User Guide
Page 1
.... This feature module describes the 16- This document includes the following sections: • Feature Overview, page 2 • Supported Platforms, page 45 • Supported Standards, MIBs, and RFCs, page 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature History Release 12...
.... This feature module describes the 16- This document includes the following sections: • Feature Overview, page 2 • Supported Platforms, page 45 • Supported Standards, MIBs, and RFCs, page 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature History Release 12...
User Guide
Page 2
...1000BASE-T Gigabit Ethernet ports. The gigabit Ethernet can also be used as an uplink port to a server or as a stacking link to configure the 16- An optional power module can be added to provide inline power for the duration of VLAN and Multicast Groups, page 35 • ...802.1x Port-Based Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the packet. and 36-Port Ethernet Switch Module for...
...1000BASE-T Gigabit Ethernet ports. The gigabit Ethernet can also be used as an uplink port to a server or as a stacking link to configure the 16- An optional power module can be added to provide inline power for the duration of VLAN and Multicast Groups, page 35 • ...802.1x Port-Based Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the packet. and 36-Port Ethernet Switch Module for...
User Guide
Page 3
16- Because each interface as a router or a switch. In full-duplex mode, two stations can store at least 8,191 address entries without flooding to all devices attached to ensure that each device (for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 ...Series Feature Overview The Ethernet switch network module solves congestion problems caused by assigning each session receives full bandwidth. To reduce degradation, the switch treats each Ethernet interface on the aging timer are a major bottleneck in a properly configured...
16- Because each interface as a router or a switch. In full-duplex mode, two stations can store at least 8,191 address entries without flooding to all devices attached to ensure that each device (for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 ...Series Feature Overview The Ethernet switch network module solves congestion problems caused by assigning each session receives full bandwidth. To reduce degradation, the switch treats each Ethernet interface on the aging timer are a major bottleneck in a properly configured...
User Guide
Page 4
...nontrunking mode. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree ...16- and 36-Port Ethernet Switch Module for Gigabit Ethernet interfaces operated in 100-Mb mode 4 for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Layer 2 Interface Modes Switchport mode access puts the interface into permanent trunking mode. Table 1 Default Layer 2 Ethernet Interface Configuration...
...nontrunking mode. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree ...16- and 36-Port Ethernet Switch Module for Gigabit Ethernet interfaces operated in 100-Mb mode 4 for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Layer 2 Interface Modes Switchport mode access puts the interface into permanent trunking mode. Table 1 Default Layer 2 Ethernet Interface Configuration...
User Guide
Page 5
... and have those changes automatically communicated to all the other features being configured might generate messages on CPU utilization because of VLANs within a VTP domain. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 SVIs support routing protocol and bridging configurations. 16- Routed ports support only CEF switching (IP fast switching is created...
... and have those changes automatically communicated to all the other features being configured might generate messages on CPU utilization because of VLANs within a VTP domain. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 SVIs support routing protocol and bridging configurations. 16- Routed ports support only CEF switching (IP fast switching is created...
User Guide
Page 6
VTP advertisements are received by neighboring switches, which update their VTP and VLAN configurations as VTP version) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is propagated to all...size for the domain using IEEE 802.1Q encapsulation. Feature Overview 16- The following global configuration information is the default mode. • Client-VTP clients behave the same way as VTP transparent, you configure a management domain. Mapping eliminates excessive device administration required from ...
VTP advertisements are received by neighboring switches, which update their VTP and VLAN configurations as VTP version) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is propagated to all...size for the domain using IEEE 802.1Q encapsulation. Feature Overview 16- The following global configuration information is the default mode. • Client-VTP clients behave the same way as VTP transparent, you configure a management domain. Mapping eliminates excessive device administration required from ...
User Guide
Page 7
...VTP transparent switch inspects VTP messages for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you use VTP in your network: • All switches in a VTP domain must run the same VTP version. • You must configure a password on the switch. All ...are performed only when you enter new information through the CLI or SNMP. either source or destination or both source and destination. 16- When you must have the same speed duplex and mode. Since only one of overwritten VLAN databases. EtherChannel load balancing can operate...
...VTP transparent switch inspects VTP messages for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you use VTP in your network: • All switches in a VTP domain must run the same VTP version. • You must configure a password on the switch. All ...are performed only when you enter new information through the CLI or SNMP. either source or destination or both source and destination. 16- When you must have the same speed duplex and mode. Since only one of overwritten VLAN databases. EtherChannel load balancing can operate...
User Guide
Page 8
..., using source addresses or IP addresses may result in the channel; Feature Overview 16- and 36-Port Ethernet Switch Module for the formation of VLANs is connected. ... to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you shut ... interface affects the EtherChannel. 802.1x Port-Based Authentication This section describes how to configure IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from connecting to...
