Sei sulla pagina 1di 1372
Catalyst 3750 Metro Switch Software Configuration Guide Cisco IOS Release 12.2(58)SE April 2011 Americas Headquarters
Catalyst 3750 Metro Switch Software Configuration Guide Cisco IOS Release 12.2(58)SE April 2011 Americas Headquarters

Catalyst 3750 Metro Switch Software Configuration Guide

Cisco IOS Release 12.2(58)SE April 2011

Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com

Tel:

408 526-4000

Fax:

800 553-NETS (6387) 408 527-0883

Text Part Number: OL-9644-10

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

Catalyst 3750 Metro Switch Software Configuration Guide ©2006—2011 Cisco Systems, Inc. All rights reserved.

CONTENTS Preface xlvii Audience xlvii Purpose xlvii Conventions xlvii Related Publications xlviii

CONTENTS

Preface

xlvii

Audience xlvii

Purpose xlvii

Conventions xlvii

Related Publications

xlviii

Obtaining Documentation and Submitting a Service Request

xlix

CHAPTER

1

Overview

1-1

 

Features

1-1

Performance Features

1-2

Management Options Manageability Features Availability Features

1-3

1-3

1-5

VLAN Features

1-6

Layer 2 Virtual Private Network (VPN) Services

1-6

 

Layer 3 VPN Services Security Features

1-7

1-7

QoS Features

1-9

Layer 3 Features Monitoring Features

1-10

1-11

Default Settings After Initial Switch Configuration

1-12

 

Network Configuration Examples

1-15

Multidwelling or Ethernet-to-the Subscriber Network

1-15

Layer 2 VPN Application Layer 3 VPN Application

1-17

1-18

Where to Go Next

1-19

CHAPTER

2

Using the Command-Line Interface

2-1

Understanding Command Modes

2-1

Understanding the Help System

2-3

Understanding Abbreviated Commands

Understanding no and default Forms of Commands

Understanding CLI Error Messages

2-3

2-4

2-4

Catalyst 3750 Metro Switch Software Configuration Guide

Understanding CLI Error Messages 2-3 2-4 2-4 Catalyst 3750 Metro Switch Software Configuration Guide OL-9644-10 iii

OL-9644-10

iii

Contents

Using Command History

2-4

Changing the Command History Buffer Size

Recalling Commands

Disabling the Command History Feature

2-5

2-5

2-5

Using Editing Features

2-6

Enabling and Disabling Editing Features Editing Commands through Keystrokes

Editing Command Lines that Wrap

2-8

2-6

2-6

Searching and Filtering Output of show and more Commands

Accessing the CLI

2-9

2-8

CHAPTER

3

Assigning the Switch IP Address and Default Gateway

Understanding the Boot Process

Assigning Switch Information Default Switch Information

3-1

3-2

3-3

Understanding DHCP-Based Autoconfiguration

DHCP Client Request Process

3-4

3-3

3-1

Understanding DHCP-based Autoconfiguration and Image Update

DHCP Autoconfiguration DHCP Auto-Image Update Limitations and Restrictions

3-5

3-5

3-5

3-5

Configuring DHCP-Based Autoconfiguration DHCP Server Configuration Guidelines

Configuring DHCP-Based Autoconfiguration DHCP Server Configuration Guidelines

3-6

3-6

Configuring the TFTP Server

3-7

Configuring the DNS

3-7

Configuring the Relay Device

3-8

Obtaining Configuration Files

3-8

Example Configuration

3-9

Configuring the DHCP Auto Configuration and Image Update Features

3-11

Configuring DHCP Autoconfiguration (Only Configuration File)

Configuring DHCP Auto-Image Update (Configuration File and Image)

Configuring the Client

3-11

3-13

Manually Assigning IP Information

3-14

Checking and Saving the Running Configuration

Modifying the Startup Configuration

3-15

3-15

Default Boot Configuration

Automatically Downloading a Configuration File

Specifying the Filename to Read and Write the System Configuration

Booting Manually

3-15

3-16

3-17

3-16

3-12

Configuration Booting Manually 3-15 3-16 3-17 3-16 3-12 Catalyst 3750 Metro Switch Software Configuration Guide iv

Catalyst 3750 Metro Switch Software Configuration Guide

iv

OL-9644-10

Contents

Booting a Specific Software Image Controlling Environment Variables

Scheduling a Reload of the Software Image

3-17

3-18

Configuring a Scheduled Reload

Displaying Scheduled Reload Information

3-19

3-19

3-20

CHAPTER

4

Configuring Cisco IOS Configuration Engine

4-1

 
 

Understanding Cisco Configuration Engine Software

4-1

 

Configuration Service

4-2

Event Service

4-3

NameSpace Mapper

4-3

What You Should Know About the CNS IDs and Device Hostnames ConfigID 4-3

4-3

DeviceID 4-4 Hostname and DeviceID

4-4

Using Hostname, DeviceID, and ConfigID

4-4

Understanding Cisco IOS Agents

4-5

Initial Configuration

4-5

Incremental (Partial) Configuration

4-6

Synchronized Configuration

4-6

Configuring Cisco IOS Agents

4-6

Enabling Automated CNS Configuration

4-6

 

Enabling the CNS Event Agent

4-7

 

Enabling the Cisco IOS CNS Agent Enabling an Initial Configuration Enabling a Partial Configuration

4-9

4-9

4-13

Upgrading Devices with Cisco IOS Image Agent Prerequisites for the CNS Image Agent

4-14

4-14

 

Restrictions for the CNS Image Agent

4-14

Displaying CNS Configuration

4-15

CHAPTER

5

Administering the Switch

5-1

 

5-1

 

Managing the System Time and Date Understanding the System Clock

5-1

 

