Cisco catalyst blade switch 3120 for hp (19 pages)
Summary of Contents for Cisco Catalyst 3850
Page 1
Cisco Catalyst 3850 Series and Cisco Catalyst 3650 Series Switches Best Practices Guide First Published: November 30, 2015 Last Updated: December 14, 2015 Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.
Page 3
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.
Create a Management VLAN in Hardware 2-15 Verify Basic Switch Configuration 2-17 Show Running Configuration for Initial Management Information 2-17 Switch Stack Update 3-21 Purpose 3-21 Prerequisites 3-21 Identify Configuration Values 3-22 Cisco Catalyst 3850 Series and Cisco Catalyst 3650 Series Switches Best Practices Guide...
Page 6
Prerequisites 5-41 Restrictions 5-41 Identify Configuration Values 5-42 LAN Access Switch Topology with Uplinks to a Distribution Switch or Distribution Router 5-43 Configure Uplink Interface Connectivity 5-44 Cisco Catalyst 3850 Series and Cisco Catalyst 3650 Series Switches Best Practices Guide...
Page 7
Provision Common Wired Security Access 7-68 Provision in Monitor Mode 7-71 Provision in Low Impact Mode 7-72 Provision in High Impact Mode 7-73 Verify Secure Access Control on the Switch 7-74 Cisco Catalyst 3850 Series and Cisco Catalyst 3650 Series Switches Best Practices Guide...
Page 8
Verify WLAN Client Connectivity 8-98 Verify the Converged Access Configuration on the Switch 8-99 Show Running Configuration for Wireless LAN Converged Access 8-99 System Health Monitoring 9-103 Purpose 9-103 Cisco Catalyst 3850 Series and Cisco Catalyst 3650 Series Switches Best Practices Guide...
Page 9
9-106 Monitor File Systems Usage 9-106 Run a System Baseline for Environmental Resources 9-107 Other System Monitoring Considerations 9-108 Spanning Tree Monitoring 9-108 N D E X Cisco Catalyst 3850 Series and Cisco Catalyst 3650 Series Switches Best Practices Guide...
Page 10
Contents Cisco Catalyst 3850 Series and Cisco Catalyst 3650 Series Switches Best Practices Guide...
Page 11
Preface Audience This document is written for managing the Cisco Catalyst 3850 Series Switches and the Cisco 3650 Series switches and switch stacks in their network. A basic understanding of Ethernet networking is expected. Cisco Certified Network Associate level (CCNA) knowledge is helpful, but not required.
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.
This document describes best practices for deploying your Cisco Catalyst 3850 Series and Cisco Catalyst 3650 Series switches. Unless otherwise noted, the term switch refers to a standalone Catalyst 3850 switch, a Catalyst 3650 Note switch, or a switch stack.
Page 14
VSS (Cat6500/6800/4500), or VPC (Nexus 7000) Data VLAN 10 Trunk link Native VLAN 999 All VLANs included Printer Access point VLAN 12 Wireless access Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 15
Figure 3 shows the best-practice configurations described in this document. See the Switch Hardware Installation Guide for information on how to install a switch. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 16
Configure wireless LAN on the switch and on access on the switch to enable connected devices converged access functionality Monitor switch health to maintain network stability and performance Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 17
192.168.13.0/24 Upstream device Wireless client VLAN and subnet. — 192.168.254.0 — IP address range for all central services. The services are not physically adjacent to the switch. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 18
Ease of Deployment Switch Address Plan Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Cisco IOS XE release to avoid mismatch issues. In addition, any new switch that needs to join the switch stack must also be running the same Cisco IOS XE release; otherwise, the switch stack will not converge and the new switch will remain in a standalone state.
