Manual Cisco Systems 3750E

1236 pages 14.04 mb

Download

Go to site of 1236

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236

Prev Next

Summary

Cisco Systems 3750E - page 1

Americas Hea dquarters Cisc o Syst ems , Inc . 170 West Ta sman Driv e San Jos e, CA 95 134-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553- NETS (638 7) Fax: 408 527-0883 Catal yst 3750-E and 3560-E S w itc h S of tw are Conf iguration Guide Cisco IOS R elease 12.2(37 )SE May 2 0 07 Text Pa rt Nu mber: OL-9775- 02 ...
Cisco Systems 3750E - page 2

THE SPECIFICATIONS AND INFORMATION REGARDING TH E PRODUCTS IN THIS MANUAL ARE SUBJE CT TO CHANGE WITHOUT NO TICE. ALL STATEMENT S, INFORMATI ON, AND RE COMMENDATIONS IN T HIS MANUAL ARE BELI EVED TO BE A CCURATE BUT ARE P RESENTED W ITHOUT WARRANTY OF ANY KIND, EXPRE SS OR IMPLIED. USERS MUST TA KE FULL RESPONSIBILITY FOR THEIR AP PLICATION OF ANY ...
Cisco Systems 3750E - page 3

iii Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 CONTENTS Preface xli ii Audienc e xliii Pur pose xliii Conv enti ons xliii Relat ed P ubl icatio ns xliv Obtain ing Documentati on, Obt aining Su pport, an d Security Guide lines xlvi CHAPTER 1 Overview 1- 1 Featur es 1-1 Deployme nt Feat ures 1-2 Perfor mance Features ...
Cisco Systems 3750E - page 4

Cont ents iv Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Underst anding Abb r eviat ed Commands 2-4 Underst andi ng no and defa ult Fo rms of Commands 2-4 Underst andi ng CLI Erro r Messages 2- 5 Using Con figuration Lo gging 2-5 Using Comma nd History 2-6 Changin g the Command Histor y Buffer Si ze 2-6 Recall ing C ...
Cisco Systems 3750E - page 5

Content s v Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Schedul ing a Reload of the Software I mage 3-17 Config uring a Schedu led Reloa d 3-17 Displa ying Scheduled Reload I nformati on 3-18 CHAPTER 4 Configur ing Cisc o IOS CNS Agents 4-1 Underst andi ng Cisco Con figurat ion En gine Soft ware 4-1 Config uration S ...
Cisco Systems 3750E - page 6

Cont ents vi Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Stack Pr otoco l Versio n Compatibi lity 5-11 Major V ersio n Num ber Inco mpat ibility Amo ng Sw itche s 5-11 Minor Ver sion Number Incompati bility Amon g Switches 5-11 Underst andi ng Auto-Upg rade and Auto-Advi se 5-12 Auto-Up grade and Auto-A dvise Exa mp ...
Cisco Systems 3750E - page 7

Content s vii Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 HSRP and Sta ndby Cluster Comman d Switches 6-11 Virtua l IP Ad dress es 6-12 Other Considerati ons for Clu ster St andby Groups 6-12 Automa tic Recov ery of Cluste r Config uration 6-13 IP Ad dres ses 6-14 Hostname s 6-14 Passw or ds 6-15 SNMP Communi ty Str ...
Cisco Systems 3750E - page 8

Cont ents viii Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Creati ng a Bann er 7-1 7 Defaul t Banner Configur ation 7-17 Config uring a Message -of-the -Day Login Banner 7-18 Config uring a Login B anner 7-19 Mana gin g the MA C Addr ess Ta ble 7-19 Buildi ng the Addres s Table 7-20 MAC Addresse s and VLANs 7-20 MAC ...
Cisco Systems 3750E - page 9

Content s ix Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Config uring Multi ple Pr ivileg e Levels 9- 7 Setti ng the Pr ivileg e Level for a Command 9-8 Changin g the Def ault P rivil ege L evel f or L ines 9-9 Logg ing into and Exit ing a Pri vile ge Level 9-9 Contro lling Swi tch Access with TACACS+ 9-10 Underst a ...
Cisco Systems 3750E - page 10

Cont ents x Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Config uring th e Swit ch for Secure S hell 9-37 Underst anding SSH 9-38 SSH Serv ers, Int egrat ed C lien ts, and Supp orte d V ers ions 9-38 Limita tions 9-39 Config uring SSH 9- 39 Config uration Guidel ines 9-39 Setti ng Up the Switc h to Run SSH 9-40 Confi ...
Cisco Systems 3750E - page 11

Content s xi Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Using IE EE 802.1x Auth enticat ion with Port S ecurit y 10-16 Using IE EE 802.1x Authent ication with Wake -on-LAN 10-17 Using IE EE 802.1x Authent ication with MAC Aut hentication Bypass 10-17 Netw ork A dmis sion Cont rol L ayer 2 IE EE 8 02.1x Va lidatio n ...
Cisco Systems 3750E - page 12

Cont ents xii Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 CHAPTER 11 Configur ing I nterfac e Characterist ics 11-1 Underst andi ng Interf ace Typ es 11 -1 Port-B as ed V LANs 11-2 Switch Po rts 11-2 Access Po rts 11-3 Trunk Po rts 11-3 Tunnel Ports 11 -4 Routed Po rts 11- 4 Switch Vi rtua l Interf aces 11-5 EtherC ...
Cisco Systems 3750E - page 13

Content s xiii Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Config uring the Power Sup plies 11-37 Monit orin g and Ma inta inin g the In terf aces 11-38 Moni tori ng I nter face Stat us 11-38 Cleari ng and Re settin g Interfaces and Counte rs 11-39 Shutti ng Do wn and Restar ting the I nter face 11-4 0 CHAPTER 12 Co ...
Cisco Systems 3750E - page 14

Cont ents xiv Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Trunki ng Ov erview 13-16 Encap sul atio n Typ es 13- 18 IEEE 802 .1Q Configurat ion Con siderat ions 13-19 Defau lt Lay er 2 Et herne t Inte rfac e VLAN Conf igura tion 13-19 Config uring an Etherne t Interface as a Trunk Po rt 13-1 9 Intera ctio n wit h O t ...
Cisco Systems 3750E - page 15

Content s xv Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Config uring VTP 14 -6 Defaul t VTP Configurat ion 14-7 VTP Confi gurati on Options 14-7 VTP C onf igurat ion in Gl obal Con figur atio n Mo de 14-7 VTP Confi gurati on in VLA N Database Con figuration Mode 14-8 VTP Confi gura tion Guid elin es 14-8 Domain Nam ...
Cisco Systems 3750E - page 16

Cont ents xvi Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Config uring Private VLANs 16-6 Tasks for Co nfigur ing Priv ate VLAN s 16 -6 Defaul t Priv ate-VLAN Co nfigu ration 16-7 Privat e-VLAN C onfiguratio n Guide lines 16-7 Seco ndar y a nd Pr imar y VL AN C onf igur atio n 16-7 Priva te-V LAN Po rt Co nfigur ati ...
Cisco Systems 3750E - page 17

Content s xvii Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Bridg e ID, Swi tch Pr iori ty, and Ex ten ded Sys tem ID 18-4 Spannin g-Tree Interf ace St ates 18-5 Blocki ng St ate 18-7 List ening Sta te 18-7 Learni ng St ate 18-7 Forw ardi ng S tat e 18-7 Disabl ed State 18-8 How a Sw itch o r Po rt B ecom es the Ro o ...
Cisco Systems 3750E - page 18

Cont ents xviii Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 CHAPTER 19 Configur ing MST P 19-1 Underst anding MSTP 19-2 Multip le Sp anning- Tree Regions 19-2 IST, C IST , and CST 19-3 Operati ons Withi n an MST Region 19-3 Operati ons Betw een MST Reg ions 19-4 IEEE 802 .1s Ter minolog y 19-5 Hop Count 19-5 Boundar ...
Cisco Systems 3750E - page 19

Content s xix Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Specif ying t he Link Typ e to Ensu re Rapi d Transit ions 19-24 Designa ting the Ne ighbo r Type 19-25 Restar ting the Pr otocol Migration Proce ss 19-26 Displa ying t he MST Config uration and Status 19-26 CHAPTER 20 Configur ing Opti onal Spanning -Tree Fe ...
Cisco Systems 3750E - page 20

Cont ents xx Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Config uring Flex Lin ks and MAC Addr ess-Table Move Upd ate 21-5 Config uration Guidel ines 21-5 Defau lt C onfig urat ion 21-5 Config uring Flex Lin ks and MAC Addr ess-Table Move Upd ate 21-6 Config uring Flex Lin ks 21-6 Config uring VLAN Load Bala ncing o ...
Cisco Systems 3750E - page 21

Content s xxi Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 CHAPTER 23 Configur ing Dynami c ARP Inspectio n 23-1 Underst anding Dyn amic ARP Inspecti on 23 -1 Interf ace Tru st St ates and Netw or k Se curi ty 23-3 Rate Lim iting of ARP P ack ets 23-4 Relati ve Priority o f ARP ACLs and DHCP Sn ooping Entries 23-4 Lo ...
Cisco Systems 3750E - page 22

Cont ents xxii Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Displa ying IGMP Snooping Inform ation 24-17 Unde rsta nding Mult icas t V LAN R egi strati on 24-18 Using MVR in a Mu ltica st Te levi sion Appl icat ion 24-19 Conf igurin g MVR 24-20 Defaul t MVR Configu r ation 24-2 0 MVR Conf iguration G uidelines a nd L ...
Cisco Systems 3750E - page 23

Content s xxiii Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 CHAPTER 26 Configur ing Port -Based Traf fic Control 26-1 Config uring Storm Contr ol 26-1 Underst anding St orm Contro l 26-1 Defaul t Storm Co ntrol Con figurat ion 26-3 Config uring Storm Contr ol and Threshol d Level s 26 -3 Config uring Prote cted Port ...
Cisco Systems 3750E - page 24

Cont ents xxiv Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Config uring LLDP and LLDP- MED 28- 3 Defau lt L LDP C onfig ura tion 28- 3 Config uring LLDP Char acteri stic s 28 -3 Disab ling an d En abli ng LL DP Glob ally 28-4 Disab ling an d Enab ling LL DP on an Inte rface 28-5 Config urin g LLDP-MED TLVs 28-6 Moni ...
Cisco Systems 3750E - page 25

Content s xxv Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Config uring Local SPAN 30-1 1 SPAN Confi gurati on Guideli nes 30-11 Creati ng a Loca l SPAN S ession 30 -12 Creati ng a Loca l SPAN Sess ion and Con figuring Inco ming Traf fic 30- 14 Specif ying VL ANs to Filt er 30-1 5 Config uring RSPAN 30-16 RSPAN Confi ...
Cisco Systems 3750E - page 26

Cont ents xxvi Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Config uring UNIX Syslog Servers 32-12 Loggin g M essage s to a UNIX Sysl og Daemon 32-12 Config uring the UNIX Syst em Logging Facil ity 32-1 3 Displa ying the Loggin g Confi gurati on 32 -14 CHAPTER 33 Configur ing S NMP 33 -1 Unde rsta nding SNM P 33 -1 S ...
Cisco Systems 3750E - page 27

Content s xxvii Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Creati ng a Numbered Extended ACL 34-11 Reseque ncing ACEs in an ACL 34-15 Creati ng Named St andard and Extend ed ACLs 34-15 Using Ti me Ranges with ACLs 34-1 7 Incl uding Comm en ts i n ACL s 34-19 Applyi ng an IPv4 ACL to a Terminal Line 34-19 Applyi ng ...
Cisco Systems 3750E - page 28

Cont ents xxvii i Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Config uring IPv6 ACL s 35 -4 Defaul t IPv6 ACL Configur ation 35-4 Inter action wi th Othe r Feature s and Swit ches 35-4 Creati ng I Pv6 ACLs 35-5 Applyi ng an IPv6 ACL to an Inter face 35-8 Displa ying IPv 6 ACLs 35-9 CHAPTER 36 Configur ing Q oS 36-1 ...
Cisco Systems 3750E - page 29

Content s xxix Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Standar d QoS Configurat ion Gui delines 36-35 QoS ACL Guide lines 36-35 Applyi ng QoS on In terfac es 36- 35 Polici ng G uid elines 36-36 General QoS Guideli nes 36-36 Enabli ng QoS Global ly 36-37 Enabli ng VLAN-Based QoS on Physica l Port s 36-37 Config u ...
Cisco Systems 3750E - page 30

Cont ents xxx Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 CHAPTER 37 Configur ing E therCh annels and Link -State T r ackin g 37-1 Underst andi ng EtherCh annels 37-1 EtherC hannel Overview 37-2 Port-C ha nnel Int erface s 37 -4 Port Aggr egation Proto col 37- 5 PAgP Modes 37-6 PAgP Int eraction with Ot her Features ...
Cisco Systems 3750E - page 31

Content s xxxi Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Config uring IP Addr essing 38-5 Defaul t Addressing Conf iguration 38-6 Assig nin g IP A ddre sses to N etw ork Inte rfaces 38-7 Use of Subn et Zero 38-7 Classl ess Rou ting 38-8 Config uring Address Res olution Meth ods 38-9 Define a St atic ARP Ca che 38 ...
Cisco Systems 3750E - page 32

Cont ents xxxii Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Config uring Basic EIGR P Parame ters 38-39 Config uring EIGRP Int erfac es 38 -40 Config uring EIGRP Route Authen ticati on 38-41 EIGRP St ub Ro utin g 38-42 Monit orin g and Ma inta inin g EIGRP 38-4 3 Config uring BGP 38-43 Defaul t BGP Configurati on 38 ...
Cisco Systems 3750E - page 33

Content s xxxii i Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Config uring Policy- Based Routin g 38 -83 PBR Confi gurati on Guideli nes 38-84 Enab ling P BR 38-85 Filt ering Ro utin g Infor mat ion 38-87 Setti ng Passi ve Inter face s 38-87 Contro lling Advertisi ng and Processin g in Routi ng Updat es 38 -88 Filte ...
Cisco Systems 3750E - page 34

Cont ents xxxiv Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 CHAPTER 40 Configur ing H SRP and Enhanced Ob ject Tracking 40-1 Unde rsta nding HSR P 40-1 Mult iple HSRP 40-3 HSRP and Sw itch St acks 40-4 Config uring HSRP 40 -4 Defaul t HSRP Configurat ion 40-5 HSRP Confi gurat ion Guid elines 40- 5 Enabli ng HSRP 40 ...
Cisco Systems 3750E - page 35

Content s xxxv Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 CHAPTER 42 Configur ing I P Multic ast Routing 42-1 Underst andi ng Cisco’ s Implem entatio n of IP Multi cast Rout ing 42- 2 Underst andi ng IGMP 42-3 IGMP V ersio n 1 42-3 IGMP Ve rsio n 2 42-3 Underst andi ng PIM 42-4 PIM V ers ions 42-4 PIM Modes 42-4 ...
Cisco Systems 3750E - page 36

Cont ents xxxvi Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Changin g the IGMP Query Ti meout f or IGMPv2 42-32 Changin g the Maximum Query Resp onse Ti me for IGMP v2 42-33 Config uring the Switch as a Statica lly Connected Memb er 42-33 Config uring Optional Multi cast Ro uting Fea tures 42-34 Enab ling C GM P S e ...
Cisco Systems 3750E - page 37

Content s xxxvi i Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Contro lling Source In forma tion that Your Switc h Origina tes 43-9 Redist ribu ting So urces 43-9 Filt ering So urc e-Act ive R eque st Mes sage s 43-11 Contro lling Source In forma tion that Your Switc h Forwar ds 43 -12 Using a Fi lter 43-12 Using TTL ...
Cisco Systems 3750E - page 38

Cont ents xxxvii i Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Recover i ng from Lo st Cluste r Member Connectiv ity 45-13 Preven ting Autonegoti ation Mis matches 45 -13 Troubl eshoo ting Power over Ether net Switch Ports 45-13 Disabl ed Port Caused by Powe r Loss 45-1 4 Disabl ed Port Caus ed by False Link Up 45-1 ...
Cisco Systems 3750E - page 39

Content s xxxix Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Config uring Online Di agnosti cs 46-2 Schedul ing Onli ne Diagnos tics 46-2 Config uring Health- Monito ring Diag nostics 46-3 Running Online Diagnost ic Tes ts 46 -5 Starti ng O nlin e Diagno stic Tes ts 46 -5 Displa ying Online Diag nostic Te sts an d Te ...
Cisco Systems 3750E - page 40

Cont ents xl Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Cleari ng C onfigur ation Info rmation B-19 Clear ing th e Sta rtup Config urat ion Fi le B-20 Dele ting a Stor ed C onfigur ation File B-20 Work ing wit h Soft ware Images B-2 0 Image Loc ation on the Switch B-2 1 File Fo rmat of Imag es on a S erver o r Ci s ...
Cisco Systems 3750E - page 41

Content s xli Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 HSRP C-4 Unsuppor ted Global Conf igurati on Comman ds C-4 Unsuppor ted Interfac e Configur ati on Commands C-5 IGMP Snoopi ng Commands C-5 Unsuppor ted Global Conf igurati on Comman ds C-5 Inter face Comma nds C- 5 Unsuppor ted Privile ged EXEC Command s C-5 ...
Cisco Systems 3750E - page 42

Cont ents xlii Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 RADIUS C-11 Unsuppor ted Global Conf igurati on Comman ds C-1 1 SNMP C-12 Unsuppor ted Global Conf igurati on Comman ds C-1 2 Spannin g Tree C-1 2 Unsuppor ted Global Conf igurati on Comman d C-12 Unsuppor ted Interfac e Configur ati on Command C-12 VLAN C-1 ...
Cisco Systems 3750E - page 43

xliii Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Preface Audience This gui de is for the ne tworking p rofess ional ma naging the stan dalone Catalyst 3 750-E or 356 0-E swit ch or the Ca talyst 3750- E switch stack , referred t o as the switc h . Before using this g uide, you shou ld have experien ce workin g wi t ...
Cisco Systems 3750E - page 44

xliv Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Preface Related Publi cations • Brace s ({ }) grou p req uired choices, and verti cal bars ( | ) se para te the alternati ve e lements. • Brace s and ve rtical bar s within squar e brack ets ([{ | }]) mean a required choic e within an optional elemen t. Inter acti ...
Cisco Systems 3750E - page 45

xlv Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Pre face Relate d Publicati ons • Catalyst 3 750-E and 3 560-E Switch S ystem Me ssage Guide (no t orderabl e but a vailable on Cisco.com) • Cisco Softwar e Activatio n and Compatib ility Document (not or derabl e but av a ilab le on Ci sco.com ) • Device manage ...
Cisco Systems 3750E - page 46

xlvi Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Preface Obtainin g Docume ntation , Obtaining Sup port, and Se curity G uidelines Obtaining Do cumentation, Obtaining Support, and Security Guidelines For informat ion on obtai ning docu menta tion, obt aining sup port, provid ing docum entati on feedba ck, secu rity ...
Cisco Systems 3750E - page 47

C HAPTER 1-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 1 Overview This c hapter provides these topic s abou t the C ataly st 3750- E a nd 3560-E sw itch software : • Feat ures , page 1-1 • Defa ult Settin gs After I nitial Swi tch Configurati o n, page 1-13 • Network Configu ration E xamples, page 1-16 • Wh ...
Cisco Systems 3750E - page 48

1-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 1 Over vi ew Feature s • IP services f eature set, which pr ovide s a richer set o f enterp rise-class inte lligent serv ices. It in cludes all IP base featur es plus full Layer 3 rou ting (IP unicast routing , IP multicast rou ting, and fallb ack bridging) ...
Cisco Systems 3750E - page 49

1-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 Ov erview Features • An embe dded de vice mana ger GUI for conf igur ing an d monit orin g a singl e swit ch through a we b br ow s er. Fo r inf ormation about starting th e de vice manager , see the getting started guide. For more information about the devi ...
Cisco Systems 3750E - page 50

1-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 1 Over vi ew Feature s • Switch clus tering t echnol ogy f or – Unif ied conf iguratio n, monitoring, au thenticatio n, and software upgr ade of multiple, cluste r-capable sw itches , regardles s of their ge ograp hic proxi mity and interco nnectio n medi ...
Cisco Systems 3750E - page 51

1-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 Ov erview Features • IGMP sn oopin g queri er suppo rt to configure switch to ge nerate periodi c IG MP Gene ral Qu ery messages • Multica st Liste ner Disc overy (MLD) snooping to enabl e efficient distribution of IP V ersio n 6 (I Pv6) multicas t data t ...
Cisco Systems 3750E - page 52

1-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 1 Over vi ew Feature s Manageability Features These a re the manageab ility features : • CNS embe dded ag ents for au tomat ing switc h mana geme nt, conf iguration storag e, and del i ver y • DHCP fo r au tomat ing co nfiguration of sw itch i nform ation ...
Cisco Systems 3750E - page 53

1-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 Ov erview Features Availabi lity and R edund ancy F eatures These a re the a vail ability an d redunda ncy f eatures: • HSRP for comm and switch a nd L ayer 3 route r re dundan cy • Automati c stack maste r re-e lection (fa ilover support) for replac ing s ...
Cisco Systems 3750E - page 54

1-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 1 Over vi ew Feature s • Link-state tracking to mirr or the state of the p orts that carry upstr eam traf fic from co nnected hosts and server s and to allow the failover of the ser ver traff ic to an ope ratio nal link on an other Ci sco Ether net sw itc h ...
Cisco Systems 3750E - page 55

1-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 Ov erview Features • Protected port op tion f or rest ricting the forwa rding of tra f fic to designa ted po rts on th e sam e switc h • Port security optio n for limiting and identi fying MA C addresses of the stations allo wed to access the port • VLAN ...
Cisco Systems 3750E - page 56

1-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 1 Over vi ew Feature s • MA C authentication b ypass to authorize clie nts based on the client MA C address. • Network Ad mission Cont rol (NA C) feat ures : – N AC L ayer 2 IEEE 802.1x v alidation of the anti v irus cond ition or po stu r e of endpoint ...
Cisco Systems 3750E - page 57

1-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 Ov erview Features – T r usted boun dary for det ectin g the prese nce of a Cisco IP Phone , trustin g the CoS value recei ved, and ensur ing port s ecu rity • Policing – T r aff ic-policin g policie s on the switch por t for mana ging how much of the p ...
Cisco Systems 3750E - page 58

1-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 1 Over vi ew Feature s • Polic y-based routing (PBR) for conf iguring defined polic ies for traf fic flo ws • Multiple VPN routing/forw arding (mu lti-VRF) instances in c u stomer edge d ev ices to allo w service provid ers to support multiple virtu al pr ...
Cisco Systems 3750E - page 59

1-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 Ov erview Default Settings After Initial Switch Configurat ion • Ability to moni tor the r eal-ti me power consum ption. On a pe r-PoE port basi s, the switch se nses the total power consum ption, polices the power usage, and reports t he power usage. Monit ...
Cisco Systems 3750E - page 60

1-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 1 Over vi ew Default Set tings A fter Initial Sw itch Conf iguration If you do not co nfigure the switc h at all, t he switch operate s with the se default sett ings: • Default swi tch IP addre ss, subnet mask , and defaul t gateway is 0.0.0.0. For more in ...
Cisco Systems 3750E - page 61

1-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 Ov erview Default Settings After Initial Switch Configurat ion • VLANs – Defa ult VLAN is VLAN 1. F or more information , see Chapter 13 , “Configur ing VLAN s.” – VLAN tr unking settin g is d ynamic au to (DTP). F or more in formation, see Ch apter ...
Cisco Systems 3750E - page 62

1-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 1 Over vi ew Netwo rk Configura tion Examp les • UDLD is di sabled . For more info rmat ion, see Chapt er 29, “Configur ing UDLD .” • SP AN and RSP A N are di sabled . For more inform ation , see Cha pter 30, “C onfiguring SP AN and RSP AN.” • R ...
Cisco Systems 3750E - page 63

1-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 Ov erview Network Configuration Examples Bandwidt h alone is not the only c onsidera tion whe n designing you r network. As your netwo rk traffic profiles evolv e, con sider p roviding network se rvices that c an suppor t appl icati ons f or voice and data in ...
Cisco Systems 3750E - page 64

1-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 1 Over vi ew Netwo rk Configura tion Examp les Y o u can u se the switches and swit ch stacks to create the f ollo wing: • Cost- effective wiring closet ( Figure 1- 1 )—A cost- ef fectiv e w ay to con nect man y users to the wiri ng closet is to have a sw ...
Cisco Systems 3750E - page 65

1-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 Ov erview Network Configuration Examples For high-speed IP forwarding at th e distributio n layer, connect the switc hes in the acce ss layer to a Gigabit m ultilayer switch in the b ackbone, such as a Cataly st 4500 Gigabit switch or Cata lyst 6500 Gigabit s ...
Cisco Systems 3750E - page 66

1-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 1 Over vi ew Netwo rk Configura tion Examp les Figur e 1 -3 High-P erfor mance W or kgr oup (Gigabit-t o-the-Deskt op) • Redunda nt Gigabit backbone (Figure 1-4 )—Usi ng HSRP , you ca n create backup pa ths betwe en two Catalyst 3750-E m ultilayer Gi gabi ...
Cisco Systems 3750E - page 67

1-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 Ov erview Network Configuration Examples Figur e 1 -4 Redundant G igabi t Bac kbone • Serv er aggr e gation ( Figure 1-5 ) and Lin ux server cluste r ( Figure 1- 6 )—Y ou ca n use t he Catalyst 3560-E swit ches and Catalyst 37 50-E-o nly switch stac ks to ...
Cisco Systems 3750E - page 68

1-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 1 Over vi ew Netwo rk Configura tion Examp les Figu re 1 -5 Ser ver Aggregatio n 86931 Si Si Si Si Si Si Campus core Catalyst 6500 s witches Catalyst 4500 multila yer switches Catalyst 3750-E-only StackWise Plus s witch stacks Ser ver r acks 200857 Campus cor ...
Cisco Systems 3750E - page 69

1-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 Ov erview Network Configuration Examples Figur e 1 -6 Linux Serv er Cluster Small to M edium-Si zed Networ k Using Catalyst 3750-E and 3560-E Switches Figure 1-7 an d Figure 1-8 show a configuratio n for a net work of up t o 500 emp loyees . This net work use ...
Cisco Systems 3750E - page 70

1-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 1 Over vi ew Netwo rk Configura tion Examp les When an end sta tion in one VL AN needs to communicate with an end s tation in anoth er VLAN, a rou ter or Laye r 3 switc h route s the traffic to the de stinatio n VL AN. In this network, the C atalyst 3750- E-o ...
Cisco Systems 3750E - page 71

1-25 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 Ov erview Network Configuration Examples Figur e 1 -8 Catalyst 3560-E S witches in a Collapsed Back bone Conf igur ation Gigabit ser vers 200860 Cisco 2600 or 3700 routers Catalyst 3560-E s witches Internet Cisco IP phones W orkstations running Cisco SoftPhon ...
Cisco Systems 3750E - page 72

1-26 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 1 Over vi ew Netwo rk Configura tion Examp les Large Ne twork Us ing Catalys t 3750 -E an d 3560-E S witc hes Switche s in the wiring close t hav e trad itionall y been only Layer 2 devices, but as network traff i c profiles e volve, switches in the wiring cl ...
Cisco Systems 3750E - page 73

1-27 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 Ov erview Network Configuration Examples Figur e 1 -9 Catalyst 37 50-E Switc h Stac ks in Wiri ng Closets in a Bac kbone Configur ation Cisco 7x00 routers Catalyst 6500 multila yer switches Cisco IP Phones with workstations IEEE 802.3af-compliant powered de v ...
Cisco Systems 3750E - page 74

1-28 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 1 Over vi ew Netwo rk Configura tion Examp les Figur e 1 -1 0 Catalyst 35 60-E S witc hes in Wir ing Closets in a Bac kbone Conf iguration Cisco 7x00 routers Catalyst 6500 multila yer switches Catalyst 3560-E s witches Catalyst 3560-E s witches Cisco IP Phone ...
Cisco Systems 3750E - page 75

1-29 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 Ov erview Network Configuration Examples Multidwelling Network Usi n g Ca talyst 3750-E Switches A growing segmen t of residen tial a nd co mmer cial cu stome rs ar e requir ing h igh-spe ed acc ess t o Ether net metropolita n-area n etwork s (MANs). Figure 1 ...
Cisco Systems 3750E - page 76

1-30 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 1 Over vi ew Netwo rk Configura tion Examp les Figur e 1 -1 1 Catalys t 3750-E Sw itch es in a M AN Configu ration Long-Distan ce, High-Ba ndwidth T ransport C onfiguration Figure 1-12 shows a configur ation fo r sending 8 Gi gabits of data over a single fibe ...
Cisco Systems 3750E - page 77

1-31 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 Ov erview Where t o Go Next Figur e 1 -12 Long-Distanc e, High-Bandw idth T r ansp ort Con figur ation Where to Go Next Before conf iguring the switch, re view these secti ons for startup infor mation: • Chapter 2, “U sing the Co mmand -Line I nterface” ...
Cisco Systems 3750E - page 78

1-32 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 1 Over vi ew Where to Go Nex t ...
Cisco Systems 3750E - page 79

C HAPTER 2-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 2 Using the Command-Line Interface This c hapte r descr ibes t he Cisc o IOS comm and-li ne in terface ( CLI) and how to use it to configure your standa lone Cataly st 3750-E or 35 60-E switc h and to a Cataly st 3750-E swit ch stack, referred to as the switch ...
Cisco Systems 3750E - page 80

2-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 2 Using the Comman d-Line Interface Underst anding Com mand M odes Ta b l e 2 - 1 describes the ma in comm and mod es, how to access ea ch one, t he prompt you see in th at mode , and how to exit the mode. Th e exampl es in the tab le use the h ostname Switch . ...
Cisco Systems 3750E - page 81

2-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 Using the Comma nd-Line In terface Understa nding th e Help Syst em For more detail ed info rmat ion on the command mode s, see the c omma nd refe rence g uide for th is rel ease. Understandin g the Help Syste m Y ou can enter a quest ion mark (?) at th e syst ...
Cisco Systems 3750E - page 82

2-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 2 Using the Comman d-Line Interface Underst anding A bbreviated Co mmand s Understandin g Abbreviated Commands Y o u need to enter only enough char acte rs for the sw itch t o rec ognize the c omma nd a s unique . This e xample sho ws ho w to enter th e show co ...
Cisco Systems 3750E - page 83

2-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 Using the Comma nd-Line In terface Understanding CLI Error Messages Understandin g CLI Error Messages Ta b l e 2 - 3 lists some error message s that you mi ght e ncounte r whi le using the C LI to configure your switch. Using Configuratio n Logging Y o u can l ...
Cisco Systems 3750E - page 84

2-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 2 Using the Comman d-Line Interface Usin g Comma nd His tor y Using Command History The software provides a histor y or rec ord of comma nds that you have enter ed. The co mman d history feature is particular ly useful for recal ling long or comple x commands o ...
Cisco Systems 3750E - page 85

2-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 Using the Comma nd-Line In terface Using Edit ing Featu res Disabling th e Comman d Histor y Featu re The comma nd history featur e is autom atically enabled. Y ou can disable it for t h e curre nt termin al sessi on or for the comman d line. The se proc edure ...
Cisco Systems 3750E - page 86

2-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 2 Using the Comman d-Line Interface Using E diting Feature s Editing C ommands throu gh Keystrok es Ta b l e 2 - 5 sh ows th e ke ystrokes that you ne ed to edit comm and lines. These ke ystroke s are option al. T able 2-5 Editing Comma nds thr ough Ke ystr ok ...
Cisco Systems 3750E - page 87

2-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 Using the Comma nd-Line In terface Using Edit ing Featu res Editing C ommand Lines that Wrap Y o u can use a wrapa round feature for commands t hat extend beyond a singl e line on th e screen . When the cursor reaches the right mar gin, the command line shifts ...
Cisco Systems 3750E - page 88

2-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 2 Using the Comman d-Line Interface Searching and Filterin g Output of show and more Commands Use lin e wrapping with th e comman d histo ry featu re to recal l and modif y previous comp lex command entries. F or information a b out recallin g pre vious comman ...
Cisco Systems 3750E - page 89

2-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 Using the Comma nd-Line In terface Acce ssi ng th e C LI Accessing the CLI throu gh a Co nsole Conn ection or through Telnet Before yo u can acce ss the CLI, you must connect a t ermin al or a PC to the switch c onsole or c onnect a PC to the Ethe rnet m anag ...
Cisco Systems 3750E - page 90

2-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 2 Using the Comman d-Line Interface Access ing the CLI ...
Cisco Systems 3750E - page 91

C HAPTER 3-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 3 Assigning the Switch IP Address and Default Gateway This chap ter de scribe s ho w to creat e the initi al switch co nf igurati on (for ex ample, as sign ing the IP address an d default gateway informa tion) by using a variety of au tomati c and manua l metho ...
Cisco Systems 3750E - page 92

3-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 3 Assigni ng the Switch IP Addr ess and Default Gat eway Assign ing Swi tch In format ion The nor mal b oot p rocess involv es the opera tion of the boot lo ader software, which perfo rms the se acti vities: • Performs lo w-lev el CPU initialization. It init ...
Cisco Systems 3750E - page 93

3-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Gate way Assigning Switch Information Note Stac k me mbers r etain their IP ad dress wh en yo u re move them f rom a sw itch st ack. T o avoid a c onflict by ha ving two devices with the same IP add ress in your ...
Cisco Systems 3750E - page 94

3-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 3 Assigni ng the Switch IP Addr ess and Default Gat eway Assign ing Swi tch In format ion W i th DHCP-b ased autoc onfiguration , no DHCP clie nt-sid e configuration is needed on your switc h. Howe ver, you need to configure the DHC P server f or various leas ...
Cisco Systems 3750E - page 95

3-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Gate way Assigning Switch Information The DHCP serv er sends the client a DHCPN AK denial broad cast message, which means tha t the of fered configurati on param eters have not been assign ed, tha t an error ha ...
Cisco Systems 3750E - page 96

3-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 3 Assigni ng the Switch IP Addr ess and Default Gat eway Assign ing Swi tch In format ion If you do no t conf igure the DHCP server with the lea se options d escribed pre viously , it re plies to clien t requests wit h only those par ameters t hat are configur ...
Cisco Systems 3750E - page 97

3-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Gate way Assigning Switch Information Configuring the Relay Device Y o u must configur e a relay device, also referr ed to as a re l a y a g e n t , when a swit ch send s broa dcast pack ets th at requ ire a r e ...
Cisco Systems 3750E - page 98

3-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 3 Assigni ng the Switch IP Addr ess and Default Gat eway Assign ing Swi tch In format ion • The IP a d dress and the conf iguration f ilename is reser ved f or th e switch, b ut the TFT P serv er address i s not provided in the DH CP reply (o ne-file read me ...
Cisco Systems 3750E - page 99

3-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Gate way Assigning Switch Information Ta b l e 3 - 2 sho ws the conf iguration of the res erv ed leases o n the DHCP serv er . DNS Ser ver Conf iguration The DNS server ma ps the TF TP se rver name tftpserver t ...
Cisco Systems 3750E - page 100

3-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 3 Assigni ng the Switch IP Addr ess and Default Gat eway Assign ing Swi tch In format ion • It re ads its host t able by i ndexing i ts IP a ddress 10.0.0 .21 t o its hostnam e (swi tcha). • It reads the configuratio n file that cor responds t o its hostn ...
Cisco Systems 3750E - page 101

3-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Gate way Checki ng and Savi ng the Running C onfigu r ation Checking and Sa ving the Running Configuratio n Y o u can chec k the configur ation settings you e ntered or changes yo u made by enter ing this pri v ...
Cisco Systems 3750E - page 102

3-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 3 Assigni ng the Switch IP Addr ess and Default Gat eway Modifyin g the Startup Conf iguration Modifying the Start up Configuration These sec tions descr ibe how to modify th e switch st artup co nfiguration: • Def aul t Bo ot Con fi guratio n, pa ge 3-12 ? ...
Cisco Systems 3750E - page 103

3-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Gate way Modify ing the Start up Confi gurat ion Note On C atal yst 3750- E swi tches, this command only works pr operly from a standa lone switch. Beginn ing in pri vileged EXEC mode, follo w these steps to sp ...
Cisco Systems 3750E - page 104

3-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 3 Assigni ng the Switch IP Addr ess and Default Gat eway Modifyin g the Startup Conf iguration T o d isab le ma nual b ooting, u se the no boot manual g lobal c onfiguration c ommand . Booting a Specific Software Image By default, the switch attempts to autom ...
Cisco Systems 3750E - page 105

3-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Gate way Modify ing the Start up Confi gurat ion T o return to the default setting, use the no boot system globa l configurat ion c ommand. Controlling Environment Variables W ith a n ormall y op erati ng swi t ...
Cisco Systems 3750E - page 106

3-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 3 Assigni ng the Switch IP Addr ess and Default Gat eway Modifyin g the Startup Conf iguration Note For c omplete s yntax and u sage in forma tion fo r the boot loader command s and en vironment variab les, see the c omman d refere nce fo r this rel ease. Ta ...
Cisco Systems 3750E - page 107

3-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Gate way Scheduling a Reload of the Software Image When t he swit ch is c onne cted to a PC through the Ethern et ma nageme nt port , yo u can download or upload a conf iguration f ile to the bo ot loader by us ...
Cisco Systems 3750E - page 108

3-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 3 Assigni ng the Switch IP Addr ess and Default Gat eway Scheduli ng a Reload of the Software Image Note Use the at keyw ord on ly if the swit ch system clock has be en set (throu gh Networ k T ime Protocol (NTP), t he hardwa r e calen dar , or manually ). Th ...
Cisco Systems 3750E - page 109

C HAPTER 4-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 4 Configuring Cisco IOS CNS Age nts This chapt er descr ibes how to configure the Cisco IO S CNS agents on the Catal yst 3750-E and 3560-E swit ch. Unless othe rwise not ed, the term switch refers to a Catalyst 3750 -E or 35 60-E standa lone swi tch and to a C ...
Cisco Systems 3750E - page 110

4-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 4 Config uring C isco IO S CNS Agent s Underst anding Cisco Configurat ion Engin e Software Figur e 4-1 Configur ation Engine Ar chit ectur al Ove rview These sect ions co ntain this co nceptu al in forma tion: • Configuration Servi ce, page 4-2 • Event Se ...
Cisco Systems 3750E - page 111

4-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 Conf iguring Cisco IOS CNS Agents Understanding Cisco Configuration Engine Software Event Servic e The Ci sco C onfiguration Engine uses t he Event Se rvice for re ceipt and g enerat ion of configurat ion e vents. The e vent agent is on the switch and facilita ...
Cisco Systems 3750E - page 112

4-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 4 Config uring C isco IO S CNS Agent s Underst anding Cisco Configurat ion Engin e Software DeviceID Each co nfigured swit ch parti cipati ng on the ev ent bus has a un ique DeviceID, w hich is ana logous to the switch source ad dress so that the switch can be ...
Cisco Systems 3750E - page 113

4-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 Conf iguring Cisco IOS CNS Agents Understa nding Ci sco IOS Age nts Understandin g Cisco IOS Agents The CNS e vent ag ent featu re allo ws the switch to publish an d subscr ibe to e vents on th e e vent b u s and works with the Cisc o IOS agent. Th e Cisco IOS ...
Cisco Systems 3750E - page 114

4-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 4 Config uring C isco IO S CNS Agent s Configuring Cisco IOS Agents Incremental (Partial) Configur ation After t he ne twork i s runn ing, new serv ices c an b e adde d by usi ng the Cisco IOS a gent. Increm ent al (partia l) co nfigurations can be sent to the ...
Cisco Systems 3750E - page 115

4-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 Conf iguring Cisco IOS CNS Agents Configuring Cisco IOS Agents Note For more informatio n about running the setup program and creating templ ates on the Config uration Engine , see the Cisc o Configuration En gine I nstallat ion and Setup Guide, 1. 5 for Li nu ...
Cisco Systems 3750E - page 116

4-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 4 Config uring C isco IO S CNS Agent s Configuring Cisco IOS Agents Enabling th e CNS Ev ent Agent Note Y ou mu st ena ble the CNS e vent ag ent on the s witch b efore you en able th e CNS co nf iguratio n agen t. Beginn ing in pri vileged EXEC mode, follo w t ...
Cisco Systems 3750E - page 117

4-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 Conf iguring Cisco IOS CNS Agents Configuring Cisco IOS Agents Enabling th e Cisco IOS C NS Agent After enabling th e CNS e vent age nt, start t h e Cisco IOS CNS agent on the switch. Y ou can e nable the Cisco IOS ag ent with the se comman ds: • The cns con ...
Cisco Systems 3750E - page 118

4-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 4 Config uring C isco IO S CNS Agent s Configuring Cisco IOS Agents Step 7 cn s id inte rface num { dns-rev erse | ipaddress | mac-addr ess } [ ev en t ] or cns id { hardware -serial | hostname | string string } [ eve n t ] Set th e uniqu e Even tID or Config ...
Cisco Systems 3750E - page 119

4-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 Conf iguring Cisco IOS CNS Agents Configuring Cisco IOS Agents T o disab le th e CNS C isco IO S agent , us e the no cns conf ig initial { ip-address | hostname } global configurati on c ommand. This e xample sho ws h o w to conf igure an initial conf igurati ...
Cisco Systems 3750E - page 120

4-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 4 Config uring C isco IO S CNS Agent s Displaying CNS Con figuration Displaying CNS Configuration Y o u can use the privileged EXE C command s in Ta b l e 4 - 2 to di splay CN S configuratio n infor mation. T able 4-2 Displayi ng CNS Configuratio n Comma nd P ...
Cisco Systems 3750E - page 121

C HAPTER 5-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 5 Managing Switch Stacks This chapt er provid es the concept s and proced ures to man age Ca talyst 3750 -E swit ch stack s. Note For c omplete s yntax and u sage in forma tion fo r the command s used in th is cha pter , see the co mmand refere nce fo r th is r ...
Cisco Systems 3750E - page 122

5-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 5 Mana ging Switch Stacks Underst anding Swit ch Stacks – A mixed software stac k with only Ca talyst 3750-E switch es support ing differen t feat ures or only Catalyst 3750 swi tches support ing di f ferent featu res as st ack m embers. For example, a Cat al ...
Cisco Systems 3750E - page 123

5-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 5 Managing Swi tch Stacks Understanding Switch Stacks T o ma nage switch stac ks, you sho uld under stand: • These conce pts on how swit ch stac ks ar e formed : – Switch Stack M embers hip, page 5 -3 – Stack Mast er Electi on and Re-Ele ction, pa ge 5-5 ? ...
Cisco Systems 3750E - page 124

5-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 5 Mana ging Switch Stacks Underst anding Swit ch Stacks Note M ake sure that you power off t he swi tches th at you add to or re move from the switc h stack. After ad ding or re moving sta ck memb ers, m ake sure th at the sw itch stack is ope rating at full ba ...
Cisco Systems 3750E - page 125

5-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 5 Managing Swi tch Stacks Understanding Switch Stacks Figur e 5-2 A dding a S tandalone S witch t o a Switc h Stack Stack Mas ter Election an d Re-Ele ction The st ack mast er is ele cted or re-e lecte d based on one of t hese fact ors and in the ord er list ed: ...
Cisco Systems 3750E - page 126

5-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 5 Mana ging Switch Stacks Underst anding Swit ch Stacks A stack ma ster ret ains its role unless one of thes e ev ents occurs: • The switch stack is reset. * • The stack master is remov ed from the switch stack. • The stac k master is reset or powered off ...
Cisco Systems 3750E - page 127

5-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 5 Managing Swi tch Stacks Understanding Switch Stacks Stack member s in the same switc h stac k canno t have the sam e stac k me mber n umber. Every stack member , including a standalone switch, ret ains its member number until you manually chan ge the number or ...
Cisco Systems 3750E - page 128

5-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 5 Mana ging Switch Stacks Underst anding Swit ch Stacks Switch Stack Offline Configuration Y o u can use the offline configurati on featu re to pr ovision ( to supply a configu ration to ) a new switc h before it joins the swi tch stack . Y ou c an configure in ...
Cisco Systems 3750E - page 129

5-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 5 Managing Swi tch Stacks Understanding Switch Stacks If you add a prov isioned switch that is a dif f erent type than specif ied in the provisioned co nf iguration to a po wered-do wn switch stack and then apply po wer, the switch stack rejects the (no w incorr ...
Cisco Systems 3750E - page 130

5-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 5 Mana ging Switch Stacks Underst anding Swit ch Stacks Note If the switch stack does not contain a pro v isioned co nf iguration for a ne w switch, the switc h joins the stack wi th the d efault interface c onfigurati on. The switch st ack the n add s to its ...
Cisco Systems 3750E - page 131

5-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 5 Managing Swi tch Stacks Understanding Switch Stacks For more infor mation, see the “Stack Protoc ol V e rsion Compa tibility” section on pa ge 5-11 a nd the Cisco Softwar e Activation and Compatibilit y Document on Cisco.com. For informat ion about mixed ...
Cisco Systems 3750E - page 132

5-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 5 Mana ging Switch Stacks Underst anding Swit ch Stacks Understanding Auto-Upgrade and Auto- Advise When the software detects mismatc h ed softwa re and t ries to upg rade the switch in V M mode, tw o soft ware pr ocesses are in volv ed: automatic up grade and ...
Cisco Systems 3750E - page 133

5-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 5 Managing Swi tch Stacks Understanding Switch Stacks Y o u can use the archi ve-do wnload-sw /al low-featur e-upgrade privileged EXEC c omman d to allo w installing an differ ent softw are image. Auto-Upgrade and Auto-Advise Example Messages When you add a swi ...
Cisco Systems 3750E - page 134

5-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 5 Mana ging Switch Stacks Underst anding Swit ch Stacks *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:extracting c3750e-universal-mz.122-0.0.313.SE/c3750e-universal-mz.122-35.SE2 (4945851 bytes) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:extracting c3750e-u ...
Cisco Systems 3750E - page 135

5-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 5 Managing Swi tch Stacks Understanding Switch Stacks Note Auto-advise and auto-co py iden tify which image s are running b y examin ing the info f ile and b y search ing the dire ctory structure on the swit ch stac k. If you downloa d your image by usi ng the ...
Cisco Systems 3750E - page 136

5-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 5 Mana ging Switch Stacks Underst anding Swit ch Stacks Y o u back up and re store the st ack configurat ion in the same way as you would for a standa lone switc h configurati on. For more info rmation a bout file systems and configur ation files, see Appe ndi ...
Cisco Systems 3750E - page 137

5-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 5 Managing Swi tch Stacks Understanding Switch Stacks Connectivity to the Switch Stack Thr ough an IP Address The switch stack is managed thro ugh a single IP ad dress. The IP addr ess is a system-lev el setting and is not specif ic to the stac k master or to a ...
Cisco Systems 3750E - page 138

5-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 5 Mana ging Switch Stacks Underst anding Swit ch Stacks Switch Stac k Configuratio n Scen arios Ta b l e 5 - 2 pr ovides s witch s tack conf iguration sce narios. Mos t of th e scenar ios assume th at at leas t tw o switch es are connect ed through their Stack ...
Cisco Systems 3750E - page 139

5-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 5 Managing Swi tch Stacks Understanding Switch Stacks Stack mast er elect ion sp ecific al ly d ete rm ined by the cryptog raphic soft ware i mage an d the IP base featur e se t Assuming that all stack members hav e the same priority v alue: 1. Make sure tha t ...
Cisco Systems 3750E - page 140

