Configuration Guide
Page 4
...-Sized Network Using Catalyst 3750 Switches 1-21 Large Network Using Catalyst 3750 Switches 1-23 Multidwelling Network Using Catalyst 3750 Switches 1-25 Long-Distance, High-Bandwidth Transport Configuration 1-26 Where to Go Next 1-27 Using the Command-Line Interface 2-1 Understanding Command Modes 2-1 Understanding the Help System 2-3 Understanding Abbreviated Commands 2-4 Understanding no and default Forms of Commands 2-4 Understanding CLI Error Messages 2-5 Using...
...-Sized Network Using Catalyst 3750 Switches 1-21 Large Network Using Catalyst 3750 Switches 1-23 Multidwelling Network Using Catalyst 3750 Switches 1-25 Long-Distance, High-Bandwidth Transport Configuration 1-26 Where to Go Next 1-27 Using the Command-Line Interface 2-1 Understanding Command Modes 2-1 Understanding the Help System 2-3 Understanding Abbreviated Commands 2-4 Understanding no and default Forms of Commands 2-4 Understanding CLI Error Messages 2-5 Using...
Configuration Guide
Page 38
... 43-21 Redirecting Debug and Error Message Output 43-21 Using ...Catalyst 3750G Integrated Wireless LAN Controller Switch A-1 Understanding the Wireless LAN Controller Switch A-2 The Wireless LAN Controller Switch and Switch Stacks A-2 Controller and Switch Interaction A-3 Internal Ports A-3 Configuring the Wireless LAN Controller Switch A-4 Internal Port Configuration A-4 Reconfiguring the Internal Ports A-5 Accessing the Controller A-6 Displaying Internal Wireless Controller Information A-7 Supported MIBs B-1 MIB List B-1 Using FTP to Access the MIB Files B-3 xxxviii Catalyst 3750 Switch...
... 43-21 Redirecting Debug and Error Message Output 43-21 Using ...Catalyst 3750G Integrated Wireless LAN Controller Switch A-1 Understanding the Wireless LAN Controller Switch A-2 The Wireless LAN Controller Switch and Switch Stacks A-2 Controller and Switch Interaction A-3 Internal Ports A-3 Configuring the Wireless LAN Controller Switch A-4 Internal Port Configuration A-4 Reconfiguring the Internal Ports A-5 Accessing the Controller A-6 Displaying Internal Wireless Controller Information A-7 Supported MIBs B-1 MIB List B-1 Using FTP to Access the MIB Files B-3 xxxviii Catalyst 3750 Switch...
Configuration Guide
Page 64
... After Initial Switch Configuration The switch is available. and stack-wide settings. 1-12 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 The powered device notifies the switch of the amount... and traffic analysis • Syslog facility for logging system messages about authentication or authorization errors, resource issues, and time-out events • Layer 2 traceroute to identify the physical...from Power over Ethernet (PoE) features: • Ability to provide power to connected Cisco pre-standard and IEEE 802.3af-compliant powered devices from a source device to a ...
... After Initial Switch Configuration The switch is available. and stack-wide settings. 1-12 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 The powered device notifies the switch of the amount... and traffic analysis • Syslog facility for logging system messages about authentication or authorization errors, resource issues, and time-out events • Layer 2 traceroute to identify the physical...from Power over Ethernet (PoE) features: • Ability to provide power to connected Cisco pre-standard and IEEE 802.3af-compliant powered devices from a source device to a ...
Configuration Guide
Page 81
... System, page 2-3 • Understanding Abbreviated Commands, page 2-4 • Understanding no and default Forms of Commands, page 2-4 • Understanding CLI Error Messages, page 2-5 • Using Configuration Logging, page 2-5 • Using Command History, page 2-6 • Using Editing Features, page 2-7 ... to configure your Catalyst 3750 switch. Enter a question mark (?) at global configuration mode. It contains these commands are stored and used when the switch reboots. CH A P T E R 2 Using the Command-Line Interface This chapter describes the Cisco IOS command-line ...
... System, page 2-3 • Understanding Abbreviated Commands, page 2-4 • Understanding no and default Forms of Commands, page 2-4 • Understanding CLI Error Messages, page 2-5 • Using Configuration Logging, page 2-5 • Using Command History, page 2-6 • Using Editing Features, page 2-7 ... to configure your Catalyst 3750 switch. Enter a question mark (?) at global configuration mode. It contains these commands are stored and used when the switch reboots. CH A P T E R 2 Using the Command-Line Interface This chapter describes the Cisco IOS command-line ...
