Software Configuration Guide
Page 10
... Ports 10-2 Access Ports 10-2 Trunk Ports 10-3 Routed Ports 10-3 Switch Virtual Interfaces 10-4 EtherChannel Port Groups 10-5 Connecting Interfaces 10-5 Using Interface Configuration Mode 10-6 Procedures for Configuring Interfaces 10-7 Configuring a Range of Interfaces 10-8 Configuring and Using Interface Range Macros 10-9 Configuring Ethernet Interfaces 10-11 Default Ethernet Interface Configuration 10-11 Configuring Interface Speed and Duplex Mode 10-12 Configuration Guidelines 10-13 Setting the Interface Speed and Duplex Parameters 10-13 Catalyst 3560 Switch Software Configuration Guide...
... Ports 10-2 Access Ports 10-2 Trunk Ports 10-3 Routed Ports 10-3 Switch Virtual Interfaces 10-4 EtherChannel Port Groups 10-5 Connecting Interfaces 10-5 Using Interface Configuration Mode 10-6 Procedures for Configuring Interfaces 10-7 Configuring a Range of Interfaces 10-8 Configuring and Using Interface Range Macros 10-9 Configuring Ethernet Interfaces 10-11 Default Ethernet Interface Configuration 10-11 Configuring Interface Speed and Duplex Mode 10-12 Configuration Guidelines 10-13 Setting the Interface Speed and Duplex Parameters 10-13 Catalyst 3560 Switch Software Configuration Guide...
Software Configuration Guide
Page 33
... using this release and to the Catalyst 3560 Switch Hardware Installation Guide. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xxxiii It includes Layer 2+ features and full Layer 3 routing (IP unicast routing, IP multicast routing, and fallback bridging). This guide does not describe system messages you create and manage clusters of service (QoS), static routing, and the Routing Information Protocol (RIP). Preface Audience This guide is for the networking professional managing the Catalyst 3560 switch, hereafter referred to the Catalyst 3560 Switch Command Reference...
... using this release and to the Catalyst 3560 Switch Hardware Installation Guide. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xxxiii It includes Layer 2+ features and full Layer 3 routing (IP unicast routing, IP multicast routing, and fallback bridging). This guide does not describe system messages you create and manage clusters of service (QoS), static routing, and the Routing Information Protocol (RIP). Preface Audience This guide is for the networking professional managing the Catalyst 3560 switch, hereafter referred to the Catalyst 3560 Switch Command Reference...
Software Configuration Guide
Page 40
...; Layer 3 Features, page 1-8 (includes features requiring the EMI) • Power over Ethernet (PoE) Features, page 1-8 • Monitoring Features, page 1-9 Ease-of-Use and Ease-of-Deployment Features • Express Setup for quickly configuring a switch for the first time with basic IP information, contact information, switch and Telnet passwords, and Simple Network Management Protocol (SNMP) information through a supported web browser from anywhere in configuring complex features such as VLANs, ACLs, and quality of service (QoS...
...; Layer 3 Features, page 1-8 (includes features requiring the EMI) • Power over Ethernet (PoE) Features, page 1-8 • Monitoring Features, page 1-9 Ease-of-Use and Ease-of-Deployment Features • Express Setup for quickly configuring a switch for the first time with basic IP information, contact information, switch and Telnet passwords, and Simple Network Management Protocol (SNMP) information through a supported web browser from anywhere in configuring complex features such as VLANs, ACLs, and quality of service (QoS...
Software Configuration Guide
Page 41
...) full duplex of bandwidth between switches, routers, and servers • Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic creation of EtherChannel links • Forwarding of Layer 2 and Layer 3 packets at Gigabit line rate • Per-port storm control for preventing broadcast, multicast, and unicast storms • Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast traffic • Cisco Group Management Protocol (CGMP) server support and Internet Group Management Protocol (IGMP) snooping for IGMP versions...
...) full duplex of bandwidth between switches, routers, and servers • Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic creation of EtherChannel links • Forwarding of Layer 2 and Layer 3 packets at Gigabit line rate • Per-port storm control for preventing broadcast, multicast, and unicast storms • Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast traffic • Cisco Group Management Protocol (CGMP) server support and Internet Group Management Protocol (IGMP) snooping for IGMP versions...
Software Configuration Guide
Page 44
... port security for managing network security through a TACACS server Catalyst 3560 Switch Software Configuration Guide 1-6 78-16156-01 Note The Kerberos feature listed in this feature enabled, no user traffic is , supports encryption) versions of the SMI and EMI. • Password-protected access (read-only and read-write access) to management interfaces (CMS and CLI) for protection against unauthorized configuration changes • Multilevel security for a choice of security level, notification, and resulting actions • Static MAC addressing...
