Cisco Systems 3560 manual
- Consulta online o descarga el manual de instrucciones
- 1288 páginas
- 36.11 mb
Ir a la página of
Buen manual de instrucciones
Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones Cisco Systems 3560. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica Cisco Systems 3560 o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.
¿Qué es un manual de instrucciones?
El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual Cisco Systems 3560 se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.
Desafortunadamente pocos usuarios destinan su tiempo a leer manuales Cisco Systems 3560, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.
Entonces, ¿qué debe contener el manual de instrucciones perfecto?
Sobre todo, un manual de instrucciones Cisco Systems 3560 debe contener:
- información acerca de las especificaciones técnicas del dispositivo Cisco Systems 3560
- nombre de fabricante y año de fabricación del dispositivo Cisco Systems 3560
- condiciones de uso, configuración y mantenimiento del dispositivo Cisco Systems 3560
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas
¿Por qué no leemos los manuales de instrucciones?
Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de Cisco Systems 3560 no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de Cisco Systems 3560 y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico Cisco Systems en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de Cisco Systems 3560, como se suele hacer teniendo una versión en papel.
¿Por qué vale la pena leer los manuales de instrucciones?
Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo Cisco Systems 3560, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.
Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual Cisco Systems 3560. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.
Índice de manuales de instrucciones
-
Página 1
Americas Headquarters Cisco Systems, In c. 170 West Tasman Drive San Jose, CA 951 34-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553-NETS (638 7) Fax: 408 527-0883 Catal yst 3560 S witc h So ftwa r e Conf iguration Guide Cisco IOS Release 12.2(50)SE Marc h 20 09 Text Part Number: OL -8553-06[...]
-
Página 2
THE SPECIFICATION S AND INFORMATION RE GARDING THE P RODUCTS IN THIS MA NUAL ARE SUBJECT TO CHANGE WITH OUT NOTICE. ALL STATEMENTS , INFORMATION, AND RECOMMENDATI ONS IN THI S MANUAL ARE BE LIEVED TO BE A CCURATE BUT ARE PRESENTED WI THOUT WARRANTY OF ANY KIND, EX PRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSI BILITY FOR THEIR APPLICATION OF ANY P[...]
-
Página 3
iii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 CONTENTS Preface xlv Audience xlv Purpose xlv Conventi ons xlvi Related Publication s xlvi Obtaining Documentation, Obtaining Support, and Security Guid elines xlvii CHAPTER 1 Overview 1-1 Features 1-1 Ease-of-Deployment and Ease-of-Us e Features 1-2 Performance Feature s 1-3 Managem[...]
-
Página 4
Contents iv Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Understanding CLI Error Messages 2-5 Using Configuration Logging 2-5 Using Command History 2-6 Changing the Co mmand History Buffer Size 2-6 Recalling Commands 2-6 Disabling the Command History Feature 2-7 Using Editing Features 2-7 Enabling and Disabling Editing Features 2-7 [...]
-
Página 5
Contents v Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Modifying the Startu p Configuration 3-16 Default Boot Configuration 3-16 Automatically Downloading a Configuration File 3-16 Specifying the Filename to Read and Write the System Configuration 3-16 Booting Manually 3-17 Booting a Specific Software Image 3-18 Controlling En vir[...]
-
Página 6
Contents vi Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Examples 4-15 Querying with the Name Attribute 4-15 Querying with Keywords 4-16 Querying to Set Power Le vels 4-16 Troubleshooting EnergyWise 4-1 6 Using CLI Commands 4-17 Verifying the Power Usage 4-17 Additional Information 4-18 Managing Power in a LAN 4-18 Managing Power wi[...]
-
Página 7
Contents vii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Planning a Switch Cluster 6-4 Automatic Discovery of Cluster Candidates and Members 6-4 Discovery Through CDP Hops 6-5 Discovery Through Non-CDP-Capab le and Noncluster-Capable Devices 6-6 Discovery Through Different VLANs 6-6 Discovery Through Different Management VLANs 6-7[...]
-
Página 8
Contents viii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Configuring a System Name and Prompt 7-14 Default System Name and Prompt Configuration 7-15 Configuring a System Name 7-15 Understanding DNS 7-15 Default DNS Configuration 7-16 Setting Up DNS 7-16 Displaying the DNS Configuration 7-17 Creating a Banner 7-17 Default Banner Co[...]
-
Página 9
Contents ix Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Disabling Password Recovery 9-5 Setting a Telnet Password for a Term inal Line 9-6 Configuring Username and Password Pairs 9-6 Configuring Multiple Privilege Levels 9-7 Setting the Privilege Leve l for a Command 9-8 Changing the Default Priv ilege Level for Lines 9-9 Logging [...]
-
Página 10
Contents x Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Configuring the Switch for Local Authenticatio n and Authorization 9-36 Configuring the Switch for Secure Shell 9-37 Understanding SSH 9-38 SSH Servers, Integrated Clients, an d Supported Versions 9-38 Limitations 9-39 Configuring SSH 9-39 Configuration Guidelines 9-39 Setting [...]
-
Página 11
Contents xi Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 802.1x Readiness Check 10 -14 802.1x Authentica tion with VLAN Assignment 10-14 Using 802.1x Authentication with Pe r-User ACLs 10-15 802.1x Authen tication with Downlo adable ACLs and Redirec t URLs 10-16 Cisco Secure ACS and Attribute-Valu e Pairs for the Redirect URL 10-17[...]
-
Página 12
Contents xii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Setting the Re-Auth entication Number 10-44 Configuring 802.1x Accounting 10-45 Configuring a Guest VLAN 10-46 Configuring a Restricted VLAN 10-47 Configuring the Inaccessible Authentication Bypass Feature 10-49 Configuring 802.1x Authenticatio n with WoL 10-52 Configuring MA[...]
-
Página 13
Contents xiii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Using Interface Configuration Mode 11-10 Procedures for Configurin g Interfaces 11-11 Configuring a Range of Interfaces 11-1 1 Configuring and Using Inte rface Range Macros 11-13 Configuring Ethernet Interfaces 11-14 Default Ethernet Interface Configura tion 11-15 Setting t[...]
-
Página 14
Contents xiv Catalyst 3560 Switch Software Configuration Guide OL-8553-06 CHAPTER 13 Configuring VLANs 13-1 Understanding VLANs 13-1 Supported VLANs 13-2 VLAN Port Membership Modes 13-3 Configuring Normal-Range VLANs 13-4 Token Ring VLANs 13-6 Normal-Range VLAN Configuration Guidelines 13-6 VLAN Configuration Mode Option s 13-7 VLAN Configuration i[...]
-
Página 15
Contents xv Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 VMPS Configuration Guidelines 13-29 Configuring the VMPS Client 13-30 Entering the IP Address of the VMPS 13-30 Configuring Dynamic-Ac cess Ports on VMPS Clients 13-30 Reconfirming VLAN Memberships 13-31 Changing the Re confirmation Interval 13-31 Changing th e Retry Count 13[...]
-
Página 16
Contents xvi Catalyst 3560 Switch Software Configuration Guide OL-8553-06 VTP Configuration Guidelines 16-8 Domain Names 16-8 Passwords 16-8 VTP Versio n 16-8 Configuration Requirements 16-9 Configuring a VTP Server 16-9 Configuring a VTP Client 16-11 Disabling VTP (VTP Transpa rent Mode) 16-12 Enabling VTP Version 2 16-13 Enabling VTP Pruning 16-1[...]
-
Página 17
Contents xvii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 System MTU 16-5 IEEE 802.1Q Tunneling and Other Features 16-6 Configuring an IEEE 802.1Q Tunneling Port 16 -6 Understanding Layer 2 Pro tocol Tunneling 16-7 Configuring Layer 2 Protocol Tunne ling 16-10 Default Layer 2 Protocol Tunneling Configuration 16-11 Layer 2 Protocol[...]
-
Página 18
Contents xviii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Configuring a Secondary Root Switch 17-16 Configuring Port Priority 17-17 Configuring Path Cost 17-18 Configuring the Switch Priority of a VLAN 17-19 Configuring Spanning-Tree Timers 17-20 Configuring the Hello Time 17-20 Configuring the Forwarding -Delay Time for a VLAN 17[...]
-
Página 19
Contents xix Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Configuring Port Priority 18-19 Configuring Path Cost 18-20 Configuring the Switch Priority 18-21 Configuring the Hello Time 18-22 Configuring the Forwarding -Delay Time 18-23 Configuring the Maximum-Aging T ime 18-23 Configuring the Maximum-Hop Count 18-24 Specifying the Li[...]
-
Página 20
Contents xx Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Flex Link Multicast Fast Convergence 20-3 Learning the Other Flex Link Port as the mrouter Port 20-3 Generating IGMP Reports 20 -3 Leaking IGMP Reports 20-4 Configuration Examples 20-4 MAC Address-Table Move Update 20-6 Configuring Flex Links and the MAC Address-Table Move Upd[...]
-
Página 21
Contents xxi Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Configuring IP Source Guard 21-16 Default IP Source Guard Configuration 21-16 IP Source Guard Configuration Guidelines 21-17 Enabling IP Sourc e Guard 21-17 Displaying IP Source Guard Information 21 -19 Understanding DHCP Server Port-Based Address Allocation 21-19 Configurin[...]
-
Página 22
Contents xxii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Configuring IGMP Snooping 23-6 Default IGMP Snooping Configuration 23-7 Enabling or Disabling IGMP Snooping 23-7 Setting the Sno oping Method 23-8 Configuring a Multicast Router Port 23-9 Configuring a Host Statically to Join a Group 23-10 Enabling IGMP Immediate Leave 23-10[...]
-
Página 23
Contents xxiii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Configuring Protected Ports 24-6 Default Protected Port Configuration 24-6 Protected Port Configuration Guidelines 24-7 Configuring a Protected Port 24-7 Configuring Port Blocking 24-7 Default Port Blocking Configuration 24-8 Blocking Flooded Traffic on an Interface 24 -8 [...]
-
Página 24
Contents xxiv Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Configuring LLDP-MED TLVs 26-6 Configuring Network-Policy TLV 26-7 Configuring Location TLV and Wired Location Service 26-9 Monitoring and Maintaining LLDP, LLDP-MED, and Wired Location Se rvice 26-10 CHAPTER 27 Configuring UDLD 27-1 Understanding UDLD 27-1 Modes of Operatio[...]
-
Página 25
Contents xxv Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Configuring RSPAN 28-16 RSPAN Configuration Guidelines 28-16 Configuring a VLAN as an RSPAN VLAN 28-17 Creating an RSPAN Source Session 28-18 Creating an RSPAN Destination Session 28-19 Creating an RSPAN Destination Session and Configuring Incom ing Traffic 28-20 Specifying [...]
-
Página 26
Contents xxvi Catalyst 3560 Switch Software Configuration Guide OL-8553-06 CHAPTER 31 Configuring SNMP 31-1 Understanding SNMP 31-1 SNMP Versio ns 31-2 SNMP Manager Functions 31-3 SNMP Agent Functions 31-3 SNMP Community Strings 31-4 Using SNMP to Access MIB Variables 31-4 SNMP Notifications 31-5 SNMP ifIndex MIB Object Values 31-5 Configuring SNMP[...]
-
Página 27
Contents xxvii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Handling Fragmented and Unfragmen ted Traffic 33-5 Configuring IPv4 ACLs 33-6 Creating Standard and Exte nded IPv4 ACLs 33-7 Access List Numbers 33-8 ACL Logging 33-8 Creating a Numbered Standard ACL 33-9 Creating a Numbered Extended ACL 33-10 Resequencing ACEs in an ACL 3[...]
-
Página 28
Contents xxviii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 ACLs and Routed Packets 33-39 ACLs and Multicas t Packets 33-40 Displaying IPv4 ACL Configuration 33-40 CHAPTER 34 Configuring QoS 34-1 Understanding Qo S 34-2 Basic QoS Model 34-3 Classification 34-5 Classification Based on QoS ACLs 34-7 Classification Based on Class Map [...]
-
Página 29
Contents xxix Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Enabling VLAN-Based QoS on Physical Ports 34-35 Configuring Classification Us ing Port Trust States 34-36 Configuring the Trust State on Ports within the Qo S Domain 34-36 Configuring the CoS Value for an Interface 34-38 Configuring a Trusted Boundary to Ensu re Port Securi[...]
-
Página 30
Contents xxx Catalyst 3560 Switch Software Configuration Guide OL-8553-06 PAgP Modes 35-4 PAgP Interaction with Virtual Switches and Dual-Activ e Detection 35-5 PAgP Interaction with Other Features 35-5 Link Aggregation Control Protocol 35-5 LACP Modes 35-6 LACP Interaction with Oth er Features 35-6 EtherChannel On Mode 35-6 Load Balancing and Forw[...]
-
Página 31
Contents xxxi Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Configuring Address Resolution Methods 36-8 Define a Static ARP Cache 36-9 Set ARP Encapsula tion 36-9 Enable Proxy ARP 36-10 Routing Assistance When IP Routing is Disabled 36-10 Proxy ARP 36-11 Default Gateway 36-11 ICMP Router Discovery Protocol (IRDP) 36-11 Configuring B[...]
-
Página 32
Contents xxxii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Configuring BGP 36-40 Default BGP Configuration 36-43 Nonstop Forwardin g Awareness 36-45 Enabling BGP Routing 36-45 Managing Rout ing Policy Changes 36-47 Configuring BGP Decision Attributes 36-49 Configuring BGP Filtering with Route Maps 36-51 Configuring BGP Filtering by[...]
-
Página 33
Contents xxxiii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Configuring a VPN Routing Session 36-80 Configuring BGP PE to CE Routing Sessions 36-81 Multi-VRF CE Configuration Exam ple 36-82 Displaying Multi-VRF CE Status 36-86 Configuring Protocol-Independ ent Features 36-86 Configuring Cisco Express Forwarding 36 -86 Configuring [...]
-
Página 34
Contents xxxiv Catalyst 3560 Switch Software Configuration Guide OL-8553-06 SNMP and Syslog Over IPv6 37-7 HTTP(S) Over IPv6 37-8 Unsupported IPv6 Unicast Ro uting Features 37-8 Limitations 37-8 Configuring IPv6 37-9 Default IPv6 Configuration 37-10 Configuring IPv6 Addressing and Enabling IPv6 Routing 37-10 Configuring Default Router Preference 37[...]
-
Página 35
Contents xxxv Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Configuring a Multicast Router Port 38-8 Enabling MLD Immediate Leave 38-8 Configuring MLD Snooping Queries 38-9 Disabling MLD Listener Message Suppression 38-10 Displaying MLD Snooping Information 38-11 CHAPTER 39 Configuring IPv6 ACLs 39-1 Understanding IPv 6 ACLs 39-2 Su[...]
-
Página 36
Contents xxxvi Catalyst 3560 Switch Software Configuration Guide OL-8553-06 IP SLAs Operation Scheduling 41-5 IP SLAs Operation Threshold Monitoring 41-5 Configuring IP SLAs Operations 41-6 Default Configuration 41-6 Configuration Guidelines 41-6 Configuring the IP SLAs Responder 41-8 Analyzing IP Service Levels by Using the UDP Jitter Operation 41[...]
-
Página 37
Contents xxxvii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Configuring WCCP 43-5 Default WCCP Configuration 43-5 WCCP Configuration Guidelines 43-5 Enabling the Web Cache Se rvice 43-6 Monitoring and Maintaining WCCP 43-9 CHAPTER 44 Configuring IP Multicast Routing 44-1 Understanding Cisco’s Implementatio n of IP Multicast Rout[...]
-
Página 38
Contents xxxviii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Configuring SSM Mapping 44-19 Monitoring SSM Mapping 44-21 Configuring PIM Stub Routing 44-22 PIM Stub Routing Config uration Guidelines 44-22 Enabling PIM Stub Routing 44-22 Configuring a Rendezvous Point 44-23 Manually Assigning an RP to Multicast Group s 44-23 Configur[...]
-
Página 39
Contents xxxix Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Controllin g Route Exchang es 44-55 Limiting the Number of DVMRP Routes Advertised 44-56 Changing the DVMRP Route Th reshold 44-56 Configuring a DVMRP Summary Address 44-57 Disabling DVMRP Autosummarization 44-59 Adding a Metric Offset to the DVMRP Route 44-59 Monitoring a[...]
-
Página 40
Contents xl Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Adjusting Spanning-Tree Parameters 46 -5 Changing the VLAN-Brid ge Spanning-Tree Priority 46-5 Changing the In terface Priority 46-6 Assigning a Path Co st 46-6 Adjusting BPDU Intervals 46-7 Disabling the Spannin g Tree on an Interface 46-9 Monitoring and Maintaining Fallback [...]
-
Página 41
Contents xli Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Using Debug Commands 47-19 Enabling Debugging on a Specific Featu re 47-19 Enabling All-System Diagnos tics 47-20 Redirecting Debug and Error Message Outpu t 47-20 Using the show platform forward Command 47-20 Using the crashinfo Files 47-23 Basic crashinfo Files 47-23 Exten[...]
-
Página 42
Contents xlii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Creating, Dis playing, an d Extracting tar Files B-6 Creating a tar File B-6 Displaying the Contents of a tar File B-7 Extracting a tar File B-7 Displaying the Contents of a File B-8 Working with Co nfiguration File s B-8 Guidelines for Creating and Using Configuration Files[...]
-
Página 43
Contents xliii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Copying Image Files By Using RCP B-32 Preparing to Download or Upload an Image File By Using RCP B-33 Downloading an Image File By Using RCP B-34 Uploading an Image File By Using RCP B-36 APPENDIX C Unsupported Comman ds in Cisco IOS Release 12.2(50)SE C-1 Access Control L[...]
-
Página 44
Contents xliv Catalyst 3560 Switch Software Configuration Guide OL-8553-06 IP Multic ast Routing C-7 Unsupported Privileged EXEC Comma nds C-7 Unsupported Global Configura tion Commands C-8 Unsupported Interface Configuration Commands C-8 IP SLA C-8 Unsupported MPLS Health Monitor Commands C-8 Unsupported Ethernet Gate keeper Registration Commands [...]
-
Página 45
Contents xlv Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 NetFlow Commands C-15 Unsupported Global Configuratio n Commands C-15 Network Address Translation (NAT) Command s C-15 Unsupported Privileged EXEC Comma nds C-15 QoS C-16 Unsupported Global Configuratio n Command C-16 Unsupported Interface Configuration Commands C-16 Unsuppo[...]
-
Página 46
Contents xlvi Catalyst 3560 Switch Software Configuration Guide OL-8553-06[...]
-
Página 47
xlv Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Preface Audience This guide is for the n etworking professional managing the Catalyst 3560 switch, hereaf ter referred to as the switch . Before using t his guide, you should ha ve experience w orking with the Cisco IOS so ftware and be familiar with th e concepts and terminol o gy o[...]
-
Página 48
xlvi Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Preface Conventions This publica tion uses thes e con v entions to co n ve y instruct ions and info rmation: Command descriptions use these co n ven tions: • Commands and ke ywords are i n boldface text. • Argum ents for which you sup ply va lues are in italic . • Square bracke[...]
-
Página 49
xlvii Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Preface • For cluster requirements, see the Release Notes for Cisco Network Assistant (not orderable but av ai lable on Cisco.c om). • For upgrading informatio n, see the “Downloadi ng Software” sectio n in the release notes. See these documents for other information about [...]
-
Página 50
xlviii Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Preface[...]
-
Página 51
CH A P T E R 1-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 1 Overview This chapter p rovides these topics ab out the Cataly st 3560 switch so ftware: • Features, page 1-1 • Default Setti ngs After Initial Switch Conf iguration, page 1-14 • Network Co nfigu ration Examples, pag e 1-17 • Where to Go Next, page 1-23 In this [...]
-
Página 52
1-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Features For more information on IPv6 A CLs, see Chapter 39, “C onf iguring IPv6 ACLs. ” Some features described in this chapter are av aila ble only on the cryptog raphic (supports encryption) versions of the soft ware IP base and IP services imag es. Y ou mu [...]
-
Página 53
1-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Features – Applying actions to mu ltiple ports and multiple sw itches at the same time, such as VLA N and QoS settings, in ventory and statistic report s, link- and switch-le v el monitoring and troubleshooting, and multiple switch softw are upgrades. – V iewing[...]
-
Página 54
1-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Features • Port blocking on forw arding unkno wn Layer 2 unk nown unicast, multicast, an d bridged broadcast traffic • Cisco Group Management Protocol (CGMP) serv er support and Internet Group M anagement Protocol (IGMP) s noopi ng for IGMP V ersions 1, 2, and [...]
-
Página 55
1-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Features • CLI—The Cisco IOS software sup ports deskt op- and multilayer -switching features. Y ou can access the CLI either b y connecting your management station directly to the switch console port or by using T elnet from a remote management station. F or mor[...]
-
Página 56
1-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Features • Support for the SSM PIM pr otocol to optimize multicast applications, such as vid eo • Source Specif ic Multicast (SSM) mapping for multicas t applications provides a mapping of so urce to group, allo wing listener s to connect to mult icast sources [...]
-
Página 57
1-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Features Availability and Redundancy Features • HSRP for command switch and Layer 3 router redundanc y • Enhanced object trackin g, which separates the tracking mechanism from HSRP and creates a separate, standalone tracking process that can b e used by processe[...]
-
Página 58
1-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Features • Inter-Switch Link (ISL) and I EEE 802.1Q trunking encaps ulation on all ports for netw ork mov es, adds, and changes; management and control of broa dcast and multicast traffi c; and netw ork security by establishi ng VLAN groups for high-secur ity use[...]
-
Página 59
1-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Features • Standard and extended IP acce ss control lists (A CLs) for def ining security po licies in both directions on routed i nterfaces (router A CLs) and VLANs and inbound on Layer 2 interfaces (port AC L s ) • Extended MA C access control lists for definin[...]
-
Página 60
1-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Features – Network Edge Access T opology (NEA T) with 802.1X switch supplicant , host authorization with CISP , and auto enablement to authenticate a switch outside a wiring closet as a supplicant to another switch. – IEEE 802.1x with open access to allow a ho[...]
-
Página 61
1-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Features QoS and CoS Features • Automatic QoS (auto-QoS) to simplify the deployment of existing QoS feat ures by classifying traf fi c and conf iguring e gress queues • Automatic quality of service (QoS) V oice o ver IP (V oIP) enhancement for port -based trust[...]
-
Página 62
1-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Features Layer 3 Features These are the Layer 3 features: Note Some features noted in this section are available on ly on the IP services image. • HSRP V ersion 1 (HSRPv1) and HSRP V ersion 2 (HSRPv2) for Layer 3 router redu ndancy • IP routing protoco ls for [...]
-
Página 63
1-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Features • Nonstop forw arding (NSF) a wareness to enable th e Layer 3 switch to contin ue forwarding p ackets from an NSF-capable neighborin g router when the primary route pr ocessor (RP) is faili ng and the backup RP is taking ov er , or when th e primary RP i[...]
-
Página 64
1-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Default Settings After In itial Switch Configuration • T ime Domain Reflector (TDR) to diagnose an d re solve cabli ng problems on 10/100/1 000 copper Ethernet port s • SFP module diagnostic management interface to monitor physical or operational st atus of an[...]
-
Página 65
1-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Default Settings After In itial Switch Configuration • IEEE 802.1x is disabled. Fo r more information, see Chapter 10, “Conf iguring IEEE 802.1x Port-Based Authentication. ” • Port parameters – Operating mode is Layer 2 (switchport ). For more informatio [...]
-
Página 66
1-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Default Settings After In itial Switch Configuration • The IGMP snooping querier feature is disabled. For more infor mation, see Chapter 23, “Conf iguring IGMP Snooping and MVR. ” • MVR is disabled. Fo r more information, see Chapter 23, “Conf iguring IG[...]
-
Página 67
1-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Network Configuration Examp les Network Configuration Examples This section pro vides network con figurati on concepts and includes e xamples of using the switch to create dedicated net work segm ents and interconnectin g the seg ments through F ast Ethernet and Gi[...]
-
Página 68
1-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Network Config uration Examples Y ou can use the switches to create the following: • Cost-ef fecti ve Gig abit-to-the-desktop for high-performance workgroups ( Figure 1-1 )—F or high-speed access to netw ork resour ces, you can use the Cisco Catalyst 3560 sw i[...]
-
Página 69
1-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Network Configuration Examp les Figur e 1 -1 High-P erf or mance W ork gr oup (Gig abit-t o-the-Deskt op) • Server aggre gation ( Figure 1-2 )—Y ou can use the switches to interconnect groups of servers, centralizing physical security and administratio n of you[...]
-
Página 70
1-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Network Config uration Examples Figur e 1- 2 Server Ag greg ation Small to Medium-Sized Network Using Catalyst 3560 Switches Figure 1-3 sho ws a conf iguration for a network of up to 500 employees. This netw ork uses Catalyst 3560 Layer 3 switches with high-speed [...]
-
Página 71
1-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Network Configuration Examp les Catalyst PoE switch port s automatically detect any Cisco pre- standard and IEEE 802.3af-co mpliant po wered de vices that are connected. Each PoE switch po rt provides 15.4 W o f power per p ort. The powered de vice, such as a Cisco[...]
-
Página 72
1-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Network Config uration Examples per-user basis. The switch ports are confi gured as either trusted or untr usted. Y ou can conf igure a trusted port to tru st the CoS value, the DSC P v alue, or th e IP precedence. If you configur e the port as untrusted, you can [...]
-
Página 73
1-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overview Where to Go Next Long-Distance, High-Bandwidth Transport Configuration Figure 1-5 sho ws a config uration for sending 8 Gigabi ts of data ov er a single fiber -optic cable. The Catalyst 3560 switches ha ve coarse w av eleng th-di vision multiple xing (CWDM) f iber [...]
-
Página 74
1-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 1 Overvi ew Where to Go Ne xt[...]
-
Página 75
CH A P T E R 2-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 2 Using the Command-Line Interface This chapter describes th e Cisco IOS command-line interface (CLI) and ho w t o use it to config ure your Catalyst 35 60 switch. It conta ins these sections : • Understanding Command Modes, page 2-1 • Understanding the Help Sy stem, [...]
-
Página 76
2-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using the Comman d-Line Interface Understanding Command Modes Ta b l e 2-1 describes the main command modes, how to acce ss each one, the prompt you see in that mode, and ho w to exit th e mode. The examples in the tabl e use the hostname Switc h . Ta b l e 2-1 Command Mode [...]
-
Página 77
2-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using th e Co mmand-Line Interface Understanding the Help Syste m For more detailed information on the co mmand mod es, see the command reference guide for this release. Understanding the Help System Y ou can enter a question mark (?) at the system prompt to display a li st [...]
-
Página 78
2-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using the Comman d-Line Interface Understanding Abbreviate d Commands Understanding Abbreviated Commands Y ou need to enter only enough characters for th e switch to recognize the command as uniq ue. This example sho ws ho w to enter the show conf iguration pri vile ged EXEC[...]
-
Página 79
2-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using th e Co mmand-Line Interface Understanding CLI Erro r Messages Understanding CLI Error Messages Ta b l e 2-3 lists some error messages that you might encounter wh ile using the CLI to conf igure your switch. Using Configuration Logging Y ou can log a nd view changes to[...]
-
Página 80
2-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using the Comman d-Line Interface Using Command Histo ry Using Command History The software pro vides a history or record of commands th at you hav e entered. The comman d history feature is particularly useful for recalling long or comple x commands or entries, including ac[...]
-
Página 81
2-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using th e Co mmand-Line Interface Using Editing Features Disabling the Command History Feature The command history feature is automati cally enabled. Y ou can disable it for the current terminal session or for the command line. These procedures are optional. T o disable the[...]
-
Página 82
2-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using the Comman d-Line Interface Using Editing Features Press Ctrl-F , or press the right arro w key . Move the cursor forward one character . Press Ctrl-A . Mo ve the cursor to the beginni ng of the command line. Press Ctrl-E . Mov e the cursor to the end of the co mmand l[...]
-
Página 83
2-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using th e Co mmand-Line Interface Using Editing Features Editing Command Lines that Wrap Y o u can use a wrap around feature for commands that extend be yond a single line on the screen . When the cursor reaches the right margin, the command line shifts ten spaces to the le[...]
-
Página 84
2-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 2 Using the Comman d-Line Interface Searching and Filteri ng Output of show and more Commands Searching and Filtering Output of show and more Commands Y ou can search and filter the output for show and more comman ds. This is useful when you need to sort through lar ge amount[...]
-
Página 85
CH A P T E R 3-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 3 Assigning the Switch IP Address and Default Gateway This chapter describes ho w to create the initial sw i tch configurat ion (for ex ample, assigning the IP address and default ga te way information) fo r the Catalyst 3560 switch by using a variety of autom atic and ma[...]
-
Página 86
3-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information The normal boot process in v olv es the operation of the boot loader soft ware, which performs these activ ities: • Performs lo w-lev el CPU initiali zation. It initializes the CPU re gisters[...]
-
Página 87
3-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Note If you are using DH CP , do not respond to any of t he questions in the setup prog ram until the switch recei ves the dynamically assigned IP address and reads the conf iguratio n file. If[...]
-
Página 88
3-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information DHCP-based autoconf iguration replaces th e BOO TP client functio nality on your switch . DHCP Client Request Process When you boot up your swit ch, the DHCP client is in v oked and req uests c[...]
-
Página 89
3-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Understanding DHCP-based Autoconfiguration and Image Update Y o u can use t he DHCP image upgrade features to co nfigu re a DHCP server to do wnlo ad both a ne w image and a ne w conf iguration[...]
-
Página 90
3-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Note The configuration f ile that is do wn loaded from TFTP is merged wi th the existing con figuration in t he running conf iguration b ut is no t sav ed in the NVRAM unl ess you enter the wri[...]
-
Página 91
3-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information If you do not co nfigu re the DHCP server wi th the leas e options descri bed pre viously , it replies to client requests with onl y those parameters that are conf igur ed. If the IP address an[...]
-
Página 92
3-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Configuring the Relay Device Y ou must configure a relay de vice, also referred to as a r elay agent , when a switch sends broadcast packets that require a response from a host on a d iff erent[...]
-
Página 93
3-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information • The IP address and the conf iguration f ilename is reserv ed for the switch, b ut the TFTP serv er address is not pro vided in the DHCP reply (one-f ile read method). The switch receiv es i[...]
-
Página 94
3-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information DNS Server Conf iguration The DNS server maps the TFTP serv er name tftpserver to IP address 10.0.0.3. TFTP Server Conf iguration (on UNIX) The TFTP server base direct ory is set to /tftpserv [...]
-
Página 95
3-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Configuring the DHCP Auto Configuration and Image Update Features Using DHCP to download a ne w image and a new config uration to a switch requires that you configure at least two switches: On[...]
-
Página 96
3-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Configuring DHCP Auto-Image Updat e (Configuration File and Image) Beginni ng in pri vileged EXEC mode, foll ow th ese steps to conf igure DHCP autoconf iguration to confi gure TFTP and DHCP s[...]
-
Página 97
3-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Switch(dhcp-config)# exit Switch(config)# tftp-server flash:config-boot.text Switch(config)# tftp-server flash:c3560-ipservices-mz.122-44.3.SE.tar Switch(config)# tftp-server flash:boot-config[...]
-
Página 98
3-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Note Y ou should only configure and enable the Layer 3 inte rface. Do not assign an IP address or DHCP-based autoconf iguration with a sa ved co nfigu ration. Manually Assigning IP Information[...]
-
Página 99
3-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Checking and Saving the Running Configuration Checking and Saving the Running Configuration Y o u can check the conf iguration sett ings that you en tered or ch anges that you made b y entering this pri vileged EXEC co mm[...]
-
Página 100
3-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Star tup Configuration Modifying the Startup Configuration These sections describe ho w to modi fy the switch startup conf iguration: • Defaul t Boot Conf iguratio n, page 3-16 • Automatically Do wnloadi[...]
-
Página 101
3-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Startup Configuration Beginni ng in pri vileged EXEC mode, follow these steps to specify a dif ferent conf iguration f ilename: T o return to the def ault setting, use the no boot conf ig-f ile global conf i[...]
-
Página 102
3-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Star tup Configuration Booting a Specific Software Image By default, the switch at tempts to automatically bo ot up the system usi ng information in the BOO T en vironment v ariable. If this va riable is not[...]
-
Página 103
3-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Modifying the Startup Configuration En vironment variables store two kinds of data: • Data that controls code, which does not read the Cisco IOS conf iguration f ile. For e xample, the name of a boot loader hel per file[...]
-
Página 104
3-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Scheduling a Reload of the Software Image Scheduling a Reload of the Software Image Y o u can schedule a relo ad of the software image to occur on the switch at a later time (for example, late at night or during the weeke[...]
-
Página 105
3-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Scheduling a Relo ad of the Software Image Proceed with reload? [confirm] T o cancel a previously schedu led reload, use the reload cancel privile ged EXEC command. Displaying Scheduled Reload Information T o display info[...]
-
Página 106
3-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 3 Assigning the Sw itch IP Address and Default Gateway Scheduling a Reload of the Software Image[...]
-
Página 107
CH A P T E R 4-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 4 Configuring Cisco EnergyWise The Catalyst 3560 switch comman d reference has co mmand syntax and usage information. • Managing Sing le Entities, page 4-1 • Managing Multiple Entities, page 4-12 • T roubleshoot ing EnergyW ise, page 4-16 • Additional Informat ion[...]
-
Página 108
4-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Managing Single Entities Energ yW ise uses a distrib uted model to manag e ener gy usage. • Switches are grouped in an En erg yW ise domain an d become domain entities. The y recei ve messages from and send them to other domain en tities. • [...]
-
Página 109
4-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Managing Single Entities Figur e 4-1 T ypical Networ k Single PoE Switch Scenario Managing the po wer usage when • A PoE entity po wers on or of f the connected entities. • A PoE entity applies a network p olicy that po wers on and po wers o[...]
-
Página 110
4-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Managing Single Entities Figur e 4-2 Single PoE S witch Example EnergyWise Power Level The Energ yW ise power le v el is fo r both a PoE port and a switch. The range is from 0 to 10. The default po wer l ev el is 10. A Catalyst switch does not s[...]
-
Página 111
4-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Managing Single Entities EnergyWise Importance Set the Energy W ise importance v alue on a PoE po rt or a switch to rank domain entities. The range is from 1 to 100. The default import ance value is 1. EnergyWise Names, Roles, and Keywords Set a[...]
-
Página 112
4-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Managing Single Entities Manually Managing Power • Po wering the En tity , page 4-6 • Config uring Entity Attrib utes, page 4- 7 • Po wering the PoE Port, page 4-8 • Config uring PoE-Port Attrib utes, page 4-8 Powering the Entity Beginni[...]
-
Página 113
4-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Managing Single Entities Configuring Entity Attributes Beginni ng in pri vileged EXEC mod e: Command Purpose Step 1 show energywise (Optiona l) V e rify that EnergyW ise is ena bled. Step 2 configur e terminal Enter glob al configuration mode . [...]
-
Página 114
4-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Managing Single Entities Powering the PoE Port Beginni ng in pri vileged EXEC mode: Configuring PoE-Port Attributes Beginni ng in pri vileged EXEC mode: Step 10 show energ ywise show energ ywise domain V erify your entries. Step 11 copy running-[...]
-
Página 115
4-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Managing Single Entities Automatically Managing Power (Recurrence) Beginni ng in pri vileged EXEC mod e: Step 4 energywise keywords wor d,wor d, ... (Opti onal) Assign at least one ke yword for the port. When assigning multip le keyw ords , sepa[...]
-
Página 116
4-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Managing Single Entities Step 3 energywise domain domain-n ame secret [ 0 | 7 ] passwor d [ pr otocol udp port udp-port-number [ interface interface-id | ip ip-addr ess ]] Enable Ener gyW ise on the en tity , assign the entity to a domain with [...]
-
Página 117
4-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Managing Single Entities Examples • Setting Up the Domain, pag e 4-11 • Manually Ma naging Power , page 4-12 • Automatically Managing Po wer , page 4-12 Setting Up the Domain Switch# configure terminal Enter configuration commands, one pe[...]
-
Página 118
4-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Managing Multiple Entities Manually Managing Power T o po wer on the lab IP ph ones no w: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# energywise domain cisco secret cisco protocol udp [...]
-
Página 119
4-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Managing Multiple Entities Multiple PoE Switch Scenario Figur e 4-3 Multiple PoE S witches Example EnergyWise Query • Collect po wer usage information. • Summari ze power informatio n from entit ies. • Set parameters. Use these attributes[...]
-
Página 120
4-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Managing Multiple Entities Use EnergyW ise importance v alues to select entities in a query . For example, an of f ice phone is less important than an emer gency ph one that should ne ve r be in sleep mode. Query results sho w entities, such as[...]
-
Página 121
4-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Managing Multiple Entities Examples • Querying with the Name Attrib ute, page 4-15 • Querying with K e ywords, page 4- 16 • Querying to Set Po wer Le vels, page 4-16 In these e xamples, Swit ch 1 and Switch 2 ar e in the same domai n. The[...]
-
Página 122
4-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Troubleshooting Ener gyWise Querying with Keywords T o show the po wer usage of IP phon es with differen t names, different roles, and importance v alues less than or equal to 80, but all with the Admin ke yword , run this query on Swit ch 1: S[...]
-
Página 123
4-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Troubleshooting EnergyWise Using CLI Commands For more inf ormation about the commands, se e the command reference for this release. Verifying the Power Usage • This exampl e show s that the Cisco 7960 IP Ph one uses 6.3 watts and that the Ci[...]
-
Página 124
4-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Additional Information Additional Information • Managing Power in a LAN, page 4-18 • Managing Po wer with IP Ro uting, page 4-18 Managing Power in a LAN Multiple switches connected in the same LAN and in the same Ener gyW ise d omain. Figur[...]
-
Página 125
4-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco Ene rgyWise Additional Information Figur e 4-5 Energ yWise with IP Routin g On Switch 1, to pre v ent a disjointed domain, manually assign Switch 2 as a static neighbor or the re verse. Switch(config)# energywise neighbor 192.168.2.2 43440 Switch 1 disco v[...]
-
Página 126
4-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 4 Configuring Cisco En ergyWise Additional Information Note T o pre vent a disjointed domain, y ou can also config ur e a helper address on Router A and specify that the router use UDP to forward broadcast packets with the ip helper -address addr ess in terface conf iguration[...]
-
Página 127
CH A P T E R 5-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 5 Configuring Cisco IOS Configuration Engine This chapter describes ho w to conf igure the feature on the Catalyst 356 0 switch. Note For complete conf iguration info rmation fo r the Cisco Con figur ation Engine, go to http://www .cisco.com/en/US/products/sw/n etmgts w/p[...]
-
Página 128
5-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Understanding Cisco Configuration Engine Software Figur e 5-1 Config uration Engine Arc hitectur al Overview • Config uration Service, page 5-2 • Event Service, page 5-3 • What Y o u Should Kno w About th e CNS IDs and De vice[...]
-
Página 129
5-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Understanding Cisco Co nfig uration Engine Software Event Service The Cisco Config uration Engine uses the Ev ent Service for receipt and generation o f configurati on e vents. The e v ent agent is on the switch and faci litates the[...]
-
Página 130
5-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Understanding Cisco Configuration Engine Software DeviceID Each confi gured switch participating on the ev ent b us has a unique De viceID, which is analogous to the switch source address so that the sw itch can be targeted as a spe[...]
-
Página 131
5-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Understanding Cisco IOS Agents Understanding Cisco IOS Agents The CNS ev ent agent feature allo ws the switch to publish and subscrib e to e ven ts on the e vent b us and works with the Cisco IOS ag ent. The Cisco IOS agent feature [...]
-
Página 132
5-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Configuring Cisco IO S Agents Incremental (Partial) Configuration After the networ k is running, ne w services can be added b y using the Cisco IOS agent. Incr emental (partial) conf igurations can be sent to the switch. The actual [...]
-
Página 133
5-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Note For more informati on about running the set up program and creating templ ates on the Conf iguration Engine, see the Cisco Configur ation Engine Installa tion and Setup Guide , 1.5 for Linux at http[...]
-
Página 134
5-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Configuring Cisco IO S Agents Beginni ng in pri vileged EXEC mode, follow these steps to enable the CNS e vent agent on the switch: T o disable the CNS ev ent agent, use the no cns ev ent { ip-addr ess | hostnam e } global conf igur[...]
-
Página 135
5-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Enabling the Cisco IOS CNS Agent After enabling the CNS ev ent agent, start the Cisco IOS CNS agent on the switch. Y ou can enable the Cisco IOS agent with these commands: • The cns config initial glob[...]
-
Página 136
5-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Configuring Cisco IO S Agents Step 7 di scover { contr oller contr oller-type | dlci [ subinterface subinterfa ce-number ] | interface [ interface-type ] | line line-type } Specify the interface parame ters in the CNS connect profi[...]
-
Página 137
5-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Step 13 cns id interface num { dns-re verse | ipaddress | mac-addr ess } [ event ] [ image ] or cns id { hardwar e-serial | hostname | string string | udi } [ event ] [ image ] (Optional) Set the uniqu [...]
-
Página 138
5-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Configuring Cisco IO S Agents T o disable the CNS Cisco IOS agent, use the no cns config initial { ip-addr ess | hostna me } global confi guration command. This exampl e show s how to co nfigure an initial conf iguration on a remot[...]
-
Página 139
5-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents This exampl e show s how to co nfigure an initial conf iguration on a remote swi tch when the switch IP address is kno wn. The Conf iguratio n Engine IP address is 172.28. 129.22. Switch(config)# cns te[...]
-
Página 140
5-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 5 Configuring Cisco IOS Configuration Engine Displaying CNS Configuration Displaying CNS Configuration Ta b l e 5-2 Pr ivile ged EX EC sho w Commands Command Purpose show cns conf ig connections Displays the status of the CNS Cisco IOS agent connections. show cns conf ig outs[...]
-
Página 141
CH A P T E R 6-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 6 Clustering Switches This chapter provides the concepts and procedures to create and manage Catalyst 3560 switch clusters. Y ou can create and manage switch clusters by usi ng Cisco Netw ork Assist ant (hereaft er kno wn as Network Assistant) , the command-line interf ac[...]
-
Página 142
6-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Sw itches Understanding Switch Clusters In a switch cluster , 1 switch must be the cluster command switch and up to 15 other switches can be cluster member sw itches . The total number of switches in a cluster cannot exceed 16 switch es. The cluster command switch[...]
