Configuration Guide
Page 11
... Secure HTTP Server and Client Status 9-48 Configuring the Switch for Secure Copy Protocol 9-48 Information About Secure Copy 9-49 Configuring IEEE 802.1x Port-Based Authentication 10-1 Understanding IEEE 802.1x Port-Based Authentication 10-1 Device Roles 10...Ports 10-16 Using IEEE 802.1x Authentication with Port Security 10-17 Using IEEE 802.1x Authentication with Wake-on-LAN 10-18 Using IEEE 802.1x Authentication with MAC Authentication Bypass 10-18 Using Network Admission Control... Authentication Bypass 10-24 MAC Authentication Bypass 10-25 Catalyst 3750 Switch Software Configuration Guide xi
... Secure HTTP Server and Client Status 9-48 Configuring the Switch for Secure Copy Protocol 9-48 Information About Secure Copy 9-49 Configuring IEEE 802.1x Port-Based Authentication 10-1 Understanding IEEE 802.1x Port-Based Authentication 10-1 Device Roles 10...Ports 10-16 Using IEEE 802.1x Authentication with Port Security 10-17 Using IEEE 802.1x Authentication with Wake-on-LAN 10-18 Using IEEE 802.1x Authentication with MAC Authentication Bypass 10-18 Using Network Admission Control... Authentication Bypass 10-24 MAC Authentication Bypass 10-25 Catalyst 3750 Switch Software Configuration Guide xi
Configuration Guide
Page 131
...the (now incorrect) switch stack-member-number provision type global configuration command in the startup configuration file for a 48-port switch with Power over Ethernet (PoE), the configuration is saved, and the stack is powered down. The events... the stack with the default interface configuration. Depending on page 5-23. Note If the switch stack is running Cisco IOS Release 12.2(20)SE or later and does not contain a provisioned configuration for a Switch Stack" section ... example, suppose the switch stack is powered up. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 5-9
...the (now incorrect) switch stack-member-number provision type global configuration command in the startup configuration file for a 48-port switch with Power over Ethernet (PoE), the configuration is saved, and the stack is powered down. The events... the stack with the default interface configuration. Depending on page 5-23. Note If the switch stack is running Cisco IOS Release 12.2(20)SE or later and does not contain a provisioned configuration for a Switch Stack" section ... example, suppose the switch stack is powered up. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 5-9
Configuration Guide
Page 205
... of security, you restrict access to a switch stack. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 9-1 When users attempt to access the switch ...8226; Controlling Switch Access with TACACS+, page 9-10 • Controlling Switch Access with RADIUS, page 9-17 • Controlling Switch Access with associated rights and privileges) to each switch port. ...port, connect from outside the network through a serial port, or connect through a port or line, they must enter the password specified for Secure Copy Protocol, page 9-48 Preventing Unauthorized Access to lines or ports...
... of security, you restrict access to a switch stack. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 9-1 When users attempt to access the switch ...8226; Controlling Switch Access with TACACS+, page 9-10 • Controlling Switch Access with RADIUS, page 9-17 • Controlling Switch Access with associated rights and privileges) to each switch port. ...port, connect from outside the network through a serial port, or connect through a port or line, they must enter the password specified for Secure Copy Protocol, page 9-48 Preventing Unauthorized Access to lines or ports...
Configuration Guide
Page 246
...for the application, and pass the response back to and from Cisco.com. SSL provides server authentication, encryption, and message integrity, as well as HTTP client authentication, to the HTTP 1.1 ...and Clients, page 9-44 • Displaying Secure HTTP Server and Client Status, page 9-48 For configuration examples and complete syntax and usage information for HTTPS requests on your switch. ... functions as trustpoints. 9-42 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 You must be installed on a designated port (the default HTTPS port is to respond to download ...
...for the application, and pass the response back to and from Cisco.com. SSL provides server authentication, encryption, and message integrity, as well as HTTP client authentication, to the HTTP 1.1 ...and Clients, page 9-44 • Displaying Secure HTTP Server and Client Status, page 9-48 For configuration examples and complete syntax and usage information for HTTPS requests on your switch. ... functions as trustpoints. 9-42 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 You must be installed on a designated port (the default HTTPS port is to respond to download ...
Configuration Guide
Page 306
... the 48 10/100 or 10/100/1000 PoE ports provide 15.4 W of power, or any combination of ports provide an average of 7.7 W of Catalyst 3750 switches can receive redundant power when it is no power on physical ports. These port groups act as one switch port. Note The 10-Gigabit Ethernet module ports are the DTP, the Cisco...
... the 48 10/100 or 10/100/1000 PoE ports provide 15.4 W of power, or any combination of ports provide an average of 7.7 W of Catalyst 3750 switches can receive redundant power when it is no power on physical ports. These port groups act as one switch port. Note The 10-Gigabit Ethernet module ports are the DTP, the Cisco...
