Catalyst 2960 and 2960-s software configuration guide

For more detailed definitions of access and trunk modes and their functions, see Table The vlan. Stack members have a vlan. You use the interface configuration mode to define the port membership mode and to add and remove ports from VLANs.

The results of these commands are written to the running-configuration file, and you can display the file by entering the show running-config privileged EXEC command. Note This section does not provide configuration details for most of these parameters.

For complete information on the commands and parameters that control VLAN configuration, see the command reference for this release. These sections contain normal-range VLAN configuration information:. Although the switch does not support Token Ring connections, a remote device such as a Catalyst series switch with Token Ring connections could be managed from one of the supported switches. Follow these guidelines when creating and modifying normal-range VLANs in your network:. For more information about commands available in this mode, see the vlan global configuration command description in the command reference for this release.

When you have finished the configuration, you must exit VLAN configuration mode for the configuration to take effect. If the VTP mode is transparent, they are also saved in the switch running configuration file. You can enter the copy running-config startup-config privileged EXEC command to save the configuration in the startup configuration file. In a switch stack, the whole stack uses the same vlan. When you save VLAN and VTP information including extended-range VLAN configuration information in the startup configuration file and reboot the switch, the switch configuration is selected as follows:.

Note The switch supports Ethernet interfaces exclusively. This saves the configuration in the switch startup configuration file. To return the VLAN name to the default settings, use the no name , no mtu , or no remote-span commands. If you are assigning a port on a cluster member switch to a VLAN, first use the rcommand privileged EXEC command to log in to the cluster member switch. Assign the port to a VLAN. Optional Save your entries in the configuration file.

To return an interface to its default configuration, use the default interfac e interface-id interface configuration command. This example shows how to configure a port as an access port in VLAN Extended-range VLANs enable service providers to extend their infrastructure to a greater number of customers. With VTP version 1 or 2, extended-range VLAN configurations are not stored in the VLAN database, but because VTP mode is transparent, they are stored in the switch running configuration file, and you can save the configuration in the startup configuration file by using the copy running-config startup-config privileged EXEC command.

These sections contain extended-range VLAN configuration information:. Follow these guidelines when creating extended-range VLANs:. See the description of the vlan global configuration command in the command reference for the default settings of all parameters.

You can save the extended-range VLAN configuration in the switch startup configuration file by using the copy running-config startup-config privileged EXEC command. Note This step is not required for VTP version 3. The range is to Save your entries in the switch startup configuration file. To delete an extended-range VLAN, use the no vlan vlan-id global configuration command.

The display includes VLAN status, ports, and configuration information. Display characteristics for all interfaces or for the specified VLAN configured on the switch.

For more details about the show command options and explanations of output fields, see the command reference for this release. These sections contain this conceptual information:. A trunk is a point-to-point link between one or more Ethernet switch interfaces and another networking device such as a router or a switch.

The switch supports IEEE You can configure a trunk on a single Ethernet interface or on an EtherChannel bundle. Ethernet trunk interfaces support different trunking modes see Table You can set an interface as trunking or nontrunking or to negotiate trunking with the neighboring interface.

To autonegotiate trunking, the interfaces must be in the same VTP domain. However, some internetworking devices might forward DTP frames improperly, which could cause misconfigurations. Table Layer 2 Interface Modes. Puts the interface access port into permanent nontrunking mode and negotiates to convert the link into a nontrunk link.

The interface becomes a nontrunk interface regardless of whether or not the neighboring interface is a trunk interface. Makes the interface able to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk or desirable mode.

The default switchport mode for all Ethernet interfaces is dynamic auto. Makes the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk , desirable , or auto mode. Puts the interface into permanent trunking mode and negotiates to convert the neighboring link into a trunk link.

