Software Configuration Guide
Page 1
Catalyst 3560 Switch Software Configuration Guide Cisco IOS Release 12.1(19)EA1 January 2004 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7816156= Text Part Number: 78-16156-01
Catalyst 3560 Switch Software Configuration Guide Cisco IOS Release 12.1(19)EA1 January 2004 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7816156= Text Part Number: 78-16156-01
Software Configuration Guide
Page 2
...or Web site are registered trademarks of their respective owners. and certain other company. (0304R) Catalyst 3560 Switch Software Configuration Guide Copyright © 2004 Cisco Systems, Inc. All other trademarks mentioned in the U.S. Copyright © 1981, Regents of ... POSSIBILITY OF SUCH DAMAGES. and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel...
...or Web site are registered trademarks of their respective owners. and certain other company. (0304R) Catalyst 3560 Switch Software Configuration Guide Copyright © 2004 Cisco Systems, Inc. All other trademarks mentioned in the U.S. Copyright © 1981, Regents of ... POSSIBILITY OF SUCH DAMAGES. and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel...
Software Configuration Guide
Page 3
... Assistance xxxvi Cisco TAC Website xxxvii Opening a TAC Case xxxvii TAC Case Priority Definitions xxxvii Obtaining Additional Publications and Information xxxviii Overview 1-1 Features 1-1 Default Settings After Initial Switch Configuration 1-9 Network Configuration Examples 1-11 Design Concepts for Using the Switch 1-11 Small to Medium-Sized Network Using Catalyst 3560 Switches 1-13 Large Network Using Catalyst 3560 Switches 1-14...
... Assistance xxxvi Cisco TAC Website xxxvii Opening a TAC Case xxxvii TAC Case Priority Definitions xxxvii Obtaining Additional Publications and Information xxxviii Overview 1-1 Features 1-1 Default Settings After Initial Switch Configuration 1-9 Network Configuration Examples 1-11 Design Concepts for Using the Switch 1-11 Small to Medium-Sized Network Using Catalyst 3560 Switches 1-13 Large Network Using Catalyst 3560 Switches 1-14...
Software Configuration Guide
Page 4
... 3-2 CMS Menu Bar, Toolbar, and Feature Bar 3-2 Online Help 3-5 Configuration Modes 3-5 Guide Mode 3-5 Expert Mode 3-6 Wizards 3-6 Privilege Levels 3-7 Access to Older Switches In a Cluster 3-7 Configuring CMS 3-8 CMS Requirements 3-8 Minimum Hardware Configuration 3-8 Operating System and Browser Support 3-9 CMS Plug-In Requirements 3-9 Cross-Platform Considerations 3-10 HTTP... Access to CMS 3-10 Specifying an HTTP Port (Nondefault Configuration Only) 3-10 Configuring an Authentication Method (Nondefault Configuration Only) 3-10 Catalyst 3560 Switch Software Configuration Guide iv 78-16156-01
... 3-2 CMS Menu Bar, Toolbar, and Feature Bar 3-2 Online Help 3-5 Configuration Modes 3-5 Guide Mode 3-5 Expert Mode 3-6 Wizards 3-6 Privilege Levels 3-7 Access to Older Switches In a Cluster 3-7 Configuring CMS 3-8 CMS Requirements 3-8 Minimum Hardware Configuration 3-8 Operating System and Browser Support 3-9 CMS Plug-In Requirements 3-9 Cross-Platform Considerations 3-10 HTTP... Access to CMS 3-10 Specifying an HTTP Port (Nondefault Configuration Only) 3-10 Configuring an Authentication Method (Nondefault Configuration Only) 3-10 Catalyst 3560 Switch Software Configuration Guide iv 78-16156-01
Software Configuration Guide
Page 5
