Cisco 3750 - Catalyst EMI Switch Software Configuration Manual

Corporate Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 526-4100

Catalyst 3750 Metro Switch

Software Configuration Guide

Cisco IOS Release 12.1(14)AX

January 2004

Customer Order Number: DOC-7815870=

Text Part Number: 78-15870-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL

STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT

WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT

SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE

OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH

ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT

LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF

DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,

WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO

OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.;

Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE,

CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems

logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ

Net Readiness Scorecard, LightStream, MGX, MICA, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX,

Registrar, ScriptShare, SlideCast, SMARTnet, StrataView Plus, Stratm, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO

are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.

All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship

between Cisco and any other company. (0304R)

Catalyst 3750 Metro Switch Software Configuration Guide

iii

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

CONTENTS

Preface xxxiii

Audience xxxiii

Purpose xxxiii

Conventions xxxiv

Related Publications xxxv

Obtaining Documentation xxxv

Cisco.com xxxv

Ordering Documentation xxxvi

Documentation Feedback xxxvi

Obtaining Technical Assistance xxxvi

Cisco TAC Website xxxvi

Opening a TAC Case xxxvii

TAC Case Priority Definitions xxxvii

Obtaining Additional Publications and Information xxxviii

CHAPTER

1 Overview 1-1

Features 1-1

Default Settings After Initial Switch Configuration 1-8

Network Configuration Examples 1-11

Multidwelling or Ethernet-to-the Subscriber Network 1-11

Ethernet Broadband Aggregation Network 1-13

Layer 2 VPN Application 1-14

Layer 3 VPN Application 1-15

Where to Go Next 1-16

CHAPTER

2 Using the Command-Line Interface 2-1

Understanding Command Modes 2-1

Understanding the Help System 2-3

Understanding Abbreviated Commands 2-4

Understanding no and default Forms of Commands 2-4

Understanding CLI Error Messages 2-5

Contents

iv

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

Using Command History 2-5

Changing the Command History Buffer Size 2-5

Recalling Commands 2-6

Disabling the Command History Feature 2-6

Using Editing Features 2-6

Enabling and Disabling Editing Features 2-7

Editing Commands through Keystrokes 2-7

Editing Command Lines that Wrap 2-8

Searching and Filtering Output of show and more Commands 2-9

Accessing the CLI 2-9

Accessing the CLI through a Console Connection or through Telnet 2-10

Accessing the CLI from a Browser 2-10

CHAPTER

3 Assigning the Switch IP Address and Default Gateway 3-1

Understanding the Boot Process 3-1

Assigning Switch Information 3-2

Default Switch Information 3-3

Understanding DHCP-Based Autoconfiguration 3-3

DHCP Client Request Process 3-4

Configuring DHCP-Based Autoconfiguration 3-4

Configuring the DHCP Server 3-5

Configuring the TFTP Server 3-5

Configuring the DNS 3-6

Configuring the Relay Device 3-6

Obtaining Configuration Files 3-7

Example Configuration 3-8

Manually Assigning IP Information 3-9

Checking and Saving the Running Configuration 3-10

Modifying the Startup Configuration 3-10

Default Boot Configuration 3-11

Automatically Downloading a Configuration File 3-11

Specifying the Filename to Read and Write the System Configuration 3-11

Booting Manually 3-12

Booting a Specific Software Image 3-12

Controlling Environment Variables 3-13

Scheduling a Reload of the Software Image 3-15

Configuring a Scheduled Reload 3-15

Displaying Scheduled Reload Information 3-16

Contents

v

