Configuring Trap Managers and Enabling Traps

A trap manager is a management station that receives and processes traps. Traps are system alerts that the switch generates when certain events occur. By default, no trap manager is defined, and no traps are issued. Switches running this IOS release can have an unlimited number of trap managers. Community strings can be any length. Table 22-3 describes the supported switch traps (notification types). You can enable any or all of these traps and configure a trap manager to receive them. Table...

Afo

Note You cannot remove VLAN 1 or VLANs 1002 to 1005 from the allowed-VLAN list. A trunk port can become a member of a VLAN if the VLAN is enabled, if VTP knows of the VLAN, and if the VLAN is in the allowed list for the port. When VTP detects a newly enabled VLAN and the VLAN is in the allowed list for a trunk port, the trunk port automatically becomes a member of the enabled VLAN. When VTP detects a new VLAN and the VLAN is not in the allowed list for a trunk port, the trunk port does not...

Configuring VTP

This section includes guidelines and procedures for configuring VTP. These sections are included Default VTP Configuration, page 14-6 VTP Configuration Options, page 14-7 VTP Configuration Guidelines, page 14-8 Configuring a VTP Server, page 14-9 Configuring a VTP Client, page 14-11 Disabling VTP (VTP Transparent Mode), page 14-12 Enabling VTP Version 2, page 14-13 Enabling VTP Pruning, page 14-14 Adding a VTP Client Switch to a VTP Domain, page 14-15 Table 14-2 shows the default VTP...

Configuring VMPS

The Catalyst 2950 switch cannot be a VMPS server but can act as a client to the VMPS and communicate with it through the VLAN Query Protocol (VQP). VMPS dynamically assigns dynamic access port VLAN membership. This section includes this information about configuring VMPS Understanding VMPS section on page 13-30 Default VMPS Configuration section on page 13-33 VMPS Configuration Guidelines section on page 13-33 Configuring the VMPS Client section on page 13-34 Monitoring the VMPS section on page...

Configuring the Root Switch

The switch maintains a separate spanning-tree instance for each active VLAN configured on it. A bridge ID, consisting of the switch priority and the switch MAC address, is associated with each instance. For each VLAN, the switch with the lowest bridge ID becomes the root switch for that VLAN. To configure a switch to become the root, use the spanning-tree vlan vlan-idroot global configuration command to modify the switch priority from the default value (32768) to a significantly lower value so...

Defining the Maximum Secure Address Count

A secure port can have from 1 to 132 associated secure addresses. Setting one address in the MAC address table for the port ensures that the attached device has the full bandwidth of the port. If the secure-port maximum addresses are set between 1 to 132 addresses and some of the secure addresses have not been added by user, the remaining addresses are dynamically learnt and become secure addresses. If the port link goes down, all the dynamically learned addresses are removed. If you enable...

Configuring the Switch to Use Vendor Specific Radius Attributes

The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-specific information between the switch and the RADIUS server by using the vendor-specific attribute (attribute 26). Vendor-specific attributes (VSAs) allow vendors to support their own extended attributes not suitable for general use. The Cisco RADIUS implementation supports one vendor-specific option by using the format recommended in the specification. Cisco's vendor-ID is 9, and the...

Enabling UDLD Globally

Beginning in privileged EXEC mode, follow these steps to enable UDLD globally on all fiber-optic interfaces on the switch Enable UDLD on all fiber-optic interfaces on the switch. UDLD is disabled by default. This command affects fiber-optic interfaces only. Use the udld interface configuration command to enable UDLD on other interface types. For more information, see the Enabling UDLD on an Interface section on page 18-4. An individual interface configuration overrides the setting of the udld...

Creating Named MAC Extended ACLs

You can filter Layer 2 traffic on a physical Layer 2 interface by using MAC addresses and named MAC extended ACLs. The procedure is similar to that of configuring other extended named access lists. Named MAC extended ACLs are used as a part of the mac access-group privileged EXEC command. For more information about the supported non-IP protocols in the mac access-list extended command, refer to the Catalyst 2950 Desktop Switch Command Reference for this release. Matching on any...

Displaying the Spanning Tree Status

To display the spanning-tree status, use one or more of the privileged EXEC commands in Table 12-2 Table 12-2 Commands for Displaying the Spanning-Tree Status Displays spanning-tree information on active interfaces only. Displays a detailed summary of interface information. show spanning-tree interface interface-id Displays spanning-tree information for the specified interface. show spanning-tree mst interface interface-id Displays MST information for the specified interface. Displays a summary...