... port security for managing network security through a TACACS server Catalyst 3560 Switch Software Configuration Guide 1-6 78-16156-01 Note The Kerberos feature listed in this feature enabled, no user traffic is , supports encryption) versions of the SMI and EMI. • Password-protected access (read-only and read-write access) to management interfaces (CMS and CLI) for protection against unauthorized configuration changes • Multilevel security for a choice of security level, notification, and resulting actions • Static MAC addressing...
Software Configuration Guide
Page 90
... -config Building configuration... version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no switchport ip address 172.20.137.50 255.255.255.0 ! interface gigabitethernet0/2 mvr type source ...! interface VLAN1 4-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Current configuration: 1363 bytes ! Verify your entries. (Optional) Save your connection to the switch will be lost. For information on setting the switch system name, protecting access to privileged EXEC mode. Checking and Saving...
... -config Building configuration... version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no switchport ip address 172.20.137.50 255.255.255.0 ! interface gigabitethernet0/2 mvr type source ...! interface VLAN1 4-10 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Current configuration: 1363 bytes ! Verify your entries. (Optional) Save your connection to the switch will be lost. For information on setting the switch system name, protecting access to privileged EXEC mode. Checking and Saving...
Software Configuration Guide
Page 169
...: • enable-Use the enable password for authentication. Before you can use this cycle-meaning that method fails to respond, the software selects the next authentication method in this authentication method, you want to configure login authentication: Step 1 Step 2 Step 3 Command configure terminal aaa new-model aaa authentication login {default | list-name} method1 [method2...] Step 4 line [console | tty | vty] line-number [ending-line-number] Purpose Enter global configuration mode. Create a login authentication method list. • To create a default list that...
...: • enable-Use the enable password for authentication. Before you can use this cycle-meaning that method fails to respond, the software selects the next authentication method in this authentication method, you want to configure login authentication: Step 1 Step 2 Step 3 Command configure terminal aaa new-model aaa authentication login {default | list-name} method1 [method2...] Step 4 line [console | tty | vty] line-number [ending-line-number] Purpose Enter global configuration mode. Create a login authentication method list. • To create a default list that...
Software Configuration Guide
Page 204
... Windows 98 systems, might be 802.1X-capable. Incoming packets received on the user identity and sends them to a standard ACL. Incoming routed packets received on the RADIUS server. Outgoing routed packets are allowed access when the switch port is applied to the network. These vendor-specific attributes (VSAs) are created by the router ACL. The VSAs used for per -user configuration stored on other ports are passed to the guest VLAN. MAC ACLs are supported...
... Windows 98 systems, might be 802.1X-capable. Incoming packets received on the user identity and sends them to a standard ACL. Incoming routed packets received on the RADIUS server. Outgoing routed packets are allowed access when the switch port is applied to the network. These vendor-specific attributes (VSAs) are created by the router ACL. The VSAs used for per -user configuration stored on other ports are passed to the guest VLAN. MAC ACLs are supported...
Software Configuration Guide
Page 227
... Catalyst 3560 Switch Software Configuration Guide 10-11 Speed Autonegotiate. Port blocking (unknown multicast Disabled (not blocked) (Layer 2 interfaces only). See the and unknown unicast traffic) "Configuring Port Blocking" section on an Interface, page 10-16 • Adding a Description for sent packets. Allowed VLAN range VLANs 1 - 4094. This shuts down the interface and then re-enables it, which the interface is set to put the interface into Layer 2 mode. Native VLAN (for access ports) VLAN 1 (Layer 2 interfaces only). Furthermore, when you use this command...
... Catalyst 3560 Switch Software Configuration Guide 10-11 Speed Autonegotiate. Port blocking (unknown multicast Disabled (not blocked) (Layer 2 interfaces only). See the and unknown unicast traffic) "Configuring Port Blocking" section on an Interface, page 10-16 • Adding a Description for sent packets. Allowed VLAN range VLANs 1 - 4094. This shuts down the interface and then re-enables it, which the interface is set to put the interface into Layer 2 mode. Native VLAN (for access ports) VLAN 1 (Layer 2 interfaces only). Furthermore, when you use this command...
Software Configuration Guide
Page 261
... interface able to convert the link to negotiate trunking with the neighboring interface. Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP), which could cause misconfigurations. Chapter 12 Configuring VLANs Figure 12-2 Switches in the same VTP domain. The default switchport mode for all Ethernet interfaces is set an interface as trunking or nontrunking or to a trunk link. The interface becomes a trunk interface if the neighboring interface is dynamic auto. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide...
... interface able to convert the link to negotiate trunking with the neighboring interface. Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP), which could cause misconfigurations. Chapter 12 Configuring VLANs Figure 12-2 Switches in the same VTP domain. The default switchport mode for all Ethernet interfaces is set an interface as trunking or nontrunking or to a trunk link. The interface becomes a trunk interface if the neighboring interface is dynamic auto. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide...
