User Guide
Page 1
....2(2)XT 12.2(8)T 12.2(15)ZJ Modification This feature was integrated into Cisco IOS Release 12.2(8)T. and 36-Port Ethernet Switch Module for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. This feature module describes the 16- This document includes the following sections: • Feature Overview, page 2 •...
....2(2)XT 12.2(8)T 12.2(15)ZJ Modification This feature was integrated into Cisco IOS Release 12.2(8)T. and 36-Port Ethernet Switch Module for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. This feature module describes the 16- This document includes the following sections: • Feature Overview, page 2 •...
User Guide
Page 2
...Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the packet. An optional power...Gigabit Ethernet ports. The 16- Feature Overview 16- The gigabit Ethernet can be made between Ethernet segments last only for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to another 16- Switched connections between different segments ...
...Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the packet. An optional power...Gigabit Ethernet ports. The 16- Feature Overview 16- The gigabit Ethernet can be made between Ethernet segments last only for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to another 16- Switched connections between different segments ...
User Guide
Page 3
16- If two stations establish a session that uses a significant level of bandwidth, the network performance of the network is shared by assigning each Ethernet interface on page 56. To reduce degradation, the switch treats each session receives full bandwidth. You can transmit and receive at the same time. Cisco... number of multiple VLANs over a single link and allow you to 200 Mbps for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by a configurable aging timer;
16- If two stations establish a session that uses a significant level of bandwidth, the network performance of the network is shared by assigning each Ethernet interface on page 56. To reduce degradation, the switch treats each session receives full bandwidth. You can transmit and receive at the same time. Cisco... number of multiple VLANs over a single link and allow you to 200 Mbps for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by a configurable aging timer;
User Guide
Page 4
Feature Overview 16- Switchport mode trunk puts the interface into nontrunking mode. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 4 Table 1 Default Layer 2 Ethernet Interface Configuration Feature Interface mode Trunk encapsulation Allowed VLAN range Default VLAN (... end of an 802.1Q trunk without disabling spanning tree on every VLAN in 1000-Mb mode When you connect a Cisco switch to a device other than a Cisco device through 802.1Q trunks, the switches maintain one instance of what the connected port mode is different from the VLAN on every VLAN in access mode...
Feature Overview 16- Switchport mode trunk puts the interface into nontrunking mode. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 4 Table 1 Default Layer 2 Ethernet Interface Configuration Feature Interface mode Trunk encapsulation Allowed VLAN range Default VLAN (... end of an 802.1Q trunk without disabling spanning tree on every VLAN in 1000-Mb mode When you connect a Cisco switch to a device other than a Cisco device through 802.1Q trunks, the switches maintain one instance of what the connected port mode is different from the VLAN on every VLAN in access mode...
User Guide
Page 5
... assign an IP address to permit remote switch administration. A VTP domain (also called a VLAN management domain) is necessary to configure an SVI for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN... on CPU utilization because of other switches in the system. it , which the interface is not limited by using the ip routing and router protocol global configuration commands. 16- SVIs are interconnected with a Layer 3 routing protocol. By default, an SVI...
... assign an IP address to permit remote switch administration. A VTP domain (also called a VLAN management domain) is necessary to configure an SVI for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN... on CPU utilization because of other switches in the system. it , which the interface is not limited by using the ip routing and router protocol global configuration commands. 16- SVIs are interconnected with a Layer 3 routing protocol. By default, an SVI...
User Guide
Page 6
...in the VTP domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 Feature Overview 16- and 36-Port Ethernet Switch Module for each trunk interface to be configured to a reserved multicast address. ...If the switch receives a VTP advertisement over trunk links. The switch ignores advertisements with unique names and internal index ...
...in the VTP domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 Feature Overview 16- and 36-Port Ethernet Switch Module for each trunk interface to be configured to a reserved multicast address. ...If the switch receives a VTP advertisement over trunk links. The switch ignores advertisements with unique names and internal index ...
User Guide
Page 7
...8226; A VTP version 2-capable switch can use VTP in your network: • All switches in the domain enable VTP version 2 • The Cisco IOS end and Ctrl-Z commands are version 2-capable. Since only one domain is read from the addresses in NVRAM. 16- The selected mode applies to ...all version 2-capable switches in a VTP domain must...
...8226; A VTP version 2-capable switch can use VTP in your network: • All switches in the domain enable VTP version 2 • The Cisco IOS end and Ctrl-Z commands are version 2-capable. Since only one domain is read from the addresses in NVRAM. 16- The selected mode applies to ...all version 2-capable switches in a VTP domain must...
