3560-X
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Catalyst 3750-X and 3560-X Sw itch
Software Configuration Guide
Cisco IOS Release 12.2(53)SE2
May 2010
Text Part Number: OL-21521-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
S
HIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compres
sion is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
AL
L FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIM
ITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
W
ITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCDE, CCENT, CCSI, Cisco Eos, Cisco Explorer, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase,
Cis
co StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco TrustSec, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip
Mi
no, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work,
Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Styl
ized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and
Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the
Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Co
llaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the
IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY,
PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are
registered trademarks of Cisco and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the propert
y of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (1002R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display
output, and figures included in the
document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
© 2010 Cisco Systems, Inc. All rights reserved.
iii
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
CONTENTS
Preface xlix
Audience xlix
Purpose xlix
Conventions xlix
Related Publications l
Obtaining Documentation and Submitting a Service Request li
CHAPTER
1 Overview 1-1
Features 1-1
Deployment Features 1-2
Performance Features 1-4
Management Options 1-5
Manageability Features 1-6
Availability and Redundancy Features 1-8
VLAN Features 1-9
Security Features 1-9
QoS and CoS Features 1-12
Layer 3 Features 1-14
Power over Ethernet Features 1-15
Monitoring Features 1-15
Default Settings After Initial Switch Configuration 1-16
Network Configuration Examples 1-19
Design Concepts for Using the Switch 1-19
Small to Medium-Sized Network Using Catalyst 3750-X and 3560-X Switches 1-26
Large Network Using Catalyst 3750-X and 3560-X Switches 1-28
Multidwelling Network Using Catalyst 3750-X Switches 1-31
Long-Distance, High-Bandwidth Tra n s po rt Co nfiguration 1-32
Where to Go Next 1-33
CHAPTER
2 Using the Command-Line Interface 2-1
Understanding Command Modes 2-1
Understanding the Help System 2-3
Understanding Abbreviated Commands 2-3
Contents
iv
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Understanding no and default Forms of Commands 2-4
Understanding CLI Error Messages 2-4
Using Configuration Logging 2-4
Using Command History 2-5
Changing the Command History Buffer Size 2-5
Recalling Commands 2-6
Disabling the Command History Feature 2-6
Using Editing Features 2-6
Enabling and Disabling Editing Features 2-6
Editing Commands through Keystrokes 2-7
Editing Command Lines that Wrap 2-8
Searching and Filtering Output of show and more Commands 2-9
Accessing the CLI 2-9
Accessing the CLI through a Console Connection or through Telnet 2-10
CHAPTER
3 Assigning the Switch IP Address and Default Gateway 3-1
Understanding the Boot Process 3-1
Assigning Switch Information 3-2
Default Switch Information 3-3
Understanding DHCP-Based Autoconfiguration 3-3
DHCP Client Request Process 3-4
Understanding DHCP-based Autoconfiguration and Image Update 3-5
DHCP Autoconfiguration 3-5
DHCP Auto-Image Update 3-5
Limitations and Restrictions 3-6
Configuring DHCP-Based Autoconfiguration 3-6
DHCP Server Configuration Guidelines 3-7
Configuring the TFTP Server 3-7
Configuring the DNS 3-8
Configuring the Relay Device 3-8
Obtaining Configuration Files 3-9
Example Configuration 3-10
Configuring the DHCP Auto Configuration and Image Update Features 3-11
Configuring DHCP Autoconfiguration (Only Configuration File) 3-11
Configuring DHCP Auto-Image Update (Configuration File and Image) 3-12
Configuring the Client 3-14
Manually Assigning IP Information 3-15
Checking and Saving the Running Configuration 3-15
Contents
v
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Modifying the Startup Configuration 3-16
Default Boot Configuration 3-17
Automatically Downloading a Configuration File 3-17
Specifying the Filename to Read and Write the System Configuration 3-17
Booting Manually 3-18
Booting a Specific Software Image 3-19
Controlling Environment Variables 3-20
Scheduling a Reload of the Software Image 3-22
Configuring a Scheduled Reload 3-22
Displaying Scheduled Reload Information 3-23
CHAPTER
4 Configuring Cisco IOS Configuration Engine 4-1
Understanding Cisco Configuration Engine Software 4-1
Configuration Service 4-2
Event Service 4-3
NameSpace Mapper 4-3
What You Should Know About the CNS IDs and Device Hostnames 4-3
ConfigID 4-3
DeviceID 4-4
Hostname and DeviceID 4-4
Using Hostname, DeviceID, and ConfigID 4-4
Understanding Cisco IOS Agents 4-5
Initial Configuration 4-5
Incremental (Partial) Configuration 4-6
Synchronized Configuration 4-6
Configuring Cisco IOS Agents 4-6
Enabling Automated CNS Configuration 4-6
Enabling the CNS Event Agent 4-8
Enabling the Cisco IOS CNS Agent 4-9
Enabling an Initial Configuration 4-9
Enabling a Partial Configuration 4-13
Displaying CNS Configuration 4-14
CHAPTER
5 Managing Switch Stacks 5-1
Understanding Switch Stacks 5-2