-
Página 143
6-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Switches Understanding Switch Clusters Cluster Command Switch Characteristics A cluster command switch must meet these requirements: • It is running Cisco IOS Release 12.1(19 )EA1 or later . • It has an IP address. • It has Cisco Disco very Protocol (CDP ) v[...]
-
Página 144
6-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Sw itches Planning a Switch Cluster • If a cluster standby grou p exists, it is connected to e very standby cluster command swi tch through at least one common VLAN. The VLAN to e ach standby clu ster command switch can be dif ferent. • It is connected to the [...]
-
Página 145
6-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Switches Planning a Switch Cluster Follo wing th ese connecti vity guidelines ensu res auto matic discov ery of the switch cluster, cluster candidates, connected sw itch clusters, and neig hboring edge de vices: • Discov ery Throu gh CDP Hops, page 6-5 • Disco[...]
-
Página 146
6-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Sw itches Planning a Switch Cluster Discovery Through Non-CDP-Capable and Noncluster-Capable Devices If a cluster command switch is connected to a non-CDP-capab le thir d-party hub ( such as a non-Cisco hub), it can discover cluster -enabled devices connected to t[...]
-
Página 147
6-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Switches Planning a Switch Cluster Figur e 6-3 Discovery Thr ough Diff er ent VLANs Discovery Through Different Management VLANs Catalyst 29 70, Catalyst 35 50, Catalyst 3560, or Catalyst 3750 cluster command switches can disco ver and manage cluster member switch[...]
-
Página 148
6-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Sw itches Planning a Switch Cluster Figur e 6-4 Discovery Through Diff erent Management VLANs with a Layer 3 Clust er Command Swi tch Discovery Through Routed Ports If the cluster command switch has a routed port (RP) conf igured, it discov ers only candidate and [...]
-
Página 149
6-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Switches Planning a Switch Cluster Figur e 6-5 Discovery Through Routed P or ts Discovery of Newly Installed Switches T o join a cluster , t he new , out-of-the-box switch must be connected to the clust er through one of its access ports. An access port (AP) c arr[...]
-
Página 150
6-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Sw itches Planning a Switch Cluster HSRP and Standby Cluster Command Switches The switch supports Hot Standb y Router Proto col (HSRP) so that you can conf igure a g roup of standby cluster command switches. Because a cluster co mmand switch manages the forwardin[...]
-
Página 151
6-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Switches Planning a Switch Cluster manage the cluster , you must access the activ e clus ter command switch through the virtual IP address, not through the command- switch IP address. This is in case the IP address of the acti ve cluster command switch is dif fer[...]
-
Página 152
6-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Sw itches Planning a Switch Cluster Catalyst 19 00, Catalyst 28 20, Catalyst 2900 XL, Cata lyst 2950, and Cat alyst 3500 XL cluster member switches must be connected to the cl uster standby g roup through their manag ement VLANs. For more information about VLANs [...]
-
Página 153
6-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Switches Planning a Switch Cluster When the pre viously acti v e cluster command switch r e sumes its active role, it recei ves a copy of the latest cluster conf iguration fro m the acti ve cluster command switch, including members th at were added while it was d[...]
-
Página 154
6-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Sw itches Planning a Switch Cluster If you change the member-switch passw ord to be dif ferent from the command-swit ch password and sa v e the change, the switch i s not manageable by the cl uster command switch until yo u change the member-swit ch password to m[...]
-
Página 155
6-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Switches Using the CLI to Manage Switch Clusters Using the CLI to Manage Switch Clusters Y o u can conf igure cluster member switches from the CLI b y f irst logging into the cluster command switch. Enter the r command user EXEC comm and and the cluster member sw[...]
-
Página 156
6-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 6 Clustering Sw itches Using SNMP to Manage Switch Clusters cluster member switch. The cluster command switch u ses this community string to control the forwarding of gets, sets, and get-next messages be tween the SNMP management station and the clu ster member switches. Note[...]
-
Página 157
CH A P T E R 7-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 7 Administering the Switch This chapter describes ho w to perf orm one-time operations to administ er the Catalyst 3560 switch. This chapter consists of these sections: • Managing the System T ime and Date, page 7-1 • Config uring a System Name an d Prompt, page 7-14 [...]
-
Página 158
7-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the System Time and Date The system clock can provide time to these services: • User show commands • Logging and deb ugging messages The system clock keep s track of time internally based on Uni v ersal T ime Coordinated (UTC), also kno[...]
-
Página 159
7-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the System Time and Date Figure 7-1 sho ws a typical netw ork e xample using NTP . Sw itch A is the NTP master , wi th Switches B, C, and D conf igured in NTP server mode, in server association wi th Switch A. Sw itch E is configured as an N[...]
-
Página 160
7-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the System Time and Date These sections contain this configu ration informatio n: • Default NTP Con figuration , page 7-4 • Config uring NTP Authentication, page 7-4 • Config uring NTP Associations, page 7-5 • Config uring NTP Broad[...]
-
Página 161
7-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the System Time and Date T o disable NTP authentication, use the no ntp authenticate global configurat ion command. T o remove an authentication key , use the no ntp authentication-key number global confi guration command. T o disable authen[...]
-
Página 162
7-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the System Time and Date Beginni ng in pri vileged EXEC mod e, follow th ese steps to form an NTP association with anoth er device: Y o u need to co nfigu re only one end of an asso ciation; the othe r devi ce can automatically establish th[...]
-
Página 163
7-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the System Time and Date The switch can send or receiv e NTP broadcast packets on an interface-by-interf a ce basis if there is an NTP broadcast server , such as a router , broadcasting time informatio n on the network. The switch can send N[...]
-
Página 164
7-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the System Time and Date T o disable an interface from receiv ing NTP broadcast packets, use the no ntp br oadcast client interface confi guration command. T o change the estimated round-trip delay to the default, use th e no ntp broadcastd[...]
-
Página 165
7-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the System Time and Date The access group keyw ords are scanned in this orde r, fro m least restricti ve to most restricti v e: 1. peer —Allows time req uests and NTP control queries and allo ws the swit ch to synchronize itself to a devic[...]
-
Página 166
7-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the System Time and Date Disabling NTP Services on a Spe cific Interface NTP services are enabled on all interfaces by default. Be gi nn in g in pr iv il eg ed EX E C m o de , f ol l ow t he s e s te p s t o d is a bl e N TP pack ets from [...]
-
Página 167
7-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the System Time and Date Displaying the NTP Configuration Y ou can use two privileged EXEC commands to display NTP i nformation: • show ntp associations [ detail ] • show ntp status Note For detailed information ab out the fields in the[...]
-
Página 168
7-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the System Time and Date Displaying the Time and Date Configuration T o display the time and date conf igurati on, use the show clock [ detail ] pri vile ged EXEC command. The system clock keeps an authoritative flag that sho ws whether th[...]
-
Página 169
7-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the System Time and Date Configuring Summer Time (Daylight Saving Time) Beginni ng in pri vileged EXEC mode, follo w these steps to co nfigure summer t ime (daylight sav ing time) in areas where it starts and ends on a particular day of the[...]
-
Página 170
7-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Configuring a System N ame and Prompt Beginni ng in pri vileged EXEC mode, follow these steps if summer time in your area does not follo w a recurring pattern (conf igure the e xact date and time of the next summer tim e ev ents): The first part of[...]
-
Página 171
7-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Configuring a System Name and Prompt These sections contain this configu ration informatio n: • Default Syst em Name and Prompt Conf iguration, page 7-15 • Config uring a System Name, page 7-15 • Understanding DNS, page 7- 15 Default System Na[...]
-
Página 172
7-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Configuring a System N ame and Prompt These sections contain this configu ration informatio n: • Default DNS Co nfigur ation, page 7-16 • Setting Up DNS, pa ge 7-16 • Displaying the DNS Conf iguration, pa ge 7-17 Default DNS Configuration Ta [...]
-
Página 173
7-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Creating a Banner If you use the switch IP address as its hostname, th e IP address is used and no DNS query occurs. If you confi gure a hostname that contains no periods (.), a period follo wed b y the default domain name is appended to th e hostna[...]
-
Página 174
7-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Creating a Banne r Configuring a Message-of-the-Day Login Banner Y o u can create a single or multiline message banner th at appears on the screen when someone logs in to the switch. Beginni ng in pri vileged EXEC mode, foll ow th ese steps to conf[...]
-
Página 175
7-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the MA C Address Table Beginni ng in pri vileged EXEC mod e, follow these steps to conf igure a login banner: T o delete the login banner , use the no banner login global configu ration command. This example sho ws ho w to conf igure a logi[...]
-
Página 176
7-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the MAC Addr ess Table • Config uring MA C Address Notif ication T raps, page 7-22 • Adding and Remo ving Static Address Entries, page 7- 24 • Config uring Unicast MA C Address Fi ltering, page 7-25 • Disabling MA C Address Learni [...]
-
Página 177
7-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the MA C Address Table Default MAC Address Table Configuration Ta b l e 7-3 shows the def ault MA C addr ess table conf iguration. Changing the Address Aging Time Dynamic addresses are source MAC addresses that the sw itch learns and then a[...]
-
Página 178
7-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the MAC Addr ess Table Removing Dynamic Address Entries T o remov e all dynamic entries, use the clear mac addr ess-table dynamic command in pri vile ged EXEC mode. Y ou can also remov e a specific MA C address ( clear mac address-t able d[...]
-
Página 179
7-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the MA C Address Table T o disable the switch from sendi ng MA C address notif ication traps, use the no snmp-serv er enable traps mac-notif ication glob al configurati on command. T o disa ble the MA C address notification traps on a speci[...]
-
Página 180
7-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the MAC Addr ess Table Adding and Removing Static Address Entries A static address has these characteristics: • It is manually entered in the address table and must be manual ly remov ed. • It can be a unicast or multicast addr ess. ?[...]
-
Página 181
7-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the MA C Address Table This exampl e show s how to add the static address c2f3.220a.12f4 to the MA C address table. When a packet is receiv ed in VLAN 4 with this MAC address as its destination address, the packet is forwarded to the specif[...]
-
Página 182
7-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the MAC Addr ess Table T o disable unicast MA C address filtering, use the no mac addr ess-table static mac-addr vlan vlan-id global conf iguratio n command. This exampl e show s how to enable unicast MA C addr ess filtering and to conf ig[...]
-
Página 183
7-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administering the Switch Managing the MA C Address Table Beginni ng in pri vileged EXEC mod e, follow these steps to disable MA C address learning on a VLAN: T o reenable MA C addre ss learning on a V LAN, use the default mac addr ess-table l earning vlan vlan-id global con[...]
-
Página 184
7-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 7 Administerin g the Switch Managing the ARP Table Managing the ARP Table T o communicate with a de vice (ov er Ethernet, for exam ple), the softw are first must l earn the 48-bit MA C address or the local data link addr e ss of that de vice. The process of learning the local[...]
-
Página 185
CH A P T E R 8-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 8 Configuring SDM Templates This chapter descri bes how to configure the Switch Databa se Management (SDM ) templates on the Catalyst 35 60 switch. Note For complete syntax and usage in formation for the co mmands used in this chapter , see the command reference for this [...]
-
Página 186
8-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 8 Config uring SDM Templates Understanding the SDM Temp lates The first eight ro ws in the tables (unicast MA C addresses through security A CEs) represent approximate hardware boun daries set when a t emplate is sele cted . If a section of a hardware resource is full, all pro[...]
-
Página 187
8-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 8 Configuring SDM Temp lates Configuring the Switch SDM Template Configuring the Switch SDM Template These sections contain this configu ration informatio n: • Default SDM T emplate, page 8-3 • SDM T emplate Configurati on Guidelines, page 8-3 • Setting the SDM T emplate[...]
-
Página 188
8-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 8 Config uring SDM Templates Configuring the Switch SDM Template • Use the sdm prefer vlan global configur ation command only on swit ches intended for Layer 2 switching with no routing. When you use the VLAN template, no system resources are reserved for routing ent ries, a[...]
-
Página 189
8-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 8 Configuring SDM Temp lates Displaying th e SDM Templates This is an exampl e of an output display when you ha v e changed the template an d hav e not relo aded the switch: Switch# show sdm prefer The current template is "desktop routing" template. The selected temp[...]
-
Página 190
8-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 8 Config uring SDM Templates Displaying the SDM Templates Switch# show sdm prefer routing "desktop routing" template: The selected template optimizes the resources in the switch to support this level of features for 8 routed interfaces and 1024 VLANs. number of unica[...]
-
Página 191
CH A P T E R 9-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 9 Configuring Switch-Based Authentication This chapter describe s how to conf igure switch -ba sed authen tication on th e Catalyst 3560 switch. It consists of these sect ions: • Pre venting Unauthorized A ccess to Y our Switch, page 9-1 • Protecting Access to Privile[...]
-
Página 192
9-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Protecting Ac cess to Pr ivileged EXEC Commands • If you want to use userna me and password pairs, but you want to store th em centrally on a server instead of locally , you ca n store the m in a database on a securi ty server . M [...]
-
Página 193
9-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Protecting A ccess to Privileged EXEC Commands Setting or Changing a Static Enable Password The enable password controls acces s to the pri vileged EX EC mode. Beginni ng in pri vileg ed EXEC mode, follo w these steps to set or change[...]
-
Página 194
9-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Protecting Ac cess to Pr ivileged EXEC Commands Beginni ng in pri vileged EXEC mode, foll ow th ese steps to conf igure encryption for enable and en able secret passwords: If both the enable and enable secret passwords are defined, u[...]
-
Página 195
9-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Protecting A ccess to Privileged EXEC Commands This example sho ws how to conf igure the encrypted password $1$F aD0$Xyti5Rkls3LoyxzS8 for pri vilege le v el 2: Switch(config)# enable secret level 2 5 $1$FaD0$Xyti5Rkls3LoyxzS8 Disabli[...]
-
Página 196
9-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Protecting Ac cess to Pr ivileged EXEC Commands Setting a Telnet Password for a Terminal Line When you po wer -up your switch for the f irst time, an aut omatic setup program runs t o assign IP information and to create a default co [...]
-
Página 197
9-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Protecting A ccess to Privileged EXEC Commands Beginning in priv ileged EXEC mode, foll ow these st eps to est ablish a username- based authentication system that requ ests a login use rname and a password: T o disable userna me authe[...]
-
Página 198
9-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Protecting Ac cess to Pr ivileged EXEC Commands Setting the Privilege Level for a Command Beginni ng in priv ileged EXEC mode, follo w these steps to set the pri vile ge le ve l for a command mode: When you set a command to a privile[...]
-
Página 199
9-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Protecting A ccess to Privileged EXEC Commands Changing the Default Privilege Level for Lines Beginni ng in pri vileged EXEC mod e, follow these steps to change the defa ult pri vilege le v el for a line: Users can override the pr i v[...]
-
Página 200
9-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with TACACS+ Controlling Switch Access with TACACS+ This section describes how to enable and conf igur e T erminal Access Controller Acces s Control System Plus (T A CA CS+), whi ch provides detailed acco u[...]
-
Página 201
9-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Sw itch Access with TACACS+ Figur e 9-1 T ypical T ACA CS+ Networ k Configur ation T A CA CS+, administered th rough the AAA securi ty services, can provide these services: • Authentication—Pro vides complete control [...]
-
Página 202
9-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with TACACS+ TACACS+ Operation When a user attempts a simple ASCII login b y authenticating to a switch using T ACA CS+, this process occurs: 1. When the connection is established, the switch co ntacts the [...]
-
Página 203
9-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Sw itch Access with TACACS+ These sections contain this configu ration informatio n: • Default T ACA CS+ Configuration, page 9-1 3 • Identifying t he T ACA CS+ Server Host and Setting the A uthentication K ey , page 9[...]
-
Página 204
9-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with TACACS+ T o remove the specif ied T ACA C S+ server name or address, use the no tacacs-server host hostname global conf iguratio n command. T o remov e a serv er group from the conf igurat ion list, us[...]
-
Página 205
9-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Sw itch Access with TACACS+ Step 3 aaa authentication logi n { default | list-name } method1 [ method2... ] Create a login authentication method list. • T o create a default list that is used when a named list is no t s[...]
-
Página 206
9-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with TACACS+ T o disable AAA, use the no aaa new-model global con figurat ion command. T o disable AAA authentic ation, use the no aaa authentication l ogin { default | list-name } method1 [ method2... ] gl[...]
-
Página 207
9-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS T o disable authorization, use the no aaa a uthorization { network | exec } method1 global configuration command. Starting TACACS+ Accounting The AAA accounting feature tracks the servic es that [...]
-
Página 208
9-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS • Config uring RADIUS, page 9-1 9 • Displaying the RADIUS Conf iguration, page 9-3 2 Understanding RADIUS RADIUS is a distributed client/server system th at secures networks against unauthor[...]
-
Página 209
9-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS Figur e 9-2 T ransitioning fr om R ADIUS to T ACA CS+ Services RADIUS Operation When a user attempts to log in and auth enticate to a switch that is access controlled by a RADIUS server , these e[...]
-
Página 210
9-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS software uses the f irst method listed to authenticate, to authorize, or to keep accounts on users. If that method does not respond, the softw are selects the next method in the list. This proce[...]
-
Página 211
9-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS A RADIUS server and the switch us e a shared secret text string to encrypt passwords and exchange responses. T o configure RADIUS to use th e AAA s ecurity commands, you must specify the host run[...]
-
Página 212
9-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS Beginning in priv ileged EXEC mode, foll ow these steps to configu re per-serv er RADIUS server communication. This procedure is req uired. T o remove the specif ied RADIUS server , use the no r[...]
-
Página 213
9-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS This exampl e sho ws how to conf igure host1 as the RADIUS server and to use the default ports fo r both authentication an d accounting: Switch(config)# radius-server host host1 Note Y ou also ne[...]
-
Página 214
9-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS Step 3 aaa authentication logi n { default | list-name } method1 [ method2... ] Create a login authenticatio n method list. • T o create a default list that is used when a named list is no t s[...]
-
Página 215
9-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS T o disable AAA, use the no aaa new-model global con figuration command. T o disable AAA authentic ation, use the no aaa authentication l ogin { default | list-name } method1 [ method2... ] globa[...]
-
Página 216
9-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS Beginni ng in pri vileged EXEC mode, foll ow th ese steps to define th e AAA server gr oup and associate a particular RADIUS server with it: Command Purpose Step 1 configur e terminal Enter g lo[...]
-
Página 217
9-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS T o remove the specif ied RADIUS server , use the no radius-server host hostname | ip-addr ess global confi guration command. T o remove a serv er group from the conf iguration list, us e the no [...]
-
Página 218
9-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS T o disable authorization, use the no aaa a uthorization { network | exec } method1 global configuration command. Starting RADIUS Accounting The AAA accounting feature tracks the servic es th at[...]
-
Página 219
9-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS Configuring Settings fo r All RADIUS Servers Beginni ng in pri vileged EXEC mod e, follow these steps to conf igure global communication settings between the switch and all RADIUS serv ers: T o r[...]
-
Página 220
9-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS This example sho ws how to provide a user logging in from a switch with immediate access to privile ged EXEC commands: cisco-avpair= ”shell:priv-lvl=15“ This example sho ws how to specify an[...]
-
Página 221
9-31 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS Configuring the Switch for Vendor-Proprietary RADI US Server Communication Although an IETF draft standard for RADI US specifies a method for co mmunicating ve ndor-pr oprietary information betwe[...]
-
Página 222
9-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with Kerberos Displaying the RADIUS Configuration T o display the RADIU S conf iguration, use the show running-conf ig pri vile ged EXEC command. Controlling Switch Access with Kerberos This section descri [...]
-
Página 223
9-33 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with Kerberos Note A Kerberos server can be a Catalyst 3560 switch that is conf igured as a network security server and that can authenticate users b y using the K erberos protocol. The K erberos credential [...]
-
Página 224
9-34 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Controlling Switch Access with Kerberos Kerberos Operation A K erberos server can be a Catalyst 356 0 switch that is conf igured as a network security serv er and that can authenticate remote users b y using the K erberos protocol. [...]
-
Página 225
9-35 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Controlling Switch Access with Kerberos Authenticating to a Boundary Switch This section describes the first layer of security th rough which a remo te user must pass. The user must first authenticate to the boundary sw itch. This pr[...]
-
Página 226
9-36 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Configuring the Switch for Local Authen tication and Authorization When you add or create entries for the hos ts and users, follo w these guidelines: • The K erberos principal name must be in all lowercase characters. • The K er[...]
-
Página 227
9-37 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Configuri ng the Switch for Secure Shell T o disable AAA, use the no aaa new-model global con figuration command. T o disable authorization, use the no aaa authorization { network | ex ec } method1 global co nfigurat ion command. Not[...]
-
Página 228
9-38 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Configuring the Switch for Secure Shell For SSH conf iguration e xamples, see the “SSH Conf iguration Examp les” section in the “Conf iguring Secure Shell” chapter of the Cisco IOS Security Configur ation Gu ide, Cisco IOS R[...]
-
Página 229
9-39 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Configuri ng the Switch for Secure Shell Limitations These limitations apply to SSH: • The switch supports Ri v est, Shamir , and Adelman (RSA) authentication. • SSH supports only th e ex ecution-shell ap plication. • The SSH s[...]
-
Página 230
9-40 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Configuring the Switch for Secure Shell 3. Generate an RSA ke y pair for the switch , which automatically enables SSH. F ollo w this procedure only if you are configuring the switch as an SSH serv er . 4. Configure user authenticati[...]
-
Página 231
9-41 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Configuri ng the Switch for Secure Shell T o return to the def ault SSH control parameters, use the no ip ssh { ti meout | authentication-retries } global conf iguratio n command. Displaying the SSH Configuration and Status T o displ[...]
-
Página 232
9-42 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Configuring the Switch for Secure Sock et Layer HTTP For more informati on about these commands, see the “ Secure Shell Commands ” section in the “Other Security Features ” chapter of the C isco IOS Secur ity Command Refe r [...]
-
Página 233
9-43 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Configuring the Switch for Sec ure Socket Layer HTTP When a connection attempt i s made, the HTTPS se rver prov ides a secure connection by issuing a certified X.5 09v3 certif icate, obtained from a specif ied CA trustpoint , to the [...]
-
Página 234
9-44 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Configuring the Switch for Secure Sock et Layer HTTP For additi onal information on Certif icate Authorit ies, see the “Config uring Certif ication Authority Interoperability” chapt er in the Cisco IOS Security Configuration Gui[...]
-
Página 235
9-45 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Configuring the Switch for Sec ure Socket Layer HTTP Default SSL Configuration The standard HTTP server is enabled. SSL is enabled. No CA trustp oints are configured. No self-signed certif icates are generated. SSL Configuration Guid[...]
-
Página 236
9-46 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Configuring the Switch for Secure Sock et Layer HTTP Use the no crypto ca trustpoint name global conf iguration command to delete all identity informati on and certificates associated with the CA. Configuring the Secure HTTP Server [...]
-
Página 237
9-47 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Configuring the Switch for Sec ure Socket Layer HTTP Use the no ip http server gl obal confi guration com mand to disa ble the standard HTTP server . Use the no ip http secure-serv er global configuration command to disa ble the secu[...]
-
Página 238
9-48 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Configuring the Switch for Secure Copy Pro tocol Beginni ng in pri vileged EXEC mode, foll ow th ese steps to conf igure a secure HTTP client: Use the no ip http client secure-trustpoint name to remo ve a client tr ustpoi nt configu[...]
-
Página 239
9-49 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Configuri ng Switch-Based Authentication Configuring the Switch fo r Secure Copy Protocol Because SSH also relie s on AAA authentication, and SCP relies further on AA A authorization, correct configuration is necessary . • Before enabling SCP , you must correctly co nfig [...]
-
Página 240
9-50 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 9 Config uring Switch-Based Authentic ation Configuring the Switch for Secure Copy Pro tocol[...]
-
Página 241
CH A P T E R 10-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 10 Configuring IEEE 802.1x Port-Based Authentication IEEE 802.1x port-based authentica tion pre vents unauthorized de vices (clients) from gaining access to the network. The Catalyst 3560 switch command reference and the “R ADIUS Commands” section in the Cisco IOS Se[...]
-
Página 242
10-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication • 802.1x Authentication w ith VLAN Assignment, page 10-14 • Using 802.1x Authenticat ion with Per- User A CLs, page 10-15 • 802.1x Authenticati on with Guest VLAN ,[...]
-
Página 243
10-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication • Authen tication server —performs the actual authentication of the client. The authentication server v alidates the identity of the client and n otifies t he switc[...]
-
Página 244
10-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication Figure 10-2 sho ws the authentication process. Figur e 1 0-2 A uthentication Flow c hart The switch re-authenticates a client when one of these situations occ urs: • Pe[...]
-
Página 245
10-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication The T ermination-Action RADIUS attrib ute (Attrib u te [29]) specifies the action to take during re-authentication. The act ions are Initial ize and ReAuthenticate . Wh[...]
-
Página 246
10-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication Figur e 1 0-3 M essag e Exc hang e If 802.1x authent ication times out while w aiti ng for an EAPOL message exchange and MA C authentication b ypass is enabled, the switc[...]
-
Página 247
10-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication Authentication Manager In Ci s co IO S Re l ea se 12 . 2( 4 6) SE a nd ea rl i er, y o u could not use the same authorization methods, including CL I c om m an d s a nd[...]
-
Página 248
10-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication Per-User ACLs and Filter-Ids In releases earlier than Cisco IOS R elease 12.2 (50)SE, an A CL conf igured on the switch is not compatible with an A CL conf igured on anot[...]
-
Página 249
10-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication For more information, see the co mmand reference for this release. Ports in Authorized and Unauthorized States During 802.1x authenticat ion, depending on the switch po[...]
-
Página 250
10-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication • auto —enables 802.1x authen tication and causes the por t to begi n in the unauthorized state, all owi ng only EAPOL frames to be sent and recei v ed through the p[...]
-
Página 251
10-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication The switch supports Multi -Domain Authenticati on (MD A), which al lows bo th a data de vice and a v oice device, such as an IP Phone (Cisco or non-Cisco), to connect [...]
-
Página 252
10-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication • Activ e fallback mechanisms such as guest VLAN and re stricted VLAN remain co nfigured after a port changes from single-host or multiple-host mode to multidomain mod[...]
-
Página 253
10-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication 802.1x Accounting Attribute-Value Pairs The information sent t o the RADIUS server is represent ed in the form of Attrib ute-V alue (A V) pairs. These A V pairs provi [...]
-
Página 254
10-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication 802.1x Readiness Check The 802.1x readiness check monitors 802.1x acti vity on all the swit ch ports and displays inf ormation about the de vices connected to the po rts[...]
-
Página 255
10-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication – If the VLAN conf igurat ion change of one de vice resu lts in matching the ot her dev ice configu red or assigned VLAN, then autho rization of all de vices on the [...]
-
Página 256
10-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication the egress direction. MA C ACLs are supported only in the ingress directi on. The switch supports VSAs only in the ingress directi on. It does not support por t A CLs in[...]
-
Página 257
10-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication Note If a downloadable A CL or redirect URL is configured for a client on the authen tica tion server , a default port A CL on the connected client switch port must al[...]
-
Página 258
10-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication When you enable a guest VL AN on an 802.1x p ort, the switch assigns clients to a guest VLAN when t he switch does not receiv e a response to its EAP requ est/identity f[...]
-
Página 259
10-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication restricted VLAN allows users without v alid credentials in an authen tication server (typically , visitors to an enterprise) to access a limited set of services. Th e [...]
-
Página 260
10-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication When this feature is enabled, the switch checks the status of the co nfigured RADIUS servers whene ver the switch tries to authenticate a host connected to a critical po[...]
-
Página 261
10-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication 802.1x Authentication with Voice VLAN Ports A voice VLAN port is a special access por t associated wit h two VLAN identi fiers: • VVID to carry voice traf f ic to an[...]
-
Página 262
10-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication The port security violation modes determin e the action for security vio lations. For more informatio n, see the “Security V iolations” section on pa ge 24-10 . • [...]
-
Página 263
10-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication 802.1x Authentication with MAC Authentication Bypass Y o u can conf igure the switch to auth orize clients based on the client MA C address (see Figure 10-2 on page 10[...]
-
Página 264
10-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication • Pri vate VLAN—Y ou can assign a client to a priv ate VLAN. • Network admissio n control (N A C) Layer 2 IP v alidati on—This feature takes ef fect after an 802[...]
-
Página 265
10-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication Open1x Authentication Open1x authentication allows a de vice access to a port before that device is authenticated. When open authentication is co nfigured, a ne w host[...]
-
Página 266
10-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication • Auto enablement: Automat ically enables trunk conf iguration on the authenti cator switch, allowing user traf fic from mult iple VLANs coming from supplicant switche[...]
-
Página 267
10-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Understanding IEEE 802.1x Port-Based Au thentication For more information, see the “ Authentication Manager” section on page 10-7 and the “Conf iguring W e b Authentication” section on page 10-60 . Web Authentica[...]
-
Página 268
10-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication Figur e 1 0-7 A uthentication Successful” Banner This banner can also be customi zed, as sho wn in Figure 10-8 . • Add a switch, router , or company na me to the ban[...]
-
Página 269
10-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Figur e 1 0-9 Login Screen With No Banner For more information, see the “Conf iguring a W eb Authentication Local Banner” sect ion on page 10-64 . Configuring 802.1x Authentication T[...]
-
Página 270
10-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication • Config uring a Restricted VLAN, page 10- 47 (optional) • Configuring the Inaccessible Auth entication Bypass Feature, page 10-49 (optional) • Config uring 802.1x Authenti cation wi[...]
-
Página 271
10-31 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication 802.1x Authentication Configuration Guidelines These section has configuration guidelines for these features: • 802.1x Authentication , page 10-31 • VLAN Assignme nt, Guest VLAN, Res[...]
-
Página 272
10-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication • The 802.1x protocol is suppo rted on Layer 2 static-access ports, v oice VLAN ports, and Layer 3 routed ports, b ut it is not supported on t hese port types: – T runk port—If you t[...]
-
Página 273
10-33 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication – If the client is running W indows XP and the port to which t he client is connected is in the critical-authentication state, W indows XP might report that the interface is not authen[...]
-
Página 274
10-34 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication Configuring 802.1x Readiness Check The 802.1x readiness check monitors 802.1x acti vity on all the swit ch ports and displays inf ormation about the de vices connected to the po rts that s[...]
-
Página 275
10-35 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Configuring Voice Aware 802.1x Security Y o u use the v oice aw are 802.1x security feature on th e switch to disable only the VLAN on wh ich a security violation occurs, whether it is a[...]
-
Página 276
10-36 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication This ex ample sho ws how to config ure the switch to shut do wn an y VLAN on which a security violation error occurs: Switch(config)# errdisable detect cause security-violation shutdown vl[...]
-
Página 277
10-37 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Configuring 802.1x Authentication T o conf igure 802.1x port-b ased authentication, you must en able authentication, au thorization, and accounting (AAA) and specify the au thentication [...]
-
Página 278
10-38 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication Configuring the Switch-to-RADIUS-Server Communication RADIUS security servers are identifi ed by their hostname or IP addres s, hos tname and sp ecif ic UDP port numbers, or IP address and[...]
-
Página 279
10-39 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Beginni ng in pri vileged EXEC mode, follo w these steps to conf igure the RADIUS serv er parameters on the switch. Thi s procedure is re quired. T o delete the specif ied RADIUS server [...]
-
Página 280
10-40 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication Configuring the Host Mode Beginni ng in priv ileged EXEC mode, follo w these steps to allo w a single host (cli ent) or multiple hosts on an 802.1x-authorized port. Use the multi-domain ke[...]
-
Página 281
10-41 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication This exampl e show s how to en able 802.1x authenticati on and to allo w multiple hosts: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# dot1x port-control auto Switch(co[...]
-
Página 282
10-42 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication T o disable periodic re-authenti cation, use the no authentication periodic or the no dot1x reauthenti cation interface conf iguration command. T o return to the defa ult number of seconds[...]
-
Página 283
10-43 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication T o return to the defa ult quiet time, use the no dot1x timeout quiet-period interf ace conf iguration command. This example sh ows ho w to set the qu iet time on the switch to 30 second[...]
-
Página 284
10-44 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication Setting the Switch-to-Client Frame-Retransmission Number Y ou can change the number of time s that the switch sends an EAP-request/identity frame (assuming no response is recei ved) to the[...]
-
Página 285
10-45 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Beginni ng in pri vileged EXEC mode, follow these steps to set the re-authentication number . This procedure is optional. T o return to the def ault re-authentication number , use the no[...]
-
Página 286
10-46 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication Beginni ng in pri vileged EXEC mode, follow these steps to conf igure 802.1x accounting aft er AAA is enabled on your switch. This procedure is optional. Use the show radius statistics pri[...]
-
Página 287
10-47 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication T o disable and remov e the guest VLAN, use the no dot1x guest-vl an interface conf iguration co mmand. The port returns to th e unauthorized state. This exampl e show s how to enable VL[...]
-
Página 288
10-48 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication T o disable and remo ve t he restricted VLAN, use the no dot1x auth-fail vlan interface conf iguration command. The port returns to the unaut horized state. This e xample sho ws ho w to en[...]
-
Página 289
10-49 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication T o return to the defaul t v alue, use the no dot1x auth-fail max-attempts interface configuration command. This example sho ws ho w to set 2 as the number of auth entication attempt s a[...]
-
Página 290
10-50 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication Step 4 radius-ser ver host ip-add r ess [acct-port udp-port ] [ auth-port udp-port ] [ test username name [ idle-time time ] [ ignore-acct-port ] [ ignore -auth-port ]] [ key string ] (Opt[...]
-
Página 291
10-51 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication T o return to the RADIUS serv er default settings, use th e no radius-server dead-criteria , the no radius-serv er deadtime , and the no radius-server host global conf iguration commands[...]
-
Página 292
10-52 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication T o disable 802.1x authent ication with W oL, use the no authentication control-dir ection or no dot1x control-dir ection interface co nfigu ration command. These examples sho w ho w to en[...]
-
Página 293
10-53 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication T o disable MA C authentication bypass, u se the no dot1x mac-auth-bypass interface conf iguration command. This exampl e show s how to enable MA C aut hentication b ypass: Switch(config[...]
-
Página 294
10-54 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication This exampl e show s how to configu re N A C Layer 2 802.1x v alidati on: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# dot1x reauthentication [...]
-
Página 295
10-55 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication This exampl e show s how to co nfigu re a switch as an 802.1x authenticat or: Switch# configure terminal Switch(config)# cisp enable Switch(config)# interface gigabitethernet2/0/1 Switch[...]
-
Página 296
10-56 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication This exampl e show s how to configu re a switch as a supplicant: Switch# configure terminal Switch(config)# cisp enable Switch(config)# dot1x credentials test Switch(config)# username supp[...]
-
Página 297
10-57 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Configuring a Do wnloadable Policy Beginni ng in pri vileged EXEC mod e: Command Purpose Step 1 configur e terminal Enter global configurati on mode. Step 2 access-list access-list-numbe[...]
-
Página 298
10-58 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication This exampl e show s how to configu re a switch for a do wnloadable polic y: Switch# config terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# aaa new-mo[...]
-
Página 299
10-59 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Configuring Open1x Beginni ng in pri vileged EXEC mod e: This exampl e show s how to configu re open 1x on a port: Switch# configure terminal Switch(config)# interface gigabitethernet 1/[...]
-
Página 300
10-60 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication This e xample sho ws ho w to enab le AAA, use R ADIUS aut hentication an d enable device tracking: Switch(config) configure terminal Switch(config)# aaa new-model Switch(config)# aaa authe[...]
-
Página 301
10-61 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Beginni ng in pri vileged EXEC mode, follow these steps to conf igure a port to use web authenti cation: This exampl e sho ws how to conf igure only web auth entication on a switch port:[...]
-
Página 302
10-62 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication This exampl e show s how to co nfigure 802 .1x authentication with web authenti cation as a fallb ack method. Switch(config) configure terminal Switch(config)# ip admission name rule1 prox[...]
-
Página 303
10-63 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring I EEE 802.1x Port-Bas ed Authentication Configuring 802.1x Authentication Configuring a Web Authentication Local Banner Beginni ng in privile ged EXEC mode, follo w these steps to conf igure a local banner on a switch that has web authentication configured. Th[...]
-
Página 304
10-64 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 10 Configuring IEEE 802.1x Port-Based Authentication Displaying 802.1x Statistics and Status This exampl e show s how to disable 802.1x authenticatio n on the port: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# no dot1x pae authenticator Resetting the 802.1[...]
-
Página 305
CH A P T E R 11-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 11 Configuring Interface Characteristics This chapter defines the types of interfaces on the Catalyst 3560 switc h and describes how to conf igure them. The chapter consists of these sec tions: • Understanding Interf ace T ypes, page 11-1 • Using Interface Con figur [...]
-
Página 306
11-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Understanding Interfac e Types Port-Based VLANs A VLAN is a switched netw ork that is logical ly segmented b y function, team, or application, w ithout regard to the physical location of the users. For more information about VLANs, se[...]
-
Página 307
11-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Understanding Interface Type s Access Ports An access port belongs to and carries the traff ic of only one VLAN (unless it is configured as a voice VLAN port). T raf fic i s receiv ed and sent in nati ve formats with no VLAN tagg ing.[...]
-
Página 308
11-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Understanding Interfac e Types on the customer switch. Pack ets entering the tu nnel port on the edg e switch, already IEEE 802.1Q-tagged wit h the customer VLANs, are encapsulated with another layer of an IEEE 802.1Q tag (called the [...]
-
Página 309
11-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Understanding Interface Type s Note Y ou cannot delete interf ace VLAN 1. SVIs pro vide IP host connecti vity only to the system; i n Layer 3 mode, you can conf igure routing acro ss SVIs. Although the swit ch supports a total or 10 0[...]
-
Página 310
11-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Understanding Interfac e Types is a monitoring port, yo u might confi gure autostate e xclude on that port so that the VLAN goes do wn when all other ports go do wn. When enabled on a port, autostate exclude applies to all VLANs that [...]
-
Página 311
11-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Understanding Interface Type s Power over Ethernet Ports Catalyst 3560 PoE-capabl e switch ports automatical l y supply po wer to th ese connected de vices (if the switch senses that there is no power on the circuit): • Cisco pre-st[...]
-
Página 312
11-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Understanding Interfac e Types After de vice detection, the switch d etermines th e de vice po wer requirements based on its type: • A Cisco pre-standard po wered de vice does not pro vide its po wer requirement wh en the switch det[...]
-
Página 313
11-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Understanding Interface Type s If granting p o wer would exceed the syste m power b udget, the switch denies power , ens ures that power to the port is turned of f, generates a sy slog message, and updates the LEDs. After power has be[...]
-
Página 314
11-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Using Interface Configuration Mode Figur e 1 1 -1 Conne cting VLANs with the Catalyst 3560 Switch When the IP services image is running on t he switch, the switch supports t wo methods of forw arding traf f ic between interfaces: rou[...]
-
Página 315
11-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Using Interface Configuration Mode • Module number—The module or slot number on the switch (al ways 0 on the Catalyst 3560 switch). • Port number—The int erface number on the switch. The port numbers alw ays beg in at 1, star[...]
-
Página 316
11-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Using Interface Configuration Mode Beg i nn in g i n pr ivi le ge d E X EC mo d e, fo l low th es e s t ep s t o configure a range of interfaces with the same parameters: When using the interface range global conf iguration command, [...]
-
Página 317
11-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Using Interface Configuration Mode This exampl e shows ho w to use the interface range global configurati on command to set the speed on ports 1 to 4 to 10 0 Mb/s: Switch# configure terminal Switch(config)# interface range gigabiteth[...]
-
Página 318
11-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Configuring Ethern et Interfaces – gigabitethernet modul e/{ fir st p or t } - { last po rt }, where the module is al ways 0 – port-channel port-chann el-number - port-c hannel-number , where the port-channel-number is 1 to 48. N[...]
-
Página 319
11-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Configuring Ethernet Interfaces • Config uring Interface Sp eed and Duple x Mode, page 11-17 • Config uring IEEE 802.3x Fl ow Co ntrol, page 11-20 • Config uring Auto-MDIX on an Interface, page 11- 21 • Config uring a Po wer [...]
-
Página 320
11-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Configuring Ethern et Interfaces Setting the Type of a Dual-Purpose Uplink Port Some Catalyst 3560 switches support dual-purpose upli nk ports. By default, t he switch dynamically selects the interface type that f irs t links up. Ho [...]
-
Página 321
11-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Configuring Ethernet Interfaces T o return to the def ault setting, use the media-type auto interface or the no media-type interface confi guration commands. e switch conf igures both types to autone gotiate speed and duple x (the de[...]
-
Página 322
11-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Configuring Ethern et Interfaces These sections describe ho w to conf igure the interf ace speed and duple x mode: • Speed and Duple x Conf iguration Guidelines, page 11-18 • Setting the Interface Speed and Duplex P arameters, pa[...]
-
Página 323
11-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Configuring Ethernet Interfaces Use the no speed and no duplex interface conf iguration commands to return t he interface to the def ault speed and duple x settings (autone gotiate). T o return al l interface settings to the defaults[...]
-
Página 324
11-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Configuring Ethern et Interfaces Configuring IEEE 802.3x Flow Control Flow control enables connect ed Ethernet ports to control traf f ic rates duri ng conges tion by allowing congested nodes to pause link operatio n at the othe r en[...]
-
Página 325
11-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Configuring Ethernet Interfaces Configuring Auto-MDIX on an Interface When automatic medium-dep endent interface crossover (auto-MDIX) is enabled on an interface, the interface automatically detects the required cable c onnection typ[...]
-
Página 326
11-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Configuring Ethern et Interfaces Configuring a Power Management Mode on a PoE Port For most sit uations, the defau lt configur ation (auto mode) w orks well, pro viding plug-and-play operation. No further conf iguratio n is required.[...]
-
Página 327
11-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Configuring Ethernet Interfaces For informatio n about the output of the sho w power inline user EXEC command, see the command reference for this release. For more info rmation about PoE-related commands, see the “T roubleshooting [...]
