Gebruiksaanwijzing /service van het product 3560X van de fabrikant Cisco Systems
Ga naar pagina of 1438
Americas Headquarters Cisco Systems, In c. 170 West Tasman Drive San Jose, CA 951 34-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553-NETS (638 7) Fax: 408 527-0883 Catal yst 3750-X and 3560-X S witc h S of tw are Conf iguration Guide Cisco IOS Release 12.
THE SPECIFICATION S AND INFORMATION RE GARDING THE PRODU CTS IN THIS MANU AL ARE SUBJECT TO CHANGE WITHOUT N OTICE. ALL STATEMENTS , INFORMATION , AND RECOMMEN DATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESEN TED WITHOUT WARRANTY OF ANY KIND, EX PRESS OR IMPLIED.
iii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 CONTENTS Preface xlix Audience xlix Purpose xlix Conventi ons xlix Related Publica tion s l Obtaining Documentation and .
Contents iv Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Understanding no and default Forms of Co mmands 2-4 Understanding CLI Error Messages 2-4 Using Configuration Logg.
Contents v Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Modifying the Startu p Con figuration 3-16 Default Boot Configuration 3-17 Automatically Downloading a Configurat.
Contents vi Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Stack Member Priority Values 5-8 Switch Stack Offl in e Configurati on 5-8 Effects of Adding a Provisioned Switch.
Contents vii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Hardware Loopback Example: LINK OK event 5-30 Hardware Loo p Example: L INK NOT OK Eve nt 5-31 Finding a Discon.
Contents viii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Configuring NTP 7-4 Default NTP Configuration 7-4 Configuring NTP Authentication 7-4 Configuring NTP Associatio.
Contents ix Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 CHAPTER 8 Configuring SDM Temp lat es 8-1 Understanding the SDM Te mplates 8-1 Dual IPv4 and IPv6 SDM Templates .
Contents x Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Default TACACS+ Configuration 10-13 Identifying the TACACS+ Server Host and Setting the Authen tica tion Key 10-13.
Contents xi Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring SSH 10-46 Configuration Guidelines 10 -46 Setting Up the Switch to Run SSH 10-46 Configuring the SSH.
Contents xii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 802.1x Authen tication with Downloadab le ACLs and Redirect URLs 11-17 Cisco Secure ACS and Attribute-Value Pairs fo r the Redirect URL 11-17 Cisco Secure ACS and Attribute-Value Pairs fo r Downloadable ACLs 11-18 VLAN ID-based MAC Authentication 11-18 802.
Contents xiii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring 802.1x Violation Modes 11-41 Configuring 802.1x Authenticatio n 11 -41 Configuring the Switch-to-R.
Contents xiv Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Session Creation 12-3 Authentication Process 12-3 Local Web Authentication Banner 12 -4 Web Authenticatio n Cust.
Contents xv Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 EtherChannel Port Group s 13-6 10-Gigabit Ethernet Interfaces 13-7 Power over Ethernet Ports 13-7 Supported Prot.
Contents xvi Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Monitoring and Maintaining the Interfaces 13-45 Monitoring Inte rface Status 13-45 Clearing and Resetting Interf.
Contents xvii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring Extended-Ra nge VLANs 15-10 Default VLAN Configuration 15-10 Extended-Range VLAN Configuration Gu .
Contents xviii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 VTP Advertisements 16-4 VTP Versio n 2 16-4 VTP Versio n 3 16-5 VTP Pruning 16-6 VTP and Switch Stacks 16-7 Co.
Contents xix Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Private-VLAN Interaction with Other Features 18-4 Private VLANs and Unicast, Broadcast, and Multicast Traffic 1.
Contents xx Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Spanning-Tree T opology and BPDUs 20-3 Bridge ID, Switch Priority, and Extended System ID 20-4 Spanning-Tree Inte.
Contents xxi Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 CHAPTER 21 Configuring MSTP 21-1 Understanding MST P 21-2 Multiple Spanning-Tree Region s 21-2 IST, CIST, and CST 21-2 Operations Within an MST Region 21-3 Operations Between MST Regions 21-3 IEEE 802.
Contents xxii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 CHAPTER 22 Configuring Optiona l Spanning-Tree Features 22-1 Understanding Op tional Spanning-Tree Features 22 .
Contents xxiii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring Flex Links 23-8 Configuring VLAN Load Balancing on Flex Links 23-10 Configuring the MAC Address-T.
Contents xxiv Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Configuring DHCP Server Port-Based Address Allocation 24-26 Default Port-Based Address Allocation Configuration.
Contents xxv Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring TCN-Related Command s 26-11 Controlling the Multicast Floodin g Time After a TCN Event 26-11 Recove.
Contents xxvi Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Enabling MLD Immediate Leave 27-9 Configuring MLD Snooping Queries 27 -10 Disabling MLD Listener Message Suppre.
Contents xxvii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 CHAPTER 30 Configuring LLDP, LLDP-MED , and Wired Lo cation Service 30-1 Understanding L LDP, LLDP-MED, and W.
Contents xxviii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 SPAN and RSPAN Interaction with Other Feature s 32-9 SPAN and RSPAN and Switch Stacks 32-10 Understanding F l.
Contents xxix Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Setting the Mes sage Display Destination De vice 34-5 Synchronizing Log Messa ges 34-6 Enabling and Disabling .
Contents xxx Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Embedded Event Manager Enviro nmen t Variables 36-5 EEM 3.2 36-5 Configuring Embedded Event Man age r 36-6 Regis.
Contents xxxi Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring VLAN Maps 37-31 VLAN Map Configuration Guidelines 37-31 Creating a VLAN Map 37 -32 Examples of ACL.
Contents xxxii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Queueing and Scheduling Overview 39 -14 Weighted Tail Drop 39-15 SRR Shaping and Sharing 39-15 Queueing and Sc.
Contents xxxiii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring DSCP Maps 39-70 Configuring the CoS-to-DSCP Map 39-71 Configuring the IP-Precede nce-to-DSCP Map.
Contents xxxiv Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Configuring Layer 3 EtherChannels 40-15 Creating Port-Channel Logical Interfaces 40-15 Configuring the Physica.
Contents xxxv Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Routing Assistance When IP Routing is Disabled 42-12 Proxy ARP 42-12 Default Gateway 42-12 ICMP Router Discove.
Contents xxxvi Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Managing Routing Policy Changes 42-50 Configuring BGP Decision Attributes 42-52 Configuring BGP Filtering with.
Contents xxxvii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring Unicast Reverse Path Forw arding 42-89 Configuring Protocol-Independ ent Features 42-89 Configur.
Contents xxxviii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Unsupported IPv6 Unicast Ro uting Features 43-8 Limitations 43-9 IPv6 and Switch Stacks 43-9 Configuring IPv.
Contents xxxix Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 CHAPTER 45 Configuring Cisco IOS IP SLAs Operations 45-1 Understanding Cisco IOS IP SLAs 45-1 Using Cisco IOS.
Contents xl Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 WCCP and Switch Stacks 47-4 Unsupported WCCP Features 47-5 Configuring WCCP 47-5 Default WCCP Configuration 47-5 .
Contents xli Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Configuring Source Specific Multicast Ma pping 48-17 SSM Mapping Configuration Gu idelin es and Restrictions 48.
Contents xlii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Configuring Advanced DVMRP Interope rability Features 48-54 Enabling DVMRP Unicast Routing 48-54 Rejecting a DV.
Contents xliii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 CHAPTER 50 Configuring Fallback Bridging 50-1 Understan di ng Fallbac k Bridging 50-1 Fallback Bridging Overv.
Contents xliv Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Using Layer 2 Traceroute 51-16 Understanding L ayer 2 Tra ceroute 51-16 Usage Guidelines 51-17 Displaying the P.
Contents xlv Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 APPENDIX A Supported MIBs A-1 MIB List A-1 Using FTP to Access the MIB Files A-4 APPENDIX B Working with the Ci.
Contents xlvi Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Working with Software Images B-25 Image Location on th e Switch B-26 File Format of Im ag e s on a Server or Cisco .
Contents xlvii Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Fallback Bridging C-4 Unsupported Privileged EXEC Comma nds C-4 Unsupported Global Configuratio n Commands C-.
Contents xlviii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 QoS C-12 Unsupported Global Configura tion Command C-12 Unsupported Interface Configuration Commands C-12 Uns.
xlix Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Preface Audience This guide is for the n etworking pr ofessional managing the st andalone Catalyst 3750-X or 35 60-X switch or the Cataly st 3750-X switch st ack, referred to as the switc h .
l Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Preface • Square brackets ([ ]) mean optional el ements. • Braces ({ }) group required choices, and v ertical bars ( | ) separate the alternati ve elements.
li Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Preface • Cisco IOS Softwar e Installation Docu ment • Catalyst 3750-X and 3560- X Switc h Getting Started G uide • .
lii Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Preface.
CH A P T E R 1-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 1 Overview This chapter p rovides these topics ab out the Catalyst 3750-X and 356 0-X switch software : • .
1-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Features • IP services feature set, which prov ides a richer set of enterprise-cla ss intellig ent services and full IPv6 support.
1-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Features – Interacti ve guide mode that guides you in co nfiguring complex featu res such as VLANs, A CLs, and quality of service (QoS).
1-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Features • Smart Install to allo w a single point of manage ment (direct or) in a network.
1-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Features • IGMP snooping quer ier support to conf igure switch to generate perio dic IGMP General Qu.
1-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Features station or PC. Y ou can manage the switch stack by connecting to the console port or Ethernet management port of an y stack member . Fo r more information about the CLI, see Chapter 2, “Using the Command-Line Interface.
1-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Features • Config uration logging to lo g and to vie w changes to t he switch conf iguration • Con.
1-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Features • USB T ype A port for e xternal Cisco USB flash memor y de vices (thumb dri ves or USB ke ys). Y ou can use standard Cisco CLI commands to rea d, writ e, eras e, copy , or boot from the flash memory .
1-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Features • Flex Link Layer 2 inte rfaces to back up one another as an al ternativ e to STP for basic.
1-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Features • Password-protected access (read-only and read-wr ite access) to management interf aces .
1-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Features – IP phone detec tion enhancemen t to de tect and recognize a Cisco IP phone – Guest VLAN to pro vide limited services t o non-IEEE 802.1x-co mpliant users – Restricted VLAN to pro vide limited services to users who are IEEE 802.
1-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Features • IEEE 802.1x readiness check to dete rmine the readiness of connected end hosts before conf iguring IEEE 802.
1-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Features • Classification – IP type-of-service/Dif ferentiated Services Co de Point (IP T oS/DSCP) and IEEE 802.
1-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Features Layer 3 Features Note Features in this section are not supported on swi tches running the LAN base feature set. Some features noted are av ailable only in the IP services feature set.
1-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Features • IPv6 default router prefer ence (DRP) for improv ing the ability of a host t o select an.
1-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Default Settings After In itial Switch Configuration • Four gro ups (history , statistics, alarms,.
1-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Default Settings After In itial Switch Configuration • Default d omain name is not conf igured. For more in formation, see Chapter 3, “ Assigning th e Switch IP Address and Default Gateway .
1-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Default Settings After In itial Switch Configuration – VTP version is V ersion 1. Fo r more information, see Chapter 16, “Conf iguring VTP . ” – No pri vate VLANs are conf igured.
1-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Network Config uration Example s • No A CLs are configured. For more information, see Chapter 37, “Configuring Network Secu rity with A CLs. ” • QoS is disabled.
1-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Network Config uration Examples Bandwidth alone is not th e only consideration when designing y our network.
1-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Network Config uration Example s Y ou can use the switches a nd switch stacks to create the follo win.
1-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Network Config uration Examples • High-performance wiring closet ( Figure 1-2 )—F or high-speed .
1-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Network Config uration Example s Figur e 1 -3 High-P erfor mance W ork group (Gi g abit-to-the-Deskt .
1-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Network Config uration Examples • Redundant Gigabi t backbone ( Figure 1-4 )—Using HSRP , you ca.
1-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Network Config uration Example s Figur e 1 -5 Server A ggregation 86931 Si Si Si Si Si Si Campus core.
1-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Network Config uration Examples 86931 Si Si Si Si Si Si Campus core Catalyst 6500 s witches Catalyst.
1-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Network Config uration Example s This network uses VLANs to logically segment the netwo rk into well-def ined broadcast groups and for security management.
1-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Network Config uration Examples Figur e 1 -8 Catalyst 3560-X Switc h es in a Collapsed Bac kbone Con.
1-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Network Config uration Example s Figur e 1 -9 Catalyst 3750-X Switch Stac ks in Wir i ng Closets in a Backbone Configuration Cisco 7x00 routers Catalyst 6500 multila yer switches Cisco IP Phones with workstations IEEE 802.
1-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Network Config uration Examples Figur e 1 -1 0 Catalyst 3560-X Switc hes in Wiring Closets in a Back.
1-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Network Config uration Example s Multidwelling Network Using Catalyst 3750-X Switches A gro wing segment of resi dential and commerci al cu stomers are requ iring high- speed access to Ethernet metropolitan-area n etworks (MANs).
1-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Network Config uration Examples Figur e 1 -1 1 Catalyst 3 750-X Switches in a MAN Con figuration Long-Distance, High-Bandwidt h Transport Configuration Figure 1-12 shows a configuration for sending 8 Gi gabits of data over a single fiber-optic cable.
1-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overview Where to Go Next Figur e 1 -12 Long-Distance, High -Bandwidth T ransport Configuration Where to Go Ne.
1-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 1 Overvi ew Where to Go Ne xt.
CH A P T E R 2-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 2 Using the Command-Line Interface This chapter descr ibes the Cisco IOS command-line interface (CLI ) and ho w to use it t o configure your standalone Catalyst 3750-X or 356 0-X switch or a Catalyst 3750-X s witch stack , referred to as the switc h .
2-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using the Comman d-Line Interface Understanding Command Modes Ta b l e 2-1 describes the main comma nd modes, ho w to acc e ss each one, the prompt you see in that mode, and ho w to exit the mode.
2-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using th e Co mmand-Line Interface Understanding the Help Syste m For more detail ed information on the co mmand modes, see the co mmand reference gu ide for this release.
2-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using the Comman d-Line Interface Understanding no an d default Forms of Command s Understanding no and default Forms of Commands Almost e very conf iguration command also h as a no form.
2-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using th e Co mmand-Line Interface Using Comman d History command was entered, and the parser return code for the command. This feat ure includes a me chanism for asynchronous notif ication to registered appli cations whene ver the conf iguration changes.
2-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using the Comman d-Line Interface Using Editing Features Recalling Commands T o recall commands from the history b uffer , perform one of the actions listed in Ta b l e 2-4 .
2-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using th e Co mmand-Line Interface Using Editing Features T o re-enable the enhanced editing mode for the curre.
2-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using the Comman d-Line Interface Using Editing Features Editing Command Lines that Wrap Y ou can use a wraparound featu re for commands that e xtend be yond a single line on the screen.
2-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using th e Co mmand-Line Interface Searching and Filtering Output of show and more Commands After you complete the entry , press Ctrl-A to check the c omplete sy ntax before pressing the Return key to ex ecute the command.
2-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 2 Using the Comman d-Line Interface Accessing the CLI T o debug a specif ic stac k member , you can a ccess it from the stack master b y using the session stac k-member- number privile ged EXEC command .
CH A P T E R 3-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 3 Assigning the Switch IP Address and Default Gateway This chapter describes ho w to create the initial sw itch configur ation (for ex ample, assigning the IP address and default ga te way information) by using a v a riety of automatic and man ual methods.
3-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information The normal boot process in vol ves the operati on of the boot loader softw are and includes these activities: • Performs lo w-lev el CPU initialization.
3-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Note Stack members retain their IP addr ess when you remov e them from a sw itch stack.
3-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information W ith DHCP-based autoconfigurati on, no DHCP client-si de configurati on is needed on your swi tch.
3-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information The DHCP serv er sends the cl.
3-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Note For procedures to c onfi.
3-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information DHCP Server Configuration Gui.
3-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information For the swit ch to successfully do wnload a configuration f ile, the TFTP serv er must contain one or mor e confi guration fi les in its base directory .
3-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Figur e 3-2 Relay Device Used.
3-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Note The switch broadcasts T.
3-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information TFTP Server Conf iguration (on UNIX) The TFTP serv er base di rectory is set t o /tftpserver/ w ork/.
3-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information This exampl e show s how to .
3-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information This exampl e sho ws how to .
3-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Configuring the Client Begin.
3-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Checking and Saving the Running Configuration Manually As.
3-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Star tup Configuration service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Stack1 ! enable secret 5 $1$ej9.
3-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Startup Configuration See also Appendix B, “W orking with the Cisco I OS File System, Conf iguration Files, and Softw are Images, ” for information about switch configur ation f iles.
3-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Star tup Configuration T o return to the def ault setting, use the no boot conf ig-file global con figurat ion command.
3-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Startup Configuration Booting a Specific Software Image By default, the switch at tempts to automatically bo ot up t he system using information in th e BOO T en vironment var iable.
3-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Star tup Configuration Controlling Environment Variables W ith a normally operating swit ch, you enter the boot loader mo de only through a switch consol e connection conf igured for 9600 b/s.
3-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Startup Configuration When the switch is connected to a PC thr ough the Ethernet manageme nt port, you can download or upload a conf iguration f ile to the boot loader b y using TFTP .
3-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Scheduling a Reload of the Software Image Scheduling a Re.
3-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Scheduling a Relo ad of the Software Image This exampl e .
3-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Scheduling a Reload of the Software Image.
CH A P T E R 4-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 4 Configuring Cisco IOS Configuration Engine This chapter describe s ho w to configure the feature on t he Catalyst 3750-X or 3560-X swit ch.
4-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Understanding Cisco Configuration Engine Softw ar e Figur e 4-1 Conf.
4-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Understanding Cisco Co nfig uration Engine Software Event Service The Configuration Engine uses th e Event Service for receipt and generati on of conf iguration ev ents.
4-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Understanding Cisco Configuration Engine Softw ar e DeviceID Each co.
4-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Understanding Cisco IOS Agents Understanding Cisco IOS Agents The CNS ev ent agent feature allows the switch to publish and subscrib e to e vents on the e vent bu s and works with the Cisco IOS ag ent.
4-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IO S Agents Incremental (Partial) Configuration After the networ k is running, ne w services can be added by using the Cisco IOS agent.
4-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Note For more informati on about running the set up program and creatin g templates on the Conf iguration Engine, see the Cisco Configur ation Engine Insta llation and Setup Gui de, 1.
4-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IO S Agents Enabling the CNS Event Agent Note Y ou must enable the CNS event ag ent on the switch before you en able the CNS configuration agent.
4-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Enabling the Cisco IOS CNS Agent After enabling the CNS ev ent agent, start the Cisco IOS CNS agent on the switch.
4-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IO S Agents Step 7 di scover { contr oller contr .
4-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Step 13 cns id interface num { dns-rev.
4-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IO S Agents T o disable the CNS Cisco IOS agent, us e the no cns conf ig initial { ip-addr ess | hostname } g lobal confi guration command.
4-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents This exampl e sho ws how to conf igure an initial co nfigu ration on a remote switch when the switch IP address is kno wn.
4-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 4 Configuring Cisco IOS Configuration Engine Displaying CNS Configuration Displaying CNS Configuration Y ou can use the pri vileg ed EXEC commands in Ta b l e 4-2 to display CNS configu ration informat ion.
CH A P T E R 5-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 5 Managing Switch Stacks This chapter pro vides the concepts and procedures to manage Catalyst 3750-X switch stacks. Note The LAN base feature set supports sw itch stacks only wh en all switches in the stack are run th e LAN base feature set.
5-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks Understanding Switch Stacks A switch stack is a set of up to nine stacking-capab le switches connected thro ugh their StackW ise Plus or StackW ise ports.
5-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s The system-le vel features supported on the stack ma ster are supported on the entire switch stack.
5-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks – Additional Considerations fo r System-W ide Configurat.
5-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s For more inf ormation about cablin g and p owering switch stacks, see th e “Switch Installation” chapter in the hardware installation guide.
5-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks 4. The switch with the hig her priority feature set and so ftware image combination. These co mbinations are listed from highest to lo west priority .
5-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s As described in the hardware instal lation guide, you can use the Master LED on the switch to see if th e switch is the stack master .
5-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks • If you mer ge switch stacks, the switches th at join the switch stack of a ne w stack master select the the lo west av ailable numbers in the stack.
5-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s Effects of Adding a Provisi oned Switch to a Switch Stack When you add a provisioned switch to the sw itch stack, the stack applies either the provisioned confi guration or the defau lt configu ration.
5-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks If you add a prov isioned switch that is a diff erent typ.
5-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s V ersion-mismatch (VM) mode has pri ority ov er SD M-mismatch mode. If a VM-mode condition and an SDM-mismatch mode e x ist, the switch stack f irst attempts to resolv e the VM-mode condition.
5-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks Minor Version Number Incompatibility Among Switches Switches with the same m ajor version numb er but wit h a dif ferent minor version numbe r are considere d partially compat ible.
5-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s • Automatic advise (auto -advise) oc curs when th e au to-upgrade process cannot f ind appropriate stack member software t o copy to the switch in VM mode.
5-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: Minimum Dram required:0x08000000 *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: Image Suffix:ipservices-122-35.
5-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW:members have been scanned, and it h as *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW:been determined that the stack can be *Mar 1 00:04:22.
5-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks The interface-specific conf iguration of each stack me mber is associated with the stack member numb er .
5-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s Switch Stack Management Connectivity Y ou manage the sw itch stack and the stack member in terfaces through the sta ck master .
5-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Understanding Switch Stacks Be careful w hen using multiple CLI sessions to the stack master . Commands that you enter in one session are not displa yed in the oth er sessions.
5-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Understanding Switch Stack s Stack master election specifically determined by the cr yp.
5-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Configuring the Switch Stack Configuring the Switch Stack These sections contain this.
5-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Configuring the Switc h Stack the previous stack ma ster does not rejoin the stack during this period, the switch stack takes the MA C address of the new stack master as the stack MA C a d dress.
5-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Configuring the Switch Stack Use the no stack-mac persistent timer global conf iguration command to disable the persist ent MA C address feature.
5-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Configuring the Switc h Stack Beginni ng in pri vileged EXEC mode, fo llow th ese steps to assign a member number to a stack member . This procedure is optional.
5-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Configuring the Switch Stack Beginning in pri vileged EXEC mode, follo w these steps to prov ision a ne w member for a switch stack. This procedure is optional.
5-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Accessing the CLI of a Specific Stack Member Accessing the CLI of a Specific Stack Member Note This task is only for deb ugging purposes, and is only a vailable fr om the master .
5-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Troubleshooting Stacks • Finding a Disconnected Stack Cable, page 5-3 2 • Fixing .
5-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Troubleshooting Stacks Understanding the show switch stack-ports summary Output Only Port 1 on stack member 2 is disabled.
5-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Troubleshooting Stacks Identifying Loopback Problems • Software Loopback, page 5-28.
5-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Troubleshooting Stacks Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Len.
5-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Troubleshooting Stacks Hardware Loopback The show platf orm stack ports b uffer pri vileged EXEC co mmand output sho ws the hardware loopback va lu e s .
5-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Troubleshooting Stacks On a Catalyst 3750-E or 3750-X sw itch: Switch# show platform st.
5-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Troubleshooting Stacks On a Catalyst 3750-E or 3750-X sw itch: Switch# show platform .
5-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 Managing Switch Stacks Troubleshooting Stacks Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Len.
5-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 5 M ana ging Switch Stacks Troubleshooting Stacks.
CH A P T E R 6-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 6 Clustering Switches This chapte r provid es the concepts and procedures to create and manage Catalyst 3750-X and 3560-X switch clusters. Unless otherwise noted, the te rm switch refers to a stan dalone switch and to a switch stack.
6-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Understanding Switch Clusters Understanding Switch Clusters A switch clus ter is a set o f up to 16 c onnected, cluster- capable Catalyst switches that are managed as a single entity .
6-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Switches Understanding Switch Cluste rs Cluster Command Switch Characteristics A cluster command switch must meet these requirements: • It is running a supported sof tware release.
6-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Planning a Switch Cluster Note Standby clu ster command switches must be th e same type of switches as the cluster command switch.
6-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Switches Planning a Switch Cluster • SNMP Community Strings, page 6- 14 • Switch Clusters and Sw.
6-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Planning a Switch Cluster Figur e 6-1 Discovery Through CDP Hops Discovery Through Non-CD.
6-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Switches Planning a Switch Cluster Discovery Through Different VLANs If the cluster command switch is a Catalyst 3560-E, Catalyst 3750-E, Catalyst 3560-X , or Catalyst 3750-X switch, the cluster can hav e cluster member switches in dif ferent VLANs.
6-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Planning a Switch Cluster Note If the switch cluster has a Catal yst 3750-E or Cata ly st 3750-X switch or switch stack, that switch or switch stack must be the cluster command switch.
