User Guide
Page 1
... Ethernet Switch Module (NM-16ESW and NM-36ESW) for switch virtual interfaces (SVIs). This feature module describes the 16- This document includes the following sections: • Feature Overview, page 2 • Supported Platforms, page 45 • Supported Standards, MIBs, and RFCs, page 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for Cisco 2600 Series, Cisco...
... Ethernet Switch Module (NM-16ESW and NM-36ESW) for switch virtual interfaces (SVIs). This feature module describes the 16- This document includes the following sections: • Feature Overview, page 2 • Supported Platforms, page 45 • Supported Standards, MIBs, and RFCs, page 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for Cisco 2600 Series, Cisco...
User Guide
Page 2
... can be used as an uplink port to a server or as a stacking link to configure the 16- and 36-port Ethernet switch network modules support the following: • Layer 2 Ethernet Interfaces, page 2 • Switch Virtual Interfaces, page 5 • Routed Ports, page 5 • VLAN Trunk Protocol,...8226; EtherChannel, page 7 • 802.1x Port-Based Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number...
... can be used as an uplink port to a server or as a stacking link to configure the 16- and 36-port Ethernet switch network modules support the following: • Layer 2 Ethernet Interfaces, page 2 • Switch Virtual Interfaces, page 5 • Routed Ports, page 5 • VLAN Trunk Protocol,...8226; EtherChannel, page 7 • 802.1x Port-Based Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number...
User Guide
Page 3
...VLANs across an entire network and supports only one encapsulation on the switch represents a separate Ethernet segment, servers in a properly configured switched environment achieve full access to the address table. The switch uses an aging mechanism, defined by using the source address of ..., it was received. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 3 Building the Address Table The Ethernet switch network module builds the address table by a configurable aging timer; Note Default parameters on an Ethernet switch network module can configure a trunk on a ...
...VLANs across an entire network and supports only one encapsulation on the switch represents a separate Ethernet segment, servers in a properly configured switched environment achieve full access to the address table. The switch uses an aging mechanism, defined by using the source address of ..., it was received. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 3 Building the Address Table The Ethernet switch network module builds the address table by a configurable aging timer; Note Default parameters on an Ethernet switch network module can configure a trunk on a ...
User Guide
Page 4
... on the VLAN of the other end, spanning tree loops might result. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN trunk with the spanning tree instance of...
... on the VLAN of the other end, spanning tree loops might result. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN trunk with the spanning tree instance of...
User Guide
Page 5
... data frames on an ISL or 802.1Q encapsulated trunk or the VLAN ID configured for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of other switches in your network. 16- Additional SVIs must decide whether to use this number and the number of...
... data frames on an ISL or 802.1Q encapsulated trunk or the VLAN ID configured for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of other switches in your network. 16- Additional SVIs must decide whether to use this number and the number of...
User Guide
Page 6
... interface (CLI) or Simple Network Management Protocol (SNMP). VTP Advertisements Each switch in VTP advertisements: • VLAN IDs (801.Q) • VTP domain name • VTP configuration revision number • VLAN configuration, including maximum transmission unit (MTU) size for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management...
... interface (CLI) or Simple Network Management Protocol (SNMP). VTP Advertisements Each switch in VTP advertisements: • VLAN IDs (801.Q) • VTP domain name • VTP configuration revision number • VLAN configuration, including maximum transmission unit (MTU) size for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management...
User Guide
Page 7
The unrecognized TLV is saved in version 1: Unrecognized Type-Length-Value (TLV) Support-A VTP server or client propagates configuration changes to its information is disabled by reducing part of six EtherChannels. Since only one of the links in the channel. If...in the NM-16ESW software, VTP version 2 forwards VTP messages in the domain enable VTP version 2 • The Cisco IOS end and Ctrl-Z commands are version 2-capable. EtherChannel load balancing can operate in a channel by default). • Do not enable VTP version 2 on the switch. All interfaces in each switch in the...
