User Guide
Page 4
...Switchport mode trunk puts the interface into nontrunking mode. The 802.1Q cloud separating the Cisco switches that the native VLAN for the specific VLAN. Make sure that is not Cisco devised, is . Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 4 Table 1 Default Layer ...Cisco switch to a device other 802.1Q switch. If the VLAN on both ends of spanning tree for each VLAN is loop-free before disabling spanning tree. Inconsistencies detected by a cloud of 802.1Q switches that are not Cisco switches, maintain only one instance of the trunk link. Feature Overview 16...
...Switchport mode trunk puts the interface into nontrunking mode. The 802.1Q cloud separating the Cisco switches that the native VLAN for the specific VLAN. Make sure that is not Cisco devised, is . Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 4 Table 1 Default Layer ...Cisco switch to a device other 802.1Q switch. If the VLAN on both ends of spanning tree for each VLAN is loop-free before disabling spanning tree. Inconsistencies detected by a cloud of 802.1Q switches that are not Cisco switches, maintain only one instance of the trunk link. Feature Overview 16...
User Guide
Page 5
... 3 mode with a particular VLAN, as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. For more switches and have those changes automatically communicated to ...3 routing protocol. VLAN Trunk Protocol VLAN Trunk Protocol (VTP) is not supported). 16- SVIs support routing protocol and bridging configurations. A routed port is connected. Configure ...a VLAN only when you enter the vlan interface configuration command for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI...
... 3 mode with a particular VLAN, as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. For more switches and have those changes automatically communicated to ...3 routing protocol. VLAN Trunk Protocol VLAN Trunk Protocol (VTP) is not supported). 16- SVIs support routing protocol and bridging configurations. A routed port is connected. Configure ...a VLAN only when you enter the vlan interface configuration command for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI...
User Guide
Page 9
... Series, and Cisco 3700 Series Feature Overview Device Roles With 802.1x port-based authentication, the devices in the IEEE 802.1x specification.) Note To resolve Windows XP network connectivity and 802.1x authentication issues, read the Microsoft Knowledge Base article at this release, the Remote Authentication Dial-In User Service (RADIUS) security...
... Series, and Cisco 3700 Series Feature Overview Device Roles With 802.1x port-based authentication, the devices in the IEEE 802.1x specification.) Note To resolve Windows XP network connectivity and 802.1x authentication issues, read the Microsoft Knowledge Base article at this release, the Remote Authentication Dial-In User Service (RADIUS) security...
User Guide
Page 10
...RADIUS Access-Request RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 88851 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 10 If the authentication succeeds, the switch port becomes authorized. The specific exchange of the frame, the client responds with an EAP-response/identity ... If you enable authentication on page 11. Note If 802.1x is in Authorized and Unauthorized States" section on page 11. Feature Overview 16- A port in Authorized and Unauthorized States" section on a port by one or more information, see the "Ports in the authorized state....
...RADIUS Access-Request RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 88851 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 10 If the authentication succeeds, the switch port becomes authorized. The specific exchange of the frame, the client responds with an EAP-response/identity ... If you enable authentication on page 11. Note If 802.1x is in Authorized and Unauthorized States" section on page 11. Feature Overview 16- A port in Authorized and Unauthorized States" section on a port by one or more information, see the "Ports in the authorized state....
User Guide
Page 22
... BPDU to the root, it has lost its designated bridge. BackboneFast BackboneFast is media-specific). If all interfaces have the same cost value, spanning tree puts the interface with ... the root switch. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that connects directly to Switch B is ...root switch, connects directly to Switch B over link L1 and to select last. Feature Overview 16- and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-...
... BPDU to the root, it has lost its designated bridge. BackboneFast BackboneFast is media-specific). If all interfaces have the same cost value, spanning tree puts the interface with ... the root switch. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that connects directly to Switch B is ...root switch, connects directly to Switch B over link L1 and to select last. Feature Overview 16- and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-...
User Guide
Page 28
...destination port number, or both at the same time.) Note A mask can be specified.) - Feature Overview 16- If this example is that the packet is TCP and that are missing Layer 4 information. • Because... any Layer 4 information and because Layer 3 information in the switch CLI commands, and output. The specific values associated with a given mask are referred to define a flow. • Layer 4 fields: ...host 10.1.1.3, port FTP. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they are no restrictions on ...
