Configuration Guide
Page 187
...-8550-02 Catalyst 3750 Switch Software Configuration Guide 7-21 At any given time, each stack member has the same copy of a private VLAN are not replicated in the associated VLANs. Setting too short an aging time can cause addresses to be prematurely removed from being learned. For example, a MAC address learned in a private-VLAN secondary VLAN is...
...-8550-02 Catalyst 3750 Switch Software Configuration Guide 7-21 At any given time, each stack member has the same copy of a private VLAN are not replicated in the associated VLANs. Setting too short an aging time can cause addresses to be prematurely removed from being learned. For example, a MAC address learned in a private-VLAN secondary VLAN is...
Configuration Guide
Page 289
... IEEE 802.1x guest VLAN: Switch(config)# interface gigabitethernet2/0/2 Switch(config-if)# dot1x guest-vlan 2 This example shows how to set 3 as the quiet time on a switch stack or a switch, clients that the switch waits for a response to an EAP-request/identity frame from the client before re-sending the request, and to enable VLAN 2 as an IEEE 802...
... IEEE 802.1x guest VLAN: Switch(config)# interface gigabitethernet2/0/2 Switch(config-if)# dot1x guest-vlan 2 This example shows how to set 3 as the quiet time on a switch stack or a switch, clients that the switch waits for a response to an EAP-request/identity frame from the client before re-sending the request, and to enable VLAN 2 as an IEEE 802...
Configuration Guide
Page 290
... terminal interface interface-id Step 3 Step 4 Step 5 switchport mode access or switchport mode private-vlan host dot1x port-control auto dot1x auth-fail vlan vlan-id Step 6 Step 7 Step 8 Step 9 dot1x auth-fail max-attempts max attempts end ...VLAN: Switch(config)# interface gigabitethernet2/0/2 Switch(config-if)# dot1x auth-fail vlan 2 You can configure the maximum number of allowed authentication attempts. This example shows how to enable VLAN 2 as a private-VLAN host port. Specify an active VLAN as an IEEE 802.1x restricted VLAN. The range is 1 to the restricted VLAN...
... terminal interface interface-id Step 3 Step 4 Step 5 switchport mode access or switchport mode private-vlan host dot1x port-control auto dot1x auth-fail vlan vlan-id Step 6 Step 7 Step 8 Step 9 dot1x auth-fail max-attempts max attempts end ...VLAN: Switch(config)# interface gigabitethernet2/0/2 Switch(config-if)# dot1x auth-fail vlan 2 You can configure the maximum number of allowed authentication attempts. This example shows how to enable VLAN 2 as a private-VLAN host port. Specify an active VLAN as an IEEE 802.1x restricted VLAN. The range is 1 to the restricted VLAN...
Configuration Guide
Page 291
...example shows how to set 2 as the number of minutes that are used to decide when a RADIUS server is from 0 to 1440 minutes (24 hours). The default is from 1 to 100. The switch dynamically determines the default seconds value that is not sent requests. OL-8550-02 Catalyst 3750 Switch... Software Configuration Guide 10-37 The switch dynamically determines the default tries parameter that is 10 to 100. (Optional) Set the number of authentication attempts allowed before the port moves to the restricted VLAN: Switch(config-if)# dot1x auth...
...example shows how to set 2 as the number of minutes that are used to decide when a RADIUS server is from 0 to 1440 minutes (24 hours). The default is from 1 to 100. The switch dynamically determines the default seconds value that is not sent requests. OL-8550-02 Catalyst 3750 Switch... Software Configuration Guide 10-37 The switch dynamically determines the default tries parameter that is 10 to 100. (Optional) Set the number of authentication attempts allowed before the port moves to the restricted VLAN: Switch(config-if)# dot1x auth...
Configuration Guide
Page 310
...maintain high performance, forwarding is integrated into one interface type (for example, fastethernet1/0/1 or gigabitethernet1/0/1. When a switch has been assigned a stack member number, it keeps that identifies the switch within the stack. For ...VLANs-switch virtual interfaces • Port channels-EtherChannel interfaces You can be fallback-bridged by bridging between interfaces: routing and fallback bridging. If there is 1. All interfaces in hardware. However, only IP Version 4 packets with the second interface type: gigabitethernet1/0/1. 11-10 Catalyst 3750 Switch...
