Manuel d'utilisation / d'entretien du produit 3560 du fabricant Cisco Systems
Aller à la page of 1288
Americas Headquarters Cisco Systems, In c. 170 West Tasman Drive San Jose, CA 951 34-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553-NETS (638 7) Fax: 408 527-0883 Catal yst 3560 S witc h So ftwa r e Conf iguration Guide Cisco IOS Release 12.
THE SPECIFICATION S AND INFORMATION RE GARDING THE P RODUCTS IN THIS MA NUAL ARE SUBJECT TO CHANGE WITH OUT NOTICE. ALL STATEMENTS , INFORMATION, AND RECOMMENDATI ONS IN THI S MANUAL ARE BE LIEVED TO BE A CCURATE BUT ARE PRESENTED WI THOUT WARRANTY OF ANY KIND, EX PRESS OR IMPLIED.
iii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 CONTENTS Preface xlv Audience xlv Purpose xlv Conventi ons xlvi Related Publication s xlvi Obtaining Documentation, Obtaining Support,.
Contents iv Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Understanding CLI Error Messages 2-5 Using Configuration Logging 2-5 Using Command History 2-6 Changing the Co mmand History Bu.
Contents v Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Modifying the Startu p Configuration 3-16 Default Boot Configuration 3-16 Automatically Downloading a Configuration File 3-16 S.
Contents vi Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Examples 4-15 Querying with the Name Attribute 4-15 Querying with Keywords 4-16 Querying to Set Power Le vels 4-16 Troubleshoot.
Contents vii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Planning a Switch Cluster 6-4 Automatic Discovery of Cluster Candidates and Members 6-4 Discovery Through CDP Hops 6-5 Discov.
Contents viii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Configuring a System Name and Prompt 7-14 Default System Name and Prompt Configuration 7-15 Configuring a System Name 7-15 Un.
Contents ix Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Disabling Password Recovery 9-5 Setting a Telnet Password for a Term inal Line 9-6 Configuring Username and Password Pairs 9-6.
Contents x Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Configuring the Switch for Local Authenticatio n and Authorization 9-36 Configuring the Switch for Secure Shell 9-37 Understandi.
Contents xi Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 802.1x Readiness Check 10 -14 802.1x Authentica tion with VLAN Assignment 10-14 Using 802.
Contents xii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Setting the Re-Auth entication Number 10-44 Configuring 802.1x Accounting 10-45 Configuring a Guest VLAN 10-46 Configuring a Restricted VLAN 10-47 Configuring the Inaccessible Authentication Bypass Feature 10-49 Configuring 802.
Contents xiii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Using Interface Configuration Mode 11-10 Procedures for Configurin g Interfaces 11-11 Configuring a Range of Interfaces 11-1.
Contents xiv Catalyst 3560 Switch Software Configuration Guide OL-8553-06 CHAPTER 13 Configuring VLANs 13-1 Understanding VLANs 13-1 Supported VLANs 13-2 VLAN Port Membership Modes 13-3 Configuring No.
Contents xv Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 VMPS Configuration Guidelines 13-29 Configuring the VMPS Client 13-30 Entering the IP Address of the VMPS 13-30 Configuring Dy.
Contents xvi Catalyst 3560 Switch Software Configuration Guide OL-8553-06 VTP Configuration Guidelines 16-8 Domain Names 16-8 Passwords 16-8 VTP Versio n 16-8 Configuration Requirements 16-9 Configuri.
Contents xvii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 System MTU 16-5 IEEE 802.1Q Tunneling and Other Features 16-6 Configuring an IEEE 802.
Contents xviii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Configuring a Secondary Root Switch 17-16 Configuring Port Priority 17-17 Configuring Path Cost 17-18 Configuring the Switch.
Contents xix Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Configuring Port Priority 18-19 Configuring Path Cost 18-20 Configuring the Switch Priority 18-21 Configuring the Hello Time .
Contents xx Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Flex Link Multicast Fast Convergence 20-3 Learning the Other Flex Link Port as the mrouter Port 20-3 Generating IGMP Reports 20.
Contents xxi Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Configuring IP Source Guard 21-16 Default IP Source Guard Configuration 21-16 IP Source Guard Configuration Guidelines 21-17 .
Contents xxii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Configuring IGMP Snooping 23-6 Default IGMP Snooping Configuration 23-7 Enabling or Disabling IGMP Snooping 23-7 Setting the .
Contents xxiii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Configuring Protected Ports 24-6 Default Protected Port Configuration 24-6 Protected Port Configuration Guidelines 24-7 Con.
Contents xxiv Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Configuring LLDP-MED TLVs 26-6 Configuring Network-Policy TLV 26-7 Configuring Location TLV and Wired Location Service 26-9 M.
Contents xxv Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Configuring RSPAN 28-16 RSPAN Configuration Guidelines 28-16 Configuring a VLAN as an RSPAN VLAN 28-17 Creating an RSPAN Sour.
Contents xxvi Catalyst 3560 Switch Software Configuration Guide OL-8553-06 CHAPTER 31 Configuring SNMP 31-1 Understanding SNMP 31-1 SNMP Versio ns 31-2 SNMP Manager Functions 31-3 SNMP Agent Functions.
Contents xxvii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Handling Fragmented and Unfragmen ted Traffic 33-5 Configuring IPv4 ACLs 33-6 Creating Standard and Exte nded IPv4 ACLs 33-.
Contents xxviii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 ACLs and Routed Packets 33-39 ACLs and Multicas t Packets 33-40 Displaying IPv4 ACL Configuration 33-40 CHAPTER 34 Configur.
Contents xxix Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Enabling VLAN-Based QoS on Physical Ports 34-35 Configuring Classification Us ing Port Trust States 34-36 Configuring the Tr.
Contents xxx Catalyst 3560 Switch Software Configuration Guide OL-8553-06 PAgP Modes 35-4 PAgP Interaction with Virtual Switches and Dual-Activ e Detection 35-5 PAgP Interaction with Other Features 35.
Contents xxxi Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Configuring Address Resolution Methods 36-8 Define a Static ARP Cache 36-9 Set ARP Encapsula tion 36-9 Enable Proxy ARP 36-1.
Contents xxxii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Configuring BGP 36-40 Default BGP Configuration 36-43 Nonstop Forwardin g Awareness 36-45 Enabling BGP Routing 36-45 Managin.
Contents xxxiii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Configuring a VPN Routing Session 36-80 Configuring BGP PE to CE Routing Sessions 36-81 Multi-VRF CE Configuration Exam pl.
Contents xxxiv Catalyst 3560 Switch Software Configuration Guide OL-8553-06 SNMP and Syslog Over IPv6 37-7 HTTP(S) Over IPv6 37-8 Unsupported IPv6 Unicast Ro uting Features 37-8 Limitations 37-8 Confi.
Contents xxxv Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Configuring a Multicast Router Port 38-8 Enabling MLD Immediate Leave 38-8 Configuring MLD Snooping Queries 38-9 Disabling M.
Contents xxxvi Catalyst 3560 Switch Software Configuration Guide OL-8553-06 IP SLAs Operation Scheduling 41-5 IP SLAs Operation Threshold Monitoring 41-5 Configuring IP SLAs Operations 41-6 Default Co.
Contents xxxvii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Configuring WCCP 43-5 Default WCCP Configuration 43-5 WCCP Configuration Guidelines 43-5 Enabling the Web Cache Se rvice 4.
Contents xxxviii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Configuring SSM Mapping 44-19 Monitoring SSM Mapping 44-21 Configuring PIM Stub Routing 44-22 PIM Stub Routing Config urat.
Contents xxxix Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Controllin g Route Exchang es 44-55 Limiting the Number of DVMRP Routes Advertised 44-56 Changing the DVMRP Route Th reshol.
Contents xl Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Adjusting Spanning-Tree Parameters 46 -5 Changing the VLAN-Brid ge Spanning-Tree Priority 46-5 Changing the In terface Priority.
Contents xli Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Using Debug Commands 47-19 Enabling Debugging on a Specific Featu re 47-19 Enabling All-System Diagnos tics 47-20 Redirecting.
Contents xlii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Creating, Dis playing, an d Extracting tar Files B-6 Creating a tar File B-6 Displaying the Contents of a tar File B-7 Extrac.
Contents xliii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Copying Image Files By Using RCP B-32 Preparing to Download or Upload an Image File By Using RCP B-33 Downloading an Image File By Using RCP B-34 Uploading an Image File By Using RCP B-36 APPENDIX C Unsupported Comman ds in Cisco IOS Release 12.
Contents xliv Catalyst 3560 Switch Software Configuration Guide OL-8553-06 IP Multic ast Routing C-7 Unsupported Privileged EXEC Comma nds C-7 Unsupported Global Configura tion Commands C-8 Unsupporte.
Contents xlv Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 NetFlow Commands C-15 Unsupported Global Configuratio n Commands C-15 Network Address Translation (NAT) Command s C-15 Unsupp.
Contents xlvi Catalyst 3560 Switch Software Configuration Guide OL-8553-06.
xlv Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Preface Audience This guide is for the n etworking professional managing the Catalyst 3560 switch, hereaf ter referred to as the switch .
xlvi Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Preface Conventions This publica tion uses thes e con v entions to co n ve y instruct ions and info rmation: Command descriptions use these co n ven tions: • Commands and ke ywords are i n boldface text.
xlvii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Preface • For cluster requirements, see the Release Notes for Cisco Network Assistant (not orderable but av ai lable on Cisco.c om). • For upgrading informatio n, see the “Downloadi ng Software” sectio n in the release notes.
xlviii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Preface.
CH A P T E R 1-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 1 Overview This chapter p rovides these topics ab out the Cataly st 3560 switch so ftware: • Features, page 1-1 • Defa.
1-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Features For more information on IPv6 A CLs, see Chapter 39, “C onf iguring IPv6 ACLs. ” Some features described in this chapter are av aila ble only on the cryptog raphic (supports encryption) versions of the soft ware IP base and IP services imag es.
1-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Features – Applying actions to mu ltiple ports and multiple sw itches at the same time, such as VLA N and QoS settings, in ventory and statistic report s, link- and switch-le v el monitoring and troubleshooting, and multiple switch softw are upgrades.
1-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Features • Port blocking on forw arding unkno wn Layer 2 unk nown unicast, multicast, an d bridged broadcast traf.
1-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Features • CLI—The Cisco IOS software sup ports deskt op- and multilayer -switching features. Y ou can access the CLI either b y connecting your management station directly to the switch console port or by using T elnet from a remote management station.
1-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Features • Support for the SSM PIM pr otocol to optimize multicast applications, such as vid eo • Source Specif.
1-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Features Availability and Redundancy Features • HSRP for command switch and Layer 3 router redundanc y • Enhance.
1-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Features • Inter-Switch Link (ISL) and I EEE 802.1Q trunking encaps ulation on all ports for netw ork mov es, add.
1-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Features • Standard and extended IP acce ss control lists (A CLs) for def ining security po licies in both directi.
1-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Features – Network Edge Access T opology (NEA T) with 802.1X switch supplicant , host authorization with CISP , and auto enablement to authenticate a switch outside a wiring closet as a supplicant to another switch.
1-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Features QoS and CoS Features • Automatic QoS (auto-QoS) to simplify the deployment of existing QoS feat ures by .
1-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Features Layer 3 Features These are the Layer 3 features: Note Some features noted in this section are available on ly on the IP services image.
1-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Features • Nonstop forw arding (NSF) a wareness to enable th e Layer 3 switch to contin ue forwarding p ackets fr.
1-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Default Settings After In itial Switch Configuration • T ime Domain Reflector (TDR) to diagnose an d re solve ca.
1-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Default Settings After In itial Switch Configuration • IEEE 802.1x is disabled. Fo r more information, see Chapter 10, “Conf iguring IEEE 802.1x Port-Based Authentication.
1-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Default Settings After In itial Switch Configuration • The IGMP snooping querier feature is disabled. For more infor mation, see Chapter 23, “Conf iguring IGMP Snooping and MVR.
1-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Network Configuration Examp les Network Configuration Examples This section pro vides network con figurati on conce.
1-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Network Config uration Examples Y ou can use the switches to create the following: • Cost-ef fecti ve Gig abit-t.
1-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Network Configuration Examp les Figur e 1 -1 High-P erf or mance W ork gr oup (Gig abit-t o-the-Deskt op) • Serve.
1-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Network Config uration Examples Figur e 1- 2 Server Ag greg ation Small to Medium-Sized Network Using Catalyst 3560 Switches Figure 1-3 sho ws a conf iguration for a network of up to 500 employees.
1-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Network Configuration Examp les Catalyst PoE switch port s automatically detect any Cisco pre- standard and IEEE 802.3af-co mpliant po wered de vices that are connected.
1-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Network Config uration Examples per-user basis. The switch ports are confi gured as either trusted or untr usted. Y ou can conf igure a trusted port to tru st the CoS value, the DSC P v alue, or th e IP precedence.
1-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Where to Go Next Long-Distance, High-Bandwidth Transport Configuration Figure 1-5 sho ws a config uration for sending 8 Gigabi ts of data ov er a single fiber -optic cable.
1-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Where to Go Ne xt.
CH A P T E R 2-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 2 Using the Command-Line Interface This chapter describes th e Cisco IOS command-line interface (CLI) and ho w t o use it to config ure your Catalyst 35 60 switch.
2-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using the Comman d-Line Interface Understanding Command Modes Ta b l e 2-1 describes the main command modes, how to acce ss each one, the prompt you see in that mode, and ho w to exit th e mode.
2-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using th e Co mmand-Line Interface Understanding the Help Syste m For more detailed information on the co mmand mod es, see the command reference guide for this release.
2-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using the Comman d-Line Interface Understanding Abbreviate d Commands Understanding Abbreviated Commands Y ou need to enter only enough characters for th e switch to recognize the command as uniq ue.
2-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using th e Co mmand-Line Interface Understanding CLI Erro r Messages Understanding CLI Error Messages Ta b l e 2-3 lists some error messages that you might encounter wh ile using the CLI to conf igure your switch.
2-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using the Comman d-Line Interface Using Command Histo ry Using Command History The software pro vides a history or record of commands th at you hav e entered.
2-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using th e Co mmand-Line Interface Using Editing Features Disabling the Command History Feature The command history feature is automati cally enabled. Y ou can disable it for the current terminal session or for the command line.
2-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using the Comman d-Line Interface Using Editing Features Press Ctrl-F , or press the right arro w key . Move the cursor forward one character . Press Ctrl-A . Mo ve the cursor to the beginni ng of the command line.
2-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using th e Co mmand-Line Interface Using Editing Features Editing Command Lines that Wrap Y o u can use a wrap around feature for commands that extend be yond a single line on the screen .
2-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using the Comman d-Line Interface Searching and Filteri ng Output of show and more Commands Searching and Filtering Output of show and more Commands Y ou can search and filter the output for show and more comman ds.
CH A P T E R 3-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 3 Assigning the Switch IP Address and Default Gateway This chapter describes ho w to create the initial sw i tch configura.
3-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information The normal boot process in v olv es the operation of the boot loader soft ware, which performs these activ ities: • Performs lo w-lev el CPU initiali zation.
3-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Note If you are using DH CP , do not respond to any of t he questions in the setup prog ram until the switch recei ves the dynamically assigned IP address and reads the conf iguratio n file.
3-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information DHCP-based autoconf iguration replaces th e BOO TP client functio nality on your switch .
3-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Understanding DHCP-based Autoconfiguration .
3-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Note The configuration f ile that is do wn .
3-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information If you do not co nfigu re the DHCP server wi th the leas e options descri bed pre viously , it replies to client requests with onl y those parameters that are conf igur ed.
3-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Configuring the Relay Device Y ou must conf.
3-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information • The IP address and the conf iguration f ilename is reserv ed for the switch, b ut the TFTP serv er address is not pro vided in the DHCP reply (one-f ile read method).
3-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information DNS Server Conf iguration The DNS server maps the TFTP serv er name tftpserver to IP address 10.
3-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Configuring the DHCP Auto Configuration an.
3-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Configuring DHCP Auto-Image Updat e (Confi.
3-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Switch(dhcp-config)# exit Switch(config)# tftp-server flash:config-boot.text Switch(config)# tftp-server flash:c3560-ipservices-mz.
3-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Note Y ou should only configure and enable the Layer 3 inte rface. Do not assign an IP address or DHCP-based autoconf iguration with a sa ved co nfigu ration.
3-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Checking and Saving the Running Configuration Checking and Saving the R.
3-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Star tup Configuration Modifying the Startup Configuratio.
3-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Startup Configuration Beginni ng in pri vileged EXEC mode.
3-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Star tup Configuration Booting a Specific Software Image By default, the switch at tempts to automatically bo ot up the system usi ng information in the BOO T en vironment v ariable.
3-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Startup Configuration En vironment variables store two kinds of data: • Data that controls code, which does not read the Cisco IOS conf iguration f ile.
3-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Scheduling a Reload of the Software Image Scheduling a Reload of the So.
3-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Scheduling a Relo ad of the Software Image Proceed with reload? [confirm] T o cancel a previously schedu led reload, use the reload cancel privile ged EXEC command.
3-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Scheduling a Reload of the Software Image.
CH A P T E R 4-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 4 Configuring Cisco EnergyWise The Catalyst 3560 switch comman d reference has co mmand syntax and usage information.
4-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Managing Single Entities Energ yW ise uses a distrib uted model to manag e ener gy usage. • Switches are grouped in an En erg yW ise domain an d become domain entities.
4-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Managing Single Entities Figur e 4-1 T ypical Networ k Single PoE Switch Scenario Managing the po wer usage when • A PoE entity po wers on or of f the connected entities.
4-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Managing Single Entities Figur e 4-2 Single PoE S witch Example EnergyWise Power Level The Energ yW ise power le v el is fo r both a PoE port and a switch.
4-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Managing Single Entities EnergyWise Importance Set the Energy W ise importance v alue on a PoE po rt or a switch to rank domain entities. The range is from 1 to 100.
4-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Managing Single Entities Manually Managing Power • Po wering the En tity , page 4-6 • Confi.
4-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Managing Single Entities Configuring Entity Attributes Beginni ng in pri vileged EXEC mod e: Command Purpose Step 1 show energywise (Optiona l) V e rify that EnergyW ise is ena bled.
4-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Managing Single Entities Powering the PoE Port Beginni ng in pri vileged EXEC mode: Configuring PoE-Port Attributes Beginni ng in pri vileged EXEC mode: Step 10 show energ ywise show energ ywise domain V erify your entries.
4-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Managing Single Entities Automatically Managing Power (Recurrence) Beginni ng in pri vileged EXEC mod e: Step 4 energywise keywords wor d,wor d, .
4-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Managing Single Entities Step 3 energywise domain domain-n ame secret [ 0 | 7 ] passwor d [ pr.
4-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Managing Single Entities Examples • Setting Up the Domain, pag e 4-11 • Manually Ma naging.
4-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Managing Multiple Entities Manually Managing Power T o po wer on the lab IP ph ones no w: Switch# configure terminal Enter configuration commands, one per line.
4-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Managing Multiple Entities Multiple PoE Switch Scenario Figur e 4-3 Multiple PoE S witches Example EnergyWise Query • Collect po wer usage information.
4-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Managing Multiple Entities Use EnergyW ise importance v alues to select entities in a query . For example, an of f ice phone is less important than an emer gency ph one that should ne ve r be in sleep mode.
4-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Managing Multiple Entities Examples • Querying with the Name Attrib ute, page 4-15 • Querying with K e ywords, page 4- 16 • Querying to Set Po wer Le vels, page 4-16 In these e xamples, Swit ch 1 and Switch 2 ar e in the same domai n.
4-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Troubleshooting Ener gyWise Querying with Keywords T o show the po wer usage of IP phon es wit.
4-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Troubleshooting EnergyWise Using CLI Commands For more inf ormation about the commands, se e the command reference for this release. Verifying the Power Usage • This exampl e show s that the Cisco 7960 IP Ph one uses 6.
4-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Additional Information Additional Information • Managing Power in a LAN, page 4-18 • Managing Po wer with IP Ro uting, page 4-18 Managing Power in a LAN Multiple switches connected in the same LAN and in the same Ener gyW ise d omain.
4-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Additional Information Figur e 4-5 Energ yWise with IP Routin g On Switch 1, to pre v ent a disjointed domain, manually assign Switch 2 as a static neighbor or the re verse.
4-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Additional Information Note T o pre vent a disjointed domain, y ou can also config ur e a help.
CH A P T E R 5-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 5 Configuring Cisco IOS Configuration Engine This chapter describes ho w to conf igure the feature on the Catalyst 356 0 switch. Note For complete conf iguration info rmation fo r the Cisco Con figur ation Engine, go to http://www .
5-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Understanding Cisco Configuration Engine Software Figur e 5-1 Config uration Engin.
5-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Understanding Cisco Co nfig uration Engine Software Event Service The Cisco Config uration Engine uses the Ev ent Service for receipt and generation o f configurati on e vents.
5-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Understanding Cisco Configuration Engine Software DeviceID Each confi gured switch.
5-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Understanding Cisco IOS Agents Understanding Cisco IOS Agents The CNS ev ent agent feature allo ws the switch to publish and subscrib e to e ven ts on the e vent b us and works with the Cisco IOS ag ent.
5-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Configuring Cisco IO S Agents Incremental (Partial) Configuration After the networ k is running, ne w services can be added b y using the Cisco IOS agent.
5-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Note For more informati on about running the set up program and creating templ ates on the Conf iguration Engine, see the Cisco Configur ation Engine Installa tion and Setup Guide , 1.
5-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Configuring Cisco IO S Agents Beginni ng in pri vileged EXEC mode, follow these st.
5-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Enabling the Cisco IOS CNS Agent After enabling the CNS ev ent agent, start the Cisco IOS CNS agent on the switch.
5-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Configuring Cisco IO S Agents Step 7 di scover { contr oller contr oller-type | d.
5-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Step 13 cns id interface num { dns-re verse | ipaddr.
5-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Configuring Cisco IO S Agents T o disable the CNS Cisco IOS agent, use the no cns config initial { ip-addr ess | hostna me } global confi guration command.
5-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents This exampl e show s how to co nfigure an initial conf iguration on a remote swi tch when the switch IP address is kno wn.
5-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Displaying CNS Configuration Displaying CNS Configuration Ta b l e 5-2 Pr ivile ged EX EC sho w Commands Command Purpose show cns conf ig connections Displays the status of the CNS Cisco IOS agent connections.
CH A P T E R 6-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 6 Clustering Switches This chapter provides the concepts and procedures to create and manage Catalyst 3560 switch clusters.
6-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Sw itches Understanding Switch Clusters In a switch cluster , 1 switch must be the cluster command switch and up to 15 other switches can be cluster member sw itches .
6-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Switches Understanding Switch Clusters Cluster Command Switch Characteristics A cluster command switch must meet these requirements: • It is running Cisco IOS Release 12.
6-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Sw itches Planning a Switch Cluster • If a cluster standby grou p exists, it is connected to e very standby cluster command swi tch through at least one common VLAN.
6-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Switches Planning a Switch Cluster Follo wing th ese connecti vity guidelines ensu res auto matic discov ery of th.
6-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Sw itches Planning a Switch Cluster Discovery Through Non-CDP-Capable and Noncluster-Capable Devices If a cluster .
6-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Switches Planning a Switch Cluster Figur e 6-3 Discovery Thr ough Diff er ent VLANs Discovery Through Different Ma.
6-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Sw itches Planning a Switch Cluster Figur e 6-4 Discovery Through Diff erent Management VLANs with a Layer 3 Clust.
6-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Switches Planning a Switch Cluster Figur e 6-5 Discovery Through Routed P or ts Discovery of Newly Installed Switches T o join a cluster , t he new , out-of-the-box switch must be connected to the clust er through one of its access ports.
6-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Sw itches Planning a Switch Cluster HSRP and Standby Cluster Command Switches The switch supports Hot Standb y Router Proto col (HSRP) so that you can conf igure a g roup of standby cluster command switches.
6-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Switches Planning a Switch Cluster manage the cluster , you must access the activ e clus ter command switch through the virtual IP address, not through the command- switch IP address.
