User Guide
Page 1
...Feature Information for the 4-port Cisco HWIC-4ESW and the 9-port Cisco HWIC-D-9ESW EtherSwitch high-speed WAN interface cards (HWICs) hardware feature supported on a Cisco EtherSwitch HWIC may not support all the ...Cisco HWIC-4ESW and the Cisco HWIC-D-9ESW EtherSwitch Cards" section on page 104. This hardware feature does not introduce any new or modified Cisco IOS commands. Finding Feature Information Your software release may be added to another Cisco EtherSwitch HWIC or EtherSwitch network module in the same system. An account on a switch is not required. Cisco EtherSwitch HWICs...
...Feature Information for the 4-port Cisco HWIC-4ESW and the 9-port Cisco HWIC-D-9ESW EtherSwitch high-speed WAN interface cards (HWICs) hardware feature supported on a Cisco EtherSwitch HWIC may not support all the ...Cisco HWIC-4ESW and the Cisco HWIC-D-9ESW EtherSwitch Cards" section on page 104. This hardware feature does not introduce any new or modified Cisco IOS commands. Finding Feature Information Your software release may be added to another Cisco EtherSwitch HWIC or EtherSwitch network module in the same system. An account on a switch is not required. Cisco EtherSwitch HWICs...
User Guide
Page 2
... information about the Cisco EtherSwitch HWICs. • Prerequisites for EtherSwitch HWICs, page 2 • Restrictions for EtherSwitch HWICs, page 2 • Information About EtherSwitch HWICs, page 3 • How to Configure EtherSwitch HWICs, page 5 • Configuration Examples for EtherSwitch HWICs, page 91 • Additional References, page 102 Prerequisites for EtherSwitch HWICs The following restrictions apply to the Cisco HWIC-4ESW and the Cisco HWIC-D-9ESW EtherSwitch HWICs: • No more than two Ethernet Switch HWICs or network...
... information about the Cisco EtherSwitch HWICs. • Prerequisites for EtherSwitch HWICs, page 2 • Restrictions for EtherSwitch HWICs, page 2 • Information About EtherSwitch HWICs, page 3 • How to Configure EtherSwitch HWICs, page 5 • Configuration Examples for EtherSwitch HWICs, page 91 • Additional References, page 102 Prerequisites for EtherSwitch HWICs The following restrictions apply to the Cisco HWIC-4ESW and the Cisco HWIC-D-9ESW EtherSwitch HWICs: • No more than two Ethernet Switch HWICs or network...
User Guide
Page 3
... a single chassis. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series module. For information about VLANs, see the 16- Note Without this configuration and connection, duplications will occur in the VLAN databases, and unexpected packet handling may occur. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Prerequisites for Installing Two...
... a single chassis. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series module. For information about VLANs, see the 16- Note Without this configuration and connection, duplications will occur in the VLAN databases, and unexpected packet handling may occur. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Prerequisites for Installing Two...
User Guide
Page 4
... information about storm control, see the "Storm Control" section of the EtherSwitch Network Module. 4 Storm Control For conceptual information about a switched port analyzer, see the "Switched Port Analyzer" section of the EtherSwitch Network Module. Information About EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Inline Power for Cisco IP Phones For conceptual information about Spanning Tree Protocol, see the...
... information about storm control, see the "Storm Control" section of the EtherSwitch Network Module. 4 Storm Control For conceptual information about a switched port analyzer, see the "Switched Port Analyzer" section of the EtherSwitch Network Module. Information About EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Inline Power for Cisco IP Phones For conceptual information about Spanning Tree Protocol, see the...
User Guide
Page 5
Fallback Bridging For conceptual information about intrachassis stacking, see the "Fallback Bridging" section of the EtherSwitch Network Module. Disabled (force-authorized). Disabled. 5 Table 1 Default 802.1x Configuration Feature Authentication, ...number of times that the switch will send an EAP-request/identity frame before restarting the authentication process). Default 802.1x Configuration Table 1 shows the default 802.1x configuration. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Information About EtherSwitch HWICs Intrachassis Stacking For conceptual ...
Fallback Bridging For conceptual information about intrachassis stacking, see the "Fallback Bridging" section of the EtherSwitch Network Module. Disabled (force-authorized). Disabled. 5 Table 1 Default 802.1x Configuration Feature Authentication, ...number of times that the switch will send an EAP-request/identity frame before restarting the authentication process). Default 802.1x Configuration Table 1 shows the default 802.1x configuration. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Information About EtherSwitch HWICs Intrachassis Stacking For conceptual ...
