Cisco 3560G 48TS Software Configuration Guide

Cisco 3560G 48TS - Catalyst Switch Manual

Get Cisco 3560G 48TS - Catalyst Switch PDF manuals and user guides
UPC - 746320942568
View all Cisco 3560G 48TS manuals
Add to My Manuals
Save this manual to your list of manuals

Cisco 3560G 48TS manual content summary:

  • Cisco 3560G 48TS | Software Configuration Guide - Page 1
    Catalyst 3560 Switch Software Configuration Guide Cisco IOS Release 12.1(19)EA1 January 2004 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7816156=
  • Cisco 3560G 48TS | Software Configuration Guide - Page 2
    in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0304R) Catalyst 3560 Switch Software Configuration Guide Copyright © 2004 Cisco Systems, Inc. All rights reserved.
  • Cisco 3560G 48TS | Software Configuration Guide - Page 3
    Ordering Documentation xxxvi Documentation Feedback xxxvi Obtaining Technical Assistance xxxvi Cisco TAC Website xxxvii Opening a TAC Case xxxvii TAC Case no and default Forms of Commands 2-4 Understanding CLI Error Messages 2-4 78-16156-01 Catalyst 3560 Switch Software Configuration Guide iii
  • Cisco 3560G 48TS | Software Configuration Guide - Page 4
    and Browser Support 3-9 CMS Plug-In Requirements 3-9 Cross-Platform Considerations 3-10 HTTP Access to CMS 3-10 Specifying an HTTP Port (Nondefault Configuration Only) 3-10 Configuring an Authentication Method (Nondefault Configuration Only) 3-10 Catalyst 3560 Switch Software Configuration Guide iv
  • Cisco 3560G 48TS | Software Configuration Guide - Page 5
    4-12 Booting Manually 4-13 Booting a Specific Software Image 4-13 Controlling Environment Variables 4-14 Scheduling a Reload of the Software Image 4-16 Configuring a Scheduled Reload 4-16 Displaying Scheduled Reload Information 4-17 78-16156-01 Catalyst 3560 Switch Software Configuration Guide v
  • Cisco 3560G 48TS | Software Configuration Guide - Page 6
    Cluster Member Switches 5-17 Creating a Cluster Standby Group 5-19 Verifying a Switch Cluster 5-20 Using the CLI to Manage Switch Clusters 5-21 Catalyst 1900 and Catalyst 2820 CLI Considerations 5-22 Using SNMP to Manage Switch Clusters 5-22 Catalyst 3560 Switch Software Configuration Guide vi 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 7
    Service 6-7 Configuring NTP Access Restrictions 6-8 Configuring the Source IP Address for NTP Packets 6-10 Displaying the NTP Configuration 6-11 Configuring Time and Date Manually MAC Address Notification Traps 6-23 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide vii
  • Cisco 3560G 48TS | Software Configuration Guide - Page 8
    into and Exiting a Privilege Level 8-10 Controlling Switch Access with TACACS+ 8-10 Understanding TACACS+ 8-10 TACACS+ Operation 8-12 Configuring TACACS+ Services 8-16 Starting TACACS+ Accounting 8-17 Displaying the TACACS+ Configuration 8-17 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 9
    Authentication 9-1 Understanding 802.1X Port-Based Authentication 9-1 Device Roles 9-2 Authentication Initiation and Message Exchange 9-3 Ports in Authorized and Unauthorized States 9-4 Supported Topologies 9-4 Using 802.1X with Port Security 9-5 Catalyst 3560 Switch Software Configuration Guide ix
  • Cisco 3560G 48TS | Software Configuration Guide - Page 10
    Range Macros 10-9 Configuring Ethernet Interfaces 10-11 Default Ethernet Interface Configuration 10-11 Configuring Interface Speed and Duplex Mode 10-12 Configuration Guidelines 10-13 Setting the Interface Speed and Duplex Parameters 10-13 Catalyst 3560 Switch Software Configuration Guide x 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 11
    Macros 11-4 Configuring VLANs 12-1 Understanding VLANs 12-1 Supported VLANs 12-3 VLAN Port Membership Modes 12-3 Configuring Normal-Range VLANs 12-4 12-8 Deleting a VLAN 12-10 Assigning Static-Access Ports to a VLAN 12-11 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xi
  • Cisco 3560G 48TS | Software Configuration Guide - Page 12
    12-30 Reconfirming VLAN Memberships 12-31 Changing the Reconfirmation Interval 12-31 Changing the Retry Count 12-32 Monitoring the VMPS 12-32 Troubleshooting Dynamic-Access Port VLAN Membership 12-33 VMPS Configuration Example 12-33 Catalyst 3560 Switch Software Configuration Guide xii 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 13
    Voice VLAN Configuration Guidelines 14-3 Configuring a Port Connected to a Cisco 7960 IP Phone 14-4 Configuring IP Phone Voice Traffic 14-4 Configuring the Priority of Incoming Data Frames 14-5 Displaying Voice VLAN 14-6 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xiii
  • Cisco 3560G 48TS | Software Configuration Guide - Page 14
    Configuring the Forwarding-Delay Time for a VLAN 15-21 Configuring the Maximum-Aging Time for a VLAN 15-21 Displaying the Spanning-Tree Status 15-22 Catalyst 3560 Switch Software Configuration Guide xiv 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 15
    -22 Displaying the MST Configuration and Status 16-23 Configuring Optional Spanning-Tree Features 17-1 Understanding Optional Spanning-Tree Features 17-1 Understanding Port Fast 17-2 Understanding BPDU Guard 17-3 Understanding BPDU Filtering 17-3 Catalyst 3560 Switch Software Configuration Guide xv
  • Cisco 3560G 48TS | Software Configuration Guide - Page 16
    -Tree Configuration 17-9 Optional Spanning-Tree Configuration Guidelines 17-9 Enabling Port Fast 17-10 Enabling BPDU Guard 17-11 Enabling BPDU Filtering 17-12 Enabling Disabling IGMP Snooping 19-7 Setting the Snooping Method 19-8 Catalyst 3560 Switch Software Configuration Guide xvi 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 17
    Default Port Blocking Configuration 20-6 Blocking Flooded Traffic on an Interface 20-6 Configuring Port Security 20-7 Understanding Port Security 20-7 Secure MAC Addresses 20-8 Security Violations 20-9 Default Port Security Configuration 20-10 Catalyst 3560 Switch Software Configuration Guide xvii
  • Cisco 3560G 48TS | Software Configuration Guide - Page 18
    E R Configuration Guidelines 20-10 Enabling and Configuring Port Security 20-11 Enabling and Configuring Port Security Aging 20-14 Displaying Port-Based Traffic Control Settings 20 Ports 23-5 Source VLANs 23-6 VLAN Filtering 23-6 xviii Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 19
    Port 23-7 RSPAN VLAN 23-8 SPAN and RSPAN Interaction with Other Features 23-8 Configuring SPAN and RSPAN 23-9 Default SPAN and RSPAN Configuration 23-9 Configuring Local SPAN 23-10 SPAN Configuration Guidelines 23-10 Message Severity Level 25-8 Catalyst 3560 Switch Software Configuration Guide xix
  • Cisco 3560G 48TS | Software Configuration Guide - Page 20
    P T E R Configuring Network Security with ACLs 27-1 Understanding ACLs 27-1 Supported ACLs 27-2 Port ACLs 27-3 Router ACLs 27-4 VLAN Maps 27-4 Handling Fragmented and Unfragmented Traffic 27-8 Creating a Numbered Extended ACL 27-10 Catalyst 3560 Switch Software Configuration Guide xx 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 21
    Guidelines 27-36 Examples of Router ACLs and VLAN Maps Applied to VLANs 27-37 ACLs and Switched Packets 27-37 ACLs and Bridged Packets 27-38 ACLs and Routed Packets 27-38 ACLs and Based on Class Maps and Policy Maps 28-7 Policing and Marking 28-8 Catalyst 3560 Switch Software Configuration Guide xxi
  • Cisco 3560G 48TS | Software Configuration Guide - Page 22
    10 Trusted Boundary to Ensure Port Security 28-34 Configuring the DSCP Trust State on a Port Bordering Another QoS Domain 48 Configuring the Policed-DSCP Map 28-49 Configuring the DSCP-to-CoS Map 28-50 Configuring the DSCP-to-DSCP-Mutation Map 28-51 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 23
    EtherChannels 29-10 Configuring Layer 3 EtherChannels 29-12 Creating Port-Channel Logical Interfaces Ports 29-17 Configuring the LACP System Priority 29-18 Configuring the LACP Port Priority 29-19 Displaying EtherChannel, PAgP, and LACP Status 29-20 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 24
    Address Resolution Methods 30-8 Define a Static ARP Cache 30-9 Set ARP Encapsulation 30-10 Enable Proxy ARP 30-10 Routing Assistance When IP Routing is Disabled 30-11 Proxy ARP 30-11 Default Configuring OSPF Area Parameters 30-32 xxiv Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 25
    -61 Monitoring and Maintaining BGP 30-62 Configuring Protocol-Independent Features 30-63 Configuring Cisco Express Forwarding 30-63 Configuring the Number of Equal-Cost Routing Paths 30-64 30-72 Enabling PBR 30-72 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xxv
  • Cisco 3560G 48TS | Software Configuration Guide - Page 26
    Groups and Clustering 31-9 Displaying HSRP Configurations 31-10 Configuring IP Multicast Routing 32-1 Understanding Cisco's Implementation of IP Multicast Routing 32-2 Understanding 32-9 Configuring Basic Multicast Routing 32-10 xxvi Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 27
    Manually Assigning an RP to Multicast Groups 32-11 Configuring Auto-RP 32-13 Configuring PIMv2 BSR 32-17 Using Auto-RP and a BSR 32-21 Monitoring the RP Mapping Information 32-22 Troubleshooting PIMv1 and PIMv2 Interoperability Problems 32-46 Catalyst 3560 Switch Software Configuration Guide xxvii
  • Cisco 3560G 48TS | Software Configuration Guide - Page 28
    a Metric Offset to the DVMRP Route 32-48 Monitoring and Maintaining IP Multicast Routing 32-49 Clearing Caches, Tables, and Databases Spanning-Tree Priority 34-6 Changing the Interface Priority 34-6 Assigning a Path Cost 34-7 xxviii Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 29
    Command Switch with Another Switch 35-10 Recovering from Lost Cluster Member Connectivity 35-11 Preventing Autonegotiation Mismatches 35-12 Troubleshooting Power over Ethernet Switch Ports 35-12 crashinfo File 35-22 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xxix
  • Cisco 3560G 48TS | Software Configuration Guide - Page 30
    I X Supported MIBs A-1 MIB List A-1 Using FTP to Access the MIB Files A-3 Working with the Cisco IOS File 10 Copying Configuration Files By Using TFTP B-10 Preparing to Download or Upload a Configuration File By Using TFTP B-10 Catalyst 3560 Switch Software Configuration Guide xxx 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 31
    RCP B-31 Uploading an Image File By Using RCP B-33 Unsupported Commands in Cisco IOS Release 12.1(19)EA1 C-1 Access Control Lists C-1 Unsupported Privileged EXEC C-4 Unsupported Interface Configuration Commands C-5 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xxxi
  • Cisco 3560G 48TS | Software Configuration Guide - Page 32
    Configuration Commands C-10 VLAN C-10 Unsupported vlan-config Commands C-10 Unsupported User EXEC Commands C-11 VTP C-11 Unsupported Privileged EXEC Commands C-11 Miscellaneous C-11 Unsupported Global Configuration Commands C-11 xxxii Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 33
    guide, you should have experience working with the Cisco IOS software and be familiar with the concepts and terminology of Ethernet and local area networking. Purpose The Catalyst 3560 switch is supported by either the standard multilayer image (SMI) or the enhanced multilayer image (EMI). The SMI
  • Cisco 3560G 48TS | Software Configuration Guide - Page 34
    This publication uses these conventions to convey instructions and information: Command descriptions use these conventions problem. The tips information might not be troubleshooting or even an action, but could be useful information. xxxiv Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 35
    Notes for the Catalyst 3560 Switch (not orderable but available on Cisco.com) • Catalyst 3560 Switch Software Configuration Guide (order number DOC-7816156=) • Catalyst 3560 Switch Command Reference (order number DOC-7816155=) • Catalyst 3560 Switch System Message Guide (order number DOC-7816154
  • Cisco 3560G 48TS | Software Configuration Guide - Page 36
    winning technical support services, online and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical assistance. If you do not hold a valid Cisco service contract, please contact your reseller. xxxvi Catalyst 3560 Switch Software Configuration Guide 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 37
    hours to restore service to satisfactory levels. Priority 4 (P4)-You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xxxvii
  • Cisco 3560G 48TS | Software Configuration Guide - Page 38
    /ac123/ac147/about_cisco_the_internet_protocol_journal.html • Training-Cisco offers world-class networking training. Current offerings in network training are listed at this URL: http://www.cisco.com/en/US/learning/index.html xxxviii Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 39
    (that is, supports encryption) versions of the SMI and EMI. You must obtain authorization to use this feature and to download the cryptographic version of the software from Cisco.com. For more information, refer to the release notes for this release. 78-16156-01 Catalyst 3560 Switch Software
  • Cisco 3560G 48TS | Software Configuration Guide - Page 40
    . - Monitoring real-time status of a switch or multiple switches from the LEDs on the front-panel images. The system, redundant power system (RPS), and port LED colors on the images are similar to those used on the physical LEDs. Catalyst 3560 Switch Software Configuration Guide 1-2 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 41
    on a switch port can belong • IGMP throttling for configuring the action when the maximum number of entries is in the IGMP forwarding table • Switch Database Management (SDM) templates for allocating system resources to maximize support for user-selected features 78-16156-01 Catalyst 3560 Switch
  • Cisco 3560G 48TS | Software Configuration Guide - Page 42
    management access for up to five simultaneous, encrypted Secure Shell (SSH) connections for multiple CLI-based sessions over the network (requires the cryptographic [that is, supports encryption] versions of the SMI and EMI) Catalyst 3560 Switch Software Configuration Guide 1-4 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 43
    to VLANs associated with appropriate network resources, traffic patterns, and bandwidth • Support for VLAN IDs in the full 1 to 4094 range allowed by the IEEE 802.1Q standard • VLAN Query Protocol (VQP) for dynamic VLAN membership 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 44
    of the port - 802.1X with guest VLAN to provide limited services to non-802.1X-compliant users • Terminal Access Controller Access Control System Plus (TACACS+), a proprietary feature for managing network security through a TACACS server Catalyst 3560 Switch Software Configuration Guide 1-6 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 45
    but limited to using a share of port bandwidth. Shared egress queues are also guaranteed a configured share of bandwidth, but can use more than the guarantee if other queues become empty and do not use their share of the bandwidth. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 46
    Cisco pre-standard and IEEE 802.3af-compliant powered devices from all 10/100 Ethernet ports if the switch senses that there is no power on the circuit • 24-port PoE switch provides 15.4 W of power on each 10/100 port; 48-port PoE switch provides 15.4 W of power to any 24 of the 48 10/100 ports
  • Cisco 3560G 48TS | Software Configuration Guide - Page 47
    Disabled More information in... Chapter 4, "Assigning the Switch IP Address and Default Gateway" Chapter 5, "Clustering Switches" Chapter 6, "Administering the Switch" Chapter 9, "Configuring 802.1X Port-Based Authentication" 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 48
    "Configuring DHCP Features" Chapter 19, "Configuring IGMP Snooping and MVR" Chapter 20, "Configuring Port-Based Traffic Control" Chapter 21, "Configuring CDP" Chapter 22, "Configuring UDLD" Chapter 23, "Configuring SPAN and RSPAN" 1-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 49
    can cause network performance to degrade and how you can configure your network to increase the bandwidth available to your network users. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-11
  • Cisco 3560G 48TS | Software Configuration Guide - Page 50
    ) for cluster command switch and router redundancy. • Use VLAN trunks and BackboneFast for traffic-load balancing on the uplink ports so that the uplink port with a lower relative port cost is selected to carry the VLAN traffic. 1-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 51
    port. The powered device, such as an IP phone, can receive redundant power when it is also connected to an AC power source. Powered devices not connected to Catalyst PoE switches must be connected to AC power sources to receive power. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 52
    network supports both voice and data. With the multilayer switches providing inter-VLAN routing and other network services, the routers focus on firewall services, Network Address Translation (NAT) services, voice-over-IP (VoIP) gateway services, and WAN and Internet access. Figure 1-1 Catalyst 3560
  • Cisco 3560G 48TS | Software Configuration Guide - Page 53
    cam) Aironet wireless access points IP IP IP Cisco IP Phones with workstations IEEE 802.3af-compliant powered device (such as a web cam) Aironet wireless IP access points IP IP Cisco IP Phones with workstations 101389 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-15
  • Cisco 3560G 48TS | Software Configuration Guide - Page 54
    on the receiving end separate (or switch, review these sections for startup information: • Chapter 2, "Using the Command-Line Interface" • Chapter 3, "Getting Started with CMS" • Chapter 4, "Assigning the Switch IP Address and Default Gateway" 1-16 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 55
    Command-Line Interface This chapter describes the Cisco IOS command-line interface (CLI) and how to use it to configure your Catalyst 3560 switch. It contains these sections: • Understanding Command table use the host name Switch. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 2-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 56
    line vty or line console command. Switch(config-line)# To exit to global configuration mode, enter exit. To return to privileged EXEC mode, press Ctrl-Z or enter end. Use this mode to configure parameters for the terminal line. Catalyst 3560 Switch Software Configuration Guide 2-2 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 57
    Commands You need to enter only enough characters for the switch to recognize the command as unique. This example shows how to enter the show configuration privileged EXEC command in an abbreviated form: Switch# show conf 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 2-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 58
    enough characters Re-enter the command followed by a question mark (?) for your switch to recognize the with a space between the command and the question command. ) • Disabling the Command History Feature, page 2-5 (optional) Catalyst 3560 Switch Software Configuration Guide 2-4 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 59
    mode, enter this command to configure the number of command lines the switch records for all sessions on a particular line: Switch(config-line)# history [size number-of-lines] The range is from no history line configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 2-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 60
    of the command line. Press Ctrl-E. Move the cursor to the end of the command line. Press Esc B. Move the cursor back switch provides a buffer with the last ten items that you deleted. Press Ctrl-Y. Recall the most recent entry in the buffer. Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 61
    the last 10 items that from the cursor to the end of the word. Capitalize switch suddenly sends a message to your screen. Redisplay the current command line. 1. The arrow keys function only on ANSI-compatible terminals such as VT100s. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 62
    cursor first reaches the end of the line, Switch# show interfaces | include protocol Vlan1 is up, line protocol is up Vlan10 is up, line protocol is down GigabitEthernet0/1 is up, line protocol is down GigabitEthernet0/2 is up, line protocol is up Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 63
    IP address of the switch or, if clustering, the command switch. When the Cisco Systems Access page appears, click Telnet to start a Telnet session. Enter the switch password. The user EXEC prompt appears on the management station. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 2-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 64
    - HTML access to the command line interface from a cached copy of the Cisco Systems Access page. To prevent unauthorized access to the CLI or to the Cluster Management Suite (CMS), exit your browser to end the browser session. 2-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 65
    of some complex configuration options • Two levels of access modes to the configuration options: read-write access for users who can change switch settings and read-only access for users who can only view switch settings 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 3-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 66
    the Front Panel image of a specific set of switches in a cluster. From this view, you can select multiple ports or multiple switches and configure them with the same settings. For more Help-Launch the online help. Figure 3-1 Menu Bar Catalyst 3560 Switch Software Configuration Guide 3-2 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 67
    Print Print a CMS window or help file. Preferences1 Save Configuration2 Software Upgrade2 Port Settings1 Set CMS display properties, such as polling intervals, the views to open 3. Available only from a cluster-management session. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 3-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 68
    Figure 3-2 Feature Bar and Search Window 1 Feature bar 2 Search window Note Only features supported by the devices in your cluster are displayed in the feature bar. You can search for see the "Privilege Levels" section on page 3-7. Catalyst 3560 Switch Software Configuration Guide 3-4 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 69
    Guide before selecting an option from the menu bar, tool bar, or popup menu. If you change the interaction mode after selecting a configuration option, the mode change does not take effect until you select another configuration option. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 70
    Started with CMS 1 2 98673 Expert Mode Wizards 1 Guide mode icon 2 Wizards Guide mode is not available if your switch access level is read-only. For more information about the the "Privilege Levels" section on page 3-7. Catalyst 3560 Switch Software Configuration Guide 3-6 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 71
    switches do not support read-only mode on CMS: • Catalyst 1900 and Catalyst 2820 switches • Catalyst 2900 XL switches with 4-MB CPU DRAM In read-only mode, these switches appear as unavailable devices and cannot be configured from CMS. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 72
    NT 4.01 Pentium 300 MHz Solaris 2.5.1 or higher SPARC 333 MHz 1. Service Pack 3 or higher is required. DRAM 128 MB 128 MB Number of Colors 65,536 Most colors for applications Resolution 1024 x 768 - Font Size Small Small (3) Catalyst 3560 Switch Software Configuration Guide 3-8 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 73
    : http://www.cisco.com/pcgi-bin/tablebuild.pl/java On Solaris platforms, follow the instructions in the README_FIRST.txt file to install the Java plug-in. You need to close and restart your browser after installing a Java plug-in. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 3-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 74
    documentation specific to the switch and its Cisco IOS release for descriptions of the CMS version. HTTP Access to CMS CMS uses the HTTP protocol (the default is port 80) and the method of authentication used on the switch. 3-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 75
    tacacs} end show running defined on the Cisco router or access server switch (the default), enter only the enable password (if an enable password is configured) in the password field. The switch home page appears, as shown in Figure 3-4. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 76
    interfaces privileged EXEC command • Help Resources-Provides links to the Cisco website, technical documentation, and the Cisco Technical Assistance Center (TAC) Click Cluster Management Suite to appears, as shown in Figure 3-5. 3-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 77
    or workstation. If the CMS Startup Report appears, click the links, and follow the instructions to configure your PC or workstation. Note If you are running Windows and need to or workstation is correctly configured, CMS launches. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 3-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 78
    them. You can right-click on a switch port to configure that port. Figure 3-7 Front Panel View and Port Popup Menu 1 2 98674 3 4 1 Cluster tree 2 Command switch 3 check boxes to show switches 4 Port configuration popup menu 3-14 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 79
    right-click on a switch or link icon to display a menu for that icon. Figure 3-8 Topology View and Device Popup Menus 1 2 3 4 98675 1 Link popup menu 2 Command switch 3 Command switch popup menu 4 Cluster member popup menu 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 3-15
  • Cisco 3560G 48TS | Software Configuration Guide - Page 80
    this release. The rest of this guide provides information about the command-line interface (CLI) procedures for the software features supported in this release. For CMS procedures and window descriptions, refer to the online help. 3-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 81
    IP Address and Default Gateway This chapter describes how to create the initial switch configuration (for example, assigning the switch IP address and default gateway information) for the Catalyst 3560 switch by using a variety of automatic and manual methods. It also describes how to modify the
  • Cisco 3560G 48TS | Software Configuration Guide - Page 82
    system if the operating system has problems serious enough that it cannot be used format to match these of the switch console port: • Baud rate default is switch receives the dynamically assigned IP address and reads the configuration file. Catalyst 3560 Switch Software Configuration Guide 4-2 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 83
    switch configuration steps, manually configure the switch. Otherwise, use the setup program described earlier. This section contains this configuration information: • Default Switch the BOOTP client functionality on your switch. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 4-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 84
    -Based Autoconfiguration These sections describe how to configure DHCP-based autoconfiguration. • Configuring the DHCP Server, page 4-5 • Configuring the TFTP Server, page 4-5 • Configuring the DNS, page 4-6 Catalyst 3560 Switch Software Configuration Guide 4-4 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 85
    file could not be downloaded, the switch attempts to download a configuration file by using various combinations of filenames and TFTP server addresses. The files include the specified configuration filename (if any) and 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 4-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 86
    device is a Cisco router, enable 10.0.0.2: router(config-if)# ip helper-address 20.0.0.2 router(config-if)# ip helper-address 20.0.0.3 router(config-if)# ip helper-address 20.0.0.4 On interface 20.0.0.1 router(config-if)# ip helper-address 10.0.0.1 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 87
    file and obtains its host name. If the host name is not found in the file, the switch uses the host name in the DHCP reply. If the host name is not specified in the DHCP reply, the switch uses the default Switch as its host name. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 4-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 88
    -confg switchb Switch C 00e0.9f1e.2003 10.0.0.23 255.255.255.0 10.0.0.10 10.0.0.2 maritsu or 10.0.0.3 switchc-confg switchc Switch D 00e0.9f1e.2004 10.0.0.24 255.255.255.0 10.0.0.10 10.0.0.2 maritsu or 10.0.0.3 switchd-confg switchd Catalyst 3560 Switch Software Configuration Guide 4-8 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 89
    in privileged EXEC mode, follow these steps to manually assign IP information to multiple switched virtual interfaces (SVIs) or ports: Step 1 Step 2 Command configure terminal interface mask. Return to global configuration mode. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 4-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 90
    Switch IP Address and Default Gateway Command Step 5 ip default-gateway ip-address Step 6 Step 7 Step 8 end service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch 4-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 91
    community public@es0 RO snmp-server chassis-id 0x12 ! end To store the configuration or changes you have made to your Cisco IOS File System, Configuration Files, and Software Images," for information about switch configuration files. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 92
    Read and Write the System Configuration By default, the Cisco IOS software uses the file config.text to read Command configure terminal boot config-file flash:/file-url end show boot copy running-config startup-config Purpose Enter Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 93
    these steps to configure the switch to manually boot during the next boot cycle: Step 1 Step 2 Step 3 Step 4 Command configure terminal boot manual end show boot Step 5 image. Filenames and directory names are case sensitive. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 4-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 94
    Switch IP Address and Default Gateway Step 3 Step 4 Step 5 Command end port 1 turns off. Then the boot loader switch: prompt appears. The switch boot loader software provides support does not read the Cisco IOS configuration file. For Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 95
    must manually boot the switch from the boot loader mode. Enables manually booting the switch Cisco IOS uses to read and write a nonvolatile copy of the system configuration. This command changes the CONFIG_FILE environment variable. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 96
    . This example shows how to reload the software on the switch on the current day at 7:30 p.m: Switch# reload at 19:30 Reload scheduled for 19:30:00 UTC Wed Jun 5 1996 (in 2 hours and 25 minutes) Proceed with reload? [confirm] 4-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 97
    on the switch, use the show reload privileged EXEC command. It displays reload information including the time the reload is scheduled to occur and the reason for the reload (if it was specified when the reload was scheduled). 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 4-17
  • Cisco 3560G 48TS | Software Configuration Guide - Page 98
    Scheduling a Reload of the Software Image Chapter 4 Assigning the Switch IP Address and Default Gateway 4-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 99
    to the online help. For the CLI cluster commands, refer to the switch command reference. • Verifying a Switch Cluster, page 5-20 • Using the CLI to Manage Switch Clusters, page 5-21 • Using SNMP to Manage Switch Clusters, page 5-22 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 5-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 100
    software versions. These sections describe: • Cluster Command Switch Characteristics, page 5-3 • Standby Cluster Command Switch Characteristics, page 5-3 • Candidate Switch and Cluster Member Switch Characteristics, page 5-4 Catalyst 3560 Switch Software Configuration Guide 5-2 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 101
    command switch is a Catalyst 3560 switch, the standby cluster command switches must also be Catalyst 3560 switches. Refer to the switch configuration guide of other cluster-capable switches for their requirements on standby cluster command switches. 78-16156-01 Catalyst 3560 Switch Software
  • Cisco 3560G 48TS | Software Configuration Guide - Page 102
    guide for that specific switch. This requirement does not apply if you have a Catalyst 2970, Catalyst 3550, Catalyst 3560, or Catalyst 3750 cluster command switch. Candidate and cluster member switches page 5-5 • HSRP and Standby Cluster Command Switches, page 5-10 • IP Addresses, page 5-13 • Host
  • Cisco 3560G 48TS | Software Configuration Guide - Page 103
    count is three. The cluster command switch discovers switches 11, 12, 13, and 14 because they are within three hops from the edge of the cluster. It does not discover switch 15 because it is four hops from the edge of the cluster. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 5-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 104
    to a Catalyst 5000 switch. Figure 5-2 Discovery Through Non-CDP-Capable and Noncluster-Capable Devices Command switch Third-party hub (non-CDP-capable) Candidate switch Catalyst 5000 switch (noncluster-capable) Candidate switch 89377 Catalyst 3560 Switch Software Configuration Guide 5-6 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 105
    the cluster command switch through their management VLAN. The default management VLAN is VLAN 1. Note If the switch cluster has a Catalyst 3750 switch or switch stack, that switch or switch stack must be the cluster command switch. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 5-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 106
    62 but not the switch in VLAN 4. If the routed port path between the cluster command switch and cluster member switch 7 is lost, connectivity with cluster member switch 7 is maintained because of the redundant path through VLAN 9. Catalyst 3560 Switch Software Configuration Guide 5-8 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 107
    port are assigned to management VLAN 16. Figure 5-6 Discovery of Newly Installed Switches Command switch VLAN 9 Switch A AP VLAN 9 New (out-of-box) candidate switch VLAN 16 Switch B AP VLAN 16 New (out-of-box) candidate switch 101325 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 108
    These topics also provide more detail about standby cluster command switches: • Virtual IP Addresses, page 5-11 • Other Considerations for Cluster Standby Groups, page 5-11 • Automatic Recovery of Cluster Configuration, page 5-12 5-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 109
    command switch is a Catalyst 3560 switch, the standby cluster command switches must also be Catalyst 3560 switches. Refer to the switch configuration guide of other cluster-capable switches for their requirements on standby cluster command switches. If your switch cluster has a Catalyst 3560 switch
  • Cisco 3560G 48TS | Software Configuration Guide - Page 110
    active cluster command switch fails and becomes active again, it does not discover any Catalyst 1900, Catalyst 2820, and Catalyst 2916M XL cluster member switches. You must again add these cluster member switches to the cluster. 5-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 111
    is overwritten with the host name of the cluster command switch in the new cluster (such as mkg-cluster-5). If the switch member number changes in the new cluster (such as 3), the switch retains the previous name (eng-cluster-5). 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 5-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 112
    to the cluster member switch. The switches support an unlimited number of community Switch Access with TACACS+" section on page 8-10. For more information about RADIUS, see the "Controlling Switch Access with RADIUS" section on page 8-18. 5-14 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 113
    features specific to a cluster member switch are available from the command-switch menu bar. For example, Device > LRE Profile appears in the command-switch menu bar when at least one Catalyst 2900 LRE XL switch is in the cluster. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 5-15
  • Cisco 3560G 48TS | Software Configuration Guide - Page 114
    Figure 5-8). Instead of using CMS to enable a cluster command switch, you can use the cluster enable global configuration command. Figure 5-8 Create Cluster Window C3750-24TS Enter up to 31 characters to name the cluster. 93333 5-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 115
    command-switch password. For more information about setting passwords, see the "Passwords" section on page 5-14. For additional authentication considerations in switch clusters, see the "TACACS+ and RADIUS" section on page 5-14. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 5-17
  • Cisco 3560G 48TS | Software Configuration Guide - Page 116
    Cluster Device Manager... Properties... 3750G-24T Thin line means a connection to a candidate switch. Right-click a candidate switch to display the pop-up menu, and select Add to Cluster to add the switch to the cluster. 93335 5-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 117
    is 10 seconds. The default HSRP standby hello time interval is 3 seconds. For more information about the standby hold time and standby hello time intervals, see the "Configuring HSRP Authentication and Timers" section on page 31-8. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 118
    of using CMS to verify the cluster, you can use the show cluster members user EXEC command from the cluster command switch or use the show cluster user EXEC command from the cluster command switch or from a cluster member switch. 5-20 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 119
    the same privilege level as on the cluster command switch. The Cisco IOS commands then operate as usual. For instructions on configuring the switch for a Telnet session, see the "Disabling Password Recovery" section on page 8-5. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 5-21
  • Cisco 3560G 48TS | Software Configuration Guide - Page 120
    member switch has its own IP address and community strings, they can be used in addition to the access provided by the cluster command switch. For more information about SNMP and community strings, see Chapter 26, "Configuring SNMP." 5-22 Catalyst 3560 Switch Software Configuration Guide 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 121
    Chapter 5 Clustering Switches Using SNMP to Manage Switch Clusters Figure 5-13 SNMP Management for a Cluster SNMP Manager Command switch Trap 1, Trap 2, Trap 3 Trap Trap Member 1 Member 2 Member 3 Trap 33020 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 5-23
  • Cisco 3560G 48TS | Software Configuration Guide - Page 122
    Using SNMP to Manage Switch Clusters Chapter 5 Clustering Switches 5-24 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 123
