Software Configuration Guide
Page 6
... Different Management VLANs 5-7 Discovery Through Routed Ports 5-8 Discovery of Newly Installed Switches 5-9 HSRP and Standby Cluster Command Switches 5-10 Virtual IP Addresses 5-11 Other Considerations for Cluster Standby Groups 5-11 Automatic Recovery of Cluster Configuration 5-12 IP Addresses 5-13 Host Names 5-13 Passwords 5-14 SNMP Community Strings 5-14 TACACS+ and RADIUS 5-14 Access Modes...
... Different Management VLANs 5-7 Discovery Through Routed Ports 5-8 Discovery of Newly Installed Switches 5-9 HSRP and Standby Cluster Command Switches 5-10 Virtual IP Addresses 5-11 Other Considerations for Cluster Standby Groups 5-11 Automatic Recovery of Cluster Configuration 5-12 IP Addresses 5-13 Host Names 5-13 Passwords 5-14 SNMP Community Strings 5-14 TACACS+ and RADIUS 5-14 Access Modes...
Software Configuration Guide
Page 8
...Configuring Switch-Based Authentication 8-1 Preventing Unauthorized Access to Your Switch 8-1 Protecting Access to Privileged EXEC Commands 8-2 Default Password and Privilege Level Configuration 8-2 Setting or Changing a Static Enable Password 8-3 Protecting Enable and Enable Secret Passwords with Encryption 8-4 Disabling Password Recovery 8-5 Setting a Telnet Password for a Terminal Line 8-6 Configuring Username and Password Pairs...Network Services 8-16 Starting TACACS+ Accounting 8-17 Displaying the TACACS+ Configuration 8-17 Catalyst 3560 Switch Software Configuration Guide viii 78-16156-01
...Configuring Switch-Based Authentication 8-1 Preventing Unauthorized Access to Your Switch 8-1 Protecting Access to Privileged EXEC Commands 8-2 Default Password and Privilege Level Configuration 8-2 Setting or Changing a Static Enable Password 8-3 Protecting Enable and Enable Secret Passwords with Encryption 8-4 Disabling Password Recovery 8-5 Setting a Telnet Password for a Terminal Line 8-6 Configuring Username and Password Pairs...Network Services 8-16 Starting TACACS+ Accounting 8-17 Displaying the TACACS+ Configuration 8-17 Catalyst 3560 Switch Software Configuration Guide viii 78-16156-01
Software Configuration Guide
Page 29
... Using the XMODEM Protocol 35-2 Recovering from a Lost or Forgotten Password 35-4 Procedure with Password Recovery Enabled 35-5 Procedure with Password Recovery Disabled 35-6 Recovering from a Command Switch Failure 35-8 Replacing a Failed Command Switch with a Cluster Member 35-8 Replacing a Failed Command Switch with Another Switch 35-10 Recovering from Lost Cluster Member Connectivity 35-11 Preventing Autonegotiation...Message Output 35-19 Using the show platform forward Command 35-19 Using the crashinfo File 35-22 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xxix
... Using the XMODEM Protocol 35-2 Recovering from a Lost or Forgotten Password 35-4 Procedure with Password Recovery Enabled 35-5 Procedure with Password Recovery Disabled 35-6 Recovering from a Command Switch Failure 35-8 Replacing a Failed Command Switch with a Cluster Member 35-8 Replacing a Failed Command Switch with Another Switch 35-10 Recovering from Lost Cluster Member Connectivity 35-11 Preventing Autonegotiation...Message Output 35-19 Using the show platform forward Command 35-19 Using the crashinfo File 35-22 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xxix
Software Configuration Guide
Page 82
... system. With this program, you are using the XMODEM Protocol, recover from a Lost or Forgotten Password" section on Cisco.com. Catalyst 3560 Switch Software Configuration Guide 4-2 78-16156-01 The boot loader also provides trap-door access into the system...rate default is 9600. • Data bits default is 8. Assigning Switch Information You can disable password recovery. For more information, see the "Disabling Password Recovery" section on . Note You can assign IP information through the switch setup program, through a Dynamic Host Configuration Protocol (DHCP) server, or...