5-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 5 Mana ging Switch Stacks Conf igurin g the Sw itch Stack Configuring the Switch Stack These sec tions co ntain this co nfiguration in format ion: • Default Swi tch Stack Con f igura tion, page 5-20 • Enablin g Persis tent M A C Addre ss, page 5-20 • Ass ...
Cisco Systems 3750E - page 141

5-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 5 Managing Swi tch Stacks Configuring the Switch Stack • If you e nter a time delay of 1 to 60 minu tes, the stac k MA C addr ess of the previous stac k maste r is used unt il the configur ed tim e peri od expires or until you enter the no stack-ma c persiste ...
Cisco Systems 3750E - page 142

5-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 5 Mana ging Switch Stacks Conf igurin g the Sw itch Stack WARNING: Administrators must make sure that the old stack-mac does WARNING: not appear elsewhere in this network domain. If it does, WARNING: user traffic may be blackholed. Switch(config) # end Switch# ...
Cisco Systems 3750E - page 143

5-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 5 Managing Swi tch Stacks Configuring the Switch Stack Beginn ing in pri vilege d EXEC mode, follo w th ese steps to assign a priori ty valu e to a stack member: This proc edure is option al. Provisioning a New Member for a Switch Stack Note This task is av ail ...
Cisco Systems 3750E - page 144

5-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 5 Mana ging Switch Stacks Access ing the CLI of a Specif ic Stack Memb er T o remo ve pro visione d informa tion an d to a voi d recei ving an error messa ge, remo v e the sp ecif ied switch from the stac k before you use the no form o f this c omm and . This ...
Cisco Systems 3750E - page 145

5-25 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 5 Managing Swi tch Stacks Displaying Switch Stack Information sho w swit ch st ack- por ts Displays port information for the entir e switch stack. show swi tch s tack-ring activity [ detail ] Displays the number of fram es per stack member that ar e sent to the ...
Cisco Systems 3750E - page 146

5-26 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 5 Mana ging Switch Stacks Displaying Switch Stack Inf ormation ...
Cisco Systems 3750E - page 147

C HAPTER 6-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 6 Clustering Switches This chap ter pro vides the con cepts and p rocedu res to cr eate an d manage Cataly st 37 50-E and 3 560-E swit ch cl u ster s. Un les s ot her wis e no ted, th e ter m switch ref ers to a stan dalone swit ch and t o a switc h stack. Y o ...
Cisco Systems 3750E - page 148

6-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 6 Clusteri ng Switches Underst anding Swit ch Clusters In a switch cluster , 1 switch must be the cluster command switch and up to 15 othe r switches can be cluster member switch es . The tot al numbe r of switche s in a cluste r cannot excee d 16 switc hes. Th ...
Cisco Systems 3750E - page 149

6-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 6 Clus tering Switches Understanding Switch Clusters Cluster Command Switc h Characteristics A cluster co mmand switch must me et these req uirements : • It is running Cisco IOS Release 12.2(35)SE 2 or later . • It has an IP address . • It has Cisco Disc o ...
Cisco Systems 3750E - page 150

6-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 6 Clusteri ng Switches Planning a Sw itch Cluster Candidate Switch and Cluster Me mber Switch Characteristics Candid ate swi tches are cluster-capable swi tches and sw itch stacks t hat hav e not yet be en added to a cluster . Cluster member switches are switch ...
Cisco Systems 3750E - page 151

6-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 6 Clus tering Switches Planni ng a Swi tch Clust er Automatic Disco very of Clus ter Candid ates and M embers The clust er com mand swit ch uses Cisc o Discovery Protoc ol (CDP) to discover cluste r member sw itches, candi date switc hes, n eighborin g switch c ...
Cisco Systems 3750E - page 152

6-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 6 Clusteri ng Switches Planning a Sw itch Cluster In Figure 6-1 , the cl uster com mand sw itch ha s ports assigne d to VL ANs 16 and 62. The CDP hop count is three. The clu ster command switch di scov e rs switches 11, 12, 13, and 14 because the y are within t ...
Cisco Systems 3750E - page 153

6-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 6 Clus tering Switches Planni ng a Swi tch Clust er Figure 6-2 sh o ws that the cluste r command switch disco ve rs the switch that is co nnected to a third-p arty hub . Ho wev er , the cluster co mmand switch does not di scov er the switch that is connected to ...
Cisco Systems 3750E - page 154

6-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 6 Clusteri ng Switches Planning a Sw itch Cluster Figur e 6-3 Discov ery Throug h Dif f erent VLANs Discovery Through Different M anagement VLANs Catalyst 296 0, Catalyst 297 0, Catalyst 355 0, Catalys t 3560, Cataly st 3560-E, Cataly st 3750, or Catalyst 3750- ...
Cisco Systems 3750E - page 155

6-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 6 Clus tering Switches Planni ng a Swi tch Clust er Figur e 6-4 Discov ery Throug h Dif f erent M anage ment VLANs with a Layer 3 Clust er Command Sw i tc h Discovery Through Routed Ports If the c luster comma nd switc h has a r outed port (RP) configured , it d ...
Cisco Systems 3750E - page 156

6-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 6 Clusteri ng Switches Planning a Sw itch Cluster Figur e 6-5 Disco very Thr ough Rou ted P o r ts Discovery of Newly Installed Switches T o jo in a cluster, the ne w , out -of-the -box switc h must be conne cted to the clust er throu gh one of its acce ss por ...
Cisco Systems 3750E - page 157

6-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 6 Clus tering Switches Planni ng a Swi tch Clust er HSRP and S tandby Cluster Command Switches The switc h supports H ot Standby Router Prot ocol (HSRP) so that you can configur e a group of standby cluste r comm and switche s. Be cause a clust er co mman d s w ...
Cisco Systems 3750E - page 158

6-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 6 Clusteri ng Switches Planning a Sw itch Cluster Virtual IP Addresses Y o u need t o assign a unique vi rtual IP add ress and gr oup num ber and na me to the clus ter stand by group. This info rmatio n must b e conf igured on a speci f ic VLAN or ro uted port ...
Cisco Systems 3750E - page 159

6-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 6 Clus tering Switches Planni ng a Swi tch Clust er • All stan dby-group memb ers must be member s of the clus ter . Note There is no limit to t he numbe r of switc hes that yo u can assi gn as stan dby cluster c omman d switches. Howe ver , the total number ...
Cisco Systems 3750E - page 160

6-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 6 Clusteri ng Switches Planning a Sw itch Cluster Automatic d iscov ery has these lim itations: • This limitation applies only to cluste r s that hav e Catalyst 2950, Cata lyst 2960, Catalyst 2970, Catalyst 355 0, Catalyst 356 0, Catalyst 356 0-E, Catalyst 3 ...
Cisco Systems 3750E - page 161

6-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 6 Clus tering Switches Planni ng a Swi tch Clust er If a sw itch join s a clus ter and it do es not have a hostname , the c luster c ommand switch a ppen ds a uniq ue member num ber to it s o wn hostname and assigns it sequenti ally as e ach switch jo ins the c ...
Cisco Systems 3750E - page 162

6-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 6 Clusteri ng Switches Planning a Sw itch Cluster Switch Clus ters and Sw itch Stacks A switc h cluster can ha ve one or more Catal yst 3750-E switch stac ks. Each switc h stack can ac t as the clust er command s witch or a s a singl e cluster mem ber . Ta b l ...
Cisco Systems 3750E - page 163

6-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 6 Clus tering Switches Planni ng a Swi tch Clust er These ar e conside rati ons to keep in mind whe n you have switch stacks in switch c luster s: • If the cluster comm and switch is not a Catalyst 3750-E switch or switc h stack and a new stac k master is e l ...
Cisco Systems 3750E - page 164

6-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 6 Clusteri ng Switches Using the CLI to Ma nage Swit ch Clusters Using the CLI to Manage Swit ch Clusters Y o u can co nfigure cluster me mber switch es from the CLI by first logg ing into th e clus ter comma nd switch. En ter the r command user E XEC co mmand ...
Cisco Systems 3750E - page 165

6-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 6 Clus tering Switches Using SNMP to Manag e Swit ch Clust ers Using SNMP to Manage Switc h Clusters When you first power on the sw itch, SN MP is en abled i f you e nter the IP infor matio n by using the setup program and accep t its p ropose d configura tion. ...
Cisco Systems 3750E - page 166

6-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 6 Clusteri ng Switches Using SNMP to Ma nage Sw itch Clusters ...
Cisco Systems 3750E - page 167

C HAPTER 7-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 7 Administering the Switch This chapt er desc ribes how to perfor m one- time opera tions to a dministe r the Catal yst 3750- E or 3560-E swit ch. Unless othe rwise not ed, the term switch refers to a Catalyst 3750 -E or 35 60-E standa lone swi tch and to a C a ...
Cisco Systems 3750E - page 168

7-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 7 Administering the Switch Managin g the Syste m Time and Date The sy stem c lock ca n then be set from these s ource s: • NTP • Manual configurat ion The sy stem c lock can pro vide tim e to these s ervices: • User show comman ds • Logging and de buggi ...
Cisco Systems 3750E - page 169

7-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 7 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Figure 7-1 shows a ty pical netw ork exam ple using NTP . Switch A is the NT P master , with Switch es B, C, and D configured in NTP server mod e, in server associa tion with Switc h A. Switch ...
Cisco Systems 3750E - page 170

7-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 7 Administering the Switch Managin g the Syste m Time and Date These sec tions co ntain this co nfiguration in format ion: • Def aul t NT P Conf igurati on, pag e 7- 4 • Conf iguring NTP Authen tication, page 7-4 • Configuring NT P Associati ons, pa ge 7- ...
Cisco Systems 3750E - page 171

7-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 7 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te T o disab le N TP auth en tica tio n, use th e no ntp authenticate global co nfigurati on comma nd. T o remove an auth enticatio n k ey , use the no ntp authe nticatio n-k ey number glob al co ...
Cisco Systems 3750E - page 172

7-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 7 Administering the Switch Managin g the Syste m Time and Date Beginning in privileged EXE C mode, foll ow these s teps to form a n NTP associa tion with a nother device: Y o u need to co nfigure only one en d of an assoc iation; t he other de vice can a utomat ...
Cisco Systems 3750E - page 173

7-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 7 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te The switc h can send or re ceive NTP broadcast packets on an interface -by-inte rface basis if there is an NTP broa dcast ser ver , such as a router , broad casting time infor mation on the net ...
Cisco Systems 3750E - page 174

7-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 7 Administering the Switch Managin g the Syste m Time and Date T o di sable a n inte rface fro m rece iving NTP broadc ast p ackets, use the no ntp broadcast client in terfa ce configurat ion c omma nd. T o ch ange t he estimat ed r ound-tr ip de lay to the def ...
Cisco Systems 3750E - page 175

7-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 7 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te The ac cess group keywords are sc anned i n thi s ord er , from leas t restri ctive to most r estrict iv e: 1. peer —Allo ws time requests and NTP control queries and al low s the switch to s ...
Cisco Systems 3750E - page 176

7-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 7 Administering the Switch Managin g the Syste m Time and Date Disabling N TP Serv ices on a S pecific Interface NTP service s are enabled on all interfa ces b y default. Beg i n ni n g i n pr ivi l eg ed E X E C mo de , fo l low t h es e s te p s t o d is ab ...
Cisco Systems 3750E - page 177

7-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 7 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Displaying the NTP Config uration Y o u can use two privileged EXEC c omman ds to display NTP inform ation: • show ntp associations [ detail ] • show ntp status For detailed informat ion a ...
Cisco Systems 3750E - page 178

7-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 7 Administering the Switch Managin g the Syste m Time and Date Displaying the Time and Dat e Configuration T o display the time and date conf iguration, use the show clock [ det ail ] pri vileged EXEC comm and. The system clock keeps an authoritative fla g tha ...
Cisco Systems 3750E - page 179

7-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 7 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Configuring Summer Time (Daylight Saving Time) Beginn ing in pri vileged EXEC mode, follo w these steps to confi gure summer time (day light sa ving time) in ar eas wher e it starts and ends o ...
Cisco Systems 3750E - page 180

7-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 7 Administering the Switch Configur ing a System Nam e and Prom pt Beginning in privileged EX EC mode, fol low these steps if summ er tim e in your area do es not foll ow a recurr ing patt ern (con figure the exact da te and tim e of the next summe r time ev e ...
Cisco Systems 3750E - page 181

7-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 7 Administer ing the Switch Confi guring a S ystem Name an d Prompt For complete syntax a nd usage information for th e comman ds used in this se ction, see the Cisc o IOS Configuration Fund amen tals Com mand Reference, Relea se 12.2 a nd the Cisc o IOS I P Co ...
Cisco Systems 3750E - page 182

7-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 7 Administering the Switch Configur ing a System Nam e and Prom pt T o kee p track of domain n ames, IP h as defined the conc ept of a domain n ame s erver , which hol ds a cac he (or dat abase) of na mes map ped to IP a ddresses. T o map domain names to IP ad ...
Cisco Systems 3750E - page 183

7-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 7 Administer ing the Switch Creat ing a Bann er If you u se t he switc h IP ad dress a s its hostnam e, the IP a ddress i s used and no DNS query oc curs. I f you configure a ho stname that contai ns no periods (. ), a period fol lowed by the de fault domain na ...
Cisco Systems 3750E - page 184

7-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 7 Administering the Switch Creating a Banner Configurin g a Mess age-of-the -Day Log in Bann er Y ou can create a single or multiline m essage banner that appears on the scr een when som eone logs in to the switch. Beginning in privileged EX EC mode, fol low t ...
Cisco Systems 3750E - page 185

7-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 7 Administer ing the Switch Mana gi ng the MA C A ddr ess T able Configurin g a Login B anner Y o u can co nfigure a l ogin banner to be di splayed on all c onnec ted t erminal s. This banner appe ars aft er the M O T D bann er a nd befo re the logi n pro mpt. ...
Cisco Systems 3750E - page 186

7-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 7 Administering the Switch Managin g the MAC A ddress Tab le These sec tions co ntain this co nfiguration in format ion: • Building the Ad dress T able, pa ge 7-20 • MA C Addre sses and VLA Ns, page 7- 20 • MA C Addr esses and Sw itch Sta cks, pa ge 7- 2 ...
Cisco Systems 3750E - page 187

7-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 7 Administer ing the Switch Mana gi ng the MA C A ddr ess T able When pr iv ate VLAN s are co nfigured , ad dress le arnin g dep ends on the t ype of MAC addres s: • Dynami c MA C addresses lea rned in one VLA N of a pri vate VLAN ar e replicate d in the asso ...
Cisco Systems 3750E - page 188

7-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 7 Administering the Switch Managin g the MAC A ddress Tab le Beginn ing in pr i vilege d EXEC m ode, follo w these st eps to co nf igure the d ynamic a ddress table aging time: T o return to the def ault v alue, use the no mac address- table aging-time global ...
Cisco Systems 3750E - page 189

7-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 7 Administer ing the Switch Mana gi ng the MA C A ddr ess T able Beginning i n privileged EX EC mo de, fol low these s teps t o configure t he sw itch to send MA C addr ess notif ication traps to an NMS host: Command Purpos e Step 1 configur e terminal Enter gl ...
Cisco Systems 3750E - page 190

7-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 7 Administering the Switch Managin g the MAC A ddress Tab le T o di sable the sw itch from se nding MAC address notificat ion traps, use the no snmp-serv er enable traps mac-notification global con f igura tion co mman d. T o di sable th e MA C address not ifi ...
Cisco Systems 3750E - page 191

7-25 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 7 Administer ing the Switch Mana gi ng the MA C A ddr ess T able Beginning i n privileged EX EC mo de, follo w th ese steps to add a static addr ess: T o remove st atic en tri es fr om t he addr es s ta ble, u se the no mac addre ss-table static mac-addr vlan v ...
Cisco Systems 3750E - page 192

7-26 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 7 Administering the Switch Managin g the MAC A ddress Tab le • If you add a uni cast MA C address as a static address a nd conf igure unicast MA C address f iltering, the switc h eithe r adds the MA C addre ss as a stat ic addres s or drop s pack ets with th ...
Cisco Systems 3750E - page 193

7-27 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 7 Administer ing the Switch Managi ng the ARP Table Displaying A ddress Table Entries Y o u can displa y the MAC address table by using one or more of the privileged EXE C command s describe d in Ta b l e 7 - 4 : Managing the ARP Ta ble T o communic ate with a ...
Cisco Systems 3750E - page 194

7-28 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 7 Administering the Switch Managin g the ARP Table ...
Cisco Systems 3750E - page 195

C HAPTER 8-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 8 Configuring SDM Templates This chapter descr ibes ho w to conf igure the Switc h Database Managem ent (SDM) template s on the Catalyst 3 750-E or 3 560-E sw itch. Un less othe rwise n oted, t he te rm switch refe rs to a Ca talyst 3750-E or 3560- E stan dalo ...
Cisco Systems 3750E - page 196

8-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 8 Configuring SDM Templates Underst anding th e SDM Templ ates The f irst e ight ro ws in the tables (un icast MA C addresses thr ough security A CEs) represent ap proximate hardw are boundaries set wh en a template is selecte d. If a section of a hardw are res ...
Cisco Systems 3750E - page 197

8-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 8 Conf iguring SDM Te mplates Underst anding the SDM Templa tes SDM Template s and Switch St acks In a C atalyst 37 50-E- only or a m ixed hardware switch stack, a ll s tack m embers must u se the same SD M desktop template that is stored on the stack master . W ...
Cisco Systems 3750E - page 198

8-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 8 Configuring SDM Templates Conf igurin g the Sw itch SDM Temp lat e 2d23h:%SDM-6-MISMATCH_ADVISE:compatible desktop SDM template: 2d23h:%SDM-6-MISMATCH_ADVISE: 2d23h:%SDM-6-MISMATCH_ADVISE: "sdm prefer vlan desktop" 2d23h:%SDM-6-MISMATCH_ADVISE: &quo ...
Cisco Systems 3750E - page 199

8-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 8 Conf iguring SDM Te mplates Configuring the Switch SDM Template Setting the SDM Template Beginn ing in pri vileged EXEC mode, follo w these step s to use the SDM template to maximi ze feature usage: After the syste m reboots, you can use the show sdm pr efer p ...
Cisco Systems 3750E - page 200

8-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 8 Configuring SDM Templates Display ing the SDM Templates number of qos aces: 0.5K number of security aces: 1K On next reload, template will be “desktop vlan” template. T o return to the default tem plate, use the no sdm prefer global c onfigurat ion co mma ...
Cisco Systems 3750E - page 201

8-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 8 Conf iguring SDM Te mplates Displaying the SDM Templ ates This is an e xample of ou tput fr om the sho w sdm prefer dual-ipv4-and-ipv6 routing comm and ente red on a de sktop swi tch: Switch# show sdm prefer dual-ipv4-and-ipv6 routing The current template is & ...
Cisco Systems 3750E - page 202

8-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 8 Configuring SDM Templates Display ing the SDM Templates ...
Cisco Systems 3750E - page 203

C HAPTER 9-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 9 Configuring Switch-Based Authentication This chapt er descr ibes how to configure switch-b ased aut henticat ion on the Ca talyst 3750-E or 3560- E swit ch. Unless othe rwise not ed, the term switch refers to a Catalyst 3750 -E or 35 60-E standa lone swi tch ...
Cisco Systems 3750E - page 204

9-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds • If you want t o use usernam e and password pairs, but you want to st ore them c entral ly on a ser ver instead o f locall y , you can st ore th em in a dat abase on a ...
Cisco Systems 3750E - page 205

9-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s Setting o r Changin g a Static Enab le Pa ssword The en able password control s access to the privileged EXEC mode. Beginning in privileged EXE C mode, follo w thes ...
Cisco Systems 3750E - page 206

9-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Be ginnin g in pri vileged EXE C mode, follo w these step s to conf igure encryp tion for en able and enab le secr et pas swords : If bo th the e nable and enable secre t ...
Cisco Systems 3750E - page 207

9-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s This exampl e shows ho w to configure th e encr ypted password $1$F aD0$X yti5Rk ls3Loy xzS8 for pri v ileg e le vel 2: Switch(config)# enable secret level 2 5 $1$F ...
Cisco Systems 3750E - page 208

9-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Setting a Telnet P assword for a Te rminal L ine When you power-up your switch for the first ti me, a n au tomat ic setup prog ram runs to as sign IP inform ation and t o ...
Cisco Systems 3750E - page 209

9-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s Beginn ing in pri vileged EXEC mode, follo w these steps to establish a usernam e-based authentic ation system that re quests a logi n usernam e and a password: T o ...
Cisco Systems 3750E - page 210

9-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Setting the Privil ege Level for a Command Beginn ing in pri vile ged EXEC mode, follo w these steps to set the pri v ileg e le vel f or a command mode: When y ou set a c ...
Cisco Systems 3750E - page 211

9-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s Changing the Default Pri vilege Level fo r Lines Beginn ing in pri vileged EXEC mode, fo llo w these steps to chan ge the defaul t pri vilege le vel for a line: Use ...
Cisco Systems 3750E - page 212

9-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ Controlling Switch Access with TACACS+ This sec tion describe s ho w to enable an d conf igure T erminal Access C ontrol ler Access Control System Plus (T A CA CS+), which prov ...
Cisco Systems 3750E - page 213

9-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Figur e 9-1 T ypical T ACA CS+ Networ k Configur ation T A CA CS+, a d minist ered through the AA A secu rity s ervices, can p rovid e thes e ser vices: • Authent ication— P ...
Cisco Systems 3750E - page 214

9-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ TACACS+ Ope ration When a use r attempts a sim ple ASCII login by authenticating to a switch u sing T ACA CS+, this proc ess occurs: 1. When th e conne ction is esta blished, t ...
Cisco Systems 3750E - page 215

9-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ • Configuring T A CACS+ Authoriz ation f or Privileged EXEC Acces s and Network Services, page 9-16 • Startin g T A CA C S+ Accoun ting, pa ge 9-17 Default TACAC S+ Configur ...
Cisco Systems 3750E - page 216

9-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ T o remo ve th e specif ied T A CA CS+ serv er name or address, us e the no tacac s-server host hostname global configurat ion comm and. T o remove a server grou p from the con ...
Cisco Systems 3750E - page 217

9-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ T o disa ble AAA, use the no aaa new-model global configurat ion comma nd. T o disa ble A AA authenti cation, use th e no aaa auth entica tion log in { default | list-name } m e ...
Cisco Systems 3750E - page 218

9-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ Note T o se cure the switch for HTT P acce ss b y using AAA meth ods, you must con fi gure t he switch with th e ip htt p au thenti cati on aaa glo bal c onfiguration com mand. ...
Cisco Systems 3750E - page 219

9-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Starting TACACS+ Accounting The AA A acco unting fe ature tr acks the s ervices that users a r e a ccessi ng an d the amoun t of n etwor k resources th at the y are consum ing. W ...
Cisco Systems 3750E - page 220

9-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Understanding RADIUS RADIUS is a distr ibuted clie nt/ser ver system that secures netw orks against u nauthori zed access . RADIUS c lients run on sup ported Ci sco route rs an ...
Cisco Systems 3750E - page 221

9-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Figur e 9-2 T ran s itioning fr om RADIUS t o T A CACS+ Services RADIUS Operation When a user attem pts to log in and auth enticate to a switch that is a ccess controlled by a RA ...
Cisco Systems 3750E - page 222

9-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Configuring RADIUS This se ction describe s how to c onfigure your switch to su pport R ADIUS. At a mini mum, y ou mus t identify t he host or host s that ru n the RA DIUS serve ...
Cisco Systems 3750E - page 223

9-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Y ou identify RADIUS security ser vers b y their hostname or IP a ddress, hostname and specif ic UDP port numbers, or their I P addre ss and specific UD P port num bers. The comb ...
Cisco Systems 3750E - page 224

9-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Beginn ing in pri vileg ed EXEC mode, follo w these steps to conf igure per - serve r RADIUS server comm unicatio n. This pr oced ure is requi red. Comma nd Purpos e Step 1 conf ...
Cisco Systems 3750E - page 225

9-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS T o remov e the specif ied RADIUS serve r, use the no radius-serv er host hostname | ip- address global configurati on c ommand. This exam ple sh ow s ho w to conf igur e one R A ...
Cisco Systems 3750E - page 226

9-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Step 3 aaa authent ication log in { default | list-name } method1 [ meth od2... ] Create a logi n authen tica tion meth od list. • T o create a def ault list that is used when ...
Cisco Systems 3750E - page 227

9-25 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS T o disa ble AAA, use the no aaa new-model global configurat ion comma nd. T o disa ble A AA authenti cation, use th e no aaa auth entica tion log in { default | list-name } m et ...
Cisco Systems 3750E - page 228

9-26 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Beginning i n privileged E XEC mo de, follow these steps to d efine the AAA server g roup an d assoc iate a particu lar RADI US server with it : Comma nd Purpos e Step 1 conf ig ...
Cisco Systems 3750E - page 229

9-27 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS T o remov e the specif ied RADIUS serve r, use the no radius-serv er host hostname | ip- address global configurati on comm and. T o remove a server group fro m the configurat io ...
Cisco Systems 3750E - page 230

9-28 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS T o disable author ization, u se the no aaa authorizat ion { net work | exec } method1 global configurat ion comm and. Starting RADIUS Accountin g The AAA acco unti ng featu re ...
Cisco Systems 3750E - page 231

9-29 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Configuring Settings for All RADIUS S ervers Beginning i n privileged EX EC mo de, fol low these s teps t o configure g lobal commun icatio n setti ngs between the switch and all ...
Cisco Systems 3750E - page 232

9-30 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS This e xample sho ws how to pro vide a u ser logg ing in fr om a swit ch with immed iate ac cess to p ri v ile ged EXEC co mmands : cisco-avpair= ”shell:priv-lvl=15“ This e ...
Cisco Systems 3750E - page 233

9-31 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with Kerberos As ment ioned ea rlier, to configure RAD IUS (w hether vendor-proprie tary or IETF dr aft-c omplia nt), yo u must specif y the host ru nning the RADIUS se rver daemon an d the ...
Cisco Systems 3750E - page 234

9-32 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch Acce ss wit h Kerberos Y ou must obtain auth orization to use this feat u re and t o do wnload th e cryptograp hic softw are f iles from Cisco. com.For mo re info rmation , see the re lease no tes f ...
Cisco Systems 3750E - page 235

9-33 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with Kerberos This soft ware rel ease sup port s Kerberos 5, w hich a llows organizatio ns that are alr eady using Kerberos 5 to use the same K erberos authenticatio n database on the KDC th ...
Cisco Systems 3750E - page 236

9-34 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch Acce ss wit h Kerberos Kerberos Operation A Kerberos server can be a C atalyst 3750-E or 3560- E switch tha t is configured as a ne twork secu rity server and that can a uthent icate rem ote us ers ...
Cisco Systems 3750E - page 237

9-35 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with Kerberos 4. The KDC send s an encryp ted TGT that includes the user ide ntity to the swi tch. 5. The switch attem pts to decrypt the TGT b y using the passw ord that the use r entered. ...
Cisco Systems 3750E - page 238

9-36 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Configur ing the Switc h for Lo cal Authe ntication a nd Authori zation Note A Kerbero s server can be a Cat alyst 3750-E or 3560-E sw itch that is configured as a net work securit y serv er and that can authe nticate ...
Cisco Systems 3750E - page 239

9-37 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell T o disa ble AAA, use the no aaa new-model global configurat ion c omma nd. T o disabl e au thoriza tion, use the no aaa autho rization { network | exec } method1 globa l confi ...
Cisco Systems 3750E - page 240

9-38 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Conf igurin g the Sw itch for Sec ure Shel l For SSH configuration examples, se e the “SSH Configura tion Ex amples ” secti on in the “C onfiguring Secure Shell” se ction in the “Other Security Fe atures” c ...
Cisco Systems 3750E - page 241

9-39 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell SSH also supports these user authen tication methods: • T A CA CS+ (for m ore inf orma tion, see the “Controlling Switch Acc ess with T A CA CS+” section on page 9-10 ) ? ...
Cisco Systems 3750E - page 242

9-40 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Conf igurin g the Sw itch for Sec ure Shel l • When genera ting the RSA key pair , the message No dom ain specif ied might appear . If it does, you must c onfigure an IP d omain name by usi ng the ip dom a in- nam e ...
Cisco Systems 3750E - page 243

9-41 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell Configuring the SSH Server Beginn ing in pri vileged EXEC mode, follo w these steps to confi gure the SSH serv er: T o return to th e def ault SSH c ontrol par ameters, u se th ...
Cisco Systems 3750E - page 244

9-42 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Conf igurin g th e Sw itch for Sec ure Sock et L a ye r HTTP For more infor mation ab out these com mands, see th e “ Secure She ll Commands ” se ction in the “Other Securit y Features ” chapte r of the Cisc o ...
Cisco Systems 3750E - page 245

9-43 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP When a conn ecti on attempt is made, the HTTPS server provid es a secure connect ion by issuing a certif ied X.509v3 certif icate, obtained from a specif ied CA tru ...
Cisco Systems 3750E - page 246

9-44 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Conf igurin g th e Sw itch for Sec ure Sock et L a ye r HTTP CipherSuit es A CipherSuite spe cifi es the encryption alg orithm and the dige st algorithm to use on a SSL con nection. When conne cting to the HTTPS server ...
Cisco Systems 3750E - page 247

9-45 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP SSL Configuration Guid elines When SSL is used in a switch cluster , the SSL session terminates at the clu ster commander . C luster member switches must run standa ...
Cisco Systems 3750E - page 248

9-46 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Conf igurin g th e Sw itch for Sec ure Sock et L a ye r HTTP Use the no crypto ca tr ustpo int nam e global conf ig uration command to d elete all id entity info rmation and ce rtifica tes as soci at ed wit h the C A. ...
Cisco Systems 3750E - page 249

9-47 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP Use th e no ip http server global configu ration c ommand to disabl e the standa rd HTT P server . Us e the no ip http secur e-serv er global co nfigurati on co mma ...
Cisco Systems 3750E - page 250

9-48 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Conf igurin g the Sw itch for Sec ure Copy Proto col Use the no ip http client secur e-trustpo int nam e to remov e a client trustpoi nt conf iguration. Use the no ip http client sec ur e-ciphersuite to remov e a previ ...
Cisco Systems 3750E - page 251

9-49 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Copy P rotocol Information Abo ut Secure Copy T o c onfigure Se cure Copy feat ure, y ou shou ld u nderstand thes e conc epts . The beha vior of SCP is si milar to that of re mote co ...
Cisco Systems 3750E - page 252

9-50 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 9 Configuring Switch-Based Authentication Conf igurin g the Sw itch for Sec ure Copy Proto col ...
Cisco Systems 3750E - page 253

C HAPTER 10-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 10 Configuring IEEE 802.1x Port-Based Auth entic ation This c hapte r descr ibes h ow to con figure IEEE 802.1x port- based authe ntic ation on the Ca talyst 3750-E or 3560-E sw itch. IEEE 802 .1x authe nticat ion prevents unauthoriz ed devices (clients) from ...
Cisco Systems 3750E - page 254

10-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation • IEEE 8 02.1x Host Mo de, pag e 10-8 • IEEE 8 02.1x Accou nting, pa ge 10-9 • IEEE 802. 1x Accou nting Att ribute-V alue Pairs, pag e 10-9 ...
Cisco Systems 3750E - page 255

10-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Auth enticat ion • Au thenticati on server —per forms th e act ual a uthenti cation of t he clien t. The authentic ation serv er v alidates the ident ity of th ...
Cisco Systems 3750E - page 256

10-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Figure 10-2 shows the authentication process. If Multi Do main Authen tication (MD A) is enabled on a port, this flo w can be u sed with some exce ...
Cisco Systems 3750E - page 257

10-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Auth enticat ion The Session- T imeout RADIUS attrib ute (Attribu te[27]) spec ifie s the time after which re-auth enticatio n occurs. The T ermination- Action RADI ...
Cisco Systems 3750E - page 258

10-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Figur e 1 0-3 Messag e Ex chan ge If IEEE 802.1 x authentica tion times out while wai ting f or an EAPOL message exchan ge and MA C authenti catio ...
Cisco Systems 3750E - page 259

10-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Auth enticat ion Ports in Au thorized and Un authorized S tates During IEEE 802.1x authen tication, depe n ding on the switch por t state, the switch can grant a cl ...
Cisco Systems 3750E - page 260

10-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation If IP connecti vity to the RADIUS serv er is interrupt ed becau se the swit ch that was co nnected to the serv er is rem ove d or fails , these e ...
Cisco Systems 3750E - page 261

10-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Auth enticat ion IEEE 802.1 x Acco unting The IEEE 802.1x st andard de fines ho w users ar e author ized an d authenti cate d for networ k access but does not keep ...
Cisco Systems 3750E - page 262

10-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Y o u can view the A V pairs th at are be ing sen t by the switch by enteri ng the debug radius account ing pri vileged EXEC comman d. Fo r more ...
Cisco Systems 3750E - page 263

10-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Auth enticat ion If an IEEE 802. 1x por t is a uthent icate d an d put in t he RAD IUS server-assigned VL AN, a ny chan ge to the port acc ess VLAN config urat ion ...
Cisco Systems 3750E - page 264

10-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Y o u can use the Filt er-Id attribute to spec ify an inbou nd or outboun d A CL that is alread y configured on the swit ch. The at trib ute cont ...
Cisco Systems 3750E - page 265

10-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Auth enticat ion Any number of IEEE 802 .1x-inca pable clie nts are allo wed acces s when the switc h port is mov ed to the guest VL AN. I f an IEEE 802.1x -capab ...
Cisco Systems 3750E - page 266

10-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation After a p ort mo ves to the restr icted VL AN, a sim ulated EAP success message is sent t o the clie nt. This prev ents c lients from indefinite ...
Cisco Systems 3750E - page 267

10-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Auth enticat ion Inaccessible au thenticatio n bypass interac ts with these features: • Guest VLAN—Inacce ssible auth entication bypass is comp atible wi th gu ...
Cisco Systems 3750E - page 268

10-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation In single-hos t mode, only the IP phone is allowe d on the voice VLAN. In multiple- hosts mode, additional clients can send t r af fi c on the v ...
Cisco Systems 3750E - page 269

10-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Auth enticat ion • When an IEE E 802.1x cl ient logs off, the port chang es to an unauthe nticat ed state , and all dynami c entrie s in the s ecure host t able ...
Cisco Systems 3750E - page 270

10-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation frame with a user name and pa ssword bas ed on the M A C addre ss. If authori zation succee ds, the sw itch grants the client access to the netwo ...
Cisco Systems 3750E - page 271

10-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Auth enticat ion Network Admission Control La yer 2 IEEE 802. 1x Validation The switc h supports t he Network A dmission Control (N AC) Layer 2 IEEE 802.1x validat ...
Cisco Systems 3750E - page 272

10-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation • Until a device is autho rized, th e port drops i ts traff ic. Non-Ci sco IP phone s or voice devices are allo wed into both t h e data and v ...
Cisco Systems 3750E - page 273

10-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing IEEE 802. 1x Authent ication Note The pr oxyacl entry determines the ty pe of al lo wed network ac cess. For more infor mation, see the “Configuring W eb Authent ication” sect ion on pag ...
Cisco Systems 3750E - page 274

10-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Configur ing IEEE 80 2.1x Authen ticatio n Default IEEE 802.1x Auth entication Co nfiguration T ab le 10-2 shows the def a ult IEEE 802.1x au thenticatio n config uration. T able 1 0-2 Def ault IEEE 802. ...
Cisco Systems 3750E - page 275

10-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing IEEE 802. 1x Authent ication IEEE 802.1x Authenticatio n Configur atio n Guidelines These sec tion has configu ration gui delines fo r these featur es: • IEEE 8 02.1x Authe nticati on, pag ...
Cisco Systems 3750E - page 276

10-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Configur ing IEEE 80 2.1x Authen ticatio n – Ether Channel port —Do not con figure a p ort t hat i s an active or a no t-yet -active membe r of an Ether Channel as an IEEE 802. 1x port . If you try t ...
Cisco Systems 3750E - page 277

10-25 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing IEEE 802. 1x Authent ication – Y o u can co nfigure the ina ccessi ble aut henti cation bypass fe ature a nd the rest ricted VLAN on an IEEE 802.1x port. If the switch tries to re-authenti ...
Cisco Systems 3750E - page 278

10-26 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Configur ing IEEE 80 2.1x Authen ticatio n Beginning i n privileged E XEC mo de, follow these s teps to con figure IEEE 802.1 x por t-based authenti cation: Configuring the Sw itch-to-RADIUS-Serv er Comm ...
Cisco Systems 3750E - page 279

10-27 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing IEEE 802. 1x Authent ication Beginning i n privileged EX EC m ode, fo llow these steps to con figure the RADIU S server pa ramet ers on the switc h. This p rocedure is require d. T o delete ...
Cisco Systems 3750E - page 280

10-28 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Configur ing IEEE 80 2.1x Authen ticatio n Configuring the Host Mode Beginn ing in pri vileg ed EXEC mode, follo w these steps to allo w multiple hosts (client s) on an IEEE 802. 1x-au thorize d port tha ...
Cisco Systems 3750E - page 281

10-29 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing IEEE 802. 1x Authent ication Configuring Periodic Re-Authentication Y o u can ena ble perio dic IEE E 802.1 x client re-auth entica tion an d specify how often it oc curs. If yo u do not spe ...
Cisco Systems 3750E - page 282

10-30 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Configur ing IEEE 80 2.1x Authen ticatio n Changing the Quiet P eriod When the swi tch canno t authentic ate the c lient, the swi tch remains idle for a set period o f time and then tries agai n. The dot ...
Cisco Systems 3750E - page 283

10-31 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing IEEE 802. 1x Authent ication T o return to the defaul t retransmission time, use th e no dot 1x time out tx-peri od interface co nfig uration comm and. This e xample sho ws how to set 60 as ...
Cisco Systems 3750E - page 284

10-32 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Configur ing IEEE 80 2.1x Authen ticatio n Setting th e Re-Aut hentication Number Y ou can also ch ange th e number o f times that the switch restarts the authentic ation pr ocess before the port chan ge ...
Cisco Systems 3750E - page 285

10-33 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing IEEE 802. 1x Authent ication Note Y ou must co nfigure the RAD IUS ser ver to perform accounti ng tasks, such as l ogging s tart, stop , and interim-upd ate messages and time stamps. T o tur ...
Cisco Systems 3750E - page 286

10-34 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Configur ing IEEE 80 2.1x Authen ticatio n T o disab le and rem o ve th e guest VLAN, use the no dot1x guest- vlan interface co nf igurat ion comman d. The port returns to the unau thorized state. This e ...
Cisco Systems 3750E - page 287

10-35 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing IEEE 802. 1x Authent ication T o disabl e and remo ve the re strict ed VLAN, us e the no dot1x auth-fail vlan interface co nfigurati on comm and. Th e port retur ns to the una utho rized sta ...
Cisco Systems 3750E - page 288

10-36 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Configur ing IEEE 80 2.1x Authen ticatio n T o return to the default v alue, use the no dot1 x au th-fail max-a ttemp ts interface con fig uration comm and. This exam pl e sh ows how to set 2 as the numb ...
Cisco Systems 3750E - page 289

10-37 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing IEEE 802. 1x Authent ication Step 4 radius-se rver host ip- ad dress [acct- port udp-port ] [ auth-por t udp-port ][ test username name [ idle-time ti me ] [ ignor e-acct- port ] [ ignore-au ...
Cisco Systems 3750E - page 290

10-38 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Configur ing IEEE 80 2.1x Authen ticatio n T o return to th e RADIUS serv er def ault setting s, use th e no radius-ser ver dead-cri teria , the no radius-serv er deadtime , and the no radius-server host ...
Cisco Systems 3750E - page 291

10-39 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing IEEE 802. 1x Authent ication T o d isab le IE EE 80 2.1x auth entic atio n with W oL, us e th e no dot1x control-dir ection interface configurati on c ommand. This e xample sho w s ho w to e ...
Cisco Systems 3750E - page 292

10-40 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Configur ing IEEE 80 2.1x Authen ticatio n Configuring NAC Layer 2 IEEE 802.1x Validation Y o u can configure N A C La yer 2 IEEE 802.1x validation, which i s also referre d to as IEEE 802.1x authenti ca ...
Cisco Systems 3750E - page 293

10-41 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing IEEE 802. 1x Authent ication Configuring Web Authentication Beginn ing in pri vileged EXEC mode, fo llo w these steps to conf igure authentica tion, authorizat io n, accoun ting ( AAA) a nd ...
Cisco Systems 3750E - page 294

10-42 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Configur ing IEEE 80 2.1x Authen ticatio n Beginn ing in pri vileged EXEC mode, fo llo w these steps to conf igure a port to use web authentica tion: This example shows ho w to con figure only web authen ...
Cisco Systems 3750E - page 295

10-43 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing IEEE 802. 1x Authent ication This e xample sh ow s ho w to conf igure IEEE 802.1 x authen tication with web authenti cation as a fallb ack method . Switch(config) configure terminal Switch(c ...
Cisco Systems 3750E - page 296

10-44 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 10 Configuring IEEE 802.1 x Port-Ba sed Authen tication Displaying IEEE 802.1x St atistics and St atus This exampl e shows how to disab le IEEE 802.1x au thent icatio n on the port : Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# no dot1x p ...
Cisco Systems 3750E - page 297

C HAPTER 11-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 11 Configuring Interface Cha racteristics This c hapter d efines the types of i nterface s on th e Ca talyst 3750-E o r 3560 -E swi tch and descr ibes how to conf igure them. Unle ss otherwise noted, the term switc h refers to a Catal yst 3750 -E or 3560 -E st ...
Cisco Systems 3750E - page 298

11-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Underst anding In terface Ty pes • EtherC hannel Po rt Gro ups, pag e 11 -5 • 10-Gigabi t Et hernet I nterfac es, page 11-6 • Po wer ov er Ethernet Ports, page 11-6 • Connecti ng Int erfaces, pa ge 11- 11 • Et ...
Cisco Systems 3750E - page 299

11-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es Configure switch ports by using t he switchport interface c onfi guration comman ds. Use th e switchpor t comm and with no keywords to put an interface th at is in La yer 3 mode i n ...
Cisco Systems 3750E - page 300

11-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Underst anding In terface Ty pes is in the all owed list for a trunk port, the trunk port a u tomatically b ecomes a member of that VLAN a n d traffic is forwarde d to and f rom t he trunk p ort for tha t VL AN. I f VTP ...
Cisco Systems 3750E - page 301

11-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es Switch Virtual Interfaces A switch virtual i n terf ace (SVI ) represe nts a VL AN of swi tch po rts as one interf ace to the r outing or bridging f unctio n in the sys tem. Onl y o ...
Cisco Systems 3750E - page 302

11-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Underst anding In terface Ty pes When you c onfigure an Et herCha nnel, you cr eate a port -chan nel lo gical inte rface an d assign a n inte rface to the Ethe rCha nnel. For Layer 3 in terface s, you manua lly crea te ...
Cisco Systems 3750E - page 303

11-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es power mode. T he p owered device first boots up i n low-power mode, c onsume s less than 7 W , and negotiates to obtain en ough power to oper ate in high -power mode. The device cha ...
Cisco Systems 3750E - page 304

11-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Underst anding In terface Ty pes the request is granted, the switch upda tes the po wer budget . If the r equest is denie d, the switch ensures that power to t he p ort is tur ned o ff, generates a sysl og messag e, and ...
Cisco Systems 3750E - page 305

11-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es Ho we ver , if the power ed-de vice IEEE cla ss is greater than the maxim um wattage , the switch does not supply power to it. If the swit ch learns throu gh CDP messages th at the ...
Cisco Systems 3750E - page 306

11-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Underst anding In terface Ty pes Maximum Power Allocation ( Cutoff P ower) on a PoE Port When po wer polici ng is enab led, t he switch determines o ne of the these v alues as the cutof f po wer on the PoE port in this ...
Cisco Systems 3750E - page 307

11-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es Because t he swit ch suppor ts interna l power supplie s and the Cisco Redun dant Power System 2300 ( also referred to as the RPS 2300), the total amount of po wer a v ailable for ...
Cisco Systems 3750E - page 308

11-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Underst anding In terface Ty pes • The ro uting f u nction can be en abled on all SVIs an d rout ed por ts. The swi tch routes on ly IP traf fic . When IP r outing protoc ol para meters a nd a ddress co nfigurati on ...
Cisco Systems 3750E - page 309

11-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es Figur e 1 1 -3 Connecting a Switch Stac k t o a PC By default , the Ethern et m anagem ent po rt is e nable d. Th e swit ch ca nnot rou te pac kets from the E therne t manage ment ...
Cisco Systems 3750E - page 310

11-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Underst anding In terface Ty pes In Figure 11 -4 , if the Ethern et mana gement p ort and th e netw ork port s are associa ted with the same routi n g proc ess, the ro utes are pr opag ated as follo ws: • The routes ...
Cisco Systems 3750E - page 311

11-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Using Interface Configuration Mode Use the commands in T able 1 1-2 when using TFT P to download or upl oad a configur ation f ile to the boot loader . Using Interface Con figuration Mode The swit ch supports th ese ...
Cisco Systems 3750E - page 312

11-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Using I nterface Configu ration Mode • Port num ber—T he int erface numb er on t he switch. The 10 /100/10 00 po rt n umber s always b egin at 1, starting with the far left po rt when fac ing the front of the switc ...
Cisco Systems 3750E - page 313

11-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Using Interface Configuration Mode Step 3 Foll ow each interface command with the inte rface conf iguration commands that the interface requires. The co mman ds that you enter define the pro toco ls and appl icati on ...
Cisco Systems 3750E - page 314

11-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Using I nterface Configu ration Mode When usin g the interf ace range global configurat ion comm and, no te th ese guide lines : • V alid entries for port- rang e : – vlan vlan -ID - vlan-I D , where the VLAN ID is ...
Cisco Systems 3750E - page 315

11-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Using Interface Configuration Mode Configur ing and Using Interf ace Range Mac ros Y ou can crea te an inte rface range macro to a utomatic ally select a range of inte rface s for confi g uratio n. Befo re you can us ...
Cisco Systems 3750E - page 316

11-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Configur ing Ethern et Interface s • The VLAN inter faces must ha ve been co nf igured with the interf ace vlan command . The show running-conf ig privileged E XEC c omman d di splays th e co nfigured VLAN inte rface ...
Cisco Systems 3750E - page 317

11-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Config uring Etherne t Interfaces Default Ethernet Inte rface C onfigur ation T ab le 11-3 shows the Ethern et interface default c onfigurat ion, i ncluding some feat ures th at ap ply only to Layer 2 inter faces. F ...
Cisco Systems 3750E - page 318

11-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Configur ing Ethern et Interface s Configuring In terface Sp eed and Du plex M ode Ether net i nterfaces on the switch oper ate a t 10, 100, 1000, or 10,0 00 M b/s a nd in eithe r fu ll- or half-d uplex mode. In full-d ...
Cisco Systems 3750E - page 319

11-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Config uring Etherne t Interfaces • If one inte rface suppo rts au tonegotiati on and the other e nd does no t, configure dup lex and spee d on both i nterface s; do not use the auto setting on the sup ported side ...
Cisco Systems 3750E - page 320

11-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Configur ing Ethern et Interface s Use the no spee d and no duplex interfa ce conf iguration command s to return the interf ace to the def ault speed and duple x settings (autonegot iate). T o return all interf ace set ...
Cisco Systems 3750E - page 321