-
Página 328
11-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Configuring Ethern et Interfaces Beginning in priv ileged EXEC mode, foll ow these steps to c on f i g ur e t he amount of po wer b udgeted to a powered de vice connected to each PoE port on a switch: T o return to the def ault setti[...]
-
Página 329
11-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Configuring Layer 3 Interfaces Beginning in priv ileged EXEC mode, foll ow these steps to add a description for an interf ace: Use the no description interface co nfiguratio n command to delete the description. This exampl e show s h[...]
-
Página 330
11-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Configuring La yer 3 Interfaces A Layer 3 switch can have an IP addres s assigned to each routed port and SVI. There is no def ined limit to the number of SVI s and routed ports that can be conf igured in a switch. Ho wev er , th e i[...]
-
Página 331
11-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Configuri ng the System MTU This exampl e shows ho w to co nfigure a p ort as a routed port and to assign it an I P address: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# inte[...]
-
Página 332
11-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Configuring the System MTU Note Y ou cannot configure a routing MTU size that exceeds the system MTU size. If you change the system MTU size to a value smalle r than the currently conf igured routing MTU size, the conf iguration chan[...]
-
Página 333
11-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Monitoring and Main taining the Interfaces If you enter a v alue that is out side the allo wed range for the specif ic type of int erface, the v alue is not accepted. Once the switch reloads, you can veri fy your settings b y enterin[...]
-
Página 334
11-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Monitoring and Main ta ining the Interfaces Clearing and Resetting Interfaces and Counters Ta b l e 11-5 lists the privileg ed EXEC mode clear commands that you can use to clear counters and reset interfaces. T o clear the interface [...]
-
Página 335
11-31 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configuring Interface Ch aracteristics Monitoring and Main taining the Interfaces Note The clear counters privi leged EXEC command do es not clear counters retrie v ed by using Simple Network Management Protocol (SNMP), b ut only those seen with the show interface priv il[...]
-
Página 336
11-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 11 Configur ing Interface Characteristics Monitoring and Main ta ining the Interfaces[...]
-
Página 337
CH A P T E R 12-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 12 Configuring Auto Smartports Macros This chapter describes ho w to conf igure and apply Auto Smartports and static Smartports macros on the Catalyst 35 60 switch. Note For complete syntax and usage in formation for the co mmands used in this chapter , see the command r[...]
-
Página 338
12-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configur ing Auto Smartports Macros Configuring Auto Smartports Configuring Auto Smartports • Default Au to Smartports Conf iguration, pa ge 12-2 • Auto Smartports Conf iguration Guidelines, page 12-3 • Enabling Auto Sma rtports, page 12-3 • Config uring Auto Smart[...]
-
Página 339
12-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configuring Auto Smartpo rts Macros Configuring Auto Smartports Auto Smartports Configuration Guidelines • The bui lt-in macros cannot be deleted or changed. Ho we v er , you can o verride a b uilt-in macro b y creating a user-def ined macro with the same name. T o resto[...]
-
Página 340
12-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configur ing Auto Smartports Macros Configuring Auto Smartports Y ou can use the show shell functions and the show shell trig gers pri vile ged EXEC command to display the event triggers, the built-in mac ros, and the built-in mac ro default values. This example sho ws how[...]
-
Página 341
12-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configuring Auto Smartpo rts Macros Configuring Auto Smartports Step 2 macro auto execute e vent trig ger bu iltin buil t-in macr o name [ parameter=value ] [ parameter=value ] Define mapp ing from an e vent trigg er to a buil t-in macro. Specify an event trigger : • CIS[...]
-
Página 342
12-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configur ing Auto Smartports Macros Configuring Auto Smartports This ex ample sho ws ho w to use two built-i n Auto Sm artports macros for connec ting Cisco switches and Cisco IP phones to the switch. Th is example modifies the def ault voice VLAN, access VLAN, and native [...]
-
Página 343
12-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configuring Auto Smartpo rts Macros Configuring Auto Smartports Use the no shell trigger identif ier global configu ration command to delete the e v ent trigger . This exampl e show s how to map a user-def ined e vent trigger called R ADIUS_MAB_ EVENT to th e built-in macr[...]
-
Página 344
12-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configur ing Auto Smartports Macros Configuring Auto Smartports Trigger Id: CISCO_ROUTER_EVENT Trigger description: Event for router macro Trigger environment: NATIVE_VLAN=1 Trigger mapping function: CISCO_ROUTER_AUTO_SMARTPORT Trigger Id: CISCO_SWITCH_EVENT Trigger descri[...]
-
Página 345
12-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configuring Auto Smartpo rts Macros Configuring Auto Smartports function CISCO_SWITCH_AUTO_SMARTPORT () { if [[ $LINKUP -eq YES ]]; then conf t interface $INTERFACE macro description $TRIGGER auto qos voip trust switchport trunk encapsulation dot1q switchport trunk native [...]
-
Página 346
12-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configur ing Auto Smartports Macros Configuring Auto Smartports This example sho ws how to map a user -def ined ev en t trigger called Cisco Di gital Media Player (DMP) to a user -def ined macro. a. Connect the DMP to an 802.1x- or MAB-enabled switch port. b. On the RADIU[...]
-
Página 347
12-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configuring Auto Smartpo rts Macros Configuring Static Smartports Macros Configuring Static Smartports Macros This section descri bes how to conf igure and enable static Smartport s macros. • Default Stati c Smartports Conf iguration, page 12-11 • Static Smartports Co[...]
-
Página 348
12-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configur ing Auto Smartports Macros Configuring Static Sma rtports Macros Static Smartports Configuration Guidelines • When a macro is applied globally to a switch or to a switch i nterface, all e xisting conf iguration on the interface is retained. This is helpful when[...]
-
Página 349
12-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configuring Auto Smartpo rts Macros Configuring Static Smartports Macros Y o u can only delete a global macr o-applied conf iguration on a switch by entering the no version of each command in the macro. Y ou can delete a macro-a p plied conf iguratio n on a port b y enter[...]
-
Página 350
12-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 12 Configur ing Auto Smartports Macros Displaying Auto Smartports and Static Smartports Macr os This exampl e shows ho w to disp lay the cisco-deskt op macro, to apply the macro and to set the access VLAN ID to 25 on an interface: Switch# show parser macro cisco-desktop ----[...]
-
Página 351
CH A P T E R 13-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 13 Configuring VLANs This chapter descri bes how to conf igure no rmal-range VLANs (VLAN IDs 1 to 1005) and extended-range VLANs (VLAN IDs 10 06 to 4094) o n the Catalyst 3560 switch. It includes informat ion about VLAN membership modes, VLAN configur ation modes, VLAN t[...]
-
Página 352
13-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Understanding VLANs Figure 13-1 sho ws an e xample of VLANs segmented i nto logically defi ned networks. Figur e 13-1 VLANs as Logically Defined Networ ks VLANs are often associated with IP subnet works. F or example, all the end stations in a particular[...]
-
Página 353
13-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Understanding VLANs Although the switch sup ports a total of 1005 (nor mal range and extended range) VLANs, the number of routed ports, SVIs, and other conf igured featur es af fects the use of the switch hardware. The switch supports per -VLAN spanning-t[...]
-
Página 354
13-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring Normal-Ra nge VLANs For more detail ed definit ions of access and trunk modes an d their functions, see Ta b l e 13-4 on page 13-18 . When a port belongs to a VLAN, th e switch learns and manages the addresses assoc iated with the port on a p[...]
-
Página 355
13-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring Normal-Range VLANs Caution Y o u can cause inconsisten cy in the VLAN database if you attempt to manually d elete the vlan.dat f ile. If you w ant to modify the V LAN conf iguration, use th e commands descri bed in these sections and in the co[...]
-
Página 356
13-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring Normal-Ra nge VLANs Token Ring VLANs Although the switch does not support T oken Ring connection s, a remote device such as a Cat alyst 5000 series switch with T oken Ring connections could be managed from one of the support ed switches. Swit[...]
-
Página 357
13-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring Normal-Range VLANs VLAN Configuration Mode Options Y ou can conf igure normal-rang e VLANs (with VLAN IDs 1 to 1005) b y using these tw o conf iguration modes: • VLAN Configuratio n in config-vlan Mode, page 13-7 Y ou access config-vlan mode[...]
-
Página 358
13-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring Normal-Ra nge VLANs When you sa ve VLAN and VT P information (including e xtended-rang e VLAN conf iguration informa tion) in the startu p configuration file and reboot the switch, the sw itch configuration is selected as follo ws: • If the[...]
-
Página 359
13-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring Normal-Range VLANs Creating or Modifying an Ethernet VLAN Each Ethernet VLAN in the VLAN database has a uniqu e, 4-digit ID that can be a number from 1 to 1001. VLAN IDs 1002 to 1 005 are reserved for T oken Ring and FDDI VLANs. T o create a n[...]
-
Página 360
13-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring Normal-Ra nge VLANs Y ou can also create or m odify Ethernet VLANs by using the VLAN database conf iguration mode. Note VLAN da tabase configuration mo de does not sup port RSP A N VLAN configuration o r extended-range VLANs. Beginning in pr[...]
-
Página 361
13-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring Normal-Range VLANs Caution When you delete a VLAN , any ports assigned to that VLAN become inacti ve. The y remain associated with the VLAN (and thus inacti v e) until you assign t hem to a ne w VLAN. Beginning in priv ileged EXEC mode, foll [...]
-
Página 362
13-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring Extende d-Range VLANs T o return an interf ace to its default con figur ation, use the default interface interface-id interface confi guration command. This example sho ws how to conf igure a port as an access port in VLAN 2: Switch# configu[...]
-
Página 363
13-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring Extended-Rang e VLANs Extended-Range VLAN Configuration Guidelines Follo w these guidelines when creating e xtended-range VLANs: • T o add an e xtended-range VLAN, you must use the vlan vlan-id g lobal conf iguration command and access conf[...]
-
Página 364
13-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring Extende d-Range VLANs settings of all param eters. If you enter an e xtend ed-range VLAN ID when the switch is not in VTP transparent mode, an error message is gen erated when you e xit from conf ig-vlan mode, and th e extend ed-range VLAN i[...]
-
Página 365
13-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring Extended-Rang e VLANs Creating an Extended-Range VLAN with an Internal VLAN ID If you enter an extended-range VLAN ID that is alre ady assigned to an internal VL AN, an error message is generated, and the e xtended-range VLAN is r ejected. T [...]
-
Página 366
13-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Displa ying VLANs Displaying VLANs Use the show vlan pr ivile ged EXEC command to displ ay a list of all VLANs on the switch , including extended-range VLANs. The di splay includes V LAN status, ports, and configuration information . T o view normal-ran[...]
-
Página 367
13-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VLAN Trunks Figure 13-2 sho ws a network of switches that are connected by ISL trunks. Figur e 13-2 Switc hes in an ISL T r unking Envir onment Y o u can conf igure a trun k on a single Ethernet i nterface or on an Ether Channel bundle. F or [...]
-
Página 368
13-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VLAN Tru nks Encapsulation Types Ta b l e 13-5 lists the Ethernet trunk enca psulation types an d keywords. Note The switch does not support Layer 3 trunks; you cannot conf igure subinter faces or use the encapsulation keyw ord on Layer 3 in[...]
-
Página 369
13-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VLAN Trunks IEEE 802.1Q Configur ation Considerations The IEEE 802.1Q trunks impose th ese limitations on the trunking strate gy for a network: • In a network of Cisco switches co nnected through IEEE 802.1Q trunk s, the switches maintain o[...]
-
Página 370
13-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VLAN Tru nks • Changing the Pruning-Eligi ble List, page 13-23 • Config uring the Nati ve VLAN for U ntagged T raf fic, page 13 -23 Note By default, an interface is in Layer 2 mode . The default mode for Layer 2 interfaces is switchport [...]
-
Página 371
13-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VLAN Trunks T o return an interf ace to its default con figur ation, use the default interface interface-id interface confi guration command. T o reset all trunking ch aracteri stics of a trunki ng interface to t he defaults, use the no switc[...]
-
Página 372
13-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VLAN Tru nks Note VLAN 1 is t he default VLAN on all trunk ports in all C isco switches, and it has pre viously been a requirement that VLAN 1 always be enabled on ev ery trunk link. Y ou can use the VLAN 1 minimization feature to disable VL[...]
-
Página 373
13-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VLAN Trunks Changing the Pruning-Eligible List The pruning-eligibl e list applies only to trun k ports. Each trunk port has its o wn eligibili ty list. VTP pruning must be enabled fo r this procedure to take ef fect. The “Enablin g VTP Prun[...]
-
Página 374
13-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VLAN Tru nks Beginni ng in pri vileged EXEC mode, follow these steps to conf igure the nati v e VLAN on an IEEE 802.1Q trunk: T o return to the def ault nati ve VLAN, VLAN 1, u se the no switchport trunk native vlan interface confi guration [...]
-
Página 375
13-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VLAN Trunks In this way , Trunk 1 carries traf fic for VLA Ns 8 through 10, and T run k 2 carries traf f ic for VLANs 3 through 6. If the acti ve tr unk fails, the trunk with the lo wer priori ty takes ov er and carries the traf f ic for all [...]
-
Página 376
13-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VLAN Tru nks Load Sharing Usin g STP Path Cost Y o u can conf igure parallel t runks to share VLAN traf f ic by setti ng dif ferent path costs on a trunk and associating the path costs with d ifferen t sets of VLANs, blocki ng dif ferent por[...]
-
Página 377
13-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VMPS Configuring VMPS The VLAN Query Protocol (VQP) is used to support dynamic-access ports, which are not permanently assigned to a VLAN, but gi v e VLAN assignments base d on the MA C sour ce addr esses seen on the port. Each time an unkno [...]
-
Página 378
13-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VMPS Understanding VMPS Each time the client switch receiv es the MA C address of a new host, it sends a VQP quer y to the VMPS. When the VMPS receives this query , it searches its da tabase for a M A C-address-to-VLAN m apping. The server r[...]
-
Página 379
13-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VMPS Dynamic-access ports can be used for direct host connect ions, or they can connect to a ne twork. A maximum of 20 MA C addresses are allowed per port on the switch. A dynamic-access port can belong to only one VLAN at a time, but the VLA[...]
-
Página 380
13-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VMPS Configuring the VMPS Client Y o u conf igure dynamic VLANs by usin g the VMPS (ser v er). The switch can be a VMPS client; it cannot be a VMPS server . Entering the IP Ad dress of the VMPS Y o u must f irst enter the IP address of the s[...]
-
Página 381
13-31 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VMPS T o return an interf ace to its default con figur ation, use the default interface interface-id interface confi guration command. T o return an interface to i ts default switch port mode (dynamic au to), use the no switchport mode interf[...]
-
Página 382
13-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VMPS Changing the Retry Count Beginni ng in pri vileged EXEC mode, foll ow th ese steps to change the number of t imes that the switch attempts to contact the VMPS befo re querying the next serv er: T o return the switch to its def ault sett[...]
-
Página 383
13-33 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLANs Configuring VMPS Troubleshooting Dynamic-Access Port VLAN Membership The VMPS shuts down a dynamic-access port under these conditions: • The VMPS is in secure mode, and it does not allo w the host to connect to the port. The VMPS s huts do wn the port [...]
-
Página 384
13-34 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 13 Configuring VLA Ns Configuring VMPS Figur e 13-5 Dynamic P ort VLAN Membership Configur ation Primar y VMPS Ser v er 1 Catalyst 6500 series Secondar y VMPS Ser v er 2 Catalyst 6500 series Secondar y VMPS Ser v er 3 172.20.26.150 172.20.26.151 Catalyst 6500 series switch A[...]
-
Página 385
CH A P T E R 15-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 15 Configuring Voice VLAN This chapter describes ho w to conf igure the v oice VLAN feature on the Catalyst 3560 swi tch. V oice VLAN is refe rred to as an auxiliary VLAN in some Catalyst 6500 family swit ch documentation. Note For complete syntax and usage in formation [...]
-
Página 386
15-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 15 Configurin g Voice VLAN Understanding Voice VLAN Figure 15-1 sho ws one way t o connect a Cisco 7960 IP Phone. Figur e 15-1 Cisco 7960 IP Phone Connected t o a Switc h Cisco IP Phone Voice Traffic Y ou can confi gure an acc ess port wi th an attached Cisco IP Phone to use [...]
-
Página 387
15-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 15 Configuring Voice VLAN Configuring Voic e VLAN Note Untagged traff ic from the device attached to the Ci sco IP Phone p asses through the phone unch anged, regardless of t he trust state of the access port on the phone. Configuring Voice VLAN These sections contain this co[...]
-
Página 388
15-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 15 Configurin g Voice VLAN Configuring Voice VLAN • The Port Fast feature is auto ma tically enabled when vo ice VLAN is conf igured. When you disable voice VLAN, the Port Fast featur e is not automatically disabl ed. • If the Cisco IP Phone and a de vice attached to the [...]
-
Página 389
15-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 15 Configuring Voice VLAN Configuring Voic e VLAN Configuring Cisco IP Phone Voice Traffic Y o u can conf igure a port connected to the Cisco IP Ph one to send CDP pack ets to the phone to conf igure the way in which the phone sends vo ice traf f ic. The phone can carry vo ic[...]
-
Página 390
15-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 15 Configurin g Voice VLAN Configuring Voice VLAN This exampl e show s how to co nfigu re a port connected to a Cisco IP Ph one to use the CoS v alue to classify incoming traff ic, to use IEEE 802.1p prio rity tagging for v oice traff ic, and to use the def ault nati ve VLAN [...]
-
Página 391
15-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 15 Configuring Voice VLAN Displaying Voice VLAN This exampl e sho ws how to configure a por t connected to a Cisco IP Phone to not change th e priority of frames receiv ed from the PC or the attached device: Switch# configure terminal Enter configuration commands, one per lin[...]
-
Página 392
15-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 15 Configurin g Voice VLAN Displaying Voice VLAN[...]
-
Página 393
CH A P T E R 16-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 16 Configuring VTP This chapter describe s ho w to use the V LAN T run king Protocol (VTP) and t he VLAN database for managing VLANs with the Cataly st 3560 switch. Note For complete syntax and usage in formation for the co mmands used in this chapter , see the command r[...]
-
Página 394
16-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configur ing VTP Understanding VTP These sections contain this conceptual information: • The VTP Domain, page 16-2 • VTP Modes, page 16-3 • VTP Advertisemen ts, page 16-3 • VTP V ersion 2, page 16 -4 • VTP Pruning, page 16-4 The VTP Domain A VTP domain (also call[...]
-
Página 395
16-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring VTP Understanding VTP VTP Modes Y o u can conf igure a supported sw itch to be in one of the VTP mod es listed in Ta b l e 16 -1 . VTP Advertisements Each switch in the VTP domain se nds periodic global co nfigurat ion adverti sements from each trunk port to a [...]
-
Página 396
16-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configur ing VTP Understanding VTP • MD5 digest VLAN conf iguration, i ncluding maximum transm ission unit (MTU) size for each VLAN. • Frame format VTP advertisements distribute this VL AN information for each conf igured VLAN: • VLAN IDs (ISL and IEEE 802.1Q) • VL[...]
-
Página 397
16-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring VTP Understanding VTP Figure 16-1 sho ws a switched network without VTP pr uning enabled. Port 1 on Switch A and Port 2 on Switch D are assigned to the Red VLAN. If a broadcas t is sent from the host connected to Switch A, Switch A floods the broadcast and e ve[...]
-
Página 398
16-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configur ing VTP Configuring VTP See the “Enabling VTP Pruning” section on page 16-14 . VTP pruning takes ef fect se veral seconds after you enable it. VTP pruning does no t prune traff ic fro m VLANs that are pruning-ineligible. VLAN 1 and VLANs 1002 to 1005 are al wa[...]
-
Página 399
16-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring VTP Configuring VTP VTP Configuration Options Y o u can conf igure VTP b y using these conf iguratio n modes. • VTP Confi guration in Global Con figurati on Mode, page 16-7 • VTP Conf iguration in VLAN Data base Conf iguration Mo de, page 16-7 Y ou access V[...]
-
Página 400
16-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configur ing VTP Configuring VTP VTP Configuration Guidelines These sections describe guidelines you should follo w when implemen ting VTP in your netw ork. Domain Names When config uring VTP for the f irst time, you must al ways assign a domain n ame. Y ou must confi gure[...]
-
Página 401
16-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring VTP Configuring VTP • Do not enable VTP V ersion 2 on a switch unless all of the switch es in the same VTP domain are V ersion-2-capable. When you enable V ersion 2 on a switch, all of the V ersion-2-capa ble switches in the domain enable V ersion 2. If there[...]
-
Página 402
16-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configur ing VTP Configuring VTP When you conf igure a domain name, it cannot be remo ved; you can only reassign a switch to a diff erent domain. T o return the switch to a no-passw ord state, use the no vtp password global conf igurat ion command. This example sho ws ho [...]
-
Página 403
16-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring VTP Configuring VTP APPLY completed. Exiting.... Switch# Configuring a VTP Client When a switch is in VTP client mode, you cannot change its VLAN conf iguration. Th e client switch recei ves VTP updates from a V TP server in the V TP domain and then modif ies [...]
-
Página 404
16-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configur ing VTP Configuring VTP Note Y ou can also conf igure a VTP client b y using the vlan database p rivile ged EXEC command to ent er VLAN data base configuration mode an d entering the vtp client command, similar to the second procedure under “Conf iguring a VTP [...]
-
Página 405
16-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring VTP Configuring VTP Note Y ou can also configure VTP transparent mode b y using the vlan database pri vileged EXEC command to enter VLAN database configuratio n mode and by entering th e vtp transpar ent command, similar t o the second procedure under the “C[...]
-
Página 406
16-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configur ing VTP Configuring VTP Enabling VTP Pruning Pruning increases a vail able bandwidth b y restricting flooded traff ic to those t runk links that the traf f ic must use to access the destination de vices. Y ou can only enable VTP pruning on a switch in VTP server [...]
-
Página 407
16-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring VTP Configuring VTP Beginni ng in pri vileged EXEC mode, follow these steps to verify and reset the VTP conf iguration revision number on a switch befor e adding it to a VTP domain : Y ou can also change the VTP domain name by entering the vlan database privil[...]
-
Página 408
16-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configur ing VTP Monitoring VTP Monitoring VTP Y o u monitor VTP b y displaying VTP con figur ation information: the d omain name, the current VTP re vision, and the number of VLANs. Y ou can also di splay statistics about the adv ertisements sent and receiv ed by the swi[...]
-
Página 409
CH A P T E R 14-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 14 Configuring Private VLANs This chapter descri bes how to conf igure priv ate VLANs on th e Cisco Catalyst 3560 switch. Note For complete syntax and usage in formation for the co mmands used in this chapter , see the command reference for this release. The chapter cons[...]
-
Página 410
14-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLANs Understanding Private VLANs Figur e 14-1 Pr iv ate-VLAN Domain There are two types of secondary VLANs: • Isolated VLANs—Ports within an isolated VLAN cannot communi cate with each other at the Layer 2 level. • Community VLANs—Ports within [...]
-
Página 411
14-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLAN s Understanding Private VLANs Primary and secondary VLANs have these characteristics: • Primary VLAN—A pri v ate VLAN has only one primary VLAN. Ev ery port in a pri v ate VLAN is a member of the primary VLAN. The primar y VLAN carries unidirec[...]
-
Página 412
14-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLANs Understanding Private VLANs Private VLANs across Multiple Switches As with regular VLANs, pri v ate VLANs can span mul tiple switches. A trunk port carries the primary VLAN and secondary VLANs t o a neighboring switch. The trun k port treats the p[...]
-
Página 413
14-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLAN s Configuring Private VLANs Private VLANs and Unicast, Br oadcast, and Mu lticast Traffic In regular VLANs, devices in the same VLAN can communicate with each other at the Layer 2 lev el, but de vices conne cted to inter faces in different VL ANs m[...]
-
Página 414
14-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLANs Configuring Private VLANs Tasks for Configuring Private VLANs T o configure a pri v ate VLAN, follo w these steps: Step 1 Set VTP mode to transparen t. Step 2 Create the primary and secondary VLAN s and associate them. See the “Conf iguring and [...]
-
Página 415
14-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLAN s Configuring Private VLANs • After you ha ve conf igured pri v ate VLANs, use the copy running-confi g st artup config pri vileged EXEC command to sa ve the VTP transpar ent mode conf iguration and pri v ate-VLAN conf iguration in the switch sta[...]
-
Página 416
14-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLANs Configuring Private VLANs T o fi lter out specif ic IP traff ic for a pri v ate VLAN, you shou ld apply the VLAN map to b oth the primary and secondary VLANs. • Y o u can apply rou ter A CLs only on the primary- VLAN SVIs. The A CL is applied to[...]
-
Página 417
14-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLAN s Configuring Private VLANs • Do not conf igure pri v ate-VLAN ports on interf aces conf igured for these other features: – dynamic-access port VLAN membership – Dynamic T runking Pr otocol (DTP) – Port Aggre gation Protocol (P AgP) – Lin[...]
-
Página 418
14-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLANs Configuring Private VLANs When you associate secondary VLANs with a pr imary VLAN, note this syntax information: • The secondary_vlan_list parameter cannot contai n spaces. It can contai n multiple co mma-separated items. Each item can be a sin[...]
-
Página 419
14-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLAN s Configuring Private VLANs Switch(config-vlan)# private-vlan community Switch(config-vlan)# exit Switch(config)# vlan 503 Switch(config-vlan)# private-vlan community Switch(config-vlan)# exit Switch(config)# vlan 20 Switch(config-vlan)# private-v[...]
-
Página 420
14-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLANs Configuring Private VLANs Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: 20 (VLAN0020) 25 (VLAN0025) Administrative private-vlan mapping: none Admi[...]
-
Página 421
14-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLAN s Configuring Private VLANs Switch(config)# interface fastethernet0/2 Switch(config-if)# switchport mode private-vlan promiscuous Switch(config-if)# switchport private-vlan mapping 20 add 501-503 Switch(config-if)# end Use the show vlan pri vate-v[...]
-
Página 422
14-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 14 Configuring Private VLANs Monitoring Private VLANs Switch(config)# interface vlan 10 Switch(config-if)# private-vlan mapping 501-502 Switch(config-if)# end Switch# show interfaces private-vlan mapping Interface Secondary VLAN Type --------- -------------- ----------------[...]
-
Página 423
CH A P T E R 16-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 16 Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling V irtual priv ate networks (VPNs) provide enterpri se-s cale connectivity on a shar ed infrastruc ture, often Ethernet-based, with the same secu rity , priorit ization, reliability , and manageability requirements[...]
-
Página 424
16-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Understanding IEEE 802.1Q Tunneling Customer traf fic tagged in the normal w ay with appropriate VLAN IDs comes from an IEEE 802.1Q trunk port on the cu stomer de vice and into a tunn el port on the service- provider [...]
-
Página 425
16-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Understanding IEEE 802. 1Q Tunneling Figur e 16-2 Or iginal (N or mal), IEEE 802.1Q, and Double-T agged Ether net P ac k et For mats When the packet enters the trunk port of the service-provider e gre ss switch, the o[...]
-
Página 426
16-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring IEEE 802.1Q Tunneling Configuring IEEE 802.1Q Tunneling These sections contain this configu ration informatio n: • Default IEEE 802.1Q T unne ling Configuration, page 16-4 • IEEE 802.1Q T unneling Conf[...]
-
Página 427
16-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configuring IEEE 802.1Q Tu nneling These are some way s to solve this p roblem: • Use ISL trunks be tween core swit ches in the service- provider netw ork. Although customer interfaces connected to edge sw itches mu[...]
-
Página 428
16-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring IEEE 802.1Q Tunneling IEEE 802.1Q Tunneling and Other Features Although IEEE 802.1Q tunneling works well for La yer 2 packet switching, th ere are incompatibilities between som e Layer 2 features and La ye[...]
-
Página 429
16-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Understanding Layer 2 Protoc ol Tunneling Use the no switchport mode dot1q-tunnel interf ace conf iguration command to return the p ort to the default state of d ynamic de sirable. Use th e no vlan dot1q tag nativ e g[...]
-
Página 430
16-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Understanding Layer 2 Protoco l Tunneling When protocol tunnel ing is enabled, edge switches on the inbound si de of the service-pro vider network encapsulate Layer 2 protocol p ackets with a special MA C addres s and[...]
-
Página 431
16-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Understanding Layer 2 Protoc ol Tunneling Figur e 16-4 Lay er 2 Prot ocol T unneling Figur e 16-5 Lay er 2 Networ k T opolog y without Pr oper Conv erg ence In an SP network, you can use Layer 2 prot ocol tunneling to[...]
-
Página 432
16-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunneling For e xample, in Figure 16-6 , Customer A has two switches in the same VLAN that are connected through the SP ne twork. When the network tu nnels PD Us, switches on the far end[...]
-
Página 433
16-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configuring Layer 2 Protoc ol Tunneling See Figure 16-4 , with Customer X and Customer Y in access VLANs 30 and 40, re specti vely . Asymmetric links connect the cust omers in Site 1 to edge switches in the service-p[...]
-
Página 434
16-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunneling • For int eroperability with third-party v endor switches, the switch supports a Layer 2 prot ocol-tunnel bypas s feature. Byp ass mode tran sparently for war ds control PDUs[...]
-
Página 435
16-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configuring Layer 2 Protoc ol Tunneling Use the no l2protocol-tunnel [ cdp | stp | vtp ] interf ace conf iguration command to d isable protocol tunneling for one of the Layer 2 protocols or for all t hree. Use the no[...]
-
Página 436
16-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunneling Switch(config)# end Switch# show l2protocol COS for Encapsulated Packets: 7 Port Protocol Shutdown Drop Encapsulation Decapsulation Drop Threshold Threshold Counter Counter Cou[...]
-
Página 437
16-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Configuring Layer 2 Protoc ol Tunneling Use the no l2protocol-tunnel [ point-to-point [ pagp | lacp | udld ]] interface conf iguration command to disable point-to-po int protocol tunneling for one of the Layer 2 prot[...]
-
Página 438
16-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunneling Use the no switchport mode trunk , the no udld enable , and the no channel gr oup chann el-gr oup-number mode desirable interface conf iguration commands to return the interfac[...]
-
Página 439
16-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q and Layer 2 Pr otocol Tunneling Monitoring and M aintaining Tunneling Status Switch(config-if)# l2protocol-tunnel point-to-point pagp Switch(config-if)# l2protocol-tunnel point-to-point udld Switch(config-if)# l2protocol-tunnel drop-threshold point[...]
-
Página 440
16-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 16 Configuring IEEE 802.1Q an d Layer 2 Protocol Tunneling Monitoring and Main ta ining Tunneling Status For detailed in formation abou t these displa ys , see the command reference for this re lease. show l2pr otocol-tunnel interface interface-id Di splay information about [...]
-
Página 441
CH A P T E R 17-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 17 Configuring STP This chapter describes ho w to con figur e the Spanning T ree Prot ocol (STP) on port-based VLANs on the Catalyst 3560 sw itch. The switch can use either the per-VLAN span ning-tree plus (PVST+) pro tocol based on the IEE E 802.1D stand ard and Cisco p[...]
-
Página 442
17-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Understanding Spannin g-Tree Features • Spanning-T ree Inter operability and Backward Comp atibility , page 17-10 • STP and IEEE 802.1Q Trunks, page 17-10 • VLAN-Bridge Sp anning T ree, page 17-10 For conf iguration information, see the “Configurin[...]
-
Página 443
17-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Understanding Spanning -Tree Features Spanning-Tree Topology and BPDUs The stable, activ e spanning-tree to pology of a switched netw ork is controll ed by these elements: • The unique bridge ID (switch pr iority and MA C address) associated with each VLA[...]
-
Página 444
17-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Understanding Spannin g-Tree Features Bridge ID, Switch Priority, and Extended System ID The IEEE 802.1D standard requires that each switch has an unique bridge iden tifier (bridge ID), which controls the selection of the root switch. Beca use each VLA N i[...]
-
Página 445
17-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Understanding Spanning -Tree Features An interface mov es through these states: • From initializatio n to blocking • From blocking to listenin g or to disabled • From listening to learning or to disabled • From learning to forw arding or to disabled[...]
-
Página 446
17-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Understanding Spannin g-Tree Features there is only one switch in the net work, no e xchange occurs, the forward-del ay timer expi res, and the interface mo ves to t he listening state. An interf ace always enters the blocking state af ter switch initializ[...]
-
Página 447
17-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Understanding Spanning -Tree Features Disabled State A Layer 2 interface in the disabled stat e does not part icipat e in frame forwardi ng or in the spannin g tree. An interface in the d isabled state is nonoperati onal. A disabled interf ace pe rforms the[...]
-
Página 448
17-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Understanding Spannin g-Tree Features Spanning Tree and Redundant Connectivity Y ou can creat e a redundant backbo ne with spannin g tree by connecting two swit ch interfaces to anot her device or to tw o different de vices, as sho wn in Figure 17-3 . Span[...]
-
Página 449
17-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Understanding Spanning -Tree Features Because each VLAN is a separate spanning-tree inst ance, the switc h accelerates aging on a pe r -VLAN basis. A spanning-tree rec onfiguration on one VLAN can cause the dynamic addresses learned on that VLAN to be subje[...]
-
Página 450
17-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Understanding Spannin g-Tree Features Spanning-Tree Interoperabi lity and Backward Compatibility Ta b l e 17-2 lists the interoperability and compat ibility among the supported spann ing-tree modes in a network. In a mixed MSTP an d PVST+ network, the com[...]
-
Página 451
17-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Configuring Spanning-Tree Features T o support VLAN-br idge spanning tree, so me of th e spanning-tree timers are increased. T o us e the fallback bri dging feature, you must ha v e the enhanced multilayer image instal led on your switch. F or more informa[...]
-
Página 452
17-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Configuring Spanning -Tree Features Spanning-Tree Configuration Guidelines If more VLANs are defined in the VTP than there are sp anning-tree ins tances, you can en able PVST+ or rapid PVST+ on only 128 V LANs on the switch. The remainin g VLANs operate w[...]
-
Página 453
17-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Configuring Spanning-Tree Features The switch supports PVST+, rapid PVST+, and MSTP , but only one version can be acti ve at an y time. (For e xample, all VLANs run PVST+, all VLANs run rapid PVST+, or all VLANs r un MSTP .) For information about the dif f[...]
-
Página 454
17-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Configuring Spanning -Tree Features T o return to the def ault setting, use t he no spanning-tree mode glob al conf iguration command. T o return the port to its def ault setting, use the no spanning-tr ee link-type interface co nfigur ation command. Disa[...]
-
Página 455
17-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Configuring Spanning-Tree Features If any root switch for the specif ied VLAN has a switch p riority lower than 24576, t he switch sets it s o wn priority for the specif ied VLAN to 4096 less than the lo west switch pri ority . (4096 is the valu e of the l[...]
-
Página 456
17-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Configuring Spanning -Tree Features T o return to the def ault setting, use t he no spanning-tree vlan vlan-id r oot global configuration command. Configuring a Secondary Root Switch When you conf igure a switch as the secondary root, t he switch priority[...]
-
Página 457
17-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Configuring Spanning-Tree Features Configuring Port Priority If a loop occurs, spanning tree us es the port priority when selecting an in terface to put into the forwarding st ate. Y ou can assign higher priority v alues (lo wer numerical values) to interf[...]
-
Página 458
17-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Configuring Spanning -Tree Features T o return to the def ault setting, use t he no spanning-tree [ vlan vlan-id ] port-priority interface confi guration command. F or information on ho w to conf igure load sharing o n trunk ports b y using spanning-tree [...]
-
Página 459
17-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Configuring Spanning-Tree Features Note The show spanning-tr ee interface interfac e-id pri vileged EXEC co mmand displays information o nly for ports that are in a link-up operati ve state. O therwise, you can use the show running-config pri vileged EXEC [...]
-
Página 460
17-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Configuring Spanning -Tree Features Configuring Spanning-Tree Timers Ta b l e 17-4 describes the timers that affect the entire span ning-tree performance. The sections that fol low pro vide the conf iguration steps. Configuring the Hello Time Y ou can con[...]
-
Página 461
17-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configuring STP Configuring Spanning-Tree Features Configuring the Forwardi ng-Delay Time for a VLAN Beginni ng in pri vileged EXEC mod e, follow these steps to conf igure the forwardi ng-delay time for a VLAN. This procedure is optional. T o return to the def ault settin[...]
-
Página 462
17-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 17 Configur ing STP Displaying the Spanning-T ree Status Configuring the Transmit Hold-Count Y o u can conf igure the BPDU b urst size b y changing the transmit h old count v alue. Note Changing this parameter to a high er v alue can ha ve a signif icant impact on CP U utili[...]
-
Página 463
CH A P T E R 18-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 18 Configuring MSTP This chapter descri bes how to configure the Cisco implementat ion of the IEEE 802 .1s Multiple STP (MSTP) on the Catalyst 3560 switch. Note The multiple spanning-tree (MST) implementation in Cisco IOS Release 12.2(25)SEC is based on the IEEE 802.1s s[...]
-
Página 464
18-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Understanding MSTP Understanding MSTP MSTP , which uses RSTP for rapid con ver gence, en ables VLANs to b e grouped into a spanning- tree instance, with each instance h aving a spanning -tree topology independent of other spanning-tree instances. This arc[...]
-
Página 465
18-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Understanding MSTP The IST is the only span ning-tree instance that sends and receiv es BPDUs. All of the other spanning-tree instance informatio n is contained in M-records, wh ich are encapsulate d within MSTP BPDUs. Because the MST P BPDU carries inform[...]
-
Página 466
18-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Understanding MSTP The IST connects all the MSTP switches in the regi on and appears as a s ubtree in the CIS T that encompasses the entire swit ched domain. The root of the subtree is the CIST re gional root. The MST region appears as a virtual switch to[...]
-
Página 467
18-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Understanding MSTP IEEE 802.1s Terminology Some MST naming con v entions used in Cisco’ s pres tandard implementation ha ve been changed to identify some internal or r e gional parameters. These parameters are si gnifi cant only within an MST region, as [...]
-
Página 468
18-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Understanding MSTP Boundary Ports In the Cisco prestandard impl ementation, a boundary po rt connects an MST re gion to a single spanning-tree re gion running RSTP , to a single spanning-tree re gion running PVST+ or rapid PVST+, or to another MST re gion[...]
-
Página 469
18-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Understanding MSTP • The boundary port is no t the root port of t he CIST regional root—The MSTI ports follo w the state and role of the CIST port. The st andard provi des less information, and it might be di ff icult to understand why an MSTI port can[...]
-
Página 470
18-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Understanding RSTP Figure 18-3 illustrates a unidirect ional link failure t hat typically creates a bridging loop. Switch A is the root switch, and its BPDUs are lost on the l ink leading to switch B. RSTP and MST BPDUs include the role and state of the s[...]
-
Página 471
18-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Understanding RSTP Port Roles and the Active Topology The RSTP provides rapi d con ver gence of the spanning tree b y assigning port role s and by learning the activ e topology . The RSTP builds upon the IEEE 802.1D ST P to select the switch with the highe[...]
-
Página 472
18-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Understanding RSTP Rapid Convergence The RSTP provides for rapid recovery of connectivi ty follo wing the fa ilure of a switch, a swi tch port, or a LAN. It provides rapid conv ergence for edge ports, new root ports, and ports connect ed through point-to[...]
-
Página 473
18-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Understanding RSTP Figur e 18-4 Proposal and Agr eement Handshakin g fo r Rapid Conver gence Synchronization of Port Roles When the switch receiv es a proposal message on one of its ports and that port is selected as the ne w root port, the RSTP forces al[...]
-
Página 474
18-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Understanding RSTP After ensuring that all of the ports are synchroniz ed, the switch sends an agreement message to the designated switch co rrespondin g to its root port. When the switches connected b y a point-to-poi nt link are in agreement about thei[...]
-
Página 475
18-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Understanding RSTP The sending switch sets the proposal fl ag in the RSTP BPDU to pr opose itself as the designated switch on that LAN. The port role in the proposal message is always set to the designated port. The sending switch sets the agreemen t flag[...]
-
Página 476
18-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Configuring MSTP Features • Propagation—When an RSTP switch recei v es a TC message from another switch th rough a designated or roo t port, it propagates the c hange to all of its none dge, designated ports and t o the root port (e xcluding the port[...]
-
Página 477
18-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Configuring MSTP Features For info rmation about the supported number of spanning-tree instances, see the “Suppo rted Spanning-T ree Instances” section on page 17-9 . MSTP Configuration Guidelines These are the configurati on guid elines for MSTP: •[...]
-
Página 478
18-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Configuring MSTP Features • For conf iguration guidelin es about UplinkFast and BackboneFast, see the “Optional Spanning-T ree Config uration Guidelines” section on page 19-10 . Specifying the MST Region Configuration and Enabling MSTP For tw o or [...]
-
Página 479
18-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Configuring MSTP Features T o return to the default MST re gion conf iguration, use the no spanning-tree mst conf igurati on global confi guration command. T o return to the default VLAN-t o-instance map, use the no instance instance-i d [ vlan vlan-rang [...]
-
Página 480
18-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Configuring MSTP Features forward-delay ti me, and maximum-age time for a netw ork of that diameter , which can significantly reduce the con vergence time. Y ou can use the hello keyw ord to ove rride the automatically calculated hello ti me. Note After [...]
-
Página 481
18-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Configuring MSTP Features Beginni ng in pri vileged EXEC mode, follow these steps to conf igure a switch as the secondary root switch. This procedure is optional. T o return the switch to its def ault setting, use the no spanning-tr ee mst instance-id r o[...]
-
Página 482
18-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Configuring MSTP Features Note The show spanning-tr ee mst interface interfac e-id pri vileged EXEC co mmand displays information only if the port is in a li nk-up oper ati ve state. Otherwise, you can use the show running-confi g interface pri vileged E[...]
-
Página 483
18-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Configuring MSTP Features Note The show spanning-tr ee mst interface interfac e-id pri vileged EXEC command d isplays information only for ports that are in a link-up oper ati ve sta te. Otherwise, y ou can use t he show running-conf ig pri vileged EXEC c[...]
-
Página 484
18-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Configuring MSTP Features Beginni ng in pri vileged EXEC mo de, follo w these steps to co nfigure th e switch priority . This procedure is optio nal. T o return the switch to its def ault setting, use the no spanning-t ree mst instance-id priority gl oba[...]
