User Guide
Page 1
.../DSCP mapping and rate limiting), security ACL, IGMP snooping, per-port storm control, and fallback bridging support for the 16- and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature History Release 12.2(2)XT 12.2(8)T 12.2(15)ZJ Modification This feature was integrated into...
.../DSCP mapping and rate limiting), security ACL, IGMP snooping, per-port storm control, and fallback bridging support for the 16- and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature History Release 12.2(2)XT 12.2(8)T 12.2(15)ZJ Modification This feature was integrated into...
User Guide
Page 2
...8226; Fallback Bridging, page 42 Layer 2 Ethernet Interfaces Layer 2 Ethernet Switching Ethernet switch network modules support simultaneous, parallel connections between different segments for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to another 16- An... EtherChannel, page 7 • 802.1x Port-Based Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • ...
...8226; Fallback Bridging, page 42 Layer 2 Ethernet Interfaces Layer 2 Ethernet Switching Ethernet switch network modules support simultaneous, parallel connections between different segments for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to another 16- An... EtherChannel, page 7 • 802.1x Port-Based Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • ...
User Guide
Page 3
... by high-bandwidth devices and a large number of all ports connect to the hub. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by assigning each session receives full bandwidth. Note Default parameters on all devices...
... by high-bandwidth devices and a large number of all ports connect to the hub. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by assigning each session receives full bandwidth. Note Default parameters on all devices...
User Guide
Page 4
...the interface into permanent trunking mode. Switchport mode trunk puts the interface into nontrunking mode. The 802.1Q cloud separating the Cisco switches that are not Cisco switches. Disabling spanning tree on the VLAN of an 802.1Q trunk without disabling spanning tree on every VLAN in the network... for an 802.1Q trunk is the same on both ends of the trunk is maintained by Cisco switches separated by a Cisco switch mark the line as a single trunk link between the switches. Cisco recommends that your network is . Make sure that you leave spanning tree enabled on the VLAN ...
...the interface into permanent trunking mode. Switchport mode trunk puts the interface into nontrunking mode. The 802.1Q cloud separating the Cisco switches that are not Cisco switches. Disabling spanning tree on the VLAN of an 802.1Q trunk without disabling spanning tree on every VLAN in the network... for an 802.1Q trunk is the same on both ends of the trunk is maintained by Cisco switches separated by a Cisco switch mark the line as a single trunk link between the switches. Cisco recommends that your network is . Make sure that you leave spanning tree enabled on the VLAN ...
User Guide
Page 5
... characteristics by managing the addition, deletion, and renaming of other switches in the system. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 By default, an SVI is created for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of hardware limitations. A routed port...
... characteristics by managing the addition, deletion, and renaming of other switches in the system. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 By default, an SVI is created for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of hardware limitations. A routed port...
User Guide
Page 6
... in VTP server mode and is in an un-named domain state until the switch receives an advertisement for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is the default mode. • Client-VTP clients behave the ... management domain name is distributed in the VTP domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 A switch can create and modify VLANs but you make global VLAN configuration changes for the domain using IEEE 802.1Q ...
... in VTP server mode and is in an un-named domain state until the switch receives an advertisement for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is the default mode. • Client-VTP clients behave the ... management domain name is distributed in the VTP domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 A switch can create and modify VLANs but you make global VLAN configuration changes for the domain using IEEE 802.1Q ...
User Guide
Page 7
.... When you must have the same speed duplex and mode. The selected mode applies to all version 2-capable switches in the domain enable VTP version 2 • The Cisco IOS end and Ctrl-Z commands are version 2-capable. The unrecognized TLV is read from the addresses in VLAN... individual Ethernet links into a single logical link that selects one domain is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in your network, you enable VTP version 2 on a switch, all EtherChannels configured on internal flash is supported. • Use the squeeze flash command ...