6-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Switches Planning a Switch Cluster Figur e 6-5 Discovery Through Routed P orts Discovery of Newly Installed Switches T o join a cluster , the new , out-of-the-box switch must be connected to t he cluster through one of its access ports.
6-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Planning a Switch Cluster HSRP and Standby Cluster Command Switches The switch supports Hot Standb y Router Protocol (HSRP) so that you can con figur e a group of standb y cluster command switches.
6-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Switches Planning a Switch Cluster Virtual IP Addresses Y ou need t o assign a uni que virtual IP ad dress and group number and name to the cluster standb y group.
6-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Planning a Switch Cluster • Each standb y-group member ( Figure 6-7 ) must be connected to th e cluster command switch through the same VLAN.
6-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Switches Planning a Switch Cluster • This limitation applies to all clu sters: If the acti ve clu.
6-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Planning a Switch Cluster Passwords Y ou do not ne ed to assign passwords to an indi vidual swit ch if it wi ll be a cl uster mem ber .
6-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Switches Planning a Switch Cluster Recall that stack members w ork together to beha ve as a unif ied system (as a single switch st ack) in the network and are presented to the network as such by Layer 2 an d Layer 3 protocols.
6-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Using the CLI to Mana ge Switch Clusters • If a cluster member switch stack reloads and a ne w stack master is elected, the switch stack loses connecti vity with the cluster command switch.
6-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Switches Using SNMP to Manage Switch Clusters Catalyst 1900 and Catalyst 2820 CLI Considerations If.
6-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 6 Clustering Sw itc hes Using SNMP to Manage Switch Clusters Figur e 6-8 SNMP Ma nagement f or a Cluster Tr a p .
CH A P T E R 7-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 7 Administering the Switch This chapter describes h ow to perf orm one-t ime operat ions to administer the Catalyst 3750-X or 35 60-X switch.
7-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the System Time and Date Understanding the System Clock The heart of the time service is th e system clock. This clock runs fro m the moment the system st arts up and keeps track of the date and time.
7-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the System T ime and Date Cisco’ s implementation o f NTP does not support st ratum 1 service; it is n ot possible to connect to a radio or atomic clock.
7-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the System Time and Date Configuring NTP The switch does not ha ve a hardware-sup ported cloc k and cannot functi on as an NTP master clock to which peers synchronize themselv es when an ex ternal NTP source is not a vailable.
7-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the System T ime and Date T o disable NTP authentication, use the no ntp authenticate global conf iguration command. T o remove an authentication key , us e th e no ntp authentication-key number global conf iguration co mmand.
7-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the System Time and Date Beginni ng in pri vileged EXEC mode, follo w these .
7-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the System T ime and Date The switch can send or receiv e NTP broadcast packets on an interface-by -interfa ce basis if there is an NTP broadcast server , such as a router, broadcasting time i nformation on the netw ork.
7-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the System Time and Date T o disable an inte rface from receiv ing NTP br oadcast packets, use the no ntp broadcast client interface confi guration command.
7-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the System T ime and Date The access group keyw ords are scanned in this orde r, from least restricti ve to most restr ictiv e: 1.
7-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the System Time and Date Disabling NTP Services on a Spe cific Interf ace NTP services are enabled on all interfaces by default.
7-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the System T ime and Date Displaying the NTP Configuration Y ou can use two .
7-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the System Time and Date Displaying the Time and Date Configuration T o display the time and date conf iguration, use the show clock [ detail ] pri vileged EXEC command.
7-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the System T ime and Date Configuring Summer Time (Daylight Saving Time) Beg.
7-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Configuring a System N ame and Prompt Beginni ng in pri vileged EXEC mod e, follo w .
7-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Configuring a System Name and Prompt For complete syntax and usage information for t he commands used in this section, see the Cisco IOS Confi gurati on Fundamentals Comm and Refer ence, Release 12.
7-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Configuring a System N ame and Prompt T o keep track o f domain names, IP h as defined th e concept of a d omain name ser ver , which holds a cache (or database) of names mapped to IP addresses.
7-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Creating a Banner If you use the sw itch IP address as its hostname, th e IP ad dress is u sed and no DNS query occurs. If you confi gure a hostname that contains no periods (.
7-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Creating a Banne r Configuring a Message-of-the-Day Login Banner Y ou can create a sing le or multiline message banner th at appears on the screen when someone logs in to the switch.
7-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the MA C Address Table Configuring a Login Banner Y ou can co nfigure a login banner to be displayed on all connected terminals.
7-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the MAC Address Table These sections contain this configu ration informat i.
7-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the MA C Address Table When pri v ate VLANs are conf igured, address learning depends on the type of MA C address: • Dynamic MAC addresses learned in one VLAN of a private VLAN are replicat ed in the associated VLANs.
7-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the MAC Address Table Beginni ng in pri vileged EXEC mod e, follo w these s.
7-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the MA C Address Table Beginning in pri vileged EXEC mode, follow these step.
7-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the MAC Address Table T o disable MAC address-change notif ication traps, use the no snmp-server enable traps mac-notif ication change global conf iguration command.
7-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the MA C Address Table Beginning in pri vileged EXEC mode, follow these step.
7-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the MAC Address Table Beginning in pri vileged EXEC mode, foll ow th ese st.
7-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the MA C Address Table Y ou can verify your settings b y entering th e show mac address-tabl e noti f ication thr eshold pri vileged EXEC commands.
7-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the MAC Address Table This exampl e sho ws how to add the static address c2f3.
7-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the MA C Address Table T o disable unicast MA C address filtering, us e the no mac address-table static mac-addr vlan vlan-id global conf iguration command.
7-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the MAC Address Table Beginning in pri vileged EXEC mod e, follow these ste.
7-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administering the Switch Managing the ARP Table Managing the ARP Table T o communicate with a de vice (ov er Ethernet, for e xam ple), the software f irst must l earn the 48 -bit MA C address or the local data lin k addre ss of that de vice.
7-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 7 Administerin g the Switch Managing the ARP Table.
CH A P T E R 8-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 8 Configuring SDM Templates This chapter descri bes how to configure the Switch Databa se Management (SDM ) templates on th e Catalyst 37 50-X or 3560-X switch.
8-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 8 Config uring SDM Templates Understanding the SDM Temp lates Note On switches running the LAN base feature set, routing v alues shown in the temp lates are not va lid.
8-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 8 Configuring SDM Templates Understanding the SDM Template s • Dual IPv4 and IP v6 routing template—supports .
8-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 8 Config uring SDM Templates Configuring the Switch SDM Temp late This is an examp le of a syslog message notifyi.
8-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 8 Configuring SDM Templates Configuring the Switch SDM Template Setting the SDM Template Beginning in pri vileged.
8-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 8 Config uring SDM Templates Displaying the SDM Templates T o return to the default temp late, use the no sdm prefer global conf iguration command.
8-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 8 Configuring SDM Templates Displaying the SD M Templates number of qos aces: 0.
8-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 8 Config uring SDM Templates Displaying the SDM Templates.
CH A P T E R 9-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 9 Configuring Catalyst 3750-X StackPower The Catalyst 3750 -X and 3560-X swi tches hav e two po wer supplies per system, allo wing the po wer load to be split between them .
9-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 9 Configuring Catalyst 3750-X StackPower Understanding StackPowe r • System operation can be come more green b y maxi mizing po wer supply eff iciency and worki ng with the most ef ficient load (30 to 90% of their maximum load).
9-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 9 Configur ing Catalyst 3750-X StackPower Understanding StackPo wer Y ou can also configure a switch connected in a po we r stack to not participate i n the po wer stack b y setting the switch to standalone p ower mode.
9-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 9 Configuring Catalyst 3750-X StackPower Understanding StackPowe r Graceful load shedding is al ways enabled and imme diate load sheddi ng occurs only when necessary , so both can occur at th e same time.
9-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 9 Configur ing Catalyst 3750-X StackPower Understanding StackPo wer The output of the show stack-power priv ileged EXEC command sh ow s the priorities of the p owered devices and switches in the po w er stack.
9-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 9 Configuring Catalyst 3750-X StackPower Configuring Stack Power • Switch 4 (priority 4) • Switch 3 (priority.
9-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 9 Configur ing Catalyst 3750-X StackPower Configuring Stack Power This is an ex ample of setting the stack power mode for the stack named power1 to redundant po wer mode.
9-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 9 Configuring Catalyst 3750-X StackPower Configuring Stack Power Note Enterin g the write era se and relo ad privile g ed EXEC commands do wn not change the p ower priority or po wer mode non-defa ult config uration sa ved in t he switch flash memory .
CH A P T E R 10-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 10 Configuring Switch-Based Authentication This chapter describes how to conf igure switch-based authen tication on th e Catalyst 3750-X or 3560-X switch.
10-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Protecting Acce ss to Pr ivileged EXEC Commands • If you want to .
10-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Protecti ng Access to Privi leged EXEC Commands Setting or Changing a Static Enable Password The enable password controls acces s to the pri vileged EX EC mode.
10-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Protecting Acce ss to Pr ivileged EXEC Commands Beginning in pri vi.
10-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Protecti ng Access to Privi leged EXEC Commands This example sho ws .
10-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Protecting Acce ss to Pr ivileged EXEC Commands Setting a Telnet Pa.
10-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Protecti ng Access to Privi leged EXEC Commands Beginning in pri vil.
10-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Protecting Acce ss to Pr ivileged EXEC Commands Setting the Privile.
10-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Protecti ng Access to Privi leged EXEC Commands Changing the Default.
10-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with TACACS+ Controlling Switch Access w.
10-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Control ling Switch Access with TACACS+ Figur e 1 0-1 T ypical T AC.
10-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with TACACS+ TACACS+ Operation When a user attempt s a simple ASCII login by authenticatin g to a switch using T A CA CS+, this process occurs: 1.
10-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Control ling Switch Access with TACACS+ • Config uring T A CA CS+.
10-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with TACACS+ T o remove the specif ied T A CA C S+ server name or address, use the no tacacs-server host hostname global conf iguration command.
10-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Control ling Switch Access with TACACS+ T o disable AAA, use the no aaa new-model global conf iguration command.
10-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with TACACS+ Note T o secure the sw itch for HTTP access by using AAA methods, you must conf igure the switch with the ip http authentication aaa g lobal conf iguration command.
10-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS Starting TACACS+ Accounting The AAA accounting feature tracks the servic es that users are accessing and the amount of network resources that the y are consuming.
10-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS Understanding RADIUS RADIUS is a distributed client/server system th at secures networks against unauthorized access.
10-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS Figur e 1 0-2 T r ansitioning.
10-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS • CoA Request Commands, pa.
10-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS Ta b l e 10-3 sho ws the possible values fo r the Error-Cause attrib ute. Preconditions T o use the CoA interface, a session must already ex ist on the switch.
10-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS Session Identification For d.
10-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS • Session Reauthentication .
10-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS • If authentication comp letes with either success or failure, th e signal that triggered the reauthentication is remo ved from the stack member .
10-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS Note A Disconnect-Request f a.
10-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS When the Auth Manager comman.
10-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS Default RADIUS Configuration RADIUS and AAA are disabl ed by def ault. T o prev ent a lapse in security , you cannot conf igure RADIUS through a n etwork managemen t application.
10-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS Beginning in priv ileged EXEC mode, foll ow these steps to configu re per-serv er RADIUS server communication.
10-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS T o remove the specif ied RADIUS se rv er , use the no radius-server host hostname | ip-addr ess glo bal confi guration command.
10-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS Step 3 aaa authentication login { default | list-name } method1 [ method2... ] Create a login authen tication method list.
10-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS T o disable AAA, use the no aaa new-model global conf iguration command.
10-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS Beginning in p rivile ged EX.
10-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS T o remove the specif ied RADIUS se rv er , use the no radius-server host hostname | ip-addr ess glo bal confi guration command.
10-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS T o disable authorization, use the no aaa authorization { network | exec } method1 global configuration command.
10-35 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS Configuring Settings fo r All.
10-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS This example sho ws how to p.
10-37 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with RADIUS As mentioned earlier , to con.
10-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with RADIUS T o disable AAA, use the no aaa new-model global co nfigurat ion command.
10-39 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with Kerberos Configuring RADIUS Se rver Load Balancing This feature allo ws access and authen tication requests to be e venl y across all RADIUS ser vers in a server group.
10-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with Kerberos K erberos verif ies that users are w ho they claim to be and the netw ork service s that the y use a re what the services claim to be.
10-41 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Controlling Switch Access with Kerberos Kerberos Operation A Kerber.
10-42 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Controlling Switch Access with Kerberos Authenticating to a Boundary Switch This section describes the first layer of security th rough which a remo te user must pass.
10-43 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Configuring the Switch for Local Au thentication and Au th orizatio.
10-44 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Configuring the Switch for Secure Shell T o disable AAA, use the no aaa new-model global conf iguration command.
10-45 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Configur ing the Switch for Secure She ll Note For complete syntax .
10-46 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Configuring the Switch for Secure Shell Limitations These limitations apply to SSH: • The switch supports Ri v est, Shamir , and A delman (RSA) authentication.
10-47 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Configur ing the Switch for Secure She ll 3. Configure user authentication fo r local or remote access. This step is required.
10-48 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Configuring the Switch for Secure Shell T o return to the def ault SSH control p arameters, use the no ip ssh { timeout | authentication-retries } global conf iguration command.
10-49 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Configuring the Switch for Secure So cket La yer HTTP Configuring the Switch for Secure Socket Layer HTTP This section descri bes ho w to conf igure Secure Sock et Layer (SSL) V ersion 3.
10-50 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Configuring the Switch for Secure Sock et La yer HTTP If you do no.
10-51 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Configuring the Switch for Secure So cket La yer HTTP CipherSuites A CipherSuite specifies the encryption al gorithm and the di gest algorithm to us e on a SSL connection.
10-52 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Configuring the Switch for Secure Sock et La yer HTTP SSL Configuration Guidelines When SSL is used in a switch cluster , the SSL se ssion terminat es at the cluster commander .
10-53 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Configuring the Switch for Secure So cket La yer HTTP Use the no crypto ca trustpoint name global conf iguration command to delete all identity informati on and certificates associated with the CA.
10-54 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Configuring the Switch for Secure Sock et La yer HTTP Use the no ip http server global configuration command to dis a ble the standard HTTP server .
10-55 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Configur ing Switch-Based Authentication Configuring the Switch fo r Sec ure Copy Protocol Use the no ip http client secure-trustpoint name to remov e a client trustpoi nt configuration.
10-56 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 10 Co nfiguri ng Switch-Based Authentication Configuring the Switch for Secure Copy Pro t oco l Information About Secure Copy T o conf igure the Secure Copy featu re, you should understand t hese concepts.
CH A P T E R 11-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 11 Configuring IEEE 802.1x Port-Based Authentication This chapter describes ho w to c onf igure IEEE 802.1x port-based authen tication on th e Catalyst 3750-X or 3560-X switch.
11-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.
11-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication Device Roles W ith 802.1x port-based authenticati on, the de vices in the net work ha ve specif ic roles as show n in Figure 11-1 .
11-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.
11-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.
11-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication The T ermination-Action RADIUS attrib ute (Attrib u te [29]) specifies the action to take during re-authentication.
11-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.
11-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.
11-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication Per-User ACLs and Filter-Ids A CLs configured on the switch are compatible with other devi ces running Cisco IOS releases.
11-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication For more information, see the co mmand reference for this release.
11-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.
11-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication 802.1x Host Mode Y ou can confi gure an 802.1x port for single-host or for multiple-hosts mode.
11-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication MAC Move When a M A C address is authenticated on one sw itch po rt, that address is no t allowed on another 802.
11-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.
11-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication 802.1x Authentication with VLAN Assignment The switch support s 802.
11-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.
11-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication Only one 802.1x-authenticated user is supp orted on a port.
11-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication The switch uses the CiscoSecure-Defined-A CL A V pair to intercept an HTTP or HTTPS request from the endpoint de vice.
11-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication 802.1x Authentication with Guest VLAN Y ou can configu re a guest VLAN for each 802.
11-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication 802.1x Authentication with Restricted VLAN Y ou can conf igure a restricte d VLAN (also referred to as an authentication f ailed VLAN ) for each IEEE 802.
11-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication When a ne w host tries to connect to the criti cal port , that host is mo ved to a user-specified access VLAN, the critical VLAN .
11-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.
11-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication 802.1x User Distribution Configuration Guidelines • Confir m that at least one VLAN is mapped to th e VLAN group.
11-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication IEEE 802.1x Authentication with Port Security Y ou can configure an IEEE 802.
11-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication When a host that uses W oL is attached through an IEEE 802.
11-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.
11-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication Config uring N A C Layer 2 IEEE 802.1x v alidation is similar to conf iguring IEEE 802.
11-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication Note If you use a d ynamic VLAN to a ssign a v oice VLAN on an MD A-enabled swi tch port, the v oice device fails authorization.
11-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.
11-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication • The VSA changes the authe nticator switch port mode from access to trunk and enables 80 2.
11-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication The session ID is us ed by the N AD, the A AA server , and other report-analyzing application s to identify the client.
11-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication MKA Policies Y ou apply a def ined MKA polic y to an interface to enable MKA on the interface.
11-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Po rt-Bas ed Au th entication MACsec, MKA and 80 2.1x Host Modes Y ou can u se MA Csec and the MKA Protocol with 802.
11-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication MKA Statistics Some MKA coun ters are aggre gated globally , while others are updated both g lobally and per session.
11-35 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication • Config uring a W eb Authentication Local Banner , page 11-65 (optional) • Disabling 802.
11-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication 802.1x Authentication Configuration Guidelines These section has conf iguration guidelines for these features: • 802.
11-37 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication – EtherChann el port—Do not co nfigure a port that is an acti ve or a not- yet-activ e member of an EtherChann el as an 802.
11-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.
11-39 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Follo w these guidelines to ena ble the readiness check on the switch: • The readiness check is typi ca lly used before 80 2.
11-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication Note If you do not include th e shutdown vlan k eyw ords, the entire port is shut do wn when it enters the error-disabled state.
11-41 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.
11-42 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication This is the 802.1x A AA process: Step 1 A user connects to a port on the switch.
11-43 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.
11-44 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.
11-45 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication T o disable multiple hosts o n the port, use the no authenti cation h ost-mo de or the no dot1x host-mode multi-host interf ace conf iguration command.
11-46 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication T o disable periodic re-authentication, use the no authentication periodic or the no dot1x reauthenti cation interface conf iguration command.
11-47 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Changing the Quiet Period When the sw itch cannot authenticate the client, the switch remai ns idle for a set period of time and then tries ag ain.
11-48 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication T o return to th e default retransmission time, use the no dot1x timeout tx-period interface conf iguration command.
11-49 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.
11-50 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication This example sh ows ho w to global ly enable MAC move on a switch: Switch(config)# authenti cation mac-mo ve permit Configuring 802.
11-51 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.
11-52 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.
11-53 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.
11-54 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication Beginning in pri vileged EXEC mode, follo w these steps to configure the port as a critical port a nd enable the inaccessible authentication bypass feature.
11-55 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.
11-56 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.
11-57 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication T o disable MA C authentication b ypass, use the no dot1x mac-auth-bypass interf ace configuration command.
11-58 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.
11-59 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.
11-60 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.
11-61 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.
11-62 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication Configuring a Do wnloadable Policy Beginning in pri vileged EXEC mod e: Step 7 ip access-group acl-id in Confi gure the default A CL on the port in the input direction .
11-63 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication This exampl e sho ws how to conf igure a switch for a do wnloadable policy : Switch# config terminal Enter configuration commands, one per line.
11-64 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication This exampl e sho ws how to glob ally enable VLAN ID-ba sed MA C authentica tion on a switch: Switch# config terminal Enter configuration commands, one per line.
11-65 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.
11-66 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.1x Authentication Disabling 802.1x Authentication on the Port Y ou can disable 802.1x aut hentication on the port b y using the no dot1x pae inter face configuration command.
11-67 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.
11-68 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Configuring 802.
11-69 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring I EEE 802.1x Port-Bas ed Authentication Displaying 802.
11-70 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 11 Configuring IEEE 802. 1x Port-Based Authentication Displaying 802.
CH A P T E R 12-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 12 Configuring Web-Based Authentication This chapter d escribes how to configure web-based au thentication on the Catalyst 3750-X o r 3560-X switch.
12-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Understanding Web-Ba sed Authentication • Authentication Pr ocess, pa.
12-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configuring Web-Based Authentic ation Understanding Web-Based Auth entication Session Creation When web-based authentication dete cts a ne w host, it creates a session as follow s: • Re view s the except ion list.
12-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Understanding Web-Ba sed Authentication Local Web Authentication Banner Y ou can create a banner that will appear when you log in to a switch by using web authent ication.
12-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configuring Web-Based Authentic ation Understanding Web-Based Auth entication Figur e 12-3 Customiz ed W eb B.
12-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Understanding Web-Ba sed Authentication Web Authentication Customizable.
12-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configuring Web-Based Authentic ation Understanding Web-Based Auth entication Figur e 12-5 Customiz eable A uthentication P age For more informati on, see the “Customizing the Authen tication Proxy W eb Pages” section on page 12-13 .
12-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Understanding Web-Ba sed Authentication LAN Port IP Y ou can con figure LAN port IP (LPI P) and Layer 2 w e b-based authentication on the same port.
12-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configuring Web-Based Authentic ation Configuring Web-Based Authentication Configuring Web-Based Authenticati.
12-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Configuring Web-Base d Authentication • Hosts that are more than one hop aw ay might e xperience traf fic disrup tion if an STP topology change results in the host traf fic arri ving on a di fferent port.
12-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configuring Web-Based Authentic ation Configuring Web-Based Authentication Authentication global absolute ti.
12-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Configuring Web-Base d Authentication T o config ure the RADIUS server parameters, perform this task: When you configure the RADIUS server parameters: • Specify the key string on a separate command line.
12-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configuring Web-Based Authentic ation Configuring Web-Based Authentication This example sho ws how to conf igure the RADIU S server parameters on a switch: Switch(config)# ip radius source-interface Vlan80 Switch(config)# radius-server host 172.
12-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Configuring Web-Base d Authentication When configuring customized authentication pr oxy web pages, follo w these guidelines: • T o enable the custom web pages feature, specify all four custom HTML f iles.
12-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configuring Web-Based Authentic ation Configuring Web-Based Authentication Specifying a Redirection URL for Successful Login Y ou can specify a URL to whic h the user is redirected after authentication, effecti vely replacing the internal S uccess HTML page.
12-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Configuring Web-Base d Authentication This example sh ows ho w to determine whether any conn ected hosts are in the AAA Do wn state: Switch# show ip admission cache Authentication Proxy Cache Client IP 209.
12-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configuring Web-Based Authentic ation Displaying Web-Based Authentication Status This exampl e sho ws how to.
12-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 12 Configurin g Web-Based Authentication Displaying Web-Based Authentication Status.
CH A P T E R 13-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 13 Configuring Interface Characteristics This chapter de f ines the types of in terfaces on the Catalyst 3750-X or 3560-X sw itch and describes ho w to conf igure them.
13-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Interface Types These sections describe the interface types: • Port-.
13-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Interface Types confi gure tunnel ports as part of an asymmetri c li nk connected to an IEEE 802.
13-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Interface Types Although b y default, a trunk port is a member of e very VLAN kno wn to the VTP , you can limit VLAN membership by conf iguring an allo wed list of VLANs for each trun k port.
13-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Interface Types The number of routed port s that you can conf igure is not limi ted by so ftware.
13-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Interface Types Note The LAN base feature set does not support rout ing. The IP base feature set supports static routing an d RIP .
13-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Interface Types 10-Gigabit Ethernet Interfaces The Catalyst 3750-X an .
13-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Interface Types Cisco intelligent po wer management is backward -compatible with CDP with po wer consumption; the switch responds according to the CDP message that it recei ves.
13-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Interface Types W ith PoE+, po wered devices use IEEE 802.
13-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Interface Types • static —The switch pre-allocates po wer to the port (e ven w hen no po wered device is connected) and guarantees that power will be av ailable for the port.
13-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Interface Types Maximum Power Allocation (Cuto ff Power) on a PoE Port When po wer policing is enabled, th e switch dete rmines one of t he th ese values as the cutof f power on the PoE port in this order: 1.
13-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Interface Types (6300 mW). The switch provides po wer to the connect ed devices on the port if the de vice ne eds up to 6.
13-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Using the Switch USB Ports possible, to maintain high perfor mance, forwarding is done b y the switch hardware. Ho wever , only IPv4 packets with Ethernet II encapsul ation are routed in hardware.
13-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Using the Switch USB Ports switch-stack-1 *Mar 1 00:01:00.171: %USB_CONSOLE-6-MEDIA_RJ45: Console media-type is RJ45. *Mar 1 00:01:00.
