Configuration Guide
Page 1
Catalyst 3750 Switch Software Configuration Guide Cisco IOS Release 12.2(35)SE December 2006 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: OL-8550-02
Catalyst 3750 Switch Software Configuration Guide Cisco IOS Release 12.2(35)SE December 2006 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: OL-8550-02
Configuration Guide
Page 2
.... and/or its affiliates in illustrative content is unintentional and coincidental. Catalyst 3750 Switch Software Configuration Guide Copyright © 2004-2006 Cisco Systems, Inc. All rights reserved. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. CCVP, the Cisco Logo, and the Cisco Square Bridge logo are registered trademarks of their respective owners. Any...
.... and/or its affiliates in illustrative content is unintentional and coincidental. Catalyst 3750 Switch Software Configuration Guide Copyright © 2004-2006 Cisco Systems, Inc. All rights reserved. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. CCVP, the Cisco Logo, and the Cisco Square Bridge logo are registered trademarks of their respective owners. Any...
Configuration Guide
Page 3
...Related Publications xliv Obtaining Documentation xlvi Cisco.com xlvi Product Documentation DVD xlvi Ordering Documentation xlvi Documentation Feedback xlvii Cisco Product Security Overview xlvii Reporting Security Problems in Cisco Products xlvii Product Alerts and Field Notices xlviii Obtaining Technical Assistance xlviii Cisco Support Website xlviii Submitting a ... 1-8 QoS and CoS Features 1-9 Layer 3 Features 1-11 Power over Ethernet Features 1-12 Monitoring Features 1-12 Default Settings After Initial Switch Configuration 1-12 CONTENTS Catalyst 3750 Switch Software Configuration Guide iii
...Related Publications xliv Obtaining Documentation xlvi Cisco.com xlvi Product Documentation DVD xlvi Ordering Documentation xlvi Documentation Feedback xlvii Cisco Product Security Overview xlvii Reporting Security Problems in Cisco Products xlvii Product Alerts and Field Notices xlviii Obtaining Technical Assistance xlviii Cisco Support Website xlviii Submitting a ... 1-8 QoS and CoS Features 1-9 Layer 3 Features 1-11 Power over Ethernet Features 1-12 Monitoring Features 1-12 Default Settings After Initial Switch Configuration 1-12 CONTENTS Catalyst 3750 Switch Software Configuration Guide iii
Configuration Guide
Page 4
Contents 2 C H A P T E R 3 C H A P T E R Network Configuration Examples 1-15 Design Concepts for Using the Switch 1-16 Small to Medium-Sized Network Using Catalyst 3750 Switches 1-21 Large Network Using Catalyst 3750 Switches 1-23 Multidwelling Network Using Catalyst 3750 Switches 1-25 Long-Distance, High-Bandwidth Transport Configuration 1-26 Where to Go Next 1-27 Using the Command-Line Interface 2-1 Understanding Command Modes 2-1 Understanding the Help System 2-3 ...
Contents 2 C H A P T E R 3 C H A P T E R Network Configuration Examples 1-15 Design Concepts for Using the Switch 1-16 Small to Medium-Sized Network Using Catalyst 3750 Switches 1-21 Large Network Using Catalyst 3750 Switches 1-23 Multidwelling Network Using Catalyst 3750 Switches 1-25 Long-Distance, High-Bandwidth Transport Configuration 1-26 Where to Go Next 1-27 Using the Command-Line Interface 2-1 Understanding Command Modes 2-1 Understanding the Help System 2-3 ...
Configuration Guide
Page 5
... Configuring Cisco IOS CNS Agents 4-1 Understanding Cisco Configuration Engine Software 4-1 Configuration Service 4-2 Event Service 4-3 NameSpace Mapper 4-3 What You Should Know About the CNS IDs and Device Hostnames 4-3 ConfigID 4-3 DeviceID 4-4 Hostname and DeviceID 4-4 Using Hostname, DeviceID, and ConfigID 4-4 Understanding Cisco IOS Agents 4-5 Initial Configuration 4-5 Incremental (Partial) Configuration 4-6 Synchronized Configuration 4-6 OL-8550-02 Catalyst 3750 Switch Software Configuration...
... Configuring Cisco IOS CNS Agents 4-1 Understanding Cisco Configuration Engine Software 4-1 Configuration Service 4-2 Event Service 4-3 NameSpace Mapper 4-3 What You Should Know About the CNS IDs and Device Hostnames 4-3 ConfigID 4-3 DeviceID 4-4 Hostname and DeviceID 4-4 Using Hostname, DeviceID, and ConfigID 4-4 Understanding Cisco IOS Agents 4-5 Initial Configuration 4-5 Incremental (Partial) Configuration 4-6 Synchronized Configuration 4-6 OL-8550-02 Catalyst 3750 Switch Software Configuration...
Configuration Guide
Page 6
... System-Wide Configuration on Switch Stacks 5-15 Switch Stack Management Connectivity 5-16 Connectivity to the Switch Stack Through an IP Address 5-16 Connectivity to the Switch Stack Through an SSH Session 5-16 Connectivity to the Switch Stack Through Console Ports 5-16 Connectivity to Specific Stack Members 5-17 Switch Stack Configuration Scenarios 5-17 Catalyst 3750 Switch Software Configuration Guide vi...
... System-Wide Configuration on Switch Stacks 5-15 Switch Stack Management Connectivity 5-16 Connectivity to the Switch Stack Through an IP Address 5-16 Connectivity to the Switch Stack Through an SSH Session 5-16 Connectivity to the Switch Stack Through Console Ports 5-16 Connectivity to Specific Stack Members 5-17 Switch Stack Configuration Scenarios 5-17 Catalyst 3750 Switch Software Configuration Guide vi...
Configuration Guide
Page 7
... Configuration 6-12 IP Addresses 6-13 Hostnames 6-13 Passwords 6-14 SNMP Community Strings 6-14 Switch Clusters and Switch Stacks 6-15 TACACS+ and RADIUS 6-16 LRE Profiles 6-16 Using the CLI to Manage Switch Clusters 6-16 Catalyst 1900 and Catalyst 2820 CLI Considerations 6-17 Using SNMP to Manage Switch Clusters 6-17 OL-8550-02 Catalyst 3750 Switch Software Configuration Guide vii
... Configuration 6-12 IP Addresses 6-13 Hostnames 6-13 Passwords 6-14 SNMP Community Strings 6-14 Switch Clusters and Switch Stacks 6-15 TACACS+ and RADIUS 6-16 LRE Profiles 6-16 Using the CLI to Manage Switch Clusters 6-16 Catalyst 1900 and Catalyst 2820 CLI Considerations 6-17 Using SNMP to Manage Switch Clusters 6-17 OL-8550-02 Catalyst 3750 Switch Software Configuration Guide vii
Configuration Guide
Page 8
Contents 7 C H A P T E R Administering the Switch 7-1 Managing the System Time and Date 7-1 Understanding the System Clock 7-1 Understanding Network Time Protocol 7-2 Configuring NTP 7-3 Default NTP Configuration 7-4 Configuring NTP ...and Switch Stacks 7-21 Default MAC Address Table Configuration 7-21 Changing the Address Aging Time 7-21 Removing Dynamic Address Entries 7-22 Configuring MAC Address Notification Traps 7-22 Adding and Removing Static Address Entries 7-24 Configuring Unicast MAC Address Filtering 7-25 Displaying Address Table Entries 7-27 Catalyst 3750 Switch Software...
Contents 7 C H A P T E R Administering the Switch 7-1 Managing the System Time and Date 7-1 Understanding the System Clock 7-1 Understanding Network Time Protocol 7-2 Configuring NTP 7-3 Default NTP Configuration 7-4 Configuring NTP ...and Switch Stacks 7-21 Default MAC Address Table Configuration 7-21 Changing the Address Aging Time 7-21 Removing Dynamic Address Entries 7-22 Configuring MAC Address Notification Traps 7-22 Adding and Removing Static Address Entries 7-24 Configuring Unicast MAC Address Filtering 7-25 Displaying Address Table Entries 7-27 Catalyst 3750 Switch Software...
Configuration Guide
Page 9
...Configuring Multiple Privilege Levels 9-7 Setting the Privilege Level for a Command 9-8 Changing the Default Privilege Level for Lines 9-9 Logging into and Exiting a Privilege Level 9-9 Controlling Switch Access with TACACS+ 9-10 Understanding TACACS+ 9-10 TACACS+ Operation 9-12 Configuring TACACS+ 9-12 Default TACACS+ Configuration 9-13 Identifying the TACACS+ Server Host and Setting...+ Authorization for Privileged EXEC Access and Network Services 9-16 Starting TACACS+ Accounting 9-17 Displaying the TACACS+ Configuration 9-17 OL-8550-02 Catalyst 3750 Switch Software Configuration Guide ix
...Configuring Multiple Privilege Levels 9-7 Setting the Privilege Level for a Command 9-8 Changing the Default Privilege Level for Lines 9-9 Logging into and Exiting a Privilege Level 9-9 Controlling Switch Access with TACACS+ 9-10 Understanding TACACS+ 9-10 TACACS+ Operation 9-12 Configuring TACACS+ 9-12 Default TACACS+ Configuration 9-13 Identifying the TACACS+ Server Host and Setting...+ Authorization for Privileged EXEC Access and Network Services 9-16 Starting TACACS+ Accounting 9-17 Displaying the TACACS+ Configuration 9-17 OL-8550-02 Catalyst 3750 Switch Software Configuration Guide ix
Configuration Guide
Page 10
... 9-39 Configuration Guidelines 9-39 Setting Up the Switch to Run SSH 9-40 Configuring the SSH Server 9-41 Displaying the SSH Configuration and Status 9-41 Configuring the Switch for Secure Socket Layer HTTP 9-42 Understanding Secure HTTP Servers and Clients 9-42 Certificate Authority Trustpoints 9-42 CipherSuites 9-44 Catalyst 3750 Switch Software Configuration Guide x OL-8550-02
... 9-39 Configuration Guidelines 9-39 Setting Up the Switch to Run SSH 9-40 Configuring the SSH Server 9-41 Displaying the SSH Configuration and Status 9-41 Configuring the Switch for Secure Socket Layer HTTP 9-42 Understanding Secure HTTP Servers and Clients 9-42 Certificate Authority Trustpoints 9-42 CipherSuites 9-44 Catalyst 3750 Switch Software Configuration Guide x OL-8550-02
Configuration Guide
Page 11
... Server 9-46 Configuring the Secure HTTP Client 9-47 Displaying Secure HTTP Server and Client Status 9-48 Configuring the Switch for Secure Copy Protocol 9-48 Information About Secure Copy 9-49 Configuring IEEE 802.1x Port-Based Authentication 10-1 ... 10-17 Using IEEE 802.1x Authentication with Wake-on-LAN 10-18 Using IEEE 802.1x Authentication with MAC Authentication Bypass 10-18 Using Network Admission Control Layer 2 IEEE 802.1x Validation 10-19 Using Multidomain..., and Inaccessible Authentication Bypass 10-24 MAC Authentication Bypass 10-25 Catalyst 3750 Switch Software Configuration Guide xi
... Server 9-46 Configuring the Secure HTTP Client 9-47 Displaying Secure HTTP Server and Client Status 9-48 Configuring the Switch for Secure Copy Protocol 9-48 Information About Secure Copy 9-49 Configuring IEEE 802.1x Port-Based Authentication 10-1 ... 10-17 Using IEEE 802.1x Authentication with Wake-on-LAN 10-18 Using IEEE 802.1x Authentication with MAC Authentication Bypass 10-18 Using Network Admission Control Layer 2 IEEE 802.1x Validation 10-19 Using Multidomain..., and Inaccessible Authentication Bypass 10-24 MAC Authentication Bypass 10-25 Catalyst 3750 Switch Software Configuration Guide xi
Configuration Guide
Page 12
...Authenticating a Client Connected to a Port 10-30 Changing the Quiet Period 10-31 Changing the Switch-to-Client Retransmission Time 10-31 Setting the Switch-to-Client Frame-Retransmission Number 10-32 Setting the Re-Authentication Number 10-32 Configuring IEEE 802...Ports 11-4 Switch Virtual Interfaces 11-5 EtherChannel Port Groups 11-6 10-Gigabit Ethernet Interfaces 11-6 Power over Ethernet Ports 11-6 Supported Protocols and Standards 11-7 Powered-Device Detection and Initial Power Allocation 11-7 Power Management Modes 11-8 Connecting Interfaces 11-9 Catalyst 3750 Switch Software Configuration...
...Authenticating a Client Connected to a Port 10-30 Changing the Quiet Period 10-31 Changing the Switch-to-Client Retransmission Time 10-31 Setting the Switch-to-Client Frame-Retransmission Number 10-32 Setting the Re-Authentication Number 10-32 Configuring IEEE 802...Ports 11-4 Switch Virtual Interfaces 11-5 EtherChannel Port Groups 11-6 10-Gigabit Ethernet Interfaces 11-6 Power over Ethernet Ports 11-6 Supported Protocols and Standards 11-7 Powered-Device Detection and Initial Power Allocation 11-7 Power Management Modes 11-8 Connecting Interfaces 11-9 Catalyst 3750 Switch Software Configuration...
Configuration Guide
Page 13
... Speed and Duplex Configuration Guidelines 11-17 Setting the Interface Speed and Duplex Parameters 11-18 Configuring IEEE 802.3x Flow Control 11-19 Configuring Auto-MDIX on an Interface 11-20 Configuring a Power Management Mode on a PoE Port 11-21 ...Configuration Guidelines 12-3 Creating Smartports Macros 12-4 Applying Smartports Macros 12-5 Applying Cisco-Default Smartports Macros 12-6 Displaying Smartports Macros 12-8 Configuring VLANs 13-1 Understanding VLANs 13-1 Supported VLANs 13-2 VLAN Port Membership Modes 13-3 Contents OL-8550-02 Catalyst 3750 Switch Software Configuration Guide xiii
... Speed and Duplex Configuration Guidelines 11-17 Setting the Interface Speed and Duplex Parameters 11-18 Configuring IEEE 802.3x Flow Control 11-19 Configuring Auto-MDIX on an Interface 11-20 Configuring a Power Management Mode on a PoE Port 11-21 ...Configuration Guidelines 12-3 Creating Smartports Macros 12-4 Applying Smartports Macros 12-5 Applying Cisco-Default Smartports Macros 12-6 Displaying Smartports Macros 12-8 Configuring VLANs 13-1 Understanding VLANs 13-1 Supported VLANs 13-2 VLAN Port Membership Modes 13-3 Contents OL-8550-02 Catalyst 3750 Switch Software Configuration Guide xiii
Configuration Guide
Page 14
... VMPS 13-28 Understanding VMPS 13-28 Dynamic-Access Port VLAN Membership 13-29 Default VMPS Client Configuration 13-29 VMPS Configuration Guidelines 13-29 Catalyst 3750 Switch Software Configuration Guide xiv OL-8550-02
... VMPS 13-28 Understanding VMPS 13-28 Dynamic-Access Port VLAN Membership 13-29 Default VMPS Client Configuration 13-29 VMPS Configuration Guidelines 13-29 Catalyst 3750 Switch Software Configuration Guide xiv OL-8550-02
Configuration Guide
Page 15
...Configuring VTP 14-1 Understanding VTP 14-1 The VTP Domain 14-2 VTP Modes 14-3 VTP Advertisements 14-3 VTP Version 2 14-4 VTP Pruning 14-4 VTP and Switch Stacks 14-6 Configuring VTP 14-6 Default VTP Configuration 14-7 VTP Configuration Options 14-7 VTP Configuration in Global Configuration Mode 14-7 VTP Configuration in VLAN Database... a VTP Client 14-11 Disabling VTP (VTP Transparent Mode) 14-12 Enabling VTP Version 2 14-13 Enabling VTP Pruning 14-14 Adding a VTP Client Switch to a VTP Domain 14-14 Monitoring VTP 14-16 Contents OL-8550-02 Catalyst 3750 Switch Software Configuration Guide xv
...Configuring VTP 14-1 Understanding VTP 14-1 The VTP Domain 14-2 VTP Modes 14-3 VTP Advertisements 14-3 VTP Version 2 14-4 VTP Pruning 14-4 VTP and Switch Stacks 14-6 Configuring VTP 14-6 Default VTP Configuration 14-7 VTP Configuration Options 14-7 VTP Configuration in Global Configuration Mode 14-7 VTP Configuration in VLAN Database... a VTP Client 14-11 Disabling VTP (VTP Transparent Mode) 14-12 Enabling VTP Version 2 14-13 Enabling VTP Pruning 14-14 Adding a VTP Client Switch to a VTP Domain 14-14 Monitoring VTP 14-16 Contents OL-8550-02 Catalyst 3750 Switch Software Configuration Guide xv