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

CHAPTER

4 Configuring IE2100 CNS Agents 4-1

Understanding IE2100 Series Configuration Registrar Software 4-1

CNS Configuration Service 4-2

CNS Event Service 4-3

NameSpace Mapper 4-3

Configuration Registrar and ConfigID, DeviceID, and Host Name 4-3

ConfigID 4-3

DeviceID 4-4

Host Name and DeviceID 4-4

Using Host Name, DeviceID, and ConfigID 4-4

Understanding CNS Embedded Agents 4-5

Initial Configuration 4-5

Incremental (Partial) Configuration 4-6

Synchronized Configuration 4-6

Configuring CNS Embedded Agents 4-6

Enabling Automated CNS Configuration 4-6

Enabling the CNS Event Agent 4-8

Enabling the CNS Configuration Agent 4-9

Enabling an Initial Configuration 4-9

Enabling a Partial Configuration 4-11

Displaying CNS Configuration 4-12

CHAPTER

5 Administering the Switch 5-1

Managing the System Time and Date 5-1

Understanding the System Clock 5-2

Understanding Network Time Protocol 5-2

Configuring NTP 5-4

Default NTP Configuration 5-4

Configuring NTP Authentication 5-5

Configuring NTP Associations 5-6

Configuring NTP Broadcast Service 5-7

Configuring NTP Access Restrictions 5-8

Configuring the Source IP Address for NTP Packets 5-10

Displaying the NTP Configuration 5-11

Configuring Time and Date Manually 5-11

Setting the System Clock 5-11

Displaying the Time and Date Configuration 5-12

Configuring the Time Zone 5-12

Configuring Summer Time (Daylight Saving Time) 5-13

Contents

vi

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

Configuring a System Name and Prompt 5-15

Default System Name and Prompt Configuration 5-15

Configuring a System Name 5-15

Configuring a System Prompt 5-16

Understanding DNS 5-16

Default DNS Configuration 5-17

Setting Up DNS 5-17

Displaying the DNS Configuration 5-18

Creating a Banner 5-18

Default Banner Configuration 5-18

Configuring a Message-of-the-Day Login Banner 5-19

Configuring a Login Banner 5-20

Managing the MAC Address Table 5-20

Building the Address Table 5-21

MAC Addresses and VLANs 5-21

Default MAC Address Table Configuration 5-21

Changing the Address Aging Time 5-22

Removing Dynamic Address Entries 5-22

Configuring MAC Address Notification Traps 5-23

Adding and Removing Static Address Entries 5-24

Displaying Address Table Entries 5-25

Managing the ARP Table 5-26

CHAPTER

6 Configuring SDM Templates 6-1

Understanding the SDM Templates 6-1

Configuring the Switch SDM Template 6-2

Default SDM Template 6-2

SDM Template Configuration Guidelines 6-3

Setting the SDM Template 6-3

Displaying the SDM Templates 6-4

CHAPTER

7 Configuring Switch-Based Authentication 7-1

Preventing Unauthorized Access to Your Switch 7-1

Protecting Access to Privileged EXEC Commands 7-2

Default Password and Privilege Level Configuration 7-2

Setting or Changing a Static Enable Password 7-3

Protecting Enable and Enable Secret Passwords with Encryption 7-3

Disabling Password Recovery 7-5

Setting a Telnet Password for a Terminal Line 7-6

Contents

vii

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

Configuring Username and Password Pairs 7-6

Configuring Multiple Privilege Levels 7-8

Setting the Privilege Level for a Command 7-8

Changing the Default Privilege Level for Lines 7-9

Logging into and Exiting a Privilege Level 7-10

Controlling Switch Access with TACACS+ 7-10

Understanding TACACS+ 7-10

TACACS+ Operation 7-12

Configuring TACACS+ 7-12

Default TACACS+ Configuration 7-13

Identifying the TACACS+ Server Host and Setting the Authentication Key 7-13

Configuring TACACS+ Login Authentication 7-14

Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 7-16

Starting TACACS+ Accounting 7-16

Displaying the TACACS+ Configuration 7-17

Controlling Switch Access with RADIUS 7-17

Understanding RADIUS 7-18

RADIUS Operation 7-19

Configuring RADIUS 7-20

Default RADIUS Configuration 7-20

Identifying the RADIUS Server Host 7-20

Configuring RADIUS Login Authentication 7-23

Defining AAA Server Groups 7-25

Configuring RADIUS Authorization for User Privileged Access and Network Services 7-27