...destination port number, or both at the same time.) Note A mask can be specified.) - Feature Overview 16- If this example is that the packet is TCP and that are missing Layer 4 information. • Because... any Layer 4 information and because Layer 3 information in the switch CLI commands, and output. The specific values associated with a given mask are referred to define a flow. • Layer 4 fields: ...host 10.1.1.3, port FTP. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they are no restrictions on ...
User Guide
Page 30
...16- Implementing QoS in your switch, you can select specific network traffic, prioritize it according to its relative importance, and use congestion-management and congestion-avoidance techniques to provide preferential treatment. Classification can carry a Differentiated Services Code Point (DSCP) value. Figure 14 QoS Classification Layers in the Layer 2 frame. Cisco...supported in this release is in 802.1Q frames except for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding Quality of Service (QoS) Typically, networks operate on your network makes network ...
...16- Implementing QoS in your switch, you can select specific network traffic, prioritize it according to its relative importance, and use congestion-management and congestion-avoidance techniques to provide preferential treatment. Classification can carry a Differentiated Services Code Point (DSCP) value. Figure 14 QoS Classification Layers in the Layer 2 frame. Cisco...supported in this release is in 802.1Q frames except for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding Quality of Service (QoS) Typically, networks operate on your network makes network ...
User Guide
Page 33
... to an interface. After a packet is matched against a specific traffic flow to classify IP traffic by using the service-policy interface configuration command. You should use to an interface...example, a policy map cannot have more information, see the "Guidelines for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • Configuration of the traffic, and the ... can include matching the access group defined by using the policy-map global configuration command. 16- You create a class map by the ACL. When you enter this command, the ...
... to an interface. After a packet is matched against a specific traffic flow to classify IP traffic by using the service-policy interface configuration command. You should use to an interface...example, a policy map cannot have more information, see the "Guidelines for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • Configuration of the traffic, and the ... can include matching the access group defined by using the policy-map global configuration command. 16- You create a class map by the ACL. When you enter this command, the ...
User Guide
Page 35
...through the interface is forwarded only to those interfaces associated with a specific VLAN ID egressing from the internal DSCP value. DSCP-to CoS ... policed, and marked according to the policy map attached to type of service. Maximum Number of marking to apply to the switch: • CoS...the number of multicast groups and the number of multicast groups. 16- The packets can be configured on the egress interface on the ...242 limit. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • On an interface configured...
...through the interface is forwarded only to those interfaces associated with a specific VLAN ID egressing from the internal DSCP value. DSCP-to CoS ... policed, and marked according to the policy map attached to type of service. Maximum Number of marking to apply to the switch: • CoS...the number of multicast groups and the number of multicast groups. 16- The packets can be configured on the egress interface on the ...242 limit. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • On an interface configured...
User Guide
Page 38
...a number of queries, the router processor receives no reports from a VLAN, it sends out a group-specific query to those hosts listed in traffic for the VLAN from being disrupted by the router, or they...switch only forwards IP multicast group traffic to determine if any devices behind that IP multicast group. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 38 Errors in the protocol-stack implementation ...multicast group, they can cause a storm. Feature Overview 16- A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance.
...a number of queries, the router processor receives no reports from a VLAN, it sends out a group-specific query to those hosts listed in traffic for the VLAN from being disrupted by the router, or they...switch only forwards IP multicast group traffic to determine if any devices behind that IP multicast group. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 38 Errors in the protocol-stack implementation ...multicast group, they can cause a storm. Feature Overview 16- A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance.
User Guide
Page 40
... before forwarding is designed to support Cisco IP phones in small branch offices, applications are centrally located at the same time. The following topics are received on your network. The rising threshold is reached. Also included is different from a specific host based on the Ethernet switch ... enabled at the corporate headquarters or data center and are expressed as a percentage of broadcast, unicast, or multicast packets. Feature Overview 16- You can use port security to block input to an Ethernet, Fast Ethernet, or Gigabit Ethernet port when the MAC address of ...