13-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Using the Switch USB Ports This example re verses the pre vious configuration and immediately acti vates an y USB console that is connected.
13-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Using the Switch USB Ports USB Type A Port The USB T ype A port pro vides ac cess to e xternal Ci sco USB fl ash devices, also known as thumb drives or USB ke ys.
13-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Using Interface Configuration Mode Interface: Number: 0 Description: .
13-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Using Interface Configuration Mode • Module number—The module o r slot number on the switch t hat is alw ays 0. • Port number—The interface numb er on the switch.
13-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Using Interface Configuration Mode Step 3 Follo w each interface command with the interface configurati on commands that the interface requires .
13-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Using Interface Configuration Mode – gigabitethernet module/ {first.
13-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Using Interface Configuration Mode Configuring and Using Interface Range Macros Y ou can create an interface range macro to automatica lly select a range of interfaces for configu ration.
13-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Using the Ethernet Man agement Port • Y ou must add a space between the first interface number and th e hyphen when entering an interface-rang e .
13-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Using the Ethernet Mana gemen t Port Understanding the Ethernet Management Port The Ethernet management port, also referred to as the F a0 or fastethernet0 port , is a Layer 3 host po rt to which you can connect a PC.
13-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Using the Ethernet Man agement Port Figur e 13-3 Connecting a Switc h Stac k to a PC By default, the Ethern et management port is enable d.
13-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Using the Ethernet Mana gemen t Port Supported Features on the Ethern.
13-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring Ethern et Inter f ace s TFTP and the Ethernet Management Port Use the commands in Ta b l e 13-2 when using TFTP to do wnload or upload a con fi guration f ile to the b oot loader .
13-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuring Ethernet Interfaces Default Ethernet Interface Configuration Ta b l e 13-3 sho w s the Ethernet interface default configur ation, including some features that apply only to Layer 2 interfaces.
13-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring Ethern et Inter f ace s Configuring Interface Speed and Duplex Mode Ethernet interfaces on the switch operate at 10, 100 , 1000, or 10,000 Mb/s and in either full- or half-duplex mode.
13-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuring Ethernet Interfaces Caution Changing th e interface speed and dupl ex mode configuration might shu t down and re-enable the interface during the reconf iguration.
13-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring Ethern et Inter f ace s This example sho ws how to set th.
13-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuring Ethernet Interfaces T o disable flo w control, use th e flowcontro l receiv e off interface configuration command.
13-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring Ethern et Inter f ace s T o disable auto-M DIX, use the no mdix auto interface conf iguration command.
13-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuring Ethernet Interfaces For informatio n about the output of the sho w power inlin e user EXEC command, see the c ommand reference for t his release.
13-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring Ethern et Inter f ace s Caution Y ou should carefully plan your switch po wer budget , enable the po wer monito ring feature, and make certain not to o versubscr ibe the po wer supply .
13-35 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuring Ethernet Interfaces T o return to the default setting, use the no power inline consumption interface configuration command.
13-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring Ethern et Inter f ace s T o disable policing of the real-time po wer consumption, use the no power inline police in terface confi guration command.
13-37 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuring Layer 3 Interfaces This exampl e sho ws how to add a description on a p ort and ho w to veri fy the description: Switch# configure terminal Enter configuration commands, one per line.
13-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring La yer 3 Interfaces • If the switch is n otifi ed by VLAN T runking Protocol (VTP) of a new VLAN, it sends a message that there are not enough hardware re sources av ailable and shuts do wn the VLAN.
13-39 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuri ng the System MTU Configuring SVI Autostate Exclude Config .
13-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring the System MTU • Y ou can enter the system mtu bytes gl obal configuration command on a Catalyst 3750-X switch , but the command does not take ef fect on the sw itch.
13-41 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuri ng the System MTU The upper limit of the system routi ng MTU v alue is based on the switch or switch stack conf iguration and refers to either the current ly applied system MTU or the sy stem jumbo MTU value.
13-42 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring the Cisco RPS 2300 in a Mixed Stack If you enter a v alue that is outside the allo wed range for th e specific type of interface, th e v alue is not accepted.
13-43 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Configuring the Cisco RPS 2300 in a Mixed Stack Beginning in user EXE.
13-44 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Configuring the Power Supp lies T o return to the RPS 2300 de fault s.
13-45 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Monitoring and Main ta ining the Interfaces Monitoring and Mainta ini.
13-46 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Monitoring and Main ta ining the Interfaces Clearing and Resetting Interfaces and Counters Ta b l e 13-7 lists the pri vileged EXEC mode clear commands that you can use to clear counters and rese t interfaces.
13-47 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configuring Interfac e Characteristics Monitoring and Main ta ining the Interfaces Note The clear counters p.
13-48 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 13 Configur ing Interface Characteristics Monitoring and Main ta ining the Interfaces.
CH A P T E R 14-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 14 Configuring Auto Smartports Macros This chapter describes ho w to configure and apply Auto Smartports and static Smartp orts macros on the Catalyst 3750-X or 3560-X switch.
14-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Understanding Auto Sma rtp or ts an d Static Smartports Macros Auto Smartports uses e vents to map macros to the source port of the e vent.
14-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Auto Smartports Figur e 14-1 Cisco Medianet Deployment Exampl.
14-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Configuring Auto Smartports Auto Smartports Configuration Guidelines • The bui lt-in macros cannot be deleted or changed.
14-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Auto Smartports • For 802.1x aut hentication or MAB, conf igure the RADIUS serv er to support the Cisco attrib ute-v alue (av ) pair auto-smart-port = event trig ger to detect non-Cisco de vices.
14-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Configuring Auto Smartports Configuring Auto Smartports Default Parameter Values The switch automatically maps from e vent triggers to b uilt-in macros.
14-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Auto Smartports Default Macro:CISCO_PHONE_AUTO_SMARTPORT Curr.
14-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Configuring Auto Smartports This example sho w s ho w to create a MA C-ad.
14-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Auto Smartports Configuring Auto Smartports Built-In Macro Op.
14-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Configuring Auto Smartports This ex ample sho ws ho w to use tw o b uilt-in Auto Sm artports macros for co nnec ting Cisco switches and Cisco IP phones to the sw itch.
14-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Auto Smartports Current configuration : 284 bytes ! interfac.
14-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Configuring Auto Smartports Beginning in pri vileged EXEC mod e: Use the no shell t rigger identif ier global conf iguration command to delete th e ev ent trigger .
14-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Auto Smartports This example sh ows ho w to use the show she.
14-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Configuring Auto Smartports switchport trunk native vlan $NATIVE_VLAN sw.
14-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Auto Smartports Configuring Auto Smartports User-Defined Macros The Cisco IOS shell provi des basic scripting capa bilities for configu ring the user -def ined Auto Smartports macros.
14-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Configuring Auto Smartports conf t interface $INTERFACE no macro descrip.
14-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Static Sma rtports M acro s Configuring Static Smartports Ma.
14-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Configuring Static Sma rtp or ts Macr os • Applying a macro to an interface range is the same as app lying a m acro to a single interface.
14-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configuring Auto Smar tports Macros Configuring Static Sma rtports M acro s Y ou can only delete a global macro-applied configurati on on a switch b y entering the no version of ea ch command in the macro.
14-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 14 Configur ing Auto Smartports Macros Displaying Auto Smartports and Static Smartports Macros Switch(config)# .
CH A P T E R 15-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 15 Configuring VLANs This chapter describe s ho w to configure no rmal-range VLANs (VLAN IDs 1 to 1005) and extended -range VLANs (VLAN IDs 10 06 to 4094) on the Catalyst 3750- X or 35 60-X switch.
15-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Understanding VLANs Figure 15-1 sho ws an example of VLANs seg mented into logically def ined networks. Figur e 15-1 VLANs as Logically Defined Networ ks VLANs are oft en associated with IP subnet works.
15-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Understanding VLANs The switch supports per -VLAN spanning-tree plus (PVST+) or rapid PVST+ w ith a maximum of 128 spanning-tree instances . One spanning-tre e instance is allo wed per VLAN.
15-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring Normal-Ra nge VLANs For more detailed definit ions of access and trunk modes an d their functions, see Ta b l e 15-4 on page 15-16 .
15-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring Normal-Range VLANs Note This section does not pr ovide conf iguration details for most of these paramet ers.
15-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring Normal-Ra nge VLANs • The switch supports 128 spanning-tree instances.
15-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring Normal-Range VLANs • In VTP v ersions 1 and 2, if VTP mode is serv er , the domain name an d VLAN conf iguration for only the fir st 1005 VLANs use t he VLAN database information.
15-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring Normal-Ra nge VLANs Beginning in pri vileged EXEC mod e, follo w these steps to create or mod ify an Ethernet VLAN: T o return the VLAN name to the default sett ings, use the no name , no mtu , or no r emote-span commands.
15-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring Normal-Range VLANs Beginning in priv ileged EXEC mode, foll ow these steps to d.
15-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring Extende d- Range VLANs Switch(config-if)# switchport mode access Switch(confi.
15-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring Extended-Rang e VLANs • For VTP v ersion 1 or 2, you can set t he VTP mod e to transparent i n global conf iguration mode. See the “Conf iguring VTP Mode” section on p age 16-11 .
15-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring Extende d- Range VLANs In VTP ve rsion 1 and 2, e xtended-range VLANs are no t sav ed in the VLAN database; they are sa ved in the switch running conf iguration file.
15-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring Extended-Rang e VLANs Creating an Extended-Range VLAN with an Internal VLAN ID.
15-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Displa yi n g VLANs Displaying VLANs Use the show vlan pri vileged EXEC command to d isplay a list of all VLANs on t he switch, including extended-range VLANs.
15-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VLAN Trunks Figure 15-2 sho ws a network of switches that are connected by ISL trunks.
15-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VLAN Trunk s Encapsulation Types Ta b l e 15-5 lists the Ethernet trunk enca psulatio n types and keywords.
15-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VLAN Trunks IEEE 802.1Q Configur ation Considerations The IEEE 802.1Q trunks impose th ese limitations on the trunking strate gy for a network: • In a network of Cisco switches co nnected through IEEE 802.
15-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VLAN Trunk s • Changing the Pruning-Eligi ble List, page 15-20 • Config uring the Nati ve VLAN for U ntagged T raffic, page 15-21 Note By default, an interf ace is in Layer 2 mode .
15-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VLAN Trunks T o return an interface to it s default con figurat ion, use the default interface interface-id interface confi guration command.
15-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VLAN Trunk s T o reduce the risk of spanning-tree loops or storms, you can disable VLAN 1 on any indiv idual VLAN trunk port b y remov ing VLAN 1 from the allo wed list.
15-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VLAN Trunks Beginning in pri vileged EXEC mode, fol low th ese steps to remov .
15-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VLAN Trunk s T o return to the default nati ve VLAN, VLAN 1, use the no switchport trunk nati ve vlan interface confi guration command.
15-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VLAN Trunks Figur e 15-3 Load Shar ing b y Using S TP P ort Pr ior ities Note .
15-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VLAN Trunk s Load Sharing Usin g STP Path Cost Y ou can confi gure parallel t.
15-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VMPS Beginni ng in pri vileged EXEC mode, fo llo w these steps to co nfigur e .
15-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VMPS These sections contai n this information: • “Understanding VMPS” s.
15-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VMPS If there is a match, the VMPS sends the VLAN number for that port. If the client switch w as not pre viously conf igured, it uses the domain name from the first VTP p acket it recei ves on its trunk port from the VMPS.
15-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VMPS • Secure ports cannot be dynamic-access ports. Y o u mu st disable port security on a port bef ore it becomes dynamic. • Pri vate VLAN ports cannot be dynamic-access ports.
15-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VMPS Caution Dynamic-access port VLAN membership is for en d stations or hubs connected to end stations. Connecting dynamic-access port s to other switches can cause a loss of connectivity .
15-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VMPS Beginni ng in pri vileged EXEC mod e, follo w these steps to change the reconfi rmation interv al: T o return the switch to its default setting, use the no vmps r econfi rm global conf iguration command.
15-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLANs Configuring VMPS This is an example of output for the show vmps pri vileged EXEC command: .
15-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 15 Configuring VLA Ns Configuring VMPS Figur e 15-5 Dynamic P ort VLAN Membership Configuration Primar y VMPS Ser v er 1 Catalyst 6500 series Secondar y VMPS Ser v er 2 Catalyst 6500 series Secondar y VMPS Ser v er 3 172.
CH A P T E R 16-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 16 Configuring VTP This chapter describe s ho w to use the VL AN T run king Protocol (VTP) and the VLAN database for managing VLANs with the Catalyst 3750-X or 3560-X sw itch.
16-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Understanding VTP The switch supports 1005 VLANs, b ut the number of ro uted ports, SVIs, and other conf igured features affects the usage of the switch hardware.
16-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configuring VTP Understanding VTP If you conf igure a sw itch for VTP transparent mode, you can create an d modify VLANs, b ut the changes are not sent to other switches in the domain, and they affect only the indi vidual switch.
16-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Understanding VTP VTP Advertisements Each switch in the VTP domain se nds periodic glob al configuration adv ertisements from ea ch trunk port to a reserved multicast add ress.
16-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configuring VTP Understanding VTP • Consistency Checks—In VTP ve rs ion 2, VLAN consistenc y checks (such as VLAN names and v alues) are performed only when y ou enter new in formation throug h the CLI or SN MP .
16-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Understanding VTP VTP Pruning VTP pruning incr eases network a vailable b andwidth b y restricting flood ed traff ic to those trunk links that the traf fic must use to reach the destination de vices.
16-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configuring VTP Understanding VTP Figure 16-2 sho ws a switched netw ork with VTP pruni ng enabled.
16-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Configuring VTP • When VTP mode is changed in a switch in the stack , the other sw itches in the s tack also change VTP mode, and the switch VLAN da tabase remains consistent.
16-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configuring VTP Configuring VTP VTP Configuration Guidelines Y ou use the vtp global configuration command to.
16-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Configuring VTP Caution When you conf igure a V TP domain password, the manag ement domain does not funct ion properly if you do not assign a management do main password to each switch in the domain.
16-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configuring VTP Configuring VTP Configuration Requirements When you confi gure VTP , you must conf igure a trunk port so th at the switch can send and recei ve VTP advertisements to and from ot her swit ches in the domain.
16-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Configuring VTP • If you conf igure the switch for VTP client mode, t h e switch does not create the VLA N database file (vlan.dat). If the switch is then po wered off, it rese ts the VTP co nfiguratio n to the default.
16-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configuring VTP Configuring VTP T o return a switch in another mode t o VTP server mode, use the no vtp mode gl obal conf iguration command. T o return the switch to a no-password state, use the no vtp password global conf iguration command.
16-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Configuring VTP Configuring a VTP Version 3 Primary Server Beginni ng in pri vileged EXEC .
16-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configuring VTP Configuring VTP Caution In VTP version 3, both the primary and secondary servers can ex ist on an instance in the domain. For more informati on on VTP versi on conf iguration guidelines, see the “VTP V ersion” section on page 16-10 .
16-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Configuring VTP Configuring VTP on a Per-Port Basis W ith VTP version 3, you can enable or disable VTP on a p er-port basis. Y ou can enable VTP only on ports that are in trun k mode.
16-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configuring VTP Monitoring VTP After resetting the conf iguration revision number , add the switch to the VTP domain.
16-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 16 Configur in g VTP Monitoring VTP.
CH A P T E R 17-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 17 Configuring Voice VLAN This chapter describes ho w to configure the v o ice VLAN feature on the Catalyst 3750-X or 3560-X switch.
17-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 17 Configurin g Voice VLAN Understanding Voice VLAN Figure 17-1 sho ws one way to connect a Cisco 7960 IP Phone.
17-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 17 Configuring Voice VLAN Configuring Voic e VLAN Note Untagged traff ic from the de vice attached to the Ci sco IP Phone passes throu gh the phone unchanged, regardless of t he trust state of the access port on the phone.
17-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 17 Configurin g Voice VLAN Configuring Voice VLAN • The Port Fast feature is auto ma tically enabled when vo ice VLAN is conf igured. When you disable voice VLAN, the Port Fast featur e is not automatically disabl ed.
17-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 17 Configuring Voice VLAN Configuring Voic e VLAN Configuring Cisco IP Phone Voice Traffic Y ou can conf igure a port con nected to the Cisco IP Phone to send CDP packet s to the phone t o confi gure the way in which the phone sends v o ice traffic.
17-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 17 Configurin g Voice VLAN Configuring Voice VLAN This exampl e sho ws how to conf igure a port connected t o a Cisco IP Phone to use the CoS v alue to classify incoming traff ic, to use IEEE 802.
17-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 17 Configuring Voice VLAN Displaying Voice VLAN This exampl e sho ws how to configure a por t connected to a Cis.
17-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 17 Configurin g Voice VLAN Displaying Voice VLAN.
CH A P T E R 18-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 18 Configuring Private VLANs This chapter describes ho w to configure pri vate VLANs on the Catalyst 3750- or 35 60-X switch.
18-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLANs Understanding Private VLANs Figur e 18-1 Pr ivate-VLAN Domain There are two types of secondary VLANs: • Isolated VLANs—Ports within an isolated VLAN cannot communi cate with each other at the Layer 2 level.
18-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLAN s Understanding Private VLANs Primary and secondary VLANs have these characteristics: • Primary VLAN—A pri vate VLAN has only one primary VLAN.
18-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLANs Understanding Private VLANs Private VLANs across Multiple Switches As with regular VLANs, pri vate VLANs can span mul tiple switches. A trunk port carries the p rimary VLAN and secondary VLANs t o a neighboring switch.
18-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLAN s Configuring Private VLANs Private VLANs and SVIs In a Layer 3 swit ch, a swit ch virtual interface (SVI ) represents the La yer 3 interf ace of a VLAN.
18-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLANs Configuring Private VLANs Tasks for Configuring Private VLANs T o configure a pri vate VLAN, perform these steps: Step 1 Set VTP mode to transparent.
18-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLAN s Configuring Private VLANs • W ith VTP version 1 or 2, after you ha ve confi gure.
18-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLANs Configuring Private VLANs T o filter out specif ic IP traff ic for a priv ate VLAN, you should apply the VLAN map to b oth the primary and secondary VLANs.
18-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLAN s Configuring Private VLANs – Link Aggre gation Control Prot ocol (LA CP) – Multicast VLAN Re gistration (MVR) – voi c e V L AN – W eb Cache Communication Protocol (WCCP) • Y ou can confi gure IEEE 802.
18-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLANs Configuring Private VLANs When you associate secondary VLANs with a pr imary VLAN, note this syntax information: • The secondary_vlan_list pa rameter can not contain s paces.
18-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLAN s Configuring Private VLANs Switch(config-vlan)# end Switch(config)# show vlan priv.
18-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLANs Configuring Private VLANs Administrative private-vlan trunk encapsulation: dot1q A.
18-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLAN s Configuring Private VLANs Use the show vlan pri vate-vla n or the show interface status privi leged EXEC comman d to display primary and secondary VLAN s and pri v ate-VLAN ports on the sw itch.
18-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 18 Configuring Private VLANs Monitoring Private VLANs --------- -------------- ----------------- vlan10 501 isolated vlan10 502 community Monitoring Private VLANs Ta b l e 18-1 sho ws the pri vileged EXEC commands for m onitoring pri vate-VLAN acti vity .
CH A P T E R 19-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 19 Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling V irtual pri vate netw orks (VPNs) provide enterp.
19-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Understanding IEEE 802.1Q Tunneling tagged packets. A port conf igured to su pport IEEE 802.1Q tunne ling is called a tunnel port .
19-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Understanding IEEE 802.
19-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring IEEE 802.1Q Tunneling Configuring IEEE 802.1Q Tunneling These sections contain this configu ration informat ion: • Default IEEE 802.
19-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configu ring IEEE 802.1Q Tunneling These are some wa ys to solve t his problem: • Use ISL trunks be tween core sw itches in th e service-provider netw ork.
19-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring IEEE 802.
19-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configu ring IEEE 802.1Q Tunneling Configuring an I EEE 802.1Q Tunneling Port Beginning in priv ileged EXEC mode, foll ow these step s to co nfigu re a port as an IEEE 802.
19-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Understanding Layer 2 Protoco l Tu nne ling Understan.
19-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Understan ding Layer 2 Protocol Tunneling Figur e 19-.
19-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunnelin g For e xample, in Figure 19-6 , Customer A has two switches in the same VLAN that are connected through the SP ne twork.
19-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configuring Layer 2 Protoc ol Tunneling See Figure 19-4 , with Customer X and Customer Y in access VLANs 30 and 40, respe cti vely .
19-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunnelin g Layer 2 Pro.
19-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configuring Layer 2 Protoc ol Tunneling Configuring .
19-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunnelin g Use the no .
19-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configuring Layer 2 Protoc ol Tunneling Use the no l.
19-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunnelin g Configuring.
19-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configuring Layer 2 Protoc ol Tunneling Switch(confi.
19-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 19 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Monitoring and Main ta ining Tunneling Status Monitoring and Mainta ining Tunneling Status Ta b l e 19-2 sho ws the pri vileged EXEC commands for monitoring and maintaining IEEE 802.
CH A P T E R 20-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 20 Configuring STP This chapter d escribes ho w to conf igure the Spannin g T ree Protocol (STP) o n port-based VLANs on the Catalyst 37 50-X or 35 60-X swit ch.
20-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Understanding Spannin g- Tr ee Featu res • Spanning-T ree Modes and Protocols, page 20-9 • Supported Spanning- T ree Instances, page 20-10 • Spanning-T ree Interoperability and Backw ard Compatibility , page 20-10 • STP and IEEE 802.
20-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Understanding Spanning -Tree Features Spanning-Tree Topology and BPDUs The stable, activ e sp.
20-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Understanding Spannin g- Tr ee Featu res Only one outgoing port on the stack roo t switch is selected as th e root port.
20-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Understanding Spanning -Tree Features The switch suppo rts the IEEE 802.1t sp anning-tree extensions, an d some of the bits previously used for the switch priority are no w used as the VLAN identif ier .
20-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Understanding Spannin g- Tr ee Featu res • From learning to forw arding or to disabled • From forwarding to dis abled Figure 20-2 illustra tes how an interface moves through the states.
20-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Understanding Spanning -Tree Features • Does not learn addr esses • Receiv es BPDUs Listening State The listening state is the first state a Layer 2 inte rface enters after the blocking state.
20-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Understanding Spannin g- Tr ee Featu res How a Switch or Port Becomes the Root Switch or Ro.
20-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Understanding Spanning -Tree Features Regardless of the spanning-tree state, each switch in the stack recei ves b ut does not forward packets destined for addresses between 0 x0180C2000000 and 0x0 180C200000F .
20-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Understanding Spannin g- Tr ee Featu res forward delay and by quick ly transitioning root p orts and designated ports t o the forwardin g state.
20-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Understanding Spanning -Tree Features When you connect a Cisco switch to a non-Cisco device through an I EEE 802.1Q trunk, the Cisco switch uses PVST+ to provide spann ing-tree interoperability .
20-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Configuring Spanning -T ree Features For more information about switch stacks, see Chapter 5, “Managing Switch Stacks.
20-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Configuring Spa nning -Tree Features Spanning-Tree Configuration Guidelines Each stack member runs its o wn spanning tree, and the entire stack a ppears as a single swit ch to the rest of the network.
20-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Configuring Spanning -T ree Features Spanning-tree com mands control the conf iguratio n of VLAN spa nning-tree instances. Y ou create a spanning-tree instance when you assign an interface to a VLAN.
20-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Configuring Spa nning -Tree Features T o return to the defa ult setting, use th e no spanning-tree mode global conf iguration command.
20-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Configuring Spanning -T ree Features T o conf igure a switch to become the roo t for the s.
20-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Configuring Spa nning -Tree Features Beginning in p rivile ged EXEC mod e, follow these step s to conf igure a switch to become the root for the specified VLAN.
20-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Configuring Spanning -T ree Features Beginning in privil eged EXEC mode, fol low these st eps t o conf igure a switch to become the secondary root for the sp ecified VLAN.
20-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Configuring Spa nning -Tree Features Beginning in pri vileged EXEC mode, follow these steps to conf igure the port priority of an interf ace. This procedure is optional.
20-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Configuring Spanning -T ree Features Configuring Path Cost The spanning-tree path cost default v alue is deri ved from the media sp eed of an interface.
20-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Configuring Spa nning -Tree Features T o return to the default setti ng, use the no spanning-tree [ vlan vlan-id ] cost interface c onf iguration command.
20-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Configuring Spanning -T ree Features Configuring Spanning-Tree Timers Ta b l e 20-4 describes the timers that af fect the entire spanning-tree p erformance.
