User Guide
Page 1
...not actually performed at the switch.) Traffic between different VLANs on a switch is forwarded to find information about platform support and Cisco IOS and Catalyst OS software image support. An account on page 104. Americas Headquarters: Cisco Systems, Inc., 170 West... notes for the 4-port Cisco HWIC-4ESW and the 9-port Cisco HWIC-D-9ESW EtherSwitch high-speed WAN interface cards (HWICs) hardware feature supported on a Cisco EtherSwitch HWIC may not support all the features documented in this module, and to another Cisco EtherSwitch HWIC or EtherSwitch network module in which each...
...not actually performed at the switch.) Traffic between different VLANs on a switch is forwarded to find information about platform support and Cisco IOS and Catalyst OS software image support. An account on page 104. Americas Headquarters: Cisco Systems, Inc., 170 West... notes for the 4-port Cisco HWIC-4ESW and the 9-port Cisco HWIC-D-9ESW EtherSwitch high-speed WAN interface cards (HWICs) hardware feature supported on a Cisco EtherSwitch HWIC may not support all the features documented in this module, and to another Cisco EtherSwitch HWIC or EtherSwitch network module in which each...
User Guide
Page 2
... on the ninth port (port 8) of IP routing. Contents Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Contents The following restrictions apply to the Cisco HWIC-4ESW and the Cisco HWIC-D-9ESW EtherSwitch HWICs: • No more than two Ethernet Switch HWICs or network modules may be installed in a host router. Multiple Ethernet Switch HWICs or network modules installed in a host router will not work...
... on the ninth port (port 8) of IP routing. Contents Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Contents The following restrictions apply to the Cisco HWIC-4ESW and the Cisco HWIC-D-9ESW EtherSwitch HWICs: • No more than two Ethernet Switch HWICs or network modules may be installed in a host router. Multiple Ethernet Switch HWICs or network modules installed in a host router will not work...
User Guide
Page 3
..., duplications will occur in the VLAN databases, and unexpected packet handling may occur. For information about VLANs, see the 16- Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Prerequisites for Installing Two Ethernet Switch Network Modules in a Single Chassis Prerequisites for the optional Gigabit Ethernet expansion board ports must be connected to the two Ethernet...
..., duplications will occur in the VLAN databases, and unexpected packet handling may occur. For information about VLANs, see the 16- Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Prerequisites for Installing Two Ethernet Switch Network Modules in a Single Chassis Prerequisites for the optional Gigabit Ethernet expansion board ports must be connected to the two Ethernet...
User Guide
Page 4
Information About EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Inline Power for Cisco IP Phones For conceptual information about inline power for Cisco IP phones, see the "Inline Power for Cisco IP Phones" section of the EtherSwitch Network Module. Spanning Tree Protocol For conceptual information about a switched port analyzer, see the "Using the Spanning Tree Protocol with the EtherSwitch Network...
Information About EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Inline Power for Cisco IP Phones For conceptual information about inline power for Cisco IP phones, see the "Inline Power for Cisco IP Phones" section of the EtherSwitch Network Module. Spanning Tree Protocol For conceptual information about a switched port analyzer, see the "Using the Spanning Tree Protocol with the EtherSwitch Network...
User Guide
Page 5
... request). 2 times (number of times that the switch will send an EAP-request/identity frame before restarting the authentication process). Fallback Bridging For conceptual information about intrachassis stacking, see the "Fallback Bridging" section of the EtherSwitch Network Module. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Information About EtherSwitch HWICs Intrachassis Stacking For conceptual information about fallback bridging...
... request). 2 times (number of times that the switch will send an EAP-request/identity frame before restarting the authentication process). Fallback Bridging For conceptual information about intrachassis stacking, see the "Fallback Bridging" section of the EtherSwitch Network Module. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Information About EtherSwitch HWICs Intrachassis Stacking For conceptual information about fallback bridging...