...3-11 Front Panel View 3-14 Topology View 3-15 CMS Icons 3-16 Where to Go Next 3-16 Assigning the Switch IP Address and Default Gateway 4-1 Understanding the Boot Process 4-1 Assigning Switch Information 4-2 Default Switch Information 4-3 Understanding DHCP-Based Autoconfiguration 4-3 DHCP Client Request Process 4-4 Configuring DHCP-Based Autoconfiguration 4-4 Configuring the DHCP Server... Variables 4-14 Scheduling a Reload of the Software Image 4-16 Configuring a Scheduled Reload 4-16 Displaying Scheduled Reload Information 4-17 78-16156-01 Catalyst 3560 Switch Software Configuration Guide v
...3-11 Front Panel View 3-14 Topology View 3-15 CMS Icons 3-16 Where to Go Next 3-16 Assigning the Switch IP Address and Default Gateway 4-1 Understanding the Boot Process 4-1 Assigning Switch Information 4-2 Default Switch Information 4-3 Understanding DHCP-Based Autoconfiguration 4-3 DHCP Client Request Process 4-4 Configuring DHCP-Based Autoconfiguration 4-4 Configuring the DHCP Server... Variables 4-14 Scheduling a Reload of the Software Image 4-16 Configuring a Scheduled Reload 4-16 Displaying Scheduled Reload Information 4-17 78-16156-01 Catalyst 3560 Switch Software Configuration Guide v
Software Configuration Guide
Page 6
... VLANs 5-7 Discovery Through Routed Ports 5-8 Discovery of Newly Installed Switches 5-9 HSRP and Standby Cluster Command Switches 5-10 Virtual IP Addresses 5-11 Other Considerations for Cluster Standby Groups...Switch-Specific Features in Switch Clusters 5-15 Creating a Switch Cluster 5-16 Enabling a Cluster Command Switch 5-16 Adding Cluster Member Switches 5-17 Creating a Cluster Standby Group 5-19 Verifying a Switch Cluster 5-20 Using the CLI to Manage Switch Clusters 5-21 Catalyst 1900 and Catalyst 2820 CLI Considerations 5-22 Using SNMP to Manage Switch Clusters 5-22 Catalyst 3560 Switch...
... VLANs 5-7 Discovery Through Routed Ports 5-8 Discovery of Newly Installed Switches 5-9 HSRP and Standby Cluster Command Switches 5-10 Virtual IP Addresses 5-11 Other Considerations for Cluster Standby Groups...Switch-Specific Features in Switch Clusters 5-15 Creating a Switch Cluster 5-16 Enabling a Cluster Command Switch 5-16 Adding Cluster Member Switches 5-17 Creating a Cluster Standby Group 5-19 Verifying a Switch Cluster 5-20 Using the CLI to Manage Switch Clusters 5-21 Catalyst 1900 and Catalyst 2820 CLI Considerations 5-22 Using SNMP to Manage Switch Clusters 5-22 Catalyst 3560 Switch...
Software Configuration Guide
Page 7
6 C H A P T E R Administering the Switch 6-1 Managing the System Time and Date 6-1 Understanding the System Clock 6-2 Understanding Network Time Protocol 6-2 Configuring NTP 6-4 Default NTP Configuration 6-4 Configuring NTP Authentication 6-5 Configuring NTP Associations 6-6 ... Address Table Configuration 6-22 Changing the Address Aging Time 6-22 Removing Dynamic Address Entries 6-23 Configuring MAC Address Notification Traps 6-23 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide vii
6 C H A P T E R Administering the Switch 6-1 Managing the System Time and Date 6-1 Understanding the System Clock 6-2 Understanding Network Time Protocol 6-2 Configuring NTP 6-4 Default NTP Configuration 6-4 Configuring NTP Authentication 6-5 Configuring NTP Associations 6-6 ... Address Table Configuration 6-22 Changing the Address Aging Time 6-22 Removing Dynamic Address Entries 6-23 Configuring MAC Address Notification Traps 6-23 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide vii
Software Configuration Guide
Page 8
