Catalyst 3750-X and 3560-X Switch Software Configuration GuideCisco IOS Release 15.0(2)SEAugust 2012

Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706 USAhttp://www.cisco.comTel: 408 526-4000

800 553-NETS (6387)Fax: 408 527-0883

Text Part Number: OL-25303-02

http://www.cisco.com

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

Catalyst 3750-X and 3560-X Switch Software Configuration Guide 20112012 Cisco Systems, Inc. All rights reserved.

http://www.cisco.com/go/trademarks

OL-25303-02

C O N T E N T S

Preface liii

Audience liii

Purpose liii

Conventions liv

Related Publications liv

Obtaining Documentation and Submitting a Service Request lv

C H A P T E R 1 Overview 1-1

Features 1-1Deployment Features 1-2Performance Features 1-4Management Options 1-6Manageability Features 1-7Availability and Redundancy Features 1-9VLAN Features 1-10Security Features 1-10QoS and CoS Features 1-14Layer 3 Features 1-15Power over Ethernet Features 1-17Monitoring Features 1-17

Default Settings After Initial Switch Configuration 1-19

Network Configuration Examples 1-22Design Concepts for Using the Switch 1-22Small to Medium-Sized Network Using Catalyst 3750-X and 3560-X Switches 1-29Large Network Using Catalyst 3750-X and 3560-X Switches 1-31Multidwelling Network Using Catalyst 3750-X Switches 1-34Long-Distance, High-Bandwidth Transport Configuration 1-35

Where to Go Next 1-36

C H A P T E R 2 Using the Command-Line Interface 2-1

Understanding Command Modes 2-1

Understanding the Help System 2-3

Understanding Abbreviated Commands 2-3

iiiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

Contents

Understanding no and default Forms of Commands 2-4

Understanding CLI Error Messages 2-4

Using Configuration Logging 2-4

Using Command History 2-5Changing the Command History Buffer Size 2-5Recalling Commands 2-6Disabling the Command History Feature 2-6

Using Editing Features 2-6Enabling and Disabling Editing Features 2-6Editing Commands through Keystrokes 2-7Editing Command Lines that Wrap 2-8

Searching and Filtering Output of show and more Commands 2-9

Accessing the CLI 2-9Accessing the CLI through a Console Connection or through Telnet 2-10

C H A P T E R 3 Configuring Cisco IOS Configuration Engine 3-1

Understanding Cisco Configuration Engine Software 3-1Configuration Service 3-2Event Service 3-3

NameSpace Mapper 3-3What You Should Know About the CNS IDs and Device Hostnames 3-3

ConfigID 3-3DeviceID 3-4Hostname and DeviceID 3-4Using Hostname, DeviceID, and ConfigID 3-4

Understanding Cisco IOS Agents 3-5Initial Configuration 3-5Incremental (Partial) Configuration 3-6Synchronized Configuration 3-6

Configuring Cisco IOS Agents 3-6Enabling Automated CNS Configuration 3-6Enabling the CNS Event Agent 3-8Enabling the Cisco IOS CNS Agent 3-9

Enabling an Initial Configuration 3-9Enabling a Partial Configuration 3-13

Displaying CNS Configuration 3-14

ivCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

C H A P T E R 4 Assigning the Switch IP Address and Default Gateway 4-1

Understanding the Boot Process 4-1

Assigning Switch Information 4-2Default Switch Information 4-3Understanding DHCP-Based Autoconfiguration 4-3

DHCP Client Request Process 4-4Understanding DHCP-based Autoconfiguration and Image Update 4-5

DHCP Autoconfiguration 4-5DHCP Auto-Image Update 4-5Limitations and Restrictions 4-6

Configuring DHCP-Based Autoconfiguration 4-6DHCP Server Configuration Guidelines 4-7Configuring the TFTP Server 4-7Configuring the DNS 4-8Configuring the Relay Device 4-8Obtaining Configuration Files 4-9Example Configuration 4-10

Configuring the DHCP Auto Configuration and Image Update Features 4-11Configuring DHCP Autoconfiguration (Only Configuration File) 4-11Configuring DHCP Auto-Image Update (Configuration File and Image) 4-12Configuring the Client 4-14

Manually Assigning IP Information 4-15

Checking and Saving the Running Configuration 4-16Configuring the NVRAM Buffer Size 4-17

Modifying the Startup Configuration 4-18Default Boot Configuration 4-18Automatically Downloading a Configuration File 4-18Specifying the Filename to Read and Write the System Configuration 4-19Booting Manually 4-19Booting a Specific Software Image 4-20Controlling Environment Variables 4-21

Scheduling a Reload of the Software Image 4-24Configuring a Scheduled Reload 4-24Displaying Scheduled Reload Information 4-25

C H A P T E R 5 Managing Switch Stacks 5-1

Understanding Switch Stacks 5-2Switch Stack Membership 5-4Stack Master Election and Re-Election 5-6

vCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Switch Stack Bridge ID and Router MAC Address 5-7Stack Member Numbers 5-7Stack Member Priority Values 5-8Switch Stack Offline Configuration 5-8

Effects of Adding a Provisioned Switch to a Switch Stack 5-9Effects of Replacing a Provisioned Switch in a Switch Stack 5-11Effects of Removing a Provisioned Switch from a Switch Stack 5-11

Hardware Compatibility and SDM Mismatch Mode in Switch Stacks 5-11Switch Stack Software Compatibility Recommendations 5-11Stack Protocol Version Compatibility 5-12Major Version Number Incompatibility Among Switches 5-12Minor Version Number Incompatibility Among Switches 5-12

Understanding Auto-Upgrade and Auto-Advise 5-12Auto-Upgrade and Auto-Advise Example Messages 5-13

Incompatible Software and Stack Member Image Upgrades 5-16Switch Stack Configuration Files 5-16Additional Considerations for System-Wide Configuration on Switch Stacks 5-17Switch Stack Management Connectivity 5-17

Connectivity to the Switch Stack Through an IP Address 5-18Connectivity to the Switch Stack Through an SSH Session 5-18Connectivity to the Switch Stack Through Console Ports or Ethernet Management Ports 5-18Connectivity to Specific Stack Members 5-18

Switch Stack Configuration Scenarios 5-19Rolling Stack Upgrade 5-21

Stack Configuration 5-21Upgrade Process 5-21Upgrade Sequence Examples 5-22

Configuring the Switch Stack 5-24Default Switch Stack Configuration 5-24Enabling Persistent MAC Address 5-24Assigning Stack Member Information 5-26

Assigning a Stack Member Number 5-26Setting the Stack Member Priority Value 5-26Provisioning a New Member for a Switch Stack 5-27

Running a Rolling Stack Update 5-28

Accessing the CLI of a Specific Stack Member 5-30

Displaying Switch Stack Information 5-30

Troubleshooting Stacks 5-31Manually Disabling a Stack Port 5-31

viCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Re-Enabling a Stack Port While Another Member Starts 5-32Understanding the show switch stack-ports summary Output 5-32Identifying Loopback Problems 5-33

Software Loopback 5-34Software Loopback Example: No Connected Stack Cable 5-35Software Loopback Examples: Connected Stack Cables 5-35Hardware Loopback 5-36Hardware Loopback Example: LINK OK event 5-36Hardware Loop Example: LINK NOT OK Event 5-37

Finding a Disconnected Stack Cable 5-38Fixing a Bad Connection Between Stack Ports 5-39

C H A P T E R 6 Clustering Switches 6-1

Understanding Switch Clusters 6-2Cluster Command Switch Characteristics 6-3Standby Cluster Command Switch Characteristics 6-3Candidate Switch and Cluster Member Switch Characteristics 6-4

Planning a Switch Cluster 6-4Automatic Discovery of Cluster Candidates and Members 6-5

Discovery Through CDP Hops 6-5Discovery Through Non-CDP-Capable and Noncluster-Capable Devices 6-6Discovery Through Different VLANs 6-7Discovery Through Different Management VLANs 6-7Discovery Through Routed Ports 6-8Discovery of Newly Installed Switches 6-9

HSRP and Standby Cluster Command Switches 6-10Virtual IP Addresses 6-11Other Considerations for Cluster Standby Groups 6-11Automatic Recovery of Cluster Configuration 6-12

IP Addresses 6-13Hostnames 6-13Passwords 6-14SNMP Community Strings 6-14Switch Clusters and Switch Stacks 6-14TACACS+ and RADIUS 6-16LRE Profiles 6-16

Using the CLI to Manage Switch Clusters 6-16Catalyst 1900 and Catalyst 2820 CLI Considerations 6-17

Using SNMP to Manage Switch Clusters 6-17

viiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

C H A P T E R 7 Administering the Switch 7-1

Managing the System Time and Date 7-1Understanding the System Clock 7-2Understanding Network Time Protocol 7-2NTP Version 4 7-4Configuring Time and Date Manually 7-4

Setting the System Clock 7-4Displaying the Time and Date Configuration 7-5Configuring the Time Zone 7-5Configuring Summer Time (Daylight Saving Time) 7-6

Configuring a System Name and Prompt 7-7Default System Name and Prompt Configuration 7-8Configuring a System Name 7-8Understanding DNS 7-8

Default DNS Configuration 7-9Setting Up DNS 7-9Displaying the DNS Configuration 7-10

Creating a Banner 7-10Default Banner Configuration 7-10Configuring a Message-of-the-Day Login Banner 7-11Configuring a Login Banner 7-12

Managing the MAC Address Table 7-12Building the Address Table 7-13MAC Addresses and VLANs 7-13MAC Addresses and Switch Stacks 7-14Default MAC Address Table Configuration 7-14Changing the Address Aging Time 7-14Removing Dynamic Address Entries 7-15Configuring MAC Address Change Notification Traps 7-15Configuring MAC Address Move Notification Traps 7-17Configuring MAC Threshold Notification Traps 7-18Adding and Removing Static Address Entries 7-20Configuring Unicast MAC Address Filtering 7-21Disabling MAC Address Learning on a VLAN 7-22Displaying Address Table Entries 7-23

Managing the ARP Table 7-24

C H A P T E R 8 Configuring SDM Templates 8-1

Understanding the SDM Templates 8-1

viiiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Dual IPv4 and IPv6 SDM Templates 8-2SDM Templates and Switch Stacks 8-4

Configuring the Switch SDM Template 8-5Default SDM Template 8-5SDM Template Configuration Guidelines 8-5Setting the SDM Template 8-6

Displaying the SDM Templates 8-7

C H A P T E R 9 Configuring Catalyst 3750-X StackPower 9-1

Understanding Cisco StackPower 9-2StackPower Modes 9-2Power Priority 9-3Load Shedding 9-4

Immediate Load Shedding Example 9-4

Configuring Cisco StackPower 9-6Configuring Power Stack Parameters 9-7Configuring Power Stack Switch Power Parameters 9-8Configuring PoE Port Priority 9-9