Switch Stack Membership 5-4
Stack Master Election and Re-Election 5-5
Switch Stack Bridge ID and Router MAC Address 5-7
Stack Member Numbers 5-7
Contents
vi
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Stack Member Priority Values 5-8
Switch Stack Offline Configuration 5-8
Effects of Adding a Provisioned Switch to a Switch Stack 5-9
Effects of Replacing a Provisioned Switch in a Switch Stack 5-10
Effects of Removing a Provisioned Switch from a Switch Stack 5-10
Hardware Compatibility and SDM Mismatch Mode in Switch Stacks 5-10
Switch Stack Software Compatibility Recommendations 5-11
Stack Protocol Version Compatibility 5-11
Major Version Number Incompatibility Among Switches 5-11
Minor Version Number Incompatibility Among Switches 5-12
Understanding Auto-Upgrade and Auto-Advise 5-12
Auto-Upgrade and Auto-Advise Example Messages 5-13
Incompatible Software and Stack Member Image Upgrades 5-15
Switch Stack Configuration Files 5-15
Additional Considerations for System-Wide Configuration on Switch Stacks 5-16
Switch Stack Management Connectivity 5-17
Connectivity to the Switch Stack Through an IP Address 5-17
Connectivity to the Switch Stack Through an SSH Session 5-17
Connectivity to the Switch Stack Through Console Ports or Ethernet Management Ports 5-17
Connectivity to Specific Stack Members 5-18
Switch Stack Configuration Scenarios 5-18
Configuring the Switch Stack 5-20
Default Switch Stack Configuration 5-20
Enabling Persistent MAC Address 5-20
Assigning Stack Member Information 5-22
Assigning a Stack Member Number 5-22
Setting the Stack Member Priority Value 5-23
Provisioning a New Member for a Switch Stack 5-23
Accessing the CLI of a Specific Stack Member 5-25
Displaying Switch Stack Information 5-25
Troubleshooting Stacks 5-25
Manually Disabling a Stack Port 5-26
Re-Enabling a Stack Port While Another Member Starts 5-26
Understanding the show switch stack-ports summary Output 5-27
Identifying Loopback Problems 5-28
Software Loopback 5-28
Software Loopback Example: No Connected Stack Cable 5-29
Software Loopback Examples: Connected Stack Cables 5-29
Hardware Loopback 5-30
Contents
vii
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Hardware Loopback Example: LINK OK event 5-30
Hardware Loop Example: LINK NOT OK Event 5-31
Finding a Disconnected Stack Cable 5-32
Fixing a Bad Connection Between Stack Ports 5-33
CHAPTER
6 Clustering Switches 6-1
Understanding Switch Clusters 6-2
Cluster Command Switch Characteristics 6-3
Standby Cluster Command Switch Characteristics 6-3
Candidate Switch and Cluster Member Switch Characteristics 6-4
Planning a Switch Cluster 6-4
Automatic Discovery of Cluster Candidates and Members 6-5
Discovery Through CDP Hops 6-5
Discovery Through Non-CDP-Capable and Noncluster-Capable Devices 6-6
Discovery Through Different VLANs 6-7
Discovery Through Different Management VLANs 6-7
Discovery Through Routed Ports 6-8
Discovery of Newly Installed Switches 6-9
HSRP and Standby Cluster Command Switches 6-10
Virtual IP Addresses 6-11
Other Considerations for Cluster Standby Groups 6-11
Automatic Recovery of Cluster Configuration 6-12
IP Addresses 6-13
Hostnames 6-13
Passwords 6-14
SNMP Community Strings 6-14
Switch Clusters and Switch Stacks 6-14
TACACS+ and RADIUS 6-16
LRE Profiles 6-16
Using the CLI to Manage Switch Clusters 6-16
Catalyst 1900 and Catalyst 2820 CLI Considerations 6-17
Using SNMP to Manage Switch Clusters 6-17
CHAPTER
7 Administering the Switch 7-1
Managing the System Time and Date 7-1
Understanding the System Clock 7-2
Understanding Network Time Protocol 7-2
Contents
viii
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Configuring NTP 7-4
Default NTP Configuration 7-4
Configuring NTP Authentication 7-4
Configuring NTP Associations 7-5
Configuring NTP Broadcast Service 7-6
Configuring NTP Access Restrictions 7-8
Configuring the Source IP Address for NTP Packets 7-10
Displaying the NTP Configuration 7-11
Configuring Time and Date Manually 7-11
Setting the System Clock 7-11
Displaying the Time and Date Configuration 7-12
Configuring the Time Zone 7-12
Configuring Summer Time (Daylight Saving Time) 7-13
Configuring a System Name and Prompt 7-14
Default System Name and Prompt Configuration 7-15
Configuring a System Name 7-15
Understanding DNS 7-15
Default DNS Configuration 7-16
Setting Up DNS 7-16
Displaying the DNS Configuration 7-17
Creating a Banner 7-17
Default Banner Configuration 7-17
Configuring a Message-of-the-Day Login Banner 7-18
Configuring a Login Banner 7-19
Managing the MAC Address Table 7-19
Building the Address Table 7-20
MAC Addresses and VLANs 7-20
MAC Addresses and Switch Stacks 7-21
Default MAC Address Table Configuration 7-21
Changing the Address Aging Time 7-21
Removing Dynamic Address Entries 7-22
Configuring MAC Address Change Notification Traps 7-22
Configuring MAC Address Move Notification Traps 7-24
Configuring MAC Threshold Notification Traps 7-25
Adding and Removing Static Address Entries 7-27
Configuring Unicast MAC Address Filtering 7-28
Disabling MAC Address Learning on a VLAN 7-29
Displaying Address Table Entries 7-30
Managing the ARP Table 7-31
Contents
ix
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
CHAPTER
8 Configuring SDM Templates 8-1
Understanding the SDM Templates 8-1
Dual IPv4 and IPv6 SDM Templates 8-2
SDM Templates and Switch Stacks 8-3
Configuring the Switch SDM Template 8-4
Default SDM Template 8-4
SDM Template Configuration Guidelines 8-4
Setting the SDM Template 8-5
Displaying the SDM Templates 8-6
CHAPTER
9 Configuring Catalyst 3750-X StackPower 9-1
Understanding StackPower 9-1
StackPower Modes 9-2
