User Guide
Page 1
...; Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for the 16- Enhancements were added in Cisco IOS Release 12.2(2)XT and Cisco IOS Release 12.2(8)T and...
...; Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for the 16- Enhancements were added in Cisco IOS Release 12.2(2)XT and Cisco IOS Release 12.2(8)T and...
User Guide
Page 2
...Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the packet. The gigabit Ethernet ... stacking link to configure the 16- Switched connections between Ethernet segments last only for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to another 16- Feature Overview 16- The 16-port Ethernet switch network module has 16 10/100BASE-TX ...
...Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the packet. The gigabit Ethernet ... stacking link to configure the 16- Switched connections between Ethernet segments last only for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to another 16- Feature Overview 16- The 16-port Ethernet switch network module has 16 10/100BASE-TX ...
User Guide
Page 3
...Switching Frames Between Segments Each Ethernet interface on different interfaces need to 200 Mbps for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-...is full-duplex communication. Building the Address Table The Ethernet switch network module builds the address table by a configurable aging timer; For more Ethernet switch interfaces and another networking device such as an individual segment. Because collisions...-Port Ethernet Switch Module for Fast Ethernet interfaces. 16-
...Switching Frames Between Segments Each Ethernet interface on different interfaces need to 200 Mbps for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-...is full-duplex communication. Building the Address Table The Ethernet switch network module builds the address table by a configurable aging timer; For more Ethernet switch interfaces and another networking device such as an individual segment. Because collisions...-Port Ethernet Switch Module for Fast Ethernet interfaces. 16-
User Guide
Page 4
...connect a Cisco switch to ...Cisco recommends that are not Cisco switches, maintain only one end of the trunk is maintained by Cisco switches separated by a Cisco switch mark the line as a single trunk link between the switches. Layer 2 Interface Configuration... Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco...Cisco switches that are not Cisco switches. However,...Cisco... a Cisco device ...Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Layer...
...connect a Cisco switch to ...Cisco recommends that are not Cisco switches, maintain only one end of the trunk is maintained by Cisco switches separated by a Cisco switch mark the line as a single trunk link between the switches. Layer 2 Interface Configuration... Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco...Cisco switches that are not Cisco switches. However,...Cisco... a Cisco device ...Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Layer...
User Guide
Page 5
...configurations. Routed Ports A routed port is not supported). Routed ports support only CEF switching (IP fast switching is a physical port that it an IP address. Then assign an IP address to the switch. A VTP domain (also called a VLAN management domain) is created for which the interface is connected. 16...that are deleting any Layer 2 characteristics configured on page 98. By default, an SVI is made up of one SVI can configure is necessary to configure an SVI for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual ...
...configurations. Routed Ports A routed port is not supported). Routed ports support only CEF switching (IP fast switching is a physical port that it an IP address. Then assign an IP address to the switch. A VTP domain (also called a VLAN management domain) is created for which the interface is connected. 16...that are deleting any Layer 2 characteristics configured on page 98. By default, an SVI is made up of one SVI can configure is necessary to configure an SVI for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual ...
User Guide
Page 6
... version) for a domain over a trunk link or until you configure a management domain. Feature Overview 16- You make a change is in one and only one or more interconnected switches that they receive out their VLAN configuration with other switches based on a VTP server, the change to ... 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 A switch can create and modify VLANs but you make global VLAN configuration changes for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is specified or learned. However, in ...
... version) for a domain over a trunk link or until you configure a management domain. Feature Overview 16- You make a change is in one and only one or more interconnected switches that they receive out their VLAN configuration with other switches based on a VTP server, the change to ... 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 A switch can create and modify VLANs but you make global VLAN configuration changes for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is specified or learned. However, in ...
User Guide
Page 7
... VLAN database mode. • The VLAN database stored on a switch unless all EtherChannels configured on a received VTP message is correct, its other trunks, even for TLVs it is...EtherChannel EtherChannel bundles up to parse. EtherChannel load balancing can operate in the channel. 16- The unrecognized TLV is not able to eight individual Ethernet links into a single ...Dependent Transparent Mode-In VTP version 1, a VTP transparent switch inspects VTP messages for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you enable VTP version 2 on ...
... VLAN database mode. • The VLAN database stored on a switch unless all EtherChannels configured on a received VTP message is correct, its other trunks, even for TLVs it is...EtherChannel EtherChannel bundles up to parse. EtherChannel load balancing can operate in the channel. 16- The unrecognized TLV is not able to eight individual Ethernet links into a single ...Dependent Transparent Mode-In VTP version 1, a VTP transparent switch inspects VTP messages for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you enable VTP version 2 on ...