C H A P T E R 10 Configuring Switch-Based Authentication 10-1

Preventing Unauthorized Access to Your Switch 10-1

Protecting Access to Privileged EXEC Commands 10-2Default Password and Privilege Level Configuration 10-2Setting or Changing a Static Enable Password 10-3Protecting Enable and Enable Secret Passwords with Encryption 10-3Disabling Password Recovery 10-5Setting a Telnet Password for a Terminal Line 10-6Configuring Username and Password Pairs 10-6Configuring Multiple Privilege Levels 10-7

Setting the Privilege Level for a Command 10-8Changing the Default Privilege Level for Lines 10-9Logging into and Exiting a Privilege Level 10-9

Controlling Switch Access with TACACS+ 10-10Understanding TACACS+ 10-10TACACS+ Operation 10-12Configuring TACACS+ 10-12

Default TACACS+ Configuration 10-13Identifying the TACACS+ Server Host and Setting the Authentication Key 10-13Configuring TACACS+ Login Authentication 10-14

ixCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 10-16Starting TACACS+ Accounting 10-17Establishing a Session with a Router if the AAA Server is Unreachable 10-17

Displaying the TACACS+ Configuration 10-17

Controlling Switch Access with RADIUS 10-17Understanding RADIUS 10-18RADIUS Operation 10-19RADIUS Change of Authorization 10-20

Change-of-Authorization Requests 10-20CoA Request Response Code 10-22CoA Request Commands 10-23Stacking Guidelines for Session Termination 10-25

Configuring RADIUS 10-26Default RADIUS Configuration 10-27Identifying the RADIUS Server Host 10-27Configuring RADIUS Login Authentication 10-29Defining AAA Server Groups 10-31Configuring RADIUS Authorization for User Privileged Access and Network Services 10-33Starting RADIUS Accounting 10-34Establishing a Session with a Router if the AAA Server is Unreachable 10-34Configuring Settings for All RADIUS Servers 10-35Configuring the Switch to Use Vendor-Specific RADIUS Attributes 10-35Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 10-36Configuring CoA on the Switch 10-37Monitoring and Troubleshooting CoA Functionality 10-38Configuring RADIUS Server Load Balancing 10-39

Displaying the RADIUS Configuration 10-39

Controlling Switch Access with Kerberos 10-39Understanding Kerberos 10-39Kerberos Operation 10-41

Authenticating to a Boundary Switch 10-41Obtaining a TGT from a KDC 10-42Authenticating to Network Services 10-42

Configuring Kerberos 10-42

Configuring the Switch for Local Authentication and Authorization 10-43

Configuring the Switch for Secure Shell 10-44Understanding SSH 10-44

SSH Servers, Integrated Clients, and Supported Versions 10-44Limitations 10-45

Configuring SSH 10-45

xCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Configuration Guidelines 10-45Setting Up the Switch to Run SSH 10-46Configuring the SSH Server 10-47

Displaying the SSH Configuration and Status 10-48

Configuring the Switch for Secure Socket Layer HTTP 10-48Understanding Secure HTTP Servers and Clients 10-48

Certificate Authority Trustpoints 10-49CipherSuites 10-50

Configuring Secure HTTP Servers and Clients 10-50Default SSL Configuration 10-51SSL Configuration Guidelines 10-51Configuring a CA Trustpoint 10-51Configuring the Secure HTTP Server 10-52Configuring the Secure HTTP Client 10-54

Displaying Secure HTTP Server and Client Status 10-54

Configuring the Switch for Secure Copy Protocol 10-54Information About Secure Copy 10-55

C H A P T E R 11 Configuring IEEE 802.1x Port-Based Authentication 11-1

Understanding IEEE 802.1x Port-Based Authentication 11-1Device Roles 11-3Authentication Process 11-4Authentication Initiation and Message Exchange 11-6Authentication Manager 11-7

Port-Based Authentication Methods 11-8Per-User ACLs and Filter-Ids 11-8Authentication Manager CLI Commands 11-9

Ports in Authorized and Unauthorized States 11-10802.1x Authentication and Switch Stacks 11-11802.1x Host Mode 11-12802.1x Multiple Authentication Mode 11-12MAC Move 11-13MAC Replace 11-14802.1x Accounting 11-14802.1x Accounting Attribute-Value Pairs 11-14802.1x Readiness Check 11-15802.1x Authentication with VLAN Assignment 11-16802.1x Authentication with Per-User ACLs 11-17802.1x Authentication with Downloadable ACLs and Redirect URLs 11-18

xiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Cisco Secure ACS and Attribute-Value Pairs for the Redirect URL 11-20Cisco Secure ACS and Attribute-Value Pairs for Downloadable ACLs 11-20

VLAN ID-based MAC Authentication 11-20802.1x Authentication with Guest VLAN 11-21802.1x Authentication with Restricted VLAN 11-22802.1x Authentication with Inaccessible Authentication Bypass 11-23

Support on Multiple-Authentication Ports 11-23Authentication Results 11-23Feature Interactions 11-24

802.1x Critical Voice VLAN Configuration 11-24802.1x User Distribution 11-27

802.1x User Distribution Configuration Guidelines 11-27IEEE 802.1x Authentication with Voice VLAN Ports 11-28IEEE 802.1x Authentication with Port Security 11-28IEEE 802.1x Authentication with Wake-on-LAN 11-28IEEE 802.1x Authentication with MAC Authentication Bypass 11-29Network Admission Control Layer 2 IEEE 802.1x Validation 11-30Flexible Authentication Ordering 11-31Open1x Authentication 11-31Multidomain Authentication 11-31802.1x Supplicant and Authenticator Switches with Network Edge Access Topology (NEAT) 11-33

Guidelines 11-34Voice Aware 802.1x Security 11-34Common Session ID 11-35Device Sensor 11-35

Guidelines 11-36

Configuring 802.1x Authentication 11-37Default 802.1x Authentication Configuration 11-38802.1x Authentication Configuration Guidelines 11-39

802.1x Authentication 11-39VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication Bypass 11-40MAC Authentication Bypass 11-41Maximum Number of Allowed Devices Per Port 11-41

Configuring 802.1x Readiness Check 11-41Configuring Voice Aware 802.1x Security 11-42Configuring 802.1x Violation Modes 11-43Configuring 802.1x Authentication 11-44Configuring the Switch-to-RADIUS-Server Communication 11-46Configuring the Host Mode 11-47

xiiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Configuring Periodic Re-Authentication 11-48Manually Re-Authenticating a Client Connected to a Port 11-49Changing the Quiet Period 11-49Changing the Switch-to-Client Retransmission Time 11-50Setting the Switch-to-Client Frame-Retransmission Number 11-50Setting the Re-Authentication Number 11-51Enabling MAC Move 11-52Enabling MAC Replace 11-52Configuring 802.1x Accounting 11-53Configuring Device Sensor 11-54

Enabling Accounting Augmentation 11-54Creating a Cisco Discovery Protocol Filter 11-55Creating an LLDP Filter 11-56Creating a DHCP Filter 11-56Applying a Protocol Filter to the Device Sensor Output 11-57Tracking TLV Changes 11-58Verifying the Device Sensor Configuration 11-58Configuration Examples for the Device Sensor Feature 11-59

Configuring a Guest VLAN 11-60Configuring a Restricted VLAN 11-62Configuring Inaccessible Authentication Bypass and Critical Voice VLAN 11-63Configuring 802.1x Authentication with WoL 11-66Configuring MAC Authentication Bypass 11-66Configuring 802.1x User Distribution 11-67Configuring NAC Layer 2 802.1x Validation 11-68Configuring an Authenticator and a Supplicant Switch with NEAT 11-69

Configuring NEAT with Auto Smartports Macros 11-70Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs 11-71

Configuring Downloadable ACLs 11-71Configuring a Downloadable Policy 11-72

Configuring VLAN ID-based MAC Authentication 11-73Configuring Flexible Authentication Ordering 11-74Configuring Open1x 11-74Configuring a Web Authentication Local Banner 11-75Disabling 802.1x Authentication on the Port 11-75Resetting the 802.1x Authentication Configuration to the Default Values 11-76

Displaying 802.1x Statistics and Status 11-76

xiiiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

C H A P T E R 12 Configuring MACsec Encryption 12-1

Understanding Media Access Control Security and MACsec Key Agreement 12-2MKA Policies 12-2Virtual Ports 12-3MACsec, MKA and 802.1x Host Modes 12-3

Single-Host Mode 12-3Multiple-Host Mode 12-3MKA Statistics 12-4

Configuring MKA and MACsec 12-5Default MACsec MKA Configuration 12-5Configuring an MKA Policy 12-6Configuring MACsec on an Interface 12-6

Understanding Cisco TrustSec MACsec 12-8

Configuring Cisco TrustSec MACsec 12-9Configuring Cisco TrustSec Credentials on the Switch 12-10Configuring Cisco TrustSec Switch-to-Switch Link Security in 802.1x Mode 12-10Configuring Cisco TrustSec Switch-to-Switch Link Security in Manual Mode 12-11Cisco TrustSec Switch-to-Switch Link Security Configuration Example 12-14

C H A P T E R 13 Configuring Web-Based Authentication 13-1

Understanding Web-Based Authentication 13-1Device Roles 13-2Host Detection 13-2Session Creation 13-3Authentication Process 13-3Local Web Authentication Banner 13-4Web Authentication Customizable Web Pages 13-6

Guidelines 13-6Web-based Authentication Interactions with Other Features 13-7

Port Security 13-7LAN Port IP 13-8Gateway IP 13-8ACLs 13-8Context-Based Access Control 13-8802.1x Authentication 13-8EtherChannel 13-8

Configuring Web-Based Authentication 13-9Default Web-Based Authentication Configuration 13-9Web-Based Authentication Configuration Guidelines and Restrictions 13-9

xivCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Web-Based Authentication Configuration Task List 13-10Configuring the Authentication Rule and Interfaces 13-10Configuring AAA Authentication 13-11Configuring Switch-to-RADIUS-Server Communication 13-11Configuring the HTTP Server 13-13

Customizing the Authentication Proxy Web Pages 13-13Specifying a Redirection URL for Successful Login 13-15

Configuring the Web-Based Authentication Parameters 13-15Configuring a Web Authentication Local Banner 13-16Removing Web-Based Authentication Cache Entries 13-16

Displaying Web-Based Authentication Status 13-17

C H A P T E R 14 Cisco TrustSec 14-1

Configuration Guidelines and Limitations 14-3

C H A P T E R 15 Configuring Interface Characteristics 15-1

Interface Types 15-1Port-Based VLANs 15-2Switch Ports 15-3

Access Ports 15-3Trunk Ports 15-4Tunnel Ports 15-4

Routed Ports 15-4Switch Virtual Interfaces 15-5

SVI Autostate Exclude 15-6EtherChannel Port Groups 15-610-Gigabit Ethernet Interfaces 15-7Power over Ethernet Ports 15-7

