Software Configuration Guide
Page 1
Catalyst 3560 Switch Software Configuration Guide Cisco IOS Release 12.1(19)EA1 January 2004 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7816156= Text Part Number: 78-16156-01
Catalyst 3560 Switch Software Configuration Guide Cisco IOS Release 12.1(19)EA1 January 2004 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7816156= Text Part Number: 78-16156-01
Software Configuration Guide
Page 2
... StackWise are registered trademarks of the word partner does not imply a partnership relationship between Cisco and any other company. (0304R) Catalyst 3560 Switch Software Configuration Guide Copyright © 2004 Cisco Systems, Inc. Copyright © 1981, Regents of the University of Cisco Systems, Inc.; and/or its affiliates in this document or Web site are service...
... StackWise are registered trademarks of the word partner does not imply a partnership relationship between Cisco and any other company. (0304R) Catalyst 3560 Switch Software Configuration Guide Copyright © 2004 Cisco Systems, Inc. Copyright © 1981, Regents of the University of Cisco Systems, Inc.; and/or its affiliates in this document or Web site are service...
Software Configuration Guide
Page 3
... Assistance xxxvi Cisco TAC Website xxxvii Opening a TAC Case xxxvii TAC Case Priority Definitions xxxvii Obtaining Additional Publications and Information xxxviii Overview 1-1 Features 1-1 Default Settings After Initial Switch Configuration 1-9 Network Configuration Examples 1-11 Design Concepts for Using the Switch 1-11 Small to Medium-Sized Network Using Catalyst 3560 Switches 1-13 Large Network Using Catalyst 3560 Switches 1-14...
... Assistance xxxvi Cisco TAC Website xxxvii Opening a TAC Case xxxvii TAC Case Priority Definitions xxxvii Obtaining Additional Publications and Information xxxviii Overview 1-1 Features 1-1 Default Settings After Initial Switch Configuration 1-9 Network Configuration Examples 1-11 Design Concepts for Using the Switch 1-11 Small to Medium-Sized Network Using Catalyst 3560 Switches 1-13 Large Network Using Catalyst 3560 Switches 1-14...
Software Configuration Guide
Page 4
... 3-2 CMS Menu Bar, Toolbar, and Feature Bar 3-2 Online Help 3-5 Configuration Modes 3-5 Guide Mode 3-5 Expert Mode 3-6 Wizards 3-6 Privilege Levels 3-7 Access to Older Switches In a Cluster 3-7 Configuring CMS 3-8 CMS Requirements 3-8 Minimum Hardware Configuration 3-8 Operating System and Browser Support 3-9 CMS Plug-In Requirements 3-9 Cross-Platform Considerations 3-10 HTTP... Access to CMS 3-10 Specifying an HTTP Port (Nondefault Configuration Only) 3-10 Configuring an Authentication Method (Nondefault Configuration Only) 3-10 Catalyst 3560 Switch Software Configuration Guide iv 78-16156-01
... 3-2 CMS Menu Bar, Toolbar, and Feature Bar 3-2 Online Help 3-5 Configuration Modes 3-5 Guide Mode 3-5 Expert Mode 3-6 Wizards 3-6 Privilege Levels 3-7 Access to Older Switches In a Cluster 3-7 Configuring CMS 3-8 CMS Requirements 3-8 Minimum Hardware Configuration 3-8 Operating System and Browser Support 3-9 CMS Plug-In Requirements 3-9 Cross-Platform Considerations 3-10 HTTP... Access to CMS 3-10 Specifying an HTTP Port (Nondefault Configuration Only) 3-10 Configuring an Authentication Method (Nondefault Configuration Only) 3-10 Catalyst 3560 Switch Software Configuration Guide iv 78-16156-01
Software Configuration Guide
Page 5
...3-11 Front Panel View 3-14 Topology View 3-15 CMS Icons 3-16 Where to Go Next 3-16 Assigning the Switch IP Address and Default Gateway 4-1 Understanding the Boot Process 4-1 Assigning Switch Information 4-2 Default Switch Information 4-3 Understanding DHCP-Based Autoconfiguration 4-3 DHCP Client Request Process 4-4 Configuring DHCP-Based Autoconfiguration 4-4 Configuring the DHCP Server... Variables 4-14 Scheduling a Reload of the Software Image 4-16 Configuring a Scheduled Reload 4-16 Displaying Scheduled Reload Information 4-17 78-16156-01 Catalyst 3560 Switch Software Configuration Guide v
...3-11 Front Panel View 3-14 Topology View 3-15 CMS Icons 3-16 Where to Go Next 3-16 Assigning the Switch IP Address and Default Gateway 4-1 Understanding the Boot Process 4-1 Assigning Switch Information 4-2 Default Switch Information 4-3 Understanding DHCP-Based Autoconfiguration 4-3 DHCP Client Request Process 4-4 Configuring DHCP-Based Autoconfiguration 4-4 Configuring the DHCP Server... Variables 4-14 Scheduling a Reload of the Software Image 4-16 Configuring a Scheduled Reload 4-16 Displaying Scheduled Reload Information 4-17 78-16156-01 Catalyst 3560 Switch Software Configuration Guide v
Software Configuration Guide
Page 6
... VLANs 5-7 Discovery Through Routed Ports 5-8 Discovery of Newly Installed Switches 5-9 HSRP and Standby Cluster Command Switches 5-10 Virtual IP Addresses 5-11 Other Considerations for Cluster Standby Groups...Switch-Specific Features in Switch Clusters 5-15 Creating a Switch Cluster 5-16 Enabling a Cluster Command Switch 5-16 Adding Cluster Member Switches 5-17 Creating a Cluster Standby Group 5-19 Verifying a Switch Cluster 5-20 Using the CLI to Manage Switch Clusters 5-21 Catalyst 1900 and Catalyst 2820 CLI Considerations 5-22 Using SNMP to Manage Switch Clusters 5-22 Catalyst 3560 Switch...
... VLANs 5-7 Discovery Through Routed Ports 5-8 Discovery of Newly Installed Switches 5-9 HSRP and Standby Cluster Command Switches 5-10 Virtual IP Addresses 5-11 Other Considerations for Cluster Standby Groups...Switch-Specific Features in Switch Clusters 5-15 Creating a Switch Cluster 5-16 Enabling a Cluster Command Switch 5-16 Adding Cluster Member Switches 5-17 Creating a Cluster Standby Group 5-19 Verifying a Switch Cluster 5-20 Using the CLI to Manage Switch Clusters 5-21 Catalyst 1900 and Catalyst 2820 CLI Considerations 5-22 Using SNMP to Manage Switch Clusters 5-22 Catalyst 3560 Switch...
Software Configuration Guide
Page 7
6 C H A P T E R Administering the Switch 6-1 Managing the System Time and Date 6-1 Understanding the System Clock 6-2 Understanding Network Time Protocol 6-2 Configuring NTP 6-4 Default NTP Configuration 6-4 Configuring NTP Authentication 6-5 Configuring NTP Associations 6-6 ... Address Table Configuration 6-22 Changing the Address Aging Time 6-22 Removing Dynamic Address Entries 6-23 Configuring MAC Address Notification Traps 6-23 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide vii
6 C H A P T E R Administering the Switch 6-1 Managing the System Time and Date 6-1 Understanding the System Clock 6-2 Understanding Network Time Protocol 6-2 Configuring NTP 6-4 Default NTP Configuration 6-4 Configuring NTP Authentication 6-5 Configuring NTP Associations 6-6 ... Address Table Configuration 6-22 Changing the Address Aging Time 6-22 Removing Dynamic Address Entries 6-23 Configuring MAC Address Notification Traps 6-23 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide vii
Software Configuration Guide
Page 8
