Configuration Guide
Page 1
Catalyst 3750 Switch Software Configuration Guide Cisco IOS Release 12.2(35)SE December 2006 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: OL-8550-02
Catalyst 3750 Switch Software Configuration Guide Cisco IOS Release 12.2(35)SE December 2006 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: OL-8550-02
Configuration Guide
Page 2
... HEREIN BY THIS REFERENCE. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. The use of California. Catalyst 3750 Switch Software Configuration Guide Copyright © 2004-2006 Cisco Systems, Inc.
... HEREIN BY THIS REFERENCE. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. The use of California. Catalyst 3750 Switch Software Configuration Guide Copyright © 2004-2006 Cisco Systems, Inc.
Configuration Guide
Page 3
...Related Publications xliv Obtaining Documentation xlvi Cisco.com xlvi Product Documentation DVD xlvi Ordering Documentation xlvi Documentation Feedback xlvii Cisco Product Security Overview xlvii Reporting Security Problems in Cisco Products xlvii Product Alerts and Field Notices xlviii Obtaining Technical Assistance xlviii Cisco Support Website xlviii Submitting a ...1-8 QoS and CoS Features 1-9 Layer 3 Features 1-11 Power over Ethernet Features 1-12 Monitoring Features 1-12 Default Settings After Initial Switch Configuration 1-12 CONTENTS Catalyst 3750 Switch Software Configuration Guide iii
...Related Publications xliv Obtaining Documentation xlvi Cisco.com xlvi Product Documentation DVD xlvi Ordering Documentation xlvi Documentation Feedback xlvii Cisco Product Security Overview xlvii Reporting Security Problems in Cisco Products xlvii Product Alerts and Field Notices xlviii Obtaining Technical Assistance xlviii Cisco Support Website xlviii Submitting a ...1-8 QoS and CoS Features 1-9 Layer 3 Features 1-11 Power over Ethernet Features 1-12 Monitoring Features 1-12 Default Settings After Initial Switch Configuration 1-12 CONTENTS Catalyst 3750 Switch Software Configuration Guide iii
Configuration Guide
Page 4
...15 Design Concepts for Using the Switch 1-16 Small to Medium-Sized Network Using Catalyst 3750 Switches 1-21 Large Network Using Catalyst 3750 Switches 1-23 Multidwelling Network Using Catalyst 3750 Switches 1-25 Long-Distance, High-Bandwidth Transport Configuration 1-26 Where to Go Next 1-27 Using the Command-Line Interface 2-1 Understanding... Gateway 3-1 Understanding the Boot Process 3-1 Assigning Switch Information 3-2 Default Switch Information 3-3 Understanding DHCP-Based Autoconfiguration 3-3 DHCP Client Request Process 3-4 Catalyst 3750 Switch Software Configuration Guide iv OL-8550-02
...15 Design Concepts for Using the Switch 1-16 Small to Medium-Sized Network Using Catalyst 3750 Switches 1-21 Large Network Using Catalyst 3750 Switches 1-23 Multidwelling Network Using Catalyst 3750 Switches 1-25 Long-Distance, High-Bandwidth Transport Configuration 1-26 Where to Go Next 1-27 Using the Command-Line Interface 2-1 Understanding... Gateway 3-1 Understanding the Boot Process 3-1 Assigning Switch Information 3-2 Default Switch Information 3-3 Understanding DHCP-Based Autoconfiguration 3-3 DHCP Client Request Process 3-4 Catalyst 3750 Switch Software Configuration Guide iv OL-8550-02
Configuration Guide
Page 5
