Manual Cisco Systems 3560X

1438 pages 14.36 mb
Download

Go to site of 1438

Summary
  • Cisco Systems 3560X - page 1

    Americas Headquarters Cisco Systems, In c. 170 West Tasman Drive San Jose, CA 951 34-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553-NETS (638 7) Fax: 408 527-0883 Catal yst 3750-X and 3560-X S witc h S of tw are Conf iguration Guide Cisco IOS Release 12.2(53)SE2 May 20 1 0 Text Part Number: OL -21521-01 ...

  • Cisco Systems 3560X - page 2

    THE SPECIFICATION S AND INFORMATION RE GARDING THE PRODU CTS IN THIS MANU AL ARE SUBJECT TO CHANGE WITHOUT N OTICE. ALL STATEMENTS , INFORMATION , AND RECOMMEN DATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESEN TED WITHOUT WARRANTY OF ANY KIND, EX PRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSI BILITY FOR THEIR APPLICATION OF ANY PRO ...

  • Cisco Systems 3560X - page 3

    iii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 CONTENTS Preface xlix Audience xlix Purpose xlix Conventi ons xlix Related Publica tion s l Obtaining Documentation and Submitting a Serv ice Request li CHAPTER 1 Overview 1-1 Features 1-1 Deployment Features 1-2 Performance Feature s 1-4 Management Options 1-5 Manageab ...

  • Cisco Systems 3560X - page 4

    Contents iv Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Understanding no and default Forms of Co mmands 2-4 Understanding CLI Error Messages 2-4 Using Configuration Logging 2-4 Using Command History 2-5 Changing the Co mmand History Buffer Size 2-5 Recalling Commands 2-6 Disabling the Command History Feature 2-6 Using ...

  • Cisco Systems 3560X - page 5

    Contents v Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Modifying the Startu p Con figuration 3-16 Default Boot Configuration 3-17 Automatically Downloading a Configuration File 3-17 Specifying the Filename to Read and Write the System Configuration 3-17 Booting Manually 3-18 Booting a Specific Software Image 3-19 Con ...

  • Cisco Systems 3560X - page 6

    Contents vi Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Stack Member Priority Values 5-8 Switch Stack Offl in e Configurati on 5-8 Effects of Adding a Provisioned Switch to a Sw itch Stack 5-9 Effects of Replacing a Provisioned Switch in a Switch Sta ck 5-1 0 Effects of Removing a Provisioned Switch from a Switch Stac ...

  • Cisco Systems 3560X - page 7

    Contents vii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Hardware Loopback Example: LINK OK event 5-30 Hardware Loo p Example: L INK NOT OK Eve nt 5-31 Finding a Disconnecte d Stack Cable 5-32 Fixing a Bad Connection Between Sta ck Ports 5-33 CHAPTER 6 Clustering Switches 6-1 Understanding Switch Clusters 6-2 Cluster ...

  • Cisco Systems 3560X - page 8

    Contents viii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Configuring NTP 7-4 Default NTP Configuration 7-4 Configuring NTP Authentication 7-4 Configuring NTP Associations 7-5 Configuring NTP Broadcast Service 7-6 Configuring NTP Access Restriction s 7-8 Configuring the Source IP Address for NTP Packets 7-10 Displayin ...

  • Cisco Systems 3560X - page 9

    Contents ix Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 CHAPTER 8 Configuring SDM Temp lat es 8-1 Understanding the SDM Te mplates 8-1 Dual IPv4 and IPv6 SDM Templates 8-2 SDM Templates and Switch Stack s 8-3 Configuring the Switch SDM Template 8-4 Default SDM Template 8-4 SDM Template Configuratio n Guidelines 8-4 S ...

  • Cisco Systems 3560X - page 10

    Contents x Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Default TACACS+ Configuration 10-13 Identifying the TACACS+ Server Host and Setting the Authen tica tion Key 10-13 Configuring TACACS+ Login Authentication 10-14 Configuring TACACS+ Authorization for Pr ivileg ed EXEC Access and Network Services 10-16 Starting TA ...

  • Cisco Systems 3560X - page 11

    Contents xi Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring SSH 10-46 Configuration Guidelines 10 -46 Setting Up the Switch to Run SSH 10-46 Configuring the SSH Server 10-47 Displaying the SSH Configuration and Statu s 10-48 Configuring the Switch for Secure Socket Layer HTTP 10-49 Understanding Secure HTTP S ...

  • Cisco Systems 3560X - page 12

    Contents xii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 802.1x Authen tication with Downloadab le ACLs and Redirect URLs 11-17 Cisco Secure ACS and Attribute-Value Pairs fo r the Redirect URL 11-17 Cisco Secure ACS and Attribute-Value Pairs fo r Downloadable ACLs 11-18 VLAN ID-based MAC Authentication 11-18 802.1x Au ...

  • Cisco Systems 3560X - page 13

    Contents xiii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring 802.1x Violation Modes 11-41 Configuring 802.1x Authenticatio n 11 -41 Configuring the Switch-to-R ADIUS-Server Commun ication 11-43 Configuring the Host Mode 11-44 Configuring Periodic Re-Authentication 11-45 Manually Re-Au thenticating a Client C ...

  • Cisco Systems 3560X - page 14

    Contents xiv Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Session Creation 12-3 Authentication Process 12-3 Local Web Authentication Banner 12 -4 Web Authenticatio n Customizable Web Pages 12-6 Guidelines 12-6 Web-based Authentication In teraction s with Other Features 12-7 Port Security 12-7 LAN Port IP 12-8 Gateway I ...

  • Cisco Systems 3560X - page 15

    Contents xv Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 EtherChannel Port Group s 13-6 10-Gigabit Ethernet Interfaces 13-7 Power over Ethernet Ports 13-7 Supported Protocols and Standa rds 13-7 Powered-Device Detection and Initial Power Allocatio n 13-8 Power Management Mo des 13-9 Power Monitoring and Power Policing ...

  • Cisco Systems 3560X - page 16

    Contents xvi Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Monitoring and Maintaining the Interfaces 13-45 Monitoring Inte rface Status 13-45 Clearing and Resetting Interfaces and Counters 13-46 Shutting Down and Re starting the Interface 13-47 CHAPTER 14 Configuring Auto Smartports Macros 14-1 Understanding Au to Smart ...

  • Cisco Systems 3560X - page 17

    Contents xvii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring Extended-Ra nge VLANs 15-10 Default VLAN Configuration 15-10 Extended-Range VLAN Configuration Gu idelines 15-10 Creating an Extende d-Range VLAN 15-11 Creating an Ex tended-Range VLAN with an Internal VLAN ID 15-13 Displaying VLANs 15-14 Configuri ...

  • Cisco Systems 3560X - page 18

    Contents xviii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 VTP Advertisements 16-4 VTP Versio n 2 16-4 VTP Versio n 3 16-5 VTP Pruning 16-6 VTP and Switch Stacks 16-7 Configuring VTP 16-8 Default VTP Configuration 16-8 VTP Configuration Guidelines 16-9 Domain Names 16-9 Passwords 16-9 VTP Versio n 16-10 Configuration ...

  • Cisco Systems 3560X - page 19

    Contents xix Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Private-VLAN Interaction with Other Features 18-4 Private VLANs and Unicast, Broadcast, and Multicast Traffic 18-4 Private VLANs and SVIs 18-5 Private VLANs and Switch Stacks 18-5 Configuring Private VLANs 18-5 Tasks for Configuring Private VLANs 18-6 Default P ...

  • Cisco Systems 3560X - page 20

    Contents xx Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Spanning-Tree T opology and BPDUs 20-3 Bridge ID, Switch Priority, and Extended System ID 20-4 Spanning-Tree Interfa ce States 20-5 Blocking State 20-6 Listening State 20-7 Learning State 20-7 Forwarding State 20-7 Disabled State 20-7 How a Switch or Port Becomes ...

  • Cisco Systems 3560X - page 21

    Contents xxi Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 CHAPTER 21 Configuring MSTP 21-1 Understanding MST P 21-2 Multiple Spanning-Tree Region s 21-2 IST, CIST, and CST 21-2 Operations Within an MST Region 21-3 Operations Between MST Regions 21-3 IEEE 802.1s Terminology 21-5 Hop Count 21-5 Boundary Ports 21-6 IEEE ...

  • Cisco Systems 3560X - page 22

    Contents xxii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 CHAPTER 22 Configuring Optiona l Spanning-Tree Features 22-1 Understanding Op tional Spanning-Tree Features 22 -1 Understanding P ort Fast 22-2 Understanding BPDU Guard 22-2 Understanding BPDU Filtering 22-3 Understanding Up linkFast 22-3 Understanding Cross -S ...

  • Cisco Systems 3560X - page 23

    Contents xxiii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring Flex Links 23-8 Configuring VLAN Load Balancing on Flex Links 23-10 Configuring the MAC Address-Table Move Upd ate Feature 23 -12 Monitoring Flex Links an d the MAC Address-Table Move Update 23 -14 CHAPTER 24 Configuring DHCP Features and IP Sourc ...

  • Cisco Systems 3560X - page 24

    Contents xxiv Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Configuring DHCP Server Port-Based Address Allocation 24-26 Default Port-Based Address Allocation Configuration 24-26 Port-Based Address Allocati on Configuration Guidelines 24-26 Enabling DHCP Server Port-B ased Address Allocation 24-27 Displaying DHCP Server ...

  • Cisco Systems 3560X - page 25

    Contents xxv Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring TCN-Related Command s 26-11 Controlling the Multicast Floodin g Time After a TCN Event 26-11 Recovering from Flood M ode 26-12 Disabling Multicast Floodin g During a TCN Event 26-12 Configuring the IGMP Snooping Querier 26-13 Disabling IGMP Rep ort ...

  • Cisco Systems 3560X - page 26

    Contents xxvi Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Enabling MLD Immediate Leave 27-9 Configuring MLD Snooping Queries 27 -10 Disabling MLD Listener Message Suppression 27-11 Displaying MLD Snooping In formation 27-12 CHAPTER 28 Configuring Port-Bas ed Traffic Control 28-1 Configuring Storm Control 28-1 Understa ...

  • Cisco Systems 3560X - page 27

    Contents xxvii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 CHAPTER 30 Configuring LLDP, LLDP-MED , and Wired Lo cation Service 30-1 Understanding L LDP, LLDP-MED, and Wired Loca tion Service 30-1 LLDP 30-1 LLDP-MED 30-2 Wired Location Service 30-3 Configuring LLDP, LLDP-MED, and Wired Location Service 30-5 Default LL ...

  • Cisco Systems 3560X - page 28

    Contents xxviii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 SPAN and RSPAN Interaction with Other Feature s 32-9 SPAN and RSPAN and Switch Stacks 32-10 Understanding F low-Based SPAN 32-11 Configuring SPAN and RSPAN 32-12 Default SPAN and RSPAN Configuration 32-12 Configuring Local SPAN 32-12 SPAN Config uration Gui d ...

  • Cisco Systems 3560X - page 29

    Contents xxix Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Setting the Mes sage Display Destination De vice 34-5 Synchronizing Log Messa ges 34-6 Enabling and Disabling Time Stamps on Log Messag es 34-8 Enabling and Disabling Sequence Numbers in Log Messa ges 34-8 Defining the Message Severity Level 34-9 Limiting Sysl ...

  • Cisco Systems 3560X - page 30

    Contents xxx Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Embedded Event Manager Enviro nmen t Variables 36-5 EEM 3.2 36-5 Configuring Embedded Event Man age r 36-6 Registering and Defining an Embedded Event Manager Applet 36-6 Registering and Defining an Em bedded Event Manager TCL Script 36-7 Displaying Embedded Eve ...

  • Cisco Systems 3560X - page 31

    Contents xxxi Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring VLAN Maps 37-31 VLAN Map Configuration Guidelines 37-31 Creating a VLAN Map 37 -32 Examples of ACLs and VLAN Maps 37-3 3 Applying a VLAN Map to a VLAN 37-35 Using VLAN Maps in Your Network 37-35 Wiring Closet Configuration 37-35 Denying Access to a ...

  • Cisco Systems 3560X - page 32

    Contents xxxii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Queueing and Scheduling Overview 39 -14 Weighted Tail Drop 39-15 SRR Shaping and Sharing 39-15 Queueing and Scheduling on Ingress Queues 39-16 Queueing and Scheduling on Egress Queues 39-19 Packet Modification 39-22 Configuring Auto-QoS 39-23 Generated Auto-Qo ...

  • Cisco Systems 3560X - page 33

    Contents xxxiii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring DSCP Maps 39-70 Configuring the CoS-to-DSCP Map 39-71 Configuring the IP-Precede nce-to-DSCP Map 39-72 Configuring the Policed-DSCP Map 39-73 Configuring the DSCP-to-CoS Map 39-74 Configuring the DSCP-to-DSCP -Mutation Map 39-75 Configuring Ingre ...

  • Cisco Systems 3560X - page 34

    Contents xxxiv Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Configuring Layer 3 EtherChannels 40-15 Creating Port-Channel Logical Interfaces 40-15 Configuring the Physical Interfaces 40-16 Configuring EtherChannel Lo ad-Balancing 40-18 Configuring the PAgP Learn Method and Priority 40-19 Configuring LACP Hot-Standby Po ...

  • Cisco Systems 3560X - page 35

    Contents xxxv Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Routing Assistance When IP Routing is Disabled 42-12 Proxy ARP 42-12 Default Gateway 42-12 ICMP Router Discovery Protocol (IRDP) 42-13 Configuring Broadcast Packet Ha ndling 42-14 Enabling Directed Broadcast-to- Physical Broadcast Translation 42 -15 Forwarding ...

  • Cisco Systems 3560X - page 36

    Contents xxxvi Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Managing Routing Policy Changes 42-50 Configuring BGP Decision Attributes 42-52 Configuring BGP Filtering with Route Maps 42-54 Configuring BGP Filtering by Neighbor 42-54 Configuring Prefix Lists for BGP Filtering 42-56 Configuring BGP Community Filtering 42- ...

  • Cisco Systems 3560X - page 37

    Contents xxxvii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring Unicast Reverse Path Forw arding 42-89 Configuring Protocol-Independ ent Features 42-89 Configuring Distributed Cisco Expre ss Forwarding 42-89 Configuring the Number of Equal-Cost Routing Path s 42 -91 Configuring Static Unica st Routes 42-92 Sp ...

  • Cisco Systems 3560X - page 38

    Contents xxxviii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Unsupported IPv6 Unicast Ro uting Features 43-8 Limitations 43-9 IPv6 and Switch Stacks 43-9 Configuring IPv6 43-10 Default IPv6 Configuration 43-11 Configuring IPv6 Addressing and Enabling IPv6 Routing 43-11 Configuring Default Router Preference 43 -13 Conf ...

  • Cisco Systems 3560X - page 39

    Contents xxxix Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 CHAPTER 45 Configuring Cisco IOS IP SLAs Operations 45-1 Understanding Cisco IOS IP SLAs 45-1 Using Cisco IOS IP SLAs to Measure Network Perform ance 45-3 IP SLAs Responder and IP SLAs Control Protocol 45-4 Response Time Computation for IP SLAs 45-4 IP SLAs O ...

  • Cisco Systems 3560X - page 40

    Contents xl Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 WCCP and Switch Stacks 47-4 Unsupported WCCP Features 47-5 Configuring WCCP 47-5 Default WCCP Configuration 47-5 WCCP Configuration Guidelines 47-5 Enabling the Web Cache Se rvice 47-6 Monitoring and Maintaining WCCP 47-10 CHAPTER 48 Configuring IP Multicast Rout ...

  • Cisco Systems 3560X - page 41

    Contents xli Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring Source Specific Multicast Ma pping 48-17 SSM Mapping Configuration Gu idelin es and Restrictions 48-17 SSM Mapping Overview 48-18 Configuring SSM Mapping 48-20 Monitoring SSM Mapping 48 -22 Configuring PIM Stub Routing 48-22 PIM Stub Routing Config ...

  • Cisco Systems 3560X - page 42

    Contents xlii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Configuring Advanced DVMRP Interope rability Features 48-54 Enabling DVMRP Unicast Routing 48-54 Rejecting a DVMRP Nonpruning Neighbor 48-55 Controllin g Ro ut e Exchanges 48-58 Limiting the Number of DVMRP Routes Advertised 48-58 Changing the DVMRP Route Th re ...

  • Cisco Systems 3560X - page 43

    Contents xliii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 CHAPTER 50 Configuring Fallback Bridging 50-1 Understan di ng Fallbac k Bridging 50-1 Fallback Bridging Overview 50 -1 Fallback Bridging and Switch Stacks 50-3 Configuring Fallback Bridging 50 -3 Default Fallback Bridging Configuration 50-3 Fallback Bridging ...

  • Cisco Systems 3560X - page 44

    Contents xliv Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Using Layer 2 Traceroute 51-16 Understanding L ayer 2 Tra ceroute 51-16 Usage Guidelines 51-17 Displaying the Physical Path 51-17 Using IP Traceroute 51-18 Understanding IP Traceroute 51-18 Executing IP Traceroute 51-18 Using TDR 51-19 Understanding TDR 51-19 R ...

  • Cisco Systems 3560X - page 45

    Contents xlv Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 APPENDIX A Supported MIBs A-1 MIB List A-1 Using FTP to Access the MIB Files A-4 APPENDIX B Working with the Cisco IOS File System, Configuration Fi les, and Software Images B-1 Working with the Flash File System B-1 Displaying Available File Systems B-2 Settin ...

  • Cisco Systems 3560X - page 46

    Contents xlvi Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Working with Software Images B-25 Image Location on th e Switch B-26 File Format of Im ag e s on a Server or Cisco . c o m B-26 Copying Image Files By Using TFTP B-27 Preparing to Download or Upload an Image File By Using TFTP B-28 Downloading an Image File By ...

  • Cisco Systems 3560X - page 47

    Contents xlvii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Fallback Bridging C-4 Unsupported Privileged EXEC Comma nds C-4 Unsupported Global Configuratio n Commands C-4 Unsupported Interface Configuration Commands C-5 HSRP C-5 Unsupported Global Configuratio n Commands C-5 Unsupported Interface Configuration Command ...

  • Cisco Systems 3560X - page 48

    Contents xlviii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 QoS C-12 Unsupported Global Configura tion Command C-12 Unsupported Interface Configuration Commands C-12 Unsupported Policy-Ma p Configuration Command C-12 RADIUS C-12 Unsupported Global Configura tion Commands C-12 SNMP C-13 Unsupported Global Configura tio ...

  • Cisco Systems 3560X - page 49

    xlix Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Preface Audience This guide is for the n etworking pr ofessional managing the st andalone Catalyst 3750-X or 35 60-X switch or the Cataly st 3750-X switch st ack, referred to as the switc h . Before using this guide, you should ha ve exp erience working with the Cisco ...

  • Cisco Systems 3560X - page 50

    l Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Preface • Square brackets ([ ]) mean optional el ements. • Braces ({ }) group required choices, and v ertical bars ( | ) separate the alternati ve elements. • Braces and vertical bars within square brackets ([ { | }]) mean a required choi ce within an optional elemen ...

  • Cisco Systems 3560X - page 51

    li Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Preface • Cisco IOS Softwar e Installation Docu ment • Catalyst 3750-X and 3560- X Switc h Getting Started G uide • Catalyst 3750-X and 3560- X Switc h Har dwar e Installation Guide • Re gulatory Compliance and Safety Informati on for the Catalyst 3750-X an d 3560 ...

  • Cisco Systems 3560X - page 52

    lii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Preface ...

  • Cisco Systems 3560X - page 53

    CH A P T E R 1-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 1 Overview This chapter p rovides these topics ab out the Catalyst 3750-X and 356 0-X switch software : • Features, page 1-1 • Default Setti ngs After Initial Switch Conf iguration, page 1-16 • Network Confi guration Examples, p age 1-19 • Where to G ...

  • Cisco Systems 3560X - page 54

    1-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Features • IP services feature set, which prov ides a richer set of enterprise-cla ss intellig ent services and full IPv6 support. It inclu des all IP base features plus full Layer 3 routing (IP unicast routin g, IP mu lticast routin g, and fallback ...

  • Cisco Systems 3560X - page 55

    1-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Features – Interacti ve guide mode that guides you in co nfiguring complex featu res such as VLANs, A CLs, and quality of service (QoS). – Config uration wizards that prompt you to provi de only the minimum requi red information to configure comple ...

  • Cisco Systems 3560X - page 56

    1-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Features • Smart Install to allo w a single point of manage ment (direct or) in a network. Y ou can use Smart Install to pro vide zero touch image and conf iguration upgrade of ne wly deployed switches and image and conf iguration downloads for any ...

  • Cisco Systems 3560X - page 57

    1-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Features • IGMP snooping quer ier support to conf igure switch to generate perio dic IGMP General Query messages • IIGMP Helper to allo w the switch to forward a host request to join a multicast stream to a specif ic IP destination address • Mult ...

  • Cisco Systems 3560X - page 58

    1-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Features station or PC. Y ou can manage the switch stack by connecting to the console port or Ethernet management port of an y stack member . Fo r more information about the CLI, see Chapter 2, “Using the Command-Line Interface. ” • SNMP—SNMP ...

  • Cisco Systems 3560X - page 59

    1-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Features • Config uration logging to lo g and to vie w changes to t he switch conf iguration • Config uration replacement an d rollback to replace t he running conf iguration on a swi tch with any sav ed Cisco IOS configuratio n file • Unique de ...

  • Cisco Systems 3560X - page 60

    1-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Features • USB T ype A port for e xternal Cisco USB flash memor y de vices (thumb dri ves or USB ke ys). Y ou can use standard Cisco CLI commands to rea d, writ e, eras e, copy , or boot from the flash memory . Note For addition al descriptions of t ...

  • Cisco Systems 3560X - page 61

    1-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Features • Flex Link Layer 2 inte rfaces to back up one another as an al ternativ e to STP for basic link redundanc y • Link-state tracking t o mirror the state of the ports that carry upstream tra ff ic from connected hosts and servers and to allo ...

  • Cisco Systems 3560X - page 62

    1-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Features • Password-protected access (read-only and read-wr ite access) to management interf aces (de vice manager , Network Assistant, and t he CLI) for protection ag ainst unauthorized conf iguration changes • Multile vel security f or a choice ...

  • Cisco Systems 3560X - page 63

    1-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Features – IP phone detec tion enhancemen t to de tect and recognize a Cisco IP phone – Guest VLAN to pro vide limited services t o non-IEEE 802.1x-co mpliant users – Restricted VLAN to pro vide limited services to users who are IEEE 802.1x comp ...

  • Cisco Systems 3560X - page 64

    1-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Features • IEEE 802.1x readiness check to dete rmine the readiness of connected end hosts before conf iguring IEEE 802.1x on the switch • Support for IP source guard on st atic hosts • RADIUS Change of Authorization (CoA) to change the attrib u ...

  • Cisco Systems 3560X - page 65

    1-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Features • Classification – IP type-of-service/Dif ferentiated Services Co de Point (IP T oS/DSCP) and IEEE 802.1p CoS marking priorities on a p er-port b asis for protecting the perf ormance of mission-critical applications – IP T oS/DSCP and I ...

  • Cisco Systems 3560X - page 66

    1-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Features Layer 3 Features Note Features in this section are not supported on swi tches running the LAN base feature set. Some features noted are av ailable only in the IP services feature set. • HSRP V ersion 1 (HSRPv1) an d HSRP V ersion 2 (HSRPv2 ...

  • Cisco Systems 3560X - page 67

    1-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Features • IPv6 default router prefer ence (DRP) for improv ing the ability of a host t o select an appropriate router • Support for EIGRP IPv6, which utilizes IPv6 transport, communicates with IPv6 peer s, and advertis es IPv6 routes • IP unica ...

  • Cisco Systems 3560X - page 68

    1-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Default Settings After In itial Switch Configuration • Four gro ups (history , statistics, alarms, and events) of embedded RM ON agents for network monitoring and traf fic analysis • Syslog facil ity for logging system messages ab out authenticat ...

  • Cisco Systems 3560X - page 69

    1-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Default Settings After In itial Switch Configuration • Default d omain name is not conf igured. For more in formation, see Chapter 3, “ Assigning th e Switch IP Address and Default Gateway . ” • DHCP client is enabled, the DHCP server is enabl ...

  • Cisco Systems 3560X - page 70

    1-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Default Settings After In itial Switch Configuration – VTP version is V ersion 1. Fo r more information, see Chapter 16, “Conf iguring VTP . ” – No pri vate VLANs are conf igured. For more information, see Chapter 18, “Conf iguring Priv ate ...

  • Cisco Systems 3560X - page 71

    1-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Network Config uration Example s • No A CLs are configured. For more information, see Chapter 37, “Configuring Network Secu rity with A CLs. ” • QoS is disabled. For more information, see Chapter 39, “Configuring QoS. ” • No EtherChannel ...

  • Cisco Systems 3560X - page 72

    1-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Network Config uration Examples Bandwidth alone is not th e only consideration when designing y our network. As you r network traf fic prof iles ev olve, consider prov iding network services th at can support appli cations for v oice and data integra ...

  • Cisco Systems 3560X - page 73

    1-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Network Config uration Example s Y ou can use the switches a nd switch stacks to create the follo wing: • Cost-ef fecti ve wiring closet ( Figure 1-1 )—A cost-ef fectiv e way to connect man y users to the wiring closet is to ha ve a switch stack o ...

  • Cisco Systems 3560X - page 74

    1-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Network Config uration Examples • High-performance wiring closet ( Figure 1-2 )—F or high-speed access to n etwork resources, you can use Catalyst 3750-X switches an d switch stacks in the ac cess layer to provide Gigabit Ethernet access to the d ...

  • Cisco Systems 3560X - page 75

    1-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Network Config uration Example s Figur e 1 -3 High-P erfor mance W ork group (Gi g abit-to-the-Deskt o p) with Catalyst 3560-X Standalone Switches 200853 Access-la yer standalone s witches Stacking-capab le s witches 200854 Cisco 2600 router Access-la ...

  • Cisco Systems 3560X - page 76

    1-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Network Config uration Examples • Redundant Gigabi t backbone ( Figure 1-4 )—Using HSRP , you can create back up paths between two Catalyst 3750-X Gigabit switches to enhance netw o rk reliability and load-b al ancing for dif ferent VLANs and sub ...

  • Cisco Systems 3560X - page 77

    1-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Network Config uration Example s Figur e 1 -5 Server A ggregation 86931 Si Si Si Si Si Si Campus core Catalyst 6500 s witches Catalyst 4500 multila yer switches StackWise Plus s witch stacks Ser v er rac ks 200857 Campus core Catalyst 6500 s witches S ...

  • Cisco Systems 3560X - page 78

    1-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Network Config uration Examples 86931 Si Si Si Si Si Si Campus core Catalyst 6500 s witches Catalyst 4500 multila yer switches StackWise Plus s witch stacks Ser v er rac ks Figur e 1 -6 Linux Serv er Cluster Small to Medium-Sized Network Using Cataly ...

  • Cisco Systems 3560X - page 79

    1-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Network Config uration Example s This network uses VLANs to logically segment the netwo rk into well-def ined broadcast groups and for security management. Dat a and multimedia traf fic are config ured on the same V LAN. V oice traf fic fr om the Cisc ...

  • Cisco Systems 3560X - page 80

    1-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Network Config uration Examples Figur e 1 -8 Catalyst 3560-X Switc h es in a Collapsed Bac kbone Configur ation Large Network Using Cata lyst 3750-X and 3560-X Switches Switches in the wiri ng closet ha ve trad itionally been only Layer 2 de vices, b ...

  • Cisco Systems 3560X - page 81

    1-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Network Config uration Example s Figur e 1 -9 Catalyst 3750-X Switch Stac ks in Wir i ng Closets in a Backbone Configuration Cisco 7x00 routers Catalyst 6500 multila yer switches Cisco IP Phones with workstations IEEE 802.3af-compliant powered de vice ...

  • Cisco Systems 3560X - page 82

    1-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Network Config uration Examples Figur e 1 -1 0 Catalyst 3560-X Switc hes in Wiring Closets in a Backbone Configuration Cisco 7x00 routers Catalyst 6500 multila yer switches Standalone s witches Standalone s witches Cisco IP Phones with workstations W ...

  • Cisco Systems 3560X - page 83

    1-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Network Config uration Example s Multidwelling Network Using Catalyst 3750-X Switches A gro wing segment of resi dential and commerci al cu stomers are requ iring high- speed access to Ethernet metropolitan-area n etworks (MANs). Figur e 1-11 shows a ...

  • Cisco Systems 3560X - page 84

    1-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Network Config uration Examples Figur e 1 -1 1 Catalyst 3 750-X Switches in a MAN Con figuration Long-Distance, High-Bandwidt h Transport Configuration Figure 1-12 shows a configuration for sending 8 Gi gabits of data over a single fiber-optic cable. ...

  • Cisco Systems 3560X - page 85

    1-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Where to Go Next Figur e 1 -12 Long-Distance, High -Bandwidth T ransport Configuration Where to Go Next Before conf iguring the switch, re view th ese sections for startup information: • Chapter 2, “Using t he Command-Line Interface” • Chapter ...

  • Cisco Systems 3560X - page 86

    1-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Where to Go Ne xt ...

  • Cisco Systems 3560X - page 87

    CH A P T E R 2-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 2 Using the Command-Line Interface This chapter descr ibes the Cisco IOS command-line interface (CLI ) and ho w to use it t o configure your standalone Catalyst 3750-X or 356 0-X switch or a Catalyst 3750-X s witch stack , referred to as the switc h . It con ...

  • Cisco Systems 3560X - page 88

    2-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using the Comman d-Line Interface Understanding Command Modes Ta b l e 2-1 describes the main comma nd modes, ho w to acc e ss each one, the prompt you see in that mode, and ho w to exit the mode. The e xamples in the table use the hostname Switc h . Ta b l e 2 ...

  • Cisco Systems 3560X - page 89

    2-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using th e Co mmand-Line Interface Understanding the Help Syste m For more detail ed information on the co mmand modes, see the co mmand reference gu ide for this release. Understanding the Help System Y ou can enter a question mark (?) at the system prompt to ...

  • Cisco Systems 3560X - page 90

    2-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using the Comman d-Line Interface Understanding no an d default Forms of Command s Understanding no and default Forms of Commands Almost e very conf iguration command also h as a no form. In general, use the no form to disable a featur e or function or re verse ...

  • Cisco Systems 3560X - page 91

    2-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using th e Co mmand-Line Interface Using Comman d History command was entered, and the parser return code for the command. This feat ure includes a me chanism for asynchronous notif ication to registered appli cations whene ver the conf iguration changes. Y ou ...

  • Cisco Systems 3560X - page 92

    2-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using the Comman d-Line Interface Using Editing Features Recalling Commands T o recall commands from the history b uffer , perform one of the actions listed in Ta b l e 2-4 . These actions are optional. Disabling the Command History Feature The command history ...

  • Cisco Systems 3560X - page 93

    2-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using th e Co mmand-Line Interface Using Editing Features T o re-enable the enhanced editing mode for the current terminal session, enter this command i n pri vileged EXEC mod e: Switch# terminal editing T o reconf igure a specific lin e to hav e enhanced editi ...

  • Cisco Systems 3560X - page 94

    2-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using the Comman d-Line Interface Using Editing Features Editing Command Lines that Wrap Y ou can use a wraparound featu re for commands that e xtend be yond a single line on the screen. Wh en the cursor reaches the right margin, the command line shifts ten spa ...

  • Cisco Systems 3560X - page 95

    2-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using th e Co mmand-Line Interface Searching and Filtering Output of show and more Commands After you complete the entry , press Ctrl-A to check the c omplete sy ntax before pressing the Return key to ex ecute the command. The dollar sign ($) appears a t th e e ...

  • Cisco Systems 3560X - page 96

    2-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using the Comman d-Line Interface Accessing the CLI T o debug a specif ic stac k member , you can a ccess it from the stack master b y using the session stac k-member- number privile ged EXEC command . The stack member number is appe nded to the system prompt. ...

  • Cisco Systems 3560X - page 97

    CH A P T E R 3-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 3 Assigning the Switch IP Address and Default Gateway This chapter describes ho w to create the initial sw itch configur ation (for ex ample, assigning the IP address and default ga te way information) by using a v a riety of automatic and man ual methods. I ...

  • Cisco Systems 3560X - page 98

    3-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information The normal boot process in vol ves the operati on of the boot loader softw are and includes these activities: • Performs lo w-lev el CPU initialization. It initi alizes the CPU ...

  • Cisco Systems 3560X - page 99

    3-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Note Stack members retain their IP addr ess when you remov e them from a sw itch stack. T o av oid a conflict by ha ving two dev ices with the same IP address in your netw ork, ch ...

  • Cisco Systems 3560X - page 100

    3-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information W ith DHCP-based autoconfigurati on, no DHCP client-si de configurati on is needed on your swi tch. Howe ver , you need to configure the DHCP server for v arious lease opti ons as ...

  • Cisco Systems 3560X - page 101

    3-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information The DHCP serv er sends the clien t a DHCPN AK denial broadc ast message, w hich means th at the of fered confi guration parameters ha ve not been assigned, that an erro r has occu ...

  • Cisco Systems 3560X - page 102

    3-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Note For procedures to c onfigure the sw itch as a D HCP server , see the “Configuring DHCP Au toconfiguration (Only Configuration File)” se ction on page 3-1 1 and the “Con ...

  • Cisco Systems 3560X - page 103

    3-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information DHCP Server Configuration Guidelines Follo w these guidelines if you are co nf iguring a device as a DHCP server: • Y ou should configure the DHCP server with reserv ed leases t ...

  • Cisco Systems 3560X - page 104

    3-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information For the swit ch to successfully do wnload a configuration f ile, the TFTP serv er must contain one or mor e confi guration fi les in its base directory . The files can include th ...

  • Cisco Systems 3560X - page 105

    3-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Figur e 3-2 Relay Device Used in A utoconfigur ation Obtaining Configuration Files Depending on the a vailability o f the IP address a nd the conf iguration filen ame in the DHCP ...

  • Cisco Systems 3560X - page 106

    3-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Note The switch broadcasts TFTP serv er requests if the TFTP server is not obtained from the DHCP replies, if all attempts to read the conf iguration f ile through unicast transm ...

  • Cisco Systems 3560X - page 107

    3-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information TFTP Server Conf iguration (on UNIX) The TFTP serv er base di rectory is set t o /tftpserver/ w ork/. Th is directory contai ns the network-co nfg fi le used in the two-f ile rea ...

  • Cisco Systems 3560X - page 108

    3-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information This exampl e show s how to configu re a switch as a DHCP server so th at it will do wnload a configura - tion file: Switch# configure terminal Switch(config)# ip dhcp pool pool ...

  • Cisco Systems 3560X - page 109

    3-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information This exampl e sho ws how to conf igure a switch as a DHCP serv er so it downloads a conf iguration file: Switch# config terminal Switch(config)# ip dhcp pool pool1 Switch(dhcp-co ...

  • Cisco Systems 3560X - page 110

    3-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Configuring the Client Beginning in pri vileged EXEC mode, foll ow th ese steps to conf igure a switch to do wnload a confi guration f ile and ne w image from a DHCP serv er: Thi ...

  • Cisco Systems 3560X - page 111

    3-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Checking and Saving the Running Configuration Manually Assigning IP Information Beginning in pri vileged EXEC mod e, follo w these steps to manually assign IP inform ation to multiple switched virtual interf ...

  • Cisco Systems 3560X - page 112

    3-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Star tup Configuration service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Stack1 ! enable secret 5 $1$ej9.$DMUvAUnZOAmvmgqBEzIxE0 ! . <ou ...

  • Cisco Systems 3560X - page 113

    3-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Startup Configuration See also Appendix B, “W orking with the Cisco I OS File System, Conf iguration Files, and Softw are Images, ” for information about switch configur ation f iles. See t ...

  • Cisco Systems 3560X - page 114

    3-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Star tup Configuration T o return to the def ault setting, use the no boot conf ig-file global con figurat ion command. Booting Manually By default, th e switch automatically boot s up; ho we v ...

  • Cisco Systems 3560X - page 115

    3-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Startup Configuration Booting a Specific Software Image By default, the switch at tempts to automatically bo ot up t he system using information in th e BOO T en vironment var iable. If this v ...

  • Cisco Systems 3560X - page 116

    3-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Star tup Configuration Controlling Environment Variables W ith a normally operating swit ch, you enter the boot loader mo de only through a switch consol e connection conf igured for 9600 b/s. ...

  • Cisco Systems 3560X - page 117

    3-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Startup Configuration When the switch is connected to a PC thr ough the Ethernet manageme nt port, you can download or upload a conf iguration f ile to the boot loader b y using TFTP . Make su ...

  • Cisco Systems 3560X - page 118

    3-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Scheduling a Reload of the Software Image Scheduling a Reload of the Software Image Y ou can schedule a relo ad of t he software image to occur on the switch at a later ti me (for example, late at night or d ...

  • Cisco Systems 3560X - page 119

    3-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Scheduling a Relo ad of the Software Image This exampl e show s how to reload the software on th e switch at a future tim e: Switch# reload at 02:00 jun 20 Reload scheduled for 02:00:00 UTC Thu Jun 20 1996 ( ...

  • Cisco Systems 3560X - page 120

    3-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Scheduling a Reload of the Software Image ...

  • Cisco Systems 3560X - page 121

    CH A P T E R 4-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 4 Configuring Cisco IOS Configuration Engine This chapter describe s ho w to configure the feature on t he Catalyst 3750-X or 3560-X swit ch. Unless otherwise noted , the term switc h refers to a Catalyst 3750-X o r 3560-X standalone switch and to a Ca talys ...

  • Cisco Systems 3560X - page 122

    4-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Understanding Cisco Configuration Engine Softw ar e Figur e 4-1 Config uration Engi ne Arc hi tect u ral Overview These sections contain this conceptual information: • Config uration Service, page 4-2 • Event Servi ...

  • Cisco Systems 3560X - page 123

    4-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Understanding Cisco Co nfig uration Engine Software Event Service The Configuration Engine uses th e Event Service for receipt and generati on of conf iguration ev ents. The ev ent agent is on the sw it ch and facilita ...

  • Cisco Systems 3560X - page 124

    4-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Understanding Cisco Configuration Engine Softw ar e DeviceID Each confi gured switch participating on the ev ent bu s has a uni que DeviceID, which is analogous to th e switch source address so that the sw itch can be ...

  • Cisco Systems 3560X - page 125

    4-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Understanding Cisco IOS Agents Understanding Cisco IOS Agents The CNS ev ent agent feature allows the switch to publish and subscrib e to e vents on the e vent bu s and works with the Cisco IOS ag ent. The Cisco IOS ag ...

  • Cisco Systems 3560X - page 126

    4-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IO S Agents Incremental (Partial) Configuration After the networ k is running, ne w services can be added by using the Cisco IOS agent. Incremental (partial) conf igurations can be sent to the switch. ...

  • Cisco Systems 3560X - page 127

    4-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Note For more informati on about running the set up program and creatin g templates on the Conf iguration Engine, see the Cisco Configur ation Engine Insta llation and Setup Gui de, 1.5 for ...

  • Cisco Systems 3560X - page 128

    4-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IO S Agents Enabling the CNS Event Agent Note Y ou must enable the CNS event ag ent on the switch before you en able the CNS configuration agent. Beginni ng in pri vileged EXEC mod e, follo w these st ...

  • Cisco Systems 3560X - page 129

    4-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Enabling the Cisco IOS CNS Agent After enabling the CNS ev ent agent, start the Cisco IOS CNS agent on the switch. Y ou can enable the Cisco IOS agent with these commands: • The cns confi ...

  • Cisco Systems 3560X - page 130

    4-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IO S Agents Step 7 di scover { contr oller contr oller -type | dlci [ subinterface subinterfa ce-number ] | interface [ interface-type ] | line line-type } Specify the interface parame ters in the CN ...

  • Cisco Systems 3560X - page 131

    4-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Step 13 cns id interface num { dns-reverse | ipad dress | mac-addr ess } [ eve nt ] [ image ] or cns id { har dwar e-serial | hostname | string string | udi } [ event ] [ image ] (Optional ...

  • Cisco Systems 3560X - page 132

    4-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IO S Agents T o disable the CNS Cisco IOS agent, us e the no cns conf ig initial { ip-addr ess | hostname } g lobal confi guration command. This exampl e sho ws how to conf igure an initial co nfigu ...

  • Cisco Systems 3560X - page 133

    4-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents This exampl e sho ws how to conf igure an initial co nfigu ration on a remote switch when the switch IP address is kno wn. The Configurat ion Engine IP address is 172 .28.129.22. Switch(co ...

  • Cisco Systems 3560X - page 134

    4-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Displaying CNS Configuration Displaying CNS Configuration Y ou can use the pri vileg ed EXEC commands in Ta b l e 4-2 to display CNS configu ration informat ion. Ta b l e 4-2 Displaying CNS Configur ation Command Purp ...

  • Cisco Systems 3560X - page 135

    CH A P T E R 5-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 5 Managing Switch Stacks This chapter pro vides the concepts and procedures to manage Catalyst 3750-X switch stacks. Note The LAN base feature set supports sw itch stacks only wh en all switches in the stack are run th e LAN base feature set. The switch comm ...

  • Cisco Systems 3560X - page 136

    5-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks Understanding Switch Stacks A switch stack is a set of up to nine stacking-capab le switches connected thro ugh their StackW ise Plus or StackW ise ports. Y ou c an connect only one swit ch type in a stack, o ...

  • Cisco Systems 3560X - page 137

    5-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s The system-le vel features supported on the stack ma ster are supported on the entire switch stack. If a switch in the stack is runnin g the IP base or IP services feature set a nd the cryptographic (that is, ...

  • Cisco Systems 3560X - page 138

    5-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks – Additional Considerations fo r System-W ide Configurati on on Switch Stacks, page 5-16 – Switch Stack Management Co nnecti vity , page 5-17 – Switch Stack Configuration Sce narios, page 5-18 Note A sw ...

  • Cisco Systems 3560X - page 139

    5-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s For more inf ormation about cablin g and p owering switch stacks, see th e “Switch Installation” chapter in the hardware installation guide. Figur e 5-1 Creating a S witch Stac k fr om T wo Standalone Swit ...

  • Cisco Systems 3560X - page 140

    5-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks 4. The switch with the hig her priority feature set and so ftware image combination. These co mbinations are listed from highest to lo west priority . Note The noncryptograp hic images apply only to mixed sta ...

  • Cisco Systems 3560X - page 141

    5-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s As described in the hardware instal lation guide, you can use the Master LED on the switch to see if th e switch is the stack master . Switch Stack Bridge ID and Router MAC Address The bridge ID and rout er MA ...

  • Cisco Systems 3560X - page 142

    5-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks • If you mer ge switch stacks, the switches th at join the switch stack of a ne w stack master select the the lo west av ailable numbers in the stack. For mo re information about merging switch stacks, see ...

  • Cisco Systems 3560X - page 143

    5-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s Effects of Adding a Provisi oned Switch to a Switch Stack When you add a provisioned switch to the sw itch stack, the stack applies either the provisioned confi guration or the defau lt configu ration. Ta b l ...

  • Cisco Systems 3560X - page 144

    5-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks If you add a prov isioned switch that is a diff erent type than specif ied in th e provisioned conf iguration to a po wered-do wn switch stack and then apply po wer, the switch stack rejects the (no w incorr ...

  • Cisco Systems 3560X - page 145

    5-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s V ersion-mismatch (VM) mode has pri ority ov er SD M-mismatch mode. If a VM-mode condition and an SDM-mismatch mode e x ist, the switch stack f irst attempts to resolv e the VM-mode condition. Y ou can use th ...

  • Cisco Systems 3560X - page 146

    5-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks Minor Version Number Incompatibility Among Switches Switches with the same m ajor version numb er but wit h a dif ferent minor version numbe r are considere d partially compat ible. When connected to a switc ...

  • Cisco Systems 3560X - page 147

    5-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s • Automatic advise (auto -advise) oc curs when th e au to-upgrade process cannot f ind appropriate stack member software t o copy to the switch in VM mode. This process tells you th e command ( ar chive cop ...

  • Cisco Systems 3560X - page 148

    5-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: Minimum Dram required:0x08000000 *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: Image Suffix:ipservices-122-35.SE2 *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW ...

  • Cisco Systems 3560X - page 149

    5-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW:members have been scanned, and it h as *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW:been determined that the stack can be *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ ...

  • Cisco Systems 3560X - page 150

    5-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks The interface-specific conf iguration of each stack me mber is associated with the stack member numb er . As mentioned in the “Stack Member Numbers” section on page 5-7 , stack members re ta in their num ...

  • Cisco Systems 3560X - page 151

    5-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s Switch Stack Management Connectivity Y ou manage the sw itch stack and the stack member in terfaces through the sta ck master . Y ou can use the CLI, SNMP , Network Assistant, an d CiscoW orks netw o rk manag ...

  • Cisco Systems 3560X - page 152

    5-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks Be careful w hen using multiple CLI sessions to the stack master . Commands that you enter in one session are not displa yed in the oth er sessions. Therefor e, it is possible that you might not be ab le to ...

  • Cisco Systems 3560X - page 153

    5-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s Stack master election specifically determined by the cr yptographic softwar e image and th e IP services feature set and the IP servi ces feature set Assuming that all stack members have the same pr iority v ...

  • Cisco Systems 3560X - page 154

    5-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Configuring the Switch Stack Configuring the Switch Stack These sections contain this configu ration informat ion: • Default Swi tch Stack Conf iguration, page 5-20 • Enabling Persistent MA C Address, page 5-20 • Assigning Stack ...

  • Cisco Systems 3560X - page 155

    5-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Configuring the Switc h Stack the previous stack ma ster does not rejoin the stack during this period, the switch stack takes the MA C address of the new stack master as the stack MA C a d dress.Y ou can also conf igure stack MA C persis ...

  • Cisco Systems 3560X - page 156

    5-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Configuring the Switch Stack Use the no stack-mac persistent timer global conf iguration command to disable the persist ent MA C address feature. This examp le shows h ow to conf igure the persistent MA C address feature for a 7-mi nut ...

  • Cisco Systems 3560X - page 157

    5-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Configuring the Switc h Stack Beginni ng in pri vileged EXEC mode, fo llow th ese steps to assign a member number to a stack member . This procedure is optional. Setting the Stack Member Priority Value Note This task is av ailable only f ...

  • Cisco Systems 3560X - page 158

    5-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Configuring the Switch Stack Beginning in pri vileged EXEC mode, follo w these steps to prov ision a ne w member for a switch stack. This procedure is optional. T o remov e pro visioned information and to av oid rece i ving an error me ...

  • Cisco Systems 3560X - page 159

    5-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Accessing the CLI of a Specific Stack Member Accessing the CLI of a Specific Stack Member Note This task is only for deb ugging purposes, and is only a vailable fr om the master . Y ou can access all or specific members by using the r em ...

  • Cisco Systems 3560X - page 160

    5-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Troubleshooting Stacks • Finding a Disconnected Stack Cable, page 5-3 2 • Fixing a Bad Connection Between Stack Ports, page 5-33 Manually Disabling a Stack Port If a stack port is flap ping and causing instabilit y in the stack rin ...

  • Cisco Systems 3560X - page 161

    5-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Troubleshooting Stacks Understanding the show switch stack-ports summary Output Only Port 1 on stack member 2 is disabled. Switch# show switch stack-ports summary Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Length OK Act ...

  • Cisco Systems 3560X - page 162

    5-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Troubleshooting Stacks Identifying Loopback Problems • Software Loopback, page 5-28 • Software Loopback Example: No Connected Stack Cable, page 5-29 • Software Loopback Exampl es: Connected Stack Cabl es, page 5-29 • Hardware L ...

  • Cisco Systems 3560X - page 163

    5-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Troubleshooting Stacks Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Length OK Active OK Changes Loopback Status To LinkOK -------- ------ -------- -------- ---- ------ ---- --------- -------- 1/1 Absent None No cable No N ...

  • Cisco Systems 3560X - page 164

    5-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Troubleshooting Stacks Hardware Loopback The show platf orm stack ports b uffer pri vileged EXEC co mmand output sho ws the hardware loopback va lu e s . Switch# show platform stack ports buffer Stack Debug Event Data Trace =========== ...

  • Cisco Systems 3560X - page 165

    5-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Troubleshooting Stacks On a Catalyst 3750-E or 3750-X sw itch: Switch# show platform stack ports buffer Stack Debug Event Data Trace ========= ===================================================== Event type LINK: Link status change Even ...

  • Cisco Systems 3560X - page 166

    5-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Troubleshooting Stacks On a Catalyst 3750-E or 3750-X sw itch: Switch# show platform stack ports buffer Stack Debug Event Data Trace ========= ===================================================== Event type LINK: Link status change Ev ...

  • Cisco Systems 3560X - page 167

    5-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Troubleshooting Stacks Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Length OK Active OK Changes Loopback Status To LinkOK -------- ------ -------- -------- ---- ------ ---- --------- -------- 1/1 OK 2 50 cm Yes Yes Yes 1 ...

  • Cisco Systems 3560X - page 168

    5-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Troubleshooting Stacks ...