Supported Protocols and Standards 15-8Powered-Device Detection and Initial Power Allocation 15-8Power Management Modes 15-9Power Monitoring and Power Policing 15-10

Network Module Interfaces 15-13Network Services Module 15-1310-Gigabit Ethernet Network Module 15-13

Connecting Interfaces 15-13

Using the Switch USB Ports 15-14USB Mini-Type B Console Port 15-14

Console Port Change Logs 15-15

xvCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Configuring the Console Media Type 15-15Configuring the USB Inactivity Timeout 15-16

USB Type A Port 15-17

Using Interface Configuration Mode 15-18Procedures for Configuring Interfaces 15-20Configuring a Range of Interfaces 15-20Configuring and Using Interface Range Macros 15-22

Using the Ethernet Management Port 15-24Understanding the Ethernet Management Port 15-24Supported Features on the Ethernet Management Port 15-26Configuring the Ethernet Management Port 15-27TFTP and the Ethernet Management Port 15-27

Configuring Ethernet Interfaces 15-28Default Ethernet Interface Configuration 15-28Configuring Interface Speed and Duplex Mode 15-29

Speed and Duplex Configuration Guidelines 15-29Setting the Interface Speed and Duplex Parameters 15-30

Configuring IEEE 802.3x Flow Control 15-31Configuring Auto-MDIX on an Interface 15-32Configuring a Power Management Mode on a PoE Port 15-33Budgeting Power for Devices Connected to a PoE Port 15-35Configuring Power Policing 15-36Adding a Description for an Interface 15-37

Configuring Layer 3 Interfaces 15-38Configuring SVI Autostate Exclude 15-40

Configuring the System MTU 15-41

Configuring the Power Supplies 15-44

Configuring the Cisco RPS 2300 in a Mixed Stack 15-44

Configuring the Cisco eXpandable Power System (XPS) 2200 15-46Configuring the System Names 15-47Configuring XPS Ports 15-48Configuring XPS Power Supplies 15-49

Monitoring and Maintaining the Interfaces 15-49Monitoring Interface Status 15-50Clearing and Resetting Interfaces and Counters 15-51Shutting Down and Restarting the Interface 15-51

xviCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

C H A P T E R 16 Configuring VLANs 16-1

Understanding VLANs 16-1Supported VLANs 16-2VLAN Port Membership Modes 16-3

Configuring Normal-Range VLANs 16-4Token Ring VLANs 16-5Normal-Range VLAN Configuration Guidelines 16-5Configuring Normal-Range VLANs 16-6Saving VLAN Configuration 16-6Default Ethernet VLAN Configuration 16-7Creating or Modifying an Ethernet VLAN 16-8Deleting a VLAN 16-9Assigning Static-Access Ports to a VLAN 16-9

Configuring Extended-Range VLANs 16-10Default VLAN Configuration 16-10Extended-Range VLAN Configuration Guidelines 16-11Creating an Extended-Range VLAN 16-12Creating an Extended-Range VLAN with an Internal VLAN ID 16-13

Displaying VLANs 16-14

Configuring VLAN Trunks 16-14Trunking Overview 16-14

Encapsulation Types 16-16IEEE 802.1Q Configuration Considerations 16-17

Default Layer 2 Ethernet Interface VLAN Configuration 16-17Configuring an Ethernet Interface as a Trunk Port 16-17

Interaction with Other Features 16-18Configuring a Trunk Port 16-18Defining the Allowed VLANs on a Trunk 16-19Changing the Pruning-Eligible List 16-20Configuring the Native VLAN for Untagged Traffic 16-21

Configuring Trunk Ports for Load Sharing 16-22Load Sharing Using STP Port Priorities 16-22Load Sharing Using STP Path Cost 16-24

Configuring VMPS 16-25Understanding VMPS 16-26

Dynamic-Access Port VLAN Membership 16-26Default VMPS Client Configuration 16-27VMPS Configuration Guidelines 16-27Configuring the VMPS Client 16-28

xviiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Entering the IP Address of the VMPS 16-28Configuring Dynamic-Access Ports on VMPS Clients 16-28Reconfirming VLAN Memberships 16-29Changing the Reconfirmation Interval 16-29Changing the Retry Count 16-30

Monitoring the VMPS 16-30Troubleshooting Dynamic-Access Port VLAN Membership 16-31VMPS Configuration Example 16-31

C H A P T E R 17 Configuring VTP 17-1

Understanding VTP 17-1The VTP Domain 17-2VTP Modes 17-3VTP Advertisements 17-4VTP Version 2 17-5VTP Version 3 17-5VTP Pruning 17-6VTP and Switch Stacks 17-8

Configuring VTP 17-8Default VTP Configuration 17-9VTP Configuration Guidelines 17-9

Domain Names 17-9Passwords 17-10VTP Version 17-10Configuration Requirements 17-11

Configuring VTP Mode 17-11Configuring a VTP Version 3 Password 17-14Configuring a VTP Version 3 Primary Server 17-14

Enabling the VTP Version 17-15Enabling VTP Pruning 17-16Configuring VTP on a Per-Port Basis 17-16Adding a VTP Client Switch to a VTP Domain 17-17

Monitoring VTP 17-18

C H A P T E R 18 Configuring Voice VLAN 18-1

Understanding Voice VLAN 18-1Cisco IP Phone Voice Traffic 18-2Cisco IP Phone Data Traffic 18-2

Configuring Voice VLAN 18-3

xviiiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Default Voice VLAN Configuration 18-3Voice VLAN Configuration Guidelines 18-3Configuring a Port Connected to a Cisco 7960 IP Phone 18-4

Configuring Cisco IP Phone Voice Traffic 18-5Configuring the Priority of Incoming Data Frames 18-6

Displaying Voice VLAN 18-7

C H A P T E R 19 Configuring Private VLANs 19-1

Understanding Private VLANs 19-1IP Addressing Scheme with Private VLANs 19-3Private VLANs across Multiple Switches 19-4Private-VLAN Interaction with Other Features 19-4

Private VLANs and Unicast, Broadcast, and Multicast Traffic 19-5Private VLANs and SVIs 19-5Private VLANs and Switch Stacks 19-5

Configuring Private VLANs 19-6Tasks for Configuring Private VLANs 19-6Default Private-VLAN Configuration 19-6Private-VLAN Configuration Guidelines 19-7

Secondary and Primary VLAN Configuration 19-7Private-VLAN Port Configuration 19-8Limitations with Other Features 19-9

Configuring and Associating VLANs in a Private VLAN 19-10Configuring a Layer 2 Interface as a Private-VLAN Host Port 19-11Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port 19-13Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface 19-13

Monitoring Private VLANs 19-15

C H A P T E R 20 Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling 20-1

Understanding IEEE 802.1Q Tunneling 20-1

Configuring IEEE 802.1Q Tunneling 20-4Default IEEE 802.1Q Tunneling Configuration 20-4IEEE 802.1Q Tunneling Configuration Guidelines 20-4

Native VLANs 20-4System MTU 20-5

IEEE 802.1Q Tunneling and Other Features 20-6Configuring an IEEE 802.1Q Tunneling Port 20-7

Understanding Layer 2 Protocol Tunneling 20-8

Configuring Layer 2 Protocol Tunneling 20-10

xixCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Default Layer 2 Protocol Tunneling Configuration 20-11Layer 2 Protocol Tunneling Configuration Guidelines 20-12Configuring Layer 2 Protocol Tunneling 20-13Configuring Layer 2 Tunneling for EtherChannels 20-14

Configuring the SP Edge Switch 20-14Configuring the Customer Switch 20-16

Monitoring and Maintaining Tunneling Status 20-18

C H A P T E R 21 Configuring STP 21-1

Understanding Spanning-Tree Features 21-1STP Overview 21-2Spanning-Tree Topology and BPDUs 21-3Bridge ID, Switch Priority, and Extended System ID 21-4Spanning-Tree Interface States 21-5

Blocking State 21-6Listening State 21-7Learning State 21-7Forwarding State 21-7Disabled State 21-7

How a Switch or Port Becomes the Root Switch or Root Port 21-8Spanning Tree and Redundant Connectivity 21-8Spanning-Tree Address Management 21-8Accelerated Aging to Retain Connectivity 21-9Spanning-Tree Modes and Protocols 21-9Supported Spanning-Tree Instances 21-10Spanning-Tree Interoperability and Backward Compatibility 21-10STP and IEEE 802.1Q Trunks 21-10VLAN-Bridge Spanning Tree 21-11Spanning Tree and Switch Stacks 21-11

Configuring Spanning-Tree Features 21-12Default Spanning-Tree Configuration 21-12Spanning-Tree Configuration Guidelines 21-13Changing the Spanning-Tree Mode. 21-14Disabling Spanning Tree 21-15Configuring the Root Switch 21-15Configuring a Secondary Root Switch 21-17Configuring Port Priority 21-18Configuring Path Cost 21-20Configuring the Switch Priority of a VLAN 21-21

xxCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Configuring Spanning-Tree Timers 21-22Configuring the Hello Time 21-22Configuring the Forwarding-Delay Time for a VLAN 21-23Configuring the Maximum-Aging Time for a VLAN 21-23Configuring the Transmit Hold-Count 21-24

Displaying the Spanning-Tree Status 21-24

C H A P T E R 22 Configuring MSTP 22-1

Understanding MSTP 22-2Multiple Spanning-Tree Regions 22-2IST, CIST, and CST 22-2

Operations Within an MST Region 22-3Operations Between MST Regions 22-3IEEE 802.1s Terminology 22-5

Hop Count 22-5Boundary Ports 22-6IEEE 802.1s Implementation 22-6

Port Role Naming Change 22-6Interoperation Between Legacy and Standard Switches 22-7Detecting Unidirectional Link Failure 22-7

MSTP and Switch Stacks 22-8Interoperability with IEEE 802.1D STP 22-8

Understanding RSTP 22-9Port Roles and the Active Topology 22-9Rapid Convergence 22-10Synchronization of Port Roles 22-11Bridge Protocol Data Unit Format and Processing 22-12

Processing Superior BPDU Information 22-13Processing Inferior BPDU Information 22-13

Topology Changes 22-13

Configuring MSTP Features 22-14Default MSTP Configuration 22-14MSTP Configuration Guidelines 22-15Specifying the MST Region Configuration and Enabling MSTP 22-16Configuring the Root Switch 22-18Configuring a Secondary Root Switch 22-19Configuring Port Priority 22-20Configuring Path Cost 22-21Configuring the Switch Priority 22-22Configuring the Hello Time 22-23

xxiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Configuring the Forwarding-Delay Time 22-24Configuring the Maximum-Aging Time 22-24Configuring the Maximum-Hop Count 22-25Specifying the Link Type to Ensure Rapid Transitions 22-25Designating the Neighbor Type 22-26Restarting the Protocol Migration Process 22-26

