Summary of the content on the page No. 1
Catalyst 3750 Switch Software
Configuration Guide
Cisco IOS Release 12.2(55)SE
August 2010
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-8550-09
Summary of the content on the page No. 2
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE
Summary of the content on the page No. 3
CONTENTS Preface xlix Audience xlix Purpose xlix Conventions l Related Publications l Obtaining Documentation, Obtaining Support, and Security Guidelines lii CHAPTER 1 Overview 1-1 Features 1-1 Ease-of-Deployment and Ease-of-Use Features 1-2 Performance Features 1-4 Management Options 1-5 Manageability Features 1-6 Availability and Redundancy Features 1-8 VLAN Features 1-9 Security Features 1-10 QoS and CoS Features 1-13 Layer 3 Features 1-14 Power over Ethernet Features 1-15 Monitoring Featur
Summary of the content on the page No. 4
Contents Understanding no and default Forms of Commands 2-4 Understanding CLI Error Messages 2-5 Using Configuration Logging 2-5 Using Command History 2-6 Changing the Command History Buffer Size 2-6 Recalling Commands 2-6 Disabling the Command History Feature 2-7 Using Editing Features 2-7 Enabling and Disabling Editing Features 2-7 Editing Commands through Keystrokes 2-8 Editing Command Lines that Wrap 2-9 Searching and Filtering Output of show and more Commands 2-10 Accessing the CLI 2-10 A
Summary of the content on the page No. 5
Contents Modifying the Startup Configuration 3-19 Default Boot Configuration 3-20 Automatically Downloading a Configuration File 3-20 Specifying the Filename to Read and Write the System Configuration 3-20 Booting Manually 3-21 Booting a Specific Software Image 3-22 Controlling Environment Variables 3-23 Scheduling a Reload of the Software Image 3-24 Configuring a Scheduled Reload 3-25 Displaying Scheduled Reload Information 3-26 CHAPTER 4 Configuring Cisco IOS Configuration Engine 4-1 Underst
Summary of the content on the page No. 6
Contents Member Priority Values 5-7 Stack Offline Configuration 5-7 Effects of Adding a Provisioned Switch to a Stack 5-8 Effects of Replacing a Provisioned Switch in a Stack 5-9 Effects of Removing a Provisioned Switch from a Stack 5-9 Hardware Compatibility and SDM Mismatch Mode in Switch Stacks 5-9 Stack Software Compatibility Recommendations 5-10 Stack Protocol Version Compatibility 5-10 Major Version Number Incompatibility Among Switches 5-10 Minor Version Number Incompatibility Among Swi
Summary of the content on the page No. 7
Contents Hardware Loopback 5-29 Hardware Loopback Example: LINK OK event 5-29 Hardware Loop Example: LINK NOT OK Event 5-30 Finding a Disconnected Cable 5-31 Fixing a Bad Connection Between StackWise Ports 5-32 CHAPTER 6 Clustering Switches 6-1 Understanding Switch Clusters 6-1 Cluster Command Switch Characteristics 6-3 Standby Cluster Command Switch Characteristics 6-3 Candidate Switch and Cluster Member Switch Characteristics 6-4 Planning a Switch Cluster 6-5 Automatic Discovery of Cluster C
Summary of the content on the page No. 8
Contents Configuring NTP Authentication 7-5 Configuring NTP Associations 7-6 Configuring NTP Broadcast Service 7-7 Configuring NTP Access Restrictions 7-8 Configuring the Source IP Address for NTP Packets 7-10 Displaying the NTP Configuration 7-11 Configuring Time and Date Manually 7-11 Setting the System Clock 7-11 Displaying the Time and Date Configuration 7-12 Configuring the Time Zone 7-12 Configuring Summer Time (Daylight Saving Time) 7-13 Configuring a System Name and Prompt 7-14 Default
Summary of the content on the page No. 9
Contents CHAPTER 8 Configuring SDM Templates 8-1 Understanding the SDM Templates 8-1 Dual IPv4 and IPv6 SDM Templates 8-2 SDM Templates and Switch Stacks 8-3 Configuring the Switch SDM Template 8-4 Default SDM Template 8-4 SDM Template Configuration Guidelines 8-5 Setting the SDM Template 8-6 Displaying the SDM Templates 8-8 CHAPTER 9 Configuring Switch-Based Authentication 9-1 Preventing Unauthorized Access to Your Switch 9-1 Protecting Access to Privileged EXEC Commands 9-2 Default Password
Summary of the content on the page No. 10
Contents Change-of-Authorization Requests 9-21 CoA Request Response Code 9-22 CoA Request Commands 9-23 Stacking Guidelines for Session Termination 9-26 Configuring RADIUS 9-27 Default RADIUS Configuration 9-27 Identifying the RADIUS Server Host 9-28 Configuring RADIUS Login Authentication 9-30 Defining AAA Server Groups 9-32 Configuring RADIUS Authorization for User Privileged Access and Network Services 9-34 Starting RADIUS Accounting 9-35 Establishing a Session with a Router if the AAA Serv
Summary of the content on the page No. 11
Contents CipherSuites 9-52 Configuring Secure HTTP Servers and Clients 9-53 Default SSL Configuration 9-53 SSL Configuration Guidelines 9-53 Configuring a CA Trustpoint 9-54 Configuring the Secure HTTP Server 9-55 Configuring the Secure HTTP Client 9-56 Displaying Secure HTTP Server and Client Status 9-57 Configuring the Switch for Secure Copy Protocol 9-57 Information About Secure Copy 9-58 CHAPTER 10 Configuring IEEE 802.1x Port-Based Authentication 10-1 Understanding IEEE 802.1x Port-Based