Configuration Guide
Page 85
... of the error. Using Configuration Logging Beginning with the command appear. % Invalid input detected You entered the command at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/ gtconlog.htm Note Only CLI or HTTP changes are available in this command. OL-8550-02 Catalyst 3750 Switch Software...
... of the error. Using Configuration Logging Beginning with the command appear. % Invalid input detected You entered the command at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/ gtconlog.htm Note Only CLI or HTTP changes are available in this command. OL-8550-02 Catalyst 3750 Switch Software...
Configuration Guide
Page 96
...the client and server are invalid (a configuration error exists), the client returns a DHCPDECLINE broadcast message to configure the DHCP server for various lease options associated with IP addresses. If the DHCP server is running on a different LAN, you might also need to the DHCP ...server when the configuration file is not present on the switch. A relay device forwards broadcast traffic between a switch stack and the DHCP, DNS, and TFTP servers. DHCP Client Request Process When you need to the client. Catalyst 3750 Switch Software Configuration Guide 3-4 OL-8550-02 This is ...
...the client and server are invalid (a configuration error exists), the client returns a DHCPDECLINE broadcast message to configure the DHCP server for various lease options associated with IP addresses. If the DHCP server is running on a different LAN, you might also need to the DHCP ...server when the configuration file is not present on the switch. A relay device forwards broadcast traffic between a switch stack and the DHCP, DNS, and TFTP servers. DHCP Client Request Process When you need to the client. Catalyst 3750 Switch Software Configuration Guide 3-4 OL-8550-02 This is ...
Configuration Guide
Page 97
... Switch Information The DHCP server sends the client a DHCPNAK denial broadcast message, which means that the offered configuration parameters have not been assigned, that an error has... Configuration, page 3-8 If your DHCP server is allocated to another client). OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 3-5 however, the client usually accepts the first offer it receives. The...optional) Depending on the settings of the Cisco IOS IP Configuration Guide, Release 12.2 for additional information about configuring DHCP. If the switch accepts replies from a TFTP server, you...
... Switch Information The DHCP server sends the client a DHCPNAK denial broadcast message, which means that the offered configuration parameters have not been assigned, that an error has... Configuration, page 3-8 If your DHCP server is allocated to another client). OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 3-5 however, the client usually accepts the first offer it receives. The...optional) Depending on the settings of the Cisco IOS IP Configuration Guide, Release 12.2 for additional information about configuring DHCP. If the switch accepts replies from a TFTP server, you...
Configuration Guide
Page 116
... in the "Initial Configuration" section on the switch. Configuring Cisco IOS Agents Chapter 4 Configuring Cisco IOS CNS Agents Incremental (Partial) Configuration After the network is running configuration. When the switch has applied the incremental configuration, it publishes an event showing an error status. At the setup prompt, do so. Catalyst 3750 Switch Software Configuration Guide 4-6 OL-8550-02
... in the "Initial Configuration" section on the switch. Configuring Cisco IOS Agents Chapter 4 Configuring Cisco IOS CNS Agents Incremental (Partial) Configuration After the network is running configuration. When the switch has applied the incremental configuration, it publishes an event showing an error status. At the setup prompt, do so. Catalyst 3750 Switch Software Configuration Guide 4-6 OL-8550-02
Configuration Guide
Page 131
... configuration to it to the switch stack, and the stack is rejected, and error messages appear on page 5-23. In this situation, the configuration for the provisioned interfaces (potentially of the wrong type) are executed. However, during initialization. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 5-9 Then, a 24-port switch without PoE support is connected...
... configuration to it to the switch stack, and the stack is rejected, and error messages appear on page 5-23. In this situation, the configuration for the provisioned interfaces (potentially of the wrong type) are executed. However, during initialization. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 5-9 Then, a 24-port switch without PoE support is connected...
Configuration Guide
Page 145
...same number as the new stack master when the current stack master or switch stack resets. To remove provisioned information and to avoid receiving an error message, remove the specified switch from the stack master. For stack-member-number, the range is ...is not already used in the configuration file. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 5-23 Specify the stack member number for the stack member. Chapter 5 Managing Switch Stacks Configuring the Switch Stack Step 2 Command switch stack-member-number priority new-priority-number Step 3 Step 4...
...same number as the new stack master when the current stack master or switch stack resets. To remove provisioned information and to avoid receiving an error message, remove the specified switch from the stack master. For stack-member-number, the range is ...is not already used in the configuration file. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 5-23 Specify the stack member number for the stack member. Chapter 5 Managing Switch Stacks Configuring the Switch Stack Step 2 Command switch stack-member-number priority new-priority-number Step 3 Step 4...