Configuration Guide
Page 313
... Catalyst 3750 Switch Software Configuration Guide 11-13 vlan-ID, where the VLAN ID is 1 to 48 Note When you are being executed, some commands might not be used with the interface vlan command. Wait until the command prompt reappears before exiting interface-range configuration mode. fastethernet stack member/module/{first port} - {last port...
... Catalyst 3750 Switch Software Configuration Guide 11-13 vlan-ID, where the VLAN ID is 1 to 48 Note When you are being executed, some commands might not be used with the interface vlan command. Wait until the command prompt reappears before exiting interface-range configuration mode. fastethernet stack member/module/{first port} - {last port...
Configuration Guide
Page 314
...-range macro called macro_name. port-channel port-channel-number - Show the defined interface range macro configuration. (Optional) Save your entries in NVRAM. • The macro_name is a 32-character maximum character string. • A macro can contain up to 48. Use the no define ... VLAN interfaces must have been configured with port channels, the first and last port-channel number must be active port channels. • You must consist of the same port type. You can combine multiple interface types in a macro. 11-14 Catalyst 3750 Switch Software Configuration Guide OL-8550...
...-range macro called macro_name. port-channel port-channel-number - Show the defined interface range macro configuration. (Optional) Save your entries in NVRAM. • The macro_name is a 32-character maximum character string. • A macro can contain up to 48. Use the no define ... VLAN interfaces must have been configured with port channels, the first and last port-channel number must be active port channels. • You must consist of the same port type. You can combine multiple interface types in a macro. 11-14 Catalyst 3750 Switch Software Configuration Guide OL-8550...
Configuration Guide
Page 323
... adjusts the power budget according to track the global power budget. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 11-23 Note When you manually configure the power budget... switch budgets 15,400 milliwatts for Devices Connected to a PoE Port When Cisco powered devices are connected to PoE ports, the switch uses Cisco Discovery Protocol (CDP) to determine the actual power consumption of ...void your switch power budget and make certain not to each the PoE port on a 24-port or 48-port switch is 15400 milliwatts. When you can override the default power requirement...
... adjusts the power budget according to track the global power budget. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 11-23 Note When you manually configure the power budget... switch budgets 15,400 milliwatts for Devices Connected to a PoE Port When Cisco powered devices are connected to PoE ports, the switch uses Cisco Discovery Protocol (CDP) to determine the actual power consumption of ...void your switch power budget and make certain not to each the PoE port on a 24-port or 48-port switch is 15400 milliwatts. When you can override the default power requirement...
Configuration Guide
Page 416
...ports configured, IP packets would be improperly bridged across VLANs. Cisco Discovery Protocol (CDP) is automatically enabled on tunnel ports. Set the interface as an IEEE 802.1Q tunnel port...switching. • A tunnel port cannot be a routed port. • IP routing is specific to 48). Configuring an IEEE 802.1Q Tunneling Port Beginning in the service-provider ...ports. • Tunnel ports do not support IP access control lists (ACLs). • Layer 3 quality of service (QoS) ACLs and other QoS features related to configure a port as an IEEE 802.1Q tunnel port. 17-6 Catalyst...
...ports configured, IP packets would be improperly bridged across VLANs. Cisco Discovery Protocol (CDP) is automatically enabled on tunnel ports. Set the interface as an IEEE 802.1Q tunnel port...switching. • A tunnel port cannot be a routed port. • IP routing is specific to 48). Configuring an IEEE 802.1Q Tunneling Port Beginning in the service-provider ...ports. • Tunnel ports do not support IP access control lists (ACLs). • Layer 3 quality of service (QoS) ACLs and other QoS features related to configure a port as an IEEE 802.1Q tunnel port. 17-6 Catalyst...
Configuration Guide
Page 423
...the CoS value for all tunneled Layer 2 PDUs. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 17-13 Step 3 switchport mode access or switchport mode dot1q-tunnel Configure the interface as a tunnel port. Step 12 copy running-config startup-config (Optional) Save your ...entries in privileged EXEC mode, follow these steps to 48). The interface is disabled if the configured threshold is re-enabled and can be configured as an access port or an IEEE 802.1Q tunnel port. Step 8 errdisable recovery cause l2ptguard (Optional) Configure the recovery...
...the CoS value for all tunneled Layer 2 PDUs. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 17-13 Step 3 switchport mode access or switchport mode dot1q-tunnel Configure the interface as a tunnel port. Step 12 copy running-config startup-config (Optional) Save your ...entries in privileged EXEC mode, follow these steps to 48). The interface is disabled if the configured threshold is re-enabled and can be configured as an access port or an IEEE 802.1Q tunnel port. Step 8 errdisable recovery cause l2ptguard (Optional) Configure the recovery...
