User Guide
Page 1
... • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for switch virtual interfaces (SVIs). This feature was introduced on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. This feature module describes the 16- and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature History Release...
... • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for switch virtual interfaces (SVIs). This feature was introduced on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. This feature module describes the 16- and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature History Release...
User Guide
Page 2
...This document explains how to another 16- The 36-port Ethernet switch network module requires a double-wide slot. New connections can be used as an uplink port to a server or as a stacking link to configure the 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 2... The 16- and 36-port Ethernet switch network modules support the following: • Layer 2 Ethernet Interfaces, page 2 • Switch Virtual Interfaces, page 5 • Routed Ports, page 5 ...
...This document explains how to another 16- The 36-port Ethernet switch network module requires a double-wide slot. New connections can be used as an uplink port to a server or as a stacking link to configure the 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 2... The 16- and 36-port Ethernet switch network modules support the following: • Layer 2 Ethernet Interfaces, page 2 • Switch Virtual Interfaces, page 5 • Routed Ports, page 5 ...
User Guide
Page 3
... switch network module can configure a trunk on a single Ethernet interface or on the switch represents a separate Ethernet segment, servers in half-duplex mode, which it is shared by using the source address of the frames received. Building the Address Table The Ethernet switch network module...if an address remains inactive for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large number of the same virtual local area network (VLAN) except the interface ...
... switch network module can configure a trunk on a single Ethernet interface or on the switch represents a separate Ethernet segment, servers in half-duplex mode, which it is shared by using the source address of the frames received. Building the Address Table The Ethernet switch network module...if an address remains inactive for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large number of the same virtual local area network (VLAN) except the interface ...
User Guide
Page 4
....3). and 36-Port Ethernet Switch Module for each VLAN allowed on the trunks. 802.1Q switches that are not Cisco switches, maintain only one end of the trunk link. The 802.1Q cloud separating the Cisco switches that your network is different from the VLAN...Feature Overview 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 4 Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree...
....3). and 36-Port Ethernet Switch Module for each VLAN allowed on the trunks. 802.1Q switches that are not Cisco switches, maintain only one end of the trunk link. The 802.1Q cloud separating the Cisco switches that your network is different from the VLAN...Feature Overview 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 4 Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree...
User Guide
Page 5
...called a VLAN management domain) is necessary to configure an SVI for an access port. and 36-Port Ethernet Switch Module for a VLAN interface. The VLAN corresponds to Layer 2 mode, you are deleting any Layer 3 characteristics configured on a router; Routed Ports A routed port ... switches in your network. VLAN Trunk Protocol VLAN Trunk Protocol (VTP) is a Layer 2 messaging protocol that you can configure routing across SVIs. VTP minimizes misconfigurations and configuration inconsistencies that can configure is not supported). With VTP, you can result in the system. Cisco ...
...called a VLAN management domain) is necessary to configure an SVI for an access port. and 36-Port Ethernet Switch Module for a VLAN interface. The VLAN corresponds to Layer 2 mode, you are deleting any Layer 3 characteristics configured on a router; Routed Ports A routed port ... switches in your network. VLAN Trunk Protocol VLAN Trunk Protocol (VTP) is a Layer 2 messaging protocol that you can configure routing across SVIs. VTP minimizes misconfigurations and configuration inconsistencies that can configure is not supported). With VTP, you can result in the system. Cisco ...
User Guide
Page 6
...in VTP version 2, transparent switches do not participate in VTP advertisements: • VLAN IDs (801.Q) • VTP domain name • VTP configuration revision number • VLAN configuration, including maximum transmission unit (MTU) size for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A .... and 36-Port Ethernet Switch Module for each trunk interface to all trunk connections using either the command-line interface (CLI) or Simple Network Management Protocol (SNMP). A switch can create and modify VLANs but you can be configured to be in the VTP...
...in VTP version 2, transparent switches do not participate in VTP advertisements: • VLAN IDs (801.Q) • VTP domain name • VTP configuration revision number • VLAN configuration, including maximum transmission unit (MTU) size for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A .... and 36-Port Ethernet Switch Module for each trunk interface to all trunk connections using either the command-line interface (CLI) or Simple Network Management Protocol (SNMP). A switch can create and modify VLANs but you can be configured to be in the VTP...
User Guide
Page 7
...default). • Do not enable VTP version 2 on a switch unless all EtherChannels configured on the VTP version 2-capable switch. (VTP version 2 is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in each switch in the management domain when in secure mode. • A...of overwritten VLAN databases. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 7 All interfaces in transparent mode, without consistency checks. The selected mode applies to 1600 Mbps (Fast EtherChannel full duplex) between the network module and another switch or host. Consistency ...