20-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configuring STP Configuring Spa nning -Tree Features Configuring the Forwardi ng-Delay Time for a VLAN Beginni ng in pri vileged EXEC mode, follo w these steps to conf igure the forwarding-delay time for a VLAN.
20-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 20 Configur in g STP Displaying the Spanning-T re e Status Configuring the Transmit Hold-Count Y ou can confi gure the BPDU b urst size by changi ng the transmit hold coun t v alue.
CH A P T E R 21-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 21 Configuring MSTP This chapter describe s ho w to configure the Cisco i mplementation of t he IEEE 802.1s Multip le STP (MSTP) on the Catalyst 3750-X or 3 560-X switch.
21-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Understanding MSTP Understanding MSTP MSTP , which uses RSTP for rapid con ver gence, en ab.
21-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Understanding MSTP The IST is the only spanni ng-tree instance that sends and recei ves BPDUs. All of the other spanning-tree instance informatio n is cont ained in M-records, wh ich are encapsulate d with in MSTP BPDUs.
21-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Understanding MSTP The IST connects all the MSTP switches in the regi on and appears as a s ubtree in the CIST that encompasses the entire swit ched domain.
21-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Understanding MSTP IEEE 802.1s Terminology Some MST naming con ventions used in Cisco ’ s pres tandard implementation ha ve been changed to identify some internal or r e gional parameters.
21-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Understanding MSTP Boundary Ports In the Cisco prestandard i mplementation, a boundar y por.
21-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Understanding MSTP • The boundary port is not t he root port of the CIST re gional root—The MSTI po rts follo w the state and role of the CIST port.
21-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Understanding MSTP Figure 21-3 illustrates a un idirectional link failu re that typically creates a bridging loop. Switch A is the root switch, and its BPDUs are lost on the link leading to switch B.
21-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Understanding RSTP to a po rt when the switch to which this switch is co nnected has joined the re gion.
21-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Understanding RSTP In a stab le topology with consistent port roles throughout the netw or.
21-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Understanding RSTP When Switch C is connected to Switch B, a si milar set of handshak ing messages are exchanged.
21-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Understanding RSTP After ensuring that all of the ports are synchroniz ed, the switch sends an agreement message to the designated switch co rrespondin g to its root port.
21-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Understanding RSTP The sending switch sets the proposal flag in the RSTP BPDU to propose itself as the designated switch on that LAN. The port role in the proposal message is always set to the designated port.
21-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Configuring MSTP Features • Propagation—When an RSTP switch recei ves a TC message fro.
21-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Configuring MSTP Features For info rmation about the supported nu mber of spanning-tree instan ces, see the “Support ed Spanning-T ree Instanc es” section on page 20-10 .
21-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Configuring MSTP Features • All MST boundary po rts must be forwarding for lo ad-balancing b etween a PVST+ and an MST cloud or between a r apid-PVST+ and an MST cloud.
21-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Configuring MSTP Features T o return to the def ault MST region config uration, use the no spanning-tr ee mst configurati on global confi guration command.
21-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Configuring MSTP Features Instance Vlans Mapped -------- --------------------- 0 1-9,21-40.
21-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Configuring MSTP Features Beginning in priv ileged EXEC mode, foll ow these step s to co nfigu re a switch as the root switch. Thi s procedure is optional .
21-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Configuring MSTP Features Beginning in pri vileged EXEC mode, foll ow th ese steps to conf igure a switch as the secondary root switch. This procedure is optional.
21-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Configuring MSTP Features Beginning in pri vileged EXEC mod e, follo w these steps to conf igure the MSTP port priority of an interface. This pro cedure is optional.
21-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Configuring MSTP Features Beginning in privil eged EXEC mode, follo w these steps to configure the MSTP cost of an interface. This procedure is optional .
21-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Configuring MSTP Features Beginni ng in pri vileged EXEC mo de, follow these step s to conf igure the switch priority . This procedure is optio nal.
21-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Configuring MSTP Features Configuring the Forwarding-Delay Time Beginni ng in pri vileged EXEC mod e, follo w these steps to conf igure the forwarding-delay t ime for all MST instances.
21-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Configuring MSTP Features Configuring the Maximum-Hop Count Beginni ng in pri vile ged EXEC mode, follo w these steps to conf igure the maximum-hop count for all MST instances.
21-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Configuring MSTP Features Designating the Neighbor Type A topology could contain both pr estandard and IEEE 802.1s standard comp liant devices.
21-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring MSTP Displaying the MST Co nfiguration and Status Displaying the MST Configuration and Status T .
21-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 21 Configuring M STP Displaying the MST Configuration and Status.
CH A P T E R 22-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 22 Configuring Optional Spanning-Tree Features This chapter describes h ow to con figure o ptional spanning -tree features on the Catalyst 3750-X or 3560-X switch.
22-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Understanding Op tional Spanning-Tree Features Understanding Po.
22-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Understanding Optional Spa nning -Tree Features At the interf a.
22-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Understanding Op tional Spanning-Tree Features Figur e 22-2 Swi.
22-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Understanding Optional Spa nning -Tree Features Figur e 22-3 Up.
22-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Understanding Op tional Spanning-Tree Features How CSUF Works CSUF ensure s that one link in t he stack is electe d as the path to th e root.
22-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Understanding Optional Spa nning -Tree Features Each switch in .
22-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Understanding Op tional Spanning-Tree Features BackboneF ast, w.
22-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Understanding Optional Spa nning -Tree Features If link L1 fa ils as show n in Figure 22-7 , Switch C cannot detect this failure because it is not connected directly to l ink L1.
22-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Understanding Op tional Spanning-Tree Features Understanding EtherChannel Guard Y ou can use EtherChannel guard to d etect an EtherC hannel misconf iguration between the switch and a connected device.
22-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Configuring Optional Spanning -Tree Features Figur e 22-9 Root.
22-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Configuring Optio na l Spannin g-Tree Features • Enabling Ba.
22-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Configuring Optional Spanning -Tree Features Y ou can enable this feature if your switch is running PVST+, rapid PVST+, or MSTP .
22-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Configuring Optio na l Spannin g-Tree Features The BPDU guard feature pro vides a secure response to in v alid configurat ions because you must manually put the port b ack in service.
22-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Configuring Optional Spanning -Tree Features Y ou can also use.
22-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Configuring Optio na l Spannin g-Tree Features Beginning in p rivile ged EXEC mode, follow these st eps to enable Up linkFast and CSUF .
22-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Configuring Optional Spanning -Tree Features Note If you use BackboneFast, y ou must enable it on all switches in the netw ork.
22-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Configuring Optio na l Spannin g-Tree Features Enabling Root Guard Root guard enabled on an int erface applies to all the VLANs to which t he interface belongs.
22-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configuring Optiona l Spanning-Tree Feature s Displaying th e Spanning-Tree Status T o globally disable loop g uard, use the no spanning-tr ee loopguard default g lobal configuration command.
22-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 22 Configur in g Optional Spanning-Tree Features Displaying the Spanning-T re e Status.
CH A P T E R 23-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 23 Configuring Flex Links and the MAC Address-Table Move Update Feature This chapter describe s ho w to configure Flex Li nks, a pair of interf aces on the Catalyst 3750-X or 3560-X switch that pro vide a mu tual backup.
23-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links a nd the MAC Address-Table Move Upd ate Feature Understanding Flex Links and the MAC Address-Table Move Update typically conf igured in service pro vider or enterprise networ ks where customers do not w ant to run STP on the switch.
23-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links and the MA C Address-Tabl e Move Update Featu re Understanding Flex Links and the MAC .
23-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links a nd the MAC Address-Table Move Upd ate Feature Understanding Flex Links and the MAC A.
23-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links and the MA C Address-Tabl e Move Update Featu re Understanding Flex Links and the MAC Address-Table Move U pdate Similarly , both Flex Link p orts are part of learn ed groups.
23-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links a nd the MAC Address-Table Move Upd ate Feature Understanding Flex Links and the MAC Address-Table Move Update Whene ver a host responds to the general query , the switch forwards this repo rt on all the mrouter ports.
23-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links and the MA C Address-Tabl e Move Update Featu re Configuring Flex Links and MA C Addre.
23-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links a nd the MAC Address-Table Move Upd ate Feature Configuring Flex Lin ks and MAC Ad dr ess-T able Move Update • An interface can belong to only one Fle x Link pair .
23-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links and the MA C Address-Tabl e Move Update Featu re Configuring Flex Links and MA C Addre.
23-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links a nd the MAC Address-Table Move Upd ate Feature Configuring Flex Lin ks and MAC Ad dr.
23-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links and the MA C Address-Tabl e Move Update Featu re Configuring Flex Links and MA C Addr.
23-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links a nd the MAC Address-Table Move Upd ate Feature Configuring Flex Lin ks and MAC Ad dr.
23-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links and the MA C Address-Tabl e Move Update Featu re Configuring Flex Links and MA C Address-Table M ove U pdate This exampl e show s how to verify the conf iguration: Switch# show mac-address-table move update Switch-ID : 010b.
23-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 23 Configuring Flex Links a nd the MAC Address-Table Move Upd ate Feature Monitoring Flex Links and the MAC Add.
CH A P T E R 24-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 24 Configuring DHCP Featur es and IP Source Guard This chapter describe s ho w to configure DHCP snoo ping and option-82 data insertion, and the DHCP server port-based address alloca tion featur es on the Cat alyst 3750-X or 35 60-X switch.
24-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Understanding DHCP Features • Cisco IOS DHCP Server Database.
24-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Understanding DHCP Features When a switch receiv es a packet .
24-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Understanding DHCP Features Figur e 24-1 DHCP Rela y A gent in.
24-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Understanding DHCP Features In the port f ield of the circuit ID suboption, the port numbers start at 3.
24-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Understanding DHCP Features Figur e 24-3 User -Configur ed Sub.
24-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Understanding DHCP Features When reloading, the switch r eads the binding f ile to build the DH CP snooping binding d atabase.
24-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Features When a stack merge occurs, all DHCP sn ooping bindings in th e stack master are lost if it i s no longer the stack master .
24-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Configuring DHCP Features DHCP Snooping Configuration Guidelines • Y ou must globally enable DHCP sn ooping on the switch.
24-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Features • Follo w these guidelines when c.
24-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Configuring DHCP Features Configuring the DHCP Relay Agent B.
24-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Features T o remove the DHCP packet forw arding address, use the no ip helper -address addr ess interface confi guration command.
24-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Configuring DHCP Features T o disable DHCP snooping, use the no ip dhcp snooping global conf iguration command.
24-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Features This exampl e sho ws how to enable .
24-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Configuring DHCP Features Enabling the DHCP Snooping Binding.
24-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Displaying DHCP Sno oping Inform ation Displaying DHCP Snoopi.
24-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Understanding IP Sou rce Guard Source IP Address Filtering When IPSG is enabled wit h this option, IP traff ic is filtered b ased on the source IP address.
24-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring IP Source Gua rd Note Some IP hosts with multiple netw ork interfaces can inject some in valid packet s into a network interface.
24-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Con f ig uring IP Source Guard • If you enable IP source guard with source IP and MA C address filtering, DHCP snooping and port security must be enabled on the in terface.
24-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring IP Source Gua rd T o disable IP source guard with source IP address f iltering, use the no ip verify sour ce interface confi guration command.
24-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Con f ig uring IP Source Guard Beginni ng in pri vileged EXEC mod e: This example sho ws how to stop IPSG with static hosts on an interf ace.
24-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring IP Source Gua rd This exampl e show s how to enable IPSG with static hosts on a port.
24-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Con f ig uring IP Source Guard IP Address MAC Address Vlan Interface STATE --------------------------------------------------------------------- 200.
24-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring IP Source Gua rd Configuring IP Source Guar d for.
24-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Displaying IP Source Guard Information This exa mple sho ws .
24-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Understanding DHCP Se rver Port-Based Ad dress Allocation Und.
24-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Configuring DHCP Server Port -Based Address Allocation Enabl.
24-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Server Port- Ba se d Add re ss Allocation T o disable DHCP port-based address allocation, use the no ip dhcp use subscriber- id client-id global confi guration command.
24-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Fea tures and IP Source Gua rd Displaying DHCP Server Port-Based Add ress Allocation For more inf ormation about conf iguring the DHCP server por t-based address allocation feature, go to Cisco.
24-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 24 Configuring DHCP Feature s and IP Source Guard Displaying DHCP Se rve r Port-Based Address Allocation.
CH A P T E R 25-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 25 Configuring Dynamic ARP Inspection This chapter describes ho w to conf igure dynamic Addr ess Reso lution Protocol inspectio n (dynamic ARP inspection) on the Catalyst 3750-X or 3560-X switch.
25-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Co nfig uring Dynamic ARP Inspection Understanding Dynamic ARP Inspection Figur e 25-1 ARP Cache P oisoning Hosts A, B, and C are connected to the switch on in terfaces A, B and C, all of which are on the sa me subnet.
25-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Configuring Dynamic ARP Insp ection Understanding Dynamic ARP In spection Y ou can configure dynamic ARP insp.
25-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Co nfig uring Dynamic ARP Inspection Understanding Dynamic ARP Inspection Dynamic ARP inspection ensures that hosts (on untru sted interfaces) conn ected to a switch running dynamic ARP in spection do not poison the ARP cach es of other hosts in t he network.
25-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection Logging of Dropped Packets When the switch drops a pac ket, it pl aces an entry in the log b uffer and then generates system me ssages on a rate-con trolled basis.
25-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Co nfig uring Dynamic ARP Inspection Configuring Dynamic ARP Inspection Dynamic ARP Inspection Configuration Guidelines • Dynamic ARP inspection is an ingress securit y feature; it does not perform an y egress checking.
25-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection • The operating rate for th e port channel is cumu lativ e across all the p hysical ports within the channel.
25-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Co nfig uring Dynamic ARP Inspection Configuring Dynamic ARP Inspection T o disable dynamic ARP insp ection, use the no ip arp inspecti on vlan vlan-rang e global config uration command.
25-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection If you conf igure port 1 on Switch A as trusted, a security hole is created because both Sw itch A and Host 1 could be attacked b y either Switch B or Host 2.
25-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Co nfig uring Dynamic ARP Inspection Configuring Dynamic ARP Inspection T o remove the A RP A CL, use the no arp access-list global conf iguration command.
25-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection For conf iguration guidelines for rate limitin g trunk ports and EtherChannel ports, see the “Dyna mic ARP Inspection Conf iguration Guidelines” section on p age 25-6 .
25-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Co nfig uring Dynamic ARP Inspection Configuring Dynamic ARP Inspection Performing Validation Checks Dynamic ARP inspection intercepts, logs, and discar ds A RP packets with in vali d IP-to-MA C address bindings.
25-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection Configuring the Log Buffer When the switch drops a pac ket, it pl aces an entry in the log b uffer and then generates system me ssages on a rate-con trolled basis.
25-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Co nfig uring Dynamic ARP Inspection Displayi n g Dynamic AR P Inspection Information T o return to the def ault log b uf fer settings, use th e no ip arp inspection log-b uffer { entries | logs } global conf iguration command.
25-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Configuring Dynamic ARP Insp ection Displaying Dynamic ARP In spection Information For th e show ip arp insp.
25-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 25 Co nfig uring Dynamic ARP Inspection Displayi n g Dynamic AR P Inspection Information.
CH A P T E R 26-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 26 Configuring IGMP Snooping and MVR This chapter describes ho w to conf igure Internet Group Management Pr.
26-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Understanding IGMP Snooping Understanding IGMP Snooping Layer 2 switches .
26-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Understanding IGMP Snooping IGMP Versions The switch supports IGMP V ersion 1, IGMP V ersion 2, and IGMP V ersion 3. These versions are interoperable on the switch.
26-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Understanding IGMP Snooping The switch hardware can d istinguish IGMP information pack ets from other packets for th e multicast group.
26-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Understanding IGMP Snooping Immediate Leave Immediate Leav e is only supported on IGMP V ersion 2 hosts.
26-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping IGMP Snooping and Switch Stacks IGMP snooping functions acro ss the switch stack; that is, I GMP control information from one swi tch is distribu ted to all switches in the stack.
26-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Enabling or Disabling IGMP Snooping By default, IGMP sno oping is globally enabled on the switch. When globally en abled or disabled, it is also enabled or disabled in all ex isting VLAN interf aces.
26-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping Y ou can configure the switch either to snoop on IG MP queries and PIM/D V MRP packets or to liste n to CGMP self-join or proxy-jo in packets.
26-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Beginning in pri vileged EXEC mode, follow these .
26-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping This example sh ows ho w to statically configure a host on a port: Switch# configure terminal Switch(config)# ip igmp snooping vlan 105 static 224.
26-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Beginni ng in pri vileged EXEC mode, follo w the.
26-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping T o return to the defau lt flooding query co unt, use th e no ip igmp snooping tcn flood query count global confi guration command.
26-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuring IGMP Snooping T o re-enable multicast flooding on an interf ace, use the ip igmp snoopi ng tcn flood interface confi guration command.
26-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping This exampl e sho ws how to set the IGMP snooping querier source address to 10 .0.0.64: Switch# configure terminal Switch(config)# ip igmp snooping querier 10.
26-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Displaying IGMP Snooping Information Beginning in pri vileged EXEC mode, f.
26-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Understanding Multicast VLAN Registration For more inf ormation about the ke ywords and o ptions in these commands, see the command reference for this release.
26-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Understanding Multicast VLAN Registration Y ou can set the switch for comp.
26-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Understanding Multicast VLAN Registration Figur e 26-3 Multicas t VLAN R.
26-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuri ng MVR Layer 3 de vice.
26-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Configuring MVR • MVR can coe xist with IGMP snooping on a sw itch. • MVR data receiv e d on an MVR receiv er port is no t forwarded to MVR source ports .
26-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuri ng MVR This exampl e sho ws how to enable MVR, conf igure the gr.
26-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Displaying MVR Information T o return the interface to its de fault settings, use the no mvr [ type | immed iate | vlan vlan-id | group ] interface configuration commands.
26-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuring IGMP Filtering and Throttling Configuring IGMP Filtering and T.
26-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Configuring IGMP F iltering a nd Throttling When the maximum number of groups is in forw arding table, the def ault IGMP throttling action is to deny the IGMP report.
26-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuring IGMP Filtering and Throttling This example sho ws how to cr eate IGMP profile 4 allowin g access to the single IP m ulticast address and ho w to verify the conf iguration.
26-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Configuring IGMP F iltering a nd Throttling Setting the Maximum Number o.
26-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Configuring IGMP Snooping and MVR Configuring IGMP Filtering and Throttling • If you conf igure the thrott.
26-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 26 Config ur ing IGMP Snooping and MVR Displaying IGMP Filtering and Throttling Co nfiguration Displaying IGMP .
CH A P T E R 27-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 27 Configuring IPv6 MLD Snooping Y ou can use Mul ticast Listener Discov ery (MLD) snooping to en able ef f.
27-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 M LD Snooping Understanding MLD Snooping MLD is a p rotocol used b y IPv6 multicast routers .
27-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 MLD Snooping Understanding MLD Sno oping MLD Messages MLDv1 supports three types of messages: • Listener Que ries are the e qui v alent of IGMPv2 qu eries and ar e either Gene ral Queries or Multicast-Address-Specific Queries (MASQs).
27-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 M LD Snooping Understanding MLD Snooping Multicast Router Discovery Like IGMP snoop ing, MLD snooping per forms multic ast route r disco very , with these ch aracteristic s: • Ports conf igured by a user ne ver ag e out.
27-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 MLD Snooping Configuring IPv6 MLD Snooping The number of MASQ s generated is con f igured by using the ipv6 mld snooping last-listener -query count global conf iguration command.
27-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 M LD Snooping Configuring IPv6 MLD Snooping Default MLD Snooping Configuration MLD Snooping .
27-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 MLD Snooping Configuring IPv6 MLD Snooping Enabling or Disabling MLD Snooping By default, IPv 6 MLD snooping is glo bally disabled on the sw itch and enabled on all VLANs.
27-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 M LD Snooping Configuring IPv6 MLD Snooping Configuring a Static Multicast Group Hosts or La.
27-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 MLD Snooping Configuring IPv6 MLD Snooping Beginning in pri vileged EXEC mode, follow these .
27-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 M LD Snooping Configuring IPv6 MLD Snooping Configuring MLD Snooping Queries When Immediate.
27-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 MLD Snooping Configuring IPv6 MLD Snooping This example sho ws how to set the MLD sn ooping.
27-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 27 Configuring IPv6 M LD Snooping Displayi ng MLD Sn ooping Information T o re-enable MLD message suppression, us e the ipv6 mld snooping liste ner -message-suppression global conf iguration command.
CH A P T E R 28-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 28 Configuring Port-Based Traffic Control This chapter describe s ho w to configure the port -ba sed traf fic control features on the Catalyst 3750-X or 3560-X switch.
28-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Storm Control Storm control uses one of these metho ds to.
28-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Conf iguring Storm Control Note Because packets do not arri ve at uniform interv als, the 1-second time interv al during which traf fic activity is measured can af fect the behavior o f storm control.
28-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Storm Control Step 3 storm-control { broadcast | multicast | unicast } level { level [ l evel-low ] | bps bps [ bps-low ] | pps pps [ pps-l ow ]} Conf igure broadcast, multicast, or unicast storm control .
28-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Conf iguring Storm Control T o disable storm control, use the no storm-con trol { br oadcast | multicast | unicast } le vel interface confi guration command.
28-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Protecte d Ports This example shows ho w to enable t he s.
28-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Blocking Protected Port Configuration Guidelines Y o.
28-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security Default Port Blocking Configuration The default is t o not block flooding of unkno wn multicast and unicast traf fic out of a port, b ut to flood these packets to all ports.
28-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security If a port is configured as a secu re port a.
28-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security If stick y learning is disabled, th e stick y secu re MA C addre sses are con verted to dynamic secure addresses and are removed fro m the ru nning conf iguration.
28-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security Default Port Security Configuration Port Security Configuration Guidelines • Port security can only be configur ed on static a ccess ports or trunk ports.
28-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security VLAN, but is not learned on the access VLAN. If you connect a single PC t o the Cisco IP phone, no additional MA C addresses are required.
28-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security Enabling and Configuring Port Security Beg.
28-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security Step 7 switchport port-security violation .
28-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security Step 8 switchport port-secur ity [ mac-address mac- addr ess [ vla n { vlan-id | { access | voice }}] (Optional) Enter a secure MAC address for the interf ace.
28-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security T o return the interf ace to the def ault condition as no t a secu re port, use the no switchport port-security interface conf iguration command.
28-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security Switch(config-if)# switchport port-security mac-address 0000.0000.0003 Switch(config-if)# switchport port -security mac-address sticky 0000.
28-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Configuring Port Security T o disable port security aging for all secure addr esses on a port, use the no switchport port-security aging time interface conf iguration command.
28-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Displaying Po rt-Based Tr affic Contro l Settings This exampl e sho .
28-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 28 Configuri ng Port-Based Traffic Control Displaying Port-Based Traffic Control Settings.
CH A P T E R 29-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 29 Configuring CDP This chapter describes ho w to configure Cisco Disco very Protocol (CDP) on the Catalyst 375 0-X or 3560-X switch.
29-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 29 Configur ing CDP Configuring CDP CDP and Switch Stacks A switch stack appears as a single switch in the ne twork. Therefore, CDP discove rs the switch stac k, not the individual stack members.
29-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 29 Configuring CDP Configuring CDP Use the no form of the CDP commands to return to the def ault settings. This example sh ows ho w to configure CDP ch aracteristics.
29-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 29 Configur ing CDP Configuring CDP Disabling and Enabling CDP on an Interface CDP is enabled by d efault on all supported i nterfaces to send and to recei ve CDP information.
29-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 29 Configuring CDP Monitori ng and Maintaining CDP Monitoring and Maintaining CDP Ta b l e 29-2 Commands f or Displa ying CDP Inf o r mation Command Description clear cdp counters Reset the traff ic counters to zero.
29-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 29 Configur ing CDP Monitoring and Maintaining CDP.
CH A P T E R 30-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 30 Configuring LLDP, LLDP-MED, and Wired Location Service This chapter describe s ho w to configure the Lin.
30-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Understanding LLDP, LLDP-MED, and Wired Location Service LLDP supports a set of attrib utes that it uses to discov er neighbor de vices.
30-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Configuring LLDP, LLDP- M ED , and Wired Location Servic e Understanding LLDP, LLDP-MED, and Wired Location S.
30-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Understanding LLDP, LLDP-MED, and Wired Location Ser.
30-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Configuring LLDP, LLDP- M ED , and Wired Location Servic e Configuri ng LLDP, LLDP-MED, and Wired Location Se.
30-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Configuring LLDP, LLD P -ME D, and Wired Location Se.
30-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Configuring LLDP, LLDP- M ED , and Wired Location Servic e Configuri ng LLDP, LLDP-MED, and Wired Location Service Use the no form of each of the LLDP commands to return to the defaul t setting.