    or manual configuration methods. Note For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS page 6-2 • Configuring NTP, page 6-4 • Configuring Time and Date Manually, page 6-11 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 6-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 124
    be set from these sources: • Network Time Protocol • Manual configuration The system clock can provide time to these services: • User show commands • Logging and debugging messages The and an encrypted authentication mechanism. Catalyst 3560 Switch Software Configuration Guide 6-2 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 125
    Switch Managing the System Time and Date Cisco's implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service be time-synchronized as well. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 6-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 126
    source is not available. The switch also has no hardware support for a calendar. As a result Address for NTP Packets, page 6-10 • Displaying the NTP Configuration, server associations NTP broadcast service NTP access restrictions NTP Catalyst 3560 Switch Software Configuration Guide 6-4 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 127
    end support switch to synchronize only to devices providing authentication key 42 in the device's NTP packets: Switch(config)# ntp authenticate Switch(config)# ntp authentication-key 42 md5 aNiceKey Switch(config)# ntp trusted-key 42 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 128
    file. You need to configure only one end of an association; the other device can switch to synchronize its system clock with the clock of the peer at IP address 172.16.22.44 using NTP version 2: Switch(config)# ntp server 172.16.22.44 version 2 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 129
    Switch Managing the System Time and Date Configuring NTP Broadcast Service to this switch. end Return to port to send NTP version 2 packets: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ntp broadcast version 2 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 130
    shows how to configure a port to receive NTP broadcast packets: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ntp broadcast client IP Access List, page 6-9 • Disabling NTP Services on a Specific Interface, page 6-10 Catalyst 3560 Switch Software Configuration Guide 6-8 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 131
    specified, all access types are granted to all devices. If any access groups are specified, only the specified access types are granted. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 6-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 132
    , the source address is determined by the outgoing interface. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 6-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 133
    source on the network that provides time services, such as an NTP server, you do not need to manually set the system clock. Beginning in manually set the system clock to 1:32 p.m. on July 23, 2001: Switch# clock set 13:32:00 23 July 2001 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 134
    in privileged EXEC mode, follow these steps to manually configure the time zone: Step 1 Step 2 Command end show running-config copy running-config startup-config Purpose Enter global configuration mode. Set the time zone. The switch Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 135
    shows how to specify that summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00: Switch(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 6-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 136
    [offset]] Configure summer time to start on the first date and end on the second date. Summer time is disabled by default. • end on April 26, 2001, at 02:00: Switch(config)# clock summer-time pdt date 12 October 2000 2:00 26 April 2001 2:00 6-14 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 137
    refer to the Cisco IOS Configuration Fundamentals Command Reference and the Cisco IOS IP Manually configure a system name. The default setting is switch. The name must follow the rules for ARPANET host names. They must start with a letter, end Catalyst 3560 Switch Software Configuration Guide 6-15
  • Cisco 3560G 48TS | Software Configuration Guide - Page 138
    Switch Configuring a System Prompt Beginning in privileged EXEC mode, follow these steps to manually configure a system prompt: Step 1 Step 2 Command configure terminal prompt string Step 3 Step 4 Step 5 end support operations .cisco. Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 139
    ip name-server server-address1 [server-address2 ... server-address6] ip domain-lookup end show running-config copy running-config startup-config Purpose Enter global configuration mode. your entries in the configuration file. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 6-17
  • Cisco 3560G 48TS | Software Configuration Guide - Page 140
    domain-name global configuration command. If there is a period (.) in the hostname, the Cisco IOS software looks up the IP address without appending any default domain name to the hostname. and login banners are not configured. 6-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 141
    configure terminal banner motd c message c Step 3 Step 4 Step 5 end show running-config copy running-config startup-config Purpose Enter global configuration mode , contact technical support. User Access Verification Password: 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 6-19
  • Cisco 3560G 48TS | Software Configuration Guide - Page 142
    a login banner for the switch by using the dollar sign ($) symbol as the beginning and ending delimiter: Switch(config)# banner login $ Access for authorized users only. Please enter your username and password. $ Switch(config)# 6-20 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 143
    If the destination address is on the port that sent the packet, the packet is filtered and not forwarded. The switch always uses the store-and-forward method: complete packets are stored and checked for errors before transmission. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 6-21
  • Cisco 3560G 48TS | Software Configuration Guide - Page 144
    for example, could be forwarded to port 1 in VLAN 1 and ports 9, 10, and 1 in VLAN 5. Note Multiport static addresses are not supported. Each VLAN maintains its own logical Flooding results, which can impact switch performance. 6-22 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 145
    for each hardware port for which the trap is enabled. MAC address notifications are generated for dynamic and secure MAC addresses; events are not generated for self addresses, multicast addresses, or other static addresses. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 6-23
  • Cisco 3560G 48TS | Software Configuration Guide - Page 146
    informs to send SNMP informs to the host. • Specify the SNMP version to support. Version 1, the default, is not available with informs. • For community-string, removed from this interface. end Return to privileged EXEC mode. 6-24 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 147
    from which it is received. Packets received with this destination address are forwarded to the interface specified with the interface-id option. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 6-25
  • Cisco 3560G 48TS | Software Configuration Guide - Page 148
    MAC address as its destination address, the packet is forwarded to the specified port: Switch(config)# mac address-table static c2f3.220a.12f4 vlan 4 interface gigabitethernet0/1 are forwarded to the CPU are also not supported. 6-26 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 149
    mac-addr vlan vlan-id drop Step 3 Step 4 Step 5 end show mac address-table static copy running-config startup-config Purpose Enter , the packet is dropped: Switch(config)# mac address-table static c2f3.220a.12f4 vlan 4 drop 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 6-27
  • Cisco 3560G 48TS | Software Configuration Guide - Page 150
    for example), the software first must determine the 48-bit MAC or the local data link address of manually to the table do not age and must be manually removed. For CLI procedures, refer to the Cisco IOS Release 12.1 documentation on Cisco.com. 6-28 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 151
    resource supported in each of the three templates for a desktop switch. Table 7-1 Approximate Number of Feature Resources Allowed by Each Template Resource Unicast MAC addresses IGMP groups and multicast routes Default 6 K 1 K Routing 3 K 1 K VLAN 12 K 1 K 78-16156-01 Catalyst 3560 Switch
  • Cisco 3560G 48TS | Software Configuration Guide - Page 152
    not use the routing template if you do not have routing enabled on your switch. The sdm prefer routing global configuration command prevents other features from using the memory allocated to unicast routing in the routing template. Catalyst 3560 Switch Software Configuration Guide 7-2 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 153
    selected template optimizes the resources in the switch to support this level of features for 8 routed switch with the routing template. Switch(config)# sdm prefer routing Switch(config)# end Switch# reload Proceed with reload? [confirm] 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 154
    sdm prefer [default | routing | vlan] privileged EXEC command to display the resource numbers supported by the specified template. This is an example of output from the show sdm prefer qos aces: 512 number of security aces: 1K Catalyst 3560 Switch Software Configuration Guide 7-4 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 155
    and privileges at each switch port. These passwords are locally stored on the switch. When users attempt to access the switch through a port or line, they must , see the "Controlling Switch Access with TACACS+" section on page 8-10. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 8-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 156
    syntax and usage information for the commands used in this section, refer to the Cisco IOS Security Command Reference for Release 12.1. This section describes how to control access to the configuration file. No password is defined. Catalyst 3560 Switch Software Configuration Guide 8-2 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 157
    Command configure terminal enable password password Step 3 Step 4 Step 5 end show running-config copy running-config startup-config Purpose Enter global configuration mode access): Switch(config)# enable password l1u2c3k4y5 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 8-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 158
    type encrypted-password} Step 3 service password-encryption Step 4 Step 5 end copy running-config startup-config (Optional) For encryption-type, only type 5, a Cisco proprietary encryption algorithm, is available. If you specify an Catalyst 3560 Switch Software Configuration Guide 8-4 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 159
    by the boot loader and the Cisco IOS image, but it is not part of the file system and is not accessible by any user. Return to privileged EXEC mode. Verify the configuration by checking the last few lines of the command output. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 8-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 160
    service password-recovery global configuration command. Note Disabling password recovery will not work if you have set the switch to boot manually by using the boot manual : Switch(config)# line vty 10 Switch(config-line)# password let45me67in89 Catalyst 3560 Switch Software Configuration Guide 8-6
  • Cisco 3560G 48TS | Software Configuration Guide - Page 161
    console 0 or line vty 0 15 login local end show running-config copy running-config startup-config Purpose Enter the username command. Enter line configuration mode, and configure the console port (line 0) or the VTY lines (line 0 to 15). Enable Catalyst 3560 Switch Software Configuration Guide 8-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 162
    Switch-Based Authentication Configuring Multiple Privilege Levels By default, the Cisco and Exiting a Privilege Level, page 8-10 Setting the Privilege Level for a Command password level level password end show running-config or Catalyst 3560 Switch Software Configuration Guide 8-8 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 163
    Command configure terminal line vty line privilege level level Step 4 Step 5 Step 6 end show running-config or show privilege copy running-config startup-config Purpose Enter global configuration level line configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 8-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 164
    management service. Your switch can be a network access server along with other Cisco routers and access servers. A network access server provides connections to a single user, to a network or subnetwork, and to interconnected networks as shown in Figure 8-1. 8-10 Catalyst 3560 Switch Software
  • Cisco 3560G 48TS | Software Configuration Guide - Page 165
    switch and the TACACS+ daemon, and it ensures confidentiality because all protocol exchanges between the switch and the TACACS+ daemon are encrypted. You need a system running the TACACS+ daemon software to use TACACS+ on your switch. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 166
    session for that user and the services that the user can access: • Telnet, Secure Shell (SSH), rlogin, or privileged EXEC services • Connection parameters, including the host or client IP address, access list, and user timeouts 8-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 167
    This section describes how to configure your switch to support TACACS+. At a minimum, you must identify service. The server group is used with a global server-host list and contains the list of IP addresses of the selected server hosts. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 168
    terminal tacacs-server host hostname [port integer] [timeout integer] [key string] aaa new-model aaa group server tacacs+ group-name server ip-address end show tacacs copy running-config software uses the first method listed to 8-14 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 169
    Step 4 line [console | tty | vty] line-number [ending-line-number] Purpose Enter global configuration mode. Enable AAA. situations. The default method list is automatically applied to all ports. • For list-name, specify a character string to Catalyst 3560 Switch Software Configuration Guide 8-15
  • Cisco 3560G 48TS | Software Configuration Guide - Page 170
    related service requests. Configure the switch for user TACACS+ authorization if the user has privileged EXEC access. The exec keyword might return user profile information (such as autocommand information). Return to privileged EXEC mode. 8-16 Catalyst 3560 Switch Software Configuration Guide 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 171
    accounting for each Cisco IOS privilege level and for network services: Step 1 Step service requests. Enable TACACS+ accounting to send a start-record accounting notice at the beginning of a privileged EXEC process and a stop-record at the end Catalyst 3560 Switch Software Configuration Guide 8-17
  • Cisco 3560G 48TS | Software Configuration Guide - Page 172
    (such as time, packets, bytes, and so forth) used during the session. An Internet service provider might use a freeware-based version of RADIUS access control and accounting software to meet special security and billing needs. 8-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 173
    additional data included with the ACCEPT or REJECT packets includes these items: • Telnet, SSH, rlogin, or privileged EXEC services • Connection parameters, including the host or client IP address, access list, and user timeouts 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 8-19
  • Cisco 3560G 48TS | Software Configuration Guide - Page 174
    how to configure your switch to support RADIUS. At a minimum • Configuring RADIUS Authorization for User Privileged Access and Network Services, page 8-27 (optional) • Starting RADIUS Accounting, page switch through the CLI. 8-20 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 175
    All RADIUS Servers" section on page 8-29. You can configure the switch to use AAA server groups to group existing server hosts for authentication. For more information, see the "Defining AAA Server Groups" section on page 8-25. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 8-21
  • Cisco 3560G 48TS | Software Configuration Guide - Page 176
    | ip-address} [auth-port port-number] [acct-port port-number] [timeout seconds] [retransmit retries] [key string] Step 3 Step 4 Step 5 end show running-config copy running . (Optional) Save your entries in the configuration file. 8-22 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 177
    and the sequence in which they are performed; it must be applied to a specific port before any of the defined authentication methods are performed. The only exception is the default method authentication methods are attempted. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 8-23
  • Cisco 3560G 48TS | Software Configuration Guide - Page 178
    4 line [console | tty | vty] line-number [ending-line-number] Purpose Enter global configuration mode. Enable AAA. situations. The default method list is automatically applied to all ports. • For list-name, specify a character string to Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 179
    Switch-Based Authentication Controlling Switch Access with RADIUS Step 5 Command login authentication {default | list-name} Step 6 Step 7 Step 8 end them for a particular service. The server group port and acct-port keywords. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 8-25
  • Cisco 3560G 48TS | Software Configuration Guide - Page 180
    port port-number] [acct-port port-number] [timeout seconds] [retransmit retries] [key string] Step 3 aaa new-model Step 4 aaa group server radius group-name Step 5 server ip-address Step 6 end EXEC mode. Verify your entries. 8-26 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 181
    by using RADIUS. Note Authorization is bypassed for authenticated users who log in through the CLI even if authorization has been configured. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 8-27
  • Cisco 3560G 48TS | Software Configuration Guide - Page 182
    the end. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To disable accounting, use the no aaa accounting {network | exec} {start-stop} method1... global configuration command. 8-28 Catalyst 3560 Switch Software Configuration Guide 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 183
    spaces within and at the end of the key are Cisco TACACS+ specification, and sep is = for mandatory attributes and is * for optional attributes. The full set of features available for TACACS+ authorization can then be used for RADIUS. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 184
    the configuration file. For a complete list of RADIUS attributes or more information about vendor-specific attribute 26, refer to the "RADIUS Attributes" appendix in the Cisco IOS Security Configuration Guide for Release 12.1. 8-30 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 185
    : Switch(config)# radius-server host 172.20.30.15 nonstandard Switch(config)# radius-server key rad124 Displaying the RADIUS Configuration To display the RADIUS configuration, use the show running-config privileged EXEC command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 8-31
  • Cisco 3560G 48TS | Software Configuration Guide - Page 186
    of the Cisco IOS Security Configuration Guide, Release 12.1, at this URL: http://www.cisco.com/ Cisco IOS Security Command Reference, Release 12.1, the trusted third party can be a Catalyst 3560 switch that supports and network services. Note A Kerberos server can be a Catalyst 3560 switch that is
  • Cisco 3560G 48TS | Software Configuration Guide - Page 187
    In this software release, Kerberos supports these network services: • Telnet • rlogin • rsh services register their identity with the Kerberos server. Network services query the Kerberos server to authenticate to other network services. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 188
    services by using a Catalyst 3560 switch as a Kerberos server, remote users must follow these steps: 1. Authenticating to a Boundary Switch, page 8-35 2. Obtaining a TGT from a KDC, page 8-35 3. Authenticating to Network Services, page 8-35 8-34 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 189
    Network Services" section in the "Security Server Protocols" chapter of the Cisco IOS Security Configuration Guide, Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt2/scdkerb.htm #xtocid154006. 78-16156-01 Catalyst 3560 Switch Software
  • Cisco 3560G 48TS | Software Configuration Guide - Page 190
    the local user database authentication to all ports. Configure user AAA authorization, check the local database, and allow the user to run an EXEC shell. Configure user AAA authorization for all network-related service requests. 8-36 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 191
    commands used in this section, refer to the command reference for this release and the command reference for Cisco IOS Release 12.2 at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/index.htm. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 8-37
  • Cisco 3560G 48TS | Software Configuration Guide - Page 192
    application. • The SSH server and the SSH client are supported only on DES (56-bit) and 3DES (168-bit) data encryption software. • The switch does not support the Advanced Encryption Standard (AES) symmetric encryption algorithm. 8-38 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 193
    Setting Up the Switch to Run SSH Follow these steps to set up your switch to run SSH: 1. Download the cryptographic software image from Cisco.com. This step a host name for your switch. Configure a host domain for your switch. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 8-39
  • Cisco 3560G 48TS | Software Configuration Guide - Page 194
    to the default of 10 minutes. • Specify the number of times that a client can re-authenticate to the server. The default is 3; the range is 0 to 5. Repeat this step when configuring both parameters. Return to privileged EXEC mode. 8-40 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 195
    in the "Other Security Features" chapter of the Cisco IOS Security Command Reference, Cisco IOS Release 12.2, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/fothercr/ srfssh.htm. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 8-41
  • Cisco 3560G 48TS | Software Configuration Guide - Page 196
    Configuring the Switch for Secure Shell Chapter 8 Configuring Switch-Based Authentication 8-42 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 197
    • Supported Topologies, page 9-4 • Using 802.1X with Port Security, page 9-5 • Using 802.1X with Voice VLAN Ports, page 9-6 • Using 802.1X with VLAN Assignment, page 9-6 • Using 802.1X with Guest VLAN, page 9-8 • Using 802.1X with Per-User ACLs, page 9-8 78-16156-01 Catalyst 3560 Switch Software
  • Cisco 3560G 48TS | Software Configuration Guide - Page 198
    include the Catalyst 3750, Catalyst 3560, Catalyst 3550, Catalyst 2970, Catalyst 2955, Catalyst 2950, Catalyst 2940 switches, or a wireless access point. These devices must be running software that supports the RADIUS client and 802.1X. Catalyst 3560 Switch Software Configuration Guide 9-2 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 199
    an EAPOL-start frame, which prompts the switch to request the client's identity. Note If 802.1X is not enabled or supported on the network access device, any Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 101228 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 9-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 200
    from up to down, or if an EAPOL-logoff frame is received, the port returns to the unauthorized state. Supported Topologies The 802.1X port-based authentication is supported in two topologies: • Point-to-point • Wireless LAN Catalyst 3560 Switch Software Configuration Guide 9-4 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 201
    host, the port becomes error-disabled and immediately shuts down. The port security violation modes determine the action for security violations. For more information, see the "Security Violations" section on page 20-9. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 9-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 202
    the switch port. The RADIUS server database maintains the username-to-VLAN mappings, assigning the VLAN based on the username of the client connected to the switch port. You can use this feature to limit network access for certain users. Catalyst 3560 Switch Software Configuration Guide 9-6 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 203
    with VLAN assignment feature is not supported on trunk ports, dynamic ports, or with dynamic-access port assignment through a VLAN Membership Policy the Switch to Use Vendor-Specific RADIUS Attributes" section on page 8-29. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 9-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 204
    each 802.1X port on the switch to provide limited services to clients (for support of Cisco IOS access lists on the switch, the Filter-Id attribute is supported only for IP ACLs numbered 1 to 199 and 1300 to 2699 (IP standard and IP extended ACLs). Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 205
    authenticated user is supported on a port. If the multiple-hosts mode is enabled on the port, the per-user ACL attribute is disabled for the associated port. The maximum size Configuration to the Default Values, page 9-18 (optional) 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 9-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 206
    • None specified. Disabled. Disabled (force-authorized). The port sends and receives normal traffic without 802.1X-based authentication switch waits for a reply before resending the response to the server. This setting is not configurable.) 9-10 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 207
    The guest VLAN feature is not supported on trunk ports; it is supported only on access ports. • When 802.1X is enabled on a port, you cannot configure a port VLAN that is equal to a switch for all network-related service requests. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 9-11
  • Cisco 3560G 48TS | Software Configuration Guide - Page 208
    dot1x default group radius Switch(config)# dot1x system-auth-control Switch(config)# interface gigabitethernet0/1 Switch(config)# switchport mode access Switch(config-if)# dot1x port-control auto Switch(config-if)# end 9-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 209
    ports on a server at the same IP address. If two different host entries on the same RADIUS server are configured for the same service leading spaces are ignored, but spaces within and at the end of the key are used. If you use spaces in the Catalyst 3560 Switch Software Configuration Guide 9-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 210
    -authentication, see the "Configuring Periodic Re-Authentication" section on page 9-14. This example shows how to manually re-authenticate the client connected to a port: Switch# dot1x re-authenticate interface gigabitethernet0/1 9-14 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 211
    enter interface configuration mode. Set the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before resending the request. The range is 1 to 65535 seconds; the default is 30. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 9-15
  • Cisco 3560G 48TS | Software Configuration Guide - Page 212
    9 Configuring 802.1X Port-Based Authentication Step 4 Step 5 Step 6 Command end show dot1xinterface interface-id switch sends an EAP-request/identity request before restarting the authentication process: Switch(config-if)# dot1x max-req 5 9-16 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 213
    configuration command. This example shows how to enable 802.1X and to allow multiple hosts: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# dot1x port-control auto Switch(config-if)# dot1x host-mode multi-host 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 9-17
  • Cisco 3560G 48TS | Software Configuration Guide - Page 214
    mode, and specify the port to be configured. Reset the configurable 802.1X parameters to the default values. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 9-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 215
    and operational status for a specific port, use the show dot1x interface interface-id privileged EXEC command. For detailed information about the fields in these displays, refer to the command reference for this release. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 9-19
  • Cisco 3560G 48TS | Software Configuration Guide - Page 216
    Displaying 802.1X Statistics and Status Chapter 9 Configuring 802.1X Port-Based Authentication 9-20 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 217
    . These sections are included: • Port-Based VLANs, page 10-2 • Switch Ports, page 10-2 • Routed Ports, page 10-3 • Switch Virtual Interfaces, page 10-4 • EtherChannel Port Groups, page 10-5 • Connecting Interfaces, page 10-5 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 10-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 218
    arriving on an access port is assumed to belong to the VLAN assigned to the port. If an access port receives a tagged packet (Inter-Switch Link [ISL] or 802.1Q tagged), the packet is dropped, and the source address is not learned. 10-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 219
    are assigned to a VLAN by a VLAN Membership Policy Server (VMPS). The VMPS can be a Catalyst 6500 series switch; the Catalyst 3560 switch cannot be a VMPS server. You can also configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic
  • Cisco 3560G 48TS | Software Configuration Guide - Page 220
    , "Configuring IP Multicast Routing,"and Chapter 34, "Configuring Fallback Bridging." Note The SMI supports static routing and RIP; for more advanced routing or for fallback bridging, you must have the EMI installed on the switch. 10-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 221
    the switch with routing enabled, when you configure VLAN 20 and VLAN 30 each with an SVI to which an IP address is assigned, packets can be sent from Host A to Host B directly through the switch with no need for an external router (Figure 10-2). Catalyst 3560 Switch Software Configuration Guide 10
  • Cisco 3560G 48TS | Software Configuration Guide - Page 222
    supports these interface types: • Physical ports-including switch ports and routed ports • VLANs-switch virtual interfaces • Port-channels-EtherChannel of interfaces You can also configure a range of interfaces (see the "Configuring a Range of Interfaces" section on page 10-8). 10-6 Catalyst 3560
  • Cisco 3560G 48TS | Software Configuration Guide - Page 223
    on page 10-22. Enter the show interfaces privileged EXEC command to see a list of all interfaces on or configured for the switch. A report is provided for each interface that the device supports or for the specified interface. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 10-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 224
    1 Step 2 Command configure terminal interface range {port-range | macro macro_name} Step 3 Step 4 Step 5 Step 6 end show interfaces [interface-id] copy running-config startup cannot be used with the interface range command. 10-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 225
    ports 1 to 4 to 100 Mbps: Switch# configure terminal Switch(config)# interface range fastgigabittethernet0/1 - 4 Switch(config-if-range)# speed 100 macro macro_name Step 4 Step 5 Step 6 end show running-config | include define copy running- Catalyst 3560 Switch Software Configuration Guide 10-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 226
    type (all Fast Ethernet ports, all Gigabit Ethernet ports, all EtherChannel ports, or all VLANs), but Switch# configure terminal Switch(config)# no define interface-range enet_list Switch(config)# end Switch# show run | include define Switch# 10-10 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 227
    ports. See Chapter 29, "Configuring EtherChannels." Port blocking (unknown multicast Disabled (not blocked) (Layer 2 interfaces only). See the and unknown unicast traffic) "Configuring Port Blocking" section on page 20-6. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 10
  • Cisco 3560G 48TS | Software Configuration Guide - Page 228
    device that does not support autonegotiation. However, when a 1000BASE-T SFP module is in the SFP module port, you can configure speed as 10, 100, or 1000 Mbps, page 10-13 • Setting the Interface Speed and Duplex Parameters, page 10-13 10-12 Catalyst 3560 Switch Software Configuration Guide 78-
  • Cisco 3560G 48TS | Software Configuration Guide - Page 229
    interface supports autonegotiation and the other end does not, configure duplex and speed on both interfaces; do not use the auto setting on the supported side. • For 10/100/1000 Mbps ports, the physical interface identification. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 10-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 230
    Note Catalyst 3560 ports are capable of receiving, but not sending, pause frames. You use the flowcontrol interface configuration command to set the interface's ability to receive pause frames to on, off, or desired. The default state is off. 10-14 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 231
    10/100 Mbps interfaces and on 10/100/1000 BASE-T/TX SFP interfaces. It is not supported on 1000 BASE-SX or -LX SFP interfaces. Table 10-2 shows the link states that results from Auto-MDIX settings and correct and incorrect cabling. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 10
  • Cisco 3560G 48TS | Software Configuration Guide - Page 232
    (such as Cisco IP Phones and Cisco Aironet Access Points), and IEEE 802.3af-compliant powered devices if the switch senses that there is no power on the circuit. On a 24-port PoE switch, each 10/100 port provides 15.4 W of power. On a 48-port PoE switch, any 24 of the 48 10/100 ports provide 15
  • Cisco 3560G 48TS | Software Configuration Guide - Page 233
    of the show power inline user EXEC command, refer to the command reference for this release. For more information about PoE-related commands, see the "Troubleshooting Power over Ethernet Switch Ports" section on page 35-12. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 10-17
  • Cisco 3560G 48TS | Software Configuration Guide - Page 234
    /2 Switch(config-if)# description Connects to Marketing Switch(config-if)# end Switch# show interfaces gigabitethernet0/2 description Interface Status Protocol Description Gi0/2 admin down down Connects to Marketing 10-18 Catalyst 3560 Switch Software Configuration Guide 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 235
    VLANs and routed ports than hardware can support, the VLANs are created, but the routed ports are shut down, and the switch sends a message that port-channel port-channel-number} interface to be configured as a Layer 3 interface. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 10
  • Cisco 3560G 48TS | Software Configuration Guide - Page 236
    routing protocols. Note If Gigabit Ethernet interfaces are configured to accept frames greater than the 10/100 interfaces, jumbo frames ingressing on a Gigabit Ethernet interface and egressing on a 10/100 interface are dropped. 10-20 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 237
    1800 Switch(config)# exit Switch# reload This example shows the response when you try to set Gigabit Ethernet interfaces to an out-of-range number: Switch(config)# system mtu jumbo 2500 ^ % Invalid input detected at '^' marker. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 10-21
  • Cisco 3560G 48TS | Software Configuration Guide - Page 238
    in the Cisco IOS Interface Command Reference for Release 12.1. Table 10-3 Show switching (nonrouting) ports. You can use this command to find out if a port is in routing or switching PoE status for a switch or for an interface. 10-22 Catalyst 3560 Switch Software Configuration Guide 78-16156-
  • Cisco 3560G 48TS | Software Configuration Guide - Page 239
    the interface to be configured. interface-id} | {port-channel port-channel-number} shutdown Shut down an interface. end Return to privileged EXEC mode. show running-config Verify in the show interface command display. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 10-23
  • Cisco 3560G 48TS | Software Configuration Guide - Page 240
    Monitoring and Maintaining the Interfaces Chapter 10 Configuring Interface Characteristics 10-24 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 241
    existing interface configurations are not lost. The new commands are added to the interface and are saved in the running configuration file. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 11-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 242
    11 Configuring SmartPort Macros Configuring Smart-Port Macros You can create a new on your switch: • Do not use exit or end commands when creating a macro. This could cause commands that follow exit or end to execute interfaces. 11-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 243
    SmartPort Macros Configuring Smart-Port Macros Creating and Applying characters. Enter the macro commands with one command per line. Use the @ character to end the macro. Use the # character at the beginning of a line to enter comment Catalyst 3560 Switch Software Configuration Guide 11-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 244
    ] Purpose Displays all configured macros. Displays a specific macro. Displays the configured macro names. Displays the macro description for all interfaces or for a specified interface. 11-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 245
    VLAN Trunking Protocol (VTP) to maintain global VLAN configuration for your network. For more information on VTP, see Chapter 13, "Configuring VTP." 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 246
    resources to support the maximum number of unicast MAC addresses. For more information on the SDM templates, see Chapter 7, "Configuring SDM Templates," or refer to the sdm prefer command in the command reference for this release. 12-2 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 247
    switch supports both Inter-Switch Link (ISL) and IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports. VLAN Port Membership Modes You configure a port messages with other switches over trunk links. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 248
    Catalyst 5000 or Catalyst 6500 series switch, for example, but never a Catalyst 3560 switch. The Catalyst 3560 switch is a VMPS client. You can have dynamic-access ports and trunk ports on the same switch, but you must connect the dynamic-access port to an end attempt to manually delete the vlan.