  • Cisco Systems 3560X - page 169

    CH A P T E R 6-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 6 Clustering Switches This chapte r provid es the concepts and procedures to create and manage Catalyst 3750-X and 3560-X switch clusters. Unless otherwise noted, the te rm switch refers to a stan dalone switch and to a switch stack. Y ou can create and mana ...

  • Cisco Systems 3560X - page 170

    6-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Understanding Switch Clusters Understanding Switch Clusters A switch clus ter is a set o f up to 16 c onnected, cluster- capable Catalyst switches that are managed as a single entity . The switches in the cluster use the swi t ch clusterin ...

  • Cisco Systems 3560X - page 171

    6-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Switches Understanding Switch Cluste rs Cluster Command Switch Characteristics A cluster command switch must meet these requirements: • It is running a supported sof tware release. • It has an IP address. • It has Cisco Disco very Pro tocol (CD ...

  • Cisco Systems 3560X - page 172

    6-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Planning a Switch Cluster Note Standby clu ster command switches must be th e same type of switches as the cluster command switch. For e xample, if the cluster command switch is a Catalyst 3750-E sw itch, the standb y clu ster command swit ...

  • Cisco Systems 3560X - page 173

    6-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Switches Planning a Switch Cluster • SNMP Community Strings, page 6- 14 • Switch Clusters and Switch S tacks, page 6-14 • T ACA CS+ and RADIUS, page 6-16 • LRE Prof iles, page 6-16 See the release notes for the list of Cataly st switches elig ...

  • Cisco Systems 3560X - page 174

    6-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Planning a Switch Cluster Figur e 6-1 Discovery Through CDP Hops Discovery Through Non-CDP-Capable and Noncluster-Capable Devices If a cluster command switch is connected to a non-CDP-capab le thir d-party hub (such as a non-Cisco hub), it ...

  • Cisco Systems 3560X - page 175

    6-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Switches Planning a Switch Cluster Discovery Through Different VLANs If the cluster command switch is a Catalyst 3560-E, Catalyst 3750-E, Catalyst 3560-X , or Catalyst 3750-X switch, the cluster can hav e cluster member switches in dif ferent VLANs. ...

  • Cisco Systems 3560X - page 176

    6-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Planning a Switch Cluster Note If the switch cluster has a Catal yst 3750-E or Cata ly st 3750-X switch or switch stack, that switch or switch stack must be the cluster command switch. The cluster command switch an d standby command swit c ...

  • Cisco Systems 3560X - page 177

    6-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Switches Planning a Switch Cluster Figur e 6-5 Discovery Through Routed P orts Discovery of Newly Installed Switches T o join a cluster , the new , out-of-the-box switch must be connected to t he cluster through one of its access ports. An access por ...

  • Cisco Systems 3560X - page 178

    6-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Planning a Switch Cluster HSRP and Standby Cluster Command Switches The switch supports Hot Standb y Router Protocol (HSRP) so that you can con figur e a group of standb y cluster command switches. Because a cluster co mmand switch manage ...

  • Cisco Systems 3560X - page 179

    6-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Switches Planning a Switch Cluster Virtual IP Addresses Y ou need t o assign a uni que virtual IP ad dress and group number and name to the cluster standb y group. This information must be conf igur ed on a specif ic VLAN or routed port on the acti ...

  • Cisco Systems 3560X - page 180

    6-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Planning a Switch Cluster • Each standb y-group member ( Figure 6-7 ) must be connected to th e cluster command switch through the same VLAN. In this example, the clus t er command switch and standby cluster command switches are Catalys ...

  • Cisco Systems 3560X - page 181

    6-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Switches Planning a Switch Cluster • This limitation applies to all clu sters: If the acti ve cluster command swi tch fails and there are more than two switches in the cluster standb y group, the ne w cluster command switch does not discov er any ...

  • Cisco Systems 3560X - page 182

    6-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Planning a Switch Cluster Passwords Y ou do not ne ed to assign passwords to an indi vidual swit ch if it wi ll be a cl uster mem ber . When a switch joins a cluster , it inherits the com mand-switch password and retains i t when it lea v ...

  • Cisco Systems 3560X - page 183

    6-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Switches Planning a Switch Cluster Recall that stack members w ork together to beha ve as a unif ied system (as a single switch st ack) in the network and are presented to the network as such by Layer 2 an d Layer 3 protocols. Th erefore, the swi tc ...

  • Cisco Systems 3560X - page 184

    6-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Using the CLI to Mana ge Switch Clusters • If a cluster member switch stack reloads and a ne w stack master is elected, the switch stack loses connecti vity with the cluster command switch. Y ou must add the switch stack back to the swi ...

  • Cisco Systems 3560X - page 185

    6-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Switches Using SNMP to Manage Switch Clusters Catalyst 1900 and Catalyst 2820 CLI Considerations If your switch cluster has Cat alyst 1900 and Catalyst 2820 switches run ning standard edit ion software, the T elne t session accesses the management c ...

  • Cisco Systems 3560X - page 186

    6-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Using SNMP to Manage Switch Clusters Figur e 6-8 SNMP Ma nagement f or a Cluster Tr a p Tr a p Tr a p Command s witch T rap 1, T rap 2, T rap 3 Member 1 Member 2 Member 3 33020 SNMP Manager ...

  • Cisco Systems 3560X - page 187

    CH A P T E R 7-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 7 Administering the Switch This chapter describes h ow to perf orm one-t ime operat ions to administer the Catalyst 3750-X or 35 60-X switch. Unless otherwise not ed, the term switc h refers to a Catalyst 3750-X or 3560-X standalon e switch and to a Ca talys ...

  • Cisco Systems 3560X - page 188

    7-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the System Time and Date Understanding the System Clock The heart of the time service is th e system clock. This clock runs fro m the moment the system st arts up and keeps track of the date and time. The system clock can then ...

  • Cisco Systems 3560X - page 189

    7-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the System T ime and Date Cisco’ s implementation o f NTP does not support st ratum 1 service; it is n ot possible to connect to a radio or atomic clock. W e recommend that the time service for your network be deri ved from t ...

  • Cisco Systems 3560X - page 190

    7-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the System Time and Date Configuring NTP The switch does not ha ve a hardware-sup ported cloc k and cannot functi on as an NTP master clock to which peers synchronize themselv es when an ex ternal NTP source is not a vailable. ...

  • Cisco Systems 3560X - page 191

    7-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the System T ime and Date T o disable NTP authentication, use the no ntp authenticate global conf iguration command. T o remove an authentication key , us e th e no ntp authentication-key number global conf iguration co mmand. ...

  • Cisco Systems 3560X - page 192

    7-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the System Time and Date Beginni ng in pri vileged EXEC mode, follo w these steps to fo rm an NTP associat ion with another de vice: Y ou need to conf igure only one end of an associat ion; the other de vice can automatically ...

  • Cisco Systems 3560X - page 193

    7-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the System T ime and Date The switch can send or receiv e NTP broadcast packets on an interface-by -interfa ce basis if there is an NTP broadcast server , such as a router, broadcasting time i nformation on the netw ork. The sw ...

  • Cisco Systems 3560X - page 194

    7-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the System Time and Date T o disable an inte rface from receiv ing NTP br oadcast packets, use the no ntp broadcast client interface confi guration command. T o change the estimated round-trip delay to the default, use the no ...

  • Cisco Systems 3560X - page 195

    7-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the System T ime and Date The access group keyw ords are scanned in this orde r, from least restricti ve to most restr ictiv e: 1. peer —Allows time req uests and NTP control queries and allo ws the switch to synchronize it s ...

  • Cisco Systems 3560X - page 196

    7-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the System Time and Date Disabling NTP Services on a Spe cific Interf ace NTP services are enabled on all interfaces by default. Be gi nn in g i n pr ivi le ge d E X EC mo de , fo ll ow t he s e s te p s t o d is a bl e NTP p ...

  • Cisco Systems 3560X - page 197

    7-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the System T ime and Date Displaying the NTP Configuration Y ou can use two privile g ed EXEC comman ds to display NT P information: • show ntp associations [ detail ] • show ntp status For detailed in formation ab out the ...

  • Cisco Systems 3560X - page 198

    7-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the System Time and Date Displaying the Time and Date Configuration T o display the time and date conf iguration, use the show clock [ detail ] pri vileged EXEC command. The system clock keeps an au thoritative flag that sho ...

  • Cisco Systems 3560X - page 199

    7-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the System T ime and Date Configuring Summer Time (Daylight Saving Time) Beginni ng in pri vileged EXEC mode, follo w these steps to conf igure summer time (daylight sa ving time) in areas where it starts and ends on a particu ...

  • Cisco Systems 3560X - page 200

    7-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Configuring a System N ame and Prompt Beginni ng in pri vileged EXEC mod e, follo w these steps if summer ti me in your area does not f ollo w a recurring pattern (conf igure the exact date and time of the ne xt summer time e vents): ...

  • Cisco Systems 3560X - page 201

    7-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Configuring a System Name and Prompt For complete syntax and usage information for t he commands used in this section, see the Cisco IOS Confi gurati on Fundamentals Comm and Refer ence, Release 12.2 and the Cisco IOS IP Command Refer ...

  • Cisco Systems 3560X - page 202

    7-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Configuring a System N ame and Prompt T o keep track o f domain names, IP h as defined th e concept of a d omain name ser ver , which holds a cache (or database) of names mapped to IP addresses. T o map domain names to IP addresses, y ...

  • Cisco Systems 3560X - page 203

    7-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Creating a Banner If you use the sw itch IP address as its hostname, th e IP ad dress is u sed and no DNS query occurs. If you confi gure a hostname that contains no periods (.), a period follo wed by the def ault domain name is append ...

  • Cisco Systems 3560X - page 204

    7-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Creating a Banne r Configuring a Message-of-the-Day Login Banner Y ou can create a sing le or multiline message banner th at appears on the screen when someone logs in to the switch. Beginning in pri vileged EXEC mod e, follo w these ...

  • Cisco Systems 3560X - page 205

    7-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the MA C Address Table Configuring a Login Banner Y ou can co nfigure a login banner to be displayed on all connected terminals. This banner appears after the MO TD banner and before the login prompt. Beginni ng in pri vileged ...

  • Cisco Systems 3560X - page 206

    7-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the MAC Address Table These sections contain this configu ration informat ion: • Building the Address T able, page 7-20 • MA C Addresses and VLANs, page 7-20 • MA C Addresses and Switch Stacks, page 7-21 • Defaul t MA ...

  • Cisco Systems 3560X - page 207

    7-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the MA C Address Table When pri v ate VLANs are conf igured, address learning depends on the type of MA C address: • Dynamic MAC addresses learned in one VLAN of a private VLAN are replicat ed in the associated VLANs. For ex ...

  • Cisco Systems 3560X - page 208

    7-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the MAC Address Table Beginni ng in pri vileged EXEC mod e, follo w these steps to conf igure the dynamic address table aging time: T o re turn to the default value, use the no mac addr ess-table aging-time global co nfigu ra ...

  • Cisco Systems 3560X - page 209

    7-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the MA C Address Table Beginning in pri vileged EXEC mode, follow these steps to conf igure the switch to send MA C address change notification tr aps to an NMS host: Command Purpose Step 1 configure terminal Enter global conf ...

  • Cisco Systems 3560X - page 210

    7-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the MAC Address Table T o disable MAC address-change notif ication traps, use the no snmp-server enable traps mac-notif ication change global conf iguration command. T o disable the MAC address-change notifi cation traps on a ...

  • Cisco Systems 3560X - page 211

    7-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the MA C Address Table Beginning in pri vileged EXEC mode, follow these steps to conf igure the switch to send MA C address-mov e notification traps to an NMS host: T o disable MA C address-mov e notif ication traps, use t he ...

  • Cisco Systems 3560X - page 212

    7-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the MAC Address Table Beginning in pri vileged EXEC mode, foll ow th ese steps to conf igure the switch to send MA C address table threshold not ificat ion traps to an NMS host: T o disable MA C address-threshold notif icatio ...

  • Cisco Systems 3560X - page 213

    7-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the MA C Address Table Y ou can verify your settings b y entering th e show mac address-tabl e noti f ication thr eshold pri vileged EXEC commands. Adding and Removing Static Address Entries A static address has these characte ...

  • Cisco Systems 3560X - page 214

    7-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the MAC Address Table This exampl e sho ws how to add the static address c2f3.22 0a.12f4 to the MA C address table. When a packet is re ceived in VLAN 4 w ith this M AC address as its destination address, the packet is forwar ...

  • Cisco Systems 3560X - page 215

    7-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the MA C Address Table T o disable unicast MA C address filtering, us e the no mac address-table static mac-addr vlan vlan-id global conf iguration command. This exampl e sho ws how to enable unicast MA C address f iltering an ...

  • Cisco Systems 3560X - page 216

    7-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the MAC Address Table Beginning in pri vileged EXEC mod e, follow these steps to disable MA C address learning on a VLAN: T o reenable MA C address l earning on a VL AN, use the defaul t mac addr ess-table learning vlan vlan- ...

  • Cisco Systems 3560X - page 217

    7-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the ARP Table Managing the ARP Table T o communicate with a de vice (ov er Ethernet, for e xam ple), the software f irst must l earn the 48 -bit MA C address or the local data lin k addre ss of that de vice. The process of lea ...

  • Cisco Systems 3560X - page 218

    7-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the ARP Table ...

  • Cisco Systems 3560X - page 219

    CH A P T E R 8-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 8 Configuring SDM Templates This chapter descri bes how to configure the Switch Databa se Management (SDM ) templates on th e Catalyst 37 50-X or 3560-X switch. U nless otherwise note d, the term sw itch refers to a Catalyst 3750-X or 3560-X standalone switc ...

  • Cisco Systems 3560X - page 220

    8-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 8 Config uring SDM Templates Understanding the SDM Temp lates Note On switches running the LAN base feature set, routing v alues shown in the temp lates are not va lid. The switch also supports multipl e dual IPv4 and IP V ersion 6 (IPv6) templates for en vironme ...

  • Cisco Systems 3560X - page 221

    8-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 8 Configuring SDM Templates Understanding the SDM Template s • Dual IPv4 and IP v6 routing template—supports Laye r 2, mu lticast, routing (including pol icy-based routing), QoS, an d A CLs for IPv4; and Layer 2, routing, A CLs, and QoS for IPv6 on t he switc ...

  • Cisco Systems 3560X - page 222

    8-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 8 Config uring SDM Templates Configuring the Switch SDM Temp late This is an examp le of a syslog message notifying the stack master that a stack member is in SDM mismatch mode: 2d23h:%STACKMGR-6-SWITCH_ADDED_SDM:Switch 2 has been ADDED to the stack (SDM_MISMAT C ...

  • Cisco Systems 3560X - page 223

    8-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 8 Configuring SDM Templates Configuring the Switch SDM Template Setting the SDM Template Beginning in pri vileged EXEC mode, follow these steps to conf igure an SDM template: After the system reboots, you can use the sho w sdm pr efer privile ged EXEC command to ...

  • Cisco Systems 3560X - page 224

    8-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 8 Config uring SDM Templates Displaying the SDM Templates T o return to the default temp late, use the no sdm prefer global conf iguration command. This exampl e sho ws how to conf igure a switch running the I P base or IP services feature set with the ro uting t ...

  • Cisco Systems 3560X - page 225

    8-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 8 Configuring SDM Templates Displaying the SD M Templates number of qos aces: 0.5K number of security aces: 1K This is an example of output from the show sdm pr efer dual-ipv4-and-ipv6 ro uting command: Switch# show sdm prefer dual-ipv4-and-ipv6 routing The curre ...

  • Cisco Systems 3560X - page 226

    8-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 8 Config uring SDM Templates Displaying the SDM Templates ...

  • Cisco Systems 3560X - page 227

    CH A P T E R 9-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 9 Configuring Catalyst 3750-X StackPower The Catalyst 3750 -X and 3560-X swi tches hav e two po wer supplies per system, allo wing the po wer load to be split between them . This accommodates the increased maximu m po wer of 30 watts per po rt provided to a ...

  • Cisco Systems 3560X - page 228

    9-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 9 Configuring Catalyst 3750-X StackPower Understanding StackPowe r • System operation can be come more green b y maxi mizing po wer supply eff iciency and worki ng with the most ef ficient load (30 to 90% of their maximum load). StackPower uses these terms: • ...

  • Cisco Systems 3560X - page 229

    9-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 9 Configur ing Catalyst 3750-X StackPower Understanding StackPo wer Y ou can also configure a switch connected in a po we r stack to not participate i n the po wer stack b y setting the switch to standalone p ower mode. Thi s mode shuts do wn both stack po wer po ...

  • Cisco Systems 3560X - page 230

    9-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 9 Configuring Catalyst 3750-X StackPower Understanding StackPowe r Graceful load shedding is al ways enabled and imme diate load sheddi ng occurs only when necessary , so both can occur at th e same time. Note Load shedding does not occur in redundan t mode unles ...

  • Cisco Systems 3560X - page 231

    9-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 9 Configur ing Catalyst 3750-X StackPower Understanding StackPo wer The output of the show stack-power priv ileged EXEC command sh ow s the priorities of the p owered devices and switches in the po w er stack. Switch# show stack-power Power stack name: Powerstack ...

  • Cisco Systems 3560X - page 232

    9-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 9 Configuring Catalyst 3750-X StackPower Configuring Stack Power • Switch 4 (priority 4) • Switch 3 (priority 3) • Switch 1 (priority 2) Switch 2 would ne ver ha ve to be s hut do wn because all po wer would ha ve been lost by the time priority 1 devices we ...

  • Cisco Systems 3560X - page 233

    9-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 9 Configur ing Catalyst 3750-X StackPower Configuring Stack Power This is an ex ample of setting the stack power mode for the stack named power1 to redundant po wer mode. The largest p ower supply in the stack is remo ved from the po wer budget and used as a back ...

  • Cisco Systems 3560X - page 234

    9-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 9 Configuring Catalyst 3750-X StackPower Configuring Stack Power Note Enterin g the write era se and relo ad privile g ed EXEC commands do wn not change the p ower priority or po wer mode non-defa ult config uration sa ved in t he switch flash memory . Configurin ...

  • Cisco Systems 3560X - page 235

    CH A P T E R 10-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 10 Configuring Switch-Based Authentication This chapter describes how to conf igure switch-based authen tication on th e Catalyst 3750-X or 3560-X switch. Unless otherwise not ed, the term switc h refers to a Catalyst 3750-X or 3560-X stan dalone switch and ...

  • Cisco Systems 3560X - page 236

    10-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Protecting Acce ss to Pr ivileged EXEC Commands • If you want to use userna me and password pairs, but you want to store them cent rally on a server instead of loca lly , you ca n store the m in a database on a secu ...

  • Cisco Systems 3560X - page 237

    10-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Protecti ng Access to Privi leged EXEC Commands Setting or Changing a Static Enable Password The enable password controls acces s to the pri vileged EX EC mode. Begin ning in pri vileged EXEC mode, follo w these steps ...

  • Cisco Systems 3560X - page 238

    10-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Protecting Acce ss to Pr ivileged EXEC Commands Beginning in pri vileged EXEC mod e, follo w these steps to conf igure encryption for enable and enable secret passwords: If both the enable and enable secret passwords ...

  • Cisco Systems 3560X - page 239

    10-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Protecti ng Access to Privi leged EXEC Commands This example sho ws how to conf igure the encrypted password $1$F aD0$Xyti5Rkls3LoyxzS8 for pri vilege lev el 2: Switch(config)# enable secret level 2 5 $1$FaD0$Xyti5Rkls ...

  • Cisco Systems 3560X - page 240

    10-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Protecting Acce ss to Pr ivileged EXEC Commands Setting a Telnet Password for a Terminal Line When you po wer -up your switch for the f irst time, an automatic setup p rogram runs to assign IP information and to creat ...

  • Cisco Systems 3560X - page 241

    10-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Protecti ng Access to Privi leged EXEC Commands Beginning in pri vileged EXEC mode, follow these st eps to establish a username- based authentication system that requ ests a login use rname and a password: T o disable ...

  • Cisco Systems 3560X - page 242

    10-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Protecting Acce ss to Pr ivileged EXEC Commands Setting the Privilege Level for a Command Beginni ng in priv ileged EXEC mode , follow th ese steps to set the pri vileg e lev el for a command mode: When you set a comm ...

  • Cisco Systems 3560X - page 243

    10-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Protecti ng Access to Privi leged EXEC Commands Changing the Default Privilege Level for Lines Beginni ng in pri vileged EXEC mode, follo w these steps to change the d efault pri vilege le vel for a line: Users can ove ...

  • Cisco Systems 3560X - page 244

    10-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with TACACS+ Controlling Switch Access with TACACS+ This section describes how to enable and conf igur e T erminal Access Controller Acces s Control System Plus (T ACA CS+), which provides d ...

  • Cisco Systems 3560X - page 245

    10-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Control ling Switch Access with TACACS+ Figur e 1 0-1 T ypical T ACA CS+ Networ k Configuration T ACA CS+, administered throu gh the AAA securi ty services, can provide these services: • Authentication—Pro vides c ...

  • Cisco Systems 3560X - page 246

    10-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with TACACS+ TACACS+ Operation When a user attempt s a simple ASCII login by authenticatin g to a switch using T A CA CS+, this process occurs: 1. When the c onnection is e stablished, the s ...

  • Cisco Systems 3560X - page 247

    10-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Control ling Switch Access with TACACS+ • Config uring T A CA CS+ Authorization for Pri vileged EXEC Access and Network Serv ices, page 10-16 • Starting T A CA CS+ Accounting, page 10-17 Default TACACS+ Configurat ...

  • Cisco Systems 3560X - page 248

    10-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with TACACS+ T o remove the specif ied T A CA C S+ server name or address, use the no tacacs-server host hostname global conf iguration command. T o remov e a server g roup from the conf igu ...

  • Cisco Systems 3560X - page 249

    10-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Control ling Switch Access with TACACS+ T o disable AAA, use the no aaa new-model global conf iguration command. T o disable AAA authenticati on, use the no aaa authentication logi n { default | list-name } method1 [ ...

  • Cisco Systems 3560X - page 250

    10-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with TACACS+ Note T o secure the sw itch for HTTP access by using AAA methods, you must conf igure the switch with the ip http authentication aaa g lobal conf iguration command. Conf iguring ...

  • Cisco Systems 3560X - page 251

    10-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS Starting TACACS+ Accounting The AAA accounting feature tracks the servic es that users are accessing and the amount of network resources that the y are consuming. When AAA account ...

  • Cisco Systems 3560X - page 252

    10-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS Understanding RADIUS RADIUS is a distributed client/server system th at secures networks against unauthorized access. RADIUS clients run on supported Ci sco routers and swit ches ...

  • Cisco Systems 3560X - page 253

    10-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS Figur e 1 0-2 T r ansitioning fr om R ADIUS to T ACACS+ Services RADIUS Operation When a user attempts to log in and auth enticate to a switch that is acc ess controlled by a RADI ...

  • Cisco Systems 3560X - page 254

    10-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS • CoA Request Commands, page 10-22 • Session Reauthentication , page 10-23 • Stacking Guidelines f or Session T ermination, page 10-25 A standard RADIUS interface is typica ...

  • Cisco Systems 3560X - page 255

    10-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS Ta b l e 10-3 sho ws the possible values fo r the Error-Cause attrib ute. Preconditions T o use the CoA interface, a session must already ex ist on the switch. CoA ca n be used to ...

  • Cisco Systems 3560X - page 256

    10-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS Session Identification For disconnect and CoA requests tar geted at a partic ular session, the switch lo cates the session based on one or more of the follo wing attributes: • ...

  • Cisco Systems 3560X - page 257

    10-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS • Session Reauthentication in a Switch Stack • Session T ermination • CoA Disconnect-Request • CoA Request: Di sable Host Port • CoA Request: Bounce-Port Beginning with ...

  • Cisco Systems 3560X - page 258

    10-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS • If authentication comp letes with either success or failure, th e signal that triggered the reauthentication is remo ved from the stack member . • If the stack master fails ...

  • Cisco Systems 3560X - page 259

    10-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS Note A Disconnect-Request f ailure follo wing command re-sen ding could be th e result of either a successful session termination before change- ov er (if the Disconnect-A CK was ...

  • Cisco Systems 3560X - page 260

    10-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS When the Auth Manager comman d handler on the stack master rec eiv es a v alid disable-port command, it verif ies this information before returning a CoA-A CK message: • the ne ...

  • Cisco Systems 3560X - page 261

    10-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS Default RADIUS Configuration RADIUS and AAA are disabl ed by def ault. T o prev ent a lapse in security , you cannot conf igure RADIUS through a n etwork managemen t application. ...

  • Cisco Systems 3560X - page 262

    10-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS Beginning in priv ileged EXEC mode, foll ow these steps to configu re per-serv er RADIUS server communication. This procedure is req uired. Command Purpose Step 1 configur e term ...

  • Cisco Systems 3560X - page 263

    10-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS T o remove the specif ied RADIUS se rv er , use the no radius-server host hostname | ip-addr ess glo bal confi guration command. This example shows ho w to conf igure one RADIU S ...

  • Cisco Systems 3560X - page 264

    10-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS Step 3 aaa authentication login { default | list-name } method1 [ method2... ] Create a login authen tication method list. • T o create a def ault list that is used when a name ...

  • Cisco Systems 3560X - page 265

    10-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS T o disable AAA, use the no aaa new-model global conf iguration command. T o disable AAA authenticati on, use the no aaa authentication logi n { default | list-name } method1 [ me ...

  • Cisco Systems 3560X - page 266

    10-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS Beginning in p rivile ged EXEC mode, follo w these st eps to def ine the AAA server group a nd associate a particular RADIUS server with it: Command Purpose Step 1 configur e ter ...

  • Cisco Systems 3560X - page 267

    10-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS T o remove the specif ied RADIUS se rv er , use the no radius-server host hostname | ip-addr ess glo bal confi guration command. T o remo ve a server gro up from the conf iguratio ...

  • Cisco Systems 3560X - page 268

    10-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS T o disable authorization, use the no aaa authorization { network | exec } method1 global configuration command. Starting RADIUS Accounting The AAA accounting feature tracks the ...

  • Cisco Systems 3560X - page 269

    10-35 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS Configuring Settings fo r All RADIUS Servers Beginni ng in pri vileged EXEC mode, follo w these steps to conf igure global communication settin gs between the switch and all RADIU ...

  • Cisco Systems 3560X - page 270

    10-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS This example sho ws how to pro vide a user logging in from a sw itch w ith immediate access to pri vileged EXEC commands: cisco-avpair= ”shell:priv-lvl=15“ This example sho w ...

  • Cisco Systems 3560X - page 271

    10-37 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS As mentioned earlier , to conf igure RADIUS (whether v endor-proprietar y or IETF draft -compliant), you must specify the host ru nning the RADIUS serv er daem on and the secret t ...

  • Cisco Systems 3560X - page 272

    10-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS T o disable AAA, use the no aaa new-model global co nfigurat ion command. T o disable the AAA server functionality on the swit ch, use the no aaa ser ver radius dynamic authoriza ...

  • Cisco Systems 3560X - page 273

    10-39 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with Kerberos Configuring RADIUS Se rver Load Balancing This feature allo ws access and authen tication requests to be e venl y across all RADIUS ser vers in a server group. For more informat ...

  • Cisco Systems 3560X - page 274

    10-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with Kerberos K erberos verif ies that users are w ho they claim to be and the netw ork service s that the y use a re what the services claim to be. T o do this, a KDC or trusted Ker b eros ...

  • Cisco Systems 3560X - page 275

    10-41 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with Kerberos Kerberos Operation A Kerberos serv er can be a Catalyst 3750-X or 3560-X swi tch that is conf igured as a network securi ty server and t hat can authenticate remote user s by us ...

  • Cisco Systems 3560X - page 276

    10-42 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with Kerberos Authenticating to a Boundary Switch This section describes the first layer of security th rough which a remo te user must pass. The user must first authenticate to the boundary ...

  • Cisco Systems 3560X - page 277

    10-43 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Configuring the Switch for Local Au thentication and Au th orization When you add or create entries for the hos ts and users, follo w these guidelin es: • The K erberos principal name must be in all lowercase charac ...

  • Cisco Systems 3560X - page 278

    10-44 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Configuring the Switch for Secure Shell T o disable AAA, use the no aaa new-model global conf iguration command. T o disable authori zation, use the no aaa authorization { network | ex ec } method1 global co nfigur a ...

  • Cisco Systems 3560X - page 279

    10-45 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Configur ing the Switch for Secure She ll Note For complete syntax and usage in formation for the co mmands used in this section, see the command reference for this release and the “Secure She ll Co mmands” sectio ...

  • Cisco Systems 3560X - page 280

    10-46 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Configuring the Switch for Secure Shell Limitations These limitations apply to SSH: • The switch supports Ri v est, Shamir , and A delman (RSA) authentication. • SSH supports only th e ex ecution-shell appl icati ...

  • Cisco Systems 3560X - page 281

    10-47 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Configur ing the Switch for Secure She ll 3. Configure user authentication fo r local or remote access. This step is required. For mo re information, see t he “Confi guring the Switch for Local Authenticati on and A ...

  • Cisco Systems 3560X - page 282

    10-48 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Configuring the Switch for Secure Shell T o return to the def ault SSH control p arameters, use the no ip ssh { timeout | authentication-retries } global conf iguration command. Displaying the SSH Configuration and S ...

  • Cisco Systems 3560X - page 283

    10-49 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Configuring the Switch for Secure So cket La yer HTTP Configuring the Switch for Secure Socket Layer HTTP This section descri bes ho w to conf igure Secure Sock et Layer (SSL) V ersion 3.0 supp ort for the HTTP 1.1 se ...

  • Cisco Systems 3560X - page 284

    10-50 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Configuring the Switch for Secure Sock et La yer HTTP If you do not conf igure a CA tru stpoint, when you en able a se cure HTTP connec tion, eith er a tempo rary or a persistent self-signed certif icate for the secu ...

  • Cisco Systems 3560X - page 285

    10-51 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Configuring the Switch for Secure So cket La yer HTTP CipherSuites A CipherSuite specifies the encryption al gorithm and the di gest algorithm to us e on a SSL connection. When connecting to the HTTPS serv er , the cl ...

  • Cisco Systems 3560X - page 286

    10-52 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Configuring the Switch for Secure Sock et La yer HTTP SSL Configuration Guidelines When SSL is used in a switch cluster , the SSL se ssion terminat es at the cluster commander . Cluster member switches must run stand ...

  • Cisco Systems 3560X - page 287

    10-53 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Configuring the Switch for Secure So cket La yer HTTP Use the no crypto ca trustpoint name global conf iguration command to delete all identity informati on and certificates associated with the CA. Configuring the Sec ...

  • Cisco Systems 3560X - page 288

    10-54 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Configuring the Switch for Secure Sock et La yer HTTP Use the no ip http server global configuration command to dis a ble the standard HTTP server . Use the no ip http secure-serv er global configurat ion command t o ...

  • Cisco Systems 3560X - page 289

    10-55 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Configuring the Switch fo r Sec ure Copy Protocol Use the no ip http client secure-trustpoint name to remov e a client trustpoi nt configuration. Use the no ip http client secur e-ciphersuite to re mov e a previously ...

  • Cisco Systems 3560X - page 290

    10-56 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Configuring the Switch for Secure Copy Pro t oco l Information About Secure Copy T o conf igure the Secure Copy featu re, you should understand t hese concepts. The behav ior of SCP is similar to that of remote copy ...

  • Cisco Systems 3560X - page 291

    CH A P T E R 11-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 11 Configuring IEEE 802.1x Port-Based Authentication This chapter describes ho w to c onf igure IEEE 802.1x port-based authen tication on th e Catalyst 3750-X or 3560-X switch. IEEE 80 2.1x authentication pre vents unauth orized de vices (clients) from ga i ...

  • Cisco Systems 3560X - page 292

    11-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication Until the client is auth enticated, IEEE 802.1x access control al lows only Extensible Authentication Protocol over LAN (EAPOL), Cisco Discovery Prot ocol ( ...

  • Cisco Systems 3560X - page 293

    11-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication Device Roles W ith 802.1x port-based authenticati on, the de vices in the net work ha ve specif ic roles as show n in Figure 11-1 . Figur e 1 1 -1 802. ...

  • Cisco Systems 3560X - page 294

    11-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication The devices that can act as interme diaries include the C atalyst 3750-X, Catalyst 3750- E, Catalyst 3750, Catalyst 3650 -X, Catalyst 3560-E, Cata lyst 356 ...

  • Cisco Systems 3560X - page 295

    11-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication Figur e 1 1 -2 Authenticati on Flo wc h ar t The switch re-authenticates a client when one of these situations oc curs: • Periodic re-authentication ...

  • Cisco Systems 3560X - page 296

    11-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication The T ermination-Action RADIUS attrib ute (Attrib u te [29]) specifies the action to take during re-authentication. The act ions are Initialize and ReA uth ...

  • Cisco Systems 3560X - page 297

    11-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication Figur e 1 1 -3 M essag e Ex chan ge If 802.1x authent ication times out while w aiti ng for an EAPOL message exchange and MA C authentica tion b ypass ...

  • Cisco Systems 3560X - page 298

    11-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication Authentication Manager In Ci s co IO S Re le as e 12 .2 (4 6 )S E a n d e ar li e r , y o u could not use the same aut horization methods, including CL I c ...

  • Cisco Systems 3560X - page 299

    11-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication Per-User ACLs and Filter-Ids A CLs configured on the switch are compatible with other devi ces running Cisco IOS releases. Y ou can only set any as the ...

  • Cisco Systems 3560X - page 300

    11-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication For more information, see the co mmand reference for this release. Ports in Authorized and Unauthorized States During 802.1x authenti cation, depending on ...

  • Cisco Systems 3560X - page 301

    11-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication • auto —enables 802.1x authen tication and causes th e port to be gin in the unauthorized state, allo wing only EAPOL frames t o be sent and recei ...

  • Cisco Systems 3560X - page 302

    11-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication 802.1x Host Mode Y ou can confi gure an 802.1x port for single-host or for multiple-hosts mode. In single-host mode ( see Figure 12-1 on page 12-2 ), only ...

  • Cisco Systems 3560X - page 303

    11-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication MAC Move When a M A C address is authenticated on one sw itch po rt, that address is no t allowed on another 802.1x port of the switch. If the swit ch ...

  • Cisco Systems 3560X - page 304

    11-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication Ta b l e 11-3 lists the A V pairs and when the y are sent are sent by the switch: Y ou can vie w the A V pairs that are bei ng sent b y the switch by ente ...

  • Cisco Systems 3560X - page 305

    11-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication 802.1x Authentication with VLAN Assignment The switch support s 802.1x authentication with VLAN assignment. Aft er successful 802.1x authentication of ...

  • Cisco Systems 3560X - page 306

    11-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication T o conf igure VLAN assignment yo u need to perform these tasks: • Enable AAA authoriz atio n by using the network ke yword to allo w interf ace configu ...

  • Cisco Systems 3560X - page 307

    11-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication Only one 802.1x-authenticated user is supp orted on a port. If the mul tiple-hosts mode is enabled o n the port, the per -user A CL attrib ute is disa ...

  • Cisco Systems 3560X - page 308

    11-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication The switch uses the CiscoSecure-Defined-A CL A V pair to intercept an HTTP or HTTPS request from the endpoint de vice. The switch then forwards the client ...

  • Cisco Systems 3560X - page 309

    11-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication 802.1x Authentication with Guest VLAN Y ou can configu re a guest VLAN for each 802.1x port on the switch to provide limited serv ices to clients, suc ...

  • Cisco Systems 3560X - page 310

    11-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication 802.1x Authentication with Restricted VLAN Y ou can conf igure a restricte d VLAN (also referred to as an authentication f ailed VLAN ) for each IEEE 802. ...

  • Cisco Systems 3560X - page 311

    11-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication When a ne w host tries to connect to the criti cal port , that host is mo ved to a user-specified access VLAN, the critical VLAN . The administrator g ...

  • Cisco Systems 3560X - page 312

    11-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication – If all the RADIUS serv ers are n ot a vai lable and th e client is not connec ted to a critic al port, the switch might not assi gn clients to the gue ...

  • Cisco Systems 3560X - page 313

    11-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication 802.1x User Distribution Configuration Guidelines • Confir m that at least one VLAN is mapped to th e VLAN group. • Y ou can map more than one V L ...

  • Cisco Systems 3560X - page 314

    11-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication IEEE 802.1x Authentication with Port Security Y ou can configure an IEEE 802.1x port with port secu rity in either single-hos t or multiple-hosts mode. (Y ...

  • Cisco Systems 3560X - page 315

    11-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication When a host that uses W oL is attached through an IEEE 802.1x port and t he host po wers of f, the IEEE 802.1x port beco mes unauthorized. The port ca ...

  • Cisco Systems 3560X - page 316

    11-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication If re-authentication i s based on the Session- T i meout RADIUS attrib ute (Attribute[27]) and the T ermination-Action RADIUS att ribute (Attrib ute [29]) ...

  • Cisco Systems 3560X - page 317

    11-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication Config uring N A C Layer 2 IEEE 802.1x v alidation is similar to conf iguring IEEE 802.1x p ort-based authentication except that you must conf igure a ...

  • Cisco Systems 3560X - page 318

    11-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication Note If you use a d ynamic VLAN to a ssign a v oice VLAN on an MD A-enabled swi tch port, the v oice device fails authorization. • T o authorize a vo ic ...

  • Cisco Systems 3560X - page 319

    11-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication 802.1x Supplicant and Authenticator Switches with Network Edge Access Topology (NEAT) The Network Edge Access T opology (NEAT) feature e xtends identi ...

  • Cisco Systems 3560X - page 320

    11-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication • The VSA changes the authe nticator switch port mode from access to trunk and enables 80 2.1x trunk encapsulation and the access VLAN if any would be c ...

  • Cisco Systems 3560X - page 321

    11-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication The session ID is us ed by the N AD, the A AA server , and other report-analyzing application s to identify the client. The ID appears automatically . ...

  • Cisco Systems 3560X - page 322

    11-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication MKA Policies Y ou apply a def ined MKA polic y to an interface to enable MKA on the interface. Removing the MKA policy d isables MKA on that interf ace. Y ...

  • Cisco Systems 3560X - page 323

    11-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication MACsec, MKA and 80 2.1x Host Modes Y ou can u se MA Csec and the MKA Protocol with 802.1x sin gle-host mode, multiple-host mode, or Multi Domain Authe ...

  • Cisco Systems 3560X - page 324

    11-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication MKA Statistics Some MKA coun ters are aggre gated globally , while others are updated both g lobally and per session. Y ou can also obtain info rmation ab out the status of ...

  • Cisco Systems 3560X - page 325

    11-35 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication • Config uring a W eb Authentication Local Banner , page 11-65 (optional) • Disabling 802.1x A uthentication on t he Port, page 11-66 (optional) • Resetting the 802.1 ...

  • Cisco Systems 3560X - page 326

    11-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication 802.1x Authentication Configuration Guidelines These section has conf iguration guidelines for these features: • 802.1x Aut hentication, pa ge 11-36 • VLAN Assignme nt, ...

  • Cisco Systems 3560X - page 327

    11-37 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication – EtherChann el port—Do not co nfigure a port that is an acti ve or a not- yet-activ e member of an EtherChann el as an 802.1x port. If you try to enable 802.1x authent ...

  • Cisco Systems 3560X - page 328

    11-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication – If the W indo ws XP client is con figured for DHC P and has a n IP address from the D HCP server , receiving an EAP-Success message on a cri tical port might not re-i ni ...

  • Cisco Systems 3560X - page 329

    11-39 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Follo w these guidelines to ena ble the readiness check on the switch: • The readiness check is typi ca lly used before 80 2.1x is enabled on the switch. • If you use t ...

  • Cisco Systems 3560X - page 330

    11-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication Note If you do not include th e shutdown vlan k eyw ords, the entire port is shut do wn when it enters the error-disabled state. • If you use the errdisable recov ery caus ...

  • Cisco Systems 3560X - page 331

    11-41 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Configuring 802.1x Violation Modes Y ou can conf igure an 802.1x port so that i t shuts do wn, generates a syslog error , or discards packets from a ne w de vice when: • ...

  • Cisco Systems 3560X - page 332

    11-42 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication This is the 802.1x A AA process: Step 1 A user connects to a port on the switch. Step 2 Authentication is performed. Step 3 VLAN assignment is enabled, as appr opriate , bas ...

  • Cisco Systems 3560X - page 333

    11-43 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Configuring the Switch-to-RADIUS-Server Communication RADIUS security servers are identif i ed by their hostname or IP address, hostname and specif ic UDP port numbers, or ...

  • Cisco Systems 3560X - page 334

    11-44 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication This example sho ws how to specify the server with IP address 172.2 0.39.46 as the RADIUS server , to use port 1612 as t he authorization p ort , and to set the encryption k ...

  • Cisco Systems 3560X - page 335

    11-45 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication T o disable multiple hosts o n the port, use the no authenti cation h ost-mo de or the no dot1x host-mode multi-host interf ace conf iguration command. This exampl e sho ws ...

  • Cisco Systems 3560X - page 336

    11-46 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication T o disable periodic re-authentication, use the no authentication periodic or the no dot1x reauthenti cation interface conf iguration command. T o return to the d efault num ...

  • Cisco Systems 3560X - page 337

    11-47 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Changing the Quiet Period When the sw itch cannot authenticate the client, the switch remai ns idle for a set period of time and then tries ag ain. The dot1x timeout quiet- ...

  • Cisco Systems 3560X - page 338

    11-48 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication T o return to th e default retransmission time, use the no dot1x timeout tx-period interface conf iguration command. This exampl e sho ws how to set 60 as the number of seco ...

  • Cisco Systems 3560X - page 339

    11-49 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication This example sho ws how to set 5 as the number of times that the sw itch sends an EAP-request/identi ty request before restarting the authentication process: Switch(config- ...

  • Cisco Systems 3560X - page 340

    11-50 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication This example sh ows ho w to global ly enable MAC move on a switch: Switch(config)# authenti cation mac-mo ve permit Configuring 802.1x Accounting Enabling AAA system account ...

  • Cisco Systems 3560X - page 341

    11-51 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication This exampl e sho ws how to conf igure 802.1x accounti ng. The first command conf igures the RADIUS server , specifying 1813 as the UDP por t for accounting: Switch(config) ...

  • Cisco Systems 3560X - page 342

    11-52 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication This ex ample sho ws ho w to set 3 as t he quiet time on th e switch, to set 15 as th e number of se conds that the switch waits for a resp on se to an EAP-request/identity ...

  • Cisco Systems 3560X - page 343

    11-53 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Y ou can configure th e maximum number of auth entication attempts allowed before a user is assig ned to the restri cted VLAN b y using th e dot1x auth-fail max-attempts i ...

  • Cisco Systems 3560X - page 344

    11-54 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication Beginning in pri vileged EXEC mode, follo w these steps to configure the port as a critical port a nd enable the inaccessible authentication bypass feature. This procedure i ...

  • Cisco Systems 3560X - page 345

    11-55 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication T o return to the RADIUS server def ault settings, use the no radius-serv er dead-criteria , the no radius-serv er deadtime , and the no radius-server host global conf igur ...

  • Cisco Systems 3560X - page 346

    11-56 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication Switch(config-if)# dot1x critical Switch(config-if)# dot1x critical recovery action reinitialize Switch(config-if)# dot1x critical vlan 20 Switch(config-if)# end Configuring ...

  • Cisco Systems 3560X - page 347

    11-57 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication T o disable MA C authentication b ypass, use the no dot1x mac-auth-bypass interf ace configuration command. This exampl e sho ws how to enable MA C authentication b ypass: ...

  • Cisco Systems 3560X - page 348

    11-58 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication switch(config)# vlan group eng-dept vlan-list 30 switch(config)# show vlan group eng-dept Group Name Vlans Mapped ------------- -------------- eng-dept 10,30 This exampl e s ...

  • Cisco Systems 3560X - page 349

    11-59 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication This exampl e sho ws how to conf igure N AC Lay er 2 802.1x v alidation: Switch# configure terminal Switch(config)# interface gigabite thernet2/0/1 Switch(config-if)# dot1x ...

  • Cisco Systems 3560X - page 350

    11-60 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication This exampl e sho ws how to conf igure a switch as an 802.1x aut henticator: Switch# configure terminal Switch(config)# ci sp enable Switch(config)# interface gigabit ethern ...

  • Cisco Systems 3560X - page 351

    11-61 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication This exampl e sho ws how to conf igure a switch as a suppli cant: Switch# configure terminal Switch(config)# cisp enable Switch(config)# dot1x credentials test Switch(confi ...

  • Cisco Systems 3560X - page 352

    11-62 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication Configuring a Do wnloadable Policy Beginning in pri vileged EXEC mod e: Step 7 ip access-group acl-id in Confi gure the default A CL on the port in the input direction . Not ...

  • Cisco Systems 3560X - page 353

    11-63 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication This exampl e sho ws how to conf igure a switch for a do wnloadable policy : Switch# config terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(con ...

  • Cisco Systems 3560X - page 354

    11-64 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication This exampl e sho ws how to glob ally enable VLAN ID-ba sed MA C authentica tion on a switch: Switch# config terminal Enter configuration commands, one per line. End with CN ...

  • Cisco Systems 3560X - page 355

    11-65 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication This exampl e sho ws how to conf igure open 1x on a port: Switch# configure terminal Switch(config)# interface gigabite thernet 1/0/1 Switch(config)# a uth en ti ca ti on c ...

  • Cisco Systems 3560X - page 356

    11-66 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication Disabling 802.1x Authentication on the Port Y ou can disable 802.1x aut hentication on the port b y using the no dot1x pae inter face configuration command. Beginning in pri ...

  • Cisco Systems 3560X - page 357

    11-67 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Configuring MKA and MACsec • Config uring an MKA Polic y , page 11-67 • Config uring MA Csec on an Interface, page 11 -67 Configuring an MKA Policy Beginning in pri vil ...

  • Cisco Systems 3560X - page 358

    11-68 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication This is an example of conf igurin g and verifying MA Csec on an interface: Switch(config)# interface GigabitEthernet1/0/25 Switch(config-if)# switchport acc ess vlan 10 Swit ...

  • Cisco Systems 3560X - page 359

    11-69 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Displaying 802.1x Stat istics and Stat us Oper control dir: both Authorized By: Authentication Server Vlan Policy: 10 Session timeout: 3600s (server), Remaining: 3567s Timeout action: Reauthenticate Idle ti ...

  • Cisco Systems 3560X - page 360

    11-70 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Displaying 802.1x Statistics and Status ...

  • Cisco Systems 3560X - page 361

    CH A P T E R 12-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 12 Configuring Web-Based Authentication This chapter d escribes how to configure web-based au thentication on the Catalyst 3750-X o r 3560-X switch. It c ontains these sections: • Understanding W e b-Based Authen tication, page 12-1 • Config uring W eb- ...

  • Cisco Systems 3560X - page 362

    12-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Understanding Web-Ba sed Authentication • Authentication Pr ocess, page 12-3 • W eb Authentication Customizable W eb Pages, page 12-6 • W eb-based Authentication I nteractions with Other Features, page 12-7 Device R ...

  • Cisco Systems 3560X - page 363

    12-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configuring Web-Based Authentic ation Understanding Web-Based Auth entication Session Creation When web-based authentication dete cts a ne w host, it creates a session as follow s: • Re view s the except ion list. If the host IP is in cluded in t he excepti ...

  • Cisco Systems 3560X - page 364

    12-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Understanding Web-Ba sed Authentication Local Web Authentication Banner Y ou can create a banner that will appear when you log in to a switch by using web authent ication. The banner appears on both the log in page and th ...

  • Cisco Systems 3560X - page 365

    12-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configuring Web-Based Authentic ation Understanding Web-Based Auth entication Figur e 12-3 Customiz ed W eb Bann er If you do not enab le a banner , only the username and password dialog box es appear in the web authentication login screen, and no banner appe ...

  • Cisco Systems 3560X - page 366

    12-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Understanding Web-Ba sed Authentication Web Authentication Customizable Web Pages During the web-based authentication process, the sw itch internal HTTP server hosts four HTML pages to deli ver to an authenticating client ...

  • Cisco Systems 3560X - page 367

    12-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configuring Web-Based Authentic ation Understanding Web-Based Auth entication Figur e 12-5 Customiz eable A uthentication P age For more informati on, see the “Customizing the Authen tication Proxy W eb Pages” section on page 12-13 . Web-based Authenticat ...

  • Cisco Systems 3560X - page 368

    12-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Understanding Web-Ba sed Authentication LAN Port IP Y ou can con figure LAN port IP (LPI P) and Layer 2 w e b-based authentication on the same port. The ho st is authenticated b y using web-based authentication first, fo ...

  • Cisco Systems 3560X - page 369

    12-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configuring Web-Based Authentic ation Configuring Web-Based Authentication Configuring Web-Based Authentication • Default W eb-Based Authentication Conf iguration , page 12-9 • W eb-Based Authentication Co nfigur ation Guidelines and Restricti ons, page 1 ...

