EasyManua.ls Logo

Cisco CATALYST 2960 User Manual

Cisco CATALYST 2960
980 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #689 background imageLoading...
Page #689 background image
30-3
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
OL-26520-01
Chapter 30 Configuring SNMP
Understanding SNMP
SNMPv2C includes a bulk retrieval mechanism and more detailed error message reporting to
management stations. The bulk retrieval mechanism retrieves tables and large quantities of information,
minimizing the number of round-trips required. The SNMPv2C improved error-handling includes
expanded error codes that distinguish different kinds of error conditions; these conditions are reported
through a single error code in SNMPv1. Error return codes in SNMPv2C report the error type.
SNMPv3 provides for both security models and security levels. A security model is an authentication
strategy set up for a user and the group within which the user resides. A security level is the permitted
level of security within a security model. A combination of the security level and the security model
determine which security mechanism is used when handling an SNMP packet. Available security models
are SNMPv1, SNMPv2C, and SNMPv3.
Table 30-1 identifies the characteristics of the different combinations of security models and levels.
You must configure the SNMP agent to use the SNMP version supported by the management station.
Because an agent can communicate with multiple managers, you can configure the software to support
communications using SNMPv1, SNMPv2C, or SNMPv3.
SNMP Manager Functions
The SNMP manager uses information in the MIB to perform the operations described in Table 30-2.
Table 30-1 SNMP Security Models and Levels
Model Level Authentication Encryption Result
SNMPv1 noAuthNoPriv Community string No Uses a community string match for authentication.
SNMPv2C noAuthNoPriv Community string No Uses a community string match for authentication.
SNMPv3 noAuthNoPriv Username No Uses a username match for authentication.
SNMPv3 authNoPriv Message Digest 5
(MD5) or Secure
Hash Algorithm
(SHA)
No Provides authentication based on the HMAC-MD5 or
HMAC-SHA algorithms.
SNMPv3 authPriv
(requires the
cryptographic
software image)
MD5 or SHA Data Encryption
Standard (DES)
or Advanced
Encryption
Standard (AES)
Provides authentication based on the HMAC-MD5 or
HMAC-SHA algorithms. Allows specifying the
User-based Security Model (USM) with these
encryption algorithms:
DES 56-bit encryption in addition to
authentication based on the CBC-DES (DES-56)
standard.
3DES 168-bit encryption
AES 128-bit, 192-bit, or 256-bit encryption
Table 30-2 SNMP Operations
Operation Description
get-request Retrieves a value from a specific variable.
get-next-request Retrieves a value from a variable within a table.
1

Table of Contents

Other manuals for Cisco CATALYST 2960

Preview: Command Reference Guide
Command Reference Guide800 pages
Preview: Command Reference
Command Reference714 pages
Preview: Hardware Installation Guide
Hardware Installation Guide108 pages
Preview: Getting Started Guide
Getting Started Guide24 pages
Preview: Installation
Installation26 pages

Questions and Answers:

Cisco CATALYST 2960 Specifications

General IconGeneral
ManageableYes
StackingNo
ModelCatalyst 2960 Series Switches
Power over Ethernet (PoE)Available on some models (IEEE 802.3af)
VLANs255 active VLANs
FeaturesQoS
Operating Temperature32 to 113°F (0 to 45°C)
Relative Humidity10% to 85% non-condensing
Power ConsumptionVaries by model (30W to 400W)

Summary

Preface

Purpose

Provides information on configuring Cisco IOS software features on switches.

Chapter 1 Overview

Features

Details the capabilities of LAN base and LAN Lite images on Catalyst switches.

Ease-of-Deployment and Ease-of-Use Features

Express Setup for quickly configuring a switch for the first time with basic IP information, contact information, switch and Telnet passwords, and Simple Network Management Protocol (SNMP) information through a browser-based program. For more information about Express Setup, see the getting started guide.

Covers Express Setup for initial switch configuration via a browser.

User-defined and Cisco-default Smartports macros for creating custom switch configurations for simplified deployment across the network.

Details Cisco-default and user-defined macros for dynamic port configuration based on detected device type.

An embedded device manager GUI for configuring and monitoring a single switch through a web browser. For information about launching the device manager, see the getting started guide. For more information about the device manager, see the switch online help.

Lists management options including embedded device manager via web browser.

Cisco Network Assistant (hereafter referred to as Network Assistant) for

Covers Cisco Network Assistant for managing multiple switches and simplifying tasks.

Performance Features

Cisco EnergyWise manages the energy usage of endpoints connected to domain members. For more information, see the Cisco EnergyWise documentation on Cisco.com.

Details Cisco EnergyWise for managing endpoint power usage.

EnergyWise Phase 2.5 enhancements that add support for a query to analyze and display domain information and for Wake on LAN (WoL) to remotely power on a WoL-capable PC.

Explains EnergyWise Phase 2.5 enhancements for domain info analysis and Wake on LAN.

Autosensing of port speed and autonegotiation of duplex mode on all switch ports for optimizing bandwidth.

Details autosensing of port speed and autonegotiation of duplex mode for bandwidth optimization.

Automatic-medium-dependent interface crossover (auto-MDIX) capability on 10/100 and 10/100/1000 Mb/s interfaces and on 10/100/1000 BASE-TX SFP module interfaces that enables the interface to automatically detect the required cable connection type (straight-through or crossover) and to configure the connection appropriately.

Covers auto-MDIX for automatic cable type detection and connection configuration.

Per-port storm control for preventing broadcast, multicast, and unicast storms.

Details per-port storm control for preventing broadcast, multicast, and unicast storms.

Management Options

An embedded device manager—The device manager is a GUI that is integrated in the software image. You use it to configure and to monitor a single switch. For information about launching the device manager, see the getting started guide. For more information about the device manager, see the switch online help.

Describes embedded device manager GUI for configuring and monitoring a single switch.

Network Assistant—Network Assistant is a network management application that can be downloaded from Cisco.com. You use it to manage a single switch, a cluster of switches, or a community of devices. For more information about Network Assistant, see Getting Started with Cisco Network Assistant, available on Cisco.com.

Details Network Assistant for managing single switches, clusters, or communities.

CLI—The Cisco IOS software supports desktop- and multilayer-switching features. You can access the CLI by connecting your management station directly to the switch console port, by connecting your PC directly to the Ethernet management port, or by using Telnet from a remote management station or PC. You can manage the switch stack by connecting to the console port or Ethernet management port of any stack member. For more information about the CLI, see Chapter 2, “Using the Command-Line Interface.”

Explains CLI access via console port, Ethernet management port, or Telnet for switch management.

Manageability Features

CNS embedded agents for automating switch management, configuration storage, and delivery

Covers CNS embedded agents for automating switch management, configuration storage, and delivery.

DHCP for automating configuration of switch information (such as IP address, default gateway, hostname, and Domain Name System [DNS] and TFTP server names)

Details DHCP for automating switch information configuration (IP address, gateway, hostname, DNS, TFTP).