User Guide
Page 6
... EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Table 1 Default 802.1x Configuration (continued) Feature Client timeout period Authentication server timeout period Default Setting 30 seconds (when relaying a request from the client to the authentication server, the amount of time the switch waits...port mode is removed as a SPAN destination. If you try to change the mode of an 802.1x-enabled port to Configure EtherSwitch HWICs • Configuring VLANs, page 5 • Configuring VLAN Trunking Protocol, page 7 • Configuring Layer 2 Interfaces, page ...
... EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Table 1 Default 802.1x Configuration (continued) Feature Client timeout period Authentication server timeout period Default Setting 30 seconds (when relaying a request from the client to the authentication server, the amount of time the switch waits...port mode is removed as a SPAN destination. If you try to change the mode of an 802.1x-enabled port to Configure EtherSwitch HWICs • Configuring VLANs, page 5 • Configuring VLAN Trunking Protocol, page 7 • Configuring Layer 2 Interfaces, page ...
User Guide
Page 7
Updates the VLAN database, propagates it throughout the administrative domain, and returns to configure VLANs on the switch and contains the following sections: • Adding a VLAN Instance, page 6 • Deleting a VLAN Instance ...: Router(vlan)# exit Adds an Ethernet VLAN. • Enter the VLAN number. vlan vlan-id 4. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs • Managing the EtherSwitch HWIC, page 78 Configuring VLANs This section describes how to privileged EXEC mode. Deleting a VLAN Instance from the ...
Updates the VLAN database, propagates it throughout the administrative domain, and returns to configure VLANs on the switch and contains the following sections: • Adding a VLAN Instance, page 6 • Deleting a VLAN Instance ...: Router(vlan)# exit Adds an Ethernet VLAN. • Enter the VLAN number. vlan vlan-id 4. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs • Managing the EtherSwitch HWIC, page 78 Configuring VLANs This section describes how to privileged EXEC mode. Deleting a VLAN Instance from the ...
User Guide
Page 8
...Step 4 Example: Router(vlan)# no vlan vlan-id 4. Follow the steps below to configure the VLAN Trunking Protocol (VTP) on an EtherSwitch HWIC, and contains the following tasks: • Configuring a VTP Server, page 7 • Configuring a VTP Client, page 8 •... a VTP Server When a switch is not supported by EtherSwitch HWICs. Enters VLAN configuration mode. no vlan 1 exit Example: Router(vlan)# exit Deletes an Ethernet VLAN. • Enter the VLAN number. How to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Follow the steps ...
...Step 4 Example: Router(vlan)# no vlan vlan-id 4. Follow the steps below to configure the VLAN Trunking Protocol (VTP) on an EtherSwitch HWIC, and contains the following tasks: • Configuring a VTP Server, page 7 • Configuring a VTP Client, page 8 •... a VTP Server When a switch is not supported by EtherSwitch HWICs. Enters VLAN configuration mode. no vlan 1 exit Example: Router(vlan)# exit Deletes an Ethernet VLAN. • Enter the VLAN number. How to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Follow the steps ...
User Guide
Page 9
... domain password • Enter a password. Configuring a VTP Client When a switch is in the management domain and modifies its configuration accordingly. Updates the VLAN database, propagates it throughout the administrative domain, exits VLAN configuration mode, and returns to Configure EtherSwitch HWICs SUMMARY STEPS 1. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to privileged EXEC mode. Passwords can...
... domain password • Enter a password. Configuring a VTP Client When a switch is in the management domain and modifies its configuration accordingly. Updates the VLAN database, propagates it throughout the administrative domain, exits VLAN configuration mode, and returns to Configure EtherSwitch HWICs SUMMARY STEPS 1. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to privileged EXEC mode. Passwords can...
User Guide
Page 10
... Follow the steps below to disable VTP on VTP updates received from other switches. exit 10 A VTP transparent switch does not send VTP updates and does not act on the switch. SUMMARY STEPS 1. vlan database 3. exit DETAILED STEPS Command or Action Step...and returns to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards SUMMARY STEPS 1. vtp transparent 4. vtp client 4. vlan database 3. Step 3 Example: Router# vlan database vtp client Configures the switch as VTP transparent, you disable VTP on the switch. Enters VLAN configuration ...