Configuration Guide
Page 186
... address table. Unicast addresses, for example, could be forwarded to the address table. However, the switch maintains an address table for errors before transmission. The switch sends packets between any port on a per-VLAN basis. MAC Addresses and VLANs All addresses are ... with a VLAN. The switch provides dynamic addressing by learning the source address of the received packet. Using the MAC address table, the switch forwards the packet only to individual workstations, repeaters, switches, routers, or other VLAN. 7-20 Catalyst 3750 Switch Software Configuration Guide OL-8550...
... address table. Unicast addresses, for example, could be forwarded to the address table. However, the switch maintains an address table for errors before transmission. The switch sends packets between any port on a per-VLAN basis. MAC Addresses and VLANs All addresses are ... with a VLAN. The switch provides dynamic addressing by learning the source address of the received packet. Using the MAC address table, the switch forwards the packet only to individual workstations, repeaters, switches, routers, or other VLAN. 7-20 Catalyst 3750 Switch Software Configuration Guide OL-8550...
Configuration Guide
Page 216
...prompted to retry the login sequence, depending on the TACACS+ daemon. • ERROR-An error occurred at this process occurs: 1. You can use an alternative method for ... to obtain a password prompt. You can optionally define method lists for TACACS+ authentication. Controlling Switch Access with the daemon or in the form of these responses from the TACACS+ daemon:...to configure your switch to authenticate the user. A method list defines the sequence and methods to be used to authenticate, to authorize, or to 9-12 Catalyst 3750 Switch Software Configuration Guide...
...prompted to retry the login sequence, depending on the TACACS+ daemon. • ERROR-An error occurred at this process occurs: 1. You can use an alternative method for ... to obtain a password prompt. You can optionally define method lists for TACACS+ authentication. Controlling Switch Access with the daemon or in the form of these responses from the TACACS+ daemon:...to configure your switch to authenticate the user. A method list defines the sequence and methods to be used to authenticate, to authorize, or to 9-12 Catalyst 3750 Switch Software Configuration Guide...
Configuration Guide
Page 217
...host. • (Optional) For port integer, specify a server port number. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 9-13 To prevent a lapse in which you cannot configure TACACS+ through a ...This process continues until there is performed through the CLI. Chapter 9 Configuring Switch-Based Authentication Controlling Switch Access with TACACS+ authorize, or to group existing server hosts for authentication. ...integer, specify a time in seconds the switch waits for a response from the daemon before it times out and declares an error. Beginning in the list. You must ...
...host. • (Optional) For port integer, specify a server port number. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 9-13 To prevent a lapse in which you cannot configure TACACS+ through a ...This process continues until there is performed through the CLI. Chapter 9 Configuring Switch-Based Authentication Controlling Switch Access with TACACS+ authorize, or to group existing server hosts for authentication. ...integer, specify a time in seconds the switch waits for a response from the daemon before it times out and declares an error. Beginning in the list. You must ...
Configuration Guide
Page 219
... specify a character string to be used only if the previous method returns an error, not if it fails. Return to the default value, use this authentication method,..., use the no aaa new-model global configuration command. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 9-15 You must enter username information in default situations.... configuration command. • group tacacs+-Uses TACACS+ authentication. Chapter 9 Configuring Switch-Based Authentication Controlling Switch Access with the aaa authentication login command. The additional methods of lines. ...
... specify a character string to be used only if the previous method returns an error, not if it fails. Return to the default value, use this authentication method,..., use the no aaa new-model global configuration command. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 9-15 You must enter username information in default situations.... configuration command. • group tacacs+-Uses TACACS+ authentication. Chapter 9 Configuring Switch-Based Authentication Controlling Switch Access with the aaa authentication login command. The additional methods of lines. ...
Configuration Guide
Page 228
Controlling Switch Access with the aaa authentication login command. The default method ...Before you can use any authentication for login. You must enter username information in the configuration file. 9-24 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 You must enter username information in default situations. enable-Use the enable ...ports. • For list-name, specify a character string to be used only if the previous method returns an error, not if it fails. Verify your entries. (Optional) Save your entries in the database by using the username password...
Controlling Switch Access with the aaa authentication login command. The default method ...Before you can use any authentication for login. You must enter username information in the configuration file. 9-24 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 You must enter username information in default situations. enable-Use the enable ...ports. • For list-name, specify a character string to be used only if the previous method returns an error, not if it fails. Verify your entries. (Optional) Save your entries in the database by using the username password...