Power Priority 9-3
Load Shedding 9-3
Immediate Load Shedding Example 9-4
Configuring Stack Power 9-6
Configuring Power Stack Parameters 9-6
Configuring Power Stack Switch Power Parameters 9-7
Configuring PoE Port Priority 9-8
CHAPTER
10 Configuring Switch-Based Authentication 10-1
Preventing Unauthorized Access to Your Switch 10-1
Protecting Access to Privileged EXEC Commands 10-2
Default Password and Privilege Level Configuration 10-2
Setting or Changing a Static Enable Password 10-3
Protecting Enable and Enable Secret Passwords with Encryption 10-3
Disabling Password Recovery 10-5
Setting a Telnet Password for a Terminal Line 10-6
Configuring Username and Password Pairs 10-6
Configuring Multiple Privilege Levels 10-7
Setting the Privilege Level for a Command 10-8
Changing the Default Privilege Level for Lines 10-9
Logging into and Exiting a Privileg e Lev el 10-9
Controlling Switch Access with TACACS+ 10-10
Understanding TACACS+ 10-10
TACACS+ Operation 10-12
Configuring TACACS+ 10-12
Contents
x
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Default TACACS+ Configuration 10-13
Identifying the TACACS+ Server Host and Setting the Authentication Key 10-13
Configuring TACACS+ Login Authentication 10-14
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 10-16
Starting TACACS+ Accounting 10-17
Displaying the TACACS+ Configuration 10-17
Controlling Switch Access with RADIUS 10-17
Understanding RADIUS 10-18
RADIUS Operation 10-19
RADIUS Change of Authorization 10-19
Change-of-Authorization Requests 10-20
CoA Request Response Code 10-21
CoA Request Commands 10-22
Stacking Guidelines for Session Termination 10-25
Configuring RADIUS 10-26
Default RADIUS Configuration 10-27
Identifying the RADIUS Server Host 10-27
Configuring RADIUS Login Authentication 10-29
Defining AAA Server Groups 10-31
Configuring RADIUS Authorization for User Privileged Access and Network Services 10-33
Starting RADIUS Accounting 10-34
Configuring Settings for All RADIUS Servers 10-35
Configuring the Switch to Use Vendor-Specific RADIUS Attributes 10-35
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 10-36
Configuring CoA on the Switch 10-37
Monitoring and Troubleshooting CoA Functionality 10-38
Configuring RADIUS Server Load Balancing 10-39
Displaying the RADIUS Configuration 10-39
Controlling Switch Access with Kerberos 10-39
Understanding Kerberos 10-39
Kerberos Operation 10-41
Authenticating to a Boundary Switch 10-42
Obtaining a TGT from a KDC 10-42
Authenticating to Network Services 10-42
Configuring Kerberos 10-42
Configuring the Switch for Local Authentication and Authorization 10-43
Configuring the Switch for Secure Shell 10-44
Understanding SSH 10-45
SSH Servers, Integrated Clients, and Supported Versions 10-45
Limitations 10-46
Contents
xi
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Configuring SSH 10-46
Configuration Guidelines 10-46
Setting Up the Switch to Run SSH 10-46
Configuring the SSH Server 10-47
Displaying the SSH Configuration and Status 10-48
Configuring the Switch for Secure Socket Layer HTTP 10-49
Understanding Secure HTTP Servers and Clients 10-49
Certificate Authority Trustpoints 10-49
CipherSuites 10-51
Configuring Secure HTTP Servers and Clients 10-51
Default SSL Configuration 10-51
SSL Configuration Guidelines 10-52
Configuring a CA Trustpoint 10-52
Configuring the Secure HTTP Server 10-53
Configuring the Secure HTTP Client 10-54
Displaying Secure HTTP Server and Client Status 10-55
Configuring the Switch for Secure Copy Protocol 10-55
Information About Secure Copy 10-56
CHAPTER
11 Configuring IEEE 802.1x Port-Based Authentication 11-1
Understanding IEEE 802.1x Port-Based Authentication 11-1
Device Roles 11-3
Authentication Process 11-4
Authentication Initiation and Message Exchange 11-6
Authentication Manager 11-8
Port-Based Authentication Methods 11-8
Per-User ACLs and Filter-Ids 11-9
Authentication Manager CLI Commands 11-9
Ports in Authorized and Unauthorized States 11-10
802.1x Authentication and Switch Stacks 11-11
802.1x Host Mode 11-12
802.1x Multiple Authentication Mode 11-12
MAC Move 11-13
802.1x Accounting 11-13
802.1x Accounting Attribute-Value Pairs 11-13
802.1x Readiness Check 11-14
802.1x Authentication with VLAN Assignment 11-15
802.1x Authentication with Per-User ACLs 11-16
Contents
xii
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
802.1x Authentication with Downloadable ACLs and Redirect URLs 11-17
Cisco Secure ACS and Attribute-Value Pairs for the Redirect URL 11-17
Cisco Secure ACS and Attribute-Value Pairs for Downloadable ACLs 11-18
VLAN ID-based MAC Authentication 11-18
802.1x Authentication with Guest VLAN 11-19
802.1x Authentication with Restricted VLAN 11-20
802.1x Authentication with Inaccessible Authentication Bypass 11-20
Support on Multiple-Authentication Ports 11-21
Authentication Results 11-21
Feature Interactions 11-21
802.1x User Distribution 11-22
802.1x User Distribution Configuration Guidelines 11-23
IEEE 802.1x Authentication with Voice VLAN Ports 11-23
IEEE 802.1x Authentication with Port Security 11-24
IEEE 802.1x Authentication with Wake-on-LAN 11-24
IEEE 802.1x Authentication with MAC Authentication Bypass 11-25
Network Admission Control Layer 2 IEEE 802.1x Validation 11-26
Flexible Authentication Ordering 11-27
Open1x Authentication 11-27
Multidomain Authentication 11-27
802.1x Supplicant and Authenticator Switches with Network Edge Access Topology (NEAT) 11-29
Guidelines 11-29
Voice Aware 802.1x Security 11-30
Common Session ID 11-30
Understanding Media Access Control Security and MACsec Key Agreement 11-31