Understanding Network Time Protocol

5-2

NTP Version 4

5-3

Configuring Time and Date Manually

5-4

Setting the System Clock

5-4

Displaying the Time and Date Configuration

5-4

 

Catalyst 3750 Metro Switch Software Configuration Guide

the Time and Date Configuration 5-4   Catalyst 3750 Metro Switch Software Configuration Guide OL-9644-10 v

OL-9644-10

v

Contents

Configuring the Time Zone

5-5

Configuring Summer Time (Daylight Saving Time)

5-6

Configuring a System Name and Prompt

5-7

Default System Name and Prompt Configuration

5-8

Configuring a System Name

5-8

Understanding DNS

5-8

Default DNS Configuration

5-9

 

Setting Up DNS

5-9

Displaying the DNS Configuration

5-10

 

Creating a Banner

5-10

Default Banner Configuration

5-10

Configuring a Message-of-the-Day Login Banner

5-11

Configuring a Login Banner

5-12

Managing the MAC Address Table

5-12

Building the Address Table

5-13

MAC Addresses and VLANs

5-13

Default MAC Address Table Configuration

5-14

Changing the Address Aging Time

5-14

Removing Dynamic Address Entries

5-15

Configuring MAC Address Change Notification Traps

5-15

Configuring MAC Address Move Notification Traps

Configuring MAC Threshold Notification Traps Adding and Removing Static Address Entries Configuring Unicast MAC Address Filtering Disabling MAC Address Learning on a VLAN

Displaying Address Table Entries

5-19

5-20

5-21

5-22

5-23

5-17

 

Managing the ARP Table

5-24

CHAPTER

6

Configuring SDM Templates

6-1

 

Understanding the SDM Templates Dual IPv4 and IPv6 SDM Templates

6-1

6-2

Configuring the Switch SDM Template

6-3

Default SDM Template

6-3

SDM Template Configuration Guidelines

6-4

Setting the SDM Template

6-4

Displaying the SDM Templates

6-5

CHAPTER

7

Configuring Switch-Based Authentication

7-1

Preventing Unauthorized Access to Your Switch

7-1

7-1 Preventing Unauthorized Access to Your Switch 7-1 Catalyst 3750 Metro Switch Software Configuration Guide vi

Catalyst 3750 Metro Switch Software Configuration Guide

vi

OL-9644-10

Contents

Protecting Access to Privileged EXEC Commands

7-2

Default Password and Privilege Level Configuration

Setting or Changing a Static Enable Password

Protecting Enable and Enable Secret Passwords with Encryption

Disabling Password Recovery

Setting a Telnet Password for a Terminal Line Configuring Username and Password Pairs

Configuring Multiple Privilege Levels

7-2

7-3

7-5

7-6

7-6

7-7

Setting the Privilege Level for a Command Changing the Default Privilege Level for Lines Logging into and Exiting a Privilege Level

7-8

7-9

7-9

7-3

Controlling Switch Access with TACACS+

7-9

Understanding TACACS+

7-10

TACACS+ Operation

7-12

Configuring TACACS+

7-12

Default TACACS+ Configuration

7-13

Identifying the TACACS+ Server Host and Setting the Authentication Key

Configuring TACACS+ Login Authentication

Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services

7-13

7-14

Starting TACACS+ Accounting Displaying the TACACS+ Configuration

7-16

7-17

Controlling Switch Access with RADIUS

7-17

Understanding RADIUS

7-18

RADIUS Operation

7-19

Configuring RADIUS

7-20

Default RADIUS Configuration

Identifying the RADIUS Server Host

Configuring RADIUS Login Authentication

Defining AAA Server Groups

Configuring RADIUS Authorization for User Privileged Access and Network Services

Starting RADIUS Accounting

Configuring Settings for All RADIUS Servers

Configuring the Switch to Use Vendor-Specific RADIUS Attributes

Configuring the Switch for Vendor-Proprietary RADIUS Server Communication

Configuring RADIUS Server Load Balancing

7-20

7-20

7-23

7-25

7-28

7-29

7-29

7-30

7-31

Displaying the RADIUS Configuration

7-31

Controlling Switch Access with Kerberos

7-32

Understanding Kerberos

Kerberos Operation

7-34

7-32

7-16

7-27

Catalyst 3750 Metro Switch Software Configuration Guide

Kerberos Kerberos Operation 7-34 7-32 7-16 7-27 Catalyst 3750 Metro Switch Software Configuration Guide OL-9644-10 vii

OL-9644-10

vii

Contents

Authenticating to a Boundary Switch

7-34

Obtaining a TGT from a KDC

7-35

Authenticating to Network Services

7-35

Configuring Kerberos

7-35

Configuring the Switch for Local Authentication and Authorization

7-36

Configuring the Switch for Secure Shell

7-37

Understanding SSH

7-37

SSH Servers, Integrated Clients, and Supported Versions

7-38

Limitations 7-38

Configuring SSH

7-38

Configuration Guidelines

Setting Up the Switch to Run SSH

Configuring the SSH Server

7-39

7-40

7-39

Displaying the SSH Configuration and Status

7-41

Configuring the Switch for Secure Socket Layer HTTP

7-41

Understanding Secure HTTP Servers and Clients

7-42

CHAPTER

8

Certificate Authority Trustpoints

7-42

CipherSuites 7-43 Configuring Secure HTTP Servers and Clients

Default SSL Configuration SSL Configuration Guidelines Configuring a CA Trustpoint