... Privilege Levels 8-8 Setting the Privilege Level for a Command 8-8 Changing the Default Privilege Level for Lines 8-9 Logging into and Exiting a Privilege Level 8-10 Controlling Switch Access with TACACS+ 8-10 Understanding TACACS+ 8-10 TACACS+ Operation 8-12 Configuring TACACS+ 8-13 Default TACACS+ Configuration 8-13 Identifying the TACACS+ Server Host and ... 8-14 Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 8-16 Starting TACACS+ Accounting 8-17 Displaying the TACACS+ Configuration 8-17 Catalyst 3560 Switch Software Configuration Guide viii 78-16156-01
... Privilege Levels 8-8 Setting the Privilege Level for a Command 8-8 Changing the Default Privilege Level for Lines 8-9 Logging into and Exiting a Privilege Level 8-10 Controlling Switch Access with TACACS+ 8-10 Understanding TACACS+ 8-10 TACACS+ Operation 8-12 Configuring TACACS+ 8-13 Default TACACS+ Configuration 8-13 Identifying the TACACS+ Server Host and ... 8-14 Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 8-16 Starting TACACS+ Accounting 8-17 Displaying the TACACS+ Configuration 8-17 Catalyst 3560 Switch Software Configuration Guide viii 78-16156-01
Software Configuration Guide
Page 9
...8-37 Understanding SSH 8-38 SSH Servers, Integrated Clients, and Supported Versions 8-38 Limitations 8-38 Configuring SSH 8-39 Configuration Guidelines 8-39 Setting Up the Switch to Run SSH 8-39 Configuring the SSH Server 8-40 Displaying the SSH Configuration and Status 8-41 Configuring 802.1X Port-Based Authentication 9-1 Understanding 802.1X...-Based Authentication 9-1 Device Roles 9-2 Authentication Initiation and Message Exchange 9-3 Ports in Authorized and Unauthorized States 9-4 Supported Topologies 9-4 Using 802.1X with Port Security 9-5 Catalyst 3560 Switch Software Configuration Guide ix
...8-37 Understanding SSH 8-38 SSH Servers, Integrated Clients, and Supported Versions 8-38 Limitations 8-38 Configuring SSH 8-39 Configuration Guidelines 8-39 Setting Up the Switch to Run SSH 8-39 Configuring the SSH Server 8-40 Displaying the SSH Configuration and Status 8-41 Configuring 802.1X Port-Based Authentication 9-1 Understanding 802.1X...-Based Authentication 9-1 Device Roles 9-2 Authentication Initiation and Message Exchange 9-3 Ports in Authorized and Unauthorized States 9-4 Supported Topologies 9-4 Using 802.1X with Port Security 9-5 Catalyst 3560 Switch Software Configuration Guide ix
Software Configuration Guide
Page 10
...with Per-User ACLs 9-8 Configuring 802.1X Authentication 9-9 Default 802.1X Configuration 9-10 802.1X Configuration Guidelines 9-11 Configuring 802.1X Authentication 9-11 Configuring the Switch-to-RADIUS-Server Communication 9-13 Configuring Periodic Re-Authentication 9-14 Manually Re-Authenticating a Client Connected to a Port 9-14 Changing the Quiet Period 9-15 Changing ... Configuration 10-11 Configuring Interface Speed and Duplex Mode 10-12 Configuration Guidelines 10-13 Setting the Interface Speed and Duplex Parameters 10-13 Catalyst 3560 Switch Software Configuration Guide x 78-16156-01
...with Per-User ACLs 9-8 Configuring 802.1X Authentication 9-9 Default 802.1X Configuration 9-10 802.1X Configuration Guidelines 9-11 Configuring 802.1X Authentication 9-11 Configuring the Switch-to-RADIUS-Server Communication 9-13 Configuring Periodic Re-Authentication 9-14 Manually Re-Authenticating a Client Connected to a Port 9-14 Changing the Quiet Period 9-15 Changing ... Configuration 10-11 Configuring Interface Speed and Duplex Mode 10-12 Configuration Guidelines 10-13 Setting the Interface Speed and Duplex Parameters 10-13 Catalyst 3560 Switch Software Configuration Guide x 78-16156-01