MKA Policies 11-32
Virtual Ports 11-32
MACsec and Stacking 11-32
MACsec, MKA and 802.1x Host Modes 11-33
MKA Statistics 11-34
Configuring 802.1x Authentication 11-34
Default 802.1x Authentication Configuration 11-35
802.1x Authentication Configuration Guidelines 11-36
802.1x Authentication 11-36
VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication
Bypass
11-37
MAC Authentication Bypass 11-38
Maximum Number of Allowed Devices Per Port 11-38
Configuring 802.1x Readiness Check 11-38
Configuring Voice Aware 802.1x Security 11-39
Contents
xiii
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Configuring 802.1x Violation Modes 11-41
Configuring 802.1x Authentication 11-41
Configuring the Switch-to-RADIUS-Server Communication 11-43
Configuring the Host Mode 11-44
Configuring Periodic Re-Authentication 11-45
Manually Re-Authenticating a Client Connected to a Port 11-46
Changing the Quiet Period 11-47
Changing the Switch-to-Client Retransmission Time 11-47
Setting the Switch-to-Client Frame-Retransmission Number 11-48
Setting the Re-Authentication Number 11-49
Enabling MAC Move 11-49
Configuring 802.1x Accounting 11-50
Configuring a Guest VLAN 11-51
Configuring a Restricted VLAN 11-52
Configuring the Inaccessible Authentication Bypass Feature 11-53
Configuring 802.1x Authentication with WoL 11-56
Configuring MAC Authentication Bypass 11-56
Configuring 802.1x User Distribution 11-57
Configuring NAC Layer 2 IEEE 802.1x Validation 11-58
Configuring an Authenticator and a Supplicant Switch with NEAT 11-59
Configuring NEAT with ASP 11-61
Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs 11-61
Configuring Downloadable ACLs 11-61
Configuring a Downloadable Policy 11-62
Configuring VLAN ID-based MAC Authentication 11-63
Configuring Flexible Authentication Ordering 11-64
Configuring Open1x 11-64
Configuring a Web Authentication Local Banner 11-65
Disabling 802.1x Authentication on the Port 11-66
Resetting the 802.1x Authentication Configuration to the Default Values 11-66
Configuring MKA and MACsec 11-67
Configuring an MKA Policy 11-67
Configuring MACsec on an Interface 11-67
Displaying 802.1x Statistics and Status 11-69
CHAPTER
12 Configuring Web-Based Authentication 12-1
Understanding Web-Based Authentication 12-1
Device Roles 12-2
Host Detection 12-2
Contents
xiv
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Session Creation 12-3
Authentication Process 12-3
Local Web Authentication Banner 12-4
Web Authentication Customizable Web Pages 12-6
Guidelines 12-6
Web-based Authentication Interactions with Other Features 12-7
Port Security 12-7
LAN Port IP 12-8
Gateway IP 12-8
ACLs 12-8
Context-Based Access Control 12-8
802.1x Authentication 12-8
EtherChannel 12-8
Configuring Web-Based Authentication 12-9
Default Web-Based Authentication Configuration 12-9
Web-Based Authentication Configuration Guidelines and Restrictions 12-9
Web-Based Authentication Configuration Task List 12-10
Configuring the Authentication Rule and Interfaces 12-10
Configuring AAA Authentication 12-11
Configuring Switch-to-RADIUS-Server Communication 12-11
Configuring the HTTP Server 12-13
Customizing the Authentication Proxy Web Pages 12-13
Specifying a Redirection URL for Successful Login 12-15
Configuring an AAA Fail Policy 12-15
Configuring the Web-Based Authentication Parameters 12-16
Configuring a Web Authentication Local Banner 12-16
Removing Web-Based Authentication Cache Entries 12-17
Displaying Web-Based Authentication Status 12-17
CHAPTER
13 Configuring Interface Characteristics 13-1
Interface Types 13-1
Port-Based VLANs 13-2
Switch Ports 13-2
Access Ports 13-3
Trunk Ports 13-3
Tunnel Ports 13-4
Routed Ports 13-4
Switch Virtual Interfaces 13-5
SVI Autostate Exclude 13-6
Contents
xv
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
EtherChannel Port Groups 13-6
10-Gigabit Ethernet Interfaces 13-7
Power over Ethernet Ports 13-7
Supported Protocols and Standards 13-7
Powered-Device Detection and Initial Power Allocation 13-8
Power Management Modes 13-9
Power Monitoring and Power Policing 13-10
Connecting Interfaces 13-12
Using the Switch USB Ports 13-13
USB Mini-Type B Console Port 13-13
Console Port Change Logs 13-13
Configuring the Console Media Type 13-14
Configuring the USB Inactivity Timeout 13-15
USB Type A Port 13-16
Using Interface Configuration Mode 13-17
Procedures for Configuring Interfaces 13-18
Configuring a Range of Interfaces 13-19
Configuring and Using Interface Range Macros 13-21
Using the Ethernet Management Port 13-22
Understanding the Ethernet Management Port 13-23
Supported Features on the Ethernet Management Port 13-25
Configuring the Ethernet Management Port 13-25
TFTP and the Ethernet Management Port 13-26
Configuring Ethernet Interfaces 13-26
Default Ethernet Interface Configuration 13-27
Configuring Interface Speed and Duplex Mode 13-28
Speed and Duplex Configuration Guidelines 13-28
Setting the Interface Speed and Duplex Parameters 13-29
Configuring IEEE 802.3x Flow Control 13-30
Configuring Auto-MDIX on an Interface 13-31
Configuring a Power Management Mode on a PoE Port 13-32
Budgeting Power for Devices Connected to a PoE Port 13-33
Configuring Power Policing 13-35
Adding a Description for an Interface 13-36
Configuring Layer 3 Interfaces 13-37
Configuring SVI Autostate Exclude 13-39
Configuring the System MTU 13-39
Configuring the Cisco RPS 2300 in a Mixed Stack 13-42
Configuring the Power Supplies 13-44
Contents
xvi
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Monitoring and Maintaining the Interfaces 13-45
Monitoring Interface Status 13-45
