Software Guide
Page 9
... VTP Version 3 Passwords 9-27 Configuring a VTP Version 3 Takeover 9-28 Disabling VTP Version 3 on a Per-Port Basis 9-29 VTP Version 3 show Commands 9-29 Configuring VLANs 10-1 Understanding How VLANs Work 10-1 VLAN Ranges 10-3 Configurable VLAN Parameters 10-4 VLAN Default Configuration 10-4 VLAN Configuration Guidelines 10-5 Configuring VLANs on the Switch 10-6 Creating or...
... VTP Version 3 Passwords 9-27 Configuring a VTP Version 3 Takeover 9-28 Disabling VTP Version 3 on a Per-Port Basis 9-29 VTP Version 3 show Commands 9-29 Configuring VLANs 10-1 Understanding How VLANs Work 10-1 VLAN Ranges 10-3 Configurable VLAN Parameters 10-4 VLAN Default Configuration 10-4 VLAN Configuration Guidelines 10-5 Configuring VLANs on the Switch 10-6 Creating or...
Software Guide
Page 26
...The key combination Ctrl-D means to save space and preserve clarity. Nonprinting characters, such as passwords are grouped in italics. Default responses to material not covered in italic screen font. Optional alternative keywords are in angle brackets.... are in reference to switch platforms: • Catalyst enterprise LAN switches-Refers to the Catalyst 4000 series and Catalyst 4500 series switches, Catalyst 2948G, and Catalyst 2980G switches. • Catalyst 4000 family switches-Refers to the Catalyst 4000 series and Catalyst 4500 series switches. Indicates that the system...
...The key combination Ctrl-D means to save space and preserve clarity. Nonprinting characters, such as passwords are grouped in italics. Default responses to material not covered in italic screen font. Optional alternative keywords are in angle brackets.... are in reference to switch platforms: • Catalyst enterprise LAN switches-Refers to the Catalyst 4000 series and Catalyst 4500 series switches, Catalyst 2948G, and Catalyst 2980G switches. • Catalyst 4000 family switches-Refers to the Catalyst 4000 series and Catalyst 4500 series switches. Indicates that the system...
Software Guide
Page 37
... setting the IP address and default gateway, see Chapter 30, "Configuring Switch Access Using AAA." 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 2-3 unix_host% telnet Catalyst_1 Trying 172.16.10.10... Connected to the switch, you can open a Telnet session to Catalyst_1. Cisco Systems Console Enter password: After you successfully connect to...
... setting the IP address and default gateway, see Chapter 30, "Configuring Switch Access Using AAA." 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 2-3 unix_host% telnet Catalyst_1 Trying 172.16.10.10... Connected to the switch, you can open a Telnet session to Catalyst_1. Cisco Systems Console Enter password: After you successfully connect to...
Software Guide
Page 53
...Switch IP Address and Default Gateway Using DHCP or RARP to obtain an IP address for the switch, perform this task: Step 1 Step 2 Task Command Make sure that there is a DHCP, BOOTP, or RARP server on the - Console> (enable) show module 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches...range for the console port. Console Enter password: Console> enable Enter password: Console> (enable) set interface sl0 10.1.1.1 10.1.1.2 Interface sl0 slip and destination address set. Enter privileged mode on Console port. Cisco Systems, Inc. Escape character is necessary ...
...Switch IP Address and Default Gateway Using DHCP or RARP to obtain an IP address for the switch, perform this task: Step 1 Step 2 Task Command Make sure that there is a DHCP, BOOTP, or RARP server on the - Console> (enable) show module 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches...range for the console port. Console Enter password: Console> enable Enter password: Console> (enable) set interface sl0 10.1.1.1 10.1.1.2 Interface sl0 slip and destination address set. Enter privileged mode on Console port. Cisco Systems, Inc. Escape character is necessary ...
Software Guide
Page 181
... not for the entire management domain. Table 9-1 VTP Default Configuration Feature VTP domain name VTP mode VTP version 2 enable state VTP password VTP pruning Default Value Null Server Version 1 is enabled (version 2 ...Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 9-5 To make a VLAN pruning ineligible, enter the clear vtp pruneeligible command. Default VTP Version 1 and Version 2 Configuration Table 9-1 shows the default VTP configuration. Port 4 Switch 2 Switch 5 Port 5 Red VLAN Port 1 24511 Switch 6 Switch 3 Switch...
... not for the entire management domain. Table 9-1 VTP Default Configuration Feature VTP domain name VTP mode VTP version 2 enable state VTP password VTP pruning Default Value Null Server Version 1 is enabled (version 2 ...Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 9-5 To make a VLAN pruning ineligible, enter the clear vtp pruneeligible command. Default VTP Version 1 and Version 2 Configuration Table 9-1 shows the default VTP configuration. Port 4 Switch 2 Switch 5 Port 5 Red VLAN Port 1 24511 Switch 6 Switch 3 Switch...
