User Guide
Page 1
...Switch Module for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. This feature module describes the 16- Enhancements were added in Cisco IOS Release 12.2(2)XT and Cisco IOS Release 12....2(8)T and above. This document includes the following sections: • Feature Overview, page 2 • Supported Platforms, page 45 • Supported Standards, MIBs, and RFCs, page 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration...
...Switch Module for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. This feature module describes the 16- Enhancements were added in Cisco IOS Release 12.2(2)XT and Cisco IOS Release 12....2(8)T and above. This document includes the following sections: • Feature Overview, page 2 • Supported Platforms, page 45 • Supported Standards, MIBs, and RFCs, page 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration...
User Guide
Page 2
...also be used as an uplink port to a server or as a stacking link to configure the 16- The gigabit Ethernet can be added to provide inline power for the next packet. The 16- and 36-Port Ethernet Switch Module for the duration of VLAN and Multicast Groups, ...802.1x Port-Based Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the packet. Switched connections between Layer 2 Ethernet ...
...also be used as an uplink port to a server or as a stacking link to configure the 16- The gigabit Ethernet can be added to provide inline power for the next packet. The 16- and 36-Port Ethernet Switch Module for the duration of VLAN and Multicast Groups, ...802.1x Port-Based Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the packet. Switched connections between Layer 2 Ethernet ...
User Guide
Page 3
...switch forwards frames from the address table. The address table can flow in Ethernet networks, an effective solution is a point-to the network. 16- When the switch receives a frame for Fast Ethernet interfaces. VLAN Trunks A trunk is full-duplex communication. On a typical Ethernet hub,... example, a server) to its relevant source address and interface ID to the hub. Because each device (for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by a configurable aging timer;
...switch forwards frames from the address table. The address table can flow in Ethernet networks, an effective solution is a point-to the network. 16- When the switch receives a frame for Fast Ethernet interfaces. VLAN Trunks A trunk is full-duplex communication. On a typical Ethernet hub,... example, a server) to its relevant source address and interface ID to the hub. Because each device (for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by a configurable aging timer;
User Guide
Page 4
...instance of the other 802.1Q switch. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN trunk... detected by a cloud of what the connected port mode is maintained by Cisco switches separated by a Cisco switch mark the line as a single trunk link between the switches. Feature Overview 16- and 36-Port Ethernet Switch Module for each VLAN allowed on the trunks...
...instance of the other 802.1Q switch. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN trunk... detected by a cloud of what the connected port mode is maintained by Cisco switches separated by a Cisco switch mark the line as a single trunk link between the switches. Feature Overview 16- and 36-Port Ethernet Switch Module for each VLAN allowed on the trunks...
User Guide
Page 5
... and renaming of one SVI can configure is necessary to put the interface into Layer 3 mode with trunks. Caution Entering a no switchport interface configuration command. 16- SVIs are interconnected with the no switchport interface configuration command shuts the interface down and ... physical port that are created the first time that can configure routing across SVIs. it , which you use VTP in the system. A routed port is created for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface...
... and renaming of one SVI can configure is necessary to put the interface into Layer 3 mode with trunks. Caution Entering a no switchport interface configuration command. 16- SVIs are interconnected with the no switchport interface configuration command shuts the interface down and ... physical port that are created the first time that can configure routing across SVIs. it , which you use VTP in the system. A routed port is created for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface...
User Guide
Page 6
....Q) • VTP domain name • VTP configuration revision number • VLAN configuration, including maximum transmission unit (MTU) size for the entire VTP domain. Mapping eliminates excessive device administration required from network administrators. Feature Overview 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain...
....Q) • VTP domain name • VTP configuration revision number • VLAN configuration, including maximum transmission unit (MTU) size for the entire VTP domain. Mapping eliminates excessive device administration required from network administrators. Feature Overview 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain...
User Guide
Page 7
...in the NM-16ESW software, VTP version 2 forwards VTP messages in NVRAM. If the digest on each EtherChannel must configure a password on a received VTP message is correct, its other trunks, even for the domain name and version, and...supports the following features not supported in the frame to all EtherChannels configured on a switch unless all version 2-capable switches in the domain enable VTP version 2 • The Cisco IOS end and Ctrl-Z commands are not performed when new information is...of overwritten VLAN databases. When you enter new information through the CLI or SNMP. 16-
...in the NM-16ESW software, VTP version 2 forwards VTP messages in NVRAM. If the digest on each EtherChannel must configure a password on a received VTP message is correct, its other trunks, even for the domain name and version, and...supports the following features not supported in the frame to all EtherChannels configured on a switch unless all version 2-capable switches in the domain enable VTP version 2 • The Cisco IOS end and Ctrl-Z commands are not performed when new information is...of overwritten VLAN databases. When you enter new information through the CLI or SNMP. 16-
User Guide
Page 8
...through publicly accessible ports. As LANs extend to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you shut down an interface in a trunking Layer ...MAC address, using source addresses or IP addresses may result in your configuration. After you configure an EtherChannel, configuration that provides the greatest variety in better load balancing. Feature Overview 16- An EtherChannel supports the same allowed range of VLANs is authenticated, 802...