.... When you must have the same speed duplex and mode. The selected mode applies to all version 2-capable switches in the domain enable VTP version 2 • The Cisco IOS end and Ctrl-Z commands are version 2-capable. The unrecognized TLV is read from the addresses in VLAN... individual Ethernet links into a single logical link that selects one domain is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in your network, you enable VTP version 2 on a switch, all EtherChannels configured on internal flash is supported. • Use the squeeze flash command ...
User Guide
Page 8
...Restrictions If improperly configured, some EtherChannel interfaces are otherwise compatibly configured. Setting different STP port path costs does not, by the switch or the LAN. If you apply to the port-channel interface affects the EtherChannel. 802.1x Port-Based Authentication This section ... configure them as a link failure and its traffic is transferred to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you shut down an interface in an ...
...Restrictions If improperly configured, some EtherChannel interfaces are otherwise compatibly configured. Setting different STP port path costs does not, by the switch or the LAN. If you apply to the port-channel interface affects the EtherChannel. 802.1x Port-Based Authentication This section ... configure them as a link failure and its traffic is transferred to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you shut down an interface in an ...
User Guide
Page 9
... removed, leaving the EAP frame, which is the only supported authentication server; When the switch receives frames from the client, verifying that information with Extensible Authentication Protocol (EAP) extensions is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Device Roles With 802.1x port-based authentication, the devices...
... removed, leaving the EAP frame, which is the only supported authentication server; When the switch receives frames from the client, verifying that information with Extensible Authentication Protocol (EAP) extensions is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Device Roles With 802.1x port-based authentication, the devices...
User Guide
Page 10
... the authorized state effectively means that the port link state changes from the switch, the client can initiate authentication. Feature Overview 16- For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by one or more information, see...
... the authorized state effectively means that the port link state changes from the switch, the client can initiate authentication. Feature Overview 16- For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by one or more information, see...
User Guide
Page 11
..., the switch requests the client's identity. Each client attempting to access the network is the default setting. • force-unauthorized-causes the port to remain in the unauthorized state, ignoring all ingress and egress traffic except for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series... unauthorized state. Supported Topologies The 802.1x port-based authentication is received, the port returns to the 802.1x-enabled switch port. The switch detects the client when the port link state changes to the authorized state without 802.1x-based authentication of the client...
..., the switch requests the client's identity. Each client attempting to access the network is the default setting. • force-unauthorized-causes the port to remain in the unauthorized state, ignoring all ingress and egress traffic except for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series... unauthorized state. Supported Topologies The 802.1x port-based authentication is received, the port returns to the 802.1x-enabled switch port. The switch detects the client when the port link state changes to the authorized state without 802.1x-based authentication of the client...
User Guide
Page 12
Multiple active paths between any two stations. Figure 3 Wireless LAN Example Access point Cisco router with a root switch and a loop-free path from the root to all nodes in a wireless LAN. Spanning Tree Protocol defines a tree with Ethernet switch network module Authentication server (RADIUS) 88850 Wireless client Spanning Tree Protocol This section describes how...
Multiple active paths between any two stations. Figure 3 Wireless LAN Example Access point Cisco router with a root switch and a loop-free path from the root to all nodes in a wireless LAN. Spanning Tree Protocol defines a tree with Ethernet switch network module Authentication server (RADIUS) 88850 Wireless client Spanning Tree Protocol This section describes how...
User Guide
Page 13
...8226; The identifier of the switch that are configured with the default priority (32768), the switch with the lowest MAC address in the VLAN becomes the root switch. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge ...Protocol Data Units The stable active spanning tree topology of a switched network is determined by the following minimal information...
...8226; The identifier of the switch that are configured with the default priority (32768), the switch with the lowest MAC address in the VLAN becomes the root switch. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge ...Protocol Data Units The stable active spanning tree topology of a switched network is determined by the following minimal information...
User Guide
Page 14
...-The Layer 2 interface prepares to expire for new topology information to propagate through a switched LAN. When a Layer 2 interface changes directly from nonparticipation in the spanning tree topology to disabled Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 14 A Layer 2 interface moves... to the forwarding state, it can create temporary data loops. Feature Overview 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that affect the entire spanning tree performance: Table ...
