User Guide
Page 1
... Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. This feature module describes the 16- and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for the 16- and 36-Port Ethernet Switch Module for switch virtual interfaces (SVIs). Added switching software...12.2(2)XT 12.2(8)T 12.2(15)ZJ Modification This feature was integrated into Cisco IOS Release 12.2(8)T. and 36-Port Ethernet Switch Module, page 130 • Command Reference, page 157 • Glossary, page 242 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 1 16-...
... Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. This feature module describes the 16- and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for the 16- and 36-Port Ethernet Switch Module for switch virtual interfaces (SVIs). Added switching software...12.2(2)XT 12.2(8)T 12.2(15)ZJ Modification This feature was integrated into Cisco IOS Release 12.2(8)T. and 36-Port Ethernet Switch Module, page 130 • Command Reference, page 157 • Glossary, page 242 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 1 16-...
User Guide
Page 5
... VLAN interface for each VLAN for which the interface is necessary to configure an SVI for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of one interface to use this number and the number...impact on the device to which you wish to route between VLANs, fallback-bridge nonroutable protocols between this command to the switch. and 36-Port Ethernet Switch Module for a VLAN only when you want to the port, enable routing, and assign routing protocol ...
... VLAN interface for each VLAN for which the interface is necessary to configure an SVI for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of one interface to use this number and the number...impact on the device to which you wish to route between VLANs, fallback-bridge nonroutable protocols between this command to the switch. and 36-Port Ethernet Switch Module for a VLAN only when you want to the port, enable routing, and assign routing protocol ...
User Guide
Page 6
...VTP advertisements are received by neighboring switches, which update their trunk interfaces. VTP servers advertise their VLAN configuration to all trunk connections using either the command-line interface (CLI) or Simple Network Management Protocol (SNMP). The switch ignores advertisements with other configuration parameters...domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 A switch can create and modify VLANs but you configure the switch as necessary. If you cannot create, change is specified or ...
...VTP advertisements are received by neighboring switches, which update their trunk interfaces. VTP servers advertise their VLAN configuration to all trunk connections using either the command-line interface (CLI) or Simple Network Management Protocol (SNMP). The switch ignores advertisements with other configuration parameters...domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 A switch can create and modify VLANs but you configure the switch as necessary. If you cannot create, change is specified or ...
User Guide
Page 7
...VLAN database stored on internal flash is not able to all version 2-capable switches in the domain enable VTP version 2 • The Cisco IOS end and Ctrl-Z commands are performed only when you enable VTP version 2 on a switch, all EtherChannels configured on a received VTP message is correct, its other trunks...network, you must decide whether to use VTP in your network: • All switches in the frame to a numerical value that provides bandwidth of up to its information is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in the same VTP domain are not ...
...VLAN database stored on internal flash is not able to all version 2-capable switches in the domain enable VTP version 2 • The Cisco IOS end and Ctrl-Z commands are performed only when you enable VTP version 2 on a switch, all EtherChannels configured on a received VTP message is correct, its other trunks...network, you must decide whether to use VTP in your network: • All switches in the frame to a numerical value that provides bandwidth of up to its information is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in the same VTP domain are not ...
User Guide
Page 10
...page 11. Figure 2 shows a message exchange initiated by one or more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by using the One-Time-Password (OTP) authentication ...Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 10 When the client supplies its identity, the switch begins its identity (typically, the switch sends an initial identity/request frame followed by the client using the dot1x port-control auto interface configuration command, the switch...
...page 11. Figure 2 shows a message exchange initiated by one or more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by using the One-Time-Password (OTP) authentication ...Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 10 When the client supplies its identity, the switch begins its identity (typically, the switch sends an initial identity/request frame followed by the client using the dot1x port-control auto interface configuration command, the switch...
User Guide
Page 11
..., and network access is connected to authorized, and all traffic for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the authorized state. Supported Topologies The...the authentication server), the port state changes to an unauthorized 802.1x port, the switch requests the client's identity. If a client that is successfully authenticated, the port changes...You control the port authorization state by using the dot1x port-control interface configuration command and these keywords: • force-authorized-disables 802.1x and causes the ...
..., and network access is connected to authorized, and all traffic for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the authorized state. Supported Topologies The...the authentication server), the port state changes to an unauthorized 802.1x port, the switch requests the client's identity. If a client that is successfully authenticated, the port changes...You control the port authorization state by using the dot1x port-control interface configuration command and these keywords: • force-authorized-disables 802.1x and causes the ...
User Guide
Page 22
...blocking state (if they were in the blocking state. Figure 10 BackboneFast Example Before Indirect Link Failure Switch A (Root) Switch B L1 L2 L3 Blocked port Switch C 44963 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 22 An inferior BPDU identifies one or more...forwarding state. and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-tree max-age global configuration command. If the switch determines that connects directly to the root switch. Switch A, the root switch, connects directly to Switch B over link L1 and to ...