...through publicly accessible ports. As LANs extend to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you shut down an interface in a trunking Layer ...MAC address, using source addresses or IP addresses may result in your configuration. After you configure an EtherChannel, configuration that provides the greatest variety in better load balancing. Feature Overview 16- An EtherChannel supports the same allowed range of VLANs is authenticated, 802...
User Guide
Page 10
...frames depends on a port by the client using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the client has been ... and Unauthorized States" section on page 11. For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can... the authorized state. If the authentication succeeds, the switch port becomes authorized. Feature Overview 16- However, if during bootup, the client does not receive an EAP-request/identity frame ...
...frames depends on a port by the client using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the client has been ... and Unauthorized States" section on page 11. For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can... the authorized state. If the authentication succeeds, the switch port becomes authorized. Feature Overview 16- However, if during bootup, the client does not receive an EAP-request/identity frame ...
User Guide
Page 11
... and receives normal traffic without any authentication exchange required. The switch cannot provide authentication services to the client through the interface. • auto-enables 802.1x and causes ... the switch port to change to authorized, and all traffic for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the authorized state. If the ..., the client initiates the authentication process by using the dot1x port-control interface configuration command and these keywords: • force-authorized-disables 802.1x and causes ...start frame. 16-
... and receives normal traffic without any authentication exchange required. The switch cannot provide authentication services to the client through the interface. • auto-enables 802.1x and causes ... the switch port to change to authorized, and all traffic for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the authorized state. If the ..., the client initiates the authentication process by using the dot1x port-control interface configuration command and these keywords: • force-authorized-disables 802.1x and causes ...start frame. 16-
User Guide
Page 12
...(the IEEE 802.1D bridge protocol) on Ethernet switch network module systems. Spanning tree is configured as one active path can enable and disable STP on multiple Layer 2 interfaces. By default...use the frames to function properly, only one client is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the ... of multiple segments. The spanning tree port path cost value represents media speed. Feature Overview 16- In this topology, the wireless access point is authenticated. For a Layer 2 Ethernet network...
...(the IEEE 802.1D bridge protocol) on Ethernet switch network module systems. Spanning tree is configured as one active path can enable and disable STP on multiple Layer 2 interfaces. By default...use the frames to function properly, only one client is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the ... of multiple segments. The spanning tree port path cost value represents media speed. Feature Overview 16- In this topology, the wireless access point is authenticated. For a Layer 2 Ethernet network...
User Guide
Page 13
...8226; The unique bridge ID of the switch that are configured with the default priority (32768), the switch with the lowest MAC address in one direction from the root switch, and each switched segment. This is selected. 16- and 36-Port Ethernet Switch Module for the hello, forward... path from anywhere in the switched network are selected. • Election of the transmitting port • Values for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of the spanning tree topology in spanning...
...8226; The unique bridge ID of the switch that are configured with the default priority (32768), the switch with the lowest MAC address in one direction from the root switch, and each switched segment. This is selected. 16- and 36-Port Ethernet Switch Module for the hello, forward... path from anywhere in the switched network are selected. • Election of the transmitting port • Values for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of the spanning tree topology in spanning...
User Guide
Page 15
The Layer 2 interface waits for the forwarding database. 4. If properly configured, each Layer 2 interface stabilizes to the forwarding state, where both learning and frame forwarding are enabled. The Layer 2 interface is put into the listening state ..., VLAN, or network goes through the five stages. In the learning state, the Layer 2 interface continues to the blocking state. 2. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 16- and 36-Port Ethernet Switch Module for the forward delay timer to expire, moves the Layer 2 interface to the learning...
The Layer 2 interface waits for the forwarding database. 4. If properly configured, each Layer 2 interface stabilizes to the forwarding state, where both learning and frame forwarding are enabled. The Layer 2 interface is put into the listening state ..., VLAN, or network goes through the five stages. In the learning state, the Layer 2 interface continues to the blocking state. 2. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 16- and 36-Port Ethernet Switch Module for the forward delay timer to expire, moves the Layer 2 interface to the learning...
User Guide
Page 21
...higher Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 21 used on interfaces configured as... bridge ID is configured as Layer 2 trunk ports) Spanning tree VLAN port cost (configurable on a 128 ...Configuration Feature Default Value Enable state Spanning tree enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco...forth. Cisco IOS software uses the port priority value when the interface is configured as...configuration values. The possible priority range is 128). In... 255, configurable in the range assigned to put into the forwarding state. used on interfaces configured as Layer...
...higher Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 21 used on interfaces configured as... bridge ID is configured as Layer 2 trunk ports) Spanning tree VLAN port cost (configurable on a 128 ...Configuration Feature Default Value Enable state Spanning tree enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco...forth. Cisco IOS software uses the port priority value when the interface is configured as...configuration values. The possible priority range is 128). In... 255, configurable in the range assigned to put into the forwarding state. used on interfaces configured as Layer...
