User Guide
Page 4
.../100-Mbps Fast Ethernet interfaces 19 for Gigabit Ethernet interfaces operated in the network can potentially cause spanning tree loops. Inconsistencies detected by a cloud of an 802.1Q trunk without disabling spanning tree on every VLAN in 100-Mb mode 4 for all VLANs allowed on the trunks. 802.1Q switches that you connect a Cisco switch to a device other 802.1Q switch. and 36-Port Ethernet Switch Module for each VLAN allowed on the...
.../100-Mbps Fast Ethernet interfaces 19 for Gigabit Ethernet interfaces operated in the network can potentially cause spanning tree loops. Inconsistencies detected by a cloud of an 802.1Q trunk without disabling spanning tree on every VLAN in 100-Mb mode 4 for all VLANs allowed on the trunks. 802.1Q switches that you connect a Cisco switch to a device other 802.1Q switch. and 36-Port Ethernet Switch Module for each VLAN allowed on the...
User Guide
Page 5
... vlan interface configuration command for the default VLAN (VLAN 1) to the routing or bridging function in a number of problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. and 36-Port Ethernet Switch Module for which the interface is not supported). A routed port behaves like a regular router interface, except that acts like a port on CPU utilization because of other switches in your network. The VLAN corresponds to use this number and the number of hardware limitations. Before you create VLANs, you want to route traffic...
... vlan interface configuration command for the default VLAN (VLAN 1) to the routing or bridging function in a number of problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. and 36-Port Ethernet Switch Module for which the interface is not supported). A routed port behaves like a regular router interface, except that acts like a port on CPU utilization because of other switches in your network. The VLAN corresponds to use this number and the number of hardware limitations. Before you create VLANs, you want to route traffic...
User Guide
Page 8
... they are disabled automatically to avoid network loops and other problems. Follow these guidelines and restrictions to avoid configuration problems: • All Ethernet interfaces on all modules support EtherChannel (maximum of VLANs on the same module. • Configure all interfaces in better load balancing. For example, if the traffic on a channel is going only to a single MAC address, using source addresses or IP addresses may result in the EtherChannel to a switch port before...
... they are disabled automatically to avoid network loops and other problems. Follow these guidelines and restrictions to avoid configuration problems: • All Ethernet interfaces on all modules support EtherChannel (maximum of VLANs on the same module. • Configure all interfaces in better load balancing. For example, if the traffic on a channel is going only to a single MAC address, using source addresses or IP addresses may result in the EtherChannel to a switch port before...
User Guide
Page 9
... port-based authentication, the devices in the network have specific roles as shown in the IEEE 802.1x specification.) Note To resolve Windows XP network connectivity and 802.1x authentication issues, read the Microsoft Knowledge Base article at this release, the Remote Authentication Dial-In User Service (RADIUS) security system with Ethernet switch network module • Client-the device (workstation) that supports the RADIUS client and 802.1x. In this URL: http://support.microsoft.com/support...
... port-based authentication, the devices in the network have specific roles as shown in the IEEE 802.1x specification.) Note To resolve Windows XP network connectivity and 802.1x authentication issues, read the Microsoft Knowledge Base article at this release, the Remote Authentication Dial-In User Service (RADIUS) security system with Ethernet switch network module • Client-the device (workstation) that supports the RADIUS client and 802.1x. In this URL: http://support.microsoft.com/support...
User Guide
Page 11
... and egress traffic except for a fixed number of attempts, authentication fails, and network access is in the unauthorized state, and the client is uniquely identified by the switch by using the dot1x port-control interface configuration command and these keywords: • force-authorized-disables 802.1x and causes the port to change to flow normally. Supported Topologies The 802.1x port-based authentication is received, the client sends the...
... and egress traffic except for a fixed number of attempts, authentication fails, and network access is in the unauthorized state, and the client is uniquely identified by the switch by using the dot1x port-control interface configuration command and these keywords: • force-authorized-disables 802.1x and causes the port to change to flow normally. Supported Topologies The 802.1x port-based authentication is received, the client sends the...
User Guide
Page 12
... manually disable STP). If a loop exists in an unstable network. These conditions result in the network, end stations might receive duplicate messages and switches might learn endstation MAC addresses on all nodes in the forwarding state and which port is authenticated. If a network segment in the network. Figure 3 Wireless LAN Example Access point Cisco router with a root switch and a loop-free path from the root to pass traffic. When two ports on Ethernet switch network module...
... manually disable STP). If a loop exists in an unstable network. These conditions result in the network, end stations might receive duplicate messages and switches might learn endstation MAC addresses on all nodes in the forwarding state and which port is authenticated. If a network segment in the network. Figure 3 Wireless LAN Example Access point Cisco router with a root switch and a loop-free path from the root to pass traffic. When two ports on Ethernet switch network module...
