Configuration Guide
Page 56
...storm control for preventing broadcast, multicast, and unicast storms • Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast traffic • Cisco Group Management Protocol (CGMP) server support and... Internet Group Management Protocol (IGMP) snooping for IGMP Versions 1, 2, and 3: - (For CGMP devices) CGMP for limiting multicast traffic to specified end stations and... to maximize support for user-selected features Catalyst 3750 Switch Software Configuration Guide 1-4 OL-8550-02
...storm control for preventing broadcast, multicast, and unicast storms • Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast traffic • Cisco Group Management Protocol (CGMP) server support and... Internet Group Management Protocol (IGMP) snooping for IGMP Versions 1, 2, and 3: - (For CGMP devices) CGMP for limiting multicast traffic to specified end stations and... to maximize support for user-selected features Catalyst 3750 Switch Software Configuration Guide 1-4 OL-8550-02
Configuration Guide
Page 118
...entries. (Optional) Save your entries in the command-line help string, the encrypt and force-fmt1 keywords are not supported. Configuring Cisco IOS Agents Chapter 4 Configuring Cisco IOS CNS Agents Enabling the CNS Event Agent Note You must enable the CNS event agent on the switch: Step ...source ip-address] end show cns event connections show that the switch sends before the connection is 11011. • (Optional) Enter backup to backup. Note Though visible in the configuration file. Switch(config)# cns event 10.180.1.27 keepalive 120 10 Catalyst 3750 Switch Software ...
...entries. (Optional) Save your entries in the command-line help string, the encrypt and force-fmt1 keywords are not supported. Configuring Cisco IOS Agents Chapter 4 Configuring Cisco IOS CNS Agents Enabling the CNS Event Agent Note You must enable the CNS event agent on the switch: Step ...source ip-address] end show cns event connections show that the switch sends before the connection is 11011. • (Optional) Enter backup to backup. Note Though visible in the configuration file. Switch(config)# cns event 10.180.1.27 keepalive 120 10 Catalyst 3750 Switch Software ...
Configuration Guide
Page 120
...NVRAM. • (Optional) For page page, enter the web page of the configuration server. end Return to check the syntax when this parameter is not supported. Configuring Cisco IOS Agents Chapter 4 Configuring Cisco IOS CNS Agents Step 7 Step 8 Step 9 Command Purpose cns id interface num {dns-...• (Optional) Enable syntax-check to privileged EXEC mode. 4-10 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 If the no -persist] [page page] [source ip-address] [syntax-check] Enable the Cisco IOS agent, and initiate an initial configuration. • For {ip-...
...NVRAM. • (Optional) For page page, enter the web page of the configuration server. end Return to check the syntax when this parameter is not supported. Configuring Cisco IOS Agents Chapter 4 Configuring Cisco IOS CNS Agents Step 7 Step 8 Step 9 Command Purpose cns id interface num {dns-...• (Optional) Enable syntax-check to privileged EXEC mode. 4-10 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 If the no -persist] [page page] [source ip-address] [syntax-check] Enable the Cisco IOS agent, and initiate an initial configuration. • For {ip-...
Configuration Guide
Page 121
...Cisco Configuration Engine IP address is not supported...[port-number] [source ip-address] Step 3 Step 4 Step 5 Step 6 end show cns config stats or show cns config outstanding show running -config startup-config Purpose...partial {ip-address | hostname} global configuration command. To disable the CNS Cisco IOS agent, use for the source IP address. This example shows how... the Cisco IOS agent, use the cns config cancel privileged EXEC command. Chapter 4 Configuring Cisco IOS CNS Agents Configuring Cisco IOS ...to enable the Cisco IOS agent and to privileged EXEC mode. Verify your entries. (...
...Cisco Configuration Engine IP address is not supported...[port-number] [source ip-address] Step 3 Step 4 Step 5 Step 6 end show cns config stats or show cns config outstanding show running -config startup-config Purpose...partial {ip-address | hostname} global configuration command. To disable the CNS Cisco IOS agent, use for the source IP address. This example shows how... the Cisco IOS agent, use the cns config cancel privileged EXEC command. Chapter 4 Configuring Cisco IOS CNS Agents Configuring Cisco IOS ...to enable the Cisco IOS agent and to privileged EXEC mode. Verify your entries. (...
Configuration Guide
Page 145
...new stack master when the current stack master or switch stack resets. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 5-23 Chapter 5 Managing Switch Stacks Configuring the Switch Stack... switch stack-member-number priority new-priority-number Step 3 Step 4 Step 5 Step 6 end reload slot stack-member-number show switch stack-member-number copy running-config startup-config Purpose ... number and the new priority for a switch stack. By default, no form of a supported switch that is listed in privileged EXEC mode, follow these steps to privileged EXEC mode. ...
...new stack master when the current stack master or switch stack resets. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 5-23 Chapter 5 Managing Switch Stacks Configuring the Switch Stack... switch stack-member-number priority new-priority-number Step 3 Step 4 Step 5 Step 6 end reload slot stack-member-number show switch stack-member-number copy running-config startup-config Purpose ... number and the new priority for a switch stack. By default, no form of a supported switch that is listed in privileged EXEC mode, follow these steps to privileged EXEC mode. ...
Configuration Guide
Page 171
...to configure the switch to synchronize only to 4294967295. • md5 specifies that message authentication support is provided by the ntp trusted-key key-number command. Specify one of a device, ... Step 6 Step 7 Command ntp authentication-key number md5 value ntp trusted-key key-number end show running-config copy running-config startup-config Purpose Define the authentication keys. To remove an... 3. The switch does not synchronize to privileged EXEC mode. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 7-5 To disable NTP authentication, use the no ntp authenticate global ...
...to configure the switch to synchronize only to 4294967295. • md5 specifies that message authentication support is provided by the ntp trusted-key key-number command. Specify one of a device, ... Step 6 Step 7 Command ntp authentication-key number md5 value ntp trusted-key key-number end show running-config copy running-config startup-config Purpose Define the authentication keys. To remove an... 3. The switch does not synchronize to privileged EXEC mode. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 7-5 To disable NTP authentication, use the no ntp authenticate global ...
Configuration Guide
Page 181
...end show running-config copy running-config startup-config Purpose Enter global configuration mode. A specific device in the configuration file. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 7-15 These sections contain this section, see the Cisco.... When you set the system name, it is switch. Understanding DNS The DNS protocol controls the Domain Name System (DNS), a distributed database with periods (.) as the delimiting characters...related Telnet support operations. When you configure DNS on your entries in this domain, for ARPANET hostnames.
...end show running-config copy running-config startup-config Purpose Enter global configuration mode. A specific device in the configuration file. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 7-15 These sections contain this section, see the Cisco.... When you set the system name, it is switch. Understanding DNS The DNS protocol controls the Domain Name System (DNS), a distributed database with periods (.) as the delimiting characters...related Telnet support operations. When you configure DNS on your entries in this domain, for ARPANET hostnames.
Configuration Guide
Page 184
... You cannot use the no banner motd global configuration command. For access, contact technical support. Characters after the ending delimiter are discarded. For access, contact technical support. # Switch(config)# This example shows the banner that appears on the screen when ...multiline message banner that appears from the previous configuration: Unix> telnet 172.2.5.4 Trying 172.2.5.4... User Access Verification Password: 7-18 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 This is '^]'. Escape character is a secure site. For c, enter the delimiting...
... You cannot use the no banner motd global configuration command. For access, contact technical support. Characters after the ending delimiter are discarded. For access, contact technical support. # Switch(config)# This example shows the banner that appears on the screen when ...multiline message banner that appears from the previous configuration: Unix> telnet 172.2.5.4 Trying 172.2.5.4... User Access Verification Password: 7-18 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 This is '^]'. Escape character is a secure site. For c, enter the delimiting...
Configuration Guide
Page 189
... from this string by using the snmp-server host command. • For notification-type, use the mac-notification keyword. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 7-23 Though you can set of the NMS. • Specify traps (the default) to send SNMP traps...define this interface. Specify informs to send SNMP informs to the host. • Specify the SNMP version to privileged EXEC mode. end Return to support. interface interface-id Enter interface configuration mode, and specify the Layer 2 interface on this string by using the snmp-server community ...
... from this string by using the snmp-server host command. • For notification-type, use the mac-notification keyword. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 7-23 Though you can set of the NMS. • Specify traps (the default) to send SNMP traps...define this interface. Specify informs to send SNMP informs to the host. • Specify the SNMP version to privileged EXEC mode. end Return to support. interface interface-id Enter interface configuration mode, and specify the Layer 2 interface on this string by using the snmp-server community ...
Configuration Guide
Page 191
... 1 Step 2 Command configure terminal mac address-table static mac-addr vlan vlan-id interface interface-id Step 3 Step 4 Step 5 end show mac address-table static copy running-config startup-config Purpose Enter global configuration mode. If you can enter the command multiple times with...• For vlan-id, specify the VLAN for which the received packet is disabled by default and only supports unicast static addresses. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 7-25 Valid interfaces include physical ports or port channels. Valid VLAN IDs are forwarded...
... 1 Step 2 Command configure terminal mac address-table static mac-addr vlan vlan-id interface interface-id Step 3 Step 4 Step 5 end show mac address-table static copy running-config startup-config Purpose Enter global configuration mode. If you can enter the command multiple times with...• For vlan-id, specify the VLAN for which the received packet is disabled by default and only supports unicast static addresses. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 7-25 Valid interfaces include physical ports or port channels. Valid VLAN IDs are forwarded...
Configuration Guide
Page 200
...; vlan-Maximizes VLAN configuration on the switch with no routing supported in hardware. • desktop-Supported only on Catalyst 3750-12S switches to use and the template that supports both IPv4 and IPv6 routing. - Catalyst 3750 Switch Software Configuration Guide 8-6 OL-8550-02 Return to... terminal sdm prefer {access | default | dual-ipv4-and-ipv6 {default | routing | vlan} | routing | vlan} [desktop] Step 3 end Step 4 reload Purpose Enter global configuration mode. After the system reboots, you enter the reload privileged EXEC command, the show sdm prefer privileged EXEC...
...; vlan-Maximizes VLAN configuration on the switch with no routing supported in hardware. • desktop-Supported only on Catalyst 3750-12S switches to use and the template that supports both IPv4 and IPv6 routing. - Catalyst 3750 Switch Software Configuration Guide 8-6 OL-8550-02 Return to... terminal sdm prefer {access | default | dual-ipv4-and-ipv6 {default | routing | vlan} | routing | vlan} [desktop] Step 3 end Step 4 reload Purpose Enter global configuration mode. After the system reboots, you enter the reload privileged EXEC command, the show sdm prefer privileged EXEC...
Configuration Guide
Page 201
...] This example shows how to configure the desktop routing template on a Catalyst 3750-12S switch: Switch(config)# sdm prefer routing desktop Switch(config)# end Switch# reload Proceed with reload? [confirm] This example shows how to support this level of features for a Catalyst 3750-12S). Chapter 8 Configuring SDM Templates Displaying the SDM Templates This is...
...] This example shows how to configure the desktop routing template on a Catalyst 3750-12S switch: Switch(config)# sdm prefer routing desktop Switch(config)# end Switch# reload Proceed with reload? [confirm] This example shows how to support this level of features for a Catalyst 3750-12S). Chapter 8 Configuring SDM Templates Displaying the SDM Templates This is...
Configuration Guide
Page 222
...Cisco device if the non-Cisco device requires authentication. • Networks using RADIUS. RADIUS can control...control system. For more information about this protocol, see the RADIUS server documentation. This is to work with the Kerberos security system. • Turnkey network security environments in which applications support... supporting...18 Catalyst ...Cisco (Cisco Secure Access Control Server Version 3.0), Livingston, Merit, ... support AppleTalk Remote Access (ARA), NetBIOS Frame Control ... service. Controlling Switch Access with... a Cisco switch containing... on supported Cisco routers ...
...Cisco device if the non-Cisco device requires authentication. • Networks using RADIUS. RADIUS can control...control system. For more information about this protocol, see the RADIUS server documentation. This is to work with the Kerberos security system. • Turnkey network security environments in which applications support... supporting...18 Catalyst ...Cisco (Cisco Secure Access Control Server Version 3.0), Livingston, Merit, ... support AppleTalk Remote Access (ARA), NetBIOS Frame Control ... service. Controlling Switch Access with... a Cisco switch containing... on supported Cisco routers ...
Configuration Guide
Page 233
... 9 Configuring Switch-Based Authentication Controlling Switch Access with this AV pair activates Cisco's multiple named ip address pools feature during IP authorization (during PPP IPCP address assignment): cisco-avpair= "ip:addr-pool=first" OL-8550-02 Catalyst 3750 Switch Software Configuration Guide ...retransmit retries radius-server timeout seconds radius-server deadtime minutes end show running-config copy running-config startup-config Purpose Enter global configuration mode. The default is 1 to support their own extended attributes not suitable for communicating vendor-specific...
... 9 Configuring Switch-Based Authentication Controlling Switch Access with this AV pair activates Cisco's multiple named ip address pools feature during IP authorization (during PPP IPCP address assignment): cisco-avpair= "ip:addr-pool=first" OL-8550-02 Catalyst 3750 Switch Software Configuration Guide ...retransmit retries radius-server timeout seconds radius-server deadtime minutes end show running-config copy running-config startup-config Purpose Enter global configuration mode. The default is 1 to support their own extended attributes not suitable for communicating vendor-specific...
Configuration Guide
Page 235
... Leading spaces are ignored, but spaces within and at the end of vendor-proprietary RADIUS attributes. This example shows how to... is using the radius-server global configuration commands. Cisco IOS software supports a subset of the key are part of RADIUS... radius-server host {hostname | ip-address} non-standard radius-server key string end show running-config privileged EXEC command. The switch and the RADIUS server use spaces...use this text string to privileged EXEC mode. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 9-31 To delete the vendor-proprietary...
... Leading spaces are ignored, but spaces within and at the end of vendor-proprietary RADIUS attributes. This example shows how to... is using the radius-server global configuration commands. Cisco IOS software supports a subset of the key are part of RADIUS... radius-server host {hostname | ip-address} non-standard radius-server key string end show running-config privileged EXEC command. The switch and the RADIUS server use spaces...use this text string to privileged EXEC mode. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 9-31 To delete the vendor-proprietary...
Configuration Guide
Page 245
... a keyword, the SSH server selects the latest SSH version supported by the SSH client. Return to the SSH negotiation phase.... ip ssh {timeout seconds | authentication-retries number} Step 4 Step 5 Step 6 end show ip ssh or show ssh Purpose Shows the version and configuration information for multiple... network are available (session 0 to session 4). Configure the SSH control parameters: • Specify the time-out value in Table 9-3: ... {timeout | authentication-retries} global configuration command. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 9-41 The range is 3; By ...
... a keyword, the SSH server selects the latest SSH version supported by the SSH client. Return to the SSH negotiation phase.... ip ssh {timeout seconds | authentication-retries number} Step 4 Step 5 Step 6 end show ip ssh or show ssh Purpose Shows the version and configuration information for multiple... network are available (session 0 to session 4). Configure the SSH control parameters: • Specify the time-out value in Table 9-3: ... {timeout | authentication-retries} global configuration command. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 9-41 The range is 3; By ...