The interface becomes a trunk interface even if the neighboring interface is not a trunk interface. Prevents the interface from generating DTP frames. You can use this command only when the interface switchport mode is access or trunk. You must manually configure the neighboring interface as a trunk interface to establish a trunk link. The IEEE Because trunk ports send and receive VTP advertisements, to use VTP you must ensure that at least one trunk port is configured on the switch and that this trunk port is connected to the trunk port of a second switch.

Otherwise, the switch cannot receive any VTP advertisements. These sections contain this configuration information:. Trunking interacts with other features in these ways:. Beginning in privileged EXEC mode, follow these steps to configure a port as a trunk port:. Specify the port to be configured for trunking, and enter interface configuration mode.

Configure the interface as a Layer 2 trunk required only if the interface is a Layer 2 access port or to specify the trunking mode. Display the switchport configuration of the interface in the Administrative Mode and the Administrative Trunking Encapsulation fields of the display. To return an interface to its default configuration, use the default interface interface-id interface configuration command. To reset all trunking characteristics of a trunking interface to the defaults, use the no switchport trunk interface configuration command.

To disable trunking, use the switchport mode access interface configuration command to configure the port as a static-access port. This example shows how to configure a port as an IEEE The example assumes that the neighbor interface is configured to support IEEE By default, a trunk port sends traffic to and receives traffic from all VLANs. To restrict the traffic a trunk carries, use the switchport trunk allowed vlan remove vlan-list interface configuration command to remove specific VLANs from the allowed list.

The same is true for any VLAN that has been disabled on the port. You can upload an image from the switch to a TFTP server. You can later download this image to the switch or to another switch of the same type. Use the upload feature only if the web management pages associated with the embedded device manager have been installed with the existing image.

Upload the currently running switch image to the TFTP server. The archive upload-sw privileged EXEC command builds an image file on the server by uploading these files in order: info, the Cisco IOS image, and the web management files. After these files are uploaded, the upload algorithm creates the tar file format. You upload a switch image file to a server for backup purposes. You can use this uploaded image for future downloads to the switch or another switch of the same type.

You can copy images files to or from an FTP server. When you copy an image file from the switch to a server by using FTP, the Cisco IOS software sends the first valid username in this list:. If you are writing to the server, the FTP server must be properly configured to accept the FTP write request from you.

Include the username in the archive download-sw or archive upload-sw privileged EXEC command if you want to specify a username only for that operation. If the server has a directory structure, the image file is written to or copied from the directory associated with the username on the server. For example, if the image file resides in the home directory of a user on the server, specify that user's name as the remote username.

Before you begin downloading or uploading an image file by using FTP, do these tasks:. You can download a new image file and overwrite the current image or keep the current image. To keep the current image, go to Step 7. Download the image file from the FTP server to the switch, and overwrite the current image. Download the image file from the FTP server to the switch, and keep the current image. The algorithm installs the downloaded image onto the system board flash device flash:. For file-url , enter the directory name of the old software image.

You can upload an image from the switch to an FTP server. You can later download this image to the same switch or to another switch of the same type. Upload the currently running switch image to the FTP server. The archive upload-sw command builds an image file on the server by uploading these files in order: info, the Cisco IOS image, and the web management files.

You can use this uploaded image for future downloads to the same switch or another of the same type. RCP provides another method of downloading and uploading image files between remote hosts and the switch. For the RCP copy request to execute successfully, an account must be defined on the network server for the remote username.

If the server has a directory structure, the image file is written to or copied from the directory associated with the remote username on the server. Before you begin downloading or uploading an image file by using RCP, do these tasks:.

For example, suppose the switch contains these configuration lines:. You can download a new image file and replace or keep the current image. To keep the current image, go to Step 6. Download the image file from the RCP server to the switch, and overwrite the current image. Download the image file from the RCP server to the switch, and keep the current image.

If there is not enough room to install the new image an keep the running image, the download process stops, and an error message is displayed. You can upload an image from the switch to an RCP server. The upload feature should be used only if the web management pages associated with the embedded device manager have been installed with the existing image. Upload the currently running switch image to the RCP server.