... Displaying Scheduled Reload Information 3-18 Configuring Cisco IOS CNS Agents 4-1 Understanding Cisco Configuration Engine Software 4-1 Configuration Service 4-2 Event Service 4-3 NameSpace Mapper 4-3 What You Should Know About the CNS IDs and Device Hostnames 4-3 ConfigID 4-3 DeviceID 4-4 Hostname and DeviceID 4-4 Using Hostname, DeviceID, and ConfigID 4-4 Understanding Cisco IOS Agents 4-5 Initial Configuration 4-5 Incremental (Partial) Configuration 4-6 Synchronized Configuration 4-6 OL-8550-02 Catalyst 3750 Switch Software Configuration Guide v
... Displaying Scheduled Reload Information 3-18 Configuring Cisco IOS CNS Agents 4-1 Understanding Cisco Configuration Engine Software 4-1 Configuration Service 4-2 Event Service 4-3 NameSpace Mapper 4-3 What You Should Know About the CNS IDs and Device Hostnames 4-3 ConfigID 4-3 DeviceID 4-4 Hostname and DeviceID 4-4 Using Hostname, DeviceID, and ConfigID 4-4 Understanding Cisco IOS Agents 4-5 Initial Configuration 4-5 Incremental (Partial) Configuration 4-6 Synchronized Configuration 4-6 OL-8550-02 Catalyst 3750 Switch Software Configuration Guide v
Configuration Guide
Page 6
Contents 5 C H A P T E R Configuring Cisco IOS Agents 4-6 Enabling Automated CNS Configuration 4-6 Enabling the CNS Event Agent 4-8 Enabling the Cisco IOS CNS Agent 4-9 Enabling an Initial Configuration 4-9 Enabling a Partial Configuration 4-11 Displaying CNS Configuration 4-12 Managing Switch Stacks 5-1 Understanding Switch Stacks 5-1 Switch Stack Membership 5-3 Stack Master Election and Re-Election...the Switch Stack Through Console Ports 5-16 Connectivity to Specific Stack Members 5-17 Switch Stack Configuration Scenarios 5-17 Catalyst 3750 Switch Software Configuration Guide vi OL-8550-02
Contents 5 C H A P T E R Configuring Cisco IOS Agents 4-6 Enabling Automated CNS Configuration 4-6 Enabling the CNS Event Agent 4-8 Enabling the Cisco IOS CNS Agent 4-9 Enabling an Initial Configuration 4-9 Enabling a Partial Configuration 4-11 Displaying CNS Configuration 4-12 Managing Switch Stacks 5-1 Understanding Switch Stacks 5-1 Switch Stack Membership 5-3 Stack Master Election and Re-Election...the Switch Stack Through Console Ports 5-16 Connectivity to Specific Stack Members 5-17 Switch Stack Configuration Scenarios 5-17 Catalyst 3750 Switch Software Configuration Guide vi OL-8550-02
Configuration Guide
Page 7
...Switches 6-9 HSRP and Standby Cluster Command Switches 6-10 Virtual IP Addresses 6-11 Other Considerations for Cluster Standby Groups 6-11 Automatic Recovery of Cluster Configuration 6-12 IP Addresses 6-13 Hostnames 6-13 Passwords 6-14 SNMP Community Strings 6-14 Switch Clusters and Switch Stacks 6-15 TACACS+ and RADIUS 6-...16 LRE Profiles 6-16 Using the CLI to Manage Switch Clusters 6-16 Catalyst 1900 and Catalyst 2820 CLI Considerations 6-17 Using SNMP to Manage Switch Clusters 6-17 OL-8550-02 Catalyst 3750 Switch Software Configuration Guide vii
...Switches 6-9 HSRP and Standby Cluster Command Switches 6-10 Virtual IP Addresses 6-11 Other Considerations for Cluster Standby Groups 6-11 Automatic Recovery of Cluster Configuration 6-12 IP Addresses 6-13 Hostnames 6-13 Passwords 6-14 SNMP Community Strings 6-14 Switch Clusters and Switch Stacks 6-15 TACACS+ and RADIUS 6-...16 LRE Profiles 6-16 Using the CLI to Manage Switch Clusters 6-16 Catalyst 1900 and Catalyst 2820 CLI Considerations 6-17 Using SNMP to Manage Switch Clusters 6-17 OL-8550-02 Catalyst 3750 Switch Software Configuration Guide vii