... system. With this program, you are using the XMODEM Protocol, recover from a Lost or Forgotten Password" section on Cisco.com. Catalyst 3560 Switch Software Configuration Guide 4-2 78-16156-01 The boot loader also provides trap-door access into the system...rate default is 9600. • Data bits default is 8. Assigning Switch Information You can disable password recovery. For more information, see the "Disabling Password Recovery" section on . Note You can assign IP information through the switch setup program, through a Dynamic Host Configuration Protocol (DHCP) server, or...
Software Configuration Guide
Page 119
... to Manage Switch Clusters You can configure cluster member switches from the command-switch CLI: switch# rcommand 3 If you lose connectivity with a cluster member switch or if a cluster command switch fails, see the "Disabling Password Recovery" section on page 8-5. 78-16156-01 Catalyst 3560 Switch Software Configuration ... to log into member-switch 3 from the CLI by first logging into the cluster command switch. The command mode changes, and the Cisco IOS commands operate as on configuring the switch for a Telnet session, see the cluster-related recovery procedures in Chapter 35,...
... to Manage Switch Clusters You can configure cluster member switches from the command-switch CLI: switch# rcommand 3 If you lose connectivity with a cluster member switch or if a cluster command switch fails, see the "Disabling Password Recovery" section on page 8-5. 78-16156-01 Catalyst 3560 Switch Software Configuration ... to log into member-switch 3 from the CLI by first logging into the cluster command switch. The command mode changes, and the Cisco IOS commands operate as on configuring the switch for a Telnet session, see the cluster-related recovery procedures in Chapter 35,...
Software Configuration Guide
Page 156
... to the Cisco IOS Security Command Reference for a Terminal Line, page 8-6 • Configuring Username and Password Pairs, page 8-7 • Configuring Multiple Privilege Levels, page 8-8 Default Password and Privilege Level Configuration Table 8-1 shows the default password and privilege level configuration. This section describes how to control access to use passwords and assign privilege levels. Catalyst 3560 Switch Software...
... to the Cisco IOS Security Command Reference for a Terminal Line, page 8-6 • Configuring Username and Password Pairs, page 8-7 • Configuring Multiple Privilege Levels, page 8-8 Default Password and Privilege Level Configuration Table 8-1 shows the default password and privilege level configuration. This section describes how to control access to use passwords and assign privilege levels. Catalyst 3560 Switch Software...
Software Configuration Guide
Page 159
...3560 Switch Software Configuration Guide 8-5 The password-recovery disable feature protects access to specify commands accessible at this feature is powering on a secure server. Return to define a password for privilege level 2: Switch(config)# enable secret level 2 5 $1$FaD0$Xyti5Rkls3LoyxzS8 Disabling Password Recovery... By default, any user. For more information, see the "Recovering from a lost password by the boot loader and the Cisco IOS ...
...3560 Switch Software Configuration Guide 8-5 The password-recovery disable feature protects access to specify commands accessible at this feature is powering on a secure server. Return to define a password for privilege level 2: Switch(config)# enable secret level 2 5 $1$FaD0$Xyti5Rkls3LoyxzS8 Disabling Password Recovery... By default, any user. For more information, see the "Recovering from a lost password by the boot loader and the Cisco IOS ...
Software Configuration Guide
Page 160
... vty 10 Switch(config-line)# password let45me67in89 Catalyst 3560 Switch Software Configuration Guide 8-6 78-16156-01 To remove the password, use the no password is power cycled. By default, no password global configuration command. Enter global configuration mode. For password, specify a string from 1 to boot manually by using the boot manual global configuration command. Note Disabling password recovery will not...
... vty 10 Switch(config-line)# password let45me67in89 Catalyst 3560 Switch Software Configuration Guide 8-6 78-16156-01 To remove the password, use the no password is power cycled. By default, no password global configuration command. Enter global configuration mode. For password, specify a string from 1 to boot manually by using the boot manual global configuration command. Note Disabling password recovery will not...