Availability and Redundancy Features

Automatic stack master re-election for replacing stack masters that become unavailable (failover support)

Discusses automatic stack master re-election for failover support.

Cross-stack EtherChannel for providing redundant links across the switch stack

Explains cross-stack EtherChannel for redundant links across switch stacks.

UniDirectional Link Detection (UDLD) and aggressive UDLD for detecting and disabling unidirectional links on fiber-optic interfaces caused by incorrect fiber-optic wiring or port faults

Details UDLD and aggressive UDLD for detecting and disabling unidirectional links.

IEEE 802.1D Spanning Tree Protocol (STP) for redundant backbone connections and loop-free networks. STP has these features:

Covers IEEE 802.1D STP for redundant backbone connections and loop-free networks.

VLAN Features

Support for up to 255 VLANs for assigning users to VLANs associated with appropriate network resources, traffic patterns, and bandwidth

Explains support for up to 255 VLANs for assigning users based on resources, traffic, and bandwidth.

Security Features

Web authentication to allow a supplicant (client) that does not support IEEE 802.1x functionality to be authenticated using a web browser

Details Web authentication for non-802.1x supplicants using a web browser.

IEEE 802.1x Authentication with ACLs and the RADIUS Filter-Id Attribute

Explains IEEE 802.1x Authentication with ACLs and RADIUS Filter-Id Attribute.

Password-protected access (read-only and read-write access) to management interfaces (device manager, Network Assistant, and the CLI) for protection against unauthorized configuration changes

Details password-protected access to management interfaces for protection against unauthorized changes.

Port security option for limiting and identifying MAC addresses of the stations allowed to access the port

Covers port security option for limiting and identifying MAC addresses of allowed stations.

QoS and CoS Features

Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying traffic and configuring egress queues

Details auto-QoS for simplifying QoS deployment via traffic classification and egress queue configuration.

IP type-of-service/Differentiated Services Code Point (IP ToS/DSCP) and IEEE 802.1p CoS marking priorities on a per-port basis for protecting the performance of mission-critical applications

Details IP ToS/DSCP and 802.1p CoS marking priorities per port for protecting mission-critical applications.

Power over Ethernet Features

Ability to provide power to connected Cisco pre-standard and IEEE 802.3af-compliant powered devices from Power over Ethernet (PoE)-capable ports if the switch detects that there is no power on the circuit.

Explains ability to provide power to connected Cisco pre-standard and IEEE 802.3af devices via PoE ports.

Support for IEEE 802.3at, (PoE+) that increases the available power that can be drawn by powered devices from 15.4 W per port to 30 W per port (Catalyst 2960-S only)

Details IEEE 802.3at (PoE+) support, increasing power availability per port.

Support for Cisco intelligent power management. The powered device and the switch negotiate through power-negotiation CDP messages for an agreed power-consumption level. The negotiation allows a high-power Cisco powered device, which consumes more than 7 W, to operate at its highest power mode. The powered device first boots up in low-power mode, consumes less than 7 W, and negotiates to obtain enough power to operate in high-power mode. The device changes to high-power mode only when it receives confirmation from the switch.

Explains Cisco intelligent power management with negotiation for power consumption levels.

Automatic detection and power budgeting; the switch maintains a power budget, monitors and tracks requests for power, and grants power only when it is available.

Details automatic power detection and budgeting, including monitoring requests and granting power.

Universal Power over Ethernet Features

Provides the ability to source up to 60 W of power over standard Ethernet cabling infrastructure.

Details ability to source up to 60W power over standard Ethernet cabling.

Monitoring Features

Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) for traffic monitoring on any port or VLAN

Covers SPAN and RSPAN for traffic monitoring on any port or VLAN.

Four groups (history, statistics, alarms, and events) of embedded RMON agents for network monitoring and traffic analysis

Explains embedded RMON agents for network monitoring and traffic analysis (history, stats, alarms, events).

Default Settings After Initial Switch Configuration

Default switch IP address, subnet mask, and default gateway is 0.0.0.0. For more information, see Chapter 3, “Assigning the Switch IP Address and Default Gateway,” and Chapter 20, “Configuring DHCP and IP Source Guard Features.”

Details default IP settings: address, subnet mask, gateway are 0.0.0.0.

DHCP client is enabled, the DHCP server is enabled (only if the device acting as a DHCP server is configured and is enabled), and the DHCP relay agent is enabled (only if the device is acting as a DHCP relay agent is configured and is enabled). For more information, see Chapter 3, “Assigning the Switch IP Address and Default Gateway,” and Chapter 20, “Configuring DHCP and IP Source Guard Features.”

Explains DHCP client, server, and relay agent enablement status.

No passwords are defined. For more information, see Chapter 5, “Administering the Switch.”

States that no passwords are defined by default.

TACACS+ is disabled. For more information, see Chapter 9, “Configuring Switch-Based Authentication.”

Notes that TACACS+ is disabled by default.

RADIUS is disabled. For more information, see Chapter 9, “Configuring Switch-Based Authentication.”

States that RADIUS is disabled by default.

IEEE 802.1x is disabled. For more information, see Chapter 10, “Configuring IEEE 802.1x Port-Based Authentication.”

States that IEEE 802.1x is disabled by default.

VLANs

Default VLAN is VLAN 1. For more information, see Chapter 13, “Configuring VLANs.”

States that the default VLAN is VLAN 1.

VTP mode is server. For more information, see Chapter 14, “Configuring VTP.”

Notes that VTP mode is server by default.

Voice VLAN is disabled. For more information, see Chapter 15, “Configuring Voice VLAN.”

Notes that Voice VLAN is disabled by default.

DHCP snooping is disabled. The DHCP snooping information option is enabled. For more information, see Chapter 20, “Configuring DHCP and IP Source Guard Features.”

DHCP snooping is disabled. The DHCP snooping information option is enabled. For more information, see Chapter 20, “Configuring DHCP and IP Source Guard Features.”

Notes DHCP snooping is disabled but information option is enabled.

IP source guard is disabled. For more information, see Chapter 20, “Configuring DHCP and IP Source Guard Features.”

States that IP source guard is disabled by default.

Dynamic ARP inspection is disabled on all VLANs. For more information, see Chapter 22, “Configuring Dynamic ARP Inspection.”

States that Dynamic ARP inspection is disabled on all VLANs.

Network Configuration Examples

“Design Concepts for Using the Switch” section on page 1-19

Discusses design concepts for using the switch.

“Small to Medium-Sized Network Using Catalyst 2960, 2960-S and 2960-C Switches” section on page 1-24

Provides configuration examples for small to medium-sized networks.

“Long-Distance, High-Bandwidth Transport Configuration” section on page 1-25

Details configuration for long-distance, high-bandwidth transport.

Design Concepts for Using the Switch

As your network users compete for network bandwidth, it takes longer to send and receive data. When you configure your network, consider the bandwidth required by your network users and the relative priority of the network applications that they use.

Considers network bandwidth needs and application priority when configuring the network.

Table 1-2 Providing Network Services (continued)

Suggested Design Methods

Provides design methods for IP telephony and network speed requirements.

