Software Configuration Guide
Page 1
Catalyst 3560 Switch Software Configuration Guide Cisco IOS Release 12.1(19)EA1 January 2004 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7816156= Text Part Number: 78-16156-01
Catalyst 3560 Switch Software Configuration Guide Cisco IOS Release 12.1(19)EA1 January 2004 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7816156= Text Part Number: 78-16156-01
Software Configuration Guide
Page 2
...site are registered trademarks of their respective owners. and certain other company. (0304R) Catalyst 3560 Switch Software Configuration Guide Copyright © 2004 Cisco Systems, Inc. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE .... and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, ...
...site are registered trademarks of their respective owners. and certain other company. (0304R) Catalyst 3560 Switch Software Configuration Guide Copyright © 2004 Cisco Systems, Inc. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE .... and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, ...
Software Configuration Guide
Page 3
... xxxvi Documentation Feedback xxxvi Obtaining Technical Assistance xxxvi Cisco TAC Website xxxvii Opening a TAC Case xxxvii TAC Case Priority Definitions xxxvii Obtaining Additional Publications and Information xxxviii Overview 1-1 Features 1-1 Default Settings After Initial Switch Configuration 1-9 Network Configuration Examples 1-11 Design Concepts for Using the Switch 1-11 Small to Medium-Sized Network Using Catalyst...
... xxxvi Documentation Feedback xxxvi Obtaining Technical Assistance xxxvi Cisco TAC Website xxxvii Opening a TAC Case xxxvii TAC Case Priority Definitions xxxvii Obtaining Additional Publications and Information xxxviii Overview 1-1 Features 1-1 Default Settings After Initial Switch Configuration 1-9 Network Configuration Examples 1-11 Design Concepts for Using the Switch 1-11 Small to Medium-Sized Network Using Catalyst...
Software Configuration Guide
Page 4
...View 3-2 CMS Menu Bar, Toolbar, and Feature Bar 3-2 Online Help 3-5 Configuration Modes 3-5 Guide Mode 3-5 Expert Mode 3-6 Wizards 3-6 Privilege Levels 3-7 Access to Older Switches In a Cluster 3-7 Configuring CMS 3-8 CMS Requirements 3-8 Minimum Hardware Configuration 3-8 Operating System and Browser Support 3-9 CMS Plug-In Requirements 3-9 Cross-Platform Considerations 3-10 HTTP Access...CMS 3-10 Specifying an HTTP Port (Nondefault Configuration Only) 3-10 Configuring an Authentication Method (Nondefault Configuration Only) 3-10 Catalyst 3560 Switch Software Configuration Guide iv 78-16156-01
...View 3-2 CMS Menu Bar, Toolbar, and Feature Bar 3-2 Online Help 3-5 Configuration Modes 3-5 Guide Mode 3-5 Expert Mode 3-6 Wizards 3-6 Privilege Levels 3-7 Access to Older Switches In a Cluster 3-7 Configuring CMS 3-8 CMS Requirements 3-8 Minimum Hardware Configuration 3-8 Operating System and Browser Support 3-9 CMS Plug-In Requirements 3-9 Cross-Platform Considerations 3-10 HTTP Access...CMS 3-10 Specifying an HTTP Port (Nondefault Configuration Only) 3-10 Configuring an Authentication Method (Nondefault Configuration Only) 3-10 Catalyst 3560 Switch Software Configuration Guide iv 78-16156-01
Software Configuration Guide
Page 5
...CMS 3-11 Front Panel View 3-14 Topology View 3-15 CMS Icons 3-16 Where to Go Next 3-16 Assigning the Switch IP Address and Default Gateway 4-1 Understanding the Boot Process 4-1 Assigning Switch Information 4-2 Default Switch Information 4-3 Understanding DHCP-Based Autoconfiguration 4-3 DHCP Client Request Process 4-4 Configuring DHCP-Based Autoconfiguration 4-4 Configuring the DHCP Server 4-5... 4-14 Scheduling a Reload of the Software Image 4-16 Configuring a Scheduled Reload 4-16 Displaying Scheduled Reload Information 4-17 78-16156-01 Catalyst 3560 Switch Software Configuration Guide v
...CMS 3-11 Front Panel View 3-14 Topology View 3-15 CMS Icons 3-16 Where to Go Next 3-16 Assigning the Switch IP Address and Default Gateway 4-1 Understanding the Boot Process 4-1 Assigning Switch Information 4-2 Default Switch Information 4-3 Understanding DHCP-Based Autoconfiguration 4-3 DHCP Client Request Process 4-4 Configuring DHCP-Based Autoconfiguration 4-4 Configuring the DHCP Server 4-5... 4-14 Scheduling a Reload of the Software Image 4-16 Configuring a Scheduled Reload 4-16 Displaying Scheduled Reload Information 4-17 78-16156-01 Catalyst 3560 Switch Software Configuration Guide v
Software Configuration Guide
Page 6
...-Capable and Noncluster-Capable Devices 5-6 Discovery Through Different VLANs 5-7 Discovery Through Different Management VLANs 5-7 Discovery Through Routed Ports 5-8 Discovery of Newly Installed Switches 5-9 HSRP and Standby Cluster Command Switches 5-10 Virtual IP Addresses 5-11 Other Considerations for Cluster Standby Groups 5-11 Automatic Recovery of Cluster Configuration 5-12 IP Addresses 5-13 Host Names...