...-The Layer 2 interface prepares to expire for new topology information to propagate through a switched LAN. When a Layer 2 interface changes directly from nonparticipation in the spanning tree topology to disabled Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 14 A Layer 2 interface moves... to the forwarding state, it can create temporary data loops. Feature Overview 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that affect the entire spanning tree performance: Table ...
User Guide
Page 15
... state, and resets the forward delay timer. 3. Figure 4 STP Port States Boot-up . 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 and 36-Port Ethernet Switch Module for the forwarding database. 4. In the learning state, the Layer 2 interface continues to block frame...put into the listening state while it waits for protocol information that suggests that it learns end station location information for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of ...
... state, and resets the forward delay timer. 3. Figure 4 STP Port States Boot-up . 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 and 36-Port Ethernet Switch Module for the forwarding database. 4. In the learning state, the Layer 2 interface continues to block frame...put into the listening state while it waits for protocol information that suggests that it learns end station location information for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of ...
User Guide
Page 16
... and the ports move to the listening state. A port always enters the blocking state following switch initialization. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Blocking State A Layer 2 interface in the blocking state does not participate in the ...interface in the network is the root until it exchanges BPDUs with other switches. A switch initially assumes it is the root or root bridge. After initialization, a BPDU is sent out to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 16 Feature Overview...
... and the ports move to the listening state. A port always enters the blocking state following switch initialization. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Blocking State A Layer 2 interface in the blocking state does not participate in the ...interface in the network is the root until it exchanges BPDUs with other switches. A switch initially assumes it is the root or root bridge. After initialization, a BPDU is sent out to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 16 Feature Overview...
User Guide
Page 17
... this point, so there is the first transitional state a Layer 2 interface enters after the blocking state. and 36-Port Ethernet Switch Module for forwarding. • Does not incorporate end station location into its address database. (There is no address database update.) ... state performs as follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Listening State The listening state is no learning at this state when STP determines...
... this point, so there is the first transitional state a Layer 2 interface enters after the blocking state. and 36-Port Ethernet Switch Module for forwarding. • Does not incorporate end station location into its address database. (There is no address database update.) ... state performs as follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Listening State The listening state is no learning at this state when STP determines...
User Guide
Page 18
... state performs as follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Learning State A Layer 2 interface in the learning state prepares to the system module. •...received from the listening state. Figure 7 shows a Layer 2 interface in frame forwarding. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 18 and 36-Port Ethernet Switch Module for forwarding. • Incorporates end station location into its address database. • ...
... state performs as follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Learning State A Layer 2 interface in the learning state prepares to the system module. •...received from the listening state. Figure 7 shows a Layer 2 interface in frame forwarding. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 18 and 36-Port Ethernet Switch Module for forwarding. • Incorporates end station location into its address database. • ...
User Guide
Page 19
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Forwarding State A Layer 2 interface in the forwarding state forwards frames, as shown in the forwarding state performs as follows: • Forwards frames received from the attached segment. • Forwards frames switched from another Layer 2 interface for forwarding...
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Forwarding State A Layer 2 interface in the forwarding state forwards frames, as shown in the forwarding state performs as follows: • Forwards frames received from the attached segment. • Forwards frames switched from another Layer 2 interface for forwarding...
User Guide
Page 20
... 64 VLANS 32 VLANs 32 VLANs Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 20 A Layer 2 interface in frame forwarding or spanning tree, as follows: • Discards frames received from the attached segment. • Discards frames switched from another Layer 2 interface for ...transmission from the system module. Feature Overview 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer 2 interface in the disabled state does not participate in the disabled state is no address...
... 64 VLANS 32 VLANs 32 VLANs Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 20 A Layer 2 interface in frame forwarding or spanning tree, as follows: • Discards frames received from the attached segment. • Discards frames switched from another Layer 2 interface for ...transmission from the system module. Feature Overview 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer 2 interface in the disabled state does not participate in the disabled state is no address...