...blocking state (if they were in the blocking state. Figure 10 BackboneFast Example Before Indirect Link Failure Switch A (Root) Switch B L1 L2 L3 Blocked port Switch C 44963 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 22 An inferior BPDU identifies one or more...forwarding state. and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-tree max-age global configuration command. If the switch determines that connects directly to the root switch. Switch A, the root switch, connects directly to Switch B over link L1 and to ...
User Guide
Page 24
... ) applicable for network traffic analysis. The show monitor session SPAN session number command displays the operational status of the switch. Once an interface becomes an active destination interface, incoming traffic is an interface monitored for all Cisco routers, bridges, access servers, and switches. An interface configured as a destination interface cannot be configured as SPAN...
... ) applicable for network traffic analysis. The show monitor session SPAN session number command displays the operational status of the switch. Once an interface becomes an active destination interface, incoming traffic is an interface monitored for all Cisco routers, bridges, access servers, and switches. An interface configured as a destination interface cannot be configured as SPAN...
User Guide
Page 25
... a1 and gets switched to a2, both incoming and outgoing packets are sent to destination interface d1; SPAN Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring SPAN: • Enter the no monitor session session number command with no other parameters .... both copies network traffic received and transmitted by the source interfaces for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can belong to a destination interface d1. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 25 16- SPAN...
... a1 and gets switched to a2, both incoming and outgoing packets are sent to destination interface d1; SPAN Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring SPAN: • Enter the no monitor session session number command with no other parameters .... both copies network traffic received and transmitted by the source interfaces for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can belong to a destination interface d1. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 25 16- SPAN...
User Guide
Page 27
... match a fragment unless the fragment contains Layer 4 information. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with these commands, applied to test for the TCP-destination-port well-known numbers equaling Simple...
... match a fragment unless the fragment contains Layer 4 information. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with these commands, applied to test for the TCP-destination-port well-known numbers equaling Simple...
User Guide
Page 28
...not contain the SMTP port information because the first ACE only checks Layer 3 information when applied to fragments. (The information in the switch CLI commands, and output. The specific values associated with a given mask are no restrictions on the Telnet port. IP destination address (Specify ...Layer 4 fields. TCP (You can be a combination of the Access Control Parameters (ACPs). and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they do not match the second ACE because they are no restrictions on any ...
...not contain the SMTP port information because the first ACE only checks Layer 3 information when applied to fragments. (The information in the switch CLI commands, and output. The specific values associated with a given mask are no restrictions on the Telnet port. IP destination address (Specify ...Layer 4 fields. TCP (You can be a combination of the Access Control Parameters (ACPs). and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they do not match the second ACE because they are no restrictions on any ...
User Guide
Page 29
... 16- Guidelines for either security or quality of 23. The second ACE permits all the TCP packets coming from the host 10.1.1.1 with Cisco Catalyst switches. However, a system error message appears if ACLs with a destination TCP port number of service (QoS) but you can be attached to... the ip access-group interface command. • All ACEs in security ACLs. For example, a Layer 4 system-defined mask such as permit tcp any any ...
... 16- Guidelines for either security or quality of 23. The second ACE permits all the TCP packets coming from the host 10.1.1.1 with Cisco Catalyst switches. However, a system error message appears if ACLs with a destination TCP port number of service (QoS) but you can be attached to... the ip access-group interface command. • All ACEs in security ACLs. For example, a Layer 4 system-defined mask such as permit tcp any any ...
User Guide
Page 33
... part of a policy map. After a packet is shared among many ports. You create and name a policy map by using the policy-map global configuration command. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 33 Before a policy map can create another that uses the permit tcp any any ACE. - When... you enter this mode, you attach it ; To make the policy map effective, you define the match criterion for Configuring ACLs on the Ethernet Switch Network Module" section on page 34. You implement IP ACLs to classify, you have a class map that uses the permit ip any any ACE ...
... part of a policy map. After a packet is shared among many ports. You create and name a policy map by using the policy-map global configuration command. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 33 Before a policy map can create another that uses the permit tcp any any ACE. - When... you enter this mode, you attach it ; To make the policy map effective, you define the match criterion for Configuring ACLs on the Ethernet Switch Network Module" section on page 34. You implement IP ACLs to classify, you have a class map that uses the permit ip any any ACE ...
User Guide
Page 34
.... You can only be applied to take for each matched traffic class. The priority represented by using the policy-map configuration command. When configuring policing and policers, keep these marking options: • Use the port default. Granularity for the average burst rate is received,... the default port CoS value and classifies traffic based on ingress 10/100 Ethernet ports. - and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series A policy map also has these classification options: • Trust the IP DSCP in the incoming packet (...