Bridge Protocol Data Unit Format and Processing

The RSTP BPDU format is the same as the IEEE 802.1D BPDU format except that the protocol version is set to 2. A new one-byte version 1 Length field is set to zero, which means that no version 1 protocol information is present. Table 11-2 shows the RSTP flag fields. Topology change acknowledgement (TCA) The sending switch sets the proposal flag in the RSTP BPDU to propose itself as the designated switch on that LAN. The port role in the proposal message is always set to the designated port. The...

Starting Radius Accounting

The AAA accounting feature tracks the services that users are accessing and the amount of network resources that they are consuming. When AAA accounting is enabled, the switch reports user activity to the RADIUS security server in the form of accounting records. Each accounting record contains accounting attribute-value (AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. Beginning in privileged EXEC mode, follow...

Ist Cist and CST

Unlike PVST+ in which all the spanning-tree instances are independent, the MSTP establishes and maintains two types of spanning-trees An internal spanning tree (IST), which is the spanning tree that runs in an MST region. Within each MST region, the MSTP maintains multiple spanning-tree instances. Instance 0 is a special instance for a region, known as the internal spanning tree (IST). All other MST instances are numbered from 1 to 15. The IST is the only spanning-tree instance that sends and...

Configuring a Range of Interfaces

You can use the interface range global configuration command to configure multiple interfaces with the same configuration parameters. When you enter the interface range configuration mode, all command parameters that you enter are attributed to all interfaces within that range until you exit this mode. Beginning in privileged EXEC mode, follow these steps to configure a range of interfaces with the same parameters interface range port-range macro macro_name Enter interface range configuration...

Collapsed Backbone and Switch Cluster Configuration

Figure 1-3 shows a configuration for a network of approximately 500 employees. This network uses a collapsed backbone and switch clusters. A collapsed backbone has high-bandwidth uplinks from all segments and subnetworks to a single device, such as a Gigabit switch, that serves as a single point for monitoring and controlling the network. You can use a Catalyst 3550-12T-L3 switch, as shown, or a Catalyst 3508G XL switch to create a Gigabit backbone. A Catalyst 3550-12T-L3 backbone switch...

Configuring NTP Access Restrictions

You can control NTP access on two levels as described in these sections Creating an Access Group and Assigning a Basic IP Access List, page 7-40 Disabling NTP Services on a Specific Interface, page 7-41 Creating an Access Group and Assigning a Basic IP Access List Beginning in privileged EXEC mode, follow these steps to control access to NTP services by using access lists ntp access-group query-only serve-only serve peer Create an access group, and apply a basic IP access list. The keywords...

Select View Refresh

Select Cluster > Add to Cluster to redisplay the Add to Cluster window. From CMS, there are two ways to add switches to a cluster Select Cluster > Add to Cluster, select a candidate switch from the list, click Add, and click OK. To add more than one candidate switch, press Ctrl, and make your choices, or press Shift, and choose the first and last switch in a range. Display the Topology view, right-click a candidate-switch icon, and select Add to Cluster (Figure 6-12). In the Topology view,...

Configuring the PAgP Learn Method and Priority

Network devices are classified as PAgP physical learners or aggregate-port learners. A device is a physical learner if it learns addresses by physical ports and directs transmissions based on that knowledge. A device is an aggregate-port learner if it learns addresses by aggregate ports. For compatibility with Catalyst 1900 series switches, configure the Catalyst 2950 switches for source-MAC load distribution. The Catalyst 2950 supports address learning only on aggregate ports even though the...

Classifying Traffic by Using ACLs

You can classify IP traffic by using IP standard or IP extended ACLs you can classify Layer 2 traffic by using Layer 2 MAC ACLs. Beginning in privileged EXEC mode, follow these steps to create an IP standard ACL for IP traffic access-list access-list-number deny permit remark source source-wildcard host source any Create an IP standard ACL, repeating the command as many times as necessary. For access-list-number, enter the ACL number. The range is 1 to 99 and 1300 to 1999. Enter deny or permit...

Front Panel Images

You can manage the switch from a remote station by using the front-panel images. The front-panel images are updated based on the network polling interval that you set from CMS > Preferences. This section includes descriptions of the LED images. Similar descriptions of the switch LEDs are provided in the switch hardware installation guide. _ Note The Preferences window is not available if your switch access level is read-only. For more information about the read-only access mode, see the...

Using MVR in a Multicast Television Application

In a multicast television application, a PC or a television with a set-top box can receive the multicast stream. Multiple set-top boxes or PCs can be connected to one subscriber port, which is a switch port configured as an MVR receiver port. Refer to Figure 16-3. DHCP assigns an IP address to the set-top box or the PC. When a subscriber selects a channel, the set-top box or PC sends an IGMP report to the S1 switch to join the appropriate multicast. If the IGMP report matches one of the...