You can use the switches and switch stacks to create the following:

Cost-effective wiring closet (Figure 1-1)—A cost-effective way to connect many users to the wiring closet is to have a switch stack of up to four Catalyst 2960-S switches. To preserve switch connectivity if one switch in the stack fails, connect the switches as recommended in the hardware installation guide, and enable either cross-stack Etherchannel or cross-stack UplinkFast.

Describes cost-effective wiring closet setup using Catalyst 2960-S switch stacks with redundancy.

Cost-effective Gigabit-to-the-desktop for high-performance workgroups (Figure 1-2)—For high-speed access to network resources, you can use the Catalyst 2960 switch in the access layer to provide Gigabit Ethernet to the desktop. To prevent congestion, use QoS DSCP marking priorities on these switches. For high-speed IP forwarding at the distribution layer, connect the switches in the access layer to a Gigabit multilayer switch with routing capability, such as a Catalyst 3750 switch, or to a router.

Server aggregation (Figure 1-3)—You can use the switches and switch stacks to interconnect groups of servers, centralizing physical security and administration of your network. For high-speed IP forwarding at the distribution layer, connect the switches in the access layer to multilayer switches with routing capability. The Gigabit interconnections minimize latency in the data flow.

QoS and policing on the switches provide preferential treatment for certain data streams. They segment traffic streams into different paths for processing. Security features on the switch ensure rapid handling of packets.

Explains QoS and policing for preferential traffic treatment and security features.

Small to Medium-Sized Network Using Catalyst 2960, 2960-S and 2960-C Switches

Figure 1-4 shows a configuration for a network of up to 500 employees. This network uses a switch stack with high-speed connections to two routers. This ensures connectivity to the Internet, WAN, and mission-critical network resources if one of the routers fails. The switch stack uses cross-stack EtherChannel for loading sharing.

Describes a configuration for up to 500 employees with a switch stack and redundant router connections.

This network uses VLANs to logically segment the network into well-defined broadcast groups and for security management. Data and multimedia traffic are configured on the same VLAN. Voice traffic from the Cisco IP Phones are configured on separate VVIDs. If data, multimedia, and voice traffic are assigned to the same VLAN, only one VLAN can be configured per wiring closet.

Explains network segmentation using VLANs for broadcast groups, security, data, multimedia, and voice traffic.

When an end station in one VLAN needs to communicate with an end station in another VLAN, a router or Layer 3 switch routes the traffic to the destination VLAN. In this network, the routers are providing inter-VLAN routing. VLAN access control lists (VLAN maps) on the stack provide intra-VLAN security and prevent unauthorized users from accessing critical areas of the network.

Describes inter-VLAN routing using routers or Layer 3 switches, and VLAN maps for intra-VLAN security.

In addition to inter-VLAN routing, the multilayer switches or routers provide QoS mechanisms such as DSCP priorities to prioritize the different types of network traffic and to deliver high-priority traffic. If congestion occurs, QoS drops low-priority traffic to allow delivery of high-priority traffic.

Details QoS mechanisms like DSCP priorities for traffic prioritization and handling congestion.

Long-Distance, High-Bandwidth Transport Configuration

Figure 1-5 shows a configuration for sending 8 Gigabits of data over a single fiber-optic cable. The Catalyst 2960, 2960-S or 2960-C switches have coarse wavelength-division multiplexing (CWDM) fiber-optic SFP modules installed. Depending on the CWDM SFP module, data is sent at wavelengths from 1470 to 1610 nm. The higher the wavelength, the farther the transmission can travel. A common wavelength used for long-distance transmissions is 1550 nm.

Describes a configuration for 8 Gb/s data over single fiber-optic cable using CWDM SFP modules.

Where to Go Next

Before configuring the switch, review these sections for startup information:

Suggests reviewing sections for startup information before configuring the switch.

Chapter 2, “Using the Command-Line Interface”

References Chapter 2 for information on using the command-line interface.

Chapter 3, “Assigning the Switch IP Address and Default Gateway”

References Chapter 3 for assigning switch IP address and default gateway.

CHAPTER 2

Using the Command-Line Interface

Describes the Cisco IOS command-line interface (CLI) and its usage for switch configuration.

Understanding Command Modes

When you start a session on the switch, you begin in user mode, often called user EXEC mode. Only a limited subset of the commands are available in user EXEC mode. For example, most of the user EXEC commands are one-time commands, such as show commands, which show the current configuration status, and clear commands, which clear counters or interfaces. The user EXEC commands are not saved when the switch reboots.

Explains user EXEC mode, its limited commands, and that they are not saved on reboot.

To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a password to enter privileged EXEC mode. From this mode, you can enter any privileged EXEC command or enter global configuration mode.

Describes privileged EXEC mode access via password and its capability to enter global configuration mode.

Using the configuration modes (global, interface, and line), you can make changes to the running configuration. If you save the configuration, these commands are stored and used when the switch reboots. To access the various configuration modes, you must start at global configuration mode. From global configuration mode, you can enter interface configuration mode and line configuration mode.

Explains using configuration modes (global, interface, line) to change running configuration, which is saved upon reboot.

Understanding the Help System

You can enter a question mark (?) at the system prompt to display a list of commands available for each command mode. You can also obtain a list of associated keywords and arguments for any command, as shown in Table 2-2.

Explains using the question mark (?) at the prompt to display commands, keywords, and arguments.

Understanding Abbreviated Commands

You need to enter only enough characters for the switch to recognize the command as unique. This example shows how to enter the show configuration privileged EXEC command in an abbreviated form:

Explains that only enough characters are needed to uniquely identify a command.

Understanding no and default Forms of Commands

Almost every configuration command also has a no form. In general, use the no form to disable a feature or function or reverse the action of a command. For example, the no shutdown interface configuration command reverses the shutdown of an interface. Use the command without the keyword no to re-enable a disabled feature or to enable a feature that is disabled by default.

Explains the 'no' form of commands to disable features or reverse actions, and the default form to return to defaults.

Configuration commands can also have a default form. The default form of a command returns the command setting to its default. Most commands are disabled by default, so the default form is the same as the no form. However, some commands are enabled by default and have variables set to certain default values. In these cases, the default command enables the command and sets variables to their default values.

Details the 'default' form of commands to return settings to their defaults.

Understanding CLI Error Messages

Table 2-3 lists some error messages that you might encounter while using the CLI to configure your switch.

Lists common CLI error messages encountered during switch configuration.

Using Configuration Logging

You can log and view changes to the switch configuration. You can use the Configuration Change Logging and Notification feature to track changes on a per-session and per-user basis. The logger tracks each configuration command that is applied, the user who entered the command, the time that the

Explains how to log and view switch configuration changes using the Configuration Change Logging and Notification feature.

Using Command History

The software provides a history or record of commands that you have entered. The command history feature is particularly useful for recalling long or complex commands or entries, including access lists. You can customize this feature to suit your needs as described in these sections:

Describes the command history feature for recalling commands and customizing it to user needs.