30-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Configuring LLDP, LLD P -ME D, and Wired Location Se.
30-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Configuring LLDP, LLDP- M ED , and Wired Location Servic e Configuri ng LLDP, LLDP-MED, and Wired Location Service Use the no form of each command to return to the def ault setting.
30-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Configuring LLDP, LLD P -ME D, and Wired Location Service Use the no form of each command to return to the default set ting.
30-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Configuring LLDP, LLDP- M ED , and Wired Location Servic e Monitoring and Main taining LLDP, LLDP-MED, and W.
30-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 30 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Monitoring and Main taining LLDP, LLDP-MED , and Wi.
CH A P T E R 31-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 31 Configuring UDLD This chapter describe s ho w to configure the UniDirec tional Link Detectio n (UDLD) protoc ol on the Catalyst 37 50-X or 3560-X switch.
31-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 31 Configuring UDLD Understanding UDLD A unidirectional link occurs whene ver traf fi c sent by a local device is rece iv ed by its neighbor b ut traff ic from the neighbor is not receiv ed by the local de vice.
31-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 31 Configuring UDLD Understanding UDLD • Event-dri ven detectio n and echoing UDLD relies on echoing as i ts detection mechan ism.
31-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 31 Configuring UDLD Configuring UDLD Configuring UDLD • Default UD LD Config uration, page 31-4 • Config ura.
31-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 31 Configuring UDLD Configuri ng UDLD Enabling UDLD Globally Beginning in pri vileged EXEC mode, follow these st.
31-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 31 Configuring UDLD Configuring UDLD Enabling UDLD on an Interface Beginning in pri vileged EXEC mode, foll ow t.
31-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 31 Configuring UDLD Displaying UDLD Status Displaying UDLD Status T o display the UDLD status for th e specif ied port or for all ports, use the show udld [ interface-id ] pri vileged EXEC command.
31-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 31 Configuring UDLD Displayi ng UDLD Sta tus.
CH A P T E R 32-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 32 Configuring SPAN and RSPAN This chapte r describes ho w to configu re Switched Port Analyzer (SP AN) and Remote SP AN (RSP AN) on the Catalyst 3750-X or 3 560-X switch.
32-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN These sections contain this conceptual information: .
32-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN Figure 32-2 is an ex ample of a local SP AN in a switch stack, where the source and destination ports reside on different stack members.
32-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN Figur e 32-3 Example of RSP AN Config uration SPAN an.
32-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN RSP AN consists of at least one RSP AN source se ssion, an RSP AN VLAN, and at least one RSP AN destination session.
32-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN Monitored Traffic SP AN sessions can monitor these tr.
32-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN Source Ports A source port (also called a monitor ed port ) is a switched or routed port that you monitor for network traf fic analysis.
32-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN • When a VLAN filt er list is specif ied, only those VLANs in the list are monito red on trunk ports or on voice VLAN access ports.
32-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN Local SP AN and RSP AN destination ports beha ve dif .
32-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Understanding SPAN and RSPAN • VLAN and trunking—Y ou can modify VLAN membership or trunk settings for so urce or destination ports at an y time.
32-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Underst anding Flow- Based SPAN Understanding Flow-Based SPAN Y ou can control th.
32-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Configuring SPAN and RSPAN • Default SP AN and RSP A.
32-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN • For local SP AN, outgoing packets throu gh the SP AN destination port carry the o riginal encapsulation he aders—untagged, ISL, or IEEE 802.
32-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o dele te a SP AN se ssion, use the no monitor session session_number global conf iguration command.
32-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN This exampl e sho ws how to remov e any e xisting conf.
32-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o dele te a SP AN se ssion, use the no monitor session session_number global conf iguration command.
32-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o monitor all VLANs on the trunk port, use the no monitor session session_n umber fi lt er globa l confi guration command.
32-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN • For RSP AN configuration, you can distrib ute the source ports and the destination p orts across multiple switches in you r network.
32-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN This exampl e sho ws how to create RSP AN VLAN 901.
32-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o delete a SP AN session, use the no monitor session session_number glob al configurati on command.
32-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o monitor all VLANs on th e trunk port, use the no monitor session session_number f ilter vlan global confi guration command.
32-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o dele te a SP AN se ssion, use the no monitor session session_number global conf iguration command.
32-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o delete an RSP AN session, use the no monitor session session_number g lobal conf iguration command.
32-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring FSPAN and FRSPAN Configuring FSPAN and FRSPAN • FSP AN and FRSP AN .
32-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring FSPAN and FRSPAN Configuring an FSPAN Session Beginning in pri vilege.
32-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring FSPAN and FRSPAN Configuring an FRSPAN Session Beginning in pri vileg.
32-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Configuring FSPAN and FRSPAN Step 3 monitor session session_number source { interface interface-id | vlan vlan-id } [, | -] [ both | rx | tx ] Specify the RSP A N sessi on and the so urce port (monitored port).
32-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 32 Configuring SPAN and RSPAN Displaying SPAN, RSPAN. FSPAN, and FRSPAN Status Displaying SPAN, RSPAN. FSPAN, and FRSPAN Status T o display the current SP AN, RSP AN, FSP AN, or FRSP AN configuration, use th e show monitor user EXEC command.
CH A P T E R 33-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 33 Configuring RMON This chapter describes ho w to configu re Remo te Netw ork Monitoring ( RMON) on the Catalyst 37 50-X or 3560-X switch.
33-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 33 Configuring RMON Configuring RMON Figur e 33-1 Remot e Monitor ing Example The switch supports these RMON gro.
33-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 33 Configuring RMON Configuri ng RMON • Collecting Group Ethernet Sta tistics on an Interface, page 33-5 (optional) Default RMON Configuration RMON is disabled by def a ult; no alar ms or e vents are conf igured.
33-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 33 Configuring RMON Configuring RMON T o disable an alarm, use the no rmon alarm number global configuration command on each alarm you confi gured. Y ou cannot disable at on ce all the alarms that you conf igured.
33-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 33 Configuring RMON Configuri ng RMON Collecting Group History Statistics on an Interface Y ou must f irst conf igure RMON alarms and ev ents to display collection information .
33-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 33 Configuring RMON Displaying RMON Status T o disable the collection of grou p Ethernet statistics, use the no rmo n collection stats inde x inte rface confi guration command.
CH A P T E R 34-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 34 Configuring System Message Logging This chapter describe s ho w to configur e system message logging on the Cata lyst 3750-X or 35 60-X switch.
34-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Config ur ing System Message Logging Configuring System Message Logging Y ou can set the se verity le vel of the messages to cont rol the type of messages disp layed on the cons oles and each of the destinations.
34-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Configuring System Messag e Logging Configuring System Message Logging This example sho w s a partial switch .
34-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Config ur ing System Message Logging Configuring System Message Logging This example sh ows a p artial switch.
34-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Configuring System Messag e Logging Configuring System Message Logging Disabling the lo gging process can sl ow do wn the switch because a pr ocess must wait until t he messages are written to the c onsole before co ntinuing.
34-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Config ur ing System Message Logging Configuring System Message Logging The logging buffer ed global configurati on command copies loggin g messages to an internal b uffer .
34-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Configuring System Messag e Logging Configuring System Message Logging Beginning in pri vileged EXEC mod e, follo w these steps to conf igure synchronous logging.
34-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Config ur ing System Message Logging Configuring System Message Logging Enabling and Disabling Time Stamps on Log Messages By default, log messag es are not time-stamped.
34-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Configuring System Messag e Logging Configuring System Message Logging T o disable sequence numbe rs, use the no service sequence-numbers global conf iguration command.
34-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Config ur ing System Message Logging Configuring System Message Logging Ta b l e 34-3 describes the level ke ywords. It also lists the corresponding UNIX syslo g definitions fro m the most se vere le vel to the least se vere lev el.
34-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Configuring System Messag e Logging Configuring System Message Logging Beginning in pri vileged EXEC mod e, follo w these steps to change the le vel and history table size defaults.
34-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Config ur ing System Message Logging Configuring System Message Logging Beginning in pri vileged EXEC mod e,.
34-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Configuring System Messag e Logging Configuring System Message Logging Log in as root, and perform these steps: Note Some recent versio ns of UNIX syslog daemons no lo nger accept by default syslog packets from the network.
34-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 34 Config ur ing System Message Logging Displaying the Logging Configuration T o remove a syslog serv er , use the no logging host global conf iguration comman d, and specify the syslog server IP address.
CH A P T E R 35-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 35 Configuring SNMP This chapter describe s ho w to configure the Simp le Network Management Protocol (SNMP) on the Catalyst 37 50-X or 3560-X switch.
35-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Understanding SNMP These sections contain this conceptual information: • SNMP V ersions,.
35-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Understanding SNMP Ta b l e 35-1 identif ies the characteristics of the different combin ations of security models and le vels. Y ou must confi gure the SNMP agent to use the SNMP v e rsion supp orted by the manag ement station.
35-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Understanding SNMP SNMP Agent Functions The SNMP agent responds to SNMP manager requests as follo ws: • Get a MIB v ariable—T he SNMP agen t begins this func tion in response to a request fr om the NMS .
35-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Understanding SNMP Figur e 35-1 SNMP Networ k For information on supported MIBs and ho w to access them, see Appendix A, “Supported MIBs.
35-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Configuring SNMP Note The switch might not use sequen tial v alues with in a range.
35-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Configuring SNMP SNMP Configuration Guidelines If the switch starts an d the switch st artup conf iguration ha s at least one snmp-server global configuration command, the SNMP agent is enabled.
35-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Configuring SNMP Configuring Community Strings Y ou use the SNMP community string to def ine th e relationship between the SNMP manager and the agent.
35-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Configuring SNMP Note T o disable access for an SNMP community , set the community strin g for that community to the null string (do not enter a v alue for the community string).
35-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Configuring SNMP Beginning in pri vileged EXEC mod e, follo w th ese steps to configure SNMP on the switch: Command Purpose Step 1 conf igure terminal Enter global conf iguration mod e.
35-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Configuring SNMP Step 4 snmp-server user username gr oupname { remote host [ udp-port port .
35-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Configuring SNMP Configuring SNMP Notifications A trap manager is a management station that receives and processes traps. T rap s are system alerts that the switch generates when certain e vents occur .
35-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Configuring SNMP Note Though visible in the command- line help strings, the fru-ctrl , inserti on , and rem ova l ke ywords are not supported on the356 0-X switch.
35-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Configuring SNMP Beginning in pri v ile ged EXEC mode, follo w these steps to confi gure the switch to send traps or informs to a host: Command Purpose Step 1 configure terminal Enter global configurati on mode.
35-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Configuring SNMP The snmp-server host command specif ies which hosts receiv e the notificat ions. The snmp-server enable trap command globally enables the mechanism for the specif ied notification (for traps and informs).
35-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Configuring SNMP Setting the CPU Threshold Notification Types and Values Beginni ng in pr.
35-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Configuring SNMP Limiting TFTP Servers Used Through SNMP Beginning in pri vileged EXEC mode.
35-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Configuring SNMP SNMP Examples This examp le shows h ow to enable all v ersions of SNMP . The con fi guration permits an y SNMP manager to access all objects with read-only permissions using the community string public .
35-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configuring SNMP Displaying SNMP Status Displaying SNMP Status T o display SNMP input an d output statisti cs, including the number of illegal comm unity string entries, errors, and requested v ariables, use the show snmp pri v ileged EXEC command.
35-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 35 Configur in g SNMP Displaying SNMP Status.
CH A P T E R 36-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 36 Configuring Embedded Event Manager Embedded Event Manager (EEM) is a dist ributed an d customized approach to e vent detecti on and recov ery within a Cisco IOS de vice.
36-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 36 Configuring Embedded Event Manager Understanding Embedd ed Even t Manager because some problems compromise communicati on bet ween the switch and the e x ternal netw ork management de vice.
36-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 36 Configuring Embedded Event Manage r Understanding Embedd ed Event Manager Event Detectors EEM software progr ams kno wn as e vent detecto r s determine when an EEM event occurs.
36-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 36 Configuring Embedded Event Manager Understanding Embedd ed Even t Manager • Syslog e vent detector—Allo ws for screening syslog messages for a reg ular expressio n pattern match.
36-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 36 Configuring Embedded Event Manage r Understanding Embedd ed Event Manager Y ou use EEM to writ e and implement your o w n polici es using the EEM po licy to ol command language (TCL) script.
36-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 36 Configuring Embedded Event Manager Configuring Embedde d Ev ent Mana ger • Mac-Address-T able—Mac-A ddress-T able ev ent detect or generates an e vent when a MA C address is learned in the MA C address table.
36-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 36 Configuring Embedded Event Manage r Configuring Embedd ed Event Manager This example sho ws the output for EEM when one of th e fields specif i ed b y an SNMP object ID crosses a defined t hreshold: Switch(config-applet)# event snmp oid 1.
36-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 36 Configuring Embedded Event Manager Displaying Embedded Event Mana ger Information 4 _config_cmd1 interface Et.
CH A P T E R 37-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 37 Configuring Network Security with ACLs This chapter describe s ho w to configure network security on th e Catalyst 3750-X or 35 60-X switch by using access control li sts (A CLs), which in comma nds and tables are also referred to as access lists.
37-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Understanding ACLs Understanding ACLs Pack et filter ing can h elp limit network traf fic and r estrict network use b y certain users or de vices.
37-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Understanding ACLs • VLAN A CLs or VLAN maps access-control all pack ets (bridg ed and routed). Y ou c an use VLAN maps to fi lter traf fic between d evices in t he same VLA N.
37-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Understanding ACLs Figur e 37 -1 Using ACLs to Contr ol T raf fic to a Netw or k When you apply a port A CL to a trunk port , the A CL f ilters traf fic on all VLANs present on the t runk port.
37-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Understanding ACLs As with port ACLs, the switch exam ines A CLs associated wi th features configured on a gi ven interface.
37-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Understanding ACLs Some A CEs do not check Layer 4 i nformation and therefore can be ap plied to all p acket fragments.
37-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs • If packets must be forw arded b y software for an y reason (for ex ample, not enough hardware resources), the master switch forwards the pa ckets only after applying A CLs on the packets.
37-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Creating Standard and Extended IPv4 ACLs This section describes IP A CLs. An A CL is a sequen tial collection of permit and den y conditions.
37-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Note In addition to num bered standard and e xtended A CLs , you can also create standard a nd extended named IP A CLs by using the supported numbers.
37-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Creating a Numbered Standard ACL Beginning in .
37-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs The switch always rewrites the order of st andard access lists so that e ntries with host matches and e ntries with matches h aving a don’ t car e mask of 0.
37-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Beginning in pri vileged EXEC mode, foll ow th ese steps to create an extend ed A CL: Command Purpose Step 1 conf igure terminal Enter gl obal conf iguration mode.
37-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs or access-list access-list-number { deny | per.
37-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Use the no access-list access-list-number global configuration command to delete the entire a ccess list.
37-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs After creating a nu mbered extended A CL, you .
37-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Beginning in pri vileged EXEC mode, foll ow th.
37-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs When you are creating standard exte nded AC Ls.
37-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Beginni ng in pri vileged EXEC mode, fo llow t.
37-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs This example u ses named A CLs to permit and deny the same traf fic.
37-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Beginni ng in pri vileged EXEC mode, follo w t.
37-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Beginni ng in pri vileged EXEC mode, follo w t.
37-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Hardware and Software Treatment of IP ACLs A CL processing is primarily accompl ished in hardwa re, b ut requires forwarding o f some traf fic flo ws to the CPU for software processing.
37-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Use one of these workarounds: • Modify the A CL configu ration to use fe wer resources. • Rename the A CL with a name or number that alphanumerically precedes the A CL names or numbers.
37-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs ACLs in a Small Networked Office Figure 37-3 s.
37-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Extended IP access list 106 10 permit ip any 172.
37-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring IPv4 ACLs Named ACLs This example creates a standard A CL named inte rnet_filter and an extended ACL named marketing_gr oup .
37-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring IPv4 ACLs In this example of a numbered A CL, the W inte.
37-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Creating Named M AC Ex te nded ACLs This is a an e xample of a log for an extended A CL: 01:24:23:%SEC-6-IPACCESSLOGDP:list ext1 permitted icmp 10.
37-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Creating Named MAC Extended ACLs Beginning in pri vileged EXEC mod e.
37-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Creating Named M AC Ex te nded ACLs Applying a MAC ACL to a Layer 2 Interface After you create a MA C A CL, you can apply it to a La yer 2 interface to f ilter non-IP traf fic coming in that interface.
37-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring VLAN Maps Configuring VLAN Maps Note VLAN maps are not supported on switches runn ing the LAN base feature set.
37-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring VLAN Maps • If the VLAN map has at least one match clause for the type of pack et (IP or MA C) and the packet does not ma tch any of these match c lauses, the default is t o drop the packet.
37-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring VLAN Maps Use the no vlan access-map name global configu ration command to delete a map.
37-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring VLAN Maps Example 2 In this e xample, the VLAN map has a def a ult action of drop for IP pack ets and a d efault action of forward for MA C packets.
37-35 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Configuring VLAN Maps Example 4 In this example, the VLAN map has a default action of drop for all packets (IP and non-IP).
37-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Configuring VLAN Maps Figur e 37 -4 Wiring Closet Configur ation If .
37-37 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Using VLAN Maps with Router ACLs Figur e 37 -5 Deny A ccess to a Ser.
37-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Using VLAN Maps with Ro ute r ACLs If a packet flo w matches a VLAN-map deny clause in the A CL, regard less of the router A CL configuration, the packet flo w is denied.
37-39 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Using VLAN Maps with Router ACLs Examples of Router ACLs and VLAN Ma.
37-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Using VLAN Maps with Ro ute r ACLs Figur e 37 -7 Applying ACLs on Bridg ed Pac k ets ACLs and Routed Packets Figure 37-8 sho ws ho w A CLs are applied on routed pack ets.
37-41 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configuri ng Network Security with ACLs Displaying IPv4 ACL C onfiguration ACLs and Multicast Packets Figure 37-9 sho w s ho w A CLs are applied on pack ets that ar e replicated f or IP multicasting.
37-42 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 37 Configurin g Network Security with ACLs Displaying IPv4 AC L Configuration Y ou can also display info rmation about VLAN access maps or VLAN filters. Use the pr iv ileged EXEC commands in Ta b l e 37-3 to display VLAN map information.
CH A P T E R 38-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 38 Configuring IPv6 ACLs Y ou can filter IP V ersion 6 (IPv6) tra ff ic by creating IPv6 access control lists (ACLs) and applying the m to interfaces simil arly to the way th at you create and apply IP V ersion 4 (IPv4) named A CLs.
38-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 38 Configuring IPv6 A CLs Understanding IPv6 ACLs Understanding IPv6 ACLs A switch support s two types of IPv6 A.
38-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 38 Configuring IPv6 ACLs Understanding IPv6 ACLs • Routed or bridged pack ets with hop-b y-hop options ha ve IPv6 A CLs applied in software. • Logging is supp orted for router A CLs, but n ot for port A CLs.
38-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 38 Configuring IPv6 A CLs Configuring IPv6 ACLs Configuring IPv6 ACLs Before conf iguring IPv6 A CLs, you must select one of t he dual IPv4 and IPv6 SD M templates.
38-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 38 Configuring IPv6 ACLs Co nfiguring IPv6 ACLs Creating IPv6 ACLs Beginning in pri vileged EXEC mode, follow these steps to create an IPv6 A CL: Command Purpose Step 1 conf igure terminal Enter global config uration mode.
38-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 38 Configuring IPv6 A CLs Configuring IPv6 ACLs Step 3b { deny | permit } tcp { sour ce-ipv6-pref ix / pref ix-l.
38-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 38 Configuring IPv6 ACLs Co nfiguring IPv6 ACLs Use the no { deny | permit } IPv6 access-list configuration commands with keywords to remo ve the deny or permit conditions from the specified access list.
38-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 38 Configuring IPv6 A CLs Displaying IPv6 ACLs Use the no ipv6 tr aff ic -f ilter access-list-name interface conf iguration command to remov e an access list from an interface.
CH A P T E R 39-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 39 Configuring QoS This chapter describe s ho w to configure quality of serv ice (QoS) by using automatic QoS (auto-Q oS) commands or by usin g standard QoS commands on the Catalyst 3750- X or 3560-X switch.
39-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS Understanding QoS T ypically , networks operate on a b est-effor t deliv ery ba sis, which m eans that all t raf fic has eq ual priority and an equal chance of being deli vered in a timely manner .
39-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS Figur e 39-1 QoS Classification Lay ers in Frames and P ack ets All switch.
39-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS Basic QoS Model T o implement QoS, the switch must distingu ish packets or .
39-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS Figur e 39-2 Basic QoS Model Classification Classificat ion is the process of di stinguishing one ki nd o f traf fic from another b y examining the f ields in the pack et.
39-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS For IP traf fic, you ha ve these classificat ion options as sho wn in Figure 39-3 : • T rust the DSCP v alue in the incoming packet ( configure t he port to trust DSCP), and assign the same DSCP v alue to the packet.
39-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS Figur e 39-3 Cl ass ification Flo wchar t Classification Based on QoS ACLs Y ou can us e IP standard, IP ex tended, or Layer 2 MA C A CLs to define a gro up of packets with the same characteristics ( class ).
39-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS In the QoS context, the permit and deny actio ns in the access control entr.
39-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS T o enable the polic y map, you attach it to a port b y using the service-policy interface conf iguration command. Y ou can apply a nonhierarchical polic y map to a ph ysical port or an SVI.
39-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS Policing on Physical Ports In polic y maps on physical ports, you can create these t ypes of policers: • Indi vidual—QoS applies the bandwidth limits sp ecified i n the policer separately t o each matched traf fic class.
39-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS Figur e 39-4 P olicing and Marking Flo w chart on Ph ysical Por ts Polici.
39-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS When configuring policing on an SV I, you can create and configure a hi er.
39-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS Mapping Tables During QoS processing, the switch represents the priority .
39-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS Queueing and Scheduling Overview The switch has queues at sp ecific points to help pre vent congestion as sho wn in Figure 39-6 and Figure 39-7 .
39-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS Weighted Tail Drop Both the ingress and egress queues u se an enhanced versi on of the tail-drop congest ion-a voidance mechanism called weighted tail dr op (WTD).
39-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS In shared mode, the queu es share the bandwidt h among them according to the conf igured weights. The bandwidth is guaranteed at th is lev e l b ut not limited to it .
39-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS Figur e 39-1 0 Queueing and Scheduling Flow c hart for Ingr ess Por ts on Catalyst 3560-X Switches Note SRR service s the priority queue for its configured s hare before servic ing the other que ue.
39-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS Y ou assign each packet that flo w s through the sw itch to a queue a nd to a threshold. Specif ically , you map DSCP or CoS v alues to an ingress queue and map DSCP or CoS v alues to a threshold ID.
39-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS Queueing and Scheduling on Egress Queues Figure 39-11 and Figure 39-12 sho w the queueing and scheduling fl owch arts for e gress ports.
39-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS Figur e 39-12 Queueing and Scheduling Flow char t f o r Egr ess P orts on Catalyst 3560-X S witches Each port supports fou r egress queues, o ne of which (queue 1) can be th e egress expedite queu e.
39-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understand ing QoS buf fers) or not empty (free buf fers). If the queue is not ov er-limit, the switch can allocate buf fer space from the reserv ed pool or from the co mmon pool (if it is not empty ).
39-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Understanding QoS The queues use WTD to support dis tinct drop percentage s for dif feren t traff ic classes.
39-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto-QoS • Depending on the QoS label ass igned to a fram e a nd the mutation chosen, the D SCP and C oS v a lues of the frame are re written.
39-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto- QoS Generated Auto-QoS Configuration By default, auto-Qo S is disabled on all ports.
39-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto-QoS trust the QoS label receiv ed in the pa cket. The switch also uses policing to determine wheth er a packet is in or out of profil e and to specify the action on t he packet.
39-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto- QoS The switch automatically maps DSCP v alues to an ingress queue and to a threshold I D.
39-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto-QoS The switch automatically conf ig ures the egress queue buf fer sizes. It conf igures the bandwidth and the SRR mo de (shaped or shared) on the e gress queues mapped to the port.
39-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto- QoS Effects of Auto-QoS on the Configuration When auto-QoS is enabled, the auto qos voip interface conf iguration command an d the generated confi guration are added to the running conf iguration.
39-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto-QoS • T o take adv antage of the auto-QoS def aults, you should enable aut o-QoS before you conf igure other QoS commands.
39-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto- QoS T o display the QoS commands that are automatically generated when auto-QoS is enabled or disabled, enter the debug auto qos pri vileged EXEC command befor e enabling au to-QoS.
39-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto-QoS Figur e 39-14 A uto-QoS Configuration Example Networ k Figure 39-14 sho ws a netw ork in which t he V oIP traf fic is pr ioritized ove r all other traf fic.