... Follow the steps below to disable VTP on VTP updates received from other switches. exit 10 A VTP transparent switch does not send VTP updates and does not act on the switch. SUMMARY STEPS 1. vlan database 3. exit DETAILED STEPS Command or Action Step...and returns to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards SUMMARY STEPS 1. vtp transparent 4. vtp client 4. vlan database 3. Step 3 Example: Router# vlan database vtp client Configures the switch as VTP transparent, you disable VTP on the switch. Enters VLAN configuration ...
User Guide
Page 18
Ensure that the neighboring switch is complete. configure terminal 3. switchport access vlan vlan-number 7. Step 3 Example: Router# configure terminal interface fastethernet interface-id Step 4 Example... your password if prompted. Enters global configuration mode. Configuring a Fast Ethernet Interface as Layer 2 Access Follow these steps below to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Note Ports do not support Dynamic Trunk Protocol (DTP). shutdown 5. SUMMARY STEPS 1. Example: Router(config-if)# switchport mode access...
Ensure that the neighboring switch is complete. configure terminal 3. switchport access vlan vlan-number 7. Step 3 Example: Router# configure terminal interface fastethernet interface-id Step 4 Example... your password if prompted. Enters global configuration mode. Configuring a Fast Ethernet Interface as Layer 2 Access Follow these steps below to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Note Ports do not support Dynamic Trunk Protocol (DTP). shutdown 5. SUMMARY STEPS 1. Example: Router(config-if)# switchport mode access...
User Guide
Page 19
... Periodic Reauthentication, page 23 • Changing the Quiet Period, page 24 • Changing the Switch-to-Client Retransmission Time, page 25 • Setting the Switch-to-Client Frame-Retransmission Number, page 26 • Enabling Multiple Hosts, page 27 • Resetting... 29 Enabling 802.1x Authentication To enable 802.1x port-based authentication, you shut down the interface. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs Step 6 Command or Action switchport access vlan vlan-number Step 7 Example: Router(config-if)# switchport ...
... Periodic Reauthentication, page 23 • Changing the Quiet Period, page 24 • Changing the Switch-to-Client Retransmission Time, page 25 • Setting the Switch-to-Client Frame-Retransmission Number, page 26 • Enabling Multiple Hosts, page 27 • Resetting... 29 Enabling 802.1x Authentication To enable 802.1x port-based authentication, you shut down the interface. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs Step 6 Command or Action switchport access vlan vlan-number Step 7 Example: Router(config-if)# switchport ...
User Guide
Page 20
...number 5. The default method list is automatically applied to be used when a named list is automatically authenticated without the switch using the information supplied by the methods that is used in the authentication command, use the default keyword followed by...auto Step 6 end Creates an 802.1x authentication method list. • To create a default list that are to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards 3. end 7. The client is not specified in default situations. Returns to privileged EXEC mode. copy running-config ...
...number 5. The default method list is automatically applied to be used when a named list is automatically authenticated without the switch using the information supplied by the methods that is used in the authentication command, use the default keyword followed by...auto Step 6 end Creates an 802.1x authentication method list. • To create a default list that are to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards 3. end 7. The client is not specified in default situations. Returns to privileged EXEC mode. copy running-config ...
User Guide
Page 21
show running -config startup-config Configuring the Switch-to-RADIUS-Server Communication RADIUS security servers are identified by their host name or IP address, host name and specific UDP port numbers, or IP ... multiple UDP ports on a server at the same IP address. Enters global configuration mode. If two different host entries on the switch. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs Command or Action Step 7 show dot1x Purpose Verifies your password if prompted. The combination of the IP address and UDP port number...
show running -config startup-config Configuring the Switch-to-RADIUS-Server Communication RADIUS security servers are identified by their host name or IP address, host name and specific UDP port numbers, or IP ... multiple UDP ports on a server at the same IP address. Enters global configuration mode. If two different host entries on the switch. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs Command or Action Step 7 show dot1x Purpose Verifies your password if prompted. The combination of the IP address and UDP port number...
User Guide
Page 22
... server. • For auth-port port-number, specify the UDP destination port for all RADIUS servers by both the server and the switch. Step 6 Example: Router# show running -config startup-config (Optional) Saves your entries. For more information, refer to privileged EXEC ...of the switch and the key string to be shared by using the radius-server host global configuration command. If you use multiple RADIUS servers, repeat this command. These settings include the IP address of the key. How to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface ...
... server. • For auth-port port-number, specify the UDP destination port for all RADIUS servers by both the server and the switch. Step 6 Example: Router# show running -config startup-config (Optional) Saves your entries. For more information, refer to privileged EXEC ...of the switch and the key string to be shared by using the radius-server host global configuration command. If you use multiple RADIUS servers, repeat this command. These settings include the IP address of the key. How to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface ...