6-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Sw itches Planning a Switch Cluster Catalyst 19 00, Catalyst 28 20, Catalyst 2900 XL, Cata lyst 2950, and Cat alyst 3500 XL cluster member switches must be connected to the cl uster standby g roup through their manag ement VLANs.
6-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Switches Planning a Switch Cluster When the pre viously acti v e cluster command switch r e sumes its active role.
6-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Sw itches Planning a Switch Cluster If you change the member-switch passw ord to be dif ferent from the command-s.
6-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Switches Using the CLI to Manage Switch Clusters Using the CLI to Manage Switch Clusters Y o u can conf igure cluster member switches from the CLI b y f irst logging into the cluster command switch.
6-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Sw itches Using SNMP to Manage Switch Clusters cluster member switch. The cluster command switch u ses this community string to control the forwarding of gets, sets, and get-next messages be tween the SNMP management station and the clu ster member switches.
CH A P T E R 7-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 7 Administering the Switch This chapter describes ho w to perf orm one-time operations to administ er the Catalyst 3560 switch.
7-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the System Time and Date The system clock can provide time to these services: • User sho.
7-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the System Time and Date Figure 7-1 sho ws a typical netw ork e xample using NTP . Sw itch A is the NTP master , wi th Switches B, C, and D conf igured in NTP server mode, in server association wi th Switch A.
7-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the System Time and Date These sections contain this configu ration informatio n: • Defa.
7-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the System Time and Date T o disable NTP authentication, use the no ntp authenticate global configurat ion command. T o remove an authentication key , use the no ntp authentication-key number global confi guration command.
7-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the System Time and Date Beginni ng in pri vileged EXEC mod e, follow th ese steps to form.
7-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the System Time and Date The switch can send or receiv e NTP broadcast packets on an interface-by-interf a ce basis if there is an NTP broadcast server , such as a router , broadcasting time informatio n on the network.
7-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the System Time and Date T o disable an interface from receiv ing NTP broadcast packets, use the no ntp br oadcast client interface confi guration command.
7-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the System Time and Date The access group keyw ords are scanned in this orde r, fro m least restricti ve to most restricti v e: 1.
7-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the System Time and Date Disabling NTP Services on a Spe cific Interface NTP services are enabled on all interfaces by default.
7-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the System Time and Date Displaying the NTP Configuration Y ou can use two privileged EXEC.
7-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the System Time and Date Displaying the Time and Date Configuration T o display the time and date conf igurati on, use the show clock [ detail ] pri vile ged EXEC command.
7-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the System Time and Date Configuring Summer Time (Daylight Saving Time) Beginni ng in pri .
7-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Configuring a System N ame and Prompt Beginni ng in pri vileged EXEC mode, follow these steps if s.
7-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Configuring a System Name and Prompt These sections contain this configu ration informatio n: • D.
7-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Configuring a System N ame and Prompt These sections contain this configu ration informatio n: •.
7-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Creating a Banner If you use the switch IP address as its hostname, th e IP address is used and no DNS query occurs. If you confi gure a hostname that contains no periods (.
7-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Creating a Banne r Configuring a Message-of-the-Day Login Banner Y o u can create a single or multiline message banner th at appears on the screen when someone logs in to the switch.
7-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the MA C Address Table Beginni ng in pri vileged EXEC mod e, follow these steps to conf igure a login banner: T o delete the login banner , use the no banner login global configu ration command.
7-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the MAC Addr ess Table • Config uring MA C Address Notif ication T raps, page 7-22 • .
7-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the MA C Address Table Default MAC Address Table Configuration Ta b l e 7-3 shows the def ault MA C addr ess table conf iguration.
7-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the MAC Addr ess Table Removing Dynamic Address Entries T o remov e all dynamic entries, use the clear mac addr ess-table dynamic command in pri vile ged EXEC mode.
7-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the MA C Address Table T o disable the switch from sendi ng MA C address notif ication traps, use the no snmp-serv er enable traps mac-notif ication glob al configurati on command.
7-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the MAC Addr ess Table Adding and Removing Static Address Entries A static address has these characteristics: • It is manually entered in the address table and must be manual ly remov ed.
7-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the MA C Address Table This exampl e show s how to add the static address c2f3.
7-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the MAC Addr ess Table T o disable unicast MA C address filtering, use the no mac addr ess-table static mac-addr vlan vlan-id global conf iguratio n command.
7-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the MA C Address Table Beginni ng in pri vileged EXEC mod e, follow these steps to disable.
7-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the ARP Table Managing the ARP Table T o communicate with a de vice (ov er Ethernet, for exam ple), the softw are first must l earn the 48-bit MA C address or the local data link addr e ss of that de vice.
CH A P T E R 8-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 8 Configuring SDM Templates This chapter descri bes how to configure the Switch Databa se Management (SDM ) templates on the Catalyst 35 60 switch.
8-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 8 Config uring SDM Templates Understanding the SDM Temp lates The first eight ro ws in the tables (unicast MA C addresses through security A CEs) represent approximate hardware boun daries set when a t emplate is sele cted .
8-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 8 Configuring SDM Temp lates Configuring the Switch SDM Template Configuring the Switch SDM Template These sections contain thi.
8-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 8 Config uring SDM Templates Configuring the Switch SDM Template • Use the sdm prefer vlan global configur ation command only on swit ches intended for Layer 2 switching with no routing.
8-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 8 Configuring SDM Temp lates Displaying th e SDM Templates This is an exampl e of an output display when you ha v e changed the template an d hav e not relo aded the switch: Switch# show sdm prefer The current template is "desktop routing" template.
8-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 8 Config uring SDM Templates Displaying the SDM Templates Switch# show sdm prefer routing "desktop routing" template: The selected template optimizes the resources in the switch to support this level of features for 8 routed interfaces and 1024 VLANs.
CH A P T E R 9-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 9 Configuring Switch-Based Authentication This chapter describe s how to conf igure switch -ba sed authen tication on th e Catalyst 3560 switch.
9-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Protecting Ac cess to Pr ivileged EXEC Commands • If you want to use userna me and password pairs, but you want to store th em centrally on a server instead of locally , you ca n store the m in a database on a securi ty server .
9-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Protecting A ccess to Privileged EXEC Commands Setting or Changing a Static Enable Password The enable password controls acces s to the pri vileged EX EC mode.
9-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Protecting Ac cess to Pr ivileged EXEC Commands Beginni ng in pri vileged EXEC mode.
9-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Protecting A ccess to Privileged EXEC Commands This example sho ws how to conf igure.
9-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Protecting Ac cess to Pr ivileged EXEC Commands Setting a Telnet Password for a Ter.
9-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Protecting A ccess to Privileged EXEC Commands Beginning in priv ileged EXEC mode, f.
9-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Protecting Ac cess to Pr ivileged EXEC Commands Setting the Privilege Level for a C.
9-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Protecting A ccess to Privileged EXEC Commands Changing the Default Privilege Level .
9-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with TACACS+ Controlling Switch Access with TACACS+ This.
9-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Sw itch Access with TACACS+ Figur e 9-1 T ypical T ACA CS+ Networ k Con.
9-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with TACACS+ TACACS+ Operation When a user attempts a simple ASCII login b y authenticating to a switch using T ACA CS+, this process occurs: 1.
9-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Sw itch Access with TACACS+ These sections contain this configu ration .
9-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with TACACS+ T o remove the specif ied T ACA C S+ server name or address, use the no tacacs-server host hostname global conf iguratio n command.
9-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Sw itch Access with TACACS+ Step 3 aaa authentication logi n { default | list-name } method1 [ method2... ] Create a login authentication method list.
9-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with TACACS+ T o disable AAA, use the no aaa new-model global con figurat ion command. T o disable AAA authentic ation, use the no aaa authentication l ogin { default | list-name } method1 [ method2.
9-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS T o disable authorization, use the no aaa a uthorization { network | exec } method1 global configuration command.
9-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS • Config uring RADIUS, page 9-1 9 • Disp.
9-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS Figur e 9-2 T ransitioning fr om R ADIUS to T.
9-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS software uses the f irst method listed to authenticate, to authorize, or to keep accounts on users.
9-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS A RADIUS server and the switch us e a shared secret text string to encrypt passwords and exchange responses.
9-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS Beginning in priv ileged EXEC mode, foll ow these steps to configu re per-serv er RADIUS server communication.
9-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS This exampl e sho ws how to conf igure host1 .
9-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS Step 3 aaa authentication logi n { default | list-name } method1 [ method2... ] Create a login authenticatio n method list.
9-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS T o disable AAA, use the no aaa new-model global con figuration command. T o disable AAA authentic ation, use the no aaa authentication l ogin { default | list-name } method1 [ method2.
9-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS Beginni ng in pri vileged EXEC mode, foll ow.
9-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS T o remove the specif ied RADIUS server , use the no radius-server host hostname | ip-addr ess global confi guration command.
9-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS T o disable authorization, use the no aaa a uthorization { network | exec } method1 global configuration command.
9-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS Configuring Settings fo r All RADIUS Servers .
9-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS This example sho ws how to provide a user lo.
9-31 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS Configuring the Switch for Vendor-Proprietary.
9-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with Kerberos Displaying the RADIUS Configuration T o display the RADIU S conf iguration, use the show running-conf ig pri vile ged EXEC command.
9-33 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with Kerberos Note A Kerberos server can be a Catalyst 3560 switch that is conf igured as a network security server and that can authenticate users b y using the K erberos protocol.
9-34 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with Kerberos Kerberos Operation A K erberos server can be a Catalyst 356 0 switch that is conf igured as a network security serv er and that can authenticate remote users b y using the K erberos protocol.
9-35 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with Kerberos Authenticating to a Boundary Switch This section describes the first layer of security th rough which a remo te user must pass.
9-36 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Configuring the Switch for Local Authen tication and Authorization When you add or create entries for the hos ts and users, follo w these guidelines: • The K erberos principal name must be in all lowercase characters.
9-37 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Configuri ng the Switch for Secure Shell T o disable AAA, use the no aaa new-model global con figuration command. T o disable authorization, use the no aaa authorization { network | ex ec } method1 global co nfigurat ion command.
9-38 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Configuring the Switch for Secure Shell For SSH conf iguration e xamples, see the .
9-39 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Configuri ng the Switch for Secure Shell Limitations These limitations apply to SSH: • The switch supports Ri v est, Shamir , and Adelman (RSA) authentication.
9-40 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Configuring the Switch for Secure Shell 3. Generate an RSA ke y pair for the switch , which automatically enables SSH. F ollo w this procedure only if you are configuring the switch as an SSH serv er .
9-41 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Configuri ng the Switch for Secure Shell T o return to the def ault SSH control parameters, use the no ip ssh { ti meout | authentication-retries } global conf iguratio n command.
9-42 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Configuring the Switch for Secure Sock et Layer HTTP For more informati on about t.
9-43 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Configuring the Switch for Sec ure Socket Layer HTTP When a connection attempt i s made, the HTTPS se rver prov ides a secure connection by issuing a certified X.
9-44 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Configuring the Switch for Secure Sock et Layer HTTP For additi onal information o.
9-45 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Configuring the Switch for Sec ure Socket Layer HTTP Default SSL Configuration The standard HTTP server is enabled. SSL is enabled. No CA trustp oints are configured.
9-46 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Configuring the Switch for Secure Sock et Layer HTTP Use the no crypto ca trustpoint name global conf iguration command to delete all identity informati on and certificates associated with the CA.
9-47 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Configuring the Switch for Sec ure Socket Layer HTTP Use the no ip http server gl obal confi guration com mand to disa ble the standard HTTP server .
9-48 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Configuring the Switch for Secure Copy Pro tocol Beginni ng in pri vileged EXEC mo.
9-49 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Configuring the Switch fo r Secure Copy Protocol Because SSH also relie s on AAA authentication, and SCP relies further on AA A authorization, correct configuration is necessary .
9-50 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Configuring the Switch for Secure Copy Pro tocol.
CH A P T E R 10-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 10 Configuring IEEE 802.1x Port-Based Authentication IEEE 802.1x port-based authentica tion pre vents unauthorized de vices (clients) from gaining access to the network.
10-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication • 802.1x Authentication w ith VLAN Assignment, page 10-14 • Using 802.
10-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication • Authen tication server —performs the actual authentication of the client.
10-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication Figure 10-2 sho ws the authentication process.
10-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication The T ermination-Action RADIUS attrib ute (Attrib u te [29]) specifies the action to take during re-authentication.
10-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication Figur e 1 0-3 M essag e Exc hang e If 802.
10-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.
10-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication Per-User ACLs and Filter-Ids In releases earlier than Cisco IOS R elease 12.
10-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication For more information, see the co mmand reference for this release. Ports in Authorized and Unauthorized States During 802.
10-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.
10-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.
10-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.
10-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication 802.1x Accounting Attribute-Value Pairs The information sent t o the RADIUS server is represent ed in the form of Attrib ute-V alue (A V) pairs.
10-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.
10-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.
10-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication the egress direction. MA C ACLs are supported only in the ingress directi on.
10-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.
10-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.
10-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication restricted VLAN allows users without v alid credentials in an authen tication server (typically , visitors to an enterprise) to access a limited set of services.
10-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.
10-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.
10-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication The port security violation modes determin e the action for security vio lations.
10-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.
10-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.
10-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication Open1x Authentication Open1x authentication allows a de vice access to a port before that device is authenticated.
10-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.
10-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication For more information, see the “ Authentication Manager” section on page 10-7 and the “Conf iguring W e b Authentication” section on page 10-60 .
10-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication Figur e 1 0-7 A uthentication Successful” Banner This banner can also be customi zed, as sho wn in Figure 10-8 .
10-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Figur e 1 0-9 Login Screen With No Banner For more information, see the “Conf iguring a W eb Authentication Local Banner” sect ion on page 10-64 .
10-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication • Config uring a Restricted VLAN, page 10- 47 (optional) • Configuring the Inaccessible Auth entication Bypass Feature, page 10-49 (optional) • Config uring 802.
10-31 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication 802.1x Authentication Configuration Guidelines These section has configuration guidelines for these features: • 802.
10-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication • The 802.
10-33 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication – If the client is running W indow.
10-34 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication Configuring 802.
10-35 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Configuring Voice Aware 802.
10-36 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication This ex ample sho ws how to config ure.
10-37 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Configuring 802.
10-38 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication Configuring the Switch-to-RADIUS-Serve.
10-39 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Beginni ng in pri vileged EXEC mode, follo w these steps to conf igure the RADIUS serv er parameters on the switch.
10-40 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication Configuring the Host Mode Beginni ng in priv ileged EXEC mode, follo w these steps to allo w a single host (cli ent) or multiple hosts on an 802.
10-41 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication This exampl e show s how to en able 802.
10-42 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication T o disable periodic re-authenti cation, use the no authentication periodic or the no dot1x reauthenti cation interface conf iguration command.
10-43 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication T o return to the defa ult quiet time, use the no dot1x timeout quiet-period interf ace conf iguration command.
10-44 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication Setting the Switch-to-Client Frame-Ret.
10-45 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Beginni ng in pri vileged EXEC mode, follow these steps to set the re-authentication number .
10-46 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication Beginni ng in pri vileged EXEC mode, follow these steps to conf igure 802.1x accounting aft er AAA is enabled on your switch.
10-47 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication T o disable and remov e the guest VLAN, use the no dot1x guest-vl an interface conf iguration co mmand.
10-48 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication T o disable and remo ve t he restricted VLAN, use the no dot1x auth-fail vlan interface conf iguration command.
10-49 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication T o return to the defaul t v alue, use the no dot1x auth-fail max-attempts interface configuration command.
10-50 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication Step 4 radius-ser ver host ip-add r es.
10-51 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication T o return to the RADIUS serv er def.
10-52 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication T o disable 802.1x authent ication with W oL, use the no authentication control-dir ection or no dot1x control-dir ection interface co nfigu ration command.
10-53 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication T o disable MA C authentication bypass, u se the no dot1x mac-auth-bypass interface conf iguration command.
10-54 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication This exampl e show s how to configu re N A C Layer 2 802.
10-55 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication This exampl e show s how to co nfigu re a switch as an 802.
10-56 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication This exampl e show s how to configu re.
10-57 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Configuring a Do wnloadable Policy Beginni ng in pri vileged EXEC mod e: Command Purpose Step 1 configur e terminal Enter global configurati on mode.
10-58 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication This exampl e show s how to configu re a switch for a do wnloadable polic y: Switch# config terminal Enter configuration commands, one per line.
10-59 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Configuring Open1x Beginni ng in pri.
10-60 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication This e xample sho ws ho w to enab le A.
10-61 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Beginni ng in pri vileged EXEC mode,.
10-62 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication This exampl e show s how to co nfigure 802 .1x authentication with web authenti cation as a fallb ack method.
10-63 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Configuring a Web Authentication Local Banner Beginni ng in privile ged EXEC mode, follo w these steps to conf igure a local banner on a switch that has web authentication configured.
10-64 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Displaying 802.1x Statistics and Status This exampl e show s how to disable 802.1x authenticatio n on the port: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# no dot1x pae authenticator Resetting the 802.
CH A P T E R 11-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 11 Configuring Interface Characteristics This chapter defines the types of interfaces on the Catalyst 3560 switc h and describes how to conf igure them.
11-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Understanding Interfac e Types Port-Based VLANs A VLAN is a switched netw ork that is logical ly segmented b y function, team, or application, w ithout regard to the physical location of the users.
11-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Understanding Interface Type s Access Ports An access port belongs to and carries the traff ic of only one VLAN (unless it is configured as a voice VLAN port).
11-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Understanding Interfac e Types on the customer switch. Pack ets entering the tu nnel port on the edg e switch, already IEEE 802.1Q-tagged wit h the customer VLANs, are encapsulated with another layer of an IEEE 802.
11-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Understanding Interface Type s Note Y ou cannot delete interf ace VLAN 1. SVIs pro vide IP host connecti vity only to the system; i n Layer 3 mode, you can conf igure routing acro ss SVIs.
11-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Understanding Interfac e Types is a monitoring port, yo u might confi gure autostate e xclude on that port so that the VLAN goes do wn when all other ports go do wn.
11-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Understanding Interface Type s Power over Ethernet Ports Catalyst 3560 PoE-capabl e .
11-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Understanding Interfac e Types After de vice detection, the switch d etermines th e .
11-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Understanding Interface Type s If granting p o wer would exceed the syste m power b udget, the switch denies power , ens ures that power to the port is turned of f, generates a sy slog message, and updates the LEDs.
11-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Using Interface Configuration Mode Figur e 1 1 -1 Conne cting VLANs with the Cataly.
11-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Using Interface Configuration Mode • Module number—The module or slot number on the switch (al ways 0 on the Catalyst 3560 switch).
11-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Using Interface Configuration Mode Beg i nn in g i n pr ivi le ge d E X EC mo d e, .
11-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Using Interface Configuration Mode This exampl e shows ho w to use the interface ra.
11-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Configuring Ethern et Interfaces – gigabitethernet modul e/{ fir st p or t } - { last po rt }, where the module is al ways 0 – port-channel port-chann el-number - port-c hannel-number , where the port-channel-number is 1 to 48.
11-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Configuring Ethernet Interfaces • Config uring Interface Sp eed and Duple x Mode, page 11-17 • Config uring IEEE 802.
11-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Configuring Ethern et Interfaces Setting the Type of a Dual-Purpose Uplink Port Some Catalyst 3560 switches support dual-purpose upli nk ports.
11-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Configuring Ethernet Interfaces T o return to the def ault setting, use the media-type auto interface or the no media-type interface confi guration commands.
11-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Configuring Ethern et Interfaces These sections describe ho w to conf igure the int.
11-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Configuring Ethernet Interfaces Use the no speed and no duplex interface conf iguration commands to return t he interface to the def ault speed and duple x settings (autone gotiate).
11-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Configuring Ethern et Interfaces Configuring IEEE 802.
11-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Configuring Ethernet Interfaces Configuring Auto-MDIX on an Interface When automati.
11-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Configuring Ethern et Interfaces Configuring a Power Management Mode on a PoE Port For most sit uations, the defau lt configur ation (auto mode) w orks well, pro viding plug-and-play operation.
11-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Configuring Ethernet Interfaces For informatio n about the output of the sho w power inline user EXEC command, see the command reference for this release.
11-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Configuring Ethern et Interfaces Beginning in priv ileged EXEC mode, foll ow these .
11-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Configuring Layer 3 Interfaces Beginning in priv ileged EXEC mode, foll ow these steps to add a description for an interf ace: Use the no description interface co nfiguratio n command to delete the description.
11-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Configuring La yer 3 Interfaces A Layer 3 switch can have an IP addres s assigned to each routed port and SVI. There is no def ined limit to the number of SVI s and routed ports that can be conf igured in a switch.
11-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Configuri ng the System MTU This exampl e shows ho w to co nfigure a p ort as a routed port and to assign it an I P address: Switch# configure terminal Enter configuration commands, one per line.
11-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Configuring the System MTU Note Y ou cannot configure a routing MTU size that exceeds the system MTU size.
11-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Monitoring and Main taining the Interfaces If you enter a v alue that is out side the allo wed range for the specif ic type of int erface, the v alue is not accepted.
11-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Monitoring and Main ta ining the Interfaces Clearing and Resetting Interfaces and Counters Ta b l e 11-5 lists the privileg ed EXEC mode clear commands that you can use to clear counters and reset interfaces.
11-31 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Monitoring and Main taining the Interfaces Note The clear counters privi leged EXEC.
11-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Monitoring and Main ta ining the Interfaces.
CH A P T E R 12-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 12 Configuring Auto Smartports Macros This chapter describes ho w to conf igure and apply Auto Smartports and static Smartports macros on the Catalyst 35 60 switch.
12-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configur ing Auto Smartports Macros Configuring Auto Smartports Configuring Auto Smartports • Default Au to Smartports Co.
12-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configuring Auto Smartpo rts Macros Configuring Auto Smartports Auto Smartports Configuration Guidelines • The bui lt-in macros cannot be deleted or changed. Ho we v er , you can o verride a b uilt-in macro b y creating a user-def ined macro with the same name.
12-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configur ing Auto Smartports Macros Configuring Auto Smartports Y ou can use the show shell functions and the show shell trig gers pri vile ged EXEC command to display the event triggers, the built-in mac ros, and the built-in mac ro default values.
12-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configuring Auto Smartpo rts Macros Configuring Auto Smartports Step 2 macro auto execute e vent trig ger bu iltin buil t-in macr o name [ parameter=value ] [ parameter=value ] Define mapp ing from an e vent trigg er to a buil t-in macro.
12-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configur ing Auto Smartports Macros Configuring Auto Smartports This ex ample sho ws ho w to use two built-i n Auto Sm artports macros for connec ting Cisco switches and Cisco IP phones to the switch.
12-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configuring Auto Smartpo rts Macros Configuring Auto Smartports Use the no shell trigger identif ier global configu ration command to delete the e v ent trigger .
12-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configur ing Auto Smartports Macros Configuring Auto Smartports Trigger Id: CISCO_ROUTER_EVENT Trigger description: Event f.
12-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configuring Auto Smartpo rts Macros Configuring Auto Smartports function CISCO_SWITCH_AUTO_SMARTPORT () { if [[ $LINKUP -eq.
12-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configur ing Auto Smartports Macros Configuring Auto Smartports This example sho ws how to map a user -def ined ev en t trigger called Cisco Di gital Media Player (DMP) to a user -def ined macro.
12-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configuring Auto Smartpo rts Macros Configuring Static Smartports Macros Configuring Static Smartports Macros This section descri bes how to conf igure and enable static Smartport s macros.
12-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configur ing Auto Smartports Macros Configuring Static Sma rtports Macros Static Smartports Configuration Guidelines • When a macro is applied globally to a switch or to a switch i nterface, all e xisting conf iguration on the interface is retained.
12-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configuring Auto Smartpo rts Macros Configuring Static Smartports Macros Y o u can only delete a global macr o-applied conf iguration on a switch by entering the no version of each command in the macro.
12-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configur ing Auto Smartports Macros Displaying Auto Smartports and Static Smartports Macr os This exampl e shows ho w to d.