User Guide
Page 6
...EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Table 1 Default 802.1x Configuration (continued) Feature Client timeout period Authentication server timeout period Default Setting 30 seconds (when relaying a request from the client to the authentication server, the amount of time the switch... (when relaying a response from the authentication server to the client, the amount of an 802.1x-enabled port to Configure EtherSwitch HWICs • Configuring VLANs, page 5 • Configuring VLAN Trunking Protocol, page 7 • Configuring Layer 2 Interfaces, page...
...EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Table 1 Default 802.1x Configuration (continued) Feature Client timeout period Authentication server timeout period Default Setting 30 seconds (when relaying a request from the client to the authentication server, the amount of time the switch... (when relaying a response from the authentication server to the client, the amount of an 802.1x-enabled port to Configure EtherSwitch HWICs • Configuring VLANs, page 5 • Configuring VLAN Trunking Protocol, page 7 • Configuring Layer 2 Interfaces, page...
User Guide
Page 7
... Instance from the Database, page 6 Adding a VLAN Instance A total of 15 VLANs can be supported by an EtherSwitch HWIC. enable 2. Enters VLAN configuration mode. SUMMARY STEPS 1. Updates the VLAN database, propagates it throughout the administrative domain,...if prompted. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs • Managing the EtherSwitch HWIC, page 78 Configuring VLANs This section describes how to configure a Fast Ethernet interface as Layer 2 access. Follow the steps below to configure VLANs on the switch and contains ...
... Instance from the Database, page 6 Adding a VLAN Instance A total of 15 VLANs can be supported by an EtherSwitch HWIC. enable 2. Enters VLAN configuration mode. SUMMARY STEPS 1. Updates the VLAN database, propagates it throughout the administrative domain,...if prompted. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs • Managing the EtherSwitch HWIC, page 78 Configuring VLANs This section describes how to configure a Fast Ethernet interface as Layer 2 access. Follow the steps below to configure VLANs on the switch and contains ...
User Guide
Page 8
How to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Follow the steps below to configure the switch as a VTP server. 8 Updates the VLAN database, propagates it ...id 4. SUMMARY STEPS 1. Configuring VLAN Trunking Protocol This section describes how to configure the VLAN Trunking Protocol (VTP) on an EtherSwitch HWIC, and contains the following tasks: • Configuring a VTP Server, page 7 • Configuring a VTP Client, page ...; Enter your password if prompted. Configuring a VTP Server When a switch is not supported by EtherSwitch HWICs.
How to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Follow the steps below to configure the switch as a VTP server. 8 Updates the VLAN database, propagates it ...id 4. SUMMARY STEPS 1. Configuring VLAN Trunking Protocol This section describes how to configure the VLAN Trunking Protocol (VTP) on an EtherSwitch HWIC, and contains the following tasks: • Configuring a VTP Server, page 7 • Configuring a VTP Client, page ...; Enter your password if prompted. Configuring a VTP Server When a switch is not supported by EtherSwitch HWICs.
User Guide
Page 9
Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to privileged EXEC mode. exit DETAILED STEPS Command or Action Step 1 enable Step 2 Example: Router> enable vlan database Purpose Enables privileged...value 6. enable 2. Step 3 Example: Router# vlan database vtp server Configures the switch as a VTP client. 9 Configuring a VTP Client When a switch is in the management domain and modifies its configuration accordingly. The client switch receives VTP updates from 8 to configure the switch as a VTP server. vlan database 3. Domain names can be a maximum of ...
Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to privileged EXEC mode. exit DETAILED STEPS Command or Action Step 1 enable Step 2 Example: Router> enable vlan database Purpose Enables privileged...value 6. enable 2. Step 3 Example: Router# vlan database vtp server Configures the switch as a VTP client. 9 Configuring a VTP Client When a switch is in the management domain and modifies its configuration accordingly. The client switch receives VTP updates from 8 to configure the switch as a VTP server. vlan database 3. Domain names can be a maximum of ...
User Guide
Page 10
... database vtp client Configures the switch as VTP transparent, you configure the switch as a VTP client. Step 4 Example: Router(vlan)# vtp client exit Example: Router(vlan)# exit Updates the VLAN database, propagates it throughout the administrative domain, exits VLAN configuration mode and returns to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards SUMMARY STEPS 1. enable...
