Software Configuration Guide
Page 17
Contents 20 C H A P T E R 78-16156-01 Configuring a Multicast Router Port 19-9 Configuring a Host Statically to Join a Group 19-10 Enabling IGMP Immediate-Leave Processing 19-10 Disabling IGMP Report Suppression 19-11 Displaying IGMP ... an Interface 20-6 Configuring Port Security 20-7 Understanding Port Security 20-7 Secure MAC Addresses 20-8 Security Violations 20-9 Default Port Security Configuration 20-10 Catalyst 3560 Switch Software Configuration Guide xvii
Contents 20 C H A P T E R 78-16156-01 Configuring a Multicast Router Port 19-9 Configuring a Host Statically to Join a Group 19-10 Enabling IGMP Immediate-Leave Processing 19-10 Disabling IGMP Report Suppression 19-11 Displaying IGMP ... an Interface 20-6 Configuring Port Security 20-7 Understanding Port Security 20-7 Secure MAC Addresses 20-8 Security Violations 20-9 Default Port Security Configuration 20-10 Catalyst 3560 Switch Software Configuration Guide xvii
Software Configuration Guide
Page 20
... SNMP Examples 26-15 Displaying SNMP Status 26-16 27 C H A P T E R Configuring Network Security with ACLs 27-1 Understanding ACLs 27-1 Supported ACLs 27-2 Port ACLs 27-3 Router ACLs 27-4 VLAN Maps 27-4 Handling Fragmented and Unfragmented Traffic 27-5 Configuring IP ACLs 27-6 Creating Standard and Extended IP ACLs 27-7 Access List Numbers...
... SNMP Examples 26-15 Displaying SNMP Status 26-16 27 C H A P T E R Configuring Network Security with ACLs 27-1 Understanding ACLs 27-1 Supported ACLs 27-2 Port ACLs 27-3 Router ACLs 27-4 VLAN Maps 27-4 Handling Fragmented and Unfragmented Traffic 27-5 Configuring IP ACLs 27-6 Creating Standard and Extended IP ACLs 27-7 Access List Numbers...
Software Configuration Guide
Page 21
... Network 27-33 Wiring Closet Configuration 27-33 Denying Access to a Server on Another VLAN 27-35 Using VLAN Maps with Router ACLs 27-36 Guidelines 27-36 Examples of Router ACLs and VLAN Maps Applied to VLANs 27-37 ACLs and Switched Packets 27-37 ACLs and Bridged Packets 27-38... QoS Model 28-3 Classification 28-4 Classification Based on QoS ACLs 28-7 Classification Based on Class Maps and Policy Maps 28-7 Policing and Marking 28-8 Catalyst 3560 Switch Software Configuration Guide xxi
... Network 27-33 Wiring Closet Configuration 27-33 Denying Access to a Server on Another VLAN 27-35 Using VLAN Maps with Router ACLs 27-36 Guidelines 27-36 Examples of Router ACLs and VLAN Maps Applied to VLANs 27-37 ACLs and Switched Packets 27-37 ACLs and Bridged Packets 27-38... QoS Model 28-3 Classification 28-4 Classification Based on QoS ACLs 28-7 Classification Based on Class Maps and Policy Maps 28-7 Policing and Marking 28-8 Catalyst 3560 Switch Software Configuration Guide xxi
Software Configuration Guide
Page 24
... 30-10 Enable Proxy ARP 30-10 Routing Assistance When IP Routing is Disabled 30-11 Proxy ARP 30-11 Default Gateway 30-11 ICMP Router Discovery Protocol (IRDP) 30-12 Configuring Broadcast Packet Handling 30-13 Enabling Directed Broadcast-to-Physical Broadcast Translation 30-13 Forwarding UDP Broadcast Packets and...-28 Default OSPF Configuration 30-29 Configuring Basic OSPF Parameters 30-30 Configuring OSPF Interfaces 30-31 Configuring OSPF Area Parameters 30-32 xxiv Catalyst 3560 Switch Software Configuration Guide 78-16156-01
... 30-10 Enable Proxy ARP 30-10 Routing Assistance When IP Routing is Disabled 30-11 Proxy ARP 30-11 Default Gateway 30-11 ICMP Router Discovery Protocol (IRDP) 30-12 Configuring Broadcast Packet Handling 30-13 Enabling Directed Broadcast-to-Physical Broadcast Translation 30-13 Forwarding UDP Broadcast Packets and...-28 Default OSPF Configuration 30-29 Configuring Basic OSPF Parameters 30-30 Configuring OSPF Interfaces 30-31 Configuring OSPF Area Parameters 30-32 xxiv Catalyst 3560 Switch Software Configuration Guide 78-16156-01
Software Configuration Guide
Page 26
...31-8 Configuring HSRP Groups and Clustering 31-9 Displaying HSRP Configurations 31-10 Configuring IP Multicast Routing 32-1 Understanding Cisco's Implementation of IP Multicast Routing 32-2 Understanding IGMP 32-2 IGMP Version 1 32-3 IGMP Version 2 32-3... Understanding PIM 32-3 PIM Versions 32-4 PIM Modes 32-4 Auto-RP 32-5 Bootstrap Router 32-5 Multicast Forwarding and Reverse Path Check 32-6 Understanding DVMRP 32-7 Understanding CGMP 32-7 Configuring IP Multicast Routing... Basic Multicast Routing 32-10 xxvi Catalyst 3560 Switch Software Configuration Guide 78-16156-01
...31-8 Configuring HSRP Groups and Clustering 31-9 Displaying HSRP Configurations 31-10 Configuring IP Multicast Routing 32-1 Understanding Cisco's Implementation of IP Multicast Routing 32-2 Understanding IGMP 32-2 IGMP Version 1 32-3 IGMP Version 2 32-3... Understanding PIM 32-3 PIM Versions 32-4 PIM Modes 32-4 Auto-RP 32-5 Bootstrap Router 32-5 Multicast Forwarding and Reverse Path Check 32-6 Understanding DVMRP 32-7 Understanding CGMP 32-7 Configuring IP Multicast Routing... Basic Multicast Routing 32-10 xxvi Catalyst 3560 Switch Software Configuration Guide 78-16156-01
Software Configuration Guide
Page 27
... Features 32-22 Understanding PIM Shared Tree and Source Tree 32-22 Delaying the Use of PIM Shortest-Path Tree 32-24 Modifying the PIM Router-Query Message Interval 32-25 Configuring Optional IGMP Features 32-26 Default IGMP Configuration 32-26 Configuring the Switch as a Member of a Group 32-26... 32-45 Limiting the Number of DVMRP Routes Advertised 32-45 Changing the DVMRP Route Threshold 32-45 Configuring a DVMRP Summary Address 32-46 Catalyst 3560 Switch Software Configuration Guide xxvii
... Features 32-22 Understanding PIM Shared Tree and Source Tree 32-22 Delaying the Use of PIM Shortest-Path Tree 32-24 Modifying the PIM Router-Query Message Interval 32-25 Configuring Optional IGMP Features 32-26 Default IGMP Configuration 32-26 Configuring the Switch as a Member of a Group 32-26... 32-45 Limiting the Number of DVMRP Routes Advertised 32-45 Changing the DVMRP Route Threshold 32-45 Configuring a DVMRP Summary Address 32-46 Catalyst 3560 Switch Software Configuration Guide xxvii
Software Configuration Guide
Page 32
... Commands C-6 IP Unicast Routing C-6 Unsupported Privileged EXEC or User EXEC Commands C-6 Unsupported Global Configuration Commands C-7 Unsupported Interface Configuration Commands C-7 Unsupported BGP Router Configuration Commands C-8 Unsupported VPN Configuration Commands C-8 Unsupported Route Map Commands C-8 MSDP C-9 Unsupported Privileged EXEC Commands C-9 Unsupported Global Configuration Commands C-9 Network ...11 Unsupported Privileged EXEC Commands C-11 Miscellaneous C-11 Unsupported Global Configuration Commands C-11 xxxii Catalyst 3560 Switch Software Configuration Guide 78-16156-01
... Commands C-6 IP Unicast Routing C-6 Unsupported Privileged EXEC or User EXEC Commands C-6 Unsupported Global Configuration Commands C-7 Unsupported Interface Configuration Commands C-7 Unsupported BGP Router Configuration Commands C-8 Unsupported VPN Configuration Commands C-8 Unsupported Route Map Commands C-8 MSDP C-9 Unsupported Privileged EXEC Commands C-9 Unsupported Global Configuration Commands C-9 Network ...11 Unsupported Privileged EXEC Commands C-11 Miscellaneous C-11 Unsupported Global Configuration Commands C-11 xxxii Catalyst 3560 Switch Software Configuration Guide 78-16156-01
Software Configuration Guide
Page 39
...image (EMI), which provides Layer 2+ features (enterprise-class intelligent services). Some features noted in this release. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-1 It includes all features described in this chapter and in the "Layer 3 Features" section on the... quality of service (QoS), static routing, and the Hot Standby Router Protocol (HSRP) and the Routing Information Protocol (RIP). To distinguish it from Cisco.com. Switches with either of these topics about the Catalyst 3560 switch software: • Features, page 1-1 • Default Settings ...
...image (EMI), which provides Layer 2+ features (enterprise-class intelligent services). Some features noted in this release. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-1 It includes all features described in this chapter and in the "Layer 3 Features" section on the... quality of service (QoS), static routing, and the Hot Standby Router Protocol (HSRP) and the Routing Information Protocol (RIP). To distinguish it from Cisco.com. Switches with either of these topics about the Catalyst 3560 switch software: • Features, page 1-1 • Default Settings ...
Software Configuration Guide
Page 41
... storms • Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast traffic • Cisco Group Management Protocol (CGMP) server support and Internet Group Management Protocol (IGMP) snooping for IGMP versions 1, 2,...forwarding multimedia and multicast traffic • IGMP report suppression for sending only one IGMP report per multicast router query to the multicast devices (supported only for IGMPv1 or IGMPv2 queries) • Multicast VLAN ... for user-selected features 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-3
... storms • Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast traffic • Cisco Group Management Protocol (CGMP) server support and Internet Group Management Protocol (IGMP) snooping for IGMP versions 1, 2,...forwarding multimedia and multicast traffic • IGMP report suppression for sending only one IGMP report per multicast router query to the multicast devices (supported only for IGMPv1 or IGMPv2 queries) • Multicast VLAN ... for user-selected features 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-3
Software Configuration Guide
Page 43
...standard • VLAN Query Protocol (VQP) for dynamic VLAN membership 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-5 BPDU filtering for preventing a Port Fast-enabled port from ... port to a directly attached terminal or to a remote terminal through the Cisco RPS 300 and Cisco RPS 675 for enhancing power reliability VLAN Features • Support for up ... to the forwarding state - Availability Features • HSRP for command switch and Layer 3 router redundancy • UniDirectional Link Detection (UDLD) and aggressive UDLD for shutting down Port Fast-enabled...
...standard • VLAN Query Protocol (VQP) for dynamic VLAN membership 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-5 BPDU filtering for preventing a Port Fast-enabled port from ... port to a directly attached terminal or to a remote terminal through the Cisco RPS 300 and Cisco RPS 675 for enhancing power reliability VLAN Features • Support for up ... to the forwarding state - Availability Features • HSRP for command switch and Layer 3 router redundancy • UniDirectional Link Detection (UDLD) and aggressive UDLD for shutting down Port Fast-enabled...
Software Configuration Guide
Page 44
...IP access control lists (ACLs) for defining security policies in both directions on routed interfaces (router ACLs) and VLANs and inbound on Layer 2 interfaces (port ACLs) • Extended MAC...servers • IEEE 802.1X port-based authentication to prevent unauthorized devices (clients) from Cisco IP Phones • VLAN1 minimization for reducing the risk of spanning-tree loops or storms... 802.1Q trunking encapsulation on all ports for managing network security through a TACACS server Catalyst 3560 Switch Software Configuration Guide 1-6 78-16156-01 management and control of the port - 802....
...IP access control lists (ACLs) for defining security policies in both directions on routed interfaces (router ACLs) and VLANs and inbound on Layer 2 interfaces (port ACLs) • Extended MAC...servers • IEEE 802.1X port-based authentication to prevent unauthorized devices (clients) from Cisco IP Phones • VLAN1 minimization for reducing the risk of spanning-tree loops or storms... 802.1Q trunking encapsulation on all ports for managing network security through a TACACS server Catalyst 3560 Switch Software Configuration Guide 1-6 78-16156-01 management and control of the port - 802....
Software Configuration Guide
Page 46
... and ICMP Router Discovery Protocol (IRDP) for using router advertisement and router solicitation messages to discover the addresses of routers on directly attached...available only on the EMI. • HSRP for Layer 3 router redundancy • IP routing protocols for load balancing and for ... more VLANs, allowing each 10/100 port; 48-port PoE switch provides 15.4 W of power to any 24 of...is no power on the circuit • 24-port PoE switch provides 15.4 W of power on each VLAN to...clients Power over Ethernet (PoE) Features • Ability to provide power to connected Cisco pre-standard and IEEE ...
... and ICMP Router Discovery Protocol (IRDP) for using router advertisement and router solicitation messages to discover the addresses of routers on directly attached...available only on the EMI. • HSRP for Layer 3 router redundancy • IP routing protocols for load balancing and for ... more VLANs, allowing each 10/100 port; 48-port PoE switch provides 15.4 W of power to any 24 of...is no power on the circuit • 24-port PoE switch provides 15.4 W of power on each VLAN to...clients Power over Ethernet (PoE) Features • Ability to provide power to connected Cisco pre-standard and IEEE ...
Software Configuration Guide
Page 50
...use VLANs and IP subnets to place the network resources in a multicast VLAN but to carry the VLAN traffic. 1-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Bandwidth alone is selected to isolate the streams from bandwidth-intensive applications (such as multimedia)...so that they have their own high-speed segment. • Use the EtherChannel feature between the switch and its connected servers and routers. As your network. Table 1-3 describes some network demands and how you can support applications for bandwidth and security reasons. Network ...
...use VLANs and IP subnets to place the network resources in a multicast VLAN but to carry the VLAN traffic. 1-12 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Bandwidth alone is selected to isolate the streams from bandwidth-intensive applications (such as multimedia)...so that they have their own high-speed segment. • Use the EtherChannel feature between the switch and its connected servers and routers. As your network. Table 1-3 describes some network demands and how you can support applications for bandwidth and security reasons. Network ...
Software Configuration Guide
Page 51
...phone features and configuration. For pre-standard and IEEE 802.3af-compliant powered devices connected to receive power. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-13 This ensures connectivity to the Internet, WAN, and mission-critical network resources in case one VLAN... to allow delivery of the routers or switches fails. If congestion occurs, QoS drops low-priority traffic to inter-VLAN routing, the multilayer switches provide QoS mechanisms such as Cisco IP Phones). Catalyst PoE switch ports automatically detect any Cisco pre-standard and IEEE 802.3af...
...phone features and configuration. For pre-standard and IEEE 802.3af-compliant powered devices connected to receive power. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-13 This ensures connectivity to the Internet, WAN, and mission-critical network resources in case one VLAN... to allow delivery of the routers or switches fails. If congestion occurs, QoS drops low-priority traffic to inter-VLAN routing, the multilayer switches provide QoS mechanisms such as Cisco IP Phones). Catalyst PoE switch ports automatically detect any Cisco pre-standard and IEEE 802.3af...
Software Configuration Guide
Page 52
... IP network supports both voice and data. Figure 1-1 Catalyst 3560 Switches in a Collapsed Backbone Configuration Internet Cisco 2600 or 3700 routers Gigabit servers 101388 IP IP Cisco IP phones Workstations running Cisco SoftPhone software can configure a trusted port to trust the CoS... shows a configuration for a network only using Catalyst 3560 multilayer switches in case of the network. Users with workstations running Cisco SoftPhone software Aironet wireless access points Large Network Using Catalyst 3560 Switches Switches in the wiring closet have redundant uplink...