The unrecognized TLV is saved in version 1: Unrecognized Type-Length-Value (TLV) Support-A VTP server or client propagates configuration changes to its information is disabled by reducing part of six EtherChannels. Since only one of the links in the channel. If...in the NM-16ESW software, VTP version 2 forwards VTP messages in the domain enable VTP version 2 • The Cisco IOS end and Ctrl-Z commands are version 2-capable. EtherChannel load balancing can operate in a channel by default). • Do not enable VTP version 2 on the switch. All interfaces in each switch in the...
User Guide
Page 8
... on the same module. • Configure all interfaces in the EtherChannel. • An EtherChannel will not form if one of the remaining interfaces in an EtherChannel to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that...
... on the same module. • Configure all interfaces in the EtherChannel. • An EtherChannel will not form if one of the remaining interfaces in an EtherChannel to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that...
User Guide
Page 10
...When the client supplies its identity, the switch begins its identity (typically, the switch sends an initial identity/request frame followed by the client using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that ...authentication succeeds or fails. If the authentication succeeds, the switch port becomes authorized. For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by using the One...
...When the client supplies its identity, the switch begins its identity (typically, the switch sends an initial identity/request frame followed by the client using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that ...authentication succeeds or fails. If the authentication succeeds, the switch port becomes authorized. For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by using the One...
User Guide
Page 11
..., the client initiates the authentication process by sending the EAPOL-start frame is uniquely identified by the switch by using the dot1x port-control interface configuration command and these keywords: • force-authorized-disables 802.1x and causes the port to change ...to the unauthorized state. When no response is received, the port returns to the unauthorized state. The switch requests the identity of the client. If the link state of times. Cisco...
..., the client initiates the authentication process by sending the EAPOL-start frame is uniquely identified by the switch by using the dot1x port-control interface configuration command and these keywords: • force-authorized-disables 802.1x and causes the port to change ...to the unauthorized state. When no response is received, the port returns to the unauthorized state. The switch requests the identity of the client. If the link state of times. Cisco...
User Guide
Page 12
...authorized as soon as one active path can enable and disable STP on all switches in the network. Feature Overview 16- Spanning tree operation is transparent to configure the Spanning Tree Protocol (STP) on multiple Layer 2 interfaces. You can exist...switches do not manually disable STP). When the port is authenticated. In this topology, the wireless access point is configured as a client to function properly, only one client is authorized, all of an interface in the blocking state. The 802.1x port is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco...
...authorized as soon as one active path can enable and disable STP on all switches in the network. Feature Overview 16- Spanning tree operation is transparent to configure the Spanning Tree Protocol (STP) on multiple Layer 2 interfaces. You can exist...switches do not manually disable STP). When the port is authenticated. In this topology, the wireless access point is configured as a client to function properly, only one client is authorized, all of an interface in the blocking state. The 802.1x port is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco...
User Guide
Page 13
... on the path cost. • A designated bridge for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of a switched network is selected. When a switch receives a BPDU, it does not forward the frame but ...8226; The identifier of the transmitting port • Values for each switch sends configuration BPDUs to the root bridge. • Ports included in the spanning tree are placed in a switched network. This is the switch closest to the root bridge through which the frame is the logical ...
... on the path cost. • A designated bridge for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of a switched network is selected. When a switch receives a BPDU, it does not forward the frame but ...8226; The identifier of the transmitting port • Values for each switch sends configuration BPDUs to the root bridge. • Ports included in the spanning tree are placed in a switched network. This is the switch closest to the root bridge through which the frame is the logical ...
User Guide
Page 15
...expire, moves the Layer 2 interface to block frame forwarding as it should go to the forwarding or blocking state. and 36-Port Ethernet Switch Module for the forward delay timer to expire and then moves the Layer 2 interface to the forwarding state, where both learning and frame... forwarding are enabled. If properly configured, each Layer 2 interface stabilizes to the blocking state. 2. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 In the learning state, the Layer 2 interface continues to...
...expire, moves the Layer 2 interface to block frame forwarding as it should go to the forwarding or blocking state. and 36-Port Ethernet Switch Module for the forward delay timer to expire and then moves the Layer 2 interface to the forwarding state, where both learning and frame... forwarding are enabled. If properly configured, each Layer 2 interface stabilizes to the blocking state. 2. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 In the learning state, the Layer 2 interface continues to...