Configuring the Trust State on Ports within the QoS Domain

Note This feature is available only if your switch is running the enhanced software image. Packets entering a QoS domain are classified at the edge of the QoS domain. When the packets are classified at the edge, the switch port within the QoS domain can be configured to one of the trusted states because there is no need to classify the packets at every switch within the QoS domain. Figure 24-3 shows a sample network topology. Figure 24-3 Port Trusted States within the QoS Domain y...

Enabling Automated CNS Configuration

To enable automated CNS configuration of the switch, you must first complete the prerequisites in Table 5-1. When you complet them, power on the switch. At the setup prompt, do nothing The switch begins the initial configuration as described in the Initial Configuration section on page 5-5. When the full configuration file is loaded on your switch, you need to do nothing else. Table 5-1 Prerequisites for Enabling Automatic Configuration Table 5-1 Prerequisites for Enabling Automatic...

Monitoring and Maintaining CDP

To monitor and maintain CDP on your device, perform one or more of these tasks, beginning in privileged EXEC mode. Delete the CDP table of information about neighbors. Display global information, such as frequency of transmissions and the holdtime for packets being sent. show cdp entry entry-name protocol version Display information about a specific neighbor. You can enter an asterisk (*) to display all CDP neighbors, or you can enter the name of the neighbor about which you want information....

Understanding Multicast VLAN Registration

Multicast VLAN Registration (MVR) is designed for applications using wide-scale deployment of multicast traffic across an Ethernet ring-based service provider network (for example, the broadcast of multiple television channels over a service-provider network). MVR allows a subscriber on a port to subscribe and unsubscribe to a multicast stream on the network-wide multicast VLAN. It allows the single multicast VLAN to be shared in the network while subscribers remain in separate VLANs. MVR...

Configuring MAC Address Notification Traps

MAC address notification enables you to track users on a network by storing the MAC address activity on the switch. Whenever the switch learns or removes a MAC address, an SNMP notification can be generated and sent to the network management system (NMS). If you have many users coming and going from the network, you can set a trap interval time to bundle the notification traps and reduce network traffic. The MAC notification history table stores the MAC address activity for each hardware port...

Classifying Policing and Marking Traffic by Using Policy Maps

A policy map specifies which traffic class to act on. Actions can include trusting the CoS or DSCP values in the traffic class setting a specific DSCP value in the traffic class and specifying the traffic bandwidth limitations for each matched traffic class (policer) and the action to take when the traffic is out of profile (marking). A policy map also has these characteristics A policy map can contain multiple class statements, each with different match criteria and policers. A separate...

Understanding Cross Stack Uplink Fast

Cross-stack UplinkFast (CSUF) provides a fast spanning-tree transition (fast convergence in less than 1 second under normal network conditions) across a stack of switches that use the GigaStack GBICs connected in a shared cascaded configuration (multidrop backbone). During the fast transition, an alternate redundant link on the stack of switches is placed in the forwarding state without causing temporary spanning-tree loops or loss of connectivity to the backbone. With this feature, you can...

Discovery of Newly Installed Switches

To join a cluster, the new, out-of-the-box switch must be connected to the cluster through one of its access ports. An access port (AP) carries the traffic of and belongs to the management VLAN. By default, the new switch and its access ports are assigned to management VLAN 1. When the new switch joins a cluster, its default management VLAN changes to the VLAN of the immediately upstream neighbor. The new switch also configures its access port to belong to the VLAN of the immediately upstream...

STP Configuration Guidelines

If more VLANs are defined in the VTP than there are spanning-tree instances, you can enable STP on only 64 VLANs. The remaining VLANs operate with spanning tree disabled. If the number of VLANs exceeds 128, we recommend that you enable the MSTP to map multiple VLANs to a single spanning-tree instance. For more information, see the Chapter 11, Configuring RSTP and MSTP. If 64 instances of spanning tree are already in use, you can disable STP on one of the VLANs and then enable it on the VLAN...

Configuring IEEE 8023X Flow Control on Gigabit Ethernet Ports

Flow control is supported only on 10 100 1000 ports and GBIC-module ports. Flow control enables connected Gigabit Ethernet ports to control traffic rates during congestion by allowing congested nodes to pause link operation at the other end. If one port experiences congestion and cannot receive any more traffic, it notifies the other port to stop sending until the condition clears. When the local device detects any congestion at its end, it can notify the link partner or the remote device by...