Configuration Guide
Page 243
...Setting Up the Switch to Run SSH, page 9-40 (required) • Configuring the SSH Server, page 9-41 (required only if you get CLI error messages after ... TACACS+ (for more information, see the "Controlling Switch Access with TACACS+" section on page 9-10) • RADIUS (for more information, see the "Controlling Switch Access with RADIUS" section on page 9-17)...8550-02 Catalyst 3750 Switch Software Configuration Guide 9-39 Chapter 9 Configuring Switch-Based Authentication Configuring the Switch for Secure Shell SSH also supports these guidelines when configuring the switch as an ...
...Setting Up the Switch to Run SSH, page 9-40 (required) • Configuring the SSH Server, page 9-41 (required only if you get CLI error messages after ... TACACS+ (for more information, see the "Controlling Switch Access with TACACS+" section on page 9-10) • RADIUS (for more information, see the "Controlling Switch Access with RADIUS" section on page 9-17)...8550-02 Catalyst 3750 Switch Software Configuration Guide 9-39 Chapter 9 Configuring Switch-Based Authentication Configuring the Switch for Secure Shell SSH also supports these guidelines when configuring the switch as an ...
Configuration Guide
Page 265
... configured access VLAN. Using IEEE 802.1x Authentication with Per-User ACLs You can enable per-user access control lists (ACLs) to provide different levels of a configuration error. Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Port-Based Authentication When configured... to an IEEE 802.1x-authenticated user. Attribute [81] specifies the VLAN name or VLAN ID assigned to the OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 10-11 When the RADIUS server authenticates a user connected to an IEEE 802.1x port, it is authenticated and...
... configured access VLAN. Using IEEE 802.1x Authentication with Per-User ACLs You can enable per-user access control lists (ACLs) to provide different levels of a configuration error. Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Port-Based Authentication When configured... to an IEEE 802.1x-authenticated user. Attribute [81] specifies the VLAN name or VLAN ID assigned to the OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 10-11 When the RADIUS server authenticates a user connected to an IEEE 802.1x port, it is authenticated and...
Configuration Guide
Page 268
...might connect through a hub. These clients are supported only on page 10-35. 10-14 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 A restricted VLAN allows users without EAP success. You can control the services available to the restricted VLAN. Without this count exceeds the configured maximum number of ... disconnects from indefinitely attempting authentication. As soon as the port is authorized, a MAC address is reached, the port becomes unauthorized and error disabled. When the port moves into the restricted VLAN, the failed attempt counter resets.
...might connect through a hub. These clients are supported only on page 10-35. 10-14 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 A restricted VLAN allows users without EAP success. You can control the services available to the restricted VLAN. Without this count exceeds the configured maximum number of ... disconnects from indefinitely attempting authentication. As soon as the port is authorized, a MAC address is reached, the port becomes unauthorized and error disabled. When the port moves into the restricted VLAN, the failed attempt counter resets.
Configuration Guide
Page 271
... connected, the Cisco IP phone loses connectivity to both the voice VLAN identifier (VVID) and the port VLAN identifier (PVID). For more information, see Chapter 15, "Configuring Voice VLAN." Port security applies to the switch for the client. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide...host or multiple-hosts mode. (You also must configure port security on the port by the first authenticated host, the port becomes error-disabled and immediately shuts down , the port becomes unauthenticated, and all dynamic entries are cleared, including the entry for up normally...
... connected, the Cisco IP phone loses connectivity to both the voice VLAN identifier (VVID) and the port VLAN identifier (PVID). For more information, see Chapter 15, "Configuring Voice VLAN." Port security applies to the switch for the client. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide...host or multiple-hosts mode. (You also must configure port security on the port by the first authenticated host, the port becomes error-disabled and immediately shuts down , the port becomes unauthenticated, and all dynamic entries are cleared, including the entry for up normally...
Configuration Guide
Page 274
...more than one voice device is detected on the voice VLAN while a port is unauthorized, the port is error disabled. 10-20 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 For information about NAC, see the "MAC Authentication Bypass" section on page...Cisco), to send a Cisco Attribute-Value (AV) pair attribute with a value of device-traffic-class=voice. MDA does not enforce the order of a port, it is error disabled. • Until a device is authorized, the port drops its MAC address is binding on an MDA-enabled port. For more information, see the Network Admission Control...
...more than one voice device is detected on the voice VLAN while a port is unauthorized, the port is error disabled. 10-20 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 For information about NAC, see the "MAC Authentication Bypass" section on page...Cisco), to send a Cisco Attribute-Value (AV) pair attribute with a value of device-traffic-class=voice. MDA does not enforce the order of a port, it is error disabled. • Until a device is authorized, the port drops its MAC address is binding on an MDA-enabled port. For more information, see the Network Admission Control...