Displaying the MST Configuration and Status 22-27

C H A P T E R 23 Configuring Optional Spanning-Tree Features 23-1

Understanding Optional Spanning-Tree Features 23-1Understanding Port Fast 23-2Understanding BPDU Guard 23-2Understanding BPDU Filtering 23-3Understanding UplinkFast 23-3Understanding Cross-Stack UplinkFast 23-5

How CSUF Works 23-6Events that Cause Fast Convergence 23-7

Understanding BackboneFast 23-7Understanding EtherChannel Guard 23-10Understanding Root Guard 23-10Understanding Loop Guard 23-11

Configuring Optional Spanning-Tree Features 23-11Default Optional Spanning-Tree Configuration 23-12Optional Spanning-Tree Configuration Guidelines 23-12Enabling Port Fast 23-12Enabling BPDU Guard 23-13Enabling BPDU Filtering 23-14Enabling UplinkFast for Use with Redundant Links 23-15Enabling Cross-Stack UplinkFast 23-16Enabling BackboneFast 23-16Enabling EtherChannel Guard 23-17Enabling Root Guard 23-18Enabling Loop Guard 23-18

Displaying the Spanning-Tree Status 23-19

C H A P T E R 24 Configuring Flex Links and the MAC Address-Table Move Update Feature 24-1

Understanding Flex Links and the MAC Address-Table Move Update 24-1Flex Links 24-1VLAN Flex Link Load Balancing and Support 24-2

xxiiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Flex Link Multicast Fast Convergence 24-3Learning the Other Flex Link Port as the mrouter Port 24-3Generating IGMP Reports 24-3Leaking IGMP Reports 24-4

MAC Address-Table Move Update 24-6

Configuring Flex Links and MAC Address-Table Move Update 24-7Configuration Guidelines 24-7Default Configuration 24-8Configuring Flex Links 24-8Configuring VLAN Load Balancing on Flex Links 24-10Configuring the MAC Address-Table Move Update Feature 24-12

Monitoring Flex Links and the MAC Address-Table Move Update 24-14

C H A P T E R 25 Configuring DHCP Features and IP Source Guard 25-1

Understanding DHCP Features 25-1DHCP Server 25-2DHCP Relay Agent 25-2DHCP Snooping 25-2Option-82 Data Insertion 25-3Cisco IOS DHCP Server Database 25-6DHCP Snooping Binding Database 25-6DHCP Snooping and Switch Stacks 25-7

Configuring DHCP Features 25-8Default DHCP Configuration 25-8DHCP Snooping Configuration Guidelines 25-9Configuring the DHCP Server 25-10DHCP Server and Switch Stacks 25-10Configuring the DHCP Relay Agent 25-11Specifying the Packet Forwarding Address 25-11Enabling DHCP Snooping and Option 82 25-12Enabling DHCP Snooping on Private VLANs 25-14Enabling the Cisco IOS DHCP Server Database 25-14Enabling the DHCP Snooping Binding Database Agent 25-15

Displaying DHCP Snooping Information 25-16

Understanding IP Source Guard 25-16Source IP Address Filtering 25-17Source IP and MAC Address Filtering 25-17IP Source Guard for Static Hosts 25-17

Configuring IP Source Guard 25-18

xxiiiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Default IP Source Guard Configuration 25-18IP Source Guard Configuration Guidelines 25-18Enabling IP Source Guard 25-19Configuring IP Source Guard for Static Hosts 25-20

Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port 25-21Configuring IP Source Guard for Static Hosts on a Private VLAN Host Port 25-24

Displaying IP Source Guard Information 25-26

Understanding DHCP Server Port-Based Address Allocation 25-26

Configuring DHCP Server Port-Based Address Allocation 25-27Default Port-Based Address Allocation Configuration 25-27Port-Based Address Allocation Configuration Guidelines 25-27Enabling DHCP Server Port-Based Address Allocation 25-27

Displaying DHCP Server Port-Based Address Allocation 25-29

C H A P T E R 26 Configuring Dynamic ARP Inspection 26-1

Understanding Dynamic ARP Inspection 26-1Interface Trust States and Network Security 26-3Rate Limiting of ARP Packets 26-4Relative Priority of ARP ACLs and DHCP Snooping Entries 26-4Logging of Dropped Packets 26-5

Configuring Dynamic ARP Inspection 26-5Default Dynamic ARP Inspection Configuration 26-5Dynamic ARP Inspection Configuration Guidelines 26-6Configuring Dynamic ARP Inspection in DHCP Environments 26-7Configuring ARP ACLs for Non-DHCP Environments 26-9Limiting the Rate of Incoming ARP Packets 26-10Performing Validation Checks 26-12Configuring the Log Buffer 26-13

Displaying Dynamic ARP Inspection Information 26-14

C H A P T E R 27 Configuring IGMP Snooping and MVR 27-1

Understanding IGMP Snooping 27-2IGMP Versions 27-3Joining a Multicast Group 27-3Leaving a Multicast Group 27-5Immediate Leave 27-6IGMP Configurable-Leave Timer 27-6IGMP Report Suppression 27-6IGMP Snooping and Switch Stacks 27-7

xxivCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Configuring IGMP Snooping 27-7Default IGMP Snooping Configuration 27-7Enabling or Disabling IGMP Snooping 27-8Setting the Snooping Method 27-8Configuring a Multicast Router Port 27-9Configuring a Host Statically to Join a Group 27-10Enabling IGMP Immediate Leave 27-11Configuring the IGMP Leave Timer 27-11Configuring TCN-Related Commands 27-12

Controlling the Multicast Flooding Time After a TCN Event 27-12Recovering from Flood Mode 27-13Disabling Multicast Flooding During a TCN Event 27-13

Configuring the IGMP Snooping Querier 27-14Disabling IGMP Report Suppression 27-15

Displaying IGMP Snooping Information 27-16

Understanding Multicast VLAN Registration 27-17Using MVR in a Multicast Television Application 27-18

Configuring MVR 27-20Default MVR Configuration 27-20MVR Configuration Guidelines and Limitations 27-20Configuring MVR Global Parameters 27-21Configuring MVR Interfaces 27-22

Displaying MVR Information 27-23

Configuring IGMP Filtering and Throttling 27-24Default IGMP Filtering and Throttling Configuration 27-24Configuring IGMP Profiles 27-25Applying IGMP Profiles 27-26Setting the Maximum Number of IGMP Groups 27-27Configuring the IGMP Throttling Action 27-27

Displaying IGMP Filtering and Throttling Configuration 27-29

C H A P T E R 28 Configuring IPv6 MLD Snooping 28-1

Understanding MLD Snooping 28-1MLD Messages 28-3MLD Queries 28-3Multicast Client Aging Robustness 28-3Multicast Router Discovery 28-4MLD Reports 28-4MLD Done Messages and Immediate-Leave 28-4

xxvCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Topology Change Notification Processing 28-5MLD Snooping in Switch Stacks 28-5

Configuring IPv6 MLD Snooping 28-5Default MLD Snooping Configuration 28-6MLD Snooping Configuration Guidelines 28-6Enabling or Disabling MLD Snooping 28-7Configuring a Static Multicast Group 28-8Configuring a Multicast Router Port 28-8Enabling MLD Immediate Leave 28-9Configuring MLD Snooping Queries 28-10Disabling MLD Listener Message Suppression 28-11

Displaying MLD Snooping Information 28-12

C H A P T E R 29 Configuring CDP 29-1

Understanding CDP 29-1CDP and Switch Stacks 29-2

Configuring CDP 29-2Default CDP Configuration 29-2Configuring the CDP Characteristics 29-2Disabling and Enabling CDP 29-3Disabling and Enabling CDP on an Interface 29-4

Monitoring and Maintaining CDP 29-5

C H A P T E R 30 Configuring Port-Based Traffic Control 30-1

Configuring Storm Control 30-1Understanding Storm Control 30-1Default Storm Control Configuration 30-3Configuring Storm Control and Threshold Levels 30-3Configuring Small-Frame Arrival Rate 30-5

Configuring Protected Ports 30-6Default Protected Port Configuration 30-6Protected Port Configuration Guidelines 30-7Configuring a Protected Port 30-7

Configuring Port Blocking 30-7Default Port Blocking Configuration 30-8Blocking Flooded Traffic on an Interface 30-8

Configuring Port Security 30-8Understanding Port Security 30-9

Secure MAC Addresses 30-9

xxviCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Security Violations 30-10Default Port Security Configuration 30-11Port Security Configuration Guidelines 30-11Enabling and Configuring Port Security 30-13Enabling and Configuring Port Security Aging 30-17Port Security and Switch Stacks 30-18Port Security and Private VLANs 30-18

Configuring Protocol Storm Protection 30-19Understanding Protocol Storm Protection 30-19Default Protocol Storm Protection Configuration 30-20Enabling Protocol Storm Protection 30-20

Displaying Port-Based Traffic Control Settings 30-21

C H A P T E R 31 Configuring LLDP, LLDP-MED, and Wired Location Service 31-1

Understanding LLDP, LLDP-MED, and Wired Location Service 31-1LLDP 31-1LLDP-MED 31-2Wired Location Service 31-3

Configuring LLDP, LLDP-MED, and Wired Location Service 31-5Default LLDP Configuration 31-5Configuration Guidelines 31-5Enabling LLDP 31-6Configuring LLDP Characteristics 31-6Configuring LLDP-MED TLVs 31-7Configuring Network-Policy TLV 31-8Configuring Location TLV and Wired Location Service 31-10

Monitoring and Maintaining LLDP, LLDP-MED, and Wired Location Service 31-11

C H A P T E R 32 Configuring UDLD 32-1

Understanding UDLD 32-1Modes of Operation 32-1Methods to Detect Unidirectional Links 32-2

Configuring UDLD 32-4Default UDLD Configuration 32-4Configuration Guidelines 32-4Enabling UDLD Globally 32-5Enabling UDLD on an Interface 32-6Resetting an Interface Disabled by UDLD 32-6

Displaying UDLD Status 32-7

xxviiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

C H A P T E R 33 Configuring SPAN and RSPAN 33-1

Understanding SPAN and RSPAN 33-1Local SPAN 33-2Remote SPAN 33-3SPAN and RSPAN Concepts and Terminology 33-4

SPAN Sessions 33-4Monitored Traffic 33-6Source Ports 33-7Source VLANs 33-7VLAN Filtering 33-7Destination Port 33-8RSPAN VLAN 33-9

SPAN and RSPAN Interaction with Other Features 33-9SPAN and RSPAN and Switch Stacks 33-10

Understanding Flow-Based SPAN 33-11

Configuring SPAN and RSPAN 33-12Default SPAN and RSPAN Configuration 33-12Configuring Local SPAN 33-12

SPAN Configuration Guidelines 33-12Creating a Local SPAN Session 33-13Creating a Local SPAN Session and Configuring Incoming Traffic 33-15Specifying VLANs to Filter 33-16

