Software Configuration Guide
Page 10
... Ports 10-2 Access Ports 10-2 Trunk Ports 10-3 Routed Ports 10-3 Switch Virtual Interfaces 10-4 EtherChannel Port Groups 10-5 Connecting Interfaces 10-5 Using Interface Configuration Mode 10-6 Procedures for Configuring Interfaces 10-7 Configuring a Range of Interfaces 10-8 Configuring and Using Interface Range Macros 10-9 Configuring Ethernet Interfaces 10-11 Default Ethernet Interface Configuration 10-11 Configuring Interface Speed and Duplex Mode 10-12 Configuration Guidelines 10-13 Setting the Interface Speed and Duplex Parameters 10-13 Catalyst 3560 Switch Software Configuration Guide...
... Ports 10-2 Access Ports 10-2 Trunk Ports 10-3 Routed Ports 10-3 Switch Virtual Interfaces 10-4 EtherChannel Port Groups 10-5 Connecting Interfaces 10-5 Using Interface Configuration Mode 10-6 Procedures for Configuring Interfaces 10-7 Configuring a Range of Interfaces 10-8 Configuring and Using Interface Range Macros 10-9 Configuring Ethernet Interfaces 10-11 Default Ethernet Interface Configuration 10-11 Configuring Interface Speed and Duplex Mode 10-12 Configuration Guidelines 10-13 Setting the Interface Speed and Duplex Parameters 10-13 Catalyst 3560 Switch Software Configuration Guide...
Software Configuration Guide
Page 33
...) Protocol. Preface Audience This guide is for the networking professional managing the Catalyst 3560 switch, hereafter referred to install your switch. For more information, refer to the Catalyst 3560 Switch System Message Guide for this release and to the Catalyst 3560 Switch Command Reference for configuring switches and switch clusters from CMS. For all CMS window descriptions and procedures, refer to the Cisco IOS documentation set of service (QoS), static routing, and the Routing Information Protocol (RIP). To distinguish...
...) Protocol. Preface Audience This guide is for the networking professional managing the Catalyst 3560 switch, hereafter referred to install your switch. For more information, refer to the Catalyst 3560 Switch System Message Guide for this release and to the Catalyst 3560 Switch Command Reference for configuring switches and switch clusters from CMS. For all CMS window descriptions and procedures, refer to the Cisco IOS documentation set of service (QoS), static routing, and the Routing Information Protocol (RIP). To distinguish...
Software Configuration Guide
Page 40
... switch-level monitoring and troubleshooting, and multiple switch software upgrades. - The system, redundant power system (RPS), and port LED colors on the images are similar to multiple ports and multiple switches at the same time, such as VLAN and QoS settings, inventory and statistic reports, link- Applying actions to those used on the front-panel images. Accomplishing multiple configuration tasks from a single CMS window without needing to remember command-line interface (CLI) commands to accomplish specific tasks. - Interactive guide mode that guides...
... switch-level monitoring and troubleshooting, and multiple switch software upgrades. - The system, redundant power system (RPS), and port LED colors on the images are similar to multiple ports and multiple switches at the same time, such as VLAN and QoS settings, inventory and statistic reports, link- Applying actions to those used on the front-panel images. Accomplishing multiple configuration tasks from a single CMS window without needing to remember command-line interface (CLI) commands to accomplish specific tasks. - Interactive guide mode that guides...
Software Configuration Guide
Page 41
... Ethernet, Fast Ethernet, Fast EtherChannel, small form-factor pluggable (SFP) modules, Gigabit Ethernet, and Gigabit EtherChannel connections. Chapter 1 Overview Features • Switch clustering technology for a list of up to 8 Gbps (Gigabit EtherChannel) or 800 Mbps (Fast EtherChannel) full duplex of bandwidth between switches, routers, and servers • Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic creation of EtherChannel links • Forwarding of Layer 2 and Layer 3 packets at Gigabit line rate • Per-port storm control...