-
Página 485
18-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Configuring MSTP Features Configuring the Forwarding-Delay Time Beginni ng in pri vileged EXEC mod e, follow these steps to conf igure the forwardi ng-delay time for all MST instances. This procedure is op tional. T o return the switch to its def ault set[...]
-
Página 486
18-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Configuring MSTP Features Configuring the Maximum-Hop Count Beginni ng in pri vileged EXEC mod e, follo w these steps to conf igure the maximum-h op count for all MST instances. This procedure is op tional. T o return the switch to it s default sett ing,[...]
-
Página 487
18-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Configuring MSTP Configuring MSTP Features Designating the Neighbor Type A topology could contain both prestandard and IEEE 802.1s standard compliant devices. By default, ports can automatically de tect prestandard devices, b ut they ca n still recei ve both standard an d[...]
-
Página 488
18-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 18 Config uring MSTP Displaying the MST Configuration and Status Displaying the MST Configuration and Status T o display the spanning -tree status, use one or more of the pri vile ged EXEC commands in Ta b l e 18-5 : For info rmation about other ke ywords f or the show spann[...]
-
Página 489
CH A P T E R 19-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 19 Configuring Optional Spanning-Tree Features This chapter describes ho w to conf igure opt ional spanning-tree features on the Cat alyst 3560 switch. Y ou can configure all of these feat ures when your swi tch is running the per-VLAN spanning -tree plus (PVST+). Y ou c[...]
-
Página 490
19-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configur ing Optional Spanning-Tree Fea tures Understanding Op tional Spanning-Tree Features Understanding Port Fast Port Fast immediately brings an interface conf igured as an access or trunk port to the forwardi ng state from a blocking state, b ypassing the listen ing a[...]
-
Página 491
19-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configuring Optiona l Spanning-Tree Features Understanding Optional Spa nning-Tree Features At the interface l ev el, you enable BPDU g uard on any port by using the spanning-tr ee bpduguard enable interface conf iguration command without also en abling the Port Fast featu[...]
-
Página 492
19-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configur ing Optional Spanning-Tree Fea tures Understanding Op tional Spanning-Tree Features Figur e 19-2 Sw itches in a Hierar ch ical Networ k If a switch loses connecti vity , it begins using the alte rnate paths as soon as th e spanning tree selects a ne w root port. B[...]
-
Página 493
19-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configuring Optiona l Spanning-Tree Features Understanding Optional Spa nning-Tree Features Figur e 19-3 UplinkF a st Example Bef or e Dire ct Link Fail ure If Switch C de tects a link f ailure on the currentl y activ e link L2 on the root port (a dir ect link failure), Up[...]
-
Página 494
19-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configur ing Optional Spanning-Tree Fea tures Understanding Op tional Spanning-Tree Features The switch tries to f ind if it has an alternate pat h to the root switch. If the inferior BPDU ar riv es on a blocked interf ace, the root port and other bl ocked inte rf aces on [...]
-
Página 495
19-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configuring Optiona l Spanning-Tree Features Understanding Optional Spa nning-Tree Features Figur e 19-6 Bac kboneF ast Example Aft er Indir ect Link F ailure If a ne w switch is introduced into a shared -medium topology as sho wn in Figure 19-7 , BackboneF ast is not acti[...]
-
Página 496
19-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configur ing Optional Spanning-Tree Fea tures Understanding Op tional Spanning-Tree Features Understanding Root Guard The Layer 2 network of a service provider (SP) can include man y connections to switches t hat are not o wned by the SP . In such a to pology , the spa nni[...]
-
Página 497
19-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configuring Optiona l Spanning-Tree Features Configuring Optional Spanning -Tree Features Understanding Loop Guard Y o u can use l oop guard to pre v ent alternate or root ports fr om becoming designated ports becau se of a failure that leads to a unidirectional link. This[...]
-
Página 498
19-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configur ing Optional Spanning-Tree Fea tures Configuring Optio nal Spanning-Tree Features Optional Spanning-Tree Configuration Guidelines Y ou can configure PortFast, BPDU guard, BPDU fi lter ing, EtherChannel guard, root gu ard, or loop guard if your switch is r unning [...]
-
Página 499
19-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configuring Optiona l Spanning-Tree Features Configuring Optional Spanning -Tree Features Note Y ou can use the spanning-tree portfast default global configuration comma nd to glob ally enable the Port Fast feature on all nontrun king ports. T o disable the Port Fast feat[...]
-
Página 500
19-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configur ing Optional Spanning-Tree Fea tures Configuring Optio nal Spanning-Tree Features T o disable BPDU guar d, use the no spanning-tr ee portfast bpduguard default global conf iguration command. Y o u can o verride th e setting of the no spanning-tr ee portfast bpdug[...]
-
Página 501
19-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configuring Optiona l Spanning-Tree Features Configuring Optional Spanning -Tree Features Enabling UplinkFast for Use with Redundant Links UplinkFast cannot be enabled on VLANs that hav e been configured with a swit ch priority . T o enable UplinkFast on a VLAN with switc[...]
-
Página 502
19-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configur ing Optional Spanning-Tree Fea tures Configuring Optio nal Spanning-Tree Features Y ou can conf igure the Back boneFa st feature f or rapi d PVST+ or for the MSTP , b ut the feature remains disabled (inactiv e) until you change the spanning-tree mode to PVST+. Be[...]
-
Página 503
19-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configuring Optiona l Spanning-Tree Features Configuring Optional Spanning -Tree Features Enabling Root Guard Root guard enabled on an i nterface applies to all the VLANs to which the interface b elongs. Do not enable the root guar d on interfaces to be used b y the Uplin[...]
-
Página 504
19-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 19 Configur ing Optional Spanning-Tree Fea tures Displaying the Spanning-T ree Status T o globally disab le loop guard, use the no spanning-tr ee loopguard default global configuration command. Y ou can ov erride the setting of the no spanning-tree loopguard default gl obal [...]
-
Página 505
CH A P T E R 20-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 20 Configuring Flex Links and the MAC Address-Table Move Update Feature This chapter describes ho w to co nfigure Flex Links, a pair of interfaces on the Catalyst 3560 sw itch that provide a mutual backup. It als o describes how to co nfigure the MA C address-table mo ve[...]
-
Página 506
20-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links a nd the MAC Address-Table Move Update Feature Understanding Flex Links and the MAC Address-Table Move Upd ate Y o u conf igure Fle x Links on one Layer 2 interf ace (the acti ve link) b y assigning ano ther Layer 2 interface as the Flex Link or back[...]
-
Página 507
20-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links and the MAC Address-Table Move Update Feature Understanding Flex Links and the MAC Address-Table Move U pdate Figur e 20-2 VLAN Flex Links Load Bala ncing Configurati on Example Flex Link Multicast Fast Convergence Flex Link Multicast Fast Con v erge[...]
-
Página 508
20-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links a nd the MAC Address-Table Move Update Feature Understanding Flex Links and the MAC Address-Table Move Upd ate Leaking IGMP Reports T o achie ve mu lticast traf fi c con ver gence with mini mal loss, a redundant data path must be set up b efore the F[...]
-
Página 509
20-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links and the MAC Address-Table Move Update Feature Understanding Flex Links and the MAC Address-Table Move U pdate Similarly , both Fle x Link ports are part of l earned groups. In t his example, Gi gabit Ethernet0/11 i s a recei ver/host in VLAN 1, whi c[...]
-
Página 510
20-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links a nd the MAC Address-Table Move Update Feature Understanding Flex Links and the MAC Address-Table Move Upd ate Whene ver a host responds to the general quer y , the switch forwards this report on all the mrouter p orts. When you turn on this featu re[...]
-
Página 511
20-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links and the MAC Address-Table Move Update Feature Configuring Flex Links and the MAC Address-Table Move Update Figur e 20-3 MAC A ddress-T able Mo ve Update Example Configuring Flex Links and the MAC Address-Table Move Update These sections contai n this[...]
-
Página 512
20-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links a nd the MAC Address-Table Move Update Feature Configuring Flex Links and the MAC A ddress-Table Move Update Default Configuration The Flex Links are not conf igured, an d there are no backup interfaces defined. The preemption mode is of f. The preem[...]
-
Página 513
20-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links and the MAC Address-Table Move Update Feature Configuring Flex Links and the MAC Address-Table Move Update Configuring Flex Links Beginni ng in pri vileged EXEC mode, follow these steps to conf igure a pair of Flex Links: T o disable a Fle x Link bac[...]
-
Página 514
20-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links a nd the MAC Address-Table Move Update Feature Configuring Flex Links and the MAC A ddress-Table Move Update T o remov e a preemption sche me, use the no switchport backup interface interface- id preempt ion mode interface conf igurat ion command. T[...]
-
Página 515
20-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links and the MAC Address-Table Move Update Feature Configuring Flex Links and the MAC Address-Table Move Update Configuring VLAN Load Balancing on Flex Links Beginning in priv ileged EXEC mode, foll ow these st eps to co nfigu re VLAN load balancing on F[...]
-
Página 516
20-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links a nd the MAC Address-Table Move Update Feature Configuring Flex Links and the MAC A ddress-Table Move Update When a Flex Link interf ace comes up, VLANs prefe rred on this interface are block ed on the peer interface and mov ed to the forwarding sta[...]
-
Página 517
20-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links and the MAC Address-Table Move Update Feature Configuring Flex Links and the MAC Address-Table Move Update T o disable the MA C address-table move update feature, use the no mac addr ess-table mov e update transmit interface configurati on command. [...]
-
Página 518
20-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 20 Configuring Flex Links a nd the MAC Address-Table Move Update Feature Monitoring Flex Links and the MAC Address- Table Move Update T o disable the MA C address-tabl e move update feature, use the no mac addr ess-table mov e update rec e ive configurati on command. T o dis[...]
-
Página 519
CH A P T E R 21-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 21 Configuring DHCP Featur es and IP Source Guard This chapter describe s ho w to configure DHCP sno o ping and optio n-82 data insertion, and the DHCP server port-based address alloca tion features on th e Catalyst 3560 switch. It also d escribes how to configure the IP[...]
-
Página 520
21-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Understanding DHCP Snooping • Cisco IOS DHCP Server Database, page 21 -6 • DHCP Snooping Binding Database, page 21-6 For information about the DHCP client, see the “ Configuring DHCP ” section of the “ IP Addr essing[...]
-
Página 521
21-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Understanding DHCP Snooping When a switch recei ves a packet on an untrusted in terface and the interface belongs to a VLAN in which DHCP snooping is enabled, the switch compares th e source MA C address and the DHCP client ha[...]
-
Página 522
21-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Understanding DHCP Snooping Figure 21-1 is an ex ample of a metropolitan Ethernet netw ork in which a centralized DHCP server assigns IP addresses to subscribers connected to the switch at the a ccess layer . Because the DHCP [...]
-
Página 523
21-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Understanding DHCP Snooping • Remote-ID suboption f ields – Suboption type – Length of the subop tion type – Remote-ID type – Length of the remote-ID type In the port f ield of the circuit-ID subopt ion, the port num[...]
-
Página 524
21-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Understanding DHCP Snooping • Remote-ID suboption f ields – The remote-ID type is 1. – The length v alues are v ariable, depending on the l ength of the string that you conf igure. Figur e 21 -3 User -Configur ed Subopti[...]
-
Página 525
21-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Understanding DHCP Snooping T o keep the binding s when the switch reloads, you must use the DHCP snooping datab ase agent. If the agent is disabled, dynamic ARP inspectio n or IP source guard is enabled, and the DH CP snoopin[...]
-
Página 526
21-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Snooping Configuring DHCP Snooping These sections contain this configu ration informatio n: • Default DH CP Snooping Conf iguration, page 21-8 • DHCP Snooping Conf iguration Guidelines, page 21-9 • Confi[...]
-
Página 527
21-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Configuring DHCP Snooping DHCP Snooping Configuration Guidelines These are the conf iguration guidelin es for DHCP snooping. • Y o u must globally enable DHCP snooping on the swi tch. • DHCP snooping is n ot activ e until [...]
-
Página 528
21-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Snooping • Y o u can display DH CP snooping statistics b y entering the show ip dhcp snooping statisti cs user EXEC command, and you can clear the snoopi ng statistics counters by entering the clear ip dhcp[...]
-
Página 529
21-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Configuring DHCP Snooping helper -addre ss command can be a s pecif ic DHCP serv er IP ad dress, or i t can be the networ k address if other DHCP servers are on the desti nation network se gment. Using the networ k address en[...]
-
Página 530
21-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Snooping Enabling DHCP Snooping and Option 82 Beginni ng in pri vileged EXEC mode, foll ow th ese steps to enable DHCP snooping on the swi tch: Command Purpose Step 1 configur e terminal Enter global conf igu[...]
-
Página 531
21-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Configuring DHCP Snooping T o disable DHCP snoopi ng, use the no ip dhcp snooping glob al config uration command. T o disable DHCP snooping on a V LAN or range of VLANs, use th e no ip dhcp snooping vlan vlan-r ange global co[...]
-
Página 532
21-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Snooping Enabling the Cisco IOS DHCP Server Database For procedures to enable and configure the Cisco IOS DHCP serv er database, see the “DHCP Config uration T ask List” section in the “Conf iguring DHC[...]
-
Página 533
21-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Displaying DHCP Snooping Information T o clear the statistics of the DHCP sn ooping bindi ng database agent, use the clear ip dhcp snooping database statistics pri vileg ed EXEC command. T o renew the database, use the r enew[...]
-
Página 534
21-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Configuring IP Source Gua rd These sections contai n this information: • Source IP Address Filtering, page 21-16 • Source IP and MA C Address Filteri ng, page 21-16 Source IP Address Filtering When IP source guard is enab[...]
-
Página 535
21-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Configuring IP Source Guard IP Source Guard Configuration Guidelines These are the conf iguration guidelines fo r IP source guard: • Y o u can conf igure stat ic IP bindings only on no nrouted ports. If you enter the ip sou[...]
-
Página 536
21-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Configuring IP Source Gua rd T o disable IP source guard w ith source IP address f iltering, use the no ip verify sour ce interface confi guration command. T o delete a static IP source binding entry , use the no ip source gl[...]
-
Página 537
21-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Displaying IP Source Guard Information Displaying IP Source Guard Information T o display the IP source g uard information, use one or more o f the pri vileged EXEC commands in Ta b l e 21-3 : Understanding DHCP Server Port-B[...]
-
Página 538
21-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Configuring DHCP Server Port- Based Address Allocation Port-Based Address Allocation Configuration Guidelines These are the configuration guidelines fo r DHCP port-based address allocation: • Only one IP address c an be ass[...]
-
Página 539
21-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feat ures and IP Source Guard Configuring DHCP Server Port -Based Address Allocation T o disable DHCP port -based address allocation, use the no ip dhcp use subscriber -id client-id global confi guration command. T o disable the automatic ge n eration of [...]
-
Página 540
21-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 21 Configuring DHCP Feature s and IP Source Guard Displaying DHCP Se rver Port-Based Addr ess Allocation Subnet size (first/next) : 0 / 0 Total addresses : 254 Leased addresses : 0 Excluded addresses : 4 Pending event : none 1 subnet is currently in the pool: Current index I[...]
-
Página 541
CH A P T E R 22-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 22 Configuring Dynamic ARP Inspection This chapter describes ho w to conf igure dynamic Addr ess Resolution Protocol inspection (dyn amic ARP inspection) on the Catalyst 35 60 switch. This featur e helps pre vent malicious attacks on the switch by not relaying in v alid [...]
-
Página 542
22-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Co nfig uring Dynamic ARP Inspection Understanding Dynamic ARP Inspection Figur e 22-1 ARP Cache P oisoning Hosts A, B, and C are connected to the switch on in terfaces A, B and C, all of which are on the sa me subnet. Their IP and MAC addresses are show n in parentheses; [...]
-
Página 543
22-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Configuring Dynamic ARP Insp ection Understanding Dynamic ARP Inspection Y ou can configure dyna mic ARP inspection to drop AR P packets when the IP a ddresses in the packets are in v alid or when the MA C addresses in the bod y of the ARP packets do not match the addresse[...]
-
Página 544
22-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Co nfig uring Dynamic ARP Inspection Understanding Dynamic ARP Inspection Dynamic ARP inspection ensures that hosts (on untru sted interfaces) connected to a switch running dynamic ARP inspection do not po ison the ARP caches of other hosts in t he network. Ho we ver , dyn[...]
-
Página 545
22-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection Y ou use the ip arp inspection lo g-buffer glo bal configur ation command to conf igure the num ber of entries in the b uf fer and the number of entries need ed in the specif ied interv al to generate s[...]
-
Página 546
22-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Co nfig uring Dynamic ARP Inspection Configuring Dynamic ARP Inspection Dynamic ARP Inspection Configuration Guidelines These are the dynamic ARP insp ection conf iguration guidel ines: • Dynamic ARP inspection is an ingress securit y feature; it does not perform an y eg[...]
-
Página 547
22-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection Configuring Dynamic ARP Inspection in DHCP Environments This procedure sho ws ho w to conf igure dynamic AR P inspection when two swit ches support this feature. Host 1 is connected to Sw itch A, and Ho[...]
-
Página 548
22-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Co nfig uring Dynamic ARP Inspection Configuring Dynamic ARP Inspection T o disable dynamic ARP inspection, use the no ip arp inspection vlan vlan-rang e global conf iguration command. T o return the interfaces to an untrusted state, use the no ip arp inspection trust inte[...]
-
Página 549
22-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection Step 3 permit ip host sender-ip mac host sender -mac [ log ] Permit ARP pack ets from the specif ied host (Host 2) . • For sender-ip , enter the IP address of Host 2. • For sender-mac , en ter the M[...]
-
Página 550
22-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Co nfig uring Dynamic ARP Inspection Configuring Dynamic ARP Inspection T o remov e the ARP A CL, use the no arp access-list global conf iguration command. T o remov e the ARP A CL attached to a VLAN, use the no ip arp inspection fil ter arp-acl-name vlan vl an-rang e glo[...]
-
Página 551
22-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection For conf iguration guidelin es for rate limiting trunk p orts and EtherChannel ports, see the “Dynami c ARP Inspection Conf iguration Guid elines” section on pag e 22-6 . Beginni ng in pri vileged [...]
-
Página 552
22-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Co nfig uring Dynamic ARP Inspection Configuring Dynamic ARP Inspection T o disable checki ng, use the no ip arp inspection v alidate [ sr c-mac ] [ dst-mac ] [ ip ] global confi guration command. T o display statistics for forwarded, dropped, and MA C and IP v alidation [...]
-
Página 553
22-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection Beginni ng in pri vileged EXEC mode, follow these steps to conf igure the log b uf fer . This procedure is optional. Command Purpose Step 1 conf igure terminal Enter global con figur ation mode. Step 2[...]
-
Página 554
22-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Co nfig uring Dynamic ARP Inspection Displayi ng Dynamic ARP Inspection Information T o return to the d efault log b uf fer settin gs, use the no ip arp inspectio n log-buffer { entries | l ogs } global conf iguration command . T o return to the default VLAN log settings,[...]
-
Página 555
22-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Configuring Dynamic ARP Insp ection Displaying Dynamic ARP In spection Information For more inf ormation about these commands, s ee the command referenc e for this release. Ta b l e 22-4 Commands f or Clearing or Displaying Dynamic ARP Inspection Logg ing Infor mation Com[...]
-
Página 556
22-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 22 Co nfig uring Dynamic ARP Inspection Displayi ng Dynamic ARP Inspection Information[...]
-
Página 557
CH A P T E R 23-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 23 Configuring IGMP Snooping and MVR This chapter describes ho w to conf igure Internet Group Management Protoco l (IGMP) snooping on the Catalyst 3560 switch, including an application of local IGMP snooping, Multicast VLAN Registration (MVR). It also includes procedures[...]
-
Página 558
23-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Understanding IGMP Snooping Understanding IGMP Snooping Layer 2 switches can use IGMP snooping to constrain th e flooding of multicast traf f ic by d ynamically configuring Laye r 2 interfaces so that multicast traf f ic is forwarded to [...]
-
Página 559
23-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Understanding IGMP Snooping IGMP Versions The switch supports IGMP V ersion 1, IGMP V e rsion 2, and IGMP V ersion 3. These versions are interoperable on the switch. F or exampl e, if IGMP snooping is enabled on an IGMPv2 switch and the s[...]
-
Página 560
23-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Understanding IGMP Snooping it is not already present. The CPU also adds the inte rface where the join message was receiv ed to the forwarding-table entry . The host as sociated with that interface re ceives multicast traf f ic for that [...]
-
Página 561
23-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Understanding IGMP Snooping Figur e 23-2 Second Host Joining a Multicast Gr oup Leaving a Multicast Group The router sends periodic multicast gener al queries , and the switch forw ards these queries through all ports in the VLAN. Interes[...]
-
Página 562
23-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping Note Y ou should only use the I mmediat e Leave feature on VLANs where a single host is connected to each port. If Immediate Leav e is enabled in VLANs where more than one host is co nnected to a port, some host[...]
-
Página 563
23-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Configuring IGMP Snooping • Config uring the IGMP Lea ve T imer , page 23-11 • Config uring TCN-Rela ted Commands, page 23 -12 • Config uring the IGMP Snooping Qu erier , page 23- 14 • Disabling IGMP Report Su ppression, page 23-1[...]
-
Página 564
23-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping Beginni ng in pri vileged EXEC mode, f ollow these steps to enable IGMP snooping on a VLAN in terface: T o disable IGMP snoopi ng on a VLAN interface, use the no ip igmp snooping vlan vl an-id global confi gurat[...]
-
Página 565
23-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Configuring IGMP Snooping Beginni ng in priv ileged EXEC mode, foll ow these st eps to alter the method in which a VLAN interf ace dynamically accesses a multicast router: T o return to the d efault learning meth od, use the no ip igmp sn[...]
-
Página 566
23-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping T o remov e a multicast router p ort from the VLAN, use the no ip igmp snooping vlan vlan-id mrouter interfac e interface-id global configuratio n command. This exampl e show s how to en able a static connectio[...]
-
Página 567
23-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Configuring IGMP Snooping Note Immediate Leave is supported only on IG MP V e rsion 2 hosts. Beginni ng in pri vileged EXEC mod e, follow th ese steps to enable IGMP Immediate Le a ve: T o disable IGMP Immediate Leave on a VLAN, use the [...]
-
Página 568
23-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping T o globally reset the I GMP leav e timer to the d efault setting, use t he no ip igmp snooping last-member -query-inter va l glob al conf iguration command. To remove the conf igured IGMP lea v e-time setting [...]
-
Página 569
23-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Configuring IGMP Snooping Recovering from Flood Mode When a topology change occurs, th e spanning-tree root sends a specia l IGMP lea ve message (also kno wn as global leav e) with the group multicast ad dress 0.0.0.0. H o wev er , when [...]
-
Página 570
23-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping Configuring the IGMP Snooping Querier Follo w these gu idelines when conf iguring the IGMP snoopin g querier: • Config ure the VLAN in global conf iguration mo de. • Configure an IP address on the VLAN inte[...]
-
Página 571
23-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Displaying IGMP Snooping Information This exampl e show s how to set the IGMP snooping queri er source address to 10.0.0.6 4: Switch# configure terminal Switch(config)# ip igmp snooping querier 10.0.0.64 Switch(config)# end This exampl e[...]
-
Página 572
23-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Displaying IGMP Sn ooping Information T o display IGMP sn ooping information , use one or more of the pri vile ged EXEC commands in Ta b l e 23-4 . For more inf ormation about the ke ywords an d options in these commands, see the comman[...]
-
Página 573
23-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Understanding Multicast VLAN Registration Understanding Multicast VLAN Registration Multicast VLAN Re gistration (MVR) is designed for applications u sing wide-scale deployment of multicast traf f ic across an Ethernet ring-based service[...]
-
Página 574
23-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Understanding Multicast VLAN Registration Figur e 23-3 Multicast VLAN Regis tration Example When a subscriber changes channels or t urns of f the television, the set-top box sends an IGMP le a ve message for the multicast stream . The s[...]
-
Página 575
23-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Configuri ng MVR These messages dynamically regi ster for streams of multicast traf f ic in the multicast VLAN on the Layer 3 device. Switch B. The access layer switch, Switch A, modif ies the forwarding b ehavi or to allo w the traf fic[...]
-
Página 576
23-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring MVR • Because MVR on the switch uses IP multicast addresses inste ad of MA C multicast addresses, aliased IP multicast addresses are allowed on the sw itch. Ho we v er , if the switch is interoperating with Catalyst 3550 o[...]
-
Página 577
23-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Configuri ng MVR T o return the switch to its default settin gs, use the no mvr [ mode | group ip- addr ess | querytime | vlan ] global conf iguratio n commands. This exampl e show s how to enable MVR, conf igure the group address, set t[...]
-
Página 578
23-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring MVR T o return the interf ace to its default sett ings, use the no mvr [ type | immediat e | vlan vlan-id | grou p ] interface configuration commands. This example sho ws how to conf igure a port as a rece i ver port, static[...]
-
Página 579
23-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Displaying MVR Information Displaying MVR Information Y ou can display MVR inform ation for the switch or for a specif ied interf ace. Beginning in pri vileged EXEC mode, use the commands in Ta b l e 23-6 to display MVR conf iguration: C[...]
-
Página 580
23-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring IGMP F iltering a nd Throttling IGMP fil tering is applicable only to the dynamic l earning of IP multicast group addresses, not stati c configuration. W ith the IGMP throt tling feature, you can set the maximum number of IG[...]
-
Página 581
23-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Configuring IGMP Filtering and Throttling • permit : Specif ies that matching addresses are permitted. • range : Specifies a range of IP addre sses for the prof ile. Y ou can enter a single IP address or a range with a start and an e[...]
-
Página 582
23-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Configuring IGMP F iltering a nd Throttling Applying IGMP Profiles T o control access as def ined in an IGMP prof ile, use the ip igmp f ilter interface configuration command to apply the prof ile to the appro priate interfaces. Y ou ca[...]
-
Página 583
23-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Configuring IGMP Sn ooping and MVR Configuring IGMP Filtering and Throttling T o remov e the maximum grou p limitation and ret urn to the def ault of no maximum, use t he no ip ig mp max-gr oups interface conf iguration command. This exampl e shows ho w to limit t o 25 th[...]
-
Página 584
23-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 23 Config ur ing IGMP Snooping and MVR Displaying IGMP Filtering and Throttling Co nfiguration Beginni ng in pri vileged EXEC mode, foll ow th ese steps to conf igure the throttling action when the maximum number of entries is in the forw arding table: T o return to the def [...]
-
Página 585
CH A P T E R 24-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 24 Configuring Port-Based Traffic Control This chapter describe s how to conf igure the port -ba sed traf fic control features on the Catalyst 3560 switch. Note For complete syntax and usage in formation for the co mmands used in this chapter , see the command reference [...]
-
Página 586
24-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Storm Control Storm control uses one of th ese methods to measure traf fic act ivity : • Bandwidth as a percentage of the tot al av ailable bandwidth of t he port that can be used by the broadcast, multicast, or uni cas[...]
-
Página 587
24-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Storm Control Note Because packets do not arr iv e at uniform interv als, the 1-second ti me interv al during which traf fi c activ ity is measured can affect the beha vior of storm cont rol. Y ou use the storm-control in[...]
-
Página 588
24-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Storm Control Step 3 storm-control { broadcast | multicast | unicast } level { level [ l evel-low ] | bps bps [ bps-low ] | pps pps [ pps-l ow ]} Conf igure broadcast, multicast, or u nicast storm control. By default, sto[...]
-
Página 589
24-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Storm Control T o disable storm contro l, use the no storm-control { br oadcast | multicast | uni cast } level interface confi guration command. This exampl e sho ws how to enable unicast storm control on a port with an 8[...]
-
Página 590
24-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Protected Ports This example shows ho w to enable the small-frame arri v al-rate feature, configure the port reco very ti me, and conf igure the threshold for error disabling a port: Switch# configure terminal Switch# err[...]
-
Página 591
24-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Blocking Protected Port Configuration Guidelines Y o u can conf igure protect ed ports on a physical i nterface (for e xample, Gigabit Eth ernet port 1) or an EtherChann el group (for example, port-chann el 5). When [...]
-
Página 592
24-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security Default Port Blocking Configuration The default is t o not block flooding of unkno wn multicast and u nicast traf fic o ut of a port, b ut to flood these packets to all ports. Blocking Flooded Traffic on an [...]
-
Página 593
24-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security These sections contain this concep tual and conf iguration information: • Understanding Port Securit y , page 24-9 • Default Por t Security Conf iguration, page 24- 11 • Port Security Configur ation Gu[...]
-
Página 594
24-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security The maximum number of secure MA C addresses that you can configure on a switch is set by the maximum number of a v ailable MA C addresses allo wed in the sy stem. This number is determined b y the activ e S[...]
-
Página 595
24-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security Default Port Security Configuration Ta b l e 24-2 shows the d efault port securi ty confi guration for an interf ace. Port Security Configuration Guidelines Follo w these guidelines when conf iguring port s[...]
-
Página 596
24-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security VLAN, but is not learned on the access VLAN. If yo u connect a single PC to the Cisco IP phone, no additional MA C addresses ar e required. If you co nnect more t han one PC to the Cisco IP phone, you must [...]
-
Página 597
24-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security Enabling and Configuring Port Security Beginni ng in priv ileged EXEC mode, follo w these steps t o restrict input to an interface b y limiting and identifying MA C addresses of the stations allo wed to acc[...]
-
Página 598
24-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security Step 7 switchport port-security [violation { protect | r estrict | shutdown | shutdown vlan }] (Optional) Set the viol ation mode, the action to be taken when a securi ty violation is detected, as one of th[...]
-
Página 599
24-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security Step 8 switchport port-security [ mac-address mac- addr ess [ vlan { vlan-id | { access | voice }}] (Optional) Enter a secure MA C address for the interface. Y ou can use this command to enter the maximum n[...]
-
Página 600
24-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security T o return the interface to the default condition as not a secure port, use the no switchport port-security interface conf iguration co mmand. If you enter this comm and wh en sticky le arning is enabled, t[...]
-
Página 601
24-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security Switch(config-if)# switchport port-security mac-address 0000.0000.0003 Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0001 vlan voice Switch(config-if)# switchport port-security ma[...]
-
Página 602
24-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Configuring Port Security T o disable port secu rity aging for all secure addresses on a port, use t he no switchport port-security aging time interface conf iguration command. T o disable aging for only stati cally configur ed secu[...]
-
Página 603
24-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Displaying Port-Based T raffic Contro l Settings Secure addresses that are learned on host port ge t automatically replicated on associated primary VLANs, and similarly , secure addresses learned on promiscuous ports automatically g[...]
-
Página 604
24-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 24 Configuri ng Port-Based Traffic Control Displaying Port-Based Traffic Control Settings[...]
-
Página 605
CH A P T E R 25-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 25 Configuring CDP This chapter describes ho w to conf igure Cisco Disco very Protocol (CDP) on the Catalyst 3560 switch. Note For complete syntax and usage in formation for the co mmands used in this chapter , see the command reference for this release and the “Sys te[...]
-
Página 606
25-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 25 Configur ing CDP Configuring CDP Configuring CDP These sections contain this configu ration informatio n: • Default CD P Configurati on, page 25-2 • Config uring the CDP Characteristics, page 25-2 • Disabling an d Enabling CDP , pa ge 25-3 • Disabling and Enabling [...]
-
Página 607
25-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 25 Configuring CDP Configuring CDP Use the no form of the CDP commands to return to the def ault settings. This exampl e shows ho w to conf igure CDP characteri stics. Switch# configure terminal Switch(config)# cdp timer 50 Switch(config)# cdp holdtime 120 Switch(config)# cdp[...]
-
Página 608
25-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 25 Configur ing CDP Monitoring and Maintaining CDP Disabling and Enabling CDP on an Interface CDP is enabled b y default on all suppo rted interfaces to send and to recei v e CDP information. Beginni ng in pri vileged EXEC mode, foll ow th ese steps to disable CDP on a port: [...]
-
Página 609
25-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 25 Configuring CDP Monitori ng and Maintaining CDP show cdp entry entry-name [ protocol | version ] Display information ab out a specif ic neighbor . Y ou can enter an asterisk (*) to displa y all CDP neighbors, or you can enter the name of the neighbor about which you want i[...]
-
Página 610
25-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 25 Configur ing CDP Monitoring and Maintaining CDP[...]
-
Página 611
CH A P T E R 27-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 27 Configuring UDLD This chapter descri bes how to configure the UniDirectional Link Detection (UD LD) protocol on th e Catalyst 35 60 switch. Note For complete syntax and usage in formation for the co mmands used in this chapter , see the command reference for this rele[...]
-
Página 612
27-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 27 Configuring UDLD Understanding UDLD In normal mode, UDLD detect s a unidirectional link when f iber strands in a f iber -optic port are misconnected and the Layer 1 mechan isms do not dete ct this miscon nection. If the po rts are connecte d correctly b ut the traf f ic is[...]
-
Página 613
27-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 27 Configuring UDLD Configuri ng UDLD If the detection windo w ends and no v alid reply message i s receiv ed, the link might shut down, depending on the UDLD mode. When UDLD is in normal mo de, the link might be considered undetermined and might not be shut down. When UDLD i[...]
-
Página 614
27-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 27 Configuring UDLD Configuring UDLD Default UDLD Configuration Ta b l e 27-1 shows the def ault UDLD conf iguration. Configuration Guidelines These are the UDLD configuration guidelines: • UDLD is not supported on A TM ports. • A UDLD-capable port cannot detect a unidire[...]
-
Página 615
27-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 27 Configuring UDLD Configuri ng UDLD Enabling UDLD Globally Beginni ng in pri vileged EXEC mode, follow these steps to enable UDLD in the aggressi v e or normal mode and to set the conf igurab le message timer on all f iber -optic ports on the switch: T o disable UDLD global[...]
-
Página 616
27-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 27 Configuring UDLD Displayi ng UDLD Sta tus Resetting an Interface Disabled by UDLD Beginning in priv ileged EXEC mode, foll ow th ese steps to reset all ports disabled b y UDLD: Y o u can also bri ng up the port b y using these commands: • The shutdown interf ace configur[...]
-
Página 617
CH A P T E R 26-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 26 Configuring LLDP, LLDP-MED, and Wired Location Service This chapter describe s ho w to configure the Link Layer D iscov ery Protocol (LLDP), LL DP Media Endpoint Disco very (LLDP-MED) an d wired location service on the Catalyst 3560 switch. Note For complete syntax an[...]
-
Página 618
26-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Understanding LLDP, LLDP-MED, and Wired Location Service The switch supports these basic manageme nt TL Vs. These are mandatory LLDP TL Vs. • Port description TL V • System name TL V • System description TL V ?[...]
-
Página 619
26-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Configuring LLDP, LLDP- MED, and Wired Loca tion Service Understanding LLDP, LLDP-MED, a nd Wired Location Service • Location TL V Provides lo cation information from t he switch to the endpoint de vice. The locati on TL V can send this informatio n: – Civic location i[...]
-
Página 620
26-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Configuring LLDP , LLDP-MED, and Wired Location Ser vice • Device cate gory is specif ied as a wire d station • State is spec ified as delete • Serial number , UDI • T ime in seconds since the switch detected[...]
-
Página 621
26-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Configuring LLDP, LLDP- MED, and Wired Loca tion Service Configuring LLDP, LLDP-MED, and Wired Location Service Configuration Guidelines • If the interface is con figured as a tunnel port, LLDP is automatical ly disabled. • If you f irst config ure a network-polic y pr[...]
-
Página 622
26-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Configuring LLDP , LLDP-MED, and Wired Location Ser vice Beginni ng in pri vileged EXEC mode, foll ow th ese steps to conf igure the LLDP characteristics. Note Steps 2 through 5 are opt ional and can be performed i n[...]
-
Página 623
26-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Configuring LLDP, LLDP- MED, and Wired Loca tion Service Configuring LLDP, LLDP-MED, and Wired Location Service Beginning in priv ileged EXEC mode, foll ow these steps to enable a TL V on an interface: This example sho ws how to enable a TL V on an interface: Switch# confi[...]
-
Página 624
26-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Configuring LLDP , LLDP-MED, and Wired Location Ser vice Use the no form of each command to return to the default settin g. This exampl e show s how to co nfigure VLAN 10 0 for voice ap plication with CoS and to en a[...]
-
Página 625
26-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Configuring LLDP, LLDP- MED, and Wired Loca tion Service Configuring LLDP, LLDP-MED, and Wired Location Service Configuring Location TLV and Wired Location Service Beginni ng in pri vileged EXEC mode, follow these steps to conf igure location information fo r an endpoint a[...]
-
Página 626
26-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Monitoring and Main taining LLDP, LLDP-MED, and Wired Locatio n Service Beginning in pri vileged EX EC mode, follo w these steps to enab le wired location service on t he switch. Note Y our switch must be running t [...]
-
Página 627
26-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Configuring LLDP, LLDP- MED, and Wired Loca tion Service Monitoring and Ma intaining LLDP, LLDP-MED, a nd Wired Location Service show lldp interface [ interface-id ] Display information about in te rfaces with LLDP enabled. Y o u can limi t the display to a specif ic inte[...]
-
Página 628
26-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 26 Co nfiguring LLDP , LLDP-MED, and Wired Location Service Monitoring and Main taining LLDP, LLDP-MED, and Wired Locatio n Service[...]
-
Página 629
CH A P T E R 28-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 28 Configuring SPAN and RSPAN This chapter de scribes ho w to conf igure Swit ched Port Anal yzer (SP AN) and Remote SP AN (RSP AN) on the Catalyst 3560 switch. Note For complete syntax and usage in formation for the co mmands used in this chapter , see the command refer[...]
-
Página 630
28-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Understanding SPAN and RSPAN These sections contain this conceptual information: • Local SP AN, page 28-2 • Remote SP AN, page 28-2 • SP AN an d RSP AN C oncepts and T erm inology , pa ge 28-3 • SP AN and RSP AN Interaction with Other Fe[...]
-
Página 631
28-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Understanding SPAN and RSPAN Figur e 28-2 Example of RSP AN Configuration SPAN and RSPAN C oncepts and Terminology This section descri bes concepts and terminology associated with SP AN and RSP A N configuration. SPAN Sessions SP AN sessions (loc[...]
-
Página 632
28-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Understanding SPAN and RSPAN An RSP AN source session is very similar to a l oca l SP AN session, except for where the packet stream is directed. In an RSP A N source session, SP AN packets are rela beled with t he RSP AN VLAN ID and directed ov[...]
-
Página 633
28-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Understanding SPAN and RSPAN • T ransmit (Tx) SP AN—The goal of transmit (or egre ss) SP AN is to monitor as much as possible all the packets sent by the source inte rface after all modif ication and processing is per formed by the switch. A [...]
-
Página 634
28-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Understanding SPAN and RSPAN A source port has these characteristics: • It can be monitored in multiple SP AN sessions. • Each source port can be conf igured wi th a direction (ingress, e gress, or both) to monit or . • It can be an y port[...]
-
Página 635
28-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Understanding SPAN and RSPAN Destination Port Each local SP AN session or RSP AN destinat ion sessi on must ha ve a destin ation port (also called a monitoring port ) that recei ves a copy of traf f ic from the source ports or VLANs and se nds th[...]
-
Página 636
28-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Understanding SPAN and RSPAN RSPAN VLAN The RSP AN V LAN carries SP AN tra f fic between RSP A N sourc e and destination sessions. It has these special characteristics: • All traff ic in the RSP AN VLAN is always flooded. • No MA C address l[...]
-
Página 637
28-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Configuring SPAN and RSPAN A physical port that belongs to an EtherChannel gro up can be configu red as a SP AN source port and still be a part of the Eth erChannel. In this case, data from the physical port is monitored as it participate s in th[...]
-
Página 638
28-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Configuring SPAN and RSPAN Configuring Local SPAN These sections contain this configu ration informatio n: • SP AN Configur ation Guidelines, page 28-10 • Creating a Local SP AN Session, page 28-11 • Creating a Local SP AN Session and Con[...]
-
Página 639
28-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Configuring SPAN and RSPAN • On Catalyst 3560-24PS and 3 560-48PS switches, egress SP AN routed packets (both unicast an d multicast) show the incorrect source MA C addr ess. For local SP AN packets with nati v e encapsulation on the destin at[...]
-
Página 640
28-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Configuring SPAN and RSPAN T o delete a SP AN session, use the no monitor session session_number global configur ation command. T o remov e a source or destination port o r VLAN from the SP AN session, use the no monitor session session_number [...]
-
Página 641
28-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Configuring SPAN and RSPAN This exampl e show s how to disable recei ved traf f ic monitoring on port 1, which was con figured for bidirectional monitoring: Switch(config)# no monitor session 1 source interface gigabitethernet0/1 rx The monitori[...]
-
Página 642
28-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Configuring SPAN and RSPAN T o delete a SP AN session, use the no monitor session session_number global configur ation command. T o remov e a source or destination port o r VLAN from the SP AN session, use the no monitor session session_number [...]
-
Página 643
28-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Specifying VLANs to Filter Beginning in privil eged EXEC mode, follo w these st eps to limit SP AN source traffic to specific VLANs: T o monitor all VLANs on the trunk p ort, use the no monitor session session_number f[...]
-
Página 644
28-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Configuring SPAN and RSPAN This exampl e show s how to remove an y ex isting conf iguration on SP AN session 2, conf igure SP AN session 2 to monitor traffic recei ved on Gigabit Ethe rnet trunk port 2, and send traffic for only VLANs 1 through[...]
-
Página 645
28-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Configuring SPAN and RSPAN • W e recommend that you configure an RSP AN VLAN before you configure an RSP AN source or a destination session. • If you enable VTP an d VTP pruning, RSP AN traf fi c is pruned in t he trunks to pre v ent the unw[...]
-
Página 646
28-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Configuring SPAN and RSPAN This exampl e show s how to create RSP AN VLAN 901. Switch(config)# vlan 901 Switch(config-vlan)# remote span Switch(config-vlan)# end Creating an RSPAN Source Session Beginning in priv ileged EXEC mode, foll ow these[...]