Configuring RSPAN 33-17RSPAN Configuration Guidelines 33-17Configuring a VLAN as an RSPAN VLAN 33-18Creating an RSPAN Source Session 33-19Specifying VLANs to Filter 33-20Creating an RSPAN Destination Session 33-21Creating an RSPAN Destination Session and Configuring Incoming Traffic 33-22

Configuring FSPAN and FRSPAN 33-24FSPAN and FRSPAN Configuration Guidelines 33-24Configuring an FSPAN Session 33-25Configuring an FRSPAN Session 33-26

Displaying SPAN, RSPAN. FSPAN, and FRSPAN Status 33-28

C H A P T E R 34 Configuring RMON 34-1

Understanding RMON 34-1

Configuring RMON 34-2Default RMON Configuration 34-3

xxviiiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Configuring RMON Alarms and Events 34-3Collecting Group History Statistics on an Interface 34-5Collecting Group Ethernet Statistics on an Interface 34-5

Displaying RMON Status 34-6

C H A P T E R 35 Configuring System Message Logging and Smart Logging 35-1

Understanding System Message Logging 35-1

Configuring System Message Logging 35-2System Log Message Format 35-2Default System Message Logging Configuration 35-4Disabling Message Logging 35-4Setting the Message Display Destination Device 35-5Synchronizing Log Messages 35-6Enabling and Disabling Time Stamps on Log Messages 35-8Enabling and Disabling Sequence Numbers in Log Messages 35-8Defining the Message Severity Level 35-9Limiting Syslog Messages Sent to the History Table and to SNMP 35-10Enabling the Configuration-Change Logger 35-11Configuring UNIX Syslog Servers 35-12

Logging Messages to a UNIX Syslog Daemon 35-12Configuring the UNIX System Logging Facility 35-13

Configuring Smart Logging 35-14Enabling Smart Logging 35-15Enabling Smart Logging for DHCP Snooping Violations 35-15Enabling Smart Logging for Dynamic ARP Inspection Violations 35-16Enabling Smart Logging for IP Source Guard Violations 35-16Enabling Smart Logging for Port ACL Deny or Permit Actions 35-17

Displaying the Logging Configuration 35-17

C H A P T E R 36 Configuring SNMP 36-1

Understanding SNMP 36-1SNMP Versions 36-2SNMP Manager Functions 36-3SNMP Agent Functions 36-4SNMP Community Strings 36-4Using SNMP to Access MIB Variables 36-4SNMP Notifications 36-5SNMP ifIndex MIB Object Values 36-5

Configuring SNMP 36-6

xxixCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Default SNMP Configuration 36-6SNMP Configuration Guidelines 36-7Disabling the SNMP Agent 36-7Configuring Community Strings 36-8Configuring SNMP Groups and Users 36-9Configuring SNMP Notifications 36-12Setting the CPU Threshold Notification Types and Values 36-16Setting the Agent Contact and Location Information 36-16Limiting TFTP Servers Used Through SNMP 36-17SNMP Examples 36-17

Displaying SNMP Status 36-19

C H A P T E R 37 Configuring Embedded Event Manager 37-1

Understanding Embedded Event Manager 37-1Event Detectors 37-3Embedded Event Manager Actions 37-4Embedded Event Manager Policies 37-4Embedded Event Manager Environment Variables 37-5EEM 3.2 37-5

Configuring Embedded Event Manager 37-6Registering and Defining an Embedded Event Manager Applet 37-6Registering and Defining an Embedded Event Manager TCL Script 37-7

Displaying Embedded Event Manager Information 37-8

C H A P T E R 38 Configuring Network Security with ACLs 38-1

Understanding ACLs 38-2Supported ACLs 38-2

Port ACLs 38-4Router ACLs 38-5VLAN Maps 38-5

Handling Fragmented and Unfragmented Traffic 38-6ACLs and Switch Stacks 38-7

Configuring IPv4 ACLs 38-7Creating Standard and Extended IPv4 ACLs 38-8

Access List Numbers 38-9ACL Logging 38-9Smart Logging 38-10Creating a Numbered Standard ACL 38-10Creating a Numbered Extended ACL 38-11

xxxCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Resequencing ACEs in an ACL 38-16Creating Named Standard and Extended ACLs 38-16Using Time Ranges with ACLs 38-18Including Comments in ACLs 38-20

Applying an IPv4 ACL to a Terminal Line 38-20Applying an IPv4 ACL to an Interface 38-21Hardware and Software Treatment of IP ACLs 38-23Troubleshooting ACLs 38-23IPv4 ACL Configuration Examples 38-24

ACLs in a Small Networked Office 38-25Numbered ACLs 38-26Extended ACLs 38-26Named ACLs 38-27Time Range Applied to an IP ACL 38-27Commented IP ACL Entries 38-28ACL Logging 38-28

Creating Named MAC Extended ACLs 38-29Applying a MAC ACL to a Layer 2 Interface 38-31

Configuring VLAN Maps 38-32VLAN Map Configuration Guidelines 38-33Creating a VLAN Map 38-34

Examples of ACLs and VLAN Maps 38-34Applying a VLAN Map to a VLAN 38-36Using VLAN Maps in Your Network 38-36

Wiring Closet Configuration 38-37Denying Access to a Server on Another a VLAN 38-38

Configuring VACL Logging 38-39

Using VLAN Maps with Router ACLs 38-40VLAN Maps and Router ACL Configuration Guidelines 38-40Examples of Router ACLs and VLAN Maps Applied to VLANs 38-41

ACLs and Switched Packets 38-41ACLs and Bridged Packets 38-42ACLs and Routed Packets 38-43ACLs and Multicast Packets 38-43

Displaying IPv4 ACL Configuration 38-44

C H A P T E R 39 Configuring QoS 39-1

Understanding QoS 39-2Basic QoS Model 39-4

xxxiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Classification 39-5Classification Based on QoS ACLs 39-7Classification Based on Class Maps and Policy Maps 39-8

Policing and Marking 39-9Policing on Physical Ports 39-10Policing on SVIs 39-11

Mapping Tables 39-13Queueing and Scheduling Overview 39-14

Weighted Tail Drop 39-15SRR Shaping and Sharing 39-15Queueing and Scheduling on Ingress Queues 39-16Queueing and Scheduling on Egress Queues 39-19

Packet Modification 39-22

Configuring Auto-QoS 39-23Generated Auto-QoS Configuration 39-24

VOIP Device Specifics 39-24Enhanced Auto-QoS for Video, Trust, and Classification 39-25Auto-QoS Configuration Migration 39-25Global Auto-QoS Configuration 39-26Auto-QoS Generated Configuration For VoIP Devices 39-29Auto-QoS Generated Configuration For Enhanced Video, Trust, and Classify Devices 39-30

Effects of Auto-QoS on the Configuration 39-33Auto-QoS Configuration Guidelines 39-33

Auto-QoS VoIP Considerations 39-34Auto-QoS Enhanced Considerations 39-34

Enabling Auto-QoS 39-34Troubleshooting Auto QoS Commands 39-35

Displaying Auto-QoS Information 39-36

Configuring Standard QoS 39-36Default Standard QoS Configuration 39-37

Default Ingress Queue Configuration 39-37Default Egress Queue Configuration 39-38Default Mapping Table Configuration 39-39

Standard QoS Configuration Guidelines 39-39QoS ACL Guidelines 39-39IPv6 QoS ACL Guidelines 39-39Applying QoS on Interfaces 39-40Configuring IPv6 QoS on Switch Stacks 39-40Policing Guidelines 39-41General QoS Guidelines 39-41

xxxiiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Enabling QoS Globally 39-42Enabling VLAN-Based QoS on Physical Ports 39-42Configuring Classification Using Port Trust States 39-43

Configuring the Trust State on Ports within the QoS Domain 39-43Configuring the CoS Value for an Interface 39-44Configuring a Trusted Boundary to Ensure Port Security 39-45Enabling DSCP Transparency Mode 39-46Configuring the DSCP Trust State on a Port Bordering Another QoS Domain 39-47

Configuring a QoS Policy 39-49Classifying Traffic by Using ACLs 39-49Classifying Traffic by Using Class Maps 39-54Classifying Traffic by Using Class Maps and Filtering IPv6 Traffic 39-57Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps 39-58Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps 39-63Classifying, Policing, and Marking Traffic by Using Aggregate Policers 39-71

Configuring DSCP Maps 39-73Configuring the CoS-to-DSCP Map 39-73Configuring the IP-Precedence-to-DSCP Map 39-74Configuring the Policed-DSCP Map 39-75Configuring the DSCP-to-CoS Map 39-76Configuring the DSCP-to-DSCP-Mutation Map 39-77

Configuring Ingress Queue Characteristics 39-79Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds 39-80Allocating Buffer Space Between the Ingress Queues 39-81Allocating Bandwidth Between the Ingress Queues 39-81Configuring the Ingress Priority Queue 39-82

Configuring Egress Queue Characteristics 39-83Configuration Guidelines 39-84Allocating Buffer Space to and Setting WTD Thresholds for an Egress Queue-Set 39-84Mapping DSCP or CoS Values to an Egress Queue and to a Threshold ID 39-86Configuring SRR Shaped Weights on Egress Queues 39-88Configuring SRR Shared Weights on Egress Queues 39-89Configuring the Egress Expedite Queue 39-89Limiting the Bandwidth on an Egress Interface 39-90

Displaying Standard QoS Information 39-91

C H A P T E R 40 Configuring IPv6 ACLs 40-1

Understanding IPv6 ACLs 40-2Supported ACL Features 40-2

xxxiiiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

IPv6 ACL Limitations 40-3IPv6 ACLs and Switch Stacks 40-3

Configuring IPv6 ACLs 40-4Default IPv6 ACL Configuration 40-4Interaction with Other Features and Switches 40-4Creating IPv6 ACLs 40-5Applying an IPv6 ACL to an Interface 40-7

Displaying IPv6 ACLs 40-8

C H A P T E R 41 Configuring EtherChannels and Link-State Tracking 41-1

Understanding EtherChannels 41-1EtherChannel Overview 41-2Port-Channel Interfaces 41-4Port Aggregation Protocol 41-5

PAgP Modes 41-6PAgP Interaction with Virtual Switches and Dual-Active Detection 41-6PAgP Interaction with Other Features 41-7

Link Aggregation Control Protocol 41-7LACP Modes 41-7LACP Interaction with Other Features 41-8

EtherChannel On Mode 41-8Load-Balancing and Forwarding Methods 41-8EtherChannel and Switch Stacks 41-10

Configuring EtherChannels 41-11Default EtherChannel Configuration 41-11EtherChannel Configuration Guidelines 41-12Configuring Layer 2 EtherChannels 41-13Configuring Layer 3 EtherChannels 41-15

Creating Port-Channel Logical Interfaces 41-15Configuring the Physical Interfaces 41-16

Configuring EtherChannel Load-Balancing 41-18Configuring the PAgP Learn Method and Priority 41-19Configuring LACP Hot-Standby Ports 41-20