  • Cisco Systems 3560X - page 370

    12-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Configuring Web-Base d Authentication • Hosts that are more than one hop aw ay might e xperience traf fic disrup tion if an STP topology change results in the host traf fic arri ving on a di fferent port. This occurs b ...

  • Cisco Systems 3560X - page 371

    12-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configuring Web-Based Authentic ation Configuring Web-Based Authentication Authentication global absolute time is 0 minutes Authentication global init state time is 2 minutes Authentication Proxy Watch-list is disabled Authentication Proxy Rule Configuration ...

  • Cisco Systems 3560X - page 372

    12-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Configuring Web-Base d Authentication T o config ure the RADIUS server parameters, perform this task: When you configure the RADIUS server parameters: • Specify the key string on a separate command line. • For ke y s ...

  • Cisco Systems 3560X - page 373

    12-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configuring Web-Based Authentic ation Configuring Web-Based Authentication This example sho ws how to conf igure the RADIU S server parameters on a switch: Switch(config)# ip radius source-interface Vlan80 Switch(config)# radius-server host 172.l20.39.46 tes ...

  • Cisco Systems 3560X - page 374

    12-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Configuring Web-Base d Authentication When configuring customized authentication pr oxy web pages, follo w these guidelines: • T o enable the custom web pages feature, specify all four custom HTML f iles. If you specif ...

  • Cisco Systems 3560X - page 375

    12-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configuring Web-Based Authentic ation Configuring Web-Based Authentication Specifying a Redirection URL for Successful Login Y ou can specify a URL to whic h the user is redirected after authentication, effecti vely replacing the internal S uccess HTML page. ...

  • Cisco Systems 3560X - page 376

    12-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Configuring Web-Base d Authentication This example sh ows ho w to determine whether any conn ected hosts are in the AAA Do wn state: Switch# show ip admission cache Authentication Proxy Cache Client IP 209.165.201.11 Por ...

  • Cisco Systems 3560X - page 377

    12-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configuring Web-Based Authentic ation Displaying Web-Based Authentication Status This exampl e sho ws how to conf igure a local banner wit h the custom message My Switch : Switch(config) configure terminal Switch(config)# aaa new-model Switch(config)# aaa ip ...

  • Cisco Systems 3560X - page 378

    12-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Displaying Web-Based Authentication Status ...

  • Cisco Systems 3560X - page 379

    CH A P T E R 13-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 13 Configuring Interface Characteristics This chapter de f ines the types of in terfaces on the Catalyst 3750-X or 3560-X sw itch and describes ho w to conf igure them. Unless otherwise noted, the t erm switch refers to a Catalyst 3750-X or 3560-X stand alo ...

  • Cisco Systems 3560X - page 380

    13-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Interface Types These sections describe the interface types: • Port-Based VLANs, page 13-2 • Switch Ports, page 13-2 • Routed Ports, page 13-4 • Switch V irtual Interfaces, page 13-5 • EtherChannel Port Groups, ...

  • Cisco Systems 3560X - page 381

    13-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Interface Types confi gure tunnel ports as part of an asymmetri c li nk connected to an IEEE 802.1 Q trunk port. Switch ports are used for managing the physical interf ace a nd associated Layer 2 protocols and do not han ...

  • Cisco Systems 3560X - page 382

    13-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Interface Types Although b y default, a trunk port is a member of e very VLAN kno wn to the VTP , you can limit VLAN membership by conf iguring an allo wed list of VLANs for each trun k port. The list of allo wed VLANs d ...

  • Cisco Systems 3560X - page 383

    13-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Interface Types The number of routed port s that you can conf igure is not limi ted by so ftware. Ho weve r , the interrelationship between this number and the numbe r of other features being conf igured might impact CPU ...

  • Cisco Systems 3560X - page 384

    13-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Interface Types Note The LAN base feature set does not support rout ing. The IP base feature set supports static routing an d RIP . For more adv anced routing or for fa llback bridging, en able the IP services featu re s ...

  • Cisco Systems 3560X - page 385

    13-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Interface Types 10-Gigabit Ethernet Interfaces The Catalyst 3750-X an d 3560-X switches ha ve a netw ork module slot into which you can inser t a 10-Gigabit Ethern et network module, a 1 -Gigabit Ethernet network module, ...

  • Cisco Systems 3560X - page 386

    13-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Interface Types Cisco intelligent po wer management is backward -compatible with CDP with po wer consumption; the switch responds according to the CDP message that it recei ves. CDP is not supported on third-party po wer ...

  • Cisco Systems 3560X - page 387

    13-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Interface Types W ith PoE+, po wered devices use IEEE 802.3at and LLDP po wer with media dependent interface (MDI) type, length, and v alue descriptions (TL Vs), Powe r-via-MD A TL Vs, for negotiat ing po wer up to 30 W ...

  • Cisco Systems 3560X - page 388

    13-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Interface Types • static —The switch pre-allocates po wer to the port (e ven w hen no po wered device is connected) and guarantees that power will be av ailable for the port. The switch alloca tes the port configure ...

  • Cisco Systems 3560X - page 389

    13-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Interface Types Maximum Power Allocation (Cuto ff Power) on a PoE Port When po wer policing is enabled, th e switch dete rmines one of t he th ese values as the cutof f power on the PoE port in this order: 1. Manually w ...

  • Cisco Systems 3560X - page 390

    13-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Interface Types (6300 mW). The switch provides po wer to the connect ed devices on the port if the de vice ne eds up to 6.3 W . If the CDP-po wer negotiated v alue or the IEEE c lassification v alue exceeds the conf igu ...

  • Cisco Systems 3560X - page 391

    13-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Using the Switch USB Ports possible, to maintain high perfor mance, forwarding is done b y the switch hardware. Ho wever , only IPv4 packets with Ethernet II encapsul ation are routed in hardware. Non -IP traff ic and t ...

  • Cisco Systems 3560X - page 392

    13-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Using the Switch USB Ports switch-stack-1 *Mar 1 00:01:00.171: %USB_CONSOLE-6-MEDIA_RJ45: Console media-type is RJ45. *Mar 1 00:01:00.431: %USB_CONSOLE-6-MEDIA_USB: Console media-type is USB. switch-stack-2 *Mar 1 00:01 ...

  • Cisco Systems 3560X - page 393

    13-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Using the Switch USB Ports This example re verses the pre vious configuration and immediately acti vates an y USB console that is connected. Switch# configure terminal Switch(config)# line console 0 Switch(config-line)# ...

  • Cisco Systems 3560X - page 394

    13-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Using the Switch USB Ports USB Type A Port The USB T ype A port pro vides ac cess to e xternal Ci sco USB fl ash devices, also known as thumb drives or USB ke ys. The switch supports Cisco 64 MB, 256 MB, 512 MB, and 1 G ...

  • Cisco Systems 3560X - page 395

    13-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Using Interface Configuration Mode Interface: Number: 0 Description: Bulk Class Code: 8 Subclass: 6 Protocol: 80 Number of Endpoints: 2 Endpoint: Number: 1 Transfer Type: BULK Transfer Direction: Device to Host Max Pack ...

  • Cisco Systems 3560X - page 396

    13-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Using Interface Configuration Mode • Module number—The module o r slot number on the switch t hat is alw ays 0. • Port number—The interface numb er on the switch. The 10/100/1000 po rt numbers always be gin at 1 ...

  • Cisco Systems 3560X - page 397

    13-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Using Interface Configuration Mode Step 3 Follo w each interface command with the interface configurati on commands that the interface requires . The commands that you enter define the protocols and applications th at w ...

  • Cisco Systems 3560X - page 398

    13-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Using Interface Configuration Mode – gigabitethernet module/ {first port } - { last port } (for 3560-X switches), where the module is always 0 – gigabitethernet stack member/module/{f irst port } - { last port } (fo ...

  • Cisco Systems 3560X - page 399

    13-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Using Interface Configuration Mode Configuring and Using Interface Range Macros Y ou can create an interface range macro to automatica lly select a range of interfaces for configu ration. Before you can use the macr o k ...

  • Cisco Systems 3560X - page 400

    13-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Using the Ethernet Man agement Port • Y ou must add a space between the first interface number and th e hyphen when entering an interface-rang e . For example, gigabitether net1/0/1 - 4 is a valid range; giga bitether ...

  • Cisco Systems 3560X - page 401

    13-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Using the Ethernet Mana gemen t Port Understanding the Ethernet Management Port The Ethernet management port, also referred to as the F a0 or fastethernet0 port , is a Layer 3 host po rt to which you can connect a PC. Y ...

  • Cisco Systems 3560X - page 402

    13-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Using the Ethernet Man agement Port Figur e 13-3 Connecting a Switc h Stac k to a PC By default, the Ethern et management port is enable d. The switch cannot route packets from the Ethernet management port to a ne twork ...

  • Cisco Systems 3560X - page 403

    13-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Using the Ethernet Mana gemen t Port Supported Features on the Ethernet Management Port The Ethernet management port supports th ese features: • Express Setup (onl y in switch stacks) • Network Assistant • T elnet ...

  • Cisco Systems 3560X - page 404

    13-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring Ethern et Inter f ace s TFTP and the Ethernet Management Port Use the commands in Ta b l e 13-2 when using TFTP to do wnload or upload a con fi guration f ile to the b oot loader . Configuring Ethernet Inter ...

  • Cisco Systems 3560X - page 405

    13-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuring Ethernet Interfaces Default Ethernet Interface Configuration Ta b l e 13-3 sho w s the Ethernet interface default configur ation, including some features that apply only to Layer 2 interfaces. F or more deta ...

  • Cisco Systems 3560X - page 406

    13-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring Ethern et Inter f ace s Configuring Interface Speed and Duplex Mode Ethernet interfaces on the switch operate at 10, 100 , 1000, or 10,000 Mb/s and in either full- or half-duplex mode. In full-duple x mo de, ...

  • Cisco Systems 3560X - page 407

    13-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuring Ethernet Interfaces Caution Changing th e interface speed and dupl ex mode configuration might shu t down and re-enable the interface during the reconf iguration. Setting the Interface Spe ed and Duplex Para ...

  • Cisco Systems 3560X - page 408

    13-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring Ethern et Inter f ace s This example sho ws how to set the interface speed to 100 Mb/s and the duplex mode to half o n a 10/100/1000 Mb/s port: Switch# configure terminal Switch(config)# interface gigabit et ...

  • Cisco Systems 3560X - page 409

    13-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuring Ethernet Interfaces T o disable flo w control, use th e flowcontro l receiv e off interface configuration command. This exampl e sho ws how to turn on flo w control on a port: Switch# configure terminal Swit ...

  • Cisco Systems 3560X - page 410

    13-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring Ethern et Inter f ace s T o disable auto-M DIX, use the no mdix auto interface conf iguration command. This exampl e sho ws how to enable auto-MDIX on a port: Switch# configure terminal Switch(config)# inter ...

  • Cisco Systems 3560X - page 411

    13-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuring Ethernet Interfaces For informatio n about the output of the sho w power inlin e user EXEC command, see the c ommand reference for t his release. F or more info rmati on about PoE-related commands, see t he ...

  • Cisco Systems 3560X - page 412

    13-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring Ethern et Inter f ace s Caution Y ou should carefully plan your switch po wer budget , enable the po wer monito ring feature, and make certain not to o versubscr ibe the po wer supply . Note When you manuall ...

  • Cisco Systems 3560X - page 413

    13-35 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuring Ethernet Interfaces T o return to the default setting, use the no power inline consumption interface configuration command. For informatio n about the output of the sho w power inline consumpti on pri vilege ...

  • Cisco Systems 3560X - page 414

    13-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring Ethern et Inter f ace s T o disable policing of the real-time po wer consumption, use the no power inline police in terface confi guration command. T o disable error recov e ry for PoE error-disa bled cause, ...

  • Cisco Systems 3560X - page 415

    13-37 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuring Layer 3 Interfaces This exampl e sho ws how to add a description on a p ort and ho w to veri fy the description: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch ...

  • Cisco Systems 3560X - page 416

    13-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring La yer 3 Interfaces • If the switch is n otifi ed by VLAN T runking Protocol (VTP) of a new VLAN, it sends a message that there are not enough hardware re sources av ailable and shuts do wn the VLAN. The o ...

  • Cisco Systems 3560X - page 417

    13-39 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuri ng the System MTU Configuring SVI Autostate Exclude Config uring SVI autostate ex clude on an access or trunk port in an SVI excludes that port in the calculation of the stat us of the SVI line state (up or do ...

  • Cisco Systems 3560X - page 418

    13-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring the System MTU • Y ou can enter the system mtu bytes gl obal configuration command on a Catalyst 3750-X switch , but the command does not take ef fect on the sw itch. This command only af fe cts the system ...

  • Cisco Systems 3560X - page 419

    13-41 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuri ng the System MTU The upper limit of the system routi ng MTU v alue is based on the switch or switch stack conf iguration and refers to either the current ly applied system MTU or the sy stem jumbo MTU value. ...

  • Cisco Systems 3560X - page 420

    13-42 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring the Cisco RPS 2300 in a Mixed Stack If you enter a v alue that is outside the allo wed range for th e specific type of interface, th e v alue is not accepted. This example sh ows ho w to set the maximum pack ...

  • Cisco Systems 3560X - page 421

    13-43 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuring the Cisco RPS 2300 in a Mixed Stack Beginning in user EXEC mode, follo w these steps to configure and manage the RPS 230 0: Command Purpose Step 1 power rps switc h-number name { string | serialnumber } Spec ...

  • Cisco Systems 3560X - page 422

    13-44 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring the Power Supp lies T o return to the RPS 2300 de fault settings, use these commands: • T o return to th e default name setti ng (no name is conf igured), use the power rps switch-number port rps-port-id n ...

  • Cisco Systems 3560X - page 423

    13-45 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Monitoring and Main ta ining the Interfaces Monitoring and Mainta ining the Interfaces These sections contain interface moni toring and maintenance information: • Monitoring Interf ace Status, page 13-45 • Clearing ...

  • Cisco Systems 3560X - page 424

    13-46 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Monitoring and Main ta ining the Interfaces Clearing and Resetting Interfaces and Counters Ta b l e 13-7 lists the pri vileged EXEC mode clear commands that you can use to clear counters and rese t interfaces. T o clear ...

  • Cisco Systems 3560X - page 425

    13-47 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Monitoring and Main ta ining the Interfaces Note The clear counters privi leged EXEC comman d does not clear counters retr iev ed by using Simple Network Management Protocol (SNMP), b ut only those seen wi th the show i ...

  • Cisco Systems 3560X - page 426

    13-48 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Monitoring and Main ta ining the Interfaces ...

  • Cisco Systems 3560X - page 427

    CH A P T E R 14-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 14 Configuring Auto Smartports Macros This chapter describes ho w to configure and apply Auto Smartports and static Smartp orts macros on the Catalyst 3750-X or 3560-X switch. Note For complete syntax and usage in formation for the commands u sed in this ch ...

  • Cisco Systems 3560X - page 428

    14-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Understanding Auto Sma rtp or ts an d Static Smartports Macros Auto Smartports uses e vents to map macros to the source port of the e vent. The most common e vent triggers are based on Cisco Di scovery Prot ocol (C DP) mess ...

  • Cisco Systems 3560X - page 429

    14-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Auto Smartports Figur e 14-1 Cisco Medianet Deployment Example Configuring Auto Smartports • Default Au to Smartports Conf iguration, page 14-3 • Auto Smartports Conf iguration Guidelines, page 14-4 • Enab ...

  • Cisco Systems 3560X - page 430

    14-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Configuring Auto Smartports Auto Smartports Configuration Guidelines • The bui lt-in macros cannot be deleted or changed. H owe ver , you can ov erride a b uilt-in macro by creating a user-def ined macro with the sa me na ...

  • Cisco Systems 3560X - page 431

    14-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Auto Smartports • For 802.1x aut hentication or MAB, conf igure the RADIUS serv er to support the Cisco attrib ute-v alue (av ) pair auto-smart-port = event trig ger to detect non-Cisco de vices. • For stat ...

  • Cisco Systems 3560X - page 432

    14-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Configuring Auto Smartports Configuring Auto Smartports Default Parameter Values The switch automatically maps from e vent triggers to b uilt-in macros. Y ou can follo w this procedure to replace Auto Smartports macro def a ...

  • Cisco Systems 3560X - page 433

    14-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Auto Smartports Default Macro:CISCO_PHONE_AUTO_SMARTPORT Current Macro:CISCO_PHONE_AUTO_SMARTPORT Configurable Parameters:ACCESS_VLAN VOICE_VLAN Defaults Parameters:ACCESS_VLAN=1 VOICE_VLAN=2 Current Parameters: ...

  • Cisco Systems 3560X - page 434

    14-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Configuring Auto Smartports This example sho w s ho w to create a MA C-address-g roup e vent trigger cal led addr ess_trigger and ho w to verify your entr ies: Switch# configure terminal Switch(config)# macro auto addres s- ...

  • Cisco Systems 3560X - page 435

    14-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Auto Smartports Configuring Auto Smartports Built-In Macro Options Use this procedure to map ev ent triggers to b uilt-in macros and to replace the built-in macro default parameter v alues with v a lues that are ...

  • Cisco Systems 3560X - page 436

    14-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Configuring Auto Smartports This ex ample sho ws ho w to use tw o b uilt-in Auto Sm artports macros for co nnec ting Cisco switches and Cisco IP phones to the sw itch. Th is example modifies the def ault voice VLAN, access ...

  • Cisco Systems 3560X - page 437

    14-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Auto Smartports Current configuration : 284 bytes ! interface GigabitEthernet1/0/1 interface GigabitEthernet0/1 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk srr-que ...

  • Cisco Systems 3560X - page 438

    14-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Configuring Auto Smartports Beginning in pri vileged EXEC mod e: Use the no shell t rigger identif ier global conf iguration command to delete th e ev ent trigger . This example sh ows ho w to map a user-def ined ev ent tr ...

  • Cisco Systems 3560X - page 439

    14-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Auto Smartports This example sh ows ho w to use the show shell trigg ers pri vileged EXEC command to vie w the event triggers in the switch softw are: Switch# show shell triggers User defined triggers --------- ...

  • Cisco Systems 3560X - page 440

    14-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Configuring Auto Smartports switchport trunk native vlan $NATIVE_VLAN switchport trunk allowed vlan ALL switchport mode trunk switchport nonegotiate auto qos voip trust mls qos trust cos exit end fi if [[ $LINKUP -eq NO ]] ...

  • Cisco Systems 3560X - page 441

    14-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Auto Smartports Configuring Auto Smartports User-Defined Macros The Cisco IOS shell provi des basic scripting capa bilities for configu ring the user -def ined Auto Smartports macros. These macros can contain m ...

  • Cisco Systems 3560X - page 442

    14-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Configuring Auto Smartports conf t interface $INTERFACE no macro description $TRIGGER no switchport access vlan 1 if [[ $AUTH_ENABLED -eq NO ]]; then no switchport mode access fi no switchport port-security no switchport p ...

  • Cisco Systems 3560X - page 443

    14-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Static Sma rtports M acro s Configuring Static Smartports Macros • Default Stati c Smartports Conf iguration, page 14-17 • Static Smartports Conf iguration Guidelines, page 14-17 • Applying Static Smartpo ...

  • Cisco Systems 3560X - page 444

    14-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Configuring Static Sma rtp or ts Macr os • Applying a macro to an interface range is the same as app lying a m acro to a single interface. When you use an interface range, the mac r o is applied sequentially to each inte ...

  • Cisco Systems 3560X - page 445

    14-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Static Sma rtports M acro s Y ou can only delete a global macro-applied configurati on on a switch b y entering the no version of ea ch command in the macro. Y ou can delete a macro-a p plied conf iguration o n ...

  • Cisco Systems 3560X - page 446

    14-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Displaying Auto Smartports and Static Smartports Macros Switch(config)# interface gigabitethernet1/0/4 Switch(config)# interface gigabit ethernet0/4 Switch(config-if)# macro apply ci sco-desktop $AVID 25 Displaying Auto Sm ...

  • Cisco Systems 3560X - page 447

    CH A P T E R 15-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 15 Configuring VLANs This chapter describe s ho w to configure no rmal-range VLANs (VLAN IDs 1 to 1005) and extended -range VLANs (VLAN IDs 10 06 to 4094) on the Catalyst 3750- X or 35 60-X switch. It in cludes i nformation abou t VLAN mem bership modes, VL ...

  • Cisco Systems 3560X - page 448

    15-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Understanding VLANs Figure 15-1 sho ws an example of VLANs seg mented into logically def ined networks. Figur e 15-1 VLANs as Logically Defined Networ ks VLANs are oft en associated with IP subnet works. F or example, all the end stations i ...

  • Cisco Systems 3560X - page 449

    15-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Understanding VLANs The switch supports per -VLAN spanning-tree plus (PVST+) or rapid PVST+ w ith a maximum of 128 spanning-tree instances . One spanning-tre e instance is allo wed per VLAN. See the “Normal-Range VLAN Config uration Guidel ...

  • Cisco Systems 3560X - page 450

    15-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring Normal-Ra nge VLANs For more detailed definit ions of access and trunk modes an d their functions, see Ta b l e 15-4 on page 15-16 . When a port belongs to a VLAN, th e switch learns a nd manages the addresses assoc iated with t ...

  • Cisco Systems 3560X - page 451

    15-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring Normal-Range VLANs Note This section does not pr ovide conf iguration details for most of these paramet ers. For complete information on the commands and parameters that control VLAN configurati on, see the command reference for ...

  • Cisco Systems 3560X - page 452

    15-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring Normal-Ra nge VLANs • The switch supports 128 spanning-tree instances. If a sw itch ha s more acti ve VLANs than supported spanning-tree instances, spanning tree can be enabl ed on 128 VLANs and is disabl ed on the remaining V ...

  • Cisco Systems 3560X - page 453

    15-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring Normal-Range VLANs • In VTP v ersions 1 and 2, if VTP mode is serv er , the domain name an d VLAN conf iguration for only the fir st 1005 VLANs use t he VLAN database information. VTP v ersion 3 also supports VLANs 1006 to 4094 ...

  • Cisco Systems 3560X - page 454

    15-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring Normal-Ra nge VLANs Beginning in pri vileged EXEC mod e, follo w these steps to create or mod ify an Ethernet VLAN: T o return the VLAN name to the default sett ings, use the no name , no mtu , or no r emote-span commands. This ...

  • Cisco Systems 3560X - page 455

    15-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring Normal-Range VLANs Beginning in priv ileged EXEC mode, foll ow these steps to delete a VLAN on the switch: Assigning Static-Access Ports to a VLAN Y ou can assign a static-access port to a VLAN without ha ving VTP globally propag ...

  • Cisco Systems 3560X - page 456

    15-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring Extende d- Range VLANs Switch(config-if)# switchport mode access Switch(config-if)# switchport acc ess vlan 2 Switch(config-if)# end Configuring Extended-Range VLANs W ith VTP v ersion 1 and v ersion 2, when the swit ch is in V ...

  • Cisco Systems 3560X - page 457

    15-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring Extended-Rang e VLANs • For VTP v ersion 1 or 2, you can set t he VTP mod e to transparent i n global conf iguration mode. See the “Conf iguring VTP Mode” section on p age 16-11 . Y ou should sa ve this conf iguration to t ...

  • Cisco Systems 3560X - page 458

    15-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring Extende d- Range VLANs In VTP ve rsion 1 and 2, e xtended-range VLANs are no t sav ed in the VLAN database; they are sa ved in the switch running conf iguration file. Y ou can sa ve the e xtended-range VLAN conf iguration in th ...

  • Cisco Systems 3560X - page 459

    15-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring Extended-Rang e VLANs Creating an Extended-Range VLAN with an Internal VLAN ID If you enter an e xtended-range VLAN ID that is al re ady assigned to an internal VL AN, an e rror message is generated, and the e x tended-ran ge VL ...

  • Cisco Systems 3560X - page 460

    15-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Displa yi n g VLANs Displaying VLANs Use the show vlan pri vileged EXEC command to d isplay a list of all VLANs on t he switch, including extended-range VLANs. The disp lay includes VLAN st atus, ports, and configuration in formation. Ta b ...

  • Cisco Systems 3560X - page 461

    15-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VLAN Trunks Figure 15-2 sho ws a network of switches that are connected by ISL trunks. Figur e 15-2 Switc hes in an ISL T r unking Environment Y ou can confi gure a trunk on a si ngle Ethernet int erface or on an Ether Channel b ...

  • Cisco Systems 3560X - page 462

    15-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VLAN Trunk s Encapsulation Types Ta b l e 15-5 lists the Ethernet trunk enca psulatio n types and keywords. Note The switch does not support Laye r 3 trunks; you cannot config ure subinterfaces or use the encapsulation keyw ord ...

  • Cisco Systems 3560X - page 463

    15-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VLAN Trunks IEEE 802.1Q Configur ation Considerations The IEEE 802.1Q trunks impose th ese limitations on the trunking strate gy for a network: • In a network of Cisco switches co nnected through IEEE 802.1Q trunk s, the switc ...

  • Cisco Systems 3560X - page 464

    15-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VLAN Trunk s • Changing the Pruning-Eligi ble List, page 15-20 • Config uring the Nati ve VLAN for U ntagged T raffic, page 15-21 Note By default, an interf ace is in Layer 2 mode . The default mode for La yer 2 interfaces ...

  • Cisco Systems 3560X - page 465

    15-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VLAN Trunks T o return an interface to it s default con figurat ion, use the default interface interface-id interface confi guration command. T o reset all trunking characteri stics of a trunking in terface to the def aults, use ...

  • Cisco Systems 3560X - page 466

    15-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VLAN Trunk s T o reduce the risk of spanning-tree loops or storms, you can disable VLAN 1 on any indiv idual VLAN trunk port b y remov ing VLAN 1 from the allo wed list. When you remov e VLAN 1 from a trunk port, the interface ...

  • Cisco Systems 3560X - page 467

    15-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VLAN Trunks Beginning in pri vileged EXEC mode, fol low th ese steps to remov e VLANs from t he pruning-eligible list on a trunk po rt: T o return to the default pruning-el igible list of all VLANs, use the no swit chport trunk ...

  • Cisco Systems 3560X - page 468

    15-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VLAN Trunk s T o return to the default nati ve VLAN, VLAN 1, use the no switchport trunk nati ve vlan interface confi guration command. If a packet has a VLAN ID that is the same as th e out going por t nati ve VLAN ID, t he pa ...

  • Cisco Systems 3560X - page 469

    15-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VLAN Trunks Figur e 15-3 Load Shar ing b y Using S TP P ort Pr ior ities Note If your switch is a member of a switch stack, you must use the spanning-tr ee [ vlan vlan-id ] cost cost interface configuration command instead o f t ...

  • Cisco Systems 3560X - page 470

    15-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VLAN Trunk s Load Sharing Usin g STP Path Cost Y ou can confi gure parallel trunks to share VLAN traf fic by setti ng dif ferent path costs on a trunk an d associating the path costs with dif ferent sets of VLANs, blocking d if ...

  • Cisco Systems 3560X - page 471

    15-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VMPS Beginni ng in pri vileged EXEC mode, fo llo w these steps to co nfigur e the netw ork sho wn in Figure 15-4 : Configuring VMPS The VLAN Query Protocol (VQP) is used to suppo rt dynamic-access ports, which are not permanentl ...

  • Cisco Systems 3560X - page 472

    15-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VMPS These sections contai n this information: • “Understanding VMPS” section on page 15-26 • “Default VMPS Client Con figur ation” section on pag e 15-27 • “VMPS Config uration Guidelines” section on page 15- ...

  • Cisco Systems 3560X - page 473

    15-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VMPS If there is a match, the VMPS sends the VLAN number for that port. If the client switch w as not pre viously conf igured, it uses the domain name from the first VTP p acket it recei ves on its trunk port from the VMPS. If t ...

  • Cisco Systems 3560X - page 474

    15-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VMPS • Secure ports cannot be dynamic-access ports. Y o u mu st disable port security on a port bef ore it becomes dynamic. • Pri vate VLAN ports cannot be dynamic-access ports. • Dynamic-access ports cannot be memb ers o ...

  • Cisco Systems 3560X - page 475

    15-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VMPS Caution Dynamic-access port VLAN membership is for en d stations or hubs connected to end stations. Connecting dynamic-access port s to other switches can cause a loss of connectivity . Beginning in pri vileged EXEC m ode, ...

  • Cisco Systems 3560X - page 476

    15-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VMPS Beginni ng in pri vileged EXEC mod e, follo w these steps to change the reconfi rmation interv al: T o return the switch to its default setting, use the no vmps r econfi rm global conf iguration command. Changing the Retry ...

  • Cisco Systems 3560X - page 477

    15-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VMPS This is an example of output for the show vmps pri vileged EXEC command: Switch# show vmps VQP Client Status: -------------------- VMPS VQP Version: 1 Reconfirm Interval: 60 min Server Retry Count: 3 VMPS domain server: 172 ...

  • Cisco Systems 3560X - page 478

    15-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VMPS Figur e 15-5 Dynamic P ort VLAN Membership Configuration Primar y VMPS Ser v er 1 Catalyst 6500 series Secondar y VMPS Ser v er 2 Catalyst 6500 series Secondar y VMPS Ser v er 3 172.20.26.150 172.20.26.151 Catalyst 6500 se ...

  • Cisco Systems 3560X - page 479

    CH A P T E R 16-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 16 Configuring VTP This chapter describe s ho w to use the VL AN T run king Protocol (VTP) and the VLAN database for managing VLANs with the Catalyst 3750-X or 3560-X sw itch. Unless otherwise noted, the term sw itch refers to a Catalyst 3750-X or 356 0-X s ...

  • Cisco Systems 3560X - page 480

    16-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Understanding VTP The switch supports 1005 VLANs, b ut the number of ro uted ports, SVIs, and other conf igured features affects the usage of the switch hardware. If the switch is noti fied by VTP of a ne w VLAN and the switc h is already us ...

  • Cisco Systems 3560X - page 481

    16-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configuring VTP Understanding VTP If you conf igure a sw itch for VTP transparent mode, you can create an d modify VLANs, b ut the changes are not sent to other switches in the domain, and they affect only the indi vidual switch. Howe ver , configuration chan ...

  • Cisco Systems 3560X - page 482

    16-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Understanding VTP VTP Advertisements Each switch in the VTP domain se nds periodic glob al configuration adv ertisements from ea ch trunk port to a reserved multicast add ress. Neighboring switche s recei ve these advertisements and update t ...

  • Cisco Systems 3560X - page 483

    16-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configuring VTP Understanding VTP • Consistency Checks—In VTP ve rs ion 2, VLAN consistenc y checks (such as VLAN names and v alues) are performed only when y ou enter new in formation throug h the CLI or SN MP . Consistenc y checks are not performed when ...

  • Cisco Systems 3560X - page 484

    16-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Understanding VTP VTP Pruning VTP pruning incr eases network a vailable b andwidth b y restricting flood ed traff ic to those trunk links that the traf fic must use to reach the destination de vices. W ithout VTP prunin g, a switch floods br ...

  • Cisco Systems 3560X - page 485

    16-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configuring VTP Understanding VTP Figure 16-2 sho ws a switched netw ork with VTP pruni ng enabled. The broadcast traf fic from Switch A is not forwarded to Switches C, E, and F because tr af f i c for the Re d VLAN has been pruned on the links sho wn (Port 5 ...

  • Cisco Systems 3560X - page 486

    16-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Configuring VTP • When VTP mode is changed in a switch in the stack , the other sw itches in the s tack also change VTP mode, and the switch VLAN da tabase remains consistent. VTP version 3 fun ctions the same o n a standalone swit ch or a ...

  • Cisco Systems 3560X - page 487

    16-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configuring VTP Configuring VTP VTP Configuration Guidelines Y ou use the vtp global configuration command to set the VTP passw ord, the v ersion, the VTP file name, the interface providing updated VTP information, th e domain name, and the mo de, and to disa ...

  • Cisco Systems 3560X - page 488

    16-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Configuring VTP Caution When you conf igure a V TP domain password, the manag ement domain does not funct ion properly if you do not assign a management do main password to each switch in the domain. VTP Version Follo w these guidelines whe ...

  • Cisco Systems 3560X - page 489

    16-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configuring VTP Configuring VTP Configuration Requirements When you confi gure VTP , you must conf igure a trunk port so th at the switch can send and recei ve VTP advertisements to and from ot her swit ches in the domain. For more informati on, see the “C ...

  • Cisco Systems 3560X - page 490

    16-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Configuring VTP • If you conf igure the switch for VTP client mode, t h e switch does not create the VLA N database file (vlan.dat). If the switch is then po wered off, it rese ts the VTP co nfiguratio n to the default. T o keep the VTP c ...

  • Cisco Systems 3560X - page 491

    16-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configuring VTP Configuring VTP T o return a switch in another mode t o VTP server mode, use the no vtp mode gl obal conf iguration command. T o return the switch to a no-password state, use the no vtp password global conf iguration command. This e xample sh ...

  • Cisco Systems 3560X - page 492

    16-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Configuring VTP Configuring a VTP Version 3 Primary Server Beginni ng in pri vileged EXEC mod e, follo w these steps on a VTP ser ver to conf igure it as a VTP primary server (v ersion 3 only), which starts a tak eov er operation: This exam ...

  • Cisco Systems 3560X - page 493

    16-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configuring VTP Configuring VTP Caution In VTP version 3, both the primary and secondary servers can ex ist on an instance in the domain. For more informati on on VTP versi on conf iguration guidelines, see the “VTP V ersion” section on page 16-10 . Begi ...

  • Cisco Systems 3560X - page 494

    16-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Configuring VTP Configuring VTP on a Per-Port Basis W ith VTP version 3, you can enable or disable VTP on a p er-port basis. Y ou can enable VTP only on ports that are in trun k mode. Incoming and ou tgoing VTP traffic are blocked, not forw ...

  • Cisco Systems 3560X - page 495

    16-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configuring VTP Monitoring VTP After resetting the conf iguration revision number , add the switch to the VTP domain. Note Y ou c an use the vtp mode transparent global conf iguration command to disable VTP o n the switch and then to change its VLAN informat ...

  • Cisco Systems 3560X - page 496

    16-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Monitoring VTP ...

  • Cisco Systems 3560X - page 497

    CH A P T E R 17-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 17 Configuring Voice VLAN This chapter describes ho w to configure the v o ice VLAN feature on the Catalyst 3750-X or 3560-X switch. Unless otherwise not ed, the term switc h refers to a Catalyst 3750-X or 3560-X stan dalone switch and to a Ca talyst 3750 - ...

  • Cisco Systems 3560X - page 498

    17-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 17 Configurin g Voice VLAN Understanding Voice VLAN Figure 17-1 sho ws one way to connect a Cisco 7960 IP Phone. Figur e 1 7 -1 Cisco 7960 IP Phone Connected t o a Switc h Cisco IP Phone Voice Traffic Y ou can configure an access port w ith an attac hed Cisco IP ...

  • Cisco Systems 3560X - page 499

    17-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 17 Configuring Voice VLAN Configuring Voic e VLAN Note Untagged traff ic from the de vice attached to the Ci sco IP Phone passes throu gh the phone unchanged, regardless of t he trust state of the access port on the phone. Configuring Voice VLAN These sections c ...

  • Cisco Systems 3560X - page 500

    17-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 17 Configurin g Voice VLAN Configuring Voice VLAN • The Port Fast feature is auto ma tically enabled when vo ice VLAN is conf igured. When you disable voice VLAN, the Port Fast featur e is not automatically disabl ed. • If the Cisco IP Ph one and a de vice a ...

  • Cisco Systems 3560X - page 501

    17-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 17 Configuring Voice VLAN Configuring Voic e VLAN Configuring Cisco IP Phone Voice Traffic Y ou can conf igure a port con nected to the Cisco IP Phone to send CDP packet s to the phone t o confi gure the way in which the phone sends v o ice traffic. The phone ca ...

  • Cisco Systems 3560X - page 502

    17-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 17 Configurin g Voice VLAN Configuring Voice VLAN This exampl e sho ws how to conf igure a port connected t o a Cisco IP Phone to use the CoS v alue to classify incoming traff ic, to use IEEE 802.1p priority tagging for v o ice traf f ic, and to use the default ...

  • Cisco Systems 3560X - page 503

    17-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 17 Configuring Voice VLAN Displaying Voice VLAN This exampl e sho ws how to configure a por t connected to a Cisco IP Pho ne to not change the p riority of frames receiv ed from the PC or the attached device: Switch# configure terminal Enter configuration comman ...

  • Cisco Systems 3560X - page 504

    17-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 17 Configurin g Voice VLAN Displaying Voice VLAN ...

  • Cisco Systems 3560X - page 505

    CH A P T E R 18-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 18 Configuring Private VLANs This chapter describes ho w to configure pri vate VLANs on the Catalyst 3750- or 35 60-X switch. Unless otherwise noted , the term switc h refers to a Catalyst 3750-X or 3560-X stand alone switch and to a Ca talyst 37 50-X switc ...

  • Cisco Systems 3560X - page 506

    18-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLANs Understanding Private VLANs Figur e 18-1 Pr ivate-VLAN Domain There are two types of secondary VLANs: • Isolated VLANs—Ports within an isolated VLAN cannot communi cate with each other at the Layer 2 level. • Community VLANs— ...

  • Cisco Systems 3560X - page 507

    18-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLAN s Understanding Private VLANs Primary and secondary VLANs have these characteristics: • Primary VLAN—A pri vate VLAN has only one primary VLAN. Every port i n a pri v ate VLAN is a member of the primary VLAN. The primar y VLAN car ...

  • Cisco Systems 3560X - page 508

    18-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLANs Understanding Private VLANs Private VLANs across Multiple Switches As with regular VLANs, pri vate VLANs can span mul tiple switches. A trunk port carries the p rimary VLAN and secondary VLANs t o a neighboring switch. The t runk por ...

  • Cisco Systems 3560X - page 509

    18-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLAN s Configuring Private VLANs Private VLANs and SVIs In a Layer 3 swit ch, a swit ch virtual interface (SVI ) represents the La yer 3 interf ace of a VLAN. Layer 3 de vices communicate with a pri vate VLAN only throug h the primary VLAN ...

  • Cisco Systems 3560X - page 510

    18-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLANs Configuring Private VLANs Tasks for Configuring Private VLANs T o configure a pri vate VLAN, perform these steps: Step 1 Set VTP mode to transparent. Step 2 Create the primary and secondary VLA Ns and associate them. See the “Confi ...

  • Cisco Systems 3560X - page 511

    18-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLAN s Configuring Private VLANs • W ith VTP version 1 or 2, after you ha ve confi gured pri vate VLA Ns, use the copy running-config startup conf ig privileg ed EXEC comm and to sav e the VTP transparent mode configuration and pri v ate ...

  • Cisco Systems 3560X - page 512

    18-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLANs Configuring Private VLANs T o filter out specif ic IP traff ic for a priv ate VLAN, you should apply the VLAN map to b oth the primary and secondary VLANs. • Y ou can apply router A CLs only on the primary-VLAN SVIs. The A CL is ap ...

  • Cisco Systems 3560X - page 513

    18-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLAN s Configuring Private VLANs – Link Aggre gation Control Prot ocol (LA CP) – Multicast VLAN Re gistration (MVR) – voi c e V L AN – W eb Cache Communication Protocol (WCCP) • Y ou can confi gure IEEE 802. 1x port-based authent ...

  • Cisco Systems 3560X - page 514

    18-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLANs Configuring Private VLANs When you associate secondary VLANs with a pr imary VLAN, note this syntax information: • The secondary_vlan_list pa rameter can not contain s paces. It ca n contai n multiple co mma-separated items. Each ...

  • Cisco Systems 3560X - page 515

    18-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLAN s Configuring Private VLANs Switch(config-vlan)# end Switch(config)# show vlan private vlan Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ 20 501 isolated 20 502 community ...

  • Cisco Systems 3560X - page 516

    18-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLANs Configuring Private VLANs Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: 20 501 <output ...

  • Cisco Systems 3560X - page 517

    18-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLAN s Configuring Private VLANs Use the show vlan pri vate-vla n or the show interface status privi leged EXEC comman d to display primary and secondary VLAN s and pri v ate-VLAN ports on the sw itch. Mapping Secondary VLANs to a Primary ...

  • Cisco Systems 3560X - page 518

    18-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLANs Monitoring Private VLANs --------- -------------- ----------------- vlan10 501 isolated vlan10 502 community Monitoring Private VLANs Ta b l e 18-1 sho ws the pri vileged EXEC commands for m onitoring pri vate-VLAN acti vity . This ...

  • Cisco Systems 3560X - page 519

    CH A P T E R 19-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 19 Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling V irtual pri vate netw orks (VPNs) provide enterprise-s cale connecti vity on a shar ed infrastructu re, often Ethernet-based, with the same secu rity , prioritization, reliability , and manageabilit ...

  • Cisco Systems 3560X - page 520

    19-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Understanding IEEE 802.1Q Tunneling tagged packets. A port conf igured to su pport IEEE 802.1Q tunne ling is called a tunnel port . When yo u confi gure tunneling, yo u assign a t unnel port to a VLAN ID ...

  • Cisco Systems 3560X - page 521

    19-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Understanding IEEE 802. 1 Q Tu nneling Figur e 19-2 Or ig inal (Normal), IEEE 802.1Q, an d Double-T agged Ether net P ack et For mats When the packet enters the trunk port of the service-provider e g re ...

  • Cisco Systems 3560X - page 522

    19-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring IEEE 802.1Q Tunneling Configuring IEEE 802.1Q Tunneling These sections contain this configu ration informat ion: • Default IEEE 802.1Q T unne ling Configur ation, page 19-4 • IEEE 802.1Q ...

  • Cisco Systems 3560X - page 523

    19-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configu ring IEEE 802.1Q Tunneling These are some wa ys to solve t his problem: • Use ISL trunks be tween core sw itches in th e service-provider netw ork. Although customer interfaces connected to edg ...

  • Cisco Systems 3560X - page 524

    19-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring IEEE 802.1Q Tunneling For e xample, the switch supports a maxi mum frame size of 1496 bytes with one of these conf igurations: • The switch has a system jumbo MT U value of 1500 bytes, and ...

  • Cisco Systems 3560X - page 525

    19-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configu ring IEEE 802.1Q Tunneling Configuring an I EEE 802.1Q Tunneling Port Beginning in priv ileged EXEC mode, foll ow these step s to co nfigu re a port as an IEEE 802. 1Q tunnel port: Use the no swi ...

  • Cisco Systems 3560X - page 526

    19-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Understanding Layer 2 Protoco l Tu nne ling Understanding Layer 2 Protocol Tunneling Customers at dif ferent sites connect ed across a service-provider netw ork need to use v arious Layer 2 protocols to ...

  • Cisco Systems 3560X - page 527

    19-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Understan ding Layer 2 Protocol Tunneling Figur e 19-4 Lay er 2 Protocol T unnel ing Figur e 19-5 La yer 2 Networ k T opology without Pr oper Conv e r gence In an SP network, you can use Layer 2 protocol ...

  • Cisco Systems 3560X - page 528

    19-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunnelin g For e xample, in Figure 19-6 , Customer A has two switches in the same VLAN that are connected through the SP ne twork. When the network t unnels PD Us, sw itche ...

  • Cisco Systems 3560X - page 529

    19-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configuring Layer 2 Protoc ol Tunneling See Figure 19-4 , with Customer X and Customer Y in access VLANs 30 and 40, respe cti vely . Asymmetric links connect the cust omers in Site 1 t o edge switches i ...

  • Cisco Systems 3560X - page 530

    19-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunnelin g Layer 2 Protocol Tunneling Co nfiguration Guidelines These are some configuration guidel ines and operating characteristics of Layer 2 p rotocol tunneling: • T ...

  • Cisco Systems 3560X - page 531

    19-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configuring Layer 2 Protoc ol Tunneling Configuring Layer 2 Protocol Tunneling Beginni ng in pri vileged EXEC mod e, follo w these steps to conf igure a port for Layer 2 protoco l tunneling : Command Pu ...

  • Cisco Systems 3560X - page 532

    19-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunnelin g Use the no l2protocol-tunnel [ cdp | stp | vtp ] i nterface conf iguration command to disable protocol tunneling for one of the Layer 2 protocols or fo r all thr ...

  • Cisco Systems 3560X - page 533

    19-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configuring Layer 2 Protoc ol Tunneling Use the no l2protocol-tunnel [ point-to-point [ pagp | lacp | udld ]] interface conf iguration command to disable point-to -point protocol tunneli ng for one of t ...

  • Cisco Systems 3560X - page 534

    19-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunnelin g Configuring the Customer Switch After conf iguring the SP edge switch, be gin in pri vileged EXEC mode and follo w these steps to configure a customer switch for ...

  • Cisco Systems 3560X - page 535

    19-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configuring Layer 2 Protoc ol Tunneling Switch(config-if)# l2protocol-tunnel drop-threshold point-to-point pagp 1000 Switch(config-if)# exit Switch(config)# interface gigabite thernet1/0/3 Switch(config ...

  • Cisco Systems 3560X - page 536

    19-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Monitoring and Main ta ining Tunneling Status Monitoring and Mainta ining Tunneling Status Ta b l e 19-2 sho ws the pri vileged EXEC commands for monitoring and maintaining IEEE 802. 1Q and Layer 2 prot ...

  • Cisco Systems 3560X - page 537

    CH A P T E R 20-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 20 Configuring STP This chapter d escribes ho w to conf igure the Spannin g T ree Protocol (STP) o n port-based VLANs on the Catalyst 37 50-X or 35 60-X swit ch. The sw it ch can use either the per -VLAN spanning-tree pl us (PVST+) protocol based on the IEE ...

  • Cisco Systems 3560X - page 538

    20-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Understanding Spannin g- Tr ee Featu res • Spanning-T ree Modes and Protocols, page 20-9 • Supported Spanning- T ree Instances, page 20-10 • Spanning-T ree Interoperability and Backw ard Compatibility , page 20-10 • STP and IEEE 802. ...

  • Cisco Systems 3560X - page 539

    20-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Understanding Spanning -Tree Features Spanning-Tree Topology and BPDUs The stable, activ e spa nning-tree to pology of a switch ed network is controlled b y these elements: • The unique bridge ID (switch pr iority and MA C address) associat ...

  • Cisco Systems 3560X - page 540

    20-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Understanding Spannin g- Tr ee Featu res Only one outgoing port on the stack roo t switch is selected as th e root port. The remain ing switches in the stack become its desi gnated switches (Switch 2 and Switch 3) as shown in Figure 20-1 on ...

  • Cisco Systems 3560X - page 541

    20-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Understanding Spanning -Tree Features The switch suppo rts the IEEE 802.1t sp anning-tree extensions, an d some of the bits previously used for the switch priority are no w used as the VLAN identif ier . The result is that fe wer MA C addresse ...

  • Cisco Systems 3560X - page 542

    20-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Understanding Spannin g- Tr ee Featu res • From learning to forw arding or to disabled • From forwarding to dis abled Figure 20-2 illustra tes how an interface moves through the states. Figur e 20-2 Spanning-T ree Interf ace States When ...

  • Cisco Systems 3560X - page 543

    20-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Understanding Spanning -Tree Features • Does not learn addr esses • Receiv es BPDUs Listening State The listening state is the first state a Layer 2 inte rface enters after the blocking state. The interface enters this state when the spann ...

  • Cisco Systems 3560X - page 544

    20-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Understanding Spannin g- Tr ee Featu res How a Switch or Port Becomes the Root Switch or Root Port If all switches in a network are enabled with defaul t spanning-tree settings, the swi tch with the lo west MA C address becomes the root swit ...

  • Cisco Systems 3560X - page 545

    20-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Understanding Spanning -Tree Features Regardless of the spanning-tree state, each switch in the stack recei ves b ut does not forward packets destined for addresses between 0 x0180C2000000 and 0x0 180C200000F . If spanning tr ee is enabled, th ...

  • Cisco Systems 3560X - page 546

    20-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Understanding Spannin g- Tr ee Featu res forward delay and by quick ly transitioning root p orts and designated ports t o the forwardin g state. In a switch stack , the cross-stack rapid transition (CSR T) feature performs t he same functio ...

  • Cisco Systems 3560X - page 547

    20-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Understanding Spanning -Tree Features When you connect a Cisco switch to a non-Cisco device through an I EEE 802.1Q trunk, the Cisco switch uses PVST+ to provide spann ing-tree interoperability . If rapid PVST+ is enabled, the swit ch uses it ...

  • Cisco Systems 3560X - page 548

    20-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Configuring Spanning -T ree Features For more information about switch stacks, see Chapter 5, “Managing Switch Stacks. ” Configuring Spanning-Tree Features These sections contain this configu ration informat ion: • Default Spann ing-T ...

  • Cisco Systems 3560X - page 549

    20-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Configuring Spa nning -Tree Features Spanning-Tree Configuration Guidelines Each stack member runs its o wn spanning tree, and the entire stack a ppears as a single swit ch to the rest of the network. If more VLANs are defined in the VTP than ...

  • Cisco Systems 3560X - page 550

    20-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Configuring Spanning -T ree Features Spanning-tree com mands control the conf iguratio n of VLAN spa nning-tree instances. Y ou create a spanning-tree instance when you assign an interface to a VLAN. The spanning-tree instance is removed wh ...