7-44

7-44

7-44

7-44

Configuring the Secure HTTP Server Configuring the Secure HTTP Client

Configuring the Secure HTTP Server Configuring the Secure HTTP Client

7-45

7-47

Displaying Secure HTTP Server and Client Status

Configuring the Switch for Secure Copy Protocol

Information About Secure Copy

7-48

7-48

Configuring IEEE 802.1x Port-Based Authentication

7-48

8-1

Understanding IEEE 802.1x Port-Based Authentication

8-1

Device Roles

8-2

Authentication Initiation and Message Exchange

8-3

Ports in Authorized and Unauthorized States

802.1x Accounting

Supported Topologies 802.1x Readiness Check 802.1x with Port Security

8-5

8-5

8-6

8-6

8-4

802.1x with Voice VLAN Ports

8-6

802.1x with VLAN Assignment

8-7

VLAN Ports 8-6 802.1x with VLAN Assignment 8-7 Catalyst 3750 Metro Switch Software Configuration Guide viii

Catalyst 3750 Metro Switch Software Configuration Guide

viii

OL-9644-10

Contents

CHAPTER

9

802.1x with Guest VLAN 802.1x with Restricted VLAN 802.1x with Per-User ACLs 802.1x User Distribution

8-11

8-8

8-9

8-10

802.1x User Distribution Configuration Guidelines

8-11

802.1x Supplicant and Authenticator Switches with Network Edge Access Topology (NEAT)

Guidelines 8-12 Common Session ID

8-13

Configuring IEEE 802.1x Authentication

8-13

Default 802.1x Configuration 802.1x Configuration Guidelines

8-14

8-15

Maximum Number of Allowed Devices Per Port

8-16

Configuring 802.1x Readiness Check Configuring IEEE 802.1x Violation Modes Configuring IEEE 802.1x Authentication

Configuring the Switch-to-RADIUS-Server Communication

Configuring Periodic Re-Authentication

Manually Re-Authenticating a Client Connected to a Port

Changing the Quiet Period

Changing the Switch-to-Client Retransmission Time

Setting the Switch-to-Client Frame-Retransmission Number

Setting the Re-Authentication Number

Configuring the Host Mode Configuring a Guest VLAN Configuring a Restricted VLAN

Resetting the 802.1x Configuration to the Default Values

Configuring 802.1x Accounting

Configuring 802.1x User Distribution

Configuring an Authenticator and a Supplicant Switch with NEAT

8-16

8-17

8-18

8-21

8-19

8-22

8-22

8-22

8-23

8-24

8-24

8-26

8-26

8-28

8-28

8-29

Configuring NEAT with ASP

8-32

8-30

Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs

Configuring Downloadable ACLs Configuring a Downloadable Policy

8-32

8-33

Displaying 802.1x Statistics and Status

8-34

8-32

Configuring Interface Characteristics

Understanding Interface Types

Port-Based VLANs

Switch Ports

9-2

9-2

9-1

9-1

8-11

Catalyst 3750 Metro Switch Software Configuration Guide

Port-Based VLANs Switch Ports 9-2 9-2 9-1 9-1 8-11 Catalyst 3750 Metro Switch Software Configuration Guide

OL-9644-10

ix

Contents

Access Ports

9-2

Trunk Ports

9-3

Tunnel Ports

9-4

Routed Ports

Switch Virtual Interfaces EtherChannel Port Groups Connecting Interfaces

9-4

9-5

9-4

9-5

Using Interface Configuration Mode

9-7

Procedures for Configuring Interfaces Configuring a Range of Interfaces

9-8

9-7

Configuring and Using Interface Range Macros

9-10

Configuring Ethernet Interfaces

9-11

Default Ethernet Interface Configuration

9-11

Configuring Interface Speed and Duplex Mode

9-12

Speed and Duplex Configuration Guidelines

9-13

Setting the Interface Speed and Duplex Parameters

9-13

Configuring IEEE 802.3x Flow Control

9-15

9-14

Configuring Auto-MDIX on a Port

Adding a Description for an Interface

9-17

Configuring Layer 3 Interfaces

Configuring the System MTU

Monitoring and Maintaining the Interfaces

9-17

9-19

9-22

Monitoring Interface Status

Clearing and Resetting Interfaces and Counters

Shutting Down and Restarting the Interface

9-22

9-23

9-23

CHAPTER

10

Configuring Smartports Macros

10-1

 