Page 20
VSS (Cat6500/6800/4500), or VPC (Nexus 7000) Data VLAN 10 Trunk link Native VLAN 999 All VLANs included Printer Access point VLAN 12 Wireless access Performing the Stack Update Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Download the desired .bin file from Cisco.com to the switch flash storage. Step 1 The purpose of this example is only to show you how the Cisco-suggested release symbol is designated, Note and not to give you recommended release versions because those change over time.
Page 22
Since the format of the pacakges.conf file has changed in Cisco IOS XE Release Denali 16.1, overwrite Note the old packages.conf with the new packages.conf file. Perform the above step for eachswitch in your stack. If you have a 3 member stack, it will need to be done on flash:, flash-2:, and flash-3.
Page 23
------ ----- ----- ---------- ---------- ---- 1 32 WS-C3850-24P Denali 16.1.1 CAT3K_CAA-UNIVERSALK9 BUNDLE 2 32 WS-C3850-24P Denali 16.1.1 CAT3K_CAA-UNIVERSALK9 BUNDLE 3 32 WS-C3850-24P Denali 16.1.1 CAT3K_CAA-UNIVERSALK9 BUNDLE Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 24
The request platform clean switch command also deletes the .bin file that is used to install the new Note Cisco IOS software. After the .bin is extracted, you no longer need it. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 25
Do you want to proceed? [y/n]y [1]: Deleting file flash:cat3k_caa-rpbase.BLD_V161_0_THROTTLE_LATEST_20151116_230450.SSA.pkg done. Deleting file flash:cat3k_caa-srdriver.BLD_V161_0_THROTTLE_LATEST_20151116_230450.SSA.pkg ... done. Deleting file flash:cat3k_caa-universalk9.BLD_V161_0_THROTTLE_LATEST_20151116_230450.SSA.bin ... done. Deleting file flash:cat3k_caa-wcm.BLD_V161_0_THROTTLE_LATEST_20151116_230450.SSA.pkg ... done. Deleting file flash:cat3k_caa-webui.BLD_V161_0_THROTTLE_LATEST_20151116_230450.SSA.pkg done. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
[1 2]: Do you want to proceed with reload? [yes/no] After the reload completes, run the request platform software package clean switch all file flash Step 12 command. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
The auto-upgrade feature automatically installs the software packages from an existing stack member to the stack member that is running incompatible software. Auto-upgrade is disabled by default. Note The rolling-upgrade feature is not supported. Note software auto-upgrade enable Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 28
Switch Stack Update Performing the Stack Update Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
We recommend that you take a print out of Table 2, and, as you follow the configuration sequence, replace the values in column B with your values in column C. Replace the blue italicized example values with your own values. Note Cisco Systems, Inc. www.cisco.com...
Enter the show running-configuration command to display the initial management information for • the switch. The following configurations should be performed in the same sequence in which they are listed here. Note Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
If the switch acts as a Web authentication server or as an authentication proxy, then do not disable the HTTP server by executing the no ip http server command. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
TACACS+ server is unavailable. This example shows how to configure the switch for TACACS administrative access. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Configure a Management IP Address on an Out-of-Band Interface • • Configure a Management IP Address on an In-Band Interface • Create a Management VLAN in Hardware Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 34
The GigabitEthernet 0/0 interface will not function without an IP address assigned to it. Mgmt-vrf is built-in; you do not have to create one for out-of-band management. ip route vrf Mgmt-vrf 192.168.128.5 255.255.255.0 192.168.128.1 exit Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
VLAN, is in a forwarding state. This example shows a VLAN created for management and indicates that the IP address is reachable. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
VLAN ID on both ends of the Ethernet link to properly configure the management VLAN in hardware. A “dummy” VLAN is used as the native VLAN on trunk interfaces. A dummy VLAN is not used for data or management traffic. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 37
! The next step assumes the uplink interface is GigabitEthernet 1/1/1, but ! your uplink interface may be different. interface GigabitEthernet 1/1/1 Switchport mode trunk Switchport trunk native vlan Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 38
! Now the default gateway will respond to pings ping 182.168.1.1 Enter the show running-configuration command to display the initial management information for the Note switch. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 39
Initial Switch Configuration Assign Initial Management Information Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 40
Initial Switch Configuration Assign Initial Management Information Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Replace the blue italicized example values with your own values. Note Table 4 Global System: Setting Values A. Value Name B. Example Value C. Your Value Management subnets allowed 192.168.128.5/0.0.0.255 192.168.0.0/0.0.0.255 192.168.254.0/0.0.0.255 NTP server IP address 192.168.254.11 Cisco Systems, Inc. www.cisco.com...