... IP network supports both voice and data. Figure 1-1 Catalyst 3560 Switches in a Collapsed Backbone Configuration Internet Cisco 2600 or 3700 routers Gigabit servers 101388 IP IP Cisco IP phones Workstations running Cisco SoftPhone software can configure a trusted port to trust the CoS... shows a configuration for a network only using Catalyst 3560 multilayer switches in case of the network. Users with workstations running Cisco SoftPhone software Aironet wireless access points Large Network Using Catalyst 3560 Switches Switches in the wiring closet have redundant uplink...
Software Configuration Guide
Page 53
....3af-compliant powered device (such as a web cam) Aironet wireless IP access points IP IP Cisco IP Phones with workstations 101389 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-15 Chapter 1 Overview Network Configuration Examples The routers and backbone switches have HSRP enabled for load balancing and redundant connectivity to guarantee mission...
....3af-compliant powered device (such as a web cam) Aironet wireless IP access points IP IP Cisco IP Phones with workstations 101389 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-15 Chapter 1 Overview Network Configuration Examples The routers and backbone switches have HSRP enabled for load balancing and redundant connectivity to guarantee mission...
Software Configuration Guide
Page 75
...Beginning in privileged EXEC mode, follow these steps: Step 1 Step 2 Enter the switch IP address in Figure 3-4. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 3-11 Verify your username and password when prompted. Configure the HTTP server interface for the type of HTTP server user... authentication. • local-Local user database as described in the "Launching CMS" section on the Cisco router or access server is used. • tacacs-TACACS server is configured on page 3-15 Launching CMS To display the switch access page, ...
...Beginning in privileged EXEC mode, follow these steps: Step 1 Step 2 Enter the switch IP address in Figure 3-4. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 3-11 Verify your username and password when prompted. Configure the HTTP server interface for the type of HTTP server user... authentication. • local-Local user database as described in the "Launching CMS" section on the Cisco router or access server is used. • tacacs-TACACS server is configured on page 3-15 Launching CMS To display the switch access page, ...
Software Configuration Guide
Page 80
... The view shows how the cluster is connected to other clusters, candidate switches, and devices that cluster. Where to join the cluster (such as routers, access points, IP phones, and so on). CMS Icons For a complete list of new CMS features in CMS, select Help > Legend from...the details of this guide provides information about administrative tasks. • Click Help > What's New in the online help . 3-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Note The Topology view displays only the switch cluster and network neighborhood of the specific command or member...
... The view shows how the cluster is connected to other clusters, candidate switches, and devices that cluster. Where to join the cluster (such as routers, access points, IP phones, and so on). CMS Icons For a complete list of new CMS features in CMS, select Help > Legend from...the details of this guide provides information about administrative tasks. • Click Help > What's New in the online help . 3-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Note The Topology view displays only the switch cluster and network neighborhood of the specific command or member...
Software Configuration Guide
Page 83
... Switch. During DHCP-based autoconfiguration, your switch can act as both a DHCP client and a DHCP server. A router does not forward broadcast packets, but it forwards packets based on your switch. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 4-3 No password is defined. If you are defined. No default gateway is defined...
... Switch. During DHCP-based autoconfiguration, your switch can act as both a DHCP client and a DHCP server. A router does not forward broadcast packets, but it forwards packets based on your switch. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 4-3 No password is defined. If you are defined. No default gateway is defined...
Software Configuration Guide
Page 85
...switch attempts to download a configuration file by using various combinations of the client (required) • DNS server IP address (optional) • Router IP address (default gateway address to be used by the switch) (required) If you want the switch to receive IP address information, you... not in the Cisco IOS IP and IP Routing Configuration Guide for Cisco IOS Release 12.1 for IP connectivity to download the specified configuration file from the TFTP server. The files include the specified configuration filename (if any) and 78-16156-01 Catalyst 3560 Switch Software Configuration...
...switch attempts to download a configuration file by using various combinations of the client (required) • DNS server IP address (optional) • Router IP address (default gateway address to be used by the switch) (required) If you want the switch to receive IP address information, you... not in the Cisco IOS IP and IP Routing Configuration Guide for Cisco IOS Release 12.1 for IP connectivity to download the specified configuration file from the TFTP server. The files include the specified configuration filename (if any) and 78-16156-01 Catalyst 3560 Switch Software Configuration...