... before forwarding is designed to support Cisco IP phones in small branch offices, applications are centrally located at the same time. The following topics are received on your network. The rising threshold is reached. Also included is different from a specific host based on the Ethernet switch ... enabled at the corporate headquarters or data center and are expressed as a percentage of broadcast, unicast, or multicast packets. Feature Overview 16- You can use port security to block input to an Ethernet, Fast Ethernet, or Gigabit Ethernet port when the MAC address of ...
User Guide
Page 43
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 19 Fallback Bridging Network Example Cisco router with Ethernet switch network module Routed port 172.20.130.1 Host C 172.20.128.1 SVI 1 Host A SVI 2 172...8226; Voice connectivity over data applications • IPSEC, ACL, VPN and Firewall options • New broadband WAN options The Interface Range Specification feature makes configuration easier for these reasons: • Identical commands can be entered once for each interface. • Interface ranges can ...
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 19 Fallback Bridging Network Example Cisco router with Ethernet switch network module Routed port 172.20.130.1 Host C 172.20.128.1 SVI 1 Host A SVI 2 172...8226; Voice connectivity over data applications • IPSEC, ACL, VPN and Firewall options • New broadband WAN options The Interface Range Specification feature makes configuration easier for these reasons: • Identical commands can be entered once for each interface. • Interface ranges can ...
User Guide
Page 53
Adds an Ethernet VLAN. When you delete a VLAN from a switch that is in the VTP domain. 16- Purpose Enters VLAN configuration mode. Step 1 Use the show vlan name command to privileged EXEC mode. To delete a VLAN from all switches in...following commands beginning in privileged EXEC mode: Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 53 srb 1 1002 1004 fdnet 101004 1500 - - 1 ibm - 0 0 1005 trnet 101005 1500 - - 1 ibm - 0 0 Router# Deleting a VLAN from the Database When you delete a VLAN from a switch that specific switch. and 36-Port Ethernet Switch ...
Adds an Ethernet VLAN. When you delete a VLAN from a switch that is in the VTP domain. 16- Purpose Enters VLAN configuration mode. Step 1 Use the show vlan name command to privileged EXEC mode. To delete a VLAN from all switches in...following commands beginning in privileged EXEC mode: Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 53 srb 1 1002 1004 fdnet 101004 1500 - - 1 ibm - 0 0 1005 trnet 101005 1500 - - 1 ibm - 0 0 Router# Deleting a VLAN from the Database When you delete a VLAN from a switch that specific switch. and 36-Port Ethernet Switch ...
User Guide
Page 62
... server are identified by their host name or IP address, host name and specific UDP port numbers, or IP address and specific UDP port numbers. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 62 Configuration Tasks 16- and 36-Port Ethernet Switch Module for 802.1x authentication. The combination of...RADIUS host entries are tried in privileged EXEC mode, follow these steps to -RADIUS-Server Communication RADIUS security servers are configured for the same service-for example, authentication-the second host entry configured acts as the fail-over backup to privileged EXEC mode.
... server are identified by their host name or IP address, host name and specific UDP port numbers, or IP address and specific UDP port numbers. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 62 Configuration Tasks 16- and 36-Port Ethernet Switch Module for 802.1x authentication. The combination of...RADIUS host entries are tried in privileged EXEC mode, follow these steps to -RADIUS-Server Communication RADIUS security servers are configured for the same service-for example, authentication-the second host entry configured acts as the fail-over backup to privileged EXEC mode.
User Guide
Page 65
... times that the switch waits for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers. To return to privileged EXEC mode. the default is 30. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 65 Beginning in... the configuration file. 16- Verifies your entries. (Optional) Saves your entries in privileged EXEC mode, follow these ...
... times that the switch waits for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers. To return to privileged EXEC mode. the default is 30. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 65 Beginning in... the configuration file. 16- Verifies your entries. (Optional) Saves your entries in privileged EXEC mode, follow these ...
User Guide
Page 66
... To disable multiple hosts on an 802.1x-authorized port. Resets the configurable 802.1x parameters to privileged EXEC mode. Configuration Tasks 16- Allows multiple hosts (clients) on the port, use the show dot1x statistics interface interface-id privileged EXEC command. Resetting the 802...mode, follow these steps to reset the 802.1x configuration to be successfully authorized for a specific interface, use the show dot1x statistics privileged EXEC command. Returns to the default values. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 66 Step 1 Step 2 Command configure...