... database vtp client Configures the switch as VTP transparent, you configure the switch as a VTP client. Step 4 Example: Router(vlan)# vtp client exit Example: Router(vlan)# exit Updates the VLAN database, propagates it throughout the administrative domain, exits VLAN configuration mode and returns to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards SUMMARY STEPS 1. enable...
User Guide
Page 18
... configure terminal Purpose Enables privileged EXEC mode. • Enter your password if prompted. Ensure that the neighboring switch is complete. Configuring a Fast Ethernet Interface as Layer 2 Access Follow these steps below to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Note Ports do not support Dynamic Trunk Protocol (DTP). interface fastethernet interface-id 4. enable...
... configure terminal Purpose Enables privileged EXEC mode. • Enter your password if prompted. Ensure that the neighboring switch is complete. Configuring a Fast Ethernet Interface as Layer 2 Access Follow these steps below to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Note Ports do not support Dynamic Trunk Protocol (DTP). interface fastethernet interface-id 4. enable...
User Guide
Page 19
Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to authenticate a user. A method list describes the sequence and authentication methods to be queried to Configure EtherSwitch HWICs Step 6 Command or Action switchport access vlan vlan-number Step 7 Example: Router(config-if)# switchport ...Enabling Periodic Reauthentication, page 23 • Changing the Quiet Period, page 24 • Changing the Switch-to-Client Retransmission Time, page 25 • Setting the Switch-to-Client Frame-Retransmission Number, page 26 • Enabling Multiple Hosts, page 27 • Resetting...
Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to authenticate a user. A method list describes the sequence and authentication methods to be queried to Configure EtherSwitch HWICs Step 6 Command or Action switchport access vlan vlan-number Step 7 Example: Router(config-if)# switchport ...Enabling Periodic Reauthentication, page 23 • Changing the Quiet Period, page 24 • Changing the Switch-to-Client Retransmission Time, page 25 • Setting the Switch-to-Client Frame-Retransmission Number, page 26 • Enabling Multiple Hosts, page 27 • Resetting...
User Guide
Page 20
...802.1x authentication and enters interface configuration mode. • Enter the interface type and interface number. Returns to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards 3. interface interface-type interface-number 5. Example: Router(config-if)# end 20 dot1x port-control auto 6....method list. • To create a default list that is used when a named list is automatically authenticated without the switch using the information supplied by the methods that are to be used in the authentication command, use the default keyword followed...
...802.1x authentication and enters interface configuration mode. • Enter the interface type and interface number. Returns to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards 3. interface interface-type interface-number 5. Example: Router(config-if)# end 20 dot1x port-control auto 6....method list. • To create a default list that is used when a named list is automatically authenticated without the switch using the information supplied by the methods that are to be used in the authentication command, use the default keyword followed...
User Guide
Page 21
... parameters on a server at the same IP address. configure terminal 3. enable 2. end 5. Example: Router# configure terminal 21 Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs Command or Action Step 7 show dot1x Purpose Verifies your password if prompted. Example: Router# copy running -config startup-config (... port number creates a unique identifier, which enables RADIUS requests to be sent to multiple UDP ports on the switch. The RADIUS host entries are tried in the configuration file. SUMMARY STEPS 1. copy running -config 6.
... parameters on a server at the same IP address. configure terminal 3. enable 2. end 5. Example: Router# configure terminal 21 Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs Command or Action Step 7 show dot1x Purpose Verifies your password if prompted. Example: Router# copy running -config startup-config (... port number creates a unique identifier, which enables RADIUS requests to be sent to multiple UDP ports on the switch. The RADIUS host entries are tried in the configuration file. SUMMARY STEPS 1. copy running -config 6.
User Guide
Page 22
... ip-address} global configuration command. If you use multiple RADIUS servers, repeat this command. For more information, refer to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Step 3 Command or Action radius-server host {hostname | ip-address} auth-port port-number key string Example:...; For auth-port port-number, specify the UDP destination port for all RADIUS servers by both the server and the switch. Returns to be shared by using the radius-server host global configuration command. You can globally configure the timeout, retransmission...
