages
Error Message Meaning How to Get Help
% Ambiguous command: "show con"
You did not enter enough characters for your switch to recognize
the command.
Re-enter the command followed by a question mark (?) with a
space between the command and the question mark.
The possible keywords that you can enter with the command
appear.
% Incomplete command. You did not enter all the keywords or
values required by this command.
Re-enter the command followed by a question mark (?) with a
space between the command and the question mark.
The possible keywords that you can enter with the command
appear.
% Invalid input detected at ‘^’ marker.
You entered the command incorrectly. The caret (^) marks the
point of the error.
Enter a question mark (?) to display all the commands that are
available in this command mode.
The possible keywords that you can enter with the command
appear.
2-4Catalyst 2918 Switch Software Configuration Guide
OL-27298-02
-
Chapter 2 Using the Command-Line InterfaceUsing Configuration
Logging
Using Configuration LoggingYou can log and view changes to the
switch configuration. You can use the Configuration Change Logging
and Notification feature to track changes on a per-session and
per-user basis. The logger tracks each configuration command that
is applied, the user who entered the command, the time that the
command was entered, and the parser return code for the command.
This feature includes a mechanism for asynchronous notification to
registered applications whenever the configuration changes. You can
choose to have the notifications sent to the syslog.
For more information, see the Configuration Change Notification
and Logging feature module at this URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/product