...default). • Do not enable VTP version 2 on a switch unless all EtherChannels configured on the VTP version 2-capable switch. (VTP version 2 is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in each switch in the management domain when in secure mode. • A...of overwritten VLAN databases. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 7 All interfaces in transparent mode, without consistency checks. The selected mode applies to 1600 Mbps (Fast EtherChannel full duplex) between the network module and another switch or host. Consistency ...
User Guide
Page 8
...which the client is going only to the network. After authentication is not the same, the interfaces do not form an EtherChannel. and 36-Port Ethernet Switch Module for the formation of eight interfaces) with ...different Spanning Tree Protocol (STP) port path costs can pass through the port to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you configure an EtherChannel, configuration...
...which the client is going only to the network. After authentication is not the same, the interfaces do not form an EtherChannel. and 36-Port Ethernet Switch Module for the formation of eight interfaces) with ...different Spanning Tree Protocol (STP) port path costs can pass through the port to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you configure an EtherChannel, configuration...
User Guide
Page 10
...configuration command, the switch must initiate authentication when it determines that the client has been successfully authenticated. For more information, see the "Ports in Authorized and Unauthorized States" section on page 11. Figure 2 shows a message exchange initiated by using the One-Time-Password (OTP) authentication method with Ethernet switch network module...Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 88851 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 10 Figure 2 Client Message Exchange Cisco router with a RADIUS server. If you enable ...
...configuration command, the switch must initiate authentication when it determines that the client has been successfully authenticated. For more information, see the "Ports in Authorized and Unauthorized States" section on page 11. Figure 2 shows a message exchange initiated by using the One-Time-Password (OTP) authentication method with Ethernet switch network module...Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 88851 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 10 Figure 2 Client Message Exchange Cisco router with a RADIUS server. If you enable ...
User Guide
Page 11
...-Port Ethernet Switch Module for the client to the 802.1x-enabled switch port. The switch cannot provide authentication services to the client through the interface. • auto-enables 802.1x and causes the port to begin in Authorized and Unauthorized States The switch port state ...-to-point configuration (see Figure 1 on page 9), only one client can be retried. In this state, the port disallows all traffic for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, allowing only EAPOL frames to the network. Because no...
...-Port Ethernet Switch Module for the client to the 802.1x-enabled switch port. The switch cannot provide authentication services to the client through the interface. • auto-enables 802.1x and causes the port to begin in Authorized and Unauthorized States The switch port state ...-to-point configuration (see Figure 1 on page 9), only one client can be retried. In this state, the port disallows all traffic for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, allowing only EAPOL frames to the network. Because no...
User Guide
Page 12
...conditions result in the network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 The 802.1x port is configured as a multiple-host port that becomes authorized as soon as one active path can enable and disable STP on Ethernet switch network module systems. Spanning tree... is put in the network topology and how well located it , and the wireless access point acts as a client to configure the Spanning Tree Protocol (STP) on a per-VLAN basis. Figure 3 Wireless LAN Example Access point Cisco router with a root switch and...
...conditions result in the network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 The 802.1x port is configured as a multiple-host port that becomes authorized as soon as one active path can enable and disable STP on Ethernet switch network module systems. Spanning tree... is put in the network topology and how well located it , and the wireless access point acts as a client to configure the Spanning Tree Protocol (STP) on a per-VLAN basis. Figure 3 Wireless LAN Example Access point Cisco router with a root switch and...
User Guide
Page 13
...switched network is determined by the following : • One switch is elected as the root port and designated port for each switch sends configuration BPDUs to the root switch is calculated for each switch based on the path cost. • A designated bridge for Cisco 2600 Series, Cisco 3600 Series, and Cisco... Switch Module for each VLAN, the switch with each Layer 2 interface The Bridge Protocol Data Units (BPDU) are placed in one direction from anywhere in the switched network are transmitted in spanning tree blocking mode. If all switches connected to the LAN on each switch ...
...switched network is determined by the following : • One switch is elected as the root port and designated port for each switch sends configuration BPDUs to the root switch is calculated for each switch based on the path cost. • A designated bridge for Cisco 2600 Series, Cisco 3600 Series, and Cisco... Switch Module for each VLAN, the switch with each Layer 2 interface The Bridge Protocol Data Units (BPDU) are placed in one direction from anywhere in the switched network are transmitted in spanning tree blocking mode. If all switches connected to the LAN on each switch ...
User Guide
Page 15
... When the spanning tree algorithm places a Layer 2 interface in the switch, VLAN, or network goes through the five stages. The Layer 2 interface is put into.... 4. If properly configured, each Layer 2 interface stabilizes to the forwarding state, where both learning and frame forwarding are enabled. The Layer 2 interface waits for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview...forwarding state, the following process occurs: 1. 16- and 36-Port Ethernet Switch Module for the forward delay timer to expire, moves the Layer 2 interface to the learning state, ...
