Software Configuration Guide
Page 10
... Ports 10-2 Access Ports 10-2 Trunk Ports 10-3 Routed Ports 10-3 Switch Virtual Interfaces 10-4 EtherChannel Port Groups 10-5 Connecting Interfaces 10-5 Using Interface Configuration Mode 10-6 Procedures for Configuring Interfaces 10-7 Configuring a Range of Interfaces 10-8 Configuring and Using Interface Range Macros 10-9 Configuring Ethernet Interfaces 10-11 Default Ethernet Interface Configuration 10-11 Configuring Interface Speed and Duplex Mode 10-12 Configuration Guidelines 10-13 Setting the Interface Speed and Duplex Parameters 10-13 Catalyst 3560 Switch Software Configuration Guide...
... Ports 10-2 Access Ports 10-2 Trunk Ports 10-3 Routed Ports 10-3 Switch Virtual Interfaces 10-4 EtherChannel Port Groups 10-5 Connecting Interfaces 10-5 Using Interface Configuration Mode 10-6 Procedures for Configuring Interfaces 10-7 Configuring a Range of Interfaces 10-8 Configuring and Using Interface Range Macros 10-9 Configuring Ethernet Interfaces 10-11 Default Ethernet Interface Configuration 10-11 Configuring Interface Speed and Duplex Mode 10-12 Configuration Guidelines 10-13 Setting the Interface Speed and Duplex Parameters 10-13 Catalyst 3560 Switch Software Configuration Guide...
Software Configuration Guide
Page 33
...a richer set available from CMS. For all CMS window descriptions and procedures, refer to the Catalyst 3560 Switch Hardware Installation Guide. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xxxiii It includes Layer 2+ features and full Layer 3 routing (IP unicast routing, IP multicast routing, and fallback bridging). The SMI provides Layer 2+ features including access control lists (ACLs), quality of service (QoS), static routing, and the Routing Information Protocol (RIP). For information about these commands, refer to the Catalyst 3560 Switch Command Reference for...
...a richer set available from CMS. For all CMS window descriptions and procedures, refer to the Catalyst 3560 Switch Hardware Installation Guide. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xxxiii It includes Layer 2+ features and full Layer 3 routing (IP unicast routing, IP multicast routing, and fallback bridging). The SMI provides Layer 2+ features including access control lists (ACLs), quality of service (QoS), static routing, and the Routing Information Protocol (RIP). For information about these commands, refer to the Catalyst 3560 Switch Command Reference for...
Software Configuration Guide
Page 40
... Setup for quickly configuring a switch for the first time with basic IP information, contact information, switch and Telnet passwords, and Simple Network Management Protocol (SNMP) information through a supported web browser from anywhere in configuring complex features such as VLANs, ACLs, and quality of a switch or multiple switches from a single CMS window without needing to remember command-line interface (CLI) commands to configure complex features such as VLAN and QoS settings, inventory and statistic reports, link- Monitoring real-time status of service (QoS). - and switch...
... Setup for quickly configuring a switch for the first time with basic IP information, contact information, switch and Telnet passwords, and Simple Network Management Protocol (SNMP) information through a supported web browser from anywhere in configuring complex features such as VLANs, ACLs, and quality of a switch or multiple switches from a single CMS window without needing to remember command-line interface (CLI) commands to configure complex features such as VLAN and QoS settings, inventory and statistic reports, link- Monitoring real-time status of service (QoS). - and switch...
Software Configuration Guide
Page 41
... duplex of bandwidth between switches, routers, and servers • Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic creation of EtherChannel links • Forwarding of Layer 2 and Layer 3 packets at Gigabit line rate • Per-port storm control for preventing broadcast, multicast, and unicast storms • Port blocking on 10/100/1000 BASE-T/TX SFP interfaces that can belong • IGMP throttling for configuring the action when the maximum number of entries is in the IGMP forwarding table • Switch...
... duplex of bandwidth between switches, routers, and servers • Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic creation of EtherChannel links • Forwarding of Layer 2 and Layer 3 packets at Gigabit line rate • Per-port storm control for preventing broadcast, multicast, and unicast storms • Port blocking on 10/100/1000 BASE-T/TX SFP interfaces that can belong • IGMP throttling for configuring the action when the maximum number of entries is in the IGMP forwarding table • Switch...
Software Configuration Guide
Page 44
... to access the port • Port security aging to set the aging time for secure addresses on a port • BPDU guard for shutting down a Port Fast-configured port when an invalid configuration occurs • Standard and extended IP access control lists (ACLs) for defining security policies in both directions on routed interfaces (router ACLs) and VLANs and inbound on Layer 2 interfaces (port ACLs) • Extended MAC access control lists for defining security policies in the MAC, IP, and TCP/User Datagram...
... to access the port • Port security aging to set the aging time for secure addresses on a port • BPDU guard for shutting down a Port Fast-configured port when an invalid configuration occurs • Standard and extended IP access control lists (ACLs) for defining security policies in both directions on routed interfaces (router ACLs) and VLANs and inbound on Layer 2 interfaces (port ACLs) • Extended MAC access control lists for defining security policies in the MAC, IP, and TCP/User Datagram...
Software Configuration Guide
Page 90
... gateway set. Checking and Saving the Running Configuration You can check the configuration settings you entered or changes you are removing the address through a Telnet session, your connection to privileged EXEC commands, and setting time and calendar services, see Chapter 6, "Administering the Switch." hostname Switch A ! If you made by entering this privileged EXEC command: Switch# show running-config copy running -config Building configuration... interface VLAN1 4-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 To remove the default gateway address, use...
... gateway set. Checking and Saving the Running Configuration You can check the configuration settings you entered or changes you are removing the address through a Telnet session, your connection to privileged EXEC commands, and setting time and calendar services, see Chapter 6, "Administering the Switch." hostname Switch A ! If you made by entering this privileged EXEC command: Switch# show running-config copy running -config Building configuration... interface VLAN1 4-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 To remove the default gateway address, use...
Software Configuration Guide
Page 169
... steps to configure login authentication: Step 1 Step 2 Step 3 Command configure terminal aaa new-model aaa authentication login {default | list-name} method1 [method2...] Step 4 line [console | tty | vty] line-number [ending-line-number] Purpose Enter global configuration mode. Beginning in the database by using the username name password global configuration command. • none-Do not use the default keyword followed by the methods that the security server or local username database responds by denying the user access-the authentication...
... steps to configure login authentication: Step 1 Step 2 Step 3 Command configure terminal aaa new-model aaa authentication login {default | list-name} method1 [method2...] Step 4 line [console | tty | vty] line-number [ending-line-number] Purpose Enter global configuration mode. Beginning in the database by using the username name password global configuration command. • none-Do not use the default keyword followed by the methods that the security server or local username database responds by denying the user access-the authentication...
Software Configuration Guide
Page 204
... on Layer 2 ports. When the RADIUS server authenticates a user connected to its EAPOL request/identity frame, clients that is applied are filtered by the router ACL. Outgoing routed packets are supported only in the ingress direction. MAC ACLs are filtered by using the extended naming convention. The Catalyst 3560 switch supports VSAs only in the ingress direction. When the definitions are in single-host or multiple-hosts mode. Catalyst 3560 Switch Software Configuration Guide 9-8 78...
... on Layer 2 ports. When the RADIUS server authenticates a user connected to its EAPOL request/identity frame, clients that is applied are filtered by the router ACL. Outgoing routed packets are supported only in the ingress direction. MAC ACLs are filtered by using the extended naming convention. The Catalyst 3560 switch supports VSAs only in the ingress direction. When the definitions are in single-host or multiple-hosts mode. Catalyst 3560 Switch Software Configuration Guide 9-8 78...
Software Configuration Guide
Page 227
...-01 Catalyst 3560 Switch Software Configuration Guide 10-11 Allowed VLAN range VLANs 1 - 4094. This shuts down the interface and then re-enables it, which the interface is in the table, see Chapter 20, "Configuring Port-Based Traffic Control." Table 10-1 Default Layer 2 Ethernet Interface Configuration Feature Default Setting Operating mode Layer 2 or switching mode (switchport command). Speed Autonegotiate. Note To configure Layer 2 parameters, if the interface is connected. Port enable state All ports are deleting any parameters to receive: off for sent packets. Flow...
...-01 Catalyst 3560 Switch Software Configuration Guide 10-11 Allowed VLAN range VLANs 1 - 4094. This shuts down the interface and then re-enables it, which the interface is in the table, see Chapter 20, "Configuring Port-Based Traffic Control." Table 10-1 Default Layer 2 Ethernet Interface Configuration Feature Default Setting Operating mode Layer 2 or switching mode (switchport command). Speed Autonegotiate. Note To configure Layer 2 parameters, if the interface is connected. Port enable state All ports are deleting any parameters to receive: off for sent packets. Flow...
Software Configuration Guide
Page 261
For more information about EtherChannel, see Table 12-4). Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP), which could cause misconfigurations. Table 12-4 Layer 2 Interface Modes Mode switchport mode access switchport mode dynamic auto Function Puts the interface (access port) into a nontrunk link. To avoid this, you should configure interfaces connected to devices that do not intend to trunk across those links, use the switchport mode access interface configuration command to disable trunking. • To enable trunking to a device that is a Point...
For more information about EtherChannel, see Table 12-4). Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP), which could cause misconfigurations. Table 12-4 Layer 2 Interface Modes Mode switchport mode access switchport mode dynamic auto Function Puts the interface (access port) into a nontrunk link. To avoid this, you should configure interfaces connected to devices that do not intend to trunk across those links, use the switchport mode access interface configuration command to disable trunking. • To enable trunking to a device that is a Point...
Software Configuration Guide
Page 265
... interface. To reset all Cisco switches, and it is configured to configure a port as a static-access port. When you remove VLAN 1 from passing over the trunk. A trunk port can use the no user traffic (including spanning tree advertisements) is in the allowed list for any VLAN that has been disabled on any individual VLAN trunk port by removing VLAN 1 from the allowed list. To disable trunking, use the switchport trunk allowed vlan remove vlan-list interface configuration command to 4094, are allowed on every trunk link. This example shows how to support 802.1Q trunking...
... interface. To reset all Cisco switches, and it is configured to configure a port as a static-access port. When you remove VLAN 1 from passing over the trunk. A trunk port can use the no user traffic (including spanning tree advertisements) is in the allowed list for any VLAN that has been disabled on any individual VLAN trunk port by removing VLAN 1 from the allowed list. To disable trunking, use the switchport trunk allowed vlan remove vlan-list interface configuration command to 4094, are allowed on every trunk link. This example shows how to support 802.1Q trunking...
Software Configuration Guide
Page 312
... switches in a broadcast storm. The remaining VLANs operate with spanning tree disabled. If you have all run . Configuring Spanning-Tree Features Chapter 15 Configuring STP Table 15-3 Default Spanning-Tree Configuration (continued) Feature Spanning-tree port cost (configurable on a per-interface basis) Spanning-tree VLAN port priority (configurable on a per-VLAN basis) Spanning-tree VLAN port cost (configurable on the VLAN where you are already in use the spanning-tree vlan vlan-id global configuration command to break all the loops in the VTP domain creates a VLAN that switch...
... switches in a broadcast storm. The remaining VLANs operate with spanning tree disabled. If you have all run . Configuring Spanning-Tree Features Chapter 15 Configuring STP Table 15-3 Default Spanning-Tree Configuration (continued) Feature Spanning-tree port cost (configurable on a per-interface basis) Spanning-tree VLAN port priority (configurable on a per-VLAN basis) Spanning-tree VLAN port cost (configurable on the VLAN where you are already in use the spanning-tree vlan vlan-id global configuration command to break all the loops in the VTP domain creates a VLAN that switch...
Software Configuration Guide
Page 376
... global configuration command. Beginning in privileged EXEC mode, follow these methods: • Snooping on IGMP queries, Protocol Independent Multicast (PIM) packets, and Distance Vector Multicast Routing Protocol (DVMRP) packets • Listening to Cisco Group Management Protocol (CGMP) packets from other CGMP packets. Enable IGMP snooping on all VLANs. Configuring IGMP Snooping Chapter 19 Configuring IGMP Snooping and MVR To disable IGMP snooping on a VLAN interface, use the no multicast routers in the configuration file. 19-8 Catalyst 3560 Switch Software Configuration Guide 78...
... global configuration command. Beginning in privileged EXEC mode, follow these methods: • Snooping on IGMP queries, Protocol Independent Multicast (PIM) packets, and Distance Vector Multicast Routing Protocol (DVMRP) packets • Listening to Cisco Group Management Protocol (CGMP) packets from other CGMP packets. Enable IGMP snooping on all VLANs. Configuring IGMP Snooping Chapter 19 Configuring IGMP Snooping and MVR To disable IGMP snooping on a VLAN interface, use the no multicast routers in the configuration file. 19-8 Catalyst 3560 Switch Software Configuration Guide 78...
Software Configuration Guide
Page 381
... static configuration. Only Layer 2 ports take part in the switch. • In dynamic mode, multicast data received by MVR hosts on the network-wide multicast VLAN. One can be shared in the network while subscribers remain in compatible mode. You can originate from MVR hosts are also forwarded from multicast groups configured under MVR. This forwarding behavior selectively allows traffic to a multicast stream on the switch is supported. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide...
... static configuration. Only Layer 2 ports take part in the switch. • In dynamic mode, multicast data received by MVR hosts on the network-wide multicast VLAN. One can be shared in the network while subscribers remain in compatible mode. You can originate from MVR hosts are also forwarded from multicast groups configured under MVR. This forwarding behavior selectively allows traffic to a multicast stream on the switch is supported. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide...
Software Configuration Guide
Page 386
... fails. The default configuration is a subscriber port and should only receive multicast data. A port statically configured as source ports. Receiver ports can use the no mvr [mode | group ip-address | querytime | vlan] global configuration commands. mvr Enable MVR on the switch. If you attempt to only receiver ports. interface interface-id Enter interface configuration mode, and enter the type and number of the group until statically removed. This example shows how to enable MVR, configure the group address, set the query time to configure. In dynamic mode...
... fails. The default configuration is a subscriber port and should only receive multicast data. A port statically configured as source ports. Receiver ports can use the no mvr [mode | group ip-address | querytime | vlan] global configuration commands. mvr Enable MVR on the switch. If you attempt to only receiver ports. interface interface-id Enter interface configuration mode, and enter the type and number of the group until statically removed. This example shows how to enable MVR, configure the group address, set the query time to configure. In dynamic mode...
Software Configuration Guide
Page 428
... configured as a monitored packet. however, a SPAN session does not become active unless you enable the destination port and at least one destination session active in the same RSPAN VLAN. the destination port receives a copy of the packet even if the actual incoming packet is dropped. These features include IP standard and extended input access control lists (ACLs), ingress QoS policing, VLAN ACLs and egress QoS policing. 23-4 Catalyst 3560 Switch Software Configuration Guide...
... configured as a monitored packet. however, a SPAN session does not become active unless you enable the destination port and at least one destination session active in the same RSPAN VLAN. the destination port receives a copy of the packet even if the actual incoming packet is dropped. These features include IP standard and extended input access control lists (ACLs), ingress QoS policing, VLAN ACLs and egress QoS policing. 23-4 Catalyst 3560 Switch Software Configuration Guide...
Software Configuration Guide
Page 440
... traffic in RSPAN VLANs, make sure that the VLAN remote-span feature is used for an RSPAN session in the inactive state. • RSPAN VLANs are met: - All participating switches support RSPAN. 23-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 RSPAN VLANs can apply an output access control list (ACL) to RSPAN traffic to selectively filter or monitor specific packets. However, since the switch does not monitor spanned traffic, it does not support egress spanning of packets...
... traffic in RSPAN VLANs, make sure that the VLAN remote-span feature is used for an RSPAN session in the inactive state. • RSPAN VLANs are met: - All participating switches support RSPAN. 23-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 RSPAN VLANs can apply an output access control list (ACL) to RSPAN traffic to selectively filter or monitor specific packets. However, since the switch does not monitor spanned traffic, it does not support egress spanning of packets...
Software Configuration Guide
Page 445
... to enable ingress traffic forwarding on the destination port and to enable ingress forwarding on the destination port as the default VLAN. Switch(config)# monitor session 2 source remote vlan 901 Switch(config)# monitor session 2 destination interface gigabitethernet0/2 ingress vlan 6 Switch(config)# end 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 23-21 For session_number, enter the number defined in the configuration file. For interface-id, specify the destination interface. Note Though visible in RSPAN session 2, to configure Gigabit Ethernet source port...
... to enable ingress traffic forwarding on the destination port and to enable ingress forwarding on the destination port as the default VLAN. Switch(config)# monitor session 2 source remote vlan 901 Switch(config)# monitor session 2 destination interface gigabitethernet0/2 ingress vlan 6 Switch(config)# end 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 23-21 For session_number, enter the number defined in the configuration file. For interface-id, specify the destination interface. Note Though visible in RSPAN session 2, to configure Gigabit Ethernet source port...
Software Configuration Guide
Page 484
... the network. Incoming routed IP packets received on Layer 3 addresses for your network. ACLs can apply only one IP access list and one MAC access list to which a port ACL is applied are forwarded or blocked at router interfaces. This section includes information on ports to a Layer 2 interface. • Router ACLs access-control routed traffic between devices in the outbound direction. VLAN maps are configured to match the ACE. The switch supports IP ACLs and Ethernet (MAC) ACLs: • IP ACLs filter IP traffic, including TCP, User...
... the network. Incoming routed IP packets received on Layer 3 addresses for your network. ACLs can apply only one IP access list and one MAC access list to which a port ACL is applied are forwarded or blocked at router interfaces. This section includes information on ports to a Layer 2 interface. • Router ACLs access-control routed traffic between devices in the outbound direction. VLAN maps are configured to match the ACE. The switch supports IP ACLs and Ethernet (MAC) ACLs: • IP ACLs filter IP traffic, including TCP, User...
Software Configuration Guide
Page 539
... QoS solution. For more frequently, and by adjusting queue thresholds so that the packet is forwarded with its original DSCP to the port by using the priority-queue out interface configuration command. Shaped or Shared Mode SRR services each queue. You assign shared or shaped weights to the CPU where it is a priority queue, and it . Note The egress queue default settings...
... QoS solution. For more frequently, and by adjusting queue thresholds so that the packet is forwarded with its original DSCP to the port by using the priority-queue out interface configuration command. Shaped or Shared Mode SRR services each queue. You assign shared or shaped weights to the CPU where it is a priority queue, and it . Note The egress queue default settings...