Understanding Smartports Macros

10-1

Configuring Smartports Macros

10-2

Default Smartports Macro Configuration Smartports Macro Configuration Guidelines

10-2

10-2

Creating Smartports Macros Applying Smartports Macros

10-4

10-5

Applying Cisco-Default Smartports Macros

10-6

Displaying Smartports Macros

10-8

CHAPTER

11

Configuring VLANs

11-1

Understanding VLANs

11-1

11 Configuring VLANs 11-1 Understanding VLANs 11-1 Catalyst 3750 Metro Switch Software Configuration Guide x

Catalyst 3750 Metro Switch Software Configuration Guide

x

OL-9644-10

Contents

Supported VLANs

VLAN Port Membership Modes

11-2

11-3

Configuring Normal-Range VLANs

11-4

Token Ring VLANs

Normal-Range VLAN Configuration Guidelines

Saving VLAN Configuration

Default Ethernet VLAN Configuration Creating or Modifying an Ethernet VLAN

Deleting a VLAN

Assigning Static-Access Ports to a VLAN

11-6

11-7

11-7

11-8

11-10

11-9

11-6

Configuring Extended-Range VLANs Default VLAN Configuration

11-11

11-11

Extended-Range VLAN Configuration Guidelines

Creating an Extended-Range VLAN

Creating an Extended-Range VLAN with an Internal VLAN ID

11-11

11-12

Displaying VLANs

Configuring VLAN Trunks Trunking Overview

11-14

11-15

11-15

Encapsulation Types

IEEE 802.1Q Configuration Considerations

11-16

11-17

11-13

Default Layer 2 Ethernet Interface VLAN Configuration

11-18

Configuring an Ethernet Interface as a Trunk Port

11-18

Interaction with Other Features

11-19

Configuring a Trunk Port

11-19

Defining the Allowed VLANs on a Trunk

11-21

Changing the Pruning-Eligible List

11-22

Configuring the Native VLAN for Untagged Traffic

11-22

Configuring Trunk Ports for Load Sharing Load Sharing Using STP Port Priorities

11-23

11-23

Load Sharing Using STP Path Cost

11-26

Configuring VMPS

11-27

Understanding VMPS

11-28

Dynamic-Access Port VLAN Membership

11-28

Default VMPS Client Configuration VMPS Configuration Guidelines

Configuring the VMPS Client

11-29

11-29

11-30

Entering the IP Address of the VMPS

Configuring Dynamic-Access Ports on VMPS Clients

Reconfirming VLAN Memberships

11-30

11-31

11-30

Catalyst 3750 Metro Switch Software Configuration Guide

Reconfirming VLAN Memberships 11-30 11-31 11-30 Catalyst 3750 Metro Switch Software Configuration Guide OL-9644-10 xi

OL-9644-10

xi

Contents

Changing the Reconfirmation Interval

Changing the Retry Count

11-32

11-31

Monitoring the VMPS

Troubleshooting Dynamic-Access Port VLAN Membership

VMPS Configuration Example

11-32

11-33

11-33

CHAPTER

12

Configuring VTP

12-1

 

Understanding VTP The VTP Domain

12-1

12-2

 

VTP Modes

12-3

VTP Advertisements

12-3

VTP Version 2 VTP Pruning

12-4

12-4

Configuring VTP

12-6

Default VTP Configuration

12-6

 

VTP Configuration Guidelines

12-7

Domain Names

12-7

Passwords

12-7

VTP Version

12-8

Configuration Requirements

12-8

 

Configuring a VTP Server Configuring a VTP Client

12-8

12-9

Disabling VTP (VTP Transparent Mode)

12-10

Enabling VTP Version 2 Enabling VTP Pruning

12-11

12-12

Adding a VTP Client Switch to a VTP Domain

12-12

Monitoring VTP

12-13

CHAPTER

13

Configuring Private VLANs

13-1

Understanding Private VLANs

13-1

IP Addressing Scheme with Private VLANs Private VLANs across Multiple Switches

Private-VLAN Interaction with Other Features

13-3

13-4

13-5

Private VLANs and Unicast, Broadcast, and Multicast Traffic

Private VLANs and SVIs

13-5

Configuring Private VLANs

13-6

13-5

Tasks for Configuring Private VLANs

Default Private-VLAN Configuration Private-VLAN Configuration Guidelines

Default Private-VLAN Configuration Private-VLAN Configuration Guidelines

13-6

13-6

13-7

Configuration Guidelines 13-6 13-6 13-7 Catalyst 3750 Metro Switch Software Configuration Guide xii

Catalyst 3750 Metro Switch Software Configuration Guide

xii

OL-9644-10

Contents

Secondary and Primary VLAN Configuration

Private-VLAN Port Configuration Limitations with Other Features

13-8

13-9

13-7

Configuring and Associating VLANs in a Private VLAN

Configuring a Layer 2 Interface as a Private-VLAN Host Port

Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port

Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface

13-10

13-11

Monitoring Private VLANs

13-14

13-12

13-13

CHAPTER

14

Configuring Voice VLAN

14-1

 

Understanding Voice VLAN

14-1

Cisco IP Phone Voice Traffic Cisco IP Phone Data Traffic

14-2

14-2

Configuring Voice VLAN

14-3

Default Voice VLAN Configuration Voice VLAN Configuration Guidelines

14-3

14-3

Configuring a Port Connected to a Cisco 7960 IP Phone

14-4

Configuring IP Phone Voice Traffic

14-4

 

Configuring the Priority of Incoming Data Frames

14-5

Displaying Voice VLAN

14-6

CHAPTER

15

Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling

15-1

 

Understanding IEEE 802.1Q Tunneling

15-1

Configuring IEEE 802.1Q Tunneling

15-4

Default IEEE 802.1Q Tunneling Configuration IEEE 802.1Q Tunneling Configuration Guidelines

15-4

15-4

 

Native VLANs

15-4

System MTU

15-5

IEEE 802.1Q Tunneling and Other Features Configuring an IEEE 802.1Q Tunneling Port

15-6

15-6

Configuring VLAN Mapping

15-7

Default VLAN Mapping Configuration

15-8

Mapping Customer VLANs to Service-Provider VLANs

15-8

Mapping Customer IEEE 802.1Q Tunnel VLANs to Service-Provider VLANs

Configuring IEEE 802.1ad

15-11

802.1ad Configuration Guidelines

Configuring 802.1ad on EtherChannels

15-12

15-13

15-10

Configuration Example for 802.1ad End-to-End PAgP EtherChannels between CE Devices

15-13

Catalyst 3750 Metro Switch Software Configuration Guide

PAgP EtherChannels between CE Devices 15-13 Catalyst 3750 Metro Switch Software Configuration Guide OL-9644-10 xiii

OL-9644-10

xiii

Contents

CHAPTER

16

Understanding Layer 2 Protocol Tunneling

15-17

Configuring Layer 2 Protocol Tunneling

15-19

Default Layer 2 Protocol Tunneling Configuration Layer 2 Protocol Tunneling Configuration Guidelines

Configuring Layer 2 Tunneling

Configuring Layer 2 Tunneling for EtherChannels Configuring the Service-Provider Edge Switch