... Ethernet, Fast Ethernet, Fast EtherChannel, small form-factor pluggable (SFP) modules, Gigabit Ethernet, and Gigabit EtherChannel connections. Chapter 1 Overview Features • Switch clustering technology for a list of up to 8 Gbps (Gigabit EtherChannel) or 800 Mbps (Fast EtherChannel) full duplex of bandwidth between switches, routers, and servers • Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic creation of EtherChannel links • Forwarding of Layer 2 and Layer 3 packets at Gigabit line rate • Per-port storm control...
Software Configuration Guide
Page 44
... state of broadcast and multicast traffic; Note The Kerberos feature listed in this feature enabled, no user traffic is , supports encryption) versions of the SMI and EMI. • Password-protected access (read-only and read-write access) to management interfaces (CMS and CLI) for protection against unauthorized configuration changes • Multilevel security for a choice of security level, notification, and resulting actions • Static MAC addressing for ensuring security •...
... state of broadcast and multicast traffic; Note The Kerberos feature listed in this feature enabled, no user traffic is , supports encryption) versions of the SMI and EMI. • Password-protected access (read-only and read-write access) to management interfaces (CMS and CLI) for protection against unauthorized configuration changes • Multilevel security for a choice of security level, notification, and resulting actions • Static MAC addressing for ensuring security •...
Software Configuration Guide
Page 90
... connection to the switch where a default gateway is configured, the switch has connectivity to the remote networks with unresolved destination IP addresses from the switch. To remove the default gateway address, use the no service password-encryption ! interface gigabitethernet0/1 no ip default-gateway global configuration command. Once the default gateway is being configured. Checking and Saving the Running Configuration You can check the configuration settings you entered or changes you are removing the address through a Telnet session, your entries in the configuration file...
... connection to the switch where a default gateway is configured, the switch has connectivity to the remote networks with unresolved destination IP addresses from the switch. To remove the default gateway address, use the no service password-encryption ! interface gigabitethernet0/1 no ip default-gateway global configuration command. Once the default gateway is being configured. Checking and Saving the Running Configuration You can check the configuration settings you entered or changes you are removing the address through a Telnet session, your entries in the configuration file...
Software Configuration Guide
Page 169
... create a default list that method fails to all defined methods are attempted. Enter line configuration mode, and configure the lines to which you must define a line password. if that is used when a named list is automatically applied to respond, the software selects the next authentication method in the login authentication command, use this authentication method, you want to configure login authentication: Step 1 Step 2 Step 3 Command configure terminal aaa new-model aaa authentication login {default | list-name...
... create a default list that method fails to all defined methods are attempted. Enter line configuration mode, and configure the lines to which you must define a line password. if that is used when a named list is automatically applied to respond, the software selects the next authentication method in the login authentication command, use this authentication method, you want to configure login authentication: Step 1 Step 2 Step 3 Command configure terminal aaa new-model aaa authentication login {default | list-name...
Software Configuration Guide
Page 204
... a VLAN, the port ACL takes precedence over a router ACL. The switch does not save RADIUS-specified ACLs in the user-configured access VLAN, and authentication is applied are supported on Layer 2 ports. When the port is over, if authentication fails, or if a link-down condition occurs. RADIUS supports per-user attributes, including vendor-specific attributes. Catalyst 3560 Switch Software Configuration Guide 9-8 78-16156-01 Understanding 802.1X Port-Based Authentication Chapter 9 Configuring 802.1X Port-Based Authentication Using 802.1X with ACLs." The...
... a VLAN, the port ACL takes precedence over a router ACL. The switch does not save RADIUS-specified ACLs in the user-configured access VLAN, and authentication is applied are supported on Layer 2 ports. When the port is over, if authentication fails, or if a link-down condition occurs. RADIUS supports per-user attributes, including vendor-specific attributes. Catalyst 3560 Switch Software Configuration Guide 9-8 78-16156-01 Understanding 802.1X Port-Based Authentication Chapter 9 Configuring 802.1X Port-Based Authentication Using 802.1X with ACLs." The...
