To Next Page

To Previous Page

27-38

Catalyst 3560 Switch Software Configuration Guide

78-16156-01

Chapter 27 Configuring Network Security with ACLs

Using VLAN Maps with Router ACLs

ACLs and Bridged Packets

Figure 27-7 shows how an ACL is applied on fallback-bridged packets. For bridged packets, only

Layer 2 ACLs are applied to the input VLAN. Only non-IP, non-ARP packets can be fallback-bridged.

Figure 27-7 Applying ACLs on Bridged Packets

ACLs and Routed Packets

Figure 27-8 shows how ACLs are applied on routed packets. For routed packets, the ACLs are applied

in this order:

1. VLAN map for input VLAN

2. Input router ACL

3. Output router ACL

4. VLAN map for output VLAN

Frame

Fallback bridge

VLAN 10

Host A

(VLAN 10)

Packet

101358

VLAN 20

Host B

(VLAN 20)

VLAN 10

map

VLAN 20

map

Default Chapter3
- Table of Contents3
- Obtaining Documentation35
  - Ordering Documentation36
  - Documentation Feedback36
- Related Publications35
- Obtaining Technical Assistance36
- Obtaining Additional Publications and Information38
- Features39
Chapter 1 Overview40
- Default Settings after Initial Switch Configuration47
- Network Configuration Examples49
CHAPTER 2 Using the Command-Line Interface55
- Understanding Command Modes55
- C H a P T E R 2 Using the Command-Line Interface56
- Understanding the Help System57
- Understanding Abbreviated Commands57
- Understanding no and Default Forms of Commands58
- Understanding CLI Error Messages58
- Using Command History58
- Using Editing Features60
- Searching and Filtering Output of Show and more Commands62
- Accessing the CLI63
  - Accessing the CLI through a Console Connection or through Telnet63
  - Accessing the CLI from a Browser63
Chapter 3 Getting Started with CMS65
- Understanding CMS65
- Configuring CMS72
- Displaying CMS75
- Where to Go Next80
Chapter 4 Assigning the Switch IP Address and Default Gateway81
- Understanding the Boot Process81
- Assigning Switch Information82
- Checking and Saving the Running Configuration90
- Modifying the Startup Configuration91
- Scheduling a Reload of the Software Image96
  - Configuring a Scheduled Reload96
  - Displaying Scheduled Reload Information97
Chapter 5 Clustering Switches99
- Understanding Switch Clusters100
- Planning a Switch Cluster102
- Creating a Switch Cluster114
- Verifying a Switch Cluster118
- Using the CLI to Manage Switch Clusters119
  - Catalyst 1900 and Catalyst 2820 CLI Considerations120
- Using SNMP to Manage Switch Clusters120
- Managing the System Time and Date123
Chapter 6 Administering the Switch124
- Understanding the System Clock124
- Understanding Network Time Protocol124
- Configuring NTP126
- Configuring Time and Date Manually133
- Configuring a System Name and Prompt137
- Creating a Banner140
- Managing the MAC Address Table143
- Managing the ARP Table150
Chapter 7 Configuring SDM Templates151
- Understanding the SDM Templates151
- Configuring the Switch SDM Template152
- Displaying the SDM Templates154
CHAPTER 8 Configuring Switch-Based Authentication155
- Preventing Unauthorized Access to Your Switch155
- C H a P T E R 8 Configuring Switch-Based Authentication156
- Protecting Access to Privileged EXEC Commands156
- Controlling Switch Access with TACACS164
- Controlling Switch Access with RADIUS172
- Controlling Switch Access with Kerberos186
- Configuring the Switch for Local Authentication and Authorization190
- Configuring the Switch for Secure Shell191
CHAPTER 9 Configuring 802.1X Port-Based Authentication198
- Understanding 802.1X Port-Based Authentication198
- Configuring 802.1X Authentication205
- Displaying 802.1X Statistics and Status215
CHAPTER 10 Configuring Interface Characteristics217
- Understanding Interface Types217
- Using Interface Configuration Mode222
- Configuring Ethernet Interfaces227
- Configuring Layer 3 Interfaces235
- Configuring the System MTU236
- Monitoring and Maintaining the Interfaces238
Chapter 11 Configuring Smartport Macros241
- Understanding Smartport Macros241
- Configuring Smart-Port Macros242
- Displaying Smartport Macros244
Chapter 12 Configuring Vlans245
- Understanding Vlans245