39-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Auto- QoS Beginni ng in priv ileged EXEC mode, fo llow these steps to configur e.
39-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Displaying Auto-QoS Information Displaying Auto-QoS Information T o display the initial au to-QoS conf iguration, use the sho w auto qos [ interfac e [ interface-id ]] pri vileged EXEC co mmand.
39-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Default Standard QoS Configuration QoS is disabled. There is no concept of trusted or untrusted ports because the pack ets are not modif ied (the CoS, DSCP , and IP precedence values in the packet are not changed).
39-35 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Default Egress Queue Configuration Ta b l e 39-9 sho w s the def ault eg ress queue conf iguration for each queue-set when QoS is enabled.
39-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Default Mapping Table Configuration Ta b l e 39-12 on page 39-70 shows the default CoS-t o-DSCP map. Ta b l e 39-13 on page 39-71 sho ws the default IP -precedence-to-DSCP map.
39-37 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Applying QoS on Interfaces These are the guidelines for configuring QoS on p hysical ports and SVIs (Layer 3 VLAN interfaces): • Y ou can con f igure QoS on p hysical ports and SVIs.
39-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS • QoS policies that include IPv6-specif ic classification (such.
39-39 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Beginning in pri vileged EXEC mode, follow these steps to enable QoS. This procedure is requi red. T o disable QoS, use the no ml s q os global conf iguration command.
39-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Configuring Classification Using Port Trust States These sections describe ho w to cl assify incoming traf fic by usin g port trust states.
39-41 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Beginning in pri vileged EXEC mod e, follo w these steps to conf ig.
39-42 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS T o return to the default setting, use t he no mls qos cos { default-cos | ov erride } interface conf iguration command.
39-43 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS In some situations, yo u can pre vent a PC conn ected to the Cisco IP Phone fro m taking adv antage of a high-priority d ata queue.
39-44 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Regardl ess of the DSCP tran sparency conf iguration, the switch .
39-45 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Beginning in pri vileged EXEC mod e, follo w these steps to conf igure the DSCP-trusted state on a port and modify th e DSCP-to-DSCP-muta tion map.
39-46 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Configuring a QoS Policy Config uring a QoS polic y typically requires classifying t raff ic into classes, conf iguring policies ap plied to those traf fic classes, and at taching policies to ports.
39-47 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS T o delete an access list, use the no access-list acce ss-list-number global configuration c ommand. This example sho ws how to allo w access for only those hosts on the three specified networks.
39-48 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS T o delete an access list, use the no access-list acce ss-list-number global conf iguration command.
39-49 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS T o delete an access list, use the no ipv6 access-list access-list-number global confi guration command.
39-50 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS This example sho ws how to create an A CL that perm its IPv6 traf.
39-51 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS This example sho ws ho w to crea te a Layer 2 M A C AC L with two perm it statements. The first statem ent allo ws traf fic from the ho st with MA C address 0001.
39-52 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Step 3 class-map [ match-all | match-any ] class-map-name Create a class map, and enter class-map c onf iguration mode.
39-53 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS T o delete an existing pol icy map, use the no policy-map policy-map-name global configuration command.
39-54 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Classifying Traffic by Using Cla ss Maps and Filtering IPv6 Traffic The switch supports both IPv4 and IPv6 QoS when a dual- ipv4-and-ipv6 SDM te mplate is confi gured.
39-55 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS T o delete an existing pol icy map, use the no policy-map policy-map-name global configuration command.
39-56 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Classifying, Policing, and Mark ing Traffic on Physical Ports by Using Policy Maps Y ou can confi gure a nonhierarchical poli cy map on a p hysical port that specif ies which traff ic class to act on.
39-57 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Beginning in pri vileged EXEC mod e, follo w thes e steps to cr eate a nonhier archical po licy map: Command Purpose Step 1 configur e terminal Enter global conf iguration mode.
39-58 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Step 5 trust [ cos | dscp | ip-precedence ] Conf igure the trust state, which QoS uses to generate a CoS-based or DSCP-based QoS label.
39-59 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS T o delete an existing pol icy map, use the no policy-map policy-map-name global configuration command. T o delete an existin g class map, use the no class class-map-name pol icy-map conf iguration command.
39-60 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Switch(config-ext-mac)# exit Switch(config)# class-map macclas s1.
39-61 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS • In a switch stack, you cannot use the match input-interface class-map conf iguration command to specify interfaces acro ss stack members in a polic y-map class.
39-62 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Beginning in pri vileged EXEC mod e, follo w these steps to create a hier archical polic y map: Command Purpose Step 1 configur e terminal Enter global conf iguration mode.
39-63 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Step 4 match protocol [ ip | ipv6 ] (Optional) Specify the IP proto col to which the class map applies. • Use the argument ip to specify IPv4 traf f ic, and ipv6 to specify IP v 6 t r affi c .
39-64 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Step 11 policy-map policy-map-name Create an interface-le vel polic y map b y entering the po licy-map name, and enter polic y-map configuration mode.
39-65 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Step 18 trust [ cos | dscp | ip-precedence ] Conf igure the trust state, which QoS uses to generate a Co S-based or DSCP-based QoS label.
39-66 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS T o delete an existing pol icy map, use the no policy-map policy-map-name global configuration command. T o delete an existin g class map, use the no class class-map-name policy -map config uration command.
39-67 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Switch(config-pmap-c)# exit Switch(config-pmap)# class-map cm- 2 Sw.
39-68 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Beginning in priv ileged EXEC mode, foll ow these steps to create an aggreg ate policer: Command Purpose Step 1 configur e terminal Enter global conf iguration mod e.
39-69 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS T o remove the specif ied aggre gate policer from a policy map, use the no police aggr egate aggr e gate-policer-name polic y map configu ration mode.
39-70 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Configuring the CoS-to-DSCP Map Y ou use the CoS-to-DSCP map to map CoS v alues in incoming packets to a DSCP v alue that QoS uses internally to represent the priority of the traf fic.
39-71 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Configuring the IP-Precedence-to-DSCP Map Y ou use the IP-precedenc.
39-72 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Configuring the Policed-DSCP Map Y ou use the policed-DSCP map to mark do wn a DSCP v alue to a new v alue as the result of a policing and marking action.
39-73 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Configuring the DSCP-to-CoS Map Y ou use the DSCP-to-CoS map to gene rate a CoS v alue, which is used to select one of the four egress queues.
39-74 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS 3 : 03 03 00 04 04 04 04 04 04 04 4 : 00 05 05 05 05 05 05 05 00 06 5 : 00 06 06 06 06 06 07 07 07 07 6 : 07 07 07 07 Note In the abov e DSCP-to-CoS map, the CoS v alues are shown in the body of th e matrix.
39-75 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS T o return to the default map, u se the no mls qos dscp-mutation dscp-mutation-name glo bal confi guration command. This exampl e show s how to define the DSCP-to-DSCP- mutation map.
39-76 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Th.
39-77 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS This exampl e sho ws how to map DSCP v alues 0 to 6 to in gress queue 1 and to threshold 1 with a drop threshold of 50 percent.
39-78 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Beginning in pri vileged EXEC mode, foll ow th ese steps to allocate bandwidth between the ingress queues. This procedure is optional.
39-79 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Beginni ng in pri vileged EXEC mode, follo w these steps to configure the priorit y queue. This procedure is optio nal.
39-80 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS These sections contain this configu ration informat ion: • Conf.
39-81 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Beginni ng in pri vileged EXEC mo de, follow these steps to conf igure the memory allocation and to drop thresholds for a queue-set.
39-82 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS T o return to the default set ting, use the no mls qos queue-set output qset-id buffers global configuration command.
39-83 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Beginni ng in pri vileged EXEC mode, follo w these steps to map DSCP or Co S values to an e gress queue and to a threshold ID.
39-84 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Configuring SRR Shaped Weights on Egress Queues Y ou can specify ho w much o f the av ailable bandwidt h is allocated to each queue.
39-85 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Standard QoS Configuring SRR Shared Weights on Egress Queues In shared mode, the queu es share the bandwidt h among them according to the conf igured weights.
39-86 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Configuring Stand ar d QoS Beginning in priv ileged EXEC mode, foll ow these steps to enable the egress e xpedite queue. This procedure is optional .
39-87 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Displaying Standard QoS Information T o return to the defa ult setting, use th e no srr -queue bandwidth limit in terface conf iguration command.
39-88 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 39 Configuring QoS Displaying Standard QoS Information.
CH A P T E R 40-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 40 Configuring EtherChannels and Link-State Tracking This chapter de scribes ho w to co nfigure EtherChannels on Layer 2 and Layer 3 ports on the Catalyst 3750-X or 3560-X switch.
40-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Understanding EtherCh an nels • Load-Balancing and Forwa.
40-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Understanding EtherChann els Y ou can confi gure an EtherChannel in o ne of thes e modes: Port Aggre gation Protocol (P AgP), Link Aggreg ation Control Protocol (LA CP), or On.
40-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Understanding EtherCh an nels Figur e 40-3 Cr oss-Stack Et.
40-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Understanding EtherChann els Figur e 40-4 Relationship of .
40-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Understanding EtherCh an nels PAgP Modes Ta b l e 40-1 sho ws the user -configurable EtherChannel P AgP modes for the channel -group interface confi guration command.
40-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Understanding EtherChann els T o prev ent a dual-activ e situation, the core switches send P AgP protocol data units (PDUs) through the RSLs to the remote switches.
40-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Understanding EtherCh an nels Ports can form an EtherChannel when the y are in dif ferent LA CP modes as long as the mo des are compatible.
40-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Understanding EtherChann els W ith destination-M A C addre.
40-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Understanding EtherCh an nels Figur e 40-5 Load Distr ibu.
40-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Configuring EtherChannels For more information about switch stacks, see Chapter 5, “Managing Switch Stacks.
40-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Configuring EtherCh ann els EtherChannel Configuration Guidelines If improperly conf igured, some EtherChannel ports ar e automaticall y disabled to a void network l oops and other problems.
40-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Configuring EtherChannels – Ports with dif ferent spanning-tre e path costs can form an EtherChannel i f the y are otherwise compatibly conf igured.
40-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Configuring EtherCh ann els T o remove a po rt from the EtherChannel group, use t he no channel-group interf ace configuration command.
40-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Configuring EtherChannels This exampl e sho ws how to conf igure an EtherChannel on a single switch in the stack .
40-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Configuring EtherCh ann els Beginning in pri vileged EXEC mode, follow these steps to creat e a port-channel interface for a Layer 3 EtherChann el.
40-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Configuring EtherChannels Step 5 channel-group c hannel-g.
40-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Configuring EtherCh ann els This ex ample sho ws ho w to conf igure an Et herChannel.
40-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Configuring EtherChannels T o return EtherChannel load-balan cing to the defau lt confi guration, use the no port-channel load-balance global conf iguration command.
40-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Configuring EtherCh ann els Beginning in pri vileged EXEC.
40-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Configuring EtherChannels If you conf igure more than eight links for an EtherChannel group, the softw are automatically decides which of the hot-standb y ports to make acti ve based on the LA CP priority .
40-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Displaying EtherChann el, PAg P, and LACP Status Configuring the LACP Port Priority By default, all port s use the same port priority .
40-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Understanding Link -State Tracking Y ou can clear P AgP channel-group information and t raf fic cou nters by usin g the clear pagp { channel -gr oup-number counters | counters } pri vileged EXEC command.
40-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Understanding Link-State Trac king Figur e 40-6 T ypical .
40-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Configuring Link -State Tra cking • Link-state group 2 on sw itch A – Switch A provides secondary links to serv er 3 and server 4 through l ink-state group 2.
40-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Configuring Link-S tate Tr ack ing Default Link-State Tracking Configuration There are no link-state groups def ined, and link-state tracking is not enabl ed for any group.
40-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring Et herChannels and Link-State Tracking Configuring Link -State Tra cking Switch(config-if)# inte.
40-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 40 Configuring EtherChannels an d Link-State Tracking Configuring Link-S tate Tr ack ing.
CH A P T E R 41-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 41 Configuring TelePresence E911 IP Phone Support Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. Note This feature is not supported on swit ches running the LAN base feature set.
41-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 41 Configuring TelePresenc e E911 IP Phone Support Configuring TelePre sence E911 IP Phone Support Use the T elePresence E911 IP phone support feature to ensure that th e IP phone is alw ays on and av ailable for emer gency calls.
41-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 41 Configuring TelePresence E9 11 IP Pho ne Support Configuring TelePresence E911 IP Phone Support Enabling TelePresence E911 IP Phone Support Beginni ng in pri vileged EXEC mod e: Example Switch# configure terminal Enter configuration commands, one per line.
41-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 41 Configuring TelePresenc e E911 IP Phone Support Configuring TelePre sence E911 IP Phone Support Switch# show .
CH A P T E R 42-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 42 Configuring IP Unicast Routing This chapter describe s ho w to configure IP V ersion 4 (IPv4) unicast routing on th e Catalyst 3750-X or 3560-X switch. Note Routing is not supported on swi tches running the LAN base feature set.
42-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Understanding IP Routing • Config uring Multi-VRF CE, pag e 42-74 • Config.
42-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Understanding IP Routing Types of Routing Routers and Layer 3 switches can ro.
42-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Understanding IP Routing • The MA C address of the stack master is used a s th e router MA C address for the whole stack, and all outside de vices use this address to send IP p ackets to the stack.
42-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Steps for Configuring Routing Caution Partit ioning of the switch stack into two or more stacks mi ght lead to undesirable b ehavior in the network.
42-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring IP Addressing Configuring IP Addressing A required task for conf i.
42-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Config uring IP Addressing Assigning IP Addresses to Network Interfaces An IP address identif ies a location to which IP pack ets can be sent.
42-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring IP Addressing Y ou can use the all ones subne t (131.108.255. 0) and e ven though it i s discouraged, you can enable the use of subnet zero i f you need the enti re subnet space for your IP address.
42-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Config uring IP Addressing Figur e 42-3 No IP Classless Routing T o prev ent .
42-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring IP Addressing The switch can use these fo rms of address resolution: • Address Resolution Protocol (ARP) is used t o asso ciate IP address with MA C addresses.
42-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Config uring IP Addressing T o remove an entry from the ARP cache, use the no arp ip- addr ess hardwar e-addr ess type global confi guration command.
42-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring IP Addressing Enable Proxy ARP By default, t he switch uses proxy ARP to help host s learn MA C addresses of h osts on other netw orks or subnets.
42-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Config uring IP Addressing Beginning in priv ileged EXEC mode, foll ow these.
42-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring IP Addressing If you change the maxadv ertinterval valu e , t he .
42-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Config uring IP Addressing Enabling Directed Broadcast-to-P hysical Broadcast Translation By default, IP directed broadcasts are dropped; they are no t forwarded.
42-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring IP Addressing Forwarding UDP Broadcast Packets and Protocols User Datagram Protocol (UDP) is an IP host -to-host layer protocol, as is TCP .
42-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Config uring IP Addressing Establishing an IP Broadcast Address The most popular IP broadcast address (and the de f ault) is an addres s consisting of all ones (255.
42-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring IP Addressing Beginning in pri vileged EXEC mode, foll ow th ese .
42-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Enabling IP Unicast Routing Enabling IP Unicast Routing By default, th e switch is in Layer 2 switchin g mo de and IP routing is di sabled.
42-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring RIP This exampl e sho ws how to enable IP routing using RIP as the routing prot ocol: Switch# configure terminal Enter configuration commands, one per line.
42-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuri ng RIP Default RIP Configuration Configuring Basic RIP Parameters Note T o configu re RIP , you enable RIP routing for a network and optionally conf igure other parameters.
42-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring RIP Step 4 network network number Associate a net work with a RIP ro uting process. Y ou can sp ecify multiple network commands.
42-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuri ng RIP T o turn of f the RIP rout ing process, use the no router ri p global confi guration command.
42-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring RIP If you want to conf igure an interf ace running RIP to advert.
42-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring OSPF Configuring Split Horizon Routers connected to broadcast-ty pe IP networks and using distance-v e ctor rout ing protocols nor mally use the split-horizo n mechanism to reduce the p ossibility of routing loops.
42-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring OSPF • Plain te xt and MD5 authenticat ion among neighborin g routers within an area is suppor ted.
42-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring OSPF Default OSPF Configuration Ta b l e 42-5 Def ault OSPF Configur ation Feature Default Setting Interface paramete rs Cost: No default cost predef ined.
42-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring OSPF OSPF Nonstop Forwarding The switch or switch stack supports .
42-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring OSPF When the neighbor relationshi ps are reestablished, the NSF-capable stack master resynchronizes its database with its NS F-aware neig hbors, and routing inf ormation is e xchanged between the OSPF neighbors.
42-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring OSPF Configuring OSPF Interfaces Y ou can use the ip ospf interface conf iguration commands to modify interf ace-specif ic OSPF parameters.
42-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring OSPF Use the no form of these commands to remo ve the conf igured parameter value or return to the default val ue .
42-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring OSPF Use the no form of these commands to remo ve the conf igured parameter value or to return to t he default val ue .
42-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring OSPF • Administrati ve distance i s a rating of the trustw orthiness of a routing inform ation source, an inte ger between 0 and 255, with a higher v alue meaning a lo wer trust rating.
42-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring OSPF Changing LSA Group Pacing The OSPF LSA group pacing feature allo ws the rout er to group OSPF LSAs and pace the refreshing, check-summing, and aging functions for more ef ficien t router use.
42-35 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring EIGRP Use the no interface loopback 0 global configuratio n command to disable the loopback interface.
42-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring EIGRP IP EIGRP pro vides increased network w idth. W ith RIP , the largest possible wi dth of your netwo rk is 15 hops.
42-37 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring EIGRP These sections contain this configu ration informatio n: .
42-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring EIGRP T o create an EIGR P routing process, you m ust enable EIGRP and assoc iate networks. EIGRP sends updates to the interfaces in the specif ied networks.
42-39 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring EIGRP EIGRP NSF Capability The IP-services feature se t also supports EIGRP NSF- capable routing for IPv4 for better con vergence and lo wer traf fic loss fol lowing a stack master ch ange.
42-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring EIGRP Use the no forms of these commands to disable the feature or retu rn the setting to the defa ult v alue. Configuring EIGRP Interfaces Other optional EI GRP parameters can be conf igured on an interface basis.
42-41 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring EIGRP Use the no forms of these commands to disable the feature or retur n the setting to the defa ult v alue.
42-42 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring EIGRP Use the no forms of these commands to disable the featur e or to return the setting to the default valu e.
42-43 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP Figur e 42-4 EIGRP Stub Router Configuration For more info .
42-44 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP For detai ls about BGP commands and ke ywords, see the “IP Routing P rotocols” part of the Cisco IOS IP Command Refer ence, V olume 2 of 3: Routing Pr otocols, Release 12.
42-45 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP In BGP , each route consists of a netwo rk number , a list of autonomous systems that information has passed through (th e autonomou s system path ), and a list of other path attributes .
42-46 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP Ta b l e 42-9 Def ault BGP Configur ation Feature Default Setting Aggreg ate address Disabled: None defi ned. AS path access lis t Non e defined.
42-47 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP Nonstop Forwarding Awareness The BGP NSF A wareness feature is su pported for IPv4 in the IP services feature set.
42-48 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP neighboring r outer during the i nterv al between the pr imar.
42-49 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP Use the no router bgp autonomous-system global conf iguration command to remo ve a BGP AS. Use the no network network-number ro uter configuration comma nd to remove the network from the BG P table.
42-50 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP Router B: Switch(config)# router bgp 200 Switch(config-router)# neighbor 1 29.213.1.2 remote-as 100 Switch(config-router)# neighbor 1 75.
42-51 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP establish a TCP se ssion.
42-52 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP Configuring BGP Decision Attributes When a BGP speaker receiv.
42-53 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP Beginning in pri vileged EXEC mode, follow these steps to conf igure some decision attrib utes: Command Purpose Step 1 conf igure terminal Enter global conf iguration mode.
42-54 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP Use the no form of each command to return to the default state.
42-55 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP path, comm unity , and network numbers.
42-56 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP Configuring Prefix Lists for BGP Filtering Y ou can use prefi.
42-57 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP sequence number command; to reenable automatic generati on, use the ip pr efi x-list sequence number command.
42-58 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP Configuring BGP Neighbors and Peer Groups Often many BGP n ei.
42-59 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP Step 7 neighbor { ip-addr ess | peer -gr oup-name } default-originate [ r oute-map map-name ] (Optional) Allo w a BGP speaker (the local router) to send the default route 0.
42-60 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP T o disable an e xisting BGP neighbor or neighbo r peer group, use the neighbor shutdown router confi guration command.
42-61 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP T o delete an aggregate entry , use the no aggregate-addr ess address mask router config uration command. T o return options to the def ault values, use the command with ke ywords.
42-62 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring BGP When the route reflector receives an adv ertised route, it t akes one of these act ions, depending on the neighbor: • A route from an external BGP speaker is adve rtised t o all clients and nonclient peers.
42-63 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring B GP Beginni ng in pri vileged EXEC mod e, use these commands to config ure BGP route dampening: T o disable flap dampenin g, use the no bgp dampeni ng router co nfigu ration command without key words.
42-64 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring ISO CLNS Routing Y ou can also enable the logg ing of messages generate d when a BGP neighbor resets, comes up, or go es down b y using th e bgp log-neighbor changes rou ter configurati on command.
42-65 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring ISO CLNS Routing When dynamically routing, y ou use IS-IS. This routin g protocol supports th e concept of ar eas .
42-66 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring ISO CLNS Routing These sections briefly describes ho w to configure IS-IS ro uting.
42-67 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring ISO CLNS Routing Nonstop Forwarding Awareness The integrated IS-IS NSF A wareness feature is supported for IPv4 , beginning with Cisco IOS Release 12.
42-68 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring ISO CLNS Routing T o disable IS-IS routing, use the no r outer isis ar ea-tag router co nfigu ration command.
42-69 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring ISO CLNS Routing Configuring IS-IS Global Parameters These are s.
42-70 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring ISO CLNS Routing Step 9 set- overlo ad-b it [ on-startup { second.
42-71 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring ISO CLNS Routing T o disable default r oute generatio n, use the no default-inf ormation originate router configuration command.
42-72 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring ISO CLNS Routing frequently and IS-IS adjacencies are f ailing unnecessarily .
42-73 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring ISO CLNS Routing T o return to the default setti ngs, use the no forms of the commands.
42-74 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Multi-VRF CE Configuring Multi-VRF CE V irtual Pri vate Netw orks (VPNs) provide a secure way for customers to share bandwidth over an ISP backbone netw ork.
42-75 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Multi-VRF CE Note The switch does not use Mul tiprotocol Label Switch ing (MPLS) to support VPNs. For information about MPLS VRF , see the Cisc o IOS Switching Se rvices Configuration Guid e, Release 12.
42-76 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Multi-VRF CE Figure 42-6 sho ws a configuratio n using Catalyst 3750-X or 3 560-X switches as multiple virtual CEs.
42-77 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Multi-VRF CE T o configure VRF , you create a VRF table and specif y the Layer 3 interface assoc iated with the VRF .
42-78 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Multi-VRF CE • A customer can use multiple VLA Ns as long as they do not ov erlap with those of other customers.
42-79 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Multi-VRF CE Use the no ip vrf vrf-name global configuration command to dele te a VRF an d to remove all interf aces from it.
42-80 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Multi-VRF CE User Interface for PING Beginning in pri vilege d EXEC mode, follo w these steps to conf igure VRF-aware services for p ing.
42-81 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Multi-VRF CE User Interface for uRPF uRPF can be co nfigured on an interf ace assigned to a VRF , and source lookup is done in the VRF table.
42-82 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Multi-VRF CE User Interface for Traceroute Beginni ng in pri vileged EXEC mode, follo w these step s to conf igure VRF-aware services for tr aceroute.
42-83 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Multi-VRF CE Configuring Multicast VRFs Beginni ng in priv ileged EXEC mod e, follo w these steps to conf igure a mul ticast within a VRF table.
42-84 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Multi-VRF CE Beginning in pri vileged EXEC mode, follo w these st.
42-85 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Multi-VRF CE Multi-VRF CE Configuration Example Figure 42-7 is a simplif ied example of the physical connections in a netw ork similar to that in Figure 42-6 .
42-86 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Multi-VRF CE Config ure the loopback and ph ysical interf aces on Switch A. Gigabit Ethernet port 1 is a trun k connection to the PE.
42-87 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Multi-VRF CE Config ure BGP for CE to PE routing.
42-88 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Multi-VRF CE Router(config-vrf)# rd 100:1 Router(config-vrf)# rou.
42-89 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Unicast Re verse Path Forwarding For more inf ormation about the informat ion in the displays, see the Cisco IOS Switc hing Services Command Refer ence, Release 12.