Starting RADIUS Accounting 7-28

Configuring Settings for All RADIUS Servers 7-28

Configuring the Switch to Use Vendor-Specific RADIUS Attributes 7-29

Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 7-30

Displaying the RADIUS Configuration 7-31

Controlling Switch Access with Kerberos 7-31

Understanding Kerberos 7-32

Kerberos Operation 7-34

Authenticating to a Boundary Switch 7-34

Obtaining a TGT from a KDC 7-35

Authenticating to Network Services 7-35

Configuring Kerberos 7-35

Configuring the Switch for Local Authentication and Authorization 7-36

Contents

viii

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

Configuring the Switch for Secure Shell 7-37

Understanding SSH 7-37

Configuring SSH 7-37

CHAPTER

8 Configuring 802.1x Port-Based Authentication 8-1

Understanding 802.1x Port-Based Authentication 8-1

Device Roles 8-2

Authentication Initiation and Message Exchange 8-3

Ports in Authorized and Unauthorized States 8-4

Supported Topologies 8-5

Using 802.1x with Port Security 8-6

Using 802.1x with Voice VLAN Ports 8-6

Using 802.1x with VLAN Assignment 8-7

Using 802.1x with Guest VLAN 8-8

Using 802.1x with Per-User ACLs 8-8

Configuring 802.1x Authentication 8-9

Default 802.1x Configuration 8-10

802.1x Configuration Guidelines 8-11

Configuring 802.1x Authentication 8-11

Configuring the Switch-to-RADIUS-Server Communication 8-13

Configuring Periodic Re-Authentication 8-14

Manually Re-Authenticating a Client Connected to a Port 8-14

Changing the Quiet Period 8-15

Changing the Switch-to-Client Retransmission Time 8-15

Setting the Switch-to-Client Frame-Retransmission Number 8-16

Configuring the Host Mode 8-17

Configuring a Guest VLAN 8-18

Resetting the 802.1x Configuration to the Default Values 8-18

Displaying 802.1x Statistics and Status 8-19

CHAPTER

9 Configuring Interface Characteristics 9-1

Understanding Interface Types 9-1

Port-Based VLANs 9-2

Switch Ports 9-2

Access Ports 9-2

Trunk Ports 9-3

Tunnel Ports 9-3

Routed Ports 9-4

Switch Virtual Interfaces 9-4

Contents

ix

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

EtherChannel Port Groups 9-5

Connecting Interfaces 9-5

Using Interface Configuration Mode 9-6

Procedures for Configuring Interfaces 9-7

Configuring a Range of Interfaces 9-8

Configuring and Using Interface Range Macros 9-9

Configuring Ethernet Interfaces 9-11

Default Ethernet Interface Configuration 9-11

Configuring Interface Speed and Duplex Mode 9-12

Configuration Guidelines 9-13

Setting the Interface Speed and Duplex Parameters 9-13

Configuring IEEE 802.3z Flow Control 9-15

Configuring Auto-MDIX on a Port 9-16

Adding a Description for an Interface 9-17

Configuring Layer 3 Interfaces 9-18

Configuring the System MTU 9-19

Monitoring and Maintaining the Interfaces 9-20

Monitoring Interface Status 9-20

Clearing and Resetting Interfaces and Counters 9-21

Shutting Down and Restarting the Interface 9-22

CHAPTER

10 Configuring VLANs 10-1

Understanding VLANs 10-1

Supported VLANs 10-3

VLAN Port Membership Modes 10-3

Configuring Normal-Range VLANs 10-4

Token Ring VLANs 10-6

Normal-Range VLAN Configuration Guidelines 10-6

VLAN Configuration Mode Options 10-7

VLAN Configuration in config-vlan Mode 10-7

VLAN Configuration in VLAN Database Configuration Mode 10-7

Saving VLAN Configuration 10-7

Default Ethernet VLAN Configuration 10-8

Creating or Modifying an Ethernet VLAN 10-9

Deleting a VLAN 10-11

Assigning Static-Access Ports to a VLAN 10-11

Contents

x

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

Configuring Extended-Range VLANs 10-12

Default VLAN Configuration 10-13

Extended-Range VLAN Configuration Guidelines 10-13

Creating an Extended-Range VLAN 10-14

Creating an Extended-Range VLAN with an Internal VLAN ID 10-15

Displaying VLANs 10-16

Configuring VLAN Trunks 10-16

Trunking Overview 10-16

Encapsulation Types 10-18