Configure the Switch to run in VTP Transparent Mode • Enable Rapid Per-VLAN Spanning Tree Plus Configure BPDU Guard for Spanning-Tree PortFast Interfaces • Configure UDLD to Detect Link Failure • Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Typically, VLANs are defined once during your initial switch configuration and do not require continuous VTP updates after the switch is operational. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
The BPDU configuration protects STPF-enabled interfaces by disabling the port if another switch is plugged into the port. This command should configured globally, not at the interface level. spanning-tree portfast bpduguard default Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
55 permit 192.168.0.0 0.0.0.255 access-list 55 permit 192.168.254.0 0.0.0.255 line vty 0 15 access-class 55 in vrf-also exit snmp-server community sample-READONLY RO 55 snmp-server community sampe-READWRITE RW 55 Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Step 11 send traffic to. EtherChannel traffic should be balanced across all physical interfaces. The default load-balancing scheme for EtherChannels is based on the source MAC address. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
IPv6 problems. Access interfaces to end devices should not be trusted for router advertisements and IPv6 DHCP Note response. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
When new members join an existing switch stack, the Cisco IOS version of the new members must match the Cisco IOS version of the existing members. The Auto Upgrade feature provides the ability to automatically update new members when they join.
We recommend that you identify certain switch configuration values in advance so that you can proceed with this workflow without interruption. We recommend that you take a print out of Table 5, and, as you follow the configuration sequence, replace the values in column B with your values in column C. Cisco Systems, Inc. www.cisco.com...
Page 50
Guard policy name QoS service policy input name AutoQos-4.0-Trust-Dscp-Input -Policy QoS service policy output name AutoQos-4.0-Output-Policy Configuration examples begin in global configuration mode, unless noted otherwise. Note Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
VSS (Cat6500/6800/4500), or VPC (Nexus 7000) Data VLAN 10 Trunk link Native VLAN 999 Printer All VLANs included Access point VLAN 12 Wireless access Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 52
Desktop user Dual redundant direct connect routers running HSRP Data VLAN 10 Trunk link Native VLAN 999 Printer All VLANs included Access point VLAN 12 Wireless access Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Additional service policies should be applied after traffic is transmitted in order to ease congestion. For more information see, “Configure QoS on an Access Interface” on page 56 Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
6, shows the switch stack that has a single EtherChannel connection to a distribution VSS or VPC switch pair. The VSS and VPC systems have an explicit configuration between the Cisco distribution switch pair. That allows them to act as a single logical switch when connected to the EtherChannel. The EtherChannel is configured as a trunk with VLANs 10, 11, 12, and 100, with the native VLAN set to 999.
Page 55
EtherChannel to each distribution router. Each EtherChannel is configured as a trunk with VLANs 10, 11, 12, 100, 200, and 999, with the native VLAN set to 999. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 56
The policies that should be applied are defined in the “Global System Configuration” workflow. In the following example, security is applied to the uplink interfaces connecting to VPC, VSS, or standalone switch. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 57
For more information about spanning-tree root on distribution switches, see the “Spanning VLANs across Access Layer Switches” section of the Campus Network for High Availability Design Guide. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 59
Uplink Interface Connectivity Display Uplink Interface Connectivity for the Switch Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 60
Uplink Interface Connectivity Display Uplink Interface Connectivity for the Switch Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
We also recommend that you take a print out of Table 6, and, as you follow the configuration sequence, replace the values in column B with your values in column C. Replace the blue italicized example values with your own values. Note Cisco Systems, Inc. www.cisco.com...