Clearing and Resetting Interfaces and Counters 13-46
Shutting Down and Restarting the Interface 13-47
CHAPTER
14 Configuring Auto Smartports Macros 14-1
Understanding Auto Smartports and Static Smartports Macros 14-1
Auto Smartports and Cisco Medianet 14-2
Configuring Auto Smartports 14-3
Default Auto Smartports Configuration 14-3
Auto Smartports Configuration Guidelines 14-4
Enabling Auto Smartports 14-5
Configuring Auto Smartports Default Parameter Values 14-6
Configuring Auto Smartports MAC-Address Groups 14-7
Configuring Auto Smartports Macro Persistent 14-8
Configuring Auto Smartports Built-In Macro Options 14-9
Creating User-Defined Event Triggers 14-11
Configuring Auto Smartports User-Defined Macros 14-15
Configuring Static Smartports Macros 14-17
Default Static Smartports Configuration 14-17
Static Smartports Configuration Guidelines 14-17
Applying Static Smartports Macros 14-18
Displaying Auto Smartports and Static Smartports Macros 14-20
CHAPTER
15 Configuring VLANs 15-1
Understanding VLANs 15-1
Supported VLANs 15-2
VLAN Port Membership Modes 15-3
Configuring Normal-Range VLANs 15-4
Token Ring VLANs 15-5
Normal-Range VLAN Configuration Guidelines 15-5
Configuring Normal-Range VLANs 15-6
Saving VLAN Configuration 15-6
Default Ethernet VLAN Configuration 15-7
Creating or Modifying an Ethernet VLAN 15-7
Deleting a VLAN 15-8
Assigning Static-Access Ports to a VLAN 15-9
Contents
xvii
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Configuring Extended-Range VLANs 15-10
Default VLAN Configuration 15-10
Extended-Range VLAN Configuration Guidelines 15-10
Creating an Extended-Range VLAN 15-11
Creating an Extended-Range VLAN with an Internal VLAN ID 15-13
Displaying VLANs 15-14
Configuring VLAN Trunks 15-14
Trunking Overview 15-14
Encapsulation Types 15-16
IEEE 802.1Q Configuration Considerations 15-17
Default Layer 2 Ethernet Interface VLAN Configuration 15-17
Configuring an Ethernet Interface as a Trunk Port 15-17
Interaction with Other Features 15-18
Configuring a Trunk Port 15-18
Defining the Allowed VLANs on a Trunk 15-19
Changing the Pruning-Eligible List 15-20
Configuring the Native VLAN for Untagged Traffic 15-21
Configuring Trunk Ports for Load Sharing 15-22
Load Sharing Using STP Port Priorities 15-22
Load Sharing Using STP Path Cost 15-24
Configuring VMPS 15-25
Understanding VMPS 15-26
Dynamic-Access Port VLAN Membership 15-26
Default VMPS Client Configuration 15-27
VMPS Configuration Guidelines 15-27
Configuring the VMPS Client 15-28
Entering the IP Address of the VMPS 15-28
Configuring Dynamic-Access Ports on VMPS Clients 15-28
Reconfirming VLAN Memberships 15-29
Changing the Reconfirmation Interval 15-29
Changing the Retry Count 15-30
Monitoring the VMPS 15-30
Troubleshooting Dynamic-Access Port VLAN Membership 15-31
VMPS Configuration Example 15-31
CHAPTER
16 Configuring VTP 16-1
Understanding VTP 16-1
The VTP Domain 16-2
VTP Modes 16-3
Contents
xviii
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
VTP Advertisements 16-4
VTP Version 2 16-4
VTP Version 3 16-5
VTP Pruning 16-6
VTP and Switch Stacks 16-7
Configuring VTP 16-8
Default VTP Configuration 16-8
VTP Configuration Guidelines 16-9
Domain Names 16-9
Passwords 16-9
VTP Version 16-10
Configuration Requirements 16-11
Configuring VTP Mode 16-11
Configuring a VTP Version 3 Password 16-13
Configuring a VTP Version 3 Primary Server 16-14
Enabling the VTP Version 16-14
Enabling VTP Pruning 16-15
Configuring VTP on a Per-Port Basis 16-16
Adding a VTP Client Switch to a VTP Domain 16-16
Monitoring VTP 16-17
CHAPTER
17 Configuring Voice VLAN 17-1
Understanding Voice VLAN 17-1
Cisco IP Phone Voice Traffic 17-2
Cisco IP Phone Data Traffic 17-2
Configuring Voice VLAN 17-3
Default Voice VLAN Configuration 17-3
Voice VLAN Configuration Guidelines 17-3
Configuring a Port Connected to a Cisco 7960 IP Phone 17-4
Configuring Cisco IP Phone Voice Traffic 17-5
Configuring the Priority of Incoming Data Frames 17-6
Displaying Voice VLAN 17-7
CHAPTER
18 Configuring Private VLANs 18-1
Understanding Private VLANs 18-1
IP Addressing Scheme with Private VLANs 18-3
Private VLANs across Multiple Switches 18-4
Contents
xix
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Private-VLAN Interaction with Other Features 18-4
Private VLANs and Unicast, Broadcast, and Multicast Traffic 18-4
Private VLANs and SVIs 18-5
Private VLANs and Switch Stacks 18-5
Configuring Private VLANs 18-5
Tasks for Configuring Private VLANs 18-6
Default Private-VLAN Configuration 18-6
Private-VLAN Configuration Guidelines 18-6
Secondary and Primary VLAN Configuration 18-6
Private-VLAN Port Configuration 18-8
Limitations with Other Features 18-8
Configuring and Associating VLANs in a Private VLAN 18-9
Configuring a Layer 2 Interface as a Private-VLAN Host Port 18-11
Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port 18-12
Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface 18-13
Monitoring Private VLANs 18-14
CHAPTER
19 Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling 19-1
Understanding IEEE 802.1Q Tunneling 19-1
Configuring IEEE 802.1Q Tunneling 19-4
Default IEEE 802.1Q Tunneling Configuration 19-4
IEEE 802.1Q Tunneling Configuration Guidelines 19-4
Native VLANs 19-4
System MTU 19-5
IEEE 802.1Q Tunneling and Other Features 19-6
Configuring an IEEE 802.1Q Tunneling Port 19-7
Understanding Layer 2 Protocol Tunneling 19-8
Configuring Layer 2 Protocol Tunneling 19-10
Default Layer 2 Protocol Tunneling Configuration 19-11
Layer 2 Protocol Tunneling Configuration Guidelines 19-12
Configuring Layer 2 Protocol Tunneling 19-13
Configuring Layer 2 Tunneling for EtherChannels 19-14