802.1Q Configuration Considerations 10-19

Default Layer 2 Ethernet Interface VLAN Configuration 10-19

Configuring an Ethernet Interface as a Trunk Port 10-20

Interaction with Other Features 10-20

Configuring a Trunk Port 10-21

Defining the Allowed VLANs on a Trunk 10-22

Changing the Pruning-Eligible List 10-23

Configuring the Native VLAN for Untagged Traffic 10-24

Configuring Trunk Ports for Load Sharing 10-24

Load Sharing Using STP Port Priorities 10-25

Load Sharing Using STP Path Cost 10-26

Configuring VMPS 10-28

Understanding VMPS 10-28

Dynamic-Access Port VLAN Membership 10-29

Default VMPS Client Configuration 10-29

VMPS Configuration Guidelines 10-29

Configuring the VMPS Client 10-30

Entering the IP Address of the VMPS 10-30

Configuring Dynamic-Access Ports on VMPS Clients 10-31

Reconfirming VLAN Memberships 10-31

Changing the Reconfirmation Interval 10-32

Changing the Retry Count 10-32

Monitoring the VMPS 10-33

Troubleshooting Dynamic-Access Port VLAN Membership 10-33

VMPS Configuration Example 10-34

Contents

xi

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

CHAPTER

11 Configuring VTP 11-1

Understanding VTP 11-1

The VTP Domain 11-2

VTP Modes 11-3

VTP Advertisements 11-3

VTP Version 2 11-4

VTP Pruning 11-4

Configuring VTP 11-6

Default VTP Configuration 11-6

VTP Configuration Options 11-7

VTP Configuration in Global Configuration Mode 11-7

VTP Configuration in VLAN Database Configuration Mode 11-7

VTP Configuration Guidelines 11-8

Domain Names 11-8

Passwords 11-8

VTP Version 11-8

Configuration Requirements 11-9

Configuring a VTP Server 11-9

Configuring a VTP Client 11-11

Disabling VTP (VTP Transparent Mode) 11-12

Enabling VTP Version 2 11-13

Enabling VTP Pruning 11-14

Adding a VTP Client Switch to a VTP Domain 11-15

Monitoring VTP 11-16

CHAPTER

12 Configuring Voice VLAN 12-1

Understanding Voice VLAN 12-1

Cisco IP Phone Voice Traffic 12-2

Cisco IP Phone Data Traffic 12-2

Configuring Voice VLAN 12-3

Default Voice VLAN Configuration 12-3

Voice VLAN Configuration Guidelines 12-3

Configuring a Port Connected to a Cisco 7960 IP Phone 12-4

Configuring IP Phone Voice Traffic 12-4

Configuring the Priority of Incoming Data Frames 12-5

Displaying Voice VLAN 12-6

Contents

xii

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

CHAPTER

13 Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling 13-1

Understanding 802.1Q Tunneling 13-2

Configuring 802.1Q Tunneling 13-4

Default 802.1Q Tunneling Configuration 13-4

802.1Q Tunneling Configuration Guidelines 13-4

Native VLANs 13-4

System MTU 13-5

802.1Q Tunneling and Other Features 13-6

Configuring an 802.1Q Tunneling Port 13-6

Configuring VLAN Mapping 13-7

Default VLAN Mapping Configuration 13-8

Mapping Customer VLANs to Service-Provider VLANs 13-8

Mapping Customer 802.1Q Traffic with VLAN IDs 13-9

Understanding Layer 2 Protocol Tunneling 13-10

Configuring Layer 2 Protocol Tunneling 13-12

Default Layer 2 Protocol Tunneling Configuration 13-13

Layer 2 Protocol Tunneling Configuration Guidelines 13-13

Configuring Layer 2 Tunneling 13-14

Monitoring and Maintaining Tunneling and Mapping Status 13-16

CHAPTER

14 Configuring STP 14-1

Understanding Spanning-Tree Features 14-1

STP Overview 14-2

Spanning-Tree Topology and BPDUs 14-3

Bridge ID, Switch Priority, and Extended System ID 14-4

Spanning-Tree Interface States 14-4

Blocking State 14-5

Listening State 14-6

Learning State 14-6

Forwarding State 14-6

Disabled State 14-7

How a Switch or Port Becomes the Root Switch or Root Port 14-7

Spanning Tree and Redundant Connectivity 14-8

Spanning-Tree Address Management 14-8

Accelerated Aging to Retain Connectivity 14-8

Spanning-Tree Modes and Protocols 14-9

Supported Spanning-Tree Instances 14-10

Spanning-Tree Interoperability and Backward Compatibility 14-10

STP and IEEE 802.1Q Trunks 14-10