For switch stacks, the archive download-sw and archive upload-sw privileged EXEC commands can be used only through the stack master. To upgrade a switch that has an incompatible software image, use the archive copy-sw privileged EXEC command to copy the software image from an existing stack member to the one that has incompatible software.

Note To successfully use the archive copy-sw privileged EXEC command, you must have downloaded from a TFTP server the images for both the stack member switch being added and the stack master. You use the archive download-sw privileged EXEC command to perform the download.

Beginning in privileged EXEC mode from the stack member that you want to upgrade, follow these steps to copy the running image file from the flash memory of a different stack member:. Copy the running image file from a stack member, and then unconditionally reload the updated stack member. Note At least one stack member must be running the image that is to be copied to the switch that is running the incompatible software.

If you do not specify this stack member number, the default is to copy the running image file to all stack members. For source-stack-member-number , specify the number of the stack member the source from which to copy the running image file.

The stack member number range is 1 to 9. Reset the updated stack member, and put this configuration change into effect. Skip to content Skip to search Skip to footer. Book Contents Book Contents. Find Matches in This Book.

PDF - Complete Book Updated: July 22, Working with the Cisco IOS File System, Configuration Files, and Software Images This appendix describes how to manipulate the Catalyst and switch flash file system, how to copy configuration files, and how to archive upload and download software images to a switch. Free b Amount of free memory in the file system in bytes.

Type Type of file system. Flags Permission for file system. Prefixes Alias for file system. Setting the Default File System You can specify the file system or directory that the system uses as the default file system by using the cd filesystem: privileged EXEC command. Displaying Information about Files on a File System You can view a list of the contents of a file system before manipulating its contents. Changing Directories and Displaying the Working Directory Beginning in privileged EXEC mode, follow these steps to change directories and display the working directory.

Command Purpose Step 1 dir filesystem : Display the directories on the specified file system. Step 3 pwd Display the working directory. Creating and Removing Directories Beginning in privileged EXEC mode, follow these steps to create and remove a directory: Command Purpose Step 1 dir filesystem : Display the directories on the specified file system.

Directory names are case sensitive. Step 3 dir filesystem : Verify your entry. Caution When files and directories are deleted, their contents cannot be recovered. Copying Files To copy a file from a source to a destination, use the copy source-url destination-url privileged EXEC command. Deleting Files When you no longer need a file on a flash memory device, you can permanently delete it. Caution When files are deleted, their contents cannot be recovered.

This example shows how to delete the file myconfig from the default flash memory device: Switch delete myconfig Creating, Displaying, and Extracting tar Files You can create a tar file and write files into it, list the files in a tar file, and extract the files from a tar file as described in the next sections.

Saved configuration on server! You might want to perform this for one of these reasons: To restore a backed-up configuration file. To use the configuration file for another switch. For example, you might add another switch to your network and want it to have a configuration similar to the original switch. By copying the file to the new switch, you can change the relevant parts rather than recreating the whole file.

To load the same configuration commands on all the switches in your network so that all the switches have similar configurations. Use these guidelines when creating a configuration file: We recommend that you connect through the console port for the initial configuration of the switch. If you are accessing the switch through a network connection instead of through a direct connection to the console port, keep in mind that some configuration changes such as changing the switch IP address or disabling ports can cause a loss of connectivity to the switch.

If no password has been set on the switch, we recommend that you set one by using the enable secret secret-password global configuration command. Configuration File Types and Location n Startup configuration files are used during system startup to configure the software.

Creating a Configuration File By Using a Text Editor When creating a configuration file, you must list commands logically so that the system can respond appropriately. This is one method of creating a configuration file: Step 1 Copy an existing configuration from a switch to a server. Ensure that the switch has a route to the TFTP server. The switch and the TFTP server must be in the same subnetwork if you do not have a router to route traffic between subnets.