Recalling Commands

To recall commands from the history buffer, perform one of the actions listed in Table 2-4. These actions are optional.

Describes how to recall commands from the history buffer using listed actions.

Disabling the Command History Feature

The command history feature is automatically enabled. You can disable it for the current terminal session or for the command line. These procedures are optional.

Explains that command history is enabled by default and can be disabled for terminal session or command line.

Using Editing Features

This section describes the editing features that can help you manipulate the command line. It contains these sections:

Describes editing features for manipulating the command line.

Enabling and Disabling Editing Features

Although enhanced editing mode is automatically enabled, you can disable it, re-enable it, or configure a specific line to have enhanced editing. These procedures are optional.

Explains how to disable, re-enable, or configure enhanced editing mode globally or per line.

Editing Commands through Keystrokes

Table 2-5 shows the keystrokes that you need to edit command lines. These keystrokes are optional.

Lists keystrokes for editing command lines.

Chapter 2 Using the Command-Line Interface

Searching and Filtering Output of show and more Commands

Explains how to search and filter output of show and more commands.

Accessing the CLI

Describes accessing the CLI via console, Telnet, or browser for managing switch stacks.

Accessing the CLI

You manage the switch stack and the stack member interfaces through the stack master. You cannot manage stack members on an individual switch basis. You can connect to the stack master through the console port of one or more stack members. Be careful with using multiple CLI sessions to the stack master. Commands that you enter in one session are not displayed in the other sessions. Therefore, it is possible to lose track of the session from which you entered commands.

Accessing the CLI through a Console Connection or through Telnet

Before you can access the CLI, you must connect a terminal or PC to the switch console port and power on the switch, as described in the getting started guide that shipped with your switch. Then, to understand the boot process and the options available for assigning IP information, see Chapter 3, “Assigning the Switch IP Address and Default Gateway.”

Details CLI access via console port or Telnet after connecting terminal/PC and powering on the switch.

If your switch is already configured, you can access the CLI through a local console connection or through a remote Telnet session, but your switch must first be configured for this type of access. For more information, see the “Setting a Telnet Password for a Terminal Line” section on page 9-6.

Use any Telnet TCP/IP or encrypted Secure Shell (SSH) package from a remote management station. The switch must have network connectivity with the Telnet or SSH client, and the switch must have an enable secret password configured.

CHAPTER 3

Assigning the Switch IP Address and Default Gateway

Describes configuring initial switch settings like IP address and default gateway.

Assigning Switch Information

You can assign IP information through the switch setup program, through a DHCP server, or manually.

Explains assigning IP information via setup program, DHCP server, or manually.

Use the switch setup program if you want to be prompted for specific IP information. With this program, you can also configure a hostname and an enable secret password. It gives you the option of assigning a Telnet password (to provide security during remote management) and configuring your switch as a command or member switch of a cluster or as a standalone switch. For more information about the setup program, see the hardware installation guide.

Recommends setup program for prompted IP info, hostname, enable secret, Telnet password, and cluster/standalone config.

Use a DHCP server for centralized control and automatic assignment of IP information after the server is configured.

Understanding DHCP-Based Autoconfiguration, page 3-3

Manually Assigning IP Information, page 3-14

Understanding DHCP-Based Autoconfiguration

DHCP provides configuration information to Internet hosts and internetworking devices. This protocol consists of two components: one for delivering configuration parameters from a DHCP server to a device and a mechanism for allocating network addresses to devices. DHCP is built on a client-server model, in which designated DHCP servers allocate network addresses and deliver configuration parameters to dynamically configured devices. The switch can act as both a DHCP client and a DHCP server.

During DHCP-based autoconfiguration, your switch (DHCP client) is automatically configured at startup with IP address information and a configuration file.

However, you need to configure the DHCP server for various lease options associated with IP addresses. If you are using DHCP to relay the configuration file location on the network, you might also need to configure a Trivial File Transfer Protocol (TFTP) server and a Domain Name System (DNS) server.

DHCP Client Request Process

When you boot up your switch, the DHCP client is invoked and requests configuration information from a DHCP server when the configuration file is not present on the switch. If the configuration file is present and the configuration includes the ip address dhcp interface configuration command on specific routed interfaces, the DHCP client is invoked and requests the IP address information for those interfaces.

The client, Switch A, broadcasts a DHCPDISCOVER message to locate a DHCP server. The DHCP server offers configuration parameters (such as an IP address, subnet mask, gateway IP address, DNS IP address, a lease for the IP address, and so forth) to the client in a DHCPOFFER unicast message.

The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK unicast message to the client. With this message, the client and server are bound, and the client uses configuration information received from the server. The amount of information the switch receives depends on how you configure the DHCP server. For more information, see the “Configuring the TFTP Server” section on page 3-7.

Understanding DHCP-based Autoconfiguration and Image Update

You can use the DHCP image upgrade features to configure a DHCP server to download both a new image and a new configuration file to one or more switches in a network. This helps ensure that each new switch added to a network receives the same image and configuration.

Explains using DHCP for upgrading image and configuration on multiple switches.

DHCP Autoconfiguration

DHCP autoconfiguration downloads a configuration file to one or more switches in your network from a DHCP server. The downloaded configuration file becomes the running configuration of the switch. It does not over write the bootup configuration saved in the flash, until you reload the switch.

DHCP Auto-Image Update

You can use DHCP auto-image upgrade with DHCP autoconfiguration to download both a configuration and a new image to one or more switches in your network. The switch (or switches) downloading the new configuration and the new image can be blank (or only have a default factory configuration loaded).

Configuring DHCP-Based Autoconfiguration

DHCP Server Configuration Guidelines, page 3-6

Provides DHCP server configuration guidelines.

Configuring the TFTP Server, page 3-7

Configuring the DNS, page 3-7

Configuring the Relay Device, page 3-7

Example Configuration, page 3-9

DHCP Server Configuration Guidelines

You should configure the DHCP server with reserved leases that are bound to each switch by the switch hardware address.

The switch can act as a DHCP server. By default, the Cisco IOS DHCP server and relay agent features are enabled on your switch but are not configured. These features are not operational. If your DHCP server is a Cisco device, for additional information about configuring DHCP, see the “Configuring DHCP” section of the “IP Addressing and Services” section of the Cisco IOS IP Configuration Guide on Cisco.com.

Configuring the TFTP Server

Based on the DHCP server configuration, the switch attempts to download one or more configuration files from the TFTP server. If you configured the DHCP server to respond to the switch with all the options required for IP connectivity to the TFTP server, and if you configured the DHCP server with a TFTP server name, address, and configuration filename, the switch attempts to download the specified configuration file from the specified TFTP server.

For the switch to successfully download a configuration file, the TFTP server must contain one or more configuration files in its base directory. The files can include these files:

Configuring the DNS

The DHCP server uses the DNS server to resolve the TFTP server name to an IP address. You must configure the TFTP server name-to-IP address map on the DNS server. The TFTP server contains the configuration files for the switch.

