Name: Cisco Catalyst 3560-X
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

1-3

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-03

Chapter 1 Cisco TrustSec

Configuration Guidelines and Limitations

The following guidelines and limitations apply to configuring Cisco TrustSec SGT and SGACL on

Catalyst 3750-X and Catalyst 3560-X switches:

• You cannot statically map an IP-subnet to an SGT. You can only map IP addresses to an SGT. When

you configure IP address-to-SGT mappings, the IP address prefix must be 32.

• If a port is configured in Multi-Auth mode, all hosts connecting on that port must be assigned the

same SGT. When a host tries to authenticate, its assigned SGT must be the same as the SGT assigned

to a previously authenticated host. If a host tries to authenticate and its SGT is different from the

SGT of a previously authenticated host, the VLAN port (VP) to which these hosts belong is

error-disabled.

• Cisco TrustSec enforcement is supported only on up to eight VLANs on a VLAN-trunk link. If there

are more than eight VLANs configured on a VLAN-trunk link and Cisco TrustSec enforcement is

enabled on those VLANs, the switch ports on those VLAN-trunk links will be error-disabled.

• The switch can assign SGT and apply corresponding SGACL to end-hosts based on SXP listening

only if the end-hosts are Layer2 adjacent to the switch.

• Port-to-SGT mapping can be configured only on Cisco TrustSec links (that is, switch-to-switch

links). Port-to-SGT mapping cannot be configured on host-to-switch links.

When port-to-SGT mapping is configured on a port, an SGT is assigned to all ingress traffic on that

port. There is no SGACL enforcement for egress traffic on the port.

• SGT/SGACL is supported on Cisco Catalyst 3750-X and 3650-X series switches with all network

uplink modules: C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-10GT and C3KX-SM-10G. The

C3KX-SM-10G is only required for MACsec on the uplinks.

• The ASCI on Catalyst 3750X has a limitation because of which SGACL enforcement works only for

directly connected clients to the switch.

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 3560-X and is the answer not in the manual?

Cisco Catalyst 3560-X Specifications

General

Enclosure Type	Rack-mountable - 1U
Subtype	Gigabit Ethernet
Ports	48 x 10/100/1000 + 4 x SFP
Flash Memory	64 MB
Power Device	Internal power supply
Voltage Required	AC 120/230 V (50/60 Hz)
Operating System	Cisco IOS
Device Type	Switch
Performance	Switching capacity: 128 Gbps
Jumbo Frame Support	Yes
Routing Protocol	RIP-1, RIP-2, EIGRP
Remote Management Protocol	SNMP 1, RMON 1, RMON 2, RMON 3, RMON 9, Telnet, SNMP 3, HTTP, HTTPS
Features	DHCP support, VLAN support, QoS, IPv6 support, Syslog
Compliant Standards	IEEE 802.3, IEEE 802.3u, IEEE 802.3z, IEEE 802.1D, IEEE 802.1Q, IEEE 802.3ab, IEEE 802.1p, IEEE 802.3af, IEEE 802.3x, IEEE 802.3ad, IEEE 802.1w, IEEE 802.1x, IEEE 802.1s, IEEE 802.3ah, IEEE 802.1ag, IEEE 802.3at
Stacking	Stackable
Security Features	SSH, RADIUS, TACACS+
Management	CLI
Dimensions (H x W x D)	17.5 in
Operating Temperature	32 to 113 °F (0 to 45 °C)
Humidity	10 - 95% (non-condensing)