  - Supported Vlans247
  - VLAN Port Membership Modes247
- Configuring Normal-Range Vlans248
- Configuring Extended-Range Vlans256
- Displaying Vlans260
- Configuring VLAN Trunks260
- Configuring VMPS271
Chapter 13 Configuring VTP279
- Understanding VTP279
- Configuring VTP282
- Monitoring VTP293
Chapter 14 Configuring Voice VLAN295
- Understanding Voice VLAN295
  - Cisco IP Phone Voice Traffic296
  - Cisco IP Phone Data Traffic296
- Configuring Voice VLAN297
- Displaying Voice VLAN300
- Configuring STP302
- Understanding Spanning-Tree Features302
Chapter 15 Configuring STP302
- STP Overview302
- Spanning-Tree Topology and Bpdus303
- Bridge ID, Switch Priority, and Extended System ID304
- Spanning-Tree Interface States304
- How a Switch or Port Becomes the Root Switch or Root Port307
- Spanning Tree and Redundant Connectivity308
- Spanning-Tree Address Management308
- Accelerated Aging to Retain Connectivity308
- Spanning-Tree Modes and Protocols309
- Supported Spanning-Tree Instances309
- Spanning-Tree Interoperability and Backward Compatibility310
- STP and IEEE 802.1Q Trunks310
- VLAN-Bridge Spanning Tree311
- Configuring Spanning-Tree Features311
- Displaying the Spanning-Tree Status322
Chapter 16 Configuring MSTP323
- Understanding MSTP324
- Understanding RSTP328
- Configuring MSTP Features333
- Displaying the MST Configuration and Status345
CHAPTER 17 Configuring Optional Spanning-Tree Features348
- Understanding Optional Spanning-Tree Features348
- Configuring Optional Spanning-Tree Features354
- Displaying the Spanning-Tree Status361
Chapter 18 Configuring DHCP Features363
- Understanding DHCP Features363
  - DHCP Snooping363
  - Option-82 Data Insertion364
- Configuring DHCP Features365
- Displaying DHCP Information367
  - Displaying a Binding Table367
  - Displaying the DHCP Snooping Configuration368
Chapter 19 Configuring IGMP Snooping and MVR370
- Understanding IGMP Snooping370
- Configuring IGMP Snooping374
- Displaying IGMP Snooping Information380
- Understanding Multicast VLAN Registration381
  - Using MVR in a Multicast Television Application382
- Configuring MVR383
- Displaying MVR Information388
- Configuring IGMP Filtering and Throttling388
- Displaying IGMP Filtering and Throttling Configuration394
CHAPTER 20 Configuring Port-Based Traffic Control395
- Configuring Storm Control395
- Configuring Protected Ports399
- Configuring Port Blocking400
  - Default Port Blocking Configuration400
  - Blocking Flooded Traffic on an Interface400
- Configuring Port Security401
- Displaying Port-Based Traffic Control Settings409
Chapter 21 Configuring CDP411
- Understanding CDP411
- Configuring CDP412
- Monitoring and Maintaining CDP415
Chapter 22 Configuring UDLD417
- Understanding UDLD417
  - Modes of Operation417
  - Methods to Detect Unidirectional Links418
- Configuring UDLD420
- Displaying UDLD Status423
Chapter 23 Configuring SPAN and RSPAN425
- Understanding SPAN and RSPAN425
- Configuring SPAN and RSPAN433
- Displaying SPAN and RSPAN Status447
Chapter 24 Configuring RMON449
- Understanding RMON449
- Configuring RMON450
- Displaying RMON Status454
Chapter 25 Configuring System Message Logging455
- Understanding System Message Logging455
- Configuring System Message Logging456
- Displaying the Logging Configuration466
Chapter 26 Configuring SNMP467
- Understanding SNMP467
- Configuring SNMP472
- Displaying SNMP Status482
Chapter 27 Configuring Network Security with Acls483
- Understanding Acls483
  - Supported Acls484
  - Handling Fragmented and Unfragmented Traffic487
- Configuring IP Acls488
- Creating Named MAC Extended Acls508
  - Applying a MAC ACL to a Layer 2 Interface510
- Configuring VLAN Maps511
- Using VLAN Maps with Router Acls518
  - Guidelines518
  - Examples of Router Acls and VLAN Maps Applied to Vlans519
- Displaying ACL Configuration522
Chapter 28 Configuring Qos523
- Understanding Qos523
- Configuring Auto-Qos540
- Displaying Auto-Qos Information548
- Configuring Standard Qos548
- Displaying Standard Qos Information586
Chapter 29 Configuring Etherchannels589
- Understanding Etherchannels589
- Configuring Etherchannels596
- Displaying Etherchannel, Pagp, and LACP Status608
Chapter 30 Configuring IP Unicast Routing609
- Understanding IP Routing610
  - Types of Routing610
- Steps for Configuring Routing611
- Configuring IP Addressing612
- Enabling IP Unicast Routing626
- Configuring RIP627
- Configuring IGRP631
- Configuring OSPF636
- Configuring EIGRP645
- Configuring BGP651
- Configuring Protocol-Independent Features671
- Monitoring and Maintaining the IP Network685
Chapter 31 Configuring HSRP687
- Understanding HSRP687
- Configuring HSRP689
- Displaying HSRP Configurations696
Chapter 32 Configuring IP Multicast Routing697
- Understanding Cisco's Implementation of IP Multicast Routing698
- Configuring IP Multicast Routing704
- Configuring Advanced PIM Features718
- Configuring Optional IGMP Features722
- Configuring Optional Multicast Routing Features727
- Configuring Basic DVMRP Interoperability Features732
- Configuring Advanced DVMRP Interoperability Features737
- Monitoring and Maintaining IP Multicast Routing745
Chapter 33 Configuring MSDP749
- Understanding MSDP749
  - MSDP Operation750
  - MSDP Benefits751
- Configuring MSDP752
- Monitoring and Maintaining MSDP767
Chapter 34 Configuring Fallback Bridging769
- Understanding Fallback Bridging769
- Configuring Fallback Bridging770
- Monitoring and Maintaining Fallback Bridging778
Chapter 35 Troubleshooting779
- Recovering from Corrupted Software by Using the XMODEM Protocol780
- Recovering from a Lost or Forgotten Password782
  - Procedure with Password Recovery Enabled783
  - Procedure with Password Recovery Disabled784
- Recovering from a Command Switch Failure786
  - Replacing a Failed Command Switch with a Cluster Member786
  - Replacing a Failed Command Switch with Another Switch788
- Recovering from Lost Cluster Member Connectivity789
- Preventing Autonegotiation Mismatches790
- Troubleshooting Power over Ethernet Switch Ports790
- SFP Module Security and Identification790
- Using Ping791
  - Understanding Ping791
  - Executing Ping791
- Using Layer 2 Traceroute792
- Using IP Traceroute794
  - Understanding IP Traceroute794
  - Executing IP Traceroute795
- Using Debug Commands796
- Using the Show Platform Forward Command797
- Using the Crashinfo File800
Appendix801
Supported Mibs801
- MIB List801
Appendix A Supported MIB802
- MIB List802
- Using FTP to Access the MIB Files803
Appendix805
Working with the Cisco IOS File System, Configuration Files, and Software Images805
- Working with the Flash File System805
- Working with Configuration Files812
- Working with Software Images824
Appendix839
Unsupported Commands in Cisco IOS Release 12.1(19)EA1839
- Access Control Lists839
  - Unsupported Privileged EXEC Commands839
  - Unsupported Global Configuration Commands839
- ARP Commands840
  - Unsupported Global Configuration Commands840
  - Unsupported Interface Configuration Commands840
- Unsupported Debug Commands840
- Fallback Bridging840
  - Unsupported Privileged EXEC Commands840
  - Unsupported Interface Configuration Commands841
Hsrp842
- Unsupported Global Configuration Commands842
- Unsupported Interface Configuration Commands842
- IGMP Snooping Commands842
- Interface Commands842
  - Unsupported Privileged EXEC Commands842
  - Unsupported Interface Configuration Commands843
- IP Multicast Routing843
- IP Unicast Routing844
Msdp847
- Unsupported Privileged EXEC Commands847
- Unsupported Global Configuration Commands847
- Network Address Translation (NAT) Commands847
  - Unsupported User EXEC Commands847
  - Unsupported Interface Configuration Commands847
Radius848
- Unsupported Global Configuration Commands848
Snmp848
- Spanning Tree848
  - Unsupported Interface Configuration Commands848
Vlan848
- Unsupported Vlan-Config Commands848
- Unsupported User EXEC Commands849
Vtp849
- Unsupported Privileged EXEC Commands849
- Miscellaneous849
  - Unsupported Global Configuration Commands849
I N D E X851

Brand	Cisco
Model	WS-C3560-48PS-S
Category	Switch
Language	English

Cisco WS-C3560-48PS-S User Manual

Table of Contents

Other manuals for Cisco WS-C3560-48PS-S

Questions and Answers:

Cisco WS-C3560-48PS-S Specifications

Related product manuals