Software Configuration Guide
Page 779
...Cisco IOS software on the nature of these sections: • Recovering from Corrupted Software By Using the XMODEM Protocol, page 35-2 • Recovering from a Lost or Forgotten Password, page 35-4 • Recovering from a Command Switch Failure, page 35-8 • Recovering from Lost Cluster Member Connectivity, page 35-11 Note Recovery... forward Command, page 35-19 • Using the crashinfo File, page 35-22 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 35-1 This chapter consists of the problem, you have physical access to the command reference for this release...
...Cisco IOS software on the nature of these sections: • Recovering from Corrupted Software By Using the XMODEM Protocol, page 35-2 • Recovering from a Lost or Forgotten Password, page 35-4 • Recovering from a Command Switch Failure, page 35-8 • Recovering from Lost Cluster Member Connectivity, page 35-11 Note Recovery... forward Command, page 35-19 • Using the crashinfo File, page 35-22 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 35-1 This chapter consists of the problem, you have physical access to the command reference for this release...
Software Configuration Guide
Page 782
... 35 Troubleshooting Recovering from a Lost or Forgotten Password The default configuration for the switch allows an end user with physical access to the switch to recover from a lost password by interrupting the boot process during the recovery process. These recovery procedures require that begins with reload? [confirm] y 35-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Set...
... 35 Troubleshooting Recovering from a Lost or Forgotten Password The default configuration for the switch allows an end user with physical access to the switch to recover from a lost password by interrupting the boot process during the recovery process. These recovery procedures require that begins with reload? [confirm] y 35-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Set...
Software Configuration Guide
Page 783
... Forgotten Password Procedure with the configuration dialog? [yes/no]: N At the switch prompt, enter privileged EXEC mode: Switch> enable Rename the configuration file to its original name: Switch# rename flash:config.text.old flash:config.text 78-16156-01 Catalyst 3560 Switch Software ...switch: dir flash: The switch file system appears: Directory of the switch console port. switch: rename flash:config.text flash:config.text.old Boot the system: switch: boot You are prompted to config.text.old. Enter N at the prompt: Continue with Password Recovery Enabled If the password-recovery...
... Forgotten Password Procedure with the configuration dialog? [yes/no]: N At the switch prompt, enter privileged EXEC mode: Switch> enable Rename the configuration file to its original name: Switch# rename flash:config.text.old flash:config.text 78-16156-01 Catalyst 3560 Switch Software ...switch: dir flash: The switch file system appears: Directory of the switch console port. switch: rename flash:config.text flash:config.text.old Boot the system: switch: boot You are prompted to config.text.old. Enter N at the prompt: Continue with Password Recovery Enabled If the password-recovery...
Software Configuration Guide
Page 784
.... Access to the boot loader prompt through the password-recovery mechanism is likely to leave your system administrator to verify if there are backup switch and VLAN configuration files. 35-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Recovering from 1... to 25 alphanumeric characters, can start with Password Recovery Disabled If the password-recovery mechanism is disabled, this message appears: The password-recovery mechanism has ...
.... Access to the boot loader prompt through the password-recovery mechanism is likely to leave your system administrator to verify if there are backup switch and VLAN configuration files. 35-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Recovering from 1... to 25 alphanumeric characters, can start with Password Recovery Disabled If the password-recovery mechanism is disabled, this message appears: The password-recovery mechanism has ...
Software Configuration Guide
Page 785
... to continue with password recovery and lose the existing configuration: Would you like to reset the system back to continue........ • If you enter y (yes), the configuration file in Flash memory and the VLAN database file are prompted to privileged EXEC mode: Switch (config)# exit Switch# 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 35...
... to continue with password recovery and lose the existing configuration: Would you like to reset the system back to continue........ • If you enter y (yes), the configuration file in Flash memory and the VLAN database file are prompted to privileged EXEC mode: Switch (config)# exit Switch# 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 35...
Software Configuration Guide
Page 786
...the cluster members. 35-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Replacing a Failed Command Switch with a Cluster Member To replace a failed command switch with Another Switch, page 35-10 These recovery procedures require that you have not configured a standby command switch, and your cluster to a ..., enter the interface vlan vlan-id global configuration command, and specify the VLAN ID of the command-switch password, and cabling your command switch loses power or fails in interface configuration mode, enter the no shutdown command. This section describes two ...