CH A P T E R 13-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 13 Configuring VLANs This chapter descri bes how to conf igure no rmal-range VLANs (VLAN IDs 1 to 1005) and extended-range VLANs (VLAN IDs 10 06 to 4094) o n the Catalyst 3560 switch.
13-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Understanding VLANs Figure 13-1 sho ws an e xample of VLANs segmented i nto logically defi ned networks. Figur e 13-1 VLANs as Logically Defined Networ ks VLANs are often associated with IP subnet works.
13-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Understanding VLANs Although the switch sup ports a total of 1005 (nor mal range and extended range) VLANs, the number of routed ports, SVIs, and other conf igured featur es af fects the use of the switch hardware.
13-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring Normal-Ra nge VLANs For more detail ed definit ions of access and trunk modes an d their functions, see Ta b l e 13-4 on page 13-18 .
13-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring Normal-Range VLANs Caution Y o u can cause inconsisten cy in the VLAN database if you attempt to manually d elete the vlan.
13-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring Normal-Ra nge VLANs Token Ring VLANs Although the switch does not support T oken Ring connection s, a remote device such as a Cat alyst 5000 series switch with T oken Ring connections could be managed from one of the support ed switches.
13-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring Normal-Range VLANs VLAN Configuration Mode Options Y ou can conf igure normal-rang e VLANs (w.
13-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring Normal-Ra nge VLANs When you sa ve VLAN and VT P information (including e xtended-rang e VLA.
13-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring Normal-Range VLANs Creating or Modifying an Ethernet VLAN Each Ethernet VLAN in the VLAN database has a uniqu e, 4-digit ID that can be a number from 1 to 1001.
13-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring Normal-Ra nge VLANs Y ou can also create or m odify Ethernet VLANs by using the VLAN database conf iguration mode. Note VLAN da tabase configuration mo de does not sup port RSP A N VLAN configuration o r extended-range VLANs.
13-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring Normal-Range VLANs Caution When you delete a VLAN , any ports assigned to that VLAN become inacti ve. The y remain associated with the VLAN (and thus inacti v e) until you assign t hem to a ne w VLAN.
13-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring Extende d-Range VLANs T o return an interf ace to its default con figur ation, use the default interface interface-id interface confi guration command.
13-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring Extended-Rang e VLANs Extended-Range VLAN Configuration Guidelines Follo w these guidelines .
13-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring Extende d-Range VLANs settings of all param eters.
13-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring Extended-Rang e VLANs Creating an Extended-Range VLAN with an Internal VLAN ID If you enter an extended-range VLAN ID that is alre ady assigned to an internal VL AN, an error message is generated, and the e xtended-range VLAN is r ejected.
13-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Displa ying VLANs Displaying VLANs Use the show vlan pr ivile ged EXEC command to displ ay a list of all VLANs on the switch , including extended-range VLANs.
13-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VLAN Trunks Figure 13-2 sho ws a network of switches that are connected by ISL trunks. Figur e 13-2 Switc hes in an ISL T r unking Envir onment Y o u can conf igure a trun k on a single Ethernet i nterface or on an Ether Channel bundle.
13-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VLAN Tru nks Encapsulation Types Ta b l e 13-5 lists the Ethernet trunk enca psulation types an d keywords.
13-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VLAN Trunks IEEE 802.1Q Configur ation Considerations The IEEE 802.1Q trunks impose th ese limitations on the trunking strate gy for a network: • In a network of Cisco switches co nnected through IEEE 802.
13-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VLAN Tru nks • Changing the Pruning-Eligi ble List, page 13-23 • Config uring the Nati ve VLAN for U ntagged T raf fic, page 13 -23 Note By default, an interface is in Layer 2 mode .
13-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VLAN Trunks T o return an interf ace to its default con figur ation, use the default interface interface-id interface confi guration command.
13-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VLAN Tru nks Note VLAN 1 is t he default VLAN on all trunk ports in all C isco switches, and it has pre viously been a requirement that VLAN 1 always be enabled on ev ery trunk link.
13-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VLAN Trunks Changing the Pruning-Eligible List The pruning-eligibl e list applies only to trun k ports. Each trunk port has its o wn eligibili ty list.
13-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VLAN Tru nks Beginni ng in pri vileged EXEC mode, follow these steps to conf igure the nati v e VLAN on an IEEE 802.
13-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VLAN Trunks In this way , Trunk 1 carries traf fic for VLA Ns 8 through 10, and T run k 2 carries traf f ic for VLANs 3 through 6.
13-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VLAN Tru nks Load Sharing Usin g STP Path Cost Y o u can conf igure parallel t runks to sha.
13-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VMPS Configuring VMPS The VLAN Query Protocol (VQP) is used to support dynamic-access ports, which are not permanently assigned to a VLAN, but gi v e VLAN assignments base d on the MA C sour ce addr esses seen on the port.
13-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VMPS Understanding VMPS Each time the client switch receiv es the MA C address of a new host, it sends a VQP quer y to the VMPS. When the VMPS receives this query , it searches its da tabase for a M A C-address-to-VLAN m apping.
13-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VMPS Dynamic-access ports can be used for direct host connect ions, or they can connect to a ne twork. A maximum of 20 MA C addresses are allowed per port on the switch.
13-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VMPS Configuring the VMPS Client Y o u conf igure dynamic VLANs by usin g the VMPS (ser v er). The switch can be a VMPS client; it cannot be a VMPS server .
13-31 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VMPS T o return an interf ace to its default con figur ation, use the default interface interface-id interface confi guration command.
13-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VMPS Changing the Retry Count Beginni ng in pri vileged EXEC mode, foll ow th ese steps to .
13-33 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VMPS Troubleshooting Dynamic-Access Port VLAN Membership The VMPS shuts down a dynamic-access port under these conditions: • The VMPS is in secure mode, and it does not allo w the host to connect to the port.
13-34 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VMPS Figur e 13-5 Dynamic P ort VLAN Membership Configur ation Primar y VMPS Ser v er 1 Catalyst 6500 series Secondar y VMPS Ser v er 2 Catalyst 6500 series Secondar y VMPS Ser v er 3 172.
CH A P T E R 15-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 15 Configuring Voice VLAN This chapter describes ho w to conf igure the v oice VLAN feature on the Catalyst 3560 swi tch. V oice VLAN is refe rred to as an auxiliary VLAN in some Catalyst 6500 family swit ch documentation.
15-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 15 Configurin g Voice VLAN Understanding Voice VLAN Figure 15-1 sho ws one way t o connect a Cisco 7960 IP Phone.
15-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 15 Configuring Voice VLAN Configuring Voic e VLAN Note Untagged traff ic from the device attached to the Ci sco IP Phone p asses through the phone unch anged, regardless of t he trust state of the access port on the phone.
15-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 15 Configurin g Voice VLAN Configuring Voice VLAN • The Port Fast feature is auto ma tically enabled when vo ice VLAN is conf igured. When you disable voice VLAN, the Port Fast featur e is not automatically disabl ed.
15-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 15 Configuring Voice VLAN Configuring Voic e VLAN Configuring Cisco IP Phone Voice Traffic Y o u can conf igure a port connected to the Cisco IP Ph one to send CDP pack ets to the phone to conf igure the way in which the phone sends vo ice traf f ic.
15-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 15 Configurin g Voice VLAN Configuring Voice VLAN This exampl e show s how to co nfigu re a port connected to a Cisco IP Ph one to use the CoS v alue to classify incoming traff ic, to use IEEE 802.
15-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 15 Configuring Voice VLAN Displaying Voice VLAN This exampl e sho ws how to configure a por t connected to a Cisco IP Phone to.
15-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 15 Configurin g Voice VLAN Displaying Voice VLAN.
CH A P T E R 16-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 16 Configuring VTP This chapter describe s ho w to use the V LAN T run king Protocol (VTP) and t he VLAN database for managing VLANs with the Cataly st 3560 switch.
16-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configur ing VTP Understanding VTP These sections contain this conceptual information: • The VTP Domain, page 16-2 • VT.
16-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring VTP Understanding VTP VTP Modes Y o u can conf igure a supported sw itch to be in one of the VTP mod es listed in Ta b l e 16 -1 .
16-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configur ing VTP Understanding VTP • MD5 digest VLAN conf iguration, i ncluding maximum transm ission unit (MTU) size for each VLAN. • Frame format VTP advertisements distribute this VL AN information for each conf igured VLAN: • VLAN IDs (ISL and IEEE 802.
16-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring VTP Understanding VTP Figure 16-1 sho ws a switched network without VTP pr uning enabled.
16-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configur ing VTP Configuring VTP See the “Enabling VTP Pruning” section on page 16-14 . VTP pruning takes ef fect se veral seconds after you enable it. VTP pruning does no t prune traff ic fro m VLANs that are pruning-ineligible.
16-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring VTP Configuring VTP VTP Configuration Options Y o u can conf igure VTP b y using these conf iguratio n modes.
16-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configur ing VTP Configuring VTP VTP Configuration Guidelines These sections describe guidelines you should follo w when implemen ting VTP in your netw ork. Domain Names When config uring VTP for the f irst time, you must al ways assign a domain n ame.
16-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring VTP Configuring VTP • Do not enable VTP V ersion 2 on a switch unless all of the switch es in the same VTP domain are V ersion-2-capable. When you enable V ersion 2 on a switch, all of the V ersion-2-capa ble switches in the domain enable V ersion 2.
16-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configur ing VTP Configuring VTP When you conf igure a domain name, it cannot be remo ved; you can only reassign a switch to a diff erent domain. T o return the switch to a no-passw ord state, use the no vtp password global conf igurat ion command.
16-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring VTP Configuring VTP APPLY completed. Exiting.... Switch# Configuring a VTP Client When a switch is in VTP client mode, you cannot change its VLAN conf iguration.
16-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configur ing VTP Configuring VTP Note Y ou can also conf igure a VTP client b y using the vlan database p rivile ged EXEC .
16-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring VTP Configuring VTP Note Y ou can also configure VTP transparent mode b y using the vlan database pri vileged .
16-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configur ing VTP Configuring VTP Enabling VTP Pruning Pruning increases a vail able bandwidth b y restricting flooded traff ic to those t runk links that the traf f ic must use to access the destination de vices.
16-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring VTP Configuring VTP Beginni ng in pri vileged EXEC mode, follow these steps to verify and reset the VTP conf i.
16-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configur ing VTP Monitoring VTP Monitoring VTP Y o u monitor VTP b y displaying VTP con figur ation information: the d omain name, the current VTP re vision, and the number of VLANs.
CH A P T E R 14-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 14 Configuring Private VLANs This chapter descri bes how to conf igure priv ate VLANs on th e Cisco Catalyst 3560 switch. Note For complete syntax and usage in formation for the co mmands used in this chapter , see the command reference for this release.
14-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLANs Understanding Private VLANs Figur e 14-1 Pr iv ate-VLAN Domain There are two types of secondary VLANs: • Isolated VLANs—Ports within an isolated VLAN cannot communi cate with each other at the Layer 2 level.
14-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLAN s Understanding Private VLANs Primary and secondary VLANs have these characteristics: • Primary VLAN—A pri v ate VLAN has only one primary VLAN. Ev ery port in a pri v ate VLAN is a member of the primary VLAN.
14-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLANs Understanding Private VLANs Private VLANs across Multiple Switches As with regular VLANs, pri v ate VLANs can span mul tiple switches. A trunk port carries the primary VLAN and secondary VLANs t o a neighboring switch.
14-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLAN s Configuring Private VLANs Private VLANs and Unicast, Br oadcast, and Mu lticast Traffic In regul.
14-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLANs Configuring Private VLANs Tasks for Configuring Private VLANs T o configure a pri v ate VLAN, follo w these steps: Step 1 Set VTP mode to transparen t.
14-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLAN s Configuring Private VLANs • After you ha ve conf igured pri v ate VLANs, use the copy running-.
14-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLANs Configuring Private VLANs T o fi lter out specif ic IP traff ic for a pri v ate VLAN, you shou ld apply the VLAN map to b oth the primary and secondary VLANs.
14-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLAN s Configuring Private VLANs • Do not conf igure pri v ate-VLAN ports on interf aces conf igured .
14-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLANs Configuring Private VLANs When you associate secondary VLANs with a pr imary VLAN, note this syntax information: • The secondary_vlan_list parameter cannot contai n spaces.
14-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLAN s Configuring Private VLANs Switch(config-vlan)# private-vlan community Switch(config-vlan)# exit.
14-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLANs Configuring Private VLANs Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagg.
14-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLAN s Configuring Private VLANs Switch(config)# interface fastethernet0/2 Switch(config-if)# switchpo.
14-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLANs Monitoring Private VLANs Switch(config)# interface vlan 10 Switch(config-if)# private-vlan mappi.
CH A P T E R 16-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 16 Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling V irtual priv ate networks (VPNs) provide enterpri se-s cale co.
16-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Understanding IEEE 802.1Q Tunneling Customer traf fic tagged in the normal w ay with appropriate VLAN IDs comes from an IEEE 802.
16-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Understanding IEEE 802.
16-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring IEEE 802.1Q Tunneling Configuring IEEE 802.1Q Tunneling These sections contain this configu ration informatio n: • Default IEEE 802.
16-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configuring IEEE 802.1Q Tu nneling These are some way s to solve this p roblem: • Use ISL trunks be tween core swit ches in the service- provider netw ork.
16-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring IEEE 802.
16-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Understanding Layer 2 Protoc ol Tunneling Use the no switchport mode dot1q-tunnel interf ace conf iguration command to return the p ort to the default state of d ynamic de sirable.
16-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Understanding Layer 2 Protoco l Tunneling When protocol tunnel ing .
16-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Understanding Layer 2 Protoc ol Tunneling Figur e 16-4 Lay er 2 Pro.
16-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunneling For e xample, in Figure 16-6 , Customer A has two switches in the same VLAN that are connected through the SP ne twork.
16-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configuring Layer 2 Protoc ol Tunneling See Figure 16-4 , with Customer X and Customer Y in access VLANs 30 and 40, re specti vely .
16-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunneling • For int eroperability with third-party v endor switches, the switch supports a Layer 2 prot ocol-tunnel bypas s feature.
16-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configuring Layer 2 Protoc ol Tunneling Use the no l2protocol-tunnel [ cdp | stp | vtp ] interf ace conf iguration command to d isable protocol tunneling for one of the Layer 2 protocols or for all t hree.
16-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunneling Switch(config)# end Switch.
16-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configuring Layer 2 Protoc ol Tunneling Use the no l2protocol-tunn.
16-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunneling Use the no switchport mode.
16-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Monitoring and M aintaining Tunneling Status Switch(config-if)# l2.
16-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Monitoring and Main ta ining Tunneling Status For detailed in formation abou t these displa ys , see the command reference for this re lease.
CH A P T E R 17-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 17 Configuring STP This chapter describes ho w to con figur e the Spanning T ree Prot ocol (STP) on port-based VLANs on the Catalyst 3560 sw itch. The switch can use either the per-VLAN span ning-tree plus (PVST+) pro tocol based on the IEE E 802.
17-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Understanding Spannin g-Tree Features • Spanning-T ree Inter operability and Backward Comp atibility , page 17-10 • STP and IEEE 802.
17-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Understanding Spanning -Tree Features Spanning-Tree Topology and BPDUs The stable, activ e spanning-tree to.
17-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Understanding Spannin g-Tree Features Bridge ID, Switch Priority, and Extended System ID The IEEE 802.1D standard requires that each switch has an unique bridge iden tifier (bridge ID), which controls the selection of the root switch.
17-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Understanding Spanning -Tree Features An interface mov es through these states: • From initializatio n to.
17-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Understanding Spannin g-Tree Features there is only one switch in the net work, no e xchange occurs, the forward-del ay timer expi res, and the interface mo ves to t he listening state.
17-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Understanding Spanning -Tree Features Disabled State A Layer 2 interface in the disabled stat e does not part icipat e in frame forwardi ng or in the spannin g tree.
17-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Understanding Spannin g-Tree Features Spanning Tree and Redundant Connectivity Y ou can creat e a redundant backbo ne with spannin g tree by connecting two swit ch interfaces to anot her device or to tw o different de vices, as sho wn in Figure 17-3 .
17-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Understanding Spanning -Tree Features Because each VLAN is a separate spanning-tree inst ance, the switc h accelerates aging on a pe r -VLAN basis.
17-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Understanding Spannin g-Tree Features Spanning-Tree Interoperabi lity and Backward Compatibility Ta b l e 17-2 lists the interoperability and compat ibility among the supported spann ing-tree modes in a network.
17-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Configuring Spanning-Tree Features T o support VLAN-br idge spanning tree, so me of th e spanning-tree timers are increased. T o us e the fallback bri dging feature, you must ha v e the enhanced multilayer image instal led on your switch.
17-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Configuring Spanning -Tree Features Spanning-Tree Configuration Guidelines If more VLANs are defined in the VTP than there are sp anning-tree ins tances, you can en able PVST+ or rapid PVST+ on only 128 V LANs on the switch.
17-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Configuring Spanning-Tree Features The switch supports PVST+, rapid PVST+, and MSTP , but only one version can be acti ve at an y time. (For e xample, all VLANs run PVST+, all VLANs run rapid PVST+, or all VLANs r un MSTP .
17-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Configuring Spanning -Tree Features T o return to the def ault setting, use t he no spanning-tree mode glob al conf iguration command. T o return the port to its def ault setting, use the no spanning-tr ee link-type interface co nfigur ation command.
17-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Configuring Spanning-Tree Features If any root switch for the specif ied VLAN has a switch p riority lower than 24576, t he switch sets it s o wn priority for the specif ied VLAN to 4096 less than the lo west switch pri ority .
17-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Configuring Spanning -Tree Features T o return to the def ault setting, use t he no spanning-tree vlan vlan-id r oot global configuration command.
17-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Configuring Spanning-Tree Features Configuring Port Priority If a loop occurs, spanning tree us es the port priority when selecting an in terface to put into the forwarding st ate.
17-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Configuring Spanning -Tree Features T o return to the def ault setting, use t he no spanning-tree [ vlan vlan-id ] port-priority interface confi guration command.
17-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Configuring Spanning-Tree Features Note The show spanning-tr ee interface interfac e-id pri vileged EXEC co mmand displays information o nly for ports that are in a link-up operati ve state.
17-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Configuring Spanning -Tree Features Configuring Spanning-Tree Timers Ta b l e 17-4 describes the timers that affect the entire span ning-tree performance. The sections that fol low pro vide the conf iguration steps.
17-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Configuring Spanning-Tree Features Configuring the Forwardi ng-Delay Time for a VLAN Beginni ng in pri vileged EXEC mod e, follow these steps to conf igure the forwardi ng-delay time for a VLAN.
17-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Displaying the Spanning-T ree Status Configuring the Transmit Hold-Count Y o u can conf igure the BPDU b urst size b y changing the transmit h old count v alue.
CH A P T E R 18-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 18 Configuring MSTP This chapter descri bes how to configure the Cisco implementat ion of the IEEE 802 .1s Multiple STP (MSTP) on the Catalyst 3560 switch. Note The multiple spanning-tree (MST) implementation in Cisco IOS Release 12.
18-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Understanding MSTP Understanding MSTP MSTP , which uses RSTP for rapid con ver gence, en ables VLANs to b e grouped into a spanning- tree instance, with each instance h aving a spanning -tree topology independent of other spanning-tree instances.
18-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Understanding MSTP The IST is the only span ning-tree instance that sends and receiv es BPDUs. All of the other spanning-tree instance informatio n is contained in M-records, wh ich are encapsulate d within MSTP BPDUs.
18-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Understanding MSTP The IST connects all the MSTP switches in the regi on and appears as a s ubtree in the CIS T that encompasses the entire swit ched domain.
18-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Understanding MSTP IEEE 802.1s Terminology Some MST naming con v entions used in Cisco’ s pres tandard implementation ha ve been changed to identify some internal or r e gional parameters.
18-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Understanding MSTP Boundary Ports In the Cisco prestandard impl ementation, a boundary po rt connects an .
18-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Understanding MSTP • The boundary port is no t the root port of t he CIST regional root—The MSTI ports follo w the state and role of the CIST port.
18-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Understanding RSTP Figure 18-3 illustrates a unidirect ional link failure t hat typically creates a bridging loop. Switch A is the root switch, and its BPDUs are lost on the l ink leading to switch B.
18-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Understanding RSTP Port Roles and the Active Topology The RSTP provides rapi d con ver gence of the spanning tree b y assigning port role s and by learning the activ e topology .
18-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Understanding RSTP Rapid Convergence The RSTP provides for rapid recovery of connectivi ty follo wing the fa ilure of a switch, a swi tch port, or a LAN.
18-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Understanding RSTP Figur e 18-4 Proposal and Agr eement Handshakin g fo r Rapid Conver gence Synchronizat.
18-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Understanding RSTP After ensuring that all of the ports are synchroniz ed, the switch sends an agreement message to the designated switch co rrespondin g to its root port.
18-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Understanding RSTP The sending switch sets the proposal fl ag in the RSTP BPDU to pr opose itself as the designated switch on that LAN. The port role in the proposal message is always set to the designated port.
18-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Configuring MSTP Features • Propagation—When an RSTP switch recei v es a TC message from another swi.
18-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Configuring MSTP Features For info rmation about the supported number of spanning-tree instances, see the “Suppo rted Spanning-T ree Instances” section on page 17-9 .
18-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Configuring MSTP Features • For conf iguration guidelin es about UplinkFast and BackboneFast, see the “Optional Spanning-T ree Config uration Guidelines” section on page 19-10 .
18-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Configuring MSTP Features T o return to the default MST re gion conf iguration, use the no spanning-tree mst conf igurati on global confi guration command.
18-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Configuring MSTP Features forward-delay ti me, and maximum-age time for a netw ork of that diameter , which can significantly reduce the con vergence time.
18-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Configuring MSTP Features Beginni ng in pri vileged EXEC mode, follow these steps to conf igure a switch as the secondary root switch. This procedure is optional.
18-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Configuring MSTP Features Note The show spanning-tr ee mst interface interfac e-id pri vileged EXEC co mmand displays information only if the port is in a li nk-up oper ati ve state.
18-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Configuring MSTP Features Note The show spanning-tr ee mst interface interfac e-id pri vileged EXEC command d isplays information only for ports that are in a link-up oper ati ve sta te.
18-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Configuring MSTP Features Beginni ng in pri vileged EXEC mo de, follo w these steps to co nfigure th e switch priority .
18-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Configuring MSTP Features Configuring the Forwarding-Delay Time Beginni ng in pri vileged EXEC mod e, follow these steps to conf igure the forwardi ng-delay time for all MST instances.
18-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Configuring MSTP Features Configuring the Maximum-Hop Count Beginni ng in pri vileged EXEC mod e, follo w these steps to conf igure the maximum-h op count for all MST instances.
18-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Configuring MSTP Features Designating the Neighbor Type A topology could contain both prestandard and IEEE 802.
18-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Displaying the MST Configuration and Status Displaying the MST Configuration and Status T o display the .
CH A P T E R 19-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 19 Configuring Optional Spanning-Tree Features This chapter describes ho w to conf igure opt ional spanning-tree features on the Cat alyst 3560 switch. Y ou can configure all of these feat ures when your swi tch is running the per-VLAN spanning -tree plus (PVST+).
19-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configur ing Optional Spanning-Tree Fea tures Understanding Op tional Spanning-Tree Features Understanding Port Fast Port F.
19-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configuring Optiona l Spanning-Tree Features Understanding Optional Spa nning-Tree Features At the interface l ev el, you e.
19-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configur ing Optional Spanning-Tree Fea tures Understanding Op tional Spanning-Tree Features Figur e 19-2 Sw itches in a Hierar ch ical Networ k If a switch loses connecti vity , it begins using the alte rnate paths as soon as th e spanning tree selects a ne w root port.
19-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configuring Optiona l Spanning-Tree Features Understanding Optional Spa nning-Tree Features Figur e 19-3 UplinkF a st Examp.
19-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configur ing Optional Spanning-Tree Fea tures Understanding Op tional Spanning-Tree Features The switch tries to f ind if it has an alternate pat h to the root switch.
19-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configuring Optiona l Spanning-Tree Features Understanding Optional Spa nning-Tree Features Figur e 19-6 Bac kboneF ast Exa.