Contents

xiii

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

VLAN-Bridge Spanning Tree 14-11

Configuring Spanning-Tree Features 14-11

Default Spanning-Tree Configuration 14-11

Spanning-Tree Configuration Guidelines 14-12

Changing the Spanning-Tree Mode 14-13

Disabling Spanning Tree 14-14

Configuring the Root Switch 14-14

Configuring a Secondary Root Switch 14-16

Configuring Port Priority 14-17

Configuring Path Cost 14-18

Configuring the Switch Priority of a VLAN 14-19

Configuring Spanning-Tree Timers 14-20

Configuring the Hello Time 14-20

Configuring the Forwarding-Delay Time for a VLAN 14-21

Configuring the Maximum-Aging Time for a VLAN 14-21

Displaying the Spanning-Tree Status 14-22

CHAPTER

15 Configuring MSTP 15-1

Understanding MSTP 15-2

Multiple Spanning-Tree Regions 15-2

IST, CIST, and CST 15-3

Operations Within an MST Region 15-3

Operations Between MST Regions 15-4

Hop Count 15-5

Boundary Ports 15-5

Interoperability with 802.1D STP 15-5

Understanding RSTP 15-6

Port Roles and the Active Topology 15-6

Rapid Convergence 15-7

Synchronization of Port Roles 15-8

Bridge Protocol Data Unit Format and Processing 15-9

Processing Superior BPDU Information 15-10

Processing Inferior BPDU Information 15-10

Topology Changes 15-10

Configuring MSTP Features 15-11

Default MSTP Configuration 15-12

MSTP Configuration Guidelines 15-12

Specifying the MST Region Configuration and Enabling MSTP 15-13

Configuring the Root Switch 15-14

Contents

xiv

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

Configuring a Secondary Root Switch 15-16

Configuring Port Priority 15-17

Configuring Path Cost 15-18

Configuring the Switch Priority 15-19

Configuring the Hello Time 15-19

Configuring the Forwarding-Delay Time 15-20

Configuring the Maximum-Aging Time 15-21

Configuring the Maximum-Hop Count 15-21

Specifying the Link Type to Ensure Rapid Transitions 15-22

Restarting the Protocol Migration Process 15-22

Displaying the MST Configuration and Status 15-23

CHAPTER

16 Configuring Optional Spanning-Tree Features 16-1

Understanding Optional Spanning-Tree Features 16-1

Understanding Port Fast 16-2

Understanding BPDU Guard 16-3

Understanding BPDU Filtering 16-3

Understanding UplinkFast 16-4

Understanding BackboneFast 16-5

Understanding Root Guard 16-7

Understanding Loop Guard 16-8

Configuring Optional Spanning-Tree Features 16-9

Default Optional Spanning-Tree Configuration 16-9

Optional Spanning-Tree Configuration Guidelines 16-9

Enabling Port Fast 16-10

Enabling BPDU Guard 16-11

Enabling BPDU Filtering 16-12

Enabling UplinkFast for Use with Redundant Links 16-13

Enabling BackboneFast 16-14

Enabling Root Guard 16-14

Enabling Loop Guard 16-15

Displaying the Spanning-Tree Status 16-16

CHAPTER

17 Configuring IGMP Snooping and MVR 17-1

Understanding IGMP Snooping 17-2

Joining a Multicast Group 17-2

Leaving a Multicast Group 17-4

Immediate-Leave Processing 17-5

Contents

xv

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

Configuring IGMP Snooping 17-5

Default IGMP Snooping Configuration 17-5

Enabling or Disabling IGMP Snooping 17-6

Setting the Snooping Method 17-6

Configuring a Multicast Router Port 17-8

Configuring a Host Statically to Join a Group 17-9

Enabling IGMP Immediate-Leave Processing 17-10

Displaying IGMP Snooping Information 17-10

Understanding Multicast VLAN Registration 17-12

Using MVR in a Multicast Television Application 17-13

Configuring MVR 17-14

Default MVR Configuration 17-14

MVR Configuration Guidelines and Limitations 17-15

Configuring MVR Global Parameters 17-15

Configuring MVR Interfaces 17-17

Displaying MVR Information 17-18

Configuring IGMP Filtering 17-19

Default IGMP Filtering Configuration 17-19

Configuring IGMP Profiles 17-19

Applying IGMP Profiles 17-20

Setting the Maximum Number of IGMP Groups 17-21