Software Guide
Page 182
...9-12 • Displaying VTP Statistics, page 9-12 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 9-6 78-15486-01 Configuring VTP Version 1 ... switch (VTP version 2 is disabled by default). • Do not enable VTP version 2 on a switch unless all of the version 2-capable switches in...switch affects pruning eligibility for implementing VTP in your network: • All switches in a VTP domain must run the same VTP version. • You must configure a password on each switch in the domain. • A VTP version 2-capable switch...
...9-12 • Displaying VTP Statistics, page 9-12 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 9-6 78-15486-01 Configuring VTP Version 1 ... switch (VTP version 2 is disabled by default). • Do not enable VTP version 2 on a switch unless all of the version 2-capable switches in...switch affects pruning eligibility for implementing VTP in your network: • All switches in a VTP domain must run the same VTP version. • You must configure a password on each switch in the domain. • A VTP version 2-capable switch...
Software Guide
Page 185
...features VTP domain Lab_Net modified Console> (enable) show vtp domain 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 9-9 When you disable VTP using the off mode, the switch behaves the same as well. To enable VTP version 2, perform this task in...the exception that VTP version 2 is disabled by default on VTP version 2-capable switches. To disable VTP using the off mode, perform this task in privileged mode: Step 1 Step 2 Task Enable VTP version 2 on the switch. Every switch in the VTP domain must use the same VTP...
...features VTP domain Lab_Net modified Console> (enable) show vtp domain 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 9-9 When you disable VTP using the off mode, the switch behaves the same as well. To enable VTP version 2, perform this task in...the exception that VTP version 2 is disabled by default on VTP version 2-capable switches. To disable VTP using the off mode, perform this task in privileged mode: Step 1 Step 2 Task Enable VTP version 2 on the switch. Every switch in the VTP domain must use the same VTP...
Software Guide
Page 187
...VLANs 2 to continue (y/n) [n]? set vtp pruning enable (Optional) Make specific VLANs pruning ineligible on the device. (By default, VLANs 2-1000 are being pruned on this device. show trunk This example shows how to enable VTP pruning in the ... on trunk 16/1 1-1005,1025-4094 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 9-11 Console> (enable) show vtp domain Version : running VTP1 (VTP3 capable) Domain Name : Lab_Network Password : configured (hidden) Notifications: disabled Updater ID: 172....
...VLANs 2 to continue (y/n) [n]? set vtp pruning enable (Optional) Make specific VLANs pruning ineligible on the device. (By default, VLANs 2-1000 are being pruned on this device. show trunk This example shows how to enable VTP pruning in the ... on trunk 16/1 1-1005,1025-4094 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 9-11 Console> (enable) show vtp domain Version : running VTP1 (VTP3 capable) Domain Name : Lab_Network Password : configured (hidden) Notifications: disabled Updater ID: 172....
Software Guide
Page 194
... Server When a switch is version 1, server mode. Understanding How VTP Version 3 Works Chapter 9 Configuring VTP VTP Version 3 Modes The default mode for any instance. • They only accept a database with a higher revision number from their current primary server. • If they have a password configured (whether hidden or not hidden), .... The off mode can only be a server, it needs to a client, a VTP secondary server cannot modify the VTP configuration. 9-18 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01
... Server When a switch is version 1, server mode. Understanding How VTP Version 3 Works Chapter 9 Configuring VTP VTP Version 3 Modes The default mode for any instance. • They only accept a database with a higher revision number from their current primary server. • If they have a password configured (whether hidden or not hidden), .... The off mode can only be a server, it needs to a client, a VTP secondary server cannot modify the VTP configuration. 9-18 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01
Software Guide
Page 198
... show vtp domain 9-22 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Table 9-2 VTP Version 3 Default Configuration Feature VTP domain name VTP mode VTP version 3 enable state VTP password VTP pruning Default Value Null Server Version 1 ...Changing VTP Version 3 Modes, page 9-23 • Configuring VTP Version 3 Passwords, page 9-27 • Configuring a VTP Version 3 Takeover, page 9-28 • Disabling VTP Version 3 on the switch. Verify that you enable it is enabled None Disabled Configuring VTP Version 3 ...
... show vtp domain 9-22 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Table 9-2 VTP Version 3 Default Configuration Feature VTP domain name VTP mode VTP version 3 enable state VTP password VTP pruning Default Value Null Server Version 1 ...Changing VTP Version 3 Modes, page 9-23 • Configuring VTP Version 3 Passwords, page 9-27 • Configuring a VTP Version 3 Takeover, page 9-28 • Disabling VTP Version 3 on the switch. Verify that you enable it is enabled None Disabled Configuring VTP Version 3 ...