19-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configur ing Optional Spanning-Tree Fea tures Understanding Op tional Spanning-Tree Features Understanding Root Guard The Layer 2 network of a service provider (SP) can include man y connections to switches t hat are not o wned by the SP .
19-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configuring Optiona l Spanning-Tree Features Configuring Optional Spanning -Tree Features Understanding Loop Guard Y o u can use l oop guard to pre v ent alternate or root ports fr om becoming designated ports becau se of a failure that leads to a unidirectional link.
19-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configur ing Optional Spanning-Tree Fea tures Configuring Optio nal Spanning-Tree Features Optional Spanning-Tree Configur.
19-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configuring Optiona l Spanning-Tree Features Configuring Optional Spanning -Tree Features Note Y ou can use the spanning-tree portfast default global configuration comma nd to glob ally enable the Port Fast feature on all nontrun king ports.
19-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configur ing Optional Spanning-Tree Fea tures Configuring Optio nal Spanning-Tree Features T o disable BPDU guar d, use the no spanning-tr ee portfast bpduguard default global conf iguration command.
19-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configuring Optiona l Spanning-Tree Features Configuring Optional Spanning -Tree Features Enabling UplinkFast for Use with Redundant Links UplinkFast cannot be enabled on VLANs that hav e been configured with a swit ch priority .
19-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configur ing Optional Spanning-Tree Fea tures Configuring Optio nal Spanning-Tree Features Y ou can conf igure the Back boneFa st feature f or rapi d PVST+ or for the MSTP , b ut the feature remains disabled (inactiv e) until you change the spanning-tree mode to PVST+.
19-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configuring Optiona l Spanning-Tree Features Configuring Optional Spanning -Tree Features Enabling Root Guard Root guard enabled on an i nterface applies to all the VLANs to which the interface b elongs.
19-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configur ing Optional Spanning-Tree Fea tures Displaying the Spanning-T ree Status T o globally disab le loop guard, use the no spanning-tr ee loopguard default global configuration command.
CH A P T E R 20-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 20 Configuring Flex Links and the MAC Address-Table Move Update Feature This chapter describes ho w to co nfigure Flex Links, a pair of interfaces on the Catalyst 3560 sw itch that provide a mutual backup.
20-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links a nd the MAC Address-Table Move Update Feature Understanding Flex Links and the MAC Address-Table Mo.
20-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links and the MAC Address-Table Move Update Feature Understanding Flex Links and the MAC Address-Table Mov.
20-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links a nd the MAC Address-Table Move Update Feature Understanding Flex Links and the MAC Address-Table Mo.
20-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links and the MAC Address-Table Move Update Feature Understanding Flex Links and the MAC Address-Table Move U pdate Similarly , both Fle x Link ports are part of l earned groups.
20-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links a nd the MAC Address-Table Move Update Feature Understanding Flex Links and the MAC Address-Table Move Upd ate Whene ver a host responds to the general quer y , the switch forwards this report on all the mrouter p orts.
20-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links and the MAC Address-Table Move Update Feature Configuring Flex Links and the MAC Address-Table Move .
20-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links a nd the MAC Address-Table Move Update Feature Configuring Flex Links and the MAC A ddress-Table Move Update Default Configuration The Flex Links are not conf igured, an d there are no backup interfaces defined.
20-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links and the MAC Address-Table Move Update Feature Configuring Flex Links and the MAC Address-Table Move .
20-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links a nd the MAC Address-Table Move Update Feature Configuring Flex Links and the MAC A ddress-Table Move Update T o remov e a preemption sche me, use the no switchport backup interface interface- id preempt ion mode interface conf igurat ion command.
20-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links and the MAC Address-Table Move Update Feature Configuring Flex Links and the MAC Address-Table Move.
20-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links a nd the MAC Address-Table Move Update Feature Configuring Flex Links and the MAC A ddress-Table Mo.
20-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links and the MAC Address-Table Move Update Feature Configuring Flex Links and the MAC Address-Table Move Update T o disable the MA C address-table move update feature, use the no mac addr ess-table mov e update transmit interface configurati on command.
20-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links a nd the MAC Address-Table Move Update Feature Monitoring Flex Links and the MAC Address- Table Move Update T o disable the MA C address-tabl e move update feature, use the no mac addr ess-table mov e update rec e ive configurati on command.
CH A P T E R 21-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 21 Configuring DHCP Featur es and IP Source Guard This chapter describe s ho w to configure DHCP sno o ping and optio n-82 data insertion, and the DHCP server port-based address alloca tion features on th e Catalyst 3560 switch.
21-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Understanding DHCP Snooping • Cisco IOS DHCP Server Database, page 21 -6 .
21-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Understanding DHCP Snooping When a switch recei ves a packet on an untrusted.
21-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Understanding DHCP Snooping Figure 21-1 is an ex ample of a metropolitan Ethernet netw ork in which a centralized DHCP server assigns IP addresses to subscribers connected to the switch at the a ccess layer .
21-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Understanding DHCP Snooping • Remote-ID suboption f ields – Suboption ty.
21-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Understanding DHCP Snooping • Remote-ID suboption f ields – The remote-ID type is 1. – The length v alues are v ariable, depending on the l ength of the string that you conf igure.
21-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Understanding DHCP Snooping T o keep the binding s when the switch reloads, you must use the DHCP snooping datab ase agent.
21-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Snooping Configuring DHCP Snooping These sections contain t.
21-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Configuring DHCP Snooping DHCP Snooping Configuration Guidelines These are the conf iguration guidelin es for DHCP snooping. • Y o u must globally enable DHCP snooping on the swi tch.
21-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Snooping • Y o u can display DH CP snooping statistics b.
21-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Configuring DHCP Snooping helper -addre ss command can be a s pecif ic DHCP serv er IP ad dress, or i t can be the networ k address if other DHCP servers are on the desti nation network se gment.
21-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Snooping Enabling DHCP Snooping and Option 82 Beginni ng i.
21-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Configuring DHCP Snooping T o disable DHCP snoopi ng, use the no ip dhcp snooping glob al config uration command.
21-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Snooping Enabling the Cisco IOS DHCP Server Database For p.
21-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Displaying DHCP Snooping Information T o clear the statistics of the DHCP sn ooping bindi ng database agent, use the clear ip dhcp snooping database statistics pri vileg ed EXEC command.
21-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Configuring IP Source Gua rd These sections contai n this information: • .
21-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Configuring IP Source Guard IP Source Guard Configuration Guidelines These are the conf iguration guidelines fo r IP source guard: • Y o u can conf igure stat ic IP bindings only on no nrouted ports.
21-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Configuring IP Source Gua rd T o disable IP source guard w ith source IP address f iltering, use the no ip verify sour ce interface confi guration command.
21-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Displaying IP Source Guard Information Displaying IP Source Guard Informati.
21-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Server Port- Based Address Allocation Port-Based Address A.
21-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Configuring DHCP Server Port -Based Address Allocation T o disable DHCP port -based address allocation, use the no ip dhcp use subscriber -id client-id global confi guration command.
21-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Displaying DHCP Se rver Port-Based Addr ess Allocation Subnet size (first/n.
CH A P T E R 22-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 22 Configuring Dynamic ARP Inspection This chapter describes ho w to conf igure dynamic Addr ess Resolution Protocol inspection (dyn amic ARP inspection) on the Catalyst 35 60 switch.
22-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Co nfig uring Dynamic ARP Inspection Understanding Dynamic ARP Inspection Figur e 22-1 ARP Cache P oisoning Hosts A, B, and C are connected to the switch on in terfaces A, B and C, all of which are on the sa me subnet.
22-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Configuring Dynamic ARP Insp ection Understanding Dynamic ARP Inspection Y ou can configure dyna mic ARP inspection to drop.
22-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Co nfig uring Dynamic ARP Inspection Understanding Dynamic ARP Inspection Dynamic ARP inspection ensures that hosts (on untru sted interfaces) connected to a switch running dynamic ARP inspection do not po ison the ARP caches of other hosts in t he network.
22-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection Y ou use the ip arp inspection lo g-buffer glo bal c.
22-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Co nfig uring Dynamic ARP Inspection Configuring Dynamic ARP Inspection Dynamic ARP Inspection Configuration Guidelines The.
22-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection Configuring Dynamic ARP Inspection in DHCP Environments This procedure sho ws ho w to conf igure dynamic AR P inspection when two swit ches support this feature.
22-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Co nfig uring Dynamic ARP Inspection Configuring Dynamic ARP Inspection T o disable dynamic ARP inspection, use the no ip arp inspection vlan vlan-rang e global conf iguration command.
22-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection Step 3 permit ip host sender-ip mac host sender -mac [ log ] Permit ARP pack ets from the specif ied host (Host 2) .
22-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Co nfig uring Dynamic ARP Inspection Configuring Dynamic ARP Inspection T o remov e the ARP A CL, use the no arp access-list global conf iguration command.
22-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection For conf iguration guidelin es for rate limiting trunk p orts and EtherChannel ports, see the “Dynami c ARP Inspection Conf iguration Guid elines” section on pag e 22-6 .
22-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Co nfig uring Dynamic ARP Inspection Configuring Dynamic ARP Inspection T o disable checki ng, use the no ip arp inspection v alidate [ sr c-mac ] [ dst-mac ] [ ip ] global confi guration command.
22-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection Beginni ng in pri vileged EXEC mode, follow these steps to conf igure the log b uf fer . This procedure is optional.
22-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Co nfig uring Dynamic ARP Inspection Displayi ng Dynamic ARP Inspection Information T o return to the d efault log b uf fer settin gs, use the no ip arp inspectio n log-buffer { entries | l ogs } global conf iguration command .
22-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Configuring Dynamic ARP Insp ection Displaying Dynamic ARP In spection Information For more inf ormation about these commands, s ee the command referenc e for this release.
22-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Co nfig uring Dynamic ARP Inspection Displayi ng Dynamic ARP Inspection Information.
CH A P T E R 23-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 23 Configuring IGMP Snooping and MVR This chapter describes ho w to conf igure Internet Group Management Protoco l (IGMP) snooping on the Catalyst 3560 switch, including an application of local IGMP snooping, Multicast VLAN Registration (MVR).
23-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Understanding IGMP Snooping Understanding IGMP Snooping Layer 2 switches can use IGMP s.
23-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Understanding IGMP Snooping IGMP Versions The switch supports IGMP V ersion 1, IGMP V e rsion 2, and IGMP V ersion 3. These versions are interoperable on the switch.
23-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Understanding IGMP Snooping it is not already present. The CPU also adds the inte rface where the join message was receiv ed to the forwarding-table entry .
23-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Understanding IGMP Snooping Figur e 23-2 Second Host Joining a Multicast Gr oup Leaving a Multicast Group The router sends periodic multicast gener al queries , and the switch forw ards these queries through all ports in the VLAN.
23-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping Note Y ou should only use the I mmediat e Leave feature on VLANs where a single host is connected to each port.
23-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Configuring IGMP Snooping • Config uring the IGMP Lea ve T imer , page 23-11 • Confi.
23-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping Beginni ng in pri vileged EXEC mode, f ollow these steps to e.
23-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Configuring IGMP Snooping Beginni ng in priv ileged EXEC mode, foll ow these st eps to a.
23-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping T o remov e a multicast router p ort from the VLAN, use the no ip igmp snooping vlan vlan-id mrouter interfac e interface-id global configuratio n command.
23-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Configuring IGMP Snooping Note Immediate Leave is supported only on IG MP V e rsion 2 hosts.
23-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping T o globally reset the I GMP leav e timer to the d efault setting, use t he no ip igmp snooping last-member -query-inter va l glob al conf iguration command.
23-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Configuring IGMP Snooping Recovering from Flood Mode When a topology change occurs, th e spanning-tree root sends a specia l IGMP lea ve message (also kno wn as global leav e) with the group multicast ad dress 0.
23-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping Configuring the IGMP Snooping Querier Follo w these gu idelines when conf iguring the IGMP snoopin g querier: • Config ure the VLAN in global conf iguration mo de.
23-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Displaying IGMP Snooping Information This exampl e show s how to set the IGMP snooping queri er source address to 10.0.0.6 4: Switch# configure terminal Switch(config)# ip igmp snooping querier 10.
23-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Displaying IGMP Sn ooping Information T o display IGMP sn ooping information , use one or more of the pri vile ged EXEC commands in Ta b l e 23-4 .
23-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Understanding Multicast VLAN Registration Understanding Multicast VLAN Registration Mul.
23-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Understanding Multicast VLAN Registration Figur e 23-3 Multicast VLAN Regis tration Example When a subscriber changes channels or t urns of f the television, the set-top box sends an IGMP le a ve message for the multicast stream .
23-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Configuri ng MVR These messages dynamically regi ster for streams of multicast traf f ic in the multicast VLAN on the Layer 3 device. Switch B.
23-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring MVR • Because MVR on the switch uses IP multicast addresses inste ad of MA C multicast addresses, aliased IP multicast addresses are allowed on the sw itch.
23-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Configuri ng MVR T o return the switch to its default settin gs, use the no mvr [ mode | group ip- addr ess | querytime | vlan ] global conf iguratio n commands.
23-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring MVR T o return the interf ace to its default sett ings, use the no mvr [ type | immediat e | vlan vlan-id | grou p ] interface configuration commands.
23-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Displaying MVR Information Displaying MVR Information Y ou can display MVR inform ation for the switch or for a specif ied interf ace.
23-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring IGMP F iltering a nd Throttling IGMP fil tering is applicable only to the dynamic l earning of IP multicast group addresses, not stati c configuration.
23-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Configuring IGMP Filtering and Throttling • permit : Specif ies that matching addresses are permitted. • range : Specifies a range of IP addre sses for the prof ile.
23-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring IGMP F iltering a nd Throttling Applying IGMP Profiles T o control access as def ined in an IGMP prof ile, use the ip igmp f ilter interface configuration command to apply the prof ile to the appro priate interfaces.
23-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Configuring IGMP Filtering and Throttling T o remov e the maximum grou p limitation and ret urn to the def ault of no maximum, use t he no ip ig mp max-gr oups interface conf iguration command.
23-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Displaying IGMP Filtering and Throttling Co nfiguration Beginni ng in pri vileged EXEC.
CH A P T E R 24-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 24 Configuring Port-Based Traffic Control This chapter describe s how to conf igure the port -ba sed traf fic control features on the Catalyst 3560 switch.
24-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Storm Control Storm control uses one of th ese methods to measure traf .
24-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Storm Control Note Because packets do not arr iv e at uniform interv als, the 1-second ti me interv al during which traf fi c activ ity is measured can affect the beha vior of storm cont rol.
24-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Storm Control Step 3 storm-control { broadcast | multicast | unicast } level { level [ l evel-low ] | bps bps [ bps-low ] | pps pps [ pps-l ow ]} Conf igure broadcast, multicast, or u nicast storm control.
24-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Storm Control T o disable storm contro l, use the no storm-control { br oadcast | multicast | uni cast } level interface confi guration command.
24-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Protected Ports This example shows ho w to enable the small-frame arri .
24-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Blocking Protected Port Configuration Guidelines Y o u can conf igure protect ed ports on a physical i nterface (for e xample, Gigabit Eth ernet port 1) or an EtherChann el group (for example, port-chann el 5).
24-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security Default Port Blocking Configuration The default is t o not block flooding of unkno wn multicast and u nicast traf fic o ut of a port, b ut to flood these packets to all ports.
24-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security These sections contain this concep tual and conf iguratio.
24-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security The maximum number of secure MA C addresses that you can configure on a switch is set by the maximum number of a v ailable MA C addresses allo wed in the sy stem.
24-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security Default Port Security Configuration Ta b l e 24-2 shows the d efault port securi ty confi guration for an interf ace.
24-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security VLAN, but is not learned on the access VLAN. If yo u connect a single PC to the Cisco IP phone, no additional MA C addresses ar e required.
24-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security Enabling and Configuring Port Security Beginni ng in pri.
24-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security Step 7 switchport port-security [violation { protect | r.
24-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security Step 8 switchport port-security [ mac-address mac- addr ess [ vlan { vlan-id | { access | voice }}] (Optional) Enter a secure MA C address for the interface.
24-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security T o return the interface to the default condition as not a secure port, use the no switchport port-security interface conf iguration co mmand.
24-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security Switch(config-if)# switchport port-security mac-address 0000.0000.0003 Switch(config-if)# switchport port-security mac-address sticky 0000.
24-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security T o disable port secu rity aging for all secure addresses on a port, use t he no switchport port-security aging time interface conf iguration command.
24-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Displaying Port-Based T raffic Contro l Settings Secure addresses that are learned.
24-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Displaying Port-Based Traffic Control Settings.
CH A P T E R 25-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 25 Configuring CDP This chapter describes ho w to conf igure Cisco Disco very Protocol (CDP) on the Catalyst 3560 switch.
25-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 25 Configur ing CDP Configuring CDP Configuring CDP These sections contain this configu ration informatio n: • Default CD P .
25-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 25 Configuring CDP Configuring CDP Use the no form of the CDP commands to return to the def ault settings.
25-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 25 Configur ing CDP Monitoring and Maintaining CDP Disabling and Enabling CDP on an Interface CDP is enabled b y default on all suppo rted interfaces to send and to recei v e CDP information.
25-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 25 Configuring CDP Monitori ng and Maintaining CDP show cdp entry entry-name [ protocol | version ] Display information ab out a specif ic neighbor .
25-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 25 Configur ing CDP Monitoring and Maintaining CDP.
CH A P T E R 27-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 27 Configuring UDLD This chapter descri bes how to configure the UniDirectional Link Detection (UD LD) protocol on th e Catalyst 35 60 switch.
27-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 27 Configuring UDLD Understanding UDLD In normal mode, UDLD detect s a unidirectional link when f iber strands in a f iber -optic port are misconnected and the Layer 1 mechan isms do not dete ct this miscon nection.
27-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 27 Configuring UDLD Configuri ng UDLD If the detection windo w ends and no v alid reply message i s receiv ed, the link might shut down, depending on the UDLD mode. When UDLD is in normal mo de, the link might be considered undetermined and might not be shut down.
27-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 27 Configuring UDLD Configuring UDLD Default UDLD Configuration Ta b l e 27-1 shows the def ault UDLD conf iguration. Configuration Guidelines These are the UDLD configuration guidelines: • UDLD is not supported on A TM ports.
27-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 27 Configuring UDLD Configuri ng UDLD Enabling UDLD Globally Beginni ng in pri vileged EXEC mode, follow these steps to enable.
27-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 27 Configuring UDLD Displayi ng UDLD Sta tus Resetting an Interface Disabled by UDLD Beginning in priv ileged EXEC mode, foll .
CH A P T E R 26-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 26 Configuring LLDP, LLDP-MED, and Wired Location Service This chapter describe s ho w to configure the Link Layer D iscov ery Protocol (LLDP), LL DP Media Endpoint Disco very (LLDP-MED) an d wired location service on the Catalyst 3560 switch.
26-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Understanding LLDP, LLDP-MED, and Wired Location Service The switch supports these basic manageme nt TL Vs. These are mandatory LLDP TL Vs.
26-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Configuring LLDP, LLDP- MED, and Wired Loca tion Service Understanding LLDP, LLDP-MED, a nd Wired Location Service • Location TL V Provides lo cation information from t he switch to the endpoint de vice.
26-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Configuring LLDP , LLDP-MED, and Wired Location Ser vice • Devic.
26-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Configuring LLDP, LLDP- MED, and Wired Loca tion Service Configuring LLDP, LLDP-MED, and Wired Location Service Configuration Guidelines • If the interface is con figured as a tunnel port, LLDP is automatical ly disabled.
26-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Configuring LLDP , LLDP-MED, and Wired Location Ser vice Beginni ng in pri vileged EXEC mode, foll ow th ese steps to conf igure the LLDP characteristics.
26-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Configuring LLDP, LLDP- MED, and Wired Loca tion Service Configuring LLDP, LLDP-MED, and Wired Location Service Beginning i.
26-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Configuring LLDP , LLDP-MED, and Wired Location Ser vice Use the no form of each command to return to the default settin g.
26-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Configuring LLDP, LLDP- MED, and Wired Loca tion Service Configuring LLDP, LLDP-MED, and Wired Location Service Configuring.
26-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Monitoring and Main taining LLDP, LLDP-MED, and Wired Locatio n Service Beginning in pri vileged EX EC mode, follo w these steps to enab le wired location service on t he switch.
26-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Configuring LLDP, LLDP- MED, and Wired Loca tion Service Monitoring and Ma intaining LLDP, LLDP-MED, a nd Wired Location Service show lldp interface [ interface-id ] Display information about in te rfaces with LLDP enabled.
26-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Monitoring and Main taining LLDP, LLDP-MED, and Wired Locatio n S.
CH A P T E R 28-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 28 Configuring SPAN and RSPAN This chapter de scribes ho w to conf igure Swit ched Port Anal yzer (SP AN) and Remote SP AN (RSP AN) on the Catalyst 3560 switch.
28-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Understanding SPAN and RSPAN These sections contain this conceptual information: • Local SP A.
28-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Understanding SPAN and RSPAN Figur e 28-2 Example of RSP AN Configuration SPAN and RSPAN C oncepts and Terminology This section descri bes concepts and terminology associated with SP AN and RSP A N configuration.
28-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Understanding SPAN and RSPAN An RSP AN source session is very similar to a l oca l SP AN session, except for where the packet stream is directed.
28-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Understanding SPAN and RSPAN • T ransmit (Tx) SP AN—The goal of transmit (or egre ss) SP AN is to monitor as much as possible all the packets sent by the source inte rface after all modif ication and processing is per formed by the switch.
28-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Understanding SPAN and RSPAN A source port has these characteristics: • It can be monitored in multiple SP AN sessions. • Each source port can be conf igured wi th a direction (ingress, e gress, or both) to monit or .
28-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Understanding SPAN and RSPAN Destination Port Each local SP AN session or RSP AN destinat ion se.
28-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Understanding SPAN and RSPAN RSPAN VLAN The RSP AN V LAN carries SP AN tra f fic between RSP A N sourc e and destination sessions. It has these special characteristics: • All traff ic in the RSP AN VLAN is always flooded.
28-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Configuring SPAN and RSPAN A physical port that belongs to an EtherChannel gro up can be configu red as a SP AN source port and still be a part of the Eth erChannel.
28-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Configuring SPAN and RSPAN Configuring Local SPAN These sections contain this configu ration i.
28-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Configuring SPAN and RSPAN • On Catalyst 3560-24PS and 3 560-48PS switches, egress SP AN routed packets (both unicast an d multicast) show the incorrect source MA C addr ess.
28-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Configuring SPAN and RSPAN T o delete a SP AN session, use the no monitor session session_number global configur ation command.
28-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Configuring SPAN and RSPAN This exampl e show s how to disable recei ved traf f ic monitoring o.
28-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Configuring SPAN and RSPAN T o delete a SP AN session, use the no monitor session session_number global configur ation command.
28-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Specifying VLANs to Filter Beginning in privil eged EXEC mode, follo.
28-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Configuring SPAN and RSPAN This exampl e show s how to remove an y ex isting conf iguration on.
28-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Configuring SPAN and RSPAN • W e recommend that you configure an RSP AN VLAN before you configure an RSP AN source or a destination session.
28-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Configuring SPAN and RSPAN This exampl e show s how to create RSP AN VLAN 901.
28-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o delete a SP AN session, use the no monitor session session_number global conf iguration comman d.
28-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Configuring SPAN and RSPAN T o delete a SP AN session, use the no monitor session session_number global configur ation command.
28-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o delete an RSP AN session, use the no monitor session session_number global config uration command.
28-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Configuring SPAN and RSPAN Specifying VLANs to Filter Beginni ng in pri vileged EXEC mode, f o.
28-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Displaying SPAN and RSPAN Stat us Displaying SPAN and RSPAN Status T o display the cu rrent SP AN or RSP AN conf iguration, use the sho w monitor user EXEC command.
28-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Displaying SPAN and RSPAN Status.
CH A P T E R 29-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 29 Configuring RMON This chapter describes how to configure Remote Ne twork Monitor ing (RMON) on t he Catalyst 3560 switch.