  • Cisco 3560G 48TS | Software Configuration Guide - Page 249
    supported switches. Switches running VTP version 2 advertise information about these Token Ring VLANs: • Token Ring TrBRF VLANs • Token Ring TrCRF VLANs For more information on configuring Token Ring VLANs, refer to the Catalyst 5000 Series Software Configuration Guide. 78-16156-01 Catalyst 3560
  • Cisco 3560G 48TS | Software Configuration Guide - Page 250
    on the trunk ports of switches that have used up their allocation of spanning-tree instances. If the number of VLANs on the switch exceeds the number of supported spanning tree entering the vlan database privileged EXEC command. 12-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 251
    VLAN database (vlan.dat file). If VTP mode is transparent, they are also saved in the switch running configuration file and you can enter the copy running-config startup-config privileged EXEC command to when the system boots up. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 252
    supported, you only configure FDDI and Token Ring media-specific characteristics for VTP global advertisements to other switches. Table 12-2 Ethernet VLAN Defaults and Ranges Parameter VLAN ID VLAN name 802.10 on page 12-4. 12-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 253
    test20 Switch(config-vlan)# end You can also create or modify Ethernet VLANs by using the VLAN database configuration mode. Note VLAN database configuration mode does not support RSPAN VLAN configuration or extended-range VLANs. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12
  • Cisco 3560G 48TS | Software Configuration Guide - Page 254
    range of consecutive VLANs by entering vlan first-vlan-id end last-vlan-id. Note When entering a VLAN ID ports assigned to that VLAN become inactive. They remain associated with the VLAN (and thus inactive) until you assign them to a new VLAN. 12-10 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 255
    the VLAN membership mode for the port (Layer 2 access port). switchport access vlan vlan-id Assign the port to a VLAN. Valid VLAN IDs are 1 to 4094. end Return to privileged EXEC mode. your entries in the configuration file. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12-11
  • Cisco 3560G 48TS | Software Configuration Guide - Page 256
    port as an access port in VLAN 2: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport mode access Switch not supported in VLAN Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 257
    features affects the use of the switch hardware. If you try to create an extended-range VLAN and there are not enough hardware resources available, an error message is generated, and the extended-range VLAN is rejected. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 258
    mtu mtu-size and remote-span commands are supported for extended-range VLANs. (Optional) Configure ports to an extended-range VLAN is the same as for normal-range VLANs. See the "Assigning Static-Access Ports to a VLAN" section on page 12-11. 12-14 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 259
    manually free an internal VLAN ID, you must temporarily shut down the routed port switch startup configuration file. Otherwise, if the switch resets, it will default to VTP server mode, and the extended-range VLAN IDs will not be saved. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 260
    interfaces: • Inter-Switch Link (ISL)-ISL is Cisco-proprietary trunking encapsulation. • 802.1Q-802.1Q is industry-standard trunking encapsulation. Figure 12-2 shows a network of switches that are connected by ISL trunks. 12-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 261
    this, you should configure interfaces connected to devices that do not support DTP to not forward DTP frames, that is, to turn off interface to select the encapsulation type on the trunk port. You can also specify on DTP interfaces whether the Catalyst 3560 Switch Software Configuration Guide 12-17
  • Cisco 3560G 48TS | Software Configuration Guide - Page 262
    -tree information for each VLAN is maintained by Cisco switches separated by a cloud of non-Cisco 802.1Q switches. The non-Cisco 802.1Q cloud separating the Cisco switches is treated as a single trunk link between the switches. 12-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 263
    command. By default, trunks negotiate encapsulation. If the neighboring interface supports ISL and 802.1Q encapsulation and both interfaces are set to negotiate the encapsulation type, the trunk uses ISL encapsulation. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12-19
  • Cisco 3560G 48TS | Software Configuration Guide - Page 264
    . Configure the port to support ISL or 802.1Q encapsulation or to negotiate (the default) with the neighboring interface for encapsulation type. You must configure each end of the link is used if the interface stops trunking. 12-20 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 265
    for a trunk port, the trunk port automatically becomes a member of the enabled VLAN. When VTP detects a new VLAN and the VLAN is not in the allowed list for a trunk port, the trunk port does not become a member of the new VLAN. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12-21
  • Cisco 3560G 48TS | Software Configuration Guide - Page 266
    by default. end Return to port: Step 1 Step 2 Command configure terminal interface interface-id Purpose Enter global configuration mode. Enter interface configuration mode, and select the trunk port for which VLANs should be pruned. 12-22 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 267
    2 to 1001. end Return to privileged EXEC port. For vlan-id, the range is 1 to 4094. Return to privileged EXEC mode. Verify your entries in the Trunking Native Mode VLAN field. (Optional) Save your entries in the configuration file. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 268
    over any trunk port. Figure 12-3 Load Sharing by Using STP Port Priorities Switch A Trunk 1 VLANs 8 - 10 (priority 16) VLANs 3 - 6 (priority 128) Switch B Trunk 2 VLANs 3 - 6 (priority 16) VLANs 8 - 10 (priority 128) 93370 12-24 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 269
    mode, and define the interface to set the STP port priority. Assign the port priority of 10 for VLANs 3 through 6. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12-25
  • Cisco 3560G 48TS | Software Configuration Guide - Page 270
    Steps 2 and 6 are configured as trunk ports. When the trunk links come up, Switch A receives the VTP information from the other switches. Verify that Switch A has learned the VLAN configuration. Enter global configuration mode. 12-26 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 271
    based on this mapping and whether or not the server is in open or secure mode. In secure mode, the server shuts down the port when an illegal host is detected. In open mode, the server simply denies the host access to the port. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12-27
  • Cisco 3560G 48TS | Software Configuration Guide - Page 272
    they can connect to a network. A maximum of 20 MAC addresses are allowed per port on the switch. A dynamic-access port can belong to only one VLAN at a time, but the VLAN can change over time, depending on the MAC addresses seen. 12-28 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 273
    VLAN configured on the VMPS server should not be a voice VLAN. Configuring the VMPS Client You configure dynamic VLANs by using the VMPS (server). The switch can be a VMPS client; it cannot be a VMPS server. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12-29
  • Cisco 3560G 48TS | Software Configuration Guide - Page 274
    the switch port that is connected to the end station. Set the port to access mode. Configure the port as eligible for dynamic VLAN membership. The dynamic-access port must be connected to an end station. Return to privileged EXEC mode. 12-30 Catalyst 3560 Switch Software Configuration Guide 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 275
    follow these steps to confirm the dynamic-access port VLAN membership assignments that the switch has received from the VMPS: Step 1 return the switch to its default setting, use the no vmps reconfirm global configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12-
  • Cisco 3560G 48TS | Software Configuration Guide - Page 276
    command: Switch# show vmps VQP Client Status VMPS VQP Version: 1 Reconfirm Interval: 60 min Server Retry Count: 3 VMPS domain server: 172.20.128.86 (primary, current) 172.20.128.87 Reconfirmation status VMPS Action: other 12-32 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 277
    Catalyst 6500 series Switch C and Switch J are secondary VMPS servers. • End stations are connected to the clients, Switch B and Switch I. • The database configuration file is stored on the TFTP server with the IP address 172.20.22.7. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 278
    End station 2 Switch H Dynamic-access port Catalyst 6500 series Secondary VMPS Server 3 172.20.26.157 Client switch I 172.20.26.158 Trunk port 172.20.26.159 Switch J 101363t Ethernet segment (Trunk link) TFTP server Router 172.20.22.7 12-34 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 279
    VTP minimizes misconfigurations and configuration inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect VLAN-type greater than 1005) are not supported by VTP or stored in the VTP VLAN database. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 13-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 280
    this mode are saved in the switch running configuration and can be saved to the switch startup configuration file. For domain name and password configuration guidelines, see the "VTP Configuration Guidelines" section on page 13-8. 13-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 281
    can configure a supported switch to be in port is configured on the switch and that this trunk port is connected to the trunk port of another switch. Otherwise, the switch cannot receive any VTP advertisements. For more information on trunk ports Catalyst 3560 Switch Software Configuration Guide 13-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 282
    • Unrecognized Type-Length-Value (TLV) support-A VTP server or client propagates configuration Switch A, Switch A floods the broadcast and every switch in the network receives it, even though Switches C, E, and F have no ports in the Red VLAN. 13-4 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 283
    always pruning-ineligible; traffic from these VLANs cannot be pruned. Extended-range VLANs (VLAN IDs higher than 1005) are also pruning-ineligible. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 13-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 284
    off VTP pruning by making all VLANs on the trunk of the switch upstream to the VTP transparent switch pruning ineligible. To configure VTP pruning on an interface, use the Version 1 (version 2 is disabled). None. Disabled. 13-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 285
    name and the mode (transparent) are saved in the switch running configuration, and you can save this information in the switch startup configuration file by entering the copy running-config startup-config privileged EXEC command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 13-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 286
    it. Caution When you configure a VTP domain password, the management domain does not function properly if you do not assign a management domain password to each switch in the domain. 13-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 287
    trunk port so that the switch can send and receive VTP advertisements to and from other switches switches operating in VTP server or client mode under the same administrative responsibility must be configured with the same domain name. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 288
    the display. When you configure a domain name, it cannot be removed; you can only reassign a switch to a different domain. To return the switch to a no-password state, use the no vtp password VLAN database configuration command. 13-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 289
    the switch to VTP server mode. To return the switch to a no-password state, use the no vtp password privileged EXEC command. When you configure a domain name, it cannot be removed; you can only reassign a switch to a different domain. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 290
    save the VTP configuration in the switch startup configuration file: Step 1 Step 2 Step 3 Step 4 Command configure terminal vtp mode transparent end show vtp status Step 5 copy VTP Server" section on page 13-9. Use the no vtp 13-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 291
    on switches in the same VTP domain. Every switch in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every switch in the VTP domain supports enable VTP pruning on a switch in VTP server mode. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 13-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 292
    vtp pruning Step 3 end Step 4 show vtp in future releases. Pruning is supported with VTP version 1 and version pruning eligible on trunk ports. Reserved VLANs and extended switch configuration revision number. Enter global configuration mode. 13-14 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 293
    domain domain-name end Step 5 Step 6 Step 7 Step 8 show vtp status configure terminal vtp domain domain-name end Step 9 show vtp switch configuration information. Display counters about VTP messages that have been sent and received. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 294
    Monitoring VTP Chapter 13 Configuring VTP 13-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 295
    or other voice-over-IP (VoIP) device. • Port 2 is an internal 10/100 interface that carries the IP phone traffic. • Port 3 (access port) connects to a PC or other device. Figure 14-1 shows one way to connect a Cisco 7960 IP Phone. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 14-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 296
    Layer 2 CoS value is 0. Untrusted mode is the default. Note Untagged traffic from the device attached to the Cisco IP Phone passes through the IP phone unchanged, regardless of the trust state of the access port on the IP phone. 14-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 297
    Phone uses 802.1p frames and the device uses untagged frames. - The Cisco IP Phone uses untagged frames and the device uses 802.1p frames. - The Cisco IP Phone uses 802.1Q frames and the voice VLAN is the same as the access VLAN. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 14-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 298
    voice traffic on a port: Step 1 Step 2 Command configure terminal interface interface-id Purpose Enter global configuration mode. Enter interface configuration mode, and specify the interface connected to the IP phone. 14-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 299
    Cisco IP Phone. The PC can generate packets with an assigned CoS value. You can configure the Cisco IP Phone to not change (trust) or to override (not trust) the priority of frames arriving on the IP phone port from connected devices. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 300
    if)# end To return the port to its default setting, use the no switchport priority extend interface configuration command. Displaying Voice VLAN To display voice VLAN configuration for an interface, use the show interfaces interface-id switchport privileged EXEC command. 14-6 Catalyst 3560 Switch
  • Cisco 3560G 48TS | Software Configuration Guide - Page 301
    port-based VLANs on the Catalyst 3560 switch. The switch uses the per-VLAN spanning-tree plus (PVST+) protocol based on the IEEE 802.1D standard and Cisco and Protocols, page 15-9 • Supported Spanning-Tree Instances, page 15-9 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 15-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 302
    , page 15-10 • STP and IEEE 802.1Q Trunks, page 15-10 • VLAN-Bridge port priority value represents the location of a port in the network topology and how well it is located to pass traffic. The path cost value represents the media speed. 15-2 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 303
    port through which the designated switch is attached to the LAN is called the designated port. All paths that are not needed to reach the root switch from anywhere in the switched network are placed in the spanning-tree blocking mode. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 304
    in frame forwarding. • Forwarding-The interface forwards frames. • Disabled-The interface is not participating in spanning tree because of a shutdown port, no link on the port, or no spanning-tree instance running on the port. 15-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 305
    switch learns end-station location information for the forwarding database. 4. When the forward-delay timer expires, spanning tree moves the interface to the forwarding state, where both learning and frame forwarding are enabled. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 15
  • Cisco 3560G 48TS | Software Configuration Guide - Page 306
    from the learning state. An interface in the forwarding state performs these functions: • Receives and forwards frames received on the interface • Forwards frames switched from another interface • Learns addresses • Receives BPDUs 15-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 307
    over the Gigabit Ethernet link. By changing the spanning-tree port priority on the Gigabit Ethernet port to a higher priority (lower numerical value) than the root port, the Gigabit Ethernet port becomes the new root port. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 15-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 308
    , the low-speed link is always disabled. If the speeds are the same, the port priority and port ID are added together, and spanning tree disables the link with the lowest value. Figure command) when the spanning tree reconfigures. 15-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 309
    Cisco proprietary extensions. It is the default spanning-tree mode used on all Ethernet, Fast Ethernet, and Gigabit Ethernet port-based VLANs. The PVST+ runs on each VLAN on the switch up to the maximum supported on page 15-12. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 15-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 310
    no user configuration is required. The external spanning-tree behavior on access ports and Inter-Switch Link (ISL) trunk ports is not affected by PVST+. For more information on 802.1Q trunks, see Chapter 12, "Configuring VLANs." 15-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 311
    port priority (configurable on a per-interface basis) Default Setting Enabled on VLAN 1. For more information, see the "Supported Spanning-Tree Instances" section on page 15-9. PVST+. (Rapid PVST+ and MSTP are disabled.) 32768. 128. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 312
    lists on the trunk ports of switches that have used up their allocation of spanning-tree instances. Setting up allowed lists is not necessary in many cases and can make it more labor-intensive to add another VLAN to the network. 15-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 313
    If any port on the switch is connected to a port on a legacy 802.1D switch, restart the protocol migration process on the entire switch. This step is optional if the designated switch detects that this switch is running rapid PVST+. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 15
  • Cisco 3560G 48TS | Software Configuration Guide - Page 314
    port vlan-id end show spanning- switches for each VLAN. Because of the extended system ID support, the switch sets its own priority for the specified VLAN to 24576 if this value will cause this switch to become the root for the specified VLAN. 15-14 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 315
    hello time. Note After configuring the switch as the root switch, we recommend that you avoid manually configuring the hello time, forward-delay root switch. The range is 1 to 10; the default is 2. Return to privileged EXEC mode. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 15-
  • Cisco 3560G 48TS | Software Configuration Guide - Page 316
    end stations. The range is 2 to 7. • (Optional) For hello-time seconds, specify the interval in seconds between the generation of configuration messages by the root switch. The range is 1 to 10 root global configuration command. 15-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 317
    the default is 128. Valid values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176 port is in a link-up operative state. Otherwise, you can use the show running-config interface privileged EXEC command to confirm the configuration. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 318
    vlan-id cost cost Step 5 Step 6 Step 7 end show spanning-tree interface interface-id or show spanning-tree Valid interfaces include physical ports and port-channel logical interfaces (port-channel port-channel-number). Configure the Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 319
    -id privileged EXEC command displays information only for ports that are in a link-up operative state end show spanning-tree vlan vlan-id copy running-config startup-config Purpose Enter global configuration mode. Configure the switch Catalyst 3560 Switch Software Configuration Guide 15-19
  • Cisco 3560G 48TS | Software Configuration Guide - Page 320
    configure terminal spanning-tree vlan vlan-id hello-time seconds Step 3 Step 4 Step 5 end show spanning-tree vlan vlan-id copy running-config startup-config Purpose Enter global configuration mode global configuration command. 15-20 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 321
    configure terminal spanning-tree vlan vlan-id max-age seconds Step 3 Step 4 Step 5 end show spanning-tree vlan vlan-id copy running-config startup-config Purpose Enter global configuration mode age global configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 15-21
  • Cisco 3560G 48TS | Software Configuration Guide - Page 322
    EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, refer to the command reference for this release. 15-22 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 323
    Cisco implementation of the IEEE 802.1S Multiple STP (MSTP) on the Catalyst 3560 switch. The MSTP enables multiple VLANs to be mapped to the same spanning-tree instance, thereby reducing the number of spanning-tree instances needed to support transitions root ports and designated ports to the
  • Cisco 3560G 48TS | Software Configuration Guide - Page 324
    CIST, and CST, page 16-3 • Hop Count, page 16-5 • Boundary Ports, page 16-5 • "Interoperability with 802.1D STP" section on page 16-5 support up to 16 spanning-tree instances. You can assign a VLAN to only one spanning-tree instance at a time. 16-2 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 325
    by a switch to support multiple switches in the MST region must agree on the same IST master. Therefore, any two switches in the region synchronize their port roles for an MST instance only if they converge to a common IST master. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 326
    be configured on both the CST instance and the MST instance. MSTP switches use version 3 RSTP BPDUs or 802.1D STP BPDUs to communicate with legacy 802.1D switches. MSTP switches use MSTP BPDUs to communicate with MSTP switches. 16-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 327
    only 802.1D BPDUs on that port. An MSTP switch also can detect that a port is at the boundary of a region when it receives a legacy BPDU, an MSTP BPDU (version 3) associated with a different region, or an RSTP BPDU (version 2). 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 16-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 328
    . • Disabled port-Has no role within the operation of the spanning tree. A port with the root or a designated port role is included in the active topology. A port with the alternate or backup port role is excluded from the active topology. 16-6 Catalyst 3560 Switch Software Configuration Guide 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 329
    Switch A also immediately transitions its designated port to the forwarding state. No loops in the network are formed because Switch B blocked all of its nonedge ports and because there is a point-to-point link between Switches A and B. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 330
    to its root port. When the switches connected by a point-to-point link are in agreement about their port roles, the RSTP immediately transitions the port states to forwarding. The sequence of events is shown in Figure 16-3. 16-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 331
    port role in the proposal message is always set to the designated port. The sending switch sets the agreement flag in the RSTP BPDU to accept the previous proposal. The port role in the agreement message is always set to the root port. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 332
    a root port connected to an 802.1D switch and a configuration BPDU with the TCA bit set is received, the TC-while timer is reset. This behavior is only required to support 802.1D switches. The RSTP BPDUs never have the TCA bit set. 16-10 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 333
    this timer is active, the switch processes all BPDUs received on that port and ignores the protocol type. If the switch receives an 802.1D BPDU after the port's migration-delay timer has expired, Process, page 16-22 (optional) 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 16-11
  • Cisco 3560G 48TS | Software Configuration Guide - Page 334
    the command-line interface (CLI) or through the SNMP support. • For load balancing across redundant paths in the network to work, all VLAN-to-instance mapping assignments must match; otherwise, all traffic flows on a single link. 16-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 335
    ports You might have to manually configure the switches in the clouds. • in a network, but each region can support up to 16 spanning-tree instances. You comma; for example, instance 1 vlan 10, 20, 30 maps VLANs 10, 20, and 30 to MST instance 1. Catalyst 3560 Switch Software Configuration Guide 16-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 336
    Step 10 Step 11 end switches. Because of the extended system ID support, the switch sets its own priority for the specified instance to 24576 if this value will cause this switch to become the root for the specified spanning-tree instance. 16-14 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 337
    to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst instance-id root global configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 16-15
  • Cisco 3560G 48TS | Software Configuration Guide - Page 338
    MSTP Features Chapter 16 Configuring MSTP Configuring a Secondary Root Switch When you configure a Catalyst 3560 switch with the extended system ID support as the secondary root, the switch priority is modified from the default value (32768) to 28672. The switch is then likely to become the root
  • Cisco 3560G 48TS | Software Configuration Guide - Page 339
    -tree mst instance-id port-priority priority end show spanning-tree mst interface the higher the priority. The priority values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, port-priority interface configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 16-17
  • Cisco 3560G 48TS | Software Configuration Guide - Page 340
    interfaces include physical ports and port-channel logical interfaces. The port-channel range is value is derived from the media speed of the interface. end Return to privileged EXEC mode. show spanning-tree mst interface interface Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 341
    Step 3 Step 4 Step 5 end show spanning-tree mst instance-id copy running-config startup-config Purpose Enter global configuration mode. Configure the switch priority. • For instance-id, you commands to modify the hello time. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 16-19
  • Cisco 3560G 48TS | Software Configuration Guide - Page 342
    Step 5 end show switch. These messages mean that the switch is alive. For seconds, the range is 1 to 10 seconds a port waits before switch to its default setting, use the no spanning-tree mst forward-time global configuration command. 16-20 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 343
    3 Step 4 Step 5 end show spanning-tree mst copy is discarded, and the information held for a port is aged. For hop-count, the range switch to its default setting, use the no spanning-tree mst max-hops global configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 344
    tree link-type point-to-point end show spanning-tree mst interface port to its default setting, use the no spanning-tree link-type interface configuration command. Restarting the Protocol Migration Process A switch running MSTP supports Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 345
    interface. For information about other keywords for the show spanning-tree privileged EXEC command, refer to the command reference for this release. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 16-23
  • Cisco 3560G 48TS | Software Configuration Guide - Page 346
    Displaying the MST Configuration and Status Chapter 16 Configuring MSTP 16-24 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 347
    BPDU Filtering, page 17-3 • Understanding UplinkFast, page 17-4 • Understanding BackboneFast, page 17-5 • Understanding Root Guard, page 17-7 • Understanding Loop Guard, page 17-8 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 17-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 348
    interface configuration or the spanning-tree portfast default global configuration command. Figure 17-1 Port Fast-Enabled Interfaces Port Fast-enabled ports Workstations Server Port Fast-enabled port Workstations 101225 17-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 349
    is the same as disabling spanning tree on it and can result in spanning-tree loops. If your switch is running PVST+, rapid PVST+, or MSTP, you can enable the BPDU filtering feature for the entire switch or for an interface. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 17-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 350
    . Specifically, an uplink group consists of the root port (which is forwarding) and a set of blocked ports, except for self-looping ports. The uplink group provides an alternate path in case the currently forwarding link fails. 17-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 351
    global configuration command, starts when a root port or blocked interface on a switch receives inferior BPDUs from its designated switch. An inferior BPDU identifies a switch that declares itself as both the root bridge and 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 17-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 352
    more alternate paths can still connect to the root switch, the switch makes all interfaces on which it received an inferior BPDU its designated ports and moves them from the blocking state (if account for the failure of link L1. 17-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 353
    the customer network to be selected as the root port, root guard then places the interface in the root-inconsistent (blocked) state to prevent the customer's switch from becoming the root switch or being in the path to the root. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 17-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 354
    configuration command. When the switch is operating in PVST+ or rapid-PVST+ mode, loop guard prevents alternate and root ports from becoming designated ports, and spanning tree does not send BPDUs on root or alternate ports. 17-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 355
    17-9 • Optional Spanning-Tree Configuration Guidelines, page 17-9 • Enabling Port Fast, page 17-10 (optional) • Enabling BPDU Guard, page 17-11 (optional) • BackboneFast features are not supported with the rapid PVST+ or the MSTP. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 17-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 356
    -tree portfast default global configuration command to globally enable the Port Fast feature on all nontrunking ports. To disable the Port Fast feature, use the spanning-tree portfast disable interface configuration command. 17-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 357
    manually put the interface back in service. Use the BPDU guard feature in a service-provider network to prevent an access port from participating in the spanning tree. Caution Configure Port Fast only on interfaces that connect to end -01 Catalyst 3560 Switch Software Configuration Guide 17-11
  • Cisco 3560G 48TS | Software Configuration Guide - Page 358
    filtering is disabled. Specify the interface connected to an end station, and enter interface configuration mode. Enable the Port Fast feature. Return to privileged EXEC mode. Verify enable interface configuration command. 17-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 359
    more slowly after a loss of connectivity. end Return to privileged EXEC mode. show spanning- switches in the network. BackboneFast is not supported on Token Ring VLANs. This feature is supported for use with third-party switches. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 360
    startup-config (Optional) Save your entries in the configuration file. To disable root guard, use the no spanning-tree guard interface configuration command. 17-14 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 361
    Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Verify which interfaces are alternate or root ports. Enter global configuration mode. Enable lines of the spanning-tree state section. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 17-15
  • Cisco 3560G 48TS | Software Configuration Guide - Page 362
    EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, refer to the command reference for this release. 17-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 363
    option-82 data insertion features on the Catalyst 3560 switch. Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release, and refer to the "IP Addressing and Services" section in the Cisco IOS IP and IP Routing Command Reference
  • Cisco 3560G 48TS | Software Configuration Guide - Page 364
    server Catalyst switch (DHCP relay agent) Access layer Host A (DHCP client) Subscribers VLAN 10 Host switch removes the option-82 field and forwards the packet to the switch port that connects to the DHCP client that sent the DHCP request. 18-2 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 365
    DHCP server is a Cisco device, refer to the "IP Addressing and Services" section in the "Configuring DHCP" chapter of the Cisco IOS IP and IP Routing Configuration Guide for Release 12.1. Otherwise, refer to the documentation that shipped with the server. 78-16156-01 Catalyst 3560 Switch Software
  • Cisco 3560G 48TS | Software Configuration Guide - Page 366
    on a port: Switch(config)# ip dhcp snooping Switch(config)# ip dhcp snooping vlan 10 Switch(config)# ip dhcp snooping information option Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ip dhcp snooping limit rate 100 18-4 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 367
    for all interfaces on a switch. Displaying a Binding Table The DHCP snooping binding table for each switch has binding entries that correspond to untrusted ports. The table does not Interface that connects to the DHCP client host 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 18-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 368
    42 Insertion of option 82 is enabled Interface Trusted Rate limit (pps) ------- gigabitethernet0/1 yes unlimited gigabitethernet0/2 no 5000 gigabitethernet0/3 yes unlimited gigabitethernet0/4 yes unlimited 18-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 369
    information for the commands used in this chapter, refer to the switch command reference for this release and the Cisco IOS Release Network Protocols Command Reference, Part 1, for Release 12.1. you can use static IP addresses. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 19-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 370
    and member ports. When the switch receives an IGMP report from a host for a particular multicast group, the switch adds the host port number to group from which it receives an IGMP join request. The Catalyst 3560 switch supports IP multicast group-based bridging, rather than MAC-addressed based
  • Cisco 3560G 48TS | Software Configuration Guide - Page 371
    of ports as the IGMP snooping feature on IGMPv2 or IGMPv1 hosts. Note IGMPv3 join and leave messages are not supported on switches running IGMP filtering or MVR. An IGMPv3 switch can receive that multicast group. See Figure 19-1. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 19-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 372
    shown in Table 19-2. Note that because the forwarding table directs IGMP messages to only the CPU, the message is not flooded to other ports on the switch. Any known multicast traffic is forwarded to the group and not to the CPU. 19-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 373
    Type of Packet IGMP Ports 1, 2, 5 Leaving a Multicast Group The router sends periodic multicast general queries, and the switch forwards these queries through all ports in the VLAN. the group for the VLAN from its IGMP cache. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 19-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 374
    is only supported with IGMP version 2 hosts. The switch uses IGMP Port, page 19-9 • Configuring a Host Statically to Join a Group, page 19-10 • Enabling IGMP Immediate-Leave Processing, page 19-10 • Disabling IGMP Report Suppression, page 19-11 19-6 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 375
    : Step 1 Step 2 Command configure terminal ip igmp snooping vlan vlan-id Step 3 end Step 4 copy running-config startup-config Purpose Enter global configuration mode. Enable IGMP snooping on entries in the configuration file. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 19-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 376
    switch learns of such ports through one of these methods: • Snooping on IGMP queries, Protocol Independent Multicast (PIM) packets, and Distance Vector Multicast Routing Protocol (DVMRP) packets • Listening to Cisco Step 5 end show ip Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 377
    be a physical interface or a port channel. The port channel range is 1 to 12. end Return to privileged EXEC mode. port from the VLAN, use the no ip igmp snooping vlan vlan-id mrouter interface interface-id global configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 378
    processing, the switch immediately removes a port when it detects an IGMP version 2 leave message on that port. You should use the Immediate-Leave feature only when there is a single receiver present on every port in the VLAN. 19-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 379
    Switch# configure terminal Switch(config)# ip igmp snooping vlan 130 immediate-leave Switch(config)# end Disabling IGMP Report Suppression Note IGMP report suppression is supported -suppression global configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 19-11
  • Cisco 3560G 48TS | Software Configuration Guide - Page 380
    configured router ports and VLAN supports. (Optional) Enter vlan vlan-id to display information for a single VLAN. For more information about the keywords and options in these commands, refer to the command reference for this release. 19-12 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 381
    bandwidth on MVR data port links, which occurs when the switch runs in compatible mode. Only Layer 2 ports take part in MVR. You must configure ports as MVR receiver ports. Only one MVR multicast VLAN per switch is supported. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 19-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 382
    Multicast data Switch A RP1 RP2 RP3 RP4 RP5 RP6 RP7 Customer premises Hub IGMP join Set-top box TV data Set-top box PC 101364 TV RP = Receiver Port SP = Source Port TV Note: All source ports belong to the multicast VLAN. 19-14 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 383
    top box sends an IGMP leave message for the multicast stream. The switch CPU sends a MAC-based general query through the receiver port VLAN. If there is another set-top box in the VLAN 17 • Configuring MVR Interfaces, page 19-18 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 19-15
  • Cisco 3560G 48TS | Software Configuration Guide - Page 384
    MVR is cancelled, and you receive an error message. • MVR can coexist with IGMP snooping on a switch. • MVR data received on an MVR receiver port is not forwarded to MVR source ports. • MVR does not support IGMPv3 messages. 19-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 385
    support IGMP dynamic joins on source ports. The default is compatible mode. end Return to privileged EXEC mode. show mvr or show mvr members Verify the configuration. copy running-config startup-config (Optional) Save your entries in the configuration file. 78-16156-01 Catalyst 3560 Switch
  • Cisco 3560G 48TS | Software Configuration Guide - Page 386
    In compatible mode, this command applies to only receiver ports. In dynamic mode, it applies to receiver ports and source ports. Receiver ports can also dynamically join multicast groups by using IGMP join and leave messages. 19-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 387
    Switch(config-if)# mvr vlan 22 group 228.1.23.4 Switch(config-if)# mvr immediate Switch(config)# end Switch# show mvr interface Port Type Status Immediate Leave ---- ---- ------- Gi0/2 RECEIVER ACTIVE/DOWN ENABLED 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 388
    to which a user on a switch port can belong. You can control the distribution of multicast services, such as IP/TV, based on some type of subscription or service plan. You might also want to addresses; not static configuration. 19-20 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 389
    in the report to the table. Note IGMPv3 join and leave messages are not supported on switches running IGMP filtering. These sections describe how to configure IGMP filtering and throttling: • Action" section on page 19-24. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 19-21
  • Cisco 3560G 48TS | Software Configuration Guide - Page 390
    to be used for filtering IGMP join requests from a port. When you are in IGMP profile configuration mode, you address or a range with a start and an end address. The default is for the switch to have no IGMP profiles configured. When a Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 391
    no ip igmp filter profile number interface configuration command. This example shows how to apply IGMP profile 4 to a port: Switch(config)# interface gigabitethernet0/2 Switch(config-if)# ip igmp filter 4 Switch(config-if)# end 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 19-23
  • Cisco 3560G 48TS | Software Configuration Guide - Page 392
    but cannot use it on ports that belong to an EtherChannel port group. • When the maximum group limitation is set to the default (no maximum), entering the ip igmp max-groups action {deny | replace} command has no effect. 19-24 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 393
    command. This example shows how to configure a port to remove a randomly selected multicast entry in the Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ip igmp max-groups action replace Switch(config-if)# end 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 394
    of the specified interface or the configuration of all interfaces on the switch, including (if configured) the maximum number of IGMP groups to which an interface can belong and the IGMP profile applied to the interface. 19-26 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 395
    Traffic Control This chapter describes how to configure the port-based traffic control features on the Catalyst 3560 switch. Note For complete syntax and usage information for the , page 20-3 • Enabling Storm Control, page 20-3 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 20-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 396
    available bandwidth of the port. The switch supports separate storm control thresholds 100 percent means that no limit is placed on the traffic. A value of 0.0 means that all broadcast, multicast, or unicast traffic on that port is blocked. 20-2 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 397
    be from 1 to 100; the optional fraction of a level can be from 0 to 99. A threshold value of 100 percent means that no limit is placed on broadcast traffic. A value of 0.0 means that all broadcast traffic on that port is blocked. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 20-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 398
    to 100; the optional fraction of a level can be from 0 to 99. A threshold value of 100 port: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# no storm-control multicast level Switch(config-if)# end 20-4 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 399
    to be a protected port. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To disable protected port, use the no switchport protected interface configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 20-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 400
    in the configuration file. To return the interface to the default condition where no traffic is blocked and normal forwarding occurs on the port, use the no switchport block {multicast | unicast} interface configuration commands. 20-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 401
    Port Security, page 20-11 • Enabling and Configuring Port Security Aging, page 20-14 Understanding Port Security This section contains information about these topics: • Secure MAC Addresses, page 20-8 • Security Violations, page 20-9 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 402
    rejected. The switch supports these types of secure MAC addresses: • Static secure MAC addresses-These are manually configured by using the switchport port-security mac-address other secure MAC addresses configured on interfaces. 20-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 403
    addresses are dropped until you remove a sufficient number of secure MAC addresses. 2. The switch returns an error message if you manually configure an address that would cause a security violation. Shuts down port No No Yes 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 20-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 404
    addresses on the port to two plus the maximum number of secure addresses allowed on the access VLAN. When the port is connected to a Cisco IP phone, the The switch does not support port security aging of sticky secure MAC addresses. 20-10 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 405
    ; an interface in the default mode (dynamic auto) cannot be configured as a secure port. Enable port security on the interface. (Optional) Set the maximum number of secure MAC addresses for , the per-VLAN maximum value is used. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 20-11
  • Cisco 3560G 48TS | Software Configuration Guide - Page 406
    port-security mac-address mac-address [vlan vlan-id] Step 8 Step 9 switchport port-security mac-address sticky switchport port-security mac-address sticky mac-address Step 10 end MAC address. Return to privileged EXEC mode. 20-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 407
    on VLAN 3 on a port: Switch(config)# interface gigabitethernet0/2 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security mac-address 0000.02000.0004 vlan 3 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 20-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 408
    on a port, use the no switchport port-security aging time interface configuration command. To disable aging for only statically configured secure addresses, use the no switchport port-security aging static interface configuration command. 20-14 Catalyst 3560 Switch Software Configuration Guide 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 409
    all switch interfaces or on a specified interface with aging information for each address. show port-security interface interface-id vlan Displays the number of secure MAC addresses configured per VLAN on the specified interface. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 20
  • Cisco 3560G 48TS | Software Configuration Guide - Page 410
    Displaying Port-Based Traffic Control Settings Chapter 20 Configuring Port-Based Traffic Control 20-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 411
    . The switch uses CDP to find cluster candidates and maintain information about cluster members and other devices up to three cluster-enabled devices away from the command switch by default. The switch supports CDP version 2. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 21-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 412
    Step 4 cdp advertise-v2 Step 5 end Purpose Enter global configuration mode. ( 10 to 255 seconds; the default is 180 seconds. (Optional) Configure CDP to send version-2 advertisements. This is the default state. Return to privileged EXEC mode. 21-2 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 413
    CDP CDP is enabled by default. Note Switch clusters and other Cisco devices (such as Cisco IP Phones) regularly exchange CDP messages. run end Purpose Enter global configuration mode. Disable CDP. Return to privileged EXEC mode. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 21-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 414
    in the configuration file. This example shows how to enable CDP on a port when it has been disabled. Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# cdp enable Switch(config-if)# end 21-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 415
    holdtime settings, capabilities, platform, and port ID. You can limit the Switch# show cdp Global CDP information: Sending CDP packets every 50 seconds Sending a holdtime value of 120 seconds Sending CDPv2 advertisements is enabled 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 416
    Monitoring and Maintaining CDP Chapter 21 Configuring CDP 21-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 417
    down misconnected ports. When you enable both autonegotiation and UDLD, the Layer 1 and Layer 2 detections work together to prevent physical and logical unidirectional connections and the malfunctioning of other protocols. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 22-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 418
    physical problem with ports affected by the configuration change. UDLD sends at least one message to inform the neighbors to flush the part of their caches affected by the status change. The message is intended to keep the caches synchronized. 22-2 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 419
    Switch B on the same port. If UDLD is in aggressive mode, it detects the problem and disables the port. If UDLD is in normal mode, the logical link is considered undetermined, and UDLD does not disable the interface. Switch B 98648 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 420
    supported on ATM ports. • A UDLD-capable port also cannot detect a unidirectional link if it is connected to a UDLD-incapable port of another switch. • When configuring the mode (normal or aggressive), make sure that the same mode is configured on both sides of the link. 22-4 Catalyst 3560 Switch
  • Cisco 3560G 48TS | Software Configuration Guide - Page 421
    other port types. For more information, see the "Enabling UDLD on an Interface" section on page 22-6. end Return ports. Use the no udld aggressive global configuration command to disable aggressive mode UDLD on all fiber-optic ports. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 422
    to disable UDLD on a port: Step 1 Step 2 Command configure terminal interface interface-id Step 3 udld port {aggressive | disable} Step 4 Step 5 Step 6 end show udld interface-id to recover from the UDLD error-disabled state. 22-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 423
    the UDLD status for the specified port or for all ports, use the show udld [interface-id] privileged EXEC command. For detailed information about the fields in the command output, refer to the command reference for this release. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 22-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 424
    Displaying UDLD Status Chapter 22 Configuring UDLD 22-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 425
    network security device. For example, if you connect a Cisco Intrusion Detection System (IDS) sensor appliance to a destination port, the IDS device can send TCP reset packets to close down the TCP session of a suspected attacker. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 23-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 426
    carrying the RSPAN VLAN to a destination session monitoring the RSPAN VLAN. Each RSPAN source switch must have either ports or VLANs as RSPAN sources. The destination is always a physical port, as shown on Switch C in the figure. 23-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 427
    RSPAN VLAN. To configure an RSPAN destination session on another device, you associate the destination port with the RSPAN VLAN. The destination session collects all RSPAN VLAN traffic and sends it out the RSPAN destination port. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 23-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 428
    ; the destination port receives a copy of the packet even if the actual incoming packet is dropped. These features include IP standard and extended input access control lists (ACLs), ingress QoS policing, VLAN ACLs and egress QoS policing. 23-4 Catalyst 3560 Switch Software Configuration Guide 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 429
    cannot mix ports and VLANs in a single session. A source port has these characteristics: • It can be monitored in multiple SPAN sessions. • Each source port can be configured with a direction (ingress, egress, or both) to monitor. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 23-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 430
    from other port types is not affected by VLAN filtering; that is, all VLANs are allowed on other ports. • VLAN filtering affects only traffic forwarded to the destination SPAN port and does not affect the switching of normal traffic. 23-6 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 431
    packets. • For RSPAN, the original VLAN ID is lost because it is overwritten by the RSPAN VLAN identification. Therefore, all packets appear on the destination port as untagged. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 23-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 432
    (1006 to 4094), you must manually configure all intermediate switches. It is normal to have port list. If the port is the only port in the EtherChannel group, because there are no longer any ports in the group, there is no data to monitor. 23-8 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 433
    port) VLAN filtering RSPAN VLANs Default Setting Disabled. Both received and sent traffic (both). Native form (untagged packets). Disabled On a trunk interface used as a source port, all VLANs are monitored. None configured. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 434
    a trunk port is being monitored, only traffic on the VLANs specified with this keyword is monitored. By default, all VLANs are monitored on a trunk port. • You cannot mix source VLANs and filter VLANs within a single SPAN session. 23-10 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 435
    default. • rx-Monitor received traffic. • tx-Monitor sent traffic. Note You can use the monitor session session_number source command multiple times to configure multiple source ports. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 23-11
  • Cisco 3560G 48TS | Software Configuration Guide - Page 436
    gigabitethernet0/1 Switch(config)# end This example shows how to disable received traffic monitoring on port 1, which was configured for bidirectional monitoring: Switch(config)# no monitor session 1 source interface gigabitethernet0/1 rx 23-12 Catalyst 3560 Switch Software Configuration Guide 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 437
    vlan-id} [, | -] [both | rx | tx] Purpose Enter global configuration mode. Remove any existing SPAN configuration for the session. Specify the SPAN session and the source port (monitored port). 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 23-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 438
    on the destination port and specify the Switch(config)# monitor session 2 source gigabitethernet0/1 rx Switch(config)# monitor session 2 destination interface gigabitethernet0/2 encapsulation replicate ingress dot1q vlan 6 Switch(config)# end 23-14 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 439
    the default is to send packets in native form (untagged). end Return to privileged EXEC mode. show monitor [session session_number] trunk port, use the no monitor session session_number filter global configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 23-
  • Cisco 3560G 48TS | Software Configuration Guide - Page 440
    source session on the switch. • You can configure any VLAN as an RSPAN VLAN as long as these conditions are met: - The same RSPAN VLAN is used for an RSPAN session in all the switches. - All participating switches support RSPAN. 23-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 441
    source and destination switches and any intermediate switches. Use VTP pruning to get an efficient flow of RSPAN traffic, or manually delete the 901. Switch(config)# vlan 901 Switch(config-vlan)# remote span Switch(config-vlan)# end 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 23
  • Cisco 3560G 48TS | Software Configuration Guide - Page 442
    combine source ports and source VLANs in one session. Step 4 monitor session session_number destination remote vlan vlan-id Step 5 Step 6 Step 7 end show monitor monitor session session_number global configuration command. 23-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 443
    port-channel 12 Switch(config)# monitor session 1 destination remote vlan 901 Switch(config)# end Creating an RSPAN Destination Session You configure the RSPAN destination session on a different switch; that is, not the switch . 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 23-19
  • Cisco 3560G 48TS | Software Configuration Guide - Page 444
    8 end Step 9 show monitor [session session_number] show running-config Step 10 copy running the destination port, and to enable ingress traffic on the destination port for a network security device (such as a Cisco IDS Sensor . 23-20 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 445
    on the interface with VLAN 6 as the default ingress VLAN. Switch(config)# monitor session 2 source remote vlan 901 Switch(config)# monitor session 2 destination interface gigabitethernet0/2 ingress vlan 6 Switch(config)# end 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 23-21
  • Cisco 3560G 48TS | Software Configuration Guide - Page 446
    destination port. end Return Switch(config)# monitor session 2 source interface gigabitethernet0/2 rx Switch(config)# monitor session 2 filter vlan 1 - 5 , 9 Switch(config)# monitor session 2 destination remote vlan 902 Switch(config)# end 23-22 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 447
    monitor user EXEC command. You can also use the show running-config privileged EXEC command to display configured SPAN or RSPAN sessions. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 23-23
  • Cisco 3560G 48TS | Software Configuration Guide - Page 448
    Displaying SPAN and RSPAN Status Chapter 23 Configuring SPAN and RSPAN 23-24 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 449
    the commands used in this chapter, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. This switch to monitor all the traffic flowing among switches on all connected LAN segments as shown in Figure 24-1. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 450
    group of statistics on Ethernet ports (including Fast Ethernet and Gigabit Ethernet statistics, depending on the switch type and supported interfaces) for a specified Ethernet Statistics on an Interface, page 24-6 (optional) 24-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 451
    alarms or events are configured. Only RMON 1 is supported on the switch. Configuring RMON Alarms and Events You can configure your switch for RMON by using the command-line interface (CLI) string, specify the owner of the alarm. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 24-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 452
    string used for this trap. end Return to privileged EXEC mode. The following example configures RMON alarm number 10 by using the rmon alarm command. Switch(config)# rmon event 1 log trap eventtrap description "High ifOutErrors" owner jjones 24-4 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 453
    5 Step 6 Step 7 end show running-config show rmon switch history table. (Optional) Save your entries in the configuration file. To disable history collection, use the no rmon collection history index interface configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 454
    . end Return to privileged EXEC mode. show running-config Verify your entries. show rmon statistics Display the contents of the switch statistics to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. 24-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-
  • Cisco 3560G 48TS | Software Configuration Guide - Page 455
    syslog server. The switch software saves syslog messages in an internal buffer. You can remotely monitor system messages by viewing the logs on a syslog server or by accessing the switch through Telnet or through the console port. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 25-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 456
    10 service SYS, and so forth). For a list of supported facilities, see Table 25-4 on page 25-12. severity Single-digit code from 0 to 7 that is the severity of the message. For a description of the severity levels, see Table 25-3 on page 25-9. 25-2 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 457
    SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) 18:47:02: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) *Mar 1 18:48:50.483 UTC: %SYS-5-CONFIG_I: Configured from console by vty2 (10 on page 25-9). 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 25-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 458
    3 Step 4 Step 5 Command configure terminal no logging on end show running-config or show logging copy running-config startup-config switch. However, this value is the maximum available, and the buffer size should not be set to this amount. 25-4 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 459
    "Configuring UNIX Syslog Servers" section on page 25-10. Store log messages in a file in Flash remain in effect after the session has ended. You must perform this step for (PoE) events on specific PoE-capable ports. Logging on these ports is Catalyst 3560 Switch Software Configuration Guide 25-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 460
    [ending-line-number] Specify the line to be configured for synchronous logging of messages. • Use the console keyword for configurations that occur through the switch console port. number-of-buffers] line configuration command. 25-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 461
    service sequence-numbers end show running-config copy running-config startup-config Purpose Enter global configuration mode. Enable sequence numbers. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 78-16156-01 Catalyst 3560 Switch
  • Cisco 3560G 48TS | Software Configuration Guide - Page 462
    service sequence-numbers global configuration command. This example shows part of a logging display with sequence numbers enabled: 000019: %SYS-5-CONFIG_I: Configured from console by vty2 (10 Step 6 Step 7 end show running-config or show Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 463
    numerically lower levels (see Table 25-3 on page 25-9) are stored in the history table even if syslog traps are not enabled. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 25-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 464
    table. The default is to store one message. The range is 0 to 500 messages. end Return to privileged EXEC mode. show running-config Verify your entries. copy running-config startup- enable logging of remote syslog messages. 25-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 465
    /var/log/cisco.log $ chmod 666 /var/log/cisco.log Make sure the syslog daemon reads the new changes: $ kill -HUP `cat /etc/syslog. facility facility-type Step 5 Step 6 Step 7 end show running-config copy running-config startup-config Purpose Catalyst 3560 Switch Software Configuration Guide 25-11
  • Cisco 3560G 48TS | Software Configuration Guide - Page 466
    UNIX system facilities supported by the software. For more information about these facilities, consult the operator's manual for your UNIX , refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. 25-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 467
    Catalyst 3560 switch. Note For complete syntax and usage information for the commands used in this chapter, refer to the switch command reference for this release and to the Cisco to a neighbor, or other significant events. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 26-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 468
    26-5 • SNMP ifIndex MIB Object Values, page 26-6 SNMP Versions This software release supports these SNMP versions: • SNMPv1-The Simple Network Management Protocol, a Full Internet Standard, are SNMPv1, SNMPv2C, and SNMPv3. 26-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 469
    an agent can communicate with multiple managers, you can configure the software to support communications using SNMPv1, and SNMPv2C, and SNMPv3 protocols. SNMP Manager Functions The -bulk command only works with SNMPv2 or later. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 26-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 470
    when a port or switch number (@esN, where N is the switch number) to the first configured RW and RO community strings on the command switch and propagates them to the member switches. For more information, see Chapter 5, "Clustering Switches." 26-4 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 471
    and resources. If it is important that the SNMP manager receive every notification, use inform requests. If traffic on the network or memory in the switch is a concern and notification is not required, use traps. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 26-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 472
    a logical interface. When the switch reboots or the switch software is upgraded, the switch uses this same value for the interface. For example, if the switch assigns a port 2 an ifIndex value of 26-15 • SNMP Examples, page 26-15 26-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 473
    all users associated with that group. Refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1 for To configure a remote user, specify the IP address or port number for the remote SNMP agent of the device where the Catalyst 3560 Switch Software Configuration Guide 26-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 474
    Step 1 Step 2 Step 3 Step 4 Step 5 Command configure terminal no snmp-server end show running-config copy running-config startup-config Purpose Enter global configuration mode. Disable the numbered from 1 to 99 and 1300 to 1999. 26-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 475
    [source-wildcard] Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose switch. You can configure an SNMP server group that maps SNMP users to SNMP views, and you can add new users to the SNMP group. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 476
    specify the ip-address of the device that contains the remote copy of SNMP and the optional UDP port on the remote device. The default is 162. snmp-server group groupname {v1 | v2c | v3 ) that is the name of the access list. 26-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 477
    switch traps (notification types). You can enable any or all of these traps and configure a trap manager to receive them. Note Although visible in the command-line interface (CLI) online help, the fru-ctrl keyword is not supported. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 478
    trap for MAC address notifications. Generates SNMP port security traps. You can also set a supported. You can use the snmp-server host global configuration command to a specific host to receive the notification types listed in Table 26-5. 26-12 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 479
    For udp-port port, enter the remote device UDP port. • ( fru-ctrl keyword is not supported. (Optional) Specify the source 10. (Optional) Define how often to resend trap messages. The range is 1 to 1000; the default is 30 seconds. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 480
    Configuring SNMP Chapter 26 Configuring SNMP Step 9 Step 10 Step 11 Command end show running-config copy running-config startup-config Purpose Return to entries. (Optional) Save your entries in the configuration file. 26-14 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 481
    6 end show Switch(config)# snmp-server enable traps vtp Switch(config)# snmp-server host 192.180.1.27 version 2c public Switch(config)# snmp-server host 192.180.1.111 version 1 public Switch(config)# snmp-server host 192.180.1.33 public 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 482
    to the Cisco IOS Configuration supported. To enable the sending of SNMP inform notifications, use the snmp-server enable traps global configuration command combined with the snmp-server host host-addr informs global configuration command. 26-16 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 483
    , the switch rejects the packets. If there are no restrictions, the switch forwards the packet; otherwise, the switch drops the packet. The switch can access-control all packets it switches, including packets bridged within a VLAN. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 27
  • Cisco 3560G 48TS | Software Configuration Guide - Page 484
    ACL and input port ACL exist in an SVI, incoming packets received on the ports to which a port ACL is applied are filtered by the port ACL. Outgoing routed IP packets are filtered by the router ACL. Other packets are not filtered. 27-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 485
    are filtered only by the VLAN map. Port ACLs are ACLs that are applied to Layer 2 interfaces on a switch. Port ACLs are supported only on physical interfaces and not on EtherChannel Host B and permitting traffic from Host A = Packet 101365 Catalyst 3560 Switch Software Configuration Guide 27-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 486
    on the action specified in the map. Figure 27-2 illustrates how a VLAN map is applied to deny a specific type of traffic from Host A in VLAN 10 from being forwarded. You can apply only one VLAN map to a VLAN. 27-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 487
    the packet is TCP and that the destination is 10.1.1.1. • Packet B is from host 10.2.2.2, port 65001, going to host 10.1.1.2 on the Telnet port. If this packet is fragmented, the first fragment match the third ACE (a permit). 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 27-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 488
    to the "Configuring IP Services" chapter in the Cisco IP and IP Routing Configuration Guide for IOS Release 12.1. For detailed information about the commands, refer to Cisco IOS IP and IP Routing Command Reference for IOS Release 12.1. The switch does not support these Cisco IOS router ACL-related
  • Cisco 3560G 48TS | Software Configuration Guide - Page 489
    27-10 • 48-bit MAC address access list IPX standard access list IPX extended access list IPX SAP access list Extended 48-bit MAC address access list IPX summary address access list Supported Yes Yes No No No No No No No No No No No 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 490
    to be sent to the console. end Return to privileged EXEC mode. show access-lists [number | name] Show the access list configuration. copy running-config startup-config (Optional) Save your entries in the configuration file. 27-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 491
    to any others, and display the results. Switch (config)# access-list 2 deny host 171.69.198.102 Switch (config)# access-list 2 permit any Switch(config)# end Switch# show access-lists Standard IP access list 2 on page 27-29). 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 27-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 492
    end of support dynamic or reflexive access lists. It also does not support filtering based on the type of service (ToS) minimize-monetary-cost bit. Supported parameters can be grouped into these categories: TCP, UDP, ICMP, IGMP, or other IP. 27-10 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 493
    the access conditions. The access-list-number is a decimal number from 100 to 199 or 2000 to 2699. Enter deny or permit to check non-initial fragments. • tos-Enter to match by type of service level, specified by a number from 0 to 15 or a Catalyst 3560 Switch Software Configuration Guide 27-11
  • Cisco 3560G 48TS | Software Configuration Guide - Page 494
    Datagram Protocol. The UDP parameters are the same as those described for TCP except that [operator [port]] port number or name must be a UDP port number or name, and the flag and established parameters are not valid for UDP. 27-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 495
    the ? or refer to the "Configuring IP Services" section of Cisco IOS IP and IP Routing Command Reference for end of the access list contains an implicit deny statement for all packets if it did not find a match before reaching the end. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 496
    extended ACL can also be a number in the supported range of access list numbers. That is, the name of an extended IP ACL can be 100 to 199. The advantage of using named of 0.0.0.0 255.255.255.255. end Return to privileged EXEC mode. Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 497
    Note The name can be a number from 100 to 199. In access-list configuration mode ACL" section on page 27-10 for definitions of protocols and other create an ACL, any additions are placed at the end of the list. You cannot selectively add ACL Catalyst 3560 Switch Software Configuration Guide 27-15
  • Cisco 3560G 48TS | Software Configuration Guide - Page 498
    an application (identified by an IP address/mask pair and a port number). • You can control logging messages. ACL entries can and must begin with a letter. absolute [start time date] [end time date] or periodic day-of-the-week hh:mm to [ Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 499
    end 23:59 28 Nov 2003 Switch(config-time-range)# exit Switch(config)# time-range christmas_2003 Switch(config-time-range)# absolute start 00:00 24 Dec 2003 end 23:50 25 Dec 2003 Switch(config-time-range)# end Switch (inactive) 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 27-17
  • Cisco 3560G 48TS | Software Configuration Guide - Page 500
    remarks make the ACL easier for you to understand and scan. Each remark line is limited to 100 characters. The remark can go before or after a permit or deny statement. You should be consistent VLAN Maps" section on page 27-29. 27-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 501
    in an access list. end Return to privileged EXEC interface that is a member of a VLAN, the Layer 2 (port) ACL takes precedence over an input Layer 3 ACL applied to switch CPU so that it can generate the ICMP-unreachable message. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 27-
  • Cisco 3560G 48TS | Software Configuration Guide - Page 502
    keyword is not supported for Layer 2 interfaces (port ACLs). end Return to switch acts as if the ACL has not been applied to the interface and permits all packets. Remember this behavior if you use undefined ACLs for network security. 27-20 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 503
    Server A, containing benefits and other information that all employees can access, and routed Port 1 connected to Server B, containing confidential payroll data. All users can access Server A, but Server B has restricted access. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 27-21
  • Cisco 3560G 48TS | Software Configuration Guide - Page 504
    going into routed Port 1, permitting it to Switch(config)# end Switch# show access-lists Extended IP access list 106 permit ip any 172.20.128.64 0.0.0.31 Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ip access-group 106 in 27-22 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 505
    )# access-list 102 permit tcp any 128.88.0.0 0.0.255.255 established Switch(config)# access-list 102 permit tcp any host 128.88.1.2 eq 25 Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ip access-group 102 in 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 27-23
  • Cisco 3560G 48TS | Software Configuration Guide - Page 506
    deny tcp any any eq www time-range no-http Switch(config-ext-nacl)# permit udp any any time-range udp-yes ! Switch(config-ext-nacl)# exit Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ip access-group strict in 27-24 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 507
    problems 00:09:34:%SEC-6-IPACCESSLOGS:list stan1 permitted 0.0.0.0 1 packet 00:09:59:%SEC-6-IPACCESSLOGS:list stan1 denied 10.1.1.15 1 packet 00:10:11:%SEC-6-IPACCESSLOGS:list stan1 permitted 0.0.0.0 1 packet 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 508
    : 00:05:47:%SEC-6-IPACCESSLOGDP:list inputlog permitted icmp 10.1.1.10 -> 10.1.1.61 (0/0), 1 packet Creating Named MAC Extended ACLs You supported as a matching condition for the deny and permit MAC access-list configuration mode commands. 27-26 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 509
    extended mac1 Switch(config-ext-macl)# deny any any decnet-iv Switch(config-ext-macl)# permit any any Switch(config-ext-macl)# end Switch # show access-lists Extended MAC access list mac1 deny any any decnet-iv permit any any 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 27-27
  • Cisco 3560G 48TS | Software Configuration Guide - Page 510
    packet, the switch discards it. When you apply an undefined ACL to an interface, the switch acts as if the ACL has not been applied and permits all packets. Remember this behavior if you use undefined ACLs for network security. 27-28 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 511
    into the switch is tested against the first entry in the VLAN map. If it matches, the action specified for that part of the VLAN map is taken. If there is no match, the packet is tested against the next entry in the map. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 27-29
  • Cisco 3560G 48TS | Software Configuration Guide - Page 512
    Logging is not supported for VLAN maps. switch has an IP access list or MAC access list applied to a Layer 2 interface, and you apply a VLAN map to a VLAN that the port belongs to, the port name | number] end show running-config of 10. Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 513
    10 Switch(config-access-map)# match ip address 101 Switch(config-access-map)# action forward Switch(config-access-map)# exit Switch(config)# vlan access-map drop-ip-default 20 Switch(config-access-map)# match ip address igmp-match 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 514
    tcp-match Switch(config-access-map)# action forward Switch(config-access-map)# exit Switch(config)# vlan access-map drop-all-default 20 Switch(config-access-map)# match mac address good-hosts Switch(config-access-map)# action forward 27-32 Catalyst 3560 Switch Software Configuration Guide 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 515
    closet switches A and C. Traffic from Host X to Host Y is eventually being routed by Switch B, a Layer 3 switch with routing enabled. Traffic from Host X to Host Y can be access-controlled at the traffic entry point, Switch A. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 27
  • Cisco 3560G 48TS | Software Configuration Guide - Page 516
    -nacl)# exit Switch(config)# vlan access-map map2 20 Switch(config-access-map)# match ip address match_all Switch(config-access-map)# action forward Then, apply VLAN access map map2 to VLAN 1. Switch(config)# vlan filter map2 vlan 1 27-34 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 517
    -map)# action drop Switch(config)# vlan access-map SERVER1_MAP 20 Switch(config-access-map)# action forward Switch(config-access-map)# exit Apply the VLAN map to VLAN 10. Switch(config)# vlan filter SERVER1_MAP vlan-list 10. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 27-35
  • Cisco 3560G 48TS | Software Configuration Guide - Page 518
    apply to configurations where you are mapping router ACLs and VLAN maps on different VLANs. The switch hardware provides one lookup for security ACLs for each direction (input and output); therefore, you deny... permit ip any any 27-36 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 519
    , and protocol ports). It is at the end of the Switched Packets VLAN 10 map Input router ACL Output router ACL VLAN 20 map Frame Host A (VLAN 10) Host C (VLAN 10) VLAN 10 Routing function or fallback bridge Packet VLAN 20 101357 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 520
    Figure 27-7 Applying ACLs on Bridged Packets VLAN 10 map VLAN 20 map Frame Host A (VLAN 10) Fallback bridge Host B (VLAN 20) 101358 VLAN 10 Packet VLAN 20 ACLs and Routed Packets Figure ACL 4. VLAN map for output VLAN 27-38 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 521
    packet. Figure 27-9 Applying ACLs on Multicast Packets VLAN 10 map Input router ACL Output router ACL VLAN 20 map Frame Host A (VLAN 10) Routing function Host B (VLAN 20) Host C (VLAN 10) VLAN 10 Packet VLAN 20 101360 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 27-39
  • Cisco 3560G 48TS | Software Configuration Guide - Page 522
    groups are included in the display. Displays the contents of the configuration file for the switch or the specified interface, including all configured MAC and IP access lists and which about a specified VLAN or VLAN access map. 27-40 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 523
    is based on the Differentiated Services (Diff-Serv) architecture, an emerging standard from the Internet Engineering Task Force (IETF). This architecture specifies that each packet is classified upon entry into the network. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 28-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 524
    significant bits, which are called the User Priority bits. On ports configured as Layer 2 802.1Q trunks, all traffic is value or a Differentiated Services Code Point (DSCP) value. QoS supports the use of either value switch. 46974 28-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 525
    can construct an end-to-end QoS solution. the ingress port include classifying services it for its configured share before servicing the other queue. For more information, see the "SRR Shaping and Sharing" section on page 28-12. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 526
    ingress queues to place the packet. Then service the queues according to the configured weights. port basis. No support exists for classifying packets at the VLAN or the switch virtual interface level. During classification, the switch Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 527
    information on port trust states, see the "Configuring Classification Using Port Trust States" section on page 28-30. After classification, the packet is sent to the policing, marking, and the ingress queueing and scheduling stages. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 28
  • Cisco 3560G 48TS | Software Configuration Guide - Page 528
    default port CoS and generate a DSCP from the CoS-to-DSCP map. Assign the DSCP or CoS as specified by ACL action to generate the QoS label. Assign the default DSCP (0). Generate the DSCP by using the CoS-to-DSCP map. Done Done 86834 28-6 Catalyst 3560 Switch Software Configuration Guide 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 529
    is shared among many ports. When you enter the class-map command, the switch enters the class-map configuration mode. In this mode, you define the match criterion for the traffic by using the match class-map configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 28-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 530
    policy map effective, you attach it to a port by using the service-policy interface configuration command. For more information, map, see the "Mapping Tables" section on page 28-10. Marked-down packets use the same queues as the original Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 531
    policy map and policing actions, attach the policy to an ingress port by using the service-policy interface configuration command. For configuration information, see the "Classifying, policed-DSCP map. Generate a new QoS label. Done 86835 Catalyst 3560 Switch Software Configuration Guide 28-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 532
    between the QoS domains, you can apply the configurable DSCP-to-DSCP-mutation map to the port that is on the boundary between the two QoS domains. You configure this map by using the on Egress Queues" section on page 28-15. 28-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 533
    the total ingress bandwidth of all ports can exceed the bandwidth of the internal : 40 percent (400 frames), 60 percent (600 frames), and 100 percent (1000 frames). These percentages mean that up to 400 frames switch drops it. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 28-11
  • Cisco 3560G 48TS | Software Configuration Guide - Page 534
    CoS 6-7 100% 1000 Both the ingress and egress queues are serviced by SRR, which controls the rate SRR sends packets to the egress port. You can configure SRR on egress and it is the only mode supported. In shaped mode, the egress Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 535
    the mls qos srr-queue input priority-queue global configuration command. The expedite queue has guaranteed bandwidth. 1. The switch uses two nonconfigurable queues for traffic that is essential for proper network operation. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 28-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 536
    support servicing the queue more frequently, and by adjusting queue thresholds so that packets with lower priorities are dropped. For configuration information, see the "Configuring Ingress Queue Characteristics" section on page 28-52. 28-14 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 537
    1) can be the egress expedite queue. These queues are assigned to a queue-set. All traffic exiting the switch flows through one of these four queues and is subjected to a threshold based on the QoS label assigned to the packet. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 28-15
  • Cisco 3560G 48TS | Software Configuration Guide - Page 538
    switch drops the frame. Figure 28-9 Egress Queue Buffer Allocation Common pool Port 1 queue 1 Port 1 queue 2 Port 1 queue 3 Port 1 queue 4 Port 2 queue 1 Port 10 100 buffers for a queue, you can reserve 50 percent (50 buffers). The switch Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 539
    privileged EXEC command. The queues use WTD to support distinct drop percentages for different traffic classes. Each 28-11. Shaped or Shared Mode SRR services each queue-set in shared or shaped mode. You map a port to a queue-set by using the Catalyst 3560 Switch Software Configuration Guide 28-17
  • Cisco 3560G 48TS | Software Configuration Guide - Page 540
    disabled. The switch then offers best-effort service to each switch uses the resulting classification to choose the appropriate egress queue. You use auto-QoS commands to identify ports connected to Cisco IP Phones and to identify ports Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 541
    48 10 percent 10 Cisco IP Phone is absent, the ingress classification is set to not trust the QoS label in the packet. The switch configures ingress and egress queues on the port according to the settings in Table 28-3 and Table 28-4. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 542
    threshold 3 3 6 7 Switch(config)# mls qos srr-queue output cos-map queue 3 threshold 3 2 4 Switch(config)# mls qos srr-queue output cos-map queue 4 threshold 2 1 Switch(config)# mls qos srr-queue output cos-map queue 4 threshold 3 0 28-20 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 543
    or shared) on the egress queues mapped to the port. Switch(config)# mls qos queue-set output 1 buffers 20 20 20 40 Switch(config-if)# srr-queue bandwidth shape 10 0 0 0 Switch(config-if)# srr-queue bandwidth share 10 10 60 20 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 28-21
  • Cisco 3560G 48TS | Software Configuration Guide - Page 544
    switch only for VoIP with Cisco ports. For auto-QoS to function properly, do not disable the CDP. • Policing is not enabled with auto-QoS. You can manually enable policing, as described in the "Configuring a QoS Policy" section on page 28-36. 28-22 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 545
    to enable auto-QoS and to trust the QoS labels received in incoming packets when the switch or router connected to a port is a trusted device: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# auto qos voip trust 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 28-23
  • Cisco 3560G 48TS | Software Configuration Guide - Page 546
    to IP phones IP Cisco IP phones 101234 Figure 28-10 shows a network in which the VoIP traffic is prioritized over all other traffic. Auto-QoS is enabled on the switches in the wiring closets at the edge of the QoS domain. 28-24 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 547
    Step 5 auto qos voip cisco-phone Step 6 exit Step 7 Step 8 auto qos voip cisco-phone Step 9 exit Step 10 interface interface-id Step 11 auto qos voip trust Step 12 end Step 13 show auto configuration in the configuration file. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 28-25
  • Cisco 3560G 48TS | Software Configuration Guide - Page 548
    page 28-29 • Enabling QoS Globally, page 28-30 (required) • Configuring Classification Using Port Trust States, page 28-30 (required • Configuring a QoS Policy, page 28-36 (required Queue Characteristics, page 28-57 (optional) 28-26 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 549
    input queue threshold map when QoS is enabled. Table 28-8 Default DSCP Input Queue Threshold Map DSCP Value Queue ID - Threshold ID 0-39 40-47 48-63 1-1 2-1 1-1 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 28-27
  • Cisco 3560G 48TS | Software Configuration Guide - Page 550
    ports are mapped to queue-set 1. The port bandwidth limit is set to 100 100 percent 100 percent 50 percent 400 percent 0 25 Table 28-10 shows the default CoS output queue threshold map when QoS is enabled. Table 28-10 39 40-47 48-63 2-1 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 551
    ports; there is no support for it on the VLAN or switch virtual switch are subject to all ingress QoS processing. • You are likely to lose data when you change queue settings; therefore, try to make changes when traffic is at a minimum. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 552
    , page 28-31 • Configuring the CoS Value for an Interface, page 28-33 • Configuring a Trusted Boundary to Ensure Port Security, page 28-34 • Configuring the DSCP Trust State on a Port Bordering Another QoS Domain, page 28-35 28-30 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 553
    switch within the QoS domain. Figure 28-11 shows a sample network topology. Figure 28-11 Port Trusted States within the QoS Domain Trusted interface Trunk Traffic classification performed here P3 P1 IP Trusted boundary 101236 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 554
    precedence] Step 4 Step 5 Step 6 end show mls qos interface copy running-config startup-config Purpose Enter global configuration mode. Specify the port to be trusted, and enter interface Map" section on page 28-47. 28-32 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 555
    port. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return to the default setting, use the no mls qos cos {default-cos | override} interface configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 556
    cisco-phone end show mls qos interface copy running-config startup-config Purpose Enter global configuration mode. Enable CDP globally. By default, CDP is enabled. Specify the port connected to the Cisco configuration command. 28-34 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 557
    . The DSCP range is 0 to 63. Specify the port to be trusted, and enter interface configuration mode. Valid interfaces include physical ports. Configure the ingress port as a DSCP-trusted port. By default, the port is not trusted. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 28-35
  • Cisco 3560G 48TS | Software Configuration Guide - Page 558
    Step 6 Step 7 Step 8 end show mls qos maps dscp-mutation copy running-config startup-config Purpose Apply the map to the specified ingress DSCP-trusted port. For dscp-mutation-name, specify Using Aggregate Policers, page 28-45 28-36 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 559
    Step 5 end show Switch(config)# access-list 1 permit 192.5.255.0 0.0.0.255 Switch(config)# access-list 1 permit 128.88.0.0 0.0.255.255 Switch(config)# access-list 1 permit 36.0.0.0 0.0.0.255 ! (Note: all other access implicitly denied) 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 560
    end 100 10.1.1.2 precedence 5 This example shows how to create an ACL that permits PIM traffic from any source to a destination group address of 224.0.0.2 with a DSCP set to 32: Switch(config)# access-list 102 permit pim any 224.0.0.2 dscp 32 28-38 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 561
    reaching the end. end Return to Switch(config-ext-macl)# permit 0001.0000.0001 0.0.0 0002.0000.0001 0.0.0 Switch(config-ext-macl)# permit 0001.0000.0002 0.0.0 0002.0000.0002 0.0.0 xns-idp ! (Note: all other access implicitly denied) 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 562
    creating an access list, remember that, by default, the end of the access list contains an implicit deny statement for everything if it did not class map is supported, the match-all and match-any keywords function the same. 28-40 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 563
    one match criterion per class map is supported, and only one ACL per class map is supported. • For access-group acl-index- Switch(config)# class-map class3 Switch(config-cmap)# match ip precedence 5 6 7 Switch(config-cmap)# end Switch# 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 564
    type of traffic received through a port. • A policy-map trust state and a port trust state are mutually exclusive, and Note Because only one match command per class map is supported, the match-all and match-any keywords function the same. Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 565
    derives the DSCP value by using the received or default port CoS value and the CoS-to-DSCP map. • dscp no policer is defined. For information on the number of policers supported, see the "Standard QoS Configuration Guidelines" section on page Catalyst 3560 Switch Software Configuration Guide 28-43
  • Cisco 3560G 48TS | Software Configuration Guide - Page 566
    xns-idp Switch(config-ext-mac)# exit Switch(config)# mac access-list extended maclist2 Switch(config-ext-mac)# permit 0001.0000.0003 0.0.0 0002.0000.0003 0.0.0 Switch(config-ext-mac)# permit 0001.0000.0004 0.0.0 0002.0000.0004 0.0.0 aarp 28-44 Catalyst 3560 Switch Software Configuration Guide 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 567
    use the aggregate policer across different policy maps or ports. Beginning in privileged EXEC mode, follow these steps is defined. For information on the number of policers supported, see the "Standard QoS Configuration Guidelines" section on Catalyst 3560 Switch Software Configuration Guide 28-45
  • Cisco 3560G 48TS | Software Configuration Guide - Page 568
    police aggregate transmit1 Switch(config-pmap-c)# exit Switch(config-pmap)# class ipclass2 Switch(config-pmap-c)# set ip dscp 56 Switch(config-pmap-c)# police aggregate transmit1 Switch(config-pmap-c)# exit Switch(config-pmap)# exit 28-46 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 569
    your entries in the configuration file. To return to the default map, use the no mls qos cos-dscp global configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 28-47
  • Cisco 3560G 48TS | Software Configuration Guide - Page 570
    IP-precedence-to-DSCP map: Switch(config)# mls qos map ip-prec-dscp 10 15 20 25 30 35 40 45 Switch(config)# end Switch# show mls qos maps ip-prec-dscp IpPrecedence-dscp map: ipprec: 0 1 2 3 4 5 6 7 dscp: 10 15 20 25 30 35 40 45 28-48 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 571
    53 54 55 56 57 to 0 Switch(config)# end Switch# show mls qos maps policed-dscp Policed-dscp map: d1 : d2 0 1 2 3 4 5 6 7 8 9 0 : 00 01 02 03 04 05 06 07 08 09 1 : 10 11 12 13 14 15 16 17 to a marked-down DSCP value of 0. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 28-49
  • Cisco 3560G 48TS | Software Configuration Guide - Page 572
    DSCP values 0, 8, 16, 24, 32, 40, 48, and 50 to CoS value 0 and to display the map: Switch(config)# mls qos map dscp-cos 0 8 16 24 32 40 48 50 to 0 Switch(config)# end Switch# show mls qos maps dscp-cos Dscp-cos map: value of 0. 28-50 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 573
    apply the DSCP-to-DSCP-mutation map to the receiving port (ingress mutation) at the boundary of a QoS administrative dscp-mutation dscp-mutation-name Step 6 Step 7 Step 8 end show mls qos maps dscp-mutation copy running-config startup-config Catalyst 3560 Switch Software Configuration Guide 28-51
  • Cisco 3560G 48TS | Software Configuration Guide - Page 574
    Switch(config-if)# mls qos dscp-mutation mutation1 Switch(config-if)# end Switch# show mls qos maps dscp-mutation mutation1 Dscp-dscp mutation map: mutation1: d1 : d2 0 1 2 3 4 5 6 7 8 9 0 : 00 00 00 00 00 00 00 00 10 10 1 : 10 10 10 10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 575
    threshold-percentage1 threshold-percentage2 end show mls qos maps a threshold ID. By default, DSCP values 0-39 and 48-63 are mapped to queue 1 and threshold 1. DSCP values -percentage2, the range is 1 to 100. Separate each value with a space Catalyst 3560 Switch Software Configuration Guide 28-53
  • Cisco 3560G 48TS | Software Configuration Guide - Page 576
    percentage2 Step 3 Step 4 Step 5 end show mls qos interface buffer or 10 percent of the buffers are allocated to queue 2. For percentage1 percentage2, the range is 0 to 100. Switch(config)# mls qos srr-queue input buffers 60 40 28-54 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 577
    Step 4 Step 5 end show mls qos interface 1 to 100. Separate each value with a space. SRR services the priority Switch(config)# mls qos srr-queue input priority-queue 2 bandwidth 0 Switch(config)# mls qos srr-queue input bandwidth 25 75 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 578
    full and dropping frames). SRR services the priority queue for its 3 Step 4 Step 5 end show mls qos interface queueing Switch(config)# mls qos srr-queue input priority-queue 1 bandwidth 10 Switch(config)# mls qos srr-queue input bandwidth 4 4 28-56 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 579
    Does the bandwidth of the port need to be rate limited? • How often should the egress queues be serviced and which technique (shaped, shared command. The queues use WTD to support distinct drop percentages for different traffic classes Catalyst 3560 Switch Software Configuration Guide 28-57
  • Cisco 3560G 48TS | Software Configuration Guide - Page 580
    end 100 port of the outbound traffic, and enter interface configuration mode. Map the port to a queue-set. For qset-id, enter the ID of the queue-set specified in Step 2. The range is 1 to 2. The default is 1. Return to privileged EXEC mode. 28-58 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 581