11-25 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Config uring Etherne t Interfaces T o disa ble flo w cont rol, use the flowcont rol r ecei ve off interface co nfiguration c omman d. This exampl e shows ho w to turn on flow contro l on a port: Switch# configure ter ...
Cisco Systems 3750E - page 322

11-26 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Configur ing Ethern et Interface s T o disa ble a uto-MDIX, use the no mdix auto in terface con figurati on co mman d. This e xample sho ws ho w to enab le auto-MD IX on a port: Switch# configure terminal Switch(config ...
Cisco Systems 3750E - page 323

11-27 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Config uring Etherne t Interfaces For informa tion ab out the outp ut of the show power in line user EXEC comm and, se e the comma nd refere nce for t his rele ase. For more informa tion ab out PoE- rel ated co mmand ...
Cisco Systems 3750E - page 324

11-28 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Configur ing Ethern et Interface s Cautio n Y ou shou ld car efully plan your switch power budget, ena ble the power mo nitorin g feat ure, a nd ma ke certai n not to oversubscribe the power supply . Note When you manu ...
Cisco Systems 3750E - page 325

11-29 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Config uring Etherne t Interfaces T o return to the default setting, use the no power inl ine consumption def ault interfac e conf iguration comm and. For informa tion ab out the outp ut of the show power in line con ...
Cisco Systems 3750E - page 326

11-30 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Configur ing Ethern et Interface s T o di sable poli cing of the re al-tim e power consumptio n, use the no power inline police interface configurati on comm and. T o disable erro r recovery for PoE error-disable d cau ...
Cisco Systems 3750E - page 327

11-31 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Configur ing Layer 3 Interf aces Switch# show interfaces gigabitethernet1/0/2 description Interface Status Protocol Description Gi1/0/2 admin down down Connects to Marketing Configuring E thernet M anagement P orts T ...
Cisco Systems 3750E - page 328

11-32 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Configur ing Layer 3 Interfaces • If the sw itch is notified by VLAN Trunking Pro tocol (VT P) of a new VLAN, it sends a me ssage tha t there a re not e nough hardware resourc es av ailable a nd shu ts down the VL AN ...
Cisco Systems 3750E - page 329

11-33 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Confi guring t he Syste m MTU Configuring the System MTU The d efault ma ximum t ransmi ssion uni t (MTU) s ize for fram es re ceived and sent on all i nterfaces o n the switch or sw itch stack is 1500 bytes. Y ou ca ...
Cisco Systems 3750E - page 330

11-34 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Conf igurin g th e Syst em MTU The upp er limit of t he system ro uting MT U v alue is based on the swit ch or switc h stack co nfiguration and refer s to either th e currently applied system MT U or the system jumbo M ...
Cisco Systems 3750E - page 331

11-35 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Configur ing the Cisc o Redunda nt Power System 2300 If you e nter a v alue th at is outsid e the a llo wed ra nge for th e specif ic type of interfa ce, the v alue is not acce pted. This example shows ho w to set th ...
Cisco Systems 3750E - page 332

11-36 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Configur ing the Cisco Red undant Pow er System 230 0 • Y o u can co nfigure the pr iority o f an RPS 2300 port fro m 1 to 6. Specify ing a value of 1 assigns the port a nd its connec ted d evices the h ighest priori ...
Cisco Systems 3750E - page 333

11-37 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Configuring the Power Supplies T o return to the RPS 2300 default settings, use these co mmands: • T o re turn to the de fault name se tting (no na me is co nfigured), use th e power r ps switch-number port rps-por ...
Cisco Systems 3750E - page 334

11-38 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Monito ring and Mai ntainin g the Interfac es For more infor mati on about usin g the power supply user E XEC comman d, see the comman d re ference for th is re lease . Monitoring and Main taining the In terfaces These ...
Cisco Systems 3750E - page 335

11-39 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 1 Configuring Interfac e Charact eristics Monitoring and Maintaining the Interfaces Clearing and Resetting In terfaces and Counters T ab le 11-7 lists the pri vilege d EXEC mode clear comman ds that you can us e to clear co unters and reset interf aces. T o ...
Cisco Systems 3750E - page 336

11-40 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 11 Configuring Interface Characteristics Monito ring and Mai ntainin g the Interfac es Shutting Down and Restarting the Interface Shutting d ow n an i nterfac e disable s all fu nctions o n the spe cifi ed interf ace and marks the inter face as unav ailable o ...
Cisco Systems 3750E - page 337

C HAPTER 12-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 12 Configuring Smartports Macro s This cha pter descr ibes how to configure and appl y Smartp orts mac ros on the Ca talyst 3750-E or 35 60-E switch. Note For c omplete s yntax and u sage in forma tion fo r the command s used in th is cha pter , see the co mma ...
Cisco Systems 3750E - page 338

12-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 12 Configuri ng Smart ports Mac ros Configuring Smartpor ts Macros Cisco also provid es a collection of prete sted, Cisco-recomme nded baseline conf iguration templates for Catalyst switc hes. The onli ne reference g uide temp lates pro vide the CLI co mmands ...
Cisco Systems 3750E - page 339

12-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 12 Configur ing Smartpor ts Macros Config uring Smartp orts Mac ros Smartports Mac ro Con figuration Guidelines Follow these guideli nes when configuring ma cros on your sw itch: • When crea ting a macro , do not use the exit or end comm ands or change th e c ...
Cisco Systems 3750E - page 340

12-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 12 Configuri ng Smart ports Mac ros Configuring Smartpor ts Macros Foll ow th ese guidelines when you apply a Cisco-d efault Smartp orts macro on an interf ace: • Display all macr os on the switch by using the show pa rser ma cro user EXE C comm and. Dis pla ...
Cisco Systems 3750E - page 341

12-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 12 Configur ing Smartpor ts Macros Config uring Smartp orts Mac ros Applying Smar tports Ma cros Beginning i n privileged E XEC mo de, follow these s teps to app ly a Smartpor ts mac ro: Y o u can dele te a globa l macr o-applie d configurati on on a swit ch on ...
Cisco Systems 3750E - page 342

12-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 12 Configuri ng Smart ports Mac ros Configuring Smartpor ts Macros This exam ple sh ows how to app ly th e user-cre ated m acro c alle d snmp , to set the ho stname address to test- server , and to set the IP prec edence valu e to 7 : Switch(config)# macro glo ...
Cisco Systems 3750E - page 343

12-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 12 Configur ing Smartpor ts Macros Config uring Smartp orts Mac ros Y o u can dele te a globa l macr o-applie d configurati on on a swit ch only by ente ring the no vers ion of each comm and th at is in t he macro. Y ou can delete a m acro-a pplie d co nfigurat ...
Cisco Systems 3750E - page 344

12-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 12 Configuri ng Smart ports Mac ros Displaying Smartpor ts Macros Displaying Smartports Macros T o display th e Smartpo rts macros , use one o r more of the p ri v ile ged EXE C commands in T a ble 12-2 . T able 12-2 Commands for Displ aying Smar tports Macr o ...
Cisco Systems 3750E - page 345

C HAPTER 13-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 13 Configuring VLANs This c hapter describ es how to c onfigure norm al- range VL ANs (V LAN IDs 1 t o 100 5) and extended-ra nge VLAN s (VLA N IDs 1006 to 4094) on th e Ca talyst 3750-E and 3560- E sw itch. I t include s info rmation about VLA N member ship m ...
Cisco Systems 3750E - page 346

13-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 13 Configuring VLANs Underst anding VL ANs Note Be fore you create VLANs , you mu st deci de wh ether to use V LAN Trunking Pr otocol (V TP) to maint ain global VL AN configurat ion for you r network. For more informa tion on VTP , see Chapt er 14, “Configur ...
Cisco Systems 3750E - page 347

13-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 3 Configuring VLANs Unde rsta ndin g VLAN s Supporte d VLANs The swi tch suppor ts VLANs in VT P client, serv er , and transpar ent mod es. VLANs a re identif ied by a number fr om 1 to 4094. VLAN ID s 1002 throu gh 1005 a re reserved for T oken Ring a nd FDD ...
Cisco Systems 3750E - page 348

13-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 13 Configuring VLANs Configur ing Normal- Range VLA Ns For more de tailed definitions of acce ss and tru nk mo des and their f unctions, see T a ble 13-4 on page 13-1 8 . When a port belongs to a VLAN , the switch l earns and ma nages the add resses associated ...
Cisco Systems 3750E - page 349

13-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 3 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns Cautio n Y ou can cause inconsistenc y in the VLAN d atabase if you attempt to manually delete th e vlan.dat file. If you wa nt to modi fy the V LAN c onfiguration, use the comma nds descr ibed i n thes ...
Cisco Systems 3750E - page 350

13-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 13 Configuring VLANs Configur ing Normal- Range VLA Ns Token Rin g VLANs Although the switch does not s upport T o ken Ring connec tions, a remot e device such as a Catalyst 5000 series switch with T oken Rin g con nection s could be ma naged from o ne of the ...
Cisco Systems 3750E - page 351

13-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 3 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns VLAN Configuration Mode Options Y o u can c onfigure nor mal-rang e VL ANs (wi th VLAN IDs 1 t o 1005) by using the se two configu ration modes: • VLAN Configur ation in config-vlan M ode, page 13 -7 ...
Cisco Systems 3750E - page 352

13-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 13 Configuring VLANs Configur ing Normal- Range VLA Ns When you save VLAN and VTP infor mation (i ncluding extended-r ange VLAN configurat ion informatio n) in the star tup conf iguration f ile and re boot the switch, the swit ch configurat io n is selec ted a ...
Cisco Systems 3750E - page 353

13-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 3 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns Creating or Modifyin g an Et hernet VLAN Each E therne t VLA N in the VLAN d ataba se has a uni que, 4- digit I D tha t ca n be a nu mber fr om 1 to 1001. V LAN IDs 1002 to 1005 are re served for T oken ...
Cisco Systems 3750E - page 354

13-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 13 Configuring VLANs Configur ing Normal- Range VLA Ns Y o u can also c reate or mod ify Ethe rnet VLANs by using the VLAN database co nfiguration mo de. Note VLA N data base configurati on mode doe s not sup port RSP AN VLA N configura tion o r extended- ran ...
Cisco Systems 3750E - page 355

13-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 3 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns Cautio n When you delete a VLAN, a ny por ts assigned to that VLAN be come inac tiv e. They r emain associ ated with th e VLAN ( and thus inacti ve) until you assign them to a ne w VLAN. Beginn ing in ...
Cisco Systems 3750E - page 356

13-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 13 Configuring VLANs Configur ing Extend ed-Range VLANs T o return an interfac e to its defaul t configu ration, use the default interface in terface-id interfa ce configurati on c ommand. This example shows ho w to configure a port as an access port in VLAN ...
Cisco Systems 3750E - page 357

13-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 3 Configuring VLANs Conf iguri ng Ext end ed-R ange VL ANs Extended -Ran ge VLAN C onfiguration G uidelines Foll ow th ese guidelines when cr eating exte n ded-range VLA Ns: • T o a dd an extended-ra nge VLAN, y ou mu st use th e vl an vlan-id globa l conf ...
Cisco Systems 3750E - page 358

13-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 13 Configuring VLANs Configur ing Extend ed-Range VLANs Creating an E xtended-Ra nge VL AN Y o u cr eate an exten ded-r ange VLAN in g loba l configur ation mode by ente ring the vlan glob al configurati on comm and with a VLAN ID from 1006 to 4094. Th is com ...
Cisco Systems 3750E - page 359

13-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 3 Configuring VLANs Conf iguri ng Ext end ed-R ange VL ANs This e xample shows how to c reate a ne w ex tended-ra nge VLAN w ith all d efault charac teristics, e nter config-vlan mode , an d sav e th e new VLAN in th e swit ch start up configu ration file : ...
Cisco Systems 3750E - page 360

13-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 13 Configuring VLANs Displa ying VL ANs Displaying VLANs Use the show vlan privi leged EXEC command to display a list of all VLA Ns on the switch, including extended -range V LANs. Th e displa y includ es VLAN status, port s, and co nfiguration inform ation . ...
Cisco Systems 3750E - page 361

13-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 3 Configuring VLANs Confi guri ng V LAN Trunk s Figure 13-2 shows a network of swit ches that are conn ected by ISL trunks. Figur e 13-2 Switc hes in an ISL T runk ing En vir onment Y o u can configure a trunk o n a single Ether net i nterface or o n an Ethe ...
Cisco Systems 3750E - page 362

13-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 13 Configuring VLANs Configur ing VLAN Tr unks Encapsulation Type s T ab le 13-5 lists the Et hernet trunk enca psulat ion types and keyw ords. Note Th e switch doe s not support La yer 3 trunk s; you canno t configure subint erfaces or use the encapsulation ...
Cisco Systems 3750E - page 363

13-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 3 Configuring VLANs Confi guri ng V LAN Trunk s IEEE 802.1Q Configuration Considerations The IE EE 8 02.1Q t runks i mpose these limita tions o n the trun king stra tegy for a network: • In a ne twork of Cisco switch es conne cted through IEEE 802.1 Q trun ...
Cisco Systems 3750E - page 364

13-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 13 Configuring VLANs Configur ing VLAN Tr unks • Changing t he Pruning-Elig ible List, page 13- 22 • Conf iguring the Nati ve VLAN for Unta gged T raff ic, page 13-23 Note By default, an interfa ce is in Layer 2 mode. The de fault mode for Layer 2 interfa ...
Cisco Systems 3750E - page 365

13-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 3 Configuring VLANs Confi guri ng V LAN Trunk s T o return an interfac e to its defaul t configu ration, use the default interface in terface-id interfa ce configurat ion com mand. T o reset all tru nking cha rac teris tics of a trunk ing in terface t o the ...
Cisco Systems 3750E - page 366

13-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 13 Configuring VLANs Configur ing VLAN Tr unks T o re duce t he risk o f spann ing-tree loo ps or storm s, you c an disa ble VLA N 1 on any in dividual VLAN trunk port by removin g VLAN 1 from t he allowed list. Whe n you remove VLAN 1 from a trunk port , the ...
Cisco Systems 3750E - page 367

13-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 3 Configuring VLANs Confi guri ng V LAN Trunk s Beginn ing in pri vileg ed EXEC mode, follo w these steps to remov e VLANs from the pruning- eligible list on a trunk por t: T o r etur n to th e de fault pruni ng-e ligibl e list o f al l VLAN s, us e the no s ...
Cisco Systems 3750E - page 368

13-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 13 Configuring VLANs Configur ing VLAN Tr unks T o return to the defau lt nati ve VL AN, VLAN 1, use the no switchport trunk nativ e vlan inte r face configurati on c ommand. If a pack et has a VL AN ID th at is t h e sa me as the out going p ort n ati ve VLA ...
Cisco Systems 3750E - page 369

13-25 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 3 Configuring VLANs Confi guri ng V LAN Trunk s In thi s way , Trunk 1 c arries traffic for V LANs 8 thr ough 1 0, and T runk 2 car ries tra ff i c fo r VLA Ns 3 through 6. If the a cti ve trunk f ails, the tr unk with the lo wer priority tak es ov er and ca ...
Cisco Systems 3750E - page 370

13-26 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 13 Configuring VLANs Configur ing VLAN Tr unks Load Sharing Using STP Path C ost Y o u can configure pa rallel trunks to share VLAN traffic by setting di fferent path costs on a trunk and associ ating the path costs wit h dif feren t sets of VLANs, blockin g ...
Cisco Systems 3750E - page 371

13-27 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 3 Configuring VLANs Confi guri ng V LAN Trunk s Figur e 13-4 Load-Shar ing T run ks with T ra f fic Distr ibuted b y P ath Cost Beginn ing in pri vile ged EXEC mode, follo w these steps to conf igure the netw ork sho wn in Figure 13 -4 : 90573 Switch A Switc ...
Cisco Systems 3750E - page 372

13-28 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 13 Configuring VLANs Configuring VMPS Configuring VMPS The VLA N Quer y Protocol (V QP) is u sed to suppor t dynami c-ac cess ports , which are not perma nently assigne d to a VLAN, but gi ve VLAN assign ments base d on the MAC source addresses se en on the p ...
Cisco Systems 3750E - page 373

13-29 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 3 Configuring VLANs Configuring VMPS Dynamic-Access Port VLAN M embership A dynamic -access port can belo ng to only one VL AN with an ID from 1 to 4094. Wh en the link comes up, the switch does not for ward traf fic to or from this port unt il the VMPS prov ...
Cisco Systems 3750E - page 374

13-30 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 13 Configuring VLANs Configuring VMPS • IEEE 802. 1x ports ca nnot be c onfigured as dy namic-a ccess ports. If you try to ena ble IEEE 802.1x on a dyna mic-a ccess ( VQP) por t, an e rror message appears , and IEEE 802 .1x i s not enab led. If you try to c ...
Cisco Systems 3750E - page 375

13-31 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 3 Configuring VLANs Configuring VMPS Note Y ou must have IP connectivity to the VMPS for dynam ic-acc ess ports to work. Y ou can test for IP connec tivity b y pinging th e IP address of t he VMPS and verifyin g that you get a response . Configuring Dynamic- ...
Cisco Systems 3750E - page 376

13-32 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 13 Configuring VLANs Configuring VMPS Changing the Reconfirmation In terval VMPS clients perio dically r econf irm the VLAN member ship inf ormation recei ved fro m the VMPS.Y ou can se t the numb er of m inute s afte r wh ich rec onfirmation occ urs. If you ...
Cisco Systems 3750E - page 377

13-33 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 3 Configuring VLANs Configuring VMPS Monitoring the VMPS Y ou can displ ay inform ation ab out the VM PS by usin g the sho w vmps pri vileged EXEC co mmand. The switch displays this information about the VMPS: • VMPS VQP V ersion—the ver sion of VQP used ...
Cisco Systems 3750E - page 378

13-34 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 13 Configuring VLANs Configuring VMPS • End stations are connected to the clien ts, Switch B and Switch I. • The dat abase con figuration file is store d on the TFTP server with th e IP address 172. 20.22 .7. Figur e 13-5 Dynami c P or t VLAN Membe rship ...
Cisco Systems 3750E - page 379

C HAPTER 14-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 14 Configuring VTP This c hapter describ es how to us e t he VLA N Trunking Prot ocol ( VTP) a nd the VLAN databa se fo r managing VLANs wi th the Catalyst 3750-E or 35 60-E sw itch. Unl ess otherwis e noted, t he term switch refers to a Catalyst 3750-E or 3 5 ...
Cisco Systems 3750E - page 380

14-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 14 Configuring VTP Underst anding VTP The swi tch suppo rts 1005 VLA Ns, but the numbe r of r outed po rts, SVIs, and othe r configured feat ures af fects the u sage of the switch hardw are. If the switch is n otifie d by VTP of a ne w VLAN a nd the swit ch is ...
Cisco Systems 3750E - page 381

14-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 14 Configur ing VTP Underst anding VT P For domain nam e and p assword configuration gui delines, see t he “VTP Conf iguration Guidel ines” section on page 14-8 . VTP Mode s Y o u can configur e a suppor ted switch or sw itch stack t o be in one of the V TP ...
Cisco Systems 3750E - page 382

14-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 14 Configuring VTP Underst anding VTP VTP adv ertiseme nts distrib ute this global domain i nformation: • VTP domain na me • VTP configurati on revision number • Update id entity an d updat e timestam p • MD5 diges t VLAN conf iguration, including maxi ...
Cisco Systems 3750E - page 383

14-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 14 Configur ing VTP Underst anding VT P VTP pruni ng blocks unn eeded floo ded traffic to VLANs on tr unk ports th at are i nclude d in the pruning -elig ible list. Only VLA Ns incl uded in the pruning -el igible l ist can be prun ed. By de fault, VLANs 2 thr o ...
Cisco Systems 3750E - page 384

14-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 14 Configuring VTP Conf igurin g VTP Enab ling VT P prun ing on a V TP server e nable s prun ing for the e ntire m anagem ent d omain. Mak ing VLANs pru ning-eligible or pruning-i neligible af fects prun ing eligibility for th ose VLANs on th at trunk only (no ...
Cisco Systems 3750E - page 385

14-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 14 Configur ing VTP Configuring VTP Default VTP Configuration T ab le 14-2 shows the def ault VTP conf iguration. VTP Configuration Options Y o u can configure VTP by using these co nfiguration mo des. • VTP Configura tion in Global Configuration Mode , page ...
Cisco Systems 3750E - page 386

14-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 14 Configuring VTP Conf igurin g VTP VTP Configuration in VLAN Database Configuration Mode Y o u can configure al l VTP param eters in VLA N database con figuration mod e, which you access by ent erin g th e vlan database p rivileged EXEC comma nd. For more in ...
Cisco Systems 3750E - page 387

14-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 14 Configur ing VTP Configuring VTP VTP Ve rsi on Foll ow these guidelines w hen decidin g which VTP v ersion to implem ent: • All switches in a VTP domain must run the same VTP versi on. • A VTP V ersion 2 -capa ble switch c a n operate in the same VTP dom ...
Cisco Systems 3750E - page 388

14-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 14 Configuring VTP Conf igurin g VTP When you con figure a domain na me, it cannot be rem oved; you can only rea ssign a switc h to a different domain. T o r eturn the sw itch to a no-passwor d stat e, u se the no vtp password global co nfigurati on comman d. ...
Cisco Systems 3750E - page 389

14-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 14 Configur ing VTP Configuring VTP This exam ple sh ows ho w to use VLAN databa se configu ration m ode to configure t he swit ch as a V TP serv er with th e domain name eng_group and the password mypassw or d : Switch# vlan database Switch(vlan)# vtp server ...
Cisco Systems 3750E - page 390

14-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 14 Configuring VTP Conf igurin g VTP Use the no vtp mode global co nfigurati on comma nd to retu rn the switc h to VTP server mo de. T o return the swi tch to a no- password sta te, u se t he no vtp password pr ivileged EX EC c ommand. Wh en y ou configure a ...
Cisco Systems 3750E - page 391

14-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 14 Configur ing VTP Configuring VTP Note Y ou can also c onfigure VTP tra nsparent mod e by using the vlan d ata base privileged EXEC comm and to enter VLAN datab ase conf iguration mod e and by ente ring the vtp transparent command, simila r to the seco nd pr ...
Cisco Systems 3750E - page 392

14-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 14 Configuring VTP Conf igurin g VTP Enabling V TP Prunin g Pruning inc reases available bandwi dth by restric ting flood ed traffic to those trunk lin ks that the traff i c must use to acces s the destinat ion devices. Y ou can onl y enabl e VTP prun ing on ...
Cisco Systems 3750E - page 393

14-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 14 Configur ing VTP Configuring VTP Beginning i n privileged E XEC mo de, follow these steps to ver ify an d res et the VTP configurati on revision number on a switch befor e adding it to a VTP domain: Y ou can also ch ange the VTP domain na me by enterin g th ...
Cisco Systems 3750E - page 394

14-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 14 Configuring VTP Monito ring VTP Monitoring VTP Y o u mon itor VT P by displayin g VT P configuratio n infor mation: the domain name, the c urrent V TP revision, and the n umber of VLAN s. Y ou ca n also displa y stat istics about the advertis emen ts se nt ...
Cisco Systems 3750E - page 395

C HAPTER 15-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 15 Configuring Voic e VLAN This c hapter describ es how to c onfigure the voice V LAN fea ture on the Cata lyst 37 50-E or 3560- E swit ch. Unless othe rwise not ed, the term switch refers to a Catalyst 3750 -E or 35 60-E standa lone swi tch and to a Catal y s ...
Cisco Systems 3750E - page 396

15-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 15 Configuring Voice V LAN Underst anding Voice VL AN Figure 15-1 shows one way to conne ct a Cisco 7960 IP Phon e. Figur e 15-1 Cisco 79 60 IP Phone Connect ed to a Sw itch Cisco IP Phone Voice Traffic Y ou can conf igur e an access po rt with an atta ched Ci ...
Cisco Systems 3750E - page 397

15-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 5 Configuring Voice VLA N Configuring Voice VLAN Note Un tagged traffic from th e device a ttache d to t he Cisco I P Phone passes t hrou gh the phone unc hanged, regardless of the tr ust stat e of t he acce ss port on the phone. Configuring Vo ice VLAN These ...
Cisco Systems 3750E - page 398

15-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 15 Configuring Voice V LAN Configuring Voice VLAN • The Port Fast featu re is automati cally enabled wh en v oice VLAN is c o nf igured . When y ou disa ble v oice VLAN , the Po rt F a st featu re is n ot automatic ally disabled. • If the Cisc o IP Phon e ...
Cisco Systems 3750E - page 399

15-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 5 Configuring Voice VLA N Configuring Voice VLAN Configuring Cisco IP Phone V oice Traffic Y o u can c onfigure a po rt conn ecte d to the Cisco IP Phon e to se nd CDP pa ckets to th e phon e to c onfigure the wa y in whic h the phone send s vo ice traf fic. ...
Cisco Systems 3750E - page 400

15-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 15 Configuring Voice V LAN Configuring Voice VLAN This example shows ho w to configure a port connected to a Cisco IP Phone to use the CoS value to classify inco ming traf fic, to use I EEE 802.1p prior ity tagging for v oice traf fi c, and to use the def ault ...
Cisco Systems 3750E - page 401

15-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 5 Configuring Voice VLA N Displaying Voice VLAN This exa mple sh ows ho w to c onfigure a port c onnec ted to a Cisco IP Pho ne to not change t he priorit y of frame s rece i ved from t he PC or the attached de vice: Switch# configure terminal Enter configura ...
Cisco Systems 3750E - page 402

15-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 15 Configuring Voice V LAN Displa ying Vo ice VLA N ...
Cisco Systems 3750E - page 403

C HAPTER 16-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 16 Configuring Private VLANs This c hapter d escrib es how to configu re private VLANs on the C ataly st 3750- E or 3560-E switch. Unless otherw ise noted, the term switch refers to a Catalyst 3750-E or 3 560-E stan dalone switch and to a Cataly st 3750-E swit ...
Cisco Systems 3750E - page 404

16-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 16 Configuring Private VLANs Underst anding Priva te VLANs Figu re 16-1 Priv a te-VL AN Doma in Ther e are two ty pes o f second ary VLA Ns: • Isol ated VLA Ns—Ports within an iso lated VL AN cann ot comm unicate with ea ch oth er at t h e Layer 2 level. ? ...
Cisco Systems 3750E - page 405

16-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 6 Configuring Private VLA Ns Unde rsta ndin g Priva te VLAN s Primary an d second ary VLANs ha ve these char acter istics: • Primary VLAN—A pri v ate VLAN h as only one primar y VLAN. Ev ery por t in a p ri v ate VLAN is a member of the prim ary VLAN. T h ...
Cisco Systems 3750E - page 406

16-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 16 Configuring Private VLANs Underst anding Priva te VLANs Private VLANs across Multiple Switches As with regula r VLANs, pri vate VLAN s can span multiple switches. A trunk port carries the primar y VLAN a nd seco ndary VLANs to a n eighbor ing sw itch. T he ...
Cisco Systems 3750E - page 407

16-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 6 Configuring Private VLA Ns Unde rsta ndin g Priva te VLAN s Y o u should also se e the “Se condar y and Prima ry VLAN Co nfiguration” section on page 16- 7 under the “Pri v ate-VLAN Conf iguration G u idelines” sect ion. Private VLANs and Unicast , ...
Cisco Systems 3750E - page 408

16-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 16 Configuring Private VLANs Configur ing Private VLAN s Private VLANs and Swi tch Stacks Pri vate VLANs can operat e within the switc h stack, and pri vate -VLAN por ts can resid e on dif feren t stack members. Howe ver , some changes to the switch stack can ...
Cisco Systems 3750E - page 409

16-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 6 Configuring Private VLA Ns Conf igurin g Priva te VLAN s Step 5 If inter-VLA N routing will be u sed, co nfigure the pr imary SVI , and ma p secondar y VLAN s to the primary . See th e “Map ping Seconda ry V LANs to a Pri mary V LA N Laye r 3 VL AN Int er ...
Cisco Systems 3750E - page 410

16-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 16 Configuring Private VLANs Configur ing Private VLAN s • W e recomme nd that you prune th e pri vate VLANs from the trunks on de vices that carry no tra ff ic in the p ri v ate VLANs. • Y ou can apply di fferen t quali ty of serv ice (QoS) co nf iguratio ...
Cisco Systems 3750E - page 411

16-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 6 Configuring Private VLA Ns Conf igurin g Priva te VLAN s • Do not configu re ports that bel ong to a P A gP or L A CP E therCha nnel a s priv a te-V LAN port s. Whi le a po rt is part o f the priv ate-V LAN co nfigurati on, any Et herC hannel c onfigurati ...
Cisco Systems 3750E - page 412

16-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 16 Configuring Private VLANs Configur ing Private VLAN s Note Dyn amic MA C address es lear ned in on e VLAN of a pri vat e VLAN are re plicat ed in the associ ated VLANs. F or example , a MAC address lear ned in a sec ondary VL AN is replicate d in th e prim ...
Cisco Systems 3750E - page 413

16-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 6 Configuring Private VLA Ns Conf igurin g Priva te VLAN s When you as sociat e seconda ry VLANs with a prim ary VLA N, note this s yntax info rmation : • The seco ndary_ vlan_lis t paramete r canno t conta in spaces . It can co ntain multiple comm a-sep a ...
Cisco Systems 3750E - page 414

16-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 16 Configuring Private VLANs Configur ing Private VLAN s Configur ing a Lay er 2 Inter face a s a Priv ate-VLAN Host Port Beginning i n privileged E XEC mode, follow these ste ps to c onfigure a Laye r 2 i nterface as a priv a te-VLA N host port and to assoc ...
Cisco Systems 3750E - page 415

16-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 6 Configuring Private VLA Ns Conf igurin g Priva te VLAN s Configur ing a Layer 2 Inter face a s a Priv ate-VLAN Prom iscuous Port Beginning i n privileged E XEC mode, follow these ste ps to c onfigure a Laye r 2 i nterface as a priv a te-VLA N prom iscu ous ...
Cisco Systems 3750E - page 416

16-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 16 Configuring Private VLANs Configur ing Private VLAN s Mapping S econd ary VLAN s to a Primary VLAN Layer 3 VLAN Interfa ce If the p ri vate VL AN will be used f or inter -VLAN routing , you con fig ure an S VI for th e primar y VLAN and map sec ondar y VLA ...
Cisco Systems 3750E - page 417

16-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 6 Configuring Private VLA Ns Monitoring Private VLANs Monitoring Private VLANs T ab le 16-1 shows the pri vileged EXE C commands for monitori ng pri v ate-VLAN acti vity . This i s an exampl e of t he o utput from the show vlan private-vlan comm and: Switch( ...
Cisco Systems 3750E - page 418

16-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 16 Configuring Private VLANs Monito ring Private VL ANs ...
Cisco Systems 3750E - page 419

C HAPTER 17-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 17 Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling V irtual pri v ate netw orks (VPNs) pro vide enter prise-scale connecti vity on a shared infras tructure, ofte n Etherne t-based, w ith the sam e securi ty , prio ritization , reliabili ty , and managea ...
Cisco Systems 3750E - page 420

17-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 17 Configuring IEEE 802.1Q and Layer 2 Protocol T unneling Underst andin g IEEE 802. 1Q Tunnel ing tagge d packets. A port co nfigured to support IEEE 8 02.1Q tunnel ing is called a tunnel port . When you configure tunn eling, you assign a t unnel port t o a V ...
Cisco Systems 3750E - page 421

17-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 7 Configuring IEEE 80 2.1Q and L ayer 2 Protocol Tunnelin g Understand ing IEEE 802.1Q Tunnel ing Figur e 17 -2 Or iginal (Nor mal), IEEE 802 .1Q, and Dou ble-T agged Ether net P ack et For mats When the pack et enters the trunk port of the service- prov ider ...
Cisco Systems 3750E - page 422

17-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 17 Configuring IEEE 802.1Q and Layer 2 Protocol T unneling Configur ing IEEE 80 2.1Q Tunn eling Configuring IEE E 802.1Q Tunneling These sec tions co ntain this co nfiguration in format ion: • Default IE EE 802.1Q T u nneling Configu ration, pa ge 17-4 • I ...
Cisco Systems 3750E - page 423

17-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 7 Configuring IEEE 80 2.1Q and L ayer 2 Protocol Tunnelin g Configur ing IEEE 802.1Q Tunnel ing These are some wa ys to solv e this problem: • Use ISL tru nks betw een core switches i n the servi ce-prov ider networ k. Althoug h custo mer interfaces connec ...
Cisco Systems 3750E - page 424

17-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 17 Configuring IEEE 802.1Q and Layer 2 Protocol T unneling Configur ing IEEE 80 2.1Q Tunn eling For example, the switch su pports a maximu m fram e size of 149 6 bytes with one of the se co nfigurations: • The sw itch ha s a sy stem jum bo M TU value of 1500 ...
Cisco Systems 3750E - page 425

17-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 7 Configuring IEEE 80 2.1Q and L ayer 2 Protocol Tunnelin g Configur ing IEEE 802.1Q Tunnel ing Configur ing an IEEE 80 2.1Q Tunneli n g Port Beginning i n privileged E XEC mo de, follow these steps to con figure a port a s an IEEE 80 2.1Q tunne l port: Use t ...
Cisco Systems 3750E - page 426

17-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 17 Configuring IEEE 802.1Q and Layer 2 Protocol T unneling Underst andin g Layer 2 Pro tocol Tunneling Understandin g Layer 2 Protocol Tunnelin g Cust omers a t dif feren t sit es conn ected acr oss a se rvice-pro vider ne twork ne ed to us e v arious Layer 2 ...
Cisco Systems 3750E - page 427

17-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 7 Configuring IEEE 80 2.1Q and L ayer 2 Protocol Tunnelin g Understan ding Layer 2 Protoco l Tunnel ing Figur e 17 -4 Lay er 2 Pr ot ocol T unneling Figur e 17 -5 Lay er 2 Networ k T opolog y without Proper Con ve r gence In an SP network , you ca n use L aye ...
Cisco Systems 3750E - page 428

17-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 17 Configuring IEEE 802.1Q and Layer 2 Protocol T unneling Configur ing Layer 2 Protocol Tu nneling For exam ple, in Figur e 17-6 , Customer A has two switc hes in the same VLAN that are connected through the SP network. When th e network tun nels PDUs , swit ...
Cisco Systems 3750E - page 429

17-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 7 Configuring IEEE 80 2.1Q and L ayer 2 Protocol Tunnelin g Configu r ing Laye r 2 Protoco l Tunnel ing See Figure 17-4 , with Customer X and C ustom er Y in acc ess VLANs 30 and 4 0, res pecti vel y . Asymmetric lin ks connect th e customers in Site 1 to ed ...
Cisco Systems 3750E - page 430

17-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 17 Configuring IEEE 802.1Q and Layer 2 Protocol T unneling Configur ing Layer 2 Protocol Tu nneling Layer 2 Protoco l Tunneling C onfigura tion Guide lines These are some co nfigurati on gu ideline s and ope rating c harac teristi cs of L ayer 2 prot ocol tun ...
Cisco Systems 3750E - page 431

17-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 7 Configuring IEEE 80 2.1Q and L ayer 2 Protocol Tunnelin g Configu r ing Laye r 2 Protoco l Tunnel ing Configuring L ayer 2 P rotocol Tu nneling Beginning in privileged EXEC mo de, fol low these steps to con figure a port for La yer 2 proto col tunneli ng: ...
Cisco Systems 3750E - page 432

17-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 17 Configuring IEEE 802.1Q and Layer 2 Protocol T unneling Configur ing Layer 2 Protocol Tu nneling Use the no l2protocol-tunnel [ cdp | stp | vtp ] int erface configurat ion com mand t o disa ble pr otocol tunnel ing for one of the Laye r 2 protoco ls or for ...
Cisco Systems 3750E - page 433

17-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 7 Configuring IEEE 80 2.1Q and L ayer 2 Protocol Tunnelin g Configu r ing Laye r 2 Protoco l Tunnel ing Use the no l2pr otocol-tunnel [ po int-to-point [ pag p | lacp | udld ]] inter face conf iguration co mmand to disable po int-t o-point protoco l tunneli ...
Cisco Systems 3750E - page 434

17-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 17 Configuring IEEE 802.1Q and Layer 2 Protocol T unneling Configur ing Layer 2 Protocol Tu nneling Configuring the Customer Sw itch After conf iguring the SP edge switch, begin in pri vileged EXEC mode and follo w these steps to configure a c ustomer switch ...
Cisco Systems 3750E - page 435

17-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 1 7 Configuring IEEE 80 2.1Q and L ayer 2 Protocol Tunnelin g Configu r ing Laye r 2 Protoco l Tunnel ing Switch(config-if)# l2protocol-tunnel drop-threshold point-to-point pagp 1000 Switch(config-if)# exit Switch(config)# interface gigabitethernet1/0/3 Switch ...
Cisco Systems 3750E - page 436

17-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 17 Configuring IEEE 802.1Q and Layer 2 Protocol T unneling Monito ring and Mai ntaining Tun neling Sta tus Monitoring and Main taining Tunneling Status T ab le 17-2 shows the pri vileged EXE C commands for monitori ng and maintaining IEEE 802.1Q and Lay er 2 ...
Cisco Systems 3750E - page 437

C HAPTER 18-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 18 Configuring STP This chapt er desc ribes how to configure the Sp anni ng T ree Protoc ol (STP) on port-ba sed VLANs on the Catalyst 3750-E or 3560-E switch. The swi tch can u se ei ther the per-VLAN spa nning-t ree plus ( PVST+ ) protocol based on the IEE E ...
Cisco Systems 3750E - page 438

18-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 18 Configuring STP Underst anding Spa nning- Tree Fea tures • Spanning -T ree Mode s an d Protoc ols, pa ge 18-1 0 • Supporte d Spanning -Tree Instances, pa ge 18-1 0 • Spanning- T ree Interop erability and Backw ard Compatibi lity , page 18-11 • STP a ...
Cisco Systems 3750E - page 439

18-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 18 Configur ing STP Unders tanding Spanni ng-Tree Feat ures Spannin g-Tr ee Topo logy an d BPDUs The stable, ac tiv e sp anning-t ree topolog y of a switched network is controlled by these elements: • The uni que bridge ID (sw itch p rior ity and MAC address) ...
Cisco Systems 3750E - page 440

18-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 18 Configuring STP Underst anding Spa nning- Tree Fea tures Only one outgoin g port on the stack root switc h is selected as the root port. The remaining switch es in the stack become its designated switch es (Switch 2 and Switch 3) as sho wn in Figure 1 8-1 o ...
Cisco Systems 3750E - page 441

18-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 18 Configur ing STP Unders tanding Spanni ng-Tree Feat ures The swi tch sup ports t he IEEE 802.1t spanni ng-tre e extension s, and some of t he bits pr eviously used for the switch prior ity are no w used as the VLAN identif ier . The result is that fe wer MAC ...
Cisco Systems 3750E - page 442

18-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 18 Configuring STP Underst anding Spa nning- Tree Fea tures • From le arning t o fo rwarding o r to disable d • From for warding to d isabled Figure 18-2 illustrates ho w an interface mo ves through the states. Figur e 18-2 Spannin g-T r ee Inte rf ace Sta ...
Cisco Systems 3750E - page 443

18-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 18 Configur ing STP Unders tanding Spanni ng-Tree Feat ures Blocking State A Layer 2 interf ace in the blockin g state does not particip ate in fram e forw arding. Af ter initi alization, a BPDU is sent to each swi tch interfac e. A switch initial ly functions ...
Cisco Systems 3750E - page 444

18-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 18 Configuring STP Underst anding Spa nning- Tree Fea tures Disabled State A Laye r 2 int erface in th e disab led state do es not parti cipa te in frame forwar ding or in the span ning tree. An interf ace in the disabled state is nonoperational. A dis abled i ...
Cisco Systems 3750E - page 445

18-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 18 Configur ing STP Unders tanding Spanni ng-Tree Feat ures Spanning Tree and Redun dant Conn ectiv ity Y o u can cr eate a redunda nt back bone w ith spa nning t ree by co nnecting two switc h inte rfaces to anot her device or to two different devices, as show ...
Cisco Systems 3750E - page 446

18-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 18 Configuring STP Underst anding Spa nning- Tree Fea tures Becau se each V LAN is a sepa rate sp anning -tre e instan ce, the switc h accelerates aging o n a per - VLAN basis . A spanni ng-tree rec onf iguration on one VLAN can ca use the dynami c address es ...
Cisco Systems 3750E - page 447

18-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 18 Configur ing STP Unders tanding Spanni ng-Tree Feat ures Spanning-Tree Interoperability and Backward Compatibility T ab le 18-2 lists the inter operability and compatibility among the s upported s panning-tree mo des in a network. In a mi xed MSTP and PV ST ...
Cisco Systems 3750E - page 448

18-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 18 Configuring STP Configur ing Spannin g-Tree Feat ures individual VL AN spa nning tre es to pr ev ent lo ops from f ormi ng if the re are multip le con necti ons among VLANs . It also prevents the individual spanning trees from the VLAN s being bridged fro ...
Cisco Systems 3750E - page 449

18-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 18 Configur ing STP Confi guring Spanni ng-Tree Feat ures • Conf iguring th e Switch Priority of a VLAN, page 18- 21 (optional) • Conf igur ing Sp annin g-T ree T imer s, page 18 -22 (optional ) Default Span ning-T ree Configur ation T ab le 18-3 shows the ...
Cisco Systems 3750E - page 450

18-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 18 Configuring STP Configur ing Spannin g-Tree Feat ures Cautio n Switches that are not running spanning tre e still forwar d BPDUs that they rece iv e so that the other switche s on the V LA N that have a run ning span ning -tree in stance can b reak l oops. ...
Cisco Systems 3750E - page 451

18-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 18 Configur ing STP Confi guring Spanni ng-Tree Feat ures Changing the Spa nning-Tree M ode. The sw itch s upports th ree spanning -tree mo des: PV ST+, rapi d PVST+, or MS TP . By defau lt, the switch runs th e PVST+ protocol . Beginning in privileged EXEC mo ...
Cisco Systems 3750E - page 452

18-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 18 Configuring STP Configur ing Spannin g-Tree Feat ures Disabling Sp anning Tree Spanning tree is enab led by defau lt on V LAN 1 and on all newly crea ted VL ANs up to the spannin g-tree limit specif ied in the “ Suppor ted Spann ing-Tree Instances” sec ...
Cisco Systems 3750E - page 453

18-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 18 Configur ing STP Confi guring Spanni ng-Tree Feat ures Note Th e ro ot swit ch fo r eac h span ning -tree instan ce shou ld be a ba ckbone or di stribution switch . Do not conf igure an acces s switch as the span ning -tre e primar y root. Use the diameter ...
Cisco Systems 3750E - page 454

18-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 18 Configuring STP Configur ing Spannin g-Tree Feat ures Configur ing a Secondar y Root Switch When you con figure a switch as the secondary root, the switc h priori ty is modified from t he default value (32768 ) to 28672. Th e switc h is then l ikely to bec ...
Cisco Systems 3750E - page 455

18-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 18 Configur ing STP Confi guring Spanni ng-Tree Feat ures Note If your switch is a m ember of a switch stack, you mu st us e the spanning-tree [ vlan vlan-id ] cost cost interfac e configurati on comma nd instea d of the spanning-tree [ vlan vla n-id ] port-pr ...
Cisco Systems 3750E - page 456

18-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 18 Configuring STP Configur ing Spannin g-Tree Feat ures T o return to the default setting, use the no spanning-tree [ vlan vlan-id ] port-pr iori ty interf ace configurati on c ommand. For inf ormati on o n how to co nfigure l oad sh aring on trun k port s b ...
Cisco Systems 3750E - page 457

18-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 18 Configur ing STP Confi guring Spanni ng-Tree Feat ures Note Th e show spanning-tree inter face interface- id privileged EXEC comma nd displays in format ion only for ports that ar e in a link-up op erati ve sta te. Otherw ise, you can use the show runni ng- ...
Cisco Systems 3750E - page 458

18-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 18 Configuring STP Configur ing Spannin g-Tree Feat ures Configuring S pannin g-Tree Timers T ab le 18-4 descr ibes the timer s that af fect the en tire spanning -tree p erfor mance. The sectio ns that follo w pro vide the conf iguration steps. Configuring th ...
Cisco Systems 3750E - page 459

18-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 18 Configur ing STP Confi guring Spanni ng-Tree Feat ures Configuring the Forwarding -Delay Time fo r a VLAN Beginning i n privileged E XEC mode, follow these ste ps to c onfigure t he forwarding -del ay ti me for a VLAN. Th is proc edure is opt ional . T o re ...
Cisco Systems 3750E - page 460

18-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 18 Configuring STP Displaying the Spannin g-Tree Stat us Configuring the Transmit Hold -Count Y o u can configure the BPDU burst size by changing th e transm it hold coun t v alue . Note Changing this parameter to a hi gher va lu e can hav e a significant imp ...
Cisco Systems 3750E - page 461

C HAPTER 19-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 19 Configuring MSTP This c hapter describ es how to c onfigure the Cisco imple mentat ion of the I EEE 802 .1s Multiple STP (MS TP) on t he Cat alyst 3 750-E or 3560- E switch. Note The multiple spanning-tree (MST) implementation is based on the IEEE 802.1s st ...
Cisco Systems 3750E - page 462

19-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 19 Configuring MSTP Underst anding MST P • Configuring M STP Fea tures, p age 19-14 • Display ing the MST Configura tion and Statu s, page 19-26 Understandin g MSTP MSTP , which uses RSTP for ra pid con vergence, en ables VLA Ns to be group ed into a spann ...
Cisco Systems 3750E - page 463

19-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 19 Configur ing MSTP Unde rsta ndi ng M STP IST, CIST, an d CST Unlik e PVST+ and rapid PVST+ in whi ch all the spann ing-t ree inst ances are in depend ent, the MST P establishes and maintains tw o types of sp anning trees: • An interna l spanning tree (IST) ...
Cisco Systems 3750E - page 464

19-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 19 Configuring MSTP Underst anding MST P For correct operatio n, all switch es in the MST region m ust agree on the sam e CIST regi onal root. Theref ore, any two switches in the regi on only sync hronize their port roles for an MST insta nce if th ey conv erg ...
Cisco Systems 3750E - page 465

19-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 19 Configur ing MSTP Unde rsta ndi ng M STP MSTP switch es use V ersion 3 R STP BPDUs o r IEEE 8 02.1D STP BPD Us to com municate wi th legacy IEEE 8 02.1D sw itches . MST P switch es use M STP BPD Us to commun icate with MSTP switches . IEEE 802.1s Terminology ...
Cisco Systems 3750E - page 466

19-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 19 Configuring MSTP Underst anding MST P The messa ge-age and maxim um-ag e info rmati on in the RST P portion of the BPDU re main th e same through out the region, and the sam e values are propagated by the regi on designat ed ports at t he boundary . Bounda ...
Cisco Systems 3750E - page 467

19-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 19 Configur ing MSTP Unde rsta ndi ng M STP Port Role Naming Change The bo undary role is no lo nger in the f inal MST standar d, b u t this boundary c oncept is maintained in Cisco’ s implemen tation. Howe ver , an MST instan ce por t at a bound ary of the r ...
Cisco Systems 3750E - page 468

19-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 19 Configuring MSTP Underst anding MST P Detecting Unidirect ional Link Failure This fea ture is not yet pr esent in the IEEE MST st andard, but it is included in th is Cisco IOS rele ase. The sof tware chec ks the c onsis tency of the port ro le an d stat e i ...
Cisco Systems 3750E - page 469

