Software Configuration Guide
Page 1
Catalyst 3560 Switch Software Configuration Guide Cisco IOS Release 12.1(19)EA1 January 2004 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7816156= Text Part Number: 78-16156-01
Catalyst 3560 Switch Software Configuration Guide Cisco IOS Release 12.1(19)EA1 January 2004 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7816156= Text Part Number: 78-16156-01
Software Configuration Guide
Page 2
..., and iQuick Study are registered trademarks of the word partner does not imply a partnership relationship between Cisco and any other trademarks mentioned in the U.S. All other company. (0304R) Catalyst 3560 Switch Software Configuration Guide Copyright © 2004 Cisco Systems, Inc. and/or its affiliates in this document or Web site are trademarks of their respective...
..., and iQuick Study are registered trademarks of the word partner does not imply a partnership relationship between Cisco and any other trademarks mentioned in the U.S. All other company. (0304R) Catalyst 3560 Switch Software Configuration Guide Copyright © 2004 Cisco Systems, Inc. and/or its affiliates in this document or Web site are trademarks of their respective...
Software Configuration Guide
Page 3
... Technical Assistance xxxvi Cisco TAC Website xxxvii Opening a TAC Case xxxvii TAC Case Priority Definitions xxxvii Obtaining Additional Publications and Information xxxviii Overview 1-1 Features 1-1 Default Settings After Initial Switch Configuration 1-9 Network Configuration Examples 1-11 Design Concepts for Using the Switch 1-11 Small to Medium-Sized Network Using Catalyst 3560 Switches 1-13 Large Network Using Catalyst 3560 Switches 1-14 Long...
... Technical Assistance xxxvi Cisco TAC Website xxxvii Opening a TAC Case xxxvii TAC Case Priority Definitions xxxvii Obtaining Additional Publications and Information xxxviii Overview 1-1 Features 1-1 Default Settings After Initial Switch Configuration 1-9 Network Configuration Examples 1-11 Design Concepts for Using the Switch 1-11 Small to Medium-Sized Network Using Catalyst 3560 Switches 1-13 Large Network Using Catalyst 3560 Switches 1-14 Long...
Software Configuration Guide
Page 4
... 3-6 Privilege Levels 3-7 Access to Older Switches In a Cluster 3-7 Configuring CMS 3-8 CMS Requirements 3-8 Minimum Hardware Configuration 3-8 Operating System and Browser Support 3-9 CMS Plug-In Requirements 3-9 Cross-Platform Considerations 3-10 HTTP Access to CMS 3-10 Specifying an HTTP Port (Nondefault Configuration Only) 3-10 Configuring an Authentication Method (Nondefault Configuration Only) 3-10 Catalyst 3560 Switch Software Configuration Guide iv 78-16156-01
... 3-6 Privilege Levels 3-7 Access to Older Switches In a Cluster 3-7 Configuring CMS 3-8 CMS Requirements 3-8 Minimum Hardware Configuration 3-8 Operating System and Browser Support 3-9 CMS Plug-In Requirements 3-9 Cross-Platform Considerations 3-10 HTTP Access to CMS 3-10 Specifying an HTTP Port (Nondefault Configuration Only) 3-10 Configuring an Authentication Method (Nondefault Configuration Only) 3-10 Catalyst 3560 Switch Software Configuration Guide iv 78-16156-01
Software Configuration Guide
Page 5
... Configuration 4-11 Default Boot Configuration 4-12 Automatically Downloading a Configuration File 4-12 Specifying the Filename to Read and Write the System Configuration 4-12 Booting Manually 4-13 Booting a Specific Software Image 4-13 Controlling Environment Variables 4-14 Scheduling a Reload of the Software Image 4-16 Configuring a Scheduled Reload 4-16 Displaying Scheduled Reload Information 4-17 78-16156-01 Catalyst 3560 Switch Software Configuration...
... Configuration 4-11 Default Boot Configuration 4-12 Automatically Downloading a Configuration File 4-12 Specifying the Filename to Read and Write the System Configuration 4-12 Booting Manually 4-13 Booting a Specific Software Image 4-13 Controlling Environment Variables 4-14 Scheduling a Reload of the Software Image 4-16 Configuring a Scheduled Reload 4-16 Displaying Scheduled Reload Information 4-17 78-16156-01 Catalyst 3560 Switch Software Configuration...