  • Cisco Systems 3560X - page 551

    20-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Configuring Spa nning -Tree Features T o return to the defa ult setting, use th e no spanning-tree mode global conf iguration command. T o return the port to its def ault setting, use the no spanning-tree link-type interface conf iguration co ...

  • Cisco Systems 3560X - page 552

    20-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Configuring Spanning -T ree Features T o conf igure a switch to become the roo t for the specif ied VLAN, use the spanning-tree vlan vlan-id roo t global configuratio n command to modify the swit ch priority from t he default v alue (32768) ...

  • Cisco Systems 3560X - page 553

    20-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Configuring Spa nning -Tree Features Beginning in p rivile ged EXEC mod e, follow these step s to conf igure a switch to become the root for the specified VLAN. This procedure is optional. T o return to the default setti ng, use the no spanni ...

  • Cisco Systems 3560X - page 554

    20-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Configuring Spanning -T ree Features Beginning in privil eged EXEC mode, fol low these st eps t o conf igure a switch to become the secondary root for the sp ecified VLAN. This pro cedure is optional . T o return to the def ault setting, us ...

  • Cisco Systems 3560X - page 555

    20-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Configuring Spa nning -Tree Features Beginning in pri vileged EXEC mode, follow these steps to conf igure the port priority of an interf ace. This procedure is optional. Note The show spanning-tr ee interface interfac e-id pri vileged EXEC co ...

  • Cisco Systems 3560X - page 556

    20-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Configuring Spanning -T ree Features Configuring Path Cost The spanning-tree path cost default v alue is deri ved from the media sp eed of an interface. If a l oop occurs, spanning tree uses cost when se lecting an in terface to put in the ...

  • Cisco Systems 3560X - page 557

    20-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Configuring Spa nning -Tree Features T o return to the default setti ng, use the no spanning-tree [ vlan vlan-id ] cost interface c onf iguration command. For inf ormation on ho w to configure load sharing on t runk ports by using spannin g-t ...

  • Cisco Systems 3560X - page 558

    20-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Configuring Spanning -T ree Features Configuring Spanning-Tree Timers Ta b l e 20-4 describes the timers that af fect the entire spanning-tree p erformance. The sections that fol low pro vide the configuratio n steps. Configuring the Hello ...

  • Cisco Systems 3560X - page 559

    20-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Configuring Spa nning -Tree Features Configuring the Forwardi ng-Delay Time for a VLAN Beginni ng in pri vileged EXEC mode, follo w these steps to conf igure the forwarding-delay time for a VLAN. This procedure is optional. T o return to the ...

  • Cisco Systems 3560X - page 560

    20-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Displaying the Spanning-T re e Status Configuring the Transmit Hold-Count Y ou can confi gure the BPDU b urst size by changi ng the transmit hold coun t v alue. Note Changing this parameter to a h igher v alue can ha ve a significant impact ...

  • Cisco Systems 3560X - page 561

    CH A P T E R 21-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 21 Configuring MSTP This chapter describe s ho w to configure the Cisco i mplementation of t he IEEE 802.1s Multip le STP (MSTP) on the Catalyst 3750-X or 3 560-X switch. Note The multiple spanning-tree (MST ) implementation is based on the IEEE 802.1s stan ...

  • Cisco Systems 3560X - page 562

    21-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Understanding MSTP Understanding MSTP MSTP , which uses RSTP for rapid con ver gence, en ables VLANs to be grouped into a spanning-tree instance, with each instance h aving a spann ing-tree topology ind ependent of other spanni ng-tree insta ...

  • Cisco Systems 3560X - page 563

    21-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Understanding MSTP The IST is the only spanni ng-tree instance that sends and recei ves BPDUs. All of the other spanning-tree instance informatio n is cont ained in M-records, wh ich are encapsulate d with in MSTP BPDUs. Because the MSTP BPDU ...

  • Cisco Systems 3560X - page 564

    21-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Understanding MSTP The IST connects all the MSTP switches in the regi on and appears as a s ubtree in the CIST that encompasses the entire swit ched domain. The root of the subtree is the CIST re gional root. The MST region appears as a virt ...

  • Cisco Systems 3560X - page 565

    21-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Understanding MSTP IEEE 802.1s Terminology Some MST naming con ventions used in Cisco ’ s pres tandard implementation ha ve been changed to identify some internal or r e gional parameters. These parameters are signif icant only within an MS ...

  • Cisco Systems 3560X - page 566

    21-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Understanding MSTP Boundary Ports In the Cisco prestandard i mplementation, a boundar y port connects an MST r egion to a sing le spanning-tree re gion running RSTP , to a single spanning-tree region running PVST+ or rapid PVST+, or to anoth ...

  • Cisco Systems 3560X - page 567

    21-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Understanding MSTP • The boundary port is not t he root port of the CIST re gional root—The MSTI po rts follo w the state and role of the CIST port. Th e standard pro vides less information, and it mi ght be dif f icult to understand why ...

  • Cisco Systems 3560X - page 568

    21-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Understanding MSTP Figure 21-3 illustrates a un idirectional link failu re that typically creates a bridging loop. Switch A is the root switch, and its BPDUs are lost on the link leading to switch B. RSTP and MST BPDUs include the ro le and ...

  • Cisco Systems 3560X - page 569

    21-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Understanding RSTP to a po rt when the switch to which this switch is co nnected has joined the re gion. T o restart th e protocol migration process (force th e renegotiati on with neighboring switches), use the clear spanning -tree detected- ...

  • Cisco Systems 3560X - page 570

    21-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Understanding RSTP In a stab le topology with consistent port roles throughout the netw ork, the RSTP ensur es that ev ery root port and designated port immediat ely transition to th e forwarding state while all alternate and backup ports a ...

  • Cisco Systems 3560X - page 571

    21-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Understanding RSTP When Switch C is connected to Switch B, a si milar set of handshak ing messages are exchanged. Switch C selects the port connected to Switch B as its roo t port, and both ends immediately transition to t he forwarding stat ...

  • Cisco Systems 3560X - page 572

    21-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Understanding RSTP After ensuring that all of the ports are synchroniz ed, the switch sends an agreement message to the designated switch co rrespondin g to its root port. When the switches connected b y a point-to- point link are in agreem ...

  • Cisco Systems 3560X - page 573

    21-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Understanding RSTP The sending switch sets the proposal flag in the RSTP BPDU to propose itself as the designated switch on that LAN. The port role in the proposal message is always set to the designated port. The sending switch sets the agr ...

  • Cisco Systems 3560X - page 574

    21-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Configuring MSTP Features • Propagation—When an RSTP switch recei ves a TC message from another switch through a designated or root port, it propagates the chang e to all of its nonedge, desig nated ports and to the root port (e xcludin ...

  • Cisco Systems 3560X - page 575

    21-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Configuring MSTP Features For info rmation about the supported nu mber of spanning-tree instan ces, see the “Support ed Spanning-T ree Instanc es” section on page 20-10 . MSTP Configuration Guidelines These are the configurati on guid el ...

  • Cisco Systems 3560X - page 576

    21-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Configuring MSTP Features • All MST boundary po rts must be forwarding for lo ad-balancing b etween a PVST+ and an MST cloud or between a r apid-PVST+ and an MST cloud. F or this to occur , the IST master of t he MST cloud should also be ...

  • Cisco Systems 3560X - page 577

    21-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Configuring MSTP Features T o return to the def ault MST region config uration, use the no spanning-tr ee mst configurati on global confi guration command. T o return to the default VLAN-to-i nstance map, use the no instance instance-id [ vl ...

  • Cisco Systems 3560X - page 578

    21-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Configuring MSTP Features Instance Vlans Mapped -------- --------------------- 0 1-9,21-4094 1 10-20 ------------------------------- Switch(config-mst)# exit Switch(config)# Configuring the Root Switch The switch maintains a spanning-t ree ...

  • Cisco Systems 3560X - page 579

    21-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Configuring MSTP Features Beginning in priv ileged EXEC mode, foll ow these step s to co nfigu re a switch as the root switch. Thi s procedure is optional . T o return the switch to its default setting, use the no spanni ng-tr ee mst instanc ...

  • Cisco Systems 3560X - page 580

    21-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Configuring MSTP Features Beginning in pri vileged EXEC mode, foll ow th ese steps to conf igure a switch as the secondary root switch. This procedure is optional. T o return the switch to its default setting, use the no spanni ng-tr ee mst ...

  • Cisco Systems 3560X - page 581

    21-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Configuring MSTP Features Beginning in pri vileged EXEC mod e, follo w these steps to conf igure the MSTP port priority of an interface. This pro cedure is optional. Note The show spanning-tr ee mst interface interfac e-id pri vileged EXEC c ...

  • Cisco Systems 3560X - page 582

    21-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Configuring MSTP Features Beginning in privil eged EXEC mode, follo w these steps to configure the MSTP cost of an interface. This procedure is optional . Note The show spanning-tr ee mst interface interfac e-id pri vileged EXEC co mmand di ...

  • Cisco Systems 3560X - page 583

    21-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Configuring MSTP Features Beginni ng in pri vileged EXEC mo de, follow these step s to conf igure the switch priority . This procedure is optio nal. T o return the switch to its default setting, use the no spanni ng-tr ee mst instance-id pri ...

  • Cisco Systems 3560X - page 584

    21-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Configuring MSTP Features Configuring the Forwarding-Delay Time Beginni ng in pri vileged EXEC mod e, follo w these steps to conf igure the forwarding-delay t ime for all MST instances. This procedure is optio nal. T o return the switch to ...

  • Cisco Systems 3560X - page 585

    21-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Configuring MSTP Features Configuring the Maximum-Hop Count Beginni ng in pri vile ged EXEC mode, follo w these steps to conf igure the maximum-hop count for all MST instances. This procedure is optio nal. T o return the switch to it s defau ...

  • Cisco Systems 3560X - page 586

    21-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Configuring MSTP Features Designating the Neighbor Type A topology could contain both pr estandard and IEEE 802.1s standard comp liant devices. By default, ports can automatically de tect prestandard de vices, but the y can still recei ve b ...

  • Cisco Systems 3560X - page 587

    21-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Displaying the MST Co nfiguration and Status Displaying the MST Configuration and Status T o display the spanning-tree status, u se one or more of the pri vileged EXEC commands in Ta b l e 21-5 : For info rmation about other k eywo rds for t ...

  • Cisco Systems 3560X - page 588

    21-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Displaying the MST Configuration and Status ...

  • Cisco Systems 3560X - page 589

    CH A P T E R 22-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 22 Configuring Optional Spanning-Tree Features This chapter describes h ow to con figure o ptional spanning -tree features on the Catalyst 3750-X or 3560-X switch. Y o u can co nfigur e all of these features when your switch is runnin g the per -VLAN spanni ...

  • Cisco Systems 3560X - page 590

    22-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Understanding Op tional Spanning-Tree Features Understanding Port Fast Port Fast immediately brings an interface conf igured as an access or trunk port to the f orwarding state from a blocking state, b y passing t ...

  • Cisco Systems 3560X - page 591

    22-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Understanding Optional Spa nning -Tree Features At the interf ace le vel, you enable BPDU guard on an y port by usin g the spanning-tree bpduguard enable interface conf iguration command without also en abling the ...

  • Cisco Systems 3560X - page 592

    22-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Understanding Op tional Spanning-Tree Features Figur e 22-2 Switc hes in a Hierarc hical Networ k If a switch loses connecti vity , it beg ins using the alte rnate paths as soon as th e spanning tree selects a ne ...

  • Cisco Systems 3560X - page 593

    22-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Understanding Optional Spa nning -Tree Features Figur e 22-3 UplinkF ast Example Before Dir ect Link Failur e If Switch C de tects a link f ailure on the currentl y acti ve link L2 on the ro ot port (a dir ect lin ...

  • Cisco Systems 3560X - page 594

    22-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Understanding Op tional Spanning-Tree Features How CSUF Works CSUF ensure s that one link in t he stack is electe d as the path to th e root. As shown in Figure 22-5 , the stack-root port on Switch 1 p rovides the ...

  • Cisco Systems 3560X - page 595

    22-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Understanding Optional Spa nning -Tree Features Each switch in the stack decides if the send ing switch is a better choice than itself to be the stack root of this spanning-tree instan ce by comparing the root , c ...

  • Cisco Systems 3560X - page 596

    22-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Understanding Op tional Spanning-Tree Features BackboneF ast, which is enabled b y using the spanning-tr ee backbonefast global confi guration command, starts when a root port or block ed interface on a switch rec ...

  • Cisco Systems 3560X - page 597

    22-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Understanding Optional Spa nning -Tree Features If link L1 fa ils as show n in Figure 22-7 , Switch C cannot detect this failure because it is not connected directly to l ink L1. Ho wev er , because Switch B is d ...

  • Cisco Systems 3560X - page 598

    22-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Understanding Op tional Spanning-Tree Features Understanding EtherChannel Guard Y ou can use EtherChannel guard to d etect an EtherC hannel misconf iguration between the switch and a connected device. A misconf i ...

  • Cisco Systems 3560X - page 599

    22-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Configuring Optional Spanning -Tree Features Figur e 22-9 Root Guard in a Service-Pro v ider Networ k Understanding Loop Guard Y ou can use loop guar d to pre vent al ternate or root ports from becomi ng designat ...

  • Cisco Systems 3560X - page 600

    22-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Configuring Optio na l Spannin g-Tree Features • Enabling BackboneF ast, page 22-16 (optional) • Enabling Ethe rChannel Gua rd, page 22-17 (optional) • Enabling Root Guard, page 22 -18 (optional) • Enabli ...

  • Cisco Systems 3560X - page 601

    22-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Configuring Optional Spanning -Tree Features Y ou can enable this feature if your switch is running PVST+, rapid PVST+, or MSTP . Beginning in pri vileged EXEC mode, fol low these steps t o enable Port Fast. Thi ...

  • Cisco Systems 3560X - page 602

    22-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Configuring Optio na l Spannin g-Tree Features The BPDU guard feature pro vides a secure response to in v alid configurat ions because you must manually put the port b ack in service. Use the BPDU guard feature i ...

  • Cisco Systems 3560X - page 603

    22-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Configuring Optional Spanning -Tree Features Y ou can also use the spanning-tr ee bpdufilter enable interface conf iguration command to enable BPDU filteri ng on any interface wi thout also enabling th e Port Fas ...

  • Cisco Systems 3560X - page 604

    22-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Configuring Optio na l Spannin g-Tree Features Beginning in p rivile ged EXEC mode, follow these st eps to enable Up linkFast and CSUF . This procedure is optio nal. When UplinkFast is enabled, the sw i tch prior ...

  • Cisco Systems 3560X - page 605

    22-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Configuring Optional Spanning -Tree Features Note If you use BackboneFast, y ou must enable it on all switches in the netw ork. BackboneFast is no t supported on T oken Ring VLANs. This feature is supported f or ...

  • Cisco Systems 3560X - page 606

    22-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Configuring Optio na l Spannin g-Tree Features Enabling Root Guard Root guard enabled on an int erface applies to all the VLANs to which t he interface belongs. D o not enable the root guar d on interfaces to be ...

  • Cisco Systems 3560X - page 607

    22-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Displaying th e Spanning-Tree Status T o globally disable loop g uard, use the no spanning-tr ee loopguard default g lobal configuration command. Y ou can o verride the se tting of the no spanning-tree loopguard ...

  • Cisco Systems 3560X - page 608

    22-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Displaying the Spanning-T re e Status ...

  • Cisco Systems 3560X - page 609

    CH A P T E R 23-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 23 Configuring Flex Links and the MAC Address-Table Move Update Feature This chapter describe s ho w to configure Flex Li nks, a pair of interf aces on the Catalyst 3750-X or 3560-X switch that pro vide a mu tual backup. It a lso descri bes how to configure ...

  • Cisco Systems 3560X - page 610

    23-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links a nd the MAC Address-Table Move Upd ate Feature Understanding Flex Links and the MAC Address-Table Move Update typically conf igured in service pro vider or enterprise networ ks where customers do not w ant to run STP on the switch. If ...

  • Cisco Systems 3560X - page 611

    23-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links and the MA C Address-Tabl e Move Update Featu re Understanding Flex Links and the MAC Address-Table Move U pdate Figur e 23-2 VLAN Flex Links Load Bala ncing Configur ati on Example Flex Link Multicast Fast Convergence Flex Link Multica ...

  • Cisco Systems 3560X - page 612

    23-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links a nd the MAC Address-Table Move Upd ate Feature Understanding Flex Links and the MAC Address-Table Move Update Leaking IGMP Reports T o achie ve multi cast traf fic con vergence with mini mal loss, a redun dant data path mu st be set up ...

  • Cisco Systems 3560X - page 613

    23-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links and the MA C Address-Tabl e Move Update Featu re Understanding Flex Links and the MAC Address-Table Move U pdate Similarly , both Flex Link p orts are part of learn ed groups. In this e xample, Giga bitEthernet2/0/11 is a recei ver/host ...

  • Cisco Systems 3560X - page 614

    23-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links a nd the MAC Address-Table Move Upd ate Feature Understanding Flex Links and the MAC Address-Table Move Update Whene ver a host responds to the general query , the switch forwards this repo rt on all the mrouter ports. When you turn on ...

  • Cisco Systems 3560X - page 615

    23-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links and the MA C Address-Tabl e Move Update Featu re Configuring Flex Links and MA C Address-Table M ove U pdate Figur e 23-3 MAC A ddress-T able Mo ve Update Example Configuring Flex Links and MA C Address-Table Move Update These sections ...

  • Cisco Systems 3560X - page 616

    23-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links a nd the MAC Address-Table Move Upd ate Feature Configuring Flex Lin ks and MAC Ad dr ess-T able Move Update • An interface can belong to only one Fle x Link pair . An interface can be a backup link for only one activ e link. An activ ...

  • Cisco Systems 3560X - page 617

    23-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links and the MA C Address-Tabl e Move Update Featu re Configuring Flex Links and MA C Address-Table M ove U pdate T o disable a Fle x Link backup interf ace, use the no switchport backup interface interface-id interface confi guration comman ...

  • Cisco Systems 3560X - page 618

    23-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links a nd the MAC Address-Table Move Upd ate Feature Configuring Flex Lin ks and MAC Ad dr ess-T able Move Update T o remove a preemption scheme, u se the no switchport backup interface interface-id pr eemption mode interface conf iguration ...

  • Cisco Systems 3560X - page 619

    23-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links and the MA C Address-Tabl e Move Update Featu re Configuring Flex Links and MA C Address-Table M ove U pdate In the follo wing example, VLANs 1 to 50, 6 0, and 100 to 120 ar e configur ed on the switch: Switch(config)# interface gigabi ...

  • Cisco Systems 3560X - page 620

    23-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links a nd the MAC Address-Table Move Upd ate Feature Configuring Flex Lin ks and MAC Ad dr ess-T able Move Update Configuring the MAC Address-Table Move Update Feature This section contains this information: • Config uring a switch to sen ...

  • Cisco Systems 3560X - page 621

    23-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links and the MA C Address-Tabl e Move Update Featu re Configuring Flex Links and MA C Address-Table M ove U pdate This exampl e show s how to verify the conf iguration: Switch# show mac-address-table move update Switch-ID : 010b.4630.1780 D ...

  • Cisco Systems 3560X - page 622

    23-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links a nd the MAC Address-Table Move Upd ate Feature Monitoring Flex Links and the MAC Address-Ta ble Move Update Monitoring Flex Links and the MAC Address-Table Move Update Ta b l e 23-1 sho ws the pri vile ged EXEC commands for monitoring ...

  • Cisco Systems 3560X - page 623

    CH A P T E R 24-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 24 Configuring DHCP Featur es and IP Source Guard This chapter describe s ho w to configure DHCP snoo ping and option-82 data insertion, and the DHCP server port-based address alloca tion featur es on the Cat alyst 3750-X or 35 60-X switch. It also describe ...

  • Cisco Systems 3560X - page 624

    24-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Understanding DHCP Features • Cisco IOS DHCP Server Database, page 24 -6 • DHCP Snooping Binding Database, page 24-6 For information about the D HCP client, see the “ Configuring DHCP ” section of the “ ...

  • Cisco Systems 3560X - page 625

    24-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Understanding DHCP Features When a switch receiv es a packet on an untrusted in terface and the inte rface belongs to a V LAN in which DHCP snooping is en abled, the swit ch compares th e source MA C address and ...

  • Cisco Systems 3560X - page 626

    24-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Understanding DHCP Features Figur e 24-1 DHCP Rela y A gent in a Metropolitan Ether net Netw ork When you enable the DHCP snooping in formation option 82 on the switch, th is sequence of eve n ts occurs : • The ...

  • Cisco Systems 3560X - page 627

    24-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Understanding DHCP Features In the port f ield of the circuit ID suboption, the port numbers start at 3. F or example, on a Catalyst 37 50-E switch with 24 10/100/1000 ports and four small form-factor pluggable ...

  • Cisco Systems 3560X - page 628

    24-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Understanding DHCP Features Figur e 24-3 User -Configur ed Subo pti on P ack et For mats Cisco IOS DHCP Server Database During the DHCP -based autoconfiguration proc ess, the designated DHCP server uses th e Cisc ...

  • Cisco Systems 3560X - page 629

    24-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Understanding DHCP Features When reloading, the switch r eads the binding f ile to build the DH CP snooping binding d atabase. The switch updates the f ile when the database changes. When a switch learns of ne w ...

  • Cisco Systems 3560X - page 630

    24-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Features When a stack merge occurs, all DHCP sn ooping bindings in th e stack master are lost if it i s no longer the stack master . With a stack partition, the exis ting stack master is unch ang ...

  • Cisco Systems 3560X - page 631

    24-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Configuring DHCP Features DHCP Snooping Configuration Guidelines • Y ou must globally enable DHCP sn ooping on the switch. • DHCP snooping is n ot acti ve until D HCP snooping is enabled on a VLAN. • Befor ...

  • Cisco Systems 3560X - page 632

    24-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Features • Follo w these guidelines when conf iguring the DHCP snooping binding datab ase: – Because both NVRAM and the flash memor y hav e limited storage capacity , we reco mmend that you ...

  • Cisco Systems 3560X - page 633

    24-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Configuring DHCP Features Configuring the DHCP Relay Agent Beginning in priv ileged EXEC mode, foll ow these steps to enable th e DHCP relay agent on the switch: T o disable the DHCP server and relay agent, use ...

  • Cisco Systems 3560X - page 634

    24-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Features T o remove the DHCP packet forw arding address, use the no ip helper -address addr ess interface confi guration command. Enabling DHCP Snooping and Option 82 Beginning in pri vileged EX ...

  • Cisco Systems 3560X - page 635

    24-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Configuring DHCP Features T o disable DHCP snooping, use the no ip dhcp snooping global conf iguration command. T o disable DHCP snooping on a VLAN or range o f VLANs, use the no ip dhcp snooping vlan vlan-r an ...

  • Cisco Systems 3560X - page 636

    24-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Features This exampl e sho ws how to enable DHCP snooping globally and on VLAN 10 and to conf igure a rate limit of 100 pa ckets per second on a p ort: Switch(config)# ip dhcp snooping Switch(co ...

  • Cisco Systems 3560X - page 637

    24-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Configuring DHCP Features Enabling the DHCP Snooping Binding Database Agent Beginning in pri vileged EXEC mode, follow these steps to enable and conf igure the DHCP snooping binding database agen t on the switc ...

  • Cisco Systems 3560X - page 638

    24-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Displaying DHCP Sno oping Inform ation Displaying DHCP Snooping Information Note If DHCP snoopi ng is enabled and an interf ace changes to the do wn state, the swit ch does not delete the statically conf igured ...

  • Cisco Systems 3560X - page 639

    24-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Understanding IP Sou rce Guard Source IP Address Filtering When IPSG is enabled wit h this option, IP traff ic is filtered b ased on the source IP address. The swit ch forwards IP traf fic when the sourc e IP a ...

  • Cisco Systems 3560X - page 640

    24-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring IP Source Gua rd Note Some IP hosts with multiple netw ork interfaces can inject some in valid packet s into a network interface. The in valid packets co ntain the IP or MA C address for another netw ...

  • Cisco Systems 3560X - page 641

    24-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Con f ig uring IP Source Guard • If you enable IP source guard with source IP and MA C address filtering, DHCP snooping and port security must be enabled on the in terface. Y ou must also enter the ip dhcp sn ...

  • Cisco Systems 3560X - page 642

    24-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring IP Source Gua rd T o disable IP source guard with source IP address f iltering, use the no ip verify sour ce interface confi guration command. T o delete a static IP source binding entry , use the no ...

  • Cisco Systems 3560X - page 643

    24-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Con f ig uring IP Source Guard Beginni ng in pri vileged EXEC mod e: This example sho ws how to stop IPSG with static hosts on an interf ace. Switch(config-if)# no ip verify source Switch(config-if)# no ip devi ...

  • Cisco Systems 3560X - page 644

    24-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring IP Source Gua rd This exampl e show s how to enable IPSG with static hosts on a port. Switch(config)# ip device tracking Switch(config)# ip device trackin g max 10 Switch(config-if)# ip verify sour c ...

  • Cisco Systems 3560X - page 645

    24-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Con f ig uring IP Source Guard IP Address MAC Address Vlan Interface STATE --------------------------------------------------------------------- 200.1.1.8 0001.0600.0000 8 GigabitEthernet1/0/1 INACTIVE 200.1.1. ...

  • Cisco Systems 3560X - page 646

    24-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring IP Source Gua rd Configuring IP Source Guar d for Static Hosts on a Private VLAN Host Port Note Y ou must globally conf igure the ip device tracking maximum limit-number interf ace configuration comm ...

  • Cisco Systems 3560X - page 647

    24-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Displaying IP Source Guard Information This exa mple sho ws how to enab le IPSG for static ho sts with IP filters on a pri vate VLAN host port: Switch(config)# vlan 200 Switch(config-vlan)# private-vlan primary ...

  • Cisco Systems 3560X - page 648

    24-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Understanding DHCP Se rver Port-Based Ad dress Allocation Understanding DHCP Server Port-Based Address Allocation DHCP server port-based address allocation is a fe ature that enables DHCP to maintain t he same I ...

  • Cisco Systems 3560X - page 649

    24-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Configuring DHCP Server Port -Based Address Allocation Enabling DHCP Server Port-Based Address Allocation Beginni ng in pri vileged EXEC mod e , follo w these steps to g lobally enable port-b ased address alloc ...

  • Cisco Systems 3560X - page 650

    24-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Server Port- Ba se d Add re ss Allocation T o disable DHCP port-based address allocation, use the no ip dhcp use subscriber- id client-id global confi guration command. T o disable the automatic ...

  • Cisco Systems 3560X - page 651

    24-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Displaying DHCP Server Port-Based Add ress Allocation For more inf ormation about conf iguring the DHCP server por t-based address allocation feature, go to Cisco.com, and enter Cisco IOS IP Addr essing Service ...

  • Cisco Systems 3560X - page 652

    24-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Displaying DHCP Se rve r Port-Based Address Allocation ...

  • Cisco Systems 3560X - page 653

    CH A P T E R 25-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 25 Configuring Dynamic ARP Inspection This chapter describes ho w to conf igure dynamic Addr ess Reso lution Protocol inspectio n (dynamic ARP inspection) on the Catalyst 3750-X or 3560-X switch. This feature helps pre vent malicious att acks on t he switch ...

  • Cisco Systems 3560X - page 654

    25-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Co nfig uring Dynamic ARP Inspection Understanding Dynamic ARP Inspection Figur e 25-1 ARP Cache P oisoning Hosts A, B, and C are connected to the switch on in terfaces A, B and C, all of which are on the sa me subnet. Their IP and MAC addresses are sho wn in ...

  • Cisco Systems 3560X - page 655

    25-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Configuring Dynamic ARP Insp ection Understanding Dynamic ARP In spection Y ou can configure dynamic ARP insp ection to drop AR P packets when the IP a ddresses in the packets are in valid or when the MA C a ddresses in the bod y of the ARP packets do not mat ...

  • Cisco Systems 3560X - page 656

    25-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Co nfig uring Dynamic ARP Inspection Understanding Dynamic ARP Inspection Dynamic ARP inspection ensures that hosts (on untru sted interfaces) conn ected to a switch running dynamic ARP in spection do not poison the ARP cach es of other hosts in t he network. ...

  • Cisco Systems 3560X - page 657

    25-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection Logging of Dropped Packets When the switch drops a pac ket, it pl aces an entry in the log b uffer and then generates system me ssages on a rate-con trolled basis. Aft er the message is ge ...

  • Cisco Systems 3560X - page 658

    25-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Co nfig uring Dynamic ARP Inspection Configuring Dynamic ARP Inspection Dynamic ARP Inspection Configuration Guidelines • Dynamic ARP inspection is an ingress securit y feature; it does not perform an y egress checking. • Dynamic ARP inspection is not ef ...

  • Cisco Systems 3560X - page 659

    25-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection • The operating rate for th e port channel is cumu lativ e across all the p hysical ports within the channel. For e xample, if you conf igure the port channel with an ARP rate-limit of 4 ...

  • Cisco Systems 3560X - page 660

    25-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Co nfig uring Dynamic ARP Inspection Configuring Dynamic ARP Inspection T o disable dynamic ARP insp ection, use the no ip arp inspecti on vlan vlan-rang e global config uration command. T o return the interfaces to an untrusted state, use the no ip arp inspe ...

  • Cisco Systems 3560X - page 661

    25-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection If you conf igure port 1 on Switch A as trusted, a security hole is created because both Sw itch A and Host 1 could be attacked b y either Switch B or Host 2. T o prev ent this possibility ...

  • Cisco Systems 3560X - page 662

    25-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Co nfig uring Dynamic ARP Inspection Configuring Dynamic ARP Inspection T o remove the A RP A CL, use the no arp access-list global conf iguration command. T o remove the ARP A CL attached to a VLA N, use the no ip arp inspect ion f ilter arp-acl-name vlan v ...

  • Cisco Systems 3560X - page 663

    25-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection For conf iguration guidelines for rate limitin g trunk ports and EtherChannel ports, see the “Dyna mic ARP Inspection Conf iguration Guidelines” section on p age 25-6 . Beginni ng in ...

  • Cisco Systems 3560X - page 664

    25-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Co nfig uring Dynamic ARP Inspection Configuring Dynamic ARP Inspection Performing Validation Checks Dynamic ARP inspection intercepts, logs, and discar ds A RP packets with in vali d IP-to-MA C address bindings. Y ou can conf igure the switch to perform add ...

  • Cisco Systems 3560X - page 665

    25-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection Configuring the Log Buffer When the switch drops a pac ket, it pl aces an entry in the log b uffer and then generates system me ssages on a rate-con trolled basis. Aft er the message is g ...

  • Cisco Systems 3560X - page 666

    25-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Co nfig uring Dynamic ARP Inspection Displayi n g Dynamic AR P Inspection Information T o return to the def ault log b uf fer settings, use th e no ip arp inspection log-b uffer { entries | logs } global conf iguration command. T o return to the d efault VLA ...

  • Cisco Systems 3560X - page 667

    25-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Configuring Dynamic ARP Insp ection Displaying Dynamic ARP In spection Information For th e show ip arp inspection statistics command, the switch increments the number of forw arded packets for each A RP request and r esponse packet on a t rusted dynamic ARP ...

  • Cisco Systems 3560X - page 668

    25-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Co nfig uring Dynamic ARP Inspection Displayi n g Dynamic AR P Inspection Information ...

  • Cisco Systems 3560X - page 669

    CH A P T E R 26-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 26 Configuring IGMP Snooping and MVR This chapter describes ho w to conf igure Internet Group Management Protocol (IGMP) snoopin g on th e Catalyst 37 50-X or 3560-X switch, including an application of lo cal IGMP snooping, Multicast VLAN Re gistration (MVR ...

  • Cisco Systems 3560X - page 670

    26-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Understanding IGMP Snooping Understanding IGMP Snooping Layer 2 switches can use IGMP snooping to constrain th e flooding of multicast traf fic by d ynamically configuring Laye r 2 interfaces so th at multicast traf fic is ...

  • Cisco Systems 3560X - page 671

    26-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Understanding IGMP Snooping IGMP Versions The switch supports IGMP V ersion 1, IGMP V ersion 2, and IGMP V ersion 3. These versions are interoperable on the switch. F or example, i f IGMP snooping is enabled on an IGMPv2 swit ...

  • Cisco Systems 3560X - page 672

    26-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Understanding IGMP Snooping The switch hardware can d istinguish IGMP information pack ets from other packets for th e multicast group. The information in the table tell s the switching engine to send frames addressed to th ...

  • Cisco Systems 3560X - page 673

    26-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Understanding IGMP Snooping Immediate Leave Immediate Leav e is only supported on IGMP V ersion 2 hosts. The switch uses IGMP snooping Imme diate Leav e to remo v e from the forw arding table an inte rface that sends a leav e ...

  • Cisco Systems 3560X - page 674

    26-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping IGMP Snooping and Switch Stacks IGMP snooping functions acro ss the switch stack; that is, I GMP control information from one swi tch is distribu ted to all switches in the stack. (S ee Chapter 5, ...

  • Cisco Systems 3560X - page 675

    26-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Enabling or Disabling IGMP Snooping By default, IGMP sno oping is globally enabled on the switch. When globally en abled or disabled, it is also enabled or disabled in all ex isting VLAN interf aces. ...

  • Cisco Systems 3560X - page 676

    26-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping Y ou can configure the switch either to snoop on IG MP queries and PIM/D V MRP packets or to liste n to CGMP self-join or proxy-jo in packets. By def ault, the switch snoops on PIM/D VMRP packets o ...

  • Cisco Systems 3560X - page 677

    26-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Beginning in pri vileged EXEC mode, follow these steps to enable a static connection to a mult icast router: T o remov e a multicast router port fr om the VLAN, use the no ip i gmp snooping vlan vlan ...

  • Cisco Systems 3560X - page 678

    26-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping This example sh ows ho w to statically configure a host on a port: Switch# configure terminal Switch(config)# ip igmp snooping vlan 105 static 224.2.4.12 interface gigabitethern et1/0/1 Switch(con ...

  • Cisco Systems 3560X - page 679

    26-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Beginni ng in pri vileged EXEC mode, follo w these steps to enable the I GMP configu rable-leav e timer: T o globally reset the IGMP lea ve timer to the def ault setting, use t he no ip igmp snoopin ...

  • Cisco Systems 3560X - page 680

    26-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping T o return to the defau lt flooding query co unt, use th e no ip igmp snooping tcn flood query count global confi guration command. Recovering from Flood Mode When a topology change occ urs, th e ...

  • Cisco Systems 3560X - page 681

    26-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuring IGMP Snooping T o re-enable multicast flooding on an interf ace, use the ip igmp snoopi ng tcn flood interface confi guration command. Configuring the IGMP Snooping Querier Follo w these guidelines when conf igur ...

  • Cisco Systems 3560X - page 682

    26-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping This exampl e sho ws how to set the IGMP snooping querier source address to 10 .0.0.64: Switch# configure terminal Switch(config)# ip igmp snooping querier 10.0.0.64 Switch(config)# end This examp ...

  • Cisco Systems 3560X - page 683

    26-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Displaying IGMP Snooping Information Beginning in pri vileged EXEC mode, follow these steps to disable IGMP report suppression: T o re-enable IGMP report suppression, use the ip i gmp snooping r eport-suppression global conf ...

  • Cisco Systems 3560X - page 684

    26-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Understanding Multicast VLAN Registration For more inf ormation about the ke ywords and o ptions in these commands, see the command reference for this release. Understanding Multicast VLAN Registration Multicast VLAN Regis ...

  • Cisco Systems 3560X - page 685

    26-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Understanding Multicast VLAN Registration Y ou can set the switch for compatible o r dynamic mode of MVR operation: • In compatible mode, multicast data recei ved by MVR host s is forwarded to all MVR data po rts, regar dl ...

  • Cisco Systems 3560X - page 686

    26-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Understanding Multicast VLAN Registration Figur e 26-3 Multicas t VLAN Registra ti on Example When a subscriber changes channels or t urns of f the television, the set-top box send s an IGMP leave message for the multicast ...

  • Cisco Systems 3560X - page 687

    26-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuri ng MVR Layer 3 de vice. The access layer switch, Sw itch A, modifi es the forwarding behavior to allo w the traffi c to be forwarded from th e multicast VLAN to the subscriber port in a di f ferent VLAN, selectivel ...

  • Cisco Systems 3560X - page 688

    26-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Configuring MVR • MVR can coe xist with IGMP snooping on a sw itch. • MVR data receiv e d on an MVR receiv er port is no t forwarded to MVR source ports . • MVR does not support IGMPv3 messages. Configuring MVR Globa ...

  • Cisco Systems 3560X - page 689

    26-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuri ng MVR This exampl e sho ws how to enable MVR, conf igure the group address, set the q uery time to 1 second (10 tenths), specify the MVR multi cast VLAN as VLAN 22, and set the MVR mode as d ynamic: Switch(config) ...

  • Cisco Systems 3560X - page 690

    26-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Displaying MVR Information T o return the interface to its de fault settings, use the no mvr [ type | immed iate | vlan vlan-id | group ] interface configuration commands. This example sho ws how to conf igure a port a s a ...

  • Cisco Systems 3560X - page 691

    26-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuring IGMP Filtering and Throttling Configuring IGMP Filtering and Throttling In some en vironments, for e xample, metropolitan or multiple-dwelling un it (MDU) installations, yo u might want t o control the set of mul ...

  • Cisco Systems 3560X - page 692

    26-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Configuring IGMP F iltering a nd Throttling When the maximum number of groups is in forw arding table, the def ault IGMP throttling action is to deny the IGMP report. For conf iguration guidelines, see the “Conf iguring ...

  • Cisco Systems 3560X - page 693

    26-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuring IGMP Filtering and Throttling This example sho ws how to cr eate IGMP profile 4 allowin g access to the single IP m ulticast address and ho w to verify the conf iguration. If the action wa s to deny (th e default ...

  • Cisco Systems 3560X - page 694

    26-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Configuring IGMP F iltering a nd Throttling Setting the Maximum Number of IGMP Groups Y ou can set t he maximum number of I GMP groups th at a Layer 2 interface can j oin by using the ip igmp max-gr oups interface conf igu ...

  • Cisco Systems 3560X - page 695

    26-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuring IGMP Filtering and Throttling • If you conf igure the throttling action and set th e maximum group limit ation after an interface has added multicast entries to t he forwarding tabl e, th e forwarding-table ent ...

  • Cisco Systems 3560X - page 696

    26-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Displaying IGMP Filtering and Throttling Co nfiguration Displaying IGMP Filtering and Throttling Configuration Y ou can display IGMP prof ile characteristics, and you can display the IGMP pro file and maximu m group confi ...

  • Cisco Systems 3560X - page 697

    CH A P T E R 27-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 27 Configuring IPv6 MLD Snooping Y ou can use Mul ticast Listener Discov ery (MLD) snooping to en able ef ficient distri buti on of IP Ve r s i o n 6 (IPv6) multicast data to clients and rout ers i n a swit ched network on the Cataly st 3750-X or 3560-X swi ...

  • Cisco Systems 3560X - page 698

    27-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 M LD Snooping Understanding MLD Snooping MLD is a p rotocol used b y IPv6 multicast routers to discov er the presence of multicast listeners (nodes wishing to recei ve IPv6 multicast pack ets) on the links that are directly attach ed to the r ...

  • Cisco Systems 3560X - page 699

    27-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 MLD Snooping Understanding MLD Sno oping MLD Messages MLDv1 supports three types of messages: • Listener Que ries are the e qui v alent of IGMPv2 qu eries and ar e either Gene ral Queries or Multicast-Address-Specific Queries (MASQs). • M ...

  • Cisco Systems 3560X - page 700

    27-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 M LD Snooping Understanding MLD Snooping Multicast Router Discovery Like IGMP snoop ing, MLD snooping per forms multic ast route r disco very , with these ch aracteristic s: • Ports conf igured by a user ne ver ag e out. • Dynamic port le ...

  • Cisco Systems 3560X - page 701

    27-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 MLD Snooping Configuring IPv6 MLD Snooping The number of MASQ s generated is con f igured by using the ipv6 mld snooping last-listener -query count global conf iguration command. The d efault number i s 2. The MASQ is sent to the IPv6 mu ltic ...

  • Cisco Systems 3560X - page 702

    27-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 M LD Snooping Configuring IPv6 MLD Snooping Default MLD Snooping Configuration MLD Snooping Configuration Guidelines When config uring MLD snooping, consider these guidelines: • Y ou can confi gure MLD snooping characteristics at an y time, ...

  • Cisco Systems 3560X - page 703

    27-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 MLD Snooping Configuring IPv6 MLD Snooping Enabling or Disabling MLD Snooping By default, IPv 6 MLD snooping is glo bally disabled on the sw itch and enabled on all VLANs. When MLD snooping is globall y disabled, it is also disa bl ed on all ...

  • Cisco Systems 3560X - page 704

    27-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 M LD Snooping Configuring IPv6 MLD Snooping Configuring a Static Multicast Group Hosts or Layer 2 p orts normally join mu lticast groups dynamicall y , but you can also st atically conf igure an IPv6 multicast address an d member ports for a ...

  • Cisco Systems 3560X - page 705

    27-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 MLD Snooping Configuring IPv6 MLD Snooping Beginning in pri vileged EXEC mode, follow these st eps to add a multicast router port to a VLAN: T o remov e a multicast r outer port fro m the VLAN, use the no ipv6 m ld snooping vlan vlan-id mrout ...

  • Cisco Systems 3560X - page 706

    27-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 M LD Snooping Configuring IPv6 MLD Snooping Configuring MLD Snooping Queries When Immediate Leav e is not enabled and a port recei ves an MLD Done message, the switch generates MASQs on the po rt and sends th em to the IPv6 mult icast addres ...

  • Cisco Systems 3560X - page 707

    27-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 MLD Snooping Configuring IPv6 MLD Snooping This example sho ws how to set the MLD sn ooping g lobal robu stness vari able to 3: Switch# configure terminal Switch(config)# ipv6 mld snooping robustness-variable 3 Switch(config)# exit This exam ...

  • Cisco Systems 3560X - page 708

    27-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 M LD Snooping Displayi ng MLD Sn ooping Information T o re-enable MLD message suppression, us e the ipv6 mld snooping liste ner -message-suppression global conf iguration command. Displaying MLD Snooping Information Y ou can display MLD snoo ...

  • Cisco Systems 3560X - page 709

    CH A P T E R 28-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 28 Configuring Port-Based Traffic Control This chapter describe s ho w to configure the port -ba sed traf fic control features on the Catalyst 3750-X or 3560-X switch. Unless otherwise noted, t he term switch refers to a Catalyst 3750-X or 3560-X stand alon ...

  • Cisco Systems 3560X - page 710

    28-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Storm Control Storm control uses one of these metho ds to measure traf fic acti vity: • Bandwidth as a percentage of the tot al av ailable bandwidth of the port that can be used by the broadcast, multicast ...

  • Cisco Systems 3560X - page 711

    28-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Conf iguring Storm Control Note Because packets do not arri ve at uniform interv als, the 1-second time interv al during which traf fic activity is measured can af fect the behavior o f storm control. Y ou use the storm ...

  • Cisco Systems 3560X - page 712

    28-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Storm Control Step 3 storm-control { broadcast | multicast | unicast } level { level [ l evel-low ] | bps bps [ bps-low ] | pps pps [ pps-l ow ]} Conf igure broadcast, multicast, or unicast storm control . B ...

  • Cisco Systems 3560X - page 713

    28-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Conf iguring Storm Control T o disable storm control, use the no storm-con trol { br oadcast | multicast | unicast } le vel interface confi guration command. This exampl e sho ws how to enable unicast storm control on a ...

  • Cisco Systems 3560X - page 714

    28-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Protecte d Ports This example shows ho w to enable t he small-frame arri v al-rate feature, configure the por t recovery ti me, and conf igure the threshold for error disabling a port: Switch# configure term ...

  • Cisco Systems 3560X - page 715

    28-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Blocking Protected Port Configuration Guidelines Y ou can confi gure protected por ts on a physical interf ace (for e xample, Gigabit Ethernet po rt 1) or an EtherChann el group (for e xample, p ort-cha ...

  • Cisco Systems 3560X - page 716

    28-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security Default Port Blocking Configuration The default is t o not block flooding of unkno wn multicast and unicast traf fic out of a port, b ut to flood these packets to all ports. Blocking Flooded Tr ...

  • Cisco Systems 3560X - page 717

    28-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security If a port is configured as a secu re port and the maximum number of secure MAC addresses is reached, when the MA C address of a station attempting to access the port is di fferent from any of t ...

  • Cisco Systems 3560X - page 718

    28-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security If stick y learning is disabled, th e stick y secu re MA C addre sses are con verted to dynamic secure addresses and are removed fro m the ru nning conf iguration. The maximum number of secure ...

  • Cisco Systems 3560X - page 719

    28-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security Default Port Security Configuration Port Security Configuration Guidelines • Port security can only be configur ed on static a ccess ports or trunk ports. A secure port cannot be a dynamic a ...

  • Cisco Systems 3560X - page 720

    28-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security VLAN, but is not learned on the access VLAN. If you connect a single PC t o the Cisco IP phone, no additional MA C addresses are required. If y ou co nnect more than one PC to the Cisco IP pho ...

  • Cisco Systems 3560X - page 721

    28-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security Enabling and Configuring Port Security Beginning in priv ileged EXEC mode, follo w these steps to restrict input to an interf ace by limiting and identifying MA C addresses of the stat ions al ...

  • Cisco Systems 3560X - page 722

    28-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security Step 7 switchport port-security violation { protect | r estrict | shutdown | shutdown vlan } (Optional) Set the vi olation mode, the act ion to be taken wh en a security violation is detected, ...

  • Cisco Systems 3560X - page 723

    28-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security Step 8 switchport port-secur ity [ mac-address mac- addr ess [ vla n { vlan-id | { access | voice }}] (Optional) Enter a secure MAC address for the interf ace. Y ou can use this command to ent ...

  • Cisco Systems 3560X - page 724

    28-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security T o return the interf ace to the def ault condition as no t a secu re port, use the no switchport port-security interface conf iguration command. If you enter t his comm and when stick y learn ...

  • Cisco Systems 3560X - page 725

    28-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security Switch(config-if)# switchport port-security mac-address 0000.0000.0003 Switch(config-if)# switchport port -security mac-address sticky 0000.0000.0001 vlan voice Switch(config-if)# switchport p ...

  • Cisco Systems 3560X - page 726

    28-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security T o disable port security aging for all secure addr esses on a port, use the no switchport port-security aging time interface conf iguration command. T o disable aging for only staticall y con ...

  • Cisco Systems 3560X - page 727

    28-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Displaying Po rt-Based Tr affic Contro l Settings This exampl e sho ws how to conf igure port security on a PVLAN host and promi scuous ports Switch(config)# interface gigabitethernet 0/8 Switch(config-if)# switchport ...

  • Cisco Systems 3560X - page 728

    28-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Displaying Port-Based Traffic Control Settings ...

  • Cisco Systems 3560X - page 729

    CH A P T E R 29-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 29 Configuring CDP This chapter describes ho w to configure Cisco Disco very Protocol (CDP) on the Catalyst 375 0-X or 3560-X switch. Unless otherwis e noted, the term switch refers to a Catalyst 3750- X or 3560-X stand alone switch and to a Cataly st 3750- ...

  • Cisco Systems 3560X - page 730

    29-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 29 Configur ing CDP Configuring CDP CDP and Switch Stacks A switch stack appears as a single switch in the ne twork. Therefore, CDP discove rs the switch stac k, not the individual stack members. Th e switch stack sends CDP messages t o neighboring netw ork de v ...

  • Cisco Systems 3560X - page 731

    29-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 29 Configuring CDP Configuring CDP Use the no form of the CDP commands to return to the def ault settings. This example sh ows ho w to configure CDP ch aracteristics. Switch# configure terminal Switch(config)# cdp timer 50 Switch(config)# cdp holdtime 120 Switch ...

  • Cisco Systems 3560X - page 732

    29-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 29 Configur ing CDP Configuring CDP Disabling and Enabling CDP on an Interface CDP is enabled by d efault on all supported i nterfaces to send and to recei ve CDP information. Beginning in pri vileged EXEC mod e, follo w these steps to disable CDP on a port: Beg ...

  • Cisco Systems 3560X - page 733

    29-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 29 Configuring CDP Monitori ng and Maintaining CDP Monitoring and Maintaining CDP Ta b l e 29-2 Commands f or Displa ying CDP Inf o r mation Command Description clear cdp counters Reset the traff ic counters to zero. clear cdp table Delete the CDP table o f info ...

  • Cisco Systems 3560X - page 734

    29-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 29 Configur ing CDP Monitoring and Maintaining CDP ...

  • Cisco Systems 3560X - page 735

    CH A P T E R 30-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 30 Configuring LLDP, LLDP-MED, and Wired Location Service This chapter describe s ho w to configure the Link Layer D iscov ery Protocol (LLDP), LL DP Media Endpoint Discovery (LLDP-MED) and wi red location servic e on the Ca ta lyst 3750-X or 3560-X swi tch ...