Check connectivity to the TFTP server by using the ping command. For download operations, ensure that the permissions on the file are set correctly. The permission on the file should be world-read. Before uploading the configuration file, you might need to create an empty file on the TFTP server.

To create an empty file, enter the touch filename command, where filename is the name of the file you will use when uploading it to the server. During upload operations, if you are overwriting an existing file including an empty file, if you had to create one on the server, ensure that the permissions on the file are set correctly. Permissions on the file should be world-write. When you copy a configuration file from the switch to a server by using FTP, the Cisco IOS software sends the first valid username in this list: The username specified in the copy command if a username is specified.

The username set by the ip ftp username username global configuration command if the command is configured. The switch sends the first valid password in this list: The password specified in the copy command if a password is specified. The password set by the ip ftp password password global configuration command if the command is configured.

The switch forms a password named username switchname. The variable username is the username associated with the current session, switchname is the configured hostname, and domain is the domain of the switch. The switch and the FTP server must be in the same subnetwork if you do not have a router to route traffic between subnets.

Check connectivity to the FTP server by using the ping command. If you are accessing the switch through the console or a Telnet session and you do not have a valid username, make sure that the current FTP username is the one that you want to use for the FTP download. You can enter the show users privileged EXEC command to view the valid username. If you do not want to use this username, create a new FTP username by using the ip ftp username username global configuration command during all copy operations.

If you are accessing the switch through a Telnet session and you have a valid username, this username is used, and you do not need to set the FTP username. Include the username in the copy command if you want to specify a username for only that copy operation. When you upload a configuration file to the FTP server, it must be properly configured to accept the write request from the user on the switch.

Step 3 configure terminal Enter global configuration mode on the switch. Step 4 ip ftp username username Optional Change the default remote username. You can specify the maximum wattage that is allowed on the port. If the IEEE class maximum wattage of the powered device is greater than the configured maximum value, the switch does not provide power to the port.

If the switch powers a powered device, but the powered device later requests through CDP messages more than the configured maximum value, the switch removes power to the port. The power that was allocated to the powered device is reclaimed into the global power budget. If you do not specify a wattage, the switch delivers the maximum value.

Use the auto setting on any PoE port. The auto mode is the default setting. However, if the powered-device IEEE class is greater than the maximum wattage, the switch does not supply power to it. If the switch learns through CDP messages that the powered device needs more than the maximum wattage, the powered device is shutdown. If you do not specify a wattage, the switch pre-allocates the maximum value. The switch powers the port only if it discovers a powered device.

Use the static setting on a high-priority interface. When policing of the real-time power consumption is enabled, the switch takes action when a powered device consumes more power than the maximum amount allocated, also referred to as the cutoff-power value. When PoE is enabled, the switch senses the real-time power consumption of the powered device and monitors the power consumption of the connected powered device; this is called power monitoring or power sensing.

The switch also uses the power policing feature to police the power usage. Power monitoring is backward-compatible with Cisco intelligent power management and CDP-based power consumption. It works with these features to ensure that the PoE port can supply power to the powered device. The switch senses the power consumption of the connected device as follows:. The switch monitors the real-time power consumption on individual ports. If power policing is enabled, the switch polices power usage by comparing the real-time power consumption to the maximum power allocated to the device.

If the device uses more than the maximum power allocation on the port, the switch can either turn off power to the port, or the switch can generate a syslog message and update the LEDs the port LED is now blinking amber while still providing power to the device based on the switch configuration.

By default, power-usage policing is disabled on all PoE ports. If error recovery from the PoE error-disabled state is enabled, the switch automatically takes the PoE port out of the error-disabled state after the specified amount of time. If error recovery is disabled, you can manually re-enable the PoE port by using the shutdown and no shutdown interface configuration commands.