Configuring the Relay Device

You must configure a relay device, also referred to as a relay agent, when a switch sends broadcast packets that require a response from a host on a different LAN. Examples of broadcast packets that the switch might send are DHCP, DNS, and in some cases, TFTP packets. You must configure this relay device to forward received broadcast packets on an interface to the destination host.

Example Configuration

Figure 3-3 shows a sample network for retrieving IP information by using DHCP-based autoconfiguration.

TFTP Server Configuration (on UNIX)

The TFTP server base directory is set to /tftpserver/work/. This directory contains the network-confg file used in the two-file read method. This file contains the hostname to be assigned to the switch based on its IP address. The base directory also contains a configuration file for each switch (switcha-confg, switchb-confg, and so forth) as shown in this display:

Configuring DHCP Autoconfiguration (Only Configuration File)

Beginning in privileged EXEC mode, follow these steps to configure DHCP autoconfiguration of the TFTP and DHCP settings on a new switch to download a new configuration file.

Details steps to configure DHCP autoconfiguration for TFTP/DHCP settings on a new switch.

This example shows how to configure a switch as a DHCP server so it downloads a configuration file:

Configuring the Client

This example uses a Layer 3 SVI interface on VLAN 99 to enable DHCP-based autoconfiguration with a saved configuration:

Manually Assigning IP Information

Beginning in privileged EXEC mode, follow these steps to manually assign IP information to multiple switched virtual interfaces (SVIs):

Details steps to manually assign IP information to multiple switched virtual interfaces (SVIs).

To remove the switch IP address, use the no ip address interface configuration command. If you are removing the address through a Telnet session, your connection to the switch will be lost. To remove the default gateway address, use the no ip default-gateway global configuration command.

Checking and Saving the Running Configuration

You can check the configuration settings that you entered or changes that you made by entering this privileged EXEC command:

Describes checking entered configuration settings or changes via privileged EXEC command.

To store the configuration or changes you have made to your startup configuration in flash memory, enter this privileged EXEC command:

Explains storing configuration or changes to startup configuration in flash memory.

Configuring the NVRAM Buffer Size

The default NVRAM buffer size is 512 KB. In some cases, the configuration file might be too large to save to NVRAM. Typically, this occurs when you have many switches in a switch stack. You can configure the size of the NVRAM buffer to support larger configuration files. The new NVRAM buffer size is synced to all current and new member switches.

Modifying the Startup Configuration

These sections describe how to modify the switch startup configuration:

Default Boot Configuration

The switch attempts to automatically boot up the system using information in the BOOT environment variable. If the variable is not set, the switch attempts to load and execute the first executable image it can by performing a recursive, depth-first search throughout the flash file system.

Automatically Downloading a Configuration File

You can automatically download a configuration file to your switch by using the DHCP-based autoconfiguration feature. For more information, see the “Understanding DHCP-Based Autoconfiguration” section on page 3-3.

Describes automatic configuration file download using DHCP-based autoconfiguration.

Specifying the Filename to Read and Write the System Configuration

By default, the Cisco IOS software uses the file config.text to read and write a nonvolatile copy of the system configuration. However, you can specify a different filename, which will be loaded during the next boot-up cycle.

Booting Manually

By default, the switch automatically boots up; however, you can configure it to manually boot up.

Booting a Specific Software Image

By default, the switch attempts to automatically boot up the system using information in the BOOT environment variable. If this variable is not set, the switch attempts to load and execute the first executable image it can by performing a recursive, depth-first search throughout the flash file system. In a depth-first search of a directory, each encountered subdirectory is completely searched before continuing the search in the original directory. However, you can specify a specific image to boot up.

Explains default automatic boot process using BOOT variable or flash search, and how to specify a particular image.

Controlling Environment Variables

With a normally operating switch, you enter the boot loader mode only through a switch console connection configured for 9600 b/s. Unplug the switch power cord, and press the switch Mode button while reconnecting the power cord. You can release the Mode button a second or two after the LED above port 1 turns off. Then the boot loader switch: prompt appears.

The switch boot loader software provides support for nonvolatile environment variables, which can be used to control how the boot loader, or any other software running on the system, behaves. Boot loader environment variables are similar to environment variables that can be set on UNIX or DOS systems.

Scheduling a Reload of the Software Image

You can schedule a reload of the software image to occur on the switch at a later time (for example, late at night or during the weekend when the switch is used less), or you can synchronize a reload network-wide (for example, to perform a software upgrade on all switches in the network).

Describes scheduling software image reloads for later times or network-wide synchronization.

Configuring a Scheduled Reload

To configure your switch to reload the software image at a later time, use one of these commands in privileged EXEC mode:

Details commands to configure software image reload at a later time in privileged EXEC mode.

Displaying Scheduled Reload Information

To display information about a previously scheduled reload or to find out if a reload has been scheduled on the switch, use the show reload privileged EXEC command.

CHAPTER 4

Configuring Cisco IOS Configuration Engine

Describes configuring Cisco IOS Configuration Engine feature on Catalyst switches.

Understanding Cisco Configuration Engine Software

The Cisco Configuration Engine is network management software that acts as a configuration service for automating the deployment and management of network devices and services (see Figure 4-1). Each Configuration Engine manages a group of Cisco devices (switches and routers) and the services that they deliver, storing their configurations and delivering them as needed. The Configuration Engine automates initial configurations and configuration updates by generating device-specific configuration changes, sending them to the device, executing the configuration change, and logging the results.

Defines Cisco Configuration Engine as network management software for automating deployment and management.

Configuration Service

The Configuration Service is the core component of the Cisco Configuration Engine. It consists of a configuration server that works with Cisco IOS CNS agents on the switch. The Configuration Service delivers device and service configurations to the switch for initial configuration and mass reconfiguration by logical groups. Switches receive their initial configuration from the Configuration Service when they start up on the network for the first time.

Defines Configuration Service as core component working with Cisco IOS CNS agents for device configurations.

The configuration server is a web server that uses configuration templates and the device-specific configuration information stored in the embedded (standalone mode) or remote (server mode) directory. Configuration templates are text files containing static configuration information in the form of CLI commands. In the templates, variables are specified using Lightweight Directory Access Protocol (LDAP) URLs that reference the device-specific configuration information stored in a directory.

Event Service

The Cisco Configuration Engine uses the Event Service for receipt and generation of configuration events. The event agent is on the switch and facilitates the communication between the switch and the event gateway on the Configuration Engine.

NameSpace Mapper

The Configuration Engine includes the NameSpace Mapper (NSM) that provides a lookup service for managing logical groups of devices based on application, device or group ID, and event.

Cisco IOS devices recognize only event subject-names that match those configured in Cisco IOS software; for example, cisco.cns.config.load. You can use the namespace mapping service to designate events by using any desired naming convention. When you have populated your data store with your subject names, NSM changes your event subject-name strings to those known by Cisco IOS.

What You Should Know About the CNS IDs and Device Hostnames

The Configuration Engine assumes that a unique identifier is associated with each configured switch. This unique identifier can take on multiple synonyms, where each synonym is unique within a particular namespace. The event service uses namespace content for subject-based addressing of messages.