42-90 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Protoco l -Ind ependent Features more CPU processing po wer to be dedicated to pack et forwarding. In a switch stack, the hardw are uses distribu ted CEF (dCEF) in the stack.
42-91 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Protocol-Independent Features Configuring the Number of Equal-Co.
42-92 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Protoco l -Ind ependent Features Configuring Static Unicast Routes Static unicast routes are user-d efined routes that cause packet s moving between a source and a destination to take a specif i ed path .
42-93 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Protocol-Independent Features When an interface goes down, all static routes through that interface are remo ved from the IP routing table.
42-94 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Protoco l -Ind ependent Features Y ou can also conditional ly control the redistrib ution of routes between routing d omains by def ining enhanced packet filters or route maps between the two d omains.
42-95 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Protocol-Independent Features Step 3 match as-path path-list-numb er Match a BGP AS path access list. Step 4 match community-list community-list-number [ exact ] Match a BGP community list .
42-96 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Protoco l -Ind ependent Features T o delete an entry , us e the no route-map ma p ta g global conf iguration command or the no match or no set route-map conf iguration commands.
42-97 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Protocol-Independent Features T o disable redistrib u tion, use the no form of the commands. The metrics of one r outing protocol do no t necessarily translate into the metrics of another .
42-98 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Protoco l -Ind ependent Features If match clauses are satisfied, you can use a set clause to specify the IP addresses identifying the ne xt hop router in t he path.
42-99 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Protocol-Independent Features • The switch support s QoS DSCP .
42-100 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Protoco l -Ind ependent Features Use the no route-map map-ta g global conf iguration command or the no match or no set route-map confi guration commands to de lete an entry .
42-101 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Protocol-Independent Features Note When routes are redistribute d between OSPF processes, no OSPF metrics are preserv e d.
42-102 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Configuring Protoco l -Ind ependent Features Beginning in pri vileged EXEC m.
42-103 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Config uring IP Unicast Routing Configuring Protocol-Independent Features T o remove a distance def inition, use the no distance router configuration command.
42-104 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 42 Configuring IP Unicast Routing Monitoring and Main ta ining the IP Network T o remove the k ey chain, use the no key chain name-of- chain global conf iguration command.
CH A P T E R 43-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 43 Configuring IPv6 Unicast Routing This chapter describes h ow to config ure IPv6 unicast rou ting on the Cataly st 3750-X or 3560 -X switch. For info rmation about conf iguring IPv4 un icast routing, see Chapte r 42, “Conf iguring IP Unic ast Routing.
43-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Understanding IPv6 For information about IPv6 and ot her features in this ch apter • See the Cisco IOS IPv6 Conf igurati on Library at this URL: http://www .
43-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Understanding IPv6 Supported IPv6 Unicast Routing Features These sections de.
43-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Understanding IPv6 process. Nodes on a local link use link-local addre sses and do not require globally unique ad dresses to communicate.
43-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Understanding IPv6 reachability is unknown or suspect. For reachable or probably reachable routers, NDP can either select the same router e very time or c ycle through the router list.
43-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Understanding IPv6 Figur e 43-1 Dual IPv4 and IPv6 Support on an Interf ac.
43-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Understanding IPv6 For more in formation about stat ic routes, see the “Implementing Stati c Routes for IPv6” chapter in the Cisco IOS IPv6 Confi guration Library on Cisco.
43-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Understanding IPv6 SNMP and syslog over IPv6 pro vide these features: • .
43-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Understanding IPv6 • The switch as a tunnel endpoint su pporting IPv4-to-I.
43-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 If a ne w switch becomes the stack master , it reco mputes the IPv6 routing tables and distrib utes them to the member switches.
43-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Configuring IPv6 Default IPv6 Configuration Configuring IPv6 Addressing and.
43-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Beginning in p rivile ged EXEC mo de, follow these step .
43-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Configuring IPv6 without ar guments. T o disable IPv6 processing on an interf ace that has not been explicitly con figur ed with an IPv6 address, use the no ipv6 enable interface co nfigu ration command.
43-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Use the no ipv6 nd router -prefer ence interface conf iguration command to disabl e an IPv6 DRP . This exampl e sho ws how to conf igure a DRP of hi gh for the router on an interf ace.
43-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Configuring IPv6 T o disable IPv4 routing, use the no ip routing global conf iguration command. T o disable IPv6 routing, use the no ipv6 unicast-routing g lobal conf iguration command.
43-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Enabling DHCPv6 Server Function Beginning in pri vileged EXEC mode, foll ow th ese st eps to enable the DHCPv6 serv er function on an interface.
43-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Configuring IPv6 T o delete a DH CPv6 pool, use the no ipv6 dhcp pool poolname global con f iguration c ommand. Use th e no form of the DH CP pool configuratio n mode comma nds to change the DHCPv6 pool characteristics.
43-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 This example sho ws how to conf igure a pool ca lled 350.
43-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Configuring IPv6 Configuring IPv6 ICMP Rate Limiting ICMP rate limitin g is.
43-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Configuring Static Routing for IPv6 Before conf iguring .
43-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Configuring IPv6 T o remove a conf igured static route, use the no ipv6 route ipv6-pr ef ix/pr efix length { ipv6-addr ess | interface- id [ ipv6-address ]} [ administrative distance ] global confi guration command.
43-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 T o disable a RIP routing process, use the no ipv6 r outer rip name global conf iguration command.
43-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Configuring IPv6 Beginning in pri vileged EXEC mode, follo w these required and optional step s to conf igure IPv6 OSPF: Command Purpose Step 1 configur e terminal Enter global co nfiguration mode.
43-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 T o disable an OSPF routing process, use the no ipv6 r outer ospf pr oc ess-id glob al configuration command.
43-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Configuring IPv6 Enabling HSRP Version 2 Beginni ng in pri vileged EXEC mo de, follo w these steps to enable HSRP ve rsion 2 on a Lay er 3 interface.
43-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Use the no standby [ gr oup-number ] ipv6 interface conf iguration command to disable HSRP for IPv6. This exampl e sho ws how to acti v ate HSRP for IPv6 for group 1 on a port.
43-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Configuring IPv6 Unicast Routing Displaying IPv6 Displaying IPv6 For complete syntax and usage in formation on these commands, see the Cisco IOS command reference publications.
43-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 43 Co nfig uring IPv6 Unicast Routing Displaying IPv6 This is an example of the output from the show ipv6 inter.
CH A P T E R 44-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 44 Configuring HSRP This chapter describes h ow to u se Hot Standby Router Protocol (HSRP) on the Catalyst .
44-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Understanding HSRP Note Routers in an HSRP group can be an y router interface t hat supports HSRP , including Catalyst 3750-X or 3560-X routed ports and switch virtual in terfaces (SVIs).
44-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Understanding HSRP Figur e 44-1 T ypical HSRP Configuration HSRP Versions The switch supports these HSRP versions: • HSRPv1—V ersion 1 of the H SRP , the default v ersion of HSRP .
44-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Understanding HSRP HSRPv2 has a different pack et format th an HSRPv1. A HSR Pv2 packet uses the type-length-v alue (TL V) format and has a 6-byte iden tifier f ield with the MA C address of the physical router that sent the packet.
44-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Configuring HSRP HSRP and Switch Stacks HSRP hello messages are generated b y the stack master . If an HSRP-activ e stack ma ster fails, a flap in the HSRP acti ve state might occur .
44-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Configuring HSRP HSRP Configuration Guidelines • HSRPv2 and HSRPv1 are mutuall y exclusi ve. HSRPv2 is not interoperable wi th HSRPv1 on an interface and the re verse.
44-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Configuring HSRP Beginni ng in pri vilege d EXEC mode, follo w these steps to create or enable HSRP on a Lay e r 3 in terface: Use the no standby [ gr oup-number ] ip [ ip-addr ess ] interface conf iguration command to disable HSRP .
44-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Configuring HSRP Configuring HSRP Priority The standby priority , standby pr eempt , and sta.
44-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Configuring HSRP Use the no standby [ gr oup-number ] priority priority [ preempt [ delay de.
44-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Configuring HSRP This example acti vates a port, sets an IP address an d a pri ority of 120.
44-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Configuring HSRP When configuring these attrib ut es, follow these guidelines: • The authentication strin g is sent unencrypt ed in all HSRP messages.
44-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Configuring HSRP This exampl e sho ws how to set the timers on standb y group 1 with the ti.
44-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Displaying HSRP Configurations Troubleshooting HSRP for Mixed Stacks of Catalyst 3750-X, 37.
44-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 44 Configuring HSRP Displaying HSRP Configurati ons.
CH A P T E R 45-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 45 Configuring Cisco IOS IP SLAs Operations This chapter describes ho w to use Cisco IOS IP Se rvice Le vel Agreements (SLAs) o n the Catalyst 3750-X or 3560- X switch.
45-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Config uring Cisco IO S IP SLAs O p e rations Understanding Cisco IOS IP SLAs Depending on the specif ic Cisc.
45-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Configuring Cisco IOS IP SLAs Ope rations Understand ing Cisco IOS IP SLAs Using Cisco IOS IP SLAs to Measure.
45-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Config uring Cisco IO S IP SLAs O p e rations Understanding Cisco IOS IP SLAs IP SLAs Responder and IP SLAs C.
45-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Configuring Cisco IOS IP SLAs Ope rations Understand ing Cisco IOS IP SLAs Figur e 45-2 Cisco IOS IP SLAs Res.
45-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Config uring Cisco IO S IP SLAs O p e rations Configuring IP SLAs Operations An IP SLAs threshold vi olation can also trigger another IP SLAs op eration for further analysis.
45-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Configuring Cisco IOS IP SLAs Ope rations Configuring IP SLAs Opera tions Before configuring any IP SLAs application, you can use the show ip sla application pri vileged EX EC command to veri fy that the operation typ e is supported on you r software imag e.
45-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Config uring Cisco IO S IP SLAs O p e rations Configuring IP SLAs Operations T o disable the IP SLAs responder , enter the no ip sla responder global conf iguration command.
45-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Configuring Cisco IOS IP SLAs Ope rations Configuring IP SLAs Opera tions Beginni ng in p rivile ged EXEC mod.
45-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Config uring Cisco IO S IP SLAs O p e rations Configuring IP SLAs Operations T o di s ab l e t h e I P SL A s operation, ente r the no ip sla operation-number global configur ation command.
45-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Configuring Cisco IOS IP SLAs Ope rations Configuring IP SLAs Opera tions Schedule: Operation frequency (sec.
45-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Config uring Cisco IO S IP SLAs O p e rations Configuring IP SLAs Operations T o disable the IP SLAs operation, enter th e no ip sla operation-number global config uration command.
45-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Configuring Cisco IOS IP SLAs Ope rations Monitoring IP SLAs Operations Next Scheduled Start Time: Pending t.
45-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 45 Config uring Cisco IO S IP SLAs O p e rations Monitoring IP SLAs Operations.
CH A P T E R 46-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 46 Configuring Enhanced Object Tracking This chapter describe s ho w to configure enhanced object tracking on the Catalyst 3750-X or 3560-X switch.
46-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configur in g Enhanced Object Trackin g Configuring Enh anced Object Trac king Features Y ou can also track a combination of objects in a list by us ing either a weight th reshold or a percent age threshold to measure the state of the list.
46-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configuring Enhanced Object Trac king Configuring Enhanced Obje ct Tracking Features This example configures .
46-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configur in g Enhanced Object Trackin g Configuring Enh anced Object Trac king Features Configuring a Tracked.
46-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configuring Enhanced Object Trac king Configuring Enhanced Obje ct Tracking Features Configuring a Tracked Li.
46-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configur in g Enhanced Object Trackin g Configuring Enh anced Object Trac king Features Configuring a Tracked.
46-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configuring Enhanced Object Trac king Configuring Enhanced Obje ct Tracking Features Configuring HSRP Object .
46-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configur in g Enhanced Object Trackin g Configuring Enh anced Object Trac king Features Configuring Other Tracking Characteristics Y ou can also use the enha nced object trac king for tracking ot her characteristics.
46-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configuring Enhanced Object Trac king Configuring Enhanced Obje ct Tracking Features Object tracking of IP SLAs operati ons allow s client s to track the output fr om IP SLAs objects and use this information to tr igger an actio n.
46-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configur in g Enhanced Object Trackin g Configuring Enh anced Object Trac king Features This exampl e output.
46-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configuring Enhanced Object Trac king Configuring Enhanced Obje ct Tracking Features Beginning in pri vilege.
46-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configur in g Enhanced Object Trackin g Monitoring Enhanced Ob ject Tr ack ing Configuring a Routing Policy .
46-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configuring Enhanced Object Trac king Monitoring Enhanced Object Tra cking show track resolution Display the resolution of track ed parameters. show track timers Display tracke d polling interv al timers.
46-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 46 Configur in g Enhanced Object Trackin g Monitoring Enhanced Ob ject Tr ack ing.
CH A P T E R 47-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 47 Configuring Web Cache Services By Using WCCP This chapter describe s ho w to configure your Catalyst 375.
47-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cac he Services By Using WCCP Understanding WCCP Understanding WCCP The WCCP and Cisco cache engines (or other appl ication engines running WCCP) localize traff ic patterns in the net work, enabling content requests to be fulf illed locally .
47-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cache Services By Using WCCP Understanding WCCP WCCP Negotiation In the ex change of WCCP pro.
47-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cac he Services By Using WCCP Understanding WCCP Y ou can confi gure up to 8 service grou ps on a switch or switch stack and up to 32 cache engines per service group.
47-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cache Services By Using WCCP Configuring WCCP • It distrib utes the WCCP information to an y switch that joins the st ack. • It programs its hardw are with th e WCCP information it pr ocesses.
47-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cac he Services By Using WCCP Configuring WCCP • WCCP entries and PBR entries use the same TCAM re gion. WCCP is supported onl y on the templates that support PBR: access, routing, and dual IPv4/ v6 routing.
47-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cache Services By Using WCCP Configuring WCCP Command Purpose Step 1 configur e terminal Enter global conf iguration mode.
47-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cac he Services By Using WCCP Configuring WCCP T o disable the web cache service, use the no ip wccp w eb-cache global confi guration command.
47-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cache Services By Using WCCP Configuring WCCP This exampl e sho ws how to conf igure SVIs and ho w to enable the web cache service with a multicast group list.
47-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 47 Configuring Web Cac he Services By Using WCCP Monitoring and Maintaining WCCP Monitoring and Maintaining WCC.
CH A P T E R 48-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 48 Configuring IP Multicast Routing This chapter describes h ow to configu re IP multicast routing on the Catalyst 3750-X or 3560-X swit ch.
48-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Understanding Cisco’s Impleme ntation of IP Multicast Routing Understandi.
48-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Understanding Cisco’s Implementa tion of IP Multicast Routing Understanding IGMP T o participate in IP multicasting, multicast hosts, routers, and mul tilayer switches must hav e the IGMP operating.
48-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Understanding Cisco’s Impleme ntation of IP Multicast Routing Understandi.
48-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Understanding Cisco’s Implementa tion of IP Multicast Routing When a new .
48-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Understanding Cisco’s Impleme ntation of IP Multicast Routing The redundant PIM stub router to pology is not support ed.
48-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Understanding Cisco’s Implementa tion of IP Multicast Routing Auto-RP This proprietary feature eliminates the need to manually conf igure the RP information in e very router and multilayer switch in the netwo rk.
48-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Understanding Cisco’s Impleme ntation of IP Multicast Routing Multicast F.
48-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Understanding Cisco’s Implementa tion of IP Multicast Routing PIM uses bo.
48-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Multicast Routing and Switch Stacks CGMP is nec essary be cause the Layer .
48-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Default Multicast Routing Configuration M.
48-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing Sparse-mode groups in a mix ed PIMv1 and PIMv2 re gion are possible because the Auto-RP feature in PIMv1 interoperates with the PIMv2 RP featu re.
48-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing In populating the multicast routin g table, dense-mode i nterfaces are alw ays added to the table.
48-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing T o disable multicasting, use the no ip multicast-routing distrib uted global conf iguration command.
48-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing the IP addresses of sources from which they recei ve their t raf fic.
48-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing Configuration Guidelines This section contains the guidelines for conf iguring SSM.
48-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Configuring SSM Beginni ng in pri vileged EXEC mod e, follo w these steps to conf igure SSM.
48-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing • Before you can con figure and use SSM mappi ng with DNS lookups, you must b e able to add recor ds to a running D NS server .
48-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing DNS-Based SSM Mapping Y ou can u se DNS-based SSM mappi ng to configure the last hop router to perform a re verse DNS lookup to determine sources sendi ng to groups.
48-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing Configuring SSM Mapping • Config uring .
48-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Beginning in pri vileged EXEC mod e, foll.
48-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing Monitoring SSM Mapping Use the privile ged EXEC commands in Ta b l e 48-3 to monitor SSM mapping.
48-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Enabling PIM Stub Routing Beginning in pri vileged EXEC mode, follo w these steps t o enable PIM stub routing on an interf ace.
48-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing Use these pri vileged EXEC commands to display inf ormation about PIM stub co nfigur ation and status: • show ip pim interface displays the PIM stub that is enabled on each interface.
48-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Beginning in pri vileged EXEC mode, follow these steps to manually config ure the address of the RP .
48-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing Configuring Auto-RP Auto-RP uses IP mu lticast to automate the distrib ution of g roup-to-RP mappings to all Cisco routers and multilayer switches in a PIM netw ork.
48-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Beginning in pri vileged EXEC mode, follo w these steps to deploy Auto-RP in an e xisting sparse-mode cloud.
48-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing T o remove the PIM de vice configured as the candidate RP , use the no ip pim send-rp-announce interface- id global conf iguration command.
48-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Beginni ng in pri vileged EXEC mode, follo w these steps to f ilter incoming RP an nouncement messages.
48-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing Switch(config)# access-list 20 deny 239.0.0.0 0.0.255.255 Switch(config)# access-list 20 pe rmit 224.
48-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Figur e 48-5 Constraining PIMv2 BSR Messages Defining the IP Multicast Bounda ry Y ou define a m ulticast boundary to pre vent Auto -RP messages from en tering the PIM domain.
48-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing This exampl e sho ws a portion of an IP mul ti cast boundary configuration that denies Auto-RP inform ation: Switch(config)# access-list 1 deny 224.
48-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring IP Multicast Routing Configuring Candidate RPs Y ou can configu re one or more candidate RPs.
48-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring IP Multicast Routing This exampl e sho ws how to conf igure the switch to advertise itself as a candidate RP to the BSR in its PIM domain.
48-35 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Advanc ed PIM Feature s Monitoring the RP Mapping Information .
48-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Adva nce d PIM Features Figur e 48-6 Shar ed T ree and Source .
48-37 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Advanc ed PIM Feature s Delaying the Use of PIM Shortest-Path Tree The change from shared to source tr ee happens when the first data packet arri ves at the last-hop router (Router C in Figure 48-6 ).
48-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Optio na l IGMP Feature s T o return to the def ault setting, use the no ip pim spt-t hreshold { kbps | infinity } global conf iguration command.
48-39 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Optio nal IGM P Features • Changing th e IGMP Query Timeout .
48-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Optio na l IGMP Feature s Beginning in pri vileged EXEC mode, foll ow th ese steps to conf igure the switch to be a member of a group.
48-41 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Optio nal IGM P Features T o disable groups on an interf ace, use the no ip igmp access-group interface con figuration command.
48-42 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Optio na l IGMP Feature s T o return to the def ault setting, use the no ip ig mp version interface configuration command.
48-43 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Optio nal IGM P Features Y ou can confi gure the query in terval by entering t he show ip igm p interfac e interf ace-id priv ileged EXEC command.
48-44 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Optional Multicast Routing Features Configuring the Switch as .
48-45 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Optional Multicast Routing Features Enabling CGMP Server Support The switch serves as a CGMP serv er for devices that do not support IGMP snooping b ut have CGMP client functionality .
48-46 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Optional Multicast Routing Features Configuring sdr Listener Support The MBONE is the small subset of Internet routers and hosts that ar e interconnected and capable of forwarding IP mult icast traf fic.
48-47 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Optional Multicast Routing Features Beginni ng in pri vileged EXEC m ode, follow these steps to limit ho w long an sdr cache entry stays acti ve in the cache.
48-48 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Optional Multicast Routing Features Figur e 48-7 Admi ni str atively -Scoped Boundar ies Y ou can def ine an administrati vely-scoped boun dary on a routed interface f or multicast group addresses.
48-49 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Basic DVMRP Interoperability Features T o remove t he boundary , use the no ip multicast boundary interface config uration command.
48-50 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Basic DVMRP Interoperabi lity Features Beginning in p rivile g.
48-51 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Basic DVMRP Interoperability Features This exampl e sho ws how to conf igure D VMRP interoperability when the PI M dev ice and the D VMRP router are on the same network se gment.
48-52 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Basic DVMRP Interoperabi lity Features Beginning in pri vileged EXEC mode, follo w these steps to conf igure a D VMRP tunnel.
48-53 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Basic DVMRP Interoperability Features T o disable the filter , use the no ip dvmrp accept-f ilter access-list-number [ di stance ] neighbor -list access-list-number interface conf iguration command.
48-54 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Advanced DVMRP Interoperability Features T o prev ent the default rout e advertisement, use the no ip dvmr p default-information interf ace confi guration command.
48-55 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Advanced DVMRP Interoperability Feature s Cisco devices do not perfo rm D VM RP multicast routin g among each ot her , but they can exchange D VMRP routes.
48-56 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Advanced DVMRP Interoperability Features Figur e 48-8 Leaf Non.
48-57 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Advanced DVMRP Interoperability Feature s Figur e 48-9 Router .
48-58 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Advanced DVMRP Interoperability Features Controlling Route Exc.
48-59 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Advanced DVMRP Interoperability Feature s Beginning in pri vileged EXEC mod e, follo w these steps to change the thresho ld number of routes that trigger the w arning.
48-60 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Configuring Advanced DVMRP Interoperability Features Figur e 48-1 0 Connec.
48-61 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Configuring Advanced DVMRP Interoperability Feature s T o remove the summary address, use the no ip dvmrp summary-address addr ess mask [ metric value ] interface configuration command.
48-62 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Monitoring and Maintain ing IP Multicast Routing T o return to the def ault setting, use the no ip dvmr p metric-offset interface conf iguration command.
48-63 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Config uring IP Multicast Routing Monitoring and Maintainin g IP Multicast Routing Displaying System and Network Statistics Y ou can displ ay specif ic statistics, su ch as the cont ents of IP routing tables, caches, and databas es.
48-64 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 48 Configur ing IP Multicast Routing Monitoring and Maintain ing IP Multicast Routing Monitoring IP Multicast R.
CH A P T E R 49-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 49 Configuring MSDP This chapter describe s ho w to configure the Multicast So urce Discovery Protocol (MSDP) on the Catalyst 3750-X or 3560-X switch. Th e MSDP connects multiple Protocol-Independent Mult icast sparse-mode (PIM-SM) domains.
49-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Understanding MSDP The purpose of this to pology is to ha ve domains di scov er multicast sources in other domains.
49-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Configuri ng MSDP Figur e 49-1 MSDP Runnin g Between RP P eers MSDP Benefits MSDP has these benefits: • It breaks up the shared multicas t distribut ion tree.
49-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Configuring MSDP • Controlling Source Informati on that Y our Switch Forward s, page 49-1.
49-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Configuri ng MSDP Figur e 49-2 Def ault MSDP P eer Network Beginni ng in pri vilege d EXEC mode, follo w these steps to specify a def ault MSDP peer .
49-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Configuring MSDP T o remove t he default peer , use the no ip msdp default-peer ip-addr ess | name global configuration command. This examp le shows a part ial conf iguration of Ro uter A and Router C i n Figure 49-2 .
49-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Configuri ng MSDP Beginni ng in pri vileged EXEC mod e, follo w these steps to enable the ca ching of sou rce/group pairs. This procedure is optional .
49-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Configuring MSDP Requesting Source Information from an MSDP Peer Local RPs can send SA requests and get immediat e responses for all acti ve sources for a gi ven group.
49-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Configuri ng MSDP Redistributing Sources SA messages originate on RPs to which sou rces hav e registered. By d efault, an y source that regist ers with an RP is advertised.
49-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Configuring MSDP T o remove t he filter , use the no ip msdp r edistribute global conf iguration command.
49-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Configuri ng MSDP Filtering Source-Active Request Messages By default, only switches that are caching SA in form ation can respond to SA requests.
49-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Configuring MSDP Controlling Source Information that Your Switch Forwards By default, the switch f orwards all SA messages it recei ves to all its MSDP peers.
49-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Configuri ng MSDP T o remove t he filter , use the no ip msdp sa-f ilter out { ip-addr ess | name } [ list access-list-number ] [ rou te -m a p map-tag ] global conf iguration command.