If policing is disabled, no action occurs when the powered device consumes more than the maximum power allocation on the PoE port, which could adversely affect the switch. When power policing is enabled, the switch determines the cutoff power on the PoE port in this order:. Manually when you set the user-defined power level that the switch budgets for the port by using the power inline consumption default wattage global or interface configuration command.

Manually when you set the user-defined power level that limits the power allowed on the port by using the power inline auto max max-wattage or the power inline static max max-wattage interface configuration command. Use the first or second method in the previous list to manually configure the cutoff-power value by entering the power inline consumption default wattage or the power inline [ auto static max ] max-wattage command.

If you do not manually configure the cutoff-power value, the switch automatically determines the value by using CDP power negotiation. If the switch cannot determine the value by using one of these methods, it uses the default value of If a powered device consumes more than The port remains in the fault state for a time before attempting to power on again.

If the port continuously draws more than If CDP is disabled after the switch has locked on it, the switch does not respond to LLDP power requests and can no longer power on any accessories. In this case, you should restart the powered device. You can configure the initial power allocation and the maximum power allocation on a port.

However, these values are only the configured values that determine when the switch should turn on or turn off power on the PoE port. The maximum power allocation is not the same as the actual power consumption of the powered device. The actual cutoff power value that the switch uses for power policing is not equal to the configured power value.

When power policing is enabled, the switch polices the power usage at the switch port , which is greater than the power consumption of the device. When you manually set the maximum power allocation, you must consider the power loss over the cable from the switch port to the powered device.

The cutoff power is the sum of the rated power consumption of the powered device and the worst-case power loss over the cable. The actual amount of power consumed by a powered device on a PoE port is the cutoff-power value plus a calibration factor of mW 0. The actual cutoff value is approximate and varies from the configured value by a percentage of the configured value.

For example, if the configured cutoff power is 12 W, the actual cutoff-value is We recommend that you enable power policing when PoE is enabled on your switch. For example, if policing is disabled and you set the cutoff-power value by using the power inline auto max interface configuration command, the configured maximum power allocation on the PoE port is 6.

The switch provides power to the connected devices on the port if the device needs up to 6. If the CDP-power negotiated value or the IEEE classification value exceeds the configured cutoff value, the switch does not provide power to the connected device. After the switch turns on power to the PoE port, the switch does not police the real-time power consumption of the device, and the device can consume more power than the maximum allocated amount, which could adversely affect the switch and the devices connected to the other PoE ports.

Because the switch supports internal power supplies and the Cisco Redundant Power System also referred to as the RPS , the total amount of power available for the powered devices varies depending on the power supply configuration. Devices within a single VLAN can communicate directly through any switch. Ports in different VLANs cannot exchange data without going through a routing device. With a standard Layer 2 switch, ports in different VLANs have to exchange information through a router.

Console output appears on devices connected to both ports, but console input is active on only one port at a time. See the hardware installation guide for driver installation instructions.

The connected device must include a terminal emulation application. When the switch detects a valid USB connection to a powered-on device that supports host functionality such as a PC , input from the RJ console is immediately disabled, and input from the USB console is enabled.

An LED on the switch shows which console connection is in use. Each switch in a stack issues this log. Every switch always first displays the RJ media type. In the sample output, switch 1 has a connected USB console cable. Because the bootloader did not change to the USB console, the first log from switch 1 shows the RJ console. A short time later, the console changes and the USB console log appears.

Switch 2 and switch 3 have connected RJ console cables. You can configure the console type to always be RJ, and you can configure an inactivity timeout for the USB connector. This configuration applies to all switches in a stack. Configure the console. Enter line configuration mode. Configure the console media type to always be RJ If you do not enter this command and both types are connected, the default is USB.

Optional Save your entries in the configuration file. This configuration terminates any active USB console media type in the stack. A log shows that this termination has occurred. This example shows that the console on switch 1 reverted to RJ At this point no switches in the stack allow a USB console to have input.