...-Capable and Noncluster-Capable Devices 5-6 Discovery Through Different VLANs 5-7 Discovery Through Different Management VLANs 5-7 Discovery Through Routed Ports 5-8 Discovery of Newly Installed Switches 5-9 HSRP and Standby Cluster Command Switches 5-10 Virtual IP Addresses 5-11 Other Considerations for Cluster Standby Groups 5-11 Automatic Recovery of Cluster Configuration 5-12 IP Addresses 5-13 Host Names...
Software Configuration Guide
Page 7
6 C H A P T E R Administering the Switch 6-1 Managing the System Time and Date 6-1 Understanding the System Clock 6-2 Understanding Network Time Protocol 6-2 Configuring NTP 6-4 Default NTP Configuration 6-4 Configuring NTP Authentication 6-5 Configuring NTP Associations 6-6 ... Configuration 6-22 Changing the Address Aging Time 6-22 Removing Dynamic Address Entries 6-23 Configuring MAC Address Notification Traps 6-23 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide vii
6 C H A P T E R Administering the Switch 6-1 Managing the System Time and Date 6-1 Understanding the System Clock 6-2 Understanding Network Time Protocol 6-2 Configuring NTP 6-4 Default NTP Configuration 6-4 Configuring NTP Authentication 6-5 Configuring NTP Associations 6-6 ... Configuration 6-22 Changing the Address Aging Time 6-22 Removing Dynamic Address Entries 6-23 Configuring MAC Address Notification Traps 6-23 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide vii
Software Configuration Guide
Page 8
... 7-2 SDM Template Configuration Guidelines 7-2 Setting the SDM Template 7-3 Displaying the SDM Templates 7-4 Configuring Switch-Based Authentication 8-1 Preventing Unauthorized Access to Your Switch 8-1 Protecting Access to Privileged EXEC Commands 8-2 Default Password and Privilege Level Configuration 8-2 Setting or ...Level for a Command 8-8 Changing the Default Privilege Level for Lines 8-9 Logging into and Exiting a Privilege Level 8-10 Controlling Switch Access with TACACS+ 8-10 Understanding TACACS+ 8-10 TACACS+ Operation 8-12 Configuring TACACS+ 8-13 Default TACACS+ Configuration 8-13 ...
... 7-2 SDM Template Configuration Guidelines 7-2 Setting the SDM Template 7-3 Displaying the SDM Templates 7-4 Configuring Switch-Based Authentication 8-1 Preventing Unauthorized Access to Your Switch 8-1 Protecting Access to Privileged EXEC Commands 8-2 Default Password and Privilege Level Configuration 8-2 Setting or ...Level for a Command 8-8 Changing the Default Privilege Level for Lines 8-9 Logging into and Exiting a Privilege Level 8-10 Controlling Switch Access with TACACS+ 8-10 Understanding TACACS+ 8-10 TACACS+ Operation 8-12 Configuring TACACS+ 8-13 Default TACACS+ Configuration 8-13 ...
Software Configuration Guide
Page 9
...Configuring Settings for All RADIUS Servers 8-29 Configuring the Switch to Use Vendor-Specific RADIUS Attributes 8-29 Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 8-31 Displaying the RADIUS Configuration 8-31 Controlling Switch Access with Kerberos 8-32 Understanding Kerberos 8-32 Kerberos ...SSH Servers, Integrated Clients, and Supported Versions 8-38 Limitations 8-38 Configuring SSH 8-39 Configuration Guidelines 8-39 Setting Up the Switch to Run SSH 8-39 Configuring the SSH Server 8-40 Displaying the SSH Configuration and Status 8-41 Configuring 802.1X Port-...
...Configuring Settings for All RADIUS Servers 8-29 Configuring the Switch to Use Vendor-Specific RADIUS Attributes 8-29 Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 8-31 Displaying the RADIUS Configuration 8-31 Controlling Switch Access with Kerberos 8-32 Understanding Kerberos 8-32 Kerberos ...SSH Servers, Integrated Clients, and Supported Versions 8-38 Limitations 8-38 Configuring SSH 8-39 Configuration Guidelines 8-39 Setting Up the Switch to Run SSH 8-39 Configuring the SSH Server 8-40 Displaying the SSH Configuration and Status 8-41 Configuring 802.1X Port-...