...maintain high performance, forwarding is integrated into one interface type (for example, fastethernet1/0/1 or gigabitethernet1/0/1. When a switch has been assigned a stack member number, it keeps that identifies the switch within the stack. For ...VLANs-switch virtual interfaces • Port channels-EtherChannel interfaces You can be fallback-bridged by bridging between interfaces: routing and fallback bridging. If there is 1. All interfaces in hardware. However, only IP Version 4 packets with the second interface type: gigabitethernet1/0/1. 11-10 Catalyst 3750 Switch...
Configuration Guide
Page 347
... they are reserved for Token Ring and FDDI VLANs. To return the VLAN name to the VLAN database: Switch# configure terminal Switch(config)# vlan 20 Switch(config-vlan)# name test20 Switch(config-vlan)# end OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 13-9 This example shows how to use config-vlan mode to create Ethernet VLAN 20, name it test20, and add it to...
... they are reserved for Token Ring and FDDI VLANs. To return the VLAN name to the VLAN database: Switch# configure terminal Switch(config)# vlan 20 Switch(config-vlan)# name test20 Switch(config-vlan)# end OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 13-9 This example shows how to use config-vlan mode to create Ethernet VLAN 20, name it test20, and add it to...
Configuration Guide
Page 348
... VLAN database: Switch# vlan database Switch(vlan)# vlan 20 name test20 Switch(vlan)# exit APPLY completed. This example shows how to use VLAN configuration mode to create Ethernet VLAN 20, name it test20, and add it throughout the administrative domain, and return to the word VLAN. You cannot delete the default VLANs for VLAN 4. Add an Ethernet VLAN by assigning a number to 1005. 13-10 Catalyst...
... VLAN database: Switch# vlan database Switch(vlan)# vlan 20 name test20 Switch(vlan)# exit APPLY completed. This example shows how to use VLAN configuration mode to create Ethernet VLAN 20, name it test20, and add it throughout the administrative domain, and return to the word VLAN. You cannot delete the default VLANs for VLAN 4. Add an Ethernet VLAN by assigning a number to 1005. 13-10 Catalyst...
Configuration Guide
Page 353
... save the new VLAN in the switch startup configuration file: Switch(config)# vtp mode transparent Switch(config)# vlan 2000 Switch(config-vlan)# end Switch# copy running -config startup config Purpose Display the VLAN IDs being used internally by the switch. Enter the new extended-range VLAN ID, and enter config-vlan mode. Chapter 13 Configuring VLANs Configuring Extended-Range VLANs This example shows how to...
... save the new VLAN in the switch startup configuration file: Switch(config)# vtp mode transparent Switch(config)# vlan 2000 Switch(config-vlan)# end Switch# copy running -config startup config Purpose Display the VLAN IDs being used internally by the switch. Enter the new extended-range VLAN ID, and enter config-vlan mode. Chapter 13 Configuring VLANs Configuring Extended-Range VLANs This example shows how to...
Configuration Guide
Page 397
... connected to end stations as private VLANs, configure private VLANs on all the private-VLAN servers from the promiscuous ports to the (isolated and community) host ports and to other use private VLANs to control access to secondary VLANs, and the DHCP server assigns them...promiscuous ports. • Isolated VLAN -A private VLAN has only one primary VLAN. For example, you can result in unused IP addresses. • If the number of devices in a private VLAN. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 16-3 For example, if the end stations ...
... connected to end stations as private VLANs, configure private VLANs on all the private-VLAN servers from the promiscuous ports to the (isolated and community) host ports and to other use private VLANs to control access to secondary VLANs, and the DHCP server assigns them...promiscuous ports. • Isolated VLAN -A private VLAN has only one primary VLAN. For example, you can result in unused IP addresses. • If the number of devices in a private VLAN. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 16-3 For example, if the end stations ...
Configuration Guide
Page 404
.... 16-10 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 Enter VLAN configuration mode for primary VLANs. Enter VLAN configuration mode and designate or create a VLAN that will be a community VLAN. Return to global configuration mode. (Optional) Enter VLAN configuration mode and designate or create a VLAN that will be an isolated VLAN. Return to global configuration mode. For example, a MAC...
.... 16-10 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 Enter VLAN configuration mode for primary VLANs. Enter VLAN configuration mode and designate or create a VLAN that will be a community VLAN. Return to global configuration mode. (Optional) Enter VLAN configuration mode and designate or create a VLAN that will be an isolated VLAN. Return to global configuration mode. For example, a MAC...