Configuring the LACP System Priority 41-21Configuring the LACP Port Priority 41-22

Displaying EtherChannel, PAgP, and LACP Status 41-22

Understanding Link-State Tracking 41-23

Configuring Link-State Tracking 41-25Default Link-State Tracking Configuration 41-26

xxxivCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Link-State Tracking Configuration Guidelines 41-26Configuring Link-State Tracking 41-26Displaying Link-State Tracking Status 41-27

C H A P T E R 42 Configuring TelePresence E911 IP Phone Support 42-1

Understanding TelePresence E911 IP Phone Support 42-1

Configuring TelePresence E911 IP Phone Support 42-2Configuration Guidelines 42-2Enabling TelePresence E911 IP Phone Support 42-3Example 42-3

C H A P T E R 43 Configuring IP Unicast Routing 43-1

Understanding IP Routing 43-2Types of Routing 43-3IP Routing and Switch Stacks 43-3

Steps for Configuring Routing 43-5

Configuring IP Addressing 43-6Default Addressing Configuration 43-6Assigning IP Addresses to Network Interfaces 43-7

Use of Subnet Zero 43-8Classless Routing 43-8

Configuring Address Resolution Methods 43-10Define a Static ARP Cache 43-11Set ARP Encapsulation 43-11Enable Proxy ARP 43-12

Routing Assistance When IP Routing is Disabled 43-12Proxy ARP 43-13Default Gateway 43-13ICMP Router Discovery Protocol (IRDP) 43-13

Configuring Broadcast Packet Handling 43-15Enabling Directed Broadcast-to-Physical Broadcast Translation 43-15Forwarding UDP Broadcast Packets and Protocols 43-16Establishing an IP Broadcast Address 43-17Flooding IP Broadcasts 43-18

Monitoring and Maintaining IP Addressing 43-19

Enabling IP Unicast Routing 43-20

Configuring RIP 43-20Default RIP Configuration 43-21Configuring Basic RIP Parameters 43-22

xxxvCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Configuring RIP Authentication 43-24Configuring Summary Addresses and Split Horizon 43-24Configuring Split Horizon 43-25

Configuring OSPF 43-27Default OSPF Configuration 43-28

OSPF for Routed Access 43-29OSPF Nonstop Forwarding 43-29

Configuring Basic OSPF Parameters 43-31Configuring OSPF Interfaces 43-32Configuring OSPF Area Parameters 43-33Configuring Other OSPF Parameters 43-34Changing LSA Group Pacing 43-36Configuring a Loopback Interface 43-36Monitoring OSPF 43-37

Configuring EIGRP 43-37Default EIGRP Configuration 43-39

EIGRP Nonstop Forwarding 43-40Configuring Basic EIGRP Parameters 43-41Configuring EIGRP Interfaces 43-42Configuring EIGRP Route Authentication 43-43EIGRP Stub Routing 43-44Monitoring and Maintaining EIGRP 43-45

Configuring First Hop Security In IPv6 43-45Understanding First Hop Security in IPv6 43-46

IPv6 Snooping 43-46IPv6 First-Hop Security Binding Table 43-46NDP Address Gleaning 43-47IPv6 DHCP Address Gleaning 43-47IPv6 Data Address Gleaning 43-48IPv6 ND Inspection 43-48IPv6 Device Tracking 43-48IPv6 Port-Based Access List Support 43-48IPv6 Router Advertisement Guard 43-49IPv6 DHCP Guard 43-49IPv6 Source Guard 43-49

Prerequisites for Implementing First Hop Security in IPv6 43-49Restrictions for Implementing First Hop Security in IPv6 43-50How to Implement First Hop Security in IPv6 43-50

Configuring an IPv6 Snooping Policy 43-50

xxxviCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Configuring IPv6 DHCP Guard 43-52Configuring IPv6 Source Guard 43-53

Configuration Examples for Implementing First Hop Security in IPv6 43-53

Configuring BGP 43-55Default BGP Configuration 43-57

Nonstop Forwarding Awareness 43-59Enabling BGP Routing 43-60Managing Routing Policy Changes 43-62Configuring BGP Decision Attributes 43-64Configuring BGP Filtering with Route Maps 43-66Configuring BGP Filtering by Neighbor 43-66Configuring Prefix Lists for BGP Filtering 43-68Configuring BGP Community Filtering 43-69Configuring BGP Neighbors and Peer Groups 43-70Configuring Aggregate Addresses 43-72Configuring Routing Domain Confederations 43-73Configuring BGP Route Reflectors 43-73Configuring Route Dampening 43-74Monitoring and Maintaining BGP 43-75

Configuring ISO CLNS Routing 43-76Configuring IS-IS Dynamic Routing 43-77

Default IS-IS Configuration 43-78Nonstop Forwarding Awareness 43-79Enabling IS-IS Routing 43-79Configuring IS-IS Global Parameters 43-81Configuring IS-IS Interface Parameters 43-83

Monitoring and Maintaining ISO IGRP and IS-IS 43-85

Configuring Multi-VRF CE 43-86Understanding Multi-VRF CE 43-87Default Multi-VRF CE Configuration 43-89Multi-VRF CE Configuration Guidelines 43-89Configuring VRFs 43-90Configuring VRF-Aware Services 43-91

User Interface for ARP 43-91User Interface for PING 43-92User Interface for SNMP 43-92User Interface for HSRP 43-92User Interface for uRPF 43-93User Interface for VRF-Aware RADIUS 43-93

xxxviiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

User Interface for Syslog 43-93User Interface for Traceroute 43-94User Interface for FTP and TFTP 43-94

Configuring Multicast VRFs 43-95Configuring a VPN Routing Session 43-95Configuring BGP PE to CE Routing Sessions 43-96Multi-VRF CE Configuration Example 43-97Displaying Multi-VRF CE Status 43-100

Configuring Unicast Reverse Path Forwarding 43-101

Configuring Protocol-Independent Features 43-101Configuring Distributed Cisco Express Forwarding 43-101Configuring the Number of Equal-Cost Routing Paths 43-103Configuring Static Unicast Routes 43-104Specifying Default Routes and Networks 43-105Using Route Maps to Redistribute Routing Information 43-106Configuring Policy-Based Routing 43-109

PBR Configuration Guidelines 43-110Enabling PBR 43-111

Filtering Routing Information 43-113Setting Passive Interfaces 43-113Controlling Advertising and Processing in Routing Updates 43-114Filtering Sources of Routing Information 43-114

Managing Authentication Keys 43-115

Monitoring and Maintaining the IP Network 43-116

C H A P T E R 44 Configuring IPv6 Unicast Routing 44-1

Understanding IPv6 44-1IPv6 Addresses 44-2Supported IPv6 Unicast Routing Features 44-3

128-Bit Wide Unicast Addresses 44-3DNS for IPv6 44-4Path MTU Discovery for IPv6 Unicast 44-4ICMPv6 44-4Neighbor Discovery 44-4Default Router Preference 44-5IPv6 Stateless Autoconfiguration and Duplicate Address Detection 44-5IPv6 Applications 44-5Dual IPv4 and IPv6 Protocol Stacks 44-5DHCP for IPv6 Address Assignment 44-6Static Routes for IPv6 44-7

xxxviiiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

RIP for IPv6 44-7OSPF for IPv6 44-7OSPFv3 Graceful Restart 44-7Fast Convergence: LSA and SPF Throttling 44-8Authentication Support with IPsec 44-8EIGRP IPv6 44-8HSRP for IPv6 44-9SNMP and Syslog Over IPv6 44-9HTTP(S) Over IPv6 44-9

Unsupported IPv6 Unicast Routing Features 44-10Limitations 44-10IPv6 and Switch Stacks 44-11

Configuring IPv6 44-12Default IPv6 Configuration 44-12Configuring IPv6 Addressing and Enabling IPv6 Routing 44-12Configuring Default Router Preference 44-15Configuring IPv4 and IPv6 Protocol Stacks 44-15Configuring DHCP for IPv6 Address Assignment 44-17

Default DHCPv6 Address Assignment Configuration 44-17DHCPv6 Address Assignment Configuration Guidelines 44-17Enabling DHCPv6 Server Function 44-17Enabling DHCPv6 Client Function 44-19

Configuring IPv6 ICMP Rate Limiting 44-20Configuring CEF and dCEF for IPv6 44-20Configuring Static Routing for IPv6 44-21Configuring RIP for IPv6 44-22Configuring OSPF for IPv6 44-23Tuning LSA and SPF Timers for OSPFv3 Fast Convergence 44-25Configuring LSA and SPF Throttling for OSPFv3 Fast Convergence 44-25Configuring IPSec on OSPFv3 44-26Configuring EIGRP for IPv6 44-26Configuring HSRP for IPv6 44-26

Enabling HSRP Version 2 44-27Enabling an HSRP Group for IPv6 44-27

Displaying IPv6 44-29

C H A P T E R 45 Implementing IPv6 Multicast 45-1

Information About Implementing IPv6 Multicast 45-1IPv6 Multicast Overview 45-1

xxxixCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

IPv6 Multicast Routing Implementation 45-2MLD Access Group 45-3Explicit Tracking of Receivers 45-3IPv6 Multicast User Authentication and Profile Support 45-4IPv6 MLD Proxy 45-4

Protocol Independent Multicast 45-4PIM-Sparse Mode 45-4IPv6 BSR: Configure RP Mapping 45-7PIM-Source Specific Multicast 45-7Routable Address Hello Option 45-9Bidirectional PIM 45-9

Static Mroutes 45-10MRIB 45-10MFIB 45-10

Distributed MFIB 45-10IPv6 Multicast VRF Lite 45-11IPv6 Multicast Process Switching and Fast Switching 45-11Multiprotocol BGP for the IPv6 Multicast Address Family 45-12NSF and SSO Support In IPv6 Multicast 45-12Bandwidth-Based CAC for IPv6 Multicast 45-12

Implementing IPv6 Multicast 45-12Enabling IPv6 Multicast Routing 45-13Customizing and Verifying the MLD Protocol 45-13

Customizing and Verifying MLD on an Interface 45-13Implementing MLD Group Limits 45-15Configuring Explicit Tracking of Receivers to Track Host Behavior 45-16Configuring Multicast User Authentication and Profile Support 45-16Enabling MLD Proxy in IPv6 45-18Resetting the MLD Traffic Counters 45-19Clearing the MLD Interface Counters 45-19

Configuring PIM 45-19Configuring PIM-SM and Displaying PIM-SM Information for a Group Range 45-19Configuring PIM Options 45-21Configuring Bidirectional PIM and Displaying Bidirectional PIM Information 45-22Resetting the PIM Traffic Counters 45-22Clearing the PIM Topology Table to Reset the MRIB Connection 45-23

Configuring a BSR 45-24Configuring a BSR and Verifying BSR Information 45-24Sending PIM RP Advertisements to the BSR 45-25Configuring BSR for Use Within Scoped Zones 45-25

xlCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Configuring BSR Switches to Announce Scope-to-RP Mappings 45-26Configuring SSM Mapping 45-26Configuring Static Mroutes 45-27Using MFIB in IPv6 Multicast 45-28