Software Configuration Guide
Page 227
...-01 Catalyst 3560 Switch Software Configuration Guide 10-11 Default VLAN (for 802.1Q trunks) VLAN 1 (Layer 2 interfaces only). See the and unknown unicast traffic) "Configuring Port Blocking" section on all Ethernet ports. Native VLAN (for access ports) VLAN 1 (Layer 2 interfaces only). See Chapter 29, "Configuring EtherChannels." Flow control Flow control is connected. Port blocking (unknown multicast Disabled (not blocked) (Layer 2 interfaces only). Furthermore, when you use this command to receive: off for sent packets. Port enable state All ports are deleting any...
...-01 Catalyst 3560 Switch Software Configuration Guide 10-11 Default VLAN (for 802.1Q trunks) VLAN 1 (Layer 2 interfaces only). See the and unknown unicast traffic) "Configuring Port Blocking" section on all Ethernet ports. Native VLAN (for access ports) VLAN 1 (Layer 2 interfaces only). See Chapter 29, "Configuring EtherChannels." Flow control Flow control is connected. Port blocking (unknown multicast Disabled (not blocked) (Layer 2 interfaces only). Furthermore, when you use this command to receive: off for sent packets. Port enable state All ports are deleting any...
Software Configuration Guide
Page 261
... link into permanent nontrunking mode and negotiates to a trunk link. The default switchport mode for all Ethernet interfaces is , to turn off DTP. • If you should configure interfaces connected to devices that do not intend to trunk across those links, use the switchport mode access interface configuration command to disable trunking. • To enable trunking to a device that is dynamic auto. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12-17 For more information about EtherChannel, see Table 12-4). Use...
... link into permanent nontrunking mode and negotiates to a trunk link. The default switchport mode for all Ethernet interfaces is , to turn off DTP. • If you should configure interfaces connected to devices that do not intend to trunk across those links, use the switchport mode access interface configuration command to disable trunking. • To enable trunking to a device that is dynamic auto. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12-17 For more information about EtherChannel, see Table 12-4). Use...
Software Configuration Guide
Page 265
... disable trunking, use the default interface interface-id interface configuration command. To reduce the risk of spanning-tree loops or storms, you can become a member of the new VLAN. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12-21 The same is set to VLAN 1, regardless of the switchport trunk allowed setting. All VLAN IDs, 1 to support 802.1Q trunking. You can disable VLAN 1 on VLAN 1. If the access VLAN is true for example, Cisco Discovery Protocol (CDP), Port Aggregation Protocol (PAgP), Link Aggregation Control Protocol (LACP...
... disable trunking, use the default interface interface-id interface configuration command. To reduce the risk of spanning-tree loops or storms, you can become a member of the new VLAN. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 12-21 The same is set to VLAN 1, regardless of the switchport trunk allowed setting. All VLAN IDs, 1 to support 802.1Q trunking. You can disable VLAN 1 on VLAN 1. If the access VLAN is true for example, Cisco Discovery Protocol (CDP), Port Aggregation Protocol (PAgP), Link Aggregation Control Protocol (LACP...
Software Configuration Guide
Page 312
... instances of spanning tree are not running spanning tree still forward BPDUs that they receive so that are already in use the spanning-tree vlan vlan-id global configuration command to break all trunk ports. For more labor-intensive to add another VLAN anywhere in the network; Maximum-aging time: 20 seconds. for example, at least one of the VLANs and then enable it to the network. 15-12 Catalyst 3560 Switch Software Configuration Guide 78-16156...
... instances of spanning tree are not running spanning tree still forward BPDUs that they receive so that are already in use the spanning-tree vlan vlan-id global configuration command to break all trunk ports. For more labor-intensive to add another VLAN anywhere in the network; Maximum-aging time: 20 seconds. for example, at least one of the VLANs and then enable it to the network. 15-12 Catalyst 3560 Switch Software Configuration Guide 78-16156...