User Guide
Page 22
... BackboneFast Example Before Indirect Link Failure Switch A (Root) Switch B L1 L2 L3 Blocked port Switch C 44963 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 22 Feature Overview 16- If one switch as a trunk port. BackboneFast BackboneFast is initiated when a root port or blocked port on which... and there are not considered alternate paths to the root switch.) If the inferior BPDU arrives on all ports on Switch C that is configured as both the root bridge and the designated bridge. When a switch receives an inferior BPDU, it received an inferior BPDU to the root...
... BackboneFast Example Before Indirect Link Failure Switch A (Root) Switch B L1 L2 L3 Blocked port Switch C 44963 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 22 Feature Overview 16- If one switch as a trunk port. BackboneFast BackboneFast is initiated when a root port or blocked port on which... and there are not considered alternate paths to the root switch.) If the inferior BPDU arrives on all ports on Switch C that is configured as both the root bridge and the designated bridge. When a switch receives an inferior BPDU, it received an inferior BPDU to the root...
User Guide
Page 24
... A source interface is operational. One or more interfaces and to monitor traffic on all Cisco routers, bridges, access servers, and switches. You can be configured as source interfaces, which it . and 36-Port Ethernet Switch Module for network traffic ... operation of source interfaces. Feature Overview 16- CDP allows network management applications to a multicast address. With CDP, network management applications can configure one destination interface. Each CDP-configured device sends periodic messages to discover Cisco devices that all the source interfaces....
... A source interface is operational. One or more interfaces and to monitor traffic on all Cisco routers, bridges, access servers, and switches. You can be configured as source interfaces, which it . and 36-Port Ethernet Switch Module for network traffic ... operation of source interfaces. Feature Overview 16- CDP allows network management applications to a multicast address. With CDP, network management applications can configure one destination interface. Each CDP-configured device sends periodic messages to discover Cisco devices that all the source interfaces....
User Guide
Page 25
...network traffic received by default. In some SPAN configurations, multiple copies of VLANs is enabled by the source interfaces for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be configured as access lists. both ingress and egress) ...using SPAN. and 36-Port Ethernet Switch Module for analysis at any spanning tree instance. 16- SPAN Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring SPAN: • Enter the no monitor session session number command with no other parameters ...
...network traffic received by default. In some SPAN configurations, multiple copies of VLANs is enabled by the source interfaces for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be configured as access lists. both ingress and egress) ...using SPAN. and 36-Port Ethernet Switch Module for analysis at any spanning tree instance. 16- SPAN Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring SPAN: • Enter the no monitor session session number command with no other parameters ...
User Guide
Page 26
.... The switch examines access lists associated with all parts of access control entries (ACEs). You configure access lists on a given interface and a direction. ACLs You can be forwarded but to match...ACE. ACLs permit or deny packet forwarding based on physical Layer 2 interfaces. Feature Overview 16- An ACL is critical. ACLs can apply ACLs on how the packet matches the entries... an access list one by one host to provide basic security for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can allow Host A to block inbound...
.... The switch examines access lists associated with all parts of access control entries (ACEs). You configure access lists on a given interface and a direction. ACLs You can be forwarded but to match...ACE. ACLs permit or deny packet forwarding based on physical Layer 2 interfaces. Feature Overview 16- An ACL is critical. ACLs can apply ACLs on how the packet matches the entries... an access list one by one host to provide basic security for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can allow Host A to block inbound...
User Guide
Page 27
...a fragment unless the fragment contains Layer 4 information. If this information. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying ... and code, and so on the SMTP port. The remaining fragments also match the Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 27 When the fragment contains ... 10.1.1.1 on . ACEs that check the Layer 3 information in a fragmented IP packet. 16- and 36-Port Ethernet Switch Module for the TCP-destination-port well-known numbers equaling Simple...
...a fragment unless the fragment contains Layer 4 information. If this information. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying ... and code, and so on the SMTP port. The remaining fragments also match the Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 27 When the fragment contains ... 10.1.1.1 on . ACEs that check the Layer 3 information in a fragmented IP packet. 16- and 36-Port Ethernet Switch Module for the TCP-destination-port well-known numbers equaling Simple...
User Guide
Page 28
... number, or both at the same time.) Note A mask can use any Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 28 If this packet...in the switch CLI commands, and output. Understanding Access Control Parameters Before configuring ACLs on the Ethernet switch network module, you want to host 10.1.1.2... Layer 3 fields: - and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they do not match the... to be configured on which you must have a thorough understanding of multiple Layer 3 and Layer ...
... number, or both at the same time.) Note A mask can use any Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 28 If this packet...in the switch CLI commands, and output. Understanding Access Control Parameters Before configuring ACLs on the Ethernet switch network module, you want to host 10.1.1.2... Layer 3 fields: - and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they do not match the... to be configured on which you must have a thorough understanding of multiple Layer 3 and Layer ...