  • Cisco Systems 3560X - page 736

    30-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Understanding LLDP, LLDP-MED, and Wired Location Service LLDP supports a set of attrib utes that it uses to discov er neighbor de vices. T he se a ttr ib ut es con ta in t yp e, length, and v alue descr ...

  • Cisco Systems 3560X - page 737

    30-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Configuring LLDP, LLDP- M ED , and Wired Location Servic e Understanding LLDP, LLDP-MED, and Wired Location Service LLDP-MED also support s an ext ended pow er TL V to advertise f ine-grained power requi rements, end-point po wer priority , and end-point and ...

  • Cisco Systems 3560X - page 738

    30-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Understanding LLDP, LLDP-MED, and Wired Location Service Depending on the d evice cap abilities, the switch obtains this client infor mation at link up: • Slot and port specified in port connection ? ...

  • Cisco Systems 3560X - page 739

    30-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Configuring LLDP, LLDP- M ED , and Wired Location Servic e Configuri ng LLDP, LLDP-MED, and Wired Location Service Configuring LLDP, LLDP-MED, and Wired Location Service • Default LLDP Conf iguration, page 30-5 • Config uration Guidelines, pa ge 30-5 • ...

  • Cisco Systems 3560X - page 740

    30-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Configuring LLDP, LLD P -ME D, and Wired Location Service Enabling LLDP Beginning in pri vileged EXEC mode, foll ow th ese steps to enable LLDP: T o disable LLDP , us e the no ll dp run gl obal configur ...

  • Cisco Systems 3560X - page 741

    30-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Configuring LLDP, LLDP- M ED , and Wired Location Servic e Configuri ng LLDP, LLDP-MED, and Wired Location Service Use the no form of each of the LLDP commands to return to the defaul t setting. This exampl e sho ws how to conf igure LL DP characteristics. Sw ...

  • Cisco Systems 3560X - page 742

    30-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Configuring LLDP, LLD P -ME D, and Wired Location Service This example sho ws how to enable a TL V on an interface: Switch# configure terminal Switch(config)# interface interfa ce_id Switch(config-if)# ...

  • Cisco Systems 3560X - page 743

    30-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Configuring LLDP, LLDP- M ED , and Wired Location Servic e Configuri ng LLDP, LLDP-MED, and Wired Location Service Use the no form of each command to return to the def ault setting. This exampl e sho ws how to conf igure VLAN 100 fo r v oice application with ...

  • Cisco Systems 3560X - page 744

    30-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Configuring LLDP, LLD P -ME D, and Wired Location Service Use the no form of each command to return to the default set ting. This exampl e sho ws how to conf igure ci vic location infor mation on the s ...

  • Cisco Systems 3560X - page 745

    30-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Configuring LLDP, LLDP- M ED , and Wired Location Servic e Monitoring and Main taining LLDP, LLDP-MED, and W ired Location Service This exampl e sho ws how to enable NMSP on a switch an d to set the locatio n notif ication time to 10 seconds: Switch(config)# ...

  • Cisco Systems 3560X - page 746

    30-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Monitoring and Main taining LLDP, LLDP-MED , and Wired Lo cation Service ...

  • Cisco Systems 3560X - page 747

    CH A P T E R 31-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 31 Configuring UDLD This chapter describe s ho w to configure the UniDirec tional Link Detectio n (UDLD) protoc ol on the Catalyst 37 50-X or 3560-X switch. U nless otherwise note d, the term sw itch refers to a Catalyst 3750-X or 3560-X standalone switch a ...

  • Cisco Systems 3560X - page 748

    31-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 31 Configuring UDLD Understanding UDLD A unidirectional link occurs whene ver traf fi c sent by a local device is rece iv ed by its neighbor b ut traff ic from the neighbor is not receiv ed by the local de vice. In normal mode, UDLD detect s a unidirectional lin ...

  • Cisco Systems 3560X - page 749

    31-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 31 Configuring UDLD Understanding UDLD • Event-dri ven detectio n and echoing UDLD relies on echoing as i ts detection mechan ism. W hene ver a U DLD device learns about a new neighbor or recei ves a resynchronization request from an out- of-sync neighbor , it ...

  • Cisco Systems 3560X - page 750

    31-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 31 Configuring UDLD Configuring UDLD Configuring UDLD • Default UD LD Config uration, page 31-4 • Config uration Guidelines, page 31- 4 • Enabling UDLD G lobally , page 31-5 • Enabling UDLD on an Interface, page 31-6 • Resetting an Interface Disabled b ...

  • Cisco Systems 3560X - page 751

    31-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 31 Configuring UDLD Configuri ng UDLD Enabling UDLD Globally Beginning in pri vileged EXEC mode, follow these steps to enable UDLD in the aggressi ve or normal mode and to set the con figur able message timer on all f iber-optic ports on th e switch and all memb ...

  • Cisco Systems 3560X - page 752

    31-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 31 Configuring UDLD Configuring UDLD Enabling UDLD on an Interface Beginning in pri vileged EXEC mode, foll ow th ese st eps either to enable UDLD in the aggressi ve or normal mode or to disable UDLD on a por t: Resetting an Interface Disabled by UDLD Beginning ...

  • Cisco Systems 3560X - page 753

    31-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 31 Configuring UDLD Displaying UDLD Status Displaying UDLD Status T o display the UDLD status for th e specif ied port or for all ports, use the show udld [ interface-id ] pri vileged EXEC command. For detailed i nformation about the fi elds in the command outpu ...

  • Cisco Systems 3560X - page 754

    31-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 31 Configuring UDLD Displayi ng UDLD Sta tus ...

  • Cisco Systems 3560X - page 755

    CH A P T E R 32-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 32 Configuring SPAN and RSPAN This chapte r describes ho w to configu re Switched Port Analyzer (SP AN) and Remote SP AN (RSP AN) on the Catalyst 3750-X or 3 560-X switch. Unle ss otherwise noted, the t erm sw itch refers to a Catalyst 3750-X or 3560-X stan ...

  • Cisco Systems 3560X - page 756

    32-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN These sections contain this conceptual information: • Local SP AN , page 32-2 • Remote SP AN, page 32 -3 • SP A N and RSP AN Conce pts and T erminology , page 32-4 • SP AN and RSP AN Interaction ...

  • Cisco Systems 3560X - page 757

    32-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN Figure 32-2 is an ex ample of a local SP AN in a switch stack, where the source and destination ports reside on different stack members. Figur e 32-2 Example of Local SP AN Configuration on a Switc h Sta ...

  • Cisco Systems 3560X - page 758

    32-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN Figur e 32-3 Example of RSP AN Config uration SPAN and RSPAN C oncepts and Terminology • SP AN Sessions, page 32-4 • Monitored T raf fi c, page 32-6 • Source Ports, page 32-7 • Source VLANs, page ...

  • Cisco Systems 3560X - page 759

    32-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN RSP AN consists of at least one RSP AN source se ssion, an RSP AN VLAN, and at least one RSP AN destination session. Y ou separately configure RSP A N s ource sessions and RSP AN destination sessions on ...

  • Cisco Systems 3560X - page 760

    32-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN Monitored Traffic SP AN sessions can monitor these traff ic types: • Receiv e (Rx) SP AN—The goal of recei ve (or ingress) SP AN is to monitor as much as possible all the packets recei ved by the sou ...

  • Cisco Systems 3560X - page 761

    32-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN Source Ports A source port (also called a monitor ed port ) is a switched or routed port that you monitor for network traf fic analysis. In a local SP AN session or RSP AN source session, you can monitor ...

  • Cisco Systems 3560X - page 762

    32-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN • When a VLAN filt er list is specif ied, only those VLANs in the list are monito red on trunk ports or on voice VLAN access ports. • SP AN traff ic coming from other port types is no t affect ed by ...

  • Cisco Systems 3560X - page 763

    32-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN Local SP AN and RSP AN destination ports beha ve dif ferently re garding VLAN tagging and encapsulation: • For local SP AN, if the encapsulation replicate k eywords are specif ied for the destination p ...

  • Cisco Systems 3560X - page 764

    32-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN • VLAN and trunking—Y ou can modify VLAN membership or trunk settings for so urce or destination ports at an y time. Howev er, changes in VLAN membership or trunk settings for a destination port do ...

  • Cisco Systems 3560X - page 765

    32-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Underst anding Flow- Based SPAN Understanding Flow-Based SPAN Y ou can control the type of netw ork traf fic to be mon itored in SP AN or RSP AN sessions by using flow-based SP AN (FSP AN) or flo w-based RSP AN (FR SP AN), w hich a ...

  • Cisco Systems 3560X - page 766

    32-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Configuring SPAN and RSPAN • Default SP AN and RSP AN Configurat ion, page 32-12 • Config uring Local SP AN, page 32-12 • Config uring RSP AN, page 32-17 Default SPAN and RSPAN Configuration Configu ...

  • Cisco Systems 3560X - page 767

    32-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN • For local SP AN, outgoing packets throu gh the SP AN destination port carry the o riginal encapsulation he aders—untagged, ISL, or IEEE 802.1Q—if the encapsulation replicate keyw ords are specifie ...

  • Cisco Systems 3560X - page 768

    32-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o dele te a SP AN se ssion, use the no monitor session session_number global conf iguration command. T o remove a sou rce or destination port or VLAN from the SP AN session, use the no monitor session s ...

  • Cisco Systems 3560X - page 769

    32-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN This exampl e sho ws how to remov e any e xisting conf iguration on SP AN session 2, conf igure SP AN session 2 to monito r receiv ed traff ic on all ports belonging to VLANs 1 thro ugh 3, and send it to ...

  • Cisco Systems 3560X - page 770

    32-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o dele te a SP AN se ssion, use the no monitor session session_number global conf iguration command. T o remove a sou rce or destination port or VLAN from the SP AN session, use the no monitor session s ...

  • Cisco Systems 3560X - page 771

    32-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o monitor all VLANs on the trunk port, use the no monitor session session_n umber fi lt er globa l confi guration command. This exampl e sho ws how to remov e any e xisting conf iguration on SP AN sessi ...

  • Cisco Systems 3560X - page 772

    32-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN • For RSP AN configuration, you can distrib ute the source ports and the destination p orts across multiple switches in you r network. • RSP AN does not suppo rt BPDU packet monito ring or other Layer ...

  • Cisco Systems 3560X - page 773

    32-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN This exampl e sho ws how to create RSP AN VLAN 901. Switch(config)# vlan 901 Switch(config-vlan)# remote span Switch(config-vlan)# end Creating an RSPAN Source Session Beginni ng in p rivile ged EXEC mod ...

  • Cisco Systems 3560X - page 774

    32-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o delete a SP AN session, use the no monitor session session_number glob al configurati on command. T o remove a source port or VLAN from the SP AN session, use the no monitor session session_number sou ...

  • Cisco Systems 3560X - page 775

    32-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o monitor all VLANs on th e trunk port, use the no monitor session session_number f ilter vlan global confi guration command. This exampl e show s ho w to remov e any existin g configur ation on RSP AN ...

  • Cisco Systems 3560X - page 776

    32-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o dele te a SP AN se ssion, use the no monitor session session_number global conf iguration command. T o remove a desti nation port from the SP AN session, use the no monitor session session_number dest ...

  • Cisco Systems 3560X - page 777

    32-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o delete an RSP AN session, use the no monitor session session_number g lobal conf iguration command. T o remov e a destination port from the RSP AN session, use the no monitor session session_number de ...

  • Cisco Systems 3560X - page 778

    32-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring FSPAN and FRSPAN Configuring FSPAN and FRSPAN • FSP AN and FRSP AN Configuratio n Guidelines, page 32-24 • Config uring an FSP AN Session, page 32-25 • Config uring an FRSP AN Session, page 32-26 FSPAN and FRSPAN ...

  • Cisco Systems 3560X - page 779

    32-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring FSPAN and FRSPAN Configuring an FSPAN Session Beginning in pri vileged EXEC mode, follow these st eps to create a SP AN session, s pecify the source (monitored) ports or VLANs and the destin ation (monitoring) ports, an ...

  • Cisco Systems 3560X - page 780

    32-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring FSPAN and FRSPAN Configuring an FRSPAN Session Beginning in pri vileged EXEC mode, foll ow th ese st eps to start an RSP AN so urce session, specify the monitored source and th e destination RSP AN VLAN, and conf igure ...

  • Cisco Systems 3560X - page 781

    32-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring FSPAN and FRSPAN Step 3 monitor session session_number source { interface interface-id | vlan vlan-id } [, | -] [ both | rx | tx ] Specify the RSP A N sessi on and the so urce port (monitored port). For sessi on_number ...

  • Cisco Systems 3560X - page 782

    32-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Displaying SPAN, RSPAN. FSPAN, and FRSPAN Status Displaying SPAN, RSPAN. FSPAN, and FRSPAN Status T o display the current SP AN, RSP AN, FSP AN, or FRSP AN configuration, use th e show monitor user EXEC command. Y ou can also use t ...

  • Cisco Systems 3560X - page 783

    CH A P T E R 33-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 33 Configuring RMON This chapter describes ho w to configu re Remo te Netw ork Monitoring ( RMON) on the Catalyst 37 50-X or 3560-X switch. Unless other wise noted, the term switch refers to a Catalyst 3750-X or 3560-X stand alone switch and to a Catalyst 3 ...

  • Cisco Systems 3560X - page 784

    33-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 33 Configuring RMON Configuring RMON Figur e 33-1 Remot e Monitor ing Example The switch supports these RMON groups (defined in RFC 1757): • Statistics (RMON gro up 1)—Collects Ethern et statistics (includin g Fast Ethernet and Gigabit Ethernet statistics, d ...

  • Cisco Systems 3560X - page 785

    33-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 33 Configuring RMON Configuri ng RMON • Collecting Group Ethernet Sta tistics on an Interface, page 33-5 (optional) Default RMON Configuration RMON is disabled by def a ult; no alar ms or e vents are conf igured. Configuring RMON Alarms and Events Y ou can con ...

  • Cisco Systems 3560X - page 786

    33-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 33 Configuring RMON Configuring RMON T o disable an alarm, use the no rmon alarm number global configuration command on each alarm you confi gured. Y ou cannot disable at on ce all the alarms that you conf igured. T o disable an e vent, use th e no rmon ev ent n ...

  • Cisco Systems 3560X - page 787

    33-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 33 Configuring RMON Configuri ng RMON Collecting Group History Statistics on an Interface Y ou must f irst conf igure RMON alarms and ev ents to display collection information . Beginni ng in pri vileged EXEC mode, follo w these steps to collect group h istory s ...

  • Cisco Systems 3560X - page 788

    33-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 33 Configuring RMON Displaying RMON Status T o disable the collection of grou p Ethernet statistics, use the no rmo n collection stats inde x inte rface confi guration command. This example sh ows ho w to collect RMON statistics for the o wner ro o t : Switch(co ...

  • Cisco Systems 3560X - page 789

    CH A P T E R 34-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 34 Configuring System Message Logging This chapter describe s ho w to configur e system message logging on the Cata lyst 3750-X or 35 60-X switch. Unless otherwise not ed, the term switc h refers to a Catalyst 3750-X or 3560-X stan dalone switch and to a Ca ...

  • Cisco Systems 3560X - page 790

    34-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Config ur ing System Message Logging Configuring System Message Logging Y ou can set the se verity le vel of the messages to cont rol the type of messages disp layed on the cons oles and each of the destinations. Y ou can time-stamp log messages or set the sy ...

  • Cisco Systems 3560X - page 791

    34-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Configuring System Messag e Logging Configuring System Message Logging This example sho w s a partial switch system message for a stack master and a stack member (hostname Switch-2 ): 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up 00:0 ...

  • Cisco Systems 3560X - page 792

    34-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Config ur ing System Message Logging Configuring System Message Logging This example sh ows a p artial switch system message on a Catalyst 3560-X switch: 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up 00:00:47: %LINK-3-UPDOWN: Interfac ...

  • Cisco Systems 3560X - page 793

    34-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Configuring System Messag e Logging Configuring System Message Logging Disabling the lo gging process can sl ow do wn the switch because a pr ocess must wait until t he messages are written to the c onsole before co ntinuing. When the logging process is disab ...

  • Cisco Systems 3560X - page 794

    34-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Config ur ing System Message Logging Configuring System Message Logging The logging buffer ed global configurati on command copies loggin g messages to an internal b uffer . The buf fer is circular , so newer messages o verwrite ol de r messages afte r the bu ...

  • Cisco Systems 3560X - page 795

    34-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Configuring System Messag e Logging Configuring System Message Logging Beginning in pri vileged EXEC mod e, follo w these steps to conf igure synchronous logging. This procedure is optional . T o disable synchronization of unsolic ited messag es an d debug ou ...

  • Cisco Systems 3560X - page 796

    34-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Config ur ing System Message Logging Configuring System Message Logging Enabling and Disabling Time Stamps on Log Messages By default, log messag es are not time-stamped. Beginni ng in pri vileged EXEC mode, follo w these steps to en able time-stamping of log ...

  • Cisco Systems 3560X - page 797

    34-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Configuring System Messag e Logging Configuring System Message Logging T o disable sequence numbe rs, use the no service sequence-numbers global conf iguration command. This example sh ows part o f a logging di splay with sequenc e numbers enabled: 000019: %S ...

  • Cisco Systems 3560X - page 798

    34-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Config ur ing System Message Logging Configuring System Message Logging Ta b l e 34-3 describes the level ke ywords. It also lists the corresponding UNIX syslo g definitions fro m the most se vere le vel to the least se vere lev el. The software generates fo ...

  • Cisco Systems 3560X - page 799

    34-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Configuring System Messag e Logging Configuring System Message Logging Beginning in pri vileged EXEC mod e, follo w these steps to change the le vel and history table size defaults. This p rocedure is option al. When the history table is fu ll (it contains t ...

  • Cisco Systems 3560X - page 800

    34-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Config ur ing System Message Logging Configuring System Message Logging Beginning in pri vileged EXEC mod e, follo w these steps to enable conf iguration logging: This exampl e sho ws how to enable the conf iguration-change logger and t o set the number of e ...

  • Cisco Systems 3560X - page 801

    34-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Configuring System Messag e Logging Configuring System Message Logging Log in as root, and perform these steps: Note Some recent versio ns of UNIX syslog daemons no lo nger accept by default syslog packets from the network. If this is t he case with your sys ...

  • Cisco Systems 3560X - page 802

    34-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Config ur ing System Message Logging Displaying the Logging Configuration T o remove a syslog serv er , use the no logging host global conf iguration comman d, and specify the syslog server IP address. T o disable logg ing to syslog servers, enter the no log ...

  • Cisco Systems 3560X - page 803

    CH A P T E R 35-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 35 Configuring SNMP This chapter describe s ho w to configure the Simp le Network Management Protocol (SNMP) on the Catalyst 37 50-X or 3560-X switch. U nless otherwise note d, the term sw itch refers to a Catalyst 3750-X or 3560-X standalone switch and to ...

  • Cisco Systems 3560X - page 804

    35-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Understanding SNMP These sections contain this conceptual information: • SNMP V ersions, page 35-2 • SNMP Manager Functions, page 35-3 • SNMP Agent Functions, p age 35-4 • SNMP Community Strings, page 35 -4 • Using SNMP to Access ...

  • Cisco Systems 3560X - page 805

    35-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Understanding SNMP Ta b l e 35-1 identif ies the characteristics of the different combin ations of security models and le vels. Y ou must confi gure the SNMP agent to use the SNMP v e rsion supp orted by the manag ement station. Be cause an a ...

  • Cisco Systems 3560X - page 806

    35-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Understanding SNMP SNMP Agent Functions The SNMP agent responds to SNMP manager requests as follo ws: • Get a MIB v ariable—T he SNMP agen t begins this func tion in response to a request fr om the NMS . The agent retrie ves the v alue ...

  • Cisco Systems 3560X - page 807

    35-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Understanding SNMP Figur e 35-1 SNMP Networ k For information on supported MIBs and ho w to access them, see Appendix A, “Supported MIBs. ” SNMP Notifications SNMP allows the switch to send notifications to SN MP managers when particular ...

  • Cisco Systems 3560X - page 808

    35-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Configuring SNMP Note The switch might not use sequen tial v alues with in a range. Configuring SNMP • Default SNMP Conf iguration, page 35-6 • SNMP Configurat ion Guidelin es, page 35-7 • Disabling th e SNMP Agent, page 35 -7 • Con ...

  • Cisco Systems 3560X - page 809

    35-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Configuring SNMP SNMP Configuration Guidelines If the switch starts an d the switch st artup conf iguration ha s at least one snmp-server global configuration command, the SNMP agent is enabled. An SNMP gr oup is a table that maps SNMP users ...

  • Cisco Systems 3560X - page 810

    35-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Configuring SNMP Configuring Community Strings Y ou use the SNMP community string to def ine th e relationship between the SNMP manager and the agent. The community string acts lik e a p assword to permit access to the agent on the switch. ...

  • Cisco Systems 3560X - page 811

    35-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Configuring SNMP Note T o disable access for an SNMP community , set the community strin g for that community to the null string (do not enter a v alue for the community string). T o remov e a specific commu nity string, use t he no snmp-serv ...

  • Cisco Systems 3560X - page 812

    35-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Configuring SNMP Beginning in pri vileged EXEC mod e, follo w th ese steps to configure SNMP on the switch: Command Purpose Step 1 conf igure terminal Enter global conf iguration mod e. Step 2 snmp-server engineID { local engineid-string | ...

  • Cisco Systems 3560X - page 813

    35-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Configuring SNMP Step 4 snmp-server user username gr oupname { remote host [ udp-port port ]} { v1 [ access access-list ] | v2c [ access access-list ] | v3 [ encrypted ] [ access access-list ] [ auth { md5 | sha } auth-passwo r d ]} [ priv { ...

  • Cisco Systems 3560X - page 814

    35-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Configuring SNMP Configuring SNMP Notifications A trap manager is a management station that receives and processes traps. T rap s are system alerts that the switch generates when certain e vents occur . By de fault, no trap manager is def ...

  • Cisco Systems 3560X - page 815

    35-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Configuring SNMP Note Though visible in the command- line help strings, the fru-ctrl , inserti on , and rem ova l ke ywords are not supported on the356 0-X switch. T o enable the sending of SNMP inform notif ications, use the snmp-server ena ...

  • Cisco Systems 3560X - page 816

    35-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Configuring SNMP Beginning in pri v ile ged EXEC mode, follo w these steps to confi gure the switch to send traps or informs to a host: Command Purpose Step 1 configure terminal Enter global configurati on mode. Step 2 snmp-server engineID ...

  • Cisco Systems 3560X - page 817

    35-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Configuring SNMP The snmp-server host command specif ies which hosts receiv e the notificat ions. The snmp-server enable trap command globally enables the mechanism for the specif ied notification (for traps and informs). T o enable a ho st ...

  • Cisco Systems 3560X - page 818

    35-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Configuring SNMP Setting the CPU Threshold Notification Types and Values Beginni ng in pri vileged EXEC mode, follo w these steps to set the CPU threshold notif ication types and va lu e s : Setting the Agent Contact and Location Informati ...

  • Cisco Systems 3560X - page 819

    35-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Configuring SNMP Limiting TFTP Servers Used Through SNMP Beginning in pri vileged EXEC mode, follow these steps to limit the TFTP servers used f or saving an d loading configuratio n files through SNMP to the servers specif ied in an access ...

  • Cisco Systems 3560X - page 820

    35-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Configuring SNMP SNMP Examples This examp le shows h ow to enable all v ersions of SNMP . The con fi guration permits an y SNMP manager to access all objects with read-only permissions using the community string public . This conf iguratio ...

  • Cisco Systems 3560X - page 821

    35-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Displaying SNMP Status Displaying SNMP Status T o display SNMP input an d output statisti cs, including the number of illegal comm unity string entries, errors, and requested v ariables, use the show snmp pri v ileged EXEC command. Y ou also ...

  • Cisco Systems 3560X - page 822

    35-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Displaying SNMP Status ...

  • Cisco Systems 3560X - page 823

    CH A P T E R 36-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 36 Configuring Embedded Event Manager Embedded Event Manager (EEM) is a dist ributed an d customized approach to e vent detecti on and recov ery within a Cisco IOS de vice. EEM offers the ability to monitor e vents and take informational, correcti ve, or an ...

  • Cisco Systems 3560X - page 824

    36-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 36 Configuring Embedded Event Manager Understanding Embedd ed Even t Manager because some problems compromise communicati on bet ween the switch and the e x ternal netw ork management de vice. Network av ailability is improv ed if automatic recovery actions are ...

  • Cisco Systems 3560X - page 825

    36-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 36 Configuring Embedded Event Manage r Understanding Embedd ed Event Manager Event Detectors EEM software progr ams kno wn as e vent detecto r s determine when an EEM event occurs. Event detectors are se parate systems that provide an interface betw een the agen ...

  • Cisco Systems 3560X - page 826

    36-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 36 Configuring Embedded Event Manager Understanding Embedd ed Even t Manager • Syslog e vent detector—Allo ws for screening syslog messages for a reg ular expressio n pattern match. The selected messages can be further qu alified, requiri ng that a specifi c ...

  • Cisco Systems 3560X - page 827

    36-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 36 Configuring Embedded Event Manage r Understanding Embedd ed Event Manager Y ou use EEM to writ e and implement your o w n polici es using the EEM po licy to ol command language (TCL) script. When you configure a TCL script on the master switch and the f ile i ...

  • Cisco Systems 3560X - page 828

    36-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 36 Configuring Embedded Event Manager Configuring Embedde d Ev ent Mana ger • Mac-Address-T able—Mac-A ddress-T able ev ent detect or generates an e vent when a MA C address is learned in the MA C address table. Note The Mac-Address-T able e vent detector is ...

  • Cisco Systems 3560X - page 829

    36-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 36 Configuring Embedded Event Manage r Configuring Embedd ed Event Manager This example sho ws the output for EEM when one of th e fields specif i ed b y an SNMP object ID crosses a defined t hreshold: Switch(config-applet)# event snmp oid 1.3.6.1.4.1.9.9.48.1.1 ...

  • Cisco Systems 3560X - page 830

    36-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 36 Configuring Embedded Event Manager Displaying Embedded Event Mana ger Information 4 _config_cmd1 interface Ethernet1/0 5 _config_cmd2 no shut Th is exa mp l e sh ows a CRON timer en vironment variable, which is assigned b y the software, to be set to ev ery s ...

  • Cisco Systems 3560X - page 831

    CH A P T E R 37-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 37 Configuring Network Security with ACLs This chapter describe s ho w to configure network security on th e Catalyst 3750-X or 35 60-X switch by using access control li sts (A CLs), which in comma nds and tables are also referred to as access lists.Unless ...

  • Cisco Systems 3560X - page 832

    37-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Understanding ACLs Understanding ACLs Pack et filter ing can h elp limit network traf fic and r estrict network use b y certain users or de vices. ACLs filt er traf fic as it passes thr ough a router or switch and permi ...

  • Cisco Systems 3560X - page 833

    37-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Understanding ACLs • VLAN A CLs or VLAN maps access-control all pack ets (bridg ed and routed). Y ou c an use VLAN maps to fi lter traf fic between d evices in t he same VLA N. VLAN maps are configured to provide acce ...

  • Cisco Systems 3560X - page 834

    37-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Understanding ACLs Figur e 37 -1 Using ACLs to Contr ol T raf fic to a Netw or k When you apply a port A CL to a trunk port , the A CL f ilters traf fic on all VLANs present on the t runk port. When you app ly a port A ...

  • Cisco Systems 3560X - page 835

    37-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Understanding ACLs As with port ACLs, the switch exam ines A CLs associated wi th features configured on a gi ven interface. Howe ver , router ACLs are supported in both directio ns. As packets enter the sw itch on an i ...

  • Cisco Systems 3560X - page 836

    37-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Understanding ACLs Some A CEs do not check Layer 4 i nformation and therefore can be ap plied to all p acket fragments. A CEs that do test Layer 4 i nformation cannot be applied in the st andard manner to mo st of the f ...

  • Cisco Systems 3560X - page 837

    37-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs • If packets must be forw arded b y software for an y reason (for ex ample, not enough hardware resources), the master switch forwards the pa ckets only after applying A CLs on the packets. • I ...

  • Cisco Systems 3560X - page 838

    37-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Creating Standard and Extended IPv4 ACLs This section describes IP A CLs. An A CL is a sequen tial collection of permit and den y conditions. One by one, the switch t ests pack ets against the cond ...

  • Cisco Systems 3560X - page 839

    37-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Note In addition to num bered standard and e xtended A CLs , you can also create standard a nd extended named IP A CLs by using the supported numbers. That is , the name of a standard IP A CL can b ...

  • Cisco Systems 3560X - page 840

    37-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Creating a Numbered Standard ACL Beginning in pri vileged EXEC mod e, follo w th ese steps to create a numbered standard A CL: Use the no ac cess-list access-list-number global conf iguration comm ...

  • Cisco Systems 3560X - page 841

    37-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs The switch always rewrites the order of st andard access lists so that e ntries with host matches and e ntries with matches h aving a don’ t car e mask of 0.0 .0.0 are mov ed to the to p of the ...

  • Cisco Systems 3560X - page 842

    37-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Beginning in pri vileged EXEC mode, foll ow th ese steps to create an extend ed A CL: Command Purpose Step 1 conf igure terminal Enter gl obal conf iguration mode. Step 2a access-list access-list- ...

  • Cisco Systems 3560X - page 843

    37-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs or access-list access-list-number { deny | permit } pr otocol any any [ precedence pr ecedence ] [ tos tos ] [ fragments ] [ log ] [ log-input ] [ time-range time-r ange-name ] [ dscp dscp ] In ac ...

  • Cisco Systems 3560X - page 844

    37-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Use the no access-list access-list-number global configuration command to delete the entire a ccess list. Y ou cannot delete indi vidual A CEs from numbered access lists. This exampl e show s how ...

  • Cisco Systems 3560X - page 845

    37-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs After creating a nu mbered extended A CL, you can apply it to terminal lin es (see the “ Applying an IPv4 A CL to a T erminal Line” section on page 37-19 ), to interfaces (see the “ Applying ...

  • Cisco Systems 3560X - page 846

    37-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Beginning in pri vileged EXEC mode, foll ow th ese steps to create a standard A CL using names: T o remove a named stan dard A CL, use the no ip acces s-list standard name global conf iguration co ...

  • Cisco Systems 3560X - page 847

    37-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs When you are creating standard exte nded AC Ls, remember that, b y defa ult, the end of th e A CL contains an implicit deny statement for ev erything if it did not fin d a match b efore reaching t ...

  • Cisco Systems 3560X - page 848

    37-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Beginni ng in pri vileged EXEC mode, fo llow these steps to co nfigure a time-range parameter for an A CL: Repeat the steps if yo u hav e multiple items t hat you want in ef fect at dif ferent tim ...

  • Cisco Systems 3560X - page 849

    37-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs This example u ses named A CLs to permit and deny the same traf fic. Switch(config)# ip access-list extended deny_access Switch(config-ext-nacl)# deny tcp any any time-range new_year_day_2006 Swit ...

  • Cisco Systems 3560X - page 850

    37-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Beginni ng in pri vileged EXEC mode, follo w these steps to restrict incoming and outgoin g connections between a virtual terminal line and the addresses in an A CL: T o remove an A CL from a term ...

  • Cisco Systems 3560X - page 851

    37-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Beginni ng in pri vileged EXEC mode, follo w th ese steps to control access to an interface: T o remove the specif ied access group, us e the no ip access-group { access-list-number | name } { in ...

  • Cisco Systems 3560X - page 852

    37-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Hardware and Software Treatment of IP ACLs A CL processing is primarily accompl ished in hardwa re, b ut requires forwarding o f some traf fic flo ws to the CPU for software processing. If the har ...

  • Cisco Systems 3560X - page 853

    37-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Use one of these workarounds: • Modify the A CL configu ration to use fe wer resources. • Rename the A CL with a name or number that alphanumerically precedes the A CL names or numbers. T o de ...

  • Cisco Systems 3560X - page 854

    37-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs ACLs in a Small Networked Office Figure 37-3 sho ws a small networked of fice en vironment wi th routed Port 2 connected to Server A, containing benef its and other information that all em plo yee ...

  • Cisco Systems 3560X - page 855

    37-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Extended IP access list 106 10 permit ip any 172.20.128.64 0.0.0.31 Switch(config)# interface gigabite thernet1/0/1 Switch(config-if)# ip access-group 106 in Numbered ACLs In this example, netw or ...

  • Cisco Systems 3560X - page 856

    37-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Named ACLs This example creates a standard A CL named inte rnet_filter and an extended ACL named marketing_gr oup . The internet_fil ter A CL allows all traf fic from the source address 1.2.3.4. S ...

  • Cisco Systems 3560X - page 857

    37-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs In this example of a numbered A CL, the W inter an d Smith workstations are not allo wed to browse t he web: Switch(config)# access-list 100 remark Do not allow Winter to browse the web Switch(con ...

  • Cisco Systems 3560X - page 858

    37-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Creating Named M AC Ex te nded ACLs This is a an e xample of a log for an extended A CL: 01:24:23:%SEC-6-IPACCESSLOGDP:list ext1 permitted icmp 10.1.1.15 -> 10.1.1.61 (0/0) , 1 packet 01:25:14:%SEC-6-IPACCESSLOGDP:l ...

  • Cisco Systems 3560X - page 859

    37-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Creating Named MAC Extended ACLs Beginning in pri vileged EXEC mod e, follo w thes e steps to create a named MA C extended A CL: Use the no mac access-list extende d name glob al conf iguration command to d elete the e ...

  • Cisco Systems 3560X - page 860

    37-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Creating Named M AC Ex te nded ACLs Applying a MAC ACL to a Layer 2 Interface After you create a MA C A CL, you can apply it to a La yer 2 interface to f ilter non-IP traf fic coming in that interface. When you apply t ...

  • Cisco Systems 3560X - page 861

    37-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring VLAN Maps Configuring VLAN Maps Note VLAN maps are not supported on switches runn ing the LAN base feature set. This section descri bes ho w to conf igure VLAN maps, which is the only w ay to control f ilte ...

  • Cisco Systems 3560X - page 862

    37-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring VLAN Maps • If the VLAN map has at least one match clause for the type of pack et (IP or MA C) and the packet does not ma tch any of these match c lauses, the default is t o drop the packet. If the re is ...

  • Cisco Systems 3560X - page 863

    37-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring VLAN Maps Use the no vlan access-map name global configu ration command to delete a map. Use the no vlan access-map name number global conf iguration command to d elete a sing le sequence entry from withi n ...

  • Cisco Systems 3560X - page 864

    37-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring VLAN Maps Example 2 In this e xample, the VLAN map has a def a ult action of drop for IP pack ets and a d efault action of forward for MA C packets. Used with standard A CL 101 and extended named access lis ...

  • Cisco Systems 3560X - page 865

    37-35 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring VLAN Maps Example 4 In this example, the VLAN map has a default action of drop for all packets (IP and non-IP). U sed with access lists tcp-match and good-hosts from Examples 2 and 3, the map will h av e th ...

  • Cisco Systems 3560X - page 866

    37-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring VLAN Maps Figur e 37 -4 Wiring Closet Configur ation If you do not w a nt HTTP traf fic switched from Host X to Host Y , you can conf igure a VLAN map on Switch A to drop all HTTP traf fic from Host X (IP a ...

  • Cisco Systems 3560X - page 867

    37-37 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Using VLAN Maps with Router ACLs Figur e 37 -5 Deny A ccess to a Serv er on Another VLAN This example sho ws how to den y access to a server on another VLAN by creating the VLAN map SER VER 1 that de nies access to hos ...

  • Cisco Systems 3560X - page 868

    37-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Using VLAN Maps with Ro ute r ACLs If a packet flo w matches a VLAN-map deny clause in the A CL, regard less of the router A CL configuration, the packet flo w is denied. Note When you use router ACLs with VLAN maps, p ...

  • Cisco Systems 3560X - page 869

    37-39 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Using VLAN Maps with Router ACLs Examples of Router ACLs and VLAN Maps Applied to VLANs This section gi ves ex amples of app lying router A CLs and VLAN maps t o a VLAN for switched, bridged, routed, and multica st pac ...

  • Cisco Systems 3560X - page 870

    37-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Using VLAN Maps with Ro ute r ACLs Figur e 37 -7 Applying ACLs on Bridg ed Pac k ets ACLs and Routed Packets Figure 37-8 sho ws ho w A CLs are applied on routed pack ets. The A CLs are appli ed in this order: 1. VLAN m ...

  • Cisco Systems 3560X - page 871

    37-41 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Displaying IPv4 ACL C onfiguration ACLs and Multicast Packets Figure 37-9 sho w s ho w A CLs are applied on pack ets that ar e replicated f or IP multicasting. A multicast packet being r outed has tw o dif ferent kinds ...

  • Cisco Systems 3560X - page 872

    37-42 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Displaying IPv4 AC L Configuration Y ou can also display info rmation about VLAN access maps or VLAN filters. Use the pr iv ileged EXEC commands in Ta b l e 37-3 to display VLAN map information. show ip interface inter ...

  • Cisco Systems 3560X - page 873

    CH A P T E R 38-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 38 Configuring IPv6 ACLs Y ou can filter IP V ersion 6 (IPv6) tra ff ic by creating IPv6 access control lists (ACLs) and applying the m to interfaces simil arly to the way th at you create and apply IP V ersion 4 (IPv4) named A CLs. Y ou can also create a n ...

  • Cisco Systems 3560X - page 874

    38-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 38 Configuring IPv6 A CLs Understanding IPv6 ACLs Understanding IPv6 ACLs A switch support s two types of IPv6 A CLs: • IPv6 router A CLs are supported on outbound or in bou nd traff ic on Layer 3 i nterfaces, which can be routed ports, switch virtual interfac ...

  • Cisco Systems 3560X - page 875

    38-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 38 Configuring IPv6 ACLs Understanding IPv6 ACLs • Routed or bridged pack ets with hop-b y-hop options ha ve IPv6 A CLs applied in software. • Logging is supp orted for router A CLs, but n ot for port A CLs. • The switch support s IPv6 address-matching for ...

  • Cisco Systems 3560X - page 876

    38-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 38 Configuring IPv6 A CLs Configuring IPv6 ACLs Configuring IPv6 ACLs Before conf iguring IPv6 A CLs, you must select one of t he dual IPv4 and IPv6 SD M templates. T o filter IPv6 t raff ic, you perform these steps: Step 1 Create an IPv6 A CL, and enter IPv6 ac ...

  • Cisco Systems 3560X - page 877

    38-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 38 Configuring IPv6 ACLs Co nfiguring IPv6 ACLs Creating IPv6 ACLs Beginning in pri vileged EXEC mode, follow these steps to create an IPv6 A CL: Command Purpose Step 1 conf igure terminal Enter global config uration mode. Step 2 ipv6 access-list access-list-nam ...

  • Cisco Systems 3560X - page 878

    38-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 38 Configuring IPv6 A CLs Configuring IPv6 ACLs Step 3b { deny | permit } tcp { sour ce-ipv6-pref ix / pref ix-l ength | any | host sour ce-ipv6-addr ess } [ operator [ p ort-number ]] { destination-ipv6 - pr efix / pr efix-l ength | any | host destination-ipv6- ...

  • Cisco Systems 3560X - page 879

    38-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 38 Configuring IPv6 ACLs Co nfiguring IPv6 ACLs Use the no { deny | permit } IPv6 access-list configuration commands with keywords to remo ve the deny or permit conditions from the specified access list. This example configures the I Pv6 access list nam ed CISCO ...

  • Cisco Systems 3560X - page 880

    38-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 38 Configuring IPv6 A CLs Displaying IPv6 ACLs Use the no ipv6 tr aff ic -f ilter access-list-name interface conf iguration command to remov e an access list from an interface. This example sho ws how to apply the access list Ci sco to outbound traff ic on a Lay ...

  • Cisco Systems 3560X - page 881

    CH A P T E R 39-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 39 Configuring QoS This chapter describe s ho w to configure quality of serv ice (QoS) by using automatic QoS (auto-Q oS) commands or by usin g standard QoS commands on the Catalyst 3750- X or 3560-X switch. W ith QoS, y ou can provide preferenti al treatme ...

  • Cisco Systems 3560X - page 882

    39-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS Understanding QoS T ypically , networks operate on a b est-effor t deliv ery ba sis, which m eans that all t raf fic has eq ual priority and an equal chance of being deli vered in a timely manner . When conge stion occurs, al ...

  • Cisco Systems 3560X - page 883

    39-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS Figur e 39-1 QoS Classification Lay ers in Frames and P ack ets All switches and routers that access the I nternet re ly on the cl ass information to provide the same forwarding treatment to packets with the same class infor ...

  • Cisco Systems 3560X - page 884

    39-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS Basic QoS Model T o implement QoS, the switch must distingu ish packets or flo w s from one anoth er (classify), assign a label to indicat e the gi ven qual ity of service as the pack ets mov e through the swit ch, make the p ...

  • Cisco Systems 3560X - page 885

    39-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS Figur e 39-2 Basic QoS Model Classification Classificat ion is the process of di stinguishing one ki nd o f traf fic from another b y examining the f ields in the pack et. Classification is enab led only if QoS i s globally ...

  • Cisco Systems 3560X - page 886

    39-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS For IP traf fic, you ha ve these classificat ion options as sho wn in Figure 39-3 : • T rust the DSCP v alue in the incoming packet ( configure t he port to trust DSCP), and assign the same DSCP v alue to the packet. The IE ...

  • Cisco Systems 3560X - page 887

    39-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS Figur e 39-3 Cl ass ification Flo wchar t Classification Based on QoS ACLs Y ou can us e IP standard, IP ex tended, or Layer 2 MA C A CLs to define a gro up of packets with the same characteristics ( class ). Y ou can also c ...

  • Cisco Systems 3560X - page 888

    39-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS In the QoS context, the permit and deny actio ns in the access control entries (A CEs) hav e different meanings than with securi ty A CLs: • If a match with a permit action is encountered (first-match principle), the specif ...

  • Cisco Systems 3560X - page 889

    39-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS T o enable the polic y map, you attach it to a port b y using the service-policy interface conf iguration command. Y ou can apply a nonhierarchical polic y map to a ph ysical port or an SVI. Howe ver , a hi erarchical polic ...

  • Cisco Systems 3560X - page 890

    39-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS Policing on Physical Ports In polic y maps on physical ports, you can create these t ypes of policers: • Indi vidual—QoS applies the bandwidth limits sp ecified i n the policer separately t o each matched traf fic class. ...

  • Cisco Systems 3560X - page 891

    39-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS Figur e 39-4 P olicing and Marking Flo w chart on Ph ysical Por ts Policing on SVIs Note Before conf iguring a hierarchical policy map w ith indi vidual policers on an SVI, you must enable VLAN-based QoS on the physical po ...

  • Cisco Systems 3560X - page 892

    39-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS When configuring policing on an SV I, you can create and configure a hi erarchical policy map with these two le vels: • VLAN le vel—Create t his primary le vel b y configuring class maps and classes that specify the port ...

  • Cisco Systems 3560X - page 893

    39-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS Mapping Tables During QoS processing, the switch represents the priority of all traf fic (inclu ding non-IP traf fic) with a QoS label based on the DSCP or CoS v alue from the classificatio n stage: • During classificatio ...

  • Cisco Systems 3560X - page 894

    39-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS Queueing and Scheduling Overview The switch has queues at sp ecific points to help pre vent congestion as sho wn in Figure 39-6 and Figure 39-7 . Figur e 39-6 I ngr ess and Egr ess Queue Loca tion on Cata lyst 3750-X S witch ...

  • Cisco Systems 3560X - page 895

    39-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS Weighted Tail Drop Both the ingress and egress queues u se an enhanced versi on of the tail-drop congest ion-a voidance mechanism called weighted tail dr op (WTD). WTD is implemented on queues to man age the queue lengths a ...

  • Cisco Systems 3560X - page 896

    39-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS In shared mode, the queu es share the bandwidt h among them according to the conf igured weights. The bandwidth is guaranteed at th is lev e l b ut not limited to it . For example, if a queue is emp ty and no longer requires ...

  • Cisco Systems 3560X - page 897

    39-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS Figur e 39-1 0 Queueing and Scheduling Flow c hart for Ingr ess Por ts on Catalyst 3560-X Switches Note SRR service s the priority queue for its configured s hare before servic ing the other que ue. The switch supports tw o ...

  • Cisco Systems 3560X - page 898

    39-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS Y ou assign each packet that flo w s through the sw itch to a queue a nd to a threshold. Specif ically , you map DSCP or CoS v alues to an ingress queue and map DSCP or CoS v alues to a threshold ID. Y ou use the mls qos srr ...

  • Cisco Systems 3560X - page 899

    39-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS Queueing and Scheduling on Egress Queues Figure 39-11 and Figure 39-12 sho w the queueing and scheduling fl owch arts for e gress ports. Note If the e xpedite queue is enabled, SRR services it u nt il it is empty before ser ...

  • Cisco Systems 3560X - page 900

    39-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS Figur e 39-12 Queueing and Scheduling Flow char t f o r Egr ess P orts on Catalyst 3560-X S witches Each port supports fou r egress queues, o ne of which (queue 1) can be th e egress expedite queu e. These queues are assigne ...

  • Cisco Systems 3560X - page 901

    39-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS buf fers) or not empty (free buf fers). If the queue is not ov er-limit, the switch can allocate buf fer space from the reserv ed pool or from the co mmon pool (if it is not empty ). If there are no free b uffers in the com ...

  • Cisco Systems 3560X - page 902

    39-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS The queues use WTD to support dis tinct drop percentage s for dif feren t traff ic classes. Each queue has three drop threshol ds: two conf igurable ( explicit ) WTD th resholds and one nonconf igurable ( implicit ) threshol ...

  • Cisco Systems 3560X - page 903

    39-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto-QoS • Depending on the QoS label ass igned to a fram e a nd the mutation chosen, the D SCP and C oS v a lues of the frame are re written. If you do not configure the mutati on map an d if yo u conf igure the port to trust t ...

  • Cisco Systems 3560X - page 904

    39-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto- QoS Generated Auto-QoS Configuration By default, auto-Qo S is disabled on all ports. When auto-QoS is enabled, it uses th e ingres s packet label to categorize traf fic, to assign packet labels, and to configure the ingress ...

  • Cisco Systems 3560X - page 905

    39-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto-QoS trust the QoS label receiv ed in the pa cket. The switch also uses policing to determine wheth er a packet is in or out of profil e and to specify the action on t he packet. If the pack et does not hav e a DSCP v alue of ...

  • Cisco Systems 3560X - page 906

    39-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto- QoS The switch automatically maps DSCP v alues to an ingress queue and to a threshold I D. Switch(config)# no mls qos srr-queue input dscp-map Switch(config)# mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 1 ...

  • Cisco Systems 3560X - page 907

    39-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto-QoS The switch automatically conf ig ures the egress queue buf fer sizes. It conf igures the bandwidth and the SRR mo de (shaped or shared) on the e gress queues mapped to the port. Switch(config)# mls qos queue-set output 1 ...

  • Cisco Systems 3560X - page 908

    39-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto- QoS Effects of Auto-QoS on the Configuration When auto-QoS is enabled, the auto qos voip interface conf iguration command an d the generated confi guration are added to the running conf iguration. The switch applies the auto ...

  • Cisco Systems 3560X - page 909

    39-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto-QoS • T o take adv antage of the auto-QoS def aults, you should enable aut o-QoS before you conf igure other QoS commands. If necessary , you can f ine-tune the QoS configuration, but we recommend that you do so on ly after ...

  • Cisco Systems 3560X - page 910

    39-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto- QoS T o display the QoS commands that are automatically generated when auto-QoS is enabled or disabled, enter the debug auto qos pri vileged EXEC command befor e enabling au to-QoS. For more informati on, see the debug autoq ...

  • Cisco Systems 3560X - page 911

    39-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto-QoS Figur e 39-14 A uto-QoS Configuration Example Networ k Figure 39-14 sho ws a netw ork in which t he V oIP traf fic is pr ioritized ove r all other traf fic. Au to-QoS is enabled on the switches in the w iring closets at t ...

  • Cisco Systems 3560X - page 912

    39-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto- QoS Beginni ng in priv ileged EXEC mode, fo llow these steps to configur e the switch at the edge of the QoS domain to prioritize the V oIP traf fic o ver all other traf fic: Command Purpose Step 1 debug auto qos Enable debu ...

  • Cisco Systems 3560X - page 913

    39-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Displaying Auto-QoS Information Displaying Auto-QoS Information T o display the initial au to-QoS conf iguration, use the sho w auto qos [ interfac e [ interface-id ]] pri vileged EXEC co mmand. T o display any user changes to that conf igura ...

  • Cisco Systems 3560X - page 914

    39-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Default Standard QoS Configuration QoS is disabled. There is no concept of trusted or untrusted ports because the pack ets are not modif ied (the CoS, DSCP , and IP precedence values in the packet are not changed). ...