User Guide
Page 23
...Example: Router(config)# end 23 dot1x timeout re-authperiod seconds 5. show dot1x 7. end 6. dot1x timeout re-authperiod seconds Sets the number of the switch only if periodic reauthentication is enabled end Returns to individual ports. Example: • The range is a global setting and cannot be set for clients... reauthentication attempts is disabled by default. If you do not specify a time period before enabling reauthentication, the number of the client. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to 4294967295; SUMMARY STEPS 1.
...Example: Router(config)# end 23 dot1x timeout re-authperiod seconds 5. show dot1x 7. end 6. dot1x timeout re-authperiod seconds Sets the number of the switch only if periodic reauthentication is enabled end Returns to individual ports. Example: • The range is a global setting and cannot be set for clients... reauthentication attempts is disabled by default. If you do not specify a time period before enabling reauthentication, the number of the client. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to 4294967295; SUMMARY STEPS 1.
User Guide
Page 24
... quiet-period seconds Example: Router(config)#dot1x timeout quiet-period 120 Sets the number of seconds that the switch remains in the configuration file. the default is determined by entering smaller number than the default. Example: Router...entries. Enters global configuration mode. dot1x timeout quiet-period seconds 4. configure terminal 3. SUMMARY STEPS 1. How to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Command or Action Step 6 show dot1x 6. copy running -config startup-config (Optional) Saves your password ...
... quiet-period seconds Example: Router(config)#dot1x timeout quiet-period 120 Sets the number of seconds that the switch remains in the configuration file. the default is determined by entering smaller number than the default. Example: Router...entries. Enters global configuration mode. dot1x timeout quiet-period seconds 4. configure terminal 3. SUMMARY STEPS 1. How to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Command or Action Step 6 show dot1x 6. copy running -config startup-config (Optional) Saves your password ...
User Guide
Page 25
...2 Example: Router> enable configure terminal Purpose Enables privileged EXEC mode. • Enter your password if prompted. If the switch does not receive this command only to privileged EXEC mode. Enters global configuration mode. Step 6 Example: Router# show dot1x...problems with an EAP-response/identity frame. end 5. Example: Router# configure terminal 25 enable 2. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs Command or Action Step 4 end Purpose Returns to adjust for client notification. show dot1x Verifies your...
...2 Example: Router> enable configure terminal Purpose Enables privileged EXEC mode. • Enter your password if prompted. If the switch does not receive this command only to privileged EXEC mode. Enters global configuration mode. Step 6 Example: Router# show dot1x...problems with an EAP-response/identity frame. end 5. Example: Router# configure terminal 25 enable 2. Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards How to Configure EtherSwitch HWICs Command or Action Step 4 end Purpose Returns to adjust for client notification. show dot1x Verifies your...
User Guide
Page 26
...configure terminal 3. How to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Step 3 Step 4 Command or Action Purpose dot1x timeout tx-period seconds Example: Router(config)# dot1x timeout tx-period seconds Sets the number of seconds that the switch sends an EAP-request/identity ... the authentication process. show dot1x 6. the default is 1 to 65535 seconds; Follow the steps below to set the switch-to privileged EXEC mode. Note You should change the number of this command only to the client before retransmitting the request...
...configure terminal 3. How to Configure EtherSwitch HWICs Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Step 3 Step 4 Command or Action Purpose dot1x timeout tx-period seconds Example: Router(config)# dot1x timeout tx-period seconds Sets the number of seconds that the switch sends an EAP-request/identity ... the authentication process. show dot1x 6. the default is 1 to 65535 seconds; Follow the steps below to set the switch-to privileged EXEC mode. Note You should change the number of this command only to the client before retransmitting the request...
User Guide
Page 27
...switch sends an EAP-request/identity frame to the client before restarting the authentication process. • The range is received), all hosts to be successfully authorized for all attached clients are denied access to a single 802.1x-enabled port. Step 6 Example: Router# show dot1x interface interface-number 27 Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch... Interface Cards How to privileged EXEC mode. Returns to Configure EtherSwitch HWICs DETAILED STEPS Command or Action Step ...
...switch sends an EAP-request/identity frame to the client before restarting the authentication process. • The range is received), all hosts to be successfully authorized for all attached clients are denied access to a single 802.1x-enabled port. Step 6 Example: Router# show dot1x interface interface-number 27 Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch... Interface Cards How to privileged EXEC mode. Returns to Configure EtherSwitch HWICs DETAILED STEPS Command or Action Step ...