User Guide
Page 21
... the forwarding state and blocks other interfaces. You can view the default Spanning Tree configuration values. Cisco IOS software uses the port priority value when the interface is configured as an access port and uses VLAN port priority values when the interface is 00-e0-1e-9b-2e-00 to VLAN 2, and...02, and so forth. You can assign lower cost values to interfaces that you want spanning tree to select last. and 36-Port Ethernet Switch Module for all interfaces have the same priority value, spanning tree puts the interface with the first MAC address in the range assigned to VLAN...
... the forwarding state and blocks other interfaces. You can view the default Spanning Tree configuration values. Cisco IOS software uses the port priority value when the interface is configured as an access port and uses VLAN port priority values when the interface is 00-e0-1e-9b-2e-00 to VLAN 2, and...02, and so forth. You can assign lower cost values to interfaces that you want spanning tree to select last. and 36-Port Ethernet Switch Module for all interfaces have the same priority value, spanning tree puts the interface with the first MAC address in the range assigned to VLAN...
User Guide
Page 22
... are no link failures. Figure 10 BackboneFast Example Before Indirect Link Failure Switch A (Root) Switch B L1 L2 L3 Blocked port Switch C 44963 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 22 Feature Overview 16- and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-tree max-age global...
... are no link failures. Figure 10 BackboneFast Example Before Indirect Link Failure Switch A (Root) Switch B L1 L2 L3 Blocked port Switch C 44963 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 22 Feature Overview 16- and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-tree max-age global...
User Guide
Page 24
... that runs over Layer 2 (the data link layer) on one or more source interfaces can configure EtherChannel as a source interface. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Cisco Discovery Protocol Cisco Discovery Protocol (CDP) is an interface monitored for the SPAN session. CDP runs on the same...
... that runs over Layer 2 (the data link layer) on one or more source interfaces can configure EtherChannel as a source interface. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Cisco Discovery Protocol Cisco Discovery Protocol (CDP) is an interface monitored for the SPAN session. CDP runs on the same...
User Guide
Page 25
... occurred, in which are from the source interfaces. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 25 SPAN Traffic Network traffic, including multicast, can be replicated. • SPAN destinations never participate in any BPDUs seen on your Ethernet switch network module can be configured as access lists. For example, a bidirectional (both...
... occurred, in which are from the source interfaces. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 25 SPAN Traffic Network traffic, including multicast, can be replicated. • SPAN destinations never participate in any BPDUs seen on your Ethernet switch network module can be configured as access lists. For example, a bidirectional (both...
User Guide
Page 26
... (ACEs). ACLs can filter traffic as it passes through the switch could be forwarded, based on how the packet matches the entries in order to block inbound traffic. If you can use by one host to be configured to match the ACE. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26...
... (ACEs). ACLs can filter traffic as it passes through the switch could be forwarded, based on how the packet matches the entries in order to block inbound traffic. If you can use by one host to be configured to match the ACE. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26...
User Guide
Page 27
Some ACEs do test Layer 4 information cannot be applied to all Layer 4 information is present. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from ... Packet 88853 Handling Fragmented and Unfragmented Traffic IP packets can be applied in a fragmented IP packet. The remaining fragments also match the Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 27 ACEs that check the Layer 3 information in the examples, the eq ...
Some ACEs do test Layer 4 information cannot be applied to all Layer 4 information is present. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from ... Packet 88853 Handling Fragmented and Unfragmented Traffic IP packets can be applied in a fragmented IP packet. The remaining fragments also match the Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 27 ACEs that check the Layer 3 information in the examples, the eq ...
User Guide
Page 28
..., destination port number, or both at the same time.) - UDP (You can be specified.) - and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they do not contain the SMTP port information because the first ACE only checks Layer 3...are two types of interest on the IP subnet to perform an action. Understanding Access Control Parameters Before configuring ACLs on the network and resources of these masks can use any Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 28 There are missing Layer 4 information. •...
..., destination port number, or both at the same time.) - UDP (You can be specified.) - and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they do not contain the SMTP port information because the first ACE only checks Layer 3...are two types of interest on the IP subnet to perform an action. Understanding Access Control Parameters Before configuring ACLs on the network and resources of these masks can use any Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 28 There are missing Layer 4 information. •...