    port 100 200 Switch(config)# interface gigabitethernet0/1 Switch(config-if)# queue-set 2 Mapping DSCP or CoS Values to an Egress Queue and to a Threshold ID You can prioritize traffic by placing packets with particular DSCPs or costs of service Catalyst 3560 Switch Software Configuration Guide 28-59
  • Cisco 3560G 48TS | Software Configuration Guide - Page 582
    -id cos1...cos8 end show mls qos 3 and threshold 1. DSCP values 32-39 and 48-63 are mapped to queue 4 and threshold 1. 10 and 11 to egress queue 1 and to threshold 2: Switch(config)# mls qos srr-queue output dscp-map queue 1 threshold 2 10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 583
    Step 5 Step 6 end show mls qos interface the weights to control the percentage of the port that is shaped. The inverse ratio (1/weight) Switch(config)# interface gigabitethernet0/1 Switch(config-if)# srr-queue bandwidth shape 8 0 0 0 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 584
    queues mapped to a port. This procedure is Step 6 end show mls 3/(1+2+3+4), and 4/(1+2+3+4), which is 10 percent, 20 percent, 30 percent Switch(config)# interface gigabitethernet0/1 Switch(config-if)# srr-queue bandwidth share 1 2 3 4 28-62 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 585
    expedite queue. SRR services this queue until it is empty before servicing the other queues Switch(config-if)# priority-queue out Switch(config-if)# end Limiting the Bandwidth on an Egress Interface You can limit the bandwidth on an egress port Catalyst 3560 Switch Software Configuration Guide 28-63
  • Cisco 3560G 48TS | Software Configuration Guide - Page 586
    interface-id srr-queue bandwidth limit weight1 end show mls qos interface [interface-id] queueing port speed to which the port should be limited. The range is 10 to 90. By default, the port is not rate limited and is set to 100 28-64 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 587
    Note Do not use the show policy-map interface privileged EXEC command to display classification information for incoming traffic. The interface keyword is not supported, and the statistics shown in the display should be ignored. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 28-65
  • Cisco 3560G 48TS | Software Configuration Guide - Page 588
    Displaying Standard QoS Information Chapter 28 Configuring QoS 28-66 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 589
    EtherChannels work: • EtherChannel Overview, page 29-2 • Port-Channel Interfaces, page 29-3 • Port Aggregation Protocol, page 29-4 • Link Aggregation Control Protocol, page 29-5 • Load Balancing and Forwarding Methods, page 29-6 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 29-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 590
    Configuration Catalyst 8500 series switch Gigabit EtherChannel 1000BASE-X 1000BASE-X 10/100 Switched links 10/100 Switched links compatibly configured Ethernet ports. All ports in each EtherChannel must be configured as either Layer 2 or Layer 3 ports. For Catalyst 3560 switches, the number of
  • Cisco 3560G 48TS | Software Configuration Guide - Page 591
    configuration. To change the parameters of all ports in an EtherChannel, apply configuration commands to the port-channel interface, for example, spanning-tree commands or commands to configure a Layer 2 EtherChannel as a trunk. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 29-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 592
    mode to on (manual configuration). All ports configured in the on mode are bundled in the same group and are forced to have similar characteristics. If the group is misconfigured, packet loss or spanning-tree loops might occur. 29-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 593
    , LACP groups the ports with the same speed, duplex mode, native VLAN, VLAN range, and trunking status and type. After grouping the links into an EtherChannel, LACP adds the group to the spanning tree as a single switch port. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 29-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 594
    source and destination addresses. The selected mode applies to all EtherChannels configured on the switch. You configure the load balancing and forwarding method by using the port-channel load-balance global configuration command. 29-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 595
    A to IP address C, and from IP address C to IP address B could all use different ports in the channel. Different load-balancing methods have different advantages, and the choice of a particular load- in better load balancing. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 29-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 596
    changes applied to the port-channel interface apply to all the physical ports assigned to the port-channel interface, and configuration changes applied to the physical port affect only the port where you apply the configuration. 29-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 597
    disabled to avoid network loops and other problems. Follow these guidelines to avoid configuration problems: • More than 12 EtherChannels cannot be configured on a Catalyst 3560 switch. • Configure a PAgP EtherChannel with up to eight Ethernet ports of the same type. • Configure a LACP EtherChannel
  • Cisco 3560G 48TS | Software Configuration Guide - Page 598
    up to eight ports can be in standby mode. Assign all ports as static-access ports in the same VLAN, or configure them as trunks. If you configure the port as a static-access port, assign it to only one VLAN. The range is 1 to 4094. 29-10 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 599
    for the switch and its partner, see the "PAgP Modes" section on page 29-4 and the "LACP Modes" section on page 29-6. end Return to privileged port from the EtherChannel group, use the no channel-group interface configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 600
    interface configuration mode. For port-channel-number, the range is 1 to 12. Put the interface into Layer 3 mode. Assign an IP address and subnet mask to the EtherChannel. Return to privileged EXEC mode. Verify your entries. 29-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 601
    configure up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode. Ensure that there is no IP address assigned to the physical port. Put the port into Layer 3 mode. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 29-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 602
    port-channel-number (logical port) configured in the "Creating Port- end Return to privileged EXEC mode. show running-config Verify your entries. copy running-config startup-config (Optional) Save your entries in the configuration file. 29-14 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 603
    5 Command configure terminal port-channel load-balance {dst-ip | dst-mac | src-dst-ip | src-dst-mac | src-ip | src-mac} end show etherchannel load-balance , use the no port-channel load-balance global configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 29-15
  • Cisco 3560G 48TS | Software Configuration Guide - Page 604
    that only support address learning by physical ports, such as the Catalyst 1900 switch. When the link partner to the Catalyst 3560 switch is a physical learner (such as a Catalyst 1900 series switch), we recommend that you configure the Catalyst 3560 switch as a physical-port learner by using
  • Cisco 3560G 48TS | Software Configuration Guide - Page 605
    method must be configured the same at both ends of the link. Assign a priority so that the selected port is chosen for packet transmission. For priority, the priority and the switch MAC address) • LACP port priority • Port number 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 29-17
  • Cisco 3560G 48TS | Software Configuration Guide - Page 606
    in the configuration file. To return the LACP system priority to the default value, use the no lacp system-priority global configuration command. 29-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 607
    terminal interface interface-id Step 3 lacp port-priority priority Step 4 Step 5 Step 6 end show running-config or show lacp [ LACP port priority to the default value, use the no lacp port-priority interface configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 608
    line summary form. Also displays the load-balance or frame-distribution scheme, port, port-channel, and protocol information. Displays PAgP information such as traffic information, refer to the command reference for this release. 29-20 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 609
    configure IP unicast routing on the Catalyst 3560 switch. Basic routing functions, including static routing and the Routing Information Protocol (RIP), are available with both the standard multilayer software image (SMI) and the enhanced multilayer image (EMI). To use advanced routing features and
  • Cisco 3560G 48TS | Software Configuration Guide - Page 610
    VLAN. Figure 30-1 shows a basic routing topology. Switch A is in VLAN 10, and Switch B is in VLAN 20. The router has an destination. Static unicast routing forwards packets from predetermined ports through a single path into and out of a Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 611
    quickly to topology changes, but require greater bandwidth and more resources than distance-vector protocols. Distance-vector protocols supported by the Catalyst 3560 switch are Routing Information Protocol (RIP), which uses a single distance metric (cost) to determine the best path; Interior
  • Cisco 3560G 48TS | Software Configuration Guide - Page 612
    routing consists of several main procedures: • To support VLAN interfaces, create and configure VLANs on the switch, and assign VLAN membership to Layer 2 interfaces names defined. Domain lookup: Enabled. Domain name: Enabled. 30-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 613
    is enabled on default ports. Any-local-broadcast: Disabled receive an assigned network number, contact your Internet service provider. Beginning in privileged EXEC mode, follow subnet-mask no shutdown end Purpose Enter global configuration Catalyst 3560 Switch Software Configuration Guide 30-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 614
    subnet address of zero is strongly discouraged because of the problems that can arise if a network and a subnet have Step 5 Command configure terminal ip subnet-zero end show running-config copy running-config startup-config Purpose Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 615
    , follow these steps to disable classless routing: Step 1 Step 2 Step 3 Command configure terminal no ip classless end Purpose Enter global configuration mode. Disable classless routing behavior. Return to privileged EXEC mode. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 30-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 616
    to the Cisco IOS Configuration Fundamentals Configuration Guide for Release 12.1. You can perform these tasks to configure address resolution: • Define a Static ARP Cache, page 30-9 • Set ARP Encapsulation, page 30-10 • Enable Proxy ARP, page 30-10 30-8 Catalyst 3560 Switch Software Configuration
  • Cisco 3560G 48TS | Software Configuration Guide - Page 617
    between IP addresses and MAC addresses. Because most hosts support dynamic address resolution, you usually do not need to 4 interface interface-id Step 5 arp timeout seconds Step 6 end Step 7 show interfaces [interface-id] Step 8 Step 9 show Catalyst 3560 Switch Software Configuration Guide 30-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 618
    terminal interface interface-id Step 3 Step 4 Step 5 Step 6 ip proxy-arp end show ip interface [interface-id] copy running-config startup-config Purpose Enter global configuration ip proxy-arp interface configuration command. 30-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 619
    Proxy ARP" section on page 30-10. Proxy ARP works as long as other routers support it. Default Gateway Another method for 4 Command configure terminal ip default-gateway ip-address end show ip redirects Step 5 copy running-config startup- Catalyst 3560 Switch Software Configuration Guide 30-11
  • Cisco 3560G 48TS | Software Configuration Guide - Page 620
    seconds Step 8 ip irdp preference number Step 9 Step 10 Step 11 Step 12 ip irdp address address [number] end show ip irdp copy running-config startup-config Purpose (Optional) Save your entries in the configuration file. 30-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 621
    manually Port-Based problem is to use a single broadcast address scheme on a network. In most modern IP implementations, you can set the address to be used as the broadcast address. Many implementations, including the one in the Catalyst 3560 switch, support to denial-of-service attacks. You
  • Cisco 3560G 48TS | Software Configuration Guide - Page 622
    The description for the ip forward-protocol interface configuration command in the Cisco IOS IP and IP Routing Command Reference for Release 12.1 lists the ports that are forwarded by default if you do not specify any UDP ports. 30-14 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 623
    mode. ip forward-protocol {udp [port] | nd | sdns} Specify which protocols the router forwards when forwarding broadcast packets. end Return to privileged EXEC mode. show ip broadcast-address interface configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 30-15
  • Cisco 3560G 48TS | Software Configuration Guide - Page 624
    4 Step 5 Command configure terminal ip forward-protocol spanning-tree end show running-config copy running-config startup-config Purpose Enter global is supported over Ethernet interfaces configured for ARP encapsulation. 30-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 625
    Command configure terminal ip forward-protocol turbo-flood end show running-config copy running-config startup-config lookup service, name server hosts, and the cached list of host names and addresses. Display IP addresses mapped to TCP ports Catalyst 3560 Switch Software Configuration Guide 30-17
  • Cisco 3560G 48TS | Software Configuration Guide - Page 626
    to sections later in this chapter and to the Cisco IOS IP and IP Routing Configuration Guide for Release 12.1. Note The SMI supports only RIP as a routing protocol Return to • Configuring Protocol-Independent Features, page 30-63 30-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 627
    , published by Cisco Press. Note RIP is the only routing protocol supported by the SMI; other routing protocols require running the EMI. Using RIP, the switch sends routing information IP split horizon Varies with media. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 30-19
  • Cisco 3560G 48TS | Software Configuration Guide - Page 628
    routing table. The default is 180 seconds. • flush-The amount of time for which routing updates are postponed. The default is 240 seconds. 30-20 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 629
    10 no validate-update-source Step 11 output-delay delay Step 12 Step 13 Step 14 end show ip protocols copy running-config startup-config Purpose (Optional) Configure the switch page 30-76. The switch supports two modes of authentication on Catalyst 3560 Switch Software Configuration Guide 30-21
  • Cisco 3560G 48TS | Software Configuration Guide - Page 630
    5 Step 6 Step 7 end show running-config interface [ end Return to privileged EXEC mode. show ip interface interface-id Verify your entries. copy running-config startup-config (Optional) Save your entries in the configuration file. 30-22 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 631
    has more than one connection to an external network, different routers can choose different exterior routers as the gateway of last resort. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 30-23
  • Cisco 3560G 48TS | Software Configuration Guide - Page 632
    Split Horizon, page 30-27 Note To enable IGRP, the switch must be running the EMI. Default IGRP Configuration Table 30-5 shows the default IGRP configuration . 100 hops. None defined. None specified. Disabled. None set in route map. 30-24 Catalyst 3560 Switch Software Configuration Guide 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 633
    routes with higher metrics. Use the traffic-share router configuration command to control distribution of traffic among multiple routes of unequal cost. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 30-25
  • Cisco 3560G 48TS | Software Configuration Guide - Page 634
    , refer to the Cisco IOS IP and IP Routing Configuration Guide for Release 12.1. delays and the lowest segment bandwidth for a given route. • tos-Type of services; the default is 0. • k1-k5-Constants that convert a metric vector into Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 635
    10 no validate-update-source Step 11 variance multiplier Step 12 traffic-share {balanced | min} Step 13 Step 14 Step 15 end exceeding this diameter are not advertised. The default is 100 hops; the maximum is 255 hops. (Optional) Disable Catalyst 3560 Switch Software Configuration Guide 30-27
  • Cisco 3560G 48TS | Software Configuration Guide - Page 636
    ip-address subnet-mask no ip split-horizon end show ip interface interface-id copy running-config startup Cisco IOS IP and IP Routing Command Reference for Release 12.1. Note OSPF classifies different media into broadcast, nonbroadcast, and point-to-point networks. The Catalyst 3560 switch supports
  • Cisco 3560G 48TS | Software Configuration Guide - Page 637
    page 30-36 Note To enable OSPF, the switch must be running the EMI. Default OSPF Configuration Table 30-6 shows the 100 Mbps. Disabled. When enabled, the default metric setting is 10, and the external route type default is Type 2. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 638
    Disabled. 240 seconds. spf delay: 5 seconds. spf-holdtime: 10 seconds. No area ID or router ID defined. Hello interval: 10 seconds. Retransmit interval: 5 seconds. Transmit delay: 1 second. routing process has a unique value. 30-30 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 639
    Step 3 network address wildcard-mask area area-id Step 4 Step 5 Step 6 end show ip protocols copy running-config startup-config Purpose Define an interface on which OSPF range is 1 to 65535 seconds. The default is 10 seconds. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 30-31
  • Cisco 3560G 48TS | Software Configuration Guide - Page 640
    ospf authentication-key key Step 10 ip ospf message digest-key keyid md5 key Step 11 ip ospf database-filter all out Step 12 Step 13 Step 14 end show ip ospf interface [interface routing, and enter router configuration mode. 30-32 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 641
    Use this command only with area border routers. Step 8 end Return to privileged EXEC mode. Step 9 show ip ospf [ related to the OSPF database for a specific router. Step 10 copy running-config startup-config (Optional) Save your entries in Catalyst 3560 Switch Software Configuration Guide 30-33
  • Cisco 3560G 48TS | Software Configuration Guide - Page 642
    interface. The metric is calculated as ref-bw divided by bandwidth, where ref is 10 by default, and bandwidth (bw) is determined by the bandwidth interface configuration command. of hello packets through the specified interface. 30-34 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 643
    Send syslog message when a neighbor state changes. Step 12 end Return to privileged EXEC mode. Step 13 show ip ospf have a very small database (40 to 100 LSAs), increasing the pacing interval to 10 to 20 minutes might benefit you slightly. Catalyst 3560 Switch Software Configuration Guide 30-35
  • Cisco 3560G 48TS | Software Configuration Guide - Page 644
    configure terminal interface loopback 0 ip address address mask end show ip interface copy running-config startup-config Purpose of fields in the resulting display, refer to the Cisco IOS IP and IP Routing Command Reference for Release Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 645
    width is 224 hops. Because the EIGRP metric is large enough to support thousands of hops, the only barrier to expanding the network is the . As long as hello packets are received, the Cisco IOS software can determine that a neighbor is alive 01 Catalyst 3560 Switch Software Configuration Guide 30-37
  • Cisco 3560G 48TS | Software Configuration Guide - Page 646
    the switch must be running the EMI. 100 percent reliability). • Loading: effective bandwidth as a number between 0 and 255 (255 is 100 percent loading). • MTU: maximum transmission unit size of the route in bytes. 0 or any positive integer. 30-38 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 647
    , and enter router configuration mode. The AS number identifies the routes to other EIGRP routers and is used to tag routing information. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 30-39
  • Cisco 3560G 48TS | Software Configuration Guide - Page 648
    experienced network designer. Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 offset list [access-list number | name] {in | address mask (Optional) Configure a summary aggregate. end Return to privileged EXEC mode. show ip protocols 40 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 649
    networks. Caution Do not adjust the hold time without consulting Cisco technical support. Step 7 Step 8 Step 9 Step 10 no ip split-horizon eigrp autonomous-system-number (Optional) configuration mode, identify the key string. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 30-41
  • Cisco 3560G 48TS | Software Configuration Guide - Page 650
    1, 1993. The default end-time and duration is infinite. Step 10 send-lifetime start-time {infinite | end-time | duration (Optional of fields in the resulting display, refer to the Cisco IOS IP and IP Routing Command Reference for Release Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 651
    IBGP, and Multiple Autonomous Systems AS 100 Router A Router D AS 300 129.213.1.2 EBGP Router B 129.213.1.1 175.220.212.1 IBGP 192.208.10.1 EBGP 192.208.10.2 Router C 175.220.1.2 AS loop-free map of autonomous systems. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 30-43
  • Cisco 3560G 48TS | Software Configuration Guide - Page 652
    BGP attributes. BGP Version 4 supports classless interdomain routing (CIDR) so Cisco IOS IP and IP Routing Configuration Guide. For details about specific commands, refer to the Cisco IOS IP and IP Routing Command Reference for Release 12.1. 30-44 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 653
    supported by the switch, see Appendix C, "Unsupported Commands in Cisco IOS Release 12.1(19)EA1." Default BGP Configuration Table 30-10 BGP Fast external fallover Enabled. BGP local preference 100. The range is 0 to 4294967295 with the -01 Catalyst 3560 Switch Software Configuration Guide 30-45
  • Cisco 3560G 48TS | Software Configuration Guide - Page 654
    Configuring BGP Chapter 30 Configuring IP Unicast Routing Table 30-10 Default BGP Configuration (continued) Feature IP prefix list Multi exit . None configured. Enabled. Disabled. Keepalive: 60 seconds; holdtime: 180 seconds. 30-46 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 655
    same AS. The switch supports the use of private AS numbers, usually assigned by service providers and given to converge more quickly. Note To enable BGP, the switch must be running the EMI. Beginning in privileged EXEC mode, follow these steps Catalyst 3560 Switch Software Configuration Guide 30-47
  • Cisco 3560G 48TS | Software Configuration Guide - Page 656
    Step 10 Step 11 Step 12 end show Switch(config)# router bgp 100 Switch(config-router)# neighbor 129.213.1.1 remote-as 200 Router B: Switch(config)# router bgp 200 Switch(config-router)# neighbor 129.213.1.2 remote-as 100 Switch 10 30-48 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 657
    reset Does not clear the BGP session and cache Both BGP routers must support the route Does not require storing of routing table updates refresh capability (in Cisco IOS Release 12.1 and has no memory overhead and later). 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 30-49
  • Cisco 3560G 48TS | Software Configuration Guide - Page 658
    inserts that path in the IP routing table. If BGP multipath support is enabled and the EBGP paths are learned from the same 2. Prefer the path with the largest weight (a Cisco proprietary parameter). The weight attribute is local to the Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 659
    AS. The default value of the local preference attribute is 100. You can set local preference by using the bgp default the destination (the shortest path to the BGP next-hop). 10. If the following conditions are all true, insert the route for Catalyst 3560 Switch Software Configuration Guide 30-51
  • Cisco 3560G 48TS | Software Configuration Guide - Page 660
    med confed Step 10 bgp deterministic med Step end show ip bgp show ip bgp neighbors copy running-config startup-config Purpose (Optional) Configure the switch to 4294967295; the default value is 100. The highest local preference value is Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 661
    . On both inbound and outbound updates, matching is supported based on AS path, community, and network numbers | peer-group name} route-map map-tag {in | out} end Purpose Enter global configuration mode. Enable a BGP routing process, assign it Catalyst 3560 Switch Software Configuration Guide 30-53
  • Cisco 3560G 48TS | Software Configuration Guide - Page 662
    Expressions" appendix in the Cisco IOS Dial Services Command Reference for more information } {in | out | weight weight} end show ip bgp neighbors [paths regular-expression] lists, incremental update support, easier CLI configuration, Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 663
    assign a sequence permit network/len [ge ge-value] [le le-value] number to the entry. end Return to privileged EXEC mode. show ip prefix list [detail | summary] name Verify the configuration the local autonomous system. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 30-55
  • Cisco 3560G 48TS | Software Configuration Guide - Page 664
    bytes long. The Cisco default community format end Return to privileged EXEC mode. Step 9 show ip bgp community Verify the configuration. Step 10 copy running-config startup-config (Optional) Save your entries in the configuration file. 30-56 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 665
    ip-address | peer-group-name} remote-as number Step 6 Step 7 Step 8 Step 9 Step 10 neighbor {ip-address | peer-group-name} description text neighbor {ip-address | peer-group-name} interval between sending BGP routing updates. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 30-57
  • Cisco 3560G 48TS | Software Configuration Guide - Page 666
    inbound (Optional) Configure the software to start storing received updates. Step 24 end Return to privileged EXEC mode. Step 25 show ip bgp neighbors Verify the no neighbor shutdown router configuration command. 30-58 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 667
    Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 aggregate-address address-mask summary-only aggregate-address address aggregate-address address mask attribute-map map-name end show ip bgp neighbors [advertised-routes] copy -16156-01 Catalyst 3560 Switch Software Configuration Guide 30-59
  • Cisco 3560G 48TS | Software Configuration Guide - Page 668
    that belong to the confederation and that will be treated as special EBGP peers. end Return to privileged EXEC mode. show ip bgp neighbor Verify the configuration. show ip have identical sets of client and nonclient peers. 30-60 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 669
    dampening. bgp dampening half-life reuse suppress max-suppress [route-map map] (Optional) Change the default values of route dampening factors. end Return to privileged EXEC mode time remaining before they are suppressed. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 30-61
  • Cisco 3560G 48TS | Software Configuration Guide - Page 670
    8 Step 9 Step 10 Command clear ip bgp determine resource utilization and solve network problems. You can also display information about explanations of the display fields, refer to the Cisco IOS IP and IP Routing Command Reference for Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 671
    can cause traffic to be process switched using the routing table, instead of fast switched using the route cache. CEF use the Forwarding Information Base (FIB) lookup table to perform destination-based switching of IP packets. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 30-63
  • Cisco 3560G 48TS | Software Configuration Guide - Page 672
    interface-id Step 3 Step 4 Step 5 Step 6 Step 7 ip route-cache cef end show ip cef show cef linecard [detail] show cef interface [interface-id] Step 8 of parallel paths supported by an IP routing protocol in its routing table. 30-64 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 673
    rip | ospf | igrp | eigrp} maximum-paths maximum Step 4 Step 5 Step 6 end show ip protocols copy running-config startup-config Purpose Enter global configuration mode. Enter router configuration that of the dynamic protocol. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 30-65
  • Cisco 3560G 48TS | Software Configuration Guide - Page 674
    Internal Enhanced IGRP IGRP OSPF RIP Internal BGP Unknown Default Distance 0 1 5 20 90 100 110 120 200 225 Static routes that point to an interface are advertised through RIP, the network 0.0.0.0 through the appropriate device. 30-66 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 675
    network number end show ip Cisco instruct the switch to readvertise IGRP-derived routes by using RIP or to readvertise static routes by using IGRP. Redistributing information from one routing protocol to another applies to all supported Catalyst 3560 Switch Software Configuration Guide 30-67
  • Cisco 3560G 48TS | Software Configuration Guide - Page 676
    [...type number] Match the specified next hop route out one of the specified interfaces. Step 10 match ip route-source {access-list-number | access-list-name} [...access-list-number | Type 1 or Type 2) or EIGRP external routes. 30-68 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 677
    20 set metric-type internal Step 21 set weight Step 22 end Step 23 show route-map Step 24 copy running-config startup-config as a number between 0 and 255, where 255 means 100 percent reliability and 0 means no reliability. • loading- Catalyst 3560 Switch Software Configuration Guide 30-69
  • Cisco 3560G 48TS | Software Configuration Guide - Page 678
    delay reliability loading mtu Step 6 no default-information {in | out} Step 7 end Step 8 show route-map Step 9 copy running-config startup-config Purpose Enter global configuration protocols if a default mode is in effect. 30-70 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 679
    or an end station. The Cisco IOS IP and IP Routing Command Reference for Release 12.1. For a list of PBR commands that are visible but not supported by the switch, see Appendix C, "Unsupported Commands in Cisco IOS Release 12.1(19)EA1." 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 680
    policy-routed. When you globally enable local PBR on the switch, all packets that originate on the switch are subject to local PBR. Local PBR is disabled by default. Note To enable PBR, the switch must be running the EMI. 30-72 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 681
    by the switch and not to incoming packets. Return to privileged EXEC mode. (Optional) Display all route maps configured or only the one specified to verify configuration. (Optional) Display policy route maps attached to interfaces. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 30
  • Cisco 3560G 48TS | Software Configuration Guide - Page 682
    interface. In networks with many interfaces, to avoid having to manually set them as passive, you can set all interfaces to type Step 6 network network-address Step 7 end Step 8 copy running-config startup-config Purpose 30-74 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 683
    . The default keyword is useful in Internet service provider and large enterprise networks where many of -list-number | access-list-name} in [type-number] end copy running-config startup-config Purpose Enter global configuration mode. Enter 01 Catalyst 3560 Switch Software Configuration Guide 30-75
  • Cisco 3560G 48TS | Software Configuration Guide - Page 684
    {ip-address mask}} [ip access list] Step 4 end Step 5 show ip protocols Step 6 copy running-config distance as an integer from 10 to 255. Used alone, use. You can configure multiple keys with life times. Only one authentication packet is Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 685
    acceptable date as January 1, 1993. The default end-time and duration is infinite. end Return to privileged EXEC mode. show key chain used to switch IP traffic. Display all route maps configured or only the one specified. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 30-77
  • Cisco 3560G 48TS | Software Configuration Guide - Page 686
    Monitoring and Maintaining the IP Network Chapter 30 Configuring IP Unicast Routing 30-78 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 687
    page 31-3 • Displaying HSRP Configurations, page 31-10 Understanding HSRP HSRP is Cisco's standard method of providing high network availability by supports HSRP, including Catalyst 3560 routed ports and switch virtual interfaces (SVIs). 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 688
    B to provide uninterrupted service to users on Host C's segment that need to communicate with users on Host B's segment and also continues to perform its normal function of handling packets between the Host A segment and Host B. 31-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 689