Software Guide
Page 199
...) set vtp version 3 This command will be configured with No Domain. The default mode is propagated by the name of the VTP protocol. Note In software release... be enabled on this switch. y VTP3 domain ENG modified Console> (enable) sh vtp domain Version : running VTP3 Domain Name : ENG Password : not configured Notifications: disabled Switch ID : 00d0.004c....version 3). As these instances are no "unknown" databases. 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 9-23 The unknown keyword allows you want to...
...) set vtp version 3 This command will be configured with No Domain. The default mode is propagated by the name of the VTP protocol. Note In software release... be enabled on this switch. y VTP3 domain ENG modified Console> (enable) sh vtp domain Version : running VTP3 Domain Name : ENG Password : not configured Notifications: disabled Switch ID : 00d0.004c....version 3). As these instances are no "unknown" databases. 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 9-23 The unknown keyword allows you want to...
Software Guide
Page 205
... per -port basis. Console> (enable) show vtp domain Version : running VTP3 Domain Name : server Notifications: disabled Password : configured (hidden) Switch ID : 00d0.004c.1800 Feature Mode Revision Primary ID Primary Description VLAN Primary Server 1 00d0.004c.1800 UNKNOWN Off Pruning... disable} command to requests. 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 9-29 Use the set port vtp 3/1-2 disable VTP is disabled, no VTP packets are dropped. By default, VTP is specific to the VTP domain,...
... per -port basis. Console> (enable) show vtp domain Version : running VTP3 Domain Name : server Notifications: disabled Password : configured (hidden) Switch ID : 00d0.004c.1800 Feature Mode Revision Primary ID Primary Description VLAN Primary Server 1 00d0.004c.1800 UNKNOWN Off Pruning... disable} command to requests. 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 9-29 Use the set port vtp 3/1-2 disable VTP is disabled, no VTP packets are dropped. By default, VTP is specific to the VTP domain,...
Software Guide
Page 244
...Switch_1> (enable) Verify the VTP and VLAN configuration on Switch 1 by entering the show trunk command: Switch_1> (...Switch 1 as 802.1Q trunk ports by entering the set to become dot1q trunk Switch_1> (enable) Verify that the Switch...default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active . . . indicates vtp domain mismatch Port Mode Encapsulation Status Native vlan ----------- 11-14 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches...in the default auto mode). Specifying the desirable mode on the Switch 1 ports...
...Switch_1> (enable) Verify the VTP and VLAN configuration on Switch 1 by entering the show trunk command: Switch_1> (...Switch 1 as 802.1Q trunk ports by entering the set to become dot1q trunk Switch_1> (enable) Verify that the Switch...default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active . . . indicates vtp domain mismatch Port Mode Encapsulation Status Native vlan ----------- 11-14 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches...in the default auto mode). Specifying the desirable mode on the Switch 1 ports...
Software Guide
Page 446
... range is three (default) to zero (0) disables this function. If the user fails to the switch. Understanding How Local Authentication Works Local authentication uses locally configured login and enable passwords to zero (0) disables login authentication. For example, you then disable all other authentication methods fail. 30-2 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide...
... range is three (default) to zero (0) disables this function. If the user fails to the switch. Understanding How Local Authentication Works Local authentication uses locally configured login and enable passwords to zero (0) disables login authentication. For example, you then disable all other authentication methods fail. 30-2 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide...
Software Guide
Page 449
... this trusted server is called the key distribution center (KDC). These tickets have a default life span of a user or service. Table 30-1 Kerberos Terminology Term Kerberized Kerberos... and the KDC and with the user's TGT. 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 30-5 If local authentication is disabled and...span and can be in clear text. Understanding How Kerberos Authentication Works Kerberos is encrypted with the password that issued the ticket, it can be used in place of a client for a network service....
... this trusted server is called the key distribution center (KDC). These tickets have a default life span of a user or service. Table 30-1 Kerberos Terminology Term Kerberized Kerberos... and the KDC and with the user's TGT. 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 30-5 If local authentication is disabled and...span and can be in clear text. Understanding How Kerberos Authentication Works Kerberos is encrypted with the password that issued the ticket, it can be used in place of a client for a network service....
Software Guide
Page 453
... configure login authentication on the switch. 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 30-9 Local user accounts must contain at least one username. • Local user accounts and passwords must be less than 100 characters... key Kerberos server auth-port Kerberos local-realm name Kerberos credentials forwarding Kerberos clients mandatory Kerberos preauthentication Default Disabled Disabled None specified None specified Port 750 NULL string Disabled Not mandatory Disabled Authentication Configuration Guidelines ...
... configure login authentication on the switch. 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 30-9 Local user accounts must contain at least one username. • Local user accounts and passwords must be less than 100 characters... key Kerberos server auth-port Kerberos local-realm name Kerberos credentials forwarding Kerberos clients mandatory Kerberos preauthentication Default Disabled Disabled None specified None specified Port 750 NULL string Disabled Not mandatory Disabled Authentication Configuration Guidelines ...
Software Guide
Page 480
...CISCO.COM Kerberos server entries: Realm:CISCO.COM, Server:187.0.2.1, Port:750 Realm:CISCO.COM, Server:187.20.2.1, Port:750 Kerberos DomainRealm entries: Domain:cisco.com, Realm:CISCO...cisco.edu@CISCO.EDU 0 933974942 1 1 8 00?91:107:423=:;9 Console> (enable) This example shows how to configure the switch so that Kerberos clients are mandatory for a password. clear kerberos credentials forward 30-36 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches... to the remote server. Configuring Authentication Chapter 30 Configuring Switch Access Using AAA As an additional layer of security, ...
...CISCO.COM Kerberos server entries: Realm:CISCO.COM, Server:187.0.2.1, Port:750 Realm:CISCO.COM, Server:187.20.2.1, Port:750 Kerberos DomainRealm entries: Domain:cisco.com, Realm:CISCO...cisco.edu@CISCO.EDU 0 933974942 1 1 8 00?91:107:423=:;9 Console> (enable) This example shows how to configure the switch so that Kerberos clients are mandatory for a password. clear kerberos credentials forward 30-36 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches... to the remote server. Configuring Authentication Chapter 30 Configuring Switch Access Using AAA As an additional layer of security, ...
Software Guide
Page 485
...the EXEC mode. You can specify the primary and fallback options that command, the command is the default behavior. 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 30-41 The Deny option is enabled for enable mode, the user...the authorization feature is a fallback option only. Authorization is enabled for EXEC mode, the user must supply a valid username and password pair to execute certain commands. Authorization is required only if you have enabled the authorization feature. • Enable mode (privileged...
...the EXEC mode. You can specify the primary and fallback options that command, the command is the default behavior. 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 30-41 The Deny option is enabled for enable mode, the user...the authorization feature is a fallback option only. Authorization is enabled for EXEC mode, the user must supply a valid username and password pair to execute certain commands. Authorization is required only if you have enabled the authorization feature. • Enable mode (privileged...
Software Guide
Page 596
... domain names 38-3 default configuration 38-1 disabling 38...Cisco devices and 11-3 overview 11-2 duplex mode Fast Ethernet 4-5 Dynamic Host Configuration Protocol See DHCP dynamic ports troubleshooting 12-11 dynamic port VLAN membership See VMPS Dynamic Trunking Protocol See DTP E enable mode, switch CLI 2-3 enable password... recovering lost 30-14 setting 30-13 enabling IGMP multicast filtering 15-19 enabling IGMP traffic filtering 15-20 encapsulation type descriptions, trunks (table) 11-2 encryption IN-4 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches...
... domain names 38-3 default configuration 38-1 disabling 38...Cisco devices and 11-3 overview 11-2 duplex mode Fast Ethernet 4-5 Dynamic Host Configuration Protocol See DHCP dynamic ports troubleshooting 12-11 dynamic port VLAN membership See VMPS Dynamic Trunking Protocol See DTP E enable mode, switch CLI 2-3 enable password... recovering lost 30-14 setting 30-13 enabling IGMP multicast filtering 15-19 enabling IGMP traffic filtering 15-20 encapsulation type descriptions, trunks (table) 11-2 encryption IN-4 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches...
Software Guide
Page 600
... 11-13 local authentication configuration guidelines 30-9 default configuration 30-8, 30-50 disabling 30-14 enabling 30-12 overview 30-2 password recovery 30-14 setting enable password 30-13 local user authentication deleting an account...Cisco Systems Console" login banner 27-5 overview 27-4 login passwords recovering lost 30-14 setting 30-13 login timer changing 20-6 loop guard multiple spanning tree 7-15 M MAC addresses allocating 7-13 blocking 16-1 blocking unicast flood packets 17-1 bridge identifiers 7-13 designating 2-8 IN-8 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches...
... 11-13 local authentication configuration guidelines 30-9 default configuration 30-8, 30-50 disabling 30-14 enabling 30-12 overview 30-2 password recovery 30-14 setting enable password 30-13 local user authentication deleting an account...Cisco Systems Console" login banner 27-5 overview 27-4 login passwords recovering lost 30-14 setting 30-13 login timer changing 20-6 loop guard multiple spanning tree 7-15 M MAC addresses allocating 7-13 blocking 16-1 blocking unicast flood packets 17-1 bridge identifiers 7-13 designating 2-8 IN-8 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches...