Configuration Guide
Page 3
... xlvi Cisco.com xlvi Product Documentation DVD xlvi Ordering Documentation xlvi Documentation Feedback xlvii Cisco Product Security Overview xlvii Reporting Security Problems in Cisco Products xlvii Product Alerts and Field Notices xlviii Obtaining Technical Assistance xlviii Cisco Support... Availability and Redundancy Features 1-6 VLAN Features 1-7 Security Features 1-8 QoS and CoS Features 1-9 Layer 3 Features 1-11 Power over Ethernet Features 1-12 Monitoring Features 1-12 Default Settings After Initial Switch Configuration 1-12 CONTENTS Catalyst 3750 Switch Software Configuration Guide iii
... xlvi Cisco.com xlvi Product Documentation DVD xlvi Ordering Documentation xlvi Documentation Feedback xlvii Cisco Product Security Overview xlvii Reporting Security Problems in Cisco Products xlvii Product Alerts and Field Notices xlviii Obtaining Technical Assistance xlviii Cisco Support... Availability and Redundancy Features 1-6 VLAN Features 1-7 Security Features 1-8 QoS and CoS Features 1-9 Layer 3 Features 1-11 Power over Ethernet Features 1-12 Monitoring Features 1-12 Default Settings After Initial Switch Configuration 1-12 CONTENTS Catalyst 3750 Switch Software Configuration Guide iii
Configuration Guide
Page 10
...the Switch for Vendor-Proprietary RADIUS Server Communication 9-31 Displaying the RADIUS Configuration 9-31 Controlling Switch Access with Kerberos 9-32 Understanding Kerberos 9-32 Kerberos Operation 9-34 Authenticating to ...36 Configuring the Switch for Secure Shell 9-37 Understanding SSH 9-38 SSH Servers, Integrated Clients, and Supported Versions 9-38 Limitations 9-39 Configuring SSH 9-39 Configuration Guidelines ...for Secure Socket Layer HTTP 9-42 Understanding Secure HTTP Servers and Clients 9-42 Certificate Authority Trustpoints 9-42 CipherSuites 9-44 Catalyst 3750 Switch Software Configuration Guide ...
...the Switch for Vendor-Proprietary RADIUS Server Communication 9-31 Displaying the RADIUS Configuration 9-31 Controlling Switch Access with Kerberos 9-32 Understanding Kerberos 9-32 Kerberos Operation 9-34 Authenticating to ...36 Configuring the Switch for Secure Shell 9-37 Understanding SSH 9-38 SSH Servers, Integrated Clients, and Supported Versions 9-38 Limitations 9-39 Configuring SSH 9-39 Configuration Guidelines ...for Secure Socket Layer HTTP 9-42 Understanding Secure HTTP Servers and Clients 9-42 Certificate Authority Trustpoints 9-42 CipherSuites 9-44 Catalyst 3750 Switch Software Configuration Guide ...
Configuration Guide
Page 11
... IEEE 802.1x Authentication with Port Security 10-17 Using IEEE 802.1x Authentication with Wake-on-LAN 10-18 Using IEEE 802.1x Authentication with MAC Authentication Bypass 10-18 Using Network Admission Control Layer 2 IEEE 802.1x Validation 10-19 Using Multidomain Authentication 10-20 Using Web Authentication 10-21 Configuring... 10-23 IEEE 802.1x Authentication 10-23 VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication Bypass 10-24 MAC Authentication Bypass 10-25 Catalyst 3750 Switch Software Configuration Guide xi
... IEEE 802.1x Authentication with Port Security 10-17 Using IEEE 802.1x Authentication with Wake-on-LAN 10-18 Using IEEE 802.1x Authentication with MAC Authentication Bypass 10-18 Using Network Admission Control Layer 2 IEEE 802.1x Validation 10-19 Using Multidomain Authentication 10-20 Using Web Authentication 10-21 Configuring... 10-23 IEEE 802.1x Authentication 10-23 VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication Bypass 10-24 MAC Authentication Bypass 10-25 Catalyst 3750 Switch Software Configuration Guide xi
Configuration Guide
Page 12
... Configuring the Inaccessible Authentication Bypass Feature 10-37 Configuring IEEE 802.1x Authentication with WoL 10-39 Configuring MAC Authentication Bypass 10-40 Configuring NAC Layer 2 IEEE 802.1x Validation 10-41 Configuring Web Authentication 10-41 Disabling IEEE 802.1x Authentication on the Port 10-44 Resetting the IEEE 802...-6 Power over Ethernet Ports 11-6 Supported Protocols and Standards 11-7 Powered-Device Detection and Initial Power Allocation 11-7 Power Management Modes 11-8 Connecting Interfaces 11-9 Catalyst 3750 Switch Software Configuration Guide xii OL-8550-02
... Configuring the Inaccessible Authentication Bypass Feature 10-37 Configuring IEEE 802.1x Authentication with WoL 10-39 Configuring MAC Authentication Bypass 10-40 Configuring NAC Layer 2 IEEE 802.1x Validation 10-41 Configuring Web Authentication 10-41 Disabling IEEE 802.1x Authentication on the Port 10-44 Resetting the IEEE 802...-6 Power over Ethernet Ports 11-6 Supported Protocols and Standards 11-7 Powered-Device Detection and Initial Power Allocation 11-7 Power Management Modes 11-8 Connecting Interfaces 11-9 Catalyst 3750 Switch Software Configuration Guide xii OL-8550-02
Configuration Guide
Page 13
...17 Setting the Interface Speed and Duplex Parameters 11-18 Configuring IEEE 802.3x Flow Control 11-19 Configuring Auto-MDIX on an Interface 11-20 Configuring a Power Management ... to a PoE Port 11-23 Adding a Description for an Interface 11-24 Configuring Layer 3 Interfaces 11-25 Configuring the System MTU 11-27 Monitoring and Maintaining the Interfaces ...12-2 Smartports Macro Configuration Guidelines 12-3 Creating Smartports Macros 12-4 Applying Smartports Macros 12-5 Applying Cisco-Default Smartports Macros 12-6 Displaying Smartports Macros 12-8 Configuring VLANs 13-1 Understanding VLANs 13-1 ...
...17 Setting the Interface Speed and Duplex Parameters 11-18 Configuring IEEE 802.3x Flow Control 11-19 Configuring Auto-MDIX on an Interface 11-20 Configuring a Power Management ... to a PoE Port 11-23 Adding a Description for an Interface 11-24 Configuring Layer 3 Interfaces 11-25 Configuring the System MTU 11-27 Monitoring and Maintaining the Interfaces ...12-2 Smartports Macro Configuration Guidelines 12-3 Creating Smartports Macros 12-4 Applying Smartports Macros 12-5 Applying Cisco-Default Smartports Macros 12-6 Displaying Smartports Macros 12-8 Configuring VLANs 13-1 Understanding VLANs 13-1 ...
Configuration Guide
Page 14
... Displaying VLANs 13-16 Configuring VLAN Trunks 13-16 Trunking Overview 13-16 Encapsulation Types 13-18 IEEE 802.1Q Configuration Considerations 13-19 Default Layer 2 Ethernet Interface VLAN Configuration 13-19 Configuring an Ethernet Interface as a Trunk Port 13-19 Interaction with Other Features 13-20 Configuring a Trunk Port 13... VMPS 13-28 Understanding VMPS 13-28 Dynamic-Access Port VLAN Membership 13-29 Default VMPS Client Configuration 13-29 VMPS Configuration Guidelines 13-29 Catalyst 3750 Switch Software Configuration Guide xiv OL-8550-02
... Displaying VLANs 13-16 Configuring VLAN Trunks 13-16 Trunking Overview 13-16 Encapsulation Types 13-18 IEEE 802.1Q Configuration Considerations 13-19 Default Layer 2 Ethernet Interface VLAN Configuration 13-19 Configuring an Ethernet Interface as a Trunk Port 13-19 Interaction with Other Features 13-20 Configuring a Trunk Port 13... VMPS 13-28 Understanding VMPS 13-28 Dynamic-Access Port VLAN Membership 13-29 Default VMPS Client Configuration 13-29 VMPS Configuration Guidelines 13-29 Catalyst 3750 Switch Software Configuration Guide xiv OL-8550-02
Configuration Guide
Page 16
...Voice VLAN 15-3 Default Voice VLAN Configuration 15-3 Voice VLAN Configuration Guidelines 15-3 Configuring a Port Connected to a Cisco 7960 IP Phone 15-4 Configuring Cisco IP Phone Voice Traffic 15-5 Configuring the Priority of Incoming Data Frames 15-6 Displaying Voice VLAN 15-6 Configuring ...VLAN 16-10 Configuring a Layer 2 Interface as a Private-VLAN Host Port 16-12 Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port 16-13 Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface 16-14 Monitoring Private VLANs 16-15 Catalyst 3750 Switch Software Configuration Guide...
...Voice VLAN 15-3 Default Voice VLAN Configuration 15-3 Voice VLAN Configuration Guidelines 15-3 Configuring a Port Connected to a Cisco 7960 IP Phone 15-4 Configuring Cisco IP Phone Voice Traffic 15-5 Configuring the Priority of Incoming Data Frames 15-6 Displaying Voice VLAN 15-6 Configuring ...VLAN 16-10 Configuring a Layer 2 Interface as a Private-VLAN Host Port 16-12 Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port 16-13 Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface 16-14 Monitoring Private VLANs 16-15 Catalyst 3750 Switch Software Configuration Guide...
Configuration Guide
Page 17
...Other Features 17-6 Configuring an IEEE 802.1Q Tunneling Port 17-6 Understanding Layer 2 Protocol Tunneling 17-7 Configuring Layer 2 Protocol Tunneling 17-10 Default Layer 2 Protocol Tunneling Configuration 17-11 Layer 2 Protocol Tunneling Configuration Guidelines 17-12 Configuring Layer 2 Protocol Tunneling 17-13 Configuring Layer 2 Tunneling for EtherChannels 17-14 Configuring the SP Edge Switch 17-14... 18-10 Spanning-Tree Interoperability and Backward Compatibility 18-11 STP and IEEE 802.1Q Trunks 18-11 VLAN-Bridge Spanning Tree 18-11 Catalyst 3750 Switch Software Configuration Guide xvii
...Other Features 17-6 Configuring an IEEE 802.1Q Tunneling Port 17-6 Understanding Layer 2 Protocol Tunneling 17-7 Configuring Layer 2 Protocol Tunneling 17-10 Default Layer 2 Protocol Tunneling Configuration 17-11 Layer 2 Protocol Tunneling Configuration Guidelines 17-12 Configuring Layer 2 Protocol Tunneling 17-13 Configuring Layer 2 Tunneling for EtherChannels 17-14 Configuring the SP Edge Switch 17-14... 18-10 Spanning-Tree Interoperability and Backward Compatibility 18-11 STP and IEEE 802.1Q Trunks 18-11 VLAN-Bridge Spanning Tree 18-11 Catalyst 3750 Switch Software Configuration Guide xvii
Configuration Guide
Page 26