Displaying IGMP Filtering Configuration 17-22

CHAPTER

18 Configuring Port-Based Traffic Control 18-1

Configuring Storm Control 18-1

Understanding Storm Control 18-1

Default Storm Control Configuration 18-3

Enabling Storm Control 18-3

Configuring Protected Ports 18-4

Default Protected Port Configuration 18-4

Protected Port Configuration Guidelines 18-5

Configuring a Protected Port 18-5

Configuring Port Blocking 18-5

Default Port Blocking Configuration 18-5

Blocking Flooded Traffic on an Interface 18-6

Contents

xvi

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

Configuring Port Security 18-6

Understanding Port Security 18-7

Secure MAC Addresses 18-7

Security Violations 18-8

Default Port Security Configuration 18-9

Configuration Guidelines 18-9

Enabling and Configuring Port Security 18-10

Enabling and Configuring Port Security Aging 18-13

Displaying Port-Based Traffic Control Settings 18-14

CHAPTER

19 Configuring CDP 19-1

Understanding CDP 19-1

Configuring CDP 19-2

Default CDP Configuration 19-2

Configuring the CDP Characteristics 19-2

Disabling and Enabling CDP 19-3

Disabling and Enabling CDP on an Interface 19-4

Monitoring and Maintaining CDP 19-5

CHAPTER

20 Configuring UDLD 20-1

Understanding UDLD 20-1

Modes of Operation 20-1

Methods to Detect Unidirectional Links 20-2

Configuring UDLD 20-4

Default UDLD Configuration 20-4

UDLD Configuration Guidelines 20-4

Enabling UDLD Globally 20-5

Enabling UDLD on an Interface 20-5

Resetting an Interface Disabled by UDLD 20-6

Displaying UDLD Status 20-6

CHAPTER

21 Configuring SPAN and RSPAN 21-1

Understanding SPAN and RSPAN 21-1

Local SPAN 21-2

Remote SPAN 21-2

Contents

xvii

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

SPAN and RSPAN Concepts and Terminology 21-3

SPAN Sessions 21-3

Monitored Traffic 21-4

Source Ports 21-5

Source VLANs 21-6

VLAN Filtering 21-6

Destination Port 21-7

RSPAN VLAN 21-8

SPAN and RSPAN Interaction with Other Features 21-8

Configuring SPAN and RSPAN 21-9

Default SPAN and RSPAN Configuration 21-9

Configuring Local SPAN 21-10

SPAN Configuration Guidelines 21-10

Creating a Local SPAN Session 21-11

Creating a Local SPAN Session and Configuring Ingress Traffic 21-13

Specifying VLANs to Filter 21-15

Configuring RSPAN 21-16

RSPAN Configuration Guidelines 21-16

Configuring a VLAN as an RSPAN VLAN 21-17

Creating an RSPAN Source Session 21-18

Creating an RSPAN Destination Session 21-19

Creating an RSPAN Destination Session and Configuring Ingress Traffic 21-20

Specifying VLANs to Filter 21-22

Displaying SPAN and RSPAN Status 21-23

CHAPTER

22 Configuring RMON 22-1

Understanding RMON 22-1

Configuring RMON 22-2

Default RMON Configuration 22-3

Configuring RMON Alarms and Events 22-3

Collecting Group History Statistics on an Interface 22-5

Collecting Group Ethernet Statistics on an Interface 22-6

Displaying RMON Status 22-6

CHAPTER

23 Configuring System Message Logging 23-1

Understanding System Message Logging 23-1

Configuring System Message Logging 23-2

System Log Message Format 23-2

Default System Message Logging Configuration 23-3

Contents

xviii

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

Disabling Message Logging 23-4

Setting the Message Display Destination Device 23-4

Synchronizing Log Messages 23-5

Enabling and Disabling Timestamps on Log Messages 23-7

Enabling and Disabling Sequence Numbers in Log Messages 23-7

Defining the Message Severity Level 23-8

Limiting Syslog Messages Sent to the History Table and to SNMP 23-9

Configuring UNIX Syslog Servers 23-10

Logging Messages to a UNIX Syslog Daemon 23-10

Configuring the UNIX System Logging Facility 23-11

Displaying the Logging Configuration 23-12

CHAPTER

24 Configuring SNMP 24-1

Understanding SNMP 24-1

SNMP Versions 24-2

SNMP Manager Functions 24-3

SNMP Agent Functions 24-4

SNMP Community Strings 24-4