Verifying MFIB Operation in IPv6 Multicast 45-28Resetting MFIB Traffic Counters 45-29

C H A P T E R 46 Configuring HSRP and VRRP 46-1

Understanding HSRP 46-1HSRP Versions 46-3Multiple HSRP 46-4HSRP and Switch Stacks 46-5

Configuring HSRP 46-5Default HSRP Configuration 46-5HSRP Configuration Guidelines 46-6Enabling HSRP 46-6Configuring HSRP Priority 46-8Configuring MHSRP 46-10Configuring HSRP Authentication and Timers 46-10Enabling HSRP Support for ICMP Redirect Messages 46-12Configuring HSRP Groups and Clustering 46-12Troubleshooting HSRP for Mixed Stacks of Catalyst 3750-X, 3750-E and 3750 Switches 46-12

Displaying HSRP Configurations 46-13

Configuring VRRP 46-13VRRP Limitations 46-13

C H A P T E R 47 Configuring Cisco IOS IP SLAs Operations 47-1

Understanding Cisco IOS IP SLAs 47-2Using Cisco IOS IP SLAs to Measure Network Performance 47-3IP SLAs Responder and IP SLAs Control Protocol 47-4Response Time Computation for IP SLAs 47-4IP SLAs Operation Scheduling 47-5IP SLAs Operation Threshold Monitoring 47-5

Configuring IP SLAs Operations 47-6Default Configuration 47-6Configuration Guidelines 47-6Configuring the IP SLAs Responder 47-7Analyzing IP Service Levels by Using the UDP Jitter Operation 47-8Analyzing IP Service Levels by Using the ICMP Echo Operation 47-11

xliCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Monitoring IP SLAs Operations 47-13

C H A P T E R 48 Configuring Flexible NetFlow 48-1

Understanding Flexible NetFlow 48-1

Configuring Flexible NetFlow 48-2Configuring a Customized Flow Record 48-2Configuring the Flow Exporter 48-5Configuring a Customized Flow Monitor 48-6Applying a Flow Monitor to an Interface 48-7Configuring and Enabling Flow Sampling 48-9

C H A P T E R 49 Configuring Enhanced Object Tracking 49-1

Understanding Enhanced Object Tracking 49-1

Configuring Enhanced Object Tracking Features 49-2Default Configuration 49-2Tracking Interface Line-Protocol or IP Routing State 49-2Configuring a Tracked List 49-3

Configuring a Tracked List with a Boolean Expression 49-4Configuring a Tracked List with a Weight Threshold 49-5Configuring a Tracked List with a Percentage Threshold 49-6

Configuring HSRP Object Tracking 49-7Configuring Other Tracking Characteristics 49-8Configuring IP SLAs Object Tracking 49-8Configuring Static Routing Support 49-10

Configuring a Primary Interface 49-10Configuring a Cisco IP SLAs Monitoring Agent and Track Object 49-11Configuring a Routing Policy and Default Route 49-12

Monitoring Enhanced Object Tracking 49-12

C H A P T E R 50 Configuring Cache Services By Using WCCP 50-1

Understanding WCCP 50-2WCCP Message Exchange 50-2WCCP Negotiation 50-3MD5 Security 50-3Packet Redirection and Service Groups 50-3WCCP and Switch Stacks 50-4Unsupported WCCP Features 50-5

Configuring WCCP 50-5Default WCCP Configuration 50-5

xliiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

WCCP Configuration Guidelines 50-5Enabling the Cache Service 50-6

Monitoring and Maintaining WCCP 50-10

C H A P T E R 51 Configuring IP Multicast Routing 51-1

Understanding Ciscos Implementation of IP Multicast Routing 51-2Understanding IGMP 51-3

IGMP Version 1 51-3IGMP Version 2 51-3

Understanding PIM 51-4PIM Versions 51-4PIM Modes 51-4PIM Stub Routing 51-5IGMP Helper 51-6Auto-RP 51-7Bootstrap Router 51-7Multicast Forwarding and Reverse Path Check 51-8

Understanding DVMRP 51-9Understanding CGMP 51-9

Multicast Routing and Switch Stacks 51-10

Configuring IP Multicast Routing 51-10Default Multicast Routing Configuration 51-11Multicast Routing Configuration Guidelines 51-11

PIMv1 and PIMv2 Interoperability 51-11Auto-RP and BSR Configuration Guidelines 51-12

Configuring Basic Multicast Routing 51-12Configuring Source-Specific Multicast 51-14

SSM Components Overview 51-14How SSM Differs from Internet Standard Multicast 51-14SSM IP Address Range 51-15SSM Operations 51-15IGMPv3 Host Signalling 51-15Configuration Guidelines 51-16Configuring SSM 51-17Monitoring SSM 51-17

Configuring Source Specific Multicast Mapping 51-17SSM Mapping Configuration Guidelines and Restrictions 51-17SSM Mapping Overview 51-18Configuring SSM Mapping 51-19

xliiiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Monitoring SSM Mapping 51-22Configuring PIM Stub Routing 51-22

PIM Stub Routing Configuration Guidelines 51-22Enabling PIM Stub Routing 51-23

Configuring a Rendezvous Point 51-24Manually Assigning an RP to Multicast Groups 51-24Configuring Auto-RP 51-26Configuring PIMv2 BSR 51-30

Using Auto-RP and a BSR 51-34Monitoring the RP Mapping Information 51-35Troubleshooting PIMv1 and PIMv2 Interoperability Problems 51-35

Configuring Advanced PIM Features 51-35Understanding PIM Shared Tree and Source Tree 51-35Delaying the Use of PIM Shortest-Path Tree 51-37Modifying the PIM Router-Query Message Interval 51-38

Configuring Optional IGMP Features 51-38Default IGMP Configuration 51-39Configuring the Switch as a Member of a Group 51-39Controlling Access to IP Multicast Groups 51-40Changing the IGMP Version 51-41Modifying the IGMP Host-Query Message Interval 51-42Changing the IGMP Query Timeout for IGMPv2 51-42Changing the Maximum Query Response Time for IGMPv2 51-43Configuring the Switch as a Statically Connected Member 51-44

Configuring Optional Multicast Routing Features 51-44Enabling CGMP Server Support 51-45Configuring sdr Listener Support 51-46

Enabling sdr Listener Support 51-46Limiting How Long an sdr Cache Entry Exists 51-46

Configuring an IP Multicast Boundary 51-47

Configuring Basic DVMRP Interoperability Features 51-49Configuring DVMRP Interoperability 51-49Configuring a DVMRP Tunnel 51-51Advertising Network 0.0.0.0 to DVMRP Neighbors 51-53Responding to mrinfo Requests 51-54

Configuring Advanced DVMRP Interoperability Features 51-54Enabling DVMRP Unicast Routing 51-54Rejecting a DVMRP Nonpruning Neighbor 51-55Controlling Route Exchanges 51-58

xlivCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Limiting the Number of DVMRP Routes Advertised 51-58Changing the DVMRP Route Threshold 51-58Configuring a DVMRP Summary Address 51-59Disabling DVMRP Autosummarization 51-61Adding a Metric Offset to the DVMRP Route 51-62

Monitoring and Maintaining IP Multicast Routing 51-63Clearing Caches, Tables, and Databases 51-63Displaying System and Network Statistics 51-63Monitoring IP Multicast Routing 51-64

C H A P T E R 52 Configuring MSDP 52-1

Understanding MSDP 52-1MSDP Operation 52-2MSDP Benefits 52-3

Configuring MSDP 52-3Default MSDP Configuration 52-4Configuring a Default MSDP Peer 52-4Caching Source-Active State 52-6Requesting Source Information from an MSDP Peer 52-8Controlling Source Information that Your Switch Originates 52-8

Redistributing Sources 52-9Filtering Source-Active Request Messages 52-11

Controlling Source Information that Your Switch Forwards 52-12Using a Filter 52-12Using TTL to Limit the Multicast Data Sent in SA Messages 52-14

Controlling Source Information that Your Switch Receives 52-14Configuring an MSDP Mesh Group 52-16Shutting Down an MSDP Peer 52-16Including a Bordering PIM Dense-Mode Region in MSDP 52-17Configuring an Originating Address other than the RP Address 52-18

Monitoring and Maintaining MSDP 52-19

C H A P T E R 53 Configuring Fallback Bridging 53-1

Understanding Fallback Bridging 53-1Fallback Bridging Overview 53-1Fallback Bridging and Switch Stacks 53-3

Configuring Fallback Bridging 53-3Default Fallback Bridging Configuration 53-3Fallback Bridging Configuration Guidelines 53-4

xlvCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Creating a Bridge Group 53-4Adjusting Spanning-Tree Parameters 53-5

Changing the VLAN-Bridge Spanning-Tree Priority 53-6Changing the Interface Priority 53-6Assigning a Path Cost 53-7Adjusting BPDU Intervals 53-7Disabling the Spanning Tree on an Interface 53-9

Monitoring and Maintaining Fallback Bridging 53-10

C H A P T E R 54 Troubleshooting 54-1

Recovering from a Software Failure 54-2

Recovering from a Lost or Forgotten Password 54-3Procedure with Password Recovery Enabled 54-5Procedure with Password Recovery Disabled 54-6

Preventing Switch Stack Problems 54-8

Recovering from a Command Switch Failure 54-9Replacing a Failed Command Switch with a Cluster Member 54-9Replacing a Failed Command Switch with Another Switch 54-11

Recovering from Lost Cluster Member Connectivity 54-12

Preventing Autonegotiation Mismatches 54-13

Troubleshooting Power over Ethernet Switch Ports 54-13Disabled Port Caused by Power Loss 54-13Disabled Port Caused by False Link Up 54-14

SFP Module Security and Identification 54-14

Monitoring SFP Module Status 54-14

Monitoring Temperature 54-15

Using Ping 54-15Understanding Ping 54-15Executing Ping 54-15

Using Layer 2 Traceroute 54-16Understanding Layer 2 Traceroute 54-16Usage Guidelines 54-17Displaying the Physical Path 54-17

Using IP Traceroute 54-18Understanding IP Traceroute 54-18Executing IP Traceroute 54-18

Using TDR 54-19Understanding TDR 54-19

xlviCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Running TDR and Displaying the Results 54-20

Using Debug Commands 54-20Enabling Debugging on a Specific Feature 54-21Enabling All-System Diagnostics 54-21Redirecting Debug and Error Message Output 54-22

Using the show platform forward Command 54-22

Using the crashinfo Files 54-24Basic crashinfo Files 54-25Extended crashinfo Files 54-25

Using Memory Consistency Check Routines 54-26

Using On-Board Failure Logging 54-26Understanding OBFL 54-27Configuring OBFL 54-27Displaying OBFL Information 54-28