19-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 19 Configur ing MSTP Understa nding RST P Interoperability with IEEE 802.1D STP A switch r unning M STP supp orts a built-in pr otocol migrat ion mecha nism that enable s it to i nteroper ate with legacy IEEE 802.1D switche s. If this switc h receives a legac y ...
Cisco Systems 3750E - page 470

19-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 19 Configuring MSTP Underst anding RSTP • Backup po rt—A cts as a backup for t he path p rovided by a de sign ated po rt toward the le av es of the spannin g tree . A ba ckup port can exist only when t wo port s are c onne cted in a lo opback by a point-t ...
Cisco Systems 3750E - page 471

19-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 19 Configur ing MSTP Understa nding RST P After recei ving Sw itch B’ s agreemen t message, Switc h A also immediately tran sitions its designat ed port to the forwar ding state. No lo ops i n the n etw ork a re for med b ecause Switch B blocked al l of it s ...
Cisco Systems 3750E - page 472

19-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 19 Configuring MSTP Underst anding RSTP If a designa ted port is in the forwarding state and is not con figu red as an edge port, it transitions to th e blocking state when the R STP forces it t o sync hroniz e with new root informa tion. In g eneral, when th ...
Cisco Systems 3750E - page 473

19-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 19 Configur ing MSTP Understa nding RST P The sending switch sets the proposal flag in the RSTP BPDU to propose itself as the d esignated switch on that LAN. The p ort role in the proposa l message is alway s set to the designated port. The send ing switch set ...
Cisco Systems 3750E - page 474

19-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 19 Configuring MSTP Configur ing MSTP Featur es • Notificati on—Un like IE EE 802. 1D, which u ses TCN BPDUs, the RSTP d oes n ot us e them . Ho we ver , for IEEE 802.1D interoperability , an RSTP switch processes an d generates TCN BPDUs. • Ackno wledg ...
Cisco Systems 3750E - page 475

19-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 19 Configur ing MSTP Confi guring MSTP Featu res Default MSTP Configuration T ab le 19-4 shows the default M STP c onfiguration . For informat ion about the suppor ted numbe r of spanni ng-tree instan ces, see the “Supp orted Spanning -T ree In stance s” s ...
Cisco Systems 3750E - page 476

19-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 19 Configuring MSTP Configur ing MSTP Featur es • VTP propa gation of the MST co nfiguration i s not suppo rted. Howev er , you can manu ally c onfigure the MS T co nfiguration (region n ame , revision num ber, and VLA N-to-in stance mappi ng) o n each swit ...
Cisco Systems 3750E - page 477

19-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 19 Configur ing MSTP Confi guring MSTP Featu res T o r etur n to th e defa ult M ST region c onfigurati on, u se th e no spanning-tree mst configurat ion global conf iguratio n command. T o return to the def ault VLAN- to-instanc e map, use the no instance ins ...
Cisco Systems 3750E - page 478

19-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 19 Configuring MSTP Configur ing MSTP Featur es T o conf igure a s witch t o beco me the root, use the spanning-tr ee mst instance- id root gl obal configurati on c ommand to m odify t he sw itch priori ty from the default value (32768) to a sign ificantly lo ...
Cisco Systems 3750E - page 479

19-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 19 Configur ing MSTP Confi guring MSTP Featu res T o return the switch to it s default setting, use the no spanning- tree mst instance-id ro o t gl obal configurati on c ommand. Configur ing a Secondar y Root Switch When you con figure a swit ch wit h the exte ...
Cisco Systems 3750E - page 480

19-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 19 Configuring MSTP Configur ing MSTP Featur es Configuring Port Priority If a l oop occur s, the MST P uses the p ort pr iority when selecting an interf ace to put into th e forw arding state. Y ou can assig n higher p riority v alues (l o wer num erical va ...
Cisco Systems 3750E - page 481

19-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 19 Configur ing MSTP Confi guring MSTP Featu res T o return the interface to it s default setting , use the no spanning- tree mst insta nce-id port-priority interf ace c onfig uration co mmand. Configuring Path Cost The MSTP path cost def ault v alue is deriv ...
Cisco Systems 3750E - page 482

19-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 19 Configuring MSTP Configur ing MSTP Featur es Configuring the Switch Priority Y ou can conf igure the switch priorit y and make it more lik ely that a standalo ne switch or a switch in the stack will be c hosen as the root switch. Note Exercis e care when u ...
Cisco Systems 3750E - page 483

19-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 19 Configur ing MSTP Confi guring MSTP Featu res Beginn ing in pri vileged EXEC mode, follo w these steps to conf igure the hell o time for all MST instances. This pro cedure is optional. T o return the sw itch to its d efault se tting, use the no spanning-tre ...
Cisco Systems 3750E - page 484

19-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 19 Configuring MSTP Configur ing MSTP Featur es Configuring the Maxi mum-Aging Time Beginn ing in p ri vileg ed EXEC mode, fo llo w these s teps to conf ig ure the maximum-agi ng time f or all MST inst ance s. This procedure is optio nal. T o return the switc ...
Cisco Systems 3750E - page 485

19-25 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 19 Configur ing MSTP Confi guring MSTP Featu res By default, the link type is c ontrol led from the duplex mode of the i nterface: a full-d uplex port is conside red t o have a poin t-to-poi nt co nnecti on; a half- duplex por t is c onsi dered to have a share ...
Cisco Systems 3750E - page 486

19-26 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 19 Configuring MSTP Displaying the MST Configu ration and Stat us Restarting the Protocol Mi gration Proce ss A switch r unning M STP supp orts a built-in pr otocol migrat ion mecha nism that enable s it to i nteroper ate with legacy IEEE 802.1D switche s. If ...
Cisco Systems 3750E - page 487

C HAPTER 20-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 20 Configuring Optional Spannin g-Tree Features This c hapter describ es how to c onfigure op tional spannin g-tree featur es on the C ataly st 3750- E or 3560-E sw itch. Y ou can configure a ll of these fe ature s when your sw itch is runni ng the pe r -VLA N ...
Cisco Systems 3750E - page 488

20-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 20 Configuring Optional Span ning-Tree Features Underst anding O ptional Sp anning-Tre e Feat ures Understand ing Port Fa st Port Fast immedia tely br ings an inte rface configured as an acces s or trunk port to the forward ing state from a blocki ng sta te, b ...
Cisco Systems 3750E - page 489

20-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 0 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures At the interf ace le vel, you en able BPDU guard on an y port b y using the spanning-tr ee bpduguard enab le interface conf iguration command with out also e nab ...
Cisco Systems 3750E - page 490

20-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 20 Configuring Optional Span ning-Tree Features Underst anding O ptional Sp anning-Tre e Feat ures Figu re 20-2 Switches in a Hi erarchical Ne twork If a switch loses co nnectivity , it begins using t he alterna te path s as soon as the span ning tree selec ts ...
Cisco Systems 3750E - page 491

20-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 0 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures Figur e 20-3 UplinkF ast Exam ple Befor e Dir ect Link F ailur e If Switch C detects a lin k failure on the currently act i ve link L2 on the root port (a dir e ...
Cisco Systems 3750E - page 492

20-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 20 Configuring Optional Span ning-Tree Features Underst anding O ptional Sp anning-Tre e Feat ures How CSUF Work s CSUF ensures that one link in the stack is elected as the path to the root. As shown in Figure 20-5 , the stack- root po rt on Sw itch 1 provide ...
Cisco Systems 3750E - page 493

20-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 0 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures Each switch in the stac k decides if the sending switch is a better choice than itself to be the stack root of this span ning- tree inst ance b y compar ing the ...
Cisco Systems 3750E - page 494

20-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 20 Configuring Optional Span ning-Tree Features Underst anding O ptional Sp anning-Tre e Feat ures Backbon eFast, w hich is e nable d by us ing th e spanning-tree backbonefast global c onfiguratio n comm and, star ts when a ro ot port or bl ocked inter face on ...
Cisco Systems 3750E - page 495

20-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 0 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures If lin k L 1 fails as sh own in Figu re 20-7 , Switch C cannot detect this f ailure bec ause it is not co nnected direct ly to link L1. Ho wev er , because Switc ...
Cisco Systems 3750E - page 496

20-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 20 Configuring Optional Span ning-Tree Features Underst anding O ptional Sp anning-Tre e Feat ures Understand ing Ethe rCha nnel Gua rd Y o u can use EtherC hannel guard to detect an Ethe rChan nel mi sconfigurati on betwe en the switch a nd a connect ed devi ...
Cisco Systems 3750E - page 497

20-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 0 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanni ng-Tree Fe atures Figu re 20-9 R oot G ua rd in a Se rvi ce- Provider Network Understand ing Loop Guard Y o u can use loo p gua rd to prevent al ternate or root po rts from becom i ...
Cisco Systems 3750E - page 498

20-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 20 Configuring Optional Span ning-Tree Features Configur ing Opti onal Spanni ng-Tree Features • Enab ling B ackbone Fast, page 20-1 6 (optional) • Ena bling Ether Channel Guard, page 20-17 (optional) • Enab ling Root Guar d, page 20-1 8 (opt iona l) ? ...
Cisco Systems 3750E - page 499

20-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 0 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanni ng-Tree Fe atures Y o u can enab le th is fea ture if your switch is r unning PVST+, rapi d PVST+, or MSTP . Beginn ing in pri vile ged EXEC mode, follo w these steps to enable Por ...
Cisco Systems 3750E - page 500

20-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 20 Configuring Optional Span ning-Tree Features Configur ing Opti onal Spanni ng-Tree Features The BPDU guard fe ature pr ovides a secur e respon se to in valid configurati ons becau se you m ust manual ly put the por t ba ck in serv ice. Use t he BPDU gua rd ...
Cisco Systems 3750E - page 501

20-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 0 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanni ng-Tree Fe atures Y o u can also use the spanning-tree bpduf ilter enable inte rface conf iguration com mand to enable BPDU fil tering on any interf ace without also en abling the ...
Cisco Systems 3750E - page 502

20-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 20 Configuring Optional Span ning-Tree Features Configur ing Opti onal Spanni ng-Tree Features Beginn ing in pri vileged EXEC mode, follo w these steps to enable UplinkF ast and CSUF . This procedu re is optional. When UplinkF ast is enabled, the switc h prio ...
Cisco Systems 3750E - page 503

20-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 0 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanni ng-Tree Fe atures Note If you use Backbon eFast, you m ust enabl e it o n all switch es in th e ne twork. B ackboneFast is no t supported on T oken Ring VLAN s. This featur e is su ...
Cisco Systems 3750E - page 504

20-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 20 Configuring Optional Span ning-Tree Features Configur ing Opti onal Spanni ng-Tree Features Enabling R oot Guard Root gu ard e nable d on an int erface applie s to all th e VLA Ns to whi ch th e int erface belongs . Do not enable t h e root guard on interf ...
Cisco Systems 3750E - page 505

20-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 0 Configuring Op tional Spa nning-Tree Features Display ing the Spanning -Tree Status T o g lobal ly dis able lo op gua rd, use the no spanning-tree loopguard default global configuratio n command. Y ou can o verride the settin g of the no spanning-tr ee loo ...
Cisco Systems 3750E - page 506

20-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 20 Configuring Optional Span ning-Tree Features Displaying the Spannin g-Tree Stat us ...
Cisco Systems 3750E - page 507

C HAPTER 21-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 21 Configuring Flex Link s and the MAC Address-Table Move Update Feature This chapte r describes ho w to conf igure Fle x Links, a pair of inter faces on the Cataly st 3750-E or 3560-E sw itch that provide a mutua l backup. It also descr ibes how to configure ...
Cisco Systems 3750E - page 508

21-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 21 Configurin g Flex Link s and the MAC Addr ess-Tabl e Move Update Feature Underst andin g Flex Links and the M AC Addr ess-Tabl e Mov e Update Y o u configure Flex Link s on one Layer 2 interface (the activ e link) by assign ing anothe r Layer 2 interf ace ...
Cisco Systems 3750E - page 509

21-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 1 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Understan ding Flex Links a n d the MAC Addr ess-Table Mo ve Update Figur e 21 -2 VLAN Flex Links Load Balancing Configu ratio n Examp le MAC Addr ess-Ta ble Move Up date The MAC add ...
Cisco Systems 3750E - page 510

21-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 21 Configurin g Flex Link s and the MAC Addr ess-Tabl e Move Update Feature Underst andin g Flex Links and the M AC Addr ess-Tabl e Mov e Update switch C l earns the MAC address of the PC on p ort 4. Switch C upda tes the MA C addr ess ta ble, includi ng the ...
Cisco Systems 3750E - page 511

21-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 1 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Config uring Fl ex Links an d MAC Address- Table Mo ve Update Configuring Flex Links and MAC Address-Tab le Move Update These se ctions conta in this i nformation: • Configuration ...
Cisco Systems 3750E - page 512

21-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 21 Configurin g Flex Link s and the MAC Addr ess-Tabl e Move Update Feature Configur ing Flex L inks and MA C Addr ess-Tabl e Move Update Configuring Flex Links and MAC Address-Tab le Move Update This section contain s this information: • Configuring Flex L ...
Cisco Systems 3750E - page 513

21-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 1 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Config uring Fl ex Links an d MAC Address- Table Mo ve Update Beginning in int erface configur ation mode , follow these steps t o configure a pree mption scheme for a pair of Flex L ...
Cisco Systems 3750E - page 514

21-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 21 Configurin g Flex Link s and the MAC Addr ess-Tabl e Move Update Feature Configur ing Flex L inks and MA C Addr ess-Tabl e Move Update Configuring V LAN Load Ba lancing on Flex Lin ks Beginning in privileged EXEC mo de, follow these steps t o configure VLA ...
Cisco Systems 3750E - page 515

21-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 1 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Config uring Fl ex Links an d MAC Address- Table Mo ve Update When a Flex Link in terface com es up, VL ANs pre ferred on t his interfa ce ar e blocked on the peer interf ace a nd mo ...
Cisco Systems 3750E - page 516

21-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 21 Configurin g Flex Link s and the MAC Addr ess-Tabl e Move Update Feature Configur ing Flex L inks and MA C Addr ess-Tabl e Move Update T o di sable th e MA C address- table move update featur e, use t he no mac address-table move update transmit interfac ...
Cisco Systems 3750E - page 517

21-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 1 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Monitor ing Flex Links and the MAC Address- Table Move Upd ate T o di sable th e MA C address- table move update featur e, use t he no mac address-table move update rec e ive c onfi ...
Cisco Systems 3750E - page 518

21-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 21 Configurin g Flex Link s and the MAC Addr ess-Tabl e Move Update Feature Monito ring Flex L inks and t he MAC Addr ess-T able Move Updat e ...
Cisco Systems 3750E - page 519

C HAPTER 22-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 22 Configuring DHCP Features and IP Source Guard This c hapter describ es how to c onfigure DH CP snoop ing an d th e option -82 da ta inse rtion feat ures on the Cataly st 3750-E or 356 0-E switc h. It also desc ribes how to configure the IP source guard fea ...
Cisco Systems 3750E - page 520

22-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 22 Configuri ng DHCP Features and I P Sour ce Guard Underst anding DHCP F eatures For information a bout the DHCP c lient, see t he “ Configuring DHC P ” section of the “ IP Addressing and Services ” section of the C isco IOS IP C onfiguration Guide, ...
Cisco Systems 3750E - page 521

22-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 2 Configuring DH CP Features and IP Source G uard Understa nding DHCP Fe atures The s witch drops a DH CP pack et when on e of t hese situa tions occurs : • A pack et from a DHCP serv er, such as a DHCPOFFER, DHCP A CK, DHCPN AK, or DHCP LEASEQU ER Y p acke ...
Cisco Systems 3750E - page 522

22-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 22 Configuri ng DHCP Features and I P Sour ce Guard Underst anding DHCP F eatures Figure 22-1 is an exam ple of a metropo litan Ethern et networ k in which a centraliz ed DHCP server assign s IP addr esses to sub scribe rs connec ted to the sw itch at the acc ...
Cisco Systems 3750E - page 523

22-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 2 Configuring DH CP Features and IP Source G uard Understa nding DHCP Fe atures • Remote-ID suboptio n fields – Suboption t ype – Length of th e subo ption type – Remote-ID typ e – Leng th o f t he remo te -ID typ e In the port f ield of th e circu ...
Cisco Systems 3750E - page 524

22-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 22 Configuri ng DHCP Features and I P Sour ce Guard Underst anding DHCP F eatures The values fo r these fields in the packets chan ge from t he default values when you c onfigure the remote-I D and circu it-ID subo ptions: • Circuit-ID subop tion f ields ? ...
Cisco Systems 3750E - page 525

22-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 2 Configuring DH CP Features and IP Source G uard Understa nding DHCP Fe atures Each da tabase en try ( binding ) has an IP addr ess, an ass ociated MA C address, the lea se time (in hexa d ecimal format ), the interfa ce to which the bindin g applies, and th ...
Cisco Systems 3750E - page 526

22-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 22 Configuri ng DHCP Features and I P Sour ce Guard Configur ing DHCP Fe atures DHCP Snoop ing and Switch Sta cks DHCP sn oopin g is manage d on the st ack mas ter . When a ne w switch joi n s the stac k, the swit ch recei ves the DHCP snooping conf iguration ...
Cisco Systems 3750E - page 527

22-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 2 Configuring DH CP Features and IP Source G uard Config uring DHC P Featu res DHCP Snooping Config uration Guidelines These ar e the configur ation guidelin es for DHCP snoo ping. • Y o u must globall y enable DHCP snooping on the switch. • DHCP snooping ...
Cisco Systems 3750E - page 528

22-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 22 Configuri ng DHCP Features and I P Sour ce Guard Configur ing DHCP Fe atures • Before conf iguring the DHCP rel ay agent on your switch, make su re to conf igure the de vice that is acti ng as the D HCP ser ver . For example , you must spec ify the I P ...
Cisco Systems 3750E - page 529

22-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 2 Configuring DH CP Features and IP Source G uard Config uring DHC P Featu res Configuring the DHCP Relay Agent Beginn ing in pri vileged EXEC mode, follo w these steps to enable the DHCP relay agen t on the switch: T o disabl e the DHCP s erv er and relay a ...
Cisco Systems 3750E - page 530

22-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 22 Configuri ng DHCP Features and I P Sour ce Guard Configur ing DHCP Fe atures T o remo ve the D HCP pac ket forw ardin g addr ess, u se th e no ip helper -addr ess addr ess in terfa ce configurati on c ommand. Enabling DHC P Snoo ping and Op tion 82 Beginn ...
Cisco Systems 3750E - page 531

22-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 2 Configuring DH CP Features and IP Source G uard Config uring DHC P Featu res T o disab le DHCP snoopi ng, use the no ip dhcp snooping global configurat ion comm and. T o disab le DHCP snoo ping o n a VLAN or range of VLA Ns, use the no ip dhcp snooping vla ...
Cisco Systems 3750E - page 532

22-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 22 Configuri ng DHCP Features and I P Sour ce Guard Configur ing DHCP Fe atures Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# ip dhcp snooping limit rate 100 Enabling DHC P Snoo ping on Priva te VLANs Y o u can en able D HCP sno oping on ...
Cisco Systems 3750E - page 533

22-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 2 Configuring DH CP Features and IP Source G uard Display ing DHCP Sno oping In formation T o s top u sing the da tabas e ag ent a nd bindi ng files, use the no ip dhcp snooping database global configurati on c ommand. T o rese t the t imeou t or de lay valu ...
Cisco Systems 3750E - page 534

22-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 22 Configuri ng DHCP Features and I P Sour ce Guard Underst anding IP So urce Gu ard Note If DHCP snooping is enabled and an in terface ch anges to the do wn state, the switch does not delete th e static ally co nfigured bind ings. Understandin g IP Source G ...
Cisco Systems 3750E - page 535

22-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 2 Configuring DH CP Features and IP Source G uard Confi guri ng IP S our ce G uard Source IP and MA C Address Filtering When IP s ource guard is enabl ed with th is option , IP tra ff ic is f ilter ed bas ed on the s ource IP and MA C addr esses. The s witch ...
Cisco Systems 3750E - page 536

22-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 22 Configuri ng DHCP Features and I P Sour ce Guard Conf igurin g IP S our ce Gu ard • When configur ing IP source guard on i nterfac es on whic h a priv a te VLAN is configured , port securit y is not supporte d. • IP source gua rd is n ot su pported on ...
Cisco Systems 3750E - page 537

22-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 2 Configuring DH CP Features and IP Source G uard Displaying IP Source Guard Information This exam ple sh ows how to enable IP so urce guard with source IP an d MAC f ilter ing on VLAN s 10 and 11: Switch# configure terminal Enter configuration commands, one ...
Cisco Systems 3750E - page 538

22-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 22 Configuri ng DHCP Features and I P Sour ce Guard Display ing IP Source G uard Info rmation ...
Cisco Systems 3750E - page 539

C HAPTER 23-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 23 Configuring Dynamic ARP Insp ection This chapt er desc ribes how to configure dynam ic Addr ess Resolu tion Proto col inspec tion ( dynami c ARP inspection) on the Catalyst 3750-E or 3560-E switc h. This feature helps pre vent malicious atta cks on the swit ...
Cisco Systems 3750E - page 540

23-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 23 Configuring Dynamic ARP Inspection Underst anding D ynamic ARP I nspection Figur e 23-1 ARP Cache P oisoning Hosts A, B, and C are connected to the switch on interfaces A, B and C, all of which are on the same subnet. Their IP and MAC address es are shown i ...
Cisco Systems 3750E - page 541

23-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 3 Configuring Dy namic ARP In spectio n Understa nding Dynami c ARP Inspect ion Y o u can configure dynamic ARP inspec tion to drop ARP packets when the IP addre sses in the pac kets are i n valid or when the M A C addr esses in the body of t he ARP pac kets ...
Cisco Systems 3750E - page 542

23-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 23 Configuring Dynamic ARP Inspection Underst anding D ynamic ARP I nspection Dynamic ARP i nspectio n ensure s that h osts (on untrust ed in terfaces) connec ted t o a sw itch run ning dynami c ARP inspect ion do not po ison the ARP ca ches of other hosts in ...
Cisco Systems 3750E - page 543

23-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 3 Configuring Dy namic ARP In spectio n Config uring Dyna mic ARP I nspect ion Logging o f Dropped Packet s When th e switch d rops a p acke t, it pl aces an entry in the log b uffe r and th en gener ates syst em mess ages on a ra te-controlle d basis. Afte r ...
Cisco Systems 3750E - page 544

23-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 23 Configuring Dynamic ARP Inspection Configur ing Dynam ic ARP Insp ection Dynamic ARP In spectio n Configuratio n Guidelin es These are the dynam ic ARP inspec tion con figu ration guidel in es: • Dynamic ARP inspectio n is an ingre ss security feat ure; i ...
Cisco Systems 3750E - page 545

23-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 3 Configuring Dy namic ARP In spectio n Config uring Dyna mic ARP I nspect ion • The operati ng rate for the p ort channe l is cumulati ve across all the physical p orts within the c hannel. For ex ample, if y ou conf igure the port ch annel with an ARP rat ...
Cisco Systems 3750E - page 546

23-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 23 Configuring Dynamic ARP Inspection Configur ing Dynam ic ARP Insp ection T o di sable dy namic ARP insp ecti on, use the no ip arp inspec tion vlan vlan-range g lobal c onfigurati on command. T o return th e inter faces to an untrusted state, u se the no ip ...
Cisco Systems 3750E - page 547

23-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 3 Configuring Dy namic ARP In spectio n Config uring Dyna mic ARP I nspect ion Beginn ing in pri vileged EXEC mode, follo w these steps to conf igure an ARP AC L on Switch A. This procedu re is requir ed in non-DH CP environments. Command Purp ose Step 1 co n ...
Cisco Systems 3750E - page 548

23-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 23 Configuring Dynamic ARP Inspection Configur ing Dynam ic ARP Insp ection T o remov e the ARP A CL, use the no arp access-li st global configurat ion comma nd. T o remove the ARP A CL attach ed to a V LAN, use the no ip arp inspection f ilter a rp-acl- name ...
Cisco Systems 3750E - page 549

23-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 3 Configuring Dy namic ARP In spectio n Config uring Dyna mic ARP I nspect ion For configurat ion gui delines f or ra te limit ing tr unk port s and E therCha nnel ports, see the “Dynamic AR P Inspecti on Configuration G uidelin es” sectio n on page 23-6 ...
Cisco Systems 3750E - page 550

23-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 23 Configuring Dynamic ARP Inspection Configur ing Dynam ic ARP Insp ection Be ginnin g in pri vileged EXE C mode, fo llo w these st eps to perf orm specif ic chec ks on inco ming ARP packet s. This procedur e is optional. T o di sable ch ecki ng, use the no ...
Cisco Systems 3750E - page 551

23-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 3 Configuring Dy namic ARP In spectio n Config uring Dyna mic ARP I nspect ion If the log b uffer o verf low s, it means that a log e vent does not f it into the log buf fer , and the display for the show ip arp inspection l og privileged EXEC comma nd is af ...
Cisco Systems 3750E - page 552

23-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 23 Configuring Dynamic ARP Inspection Display ing Dyna mic ARP Insp ectio n Informat ion T o return to the default log b uffer settin gs, use the no ip arp inspectio n log-buf fer { ent ries | logs } global configurati on com mand. T o return to the de fault ...
Cisco Systems 3750E - page 553

23-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 3 Configuring Dy namic ARP In spectio n Displaying Dynamic ARP Inspection Information T o clear or display dynamic ARP inspec tion statistics, use the pri vile ged EXEC commands in T ab le 23-3 : For t he show ip arp inspec tion statis tics c omma nd, th e s ...
Cisco Systems 3750E - page 554

23-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 23 Configuring Dynamic ARP Inspection Display ing Dyna mic ARP Insp ectio n Informat ion ...
Cisco Systems 3750E - page 555

C HAPTER 24-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 24 Configuring IGMP Sno oping and MVR This cha pter descr ibes how to configure Int ernet Group Ma nageme nt Proto col (IGMP) snooping on the Catalyst 375 0-E or 3 560-E switch, includ ing an appli cation of loc al IGMP sno oping, Mu lticast VL AN Registration ...
Cisco Systems 3750E - page 556

24-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 24 Configu ring IG MP Snoop ing and MV R Underst anding IG MP Snoo ping Understandin g IGMP Snooping Layer 2 switches can use IGMP snooping to constra in the flooding of multic ast traf f ic by dynamically conf iguring Layer 2 inter faces so that multicast tr ...
Cisco Systems 3750E - page 557

24-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 4 Configuring IGMP Sno oping and M VR Underst andin g IGMP Sn ooping IGMP Versions The sw itch supports IGM P V ersion 1, IGM P V ersion 2, and IGMP V ersion 3. The se version s are interope rable on th e sw itch. For exam ple, if IG MP snoo ping i s enabl ed ...
Cisco Systems 3750E - page 558

24-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 24 Configu ring IG MP Snoop ing and MV R Underst anding IG MP Snoo ping Figur e 24-1 Initial IGM P Join M essag e Router A sends a genera l quer y to th e switch , which forwar ds the qu ery to ports 2 t hroug h 5, whi ch are all members of the same VLAN. Hos ...
Cisco Systems 3750E - page 559

24-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 4 Configuring IGMP Sno oping and M VR Underst andin g IGMP Sn ooping If anothe r ho st (for example, Host 4 ) send s an unsolici ted IGM P jo in message for t he sam e group ( Figure 24 -2 ), the CPU receives that message a nd adds the por t numb er of Host 4 ...
Cisco Systems 3750E - page 560

24-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 24 Configu ring IG MP Snoop ing and MV R Underst anding IG MP Snoo ping Immediat e Leave Immedi ate Leave is only support ed on IGM P V er sion 2 hosts. The swi tch uses IG MP snoop ing Imme diate Leave to remove from the forwar ding ta ble an inte rface that ...
Cisco Systems 3750E - page 561

24-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 4 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping IGMP Snoop ing and Switch Sta cks IGMP snooping functions across th e switch stack ; that is, IGMP con trol inf ormation from one swit ch is distrib uted to all switches in the stack. ( See Chap ...
Cisco Systems 3750E - page 562

24-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 24 Configu ring IG MP Snoop ing and MV R Configuring IGMP Snooping Enabling or Dis abling IGMP Sn ooping By default, IGM P snoopin g is global ly enab led on the swi tch. When gl oball y enab led or disable d, it is also enabled or disa bled in all existin g ...
Cisco Systems 3750E - page 563

24-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 4 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Setting th e Snoo ping M ethod Multicast -capable ro uter port s are added to the forw arding table for e very Layer 2 multic ast entry . The switch learn s of such port s through one of these me ...
Cisco Systems 3750E - page 564

24-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 24 Configu ring IG MP Snoop ing and MV R Configuring IGMP Snooping This example shows ho w to configure IGMP sno oping to use CGMP packets as t he learni ng method : Switch# configure terminal Switch(config)# ip igmp snooping vlan 1 mrouter learn cgmp Switch ...
Cisco Systems 3750E - page 565

24-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 4 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Configuring a Host Sta tically to Join a Group Hosts or La yer 2 port s normall y join m ulticast groups dyna mically , but yo u can also sta tically configure a host on an in terface . Beginn i ...
Cisco Systems 3750E - page 566

24-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 24 Configu ring IG MP Snoop ing and MV R Configuring IGMP Snooping T o disabl e IGMP Immed iate Lea ve on a VLA N, use the no ip igmp snooping vlan vlan-i d immediate-lea ve glo bal c onfiguration com mand. This exam ple sh ows how to enable IG MP Imme diate ...
Cisco Systems 3750E - page 567

24-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 4 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Configur ing TCN-Related Com mands These secti ons descr ibe how t o con trol fl ooded mult icast t raffic during a TCN ev ent: • Controlling the Multic ast Flooding T ime After a TCN Ev ent, ...
Cisco Systems 3750E - page 568

24-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 24 Configu ring IG MP Snoop ing and MV R Configuring IGMP Snooping Beginn ing in pri vileged EXEC mode, follo w these steps to enable the switch to send the gl obal lea ve message whether or not it is the span ning-t ree ro ot: T o return to th e def ault qu ...
Cisco Systems 3750E - page 569

24-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 4 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Configuring th e IGMP S nooping Qu erier Follow these guideli nes wh en configuring t he IGMP snoo ping queri er: • Conf igure the VLAN in glob al conf iguration mode. • Conf igure an IP a d ...
Cisco Systems 3750E - page 570

24-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 24 Configu ring IG MP Snoop ing and MV R Configuring IGMP Snooping This exam ple sh ows how to set th e IGM P snoop ing q uerier s ource add ress to 10.0.0. 64: Switch# configure terminal Switch(config)# ip igmp snooping querier 10.0.0.64 Switch(config)# end ...
Cisco Systems 3750E - page 571

24-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 4 Configuring IGMP Sno oping and M VR Displaying IGMP Snooping Information Displaying IGMP Sn ooping Information Y o u can displa y IGMP snoopi ng inf ormat ion f or dyn amica lly le arned and st atica lly con figured rou ter ports and V LAN interfac es. Y o ...
Cisco Systems 3750E - page 572

24-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 24 Configu ring IG MP Snoop ing and MV R Underst anding Mu lticas t VLAN Regi stratio n For more inform ation abou t the keywords and option s in these comm ands, see the c ommand refe rence for th is re lease . Understandin g Multicast VLAN Regist ration Mu ...
Cisco Systems 3750E - page 573

24-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 4 Configuring IGMP Sno oping and M VR Understanding Multicast VLAN Registration Using MVR in a M ulticast Television Application In a multicast tel ev ision applica tion, a PC or a tele vision with a set-top box can re cei ve the multicast stream. Mult ip le ...
Cisco Systems 3750E - page 574

24-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 24 Configu ring IG MP Snoop ing and MV R Conf igurin g MVR When a subscriber chan ges channels or turns of f the tele v ision, the set-to p box sends an IGMP leav e message for t he multica st stream . The swi tch CPU sends a MAC-based general qu ery throu g ...
Cisco Systems 3750E - page 575

24-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 4 Configuring IGMP Sno oping and M VR Configuring MVR MVR Configuratio n Gu idelin es and Limitatio ns Foll ow these guidelines whe n conf iguring MVR: • Receiver ports can onl y be acc ess ports; th ey cannot be trunk ports. Receiv er port s on a switc h ...
Cisco Systems 3750E - page 576

24-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 24 Configu ring IG MP Snoop ing and MV R Conf igurin g MVR T o return the switch to its defa ult settings, use the no mvr [ mode | group ip-ad dress | querytime | vlan ] global configurat ion comm ands. This e xample sho ws ho w to enable MVR, con fig ure th ...
Cisco Systems 3750E - page 577

24-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 4 Configuring IGMP Sno oping and M VR Configuring MVR T o return the interfa ce to its default setti n gs, use the no mvr [ ty pe | immediate | vlan vlan-i d | gro up ] interf ace c onfig uration co mmands. This exam ple sh ows how to co nfigure a port a s a ...
Cisco Systems 3750E - page 578

24-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 24 Configu ring IG MP Snoop ing and MV R Disp lay ing MVR In fo rmat ion Displaying MVR Information Y ou can display MVR informatio n for the switch o r for a specif ied in terface. Beg inning in pri vile ged EXEC mode, use th e comm ands in Ta b l e 2 4 - 6 ...
Cisco Systems 3750E - page 579

24-25 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 4 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling IGMP f iltering is applicab le only to the dynamic lea rning of IP multicast group add resses, not static configurat ion. W ith the IGMP thro ttling feat ure, yo u can set t he m ...
Cisco Systems 3750E - page 580

24-26 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 24 Configu ring IG MP Snoop ing and MV R Con figur ing IGM P Fil te ring and Thro ttli ng • permit : Spec ifie s that m atching addr esses are p ermitted. • rang e : Specif ies a ra nge of IP add ress es for the pr of ile. Y ou can en ter a singl e IP ad ...
Cisco Systems 3750E - page 581

24-27 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 4 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling Switch# show ip igmp profile 4 IGMP Profile 4 permit range 229.9.9.0 229.9.9.0 Applying IGMP Profil es T o c ontro l acc ess as d efined in an IGM P profile, u se th e ip igmp fi ...
Cisco Systems 3750E - page 582

24-28 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 24 Configu ring IG MP Snoop ing and MV R Con figur ing IGM P Fil te ring and Thro ttli ng Beginning in privileged EX EC mo de, fol low these steps to se t the m aximum nu mber o f IGMP gr oups in the forw arding tabl e: T o remov e the maximu m group limita ...
Cisco Systems 3750E - page 583

24-29 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 4 Configuring IGMP Sno oping and M VR Displaying IGMP Filtering and Throttling Configuration Beginn ing in pri vileged EXEC mode, follo w these steps to conf igure the thr ottling action when the maxim um numbe r of entrie s is in the f orwarding table : T o ...
Cisco Systems 3750E - page 584

24-30 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 24 Configu ring IG MP Snoop ing and MV R Displaying IGMP Filterin g and Thro ttling Configu ration ...
Cisco Systems 3750E - page 585

C HAPTER 25-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 25 Configuring IPv6 MLD Snooping Y ou can use Multicast Listener Disc ov ery (M LD) snoopin g to ena ble ef ficien t distrib ution of IP V ersion 6 ( IPv6) multicast data to clients and routers in a switched netw ork on the Catalyst 3750-E or 3560- E sw itch. ...
Cisco Systems 3750E - page 586

25-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 25 Configuring IPv6 MLD Snooping Underst anding ML D Snoopin g MLD is a protoco l used b y IPv6 multica st routers to disco ver the pre sence of multic ast listeners ( nodes wishing to re cei ve IPv6 multi cast pack ets) on t he links th at a re dire ctly atta ...
Cisco Systems 3750E - page 587

25-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 5 Configuring IPv6 M LD Snooping Unde rsta ndi ng MLD Snoo ping MLD Mess ages MLDv1 sup ports three ty pes of message s: • Listen er Querie s are the equ i v alent of IGM Pv2 quer ies and are ei ther General Quer ies or Multicast -Address-Spec ific Queries ...
Cisco Systems 3750E - page 588

25-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 25 Configuring IPv6 MLD Snooping Underst anding ML D Snoopin g Multicast Rou ter Disc overy Like IG MP sn ooping, MLD s noopi ng perfo rms m ultica st r outer d iscovery , with these char acter istics: • Ports c onfigured by a user never age out. • Dynamic ...
Cisco Systems 3750E - page 589

25-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 5 Configuring IPv6 M LD Snooping Configuring IPv6 MLD Snooping The numbe r of MASQs ge nerated is configured by using the ipv6 mld sno oping last-listener -query count global con figuration co mmand . The de fault numb er is 2. The MASQ i s sent to the IPv6 m ...
Cisco Systems 3750E - page 590

25-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 25 Configuring IPv6 MLD Snooping Configur ing IPv6 MLD Snoo ping Default MLD S noopi ng Configuration T ab le 25-1 shows the default ML D sno oping configu ration. MLD Snoo ping Co nfig uration Guidelines When configur ing MLD snoopi ng, c onsider the se guid ...
Cisco Systems 3750E - page 591

25-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 5 Configuring IPv6 M LD Snooping Configuring IPv6 MLD Snooping Enabling o r Disab ling MLD Sn ooping By default, IPv6 M LD sno oping i s globa lly d isabled on the switch and e nabled on al l VLAN s. When MLD snoop ing is glob ally disa bled, it is also disab ...
Cisco Systems 3750E - page 592

25-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 25 Configuring IPv6 MLD Snooping Configur ing IPv6 MLD Snoo ping Configuring a Sta tic Multicast Group Hosts or La yer 2 port s normal ly join m ulticast groups dyna micall y , but you can also sta tically configure an IPv6 mu lticast addre ss and membe r port ...
Cisco Systems 3750E - page 593

25-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 5 Configuring IPv6 M LD Snooping Configuring IPv6 MLD Snooping Beginn ing in pri vileged EXEC mode, follo w these steps to add a multicast rou ter port to a VLAN: T o remov e a multic ast router por t from the VLAN, u se the no ipv6 mld snooping vlan vl an-i ...
Cisco Systems 3750E - page 594

25-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 25 Configuring IPv6 MLD Snooping Configur ing IPv6 MLD Snoo ping Configur ing MLD Snooping Queries When Imme diate Le ave i s not en abled an d a port rece iv es an MLD Done message , the swit ch generat es MASQs on th e port and sends them to the I Pv6 multi ...
Cisco Systems 3750E - page 595

25-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 5 Configuring IPv6 M LD Snooping Displaying MLD Snooping Information This exam ple sh ows ho w to set the MLD sn oopi ng globa l robustness variab le to 3: Switch# configure terminal Switch(config)# ipv6 mld snooping robustness-variable 3 Switch(config)# exi ...
Cisco Systems 3750E - page 596

25-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 25 Configuring IPv6 MLD Snooping Display ing MLD Sn ooping Inf ormation T a ble 25-2 Commands for Displ aying MLD Snoopi ng Inf or mation Comma nd Purpos e show ipv6 ml d snooping [ vlan vlan-id ] Display t he MLD snoopi ng configurat ion informa tion fo r al ...
Cisco Systems 3750E - page 597

C HAPTER 26-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 26 Configuring Port-Base d Traffic Control This chap ter de scribe s ho w to conf igure the por t-base d traf fic contro l featur es on the Catalys t 3750- E or 3560- E sw itch. Unl ess oth erwise noted, the te rm switch refers to a Cataly st 3750- E or 3560-E ...
Cisco Systems 3750E - page 598

26-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 26 C onfiguring Port-Based Traffic Control Configuring Storm Control Storm cont rol use s one of th ese meth ods to measu re t raf f ic acti v ity: • Bandwidth as a perc entage of the tot al av ailable bandwidth of the port that can be used b y the broadca s ...
Cisco Systems 3750E - page 599

26-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 6 Configuring Port-B ased Traff ic Control Config uring Storm Cont rol Y o u use the storm-control in terfa ce conf iguration comm ands to set the threshold v alue for eac h traf fic type. Default Storm Control Configuration By default, unicast, broad cast, a ...
Cisco Systems 3750E - page 600

26-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 26 C onfiguring Port-Based Traffic Control Configuring Storm Control Step 3 sto rm- contr ol { broadc ast | multic ast | unicast } le vel { le vel [ level-low ] | bps bps [ bps-low ] | pps pps [ pps-low ]} Configure broa dcast, m ultica st, or unica st storm c ...
Cisco Systems 3750E - page 601

26-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 6 Configuring Port-B ased Traff ic Control Configuring Protected Ports T o disabl e stor m contro l, use the no storm-contro l { broadcast | multicast | unicast } level interface configurati on c ommand. This exa mple shows how to ena ble un icast stor m c on ...
Cisco Systems 3750E - page 602

26-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 26 C onfiguring Port-Based Traffic Control Configur ing Port Block ing Prot ected P ort Con figuration Guidelines Y o u can co nfigure prote cted ports on a physic al int erface (fo r example, Gigabi t Ether net port 1) or an Ether Channel group (for example, ...
Cisco Systems 3750E - page 603

26-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 6 Configuring Port-B ased Traff ic Control Conf iguring Po rt Secur ity Default Port Blocki ng Configuration The default is to not b lock flooding o f unknown multicast and u nicast traff ic out o f a port, but to flood these pac kets to a ll ports. Blocking ...
Cisco Systems 3750E - page 604

26-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 26 C onfiguring Port-Based Traffic Control Configuring Port Security These sect ions co ntain this co ncept ual and con figuratio n in format ion: • Understa nding Po rt Sec urity , page 2 6-8 • Default Por t Security C onfiguration , page 26-10 • Port S ...
Cisco Systems 3750E - page 605

26-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 6 Configuring Port-B ased Traff ic Control Conf iguring Po rt Secur ity If st icky lear ning is d isab led, the stic ky se cure M A C addr esse s ar e co nv erted to dyn am ic sec ure addresse s and a re rem oved from th e ru nning c onfiguratio n. The maxi m ...
Cisco Systems 3750E - page 606

26-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 26 C onfiguring Port-Based Traffic Control Configuring Port Security Default Port Security Configuration T ab le 26-2 shows the def ault port security con figurat io n for an interfac e. Port Secu rity Con figuration Guidelines Foll ow these g uidelines whe n ...
Cisco Systems 3750E - page 607

26-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 6 Configuring Port-B ased Traff ic Control Conf iguring Po rt Secur ity • A secu re p ort ca nnot be a priv ate-V LAN p ort. • When y ou enab le por t secu rity on an i nterface t h at i s also config ured w ith a v oice VLAN, s et t he maxim um allowed ...
Cisco Systems 3750E - page 608

26-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 26 C onfiguring Port-Based Traffic Control Configuring Port Security Enabling a nd Con figuring Port S ecurity Beginn ing in pri vileged EXE C mode, follo w these steps to restrict input to an interface b y limiting and identify ing MA C addresses of the stat ...
Cisco Systems 3750E - page 609

26-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 6 Configuring Port-B ased Traff ic Control Conf iguring Po rt Secur ity Step 7 switchport port-security violation { protec t | r estrict | shutdown | shutdown vlan } (Optiona l) Set the vi olatio n mode, the action to be taken when a sec urity violatio n is ...
Cisco Systems 3750E - page 610

26-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 26 C onfiguring Port-Based Traffic Control Configuring Port Security Step 8 switchport port-security [ mac-addre ss mac-address [ vlan { vlan-id | { access | voice }}] (Optional) Ent er a secure MA C address for the interface . Y ou can use this comman d to e ...
Cisco Systems 3750E - page 611

26-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 6 Configuring Port-B ased Traff ic Control Conf iguring Po rt Secur ity T o return the in terface to the def ault conditi o n as not a secure port, use the no switchport port-security interf ace conf iguration com mand. If you enter this co mmand when sticky ...
Cisco Systems 3750E - page 612

26-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 26 C onfiguring Port-Based Traffic Control Configuring Port Security Switch(config-if)# switchport port-security mac-address 0000.0000.0003 Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0001 vlan voice Switch(config-if)# switchport ...
Cisco Systems 3750E - page 613

26-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 6 Configuring Port-B ased Traff ic Control Conf iguring Po rt Secur ity T o di sable port se curity agi ng for all sec ure addr esses on a port, use the no switchport port-security aging tim e interfac e conf iguratio n comma n d. T o di sabl e aging for onl ...
Cisco Systems 3750E - page 614

26-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 26 C onfiguring Port-Based Traffic Control Displaying Port-Base d Traffic Cont rol Settings Switch(config-if)# switchport mode private-vlan promiscuous Switch(config-if)# switchport port-security maximum 288 Switch(config-if)# switchport port-security Switch( ...
Cisco Systems 3750E - page 615

C HAPTER 27-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 27 Configuring CDP This c hapter d escrib es how to configure Cisco Discovery Prot ocol ( CDP) o n the Catalyst 3750-E or 3560- E sw itch. Unl ess oth erwise noted, the te rm switch refers to a Cataly st 3750- E or 3560-E standalo ne swit ch and to a Catalyst ...
Cisco Systems 3750E - page 616

27-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 27 Co nfigu ring CD P Conf igurin g CDP CDP and Switch Stacks A switch stack ap pears as a single s witch in the netw ork. Theref ore, CDP dis cov ers the switc h stack , not the individual stack mem bers. Th e switch stac k sends CDP message s to neighbor in ...
Cisco Systems 3750E - page 617

27-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 7 Configuring CDP Config uring CDP Use the no form of the CDP commands to return to the de fault settings . This e xample sho ws how to confi gure CDP charac teristic s. Switch# configure terminal Switch(config)# cdp timer 50 Switch(config)# cdp holdtime 120 ...
Cisco Systems 3750E - page 618

27-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 27 Co nfigu ring CD P Conf igurin g CDP This example shows how to enable CDP if it has been di sabled. Switch# configure terminal Switch(config)# cdp run Switch(config)# end Disabling an d Enab ling CDP on a n Interfac e CDP is enabled by def ault on all supp ...
Cisco Systems 3750E - page 619

27-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 7 Configuring CDP Monitoring and Maintaining CDP Monitoring and Maintaining CDP T o m onito r and m aintai n CDP on your device, per form one or mor e of these tasks, begi nning in privileged EXEC mode . Command Description clear cdp counters Reset the traf f ...
Cisco Systems 3750E - page 620

27-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 27 Co nfigu ring CD P Monito ring and Mai ntainin g CDP ...
Cisco Systems 3750E - page 621

CH A P T E R 28-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 28 Configuring LLDP and LLDP-MED This c hapter describ es how to c onfigure the L ink La yer D iscovery Protoc ol (LL DP) an d LLDP Media Endpoin t Discovery ( LLDP-M ED) on the Cata lyst 3 750-E or 3560-E switc h. Unl ess ot herwis e note d, the term swit ...
Cisco Systems 3750E - page 622

28-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 2 8 Configur ing LLDP an d LLDP-MED Underst anding L LDP and LLDP- MED LLDP sup ports a set of att ributes tha t it uses to discover neighbo r devices. The se at trib ut es co nt a in t ype , length, and v alue descriptions and are referred to as TL Vs. LL DP ...
Cisco Systems 3750E - page 623

28-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 8 Configuring LL DP and LLD P-MED Config uring LLDP and LLDP-MED Note LL DP and LLD P-MED cannot operat e simultane ously in a network. By de fault, a network device send s only L LDP pack ets unt il it recei ves LLD P-MED packets f rom an end point de vice. ...
Cisco Systems 3750E - page 624