Software Configuration Guide
Page 11
... Configuration 12-8 Creating or Modifying an Ethernet VLAN 12-8 Deleting a VLAN 12-10 Assigning Static-Access Ports to a VLAN 12-11 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xi
... Configuration 12-8 Creating or Modifying an Ethernet VLAN 12-8 Deleting a VLAN 12-10 Assigning Static-Access Ports to a VLAN 12-11 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xi
Software Configuration Guide
Page 12
...-31 Changing the Retry Count 12-32 Monitoring the VMPS 12-32 Troubleshooting Dynamic-Access Port VLAN Membership 12-33 VMPS Configuration Example 12-33 Catalyst 3560 Switch Software Configuration Guide xii 78-16156-01
...-31 Changing the Retry Count 12-32 Monitoring the VMPS 12-32 Troubleshooting Dynamic-Access Port VLAN Membership 12-33 VMPS Configuration Example 12-33 Catalyst 3560 Switch Software Configuration Guide xii 78-16156-01
Software Configuration Guide
Page 14
...Interface States 15-4 Blocking State 15-6 Listening State 15-6 Learning State 15-6 Forwarding State 15-6 Disabled State 15-7 How a Switch or Port Becomes the Root Switch or Root Port 15-7 Spanning Tree and Redundant Connectivity 15-8 Spanning-Tree Address Management 15-8 Accelerated Aging to Retain Connectivity 15-8...the Switch Priority of a VLAN 15-19 Configuring Spanning-Tree Timers 15-20 Configuring the Hello Time 15-20 Configuring the Forwarding-Delay Time for a VLAN 15-21 Configuring the Maximum-Aging Time for a VLAN 15-21 Displaying the Spanning-Tree Status 15-22 Catalyst 3560 Switch ...
...Interface States 15-4 Blocking State 15-6 Listening State 15-6 Learning State 15-6 Forwarding State 15-6 Disabled State 15-7 How a Switch or Port Becomes the Root Switch or Root Port 15-7 Spanning Tree and Redundant Connectivity 15-8 Spanning-Tree Address Management 15-8 Accelerated Aging to Retain Connectivity 15-8...the Switch Priority of a VLAN 15-19 Configuring Spanning-Tree Timers 15-20 Configuring the Hello Time 15-20 Configuring the Forwarding-Delay Time for a VLAN 15-21 Configuring the Maximum-Aging Time for a VLAN 15-21 Displaying the Spanning-Tree Status 15-22 Catalyst 3560 Switch ...
Software Configuration Guide
Page 15
... Guidelines 16-12 Specifying the MST Region Configuration and Enabling MSTP 16-13 Configuring the Root Switch 16-14 Configuring a Secondary Root Switch 16-16 Configuring Port Priority 16-17 Configuring Path Cost 16-18 Configuring the Switch Priority 16-19 Configuring the Hello Time 16-19 Configuring the Forwarding-Delay Time 16...-23 Configuring Optional Spanning-Tree Features 17-1 Understanding Optional Spanning-Tree Features 17-1 Understanding Port Fast 17-2 Understanding BPDU Guard 17-3 Understanding BPDU Filtering 17-3 Catalyst 3560 Switch Software Configuration Guide xv
... Guidelines 16-12 Specifying the MST Region Configuration and Enabling MSTP 16-13 Configuring the Root Switch 16-14 Configuring a Secondary Root Switch 16-16 Configuring Port Priority 16-17 Configuring Path Cost 16-18 Configuring the Switch Priority 16-19 Configuring the Hello Time 16-19 Configuring the Forwarding-Delay Time 16...-23 Configuring Optional Spanning-Tree Features 17-1 Understanding Optional Spanning-Tree Features 17-1 Understanding Port Fast 17-2 Understanding BPDU Guard 17-3 Understanding BPDU Filtering 17-3 Catalyst 3560 Switch Software Configuration Guide xv
Software Configuration Guide
Page 16