Configuration Guide
Page 8
... Addresses and Switch Stacks 7-21 Default MAC Address Table Configuration 7-21 Changing the Address Aging Time 7-21 Removing Dynamic Address Entries 7-22 Configuring MAC Address Notification Traps 7-22 Adding and Removing Static Address Entries 7-24 Configuring Unicast MAC Address Filtering 7-25 Displaying Address Table Entries 7-27 Catalyst 3750 Switch Software Configuration Guide viii OL-8550-02
... Addresses and Switch Stacks 7-21 Default MAC Address Table Configuration 7-21 Changing the Address Aging Time 7-21 Removing Dynamic Address Entries 7-22 Configuring MAC Address Notification Traps 7-22 Adding and Removing Static Address Entries 7-24 Configuring Unicast MAC Address Filtering 7-25 Displaying Address Table Entries 7-27 Catalyst 3750 Switch Software Configuration Guide viii OL-8550-02
Configuration Guide
Page 9
... TACACS+ 9-10 TACACS+ Operation 9-12 Configuring TACACS+ 9-12 Default TACACS+ Configuration 9-13 Identifying the TACACS+ Server Host and Setting the Authentication Key 9-13 Configuring TACACS+ Login Authentication 9-14 Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 9-16 Starting TACACS+ Accounting 9-17 Displaying the TACACS+ Configuration 9-17 OL-8550-02 Catalyst 3750 Switch Software Configuration Guide ix
... TACACS+ 9-10 TACACS+ Operation 9-12 Configuring TACACS+ 9-12 Default TACACS+ Configuration 9-13 Identifying the TACACS+ Server Host and Setting the Authentication Key 9-13 Configuring TACACS+ Login Authentication 9-14 Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 9-16 Starting TACACS+ Accounting 9-17 Displaying the TACACS+ Configuration 9-17 OL-8550-02 Catalyst 3750 Switch Software Configuration Guide ix
Configuration Guide
Page 10
... Limitations 9-39 Configuring SSH 9-39 Configuration Guidelines 9-39 Setting Up the Switch to Run SSH 9-40 Configuring the SSH Server 9-41 Displaying the SSH Configuration and Status 9-41 Configuring the Switch for Secure Socket Layer HTTP 9-42 Understanding Secure HTTP Servers and Clients 9-42 Certificate Authority Trustpoints 9-42 CipherSuites 9-44 Catalyst 3750 Switch Software Configuration Guide x OL-8550...
... Limitations 9-39 Configuring SSH 9-39 Configuration Guidelines 9-39 Setting Up the Switch to Run SSH 9-40 Configuring the SSH Server 9-41 Displaying the SSH Configuration and Status 9-41 Configuring the Switch for Secure Socket Layer HTTP 9-42 Understanding Secure HTTP Servers and Clients 9-42 Certificate Authority Trustpoints 9-42 CipherSuites 9-44 Catalyst 3750 Switch Software Configuration Guide x OL-8550...
Configuration Guide
Page 11
...on-LAN 10-18 Using IEEE 802.1x Authentication with MAC Authentication Bypass 10-18 Using Network Admission Control Layer 2 IEEE 802.1x Validation 10-19 Using Multidomain Authentication 10-20 Using Web Authentication 10-21 Configuring ...IEEE 802.1x Authentication 10-21 Default IEEE 802.1x Authentication Configuration 10-22 IEEE 802.1x Authentication Configuration Guidelines 10-23 IEEE 802.1x Authentication 10-23 VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication Bypass 10-24 MAC Authentication Bypass 10-25 Catalyst 3750 Switch Software Configuration Guide...