-
Página 647
28-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o delete a SP AN session, use the no monitor session session_number global conf iguration comman d. T o remov e a source port or VLAN from the SP AN session, use the no monitor session session_number source { interfa[...]
-
Página 648
28-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Configuring SPAN and RSPAN T o delete a SP AN session, use the no monitor session session_number global configur ation command. T o remov e a destination port from the SP AN session, use the no monitor session session_number destination interfa[...]
-
Página 649
28-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o delete an RSP AN session, use the no monitor session session_number global config uration command. T o remove a destinatio n port from the RSP AN session, use the no monitor session session_number destination inter[...]
-
Página 650
28-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Configuring SPAN and RSPAN Specifying VLANs to Filter Beginni ng in pri vileged EXEC mode, f ollow these steps to conf igure the RSP AN source session to limit RSP AN source tr af fic t o specif ic VLANs: T o monitor all VLANs on the trunk port[...]
-
Página 651
28-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Configuring SPAN and RSPAN Displaying SPAN and RSPAN Stat us Displaying SPAN and RSPAN Status T o display the cu rrent SP AN or RSP AN conf iguration, use the sho w monitor user EXEC command. Y o u can also use th e show running-conf ig pri vile ged EXEC command to di spl[...]
-
Página 652
28-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 28 Config uring SPAN and RSPAN Displaying SPAN and RSPAN Status[...]
-
Página 653
CH A P T E R 29-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 29 Configuring RMON This chapter describes how to configure Remote Ne twork Monitor ing (RMON) on t he Catalyst 3560 switch. RMON is a standard monitoring specif ication that def ines a set of stati stics and functions that can be exch anged between RMON-c ompliant conso[...]
-
Página 654
29-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 29 Configuring RMON Configuring RMON Figur e 29-1 Remot e Monito r ing Example The switch supports these RMON groups (defined in RFC 1757): • Statistics (RMON group 1)—Collects Ethe rnet statistics (inc luding Fast Ethernet and Gigabit Ethernet statistics, depending on th[...]
-
Página 655
29-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 29 Configuring RMON Configuri ng RMON Default RMON Configuration RMON is disabled by def ault; no alarms or e v ents are conf igured. Configuring RMON Alarms and Events Y o u can conf igure your swit ch for RMON by usi ng the command-line interf ace (CLI) or an SNMP-compatibl[...]
-
Página 656
29-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 29 Configuring RMON Configuring RMON T o disable an alarm, use the no r mon alarm number global configurati on command on each alarm you confi gured. Y ou cannot disable at once all the alarms that you conf igured. T o disable an e vent, use th e no rmon ev ent number global [...]
-
Página 657
29-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 29 Configuring RMON Configuri ng RMON Collecting Group History Statistics on an Interface Y ou must first conf igure RMON alar ms and e vents to display col lection information. Beginni ng in pri vileged EXEC mod e, follow these steps to collect group hi story statistics on a[...]
-
Página 658
29-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 29 Configuring RMON Displaying RMON Status T o disable the collect ion of group Ethernet statistics, use the no rmon collection sta ts index interface confi guration command. This example sh ows ho w to collect RMON stat istics for the o wner ro o t : Switch(config)# interfac[...]
-
Página 659
CH A P T E R 30-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 30 Configuring System Message Logging This chapter descri bes how to conf igur e system message logging on the C atalyst 3560 switch. Note For complete syntax and usage information for the co mmands used in this chapter , see the Cisco IOS Confi gurati on Fundamentals Co[...]
-
Página 660
30-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Config ur ing System Message Logging Configuring System Message Logging Y ou can access logged system messages by using the switch command-line interface (CLI) or by saving them to a properly configured sysl og server . The switc h softw are saves syslog messages in an int[...]
-
Página 661
30-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Configuring System Messag e Logging Configuring System Message Lo gging Ta b l e 30-1 describes the elements of syslog messages. This example sho ws a partial switch system message: 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up 00:00:47: %LINK-3-UP[...]
-
Página 662
30-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Config ur ing System Message Logging Configuring System Message Logging Disabling Message Logging Message logging is enabled b y default. It must be en abled to send messages to an y destination other th an the console. When enabled, log messages are sent to a logging proc[...]
-
Página 663
30-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Configuring System Messag e Logging Configuring System Message Lo gging Setting the Message Display Destination Device If message logging is en abled, you ca n send messages to specific locati ons in additi on to the consol e. Beginni ng in pri vileged EXEC mod e, use one [...]
-
Página 664
30-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Config ur ing System Message Logging Configuring System Message Logging The loggi ng buffer ed global con figuration command copies logging messages to an internal b uffer . The buf fer is circular , so newer messages o verwr ite olde r messages after the buf fer is full. [...]
-
Página 665
30-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Configuring System Messag e Logging Configuring System Message Lo gging T o disable synchronization of unsolic ited messages and deb ug output, use the no logging synchr onous [l evel severity-level | all ] [ limit number-of-b uffers ] line conf iguration co mmand. Enablin[...]
-
Página 666
30-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Config ur ing System Message Logging Configuring System Message Logging This example shows part of a logging disp lay with the s ervice timestamps log uptime global configuration command enabled: 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up Enabli[...]
-
Página 667
30-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Configuring System Messag e Logging Configuring System Message Lo gging Note Specifying a level causes messages at that lev el and numerically lower le vels t o appear at the destination. T o disable logging to the console, use the no lo gging console global conf iguration[...]
-
Página 668
30-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Config ur ing System Message Logging Configuring System Message Logging Limiting Syslog Messages Sent to the History Table and to SNMP If you enabled sysl og message traps to be sent to an SNMP netw ork management station b y using the snmp-server enable trap global con f[...]
-
Página 669
30-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Configuring System Messag e Logging Configuring System Message Lo gging Use the show archiv e log config { all | num ber [ end-number ] | user username [ session number ] nu mber [ end-number ] | statistics } [ pro visioning ] privile ged EXEC com mand to display the comp[...]
-
Página 670
30-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Config ur ing System Message Logging Configuring System Message Logging Configuring UNIX Syslog Servers The next sect ions describe ho w to conf igure the UNIX serv er syslog daemon and ho w to d efine the UNI X system logging f acility . Logging Messages to a UNIX Syslog[...]
-
Página 671
30-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Configuring System Messag e Logging Displaying the Logging Co nfiguration T o remov e a syslog server , use the no logging host global configuration command, and specify the syslog server IP address. T o disabl e logging to syslog servers, enter the no logg ing trap globa[...]
-
Página 672
30-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 30 Config ur ing System Message Logging Displaying the Logging Configuration[...]
-
Página 673
CH A P T E R 31-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 31 Configuring SNMP This chapter describe s how to conf igure the Sim p le Netwo rk Management Protocol (SNMP) on the Catalyst 35 60 switch. Note For complete syntax and usage in formation for the co mmands used in this chapter , see the command reference for this releas[...]
-
Página 674
31-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Understanding SNMP • SNMP Community Strings, page 31 -4 • Using SNMP to Access MIB V ari ables, page 31-4 • SNMP Notifi cations, page 31- 5 • SNMP ifInde x MIB Object V alues, page 31-5 SNMP Versions This software release supports t hese SNMP vers[...]
-
Página 675
31-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configuring SNMP Understanding SNMP Ta b l e 31-1 identifies th e characteristics of the dif ferent combinations of securit y models and le vels. Y o u must conf igure the SNMP agent to u se the SNMP version supp orted by the manag ement station. Because an agent can commu[...]
-
Página 676
31-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Understanding SNMP The SNMP agent also sends unsolicited trap messages to notify an NMS that a signif icant e vent has occurred on the agent. Examples of trap cond itions include, b ut are not limited to , when a port or module goes up or do wn, when span[...]
-
Página 677
31-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configuring SNMP Understanding SNMP SNMP Notifications SNMP allows the switch to send notifications to S N MP managers when particular ev ents occur . SN MP notifications can be sen t as traps or inform requests. In command syntax, unless there is an option in the command [...]
-
Página 678
31-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Configuring SNMP Configuring SNMP These sections contain this configu ration informatio n: • Default SNMP Conf iguration, p age 31-6 • SNMP Configurat ion Guidelin es, page 31-6 • Disabling th e SNMP Agent, page 31 -7 • Config uring Community Stri[...]
-
Página 679
31-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configuring SNMP Configuring SNMP When config uring SNMP , follow these guidelin es: • When config uring an SNMP group, do not specify a not ify vie w . The snmp-serv er host glo bal config uration command autogener ates a notify vie w for the user an d then adds it to t[...]
-
Página 680
31-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Configuring SNMP Configuring Community Strings Y o u use the SNMP community st ring to defi ne th e relationship between the SNMP manager and the agent. The community string acts lik e a passw ord to permit access to the agent on the switch. Optionally , [...]
-
Página 681
31-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configuring SNMP Configuring SNMP Note T o disable access for an SNMP communit y , set the community string for that co mmunity to the null string (do not enter a v alue for the community string). T o remov e a specif ic community string, use the no snmp-serv er community [...]
-
Página 682
31-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Configuring SNMP Beginni ng in pri vileged EXEC mode, foll ow th ese steps to conf igure SNMP on the switch: Command Purpose Step 1 conf igure t erminal Enter global conf iguration mod e. Step 2 snmp-server engineID { local engineid-string | remote ip-ad[...]
-
Página 683
31-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configuring SNMP Configuring SNMP Configuring SNMP Notifications A trap manager is a management station that recei v es and processes traps. T rap s are system alerts that the switch generates when certain e vents occur . By de fault, no trap manag er is defined, and no t[...]
-
Página 684
31-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Configuring SNMP config Generates a trap for SNMP conf iguration changes. copy-config Generates a trap for SNMP copy conf iguration changes. entity Generates a trap for SNMP entity changes. cpu threshold Allo w CPU-related traps. en vmon Generates en vir[...]
-
Página 685
31-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configuring SNMP Configuring SNMP Note Though visible in the command-line hel p strings, the fru-ctrl, i nsertion , and rem ova l ke ywords are not supported. T o enable the sending of SNMP inform notif ications, us e the snmp-server enable traps global conf iguration com[...]
-
Página 686
31-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Configuring SNMP Step 5 snmp-server host host-addr [ info rms | traps ] [ vers ion { 1 | 2c | 3 { auth | noauth | priv }}] community-strin g [ notif ication-typ e ] Specify the recipient of an SNMP trap operation. • For host-add r , specify the name or[...]
-
Página 687
31-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configuring SNMP Configuring SNMP The snmp-server host command specif ies which hosts recei v e the notif ications. Th e snmp-server enable trap command globally enables the mechanism for the specif ied notif ication (for trap s and informs). T o enable a ho st to receive[...]
-
Página 688
31-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Configuring SNMP Setting the Agent Contact and Location Information Beginning in priv ileged EXEC mode, foll ow th ese st eps to set the system co ntact and location of the SNMP agent so that these descriptions can be accessed through the configu ration [...]
-
Página 689
31-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configuring SNMP Configuring SNMP SNMP Examples This examp le shows ho w to enable all v ersions of SNMP . The configurat ion permits an y SNMP manager to access all objects with read-only permissions using the community string public . This conf iguration does not cause [...]
-
Página 690
31-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 31 Configu ring SNMP Displaying SNMP Status Displaying SNMP Status T o display SNMP inp ut and output stat istics, including the number of illeg al community string ent ries, errors, and requested v ariables, use the sho w snmp pri vileged EXEC command. Y ou also can use the[...]
-
Página 691
CH A P T E R 32-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 32 Configuring Embedded Event Manager For co mplete syntax and usage in formation for the comman ds used in this chapter , see the Catalyst 3560 switch command reference for this re lease and the Cisco I OS Network Manag ement Command Refer ence. F or complete conf igura[...]
-
Página 692
32-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 32 Configuring Embedded Event Manager Understanding Embedd ed Event Manager Figur e 32-1 Embedded Ev ent Manag er Cor e Event Det ecto rs See the EEM Configur ation for Cisco I nte gra ted Services Router Plat forms Guide for e xamples of EEM deployment. • Event Detect ors,[...]
-
Página 693
32-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 32 Configuring Embedde d Event Manager Understanding Embedd ed Event Manager • Counter e vent detector–P ublishes an e vent when a named counter crosses a specif ied thresho ld. • Interface counter e vent detector– Publishes an ev ent when a generic Cis co IOS interfa[...]
-
Página 694
32-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 32 Configuring Embedded Event Manager Understanding Embedd ed Event Manager – A CR ON timer publi shes an e vent b y using a UNIX standard CR ON specif ication to def ine when the e vent is to be published. A CR ON ti mer ne v er publishes e v ents more than once per minute[...]
-
Página 695
32-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 32 Configuring Embedde d Event Manager Configuring Embedd ed Event Manager Embedded Event Manager Environment Variables EEM uses en vironment v ariables in EEM policies. These variables are def ined in a EEM polic y tool command language (TCL) script by running a CLI command [...]
-
Página 696
32-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 32 Configuring Embedded Event Manager Configuring Embedde d Event Manager This example sho ws the output for EEM when one of th e fi elds specified b y an SNMP object ID crosses a defined t hreshold: Switch(config-applet)# event snmp oid 1.3.6.1.4.1.9.9.48.1.1.1.6.1 get-type [...]
-
Página 697
32-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 32 Configuring Embedde d Event Manager Displaying Embedded Even t Manager Information 4 _config_cmd1 interface Ethernet1/0 5 _config_cmd2 no shut Th is exa m pl e sh ows a CR ON timer en vironment v ariable, which is assigned b y the software, to be set to ev ery second minut[...]
-
Página 698
32-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 32 Configuring Embedded Event Manager Displaying Embedded Event Mana ger Information[...]
-
Página 699
CH A P T E R 33-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 33 Configuring Network Security with ACLs This chapter describes ho w to conf igure netw ork security on the Catalyst 3560 switch b y using access control lists (A CLs) , which in commands and ta bles are also referred to as access lists. Note Information in this chapter[...]
-
Página 700
33-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Understanding ACLs Y ou configure access lists on a router or Layer 3 sw itch to provide basic secu rity for your network. If you do not con figure A CLs, all packets passing through th e switch could be all owed on to all parts of t[...]
-
Página 701
33-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Understanding ACLs • When an output router A CL and input port A CL exis t in an SVI, incoming packets recei v ed on the ports to which a port A CL is applied are filtered by the port A CL. Outgoing routed IP packets are f iltered [...]
-
Página 702
33-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Understanding ACLs Figur e 33-1 Using ACLs t o Contr ol T raf fic t o a Networ k When you apply a port A CL to a trunk port, the A CL f ilters traf fic o n all VLANs present on the trun k port. When you a pply a port A CL to a port w[...]
-
Página 703
33-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Understanding ACLs As with port ACLs, the switch exam ines A CLs associated wi th features configured on a gi ven interface. Howe v er , router A CLs are supported in both directio ns. As packets enter the sw itch on an interface, A [...]
-
Página 704
33-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs • Permit A CEs that check the Layer 3 information in the fragment (in cluding protocol type, such as TCP , UDP , and so on) are considered to match th e fragment reg ardless of what the missing Layer 4 informa[...]
-
Página 705
33-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs • Inbound and ou tbound rate limiting (e xcept with QoS A CLs) • Reflexi v e A CLs or dynamic A CLs (e xcept for some specialized dynamic A CLs used by the switch clustering feature) • A CL logging fo r po[...]
-
Página 706
33-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs Access List Numbers The number you use to deno te your A CL sho ws the type of access list that you are creating. Ta b l e 33 -1 lists the access-list numb er and corresponding access list type and shows whether[...]
-
Página 707
33-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs The first pack et that triggers the ACL causes a l ogging message right a way , and subsequent packets are collected o ver 5-minu te interv als befo re they appear or logged. The logging message incl udes the ac[...]
-
Página 708
33-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs Switch(config)# end Switch# show access-lists Standard IP access list 2 10 deny 171.69.198.102 20 permit any The switch always rewrites the order of st andard access lists so that entries with host matches and [...]
-
Página 709
33-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Beginni ng in pri vileged EXEC mode, follow these steps to create an extend ed A CL: Command Purpose Step 1 conf igure terminal Enter global co nfigurat ion mode. Step 2a access-list access-list-number { deny |[...]
-
Página 710
33-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs or access-list access-list-number { deny | permit } protocol any any [ precedence precedence ] [ tos tos ] [ fragments ] [ log ] [ log-input ] [ time-range time-r ange-name ] [ dscp dscp ] In access-list config[...]
-
Página 711
33-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Use the no access-list access-list-number global configu ration command to delete the ent ire access list. Y ou cannot delete individual A CEs from numbered acce ss lists. This exampl e shows ho w to cr eate an[...]
-
Página 712
33-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs After creating a numbered extended A CL, you can apply it to terminal lines (see the “ Applying an IPv4 A CL to a T erminal Line” section on page 33-18 ), to interfaces (see the “ Applying an IPv4 A CL to[...]
-
Página 713
33-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs T o remov e a named standard A CL, use the no ip access-list standard name global conf igurat ion command. Beginni ng in pri vileged EXEC mode, follow these steps to create an extend ed A CL using names: T o re[...]
-
Página 714
33-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs After you create an A CL, an y additions are placed at the end of the list. Y ou cannot sele cti vely add A CL entries to a specific A CL. Ho wev er , you can use no permit and no deny access-list conf iguratio[...]
-
Página 715
33-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Repeat the steps if you ha v e multiple items that you w ant in ef fect at different t imes. T o remov e a conf igured time-range limitation, u se the no time-range time-r ange-name global confi guration comman[...]
-
Página 716
33-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs Extended IP access list deny_access 10 deny tcp any any time-range new_year_day_2006 (inactive) Extended IP access list may_access 10 permit tcp any any time-range workhours (inactive) Including Comments in ACL[...]
-
Página 717
33-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Beginni ng in pri vileged EXEC mode, follo w these steps to restrict in coming and outgoing connecti ons between a virtual terminal line and the addresses in an A CL: T o remov e an A CL from a t erminal line, [...]
-
Página 718
33-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs Beginni ng in pri vileged EXEC mode, foll ow th ese steps to control access to an interface: T o remove the specif ied access group, use the no ip access-gr oup { access-list-number | name } { in | out } interf[...]
-
Página 719
33-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Hardware and Software Treatment of IP ACLs A CL processing is primarily accomplished in hardware, but requ ires forwarding of so me traf fic flo ws to the CPU for software processing. If the hardw are reaches i[...]
-
Página 720
33-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs permit tcp source source-wildcard destination destination-wildcard range 5 60 permit tcp source source-wildcard destination destination-wildcard range 15 160 permit tcp source source-wildcard destination destin[...]
-
Página 721
33-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs Figur e 33-3 Using Router A CLs t o Control T r affic This example uses a standard A CL to fil ter traff ic coming into Serv er B from a port, p ermitting traf fic only from Accounting’ s source addresses 172[...]
-
Página 722
33-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs Numbered ACLs In this example, netw ork 36.0.0.0 is a Class A netw or k whose second octet specif ies a subnet ; that is, its subnet mask is 255.255.0.0. The thir d and fourth octe ts of a netw ork 36.0.0.0 add[...]
-
Página 723
33-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring IPv4 ACLs The marketing_gr oup A CL allows any TCP T elnet traffic to the d estination address and wildcard 171.69.0.0 0.0.255.25 5 and denies any other TCP traf f ic. It permits ICMP traf f ic, denies UDP traf fi c from[...]
-
Página 724
33-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring IPv4 ACLs In this exampl e of a named A CL, the Jones subnet is not allo wed access: Switch(config)# ip access-list standard prevention Switch(config-std-nacl)# remark Do not allow Jones subnet through Switch(config-std-[...]
-
Página 725
33-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Creating Named MAC Extended ACLs 01:26:12:%SEC-6-IPACCESSLOGP:list ext1 denied udp 0.0.0.0(0) -> 255.255.255.255(0), 1 packet 01:31:33:%SEC-6-IPACCESSLOGP:list ext1 denied udp 0.0.0.0(0) -> 255.255.255.255(0), 8 packets Note t[...]
-
Página 726
33-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Creating Named MAC Extended ACLs Use the no mac access-list extende d name gl obal conf iguration command to delete the enti re A CL. Y ou can also delete indi vidual A CEs from named MAC e xtended A CLs. This example sh ows ho w to[...]
-
Página 727
33-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring VLAN Maps • A Layer 2 interface can hav e only one MA C access list. If you apply a MAC access list to a Layer 2 interface that has a MA C A CL configured, the ne w A CL replaces the previously conf igured one. Beginni[...]
-
Página 728
33-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring VLAN Maps T o create a VLAN map and apply it to one or more VLANs, perform these steps: Step 1 Create the standard or e xtended IPv4 A CLs or named MA C extended A CLs that you want to apply to the VLAN. See the “Creat[...]
-
Página 729
33-31 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring VLAN Maps • When a frame is Layer-2 forwarded within a pri v ate VLAN, the same VLAN map is applie d at the ingress side and at the egress side. When a frame is routed from inside a priv ate VLAN to an e xternal port, [...]
-
Página 730
33-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring VLAN Maps Examples of ACLs and VLAN Maps These examples show how to create A CLs and VLAN maps that for specific purposes. Example 1 This example sho ws how to create an A CL and a VLAN map to den y a packet. In the firs[...]
-
Página 731
33-33 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring VLAN Maps Example 3 In this e xample, the VLAN map has a default action of drop for MA C packet s and a default action of forward for IP packets. Used with MA C extended access lists good-h osts and good-prot ocols , the[...]
-
Página 732
33-34 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Configuring VLAN Maps Applying a VLAN Map to a VLAN Beginni ng in pri vileged EX EC mode, follo w these steps to apply a VLAN map to one or more VLA Ns: T o remov e the VLAN map, use the no vlan filter mapname vlan-list list glob al[...]
-
Página 733
33-35 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Configuring VLAN Maps Figur e 33-4 Wir ing Closet Configuration If you do not w ant HTTP traf f ic switched from Host X to Ho st Y , you can conf igure a VLAN map on Switch A to drop all HTTP traff ic from Host X (IP address 10.1.1.[...]
-
Página 734
33-36 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Using VLAN Maps with Ro uter ACLs Figur e 33-5 Den y Access t o a Server on Another a VLAN This example sho ws how to den y access to a se rver on anoth er VLAN by creating the VLAN map SER VER 1 that denies access to host s in subn[...]
-
Página 735
33-37 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Using VLAN Maps with Router ACLs Note When you use router A CLs with VLAN maps, packets that require logging on the router AC Ls are not logged if t hey are d enied b y a VLAN map. If the VLAN map has a match clause for the type of [...]
-
Página 736
33-38 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Using VLAN Maps with Ro uter ACLs Examples of Router ACLs and VLAN Maps Applied to VLANs This section gi v es examples of app lying router A CLs and VLA N maps to a VLAN for switched, bridg ed, routed, and multicast p ackets. Althou[...]
-
Página 737
33-39 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Using VLAN Maps with Router ACLs Figur e 33-7 Applying A CLs on Br idg ed P ac k ets ACLs and Routed Packets Figure 33-8 sho ws ho w A CLs are applied o n routed packet s. F or routed packets, the A CLs are applied in this order: 1.[...]
-
Página 738
33-40 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Displaying IPv4 AC L Configuration ACLs and Multicast Packets Figure 33-9 sho ws how A CL s are applied on packets that ar e replicated for IP multicasting. A mu lticast packet being routed has two dif ferent kinds o f filt ers appl[...]
-
Página 739
33-41 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configuri ng Network Security with ACLs Displaying IPv4 ACL C onfiguration Y ou can also display information about VLAN access maps or VLAN filters. Use the privile ged EXEC commands in Ta b l e 33-3 to display VLAN map informati on. show ip interface interface-id Display[...]
-
Página 740
33-42 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 33 Configurin g Network Security with ACLs Displaying IPv4 AC L Configuration[...]
-
Página 741
CH A P T E R 34-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 34 Configuring QoS This chapter describe s ho w to configure quality of serv ice (QoS) by using automatic QoS (auto-Q oS) commands or b y using standard QoS commands on th e Catalyst 3560 switch. W ith QoS, you can provide preferen tial treatmen t to certain ty pes of tr[...]
-
Página 742
34-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Understanding QoS T ypically , networks operate on a best-ef fort deli v ery ba sis, which means that all traf f ic has equal priority and an equal chance of being deli vered in a timely manner . When congestion occurs, all traf f ic has a[...]
-
Página 743
34-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Figur e 34-1 QoS Classification Lay ers in Fr ames and P ac k ets All switches and routers that access the I nternet re ly on the class i nformation to pro vide the same forwarding treatment to packets with the same class information and d[...]
-
Página 744
34-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Figure 34-2 sho ws the basic QoS model. Actio ns at the ingr ess port includ e classi fying traf f ic, polici ng, marking, queue ing, and schedu ling: • Classifying a distinct path for a packet b y associating it with a QoS label. The sw[...]
-
Página 745
34-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Classification Classificat ion is the process of distin guishing one ki nd o f traff ic from another b y examini ng the fields in the packet. Classification is enab l ed only if QoS is globall y enabled on the switch. By def ault, QoS is g[...]
-
Página 746
34-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS After classificat ion, the packet is sent to the polici ng, mark ing, and the in gress queueing an d scheduling stages. Figur e 34-3 Classification Flo wc har t 86834 Generate the DSCP based on IP precedence in pack et. Use the IP-preceden[...]
-
Página 747
34-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Classification Based on QoS ACLs Y ou can use IP standard, IP extended, or Layer 2 MAC A CLs to defi ne a group of packets with the same characteristics ( class ). In the QoS conte xt, the permit and de ny actions in the access control ent[...]
-
Página 748
34-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS The polic y map can contain the police and pol ice aggr egate policy-map class co nf iguration commands, which defi ne the policer , the b andwidth limitations of th e traf fic, and the action to tak e if the limits are exceeded. T o enabl[...]
-
Página 749
34-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Policing on Physical Ports In policy maps on physical por ts, yo u can create these types of pol icers: • Indi vidual—QoS applies the bandw idth limits specif ied in the policer sep arately to each matched traf fi c class. Y ou config [...]
-
Página 750
34-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Figur e 34-4 P olicing and Mar king Flow char t on Ph ysical P orts Policing on SVIs Note Before config uring a hierarchical policy map with indi vidual policers on an SVI, y ou must enable VLAN-based QoS on the physical po rts that belon[...]
-
Página 751
34-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS When configuring policing on an SVI, you can create and configure a hi erarchical polic y map with these two le v els: • VLAN le vel—Create this p rimary le vel b y conf iguring class maps an d classes that specify the p ort trust sta[...]
-
Página 752
34-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Mapping Tables During QoS proc essing, the switch re pr esents the pri ority of all traf f ic (including non-IP traf f ic) with an QoS label based on the DSCP or CoS valu e from the classif ication stage: • During classification, QoS us[...]
-
Página 753
34-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Queueing and Scheduling Overview The switch has queues at sp ecific points to help pre v ent congestion as sho wn in Figure 34-6 . Figur e 34-6 Ingress a nd Egr ess Queu e Location Because the total inboun d bandwidth of all ports can e x[...]
-
Página 754
34-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Figur e 34-7 WTD and Queue Operation For more information, see the “Mapping DSCP or CoS V alues to an Ingress Queue and Setting WTD Thresholds” section on page 34-67 , the “ Allocating Buf fer Space to and Setting WTD Thresholds for[...]
-
Página 755
34-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Queueing and Scheduling on Ingress Queues Figure 34-8 sho ws the queueing and schedulin g flow chart for ingress ports. Figur e 34-8 Queueing and Scheduling Flow char t f or Ingr ess P or ts Note SRR service s the priori ty queue for its [...]
-
Página 756
34-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Y ou assign each packet that flo ws through the switch to a queue and to a threshold. Specif ically , you map DSCP or CoS v alues to an ing ress queue and map DSCP or CoS values to a threshold ID. Y ou use the mls qos srr -queue input dsc[...]
-
Página 757
34-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS Figur e 34-9 Queueing and Scheduling Flow char t f or Egre ss P orts Each port supports four egress queues, o ne of whic h (queue 1) can be the e gress expedi te queue.These queues are configured by a queue-se t. All traf fic lea ving an [...]
-
Página 758
34-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS buf fers) or not empty (free bu ffers). If the queue is not o ver -limit, the switch can allocate buf fer space from the reserv ed pool or from the common pool (if it is not empty). If there are no free buf fer s in the common pool or if [...]
-
Página 759
34-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Understanding QoS modify it. Y ou map a port to queue-set by using the queue-set qset-id interface conf iguration command. Modify the queue- set conf iguration to change the WTD threshold per centages. For more informat ion about how WTD works, see the “[...]
-
Página 760
34-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto- QoS The input mutation causes th e DSCP to be re written dependi ng on the ne w v alue of DSCP chosen. The set action in a polic y map also causes the DSCP to be rewri tten. Configuring Auto-QoS Y o u can use the auto-QoS feature to simp [...]
-
Página 761
34-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto-QoS Ta b l e 34-3 shows the g enerated auto-QoS conf iguration for the ingress queues. Ta b l e 34-4 shows the g enerated auto-QoS conf iguration for th e egress queues. When you enable the auto-QoS feature on th e first por t, these autom[...]
-
Página 762
34-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto- QoS When you enable auto -QoS by usin g the auto qos voip cisco-phone , the auto qos v oip cisco-softphone , or the auto qos voip trust interface configuration command, the swit ch automatically generates a QoS configuration based on the [...]
-
Página 763
34-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto-QoS The switch automatically maps DSCP v alues to an e gress queue and to a threshold I D. Switch(config)# no mls qos srr-queue output dscp-map Switch(config)# mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47 S[...]
-
Página 764
34-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto- QoS If you entered the auto qos voip tru st command, the switch automatically sets the in gress classifi cation to trust the CoS valu e receiv ed in the packet on a nonrouted port b y using the mls qos trust cos command or to trust th e D[...]
-
Página 765
34-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto-QoS Effects of Auto-QoS on the Configuration When auto-QoS is enabled, the auto qos voip interface conf iguration command and t he generated confi guration are added to the running conf iguration. The switch applies the auto-QoS-g enerated[...]
-
Página 766
34-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto- QoS • Beginni ng with Cisco IOS Release 12.2(40)SE, Auto-Qos V oIP uses the priority-queue interface configuration command for an e gress interface. Y ou can also configure a polic y-map and trust device on the same interface for Cisco [...]
-
Página 767
34-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto-QoS Enabling Auto-QoS for VoIP Beginning in priv ileged EXEC mode, foll ow these steps to en able auto-QoS for V oIP within a QoS domain: T o display the QoS commands that are automatically generated when auto-QoS is enabled or disabled, e[...]
-
Página 768
34-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Auto- QoS Switch(config-if)# auto qos voip trust Auto-QoS Configuration Example This section describes ho w you could implement auto-Q oS in a network, as sho wn in Figure 34-11 . For optimum QoS performance, enable auto -QoS on all the de vice[...]
-
Página 769
34-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Displaying Auto-QoS Information Beginni ng in priv ileged EXEC mode, follo w these steps to conf igure the swit ch at the edge of the QoS domain to prioritize t he V oIP traff ic o ver all other traff ic: Displaying Auto-QoS Information T o display the ini[...]
-
Página 770
34-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS • show mls qos maps [ cos-dscp | cos-input-q | cos-output-q | dscp-cos | dscp-input-q | dscp-output-q ] • show mls qos input-queue • show running-conf ig For more inf ormation about these commands, s ee the command referenc [...]
-
Página 771
34-31 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Default Ingress Q ueue Configuration Ta b l e 34-6 shows the d efault ingr ess queue conf iguration when QoS is enabl ed. Ta b l e 34-7 shows the d efault CoS input qu eue threshold map when QoS is enabled. Ta b l e 34-8 shows the [...]
-
Página 772
34-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Ta b l e 34-10 shows the def ault CoS output qu eue threshold map when QoS is en abled. Ta b l e 34-11 shows the def ault DSCP output queue t hreshold map when QoS is en abled. Default Mapping Table Configuration The default Co S-[...]
-
Página 773
34-33 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Standard QoS Configuration Guidelines Before begin ning the QoS conf iguration, you should be a ware of thi s information in these sections: • “QoS A CL Guideline s” section on pa ge 34-33 • “ Applying QoS on Interfaces?[...]
-
Página 774
34-34 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS – After the hierarchical policy map is attached to an SVI , the interface-le ve l policy map cannot be modif ied or remov ed from the hierarchical polic y map. A ne w interface-l ev el polic y map also cannot be added to the hie[...]
-
Página 775
34-35 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Enabling QoS Globally By default, Qo S is disabled on the switch. Beginni ng in pri vileged EXEC mode, follow these steps to enable QoS. This procedure is requi red. T o disable QoS, use t he no mls qos global conf iguration comman[...]
-
Página 776
34-36 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Configuring Classification Using Port Trust States These sections describe ho w to cl assify i ncoming traf fic by using port trust states. Depending on your network co nfiguratio n, you must perform one or more of these t asks or[...]
-
Página 777
34-37 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Beginni ng in pri vileged EXEC mode, follow these steps to conf igure the port to trust the classi ficat ion of the traff ic that it recei ves: T o return a port to it s untrusted state, use t he no mls qos trust interface conf igu[...]
-
Página 778
34-38 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Configuring the CoS Value for an Interface QoS assigns the CoS valu e specif ied with the mls qos cos interface conf iguration command to untagged frames recei ved on trusted and untrusted p orts. Beginning in priv ileged EXEC mod[...]
-
Página 779
34-39 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS the telephone is connected to tru st the CoS labels of all traf f ic recei ved on that port . Use the mls qos trust dscp interface conf iguration comman d to config ure a routed port to which the telephone is connected t o trust th[...]
-
Página 780
34-40 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Enabling DSCP Transparency Mode In software releases earlier than Cisco IOS Re lease 12.2(25)SE, if QoS is disabl ed, the DSCP v alue of the incoming IP pack et is not modif ied. If QoS is enab led and you conf igure the interface[...]
-
Página 781
34-41 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS stage of QoS. If the two d omains use dif ferent DSCP v alues, yo u can config ure the DSCP-to-DSCP-mutation map to translate a set of DSCP v alues to match the def inition in the other domain. Figur e 34-13 DSCP -T r ust ed State [...]
-
Página 782
34-42 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS T o return a port to it s non-trusted state, use the no mls qos trust interf ace configuration command. T o return to the default DSCP- to-DSCP-mutation map v alues, use the no mls qos map dscp-mutation dscp-mutation -name global [...]
-
Página 783
34-43 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Classifying Traffic by Using ACLs Y ou can classify IP traff ic b y using IP standard or IP extended A CLs; you can classify non-IP traff ic by using Laye r 2 MA C A CLs. Beginni ng in pri vileged EXEC mod e, follow these steps to [...]
-
Página 784
34-44 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Beginning in priv ileged EXEC mode, follo w these steps to create an IP extended A CL for IP traff ic: T o delete an access list, use the no access-list access-list-number global configuration co mmand. This example sho ws ho w to[...]
-
Página 785
34-45 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Beginning in pri vileged EXEC mode, follo w these steps to create a Layer 2 MA C ACL for non-IP traf f ic: T o delete an access list, use the no mac access-list extended access-list-name global conf iguration command. This example [...]
-
Página 786
34-46 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Classifying Traffic by Using Class Maps Y ou use the class-map global confi guration command to name an d to isolate a specif ic traf fic flo w (or class) from all other traf f ic. The class map def ines the criteria to use to mat[...]
-
Página 787
34-47 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS T o delete an existi ng policy map, use the no policy-map policy-map-name global co nfiguration command. T o delete an existing class map, use the no cl ass-map [ match-all | match-any ] class-map-n ame global conf iguration comman[...]
-
Página 788
34-48 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Classifying, Policing, and Mark ing Traffic on Physical Ports by Using Policy Maps Y o u can conf igure a nonh ierarchical policy map on a p hysical port that specifies which traff ic class to act on. Actions can include trusting [...]
-
Página 789
34-49 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Beginni ng in pri vileged EXEC mode, follow thes e steps to crea te a nonhierar chical polic y map: Command Purpose Step 1 configur e terminal Enter global conf iguration mode. Step 2 class-map [ match-all | match-any ] class-map-n[...]
-
Página 790
34-50 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Step 5 trust [ cos | dscp | ip-precedence ] Conf igure the trust state, which QoS u ses to generate a CoS-based or DSCP-based QoS label. Note This command is mutually e xclusi ve with the set command within the same polic y map. I[...]
-
Página 791
34-51 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS T o delete an existi ng policy map, use the no policy-map policy-map-name global co nfiguration command. T o delete an existing class map, use the no class class-map- name policy -map config uration command. T o return to the untru[...]
-
Página 792
34-52 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Switch(config-ext-mac)# exit Switch(config)# class-map macclass1 Switch(config-cmap)# match access-group maclist1 Switch(config-cmap)# exit Switch(config)# policy-map macpolicy1 Switch(config-pmap)# class macclass1 Switch(config-p[...]
-
Página 793
34-53 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS • The hierarchical policy map is attached to the SVI and af fects all traff ic belonging to the VLAN. The actions specified in the VLAN-le vel polic y ma p affect the traf fic belonging to the SVI. The police action on the port -[...]
-
Página 794
34-54 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Step 5 exit Return to global conf iguratio n mode. Step 6 class-map [ match-all | match-any ] class-map-name Create an interface-lev el class map, and enter class-map configuration mode. By default, no class map s are defined. •[...]
-
Página 795
34-55 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Step 12 police rate-bps burst-byte [ exceed-action { drop | policed-dscp-transmit }] Define an indi vidual policer for the classif ied traff ic. By default, no p olicer is defi ned. For informatio n on the number of policers suppor[...]
-
Página 796
34-56 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Step 17 trust [ cos | dscp | ip-precedence ] Co nfigure the tr ust state, which QoS uses to generate a CoS-based or DSCP-based QoS label. Note This command is mutually e xclusi ve with the set command within the same polic y map. [...]
-
Página 797
34-57 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS T o delete an existi ng policy map, use the no policy-map policy-map-name global co nfiguration command. T o delete an existing class map, use the no class class-map-name polic y-map conf iguration command. T o return to the untrus[...]
-
Página 798
34-58 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Switch(config-pmap)# class-map cm-2 Switch(config-pmap-c)# match ip dscp 2 Switch(config-pmap-c)# service-policy port-plcmap-1 Switch(config-pmap)# exit Switch(config-pmap)# class-map cm-3 Switch(config-pmap-c)# match ip dscp 3 Sw[...]
-
Página 799
34-59 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS T o remov e the specif ied aggre gate policer from a policy map, use the no police aggr egate aggr egate-policer -name polic y map configu ration mode. T o delete an aggregat e policer and its parameters, use the no mls qos aggrega[...]
-
Página 800
34-60 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Switch(config-pmap-c)# trust dscp Switch(config-pmap-c)# police aggregate transmit1 Switch(config-pmap-c)# exit Switch(config-pmap)# class ipclass2 Switch(config-pmap-c)# set dscp 56 Switch(config-pmap-c)# police aggregate transmi[...]
-
Página 801
34-61 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS T o return to the defaul t map, use the no mls qos cos-dscp global configurati on command. This exampl e show s how to modi fy and display the CoS-to-DSCP map: Switch(config)# mls qos map cos-dscp 10 15 20 25 30 35 40 45 Switch(con[...]
-
Página 802
34-62 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Switch# show mls qos maps cos-dscp Cos-dscp map: cos: 0 1 2 3 4 5 6 7 -------------------------------- dscp: 10 15 20 25 30 35 40 45 Configuring the IP-Precedence-to-DSCP Map Y ou use the IP-precedence-to-DSCP map to map IP pr ece[...]
-
Página 803
34-63 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Switch# show mls qos maps ip-prec-dscp IpPrecedence-dscp map: ipprec: 0 1 2 3 4 5 6 7 -------------------------------- dscp: 10 15 20 25 30 35 40 45 Configuring the Policed-DSCP Map Y o u use the policed- DSCP map to mark do wn a D[...]
-
Página 804
34-64 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Configuring the DSCP-to-CoS Map Y ou use the DSCP-to-CoS map to generate a CoS v alue, which is used to select one of the four egr ess queues. Ta b l e 34-14 shows the default DSCP-to-CoS map. If these v alues are not appropriate [...]
-
Página 805
34-65 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS 3 : 03 03 00 04 04 04 04 04 04 04 4 : 00 05 05 05 05 05 05 05 00 06 5 : 00 06 06 06 06 06 07 07 07 07 6 : 07 07 07 07 Note In the abov e DSCP-to-CoS map, the CoS v alues are sho wn in the body of th e matrix. The d1 column specifie[...]
-
Página 806
34-66 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS T o return to the def ault map, use the no mls qos dscp-mutation dscp-mut ation-name glo bal confi guration command. This exampl e shows ho w to def ine the DSCP-to-DSCP-mutat ion map. All the entries th at are not expli citly con[...]
-
Página 807
34-67 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds Y ou can prioritize traff ic by placing packets with particular DSCPs or CoSs into certain queues and adjusting the queue t hresholds so that packets with lo[...]
-
Página 808
34-68 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS This exampl e show s how to map DSCP va lues 0 to 6 to ingress queue 1 an d to threshold 1 with a d rop threshold of 50 percent. It maps DSCP values 20 t o 26 to ingress queue 1 and to threshol d 2 with a drop threshold of 70 perc[...]
-
Página 809
34-69 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Beginni ng in pri vileged EXEC mode, follow these steps to allocate bandwidth between the ingress queues. This procedure is optional. T o return to the def ault setting, use the no mls q os srr -queue input band width global conf i[...]
-
Página 810
34-70 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Beginni ng in pri vileged EXEC mode, follo w these steps to conf igure the pri ority queue. This procedure is optio nal. T o return to the def ault setting, use t he no mls qos srr -queue input priorit y-queue queue-id global conf[...]
-
Página 811
34-71 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS These sections contain this configu ration informatio n: • Config uration Guidelines, page 34-71 • Allocating Buffer Space to and Setting WTD Th resholds for an Egress Queue-Set, page 34-71 (optiona l) • Mapping DSCP or Co S [...]
-
Página 812
34-72 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Beginni ng in pri vileged EXEC mode, follo w these steps to configure t he memory allocation and to d rop thresholds for a queue-set. This procedure is opti onal. Command Purpose Step 1 configur e terminal Enter global configurati[...]