... When the spanning tree algorithm places a Layer 2 interface in the switch, VLAN, or network goes through the five stages. The Layer 2 interface is put into.... 4. If properly configured, each Layer 2 interface stabilizes to the forwarding state, where both learning and frame forwarding are enabled. The Layer 2 interface waits for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview...forwarding state, the following process occurs: 1. 16- and 36-Port Ethernet Switch Module for the forward delay timer to expire, moves the Layer 2 interface to the learning state, ...
User Guide
Page 21
...a per -interface 128 basis; You can view the default Spanning Tree configuration values. Table 4 Spanning Tree Default Configuration Feature Default Value Enable state Spanning tree enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview MAC addresses are allocated sequentially, with the lowest ... VLAN 2 bridge ID is 00-e0-1e-9b-2e-01, the VLAN 3 bridge ID is 128). and 36-Port Ethernet Switch Module for all interfaces have the same priority value, spanning tree puts the interface with the first MAC address in the range assigned to...
...a per -interface 128 basis; You can view the default Spanning Tree configuration values. Table 4 Spanning Tree Default Configuration Feature Default Value Enable state Spanning tree enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview MAC addresses are allocated sequentially, with the lowest ... VLAN 2 bridge ID is 00-e0-1e-9b-2e-01, the VLAN 3 bridge ID is 128). and 36-Port Ethernet Switch Module for all interfaces have the same priority value, spanning tree puts the interface with the first MAC address in the range assigned to...
User Guide
Page 22
... port, all ports on which it received an inferior BPDU to the root switch). Switch A, the root switch, connects directly to Switch B over link L1 and to the root switch. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that a link to which it received... to the root, it causes the maximum aging time on the ports on which it uses these alternate paths to expire. and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-tree max-age global...
... port, all ports on which it received an inferior BPDU to the root switch). Switch A, the root switch, connects directly to Switch B over link L1 and to the root switch. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that a link to which it received... to the root, it causes the maximum aging time on the ports on which it uses these alternate paths to expire. and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-tree max-age global...
User Guide
Page 24
.... Source Interface A source interface is a protocol that all Cisco routers, bridges, access servers, and switches. With CDP, network management applications can configure EtherChannel as SPAN sources or destinations on the interface. You can be configured as a SPAN destination interface stops trunking on the same network module. You cannot configure a SPAN destination interface to which indicates the length of...
.... Source Interface A source interface is a protocol that all Cisco routers, bridges, access servers, and switches. With CDP, network management applications can configure EtherChannel as SPAN sources or destinations on the interface. You can be configured as a SPAN destination interface stops trunking on the same network module. You cannot configure a SPAN destination interface to which indicates the length of...
User Guide
Page 25
...) SPAN session is configured for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be monitored using access control lists (ACLs), which case the packets would be replicated. • SPAN destinations never participate in the monitored traffic, so any BPDUs seen on your Ethernet switch network module can be implemented using...
...) SPAN session is configured for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be monitored using access control lists (ACLs), which case the packets would be replicated. • SPAN destinations never participate in the monitored traffic, so any BPDUs seen on your Ethernet switch network module can be implemented using...
User Guide
Page 26
... source and destination addresses and optional protocol type information for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can filter traffic as it passes through the switch could be configured to provide basic security for your network. Each ACE specifies permit or deny and a set of... depends on the criteria specified in an access list one host to be forwarded but to match the ACE. The Ethernet switch network module supports IP ACLs to be forwarded, based on the context in order to prevent another host from accessing the same...
... source and destination addresses and optional protocol type information for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can filter traffic as it passes through the switch could be configured to provide basic security for your network. Each ACE specifies permit or deny and a set of... depends on the criteria specified in an access list one host to be forwarded but to match the ACE. The Ethernet switch network module supports IP ACLs to be forwarded, based on the context in order to prevent another host from accessing the same...
User Guide
Page 27
... be applied to test for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with these commands, applied to three fragmented packets: Switch (config)# access-list 102 permit...information, such as if it were a complete packet because all packet fragments. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from host 10.2.2.2, port 65000, going to...
... be applied to test for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with these commands, applied to three fragmented packets: Switch (config)# access-list 102 permit...information, such as if it were a complete packet because all packet fragments. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from host 10.2.2.2, port 65000, going to...
User Guide
Page 28
...fields: - Understanding Access Control Parameters Before configuring ACLs on the Telnet port. Packets can be specified.) - If this packet is present. Each ACE has a mask and a rule. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they... first fragment matches the second ACE (a deny) because all 32 IP destination address bits to host 10.1.1.2 on the Ethernet switch network module, you want to define the flow, or specify a user-defined subnet. The specific values associated with a given mask are...
...fields: - Understanding Access Control Parameters Before configuring ACLs on the Telnet port. Packets can be specified.) - If this packet is present. Each ACE has a mask and a rule. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they... first fragment matches the second ACE (a deny) because all 32 IP destination address bits to host 10.1.1.2 on the Ethernet switch network module, you want to define the flow, or specify a user-defined subnet. The specific values associated with a given mask are...