A log entry shows when a console cable is attached. If a USB console cable is connected to switch 2, it is prevented from providing input. This example reverses the previous configuration and immediately activates any USB console that is connected. The configurable inactivity timeout reactivates the RJ console port if the USB console port is activated but no input activity occurs on it for a specified time period.

When the USB console port is deactivated due to a timeout, you can restore its operation by disconnecting and reconnecting the USB cable. Note The configured inactivity timeout applies to all switches in a stack. However, a timeout on one switch does not cause a timeout on other switches in the stack. Beginning in privileged EXEC mode, follow these steps to configure an inactivity timeout.

Configure the console port. Enter console line configuration mode. Specify an inactivity timeout for the console port. The range is 1 to minutes.

The default is to have no timeout configured. This example configures the inactivity timeout to 30 minutes:. If there is no input activity on a USB console port for the configured number of minutes, the inactivity timeout setting applies to the RJ port, and a log shows this occurrence:. At this point, the only way to reactivate the USB console port is to disconnect and reconnect the cable.

When the USB cable on the switch has been disconnected and reconnected, a log similar to this appears:. You can also configure the switch to boot from the USB flash drive. Configure the switch to boot from the USB flash device. The image is the name of the bootable image. This example configures the switch to boot from the Catalyst S flash device. To disable booting from flash, enter the no form of the command.

This is sample output from the show usb device command:. This is sample output from the show usb port command:. The switch supports these interface types:. To configure a physical interface port on a Catalyst switch or a Catalyst S switch running the LAN Lite image, specify the interface type, module number, and switch port number, and enter interface configuration mode.

To configure a port on a Catalyst S switch running the LAN base image supporting stacking , specify the interface type, stack member number, module number, and switch port number, and enter interface configuration mode.

You can identify physical interfaces by looking at the switch. You can also use the show privileged EXEC commands to display information about a specific interface or all the interfaces.

The remainder of this chapter primarily provides physical interface configuration procedures. Note Configuration examples and outputs in this book might not be specific to your switch, particularly regarding the presence of a stack member number.

These general instructions apply to all interface configuration processes. Step 2 Enter the interface global configuration command. Identify the interface type and the interface number, Gigabit Ethernet port 1 in this example:. Note Entering a space between the interface type and interface number is optional. Step 3 Follow each interface command with the configuration commands that the interface requires. The commands that you enter define the protocols and applications that will run on the interface.

The commands are collected and applied to the interface when you enter another interface command or enter end to return to privileged EXEC mode. You can also configure a range of interfaces by using the interface range or interface range macro global configuration commands. Interfaces configured in a range must be the same type and must be configured with the same feature options.

Enter the show interfaces privileged EXEC command to see a list of all interfaces on or configured for the switch.

A report is provided for each interface that the device supports or for the specified interface. You can use the interface range global configuration command to configure multiple interfaces with the same configuration parameters.

When you enter the interface-range configuration mode, all command parameters that you enter are attributed to all interfaces within that range until you exit this mode. Beginning in privileged EXEC mode, follow these steps to configure a range of interfaces with the same parameters:. Specify the range of interfaces VLANs or physical ports to be configured, and enter interface-range configuration mode.

Use the normal configuration commands to apply the configuration parameters to all interfaces in the range. Each command is executed as it is entered. Verify the configuration of the interfaces in the range. When using the interface range global configuration command, note these guidelines:.

Note Although the command-line interface shows options to set multiple VLANs, these options are not supported on Catalyst and S switches. Note When you use the interface range command with port channels, the first and last port-channel number must be active port channels. This example shows how to use a comma to add different interface type strings to the range to enable Fast Ethernet ports 1 to 3 and Gigabit Ethernet ports 1 and 2 to receive flow-control pause frames:.

If you enter multiple configuration commands while you are in interface-range mode, each command is executed as it is entered. The commands are not batched and executed after you exit interface-range mode.