Software Configuration Guide
Page 6
... Availability of Switch-Specific Features in Switch Clusters 5-15 Creating a Switch Cluster 5-16 Enabling a Cluster Command Switch 5-16 Adding Cluster Member Switches 5-17 Creating a Cluster Standby Group 5-19 Verifying a Switch Cluster 5-20 Using the CLI to Manage Switch Clusters 5-21 Catalyst 1900 and Catalyst 2820 CLI Considerations 5-22 Using SNMP to Manage Switch Clusters 5-22 Catalyst 3560 Switch Software Configuration Guide vi 78...
... Availability of Switch-Specific Features in Switch Clusters 5-15 Creating a Switch Cluster 5-16 Enabling a Cluster Command Switch 5-16 Adding Cluster Member Switches 5-17 Creating a Cluster Standby Group 5-19 Verifying a Switch Cluster 5-20 Using the CLI to Manage Switch Clusters 5-21 Catalyst 1900 and Catalyst 2820 CLI Considerations 5-22 Using SNMP to Manage Switch Clusters 5-22 Catalyst 3560 Switch Software Configuration Guide vi 78...
Software Configuration Guide
Page 7
... Banner 6-19 Configuring a Login Banner 6-20 Managing the MAC Address Table 6-21 Building the Address Table 6-21 MAC Addresses and VLANs 6-22 Default MAC Address Table Configuration 6-22 Changing the Address Aging Time 6-22 Removing Dynamic Address Entries 6-23 Configuring MAC Address Notification Traps 6-23 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide vii
... Banner 6-19 Configuring a Login Banner 6-20 Managing the MAC Address Table 6-21 Building the Address Table 6-21 MAC Addresses and VLANs 6-22 Default MAC Address Table Configuration 6-22 Changing the Address Aging Time 6-22 Removing Dynamic Address Entries 6-23 Configuring MAC Address Notification Traps 6-23 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide vii
Software Configuration Guide
Page 8
... TACACS+ 8-10 TACACS+ Operation 8-12 Configuring TACACS+ 8-13 Default TACACS+ Configuration 8-13 Identifying the TACACS+ Server Host and Setting the Authentication Key 8-13 Configuring TACACS+ Login Authentication 8-14 Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 8-16 Starting TACACS+ Accounting 8-17 Displaying the TACACS+ Configuration 8-17 Catalyst 3560 Switch Software Configuration Guide viii 78-16156-01
... TACACS+ 8-10 TACACS+ Operation 8-12 Configuring TACACS+ 8-13 Default TACACS+ Configuration 8-13 Identifying the TACACS+ Server Host and Setting the Authentication Key 8-13 Configuring TACACS+ Login Authentication 8-14 Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 8-16 Starting TACACS+ Accounting 8-17 Displaying the TACACS+ Configuration 8-17 Catalyst 3560 Switch Software Configuration Guide viii 78-16156-01
Software Configuration Guide
Page 9
... the Switch to Run SSH 8-39 Configuring the SSH Server 8-40 Displaying the SSH Configuration and Status 8-41 Configuring 802.1X Port-Based Authentication 9-1 Understanding 802.1X Port-Based Authentication 9-1 Device Roles 9-2 Authentication Initiation and Message Exchange 9-3 Ports in Authorized and Unauthorized States 9-4 Supported Topologies 9-4 Using 802.1X with Port Security 9-5 Catalyst 3560 Switch Software Configuration Guide...
... the Switch to Run SSH 8-39 Configuring the SSH Server 8-40 Displaying the SSH Configuration and Status 8-41 Configuring 802.1X Port-Based Authentication 9-1 Understanding 802.1X Port-Based Authentication 9-1 Device Roles 9-2 Authentication Initiation and Message Exchange 9-3 Ports in Authorized and Unauthorized States 9-4 Supported Topologies 9-4 Using 802.1X with Port Security 9-5 Catalyst 3560 Switch Software Configuration Guide...
Software Configuration Guide
Page 10
...-5 Using Interface Configuration Mode 10-6 Procedures for Configuring Interfaces 10-7 Configuring a Range of Interfaces 10-8 Configuring and Using Interface Range Macros 10-9 Configuring Ethernet Interfaces 10-11 Default Ethernet Interface Configuration 10-11 Configuring Interface Speed and Duplex Mode 10-12 Configuration Guidelines 10-13 Setting the Interface Speed and Duplex Parameters 10-13 Catalyst 3560 Switch Software Configuration Guide x 78...