29-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 29 Configuring RMON Configuring RMON Figur e 29-1 Remot e Monito r ing Example The switch supports these RMON groups (defined .
29-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 29 Configuring RMON Configuri ng RMON Default RMON Configuration RMON is disabled by def ault; no alarms or e v ents are conf igured.
29-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 29 Configuring RMON Configuring RMON T o disable an alarm, use the no r mon alarm number global configurati on command on each alarm you confi gured. Y ou cannot disable at once all the alarms that you conf igured.
29-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 29 Configuring RMON Configuri ng RMON Collecting Group History Statistics on an Interface Y ou must first conf igure RMON alar ms and e vents to display col lection information.
29-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 29 Configuring RMON Displaying RMON Status T o disable the collect ion of group Ethernet statistics, use the no rmon collection sta ts index interface confi guration command.
CH A P T E R 30-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 30 Configuring System Message Logging This chapter descri bes how to conf igur e system message logging on the C atalyst 3560 switch.
30-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Config ur ing System Message Logging Configuring System Message Logging Y ou can access logged system messages by using the switch command-line interface (CLI) or by saving them to a properly configured sysl og server .
30-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Configuring System Messag e Logging Configuring System Message Lo gging Ta b l e 30-1 describes the elements of syslog messages.
30-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Config ur ing System Message Logging Configuring System Message Logging Disabling Message Logging Message logging is enabled b y default. It must be en abled to send messages to an y destination other th an the console.
30-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Configuring System Messag e Logging Configuring System Message Lo gging Setting the Message Display Destination Device If message logging is en abled, you ca n send messages to specific locati ons in additi on to the consol e.
30-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Config ur ing System Message Logging Configuring System Message Logging The loggi ng buffer ed global con figuration command copies logging messages to an internal b uffer . The buf fer is circular , so newer messages o verwr ite olde r messages after the buf fer is full.
30-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Configuring System Messag e Logging Configuring System Message Lo gging T o disable synchronization of unsolic ited messages and deb ug output, use the no logging synchr onous [l evel severity-level | all ] [ limit number-of-b uffers ] line conf iguration co mmand.
30-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Config ur ing System Message Logging Configuring System Message Logging This example shows part of a logging disp lay with .
30-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Configuring System Messag e Logging Configuring System Message Lo gging Note Specifying a level causes messages at that lev el and numerically lower le vels t o appear at the destination.
30-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Config ur ing System Message Logging Configuring System Message Logging Limiting Syslog Messages Sent to the History Table.
30-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Configuring System Messag e Logging Configuring System Message Lo gging Use the show archiv e log config { all | num ber [.
30-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Config ur ing System Message Logging Configuring System Message Logging Configuring UNIX Syslog Servers The next sect ions describe ho w to conf igure the UNIX serv er syslog daemon and ho w to d efine the UNI X system logging f acility .
30-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Configuring System Messag e Logging Displaying the Logging Co nfiguration T o remov e a syslog server , use the no logging host global configuration command, and specify the syslog server IP address.
30-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Config ur ing System Message Logging Displaying the Logging Configuration.
CH A P T E R 31-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 31 Configuring SNMP This chapter describe s how to conf igure the Sim p le Netwo rk Management Protocol (SNMP) on the Catalyst 35 60 switch.
31-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Understanding SNMP • SNMP Community Strings, page 31 -4 • Using SNMP to Access MIB V ari ables, page .
31-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configuring SNMP Understanding SNMP Ta b l e 31-1 identifies th e characteristics of the dif ferent combinations of securit y models and le vels. Y o u must conf igure the SNMP agent to u se the SNMP version supp orted by the manag ement station.
31-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Understanding SNMP The SNMP agent also sends unsolicited trap messages to notify an NMS that a signif icant e vent has occurred on the agent.
31-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configuring SNMP Understanding SNMP SNMP Notifications SNMP allows the switch to send notifications to S N MP managers when particular ev ents occur . SN MP notifications can be sen t as traps or inform requests.
31-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Configuring SNMP Configuring SNMP These sections contain this configu ration informatio n: • Default SN.
31-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configuring SNMP Configuring SNMP When config uring SNMP , follow these guidelin es: • When config uring an SNMP group, do not specify a not ify vie w .
31-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Configuring SNMP Configuring Community Strings Y o u use the SNMP community st ring to defi ne th e relationship between the SNMP manager and the agent. The community string acts lik e a passw ord to permit access to the agent on the switch.
31-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configuring SNMP Configuring SNMP Note T o disable access for an SNMP communit y , set the community string for that co mmunity to the null string (do not enter a v alue for the community string).
31-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Configuring SNMP Beginni ng in pri vileged EXEC mode, foll ow th ese steps to conf igure SNMP on the switch: Command Purpose Step 1 conf igure t erminal Enter global conf iguration mod e.
31-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configuring SNMP Configuring SNMP Configuring SNMP Notifications A trap manager is a management station that recei v es and processes traps. T rap s are system alerts that the switch generates when certain e vents occur .
31-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Configuring SNMP config Generates a trap for SNMP conf iguration changes. copy-config Generates a trap for SNMP copy conf iguration changes. entity Generates a trap for SNMP entity changes.
31-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configuring SNMP Configuring SNMP Note Though visible in the command-line hel p strings, the fru-ctrl, i nsertion , and rem ova l ke ywords are not supported.
31-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Configuring SNMP Step 5 snmp-server host host-addr [ info rms | traps ] [ vers ion { 1 | 2c | 3 { auth | noauth | priv }}] community-strin g [ notif ication-typ e ] Specify the recipient of an SNMP trap operation.
31-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configuring SNMP Configuring SNMP The snmp-server host command specif ies which hosts recei v e the notif ications. Th e snmp-server enable trap command globally enables the mechanism for the specif ied notif ication (for trap s and informs).
31-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Configuring SNMP Setting the Agent Contact and Location Information Beginning in priv ileged EXEC mode, .
31-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configuring SNMP Configuring SNMP SNMP Examples This examp le shows ho w to enable all v ersions of SNMP . The configurat ion permits an y SNMP manager to access all objects with read-only permissions using the community string public .
31-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Displaying SNMP Status Displaying SNMP Status T o display SNMP inp ut and output stat istics, including the number of illeg al community string ent ries, errors, and requested v ariables, use the sho w snmp pri vileged EXEC command.
CH A P T E R 32-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 32 Configuring Embedded Event Manager For co mplete syntax and usage in formation for the comman ds used in this chapter , see the Catalyst 3560 switch command reference for this re lease and the Cisco I OS Network Manag ement Command Refer ence.
32-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 32 Configuring Embedded Event Manager Understanding Embedd ed Event Manager Figur e 32-1 Embedded Ev ent Manag er Cor e Event Det ecto rs See the EEM Configur ation for Cisco I nte gra ted Services Router Plat forms Guide for e xamples of EEM deployment.
32-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 32 Configuring Embedde d Event Manager Understanding Embedd ed Event Manager • Counter e vent detector–P ublishes an e vent when a named counter crosses a specif ied thresho ld.
32-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 32 Configuring Embedded Event Manager Understanding Embedd ed Event Manager – A CR ON timer publi shes an e vent b y using a UNIX standard CR ON specif ication to def ine when the e vent is to be published.
32-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 32 Configuring Embedde d Event Manager Configuring Embedd ed Event Manager Embedded Event Manager Environment Variables EEM uses en vironment v ariables in EEM policies.
32-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 32 Configuring Embedded Event Manager Configuring Embedde d Event Manager This example sho ws the output for EEM when one of th e fi elds specified b y an SNMP object ID crosses a defined t hreshold: Switch(config-applet)# event snmp oid 1.
32-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 32 Configuring Embedde d Event Manager Displaying Embedded Even t Manager Information 4 _config_cmd1 interface Ethernet1/0 5 _.
32-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 32 Configuring Embedded Event Manager Displaying Embedded Event Mana ger Information.
CH A P T E R 33-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 33 Configuring Network Security with ACLs This chapter describes ho w to conf igure netw ork security on the Catalyst 3560 switch b y using access control lists (A CLs) , which in commands and ta bles are also referred to as access lists.
33-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Understanding ACLs Y ou configure access lists on a router or Layer 3 sw itch to provide basic secu rity for your network.
33-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Understanding ACLs • When an output router A CL and input port A CL exis t in an SVI, incoming packets recei v ed on the ports to which a port A CL is applied are filtered by the port A CL.
33-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Understanding ACLs Figur e 33-1 Using ACLs t o Contr ol T raf fic t o a Networ k When you apply a port A CL to a trunk port, the A CL f ilters traf fic o n all VLANs present on the trun k port.
33-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Understanding ACLs As with port ACLs, the switch exam ines A CLs associated wi th features configured on a gi ven interface. Howe v er , router A CLs are supported in both directio ns.
33-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs • Permit A CEs that check the Layer 3 information in the fr.
33-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs • Inbound and ou tbound rate limiting (e xcept with QoS A C.
33-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs Access List Numbers The number you use to deno te your A CL sho ws the type of access list that you are creating.
33-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs The first pack et that triggers the ACL causes a l ogging message right a way , and subsequent packets are collected o ver 5-minu te interv als befo re they appear or logged.
33-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs Switch(config)# end Switch# show access-lists Standard IP access list 2 10 deny 171.
33-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Beginni ng in pri vileged EXEC mode, follow these steps to create an extend ed A CL: Command Purpose Step 1 conf igure terminal Enter global co nfigurat ion mode.
33-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs or access-list access-list-number { deny | permit } protocol.
33-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Use the no access-list access-list-number global configu ration command to delete the ent ire access list. Y ou cannot delete individual A CEs from numbered acce ss lists.
33-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs After creating a numbered extended A CL, you can apply it to.
33-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs T o remov e a named standard A CL, use the no ip access-list standard name global conf igurat ion command.
33-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs After you create an A CL, an y additions are placed at the end of the list. Y ou cannot sele cti vely add A CL entries to a specific A CL.
33-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Repeat the steps if you ha v e multiple items that you w ant in ef fect at different t imes.
33-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs Extended IP access list deny_access 10 deny tcp any any time.
33-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Beginni ng in pri vileged EXEC mode, follo w these steps to .
33-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs Beginni ng in pri vileged EXEC mode, foll ow th ese steps to.
33-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Hardware and Software Treatment of IP ACLs A CL processing is primarily accomplished in hardware, but requ ires forwarding of so me traf fic flo ws to the CPU for software processing.
33-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs permit tcp source source-wildcard destination destination-wi.
33-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Figur e 33-3 Using Router A CLs t o Control T r affic This e.
33-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs Numbered ACLs In this example, netw ork 36.0.0.0 is a Class A netw or k whose second octet specif ies a subnet ; that is, its subnet mask is 255.
33-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs The marketing_gr oup A CL allows any TCP T elnet traffic to the d estination address and wildcard 171.69.0.0 0.
33-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs In this exampl e of a named A CL, the Jones subnet is not al.
33-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Creating Named MAC Extended ACLs 01:26:12:%SEC-6-IPACCESSLOGP:list ext1 denied udp 0.0.0.0(0) -> 255.255.255.255(0), 1 packet 01:31:33:%SEC-6-IPACCESSLOGP:list ext1 denied udp 0.
33-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Creating Named MAC Extended ACLs Use the no mac access-list extende d name gl obal conf iguration command to delete the enti re A CL.
33-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring VLAN Maps • A Layer 2 interface can hav e only one MA C access list. If you apply a MAC access list to a Layer 2 interface that has a MA C A CL configured, the ne w A CL replaces the previously conf igured one.
33-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring VLAN Maps T o create a VLAN map and apply it to one or more VLANs, perform these steps: Step 1 Create the standard or e xtended IPv4 A CLs or named MA C extended A CLs that you want to apply to the VLAN.
33-31 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring VLAN Maps • When a frame is Layer-2 forwarded within a pri v ate VLAN, the same VLAN map is applie d at the ingress side and at the egress side.
33-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring VLAN Maps Examples of ACLs and VLAN Maps These examples show how to create A CLs and VLAN maps that for specific purposes.
33-33 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring VLAN Maps Example 3 In this e xample, the VLAN map has a default action of drop for MA C packet s and a default action of forward for IP packets.
33-34 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring VLAN Maps Applying a VLAN Map to a VLAN Beginni ng in pri vileged EX E.
33-35 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring VLAN Maps Figur e 33-4 Wir ing Closet Configuration If you do not w ant HTTP traf f ic switched from Host X to Ho st Y , you can conf igure a VLAN map on Switch A to drop all HTTP traff ic from Host X (IP address 10.
33-36 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Using VLAN Maps with Ro uter ACLs Figur e 33-5 Den y Access t o a Server on Anothe.
33-37 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Using VLAN Maps with Router ACLs Note When you use router A CLs with VLAN maps, packets that require logging on the router AC Ls are not logged if t hey are d enied b y a VLAN map.
33-38 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Using VLAN Maps with Ro uter ACLs Examples of Router ACLs and VLAN Maps Applied to VLANs This section gi v es examples of app lying router A CLs and VLA N maps to a VLAN for switched, bridg ed, routed, and multicast p ackets.
33-39 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Using VLAN Maps with Router ACLs Figur e 33-7 Applying A CLs on Br idg ed P ac k ets ACLs and Routed Packets Figure 33-8 sho ws ho w A CLs are applied o n routed packet s.
33-40 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Displaying IPv4 AC L Configuration ACLs and Multicast Packets Figure 33-9 sho ws how A CL s are applied on packets that ar e replicated for IP multicasting.
33-41 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Displaying IPv4 ACL C onfiguration Y ou can also display information about VLAN access maps or VLAN filters. Use the privile ged EXEC commands in Ta b l e 33-3 to display VLAN map informati on.
33-42 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Displaying IPv4 AC L Configuration.
CH A P T E R 34-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 34 Configuring QoS This chapter describe s ho w to configure quality of serv ice (QoS) by using automatic QoS (auto-Q oS) commands or b y using standard QoS commands on th e Catalyst 3560 switch.
34-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Understanding QoS T ypically , networks operate on a best-ef fort deli v ery ba sis, which means that all traf f ic has equal priority and an equal chance of being deli vered in a timely manner .
34-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Figur e 34-1 QoS Classification Lay ers in Fr ames and P ac k ets All switches and router.
34-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Figure 34-2 sho ws the basic QoS model. Actio ns at the ingr ess port includ e classi fying traf f ic, polici ng, marking, queue ing, and schedu ling: • Classifying a distinct path for a packet b y associating it with a QoS label.
34-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Classification Classificat ion is the process of distin guishing one ki nd o f traff ic from another b y examini ng the fields in the packet.
34-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS After classificat ion, the packet is sent to the polici ng, mark ing, and the in gress queueing an d scheduling stages. Figur e 34-3 Classification Flo wc har t 86834 Generate the DSCP based on IP precedence in pack et.
34-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Classification Based on QoS ACLs Y ou can use IP standard, IP extended, or Layer 2 MAC A CLs to defi ne a group of packets with the same characteristics ( class ).
34-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS The polic y map can contain the police and pol ice aggr egate policy-map class co nf iguration commands, which defi ne the policer , the b andwidth limitations of th e traf fic, and the action to tak e if the limits are exceeded.
34-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Policing on Physical Ports In policy maps on physical por ts, yo u can create these types of pol icers: • Indi vidual—QoS applies the bandw idth limits specif ied in the policer sep arately to each matched traf fi c class.
34-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Figur e 34-4 P olicing and Mar king Flow char t on Ph ysical P orts Policing on SVIs Not.
34-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS When configuring policing on an SVI, you can create and configure a hi erarchical polic .
34-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Mapping Tables During QoS proc essing, the switch re pr esents the pri ority of all traf.
34-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Queueing and Scheduling Overview The switch has queues at sp ecific points to help pre v ent congestion as sho wn in Figure 34-6 .
34-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Figur e 34-7 WTD and Queue Operation For more information, see the “Mapping DSCP or Co.
34-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Queueing and Scheduling on Ingress Queues Figure 34-8 sho ws the queueing and schedulin g flow chart for ingress ports.
34-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Y ou assign each packet that flo ws through the switch to a queue and to a threshold. Specif ically , you map DSCP or CoS v alues to an ing ress queue and map DSCP or CoS values to a threshold ID.
34-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Figur e 34-9 Queueing and Scheduling Flow char t f or Egre ss P orts Each port supports four egress queues, o ne of whic h (queue 1) can be the e gress expedi te queue.
34-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS buf fers) or not empty (free bu ffers). If the queue is not o ver -limit, the switch can allocate buf fer space from the reserv ed pool or from the common pool (if it is not empty).
34-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS modify it. Y ou map a port to queue-set by using the queue-set qset-id interface conf iguration command. Modify the queue- set conf iguration to change the WTD threshold per centages.
34-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto- QoS The input mutation causes th e DSCP to be re written dependi ng on the ne w v alue of DSCP chosen. The set action in a polic y map also causes the DSCP to be rewri tten.
34-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto-QoS Ta b l e 34-3 shows the g enerated auto-QoS conf iguration for the ingress queues. Ta b l e 34-4 shows the g enerated auto-QoS conf iguration for th e egress queues.
34-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto- QoS When you enable auto -QoS by usin g the auto qos voip cisco-phone , the auto qos v o.
34-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto-QoS The switch automatically maps DSCP v alues to an e gress queue and to a threshold I D.
34-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto- QoS If you entered the auto qos voip tru st command, the switch automatically sets the i.
34-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto-QoS Effects of Auto-QoS on the Configuration When auto-QoS is enabled, the auto qos voip interface conf iguration command and t he generated confi guration are added to the running conf iguration.
34-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto- QoS • Beginni ng with Cisco IOS Release 12.2(40)SE, Auto-Qos V oIP uses the priority-queue interface configuration command for an e gress interface.
34-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto-QoS Enabling Auto-QoS for VoIP Beginning in priv ileged EXEC mode, foll ow these steps to.
34-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto- QoS Switch(config-if)# auto qos voip trust Auto-QoS Configuration Example This section describes ho w you could implement auto-Q oS in a network, as sho wn in Figure 34-11 .
34-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Displaying Auto-QoS Information Beginni ng in priv ileged EXEC mode, follo w these steps to conf igure the.
34-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS • show mls qos maps [ cos-dscp | cos-input-q | cos-output-q | dscp-cos | dscp-.
34-31 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Default Ingress Q ueue Configuration Ta b l e 34-6 shows the d efault ingr ess queue conf iguration when QoS is enabl ed. Ta b l e 34-7 shows the d efault CoS input qu eue threshold map when QoS is enabled.
34-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Ta b l e 34-10 shows the def ault CoS output qu eue threshold map when QoS is en abled. Ta b l e 34-11 shows the def ault DSCP output queue t hreshold map when QoS is en abled.
34-33 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Standard QoS Configuration Guidelines Before begin ning the QoS conf iguration, y.
34-34 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS – After the hierarchical policy map is attached to an SVI , the interface-le ve l policy map cannot be modif ied or remov ed from the hierarchical polic y map.
34-35 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Enabling QoS Globally By default, Qo S is disabled on the switch. Beginni ng in pri vileged EXEC mode, follow these steps to enable QoS.
34-36 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Configuring Classification Using Port Trust States These sections describe ho w to cl assify i ncoming traf fic by using port trust states.
34-37 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Beginni ng in pri vileged EXEC mode, follow these steps to conf igure the port to.
34-38 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Configuring the CoS Value for an Interface QoS assigns the CoS valu e specif ied with the mls qos cos interface conf iguration command to untagged frames recei ved on trusted and untrusted p orts.
34-39 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS the telephone is connected to tru st the CoS labels of all traf f ic recei ved on that port .
34-40 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Enabling DSCP Transparency Mode In software releases earlier than Cisco IOS Re lease 12.2(25)SE, if QoS is disabl ed, the DSCP v alue of the incoming IP pack et is not modif ied.
34-41 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS stage of QoS. If the two d omains use dif ferent DSCP v alues, yo u can config ure the DSCP-to-DSCP-mutation map to translate a set of DSCP v alues to match the def inition in the other domain.
34-42 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS T o return a port to it s non-trusted state, use the no mls qos trust interf ace configuration command.
34-43 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Classifying Traffic by Using ACLs Y ou can classify IP traff ic b y using IP standard or IP extended A CLs; you can classify non-IP traff ic by using Laye r 2 MA C A CLs.
34-44 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Beginning in priv ileged EXEC mode, follo w these steps to create an IP extended A CL for IP traff ic: T o delete an access list, use the no access-list access-list-number global configuration co mmand.
34-45 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Beginning in pri vileged EXEC mode, follo w these steps to create a Layer 2 MA C ACL for non-IP traf f ic: T o delete an access list, use the no mac access-list extended access-list-name global conf iguration command.
34-46 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Classifying Traffic by Using Class Maps Y ou use the class-map global confi guration command to name an d to isolate a specif ic traf fic flo w (or class) from all other traf f ic.
34-47 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS T o delete an existi ng policy map, use the no policy-map policy-map-name global co nfiguration command.
34-48 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Classifying, Policing, and Mark ing Traffic on Physical Ports by Using Policy Maps Y o u can conf igure a nonh ierarchical policy map on a p hysical port that specifies which traff ic class to act on.
34-49 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Beginni ng in pri vileged EXEC mode, follow thes e steps to crea te a nonhierar chical polic y map: Command Purpose Step 1 configur e terminal Enter global conf iguration mode.
34-50 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Step 5 trust [ cos | dscp | ip-precedence ] Conf igure the trust state, which QoS u ses to generate a CoS-based or DSCP-based QoS label.
34-51 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS T o delete an existi ng policy map, use the no policy-map policy-map-name global co nfiguration command. T o delete an existing class map, use the no class class-map- name policy -map config uration command.
34-52 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Switch(config-ext-mac)# exit Switch(config)# class-map macclass1 Switch(config-c.
34-53 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS • The hierarchical policy map is attached to the SVI and af fects all traff ic belonging to the VLAN. The actions specified in the VLAN-le vel polic y ma p affect the traf fic belonging to the SVI.
34-54 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Step 5 exit Return to global conf iguratio n mode. Step 6 class-map [ match-all | match-any ] class-map-name Create an interface-lev el class map, and enter class-map configuration mode.
34-55 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Step 12 police rate-bps burst-byte [ exceed-action { drop | policed-dscp-transmit }] Define an indi vidual policer for the classif ied traff ic.
34-56 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Step 17 trust [ cos | dscp | ip-precedence ] Co nfigure the tr ust state, which QoS uses to generate a CoS-based or DSCP-based QoS label.
34-57 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS T o delete an existi ng policy map, use the no policy-map policy-map-name global co nfiguration command. T o delete an existing class map, use the no class class-map-name polic y-map conf iguration command.
34-58 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Switch(config-pmap)# class-map cm-2 Switch(config-pmap-c)# match ip dscp 2 Switc.
34-59 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS T o remov e the specif ied aggre gate policer from a policy map, use the no police aggr egate aggr egate-policer -name polic y map configu ration mode.
34-60 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Switch(config-pmap-c)# trust dscp Switch(config-pmap-c)# police aggregate transm.
34-61 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS T o return to the defaul t map, use the no mls qos cos-dscp global configurati on command.
34-62 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Switch# show mls qos maps cos-dscp Cos-dscp map: cos: 0 1 2 3 4 5 6 7 ----------.
34-63 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Switch# show mls qos maps ip-prec-dscp IpPrecedence-dscp map: ipprec: 0 1 2 3 4 5.
34-64 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Configuring the DSCP-to-CoS Map Y ou use the DSCP-to-CoS map to generate a CoS v alue, which is used to select one of the four egr ess queues.
34-65 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS 3 : 03 03 00 04 04 04 04 04 04 04 4 : 00 05 05 05 05 05 05 05 00 06 5 : 00 06 06 06 06 06 07 07 07 07 6 : 07 07 07 07 Note In the abov e DSCP-to-CoS map, the CoS v alues are sho wn in the body of th e matrix.
34-66 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS T o return to the def ault map, use the no mls qos dscp-mutation dscp-mut ation-name glo bal confi guration command. This exampl e shows ho w to def ine the DSCP-to-DSCP-mutat ion map.
34-67 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds Y ou ca.