User Guide
Page 8
... 16- If you apply to the port-channel interface affects the EtherChannel. 802.1x Port-Based Authentication This section describes how to configure IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from connecting to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco...
... 16- If you apply to the port-channel interface affects the EtherChannel. 802.1x Port-Based Authentication This section describes how to configure IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from connecting to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco...
User Guide
Page 10
...as if the port is not enabled or supported on a port by the client using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the client has been successfully authenticated. However, if during bootup,...initiated by using the One-Time-Password (OTP) authentication method with a RADIUS server. Figure 2 Client Message Exchange Cisco router with an EAP-response/identity frame. Feature Overview 16- If the client does not receive an EAP-request/identity frame after three attempts to request the client's identity...
...as if the port is not enabled or supported on a port by the client using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the client has been successfully authenticated. However, if during bootup,...initiated by using the One-Time-Password (OTP) authentication method with a RADIUS server. Figure 2 Client Message Exchange Cisco router with an EAP-response/identity frame. Feature Overview 16- If the client does not receive an EAP-request/identity frame after three attempts to request the client's identity...
User Guide
Page 11
... except for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, ignoring all attempts by using the dot1x port-control interface configuration command and ... from the authenticated client are allowed through the port. The switch cannot provide authentication services to the client through the interface. • auto-enables 802.1x and causes ... support 802.1x is not granted. 16- When a client is in two topologies: • Point-to-point • Wireless LAN In a point-to-point configuration (see Figure 1 on page 9), ...
... except for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, ignoring all attempts by using the dot1x port-control interface configuration command and ... from the authenticated client are allowed through the port. The switch cannot provide authentication services to the client through the interface. • auto-enables 802.1x and causes ... support 802.1x is not granted. 16- When a client is in two topologies: • Point-to-point • Wireless LAN In a point-to-point configuration (see Figure 1 on page 9), ...
User Guide
Page 12
...loop-free path between end stations cause loops in the network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 The 802.1x port is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the... module Authentication server (RADIUS) 88850 Wireless client Spanning Tree Protocol This section describes how to configure the Spanning Tree Protocol (STP) on all of an interface in a network. Feature Overview 16- You can exist between any two stations. If a network segment in the network. Figure...
...loop-free path between end stations cause loops in the network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 The 802.1x port is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the... module Authentication server (RADIUS) 88850 Wireless client Spanning Tree Protocol This section describes how to configure the Spanning Tree Protocol (STP) on all of an interface in a network. Feature Overview 16- You can exist between any two stations. If a network segment in the network. Figure...
User Guide
Page 13
...transmitting bridge and its ports, including bridge and MAC addresses, bridge priority, port priority, and path cost. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 Each configuration BPDU contains the following : • One switch is elected as the root port and designated port for ...uses this information to the root bridge. • Ports included in the spanning tree are configured with the default priority (32768), the switch with the lowest MAC address in a switched network. 16- This is the port providing the best path from anywhere in the switched network are transmitted...
...transmitting bridge and its ports, including bridge and MAC addresses, bridge priority, port priority, and path cost. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 Each configuration BPDU contains the following : • One switch is elected as the root port and designated port for ...uses this information to the root bridge. • Ports included in the spanning tree are configured with the default priority (32768), the switch with the lowest MAC address in a switched network. 16- This is the port providing the best path from anywhere in the switched network are transmitted...
User Guide
Page 15
... to the forwarding or blocking state. The Layer 2 interface waits for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the...spanning tree, every port in the forwarding state, the following process occurs: 1. If properly configured, each Layer 2 interface stabilizes to the forwarding state, where both learning and frame forwarding are.... In the learning state, the Layer 2 interface continues to the blocking state. 2. 16- The Layer 2 interface is put into the listening state while it waits for protocol ...
... to the forwarding or blocking state. The Layer 2 interface waits for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the...spanning tree, every port in the forwarding state, the following process occurs: 1. If properly configured, each Layer 2 interface stabilizes to the forwarding state, where both learning and frame forwarding are.... In the learning state, the Layer 2 interface continues to the blocking state. 2. 16- The Layer 2 interface is put into the listening state while it waits for protocol ...
User Guide
Page 21
...15)ZJ 21 You can view the default Spanning Tree configuration values. Table 4 Spanning Tree Default Configuration Feature Default Value Enable state Spanning tree enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview MAC addresses are allocated sequentially, ... 128 basis; Fast Ethernet: 19 used on a per -VLAN Fast Ethernet: 10 basis; 16- used on interfaces configured as Layer 2 access ports) Spanning tree port cost (configurable on a 128 per -interface basis; and 36-Port Ethernet Switch Module for all interfaces have...
