User Guide
Page 1
...) for the 16- This document includes the following sections: • Feature Overview, page 2 • Supported Platforms, page 45 • Supported Standards, MIBs, and RFCs, page 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15...
...) for the 16- This document includes the following sections: • Feature Overview, page 2 • Supported Platforms, page 45 • Supported Standards, MIBs, and RFCs, page 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15...
User Guide
Page 2
... 36 10/100BASE-TX ports and two optional 10/100/1000BASE-T Gigabit Ethernet ports. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 2 The 16-port Ethernet switch network module has 16 10/100BASE-TX ports and an optional 10/100/1000BASE-T Gigabit Ethernet port. The... 5 • EtherChannel, page 7 • 802.1x Port-Based Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the packet.
... 36 10/100BASE-TX ports and two optional 10/100/1000BASE-T Gigabit Ethernet ports. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 2 The 16-port Ethernet switch network module has 16 10/100BASE-TX ports and an optional 10/100/1000BASE-T Gigabit Ethernet port. The... 5 • EtherChannel, page 7 • 802.1x Port-Based Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the packet.
User Guide
Page 3
...the switch receives a frame for a specified number of seconds, it was received. VLAN Trunks A trunk is an industry-standard trunking encapsulation. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 3 Because collisions are recommended. To switch frames between one or more information about EtherChannel, see...to 20 Mbps for Fast Ethernet interfaces. For more Ethernet switch interfaces and another networking device such as an individual segment. 16- When packets can transmit and receive at least 8,191 address entries without flooding to all other at wire speed to ...
...the switch receives a frame for a specified number of seconds, it was received. VLAN Trunks A trunk is an industry-standard trunking encapsulation. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 3 Because collisions are recommended. To switch frames between one or more information about EtherChannel, see...to 20 Mbps for Fast Ethernet interfaces. For more Ethernet switch interfaces and another networking device such as an individual segment. 16- When packets can transmit and receive at least 8,191 address entries without flooding to all other at wire speed to ...
User Guide
Page 4
... connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN trunk with the spanning tree instance of what the connected port mode is different from the VLAN on the other 802.1Q switch. Feature Overview 16- Only access VLAN traffic will stay in ...access mode regardless of the other end, spanning tree loops might result. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 4 and 36-Port Ethernet Switch Module ...
... connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN trunk with the spanning tree instance of what the connected port mode is different from the VLAN on the other 802.1Q switch. Feature Overview 16- Only access VLAN traffic will stay in ...access mode regardless of the other end, spanning tree loops might result. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 4 and 36-Port Ethernet Switch Module ...
User Guide
Page 5
...one or more information about configuring IP routing, see the "Configuring IP Multicast Layer 3 Switching" section on page 98. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 Furthermore, when you enter the vlan interface configuration command for an ...Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of routed ports and SVIs that you can configure routing across SVIs. VLAN Trunk Protocol VLAN Trunk Protocol (VTP) is connected. A routed port is made up of VLANs within a VTP domain. 16...
...one or more information about configuring IP routing, see the "Configuring IP Multicast Layer 3 Switching" section on page 98. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 Furthermore, when you enter the vlan interface configuration command for an ...Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of routed ports and SVIs that you can configure routing across SVIs. VLAN Trunk Protocol VLAN Trunk Protocol (VTP) is connected. A routed port is made up of VLANs within a VTP domain. 16...
User Guide
Page 6
... received by neighboring switches, which update their VLAN configuration with a different management domain name or an earlier configuration revision number. Feature Overview 16- and 36-Port Ethernet Switch Module for a domain over a trunk link or until the management domain name is the default mode. ...create or modify VLANs on a VTP server, the change is in the VTP domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 However, in VTP version 2, transparent switches do not participate in the VTP domain....
... received by neighboring switches, which update their VLAN configuration with a different management domain name or an earlier configuration revision number. Feature Overview 16- and 36-Port Ethernet Switch Module for a domain over a trunk link or until the management domain name is the default mode. ...create or modify VLANs on a VTP server, the change is in the VTP domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 However, in VTP version 2, transparent switches do not participate in the VTP domain....
User Guide
Page 7
16- When you enable VTP version 2 on each switch in the management domain when in ...old copies of six EtherChannels. EtherChannel load balancing can operate in the domain enable VTP version 2 • The Cisco IOS end and Ctrl-Z commands are version 2-capable. either source or destination or both source and destination. Consistency checks ...is not able to 1600 Mbps (Fast EtherChannel full duplex) between the network module and another switch or host. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 7 EtherChannel EtherChannel bundles up to parse. If the digest on...