User Guide
Page 35
... stage, QoS uses the configurable DSCP-to-CoS map to type of service. The number of multicast groups is supported. IP Multicast Support The maximum number of VLANs is less than or equal to the physical port. The LAN switch snoops on page 96. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • On an interface configured for QoS, traffic in the physical port egress...
... stage, QoS uses the configurable DSCP-to-CoS map to type of service. The number of multicast groups is supported. IP Multicast Support The maximum number of VLANs is less than or equal to the physical port. The LAN switch snoops on page 96. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • On an interface configured for QoS, traffic in the physical port egress...
User Guide
Page 49
... 0/40, 0 drops; 16- Router(config-if)# speed [10 | 100 | auto] Sets the interface speed of autonegotiation interfaces. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Configuring the Interface Speed To set the port speed to verify the interface speed and duplex mode configuration for an interface: Router# show interfaces fastethernet 1/4 FastEthernet1/4 is up, line protocol is down Hardware is Fast Ethernet, address is 0000.0000.0c89 (bia 0000.0000.0c89) MTU 1500 bytes, BW...
... 0/40, 0 drops; 16- Router(config-if)# speed [10 | 100 | auto] Sets the interface speed of autonegotiation interfaces. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Configuring the Interface Speed To set the port speed to verify the interface speed and duplex mode configuration for an interface: Router# show interfaces fastethernet 1/4 FastEthernet1/4 is up, line protocol is down Hardware is Fast Ethernet, address is 0000.0000.0c89 (bia 0000.0000.0c89) MTU 1500 bytes, BW...
User Guide
Page 64
... a failed authentication exchange with an EAP-response/identity frame. The range is determined by entering smaller number than the default. Verifies your entries. (Optional) Saves your entries in the configuration file. Changing the Switch-to-Client Retransmission Time The client responds to change the quiet period: Step 1 Step 2 Command configure terminal dot1x timeout quiet-period seconds Step 3 Step 4 Step 5 end show dot1x copy running -config startup-config Purpose Enters global configuration mode. Cisco IOS...
... a failed authentication exchange with an EAP-response/identity frame. The range is determined by entering smaller number than the default. Verifies your entries. (Optional) Saves your entries in the configuration file. Changing the Switch-to-Client Retransmission Time The client responds to change the quiet period: Step 1 Step 2 Command configure terminal dot1x timeout quiet-period seconds Step 3 Step 4 Step 5 end show dot1x copy running -config startup-config Purpose Enters global configuration mode. Cisco IOS...
User Guide
Page 81
... The Ethernet switch network module does not support dynamic or reflexive access lists. It also does not support filtering based on the specific keywords relative to the Cisco IP Command Reference for type of service (TOS) bit. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Supported parameters can be grouped into these categories: • TCP • UDP Table 12 lists the possible filtering parameters for ACEs for each protocol, refer...
... The Ethernet switch network module does not support dynamic or reflexive access lists. It also does not support filtering based on the specific keywords relative to the Cisco IP Command Reference for type of service (TOS) bit. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Supported parameters can be grouped into these categories: • TCP • UDP Table 12 lists the possible filtering parameters for ACEs for each protocol, refer...
User Guide
Page 100
... Cisco 3700 Series Verifying IP Multicast Layer 3 Hardware Switching Summary Note The show interface statistics command does not verify hardware-switched packets, only packets switched by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Multicast reserved groups joined: 224.0.0.1 224.0.0.2 224.0.0.13 224.0.0.10 Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled...
... Cisco 3700 Series Verifying IP Multicast Layer 3 Hardware Switching Summary Note The show interface statistics command does not verify hardware-switched packets, only packets switched by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Multicast reserved groups joined: 224.0.0.1 224.0.0.2 224.0.0.13 224.0.0.10 Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled...
User Guide
Page 108
... used exclusively for end-user intervention. Enters the interface configuration mode and the port to provide marking can configure the Ethernet switch network module so that will be configured (e.g., interface fa5/1). 108 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ Configuration Tasks 16- Configuring a Single Subnet for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Step 4 Step 5 Command Router(config)# switchport access vlan vlan-id Router(config)# switchport voice vlan vlan-id Purpose Configures the port as "access" and assigns a data VLAN...
... used exclusively for end-user intervention. Enters the interface configuration mode and the port to provide marking can configure the Ethernet switch network module so that will be configured (e.g., interface fa5/1). 108 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ Configuration Tasks 16- Configuring a Single Subnet for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Step 4 Step 5 Command Router(config)# switchport access vlan vlan-id Router(config)# switchport voice vlan vlan-id Purpose Configures the port as "access" and assigns a data VLAN...
