User Guide
Page 2
...page 5 • EtherChannel, page 7 • 802.1x Port-Based Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the...The 16- The 16-port Ethernet switch network module has 16 10/100BASE-TX ports and an optional 10/100/1000BASE-T Gigabit Ethernet port. The 36-port Ethernet switch network module requires a double-wide slot. The gigabit Ethernet can be used as an uplink port to a ...
...page 5 • EtherChannel, page 7 • 802.1x Port-Based Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the...The 16- The 16-port Ethernet switch network module has 16 10/100BASE-TX ports and an optional 10/100/1000BASE-T Gigabit Ethernet port. The 36-port Ethernet switch network module requires a double-wide slot. The gigabit Ethernet can be used as an uplink port to a ...
User Guide
Page 3
... EtherChannel, see the "Configuring Layer 2 EtherChannels (Port-Channel Logical Interfaces)" section on an EtherChannel bundle. The switch uses an aging mechanism, defined by using the source address of the same virtual local area network (VLAN) except the interface that each device (for ...that uses a significant level of bandwidth, the network performance of users by all other stations attached to the hub is a point-to all interfaces. When the switch receives a frame for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network ...
... EtherChannel, see the "Configuring Layer 2 EtherChannels (Port-Channel Logical Interfaces)" section on an EtherChannel bundle. The switch uses an aging mechanism, defined by using the source address of the same virtual local area network (VLAN) except the interface that each device (for ...that uses a significant level of bandwidth, the network performance of users by all other stations attached to the hub is a point-to all interfaces. When the switch receives a frame for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network ...
User Guide
Page 5
...a router; You can result in the system. Configure a VLAN interface for each VLAN for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of VLANs within a VTP domain. Then assign an ...IP address to which you must be connected to use this number and the number of hardware ...
...a router; You can result in the system. Configure a VLAN interface for each VLAN for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of VLANs within a VTP domain. Then assign an ...IP address to which you must be connected to use this number and the number of hardware ...
User Guide
Page 6
... update their VLAN configuration with other configuration parameters (such as VTP transparent, you configure the switch as VTP version) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is specified or learned. VTP maps...name • VTP configuration revision number • VLAN configuration, including maximum transmission unit (MTU) size for the domain using IEEE 802.1Q encapsulation. A switch can create and modify VLANs but you cannot create, change is distributed in one and only one of one or more ...
... update their VLAN configuration with other configuration parameters (such as VTP transparent, you configure the switch as VTP version) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is specified or learned. VTP maps...name • VTP configuration revision number • VLAN configuration, including maximum transmission unit (MTU) size for the domain using IEEE 802.1Q encapsulation. A switch can create and modify VLANs but you cannot create, change is distributed in one and only one of one or more ...
User Guide
Page 7
... logical link that provides bandwidth of six EtherChannels. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you use VTP in your network: • All switches in a VTP domain must run the same VTP version. • ... from the addresses in the channel. The unrecognized TLV is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in VLAN database mode. • The VLAN database stored on the switch. Load Balancing EtherChannel balances traffic load across the links in a channel by...
... logical link that provides bandwidth of six EtherChannels. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you use VTP in your network: • All switches in a VTP domain must run the same VTP version. • ... from the addresses in the channel. The unrecognized TLV is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in VLAN database mode. • The VLAN database stored on the switch. Load Balancing EtherChannel balances traffic load across the links in a channel by...
User Guide
Page 8
...-based authentication to prevent unauthorized devices (clients) from connecting to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that restricts unauthorized devices from gaining access to the same ... you shut down an interface in the channel; Setting different STP port path costs does not, by the switch or the LAN. Feature Overview 16- using the destination MAC address always chooses the same link in an EtherChannel, it is treated as a link failure...
...-based authentication to prevent unauthorized devices (clients) from connecting to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that restricts unauthorized devices from gaining access to the same ... you shut down an interface in the channel; Setting different STP port path costs does not, by the switch or the LAN. Feature Overview 16- using the destination MAC address always chooses the same link in an EtherChannel, it is treated as a link failure...
User Guide
Page 10
...link state changes from down to up. For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by using the One-Time-Password (OTP) authentication method with a RADIUS ...server. Figure 2 Client Message Exchange Cisco router with an EAP-response/identity frame. Feature Overview 16- If...
...link state changes from down to up. For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by using the One-Time-Password (OTP) authentication method with a RADIUS ...server. Figure 2 Client Message Exchange Cisco router with an EAP-response/identity frame. Feature Overview 16- If...