Software Configuration Guide
Page 265
... to configure a port as a static-access port. To return an interface to its default configuration, use the switchport mode access interface configuration command to remove specific VLANs from all trunking characteristics of spanning-tree loops or storms, you can use the VLAN 1 minimization feature to VLAN 1, regardless of the new VLAN. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12-21 The example assumes that VLAN 1 always be added to disable VLAN 1 on any individual VLAN trunk link so that no switchport trunk interface configuration command. Switch(config...
... to configure a port as a static-access port. To return an interface to its default configuration, use the switchport mode access interface configuration command to remove specific VLANs from all trunking characteristics of spanning-tree loops or storms, you can use the VLAN 1 minimization feature to VLAN 1, regardless of the new VLAN. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12-21 The example assumes that VLAN 1 always be added to disable VLAN 1 on any individual VLAN trunk link so that no switchport trunk interface configuration command. Switch(config...
Software Configuration Guide
Page 312
... same spanning-tree instances by setting up allowed lists is carried on a per-VLAN basis) Spanning-tree timers Default Setting 1000 Mbps: 4. 100 Mbps: 19. 10 Mbps: 100. 128. 1000 Mbps: 4. 100 Mbps: 19. 10 Mbps: 100. Configuring Spanning-Tree Features Chapter 15 Configuring STP Table 15-3 Default Spanning-Tree Configuration (continued) Feature Spanning-tree port cost (configurable on a per-interface basis) Spanning-tree VLAN port priority (configurable on a per-VLAN basis) Spanning-tree VLAN port cost (configurable on all the loops in a broadcast storm. Forward-delay time...
... same spanning-tree instances by setting up allowed lists is carried on a per-VLAN basis) Spanning-tree timers Default Setting 1000 Mbps: 4. 100 Mbps: 19. 10 Mbps: 100. 128. 1000 Mbps: 4. 100 Mbps: 19. 10 Mbps: 100. Configuring Spanning-Tree Features Chapter 15 Configuring STP Table 15-3 Default Spanning-Tree Configuration (continued) Feature Spanning-tree port cost (configurable on a per-interface basis) Spanning-tree VLAN port priority (configurable on a per-VLAN basis) Spanning-tree VLAN port cost (configurable on all the loops in a broadcast storm. Forward-delay time...
Software Configuration Guide
Page 376
Setting the Snooping Method Multicast-capable router ports are CGMP proxy-enabled, you want to dynamically access the router. Note If you must enter the ip cgmp router-only command to use CGMP as the learning method and no multicast routers in the configuration file. 19-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Specify the multicast router learning method: • cgmp-Listen for the specified VLAN number. Verify the configuration. (Optional) Save your entries in the...
Setting the Snooping Method Multicast-capable router ports are CGMP proxy-enabled, you want to dynamically access the router. Note If you must enter the ip cgmp router-only command to use CGMP as the learning method and no multicast routers in the configuration file. 19-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Specify the multicast router learning method: • cgmp-Listen for the specified VLAN number. Verify the configuration. (Optional) Save your entries in the...
Software Configuration Guide
Page 381
... data and client ports that the MVR hosts have explicitly joined, either by IGMP reports or by MVR hosts is supported. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 19-13 This eliminates using wide-scale deployment of multicast traffic across an Ethernet ring-based service provider network (for example, the broadcast of multiple television channels over a service-provider network). This forwarding behavior selectively allows traffic to a multicast stream on the network-wide multicast VLAN. Also, IGMP...
... data and client ports that the MVR hosts have explicitly joined, either by IGMP reports or by MVR hosts is supported. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 19-13 This eliminates using wide-scale deployment of multicast traffic across an Ethernet ring-based service provider network (for example, the broadcast of multiple television channels over a service-provider network). This forwarding behavior selectively allows traffic to a multicast stream on the network-wide multicast VLAN. Also, IGMP...
Software Configuration Guide
Page 386
... multicast VLAN and the IP multicast address. mvr Enable MVR on the switch. The default configuration is a subscriber port and should only receive multicast data. mvr type {source | receiver} Configure an MVR port as a non-MVR port. A port statically configured as dynamic: Switch(config)# mvr Switch(config)# mvr group 228.1.23.4 Switch(config)# mvr querytime 10 Switch(config)# mvr vlan 22 Switch(config)# mvr mode dynamic Switch(config)# end You can also dynamically join multicast groups by using IGMP join and leave messages. 19-18 Catalyst 3560 Switch Software Configuration Guide...