34-68 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS This exampl e show s how to map DSCP va lues 0 to 6 to ingress queue 1 an d to threshold 1 with a d rop threshold of 50 percent.
34-69 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Beginni ng in pri vileged EXEC mode, follow these steps to allocate bandwidth between the ingress queues. This procedure is optional.
34-70 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Beginni ng in pri vileged EXEC mode, follo w these steps to conf igure the pri ority queue.
34-71 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS These sections contain this configu ration informatio n: • Config uration Guide.
34-72 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Beginni ng in pri vileged EXEC mode, follo w these steps to configure t he memory allocation and to d rop thresholds for a queue-set.
34-73 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS T o return to the def ault setting, use the no mls qos queue- set output qset-id buffers global confi guration command.
34-74 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Beginni ng in pri vileged EXEC mode, follo w these steps to map DSCP or CoS v alues to an e gress queue and to a threshold ID. This procedur e is optional.
34-75 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Y ou can configure th e egr ess queues for shaped or sh ared weights, or both. Use shap ing to smooth bursty traf fi c or to prov ide a smoother output o ver time.
34-76 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Note The egress queue def ault settings are suitab le for most situations. Y ou should change them only wh en you ha ve a thorough un derstanding of the egr ess queues and if these settings do not meet your QoS solution.
34-77 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS T o disable the e gress expedi te queue, use the no priority-queue out interf ace configu ration command. This example sho ws ho w to enable the egress e xpedite queue when th e SRR weights are configured.
34-78 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Displaying Standard QoS Information This example sh ows ho w to limit t he bandwidth on a port to 80 perce.
CH A P T E R 35-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 35 Configuring EtherChannels and Link-State Tracking This chapter de scribes ho w to co nf igure EtherChannels on Layer 2 and Layer 3 ports on the Catalyst 3560 switch. EtherChannel provides fa ult-tolerant high-speed links bet ween switches, routers, and servers.
35-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Understanding EtherCh annels EtherChannel Overview An EtherChannel consists of indi vidual F ast Ethern et or Gig abit Ethernet links b undled into a singl e logical lin k as sho wn in Figure 35-1 .
35-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Understanding EtherChann els If a link with in an EtherCha nnel fails, traff ic previously carried ov er that failed link m ov es to the remaining links within t he EtherChannel.
35-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Understanding EtherCh annels After you conf igure an EtherChannel , configur ation changes applied to the port-channel interface apply to all the physical po rts assigned to the port-chan n el interface.
35-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Understanding EtherChann els Use the silent mode when the switch is connected to a de vice that is not P A gP-capable and seldom, if ev er , sends packets.
35-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Understanding EtherCh annels LACP Modes Ta b l e 35-2 shows the user -conf igurable EtherChann el LA CP modes for t he channel-group interface confi guration command.
35-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Understanding EtherChann els Caution Y ou should use care when using the on mode. This is a manual conf iguration , and ports on both end s of the EtherChannel must ha ve the same conf iguration.
35-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Configuring EtherCh annels single-MA C-address de vice, source-based for warding on the switch Et herChannel ensures that the switch uses all av ailable bandwidt h to the router .
35-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Configuring EtherChannels Note Make sure that the ports are correctly co nfigured. For more information, see the “EtherChannel Config uration Guidelines” section on page 35-9 .
35-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Configuring EtherCh annels • When a group is f irst created, all ports fol lo w the pa rameters set for the f irst port to be adde d to the group.
35-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Configuring EtherChannels Beginning in priv ileged EXEC mode, foll ow these steps to assign a Layer 2 Ethernet port to a Layer 2 EtherChann el.
35-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Configuring EtherCh annels T o remov e a port from the EtherChannel group, use the no channel-gr oup interface configuration command.
35-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Configuring EtherChannels This exampl e show s how to conf igure an EtherChannel .
35-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Configuring EtherCh annels T o remov e the port-channel, use the no interface port-channel port-chann el-number global confi guration command.
35-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Configuring EtherChannels This ex ample sho ws ho w to conf igure an EtherChannel.
35-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Configuring EtherCh annels Switch(config-if-range)# channel-group 5 mod.
35-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Configuring EtherChannels P AgP cannot automatically detect when the partner de vice is a physical lea rner and when the local device is an aggre gate-port learner .
35-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Configuring EtherCh annels T o return the priorit y to its defaul t setting, use the no pagp port-priority interface conf iguration command.
35-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Configuring EtherChannels Configuring the LACP System Priority Y o u c.
35-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Displaying EtherChann el, PAgP, and LACP Status Beginni ng in pri vileged EXEC mode, foll ow th ese steps to conf igure the LA CP port prior ity .
35-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Understanding Link-State Tracking Understanding Link-State Tracking Link-state trac king, also known as trunk failover , is a feature that binds th e link state of multiple interfaces.
35-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Understanding Link-State Trac king • If any of the upstream interfaces are in the link-up state, the do wnstream in terfaces can change to or remain in the link-up st ate.
35-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Configuring Link -Sta te Tracking Figur e 35-4 T ypical Link-State T r.
35-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Configuring Link-S tate Tracking Default Link-State Tracking Configuration There are no link-state groups def ined, and link-stat e tracking is not enabled for any group.
35-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Configuring Link -Sta te Tracking T o disable a link-state gr oup, use the no link state track number global co nfigu ration command.
35-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Configuring Link-S tate Tracking.
CH A P T E R 36-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 36 Configuring IP Unicast Routing This chapter describes ho w to con figur e IP V ersion 4 (IPv4) unicast routing on the Catalyst 35 60 switch.
36-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Understanding IP Routing • Config uring Protocol-Indepen dent Features, page 36-86 • Mon.
36-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Steps for Configuring Routing Static unicast rout ing forwards pack ets from predeter mined ports through a si ngle path into and out of a network.
36-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring IP Addr essing Note A Layer 3 switch ca n ha ve an IP ad dress assigned to each routed por t and SVI. The number of routed ports and SVIs that you can conf igure is not limited b y softw are.
36-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring IP Addressing Assigning IP Addresses to Network Interfaces An IP address identif ies a location to which IP pack ets can be sent.
36-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring IP Addr essing Use of Subnet Zero Subnetting with a subnet address of zero is strongly disco uraged because of the prob lems that can arise if a networ k and a subnet ha ve the same addresses.
36-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring IP Addressing Figur e 36-2 IP Classless Routing In Figure 36-3 , the router in netw ork 128.20.0.0 is connected to subnets 128.20.
36-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring IP Addr essing T o restore the default an d hav e the switch forw ard packets de.
36-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring IP Addressing Define a Static ARP Cache ARP and other address reso lution protocols pro vid e dynamic mapp ing between IP addresses and MA C addresses.
36-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring IP Addr essing Beginni ng in pri vileged EXEC mode, follow thes e steps to specify the ARP encapsulation type: T o disable an encaps ulation type, use the no arp arpa or no arp snap interface co nfigu ration command.
36-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring IP Addressing Proxy ARP Proxy ARP , the most common method for learning abou t other routes, enables an Ethernet host with no routing information to communicate with hosts on other net works or subnets.
36-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring IP Addr essing The only required task for IRDP ro uting on an interface is to enable IRDP processing on that interface. When enabled, the default parameters apply .
36-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring IP Addressing Configuring Broadcast Packet Handling After conf iguring an IP i.
36-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring IP Addr essing Use the no ip directed-br oadcast interface conf iguration command to disable translation of directed broadcast to p hysical broadcast s.
36-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring IP Addressing Beginni ng in pri vileg ed EXEC mode, follo w these steps to ena.
36-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring IP Addr essing Flooding IP Broadcasts Y o u can allo w IP broadcasts to be flooded throu ghout your internetw ork in a controlled fa shion by using the database created by the br idging STP .
36-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring IP Addressing Beginni ng in pri vileged EXEC mod e, follow these steps to increase spanning-tree-based flooding: T o disable this feature, use the no ip forward-pr otocol turbo -flood global conf iguration comman d.
36-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Enabling IP Unicast Routing Enabling IP Unicast Routing By default, th e switch is in Layer 2 switching mo de and IP routing is disab led. T o use the Layer 3 capabilities of the switch, you must enable IP routing.
36-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuri ng RIP Using RIP , the switch sends routing i nformation updates (advertisements) e v ery 30 seconds.
36-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring RIP Configuring Basic RIP Parameters T o conf igure RIP , you enable RIP routing for a network and o ptionally conf igure oth er parameters.
36-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuri ng RIP T o turn of f the RIP r outing process, use the no r outer rip global conf iguration command.
36-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring RIP T o restore clear text authentication, use the no ip rip authentication mode interface conf iguration command. T o pre vent authentication, use the no ip rip authentication key-chain interface confi guration command.
36-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuri ng RIP T o disable IP summarization, us e the no ip summary-address rip router configuration command. In this exampl e, the major net is 10.
36-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring OSPF Configuring OSPF This section briefly describes ho w to confi gure Open Shortest Path First (OSPF).
36-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring OSPF Default OSPF Configuration Ta b l e 36-5 shows the defaul t OSPF configuration. Ta b l e 36-5 Def ault OSPF Configuration Feature Default Setting Interface parameter s Cost: No default cost predef ined.
36-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring OSPF OSPF NSF Awareness The IP services image supports OSPF NSF A wareness for IPv4.
36-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring OSPF T o end an OSPF routing process, use the no r outer ospf pr ocess-id global conf iguration command .
36-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring OSPF Use the no form of these commands to remo ve the conf igured parameter v alue or return to the default val ue . Configuring OSPF Area Parameters Y ou can optionally configure se veral OSPF area parameters.
36-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring OSPF Beginning in priv ileged EXEC mode, foll ow these steps to configu re area parameters: Use the no form of these commands to remo ve the conf igured parameter v alue or to return to the default val ue .
36-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring OSPF • V irtual links: In OSPF , all areas must be c onnected to a backbone area.
36-31 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring OSPF Changing LSA Group Pacing The OSPF LSA group pacing feature allo ws the rout er to group OSPF LSAs an d pace the refreshing, check-summing, and aging functions for more ef f icient router use.
36-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring OSPF Configuring a Loopback Interface OSPF uses the highest IP address conf igured on the interfaces as its router ID.
36-33 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring EIGRP Configuring EIGRP Enhanced IGRP (EIGRP) is a Cisco p roprietary enhanced v ersion of the IGRP .
36-34 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring EIGRP is sho wn in the pack et. The reliable tran sport has a pro vision to send mul ticast packets quickly when there are u nackno wledged pack ets pending .
36-35 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring EIGRP T o create an EIGRP rou ting process, you must enab le EIGRP and associate ne tworks. EIGRP sends updates to the interfaces in the specif ied networks.
36-36 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring EIGRP Note If you hav e routers on your network that are conf igured for IGRP , and you want to change to EIGRP , you must designate transition routers th at hav e both IGRP and EIGRP conf igured.
36-37 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring EIGRP Use the no forms of these commands to disable the feature o r return the setting to the def ault v alue. Configuring EIGRP Interfaces Other optional EIGRP paramet ers can be conf igured on an int erface basis.
36-38 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring EIGRP Use the no forms of these commands to disable the feature o r return the setting to the def ault v alue.
36-39 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring EIGRP Use the no forms of these commands to disable the feature o r to return the setting to the default v alue.
36-40 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP Figur e 36-4 EIGRP Stub Router Configuration For more inf ormation about EI.
36-41 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP detailed inform ation about BGP in Internet Rou ting Ar chitectur es, published by Cisco Press, and in the “Configuring BGP” chapter in the Cisco IP and IP Rout ing Config uration G uide from the Cisco.
36-42 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP BGP peers initi ally exch ange their full BGP rou ting tables and then send on ly incremental u pdates.
36-43 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP Default BGP Configuration Ta b l e 36-9 shows the basic default BGP co nfiguration.
36-44 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP Multi e xit discriminator (MED) • Always compare: Disabled. Does not comp are MEDs for paths from neighb ors in diff erent autonomous systems.
36-45 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP Nonstop Forwarding Awareness The BGP NSF A wareness feature is supported for IPv4 in the IP services image. T o enable this feature with BGP routing, you need to enable Graceful Restart.
36-46 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP Use the no router bgp autonomous-system global configu ration command to remo ve a BGP AS. Use the no network network-number router co nfiguration command to remov e the network from the BGP table.
36-47 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP Router B: Switch(config)# router bgp 200 Switch(config-router)# neighbor 129.213.1.2 remote-as 100 Switch(config-router)# neighbor 175.
36-48 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP • When soft reset generates inbo und upda tes from a neighbor , it is called dynamic inbound soft r eset . • When soft reset sends a set of updates to a neighbor , it is called outbound soft r eset .
36-49 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP Configuring BGP Decision Attributes When a BGP speaker receives updates fr.
36-50 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP Beginning in priv ileged EXEC mode, foll ow th ese steps to conf igure some decision attrib utes: Command Purpose Step 1 conf igure terminal Enter global conf igurati on mode.
36-51 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP Use the no form of each command to retu rn to the default st ate.
36-52 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP Beginni ng in pri vileged EXEC mode, foll ow th ese steps to apply a per -neighbor route map: Use the no neighbor distribute-list command t o remov e the access list from the neighbor .
36-53 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP Configuring Prefix Lists for BGP Filtering Y ou can use prefix lists as an alternativ e to access lists in many BGP route f iltering commands, including the neighbor distrib ute-list router conf iguration command.
36-54 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP sequence number command; to reenable automatic generati on, use the ip pr efi x-list sequence number command. T o clear the hit-count table of prefix list entries, use th e clear ip pref ix-list pri vileged EXEC command.
36-55 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP Configuring BGP Neighbors and Peer Groups Often many BGP nei ghbors are config ured with the same update policies (that is, th e same outbound route maps, distrib ute lists, fi lter lists, update source, and so on).
36-56 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP Step 7 neighbor { ip-addr ess | peer -gr o up-name } default-originate [ r oute-map map-name ] (Optional) Allo w a BGP speake r (the local router) to send th e default ro ute 0.
36-57 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP T o disable an e xisting BGP neighbor or neig hbor peer group, use the neighbor shutdown router confi guration command.
36-58 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP T o delete an aggregate entry , use the no aggr egate-addr ess addr ess mask router conf iguration command. T o return options to the default values, u se the command with ke ywords.
36-59 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP When the route reflector receives an adv ertised route, it takes one of th ese actions, depending on the neighbor: • A route from an external BGP speak er is adve rtised to all clients and nonclient peers.
36-60 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP T o disable flap dampen ing, use the no bgp dampening rout er conf iguration command wi thout key words.
36-61 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring ISO CLNS Routing Y o u can also enable the logging of messages generate d when a BGP neighbor resets, comes up, or goes down b y using t he bgp log-neighbor changes router conf iguration com mand.
36-62 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring ISO CLNS Routing The ke y dif ference between the ISO IGRP and IS-I S NSAP addressing schemes is in the def inition of area addresses.
36-63 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring ISO CLNS Routing • Config uring IS-IS Global P arameters, page 36-66 • Configuri ng IS-IS Interface P arameters, page 36-68 Default IS-IS Configuration Ta b l e 36-12 shows the default IS-IS configuration.
36-64 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring ISO CLNS Routing Nonstop Forwarding Awareness The integrated IS-IS NSF A wareness feature is supported for IPv4, beginning with Cisc o IOS Release 12.
36-65 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring ISO CLNS Routing T o disable IS-IS routing , use the no router isis ar ea- tag router configu ration command. This example shows ho w to conf igure three routers to run co n v entional IS-IS as an IP r outing protocol.
36-66 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring ISO CLNS Routing Configuring IS-IS Global Parameters These are so me optional I.
36-67 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring ISO CLNS Routing Step 9 set- overload-b it [ on-startup { seconds | wait-for -.
36-68 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring ISO CLNS Routing T o disable defa ult route generat ion, use the no default-inf ormation originate router conf iguration command.
36-69 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring ISO CLNS Routing frequently and IS-IS adjacencies are f ailing unnecessarily .
36-70 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring ISO CLNS Routing T o return to the def ault settings, use t he no forms of the commands.
36-71 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Multi-VRF CE Ta b l e 36-13 lists the pri vileged EXEC commands for clearing and displayi ng ISO CLNS and IS-IS routing.
36-72 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Multi-VRF CE The Catalyst 3560 switch suppo rts multiple VPN routing/forw arding (multi-VRF) instan ces in customer edge (CE) de vices (multi-VRF CE) when the switch is run ning the IP services image.
36-73 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Multi-VRF CE • Provider routers or core routers are any routers in the service provider network t hat do not attach to CE de vices.
36-74 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Multi-VRF CE T o configure VRF , you create a VRF table and specify the Laye r 3 interface associated with the VRF . Then confi gure the routing protocols in the VPN an d between the CE and the PE.
36-75 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Multi-VRF CE • A customer can use multiple VLANs as l ong as they do not o verlap wit h those of other customers.
36-76 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Multi-VRF CE Use the no ip vrf vrf-name global configuration command to dele te a VRF and to remov e all interfaces from it. Use the no ip vrf f orwarding interface conf iguration command to remove an interface from the VRF .
36-77 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Multi-VRF CE For more inf ormation about conf iguring a multicast wi thin a Multi-VRF CE, see the Cisco IOS IP Multicast Conf igur ation Guide, Release 12.
36-78 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Multi-VRF CE User Interface for PING Beginning in pri vileged EX EC mode, follo w these steps to con figure VRF-a ware services for p ing.
36-79 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Multi-VRF CE User Interface for uRPF uRPF can be conf igured on an interface assigned to a VRF , and source lookup is done in the VRF table.
36-80 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Multi-VRF CE User Interface for Traceroute Beginni ng in pri vile ged EXEC mode, follo w these st ep s to configure VRF-a ware services for traceroute.
36-81 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Multi-VRF CE Note T o conf igure an EIGRP routing process to run w ithin a VRF.
36-82 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Multi-VRF CE Use the no router bgp autonomous-syste m-number global conf iguration command to delete th e BGP routing process. Use the command with keyw or ds to delete routing characteristics.
36-83 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Multi-VRF CE Switch(config)# ip vrf v11 Switch(config-vrf)# rd 800:1 Switch(co.
36-84 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Multi-VRF CE Switch(config-if)# exit Conf igure OSPF routing in VPN1 and VPN2. Switch(config)# router ospf 1 vrf vl1 Switch(config-router)# redistribute bgp 800 subnets Switch(config-router)# network 208.
36-85 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Multi-VRF CE Switch(config-router)# network 118.
36-86 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Protoco l-Independent Features Displaying Multi-VRF CE Status Y o u can use the pr ivile ged EXEC comman ds in Ta b l e 36-15 to display information about multi-VRF CE configuration and status.
36-87 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Protocol-Independe nt Features cache entries are freque ntly in v alidated because of rou ting changes, which ca n cause traff ic to be process switched using the routing table, instead of fast switched using the route cache.
36-88 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Protoco l-Independent Features Configuring the Number of Equal-Cost Routing Paths When a router has two or more rout es to the same network with th e same metrics, th ese routes can be thought of as ha ving an eq ual cost.
36-89 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Protocol-Independe nt Features The switch retains static routes unti l you remov e them. Ho wev er , you can override stati c routes with dynamic routing informati on by assigning admi nistrati ve distance v alues.
36-90 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Protoco l-Independent Features Beginni ng in pri vileged EXEC mod e, follow the.
36-91 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Protocol-Independe nt Features Y ou can also identify route-map statements as permit or deny .
36-92 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Protoco l-Independent Features Step 9 match interface type nu mber [. ..type number ] Match the specified ne xt hop route out one of the specified interfaces.
36-93 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Protocol-Independe nt Features T o delete an entry , use the no r oute-map map tag global conf iguration command or the no match or no set route-map conf iguration commands.
36-94 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Protoco l-Independent Features Configuring Policy-Based Routing Y ou can use poli cy-based routing (PBR) to configure a defined policy for traff ic flo ws.
36-95 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Protocol-Independe nt Features • Y ou can apply a policy route map to an EtherChannel port channel in Laye r 3 mode, b ut you cannot apply a policy route map to a phys ical interface that is a member of the EtherChannel .
36-96 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Protoco l-Independent Features Packets that are generated b y the switch, or local packets, are not normally pol icy-routed.
36-97 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Protocol-Independe nt Features Use the no route-map map-ta g global conf iguration command or t he no match or no set route-map confi guration commands to de lete an entry .
36-98 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Protoco l-Independent Features Use a network monitori ng pri vil eged EXEC comm.
36-99 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Protocol-Independe nt Features Filtering Sources of Routing Information Because some routing information might be more accura te than oth ers, you can use f iltering to pri oritize information com ing from dif fer ent sources.
36-100 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Monitoring and Main ta ining the IP Network Beginni ng in pri vileged EXEC mode, foll ow th ese steps to manage authentication k eys: T o remov e the key chain, use the no key chain name-of-chain global configur ation command.
36-101 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Monitoring and Maintaining the IP Network show ip r oute supernet s-only Display su pernets. show ip cache Display the routin g table used to switch IP traf f ic.
36-102 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Monitoring and Main ta ining the IP Network.
CH A P T E R 37-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 37 Configuring IPv6 Unicast Routing This chapter de scribes how to configure IPv6 unicast routin g on the Cataly st 3560 switch. For info rmation about conf iguring IPv6 Mul ticast Listener Disco very (MLD) sn ooping, see Chap ter 38, “Configuring IPv6 MLD Snoopin g.
37-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Understanding IPv6 • Use the Search field to locate th e Cisco IOS software docum entation.
37-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Understanding IPv6 • Neighbor Disco very , page 37-4 • Defaul t Router Pref erence, pa.
37-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Understanding IPv6 DNS for IPv6 IPv6 supports Domain Name System (DNS) r ecord types i n the DN S name-to-address and address-to-name lookup processes.
37-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Understanding IPv6 IPv6 Stateless Autoconfiguration and Duplicate Address Detection The switch uses stateless autoconfigur ation to manage link, subnet, and si te addressing changes, such as management of host and mobile IP addres ses.
37-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Understanding IPv6 The dual IPv4 and IPv6 templates allo w the swit ch to be used i n dual stack en vironment s. • If you try to conf igure IPv6 without f irst selecting a dual IPv4 and IPv6 template, a wa rning message appears.
37-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Understanding IPv6 EIGRP for IPv6 The switch running the IP servic es image supports Enhanced Int erior Gate way Routin g Protocol (EIGRP) for IPv6.
37-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Understanding IPv6 For infor mation about syslog o ver IPv6, includi ng configurat ion procedures, see the “Implementing IPv6 Addressing and Basic Con n ectivity” chapter in the Cisco IOS IPv6 Conf igur ation Libr ary on Cisco.
37-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Configuring IPv6 • The switch cannot forward SN AP -encapsulated IPv6 packets. Note There is a similar limitation for IPv4 SN AP-encapsulated packets, but the pack ets are dropped at the switch and are not forwar ded.
37-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Default IPv6 Configuration Ta b l e 37-1 shows the default IPv6 configuratio n.
37-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Configuring IPv6 Beginni ng in pri vileged EXEC mo de, follo w these step s to assign an .
37-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Configuring IPv6 without ar guments. T o disable IPv6 processing on an interface that has not b een explicitly con figur ed with an IPv6 address, use the no ipv6 enable interface co nfigurat ion command.
37-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Configuring IPv6 Use the no ipv6 nd router -preference int erface conf iguration command to disabl e an IPv6 DRP . This exampl e show s how to conf igure a DRP of high for the router on an interface.
37-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Configuring IPv6 T o disable IPv4 routing, use the no ip routing global co nfiguratio n command. T o disable IPv6 routing, use the no ipv6 unicast-routing g lobal conf iguration command.
37-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Configuring IPv6 Enabling DHCPv6 Server Function Beginning in priv ileged EXEC mode, foll ow these st eps to en able the DHCPv6 server fu nction on an interface.
37-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Configuring IPv6 T o delete a DHCPv6 pool, use the no ipv6 dhcp pool poolname global configuration com mand. Use th e no form of the DH CP pool configuration m ode comma nds to change the DHCPv6 pool characteristics.
37-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Configuring IPv6 Switch(config-dhcpv6-vs)# suboption 1 address 1000:235D::1 Switch(config.
37-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Beginning in priv ileged EXEC mode, foll ow th ese st eps to change the ICMP rate-limiting paramet ers: T o return to the d efault conf iguration, use the no ipv6 ic mp error -interval gl obal configuration command.
37-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Configuring IPv6 Beginni ng in pri vileged EXEC mode, follow these steps to conf igure an IPv6 static route: Command Purpose Step 1 configur e terminal Enter global conf iguration mode.
37-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Configuring IPv6 T o remov e a configured static route, use the no ipv6 r oute ipv6-pr efix/pr efix length { ipv6-addr ess | interface- id [ ipv6-addr ess ]} [ administrative distance ] global conf iguration command.
37-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Configuring IPv6 T o disable a RIP routing process, use the no ipv6 router rip name global con figuration command. T o disable the RIP rou ting proce ss for an interface, use the no ipv6 rip name in terface conf iguration command.
37-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Beginning in pri vile ged EXEC mode, follo w these re quired and optional st ep s to configure IPv6 OSPF: Command Purpose Step 1 configur e terminal Enter global conf igurat ion mode.
37-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Configuring IPv6 T o disable an OSPF routing process, use the no ipv6 r outer ospf pr ocess-id global configurati on command.
37-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Enabling HSRP Version 2 Beginni ng in pri vileg ed EXEC mode, follo w these steps to enable HSRP v ersion 2 on a Layer 3 interface.
37-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Displaying IPv6 Use the no standby [ gr oup-number ] ipv6 interf ace conf iguration command to di sable HSRP for IPv6. This exampl e show s how to acti vate HSRP for IPv6 for gr oup 1 on a port.
37-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Displaying IPv6 Ta b l e 37-2 shows the pri vile ged EXEC commands for monitor ing IPv6 on the switch. Ta b l e 37-3 shows the pri vile ged EXEC command for displaying EIGRP IPv6 i nformation.
37-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Displaying IPv6 This is an example of the output from the show ipv6 interface pri vile ge.
37-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Displaying IPv6 This is an example of the output from the show ipv6 rip pri vile ged EXEC command: Switch# show ipv6 rip RIP process "fer", port 521, multicast-group FF02::9, pid 190 Administrative distance is 120.
37-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Displaying IPv6 0 group query, 0 group report, 0 group reduce 1 router solicit, 0 router .
37-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Displaying IPv6.
CH A P T E R 38-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 38 Configuring IPv6 MLD Snooping Y ou can use Multicast Listen er Disco very (MLD) s nooping to enab le ef fici ent distrib ution of IP ver si on 6 (IPv6) multicast data to clients and routers in a switched netw ork on the Catalyst 3560 sw itch.
38-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Config uring IPv6 MLD Snooping Understanding MLD Snooping The switch supp orts two versions of MLD snooping: • MLDv1 snooping detect s MLDv1 control packet s and sets up traf fic br idging based on IPv6 destination multicast addresses.
38-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Configuring IPv6 MLD Sn ooping Understanding MLD Sno oping When MLD snooping is disabled , all MLD queries are flooded in the i ngress VLAN.
38-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Config uring IPv6 MLD Snooping Understanding MLD Snooping MLD Reports The processing of MLDv1 join messages is e ssent ially the same as with IGMPv2 . When no IPv6 multicast routers are detected in a VLAN, reports are not processed or forwarded from the switch.
38-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Configuring IPv6 MLD Sn ooping Configuring IPv6 MLD Snooping confi guration command.
38-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Config uring IPv6 MLD Snooping Configuring IPv6 MLD Snooping MLD Snooping Configuration Guidelines When config uring MLD sn.
38-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Configuring IPv6 MLD Sn ooping Configuring IPv6 MLD Snooping T o disable MLD snooping on a VLAN interface, use the no ipv6 mld snooping vlan vlan -id global confi guration command for t he specifi ed VLAN number .
38-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Config uring IPv6 MLD Snooping Configuring IPv6 MLD Snooping Switch(config)# end Configuring a Multicast Router Port Althou.
38-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Configuring IPv6 MLD Sn ooping Configuring IPv6 MLD Snooping T o disable MLD Immediate Leave on a VLAN, use the no ipv6 mld snooping vlan vlan-id immediat e-leav e global conf iguration command.
38-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Config uring IPv6 MLD Snooping Configuring IPv6 MLD Snooping This example sho ws how to set the MLD sn ooping glo bal robu.
38-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Configuring IPv6 MLD Sn ooping Displaying MLD Snooping Information Beginning in priv ileged EXEC mode, foll ow these steps.
38-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Config uring IPv6 MLD Snooping Displayi ng MLD Sn ooping Information show ipv6 mld snooping multicast-addr ess [ vlan vlan.
CH A P T E R 39-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 39 Configuring IPv6 ACLs This chapter includ es information about conf iguring IPv6 A CLs on the Catalyst 3560 switch.
39-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 39 Configuring IPv6 A CLs Understanding IPv6 ACLs Understanding IPv6 ACLs A switch image supports tw o types of IPv6 A CLs: .
39-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 39 Configuring IPv6 ACLs Configuring IPv6 ACLs • If the switch runs out of TCAM space, packets associated with the A CL label are forwarded to the CPU, and the A CLs are applied in software.
39-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 39 Configuring IPv6 A CLs Configuring IPv6 ACLs Step 3 Apply the IPv6 A CL to an interface. For router A CLs, you must also configure an IPv 6 address on the Layer 3 inte rface to which the ACL is applied.
39-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 39 Configuring IPv6 ACLs Configuring IPv6 ACLs Step 3a deny | permit pr otocol { sour ce-ipv6-pr efix / pr efix-lengt h | any .
39-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 39 Configuring IPv6 A CLs Configuring IPv6 ACLs Step 3b deny | permit tcp { sour ce-ipv6-pr ef ix / pr efix-lengt h | any | ho.
39-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 39 Configuring IPv6 ACLs Configuring IPv6 ACLs Use the no deny | permit IPv6 access-list conf iguration commands w ith ke ywords to remo ve the den y or permit conditions from the specified access list.
39-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 39 Configuring IPv6 A CLs Displaying IPv6 ACLs Displaying IPv6 ACLs Y ou can display information about all configured access lists, all IPv6 access lists, or a specific access list by u sing one or more of th e pri vileged EXEC commands in Ta b l e 39-1 .
CH A P T E R 40-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 40 Configuring HSRP This chapter de scribes how to use Hot Standby Router Prot ocol (HSRP) on the Ca talyst 3560 switch to provid e routing redundan cy for rou ting IP traf f ic not dependent on the a v ailability of any single ro uter .
40-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Understanding HSRP Note Routers in an HSRP group can be an y router interf ace that supports HSRP , including Catalyst 3560 routed ports and switch v irtual interfaces (SVIs).
40-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Understanding HSRP Figur e 40-1 T ypical HSRP Configuration HSRP Versions Cisco IOS Release 12.2(46)SE and lat er support these Hot Standb y R ed un d an c y Protocol (HSRP) ver si ons : • HSRPv1—V ersion 1 of the HSRP , the default v ersion of HSRP .
40-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP Multiple HSRP The switch supports Multiple HSRP (MHSRP), an e xtension of HSRP th at allo ws load sharing bet ween two or more HSRP groups.
40-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP • Config uring MHSRP , page 40-10 • Config uring HSRP Authenti cation and T imers, pa.
40-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP • In the configuration p rocedur es, the specified interface must be a Layer 3 interface: – Routed port: a ph ysical port conf igured as a Layer 3 port b y entering th e no switchport interface con figuration command.
40-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP Use the no standby [ gr oup-number ] ip [ ip-addr ess ] in terface conf iguration command to disable HSRP . This exampl e show s how to activ ate HSRP f or group 1 on an interface.
40-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP When config uring HSRP priority , follow these guidelin es: • Assigning a prio rity allo ws you to select the act i ve and standb y routers.
40-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP Use the no standby [ gr oup-number ] priority priority [ pr eempt [ delay dela y ]] and n.
40-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP Configuring MHSRP T o enable MHSRP and load balancing, you conf igure two rou ters as acti ve routers for thei r groups, with virtual router s as standb y routers.
40-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP Beginni ng in pri vileged EXEC mod e, use one or more of these steps to con figur e HSRP.
40-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP Enabling HSRP Support for ICMP Redirect Messages In releases earlier than Cisco IOS R elease 12.2 (18)SE, ICMP (Internet Control Message Protocol ) redirect messages were automaticall y disabled on interfaces configur ed with HSRP .
40-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Displaying HSRP Configurations Displaying HSRP Configurations From pri vileged EXEC mode, use this comman.
40-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Displaying HSRP Configurati ons.
CH A P T E R 41-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 41 Configuring Cisco IOS IP SLAs Operations This chapter describes ho w to use Cisco IOS IP Service Le vel Agreements (SLAs) on the Cat alyst 3560 switch.
41-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Config uring Cisco IOS IP SLAs Operations Understanding Cisco IOS IP SLAs Depending on the specif ic Cisco IOS IP SLAs oper.
41-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Configuring Cisco IOS IP SLAs Operations Understanding Cisco IOS IP SLAs Using Cisco IOS IP SLAs to Measure Network Perform.
41-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Config uring Cisco IOS IP SLAs Operations Understanding Cisco IOS IP SLAs IP SLAs Responder and IP SLAs Control Protocol Th.
41-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Configuring Cisco IOS IP SLAs Operations Understanding Cisco IOS IP SLAs Figur e 41 -2 Cisco IOS IP SLAs Responder Time Sta.
41-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Config uring Cisco IOS IP SLAs Operations Configuring IP SLAs Operations • One-way mean op inion score (MO S) • One-way latenc y An IP SLAs threshold violation can also trigger another IP SLAs op eration for further analysis.
41-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Configuring Cisco IOS IP SLAs Operations Configuring IP SLAs Operations For detailed descriptions and conf iguration procedures, see the Cisco IOS IP SLAs Conf igur ation Guide , Release 12.
41-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Config uring Cisco IOS IP SLAs Operations Configuring IP SLAs Operations Configuring the IP SLAs Responder The IP SLAs resp.
41-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Configuring Cisco IOS IP SLAs Operations Configuring IP SLAs Operations In addition to mon itoring jitter , the IP SLAs UDP ji tter operation can be used as a multipurpose data gathering operation.
41-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Config uring Cisco IOS IP SLAs Operations Configuring IP SLAs Operations Step 3 udp-jitter { destination-ip-addr ess | des.
41-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Configuring Cisco IOS IP SLAs Operations Configuring IP SLAs Operations T o d is a bl e th e IP S L As operation, enter the no ip sla operation-n umber global conf iguration command.
41-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Config uring Cisco IOS IP SLAs Operations Configuring IP SLAs Operations Note This operation does not require th e IP SLAs responder to be enabled.
41-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Configuring Cisco IOS IP SLAs Operations Monitoring IP SLAs Operations T o disable the IP SLAs operatio n, enter the no ip sla oper ation-number gl obal configurati on command.
41-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Config uring Cisco IOS IP SLAs Operations Monitoring IP SLAs Operations Ta b l e 41 -1 Monit or ing IP SLAs Oper ations Command Purpose show ip sla application Display global informati on about Cisco IOS IP SLAs.
CH A P T E R 42-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 42 Configuring Enhanced Object Tracking This chapter describe s how to conf igure enhance d object tracking o n the Catalyst 3560 switch. This feature provides a more comple te alternative to the Hot Stan dby Routing Proto col (HSRP) tr acking mechanism.
42-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configu ring Enhanced Object Track ing Configuring Enh anced Object Trac king Features Configuring Enhanced Object Tracking.
42-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configuring Enhan ced Object Tracking Configuring Enhanced Obje ct Tracking Features This example configures the tracki ng .
42-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configu ring Enhanced Object Track ing Configuring Enh anced Object Trac king Features Beginning in priv ileged EXEC mode, .
42-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configuring Enhan ced Object Tracking Configuring Enhanced Obje ct Tracking Features Beginni ng in pri vile ged EXEC mode, .
42-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configu ring Enhanced Object Track ing Configuring Enh anced Object Trac king Features Beginni ng in pri vile ged EXEC mode.
42-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configuring Enhan ced Object Tracking Configuring Enhanced Obje ct Tracking Features Configuring HSRP Object Tracking Begin.
42-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configu ring Enhanced Object Track ing Configuring Enh anced Object Trac king Features Configuring Other Tracking Characteristics Y ou can also use the enhanced obje ct trac king for tracking ot her characteristics .
42-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configuring Enhan ced Object Tracking Configuring Enhanced Obje ct Tracking Features Configuring IP SLAs Object Tracking Ci.
42-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configu ring Enhanced Object Track ing Configuring Enh anced Object Trac king Features Latest operation return code: over .
42-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configuring Enhan ced Object Tracking Configuring Enhanced Obje ct Tracking Features Beginni ng in pri vileged EXEC mode, .
42-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configu ring Enhanced Object Track ing Monitoring Enhanced Ob ject Tracking Configuring a Routing Policy and Default Route Beginni ng in pri vileged EXEC mode, follo w these steps to conf igure a routing polic y for backup static routing by using object tracking.
42-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configuring Enhan ced Object Tracking Monitoring Enhanced Ob ject Tracking show track brief Display a single line of tracking informat ion output. show track interface [ brief ] Display informatio n about tracked interf ace objects.
42-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configu ring Enhanced Object Track ing Monitoring Enhanced Ob ject Tracking.
CH A P T E R 43-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 43 Configuring Web Cache Services By Using WCCP This chapter describe s how to conf igure your Ca talyst 3560 switch to re direct traff ic to wide-area application engines (such as the Cisco Cache En gine 550) by using the W eb Cache Communication Protocol (WCCP).
43-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Cac he Services By Using WCCP Understanding WCCP WCCP enables supported Cisco routers and switches to transparently redirect content requests. Wi th transparent redirection, users do no t hav e to conf igure their bro wsers to use a web proxy .
43-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Ca che Services By Using WCCP Understanding WCCP WCCP Negotiation In the exchange of WCCP protocol messages.
43-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Cac he Services By Using WCCP Understanding WCCP Y o u can conf igure up to 8 serv ice groups on a switch or switch stack and up to 32 cache engines per service group.
43-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Ca che Services By Using WCCP Configuring WCCP Configuring WCCP These sections describe ho w to conf igure .
43-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Cac he Services By Using WCCP Configuring WCCP • Y ou cannot conf igure WCCP a nd a pri v ate VL AN (PVLAN) on the same switch interface.
43-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Ca che Services By Using WCCP Configuring WCCP T o disable the web cache service, use the no ip wccp web-cache global configurat ion command.
43-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Cac he Services By Using WCCP Configuring WCCP Switch(config-if)# ip address 175.
43-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Ca che Services By Using WCCP Monitoring and Maintaining WCCP Switch(config-if)# ip wccp web-cache redirect.
43-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Cac he Services By Using WCCP Monitoring and Maintaining WCCP.
CH A P T E R 44-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 44 Configuring IP Multicast Routing This chapter describes how to conf i gure IP mul ticast routing on the Cataly st 3560 switch.
44-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Understanding Cisco’s Impleme ntation of IP Multicast Routing Understanding Cisco’s I.
44-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Understanding Cisco’s Implementa tion of IP Multicast Routing Understanding IGMP T o participate in IP multicasting, multicast hosts, routers, and multilayer switches must ha ve the IGMP operating.
44-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Understanding Cisco’s Impleme ntation of IP Multicast Routing Understanding PIM PIM is .
44-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Understanding Cisco’s Implementa tion of IP Multicast Routing When a new recei ver on a.
44-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Understanding Cisco’s Impleme ntation of IP Multicast Routing The PIM stub feature is enforced in the IP base image.
44-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Understanding Cisco’s Implementa tion of IP Multicast Routing Mapping agents periodical ly multicast the contents of their Grou p-to-RP mapping caches.
44-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Understanding Cisco’s Impleme ntation of IP Multicast Routing 3.
44-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing Cisco routers and multilayer sw itches run PIM and can forw ard multicast packet s to and receiv e from a D VMRP neighbor .
44-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing • Using Auto-RP an d a BSR, page 44-33 (req uired for.
44-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing a proprietary Cisco protoco l. PIMv2 is a standards track protocol in the I ETF . W e recommend that you use PIMv2.
44-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing Y ou can configure an interface to be in PIM dense mode, sparse mode, or sparse-dense mode.
44-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing T o disable multicast ing, use the no ip multicast-r outing distribut ed global configurat ion command. T o return to the defaul t PIM version, use the no ip pim version interf ace configuration command.
44-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing How SSM Differs from Inte rnet Standard Multicast The c.
44-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing • No MSDP source-activ e (SA) messages within the SSM range are accepted, generated, or forwarded. IGMPv3 Host Signalling In IGMPv3, hosts signal membership to last hop routers of mul ticast groups.
44-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing State Maintenance Limitations In PIM-SSM, the last hop router continues to periodicall y send (S, G) join messages if appro priate (S, G) subscriptions are on the interfaces.
44-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing • Config uration Guidelines, page 44-17 • SSM Mappi.
44-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing SSM mapping enables the last hop rou ter to deter mine the source addresses either by a statically confi gured table on the router or throug h a DNS serv er .
44-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing switchover mechanism.
44-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing Go to this URL to see SSM mapping conf igurati on examples: http://www .cisco.com/en/ US/products/sw/iosswrel/ ps5207/products_feature _guide09186a00801a6d 6f.
44-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing Beginni ng in pri vileged EXEC mo de, follo w these ste.
44-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing Configuring PIM Stub Routing The PIM Stub routing feature support s multicast ro uting between the distribution layer and the access layer .
44-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing Switch(config)# interface vlan100 Switch(config-if)# ip.
44-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing Senders of multicast tr af fic anno unce their existence through register messages recei ved from the source first- hop router (designated ro uter) and forwarded to the RP .
44-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing T o remov e an RP address, use the no ip pim rp-address ip-ad dr ess [ access-list-number ] [ override ] global conf iguratio n command.
44-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing Beginni ng in pri vileged EXEC mode, follo w these steps to deplo y Auto-RP in an existing sparse- mode cloud.
44-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing T o remov e the PIM device conf igured as the candidate RP , use the no ip pim send-rp-announce interface- id global co nfiguratio n command.
44-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing Filtering Incoming RP An nouncement Messages Y o u can .
44-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing This exampl e show s a sample confi guration on an Auto.
44-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing T o remove the PIM border , use the no ip pim bsr -border interface co nfiguratio n command.
44-31 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing T o remov e the boundary , use the no ip multicast boundary interf ace config uration command.
44-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing Configuring Candidate RPs Y o u can conf igure one or more can didate RPs. Similar to BSRs, the RPs should also ha ve g ood connectivity to other devices and b e in the backbone portio n of the network.
44-33 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing This exampl e show s how to configu re the switch to advertise itself as a candidate RP to the BSR in its PIM domain.
44-34 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Adva nced PIM Features Troubleshooting PIMv1 and PIMv2 Interoperability Problems When debug ging interoperabilit y problems between PIMv1 and PIMv2, check these in the order shown: 1.
44-35 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Advanced PIM Feature s This process describes the move from a shared tree to a source tree: 1. A receiver joins a group; leaf Ro uter C sends a join message toward the RP .
44-36 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Adva nced PIM Features Beginning in priv ileged EXEC mode, foll ow th ese steps to conf igure a traff ic rate threshold that must be reached before multicast routing is switched fro m the source tree to the shortest-path tree.
44-37 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Optional IGM P Features W ith PIM DM operation , the DR has meaning only if IGMPv1 is i n use. IGMPv1 does not hav e an IGMP querier election process, so the elected DR functions as the IGMP querier .
44-38 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Optio nal IGMP Features Default IGMP Configuration Ta b l e 44-4 shows the def ault IGMP conf iguration.
44-39 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Optional IGM P Features This exampl e show s how to en able the switch to join multicast gro up 255.2.2.2: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ip igmp join-group 255.
44-40 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Optio nal IGMP Features Changing the IGMP Version By default, th e switch uses IGMP V ersion 2, which pro vides featu res such as t he IGMP query time out and the maximum query response time.
44-41 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Optional IGM P Features Beginning in priv ileged EXEC mode, foll ow these steps to modify the host-query interv al. This procedure is optional.
44-42 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Optio nal IGMP Features Changing the Maximum Query Response Time for IGMPv2 If you are us ing IGMPv2, you can change the m aximum query response time ad vertised in IGMP queries.
44-43 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Optional Multicast Rou ting Features T o remov e the switch as a member of the g roup, use the no ip igmp static-group gr oup-addr ess interface configuration command.
44-44 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Optional Multicast Routing Features T o disable CGMP on the interface, use the no ip cgmp interface conf iguration command.
44-45 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Optional Multicast Rou ting Features Enabling sdr List ener Support By default, the switch d oes not listen to session directory adv ertisements.
44-46 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Optional Multicast Routing Features administrati vely-scoped b oundary on a .
44-47 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Basic DVMRP Interopera bility Features Beginni ng in pri vileged EXEC mode, fo llow t hese step s to set up an administrati vely- scoped boundary .
44-48 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Basic DVMRP Interoperabi lity Features Configuring DVMRP Interoperability Cisco multicast routers and mul tilayer switch es us ing PIM can interoperate wi th non-Cisco multicast routers that use the D VMRP .
44-49 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Basic DVMRP Interopera bility Features T o disable the metric or route map, .
44-50 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Basic DVMRP Interoperabi lity Features Configuring a DVMRP Tunnel The software support s D VMRP tunnels to the MBONE. Y ou can configure a D VMRP tunnel on a router or multil ayer switch if the other end is running DVMRP .
44-51 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Basic DVMRP Interopera bility Features T o disable the filter , use the no ip dvmr p accept-filt er access-list-number [ di stance ] neighbor - list access-list-number interface conf iguration comman d.
44-52 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Advanced DVMRP Interoperability Features Beginni ng in pri vileged EXEC mode, foll ow th ese steps to advertise netw ork 0.0.0.
44-53 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Advanced DVMRP Interoperability Feature s These sections contain this config.
44-54 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Advanced DVMRP Interoperability Features Rejecting a DVMRP Nonpruning Neighbor By default, Ci sco de vices accept all D VMRP neighbors as peers, re gardless of their D VMRP capability .
44-55 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Advanced DVMRP Interoperability Feature s Figur e 44-9 Router Rejects N onpr uning D VMRP Neighbor Note that the ip dvmr p reject-non- pruners interface conf iguration comman d prev ents peering with neighbors only .
44-56 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Advanced DVMRP Interoperability Features • Config uring a D VMRP Summary A.
44-57 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Advanced DVMRP Interoperability Feature s T o return to the def ault setting use the no ip dvmr p ro utehog-notif ication global conf iguration command.
44-58 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Advanced DVMRP Interoperability Features Figur e 44-1 0 Only Connected Unica.
44-59 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Advanced DVMRP Interoperability Feature s Disabling DVMRP Autosummarization By default, th e software automatically performs some le vel of D VMRP summarization.
44-60 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Monitoring and Maintain ing IP Multicast Routing T o return to the def ault setting, use t he no ip dvmrp metric-offset interface conf iguration com mand.
44-61 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Monitoring and Maintainin g IP Multicast Routing Displaying System and Network Statistics Y ou can display speci fic statistics, s uch as the c ont ents of IP routing tables, caches, and databas es.
44-62 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Monitoring and Maintain ing IP Multicast Routing Monitoring IP Multicast Routing Y ou ca.
CH A P T E R 45-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 45 Configuring MSDP This chapter describe s how to conf igure the M ulticast Source Discovery Protocol (MSDP) on the Catalyst 3560 switch. The MSDP connect s multiple Protocol-Indep endent Multicast sparse-mode (PIM-SM) domains.
45-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Understanding MSDP MSDP depends hea vily on the Border Gate way Pro tocol (BGP) or MBGP for interdomain op eration. W e recommend that you run MSD P in RPs in your domain that are RPs for sources sending to global grou ps to be announced to the Internet.
45-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Configuring MSDP Configuri ng MSDP Figur e 45-1 MSDP Running Between RP P eers MSDP Benefits MSDP has these benefits: • It breaks up the shared multicas t distribut ion tree.