... 19-6 IGMP Report Suppression 19-6 Configuring IGMP Snooping 19-6 Default IGMP Snooping Configuration 19-7 Enabling or Disabling IGMP Snooping 19-7 Setting the Snooping Method 19-8 Catalyst 3560 Switch Software Configuration Guide xvi 78-16156-01
... 19-6 IGMP Report Suppression 19-6 Configuring IGMP Snooping 19-6 Default IGMP Snooping Configuration 19-7 Enabling or Disabling IGMP Snooping 19-7 Setting the Snooping Method 19-8 Catalyst 3560 Switch Software Configuration Guide xvi 78-16156-01
Software Configuration Guide
Page 17
... on an Interface 20-6 Configuring Port Security 20-7 Understanding Port Security 20-7 Secure MAC Addresses 20-8 Security Violations 20-9 Default Port Security Configuration 20-10 Catalyst 3560 Switch Software Configuration Guide xvii
... on an Interface 20-6 Configuring Port Security 20-7 Understanding Port Security 20-7 Secure MAC Addresses 20-8 Security Violations 20-9 Default Port Security Configuration 20-10 Catalyst 3560 Switch Software Configuration Guide xvii
Software Configuration Guide
Page 18
... SPAN 23-2 SPAN and RSPAN Concepts and Terminology 23-3 SPAN Sessions 23-3 Monitored Traffic 23-4 Source Ports 23-5 Source VLANs 23-6 VLAN Filtering 23-6 xviii Catalyst 3560 Switch Software Configuration Guide 78-16156-01
... SPAN 23-2 SPAN and RSPAN Concepts and Terminology 23-3 SPAN Sessions 23-3 Monitored Traffic 23-4 Source Ports 23-5 Source VLANs 23-6 VLAN Filtering 23-6 xviii Catalyst 3560 Switch Software Configuration Guide 78-16156-01
Software Configuration Guide
Page 19
... 25-5 Enabling and Disabling Time Stamps on Log Messages 25-7 Enabling and Disabling Sequence Numbers in Log Messages 25-7 Defining the Message Severity Level 25-8 Catalyst 3560 Switch Software Configuration Guide xix
... 25-5 Enabling and Disabling Time Stamps on Log Messages 25-7 Enabling and Disabling Sequence Numbers in Log Messages 25-7 Defining the Message Severity Level 25-8 Catalyst 3560 Switch Software Configuration Guide xix
Software Configuration Guide
Page 20
... IP ACLs 27-6 Creating Standard and Extended IP ACLs 27-7 Access List Numbers 27-7 Creating a Numbered Standard ACL 27-8 Creating a Numbered Extended ACL 27-10 Catalyst 3560 Switch Software Configuration Guide xx 78-16156-01
... IP ACLs 27-6 Creating Standard and Extended IP ACLs 27-7 Access List Numbers 27-7 Creating a Numbered Standard ACL 27-8 Creating a Numbered Extended ACL 27-10 Catalyst 3560 Switch Software Configuration Guide xx 78-16156-01
Software Configuration Guide
Page 21
... Using VLAN Maps with Router ACLs 27-36 Guidelines 27-36 Examples of Router ACLs and VLAN Maps Applied to VLANs 27-37 ACLs and Switched Packets 27-37 ACLs and Bridged Packets 27-38 ACLs and Routed Packets 27-38 ACLs and Multicast Packets 27-39 Displaying ACL Configuration 27...-1 Basic QoS Model 28-3 Classification 28-4 Classification Based on QoS ACLs 28-7 Classification Based on Class Maps and Policy Maps 28-7 Policing and Marking 28-8 Catalyst 3560 Switch Software Configuration Guide xxi
... Using VLAN Maps with Router ACLs 27-36 Guidelines 27-36 Examples of Router ACLs and VLAN Maps Applied to VLANs 27-37 ACLs and Switched Packets 27-37 ACLs and Bridged Packets 27-38 ACLs and Routed Packets 27-38 ACLs and Multicast Packets 27-39 Displaying ACL Configuration 27...-1 Basic QoS Model 28-3 Classification 28-4 Classification Based on QoS ACLs 28-7 Classification Based on Class Maps and Policy Maps 28-7 Policing and Marking 28-8 Catalyst 3560 Switch Software Configuration Guide xxi