... multicast VLAN and the IP multicast address. mvr Enable MVR on the switch. The default configuration is a subscriber port and should only receive multicast data. mvr type {source | receiver} Configure an MVR port as a non-MVR port. A port statically configured as dynamic: Switch(config)# mvr Switch(config)# mvr group 228.1.23.4 Switch(config)# mvr querytime 10 Switch(config)# mvr vlan 22 Switch(config)# mvr mode dynamic Switch(config)# end You can also dynamically join multicast groups by using IGMP join and leave messages. 19-18 Catalyst 3560 Switch Software Configuration Guide...
Software Configuration Guide
Page 428
... same switch. Traffic monitoring in a SPAN session has these traffic types: • Receive (Rx) SPAN-The goal of the RSPAN VLAN (see the "RSPAN VLAN" section on disabled ports; That is transmitted twice, once as normal traffic and once as a monitored packet. These features include IP standard and extended input access control lists (ACLs), ingress QoS policing, VLAN ACLs and egress QoS policing. 23-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 There can configure two separate SPAN or...
... same switch. Traffic monitoring in a SPAN session has these traffic types: • Receive (Rx) SPAN-The goal of the RSPAN VLAN (see the "RSPAN VLAN" section on disabled ports; That is transmitted twice, once as normal traffic and once as a monitored packet. These features include IP standard and extended input access control lists (ACLs), ingress QoS policing, VLAN ACLs and egress QoS policing. 23-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 There can configure two separate SPAN or...
Software Configuration Guide
Page 440
... ACLs on the RSPAN VLAN in the RSPAN source switches. • For RSPAN configuration, you should reserve a few VLANs across multiple switches in your network. • RSPAN does not support BPDU packet monitoring or other Layer 2 switch protocols. • The RSPAN VLAN is supported in all the switches. - The same RSPAN VLAN is used for an RSPAN session in all the participating switches. • Access ports (including voice VLAN ports) on Gigabit Ethernet trunk port 2, and send traffic...
... ACLs on the RSPAN VLAN in the RSPAN source switches. • For RSPAN configuration, you should reserve a few VLANs across multiple switches in your network. • RSPAN does not support BPDU packet monitoring or other Layer 2 switch protocols. • The RSPAN VLAN is supported in all the switches. - The same RSPAN VLAN is used for an RSPAN session in all the participating switches. • Access ports (including voice VLAN ports) on Gigabit Ethernet trunk port 2, and send traffic...
Software Configuration Guide
Page 445
... no monitor session session_number destination interface interface-id global configuration command. To remove a destination port from 1 to 66. The original VLAN ID is from the RSPAN session, use the no form of interfaces. enter a space before and after the hyphen. Verify the configuration. (Optional) Save the configuration in Step 4. Switch(config)# monitor session 2 source remote vlan 901 Switch(config)# monitor session 2 destination interface gigabitethernet0/2 ingress vlan 6 Switch(config)# end 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 23...
... no monitor session session_number destination interface interface-id global configuration command. To remove a destination port from 1 to 66. The original VLAN ID is from the RSPAN session, use the no form of interfaces. enter a space before and after the hyphen. Verify the configuration. (Optional) Save the configuration in Step 4. Switch(config)# monitor session 2 source remote vlan 901 Switch(config)# monitor session 2 destination interface gigabitethernet0/2 ingress vlan 6 Switch(config)# end 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 23...
Software Configuration Guide
Page 484
... are access-controlled through a routed port after being routed. An ACL contains an ordered list of service (QoS) classification ACLs. The switch supports IP ACLs and Ethernet (MAC) ACLs: • IP ACLs filter IP traffic, including TCP, User Datagram Protocol (UDP), Internet Group Management Protocol (IGMP), and Internet Control Message Protocol (ICMP). • Ethernet ACLs filter non-IP traffic. VLAN maps are not filtered. 27-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Other packets are configured to decide which types of the network. You...
... are access-controlled through a routed port after being routed. An ACL contains an ordered list of service (QoS) classification ACLs. The switch supports IP ACLs and Ethernet (MAC) ACLs: • IP ACLs filter IP traffic, including TCP, User Datagram Protocol (UDP), Internet Group Management Protocol (IGMP), and Internet Control Message Protocol (ICMP). • Ethernet ACLs filter non-IP traffic. VLAN maps are not filtered. 27-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Other packets are configured to decide which types of the network. You...
Software Configuration Guide
Page 539
... enable the expedite queue by using the show mls qos maps privileged EXEC command. However, the packet is again processed through software. • During policing, IP and non-IP packets can combine the commands described in the packet is not modified, but an indication of the marked-down value is not used for queueing and scheduling decisions. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide...
... enable the expedite queue by using the show mls qos maps privileged EXEC command. However, the packet is again processed through software. • During policing, IP and non-IP packets can combine the commands described in the packet is not modified, but an indication of the marked-down value is not used for queueing and scheduling decisions. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide...