Cisco Systems C2960XSTACK Manuel d'utilisateur

Catalyst 2960-X Switch Network Management Configuration Guide,Cisco IOS Release 15.0(2)EXFirst Published: July 10, 2013Americas HeadquartersCisco Syst

DescriptionConventionOptional alternative keywords are grouped in brackets and separated byvertical bars.[x | y]Required alternative keywords are grou

Creating an RSPAN Destination SessionYou configure an RSPAN destination session on a different switch or switch stack; that is, not the switch orswitc

PurposeCommand or ActionRemoves any existing SPAN configuration for the session.no monitor session {session_number | all |local | remote}Step 5•For se

SUMMARY STEPS1.configure terminal2.no monitor session {session_number | all | local | remote}3.monitor session session_number source remote vlan vlan-

PurposeCommand or Action•(Optional) [, | -] Specifies a series or range of interfaces. Enter a spacebefore and after the comma; enter a space before a

PurposeCommand or ActionRemoves any existing SPAN configuration for the session.no monitor session {session_number |all | local | remote}Step 2•For se

PurposeCommand or Action◦(Optional) encapsulation replicate specifies that the destinationinterface replicates the source interface encapsulation meth

DETAILED STEPSPurposeCommand or ActionEnters global configuration mode.configure terminalExample:Switch# configure terminalStep 1Removes any existing

PurposeCommand or ActionExample:Switch(config)# monitor session 2destination remote vlan 5•For vlan-id, specify the destination RSPAN VLAN to monitor.

SPAN and RSPAN Configuration ExamplesExample: Configuring Local SPANThis example shows how to set up SPAN session 1 for monitoring source port traffic

Switch(config)# monitor session 2 destination interface gigabitethernet1/0/1Switch(config)# endExamples: Creating an RSPAN VLANThis example shows how

Related DocumentationBefore installing or upgrading the switch, refer to the switch release notes.Note•Catalyst 2960-X Switch documentation, located a

ModificationReleaseFlow-Based Switch Port Analyzer(SPAN): Provides a method tocapture only required (interesting)data between end hosts, by usingspeci

INDEXCCisco Discovery Protocol (CDP) 33Cisco Networking Services 16CNS 16Configuration Engine 14restrictions 14Ddefault configuration 77RSPAN 77SPAN 7

Sservices 16networking 16Simple Network Management Protocol (SNMP) 33SPAN 66, 68, 71, 72, 73, 75, 76, 77, 78, 80, 82, 91and stack changes 76configurat

Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EXxii OL-29044-01 PrefaceObtaining Documentation and Submi

CHAPTER 1Using the Command-Line InterfaceThis chapter contains the following topics:•Information About Using the Command-Line Interface, page 1•How to

Table 1: Command Mode SummaryAbout This ModeExit MethodPromptAccess MethodModeUse this mode to•Changeterminalsettings.•Perform basictests.•Displaysyst

About This ModeExit MethodPromptAccess MethodModeLine configuration Use this mode toconfigureparameters for theterminal line.To exit to globalconfigur

PurposeCommand or ActionLists all commands available for a particular commandmode.?Example:Switch> ?Step 4Lists the associated keywords for a comma

Table 2: Common CLI Error MessagesHow to Get HelpMeaningError MessageReenter the command followed bya question mark (?) with a spacebetween the comman

Changing the Command History Buffer SizeBy default, the switch records ten command lines in its history buffer. You can alter this number for a curren

PurposeCommand or ActionLists the last several commands that you just entered in privileged EXEC mode.The number of commands that appear is controlled

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,INFORMATION, AND RECOMME

PurposeCommand or ActionDisables the enhanced editing mode for the current terminal sessionin the privileged EXEC mode.terminal no editingExample:Swit

Deletes from the cursor to the end of the word.Esc DCapitalizes at the cursor.Esc CChanges the word at the cursor to lowercase.Esc LCapitalizes letter

DETAILED STEPSPurposeCommand or ActionDisplays the global configuration command entry that extends beyondone line.access-listExample:Switch(config)# a

PurposeCommand or ActionExpressions are case sensitive. For example, if you enter| exclude output, the lines that contain output are notdisplayed, but

Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX12 OL-29044-01 Using the Command-Line InterfaceAccessing

CHAPTER 2Configuring Cisco IOS Configuration EngineThis chapter describes how to configure the Cisco IOS Configuration Engine.•Finding Feature Informa

Related TopicsCisco Networking Services IDs and Device Hostnames, on page 16DeviceID, on page 17Restrictions for Configuring the Configuration Engine•

In standalone mode, the Cisco Configuration Engine supports an embedded directory service. In this mode,no external directory or other data store is r

Event ServiceThe Cisco Configuration Engine uses the Event Service for receipt and generation of configuration events.The Event Service consists of an

The ConfigID is fixed at startup time and cannot be changed until the device restarts, even if the switchhostname is reconfigured.DeviceIDEach configu

CONTENTSPreface Preface ixDocument Conventions ixRelated Documentation xiObtaining Documentation and Submitting a Service Request xiCHAPTER 1 Usin

In server mode, the hostname is not used. In this mode, the unique DeviceID attribute is always used forsending an event on the bus. If this attribute

Incremental (Partial) ConfigurationAfter the network is running, new services can be added by using the Cisco IOS CNS agent. Incremental(partial) conf

Required ConfigurationDevice•A bootstrap configuration file that includes theCNS configuration commands that enable theswitch to communicate with the

DETAILED STEPSPurposeCommand or ActionEnters the global configuration mode.configure terminalExample:Switch# configure terminalStep 1Enables the event

Related TopicsEvent Service, on page 16Enabling the Cisco IOS CNS AgentBeginning in privileged EXEC mode, follow these steps to enable the Cisco IOS C

PurposeCommand or ActionEnables the Cisco IOS CNS agent and initiates a partial configurationon the switch.Returns to privileged EXEC mode.endExample:

SUMMARY STEPS1.configure terminal2.cns template connect name3.cli config-text4.Repeat Steps 2 to 3 to configure another CNS connect template.5.exit6.c

PurposeCommand or ActionReturns to global configuration mode.exitExample:Switch(config)# exitStep 5Enters CNS connect configuration mode, specifies th

PurposeCommand or ActionReturns to global configuration mode.exitExample:Switch(config-cns-conn)# exitStep 10Enters the hostname for the switch.hostna

PurposeCommand or ActionEnables the Cisco IOS agent, and initiates an initial configuration.cns config initial {hostname | ip-address}[port-number] [e

Restrictions for Configuring the Configuration Engine 14Information About Configuring the Configuration Engine 14Cisco Configuration Engine Software 1

This example shows how to configure an initial configuration on a remote switch when the switch IP addressis known. The Configuration Engine IP addres

DETAILED STEPSPurposeCommand or ActionDisplays whether the CNS event agent is connecting to thegateway, connected, or active, and the gateway used by

PurposeCommand or ActionMake sure that you have reestablished the connectionbetween the switch and the event connection byexamining the output from sh

PurposeCommand or ActionReturns to privileged EXEC mode.endExample:Switch(config)# endStep 3What to Do NextTo verify information about the configurati

Additional ReferencesRelated DocumentsDocument TitleRelated TopicCisco Configuration Engine Installation and SetupGuide, 1.5 for Linux http://www.cisc

CHAPTER 3Configuring the Cisco Discovery ProtocolThis chapter describes the configuration of the Cisco Discovery Protocol (CDP).•Finding Feature Infor

CDP runs on all media that support Subnetwork Access Protocol (SNAP). Because CDP runs over the data-linklayer only, two systems that support differen

Beginning in privileged EXEC mode, follow these steps to configure these characteristics.SUMMARY STEPS1.configure terminal2.cdp timer seconds3.cdp hol

Switch(config)# cdp advertise-v2Switch(config)# endWhat to Do NextUse the no form of the CDP commands to return to the default settings.Related Topics

What to Do NextYou must reenable CDP to use it.Related TopicsEnabling CDP, on page 37Enabling CDPCDP is enabled by default.Switch clusters and other C

Enabling CDP 37Disabling CDP on an Interface 38Enabling CDP on an Interface 39Monitoring and Maintaining CDP 40Additional References 41Feature History

ExampleThe following example shows how to enable CDP if it has been disabled:Switch# configure terminalSwitch(config)# cdp runSwitch(config)# endWhat

PurposeCommand or ActionDisables CDP on the interface specified in Step 2.no cdp enableExample:Switch(config-if)# no cdp enableStep 3Returns to privil

PurposeCommand or ActionSpecifies the interface on which you are enabling CDP,and enters interface configuration mode.interface interface-idExample:Sw

DescriptionCommandDisplays information about a specific neighbor.You can enter an asterisk (*) to display all CDP neighbors, oryou can enter the name

Technical AssistanceLinkDescriptionhttp://www.cisco.com/supportThe Cisco Support website provides extensive onlineresources, including documentation a

CHAPTER 4Configuring Simple Network ManagementProtocolThis chapter describes the Simple Network Management Protocol (SNMP) configuration.•Finding Feat

•SNMPv2C replaces the Party-based Administrative and Security Framework of SNMPv2Classic withthe community-string-based Administrative Framework of SN

ResultEncryptionAuthenticationLevelModelUses a usernamematch forauthentication.NoUsernamenoAuthNoPrivSNMPv3Providesauthentication basedon the HMAC-MD5

Restrictions for SNMPVersion Restrictions•SNMPv1 does not support informs.Information About SNMPSNMP OverviewSNMP is an application-layer protocol tha

DescriptionOperationStores a value in a specific variable.set-requestAn unsolicited message sent by an SNMP agent to an SNMP manager when some eventha

Restrictions for SPAN and RSPAN 66Information About SPAN and RSPAN 68SPAN and RSPAN 68Local SPAN 68Remote SPAN 69SPAN and RSPAN Concepts and Terminolo

internetworking problems, increase network performance, verify the configuration of devices, monitor trafficloads, and more.As shown in the figure, th

Table 9: ifIndex ValuesifIndex RangeInterface Type1–4999SVI45001–5048EtherChannel5078–5142Tunnel10000–14500Physical (such as Gigabit Ethernet or SFP5-

•To configure a remote user, specify the IP address or port number for the remote SNMP agent of thedevice where the user resides.•Before you configure

DETAILED STEPSPurposeCommand or ActionEnters the global configuration mode.configure terminalExample:Switch# configure terminalStep 1Disables the SNMP

DETAILED STEPSPurposeCommand or ActionEnters the global configuration mode.configure terminalExample:Switch# configure terminalStep 1Configures the co

This example shows how to assign the comaccess string to SNMP, to allow read-only access, and to specifythat IP access list 4 can use the community st

PurposeCommand or Action•The engineid-string is a 24-character ID string with the name of the copy ofSNMP. You need not specify the entire 24-characte

PurposeCommand or ActionExample:Switch(config)# snmp-server userPat public v2cEnter the SNMP version number (v1, v2c, or v3). If you enter v3, you hav

Table 10: Device Notification TypesDescriptionNotification Type KeywordGenerates Border Gateway Protocol (BGP) state change traps. Thisoption is only

DescriptionNotification Type KeywordGenerates SNMP port security traps. You can also set a maximumtrap rate per second. The range is from 0 to 1000; t

Examples: Creating an RSPAN VLAN 97Feature History and Information for SPAN and RSPAN 97Catalyst 2960-X Switch Network Management Configuration Guide,

SUMMARY STEPS1.configure terminal2.snmp-server engineID remote ip-address engineid-string3.snmp-server user username group-name {remote host [ udp-por

PurposeCommand or ActionSpecifies the recipient of an SNMP trap operation.snmp-server host host-addr [informs | traps][version {1 | 2c | 3 {auth | noa

PurposeCommand or Action(Optional) Define how often to resend trap messages. The range is 1to 1000; the default is 30 seconds.snmp-server trap-timeout

DETAILED STEPSPurposeCommand or ActionEnters the global configuration mode.configure terminalExample:Switch# configure terminalStep 1Sets the system c

DETAILED STEPSPurposeCommand or ActionEnters the global configuration mode.configure terminalExample:Switch# configure terminalStep 1Limits the TFTP s

Table 11: Commands for Displaying SNMP InformationDefault SettingFeatureDisplays SNMP statistics.show snmpDisplays information on the local SNMP engin

second line specifies the destination of these traps and overwrites any previous snmp-server host commandsfor the host cisco.com.Switch(config)# snmp-

CHAPTER 5Configuring SPAN and RSPANThis chapter describes how to configure Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN).Unless otherwise note

RSPAN•We recommend that you configure an RSPAN VLAN before you configure an RSPAN source or adestination session.Restrictions for SPAN and RSPANSPANTh

•SPAN sessions do not interfere with the normal operation of the switch. However, an oversubscribedSPAN destination, for example, a 10-Mb/s port monit

Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EXviii OL-29044-01 Contents

name}Both the filter vlan and filter ip access-group commands cannot be configured at thesame time. Configuring one results in rejection of the other.

All traffic on port 5 (the source port) is mirrored to port 10 (the destination port). A network analyzer on port10 receives all network traffic from

The figure below shows source ports on Switch A and Switch B. The traffic for each RSPAN session is carriedover a user-specified RSPAN VLAN that is de

SPAN SessionsSPAN sessions (local or remote) allow you to monitor traffic on one or more ports, or one or more VLANs,and send the monitored traffic to

• Both—In a SPAN session, you can also monitor a port or VLAN for both received and sent packets.This is the default.The default configuration for loc

•Source ports can be in the same or different VLANs.•You can monitor multiple source ports in a single session.Source VLANsVLAN-based SPAN (VSPAN) is

configuration. If a configuration change is made to the port while it is acting as a SPAN destination port,the change does not take effect until the S

•STP can run on RSPAN VLAN trunks but not on SPAN destination ports.•An RSPAN VLAN cannot be a private-VLAN primary or secondary VLAN.For VLANs 1 to 1

•A private-VLAN port cannot be a SPAN destination port.•A secure port cannot be a SPAN destination port.For SPAN sessions, do not enable port security

added to the hardware memory on the switch. A system message notifies you of this action, which is calledreloading. The IPv4, IPv6 and MAC FSPAN ACLs

PrefaceThis preface contains the following topics:•Document Conventions, page ix•Related Documentation, page xi•Obtaining Documentation and Submitting

RSPAN Configuration Guidelines•All the SPAN configuration guidelines apply to RSPAN.•As RSPAN VLANs have special properties, you should reserve a few

DETAILED STEPSPurposeCommand or ActionEnters the global configuration mode.configure terminalExample:Switch# configure terminalStep 1Removes any exist

PurposeCommand or Action•For session_number, specify the session number entered in step 3.Example:Switch(config)# monitor session 1•For interface-id,

PurposeCommand or ActionRemoves any existing SPAN configuration for the session.no monitor session {session_number | all |local | remote}Step 2•For se

PurposeCommand or Action•untagged vlan vlan-id or vlan vlan-id—Accept incoming packets withuntagged encapsulation type with the specified VLAN as the

PurposeCommand or ActionSpecifies the characteristics of the source port (monitored port) and SPANsession.monitor session session_number sourceinterfa

SUMMARY STEPS1.configure terminal2.vlan vlan-id3.remote-span4.endDETAILED STEPSPurposeCommand or ActionEnters the global configuration mode.configure

To remove a source port or VLAN from the SPAN session, use the no monitor session session_numbersource {interface interface-id | vlan vlan-id} global

PurposeCommand or ActionA single session can include multiple sources (ports or VLANs),defined in a series of commands, but you cannot combine sourcep

DETAILED STEPSPurposeCommand or ActionEnters the global configuration mode.configure terminalExample:Switch# configure terminalStep 1Removes any exist