Software Configuration Guide
Page 10
... 802.1X Authentication 9-9 Default 802.1X Configuration 9-10 802.1X Configuration Guidelines 9-11 Configuring 802.1X Authentication 9-11 Configuring the Switch-to-RADIUS-Server Communication 9-13 Configuring Periodic Re-Authentication 9-14 Manually Re-Authenticating a Client Connected to a Port 9-14 Changing the... Quiet Period 9-15 Changing the Switch-to-Client Retransmission Time 9-15 Setting the Switch-to-Client Frame-Retransmission Number 9-16 Configuring the Host Mode 9-17 Configuring a Guest VLAN 9-18 Resetting the...
... 802.1X Authentication 9-9 Default 802.1X Configuration 9-10 802.1X Configuration Guidelines 9-11 Configuring 802.1X Authentication 9-11 Configuring the Switch-to-RADIUS-Server Communication 9-13 Configuring Periodic Re-Authentication 9-14 Manually Re-Authenticating a Client Connected to a Port 9-14 Changing the... Quiet Period 9-15 Changing the Switch-to-Client Retransmission Time 9-15 Setting the Switch-to-Client Frame-Retransmission Number 9-16 Configuring the Host Mode 9-17 Configuring a Guest VLAN 9-18 Resetting the...
Software Configuration Guide
Page 11
...-8 Creating or Modifying an Ethernet VLAN 12-8 Deleting a VLAN 12-10 Assigning Static-Access Ports to a VLAN 12-11 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xi
...-8 Creating or Modifying an Ethernet VLAN 12-8 Deleting a VLAN 12-10 Assigning Static-Access Ports to a VLAN 12-11 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xi
Software Configuration Guide
Page 12
... the Retry Count 12-32 Monitoring the VMPS 12-32 Troubleshooting Dynamic-Access Port VLAN Membership 12-33 VMPS Configuration Example 12-33 Catalyst 3560 Switch Software Configuration Guide xii 78-16156-01
... the Retry Count 12-32 Monitoring the VMPS 12-32 Troubleshooting Dynamic-Access Port VLAN Membership 12-33 VMPS Configuration Example 12-33 Catalyst 3560 Switch Software Configuration Guide xii 78-16156-01
Software Configuration Guide
Page 14
...Interface States 15-4 Blocking State 15-6 Listening State 15-6 Learning State 15-6 Forwarding State 15-6 Disabled State 15-7 How a Switch or Port Becomes the Root Switch or Root Port 15-7 Spanning Tree and Redundant Connectivity 15-8 Spanning-Tree Address Management 15-8 Accelerated Aging to Retain Connectivity 15...Spanning-Tree Mode 15-13 Disabling Spanning Tree 15-14 Configuring the Root Switch 15-14 Configuring a Secondary Root Switch 15-16 Configuring Port Priority 15-17 Configuring Path Cost 15-18 Configuring the Switch Priority of a VLAN 15-19 Configuring Spanning-Tree Timers 15-20 ...
...Interface States 15-4 Blocking State 15-6 Listening State 15-6 Learning State 15-6 Forwarding State 15-6 Disabled State 15-7 How a Switch or Port Becomes the Root Switch or Root Port 15-7 Spanning Tree and Redundant Connectivity 15-8 Spanning-Tree Address Management 15-8 Accelerated Aging to Retain Connectivity 15...Spanning-Tree Mode 15-13 Disabling Spanning Tree 15-14 Configuring the Root Switch 15-14 Configuring a Secondary Root Switch 15-16 Configuring Port Priority 15-17 Configuring Path Cost 15-18 Configuring the Switch Priority of a VLAN 15-19 Configuring Spanning-Tree Timers 15-20 ...