... IP ACL 32-25 Commented IP ACL Entries 32-25 ACL Logging 32-26 Creating Named MAC Extended ACLs 32-27 Applying a MAC ACL to a Layer 2 Interface 32-28 Configuring VLAN Maps 32-29 VLAN Map Configuration Guidelines 32-30 Creating a VLAN Map 32-31 Examples of ACLs and VLAN Maps... 32-34 Using VLAN Maps in Your Network 32-34 Wiring Closet Configuration 32-34 Denying Access to a Server on Another VLAN 32-35 xxvi Catalyst 3750 Switch Software Configuration Guide OL-8550-02
... IP ACL 32-25 Commented IP ACL Entries 32-25 ACL Logging 32-26 Creating Named MAC Extended ACLs 32-27 Applying a MAC ACL to a Layer 2 Interface 32-28 Configuring VLAN Maps 32-29 VLAN Map Configuration Guidelines 32-30 Creating a VLAN Map 32-31 Examples of ACLs and VLAN Maps... 32-34 Using VLAN Maps in Your Network 32-34 Wiring Closet Configuration 32-34 Denying Access to a Server on Another VLAN 32-35 xxvi Catalyst 3750 Switch Software Configuration Guide OL-8550-02
Configuration Guide
Page 29
...Interfaces 34-4 Port Aggregation Protocol 34-5 PAgP Modes 34-6 PAgP Interaction with Other Features 34-6 Link Aggregation Control Protocol 34-7 LACP Modes 34-7 LACP Interaction with Other Features 34-7 EtherChannel On Mode 34-8 Load ... EtherChannels 34-11 Default EtherChannel Configuration 34-11 EtherChannel Configuration Guidelines 34-12 Configuring Layer 2 EtherChannels 34-13 Configuring Layer 3 EtherChannels 34-15 Creating Port-Channel Logical Interfaces 34-15 Configuring the Physical ... Steps for Configuring Routing 35-5 OL-8550-02 Catalyst 3750 Switch Software Configuration Guide xxix
...Interfaces 34-4 Port Aggregation Protocol 34-5 PAgP Modes 34-6 PAgP Interaction with Other Features 34-6 Link Aggregation Control Protocol 34-7 LACP Modes 34-7 LACP Interaction with Other Features 34-7 EtherChannel On Mode 34-8 Load ... EtherChannels 34-11 Default EtherChannel Configuration 34-11 EtherChannel Configuration Guidelines 34-12 Configuring Layer 2 EtherChannels 34-13 Configuring Layer 3 EtherChannels 34-15 Creating Port-Channel Logical Interfaces 34-15 Configuring the Physical ... Steps for Configuring Routing 35-5 OL-8550-02 Catalyst 3750 Switch Software Configuration Guide xxix
Configuration Guide
Page 37
... 43-13 Monitoring SFP Module Status 43-14 Monitoring Temperature 43-14 Using Ping 43-14 Understanding Ping 43-14 Executing Ping 43-15 Using Layer 2 Traceroute 43-16 Understanding Layer 2 Traceroute 43-16 Usage Guidelines 43-16 Displaying the Physical Path 43-17 Contents OL-8550-02...
... 43-13 Monitoring SFP Module Status 43-14 Monitoring Temperature 43-14 Using Ping 43-14 Understanding Ping 43-14 Executing Ping 43-15 Using Layer 2 Traceroute 43-16 Understanding Layer 2 Traceroute 43-16 Usage Guidelines 43-16 Displaying the Physical Path 43-17 Contents OL-8550-02...
Configuration Guide
Page 43
...module. Purpose The Catalyst 3750 switch is for the networking professional managing the Catalyst 3750 switch, hereafter referred to as the enhanced multilayer image [EMI]). This guide provides procedures for this release. The IP base image provides Layer 2+ features including access control lists (ACLs), ... about the device manager, see the Cisco IOS documentation set of Ethernet and local area networking. This guide does not provide detailed information on Cisco.com. However, the concepts in this release and the Catalyst 3750 Switch Hardware Installation Guide. For ...
...module. Purpose The Catalyst 3750 switch is for the networking professional managing the Catalyst 3750 switch, hereafter referred to as the enhanced multilayer image [EMI]). This guide provides procedures for this release. The IP base image provides Layer 2+ features including access control lists (ACLs), ... about the device manager, see the Cisco IOS documentation set of Ethernet and local area networking. This guide does not provide detailed information on Cisco.com. However, the concepts in this release and the Catalyst 3750 Switch Hardware Installation Guide. For ...