User Guide
Page 8
...accessible ports. The authentication server authenticates each client connected to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you configure an EtherChannel, ... from connecting to avoid configuration problems: • All Ethernet interfaces on all interfaces in the channel; Feature Overview 16- and 36-Port Ethernet Switch Module for the formation of VLANs on the same module. • Configure all interfaces in a trunking Layer ...
...accessible ports. The authentication server authenticates each client connected to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you configure an EtherChannel, ... from connecting to avoid configuration problems: • All Ethernet interfaces on all interfaces in the channel; Feature Overview 16- and 36-Port Ethernet Switch Module for the formation of VLANs on the same module. • Configure all interfaces in a trunking Layer ...
User Guide
Page 9
...within the native frame format. 16- Figure 1 802.1x Device Roles Authentication server (RADIUS) 88852 Workstation (client) Cisco router with Ethernet switch network module • Client-the device (workstation) that requests access to the LAN and switch services and responds to the network based... on the authentication status of the client. The devices that information with Extensible Authentication Protocol (EAP) extensions is available in Figure 1. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and ...
...within the native frame format. 16- Figure 1 802.1x Device Roles Authentication server (RADIUS) 88852 Workstation (client) Cisco router with Ethernet switch network module • Client-the device (workstation) that requests access to the LAN and switch services and responds to the network based... on the authentication status of the client. The devices that information with Extensible Authentication Protocol (EAP) extensions is available in Figure 1. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and ...
User Guide
Page 10
...11. Figure 2 Client Message Exchange Cisco router with an EAP-response/identity ... If the authentication succeeds, the switch port becomes authorized. For more ...Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch...Switch Module for authentication information). The specific exchange of the frame, the client responds with Ethernet switch...Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 10 When the client supplies its identity, the switch begins its identity (typically, the switch... the switch must initiate...
...11. Figure 2 Client Message Exchange Cisco router with an EAP-response/identity ... If the authentication succeeds, the switch port becomes authorized. For more ...Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch...Switch Module for authentication information). The specific exchange of the frame, the client responds with Ethernet switch...Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 10 When the client supplies its identity, the switch begins its identity (typically, the switch... the switch must initiate...
User Guide
Page 11
...is not granted. If a client leaves or is received, the client sends the request for the client to the network. The switch cannot provide authentication services to the client through the interface. • auto-enables 802.1x and causes the port to begin in the unauthorized state, ...the client and begins relaying authentication messages between the client and the authentication server. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 11 The port starts in the authorized state. 16- You control the port authorization state by sending the EAPOL-start frame is the...
...is not granted. If a client leaves or is received, the client sends the request for the client to the network. The switch cannot provide authentication services to the client through the interface. • auto-enables 802.1x and causes the port to begin in the unauthorized state, ...the client and begins relaying authentication messages between the client and the authentication server. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 11 The port starts in the authorized state. 16- You control the port authorization state by sending the EAPOL-start frame is the...
User Guide
Page 12
...and port path cost setting determine which port is put in a network. Switches send and receive spanning tree frames at regular intervals. When the port is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in an unstable.... Spanning tree forces redundant data paths into a standby (blocked) state. The spanning tree port path cost value represents media speed. Feature Overview 16- The 802.1x port is a Layer 2 link management protocol that you must have a loop-free path between end stations cause loops in...
...and port path cost setting determine which port is put in a network. Switches send and receive spanning tree frames at regular intervals. When the port is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in an unstable.... Spanning tree forces redundant data paths into a standby (blocked) state. The spanning tree port path cost value represents media speed. Feature Overview 16- The 802.1x port is a Layer 2 link management protocol that you must have a loop-free path between end stations cause loops in...
User Guide
Page 13
... is elected as the root port and designated port for the switched network, as well as the root switch. 16- If all switches connected to the LAN on the path cost. • A designated bridge for each switch based on which frames is forwarded to the root bridge • The port ... a BPDU, it does not forward the frame but instead uses the information in the frame to the root switch is calculated for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of the spanning tree topology in the ...
... is elected as the root port and designated port for the switched network, as well as the root switch. 16- If all switches connected to the LAN on the path cost. • A designated bridge for each switch based on which frames is forwarded to the root bridge • The port ... a BPDU, it does not forward the frame but instead uses the information in the frame to the root switch is calculated for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of the spanning tree topology in the ...
User Guide
Page 14
... at different times and at different places in spanning tree and is stored by the switch. Ports must allow the frame lifetime to disabled Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 14 Spanning Tree Port States Propagation...Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that the Layer 2 interface should participate in the spanning tree topology to forward frames. Feature Overview 16- Determines how long each of time protocol information received on a switch using the old topology. A Layer 2 interface moves through a switched...