...the cluster members. 35-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Replacing a Failed Command Switch with a Cluster Member To replace a failed command switch with Another Switch, page 35-10 These recovery procedures require that you have not configured a standby command switch, and your cluster to a ..., enter the interface vlan vlan-id global configuration command, and specify the VLAN ID of the command-switch password, and cabling your command switch loses power or fails in interface configuration mode, enter the no shutdown command. This section describes two ...
Software Configuration Guide
Page 849
... Commands in Cisco IOS Release 12.1(19)EA1 VTP Unsupported User EXEC Commands show running-config vlan show vlan ifindex show vlan private-vlan VTP Unsupported Privileged EXEC Commands vtp {password password | pruning ...| version number}private-vlan Note This command has been replaced by the vtp global configuration command. Miscellaneous Unsupported Global Configuration Commands errdisable detect cause dhcp-rate-limit errdisable recovery cause dhcp-rate-limit errdisable recovery cause unicast flood service compress-config 78-16156-01 Catalyst 3560 Switch...
... Commands in Cisco IOS Release 12.1(19)EA1 VTP Unsupported User EXEC Commands show running-config vlan show vlan ifindex show vlan private-vlan VTP Unsupported Privileged EXEC Commands vtp {password password | pruning ...| version number}private-vlan Note This command has been replaced by the vtp global configuration command. Miscellaneous Unsupported Global Configuration Commands errdisable detect cause dhcp-rate-limit errdisable recovery cause dhcp-rate-limit errdisable recovery cause unicast flood service compress-config 78-16156-01 Catalyst 3560 Switch...
Software Configuration Guide
Page 856
... recovery 5-10 IN-6 Catalyst 3560 Switch Software Configuration Guide clusters, switch (continued) benefits 1-2 command switch configuration 5-16 compatibility 5-4 creating 5-16 creating a cluster standby group 5-19 described 5-1 LRE profile considerations 5-15 managing through CLI 5-21 through SNMP 5-22 planning 5-4 planning considerations automatic discovery 5-5 automatic recovery 5-10 CLI 5-21 host names 5-13 IP addresses 5-13 LRE profiles 5-15 passwords...
... recovery 5-10 IN-6 Catalyst 3560 Switch Software Configuration Guide clusters, switch (continued) benefits 1-2 command switch configuration 5-16 compatibility 5-4 creating 5-16 creating a cluster standby group 5-19 described 5-1 LRE profile considerations 5-15 managing through CLI 5-21 through SNMP 5-22 planning 5-4 planning considerations automatic discovery 5-5 automatic recovery 5-10 CLI 5-21 host names 5-13 IP addresses 5-13 LRE profiles 5-15 passwords...
Software Configuration Guide
Page 857
... commands abbreviating 2-3 no and default 2-4 setting privilege levels 8-8 command switch accessing 5-11 active (AC) 5-10, 5-19 command switch with HSRP disabled (CC) 5-19 configuration conflicts 35-11 defined 5-2 enabling 5-16 passive (PC) 5-10, 5-19 password privilege levels 5-22 priority 5-10 recovery from command-switch failure 5-10 from failure 35-8 from lost member connectivity 35...10, B-13, B-16 reasons for B-8 using FTP B-13 using RCP B-17 using TFTP B-11 guidelines for creating and using B-9 invalid combinations when copying B-5 Catalyst 3560 Switch Software Configuration Guide IN-7
... commands abbreviating 2-3 no and default 2-4 setting privilege levels 8-8 command switch accessing 5-11 active (AC) 5-10, 5-19 command switch with HSRP disabled (CC) 5-19 configuration conflicts 35-11 defined 5-2 enabling 5-16 passive (PC) 5-10, 5-19 password privilege levels 5-22 priority 5-10 recovery from command-switch failure 5-10 from failure 35-8 from lost member connectivity 35...10, B-13, B-16 reasons for B-8 using FTP B-13 using RCP B-17 using TFTP B-11 guidelines for creating and using B-9 invalid combinations when copying B-5 Catalyst 3560 Switch Software Configuration Guide IN-7