Page 62
Uplink EtherChannel Interfaces” Classify-Police-Input-Policy section.) Trust-Dscp-Input-Policy SoftPhone-Input-Policy Trust-Dscp-Input-Policy Trust-Dscp-Input-Policy Trust-COS-Input-Policy No-Trust-Input-Policy QoS service policy output name 2P6Q3T Configuration examples begin in global configuration mode, unless noted otherwise. Note Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
When configuring your access interface, you should complete the following tasks: Configure an Interface for Access Mode • Configure VLAN Membership • Create an Interface Description • Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Configure an Interface for Access Mode Use the switchport host command to perform the following configurations for the end devices on your Step 1 switch: Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
The MAC address limit is 11. When the end device exceeds 11 source MAC addresses, the ingress traffic to the switch on those source MAC addresses is dropped. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 66
IPv6 router advertisements, and IPv6 responses. The applied policies are defined in the “Global System Configuration” workflow. ipv6 nd raguard attach-policy endhost_ipv6_raguard ipv6 guard attach-policy endhost_ipv6__guard Configure QoS on an Access Interface Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
This following section describes the commands that you should use to use to confirm that your configurations in this workflow are correctly applied to your switch: Use the show running-configuration command to verify the operational configuration of the access Step 11 interfaces. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 68
Interfaces: Interface Trusted Allow option Rate limit (pps) ----------------------- ------- ------------ ---------------- GigabitEthernet1/0/1 Custom circuit-ids: GigabitEthernet1/0/2 Custom circuit-ids: GigabitEthernet1/0/3 Custom circuit-ids: GigabitEthernet1/0/4 Custom circuit-ids: Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 69
PORT endhost_ipv6_raguard RA guard vlan all Gi1/0/2 PORT endhost_ipv6_raguard RA guard vlan all Gi1/0/3 PORT endhost_ipv6_raguard RA guard vlan all Gi1/0/4 PORT endhost_ipv6_raguard RA guard vlan all Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 70
Enter the range command for each member. IP Phone Access Interface The following example displays the IP phone Access Interface information: Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 71
2k storm-control action trap ipv6 nd raguard attach-policy endhost_ipv6_raguard ipv6 guard attach-policy endhost_ipv6__guard auto qos voip cisco-phone service-policy input AutoQos-4.0-CiscoPhone-Input-Policy service-policy output 2P6Q3T Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 72
1k storm-control multicast level pps 2k storm-control action trap Printer Access Interface The following example displays the Printer Access Interface information. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 73
2k storm-control action trap ipv6 nd raguard attach-policy endhost_ipv6_raguard ipv6 guard attach-policy endhost_ipv6__guard auto qos classify police service-policy input AutoQos-4.0-Classify-Police-Input-Policy service-policy output 2P6Q3T Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 74
Access Interface Connectivity Display Running Configuration for Access Interface Connectivity Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Do not use port security with IEEE 802.1x. When IEEE 802.1x is enabled, port security then • becomes redundant and might interfere with the IEEE 802.1x functionality. Identify Configuration Values Cisco Systems, Inc. www.cisco.com...