ConfigID

Each configured switch has a unique ConfigID, which serves as the key into the Configuration Engine directory for the corresponding set of switch CLI attributes. The ConfigID defined on the switch must match the ConfigID for the corresponding switch definition on the Configuration Engine.

Defines ConfigID as unique key into Configuration Engine directory for switch CLI attributes.

DeviceID

Each configured switch participating on the event bus has a unique DeviceID, which is analogous to the switch source address so that the switch can be targeted as a specific destination on the bus. All switches configured with the cns config partial global configuration command must access the event bus. Therefore, the DeviceID, as originated on the switch, must match the DeviceID of the corresponding switch definition in the Configuration Engine.

Hostname and DeviceID

The DeviceID is fixed at the time of the connection to the event gateway and does not change even when the switch hostname is reconfigured.

Configuring Cisco IOS Agents

The Cisco IOS agents embedded in the switch Cisco IOS software allow the switch to be connected and automatically configured as described in the “Enabling Automated CNS Configuration” section on page 4-6. If you want to change the configuration or install a custom configuration, see these sections for instructions:

Explains Cisco IOS agents allow automatic configuration; see sections for changing or custom configurations.

Enabling the CNS Event Agent, page 4-7

Enabling the Cisco IOS CNS Agent, page 4-9

Enabling Automated CNS Configuration

To enable automated CNS configuration of the switch, you must first complete the prerequisites in Table 4-1. When you complete them, power on the switch. At the setup prompt, do nothing: The switch begins the initial configuration as described in the “Initial Configuration” section on page 4-5. When the full configuration file is loaded on your switch, you need to do nothing else.

Guides to enable automated CNS configuration by completing prerequisites and powering on the switch.

Table 4-1 Prerequisites for Enabling Automatic Configuration

Required Configuration

Specifies the required configuration for automatic setup.

Enabling the CNS Event Agent

You must enable the CNS event agent on the switch before you enable the CNS configuration agent.

Incremental (Partial) Configuration

After the network is running, new services can be added by using the Cisco IOS agent. Incremental (partial) configurations can be sent to the switch. The actual configuration can be sent as an event payload by way of the event gateway (push operation) or as a signal event that triggers the switch to initiate a pull operation.

The switch can check the syntax of the configuration before applying it. If the syntax is correct, the switch applies the incremental configuration and publishes an event that signals success to the configuration server. If the switch does not apply the incremental configuration, it publishes an event showing an error status. When the switch has applied the incremental configuration, it can write it to NVRAM or wait until signaled to do so.

Synchronized Configuration

When the switch receives a configuration, it can defer application of the configuration upon receipt of a write-signal event. The write-signal event tells the switch not to save the updated configuration into its NVRAM. The switch uses the updated configuration as its running configuration. This ensures that the switch configuration is synchronized with other network activities before saving the configuration in NVRAM for use at the next reboot.

Enabling an Initial Configuration

Beginning in privileged EXEC mode, follow these steps to enable the CNS configuration agent and initiate an initial configuration on the switch:

Details steps to enable CNS configuration agent and initiate initial configuration in privileged EXEC mode.

CHAPTER 5

Administering the Switch

Describes one-time operations for administering Catalyst 2960, 2960-S, or 2960-C switches.

Identifying the Switch Image

The Catalyst 2960 and 2960-S switches run one of these images:

States Catalyst 2960/2960-S switches run LAN base or LAN Lite images.

The LAN base software image provides enterprise-class intelligent services such as access control lists (ACLs) and quality of service (QoS) features. On a Catalyst 2960-S switch, stacking is also supported.

Describes LAN base image features: ACLs, QoS, and stacking support on 2960-S.

Managing the System Time and Date

You can manage the system time and date on your switch using automatic configuration, such as the Network Time Protocol (NTP), or manual configuration methods.

Explains managing system time and date via automatic (NTP) or manual configuration.

Understanding the System Clock, page 5-2

Understanding Network Time Protocol, page 5-3

Configuring Time and Date Manually, page 5-5

Understanding the System Clock

The heart of the time service is the system clock. This clock runs from the moment the system starts up and keeps track of the date and time.

Understanding Network Time Protocol

The NTP is designed to time-synchronize a network of devices. NTP runs over User Datagram Protocol (UDP), which runs over IP. NTP is documented in RFC 1305.

The time kept on a device is a critical resource; you should use the security features of NTP to avoid the accidental or malicious setting of an incorrect time. Two mechanisms are available: an access list-based restriction scheme and an encrypted authentication mechanism.

NTP Version 4

NTP version 4 is implemented on the switch. NTPv4 is an extension of NTP version 3. NTPv4 supports both IPv4 and IPv6 and is backward-compatible with NTPv3.

Configuring Time and Date Manually

If no other source of time is available, you can manually configure the time and date after the system is restarted. The time remains accurate until the next system restart. We recommend that you use manual configuration only as a last resort. If you have an outside source to which the switch can synchronize, you do not need to manually set the system clock.

Describes manual time and date configuration after system restart, recommending it as a last resort.

Setting the System Clock

If you have an outside source on the network that provides time services, such as an NTP server, you do not need to manually set the system clock.

Configuring a System Name and Prompt

You configure the system name on the switch to identify it. By default, the system name and prompt are Switch.

Understanding the DNS

The DNS protocol controls the Domain Name System (DNS), a distributed database with which you can map hostnames to IP addresses. When you configure DNS on your switch, you can substitute the hostname for the IP address with all IP commands, such as ping, telnet, connect, and related Telnet support operations.

Default System Name and Prompt Configuration

The default switch system name and prompt is Switch.

Configuring a System Name

Beginning in privileged EXEC mode, follow these steps to manually configure a system name:

Details steps to manually configure a system name in privileged EXEC mode.

CHAPTER 6

Clustering Switches

Provides concepts and procedures for creating and managing Catalyst 2960, 2960-S, or 2960-C switch clusters.

Understanding Switch Clusters

A switch cluster is a set of up to 16 connected, cluster-capable Catalyst switches that are managed as a single entity. The switches in the cluster use the switch clustering technology so that you can configure and troubleshoot a group of different Catalyst desktop switch platforms through a single IP address.

Defines switch cluster as set of up to 16 connected, cluster-capable switches managed via single IP address.

In a switch cluster, 1 switch must be the cluster command switch and up to 15 other switches can be cluster member switches. The total number of switches in a cluster cannot exceed 16 switches. The cluster command switch is the single point of access used to configure, manage, and monitor the cluster member switches. Cluster members can belong to only one cluster at a time.

Explains switch cluster structure: 1 command switch, up to 15 members, total 16 switches, single access point.

Management of Catalyst switches regardless of their interconnection media and their physical locations. The switches can be in the same location, or they can be distributed across a Layer 2 or Layer 3 (if your cluster is using a Catalyst 3550, Catalyst 3560, or Catalyst 3750 switch as a Layer 3 router between the Layer 2 switches in the cluster) network.