Summary of the content on the page No. 12
Contents Support on Multiple-Authentication Ports 10-26 Authentication Results 10-26 Feature Interactions 10-26 802.1x Authentication with Voice VLAN Ports 10-27 802.1x Authentication with Port Security 10-28 802.1x Authentication with Wake-on-LAN 10-29 802.1x Authentication with MAC Authentication Bypass 10-29 802.1x User Distribution 10-31 802.1x User Distribution Configuration Guidelines 10-31 Network Admission Control Layer 2 802.1x Validation 10-32 Flexible Authentication Ordering 10-32 O
Summary of the content on the page No. 13
Contents Configuring a Guest VLAN 10-54 Configuring a Restricted VLAN 10-55 Configuring the Inaccessible Authentication Bypass Feature 10-57 Configuring 802.1x Authentication with WoL 10-59 Configuring MAC Authentication Bypass 10-60 Configuring 802.1x User Distribution 10-61 Configuring NAC Layer 2 802.1x Validation 10-62 Configuring an Authenticator and a Supplicant Switch with NEAT 10-63 Configuring NEAT with Auto Smartports Macros 10-64 Configuring 802.1x Authentication with Downloadable A
Summary of the content on the page No. 14
Contents Web-Based Authentication Configuration Task List 11-10 Configuring the Authentication Rule and Interfaces 11-10 Configuring AAA Authentication 11-11 Configuring Switch-to-RADIUS-Server Communication 11-11 Configuring the HTTP Server 11-13 Customizing the Authentication Proxy Web Pages 11-13 Specifying a Redirection URL for Successful Login 11-15 Configuring an AAA Fail Policy 11-15 Configuring the Web-Based Authentication Parameters 11-16 Configuring a Web Authentication Local Banner
Summary of the content on the page No. 15
Contents Setting the Interface Speed and Duplex Parameters 12-19 Configuring IEEE 802.3x Flow Control 12-20 Configuring Auto-MDIX on an Interface 12-21 Configuring a Power Management Mode on a PoE Port 12-22 Budgeting Power for Devices Connected to a PoE Port 12-23 Adding a Description for an Interface 12-25 Configuring Layer 3 Interfaces 12-25 Configuring SVI Autostate Exclude 12-27 Configuring the System MTU 12-28 Configuring the Cisco Redundant Power System 2300 12-29 Monitoring and Maintai
Summary of the content on the page No. 16
Contents Interaction with Other Features 13-19 Configuring a Trunk Port 13-21 Defining the Allowed VLANs on a Trunk 13-22 Changing the Pruning-Eligible List 13-23 Configuring the Native VLAN for Untagged Traffic 13-24 Configuring Trunk Ports for Load Sharing 13-24 Load Sharing Using STP Port Priorities 13-25 Load Sharing Using STP Path Cost 13-26 Configuring VMPS 13-28 Understanding VMPS 13-28 Dynamic-Access Port VLAN Membership 13-29 Default VMPS Client Configuration 13-29 VMPS Configuration
Summary of the content on the page No. 17
Contents Configuring VTP Mode 14-11 Configuring a VTP Version 3 Password 14-13 Configuring a VTP Version 3 Primary Server 14-13 Enabling the VTP Version 14-14 Enabling VTP Pruning 14-15 Configuring VTP on a Per-Port Basis 14-15 Adding a VTP Client Switch to a VTP Domain 14-16 Monitoring VTP 14-17 CHAPTER 15 Configuring Voice VLAN 15-1 Understanding Voice VLAN 15-1 Cisco IP Phone Voice Traffic 15-2 Cisco IP Phone Data Traffic 15-3 Configuring Voice VLAN 15-3 Default Voice VLAN Configuration 15-
Summary of the content on the page No. 18
Contents Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface 16-14 Monitoring Private VLANs 16-15 CHAPTER 17 Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling 17-1 Understanding IEEE 802.1Q Tunneling 17-1 Configuring IEEE 802.1Q Tunneling 17-4 Default IEEE 802.1Q Tunneling Configuration 17-4 IEEE 802.1Q Tunneling Configuration Guidelines 17-4 Native VLANs 17-4 System MTU 17-5 IEEE 802.1Q Tunneling and Other Features 17-6 Configuring an IEEE 802.1Q Tunneling Port 17-6 Understa
Summary of the content on the page No. 19
Contents Spanning-Tree Interoperability and Backward Compatibility 18-11 STP and IEEE 802.1Q Trunks 18-11 VLAN-Bridge Spanning Tree 18-11 Spanning Tree and Switch Stacks 18-12 Configuring Spanning-Tree Features 18-12 Default Spanning-Tree Configuration 18-13 Spanning-Tree Configuration Guidelines 18-13 Changing the Spanning-Tree Mode. 18-15 Disabling Spanning Tree 18-16 Configuring the Root Switch 18-16 Configuring a Secondary Root Switch 18-18 Configuring Port Priority 18-18 Configuring Path
Summary of the content on the page No. 20
Contents Synchronization of Port Roles 19-12 Bridge Protocol Data Unit Format and Processing 19-13 Processing Superior BPDU Information 19-14 Processing Inferior BPDU Information 19-14 Topology Changes 19-14 Configuring MSTP Features 19-15 Default MSTP Configuration 19-16 MSTP Configuration Guidelines 19-16 Specifying the MST Region Configuration and Enabling MSTP 19-17 Configuring the Root Switch 19-19 Configuring a Secondary Root Switch 19-20 Configuring Port Priority 19-21 Configuring Path