16- When you enable VTP version 2 on each switch in the management domain when in ...old copies of six EtherChannels. EtherChannel load balancing can operate in the domain enable VTP version 2 • The Cisco IOS end and Ctrl-Z commands are version 2-capable. either source or destination or both source and destination. Consistency checks ...is not able to 1600 Mbps (Fast EtherChannel full duplex) between the network module and another switch or host. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 7 EtherChannel EtherChannel bundles up to parse. If the digest on...
User Guide
Page 8
...authenticates each client connected to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you apply to the port-...is authenticated, 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 8 EtherChannel Configuration Guidelines and Restrictions If improperly configured, some...same, the interfaces do not form an EtherChannel. Feature Overview 16-
...authenticates each client connected to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you apply to the port-...is authenticated, 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 8 EtherChannel Configuration Guidelines and Restrictions If improperly configured, some...same, the interfaces do not form an EtherChannel. Feature Overview 16-
User Guide
Page 9
...format. The switch acts as shown in Cisco Secure Access Control Server version 3.0. The... requests access to the LAN and switch services and responds to the requests from the ... extensions is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Device...sent to access the LAN and switch services. The authentication server validates the identity ... release, the Remote Authentication Dial-In User Service (RADIUS) security system with the authentication server... act as the proxy, the authentication service is transparent to the authentication server, the...
...format. The switch acts as shown in Cisco Secure Access Control Server version 3.0. The... requests access to the LAN and switch services and responds to the requests from the ... extensions is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Device...sent to access the LAN and switch services. The authentication server validates the identity ... release, the Remote Authentication Dial-In User Service (RADIUS) security system with the authentication server... act as the proxy, the authentication service is transparent to the authentication server, the...
User Guide
Page 10
..., the client transmits frames as the intermediary, passing EAP frames between the client and the authentication server until authentication succeeds or fails. Feature Overview 16- The specific exchange of the frame, the client responds with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response...EAP-Response/OTP EAP-Success RADIUS Access-Request RADIUS Access-Challenge RADIUS Access-Request RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 88851 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 10
..., the client transmits frames as the intermediary, passing EAP frames between the client and the authentication server until authentication succeeds or fails. Feature Overview 16- The specific exchange of the frame, the client responds with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response...EAP-Response/OTP EAP-Success RADIUS Access-Request RADIUS Access-Challenge RADIUS Access-Request RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 88851 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 10
User Guide
Page 11
...ingress and egress traffic except for a fixed number of the client. The switch cannot provide authentication services to the client through the interface. • auto-enables 802.1x and causes the port to... configuration (see Figure 1 on page 9), only one client can be connected to the network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 11 The switch detects the client when the...allowing only EAPOL frames to the authorized state without 802.1x-based authentication of times. 16- When no response is uniquely identified by the switch by the client to the unauthorized...
...ingress and egress traffic except for a fixed number of the client. The switch cannot provide authentication services to the client through the interface. • auto-enables 802.1x and causes the port to... configuration (see Figure 1 on page 9), only one client can be connected to the network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 11 The switch detects the client when the...allowing only EAPOL frames to the authorized state without 802.1x-based authentication of times. 16- When no response is uniquely identified by the switch by the client to the unauthorized...
User Guide
Page 12
... module Authentication server (RADIUS) 88850 Wireless client Spanning Tree Protocol This section describes how to the network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 You can exist between any two stations. Switches ...interfaces. If the port becomes unauthorized (reauthentication fails or an EAPOL-logoff message is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the spanning tree fails and a ... exists in a network. The switches do not manually disable STP). Feature Overview 16-
... module Authentication server (RADIUS) 88850 Wireless client Spanning Tree Protocol This section describes how to the network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 You can exist between any two stations. Switches ...interfaces. If the port becomes unauthorized (reauthentication fails or an EAPOL-logoff message is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the spanning tree fails and a ... exists in a network. The switches do not manually disable STP). Feature Overview 16-
User Guide
Page 13
... information about the transmitting bridge and its ports, including bridge and MAC addresses, bridge priority, port priority, and path cost. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 16- and 36-Port Ethernet Switch Module for each switch sends configuration BPDUs to the root bridge through which the frame is...
... information about the transmitting bridge and its ports, including bridge and MAC addresses, bridge priority, port priority, and path cost. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 16- and 36-Port Ethernet Switch Module for each switch sends configuration BPDUs to the root bridge through which the frame is...
User Guide
Page 14
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that have been forwarded using spanning tree exists in one of the following five states: • ... Tree Port States Propagation delays can take place at different times and at different places in the spanning tree topology to forward frames. Feature Overview 16- They must wait for frames that affect the entire spanning tree performance: Table 2 STP Timers Timer Hello timer Forward delay timer Maximum age timer Purpose...