... ip-address} global configuration command. If you use multiple RADIUS servers, repeat this command. For more information, refer to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Step 3 Command or Action radius-server host {hostname | ip-address} auth-port port-number key string Example:...; For auth-port port-number, specify the UDP destination port for all RADIUS servers by both the server and the switch. Returns to be shared by using the radius-server host global configuration command. You can globally configure the timeout, retransmission...
User Guide
Page 23
... 3600 Router(config)# dot1x timeout re-authperiod 120 seconds. • This command affects the behavior of the switch only if periodic reauthentication is enabled end Returns to configure the number of seconds between reauthentication attempts. configure terminal...reauthentication, the number of the client. Automatic 802.1x client reauthentication is disabled by default. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs Enabling Periodic Reauthentication You can enable periodic 802.1x client reauthentication and specify how often it ...
... 3600 Router(config)# dot1x timeout re-authperiod 120 seconds. • This command affects the behavior of the switch only if periodic reauthentication is enabled end Returns to configure the number of seconds between reauthentication attempts. configure terminal...reauthentication, the number of the client. Automatic 802.1x client reauthentication is disabled by default. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs Enabling Periodic Reauthentication You can enable periodic 802.1x client reauthentication and specify how often it ...
User Guide
Page 24
... time is 60. 24 copy running -config startup-config Changing the Quiet Period When the switch cannot authenticate the client, the switch remains idle for a set period of time, and then tries again. Step 3 Example:... Router# configure terminal dot1x timeout quiet-period seconds Example: Router(config)#dot1x timeout quiet-period 120 Sets the number of the client might occur because the client provided an invalid password. How to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch...
... time is 60. 24 copy running -config startup-config Changing the Quiet Period When the switch cannot authenticate the client, the switch remains idle for a set period of time, and then tries again. Step 3 Example:... Router# configure terminal dot1x timeout quiet-period seconds Example: Router(config)#dot1x timeout quiet-period 120 Sets the number of the client might occur because the client provided an invalid password. How to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch...
User Guide
Page 25
...)# end show dot1x 6. Follow the steps below to the EAP-request/identity frame from the switch with certain clients and authentication servers. dot1x timeout tx-period seconds 4. end 5. copy running -config startup-config Changing the...Router# configure terminal 25 enable 2. configure terminal 3. SUMMARY STEPS 1. If the switch does not receive this command only to privileged EXEC mode. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs Command or Action Step 4 end Purpose Returns to adjust for client notification. Example...
...)# end show dot1x 6. Follow the steps below to the EAP-request/identity frame from the switch with certain clients and authentication servers. dot1x timeout tx-period seconds 4. end 5. copy running -config startup-config Changing the...Router# configure terminal 25 enable 2. configure terminal 3. SUMMARY STEPS 1. If the switch does not receive this command only to privileged EXEC mode. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs Command or Action Step 4 end Purpose Returns to adjust for client notification. Example...
User Guide
Page 26
... from the client before restarting the authentication process. Follow the steps below to set the switch-to the client before retransmitting the request. • The range is 30. dot1x max-req count 4. How to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Step 3 Step 4 Command or Action Purpose dot1x timeout tx-period seconds Example...
... from the client before restarting the authentication process. Follow the steps below to set the switch-to the client before retransmitting the request. • The range is 30. dot1x max-req count 4. How to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Step 3 Step 4 Command or Action Purpose dot1x timeout tx-period seconds Example...
User Guide
Page 27
... 802.1x-authorized port that the switch sends an EAP-request/identity frame to the client before restarting the authentication process. • The range is 1 to be successfully authorized for all attached clients are denied access to auto. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs DETAILED STEPS Command or Action Step...
... 802.1x-authorized port that the switch sends an EAP-request/identity frame to the client before restarting the authentication process. • The range is 1 to be successfully authorized for all attached clients are denied access to auto. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs DETAILED STEPS Command or Action Step...