RADIUS server encryption key cisco123 Data VLAN Voice VLAN Auth-server dead vlan Extended IP ACL LowImpactSecurity-acl Configuration examples begin in global configuration mode, unless noted otherwise. Note Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
The main components of IEEE 802.1x are: Supplicant (end device) • Authenticator (switch) • Authentication server (RADIUS or ISE) • Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
In this mode, addresses. voice endpoint. all devices are authenticated. Unless otherwise noted, we recommend that multiple-authentication mode be configured instead of single-host mode, for increased security: Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 79
We recommend that you do not change the IEEE 802.1x timer and variable default settings, unless necessary. Begin in interface configuration mode: dot1x timeout tx -period dot1x max-reauth-req authentication timer restart dot1x timeout quiet-period Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 80
Begin in global configuration mode. Enable new access control aaa new-model !Set authentication list for 802.1x aaa authentication dot1x default group radius !Enable 802.1x authentication dot1x system-auth-control Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
IEEE 802.1x functionality. Begin in interface configuration mode. no switchport port-security no switchport port-security violation no switchport port-security aging type no switchport port-security aging time no switchport port-security maximum Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
(multiauth) mode or if the voice domain of the port is in MDA mode. authentication event server dead action authorize vlan If the authentication server does not respond, authorize voice. Step 15 authentication dead action authorize voice Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
AutoQos-4.0-CiscoPhone-Input-Policy service-policy output AutoQos-4.0-Output-Policy ip verify source snooping limit rate 100 radius server AuthServer address ipv4 192.168.254.14 auth-port 1645 acct-port 1646 key cisco123 Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 85
AuthServer address ipv4 192.168.254.14 auth-port 1645 acct-port 1646 key cisco123 Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
192.168.254.14 auth-port 1645 acct-port 1646 key cisco123 Monitoring IEEE 802.1x Status and Statistics Step 1 Use the show dot1x statistics command to display switch-related and port-related IEEE 802.1x statistics. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 87
Sysauthcontrol Enabled Dot1x Protocol Version Dot1x Info for GigabitEthernet1/0/1 ----------------------------------- = AUTHENTICATOR QuietPeriod = 60 ServerTimeout SuppTimeout = 30 ReAuthMax MaxReq TxPeriod = 30 Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 88
Dot1x Info for GigabitEthernet1/0/1 ----------------------------------- PAE = AUTHENTICATOR QuietPeriod = 60 ServerTimeout = 0 SuppTimeout = 30 ReAuthMax = 2 MaxReq = 2 TxPeriod = 30 Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Wired and wireless features that are enabled in the same platform is referred to as converged access. The wired plus wireless features are bundled into a single Cisco IOS Software image, which reduces the number of software images that users have to qualify and certify before enabling them in their network.
Converged Wired and Wireless Access Identify Configuration Values A Catalyst 3850 switch stack can support a maximum of 50 access points. • A Cisco Catalyst 3650 stack can support a maximum of 25 access points. • WLAN cannot use client VLAN 0.
We recommend that you distribute the access points equally across the stack to achieve reliability during switchover scenarios preventing connectivity loss to access points connected to a member or standby switch. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
AP-count license for the switch stack is automatically recalculated. When members are removed from the stack, the total AP-count license is decremented from the total • available AP-count license in the stack. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Verify the RTU license summary details. Step 3 The example shows that a permanent IP Services license is installed and is available upon switch reboot: Five AP-count licenses are in use. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
We recommend that you exclude the IP address already used for the default router and the in-use wireless management SVI address to prevent an upstream router from allocating this IP address to an access point. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
[confirm] y After the switch reboots, verify that the role of the switch has changed to Mobility Controller. Step 8 Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Note The access VLAN on the switch port should be the same as the wireless management VLAN configured Step 4 in this workflow. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
!Activate the client VLAN in the VLAN database. !Configure VLAN 200 if not already configured. vlan name Wireless_Client interface vlan description Client VLAN ip address 192.168.13.2 255.255.254.0 no shutdown Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Access II (WPA2). To make the WLAN open, use the no security wpa wpa2 command. wlan OPEN_WLAN 1 open_wlan client vlan no security wpa no security wpa akm dot1x no security wpa wpa2 no security wpa wpa2 ciphers aes no shutdown Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
WLAN. wlan secure_WLAN 2 CISCO_WLAN shutdown service-policy client input wlan-Entr-Client-Input-Policy service-policy output wlan-Entr-SSID-Output-policy no shutdown exit Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Anchor Clients Foreign Clients MTE Clients Mac Address VlanId IPv4 Address Src If -------------- ------ --------------- ------------------ ------- 0000.3a40.0001 340 153.40.125.100 0x00000000800000E2 LOCAL 0000.3a40.0002 340 153.40.125.101 0x00000000800000A1 LOCAL Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Configure QoS Service Policies for an Open WLAN • DHCP Snooping Enable the AAA RADIUS Server The configuration of the RADIUS server is dependent on the RADIUS service that you choose. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
WPA2 with AES encryption and IEEE 802.1x key management are enabled by default on the WLAN for Note the switch so you do not need to explicitly configure these security settings. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
5ghz rate RATE_36M supported ap dot11 5ghz rate RATE_48M supported ap dot11 5ghz rate RATE_54M supported no ap dot11 5ghz shutdown !Shutdown 2.4Ghz network ap dot11 24ghz shutdown Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
24ghz cleanair device video ap dot11 5ghz cleanair device jammer ap dot11 5ghz cleanair device cont-tx ap dot11 5ghz cleanair device dect-like ap dot11 5ghz cleanair device video Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Client connectivity depends on the type of device used which can be verified by looking at the wireless network interface details. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
0x006B2F4000002844 RUN LOCAL Show Running Configuration for Wireless LAN Converged Access Enter the show running-configuration command to display the wireless configuration settings for the Step 1 switch. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 108
OPEN_WLAN 1 WiFi_Open client vlan 200 no security wpa no security wpa akm dot1x no security wpa wpa2 no security wpa wpa2 ciphers aes no shutdown Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 109
5ghz rate RATE_24M mandatory ap dot11 5ghz rate RATE_36M supported ap dot11 5ghz rate RATE_48M supported ap dot11 5ghz rate RATE_54M supported no ap dot11 5ghz shutdown ap group default-group Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 110
Converged Wired and Wireless Access Show Running Configuration for Wireless LAN Converged Access Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
If you are only interested in the switch uptime and last reload, you can run a more direct command using the pipe “|” feature built into Cisco IOS XE (and Cisco IOS) software. This example shows that Cisco IOS XE release 3.3.2 SE was running for five weeks before a privileged user initiated a switch reload.
This output shows the five-second, one-minute, and five-minute periods on each CPU core. It also shows the Forwarding Engine Driver (FED), IOS daemon IOSd, and Wireless Controller Module (WCM) processes have the highest CPU utilization. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 113
CPU% per second (last 60 seconds) Reference: For detailed information to help troubleshoot your high CPU usage concerns, see the Catalyst 3850 Series Switch High CPU Usage Troubleshooting document. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Use the dir filesystem or the show filesystem command to list the files under a specific files system. Step 6 When you find crash files, it is important to immediately retrieve them to diagnose a system failure or unexpected crash. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
If your switches are in a stack, run the show environment stack command to view all of the Step 8 environmental outputs stack wide. Although some of settings are adjustable, we recommend leaving the settings with their default values. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
This example output shows that the switch is actually operating as the root bridge for all of the VLANs which can cause extreme network degradation if incorrectly configured. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 117
This command displays network stability information about the number of topology changes within each VLAN, the last time a TCN was received, and so forth. Frequently monitoring this information is critical to maintaining overall health of the switch and network. Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 118
Number of topology changes 12 last change ed 4d07h ago from GigabitEthernet1/0/1 VLAN0881 is executing the ieee compatible Spanning Tree protocol Number of topology changes 7 last change ed 4d07h ago from GigabitEthernet1/0/1 Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Easy-open mode End-User-License Agreement (EULA) out-of-band management EtherChannels 135, 144 evaluation license password provision in phased deployments high impact mode HSRP (Hot Standby Router Protocol) HTTP (HTTPS) Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...
Page 120
Distribution switches synchronized clock TACACS+ TFTP and FTP server TFTP block size 121, 136 Unidirectional Link Detection (UDLD) uplink to distribution switches user id Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series...