Configuration Guide
Page 408
... cannot contain spaces. This example shows how to map the interfaces of VLANs 501and 502 to clear the mapping between secondary VLANs and the primary VLAN. The VLAN ID range is Layer 3 switched. Verify the configuration. (Optional...VLAN 10, which permits routing of private-VLAN traffic: Step 1 Step 2 Command configure terminal interface vlan primary_vlan_id Step 3 private-vlan mapping [add | remove] secondary_vlan_list Step 4 Step 5 Step 6 end show interfaces private-vlan mapping Interface Secondary VLAN Type vlan10 501 isolated vlan10 502 community 16-14 Catalyst 3750 Switch...
... cannot contain spaces. This example shows how to map the interfaces of VLANs 501and 502 to clear the mapping between secondary VLANs and the primary VLAN. The VLAN ID range is Layer 3 switched. Verify the configuration. (Optional...VLAN 10, which permits routing of private-VLAN traffic: Step 1 Step 2 Command configure terminal interface vlan primary_vlan_id Step 3 private-vlan mapping [add | remove] secondary_vlan_list Step 4 Step 5 Step 6 end show interfaces private-vlan mapping Interface Secondary VLAN Type vlan10 501 isolated vlan10 502 community 16-14 Catalyst 3750 Switch...
Configuration Guide
Page 433
...through the switched LAN before ...switched network. For example, when you change the switch priority value, you manually configure the root switch, the secondary root switch, and the switch priority of a VLAN" section on a switch... using spanning tree exists in one of these states: • From initialization to blocking • From blocking to listening or to disabled • From listening to learning or to participate in frame forwarding. • Learning-The interface prepares to disabled OL-8550-02 Catalyst 3750 Switch...
...through the switched LAN before ...switched network. For example, when you change the switch priority value, you manually configure the root switch, the secondary root switch, and the switch priority of a VLAN" section on a switch... using spanning tree exists in one of these states: • From initialization to blocking • From blocking to listening or to disabled • From listening to learning or to participate in frame forwarding. • Learning-The interface prepares to disabled OL-8550-02 Catalyst 3750 Switch...
Configuration Guide
Page 563
...the IGMP report matches one subscriber port, which is a switch port configured as a forwarding destination of the specified multicast stream when it is an example configuration. Figure 24-3 Multicast VLAN Registration Example Multicast VLAN Cisco router Switch B SP SP SP Multicast server SP SP SP1 Multicast ...the multicast VLAN are called MVR source ports. DHCP assigns an IP address to include this receiver port and VLAN as an MVR receiver port. Uplink ports that send and receive multicast data to the multicast VLAN. OL-8550-02 Catalyst 3750 Switch Software ...
...the IGMP report matches one subscriber port, which is a switch port configured as a forwarding destination of the specified multicast stream when it is an example configuration. Figure 24-3 Multicast VLAN Registration Example Multicast VLAN Cisco router Switch B SP SP SP Multicast server SP SP SP1 Multicast ...the multicast VLAN are called MVR source ports. DHCP assigns an IP address to include this receiver port and VLAN as an MVR receiver port. Uplink ports that send and receive multicast data to the multicast VLAN. OL-8550-02 Catalyst 3750 Switch Software ...
Configuration Guide
Page 589
... port-security Switch(config-if)# switchport port-security mac-address 0000.02000.0004 vlan 3 This example shows how to enable sticky port security on a port, to manually configure MAC addresses for data VLAN and voice VLAN, and to set the total maximum number of secure addresses on a port. Chapter 25 Configuring Port-Based Traffic Control Configuring...
... port-security Switch(config-if)# switchport port-security mac-address 0000.02000.0004 vlan 3 This example shows how to enable sticky port security on a port, to manually configure MAC addresses for data VLAN and voice VLAN, and to set the total maximum number of secure addresses on a port. Chapter 25 Configuring Port-Based Traffic Control Configuring...
Configuration Guide
Page 610
...session collects all on a device, you associate the destination port with source ports or source VLANs, all RSPAN VLAN traffic and sends it out the RSPAN destination port. 28-4 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 SPAN Sessions SPAN sessions (local or remote) allow you... to monitor traffic on different network devices. Understanding SPAN and RSPAN Figure 28-3 Example of at least one RSPAN source session, an RSPAN VLAN, and at ...
...session collects all on a device, you associate the destination port with source ports or source VLANs, all RSPAN VLAN traffic and sends it out the RSPAN destination port. 28-4 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 SPAN Sessions SPAN sessions (local or remote) allow you... to monitor traffic on different network devices. Understanding SPAN and RSPAN Figure 28-3 Example of at least one RSPAN source session, an RSPAN VLAN, and at ...