Using SNMP to Access MIB Variables 24-4

SNMP Notifications 24-5

Configuring SNMP 24-5

Default SNMP Configuration 24-6

SNMP Configuration Guidelines 24-6

Disabling the SNMP Agent 24-7

Configuring Community Strings 24-7

Configuring SNMP Groups and Users 24-8

Configuring SNMP Notifications 24-10

Setting the Agent Contact and Location Information 24-13

Limiting TFTP Servers Used Through SNMP 24-13

SNMP Examples 24-14

Displaying SNMP Status 24-15

CHAPTER

25 Configuring Network Security with ACLs 25-1

Understanding ACLs 25-1

Supported ACLs 25-2

Router ACLs 25-3

Port ACLs 25-3

VLAN Maps 25-4

Handling Fragmented and Unfragmented Traffic 25-5

Contents

xix

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

Configuring IP ACLs 25-6

Creating Standard and Extended IP ACLs 25-6

Access List Numbers 25-7

Creating a Numbered Standard ACL 25-8

Creating a Numbered Extended ACL 25-9

Creating Named Standard and Extended ACLs 25-13

Using Time Ranges with ACLs 25-15

Including Comments in ACLs 25-17

Applying an IP ACL to a Terminal Line 25-17

Applying an IP ACL to an Interface 25-18

Hardware and Software Treatment of IP ACLs 25-19

IP ACL Configuration Examples 25-20

Numbered ACLs 25-21

Extended ACLs 25-21

Named ACLs 25-22

Time Range Applied to an IP ACL 25-23

Commented IP ACL Entries 25-23

ACL Logging 25-24

Creating Named MAC Extended ACLs 25-25

Applying a MAC ACL to a Layer 2 Interface 25-26

Configuring VLAN Maps 25-27

VLAN Map Configuration Guidelines 25-28

Creating a VLAN Map 25-28

Examples of ACLs and VLAN Maps 25-29

Applying a VLAN Map to a VLAN 25-31

Using VLAN Maps in Your Network 25-31

Wiring Closet Configuration 25-32

Denying Access to a Server on Another VLAN 25-33

Using VLAN Maps with Router ACLs 25-34

Guidelines 25-34

Examples of Router ACLs and VLAN Maps Applied to VLANs 25-35

ACLs and Switched Packets 25-35

ACLs and Bridged Packets 25-36

ACLs and Routed Packets 25-36

ACLs and Multicast Packets 25-37

Displaying ACL Configuration 25-38

Contents

xx

Catalyst 3750 Metro Switch Software Configuration Guide

78-15870-01

CHAPTER

26 Configuring QoS 26-1

Understanding QoS 26-2

Basic QoS Model 26-4

Ingress Classification 26-6

Ingress Classification Based on QoS ACLs 26-8

Ingress Classification Based on Traffic Classes and Traffic Policies 26-8

Ingress Policing and Marking 26-9

Mapping Tables 26-11

Queueing and Scheduling Overview 26-12

Weighted Tail Drop 26-13

SRR Shaping and Sharing 26-14

Queueing and Scheduling of Ingress Queues 26-15

Queueing and Scheduling of Egress Queue-Sets 26-17

Understanding Hierarchical QoS 26-19

Hierarchical Levels 26-20

Egress Classification Based on Traffic Classes and Traffic Policies 26-23

Egress Policing and Marking 26-24

Queueing and Scheduling of Hierarchical Queues 26-26

Hierarchical Queues 26-27

Congestion-Management and Congestion-Avoidance Features 26-27

Configuring Auto-QoS 26-29

Generated Auto-QoS Configuration 26-30

Effects of Auto-QoS on the Configuration 26-33

Auto-QoS Configuration Guidelines 26-33

Enabling Auto-QoS for VoIP 26-34

Auto-QoS Configuration Example 26-35

Displaying Auto-QoS Information 26-37

Configuring Standard QoS 26-37

Default Standard QoS Configuration 26-38

Default Ingress Queue Configuration 26-38

Default Egress Queue-Set Configuration 26-39

Default Mapping Table Configuration 26-39

Standard QoS Configuration Guidelines 26-40

Packet Modification 26-41

Enabling QoS Globally 26-42

Configuring Ingress Classification by Using Port Trust States 26-42

Configuring the Trust State on Ports Within the QoS Domain 26-42

Configuring the CoS Value for an Interface 26-45

Configuring a Trusted Boundary to Ensure Port Security 26-46

Page is loading ...

Cisco 3750 - Catalyst EMI Switch Software Configuration Manual

Cisco 3750 - Catalyst EMI Switch Software Configuration Manual

Related papers

Other documents