Command-switch redundancy if a cluster command switch fails. One or more switches can be designated as standby cluster command switches to avoid loss of contact with cluster members. A cluster standby group is a group of standby cluster command switches.

Management of a variety of Catalyst switches through a single IP address. This conserves on IP addresses, especially if you have a limited number of them. All communication with the switch cluster is through the cluster command switch IP address.

Cluster Command Switch Characteristics

A cluster command switch must meet these requirements:

Lists requirements for a cluster command switch.

Standby Cluster Command Switch Characteristics

A standby cluster command switch must meet these requirements:

Lists requirements for a standby cluster command switch.

Candidate Switch and Cluster Member Switch Characteristics

Candidate switches are cluster-capable switches and switch stacks that have not yet been added to a cluster. Cluster member switches are switches and switch stacks that have actually been added to a switch cluster. Although not required, a candidate or cluster member switch can have its own IP address and password (for related considerations, see the “IP Addresses” section on page 6-12 and “Passwords” section on page 6-13).

Planning a Switch Cluster

Anticipating conflicts and compatibility issues is a high priority when you manage several switches through a cluster. This section describes these guidelines, requirements, and caveats that you should understand before you create the cluster:

Emphasizes anticipating conflicts and compatibility issues before creating a cluster.

Automatic Discovery of Cluster Candidates and Members, page 6-5

Automatic Discovery of Cluster Candidates and Members

The cluster command switch uses Cisco Discovery Protocol (CDP) to discover cluster member switches, candidate switches, neighboring switch clusters, and edge devices across multiple VLANs and in star or cascaded topologies.

Explains cluster command switch uses CDP for discovering member switches, candidates, and devices across VLANs.

Discovery Through CDP Hops

By using CDP, a cluster command switch can discover switches up to seven CDP hops away (the default is three hops) from the edge of the cluster. The edge of the cluster is where the last cluster member switches are connected to the cluster and to candidate switches. For example, cluster member switches 9 and 10 in Figure 6-1 are at the edge of the cluster.

Discovery Through Non-CDP-Capable and Noncluster-Capable Devices

If a cluster command switch is connected to a non-CDP-capable third-party hub (such as a non-Cisco hub), it can discover cluster-enabled devices connected to that third-party hub. However, if the cluster command switch is connected to a noncluster-capable Cisco device, it cannot discover a cluster-enabled device connected beyond the noncluster-capable Cisco device.

Discovery Through Different VLANs

If the cluster command switch is a Catalyst 2970, Catalyst 3550, Catalyst 3560, or Catalyst 3750 switch, the cluster can have cluster member switches in different VLANs. As cluster member switches, they must be connected through at least one VLAN in common with the cluster command switch. The cluster command switch in Figure 6-3 has ports assigned to VLANs 9, 16, and 62 and therefore discovers the switches in those VLANs. It does not discover the switch in VLAN 50. It also does not discover the switch in VLAN 16 in the first column because the cluster command switch has no VLAN connectivity to it.

Discovery Through Different Management VLANs

Catalyst 2970, Catalyst 3550, Catalyst 3560, or Catalyst 3750 cluster command switches can discover and manage cluster member switches in different VLANs and different management VLANs. As cluster member switches, they must be connected through at least one VLAN in common with the cluster command switch. They do not need to be connected to the cluster command switch through their management VLAN. The default management VLAN is VLAN 1.

Discovery of Newly Installed Switches

To join a cluster, the new, out-of-the-box switch must be connected to the cluster through one of its access ports. An access port carries the traffic of and belongs to only one VLAN. By default, the new switch and its access ports are assigned to VLAN 1.

HSRP and Standby Cluster Command Switches

The switch uses Hot Standby Router Protocol (HSRP) so that you can configure a group of standby cluster command switches. Because a cluster command switch manages the forwarding of all communication and configuration information to all the cluster member switches, we strongly recommend the following:

Explains switch uses HSRP for standby cluster command switches and recommends specific actions.

Virtual IP Addresses

You need to assign a unique virtual IP address and group number and name to the cluster standby group. This information must be configured on a specific VLAN or routed port on the active cluster command switch. The active cluster command switch receives traffic destined for the virtual IP address. To manage the cluster, you must access the active cluster command switch through the virtual IP address, not through the command-switch IP address. This is in case the IP address of the active cluster command switch is different from the virtual IP address of the cluster standby group.

Details assigning unique virtual IP address, group number, and name to cluster standby group on active command switch.

If the active cluster command switch fails, the standby cluster command switch assumes ownership of the virtual IP address and becomes the active cluster command switch. The passive switches in the cluster standby group compare their assigned priorities to decide the new standby cluster command switch. The passive standby switch with the highest priority then becomes the standby cluster command switch. When the previously active cluster command switch becomes active again, it resumes its role as the active cluster command switch, and the current active cluster command switch becomes the standby cluster command switch again. For more information about IP address in switch clusters, see the “IP Addresses” section on page 6-12.

Other Considerations for Cluster Standby Groups

Standby cluster command switches must be the same type of switches as the cluster command switch. For example, if the cluster command switch is a Catalyst 2960 switch, the standby cluster command switches must also be Catalyst 2960 switches. If the cluster command switch is a Catalyst 2960-S switch, the standby cluster command switches must also be Catalyst 2960-S switches. Refer to the switch configuration guide of other cluster-capable switches for their requirements on standby cluster command switches.

CHAPTER 7

Managing Switch Stacks

Provides concepts and procedures for managing Catalyst 2960-S stacks (Cisco FlexStacks).

Understanding Stacks

A switch stack is a set of up to four Catalyst 2960-S switches connected through their stack ports. One of the switches controls the operation of the stack and is called the stack master. The stack master and the other switches in the stack are stack members. Layer 2 protocol presents the entire switch stack as a single entity to the network.

Defines switch stack as set of up to four Catalyst 2960-S switches connected via stack ports, managed by stack master.

The master is the single point of stack-wide management. From the master, you configure:

Stack Membership

A standalone switch is a stack with one member that is also the master. You can connect one standalone switch to another (Figure 7-1 on page 7-4) to create a stack containing two stack members, with one of them as the master. You can connect standalone switches to an existing stack (Figure 7-2 on page 7-4) to increase the stack membership.

If you replace a stack member with an identical model, the new switch functions with the same configuration as the replaced switch (assuming that the new switch is using the same member number as the replaced switch). For information about the benefits of provisioning a switch stack, see the “Stack Offline Configuration” section on page 7-7. For information about replacing a failed switch, see the “Troubleshooting” chapter in the hardware installation guide.

Master Election

The stack master is elected based on one of these factors in the order listed:

Explains stack master election based on factors in listed order.

Stack MAC Address

The MAC address of the master determines the stack MAC address.

When the stack initializes, the MAC address of the master determines the bridge ID that identifies the stack in the network.

If the master changes, the MAC address of the new master determines the new bridge ID. However, when the persistent MAC address feature is enabled, there is an approximate 4-minute delay before the stack MAC address changes. During this time period, if the previous master rejoins the stack, the stack continues to use its MAC address as the stack MAC address, even if the switch is now a member and not a master. If the previous master does not rejoin the stack during this period, the stack takes the MAC address of the new stack master as the stack MAC address. See the “Enabling Persistent MAC Address” section on page 7-17 for more information.