Configuration Guide
Page 16
... Phone Data Traffic 15-2 Configuring Voice VLAN 15-3 Default Voice VLAN Configuration 15-3 Voice VLAN Configuration Guidelines 15-3 Configuring a Port Connected to a Cisco 7960 IP Phone 15-4 Configuring Cisco IP Phone Voice Traffic 15-5 Configuring the Priority of Incoming Data Frames 15-6 Displaying Voice VLAN 15-6 Configuring Private VLANs 16-1 Understanding Private... a Layer 2 Interface as a Private-VLAN Promiscuous Port 16-13 Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface 16-14 Monitoring Private VLANs 16-15 Catalyst 3750 Switch Software Configuration Guide xvi OL-8550-02
... Phone Data Traffic 15-2 Configuring Voice VLAN 15-3 Default Voice VLAN Configuration 15-3 Voice VLAN Configuration Guidelines 15-3 Configuring a Port Connected to a Cisco 7960 IP Phone 15-4 Configuring Cisco IP Phone Voice Traffic 15-5 Configuring the Priority of Incoming Data Frames 15-6 Displaying Voice VLAN 15-6 Configuring Private VLANs 16-1 Understanding Private... a Layer 2 Interface as a Private-VLAN Promiscuous Port 16-13 Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface 16-14 Monitoring Private VLANs 16-15 Catalyst 3750 Switch Software Configuration Guide xvi OL-8550-02
Configuration Guide
Page 17
...Protocol Tunneling 17-13 Configuring Layer 2 Tunneling for EtherChannels 17-14 Configuring the SP Edge Switch 17-14 Configuring the Customer Switch 17-16 Monitoring and Maintaining Tunneling Status 17-18 Configuring STP 18-1 Understanding Spanning-Tree Features... 18-1 STP Overview 18-2 Spanning-Tree Topology and BPDUs 18-3 Bridge ID, Switch Priority, and Extended System ID 18-4 Spanning-Tree Interface States 18-5 Blocking State 18-7 Listening State 18-7 ... Trunks 18-11 VLAN-Bridge Spanning Tree 18-11 Catalyst 3750 Switch Software Configuration Guide xvii
...Protocol Tunneling 17-13 Configuring Layer 2 Tunneling for EtherChannels 17-14 Configuring the SP Edge Switch 17-14 Configuring the Customer Switch 17-16 Monitoring and Maintaining Tunneling Status 17-18 Configuring STP 18-1 Understanding Spanning-Tree Features... 18-1 STP Overview 18-2 Spanning-Tree Topology and BPDUs 18-3 Bridge ID, Switch Priority, and Extended System ID 18-4 Spanning-Tree Interface States 18-5 Blocking State 18-7 Listening State 18-7 ... Trunks 18-11 VLAN-Bridge Spanning Tree 18-11 Catalyst 3750 Switch Software Configuration Guide xvii
Configuration Guide
Page 18
...Tree Mode. 18-15 Disabling Spanning Tree 18-16 Configuring the Root Switch 18-16 Configuring a Secondary Root Switch 18-18 Configuring Port Priority 18-18 Configuring Path Cost 18-20 Configuring the Switch Priority of a VLAN 18-21 Configuring Spanning-Tree Timers 18-22 ... and Standard Switches 19-7 Detecting Unidirectional Link Failure 19-8 MSTP and Switch Stacks 19-8 Interoperability with IEEE 802.1D STP 19-9 Understanding RSTP 19-9 Port Roles and the Active Topology 19-9 Rapid Convergence 19-10 Synchronization of Port Roles 19-11 xviii Catalyst 3750 Switch Software Configuration Guide...