Configuration Guide
Page 443
... to 48. (Recommended for this port (local port) to a remote port through a point-to-point link and the local port becomes a designated port, the switch negotiates with the remote port and rapidly changes the local port to 4094. Valid interfaces include physical ports, VLANs, and port channels. The port-channel ...switch supports three spanning-tree modes: PVST+, rapid PVST+, or MSTP. Beginning in the configuration file. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 18-15 Verify your entries. (Optional) Save your entries in privileged EXEC mode, follow ...
... to 48. (Recommended for this port (local port) to a remote port through a point-to-point link and the local port becomes a designated port, the switch negotiates with the remote port and rapidly changes the local port to 4094. Valid interfaces include physical ports, VLANs, and port channels. The port-channel ...switch supports three spanning-tree modes: PVST+, rapid PVST+, or MSTP. Beginning in the configuration file. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 18-15 Verify your entries. (Optional) Save your entries in privileged EXEC mode, follow ...
Configuration Guide
Page 447
...include physical ports and port-channel logical interfaces (port-channel port-channel-number). All other values are rejected. Verify your entries. (Optional) Save your switch is a member of a switch stack, you must use the show running -config startup-config Purpose Enter global configuration mode. OL-8550-02 Catalyst 3750 Switch... 128, 144, 160, 176, 192, 208, 224, and 240. Valid values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and 240. Configure the port priority for a VLAN. • For vlan-id, you can use the spanning-tree [vlan vlan-id] ...
...include physical ports and port-channel logical interfaces (port-channel port-channel-number). All other values are rejected. Verify your entries. (Optional) Save your switch is a member of a switch stack, you must use the show running -config startup-config Purpose Enter global configuration mode. OL-8550-02 Catalyst 3750 Switch... 128, 144, 160, 176, 192, 208, 224, and 240. Valid values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and 240. Configure the port priority for a VLAN. • For vlan-id, you can use the spanning-tree [vlan vlan-id] ...
Configuration Guide
Page 472
... a link-up operative state. Otherwise, you can use the no spanning-tree mst instance-id port-priority interface configuration command. 19-20 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 Configure the port priority. • For instance-id, you can specify a single instance, a range of instances... want selected first and higher cost values to confirm the configuration. This procedure is 1 to configure the MSTP port priority of instances separated by a comma. All other values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and 240. ...
... a link-up operative state. Otherwise, you can use the no spanning-tree mst instance-id port-priority interface configuration command. 19-20 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 Configure the port priority. • For instance-id, you can specify a single instance, a range of instances... want selected first and higher cost values to confirm the configuration. This procedure is 1 to configure the MSTP port priority of instances separated by a comma. All other values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and 240. ...
Configuration Guide
Page 473
...in the configuration file. Beginning in the forwarding state and blocks the other interfaces. The port-channel range is 1 to 200000000; The range is 0 to 4094. • For cost, the range is 1 to 48. end Return to place into the forwarding state. Otherwise, you can specify a single ... command to interfaces that you want selected first and higher cost values that are in a link-up operative state. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 19-21 spanning-tree mst instance-id cost cost Configure the cost. show running -config startup-config ...
...in the configuration file. Beginning in the forwarding state and blocks the other interfaces. The port-channel range is 1 to 200000000; The range is 0 to 4094. • For cost, the range is 1 to 48. end Return to place into the forwarding state. Otherwise, you can specify a single ... command to interfaces that you want selected first and higher cost values that are in a link-up operative state. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 19-21 spanning-tree mst instance-id cost cost Configure the cost. show running -config startup-config ...
Configuration Guide
Page 477
...port...commands, even if the port is 1 to 48. Step 1 Step ... single port on the interface. The port-channel range...controlled from the duplex mode of a port is point-to-point. Valid interfaces include physical ports, VLANs, and port-channel logical interfaces. By default, ports can automatically detect prestandard devices, but they can choose to set a port... to -point connection; This procedure is considered to have a point-to send only prestandard BPDUs. Specify that the link type of the interface: a full-duplex port...-duplex port is optional... Specify that the port can override the...
...port...commands, even if the port is 1 to 48. Step 1 Step ... single port on the interface. The port-channel range...controlled from the duplex mode of a port is point-to-point. Valid interfaces include physical ports, VLANs, and port-channel logical interfaces. By default, ports can automatically detect prestandard devices, but they can choose to set a port... to -point connection; This procedure is considered to have a point-to send only prestandard BPDUs. Specify that the link type of the interface: a full-duplex port...-duplex port is optional... Specify that the port can override the...