..., using source addresses or IP addresses may result in the channel; Feature Overview 16- and 36-Port Ethernet Switch Module for the formation of VLANs is connected. ... to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you shut ... interface affects the EtherChannel. 802.1x Port-Based Authentication This section describes how to configure IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from connecting to...
User Guide
Page 10
...frames as the intermediary, passing EAP frames between the client and the authentication server until authentication succeeds or fails. Feature Overview 16- If the authentication succeeds, the switch port becomes authorized. The specific exchange of the frame, the client responds with ... Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by the client using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the...
...frames as the intermediary, passing EAP frames between the client and the authentication server until authentication succeeds or fails. Feature Overview 16- If the authentication succeeds, the switch port becomes authorized. The specific exchange of the frame, the client responds with ... Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by the client using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the...
User Guide
Page 11
16- and 36-Port Ethernet Switch Module for 802.1x packets. The switch cannot provide authentication services to the client through the interface. •... the port state changes to authorized, and all attempts by using the dot1x port-control interface configuration command and these keywords: • force-authorized-disables 802.1x and causes the port to change... change to the authorized state, allowing all ingress and egress traffic except for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, allowing only EAPOL frames ...
16- and 36-Port Ethernet Switch Module for 802.1x packets. The switch cannot provide authentication services to the client through the interface. •... the port state changes to authorized, and all attempts by using the dot1x port-control interface configuration command and these keywords: • force-authorized-disables 802.1x and causes the port to change... change to the authorized state, allowing all ingress and egress traffic except for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, allowing only EAPOL frames ...
User Guide
Page 12
...nodes in the Layer 2 network. The spanning tree port priority value represents the location of multiple segments. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 Feature Overview 16- For a Layer 2 Ethernet network to construct a loop-free path. By default, a single instance of... If a loop exists in the network, end stations might receive duplicate messages and switches might learn endstation MAC addresses on each configured VLAN (provided that provides path redundancy while preventing undesirable loops in a wireless LAN. The spanning tree port path cost value represents...
...nodes in the Layer 2 network. The spanning tree port priority value represents the location of multiple segments. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 Feature Overview 16- For a Layer 2 Ethernet network to construct a loop-free path. By default, a single instance of... If a loop exists in the network, end stations might receive duplicate messages and switches might learn endstation MAC addresses on each configured VLAN (provided that provides path redundancy while preventing undesirable loops in a wireless LAN. The spanning tree port path cost value represents...
User Guide
Page 13
... protocol timers When a switch transmits a bridge packet data unit (BPDU) frame, all switches are configured with the default priority (32768), the switch with the highest bridge priority (the lowest numerical priority ...port is forwarded to calculate a BPDU, and, if the topology changes, initiate a BPDU transmission. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 All paths that the transmitting switch believes ... unique bridge ID of the spanning tree topology in spanning tree blocking mode. 16- If all switches connected to the LAN on each switch • The spanning...
... protocol timers When a switch transmits a bridge packet data unit (BPDU) frame, all switches are configured with the default priority (32768), the switch with the highest bridge priority (the lowest numerical priority ...port is forwarded to calculate a BPDU, and, if the topology changes, initiate a BPDU transmission. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 All paths that the transmitting switch believes ... unique bridge ID of the spanning tree topology in spanning tree blocking mode. 16- If all switches connected to the LAN on each switch • The spanning...
User Guide
Page 15
The Layer 2 interface waits for the forwarding database. 4. If properly configured, each Layer 2 interface stabilizes to the forwarding state, where both learning and frame ...moves the Layer 2 interface to the forwarding or blocking state. The Layer 2 interface waits for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory...state, and resets the forward delay timer. 3. Figure 4 STP Port States Boot-up . 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15
The Layer 2 interface waits for the forwarding database. 4. If properly configured, each Layer 2 interface stabilizes to the forwarding state, where both learning and frame ...moves the Layer 2 interface to the forwarding or blocking state. The Layer 2 interface waits for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory...state, and resets the forward delay timer. 3. Figure 4 STP Port States Boot-up . 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15
User Guide
Page 21
...3 bridge ID is derived from the media speed of an interface. 16- For example, if the MAC address range is 00-e0-1e-9b-2e-00 to put into the forwarding state. used on interfaces configured as Layer 2 trunk ports) Ethernet: 10 Hello time 2 seconds... possible priority range is 0 to VLAN 2, and so forth. Table 4 Spanning Tree Default Configuration Feature Default Value Enable state Spanning tree enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview MAC addresses are allocated sequentially, with the lowest interface number in increments ...
...3 bridge ID is derived from the media speed of an interface. 16- For example, if the MAC address range is 00-e0-1e-9b-2e-00 to put into the forwarding state. used on interfaces configured as Layer 2 trunk ports) Ethernet: 10 Hello time 2 seconds... possible priority range is 0 to VLAN 2, and so forth. Table 4 Spanning Tree Default Configuration Feature Default Value Enable state Spanning tree enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview MAC addresses are allocated sequentially, with the lowest interface number in increments ...