...Tree Mode. 18-15 Disabling Spanning Tree 18-16 Configuring the Root Switch 18-16 Configuring a Secondary Root Switch 18-18 Configuring Port Priority 18-18 Configuring Path Cost 18-20 Configuring the Switch Priority of a VLAN 18-21 Configuring Spanning-Tree Timers 18-22 ... and Standard Switches 19-7 Detecting Unidirectional Link Failure 19-8 MSTP and Switch Stacks 19-8 Interoperability with IEEE 802.1D STP 19-9 Understanding RSTP 19-9 Port Roles and the Active Topology 19-9 Rapid Convergence 19-10 Synchronization of Port Roles 19-11 xviii Catalyst 3750 Switch Software Configuration Guide...
Configuration Guide
Page 19
... Guidelines 19-15 Specifying the MST Region Configuration and Enabling MSTP 19-16 Configuring the Root Switch 19-17 Configuring a Secondary Root Switch 19-19 Configuring Port Priority 19-19 Configuring Path Cost 19-21 Configuring the Switch Priority 19-22 Configuring the Hello Time 19-22 Configuring the Forwarding-Delay Time 19... Optional Spanning-Tree Features 20-11 Default Optional Spanning-Tree Configuration 20-12 Optional Spanning-Tree Configuration Guidelines 20-12 Enabling Port Fast 20-12 Catalyst 3750 Switch Software Configuration Guide xix
... Guidelines 19-15 Specifying the MST Region Configuration and Enabling MSTP 19-16 Configuring the Root Switch 19-17 Configuring a Secondary Root Switch 19-19 Configuring Port Priority 19-19 Configuring Path Cost 19-21 Configuring the Switch Priority 19-22 Configuring the Hello Time 19-22 Configuring the Forwarding-Delay Time 19... Optional Spanning-Tree Features 20-11 Default Optional Spanning-Tree Configuration 20-12 Optional Spanning-Tree Configuration Guidelines 20-12 Enabling Port Fast 20-12 Catalyst 3750 Switch Software Configuration Guide xix
Configuration Guide
Page 20
... DHCP Server 22-2 DHCP Relay Agent 22-2 DHCP Snooping 22-2 Option-82 Data Insertion 22-3 Cisco IOS DHCP Server Database 22-6 DHCP Snooping Binding Database 22-7 DHCP Snooping and Switch Stacks 22-8 Configuring DHCP Features 22-8 Default DHCP Configuration 22-8 DHCP Snooping Configuration Guidelines 22-9 ...Configuring the DHCP Server 22-10 DHCP Server and Switch Stacks 22-10 Configuring the DHCP Relay Agent 22-11 Specifying the Packet Forwarding Address 22-11 Enabling DHCP Snooping and Option 82 22-12 Catalyst 3750 Switch Software Configuration Guide xx OL-8550-02
... DHCP Server 22-2 DHCP Relay Agent 22-2 DHCP Snooping 22-2 Option-82 Data Insertion 22-3 Cisco IOS DHCP Server Database 22-6 DHCP Snooping Binding Database 22-7 DHCP Snooping and Switch Stacks 22-8 Configuring DHCP Features 22-8 Default DHCP Configuration 22-8 DHCP Snooping Configuration Guidelines 22-9 ...Configuring the DHCP Server 22-10 DHCP Server and Switch Stacks 22-10 Configuring the DHCP Relay Agent 22-11 Specifying the Packet Forwarding Address 22-11 Enabling DHCP Snooping and Option 82 22-12 Catalyst 3750 Switch Software Configuration Guide xx OL-8550-02