Software Configuration Guide
Page 41
... of bandwidth between switches, routers, and servers • Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic creation of EtherChannel links • Forwarding of Layer 2 and Layer 3 packets at Gigabit line rate • Per-port storm control for preventing broadcast, multicast, and unicast storms • Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast traffic • Cisco Group Management Protocol (CGMP) server support and Internet Group Management Protocol (IGMP) snooping for IGMP versions 1, 2, and...
... of bandwidth between switches, routers, and servers • Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic creation of EtherChannel links • Forwarding of Layer 2 and Layer 3 packets at Gigabit line rate • Per-port storm control for preventing broadcast, multicast, and unicast storms • Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast traffic • Cisco Group Management Protocol (CGMP) server support and Internet Group Management Protocol (IGMP) snooping for IGMP versions 1, 2, and...
Software Configuration Guide
Page 42
..., "Configuring SNMP." Manageability Features Note The encrypted Secure Shell (SSH) feature listed in your management station directly to the switch console port or by using SNMP, see Chapter 2, "Using the Command-Line Interface." • SNMP-SNMP management applications such as HP OpenView or SunNet Manager. You can access the CLI either by connecting your network through a web browser such as IP address, default gateway, host name, and Domain Name System [DNS] and Trivial File Transfer Protocol (TFTP) server names) • DHCP relay for forwarding User...
..., "Configuring SNMP." Manageability Features Note The encrypted Secure Shell (SSH) feature listed in your management station directly to the switch console port or by using SNMP, see Chapter 2, "Using the Command-Line Interface." • SNMP-SNMP management applications such as HP OpenView or SunNet Manager. You can access the CLI either by connecting your network through a web browser such as IP address, default gateway, host name, and Domain Name System [DNS] and Trivial File Transfer Protocol (TFTP) server names) • DHCP relay for forwarding User...
Software Configuration Guide
Page 43
... that receive bridge protocol data units (BPDUs) - Port Fast for dynamic VLAN membership 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-5 STP has these features: - Chapter 1 Overview Features • In-band management access through SNMP versions 1 and 2c, and 3 get and set requests • Out-of-band management access through the switch console port to a directly attached terminal or to 128 spanning-tree instances supported - Rapid PVST+ for balancing load across VLANs -
... that receive bridge protocol data units (BPDUs) - Port Fast for dynamic VLAN membership 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-5 STP has these features: - Chapter 1 Overview Features • In-band management access through SNMP versions 1 and 2c, and 3 get and set requests • Out-of-band management access through the switch console port to a directly attached terminal or to 128 spanning-tree instances supported - Rapid PVST+ for balancing load across VLANs -
Software Configuration Guide
Page 44
... and multicast traffic; Note The Kerberos feature listed in this feature enabled, no user traffic is , supports encryption) versions of the SMI and EMI. • Password-protected access (read-only and read-write access) to management interfaces (CMS and CLI) for protection against unauthorized configuration changes • Multilevel security for a choice of security level, notification, and resulting actions • Static MAC addressing for ensuring security • Protected port option for restricting the forwarding of traffic...
... and multicast traffic; Note The Kerberos feature listed in this feature enabled, no user traffic is , supports encryption) versions of the SMI and EMI. • Password-protected access (read-only and read-write access) to management interfaces (CMS and CLI) for protection against unauthorized configuration changes • Multilevel security for a choice of security level, notification, and resulting actions • Static MAC addressing for ensuring security • Protected port option for restricting the forwarding of traffic...
Software Configuration Guide
Page 51
...-compliant powered devices connected to Catalyst Power over Ethernet (PoE) switches, 802.1P/Q QoS gives voice traffic forwarding-priority over existing infrastructure, such as existing telephone lines. or low-priority, based on separate VVIDs. Refer to the documentation sets specific to logically segment the network into well-defined broadcast groups and for security management. They are also configured with equal-cost routing for faster failover. VLAN access control lists (VLAN maps) on the same VLAN. Catalyst PoE switch ports automatically detect any Cisco pre...
...-compliant powered devices connected to Catalyst Power over Ethernet (PoE) switches, 802.1P/Q QoS gives voice traffic forwarding-priority over existing infrastructure, such as existing telephone lines. or low-priority, based on separate VVIDs. Refer to the documentation sets specific to logically segment the network into well-defined broadcast groups and for security management. They are also configured with equal-cost routing for faster failover. VLAN access control lists (VLAN maps) on the same VLAN. Catalyst PoE switch ports automatically detect any Cisco pre...
Software Configuration Guide
Page 83
Table 4-1 Default Switch Information Feature IP address and subnet mask Default gateway Enable secret password Host name Telnet password Cluster command switch functionality Cluster name Default Setting No IP address or subnet mask are defined. The factory-assigned default host name is defined. Disabled. Understanding DHCP-Based Autoconfiguration The DHCP provides configuration information to configure a Trivial File Transfer Protocol (TFTP) server and a Domain Name System (DNS) server. If you are using DHCP to relay the configuration file location on a client-server model, in the ...
Table 4-1 Default Switch Information Feature IP address and subnet mask Default gateway Enable secret password Host name Telnet password Cluster command switch functionality Cluster name Default Setting No IP address or subnet mask are defined. The factory-assigned default host name is defined. Disabled. Understanding DHCP-Based Autoconfiguration The DHCP provides configuration information to configure a Trivial File Transfer Protocol (TFTP) server and a Domain Name System (DNS) server. If you are using DHCP to relay the configuration file location on a client-server model, in the ...
Software Configuration Guide
Page 90
... switch IP address, use the no ip address interface configuration command. For information on setting the switch system name, protecting access to privileged EXEC mode. interface VLAN1 4-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Verify your entries. (Optional) Save your connection to the switch will be lost. enable secret 5 $1$ej9.$DMUvAUnZOAmvmgqBEzIxE0 ! . . interface gigabitethernet0/1 no service password-encryption ! interface gigabitethernet0/2 mvr type source ...! If you made by entering this privileged EXEC command: Switch# show running-config...
... switch IP address, use the no ip address interface configuration command. For information on setting the switch system name, protecting access to privileged EXEC mode. interface VLAN1 4-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Verify your entries. (Optional) Save your connection to the switch will be lost. enable secret 5 $1$ej9.$DMUvAUnZOAmvmgqBEzIxE0 ! . . interface gigabitethernet0/1 no service password-encryption ! interface gigabitethernet0/2 mvr type source ...! If you made by entering this privileged EXEC command: Switch# show running-config...
Software Configuration Guide
Page 145
... users on a network by storing the MAC address activity on the specified physical port or port channel (clear mac address-table dynamic interface interface-id), or remove all dynamic entries, use the clear mac address-table dynamic command in the MAC address table after the entry is 10 to the default value, use the show mac address-table aging-time copy running-config startup-config Purpose Enter global configuration mode. You can also remove a specific MAC address (clear mac address-table dynamic address mac-address), remove all addresses on the switch. Static address entries...
... users on a network by storing the MAC address activity on the specified physical port or port channel (clear mac address-table dynamic interface interface-id), or remove all dynamic entries, use the clear mac address-table dynamic command in the MAC address table after the entry is 10 to the default value, use the show mac address-table aging-time copy running-config startup-config Purpose Enter global configuration mode. You can also remove a specific MAC address (clear mac address-table dynamic address mac-address), remove all addresses on the switch. Static address entries...
Software Configuration Guide
Page 162
... the clear line command, you want to a more restricted access to the configure command, you can allow different sets of password security: user EXEC and privileged EXEC. By configuring multiple passwords, you can assign it level 3 security and distribute that password to restrict access. For example, if you want more restricted group of commands for normal user EXEC mode privileges. Protecting Access to Privileged EXEC Commands Chapter 8 Configuring Switch-Based Authentication Configuring Multiple Privilege Levels By default, the Cisco IOS software...
... the clear line command, you want to a more restricted access to the configure command, you can allow different sets of password security: user EXEC and privileged EXEC. By configuring multiple passwords, you can assign it level 3 security and distribute that password to restrict access. For example, if you want more restricted group of commands for normal user EXEC mode privileges. Protecting Access to Privileged EXEC Commands Chapter 8 Configuring Switch-Based Authentication Configuring Multiple Privilege Levels By default, the Cisco IOS software...
Software Configuration Guide
Page 204
... the switch. Guest VLANs are filtered by .in single-host or multiple-hosts mode. The switch removes the per -user attributes, including vendor-specific attributes. For more information, see Chapter 27, "Configuring Network Security with ACLs." When the authentication server does not receive a response to its EAPOL request/identity frame, clients that fail authentication access to the network. However, a port ACL takes precedence over , if authentication fails, or if a link...
... the switch. Guest VLANs are filtered by .in single-host or multiple-hosts mode. The switch removes the per -user attributes, including vendor-specific attributes. For more information, see Chapter 27, "Configuring Network Security with ACLs." When the authentication server does not receive a response to its EAPOL request/identity frame, clients that fail authentication access to the network. However, a port ACL takes precedence over , if authentication fails, or if a link...
Software Configuration Guide
Page 218
...A switch port can be associated with no VLAN tagging. Traffic arriving on a trunk, or when a user creates a VLAN. VLAN partitions provide hard firewalls for managing the physical interface and associated Layer 2 protocols and do not handle routing or bridging. Switch ports belong to one or more information about configuring access port and trunk port characteristics, see Chapter 12, "Configuring VLANs." Configure switch ports by entering the copy running-config startup-config privileged EXEC command. If an access port receives a tagged packet (Inter-Switch Link [ISL...
...A switch port can be associated with no VLAN tagging. Traffic arriving on a trunk, or when a user creates a VLAN. VLAN partitions provide hard firewalls for managing the physical interface and associated Layer 2 protocols and do not handle routing or bridging. Switch ports belong to one or more information about configuring access port and trunk port characteristics, see Chapter 12, "Configuring VLANs." Configure switch ports by entering the copy running-config startup-config privileged EXEC command. If an access port receives a tagged packet (Inter-Switch Link [ISL...
Software Configuration Guide
Page 225
... interface range mode. Wait until the command prompt reappears before exiting interface range configuration mode. Return to automatically select a range of the same port type. This example shows how to use the interface range global configuration command to set the speed on ports 1 to 4 to 100 Mbps: Switch# configure terminal Switch(config)# interface range fastgigabittethernet0/1 - 4 Switch(config-if-range)# speed 100 This example shows how to use the normal configuration commands to apply the configuration to receive flow control pause frames: Switch# configure terminal Switch(config...
... interface range mode. Wait until the command prompt reappears before exiting interface range configuration mode. Return to automatically select a range of the same port type. This example shows how to use the interface range global configuration command to set the speed on ports 1 to 4 to 100 Mbps: Switch# configure terminal Switch(config)# interface range fastgigabittethernet0/1 - 4 Switch(config-if-range)# speed 100 This example shows how to use the normal configuration commands to apply the configuration to receive flow control pause frames: Switch# configure terminal Switch(config...
Software Configuration Guide
Page 231
...-T/TX SFP interfaces. Auto-MDIX is not supported on local and remote ports, refer to privileged EXEC mode. When you enable Auto-MDIX, you can receive pause frames. • receive off | desired} end show interfaces interface-id copy running-config startup-config Purpose Enter global configuration mode Enter interface configuration mode and the physical interface to the hardware installation guide. Return to the flowcontrol interface configuration command in the configuration file. Auto-MDIX is required to other devices, and the interface...
...-T/TX SFP interfaces. Auto-MDIX is not supported on local and remote ports, refer to privileged EXEC mode. When you enable Auto-MDIX, you can receive pause frames. • receive off | desired} end show interfaces interface-id copy running-config startup-config Purpose Enter global configuration mode Enter interface configuration mode and the physical interface to the hardware installation guide. Return to the flowcontrol interface configuration command in the configuration file. Auto-MDIX is required to other devices, and the interface...
Software Configuration Guide
Page 254
... running configuration file as well as the MTU size. You can create or modify a range of consecutive VLANs by assigning a number to it throughout the administrative domain, and return to privileged EXEC mode. To return the VLAN name to the default settings, use VLAN configuration mode to create Ethernet VLAN 20, name it test20, and add it to that specific switch. Deleting a VLAN When you delete a VLAN, any ports assigned to the VLAN database: Switch# vlan database Switch(vlan)# vlan...
... running configuration file as well as the MTU size. You can create or modify a range of consecutive VLANs by assigning a number to it throughout the administrative domain, and return to privileged EXEC mode. To return the VLAN name to the default settings, use VLAN configuration mode to create Ethernet VLAN 20, name it test20, and add it to that specific switch. Deleting a VLAN When you delete a VLAN, any ports assigned to the VLAN database: Switch# vlan database Switch(vlan)# vlan...
Software Configuration Guide
Page 340
... cost Configure the cost. Valid interfaces include physical ports and port-channel logical interfaces. Note The show running -config startup-config (Optional) Save your entries. interface interface-id Specify an interface to put in privileged EXEC mode, follow these steps to confirm the configuration. the default value is optional. Otherwise, you can use the no spanning-tree mst instance-id cost interface configuration command. 16-18 Catalyst 3560 Switch Software Configuration Guide 78...
... cost Configure the cost. Valid interfaces include physical ports and port-channel logical interfaces. Note The show running -config startup-config (Optional) Save your entries. interface interface-id Specify an interface to put in privileged EXEC mode, follow these steps to confirm the configuration. the default value is optional. Otherwise, you can use the no spanning-tree mst instance-id cost interface configuration command. 16-18 Catalyst 3560 Switch Software Configuration Guide 78...
Software Configuration Guide
Page 630
Configure the interface to use the no ip rip authentication key-chain interface configuration command. This feature usually optimizes communication among multiple routers, especially when links are advertised. no ip rip authentication mode interface configuration command. To restore clear text authentication, use the no ip split horizon Disable split horizon on a network access server for dial-up clients, use the split-horizon mechanism to properly advertise routes. Note In general, disabling split horizon is enabled, neither autosummary...
Configure the interface to use the no ip rip authentication key-chain interface configuration command. This feature usually optimizes communication among multiple routers, especially when links are advertised. no ip rip authentication mode interface configuration command. To restore clear text authentication, use the no ip split horizon Disable split horizon on a network access server for dial-up clients, use the split-horizon mechanism to properly advertise routes. Note In general, disabling split horizon is enabled, neither autosummary...
Software Configuration Guide
Page 712
... 1 Step 2 Command configure terminal ip pim rp-announce-filter rp-list access-list-number group-list access-list-number Step 3 access-list access-list-number {deny | permit} source [source-wildcard] Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Without this variable is optional. Configuring IP Multicast Routing Chapter 32 Configuring IP Multicast Routing Filtering Incoming RP Announcement Messages You can add configuration commands to the mapping agents to prevent a maliciously configured router from...
... 1 Step 2 Command configure terminal ip pim rp-announce-filter rp-list access-list-number group-list access-list-number Step 3 access-list access-list-number {deny | permit} source [source-wildcard] Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Without this variable is optional. Configuring IP Multicast Routing Chapter 32 Configuring IP Multicast Routing Filtering Incoming RP Announcement Messages You can add configuration commands to the mapping agents to prevent a maliciously configured router from...
Software Configuration Guide
Page 746
... support per-route statistics. Monitoring and Maintaining IP Multicast Routing Chapter 32 Configuring IP Multicast Routing Clearing Caches, Tables, and Databases You can remove all group entries the Catalyst switches have cached. You can use any of the privileged EXEC commands in Table 32-5 to display various routing statistics: Table 32-5 Commands for Displaying System and Network Statistics Command ping [group-name | group-address] show ip dvmrp route [ip-address] show ip igmp groups [group-name | group-address | type number] show ip igmp interface [type number...
... support per-route statistics. Monitoring and Maintaining IP Multicast Routing Chapter 32 Configuring IP Multicast Routing Clearing Caches, Tables, and Databases You can remove all group entries the Catalyst switches have cached. You can use any of the privileged EXEC commands in Table 32-5 to display various routing statistics: Table 32-5 Commands for Displaying System and Network Statistics Command ping [group-name | group-address] show ip dvmrp route [ip-address] show ip igmp groups [group-name | group-address | type number] show ip igmp interface [type number...
Software Configuration Guide
Page 782
... release the Mode button a second or two after the LED above port 1 turns off the switch. proceed to the "Procedure with this : The system has been interrupted prior to recover from a Lost or Forgotten Password The default configuration for the switch allows an end user with reload? [confirm] y 35-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Set the line speed on and by interrupting the boot process during...
... release the Mode button a second or two after the LED above port 1 turns off the switch. proceed to the "Procedure with this : The system has been interrupted prior to recover from a Lost or Forgotten Password The default configuration for the switch allows an end user with reload? [confirm] y 35-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Set the line speed on and by interrupting the boot process during...
Software Configuration Guide
Page 859
... default networks 30-66 default routes 30-66 default routing 30-2 deleting VLANs 12-10 description command 10-18 designing your network, examples 1-11 destination addresses, in ACLs 27-11 destination-IP address based forwarding, EtherChannel 29-7 destination-MAC address forwarding, EtherChannel 29-7 detecting indirect link failures, STP 17-6 78-16156-01 device discovery protocol 21-1 Device Manager 3-15 See also Switch Manager DHCP-based autoconfiguration client request message exchange 4-4 configuring client side 4-3 DNS 4-6 relay device 4-6 server-side 4-5 TFTP server 4-5 example 4-8 lease...
... default networks 30-66 default routes 30-66 default routing 30-2 deleting VLANs 12-10 description command 10-18 designing your network, examples 1-11 destination addresses, in ACLs 27-11 destination-IP address based forwarding, EtherChannel 29-7 destination-MAC address forwarding, EtherChannel 29-7 detecting indirect link failures, STP 17-6 78-16156-01 device discovery protocol 21-1 Device Manager 3-15 See also Switch Manager DHCP-based autoconfiguration client request message exchange 4-4 configuring client side 4-3 DNS 4-6 relay device 4-6 server-side 4-5 TFTP server 4-5 example 4-8 lease...