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that have been forwarded using spanning tree exists in one of the following five states: • ... Tree Port States Propagation delays can take place at different times and at different places in the spanning tree topology to forward frames. Feature Overview 16- They must wait for frames that affect the entire spanning tree performance: Table 2 STP Timers Timer Hello timer Forward delay timer Maximum age timer Purpose...
User Guide
Page 15
...2 interface stabilizes to the learning state, and resets the forward delay timer. 3. The Layer 2 interface waits for the forwarding database. 4. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 and 36-Port Ethernet Switch Module for the forward delay timer to expire and then moves... the Layer 2 interface to the blocking state. 2. The Layer 2 interface waits for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of listening ...
...2 interface stabilizes to the learning state, and resets the forward delay timer. 3. The Layer 2 interface waits for the forwarding database. 4. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 and 36-Port Ethernet Switch Module for the forward delay timer to expire and then moves... the Layer 2 interface to the blocking state. 2. The Layer 2 interface waits for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of listening ...
User Guide
Page 16
Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 16 After initialization, a BPDU is sent out to the listening state. If only one switch is the root or root bridge. Feature Overview 16- This exchange establishes which switch in the blocking state performs as shown in the ...8226; Receives BPDUs and directs them to the system module. • Does not transmit BPDUs received from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Blocking State A Layer 2 interface in the blocking state does not participate in frame forwarding, as follows: •...
Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 16 After initialization, a BPDU is sent out to the listening state. If only one switch is the root or root bridge. Feature Overview 16- This exchange establishes which switch in the blocking state performs as shown in the ...8226; Receives BPDUs and directs them to the system module. • Does not transmit BPDUs received from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Blocking State A Layer 2 interface in the blocking state does not participate in frame forwarding, as follows: •...
User Guide
Page 17
... module Frame forwarding Data frames BPDUs Port 2 Network management frames S5693 Listening All segment frames BPDU and network management frames A Layer 2 interface in frame forwarding. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 17 and 36-Port Ethernet Switch Module for forwarding. • Does not incorporate end station location into..., processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. Figure 6 shows a Layer 2 interface in the listening state. 16-
... module Frame forwarding Data frames BPDUs Port 2 Network management frames S5693 Listening All segment frames BPDU and network management frames A Layer 2 interface in frame forwarding. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 17 and 36-Port Ethernet Switch Module for forwarding. • Does not incorporate end station location into..., processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. Figure 6 shows a Layer 2 interface in the listening state. 16-
User Guide
Page 18
... follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Learning State A Layer 2 interface in the learning state prepares to participate in frame forwarding. Figure 7...8226; Incorporates end station location into its address database. • Receives BPDUs and directs them to network management messages. Feature Overview 16- The Layer 2 interface enters the learning state from the system module. • Receives and responds to the system module. •...
... follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Learning State A Layer 2 interface in the learning state prepares to participate in frame forwarding. Figure 7...8226; Incorporates end station location into its address database. • Receives BPDUs and directs them to network management messages. Feature Overview 16- The Layer 2 interface enters the learning state from the system module. • Receives and responds to the system module. •...
User Guide
Page 19
... system module. • Processes BPDUs received from the learning state. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Forwarding State A Layer 2 interface in the forwarding state forwards frames, as shown in.... • Incorporates end station location information into its address database. • Receives BPDUs and directs them to network management messages. 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 19 Figure 8 Interface 2 in Forwarding State All segment frames Forwarding Station addresses Port...
... system module. • Processes BPDUs received from the learning state. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Forwarding State A Layer 2 interface in the forwarding state forwards frames, as shown in.... • Incorporates end station location information into its address database. • Receives BPDUs and directs them to network management messages. 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 19 Figure 8 Interface 2 in Forwarding State All segment frames Forwarding Station addresses Port...
User Guide
Page 20
... address database. (There is no learning, so there is virtually nonoperational. Feature Overview 16- MAC Address Allocation The MAC address allocation manager has a pool of VLANs allowed 64 VLANS 32 VLANs 32 VLANs Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 20 Table 3 Number of VLANs ...Allowed by Platform Platform Cisco 3640 or higher Cisco 3620 Cisco 2600 Maximum number of MAC addresses that are used as the bridge IDs...
... address database. (There is no learning, so there is virtually nonoperational. Feature Overview 16- MAC Address Allocation The MAC address allocation manager has a pool of VLANs allowed 64 VLANS 32 VLANs 32 VLANs Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 20 Table 3 Number of VLANs ...Allowed by Platform Platform Cisco 3640 or higher Cisco 3620 Cisco 2600 Maximum number of MAC addresses that are used as the bridge IDs...