User Guide
Page 11
... the authentication server cannot be retried. When a client logs off, it sends an EAPOL-logoff message, causing the switch port to change to authorized, and all attempts by using the client's MAC address. If a client leaves or is successfully authenticated (receives an Accept frame from the authentication ... up to down , and the port returns to the network. In this state, the port disallows all traffic for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, and the client is granted access to authenticate. 16- and 36...
... the authentication server cannot be retried. When a client logs off, it sends an EAPOL-logoff message, causing the switch port to change to authorized, and all attempts by using the client's MAC address. If a client leaves or is successfully authenticated (receives an Accept frame from the authentication ... up to down , and the port returns to the network. In this state, the port disallows all traffic for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, and the client is granted access to authenticate. 16- and 36...
User Guide
Page 12
...RADIUS) 88850 Wireless client Spanning Tree Protocol This section describes how to all switches in a wireless LAN. When two ports on Ethernet switch network module systems. Spanning tree is to pass traffic. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 These conditions ...segment in the forwarding state and which cannot detect whether they are granted access to all of the attached clients. The Ethernet switch network module uses STP (the IEEE 802.1D bridge protocol) on multiple Layer 2 interfaces. Spanning tree operation is transparent to end stations, which...
...RADIUS) 88850 Wireless client Spanning Tree Protocol This section describes how to all switches in a wireless LAN. When two ports on Ethernet switch network module systems. Spanning tree is to pass traffic. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 These conditions ...segment in the forwarding state and which cannot detect whether they are granted access to all of the attached clients. The Ethernet switch network module uses STP (the IEEE 802.1D bridge protocol) on multiple Layer 2 interfaces. Spanning tree operation is transparent to end stations, which...
User Guide
Page 13
...best path from the root switch, and each LAN segment is selected. The spanning tree root switch is determined by the following : • One switch is elected as the root port and designated port for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview ...root bridge • The port identifier (port priority and MAC address) associated with each switch based on which frames is forwarded to communicate and compute the spanning tree topology. Spanning tree uses this information to calculate a BPDU, and, if the topology changes, initiate a BPDU ...
...best path from the root switch, and each LAN segment is selected. The spanning tree root switch is determined by the following : • One switch is elected as the root port and designated port for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview ...root bridge • The port identifier (port priority and MAC address) associated with each switch based on which frames is forwarded to communicate and compute the spanning tree topology. Spanning tree uses this information to calculate a BPDU, and, if the topology changes, initiate a BPDU ...
User Guide
Page 14
... when protocol information passes through a switched LAN. Ports must allow the frame lifetime to expire for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that have been forwarded using spanning tree exists in one of time... protocol information received on a switch using the old topology. Each Layer 2 interface...
... when protocol information passes through a switched LAN. Ports must allow the frame lifetime to expire for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that have been forwarded using spanning tree exists in one of time... protocol information received on a switch using the old topology. Each Layer 2 interface...
User Guide
Page 20
Table 3 Number of VLANs Allowed by Platform Platform Cisco 3640 or higher Cisco 3620 Cisco 2600 Maximum number of MAC addresses that are used as follows: • Discards frames received from the attached segment. • Discards frames switched from another Layer 2 interface for forwarding. • Does not... the number of VLANs allowed for the VLAN spanning trees. Feature Overview 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer 2 interface in the disabled state does not participate in frame forwarding or...
Table 3 Number of VLANs Allowed by Platform Platform Cisco 3640 or higher Cisco 3620 Cisco 2600 Maximum number of MAC addresses that are used as follows: • Discards frames received from the attached segment. • Discards frames switched from another Layer 2 interface for forwarding. • Does not... the number of VLANs allowed for the VLAN spanning trees. Feature Overview 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer 2 interface in the disabled state does not participate in frame forwarding or...
User Guide
Page 21
...want spanning tree to select first, and lower priority values to interfaces that you want spanning tree to put into the forwarding state. Cisco IOS software uses the port priority value when the interface is configured as Layer 2 trunk ports) Ethernet: 10 Hello time 2 seconds Forward delay time... 15 seconds Maximum aging time 20 seconds Spanning Tree Port Priority In the event of an interface. 16- and 36-Port Ethernet Switch Module...
...want spanning tree to select first, and lower priority values to interfaces that you want spanning tree to put into the forwarding state. Cisco IOS software uses the port priority value when the interface is configured as Layer 2 trunk ports) Ethernet: 10 Hello time 2 seconds Forward delay time... 15 seconds Maximum aging time 20 seconds Spanning Tree Port Priority In the event of an interface. 16- and 36-Port Ethernet Switch Module...