... Privilege Levels 8-8 Setting the Privilege Level for a Command 8-8 Changing the Default Privilege Level for Lines 8-9 Logging into and Exiting a Privilege Level 8-10 Controlling Switch Access with TACACS+ 8-10 Understanding TACACS+ 8-10 TACACS+ Operation 8-12 Configuring TACACS+ 8-13 Default TACACS+ Configuration 8-13 Identifying the TACACS+ Server Host and ... 8-14 Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 8-16 Starting TACACS+ Accounting 8-17 Displaying the TACACS+ Configuration 8-17 Catalyst 3560 Switch Software Configuration Guide viii 78-16156-01
... Privilege Levels 8-8 Setting the Privilege Level for a Command 8-8 Changing the Default Privilege Level for Lines 8-9 Logging into and Exiting a Privilege Level 8-10 Controlling Switch Access with TACACS+ 8-10 Understanding TACACS+ 8-10 TACACS+ Operation 8-12 Configuring TACACS+ 8-13 Default TACACS+ Configuration 8-13 Identifying the TACACS+ Server Host and ... 8-14 Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 8-16 Starting TACACS+ Accounting 8-17 Displaying the TACACS+ Configuration 8-17 Catalyst 3560 Switch Software Configuration Guide viii 78-16156-01
Software Configuration Guide
Page 9
...8-37 Understanding SSH 8-38 SSH Servers, Integrated Clients, and Supported Versions 8-38 Limitations 8-38 Configuring SSH 8-39 Configuration Guidelines 8-39 Setting Up the Switch to Run SSH 8-39 Configuring the SSH Server 8-40 Displaying the SSH Configuration and Status 8-41 Configuring 802.1X Port-Based Authentication 9-1 Understanding 802.1X...-Based Authentication 9-1 Device Roles 9-2 Authentication Initiation and Message Exchange 9-3 Ports in Authorized and Unauthorized States 9-4 Supported Topologies 9-4 Using 802.1X with Port Security 9-5 Catalyst 3560 Switch Software Configuration Guide ix
...8-37 Understanding SSH 8-38 SSH Servers, Integrated Clients, and Supported Versions 8-38 Limitations 8-38 Configuring SSH 8-39 Configuration Guidelines 8-39 Setting Up the Switch to Run SSH 8-39 Configuring the SSH Server 8-40 Displaying the SSH Configuration and Status 8-41 Configuring 802.1X Port-Based Authentication 9-1 Understanding 802.1X...-Based Authentication 9-1 Device Roles 9-2 Authentication Initiation and Message Exchange 9-3 Ports in Authorized and Unauthorized States 9-4 Supported Topologies 9-4 Using 802.1X with Port Security 9-5 Catalyst 3560 Switch Software Configuration Guide ix
Software Configuration Guide
Page 10
...with Per-User ACLs 9-8 Configuring 802.1X Authentication 9-9 Default 802.1X Configuration 9-10 802.1X Configuration Guidelines 9-11 Configuring 802.1X Authentication 9-11 Configuring the Switch-to-RADIUS-Server Communication 9-13 Configuring Periodic Re-Authentication 9-14 Manually Re-Authenticating a Client Connected to a Port 9-14 Changing the Quiet Period 9-15 Changing ... Configuration 10-11 Configuring Interface Speed and Duplex Mode 10-12 Configuration Guidelines 10-13 Setting the Interface Speed and Duplex Parameters 10-13 Catalyst 3560 Switch Software Configuration Guide x 78-16156-01
...with Per-User ACLs 9-8 Configuring 802.1X Authentication 9-9 Default 802.1X Configuration 9-10 802.1X Configuration Guidelines 9-11 Configuring 802.1X Authentication 9-11 Configuring the Switch-to-RADIUS-Server Communication 9-13 Configuring Periodic Re-Authentication 9-14 Manually Re-Authenticating a Client Connected to a Port 9-14 Changing the Quiet Period 9-15 Changing ... Configuration 10-11 Configuring Interface Speed and Duplex Mode 10-12 Configuration Guidelines 10-13 Setting the Interface Speed and Duplex Parameters 10-13 Catalyst 3560 Switch Software Configuration Guide x 78-16156-01