...-5 Using Interface Configuration Mode 10-6 Procedures for Configuring Interfaces 10-7 Configuring a Range of Interfaces 10-8 Configuring and Using Interface Range Macros 10-9 Configuring Ethernet Interfaces 10-11 Default Ethernet Interface Configuration 10-11 Configuring Interface Speed and Duplex Mode 10-12 Configuration Guidelines 10-13 Setting the Interface Speed and Duplex Parameters 10-13 Catalyst 3560 Switch Software Configuration Guide x 78...
Software Configuration Guide
Page 11
... Configuration Guidelines 12-6 VLAN Configuration Mode Options 12-6 VLAN Configuration in config-vlan Mode 12-7 VLAN Configuration in VLAN Database Configuration Mode 12-7 Saving VLAN Configuration 12-7 Default Ethernet VLAN Configuration 12-8 Creating or Modifying an Ethernet VLAN 12-8 Deleting a VLAN 12-10 Assigning Static-Access Ports to a VLAN 12-11 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration...
... Configuration Guidelines 12-6 VLAN Configuration Mode Options 12-6 VLAN Configuration in config-vlan Mode 12-7 VLAN Configuration in VLAN Database Configuration Mode 12-7 Saving VLAN Configuration 12-7 Default Ethernet VLAN Configuration 12-8 Creating or Modifying an Ethernet VLAN 12-8 Deleting a VLAN 12-10 Assigning Static-Access Ports to a VLAN 12-11 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration...
Software Configuration Guide
Page 12
...27 Dynamic-Access Port VLAN Membership 12-28 Default VMPS Client Configuration 12-29 VMPS Configuration Guidelines 12-29 Configuring the VMPS Client 12-29 Entering the IP Address of the VMPS 12-30 Configuring Dynamic-Access Ports on VMPS Clients 12-30 Reconfirming VLAN ...Memberships 12-31 Changing the Reconfirmation Interval 12-31 Changing the Retry Count 12-32 Monitoring the VMPS 12-32 Troubleshooting Dynamic-Access Port VLAN Membership 12-33 VMPS Configuration Example 12-33 Catalyst 3560 Switch Software Configuration...
...27 Dynamic-Access Port VLAN Membership 12-28 Default VMPS Client Configuration 12-29 VMPS Configuration Guidelines 12-29 Configuring the VMPS Client 12-29 Entering the IP Address of the VMPS 12-30 Configuring Dynamic-Access Ports on VMPS Clients 12-30 Reconfirming VLAN ...Memberships 12-31 Changing the Reconfirmation Interval 12-31 Changing the Retry Count 12-32 Monitoring the VMPS 12-32 Troubleshooting Dynamic-Access Port VLAN Membership 12-33 VMPS Configuration Example 12-33 Catalyst 3560 Switch Software Configuration...
Software Configuration Guide
Page 14
... Priority 15-17 Configuring Path Cost 15-18 Configuring the Switch Priority of a VLAN 15-19 Configuring Spanning-Tree Timers 15-20 Configuring the Hello Time 15-20 Configuring the Forwarding-Delay Time for a VLAN 15-21 Configuring the Maximum-Aging Time for a VLAN 15-21 Displaying the Spanning-Tree Status 15-22 Catalyst 3560 Switch Software Configuration Guide xiv...
... Priority 15-17 Configuring Path Cost 15-18 Configuring the Switch Priority of a VLAN 15-19 Configuring Spanning-Tree Timers 15-20 Configuring the Hello Time 15-20 Configuring the Forwarding-Delay Time for a VLAN 15-21 Configuring the Maximum-Aging Time for a VLAN 15-21 Displaying the Spanning-Tree Status 15-22 Catalyst 3560 Switch Software Configuration Guide xiv...
