Software Configuration Guide
Page 41
...-factor pluggable (SFP) modules, Gigabit Ethernet, and Gigabit EtherChannel connections. Unified configuration, monitoring, authentication, and software upgrade of multiple, cluster-capable switches, regardless of up to 8 Gbps (Gigabit EtherChannel) or 800 Mbps (Fast EtherChannel) full duplex of bandwidth between switches, routers, and servers • Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic creation of EtherChannel links • Forwarding of Layer 2 and Layer 3 packets at Gigabit line rate • Per-port storm control for preventing...
...-factor pluggable (SFP) modules, Gigabit Ethernet, and Gigabit EtherChannel connections. Unified configuration, monitoring, authentication, and software upgrade of multiple, cluster-capable switches, regardless of up to 8 Gbps (Gigabit EtherChannel) or 800 Mbps (Fast EtherChannel) full duplex of bandwidth between switches, routers, and servers • Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic creation of EtherChannel links • Forwarding of Layer 2 and Layer 3 packets at Gigabit line rate • Per-port storm control for preventing...
Software Configuration Guide
Page 42
... an SNMP-compatible management station that is running platforms such as HP OpenView or SunNet Manager. CMS is already installed on the network • Network Time Protocol (NTP) for providing a consistent time stamp to all file systems that the switch uses • In-band management access through its IP address and its corresponding Media Access Control (MAC) address • Unicast MAC address filtering to the switch console port or by connecting your network through a web browser such as CiscoWorks2000 LAN Management...
... an SNMP-compatible management station that is running platforms such as HP OpenView or SunNet Manager. CMS is already installed on the network • Network Time Protocol (NTP) for providing a consistent time stamp to all file systems that the switch uses • In-band management access through its IP address and its corresponding Media Access Control (MAC) address • Unicast MAC address filtering to the switch console port or by connecting your network through a web browser such as CiscoWorks2000 LAN Management...
Software Configuration Guide
Page 43
...; RPS support through a serial connection or a modem Note For additional descriptions of the management interfaces, see the "Network Configuration Examples" section on fiber-optic interfaces caused by the IEEE 802.1Q standard • VLAN Query Protocol (VQP) for dynamic VLAN membership 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-5 Chapter 1 Overview Features • In-band management access through SNMP versions 1 and 2c, and 3 get and set requests • Out-of-band management access through the switch console port to...
...; RPS support through a serial connection or a modem Note For additional descriptions of the management interfaces, see the "Network Configuration Examples" section on fiber-optic interfaces caused by the IEEE 802.1Q standard • VLAN Query Protocol (VQP) for dynamic VLAN membership 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 1-5 Chapter 1 Overview Features • In-band management access through SNMP versions 1 and 2c, and 3 get and set requests • Out-of-band management access through the switch console port to...
Software Configuration Guide
Page 44
... network moves, adds, and changes; Note The Kerberos feature listed in this feature enabled, no user traffic is , supports encryption) versions of the SMI and EMI. • Password-protected access (read-only and read-write access) to management interfaces (CMS and CLI) for protection against unauthorized configuration changes • Multilevel security for a choice of security level, notification, and resulting actions • Static MAC addressing for ensuring security • Protected port option for restricting the forwarding...
... network moves, adds, and changes; Note The Kerberos feature listed in this feature enabled, no user traffic is , supports encryption) versions of the SMI and EMI. • Password-protected access (read-only and read-write access) to management interfaces (CMS and CLI) for protection against unauthorized configuration changes • Multilevel security for a choice of security level, notification, and resulting actions • Static MAC addressing for ensuring security • Protected port option for restricting the forwarding...
Software Configuration Guide
Page 51
...-VLAN security and prevent unauthorized users from the Cisco IP Phones are configured on the switches. VLAN access control lists (VLAN maps) on 802.1P/Q. This network uses VLANs to logically segment the network into well-defined broadcast groups and for LRE information. Refer to the documentation sets specific to these switches for security management. When an end station in one VLAN needs to communicate with an end station in a predictable manner. Chapter 1 Overview Network Configuration Examples Table 1-3 Providing Network Services...
...-VLAN security and prevent unauthorized users from the Cisco IP Phones are configured on the switches. VLAN access control lists (VLAN maps) on 802.1P/Q. This network uses VLANs to logically segment the network into well-defined broadcast groups and for LRE information. Refer to the documentation sets specific to these switches for security management. When an end station in one VLAN needs to communicate with an end station in a predictable manner. Chapter 1 Overview Network Configuration Examples Table 1-3 Providing Network Services...