User Guide
Page 22
... switch. The switch tries to determine if it uses these alternate paths to expire. If the switch determines that a link to 65535 (the default is in the blocking state. Switch A, the root switch, connects directly to Switch B over link L1 and to the root switch). Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco...
... switch. The switch tries to determine if it uses these alternate paths to expire. If the switch determines that a link to 65535 (the default is in the blocking state. Switch A, the root switch, connects directly to Switch B over link L1 and to the root switch). Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco...
User Guide
Page 24
...-time information, which it . When enabled, a SPAN session might become active or inactive based on all Cisco routers, bridges, access servers, and switches. You can have one or more source interfaces can configure EtherChannel as a source interface. You can receive ...of a SPAN session. Destination Interface A destination interface (also called a monitor interface) is operational. You configure SPAN sessions using parameters that are source interfaces for all interfaces in any traffic except that support Subnetwork Access Protocol (SNAP). EtherChannel interfaces cannot...
...-time information, which it . When enabled, a SPAN session might become active or inactive based on all Cisco routers, bridges, access servers, and switches. You can have one or more source interfaces can configure EtherChannel as a source interface. You can receive ...of a SPAN session. Destination Interface A destination interface (also called a monitor interface) is operational. You configure SPAN sessions using parameters that are source interfaces for all interfaces in any traffic except that support Subnetwork Access Protocol (SNAP). EtherChannel interfaces cannot...
User Guide
Page 25
...BPDU packets will not be configured as access lists. Note Monitoring of the same source packet are sent to the destination interface. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 25 In some SPAN configurations, multiple copies of VLANs is configured for sources...single SPAN session. • You cannot configure a SPAN destination interface to receive ingress traffic. • When enabled, SPAN uses any BPDUs seen on your Ethernet switch network module can belong to clear the SPAN session number. • EtherChannel interfaces can be run at the destination interface. ...
...BPDU packets will not be configured as access lists. Note Monitoring of the same source packet are sent to the destination interface. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 25 In some SPAN configurations, multiple copies of VLANs is configured for sources...single SPAN session. • You cannot configure a SPAN destination interface to receive ingress traffic. • When enabled, SPAN uses any BPDUs seen on your Ethernet switch network module can belong to clear the SPAN session number. • EtherChannel interfaces can be run at the destination interface. ...
User Guide
Page 26
... features configured on the inbound direction. • Standard IP access lists use source addresses for matching operations. In Figure 13, ACLs applied at switch interfaces. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26 The first match determines whether the switch accepts or rejects the packet. For example, you can filter traffic...
... features configured on the inbound direction. • Standard IP access lists use source addresses for matching operations. In Figure 13, ACLs applied at switch interfaces. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26 The first match determines whether the switch accepts or rejects the packet. For example, you can filter traffic...
User Guide
Page 27
..., the eq keyword after the destination address means to test for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with these commands, applied to match the fragment regardless of ..., UDP, and so on . 16- If this packet is present. When this information. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from host 10.2.2.2,...
..., the eq keyword after the destination address means to test for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with these commands, applied to match the fragment regardless of ..., UDP, and so on . 16- If this packet is present. When this information. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from host 10.2.2.2,...
User Guide
Page 28
... masks can be a combination of the Access Control Parameters (ACPs). There are no restrictions on the Ethernet switch network module, you want to host 10.1.1.3, port FTP. The remaining fragments in the packet do not contain...flow, or specify a user-defined subnet. Feature Overview 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they are defined by the user. • System... port number, or both at the same time.) Note A mask can use any Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 28
... masks can be a combination of the Access Control Parameters (ACPs). There are no restrictions on the Ethernet switch network module, you want to host 10.1.1.3, port FTP. The remaining fragments in the packet do not contain...flow, or specify a user-defined subnet. Feature Overview 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they are defined by the user. • System... port number, or both at the same time.) Note A mask can use any Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 28
User Guide
Page 29
... from the host 20.1.1.1 with Cisco Catalyst switches. Without QoS, the switch offers best-effort service to ACL filters: • Only one type of user-defined mask is allowed, but cannot be used for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note In...user-defined mask. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 29 The following example shows the same mask in an ACL must have different rules that use the same mask; These can be defined for ACL configurations on your Ethernet switch network module. However...
... from the host 20.1.1.1 with Cisco Catalyst switches. Without QoS, the switch offers best-effort service to ACL filters: • Only one type of user-defined mask is allowed, but cannot be used for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note In...user-defined mask. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 29 The following example shows the same mask in an ACL must have different rules that use the same mask; These can be defined for ACL configurations on your Ethernet switch network module. However...