...on-LAN 10-18 Using IEEE 802.1x Authentication with MAC Authentication Bypass 10-18 Using Network Admission Control Layer 2 IEEE 802.1x Validation 10-19 Using Multidomain Authentication 10-20 Using Web Authentication 10-21 Configuring ...IEEE 802.1x Authentication 10-21 Default IEEE 802.1x Authentication Configuration 10-22 IEEE 802.1x Authentication Configuration Guidelines 10-23 IEEE 802.1x Authentication 10-23 VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication Bypass 10-24 MAC Authentication Bypass 10-25 Catalyst 3750 Switch Software Configuration Guide...
Configuration Guide
Page 12
... Setting the Re-Authentication Number 10-32 Configuring IEEE 802.1x Accounting 10-33 Configuring a Guest VLAN 10-34 Configuring a Restricted VLAN 10-35 Configuring the Inaccessible Authentication Bypass Feature 10-37 Configuring IEEE 802.1x Authentication with WoL 10-39 Configuring MAC Authentication Bypass 10-40 Configuring NAC Layer 2 IEEE 802.1x Validation...Ethernet Ports 11-6 Supported Protocols and Standards 11-7 Powered-Device Detection and Initial Power Allocation 11-7 Power Management Modes 11-8 Connecting Interfaces 11-9 Catalyst 3750 Switch Software Configuration Guide xii OL-8550-02
... Setting the Re-Authentication Number 10-32 Configuring IEEE 802.1x Accounting 10-33 Configuring a Guest VLAN 10-34 Configuring a Restricted VLAN 10-35 Configuring the Inaccessible Authentication Bypass Feature 10-37 Configuring IEEE 802.1x Authentication with WoL 10-39 Configuring MAC Authentication Bypass 10-40 Configuring NAC Layer 2 IEEE 802.1x Validation...Ethernet Ports 11-6 Supported Protocols and Standards 11-7 Powered-Device Detection and Initial Power Allocation 11-7 Power Management Modes 11-8 Connecting Interfaces 11-9 Catalyst 3750 Switch Software Configuration Guide xii OL-8550-02
Configuration Guide
Page 13
... 12-1 Configuring Smartports Macros 12-2 Default Smartports Macro Configuration 12-2 Smartports Macro Configuration Guidelines 12-3 Creating Smartports Macros 12-4 Applying Smartports Macros 12-5 Applying Cisco-Default Smartports Macros 12-6 Displaying Smartports Macros 12-8 Configuring VLANs 13-1 Understanding VLANs 13-1 Supported VLANs 13-2 VLAN Port Membership Modes 13-3 Contents OL-8550-02 Catalyst 3750 Switch Software Configuration Guide xiii
... 12-1 Configuring Smartports Macros 12-2 Default Smartports Macro Configuration 12-2 Smartports Macro Configuration Guidelines 12-3 Creating Smartports Macros 12-4 Applying Smartports Macros 12-5 Applying Cisco-Default Smartports Macros 12-6 Displaying Smartports Macros 12-8 Configuring VLANs 13-1 Understanding VLANs 13-1 Supported VLANs 13-2 VLAN Port Membership Modes 13-3 Contents OL-8550-02 Catalyst 3750 Switch Software Configuration Guide xiii
Configuration Guide
Page 14
...Ethernet VLAN 13-9 Deleting a VLAN 13-10 Assigning Static-Access Ports to a VLAN 13-11 Configuring Extended-Range VLANs 13-12 Default VLAN Configuration 13-12 Extended-Range VLAN Configuration Guidelines 13-13 Creating an Extended-Range VLAN 13-14 Creating an Extended-Range VLAN with an Internal... Using STP Port Priorities 13-24 Load Sharing Using STP Path Cost 13-26 Configuring VMPS 13-28 Understanding VMPS 13-28 Dynamic-Access Port VLAN Membership 13-29 Default VMPS Client Configuration 13-29 VMPS Configuration Guidelines 13-29 Catalyst 3750 Switch Software Configuration Guide xiv OL-8550-02