15-20

15-20

15-22

15-23

15-23

Configuring the Customer Switch

15-25

Monitoring and Maintaining Tunneling and Mapping Status

15-27

Configuring STP

16-1

Understanding Spanning-Tree Features

16-1

STP Overview

Spanning-Tree Topology and BPDUs

Bridge ID, Switch Priority, and Extended System ID

Spanning-Tree Interface States

16-2

16-3

16-4

Blocking State

16-5

Listening State

16-6

Learning State

16-6

Forwarding State

16-6

Disabled State

16-7

16-4

How a Switch or Port Becomes the Root Switch or Root Port

16-7

Spanning Tree and Redundant Connectivity

16-8

Spanning-Tree Address Management

16-8

Accelerated Aging to Retain Connectivity

16-8

Spanning-Tree Modes and Protocols

16-9

Supported Spanning-Tree Instances

16-9

Spanning-Tree Interoperability and Backward Compatibility

16-10

STP and IEEE 802.1Q Trunks

16-10

VLAN-Bridge Spanning Tree

16-10

Configuring Spanning-Tree Features

16-11

Default Spanning-Tree Configuration Spanning-Tree Configuration Guidelines

Changing the Spanning-Tree Mode

Disabling Spanning Tree Configuring the Root Switch

Configuring a Secondary Root Switch

Configuring Port Priority Configuring Path Cost

16-11

16-13

16-12

16-14

16-14

16-16

16-16

16-18

Path Cost 16-11 16-13 16-12 16-14 16-14 16-16 16-16 16-18 Catalyst 3750 Metro Switch Software Configuration

Catalyst 3750 Metro Switch Software Configuration Guide

xiv

OL-9644-10

Contents

Configuring the Switch Priority of a VLAN

Configuring Spanning-Tree Timers Configuring the Hello Time

16-20

16-20

16-19

Configuring the Forwarding-Delay Time for a VLAN Configuring the Maximum-Aging Time for a VLAN

16-21

16-21

 

Displaying the Spanning-Tree Status

16-22

CHAPTER

17

Configuring MSTP

17-1

 

Understanding MSTP

17-2

Multiple Spanning-Tree Regions

17-2

IST, CIST, and CST

17-2

Operations Within an MST Region

17-3

Operations Between MST Regions

17-4

IEEE 802.1s Terminology

17-5

Hop Count

Boundary Ports

IEEE 802.1s Implementation Port Role Naming Change

17-5

17-6

17-6

17-6

Interoperation Between Legacy and Standard Switches

Detecting Unidirectional Link Failure

17-7

Interoperability with 802.1D STP

17-8

Understanding RSTP

17-8

Port Roles and the Active Topology

Rapid Convergence

Synchronization of Port Roles

Bridge Protocol Data Unit Format and Processing

17-9

17-9

17-11

Processing Superior BPDU Information Processing Inferior BPDU Information

17-12

17-12

17-11

Topology Changes

Configuring MSTP Features

17-13

17-13

Default MSTP Configuration

MSTP Configuration Guidelines

Specifying the MST Region Configuration and Enabling MSTP

Configuring the Root Switch

Configuring a Secondary Root Switch

Configuring Port Priority Configuring Path Cost

Configuring the Switch Priority

Configuring the Hello Time

17-14

17-14

17-17

17-18

17-19

17-20

17-21

17-22

17-7

17-15

Catalyst 3750 Metro Switch Software Configuration Guide

17-14 17-17 17-18 17-19 17-20 17-21 17-22 17-7 17-15 Catalyst 3750 Metro Switch Software Configuration Guide

OL-9644-10

xv

Contents

Configuring the Forwarding-Delay Time Configuring the Maximum-Aging Time Configuring the Maximum-Hop Count

Configuring the Forwarding-Delay Time Configuring the Maximum-Aging Time Configuring the Maximum-Hop Count
Configuring the Forwarding-Delay Time Configuring the Maximum-Aging Time Configuring the Maximum-Hop Count

17-23

17-23

17-24

Specifying the Link Type to Ensure Rapid Transitions

Designating the Neighbor Type

17-25

17-24

 

Restarting the Protocol Migration Process

17-25

Displaying the MST Configuration and Status

17-26

CHAPTER

18

Configuring Optional Spanning-Tree Features

18-1

 

Understanding Optional Spanning-Tree Features

18-1

Understanding Port Fast

18-2

 

Understanding BPDU Guard Understanding BPDU Filtering

18-2

18-3

Understanding UplinkFast Understanding BackboneFast

18-3

18-5

Understanding EtherChannel Guard

18-7

 

Understanding Root Guard Understanding Loop Guard

18-8

18-9

Configuring Optional Spanning-Tree Features

18-9

Default Optional Spanning-Tree Configuration Optional Spanning-Tree Configuration Guidelines

18-9

18-10

Enabling Port Fast Enabling BPDU Guard

18-10

18-11

 

Enabling BPDU Filtering

18-12

 

Enabling UplinkFast for Use with Redundant Links

18-13

Enabling BackboneFast

18-13

 

Enabling EtherChannel Guard

18-14

Enabling Root Guard Enabling Loop Guard

18-15

18-15

Displaying the Spanning-Tree Status

18-16

 

CHAPTER

19

Configuring Resilient Ethernet Protocol

19-1

 

Understanding REP

19-1

Link Integrity

19-3

Fast Convergence

VLAN Load Balancing Spanning Tree Interaction

REP Ports

19-4

19-4

19-6

Configuring REP

19-7

19-6

REP Ports 19-4 19-4 19-6 Configuring REP 19-7 19-6 Catalyst 3750 Metro Switch Software Configuration Guide

Catalyst 3750 Metro Switch Software Configuration Guide

xvi

OL-9644-10

Contents

Default REP Configuration REP Configuration Guidelines

Default REP Configuration REP Configuration Guidelines

19-7

19-7

Configuring the REP Administrative VLAN

Configuring REP Interfaces

Setting Manual Preemption for VLAN Load Balancing

Configuring SNMP Traps for REP

19-9

19-10

19-14

Monitoring REP

19-15

19-14

CHAPTER

20

Configuring Flex Links and the MAC Address-Table Move Update Feature

20-1

 