    -4 • HSRP Configuration Guidelines, page 31-4 • Enabling HSRP, page 31-5 • Configuring HSRP Group Attributes, page 31-6 • Configuring HSRP Groups and Clustering, page 31-9 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 31-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 690
    XX is the HSRP group number 100 0 (no delay) 10 3 seconds 10 seconds HSRP Configuration Guidelines Follow these 3 interfaces: - Routed port: a physical port configured as a Layer 3 port by entering the no switchport 10-19. 31-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 691
    HSRP for group 1 on a port. The IP address used by the Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# no switchport Switch(config-if)# standby 1 ip Switch(config-if)# end Switch# show standby 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 692
    priority on the device on which tracking has been configured decreases by 10. If an interface is not tracked, its state changes do not services. To solve this problem, configure a delay time to allow the router to update its routing table. 31-6 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 693
    the default is 100. • (Optional 10. end Return to privileged EXEC mode. show running-config Verify the configuration of the standby groups. copy running-config startup-config (Optional) Save your entries in the configuration file. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 694
    ] interface configuration command to remove the tracking. This example activates a port, sets an IP address and a priority of 120 (higher than the string is cisco. (Optional) group-number-The group number to which the command applies. 31-8 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 695
    255; the default is 10 seconds. Return to switch and routing redundancy. If you create a cluster with the same HSRP standby group name without entering the routing-redundancy keyword, HSRP standby routing is disabled for the group. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 696
    Hellotime 3 holdtime 10 Next hello sent in 00:00:02.262 Hot standby IP address is 172.20.138.51 configured Active router is local Standby router is unknown expired Standby virtual mac address is 0000.0c07.ac64 Name is test 31-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 697
    Catalyst 3560 switch. IP multicasting is a more efficient way to use network resources, especially for bandwidth-intensive services switch must be running the enhanced multilayer image (EMI). Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco
  • Cisco 3560G 48TS | Software Configuration Guide - Page 698
    The software supports PIM-to-DVMRP interaction. • Cisco Group Management Protocol (CGMP) is used on Cisco routers and multilayer switches connected to Layer 2 Catalyst switches to perform a time. How active a multicast group is and 32-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 699
    Chapter 32 Configuring IP Multicast Routing Understanding Cisco's Implementation of IP Multicast Routing what members it has can vary from group to group and , Version 2 • draft-ietf-pim-v2-dm-03.txt, PIM Version 2 Dense Mode 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 32-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 700
    Understanding Cisco's Implementation of IP Multicast Routing Chapter 32 Configuring IP Multicast Routing PIM Versions PIMv2 includes these improvements must send their traffic to the RP so that the traffic reaches all receivers. 32-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 701
    the network to all routers and switches, which store the RP information in the BSR message in their local RP cache. The routers and switches select the same RP for a given group because they all use a common RP hashing algorithm. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 32-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 702
    . Gigabit Ethernet 0/2 Gigabit Ethernet 0/4 101242 Table 32-1 Routing Table Example for an RPF Check Network 151.10.0.0/16 198.14.32.0/32 204.1.16.0/24 Port Gigabit Ethernet 0/1 Gigabit Ethernet 0/3 Gigabit Ethernet 0/4 32-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 703
    IGMP Snooping and MVR.") CGMP is necessary because the Layer 2 switch cannot distinguish between IP multicast data packets and IGMP report messages, which are both at the MAC-level and are addressed to the same group address. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 32-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 704
    -RP and BSR Configuration Guidelines, page 32-9 PIMv1 and PIMv2 Interoperability The Cisco PIMv2 implementation provides interoperability and transition between Version 1 and Version 2, although there might be some minor problems. 32-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 705
    and multilayer switches, both Auto-RP and a BSR are required. We recommend that a Cisco PIMv2 device be both the Auto-RP mapping agent and the BSR. For more information, see the "Using Auto-RP and a BSR" section on page 32-21. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 32-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 706
    must be one of the following: • A routed port: a physical port that has been configured as a Layer 3 port by entering the no switchport interface configuration command. • "PIMv1 and PIMv2 Interoperability" section on page 32-8. 32-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 707
    | sparse-dense-mode} Step 6 Step 7 Step 8 end show running-config copy running-config startup-config Purpose Enable • Manually Assigning an RP to Multicast Groups, page 32-11 • Configuring Auto-RP, page 32-13 (a standalone, Cisco-proprietary Catalyst 3560 Switch Software Configuration Guide 32-11
  • Cisco 3560G 48TS | Software Configuration Guide - Page 708
    configuration file. To remove an RP address, use the no ip pim rp-address ip-address [access-list-number] [override] global configuration command. 32-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 709
    the distribution of group-to-RP mappings to all Cisco routers and multilayer switches in a PIM network. It has these benefits: manual RP configurations on every router and multilayer switch in a PIM network, which can cause connectivity problems Catalyst 3560 Switch Software Configuration Guide 32-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 710
    -id, enter the interface type and number that identifies the RP address. Valid interfaces include physical ports, port channels, and VLANs. • For scope ttl, specify the time-to-live value in hops. Enter statement for everything. 32-14 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 711
    problem can be addressed later. In those routers or multilayer switches RP to support the two Switch(config)# ip pim accept-rp 172.10.20.1 1 Switch(config)# access-list 1 permit 224.0.1.39 Switch(config)# access-list 1 permit 224.0.1.40 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 712
    router from masquerading as a candidate RP and causing problems. Beginning in privileged EXEC mode, follow these source [source-wildcard] Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Enter Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 713
    Step 6 end show instructs the switch to neither send or receive PIMv2 BSR messages on this interface as shown in Figure 32-3. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 714
    id Step 4 Step 5 Step 6 Step 7 ip multicast boundary access-list-number end show running-config copy running-config startup-config Purpose Enter global configuration mode. Create a ) Save your entries in the configuration file. 32-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 715
    a priority of 10. Switch(config)# interface gigabitethernet0/2 Switch(config-if)# ip address 172.21.24.18 255.255.255.0 Switch(config-if)# ip pim sparse-dense-mode Switch(config-if)# ip pim bsr-candidate gigabitethernet0/2 30 10 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 32-19
  • Cisco 3560G 48TS | Software Configuration Guide - Page 716
    consider these options: • In a network of Cisco routers and multilayer switches where only Auto-RP is used, any end show running-config copy running-config startup-config Purpose Enter global configuration mode. Configure your switch Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 717
    ip pim rp-hash group Purpose On any Cisco device, display the available RP mappings. • switch, confirm that the same RP is the one that a PIMv1 system chooses. For group, enter the group address for which to display RP information. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 718
    ] displays how the switch learns of the RP (through the BSR or the Auto-RP mechanism). Troubleshooting PIMv1 and PIMv2 Interoperability Problems When debugging interoperability problems between PIMv1 and PIMv2 to the shared tree. 32-22 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 719
    type of distribution tree is called a shortest-path tree or source tree. By default, the software switches to a source tree upon receiving the first data packet from a source. This process describes the " section on page 32-24. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 32-23
  • Cisco 3560G 48TS | Software Configuration Guide - Page 720
    shared tree, never switching to the source tree. • (Optional) For group-list access-list-number, specify the access list created in Step 2. If the value is 0 or if the group-list is not used, the threshold applies to all groups. 32-24 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 721
    interface-id Step 3 ip pim query-interval seconds Step 4 Step 5 Step 6 end show ip igmp interface [interface-id] copy running-config startup-config Purpose Enter global -interval [seconds] interface configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 32-25
  • Cisco 3560G 48TS | Software Configuration Guide - Page 722
    all interfaces. 60 seconds on all interfaces. 10 seconds on all interfaces. Disabled. Configuring the Switch as a Member of a Group You can configure the switch as a member of a multicast group and traffic for the group address. 32-26 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 723
    group-address end show serviced by an interface can join. By default, all groups are allowed on an interface. For access-list-number, specify an IP standard access list number. The range is 1 to 99. Return to global configuration mode. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 724
    the IGMP version that the switch uses. Note If you change to Version 1, you cannot configure the ip igmp query-interval or the ip igmp query-max-response-time interface configuration commands. Return to privileged EXEC mode. 32-28 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 725
    interface-id Step 3 ip igmp query-interval seconds Step 4 Step 5 Step 6 end show ip igmp interface [interface-id] copy running-config startup-config Purpose Enter global query-interval interface configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 32-29
  • Cisco 3560G 48TS | Software Configuration Guide - Page 726
    -response-time seconds Step 4 Step 5 Step 6 end show ip igmp interface [interface-id] copy running 10 seconds. The range is 1 to 25. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 32-30 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 727
    set up: - Enabling CGMP Server Support, page 32-32 (optional) - Configuring sdr Listener Support, page 32-33 (optional) • Features that control bandwidth utilization: - Configuring an IP Multicast Boundary, page 32-34 (optional) 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 32-31
  • Cisco 3560G 48TS | Software Configuration Guide - Page 728
    devices are connected to a switched network and the ip cgmp proxy command is needed, we recommend that all devices be configured with the same CGMP option and have precedence for becoming the IGMP querier over non-Cisco routers. 32-32 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 729
    group address and port are being end support. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To disable sdr support, use the no ip sdr listen interface configuration command. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 730
    ip sdr cache-timeout minutes Step 3 Step 4 Step 5 end show running-config copy running-config startup-config Purpose Enter domains; however, TTL thresholds are not supported by the switch. You should use multicast boundaries instead of Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 731
    -id Step 4 Step 5 Step 6 Step 7 ip multicast boundary access-list-number end show running-config copy running-config startup-config Purpose Enter global configuration mode. Create a your entries in the configuration file. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 32-35
  • Cisco 3560G 48TS | Software Configuration Guide - Page 732
    mrouted Version 3.8 (which implements a nonpruning version of DVMRP) when Cisco routers and multilayer switches are directly connected to DVMRP routers or interoperate with DVMRP routers over process to be advertised into DVMRP. 32-36 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 733
    routes from the DVMRP routing table to be advertised with the configured metric or filtered. end Return to privileged EXEC mode. show running-config Verify your entries. copy running-config they are injected into DVMRP. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 32-37
  • Cisco 3560G 48TS | Software Configuration Guide - Page 734
    if the tunnel has a different network number from the subnet. In this case, the software advertises only the network number through the tunnel. 32-38 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 735
    ] ip dvmrp accept-filter access-list-number [distance] neighbor-list access-list-number Step 10 end Purpose Enter global configuration mode. Create a standard access list, repeating the command as many to privileged EXEC mode. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 32-39
  • Cisco 3560G 48TS | Software Configuration Guide - Page 736
    192.168.1.10. Any packets sent through the tunnel are encapsulated in an outer IP header. The Cisco switch is configured to accept incoming DVMRP reports with a distance of 100 from 198 routes other than 0.0.0.0 are advertised. 32-40 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 737
    Features Step 4 Step 5 Step 6 Command end show running-config copy running-config startup-config cloud. PIM uses this information; however, Cisco routers and multilayer switches do not implement DVMRP to forward multicast packets 16156-01 Catalyst 3560 Switch Software Configuration Guide 32-41
  • Cisco 3560G 48TS | Software Configuration Guide - Page 738
    as peers, regardless of their DVMRP capability. However, some non-Cisco devices run old versions of DVMRP that cannot prune, so they continuously receive forwarded packets, wasting bandwidth. Figure 32-6 shows this scenario. 32-42 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 739
    connected to the nonpruning machine as shown in Figure 32-7. In this case, when the switch receives DVMRP probe or report message without the prune-capable flag set, the switch logs a syslog message and discards the message. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 32-43
  • Cisco 3560G 48TS | Software Configuration Guide - Page 740
    -id Step 3 Step 4 Step 5 Step 6 ip dvmrp reject-non-pruners end show running-config copy running-config startup-config Purpose Enter global configuration mode. Specify dvmrp reject-non-pruners interface configuration command. 32-44 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 741
    tune the Cisco device advertisements -48 (optional) • Adding a Metric Offset to the DVMRP Route, page 32-48 3 Step 4 Step 5 end show running-config copy running- the DVMRP Route Threshold By default, 10,000 DVMRP routes can be received per Catalyst 3560 Switch Software Configuration Guide 32-45
  • Cisco 3560G 48TS | Software Configuration Guide - Page 742
    end (176.32.10.0/24 and 176 address as Fast Ethernet port 1 and falls into Cisco router tunnel interface. As a result, the Cisco router sends only a single summarized Class B advertisement for network 176.32.0.0.16 from the unicast routing table. 32-46 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 743
    10 8 Cisco router Dist 0 0 Fast 0 Ethernet 0/1 176.32.10.0/24 Unicast Routing Table (10,000 Routes) Network Intf Metric Dist 176.13.10 metric value] Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Catalyst 3560 Switch Software Configuration Guide 32-47
  • Cisco 3560G 48TS | Software Configuration Guide - Page 744
    dvmrp auto-summary end show running- switch B because it is a faster path, you can apply a metric offset to the route learned by switch A to make it larger than the metric learned by switch B, and you can choose the path through switch B. 32-48 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 745
    3 ip dvmrp metric-offset [in | out] increment Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Specify the • Monitoring IP Multicast Routing, page 32-51 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 32-49
  • Cisco 3560G 48TS | Software Configuration Guide - Page 746
    table. Display the multicast groups that are directly connected to the switch and that were learned through IGMP. Display multicast-related information about an interface. Display the contents of the IP fast-switching cache. 32-50 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 747
    switch about which neighboring multicast devices are peering with it. Display IP multicast packet rate and loss information. Trace the path from a source to a destination branch for a multicast distribution tree for a given group. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 748
    Monitoring and Maintaining IP Multicast Routing Chapter 32 Configuring IP Multicast Routing 32-52 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 749
    the Multicast Source Discovery Protocol (MSDP) on the Catalyst 3560 switch. The MSDP connects multiple Protocol-Independent Multicast sparse-mode (PIM-SM) domains. MSDP is not fully supported in this software release because of a lack of support for Multicast Border Gateway Protocol (MBGP), which
  • Cisco 3560G 48TS | Software Configuration Guide - Page 750
    the RPF peer. For information on how to configure an MSDP peer when BGP and MBGP are not supported, see the "Configuring a Default MSDP Peer" section on page 33-4. If the MSDP peer receives the in the remote domain to the receiver. 33-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 751
    with only receivers can receive data without globally advertising group membership. • Global source multicast routing table state is not required, saving memory. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 33-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 752
    BGP and MBGP are not supported, you cannot configure an MSDP peer on the local switch by using the ip msdp 33-2, a customer who owns Switch B is connected to the Internet through two Internet service providers (ISPs), one owning Router Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 753
    SA Router A Default MSDP peer ISP C PIM domain 10.1.1.1 Switch B Default MSDP peer 86515 ISP A PIM domain different RP prefixes. This syntax is typically used in a service provider cloud that connects stub site clouds. When you enter Catalyst 3560 Switch Software Configuration Guide 33-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 754
    } text end show running 10.1.1.1 Router(config)# ip msdp default-peer 10.1.1.1 prefix-list site-a Router(config)# ip prefix-list site-b permit 10.0.0.0/1 Router C Router(config)# ip msdp default-peer 10 switch to cache SA messages. 33-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 755
    by an implicit deny statement for everything. end Return to privileged EXEC mode. show running-config Switch(config)# ip msdp cache-sa-state 100 Switch(config)# access-list 100 permit ip 171.69.0.0 0.0.255.255 224.2.0.0 0.0.255.255 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 756
    name} end show running-config copy running-config startup-config Purpose Enter global configuration mode. Configure the switch to switch to send SA request messages to the MSDP peer at 171.69.1.1: Switch(config)# ip msdp sa-request 171.69.1.1 33-8 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 757
    list. The range is 1 to 99 for standard access lists and 100 to 199 for extended lists. The access list controls which local sources switch advertises (S,G) pairs according to the access list or autonomous system path access list. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 758
    necessary. • For access-list-number, the range is 1 to 99 for standard access lists and 100 to 199 for extended lists. Enter the same number created in Step 2. • The deny keyword ip msdp redistribute global configuration command. 33-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 759
    source [source-wildcard] Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Switch(config)# ip msdp filter sa-request 171.69.2.2 list 1 Switch(config)# access-list 1 permit 192.4.22.0 0.0.0.255 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 760
    list access-list-number extended access list. The range for the extended access-list-number is 100 to 199. If both the list and the route-map keywords are used, all conditions must through the filter. A deny filters routes. 33-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 761
    end Switch(config)# ip msdp peer switch.cisco.com connect-source gigabitethernet0/1 Switch(config)# ip msdp sa-filter out switch.cisco.com list 100 Switch(config)# access-list 100 permit ip 171.69.0.0 0.0.255.255 224.20 0 0.0.255.255 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 762
    are forwarded to the peer until the TTL is exhausted. The range is 0 to 255. end Return to privileged EXEC mode. show running-config Verify your entries. copy running-config startup- based on match criteria in a route map 33-14 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 763
    access-list-number is 100 to 199. If both for everything. end Return to switch.cisco.com: Switch(config)# ip msdp peer switch.cisco.com connect-source gigabitethernet0/1 Switch(config)# ip msdp sa-filter in switch.cisco.com 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 764
    Step 5 Step 6 Command configure terminal ip msdp mesh-group name {ip-address | name} end show running-config copy running-config startup-config Purpose Enter global configuration mode. Configure an MSDP information for the peer. 33-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 765
    list-name] [asn aspath-access-list-number] [route-map map] end Purpose Enter global configuration mode. Configure the switch on the border between a dense-mode and sparse-mode region to send 33-9. Return to privileged EXEC mode. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 33-17
  • Cisco 3560G 48TS | Software Configuration Guide - Page 766
    Command configure terminal ip msdp originator-id interface-id Step 3 Step 4 Step 5 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Configures the global configuration command. 33-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 767
    sessions. Clears the SA cache entries for all entries, all sources for a specific group, or all entries for a specific source/group pair. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 33-19
  • Cisco 3560G 48TS | Software Configuration Guide - Page 768
    Monitoring and Maintaining MSDP Chapter 33 Configuring MSDP 33-20 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 769
    bridging (VLAN bridging) on the Catalyst 3560 switch. With fallback bridging, you can forward non-IP packets that the switch does not route between VLAN bridge domains and routed ports. To use this feature, the switch must be running the enhanced multilayer image (EMI). Note For complete syntax and
  • Cisco 3560G 48TS | Software Configuration Guide - Page 770
    on your switch: • Default Fallback Bridging Configuration, page 34-3 • Fallback Bridging Configuration Guidelines, page 34-3 • Creating a Bridge Group, page 34-3 (required) • Adjusting Spanning-Tree Parameters, page 34-5 (optional) 34-2 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 771
    compatible with fallback bridging. When fallback bridging is enabled, it is possible for packets to be forwarded from one protected port on a switch to another protected port on the same switch if the ports are in different VLANs. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 34-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 772
    end are not supported. For port to the bridge group: Switch(config)# bridge 10 protocol vlan-bridge Switch(config)# interface gigabitethernet0/1 Switch(config-if)# no switchport Switch(config-if)# no shutdown Switch(config-if)# bridge-group 10 34-4 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 773
    impact on performance. A good source on switching is the IEEE 802.1D specification. For more information, refer to the "References and Recommended Reading" appendix in the Cisco IOS Configuration Fundamentals Command Reference. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 34-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 774
    range is 1 to 255. • For number, enter a number from 0 to 255 in increments of 4. The lower the number, the more likely that the port on the switch will be chosen as the root. The default is 128. Return to privileged EXEC mode. 34-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 775
    end show running-config copy running-config startup-config Purpose Enter global configuration mode. Specify the port port in bridge group 10: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# bridge-group 10 path-cost 20 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 776
    4 Step 5 Command configure terminal bridge bridge-group hello-time seconds end show running-config copy running-config startup-config Purpose Enter global configuration in bridge group 10: Switch(config)# bridge 10 hello-time 5 34-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 777
    time spent listening for topology change information after a port has been activated for switching and before forwarding actually begins. Beginning in privileged EXEC in bridge group 10: Switch(config)# bridge 10 max-age 30 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 34-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 778
    Step 6 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Specify the port, and enter , refer to the Cisco IOS Bridging and IBM Networking Command Reference for Release 12.1. 34-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 779
    and resolve software problems related to the Cisco IOS software on the Catalyst 3560 switch. Depending on the nature of the problem, you can use the command-line interface (CLI) or the Cluster Management Suite (CMS) to identify and solve problems. Additional troubleshooting information, such as
  • Cisco 3560G 48TS | Software Configuration Guide - Page 780
    -r--r-- 9658/25 3970586 Nov 21 12:00 2003 c3560-i5-mz.121.19-EA1/c3560-i5-mz.121.19-EA1.bin -rw-r--r-- 9658/25 391 Nov 21 13:20 2003 c3560-i5-mz.121.19-EA1/info -rw-r--r-- 9658/25 98 Nov 18 16:46 2003 info 35-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 781
    to download the software image to the switch. Use the reload privileged EXEC command to restart the switch and to verify that the new software image is operating properly. Delete the flash:image_filename.bin file from the switch. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 35-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 782
    Troubleshooting Recovering from a Lost or Forgotten Password The default configuration for the switch allows an end user with physical access to the switch , reload the switch: Switch> reload Proceed with reload? [confirm] y 35-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 783
    : Continue with the configuration dialog? [yes/no]: N At the switch prompt, enter privileged EXEC mode: Switch> enable Rename the configuration file to its original name: Switch# rename flash:config.text.old flash:config.text 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 35-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 784
    Caution Returning the switch to the default configuration results in the loss of all existing configurations. We recommend that you contact your system administrator to verify if there are backup switch and VLAN configuration files. 35-6 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 785
    Chapter 35 Troubleshooting Recovering from 192 Mar 01 1993 22:30:48 c3560-i5-mz.121.19-EA1 16128000 bytes total (10003456 bytes free) Boot the system: Switch: boot You are prompted to EXEC mode: Switch (config)# exit Switch# 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 35-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 786
    1 Step 2 Disconnect the command switch from the member switches, and physically remove it from the cluster. Insert the member switch in place of the failed command switch, and duplicate its connections to the cluster members. 35-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 787
    the last characters in a host name for any switch. When prompted for the Telnet (virtual terminal) password, recall that it can be from 1 to 25 alphanumeric characters, is case sensitive, allows spaces, but ignores leading spaces. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 35-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 788
    port, refer to the switch hardware installation guide. At the switch prompt, enter privileged EXEC mode: Switch> enable Switch# Enter the password of the failed command switch. Use the setup program to configure the switch /no]: 35-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 789
    2970, Catalyst 2950, Catalyst 3500 XL, Catalyst 2900 XL, Catalyst 2820, and Catalyst 1900 switch) connected to the command switch through a secured port can lose connectivity if the port is disabled because of a security violation. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 35
  • Cisco 3560G 48TS | Software Configuration Guide - Page 790
    not support GBIC modules. Although the error message text refers to GBIC interfaces and modules, the security messages actually refer to the SFP modules and module interfaces. For more information about error messages, refer to the system message guide for this release. 35-12 Catalyst 3560 Switch
  • Cisco 3560G 48TS | Software Configuration Guide - Page 791
    Beginning in privileged EXEC mode, use this command to ping another device on the network from the switch: Command ping ip host | address Purpose Ping a remote host through IP or by supplying the host name or network address. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 35-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 792
    . The switch can only identify the path from the source device to the destination device. It cannot identify the path that a packet takes from source host to the source device or from the destination device to the destination host. 35-14 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 793
    a port), the Layer 2 traceroute feature is not supported. When more than one CDP neighbor is detected on a port, the Layer 2 path is not identified, and an error message appears. • This feature is not supported in Token Ring VLANs. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 35
  • Cisco 3560G 48TS | Software Configuration Guide - Page 794
    35 Troubleshooting Displaying port unreachable error to the source. Because all errors except port unreachable errors come from intermediate hops, the receipt of a port unreachable error means this message was sent by the destination. 35-16 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 795
    . Port unreachable. To terminate a trace in progress, enter the escape sequence (Ctrl-^ X by default). You enter the default by simultaneously pressing and releasing the Ctrl, Shift, and 6 keys, and then by pressing the X key. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 35
  • Cisco 3560G 48TS | Software Configuration Guide - Page 796
    to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support Switch# undebug span-session To display the state of each debugging option, enter this command in privileged EXEC mode: Switch# show debugging 35-18 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 797
    the console port. Possible support personnel, who have access to detailed information about the switch application-specific integrated circuits (ASICs). However, packet forwarding information can also be helpful in troubleshooting. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 798
    -00_40000014_000A0000 01FFA 03000000 L2Local 80_00050009_43A80145-00_00000000_00000000 00086 02010197 Station Descriptor:F0050003, DestIndex:F005, RewriteIndex:0003 Egress:Asic 3, switch 1 Output Packets: 35-20 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 799
    Asic 3, switch 1 Output Packets: Packet 1 Lookup Key-Used OutptACL 50_10010A05_0A010505-00_40000014_000A0000 Index-Hit A-Data 01FFE 03000000 Port Gi0/2 Vlan SrcMac DstMac Cos Dscpv 0007 XXXX.XXXX.0246 0009.43A8.0147 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 35-21
  • Cisco 3560G 48TS | Software Configuration Guide - Page 800
    the end of its filename) by entering the show stacks or the show tech-support privileged EXEC command. You also can access the file by using any command that can copy or display files, such as the more or the copy privileged EXEC command. 35-22 Catalyst 3560 Switch Software Configuration Guide 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 801