...Ethernet VLAN 13-9 Deleting a VLAN 13-10 Assigning Static-Access Ports to a VLAN 13-11 Configuring Extended-Range VLANs 13-12 Default VLAN Configuration 13-12 Extended-Range VLAN Configuration Guidelines 13-13 Creating an Extended-Range VLAN 13-14 Creating an Extended-Range VLAN with an Internal... Using STP Port Priorities 13-24 Load Sharing Using STP Path Cost 13-26 Configuring VMPS 13-28 Understanding VMPS 13-28 Dynamic-Access Port VLAN Membership 13-29 Default VMPS Client Configuration 13-29 VMPS Configuration Guidelines 13-29 Catalyst 3750 Switch Software Configuration Guide xiv OL-8550-02
Configuration Guide
Page 15
...-8 VTP Version 14-9 Configuration Requirements 14-9 Configuring a VTP Server 14-9 Configuring a VTP Client 14-11 Disabling VTP (VTP Transparent Mode) 14-12 Enabling VTP Version 2 14-13 Enabling VTP Pruning 14-14 Adding a VTP Client Switch to a VTP Domain 14-14 Monitoring VTP 14-16 Contents OL-8550-02 Catalyst 3750 Switch Software Configuration Guide xv
...-8 VTP Version 14-9 Configuration Requirements 14-9 Configuring a VTP Server 14-9 Configuring a VTP Client 14-11 Disabling VTP (VTP Transparent Mode) 14-12 Enabling VTP Version 2 14-13 Enabling VTP Pruning 14-14 Adding a VTP Client Switch to a VTP Domain 14-14 Monitoring VTP 14-16 Contents OL-8550-02 Catalyst 3750 Switch Software Configuration Guide xv
Configuration Guide
Page 16
... Features 16-9 Configuring and Associating VLANs in a Private VLAN 16-10 Configuring a Layer 2 Interface as a Private-VLAN Host Port 16-12 Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port 16-13 Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface 16-14 Monitoring Private VLANs 16-15 Catalyst 3750 Switch Software Configuration Guide xvi OL-8550...
... Features 16-9 Configuring and Associating VLANs in a Private VLAN 16-10 Configuring a Layer 2 Interface as a Private-VLAN Host Port 16-12 Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port 16-13 Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface 16-14 Monitoring Private VLANs 16-15 Catalyst 3750 Switch Software Configuration Guide xvi OL-8550...
Configuration Guide
Page 17
... 17-6 Understanding Layer 2 Protocol Tunneling 17-7 Configuring Layer 2 Protocol Tunneling 17-10 Default Layer 2 Protocol Tunneling Configuration 17-11 Layer 2 Protocol Tunneling Configuration Guidelines 17-12 Configuring Layer 2 Protocol Tunneling 17-13 Configuring Layer 2 Tunneling for EtherChannels 17-14 Configuring the SP Edge Switch 17-14 Configuring the Customer Switch 17-16 Monitoring and Maintaining...18-10 Spanning-Tree Interoperability and Backward Compatibility 18-11 STP and IEEE 802.1Q Trunks 18-11 VLAN-Bridge Spanning Tree 18-11 Catalyst 3750 Switch Software Configuration Guide xvii
... 17-6 Understanding Layer 2 Protocol Tunneling 17-7 Configuring Layer 2 Protocol Tunneling 17-10 Default Layer 2 Protocol Tunneling Configuration 17-11 Layer 2 Protocol Tunneling Configuration Guidelines 17-12 Configuring Layer 2 Protocol Tunneling 17-13 Configuring Layer 2 Tunneling for EtherChannels 17-14 Configuring the SP Edge Switch 17-14 Configuring the Customer Switch 17-16 Monitoring and Maintaining...18-10 Spanning-Tree Interoperability and Backward Compatibility 18-11 STP and IEEE 802.1Q Trunks 18-11 VLAN-Bridge Spanning Tree 18-11 Catalyst 3750 Switch Software Configuration Guide xvii