  • Cisco Systems 3560X - page 915

    39-35 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Default Egress Queue Configuration Ta b l e 39-9 sho w s the def ault eg ress queue conf iguration for each queue-set when QoS is enabled. All ports are mapped to queue-set 1. The port band wi d th limit is set to 100 ...

  • Cisco Systems 3560X - page 916

    39-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Default Mapping Table Configuration Ta b l e 39-12 on page 39-70 shows the default CoS-t o-DSCP map. Ta b l e 39-13 on page 39-71 sho ws the default IP -precedence-to-DSCP map. Ta b l e 39-14 on page 39-73 sho ws th ...

  • Cisco Systems 3560X - page 917

    39-37 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Applying QoS on Interfaces These are the guidelines for configuring QoS on p hysical ports and SVIs (Layer 3 VLAN interfaces): • Y ou can con f igure QoS on p hysical ports and SVIs. When configuring QoS on phy sica ...

  • Cisco Systems 3560X - page 918

    39-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS • QoS policies that include IPv6-specif ic classification (such as an IPv 6 A CL or th e match pr otocol ipv6 command) are supported on Catalyst 3750-X and Catalyst 3750-E interfaces and on any SVI when a C atalys ...

  • Cisco Systems 3560X - page 919

    39-39 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Beginning in pri vileged EXEC mode, follow these steps to enable QoS. This procedure is requi red. T o disable QoS, use the no ml s q os global conf iguration command. Enabling VLAN-Based QoS on Physical Ports By defa ...

  • Cisco Systems 3560X - page 920

    39-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Configuring Classification Using Port Trust States These sections describe ho w to cl assify incoming traf fic by usin g port trust states. Depending on y our network co nfigu ration, you must perform one or mo re o ...

  • Cisco Systems 3560X - page 921

    39-41 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Beginning in pri vileged EXEC mod e, follo w these steps to conf igure the port to trust the classif ication of the traff ic that it receives: T o return a port to its u ntrusted state, use t he no ml s qos trust inte ...

  • Cisco Systems 3560X - page 922

    39-42 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS T o return to the default setting, use t he no mls qos cos { default-cos | ov erride } interface conf iguration command. Configuring a Trusted Bou ndary to Ensure Port Security In a typical network, yo u connect a C ...

  • Cisco Systems 3560X - page 923

    39-43 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS In some situations, yo u can pre vent a PC conn ected to the Cisco IP Phone fro m taking adv antage of a high-priority d ata queue. Y ou can use the switchport priority extend cos interface configuration command to co ...

  • Cisco Systems 3560X - page 924

    39-44 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Regardl ess of the DSCP tran sparency conf iguration, the switch modi fies the i nternal DSCP v alue of the packet, which the switch uses to generate a class of service (CoS) v alue that represents the priority of t ...

  • Cisco Systems 3560X - page 925

    39-45 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Beginning in pri vileged EXEC mod e, follo w these steps to conf igure the DSCP-trusted state on a port and modify th e DSCP-to-DSCP-muta tion map. T o ensure a consi stent mapping strategy across both Qo S domains, y ...

  • Cisco Systems 3560X - page 926

    39-46 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Configuring a QoS Policy Config uring a QoS polic y typically requires classifying t raff ic into classes, conf iguring policies ap plied to those traf fic classes, and at taching policies to ports. For background i ...

  • Cisco Systems 3560X - page 927

    39-47 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS T o delete an access list, use the no access-list acce ss-list-number global configuration c ommand. This example sho ws how to allo w access for only those hosts on the three specified networks. The wildcard bits ap ...

  • Cisco Systems 3560X - page 928

    39-48 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS T o delete an access list, use the no access-list acce ss-list-number global conf iguration command. This example sho ws how to create an A CL that permits IP traff ic from any source to an y destination that has th ...

  • Cisco Systems 3560X - page 929

    39-49 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS T o delete an access list, use the no ipv6 access-list access-list-number global confi guration command. Step 3 { deny | permit } pr otocol { s our ce-ipv6-pref ix/pref ix-len gth | any | host sour ce-ipv6-addr ess } ...

  • Cisco Systems 3560X - page 930

    39-50 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS This example sho ws how to create an A CL that perm its IPv6 traf fi c from any source to an y destination that has the DSCP v alue set to 32: Switch(config)# ipv6 access-list 100 permit ip any any dscp 32 This exam ...

  • Cisco Systems 3560X - page 931

    39-51 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS This example sho ws ho w to crea te a Layer 2 M A C AC L with two perm it statements. The first statem ent allo ws traf fic from the ho st with MA C address 0001.0000.0001 to the host with MA C address 0002.0000.0001. ...

  • Cisco Systems 3560X - page 932

    39-52 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Step 3 class-map [ match-all | match-any ] class-map-name Create a class map, and enter class-map c onf iguration mode. By default, no cl ass maps are defined. • (Optiona l) Use the match-all keyw ord to perform a ...

  • Cisco Systems 3560X - page 933

    39-53 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS T o delete an existing pol icy map, use the no policy-map policy-map-name global configuration command. T o delete an existin g class map, use the no class-map [ match-al l | match-any ] class-map-n ame global conf ig ...

  • Cisco Systems 3560X - page 934

    39-54 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Classifying Traffic by Using Cla ss Maps and Filtering IPv6 Traffic The switch supports both IPv4 and IPv6 QoS when a dual- ipv4-and-ipv6 SDM te mplate is confi gured. When the dual IP SDM template is configu red, t ...

  • Cisco Systems 3560X - page 935

    39-55 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS T o delete an existing pol icy map, use the no policy-map policy-map-name global configuration command. T o delete an existin g class map, use the no class-map [ match-al l | match-any ] class-map-n ame global conf ig ...

  • Cisco Systems 3560X - page 936

    39-56 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Classifying, Policing, and Mark ing Traffic on Physical Ports by Using Policy Maps Y ou can confi gure a nonhierarchical poli cy map on a p hysical port that specif ies which traff ic class to act on. Actions can in ...

  • Cisco Systems 3560X - page 937

    39-57 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Beginning in pri vileged EXEC mod e, follo w thes e steps to cr eate a nonhier archical po licy map: Command Purpose Step 1 configur e terminal Enter global conf iguration mode. Step 2 class-map [ match-all | match-an ...

  • Cisco Systems 3560X - page 938

    39-58 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Step 5 trust [ cos | dscp | ip-precedence ] Conf igure the trust state, which QoS uses to generate a CoS-based or DSCP-based QoS label. Note This command is mutually e xclusi ve with the set command within the same ...

  • Cisco Systems 3560X - page 939

    39-59 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS T o delete an existing pol icy map, use the no policy-map policy-map-name global configuration command. T o delete an existin g class map, use the no class class-map-name pol icy-map conf iguration command. T o return ...

  • Cisco Systems 3560X - page 940

    39-60 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Switch(config-ext-mac)# exit Switch(config)# class-map macclas s1 Switch(config-cmap)# match access -group maclist1 Switch(config-cmap)# exit Switch(config)# policy-map macpol icy1 Switch(config-pmap)# class maccla ...

  • Cisco Systems 3560X - page 941

    39-61 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS • In a switch stack, you cannot use the match input-interface class-map conf iguration command to specify interfaces acro ss stack members in a polic y-map class. • A policy-map and a port trust sta t e can both r ...

  • Cisco Systems 3560X - page 942

    39-62 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Beginning in pri vileged EXEC mod e, follo w these steps to create a hier archical polic y map: Command Purpose Step 1 configur e terminal Enter global conf iguration mode. Step 2 class-map [ match-all | match-any ] ...

  • Cisco Systems 3560X - page 943

    39-63 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Step 4 match protocol [ ip | ipv6 ] (Optional) Specify the IP proto col to which the class map applies. • Use the argument ip to specify IPv4 traf f ic, and ipv6 to specify IP v 6 t r affi c . • When you use the m ...

  • Cisco Systems 3560X - page 944

    39-64 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Step 11 policy-map policy-map-name Create an interface-le vel polic y map b y entering the po licy-map name, and enter polic y-map configuration mode. By default, no polic y maps are de f ined, and no policing is pe ...

  • Cisco Systems 3560X - page 945

    39-65 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Step 18 trust [ cos | dscp | ip-precedence ] Conf igure the trust state, which QoS uses to generate a Co S-based or DSCP-based QoS label. Note This command is mutually e xclusi ve with the set command within the same ...

  • Cisco Systems 3560X - page 946

    39-66 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS T o delete an existing pol icy map, use the no policy-map policy-map-name global configuration command. T o delete an existin g class map, use the no class class-map-name policy -map config uration command. T o retu ...

  • Cisco Systems 3560X - page 947

    39-67 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Switch(config-pmap-c)# exit Switch(config-pmap)# class-map cm- 2 Switch(config-pmap-c)# match ip ds cp 2 Switch(config-pmap-c)# service-pol icy port-plcmap-1 Switch(config-pmap)# exit Switch(config-pmap)# class-map cm ...

  • Cisco Systems 3560X - page 948

    39-68 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Beginning in priv ileged EXEC mode, foll ow these steps to create an aggreg ate policer: Command Purpose Step 1 configur e terminal Enter global conf iguration mod e. Step 2 mls qos aggregate-policer aggr e gate-pol ...

  • Cisco Systems 3560X - page 949

    39-69 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS T o remove the specif ied aggre gate policer from a policy map, use the no police aggr egate aggr e gate-policer-name polic y map configu ration mode. T o delete an aggregate poli cer and its parameters, use the no ml ...

  • Cisco Systems 3560X - page 950

    39-70 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Configuring the CoS-to-DSCP Map Y ou use the CoS-to-DSCP map to map CoS v alues in incoming packets to a DSCP v alue that QoS uses internally to represent the priority of the traf fic. Ta b l e 39-12 sho ws the def ...

  • Cisco Systems 3560X - page 951

    39-71 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Configuring the IP-Precedence-to-DSCP Map Y ou use the IP-precedence-to-DSC P map to map IP pr ecedence values in incoming packets to a DSCP v alue that QoS uses intern ally to represent th e priority of the tr af fic ...

  • Cisco Systems 3560X - page 952

    39-72 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Configuring the Policed-DSCP Map Y ou use the policed-DSCP map to mark do wn a DSCP v alue to a new v alue as the result of a policing and marking action. The default po liced-DSCP map is a null map, whi ch maps an ...

  • Cisco Systems 3560X - page 953

    39-73 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Configuring the DSCP-to-CoS Map Y ou use the DSCP-to-CoS map to gene rate a CoS v alue, which is used to select one of the four egress queues. Ta b l e 39-14 sho ws the default DSCP-to-CoS map. If these v alues are no ...

  • Cisco Systems 3560X - page 954

    39-74 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS 3 : 03 03 00 04 04 04 04 04 04 04 4 : 00 05 05 05 05 05 05 05 00 06 5 : 00 06 06 06 06 06 07 07 07 07 6 : 07 07 07 07 Note In the abov e DSCP-to-CoS map, the CoS v alues are shown in the body of th e matrix. The d1 ...

  • Cisco Systems 3560X - page 955

    39-75 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS T o return to the default map, u se the no mls qos dscp-mutation dscp-mutation-name glo bal confi guration command. This exampl e show s how to define the DSCP-to-DSCP- mutation map. All the entries that are not e xpl ...

  • Cisco Systems 3560X - page 956

    39-76 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds Y ou can prioritize traff ic by placing packets with particular DSCPs or CoSs into certain queues and adjusting the queue thresho lds so that ...

  • Cisco Systems 3560X - page 957

    39-77 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS This exampl e sho ws how to map DSCP v alues 0 to 6 to in gress queue 1 and to threshold 1 with a drop threshold of 50 percent. It map s DSCP v alues 20 t o 26 to ingress queue 1 and to threshold 2 with a drop thresho ...

  • Cisco Systems 3560X - page 958

    39-78 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Beginning in pri vileged EXEC mode, foll ow th ese steps to allocate bandwidth between the ingress queues. This procedure is optional. T o return to the def ault setting, use the no ml s q os srr -queue input bandwi ...

  • Cisco Systems 3560X - page 959

    39-79 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Beginni ng in pri vileged EXEC mode, follo w these steps to configure the priorit y queue. This procedure is optio nal. T o return to the default setti ng, use the no ml s qos srr -queue input priority-queue queue-id ...

  • Cisco Systems 3560X - page 960

    39-80 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS These sections contain this configu ration informat ion: • Config uration Guidelines, page 39- 80 • Allocating Buffer Space to and Setting WTD Th resholds for an Egress Queue-Set, page 39-80 (optio nal) • Mapp ...

  • Cisco Systems 3560X - page 961

    39-81 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Beginni ng in pri vileged EXEC mo de, follow these steps to conf igure the memory allocation and to drop thresholds for a queue-set. This procedure is opti onal. Command Purpose Step 1 configur e terminal Enter global ...

  • Cisco Systems 3560X - page 962

    39-82 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS T o return to the default set ting, use the no mls qos queue-set output qset-id buffers global configuration command. T o return to the default WTD threshold percentages, use the no mls qos queue-set output qset-id ...

  • Cisco Systems 3560X - page 963

    39-83 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Beginni ng in pri vileged EXEC mode, follo w these steps to map DSCP or Co S values to an e gress queue and to a threshold ID. This p rocedure is optional. T o return to the defaul t DSCP output queue threshol d map o ...

  • Cisco Systems 3560X - page 964

    39-84 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Configuring SRR Shaped Weights on Egress Queues Y ou can specify ho w much o f the av ailable bandwidt h is allocated to each queue. The ratio of t he weights is the ratio of frequenc y in which the SRR scheduler se ...

  • Cisco Systems 3560X - page 965

    39-85 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Configuring SRR Shared Weights on Egress Queues In shared mode, the queu es share the bandwidt h among them according to the conf igured weights. The bandwidth is g uaranteed at this le vel b ut not limited to it. F o ...

  • Cisco Systems 3560X - page 966

    39-86 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Beginning in priv ileged EXEC mode, foll ow these steps to enable the egress e xpedite queue. This procedure is optional . T o disable the eg ress expedite queue, use the no priori ty-queue out interf ace configurat ...

  • Cisco Systems 3560X - page 967

    39-87 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Displaying Standard QoS Information T o return to the defa ult setting, use th e no srr -queue bandwidth limit in terface conf iguration command. This example sh ows ho w to limit the bandwidth on a port to 80 percent: Switch(config)# interfa ...

  • Cisco Systems 3560X - page 968

    39-88 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Displaying Standard QoS Information ...

  • Cisco Systems 3560X - page 969

    CH A P T E R 40-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 40 Configuring EtherChannels and Link-State Tracking This chapter de scribes ho w to co nfigure EtherChannels on Layer 2 and Layer 3 ports on the Catalyst 3750-X or 3560-X switch. EtherChannel provid es f ault-tolerant high- speed links between switches, ro ...

  • Cisco Systems 3560X - page 970

    40-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Understanding EtherCh an nels • Load-Balancing and Forwardi ng Methods, page 40-8 • EtherChannel and Switch Stacks, page 40 -10 EtherChannel Overview An EtherChannel consists of in di vidual Gigabit Ether ...

  • Cisco Systems 3560X - page 971

    40-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Understanding EtherChann els Y ou can confi gure an EtherChannel in o ne of thes e modes: Port Aggre gation Protocol (P AgP), Link Aggreg ation Control Protocol (LA CP), or On. Config ure both end s of the Et ...

  • Cisco Systems 3560X - page 972

    40-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Understanding EtherCh an nels Figur e 40-3 Cr oss-Stack EtherChannel Port-Channel Interfaces When you create an EtherChannel, a port-c hannel logical interf ace is in volved: • W ith Layer 2 p orts, use the ...

  • Cisco Systems 3560X - page 973

    40-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Understanding EtherChann els Figur e 40-4 Relationship of Ph ysical P orts, Logical P ort Channels, and Channel Gr oups After you conf igure an EtherChannel, conf iguration changes applied to the port-channel ...

  • Cisco Systems 3560X - page 974

    40-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Understanding EtherCh an nels PAgP Modes Ta b l e 40-1 sho ws the user -configurable EtherChannel P AgP modes for the channel -group interface confi guration command. Switch ports exchange P AgP packets only ...

  • Cisco Systems 3560X - page 975

    40-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Understanding EtherChann els T o prev ent a dual-activ e situation, the core switches send P AgP protocol data units (PDUs) through the RSLs to the remote switches. The P AgP PDUs id entify the acti ve switch ...

  • Cisco Systems 3560X - page 976

    40-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Understanding EtherCh an nels Ports can form an EtherChannel when the y are in dif ferent LA CP modes as long as the mo des are compatible. For e xample: • A port in the active mode can form an EtherC hanne ...

  • Cisco Systems 3560X - page 977

    40-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Understanding EtherChann els W ith destination-M A C address forw arding, when packets are forwarded to an EtherChannel, they are distrib uted across the po rts in t he channel based on the destinat ion host? ...

  • Cisco Systems 3560X - page 978

    40-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Understanding EtherCh an nels Figur e 40-5 Load Distr ibution and F orwar ding Methods EtherChannel and Switch Stacks If a stack member that h as ports participating in an EtherC hannel fails or leaves the s ...

  • Cisco Systems 3560X - page 979

    40-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Configuring EtherChannels For more information about switch stacks, see Chapter 5, “Managing Switch Stacks. ” Configuring EtherChannels These sections contain this configu ration informatio n: • Defaul ...

  • Cisco Systems 3560X - page 980

    40-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Configuring EtherCh ann els EtherChannel Configuration Guidelines If improperly conf igured, some EtherChannel ports ar e automaticall y disabled to a void network l oops and other problems. F ollow these gu ...

  • Cisco Systems 3560X - page 981

    40-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Configuring EtherChannels – Ports with dif ferent spanning-tre e path costs can form an EtherChannel i f the y are otherwise compatibly conf igured. Setting dif ferent spanning-tree path costs does not, b ...

  • Cisco Systems 3560X - page 982

    40-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Configuring EtherCh ann els T o remove a po rt from the EtherChannel group, use t he no channel-group interf ace configuration command. Step 4 channel-group c hannel-gr oup-number mode { auto [ non-silent ] ...

  • Cisco Systems 3560X - page 983

    40-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Configuring EtherChannels This exampl e sho ws how to conf igure an EtherChannel on a single switch in the stack . It assigns two ports as static-a ccess ports in VLAN 10 to channel 5 wi th the P AgP mode de ...

  • Cisco Systems 3560X - page 984

    40-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Configuring EtherCh ann els Beginning in pri vileged EXEC mode, follow these steps to creat e a port-channel interface for a Layer 3 EtherChann el. This procedure is requir ed. T o remove the port-channel, u ...

  • Cisco Systems 3560X - page 985

    40-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Configuring EtherChannels Step 5 channel-group c hannel-gr oup-number mode { auto [ non-silent ] | desirable [ non-silent ] | on } | { active | passi ve } Assign the port t o a channel group, and sp ecify th ...

  • Cisco Systems 3560X - page 986

    40-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Configuring EtherCh ann els This ex ample sho ws ho w to conf igure an Et herChannel. It assi gns two ports t o channel 5 with th e LA CP mode activ e : Switch# configure terminal Switch(config)# interface r ...

  • Cisco Systems 3560X - page 987

    40-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Configuring EtherChannels T o return EtherChannel load-balan cing to the defau lt confi guration, use the no port-channel load-balance global conf iguration command. Configuring the PAgP Learn Method and Pri ...

  • Cisco Systems 3560X - page 988

    40-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Configuring EtherCh ann els Beginning in pri vileged EXEC mode, foll ow th ese steps to conf igure your switch as a P AgP physical-port learner and to adjust the prior ity so that the same port in the b undl ...

  • Cisco Systems 3560X - page 989

    40-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Configuring EtherChannels If you conf igure more than eight links for an EtherChannel group, the softw are automatically decides which of the hot-standb y ports to make acti ve based on the LA CP priority . ...

  • Cisco Systems 3560X - page 990

    40-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Displaying EtherChann el, PAg P, and LACP Status Configuring the LACP Port Priority By default, all port s use the same port priority . If the local system has a lo wer value f or the system priority and th ...

  • Cisco Systems 3560X - page 991

    40-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Understanding Link -State Tracking Y ou can clear P AgP channel-group information and t raf fic cou nters by usin g the clear pagp { channel -gr oup-number counters | counters } pri vileged EXEC command. Y o ...

  • Cisco Systems 3560X - page 992

    40-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Understanding Link-State Trac king Figur e 40-6 T ypical Link-State T racking Configur ation The configuration in Figure 40-6 ensures th at the netw ork traff i c flow is balanced as follo ws: • For link s ...

  • Cisco Systems 3560X - page 993

    40-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Configuring Link -State Tra cking • Link-state group 2 on sw itch A – Switch A provides secondary links to serv er 3 and server 4 through l ink-state group 2. Port 3 is connected to serv er 3, and port 4 ...

  • Cisco Systems 3560X - page 994

    40-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Configuring Link-S tate Tr ack ing Default Link-State Tracking Configuration There are no link-state groups def ined, and link-state tracking is not enabl ed for any group. Link-State Tracking Con figuration ...

  • Cisco Systems 3560X - page 995

    40-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Configuring Link -State Tra cking Switch(config-if)# interface gigabitethernet1/0/3 Switch(config-if)# link state grou p 1 downstream Switch(config-if)# interface gigab itethernet1/0/5 Switch(config-if)# lin ...

  • Cisco Systems 3560X - page 996

    40-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Configuring Link-S tate Tr ack ing ...

  • Cisco Systems 3560X - page 997

    CH A P T E R 41-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 41 Configuring TelePresence E911 IP Phone Support Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. Note This feature is not supported on swit ches running the LAN base feature set. The Catalyst 3750-X an d 3560-X ...

  • Cisco Systems 3560X - page 998

    41-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 41 Configuring TelePresenc e E911 IP Phone Support Configuring TelePre sence E911 IP Phone Support Use the T elePresence E911 IP phone support feature to ensure that th e IP phone is alw ays on and av ailable for emer gency calls. When a CDP-enabled IP phone is ...

  • Cisco Systems 3560X - page 999

    41-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 41 Configuring TelePresence E9 11 IP Pho ne Support Configuring TelePresence E911 IP Phone Support Enabling TelePresence E911 IP Phone Support Beginni ng in pri vileged EXEC mod e: Example Switch# configure terminal Enter configuration commands, one per line. En ...

  • Cisco Systems 3560X - page 1000

    41-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 41 Configuring TelePresenc e E911 IP Phone Support Configuring TelePre sence E911 IP Phone Support Switch# show cdp forward Ingress Egress # packets # packets Port Port forwarded dropped ------------------------------------------------------------- Gi2/0/2 Gi2/0 ...

  • Cisco Systems 3560X - page 1001

    CH A P T E R 42-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 42 Configuring IP Unicast Routing This chapter describe s ho w to configure IP V ersion 4 (IPv4) unicast routing on th e Catalyst 3750-X or 3560-X switch. Note Routing is not supported on swi tches running the LAN base feature set. Unless otherwise noted , ...

  • Cisco Systems 3560X - page 1002

    42-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Understanding IP Routing • Config uring Multi-VRF CE, pag e 42-74 • Config uring Protocol-Indepen dent Features, page 42-89 • Monitoring and Maintaini ng the IP Network, page 42 -104 Note When configuri ng routing paramete ...

  • Cisco Systems 3560X - page 1003

    42-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Understanding IP Routing Types of Routing Routers and Layer 3 switches can rout e packets in three dif ferent ways: • By using defau lt routing • By using preprogrammed static routes for the traff ic • By dynamically calc ...

  • Cisco Systems 3560X - page 1004

    42-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Understanding IP Routing • The MA C address of the stack master is used a s th e router MA C address for the whole stack, and all outside de vices use this address to send IP p ackets to the stack. • All IP packets t hat req ...

  • Cisco Systems 3560X - page 1005

    42-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Steps for Configuring Routing Caution Partit ioning of the switch stack into two or more stacks mi ght lead to undesirable b ehavior in the network. Steps for Configuring Routing By default, IP routi ng is disabled on the switc ...

  • Cisco Systems 3560X - page 1006

    42-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring IP Addressing Configuring IP Addressing A required task for conf iguring IP routing is to a ssign IP addresses to Layer 3 network interfaces to enable the interfaces and allow communication with the hosts on those in ...

  • Cisco Systems 3560X - page 1007

    42-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Config uring IP Addressing Assigning IP Addresses to Network Interfaces An IP address identif ies a location to which IP pack ets can be sent. Some IP addresses are reserv ed for special uses and cannot be used for host, subnet ...

  • Cisco Systems 3560X - page 1008

    42-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring IP Addressing Y ou can use the all ones subne t (131.108.255. 0) and e ven though it i s discouraged, you can enable the use of subnet zero i f you need the enti re subnet space for your IP address. Beginning in priv ...

  • Cisco Systems 3560X - page 1009

    42-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Config uring IP Addressing Figur e 42-3 No IP Classless Routing T o prev ent the switch from forwardi ng packets destined for unrecognize d subnets to the best supernet route possible, you can disable classless routing beha vio ...

  • Cisco Systems 3560X - page 1010

    42-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring IP Addressing The switch can use these fo rms of address resolution: • Address Resolution Protocol (ARP) is used t o asso ciate IP address with MA C addresses. T aking an IP address as in put, ARP learns t he asso ...

  • Cisco Systems 3560X - page 1011

    42-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Config uring IP Addressing T o remove an entry from the ARP cache, use the no arp ip- addr ess hardwar e-addr ess type global confi guration command. T o remo ve all nonstatic ent ries from the ARP cache, use the clear arp-cac ...

  • Cisco Systems 3560X - page 1012

    42-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring IP Addressing Enable Proxy ARP By default, t he switch uses proxy ARP to help host s learn MA C addresses of h osts on other netw orks or subnets. Beginning in pri vileged EXEC mode, foll ow th ese steps to enable p ...

  • Cisco Systems 3560X - page 1013

    42-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Config uring IP Addressing Beginning in priv ileged EXEC mode, foll ow these steps to define a def ault gate way (router) when IP routing is disab led: Use the no ip d efault-gateway global configuration comm and to disable t ...

  • Cisco Systems 3560X - page 1014

    42-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring IP Addressing If you change the maxadv ertinterval valu e , t he holdtime and minadvertinter val v alues also change, so it is imp ortant to first change the maxadvertinterv al v alue, before manually changing eith ...

  • Cisco Systems 3560X - page 1015

    42-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Config uring IP Addressing Enabling Directed Broadcast-to-P hysical Broadcast Translation By default, IP directed broadcasts are dropped; they are no t forwarded. Dropping IP-directed broadcasts makes routers less susceptible ...

  • Cisco Systems 3560X - page 1016

    42-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring IP Addressing Forwarding UDP Broadcast Packets and Protocols User Datagram Protocol (UDP) is an IP host -to-host layer protocol, as is TCP . UDP prov ides a lo w-ov erhead, connectionl ess session between tw o end s ...

  • Cisco Systems 3560X - page 1017

    42-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Config uring IP Addressing Establishing an IP Broadcast Address The most popular IP broadcast address (and the de f ault) is an addres s consisting of all ones (255.255.255.25 5). How ev er , the switch can b e configur ed to ...

  • Cisco Systems 3560X - page 1018

    42-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring IP Addressing Beginning in pri vileged EXEC mode, foll ow th ese st eps to use the bridging sp anning-tree databa se to flood UDP datagrams: Use the no ip f orward- protocol spanning-tr ee global configuration comma ...

  • Cisco Systems 3560X - page 1019

    42-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Enabling IP Unicast Routing Enabling IP Unicast Routing By default, th e switch is in Layer 2 switchin g mo de and IP routing is di sabled. T o use the Layer 3 capabilities of the switch , you must enable IP routing. Beginning ...

  • Cisco Systems 3560X - page 1020

    42-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring RIP This exampl e sho ws how to enable IP routing using RIP as the routing prot ocol: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# ip routing Switch(config) ...

  • Cisco Systems 3560X - page 1021

    42-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuri ng RIP Default RIP Configuration Configuring Basic RIP Parameters Note T o configu re RIP , you enable RIP routing for a network and optionally conf igure other parameters. On the Catalyst 3750-X and 3560-X switches, ...

  • Cisco Systems 3560X - page 1022

    42-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring RIP Step 4 network network number Associate a net work with a RIP ro uting process. Y ou can sp ecify multiple network commands. RIP routing updates are sent and recei ved th rough interfaces onl y on these networks ...

  • Cisco Systems 3560X - page 1023

    42-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuri ng RIP T o turn of f the RIP rout ing process, use the no router ri p global confi guration command. T o display the parameters and curren t state of the activ e routing protocol process, use the sho w ip proto cols ...

  • Cisco Systems 3560X - page 1024

    42-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring RIP If you want to conf igure an interf ace running RIP to advertise a summar ized local IP address p ool on a network access server for dial-up clients, use the ip summary-address rip interface configuration comman ...

  • Cisco Systems 3560X - page 1025

    42-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring OSPF Configuring Split Horizon Routers connected to broadcast-ty pe IP networks and using distance-v e ctor rout ing protocols nor mally use the split-horizo n mechanism to reduce the p ossibility of routing loops. ...

  • Cisco Systems 3560X - page 1026

    42-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring OSPF • Plain te xt and MD5 authenticat ion among neighborin g routers within an area is suppor ted. • Config urable routing interf ace parameters include interface output cost, retransmission interval, interface ...

  • Cisco Systems 3560X - page 1027

    42-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring OSPF Default OSPF Configuration Ta b l e 42-5 Def ault OSPF Configur ation Feature Default Setting Interface paramete rs Cost: No default cost predef ined. Retransmit interv al: 5 seconds. T ransmit delay: 1 second ...

  • Cisco Systems 3560X - page 1028

    42-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring OSPF OSPF Nonstop Forwarding The switch or switch stack supports tw o le vels of n onstop forwarding (NSF) : • OSPF NSF A wareness, page 42-28 • OSPF NSF Capability , page 42-28 OSPF NSF Awareness The IP-service ...

  • Cisco Systems 3560X - page 1029

    42-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring OSPF When the neighbor relationshi ps are reestablished, the NSF-capable stack master resynchronizes its database with its NS F-aware neig hbors, and routing inf ormation is e xchanged between the OSPF neighbors. T ...

  • Cisco Systems 3560X - page 1030

    42-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring OSPF Configuring OSPF Interfaces Y ou can use the ip ospf interface conf iguration commands to modify interf ace-specif ic OSPF parameters. Y ou are not requir ed to modify an y of th ese parameters, b ut some inter ...

  • Cisco Systems 3560X - page 1031

    42-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring OSPF Use the no form of these commands to remo ve the conf igured parameter value or return to the default val ue . Configuring OSPF Area Parameters Y ou can optionally conf igure sev eral OSPF area parameters. Th ...

  • Cisco Systems 3560X - page 1032

    42-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring OSPF Use the no form of these commands to remo ve the conf igured parameter value or to return to t he default val ue . Configuring Other OSPF Parameters Y ou can optionally conf igure other OSPF pa rameters in rout ...

  • Cisco Systems 3560X - page 1033

    42-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring OSPF • Administrati ve distance i s a rating of the trustw orthiness of a routing inform ation source, an inte ger between 0 and 255, with a higher v alue meaning a lo wer trust rating. An administrat iv e distan ...

  • Cisco Systems 3560X - page 1034

    42-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring OSPF Changing LSA Group Pacing The OSPF LSA group pacing feature allo ws the rout er to group OSPF LSAs and pace the refreshing, check-summing, and aging functions for more ef ficien t router use. This feature is en ...

  • Cisco Systems 3560X - page 1035

    42-35 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring EIGRP Use the no interface loopback 0 global configuratio n command to disable the loopback interface. Monitoring OSPF Y ou can displa y specif ic statis tics such as the conten ts of IP routing t ables, caches , a ...

  • Cisco Systems 3560X - page 1036

    42-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring EIGRP IP EIGRP pro vides increased network w idth. W ith RIP , the largest possible wi dth of your netwo rk is 15 hops. Because the EIGRP metric is larg e enough to su pport thousands of hops, the onl y barrier to e ...

  • Cisco Systems 3560X - page 1037

    42-37 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring EIGRP These sections contain this configu ration informatio n: • Default EIGRP Conf iguration, page 42-37 • Config uring Basic EIGRP Parameters, page 42 -39 • Config uring EIGRP Interf aces, page 42-40 • Co ...

  • Cisco Systems 3560X - page 1038

    42-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring EIGRP T o create an EIGR P routing process, you m ust enable EIGRP and assoc iate networks. EIGRP sends updates to the interfaces in the specif ied networks. If you d o not specify an interface netw ork, it is not a ...

  • Cisco Systems 3560X - page 1039

    42-39 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring EIGRP EIGRP NSF Capability The IP-services feature se t also supports EIGRP NSF- capable routing for IPv4 for better con vergence and lo wer traf fic loss fol lowing a stack master ch ange. Wh en an EIGRP NSF-ca pa ...

  • Cisco Systems 3560X - page 1040

    42-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring EIGRP Use the no forms of these commands to disable the feature or retu rn the setting to the defa ult v alue. Configuring EIGRP Interfaces Other optional EI GRP parameters can be conf igured on an interface basis. ...

  • Cisco Systems 3560X - page 1041

    42-41 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring EIGRP Use the no forms of these commands to disable the feature or retur n the setting to the defa ult v alue. Configuring EIGRP Route Authentication EIGRP route authenticat ion prov ides MD5 authentication of rout ...

  • Cisco Systems 3560X - page 1042

    42-42 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring EIGRP Use the no forms of these commands to disable the featur e or to return the setting to the default valu e. EIGRP Stub Routing The EIGRP stub routing feature, av ailable in all fe ature sets, reduces resource u ...

  • Cisco Systems 3560X - page 1043

    42-43 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP Figur e 42-4 EIGRP Stub Router Configuration For more info rmation about EIGRP stub routing , see “Con figuring EIGRP Stub Ro uting” section of the Cisco IOS IP Conf igurati on Guide, V olume 2 of 3: Routi ...

  • Cisco Systems 3560X - page 1044

    42-44 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP For detai ls about BGP commands and ke ywords, see the “IP Routing P rotocols” part of the Cisco IOS IP Command Refer ence, V olume 2 of 3: Routing Pr otocols, Release 12.2 . For a list of BGP comman ds that ...

  • Cisco Systems 3560X - page 1045

    42-45 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP In BGP , each route consists of a netwo rk number , a list of autonomous systems that information has passed through (th e autonomou s system path ), and a list of other path attributes . The primary function ...

  • Cisco Systems 3560X - page 1046

    42-46 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP Ta b l e 42-9 Def ault BGP Configur ation Feature Default Setting Aggreg ate address Disabled: None defi ned. AS path access lis t Non e defined. Auto summary Enabled. Best path • The router considers as-path ...

  • Cisco Systems 3560X - page 1047

    42-47 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP Nonstop Forwarding Awareness The BGP NSF A wareness feature is su pported for IPv4 in the IP services feature set. T o enable this feature with BGP routing, you need to enable Gr aceful Restart. When the neigh ...

  • Cisco Systems 3560X - page 1048

    42-48 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP neighboring r outer during the i nterv al between the pr imary Route Processor (RP) i n a router f ailing and the backup RP taking ov er , or while the primary RP is manuall y reloaded for a nond isrupti ve soft ...

  • Cisco Systems 3560X - page 1049

    42-49 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP Use the no router bgp autonomous-system global conf iguration command to remo ve a BGP AS. Use the no network network-number ro uter configuration comma nd to remove the network from the BG P table. Use the no ...

  • Cisco Systems 3560X - page 1050

    42-50 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP Router B: Switch(config)# router bgp 200 Switch(config-router)# neighbor 1 29.213.1.2 remote-as 100 Switch(config-router)# neighbor 1 75.220.1.2 remote-as 200 Router C: Switch(config)# router bgp 200 Switch(conf ...

  • Cisco Systems 3560X - page 1051

    42-51 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP establish a TCP se ssion. A soft rese t allo ws the dyna mic exchange of route refre sh requests and routing information betw een BGP routers and the subsequ ent re-advertisement of t he respectiv e outbound r ...

  • Cisco Systems 3560X - page 1052

    42-52 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP Configuring BGP Decision Attributes When a BGP speaker receiv es updates from multiple au tonomous systems that de scribe dif ferent paths to the same destination, it must choose the single be st path for reachi ...

  • Cisco Systems 3560X - page 1053

    42-53 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP Beginning in pri vileged EXEC mode, follow these steps to conf igure some decision attrib utes: Command Purpose Step 1 conf igure terminal Enter global conf iguration mode. Step 2 router bgp autonomous-system ...

  • Cisco Systems 3560X - page 1054

    42-54 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP Use the no form of each command to return to the default state. Configuring BGP Filtering with Route Maps W ithin BGP , route maps can be used to control and to modify rout ing information an d to def ine the co ...

  • Cisco Systems 3560X - page 1055

    42-55 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP path, comm unity , and network numbers. Autono mous system pa th matching requires the match as-path access-lis t route-map command, community based matching requires the match community-list route-map command ...

  • Cisco Systems 3560X - page 1056

    42-56 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP Configuring Prefix Lists for BGP Filtering Y ou can use prefix lists as an alterna tiv e to acce ss lists in man y BG P route f iltering commands, including the neighbor distribute-list router conf iguration com ...

  • Cisco Systems 3560X - page 1057

    42-57 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP sequence number command; to reenable automatic generati on, use the ip pr efi x-list sequence number command. T o clear the hit-count ta bl e of p refix list entries, use th e clear ip prefix-list pri vileged ...

  • Cisco Systems 3560X - page 1058

    42-58 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP Configuring BGP Neighbors and Peer Groups Often many BGP n eighbors are conf igured with the same update policies (that is, th e same outbound route maps, distrib ute lists, fi lter lists, update source, and so ...

  • Cisco Systems 3560X - page 1059

    42-59 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP Step 7 neighbor { ip-addr ess | peer -gr oup-name } default-originate [ r oute-map map-name ] (Optional) Allo w a BGP speaker (the local router) to send the default route 0.0 .0.0 to a neighbor for use as a de ...

  • Cisco Systems 3560X - page 1060

    42-60 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP T o disable an e xisting BGP neighbor or neighbo r peer group, use the neighbor shutdown router confi guration command. T o enable a previ ously existi ng neighbo r or neighbor peer group that had been disabled, ...

  • Cisco Systems 3560X - page 1061

    42-61 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP T o delete an aggregate entry , use the no aggregate-addr ess address mask router config uration command. T o return options to the def ault values, use the command with ke ywords. Configuring Routing Domain C ...

  • Cisco Systems 3560X - page 1062

    42-62 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP When the route reflector receives an adv ertised route, it t akes one of these act ions, depending on the neighbor: • A route from an external BGP speaker is adve rtised t o all clients and nonclient peers. ? ...

  • Cisco Systems 3560X - page 1063

    42-63 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP Beginni ng in pri vileged EXEC mod e, use these commands to config ure BGP route dampening: T o disable flap dampenin g, use the no bgp dampeni ng router co nfigu ration command without key words. T o set damp ...

  • Cisco Systems 3560X - page 1064

    42-64 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring ISO CLNS Routing Y ou can also enable the logg ing of messages generate d when a BGP neighbor resets, comes up, or go es down b y using th e bgp log-neighbor changes rou ter configurati on command. Configuring ISO C ...

  • Cisco Systems 3560X - page 1065

    42-65 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring ISO CLNS Routing When dynamically routing, y ou use IS-IS. This routin g protocol supports th e concept of ar eas . Wi thin an area, all rou ters kno w ho w to reach all the system IDs. Be tween areas, rout ers kno ...

  • Cisco Systems 3560X - page 1066

    42-66 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring ISO CLNS Routing These sections briefly describes ho w to configure IS-IS ro uting. • Default IS-I S Confi guration, page 42-66 • Enabling IS-IS Routi ng, page 42-67 • Config uring IS-IS Global Parameters, pag ...

  • Cisco Systems 3560X - page 1067

    42-67 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring ISO CLNS Routing Nonstop Forwarding Awareness The integrated IS-IS NSF A wareness feature is supported for IPv4 , beginning with Cisco IOS Release 12.2(25)SEG. The fe ature allo ws customer premises equipment (C PE ...

  • Cisco Systems 3560X - page 1068

    42-68 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring ISO CLNS Routing T o disable IS-IS routing, use the no r outer isis ar ea-tag router co nfigu ration command. This ex ample sho ws how to conf igure three routers to run co n ventional IS-IS as an IP routing prot oc ...

  • Cisco Systems 3560X - page 1069

    42-69 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring ISO CLNS Routing Configuring IS-IS Global Parameters These are so me optional IS-IS globa l parameters that you can conf igure: • Y ou can force a default route into an IS- IS routing domain b y configuring a de ...

  • Cisco Systems 3560X - page 1070

    42-70 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring ISO CLNS Routing Step 9 set- overlo ad-b it [ on-startup { seconds | wait-for -bgp }] (Optional) Set an ov e rload bit (a hi ppity bit) to allo w other routers to ig nore the router in their shortest path f irst (SP ...

  • Cisco Systems 3560X - page 1071

    42-71 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring ISO CLNS Routing T o disable default r oute generatio n, use the no default-inf ormation originate router configuration command. Use the no area-password or no domain-passw ord router conf iguration command to disa ...

  • Cisco Systems 3560X - page 1072

    42-72 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring ISO CLNS Routing frequently and IS-IS adjacencies are f ailing unnecessarily . Y ou can raise the hello multiplier and lo wer the hello interv al correspondingly to make th e hell o protocol more rel iable without i ...

  • Cisco Systems 3560X - page 1073

    42-73 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring ISO CLNS Routing T o return to the default setti ngs, use the no forms of the commands. Monitoring and Maintaining ISO IGRP and IS-IS Y ou can remov e all co ntents of a CLNS cach e or remov e information for a par ...

  • Cisco Systems 3560X - page 1074

    42-74 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Multi-VRF CE Configuring Multi-VRF CE V irtual Pri vate Netw orks (VPNs) provide a secure way for customers to share bandwidth over an ISP backbone netw ork. A VPN is a collection of sit es sharing a common r outing ...

  • Cisco Systems 3560X - page 1075

    42-75 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Multi-VRF CE Note The switch does not use Mul tiprotocol Label Switch ing (MPLS) to support VPNs. For information about MPLS VRF , see the Cisc o IOS Switching Se rvices Configuration Guid e, Release 12.2 . • Und ...

  • Cisco Systems 3560X - page 1076

    42-76 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Multi-VRF CE Figure 42-6 sho ws a configuratio n using Catalyst 3750-X or 3 560-X switches as multiple virtual CEs. This scenario is su ited fo r customers who h a ve lo w bandwidth re quirements for their VPN servi ...

  • Cisco Systems 3560X - page 1077

    42-77 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Multi-VRF CE T o configure VRF , you create a VRF table and specif y the Layer 3 interface assoc iated with the VRF . Then confi gure the routing protocols in the VPN an d between the CE and the PE. BGP is the pref ...

  • Cisco Systems 3560X - page 1078

    42-78 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Multi-VRF CE • A customer can use multiple VLA Ns as long as they do not ov erlap with those of other customers. A customer’ s VLANs are mapped to a specific rou ting table ID that is used to identify the approp ...

  • Cisco Systems 3560X - page 1079

    42-79 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Multi-VRF CE Use the no ip vrf vrf-name global configuration command to dele te a VRF an d to remove all interf aces from it. Use the no ip vrf forwarding interf ace configuration command to remov e an inte rface f ...

  • Cisco Systems 3560X - page 1080

    42-80 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Multi-VRF CE User Interface for PING Beginning in pri vilege d EXEC mode, follo w these steps to conf igure VRF-aware services for p ing. For complete syntax and usage i nformation for the co mmands, refer to the sw ...

  • Cisco Systems 3560X - page 1081

    42-81 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Multi-VRF CE User Interface for uRPF uRPF can be co nfigured on an interf ace assigned to a VRF , and source lookup is done in the VRF table. Beginning in p rivile ged EXEC mode, follo w these steps t o configur e ...

  • Cisco Systems 3560X - page 1082

    42-82 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Multi-VRF CE User Interface for Traceroute Beginni ng in pri vileged EXEC mode, follo w these step s to conf igure VRF-aware services for tr aceroute. For complete syntax and usage information for t he commands, ref ...

  • Cisco Systems 3560X - page 1083

    42-83 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Multi-VRF CE Configuring Multicast VRFs Beginni ng in priv ileged EXEC mod e, follo w these steps to conf igure a mul ticast within a VRF table. For complete syntax and usage i nformation for the comma nds, see the ...

  • Cisco Systems 3560X - page 1084

    42-84 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Multi-VRF CE Beginning in pri vileged EXEC mode, follo w these steps to configure OSPF in the VPN: Use the no r outer ospf pr ocess-id vrf vrf-name global configurati on command to disassociate the VPN forwarding ta ...

  • Cisco Systems 3560X - page 1085

    42-85 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Multi-VRF CE Multi-VRF CE Configuration Example Figure 42-7 is a simplif ied example of the physical connections in a netw ork similar to that in Figure 42-6 . OSPF is the protocol used in VPN1, VPN2, and the globa ...

  • Cisco Systems 3560X - page 1086

    42-86 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Multi-VRF CE Config ure the loopback and ph ysical interf aces on Switch A. Gigabit Ethernet port 1 is a trun k connection to the PE. Gig abit Ethernet ports 8 and 11 connect to VPNs: Switch(config)# interface loopb ...

  • Cisco Systems 3560X - page 1087

    42-87 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Multi-VRF CE Config ure BGP for CE to PE routing. Switch(config)# router bgp 800 Switch(config-router)# address-fam ily ipv4 vrf vl2 Switch(config-router-af)# redistri bute ospf 2 match internal Switch(config-route ...

  • Cisco Systems 3560X - page 1088

    42-88 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Multi-VRF CE Router(config-vrf)# rd 100:1 Router(config-vrf)# route-target export 100:1 Router(config-vrf)# route-target import 100:1 Router(config-vrf)# exit Router(config)# ip vrf v2 Router(config-vrf)# rd 100:2 R ...

  • Cisco Systems 3560X - page 1089

    42-89 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Unicast Re verse Path Forwarding For more inf ormation about the informat ion in the displays, see the Cisco IOS Switc hing Services Command Refer ence, Release 12.2 . Configuring Unicast Reverse Path Forwarding Th ...

  • Cisco Systems 3560X - page 1090

    42-90 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Protoco l -Ind ependent Features more CPU processing po wer to be dedicated to pack et forwarding. In a switch stack, the hardw are uses distribu ted CEF (dCEF) in the stack. In dynamic netwo rks, fast switching cac ...

  • Cisco Systems 3560X - page 1091

    42-91 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Protocol-Independent Features Configuring the Number of Equal-Cost Routing Paths When a router has two or more rout es to the same network with the sa me metrics, th ese routes can be thought of as ha ving an equal ...

  • Cisco Systems 3560X - page 1092

    42-92 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Protoco l -Ind ependent Features Configuring Static Unicast Routes Static unicast routes are user-d efined routes that cause packet s moving between a source and a destination to take a specif i ed path . Static rou ...

  • Cisco Systems 3560X - page 1093

    42-93 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Protocol-Independent Features When an interface goes down, all static routes through that interface are remo ved from the IP routing table. When the soft ware can no longer fin d a v alid ne xt hop for the addr ess ...

  • Cisco Systems 3560X - page 1094

    42-94 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Protoco l -Ind ependent Features Y ou can also conditional ly control the redistrib ution of routes between routing d omains by def ining enhanced packet filters or route maps between the two d omains. The match and ...

  • Cisco Systems 3560X - page 1095

    42-95 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Protocol-Independent Features Step 3 match as-path path-list-numb er Match a BGP AS path access list. Step 4 match community-list community-list-number [ exact ] Match a BGP community list . Step 5 match ip address ...

  • Cisco Systems 3560X - page 1096

    42-96 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Protoco l -Ind ependent Features T o delete an entry , us e the no route-map ma p ta g global conf iguration command or the no match or no set route-map conf iguration commands. Y ou can distrib u te routes from on ...

  • Cisco Systems 3560X - page 1097

    42-97 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Protocol-Independent Features T o disable redistrib u tion, use the no form of the commands. The metrics of one r outing protocol do no t necessarily translate into the metrics of another . For ex ample, t he RIP m ...

  • Cisco Systems 3560X - page 1098

    42-98 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Protoco l -Ind ependent Features If match clauses are satisfied, you can use a set clause to specify the IP addresses identifying the ne xt hop router in t he path. For details about PBR commands and ke ywords, see ...

  • Cisco Systems 3560X - page 1099

    42-99 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Protocol-Independent Features • The switch support s QoS DSCP and IP precede nce matching in PBR route ma ps, with these limitation s: – Y ou cannot apply Qo S DSCP mutation maps and PBR r oute maps to the same ...

  • Cisco Systems 3560X - page 1100

    42-100 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Protoco l -Ind ependent Features Use the no route-map map-ta g global conf iguration command or the no match or no set route-map confi guration commands to de lete an entry . Use the no ip policy route-map map-tag ...

  • Cisco Systems 3560X - page 1101

    42-101 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Protocol-Independent Features Note When routes are redistribute d between OSPF processes, no OSPF metrics are preserv e d. Setting Passive Interfaces T o prev ent other routers on a local network fr om dynamically ...