Configuration Guide
Page 252
... SCP, which relies on Secure Shell (SSH), an application and a protocol that they both support. You must have a reason to specify a particular CipherSuite, you cannot enter the password into...sha] [rc4-128-md5] [rc4-128-sha] [des-cbc-sha]} Step 4 Step 5 Step 6 end show running -config startup-config Purpose (Optional) Specify the CipherSuites (encryption algorithms) to be used for ... replacement for its secure transport, the router must enter the password when prompted. 9-48 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 Because SSH also relies on AAA authentication, ...
... SCP, which relies on Secure Shell (SSH), an application and a protocol that they both support. You must have a reason to specify a particular CipherSuite, you cannot enter the password into...sha] [rc4-128-md5] [rc4-128-sha] [des-cbc-sha]} Step 4 Step 5 Step 6 end show running -config startup-config Purpose (Optional) Specify the CipherSuites (encryption algorithms) to be used for ... replacement for its secure transport, the router must enter the password when prompted. 9-48 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 Because SSH also relies on AAA authentication, ...
Configuration Guide
Page 259
... and Unauthorized States" section on page 10-7. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 10-5 The Termination-Action RADIUS attribute... You manually re-authenticate the client by using the dot1x port-control auto interface configuration command, the switch initiates authentication when the link...the attribute value is DEFAULT), the IEEE 802.1x session ends, and connectivity is not granted. Authentication Initiation and Message Exchange...Note If IEEE 802.1x authentication is not enabled or supported on a port by entering the dot1x re-authenticate interface...
... and Unauthorized States" section on page 10-7. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 10-5 The Termination-Action RADIUS attribute... You manually re-authenticate the client by using the dot1x port-control auto interface configuration command, the switch initiates authentication when the link...the attribute value is DEFAULT), the IEEE 802.1x session ends, and connectivity is not granted. Authentication Initiation and Message Exchange...Note If IEEE 802.1x authentication is not enabled or supported on a port by entering the dot1x re-authenticate interface...
Configuration Guide
Page 273
...[29]) action is Initialize, (the attribute value is DEFAULT), the MAC authentication bypass session ends, and connectivity is the same as the value of the client, by using the show dot1x...port is configured. Using Network Admission Control Layer 2 IEEE 802.1x Validation In Cisco IOS Release 12.2(25)SED and later, the switch supports the Network Admission Control (NAC) Layer 2 IEEE 802... the client by using the Termination-Action RADIUS attribute (Attribute[29]). OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 10-19 The re-authentication process is lost during re-...
...[29]) action is Initialize, (the attribute value is DEFAULT), the MAC authentication bypass session ends, and connectivity is the same as the value of the client, by using the show dot1x...port is configured. Using Network Admission Control Layer 2 IEEE 802.1x Validation In Cisco IOS Release 12.2(25)SED and later, the switch supports the Network Admission Control (NAC) Layer 2 IEEE 802... the client by using the Termination-Action RADIUS attribute (Attribute[29]). OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 10-19 The re-authentication process is lost during re-...
Configuration Guide
Page 281
... help string, only the group radius keywords are tried in default situations. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 10-27 Return to configure IEEE 802.1x port-based authentication:...interface interface-id Step 9 switchport mode access Step 10 dot1x port-control auto Step 11 Step 12 Step 13 end show dot1x copy running on the same RADIUS server are identified ...the fail-over backup to all RADIUS servers for authentication. The RADIUS host entries are supported. Enable IEEE 802.1x authentication on page 10-23. The combination of the RADIUS...
... help string, only the group radius keywords are tried in default situations. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 10-27 Return to configure IEEE 802.1x port-based authentication:...interface interface-id Step 9 switchport mode access Step 10 dot1x port-control auto Step 11 Step 12 Step 13 end show dot1x copy running on the same RADIUS server are identified ...the fail-over backup to all RADIUS servers for authentication. The RADIUS host entries are supported. Enable IEEE 802.1x authentication on page 10-23. The combination of the RADIUS...