49-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Configuring MSDP Using TTL to Limit the Multicas t Data Sent in SA Messages Y ou can use a TT L v a lue to control what data is enca psulated in the f irst SA mess age for e very source.
49-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Configuri ng MSDP Beginning in pri vileged EXEC mode, follow these steps to apply a f ilter .
49-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Configuring MSDP Configuring an MSDP Mesh Group An MSDP mesh group is a gro up of MSDP speak ers that ha ve fully meshed MSDP co nnecti vity among one another .
49-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Configuri ng MSDP Beginning in p rivile ged EXEC mod e, follow these steps to shut do wn a peer .
49-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Configuring MSDP Note that the ip msdp origina tor-id global conf iguration command also identifies an interface to be used as the RP address.
49-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Configuring MSDP Monitoring and Ma in taining MSDP Monitoring and Maintaining MSDP T o monitor MSDP SA messa.
49-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 49 Co nfiguring MSDP Monitoring and Maintaining MSDP.
CH A P T E R 50-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 50 Configuring Fallback Bridging This chapter describes h ow to con figur e fallback bridg ing (VLAN bridging) on the Catalyst 3750-X or 3560-X switch.
50-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configur in g Fallback Bridging Understanding Fallback Bridg ing A bridge group is an internal organi zation of network int erfaces on a switch.
50-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configuring Fallback Bridging Configuring Fallback Bridging Fallback Bridging and Switch Stacks When the s tack master fails, a sta ck member bec omes the new stack master by using the el ection process described in Chapter 5, “Managin g Switch Stacks.
50-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configur in g Fallback Bridging Configuring Fallbac k Br idging Fallback Bridging Configuration Guidelines Up to 32 bridge group s can be confi gured on the switch.
50-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configuring Fallback Bridging Configuring Fallback Bridging T o remove a br idge group, use the no bridge bridge-gr oup global conf iguration command.
50-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configur in g Fallback Bridging Configuring Fallbac k Br idging Changing the VLAN-Bridge Spanning-Tree Priori.
50-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configuring Fallback Bridging Configuring Fallback Bridging T o return to the default setting, use the no bridge-gr oup bridge-gr oup priority interface conf iguration command.
50-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configur in g Fallback Bridging Configuring Fallbac k Br idging Note Each switch in a sp anning tree adopts t.
50-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configuring Fallback Bridging Configuring Fallback Bridging T o return to the default setti ng, use the no bridge bridge-gr oup forward-time global con figur ation command.
50-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 50 Configur in g Fallback Bridging Monitoring and Main ta ining Fallback Bridging T o re-enable spanning tr ee on the port, use the no bridge-group bridge-gr oup spanning-disabled interface configuration command.
CH A P T E R 51-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 51 Troubleshooting This chapter describes ho w to identify and resolv e software probl ems related to the Cisco IOS softw are on the Catalyst 3750-X or 3 560-X switch.
51-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from a Software Failure • Using the sho w platform forward Command, page 51-22 .
51-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troubleshooting Recovering from a Lost or Fo rgotten Password Step 7 Connect the switch to a TFT P server through the Ethernet management port. Step 8 Start t he file transfer by using TFT P .
51-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from a Lost or Forgotten Passwor d • Connect a PC to the Ethernet management port. If you are reco vering the password fo r a switch stack, connect to the Ethernet management port of a Catalyst 3750-X stack me mber .
51-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from a Lost or Forgotten Password Step 1 Initialize the flash f ile system: switch: flash_init Step 2 If you had set the consol e port speed to an ything othe r than 9 600, it has been reset to t hat particular speed.
51-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from a Lost or Forgotten Passwor d Step 11 Change the password: Switch (config)# .
51-7 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from a Lost or Forgotten Password Step 1 Elect to continue with p assword recov e.
51-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Preventing Switch Stack Problems Step 10 Y ou must now reconf igure the switch. If the system administrator has the b ackup switch and VLAN confi guration f iles a vail able, you should use those.
51-9 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from a Command Switch Failure Recovering from a Command Switch Failure This section describes ho w to recov er from a failed command swit ch.
51-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from a Command Switch Failure Step 6 Enter glob al configuration mode . Switch# configure terminal Enter configuration commands, one per line.
51-11 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from a Command Switch Failure Step 17 Start your bro wser , and enter the IP ad dress of the ne w command switch.
51-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Recovering from Lost Cluster Member Connectivity Step 7 Respond to the questions in the setup program. When prompted for the hostname, recall th at on a co mmand switch, the hostname is limited to 2 8 characters.
51-13 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Preventing Autonegotiation Mismatche s Preventing Autonegotiation Mismatches The IEEE 802.
51-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting SFP Module Security and Identification Disabled Port Caused by False Link Up If a Cisco po .
51-15 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Monitoring Temperature Monitoring Temperature The switch monitors the t emperature conditions and uses t he temperature information to contr ol the fans.
51-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using Layer 2 Traceroute Note Though o ther protocol keywords are av ai lable with the pin g command, the y are not supported in this release.
51-17 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using Layer 2 Traceroute Usage Guidelines • Cisco Discov ery Protocol (CDP) must be enabled on all t he devi ces in the network . For Layer 2 traceroute to function properly , do not disable CDP .
51-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using IP Traceroute Using IP Traceroute • Understanding IP T raceroute, page 51-18 • Ex.
51-19 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using TDR This example sh ows ho w to perform a traceroute to an IP host: Switch# traceroute ip 171.9.15.10 Type escape sequence to abort. Tracing the route to 171.
51-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using Debug Comm ands TDR can detect these cabling problems: • Open, broken , or cut twisted-pair wi res—The wire s are not connected to the wi res from the remote device.
51-21 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using Debug Commands Note For complete syntax and us age information for specif ic debug commands, se e the command r eference for this release.
51-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using the show platfo rm forward Command Redirecting Debug and Error Message Output By default, the netw ork server sends the outpu t from debug co mmands and system error messages to the console.
51-23 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using the sho w platform forward Command ========================================== Egress:.
51-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using the cras hinfo Files This is an example of the output wh en the packet coming in on port 1 in VLA N 5 ha s a dest ination MA C address set to the router MAC address in V LAN 5 an d the destination IP address unkno wn.
51-25 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using On-Board Failure Lo gging Basic crashinfo Files The information in th e basic fil e includes the Cisco IOS image n ame and version that failed, a list of t he processor registers, and a stack trace.
51-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Using On-Boa rd Failure Logging Understanding OBFL By default, OBFL is enabled. It collects information about the swit ch and small form-factor pluggable (SFP) modules.
51-27 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Troubleshooting Tab les In a switch stack, if y ou enter the hw-module module [ switch-number ] logging onboard command on a stack member that does not support OBFL, such as a Cat alyst 3750 switch, a message appears with that informati on.
51-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Troubleshooting Ta bles Troubleshooting CPU Utilization This section lists some possible sy mptoms that could be caused by the CPU being too busy an d shows ho w to v erify a CPU u tilization problem.
51-29 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Troubleshooting Tab les For complete in formation about CPU ut ilization and h ow to trou bleshoot utilization pr oblems, see the T r oubleshooting High CPU Utilizati on do cumen t on Cisco.
51-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Troubleshooting Ta bles No PoE on all ports o r a group of ports. T rouble is on all switch ports. Nonpo wered Et hernet devices cannot establi sh an Ethernet link on an y port, and PoE de vices do not po wer on.
51-31 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Troubleshooting Tab les Cisco IP Phone disconnects or resets. After workin g normally , a Cisco phone or wi reless access point intermittentl y reloads or disconnects from PoE.
51-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Troubleshooting Ta bles Troubleshooting Stackwise (Catalyst 3750-X Switches Only) Ta b l e .
51-33 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Troubleshooting Tab les Slo w traff ic throughput on stack ring T est the switch interface. Defec ti ve StackW ise switch interface. Note The only solution is to replace t he switch.
51-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 51 Troublesho oting Troubleshooting Ta bles.
CH A P T E R 52-1 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 52 Configuring Online Diagnostics This chapter describes ho w to conf igure the online d iagnostics on the Catalyst 3750-X or 3560-X switch.
52-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 52 Configuring Online Diagnostics Configuring Onlin e Dia gnostics Scheduling Online Diagnostics Y ou can schedule online diagnostics to run at a designated time of day or on a daily , weekly , or monthly basis for a switch.
52-3 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 52 Configuring Online Diagnostics Configuring Online Diagnostics By default, health mon itoring is disabled, b ut th e switch generates a sysl og me ssage when a test fails.
52-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 52 Configuring Online Diagnostics Running Online Diagnostic Tests T o disable diagnostic test ing and return to .
52-5 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 52 Configuring Online Diagnostics Running Online Diagnostic Tests Starting Online Diagnostic Tests After you conf igure diagnostic tests to run on the sw itch, use the diagnostic st art pri vileged EXEC command to beg in diagnostic testing.
52-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Chapter 52 Configuring Online Diagnostics Running Online Diagnostic Tests For e x amples of the show diagnostic command ou tput, see the “Examples” section of the show diagnostic command in the command ref erence for this release.
A-1 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 APPENDIX A Supported MIBs This appendix lists t he supported managemen t in formation base (MIBs) for this release on th e Catalyst 3750-X or 3560-X switch.
A-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix A Supported MIBs MIB List • CISCO-HSRP-MIB (not supported on switches running the LA N Base feature set) • C.
A-3 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix A Supported MIBs MIB List • CISCO-VLAN-MEMBERSHIP-MIB • CISCO-VTP-MIB • ENTITY -MIB • ETHERLIKE-MIB • IEEE8021-P AE-MIB • IEEE8023-LA G-MIB • IF-MIB (In and out counters for VLANs are not supp orted.
A-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix A Supported MIBs Using FTP to Acce ss the MIB Files Using FTP to Access the MIB Files Y ou can get each MIB fi le by using this procedu re: Step 1 Make sure that your FTP cl ient is in passi ve mode.
B-1 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 APPENDIX B Working with the Cisco IOS File System, Configuration Files, and Software Images This appendi x describes how.
B-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File .
B-3 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Work ing with the Flash Fil.
B-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File .
B-5 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Work ing with the Flash Fil.
B-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Some in valid comb inations of source and destin ation exist.
B-7 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Work ing with the Flash File System Beginning in privile ged EXEC mode, follow these step s to create a file, display the con tents, and extract it.
B-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System This example sho ws how to create a f ile .
B-9 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration .
B-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration .
B-11 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration.
B-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration .
B-13 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration.
B-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files The username and password must be associ ated with an account on the FTP server .
B-15 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration.
B-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration .
B-17 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration.
B-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files • When you upload a file to the RC P server , it must be properly configured to accept the RCP write request from t he user on the switch.
B-19 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s This exampl e sho ws how to specify a remote username o f netadmin1 .
B-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration .
B-21 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration.
B-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration .
B-23 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration.
B-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration .
B-25 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Imag.
B-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Image s Image Location on the Switch The Cisco IOS image is stored as a .
B-27 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images Copying Image Files By Using TFTP Y ou can do wnload a switch image from a TFTP serv er or upload the image from the switch to a TFTP server .
B-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Image.
B-29 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Imag.
B-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Image s The algorithm installs the do wnloaded image on the system board flash de vice (flash:).
B-31 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images Copying Image Files By Using FTP Y ou can do wnload a switch image from an FTP serv er or upload the image from t he switch to an FTP server .
B-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Image s Use the ip ftp username and ip ftp password commands to sp ecify a username and password for all copies.
B-33 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Imag.
B-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Image.
B-35 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Imag.
B-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Image.
B-37 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images If the switch IP ad dress translates to Switch1.
B-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Image.
B-39 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Imag.
B-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Image.
C-1 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 APPENDIX C Unsupported Commands in Cisco IOS Release 12.2(53)SE2 This appendix lists some of th e command-line interf ac.
C-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix C Unsupported Comman ds in Cisco IOS Release 12.2(53)SE2 Archive Commands Unsupported Route-Map Configuration Commands match ip addr ess pref ix-list pr efix-li st-name [ pr efix-list-name .
C-3 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix C Unsupported Commands in Cisco IOS Release 12.2(53) SE 2 De bug Commands Debug Commands Note These commands are supported only on Catalyst 3750-X switches.
C-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix C Unsupported Comman ds in Cisco IOS Release 12.2(53)SE2 Fallback Bridging tag trigger (EEM) Unsupported Command.
C-5 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix C Unsupported Commands in Cisco IOS Release 12.2(53) SE 2 HSRP bridge bridge-gr oup ro ut e pr otocol bridge br.
C-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix C Unsupported Comman ds in Cisco IOS Release 12.2(53)SE2 IGMP Snooping Commands interfac e Lex interfac e Multi .
C-7 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix C Unsupported Commands in Cisco IOS Release 12.2(53) SE 2 IP Multicast Routing IP Multicast Routing Unsupported Privileged EXEC Commands clear ip rtp header -compression [ type number ] The deb ug ip pack et command displays packets recei ved by the switch CPU.
C-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix C Unsupported Comman ds in Cisco IOS Release 12.2(53)SE2 IP Unicast Routing ip multicast use-functional ip pim m.
C-9 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix C Unsupported Commands in Cisco IOS Release 12.2(53) SE 2 IP Unicast Routing router iso-igr p router mobile rou.
C-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix C Unsupported Comman ds in Cisco IOS Release 12.2(53)SE2 MAC Address Commands set ip destination ip-addr ess ma.
C-11 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix C Unsupported Commands in Cisco IOS Release 12.2(53) SE 2 Miscellaneous Miscellaneous Unsupported User EXEC Co.
C-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix C Unsupported Comman ds in Cisco IOS Release 12.2(53)SE2 NetFlow Commands NetFlow Commands Unsupported Global C.
C-13 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Appendix C Unsupported Commands in Cisco IOS Release 12.2(53) SE 2 SNMP aaa authentication featur e default line radius.
C-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Appendix C Unsupported Comman ds in Cisco IOS Release 12.2(53)SE2 VTP VTP Unsupported Privileged EXEC Command vtp { password passwor d | pruning | version number } Note This command has been replaced by the vtp global conf iguration command.
IN-1 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 INDEX Numerics 10-Gigabit Ethernet interfaces 13-7 802.1AE 11-31 802.1x-REV 11-31 A AAA down policy, NAC Layer 2 IP val.
Index IN-2 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 ACLs (continued) host keywo rd 37-13 IP creating 37-8 fragments an d QoS guideline s 39- 36 implicit deny 37-10, 3.
Index IN-3 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 addresses (continued) MAC, discovering 7-31 multicast group address range 48-3 STP address management 20-8 static.
Index IN-4 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 authentication manager CLI commands 11-9 compatibility with older 802.
Index IN-5 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 backup static routin g, configuring 46-12 banners configuring login 7-19 message-of-the-day login 7-18 default co.
Index IN-6 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 BPDU guard described 22-2 disabling 22-14 enabling 22-13 support for 1-8 bridged packets, ACLs on 37-39 bridge gro.
Index IN-7 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Cisco Medianet See Auto Smartports macros Cisco Network Assistant See Network Assistant Cisco Redundant Power Sys.
Index IN-8 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 clusters, switch (continued) passwords 6-14 RADIUS 6-16 SNMP 6-14, 6-17 switch stacks 6-14 TACACS+ 6-16 See also c.
Index IN-9 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 configuration, initial defaults 1-16 Express Setup 1-2 See also getting started gui de and hardware installatio n.
Index IN-10 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 critical VLAN 11-21 cross-stack EtherChannel configuration guid elines 40-13 configuring on Layer 2 interfaces 40.
Index IN-11 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 default configuration (continued) MVR 26-19 NTP 7-4 optional spanni ng-tree configuration 22-12 OSPF 42-27 passw.
Index IN-12 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 DHCP-based autoconfiguration (continued) overview 3-3 relationship to BOOTP 3-4 relay support 1-6, 1-14 support f.
Index IN-13 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 DHCPv6 configuration guid elines 43-15 default configu ration 43-15 described 43-6 enabling client function 43-1.
Index IN-14 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 dual protoc ol stacks IPv4 and IPv6 43-6 SDM templates supporting 43-6 DVMRP autosummarization configuring a summ.
Index IN-15 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 dynamic ARP inspection (continued) rate limiting of ARP pack ets configuring 25-10 described 25-4 error-disabled.
Index IN-16 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 enhanced ob ject tracking stat ic routing 46-10 environmental variables, embedded event mana ger 36-5 environment.
Index IN-17 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Ethernet VLANs adding 15-7 defaults and ranges 15-7 modifying 15-7 EUI 43-3 event detectors, embe dded event man.
Index IN-18 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 Fast Uplink Transiti on Protocol 22-6 features, incompatible 28-12 FIB 42-90 fiber-optic, detect ing unidirection.
Index IN-19 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 G general q uery 23-5 Generatin g IGMP Reports 23-3 get-bulk-request o peration 35-3 get-next-request operati on.
Index IN-20 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 I IBPG 42-44 ICMP IPv6 43-4 redirect messages 42-12 support for 1-14 time-exceeded messages 51-18 traceroute and .
Index IN-21 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 IGMP (continued) report suppression described 26-5 disabling 26-15, 27-11 supported ve rsions 26-3 support for 1.
Index IN-22 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 interfaces (continued) described 13-36 descriptive n ame, adding 13-36 displaying i nformation about 13-45 duplex.
Index IN-23 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 IP multicast routin g addresses all-hosts 48-3 all-multicast-routers 48-3 host group address rang e 48-3 adminis.
Index IN-24 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 IP phones and QoS 17-1 automatic classifica tion and queueing 39-23 configuring 17-4 ensuring port se curity with.
Index IN-25 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 IP source guard (continued) static bindings adding 24-19, 24-21 deletin g 24-20 static hosts 24-21 IP traceroute.
Index IN-26 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 IPv6 (continued) address formats 43-2 and switch stacks 43-9 applications 43-5 assigning address 43-11 autoconfig.
Index IN-27 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 Kerberos authenticating to boundary switch 10-42 KDC 10-42 network services 10-42 configuration examples 10-39 c.
Index IN-28 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 link-state tracking configuring 40-25 described 40-23 LLDP configuring 30-5 characteristics 30-6 default configu .
Index IN-29 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 MAC extended access lists applying to Layer 2 interfaces 37-30 configuring for Qo S 39-50 creating 37-28 defined.
Index IN-30 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 messages, to users through banners 7-17 metrics, in BGP 42-52 metric translations, between ro uting protocols 42-.
Index IN-31 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 MSDP benefit s of 49-3 clearing MSDP connections and statistics 49-19 controlling source information forwarded b.
Index IN-32 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 MSTP (continued) extended system ID effects on root switch 21-18 effects on secondary root switch 21-19 unexpected be havior 21-18 IEEE 802.
Index IN-33 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 multioperations schedu ling, IP SLAs 45-5 multiple authentication 11-12 Multiple HSRP See MHSRP multiple VPN rou.
Index IN-34 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 network configuration examples (continued) server aggregation and Linux server cluster 1-24 small to medium-sized.
Index IN-35 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 online diagnost ics described 52-1 overview 52-1 running tests 52-4 open1x configuring 11-64 open1x authenticati.
Index IN-36 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 PIM default configu ration 48-11 dense mode overview 48-4 rendezvous point (RP), de scribed 48-5 RPF lookups 48-9.
Index IN-37 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 policy maps for QoS characteristics of 39-57 described 39-8 displayin g 39-88 hierarchical 39-9 hierarchical on .
Index IN-38 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 port-based authentication (continued) per-user ACLs AAA authorization 11-41 configuration tasks 11-17 described 1.
Index IN-39 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 port security (continued) configuring 28-13 default configu ration 28-11 described 28-8 displayin g 28-19 enabli.
Index IN-40 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 promiscuous ports configuring 18-12 defined 18-2 protected ports 1-10, 28-6 protocol-dependent modules, EIGRP 42-.
Index IN-41 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 QoS (continued) configuration guid elines auto-QoS 39-28 standard QoS 39-36 configuring aggregate policers 39-68.
Index IN-42 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 QoS (continued) policers configuring 39-59, 39-65, 39-69 described 39-9 displayin g 39-88 number of 39-38 types o.
Index IN-43 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 RARP 42-10 rcommand command 6-16 RCP configuration files downloading B-18 overview B-17 preparing the server B-1.
Index IN-44 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 RFC (continued) 1166, IP addresses 42-7 1253, OSPF 42-25 1267, BGP 42-43 1305, NTP 7-2 1587, NSSAs 42-26 1757, RM.
Index IN-45 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 RSPAN 32-3 and stack changes 32-10 characteristics 32-9 configuration guid elines 32-17 default configu ration 3.
Index IN-46 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 secure HTTP server configuring 10-53 displayin g 10-55 secure MAC addresses and switch stacks 28-18 deletin g 28-.
Index IN-47 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 SNMP accessing MIB variables with 35-4 agent described 35-4 disabling 35-7 and IP SLAs 45-2 authentication level.
Index IN-48 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 SPAN and stack changes 32-10 configuration guid elines 32-12 default configu ration 32-12 destination ports 32-8 .
Index IN-49 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 stack changes, effects on ACL configuration 37-7 CDP 29-2 cross-stack EtherChannel 40-13 EtherChannel 40-10 fallback bridging 50-3 HSRP 44-5 IEEE 802.
Index IN-50 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 stacks, switch (continued) MAC address of 5-20 management connectivit y 5-17 managing 5-1 managing mixed See Cata.
Index IN-51 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 startup configuration booting manually 3-18 specific image 3-19 clearing B-20 configuration file automatically d.
Index IN-52 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 STP (continued) default optional feature configuration 22-12 designated port, defined 20-4 designated switch, def.
Index IN-53 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 subnet mask 42-7 subnet zero 42-7 success response, VMPS 15-26 summer time 7-13 SunNet Manager 1-6 supernet 42-8.
Index IN-54 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 system MTU and IEEE 802.1Q tunneling 19-5 system name default configu ration 7-15 default setting 7-15 manual con.
Index IN-55 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 time stamps in log messages 34-8 time zones 7-12 TLVs defined 30-2 LLDP 30-2 LLDP-MED 30-2 Token Ring VLANs supp.
Index IN-56 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 trunks allowed-VLAN list 15-19 configuring 15-18, 15-23, 15-25 ISL 15-14 load sharing setting STP path costs 15-2.
Index IN-57 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 UNIX syslog servers daemon configuration 34-12 facilities supported 34-14 message logging config uration 34-13 u.
Index IN-58 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 VLAN load ba lancing on flex links configuration guid elines 23-8 described 23-2 VLAN management domain 16-2 VLAN.
Index IN-59 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 VMPS (continued) dynamic port member ship described 15-26 reconfirming 15-29 troubleshooting 15-31 entering serv.
Index IN-60 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01 VTP (continued) modes client 16-3 off 16-3 server 16-3 transition s 16-3 transparent 16-3 monitoring 16-17 passwo.
Index IN-61 Catalyst 3750-X and 3560-X Switch Software Configurat ion Guide OL-21521-01 WTD described 39-15 setting thresholds egress queue-sets 39-81 ingress queues 39-77 support for 1-13.
Index IN-62 Catalyst 3750-X and 3560-X Switch Software Configuration Guide OL-21521-01.
Een belangrijk punt na aankoop van elk apparaat Cisco Systems 3560X (of zelfs voordat je het koopt) is om de handleiding te lezen. Dit moeten wij doen vanwege een paar simpele redenen:
Als u nog geen Cisco Systems 3560X heb gekocht dan nu is een goed moment om kennis te maken met de basisgegevens van het product. Eerst kijk dan naar de eerste pagina\'s van de handleiding, die je hierboven vindt. Je moet daar de belangrijkste technische gegevens Cisco Systems 3560X vinden. Op dit manier kan je controleren of het apparaat aan jouw behoeften voldoet. Op de volgende pagina's van de handleiding Cisco Systems 3560X leer je over alle kenmerken van het product en krijg je informatie over de werking. De informatie die je over Cisco Systems 3560X krijgt, zal je zeker helpen om een besluit over de aankoop te nemen.
In een situatie waarin je al een beziter van Cisco Systems 3560X bent, maar toch heb je de instructies niet gelezen, moet je het doen voor de hierboven beschreven redenen. Je zult dan weten of je goed de alle beschikbare functies heb gebruikt, en of je fouten heb gemaakt die het leven van de Cisco Systems 3560X kunnen verkorten.
Maar de belangrijkste taak van de handleiding is om de gebruiker bij het oplossen van problemen te helpen met Cisco Systems 3560X . Bijna altijd, zal je daar het vinden Troubleshooting met de meest voorkomende storingen en defecten #MANUAl# samen met de instructies over hun opplosinge. Zelfs als je zelf niet kan om het probleem op te lossen, zal de instructie je de weg wijzen naar verdere andere procedure, bijv. door contact met de klantenservice of het dichtstbijzijnde servicecentrum.