-
Página 813
34-73 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS T o return to the def ault setting, use the no mls qos queue- set output qset-id buffers global confi guration command. T o return to the de fault WTD th reshold percentages, use the no mls qos queue-set output qset-id thr eshold [[...]
-
Página 814
34-74 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Beginni ng in pri vileged EXEC mode, follo w these steps to map DSCP or CoS v alues to an e gress queue and to a threshold ID. This procedur e is optional. T o return to the d efault DSCP output q ueue threshold map or the def aul[...]
-
Página 815
34-75 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS Y ou can configure th e egr ess queues for shaped or sh ared weights, or both. Use shap ing to smooth bursty traf fi c or to prov ide a smoother output o ver time. F or information ab out shaped weights, see the “SRR Shaping and [...]
-
Página 816
34-76 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Stand ard QoS Note The egress queue def ault settings are suitab le for most situations. Y ou should change them only wh en you ha ve a thorough un derstanding of the egr ess queues and if these settings do not meet your QoS solution. Beginni n[...]
-
Página 817
34-77 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Configuring Standard QoS T o disable the e gress expedi te queue, use the no priority-queue out interf ace configu ration command. This example sho ws ho w to enable the egress e xpedite queue when th e SRR weights are configured. The egress e xpedite queu[...]
-
Página 818
34-78 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 34 Configuring QoS Displaying Standard QoS Information This example sh ows ho w to limit t he bandwidth on a port to 80 percent: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# srr-queue bandwidth limit 80 When you conf igure this command to 80 pe rcent, the [...]
-
Página 819
CH A P T E R 35-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 35 Configuring EtherChannels and Link-State Tracking This chapter de scribes ho w to co nf igure EtherChannels on Layer 2 and Layer 3 ports on the Catalyst 3560 switch. EtherChannel provides fa ult-tolerant high-speed links bet ween switches, routers, and servers. Y ou c[...]
-
Página 820
35-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Understanding EtherCh annels EtherChannel Overview An EtherChannel consists of indi vidual F ast Ethern et or Gig abit Ethernet links b undled into a singl e logical lin k as sho wn in Figure 35-1 . Figur e 35-1 T ypical E[...]
-
Página 821
35-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Understanding EtherChann els If a link with in an EtherCha nnel fails, traff ic previously carried ov er that failed link m ov es to the remaining links within t he EtherChannel. If traps are en abled on the switch, a tra[...]
-
Página 822
35-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Understanding EtherCh annels After you conf igure an EtherChannel , configur ation changes applied to the port-channel interface apply to all the physical po rts assigned to the port-chan n el interface. Conf iguration cha[...]
-
Página 823
35-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Understanding EtherChann els Use the silent mode when the switch is connected to a de vice that is not P A gP-capable and seldom, if ev er , sends packets. An e xample of a silent partner is a file server or a pack et ana[...]
-
Página 824
35-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Understanding EtherCh annels LACP Modes Ta b l e 35-2 shows the user -conf igurable EtherChann el LA CP modes for t he channel-group interface confi guration command. Both the active and passive LA CP modes enable ports to[...]
-
Página 825
35-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Understanding EtherChann els Caution Y ou should use care when using the on mode. This is a manual conf iguration , and ports on both end s of the EtherChannel must ha ve the same conf iguration. If the group is misconf i[...]
-
Página 826
35-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Configuring EtherCh annels single-MA C-address de vice, source-based for warding on the switch Et herChannel ensures that the switch uses all av ailable bandwidt h to the router . The router is conf igured for destination-[...]
-
Página 827
35-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Configuring EtherChannels Note Make sure that the ports are correctly co nfigured. For more information, see the “EtherChannel Config uration Guidelines” section on page 35-9 . Note After you conf igure an EtherChanne[...]
-
Página 828
35-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Configuring EtherCh annels • When a group is f irst created, all ports fol lo w the pa rameters set for the f irst port to be adde d to the group. If you change the conf iguration of one of th ese parameters, you must a[...]
-
Página 829
35-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Configuring EtherChannels Beginning in priv ileged EXEC mode, foll ow these steps to assign a Layer 2 Ethernet port to a Layer 2 EtherChann el. This procedure is req uired. Command Purpose Step 1 configur e terminal Ente[...]
-
Página 830
35-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Configuring EtherCh annels T o remov e a port from the EtherChannel group, use the no channel-gr oup interface configuration command. Step 4 channel-group c hannel-gr o up-number mode { auto [ non-silent ] | desirable [ n[...]
-
Página 831
35-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Configuring EtherChannels This exampl e show s how to conf igure an EtherChannel . It assigns tw o ports as static-access ports in VLAN 10 to channel 5 with t he P AgP mode desirable : Switch# configure terminal Switch(c[...]
-
Página 832
35-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Configuring EtherCh annels T o remov e the port-channel, use the no interface port-channel port-chann el-number global confi guration command. This example sh ows ho w to create th e logical port ch annel 5 and assi gn 17[...]
-
Página 833
35-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Configuring EtherChannels This ex ample sho ws ho w to conf igure an EtherChannel. It assigns two ports to channel 5 with the LA CP mode activ e : Switch# configure terminal Switch(config)# interface range gigabitetherne[...]
-
Página 834
35-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Configuring EtherCh annels Switch(config-if-range)# channel-group 5 mode active Switch(config-if-range)# end Configuring EtherChannel Load Balancing This section descri bes how to conf igure EtherChannel load balancing by[...]
-
Página 835
35-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Configuring EtherChannels P AgP cannot automatically detect when the partner de vice is a physical lea rner and when the local device is an aggre gate-port learner . Therefore, you must manually set the learning metho d [...]
-
Página 836
35-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Configuring EtherCh annels T o return the priorit y to its defaul t setting, use the no pagp port-priority interface conf iguration command. T o return the learning method to its defa ult setting, use the no pagp lear n-m[...]
-
Página 837
35-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Configuring EtherChannels Configuring the LACP System Priority Y o u can conf igure the system priori t y for all the EtherChannels that are enabled for LA CP b y using the lacp system-priority global conf iguration comm[...]
-
Página 838
35-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Displaying EtherChann el, PAgP, and LACP Status Beginni ng in pri vileged EXEC mode, foll ow th ese steps to conf igure the LA CP port prior ity . This procedure is optional. T o return the LA CP po rt priority to the def[...]
-
Página 839
35-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Understanding Link-State Tracking Understanding Link-State Tracking Link-state trac king, also known as trunk failover , is a feature that binds th e link state of multiple interfaces. F or example, li nk-state tracking [...]
-
Página 840
35-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Understanding Link-State Trac king • If any of the upstream interfaces are in the link-up state, the do wnstream in terfaces can change to or remain in the link-up st ate. • If all of the upstream int erfaces become u[...]
-
Página 841
35-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Configuring Link -Sta te Tracking Figur e 35-4 T ypical Link-State T rac king Configuration Configuring Link-State Tracking These sections describe ho w to conf igure link-st ate tracking ports: • Default Lin k-State T[...]
-
Página 842
35-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Configuring Link-S tate Tracking Default Link-State Tracking Configuration There are no link-state groups def ined, and link-stat e tracking is not enabled for any group. Link-State Tracking Con figuration Guidelines Foll[...]
-
Página 843
35-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring Et he rChannels and Link-State Tracking Configuring Link -Sta te Tracking T o disable a link-state gr oup, use the no link state track number global co nfigu ration command. Displaying Link-State Tracking Status Use the show link state group command to display[...]
-
Página 844
35-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 35 Configuring EtherChan nels and Link-State Tracking Configuring Link-S tate Tracking[...]
-
Página 845
CH A P T E R 36-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 36 Configuring IP Unicast Routing This chapter describes ho w to con figur e IP V ersion 4 (IPv4) unicast routing on the Catalyst 35 60 switch. Basic routing fun ctions, including static routing and the Routing Informat ion Protocol (RIP), are av ailabl e with both the I[...]
-
Página 846
36-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Understanding IP Routing • Config uring Protocol-Indepen dent Features, page 36-86 • Monitoring and Maintaining t he IP Network, page 36 -100 Note When configuri ng routing parameters on the switch and to allocate system re sources to max[...]
-
Página 847
36-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Steps for Configuring Routing Static unicast rout ing forwards pack ets from predeter mined ports through a si ngle path into and out of a network. St atic routing is se cure and uses li ttle ba ndwidth, b ut does not automat ically respond [...]
-
Página 848
36-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring IP Addr essing Note A Layer 3 switch ca n ha ve an IP ad dress assigned to each routed por t and SVI. The number of routed ports and SVIs that you can conf igure is not limited b y softw are. Ho we ver , the interrelationship betw[...]
-
Página 849
36-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring IP Addressing Assigning IP Addresses to Network Interfaces An IP address identif ies a location to which IP pack ets can be sent. Some IP addresses are reserved for special uses and cannot be used for host, subnet, or network add[...]
-
Página 850
36-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring IP Addr essing Use of Subnet Zero Subnetting with a subnet address of zero is strongly disco uraged because of the prob lems that can arise if a networ k and a subnet ha ve the same addresses. F or e xample, if network 1 31.108.0.[...]
-
Página 851
36-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring IP Addressing Figur e 36-2 IP Classless Routing In Figure 36-3 , the router in netw ork 128.20.0.0 is connected to subnets 128.20.1.0, 128.2 0.2.0, and 128.20.3.0. If the host sends a packet to 120.20.4.1, because there is no net[...]
-
Página 852
36-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring IP Addr essing T o restore the default an d hav e the switch forw ard packets dest ined for a subnet of a netw ork with no network def ault route to the best sup ernet route possible, use the ip classless global configurati on com[...]
-
Página 853
36-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring IP Addressing Define a Static ARP Cache ARP and other address reso lution protocols pro vid e dynamic mapp ing between IP addresses and MA C addresses. Because most ho sts support dynamic addre ss resolution, you usually do not n[...]
-
Página 854
36-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring IP Addr essing Beginni ng in pri vileged EXEC mode, follow thes e steps to specify the ARP encapsulation type: T o disable an encaps ulation type, use the no arp arpa or no arp snap interface co nfigu ration command. Enable Proxy[...]
-
Página 855
36-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring IP Addressing Proxy ARP Proxy ARP , the most common method for learning abou t other routes, enables an Ethernet host with no routing information to communicate with hosts on other net works or subnets. The host assumes that all[...]
-
Página 856
36-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring IP Addr essing The only required task for IRDP ro uting on an interface is to enable IRDP processing on that interface. When enabled, the default parameters apply . Y ou can optionally change any of these parameters. Beginni ng i[...]
-
Página 857
36-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring IP Addressing Configuring Broadcast Packet Handling After conf iguring an IP interf ace address, you can enable routing and conf igure one or more routin g protocols, or you can configure the way the switch respond s to network [...]
-
Página 858
36-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring IP Addr essing Use the no ip directed-br oadcast interface conf iguration command to disable translation of directed broadcast to p hysical broadcast s. Use the no ip forward -protocol global co nfigurat ion command to remov e a [...]
-
Página 859
36-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring IP Addressing Beginni ng in pri vileg ed EXEC mode, follo w these steps to enab le forwarding UDP bro adcast packets on an interface and specify the destination address: Use the no ip helper -addr ess interface conf iguration co[...]
-
Página 860
36-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring IP Addr essing Flooding IP Broadcasts Y o u can allo w IP broadcasts to be flooded throu ghout your internetw ork in a controlled fa shion by using the database created by the br idging STP . Using this feature also prev ents loo[...]
-
Página 861
36-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring IP Addressing Beginni ng in pri vileged EXEC mod e, follow these steps to increase spanning-tree-based flooding: T o disable this feature, use the no ip forward-pr otocol turbo -flood global conf iguration comman d. Monitoring a[...]
-
Página 862
36-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Enabling IP Unicast Routing Enabling IP Unicast Routing By default, th e switch is in Layer 2 switching mo de and IP routing is disab led. T o use the Layer 3 capabilities of the switch, you must enable IP routing. Beginni ng in pri vileged [...]
-
Página 863
36-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuri ng RIP Using RIP , the switch sends routing i nformation updates (advertisements) e v ery 30 seconds. If a router does not recei ve an u pdate from another router for 180 seconds or more, it marks the ro utes served b y that route[...]
-
Página 864
36-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring RIP Configuring Basic RIP Parameters T o conf igure RIP , you enable RIP routing for a network and o ptionally conf igure oth er parameters. On the Catalyst 3560 switch, RIP con figu ration commands are ignored until you conf igu[...]
-
Página 865
36-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuri ng RIP T o turn of f the RIP r outing process, use the no r outer rip global conf iguration command. T o display the paramete rs and current state of the acti ve ro uting protocol process, use the show ip proto cols pri vileged EX[...]
-
Página 866
36-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring RIP T o restore clear text authentication, use the no ip rip authentication mode interface conf iguration command. T o pre vent authentication, use the no ip rip authentication key-chain interface confi guration command. Configur[...]
-
Página 867
36-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuri ng RIP T o disable IP summarization, us e the no ip summary-address rip router configuration command. In this exampl e, the major net is 10.0.0.0. The summary address 10.2.0.0 overrides the autosummary address of 10.0.0.0 so that [...]
-
Página 868
36-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring OSPF Configuring OSPF This section briefly describes ho w to confi gure Open Shortest Path First (OSPF). F or a complete description of the OSPF commands, see the “OSPF Commands” chapter of the Cisco IOS IP Command Refer ence[...]
-
Página 869
36-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring OSPF Default OSPF Configuration Ta b l e 36-5 shows the defaul t OSPF configuration. Ta b l e 36-5 Def ault OSPF Configuration Feature Default Setting Interface parameter s Cost: No default cost predef ined. Retransmit interv al[...]
-
Página 870
36-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring OSPF OSPF NSF Awareness The IP services image supports OSPF NSF A wareness for IPv4. When a neighboring rout er is NSF-capable, the Layer 3 switch continues to forwar d pac kets from the router be fore the backup Ro ute Processor[...]
-
Página 871
36-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring OSPF T o end an OSPF routing process, use the no r outer ospf pr ocess-id global conf iguration command . This example sho ws ho w to conf igure an OSPF routin g process and assign it a process number of 109: Switch(config)# rou[...]
-
Página 872
36-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring OSPF Use the no form of these commands to remo ve the conf igured parameter v alue or return to the default val ue . Configuring OSPF Area Parameters Y ou can optionally configure se veral OSPF area parameters. Th ese parameters [...]
-
Página 873
36-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring OSPF Beginning in priv ileged EXEC mode, foll ow these steps to configu re area parameters: Use the no form of these commands to remo ve the conf igured parameter v alue or to return to the default val ue . Configuring Other OSP[...]
-
Página 874
36-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring OSPF • V irtual links: In OSPF , all areas must be c onnected to a backbone area. Y ou can establish a virtual link in case of a backbone-co ntinuity break by configur ing two Area Border Router s as endpoints of a virtual link[...]
-
Página 875
36-31 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring OSPF Changing LSA Group Pacing The OSPF LSA group pacing feature allo ws the rout er to group OSPF LSAs an d pace the refreshing, check-summing, and aging functions for more ef f icient router use. This feature is enabled b y de[...]
-
Página 876
36-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring OSPF Configuring a Loopback Interface OSPF uses the highest IP address conf igured on the interfaces as its router ID. If this interface is down or removed, the OSPF process must recalculate a ne w router ID and resend all it s r[...]
-
Página 877
36-33 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring EIGRP Configuring EIGRP Enhanced IGRP (EIGRP) is a Cisco p roprietary enhanced v ersion of the IGRP . EIGRP uses the same distance vector algorithm and dist ance informat ion as IGRP; ho we ver , the conv ergence properties and [...]
-
Página 878
36-34 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring EIGRP is sho wn in the pack et. The reliable tran sport has a pro vision to send mul ticast packets quickly when there are u nackno wledged pack ets pending . Doing so help s ensure that con v erge nce time remains low in the pre[...]
-
Página 879
36-35 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring EIGRP T o create an EIGRP rou ting process, you must enab le EIGRP and associate ne tworks. EIGRP sends updates to the interfaces in the specif ied networks. If you do no t specify an interface netw ork, it is not adve rtised in[...]
-
Página 880
36-36 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring EIGRP Note If you hav e routers on your network that are conf igured for IGRP , and you want to change to EIGRP , you must designate transition routers th at hav e both IGRP and EIGRP conf igured. In t hese cases, perform Steps 1[...]
-
Página 881
36-37 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring EIGRP Use the no forms of these commands to disable the feature o r return the setting to the def ault v alue. Configuring EIGRP Interfaces Other optional EIGRP paramet ers can be conf igured on an int erface basis. Beginning in[...]
-
Página 882
36-38 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring EIGRP Use the no forms of these commands to disable the feature o r return the setting to the def ault v alue. Configuring EIGRP Route Authentication EIGRP route authenticat ion provides MD5 authent ication of routing up dates fr[...]
-
Página 883
36-39 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring EIGRP Use the no forms of these commands to disable the feature o r to return the setting to the default v alue. Configuring EIGRP Stub Routing The EIGRP stub routi ng feature, av ailable in all ima ges, reduces resource utili z[...]
-
Página 884
36-40 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP Figur e 36-4 EIGRP Stub Router Configuration For more inf ormation about EIGRP stub routing, see “Con figuring EIGRP Stub Routing” par t of the Cisco IOS IP Conf igurat ion Guide, V olume 2 of 3: Routing Pr otocols, Relea[...]
-
Página 885
36-41 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP detailed inform ation about BGP in Internet Rou ting Ar chitectur es, published by Cisco Press, and in the “Configuring BGP” chapter in the Cisco IP and IP Rout ing Config uration G uide from the Cisco.com page under Doc[...]
-
Página 886
36-42 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP BGP peers initi ally exch ange their full BGP rou ting tables and then send on ly incremental u pdates. BGP peers also exchange keepali v e messa ges (to ensure that the connection is up) and not ification messages (in respon[...]
-
Página 887
36-43 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP Default BGP Configuration Ta b l e 36-9 shows the basic default BGP co nfiguration. Fo r the defaults for all characteristics, see the specific commands in the Cisco IOS I P Command Refer ence , V olu me 2 of 3: Routing Pr o[...]
-
Página 888
36-44 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP Multi e xit discriminator (MED) • Always compare: Disabled. Does not comp are MEDs for paths from neighb ors in diff erent autonomous systems. • Best path compare: Disabled. • MED missing as wor st path: Disabled. • D[...]
-
Página 889
36-45 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP Nonstop Forwarding Awareness The BGP NSF A wareness feature is supported for IPv4 in the IP services image. T o enable this feature with BGP routing, you need to enable Graceful Restart. When the neighboring router is NSF-ca[...]
-
Página 890
36-46 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP Use the no router bgp autonomous-system global configu ration command to remo ve a BGP AS. Use the no network network-number router co nfiguration command to remov e the network from the BGP table. Use the no neighbor { ip-ad[...]
-
Página 891
36-47 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP Router B: Switch(config)# router bgp 200 Switch(config-router)# neighbor 129.213.1.2 remote-as 100 Switch(config-router)# neighbor 175.220.1.2 remote-as 200 Router C: Switch(config)# router bgp 200 Switch(config-router)# nei[...]
-
Página 892
36-48 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP • When soft reset generates inbo und upda tes from a neighbor , it is called dynamic inbound soft r eset . • When soft reset sends a set of updates to a neighbor , it is called outbound soft r eset . A soft inbound reset [...]
-
Página 893
36-49 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP Configuring BGP Decision Attributes When a BGP speaker receives updates from multiple au tonomous systems that de scribe different paths to the same destination, it must choose the single be st path for reachi ng that destin[...]
-
Página 894
36-50 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP Beginning in priv ileged EXEC mode, foll ow th ese steps to conf igure some decision attrib utes: Command Purpose Step 1 conf igure terminal Enter global conf igurati on mode. Step 2 router bgp autonomous-system Enable a BGP [...]
-
Página 895
36-51 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP Use the no form of each command to retu rn to the default st ate. Configuring BGP Filtering with Route Maps W ithin BGP , route maps can be used to co ntrol and to modify routing information and to def ine the conditions b y[...]
-
Página 896
36-52 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP Beginni ng in pri vileged EXEC mode, foll ow th ese steps to apply a per -neighbor route map: Use the no neighbor distribute-list command t o remov e the access list from the neighbor . Use the no neighbor route-map map-tag r[...]
-
Página 897
36-53 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP Configuring Prefix Lists for BGP Filtering Y ou can use prefix lists as an alternativ e to access lists in many BGP route f iltering commands, including the neighbor distrib ute-list router conf iguration command. The adv an[...]
-
Página 898
36-54 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP sequence number command; to reenable automatic generati on, use the ip pr efi x-list sequence number command. T o clear the hit-count table of prefix list entries, use th e clear ip pref ix-list pri vileged EXEC command. Conf[...]
-
Página 899
36-55 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP Configuring BGP Neighbors and Peer Groups Often many BGP nei ghbors are config ured with the same update policies (that is, th e same outbound route maps, distrib ute lists, fi lter lists, update source, and so on). Neighbor[...]
-
Página 900
36-56 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP Step 7 neighbor { ip-addr ess | peer -gr o up-name } default-originate [ r oute-map map-name ] (Optional) Allo w a BGP speake r (the local router) to send th e default ro ute 0.0.0.0 to a neighbor for use as a def ault route.[...]
-
Página 901
36-57 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP T o disable an e xisting BGP neighbor or neig hbor peer group, use the neighbor shutdown router confi guration command. T o enable a pre viously existi ng neighbor or neighbor peer g roup that had been disabled, use the no n[...]
-
Página 902
36-58 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP T o delete an aggregate entry , use the no aggr egate-addr ess addr ess mask router conf iguration command. T o return options to the default values, u se the command with ke ywords. Configuring Routing Domain Confederations [...]
-
Página 903
36-59 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring BGP When the route reflector receives an adv ertised route, it takes one of th ese actions, depending on the neighbor: • A route from an external BGP speak er is adve rtised to all clients and nonclient peers. • A route from[...]
-
Página 904
36-60 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring BGP T o disable flap dampen ing, use the no bgp dampening rout er conf iguration command wi thout key words. T o set dampening factors back to the def ault v alues, use the no bgp dampening router confi guration command with v al[...]
-
Página 905
36-61 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring ISO CLNS Routing Y o u can also enable the logging of messages generate d when a BGP neighbor resets, comes up, or goes down b y using t he bgp log-neighbor changes router conf iguration com mand. Configuring ISO CLNS Routing Th[...]
-
Página 906
36-62 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring ISO CLNS Routing The ke y dif ference between the ISO IGRP and IS-I S NSAP addressing schemes is in the def inition of area addresses. Both use the sys tem ID for Lev el 1 ro uting (routing wi thin an area). Howe v er , the y dif[...]
-
Página 907
36-63 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring ISO CLNS Routing • Config uring IS-IS Global P arameters, page 36-66 • Configuri ng IS-IS Interface P arameters, page 36-68 Default IS-IS Configuration Ta b l e 36-12 shows the default IS-IS configuration. Ta b l e 36-12 Def[...]
-
Página 908
36-64 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring ISO CLNS Routing Nonstop Forwarding Awareness The integrated IS-IS NSF A wareness feature is supported for IPv4, beginning with Cisc o IOS Release 12.2(25)SEG. The fe ature allo ws customer premises equipment (CPE) routers that a[...]
-
Página 909
36-65 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring ISO CLNS Routing T o disable IS-IS routing , use the no router isis ar ea- tag router configu ration command. This example shows ho w to conf igure three routers to run co n v entional IS-IS as an IP r outing protocol. In con ve[...]
-
Página 910
36-66 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring ISO CLNS Routing Configuring IS-IS Global Parameters These are so me optional IS-IS glo bal parameters that you can conf igure: • Y o u can force a def ault route into an IS-IS routing do main by conf iguring a d e f au l t r o[...]
-
Página 911
36-67 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring ISO CLNS Routing Step 9 set- overload-b it [ on-startup { seconds | wait-for -bgp }] (Optional) Set an ov erload bit (a hippity bi t) to allo w other routers to ignore the router in their shortest path f irst (SPF) calculations [...]
-
Página 912
36-68 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring ISO CLNS Routing T o disable defa ult route generat ion, use the no default-inf ormation originate router conf iguration command. Use the no area-password or no domain-passw ord router conf iguration comman d to disable passwords[...]
-
Página 913
36-69 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring ISO CLNS Routing frequently and IS-IS adjacencies are f ailing unnecessarily . Y ou can raise the hello multiplier and lo wer the hello interv al correspondingly to make th e hello pro tocol more reliable without increasing the [...]
-
Página 914
36-70 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring ISO CLNS Routing T o return to the def ault settings, use t he no forms of the commands. Monitoring and Maintaining ISO IGRP and IS-IS Y o u can remo ve al l contents of a CLNS cache or remo ve info rmation for a particul ar neig[...]
-
Página 915
36-71 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Multi-VRF CE Ta b l e 36-13 lists the pri vileged EXEC commands for clearing and displayi ng ISO CLNS and IS-IS routing. For explanations of the display fields, see the Cisco IOS Apollo Domain , Banyan VINES, DECnet, ISO CLNS an[...]
-
Página 916
36-72 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Multi-VRF CE The Catalyst 3560 switch suppo rts multiple VPN routing/forw arding (multi-VRF) instan ces in customer edge (CE) de vices (multi-VRF CE) when the switch is run ning the IP services image. If you try to confi gure it [...]
-
Página 917
36-73 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Multi-VRF CE • Provider routers or core routers are any routers in the service provider network t hat do not attach to CE de vices. W ith multi-V RF CE, multiple customers can sh are one CE, and only one physical l ink is used[...]
-
Página 918
36-74 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Multi-VRF CE T o configure VRF , you create a VRF table and specify the Laye r 3 interface associated with the VRF . Then confi gure the routing protocols in the VPN an d between the CE and the PE. BGP is the preferred routing pr[...]
-
Página 919
36-75 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Multi-VRF CE • A customer can use multiple VLANs as l ong as they do not o verlap wit h those of other customers. A customer’ s VLANs are mapped to a specific rou ting table ID t hat is used to identify the appropriate routi[...]
-
Página 920
36-76 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Multi-VRF CE Use the no ip vrf vrf-name global configuration command to dele te a VRF and to remov e all interfaces from it. Use the no ip vrf f orwarding interface conf iguration command to remove an interface from the VRF . Con[...]
-
Página 921
36-77 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Multi-VRF CE For more inf ormation about conf iguring a multicast wi thin a Multi-VRF CE, see the Cisco IOS IP Multicast Conf igur ation Guide, Release 12.4 . Configuring VRF-Aware Services IP services can be configured on globa[...]
-
Página 922
36-78 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Multi-VRF CE User Interface for PING Beginning in pri vileged EX EC mode, follo w these steps to con figure VRF-a ware services for p ing. For complete syntax and usage i nformation for the co mmands, refer to the switc h command[...]
-
Página 923
36-79 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Multi-VRF CE User Interface for uRPF uRPF can be conf igured on an interface assigned to a VRF , and source lookup is done in the VRF table. Beginni ng in pri vileged EXEC mo de, follo w these steps to confi gure VRF-a ware serv[...]
-
Página 924
36-80 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Multi-VRF CE User Interface for Traceroute Beginni ng in pri vile ged EXEC mode, follo w these st ep s to configure VRF-a ware services for traceroute. For complete syntax and usage information for t he commands, refer to the swi[...]
-
Página 925
36-81 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Multi-VRF CE Note T o conf igure an EIGRP routing process to run w ithin a VRF instance, you must co nfigure an autonomous-system nu mber by entering the autonomous-system a utonomous-system-number address-famil y configur ation[...]
-
Página 926
36-82 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Multi-VRF CE Use the no router bgp autonomous-syste m-number global conf iguration command to delete th e BGP routing process. Use the command with keyw or ds to delete routing characteristics. Multi-VRF CE Configuration Example [...]
-
Página 927
36-83 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Multi-VRF CE Switch(config)# ip vrf v11 Switch(config-vrf)# rd 800:1 Switch(config-vrf)# route-target export 800:1 Switch(config-vrf)# route-target import 800:1 Switch(config-vrf)# exit Switch(config)# ip vrf v12 Switch(config-v[...]
-
Página 928
36-84 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Multi-VRF CE Switch(config-if)# exit Conf igure OSPF routing in VPN1 and VPN2. Switch(config)# router ospf 1 vrf vl1 Switch(config-router)# redistribute bgp 800 subnets Switch(config-router)# network 208.0.0.0 0.0.0.255 area 0 Sw[...]
-
Página 929
36-85 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Multi-VRF CE Switch(config-router)# network 118.0.0.0 0.0.0.255 area 0 Switch(config-router)# end Configuring the PE Switch B When used on switch B (the PE router), these commands conf igure only the co nnections to the CE devic[...]
-
Página 930
36-86 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Protoco l-Independent Features Displaying Multi-VRF CE Status Y o u can use the pr ivile ged EXEC comman ds in Ta b l e 36-15 to display information about multi-VRF CE configuration and status. For more inf ormation about the inf[...]
-
Página 931
36-87 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Protocol-Independe nt Features cache entries are freque ntly in v alidated because of rou ting changes, which ca n cause traff ic to be process switched using the routing table, instead of fast switched using the route cache. CE[...]
-
Página 932
36-88 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Protoco l-Independent Features Configuring the Number of Equal-Cost Routing Paths When a router has two or more rout es to the same network with th e same metrics, th ese routes can be thought of as ha ving an eq ual cost. The te[...]
-
Página 933
36-89 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Protocol-Independe nt Features The switch retains static routes unti l you remov e them. Ho wev er , you can override stati c routes with dynamic routing informati on by assigning admi nistrati ve distance v alues. Each dy namic[...]
-
Página 934
36-90 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Protoco l-Independent Features Beginni ng in pri vileged EXEC mod e, follow these steps to def ine a static route to a netw ork as the static default ro ute: Use the no ip default-network network number global conf iguratio n com[...]
-
Página 935
36-91 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Protocol-Independe nt Features Y ou can also identify route-map statements as permit or deny . If the statement is marked as a deny , the packets meeting the mat ch criteria are sent ba ck through the normal forwarding channels [...]
-
Página 936
36-92 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Protoco l-Independent Features Step 9 match interface type nu mber [. ..type number ] Match the specified ne xt hop route out one of the specified interfaces. Step 10 match ip ro ute-source { access-list-number | access-list-name[...]
-
Página 937
36-93 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Protocol-Independe nt Features T o delete an entry , use the no r oute-map map tag global conf iguration command or the no match or no set route-map conf iguration commands. Y o u can distr ibute routes fro m one routing domai n[...]
-
Página 938
36-94 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Protoco l-Independent Features Configuring Policy-Based Routing Y ou can use poli cy-based routing (PBR) to configure a defined policy for traff ic flo ws. By usin g PBR, you can ha ve more co ntrol ov er routing b y reducing the[...]
-
Página 939
36-95 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Protocol-Independe nt Features • Y ou can apply a policy route map to an EtherChannel port channel in Laye r 3 mode, b ut you cannot apply a policy route map to a phys ical interface that is a member of the EtherChannel . If y[...]
-
Página 940
36-96 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Protoco l-Independent Features Packets that are generated b y the switch, or local packets, are not normally pol icy-routed. When you globally enable l ocal PBR on the switch, all p ackets that originat e on the switch are subjec[...]
-
Página 941
36-97 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Protocol-Independe nt Features Use the no route-map map-ta g global conf iguration command or t he no match or no set route-map confi guration commands to de lete an entry . Use the no ip policy r oute-map map-tag inte rface con[...]
-
Página 942
36-98 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Configuring Protoco l-Independent Features Use a network monitori ng pri vil eged EXEC command such as show ip ospf interface to ve rify the interfaces that you enabled as passi ve, or use the sho w ip interface pri vile ged EXEC command to [...]
-
Página 943
36-99 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Configuring Protocol-Independe nt Features Filtering Sources of Routing Information Because some routing information might be more accura te than oth ers, you can use f iltering to pri oritize information com ing from dif fer ent sources. A[...]
-
Página 944
36-100 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Monitoring and Main ta ining the IP Network Beginni ng in pri vileged EXEC mode, foll ow th ese steps to manage authentication k eys: T o remov e the key chain, use the no key chain name-of-chain global configur ation command. Monitoring an[...]
-
Página 945
36-101 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Config uring IP Unicast Routing Monitoring and Maintaining the IP Network show ip r oute supernet s-only Display su pernets. show ip cache Display the routin g table used to switch IP traf f ic. show r oute-map [ map-name ] Display all route maps config ured or only the [...]
-
Página 946
36-102 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 36 Configuring IP Unicast Routing Monitoring and Main ta ining the IP Network[...]
-
Página 947
CH A P T E R 37-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 37 Configuring IPv6 Unicast Routing This chapter de scribes how to configure IPv6 unicast routin g on the Cataly st 3560 switch. For info rmation about conf iguring IPv6 Mul ticast Listener Disco very (MLD) sn ooping, see Chap ter 38, “Configuring IPv6 MLD Snoopin g. ?[...]
-
Página 948
37-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Understanding IPv6 • Use the Search field to locate th e Cisco IOS software docum entation. For example, if you want informa tion about static routes, you can enter Implementing Static Routes for IPv6 in the search f ield to get this do[...]
-
Página 949
37-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Understanding IPv6 • Neighbor Disco very , page 37-4 • Defaul t Router Pref erence, page 37-4 • IPv6 Stateless Aut oconfiguration and Duplicate A ddress Detection, pa ge 37-5 • IPv6 Applications, page 37-5 • Dual IPv4 and IPv6 Pro[...]
-
Página 950
37-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Understanding IPv6 DNS for IPv6 IPv6 supports Domain Name System (DNS) r ecord types i n the DN S name-to-address and address-to-name lookup processes. The DN S AAAA re source record types support IPv6 addresses and are equi v alent to an[...]
-
Página 951
37-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Understanding IPv6 IPv6 Stateless Autoconfiguration and Duplicate Address Detection The switch uses stateless autoconfigur ation to manage link, subnet, and si te addressing changes, such as management of host and mobile IP addres ses. A ho[...]
-
Página 952
37-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Understanding IPv6 The dual IPv4 and IPv6 templates allo w the swit ch to be used i n dual stack en vironment s. • If you try to conf igure IPv6 without f irst selecting a dual IPv4 and IPv6 template, a wa rning message appears. • In [...]
-
Página 953
37-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Understanding IPv6 EIGRP for IPv6 The switch running the IP servic es image supports Enhanced Int erior Gate way Routin g Protocol (EIGRP) for IPv6. It i s conf igured on the interf aces on which it runs and does not require a g lobal IPv6 [...]
-
Página 954
37-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Understanding IPv6 For infor mation about syslog o ver IPv6, includi ng configurat ion procedures, see the “Implementing IPv6 Addressing and Basic Con n ectivity” chapter in the Cisco IOS IPv6 Conf igur ation Libr ary on Cisco.com. HT[...]
-
Página 955
37-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Configuring IPv6 • The switch cannot forward SN AP -encapsulated IPv6 packets. Note There is a similar limitation for IPv4 SN AP-encapsulated packets, but the pack ets are dropped at the switch and are not forwar ded. • The switch route[...]
-
Página 956
37-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Default IPv6 Configuration Ta b l e 37-1 shows the default IPv6 configuratio n. Configuring IPv6 Addressing and Enabling IPv6 Routing This section descri bes how to assign IPv6 addresses to indi vidual Layer 3 interf ace[...]
-
Página 957
37-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Configuring IPv6 Beginni ng in pri vileged EXEC mo de, follo w these step s to assign an IPv6 address to a Layer 3 interf ace and enable IPv6 ro uting: T o remov e an IPv6 address from an interface, use the no ipv6 address ipv6-pr e f ix/p[...]
-
Página 958
37-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Configuring IPv6 without ar guments. T o disable IPv6 processing on an interface that has not b een explicitly con figur ed with an IPv6 address, use the no ipv6 enable interface co nfigurat ion command. T o globally disable IPv6 routing[...]
-
Página 959
37-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Configuring IPv6 Use the no ipv6 nd router -preference int erface conf iguration command to disabl e an IPv6 DRP . This exampl e show s how to conf igure a DRP of high for the router on an interface. Switch# configure terminal Switch(confi[...]
-
Página 960
37-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Configuring IPv6 T o disable IPv4 routing, use the no ip routing global co nfiguratio n command. T o disable IPv6 routing, use the no ipv6 unicast-routing g lobal conf iguration command. T o re move an IPv4 address from an interface, use[...]
-
Página 961
37-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Configuring IPv6 Enabling DHCPv6 Server Function Beginning in priv ileged EXEC mode, foll ow these st eps to en able the DHCPv6 server fu nction on an interface. Command Purpose Step 1 conf igure terminal Enter global conf iguratio n mode.[...]
-
Página 962
37-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Configuring IPv6 T o delete a DHCPv6 pool, use the no ipv6 dhcp pool poolname global configuration com mand. Use th e no form of the DH CP pool configuration m ode comma nds to change the DHCPv6 pool characteristics. T o disable the DHCP[...]
-
Página 963
37-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Configuring IPv6 Switch(config-dhcpv6-vs)# suboption 1 address 1000:235D::1 Switch(config-dhcpv6-vs)# suboption 2 ascii "IP-Phone" Switch(config-dhcpv6-vs)# end Enabling DHCPv6 Client Function Beginning in priv ileged EXEC mode, [...]
-
Página 964
37-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Beginning in priv ileged EXEC mode, foll ow th ese st eps to change the ICMP rate-limiting paramet ers: T o return to the d efault conf iguration, use the no ipv6 ic mp error -interval gl obal configuration command. This[...]
-
Página 965
37-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Configuring IPv6 Beginni ng in pri vileged EXEC mode, follow these steps to conf igure an IPv6 static route: Command Purpose Step 1 configur e terminal Enter global conf iguration mode. Step 2 ipv6 route ipv6-pr ef ix/pr efix length { ipv6[...]
-
Página 966
37-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Configuring IPv6 T o remov e a configured static route, use the no ipv6 r oute ipv6-pr efix/pr efix length { ipv6-addr ess | interface- id [ ipv6-addr ess ]} [ administrative distance ] global conf iguration command. This example shows h[...]
-
Página 967
37-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Configuring IPv6 T o disable a RIP routing process, use the no ipv6 router rip name global con figuration command. T o disable the RIP rou ting proce ss for an interface, use the no ipv6 rip name in terface conf iguration command. This e x[...]
-
Página 968
37-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Beginning in pri vile ged EXEC mode, follo w these re quired and optional st ep s to configure IPv6 OSPF: Command Purpose Step 1 configur e terminal Enter global conf igurat ion mode. Step 2 ipv6 router ospf pr ocess-id [...]
-
Página 969
37-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Configuring IPv6 T o disable an OSPF routing process, use the no ipv6 r outer ospf pr ocess-id global configurati on command. T o disable the OSPF routing process for an interf ace, use the no ipv6 ospf pr ocess-id ar ea ar ea-id interface[...]
-
Página 970
37-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Configuring IPv6 Enabling HSRP Version 2 Beginni ng in pri vileg ed EXEC mode, follo w these steps to enable HSRP v ersion 2 on a Layer 3 interface. Enabling an HSRP Group for IPv6 Beginni ng in pri vileged EXEC mode, fol lo w these st e[...]
-
Página 971
37-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Displaying IPv6 Use the no standby [ gr oup-number ] ipv6 interf ace conf iguration command to di sable HSRP for IPv6. This exampl e show s how to acti vate HSRP for IPv6 for gr oup 1 on a port. The IP address used by the hot standb y grou[...]
-
Página 972
37-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Displaying IPv6 Ta b l e 37-2 shows the pri vile ged EXEC commands for monitor ing IPv6 on the switch. Ta b l e 37-3 shows the pri vile ged EXEC command for displaying EIGRP IPv6 i nformation. Table 37-4 shows the privileged EXEC command[...]
-
Página 973
37-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Displaying IPv6 This is an example of the output from the show ipv6 interface pri vile ged EXEC command: Switch# show ipv6 interface Vlan1 is up, line protocol is up IPv6 is enabled, link-local address is FE80::20B:46FF:FE2F:D940 Global un[...]
-
Página 974
37-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Displaying IPv6 This is an example of the output from the show ipv6 rip pri vile ged EXEC command: Switch# show ipv6 rip RIP process "fer", port 521, multicast-group FF02::9, pid 190 Administrative distance is 120. Maximum path[...]
-
Página 975
37-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Configuring IPv6 Unicast Routing Displaying IPv6 0 group query, 0 group report, 0 group reduce 1 router solicit, 0 router advert, 0 redirects 0 neighbor solicit, 0 neighbor advert Sent: 10112 output, 0 rate-limited unreach: 0 routing, 0 admin, 0 neighbor, 0 address, 0 por[...]
-
Página 976
37-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 37 Co nfig uring IPv6 Unicast Routing Displaying IPv6[...]
-
Página 977
CH A P T E R 38-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 38 Configuring IPv6 MLD Snooping Y ou can use Multicast Listen er Disco very (MLD) s nooping to enab le ef fici ent distrib ution of IP ver si on 6 (IPv6) multicast data to clients and routers in a switched netw ork on the Catalyst 3560 sw itch. Note T o use IPv6, you mu[...]
-
Página 978
38-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Config uring IPv6 MLD Snooping Understanding MLD Snooping The switch supp orts two versions of MLD snooping: • MLDv1 snooping detect s MLDv1 control packet s and sets up traf fic br idging based on IPv6 destination multicast addresses. • MLDv2 basic snooping (MBSS) use[...]
-
Página 979
38-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Configuring IPv6 MLD Sn ooping Understanding MLD Sno oping When MLD snooping is disabled , all MLD queries are flooded in the i ngress VLAN. When MLD snooping is enabled, re cei ved MLD queries are flooded in the ingress VLAN, and a copy of the query is sent to the CPU for[...]
-
Página 980
38-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Config uring IPv6 MLD Snooping Understanding MLD Snooping MLD Reports The processing of MLDv1 join messages is e ssent ially the same as with IGMPv2 . When no IPv6 multicast routers are detected in a VLAN, reports are not processed or forwarded from the switch. When IPv6 m[...]
-
Página 981
38-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Configuring IPv6 MLD Sn ooping Configuring IPv6 MLD Snooping confi guration command. The def ault is to send tw o queries. The switch also generates MLDv 1 global Done messages with v alid link-local IPv6 source addre sses when the switch becomes the STP root in th e VLAN [...]