28-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 2 8 Configur ing LLDP an d LLDP-MED Configur ing LLDP a nd LLDP-M ED Use the no form of each of the LL DP commands to return to the de fault setting. This e xample sho ws ho w to conf igure LLD P character istics. Switch# configure terminal Switch(config)# lld ...
Cisco Systems 3750E - page 625

28-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 8 Configuring LL DP and LLD P-MED Config uring LLDP and LLDP-MED This exam ple sh ows how to disab le LL DP . Switch# configure terminal Switch(config)# no lldp run Switch(config)# end This exampl e sh ows how to enabl e L LDP . Switch# configure terminal Swi ...
Cisco Systems 3750E - page 626

28-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 2 8 Configur ing LLDP an d LLDP-MED Configur ing LLDP a nd LLDP-M ED Configurin g LLDP-M ED TL Vs By def ault, the switch only sends LLDP packets u ntil it recei ve s LLDP-MED p ackets f rom the end device. The device conti nues to send L LDP-M ED pa ckets un ...
Cisco Systems 3750E - page 627

28-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 8 Configuring LL DP and LLD P-MED Monitoring and Maintaining LLDP and LLDP-MED Monitoring and Main taining LLDP an d LLDP-MED T o mon itor and mainta in LLDP a nd LLD P-MED on you r device, perfo rm one or more of these tasks , beginning in pr i vileged E XEC ...
Cisco Systems 3750E - page 628

28-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 2 8 Configur ing LLDP an d LLDP-MED Monito ring and Ma intainin g LLDP and LLDP-M ED ...
Cisco Systems 3750E - page 629

C HAPTER 29-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 29 Configuring UDLD This c hapter descri bes how to c onfigure t he Un iDirec tional Link D etect ion (U DLD) protoc ol on t he Catalyst 3750-E or 356 0-E sw itch. Unl ess otherw ise note d, the term switch refers t o a Cat alyst 375 0-E or 3560- E stan dalo n ...
Cisco Systems 3750E - page 630

29-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 29 Configuring UDLD Underst andin g UDLD A unidirectio nal link occurs wh ene ve r traff ic sent by a local de vice is recei ved by its neighbor but traf fic from the neighb or is not recei ved by the lo cal de vice. In norm al mode, UDL D detect s a unidirec ...
Cisco Systems 3750E - page 631

29-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 9 Configuring UD LD Configur ing UDLD • Ev ent-dr i ven detect ion and ec hoing UDLD re lies on echo ing a s its detectio n mechan ism. Whene ver a U DLD de vice le arns ab out a n e w neighb or or receives a resynchro nizat ion requ est from an out-of -syn ...
Cisco Systems 3750E - page 632

29-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 29 Configuring UDLD Conf igu rin g UDLD • Ena bling UDLD on an Inter fa ce, pa ge 29-6 • Resetti ng an Inte rface Disab led by UDLD, pa ge 29-6 Default UDLD Configuration T ab le 29-1 shows the default U DLD configurati on. Configuratio n Guidelines These ...
Cisco Systems 3750E - page 633

29-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 9 Configuring UD LD Configur ing UDLD Enabling UDL D Globally Beginn ing in pri vileged EXEC mode, follo w these steps to enable UDLD in the aggr essiv e or normal mode a nd to se t th e co nfigurable m essag e time r on all fiber-optic p orts on the switch a ...
Cisco Systems 3750E - page 634

29-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 29 Configuring UDLD Conf igu rin g UDLD Enabling UDL D on an Inte rface Beginn ing in p ri vileg ed EXEC mode, fo llo w thes e steps ei ther to enable U DLD in t he aggressi ve or normal m ode o r to d isable U DLD on a po rt: Resetting an Interface Disabled b ...
Cisco Systems 3750E - page 635

29-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 2 9 Configuring UD LD Displaying UDLD Status Displaying UDLD Status T o display th e UDLD stat us for the specif ied port or for all port s, use the show udld [ interface-id ] pri vileged EXEC comman d. For detaile d informat ion about the f ields in the comman ...
Cisco Systems 3750E - page 636

29-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 29 Configuring UDLD Displa ying U DLD Sta tus ...
Cisco Systems 3750E - page 637

C HAPTER 30-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 30 Configuring SPAN and RSPAN This chap ter de scribe s ho w to conf igure Switched Port Analyze r (SP AN) an d Remote SP AN (RSP AN) on the Cataly st 3750-E or 35 60-E switc h. Unless other wise note d, the term switc h refers to a Catalyst 375 0-E or 3560-E ...
Cisco Systems 3750E - page 638

30-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Understan ding SPAN and RSPA N These sect ions co ntain this co nceptu al in forma tion: • Local SP AN, page 30-2 • Remo te SP AN, page 30-3 • SP AN and RSP AN Conce pts and T erminology , page 30 -4 • SP AN and RSP AN Int ...
Cisco Systems 3750E - page 639

30-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Understandi ng SPAN and R SPAN Figur e 30-2 Example o f Local SP AN Configu ration on a S witch Stac k Remote S PAN RSP AN su pports s ource ports, source VLANs, and destina tion port s on different swi tches (or different switch s ...
Cisco Systems 3750E - page 640

30-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Understan ding SPAN and RSPA N Figur e 30-3 Example o f RSP AN Co nfigur ation SPAN and RS PAN Conc epts a nd Terminology This secti on descri bes conce pts an d terminology associat ed with SP A N and RSP AN co nfiguration. SPAN ...
Cisco Systems 3750E - page 641

30-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Understandi ng SPAN and R SPAN An RSP AN source session is ver y similar to a lo cal SP AN sessi on, ex cept for where the pack et stream is directe d . In an R SP AN source session, SP AN packe ts are rela beled with the RSP AN VL ...
Cisco Systems 3750E - page 642

30-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Understan ding SPAN and RSPA N • T r ans mit (T x) SP A N—Th e goal of tr ansmi t (or egress) SP AN is to monit or as mu ch as poss ible a ll the p ackets sent by the so urce i n terf ace after al l modif ication and p rocess ...
Cisco Systems 3750E - page 643

30-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Understandi ng SPAN and R SPAN A sourc e port has th ese ch arac te ristic s: • It can be m onitored in multiple SP AN sessions. • Each s ource port can be configu red wit h a direc tion (i ngress, egress, o r both) to monit or ...
Cisco Systems 3750E - page 644

30-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Understan ding SPAN and RSPA N Destination Port Each local SP AN session o r RSP AN destination session must have a destination port (also called a monitoring port ) th at rece iv es a copy of traffic from the sour ce port s or VL ...
Cisco Systems 3750E - page 645

30-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Understandi ng SPAN and R SPAN RSPAN V LAN The RSP AN VLAN carr ies SP AN traff ic between RSP AN sourc e and d estination se ssions. It has these special ch aracter istics: • All traf fi c in th e RSP AN VLAN is al wa ys flood e ...
Cisco Systems 3750E - page 646

30-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Configuring SPAN and RSPAN A physical port tha t belongs to an Ethe rChannel group can be con figured as a SP AN source port and still be a part of the Eth erChannel . In this case, data from the physic al port is monitor ed as i ...
Cisco Systems 3750E - page 647

30-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Conf igur ing SPAN an d RSPAN Default SPAN and R SPAN Configura tion T ab le 30-1 shows the default SP AN and R SP AN configuration . Configuring Local SPAN These sec tions co ntain this co nfiguration info rmat ion: • SP AN Co ...
Cisco Systems 3750E - page 648

30-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Configuring SPAN and RSPAN • Y o u can limi t SP AN traff ic to specific VLAN s by using the filter vlan keyword. I f a tr unk po rt is being monitored , only traff ic on the VLANs specif ied with this ke yword is monito red. B ...
Cisco Systems 3750E - page 649

30-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Conf igur ing SPAN an d RSPAN T o delete a SP AN session, use the no monitor session se ssion_numb er globa l configura tion comm and. T o r emove a source or d estinati on port or VL AN fr om the SP AN session, use the no mo nito ...
Cisco Systems 3750E - page 650

30-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Configuring SPAN and RSPAN This example shows how to remov e any e xisting configuration on SP A N session 2, configure SP AN session 2 to moni tor rec eiv e d traff ic on all ports belo nging to VLA Ns 1 throug h 3, and sen d it ...
Cisco Systems 3750E - page 651

30-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Conf igur ing SPAN an d RSPAN T o delete a SP AN session, use the no monitor session se ssion_numb er globa l configura tion comm and. T o r emove a source or d estinati on port or VL AN fr om the SP AN session, use the no mo nito ...
Cisco Systems 3750E - page 652

30-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o monitor all VLANs on the trunk port, use the no monitor session sessi on_num ber filt er glob al configurati on c ommand. This example shows how to remov e any e xisting configuration on SP A N sess ...
Cisco Systems 3750E - page 653

30-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Conf igur ing SPAN an d RSPAN • Y ou can apply a n output A CL to RSP AN traff ic to select i vely f ilter or m onitor specifi c packe ts. Specify these A CLs on the RSP AN VLAN in the RSP AN source switch es. • For RSP AN con ...
Cisco Systems 3750E - page 654

30-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o remo ve the remo te SP AN c haracteristi c from a VLAN an d con ver t it ba ck to a normal VLAN, us e the no r e mote-s pan VLAN co nfigurati on comm and. This exam ple sh ows how to crea te RSP AN ...
Cisco Systems 3750E - page 655

30-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Conf igur ing SPAN an d RSPAN T o delete a SP AN session, use the no monitor session sess ion_numbe r glob al configur ation c omma nd. T o rem ove a source port or VLAN fro m the SP AN sess ion, use the no monitor session sessio ...
Cisco Systems 3750E - page 656

30-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o delete a SP AN session, use the no monitor session se ssion_numb er globa l configura tion comm and. T o r emove a destinat ion por t from the SP AN session, use the no monitor session session_num b ...
Cisco Systems 3750E - page 657

30-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Conf igur ing SPAN an d RSPAN T o delete an RSP AN session, use the no monitor session session_number global configuration comman d. T o remove a destinati on port from the RSP AN session, use t he no monitor se ssion session_num ...
Cisco Systems 3750E - page 658

30-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Specifying VLANs to Filter Beginning in privileged EXEC mo de, follow these steps to con figure the RSP AN source session to limit RSP AN source traf f ic to specif ic VLANs: T o monitor all VLANs on th ...
Cisco Systems 3750E - page 659

30-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Displa ying SPAN an d RSPA N Status Displaying SPAN and RSPAN Status T o display the current SP AN or RSP AN conf iguration, use the show monitor user EXEC co mmand . Y o u can also use the show running-conf ig pri vileged EXE C c ...
Cisco Systems 3750E - page 660

30-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 30 Configuring SPAN and RSPAN Display ing SPAN and RSPAN Status ...
Cisco Systems 3750E - page 661

C HAPTER 31-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 31 Configuring RMON This ch apt er descri bes how to configure Remote Network Monit oring ( RMON) on the Ca talyst 3750 -E or 3560- E sw itch. Unl ess oth erwis e noted, the t erm switch refers to a Catalyst 3750- E or 3560-E standalo ne swit ch and to a Catal ...
Cisco Systems 3750E - page 662

31-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 31 Configuring RM ON Conf igu rin g RMON Figur e 31 -1 Remote Mo nito r ing Ex ample The switc h supports these RM ON groups (defined in RFC 1757) : • Statistics ( RMON group 1)—Collects E thernet statistic s (includi ng Fast Ethernet and Giga bit Ethern e ...
Cisco Systems 3750E - page 663

31-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 31 Configur ing RMON Confi guring R MON Default RMON Configuration RMON is disa bled by default ; no alarms or events are configur ed. Configuring R MON Alarms a nd Events Y o u can configure you r swit ch for RMO N by using the c omma nd-li ne int erface (CLI ...
Cisco Systems 3750E - page 664

31-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 31 Configuring RM ON Conf igu rin g RMON T o disable an alarm, use the no rmon al arm number glo bal con figuration c omma nd on ea ch ala rm you configured . Y ou ca nnot di sable at on ce al l the a larms that yo u con figured. T o disa ble a n event, use th ...
Cisco Systems 3750E - page 665

31-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 31 Configur ing RMON Confi guring R MON Collectin g Group Hist ory St atistics on an Interface Y o u must first configure RM ON a larms and events to display colle ction i nforma tion. Beginning i n privileged E XEC mo de, follow these s teps to coll ect group ...
Cisco Systems 3750E - page 666

31-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 31 Configuring RM ON Displa ying R MON Sta tus T o disa ble t he coll ection o f gr oup E thern et sta tistics, use the no rmon collection stats inde x i nterf ace configurati on c ommand. This e x ample sho ws how to collec t RMON statistic s for the o wner r ...
Cisco Systems 3750E - page 667

C HAPTER 32-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 32 Configuring System Message Logg ing This c hapter d escrib es how to configure system me ssage l ogging on the Catal yst 3750 -E or 3560-E swit ch. Unless othe rwise not ed, the term switch refers to a Catalyst 3750 -E or 35 60-E standa lone swi tch and to ...
Cisco Systems 3750E - page 668

32-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 3 2 Configur ing Syste m Message Logg ing Configur ing System Message L ogging Y ou can access logg ed system messages by usin g the switch co mmand- line inter face (C LI) or by sav ing them to a properly configured syslog server . The switch software sa ves ...
Cisco Systems 3750E - page 669

32-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 2 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng T ab le 32-1 describes the elemen ts of syslog messages . This exam ple sh o ws a p artial s witch system m essage for a stack master and a stack member (hos tname Switc h-2 ): 00:0 ...
Cisco Systems 3750E - page 670

32-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 3 2 Configur ing Syste m Message Logg ing Configur ing System Message L ogging *Mar 1 18:46:11: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) 18:47:02: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) *Mar 1 18:48:50.483 UTC: % ...
Cisco Systems 3750E - page 671

32-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 2 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng Disabling the loggin g process ca n slo w do wn the switch beca use a proce ss must wai t until the messages are writte n to the console b efore c ontinuing. When the loggin g proce ...
Cisco Systems 3750E - page 672

32-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 3 2 Configur ing Syste m Message Logg ing Configur ing System Message L ogging The logging buffered g loba l configur ation comm and c opies l ogging messa ges to a n inte rnal buffer . T he b uf fer is circular , so ne wer messages o verwri te older message s ...
Cisco Systems 3750E - page 673

32-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 2 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng Beginning i n privileged EX EC mo de, fol low these s teps t o configure s ynchr onous log ging . This procedur e is optional. T o disa ble synch ronizat ion of unsolic ited messa g ...
Cisco Systems 3750E - page 674

32-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 3 2 Configur ing Syste m Message Logg ing Configur ing System Message L ogging Enabling a nd Disab ling Time S tamps on Log M essages By default, log message s are not time-stam ped. Beginning in privileged EXEC mo de, follow these steps to enab le time-st amp ...
Cisco Systems 3750E - page 675

32-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 2 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng T o di sable seq uenc e numbers, use the no service seque nce-numbers global co nfiguration c omman d. This example shows part of a logging displa y with seque nce numbe rs enabl ed ...
Cisco Systems 3750E - page 676

32-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 3 2 Configur ing Syste m Message Logg ing Configur ing System Message L ogging T ab le 32-3 descr ibes the le vel keywords. It a lso lists the cor respo nding U NIX s yslog definition s from the most se vere le vel to the least se ve re le vel. The sof tware ...
Cisco Systems 3750E - page 677

32-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 2 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng Beginn ing in p ri vilege d EXEC m ode, follo w these st eps to ch ange the lev el and history table si ze defaults. T his proc edure i s option al. When the histor y table is full ...
Cisco Systems 3750E - page 678

32-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 3 2 Configur ing Syste m Message Logg ing Configur ing System Message L ogging Beginning i n privileged E XEC mo de, follow these s teps to enabl e con figuration loggin g: This e xample sho ws how to enable the conf iguration -change logger an d to set the n ...
Cisco Systems 3750E - page 679

32-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 2 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng Log in as r oot, and perf orm the se steps: Note Som e recent versi ons of UNIX sysl og daemons no longer accept by default syslo g packets from th e networ k. If this is the case ...
Cisco Systems 3750E - page 680

32-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 3 2 Configur ing Syste m Message Logg ing Display ing the Log ging Confi guration T o remo ve a sys log serv er , use the no logging host global configuratio n comma nd, and sp ecify the syslog server IP address. T o disa bl e loggi ng to syslog ser vers, ent ...
Cisco Systems 3750E - page 681

C HAPTER 33-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 33 Configuring SNMP This chapt er describ es ho w to configure the Simpl e Network Manage ment Proto col (SNMP) on th e Catalyst 3750-E or 356 0-E sw itch. Unl ess otherw ise note d, the term switch refers to a Cata lyst 375 0-E or 3560- E stan dalo ne swit ch ...
Cisco Systems 3750E - page 682

33-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 33 Co nfiguring SNMP Underst anding SNM P These sect ions co ntain this co nceptu al in forma tion: • SNMP V e rsions, pa ge 33-2 • SNMP Manage r Functions, page 33-3 • SNMP Agent Functions, pa ge 33-4 • SNM P Co mmuni ty Str ings , p age 33- 4 • Usi ...
Cisco Systems 3750E - page 683

33-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 33 Configur ing SNMP Understanding SNMP T ab le 33-1 identif ies the charac teristics of the diff erent combina tions of security models and le vels. Y o u must configure t he SNMP age nt to use the SNMP versio n supporte d by the manageme nt stati on. Because ...
Cisco Systems 3750E - page 684

33-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 33 Co nfiguring SNMP Underst anding SNM P SNMP Agen t Fun ctions The SNMP a gent respond s to SNMP manager requests as follows: • Get a MIB v a riable—Th e SNMP agent be gins this function in response to a requ est from the NMS. The agen t retri ev es the ...
Cisco Systems 3750E - page 685

33-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 33 Configur ing SNMP Understanding SNMP As shown in Figur e 33-1 , the S NMP agen t gather s data f rom the MIB. Th e agent c an send tr aps, o r notification of c ertain events, to the SNMP ma nager, which receives and processes th e traps. Traps alert the SNM ...
Cisco Systems 3750E - page 686

33-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 33 Co nfiguring SNMP Conf igurin g SNMP SNMP ifIndex MIB Object Values In an NMS, the IF-MIB g ener ates and a ssigns an inte rface index (if Index) obje ct value th at is a unique number gre ater than zero to ident ify a physica l or a logica l interfac e. Wh ...
Cisco Systems 3750E - page 687

33-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 33 Configur ing SNMP Configuring SNMP Default SNMP Configuration T ab le 33-4 shows the default SNM P configurat ion. SNMP Config ura tion Guidelines If the swi tch star ts and the wit ch star tup conf iguration h as at least o ne snmp-server global configurati ...
Cisco Systems 3750E - page 688

33-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 33 Co nfiguring SNMP Conf igurin g SNMP in v alid, and you ne ed to r econfigure SN MP users by usi ng the snm p-se rver user usern ame global configurati on comm and. Similar restri ction s requi re the reco nfiguration of com munity string s when the engi ne ...
Cisco Systems 3750E - page 689

33-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 33 Configur ing SNMP Configuring SNMP Beginning in privileged EXEC mod e, foll ow these steps to configure a co mmuni ty string on the switch: Note T o disabl e acce ss for an SNM P commu nity , set the commu nity string for that co mmuni ty to t he nu ll strin ...
Cisco Systems 3750E - page 690

33-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 33 Co nfiguring SNMP Conf igurin g SNMP This example shows how to assign the string co ma cces s to SNMP , to allo w read-onl y access, and to spec ify that IP acc ess list 4 can use the comm unity s tring to gain acc ess to the switch SNMP agent: Switch(conf ...
Cisco Systems 3750E - page 691

33-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 33 Configur ing SNMP Configuring SNMP Step 3 snmp -server group gr oupnam e { v1 | v2c | v3 { auth | noauth | priv }} [ rea d re a d v i e w ] [ write writevi ew ] [ notify notifyvie w ] [ ac cess access -list ] Configure a ne w SNMP gro up on the remote devic ...
Cisco Systems 3750E - page 692

33-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 33 Co nfiguring SNMP Conf igurin g SNMP Configuring SNMP Notifications A trap manag er is a mana gement sta tion that re cei ves and pro cesses tr aps. T raps are sy stem aler ts that the switc h gener ates whe n cert ain events occu r . By de fault, no trap ...
Cisco Systems 3750E - page 693

33-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 33 Configur ing SNMP Configuring SNMP cluster Gener ates a tr ap when the clu ster conf iguration chan ges. conf ig Gener ates a trap fo r SNMP conf iguration chang es. copy-co nf ig Gene rates a trap for SNMP copy co nfiguration ch anges. entity Gen erates a ...
Cisco Systems 3750E - page 694

33-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 33 Co nfiguring SNMP Conf igurin g SNMP Note Th ough visi ble in the command -line help str ings, t he cpu [ thresho ld ] keyword is not suppo rted on the Catalyst 37 50-E swi tch. Thoug h visible in the comm and- line help stri ngs, the cpu [ threshold ], fr ...
Cisco Systems 3750E - page 695

33-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 33 Configur ing SNMP Configuring SNMP The snmp-ser ver hos t comman d speci fies wh ich ho sts rec ei ve the no tif ications. T he snmp-serv er enab le trap command global ly enables the mech anism for the speci f ied notif ication (f or trap s and informs ). ...
Cisco Systems 3750E - page 696

33-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 33 Co nfiguring SNMP Conf igurin g SNMP Limiting TFTP Server s Used Thr ough SNM P Beginning i n privileged E XEC mo de, follow these s teps to lim it the TFTP servers u sed f or saving a nd loading c onfig uration f iles through SNMP to th e serv ers specif ...
Cisco Systems 3750E - page 697

33-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 33 Configur ing SNMP Disp la yin g S NM P S tatu s This e xample sho ws how to allow re ad-only access for all objec ts to members of access list 4 that use the coma ccess communi ty string. No other SNMP mana gers have access to any objects. SNMP Authentic at ...
Cisco Systems 3750E - page 698

33-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 33 Co nfiguring SNMP Displaying SNMP Status ...
Cisco Systems 3750E - page 699

C HAPTER 34-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 34 Configuring Network Security with ACLs This c hapter d escrib es how to configure network se curity on t he Cata lyst 37 50-E or 3560- E sw itch by using ac cess cont rol lists (A CLs), which in comm ands and tab les are also refe rred to as acce ss lists . ...
Cisco Systems 3750E - page 700

34-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Underst andin g ACLs Y o u configure acce ss lists on a rout er or Layer 3 swit ch to provide basic security fo r your networ k. If you do not c onfigure A CLs, al l packets pa ssing throug h the s witch co uld be allo ...
Cisco Systems 3750E - page 701

34-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Unde rsta ndi ng AC Ls • When an output router A CL and input p ort A CL ex ist in an SVI, incomin g pack ets recei ved on the ports to which a por t A CL is applied are f iltered by the por t A CL. Outgoing routed ...
Cisco Systems 3750E - page 702

34-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Underst andin g ACLs Figur e 34-1 Using A CLs to Contr ol T raff ic to a Netw ork When you apply a port A CL to a trunk port, the A C L filte rs traf f ic o n all VLANs present on the trunk port. When you apply a po rt ...
Cisco Systems 3750E - page 703

34-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Unde rsta ndi ng AC Ls As w ith p ort A C Ls, the swi tch exam ines ACLs asso cia ted wit h feat ures co nfigured on a given inte rface. Howe ver, router ACLs are suppo rted in both direc tions. A s pa ckets en ter t ...
Cisco Systems 3750E - page 704

34-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Underst andin g ACLs • Den y A CEs that check La yer 4 informatio n ne ver match a fragmen t unless th e fragme nt contains Layer 4 infor mati on. Consid er acc ess list 10 2, co nfi gured with these command s, ap pl ...
Cisco Systems 3750E - page 705

34-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Stack memb ers perfor m these ACL functions: • The y recei ve the A CL informat ion from the master switc h and program their har dwar e. • The y act as standby swit ches, r eady t o tak e o ...
Cisco Systems 3750E - page 706

34-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Creating Stan dard and Exten ded IPv4 AC Ls This sec tion describ es IP ACLs. An ACL is a seque ntial collect ion of perm it and de ny condi tions. O ne by one, the switch tes ts pack ets again ...
Cisco Systems 3750E - page 707

34-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Note In addit ion to n umber ed standa rd and ex tended A CLs, you c an also creat e standa rd an d ext ended named IP A CLs by u sing th e sup ported numbers. That is, t he nam e of a standa rd ...
Cisco Systems 3750E - page 708

34-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Creating a Numbered Standard ACL Beginning in privileged EX EC mode, fol low these steps t o create a nu mbered st anda rd A C L: Use th e no access-list access-list- number g lobal co nf igur ...
Cisco Systems 3750E - page 709

34-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs The switch alwa ys re writes the order of standard a ccess lists so that entrie s with host matches and en tries with mat ches having a do n’t car e mask of 0.0.0.0 are mov ed to the top of t ...
Cisco Systems 3750E - page 710

34-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Beginn ing in pri vileged EXEC mode, follo w these steps to create an ex tended A CL: Command Purpo se Step 1 co nfi g ure terminal Enter glob al configura tion mo de. Step 2a a ccess-list ac ...
Cisco Systems 3750E - page 711

34-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs or access-list access- list-num ber { deny | permit } pr ot ocol any any [ prec edence pr ecedence ] [ tos tos ] [ fragmen ts ] [ log ] [ log-input ] [ time-r ange ti me-range-na me ] [ dscp ds ...
Cisco Systems 3750E - page 712

34-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Use the no access- list acc ess-list-number gl obal conf iguration comm and to delete the entire access list. Y o u canno t de lete in dividual ACEs from n umber ed a ccess l ists. This e x am ...
Cisco Systems 3750E - page 713

34-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs After c reating a numbered e xtended A CL, you can a pply it to terminal lin es (see th e “ Applying an IPv4 A CL to a T ermina l Line” s ecti on on pa ge 34-19 ), to interf aces (see the ? ...
Cisco Systems 3750E - page 714

34-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Beginning in privileged EXEC mo de, fol low these steps to crea te a stan dard A CL using na mes: T o remo ve a name d stand ard A CL, use th e no ip access-list standard name gl obal configu ...
Cisco Systems 3750E - page 715

34-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs When you ar e creat ing standa rd extende d A C Ls, reme mber tha t, by default, the end of the A CL contai ns an implicit de ny statement f or everything if it did no t find a mat ch befor e r ...
Cisco Systems 3750E - page 716

34-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Beginning i n privileged E XEC mo de, follow these steps to con figure a time- range parame ter fo r an AC L : Repeat the steps if you ha ve multiple items tha t you want in ef fect at dif fer ...
Cisco Systems 3750E - page 717

34-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs This exampl e uses name d A C Ls to perm it and deny the sa me traffic. Switch(config)# ip access-list extended deny_access Switch(config-ext-nacl)# deny tcp any any time-range new_year_day_200 ...
Cisco Systems 3750E - page 718

34-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Beginning i n privileged EXEC mode, fo llow these st eps to restrict incom ing and outgoi ng conne ction s betwee n a virtual term inal line and th e ad dresses i n a n A CL: T o remo ve an A ...
Cisco Systems 3750E - page 719

34-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Beginn ing in p ri vilege d EXEC m ode, follo w these st eps to co ntrol acce ss to an interf ace: T o remo ve th e specif ied access gro up, use the no ip access-g roup { access-list-n umber | ...
Cisco Systems 3750E - page 720

34-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Hardware and Softw are Treatment of IP ACLs A CL pro cessing i s prima rily accomp lished in hardware, but require s for warding of some traffic flows to the CPU for sof tware proce ssing. If ...
Cisco Systems 3750E - page 721

34-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Use rout er ACLs to do this in one of two ways: • Crea te a stan dard ACL, and filter tr aff ic com ing to th e server from Port 1. • Create an ex tended A CL, and filte r traf fic coming f ...
Cisco Systems 3750E - page 722

34-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Numbered ACLs In this e xample, net work 36.0.0.0 is a Class A netw ork whose seco nd octet spec ifie s a subnet; that is, its subnet ma sk is 255.2 55.0.0 . The thi rd and fou rth oct ets of ...
Cisco Systems 3750E - page 723

34-25 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Named ACLs Thi s e xampl e crea tes a standa rd A CL name d internet_f ilter an d an exten ded ACL name d marketing _gr oup . The internet_filter A CL allows all traffic from the sour ce ad dre ...
Cisco Systems 3750E - page 724

34-26 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs In this ex ampl e of a number ed A CL, the W inter and Sm ith work stations are not al lowed t o bro wse the web: Switch(config)# access-list 100 remark Do not allow Winter to browse the web S ...
Cisco Systems 3750E - page 725

34-27 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Creat ing N ame d MAC Ext end ed AC Ls This i s a an exam ple of a lo g for an ext ended A CL: 01:24:23:%SEC-6-IPACCESSLOGDP:list ext1 permitted icmp 10.1.1.15 -> 10.1.1.61 (0/0), 1 packet 01:25:14:%SEC-6-IPACCES ...
Cisco Systems 3750E - page 726

34-28 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Creating Nam ed MAC Ext ended ACL s Use the no mac access-list extended name glob al conf iguration comma nd to delete th e entire ACL. Y ou can a lso d elete individual ACEs from nam ed MAC extende d A CLs. This exam ...
Cisco Systems 3750E - page 727

34-29 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Configuring VLAN Maps • A Laye r 2 interf ace can ha ve only one MA C access list. If you appl y a MA C acc ess list to a Lay er 2 interface that has a MA C A CL configu red, t he new ACL replaces the pr e viousl ...
Cisco Systems 3750E - page 728

34-30 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Configur ing VLAN M aps T o c reat e a V LAN m ap and appl y it t o one o r mor e VLA Ns, perform th ese steps: Step 1 Create th e standa rd or extende d IPv4 A CLs or name d MAC e xt ended ACLs that you want to appl ...
Cisco Systems 3750E - page 729

34-31 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Configuring VLAN Maps • When a f r ame is L ayer -2 fo rwar ded within a pri vate VLA N, the same VLA N map is applie d at th e ingress side and at t he egress side. Wh en a frame is route d from insi de a private ...
Cisco Systems 3750E - page 730

34-32 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Configur ing VLAN M aps Examples of ACLs and VLAN Maps Thes e exam ples sho w ho w to create A CLs and VLAN maps th at for speci fic purpos es. Example 1 This example shows how to creat e an ACL and a VLAN map to de n ...
Cisco Systems 3750E - page 731

34-33 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Configuring VLAN Maps Example 3 In thi s example, the V LAN map has a d efault a ction of drop for MAC packets an d a default a ction o f forw ard for IP pack ets. Used wit h MA C exten ded acc ess list s good-hosts ...
Cisco Systems 3750E - page 732

34-34 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Configur ing VLAN M aps Applying a VLAN Map to a VLAN Beginning in privileged EXEC mode, fo llow these steps to app ly a VL AN map to one or more VL ANs: T o remo ve the VL AN map, use th e no vlan f ilter m apname vl ...
Cisco Systems 3750E - page 733

34-35 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Configuring VLAN Maps Figur e 34-4 Wir ing Closet Configur ation If you do not want HTT P traff i c switched fr om Host X to Host Y , yo u can configure a VLA N map on Switch A to dr op all HT TP traffic from Host X ...
Cisco Systems 3750E - page 734

34-36 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Using VL AN Ma ps wi th Rout er AC Ls Figur e 34-5 Den y Access t o a Server on Anothe r a VLAN This exam ple sh ows how to deny acce ss to a server on anoth er VLA N by cre ating t he VLAN m ap SER V ER 1 that denies ...
Cisco Systems 3750E - page 735

34-37 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Using VLAN Maps with Router ACLs Note When you use ro uter A CLs with VLA N maps, pack ets that requir e logging o n the rou ter A CLs are not logged if the y are de nied b y a VLAN map. If the VLAN map h as a matc ...
Cisco Systems 3750E - page 736

34-38 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Using VL AN Ma ps wi th Rout er AC Ls Examples o f Router ACLs a nd VLA N Maps App lied to VL ANs This sec tion gives examples of a pply ing route r A C Ls and V LAN m aps to a VLAN for switc hed, bri dged, routed, an ...
Cisco Systems 3750E - page 737

34-39 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Using VLAN Maps with Router ACLs Figur e 34-7 Applying A CLs on Br idged P ack ets ACLs and Routed Packe ts Figure 34-8 sho ws ho w A CLs are applied on r outed pack ets. F or rout ed pack ets, the A CLs are applie ...
Cisco Systems 3750E - page 738

34-40 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Display ing IPv4 AC L Configu ration ACLs and Multicast Pa ckets Figure 34-9 shows ho w A CLs are ap plied on pa ckets that are replicated fo r IP multica sting. A multica st packet being rout ed has two di ff erent k ...
Cisco Systems 3750E - page 739

34-41 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 4 Configuring Netw ork Securit y with ACLs Displaying IPv4 ACL Configu ration Y ou can also d isplay i nformation a bout VLAN access ma ps or VLAN filte rs. Use t h e pri vileged EXEC comm ands in Ta b l e 3 4 - 3 to display VLA N map inf ormation. show ip i ...
Cisco Systems 3750E - page 740

34-42 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 34 Configuring Network Security with ACLs Display ing IPv4 AC L Configu ration ...
Cisco Systems 3750E - page 741

C HAPTER 35-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 35 Configuring IPv6 ACLs When the switch is running the adv anced IP services feature set, y ou can f ilter IP V ersion 6 (IPv6) traf fic by cre ating IPv6 access control lists (A CLs) and applying them to interf aces similarly to the way that you crea te and ...
Cisco Systems 3750E - page 742

35-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 35 Configuri ng IPv6 ACLs Underst andin g IPv6 ACL s Understandin g IPv6 ACLs A swit ch runnin g the advanced IP servi ces fe ature set su pports two types o f IPv6 A CLs: • IPv6 rout er ACLs are suppor ted on outboun d or inbound traffic on Lay er 3 interf ...
Cisco Systems 3750E - page 743

35-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 5 Configuring IPv 6 ACLs Understanding IPv6 ACLs Supporte d ACL F eatures IPv6 A CLs on the switch hav e these characteristics: • Fragme nted frame s (t he fragments keyword as in IPv4) are supporte d. • The sa me sta tistics su pport ed in IPv4 a re supp ...
Cisco Systems 3750E - page 744

35-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 35 Configuri ng IPv6 ACLs Conf igu ring I Pv6 ACLs If a ne w switch tak es ove r as stack master , it distrib utes the AC L conf iguration to all stac k members. The memb er switch es sync up the configu ration dis tributed by the new stack mast er and flush ...
Cisco Systems 3750E - page 745

35-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 5 Configuring IPv 6 ACLs Configuring IPv6 ACLs • If the hard ware me mory is full, for an y additio nal conf igured A CLs, pack ets are forw arded to the CPU, an d th e A C Ls ar e ap plied in sof tware. • The imple menta tion of IPv6 A CLs on Cataly st 3 ...
Cisco Systems 3750E - page 746

35-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 35 Configuri ng IPv6 ACLs Conf igu ring I Pv6 ACLs Step 3a { deny | permit } pr o tocol { source-ipv6-pref ix / p r efix-length | any | host sour ce-ipv 6-address } [ operator [ port- number ]] { destination-ipv6 -pr efix / pref i x-le ngth | any | host desti ...
Cisco Systems 3750E - page 747

35-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 5 Configuring IPv 6 ACLs Configuring IPv6 ACLs Step 3b { deny | permit } tc p { source-ipv6-pref ix / p r efix-length | any | host sour ce-ipv 6-address } [ operator [ port- number ]] { destination-ipv6 - pr ef ix / pref ix-leng th | any | host destination-ip ...
Cisco Systems 3750E - page 748

35-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 35 Configuri ng IPv6 ACLs Conf igu ring I Pv6 ACLs Use the no { deny | permit } IPv 6 access- list configur ation commands wi th keywords to remove the deny or permit conditio ns from the specif ied access list. This example configures the IPv6 a ccess list n ...
Cisco Systems 3750E - page 749

35-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 5 Configuring IPv 6 ACLs Displaying IPv6 ACLs Use the no ipv6 traf fic-f ilter access-list-name interface con f igurat ion comm and to remo ve an acce ss list f rom an interf ace. This example shows how to ap ply the acc ess list Cisco to outbound tr affi c o ...
Cisco Systems 3750E - page 750

35-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapte r 35 Configuri ng IPv6 ACLs Displa ying I Pv6 ACL s ...
Cisco Systems 3750E - page 751

C HAPTER 36-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 36 Configuring QoS This chapte r describes ho w to conf igure quality of service (QoS) b y using automat ic QoS (auto-QoS) comman ds or by using standa rd QoS c ommand s on t he Catalyst 3750-E or 3 560-E swi tch. With QoS, you can p rov ide prefe rential tr e ...
Cisco Systems 3750E - page 752

36-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Underst andin g QoS Understandin g QoS T ypically , networks operate on a best-ef fort deli very basis, wh ich mean s that a ll traf fic ha s equal priority and an equ al chance of being deli vere d in a timely manner . When cong estion ...
Cisco Systems 3750E - page 753

36-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Unde rsta ndi ng QoS Figur e 36-1 QoS Class ificatio n Lay ers in F rames and P ack ets All swi tches and ro uters that a ccess the Inte rnet rely on the cla ss inf ormation to pro vide the sam e forwar ding treatm ent to pack ets with t he ...
Cisco Systems 3750E - page 754

36-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Underst andin g QoS Figure 36-2 sh o ws the basic QoS model. Ac tions at the ingress port incl ude classifying traff ic, policing, markin g, qu eueing , an d s chedul ing: • Classifying a distinct p ath for a pack et by associati n g i ...
Cisco Systems 3750E - page 755

36-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Unde rsta ndi ng QoS Classification Classification is the pro cess of distingu ishing one kind of traffic from anothe r by e xamin ing the fields in the packe t. Classif ication is enabled only if QoS is globally enabled on the switch . By ...
Cisco Systems 3750E - page 756

36-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Underst andin g QoS After cla ssification, th e pac ket is sent to the polic ing, marki ng, and the ing ress queue ing and schedul ing stag es. Figur e 36-3 Classific ation Flo wch art 86834 Generate the DSCP based on IP precedence in pa ...
Cisco Systems 3750E - page 757

36-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Unde rsta ndi ng QoS Classification Based on QoS ACLs Y o u can u se IP st andard , IP exten ded, or Laye r 2 MAC A C Ls to de fine a group of pa ckets wit h the same char act eris tics ( class ). In the QoS conte xt, the permit and deny ac ...
Cisco Systems 3750E - page 758

36-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Underst andin g QoS The po licy map can cont ain the police and polic e aggregate policy- map cla ss configurati on com mand s, which def ine the polic er , the bandwidth li m itation s of the tra ff ic, and the action to take if the lim ...
Cisco Systems 3750E - page 759

36-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Unde rsta ndi ng QoS Policing on Physical Ports In policy m aps o n physic al por ts, y ou can create these types of pol icers: • Indi vidual—QoS applies the bandwid th limits spe cif ied in th e policer separately to eac h matched traf ...
Cisco Systems 3750E - page 760

36-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Underst andin g QoS Figur e 36-4 P olicing and Mar king Flo wch art o n Ph ysical P orts Policing on SVIs Note Be fore configuring a hi erarc hical pol icy map with ind i vidua l policers on an SVI, you must en able VLAN-based QoS on th ...
Cisco Systems 3750E - page 761

36-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Unde rsta ndi ng QoS When co nf iguring polic ing on an SVI, yo u can cr eate a nd conf igure a hie rarchic al polic y map with the se two le vels: • VLAN le ve l—Create this primary le vel by conf iguring class maps and classes that s ...
Cisco Systems 3750E - page 762

36-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Underst andin g QoS Mapping T ables During Qo S processing, the switc h represe nts the pri ority of a ll traff ic (inclu ding non- IP traff ic) with a n QoS label base d on the DSCP or CoS value from the classification st age: • Duri ...
Cisco Systems 3750E - page 763

36-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Unde rsta ndi ng QoS Queuein g and S chedulin g Overview The swi tch has queue s at specif ic points to help pre vent con gestion as s ho wn in Figure 36-6 and Figure 36-7 . Figur e 36-6 Ingr ess and Egr ess Queue Lo cation on Catalyst 375 ...
Cisco Systems 3750E - page 764

36-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Underst andin g QoS Weighted Tail Drop Both the in gress an d e gress qu eues use an enhan ced ve rsion of the tail-dr op cong estion -a voidance mecha nism ca lled weight ed ta il dr op (WTD ). WT D is impleme nted o n que ues t o mana ...
Cisco Systems 3750E - page 765

36-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Unde rsta ndi ng QoS In shar ed mod e, the queues share th e band width am ong th em ac cordi ng to the configured weight s. The bandwidt h is guarante ed at t his level but not limit ed to i t. For example , if a queue i s emp ty and n o ...
Cisco Systems 3750E - page 766

36-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Underst andin g QoS Figur e 36-1 0 Queueing an d Scheduling Fl ow char t for In gress P orts on Cataly st 3560-E S witches Note SRR services the prior ity queue for its conf igured share before servicing the other queue. The switch supp ...
Cisco Systems 3750E - page 767

36-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Unde rsta ndi ng QoS dscp1... dscp8 } or the mls qos srr -queue input cos-map queue qu eue- id { cos1.. .cos8 | thr eshold thr eshold-i d cos1.. .cos8 } global conf iguration command. Y o u c an d is p l ay t he D S C P in p u t q u eu e t ...
Cisco Systems 3750E - page 768

36-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Underst andin g QoS Queueing and Scheduling on Egress Que ues Figure 36-11 and Figure 36-12 show the queue ing and sched uling flowchart s for egress ports. Note If the ex pedite q ueue is en abled, SRR se rvices it u ntil it is empty b ...
Cisco Systems 3750E - page 769

36-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Unde rsta ndi ng QoS Figur e 36-12 Q ueueing an d Sc heduling Fl ow char t f or Egr ess P orts on C atalyst 3560-E S w itche s Each por t supports fo ur egress queue s, one of w hich (queue 1) can be the egress expedite queue . The se queu ...
Cisco Systems 3750E - page 770

36-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Underst andin g QoS b uf fers) or not empty (free b uffer s). If the queu e is not o ver- limit, the switc h can alloca te bu f fer space from t he r eserved poo l or f rom th e co mmon pool (if it is n ot emp ty). I f th ere a re no fr ...
Cisco Systems 3750E - page 771

36-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Unde rsta ndi ng QoS WTD Thresh olds Y o u can assig n each pa cket tha t fl ows through th e switc h to a que ue and to a thresho ld. Spe cifically , you map D SCP or C oS values to an egress queu e an d ma p DSCP or CoS values to a thres ...
Cisco Systems 3750E - page 772

36-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Conf igurin g Auto-Q oS • During policing , IP and non-I P packets ca n have another DS CP assigned to them ( if they are out of prof ile and the polic er spec ifies a ma rkdow n DSCP). Onc e again, the DSCP in the pa cket is not modi ...
Cisco Systems 3750E - page 773

36-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Configuring Auto-QoS Generated Auto-QoS Configuration By def ault, auto -QoS is di sabled on all ports. When au to-QoS is enabled , it use s the ing ress pa ck et label to c ategorize traf fic, to assign pack et labels, and to configure t ...
Cisco Systems 3750E - page 774

36-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Conf igurin g Auto-Q oS trust the QoS label recei ved in the pack et. When a Cisco IP Phone is absent, the ingress classif icati on is set to not trust the QoS label i n the packe t. The switch c onfi gures ingress and e gress queues on ...
Cisco Systems 3750E - page 775

36-25 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Configuring Auto-QoS The switch au tomatical ly maps DSCP v alues to an ingress queue and t o a thre shol d ID. Switch(config)# no mls qos srr-queue input dscp-map Switch(config)# mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 1 ...
Cisco Systems 3750E - page 776

36-26 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Conf igurin g Auto-Q oS The sw itch a utoma tically configures the egress queue buf fer sizes . It configur es the bandwi dth an d th e SRR m ode (sha ped or shared) on the egress queues ma pped to the por t. Switch(config)# mls qos que ...
Cisco Systems 3750E - page 777

36-27 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Configuring Auto-QoS Effects of Auto-QoS on the Configuration When auto- QoS is en abled, the au to qos v oip interface co nfiguration c omman d and the ge nerate d configurati on are add ed to the ru nning configuratio n. The swi tch appl ...
Cisco Systems 3750E - page 778

36-28 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Conf igurin g Auto-Q oS • T o t ake advantage of th e auto- QoS default s, you sho uld ena ble auto- QoS befor e you configu re other QoS com mands. I f necessar y , you can fine-tune the QoS configurat ion, but we r ecomme nd tha t y ...
Cisco Systems 3750E - page 779

36-29 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Configuring Auto-QoS T o display the QoS commands that are automatic ally generated when auto-QoS is enabl ed or disabled, enter the deb ug auto qos pr ivileged EXEC comm and befor e enabling auto -QoS. For more informa tion, see th e debu ...
Cisco Systems 3750E - page 780

36-30 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Conf igurin g Auto-Q oS Auto-QoS Confi guration Example This se ction describe s how you co uld im pleme nt auto- QoS in a ne twork, as shown in Fi gur e 36-14 . For optimum QoS perfo rmance, enab le auto-QoS on all the de vices in the ...
Cisco Systems 3750E - page 781

36-31 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Configuring Auto-QoS Note Y ou shou ld not configure a ny standard QoS com mands before enteri ng the a uto-Qo S com mands. Y ou can fine-t une th e Qo S configura tion, but w e rec ommend tha t you d o so o nly after the a uto-Q oS conf i ...
Cisco Systems 3750E - page 782

36-32 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Displa ying A uto-QoS I nform ation Displaying Auto-Q oS Information T o display the initial auto-Q oS conf iguration, use the show auto qos [ interface [ interface- id ]] privileged EXEC comm and. T o displ ay any use r ch anges to tha ...
Cisco Systems 3750E - page 783

36-33 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Default Standard QoS Configuration QoS is disa bled. Ther e is no conce pt of tru sted or untru sted por ts be cause the packet s are not m odified (the CoS, DSCP , and IP preceden ce v alues in the pack et are n ...
Cisco Systems 3750E - page 784

36-34 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS Default Egress Queue Configur ation T ab le 36-9 shows the default egre ss queue con figuration for ea ch qu eue-set when QoS is ena bled. All ports a re map ped to qu eue-se t 1. T he po rt ban dwidt h lim it ...
Cisco Systems 3750E - page 785

36-35 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Default Mapping Table Conf iguration The default CoS-to-DSCP map is sho wn in T able 36- 12 on page 3 6-63 . The default IP-pre cedenc e-to-D SCP map is shown in T able 36-13 on page 3 6-64 . The de fault DSCP- t ...
Cisco Systems 3750E - page 786

36-36 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS • Follow these gu ideline s wh en c onfiguring pol icy maps on p hysical p orts or SVIs: – Y o u cannot apply the same pol icy map to a physical port and to an SVI. – If VLAN -based QoS is configured on ...
Cisco Systems 3750E - page 787

36-37 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS • A switch that is r unning t he IP se rvices f eature s et suppo rts QoS D SCP and IP preced ence matc hing in polic y-based routing (PBR) r oute maps wi th these limitations: – Y o u cannot apply QoS DSC P ...
Cisco Systems 3750E - page 788

36-38 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS Use the no mls qos vla n-based interface configura tion co mmand to disable VLAN-b ased QoS on the physical por t. Configuring Classification Using Port Trust States These sec tions descr ibe how to classify i ...
Cisco Systems 3750E - page 789