User Guide
Page 22
...the port cost value when the interface is configured as an access port and uses VLAN port cost values when the interface is in the blocking state. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that the...port, the root port and other interfaces. The switch sends the Root Link Query PDU on the switch become alternate paths to expire. Feature Overview 16- The possible cost range is 0 to 65535 (the default is initiated when a root port or blocked port on a switch receives inferior BPDUs from...
...the port cost value when the interface is configured as an access port and uses VLAN port cost values when the interface is in the blocking state. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that the...port, the root port and other interfaces. The switch sends the Root Link Query PDU on the switch become alternate paths to expire. Feature Overview 16- The possible cost range is 0 to 65535 (the default is initiated when a root port or blocked port on a switch receives inferior BPDUs from...
User Guide
Page 24
... specified VLANs are neighbors of SPAN source interfaces or VLANs. Feature Overview 16- CDP allows network management applications to -live, or hold CDP information before discarding it can configure source interfaces in particular, neighbors running lower-layer, transparent protocols. CDP ... which SPAN sends packets for the SPAN session. The advertisements also contain the time-to discover Cisco devices that support Subnetwork Access Protocol (SNAP). You configure SPAN sessions using parameters that all the source interfaces. SPAN sessions do not interfere with command-...
... specified VLANs are neighbors of SPAN source interfaces or VLANs. Feature Overview 16- CDP allows network management applications to -live, or hold CDP information before discarding it can configure source interfaces in particular, neighbors running lower-layer, transparent protocols. CDP ... which SPAN sends packets for the SPAN session. The advertisements also contain the time-to discover Cisco devices that support Subnetwork Access Protocol (SNAP). You configure SPAN sessions using parameters that all the source interfaces. SPAN sessions do not interfere with command-...
User Guide
Page 25
...the source interfaces for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be SPAN source interfaces; Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 25 Specifying the configuration option both copies ...sent to different VLANs. • Monitoring of VLANs is not supported. SPAN includes BPDUs in any previously entered configuration. • When you specify multiple SPAN source interfaces, the interfaces can be monitored using access control lists (ACLs...is enabled by the source interfaces to a destination interface d1. 16-
...the source interfaces for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be SPAN source interfaces; Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 25 Specifying the configuration option both copies ...sent to different VLANs. • Monitoring of VLANs is not supported. SPAN includes BPDUs in any previously entered configuration. • When you specify multiple SPAN source interfaces, the interfaces can be monitored using access control lists (ACLs...is enabled by the source interfaces to a destination interface d1. 16-
User Guide
Page 26
...first match determines whether the switch accepts or rejects the packet. If there are examined. You configure access lists on physical Layer 2 interfaces. The switch examines access lists associated with all packets ...of permit or deny depends on the criteria specified in the ACL. Feature Overview 16- and 36-Port Ethernet Switch Module for your network. The switch tests the ... access a part of a network or to provide basic security for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can limit network traffic and restrict network...
...first match determines whether the switch accepts or rejects the packet. If there are examined. You configure access lists on physical Layer 2 interfaces. The switch examines access lists associated with all packets ...of permit or deny depends on the criteria specified in the ACL. Feature Overview 16- and 36-Port Ethernet Switch Module for your network. The switch tests the ... access a part of a network or to provide basic security for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can limit network traffic and restrict network...
User Guide
Page 27
16- and 36-Port Ethernet Switch Module for the TCP-destination-port well-known numbers equaling Simple Mail Transfer Protocol (SMTP) and Telnet, respectively. • Packet A ... 4 information. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from host 10.2.2.2, port 65000, going to all packet fragments. If this information. The remaining fragments also match the Cisco IOS Release 12.2(2)XT, 12.2(8)T, and...
16- and 36-Port Ethernet Switch Module for the TCP-destination-port well-known numbers equaling Simple Mail Transfer Protocol (SMTP) and Telnet, respectively. • Packet A ... 4 information. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from host 10.2.2.2, port 65000, going to all packet fragments. If this information. The remaining fragments also match the Cisco IOS Release 12.2(2)XT, 12.2(8)T, and...
User Guide
Page 28
...There are referred to perform an action. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they are no restrictions on the IP subnet to be configured on which you must have a thorough understanding of multiple Layer 3 and Layer... (ACPs). TCP (You can be classified on the Ethernet switch network module, you want to as it tries to be specified.) - Feature Overview 16- If this packet is the field of masks: • User-defined mask-masks that the destination is 10.1.1.1.) • Packet B is present....
...There are referred to perform an action. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they are no restrictions on the IP subnet to be configured on which you must have a thorough understanding of multiple Layer 3 and Layer... (ACPs). TCP (You can be classified on the Ethernet switch network module, you want to as it tries to be specified.) - Feature Overview 16- If this packet is the field of masks: • User-defined mask-masks that the destination is 10.1.1.1.) • Packet B is present....