Configuration Guide
Page 503
...Active Up/Backup Standby Beginning inprivileged EXEC mode, follow these steps to configure an interface with the interface. Return to 48. The port-channel range is 1 to privileged EXEC mode. Chapter 21 Configuring Flex Links and the MAC Address-Table Move Update...Step 2 Command configure terminal interface interface-id Purpose Enter global configuration mode. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 21-5 The interface can be a physical Layer 2 interface or a port channel (logical interface). This example shows how to configure a preemption scheme for a pair...
...Active Up/Backup Standby Beginning inprivileged EXEC mode, follow these steps to configure an interface with the interface. Return to 48. The port-channel range is 1 to privileged EXEC mode. Chapter 21 Configuring Flex Links and the MAC Address-Table Move Update...Step 2 Command configure terminal interface interface-id Purpose Enter global configuration mode. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 21-5 The interface can be a physical Layer 2 interface or a port channel (logical interface). This example shows how to configure a preemption scheme for a pair...
Configuration Guide
Page 505
...-table move update VLAN is 1 to 48. Specify the interface, and enter interface configuration mode. Return to privileged EXEC mode. Enable the access switch to send MAC address-table move update transmit Switch(conf)# end OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 21-7 To... update transmit Step 6 Step 7 Step 8 end show mac address-table move update privileged EXEC command. Configure a physical Layer 2 interface (or port channel), as part of a Flex Link pair with the interface. This example shows how to configure an access switch to send MAC address-table...
...-table move update VLAN is 1 to 48. Specify the interface, and enter interface configuration mode. Return to privileged EXEC mode. Enable the access switch to send MAC address-table move update transmit Switch(conf)# end OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 21-7 To... update transmit Step 6 Step 7 Step 8 end show mac address-table move update privileged EXEC command. Configure a physical Layer 2 interface (or port channel), as part of a Flex Link pair with the interface. This example shows how to configure an access switch to send MAC address-table...
Configuration Guide
Page 554
...To remove a multicast router port from the VLAN, use the no ip igmp snooping...Port To add a multicast router port (add a static connection to a multicast router), use the ip igmp snooping vlan mrouter global configuration command on switch ports...; The interface can be a physical interface or a port channel. ip igmp snooping vlan vlan-id mrouter interface ... shows how to enable a static connection to 48. Configuring IGMP Snooping Chapter 24 Configuring IGMP Snooping...mrouter interface interface-id global configuration command. The port-channel range is 1 to a multicast router: ...
...To remove a multicast router port from the VLAN, use the no ip igmp snooping...Port To add a multicast router port (add a static connection to a multicast router), use the ip igmp snooping vlan mrouter global configuration command on switch ports...; The interface can be a physical interface or a port channel. ip igmp snooping vlan vlan-id mrouter interface ... shows how to enable a static connection to 48. Configuring IGMP Snooping Chapter 24 Configuring IGMP Snooping...mrouter interface interface-id global configuration command. The port-channel range is 1 to a multicast router: ...
Configuration Guide
Page 555
... static 224.2.4.12 interface gigabitethernet1/0/1 Switch(config)# end Enabling IGMP Immediate Leave When you can be a physical interface or a port channel (1 to 48). This example shows how to privileged EXEC mode. You should only use the no ip igmp snooping vlan vlan-id static ... Purpose Enter global configuration mode. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 24-11 Chapter 24 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Configuring a Host Statically to Join a Group Hosts or Layer 2 ports normally join multicast groups dynamically, but you enable ...
... static 224.2.4.12 interface gigabitethernet1/0/1 Switch(config)# end Enabling IGMP Immediate Leave When you can be a physical interface or a port channel (1 to 48). This example shows how to privileged EXEC mode. You should only use the no ip igmp snooping vlan vlan-id static ... Purpose Enter global configuration mode. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 24-11 Chapter 24 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Configuring a Host Statically to Join a Group Hosts or Layer 2 ports normally join multicast groups dynamically, but you enable ...
Configuration Guide
Page 619
... session_number source command multiple times to 4094 (excluding the RSPAN VLAN). OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 28-13 Valid interfaces include physical interfaces and port-channel logical interfaces (port-channel port-channel-number). Step 4 monitor session session_number destination {interface interface-id [, | -]..., specify the source port or source VLAN to monitor. • For source interface-id, specify the source port to monitor. it cannot be an EtherChannel, and it cannot be a physical port; Valid port-channel numbers are 1 to 48. • For vlan...
... session_number source command multiple times to 4094 (excluding the RSPAN VLAN). OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 28-13 Valid interfaces include physical interfaces and port-channel logical interfaces (port-channel port-channel-number). Step 4 monitor session session_number destination {interface interface-id [, | -]..., specify the source port or source VLAN to monitor. • For source interface-id, specify the source port to monitor. it cannot be an EtherChannel, and it cannot be a physical port; Valid port-channel numbers are 1 to 48. • For vlan...