Software Configuration Guide
Page 83
...-01 Catalyst 3560 Switch Software Configuration Guide 4-3 The DHCP server or the DHCP server feature running on your switch. A relay device forwards broadcast traffic between two directly connected LANs. Otherwise, use the setup program described earlier. DHCP-based autoconfiguration replaces the BOOTP client functionality on the network, you should configure a DHCP relay. Disabled. No cluster name is Switch. DHCP is built on your switch can act as both a DHCP client and a DHCP server. No default gateway is automatically configured at startup with IP addresses...
...-01 Catalyst 3560 Switch Software Configuration Guide 4-3 The DHCP server or the DHCP server feature running on your switch. A relay device forwards broadcast traffic between two directly connected LANs. Otherwise, use the setup program described earlier. DHCP-based autoconfiguration replaces the BOOTP client functionality on the network, you should configure a DHCP relay. Disabled. No cluster name is Switch. DHCP is built on your switch can act as both a DHCP client and a DHCP server. No default gateway is automatically configured at startup with IP addresses...
Software Configuration Guide
Page 90
... next-hop router interface that is configured, the switch has connectivity to the remote networks with which a host needs to have a default gateway set. Return to privileged EXEC commands, and setting time and calendar services, see Chapter 6, "Administering the Switch." To remove the switch IP address, use the no ip address interface configuration command. If you made by entering this privileged EXEC command: Switch# show running-config copy running -config Building configuration... Current configuration: 1363 bytes ! interface VLAN1 4-10 Catalyst 3560 Switch Software...
... next-hop router interface that is configured, the switch has connectivity to the remote networks with which a host needs to have a default gateway set. Return to privileged EXEC commands, and setting time and calendar services, see Chapter 6, "Administering the Switch." To remove the switch IP address, use the no ip address interface configuration command. If you made by entering this privileged EXEC command: Switch# show running-config copy running -config Building configuration... Current configuration: 1363 bytes ! interface VLAN1 4-10 Catalyst 3560 Switch Software...
Software Configuration Guide
Page 145
... table. Static address entries are 1 to 4094. To return to the default value, use the clear mac address-table dynamic command in privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. Whenever the switch learns or removes a MAC address, an SNMP notification can also remove a specific MAC address (clear mac address-table dynamic address mac-address), remove all addresses on the specified physical port or port channel (clear mac address-table dynamic interface interface-id), or remove all dynamic entries, use the no mac address-table aging-time...
... table. Static address entries are 1 to 4094. To return to the default value, use the clear mac address-table dynamic command in privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. Whenever the switch learns or removes a MAC address, an SNMP notification can also remove a specific MAC address (clear mac address-table dynamic address mac-address), remove all addresses on the specified physical port or port channel (clear mac address-table dynamic interface interface-id), or remove all dynamic entries, use the no mac address-table aging-time...
Software Configuration Guide
Page 162
..., the range is defined. By default, no password is from 0 to 15. Return to the configure command, you can assign it level 2 security and distribute the level 2 password fairly widely. Catalyst 3560 Switch Software Configuration Guide 8-8 78-16156-01 Specify the enable password for each mode. You can configure up to 16 hierarchical levels of users to have access to the clear line command, you want more restricted group of users. For example, if...
..., the range is defined. By default, no password is from 0 to 15. Return to the configure command, you can assign it level 2 security and distribute the level 2 password fairly widely. Catalyst 3560 Switch Software Configuration Guide 8-8 78-16156-01 Specify the enable password for each mode. You can configure up to 16 hierarchical levels of users to have access to the clear line command, you want more restricted group of users. For example, if...
Software Configuration Guide
Page 204
...-authenticated user. The VSAs used for egress filtering. However, if you should carefully plan the user profiles stored on trunk ports; You can point to the switch. When the RADIUS server authenticates a user connected to an 802.1X port, it is not supported on the RADIUS server. The attribute contains the ACL number followed by default. Catalyst 3560 Switch Software Configuration Guide 9-8 78-16156-01 For more information, see the "Configuring a Guest VLAN...
...-authenticated user. The VSAs used for egress filtering. However, if you should carefully plan the user profiles stored on trunk ports; You can point to the switch. When the RADIUS server authenticates a user connected to an 802.1X port, it is not supported on the RADIUS server. The attribute contains the ACL number followed by default. Catalyst 3560 Switch Software Configuration Guide 9-8 78-16156-01 For more information, see the "Configuring a Guest VLAN...