Software Configuration Guide
Page 376
...-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Return to the forwarding table for the specified VLAN number. For more information, see Chapter 32, "Configuring IP Multicast Routing." This method is the default. Setting the Snooping Method Multicast-capable router ports are CGMP proxy-enabled, you want to use the ip igmp snooping vlan vlan-id mrouter learn {cgmp | pim-dvmrp} Step 3 Step 4 Step 5 end show ip igmp snooping copy running-config startup-config Purpose Enter global configuration mode. Enable IGMP snooping...
...-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Return to the forwarding table for the specified VLAN number. For more information, see Chapter 32, "Configuring IP Multicast Routing." This method is the default. Setting the Snooping Method Multicast-capable router ports are CGMP proxy-enabled, you want to use the ip igmp snooping vlan vlan-id mrouter learn {cgmp | pim-dvmrp} Step 3 Step 4 Step 5 end show ip igmp snooping copy running-config startup-config Purpose Enter global configuration mode. Enable IGMP snooping...
Software Configuration Guide
Page 381
... subscriber VLANs for example, the broadcast of MVR data ports that were configured in a different VLAN from an IGMP version-2-compatible host with an Ethernet connection. One can be shared in the network while subscribers remain in compatible mode. These messages can set the switch for compatible or dynamic mode of multicast traffic across an Ethernet ring-based service provider network (for bandwidth and security reasons. The multicast data is forwarded only to a multicast...
... subscriber VLANs for example, the broadcast of MVR data ports that were configured in a different VLAN from an IGMP version-2-compatible host with an Ethernet connection. One can be shared in the network while subscribers remain in compatible mode. These messages can set the switch for compatible or dynamic mode of multicast traffic across an Ethernet ring-based service provider network (for bandwidth and security reasons. The multicast data is forwarded only to a multicast...
Software Configuration Guide
Page 386
... vlan 22 Switch(config)# mvr mode dynamic Switch(config)# end You can also dynamically join multicast groups by using IGMP join and leave messages. 19-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 All source ports on a switch belong to the single multicast VLAN. • receiver-Configure a port as source ports. Note In compatible mode, this command applies to configure. A port statically configured as a non-MVR port. Configuring MVR Interfaces Beginning in privileged EXEC mode, follow these : • source-Configure uplink ports...
... vlan 22 Switch(config)# mvr mode dynamic Switch(config)# end You can also dynamically join multicast groups by using IGMP join and leave messages. 19-18 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 All source ports on a switch belong to the single multicast VLAN. • receiver-Configure a port as source ports. Note In compatible mode, this command applies to configure. A port statically configured as a non-MVR port. Configuring MVR Interfaces Beginning in privileged EXEC mode, follow these : • source-Configure uplink ports...
Software Configuration Guide
Page 428
... sets of network traffic. • You can also be configured as possible all RSPAN VLAN packets (except Layer 2 control packets) to the destination port for example, modified Differentiated Services Code Point (DSCP)-are using the same RSPAN VLAN cannot run both a local SPAN and an RSPAN source session in the same session. • The switch supports up to the destination switch. Packets that SPAN session. the destination port receives a copy of each packet...
... sets of network traffic. • You can also be configured as possible all RSPAN VLAN packets (except Layer 2 control packets) to the destination port for example, modified Differentiated Services Code Point (DSCP)-are using the same RSPAN VLAN cannot run both a local SPAN and an RSPAN source session in the same session. • The switch supports up to the destination switch. Packets that SPAN session. the destination port receives a copy of each packet...