.... You can only be applied to take for each matched traffic class. The priority represented by using the policy-map configuration command. When configuring policing and policers, keep these marking options: • Use the port default. Granularity for the average burst rate is received,... the default port CoS value and classifies traffic based on ingress 10/100 Ethernet ports. - and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series A policy map also has these classification options: • Trust the IP DSCP in the incoming packet (...
User Guide
Page 36
...any IGMP membership reports from the table entry. To learn pim-dvmrp interface command. Layer 2 multicast groups learned through IGMP snooping are deleted. However, you specify group membership for each port. Ethernet switch network modules support a maximum of 255 IP multicast groups and support both user...send join requests and are in the original leave message. Immediate-Leave processing ensures optimal bandwidth management for every IP multicast entry. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 36 All hosts interested in this port on PIM and DVMRP packets •...
...any IGMP membership reports from the table entry. To learn pim-dvmrp interface command. Layer 2 multicast groups learned through IGMP snooping are deleted. However, you specify group membership for each port. Ethernet switch network modules support a maximum of 255 IP multicast groups and support both user...send join requests and are in the original leave message. Immediate-Leave processing ensures optimal bandwidth management for every IP multicast entry. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 36 All hosts interested in this port on PIM and DVMRP packets •...
User Guide
Page 39
..., storm-control multicast, and storm-control unicast interface configuration commands to pass through. A threshold value of global storm-control. and 36-Port Ethernet Switch Module for broadcast, multicast, and unicast traffic. The switch supports global storm-control for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Global storm-control monitors incoming traffic...
..., storm-control multicast, and storm-control unicast interface configuration commands to pass through. A threshold value of global storm-control. and 36-Port Ethernet Switch Module for broadcast, multicast, and unicast traffic. The switch supports global storm-control for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Global storm-control monitors incoming traffic...
User Guide
Page 41
... receive desired when a remote port is set to delay sending packets for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Default Switch Configuration By default, the Ethernet switch network module provides the following settings with the set port flowcontrol command. If a buffer on , send off or receive desired. Enables a local port to...
... receive desired when a remote port is set to delay sending packets for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Default Switch Configuration By default, the Ethernet switch network module provides the following settings with the set port flowcontrol command. If a buffer on , send off or receive desired. Enables a local port to...
User Guide
Page 43
... • Interface ranges can be saved as macros. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 19 Fallback Bridging Network Example Cisco router with Ethernet switch network module Routed port 172.20.130.1 Host C 172.20.128.1 SVI 1 Host...and Firewall options • New broadband WAN options The Interface Range Specification feature makes configuration easier for these reasons: • Identical commands can be entered once for a range of VLANs Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 43
... • Interface ranges can be saved as macros. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 19 Fallback Bridging Network Example Cisco router with Ethernet switch network module Routed port 172.20.130.1 Host C 172.20.128.1 SVI 1 Host...and Firewall options • New broadband WAN options The Interface Range Specification feature makes configuration easier for these reasons: • Identical commands can be entered once for a range of VLANs Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 43
User Guide
Page 44
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series • Multi-VLAN ports Network Port • Shared STP instances • STP uplink fast for clusters • VLAN-based SPAN ...to these documents: • Cisco 2600 Series Software Configuration Guide • Cisco IOS Voice, Video, and Fax Configuration Guide, Release 12.2 • Cisco IOS Voice, Video, and Fax Command Reference, Release 12.2 For more information on Flow control, refer to the following document: • Configuring Gigabit Ethernet Switching Cisco IOS Release 12.2(2)XT, 12...
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series • Multi-VLAN ports Network Port • Shared STP instances • STP uplink fast for clusters • VLAN-based SPAN ...to these documents: • Cisco 2600 Series Software Configuration Guide • Cisco IOS Voice, Video, and Fax Configuration Guide, Release 12.2 • Cisco IOS Voice, Video, and Fax Command Reference, Release 12.2 For more information on Flow control, refer to the following document: • Configuring Gigabit Ethernet Switching Cisco IOS Release 12.2(2)XT, 12...
User Guide
Page 47
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks • Configuring Power Management on the Interface, page 98 • Configuring IP Multicast Layer 3 Switching, page 98 • Configuring IGMP Snooping, page 102 • Configuring...to be configured. • The space before or after the comma. • The interface range command only supports VLAN interfaces that are configured with the interface vlan command. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 47 interface}[, {{ethernet | fastethernet | ...
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks • Configuring Power Management on the Interface, page 98 • Configuring IP Multicast Layer 3 Switching, page 98 • Configuring IGMP Snooping, page 102 • Configuring...to be configured. • The space before or after the comma. • The interface range command only supports VLAN interfaces that are configured with the interface vlan command. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 47 interface}[, {{ethernet | fastethernet | ...