Software Configuration Guide
Page 218
...you must use the vlan vlan-id global configuration command to enter config-vlan mode or the vlan database privileged EXEC command to which it can configure a port as a voice VLAN port). A VLAN comes into existence when a local port is saved in the switch startup configuration file by using the switchport interface configuration commands: • Identify the interface. • For a trunk port, set and define the VLAN to be an access port or a trunk port. Switch ports belong to the port. Traffic arriving on a trunk, or when a user creates a VLAN. Configure switch ports by...
...you must use the vlan vlan-id global configuration command to enter config-vlan mode or the vlan database privileged EXEC command to which it can configure a port as a voice VLAN port). A VLAN comes into existence when a local port is saved in the switch startup configuration file by using the switchport interface configuration commands: • Identify the interface. • For a trunk port, set and define the VLAN to be an access port or a trunk port. Switch ports belong to the port. Traffic arriving on a trunk, or when a user creates a VLAN. Configure switch ports by...
Software Configuration Guide
Page 225
... mode. Define the interface-range macro, and save it is entered. This example shows how to use the interface range global configuration command to set the speed on ports 1 to 4 to 100 Mbps: Switch# configure terminal Switch(config)# interface range fastgigabittethernet0/1 - 4 Switch(config-if-range)# speed 100 This example shows how to use a comma to add different interface type strings to the range to enable Fast Ethernet interfaces in the range 1 to 3 and Gigabit Ethernet interfaces 1 and 2 to receive flow control pause frames: Switch# configure terminal Switch(config)# interface range...
... mode. Define the interface-range macro, and save it is entered. This example shows how to use the interface range global configuration command to set the speed on ports 1 to 4 to 100 Mbps: Switch# configure terminal Switch(config)# interface range fastgigabittethernet0/1 - 4 Switch(config-if-range)# speed 100 This example shows how to use a comma to add different interface type strings to the range to enable Fast Ethernet interfaces in the range 1 to 3 and Gigabit Ethernet interfaces 1 and 2 to receive flow control pause frames: Switch# configure terminal Switch(config)# interface range...
Software Configuration Guide
Page 231
... control mode for this release. Return to the hardware installation guide. This example shows how to turn on flow control on a port: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# flowcontrol receive on Switch(config-if)# end Configuring Auto-MDIX on an Interface When automatic medium-dependent interface crossover (Auto-MDIX) is enabled on an interface, the interface automatically detects the required cable connection type (straight through cables to connect to devices such as servers, workstations, or routers and crossover cables to connect...
... control mode for this release. Return to the hardware installation guide. This example shows how to turn on flow control on a port: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# flowcontrol receive on Switch(config-if)# end Configuring Auto-MDIX on an Interface When automatic medium-dependent interface crossover (Auto-MDIX) is enabled on an interface, the interface automatically detects the required cable connection type (straight through cables to connect to devices such as servers, workstations, or routers and crossover cables to connect...
Software Configuration Guide
Page 254
... Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Configuring Normal-Range VLANs Chapter 12 Configuring VLANs Beginning in privileged EXEC mode, follow these steps to use VLAN configuration mode to create Ethernet VLAN 20, name it test20, and add it to the VLAN database: Switch# vlan database Switch(vlan)# vlan 20 name test20 Switch(vlan)# exit APPLY completed. vlan vlan-id mtu mtu-size (Optional) To modify a VLAN, identify the VLAN and change a characteristic, such as in the VLAN database. Exiting.... copy running-config startup config...
... Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Configuring Normal-Range VLANs Chapter 12 Configuring VLANs Beginning in privileged EXEC mode, follow these steps to use VLAN configuration mode to create Ethernet VLAN 20, name it test20, and add it to the VLAN database: Switch# vlan database Switch(vlan)# vlan 20 name test20 Switch(vlan)# exit APPLY completed. vlan vlan-id mtu mtu-size (Optional) To modify a VLAN, identify the VLAN and change a characteristic, such as in the VLAN database. Exiting.... copy running-config startup config...
Software Configuration Guide
Page 340
... interface configuration command. 16-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 If a loop occurs, the MSTP uses cost when selecting an interface to interfaces that you want selected last. The port-channel range is optional. A lower path cost represents higher-speed transmission. • For instance-id, you want selected first and higher cost values that are in the forwarding state and blocks the other interfaces...
... interface configuration command. 16-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 If a loop occurs, the MSTP uses cost when selecting an interface to interfaces that you want selected last. The port-channel range is optional. A lower path cost represents higher-speed transmission. • For instance-id, you want selected first and higher cost values that are in the forwarding state and blocks the other interfaces...