Software Configuration Guide
Page 858
Index configuration files (continued) limiting TFTP server access 26-15 obtaining with DHCP 4-7 password recovery disable considerations 8-5 specifying the filename 4-12 system contact and location information 26-14 types and location B-9 uploading preparing B-10, B-13, B-16 reasons for B-8 using FTP B-... EtherChannel 29-9 fallback bridging 34-3 HSRP 31-4 IGMP 32-26 IGMP filtering 19-21 IGMP snooping 19-7 IGMP throttling 19-21 IGRP 30-24 initial switch information 4-3 IP addressing, IP routing 30-4 IP multicast routing 32-8 IN-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
Index configuration files (continued) limiting TFTP server access 26-15 obtaining with DHCP 4-7 password recovery disable considerations 8-5 specifying the filename 4-12 system contact and location information 26-14 types and location B-9 uploading preparing B-10, B-13, B-16 reasons for B-8 using FTP B-... EtherChannel 29-9 fallback bridging 34-3 HSRP 31-4 IGMP 32-26 IGMP filtering 19-21 IGMP snooping 19-7 IGMP throttling 19-21 IGRP 30-24 initial switch information 4-3 IP addressing, IP routing 30-4 IP multicast routing 32-8 IN-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
Software Configuration Guide
Page 874
... system resources 7-1 options, management 1-4 OSPF area parameters, configuring 30-32 configuring 30-30 default configuration IN-24 Catalyst 3560 Switch Software Configuration Guide OSPF (continued) metrics 30-34 route 30-34 settings 30-29 described 30-28 interface parameters, configuring...parallel paths, in routing tables 30-64 passive interfaces configuring 30-74 OSPF 30-34 passwords default configuration 8-2 disabling recovery of 8-5 encrypting 8-4 for security 1-6 in clusters 5-14, 5-17 overview 8-1 recovery of 35-4 setting enable 8-3 enable secret 8-4 Telnet 8-6 with usernames 8-7 VTP ...
... system resources 7-1 options, management 1-4 OSPF area parameters, configuring 30-32 configuring 30-30 default configuration IN-24 Catalyst 3560 Switch Software Configuration Guide OSPF (continued) metrics 30-34 route 30-34 settings 30-29 described 30-28 interface parameters, configuring...parallel paths, in routing tables 30-64 passive interfaces configuring 30-74 OSPF 30-34 passwords default configuration 8-2 disabling recovery of 8-5 encrypting 8-4 for security 1-6 in clusters 5-14, 5-17 overview 8-1 recovery of 35-4 setting enable 8-3 enable secret 8-4 Telnet 8-6 with usernames 8-7 VTP ...
Software Configuration Guide
Page 880
...B-31 preparing the server B-29 uploading B-33 reconfirmation interval, VMPS, changing 12-31 recovery procedures 35-1 redundancy EtherChannel 29-2 HSRP 31-1 STP backbone 15-8 path cost 12-26... reliable transport protocol, EIGRP 30-37 reloading software 4-16 IN-30 Catalyst 3560 Switch Software Configuration Guide Remote Authentication Dial-In User Service See RADIUS Remote Copy...release notes xxxv CMS See switch software configuration guide xxxv resets, in BGP 30-49 resetting a UDLD-shutdown interface 22-6 restricting access NTP services 6-8 overview 8-1 passwords and privilege levels 8-2 RADIUS ...
...B-31 preparing the server B-29 uploading B-33 reconfirmation interval, VMPS, changing 12-31 recovery procedures 35-1 redundancy EtherChannel 29-2 HSRP 31-1 STP backbone 15-8 path cost 12-26... reliable transport protocol, EIGRP 30-37 reloading software 4-16 IN-30 Catalyst 3560 Switch Software Configuration Guide Remote Authentication Dial-In User Service See RADIUS Remote Copy...release notes xxxv CMS See switch software configuration guide xxxv resets, in BGP 30-49 resetting a UDLD-shutdown interface 22-6 restricting access NTP services 6-8 overview 8-1 passwords and privilege levels 8-2 RADIUS ...