Understanding Flex Links and the MAC Address-Table Move Update

20-1

Flex Links

20-1

VLAN Flex Link Load Balancing and Support

20-2

 

Flex Link Multicast Fast Convergence

20-3

Learning the Other Flex Link Port as the mortar Port

20-3

Generating IGMP Reports Leaking IGMP Reports

20-3

20-4

 

MAC Address-Table Move Update

20-6

Configuring Flex Links and MAC Address-Table Move Update

20-7

Default Configuration Configuration Guidelines Configuring Flex Links

20-8

20-8

 

20-9

Configuring VLAN Load Balancing on Flex Links

20-11

Configuring the MAC Address-Table Move Update Feature

20-12

Monitoring Flex Links and the MAC Address-Table Move Update

20-14

 

CHAPTER

21

Configuring DHCP Features and IP Source Guard

21-1

Understanding DHCP Features

DHCP Server

DHCP Relay Agent DHCP Snooping

Option-82 Data Insertion

21-2

21-2

21-2

21-1

21-3

Cisco IOS DHCP Server Database DHCP Snooping Binding Database

Cisco IOS DHCP Server Database DHCP Snooping Binding Database

21-6

21-6

Configuring DHCP Features

21-8

Default DHCP Configuration

DHCP Snooping Configuration Guidelines

Configuring the DHCP Server

Configuring the DHCP Relay Agent

Specifying the Packet Forwarding Address

21-8

21-10

21-10

21-9

21-10

Catalyst 3750 Metro Switch Software Configuration Guide

Forwarding Address 21-8 21-10 21-10 21-9 21-10 Catalyst 3750 Metro Switch Software Configuration Guide OL-9644-10 xvii

OL-9644-10

xvii

Contents

CHAPTER

22

Enabling DHCP Snooping and Option 82

Enabling DHCP Snooping on Private VLANs Enabling the Cisco IOS DHCP Server Database

Enabling the DHCP Snooping Binding Database Agent

21-11

21-13

21-14

Displaying DHCP Snooping Information

21-15

21-14

Understanding IP Source Guard

21-15

Source IP Address Filtering

21-16

Source IP and MAC Address Filtering

IP Source Guard for Static Hosts

21-16

21-16

Configuring IP Source Guard

21-17

Default IP Source Guard Configuration IP Source Guard Configuration Guidelines

Enabling IP Source Guard

Configuring IP Source Guard for Static Hosts

21-17

21-17

21-18

21-19

Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port Configuring IP Source Guard for Static Hosts on a Private VLAN Host Port

21-19

21-23

Displaying IP Source Guard Information

Understanding DHCP Server Port-Based Address Allocation

Configuring DHCP Server Port-Based Address Allocation Default Port-Based Address Allocation Configuration Port-Based Address Allocation Configuration Guidelines Enabling DHCP Server Port-Based Address Allocation

Displaying DHCP Server Port-Based Address Allocation

21-24

21-25

21-25

21-25

21-25

21-26

21-28

Configuring Dynamic ARP Inspection

22-1

Understanding Dynamic ARP Inspection

22-1

Interface Trust States and Network Security

Rate Limiting of ARP Packets

Relative Priority of ARP ACLs and DHCP Snooping Entries

Logging of Dropped Packets

22-3

22-4

22-4

Configuring Dynamic ARP Inspection

22-5

Default Dynamic ARP Inspection Configuration Dynamic ARP Inspection Configuration Guidelines

Configuring Dynamic ARP Inspection in DHCP Environments

Configuring ARP ACLs for Non-DHCP Environments

Limiting the Rate of Incoming ARP Packets

Performing Validation Checks Configuring the Log Buffer

22-5

22-6

22-8

22-10

22-11

22-12

22-4

22-7

the Log Buffer 22-5 22-6 22-8 22-10 22-11 22-12 22-4 22-7 Catalyst 3750 Metro Switch Software

Catalyst 3750 Metro Switch Software Configuration Guide

xviii

OL-9644-10

Contents

 

Displaying Dynamic ARP Inspection Information

22-14

CHAPTER

23

Configuring IGMP Snooping and MVR

23-1

 

Understanding IGMP Snooping

23-1

IGMP Versions

23-2

Joining a Multicast Group

23-3

Leaving a Multicast Group

23-4

Immediate Leave

23-5

IGMP Report Suppression

23-5

Configuring IGMP Snooping

23-5

Default IGMP Snooping Configuration Enabling or Disabling IGMP Snooping

23-6

23-6

Setting the Snooping Method

23-7

Configuring a Multicast Router Port

23-8

 

Configuring a Host Statically to Join a Group

23-9

Enabling IGMP Immediate Leave

23-10

Configuring the IGMP Snooping Querier

23-10

 

Disabling IGMP Report Suppression

23-12

 

Displaying IGMP Snooping Information

23-12

Understanding Multicast VLAN Registration

23-13

 

Using MVR in a Multicast Television Application

23-14

Configuring MVR

23-16

Default MVR Configuration

23-16

MVR Configuration Guidelines and Limitations

23-16

Configuring MVR Global Parameters

23-17

Configuring MVR on Access Ports Configuring MVR on Trunk Ports

23-18

 

23-20

Displaying MVR Information

23-21

Configuring IGMP Filtering and Throttling

23-21

Default IGMP Filtering and Throttling Configuration

23-22

Configuring IGMP Profiles Applying IGMP Profiles

23-22

23-23

Setting the Maximum Number of IGMP Groups

23-24

Configuring the IGMP Throttling Action

23-25

 

Displaying IGMP Filtering and Throttling Configuration

23-26

CHAPTER

24

Configuring Port-Based Traffic Control

24-1

 