-
Página 982
38-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Config uring IPv6 MLD Snooping Configuring IPv6 MLD Snooping MLD Snooping Configuration Guidelines When config uring MLD snooping, consider these guidelines: • Y o u can conf igure MLD snooping characteristics at any t ime, but you mu st globally enable MLD snooping b y [...]
-
Página 983
38-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Configuring IPv6 MLD Sn ooping Configuring IPv6 MLD Snooping T o disable MLD snooping on a VLAN interface, use the no ipv6 mld snooping vlan vlan -id global confi guration command for t he specifi ed VLAN number . Configuring a Static Multicast Group Hosts or Layer 2 ports[...]
-
Página 984
38-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Config uring IPv6 MLD Snooping Configuring IPv6 MLD Snooping Switch(config)# end Configuring a Multicast Router Port Although MLD snooping learns about router port s through MLD queri es and PIMv6 queries, you can also use the command-line in terface (CLI) to add a mu ltic[...]
-
Página 985
38-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Configuring IPv6 MLD Sn ooping Configuring IPv6 MLD Snooping T o disable MLD Immediate Leave on a VLAN, use the no ipv6 mld snooping vlan vlan-id immediat e-leav e global conf iguration command. This e xample sho ws ho w to enab le MLD Immediat e Leav e on VLAN 130 : Switc[...]
-
Página 986
38-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Config uring IPv6 MLD Snooping Configuring IPv6 MLD Snooping This example sho ws how to set the MLD sn ooping glo bal robustness v ariable to 3: Switch# configure terminal Switch(config)# ipv6 mld snooping robustness-variable 3 Switch(config)# exit This exampl e show s ho[...]
-
Página 987
38-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Configuring IPv6 MLD Sn ooping Displaying MLD Snooping Information Beginning in priv ileged EXEC mode, foll ow these steps to disabl e MLD listener message suppression: T o re-enable MLD message suppression, use the ipv6 mld snooping liste ner-message-suppr ession global [...]
-
Página 988
38-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 38 Config uring IPv6 MLD Snooping Displayi ng MLD Sn ooping Information show ipv6 mld snooping multicast-addr ess [ vlan vlan-id ] [ count | dynamic | user ] Display all IPv6 multicast address information or specif ic IPv6 multicast address informat ion for the switch or a V[...]
-
Página 989
CH A P T E R 39-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 39 Configuring IPv6 ACLs This chapter includ es information about conf iguring IPv6 A CLs on the Catalyst 3560 switch. Y ou can filt er IP ve rsion 6 (IPv6) traff ic by creating IPv6 access co ntrol lists (A CLs) and applying them to interfaces similarly to t he way th a[...]
-
Página 990
39-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 39 Configuring IPv6 A CLs Understanding IPv6 ACLs Understanding IPv6 ACLs A switch image supports tw o types of IPv6 A CLs: • IPv6 router A CLs – Supported on out bound or inbound traffic on Layer 3 interfaces, which can be ro uted ports, switch virtual interf aces (SVIs)[...]
-
Página 991
39-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 39 Configuring IPv6 ACLs Configuring IPv6 ACLs • If the switch runs out of TCAM space, packets associated with the A CL label are forwarded to the CPU, and the A CLs are applied in software. • Routed or bridged pack ets with hop-b y-hop options ha ve IPv6 A CLs applied in[...]
-
Página 992
39-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 39 Configuring IPv6 A CLs Configuring IPv6 ACLs Step 3 Apply the IPv6 A CL to an interface. For router A CLs, you must also configure an IPv 6 address on the Layer 3 inte rface to which the ACL is applied. These sections describe ho w to conf igure and apply IPv6 A CLs: • D[...]
-
Página 993
39-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 39 Configuring IPv6 ACLs Configuring IPv6 ACLs Step 3a deny | permit pr otocol { sour ce-ipv6-pr efix / pr efix-lengt h | any | host sour ce-ipv6-addr ess } [ operator [ p ort-number ]] { destination-ipv6 -pr ef ix / pr ef ix-length | any | host destination- ipv6-addr ess } [[...]
-
Página 994
39-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 39 Configuring IPv6 A CLs Configuring IPv6 ACLs Step 3b deny | permit tcp { sour ce-ipv6-pr ef ix / pr efix-lengt h | any | host sour ce-ipv6-addr ess } [ operator [ p ort-number ]] { destination-ipv6 - pr ef ix / pr ef ix-lengt h | any | host destination-ipv6-addr ess } [ op[...]
-
Página 995
39-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 39 Configuring IPv6 ACLs Configuring IPv6 ACLs Use the no deny | permit IPv6 access-list conf iguration commands w ith ke ywords to remo ve the den y or permit conditions from the specified access list. This example configures the I Pv6 access list nam ed CISCO. The f irst de[...]
-
Página 996
39-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 39 Configuring IPv6 A CLs Displaying IPv6 ACLs Displaying IPv6 ACLs Y ou can display information about all configured access lists, all IPv6 access lists, or a specific access list by u sing one or more of th e pri vileged EXEC commands in Ta b l e 39-1 . This is an example o[...]
-
Página 997
CH A P T E R 40-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 40 Configuring HSRP This chapter de scribes how to use Hot Standby Router Prot ocol (HSRP) on the Ca talyst 3560 switch to provid e routing redundan cy for rou ting IP traf f ic not dependent on the a v ailability of any single ro uter . T o use HSRP for IPv6, see Chapte[...]
-
Página 998
40-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Understanding HSRP Note Routers in an HSRP group can be an y router interf ace that supports HSRP , including Catalyst 3560 routed ports and switch v irtual interfaces (SVIs). HSRP pro vides high network a v ailability b y provi ding redundancy fo r IP tra[...]
-
Página 999
40-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Understanding HSRP Figur e 40-1 T ypical HSRP Configuration HSRP Versions Cisco IOS Release 12.2(46)SE and lat er support these Hot Standb y R ed un d an c y Protocol (HSRP) ver si ons : • HSRPv1—V ersion 1 of the HSRP , the default v ersion of HSRP . [...]
-
Página 1000
40-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP Multiple HSRP The switch supports Multiple HSRP (MHSRP), an e xtension of HSRP th at allo ws load sharing bet ween two or more HSRP groups. Y ou can conf igure MHSRP to achie ve load balancing and to use tw o or more standby gro ups (and p[...]
-
Página 1001
40-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP • Config uring MHSRP , page 40-10 • Config uring HSRP Authenti cation and T imers, page 40-10 • Enabling HSRP Supp ort for IC MP Redirect Messages, page 40 -12 • Config uring HSRP Groups and Cl ustering, page 40-12 • T roubleshoo[...]
-
Página 1002
40-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP • In the configuration p rocedur es, the specified interface must be a Layer 3 interface: – Routed port: a ph ysical port conf igured as a Layer 3 port b y entering th e no switchport interface con figuration command. – SVI: a VLAN i[...]
-
Página 1003
40-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP Use the no standby [ gr oup-number ] ip [ ip-addr ess ] in terface conf iguration command to disable HSRP . This exampl e show s how to activ ate HSRP f or group 1 on an interface. The IP address used by the hot standby gr oup is learned b[...]
-
Página 1004
40-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP When config uring HSRP priority , follow these guidelin es: • Assigning a prio rity allo ws you to select the act i ve and standb y routers. If preemption is enabled, the router with the highest prio rity becomes the activ e router . If [...]
-
Página 1005
40-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP Use the no standby [ gr oup-number ] priority priority [ pr eempt [ delay dela y ]] and no standby [ gr oup-num ber ] [ priority priority ] pr eempt [ delay delay ] interface conf iguration commands to restore default pri ority , preempt, [...]
-
Página 1006
40-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP Configuring MHSRP T o enable MHSRP and load balancing, you conf igure two rou ters as acti ve routers for thei r groups, with virtual router s as standb y routers. This e xample sho ws ho w to enable the MHSRP conf iguration sho wn in Fig[...]
-
Página 1007
40-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP Beginni ng in pri vileged EXEC mod e, use one or more of these steps to con figur e HSRP authentication and timers on an interface: Use the no standby [ gr oup-number ] authenti cation string interface configuration co mmand to delete an [...]
-
Página 1008
40-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Configuring HSRP Enabling HSRP Support for ICMP Redirect Messages In releases earlier than Cisco IOS R elease 12.2 (18)SE, ICMP (Internet Control Message Protocol ) redirect messages were automaticall y disabled on interfaces configur ed with HSRP . ICM P[...]
-
Página 1009
40-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Displaying HSRP Configurations Displaying HSRP Configurations From pri vileged EXEC mode, use this command to display HSRP setti ngs: show standby [ interf ace-id [ gr oup ]] [ brief ] [ detail ] Y o u can display HSRP information for the whole switch, fo[...]
-
Página 1010
40-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 40 Configuring HSRP Displaying HSRP Configurati ons[...]
-
Página 1011
CH A P T E R 41-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 41 Configuring Cisco IOS IP SLAs Operations This chapter describes ho w to use Cisco IOS IP Service Le vel Agreements (SLAs) on the Cat alyst 3560 switch. Cisco IP SLAs is a part of Cisco I OS software that allo ws Cisco customers to analyze IP service le vels for IP app[...]
-
Página 1012
41-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Config uring Cisco IOS IP SLAs Operations Understanding Cisco IOS IP SLAs Depending on the specif ic Cisco IOS IP SLAs oper ation, v ariou s network pe rformance statistics are monitored within the Cisc o de vice and stored in both command-l ine interface (CLI) and Simple [...]
-
Página 1013
41-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Configuring Cisco IOS IP SLAs Operations Understanding Cisco IOS IP SLAs Using Cisco IOS IP SLAs to Measure Network Performance Y o u can use I P SLAs to monitor the per formance be tween an y area in the net work—core, dist ribut ion, and edge—wit hout deploying a phy[...]
-
Página 1014
41-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Config uring Cisco IOS IP SLAs Operations Understanding Cisco IOS IP SLAs IP SLAs Responder and IP SLAs Control Protocol The IP SLAs responder is a componen t embedded in the dest ination Cisco devi ce that allo ws the system to anticipate and respond to IP SLAs request pa[...]
-
Página 1015
41-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Configuring Cisco IOS IP SLAs Operations Understanding Cisco IOS IP SLAs Figur e 41 -2 Cisco IOS IP SLAs Responder Time Stamping An additional benef it of the two time stamp s at the ta rget devi ce is the ability to track one- way delay , jitter , and directional packet l[...]
-
Página 1016
41-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Config uring Cisco IOS IP SLAs Operations Configuring IP SLAs Operations • One-way mean op inion score (MO S) • One-way latenc y An IP SLAs threshold violation can also trigger another IP SLAs op eration for further analysis. F or exam ple, the frequenc y could be incr[...]
-
Página 1017
41-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Configuring Cisco IOS IP SLAs Operations Configuring IP SLAs Operations For detailed descriptions and conf iguration procedures, see the Cisco IOS IP SLAs Conf igur ation Guide , Release 12.4T at this URL: http://www .cisco.com/en/US/docs/ios/ipsla/con figurat ion/guide/12[...]
-
Página 1018
41-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Config uring Cisco IOS IP SLAs Operations Configuring IP SLAs Operations Configuring the IP SLAs Responder The IP SLAs responder is av ailable on ly on Cisco IOS software-based de vices, including some Layer 2 switches that do not suppo rt full IP SLAs functionali ty , suc[...]
-
Página 1019
41-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Configuring Cisco IOS IP SLAs Operations Configuring IP SLAs Operations In addition to mon itoring jitter , the IP SLAs UDP ji tter operation can be used as a multipurpose data gathering operation. The packets IP SLAs genera tes carry packet sendi ng and recei ving sequenc[...]
-
Página 1020
41-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Config uring Cisco IOS IP SLAs Operations Configuring IP SLAs Operations Step 3 udp-jitter { destination-ip-addr ess | destination -hostname } destination-port [ sour ce-ip { ip-addr ess | hostnam e }] [ source-port port-numb er ] [ control { ena ble | disable }] [ num-pa[...]
-
Página 1021
41-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Configuring Cisco IOS IP SLAs Operations Configuring IP SLAs Operations T o d is a bl e th e IP S L As operation, enter the no ip sla operation-n umber global conf iguration command. This e xample sho ws ho w to conf igure a U DP jitter IP SLAs ope ration: Switch(config)#[...]
-
Página 1022
41-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Config uring Cisco IOS IP SLAs Operations Configuring IP SLAs Operations Note This operation does not require th e IP SLAs responder to be enabled. Beginni ng in pri vileged EXEC mode, foll ow th ese steps to configure an ICMP echo operation on the source device: Command [...]
-
Página 1023
41-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Configuring Cisco IOS IP SLAs Operations Monitoring IP SLAs Operations T o disable the IP SLAs operatio n, enter the no ip sla oper ation-number gl obal configurati on command. This exampl e show s how to conf igure an ICMP echo IP SLAs operat ion: Switch(config)# ip sla [...]
-
Página 1024
41-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 41 Config uring Cisco IOS IP SLAs Operations Monitoring IP SLAs Operations Ta b l e 41 -1 Monit or ing IP SLAs Oper ations Command Purpose show ip sla application Display global informati on about Cisco IOS IP SLAs. show ip sla authentication Display IP SLAs authentication i[...]
-
Página 1025
CH A P T E R 42-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 42 Configuring Enhanced Object Tracking This chapter describe s how to conf igure enhance d object tracking o n the Catalyst 3560 switch. This feature provides a more comple te alternative to the Hot Stan dby Routing Proto col (HSRP) tr acking mechanism. which allows you[...]
-
Página 1026
42-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configu ring Enhanced Object Track ing Configuring Enh anced Object Trac king Features Configuring Enhanced Object Tracking Features These sections describe conf igur ing enhanced object tracking: • Default Co nfig uration, page 42-2 • T racking Interface Line-Prot oco[...]
-
Página 1027
42-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configuring Enhan ced Object Tracking Configuring Enhanced Obje ct Tracking Features This example configures the tracki ng of an in terface line-protoco l st ate and verifi es the configuration: Switch(config)# track 33 interface gigabitethernet 1/0/1 line-protocol Switch([...]
-
Página 1028
42-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configu ring Enhanced Object Track ing Configuring Enh anced Object Trac king Features Beginning in priv ileged EXEC mode, foll ow th ese st eps to configure a tracked list of objects with a Boolean e xpression: Use the no track trac k-number glob al config uration command[...]
-
Página 1029
42-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configuring Enhan ced Object Tracking Configuring Enhanced Obje ct Tracking Features Beginni ng in pri vile ged EXEC mode, follo w these steps t o conf igure a tracked list of objects b y using a weight threshold an d to conf igure a weight for each object: Use the no trac[...]
-
Página 1030
42-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configu ring Enhanced Object Track ing Configuring Enh anced Object Trac king Features Beginni ng in pri vile ged EXEC mode, follo w these steps t o conf igure a tracked list of objects b y using a percentage th reshold: Use the no track trac k-number glob al config uratio[...]
-
Página 1031
42-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configuring Enhan ced Object Tracking Configuring Enhanced Obje ct Tracking Features Configuring HSRP Object Tracking Beginni ng in pri vileged EXEC mode, follo w these steps to conf igure a standb y HSRP group to track an object and ch ange the HSRP p rio rity based on th[...]
-
Página 1032
42-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configu ring Enhanced Object Track ing Configuring Enh anced Object Trac king Features Configuring Other Tracking Characteristics Y ou can also use the enhanced obje ct trac king for tracking ot her characteristics . • Y ou can track the reachability of an IP route by us[...]
-
Página 1033
42-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configuring Enhan ced Object Tracking Configuring Enhanced Obje ct Tracking Features Configuring IP SLAs Object Tracking Cisco IOS IP Service Le vel Agreements (IP SL As) is a network performance measur ement and diagnostics tool that uses acti v e monitoring by gene ratin[...]
-
Página 1034
42-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configu ring Enhanced Object Track ing Configuring Enh anced Object Trac king Features Latest operation return code: over threshold Latest RTT (millisecs) 4 Tracked by: HSRP Ethernet0/1 3 This exampl e output sho ws wh ether a route is reachable: Switch(config)# track 3 5[...]
-
Página 1035
42-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configuring Enhan ced Object Tracking Configuring Enhanced Obje ct Tracking Features Beginni ng in pri vileged EXEC mode, follow these steps to conf igure a primary interf ace for DHCP: Configuring a Cisco IP SLAs Monitoring Agent and Track Object Beginni ng in pri vilege[...]
-
Página 1036
42-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configu ring Enhanced Object Track ing Monitoring Enhanced Ob ject Tracking Configuring a Routing Policy and Default Route Beginni ng in pri vileged EXEC mode, follo w these steps to conf igure a routing polic y for backup static routing by using object tracking. F or mor[...]
-
Página 1037
42-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configuring Enhan ced Object Tracking Monitoring Enhanced Ob ject Tracking show track brief Display a single line of tracking informat ion output. show track interface [ brief ] Display informatio n about tracked interf ace objects. show track ip [ object-num ber ] [ brie[...]
-
Página 1038
42-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 42 Configu ring Enhanced Object Track ing Monitoring Enhanced Ob ject Tracking[...]
-
Página 1039
CH A P T E R 43-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 43 Configuring Web Cache Services By Using WCCP This chapter describe s how to conf igure your Ca talyst 3560 switch to re direct traff ic to wide-area application engines (such as the Cisco Cache En gine 550) by using the W eb Cache Communication Protocol (WCCP). This s[...]
-
Página 1040
43-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Cac he Services By Using WCCP Understanding WCCP WCCP enables supported Cisco routers and switches to transparently redirect content requests. Wi th transparent redirection, users do no t hav e to conf igure their bro wsers to use a web proxy . Instead, the[...]
-
Página 1041
43-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Ca che Services By Using WCCP Understanding WCCP WCCP Negotiation In the exchange of WCCP protocol messages, the designated appl ication engi ne and the WCCP-en abled switch nego tiate these items: • Forw arding method (the method b y which the swit ch fo[...]
-
Página 1042
43-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Cac he Services By Using WCCP Understanding WCCP Y o u can conf igure up to 8 serv ice groups on a switch or switch stack and up to 32 cache engines per service group. WCCP maintains the prior ity of the se rvice group in the group definit ion. WCCP uses th[...]
-
Página 1043
43-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Ca che Services By Using WCCP Configuring WCCP Configuring WCCP These sections describe ho w to conf igure WCCP on y our switch: • Defaul t WCCP Conf iguration, page 43-5 • WCCP Conf iguration Guidel ines, page 43-5 • Enabling the W eb Cache Serv ice,[...]
-
Página 1044
43-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Cac he Services By Using WCCP Configuring WCCP • Y ou cannot conf igure WCCP a nd a pri v ate VL AN (PVLAN) on the same switch interface. Enabling the Web Cache Service For WCCP packet redirection to operate, you must co nfigure the switch interface conne[...]
-
Página 1045
43-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Ca che Services By Using WCCP Configuring WCCP T o disable the web cache service, use the no ip wccp web-cache global configurat ion command. T o disable inbound pack et redirection, use the no i p wccp web-cache redir ect in interf ace conf iguration comma[...]
-
Página 1046
43-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Cac he Services By Using WCCP Configuring WCCP Switch(config-if)# ip address 175.20.30.20 255.255.255.0 Switch(config-if)# no shutdown Switch(config-if)# ip wccp web-cache redirect in Switch(config-if)# exit Switch(config)# interface gigabitethernet0/4 Swit[...]
-
Página 1047
43-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Ca che Services By Using WCCP Monitoring and Maintaining WCCP Switch(config-if)# ip wccp web-cache redirect in Switch(config-if)# exit Switch(config)# interface range gigabitethernet0/3 - 6 Switch(config-if-range)# switchport mode access Switch(config-if-ra[...]
-
Página 1048
43-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 43 Configuring Web Cac he Services By Using WCCP Monitoring and Maintaining WCCP[...]
-
Página 1049
CH A P T E R 44-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 44 Configuring IP Multicast Routing This chapter describes how to conf i gure IP mul ticast routing on the Cataly st 3560 switch. IP mu lticasting is a more ef f icient way to use netw ork resources, es pecially for bandwid th-inte nsiv e services such as audio and video[...]
-
Página 1050
44-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Understanding Cisco’s Impleme ntation of IP Multicast Routing Understanding Cisco’s Implementation of IP Multicast Routing The Cisco IOS software supports these pr otocols to implement IP multicast routing: • Internet Group Managemen[...]
-
Página 1051
44-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Understanding Cisco’s Implementa tion of IP Multicast Routing Understanding IGMP T o participate in IP multicasting, multicast hosts, routers, and multilayer switches must ha ve the IGMP operating. This protocol def ines the querier and [...]
-
Página 1052
44-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Understanding Cisco’s Impleme ntation of IP Multicast Routing Understanding PIM PIM is called pr otocol-independe nt : reg ardless of the unicast routi ng protocols used to populate the unicast routing table, PIM uses this infor mation t[...]
-
Página 1053
44-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Understanding Cisco’s Implementa tion of IP Multicast Routing When a new recei ver on a pre viously pruned b ranch of the tree joins a multi cast group, th e PIM DM dev ice detects the ne w receiv er and immediately sends a graft messag [...]
-
Página 1054
44-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Understanding Cisco’s Impleme ntation of IP Multicast Routing The PIM stub feature is enforced in the IP base image. If you upgrade t o a higher software v ersion, the PIM stub conf iguration remains until you reconf igure the interfaces[...]
-
Página 1055
44-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Understanding Cisco’s Implementa tion of IP Multicast Routing Mapping agents periodical ly multicast the contents of their Grou p-to-RP mapping caches. Thus, all routers and switches automatically disco ver which RP to use for the groups[...]
-
Página 1056
44-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Understanding Cisco’s Impleme ntation of IP Multicast Routing 3. If the RPF check fails, th e packet i s discarded. Some multicast rout ing protocols, such as D VMRP , maintain a separate multicast routing table and use it for the RPF ch[...]
-
Página 1057
44-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing Cisco routers and multilayer sw itches run PIM and can forw ard multicast packet s to and receiv e from a D VMRP neighbor . It is also possible to propag ate D VMRP routes in to and through a PIM cloud. The[...]
-
Página 1058
44-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing • Using Auto-RP an d a BSR, page 44-33 (req uired for non-Cisco PIMv2 de vices to interoperate with Cisco PIM v1 de vices)) • Monitoring the RP Map ping Information, page 44-33 (optional) • T roubles[...]
-
Página 1059
44-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing a proprietary Cisco protoco l. PIMv2 is a standards track protocol in the I ETF . W e recommend that you use PIMv2. The BSR mechanism interoperates wi th Au to-RP on Cisco routers and multilay er switches.[...]
-
Página 1060
44-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing Y ou can configure an interface to be in PIM dense mode, sparse mode, or sparse-dense mode. The switch populates its multicast r outing table and forw ards multicast packets it receiv es from its directly [...]
-
Página 1061
44-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing T o disable multicast ing, use the no ip multicast-r outing distribut ed global configurat ion command. T o return to the defaul t PIM version, use the no ip pim version interf ace configuration command. T[...]
-
Página 1062
44-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing How SSM Differs from Inte rnet Standard Multicast The current IP multicast infrastructure in the Intern et and man y enterprise i ntranets is based on the PIM-SM protocol and Multicast Source Disco very Pr[...]
-
Página 1063
44-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing • No MSDP source-activ e (SA) messages within the SSM range are accepted, generated, or forwarded. IGMPv3 Host Signalling In IGMPv3, hosts signal membership to last hop routers of mul ticast groups. Host[...]
-
Página 1064
44-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing State Maintenance Limitations In PIM-SSM, the last hop router continues to periodicall y send (S, G) join messages if appro priate (S, G) subscriptions are on the interfaces. Therefore, as long as receiv e[...]
-
Página 1065
44-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing • Config uration Guidelines, page 44-17 • SSM Mapping Ov erview , page 44-17 • Config uring SSM Mapping, p age 44-19 • Monitoring SSM Mapping, page 44-21 Configuration Guidelines These are the SSM [...]
-
Página 1066
44-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing SSM mapping enables the last hop rou ter to deter mine the source addresses either by a statically confi gured table on the router or throug h a DNS serv er . When the st atically co nfigu red table or t h[...]
-
Página 1067
44-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing switchover mechanism. One vide o source is activ e, and the ot her backup video source is passiv e. The passiv e source w aits until an activ e source f ailure is detected before sending the video traf fic[...]
-
Página 1068
44-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing Go to this URL to see SSM mapping conf igurati on examples: http://www .cisco.com/en/ US/products/sw/iosswrel/ ps5207/products_feature _guide09186a00801a6d 6f. html Configuring DNS-Based SSM Mapping T o co[...]
-
Página 1069
44-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing Beginni ng in pri vileged EXEC mo de, follo w these steps to conf igure static traf f ic forwardi ng with SSM mapping: Monitoring SSM Mapping Use the privile ged EXEC commands in Ta b l e 44-3 to monitor S[...]
-
Página 1070
44-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing Configuring PIM Stub Routing The PIM Stub routing feature support s multicast ro uting between the distribution layer and the access layer . It supports two types of PIM interf aces, uplink PIM interfaces,[...]
-
Página 1071
44-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing Switch(config)# interface vlan100 Switch(config-if)# ip pim passive Switch(config-if)# exit Switch(config)# interface GigabitEthernet0/20 Switch(config-if)# ip pim passive Switch(config-if)# exit Switch(co[...]
-
Página 1072
44-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing Senders of multicast tr af fic anno unce their existence through register messages recei ved from the source first- hop router (designated ro uter) and forwarded to the RP . Receiv ers of multicast packets[...]
-
Página 1073
44-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing T o remov e an RP address, use the no ip pim rp-address ip-ad dr ess [ access-list-number ] [ override ] global conf iguratio n command. This exampl e shows ho w to conf igure the add ress of the RP to 147[...]
-
Página 1074
44-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing Beginni ng in pri vileged EXEC mode, follo w these steps to deplo y Auto-RP in an existing sparse- mode cloud. This procedure is opti onal. Command Purpose Step 1 show running-conf ig V erify that a def au[...]
-
Página 1075
44-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing T o remov e the PIM device conf igured as the candidate RP , use the no ip pim send-rp-announce interface- id global co nfiguratio n command. T o remove the switch as the RP-mapping agent, use the no ip pi[...]
-
Página 1076
44-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing Filtering Incoming RP An nouncement Messages Y o u can add con figurati on commands to the mapping agent s to pre vent a malici ously config ured router from masquerading as a candid at e RP and causing pr[...]
-
Página 1077
44-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing This exampl e show s a sample confi guration on an Auto-RP mapping agent that is u sed to pre vent candidate RP announcements fro m being ac cepted from unauthorized candidate RPs: Switch(config)# ip pim r[...]
-
Página 1078
44-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing T o remove the PIM border , use the no ip pim bsr -border interface co nfiguratio n command. Figur e 44-5 Constraining PIMv2 BSR Messag es Defining the IP Multicas t Boundary Y o u def ine a multicast bou [...]
-
Página 1079
44-31 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing T o remov e the boundary , use the no ip multicast boundary interf ace config uration command. This exampl e show s a portion of an IP multi cast boundary conf iguration that denies Auto-RP inform ation: S[...]
-
Página 1080
44-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring IP Multicast Routing Configuring Candidate RPs Y o u can conf igure one or more can didate RPs. Similar to BSRs, the RPs should also ha ve g ood connectivity to other devices and b e in the backbone portio n of the network. An[...]
-
Página 1081
44-33 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring IP Multicast Routing This exampl e show s how to configu re the switch to advertise itself as a candidate RP to the BSR in its PIM domain. Standard access list number 4 specifies th e group prefix associated with the RP that h[...]
-
Página 1082
44-34 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Adva nced PIM Features Troubleshooting PIMv1 and PIMv2 Interoperability Problems When debug ging interoperabilit y problems between PIMv1 and PIMv2, check these in the order shown: 1. V erify RP mapping with the show ip pim rp[...]
-
Página 1083
44-35 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Advanced PIM Feature s This process describes the move from a shared tree to a source tree: 1. A receiver joins a group; leaf Ro uter C sends a join message toward the RP . 2. The RP puts a link to Router C in its o utgoing in[...]
-
Página 1084
44-36 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Adva nced PIM Features Beginning in priv ileged EXEC mode, foll ow th ese steps to conf igure a traff ic rate threshold that must be reached before multicast routing is switched fro m the source tree to the shortest-path tree.[...]
-
Página 1085
44-37 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Optional IGM P Features W ith PIM DM operation , the DR has meaning only if IGMPv1 is i n use. IGMPv1 does not hav e an IGMP querier election process, so the elected DR functions as the IGMP querier . Wi th PIM SM operation, t[...]
-
Página 1086
44-38 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Optio nal IGMP Features Default IGMP Configuration Ta b l e 44-4 shows the def ault IGMP conf iguration. Configuring the Switch as a Member of a Group Y o u can conf igure the switch as a member of a multi cast group and disco[...]
-
Página 1087
44-39 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Optional IGM P Features This exampl e show s how to en able the switch to join multicast gro up 255.2.2.2: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ip igmp join-group 255.2.2.2 Controlling Access to IP M[...]
-
Página 1088
44-40 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Optio nal IGMP Features Changing the IGMP Version By default, th e switch uses IGMP V ersion 2, which pro vides featu res such as t he IGMP query time out and the maximum query response time. All systems on the subnet must sup[...]
-
Página 1089
44-41 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Optional IGM P Features Beginning in priv ileged EXEC mode, foll ow these steps to modify the host-query interv al. This procedure is optional. T o return to the def ault setting, use the no ip igmp query- interval interf ace [...]
-
Página 1090
44-42 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Optio nal IGMP Features Changing the Maximum Query Response Time for IGMPv2 If you are us ing IGMPv2, you can change the m aximum query response time ad vertised in IGMP queries. The maximum query respon se time enables the sw[...]
-
Página 1091
44-43 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Optional Multicast Rou ting Features T o remov e the switch as a member of the g roup, use the no ip igmp static-group gr oup-addr ess interface configuration command. Configuring Optional Multicast Routing Features These sect[...]
-
Página 1092
44-44 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Optional Multicast Routing Features T o disable CGMP on the interface, use the no ip cgmp interface conf iguration command. When multiple Cisco CGMP-capable devices are connected to a switched network and the ip cgmp proxy com[...]
-
Página 1093
44-45 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Optional Multicast Rou ting Features Enabling sdr List ener Support By default, the switch d oes not listen to session directory adv ertisements. Beginni ng in pri vileged EXEC mo de, follo w these steps to enable the switch t[...]
-
Página 1094
44-46 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Optional Multicast Routing Features administrati vely-scoped b oundary on a routed interface, multicast traf f ic whose multicast group addresses fall in this range can not enter or exit this interface, th ereby providing a fi[...]
-
Página 1095
44-47 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Basic DVMRP Interopera bility Features Beginni ng in pri vileged EXEC mode, fo llow t hese step s to set up an administrati vely- scoped boundary . This procedure is optional. T o remov e the boundary , use the no ip multicast[...]
-
Página 1096
44-48 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Basic DVMRP Interoperabi lity Features Configuring DVMRP Interoperability Cisco multicast routers and mul tilayer switch es us ing PIM can interoperate wi th non-Cisco multicast routers that use the D VMRP . PIM de vices dynam[...]
-
Página 1097
44-49 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Basic DVMRP Interopera bility Features T o disable the metric or route map, u se the no ip dvmrp metric metric [ list access-list-number ] [[ pr otocol pr ocess-id ] | [ dvmrp ]] or the no ip dvmr p metric metric route-map map[...]
-
Página 1098
44-50 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Basic DVMRP Interoperabi lity Features Configuring a DVMRP Tunnel The software support s D VMRP tunnels to the MBONE. Y ou can configure a D VMRP tunnel on a router or multil ayer switch if the other end is running DVMRP . The[...]
-
Página 1099
44-51 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Basic DVMRP Interopera bility Features T o disable the filter , use the no ip dvmr p accept-filt er access-list-number [ di stance ] neighbor - list access-list-number interface conf iguration comman d. This exampl e show s ho[...]
-
Página 1100
44-52 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Advanced DVMRP Interoperability Features Beginni ng in pri vileged EXEC mode, foll ow th ese steps to advertise netw ork 0.0.0.0 to D VMRP neighbors on an interf ace. This procedure is optional. T o pre vent the def ault rout [...]
-
Página 1101
44-53 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Advanced DVMRP Interoperability Feature s These sections contain this configu ration informatio n: • Enabling DVMRP Unicast Routing, pa ge 44-53 (opt ional) • Rejecting a D VMRP Nonpruning Neighbor , page 44-54 (optional) [...]
-
Página 1102
44-54 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Advanced DVMRP Interoperability Features Rejecting a DVMRP Nonpruning Neighbor By default, Ci sco de vices accept all D VMRP neighbors as peers, re gardless of their D VMRP capability . Ho wev er , some no n-Cisco devi ces run[...]
-
Página 1103
44-55 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Advanced DVMRP Interoperability Feature s Figur e 44-9 Router Rejects N onpr uning D VMRP Neighbor Note that the ip dvmr p reject-non- pruners interface conf iguration comman d prev ents peering with neighbors only . If there [...]
-
Página 1104
44-56 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Advanced DVMRP Interoperability Features • Config uring a D VMRP Summary Addr ess, page 44-57 (opt ional) • Disabling D VMRP Au tosummarization, page 44-59 (optional) • Adding a Metric Of fset to the D VMRP Route, page 4[...]
-
Página 1105
44-57 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Advanced DVMRP Interoperability Feature s T o return to the def ault setting use the no ip dvmr p ro utehog-notif ication global conf iguration command. Use the show ip igmp interface pri vile ged EXEC command to disp lay a ru[...]
-
Página 1106
44-58 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Configuring Advanced DVMRP Interoperability Features Figur e 44-1 0 Only Connected Unicast Routes Are A dver tised by Default Beginning in priv ileged EXEC mode, foll ow th ese steps to customize the summarization of D VMRP routes if the [...]
-
Página 1107
44-59 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Configuring Advanced DVMRP Interoperability Feature s Disabling DVMRP Autosummarization By default, th e software automatically performs some le vel of D VMRP summarization. Disable this function if you w ant to advert ise all routes, not[...]
-
Página 1108
44-60 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Monitoring and Maintain ing IP Multicast Routing T o return to the def ault setting, use t he no ip dvmrp metric-offset interface conf iguration com mand. Monitoring and Maintaining IP Multicast Routing These sections describe ho w to mon[...]
-
Página 1109
44-61 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Config uring IP Multicast Routing Monitoring and Maintainin g IP Multicast Routing Displaying System and Network Statistics Y ou can display speci fic statistics, s uch as the c ont ents of IP routing tables, caches, and databas es. Note This release does not support per [...]
-
Página 1110
44-62 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 44 Configur ing IP Multicast Routing Monitoring and Maintain ing IP Multicast Routing Monitoring IP Multicast Routing Y ou can use the priv ileged EXEC commands i n Ta b l e 44-7 to monitor IP multicast r outers, packets, and paths: show ip pim rp [ gr oup-name | gr oup-addr[...]
-
Página 1111
CH A P T E R 45-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 45 Configuring MSDP This chapter describe s how to conf igure the M ulticast Source Discovery Protocol (MSDP) on the Catalyst 3560 switch. The MSDP connect s multiple Protocol-Indep endent Multicast sparse-mode (PIM-SM) domains. MSDP is no t fully support ed in this soft[...]
-
Página 1112
45-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Understanding MSDP MSDP depends hea vily on the Border Gate way Pro tocol (BGP) or MBGP for interdomain op eration. W e recommend that you run MSD P in RPs in your domain that are RPs for sources sending to global grou ps to be announced to the Internet. [...]
-
Página 1113
45-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Configuring MSDP Configuri ng MSDP Figur e 45-1 MSDP Running Between RP P eers MSDP Benefits MSDP has these benefits: • It breaks up the shared multicas t distribut ion tree. Y ou can make the shared tree local to your domain. Y our local members join the local tree, and[...]
-
Página 1114
45-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Configuring MSDP • Controlling Source Informati on that Y o ur Switch Origi nates, page 45-8 (optional) • Controlling Source Informati on that Y o ur Switch F orwards, page 45- 11 (optional) • Controlling Source Informati on that Y our Switch Recei [...]
-
Página 1115
45-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Configuring MSDP Configuri ng MSDP Figur e 45-2 Def ault MSDP Peer Netw or k Beginni ng in pri vileged EXEC mode, fo llow th ese steps to specify a default MSDP peer . This procedure is requi red. ISP A PIM domain ISP C PIM domain SA Router A Switch B 10.1.1.1 Def ault MSD[...]
-
Página 1116
45-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Configuring MSDP T o remov e the default peer , use the no ip msdp default-peer ip-addr ess | name global conf iguration command. This examp le shows a partial con figur ation of Router A and Ro uter C in Figure 45-2 . Each of these ISPs hav e more than o[...]
-
Página 1117
45-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Configuring MSDP Configuri ng MSDP Note An alternati ve to this command is th e ip msdp sa-request glob al conf iguration comman d, which causes the switch to send an SA request mess age to the MS DP peer when a ne w member for a group beco mes activ e. For more informatio[...]
-
Página 1118
45-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Configuring MSDP Requesting Source Information from an MSDP Peer Local RPs can send SA requests and get immedi ate responses for all acti v e sources for a gi ven grou p. By default, the sw itch does not send any SA request messages to its MSDP peers when[...]
-
Página 1119
45-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Configuring MSDP Configuri ng MSDP Redistributing Sources SA messages originate on RPs to which sou rces hav e registered. By d efault, an y source that regist ers with an RP is advertised. The A flag is set in the RP when a source is register ed, which means the source is[...]
-
Página 1120
45-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Configuring MSDP T o remov e the filter , use the no ip msdp redistrib ute global conf iguration comman d. Filtering Source-Active Request Messages By default, only switches that are caching SA in form ation can respond to SA requests. By default, such a[...]
-
Página 1121
45-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Configuring MSDP Configuri ng MSDP Beginni ng in pri vileged EXEC mode, follow these steps to conf igure one of these options. Thi s procedure is optional. T o return to the def ault setting, use the no ip msdp f ilter -sa-r equest { ip-address | name } global confi gurat[...]
-
Página 1122
45-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Configuring MSDP Using a Filter By creating a filter , you ca n perform one of these actions: • Filter all source/group pair s • Specify an IP extended access list to pass only certain source/group pairs • Filter based on match criteria in a rout e[...]
-
Página 1123
45-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Configuring MSDP Configuri ng MSDP T o remov e the fi lter , use the no ip msdp sa-f ilter out { ip- addr ess | name } [ list access-list-number ] [ rou te - ma p map-tag ] global conf igurati on command. This exampl e shows ho w to al lo w only (S,G) pairs that pass acce[...]
-
Página 1124
45-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Configuring MSDP Y o u can perfor m one of these actions: • Filter all incoming SA messages from an MSDP peer • Specify an IP e xtended access list to pass certain so urce/group pairs • Filter based on match criteria in a rout e map Beginni ng in p[...]
-
Página 1125
45-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Configuring MSDP Configuri ng MSDP T o remov e the fi lter , use the no ip msdp sa-f ilter in { ip-a ddr ess | name } [ list access-list-number ] [ rou te - ma p map-tag ] global conf igurati on command. This example sh ows ho w to f ilter all SA messages from t he peer n[...]
-
Página 1126
45-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Configuring MSDP T o bring the peer back up, use the no ip msdp shutdown { peer -name | peer addr ess } global confi guration command. The TCP connect ion is reestablished Including a Bordering PIM Dense-Mode Region in MSDP Y ou can configure MSDP on a s[...]
-
Página 1127
45-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Configuring MSDP Configuri ng MSDP Note that the ip msdp origin ator -id global configuration command also identif ies an interface to be used as the RP address. If both the ip msdp border sa-address an d the ip msdp originator -id global confi guration commands are conf [...]
-
Página 1128
45-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 45 Co nfiguring MSDP Monitoring and Maintaining MSDP Monitoring and Maintaining MSDP T o monitor MSDP SA messages, peers, state, or pe er status, use one or more of the pri vile ged EXEC commands in Ta b l e 45-1 : T o clear MSDP connections, statistics, or SA cache entries,[...]
-
Página 1129
CH A P T E R 46-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 46 Configuring Fallback Bridging This chapter describes h ow to configure f allback bridg ing (VLAN bridging ) on the Catalyst 3560 switch . W ith fa llback bridging, you can forward non-IP packets t hat the switch does not route between VLAN bridge domains an d routed p[...]
-
Página 1130
46-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configurin g Fallback Bridging Configuring Fallbac k Bridging Fallb ack bridging does not al lo w the spanning trees fr om the VLANs being bridged to collapse. Each VLAN has its own spanning-tree instance and a separate spanning tree, calle d the VLAN-bridge spanning tree,[...]
-
Página 1131
46-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configuring Fallback Bridging Configuring Fallback Bridging • Creating a Bridge Group, page 46 -3 (required) • Adjusting Spanning-T ree P arameters, page 46-5 (optional ) Default Fallback Bridging Configuration Ta b l e 46-1 shows the d efault f allback bridging co nfi[...]
-
Página 1132
46-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configurin g Fallback Bridging Configuring Fallbac k Bridging Beginning in priv ileged EXEC mode, foll ow th ese steps to create a bridge group and to assign an interface to it. Th is procedure is required. T o remov e a bridge group, use the no bridge bridge-gr oup global[...]
-
Página 1133
46-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configuring Fallback Bridging Configuring Fallback Bridging Switch(config-if)# exit Adjusting Spanning-Tree Parameters Y o u might need to adjust certain spanning-tree parameters if the def ault v alues are not suitable. Y ou confi gure parameters affectin g the entire spa[...]
-
Página 1134
46-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configurin g Fallback Bridging Configuring Fallbac k Bridging T o return to the default setting, use the no bridge bridge-gr oup priority global configuratio n command. T o change the prio rity on a port, use the bridge-gr oup priority interface conf iguration command (des[...]
-
Página 1135
46-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configuring Fallback Bridging Configuring Fallback Bridging T o return to the defaul t path cost, use the no bridge-group bridg e-gr oup path-cost interface confi guration command. This exampl e show s how to change the path cost to 2 0 on a port in bridge group 10 : Switc[...]