Software Configuration Guide
Page 11
... Configuration 12-8 Creating or Modifying an Ethernet VLAN 12-8 Deleting a VLAN 12-10 Assigning Static-Access Ports to a VLAN 12-11 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xi
... Configuration 12-8 Creating or Modifying an Ethernet VLAN 12-8 Deleting a VLAN 12-10 Assigning Static-Access Ports to a VLAN 12-11 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xi
Software Configuration Guide
Page 12
...-31 Changing the Retry Count 12-32 Monitoring the VMPS 12-32 Troubleshooting Dynamic-Access Port VLAN Membership 12-33 VMPS Configuration Example 12-33 Catalyst 3560 Switch Software Configuration Guide xii 78-16156-01
...-31 Changing the Retry Count 12-32 Monitoring the VMPS 12-32 Troubleshooting Dynamic-Access Port VLAN Membership 12-33 VMPS Configuration Example 12-33 Catalyst 3560 Switch Software Configuration Guide xii 78-16156-01
Software Configuration Guide
Page 14
...Interface States 15-4 Blocking State 15-6 Listening State 15-6 Learning State 15-6 Forwarding State 15-6 Disabled State 15-7 How a Switch or Port Becomes the Root Switch or Root Port 15-7 Spanning Tree and Redundant Connectivity 15-8 Spanning-Tree Address Management 15-8 Accelerated Aging to Retain Connectivity 15-8...the Switch Priority of a VLAN 15-19 Configuring Spanning-Tree Timers 15-20 Configuring the Hello Time 15-20 Configuring the Forwarding-Delay Time for a VLAN 15-21 Configuring the Maximum-Aging Time for a VLAN 15-21 Displaying the Spanning-Tree Status 15-22 Catalyst 3560 Switch ...
...Interface States 15-4 Blocking State 15-6 Listening State 15-6 Learning State 15-6 Forwarding State 15-6 Disabled State 15-7 How a Switch or Port Becomes the Root Switch or Root Port 15-7 Spanning Tree and Redundant Connectivity 15-8 Spanning-Tree Address Management 15-8 Accelerated Aging to Retain Connectivity 15-8...the Switch Priority of a VLAN 15-19 Configuring Spanning-Tree Timers 15-20 Configuring the Hello Time 15-20 Configuring the Forwarding-Delay Time for a VLAN 15-21 Configuring the Maximum-Aging Time for a VLAN 15-21 Displaying the Spanning-Tree Status 15-22 Catalyst 3560 Switch ...
Software Configuration Guide
Page 15
... Guidelines 16-12 Specifying the MST Region Configuration and Enabling MSTP 16-13 Configuring the Root Switch 16-14 Configuring a Secondary Root Switch 16-16 Configuring Port Priority 16-17 Configuring Path Cost 16-18 Configuring the Switch Priority 16-19 Configuring the Hello Time 16-19 Configuring the Forwarding-Delay Time 16...-23 Configuring Optional Spanning-Tree Features 17-1 Understanding Optional Spanning-Tree Features 17-1 Understanding Port Fast 17-2 Understanding BPDU Guard 17-3 Understanding BPDU Filtering 17-3 Catalyst 3560 Switch Software Configuration Guide xv
... Guidelines 16-12 Specifying the MST Region Configuration and Enabling MSTP 16-13 Configuring the Root Switch 16-14 Configuring a Secondary Root Switch 16-16 Configuring Port Priority 16-17 Configuring Path Cost 16-18 Configuring the Switch Priority 16-19 Configuring the Hello Time 16-19 Configuring the Forwarding-Delay Time 16...-23 Configuring Optional Spanning-Tree Features 17-1 Understanding Optional Spanning-Tree Features 17-1 Understanding Port Fast 17-2 Understanding BPDU Guard 17-3 Understanding BPDU Filtering 17-3 Catalyst 3560 Switch Software Configuration Guide xv
Software Configuration Guide
Page 16