Configuring the SP Edge Switch 19-14
Configuring the Customer Switch 19-16
Monitoring and Maintaining Tunneling Status 19-18
CHAPTER
20 Configuring STP 20-1
Understanding Spanning-Tree Features 20-1
STP Overview 20-2
Contents
xx
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Spanning-Tree Topology and BPDUs 20-3
Bridge ID, Switch Priority, and Extended System ID 20-4
Spanning-Tree Interface States 20-5
Blocking State 20-6
Listening State 20-7
Learning State 20-7
Forwarding State 20-7
Disabled State 20-7
How a Switch or Port Becomes the Root Switch or Root Port 20-8
Spanning Tree and Redundant Connectivity 20-8
Spanning-Tree Address Management 20-8
Accelerated Aging to Retain Connectivity 20-9
Spanning-Tree Modes and Protocols 20-9
Supported Spanning-Tree Instances 20-10
Spanning-Tree Interoperability and Backward Compatibility 20-10
STP and IEEE 802.1Q Trunks 20-10
VLAN-Bridge Spanning Tree 20-11
Spanning Tree and Switch Stacks 20-11
Configuring Spanning-Tree Features 20-12
Default Spanning-Tree Configuration 20-12
Spanning-Tree Configuration Guidelines 20-13
Changing the Spanning-Tree Mode. 20-14
Disabling Spanning Tree 20-15
Configuring the Root Switch 20-15
Configuring a Secondary Root Switch 20-17
Configuring Port Priority 20-18
Configuring Path Cost 20-20
Configuring the Switch Priority of a VLAN 20-21
Configuring Spanning-Tree Timers 20-22
Configuring the Hello Time 20-22
Configuring the Forwarding-Delay Time for a VLAN 20-23
Configuring the Maximum-Aging Time for a VLAN 20-23
Configuring the Transmit Hold-Count 20-24
Displaying the Spanning-Tree Status 20-24
Contents
xxi
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
CHAPTER
21 Configuring MSTP 21-1
Understanding MSTP 21-2
Multiple Spanning-Tree Regions 21-2
IST, CIST, and CST 21-2
Operations Within an MST Region 21-3
Operations Between MST Regions 21-3
IEEE 802.1s Terminology 21-5
Hop Count 21-5
Boundary Ports 21-6
IEEE 802.1s Implementation 21-6
Port Role Naming Change 21-6
Interoperation Between Legacy and Standard Switches 21-7
Detecting Unidirectional Link Failure 21-7
MSTP and Switch Stacks 21-8
Interoperability with IEEE 802.1D STP 21-8
Understanding RSTP 21-9
Port Roles and the Active Topology 21-9
Rapid Convergence 21-10
Synchronization of Port Roles 21-11
Bridge Protocol Data Unit Format and Processing 21-12
Processing Superior BPDU Information 21-13
Processing Inferior BPDU Information 21-13
Topology Changes 21-13
Configuring MSTP Features 21-14
Default MSTP Configuration 21-14
MSTP Configuration Guidelines 21-15
Specifying the MST Region Configuration and Enabling MSTP 21-16
Configuring the Root Switch 21-18
Configuring a Secondary Root Switch 21-19
Configuring Port Priority 21-20
Configuring Path Cost 21-21
Configuring the Switch Priority 21-22
Configuring the Hello Time 21-23
Configuring the Forwarding-Delay Time 21-24
Configuring the Maximum-Aging Time 21-24
Configuring the Maximum-Hop Count 21-25
Specifying the Link Type to Ensure Rapid Transitions 21-25
Designating the Neighbor Type 21-26
Restarting the Protocol Migration Process 21-26
Displaying the MST Configuration and Status 21-27
Contents
xxii
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
CHAPTER
22 Configuring Optional Spanning-Tree Features 22-1
Understanding Optional Spanning-Tree Features 22-1
Understanding Port Fast 22-2
Understanding BPDU Guard 22-2
Understanding BPDU Filtering 22-3
Understanding UplinkFast 22-3
Understanding Cross-Stack UplinkFast 22-5
How CSUF Works 22-6
Events that Cause Fast Convergence 22-7
Understanding BackboneFast 22-7
Understanding EtherChannel Guard 22-10
Understanding Root Guard 22-10
Understanding Loop Guard 22-11
Configuring Optional Spanning-Tree Features 22-11
Default Optional Spanning-Tree Configuration 22-12
Optional Spanning-Tree Configuration Guidelines 22-12
Enabling Port Fast 22-12
Enabling BPDU Guard 22-13
Enabling BPDU Filtering 22-14
Enabling UplinkFast for Use with Redundant Links 22-15
Enabling Cross-Stack UplinkFast 22-16
Enabling BackboneFast 22-16
Enabling EtherChannel Guard 22-17
Enabling Root Guard 22-18
Enabling Loop Guard 22-18
Displaying the Spanning-Tree Status 22-19
CHAPTER
23 Configuring Flex Links and the MAC Address-Table Move Update Feature 23-1
Understanding Flex Links and the MAC Address-Table Move Update 23-1
Flex Links 23-1
VLAN Flex Link Load Balancing and Support 23-2
Flex Link Multicast Fast Convergence 23-3
Learning the Other Flex Link Port as the mrouter Port 23-3
Generating IGMP Reports 23-3
Leaking IGMP Reports 23-4
MAC Address-Table Move Update 23-6
Configuring Flex Links and MAC Address-Table Move Update 23-7
Configuration Guidelines 23-7
Default Configuration 23-8
Contents
xxiii
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Configuring Flex Links 23-8
Configuring VLAN Load Balancing on Flex Links 23-10
Configuring the MAC Address-Table Move Update Feature 23-12
Monitoring Flex Links and the MAC Address-Table Move Update 23-14
CHAPTER
24 Configuring DHCP Features and IP Source Guard 24-1
Understanding DHCP Features 24-1
DHCP Server 24-2
DHCP Relay Agent 24-2
DHCP Snooping 24-2
Option-82 Data Insertion 24-3
Cisco IOS DHCP Server Database 24-6
DHCP Snooping Binding Database 24-6
DHCP Snooping and Switch Stacks 24-7
Configuring DHCP Features 24-8
Default DHCP Configuration 24-8
DHCP Snooping Configuration Guidelines 24-9
Configuring the DHCP Server 24-10
DHCP Server and Switch Stacks 24-10
Configuring the DHCP Relay Agent 24-11
Specifying the Packet Forwarding Address 24-11
Enabling DHCP Snooping and Option 82 24-12
Enabling DHCP Snooping on Private VLANs 24-14
Enabling the Cisco IOS DHCP Server Database 24-14
Enabling the DHCP Snooping Binding Database Agent 24-15
Displaying DHCP Snooping Information 24-16
Understanding IP Source Guard 24-16
Source IP Address Filtering 24-17
Source IP and MAC Address Filtering 24-17
IP Source Guard for Static Hosts 24-17
Configuring IP Source Guard 24-18
Default IP Source Guard Configuration 24-18
IP Source Guard Configuration Guidelines 24-18
Enabling IP Source Guard 24-19
Configuring IP Source Guard for Static Hosts 24-20
Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port 24-20
Configuring IP Source Guard for Static Hosts on a Private VLAN Host Port 24-24
Displaying IP Source Guard Information 24-25
Understanding DHCP Server Port-Based Address Allocation 24-26
Contents
xxiv
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Configuring DHCP Server Port-Based Address Allocation 24-26
Default Port-Based Address Allocation Configuration 24-26
Port-Based Address Allocation Configuration Guidelines 24-26
Enabling DHCP Server Port-Based Address Allocation 24-27
Displaying DHCP Server Port-Based Address Allocation 24-29
CHAPTER
25 Configuring Dynamic ARP Inspection 25-1
Understanding Dynamic ARP Inspection 25-1
Interface Trust States and Network Security 25-3
Rate Limiting of ARP Packets 25-4
Relative Priority of ARP ACLs and DHCP Snooping Entries 25-4
Logging of Dropped Packets 25-5
Configuring Dynamic ARP Inspection 25-5
Default Dynamic ARP Inspection Configuration 25-5
Dynamic ARP Inspection Configuration Guidelines 25-6
Configuring Dynamic ARP Inspection in DHCP Environments 25-7
Configuring ARP ACLs for Non-DHCP Environments 25-8
Limiting the Rate of Incoming ARP Packets 25-10
Performing Validation Checks 25-12
Configuring the Log Buffer 25-13
Displaying Dynamic ARP Inspection Information 25-14
CHAPTER
26 Configuring IGMP Snooping and MVR 26-1
Understanding IGMP Snooping 26-2
IGMP Versions 26-3
Joining a Multicast Group 26-3
Leaving a Multicast Group 26-4
Immediate Leave 26-5
IGMP Configurable-Leave Timer 26-5
IGMP Report Suppression 26-5
IGMP Snooping and Switch Stacks 26-6
Configuring IGMP Snooping 26-6
Default IGMP Snooping Configuration 26-6
Enabling or Disabling IGMP Snooping 26-7
Setting the Snooping Method 26-7
Configuring a Multicast Router Port 26-8
Configuring a Host Statically to Join a Group 26-9
Enabling IGMP Immediate Leave 26-10
Configuring the IGMP Leave Timer 26-10
Contents
xxv
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Configuring TCN-Related Commands 26-11
Controlling the Multicast Flooding Time After a TCN Event 26-11
Recovering from Flood Mode 26-12
Disabling Multicast Flooding During a TCN Event 26-12
Configuring the IGMP Snooping Querier 26-13
Disabling IGMP Report Suppression 26-14
Displaying IGMP Snooping Information 26-15
Understanding Multicast VLAN Registration 26-16
Using MVR in a Multicast Television Application 26-17
Configuring MVR 26-19
Default MVR Configuration 26-19
MVR Configuration Guidelines and Limitations 26-19
Configuring MVR Global Parameters 26-20
Configuring MVR Interfaces 26-21
Displaying MVR Information 26-22
Configuring IGMP Filtering and Throttling 26-23
Default IGMP Filtering and Throttling Configuration 26-23
Configuring IGMP Profiles 26-24
Applying IGMP Profiles 26-25
Setting the Maximum Number of IGMP Groups 26-26
Configuring the IGMP Throttling Action 26-26
Displaying IGMP Filtering and Throttling Configuration 26-28
CHAPTER
27 Configuring IPv6 MLD Snooping 27-1
Understanding MLD Snooping 27-1
MLD Messages 27-3
MLD Queries 27-3
Multicast Client Aging Robustness 27-3
Multicast Router Discovery 27-4
MLD Reports 27-4
MLD Done Messages and Immediate-Leave 27-4
Topology Change Notification Processing 27-5
MLD Snooping in Switch Stacks 27-5
Configuring IPv6 MLD Snooping 27-5
Default MLD Snooping Configuration 27-6
MLD Snooping Configuration Guidelines 27-6
Enabling or Disabling MLD Snooping 27-7
Configuring a Static Multicast Group 27-8
Configuring a Multicast Router Port 27-8
Contents
xxvi
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Enabling MLD Immediate Leave 27-9
Configuring MLD Snooping Queries 27-10
Disabling MLD Listener Message Suppression 27-11
Displaying MLD Snooping Information 27-12
CHAPTER
28 Configuring Port-Based Traffic Control 28-1
Configuring Storm Control 28-1
Understanding Storm Control 28-1
Default Storm Control Configuration 28-3
Configuring Storm Control and Threshold Levels 28-3
Configuring Small-Frame Arrival Rate 28-5
Configuring Protected Ports 28-6
Default Protected Port Configuration 28-6
Protected Port Configuration Guidelines 28-7
Configuring a Protected Port 28-7
Configuring Port Blocking 28-7
Default Port Blocking Configuration 28-8
Blocking Flooded Traffic on an Interface 28-8
Configuring Port Security 28-8
Understanding Port Security 28-9
Secure MAC Addresses 28-9
Security Violations 28-10
Default Port Security Configuration 28-11
Port Security Configuration Guidelines 28-11
Enabling and Configuring Port Security 28-13
Enabling and Configuring Port Security Aging 28-17
Port Security and Switch Stacks 28-18
Port Security and Private VLANs 28-18
Displaying Port-Based Traffic Control Settings 28-19
CHAPTER
29 Configuring CDP 29-1
Understanding CDP 29-1
CDP and Switch Stacks 29-2
Configuring CDP 29-2
Default CDP Configuration 29-2
Configuring the CDP Characteristics 29-2
Disabling and Enabling CDP 29-3
Disabling and Enabling CDP on an Interface 29-4
Monitoring and Maintaining CDP 29-5
Contents
xxvii
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
CHAPTER