36-39 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Figu re 36-15 Port T rusted St ates w ithin the Qo S Do mai n Beginn ing in pr i vilege d EXEC m ode, follo w these st eps to co nfi gure the p ort to tr ust the classif icati on of the traf fic that it re cei ve ...
Cisco Systems 3750E - page 790

36-40 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS T o return a port to its untrusted state, use the no mls qos trust inte rface c onfigura tion comm and. For informatio n on ho w to chan ge the d efault Co S v alue, see the “C onf iguring the CoS V alue for ...
Cisco Systems 3750E - page 791

36-41 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS T o return to th e defa u lt setting, use the no mls qos cos { def ault- cos | ov erride } interface co nfiguration comm and. Configuring a Truste d Boundary to Ensure Port Securit y In a t ypica l network , you ...
Cisco Systems 3750E - page 792

36-42 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS W i th the t ruste d setti ng, you also can use the trusted bounda ry fea ture to prevent misuse o f a high-pr iority qu eue if a user bypasses the tel ephone a nd conne cts the PC di rectly to t he switch. W ...
Cisco Systems 3750E - page 793

36-43 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS If D SCP t rans par ency is en able d by u sin g the no mls qos rewrite ip dscp command, the swit ch does not modify the DSCP field in the incoming pa cket, and the DSCP field in the outgoin g packet is the same ...
Cisco Systems 3750E - page 794

36-44 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS Figur e 36-16 DSCP -T r ust ed Stat e on a P or t Bor derin g Another Q oS Domain Beginn ing in pr i vilege d EXEC m ode, follo w these st eps to co nf igure the DSCP- trusted stat e on a port and modi fy the ...
Cisco Systems 3750E - page 795

36-45 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS T o return a port to its non-trusted state , use the no mls qos trust interfa ce conf iguration co mmand. T o return to the d efault D SC P-to-DSCP-m utation m ap v alues, us e the no mls qos map dscp-mutation ds ...
Cisco Systems 3750E - page 796

36-46 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS Classifying Traffic by Using ACLs Y o u can classi fy IP tra ff i c by using IP sta ndard or IP extend ed ACLs; you can cla ssify non-I P traffic by usin g Layer 2 MA C A CLs. Beginn ing in pri vileged EXEC mo ...
Cisco Systems 3750E - page 797

36-47 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Beginn ing in pri vileged EXEC mode, follo w these steps to create an IP extended A CL for IP traff ic: T o delete an acc ess list , use the no access-list access-list- number globa l configurat ion comma nd. Thi ...
Cisco Systems 3750E - page 798

36-48 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EXEC mod e, follow these st eps to c reate a L ayer 2 M A C ACL for non-IP t raff ic: T o delete an acc ess list , use the no mac acce ss-list ex tended ac cess-list-name global configu ...
Cisco Systems 3750E - page 799

36-49 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Classifying Traffic by Using Class Ma ps Y o u use the class-map global conf iguration co mmand to name and to isolate a s pecif ic tra f fi c flow (or class) f rom all o ther traf fic. The cla ss map def ines th ...
Cisco Systems 3750E - page 800

36-50 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS T o delete an existin g polic y map, use the no policy-map poli cy-ma p-nam e globa l configuratio n comm and. T o delete an existing cla ss map, use th e no class- map [ match-all | match-any ] class-map-na m ...
Cisco Systems 3750E - page 801

36-51 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Classifying, Policing, and Marking Traff ic on Physical Ports by Using Policy Maps Y o u can co nfigure a nonhier arch ical pol icy map on a physica l port that sp ecifies which traff ic class to act on. Actions ...
Cisco Systems 3750E - page 802

36-52 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EX EC mode, fol low these steps t o create a no nhiera rchic al policy map: Command Purpose Step 1 conf igur e terminal E nter g lobal configuration mode . Step 2 class-map [ match-all ...
Cisco Systems 3750E - page 803

36-53 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Step 5 trust [ cos | dscp | ip-pr ecedence ] Configure the t rust state, w hich QoS uses to gene rate a CoS-ba sed or DSCP-based QoS lab el. Note This co mmand is mutuall y exclusi ve with the set com mand withi ...
Cisco Systems 3750E - page 804

36-54 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS T o delete an existin g polic y map, use the no policy-map poli cy-ma p-nam e globa l configuratio n comm and. T o delete an existing cla ss map, use th e no class c lass-map-name pol icy-map configurat ion co ...
Cisco Systems 3750E - page 805

36-55 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Switch(config-ext-mac)# exit Switch(config)# class-map macclass1 Switch(config-cmap)# match access-group maclist1 Switch(config-cmap)# exit Switch(config)# policy-map macpolicy1 Switch(config-pmap)# class macclas ...
Cisco Systems 3750E - page 806

36-56 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS • The hi erarchic al policy m ap is attached to th e SVI and af fects al l traf fic b elongin g to th e VLAN. The action s specif ied in the VLAN-l e vel p olicy map af fect the traf fi c belong ing to the S ...
Cisco Systems 3750E - page 807

36-57 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Step 3 match { acce ss-group acl-index-or-name | ip dscp dscp-list | ip prec edence ip-pr eceden ce-list } Def ine the match crite rion to classify traf fic. By defau lt, no matc h cr iterion is de fined. Only o ...
Cisco Systems 3750E - page 808

36-58 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS Step 10 policy-map policy- map-nam e Create an inte r face -le vel polic y map b y entering the policy -map name, and en ter po licy-ma p con figuration mode. By defau lt, no pol icy maps are defined, and n o ...
Cisco Systems 3750E - page 809

36-59 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Step 17 trust [ cos | dscp | ip-pr ecedence ] Configure the t rust state, w hich QoS uses to gene rate a CoS-ba sed or DSCP-based QoS lab el. Note This co mmand is mutuall y exclusi ve with the set com mand withi ...
Cisco Systems 3750E - page 810

36-60 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS T o delete an existin g polic y map, use the no policy-map poli cy-ma p-nam e globa l configuration comm and. T o delete an existing cla ss map, use th e no cl ass class-map-na me policy-map c onfiguration com ...
Cisco Systems 3750E - page 811

36-61 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Switch(config-pmap-c)# exit Switch(config-pmap)# class-map cm-2 Switch(config-pmap-c)# match ip dscp 2 Switch(config-pmap-c)# service-policy port-plcmap-1 Switch(config-pmap)# exit Switch(config-pmap)# class-map ...
Cisco Systems 3750E - page 812

36-62 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS T o r emove the specified a ggregate pol icer from a pol icy map, use th e no police agg reg ate aggr egate-polic er-name policy m ap configu ratio n mode. T o delete an aggregate pol icer and it s parame ters ...
Cisco Systems 3750E - page 813

36-63 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Switch(config-pmap-c)# trust dscp Switch(config-pmap-c)# police aggregate transmit1 Switch(config-pmap-c)# exit Switch(config-pmap)# class ipclass2 Switch(config-pmap-c)# set dscp 56 Switch(config-pmap-c)# police ...
Cisco Systems 3750E - page 814

36-64 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS Beginn ing in pr iv ilege d EXEC mode, follo w these steps to modify t he CoS-to-DSCP map . This procedur e is optional. T o return to the defau lt map, use the no mls qos cos-dscp global configuration com man ...
Cisco Systems 3750E - page 815

36-65 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Beginn ing in pr i vilege d EXEC m ode, follo w these st eps to mo dify the I P-precede nce-to-DSCP ma p. This proc edure is option al. T o return to the defau lt map, use the no mls qos i p-prec-dscp global con ...
Cisco Systems 3750E - page 816

36-66 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS T o return to the defau lt map, use the no mls qos policed- dscp glob al conf iguration comman d. This exam ple sh ows ho w to map DSCP 50 to 57 t o a ma rked-down DSCP value of 0: Switch(config)# mls qos map ...
Cisco Systems 3750E - page 817

36-67 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Beginning in privileged EXEC mo de, foll ow these s teps to modif y the DSCP-to- CoS map. This procedur e is optional. T o return to the defau lt map, use the no mls qos dscp-cos global c onfiguration com mand. T ...
Cisco Systems 3750E - page 818

36-68 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EXEC mo de, foll ow these steps to mod ify the DSCP-t o-DS CP-mutati on map . This proc edure is option al. T o return to the defau lt map, use the no mls qos dscp-mutation dscp-m utati ...
Cisco Systems 3750E - page 819

36-69 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Note In the above DSCP-to- DSCP-m utati on map, t he mutat ed values are shown in the bod y of the matrix. Th e d1 colum n specif ies the most-signif icant digit o f the or iginal DSCP; th e d2 ro w specif ies th ...
Cisco Systems 3750E - page 820

36-70 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds Y ou can prioritize traf fic b y placing pack ets with particul ar DSCPs or CoSs into certain queues and adjusting the queue thr eshold ...
Cisco Systems 3750E - page 821

36-71 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS This exampl e shows ho w to map DSCP values 0 to 6 to ingres s queue 1 an d to thresh old 1 with a dro p thresho ld of 50 p ercent. It m aps DSC P values 20 to 2 6 to in gress queu e 1 a nd to th reshold 2 with a ...
Cisco Systems 3750E - page 822

36-72 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS Beginn ing in pri vileg ed EXEC mode, follo w these steps to allocate bandwid th between the ingress queues. This p rocedur e i s optio nal. T o return to the default setting, use the no mls qos srr - queue in ...
Cisco Systems 3750E - page 823

36-73 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Beginning in privileged EXEC mod e, follow these steps to configure the pri ority queue. T his proc edure is optional. T o return to the default setting, use the no mls qos srr - queue input priority-queue queue- ...
Cisco Systems 3750E - page 824

36-74 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS These sec tions co ntain this co nfiguration in format ion: • Configuration Gu idelines, page 36-74 • Alloca ting Buffer Space to and Setti ng WTD Thre sholds for an Egress Q ueue-Set , page 36- 74 (option ...
Cisco Systems 3750E - page 825

36-75 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Beginning i n privileged EXEC mode, follow these steps to configure the me mory al loca tion and to drop thresholds for a queue-se t. This procedure is optional. Comma nd Purpos e Step 1 conf igur e terminal Ente ...
Cisco Systems 3750E - page 826

36-76 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS T o return to the default setting, use the no mls qos queue-set output qset-id bu f f e r s global conf iguratio n command. T o return to the defa ult WTD threshold percen tages, use the no mls qos queue-set o ...
Cisco Systems 3750E - page 827

36-77 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Beginning in privileged EXE C mode, follow thes e st eps to map DSCP or CoS values to an egress queu e and to a thr eshold ID . This procedur e is optio nal. T o r eturn to th e defaul t DSCP output queu e thre s ...
Cisco Systems 3750E - page 828

36-78 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS Configuring SRR Sh aped Weights on Egress Queues Y ou can spec ify ho w much of t he av ailable bandwi dth is allo cated to each queue. The r atio of the weig hts is the ra tio of frequen cy i n which the SR R ...
Cisco Systems 3750E - page 829

36-79 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Confi guring Standa rd QoS Configuring SRR Sh ared Weights on Egress Queues In shar ed mod e, the queues share th e band width am ong th em ac cordi ng to the configured weight s. The bandwidth is gu aranteed at this le vel b ut not limite ...
Cisco Systems 3750E - page 830

36-80 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Configur ing Standar d QoS Beginn ing in pri vileged EXEC mode, follo w these steps to enable the e gress e xpedite queue. This procedur e is optional. T o dis able the egres s expedi te qu eue, us e th e no priority-queue out interface ...
Cisco Systems 3750E - page 831

36-81 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 6 Configuring Qo S Displaying Standard QoS Information T o return to the default setting, use the no srr -queue band width limit interface configura tion comm and. This exam ple sh ows how to limit the ba ndwid th on a port to 8 0 per cent: Switch(config)# i ...
Cisco Systems 3750E - page 832

36-82 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 36 Conf igur ing Q oS Display ing Standar d QoS Inform ation show policy- map [ polic y-map- name [ clas s class-m ap-name ]] Display QoS po licy maps, w hich define cla ssification cri teria fo r inco ming traffic. Note Do not use the show policy-map interf ...
Cisco Systems 3750E - page 833

C HAPTER 37-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 37 Configuring EtherC hannels and Link-State Tracking This cha pter descri bes how to configure EtherCha nnels on La yer 2 an d Layer 3 ports on t he Catalyst 3750-E o r 3560-E switch . Ethe rChanne l provides fault-tole rant h igh-spe ed links betwee n switch ...
Cisco Systems 3750E - page 834

37-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 37 Conf igur ing Ethe rCha nne ls a nd Li nk- State Tra ckin g Underst anding Et herChan nels • Load -Balan cing and Forwarding Meth ods, page 3 7-8 • EtherCha nnel and Switch Stacks, page 37-10 EtherChann el Overview An Ethe rChan nel c onsists o f indiv ...
Cisco Systems 3750E - page 835

37-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 7 Configuring EtherCh annels and Link-State Tra cking Understa nding Et herChann els Y o u can configure an Ether Chann el in one of these mode s: Port Aggregati on Protoco l (P AgP), Link Aggregation C ontro l Prot ocol (L ACP), or On. C onfigure bo th ends ...
Cisco Systems 3750E - page 836

37-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 37 Conf igur ing Ethe rCha nne ls a nd Li nk- State Tra ckin g Underst anding Et herChan nels Figur e 37 -3 Cros s-Stac k EtherChannel Port-Chan nel Interfaces When you cre ate an E therCha nnel , a po rt-cha nnel logi cal i nterfa ce is inv o lved: • W ith ...
Cisco Systems 3750E - page 837

37-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 7 Configuring EtherCh annels and Link-State Tra cking Understa nding Et herChann els Figur e 37 -4 Relationship of P h ysical P orts, Logica l Por t Channels, and Channel Gr oups After y ou conf igure an Eth erCha nnel, conf iguration change s appli ed to the ...
Cisco Systems 3750E - page 838

37-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 37 Conf igur ing Ethe rCha nne ls a nd Li nk- State Tra ckin g Underst anding Et herChan nels PAgP Modes T ab le 37-1 shows the user-configurab le Ethe rChan nel P A gP mo des f or the channel-group interfa ce configurati on c ommand. Switch por ts exchange P ...
Cisco Systems 3750E - page 839

37-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 7 Configuring EtherCh annels and Link-State Tra cking Understa nding Et herChann els P AgP sends an d receives P A gP PDUs only fr om ports th at are up an d hav e P AgP ena bled for the auto or desira ble m ode. Link Aggreg ation Control Pro tocol The LACP i ...
Cisco Systems 3750E - page 840

37-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 37 Conf igur ing Ethe rCha nne ls a nd Li nk- State Tra ckin g Underst anding Et herChan nels In Lay er 2 EtherC hannels , the first port in th e ch annel that c omes up provide s its MAC addre ss to the Ether Channel . If this por t is rem oved from the bund ...
Cisco Systems 3750E - page 841

37-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 7 Configuring EtherCh annels and Link-State Tra cking Understa nding Et herChann els W ith source -IP address- based forwardin g, when pa ckets are fo rwarded t o an Ether Channel , they are distributed acros s the port s in the Ethe rChanne l based on the so ...
Cisco Systems 3750E - page 842

37-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 37 Conf igur ing Ethe rCha nne ls a nd Li nk- State Tra ckin g Underst anding Et herChan nels Figur e 37 -5 Load Distr ibution and F orwa rding Methods EtherChann el and S witc h Stack s If a stack mem ber that ha s ports part icipati ng in an Eth erChanne l ...
Cisco Systems 3750E - page 843

37-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 7 Configuring EtherCh annels and Link-State Tra cking Config uring EtherCh annels For more information about switch stack s, see Chapter 5, “ Managing Swi tch Stacks.” Configuring Eth erChannels These sec tions co ntain this co nfiguration info rmat ion: ...
Cisco Systems 3750E - page 844

37-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 37 Conf igur ing Ethe rCha nne ls a nd Li nk- State Tra ckin g Configur ing EtherChann els EtherChann el Configuratio n Guidelin es If imp roper ly con figured, so me E therCha nnel ports are a utomati cally disa bled t o av oid n etwork loops and othe r pro ...
Cisco Systems 3750E - page 845

37-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 7 Configuring EtherCh annels and Link-State Tra cking Config uring EtherCh annels – An Ethe rChanne l suppor ts the same allowed range of VL ANs on all t he port s in a trunking Layer 2 EtherCh annel. I f the a llowed range of VL ANs is not th e sam e, the ...
Cisco Systems 3750E - page 846

37-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 37 Conf igur ing Ethe rCha nne ls a nd Li nk- State Tra ckin g Configur ing EtherChann els T o r emove a p ort fr om t he Eth erCha nnel group, use the no channel-group interface configurat ion comm and. Step 4 channel- group c hann el-gr oup- number mo de { ...
Cisco Systems 3750E - page 847

37-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 7 Configuring EtherCh annels and Link-State Tra cking Config uring EtherCh annels This exam ple sh ows how to configure an Eth erChann el o n a si ngle swi tch in the st ack. I t assigns two ports as static-acce ss ports in VLAN 10 to channel 5 with the P Ag ...
Cisco Systems 3750E - page 848

37-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 37 Conf igur ing Ethe rCha nne ls a nd Li nk- State Tra ckin g Configur ing EtherChann els Beginning in pr ivileged EXEC mod e, follow these st eps to crea te a port -channe l inter face for a Laye r 3 Ether Channel . Th is proc edure is re quir ed. T o remo ...
Cisco Systems 3750E - page 849

37-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 7 Configuring EtherCh annels and Link-State Tra cking Config uring EtherCh annels Step 5 channel- group c hann el-gr oup- number mo de { auto [ non- silent ] | desirable [ no n-silent ] | on } | { active | passive } Assign th e port to a ch annel gr oup, an ...
Cisco Systems 3750E - page 850

37-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 37 Conf igur ing Ethe rCha nne ls a nd Li nk- State Tra ckin g Configur ing EtherChann els This example shows ho w to configure an Et herChann el. It assign s two ports to c hannel 5 w ith the LACP mode ac tive : Switch# configure terminal Switch(config)# in ...
Cisco Systems 3750E - page 851

37-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 7 Configuring EtherCh annels and Link-State Tra cking Config uring EtherCh annels T o r etu rn Eth erCha nnel l oad -balan cing to the de fault configurat ion, u se the no port-channel load-balanc e global con figurati on comm and. Configuring the PAgP Le ar ...
Cisco Systems 3750E - page 852

37-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 37 Conf igur ing Ethe rCha nne ls a nd Li nk- State Tra ckin g Configur ing EtherChann els Beginning i n privileged EX EC mo de, fol low these s teps t o configure y our sw itch a s a P AgP physical- port lea rner a nd to a djust the p riority so th at the s ...
Cisco Systems 3750E - page 853

37-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 7 Configuring EtherCh annels and Link-State Tra cking Config uring EtherCh annels If you configure more than ei ght links for an EtherC hannel group, the software automa tical ly decide s which of th e hot-stand by ports to make active based on the LA CP pri ...
Cisco Systems 3750E - page 854

37-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 37 Conf igur ing Ethe rCha nne ls a nd Li nk- State Tra ckin g Configur ing EtherChann els Configuring the LACP Port Pr iority By def ault, al l ports us e the same port pr iority . If the loca l system has a lo wer va lue for the syste m priority a nd the s ...
Cisco Systems 3750E - page 855

37-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 7 Configuring EtherCh annels and Link-State Tra cking Displaying EtherC hannel , PAgP, and LACP Sta tus Displaying EtherCh annel, PAgP, and LACP Status T o disp lay Eth erChanne l, P AgP , and LA CP sta tus in for matio n, use the pri vile ged EXEC c omman d ...
Cisco Systems 3750E - page 856

37-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 37 Conf igur ing Ethe rCha nne ls a nd Li nk- State Tra ckin g Underst anding L ink-State Tracking When you e nable link-st ate track ing on the sw itch, the link states of the downstream ports are bound to the li nk state of one o r more of the upst ream p ...
Cisco Systems 3750E - page 857

37-25 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 7 Configuring EtherCh annels and Link-State Tra cking Configuring Link-State Tracking Figur e 37 -6 T ypical Link-Stat e T rac king Configur ation Configuring Link -State Tracking These sec tions descr ibe how to configure link-st ate trac king port s: • D ...
Cisco Systems 3750E - page 858

37-26 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 37 Conf igur ing Ethe rCha nne ls a nd Li nk- State Tra ckin g Configur ing Link-S tate Tracki ng Default Link-Sta te Track ing Con figuratio n There are no li nk-stat e grou ps defined, and link-st ate tra cking is n ot ena bled f or a ny group. Link-State ...
Cisco Systems 3750E - page 859

37-27 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 3 7 Configuring EtherCh annels and Link-State Tra cking Configuring Link-State Tracking Switch(config-if)# interface gigabitethernet1/0/3 Switch(config-if)# link state group 1 downstream Switch(config-if)# interface gigabitethernet1/0/5 Switch(config-if)# link ...
Cisco Systems 3750E - page 860

37-28 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Ch apter 37 Conf igur ing Ethe rCha nne ls a nd Li nk- State Tra ckin g Configur ing Link-S tate Tracki ng ...
Cisco Systems 3750E - page 861

C HAPTER 38-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 38 Configuring IP Unicast Ro uting This chapt er describ es how to conf igure IP V ersion 4 (IPv 4) unicas t routing on the Catalyst 3750-E or 3560- E sw itch. Unl ess oth erwise noted, the te rm switch refers to a Cataly st 3750-E or 356 0-E standal one switc ...
Cisco Systems 3750E - page 862

38-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Underst anding IP Ro uting Note When configuring routing parameter s on the switch and to allocate system resourc es to maximize the number of un icast routes allowed, you ca n use the sdm pr efer r outing global c onfigurat i ...
Cisco Systems 3750E - page 863

38-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Unders tanding IP Routi ng Default ro uting refe rs to sendi ng traffic with a destination unknown to the route r to a default outle t or destinatio n. Static unicas t routi ng fo rwards pa ckets from pre deter mined ports t ...
Cisco Systems 3750E - page 864

38-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Underst anding IP Ro uting Stack memb ers per form these fun ction s: • The y act as routi n g standb y switches, rea dy to take o ver in case they are elec ted as the new s tack master if the stack master fails. • The y p ...
Cisco Systems 3750E - page 865

38-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Steps f or Co nfiguri ng Routing Steps for Configurin g Routing By default, IP ro uting is disabl ed on the sw itch, and yo u must enable it before rou ting ca n take place . For detailed IP routing co nf iguration in formati ...
Cisco Systems 3750E - page 866

38-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g IP Ad dr essi ng • Configuring A ddress Re solutio n Met hods, page 38 -9 • Rout ing Assistan ce W hen I P Rout ing is Dis abled, page 38- 12 • Conf iguri ng Bro adca st Pack et Hand ling, pa ge 38-1 4 • ...
Cisco Systems 3750E - page 867

38-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Config uring I P Address ing Assigning IP Address es to Netwo rk Interface s An IP ad dress identi fie s a location to which IP pack ets ca n be s ent. Som e IP add resses are reser ved for special u ses an d ca nnot be used ...
Cisco Systems 3750E - page 868

38-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g IP Ad dr essi ng Classless Routing By default, classless routing beha vior is enabled on the switch when it is confi g ured to route. W ith classle ss routing , if a route r receives packets for a subnet of a net ...
Cisco Systems 3750E - page 869

38-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Config uring I P Address ing Figur e 38-3 No IP Clas sless Ro uting T o p revent the swi tch f rom for warding packets destined for unre cogniz ed subne ts to the be st supe rnet route poss ible, you can disab le classl ess r ...
Cisco Systems 3750E - page 870

38-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g IP Ad dr essi ng The swi tch can use these forms of address r esolutio n: • Address Resolut ion Protoc ol (ARP) i s used to associa te IP ad dress wi th MA C ad dresses. T aking a n IP addre ss as i nput, ARP ...
Cisco Systems 3750E - page 871

38-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Config uring I P Address ing T o remove an entr y from t he ARP cach e, us e the no arp i p - a d d re s s h a rd w a re - a d d re s s t y p e global conf iguratio n command . T o remo ve all nons tatic ent ries from th e A ...
Cisco Systems 3750E - page 872

38-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g IP Ad dr essi ng Enable Proxy ARP By default, the sw itch uses pro xy ARP to help hosts learn MA C address es of hosts on othe r networks or subnets. Beginning i n privileged EX EC mo de, fol low these s teps t ...
Cisco Systems 3750E - page 873

38-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Config uring I P Address ing Beginning i n privileged E XEC mo de, follow these steps to d efine a de fault gat ew ay (ro uter) when IP routing is disa bled: Use the no ip default-gateway global c onfigurat ion co mmand to d ...
Cisco Systems 3750E - page 874

38-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g IP Ad dr essi ng If you chang e the maxadvertinterv al va l u e , th e holdtime and minadvertinterval v alues also cha nge, so it is importan t to f irst change the ma xadvertinte rval v alue , before ma nuall y ...
Cisco Systems 3750E - page 875

38-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Config uring I P Address ing Enabling Directed Broadcast-to- Physical Broadcast Translation By default, IP direct ed broadc asts are dr opped; th ey are not forwarde d. Drop ping IP-di rected broa dcast s makes router s less ...
Cisco Systems 3750E - page 876

38-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g IP Ad dr essi ng Forwarding UDP Broadcast Packets and Prot ocols User Da tagram Prot ocol (U DP) is an IP host -to-host layer prot ocol, as is TCP . UDP provides a low-ov e rhead, conn ectionle ss session betw e ...
Cisco Systems 3750E - page 877

38-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Config uring I P Address ing Establishing an IP Broadcast Address The mo st po pular IP broadc ast address (and the d efault) i s an add ress cons isting of al l ones (255.255 .255.2 55). Howe ver , the sw itch can b e co nf ...
Cisco Systems 3750E - page 878

38-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g IP Ad dr essi ng Beginning i n privileged EX EC mo de, fol low these s teps t o use the b ridging sp anni ng-tre e datab ase to flood U DP dat agram s: Use the no ip f orwa rd-protocol spanning-tree global co nf ...
Cisco Systems 3750E - page 879

38-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Enabli ng IP Unic ast Rout ing Enabling IP Uni cast Routing By default, the switch is in Layer 2 switching mode and IP routin g is disabled. T o use the Layer 3 capabiliti es of the switch, you must enable I P routing. Begin ...
Cisco Systems 3750E - page 880

38-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g RIP Switch(config-router)# network 10.0.0.0 Switch(config-router)# end Y o u can now set up parame ters for the selected routing prot ocols as de scribed in these sect ions: • Conf igur ing R IP , page 38-2 0 ...
Cisco Systems 3750E - page 881

38-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring RIP Default RIP Configuration T ab le 38-4 shows the default RIP conf iguration. Configuring Basic RIP Parameters T o con figure RIP , you enable RIP routing fo r a network and opt ionall y configure ot her param ...
Cisco Systems 3750E - page 882

38-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g RIP T o turn off the RIP rout ing process, use the no router rip global co nfigurati on comma nd. T o di splay the parame ters and cu rren t state of th e active routing pro tocol process , use the show ip proto ...
Cisco Systems 3750E - page 883

38-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring RIP Configuring RIP Authentication RIP V ersion 1 does not suppor t authe nticat ion. If you are se nding a nd re ceiving RIP V ersi on 2 p ackets, you can en able RIP authen tication o n an interf ace. The ke y ...
Cisco Systems 3750E - page 884

38-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g RIP Beginn ing in pri vileged EXEC mode, follo w these steps to set an inte rfac e to advertise a summa rized local IP address and to di sable split horizon on the interfa ce: T o disable IP summarization, use t ...
Cisco Systems 3750E - page 885

38-25 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Config uring OSPF Beginning in privileged EX EC mode , foll ow these s teps to disable split horizon on t he in terface: T o enable the split horizon m echanis m, use the ip split -horizon i nter face configur ation co mman ...
Cisco Systems 3750E - page 886

38-26 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configuring OSPF These sec tions co ntain this co nfiguration in format ion: • Default OSPF Configuration, page 38-26 • Configuring Basic OSPF Paramete rs, page 38-29 • Configuring OSPF Interfa ces, page 38-29 • Confi ...
Cisco Systems 3750E - page 887

38-27 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Config uring OSPF OSPF Nonstop Forwarding The switc h stack supp orts two levels of nonstop forwardin g (NSF): • OSPF NSF A warene ss, page 38-28 • OSPF NSF Capability , page 38-28 Distance OSPF dist1 (a ll rout es with ...
Cisco Systems 3750E - page 888

38-28 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configuring OSPF OSPF NSF Awareness The IP-services feature set suppor ts OSPF NSF A war eness supported for IPv4 . When the neighboring router is NSF-capabl e, the L ayer 3 switch co ntinue s to forward pac kets from the nei ...
Cisco Systems 3750E - page 889

38-29 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Config uring OSPF Configuring Basic OSPF Parameters Enabling OSPF r equires that you creat e an OSPF routi ng process, specify the r ange of IP addresses to be asso ciated with the routing p roces s, and assig n area IDs to ...
Cisco Systems 3750E - page 890

38-30 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configuring OSPF Use the no form of thes e command s to remo ve the conf igured param eter valu e or retur n to the default value. Step 3 ip ospf cost (Opti onal) Explicitl y specify the cost of sending a packet on the interf ...
Cisco Systems 3750E - page 891

38-31 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Config uring OSPF Configuring OSPF Area Parameters Y ou can option ally confi gure se veral OSPF a rea para meters. Th ese parameters include authentic ation for pa ssw ord-b ased pr otec tion aga inst unautho rized acc ess ...
Cisco Systems 3750E - page 892

38-32 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configuring OSPF Use the no form of thes e command s to remo ve the conf igured param eter valu e or to retu rn to the default value. Configuring Other OS PF Para meters Y ou can option ally confi gure other OSPF para meters ...
Cisco Systems 3750E - page 893

38-33 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Config uring OSPF Beginning in privile ged EXEC mode, follow the se steps to configure these OSPF parameter s: Command Purpose Step 1 conf igur e terminal E nter g lobal configuration mode . Step 2 router ospf pr oc ess-id E ...
Cisco Systems 3750E - page 894

38-34 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configuring OSPF Changing LSA Gro up Pa cing The OSPF LS A group pacing feature allows the router to group OSPF L SAs and pa ce the re freshing, check- sum ming , and agi ng f unctio ns for mo re efficient rout er us e. T his ...
Cisco Systems 3750E - page 895

38-35 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring EIGRP Monitoring OSPF Y ou can display specifi c statistics such as th e conten ts of IP r outing table s , caches, and database s. T ab le 38-6 lists some of the pr ivileged EXEC co mman ds for displ aying stati ...
Cisco Systems 3750E - page 896

38-36 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configur ing EIGRP EIGRP of fers these f eatures: • Fast co n vergenc e. • Incr emen tal upd ate s when the s tate of a des tinat ion chang es, i nstea d of sen ding t he en tire c ontent s of the routi ng ta ble, m inimi ...
Cisco Systems 3750E - page 897

38-37 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring EIGRP • Configuring E IGRP Route Au thentic ation, page 3 8-41 • EIGRP Stub Routi ng, pag e 38-42 • Moni tor ing and Mai ntainin g EIGR P , page 38- 4 3 Note T o enab le EIGRP , the switc h or stack mas ter ...
Cisco Systems 3750E - page 898

38-38 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configur ing EIGRP T o cr eate an EIG RP routin g process, yo u must enable EIGRP and asso ciat e networks . EIGRP sends updates to the interf aces in the specif ied networ ks. If you do not specify an interface netw o rk, it ...
Cisco Systems 3750E - page 899

38-39 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring EIGRP EIGRP N SF Capabili ty The Cat alyst 3750- E IP-se rvices fea ture set also suppor ts EIGRP NSF-c apabl e routing fo r IPv4 for better con ve rge nce and lo wer traf fic loss follo win g a stack master ch a ...
Cisco Systems 3750E - page 900

38-40 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configur ing EIGRP Use the no forms of th ese comman ds to disa ble the featur e or retur n the sett ing to the de fault v alue. Configuring EIGRP Interfaces Other o ptiona l EIG RP para meter s can be co nfigured on an i nte ...
Cisco Systems 3750E - page 901

38-41 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring EIGRP Use the no forms of these co mmand s to disabl e the feat ure or re turn the sett ing to the defa ult v alue. Configuring E IGRP Ro ute Authentication EIGRP r oute a uthenti cation provides MD5 authen ticat ...
Cisco Systems 3750E - page 902

38-42 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configur ing EIGRP Use the no forms of these commands to disable the feature or to return the setting to the default v alue. EIGRP Stub R outing The EIGRP stub routing featu re, av ailable in all featur e sets, reduces resour ...
Cisco Systems 3750E - page 903

38-43 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring BGP Figur e 38-4 EIGRP St ub Rout er Config urat ion For more inf ormation about E IGRP stub routing, see “Configu ring EIGRP St ub Rout ing” sect ion of the Cisco IO S IP Configuration Gui de, V olume 2 of 3 ...
Cisco Systems 3750E - page 904

38-44 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g BGP For details about BGP co mman ds and keywords, se e the “IP Ro uting Protocols” part of the Cis co IO S IP Com mand Re fer ence, V ol ume 2 of 3: Routi ng Protocols, Rele ase 12. 2 . For a lis t of BGP c ...
Cisco Systems 3750E - page 905

38-45 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring BGP In BGP , ea ch rout e con sists of a n etwork number, a list of aut onomo us system s th at infor matio n has passed thr ough (the a utonomous syst em path ), and a list of oth er path attri butes . Th e prim ...
Cisco Systems 3750E - page 906

38-46 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g BGP T a ble 38-9 Def ault BGP Configur ation Feature Default Setting Aggregat e addr ess Disabled: N one de fined. AS pa th acce ss list None defined. Au to s umm ar y Enab led. Bes t pat h • Th e rou ter cons ...
Cisco Systems 3750E - page 907

38-47 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring BGP Nonstop Forwarding Awareness The BGP NSF A wareness f eature is su pported f or IPv4 in the IP s ervices fea ture set . T o enable th is featu re with BGP ro uting, you need to en able Gr aceful Restart. When ...
Cisco Systems 3750E - page 908

38-48 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g BGP neig hbor ing r out er duri ng the inte rval betw een t he pr imar y Rout e Process or (R P) in a r outer f aili ng a nd the backup RP taking over , or while the primar y RP is manua lly relo aded fo r a non ...
Cisco Systems 3750E - page 909

38-49 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring BGP Use the no route r bgp aut onomous-s ystem global co nfiguration comma nd to r emove a BGP AS. Use the no network network- number router configuration com mand to re move the network fr om the BGP tabl e. Use ...
Cisco Systems 3750E - page 910

38-50 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g BGP Router B: Switch(config)# router bgp 200 Switch(config-router)# neighbor 129.213.1.2 remote-as 100 Switch(config-router)# neighbor 175.220.1.2 remote-as 200 Router C: Switch(config)# router bgp 200 Switch(co ...
Cisco Systems 3750E - page 911

38-51 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring BGP establi sh a TCP sessi on. A s oft re set al lows the dynam ic excha nge of route refresh request s and routing informa tion b etween B GP rout ers a nd th e subseq uent re-ad ver tisemen t of t h e res pecti ...
Cisco Systems 3750E - page 912

38-52 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g BGP Configuring BGP Decision Attributes When a BGP speak er receiv es updates from multiple autono mous systems that describe dif ferent paths to the sa me destination, it must ch oose the single best path for r ...
Cisco Systems 3750E - page 913

38-53 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring BGP Beginning i n privileged EX EC mo de, fol low these s teps t o configure s ome d ecision attr ibutes: Command Purp ose Step 1 co nfi g ure terminal Enter globa l configura tion mode . Step 2 r outer bgp auton ...
Cisco Systems 3750E - page 914

38-54 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g BGP Use the no form of ea ch com mand t o retu rn t o the defau lt stat e. Configuring BGP Filtering with Route Maps W i thin B GP , route maps can be used t o cont rol a nd to m odif y rou ting in forma tion an ...
Cisco Systems 3750E - page 915

38-55 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring BGP path, comm unity , and network num bers. Auto nomous sys tem path mat ching re quires the match as-path access-lis t rou te-ma p command , commu nity based ma tching re quires the match community-list route- ...
Cisco Systems 3750E - page 916

38-56 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g BGP Configuring Prefix Lists for BGP Filtering Y ou can use p ref ix lists a s an alte rnati ve to acces s list s in man y BGP rou te fi ltering comman ds, inclu ding the neighbor distribute-list router configur ...
Cisco Systems 3750E - page 917

38-57 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring BGP sequence number command; to reenabl e automatic generation, u se the ip pref ix-list sequence number command. T o clear the hit-co unt table of p ref ix list entrie s, use the c lear ip pr ef ix-list pri vile ...
Cisco Systems 3750E - page 918

38-58 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g BGP Configur ing BGP Neighbors and Peer Grou ps Often m any BGP ne ighbo rs are configured wit h the same up date policie s (tha t is, the sa me out bound route ma ps, distribute lists, filter l ists, update sou ...
Cisco Systems 3750E - page 919

38-59 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring BGP Step 7 neighbor { ip-addre ss | pe er-gr oup -name } default-originate [ route-map ma p-name ] (Optional) Allo w a BGP speak er (t he local r outer) to send th e default r oute 0 .0.0.0 to a n eighbor for use ...
Cisco Systems 3750E - page 920

38-60 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g BGP T o d isab le an existing B GP ne ighbor or nei ghbor peer g roup, use th e neighbor shutdown r outer configurat ion comm and. T o enab le a previous ly existing nei ghbo r or neighbo r peer gr oup that had ...
Cisco Systems 3750E - page 921

38-61 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring BGP T o delete an aggre gate entry , use the no aggregate-addr ess addr ess mask rou ter configuration comma nd. T o retur n option s to the de faul t v alues, use the comm and with ke ywor ds. Configuring Routin ...
Cisco Systems 3750E - page 922

38-62 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Conf igurin g BGP When the ro ute refl ector recei ves an ad vert ised route, it tak es one of these act ions, dependi ng on the neighb or: • A route from an e xternal B GP speak er is adv e rtise d to all c lients and nonc ...
Cisco Systems 3750E - page 923

38-63 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring BGP Beginning i n privileged E XEC mo de, use thes e com mands t o configure BGP ro ute dampen ing: T o disa ble fla p dampenin g, use the no bgp dampening router co nfiguration c omman d withou t keywords. T o s ...
Cisco Systems 3750E - page 924

38-64 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configuring Mul ti-VRF CE Y o u can also en able t he logging of message s generate d when a BG P neighbo r resets , comes up, or goes down b y using the bgp log -neighbor changes router configur ation com mand. Configuring M ...
Cisco Systems 3750E - page 925

38-65 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring Multi-VRF CE These se ctions conta in this i nformation: • Understan ding Multi-VRF CE, page 38-6 5 • Default Mu lti-VRF C E Configuration, pa ge 38-6 7 • Multi-VRF CE Conf iguration Guidelines, page 38- 67 ...
Cisco Systems 3750E - page 926

38-66 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configuring Mul ti-VRF CE Figur e 38-6 Catalyst 37 50-E or 35 60-E Switc hes Acting as Multiple V irt ual CEs When the CE switc h recei ves a command to add a Lay er 3 interf ace to a VRF , it sets up th e appropriate mapping ...
Cisco Systems 3750E - page 927

38-67 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring Multi-VRF CE T o conf igure VRF , you create a VRF table and specify the Layer 3 int erfac e associat ed with the VRF . Then configure th e rout ing pro toco ls in th e VPN and be tween t he CE and th e PE. BGP i ...
Cisco Systems 3750E - page 928

38-68 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configuring Mul ti-VRF CE • A cust omer ca n use m ultip le VLA Ns as lon g as t hey do not overlap with t hose o f other custome rs. A customer’ s VLANs are mapped to a specific routing table ID that is used to iden tify ...
Cisco Systems 3750E - page 929

38-69 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring Multi-VRF CE Use t he no ip vrf vrf-name global conf iguration command to delete a VRF and to remov e all interf aces from it. Use the no ip vrf f orwarding interface c onfig uration comm and to remo ve an interf ...
Cisco Systems 3750E - page 930

38-70 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configuring Mul ti-VRF CE Configuring BG P PE to CE Routing Sessions Beginning in privileged EX EC mode , foll ow these ste ps to con figure a BGP PE t o CE ro uting sessio n: Use the no r outer bgp autono mous-s ystem -numbe ...
Cisco Systems 3750E - page 931

38-71 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring Multi-VRF CE Figur e 38-7 Multi-VRF CE Conf igur ation Exa mple Switch A Switch D VPN1 VPN2 CE1 Global network 208.0.0.0 F ast Ethernet 8 Gigabit Ethernet 1 101386 PE CE2 Switch E 108.0.0.0 F ast Ethernet 7 Switc ...
Cisco Systems 3750E - page 932

38-72 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configuring Mul ti-VRF CE Configur ing Switch A On Switch A, enable routing and conf igure VRF . Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# ip routing Switch(config ...
Cisco Systems 3750E - page 933

38-73 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring Multi-VRF CE Switch(config)# interface vlan118 Switch(config-if)# ip vrf forwarding v12 Switch(config-if)# ip address 118.0.0.8 255.255.255.0 Switch(config-if)# exit Switch(config)# interface vlan208 Switch(confi ...
Cisco Systems 3750E - page 934

38-74 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configuring Mul ti-VRF CE Configur ing Switch F Switch F belon gs to V PN 2. C onfigure the conn ecti on to Sw itch A by using thes e co mmands. Switch# configure terminal Enter configuration commands, one per line. End with ...
Cisco Systems 3750E - page 935

38-75 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Configuring Unicast Reverse Path Forwarding Router(config)# router bgp 100 Router(config-router)# address-family ipv4 vrf v2 Router(config-router-af)# neighbor 83.0.0.8 remote-as 800 Router(config-router-af)# neighbor 83.0.0 ...
Cisco Systems 3750E - page 936

38-76 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configur ing Protoco l-Indepen dent Feature s Configuring Proto col-Independent Features This secti on descri bes how to configure IP routing pro toco l-indepe nden t feature s. These featur es are av ailable on switche s run ...
Cisco Systems 3750E - page 937

38-77 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Confi guring Proto col-Ind ependent Featu res The def ault conf ig uration is CEF or dCEF enabled on all Laye r 3 interface s . Entering the no ip route- cach e c ef int erface co nfiguration co mman d disab les CEF for tr a ...
Cisco Systems 3750E - page 938

38-78 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configur ing Protoco l-Indepen dent Feature s Even though the ro uter au tomat ically learns about an d configur es equal -cost ro utes, you can cont rol the maxim um number of para llel pat hs supporte d by an IP routing pro ...
Cisco Systems 3750E - page 939

38-79 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Confi guring Proto col-Ind ependent Featu res Static route s that point to an inte rface a re adver tised through RIP , IGR P , and other dynami c rout ing protocol s, whe ther or n ot sta tic re d i st r i bu t e router con ...
Cisco Systems 3750E - page 940

38-80 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configur ing Protoco l-Indepen dent Feature s Use the no ip default-netw ork net work n umbe r global co nfiguration c omman d to remove the route . When default in format ion is passed th rough a dy namic ro uting pro tocol ...
Cisco Systems 3750E - page 941

38-81 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Confi guring Proto col-Ind ependent Featu res Note Alth ough e ach of Steps 3 throug h 14 in the following se ction is opt ional, you m ust ente r at least one match rou te-ma p con figuration comm and a nd on e se t rout e- ...
Cisco Systems 3750E - page 942

38-82 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configur ing Protoco l-Indepen dent Feature s T o delete an entry , use the no route-map map tag global c onfiguration c ommand or the no match or no set route- map co nf igur ation co mmands . Y o u can distri bute routes fr ...
Cisco Systems 3750E - page 943

38-83 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Confi guring Proto col-Ind ependent Featu res Beginn ing in p ri vileg ed EXEC mode, fo llo w thes e steps to con trol route r edistrib ution. Note th at the keywords are the same as defined in th e previous proce dure. T o ...
Cisco Systems 3750E - page 944

38-84 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configur ing Protoco l-Indepen dent Feature s W ith PBR, you clas sify tra f f ic using acc ess contr ol lists (A CLs) an d then mak e traf fic go through a dif ferent path. PBR is applied to in coming pac kets . All pack ets ...
Cisco Systems 3750E - page 945

38-85 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Confi guring Proto col-Ind ependent Featu res • T o use PBR, you must first en able the routing tem plate by using the sdm pr efer ro uting glob al conf iguratio n command. PBR is not supported with the VLAN or def a ult t ...
Cisco Systems 3750E - page 946

38-86 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configur ing Protoco l-Indepen dent Feature s Beginn ing in pri vilege d EXEC mode, follo w th ese steps to c on f i g ur e PBR: Comma nd Purpos e Step 1 conf igur e terminal Enter global con figuration mod e. Step 2 route -m ...
Cisco Systems 3750E - page 947

38-87 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Confi guring Proto col-Ind ependent Featu res Use the no ro ute-map map- tag g lobal configurat ion com mand or the no match or no set rout e-map conf iguratio n commands to delete an entry . Use the no ip policy ro ute-map ...
Cisco Systems 3750E - page 948

38-88 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Configur ing Protoco l-Indepen dent Feature s Use a net work monit oring privileged EXEC co mman d such as show ip ospf inte rface to v erify t he interfaces t hat you enab led as passive, or use the show ip interface privile ...
Cisco Systems 3750E - page 949

38-89 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Confi guring Proto col-Ind ependent Featu res router to inte lligen tly di scrimina te bet ween so urces of rout ing in format ion. Th e rou ter always picks th e route whose r outing pr otocol has t he lowest adm inistra ti ...
Cisco Systems 3750E - page 950

38-90 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Monito ring and Mai ntainin g the IP Networ k Beginning i n privileged EX EC mo de, fol low these s teps t o mana ge authe nticat ion keys: T o remo ve th e ke y chain, use the no key chain name-o f-chain gl obal co nfigurati ...
Cisco Systems 3750E - page 951

38-91 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 38 Configur ing IP Unicas t Routing Monitoring and Maintaining the IP Network show ip route supern ets-on ly Displa y supern ets. sho w ip ca che Display the routing ta ble used to switch IP traf fic . sho w rou te -ma p [ map-n ame ] Display all route maps co ...
Cisco Systems 3750E - page 952

38-92 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 38 Configuring IP Unicast Routing Monito ring and Mai ntainin g the IP Networ k ...
Cisco Systems 3750E - page 953

C HAPTER 39-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 39 Configuring IPv6 Unicast Routing Intern et Protoc ol V ersio n 6 ( IPv6) is the ne twork-la yer Int ernet Pr otocol intend ed t o repl ace V ersion 4 (IPv4) in the TCP/IP su ite of pro tocols. T his cha pter descr ibes how to configure IP v6 unicast routing ...
Cisco Systems 3750E - page 954

39-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 39 Configuring IPv6 Unicast Routing Underst andin g IPv6 The arc hitecture of IPv6 allo ws e x isting IPv 4 users to transitio n easily to IPv6, a nd pro vides services such as end-t o-end sec uri ty , quality of service (QoS), and gl oball y unique ad dresses ...
Cisco Systems 3750E - page 955

39-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 39 Configur ing IPv6 Unicas t Routing Understanding IPv6 For more inform ation about IPv6 address for mats, ad dress type s, and the IPv6 packet hea der , go to “Impl ementing Bas ic Conn ecti vity for IPv6 ” chapte r of the Cisco IOS IPv6 Configuration Lib ...
Cisco Systems 3750E - page 956