Troubleshooting Tables 54-29Troubleshooting CPU Utilization 54-29

Possible Symptoms of High CPU Utilization 54-29Verifying the Problem and Cause 54-29

Troubleshooting Power over Ethernet (PoE) 54-31Troubleshooting Stackwise (Catalyst 3750-X Switches Only) 54-34

C H A P T E R 55 Configuring Online Diagnostics 55-1

Understanding Online Diagnostics 55-1

Configuring Online Diagnostics 55-1Scheduling Online Diagnostics 55-2Configuring Health-Monitoring Diagnostics 55-2

Running Online Diagnostic Tests 55-4Starting Online Diagnostic Tests 55-5Displaying Online Diagnostic Tests and Test Results 55-5

A P P E N D I X A Working with the Cisco IOS File System, Configuration Files, and Software Images A-1

Working with the Flash File System A-1Displaying Available File Systems A-2Setting the Default File System A-3Displaying Information about Files on a File System A-3Changing Directories and Displaying the Working Directory A-4Creating and Removing Directories A-5Copying Files A-5

xlviiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Deleting Files A-6Creating, Displaying, and Extracting Files A-6

Working with Configuration Files A-9Guidelines for Creating and Using Configuration Files A-10Configuration File Types and Location A-10Creating a Configuration File By Using a Text Editor A-11Copying Configuration Files By Using TFTP A-11

Preparing to Download or Upload a Configuration File By Using TFTP A-11Downloading the Configuration File By Using TFTP A-12Uploading the Configuration File By Using TFTP A-13

Copying Configuration Files By Using FTP A-13Preparing to Download or Upload a Configuration File By Using FTP A-14Downloading a Configuration File By Using FTP A-14Uploading a Configuration File By Using FTP A-16

Copying Configuration Files By Using RCP A-17Preparing to Download or Upload a Configuration File By Using RCP A-17Downloading a Configuration File By Using RCP A-18Uploading a Configuration File By Using RCP A-19

Clearing Configuration Information A-20Clearing the Startup Configuration File A-20Deleting a Stored Configuration File A-20

Replacing and Rolling Back Configurations A-20Understanding Configuration Replacement and Rollback A-21Configuration Guidelines A-22Configuring the Configuration Archive A-23Performing a Configuration Replacement or Rollback Operation A-23

Working with Software Images A-25Image Location on the Switch A-26File Format of Images on a Server or Cisco.com A-26Copying Image Files By Using TFTP A-27

Preparing to Download or Upload an Image File By Using TFTP A-28Downloading an Image File By Using TFTP A-28Uploading an Image File By Using TFTP A-30

Copying Image Files By Using FTP A-31Preparing to Download or Upload an Image File By Using FTP A-31Downloading an Image File By Using FTP A-32Uploading an Image File By Using FTP A-34

Copying Image Files By Using RCP A-35Preparing to Download or Upload an Image File By Using RCP A-36Downloading an Image File By Using RCP A-37

xlviiiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Uploading an Image File By Using RCP A-38Copying an Image File from One Stack Member to Another A-39Software for the Network Services Module Software A-40

A P P E N D I X B Unsupported Commands in Cisco IOS Release 15.0(2)SE B-1

Access Control Lists B-1Unsupported Privileged EXEC Commands B-1Unsupported Global Configuration Commands B-1Unsupported Route-Map Configuration Commands B-2

Archive Commands B-2Unsupported Privileged EXEC Commands B-2

ARP Commands B-2Unsupported Global Configuration Commands B-2Unsupported Interface Configuration Commands B-2

Boot Loader Commands B-2Unsupported User EXEC Commands B-2Unsupported Global Configuration Commands B-2

Debug Commands B-3Unsupported Privileged EXEC Commands B-3

Embedded Event Manager B-3Unsupported Privileged EXEC Commands B-3Unsupported Global Configuration Commands B-3Unsupported Commands in Applet Configuration Mode B-3Unsupported Commands in Event Trigger Configuration Mode B-4

Embedded Syslog Manager B-4Unsupported Global Configuration Commands B-4Unsupported Privileged EXEC Commands B-4

Fallback Bridging B-4Unsupported Privileged EXEC Commands B-4Unsupported Global Configuration Commands B-4Unsupported Interface Configuration Commands B-5

HSRP B-6Unsupported Global Configuration Commands B-6Unsupported Interface Configuration Commands B-6

IGMP Snooping Commands B-6Unsupported Global Configuration Commands B-6

Interface Commands B-6Unsupported Privileged EXEC Commands B-6

xlixCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

Unsupported Global Configuration Commands B-6Unsupported Interface Configuration Commands B-7

IP Multicast Routing B-8Unsupported Privileged EXEC Commands B-8Unsupported Global Configuration Commands B-8Unsupported Interface Configuration Commands B-8

IP Unicast Routing B-9Unsupported Privileged EXEC or User EXEC Commands B-9Unsupported Global Configuration Commands B-9Unsupported Interface Configuration Commands B-10Unsupported BGP Router Configuration Commands B-10Unsupported VPN Configuration Commands B-10Unsupported Route Map Commands B-10

MAC Address Commands B-11Unsupported Privileged EXEC Commands B-11Unsupported Global Configuration Commands B-11

Miscellaneous B-11Unsupported User EXEC Commands B-11Unsupported Privileged EXEC Commands B-12Unsupported Global Configuration Commands B-12

MSDP B-12Unsupported Privileged EXEC Commands B-12Unsupported Global Configuration Commands B-12

Multicast B-13Unsupported BiDirectional PIM Commands B-13Unsupported Multicast Routing Manager Commands B-13Unsupported IP Multicast Rate Limiting Commands B-13Unsupported UDLR Commands B-13Unsupported Multicast Over GRE Commands B-13

NetFlow Commands B-13Unsupported Global Configuration Commands B-13

Network Address Translation (NAT) Commands B-13Unsupported Privileged EXEC Commands B-13

QoS B-14Unsupported Global Configuration Command B-14Unsupported Interface Configuration Commands B-14Unsupported Policy-Map Configuration Command B-14

RADIUS B-14Unsupported Global Configuration Commands B-14

lCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

SNMP B-14Unsupported Global Configuration Commands B-14

Spanning Tree B-15Unsupported Global Configuration Command B-15Unsupported Interface Configuration Command B-15

VLAN B-15Unsupported Global Configuration Command B-15Unsupported User EXEC Commands B-15

VTP B-15Unsupported Privileged EXEC Command B-15

I N D E X

liCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Contents

liiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

Preface

AudienceThis guide is for the networking professional managing the standalone Catalyst 3750-X or 3560-X switch or the Catalyst 3750-X switch stack, referred to as the switch. Before using this guide, you should have experience working with the Cisco IOS software and be familiar with the concepts and terminology of Ethernet and local area networking.

PurposeThis guide provides procedures for using the commands that have been created or changed for use with the Catalyst 3750-X or 3560-X switches. It does not provide detailed information about these commands.

For detailed information about these commands, see the command reference for this release.

For information about the standard Cisco IOS commands, see the Cisco IOS Master Command List, All Releases from the Cisco IOS Software Releases 15.0 Mainline Master Index page on Cisco.com:http://www.cisco.com/en/US/products/ps10591/products_product_indices_list.html

This guide does not provide detailed information on the GUIs for the embedded device manager or for Cisco Network Assistant (hereafter referred to as Network Assistant) that you can use to manage the switch. However, the concepts in this guide are applicable to the GUI user. For information about the device manager, see the switch online help. For information about Network Assistant, see Getting Started with Cisco Network Assistant, available on Cisco.com.

This guide does not describe system messages you might encounter or how to install your switch. For more information, see the system message guide for this release and the Catalyst 3750-X and 3560-X Switch Hardware Installation Guide.

For documentation updates, see the release notes for this release.

liiiCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

http://www.cisco.com/en/US/products/ps10591/products_product_indices_list.html

Preface

ConventionsThis publication uses these conventions to convey instructions and information:

Command descriptions use these conventions:

Commands and keywords are in boldface text.

Arguments for which you supply values are in italic.

Square brackets ([ ]) mean optional elements.

Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.

Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional element.

Interactive examples use these conventions:

Terminal sessions and system displays are in screen font.

Information you enter is in boldface screen font.

Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).

Notes, cautions, and timesavers use these conventions and symbols:

Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in this manual.

Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.

Related PublicationsDocuments with complete information about the switch are available from these Cisco.com sites:

Catalyst 3750-Xhttp://www.cisco.com/en/US/products/ps10745/tsd_products_support_series_home.html

Catalyst 3560-Xhttp://www.cisco.com/en/US/products/ps10744/tsd_products_support_series_home.html

Note Before installing, configuring, or upgrading the switch, see these documents:

For initial configuration information, see the Using Express Setup section in the getting started guide or the Configuring the Switch with the CLI-Based Setup Program appendix in the hardware installation guide.

For device manager requirements, see the System Requirements section in the release notes.

For Network Assistant requirements, see the Getting Started with Cisco Network Assistant.

For cluster requirements, see the Release Notes for Cisco Network Assistant.

For upgrading information, see the Downloading Software section in the release notes.

livCatalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-02

http://www.cisco.com/en/US/products/ps10745/tsd_products_support_series_home.htmlhttp://www.cisco.com/en/US/products/ps10745/tsd_products_support_series_home.htmlhttp://www.cisco.com/en/US/products/ps10744/tsd_products_support_series_home.htmlhttp://www.cisco.com/en/US/products/ps10744/tsd_products_support_series_home.html

Preface

For more information, see these documents on Cisco.com.

Release Notes for the Catalyst 3750-X and 3560-X Switch

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

Catalyst 3750-X and 3560-X Switch Command Reference

Catalyst 3750-X, 3750-E, 3560-X, and 3560-E Switch System Message Guide

Cisco IOS Software Installation Document

Catalyst 3750-X and 3560-X Switch Getting Started Guide

Catalyst 3750-X and 3560-X Switch Hardware Installation Guide

Regulatory Compliance and Safety Information for the Catalyst 3750-X and 3560-X Switch

Installation Notes for the Catalyst 3750-X, Catalyst 3560-X Switch Power Supply Modules

Installation Notes for the Catalyst 3750-X and 3560-X Switch Fan Module

Installation Notes for the Catalyst 3750-X and 3560-X Switch Network Modules

Cisco Expandable Power System XPS-2200 Hardware Installation Guide

Regulatory Compliance and Safety Information for the Cisco Expandable Power System XPS-2200

Auto Smartports Configuration Guide

Cisco EnergyWise IOS Configuration Guide

Getting Started with Cisco Network Assistant

Release Notes for Cisco Network Assistant

Information about Cisco SFP and SFP+ modules is available from this Cisco.com site:

http://www.cisco.com/en/US/products/hw/modules/ps5455/prod_installation_guides_list.html

SFP compatibility matrix documents are available from this Cisco.com site:

http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html

For information about the Network Admission Control (NAC) features, see the Network Admission Control Softwa