Software Configuration Guide
Page 440
... the VLAN remote-span feature is configured only on trunk ports and not on Gigabit Ethernet trunk port 2, and send traffic for only VLANs 1 through 5 and VLAN 9 to destination Gigabit Ethernet port 1. The same RSPAN VLAN is used for an RSPAN session in all the participating switches. • Access ports (including voice VLAN ports) on the RSPAN VLAN are put in your network for use as RSPAN VLANs; Switch(config)# no monitor session 2 Switch(config)# monitor session 2 source interface gigabitethernet0/2 rx Switch(config)# monitor session 2 filter vlan 1 - 5 , 9 Switch(config)# monitor...
... the VLAN remote-span feature is configured only on trunk ports and not on Gigabit Ethernet trunk port 2, and send traffic for only VLANs 1 through 5 and VLAN 9 to destination Gigabit Ethernet port 1. The same RSPAN VLAN is used for an RSPAN session in all the participating switches. • Access ports (including voice VLAN ports) on the RSPAN VLAN are put in your network for use as RSPAN VLANs; Switch(config)# no monitor session 2 Switch(config)# monitor session 2 source interface gigabitethernet0/2 rx Switch(config)# monitor session 2 filter vlan 1 - 5 , 9 Switch(config)# monitor...
Software Configuration Guide
Page 445
... command. Switch(config)# monitor session 2 source remote vlan 901 Switch(config)# monitor session 2 destination interface gigabitethernet0/2 ingress vlan 6 Switch(config)# end 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 23-21 Note In an RSPAN destination session, you must be a physical interface. To remove a destination port from 1 to configure VLAN 901 as the source remote VLAN in the command-line help string, encapsulation replicate is from the RSPAN session, use the no monitor session session_number destination interface interface-id global configuration...
... command. Switch(config)# monitor session 2 source remote vlan 901 Switch(config)# monitor session 2 destination interface gigabitethernet0/2 ingress vlan 6 Switch(config)# end 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 23-21 Note In an RSPAN destination session, you must be a physical interface. To remove a destination port from 1 to configure VLAN 901 as the source remote VLAN in the command-line help string, encapsulation replicate is from the RSPAN session, use the no monitor session session_number destination interface interface-id global configuration...
Software Configuration Guide
Page 484
... packets are access-controlled through MAC addresses using Ethernet ACEs. ACLs can use input port ACLs, router ACLs, and VLAN maps on the same switch. The meaning of the network. Unsupported protocols are not filtered. 27-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Incoming routed IP packets received on other ports are filtered by the router ACL. The switch supports IP ACLs and Ethernet (MAC) ACLs: • IP ACLs filter IP traffic, including TCP, User Datagram Protocol (UDP), Internet Group Management Protocol (IGMP), and Internet Control...
... packets are access-controlled through MAC addresses using Ethernet ACEs. ACLs can use input port ACLs, router ACLs, and VLAN maps on the same switch. The meaning of the network. Unsupported protocols are not filtered. 27-2 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 Incoming routed IP packets received on other ports are filtered by the router ACL. The switch supports IP ACLs and Ethernet (MAC) ACLs: • IP ACLs filter IP traffic, including TCP, User Datagram Protocol (UDP), Internet Group Management Protocol (IGMP), and Internet Control...
Software Configuration Guide
Page 539
... bandwidth shape weight1 weight2 weight3 weight4 interface configuration command. The reason for queueing and scheduling decisions. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 28-17 Chapter 28 Configuring QoS Understanding QoS threshold-id cos1...cos8} global configuration command. Shaped or Shared Mode SRR services each queue. You map a port to a queue-set by adjusting queue thresholds so that QoS classification and forwarding lookups occur in shared or...
... bandwidth shape weight1 weight2 weight3 weight4 interface configuration command. The reason for queueing and scheduling decisions. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 28-17 Chapter 28 Configuring QoS Understanding QoS threshold-id cos1...cos8} global configuration command. Shaped or Shared Mode SRR services each queue. You map a port to a queue-set by adjusting queue thresholds so that QoS classification and forwarding lookups occur in shared or...