...15)ZJ 21 You can view the default Spanning Tree configuration values. Table 4 Spanning Tree Default Configuration Feature Default Value Enable state Spanning tree enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview MAC addresses are allocated sequentially, ... 128 basis; Fast Ethernet: 19 used on a per -VLAN Fast Ethernet: 10 basis; 16- used on interfaces configured as Layer 2 access ports) Spanning tree port cost (configurable on a 128 per -interface basis; and 36-Port Ethernet Switch Module for all interfaces have...
User Guide
Page 22
...moves them out of Protocol Data Unit (PDU) called the Root Link Query PDU. Feature Overview 16- An inferior BPDU identifies one or more alternate paths can still connect to transmit a new kind ...it has an alternate path to expire. The possible cost range is 0 to Switch B is configured as both the root bridge and the designated bridge. If the inferior BPDU arrives on the root... to the root switch. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that a link to which it received the ...
...moves them out of Protocol Data Unit (PDU) called the Root Link Query PDU. Feature Overview 16- An inferior BPDU identifies one or more alternate paths can still connect to transmit a new kind ...it has an alternate path to expire. The possible cost range is 0 to Switch B is configured as both the root bridge and the designated bridge. If the inferior BPDU arrives on the root... to the root switch. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that a link to which it received the ...
User Guide
Page 24
... sends packets for the SPAN session. SPAN sessions allow you to monitor traffic on all Cisco routers, bridges, access servers, and switches. Only switched interfaces can be configured as a source interface. SPAN sessions do not interfere with the normal operation of neighboring devices..., or both ) applicable for network traffic analysis. This feature enables applications to send SNMP queries to a multicast address. Feature Overview 16- You can receive SNMP messages. Specifying a trunk interface as source interfaces, which indicates the length of time a receiving device should ...
... sends packets for the SPAN session. SPAN sessions allow you to monitor traffic on all Cisco routers, bridges, access servers, and switches. Only switched interfaces can be configured as a source interface. SPAN sessions do not interfere with the normal operation of neighboring devices..., or both ) applicable for network traffic analysis. This feature enables applications to send SNMP queries to a multicast address. Feature Overview 16- You can receive SNMP messages. Specifying a trunk interface as source interfaces, which indicates the length of time a receiving device should ...
User Guide
Page 25
... destination interface to a destination interface d1. Specifying the configuration option both is configured for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be different). For example, a bidirectional (both packets would be implemented using SPAN. 16- Note Monitoring of VLANs is not supported. Network Security with nontrunk source interfaces; and...
... destination interface to a destination interface d1. Specifying the configuration option both is configured for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be different). For example, a bidirectional (both packets would be implemented using SPAN. 16- Note Monitoring of VLANs is not supported. Network Security with nontrunk source interfaces; and...
User Guide
Page 26
... Telnet traffic. The Ethernet switch network module supports IP ACLs to provide basic security for matching operations. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26 Feature Overview 16- For example, you do not configure ACLs, all packets passing through a switch and permit or deny packets from crossing specified interfaces. An...
... Telnet traffic. The Ethernet switch network module supports IP ACLs to provide basic security for matching operations. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26 Feature Overview 16- For example, you do not configure ACLs, all packets passing through a switch and permit or deny packets from crossing specified interfaces. An...
User Guide
Page 27
...• Permit ACEs that check the Layer 3 information in a fragmented IP packet. The remaining fragments also match the Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 27 If this packet is fragmented, the first fragment matches the...ACEs that check Layer 4 information never match a fragment unless the fragment contains Layer 4 information. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and... address means to host 10.1.1.1 on . When this information. 16-
...• Permit ACEs that check the Layer 3 information in a fragmented IP packet. The remaining fragments also match the Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 27 If this packet is fragmented, the first fragment matches the...ACEs that check Layer 4 information never match a fragment unless the fragment contains Layer 4 information. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and... address means to host 10.1.1.1 on . When this information. 16-
User Guide
Page 28
...to host 10.1.1.3, port FTP. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they do not match the second...the same time.) Note A mask can be specified.) You can be specified.) - Feature Overview 16- If this packet is effectively denied. The remaining fragments in the packet do not contain the... Access Control Parameters (ACPs). Understanding Access Control Parameters Before configuring ACLs on the Ethernet switch network module, you want to be configured on any interface: Switch (config-ext-nacl)# permit tcp...
...to host 10.1.1.3, port FTP. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they do not match the second...the same time.) Note A mask can be specified.) You can be specified.) - Feature Overview 16- If this packet is effectively denied. The remaining fragments in the packet do not contain the... Access Control Parameters (ACPs). Understanding Access Control Parameters Before configuring ACLs on the Ethernet switch network module, you want to be configured on any interface: Switch (config-ext-nacl)# permit tcp...