39-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 39 Configuring IPv6 Unicast Routing Underst andin g IPv6 These addre sses are defined by a global routing prefix, a subne t ID , an d an i nterface ID. Cu rrent global unicast ad dress allo cation uses the range of addr esses that start wi th binary value 001 ...
Cisco Systems 3750E - page 957

39-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 39 Configur ing IPv6 Unicas t Routing Understanding IPv6 A v alue of 135 in the T ype fiel d of the ICMP packet he ader identif ies a neighbor solicitation messag e. These me ssages are sent on the local link when a no de needs to dete rmine t he link-laye r ad ...
Cisco Systems 3750E - page 958

39-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 39 Configuring IPv6 Unicast Routing Underst andin g IPv6 • DNS resolv er for AAAA ov er IPv4 transpor t • Cisco Disc overy Protocol (CDP) support for IPv6 addr esses For more informat io n about m anaging these applications with Cisc o IOS, see the “Mana ...
Cisco Systems 3750E - page 959

39-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 39 Configur ing IPv6 Unicas t Routing Understanding IPv6 • Simp le Networ k Manageme nt Protoco l (SNMP) ov er IP v6 tr anspo rt • IPv 6 Ho t Sta ndb y Rout er Pr otoc ol (HSR P) • DHCPv6 • IPv6 pa ckets destined to site-lo cal addre sses • T unn elin ...
Cisco Systems 3750E - page 960

39-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 39 Configuring IPv6 Unicast Routing Underst andin g IPv6 Note T o rout e IPv6 packets in a sta ck, all switche s in the stack should be running the adv anced IP s ervices featu re set . If a ne w switch become s the stac k master , the ne w master reco mpute s ...
Cisco Systems 3750E - page 961

39-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 39 Configur ing IPv6 Unicas t Routing Understanding IPv6 SDM Templates T o allocate sys tem res ources fo r unicast route s, MA C addresse s, A CLs and oth er featur es, the switc h SDM templa tes priorit ize system resources to optimize support f or certai n f ...
Cisco Systems 3750E - page 962

39-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 39 Configuring IPv6 Unicast Routing Conf igu rin g IPv6 Note An IPv4 rout e requi res only one hardwa re entry . Because of the h ardware com pressio n schem e used fo r IPv6, an IPv6 rout e can take mo re than one har dware entry , redu cing the nu mber of e ...
Cisco Systems 3750E - page 963

39-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 39 Configur ing IPv6 Unicas t Routing Confi guring I P v6 Default IPv6 Configuration T ab le 39-2 shows the default I Pv6 co nfiguration . Configuring IPv6 Addressi ng and En abling IP v6 Rou ting This se ction de scribe s how to assi gn IPv6 addre sses to in ...
Cisco Systems 3750E - page 964

39-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 39 Configuring IPv6 Unicast Routing Conf igu rin g IPv6 Beginning in privileged EXEC mode, foll ow these steps to assign an I Pv6 ad dress to a L ayer 3 interfac e and en able IPv6 ro uting: T o remo ve an IPv6 add ress fro m an interf ace, use the no ip v6 a ...
Cisco Systems 3750E - page 965

39-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 39 Configur ing IPv6 Unicas t Routing Confi guring I P v6 without arg uments. T o disable IPv6 pro cessing on a n interf ace th at has no t been e xplicitly conf igured with a n IPv6 ad dress, use the no ipv6 enable interface configurat ion comm and. T o globa ...
Cisco Systems 3750E - page 966

39-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 39 Configuring IPv6 Unicast Routing Conf igu rin g IPv6 T o disa ble IPv 4 routing, use the no ip r outing global configurat ion c omman d. T o disable IPv 6 routi ng, use the no ipv6 unicast-routing globa l configurat ion c omma nd. T o rem ove an IPv4 addre ...
Cisco Systems 3750E - page 967

39-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 39 Configur ing IPv6 Unicas t Routing Confi guring I P v6 Configuring IPv6 IC MP Rate Limiting IPv6 ICMP rate limitin g uses a token- bu cket algorith m for limiting the ra te at which IPv6 ICMP error messages are sent to the network. The int erv al between er ...
Cisco Systems 3750E - page 968

39-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 39 Configuring IPv6 Unicast Routing Conf igu rin g IPv6 T o disa ble IP v6 CEF or distr ib uted CEF , use the no ipv6 cef or no ipv6 cef d istri buted glob al configurati on comm and. T o re enabl e IPv6 C EF or dCEF if it ha s been disabl ed, use the ipv6 ce ...
Cisco Systems 3750E - page 969

39-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 39 Configur ing IPv6 Unicas t Routing Confi guring I P v6 Beginn ing in pri vileged EXEC mode, follo w these steps to conf igure an IPv6 static route: Comma nd Purpos e Step 1 conf igur e terminal Ente r global con figuration mod e. Step 2 ipv6 route ipv6-pr e ...
Cisco Systems 3750E - page 970

39-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 39 Configuring IPv6 Unicast Routing Conf igu rin g IPv6 T o remo ve a co nf igured static rou te, use the no ipv6 route ipv6-pr ef ix/pr efix length { ipv6-add r ess | interface- id [ ipv6-add r ess ]} [ admi nist ra tive di stance ] glo bal co nfigurati on c ...
Cisco Systems 3750E - page 971

39-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 39 Configur ing IPv6 Unicas t Routing Confi guring I P v6 Beginning in privileged EX EC mode , foll ow these re quired and optional steps t o configure I Pv6 RI P: T o di sable a RIP ro uting proce ss, use the no ipv6 rout er rip na me gl obal con figuration c ...
Cisco Systems 3750E - page 972

39-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 39 Configuring IPv6 Unicast Routing Conf igu rin g IPv6 Configuring OSPF for IPv6 Open Shortest Path First (OSPF) is a link-state prot ocol for I P , which means that routi ng decisions are based o n th e stat es o f the links t hat conne ct th e sourc e and ...
Cisco Systems 3750E - page 973

39-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 39 Configur ing IPv6 Unicas t Routing Confi guring I P v6 Beginn ing in pri vileged E XEC mode, follo w these r equired an d optional ste p s to conf igure IPv6 OSPF: Comma nd Purpose Step 1 conf igur e terminal Ente r global co nfigurati on mode . Step 2 ipv6 ...
Cisco Systems 3750E - page 974

39-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 39 Configuring IPv6 Unicast Routing Displa ying I Pv6 T o disable an OSPF r outing process, use the n o ipv6 router ospf pr ocess-id global configu ration command. T o disable the OSPF routin g process for a n interfa ce, use the no ipv6 ospf process-id area ...
Cisco Systems 3750E - page 975

39-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 39 Configur ing IPv6 Unicas t Routing Displaying I Pv6 ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds <output truncated> This i s an exampl e of t he o utput from the show ipv6 cef pri vile ged E XEC co ...
Cisco Systems 3750E - page 976

39-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 39 Configuring IPv6 Unicast Routing Displa ying I Pv6 This i s an exampl e of t he o utput from the show ipv6 neighbor pri v ileg ed EXE C comm and: Switch# show ipv6 neighbors IPv6 Address Age Link-layer Addr State Interface 3FFE:C000:0:7::777 - 0007.0007.00 ...
Cisco Systems 3750E - page 977

39-25 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 39 Configur ing IPv6 Unicas t Routing Displaying I Pv6 ICMP statistics: Rcvd: 1 input, 0 checksum errors, 0 too short 0 unknown info type, 0 unknown error type unreach: 0 routing, 0 admin, 0 neighbor, 0 address, 0 port parameter: 0 error, 0 header, 0 option 0 ...
Cisco Systems 3750E - page 978

39-26 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 39 Configuring IPv6 Unicast Routing Displa ying I Pv6 ...
Cisco Systems 3750E - page 979

C HAPTER 40-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 40 Configuring HSRP and Enhanced Objec t Tracking This c hapter d escrib es how to use Hot St andby Rout er Prot ocol (H SRP) on the Ca talyst 3750-E or 3560-E sw itch to provide routin g redund ancy for routin g IP traffic without bein g depen dent on th e av ...
Cisco Systems 3750E - page 980

40-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 40 Configuri ng HSRP and En hance d Object Tr acking Underst anding HSRP Note Rou ters in an H SRP gro up ca n be a ny router interfac e tha t suppo rts HS RP , incl uding Ca talyst 3750-E or 3560-E rou ted port s and switch virtu al interfaces (SVIs) . HSRP p ...
Cisco Systems 3750E - page 981

40-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 40 Configur ing HSRP and En hanced Object Tracking Unde rsta ndin g HS RP Figur e 40-1 T ypical HSRP Configur ation Multiple HSRP The switch sup ports Multiple H SRP (MHSRP), an extensio n of HSRP that allo ws load sharing betw een two or more HSRP gro ups. Y o ...
Cisco Systems 3750E - page 982

40-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 40 Configuri ng HSRP and En hance d Object Tr acking Configuring HSRP Figu re 40-2 M HSR P Load Sharing HSRP and S witch S tacks HSRP hello mess ages are g ener ated by th e s tack ma ste r . If an H SRP-a ctive stack m aste r fails , a flap i n the HSRP acti ...
Cisco Systems 3750E - page 983

40-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 40 Configur ing HSRP and En hanced Object Tracking Configuring HSRP Default HSRP Configuration T ab le 40-1 shows the default HSRP conf iguration. HSRP Configuration Guidelines Foll ow these gui delines when conf iguring HSRP: • HSRP ca n be configured on a m ...
Cisco Systems 3750E - page 984

40-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 40 Configuri ng HSRP and En hance d Object Tr acking Configuring HSRP When th e standby ip comma nd is enabled on an interf ace and pr oxy A RP is en abled, if the interfa ce’ s Hot Standb y state is acti ve, prox y ARP reque s ts are ans wered us ing the Ho ...
Cisco Systems 3750E - page 985

40-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 40 Configur ing HSRP and En hanced Object Tracking Configuring HSRP Configuring HSRP Priority The standby priority , st andby preempt , and standby track interfa ce configu ratio n com mands are al l used to set cha racteri stics f or finding active and stan db ...
Cisco Systems 3750E - page 986

40-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 40 Configuri ng HSRP and En hance d Object Tr acking Configuring HSRP Use the no standby [ gr o up-numbe r ] priority priority [ preempt [ delay delay ]] a nd no standby [ gr oup-num ber ] [ priority priority ] preempt [ delay delay ] interface co nfig uration ...
Cisco Systems 3750E - page 987

40-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 40 Configur ing HSRP and En hanced Object Tracking Configuring HSRP This exam ple a ctiv a tes a port, sets an IP addre ss and a pri ority of 12 0 (high er tha n the default value), and waits for 30 0 second s (5 minutes ) before a ttempt ing to beco me the act ...
Cisco Systems 3750E - page 988

40-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 40 Configuri ng HSRP and En hance d Object Tr acking Configuring HSRP When conf iguring these a ttrib utes, fo llo w these g uidelines: • The aut hentica tion string i s sent unenc rypted in all HSRP message s. Y o u must configure the same authenti cation ...
Cisco Systems 3750E - page 989

40-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 40 Configur ing HSRP and En hanced Object Tracking Disp laying H SRP Co nfig uratio ns This exampl e shows ho w to set the time rs on standby gro up 1 with the time betwe en hello packet s at 5 seconds an d the tim e after whi ch a rout er is consi dered down ...
Cisco Systems 3750E - page 990

40-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 40 Configuri ng HSRP and En hance d Object Tr acking Configur ing Enhance d Object Tracking This is a an exam ple of out put fro m t he show standby privileged EXEC comma nd, displa ying HSRP inform ation fo r two standby groups (gro up 1 and grou p 100): Swi ...
Cisco Systems 3750E - page 991

40-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 40 Configur ing HSRP and En hanced Object Tracking Confi gurin g Enhan ced Objec t Track ing Configuring E nhanc ed Object Tra cking F eatures These sec tions descr ibe configur ing enha nced obj ect track ing: • T r ackin g Int erface Line-P rotocol or IP R ...
Cisco Systems 3750E - page 992

40-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 40 Configuri ng HSRP and En hance d Object Tr acking Configur ing Enhance d Object Tracking This e xample conf igures the track ing of an interf ace line -protoco l state and veri fies the conf iguration : Switch(config)# track 33 interface gigabitethernet 1/ ...
Cisco Systems 3750E - page 993

40-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 40 Configur ing HSRP and En hanced Object Tracking Confi gurin g Enhan ced Objec t Track ing Use the no track tra ck- number global conf iguration comman d to delete the track ed li st. This e xample con fig ures track list 4 w ith a Boolean AND e xpression th ...
Cisco Systems 3750E - page 994

40-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 40 Configuri ng HSRP and En hance d Object Tr acking Configur ing Enhance d Object Tracking Use the no tr ack track-number global conf iguration co mmand to delete the track ed list. The exampl e configur es track list 4 to track by wei ght thr eshold. If obj ...
Cisco Systems 3750E - page 995

40-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 40 Configur ing HSRP and En hanced Object Tracking Confi gurin g Enhan ced Objec t Track ing This e xample co nfig ures track ed list 4 with three obj ects and a specif ied percenta ges to measure the state of the list: Switch(config)# track 4 list threshold p ...
Cisco Systems 3750E - page 996

40-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 40 Configuri ng HSRP and En hance d Object Tr acking Configur ing Enhance d Object Tracking Configuring Other Tracking Char acteristics Y o u ca n also use th e en hanced ob ject t racki ng fo r trac king o ther c hara cteris tics. • Y ou can t rack th e re ...
Cisco Systems 3750E - page 997

C HAPTER 41-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 41 Configuring Web Cac he Services By Using WCCP This c hapter d escrib es how to configu re your Catalys t 375 0-E or 3560-E swi tch to redir ect tra ff i c to wide-ar ea appli cation en gines (suc h as the Cisco Cache Engine 550 ) by using the W eb Cache Com ...
Cisco Systems 3750E - page 998

41-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 41 Configuring Web Cache Ser vices By Using W CCP Understan ding WCCP WCCP enabl es supported Cisc o routers and sw itches to transp aren tly redirec t content re quests. With transpare nt redire ction, use rs do not have to configure the ir browsers to use a ...
Cisco Systems 3750E - page 999

41-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 41 Configur ing Web Cache Services By Using WCCP Understa nding WCCP WCCP Negotiation In the exchange of WCCP protocol messages , the design ated appl ication engi ne and the WCCP-enable d switch ne g otiate these item s: • Fo rwar ding method (the met hod by ...
Cisco Systems 3750E - page 1000

41-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 41 Configuring Web Cache Ser vices By Using W CCP Understan ding WCCP Y o u can configure up t o 8 service grou ps on a switch or sw itch stac k and up to 32 cli ents per servi ce group. WC CP mainta ins the pr iority o f the se rvice gr oup in t he group defi ...
Cisco Systems 3750E - page 1001

41-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 41 Configur ing Web Cache Services By Using WCCP Config uring WCCP Unsupporte d WCCP Features These WCCP features are not supporte d in this software release: • Packet redirect ion on an out bound int erface that is configured by using the ip wccp redir ect o ...
Cisco Systems 3750E - page 1002

41-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 41 Configuring Web Cache Ser vices By Using W CCP Configuring WCCP • The num ber of av ailable policy-based routing (PB R) labe ls are re duced as mor e interfac es are enabl ed for W CCP ingress r edirecti on. For ev ery int erface that supports ser vice gr ...
Cisco Systems 3750E - page 1003

41-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 41 Configur ing Web Cache Services By Using WCCP Config uring WCCP Comma nd Purpos e Step 1 conf igur e terminal Enter globa l configurati on mode. Step 2 ip wccp { w eb- cach e | service-number } [ group-addr ess groupaddr ess ] [ group-list access-list ] [ re ...
Cisco Systems 3750E - page 1004

41-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 41 Configuring Web Cache Ser vices By Using W CCP Configuring WCCP T o disa ble t he we b cach e serv ice, use t he no i p wccp web-cache global configurat ion comm and. T o disable inbound pac ket redir ection, use the no ip wccp web-cache r edirect in inter ...
Cisco Systems 3750E - page 1005

41-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 41 Configur ing Web Cache Services By Using WCCP Monitoring and Maintaining WCCP This e xample sho ws how to conf igure SVIs an d how to enable the web cache ser vice with a multica st group l ist. VL AN 29 9 is crea ted a nd configu red wi th an IP a ddress of ...
Cisco Systems 3750E - page 1006

41-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 41 Configuring Web Cache Ser vices By Using W CCP Monitorin g and Maintain ing WCCP show ip interface Displays st atus about a ny IP WCC P redir ection comm ands t hat a re conf igured on an interf ace; for exam ple, Web Cache Re direct is enabled / disab led ...
Cisco Systems 3750E - page 1007

C HAPTER 42-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 42 Configuring IP M ulticast R outing This chapter describes how to conf igure IP multicast ro uting on the Catalyst 3750-E or 3560-E switch. IP multica sting is a more e ffi cient w ay to use netw o rk resource s, especially for bandwidth- intensi ve services ...
Cisco Systems 3750E - page 1008

42-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Underst anding Cis co’s Im plementat ion of IP Mu lticast Rout ing Understandin g Cisco’s Imp lementation of IP Multic ast Routing The Cisco IOS softwa re supports these protocols to implem ent IP multica st routing: • ...
Cisco Systems 3750E - page 1009

42-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Understanding Cisco’s Implementation of IP Multicast Routing Understand ing IGMP T o participate in IP multicasting, multicast hosts, rou ters, and multil ayer switches must ha ve the IGMP operati ng. Thi s pro tocol de f ...
Cisco Systems 3750E - page 1010

42-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Underst anding Cis co’s Im plementat ion of IP Mu lticast Rout ing Understand ing PIM PIM is called pr otoc ol-in depen dent : regardle ss of the unic ast rout ing protoco ls used to pop ulate the unicast r outing table , ...
Cisco Systems 3750E - page 1011

42-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Understanding Cisco’s Implementation of IP Multicast Routing When a new receiv er on a previously prune d branch of t he tree joins a multica st group, th e PIM DM de vic e detect s the ne w receiv er and immedi ately sen ...
Cisco Systems 3750E - page 1012

42-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Underst anding Cis co’s Im plementat ion of IP Mu lticast Rout ing passive interfaces. On ly the non redun dant ac cess rout er topo logy is suppo rted by the PI M stub fe ature . By using a n onredunda nt t opology , th e ...
Cisco Systems 3750E - page 1013

42-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Understanding Cisco’s Implementation of IP Multicast Routing Bootstrap Route r PIMv2 BSR is another method to distrib ute group-to-RP mapping information to all PIM rou ters and multilaye r switches in the netwo rk. It el ...
Cisco Systems 3750E - page 1014

42-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Underst anding Cis co’s Im plementat ion of IP Mu lticast Rout ing Figu re 42-3 R PF Ch eck PIM use s both sour ce trees and RP-root ed shared trees to for war d datagr ams (desc ribed in the “PIM DM” sectio n on page ...
Cisco Systems 3750E - page 1015

42-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Multicast Routing and Switch Stacks D V MRP neig hbors build a route t able by periodi cally exch anging sour ce network ro uting info rmat ion in route-r eport messa ges. The rou ting in formatio n stored in the D V MRP ro ...
Cisco Systems 3750E - page 1016

42-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Con figur ing IP Mu ltic as t Rou ting • They do not build multic ast routing tables . Instead, the y use the multicast rout ing table that is distr ibu ted b y the stack master . Configuring IP Multicast Routing These se ...
Cisco Systems 3750E - page 1017

42-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring IP Multicast Routing Note Th e PIM i mplement ation of on Ca talyst 3 750-E an d 3560- E swit ches i s the sam e as th at on Ca talyst 3750 and 3560 swit ches exce pt for the d ifferences su mmar ized in the Ci ...
Cisco Systems 3750E - page 1018

42-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Con figur ing IP Mu ltic as t Rou ting • Because boot strap messa ges are sen t hop-by-hop, a PIMv1 device pre vents these me ssages from reaching all routers and multilayer switches i n your n etwork. Therefor e, if y ou ...
Cisco Systems 3750E - page 1019

42-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring IP Multicast Routing T o disable multicasting, use the no ip multicast-r outing distributed global configurat ion com mand. T o return to the def ault PIM vers ion, use the no ip pim version interfa ce configur ...
Cisco Systems 3750E - page 1020

42-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Con figur ing IP Mu ltic as t Rou ting T o di sable PIM stub rout ing on an in terface, use the no ip pim passive in terfa ce config uration command. Config uring a R endez vous Point Y ou must have an RP if the interface i ...
Cisco Systems 3750E - page 1021

42-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring IP Multicast Routing T o remo ve an RP address , use the no ip pim rp-addres s ip-address [ access-list-numbe r ] [ overr ide ] global configurat ion comm and. This exampl e shows ho w to configure the ad dress ...
Cisco Systems 3750E - page 1022

42-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Con figur ing IP Mu ltic as t Rou ting Configuring Auto-RP Auto-RP us es IP multicast to automa te the distribution of group-to-R P mappings to all Cisco routers and multilaye r switches in a PIM network. It has these benef ...
Cisco Systems 3750E - page 1023

42-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring IP Multicast Routing Command Purpose Step 1 show running-confi g V erify that a defaul t RP is alrea dy configured on all PIM devices and the RP in t he sparse-m ode net work. It was previously configured wi th ...
Cisco Systems 3750E - page 1024

42-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Con figur ing IP Mu ltic as t Rou ting T o r emove the PIM device configured as the cand idate RP , us e the no ip pim send-rp-announce interface- id global configu ration c omma nd. T o remove the sw itch as the RP-map pin ...
Cisco Systems 3750E - page 1025

42-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring IP Multicast Routing T o remov e a filte r on incoming RP announcemen t messages, use the no ip pim rp-announce- f ilter rp-list acc ess-list-number [ gr oup-list access-list-number ] global c onfiguratio n com ...
Cisco Systems 3750E - page 1026

42-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Con figur ing IP Mu ltic as t Rou ting In thi s example , the mappi ng a gent a ccepts candi date RP annou ncem ents from o nly two devices, 172.1 6.5.1 a nd 172 .16.2 .1. The map ping a gent a ccepts candid ate RP annou nc ...
Cisco Systems 3750E - page 1027

42-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring IP Multicast Routing Figur e 42-4 Constr ainin g PIMv2 BSR Me ssag es Defini ng the IP Multicast Bou ndary Y ou de fine a multicast boundary to prev ent Auto-RP messages from entering the PIM domain. Y ou cre a ...
Cisco Systems 3750E - page 1028

42-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Con figur ing IP Mu ltic as t Rou ting This e xample sho ws a portion of an IP multicast boundar y config uration that den ies Auto-RP inform ation: Switch(config)# access-list 1 deny 224.0.1.39 Switch(config)# access-list ...
Cisco Systems 3750E - page 1029

42-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring IP Multicast Routing Configur ing Can didate RPs Y o u can configure one or mor e candida te RPs. Similar to BSRs, the RPs should a lso have good connec tivity to other devices and be in the backbo ne porti on ...
Cisco Systems 3750E - page 1030

42-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Con figur ing IP Mu ltic as t Rou ting This e x ample sho ws how to co nfigur e the swi tch to adver tise itself as a can didate RP to the BSR in its PIM domain . Standar d access list nu mber 4 sp ecif ies the group pref i ...
Cisco Systems 3750E - page 1031

42-25 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Confi guring Ad vanced PIM Fe atures Monitoring the RP Mapping Information T o monitor the RP mapping informatio n, use these commands in priv ilege d EXEC mode: • show i p pim bsr displays in formation about the elec te ...
Cisco Systems 3750E - page 1032

42-26 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Configur ing Advan ced PIM Features Figur e 42-5 Shar ed T re e and Sour ce T r ee (Shor test-P ath T r ee) If the data rate warran ts, leaf rou ters (route rs with out any downstream conn ections) on t he shared tree can u ...
Cisco Systems 3750E - page 1033

42-27 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Confi guring Ad vanced PIM Fe atures Delaying the Use of PIM S hortest-Path Tree The ch ange from shar ed to s ource tr ee ha ppens w hen the first data pa cket arrives at the la st-h op router (Route r C in Figure 42- 5 ) ...
Cisco Systems 3750E - page 1034

42-28 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Con figur ing Op tiona l IGM P Fe atu res T o return to the default setting, use the no ip pim spt-thr eshold { kbps | infinity } global co nfiguration comm and. Modifying th e PIM R outer-Query Mes sage Interval PIM router ...
Cisco Systems 3750E - page 1035

42-29 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring Optional IGMP Features • Modify ing the IGM P Host-Qu ery Messa ge Interval, page 42- 31 (o ptiona l) • Changin g the IGM P Query T i meout for IGMPv2, pa ge 42-32 (optional) • Changin g the Maxim um Que ...
Cisco Systems 3750E - page 1036

42-30 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Con figur ing Op tiona l IGM P Fe atu res T o cancel m embersh ip in a gr oup, us e the no ip igmp join-group group-addr ess interf ace conf iguration comm and. This exam ple sh ows how to enable the switc h to j oin mu lti ...
Cisco Systems 3750E - page 1037

42-31 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring Optional IGMP Features T o di sable gro ups on an inte rface, use the no ip igmp access-gr oup in terface co nf iguration comm and. This exampl e shows ho w to configure hosts at tache d to a port as abl e to j ...
Cisco Systems 3750E - page 1038

42-32 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Con figur ing Op tiona l IGM P Fe atu res The switch elect s a PIM designated router (DR) for the LAN (subnet). Th e DR is the router or multilayer switch wi th the highest I P address f or IGMPv2. For IGMPv1, the DR is ele ...
Cisco Systems 3750E - page 1039

42-33 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring Optional IGMP Features T o return to the default setting, use the no ip igmp querier -timeout in terface c onfigura tion comm and. Changing the Max imum Query Resp onse Time for IG MPv2 If you are using IGMPv2 ...
Cisco Systems 3750E - page 1040

42-34 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Configur ing Opti onal Multic ast Routing F eature s Beginn ing in p ri vilege d EXEC m ode, follo w these st eps to co nf igure the swi tch itself to be a statica lly connec ted mem ber of a gro up (and enable fast swi tch ...
Cisco Systems 3750E - page 1041

42-35 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring Optional Multicast Routing Featu res T o disabl e CGMP on the interface, use th e no ip cgmp interfac e configuration comma nd. When multi ple Cisc o CGMP -capab le devices are co nnecte d to a switc hed networ ...
Cisco Systems 3750E - page 1042

42-36 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Configur ing Opti onal Multic ast Routing F eature s Enabling sdr Listener Support By def ault, the switch doe s not listen to session directory adv ertisements. Beginn ing in pri vileged EXEC mode, follo w these steps to e ...
Cisco Systems 3750E - page 1043

42-37 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring Optional Multicast Routing Featu res Configuring an IP Multicast Boundary Administrativ ely-scoped boundarie s can be used to li m it the forwarding of multicast traf fic outside of a domain or subdomain. This ...
Cisco Systems 3750E - page 1044

42-38 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Configur ing Basi c DVMRP Inte roperab ility Feature s Beginning in pr i vileged EX EC mode, fo llow these step s to set up an admi nistra ti vely-sco ped boun dary . This proc edure is option al. T o r emove the bounda ry ...
Cisco Systems 3750E - page 1045

42-39 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring Basic DVMRP Interoperability Features Configuring DVMR P Interoperability Cisco multicast routers and multila yer switches using PIM can interoperate with non-Cisco multicast router s tha t u se t he DVMRP . PI ...
Cisco Systems 3750E - page 1046

42-40 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Configur ing Basi c DVMRP Inte roperab ility Feature s T o disabl e the metric o r route ma p, use the no ip dvmrp metric me tric [ lis t access-list-numbe r ] [[ pr otoc ol p ro cess-id ] | [ dvmrp ]] or the no ip dvmrp me ...
Cisco Systems 3750E - page 1047

42-41 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring Basic DVMRP Interoperability Features Configurin g a DVMRP Tunne l The soft ware sup ports DVMRP tunne ls to th e MBO NE. Y ou can configure a D VMRP t unnel o n a ro uter or multilaye r switch if the other end ...
Cisco Systems 3750E - page 1048

42-42 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Configur ing Basi c DVMRP Inte roperab ility Feature s T o disa ble t he f ilter , us e the no ip dvmrp acce pt-fi lt er access-list-n umber [ dist ance ] neighbor -list access-list -numbe r inte rface c onfigura tion comm ...
Cisco Systems 3750E - page 1049

42-43 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring Advanced DVMRP Interoperability Features Beginning i n privileged E XEC mo de, follow these s teps to advertis e networ k 0.0 .0.0 t o D VMRP neighb ors on an interfa ce. Th is proced ure is op tional. T o prev ...
Cisco Systems 3750E - page 1050

42-44 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Configur ing Advan ced DVM RP Interope rability Features These sec tions co ntain this co nfiguration in format ion: • Enab ling DVMRP Unic ast Rout ing, page 42 -44 (optional) • Rejectin g a D V MRP Nonpru ning Neig hb ...
Cisco Systems 3750E - page 1051

42-45 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring Advanced DVMRP Interoperability Features Rejectin g a DVM RP Nonp runing Ne ighbor By def ault, Cisco de vices accept a ll D VMRP neighbors as peers, re gardless of their D VMRP capabil ity . Howe ver, some non ...
Cisco Systems 3750E - page 1052

42-46 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Configur ing Advan ced DVM RP Interope rability Features Figur e 42-8 Rout er Rejects Nonpr uning D VMRP Neig hbor Note that the ip dvm rp reject-non -pru ners in terfa ce c onfig urati on co mman d prevents peer ing with n ...
Cisco Systems 3750E - page 1053

42-47 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring Advanced DVMRP Interoperability Features Controlling Rout e Exchanges These sec tions descr ibe how to tune the Cisco device ad vertisemen ts of D VMRP rout es: • Limiting the Number of D VMRP Routes A dverti ...
Cisco Systems 3750E - page 1054

42-48 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Configur ing Advan ced DVM RP Interope rability Features Beginning in privileged EXEC mo de, foll ow these s teps to chang e the threshol d number of rou tes tha t trigger the wa rning. This proce dure is op tional. T o ret ...
Cisco Systems 3750E - page 1055

42-49 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring Advanced DVMRP Interoperability Features Figur e 42-9 On Connect ed Unicast Rout es Are A dver tised b y Def ault ( Catalyst 3750 -E S witche s) Figu re 42-10 Only C onnec ted U nic ast R ou tes are Advertise d ...
Cisco Systems 3750E - page 1056

42-50 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Configur ing Advan ced DVM RP Interope rability Features Beginn ing in pri vileg ed EXEC mode, follo w these steps to customize the summariza tion of D VMRP routes if th e default cla ssful auto summari zation does not suit ...
Cisco Systems 3750E - page 1057

42-51 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Configuring Advanced DVMRP Interoperability Features T o r e-e nable auto su mmar izat ion, use the ip dvm rp auto-summary interf ace con fig urat ion comman d. Adding a Metric Offset to the DVMRP Route By default, the swi ...
Cisco Systems 3750E - page 1058

42-52 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Mon ito ring and Main tain ing IP M ultic as t Rou ting Monitoring and Maintainin g IP Mu lticast Routing These sections describe how to monitor and maintain IP multicast ro uting: • Clearin g Cach es, T ables, and Databa ...
Cisco Systems 3750E - page 1059

42-53 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 42 Configur ing IP Multic ast Routing Monitoring and Maintaining IP Multicast Routing Monitoring IP Multicast Routing Y o u can use the p rivileged EXEC comma nds in T able 42-6 to monitor I P multicas t routers, pac kets, and paths: show ip igmp groups [ grou ...
Cisco Systems 3750E - page 1060

42-54 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 42 Configuring IP Multicast Routing Mon ito ring and Main tain ing IP M ultic as t Rou ting ...
Cisco Systems 3750E - page 1061

C HAPTER 43-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 43 Configuring MSDP This ch apter de scribes ho w to conf igure the Mu lticast Sou rce Disco ve ry Proto col (MSDP) o n the Catalyst 375 0-E or 3560 -E switch . The MSDP co nnec ts multiple Prot ocol-I ndepend ent Mult icast sparse-m ode (PIM-S M) doma ins. MS ...
Cisco Systems 3750E - page 1062

43-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 43 C onfiguring MSDP Underst anding MSD P The purpose of this topology is to hav e domains discove r multicast sources in other doma ins. If the multicast so urces are of interest to a d omain that h as recei vers, m ulticast data is deli vered o ver the norma ...
Cisco Systems 3750E - page 1063

43-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 43 Configur ing MSDP Understandi ng MSDP Figur e 43-1 MSDP Running Be tween RP Peers MSDP Benefits MSDP has these benef its: • It break s up the shared m ulticast d istrib ution tree. Y ou can m ake t he shared tree loc a l to your domain. Y our local members ...
Cisco Systems 3750E - page 1064

43-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 43 C onfiguring MSDP Conf igu rin g MSDP Configuring MSDP These sec tions co ntain this co nfiguration in format ion: • Default MS DP Configurati on, page 43- 4 • Configuring a Default MSDP Peer, page 43-4 (r equire d) • Cachin g Source -Act i ve State, ...
Cisco Systems 3750E - page 1065

43-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 43 Configur ing MSDP Configuring MSDP Figur e 43-2 Def ault MSDP P eer Net wor k Beginning in pr i vileged EX EC mode , follow these step s to speci fy a default MSD P peer . This proce dure is required. ISP A PIM domain ISP C PIM domain SA Router A Switch B 10 ...
Cisco Systems 3750E - page 1066

43-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 43 C onfiguring MSDP Conf igu rin g MSDP T o remov e the default peer , use the no ip msdp default-peer ip-ad dress | name gl obal con figuration comm and. This exam ple shows a partia l co nfiguration of Ro uter A and Ro uter C in F igure 4 3-2 . Each of thes ...
Cisco Systems 3750E - page 1067

43-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 43 Configur ing MSDP Configuring MSDP Beginn ing in pri vileg ed EXEC mode, follo w these steps to enable the cachin g of source/group pairs. This proc edure is option al. Note An alternati ve to this command is th e ip msdp sa-request global con figuration co ...
Cisco Systems 3750E - page 1068

43-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 43 C onfiguring MSDP Conf igu rin g MSDP Requestin g Source Info rmation fro m an MSDP Peer Local RPs can send SA reque sts a nd get immedi ate r esponses f or al l active sources for a give n group . By default, the sw itch do es no t send any SA re quest mes ...
Cisco Systems 3750E - page 1069

43-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 43 Configur ing MSDP Configuring MSDP Controlling Source In formation that Your Switch Originates Y ou can contro l the m ulticast so urce informa tion that originat es with y our switch : • Sources you advertise (base d on your sour ces) • Receivers of sou ...
Cisco Systems 3750E - page 1070

43-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 43 C onfiguring MSDP Conf igu rin g MSDP T o remov e the f ilter , use the no ip msdp r edistribut e global configurati on com mand. Step 3 access-list access-list- number { deny | permit } sour ce [ so ur ce-wi ldcar d ] or access-list access-list- number { ...
Cisco Systems 3750E - page 1071

43-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 43 Configur ing MSDP Configuring MSDP Filtering Source- Active R equest Messages By default, only switches that are ca ching SA informatio n can respond to SA reque sts. By default, such a switch honor s all SA reque st messages fr om its MSDP peers and suppli ...
Cisco Systems 3750E - page 1072

43-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 43 C onfiguring MSDP Conf igu rin g MSDP Controlling Source Informatio n that Your Switch Forwards By def ault, the switch for wards all SA me ssages it rec ei ves to all its MSDP pee rs. Ho we ver , you can prev ent o utgoin g messag es fr om bei ng for ward ...
Cisco Systems 3750E - page 1073

43-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 43 Configur ing MSDP Configuring MSDP T o remov e the f ilter , use the no ip msdp sa-f ilter out { ip-a ddress | name } [ list a ccess-list-n umber ] [ ro ut e -m a p map- tag ] glo bal configur ation c omma nd. This e x ample sho ws how to allo w only (S,G) ...
Cisco Systems 3750E - page 1074

43-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 43 C onfiguring MSDP Conf igu rin g MSDP Using TTL to Limit the Multicast Data Sent in SA Messages Y ou can use a TTL v alue to contro l what da ta is enca psulated in the f irst SA message f or e very sour ce. Only mu lticast pa ckets w ith an IP-header TTL ...
Cisco Systems 3750E - page 1075

43-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 43 Configur ing MSDP Configuring MSDP Beginn ing in pri vileged EXEC mode, follo w these steps to apply a f ilter . This procedu re is optional. T o remov e the f ilter , use the no ip msdp sa-f ilter in { ip-address | name } [ list access-list-number ] [ ro u ...
Cisco Systems 3750E - page 1076

43-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 43 C onfiguring MSDP Conf igu rin g MSDP Config uring an MSDP M esh Gr oup An MSDP me sh group is a gro up of MSDP speakers that have fully meshed MS DP connec tivity among one anot her . Any SA mes sages re ceived from a peer in a mesh group are not forwa rd ...
Cisco Systems 3750E - page 1077

43-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 43 Configur ing MSDP Configuring MSDP Beginning in privileged EXEC mo de, f ollow these step s to shut down a peer . This procedur e is o ptional . T o bring th e peer back up, us e the no ip msdp shutdo wn { peer -name | peer address } glob al conf iguratio n ...
Cisco Systems 3750E - page 1078

43-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 43 C onfiguring MSDP Conf igu rin g MSDP Note that the ip msdp originator -id global config uration command also identif ies an interf ace to be used a s the RP a ddress. If both the ip msdp border sa-address and the ip msdp originator -id gl obal configurat ...
Cisco Systems 3750E - page 1079

43-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 43 Configur ing MSDP Monitoring and Maintaining MSDP Monitoring and Maintaining MSDP T o mon itor MSD P SA messages , peers, stat e, or peer status, use one or more of the privileged EXEC comm ands in Ta b l e 4 3 - 1 : T o clear MSDP conne ctions, s tatist ic ...
Cisco Systems 3750E - page 1080

43-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 43 C onfiguring MSDP Monito ring and Mai ntaining MSD P ...
Cisco Systems 3750E - page 1081

C HAPTER 44-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 44 Configuring Fallbac k Bridging Thi s chapte r describe s ho w to conf igure fa llback bridging (VLAN brid ging ) on the C atal yst 3 750-E or 3560- E switc h. With fallback br idging , you can for ward non- IP packets t hat the switch does no t route betwee ...
Cisco Systems 3750E - page 1082

44-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 44 Configuring Fallback Bridging Underst anding F allback B ridging A VLAN bridge domai n is represented with switch virtual interf aces (SVIs). A se t of SVIs and routed ports ( which do no t have any VLA Ns associa ted w ith th em) c an b e configured (gro u ...
Cisco Systems 3750E - page 1083

44-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 4 Configuring Fal lback Bri dging Config uring Fa llback Br idging Figur e 44-1 F allback Br idging N etwor k Exam ple Fallback Brid ging an d Switch Sta cks When th e stack maste r fail s , a stac k me mber b ecomes th e ne w stack m aster b y using the el e ...
Cisco Systems 3750E - page 1084

44-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 44 Configuring Fallback Bridging Configur ing Fall back Bridg ing Default Fallback Brid ging Configuratio n T ab le 44-1 shows the default fal lbac k bridg ing co nfiguration. Fallback Brid ging Co n figuration Guidelines Up to 32 br idge g roups ca n be confi ...
Cisco Systems 3750E - page 1085

44-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 4 Configuring Fal lback Bri dging Config uring Fa llback Br idging Beginning i n privileged E XEC mo de, follow these steps to c reat e a br idge g roup a nd to ass ign an interf ace to it. This proced ure is required . T o remo ve a brid ge grou p, use the n ...
Cisco Systems 3750E - page 1086

44-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 44 Configuring Fallback Bridging Configur ing Fall back Bridg ing This example shows ho w to crea te bridge group 10 and to speci fy that the V LAN-bri dge STP runs in the bridge gr oup. It defines a n SVI for VL AN 2 a nd assi gns it to the bridge grou p: Swi ...
Cisco Systems 3750E - page 1087

44-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 4 Configuring Fal lback Bri dging Config uring Fa llback Br idging Changing the VLAN-Bri dge Spanning-Tree Priority Y o u can globa lly c onfigure the V LAN-bri dge spa nning -tree pri ority of a switch when it ties w ith anot her switch for the positio n as ...
Cisco Systems 3750E - page 1088

44-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 44 Configuring Fallback Bridging Configur ing Fall back Bridg ing T o return to the defa ult setting, use th e no bridge-gro up bridge-gr oup priority inter face conf iguration comm and. This example shows ho w to change the priority t o 20 on a port in br idg ...
Cisco Systems 3750E - page 1089

44-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 4 Configuring Fal lback Bri dging Config uring Fa llback Br idging Adjust ing BPDU Interv als Y o u can adju st BPDU intervals as desc ribed in the se section s: • Adjusting the Inte rv al betw een Hello B PDUs, pa ge 44-9 (optiona l) • Chan ging the Fo r ...
Cisco Systems 3750E - page 1090

44-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 44 Configuring Fallback Bridging Configur ing Fall back Bridg ing Changing the Forward- Delay Inter val The forward- delay inter val is th e am ount of time sp ent li sten ing for top ology chan ge inf ormat ion a fter a po rt has been a ctiv ated f or sw itc ...
Cisco Systems 3750E - page 1091

44-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 4 Configuring Fal lback Bri dging Monitoring and Maintaining Fallback Bridging Disabling the Spanning Tree on an Inter face When a loop-f ree pa th exists betwe en any two switched sub networks , you can p rev ent BPDUs ge nerated in one switchi ng subnetw o ...
Cisco Systems 3750E - page 1092

44-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 44 Configuring Fallback Bridging Monito ring and Maintain ing Fa llback Br idgin g ...
Cisco Systems 3750E - page 1093

C HAPTER 45-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 45 Troubleshooting This chapter descr ibes ho w to identify and resolv e software probl ems related to the Cisco IOS software on the Cataly st 3750- E or 3560- E switc h. Dep ending on the natur e of t he pro blem, you can use the command-lin e interf ace (CLI ...
Cisco Systems 3750E - page 1094

45-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 45 Troubleshoo ting Recovering f rom a Softwa re Failure • Using the show platform for ward C omman d, page 45- 23 • Using the c rashinfo Files, pa ge 45-25 • Using On-Boar d Failure Log ging, p age 45- 26 Recovering fro m a Software Failure Switch softw ...
Cisco Systems 3750E - page 1095

45-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 5 Troubleshooti ng Recoveri ng from a Lost or For gotten P assword load_helper boot Step 7 Initial ize the flash f ile system: switch: flash_init Step 8 If you had se t the co nsole po rt spe ed to anything other than 9600, i t ha s been reset to tha t par ti ...
Cisco Systems 3750E - page 1096

45-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 45 Troubleshoo ting Recoveri ng from a Los t or Forgotten Password Foll ow th e steps in this procedure if you ha ve forgotte n or lost the switch password. Step 1 Use one o f these m ethods to c o nnect a terminal or PC to the switc h: • Connect a terminal ...
Cisco Systems 3750E - page 1097

45-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 5 Troubleshooti ng Recoveri ng from a Lost or For gotten P assword Procedure w ith Passw ord Recov ery Enabled If the pas sword- rec overy me chan ism i s en ab led, t his mes sage app ears: The system has been interrupted prior to initializing the flash file ...
Cisco Systems 3750E - page 1098

45-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 45 Troubleshoo ting Recoveri ng from a Los t or Forgotten Password Step 9 Copy the configurat ion file into me mory: Switch# copy flash: config.text system: running-config Source filename [config.text]? Destination filename [running-config]? Press Return in re ...
Cisco Systems 3750E - page 1099

45-7 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 5 Troubleshooti ng Recoveri ng from a Lost or For gotten P assword Procedure w ith Password R ecovery Dis abled If the p assword-recovery mechanism is disabled, this m essage app ears: The password-recovery mechanism has been triggered, but is currently disab ...
Cisco Systems 3750E - page 1100

45-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 45 Troubleshoo ting Prev enting Switch S tac k Pr oblems Step 7 Change the password: Switch (config)# enable secret password The secre t passw ord can b e from 1 to 25 alph anumeric ch arac ters, can s tart with a numb er , is case sensitive, and allows spaces ...
Cisco Systems 3750E - page 1101

45-9 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 5 Troubleshooti ng Recovering from a Command Switch Failure the switch curr ent- stac k-m ember -number r enumber new-stack-member-number globa l configurati on comm and to manua lly assign a stack membe r number . F o r more in format ion abou t stack me mbe ...
Cisco Systems 3750E - page 1102

45-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 45 Troubleshoo ting Recoveri ng from a Com mand Switc h Failure Replacing a Failed Command Sw itch with a Clu ster M ember T o replac e a f ailed command switch with a command -capab le memb er in th e same cluster , follo w these steps: Step 1 Disconnec t th ...
Cisco Systems 3750E - page 1103

45-11 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 5 Troubleshooti ng Recovering from a Command Switch Failure If this pro mpt does not app ear , enter enable , and press Return . En ter setup , and press Re turn to start the set up progra m. Step 11 Respond to the questions in the setup program. When p romp ...
Cisco Systems 3750E - page 1104

45-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 45 Troubleshoo ting Recoveri ng from a Com mand Switc h Failure At any point you may enter a question mark '?' for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'. Basic management ...
Cisco Systems 3750E - page 1105

45-13 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 5 Troubleshooti ng Recovering from Lost Cluster Member Connectivity Recovering fro m Lost Cluster Member Connecti vity Some conf igurations can pre ve nt the command switc h from maintaini ng contact with mem ber switches. If you are u nable to ma intain man ...
Cisco Systems 3750E - page 1106

45-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 45 Troubleshoo ting SFP Module Secu rity and Ident ificatio n Disabled Port Caused b y Power L oss If a p owered device (such as a C isco IP Phone 7910) that is con nected to a Po E sw itch por t and is powered by an AC power source loses p ower from the AC p ...
Cisco Systems 3750E - page 1107

45-15 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 5 Troubleshooti ng Monito ring SFP Modul e Sta tus If the module is identified as a Cisco SFP module , but the system is unable to read v e ndor-data information to ve rify its ac curacy , an SFP module erro r message is generated. In this case, you sho uld ...
Cisco Systems 3750E - page 1108

45-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 45 Troubleshoo ting Using P ing Executing Ping If you atte mpt to ping a host in a different IP subne twork, you m ust define a static rout e to the netwo rk or have IP rout ing c onfigured t o ro ute bet ween those su bnets . For mo re inf ormat ion, see Cha ...
Cisco Systems 3750E - page 1109

45-17 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 5 Troubleshooti ng Using Layer 2 Tr aceroute Using Layer 2 Traceroute These se ctions conta in this i nformation: • Understa nding L ayer 2 Traceroute, page 45 -17 • Usag e Guide lines , pag e 45-17 • Display ing the Physica l Path, page 45-1 8 Underst ...
Cisco Systems 3750E - page 1110

45-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 45 Troubleshoo ting Using I P Trac eroute • The tracerou te ma c i p com mand outp ut sh ows the Layer 2 path when th e spe cified source and destinat ion IP a ddres ses belon g to the sa me sub net. Wh en you s pecify the IP a ddresses, the s witch uses th ...
Cisco Systems 3750E - page 1111