Configuration Guide
Page 18
... Mode. 18-15 Disabling Spanning Tree 18-16 Configuring the Root Switch 18-16 Configuring a Secondary Root Switch 18-18 Configuring Port Priority 18-18 Configuring Path Cost 18-20 Configuring the Switch Priority of a VLAN 18-21 Configuring Spanning-Tree Timers 18-22 Configuring the Hello Time 18-22 Configuring the Forwarding-Delay Time for a VLAN 18... 802.1D STP 19-9 Understanding RSTP 19-9 Port Roles and the Active Topology 19-9 Rapid Convergence 19-10 Synchronization of Port Roles 19-11 xviii Catalyst 3750 Switch Software Configuration Guide OL-8550-02
... Mode. 18-15 Disabling Spanning Tree 18-16 Configuring the Root Switch 18-16 Configuring a Secondary Root Switch 18-18 Configuring Port Priority 18-18 Configuring Path Cost 18-20 Configuring the Switch Priority of a VLAN 18-21 Configuring Spanning-Tree Timers 18-22 Configuring the Hello Time 18-22 Configuring the Forwarding-Delay Time for a VLAN 18... 802.1D STP 19-9 Understanding RSTP 19-9 Port Roles and the Active Topology 19-9 Rapid Convergence 19-10 Synchronization of Port Roles 19-11 xviii Catalyst 3750 Switch Software Configuration Guide OL-8550-02
Configuration Guide
Page 19
... 19-24 Designating the Neighbor Type 19-25 Restarting the Protocol Migration Process 19-26 Displaying the MST Configuration and Status 19-26 Configuring Optional Spanning-Tree Features 20-1 Understanding Optional Spanning-Tree Features 20-1 Understanding Port Fast 20-2 Understanding BPDU... Guard 20-10 Understanding Root Guard 20-10 Understanding Loop Guard 20-11 Configuring Optional Spanning-Tree Features 20-11 Default Optional Spanning-Tree Configuration 20-12 Optional Spanning-Tree Configuration Guidelines 20-12 Enabling Port Fast 20-12 Catalyst 3750 Switch Software Configuration Guide xix
... 19-24 Designating the Neighbor Type 19-25 Restarting the Protocol Migration Process 19-26 Displaying the MST Configuration and Status 19-26 Configuring Optional Spanning-Tree Features 20-1 Understanding Optional Spanning-Tree Features 20-1 Understanding Port Fast 20-2 Understanding BPDU... Guard 20-10 Understanding Root Guard 20-10 Understanding Loop Guard 20-11 Configuring Optional Spanning-Tree Features 20-11 Default Optional Spanning-Tree Configuration 20-12 Optional Spanning-Tree Configuration Guidelines 20-12 Enabling Port Fast 20-12 Catalyst 3750 Switch Software Configuration Guide xix
Configuration Guide
Page 20
... 22-3 Cisco IOS DHCP Server Database 22-6 DHCP Snooping Binding Database 22-7 DHCP Snooping and Switch Stacks 22-8 Configuring DHCP Features 22-8 Default DHCP Configuration 22-8 DHCP Snooping Configuration Guidelines 22-9 Configuring the DHCP... Server 22-10 DHCP Server and Switch Stacks 22-10 Configuring the DHCP Relay Agent 22-11 Specifying the Packet Forwarding Address 22-11 Enabling DHCP Snooping and Option 82 22-12 Catalyst 3750 Switch Software Configuration Guide...
... 22-3 Cisco IOS DHCP Server Database 22-6 DHCP Snooping Binding Database 22-7 DHCP Snooping and Switch Stacks 22-8 Configuring DHCP Features 22-8 Default DHCP Configuration 22-8 DHCP Snooping Configuration Guidelines 22-9 Configuring the DHCP... Server 22-10 DHCP Server and Switch Stacks 22-10 Configuring the DHCP Relay Agent 22-11 Specifying the Packet Forwarding Address 22-11 Enabling DHCP Snooping and Option 82 22-12 Catalyst 3750 Switch Software Configuration Guide...