... 19-6 IGMP Report Suppression 19-6 Configuring IGMP Snooping 19-6 Default IGMP Snooping Configuration 19-7 Enabling or Disabling IGMP Snooping 19-7 Setting the Snooping Method 19-8 Catalyst 3560 Switch Software Configuration Guide xvi 78-16156-01
... 19-6 IGMP Report Suppression 19-6 Configuring IGMP Snooping 19-6 Default IGMP Snooping Configuration 19-7 Enabling or Disabling IGMP Snooping 19-7 Setting the Snooping Method 19-8 Catalyst 3560 Switch Software Configuration Guide xvi 78-16156-01
Software Configuration Guide
Page 17
... on an Interface 20-6 Configuring Port Security 20-7 Understanding Port Security 20-7 Secure MAC Addresses 20-8 Security Violations 20-9 Default Port Security Configuration 20-10 Catalyst 3560 Switch Software Configuration Guide xvii
... on an Interface 20-6 Configuring Port Security 20-7 Understanding Port Security 20-7 Secure MAC Addresses 20-8 Security Violations 20-9 Default Port Security Configuration 20-10 Catalyst 3560 Switch Software Configuration Guide xvii
Software Configuration Guide
Page 18
... SPAN 23-2 SPAN and RSPAN Concepts and Terminology 23-3 SPAN Sessions 23-3 Monitored Traffic 23-4 Source Ports 23-5 Source VLANs 23-6 VLAN Filtering 23-6 xviii Catalyst 3560 Switch Software Configuration Guide 78-16156-01
... SPAN 23-2 SPAN and RSPAN Concepts and Terminology 23-3 SPAN Sessions 23-3 Monitored Traffic 23-4 Source Ports 23-5 Source VLANs 23-6 VLAN Filtering 23-6 xviii Catalyst 3560 Switch Software Configuration Guide 78-16156-01
Software Configuration Guide
Page 19
... 25-5 Enabling and Disabling Time Stamps on Log Messages 25-7 Enabling and Disabling Sequence Numbers in Log Messages 25-7 Defining the Message Severity Level 25-8 Catalyst 3560 Switch Software Configuration Guide xix
... 25-5 Enabling and Disabling Time Stamps on Log Messages 25-7 Enabling and Disabling Sequence Numbers in Log Messages 25-7 Defining the Message Severity Level 25-8 Catalyst 3560 Switch Software Configuration Guide xix
Software Configuration Guide
Page 20
... IP ACLs 27-6 Creating Standard and Extended IP ACLs 27-7 Access List Numbers 27-7 Creating a Numbered Standard ACL 27-8 Creating a Numbered Extended ACL 27-10 Catalyst 3560 Switch Software Configuration Guide xx 78-16156-01
... IP ACLs 27-6 Creating Standard and Extended IP ACLs 27-7 Access List Numbers 27-7 Creating a Numbered Standard ACL 27-8 Creating a Numbered Extended ACL 27-10 Catalyst 3560 Switch Software Configuration Guide xx 78-16156-01
Software Configuration Guide
Page 21
... Using VLAN Maps with Router ACLs 27-36 Guidelines 27-36 Examples of Router ACLs and VLAN Maps Applied to VLANs 27-37 ACLs and Switched Packets 27-37 ACLs and Bridged Packets 27-38 ACLs and Routed Packets 27-38 ACLs and Multicast Packets 27-39 Displaying ACL Configuration 27...-1 Basic QoS Model 28-3 Classification 28-4 Classification Based on QoS ACLs 28-7 Classification Based on Class Maps and Policy Maps 28-7 Policing and Marking 28-8 Catalyst 3560 Switch Software Configuration Guide xxi
... Using VLAN Maps with Router ACLs 27-36 Guidelines 27-36 Examples of Router ACLs and VLAN Maps Applied to VLANs 27-37 ACLs and Switched Packets 27-37 ACLs and Bridged Packets 27-38 ACLs and Routed Packets 27-38 ACLs and Multicast Packets 27-39 Displaying ACL Configuration 27...-1 Basic QoS Model 28-3 Classification 28-4 Classification Based on QoS ACLs 28-7 Classification Based on Class Maps and Policy Maps 28-7 Policing and Marking 28-8 Catalyst 3560 Switch Software Configuration Guide xxi