45-19 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 5 Troubleshooti ng Using IP Trace route of 1 or 0, it drops t he da tagram and se nds an I nterne t Cont rol M essage Prot ocol (ICMP) time-t o-live-exceeded messag e to the se nder . Tracerout e f inds th e address of t he first hop by e xami ning the so ur ...
Cisco Systems 3750E - page 1112

45-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 45 Troubleshoo ting Usin g TDR T o end a trace in progres s, enter the escape seq uence ( Ctrl-^ X by defa ult). Si multane ously pr ess a nd release th e Ctrl , Shift , and 6 keys and then p ress the X ke y . Using TDR These se ctions conta in this i nformat ...
Cisco Systems 3750E - page 1113

45-21 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 5 Troubleshooti ng Using Debug C ommands When you run TDR, t he swit ch re ports a ccurate infor mation i f • The c able for th e Giga bit li nk i s a so lid-cor e cable . • The open-en ded cable is n ot te rmin ated. When you run TDR, the switch d oes n ...
Cisco Systems 3750E - page 1114

45-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 45 Troubleshoo ting Using D ebug Command s All deb ug comm ands are en tered in pri vileged EXEC mode , and most deb ug comman ds take no arguments. For exampl e, begi nning i n privileged E XEC mode , en ter thi s com mand to en ab le the debugging for Switc ...
Cisco Systems 3750E - page 1115

45-23 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 5 Troubleshooti ng Using the show platf orm forw ard Comma nd Note Be aware that the debuggin g destin ation yo u use affects system overhead . Logging messages to the console produces very high ov erhea d, wherea s logging me ssages to a vir tual term inal ...
Cisco Systems 3750E - page 1116

45-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 45 Troubleshoo ting Using the s how platfo rm forward Co mmand Gi1/0/1 0005 0001.0001.0001 0002.0002.0002 ------------------------------------------ Packet 2 Lookup Key-Used Index-Hit A-Data OutptACL 50_0D020202_0D010101-00_40000014_000A0000 01FFE 03000000 Po ...
Cisco Systems 3750E - page 1117

45-25 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 5 Troubleshooti ng Using the crash info Files This is an e xample of the out put when the pa cket comin g in on port 1 in VLAN 5 has a de stination MA C address s et to the rou ter MAC address in V LAN 5 and th e d estination IP add ress set to an IP address ...
Cisco Systems 3750E - page 1118

45-26 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 45 Troubleshoo ting Using On-Board F ailure Lo gging fi le is created, you ca n use the rena m e pri v ileg ed EXEC comma nd to rename it, bu t the conten ts of the renamed f ile will n ot be di splayed b y the show stacks or the s how tech-support privileged ...
Cisco Systems 3750E - page 1119

45-27 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 5 Troubleshooti ng Using On-Board Failure Logging • Power ov e r Ether net (PoE )—Record of th e power consum ption of Po E port s on a sta ndalon e swit ch or a stac k member • T emperat ure—T emperat ure of a standa lone switch or a switc h stac k ...
Cisco Systems 3750E - page 1120

45-28 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapter 45 Troubleshoo ting Using On-Board F ailure Lo gging Displaying OBFL Information T o disp lay th e OBFL i nform ation, use one or more of t he pri vile ged EXEC com man ds in T able 45-3 : For more info rmat ion abou t using t he comm ands i n T able 45-3 and ...
Cisco Systems 3750E - page 1121

C HAPTER 46-1 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 46 Configuring Online Diagnostics This chapter de scribes how to co nfigure the online diagnost ics on the Catalyst 3750-E or 3560- E switch: Note For c omplete s yntax and u sage in forma tion fo r the command s used in th is cha pter , see the co mmand refer ...
Cisco Systems 3750E - page 1122

46-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 46 Config uring Onl ine Diagno stics Configur ing On line Dia gnostic s Configuring Onlin e Diagnostics Y o u must configure t he failur e threshold and the interval betwe en tests befo re enabl ing diagno stic monitoring. This section has this informatio n: ...
Cisco Systems 3750E - page 1123

46-3 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 6 Configuring On line Dia gnostics Configuring Online Diagnostics Th is ex am p l e s h ows h ow t o schedule diagnostic testing to o ccur weekly at a specif ic time on member switch 6 when this com mand is entere d on a C atalyst 3750-E st ack master: Switch ...
Cisco Systems 3750E - page 1124

46-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 46 Config uring Onl ine Diagno stics Configur ing On line Dia gnostic s T o disable diagnostic testi n g and return to the de fault sett ings, use these commands: Note Th e switch nu mber optio n is supported onl y on Catalys t 3750-E swit ches. • T o disab ...
Cisco Systems 3750E - page 1125

46-5 Catalyst 3750-E and 3560-E Switch Software C onfiguratio n Guide OL-9775-02 Chapter 4 6 Configuring On line Dia gnostics Runni ng Online Dia gnostic Tests • T o confi g ure the swit ch to not genera te a syslog message wh en the healt h -monitori ng test f ails, use the no diagnostic monitor syslog global conf igur ation c omma nd. • T o r ...
Cisco Systems 3750E - page 1126

46-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Chapt er 46 Config uring Onl ine Diagno stics Running O nline Di agnosti c Tests This exam ple sh ows ho w to start a diagno stic te st by usin g the test na me: Switch# diagnostic start switch 2 test TestInlinePwrCtlr Th i s ex am p l e s h ow s h ow t o st a rt all ...
Cisco Systems 3750E - page 1127

A- 1 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 APPENDIX A Supported MIBs This a ppend ix list s the supporte d ma nagement infor matio n base (MIBs) for t his rel ease on the Catalyst 375 0-E or 3560 -E switch. It con tains the se sections: • MIB List, pa ge A-1 • Usin g F TP to Acce ss th e M IB Fil es, page ...
Cisco Systems 3750E - page 1128

A- 2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendi x A Supported MI Bs MIB List • CISCO-I ETF-IP- FOR W ARDING-MIB (O nly with the adv anced IP serv ices featu re set) • CISCO- IGM P-FIL T ER-M IB • CISCO-IM A G E-MIB (Only Cataly st 3750-E stac k master feature set de tails are shown.) • CISCO IP-ST A ...
Cisco Systems 3750E - page 1129

A-3 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix A Supported M IBs MIB List • OLD-CISCO-C HASSIS-M IB (Partial support on Catal yst 3750-E switches; some obje cts reflect only th e stac k master .) • OLD-CISCO -FLASH-M IB (Supp orts only t he stack m aster in a Cataly st 3750-E sw itch stac k. Use CISCO ...
Cisco Systems 3750E - page 1130

A- 4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendi x A Supported MI Bs Using FTP to Acces s the MIB Files Using FTP to Access the MIB Files Y o u can get eac h MIB file by using this proced ure: Step 1 Make sure that you r FTP clie nt is in passiv e mode. Note Some FTP clie nts do n ot suppo rt passive mode. S ...
Cisco Systems 3750E - page 1131

B-1 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 APPENDIX B Working with the Cisco IOS File System, Configuration Files, an d Software Images This append ix descri bes how to m anipula te the Cat alyst 375 0-E or 3560-E swit ch fl ash file syste m, how to copy configurat ion files, and how to archive (uploa d and dow ...
Cisco Systems 3750E - page 1132

B-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working w ith the Flash F ile System vie wed from the stack master, refers to the same file system as does flash: on stack member 3. Use the show f ile system s pri vileged EX ...
Cisco Systems 3750E - page 1133

B-3 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix B Working with th e Cisco IOS File Sy stem, Confi guration F iles, and Softwa re Image s Working with the Flash File System 57409536 27306496 flash rw flash5: Setting the Def ault File System Y ou can specif y the fi le syst em or d irectory that t he system ...
Cisco Systems 3750E - page 1134

B-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working w ith the Flash F ile System Displaying In formation ab ou t Files on a File System Y o u can view a list of t he conte nts o f a file system be fore manip ulating its ...
Cisco Systems 3750E - page 1135

B-5 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix B Working with th e Cisco IOS File Sy stem, Confi guration F iles, and Softwa re Image s Working with the Flash File System Creating and Removi ng Directorie s Beginning i n privileged E XEC mode, follow th ese s teps to c rea te an d remove a d irect ory: T ...
Cisco Systems 3750E - page 1136

B-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working w ith the Flash F ile System Some in valid combinat ions of source and dest inatio n exist. Specificall y , you cannot copy t hese comb inat ion s: • From a runni ng ...
Cisco Systems 3750E - page 1137

B-7 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix B Working with th e Cisco IOS File Sy stem, Confi guration F iles, and Softwa re Image s Working with the Flash File System Beginn ing in pri vileged EXEC mode, follo w these steps to create a f ile, displ ay the contents, and e xtract it. Command Purpose Ste ...
Cisco Systems 3750E - page 1138

B-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working w ith the Flash F ile System This e xample sho ws ho w to create a f ile. This comm and wri tes the conten ts of the new-configs director y on the loca l flash device ...
Cisco Systems 3750E - page 1139

B-9 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix B Working with th e Cisco IOS File Sy stem, Confi guration F iles, and Softwa re Image s Working with Configuration Files service linenumber service udp-small-servers service pt-vty-logging ! <output truncated> Working with Configuration Files This sec ...
Cisco Systems 3750E - page 1140

B-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working w ith Configurati on Files Guidelines for Cr eating and Using Co nfiguration Files Creatin g configuratio n files can aid i n your switch con figuration. Configuratio ...
Cisco Systems 3750E - page 1141

B-11 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix B Working with th e Cisco IOS File Sy stem, Confi guration F iles, and Softwa re Image s Working with Configuration Files Creating a Configuration File By Using a T ext Editor When cre ating a configura tion file, you must lis t comman ds logicall y so that ...
Cisco Systems 3750E - page 1142

B-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working w ith Configurati on Files • Ensure t hat the co nf iguratio n file to be do wnloaded is in the correct director y on the TFTP server (usually / tftpboot on a UNIX ...
Cisco Systems 3750E - page 1143

B-13 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix B Working with th e Cisco IOS File Sy stem, Confi guration F iles, and Softwa re Image s Working with Configuration Files Step 3 Upload th e switch co nfiguration t o the TFTP server . Specif y the IP addre ss or hostnam e of the TFT P serv er and the de sti ...
Cisco Systems 3750E - page 1144

B-14 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working w ith Configurati on Files These sec tions co ntain this co nfiguration in format ion: • Preparin g to Downlo ad or Upload a Conf iguration File By Using FTP , page ...
Cisco Systems 3750E - page 1145

B-15 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix B Working with th e Cisco IOS File Sy stem, Confi guration F iles, and Softwa re Image s Working with Configuration Files This exam ple shows how to copy a c onfiguration file named host1-c onfg from th e neta dmin1 directory on the remot e server w ith a n ...
Cisco Systems 3750E - page 1146

B-16 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working w ith Configurati on Files This exam ple shows how to copy t he running configura tion file na med switch2-conf g to the netadmin1 directo ry on the rem ote ho st wi ...
Cisco Systems 3750E - page 1147

B-17 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix B Working with th e Cisco IOS File Sy stem, Confi guration F iles, and Softwa re Image s Working with Configuration Files The RC P requires a client t o send a re mote user name with each RCP requ est to a ser ver . When you c opy a conf iguration fil e from ...
Cisco Systems 3750E - page 1148

B-18 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working w ith Configurati on Files Downloading a Configura tion File By Using RCP Beginning in privileged EXEC mode , follow these steps to download a configuration file by u ...
Cisco Systems 3750E - page 1149

B-19 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix B Working with th e Cisco IOS File Sy stem, Confi guration F iles, and Softwa re Image s Working with Configuration Files Uploading a Configuration File By Using RCP Beginn ing in pr i vilege d EXEC m ode, follo w these step s to upload a conf iguration f il ...
Cisco Systems 3750E - page 1150

B-20 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working wi th Soft ware Imag es Clearing the Startup Con figuration File T o c lear the c ontent s of your startup configur ation, use the erase n vram: or the erase startup- ...
Cisco Systems 3750E - page 1151

B-21 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix B Working with th e Cisco IOS File Sy stem, Confi guration F iles, and Softwa re Image s Working with Software Images Y o u upload a swi tch image file to a TFT P , FTP , or RCP server for ba ckup purpo ses. Y ou can use t his uploaded image for futur e do w ...
Cisco Systems 3750E - page 1152

B-22 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working wi th Soft ware Imag es version_suffix:universal-mz.122-35.SE2 version_directory:c3750e-universal-mz.122-35.SE2 image_system_type_id:0x00000000 image_name:c3750e-univ ...
Cisco Systems 3750E - page 1153

B-23 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix B Working with th e Cisco IOS File Sy stem, Confi guration F iles, and Softwa re Image s Working with Software Images These sec tions co ntain this co nfiguration info rmat ion: • Prepar ing to Do wnload or Upload an Image File By Using TFTP , pag e B-2 3 ...
Cisco Systems 3750E - page 1154

B-24 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working wi th Soft ware Imag es Beginning i n privileged EXE C mode , foll ow Steps 1 thr ough 3 to d ownload a n ew image from a TFTP serv er and to over write the existing ...
Cisco Systems 3750E - page 1155

B-25 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix B Working with th e Cisco IOS File Sy stem, Confi guration F iles, and Softwa re Image s Working with Software Images Note If the fla sh device has sufficient space t o hold t wo image s and you want to overwri te one of thes e image s with the same ve rsion ...
Cisco Systems 3750E - page 1156

B-26 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working wi th Soft ware Imag es Copying Imag e File s By Using FTP Y ou can do wnload a s witch im age fr om an FT P serv er or uploa d the image f rom the switch to an FTP s ...
Cisco Systems 3750E - page 1157

B-27 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix B Working with th e Cisco IOS File Sy stem, Confi guration F iles, and Softwa re Image s Working with Software Images Use the ip ftp username and ip f tp password comman ds to spec ify a use rname an d passwor d for all copie s. Incl ude the use rnam e in th ...
Cisco Systems 3750E - page 1158

B-28 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working wi th Soft ware Imag es The do wnload algorithm veri fies th at the image is appropria te for the switch model and that eno ugh DRAM is prese nt, or it abor ts the pr ...
Cisco Systems 3750E - page 1159

B-29 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix B Working with th e Cisco IOS File Sy stem, Confi guration F iles, and Softwa re Image s Working with Software Images Note If the fla sh device has sufficient space t o hold t wo image s and you want to overwri te one of thes e image s with the same ve rsion ...
Cisco Systems 3750E - page 1160

B-30 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working wi th Soft ware Imag es The archi ve upload-sw comman d builds an imag e file on the serv er by uploading these f iles in order: info, t he Cisco IOS im age, and the ...
Cisco Systems 3750E - page 1161

B-31 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix B Working with th e Cisco IOS File Sy stem, Confi guration F iles, and Softwa re Image s Working with Software Images Preparing to Download or Uploa d an Image File By Using RCP RCP provide s another metho d of do wnloading and u ploading image f iles betwee ...
Cisco Systems 3750E - page 1162

B-32 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working wi th Soft ware Imag es If the switch IP addre ss translates to Swit ch1.compa ny .com , the .rhosts file for User0 on the RCP server shou ld conta in this line: Swit ...
Cisco Systems 3750E - page 1163

B-33 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix B Working with th e Cisco IOS File Sy stem, Confi guration F iles, and Softwa re Image s Working with Software Images Step 6 archiv e download-sw /allow-feature-upgrade [ /direc tory ] /overwrit e /relo ad tftp: [[ // location ] / dir e ctor y ] / image-name ...
Cisco Systems 3750E - page 1164

B-34 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working wi th Soft ware Imag es The do wnload algorithm veri fies th at the image is appropria te for the switch model and that eno ugh DRAM is prese nt, or it abor ts the pr ...
Cisco Systems 3750E - page 1165

B-35 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix B Working with th e Cisco IOS File Sy stem, Confi guration F iles, and Softwa re Image s Working with Software Images The archi ve upload-sw pri vileged EXEC comma nd build s an image file on th e server b y uploading these f iles in order: info, the Cisco I ...
Cisco Systems 3750E - page 1166

B-36 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working wi th Soft ware Imag es Beginn ing in pri vileged EXEC mode from the stac k member that y ou want to upgrade, fo llo w these steps to copy the ru nning image file fro ...
Cisco Systems 3750E - page 1167

C-1 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 APPENDIX C Unsupported Co mmands in Cisco IOS Release 1 2.2(37 )SE This app endix lists so me of the command-line interf ace ( CLI) comm ands that a ppear when you enter the question m ark (?) at the Ca talyst 3750-E or 3560-E sw itch p rompt but are n ot sup ported in ...
Cisco Systems 3750E - page 1168

C-2 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix C Unsuppor ted Command s in Cisco IOS Relea se 12.2(37) S E Archive Com mands Archive Commands Unsupporte d Privileged E XEC Commands ar chiv e conf ig sho w ar chiv e conf ig sho w ar chiv e log ARP Comma nds Unsupporte d Global Con figuratio n Commands arp i ...
Cisco Systems 3750E - page 1169

C-3 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix C Unsupported Com mand s in Cisco IOS Release 12.2( 37)SE Fallback Bridging Fallback Bridg ing Unsupporte d Privileged E XEC Co mmands clear bridg e [ bridge- gr o up ] multicast [ router-ports | gr oups | counts ] [ gr ou p-address ] [ interfac e-unit ] [ co ...
Cisco Systems 3750E - page 1170

C-4 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix C Unsuppor ted Command s in Cisco IOS Relea se 12.2(37) S E HSRP bridge-gr oup bridge-gr o up input-address-list access-list- number bridge-gr oup bridge-gr o up i nput-l at-servi ce-den y group-list bridge-gr oup bridge-gr o up i nput-l at-servi ce-per mit gr ...
Cisco Systems 3750E - page 1171

C-5 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix C Unsupported Com mand s in Cisco IOS Release 12.2( 37)SE IGMP Sno oping Comma nds Unsupporte d Interface Configuration Commands mtu standby mac-refr esh seconds standby use-bia IGMP Snooping Comman ds Unsupporte d Global Con figuratio n Commands ip igmp snoo ...
Cisco Systems 3750E - page 1172

C-6 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix C Unsuppor ted Command s in Cisco IOS Relea se 12.2(37) S E IP Multic ast Routi ng The debug ip mpacket [ detail ] [ access-l ist-numb er [ gr oup -name- or-addr ess ] command aff ects onl y packet s recei ved by the switch CPU. Because most multic ast p acket ...
Cisco Systems 3750E - page 1173

C-7 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix C Unsupported Com mand s in Cisco IOS Release 12.2( 37)SE IP Unicast Routing IP Unicast Routing Unsupporte d Privileged E XEC or User EX EC Commands clear ip accounting [ checkpoint ] clear ip bgp addr e ss flap- statistics clear ip bgp pre f ix-list debug i ...
Cisco Systems 3750E - page 1174

C-8 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix C Unsuppor ted Command s in Cisco IOS Relea se 12.2(37) S E IP Unicas t Routing Unsupporte d Interface Configuration Commands ip accounting ip load-sharing [ per -packet ] ip mtu bytes ip verify ip unnumbere d type num ber All ip securit y commands Unsupporte ...
Cisco Systems 3750E - page 1175

C-9 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix C Unsupported Com mand s in Cisco IOS Release 12.2( 37)SE MAC Ad dress Comm ands set metr ic-ty pe i nternal set tag tag-valu e MAC Address Commands Unsupporte d Privileged E XEC Co mmands show mac-addr ess-table show mac-addr ess-table address show mac-addr ...
Cisco Systems 3750E - page 1176

C-10 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix C Unsuppor ted Command s in Cisco IOS Relea se 12.2(37) S E MSDP Unsupporte d Global Con figuratio n Commands errdisab le rec ov ery cause unica st floo d l2protocol-tunnel global dr op-threshold ser vice compr e ss-conf ig stack-mac persistent timer (supp or ...
Cisco Systems 3750E - page 1177

C-11 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 Append ix C Unsupported Com mand s in Cisco IOS Release 12.2( 37)SE Network Address Translation (NAT) Commands Network Address Translation (NAT) Commands Unsupporte d Privileged E XEC Co mmands show ip nat statistics show ip nat translations QoS Unsupporte d Global Co ...
Cisco Systems 3750E - page 1178

C-12 Catalyst 3750- E and 3560-E Switch S oftware Configu ration Guide OL-9775-02 Appendix C Unsuppor ted Command s in Cisco IOS Relea se 12.2(37) S E SNMP SNMP Unsupporte d Global Con figuratio n Commands snmp-ser ver ena ble inf orms snmp-ser ver if index persist Spanning Tree Unsupporte d Global Con figuratio n Command spanning-tree pathcost met ...
Cisco Systems 3750E - page 1179

IN-1 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 INDEX Numerics 10-Gi gabit E thern et i nte rface s 11-6 A AAA dow n po licy, N AC La yer 2 I P val idatio n 1-10 abbrev iati ng comm ands 2-4 ABRs 38-25 AC (c omma nd sw itc h) 6-11 acces s-class comma nd 34-20 acces s contr ol entries See ACEs access-de nied r espon ...
Cisco Systems 3750E - page 1180

Index IN-2 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 ACLs (continued) IP crea ting 34-8 fragme nts and QoS gui deline s 36-35 implici t deny 34-10, 34-14, 34-17 implicit m asks 34-10 matc hing cri teria 34-8 undef ined 34-21 IPv4 applyi ng to inter faces 34-20 crea ting 34-8 matc hing cri teria 34-8 named 34-15 nu ...
Cisco Systems 3750E - page 1181

Inde x IN-3 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 addresses (continued) static adding a nd removi ng 7-24 defined 7-19 address resolution 7-27, 38-9 Add res s Re sol utio n Prot ocol See ARP adjace ncy table s, with CEF 38-76 adminis trative di stances defined 38-88 OSPF 38-32 rout ing protoc ol defa ult s 38- ...
Cisco Systems 3750E - page 1182

Index IN-4 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 automatic d iscovery conside rations beyond a non candid ate devi ce 6-8 bran d new swit ches 6-10 connect ivity 6-5 differe nt VLANs 6-7 manageme nt VLAN s 6-8 non-CDP- capabl e devic es 6-6 nonclus ter-ca pable dev ices 6-6 routed port s 6-9 in switch cluster ...
Cisco Systems 3750E - page 1183

Inde x IN-5 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 BGP (continued) route re flect ors 38-61 routin g domain c onfed erati on 38-61 routing session with multi-VRF CE 38-70 show comm ands 38-63 supernet s 38-60 support fo r 1-11 Version 4 38-45 binding cl uster gro up and HSR P group 40-11 binding d atabase addre ...
Cisco Systems 3750E - page 1184

Index IN-6 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 CDP and truste d bounda ry 36-42 automatic discover y in switch cluster s 6-5 config uring 27-2 default confi guration 27-2 defined w ith LLDP 28-1 describe d 27-1 disabling for r outing de vice 27-3 to 27-4 ena bling and disab ling on an interfa ce 27-4 on a sw ...
Cisco Systems 3750E - page 1185

Inde x IN-7 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 CLI (continued) erro r messag es 2-5 filtering c ommand output 2-10 getting help 2-3 history chan ging t he b uffer siz e 2-6 describe d 2-6 disabling 2-7 recal ling co mman ds 2-6 managing clust ers 6-18 no and defaul t form s of c ommand s 2-4 client mode, VT ...
Cisco Systems 3750E - page 1186

Index IN-8 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 commands, set ting privilege levels 9-8 comm and sw itc h acce ssing 6-12 active (AC) 6-11 config urati on confl icts 45-13 defined 6-2 passive ( PC) 6-11 password privilege levels 6-18 priority 6-11 recove ry from comm and-sw itc h failure 6-11, 45-9 from lost ...
Cisco Systems 3750E - page 1187

Inde x IN-9 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 console port, conn ecting to 2-11 conte nt-rout ing techn ology See WCCP convent ions comm and xl iii for ex amples xliv publicat ion xliii text xliii corrupt ed so ftware , re cover y step s wit h Xmode m 45-2 CoS in Layer 2 frames 36-2 override prior ity 15-6 ...
Cisco Systems 3750E - page 1188

Index IN- 10 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 default configuration (c ontinued) HSRP 40-5 IEEE 8 02.1Q tunne ling 17-4 IGMP 42-29 IGMP f ilte ring 24-25 IGMP sn ooping 24-7, 25-6 IGMP throttling 24-25 initial switc h information 3-3 IP addressi ng, IP routing 38-6 IP multica st rout ing 42-10 IP source g ...
Cisco Systems 3750E - page 1189

Inde x IN- 11 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 DHCP Cisco IOS serve r database config uring 22-14 default confi guration 22-9 describe d 22-6 enab lin g relay ag ent 22-11 server 22-10 DHCP-b ased au toconf igurati o n client re quest message ex change 3-4 config uring client side 3-4 DNS 3-6 relay de vic ...
Cisco Systems 3750E - page 1190

Index IN- 12 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 DHCP snooping binding database (continued) describe d 22-6 displaying 22-15 binding e ntries 22-15 status and statistics 22-15 displaying st atus and statisti cs 22-15 enab lin g 22-14 ent ry 22-7 renewin g database 22 -15 resetting delay va lue 22-15 timeout ...
Cisco Systems 3750E - page 1191

Inde x IN- 13 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 dual p rotocol stacks config uring 39-13 IPv4 a nd IPv 6 39-9 SDM template s supporti ng 39-9 DVMRP autosummariza tion config uring a summ ary addre ss 42-48 disabling 42-50 connec ting PIM do main to DV MRP router 42-41 enabling unica st routing 42-44 intero ...
Cisco Systems 3750E - page 1192

Index IN- 14 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 dynamic ARP inspection (continued) interf ace tru st states 23-3 log buffer clearin g 23-15 config uring 23-12 displaying 23-15 logging of dro pped pa ckets, described 23-5 man-in-t he mi ddle at tack, de scribe d 23-2 networ k secur ity issue s and i nterfac ...
Cisco Systems 3750E - page 1193

Inde x IN- 15 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 EtherChannel (cont inued) config uring Layer 2 int erface s 37-13 Layer 3 phy sical inte rfaces 37-16 Layer 3 por t-chan nel log ical inte rfac es 37-15 default confi guration 37-11 describe d 37-2 displaying status 37-23 forwar ding met hods 37-8, 37-18 IEEE ...
Cisco Systems 3750E - page 1194

Index IN- 16 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 extended univer sal identifier See EUI Extensib le Authen ticat ion Protocol over LAN 10-1 ext erna l BGP See EBGP exter nal neighb ors, BGP 38-48 F Fa0 port See Ethern et ma nageme nt port failove r support 1-7 fallback br idging and pro tected po rts 44-4 br ...
Cisco Systems 3750E - page 1195

Inde x IN- 17 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 file system displaying ava ilable f ile syst ems B-2 displaying file in formation B-4 local file system nam es B-1 network fil e system names B- 5 setting the default B-3 filtering in a VLAN 34-29 IPv6 t raffi c 35-4, 35-8 non-IP tra ffic 34-27 show and mor e ...
Cisco Systems 3750E - page 1196

Index IN- 18 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 H hardwa re lim itatio ns an d Laye r 3 i nterf aces 11-31 hello time MSTP 19-22 STP 18-22 help, for th e command line 2-3 hierar chic al policy ma ps 36-8 config urati on guideli nes 36-35 config uring 36-55 describe d 36-11 history chan ging t he b uffer siz ...
Cisco Systems 3750E - page 1197

Inde x IN- 19 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 IEEE 8 02.1D See STP IEEE 8 02.1p 15-1 IEEE 8 02.1Q and trunk ports 11-3 config urati on limitat ions 13-19 enca psul ation 13-16 nati ve VLAN for u ntag ged traf fic 13-23 tunneling compatibilit y with other features 17-6 default s 17-4 describe d 17-1 tunne ...
Cisco Systems 3750E - page 1198

Index IN- 20 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 IGMP gr oups configurin g filtering 24-28 setting the maximum number 24-27 IGMP Imm ediate Leave config urati on guideli nes 24-12 describe d 24-6 enab lin g 24-11 IGMP pr ofile applyi ng 24- 27 config urati on mode 24-25 config uring 24-26 IGMP sn ooping and ...
Cisco Systems 3750E - page 1199

Inde x IN- 21 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 interf aces ran ge macro command 11-19 interfac e types 11-15 Interior Gatew ay Prot ocol See IGP internal BGP See IBGP internal neighb ors, BGP 38-48 internal power supplies See power suppl ies Int erne t Co ntro l Mes sage Protoc ol See ICMP Intern et Group ...
Cisco Systems 3750E - page 1200

Index IN- 22 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 IP multicast routing ( continued) bootstr ap r outer config urati on guideli nes 42-11 config uring c andidat e BSRs 42-22 config uring c andida te RPs 42-23 defining the I P multicast bound ary 42-21 defining the PI M do main b order 42-20 overvi ew 42-7 usin ...
Cisco Systems 3750E - page 1201

Inde x IN- 23 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 IP source gua rd and 802.1x 22-18 and DHCP sno oping 22-16 and Ethe rChan nels 22-18 and har dware entrie s 22-18 and port se curit y 22-17 and pr ivate VLANs 22-18 and rou ted ports 22-17 and trunk interf ace s 22-17 and VR F 22-18 binding c onfigu ration au ...
Cisco Systems 3750E - page 1202

Index IN- 24 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 IP unicast routing (continued) passive i nterf aces 38-87 protoc ols distan ce-v ect or 38-3 dynam ic 38-3 link-state 38-3 proxy ARP 38-10 redistribu tion 38-80 rever se addres s resolu tion 38-9 routed port s 38-5 static routing 38-3 steps to config ure 38-5 ...
Cisco Systems 3750E - page 1203

Inde x IN- 25 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 IRDP config uring 38-13 definition 38-13 support fo r 1-12 ISL and IPv6 39-3 and trunk ports 11-3 enca psul ation 1-8, 13-16 trunking w ith IEEE 802 .1 tunn eling 17-5 isolate d port 16-2 isolated VLANs 16-2, 16-3 J join messages, IGMP 24-3 K KDC describe d 9 ...
Cisco Systems 3750E - page 1204

Index IN- 26 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 Layer 3 fe atures 1-11 Layer 3 int erface s assigning IP ad dresses to 38-7 assigning IPv4 a nd I Pv6 ad dresses to 39-13 assi gning I Pv6 ad dress es to 39-12 chan ging fr om L ayer 2 mode 38-7 types of 38-5 Layer 3 pa ckets, classifica tion meth ods 36-2 LDA ...
Cisco Systems 3750E - page 1205

Inde x IN- 27 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 M MAC a ddresses aging tim e 7-21 and VLAN association 7-20 building the address tab le 7-20 default confi guration 7-21 discoveri ng 7-27 displaying 7-27 displayi ng in the IP source bindin g table 22-19 dynam ic lear ning 7-20 removi ng 7-22 in ACLs 34-27 I ...
Cisco Systems 3750E - page 1206

Index IN- 28 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 MDA config urati on guideli nes 10-19 to 10-20 describe d 1-9, 10-19 exceptions with authentica tion process 10-4 member ship mod e, VLAN por t 13-3 member swit ch automatic d iscovery 6-5 defined 6-2 managing 6-18 passwords 6-14 recove ring fr om l ost co nne ...
Cisco Systems 3750E - page 1207

Inde x IN- 29 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 monitoring (continued) traffic suppr ession 26-18 tunneling 17-18 VLAN filters 34-41 maps 34-41 VLANs 13-16 VMPS 13-33 VTP 14-16 more 10-43 MSDP benefit s of 43-3 clearin g MSD P connecti ons and s tatisti cs 43-19 controllin g source information forwar ded b ...
Cisco Systems 3750E - page 1208

Index IN- 30 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 MSTP (continued) root switch 19-17 seco ndary r oot s witch 19-19 switch p riority 19-22 CST defined 19-3 operati ons betwee n regions 19-4 default confi guration 19-15 defau lt option al featur e config urat ion 20-12 displaying sta tus 19-26 enab ling th e m ...
Cisco Systems 3750E - page 1209

Inde x IN- 31 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 multi cast pack ets ACLs o n 34-40 blocking 26-7 multicas t router interface s, m onitoring 24-17, 25-12 multic ast rout er ports, a dding 24-10, 25-8 Multica st Source D iscovery Pr otocol See MSDP multicast sto rm 26-1 multicas t storm-con trol comman d 26- ...
Cisco Systems 3750E - page 1210

Index IN- 32 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 Network Assistant benefit s 1-2 describe d 1-5 dow nloa ding i mage fil es 1-3 gui de m ode 1-3 manageme nt options 1-3 managing switch stacks 5-2, 5-16 requir ements xli v upgradi ng a sw itch B-20 wizard s 1-3 network c onfigura tion ex ample s cost -effec t ...
Cisco Systems 3750E - page 1211

Inde x IN- 33 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 O OBFL config uring 45-27 describe d 45-26 displaying 45-28 object tracking, HSRP 40-17 offline c onfig uration fo r switc h stacks 5-8 on-board failur e logg ing See OBFL online diagno stics describe d 46-1 overvi ew 46-1 ru nnin g test s 46-5 Open Shortest ...
Cisco Systems 3750E - page 1212

Index IN- 34 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 percentage t h resholds in tracked lists 40-16 perform ance, netw ork design 1-16 perform ance f eatur es 1-4 persistent self -signed certif icate 9-43 per-V LAN span ning -tre e plu s See PVST+ PE to CE routin g, config uring 38-70 physica l ports 11-2 PIM de ...
Cisco Systems 3750E - page 1213

Inde x IN- 35 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 policy-b ased routi ng See PBR policy m aps for QoS char acte rist ics of 36-51 describe d 36-7 displaying 36-82 hierar chical 36- 8 hierar chical on SVIs config urati on guideli nes 36-35 config uring 36-55 describe d 36-11 nonhier archi cal on p hysic al po ...
Cisco Systems 3750E - page 1214

Index IN- 36 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 port -bas ed a uthe ntica tion (c ontin ued) port security and voic e VLAN 10-17 describe d 10-16 interactio ns 10-16 multiple-hosts mod e 10-8 resetting to defau lt values 10-44 stack ch an ges, ef fects of 10-7 statistics, displa ying 10-44 switch as proxy 1 ...
Cisco Systems 3750E - page 1215

Inde x IN- 37 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 prefix lists, BGP 38-56 preven ting una uthorized access 9-1 primar y links 21-2 primar y VLAN s 16-1, 16-3 priority HSRP 40-7 overridi ng CoS 15-6 trusting CoS 15-6 privat e VL AN ed ge po rts See pr otect ed por ts privat e VL ANs across multiple switch es ...
Cisco Systems 3750E - page 1216

Index IN- 38 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 pru nin g- eli gib le list chan ging 13-22 for VT P prun ing 14-5 VLANs 14-14 PVST+ describe d 18-10 IEEE 802.1Q trunking inter operability 18-11 instances supported 18-10 Q QoS and MQC comm ands 36-1 auto-Q oS categor izing tra ffic 36-23 config urati on and ...
Cisco Systems 3750E - page 1217

Inde x IN- 39 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 QoS (continued) egres s queu es allocat ing buffer space 36-74 buffer alloca tion sche me, de scribed 36-19 config uring sh aped weig hts f or S RR 36-78 config uring sh ared we ights for SRR 36-79 describe d 36-4 displaying the t hreshol d map 36-77 flowch a ...
Cisco Systems 3750E - page 1218

Index IN- 40 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 QoS (continued) rewrites 36-21 support fo r 1-10 trust sta tes bordering anothe r do main 36-43 describe d 36-5 trusted de vice 36-41 within the domain 36-38 quality of service See QoS queries , IGMP 24-4 query so licit ation, I GMP 24-13 R RADIUS attributes v ...
Cisco Systems 3750E - page 1219

Inde x IN- 41 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 reliabl e tran sport protoc ol, EIG RP 38-36 reloadi ng software 3-17 Remote Authent ication Dial -In User Service See RADIUS Remote C opy Pro toco l See RCP Remote Networ k Monitoring See RMON Remote SPAN See RSPAN remote SPAN 30-3 report su ppressi on, IG M ...
Cisco Systems 3750E - page 1220

Index IN- 42 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 root gu ard describe d 20-10 enab lin g 20-18 support fo r 1-7 root switch MSTP 19-17 STP 18-16 route calcula tion timers, OSPF 38-32 route da mpenin g, BGP 38-62 route d packet s, ACLs on 34-39 routed port s config uring 38-5 defined 11-4 in switch cluster s ...
Cisco Systems 3750E - page 1221

Inde x IN- 43 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 RSTP (continued) interoper ability with IEEE 802.1D describe d 19-9 restar ting migr ation pr ocess 19-26 topolo gy chan ges 19-13 overvi ew 19-9 port roles describe d 19-9 synchroniz ed 19-11 proposal -agree ment handsh ake pr ocess 19-10 rapid co nverg ence ...
Cisco Systems 3750E - page 1222

Index IN- 44 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 show an d mor e co mman d out put, f ilteri ng 2-10 show c dp traffi c comman d 27-5 show clu ste r mem bers com mand 6-18 show confi gurat ion co mman d 11-30 show forw ard comma nd 45-23 show inte rfaces com mand 11-23, 11-30 show l2prot ocol comma nd 17-13, ...
Cisco Systems 3750E - page 1223

Inde x IN- 45 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 SNMP (continued) traps describe d 33-3, 33-5 differ ence s from infor ms 33-5 disabling 33-15 enab lin g 33-12 enabling MAC address notif ication 7-22 overvi ew 33-1, 33-5 types of 33-12 users 33-7, 33-10 version s suppo rted 33-2 SNMPv1 33-2 SNMPv2C 33-2 SNM ...
Cisco Systems 3750E - page 1224

Index IN- 46 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 SSH config uring 9-39 crypto graph ic softwa re image 9-37 describe d 1-6, 9-38 encryption methods 9-38 switch stac k conside rations 5-17, 9-38 user au thent icatio n meth ods, suppo rted 9-39 SSL config urati on guideli nes 9-45 conf iguring a s ecure HTT P ...
Cisco Systems 3750E - page 1225

Inde x IN- 47 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 stacks, switch (continued) copy ing an image fi le from one memb er to anothe r B-35 default confi guration 5-20 descript ion of 5-1 displayi ng inf ormati on of 5-24 enabling pe rsistent MAC addre ss timer 5-20 hardwar e comp atibility and SD M mismatch mode ...
Cisco Systems 3750E - page 1226

Index IN- 48 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 standby comma nd switc h config uring conside rations 6-12 defined 6-2 priority 6-11 requir ements 6-3 virtual IP a ddress 6-12 See also clus ter standb y grou p and H SRP standby group , clust er See cluste r standby group and HS RP stan dby ip comm and 40-5 ...
Cisco Systems 3750E - page 1227

Inde x IN- 49 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 STP (continued) BPDU mes sage ex change 18-3 config urati on guideli nes 18-13, 20-12 config uring forwar d-dela y time 18-23 hello time 18-22 maximu m aging tim e 18-23 path cost 18-20 port priority 18-18 root switch 18-16 seco ndary r oot s witch 18-18 span ...
Cisco Systems 3750E - page 1228

Index IN- 50 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 STP (continued) root switch config uring 18-16 effec ts of extended syst em ID 18-4, 18-16 elect ion 18-3 unexpec ted b ehavio r 18-16 shutdown Po rt Fast-enable d port 20-2 stack ch an ges, ef fects of 18-12 status, displaying 18-24 superior BPDU 18-3 timers, ...
Cisco Systems 3750E - page 1229

Inde x IN- 51 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 system message logging (continue d) syslog facility 1-13 time sta mps, enabli ng and disabli ng 32-8 UNIX sysl og serv ers configur ing the daemon 32-12 configurin g the logging facility 32-13 facilities su pported 32-14 system MTU and IEEE 802. 1Q tunnel ing ...
Cisco Systems 3750E - page 1230

Index IN- 52 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 time stamps in log messages 32-8 time z ones 7-12 TLVs defined 28-2 LLDP 28-2 LLDP -MED 28-2 Token R ing VLAN s support fo r 13-6 VTP support 14-4 ToS 1-10 tracer oute, Lay er 2 and AR P 45-18 and CD P 45-17 broa dcast tra ffic 45-17 describe d 45-17 IP addres ...
Cisco Systems 3750E - page 1231

Inde x IN- 53 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 trunks allowed-V LAN list 13-21 config uring 13-20, 13-25, 13-27 ISL 13-16 load sharing setting STP path costs 13-26 using STP port priori ties 13-24, 13-25 nati ve VLAN for u ntag ged traf fic 13-23 paralle l 13-26 pruning-el igible list 13-22 to non- DTP de ...
Cisco Systems 3750E - page 1232

Index IN- 54 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 univer sal softw are image crypto graph ic 1-1 featu re set advanc ed IP servic es 1-2 IP base 1-1 IP servi ces 1-2 noncrypt ogra phic 1-1 UNIX syslog servers daemon c onfigura tion 32-12 facilities su pported 32-14 message l ogging confi gurat ion 32-13 unrec ...
Cisco Systems 3750E - page 1233

Inde x IN- 55 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 VLAN M anagem ent Polic y Ser ver See VMPS VLAN map entr ies, orde r of 34-30 VLAN maps applyi ng 34-34 comm on uses for 34-34 config urati on guideli nes 34-30 config uring 34-29 crea ting 34-31 defined 34-2 deny ing acces s to a serve r exampl e 34-35 denyi ...
Cisco Systems 3750E - page 1234

Index IN- 56 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 VMPS (continued) enteri ng server addr ess 13-30 mapping M AC ad dresse s to VLA Ns 13-28 monitori ng 13-33 reconf irmation i n terval , chan ging 13-32 reconfi rming mem bership 13-31 retry co unt, changi ng 13-32 voice-ov er-IP 15-1 voice VLAN Cisco 7 960 ph ...
Cisco Systems 3750E - page 1235

Inde x IN- 57 Catalyst 3750- E and 3560-E Switch Softwar e Configurati on Guide OL-9775-02 VTP (continued) monitoring 14- 16 passwords 14-8 pruning disabling 14-14 enab lin g 14-14 exam ples 14-5 overvi ew 14-4 support fo r 1-8 pruning-el ig ible l ist, chan ging 13-22 serv er mod e, co nfigur ing 14-9 statistics 14-16 support fo r 1-8 Token R ing ...
Cisco Systems 3750E - page 1236

Index IN- 58 Catalyst 3750-E an d 3560-E Swit ch Software Con figuration Guide OL-9775-02 ...

Manufacturer Cisco Systems Category Webcam

Documents that we receive from a manufacturer of a Cisco Systems 3750E can be divided into several groups. They are, among others:
- Cisco Systems technical drawings
- 3750E manuals
- Cisco Systems product data sheets
- information booklets
- or energy labels Cisco Systems 3750E
All of them are important, but the most important information from the point of view of use of the device are in the user manual Cisco Systems 3750E.

A group of documents referred to as user manuals is also divided into more specific types, such as: Installation manuals Cisco Systems 3750E, service manual, brief instructions and user manuals Cisco Systems 3750E. Depending on your needs, you should look for the document you need. In our website you can view the most popular manual of the product Cisco Systems 3750E.

Similar manuals

A complete manual for the device Cisco Systems 3750E, how should it look like?
A manual, also referred to as a user manual, or simply "instructions" is a technical document designed to assist in the use Cisco Systems 3750E by users. Manuals are usually written by a technical writer, but in a language understandable to all users of Cisco Systems 3750E.

A complete Cisco Systems manual, should contain several basic components. Some of them are less important, such as: cover / title page or copyright page. However, the remaining part should provide us with information that is important from the point of view of the user.

1. Preface and tips on how to use the manual Cisco Systems 3750E - At the beginning of each manual we should find clues about how to use the guidelines. It should include information about the location of the Contents of the Cisco Systems 3750E, FAQ or common problems, i.e. places that are most often searched by users in each manual
2. Contents - index of all tips concerning the Cisco Systems 3750E, that we can find in the current document
3. Tips how to use the basic functions of the device Cisco Systems 3750E - which should help us in our first steps of using Cisco Systems 3750E
4. Troubleshooting - systematic sequence of activities that will help us diagnose and subsequently solve the most important problems with Cisco Systems 3750E
5. FAQ - Frequently Asked Questions
6. Contact detailsInformation about where to look for contact to the manufacturer/service of Cisco Systems 3750E in a specific country, if it was not possible to solve the problem on our own.

Do you have a question concerning Cisco Systems 3750E?

Use the form below

If you did not solve your problem by using a manual Cisco Systems 3750E, ask a question using the form below. If a user had a similar problem with Cisco Systems 3750E it is likely that he will want to share the way to solve it.

Manual Cisco Systems 3750E

Summary

Cisco Systems 3750E - page 1

Cisco Systems 3750E - page 2

Cisco Systems 3750E - page 3

Cisco Systems 3750E - page 4

Cisco Systems 3750E - page 5

Cisco Systems 3750E - page 6

Cisco Systems 3750E - page 7

Cisco Systems 3750E - page 8

Cisco Systems 3750E - page 9

Cisco Systems 3750E - page 10

Cisco Systems 3750E - page 11

Cisco Systems 3750E - page 12

Cisco Systems 3750E - page 13

Cisco Systems 3750E - page 14

Cisco Systems 3750E - page 15

Cisco Systems 3750E - page 16

Cisco Systems 3750E - page 17

Cisco Systems 3750E - page 18

Cisco Systems 3750E - page 19

Cisco Systems 3750E - page 20

Cisco Systems 3750E - page 21

Cisco Systems 3750E - page 22

Cisco Systems 3750E - page 23

Cisco Systems 3750E - page 24

Cisco Systems 3750E - page 25

Cisco Systems 3750E - page 26

Cisco Systems 3750E - page 27

Cisco Systems 3750E - page 28

Cisco Systems 3750E - page 29

Cisco Systems 3750E - page 30

Cisco Systems 3750E - page 31

Cisco Systems 3750E - page 32

Cisco Systems 3750E - page 33

Cisco Systems 3750E - page 34

Cisco Systems 3750E - page 35

Cisco Systems 3750E - page 36

Cisco Systems 3750E - page 37

Cisco Systems 3750E - page 38

Cisco Systems 3750E - page 39

Cisco Systems 3750E - page 40

Cisco Systems 3750E - page 41

Cisco Systems 3750E - page 42

Cisco Systems 3750E - page 43

Cisco Systems 3750E - page 44

Cisco Systems 3750E - page 45

Cisco Systems 3750E - page 46

Cisco Systems 3750E - page 47

Cisco Systems 3750E - page 48

Cisco Systems 3750E - page 49

Cisco Systems 3750E - page 50

Cisco Systems 3750E - page 51

Cisco Systems 3750E - page 52

Cisco Systems 3750E - page 53

Cisco Systems 3750E - page 54

Cisco Systems 3750E - page 55

Cisco Systems 3750E - page 56

Cisco Systems 3750E - page 57

Cisco Systems 3750E - page 58

Cisco Systems 3750E - page 59

Cisco Systems 3750E - page 60

Cisco Systems 3750E - page 61

Cisco Systems 3750E - page 62

Cisco Systems 3750E - page 63

Cisco Systems 3750E - page 64

Cisco Systems 3750E - page 65

Cisco Systems 3750E - page 66

Cisco Systems 3750E - page 67

Cisco Systems 3750E - page 68

Cisco Systems 3750E - page 69

Cisco Systems 3750E - page 70

Cisco Systems 3750E - page 71

Cisco Systems 3750E - page 72

Cisco Systems 3750E - page 73

Cisco Systems 3750E - page 74

Cisco Systems 3750E - page 75

Cisco Systems 3750E - page 76

Cisco Systems 3750E - page 77

Cisco Systems 3750E - page 78