  • Cisco Systems 3560X - page 1102

    42-102 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Protoco l -Ind ependent Features Beginning in pri vileged EXEC mode, foll ow th ese steps to control the adve rtising or processi ng of routing upd ates: Use the no dist ribute-li st in router co nfigu ration comma ...

  • Cisco Systems 3560X - page 1103

    42-103 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Protocol-Independent Features T o remove a distance def inition, use the no distance router configuration command. Managing Authentication Keys K ey management is a method of controlling auth entication k eys used ...

  • Cisco Systems 3560X - page 1104

    42-104 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Monitoring and Main ta ining the IP Network T o remove the k ey chain, use the no key chain name-of- chain global conf iguration command. Monitoring and Maintaining the IP Network Y ou can remove all contents of a particular c ...

  • Cisco Systems 3560X - page 1105

    CH A P T E R 43-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 43 Configuring IPv6 Unicast Routing This chapter describes h ow to config ure IPv6 unicast rou ting on the Cataly st 3750-X or 3560 -X switch. For info rmation about conf iguring IPv4 un icast routing, see Chapte r 42, “Conf iguring IP Unic ast Routing. ? ...

  • Cisco Systems 3560X - page 1106

    43-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Understanding IPv6 For information about IPv6 and ot her features in this ch apter • See the Cisco IOS IPv6 Conf igurati on Library at this URL: http://www .cisco.com/en/US/ docs/ios/ipv6/conf iguration/guide/12_4t/ipv6_12 ...

  • Cisco Systems 3560X - page 1107

    43-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Understanding IPv6 Supported IPv6 Unicast Routing Features These sections describe the IPv6 prot ocol features supported b y the switch: • 128-Bit W ide Unicast Addresses, page 43-3 • DNS for IPv6, page 43-4 • Path MTU D ...

  • Cisco Systems 3560X - page 1108

    43-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Understanding IPv6 process. Nodes on a local link use link-local addre sses and do not require globally unique ad dresses to communicate. IPv6 rout ers do not forw ard packets with link-local source or destination addresses ...

  • Cisco Systems 3560X - page 1109

    43-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Understanding IPv6 reachability is unknown or suspect. For reachable or probably reachable routers, NDP can either select the same router e very time or c ycle through the router list. By using DRP , you can conf igure an IPv6 ...

  • Cisco Systems 3560X - page 1110

    43-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Understanding IPv6 Figur e 43-1 Dual IPv4 and IPv6 Support on an Interf ace Use the dual IPv4 and IPv6 switch database manageme nt (SDM) templ ate to enable IPv6 rout ing dual stack en vironments (supporting both IPv4 and IP ...

  • Cisco Systems 3560X - page 1111

    43-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Understanding IPv6 For more in formation about stat ic routes, see the “Implementing Stati c Routes for IPv6” chapter in the Cisco IOS IPv6 Confi guration Library on Cisco.com. RIP for IPv6 Routing Information Protocol (RI ...

  • Cisco Systems 3560X - page 1112

    43-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Understanding IPv6 SNMP and syslog over IPv6 pro vide these features: • Support for both IPv4 and IPv6 • IPv6 transport fo r SNMP and to modify the SNMP ag ent to support traps for an IPv 6 host • SNMP- and syslog-rel ...

  • Cisco Systems 3560X - page 1113

    43-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Understanding IPv6 • The switch as a tunnel endpoint su pporting IPv4-to-IPv6 or IPv6-to-IPv4 tunnelin g protocols • IPv6 unicast re verse-path f orwarding • IPv6 genera l prefix es Limitations Because IPv6 is implemente ...

  • Cisco Systems 3560X - page 1114

    43-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 If a ne w switch becomes the stack master , it reco mputes the IPv6 routing tables and distrib utes them to the member switches. While the ne w stack master is be ing elected and is resettin g, the sw itch ...

  • Cisco Systems 3560X - page 1115

    43-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Configuring IPv6 Default IPv6 Configuration Configuring IPv6 Addressing and Enabling IPv6 Routing This section descri bes ho w to assign IPv6 addresses to indi vidual Layer 3 interfaces and to globally forward IPv6 traf fic o ...

  • Cisco Systems 3560X - page 1116

    43-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Beginning in p rivile ged EXEC mo de, follow these step s to assign an I Pv6 address to a Layer 3 interface and enable IPv6 routin g: T o remove an IPv6 address from an inte rface, use the no ipv6 addr ess ...

  • Cisco Systems 3560X - page 1117

    43-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Configuring IPv6 without ar guments. T o disable IPv6 processing on an interf ace that has not been explicitly con figur ed with an IPv6 address, use the no ipv6 enable interface co nfigu ration command. T o globally disable ...

  • Cisco Systems 3560X - page 1118

    43-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Use the no ipv6 nd router -prefer ence interface conf iguration command to disabl e an IPv6 DRP . This exampl e sho ws how to conf igure a DRP of hi gh for the router on an interf ace. Switch# configure ter ...

  • Cisco Systems 3560X - page 1119

    43-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Configuring IPv6 T o disable IPv4 routing, use the no ip routing global conf iguration command. T o disable IPv6 routing, use the no ipv6 unicast-routing g lobal conf iguration command. T o re move an IPv4 address from an int ...

  • Cisco Systems 3560X - page 1120

    43-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Enabling DHCPv6 Server Function Beginning in pri vileged EXEC mode, foll ow th ese st eps to enable the DHCPv6 serv er function on an interface. Command Purpose Step 1 conf igure terminal Enter global confi ...

  • Cisco Systems 3560X - page 1121

    43-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Configuring IPv6 T o delete a DH CPv6 pool, use the no ipv6 dhcp pool poolname global con f iguration c ommand. Use th e no form of the DH CP pool configuratio n mode comma nds to change the DHCPv6 pool characteristics. T o d ...

  • Cisco Systems 3560X - page 1122

    43-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 This example sho ws how to conf igure a pool ca lled 350 with vendor-specific options: Switch# configure terminal Switch(config)# ipv6 dhcp pool 35 0 Switch(config-dhcpv6)# address pr efix 2001:1005::0/48 S ...

  • Cisco Systems 3560X - page 1123

    43-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Configuring IPv6 Configuring IPv6 ICMP Rate Limiting ICMP rate limitin g is enabled by d efault with a d efault interv al between error messages of 100 milliseconds and a bucket size (maximum number of tokens to be stored in ...

  • Cisco Systems 3560X - page 1124

    43-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Configuring Static Routing for IPv6 Before conf iguring a static IPv6 route, you must enable routing by u sing the ip routing global confi guration command, en able the forward ing of IPv6 pack ets by usin ...

  • Cisco Systems 3560X - page 1125

    43-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Configuring IPv6 T o remove a conf igured static route, use the no ipv6 route ipv6-pr ef ix/pr efix length { ipv6-addr ess | interface- id [ ipv6-address ]} [ administrative distance ] global confi guration command. This exam ...

  • Cisco Systems 3560X - page 1126

    43-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 T o disable a RIP routing process, use the no ipv6 r outer rip name global conf iguration command. T o disable the RIP rou ting proce ss for an interface, use the no ipv6 rip name interf ace conf iguration ...

  • Cisco Systems 3560X - page 1127

    43-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Configuring IPv6 Beginning in pri vileged EXEC mode, follo w these required and optional step s to conf igure IPv6 OSPF: Command Purpose Step 1 configur e terminal Enter global co nfiguration mode. Step 2 ipv6 router ospf pr ...

  • Cisco Systems 3560X - page 1128

    43-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 T o disable an OSPF routing process, use the no ipv6 r outer ospf pr oc ess-id glob al configuration command. T o disable the OSPF routing process for an interf ace, use the no ipv6 ospf pr ocess-id area ar ...

  • Cisco Systems 3560X - page 1129

    43-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Configuring IPv6 Enabling HSRP Version 2 Beginni ng in pri vileged EXEC mo de, follo w these steps to enable HSRP ve rsion 2 on a Lay er 3 interface. Enabling an HSRP Group for IPv6 Beginning in p rivile ged EXEC mode, follo ...

  • Cisco Systems 3560X - page 1130

    43-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Use the no standby [ gr oup-number ] ipv6 interface conf iguration command to disable HSRP for IPv6. This exampl e sho ws how to acti v ate HSRP for IPv6 for group 1 on a port. The IP address used by the h ...

  • Cisco Systems 3560X - page 1131

    43-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Displaying IPv6 Displaying IPv6 For complete syntax and usage in formation on these commands, see the Cisco IOS command reference publications. Ta b l e 43-2 Commands f or Monito r ing IPv6 Command Purpose show ipv6 access-li ...

  • Cisco Systems 3560X - page 1132

    43-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Displaying IPv6 This is an example of the output from the show ipv6 interface pri vileged EXEC command: Switch# show ipv6 interface Vlan1 is up, line protocol is up IPv6 is enabled, link-local address is FE80::20B:46FF:FE2F ...

  • Cisco Systems 3560X - page 1133

    CH A P T E R 44-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 44 Configuring HSRP This chapter describes h ow to u se Hot Standby Router Protocol (HSRP) on the Catalyst 3750-X or 3560-X switch to pro vide routing r edundancy for r outing IP traf fic withou t being dependent on the a v ailability of an y single router ...

  • Cisco Systems 3560X - page 1134

    44-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Understanding HSRP Note Routers in an HSRP group can be an y router interface t hat supports HSRP , including Catalyst 3750-X or 3560-X routed ports and switch virtual in terfaces (SVIs). Ro uter interfaces are not sup ported when the switch ...

  • Cisco Systems 3560X - page 1135

    44-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Understanding HSRP Figur e 44-1 T ypical HSRP Configuration HSRP Versions The switch supports these HSRP versions: • HSRPv1—V ersion 1 of the H SRP , the default v ersion of HSRP . It has these features: – The HSRP group number can be f ...

  • Cisco Systems 3560X - page 1136

    44-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Understanding HSRP HSRPv2 has a different pack et format th an HSRPv1. A HSR Pv2 packet uses the type-length-v alue (TL V) format and has a 6-byte iden tifier f ield with the MA C address of the physical router that sent the packet. If an int ...

  • Cisco Systems 3560X - page 1137

    44-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Configuring HSRP HSRP and Switch Stacks HSRP hello messages are generated b y the stack master . If an HSRP-activ e stack ma ster fails, a flap in the HSRP acti ve state might occur . This is becau s e HSRP hello messages are not generated wh ...

  • Cisco Systems 3560X - page 1138

    44-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Configuring HSRP HSRP Configuration Guidelines • HSRPv2 and HSRPv1 are mutuall y exclusi ve. HSRPv2 is not interoperable wi th HSRPv1 on an interface and the re verse. • In the procedures, the specified interface mu st be one of these Lay ...

  • Cisco Systems 3560X - page 1139

    44-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Configuring HSRP Beginni ng in pri vilege d EXEC mode, follo w these steps to create or enable HSRP on a Lay e r 3 in terface: Use the no standby [ gr oup-number ] ip [ ip-addr ess ] interface conf iguration command to disable HSRP . This exa ...

  • Cisco Systems 3560X - page 1140

    44-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Configuring HSRP Configuring HSRP Priority The standby priority , standby pr eempt , and standby track in terface conf iguration commands ar e all used to set characteristics for f inding acti ve and stan dby router s and beha vior reg arding ...

  • Cisco Systems 3560X - page 1141

    44-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Configuring HSRP Use the no standby [ gr oup-number ] priority priority [ preempt [ delay delay ]] and no standby [ gr oup-number ] [ priority priority ] preempt [ delay delay ] interface conf iguration commands to restore default pri ority , ...

  • Cisco Systems 3560X - page 1142

    44-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Configuring HSRP This example acti vates a port, sets an IP address an d a pri ority of 120 (higher than t he default v alue), and waits for 30 0 seconds (5 minutes) before at tempting to become the acti ve router: Switch# configure terminal ...

  • Cisco Systems 3560X - page 1143

    44-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Configuring HSRP When configuring these attrib ut es, follow these guidelines: • The authentication strin g is sent unencrypt ed in all HSRP messages. Y ou must configure the same authentication string on all r outers and access serv ers o ...

  • Cisco Systems 3560X - page 1144

    44-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Configuring HSRP This exampl e sho ws how to set the timers on standb y group 1 with the time between hello pack ets at 5 seconds and the t ime after which a router is consider ed do wn to be 15 seconds: Switch# configure terminal Switch(con ...

  • Cisco Systems 3560X - page 1145

    44-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Displaying HSRP Configurations Troubleshooting HSRP for Mixed Stacks of Catalyst 3750-X, 3750-E and 3750 Switches If one of the situations in Ta b l e 44-2 occurs, this message appears: %FHRP group not consistent with already configured grou ...

  • Cisco Systems 3560X - page 1146

    44-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Displaying HSRP Configurati ons ...

  • Cisco Systems 3560X - page 1147

    CH A P T E R 45-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 45 Configuring Cisco IOS IP SLAs Operations This chapter describes ho w to use Cisco IOS IP Se rvice Le vel Agreements (SLAs) o n the Catalyst 3750-X or 3560- X switch. Cisco IP SLAs is a part of Ci sc o IOS software that allo ws Cisco customers to analyze ...

  • Cisco Systems 3560X - page 1148

    45-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Config uring Cisco IO S IP SLAs O p e rations Understanding Cisco IOS IP SLAs Depending on the specif ic Cisco IOS IP SLAs oper ation, vari ous networ k pe rformance statistics are monitored within the Cisc o de vice and stored in both command-l ine inte rfac ...

  • Cisco Systems 3560X - page 1149

    45-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Configuring Cisco IOS IP SLAs Ope rations Understand ing Cisco IOS IP SLAs Using Cisco IOS IP SLAs to Measure Network Performance Y ou can use IP SLAs to mon itor the performance be tween any area in the netw ork—core, distrib ution, and edge—wit hout dep ...

  • Cisco Systems 3560X - page 1150

    45-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Config uring Cisco IO S IP SLAs O p e rations Understanding Cisco IOS IP SLAs IP SLAs Responder and IP SLAs Control Protocol The IP SLAs res ponder is a componen t embedded in the destination Ci sco de vice that allo ws the system to anticipate and resp ond t ...

  • Cisco Systems 3560X - page 1151

    45-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Configuring Cisco IOS IP SLAs Ope rations Understand ing Cisco IOS IP SLAs Figur e 45-2 Cisco IOS IP SLAs Responder Time Stamping An additional benef it of the two time stamp s at the ta rget devi ce is the ability to track one-way delay , jitter , and direct ...

  • Cisco Systems 3560X - page 1152

    45-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Config uring Cisco IO S IP SLAs O p e rations Configuring IP SLAs Operations An IP SLAs threshold vi olation can also trigger another IP SLAs op eration for further analysis. F o r exam ple, the frequenc y could be in cr eased or an ICMP path echo or I C MP p ...

  • Cisco Systems 3560X - page 1153

    45-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Configuring Cisco IOS IP SLAs Ope rations Configuring IP SLAs Opera tions Before configuring any IP SLAs application, you can use the show ip sla application pri vileged EX EC command to veri fy that the operation typ e is supported on you r software imag e. ...

  • Cisco Systems 3560X - page 1154

    45-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Config uring Cisco IO S IP SLAs O p e rations Configuring IP SLAs Operations T o disable the IP SLAs responder , enter the no ip sla responder global conf iguration command. This example shows ho w to confi gure the de vice as a responder for the UD P jitter ...

  • Cisco Systems 3560X - page 1155

    45-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Configuring Cisco IOS IP SLAs Ope rations Configuring IP SLAs Opera tions Beginni ng in p rivile ged EXEC mod e, follow these steps to co nfigure UDP jitter operation o n the source device: Command Purpose Step 1 configur e terminal Enter global config uratio ...

  • Cisco Systems 3560X - page 1156

    45-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Config uring Cisco IO S IP SLAs O p e rations Configuring IP SLAs Operations T o di s ab l e t h e I P SL A s operation, ente r the no ip sla operation-number global configur ation command. This exampl e sho ws how to conf igure a UDP jitter IP SLAs operatio ...

  • Cisco Systems 3560X - page 1157

    45-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Configuring Cisco IOS IP SLAs Ope rations Configuring IP SLAs Opera tions Schedule: Operation frequency (seconds): 30 Next Scheduled Start Time: Pending trigger Group Scheduled : FALSE Randomly Scheduled : FALSE Life (seconds): 3600 Entry Ageout (seconds): n ...

  • Cisco Systems 3560X - page 1158

    45-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Config uring Cisco IO S IP SLAs O p e rations Configuring IP SLAs Operations T o disable the IP SLAs operation, enter th e no ip sla operation-number global config uration command. This exampl e sho ws how to conf igure an ICMP echo IP SLAs oper ation: Switc ...

  • Cisco Systems 3560X - page 1159

    45-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Configuring Cisco IOS IP SLAs Ope rations Monitoring IP SLAs Operations Next Scheduled Start Time: Pending trigger Group Scheduled : FALSE Randomly Scheduled : FALSE Life (seconds): 3600 Entry Ageout (seconds): never Recurring (Starting Everyday): FALSE Stat ...

  • Cisco Systems 3560X - page 1160

    45-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Config uring Cisco IO S IP SLAs O p e rations Monitoring IP SLAs Operations ...

  • Cisco Systems 3560X - page 1161

    CH A P T E R 46-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 46 Configuring Enhanced Object Tracking This chapter describe s ho w to configure enhanced object tracking on the Catalyst 3750-X or 3560-X switch. This feature pro vides a mo re complete alternati ve to t he Hot Standb y Routing Protocol ( HSRP) tracking m ...

  • Cisco Systems 3560X - page 1162

    46-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configur in g Enhanced Object Trackin g Configuring Enh anced Object Trac king Features Y ou can also track a combination of objects in a list by us ing either a weight th reshold or a percent age threshold to measure the state of the list. Y ou can combine o ...

  • Cisco Systems 3560X - page 1163

    46-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configuring Enhanced Object Trac king Configuring Enhanced Obje ct Tracking Features This example configures the tracki ng of an interface line-proto col st ate and verifi es the configuration: Switch(config)# track 33 interface gigabitethernet 1/0/1 line-pro ...

  • Cisco Systems 3560X - page 1164

    46-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configur in g Enhanced Object Trackin g Configuring Enh anced Object Trac king Features Configuring a Tracked List with a Boolean Expression Config uring a tracked list wi th a Boolean expressio n enables calcul ation by using either “ AND” or “OR” op ...

  • Cisco Systems 3560X - page 1165

    46-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configuring Enhanced Object Trac king Configuring Enhanced Obje ct Tracking Features Configuring a Tracked List with a Weight Threshold T o track by weight threshold, configure a track ed list of objects, specify that weight is used as the threshold, and conf ...

  • Cisco Systems 3560X - page 1166

    46-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configur in g Enhanced Object Trackin g Configuring Enh anced Object Trac king Features Configuring a Tracked List with a Percentage Threshold T o track by percentage threshold, configure a tracked list of objects, specify th at a percentage will be used as t ...

  • Cisco Systems 3560X - page 1167

    46-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configuring Enhanced Object Trac king Configuring Enhanced Obje ct Tracking Features Configuring HSRP Object Tracking Beginni ng in pri vileged EXEC mode, follo w these steps to conf igure a standb y HSRP group to track an object and change the HSRP p rio rit ...

  • Cisco Systems 3560X - page 1168

    46-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configur in g Enhanced Object Trackin g Configuring Enh anced Object Trac king Features Configuring Other Tracking Characteristics Y ou can also use the enha nced object trac king for tracking ot her characteristics. • Y ou can track the reachability of an ...

  • Cisco Systems 3560X - page 1169

    46-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configuring Enhanced Object Trac king Configuring Enhanced Obje ct Tracking Features Object tracking of IP SLAs operati ons allow s client s to track the output fr om IP SLAs objects and use this information to tr igger an actio n. Every IP SLAs operation mai ...

  • Cisco Systems 3560X - page 1170

    46-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configur in g Enhanced Object Trackin g Configuring Enh anced Object Trac king Features This exampl e output sho ws wh ether a route is reachable: Switch(config)# track 3 500 reachability Switch(config)# end Switch# s how track 3 Track 3 Response Time Report ...

  • Cisco Systems 3560X - page 1171

    46-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configuring Enhanced Object Trac king Configuring Enhanced Obje ct Tracking Features Beginning in pri vileged EXEC mod e, follo w these steps to conf igure a primary interface for DHCP: Configuring a Cisco IP SLAs Monitoring Agent and Track Object Beginni ng ...

  • Cisco Systems 3560X - page 1172

    46-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configur in g Enhanced Object Trackin g Monitoring Enhanced Ob ject Tr ack ing Configuring a Routing Policy and Default Route Beginning in pri vileged EXEC mode, follo w these steps to configure a rout ing policy for backup stati c routing by usin g object t ...

  • Cisco Systems 3560X - page 1173

    46-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configuring Enhanced Object Trac king Monitoring Enhanced Object Tra cking show track resolution Display the resolution of track ed parameters. show track timers Display tracke d polling interv al timers. T able 46-1 Commands f o r D ispl ayi ng T rack in g ...

  • Cisco Systems 3560X - page 1174

    46-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configur in g Enhanced Object Trackin g Monitoring Enhanced Ob ject Tr ack ing ...

  • Cisco Systems 3560X - page 1175

    CH A P T E R 47-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 47 Configuring Web Cache Services By Using WCCP This chapter describe s ho w to configure your Catalyst 3750-X or 35 60-X switch to redirect traf fic to wide-area application en gines (such as the Cisco Cache Engine 55 0) by using th e W eb Cache Communicat ...

  • Cisco Systems 3560X - page 1176

    47-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cac he Services By Using WCCP Understanding WCCP Understanding WCCP The WCCP and Cisco cache engines (or other appl ication engines running WCCP) localize traff ic patterns in the net work, enabling content requests to be fulf illed locally . ...

  • Cisco Systems 3560X - page 1177

    47-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cache Services By Using WCCP Understanding WCCP WCCP Negotiation In the ex change of WCCP protocol messages, the designated appl ication engi ne and th e WCCP-enabled switch nego tiate these items: • Forward ing method (the method b y which ...

  • Cisco Systems 3560X - page 1178

    47-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cac he Services By Using WCCP Understanding WCCP Y ou can confi gure up to 8 service grou ps on a switch or switch stack and up to 32 cache engines per service group. WCCP maintains the pr iority of the se rvice group in th e group def inition ...

  • Cisco Systems 3560X - page 1179

    47-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cache Services By Using WCCP Configuring WCCP • It distrib utes the WCCP information to an y switch that joins the st ack. • It programs its hardw are with th e WCCP information it pr ocesses. Stack members recei ve the WCCP information fr ...

  • Cisco Systems 3560X - page 1180

    47-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cac he Services By Using WCCP Configuring WCCP • WCCP entries and PBR entries use the same TCAM re gion. WCCP is supported onl y on the templates that support PBR: access, routing, and dual IPv4/ v6 routing. • When TCAM entries are not av ...

  • Cisco Systems 3560X - page 1181

    47-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cache Services By Using WCCP Configuring WCCP Command Purpose Step 1 configur e terminal Enter global conf iguration mode. Step 2 ip wccp { web-cache | service-number } [ group-addr ess gr oupaddr ess ] [ group-li st access-list ] [ red ire c ...

  • Cisco Systems 3560X - page 1182

    47-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cac he Services By Using WCCP Configuring WCCP T o disable the web cache service, use the no ip wccp w eb-cache global confi guration command. T o disable inbound packet redirection, u se the no ip wccp web-cache r edirect in interface conf ig ...

  • Cisco Systems 3560X - page 1183

    47-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cache Services By Using WCCP Configuring WCCP This exampl e sho ws how to conf igure SVIs and ho w to enable the web cache service with a multicast group list. VLA N 299 is created and conf igured with an IP address of 175.20.20.1 0. Gigabit E ...

  • Cisco Systems 3560X - page 1184

    47-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cac he Services By Using WCCP Monitoring and Maintaining WCCP Monitoring and Maintaining WCCP T o monitor and maintain WCCP , use one or more of the pri vileged EXEC commands in Ta b l e 47-2 : Ta b l e 47 -2 Commands f or Monit oring and Mai ...

  • Cisco Systems 3560X - page 1185

    CH A P T E R 48-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 48 Configuring IP Multicast Routing This chapter describes h ow to configu re IP multicast routing on the Catalyst 3750-X or 3560-X swit ch. IP multicasting is a more ef ficient way to us e ne twork resour ces, especially for bandwidth-i ntensi ve services ...

  • Cisco Systems 3560X - page 1186

    48-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Understanding Cisco’s Impleme ntation of IP Multicast Routing Understanding Cisco’s Implementation of IP Multicast Routing The Cisco IOS software supports these pr otocols to implement IP multicast routing: • Internet G ...

  • Cisco Systems 3560X - page 1187

    48-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Understanding Cisco’s Implementa tion of IP Multicast Routing Understanding IGMP T o participate in IP multicasting, multicast hosts, routers, and mul tilayer switches must hav e the IGMP operating. This protocol def ines t ...

  • Cisco Systems 3560X - page 1188

    48-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Understanding Cisco’s Impleme ntation of IP Multicast Routing Understanding PIM PIM is called pr oto col-independent : regardless of the unicast ro uting protocols u sed to populate t he unicast routing table, PIM uses this ...

  • Cisco Systems 3560X - page 1189

    48-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Understanding Cisco’s Implementa tion of IP Multicast Routing When a new recei ver on a previously pruned bran ch of the tree join s a multicast g roup, the PIM DM dev ice detects the ne w receiv er and immediately sends a ...

  • Cisco Systems 3560X - page 1190

    48-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Understanding Cisco’s Impleme ntation of IP Multicast Routing The redundant PIM stub router to pology is not support ed. The redu ndant topology exists wh en there is more than one PIM router forwar ding multicast tr af fic ...

  • Cisco Systems 3560X - page 1191

    48-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Understanding Cisco’s Implementa tion of IP Multicast Routing Auto-RP This proprietary feature eliminates the need to manually conf igure the RP information in e very router and multilayer switch in the netwo rk. For auto-R ...

  • Cisco Systems 3560X - page 1192

    48-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Understanding Cisco’s Impleme ntation of IP Multicast Routing Multicast Forwarding and Reverse Path Check W ith unicast routing, routers and mu ltilayer switches forwar d traf fic through the n etwork alon g a sing le path ...

  • Cisco Systems 3560X - page 1193

    48-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Understanding Cisco’s Implementa tion of IP Multicast Routing PIM uses both source trees and RP-rooted shared trees to f orward datagr ams (described in the “PIM DM” section o n page 48-4 and the “PIM-SM” section on ...

  • Cisco Systems 3560X - page 1194

    48-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Multicast Routing and Switch Stacks CGMP is nec essary be cause the Layer 2 switch cannot distinguish between IP mu lticast data p a ckets and IGMP report messages, which are both at t he MA C-le vel and are addressed to the ...

  • Cisco Systems 3560X - page 1195

    48-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Default Multicast Routing Configuration Multicast Routing Configuration Guidelines T o av oid misconfiguring mu lticast routing on yo ur switch, re vie w the informati on in these sections: ? ...

  • Cisco Systems 3560X - page 1196

    48-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing Sparse-mode groups in a mix ed PIMv1 and PIMv2 re gion are possible because the Auto-RP feature in PIMv1 interoperates with the PIMv2 RP featu re. Al though all PIMv2 de vices can also use PI ...

  • Cisco Systems 3560X - page 1197

    48-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing In populating the multicast routin g table, dense-mode i nterfaces are alw ays added to the table. Sparse-mode interfaces are added to the table onl y when periodic join messages are recei ve ...

  • Cisco Systems 3560X - page 1198

    48-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing T o disable multicasting, use the no ip multicast-routing distrib uted global conf iguration command. T o return to the def ault PIM versio n, use the no ip pim version interf ace configurati ...

  • Cisco Systems 3560X - page 1199

    48-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing the IP addresses of sources from which they recei ve their t raf fic. Th e proposed standard approach for channel subscription si gnalling use IGMP in clude mo de membership reports, whi ch a ...

  • Cisco Systems 3560X - page 1200

    48-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing Configuration Guidelines This section contains the guidelines for conf iguring SSM. Legacy Applications Within the SSM Range Restric tions Existing applications in a network pred ating SSM do ...

  • Cisco Systems 3560X - page 1201

    48-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Configuring SSM Beginni ng in pri vileged EXEC mod e, follo w these steps to conf igure SSM. This procedure is optional . Monitoring SSM Beginni ng in pri vile ged EXEC mode, use these comman ...

  • Cisco Systems 3560X - page 1202

    48-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing • Before you can con figure and use SSM mappi ng with DNS lookups, you must b e able to add recor ds to a running D NS server . If you do not already ha ve a DNS serv er running, yo u need ...

  • Cisco Systems 3560X - page 1203

    48-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing DNS-Based SSM Mapping Y ou can u se DNS-based SSM mappi ng to configure the last hop router to perform a re verse DNS lookup to determine sources sendi ng to groups. When DNS - based SSM mapp ...

  • Cisco Systems 3560X - page 1204

    48-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing Configuring SSM Mapping • Config uring Static SSM Mapping, page 48 -20 (required) • Config uring DNS-Based SSM Mapping, page 48-20 (required) • Config uring Static T raff ic Forwarding ...

  • Cisco Systems 3560X - page 1205

    48-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Beginning in pri vileged EXEC mod e, follo w these steps to conf igure DNS-based SSM mapping: Configuring Static Traffic Forwarding with SSM Mapping Use static traf fic for warding with SSM m ...

  • Cisco Systems 3560X - page 1206

    48-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing Monitoring SSM Mapping Use the privile ged EXEC commands in Ta b l e 48-3 to monitor SSM mapping. Go to this URL to see SSM mapping monit oring examples: http://www .cisco.com/en/US/prod ucts ...

  • Cisco Systems 3560X - page 1207

    48-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Enabling PIM Stub Routing Beginning in pri vileged EXEC mode, follo w these steps t o enable PIM stub routing on an interf ace. This procedure is optional . T o disable PIM s tub routing on a ...

  • Cisco Systems 3560X - page 1208

    48-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing Use these pri vileged EXEC commands to display inf ormation about PIM stub co nfigur ation and status: • show ip pim interface displays the PIM stub that is enabled on each interface. • s ...

  • Cisco Systems 3560X - page 1209

    48-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Beginning in pri vileged EXEC mode, follow these steps to manually config ure the address of the RP . This procedure is optional. T o remove an RP address, use the no ip pi m rp-addr ess ip-a ...

  • Cisco Systems 3560X - page 1210

    48-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing Configuring Auto-RP Auto-RP uses IP mu lticast to automate the distrib ution of g roup-to-RP mappings to all Cisco routers and multilayer switches in a PIM netw ork. It has these benef its: ? ...

  • Cisco Systems 3560X - page 1211

    48-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Beginning in pri vileged EXEC mode, follo w these steps to deploy Auto-RP in an e xisting sparse-mode cloud. This procedure is opti onal. Command Purpose Step 1 show running-config V erify th ...

  • Cisco Systems 3560X - page 1212

    48-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing T o remove the PIM de vice configured as the candidate RP , use the no ip pim send-rp-announce interface- id global conf iguration command. T o remove the swit ch as the RP-mapping agent, use ...

  • Cisco Systems 3560X - page 1213

    48-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Beginni ng in pri vileged EXEC mode, follo w these steps to f ilter incoming RP an nouncement messages. This procedure is optional. T o remove a f ilter on incoming RP announcement messages, ...

  • Cisco Systems 3560X - page 1214

    48-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing Switch(config)# access-list 20 deny 239.0.0.0 0.0.255.255 Switch(config)# access-list 20 pe rmit 224.0.0.0 15.255.255.255 In this e xample, the mapping agent accepts candidate RP announcement ...

  • Cisco Systems 3560X - page 1215

    48-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Figur e 48-5 Constraining PIMv2 BSR Messages Defining the IP Multicast Bounda ry Y ou define a m ulticast boundary to pre vent Auto -RP messages from en tering the PIM domain. Y ou create an ...

  • Cisco Systems 3560X - page 1216

    48-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing This exampl e sho ws a portion of an IP mul ti cast boundary configuration that denies Auto-RP inform ation: Switch(config)# access-list 1 deny 224.0.1.39 Switch(config)# access-list 1 den y ...

  • Cisco Systems 3560X - page 1217

    48-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Configuring Candidate RPs Y ou can configu re one or more candidate RPs. Similar to BSRs, the RPs should also hav e good connectivity to other devices and b e in the backbone port ion of the ...

  • Cisco Systems 3560X - page 1218

    48-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing This exampl e sho ws how to conf igure the switch to advertise itself as a candidate RP to the BSR in its PIM domain. Standard access list number 4 specifies th e group prefix associated with ...

  • Cisco Systems 3560X - page 1219

    48-35 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Advanc ed PIM Feature s Monitoring the RP Mapping Information T o monitor the RP mapping inf ormation, use these comman ds in pri vileged EXEC mode: • show ip pim bsr displays i nformation about the elected BSR ...

  • Cisco Systems 3560X - page 1220

    48-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Adva nce d PIM Features Figur e 48-6 Shar ed T ree and Source T r ee (Short est-P a th T ree) If the data rate warrants, leaf routers (routers w ithout an y do wnstream conne ctions) on the s hared tree can use t ...

  • Cisco Systems 3560X - page 1221

    48-37 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Advanc ed PIM Feature s Delaying the Use of PIM Shortest-Path Tree The change from shared to source tr ee happens when the first data packet arri ves at the last-hop router (Router C in Figure 48-6 ). This change ...

  • Cisco Systems 3560X - page 1222

    48-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Optio na l IGMP Feature s T o return to the def ault setting, use the no ip pim spt-t hreshold { kbps | infinity } global conf iguration command. Modifying the PIM Router-Query Message Interval PIM routers and mu ...

  • Cisco Systems 3560X - page 1223

    48-39 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Optio nal IGM P Features • Changing th e IGMP Query Timeout for IGMPv2, page 48 -42 (optiona l) • Changing the Ma ximum Query Response Time for IGMPv2, page 48-43 (optional ) • Config uring the Switch as a ...

  • Cisco Systems 3560X - page 1224

    48-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Optio na l IGMP Feature s Beginning in pri vileged EXEC mode, foll ow th ese steps to conf igure the switch to be a member of a group. This procedur e is optional. T o cancel membership in a group, use the no ip ...

  • Cisco Systems 3560X - page 1225

    48-41 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Optio nal IGM P Features T o disable groups on an interf ace, use the no ip igmp access-group interface con figuration command. This exampl e sho ws how to conf igure hosts attached to a port as able to j oin onl ...

  • Cisco Systems 3560X - page 1226

    48-42 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Optio na l IGMP Feature s T o return to the def ault setting, use the no ip ig mp version interface configuration command. Modifying the IGMP Host-Query Message Interval The switch periodically sends IGMP host-qu ...

  • Cisco Systems 3560X - page 1227

    48-43 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Optio nal IGM P Features Y ou can confi gure the query in terval by entering t he show ip igm p interfac e interf ace-id priv ileged EXEC command. Beginning in pri vileged EXEC mode, follow these steps to change ...

  • Cisco Systems 3560X - page 1228

    48-44 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Optional Multicast Routing Features Configuring the Switch as a Statically Connected Member Sometimes there is either no group memb er on a network se gment or a host cannot report its group membership by using I ...

  • Cisco Systems 3560X - page 1229

    48-45 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Optional Multicast Routing Features Enabling CGMP Server Support The switch serves as a CGMP serv er for devices that do not support IGMP snooping b ut have CGMP client functionality . CGMP is a protocol used on ...

  • Cisco Systems 3560X - page 1230

    48-46 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Optional Multicast Routing Features Configuring sdr Listener Support The MBONE is the small subset of Internet routers and hosts that ar e interconnected and capable of forwarding IP mult icast traf fic. Other mu ...

  • Cisco Systems 3560X - page 1231

    48-47 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Optional Multicast Routing Features Beginni ng in pri vileged EXEC m ode, follow these steps to limit ho w long an sdr cache entry stays acti ve in the cache. This procedure is optional. T o return to the default ...

  • Cisco Systems 3560X - page 1232

    48-48 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Optional Multicast Routing Features Figur e 48-7 Admi ni str atively -Scoped Boundar ies Y ou can def ine an administrati vely-scoped boun dary on a routed interface f or multicast group addresses. A standard acc ...

  • Cisco Systems 3560X - page 1233

    48-49 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Basic DVMRP Interoperability Features T o remove t he boundary , use the no ip multicast boundary interface config uration command. This exampl e sho ws how to set up a boundary for all administrati vely-scoped a ...

  • Cisco Systems 3560X - page 1234

    48-50 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Basic DVMRP Interoperabi lity Features Beginning in p rivile ged EXEC mod e , follo w these step s to configu re the sources that are adv ertised and the metrics that are us ed when D VMRP route-report messages a ...

  • Cisco Systems 3560X - page 1235

    48-51 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Basic DVMRP Interoperability Features This exampl e sho ws how to conf igure D VMRP interoperability when the PI M dev ice and the D VMRP router are on the same network se gment. In this example, access li st 1 a ...

  • Cisco Systems 3560X - page 1236

    48-52 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Basic DVMRP Interoperabi lity Features Beginning in pri vileged EXEC mode, follo w these steps to conf igure a D VMRP tunnel. This procedure is optio nal. Command Purpose Step 1 configur e terminal Enter g lobal ...

  • Cisco Systems 3560X - page 1237

    48-53 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Basic DVMRP Interoperability Features T o disable the filter , use the no ip dvmrp accept-f ilter access-list-number [ di stance ] neighbor -list access-list-number interface conf iguration command. This exampl e ...

  • Cisco Systems 3560X - page 1238

    48-54 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Advanced DVMRP Interoperability Features T o prev ent the default rout e advertisement, use the no ip dvmr p default-information interf ace confi guration command. Responding to mrinfo Requests The software answe ...

  • Cisco Systems 3560X - page 1239

    48-55 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Advanced DVMRP Interoperability Feature s Cisco devices do not perfo rm D VM RP multicast routin g among each ot her , but they can exchange D VMRP routes. The D VMRP routes pro vide a multicast top ology that mi ...

  • Cisco Systems 3560X - page 1240

    48-56 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Advanced DVMRP Interoperability Features Figur e 48-8 Leaf Nonpr uning D VMRP Neighbor Y ou can pre vent the switch from peering (communicating) with a D VMRP neighbor if that neighbor does not support D VMRP pru ...

  • Cisco Systems 3560X - page 1241

    48-57 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Advanced DVMRP Interoperability Feature s Figur e 48-9 Router Rejects N onpr uning D VMRP Neighb or Note that the ip dvmr p reject-non- pruners interface conf iguration command pre vents peer ing with neighbors o ...

  • Cisco Systems 3560X - page 1242

    48-58 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Advanced DVMRP Interoperability Features Controlling Route Exchanges These sections describe ho w to tune the Cisco device adv ertisements of D VMRP routes: • Limiting the Number of D VMRP Routes Advertised, pa ...

  • Cisco Systems 3560X - page 1243

    48-59 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Advanced DVMRP Interoperability Feature s Beginning in pri vileged EXEC mod e, follo w these steps to change the thresho ld number of routes that trigger the w arning. This procedure i s optional. T o return to t ...

  • Cisco Systems 3560X - page 1244

    48-60 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Advanced DVMRP Interoperability Features Figur e 48-1 0 Connected Unicast Rout es Adv ertised b y Default (Catalyst 3750-X Switc he s) Figur e 48-1 1 Connected Unicast Rout es Adv ertised b y Def ault ((Catalyst ...

  • Cisco Systems 3560X - page 1245

    48-61 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Advanced DVMRP Interoperability Feature s T o remove the summary address, use the no ip dvmrp summary-address addr ess mask [ metric value ] interface configuration command. Disabling DVMRP Autosummarization By d ...

  • Cisco Systems 3560X - page 1246

    48-62 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Monitoring and Maintain ing IP Multicast Routing T o return to the def ault setting, use the no ip dvmr p metric-offset interface conf iguration command. Monitoring and Maintaining IP Multicast Routing • Clearing Caches, T ...

  • Cisco Systems 3560X - page 1247

    48-63 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Monitoring and Maintainin g IP Multicast Routing Displaying System and Network Statistics Y ou can displ ay specif ic statistics, su ch as the cont ents of IP routing tables, caches, and databas es. Note This release does no ...

  • Cisco Systems 3560X - page 1248

    48-64 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Monitoring and Maintain ing IP Multicast Routing Monitoring IP Multicast Routing Y ou can use the pri vileged EXEC co mmands in Ta b l e 48-7 to monito r IP mu lticast routers, packets, and paths: Ta b l e 48-7 Commands f or ...

  • Cisco Systems 3560X - page 1249

    CH A P T E R 49-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 49 Configuring MSDP This chapter describe s ho w to configure the Multicast So urce Discovery Protocol (MSDP) on the Catalyst 3750-X or 3560-X switch. Th e MSDP connects multiple Protocol-Independent Mult icast sparse-mode (PIM-SM) domains. MSDP is not f ul ...

  • Cisco Systems 3560X - page 1250

    49-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Understanding MSDP The purpose of this to pology is to ha ve domains di scov er multicast sources in other domains. If the multicast sources are of interest to a domain that has recei vers, multicast data is deli vered o ver the normal, sour ...

  • Cisco Systems 3560X - page 1251

    49-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Configuri ng MSDP Figur e 49-1 MSDP Runnin g Between RP P eers MSDP Benefits MSDP has these benefits: • It breaks up the shared multicas t distribut ion tree. Y ou can make the shared tree local to your domain. Y our local members j oin the ...

  • Cisco Systems 3560X - page 1252

    49-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Configuring MSDP • Controlling Source Informati on that Y our Switch Forward s, page 49-12 (opt ional) • Controlling Source Informati on that Y our Switch Receiv es, page 49-14 (optional) • Config uring an MSDP Mesh Grou p, page 49-16 ...

  • Cisco Systems 3560X - page 1253

    49-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Configuri ng MSDP Figur e 49-2 Def ault MSDP P eer Network Beginni ng in pri vilege d EXEC mode, follo w these steps to specify a def ault MSDP peer . This procedure is requi red. ISP A PIM domain ISP C PIM domain SA Router A Switch B 10.1.1. ...

  • Cisco Systems 3560X - page 1254

    49-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Configuring MSDP T o remove t he default peer , use the no ip msdp default-peer ip-addr ess | name global configuration command. This examp le shows a part ial conf iguration of Ro uter A and Router C i n Figure 49-2 . Ea ch of these ISPs ha ...

  • Cisco Systems 3560X - page 1255

    49-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Configuri ng MSDP Beginni ng in pri vileged EXEC mod e, follo w these steps to enable the ca ching of sou rce/group pairs. This procedure is optional . Note An alternati ve to this command is th e ip msdp sa-request gl obal conf iguration com ...

  • Cisco Systems 3560X - page 1256

    49-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Configuring MSDP Requesting Source Information from an MSDP Peer Local RPs can send SA requests and get immediat e responses for all acti ve sources for a gi ven group. By default, the sw itch does not send any SA request messages to its MSD ...

  • Cisco Systems 3560X - page 1257

    49-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Configuri ng MSDP Redistributing Sources SA messages originate on RPs to which sou rces hav e registered. By d efault, an y source that regist ers with an RP is advertised. The A flag is set in the RP w hen a source is re gistered, which mean ...

  • Cisco Systems 3560X - page 1258

    49-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Configuring MSDP T o remove t he filter , use the no ip msdp r edistribute global conf iguration command. Step 3 access-list acces s-list-number { deny | permit } sour ce [ sour ce-wildcar d ] or access-list acces s-list-number { deny | per ...

  • Cisco Systems 3560X - page 1259

    49-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Configuri ng MSDP Filtering Source-Active Request Messages By default, only switches that are caching SA in form ation can respond to SA requests. By default, such a switch honors all SA request messages fro m its MSDP peers and supplies the ...

  • Cisco Systems 3560X - page 1260

    49-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Configuring MSDP Controlling Source Information that Your Switch Forwards By default, the switch f orwards all SA messages it recei ves to all its MSDP peers. Ho wever , you can pre vent outgoin g messages from being forwarded to a peer b y ...

  • Cisco Systems 3560X - page 1261

    49-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Configuri ng MSDP T o remove t he filter , use the no ip msdp sa-f ilter out { ip-addr ess | name } [ list access-list-number ] [ rou te -m a p map-tag ] global conf iguration command. This exampl e show s how to allo w only (S,G) pairs th a ...

  • Cisco Systems 3560X - page 1262

    49-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Configuring MSDP Using TTL to Limit the Multicas t Data Sent in SA Messages Y ou can use a TT L v a lue to control what data is enca psulated in the f irst SA mess age for e very source. Only multicast pack ets with an IP-header TTL greate ...

  • Cisco Systems 3560X - page 1263

    49-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Configuri ng MSDP Beginning in pri vileged EXEC mode, follow these steps to apply a f ilter . This procedure is optional. T o remove t he filter , use the no ip msdp sa- f ilter in { ip-addr ess | name } [ list access-list-number ] [ rou te ...

  • Cisco Systems 3560X - page 1264

    49-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Configuring MSDP Configuring an MSDP Mesh Group An MSDP mesh group is a gro up of MSDP speak ers that ha ve fully meshed MSDP co nnecti vity among one another . Any SA messages received from a peer in a mesh group are n ot forwarded to othe ...

  • Cisco Systems 3560X - page 1265

    49-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Configuri ng MSDP Beginning in p rivile ged EXEC mod e, follow these steps to shut do wn a peer . This procedure is optional. T o bring the peer back up, use the no ip msdp shutdo wn { peer-na me | peer addr ess } global confi guration comma ...

  • Cisco Systems 3560X - page 1266

    49-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Configuring MSDP Note that the ip msdp origina tor-id global conf iguration command also identifies an interface to be used as the RP address. If both the ip msdp border sa-address an d the ip msdp originator -id global confi guration comma ...

  • Cisco Systems 3560X - page 1267

    49-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Monitoring and Ma in taining MSDP Monitoring and Maintaining MSDP T o monitor MSDP SA messages, peers, state, or pe er status, use one or more of the priv ileged EXEC commands in Ta b l e 49-1 : T o clear MSDP connections, statistics, or SA ...

  • Cisco Systems 3560X - page 1268

    49-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Monitoring and Maintaining MSDP ...

  • Cisco Systems 3560X - page 1269

    CH A P T E R 50-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 50 Configuring Fallback Bridging This chapter describes h ow to con figur e fallback bridg ing (VLAN bridging) on the Catalyst 3750-X or 3560-X switch. W ith fallback bridging, you can forward non-IP packets that th e switch does not route be tween V LAN br ...

  • Cisco Systems 3560X - page 1270

    50-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configur in g Fallback Bridging Understanding Fallback Bridg ing A bridge group is an internal organi zation of network int erfaces on a switch. Y o u cannot use bri dge groups to i dentify traf fic switched with in the bridge group outside the swi tch on whi ...

  • Cisco Systems 3560X - page 1271

    50-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configuring Fallback Bridging Configuring Fallback Bridging Fallback Bridging and Switch Stacks When the s tack master fails, a sta ck member bec omes the new stack master by using the el ection process described in Chapter 5, “Managin g Switch Stacks. ” ...

  • Cisco Systems 3560X - page 1272

    50-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configur in g Fallback Bridging Configuring Fallbac k Br idging Fallback Bridging Configuration Guidelines Up to 32 bridge group s can be confi gured on the switch. An interface (an SVI or routed port) can be a member of only one bridge group. Use a b ridge g ...

  • Cisco Systems 3560X - page 1273

    50-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configuring Fallback Bridging Configuring Fallback Bridging T o remove a br idge group, use the no bridge bridge-gr oup global conf iguration command. The no bridge bridg e-gr oup command automatically remo ves all SVIs an d routes ports from that bridge grou ...

  • Cisco Systems 3560X - page 1274

    50-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configur in g Fallback Bridging Configuring Fallbac k Br idging Changing the VLAN-Bridge Spanning-Tree Priority Y ou can g lobally conf igure the VLA N-bridge spanning-tree priority o f a switch when i t ties with another switch for the positio n as the root ...

  • Cisco Systems 3560X - page 1275

    50-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configuring Fallback Bridging Configuring Fallback Bridging T o return to the default setting, use the no bridge-gr oup bridge-gr oup priority interface conf iguration command. This exampl e sho ws how to change the prio rity to 20 on a port in b ridge group ...

  • Cisco Systems 3560X - page 1276

    50-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configur in g Fallback Bridging Configuring Fallbac k Br idging Note Each switch in a sp anning tree adopts the interv al between hello BPD Us, the forw ard de lay interv al, and the maximum idle i nterv al parameters of t he root switch, re gardless of what ...

  • Cisco Systems 3560X - page 1277

    50-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configuring Fallback Bridging Configuring Fallback Bridging T o return to the default setti ng, use the no bridge bridge-gr oup forward-time global con figur ation command. This e xample sho ws how to change the forw ard- delay i nterval to 10 seconds in brid ...