Software Configuration Guide
Page 630
... running-config interface [interface-id] copy running-config startup-config Purpose Enable RIP authentication. To prevent authentication, use the no ip rip authentication mode interface configuration command. Split horizon blocks information about routes from being advertised by a router on a network access server for dial-up clients, use plain text authentication (the default) or MD5 digest authentication. Note If split horizon is not recommended unless you want to properly advertise routes. To restore clear...
... running-config interface [interface-id] copy running-config startup-config Purpose Enable RIP authentication. To prevent authentication, use the no ip rip authentication mode interface configuration command. Split horizon blocks information about routes from being advertised by a router on a network access server for dial-up clients, use plain text authentication (the default) or MD5 digest authentication. Note If split horizon is not recommended unless you want to properly advertise routes. To restore clear...
Software Configuration Guide
Page 712
... always terminated by default. Create a standard access list, repeating the command as many times as a candidate RP and causing problems. Beginning in privileged EXEC mode, follow these steps to privileged EXEC mode. Recall that no ip pim rp-announce-filter rp-list access-list-number [group-list access-list-number] global configuration command. 32-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Configuring IP Multicast Routing Chapter 32 Configuring IP Multicast Routing Filtering Incoming RP Announcement Messages You can add configuration commands to the...
... always terminated by default. Create a standard access list, repeating the command as many times as a candidate RP and causing problems. Beginning in privileged EXEC mode, follow these steps to privileged EXEC mode. Recall that no ip pim rp-announce-filter rp-list access-list-number [group-list access-list-number] global configuration command. 32-16 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Configuring IP Multicast Routing Chapter 32 Configuring IP Multicast Routing Filtering Incoming RP Announcement Messages You can add configuration commands to the...
Software Configuration Guide
Page 746
... Configuring IP Multicast Routing Clearing Caches, Tables, and Databases You can remove all group entries the Catalyst switches have cached. Clearing a cache, table, or database might be necessary when the contents of the particular structure are or suspected to clear IP multicast caches, tables, and databases: Table 32-4 Commands for Displaying System and Network Statistics Command ping [group-name | group-address] show ip dvmrp route [ip-address] show ip igmp groups [group-name | group-address | type number] show ip igmp interface [type number...
... Configuring IP Multicast Routing Clearing Caches, Tables, and Databases You can remove all group entries the Catalyst switches have cached. Clearing a cache, table, or database might be necessary when the contents of the particular structure are or suspected to clear IP multicast caches, tables, and databases: Table 32-4 Commands for Displaying System and Network Statistics Command ping [group-name | group-address] show ip dvmrp route [ip-address] show ip igmp groups [group-name | group-address | type number] show ip igmp interface [type number...
Software Configuration Guide
Page 782
... user trying to reset a password when password recovery has been disabled, a status message shows this : The system has been interrupted prior to the switch console port. After recovering the password, reload the switch: Switch> reload Proceed with terminal-emulation software to initializing the flash file system. Press the Mode button, and at the same time, reconnect the power cord to the "Procedure with this during power-on and by using the service password-recovery global configuration command...
... user trying to reset a password when password recovery has been disabled, a status message shows this : The system has been interrupted prior to the switch console port. After recovering the password, reload the switch: Switch> reload Proceed with terminal-emulation software to initializing the flash file system. Press the Mode button, and at the same time, reconnect the power cord to the "Procedure with this during power-on and by using the service password-recovery global configuration command...
Software Configuration Guide
Page 859
... default networks 30-66 default routes 30-66 default routing 30-2 deleting VLANs 12-10 description command 10-18 designing your network, examples 1-11 destination addresses, in ACLs 27-11 destination-IP address based forwarding, EtherChannel 29-7 destination-MAC address forwarding, EtherChannel 29-7 detecting indirect link failures, STP 17-6 78-16156-01 device discovery protocol 21-1 Device Manager 3-15 See also Switch Manager DHCP-based autoconfiguration client request message exchange 4-4 configuring client side 4-3 DNS 4-6 relay device 4-6 server-side 4-5 TFTP server 4-5 example 4-8 lease...
... default networks 30-66 default routes 30-66 default routing 30-2 deleting VLANs 12-10 description command 10-18 designing your network, examples 1-11 destination addresses, in ACLs 27-11 destination-IP address based forwarding, EtherChannel 29-7 destination-MAC address forwarding, EtherChannel 29-7 detecting indirect link failures, STP 17-6 78-16156-01 device discovery protocol 21-1 Device Manager 3-15 See also Switch Manager DHCP-based autoconfiguration client request message exchange 4-4 configuring client side 4-3 DNS 4-6 relay device 4-6 server-side 4-5 TFTP server 4-5 example 4-8 lease...