Configuring Storm Control

24-1

Catalyst 3750 Metro Switch Software Configuration Guide

24-1   Configuring Storm Control 24-1 Catalyst 3750 Metro Switch Software Configuration Guide OL-9644-10 xix

OL-9644-10

xix

Contents

Understanding Storm Control

Default Storm Control Configuration

Configuring Storm Control and Threshold Levels

24-1

24-3

24-3

Configuring Small-Frame Arrival Rate

24-5

Configuring Protected Ports

24-6

Default Protected Port Configuration

24-6

Protected Port Configuration Guidelines

24-6

Configuring a Protected Port

24-7

Configuring Port Blocking

24-7

Default Port Blocking Configuration Blocking Flooded Traffic on an Interface

24-7

24-8

Configuring Port Security

24-8

Understanding Port Security

24-9

Secure MAC Addresses

24-9

Security Violations

24-10

Default Port Security Configuration

Configuration Guidelines

Enabling and Configuring Port Security

24-11

24-11

24-12

 

Enabling and Configuring Port Security Aging

24-15

Port Security and Private VLANs

24-16

CHAPTER

25

Configuring CDP

25-1

 

Understanding CDP

25-1

 

Configuring CDP

25-2

Default CDP Configuration

25-2

Configuring the CDP Characteristics

25-2

 

Disabling and Enabling CDP

25-3

Disabling and Enabling CDP on an Interface

25-4

Monitoring and Maintaining CDP

25-4

CHAPTER

26

Configuring LLDP and LLDP-MED

26-1

 

Understanding LLDP and LLDP-MED

26-1

 

Understanding LLDP

26-1

Understanding LLDP-MED

26-2

Configuring LLDP and LLDP-MED Default LLDP Configuration

26-3

26-3

Configuring LLDP Characteristics

26-3

 

Disabling and Enabling LLDP Globally

26-5

Disabling and Enabling LLDP on an Interface

26-5

26-5 Disabling and Enabling LLDP on an Interface 26-5 Catalyst 3750 Metro Switch Software Configuration Guide

Catalyst 3750 Metro Switch Software Configuration Guide

xx

OL-9644-10

Contents

Configuring LLDP-MED TLVs

26-6

 

Monitoring and Maintaining LLDP and LLDP-MED

26-7

CHAPTER

27

Configuring UDLD

27-1

 

Understanding UDLD Modes of Operation

27-1

27-1

Methods to Detect Unidirectional Links

27-2

 

Configuring UDLD

27-4

Default UDLD Configuration UDLD Configuration Guidelines

27-4

27-4

Enabling UDLD Globally

27-5

Enabling UDLD on an Interface

27-5

Resetting an Interface Disabled by UDLD

27-6

 

Displaying UDLD Status

27-6

CHAPTER

28

Configuring SPAN and RSPAN

28-1

 

Understanding SPAN and RSPAN

28-1

Local SPAN

28-2

Remote SPAN

28-2

 

SPAN and RSPAN Concepts and Terminology

28-3

SPAN Sessions

28-3

Monitored Traffic

28-4

 

Source Ports

28-5

Source VLANs

28-6

VLAN Filtering

28-6

Destination Port

28-7

RSPAN VLAN

28-8

SPAN and RSPAN Interaction with Other Features

28-8

Configuring SPAN and RSPAN

28-9

Default SPAN and RSPAN Configuration

Configuring Local SPAN

28-10

28-9

SPAN Configuration Guidelines

28-10

Creating a Local SPAN Session

28-11

Creating a Local SPAN Session and Configuring Ingress Traffic

Specifying VLANs to Filter

28-14

Configuring RSPAN

28-15

RSPAN Configuration Guidelines

Configuring a VLAN as an RSPAN VLAN Creating an RSPAN Source Session

28-16

28-16

28-17

28-13

Catalyst 3750 Metro Switch Software Configuration Guide

an RSPAN Source Session 28-16 28-16 28-17 28-13 Catalyst 3750 Metro Switch Software Configuration Guide OL-9644-10

OL-9644-10

xxi

Contents

Creating an RSPAN Destination Session

Creating an RSPAN Destination Session and Configuring Incoming Traffic

28-19

28-20

 

Specifying VLANs to Filter

28-22

Displaying SPAN and RSPAN Status

28-23

CHAPTER

29

Configuring RMON

29-1

 

Understanding RMON

29-1

 

Configuring RMON

29-3

Default RMON Configuration

29-3

Configuring RMON Alarms and Events

29-3

 

Collecting Group History Statistics on an Interface Collecting Group Ethernet Statistics on an Interface

29-5

29-6

Displaying RMON Status

29-6

 

CHAPTER

30

Configuring System Message Logging

30-1

 

Understanding System Message Logging

30-1

 

Configuring System Message Logging System Log Message Format

30-2

30-2

Default System Message Logging Configuration

30-3

Disabling Message Logging

30-4

 

Setting the Message Display Destination Device

30-4

Synchronizing Log Messages

30-5

Enabling and Disabling Timestamps on Log Messages

30-7

 

Enabling and Disabling Sequence Numbers in Log Messages

30-7

Defining the Message Severity Level

30-8

 

Limiting Syslog Messages Sent to the History Table and to SNMP

30-9

Enabling the Configuration-Change Logger

30-10

Configuring UNIX Syslog Servers

30-11

Logging Messages to a UNIX Syslog Daemon Configuring the UNIX System Logging Facility

30-11

30-12

Displaying the Logging Configuration

30-13

CHAPTER

31

Configuring SNMP

31-1

Understanding SNMP SNMP Versions

31-1

31-2

SNMP Manager Functions SNMP Agent Functions SNMP Community Strings

31-4

31-4

31-4

SNMP Agent Functions SNMP Community Strings 31-4 31-4 31-4 Catalyst 3750 Metro Switch Software Configuration Guide