Software Configuration Guide
Page 15
... the Link Type to Ensure Rapid Transitions 16-22 Restarting the Protocol Migration Process 16-22 Displaying the MST Configuration and Status 16-23 Configuring Optional Spanning-Tree Features 17-1 Understanding Optional Spanning-Tree Features 17-1 Understanding Port Fast 17-2 Understanding BPDU Guard 17-3 Understanding BPDU Filtering 17-3 Catalyst 3560 Switch Software Configuration Guide xv
... the Link Type to Ensure Rapid Transitions 16-22 Restarting the Protocol Migration Process 16-22 Displaying the MST Configuration and Status 16-23 Configuring Optional Spanning-Tree Features 17-1 Understanding Optional Spanning-Tree Features 17-1 Understanding Port Fast 17-2 Understanding BPDU Guard 17-3 Understanding BPDU Filtering 17-3 Catalyst 3560 Switch Software Configuration Guide xv
Software Configuration Guide
Page 16
...Understanding BackboneFast 17-5 Understanding Root Guard 17-7 Understanding Loop Guard 17-8 Configuring Optional Spanning-Tree Features 17-9 Default Optional Spanning-Tree Configuration 17-9 Optional Spanning-Tree Configuration Guidelines 17-9 Enabling Port Fast 17-10 Enabling BPDU Guard 17-...-3 Leaving a Multicast Group 19-5 Immediate-Leave Processing 19-6 IGMP Report Suppression 19-6 Configuring IGMP Snooping 19-6 Default IGMP Snooping Configuration 19-7 Enabling or Disabling IGMP Snooping 19-7 Setting the Snooping Method 19-8 Catalyst 3560 Switch Software Configuration Guide xvi 78-16156-01
...Understanding BackboneFast 17-5 Understanding Root Guard 17-7 Understanding Loop Guard 17-8 Configuring Optional Spanning-Tree Features 17-9 Default Optional Spanning-Tree Configuration 17-9 Optional Spanning-Tree Configuration Guidelines 17-9 Enabling Port Fast 17-10 Enabling BPDU Guard 17-...-3 Leaving a Multicast Group 19-5 Immediate-Leave Processing 19-6 IGMP Report Suppression 19-6 Configuring IGMP Snooping 19-6 Default IGMP Snooping Configuration 19-7 Enabling or Disabling IGMP Snooping 19-7 Setting the Snooping Method 19-8 Catalyst 3560 Switch Software Configuration Guide xvi 78-16156-01
Software Configuration Guide
Page 17
...-3 Configuring Protected Ports 20-5 Default Protected Port Configuration 20-5 Protected Port Configuration Guidelines 20-5 Configuring a Protected Port 20-5 Configuring Port Blocking 20-6 Default Port Blocking Configuration 20-6 Blocking Flooded Traffic on an Interface 20-6 Configuring Port Security 20-7 Understanding Port Security 20-7 Secure MAC Addresses 20-8 Security Violations 20-9 Default Port Security Configuration 20-10 Catalyst 3560 Switch Software Configuration Guide...
...-3 Configuring Protected Ports 20-5 Default Protected Port Configuration 20-5 Protected Port Configuration Guidelines 20-5 Configuring a Protected Port 20-5 Configuring Port Blocking 20-6 Default Port Blocking Configuration 20-6 Blocking Flooded Traffic on an Interface 20-6 Configuring Port Security 20-7 Understanding Port Security 20-7 Secure MAC Addresses 20-8 Security Violations 20-9 Default Port Security Configuration 20-10 Catalyst 3560 Switch Software Configuration Guide...
Software Configuration Guide
Page 18
...CDP on an Interface 21-4 Monitoring and Maintaining CDP 21-5 Configuring UDLD 22-1 Understanding UDLD 22-1 Modes of Operation 22-1 Methods to Detect Unidirectional Links 22-2 Configuring UDLD 22-4 Default UDLD Configuration 22-4 Configuration Guidelines 22-4 Enabling UDLD Globally 22-5 Enabling UDLD on an... Configuring SPAN and RSPAN 23-1 Understanding SPAN and RSPAN 23-1 Local SPAN 23-2 Remote SPAN 23-2 SPAN and RSPAN Concepts and Terminology 23-3 SPAN Sessions 23-3 Monitored Traffic 23-4 Source Ports 23-5 Source VLANs 23-6 VLAN Filtering 23-6 xviii Catalyst 3560 Switch Software Configuration...
...CDP on an Interface 21-4 Monitoring and Maintaining CDP 21-5 Configuring UDLD 22-1 Understanding UDLD 22-1 Modes of Operation 22-1 Methods to Detect Unidirectional Links 22-2 Configuring UDLD 22-4 Default UDLD Configuration 22-4 Configuration Guidelines 22-4 Enabling UDLD Globally 22-5 Enabling UDLD on an... Configuring SPAN and RSPAN 23-1 Understanding SPAN and RSPAN 23-1 Local SPAN 23-2 Remote SPAN 23-2 SPAN and RSPAN Concepts and Terminology 23-3 SPAN Sessions 23-3 Monitored Traffic 23-4 Source Ports 23-5 Source VLANs 23-6 VLAN Filtering 23-6 xviii Catalyst 3560 Switch Software Configuration...