30 Configuring LLDP, LLDP-MED, and Wired Location Service 30-1
Understanding LLDP, LLDP-MED, and Wired Location Service 30-1
LLDP 30-1
LLDP-MED 30-2
Wired Location Service 30-3
Configuring LLDP, LLDP-MED, and Wired Location Service 30-5
Default LLDP Configuration 30-5
Configuration Guidelines 30-5
Enabling LLDP 30-6
Configuring LLDP Characteristics 30-6
Configuring LLDP-MED TLVs 30-7
Configuring Network-Policy TLV 30-8
Configuring Location TLV and Wired Location Service 30-9
Monitoring and Maintaining LLDP, LLDP-MED, and Wired Location Service 30-11
CHAPTER
31 Configuring UDLD 31-1
Understanding UDLD 31-1
Modes of Operation 31-1
Methods to Detect Unidirectional Links 31-2
Configuring UDLD 31-4
Default UDLD Configuration 31-4
Configuration Guidelines 31-4
Enabling UDLD Globally 31-5
Enabling UDLD on an Interface 31-6
Resetting an Interface Disabled by UDLD 31-6
Displaying UDLD Status 31-7
CHAPTER
32 Configuring SPAN and RSPAN 32-1
Understanding SPAN and RSPAN 32-1
Local SPAN 32-2
Remote SPAN 32-3
SPAN and RSPAN Concepts and Terminology 32-4
SPAN Sessions 32-4
Monitored Traffic 32-6
Source Ports 32-7
Source VLANs 32-7
VLAN Filtering 32-7
Destination Port 32-8
RSPAN VLAN 32-9
Contents
xxviii
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
SPAN and RSPAN Interaction with Other Features 32-9
SPAN and RSPAN and Switch Stacks 32-10
Understanding Flow-Based SPAN 32-11
Configuring SPAN and RSPAN 32-12
Default SPAN and RSPAN Configuration 32-12
Configuring Local SPAN 32-12
SPAN Configuration Guidelines 32-12
Creating a Local SPAN Session 32-13
Creating a Local SPAN Session and Configuring Incoming Traffic 32-15
Specifying VLANs to Filter 32-16
Configuring RSPAN 32-17
RSPAN Configuration Guidelines 32-17
Configuring a VLAN as an RSPAN VLAN 32-18
Creating an RSPAN Source Session 32-19
Specifying VLANs to Filter 32-20
Creating an RSPAN Destination Session 32-21
Creating an RSPAN Destination Session and Configuring Incoming Traffic 32-22
Configuring FSPAN and FRSPAN 32-24
FSPAN and FRSPAN Configuration Guidelines 32-24
Configuring an FSPAN Session 32-25
Configuring an FRSPAN Session 32-26
Displaying SPAN, RSPAN. FSPAN, and FRSPAN Status 32-28
CHAPTER
33 Configuring RMON 33-1
Understanding RMON 33-1
Configuring RMON 33-2
Default RMON Configuration 33-3
Configuring RMON Alarms and Events 33-3
Collecting Group History Statistics on an Interface 33-5
Collecting Group Ethernet Statistics on an Interface 33-5
Displaying RMON Status 33-6
CHAPTER
34 Configuring System Message Logging 34-1
Understanding System Message Logging 34-1
Configuring System Message Logging 34-2
System Log Message Format 34-2
Default System Message Logging Configuration 34-4
Disabling Message Logging 34-4
Contents
xxix
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Setting the Message Display Destination Device 34-5
Synchronizing Log Messages 34-6
Enabling and Disabling Time Stamps on Log Messages 34-8
Enabling and Disabling Sequence Numbers in Log Messages 34-8
Defining the Message Severity Level 34-9
Limiting Syslog Messages Sent to the History Table and to SNMP 34-10
Enabling the Configuration-Change Logger 34-11
Configuring UNIX Syslog Servers 34-12
Logging Messages to a UNIX Syslog Daemon 34-12
Configuring the UNIX System Logging Facility 34-13
Displaying the Logging Configuration 34-14
CHAPTER
35 Configuring SNMP 35-1
Understanding SNMP 35-1
SNMP Versions 35-2
SNMP Manager Functions 35-3
SNMP Agent Functions 35-4
SNMP Community Strings 35-4
Using SNMP to Access MIB Variables 35-4
SNMP Notifications 35-5
SNMP ifIndex MIB Object Values 35-5
Configuring SNMP 35-6
Default SNMP Configuration 35-6
SNMP Configuration Guidelines 35-7
Disabling the SNMP Agent 35-7
Configuring Community Strings 35-8
Configuring SNMP Groups and Users 35-9
Configuring SNMP Notifications 35-12
Setting the CPU Threshold Notification Types and Values 35-16
Setting the Agent Contact and Location Information 35-16
Limiting TFTP Servers Used Through SNMP 35-17
SNMP Examples 35-18
Displaying SNMP Status 35-19
CHAPTER
36 Configuring Embedded Event Manager 36-1
Understanding Embedded Event Manager 36-1
Event Detectors 36-3
Embedded Event Manager Actions 36-4
Embedded Event Manager Policies 36-4
Contents
xxx
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Embedded Event Manager Environment Variables 36-5
EEM 3.2 36-5
Configuring Embedded Event Manager 36-6
Registering and Defining an Embedded Event Manager Applet 36-6
Registering and Defining an Embedded Event Manager TCL Script 36-7
Displaying Embedded Event Manager Information 36-8
CHAPTER
37 Configuring Network Security with ACLs 37-1
Understanding ACLs 37-2
Supported ACLs 37-2
Port ACLs 37-3
Router ACLs 37-4
VLAN Maps 37-5
Handling Fragmented and Unfragmented Traffic 37-5
ACLs and Switch Stacks 37-6
Configuring IPv4 ACLs 37-7
Creating Standard and Extended IPv4 ACLs 37-8
Access List Numbers 37-8
ACL Logging 37-9
Creating a Numbered Standard ACL 37-10
Creating a Numbered Extended ACL 37-11
Resequencing ACEs in an ACL 37-15
Creating Named Standard and Extended ACLs 37-15
Using Time Ranges with ACLs 37-17
Including Comments in ACLs 37-19
Applying an IPv4 ACL to a Terminal Line 37-19
Applying an IPv4 ACL to an Interface 37-20
Hardware and Software Treatment of IP ACLs 37-22
Troubleshooting ACLs 37-22
IPv4 ACL Configuration Examples 37-23
ACLs in a Small Networked Office 37-24
Numbered ACLs 37-25
Extended ACLs 37-25
Named ACLs 37-26
Time Range Applied to an IP ACL 37-26
Commented IP ACL Entries 37-26
ACL Logging 37-27
Creating Named MAC Extended ACLs 37-28
Applying a MAC ACL to a Layer 2 Interface 37-30
Loading...