Configuration Guide
Page 53
... image (formerly known as the standard multilayer image [SMI]), which provides a richer set of enterprise-class intelligent services. These features include access control lists (ACLs), quality of service (QoS), static routing, EIGRP stub routing, the Hot Standby Router Protocol (HSRP), and the Routing Information Protocol... switch ships with the IP base image installed can be upgraded to IP Version 6 (IPv6). OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 1-1 In this guide are described in the "Layer 3 Features" section on both the IP base image and IP services image.
... image (formerly known as the standard multilayer image [SMI]), which provides a richer set of enterprise-class intelligent services. These features include access control lists (ACLs), quality of service (QoS), static routing, EIGRP stub routing, the Hot Standby Router Protocol (HSRP), and the Routing Information Protocol... switch ships with the IP base image installed can be upgraded to IP Version 6 (IPv6). OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 1-1 In this guide are described in the "Layer 3 Features" section on both the IP base image and IP services image.
Configuration Guide
Page 54
...see the getting started guide. • User-defined and Cisco-default Smartports macros for creating custom switch configurations for simplified deployment...Simple Network Management Protocol (SNMP) information through a web browser. Catalyst 3750 Switch Software Configuration Guide 1-2 OL-8550-02 Features Chapter 1...For full IPv6 support, including IPv6 routing and access control lists (ACLs), the advanced IP services image is ...and IP services images) • QoS and CoS Features, page 1-9 • Layer 3 Features, page 1-11 (includes features requiring the IP services image) • ...
...see the getting started guide. • User-defined and Cisco-default Smartports macros for creating custom switch configurations for simplified deployment...Simple Network Management Protocol (SNMP) information through a web browser. Catalyst 3750 Switch Software Configuration Guide 1-2 OL-8550-02 Features Chapter 1...For full IPv6 support, including IPv6 routing and access control lists (ACLs), the advanced IP services image is ...and IP services images) • QoS and CoS Features, page 1-9 • Layer 3 Features, page 1-11 (includes features requiring the IP services image) • ...
Configuration Guide
Page 56
... at Gigabit line rate across the switches in the stack • Per-port storm control for preventing broadcast, multicast, and unicast storms • Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast traffic • Cisco Group Management Protocol (CGMP) server support and Internet Group Management Protocol (IGMP) snooping ... the leave latency for the network • Switch Database Management (SDM) templates for allocating system resources to maximize support for user-selected features Catalyst 3750 Switch Software Configuration Guide 1-4 OL-8550-02
... at Gigabit line rate across the switches in the stack • Per-port storm control for preventing broadcast, multicast, and unicast storms • Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast traffic • Cisco Group Management Protocol (CGMP) server support and Internet Group Management Protocol (IGMP) snooping ... the leave latency for the network • Switch Database Management (SDM) templates for allocating system resources to maximize support for user-selected features Catalyst 3750 Switch Software Configuration Guide 1-4 OL-8550-02
Configuration Guide
Page 58
... Catalyst 3750G Integrated Wireless LAN Controller Switch only, an integrated Catalyst 3750 switch and Cisco 4400 series wireless LAN controller that supports up to 25 or 50 lightweight access points Availability and Redundancy Features These are the availability and redundancy features: • HSRP for command switch and Layer ...support) The newly elected stack master begins accepting Layer 2 traffic in less than 1 second and Layer 3 traffic between redundant uplinks, including Gigabit uplinks and cross-stack Gigabit uplinks Catalyst 3750 Switch Software Configuration Guide 1-6 OL-8550-02...
... Catalyst 3750G Integrated Wireless LAN Controller Switch only, an integrated Catalyst 3750 switch and Cisco 4400 series wireless LAN controller that supports up to 25 or 50 lightweight access points Availability and Redundancy Features These are the availability and redundancy features: • HSRP for command switch and Layer ...support) The newly elected stack master begins accepting Layer 2 traffic in less than 1 second and Layer 3 traffic between redundant uplinks, including Gigabit uplinks and cross-stack Gigabit uplinks Catalyst 3750 Switch Software Configuration Guide 1-6 OL-8550-02...