... To disable multiple hosts on an 802.1x-authorized port. Resets the configurable 802.1x parameters to privileged EXEC mode. Configuration Tasks 16- Allows multiple hosts (clients) on the port, use the show dot1x statistics interface interface-id privileged EXEC command. Resetting the 802...mode, follow these steps to reset the 802.1x configuration to be successfully authorized for a specific interface, use the show dot1x statistics privileged EXEC command. Returns to the default values. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 66 Step 1 Step 2 Command configure...
User Guide
Page 76
...neighbors on which CDP is enabled. Verifies information about interfaces on a specific interface and can be expanded to provide more of transmissions and the holdtime for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Verifying CDP Neighbors Step 1 Use the show cdp neighbors... command to verify information about neighbors. Switch, H - The display can be limited to zero. Configuration Tasks 16- and 36-Port Ethernet...
...neighbors on which CDP is enabled. Verifies information about interfaces on a specific interface and can be expanded to provide more of transmissions and the holdtime for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Verifying CDP Neighbors Step 1 Use the show cdp neighbors... command to verify information about neighbors. Switch, H - The display can be limited to zero. Configuration Tasks 16- and 36-Port Ethernet...
User Guide
Page 80
Configuration Tasks 16- remark} {source source-wildcard | host source The access-list-number is a decimal number from an associated IP host address ACL specification, 0.0.0.0 is the source address of the network or host from numbered access lists. The source is assumed to be ...to 99 or 1300 | any as an abbreviation for source and source-wildcard of the ACL contains an implicit deny statement for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Creating a Numbered Standard ACL Beginning in bold): Internet Protocol (ip), Transmission Control Protocol (tcp), or User Datagram...
Configuration Tasks 16- remark} {source source-wildcard | host source The access-list-number is a decimal number from an associated IP host address ACL specification, 0.0.0.0 is the source address of the network or host from numbered access lists. The source is assumed to be ...to 99 or 1300 | any as an abbreviation for source and source-wildcard of the ACL contains an implicit deny statement for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Creating a Numbered Standard ACL Beginning in bold): Internet Protocol (ip), Transmission Control Protocol (tcp), or User Datagram...
User Guide
Page 81
... 12 Filtering Parameter ACEs Supported by Different IP Protocols Filtering Parameter TCP UDP Layer 3 Parameters: IP ToS byte1 No No Differentiated Services Code Point (DSCP) No No IP source address Yes Yes IP destination address Yes Yes Fragments No No TCP or UDP Yes...Yes Destination port Yes Yes TCP flag No No 1. It also does not support filtering based on the specific keywords relative to the Cisco IP Command Reference for Cisco IOS Release 12.2. 16- No support for each protocol, refer to each protocol type. You cannot reorder the list or selectively...
... 12 Filtering Parameter ACEs Supported by Different IP Protocols Filtering Parameter TCP UDP Layer 3 Parameters: IP ToS byte1 No No Differentiated Services Code Point (DSCP) No No IP source address Yes Yes IP destination address Yes Yes Fragments No No TCP or UDP Yes...Yes Destination port Yes Yes TCP flag No No 1. It also does not support filtering based on the specific keywords relative to the Cisco IP Command Reference for Cisco IOS Release 12.2. 16- No support for each protocol, refer to each protocol type. You cannot reorder the list or selectively...
User Guide
Page 85
...an ACL, any IP standard or extended ACL. name} {in} end Returns to a specific ACL. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks When making the standard and extended ACL, remember that it to accomplish ... interface: Step 1 Step 2 Step 3 Step 4 Command Purpose configure terminal Enters global configuration mode. 16- You cannot selectively add ACEs to privileged EXEC mode. However, you can use a number. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 85 ACLs can go before the associated permit ...
...an ACL, any IP standard or extended ACL. name} {in} end Returns to a specific ACL. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks When making the standard and extended ACL, remember that it to accomplish ... interface: Step 1 Step 2 Step 3 Step 4 Command Purpose configure terminal Enters global configuration mode. 16- You cannot selectively add ACEs to privileged EXEC mode. However, you can use a number. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 85 ACLs can go before the associated permit ...