  • Cisco Systems 3560X - page 1278

    50-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configur in g Fallback Bridging Monitoring and Main ta ining Fallback Bridging T o re-enable spanning tr ee on the port, use the no bridge-group bridge-gr oup spanning-disabled interface configuration command. This exampl e sho ws how to disable spanning t r ...

  • Cisco Systems 3560X - page 1279

    CH A P T E R 51-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 51 Troubleshooting This chapter describes ho w to identify and resolv e software probl ems related to the Cisco IOS softw are on the Catalyst 3750-X or 3 560-X switch. Depending on the nature of the problem, you can u se the command -line interf ace (CLI), ...

  • Cisco Systems 3560X - page 1280

    51-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from a Software Failure • Using the sho w platform forward Command, page 51-22 • Using the crashinfo Files, page 51-24 • Using On-B oard Failure Logging, pa ge 51-25 • T roubleshooting T ables, page 51-27 Recovering from a ...

  • Cisco Systems 3560X - page 1281

    51-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troubleshooting Recovering from a Lost or Fo rgotten Password Step 7 Connect the switch to a TFT P server through the Ethernet management port. Step 8 Start t he file transfer by using TFT P . a. Specify the I P address of the TFTP ser ver: switch: set IP_ADD ...

  • Cisco Systems 3560X - page 1282

    51-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from a Lost or Forgotten Passwor d • Connect a PC to the Ethernet management port. If you are reco vering the password fo r a switch stack, connect to the Ethernet management port of a Catalyst 3750-X stack me mber . For details ...

  • Cisco Systems 3560X - page 1283

    51-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from a Lost or Forgotten Password Step 1 Initialize the flash f ile system: switch: flash_init Step 2 If you had set the consol e port speed to an ything othe r than 9 600, it has been reset to t hat particular speed. Change the em ...

  • Cisco Systems 3560X - page 1284

    51-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from a Lost or Forgotten Passwor d Step 11 Change the password: Switch (config)# enable secret password The secret password can be from 1 to 25 alphanu mer ic characters, can start with a number , is case sensitiv e, and allows spa ...

  • Cisco Systems 3560X - page 1285

    51-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from a Lost or Forgotten Password Step 1 Elect to continue with p assword recov ery and lose the existin g confi guration: Would you like to reset the system back to the default configuration (y/n)? Y Step 2 Load any helper f iles: ...

  • Cisco Systems 3560X - page 1286

    51-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Preventing Switch Stack Problems Step 10 Y ou must now reconf igure the switch. If the system administrator has the b ackup switch and VLAN confi guration f iles a vail able, you should use those. Preventing Switch Stack Problems Note • Mak ...

  • Cisco Systems 3560X - page 1287

    51-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from a Command Switch Failure Recovering from a Command Switch Failure This section describes ho w to recov er from a failed command swit ch. Y ou can configure a redundant command switch group b y using the Hot Standby Rout er Pro ...

  • Cisco Systems 3560X - page 1288

    51-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from a Command Switch Failure Step 6 Enter glob al configuration mode . Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Step 7 Remov e the member swit ch from the cluster . Switch(config)# n ...

  • Cisco Systems 3560X - page 1289

    51-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from a Command Switch Failure Step 17 Start your bro wser , and enter the IP ad dress of the ne w command switch. Step 18 From the Cl uster menu, select Add to Cluste r to di splay a li st of candidate switches t o add to the clus ...

  • Cisco Systems 3560X - page 1290

    51-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from Lost Cluster Member Connectivity Step 7 Respond to the questions in the setup program. When prompted for the hostname, recall th at on a co mmand switch, the hostname is limited to 2 8 characters. Do not use -n , where n is a ...

  • Cisco Systems 3560X - page 1291

    51-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Preventing Autonegotiation Mismatche s Preventing Autonegotiation Mismatches The IEEE 802.3ab autone gotiation protocol manages the switch se ttings for speed (10 M b/s, 100 Mb/s, and 1000 Mb/s, excluding SFP module port s) and duplex (half ...

  • Cisco Systems 3560X - page 1292

    51-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting SFP Module Security and Identification Disabled Port Caused by False Link Up If a Cisco po wered device is connect ed to a port and you con figur e the port by u sing the power i nline neve r interface configuration command, a f alse link up ...

  • Cisco Systems 3560X - page 1293

    51-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Monitoring Temperature Monitoring Temperature The switch monitors the t emperature conditions and uses t he temperature information to contr ol the fans. Use the sh ow en v temperature status pri vileged EXEC command to display t he temperat ...

  • Cisco Systems 3560X - page 1294

    51-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using Layer 2 Traceroute Note Though o ther protocol keywords are av ai lable with the pin g command, the y are not supported in this release. This example sh ows ho w to ping an IP host: Switch# ping 172.20.52.3 Type escape sequence to abor ...

  • Cisco Systems 3560X - page 1295

    51-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using Layer 2 Traceroute Usage Guidelines • Cisco Discov ery Protocol (CDP) must be enabled on all t he devi ces in the network . For Layer 2 traceroute to function properly , do not disable CDP . If any devi ces in the physical path are t ...

  • Cisco Systems 3560X - page 1296

    51-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using IP Traceroute Using IP Traceroute • Understanding IP T raceroute, page 51-18 • Executin g IP T raceroute, page 51 -18 Understanding IP Traceroute Y ou can use IP traceroute t o identify the path that p ackets take through the netw ...

  • Cisco Systems 3560X - page 1297

    51-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using TDR This example sh ows ho w to perform a traceroute to an IP host: Switch# traceroute ip 171.9.15.10 Type escape sequence to abort. Tracing the route to 171.69.115.10 1 172.2.52.1 0 msec 0 msec 4 msec 2 172.2.1.203 12 msec 8 msec 0 ms ...

  • Cisco Systems 3560X - page 1298

    51-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using Debug Comm ands TDR can detect these cabling problems: • Open, broken , or cut twisted-pair wi res—The wire s are not connected to the wi res from the remote device. • Shorted twisted-pair wires—The wi res are touching each oth ...

  • Cisco Systems 3560X - page 1299

    51-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using Debug Commands Note For complete syntax and us age information for specif ic debug commands, se e the command r eference for this release. Enabling Debugging on a Specific Feature In a Catalyst 37 50-X switch stack, when you enable deb ...

  • Cisco Systems 3560X - page 1300

    51-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using the show platfo rm forward Command Redirecting Debug and Error Message Output By default, the netw ork server sends the outpu t from debug co mmands and system error messages to the console. If you u se this default, you can use a virt ...

  • Cisco Systems 3560X - page 1301

    51-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using the sho w platform forward Command ========================================== Egress:Asic 2, switch 1 Output Packets: ------------------------------------------ Packet 1 Lookup Key-Used Index-Hit A-Data OutptACL 50_0D020202_0D010101-00 ...

  • Cisco Systems 3560X - page 1302

    51-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using the cras hinfo Files This is an example of the output wh en the packet coming in on port 1 in VLA N 5 ha s a dest ination MA C address set to the router MAC address in V LAN 5 an d the destination IP address unkno wn. Because t here is ...

  • Cisco Systems 3560X - page 1303

    51-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using On-Board Failure Lo gging Basic crashinfo Files The information in th e basic fil e includes the Cisco IOS image n ame and version that failed, a list of t he processor registers, and a stack trace. Y ou can prov ide thi s information ...

  • Cisco Systems 3560X - page 1304

    51-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using On-Boa rd Failure Logging Understanding OBFL By default, OBFL is enabled. It collects information about the swit ch and small form-factor pluggable (SFP) modules. The switch stores this info rmation in the flash memory: • CLI command ...

  • Cisco Systems 3560X - page 1305

    51-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Troubleshooting Tab les In a switch stack, if y ou enter the hw-module module [ switch-number ] logging onboard command on a stack member that does not support OBFL, such as a Cat alyst 3750 switch, a message appears with that informati on. ...

  • Cisco Systems 3560X - page 1306

    51-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Troubleshooting Ta bles Troubleshooting CPU Utilization This section lists some possible sy mptoms that could be caused by the CPU being too busy an d shows ho w to v erify a CPU u tilization problem. Ta b l e 51-4 lists the primary types of ...

  • Cisco Systems 3560X - page 1307

    51-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Troubleshooting Tab les For complete in formation about CPU ut ilization and h ow to trou bleshoot utilization pr oblems, see the T r oubleshooting High CPU Utilizati on do cumen t on Cisco.com. Troubleshooting Power over Ethernet (PoE) Ta ...

  • Cisco Systems 3560X - page 1308

    51-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Troubleshooting Ta bles No PoE on all ports o r a group of ports. T rouble is on all switch ports. Nonpo wered Et hernet devices cannot establi sh an Ethernet link on an y port, and PoE de vices do not po wer on. If there is a continuous, in ...

  • Cisco Systems 3560X - page 1309

    51-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Troubleshooting Tab les Cisco IP Phone disconnects or resets. After workin g normally , a Cisco phone or wi reless access point intermittentl y reloads or disconnects from PoE. V erify all electr ical connection s fro m the sw itch to the po ...

  • Cisco Systems 3560X - page 1310

    51-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Troubleshooting Ta bles Troubleshooting Stackwise (Catalyst 3750-X Switches Only) Ta b l e 51 -5 Switch Stac k T roubleshooting Scenar ios Symptom/problem How to V erify Problem Possible Cause/Solution General troubleshooting of switch stack ...

  • Cisco Systems 3560X - page 1311

    51-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Troubleshooting Tab les Slo w traff ic throughput on stack ring T est the switch interface. Defec ti ve StackW ise switch interface. Note The only solution is to replace t he switch. Problems with stack master elec tion. stacks merging, or n ...

  • Cisco Systems 3560X - page 1312

    51-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Troubleshooting Ta bles ...

  • Cisco Systems 3560X - page 1313

    CH A P T E R 52-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 52 Configuring Online Diagnostics This chapter describes ho w to conf igure the online d iagnostics on the Catalyst 3750-X or 3560-X switch. Note For complete syntax and usage in formation for the commands u sed in this chapter , see the command reference f ...

  • Cisco Systems 3560X - page 1314

    52-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 52 Configuring Online Diagnostics Configuring Onlin e Dia gnostics Scheduling Online Diagnostics Y ou can schedule online diagnostics to run at a designated time of day or on a daily , weekly , or monthly basis for a switch. Use the no form of this command to re ...

  • Cisco Systems 3560X - page 1315

    52-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 52 Configuring Online Diagnostics Configuring Online Diagnostics By default, health mon itoring is disabled, b ut th e switch generates a sysl og me ssage when a test fails. Beginni ng in pri vileged EXEC mode, foll ow th ese steps to conf igure and enable t he ...

  • Cisco Systems 3560X - page 1316

    52-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 52 Configuring Online Diagnostics Running Online Diagnostic Tests T o disable diagnostic test ing and return to the def ault settings, use these command s: • T o disable online diagnostic testing, use t he no diagnostic monitor switch number test { name | test ...

  • Cisco Systems 3560X - page 1317

    52-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 52 Configuring Online Diagnostics Running Online Diagnostic Tests Starting Online Diagnostic Tests After you conf igure diagnostic tests to run on the sw itch, use the diagnostic st art pri vileged EXEC command to beg in diagnostic testing. Use this pri vileged ...

  • Cisco Systems 3560X - page 1318

    52-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 52 Configuring Online Diagnostics Running Online Diagnostic Tests For e x amples of the show diagnostic command ou tput, see the “Examples” section of the show diagnostic command in the command ref erence for this release. show diagnostic schedul e switch [ ...

  • Cisco Systems 3560X - page 1319

    A-1 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 APPENDIX A Supported MIBs This appendix lists t he supported managemen t in formation base (MIBs) for this release on th e Catalyst 3750-X or 3560-X switch. It contains these sections: • MIB List, page A-1 • Using FTP to Access the MIB Files, page A-4 MIB List • B ...

  • Cisco Systems 3560X - page 1320

    A-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix A Supported MIBs MIB List • CISCO-HSRP-MIB (not supported on switches running the LA N Base feature set) • CISCO-HSRP-EXT -MIB (partial support) • CISCO-IETF-IP-MIB (Only with the IP services feature set) • CISCO-IETF-IP-FOR W ARDING-MIB (Only with the I ...

  • Cisco Systems 3560X - page 1321

    A-3 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix A Supported MIBs MIB List • CISCO-VLAN-MEMBERSHIP-MIB • CISCO-VTP-MIB • ENTITY -MIB • ETHERLIKE-MIB • IEEE8021-P AE-MIB • IEEE8023-LA G-MIB • IF-MIB (In and out counters for VLANs are not supp orted.) • IGMP-MIB • INET -ADDRESS-MIB • IPMR OU ...

  • Cisco Systems 3560X - page 1322

    A-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix A Supported MIBs Using FTP to Acce ss the MIB Files Using FTP to Access the MIB Files Y ou can get each MIB fi le by using this procedu re: Step 1 Make sure that your FTP cl ient is in passi ve mode. Note Some FTP clients do not support passi ve mode. Step 2 Use ...

  • Cisco Systems 3560X - page 1323

    B-1 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 APPENDIX B Working with the Cisco IOS File System, Configuration Files, and Software Images This appendi x describes how to manipulate the Cat alyst 3750-X or 3560-X switch flash f ile system, how to copy conf iguration files, and how to archiv e (upload and do wnload) ...

  • Cisco Systems 3560X - page 1324

    B-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System • Changing Directories and Displ aying the W orking Directory , page B-4 • Creating and Remo ving Directories, page B-5 • Copying Files, ...

  • Cisco Systems 3560X - page 1325

    B-3 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Work ing with the Flash File System Setting the Default File System Y ou can spe cify the file system or di rectory that the system uses as th e default f ile system by using th ...

  • Cisco Systems 3560X - page 1326

    B-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System T o display information abou t files on a file sy st em, use one of the pri vileged EXEC command s in Ta b l e B-2 : T o display information ab ...

  • Cisco Systems 3560X - page 1327

    B-5 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Work ing with the Flash File System Creating and Removing Directories Beginning in pri vileged EXEC mode, follow these steps to create and remov e a directory: T o delete a dire ...

  • Cisco Systems 3560X - page 1328

    B-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Some in valid comb inations of source and destin ation exist. Sp ecifically , you cannot cop y these combinations: • From a running conf igur ...

  • Cisco Systems 3560X - page 1329

    B-7 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Work ing with the Flash File System Beginning in privile ged EXEC mode, follow these step s to create a file, display the con tents, and extract it. Command Purpose Step 1 archi ...

  • Cisco Systems 3560X - page 1330

    B-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System This example sho ws how to create a f ile . This command writes the contents of the new-co nfigs dir ectory on the local flash device to a f il ...

  • Cisco Systems 3560X - page 1331

    B-9 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s This example sh ows ho w to display the contents of a conf iguration file on a TFTP serv er: Switch# more tftp://serverA/hampton/savedconfig ! ...

  • Cisco Systems 3560X - page 1332

    B-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files • Copying Configuration File s By Using RCP , page B-17 • Clearing Conf iguration Information, page B-20 • Replacing and Rollin g Back Con ...

  • Cisco Systems 3560X - page 1333

    B-11 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s Creating a Configuration File By Using a Text Editor When creating a conf iguration file, you mu st list commands logically so that the system ...

  • Cisco Systems 3560X - page 1334

    B-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files • Ensure that the conf iguration file to be do wnloaded is in the correct dir ectory on the TFTP serv er (usually / tftpboo t on a UNIX workst ...

  • Cisco Systems 3560X - page 1335

    B-13 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s Uploading the Configura tion File By Using TFTP T o upload a configuration f ile from a switch to a TFTP server for storage, follow these step ...

  • Cisco Systems 3560X - page 1336

    B-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files The username and password must be associ ated with an account on the FTP server . If you are wri ting to the server , the FTP server must be pro ...

  • Cisco Systems 3560X - page 1337

    B-15 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s This example sho ws how to cop y a config uration f ile named host1-confg from the netadmin 1 directory on the remo te server with an IP addre ...

  • Cisco Systems 3560X - page 1338

    B-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Uploading a Configuration File By Using FTP Beginning in pri vileged EXEC mode, foll ow th ese steps to upload a conf iguration fil e by using F ...

  • Cisco Systems 3560X - page 1339

    B-17 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s Copying Configuration Files By Using RCP The RCP p rovides another method of d ownloading, uplo ading, and cop ying conf iguration f iles betw ...

  • Cisco Systems 3560X - page 1340

    B-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files • When you upload a file to the RC P server , it must be properly configured to accept the RCP write request from t he user on the switch. F o ...

  • Cisco Systems 3560X - page 1341

    B-19 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s This exampl e sho ws how to specify a remote username o f netadmin1 . Then it copies the conf iguration file host2-confg from the netadmin1 di ...

  • Cisco Systems 3560X - page 1342

    B-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files This example sho ws how to store a st artup conf iguration file on a serv er: Switch# configure terminal Switch(config)# ip rcmd remote-us ernam ...

  • Cisco Systems 3560X - page 1343

    B-21 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s Understanding Configurati on Replacement and Rollback • Archi ving a Configu ration, page B-21 • Replacing a Conf iguration , page B-21 ? ...

  • Cisco Systems 3560X - page 1344

    B-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Rolling Back a Configuration Y ou can also use the configur e replace command to rol l back changes that were made since the prev ious confi gur ...

  • Cisco Systems 3560X - page 1345

    B-23 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s Configuring the Configuration Archive Using the configur e replace command with the configuration archiv e a nd with the ar chive conf ig comm ...

  • Cisco Systems 3560X - page 1346

    B-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Step 5 configur e replace tar get-url [ list ] [ forc e ] [ time seconds ] [ nolock ] Replace the running config uration f ile with a sa ved con ...

  • Cisco Systems 3560X - page 1347

    B-25 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images Working with Software Images This section descri bes ho w to archi ve (do wnload and upload) soft ware image f iles, which contain th e system soft ...

  • Cisco Systems 3560X - page 1348

    B-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Image s Image Location on the Switch The Cisco IOS image is stored as a .bin file in a d irectory that sho ws the version number . A subdirectory contains ...

  • Cisco Systems 3560X - page 1349

    B-27 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images Copying Image Files By Using TFTP Y ou can do wnload a switch image from a TFTP serv er or upload the image from the switch to a TFTP server . Y ou ...

  • Cisco Systems 3560X - page 1350

    B-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Image s Preparing to Download or Upload an Image File By Using TFTP Before you be gin do wnloading or uploading an image f ile by using TFTP , do these tas ...

  • Cisco Systems 3560X - page 1351

    B-29 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images The do wnload algorith m verif ies that the image is appropriate for the switch model and that enough DRAM is present, or it aborts the proce ss an ...

  • Cisco Systems 3560X - page 1352

    B-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Image s The algorithm installs the do wnloaded image on the system board flash de vice (flash:). The image is placed into a ne w directory na med with the ...

  • Cisco Systems 3560X - page 1353

    B-31 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images Copying Image Files By Using FTP Y ou can do wnload a switch image from an FTP serv er or upload the image from t he switch to an FTP server . Y ou ...

  • Cisco Systems 3560X - page 1354

    B-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Image s Use the ip ftp username and ip ftp password commands to sp ecify a username and password for all copies. Include the username in the archiv e downl ...

  • Cisco Systems 3560X - page 1355

    B-33 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images The do wnload algorith m verif ies that the image is appropriate for the switch model and that enough DRAM is present, or it aborts the proce ss an ...

  • Cisco Systems 3560X - page 1356

    B-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Image s Note If the f lash device has suf ficient space to hold two i mages and you w ant to ov erwrite one of these images with the same versi on, you mus ...

  • Cisco Systems 3560X - page 1357

    B-35 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images The archiv e upload-sw command b uilds an image f ile on the serv er by upl oading these f iles in order: info, the Cisco IOS image, and t he web m ...

  • Cisco Systems 3560X - page 1358

    B-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Image s Preparing to Download or Upload an Image File By Using RCP RCP provid es another method of do wnloading and up loading image f iles between remote ...

  • Cisco Systems 3560X - page 1359

    B-37 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images If the switch IP ad dress translates to Switch1.company .com , the .rhosts file for User0 on the RCP server shou ld contain this line: Switch1.comp ...

  • Cisco Systems 3560X - page 1360

    B-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Image s The do wnload algorith m verif ies that the image is appropriate for the switch model and that enough DRAM is present, or it aborts the proce ss an ...

  • Cisco Systems 3560X - page 1361

    B-39 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images The upload feature should be used only if the web management pages asso ciat ed with the em bedded dev ice manager ha ve been installed with the e ...

  • Cisco Systems 3560X - page 1362

    B-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Image s Note T o use the archi ve copy-sw priv ileged EXEC comman d, you must ha ve do wnloaded from a TFTP serv er the images for both the stack member sw ...

  • Cisco Systems 3560X - page 1363

    C-1 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 APPENDIX C Unsupported Commands in Cisco IOS Release 12.2(53)SE2 This appendix lists some of th e command-line interf ace (CLI) commands that appear when y ou enter the question mark (?) at the Catalyst 3750-X or 35 60-X switch prompt b ut are no t supported in this rel ...

  • Cisco Systems 3560X - page 1364

    C-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix C Unsupported Comman ds in Cisco IOS Release 12.2(53)SE2 Archive Commands Unsupported Route-Map Configuration Commands match ip addr ess pref ix-list pr efix-li st-name [ pr efix-list-name ...] Archive Commands Unsupported Privileged EXEC Commands archiv e confi ...

  • Cisco Systems 3560X - page 1365

    C-3 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix C Unsupported Commands in Cisco IOS Release 12.2(53) SE 2 De bug Commands Debug Commands Note These commands are supported only on Catalyst 3750-X switches. Unsupported Privileged EXEC Commands debug platf orm cli-redirection main debug platf orm configuration ...

  • Cisco Systems 3560X - page 1366

    C-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix C Unsupported Comman ds in Cisco IOS Release 12.2(53)SE2 Fallback Bridging tag trigger (EEM) Unsupported Commands in Event Trigger Configuration Mode event own er event own er Fallback Bridging Unsupported Privileged EXEC Commands clear bridge [ bridge-gr oup ] ...

  • Cisco Systems 3560X - page 1367

    C-5 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix C Unsupported Commands in Cisco IOS Release 12.2(53) SE 2 HSRP bridge bridge-gr oup ro ut e pr otocol bridge bri dge-gr oup subscriber policy policy subscriber-policy po licy [[ no | default ] pac ket [ permit | deny ]] Unsupported Interface Configuration Comma ...

  • Cisco Systems 3560X - page 1368

    C-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix C Unsupported Comman ds in Cisco IOS Release 12.2(53)SE2 IGMP Snooping Commands interfac e Lex interfac e Multi link interfac e Vi r t u a l - T e m pl a t e interfac e V irtual-T okenring Unsupported Interface Configuration Commands mtu standby mac-refr esh sec ...

  • Cisco Systems 3560X - page 1369

    C-7 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix C Unsupported Commands in Cisco IOS Release 12.2(53) SE 2 IP Multicast Routing IP Multicast Routing Unsupported Privileged EXEC Commands clear ip rtp header -compression [ type number ] The deb ug ip pack et command displays packets recei ved by the switch CPU. ...

  • Cisco Systems 3560X - page 1370

    C-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix C Unsupported Comman ds in Cisco IOS Release 12.2(53)SE2 IP Unicast Routing ip multicast use-functional ip pim minimum-vc-rate pp s ip pim multipoint-signall ing ip pim nbma-mode ip pim vc-count num ber ip rtp compr ession-connections nu mber ip rtp header -comp ...

  • Cisco Systems 3560X - page 1371

    C-9 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix C Unsupported Commands in Cisco IOS Release 12.2(53) SE 2 IP Unicast Routing router iso-igr p router mobile router odr router static Unsupported Interface Configuration Commands ip accounting ip load-sharing [ per -packet ] ip mtu bytes ip ospf dead-interv al m ...

  • Cisco Systems 3560X - page 1372

    C-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix C Unsupported Comman ds in Cisco IOS Release 12.2(53)SE2 MAC Address Commands set ip destination ip-addr ess mask set ip next-hop verify-a vailability set ip precedence value set ip qo s-gr o up set metric-type inter nal set origin set metric-type inter nal MAC ...

  • Cisco Systems 3560X - page 1373

    C-11 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix C Unsupported Commands in Cisco IOS Release 12.2(53) SE 2 Miscellaneous Miscellaneous Unsupported User EXEC Commands verify Unsupported Privileged EXEC Commands f ile verify auto remote command show cable-diagnostics prbs test cable-diagnostics prbs Unsupporte ...

  • Cisco Systems 3560X - page 1374

    C-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix C Unsupported Comman ds in Cisco IOS Release 12.2(53)SE2 NetFlow Commands NetFlow Commands Unsupported Global Configuration Commands ip flow-aggr egation cache ip flow-cache entries ip flow-export Network Address Translation (NAT) Commands Unsupported Privilege ...

  • Cisco Systems 3560X - page 1375

    C-13 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix C Unsupported Commands in Cisco IOS Release 12.2(53) SE 2 SNMP aaa authentication featur e default line radius-serv er attribute nas-port radius-serv er configur e radius-serv er extended-portnames SNMP Unsupported Global Configuration Commands snmp-server ena ...

  • Cisco Systems 3560X - page 1376

    C-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix C Unsupported Comman ds in Cisco IOS Release 12.2(53)SE2 VTP VTP Unsupported Privileged EXEC Command vtp { password passwor d | pruning | version number } Note This command has been replaced by the vtp global conf iguration command. ...

  • Cisco Systems 3560X - page 1377

    IN-1 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 INDEX Numerics 10-Gigabit Ethernet interfaces 13-7 802.1AE 11-31 802.1x-REV 11-31 A AAA down policy, NAC Layer 2 IP validation 1-11 abbreviating commands 2-3 ABRs 42-26 AC (command switch) 6-10 access-class command 37-20 access control entries See ACEs access-denied re ...

  • Cisco Systems 3560X - page 1378

    Index IN-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 ACLs (continued) host keywo rd 37-13 IP creating 37-8 fragments an d QoS guideline s 39- 36 implicit deny 37-10, 37-14, 37-17 implicit masks 37-10 matching criteria 37-8 undefined 37-21 IPv4 applying to interfaces 37-20 creating 37-8 matching criteria 37-8 named 3 ...

  • Cisco Systems 3560X - page 1379

    Index IN-3 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 addresses (continued) MAC, discovering 7-31 multicast group address range 48-3 STP address management 20-8 static adding and removing 7-27 defined 7-19 address resolution 7-31, 42-9 Address Resolution Protocol See ARP adjacency tables, with CEF 42-90 administrati ...

  • Cisco Systems 3560X - page 1380

    Index IN-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 authentication manager CLI commands 11-9 compatibility with older 802.1x CLI commands 11-9 to 11-10 overview 11-8 single session ID 11-30 authoritative time source, descr ibed 7-2 authorization with RADIUS 10-33 with TACACS+ 10-11, 10-16 authorized ports wi th IEE ...

  • Cisco Systems 3560X - page 1381

    Index IN-5 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 backup static routin g, configuring 46-12 banners configuring login 7-19 message-of-the-day login 7-18 default configu ration 7-17 when displayed 7-17 Berkeley r-tools replacement 10-55 BGP aggregate addresses 42-60 aggregate routes, configuring 42-60 CIDR 42-60 ...

  • Cisco Systems 3560X - page 1382

    Index IN-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 BPDU guard described 22-2 disabling 22-14 enabling 22-13 support for 1-8 bridged packets, ACLs on 37-39 bridge groups See fallback bridging bridge protocol data unit See BPDU broadcast flooding 42-17 broadcast packets directed 42-14 flooded 42-14 broadcast storm-c ...

  • Cisco Systems 3560X - page 1383

    Index IN-7 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Cisco Medianet See Auto Smartports macros Cisco Network Assistant See Network Assistant Cisco Redundant Power System 2300 configuring 13-42 managing 13-42 Cisco Secure ACS attribute-value pairs for downloadable ACLs 11-18 attribute-value pairs for redirect URL 11 ...

  • Cisco Systems 3560X - page 1384

    Index IN-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 clusters, switch (continued) passwords 6-14 RADIUS 6-16 SNMP 6-14, 6-17 switch stacks 6-14 TACACS+ 6-16 See also candidate switch, command switch, cluster standby group, member switch, and stand by command switch cluster standby gro up and HSRP grou p 44-12 automa ...

  • Cisco Systems 3560X - page 1385

    Index IN-9 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 configuration, initial defaults 1-16 Express Setup 1-2 See also getting started gui de and hardware installatio n guide configuration confli cts, recovering from lost member connec tivity 51-12 configuration examples, network 1-19 configuration files archiving B- ...

  • Cisco Systems 3560X - page 1386

    Index IN-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 critical VLAN 11-21 cross-stack EtherChannel configuration guid elines 40-13 configuring on Layer 2 interfaces 40-13 on Layer 3 physical interfaces 40-16 described 40-3 illustration 40-4 support for 1-8 cross-stack UplinkFast, STP described 22-5 disabling 22-16 e ...

  • Cisco Systems 3560X - page 1387

    Index IN-11 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 default configuration (continued) MVR 26-19 NTP 7-4 optional spanni ng-tree configuration 22-12 OSPF 42-27 password and p rivilege level 10-2 PIM 48-11 private V LANs 18-6 RADIUS 10-27 RIP 42-21 RMON 33-3 RSPAN 32-12 SDM template 8-4 SNMP 35-6 SPAN 32-12 SSL 10- ...

  • Cisco Systems 3560X - page 1388

    Index IN-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 DHCP-based autoconfiguration (continued) overview 3-3 relationship to BOOTP 3-4 relay support 1-6, 1-14 support for 1-6 DHCP-based autoconfigur ation and image upd ate configuring 3-11 to 3-14 understanding 3-5 to 3-6 DHCP binding database See DHCP snooping bindi ...

  • Cisco Systems 3560X - page 1389

    Index IN-13 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 DHCPv6 configuration guid elines 43-15 default configu ration 43-15 described 43-6 enabling client function 43-18 enabling DHCPv6 server function 43-16 diagnostic schedule command 52-2 Differentiated Services architecture, QoS 39-2 Differentiated Services Code P ...

  • Cisco Systems 3560X - page 1390

    Index IN-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 dual protoc ol stacks IPv4 and IPv6 43-6 SDM templates supporting 43-6 DVMRP autosummarization configuring a summary ad dress 48-59 disabling 48-61 connecting PIM d omain to DVMRP router 48-51 enabling unicast rou ting 48-54 interoperability with Cisco devices 48 ...

  • Cisco Systems 3560X - page 1391

    Index IN-15 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 dynamic ARP inspection (continued) rate limiting of ARP pack ets configuring 25-10 described 25-4 error-disabled state 25-4 statistics clearing 25-15 displayin g 25-15 validation checks, p erforming 25-12 dynamic auto trunking mode 15-16 dynamic de sirable trunk ...

  • Cisco Systems 3560X - page 1392

    Index IN-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 enhanced ob ject tracking stat ic routing 46-10 environmental variables, embedded event mana ger 36-5 environment variables, function o f 3-20 equal-cost routing 1-14, 42-91 error-disabled state, BPDU 22-2 error messages during command entry 2-4 EtherChannel auto ...

  • Cisco Systems 3560X - page 1393

    Index IN-17 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Ethernet VLANs adding 15-7 defaults and ranges 15-7 modifying 15-7 EUI 43-3 event detectors, embe dded event manager 36-3 events, RMON 33-3 examples conventions for l network configur ation 1-19 expedite queue for QoS 39-86 Express Setup 1-2 See also getting sta ...

  • Cisco Systems 3560X - page 1394

    Index IN-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Fast Uplink Transiti on Protocol 22-6 features, incompatible 28-12 FIB 42-90 fiber-optic, detect ing unidirectional links 31-1 files basic crashinfo description 51-25 location 51-25 copying B-5 crashinfo, description 51-24 deletin g B-6 displaying t he contents o ...

  • Cisco Systems 3560X - page 1395

    Index IN-19 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 G general q uery 23-5 Generatin g IGMP Reports 23-3 get-bulk-request o peration 35-3 get-next-request operati on 35-3, 35-4 get-request op eration 35-3, 35-4 get-response operati on 35-3 Gigabit modul es See SFPs global confi guration mode 2-2 global leave, IGMP ...

  • Cisco Systems 3560X - page 1396

    Index IN-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 I IBPG 42-44 ICMP IPv6 43-4 redirect messages 42-12 support for 1-14 time-exceeded messages 51-18 traceroute and 51-18 unreachable messages 37-20 unreachable messages and IPv6 38-4 unreachables a nd ACLs 37-22 ICMP Echo oper ation configuring 45-11 IP SLAs 45-11 ...

  • Cisco Systems 3560X - page 1397

    Index IN-21 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 IGMP (continued) report suppression described 26-5 disabling 26-15, 27-11 supported ve rsions 26-3 support for 1-4 Version 1 changing to Version 2 48-41 described 48-3 Version 2 changing to Version 1 48-41 described 48-3 maximum query response time value 48-43 p ...

  • Cisco Systems 3560X - page 1398

    Index IN-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 interfaces (continued) described 13-36 descriptive n ame, adding 13-36 displaying i nformation about 13-45 duplex and speed con figuration guidelines 13-28 flow contr ol 13-30 management 1-5 monitoring 13-45 naming 13-36 physical , identifying 13-17 range of 13-1 ...

  • Cisco Systems 3560X - page 1399

    Index IN-23 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 IP multicast routin g addresses all-hosts 48-3 all-multicast-routers 48-3 host group address rang e 48-3 administratively-scop ed boundaries, descri bed 48-47 and IGMP snooping 26-2 Auto-RP adding to an existi ng sparse-mode cloud 48-26 benefit s of 48-26 cleari ...

  • Cisco Systems 3560X - page 1400

    Index IN-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 IP phones and QoS 17-1 automatic classifica tion and queueing 39-23 configuring 17-4 ensuring port se curity with QoS 39-42 trusted boundary for QoS 39-42 IP Port Security for Static Hosts on a Layer 2 access port 24-20 on a PVLAN host port 24-24 IP precedence 39 ...

  • Cisco Systems 3560X - page 1401

    Index IN-25 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 IP source guard (continued) static bindings adding 24-19, 24-21 deletin g 24-20 static hosts 24-21 IP traceroute executing 51-18 overview 51-18 IP unicast routing address resolution 42-9 administrative distances 42-92, 42-102 ARP 42-10 assigning IP addresses to ...

  • Cisco Systems 3560X - page 1402

    Index IN-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 IPv6 (continued) address formats 43-2 and switch stacks 43-9 applications 43-5 assigning address 43-11 autoconfiguration 43-5 CEFv6 43-19 default configu ration 43-11 default router preference (DRP) 43-4 defined 43-1 Enhanced Interior G ateway Routing Protocol (E ...

  • Cisco Systems 3560X - page 1403

    Index IN-27 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Kerberos authenticating to boundary switch 10-42 KDC 10-42 network services 10-42 configuration examples 10-39 configuring 10-42 credentials 10-40 described 10-39 KDC 10-39 operation 10-41 realm 10-41 server 10-41 support for 1-11 switch as trusted third party 1 ...

  • Cisco Systems 3560X - page 1404

    Index IN-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 link-state tracking configuring 40-25 described 40-23 LLDP configuring 30-5 characteristics 30-6 default configu ration 30-5 enabling 30-6 monitoring and maint aining 30-11 overview 30-1 supported TLVs 30-2 switch stack considerations 30-2 transmission timer an d ...

  • Cisco Systems 3560X - page 1405

    Index IN-29 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 MAC extended access lists applying to Layer 2 interfaces 37-30 configuring for Qo S 39-50 creating 37-28 defined 37-28 for QoS classification 39-5 macros See Auto Smartports macros See Smartports macros MACsec 11-31 and stacking 11-32 configuring on an interface ...

  • Cisco Systems 3560X - page 1406

    Index IN-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 messages, to users through banners 7-17 metrics, in BGP 42-52 metric translations, between ro uting protocols 42-97 metro tags 19-2 MHSRP 44-4 MIBs accessing files with FTP A-4 location o f files A-4 overview 35-1 SNMP interaction with 35-4 supported A-1 mini-poi ...

  • Cisco Systems 3560X - page 1407

    Index IN-31 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 MSDP benefit s of 49-3 clearing MSDP connections and statistics 49-19 controlling source information forwarded by switch 49-12 originated by switch 49-8 received by switch 49-14 default configu ration 49-4 dense-mode regions sending SA messages to 49-17 specifyi ...

  • Cisco Systems 3560X - page 1408

    Index IN-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 MSTP (continued) extended system ID effects on root switch 21-18 effects on secondary root switch 21-19 unexpected be havior 21-18 IEEE 802.1s implemen tation 21-6 port role naming chan ge 21-6 terminol ogy 21-5 instances supported 20-10 interface state, blocking ...

  • Cisco Systems 3560X - page 1409

    Index IN-33 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 multioperations schedu ling, IP SLAs 45-5 multiple authentication 11-12 Multiple HSRP See MHSRP multiple VPN routi ng/forwarding in customer edge de vices See multi-VRF CE multi-VRF CE configuration example 42-85 configuration guid elines 42-77 configuring 42-77 ...

  • Cisco Systems 3560X - page 1410

    Index IN-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 network configuration examples (continued) server aggregation and Linux server cluster 1-24 small to medium-sized network 1-26 network design performance 1-20 services 1-20 Network Edge Access Topo logy See NEAT network management CDP 29-1 RMON 33-1 SNMP 35-1 net ...

  • Cisco Systems 3560X - page 1411

    Index IN-35 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 online diagnost ics described 52-1 overview 52-1 running tests 52-4 open1x configuring 11-64 open1x authentication overview 11-27 Open Shortest Path First See OSPF optimizing system resources 8-1 options, mana gement 1-5 OSPF area parameters, configuring 42-31 c ...

  • Cisco Systems 3560X - page 1412

    Index IN-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 PIM default configu ration 48-11 dense mode overview 48-4 rendezvous point (RP), de scribed 48-5 RPF lookups 48-9 displaying neighbo rs 48-63 enabling a mode 48-13 overview 48-4 router-query message in terval, modifying 48-38 shared tree and source tree, overview ...

  • Cisco Systems 3560X - page 1413

    Index IN-37 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 policy maps for QoS characteristics of 39-57 described 39-8 displayin g 39-88 hierarchical 39-9 hierarchical on SVIs configuration guid elines 39-37 configuring 39-61 described 39-12 nonhierarchical on physical ports configuration guid elines 39-37 configuring 3 ...

  • Cisco Systems 3560X - page 1414

    Index IN-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 port-based authentication (continued) per-user ACLs AAA authorization 11-41 configuration tasks 11-17 described 11-16 RADIUS server attributes 11-16 ports authorization state and d ot1x port-control comman d 11-10 authorized and u nauthorized 11-10 voice VLAN 11- ...

  • Cisco Systems 3560X - page 1415

    Index IN-39 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 port security (continued) configuring 28-13 default configu ration 28-11 described 28-8 displayin g 28-19 enabling 28-18 on trunk ports 28-14 sticky lear ning 28-9 violatio ns 28-10 port-shutdown response, VMPS 15-26 port VLAN ID TLV 30-2 power managem ent TLV 3 ...

  • Cisco Systems 3560X - page 1416

    Index IN-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 promiscuous ports configuring 18-12 defined 18-2 protected ports 1-10, 28-6 protocol-dependent modules, EIGRP 42-36 Protocol-Independen t Multicast Protocol See PIM provider edge devi ces 42-75 provisioning new members for a swi tch stack 5-8 proxy ARP configurin ...

  • Cisco Systems 3560X - page 1417

    Index IN-41 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 QoS (continued) configuration guid elines auto-QoS 39-28 standard QoS 39-36 configuring aggregate policers 39-68 auto-QoS 39-23 default port CoS val ue 39-41 DSCP maps 39-70 DSCP transparency 39-43 DSCP trust st ates border ing another domain 39-44 egress queue ...

  • Cisco Systems 3560X - page 1418

    Index IN-42 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 QoS (continued) policers configuring 39-59, 39-65, 39-69 described 39-9 displayin g 39-88 number of 39-38 types of 39-10 policies, attaching to an interface 39-9 policing described 39-4, 39-9 token bucket algorithm 39-10 policy maps characteristics of 39-57 displ ...

  • Cisco Systems 3560X - page 1419

    Index IN-43 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 RARP 42-10 rcommand command 6-16 RCP configuration files downloading B-18 overview B-17 preparing the server B-17 uploading B-19 image f iles deleting old image B-38 downloading B-37 preparing the server B-36 uploading B-38 reachability, tracking IP SLAs IP host ...

  • Cisco Systems 3560X - page 1420

    Index IN-44 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 RFC (continued) 1166, IP addresses 42-7 1253, OSPF 42-25 1267, BGP 42-43 1305, NTP 7-2 1587, NSSAs 42-26 1757, RMON 33-2 1771, BGP 42-43 1901, SNMPv2C 35-2 1902 to 1907, SNMPv 2 35-2 2236, IP mult icast and IGMP 26-2 2273-2275, S NMPv3 35-2 RFC 5176 Com pliance 1 ...

  • Cisco Systems 3560X - page 1421

    Index IN-45 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 RSPAN 32-3 and stack changes 32-10 characteristics 32-9 configuration guid elines 32-17 default configu ration 32-12 destination ports 32-8 displaying st atus 32-28 in a switch stack 32-3 interaction with other features 32-9 monitored ports 32-7 monitoring port ...

  • Cisco Systems 3560X - page 1422

    Index IN-46 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 secure HTTP server configuring 10-53 displayin g 10-55 secure MAC addresses and switch stacks 28-18 deletin g 28-16 maximum number of 28-10 types of 28-9 secure ports and switch stacks 28-18 configuring 28-9 secure remote connections 10-45 Secure Shell See SSH Se ...

  • Cisco Systems 3560X - page 1423

    Index IN-47 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 SNMP accessing MIB variables with 35-4 agent described 35-4 disabling 35-7 and IP SLAs 45-2 authentication level 35-10 community strings configuring 35-8 for cluster switches 35-4 overview 35-4 configuration examples 35-18 default configu ration 35-6 engine ID 3 ...

  • Cisco Systems 3560X - page 1424

    Index IN-48 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 SPAN and stack changes 32-10 configuration guid elines 32-12 default configu ration 32-12 destination ports 32-8 displaying st atus 32-28 interaction with other features 32-9 monitored ports 32-7 monitoring port s 32-8 overview 1-15, 32-1 ports, restrictions 28-1 ...

  • Cisco Systems 3560X - page 1425

    Index IN-49 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 stack changes, effects on ACL configuration 37-7 CDP 29-2 cross-stack EtherChannel 40-13 EtherChannel 40-10 fallback bridging 50-3 HSRP 44-5 IEEE 802.1x port-based authentication 11-11 IGMP snooping 26-6 IP routing 42-4 IPv6 ACLs 38-3 MAC address tables 7-21 MST ...

  • Cisco Systems 3560X - page 1426

    Index IN-50 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 stacks, switch (continued) MAC address of 5-20 management connectivit y 5-17 managing 5-1 managing mixed See Catalyst 3750-E and 37 50 Switch Stacking Compatibility Guid e membership 5-4 merged 5-4 mixed hardware 5-2 hardware and software 5-2 software 5-2 with Ca ...

  • Cisco Systems 3560X - page 1427

    Index IN-51 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 startup configuration booting manually 3-18 specific image 3-19 clearing B-20 configuration file automatically down loading 3-17 specifying the filename 3-17 default boot configu ration 3-17 static access ports assigning to VLAN 15-9 defined 13-3, 15-3 static ad ...

  • Cisco Systems 3560X - page 1428

    Index IN-52 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 STP (continued) default optional feature configuration 22-12 designated port, defined 20-4 designated switch, defined 20-4 detecting i ndirect link failure s 22-8 disabling 20-15 displaying st atus 20-24 EtherChannel gu ard described 22-10 disabling 22-17 enablin ...

  • Cisco Systems 3560X - page 1429

    Index IN-53 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 subnet mask 42-7 subnet zero 42-7 success response, VMPS 15-26 summer time 7-13 SunNet Manager 1-6 supernet 42-8 supported port-based authentication methods 11-8 Smartports macros See also Auto Smartpo rts macros SVI autostate exclude configuring 13-39 defined 1 ...

  • Cisco Systems 3560X - page 1430

    Index IN-54 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 system MTU and IEEE 802.1Q tunneling 19-5 system name default configu ration 7-15 default setting 7-15 manual configuratio n 7-15 See also DNS system name TLV 30-2 system prompt, defau lt setting 7-14, 7-15 system resources, optimizi ng 8-1 system routing IS-IS 4 ...

  • Cisco Systems 3560X - page 1431

    Index IN-55 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 time stamps in log messages 34-8 time zones 7-12 TLVs defined 30-2 LLDP 30-2 LLDP-MED 30-2 Token Ring VLANs support for 15-5 VTP supp ort 16-4 ToS 1-13 traceroute, Layer 2 and ARP 51-17 and CDP 51-17 broadcast traffic 51-16 described 51-16 IP addresses and subne ...

  • Cisco Systems 3560X - page 1432

    Index IN-56 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 trunks allowed-VLAN list 15-19 configuring 15-18, 15-23, 15-25 ISL 15-14 load sharing setting STP path costs 15-24 using STP port priori ties 15-22, 15-23 native VLAN for untagged traffic 15-21 parallel 15-24 pruning-eligibl e list 15-20 to non-DTP device 15-15 t ...

  • Cisco Systems 3560X - page 1433

    Index IN-57 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 UNIX syslog servers daemon configuration 34-12 facilities supported 34-14 message logging config uration 34-13 unrecognized Type-Len gth-Value (TLV) support 16-4 upgrading in formation See release notes upgrading soft ware images See downloading UplinkFast descr ...

  • Cisco Systems 3560X - page 1434

    Index IN-58 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 VLAN load ba lancing on flex links configuration guid elines 23-8 described 23-2 VLAN management domain 16-2 VLAN Management Policy Server See VMPS VLAN map entries, order of 37-31 VLAN maps applying 37-35 common uses for 37-35 configuration guid elines 37-31 con ...

  • Cisco Systems 3560X - page 1435

    Index IN-59 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 VMPS (continued) dynamic port member ship described 15-26 reconfirming 15-29 troubleshooting 15-31 entering server address 15-28 mapping MAC addresses to VLANs 15-26 monitoring 15-30 reconfirmation in terval, changing 15-29 reconfirming membership 15-29 retry co ...

  • Cisco Systems 3560X - page 1436

    Index IN-60 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 VTP (continued) modes client 16-3 off 16-3 server 16-3 transition s 16-3 transparent 16-3 monitoring 16-17 passwords 16-9 pruning disabling 16-15 enabling 16-15 examples 16-7 overview 16-6 support for 1-9 pruning-eligibl e list, changing 15-20 server mode, config ...

  • Cisco Systems 3560X - page 1437

    Index IN-61 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 WTD described 39-15 setting thresholds egress queue-sets 39-81 ingress queues 39-77 support for 1-13 ...

  • Cisco Systems 3560X - page 1438

    Index IN-62 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 ...

Manufacturer Cisco Systems Category Switch

Documents that we receive from a manufacturer of a Cisco Systems 3560X can be divided into several groups. They are, among others:
- Cisco Systems technical drawings
- 3560X manuals
- Cisco Systems product data sheets
- information booklets
- or energy labels Cisco Systems 3560X
All of them are important, but the most important information from the point of view of use of the device are in the user manual Cisco Systems 3560X.

A group of documents referred to as user manuals is also divided into more specific types, such as: Installation manuals Cisco Systems 3560X, service manual, brief instructions and user manuals Cisco Systems 3560X. Depending on your needs, you should look for the document you need. In our website you can view the most popular manual of the product Cisco Systems 3560X.

A complete manual for the device Cisco Systems 3560X, how should it look like?
A manual, also referred to as a user manual, or simply "instructions" is a technical document designed to assist in the use Cisco Systems 3560X by users. Manuals are usually written by a technical writer, but in a language understandable to all users of Cisco Systems 3560X.

A complete Cisco Systems manual, should contain several basic components. Some of them are less important, such as: cover / title page or copyright page. However, the remaining part should provide us with information that is important from the point of view of the user.

1. Preface and tips on how to use the manual Cisco Systems 3560X - At the beginning of each manual we should find clues about how to use the guidelines. It should include information about the location of the Contents of the Cisco Systems 3560X, FAQ or common problems, i.e. places that are most often searched by users in each manual
2. Contents - index of all tips concerning the Cisco Systems 3560X, that we can find in the current document
3. Tips how to use the basic functions of the device Cisco Systems 3560X - which should help us in our first steps of using Cisco Systems 3560X
4. Troubleshooting - systematic sequence of activities that will help us diagnose and subsequently solve the most important problems with Cisco Systems 3560X
5. FAQ - Frequently Asked Questions
6. Contact detailsInformation about where to look for contact to the manufacturer/service of Cisco Systems 3560X in a specific country, if it was not possible to solve the problem on our own.

Do you have a question concerning Cisco Systems 3560X?

Use the form below

If you did not solve your problem by using a manual Cisco Systems 3560X, ask a question using the form below. If a user had a similar problem with Cisco Systems 3560X it is likely that he will want to share the way to solve it.

Copy the text from the picture

Comments (0)