45-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Configuring MSDP • Controlling Source Informati on that Y o ur Switch Origi nates, page 45-8 (optional).
45-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Configuring MSDP Configuri ng MSDP Figur e 45-2 Def ault MSDP Peer Netw or k Beginni ng in pri vileged EXEC mode, fo llow th ese steps to specify a default MSDP peer . This procedure is requi red.
45-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Configuring MSDP T o remov e the default peer , use the no ip msdp default-peer ip-addr ess | name global conf iguration command. This examp le shows a partial con figur ation of Router A and Ro uter C in Figure 45-2 .
45-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Configuring MSDP Configuri ng MSDP Note An alternati ve to this command is th e ip msdp sa-request glob al conf iguration comman d, which causes the switch to send an SA request mess age to the MS DP peer when a ne w member for a group beco mes activ e.
45-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Configuring MSDP Requesting Source Information from an MSDP Peer Local RPs can send SA requests and get immedi ate responses for all acti v e sources for a gi ven grou p.
45-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Configuring MSDP Configuri ng MSDP Redistributing Sources SA messages originate on RPs to which sou rces hav e registered. By d efault, an y source that regist ers with an RP is advertised.
45-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Configuring MSDP T o remov e the filter , use the no ip msdp redistrib ute global conf iguration comman d. Filtering Source-Active Request Messages By default, only switches that are caching SA in form ation can respond to SA requests.
45-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Configuring MSDP Configuri ng MSDP Beginni ng in pri vileged EXEC mode, follow these steps to conf igure one of these options.
45-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Configuring MSDP Using a Filter By creating a filter , you ca n perform one of these actions: • Filter.
45-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Configuring MSDP Configuri ng MSDP T o remov e the fi lter , use the no ip msdp sa-f ilter out { ip- addr ess | name } [ list access-list-number ] [ rou te - ma p map-tag ] global conf igurati on command.
45-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Configuring MSDP Y o u can perfor m one of these actions: • Filter all incoming SA messages from an MS.
45-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Configuring MSDP Configuri ng MSDP T o remov e the fi lter , use the no ip msdp sa-f ilter in { ip-a ddr ess | name } [ list access-list-number ] [ rou te - ma p map-tag ] global conf igurati on command.
45-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Configuring MSDP T o bring the peer back up, use the no ip msdp shutdown { peer -name | peer addr ess } global confi guration command.
45-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Configuring MSDP Configuri ng MSDP Note that the ip msdp origin ator -id global configuration command also identif ies an interface to be used as the RP address.
45-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Monitoring and Maintaining MSDP Monitoring and Maintaining MSDP T o monitor MSDP SA messages, peers, sta.
CH A P T E R 46-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 46 Configuring Fallback Bridging This chapter describes h ow to configure f allback bridg ing (VLAN bridging ) on the Catalyst 3560 switch .
46-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configurin g Fallback Bridging Configuring Fallbac k Bridging Fallb ack bridging does not al lo w the spanning trees fr om the VLANs being bridged to collapse.
46-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configuring Fallback Bridging Configuring Fallback Bridging • Creating a Bridge Group, page 46 -3 (required) • Adjustin.
46-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configurin g Fallback Bridging Configuring Fallbac k Bridging Beginning in priv ileged EXEC mode, foll ow th ese steps to create a bridge group and to assign an interface to it.
46-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configuring Fallback Bridging Configuring Fallback Bridging Switch(config-if)# exit Adjusting Spanning-Tree Parameters Y o u might need to adjust certain spanning-tree parameters if the def ault v alues are not suitable.
46-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configurin g Fallback Bridging Configuring Fallbac k Bridging T o return to the default setting, use the no bridge bridge-gr oup priority global configuratio n command.
46-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configuring Fallback Bridging Configuring Fallback Bridging T o return to the defaul t path cost, use the no bridge-group bridg e-gr oup path-cost interface confi guration command.
46-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configurin g Fallback Bridging Configuring Fallbac k Bridging T o return to the def ault setting, use t he no bridge bridge-gr oup hello-time global configuration command.
46-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configuring Fallback Bridging Configuring Fallback Bridging Changing the Maximum-Idle Interval If a switch doe s not recei v e BPDUs from the root switch within a sp ecified i nterval, it recomputes the spanning-tree to pology .
46-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configurin g Fallback Bridging Monitoring and Main ta ining Fallback Bridging This exampl e show s how to disable spanning.
CH A P T E R 47-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 47 Troubleshooting This chapter describes ho w to identify and resolve softw are problems related to the Cisco IOS software on the Catalyst 3560 switch.
47-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Recovering from a Software Failure • T roubleshoot ing T ables, page 47-24 Recovering from a Software Failure Switch software can be corrupted during an upgrad e, by do wnloading the wr ong fi le to the switch, and by deleting th e image file.
47-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Recovering from a Lost or Fo rgotten Password switch: flash_init Step 8 If you had set the consol e port speed to an ything othe r than 9 600, it has been reset to that part icular speed.
47-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Recovering from a Lost or Forgotten Password Step 4 Reconnect the power cord to the switch and, within 15 seconds, press the Mode bu tton while the System LED is still flashi ng green.
47-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Recovering from a Lost or Fo rgotten Password Step 5 Rename the conf iguration f ile to conf ig.te xt.old. This f ile contains the passw ord defini tion. switch: rename flash: config.
47-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Recovering from a Lost or Forgotten Password Procedure with Password Recovery Disabled If the password-reco very mechan ism is disabled, this message appears: The password-recovery mechanism has been triggered, but is currently disabled.
47-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Recovering from a Command Switc h Failure Step 6 Enter glob al configuration mode : Switch# configure term.
47-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Recovering from a Command Switch Failure Y ou can prepare for a command switch failure by assi gning an IP.
47-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Recovering from a Command Switc h Failure Basic management setup configures only enough connectivity for m.
47-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Recovering from a Command Switch Failure Replacing a Failed Command Switch with Another Switch T o replac.
47-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Recovering from Lost Cluster M ember Connectivity Step 10 When prompted, assign a name to the cluster , and pr ess Return . The cluster name can be 1 to 31 alphanu meric characters, dashes, or underscores.
47-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Troubleshooting Power over Ethernet Switch Por ts Troubleshooting Power over Ethernet Switch Ports These sections describe ho w to troublesh oot Po wer ov er Ethernet (PoE) ports.
47-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Monitoring SFP Module Status error-disabled state. After the elapsed interv al, the sw itch brings the interf ace out of the error -disabled state and retries the operation.
47-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Using Ping • Destination unreachable—If the default gate wa y cannot reach the sp ecified network, a destination-unr eachable message is returned.
47-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Using Layer 2 Traceroute T o end a pi ng session, en ter the escape sequence ( Ctrl-^ X by default). Simultaneously press and release the Ctrl , Shift , and 6 key s and then pres s the X key .
47-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Using IP Traceroute • If the source or destination MA C address belongs to multiple VLANs, yo u must specify the VLAN to which both th e source and d estination MA C addr esses belong.
47-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Using IP Traceroute The traceroute pri vileged EXEC co mmand uses the T ime T o Li ve (TTL) f ield in the IP header to cause routers and servers to gene rate specific return messages.
47-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Using TDR T o end a trace in progress, enter the escape sequence ( Ctrl-^ X by def ault). Simultaneously press and release the Ctrl , Shift , and 6 ke ys and then press the X key .
47-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Using Debug Commands Running TDR and Displaying the Results T o run TDR, enter the test cable-diagnostics.
47-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Using the show platfo rm forward Command T o display the state of each debugging option, enter this co mm.
47-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Using the show platform forward Command Most of the information i n the output from the command is useful mainly for technical supp ort personnel, who have access to detailed information about the switch applicat ion-specific integrated circuits (ASICs).
47-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Using the show platfo rm forward Command Egress:Asic 3, switch 1 Output Packets: ------------------------.
47-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Using the c rashinfo Fil es Using the crashinfo Files The crashinfo f iles sav e information that hel ps Cisco technical support rep resentati ves to deb ug problems that caused the Cisco IOS image to fail (cra sh).
47-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Troubleshooting Tables Troubleshooting Tables These tables are a condensed v ersion of troubleshootin g documents on Cisco.
47-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Troubleshooting Tab les This ex ample sho ws normal CPU util ization.
47-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Troubleshooting Tables Troubleshooting Power over Ethernet (PoE) Figur e 47 -1 Po w er Over Ether net T r oubleshooting Scenar ios Symptom or problem Possible cause and solution No PoE on only one port.
47-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Troubleshooting Tab les No PoE on all port s or a group of ports. T rouble is on all switch por ts. Nonpo wered Ethernet de vices cannot estab lish an Ethernet link on any port, and PoE de vices do not po wer on.
47-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Troubleshooting Tables Cisco IP Phone disconnects or resets. After workin g normally , a Cisco phone or wireless access point intermittentl y reloads or disconnects from PoE.
47-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Troubleshooting Tab les Troubleshooting Stackwise Ta b l e 47 -4 Switch Stac k T roubleshooting Scenar ios Symptom/problem How to V erify Problem Possible C ause/Solution General troubleshooting of switch stack issues Revie w this docum ent.
47-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Troubleshooting Tables Slo w traff ic throughput on stack ring T est the switch interface. Defective StackW ise switch interface. Note The only solution is to replace the switch.
CH A P T E R 48-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 48 Configuring Online Diagnostics This chapter descri bes how to configure the online diagnostic s on the Catalyst 3560 switches.
48-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 48 Configuring Online Diagnostics Configuring Health-M onitoring Diagnostic s Beginni ng in global conf iguration mode, use th.
48-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 48 Configuring Online Diagnostics Running Online Diagnostic T ests Running Online Diagnostic Tests After you configure online diag nostics, you can start di agnostic tests or display t he test results.
48-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 48 Configuring Online Diagnostics Displaying Online Diag nostic Tests and Test Results Th is exa mp le show s h ow to display .
A-1 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 APPENDIX A Supported MIBs This appendix lists t he supported management in for mation base (MIBs) for this release on the Catalyst 3560 switch.
A-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix A Supported MIBs MIB List • CISCO-IETF-IP-FOR W ARDING-MIB • CISCO-IGMP-FIL TER-MIB • CISCO-IMA GE-MIB • CISCO IP-ST A.
A-3 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix A Supported MIBs Using FTP to Access the MIB Files • OLD-CISCO-CHASSIS-MIB • OLD-CISCO-FLASH-MIB • OLD-CISCO-INTERF ACE.
A-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix A Supported MIBs Using FTP to Acce ss the MIB Files Step 5 At the ftp> prompt, change directories to /pub/mibs/v1 and / pub/mibs/v2 . Step 6 Use the get MIB_filen ame command to obtain a copy of the MIB f ile.
B-1 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 APPENDIX B Working with the Cisco IOS File System, Configuration Files, and Software Images This appendix describes ho w to man ipulat.
B-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with the Flash File System Displa.
B-3 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with the Flash File System Settin.
B-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with the Flash File System T o di.
B-5 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with the Flash File System Use the /recursiv e ke yword to delete th e named directory and all subd irectories and the f iles contained in it.
B-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with the Flash File System Use the /recursiv e ke yword for deleti ng a directory and all su bdirectories and the f iles contained in it.
B-7 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with the Flash File System This example sh ows ho w to create a tar f ile.
B-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files • For the RCP , the syntax is rcp : [[ // username @ location ] / directory ] / tar-filename .
B-9 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s Y ou can co py ( upload ) conf iguration files f rom the switch to a f ile server b y using TFTP , FTP , or RCP .
B-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files Configuration File Types and Location n Startup conf iguration f iles are used during syst em startup to conf igur e the softw are.
B-11 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s Make sure that the /etc/servi ces file contai ns this line: tftp 69/udp Note Y ou must restart the inetd daem on after modifying th e /etc/inetd.
B-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files Uploadi.
B-13 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s If the server has a directory structure, the conf iguratio n file is writ ten to or copied from the directory associated with the username on the server .
B-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files This example sho ws ho w to copy a conf igurati on file named host1-confg from the netadm in1 directory on the remo te server with an IP address of 172.
B-15 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s This e.
B-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files The RCP requires a client to se nd a remote username with each RCP request to a server .
B-17 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s Downlo.
B-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files Uploadi.
B-19 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s Cleari.
B-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files Y ou us.
B-21 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s Config.
B-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files Perform.
B-23 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images Working wit.
B-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Software Image s Image Location on the Switch The Cisco IOS image is stored as a .
B-25 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images Copying Image Files By Using TFTP Y o u can do wnload a switch image fro m a TFTP serv er or upl oad the image from the switch to a TFTP server .
B-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Software Image s • Ensure that the switch has a rout e to the TFTP server .
B-27 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images The do wnlo.
B-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Software Image s Caution For the do wnload and upload algo rithms to operate properly , do no t rename imag e names.
B-29 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images These secti.
B-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Software Image s • When you upload an image f ile to the FTP server , it must be properl y configured to accept the write request from the user on the switch.
B-31 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images The do wnlo.
B-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Software Image s Beginni ng.
B-33 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images Note Instea.
B-34 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Software Image s operations.
B-35 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images The do wnlo.
B-36 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Software Image s If you specify the /lea ve-old-sw , the existing f iles are not remo ved.
B-37 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images The archiv .
B-38 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Software Image s.
C-1 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 APPENDIX C Unsupported Commands in Cisco IOS Release 12.2(50)SE This appendix lists some of th e command-line interf ace (CLI) command.
C-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE Access Control Lists • SNMP , page C-16 • SNMPv3, page C-17 • .
C-3 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix C Unsupported Commands in Cisco IOS Release 12.2(50)SE ARP Commands ARP Commands Unsupported Global Configuration Commands ar.
C-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE Debug Commands Unsupported Commands in Applet Configuration Mode no .
C-5 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix C Unsupported Commands in Cisco IOS Release 12.2(50)SE FallBack Bridging bridge cmf bridge crb bridge bridge-gr oup domain do.
C-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE High Availability High Availability Unsupported SSO-Aware HSRP Comma.
C-7 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix C Unsupported Commands in Cisco IOS Release 12.2(50)SE Interface Commands Interface Commands Unsupported Privileged EXEC Comm.
C-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE IP SLA Unsupported Global Configuration Commands ip multicast-r outi.
C-9 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix C Unsupported Commands in Cisco IOS Release 12.2(50)SE IP Unicast Routing IP Unicast Routing Unsupported Privileged EXEC or U.
C-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE IP Unicast Routing Unsupported Interface Configuration Commands ip .
C-11 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix C Unsupported Commands in Cisco IOS Release 12.2(50)SE IPv6 set origin set metric-type inter nal set tag tag-value IPv6 IPv4.
C-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE Layer 3 clear bgp nsap dampening clear bgp nsap external clear bgp .
C-13 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix C Unsupported Commands in Cisco IOS Release 12.2(50)SE MAC Address Commands ignore lsa mospf nsf ietf nsf ietf helper disabl.
C-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE Miscellaneou s Miscellaneous Unsupported User EXEC Commands verify .
C-15 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix C Unsupported Commands in Cisco IOS Release 12.2(50)SE Multicast Multicast Unsupported BiDirectional PIM Commands All Unsupp.
C-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE QoS QoS Unsupported Global Configuration Command priority-list Unsu.
C-17 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix C Unsupported Commands in Cisco IOS Release 12.2(50)SE SNMPv3 SNMPv3 Unsupported 3DES Encryption Commands All Spanning Tree .
C-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE VTP.
IN-1 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 INDEX A AAA down policy, NAC Layer 2 IP validation 10 abbreviating commands 4 ABRs 24 AC (command switch) 10 access-class command 19 .
Index IN-2 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 ACLs (continued) IP creating 7 fragments and Q oS guidelines 33 implicit deny 9, 13, 15 implicit masks 9 matching criteria 7 un.
Index IN-3 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 addresses (continued) static adding and removin g 24 defined 19 address resolution 28, 8 Address Resolution Protocol See ARP ad.
Index IN-4 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 authentication manager CLI commands 8 compatibility wi th older 802.1x CLI commands 8 to 9 overview 7 authoritative time so urce, described 2 authorization with RADIUS 27 with TACACS+ 11, 16 authorized ports wi th IEEE 802.
Index IN-5 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 BGP aggregate addresses 57 aggregate routes, configuring 57 CIDR 57 clear commands 60 community filteri ng 54 configuring nei g.
Index IN-6 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 broadcast storm-control co mmand 4 broadcast storms 1, 13 C cables, monitoring for unidirect ional links 1 candidate switch aut.
Index IN-7 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 class maps for QoS configuring 46 described 7 displayin g 78 class of service See CoS clearing interfaces 30 CLI abbreviating c.
Index IN-8 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 CNS (conti nued) embedded agents described 5 enabling automated conf iguration 6 enabling configuration agent 9 enabling event .
Index IN-9 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 configuration files (con tinued) specifying the filename 16 system contact and location information 16 types and location 10 up.
Index IN-10 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 default configuration (continue d) IGMP 38 IGMP filtering 24 IGMP snooping 7, 5, 6 IGMP throttling 24 initial switch informat .
Index IN-11 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 DHCP (continue d) enabling relay agen t 10 server 10 DHCP-based a utoconfigurat ion client request message exchange 4 configur.
Index IN-12 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 DHCP snooping binding database (cont inued) deletin g binding file 14 bindings 15 database ag ent 14 described 6 displayin g 1.
Index IN-13 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 DRP configuring 12 described 4 IPv6 4 support for 12 DSCP 11, 2 DSCP input queue thresh old map for QoS 16 DSCP output queue t.
Index IN-14 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 dynamic ARP inspection (continued) default configu ration 5 denial-of-service attacks, preventing 10 described 1 DHCP snooping.
Index IN-15 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 enhanced ob ject tracking backup static ro uting 12 commands 1 defined 1 DHCP primary interface 11 HSRP 7 IP routing state 2 I.
Index IN-16 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 examples network configu ration 17 expedite queue for QoS 76 Express Setup 2 See also getting started gui de extended crashinf.
Index IN-17 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 files (continued) tar creating 6 displaying t he contents of 7 extracting 7 image file fo rmat 24 file system displaying avail.
Index IN-18 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 GUIs See device manager and Network Assistant H hardware limitations and Layer 3 interfaces 26 hello ti me MSTP 22 STP 20 help.
Index IN-19 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 ICMP Router Discovery Protocol See IRDP ICMPv6 4 IDS appliances and ingress RSPAN 20 and ingress SPAN 13 IEEE 802.
Index IN-20 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 IGMP filtering (cont inued) monitoring 28 support for 4 IGMP groups configuring filt ering 27 setting the maximum number 26 IG.
Index IN-21 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Internet Control Message Protocol See ICMP Internet Group Management Proto col See IGMP Internet Protocol version 6 See IPv6 I.
Index IN-22 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 IP multicast routin g (continued) enabling multicast forwarding 12 PIM mode 13 group-to-RP mappi ngs Auto-RP 6 BSR 7 MBONE del.
Index IN-23 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 IP SLAs (continued) SNMP support 2 supported metrics 2 threshold monitori ng 6 track object moni toring agent, config uring 11 track state 9 UDP jitter operation 9 IP source guard and 802.
Index IN-24 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 IP unicast routing (cont inued) protocols distance-vector 3 dynamic 3 link-state 3 proxy ARP 8 redistribution 90 reverse addre.
Index IN-25 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 ISL and IPv6 3 and trunk po rts 3 encapsulation 8, 16 trunking with IEEE 802.
Index IN-26 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Layer 3 interfaces assigning IP addresses to 5 assigning IPv4 and IPv6 addresses to 13 assigning IPv6 addresses to 11 changing.
Index IN-27 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 MAC addresses (continued) default configu ration 21 disabling learning on a VLAN 27 discovering 28 displayin g 27 displaying i.
Index IN-28 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 maximum aging time MSTP 23 STP 21 maximum hop count, MSTP 24 maximum number of allowed devices, port -based authentication 33 .
Index IN-29 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 monitoring ( continued) speed and duplex mode 19 SSM mapping 21 traffic flowing amo ng switches 1 traffic suppression 19 tunne.
Index IN-30 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 MSTP (continued) neighbor type 25 path cost 20 port priority 19 root switch 17 secondar y root switch 18 switch prior ity 21 C.
Index IN-31 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 multicast television app lication 17 multicast VLAN 17 Multicast VLAN Registration See MVR multidomain auth entication See MDA.
Index IN-32 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 network configuratio n examples increasing network performance 17 large netw ork 21 long-distance, hig h-bandwidth transport 2.
Index IN-33 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 options, ma nagement 4 OSPF area parameters, configuring 28 configuring 26 default configu ration metrics 30 route 30 settings.
Index IN-34 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 PIM (continued) sparse mode join messages and shared tree 5 overview 5 prune messages 5 RPF lookups 8 stub routing configurati.
Index IN-35 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 port-based authenticati on (continued) configuration guid elines 31 configuring 802.
Index IN-36 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 port-based authenticati on (continued) voice aware 802.1x security configuring 35 described 25, 35 voice VLAN described 21 PVI.
Index IN-37 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 private V LANs across multiple switches 4 and SDM template 4 and SVIs 5 benefits of 1 community ports 2 community VLANs 2, 3 c.
Index IN-38 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Q QoS and MQC commands 1 auto-QoS categorizing traffic 20 configuration and defaul ts display 29 configuration guid elines 25 .
Index IN-39 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 QoS (continued) flowchar ts classification 6 egress queueing an d scheduling 17 ingress queueing and scheduling 15 policing an.
Index IN-40 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 R RADIUS attributes vendor-propri etary 31 vendor-specific 29 configuring accounting 28 authentication 23 authorization 27 com.
Index IN-41 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 remote SPAN 2 report suppression, IGMP described 6 disabling 15, 11 resequencing ACL entries 14 resets, in BGP 47 resetting a .
Index IN-42 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 route-map co mmand 96 route maps BGP 51 policy-based routing 94 router ACLs defined 2 types of 4 route reflectors, BGP 58 rout.
Index IN-43 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 SCP and SSH 49 configuring 49 SDM described 1 templates configuring 4 number of 1 SDM template 3 configuration guid elines 3 c.
Index IN-44 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Smartports macros applying Cisco-default macros 12 applying glob al parameter values 13 configuration guid elines 12 default c.
Index IN-45 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 source-IP address based forward ing, EtherChannel 7 source-MAC ad dress forwarding, Ethe rChannel 7 Source-specific multicast .
Index IN-46 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 standby command switch configuring considerations 11 defined 2 priority 10 requirements 3 virtual IP address 11 See also clust.
Index IN-47 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 STP (continued) configuring forward-delay time 21 hello ti me 20 maximum aging time 21 path cost 18 port priority 17 root swit.
Index IN-48 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 STP (continued) root switch configuring 15 effects of extended system ID 4, 14 election 3 unexpected be havior 15 shutdown Por.
Index IN-49 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 system message logging ( continued) displaying t he configuration 13 enabling 4 facility keywords, described 13 level keywords.
Index IN-50 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 TFTP configuration files downloading 11 preparing the server 10 uploading 12 configuration files in base d irectory 7 configur.
Index IN-51 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 troubleshooting connectivity problems 13, 15, 16 CPU utilization 24 detecting unidir ectional links 1 displayin g crash inform.
Index IN-52 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 unicast MAC address filtering 5 and adding stat ic addresses 25 and broadcast MAC addresses 25 and CPU packets 25 and multicas.
Index IN-53 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 VLAN Management Policy Server See VMPS VLAN map entries, order of 30 VLAN maps applying 34 common uses for 34 configuration gu.
Index IN-54 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 VMPS (contin ued) reconfirmation in terval, changing 31 reconfirming member ship 31 retry count, changing 32 voice aware 802.
Index IN-55 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 VTP (continue d) modes client 3, 11 server 3, 9 transition s 3 transparent 3, 12 monitoring 16 passwords 8 pruning disabling 1.
Index IN-56 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
 
                Si vous n'avez pas encore acheté Cisco Systems 3560 c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du Cisco Systems 3560 - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation Cisco Systems 3560, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le Cisco Systems 3560 va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le Cisco Systems 3560, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du Cisco Systems 3560.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le Cisco Systems 3560. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei Cisco Systems 3560 ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.