Software Configuration Guide
Page 15
... Guidelines 16-12 Specifying the MST Region Configuration and Enabling MSTP 16-13 Configuring the Root Switch 16-14 Configuring a Secondary Root Switch 16-16 Configuring Port Priority 16-17 Configuring Path Cost 16-18 Configuring the Switch Priority 16-19 Configuring the Hello Time 16-19 Configuring the Forwarding-Delay Time 16... Optional Spanning-Tree Features 17-1 Understanding Optional Spanning-Tree Features 17-1 Understanding Port Fast 17-2 Understanding BPDU Guard 17-3 Understanding BPDU Filtering 17-3 Catalyst 3560 Switch Software Configuration Guide xv
... Guidelines 16-12 Specifying the MST Region Configuration and Enabling MSTP 16-13 Configuring the Root Switch 16-14 Configuring a Secondary Root Switch 16-16 Configuring Port Priority 16-17 Configuring Path Cost 16-18 Configuring the Switch Priority 16-19 Configuring the Hello Time 16-19 Configuring the Forwarding-Delay Time 16... Optional Spanning-Tree Features 17-1 Understanding Optional Spanning-Tree Features 17-1 Understanding Port Fast 17-2 Understanding BPDU Guard 17-3 Understanding BPDU Filtering 17-3 Catalyst 3560 Switch Software Configuration Guide xv
Software Configuration Guide
Page 16
... Report Suppression 19-6 Configuring IGMP Snooping 19-6 Default IGMP Snooping Configuration 19-7 Enabling or Disabling IGMP Snooping 19-7 Setting the Snooping Method 19-8 Catalyst 3560 Switch Software Configuration Guide xvi 78-16156-01
... Report Suppression 19-6 Configuring IGMP Snooping 19-6 Default IGMP Snooping Configuration 19-7 Enabling or Disabling IGMP Snooping 19-7 Setting the Snooping Method 19-8 Catalyst 3560 Switch Software Configuration Guide xvi 78-16156-01
Software Configuration Guide
Page 17
... Interface 20-6 Configuring Port Security 20-7 Understanding Port Security 20-7 Secure MAC Addresses 20-8 Security Violations 20-9 Default Port Security Configuration 20-10 Catalyst 3560 Switch Software Configuration Guide xvii
... Interface 20-6 Configuring Port Security 20-7 Understanding Port Security 20-7 Secure MAC Addresses 20-8 Security Violations 20-9 Default Port Security Configuration 20-10 Catalyst 3560 Switch Software Configuration Guide xvii
Software Configuration Guide
Page 18
...-2 SPAN and RSPAN Concepts and Terminology 23-3 SPAN Sessions 23-3 Monitored Traffic 23-4 Source Ports 23-5 Source VLANs 23-6 VLAN Filtering 23-6 xviii Catalyst 3560 Switch Software Configuration Guide 78-16156-01
...-2 SPAN and RSPAN Concepts and Terminology 23-3 SPAN Sessions 23-3 Monitored Traffic 23-4 Source Ports 23-5 Source VLANs 23-6 VLAN Filtering 23-6 xviii Catalyst 3560 Switch Software Configuration Guide 78-16156-01
Software Configuration Guide
Page 19
... and Disabling Time Stamps on Log Messages 25-7 Enabling and Disabling Sequence Numbers in Log Messages 25-7 Defining the Message Severity Level 25-8 Catalyst 3560 Switch Software Configuration Guide xix
... and Disabling Time Stamps on Log Messages 25-7 Enabling and Disabling Sequence Numbers in Log Messages 25-7 Defining the Message Severity Level 25-8 Catalyst 3560 Switch Software Configuration Guide xix
Software Configuration Guide
Page 20
... 27-6 Creating Standard and Extended IP ACLs 27-7 Access List Numbers 27-7 Creating a Numbered Standard ACL 27-8 Creating a Numbered Extended ACL 27-10 Catalyst 3560 Switch Software Configuration Guide xx 78-16156-01
... 27-6 Creating Standard and Extended IP ACLs 27-7 Access List Numbers 27-7 Creating a Numbered Standard ACL 27-8 Creating a Numbered Extended ACL 27-10 Catalyst 3560 Switch Software Configuration Guide xx 78-16156-01
Software Configuration Guide
Page 21
... Using VLAN Maps with Router ACLs 27-36 Guidelines 27-36 Examples of Router ACLs and VLAN Maps Applied to VLANs 27-37 ACLs and Switched Packets 27-37 ACLs and Bridged Packets 27-38 ACLs and Routed Packets 27-38 ACLs and Multicast Packets 27-39 Displaying ACL Configuration 27... Model 28-3 Classification 28-4 Classification Based on QoS ACLs 28-7 Classification Based on Class Maps and Policy Maps 28-7 Policing and Marking 28-8 Catalyst 3560 Switch Software Configuration Guide xxi
... Using VLAN Maps with Router ACLs 27-36 Guidelines 27-36 Examples of Router ACLs and VLAN Maps Applied to VLANs 27-37 ACLs and Switched Packets 27-37 ACLs and Bridged Packets 27-38 ACLs and Routed Packets 27-38 ACLs and Multicast Packets 27-39 Displaying ACL Configuration 27... Model 28-3 Classification 28-4 Classification Based on QoS ACLs 28-7 Classification Based on Class Maps and Policy Maps 28-7 Policing and Marking 28-8 Catalyst 3560 Switch Software Configuration Guide xxi