Configuration Guide
Page 59
...ports that carry upstream traffic from connected hosts and servers, and to allow Layer 2 ports to be isolated from Cisco IP Phones • VLAN 1 minimization for reducing the risk of broadcast ...forwarding delay by allowing VLAN 1 to be disabled on the switch OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 1-7 Loop guard for preventing alternate or root ports from...The switch CPU continues to send and receive control protocol frames. • Private VLANs to address VLAN scalability problems, to provide a more controlled IP address allocation, and to allow the failover...
...ports that carry upstream traffic from connected hosts and servers, and to allow Layer 2 ports to be isolated from Cisco IP Phones • VLAN 1 minimization for reducing the risk of broadcast ...forwarding delay by allowing VLAN 1 to be disabled on the switch OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 1-7 Loop guard for preventing alternate or root ports from...The switch CPU continues to send and receive control protocol frames. • Private VLANs to address VLAN scalability problems, to provide a more controlled IP address allocation, and to allow the failover...
Configuration Guide
Page 60
... and VTP information about all users • Layer 2 point-to-point tunneling to facilitate the automatic creation of EtherChannels • Layer 2 protocol tunneling bypass feature to provide interoperability ...-authenticated users to IEEE 802.1x ports Catalyst 3750 Switch Software Configuration Guide 1-8 OL-8550-02 These features are supported: - VLAN assignment for controlling access to a specified VLAN - Multidomain ...in both a data device and a voice device, such as an IP phone (Cisco or non-Cisco), to independently authenticate on a port • BPDU guard for shutting down a ...
... and VTP information about all users • Layer 2 point-to-point tunneling to facilitate the automatic creation of EtherChannels • Layer 2 protocol tunneling bypass feature to provide interoperability ...-authenticated users to IEEE 802.1x ports Catalyst 3750 Switch Software Configuration Guide 1-8 OL-8550-02 These features are supported: - VLAN assignment for controlling access to a specified VLAN - Multidomain ...in both a data device and a voice device, such as an IP phone (Cisco or non-Cisco), to independently authenticate on a port • BPDU guard for shutting down a ...
Configuration Guide
Page 61
...access. For information about configuring NAC Layer 2 IP validation, see the "Configuring the Inaccessible Authentication Bypass Feature" section on the client MAC address. • Network Admission Control (NAC) features: - Voice VLAN to permit a Cisco IP Phone to authorize clients based... integrity and HTTP client authentication to allow dormant PCs to be powered on based on an individual-switch basis OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 1-9 Chapter 1 Overview Features - For information about this feature, see the Network Admission Control ...
...access. For information about configuring NAC Layer 2 IP validation, see the "Configuring the Inaccessible Authentication Bypass Feature" section on the client MAC address. • Network Admission Control (NAC) features: - Voice VLAN to permit a Cisco IP Phone to authorize clients based... integrity and HTTP client authentication to allow dormant PCs to be powered on based on an individual-switch basis OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 1-9 Chapter 1 Overview Features - For information about this feature, see the Network Admission Control ...
Configuration Guide
Page 63
OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 1-11 OSPF (requires the IP services ... interfaces (requires the advanced IP services image) • Nonstop forwarding (NSF) awareness to enable the Layer 3 switch to continue forwarding packets from an NSF-capable neighboring router when the primary route processor (RP...routing table of network path information • Equal-cost routing for load balancing and redundancy • Internet Control Message Protocol (ICMP) and ICMP Router Discovery Protocol (IRDP) for using router advertisement and router solicitation messages...
OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 1-11 OSPF (requires the IP services ... interfaces (requires the advanced IP services image) • Nonstop forwarding (NSF) awareness to enable the Layer 3 switch to continue forwarding packets from an NSF-capable neighboring router when the primary route processor (RP...routing table of network path information • Equal-cost routing for load balancing and redundancy • Internet Control Message Protocol (ICMP) and ICMP Router Discovery Protocol (IRDP) for using router advertisement and router solicitation messages...