Catalyst 3750 Metro Switch Software Configuration Guide

xxii

OL-9644-10

Contents

Using SNMP to Access MIB Variables

SNMP Notifications

31-5

31-5

SNMP ifIndex MIB Object Values

31-6

MIB Data Collection and Transfer

31-6

Configuring SNMP

31-7

Default SNMP Configuration SNMP Configuration Guidelines

Disabling the SNMP Agent Configuring Community Strings

Configuring SNMP Groups and Users

Configuring SNMP Notifications

Setting the Agent Contact and Location Information

Limiting TFTP Servers Used Through SNMP

Setting the CPU Threshold Notification Types and Values

Configuring MIB Data Collection and Transfer

Configuring the Cisco Process MIB CPU Threshold Table

SNMP Examples

31-7

31-8

31-7

31-8

31-12

31-10

31-17

31-18

31-19

31-18

31-22

31-23

Displaying SNMP Status

31-24

CHAPTER

32

Configuring Embedded Event Manager

32-1

 

Understanding Embedded Event Manager

32-1

Event Detectors

32-3

Embedded Event Manager Actions Embedded Event Manager Policies

32-4

32-4

Embedded Event Manager Environment Variables

32-5

EEM 3.2

32-5

Configuring Embedded Event Manager

32-6

Registering and Defining an Embedded Event Manager Applet Registering and Defining an Embedded Event Manager TCL Script

32-6

 

32-7

Displaying Embedded Event Manager Information

32-7

 

CHAPTER

33

Configuring Network Security with ACLs

33-1

Understanding ACLs Supported ACLs Router ACLs Port ACLs VLAN Maps

Understanding ACLs Supported ACLs Router ACLs Port ACLs VLAN Maps
Understanding ACLs Supported ACLs Router ACLs Port ACLs VLAN Maps
Understanding ACLs Supported ACLs Router ACLs Port ACLs VLAN Maps
Understanding ACLs Supported ACLs Router ACLs Port ACLs VLAN Maps

33-4

33-2

33-4

33-3

33-1

Handling Fragmented and Unfragmented Traffic

Configuring IP ACLs

33-6

33-5

Catalyst 3750 Metro Switch Software Configuration Guide

Traffic Configuring IP ACLs 33-6 33-5 Catalyst 3750 Metro Switch Software Configuration Guide OL-9644-10 xxiii

OL-9644-10

xxiii

Contents

Creating Standard and Extended IP ACLs

33-7

Access List Numbers

33-7

Creating a Numbered Standard ACL

33-8

Creating a Numbered Extended ACL

33-9

Resequencing ACEs in an ACL

Creating Named Standard and Extended ACLs

33-14

Using Time Ranges with ACLs Including Comments in ACLs Applying an IP ACL to a Terminal Line Applying an IP ACL to an Interface

Hardware and Software Treatment of IP ACLs

Troubleshooting ACLs

IP ACL Configuration Examples

33-16

33-18

33-18

33-19

33-21

33-22

33-21

Numbered ACLs

33-24

Extended ACLs

33-24

Named ACLs

33-24

Time Range Applied to an IP ACL

33-25

33-14

Commented IP ACL Entries

33-25

ACL Logging

33-26

Creating Named MAC Extended ACLs

33-27

Applying a MAC ACL to a Layer 2 Interface

33-28

Configuring VLAN Maps

33-29

VLAN Map Configuration Guidelines

Creating a VLAN Map

33-31

Examples of ACLs and VLAN Maps

33-30

33-32

Applying a VLAN Map to a VLAN Using VLAN Maps in Your Network

33-34

33-34

Wiring Closet Configuration

Denying Access to a Server on Another VLAN

33-34

Configuring VACL Logging

33-36

Using VLAN Maps with Router ACLs Guidelines 33-38

33-38

33-35

Examples of Router ACLs and VLAN Maps Applied to VLANs

ACLs and Switched Packets ACLs and Bridged Packets ACLs and Routed Packets ACLs and Multicast Packets

ACLs and Switched Packets ACLs and Bridged Packets ACLs and Routed Packets ACLs and Multicast Packets
ACLs and Switched Packets ACLs and Bridged Packets ACLs and Routed Packets ACLs and Multicast Packets
ACLs and Switched Packets ACLs and Bridged Packets ACLs and Routed Packets ACLs and Multicast Packets

33-39

33-40

33-41

33-41

Displaying ACL Configuration

33-42

33-39

33-41 33-41 Displaying ACL Configuration 33-42 33-39 Catalyst 3750 Metro Switch Software Configuration Guide xxiv

Catalyst 3750 Metro Switch Software Configuration Guide

xxiv

OL-9644-10

Contents

CHAPTER

34

Configuring QoS

34-1

 

QoS Overview

34-2

Basic QoS Model

34-4

Supported Policy Maps

Supported Policing Configurations

34-7

Understanding Standard QoS Ingress Classification

34-9

34-9

34-8

Ingress Classification Based on QoS ACLs

34-11

Ingress Classification Based on Traffic Classes and Traffic Policies

34-12

Ingress Policing and Marking

34-13

Nonhierarchical Single-Level Policing

34-13

 

Hierarchical Dual-Level Policing on SVIs

34-15

Mapping Tables

34-17

 

Queueing and Scheduling Overview

34-17

Weighted Tail Drop

34-19

SRR Shaping and Sharing

34-19

Queueing and Scheduling of Ingress Queues

34-20

 

Queueing and Scheduling of Egress Queue-Sets

34-22

QoS Treatment for Performance-Monitoring Protocols

34-25

Cisco IP-SLAs

34-26

Two-Way Active Measurement Protocol

34-26

 

QoS Treatment for IP-SLA and TWAMP Probes