-
Página 1136
46-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configurin g Fallback Bridging Configuring Fallbac k Bridging T o return to the def ault setting, use t he no bridge bridge-gr oup hello-time global configuration command. This exampl e show s how to change the hello int erval t o 5 seconds in bridge group 10: Switch(confi[...]
-
Página 1137
46-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configuring Fallback Bridging Configuring Fallback Bridging Changing the Maximum-Idle Interval If a switch doe s not recei v e BPDUs from the root switch within a sp ecified i nterval, it recomputes the spanning-tree to pology . Beginni ng in pri vileged EXEC mode, follo w[...]
-
Página 1138
46-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 46 Configurin g Fallback Bridging Monitoring and Main ta ining Fallback Bridging This exampl e show s how to disable spanning tree o n a port in bridge group 10 : Switch(config)# interface gigabitethernet0/1 Switch(config-if)# bridge group 10 spanning-disabled Monitoring and[...]
-
Página 1139
CH A P T E R 47-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 47 Troubleshooting This chapter describes ho w to identify and resolve softw are problems related to the Cisco IOS software on the Catalyst 3560 switch. D epending on the nature of the p roblem, you can use the command-l ine interface (CLI), the de vice manager , or Netw[...]
-
Página 1140
47-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Recovering from a Software Failure • T roubleshoot ing T ables, page 47-24 Recovering from a Software Failure Switch software can be corrupted during an upgrad e, by do wnloading the wr ong fi le to the switch, and by deleting th e image file. In all of [...]
-
Página 1141
47-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Recovering from a Lost or Fo rgotten Password switch: flash_init Step 8 If you had set the consol e port speed to an ything othe r than 9 600, it has been reset to that part icular speed. Change the emulat ion software line speed to mat ch that of the swit[...]
-
Página 1142
47-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Recovering from a Lost or Forgotten Password Step 4 Reconnect the power cord to the switch and, within 15 seconds, press the Mode bu tton while the System LED is still flashi ng green. Continue pressing the Mode b utton until the Sy stem LED turns briefly [...]
-
Página 1143
47-5 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Recovering from a Lost or Fo rgotten Password Step 5 Rename the conf iguration f ile to conf ig.te xt.old. This f ile contains the passw ord defini tion. switch: rename flash: config.text flash: config.text.old Step 6 Boot up the system: switch: boot Y ou [...]
-
Página 1144
47-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Recovering from a Lost or Forgotten Password Procedure with Password Recovery Disabled If the password-reco very mechan ism is disabled, this message appears: The password-recovery mechanism has been triggered, but is currently disabled. Access to the boot[...]
-
Página 1145
47-7 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Recovering from a Command Switc h Failure Step 6 Enter glob al configuration mode : Switch# configure terminal Step 7 Change the password: Switch (config)# enable secret password The secret password can be from 1 to 25 alphanumer ic characters, can start w[...]
-
Página 1146
47-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Recovering from a Command Switch Failure Y ou can prepare for a command switch failure by assi gning an IP address to a member switch or ano ther switch that is command-capable, making a note of the command-switch passwor d, and cabling your cluster to pro[...]
-
Página 1147
47-9 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Recovering from a Command Switc h Failure Basic management setup configures only enough connectivity for management of the system, extended setup will ask you to configure each interface on the system Would you like to enter basic management setup? [yes/no[...]
-
Página 1148
47-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Recovering from a Command Switch Failure Replacing a Failed Command Switch with Another Switch T o replace a failed command switch with a switch that is command-capable but not part of the cluster , follo w these st eps: Step 1 Insert the ne w switch in p[...]
-
Página 1149
47-11 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Recovering from Lost Cluster M ember Connectivity Step 10 When prompted, assign a name to the cluster , and pr ess Return . The cluster name can be 1 to 31 alphanu meric characters, dashes, or underscores. Step 11 When the initial conf iguration di splays[...]
-
Página 1150
47-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Troubleshooting Power over Ethernet Switch Por ts Troubleshooting Power over Ethernet Switch Ports These sections describe ho w to troublesh oot Po wer ov er Ethernet (PoE) ports. Disabled Port Caused by Power Loss If a po wered de vice (such as a Cisco I[...]
-
Página 1151
47-13 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Monitoring SFP Module Status error-disabled state. After the elapsed interv al, the sw itch brings the interf ace out of the error -disabled state and retries the operation. F or more information about the errdisable r ecovery command, see t he command re[...]
-
Página 1152
47-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Using Ping • Destination unreachable—If the default gate wa y cannot reach the sp ecified network, a destination-unr eachable message is returned. • Network or host un reachable—If there is n o entry in the route table for the host or n etwork, a [...]
-
Página 1153
47-15 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Using Layer 2 Traceroute T o end a pi ng session, en ter the escape sequence ( Ctrl-^ X by default). Simultaneously press and release the Ctrl , Shift , and 6 key s and then pres s the X key . Using Layer 2 Traceroute These sections contai n this informat[...]
-
Página 1154
47-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Using IP Traceroute • If the source or destination MA C address belongs to multiple VLANs, yo u must specify the VLAN to which both th e source and d estination MA C addr esses belong. If the VLAN is not sp ecif ied, the path is not identified, a nd an [...]
-
Página 1155
47-17 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Using IP Traceroute The traceroute pri vileged EXEC co mmand uses the T ime T o Li ve (TTL) f ield in the IP header to cause routers and servers to gene rate specific return messages. Traceroute starts by sending a User Datagram Protocol (UDP) datagram to[...]
-
Página 1156
47-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Using TDR T o end a trace in progress, enter the escape sequence ( Ctrl-^ X by def ault). Simultaneously press and release the Ctrl , Shift , and 6 ke ys and then press the X key . Using TDR These sections contai n this information: • Understanding TDR,[...]
-
Página 1157
47-19 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Using Debug Commands Running TDR and Displaying the Results T o run TDR, enter the test cable-diagnostics tdr interface interface -id priv ileged EXEC command: T o display the resu lts, enter the show cable-diagnostics tdr interface int erface-id pri vile[...]
-
Página 1158
47-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Using the show platfo rm forward Command T o display the state of each debugging option, enter this co mmand in pri vileged EXEC mode: Switch# show debugging Enabling All-System Diagnostics Beginni ng in pri vileged EXEC mode, en ter this command to enabl[...]
-
Página 1159
47-21 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Using the show platform forward Command Most of the information i n the output from the command is useful mainly for technical supp ort personnel, who have access to detailed information about the switch applicat ion-specific integrated circuits (ASICs). [...]
-
Página 1160
47-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Using the show platfo rm forward Command Egress:Asic 3, switch 1 Output Packets: ------------------------------------------ Packet 1 Lookup Key-Used Index-Hit A-Data OutptACL 50_0D020202_0D010101-00_40000014_000A0000 01FFE 03000000 Port Vlan SrcMac DstMac[...]
-
Página 1161
47-23 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Using the c rashinfo Fil es Using the crashinfo Files The crashinfo f iles sav e information that hel ps Cisco technical support rep resentati ves to deb ug problems that caused the Cisco IOS image to fail (cra sh). The switch writes the crash information[...]
-
Página 1162
47-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Troubleshooting Tables Troubleshooting Tables These tables are a condensed v ersion of troubleshootin g documents on Cisco.com. • “T roubleshooting CPU Utilizatio n” on page -24 • “T roubleshootin g Power o ver Ethernet (PoE)” on page -26 • [...]
-
Página 1163
47-25 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Troubleshooting Tab les This ex ample sho ws normal CPU util ization. The outpu t show s that utilization f or the last 5 seconds is 8%/0% , which has this meaning: • The total CPU utilization is 8 percen t, including both t ime running Cisco IOS proces[...]
-
Página 1164
47-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Troubleshooting Tables Troubleshooting Power over Ethernet (PoE) Figur e 47 -1 Po w er Over Ether net T r oubleshooting Scenar ios Symptom or problem Possible cause and solution No PoE on only one port. T rouble is on only one swi tch port. PoE and non-Po[...]
-
Página 1165
47-27 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Troubleshooting Tab les No PoE on all port s or a group of ports. T rouble is on all switch por ts. Nonpo wered Ethernet de vices cannot estab lish an Ethernet link on any port, and PoE de vices do not po wer on. If there is a continuo us, intermittent, o[...]
-
Página 1166
47-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Troubleshooting Tables Cisco IP Phone disconnects or resets. After workin g normally , a Cisco phone or wireless access point intermittentl y reloads or disconnects from PoE. V e rify all electr ical connections fro m the switch to the po wered device. An[...]
-
Página 1167
47-29 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troub leshooting Troubleshooting Tab les Troubleshooting Stackwise Ta b l e 47 -4 Switch Stac k T roubleshooting Scenar ios Symptom/problem How to V erify Problem Possible C ause/Solution General troubleshooting of switch stack issues Revie w this docum ent. Use the T rou[...]
-
Página 1168
47-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 47 Troublesho oting Troubleshooting Tables Slo w traff ic throughput on stack ring T est the switch interface. Defective StackW ise switch interface. Note The only solution is to replace the switch. Problems with stack master election. stacks merging, or ne w switches joinin[...]
-
Página 1169
CH A P T E R 48-1 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 48 Configuring Online Diagnostics This chapter descri bes how to configure the online diagnostic s on the Catalyst 3560 switches. Note For complete syntax and usage in formation for the co mmands used in this chapter , see the switch command reference at this URL: http:/[...]
-
Página 1170
48-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 48 Configuring Online Diagnostics Configuring Health-M onitoring Diagnostic s Beginni ng in global conf iguration mode, use this command to schedule on line diagnostics: Th i s ex a mp le s how s h ow to schedule diagnostic testing on a specific date and time for a specific s[...]
-
Página 1171
48-3 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 48 Configuring Online Diagnostics Running Online Diagnostic T ests Running Online Diagnostic Tests After you configure online diag nostics, you can start di agnostic tests or display t he test results. Y ou can also see which tests are configured for each swit ch and what dia[...]
-
Página 1172
48-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Chapter 48 Configuring Online Diagnostics Displaying Online Diag nostic Tests and Test Results Th is exa mp le show s h ow to display the online diagnostics that are configured on a switch: Switch# show diagnostic content Diagnostics test suite attributes: B/* - Basic ondemand test /[...]
-
Página 1173
A-1 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 APPENDIX A Supported MIBs This appendix lists t he supported management in for mation base (MIBs) for this release on the Catalyst 3560 switch. It contains these sections: • MIB List, page A-1 • Using FTP to Access the MIB Files, page A-3 MIB List • BRIDGE-MIB Note The BRIDGE-M[...]
-
Página 1174
A-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix A Supported MIBs MIB List • CISCO-IETF-IP-FOR W ARDING-MIB • CISCO-IGMP-FIL TER-MIB • CISCO-IMA GE-MIB • CISCO IP-ST A T -MIB • CISCO-L2L3-INTERF A CE-CONFIG-MIB • CISCO-LA G-MIB • CISCO-MA C-A UTH-BYP ASS • CISCO-MA C-NO TIFICA TION-MIB • CISCO-MEMOR Y -POO[...]
-
Página 1175
A-3 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix A Supported MIBs Using FTP to Access the MIB Files • OLD-CISCO-CHASSIS-MIB • OLD-CISCO-FLASH-MIB • OLD-CISCO-INTERF ACES-MIB • OLD-CISCO-IP-MIB • OLD-CISCO-SYS-MIB • OLD-CISCO-TCP-MIB • OLD-CISCO-TS-MIB • PIM-MIB • RFC1213-MIB (Function ality is as per the [...]
-
Página 1176
A-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix A Supported MIBs Using FTP to Acce ss the MIB Files Step 5 At the ftp> prompt, change directories to /pub/mibs/v1 and / pub/mibs/v2 . Step 6 Use the get MIB_filen ame command to obtain a copy of the MIB f ile.[...]
-
Página 1177
B-1 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 APPENDIX B Working with the Cisco IOS File System, Configuration Files, and Software Images This appendix describes ho w to man ipulate the Catalyst 35 60 switch flash f ile system, how to copy confi guration f iles, and ho w to archi ve (u ploa d and do wnload) software images to a [...]
-
Página 1178
B-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with the Flash File System Displaying Available File Systems T o display the av ailable file sy stems on your switch, use the show f ile systems pri vileged EX EC command as sho wn in[...]
-
Página 1179
B-3 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with the Flash File System Setting the Default File System Y ou can specify th e f ile system or di rectory that the system uses as th e default file system by using the cd filesyst e[...]
-
Página 1180
B-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with the Flash File System T o display informatio n about f iles on a file syst em, use one of the pri vile ged EXEC commands in Ta b l e B-2 : Changing Directories and Displaying the[...]
-
Página 1181
B-5 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with the Flash File System Use the /recursiv e ke yword to delete th e named directory and all subd irectories and the f iles contained in it. Use the /f orce k eyw ord to suppress th[...]
-
Página 1182
B-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with the Flash File System Use the /recursiv e ke yword for deleti ng a directory and all su bdirectories and the f iles contained in it. Use the /for ce ke yword to suppress the pr o[...]
-
Página 1183
B-7 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with the Flash File System This example sh ows ho w to create a tar f ile. This co mmand writes the contents of the new-con figs directory on the local flash device to a f ile named s[...]
-
Página 1184
B-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files • For the RCP , the syntax is rcp : [[ // username @ location ] / directory ] / tar-filename .tar • For the TFTP , the syntax is tftp: [[ // location ] / [...]
-
Página 1185
B-9 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s Y ou can co py ( upload ) conf iguration files f rom the switch to a f ile server b y using TFTP , FTP , or RCP . Y o u might perform t his task to back up a[...]
-
Página 1186
B-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files Configuration File Types and Location n Startup conf iguration f iles are used during syst em startup to conf igur e the softw are. Running confi guration fi[...]
-
Página 1187
B-11 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s Make sure that the /etc/servi ces file contai ns this line: tftp 69/udp Note Y ou must restart the inetd daem on after modifying th e /etc/inetd.conf and /e[...]
-
Página 1188
B-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files Uploading the Configura tion File By Using TFTP T o upload a configuration f ile from a switch to a TFTP server for storage, follow these steps: Step 1 V eri[...]
-
Página 1189
B-13 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s If the server has a directory structure, the conf iguratio n file is writ ten to or copied from the directory associated with the username on the server . F[...]
-
Página 1190
B-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files This example sho ws ho w to copy a conf igurati on file named host1-confg from the netadm in1 directory on the remo te server with an IP address of 172.16.10[...]
-
Página 1191
B-15 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s This examp le shows ho w to copy the running conf iguration f ile named switc h2-confg to the netadmi n1 directory on the remote host with an IP address of [...]
-
Página 1192
B-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files The RCP requires a client to se nd a remote username with each RCP request to a server . When you cop y a config uration fi le from the switch to a ser ver ,[...]
-
Página 1193
B-17 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s Downloading a Configuration File By Using RCP Beginni ng in pri vileged EXEC mod e, follow these steps to do wnload a conf iguration f ile by using RCP: Thi[...]
-
Página 1194
B-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files Uploading a Configuration File By Using RCP Beginning in priv ileged EXEC mode, foll ow th ese st eps to upload a configuration file b y using RCP: This exam[...]
-
Página 1195
B-19 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s Clearing the Startup Configuration File T o clear the conten ts of your startup conf iguration , use the erase n vram: or the erase startup-conf ig pri vile[...]
-
Página 1196
B-20 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files Y ou use the archi ve conf ig pri vileged EXEC co mmand to sav e conf igurations in the con figuration archi ve by using a standard locati on and filename pr[...]
-
Página 1197
B-21 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configuration File s Configuration Guidelines Follo w these guideli nes when conf iguring and performing conf iguration replacement and ro llback: • Make sure that the switch [...]
-
Página 1198
B-22 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files Performing a Configuration Re placement or Rollback Operation Starting in pri vile ged EXEC mode, follo w these step s to replace the running conf igurati on[...]
-
Página 1199
B-23 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images Working with Software Images This section descri bes ho w to archi ve (do w nload and up load) softw are image f iles, which cont ain the system software, the Ci[...]
-
Página 1200
B-24 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Software Image s Image Location on the Switch The Cisco IOS image is stored as a .bin f ile in a directory that sho ws the v ersion number . A subdirectory contains the fi les n[...]
-
Página 1201
B-25 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images Copying Image Files By Using TFTP Y o u can do wnload a switch image fro m a TFTP serv er or upl oad the image from the switch to a TFTP server . Y ou do wnload [...]
-
Página 1202
B-26 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Software Image s • Ensure that the switch has a rout e to the TFTP server . The switch and the TFTP server must be in the same subnetwork if you do not ha ve a router to route[...]
-
Página 1203
B-27 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images The do wnload algorith m verif ies that the image is approp riate for the switch model and that en ough DRAM is present, or it aborts the proce ss and reports an[...]
-
Página 1204
B-28 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Software Image s Caution For the do wnload and upload algo rithms to operate properly , do no t rename imag e names. Uploading an Image File By Using TFTP Y ou can upload an ima[...]
-
Página 1205
B-29 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images These sections contain this configu ration informatio n: • Preparing to Download or Upload an Image File By Using FTP , page B-29 • Downloading an Image File[...]
-
Página 1206
B-30 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Software Image s • When you upload an image f ile to the FTP server , it must be properl y configured to accept the write request from the user on the switch. For more informa[...]
-
Página 1207
B-31 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images The do wnload algorith m verif ies that the image is approp riate for the switch model and that en ough DRAM is present, or it aborts the proce ss and reports an[...]
-
Página 1208
B-32 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Software Image s Beginni ng in pri vileged EXEC mode, follow thes e steps to upload an im age to an FTP server: The archiv e upload-sw command builds an i mage file on t he serv[...]
-
Página 1209
B-33 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images Note Instead of using the copy pri vil eged EXEC command or the ar chiv e tar pri vile ged EXEC command, we recommend using the ar chiv e downlo ad-sw and archi [...]
-
Página 1210
B-34 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Software Image s operations. The new username is stored in NVRAM. If you are accessing the switch through a T elnet session and y ou hav e a valid username, thi s username is us[...]
-
Página 1211
B-35 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images The do wnload algorith m verif ies that the image is approp riate for the switch model and that en ough DRAM is present, or it aborts the proce ss and reports an[...]
-
Página 1212
B-36 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Software Image s If you specify the /lea ve-old-sw , the existing f iles are not remo ved. If th ere is not enough room to in stall the ne w image an keep the running image, the[...]
-
Página 1213
B-37 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images The archiv e upload-sw pri vileged EXEC command b uilds an image f ile on the server b y uploading these files in order: info, the Cisco IOS image, an d the web [...]
-
Página 1214
B-38 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Software Image s[...]
-
Página 1215
C-1 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 APPENDIX C Unsupported Commands in Cisco IOS Release 12.2(50)SE This appendix lists some of th e command-line interf ace (CLI) commands that ap pear when you enter the question m ark (?) at the Cataly st 3560 swit ch prompt b ut are not suppor ted in this release, either because they[...]
-
Página 1216
C-2 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE Access Control Lists • SNMP , page C-16 • SNMPv3, page C-17 • Spanning T ree, page C-17 • VLAN, page C-17 • VTP , page C-17 Access Control Lists Unsupported Privileged EXEC Commands access-enable [ host ] [ t[...]
-
Página 1217
C-3 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix C Unsupported Commands in Cisco IOS Release 12.2(50)SE ARP Commands ARP Commands Unsupported Global Configuration Commands arp ip-addr ess hardwar e-addr ess smds arp ip-addr ess hardwar e-addr ess srp-a arp ip-addr ess hardwar e-addr ess srp-b Unsupported Interface Configur[...]
-
Página 1218
C-4 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE Debug Commands Unsupported Commands in Applet Configuration Mode no event interface name [ in terface-name ] parameter [ counter -name ] entry-v al [ entry counter valu e ] entry-op { gt|ge|eq|ne|lt|le } [ entry-type {[...]
-
Página 1219
C-5 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix C Unsupported Commands in Cisco IOS Release 12.2(50)SE FallBack Bridging bridge cmf bridge crb bridge bridge-gr oup domain domain-nam e bridge irb bridge bridge-gr oup mac-address-table limit number bridge bridge-gr oup multicast-source bridge bridge-gr oup protocol dec brid[...]
-
Página 1220
C-6 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE High Availability High Availability Unsupported SSO-Aware HSRP Commands All HSRP Unsupported Global Configuration Commands interfac e Async interfac e BVI interfac e Dialer interface Group-Async interfac e Lex interfac[...]
-
Página 1221
C-7 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix C Unsupported Commands in Cisco IOS Release 12.2(50)SE Interface Commands Interface Commands Unsupported Privileged EXEC Commands show interfaces [ interface-id | vlan vlan-id ] [ crb | fair -queue | irb | mac-accounting | pr ecedence | irb | random-detect | rate-limit | sha[...]
-
Página 1222
C-8 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE IP SLA Unsupported Global Configuration Commands ip multicast-r outing [vrf vrf-name] ip pim accept-rp { addr ess | auto-rp } [ gr oup-access-list-number ] ip pim message-interv al seconds Unsupported Interface Configu[...]
-
Página 1223
C-9 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix C Unsupported Commands in Cisco IOS Release 12.2(50)SE IP Unicast Routing IP Unicast Routing Unsupported Privileged EXEC or User EXEC Commands clear ip accounting [ checkpoint ] clear ip bgp addr ess flap-statistic s clear ip bgp pref ix-list debug ip cef stats show cef [ dr[...]
-
Página 1224
C-10 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE IP Unicast Routing Unsupported Interface Configuration Commands ip accounting ip load-sharing [ per -pack et ] ip mtu bytes ip ospf dead-interv al minimal hello-multiplier mul tiplier ip verify ip unnumber ed type num[...]
-
Página 1225
C-11 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix C Unsupported Commands in Cisco IOS Release 12.2(50)SE IPv6 set origin set metric-type inter nal set tag tag-value IPv6 IPv4-v6 Tunneling Commands All Layer 3 BGP All commands for these features: • BGP Support for Dual AS Conf igurat ion for Networ k AS Migrations • BGP[...]
-
Página 1226
C-12 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE Layer 3 clear bgp nsap dampening clear bgp nsap external clear bgp nsap flap-statistics clear bgp nsap peer -gr oup clear ip bgp ipv6 clear ip bgp l2vpn clear ip bgp vpn v4 clear ip bgp vpn v6 ha-mode graceful-restart[...]
-
Página 1227
C-13 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix C Unsupported Commands in Cisco IOS Release 12.2(50)SE MAC Address Commands ignore lsa mospf nsf ietf nsf ietf helper disable nsf ietf helper strict-lsa-checking show ip ospf sham-links VRF aware AAA All MAC Address Commands Unsupported Privileged EXEC Commands show mac-add[...]
-
Página 1228
C-14 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE Miscellaneou s Miscellaneous Unsupported User EXEC Commands verify Unsupported Privileged EXEC Commands f ile verify auto remote command show cable-diagnostics prbs test cable-diagnostics prbs Unsupported Global Confi[...]
-
Página 1229
C-15 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix C Unsupported Commands in Cisco IOS Release 12.2(50)SE Multicast Multicast Unsupported BiDirectional PIM Commands All Unsupported Multicast Routing Manager Commands All Unsupported IP Multicast Rate Limiting Commands All Unsupported UDLR Commands All Unsupported Multicast O[...]
-
Página 1230
C-16 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE QoS QoS Unsupported Global Configuration Command priority-list Unsupported Interface Configuration Commands priority-gr oup rate-limit Unsupported Policy-Map Configuration Command class class-default where class-de fa[...]
-
Página 1231
C-17 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Appendix C Unsupported Commands in Cisco IOS Release 12.2(50)SE SNMPv3 SNMPv3 Unsupported 3DES Encryption Commands All Spanning Tree Unsupported Global Configuration Command spanning-tr ee pathcost method { long | short } Unsupported Interface Configuration Command spanning-tree sta[...]
-
Página 1232
C-18 Catalyst 3560 Switch Software Configuration Guide OL-8553-06 Appendix C Un supported Co mmands in Cisco IO S Release 12.2(50)SE VTP[...]
-
Página 1233
IN-1 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 INDEX A AAA down policy, NAC Layer 2 IP validation 10 abbreviating commands 4 ABRs 24 AC (command switch) 10 access-class command 19 access control entries See ACEs access control entry (ACE) 3 access-denied response, VMPS 28 access groups applying IPv4 ACLs to in terfaces 20 Layer [...]
-
Página 1234
Index IN-2 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 ACLs (continued) IP creating 7 fragments and Q oS guidelines 33 implicit deny 9, 13, 15 implicit masks 9 matching criteria 7 undefined 20 IPv4 applying to interfaces 19 creating 7 matching criteria 7 named 14 numbers 8 terminal lines, setting on 18 unsupported features 6 IPv6 [...]
-
Página 1235
Index IN-3 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 addresses (continued) static adding and removin g 24 defined 19 address resolution 28, 8 Address Resolution Protocol See ARP adjacency tables, with CEF 87 administrative distances defined 99 OSPF 30 routing protocol defaults 89 advertisements CDP 1 LLDP 1, 2 RIP 19 VTP 19, 3 a[...]
-
Página 1236
Index IN-4 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 authentication manager CLI commands 8 compatibility wi th older 802.1x CLI commands 8 to 9 overview 7 authoritative time so urce, described 2 authorization with RADIUS 27 with TACACS+ 11, 16 authorized ports wi th IEEE 802.1x 9 autoconfiguration 3 auto enablement 26 automatic [...]
-
Página 1237
Index IN-5 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 BGP aggregate addresses 57 aggregate routes, configuring 57 CIDR 57 clear commands 60 community filteri ng 54 configuring nei ghbors 55 default configu ration 43 described 42 enabling 45 monitoring 60 multipath supp ort 49 neighbors, types of 45 path selection 49 peers, config[...]
-
Página 1238
Index IN-6 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 broadcast storm-control co mmand 4 broadcast storms 1, 13 C cables, monitoring for unidirect ional links 1 candidate switch automatic discovery 4 defined 3 requirements 3 See also command switch, cluster stand by group, and member switch Catalyst 6000 switches authentication c[...]
-
Página 1239
Index IN-7 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 class maps for QoS configuring 46 described 7 displayin g 78 class of service See CoS clearing interfaces 30 CLI abbreviating commands 4 command modes 1 configuration logg ing 5 described 5 editing features enabling and disabling 7 keystroke editi ng 7 wrapped lines 9 error me[...]
-
Página 1240
Index IN-8 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 CNS (conti nued) embedded agents described 5 enabling automated conf iguration 6 enabling configuration agent 9 enabling event agent 7 management functions 5 Coarse Wave Division Multiplexer See CWDM SFPs command-line interface See CLI command modes 1 commands abbreviating 4 n[...]
-
Página 1241
Index IN-9 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 configuration files (con tinued) specifying the filename 16 system contact and location information 16 types and location 10 uploading preparing 10, 13, 16 reasons for 9 using FTP 14 using RCP 18 using TFT P 12 configuration guidelin es, multi-VRF CE 74 configuration logg er 1[...]
-
Página 1242
Index IN-10 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 default configuration (continue d) IGMP 38 IGMP filtering 24 IGMP snooping 7, 5, 6 IGMP throttling 24 initial switch informat ion 3 IP addressing, IP routing 4 IP multicast routing 10 IP SLAs 6 IP source guard 16 IPv6 10 IS-IS 63 Layer 2 interfaces 15 Layer 2 protocol tunneli[...]
-
Página 1243
Index IN-11 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 DHCP (continue d) enabling relay agen t 10 server 10 DHCP-based a utoconfigurat ion client request message exchange 4 configuring client side 3 DNS 7 relay device 8 server side 6 server-side 10 TFTP server 7 example 9 lease options for IP address information 6 for receiving t[...]
-
Página 1244
Index IN-12 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 DHCP snooping binding database (cont inued) deletin g binding file 14 bindings 15 database ag ent 14 described 6 displayin g 15 binding ent ries 15 status and statistics 15 enabling 14 entry 6 renewing database 15 resetting delay val ue 14 timeout value 14 DHCP snooping bindi[...]
-
Página 1245
Index IN-13 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 DRP configuring 12 described 4 IPv6 4 support for 12 DSCP 11, 2 DSCP input queue thresh old map for QoS 16 DSCP output queue threshol d map for QoS 18 DSCP-to-CoS map for QoS 64 DSCP-to-DSCP-mu tation map for QoS 65 DSCP transparency 40 DTP 8, 17 dual-action detection 5 DUAL [...]
-
Página 1246
Index IN-14 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 dynamic ARP inspection (continued) default configu ration 5 denial-of-service attacks, preventing 10 described 1 DHCP snooping binding database 2 displayin g ARP ACLs 14 configuration and operating state 14 log buffer 14 statistics 14 trust state and rate li mit 14 error-disa[...]
-
Página 1247
Index IN-15 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 enhanced ob ject tracking backup static ro uting 12 commands 1 defined 1 DHCP primary interface 11 HSRP 7 IP routing state 2 IP SLAs 9 line-protocol state 2 network moni toring with IP SLAs 11 routing policy, con figuring 12 static route primary interface 10 tracked li sts 3 [...]
-
Página 1248
Index IN-16 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 examples network configu ration 17 expedite queue for QoS 76 Express Setup 2 See also getting started gui de extended crashinfo file 23 extended-range VLANs configuration guid elines 13 configuring 12 creating 13 creating with an inter nal VLAN ID 15 defined 1 extended system[...]
-
Página 1249
Index IN-17 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 files (continued) tar creating 6 displaying t he contents of 7 extracting 7 image file fo rmat 24 file system displaying availabl e file systems 2 displayin g file inform ation 3 local file system names 1 network file system names 5 setting the default 3 filtering in a VLAN 2[...]
-
Página 1250
Index IN-18 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 GUIs See device manager and Network Assistant H hardware limitations and Layer 3 interfaces 26 hello ti me MSTP 22 STP 20 help, for the command line 3 hierarchical policy maps 8 configuration guid elines 33 configuring 52 described 11 history changing the b uffer size 6 descr[...]
-
Página 1251
Index IN-19 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 ICMP Router Discovery Protocol See IRDP ICMPv6 4 IDS appliances and ingress RSPAN 20 and ingress SPAN 13 IEEE 802.1D See STP IEEE 802.1p 1 IEEE 802.1Q and trunk po rts 3 configuration limi tations 19 encapsulation 16 native VLAN for untagged traffic 23 tunneling compatibility[...]
-
Página 1252
Index IN-20 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 IGMP filtering (cont inued) monitoring 28 support for 4 IGMP groups configuring filt ering 27 setting the maximum number 26 IGMP helper 4, 6 IGMP Immediate Leave configuration guid elines 11 described 5 enabling 10 IGMP profile applying 26 configuration mode 24 configuring 25[...]
-
Página 1253
Index IN-21 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Internet Control Message Protocol See ICMP Internet Group Management Proto col See IGMP Internet Protocol version 6 See IPv6 Inter-Switch Link See ISL inter-VLAN routing 12, 2 Intrusion Detection Sy stem See IDS appliances inventory management TLV 2, 6 IOS shell See Auto Smar[...]
-
Página 1254
Index IN-22 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 IP multicast routin g (continued) enabling multicast forwarding 12 PIM mode 13 group-to-RP mappi ngs Auto-RP 6 BSR 7 MBONE deleting sd r cache entries 61 described 44 displaying sd r cache 62 enabling sdr listener support 45 limiting DVMRP routes ad vertised 56 limiting sdr c[...]
-
Página 1255
Index IN-23 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 IP SLAs (continued) SNMP support 2 supported metrics 2 threshold monitori ng 6 track object moni toring agent, config uring 11 track state 9 UDP jitter operation 9 IP source guard and 802.1x 17 and DHCP snooping 15 and EtherChannels 17 and port security 17 and private VLANs 1[...]
-
Página 1256
Index IN-24 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 IP unicast routing (cont inued) protocols distance-vector 3 dynamic 3 link-state 3 proxy ARP 8 redistribution 90 reverse address resolution 8 routed ports 3 static routing 3 steps to configure 4 subnet mask 5 subnet zero 6 supernet 6 UDP 14 with SVIs 3 See also BGP See also E[...]
-
Página 1257
Index IN-25 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 ISL and IPv6 3 and trunk po rts 3 encapsulation 8, 16 trunking with IEEE 802.1 tunneling 5 ISO CLNS clear commands 71 dynamic routing protocol s 61 monitoring 71 NETs 61 NSAPs 61 OSI standard 61 ISO IGRP area routing 61 system routing 61 isolated port 2 isolated VLANs 2, 3 J [...]
-
Página 1258
Index IN-26 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Layer 3 interfaces assigning IP addresses to 5 assigning IPv4 and IPv6 addresses to 13 assigning IPv6 addresses to 11 changing from La yer 2 mode 5, 78, 79 types of 3 Layer 3 packets, classi fication methods 2 LDAP 2 Leaking IGMP Reports 4 LEDs, switch See hardwa re installat[...]
-
Página 1259
Index IN-27 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 MAC addresses (continued) default configu ration 21 disabling learning on a VLAN 27 discovering 28 displayin g 27 displaying in the IP source binding table 19 dynamic learning 20 removing 22 in ACLs 27 IP address association 8 static adding 24 allowing 26, 27 characteristics [...]
-
Página 1260
Index IN-28 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 maximum aging time MSTP 23 STP 21 maximum hop count, MSTP 24 maximum number of allowed devices, port -based authentication 33 maximum-paths command 49, 88 MDA configuration guid elines 11 to 12 described 9, 11 exceptions with authentication process 5 membership mode, VLAN por[...]
-
Página 1261
Index IN-29 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 monitoring ( continued) speed and duplex mode 19 SSM mapping 21 traffic flowing amo ng switches 1 traffic suppression 19 tunneling 17 VLAN filters 41 maps 41 VLANs 16 VMPS 32 VTP 16 mrouter Port 3 mrouter port 5 MSDP benefits of 3 clearing MSDP connections and statistics 18 c[...]
-
Página 1262
Index IN-30 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 MSTP (continued) neighbor type 25 path cost 20 port priority 19 root switch 17 secondar y root switch 18 switch prior ity 21 CST defined 3 operations betwe en regions 3 default configu ration 14 default optional feature configuration 9 displaying st atus 26 enabling the mode [...]
-
Página 1263
Index IN-31 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 multicast television app lication 17 multicast VLAN 17 Multicast VLAN Registration See MVR multidomain auth entication See MDA multioperations schedu ling, IP SLAs 5 multiple authentication 12 multiple authenticat ion mode configuring 40 Multiple HSRP See MHSRP multiple VPN r[...]
-
Página 1264
Index IN-32 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 network configuratio n examples increasing network performance 17 large netw ork 21 long-distance, hig h-bandwidth transport 23 providing netwo rk services 17 server aggregation and Linux server cluster 19 small to medium-sized network 20 network design performance 17 service[...]
-
Página 1265
Index IN-33 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 options, ma nagement 4 OSPF area parameters, configuring 28 configuring 26 default configu ration metrics 30 route 30 settings 25 described 24 for IPv6 6 interface parameters, configuring 27 LSA group pacing 31 monitoring 32 router IDs 32 route summ arization 29 support for 1[...]
-
Página 1266
Index IN-34 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 PIM (continued) sparse mode join messages and shared tree 5 overview 5 prune messages 5 RPF lookups 8 stub routing configuration guid elines 22 displayin g 61 enabling 22 overview 5 support for 12 versions interoperability 10 troubleshooting i nteroperability probl ems 34 v2 [...]
-
Página 1267
Index IN-35 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 port-based authenticati on (continued) configuration guid elines 31 configuring 802.1x authentication 37 guest VLAN 46 host mode 40 inaccessible authentication bypass 49 manual re-authentication o f a client 42 periodic re-authe ntication 41 quiet period 42 RADIUS server 39 R[...]
-
Página 1268
Index IN-36 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 port-based authenticati on (continued) voice aware 802.1x security configuring 35 described 25, 35 voice VLAN described 21 PVID 21 VVID 21 wake-on-L AN, described 22 port-based authen tication methods, supported 7 port blocki ng 4, 7 port-channel See EtherChannel port descrip[...]
-
Página 1269
Index IN-37 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 private V LANs across multiple switches 4 and SDM template 4 and SVIs 5 benefits of 1 community ports 2 community VLANs 2, 3 configuration guid elines 6, 8 configuration tasks 6 configuring 9 default configu ration 6 end station access to 3 IP addressing 3 isolated port 2 iso[...]
-
Página 1270
Index IN-38 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Q QoS and MQC commands 1 auto-QoS categorizing traffic 20 configuration and defaul ts display 29 configuration guid elines 25 described 20 disabling 27 displaying generated comman ds 27 displaying the initial con figuration 29 effects on running configuration 25 egress queu e[...]
-
Página 1271
Index IN-39 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 QoS (continued) flowchar ts classification 6 egress queueing an d scheduling 17 ingress queueing and scheduling 15 policing an d marking 10 implicit deny 7 ingress queues allocating bandwidth 68 allocating buffer space 68 buffer and bandwidt h allocation, described 16 configu[...]
-
Página 1272
Index IN-40 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 R RADIUS attributes vendor-propri etary 31 vendor-specific 29 configuring accounting 28 authentication 23 authorization 27 communication, global 21, 29 communication, per-server 20, 21 multiple UDP ports 20 default configu ration 20 defining AAA serv er groups 25 displayin g [...]
-
Página 1273
Index IN-41 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 remote SPAN 2 report suppression, IGMP described 6 disabling 15, 11 resequencing ACL entries 14 resets, in BGP 47 resetting a UDLD-shutdow n interface 6 responder, IP SLAs described 4 enabling 8 response time, measuring with IP SLAs 4 restricted VLAN configuring 47 described [...]
-
Página 1274
Index IN-42 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 route-map co mmand 96 route maps BGP 51 policy-based routing 94 router ACLs defined 2 types of 4 route reflectors, BGP 58 router ID, OSPF 32 route selection, BGP 49 route summarizat ion, OSPF 29 route targets, VPN 74 routing default 2 dynamic 3 redistribution of information 9[...]
-
Página 1275
Index IN-43 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 SCP and SSH 49 configuring 49 SDM described 1 templates configuring 4 number of 1 SDM template 3 configuration guid elines 3 configuring 3 dual IPv4 and IPv6 2 types of 1 secondar y VLANs 2 Secure Copy Protocol secure HTTP client configuring 47 displayin g 48 secure HTTP serv[...]
-
Página 1276
Index IN-44 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 Smartports macros applying Cisco-default macros 12 applying glob al parameter values 13 configuration guid elines 12 default configu ration 11 defined 1 displayin g 14 tracing 12 SNAP 1 SNMP accessing MIB variables with 4 agent described 3 disabling 7 and IP SLAs 2 authentica[...]
-
Página 1277
Index IN-45 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 source-IP address based forward ing, EtherChannel 7 source-MAC ad dress forwarding, Ethe rChannel 7 Source-specific multicast See SSM SPAN configuration guid elines 10 default configu ration 9 destinatio n ports 7 displaying st atus 23 interaction with other features 8 monito[...]
-
Página 1278
Index IN-46 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 standby command switch configuring considerations 11 defined 2 priority 10 requirements 3 virtual IP address 11 See also cluster standb y group and HSRP standby group, cluster See cluster standby group an d HSRP standby ip command 6 standby links 2 standby router 1 standby ti[...]
-
Página 1279
Index IN-47 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 STP (continued) configuring forward-delay time 21 hello ti me 20 maximum aging time 21 path cost 18 port priority 17 root switch 14 secondar y root switch 16 spanning-tree mode 13 switch prior ity 19 transmit hold-count 22 counters, clearing 22 default configu ration 11 defau[...]
-
Página 1280
Index IN-48 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 STP (continued) root switch configuring 15 effects of extended system ID 4, 14 election 3 unexpected be havior 15 shutdown Port Fast-enabled port 2 status, displaying 22 superior BPDU 3 timers, described 20 UplinkFast described 3 enabling 13 VLAN-bridge 10 stratum, NTP 2 stub[...]
-
Página 1281
Index IN-49 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 system message logging ( continued) displaying t he configuration 13 enabling 4 facility keywords, described 13 level keywords, descri bed 9 limiting messages 10 message format 2 overview 1 sequence numbers, enabling an d disabling 8 setting the display dest ination device 5 [...]
-
Página 1282
Index IN-50 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 TFTP configuration files downloading 11 preparing the server 10 uploading 12 configuration files in base d irectory 7 configuring for aut oconfiguration 7 image file s deletin g 27 downloading 26 preparing the server 25 uploading 28 limiting access by servers 16 TFTP server 5[...]
-
Página 1283
Index IN-51 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 troubleshooting connectivity problems 13, 15, 16 CPU utilization 24 detecting unidir ectional links 1 displayin g crash informat ion 23 PIMv1 and PIMv2 interop erability problems 34 setting packet forwarding 20 SFP security and identification 12 show forward command 20 with C[...]
-
Página 1284
Index IN-52 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 unicast MAC address filtering 5 and adding stat ic addresses 25 and broadcast MAC addresses 25 and CPU packets 25 and multicast addresses 25 and router MAC addresses 25 configuration guid elines 25 described 25 unicast storm 1 unicast storm control command 4 unicast traffic, [...]
-
Página 1285
Index IN-53 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 VLAN Management Policy Server See VMPS VLAN map entries, order of 30 VLAN maps applying 34 common uses for 34 configuration guid elines 30 configuring 29 creating 31 defined 2 denying access to a server example 35 denying and permitting p ackets 31 displayin g 41 examples of [...]
-
Página 1286
Index IN-54 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 VMPS (contin ued) reconfirmation in terval, changing 31 reconfirming member ship 31 retry count, changing 32 voice aware 802.1x security port-based authenticati on configuring 35 described 25, 35 voice-over-IP 1 voice VLAN Cisco 7960 phone, port connect ions 1 configuration g[...]
-
Página 1287
Index IN-55 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06 VTP (continue d) modes client 3, 11 server 3, 9 transition s 3 transparent 3, 12 monitoring 16 passwords 8 pruning disabling 14 enabling 14 examples 5 overview 4 support for 8 pruning-eligibl e list, changing 23 server mode, configuring 9 statistics 16 support for 8 Token Rin[...]
-
Página 1288
Index IN-56 Catalyst 3560 Switch Softw are Configuration Guide OL-8553-06[...]