    all switches is modeled as removable Flash memory.) • CISCO-FTP-CLIENT-MIB • CISCO-HSRP-MIB • CISCO-HSRP-EXT-MIB (partial support) • CISCO-IGMP-FILTER-MIB • CISCO-IMAGE-MIB • CISCO IP-STAT-MIB • CICSO-L2L3-INTERFACE-MIB • CISCO-LACP-MIB 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 802
    SYS-MIB • OLD-CISCO-TCP-MIB • OLD-CISCO-TS-MIB • PIM-MIB • RFC1213-MIB (Functionality is as per the agent capabilities specified in the CISCO-RFC1213-CAPABILITY.my.) • RFC1253-MIB (OSPF-MIB) • RMON-MIB • RMON2-MIB • SNMP-FRAMEWORK-MIB • SNMP-MPD-MIB Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 803
    UDP-MIB Note You can also use this URL for a list of supported MIBs for the Catalyst 3560 switch: ftp://ftp.cisco.com/pub/mibs/supportlists/cat3560/cat3560-supportlist.html You can access other information a copy of the MIB file. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide A-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 804
    Using FTP to Access the MIB Files Appendix A Supported MIBs Catalyst 3560 Switch Software Configuration Guide A-4 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 805
    the Catalyst 3560 Flash file system, how to copy configuration files, and how to archive (upload and download) software images to a switch. Note For complete syntax and usage information for the commands used in this chapter, refer to the switch command reference for this release and the Cisco IOS
  • Cisco 3560G 48TS | Software Configuration Guide - Page 806
    Working with the Cisco IOS File System, Configuration Files, and Software Images Displaying Available File Systems To display the available file systems on your switch, use the from a network machine by using the YMODEM protocol. Catalyst 3560 Switch Software Configuration Guide B-2 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 807
    Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Setting example shows how to change to the directory named new_configs. Display the working directory. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide B-3
  • Cisco 3560G 48TS | Software Configuration Guide - Page 808
    Working with the Flash File System Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Creating and (TFTP)-tftp:[[//location]/directory]/filename Local writable file systems include flash:. Catalyst 3560 Switch Software Configuration Guide B-4 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 809
    Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Some invalid archive upload-sw privileged EXEC commands to download and upload software image files. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide B-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 810
    an optional list of files or directories after the tar file; then only those files appear. If none are specified, all files and directories appear. Catalyst 3560 Switch Software Configuration Guide B-6 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 811
    just the new-configs directory into the root directory on the local Flash file system. The remaining files in the saved.tar file are ignored. Switch# archive tar /xtract tftp:/172.20.10.30/saved.tar flash:/new-configs 78-16156-01 Catalyst 3560 Switch Software Configuration Guide B-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 812
    Editor, page B-10 • Copying Configuration Files By Using TFTP, page B-10 • Copying Configuration Files By Using FTP, page B-12 • Copying Configuration Files By Using RCP, page B-16 • Clearing Configuration Information, page B-19 Catalyst 3560 Switch Software Configuration Guide B-8 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 813
    changes (such as changing the switch IP address or disabling ports) can cause a loss of connectivity to the switch. • If no password has been set on the switch, we recommend that you set in the NVRAM section of Flash memory. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide B-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 814
    Cisco /services switch has a route to the TFTP server. The switch and the TFTP server must be in the same subnetwork if you do not have a router to route traffic between subnets. Check connectivity to the TFTP server by using the ping command. B-10 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 815
    Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working Upload a Configuration File By Using TFTP" section on page B-10. Log into the switch through the console port or a Telnet session. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide B-11
  • Cisco 3560G 48TS | Software Configuration Guide - Page 816
    FTP request to a server. When you copy a configuration file from the switch to a server by using FTP, the Cisco IOS software sends the first valid username in this list: • The username to the documentation for your FTP server. B-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 817
    configuration mode on the switch. This step is required only if you override the default remote username or password (see Steps 4, 5, and 6). (Optional) Change the default remote username. (Optional) Change the default password. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide B-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 818
    with the Cisco IOS File System, Configuration Files, and Software Images Step 6 Step 7 Command Purpose end Return to [OK] Switch# %SYS-5-CONFIG_NV:Non-volatile store configured from host2-config by ftp from 172.16.101.101 B-14 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 819
    switch through the console port Switch(config)# end Switch# copy nvram:startup-config ftp: Remote host[]? 172.16.101.101 Name of configuration file to write [switch2-confg]? Write file switch2-confg on host 172.16.101.101?[confirm] ![OK] 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 820
    the switch through a Telnet session and you have a valid username, this username is used, and you do not need to set the RCP username. Include the username in the copy command if you want to specify a username for only that copy operation. B-16 Catalyst 3560 Switch Software Configuration Guide 78
  • Cisco 3560G 48TS | Software Configuration Guide - Page 821
    ip rcmd remote-username username end copy rcp:[[[//[username@]location]/ page B-16. Log into the switch through the console port or a Telnet session. Enter Switch# %SYS-5-CONFIG: Configured from host1-config by rcp from 172.16.101.101 78-16156-01 Catalyst 3560 Switch Software Configuration Guide B-
  • Cisco 3560G 48TS | Software Configuration Guide - Page 822
    address of 172.16.101.101: Switch# copy system:running-config rcp://[email protected]/switch2-confg Write file switch-confg on host 172.16.101.101?[confirm] Building configuration...[OK] Connected to 172.16.101.101 Switch# B-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 823
    switch prompts for confirmation on destructive file operations. For more information about the file prompt command, refer to the Cisco IOS Command Reference for Release 12.1. Caution You cannot restore a file after it has been deleted. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 824
    For a list of software images and the supported upgrade paths, refer to the release notes that shipped with your switch. Image Location on the Switch The Cisco IOS image is stored as a .bin file might have stored in Flash memory. B-20 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 825
    and files, such as Cisco IOS images and web c3560-i5-mz.121-19.EA1 image_family:C3560 stacking_number:1.0 info_end: version_suffix:i5-mz.121-19.EA1 version_directory:c3560-i5-mz.121-19.EA1 image_system_type_id:0x00000000 image_name:c3560 Catalyst 3560 Switch Software Configuration Guide B-21
  • Cisco 3560G 48TS | Software Configuration Guide - Page 826
    Cisco IOS File System, Configuration Files, and Software Images Copying Image Files By Using TFTP You can download a switch image from a TFTP server or upload the image from the switch to a TFTP server. You download a switch /services Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 827
    B Working with the Cisco IOS File System, Configuration page B-22. Log into the switch through the console port or a Telnet session. Download the image file from the TFTP server to the switch, and overwrite the current image. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide B-23
  • Cisco 3560G 48TS | Software Configuration Guide - Page 828
    : info, the Cisco IOS image, and the HTML files. After these files are uploaded, the upload algorithm creates the tar file format. Caution For the download and upload algorithms to operate properly, do not rename image names. B-24 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 829
    each FTP request to a server. When you copy an image file from the switch to a server by using FTP, the Cisco IOS software sends the first valid username in this list: • The username specified in username only for that operation. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide B-25
  • Cisco 3560G 48TS | Software Configuration Guide - Page 830
    Cisco IOS 6 ip ftp username username ip ftp password password end Purpose Verify that the FTP server is properly configured by on page B-25. Log into the switch through the console port or a Telnet session. Enter global configuration Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 831
    enough space to install the new image and keep the running image, the download process stops, and an error message is displayed. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide B-27
  • Cisco 3560G 48TS | Software Configuration Guide - Page 832
    Working with the Cisco IOS File section on page B-13. Log into the switch through the console port or a Telnet session. configure terminal Enter (Optional) Change the default password. end Return to privileged EXEC mode. archive Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 833
    Cisco support rsh.) Because you are copying a file from one place to another, you must have read permission on the source file and write permission on the destination file. If the destination file does not exist, RCP creates it for you. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 834
    If the switch IP address translates to Switch1.company.com, the .rhosts file for User0 on the RCP server should contain this line: Switch1.company.com Switch1 For more information, refer to the documentation for your RCP server. B-30 Catalyst 3560 Switch Software Configuration Guide 78-16156
  • Cisco 3560G 48TS | Software Configuration Guide - Page 835
    Cisco Command configure terminal ip rcmd remote-username username end archive download-sw /overwrite /reload rcp:[[[//[username@]location on page B-29. Log into the switch through the console port or a Telnet session. Enter global configuration Catalyst 3560 Switch Software Configuration Guide B-31
  • Cisco 3560G 48TS | Software Configuration Guide - Page 836
    files in the directory and the directory are removed. Caution For the download and upload algorithms to operate properly, do not rename image names. B-32 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 837
    : info, the Cisco IOS image, and the HTML files. After these files are uploaded, the upload algorithm creates the tar file format. Caution For the download and upload algorithms to operate properly, do not rename image names. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide B-33
  • Cisco 3560G 48TS | Software Configuration Guide - Page 838
    Working with Software Images Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images B-34 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 839
    in Cisco IOS Release 12.1(19)EA1 This appendix lists some of the command-line interface (CLI) commands that appear when you enter the question mark (?) at the Catalyst 3560 switch prompt but are not supported in this release, either because they are not tested or because of Catalyst 3560 hardware
  • Cisco 3560G 48TS | Software Configuration Guide - Page 840
    C Unsupported Commands in Cisco IOS Release 12.1(19)EA1 Unsupported Privileged EXEC Commands clear bridge [bridge-group] multicast [router-ports | groups | counts] [group-address] [interface-unit] [ bridge bridge-group bridge ip Catalyst 3560 Switch Software Configuration Guide C-2 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 841
    Appendix C Unsupported Commands in Cisco IOS Release 12.1(19)EA1 bridge service-filtering frame-relay map bridge dlci broadcast interface bvi bridge-group x25 map bridge x.121-address broadcast [options-keywords] FallBack Bridging 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 842
    HSRP Appendix C Unsupported Commands in Cisco IOS Release 12.1(19)EA1 HSRP Unsupported Global -accounting | precedence | irb | random-detect | rate-limit | shape] Unsupported Global Configuration Commands interface tunnel Catalyst 3560 Switch Software Configuration Guide C-4 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 843
    Unsupported Commands in Cisco IOS Release 12 show ip mpacket commands are supported but are only useful for packets received at the switch CPU. If the route is hardware-switched, the command has no effect message-interval seconds 78-16156-01 Catalyst 3560 Switch Software Configuration Guide C-5
  • Cisco 3560G 48TS | Software Configuration Guide - Page 844
    Commands in Cisco IOS Release switched] show ip accounting [checkpoint] [output-packets | access-violations] show ip bgp dampened-paths show ip bgp inconsistent-as show ip bgp regexp regular expression show ip prefix-list regular expression Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 845
    Appendix C Unsupported Commands in Cisco IOS Release 12.1(19)EA1 Unsupported Global Configuration Commands ip accounting-list ip-address wildcard cache ip verify ip unnumbered type number All ip security commands IP Unicast Routing 78-16156-01 Catalyst 3560 Switch Software Configuration Guide C-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 846
    Appendix C Unsupported Commands in Cisco IOS Release 12.1(19)EA1 tag | prepend as-path-string} set automatic-tag set dampening half-life reuse suppress max-suppress-time set default interface interface-id [interface-id.....] tag-value Catalyst 3560 Switch Software Configuration Guide C-8 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 847
    Appendix C Unsupported Commands in Cisco IOS Release 12.1(19)EA1 peer ip-address | name [prefix-list list] (Because BGP/MBGP is not supported, use the ip msdp peer command instead of this command.) Network Address Translation ip nat 78-16156-01 Catalyst 3560 Switch Software Configuration Guide C-9
  • Cisco 3560G 48TS | Software Configuration Guide - Page 848
    in Cisco IOS Release 12.1(19)EA1 RADIUS Unsupported Global Configuration Commands aaa nas port extended radius-server attribute nas-port radius- Commands spanning-tree stack-port VLAN Unsupported vlan-config Commands private-vlan C-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 849
    Appendix C Unsupported Commands in Cisco IOS Release 12.1(19)EA1 VTP Unsupported User EXEC Commands show running- -limit errdisable recovery cause dhcp-rate-limit errdisable recovery cause unicast flood service compress-config 78-16156-01 Catalyst 3560 Switch Software Configuration Guide C-11
  • Cisco 3560G 48TS | Software Configuration Guide - Page 850
    Miscellaneous Appendix C Unsupported Commands in Cisco IOS Release 12.1(19)EA1 C-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 851
    ports defined 10-2 in switch clusters 5-9 accounting with RADIUS 8-28 with TACACS+ 8-11, 8-17 ACEs and QoS 28-7 defined 27-2 Ethernet 27-2 IP 27-2 ACLs ACEs 27-2 any keyword 27-12 applying on bridged packets 27-38 on multicast packets 27-39 on routed packets 27-38 Catalyst 3560 Switch Software
  • Cisco 3560G 48TS | Software Configuration Guide - Page 852
    28-38 creating 27-10 matching criteria 27-7 hardware Catalyst 3560 Switch Software Configuration Guide ACLs (continued) port 27-2 precedence of 27-2 QoS 28-7, 28-37 router 27-2 standard IP configuring for QoS classification 28-37 creating 27-8 matching criteria 27-7 supported features 27-21 support
  • Cisco 3560G 48TS | Software Configuration Guide - Page 853
    encapsulation 30-10 static switches 5-9 connectivity 5-5 different VLANs 5-7 management VLANs 5-7 non-CDP-capable devices 5-6 non-cluster-capable devices 5-6 routed ports 5-8 creating a cluster standby group 5-19 in switch clusters 5-5 See also CDP Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 854
    4-2 boot process 4-1 manually 4-13 specific image 4-13 boot loader accessing 4-14 described 4-2 environment variables 4-14 prompt 4-14 trap-door mechanism 4-2 bootstrap router (BSR), described 32-5 Border Gateway Protocol See BGP IN-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 855
    support only 32-7 switch support of 1-3 CIDR 30-59 Cisco 7960 IP Phone 14-1 Cisco Discovery Protocol See CDP Cisco Express Forwarding See CEF Cisco Group Management Protocol See CGMP Cisco IOS File System See IFS CiscoWorks 2000 1-4, 26-5 classless interdomain routing See CIDR Catalyst 3560 Switch
  • Cisco 3560G 48TS | Software Configuration Guide - Page 856
    See release notes xxxv clusters, switch accessing 5-13 adding member switches 5-17 automatic discovery 5-5 automatic recovery 5-10 IN-6 Catalyst 3560 Switch Software Configuration Guide clusters, switch (continued) benefits 1-2 command switch configuration 5-16 compatibility 5-4 creating 5-16
  • Cisco 3560G 48TS | Software Configuration Guide - Page 857
    a stored configuration B-19 described B-8 downloading automatically 4-12 preparing B-10, B-13, B-16 reasons for B-8 using FTP B-13 using RCP B-17 using TFTP B-11 guidelines for creating and using B-9 invalid combinations when copying B-5 Catalyst 3560 Switch Software Configuration Guide IN-7
  • Cisco 3560G 48TS | Software Configuration Guide - Page 858
    EtherChannel 29-9 fallback bridging 34-3 HSRP 31-4 IGMP 32-26 IGMP filtering 19-21 IGMP snooping 19-7 IGMP throttling 19-21 IGRP 30-24 initial switch information 4-3 IP addressing, IP routing 30-4 IP multicast routing 32-8 IN-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 859
    support 1-4, 1-8 support Services architecture, QoS 28-1 Differentiated Services Code Point 28-2 Diffusing Update Algorithm (DUAL) 30-37 directed unicast requests 1-4 directories changing B-3 creating and removing B-4 displaying the working B-3 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 860
    17 support for for B-20 IN-10 Catalyst 3560 Switch Software Configuration Guide downloading (continued) using 10-12 DVMRP autosummarization configuring a summary address 32-46 disabling 32-48 connecting PIM domain to DVMRP router 32-38 enabling unicast routing 32-42 interoperability with Cisco
  • Cisco 3560G 48TS | Software Configuration Guide - Page 861
    interfaces 29-13 Layer 3 port-channel logical interfaces 29-12 configuring Layer 2 interfaces 29-10 default configuration 29-9 described 29-2 displaying status 29-20 forwarding methods 29-6, 29-15 interaction with STP 29-9 with VLANs 29-10 Catalyst 3560 Switch Software Configuration Guide IN-11
  • Cisco 3560G 48TS | Software Configuration Guide - Page 862
    port groups 10-5 support for 1-3 Ethernet VLANs adding 12-8 defaults and ranges 12-8 modifying 12-8 events, RMON 24-3 examples conventions for xxxiv network configuration 1-11 expedite queue for QoS configuring 28-63 expert mode 3-6 IN-12 Catalyst 3560 Switch Software Configuration Guide Express
  • Cisco 3560G 48TS | Software Configuration Guide - Page 863
    10 forward-delay interval 34-9 hello BPDU interval 34-8 interface priority 34-6 maximum-idle interval 34-9 path cost 34-7 VLAN-bridge spanning-tree priority 34-6 VLAN-bridge STP 34-2 support for 1-8 SVIs and routed ports VLAN and 802.1X 9-8 Catalyst 3560 Switch Software Configuration Guide IN-13
  • Cisco 3560G 48TS | Software Configuration Guide - Page 864
    on dynamic ports 12-33 10 overview 31-1 priority 31-6 IN-14 Catalyst 3560 Switch Software Configuration Guide HSRP (continued) routing redundancy 1-8 timers 31-8 tracking 31-6 See also clusters, cluster standby group, and standby command switch I IBPG 30-43 ICMP redirect messages 30-11 support
  • Cisco 3560G 48TS | Software Configuration Guide - Page 865
    19-22 default configuration 19-21 described 19-20 monitoring 19-26 support for 1-3 IGMP groups configuring the filtering action 19-24 setting the maximum guide setup (CLI) program 1-9 interface number 10-7 range macros 10-9 interface command 10-7 Catalyst 3560 Switch Software Configuration Guide IN
  • Cisco 3560G 48TS | Software Configuration Guide - Page 866
    VLAN routing 1-8, 30-2 IN-16 Catalyst 3560 Switch Software Configuration Guide Intrusion Detection System See IDS inventory, cluster 5-20 IOS File System See IFS ip access group command 27-20 IP ACLs applying to an interface 27-19 extended, creating 27-10 for QoS classification 28-7 implicit deny
  • Cisco 3560G 48TS | Software Configuration Guide - Page 867
    Cisco implementation 32-2 configuring basic multicast routing 32-10 IP multicast boundary 32-34 default configuration 32-8 enabling multicast forwarding 32-10 RP assigning manually 32- port security with QoS 28-34 trusted boundary for QoS 28-34 Catalyst 3560 Switch Software Configuration Guide IN-17
  • Cisco 3560G 48TS | Software Configuration Guide - Page 868
    48 IP protocols in ACLs 27-11 routing 1-8 IP routes, monitoring 30-77 IP routing connecting interfaces with 10 28 inter-VLAN 30-2 IN-18 Catalyst 3560 Switch Software Configuration Guide IP unicast routing (continued) IP support for 1-8 ISL and trunk ports 10-3 encapsulation 1-6, 12-16 78-16156-01
  • Cisco 3560G 48TS | Software Configuration Guide - Page 869
    switch 8-35 KDC 8-35 network services 8-35 configuration examples 8-32 configuring 8-36 credentials 8-32 cryptographic software image 8-32 described 8-32 KDC 8-32 operation 8-34 realm 8-33 server 8-33 support for 1-7 switch ) technology 1-13 Catalyst 3560 Switch Software Configuration Guide IN-19
  • Cisco 3560G 48TS | Software Configuration Guide - Page 870
    28-5 macros See SmartPort macros manageability features 1-4 IN-20 Catalyst 3560 Switch Software Configuration Guide management access in-band browser session 1-4 CLI session 1-4 SNMP 1-5 out-of-band console port connection 1-5 management options benefits clustering 1-3 CMS 1-2 CLI 2-1 overview
  • Cisco 3560G 48TS | Software Configuration Guide - Page 871
    switch 33-9 received by switch 33-14 default configuration 33-4 dense-mode regions sending SA messages to 33-17 specifying the originating address 33-18 filtering incoming SA messages 33-14 SA messages to a peer 33-12 SA requests from a peer 33-11 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 872
    33-9 support for 1-8 MSTP boundary ports configuration guidelines 16-13 described 16-5 BPDU filtering described 17-3 enabling 17-12 BPDU guard described 17-3 enabling 17-11 CIST, described 16-3 configuration guidelines 16-12, 17-9 IN-22 Catalyst 3560 Switch Software Configuration Guide MSTP
  • Cisco 3560G 48TS | Software Configuration Guide - Page 873
    services 1-12 small to medium-sized network 1-13 network design performance 1-12 services 1-12 network management CDP 21-1 RMON 24-1 SNMP 26-1 Network Time Protocol See NTP no commands 2-4 non-IP traffic filtering 27-26 nontrunking mode 12-17 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 874
    6-10 stratum 6-2 support for 1-4 synchronizing devices 6-6 time services 6-2 synchronizing 6-2 O Open Shortest Path First See OSPF optimizing system resources 7-1 options, management 1-4 OSPF area parameters, configuring 30-32 configuring 30-30 default configuration IN-24 Catalyst 3560 Switch
  • Cisco 3560G 48TS | Software Configuration Guide - Page 875
    token-bucket algorithm 28-9 policy-based routing See PBR policy maps for QoS characteristics of 28-42 configuring 28-42 described 28-7 displaying 28-65 port ACLs defined 27-2 types of 27-3 Port Aggregation Protocol See EtherChannel See PAgP Catalyst 3560 Switch Software Configuration Guide IN-25
  • Cisco 3560G 48TS | Software Configuration Guide - Page 876
    9-8 RADIUS server attributes 9-8 IN-26 Catalyst 3560 Switch Software Configuration Guide port-based authentication (continued) ports authorization state and dot1x port-control command 9-4 authorized and unauthorized 9-4 voice VLAN 9-6 port security and voice VLAN 9-6 described 9-5 interactions
  • Cisco 3560G 48TS | Software Configuration Guide - Page 877
    interoperability 15-10 described 15-9 instances supported 15-9 Q QoS auto-QoS categorizing traffic 28-18 configuration and defaults display 28-26 configuration guidelines 28-22 described 28-18 disabling 28-23 displaying generated commands 28-23 Catalyst 3560 Switch Software Configuration Guide IN
  • Cisco 3560G 48TS | Software Configuration Guide - Page 878
    -57 ingress queue characteristics 28-52 IP extended ACLs 28-38 IP standard ACLs 28-37 IN-28 Catalyst 3560 Switch Software Configuration Guide QoS (continued) MAC ACLs 28-39 policy maps 28-42 port trust states within the domain 28-31 trusted boundary 28-34 default auto configuration 28-18 default
  • Cisco 3560G 48TS | Software Configuration Guide - Page 879
    -to-DSCP 28-48 policed-DSCP 28-49 types of 28-10 marked-down actions 28 services to the user 8-27 method list, defined 8-20 operation of 8-19 overview 8-18 suggested network environments 8-18 support for 1-7 tracking services accessed by user 8-28 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 880
    cost 12-26 port priority 12-24 redundant clusters See cluster standby group redundant links and UplinkFast 17-13 reliable transport protocol, EIGRP 30-37 reloading software 4-16 IN-30 Catalyst 3560 Switch Software Configuration Guide Remote Authentication Dial-In User Service See RADIUS Remote
  • Cisco 3560G 48TS | Software Configuration Guide - Page 881
    23-8 configuration guidelines 23-16 default configuration 23-9 destination ports 23-7 displaying status 23-23 interaction with other features 23-8 monitored ports 23-5 monitoring ports 23-7 overview 1-9, 23-1 received traffic 23-4 Catalyst 3560 Switch Software Configuration Guide IN-31
  • Cisco 3560G 48TS | Software Configuration Guide - Page 882
    16-7 point-to-point links 16-7, 16-22 root ports 16-7 root port, defined 16-6 See also MSTP running configuration, saving 4-10 IN-32 Catalyst 3560 Switch Software Configuration Guide S SC (standby command switch) 5-10, 5-19 scheduled reloads 4-16 SDM described 7-1 templates configuring 7-3 number
  • Cisco 3560G 48TS | Software Configuration Guide - Page 883
    27-30, 27-33 interface description in 10-18 shutdown command on interfaces 10-23 Simple Network Management Protocol See SNMP 26-1, 26-5 types of 26-11 users 26-7, 26-9 versions supported 26-2 SNMPv1 26-2 SNMPv2C 26-2 SNMPv3 26-2 snooping, IGMP Catalyst 3560 Switch Software Configuration Guide IN-33
  • Cisco 3560G 48TS | Software Configuration Guide - Page 884
    egress queues 28-62 shared weights on ingress queues 28-55 IN-34 Catalyst 3560 Switch Software Configuration Guide SRR (continued) described 28-12 shaped mode 28-12 shared mode 28-12 support for 1-7 SSH configuring 8-39 cryptographic software image 8-37 described 1-4, 8-38 encryption methods 8-38
  • Cisco 3560G 48TS | Software Configuration Guide - Page 885
    17-2 interface states blocking 15-6 disabled 15-7 forwarding 15-5, 15-6 learning 15-6 listening 15-6 overview 15-4 interoperability and compatibility among modes 15-10 limitations with 802.1Q trunks 15-10 load sharing overview 12-24 Catalyst 3560 Switch Software Configuration Guide IN-35
  • Cisco 3560G 48TS | Software Configuration Guide - Page 886
    election 15-3 unexpected behavior 15-15 shutdown Port Fast-enabled port 17-3 status, displaying 15-22 superior BPDU 15-3 timers, described 15-20 UplinkFast described 17-4 enabling 17-13 VLAN-bridge 15-11 IN-36 Catalyst 3560 Switch Software Configuration Guide stratum, NTP 6-2 stub areas, OSPF 30
  • Cisco 3560G 48TS | Software Configuration Guide - Page 887
    10 configuring the logging facility 25-11 facilities supported 25-12 system name default configuration 6-15 default setting 6-15 manual services to the user 8-16 operation of 8-12 overview 8-10 support for 1-6 tracking services B-10 uploading B-11 Catalyst 3560 Switch Software Configuration Guide IN
  • Cisco 3560G 48TS | Software Configuration Guide - Page 888
    VLANs support for 12-5 VTP support 13 port 35-15 unicast traffic 35-14 usage guidelines 35-15 traceroute command 35-17 See also IP traceroute traffic blocking flooded 20-6 fragmented 27-5 unfragmented 27-5 IN-38 Catalyst 3560 Switch Software Configuration Guide troubleshooting connectivity problems
  • Cisco 3560G 48TS | Software Configuration Guide - Page 889
    support for 1-5 uploading configuration files preparing B-10, B-13, B-16 reasons for B-8 using FTP B-15 using RCP B-18 using TFTP B-11 image files preparing B-22, B-25, B-29 reasons for B-20 using FTP B-28 using RCP B-33 using TFTP B-24 78-16156-01 Catalyst 3560 Switch Software Configuration Guide
  • Cisco 3560G 48TS | Software Configuration Guide - Page 890
    VLAN map entries, order of 27-29 IN-40 Catalyst 3560 Switch Software Configuration Guide VLAN maps applying 27-33 common uses for 27-33 through SVIs 10-5 creating in config-vlan mode 12-9 creating in VLAN configuration mode 12-10 default configuration 12-8 deleting 12-10 described 10-2, 12-1
  • Cisco 3560G 48TS | Software Configuration Guide - Page 891
    12-23 normal-range 12-1, 12-4 number supported 1-5 parameters 12-5 port membership modes 12-3 static-access ports 12-11 STP and 802.1Q trunks 15-10 supported 12-3 Token Ring 12-5 traffic between 12-2 checks 13-4 default configuration 13-6 Catalyst 3560 Switch Software Configuration Guide IN-41
  • Cisco 3560G 48TS | Software Configuration Guide - Page 892
    13-13 overview 13-4 W weighted tail drop See WTD wizards 1-2, 3-6 WTD described 28-11 setting thresholds egress queue-sets 28-57 ingress queues 28-53 support for 1-7 X XMODEM protocol 35-2 IN-42 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424
  • 425
  • 426
  • 427
  • 428
  • 429
  • 430
  • 431
  • 432
  • 433
  • 434
  • 435
  • 436
  • 437
  • 438
  • 439
  • 440
  • 441
  • 442
  • 443
  • 444
  • 445
  • 446
  • 447
  • 448
  • 449
  • 450
  • 451
  • 452
  • 453
  • 454
  • 455
  • 456
  • 457
  • 458
  • 459
  • 460
  • 461
  • 462
  • 463
  • 464
  • 465
  • 466
  • 467
  • 468
  • 469
  • 470
  • 471
  • 472
  • 473
  • 474
  • 475
  • 476
  • 477
  • 478
  • 479
  • 480
  • 481
  • 482
  • 483
  • 484
  • 485
  • 486
  • 487
  • 488
  • 489
  • 490
  • 491
  • 492
  • 493
  • 494
  • 495
  • 496
  • 497
  • 498
  • 499
  • 500
  • 501
  • 502
  • 503
  • 504
  • 505
  • 506
  • 507
  • 508
  • 509
  • 510
  • 511
  • 512
  • 513
  • 514
  • 515
  • 516
  • 517
  • 518
  • 519
  • 520
  • 521
  • 522
  • 523
  • 524
  • 525
  • 526
  • 527
  • 528
  • 529
  • 530
  • 531
  • 532
  • 533
  • 534
  • 535
  • 536
  • 537
  • 538
  • 539
  • 540
  • 541
  • 542
  • 543
  • 544
  • 545
  • 546
  • 547
  • 548
  • 549
  • 550
  • 551
  • 552
  • 553
  • 554
  • 555
  • 556
  • 557
  • 558
  • 559
  • 560
  • 561
  • 562
  • 563
  • 564
  • 565
  • 566
  • 567
  • 568
  • 569
  • 570
  • 571
  • 572
  • 573
  • 574
  • 575
  • 576
  • 577
  • 578
  • 579
  • 580
  • 581
  • 582
  • 583
  • 584
  • 585
  • 586
  • 587
  • 588
  • 589
  • 590
  • 591
  • 592
  • 593
  • 594
  • 595
  • 596
  • 597
  • 598
  • 599
  • 600
  • 601
  • 602
  • 603
  • 604
  • 605
  • 606
  • 607
  • 608
  • 609
  • 610
  • 611
  • 612
  • 613
  • 614
  • 615
  • 616
  • 617
  • 618
  • 619
  • 620
  • 621
  • 622
  • 623
  • 624
  • 625
  • 626
  • 627
  • 628
  • 629
  • 630
  • 631
  • 632
  • 633
  • 634
  • 635
  • 636
  • 637
  • 638
  • 639
  • 640
  • 641
  • 642
  • 643
  • 644
  • 645
  • 646
  • 647
  • 648
  • 649
  • 650
  • 651
  • 652
  • 653
  • 654
  • 655
  • 656
  • 657
  • 658
  • 659
  • 660
  • 661
  • 662
  • 663
  • 664
  • 665
  • 666
  • 667
  • 668
  • 669
  • 670
  • 671
  • 672
  • 673
  • 674
  • 675
  • 676
  • 677
  • 678
  • 679
  • 680
  • 681
  • 682
  • 683
  • 684
  • 685
  • 686
  • 687
  • 688
  • 689
  • 690
  • 691
  • 692
  • 693
  • 694
  • 695
  • 696
  • 697
  • 698
  • 699
  • 700
  • 701
  • 702
  • 703
  • 704
  • 705
  • 706
  • 707
  • 708
  • 709
  • 710
  • 711
  • 712
  • 713
  • 714
  • 715
  • 716
  • 717
  • 718
  • 719
  • 720
  • 721
  • 722
  • 723
  • 724
  • 725
  • 726
  • 727
  • 728
  • 729
  • 730
  • 731
  • 732
  • 733
  • 734
  • 735
  • 736
  • 737
  • 738
  • 739
  • 740
  • 741
  • 742
  • 743
  • 744
  • 745
  • 746
  • 747
  • 748
  • 749
  • 750
  • 751
  • 752
  • 753
  • 754
  • 755
  • 756
  • 757
  • 758
  • 759
  • 760
  • 761
  • 762
  • 763
  • 764
  • 765
  • 766
  • 767
  • 768
  • 769
  • 770
  • 771
  • 772
  • 773
  • 774
  • 775
  • 776
  • 777
  • 778
  • 779
  • 780
  • 781
  • 782
  • 783
  • 784
  • 785
  • 786
  • 787
  • 788
  • 789
  • 790
  • 791
  • 792
  • 793
  • 794
  • 795
  • 796
  • 797
  • 798
  • 799
  • 800
  • 801
  • 802
  • 803
  • 804
  • 805
  • 806
  • 807
  • 808
  • 809
  • 810
  • 811
  • 812
  • 813
  • 814
  • 815
  • 816
  • 817
  • 818
  • 819
  • 820
  • 821
  • 822
  • 823
  • 824
  • 825
  • 826
  • 827
  • 828
  • 829
  • 830
  • 831
  • 832
  • 833
  • 834
  • 835
  • 836
  • 837
  • 838
  • 839
  • 840
  • 841
  • 842
  • 843
  • 844
  • 845
  • 846
  • 847
  • 848
  • 849
  • 850
  • 851
  • 852
  • 853
  • 854
  • 855
  • 856
  • 857
  • 858
  • 859
  • 860
  • 861
  • 862
  • 863
  • 864
  • 865
  • 866
  • 867
  • 868
  • 869
  • 870
  • 871
  • 872
  • 873
  • 874
  • 875
  • 876
  • 877
  • 878
  • 879
  • 880
  • 881
  • 882
  • 883
  • 884
  • 885
  • 886
  • 887
  • 888
  • 889
  • 890
  • 891
  • 892
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Catalyst 3560 Switch
Software Configuration Guide
Cisco IOS Release 12.1(19)EA1
January 2004
Customer Order Number: DOC-7816156=
Text Part Number: 78-16156-01