Software Configuration Guide
Page 19
...Specifying VLANs to Filter 23-22 Displaying SPAN and RSPAN Status 23-23 Configuring RMON 24-1 Understanding RMON 24-1 Configuring RMON 24-2 Default RMON Configuration 24-3 Configuring RMON Alarms and Events 24-3 Collecting Group History Statistics on an Interface ...Configuration 25-3 Disabling Message Logging 25-4 Setting the Message Display Destination Device 25-4 Synchronizing Log Messages 25-5 Enabling and Disabling Time Stamps on Log Messages 25-7 Enabling and Disabling Sequence Numbers in Log Messages 25-7 Defining the Message Severity Level 25-8 Catalyst 3560 Switch Software Configuration...
...Specifying VLANs to Filter 23-22 Displaying SPAN and RSPAN Status 23-23 Configuring RMON 24-1 Understanding RMON 24-1 Configuring RMON 24-2 Default RMON Configuration 24-3 Configuring RMON Alarms and Events 24-3 Collecting Group History Statistics on an Interface ...Configuration 25-3 Disabling Message Logging 25-4 Setting the Message Display Destination Device 25-4 Synchronizing Log Messages 25-5 Enabling and Disabling Time Stamps on Log Messages 25-7 Enabling and Disabling Sequence Numbers in Log Messages 25-7 Defining the Message Severity Level 25-8 Catalyst 3560 Switch Software Configuration...
Software Configuration Guide
Page 20
...Configuring UNIX Syslog Servers 25-10 Logging Messages to a UNIX Syslog Daemon 25-10 Configuring the UNIX System Logging Facility 25-11 Displaying the Logging Configuration 25-12 26 C H A P T E R Configuring...Configuring SNMP 26-6 Default SNMP Configuration 26-7 SNMP Configuration Guidelines 26-7 Disabling the SNMP Agent 26-8 Configuring Community Strings 26-8 Configuring SNMP Groups and Users 26-9 Configuring... 27 C H A P T E R Configuring Network Security with ACLs 27-1 Understanding ACLs 27... Handling Fragmented and Unfragmented Traffic 27-5 Configuring IP ACLs 27-6 Creating Standard and ...
...Configuring UNIX Syslog Servers 25-10 Logging Messages to a UNIX Syslog Daemon 25-10 Configuring the UNIX System Logging Facility 25-11 Displaying the Logging Configuration 25-12 26 C H A P T E R Configuring...Configuring SNMP 26-6 Default SNMP Configuration 26-7 SNMP Configuration Guidelines 26-7 Disabling the SNMP Agent 26-8 Configuring Community Strings 26-8 Configuring SNMP Groups and Users 26-9 Configuring... 27 C H A P T E R Configuring Network Security with ACLs 27-1 Understanding ACLs 27... Handling Fragmented and Unfragmented Traffic 27-5 Configuring IP ACLs 27-6 Creating Standard and ...
Software Configuration Guide
Page 21
...ACLs and VLAN Maps Applied to VLANs 27-37 ACLs and Switched Packets 27-37 ACLs and Bridged Packets 27-38 ACLs and Routed Packets 27-38 ACLs and Multicast Packets 27-39 Displaying ACL Configuration 27-40 Configuring QoS 28-1 Understanding QoS 28-1 Basic QoS Model 28-3 ...Classification 28-4 Classification Based on QoS ACLs 28-7 Classification Based on Class Maps and Policy Maps 28-7 Policing and Marking 28-8 Catalyst 3560 Switch Software Configuration Guide xxi
...ACLs and VLAN Maps Applied to VLANs 27-37 ACLs and Switched Packets 27-37 ACLs and Bridged Packets 27-38 ACLs and Routed Packets 27-38 ACLs and Multicast Packets 27-39 Displaying ACL Configuration 27-40 Configuring QoS 28-1 Understanding QoS 28-1 Basic QoS Model 28-3 ...Classification 28-4 Classification Based on QoS ACLs 28-7 Classification Based on Class Maps and Policy Maps 28-7 Policing and Marking 28-8 Catalyst 3560 Switch Software Configuration Guide xxi