If you exit interface-range configuration mode while the commands are being executed, some commands might not be executed on all interfaces in the range.

Wait until the command prompt reappears before exiting interface-range configuration mode. You can create an interface range macro to automatically select a range of interfaces for configuration.

Before you can use the macro keyword in the interface range macro global configuration command string, you must use the define interface-range global configuration command to define the macro.

Beginning in privileged EXEC mode, follow these steps to define an interface range macro:. You can now use the normal configuration commands to apply the configuration to all interfaces in the defined macro.

Show the defined interface range macro configuration. When using the define interface-range global configuration command, note these guidelines:. Note Although the command-line interface shows options to set multiple VLANs, these options are not supported on Catalyst switches.

This example shows how to create a multiple-interface macro named macro1 :. Note The Ethernet management port is not supported on Catalyst switches. The Ethernet management port, also referred to as the Fa0 or fastethernet0 port , is a Layer 3 host port to which you can connect a PC. You can use the Ethernet management port instead of the switch console port for network management. When managing a switch stack, connect the PC to the Ethernet management port on a Catalyst S stack member.

Figure Connecting a Switch to a PC. This example shows how to configure a MOTD banner for the switch by using the pound sign symbol as the beginning and ending delimiter:.

This example shows the banner that appears from the previous configuration:. You can configure a login banner to be displayed on all connected terminals. This banner appears after the MOTD banner and before the login prompt. Beginning in privileged EXEC mode, follow these steps to configure a login banner:. For message , enter a login message up to characters.

To delete the login banner, use the no banner login global configuration command. The MAC address table contains address information that the switch uses to forward traffic between ports. All MAC addresses in the address table are associated with one or more ports. The address table includes these types of addresses:. Note For complete syntax and usage information for the commands used in this section, see the command reference for this release.

With multiple MAC addresses supported on all ports, you can connect any port on the switch to individual workstations, repeaters, switches, routers, or other network devices.

The switch provides dynamic addressing by learning the source address of packets it receives on each port and adding the address and its associated port number to the address table. As stations are added or removed from the network, the switch updates the address table, adding new dynamic addresses and aging out those that are not in use. The aging interval is globally configured on a standalone switch or on the switch stack.

The switch sends packets between any combination of ports, based on the destination address of the received packet. Using the MAC address table, the switch forwards the packet only to the port associated with the destination address. If the destination address is on the port that sent the packet, the packet is filtered and not forwarded. The switch always uses the store-and-forward method: complete packets are stored and checked for errors before transmission. All addresses are associated with a VLAN.

An address can exist in more than one VLAN and have different destinations in each. Each VLAN maintains its own logical address table. The MAC address tables on all stack members are synchronized. At any given time, each stack member has the same copy of the address tables for each VLAN.

When an address ages out, the address is removed from the address tables on all stack members. When a switch joins a switch stack, that switch receives the addresses for each VLAN learned on the other stack members. When a stack member leaves the switch stack, the remaining stack members age out or remove all addresses learned by the former stack member.

Table shows the default MAC address table configuration. Dynamic addresses are source MAC addresses that the switch learns and then ages when they are not in use. Setting too short an aging time can cause addresses to be prematurely removed from the table. Then when the switch receives a packet for an unknown destination, it floods the packet to all ports in the same VLAN as the receiving port. This unnecessary flooding can impact performance. Setting too long an aging time can cause the address table to be filled with unused addresses, which prevents new addresses from being learned.

Flooding results, which can impact switch performance. Beginning in privileged EXEC mode, follow these steps to configure the dynamic address table aging time:. Set the length of time that a dynamic entry remains in the MAC address table after the entry is used or updated. The range is 10 to seconds. The default is You can also enter 0, which disables aging. Static address entries are never aged or removed from the table. For vlan-id , valid IDs are 1 to To return to the default value, use the no mac address-table aging-time global configuration command.

To remove all dynamic entries, use the clear mac address-table dynamic command in privileged EXEC mode. You can also remove a specific MAC address clear mac address-table dynamic address mac-address , remove all addresses on the specified physical port or port channel clear mac address-table dynamic interface interface-id , or remove all addresses on a specified VLAN clear mac address-table dynamic vlan vlan-id. To verify that dynamic entries have been removed, use the show mac address-table dynamic privileged EXEC command.

MAC address change notification tracks users on a network by storing the MAC address change activity. If you have many users coming and going from the network, you can set a trap-interval time to bundle the notification traps to reduce network traffic. Notifications are not generated for self addresses, multicast addresses, or other static addresses. Enable the MAC address change notification feature. Enter the trap interval time and the history table size. Enable the MAC address change notification trap on the interface.

To disable MAC address-change notification traps, use the no snmp-server enable traps mac-notification change global configuration command. To disable the MAC address-change notification feature, use the no mac address-table notification change global configuration command.

This example shows how to specify You can verify your settings by entering the show mac address-table notification change interface and the show mac address-table notification change privileged EXEC commands. To disable MAC address-move notification traps, use the no snmp-server enable traps mac-notification move global configuration command. To disable the MAC address-move notification feature, use the no mac address-table notification mac-move global configuration command.

You can verify your settings by entering the show mac address-table notification mac-move privileged EXEC commands. When you configure MAC threshold notification, an SNMP notification is generated and sent to the network management system when a MAC address table threshold limit is reached or exceeded.

Enable the MAC address threshold notification feature. Enter the threshold value for the MAC address threshold usage monitoring. To disable MAC address-threshold notification traps, use the no snmp-server enable traps mac-notification threshold global configuration command. To disable the MAC address-threshold notification feature, use the no mac address-table notification threshold global configuration command.

You can verify your settings by entering the show mac address-table notification threshold privileged EXEC commands. A static address has these characteristics:. You can add and remove static addresses and define the forwarding behavior for them. The forwarding behavior defines how a port that receives a packet forwards it to another port for transmission. You can specify a different list of destination ports for each source port. A packet with a static address that arrives on a VLAN where it has not been statically entered is flooded to all ports and not learned.

You add a static address to the address table by specifying the destination MAC unicast address and the VLAN from which it is received. Packets received with this destination address are forwarded to the interface specified with the interface-id option. Beginning in privileged EXEC mode, follow these steps to add a static address :.

To remove static entries from the address table, use the no mac address-table static mac-addr vlan vlan-id [ interface interface-id ] global configuration command. This example shows how to add the static address c2f3.

When unicast MAC address filtering is enabled, the switch drops packets with specific source or destination MAC addresses. This feature is disabled by default and only supports unicast static addresses. Follow these guidelines when using this feature:. For example, if you enter the mac address-table static mac-addr vlan vlan-id interface interface-id global configuration command followed by the mac address-table static mac-addr vlan vlan-id drop command, the switch drops packets with the specified MAC address as a source or destination.

If you enter the mac address-table static mac-addr vlan vlan-id drop global configuration command followed by the mac address-table static mac-addr vlan vlan-id interface interface-id command, the switch adds the MAC address as a static address. You enable unicast MAC address filtering and configure the switch to drop packets with a specific address by specifying the source or destination unicast MAC address and the VLAN from which it is received.

Beginning in privileged EXEC mode, follow these steps to configure the switch to drop a source or destination unicast static address :. Enable unicast MAC address filtering and configure the switch to drop a packet with the specified source or destination unicast static address. To disable unicast MAC address filtering, use the no mac address -table static mac-addr vlan vlan-id global configuration command. This example shows how to enable unicast MAC address filtering and to configure the switch to drop packets that have a source or destination address of c2f3.

Before you disable MAC address learning, be sure that you are familiar with the network topology and the switch system configuration. You can also reenable MAC address learning on a VLAN by entering the mac address -table learning vlan vlan-id global configuration command.