Member Numbers

The member number (1 to 4) identifies each member in the stack. The member number also determines the interface-level configuration that a member uses.

Stack Offline Configuration

You can use the offline configuration feature to provision (to configure) a new switch before it joins the stack. You can configure the member number, the switch type, and the interfaces associated with a switch that is not yet part of the stack. That configuration is the provisioned configuration. The switch to be added to the stack and to get this configuration is the provisioned switch.

Explains offline configuration feature to provision new switch (member number, type, interfaces) before stack join.

The provisioned configuration is automatically created when a switch is added to a stack and when no provisioned configuration exists. You can manually create the provisioned configuration by using the switch stack-member-number provision type global configuration command.

Effects of Adding a Provisioned Switch to a Stack

When you add a provisioned switch to the switch stack, the stack applies either the provisioned configuration or the default configuration to it. Table 7-1 lists the events that occur when the switch stack compares the provisioned configuration with the provisioned switch.

Explains stack applies provisioned or default config when adding provisioned switch; Table 7-1 lists events.

Effects of Removing a Provisioned Switch from a Stack

If you remove a provisioned switch from the switch stack, the configuration associated with the removed stack member remains in the running configuration as provisioned information. To completely remove the configuration, use the no switch stack-member-number provision global configuration command.

Stack Software Compatibility Recommendations

All stack members must run the same Cisco IOS software version to ensure compatibility in the stack protocol version among the members.

States all stack members must run the same Cisco IOS software version for stack protocol compatibility.

Stack Protocol Version Compatibility

Switches with the same Cisco IOS software version have the same stack protocol version. All features function properly across the stack. These switches with the same software version as the master immediately join the stack.

Major Version Number Incompatibility Among Switches

Switches with different Cisco IOS software versions likely have different stack protocol versions. Switches with different major version numbers are incompatible and cannot exist in the same stack.

States switches with different IOS versions likely have different stack protocol versions; major version differences cause incompatibility.

Minor Version Number Incompatibility Among Switches

Switches with the same major version number but with a different minor version number as the master are considered partially compatible. When connected to a stack, a partially compatible switch enters version-mismatch mode and cannot join the stack as a fully functioning member. The software detects the mismatched software and tries to upgrade (or downgrade) the switch in version-mismatch mode with the stack image or with a tar file image from the stack flash memory. The software uses the automatic upgrade (auto-upgrade) and the automatic advise (auto-advise) features.

Describes partial compatibility with different minor versions, entering version-mismatch mode, and software upgrade/downgrade process.

Understanding Auto-Upgrade and Auto-Advise

When the software detects mismatched software and tries to upgrade the switch in version-mismatch mode, two software processes are involved: automatic upgrade and automatic advise.

The automatic upgrade (auto-upgrade) process includes an auto-copy process and an auto-extract process. By default, auto-upgrade is enabled (the boot auto-copy-sw global configuration command is enabled). You can disable auto-upgrade by using the no boot auto-copy-sw global configuration command on the master. You can check the status of auto-upgrade by using the show boot privileged EXEC command and by checking the Auto upgrade line in the display.

Details auto-upgrade process (auto-copy, auto-extract), enabled by default, and how to check status.

Auto-copy automatically copies the software image running on any member to the switch in version-mismatch mode to upgrade (auto-upgrade) it. Auto-copy occurs if auto-upgrade is enabled, if there is enough flash memory in the switch in version-mismatch mode, and if the software image running on the stack is suitable for the switch in version-mismatch mode.

Automatic extraction (auto-extract) occurs when the auto-upgrade process cannot find the appropriate software in the stack to copy to the switch in version-mismatch mode. In that case, the auto-extract process searches all switches in the stack, whether they are in version-mismatch mode or not, for the tar file needed to upgrade the switch stack or the switch in version-mismatch mode. The tar file can be in any flash file system in the stack (including the switch in version-mismatch mode). If a tar file suitable for the switch in version-mismatch mode is found, the process extracts the file and automatically upgrades that switch.

Automatic advise (auto-advise)—when the auto-upgrade process cannot find appropriate version-mismatch member software to copy to the switch in version-mismatch mode, the auto-advise process tells you the command (archive copy-sw or archive download-sw privileged EXEC command) and the image name (tar filename) needed to manually upgrade the switch stack or the switch in version-mismatch mode. The recommended image can be the running stack image or a tar file in any flash file system in the stack (including the switch in version-mismatch mode). If an appropriate image is not found in the stack flash file systems, the auto-advise process tells you to install new software on the stack. Auto-advise cannot be disabled, and there is no command to check its status.

Stack Configuration Files

The master has the saved and running configuration files for the stack. All members periodically receive synchronized copies of the configuration files from the master. If the master becomes unavailable, any member assuming the role of master has the latest configuration files.

Explains master holds saved/running configs; members sync copies. If master fails, new master gets latest configs.

System-level (global) configuration settings—such as IP, STP, VLAN, and SNMP settings—that apply to all members

Member interface-specific configuration settings, which are specific for each member

Stack Management Connectivity

You manage the stack and the member interfaces through the master. You can use the CLI, SNMP, Network Assistant, and CiscoWorks network management applications. You cannot manage members as individual switches.

Explains stack management via master using CLI, SNMP, Network Assistant, CiscoWorks; cannot manage members individually.

Stack Through an IP Address, page 7-15

Stack Through an SSH Session, page 7-15

Stack Through Console Ports, page 7-15

Stack Through an IP Address

The stack is managed through a system-level IP address. You can still manage the stack through the same IP address even if you remove the master or any other stack member from the stack, provided there is IP connectivity.

States stack managed via system-level IP address, even after master removal, if IP connectivity exists.

Stack Through an SSH Session

The Secure Shell (SSH) connectivity to the stack can be lost if a master running the cryptographic version fails and is replaced by a switch that is running a noncryptographic version. We recommend that a switch running the cryptographic version of the software be the master.

Warns SSH connectivity loss if master fails and replaced by non-crypto version; recommends crypto version as master.

Stack Through Console Ports

You can connect to the master through the console port of one or more members.

Specific Members

If you want to configure a specific member port, you must include the stack member number in the CLI notation.

Configuring the Switch Stack

Default Switch Stack Configuration, page 7-17

Provides default switch stack configuration.

Enabling Persistent MAC Address, page 7-17

Assigning Stack Member Information, page 7-20

Enabling Persistent MAC Address

The MAC address of the master determines the stack MAC address. When a master is removed from the stack and a new master takes over, the MAC address of the new master to become the new stack MAC address. However, you can set the persistent MAC address feature with a time delay before the stack MAC address changes. During this time period, if the previous master rejoins the stack, the stack continues to use that MAC address as the stack MAC address.

Explains MAC address of master determines stack MAC address; persistent feature uses time delay before change.

Related product manuals