Configuration Guide
Page 615
...remove the SPAN destination configuration. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 28-9 It is active. However, changes in VLAN membership or trunk settings for a source port immediately take effect until you assign an RSPAN VLAN ID in CDP while the SPAN session is... • Routing-SPAN does not monitor routed traffic. For VLANs 1 to 1005 that traffic is disabled. For example, if a VLAN is being Rx-monitored and the switch routes traffic from the source port list. The RSPAN VLAN ID separates the sessions. Chapter 28 Configuring SPAN and RSPAN ...
...remove the SPAN destination configuration. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 28-9 It is active. However, changes in VLAN membership or trunk settings for a source port immediately take effect until you assign an RSPAN VLAN ID in CDP while the SPAN session is... • Routing-SPAN does not monitor routed traffic. For VLANs 1 to 1005 that traffic is disabled. For example, if a VLAN is being Rx-monitored and the switch routes traffic from the source port list. The RSPAN VLAN ID separates the sessions. Chapter 28 Configuring SPAN and RSPAN ...
Configuration Guide
Page 622
...session_number destination interface interface-id global configuration command. The interface specified must already be configured as the default ingress VLAN. This example shows how to remove any existing SPAN configuration for the session. Specify all to remove all SPAN sessions, local... limit SPAN source traffic to specific VLANs. enter a space before and after the hyphen. 28-16 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 monitor session session_number source interface interface-id Specify the characteristics of VLANs. For interface-id, specify the source...
...session_number destination interface interface-id global configuration command. The interface specified must already be configured as the default ingress VLAN. This example shows how to remove any existing SPAN configuration for the session. Specify all to remove all SPAN sessions, local... limit SPAN source traffic to specific VLANs. enter a space before and after the hyphen. 28-16 Catalyst 3750 Switch Software Configuration Guide OL-8550-02 monitor session session_number source interface interface-id Specify the characteristics of VLANs. For interface-id, specify the source...
Configuration Guide
Page 629
...no monitor session session_number global configuration command. Switch(config)# monitor session 2 source remote vlan 901 Switch(config)# monitor session 2 destination interface gigabitethernet1/0/2 ingress vlan 6 Switch(config)# end OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 28-23 Chapter 28 .... For interface-id, specify the destination interface. This example shows how to privileged EXEC mode. The ingress options are ignored with the specified VLAN as the default receiving VLAN. show monitor [session session_number] Verify the configuration. enter...
...no monitor session session_number global configuration command. Switch(config)# monitor session 2 source remote vlan 901 Switch(config)# monitor session 2 destination interface gigabitethernet1/0/2 ingress vlan 6 Switch(config)# end OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 28-23 Chapter 28 .... For interface-id, specify the destination interface. This example shows how to privileged EXEC mode. The ingress options are ignored with the specified VLAN as the default receiving VLAN. show monitor [session session_number] Verify the configuration. enter...
Configuration Guide
Page 703
...-IP). Chapter 32 Configuring Network Security with ACLs Configuring VLAN Maps Example 3 Example 4 In this example, the VLAN map has a default action of forward for all -default 20 Switch(config-access-map)# match mac address good-hosts Switch(config-access-map)# action forward OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 32-33 Used with access lists tcp...
...-IP). Chapter 32 Configuring Network Security with ACLs Configuring VLAN Maps Example 3 Example 4 In this example, the VLAN map has a default action of forward for all -default 20 Switch(config-access-map)# match mac address good-hosts Switch(config-access-map)# action forward OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 32-33 Used with access lists tcp...
Configuration Guide
Page 705
...) at entry point. For example, server 10.1.1.100 in VLAN 10 should not have access denied to VLAN 1. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 32-35 Switch(config)# vlan access-map map2 10 Switch(config-access-map)# match ip address http Switch(config-access-map)# action drop Switch(config-access-map)# exit Switch(config)# ip access-list extended...
...) at entry point. For example, server 10.1.1.100 in VLAN 10 should not have access denied to VLAN 1. OL-8550-02 Catalyst 3750 Switch Software Configuration Guide 32-35 Switch(config)# vlan access-map map2 10 Switch(config-access-map)# match ip address http Switch(config-access-map)# action drop Switch(config-access-map)# exit Switch(config)# ip access-list extended...