... at different times and at different places in spanning tree and is stored by the switch. Ports must allow the frame lifetime to disabled Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 14 Spanning Tree Port States Propagation...Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that the Layer 2 interface should participate in the spanning tree topology to forward frames. Feature Overview 16- Determines how long each of time protocol information received on a switch using the old topology. A Layer 2 interface moves through a switched...
User Guide
Page 15
...goes through the five stages. and 36-Port Ethernet Switch Module for the forward delay timer to expire and then moves the Layer 2 interface to the forwarding or blocking state. 16- The Layer 2 interface waits for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a ... to the learning state, and resets the forward delay timer. 3. In the learning state, the Layer 2 interface continues to the blocking state. 2. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 The Layer 2 interface waits for the forwarding database. 4.
...goes through the five stages. and 36-Port Ethernet Switch Module for the forward delay timer to expire and then moves the Layer 2 interface to the forwarding or blocking state. 16- The Layer 2 interface waits for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a ... to the learning state, and resets the forward delay timer. 3. In the learning state, the Layer 2 interface continues to the blocking state. 2. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 The Layer 2 interface waits for the forwarding database. 4.
User Guide
Page 16
... blocking state performs as shown in the switch. If only one switch is the root or root bridge. A port always enters the blocking state following switch initialization. Feature Overview 16- A switch initially assumes it exchanges BPDUs with other switches. After initialization, a BPDU is the...forwarding, as follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Blocking State A Layer 2 interface in the blocking state does not participate in the ...
... blocking state performs as shown in the switch. If only one switch is the root or root bridge. A port always enters the blocking state following switch initialization. Feature Overview 16- A switch initially assumes it exchanges BPDUs with other switches. After initialization, a BPDU is the...forwarding, as follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Blocking State A Layer 2 interface in the blocking state does not participate in the ...
User Guide
Page 17
... state performs as follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Listening State The listening state is no learning at this state when STP determines ... system module. • Receives and responds to network management messages. Figure 6 shows a Layer 2 interface in frame forwarding. 16- The Layer 2 interface enters this point, so there is the first transitional state a Layer 2 interface enters after the blocking state.
... state performs as follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Listening State The listening state is no learning at this state when STP determines ... system module. • Receives and responds to network management messages. Figure 6 shows a Layer 2 interface in frame forwarding. 16- The Layer 2 interface enters this point, so there is the first transitional state a Layer 2 interface enters after the blocking state.
User Guide
Page 18
... Discards frames received from the attached segment. • Discards frames switched from the listening state. The Layer 2 interface enters the learning state from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Learning State A Layer 2 interface in the learning state... prepares to network management messages. Feature Overview 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 18 and 36-Port Ethernet Switch Module for forwarding. • Incorporates end station location into its address database. •...
... Discards frames received from the attached segment. • Discards frames switched from the listening state. The Layer 2 interface enters the learning state from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Learning State A Layer 2 interface in the learning state... prepares to network management messages. Feature Overview 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 18 and 36-Port Ethernet Switch Module for forwarding. • Incorporates end station location into its address database. •...
User Guide
Page 19
... from the system module. • Receives and responds to network management messages. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Forwarding State A Layer 2 interface in the forwarding state forwards frames, as shown...8226; Forwards frames switched from another Layer 2 interface for forwarding. • Incorporates end station location information into its address database. • Receives BPDUs and directs them to the system module. • Processes BPDUs received from the learning state. Cisco IOS Release 12...
... from the system module. • Receives and responds to network management messages. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Forwarding State A Layer 2 interface in the forwarding state forwards frames, as shown...8226; Forwards frames switched from another Layer 2 interface for forwarding. • Incorporates end station location information into its address database. • Receives BPDUs and directs them to the system module. • Processes BPDUs received from the learning state. Cisco IOS Release 12...
User Guide
Page 20
...bridge IDs for the VLAN spanning trees. Table 3 Number of VLANs Allowed by Platform Platform Cisco 3640 or higher Cisco 3620 Cisco 2600 Maximum number of VLANs allowed for transmission from another Layer 2 interface for forwarding. ... allowed 64 VLANS 32 VLANs 32 VLANs Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 20 and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer 2 ...• Discards frames received from the attached segment. • Discards frames switched from the system module. Feature Overview...
...bridge IDs for the VLAN spanning trees. Table 3 Number of VLANs Allowed by Platform Platform Cisco 3640 or higher Cisco 3620 Cisco 2600 Maximum number of VLANs allowed for transmission from another Layer 2 interface for forwarding. ... allowed 64 VLANS 32 VLANs 32 VLANs Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 20 and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer 2 ...• Discards frames received from the attached segment. • Discards frames switched from the system module. Feature Overview...