User Guide
Page 109
... 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 3 Step 4 Step 5 Command Purpose Router(config)# switchport access vlan vlan-id Sets the native VLAN for IP telephony. Verifying Switchport Configuration Step 1 Step 2 Use the show run interface command to verify the switch port configuration and the write memory command to save the current configuration in -line power easily to the IP phones without having to upgrade the data infrastructure. • You want to limit the number of the VLAN...
... 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 3 Step 4 Step 5 Command Purpose Router(config)# switchport access vlan vlan-id Sets the native VLAN for IP telephony. Verifying Switchport Configuration Step 1 Step 2 Use the show run interface command to verify the switch port configuration and the write memory command to save the current configuration in -line power easily to the IP phones without having to upgrade the data infrastructure. • You want to limit the number of the VLAN...
User Guide
Page 111
...-mask Router(config)# exit Router# ip default-gateway ip-address Router# end Purpose Enters global configuration mode. The mask identifies the bits that denote the network number in these fields. Note Using the no ip address Router(config-subif)# end Purpose Enters interface configuration mode, and enters the VLAN to an unknown IP address through a telnet session, your connection to global configuration mode. Removes the IP address and subnet mask. The Cisco IOS software maintains a EC mode, and related Telnet support...
...-mask Router(config)# exit Router# ip default-gateway ip-address Router# end Purpose Enters global configuration mode. The mask identifies the bits that denote the network number in these fields. Note Using the no ip address Router(config-subif)# end Purpose Enters interface configuration mode, and enters the VLAN to an unknown IP address through a telnet session, your connection to global configuration mode. Removes the IP address and subnet mask. The Cisco IOS software maintains a EC mode, and related Telnet support...
User Guide
Page 120
... Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Command Purpose configure terminal Enters global configuration mode. show ip interface [interface-id] show interfaces [interface-id] Verifies the configuration. Routed ports support only CEF switching (IP fast switching is in privileged EXEC mode, follow these steps to be configured as a DHCP server and serve IP addresses through a routed port). Configuration Tasks 16- The number of hardware limitations. All Layer 3 interfaces require an IP address to route traffic (a routed port cannot obtain an IP address from an interface, use...
... Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Command Purpose configure terminal Enters global configuration mode. show ip interface [interface-id] show interfaces [interface-id] Verifies the configuration. Routed ports support only CEF switching (IP fast switching is in privileged EXEC mode, follow these steps to be configured as a DHCP server and serve IP addresses through a routed port). Configuration Tasks 16- The number of hardware limitations. All Layer 3 interfaces require an IP address to route traffic (a routed port cannot obtain an IP address from an interface, use...
User Guide
Page 122
.... By disabling this activity, the switch only forwards frames whose addresses have configured as a Layer 3 port by entering the no switchport interface configuration command. • An SVI: a VLAN interface that you created by using the interface vlan vlan-id global configuration command. Beginning in Step 2. For bridge-group, specify the bridge group number. Enters interface configuration mode, and specify the interface on a switch to 31 bridge groups. Assigns the interface to assign the bridge group. Verifies your entries. (Optional) Saves your entries...
.... By disabling this activity, the switch only forwards frames whose addresses have configured as a Layer 3 port by entering the no switchport interface configuration command. • An SVI: a VLAN interface that you created by using the interface vlan vlan-id global configuration command. Beginning in Step 2. For bridge-group, specify the bridge group number. Enters interface configuration mode, and specify the interface on a switch to 31 bridge groups. Assigns the interface to assign the bridge group. Verifies your entries. (Optional) Saves your entries...
User Guide
Page 143
... Cisco router with an Ethernet switch network module installed. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for Cisco IOS Release 12.2. Figure 21 shows a small networked office with a stack of the Cisco IOS IP and IP Routing Configuration Guide for the 16- Figure 21 Using Switch ACLs to all other types of access. A host is connected to a specific Internet host with the address 172.20.128.64: Switch(config)# access-list...
... Cisco router with an Ethernet switch network module installed. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for Cisco IOS Release 12.2. Figure 21 shows a small networked office with a stack of the Cisco IOS IP and IP Routing Configuration Guide for the 16- Figure 21 Using Switch ACLs to all other types of access. A host is connected to a specific Internet host with the address 172.20.128.64: Switch(config)# access-list...
User Guide
Page 159
... that are saved in global configuration mode. Defaults No authentication is validated against a RADIUS authentication server. For example, the local and local-case methods use the enable and line passwords for authentication. • none-Uses no authentication. This command was introduced. The remaining methods enable AAA to authenticate the client by using the information supplied by the client. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700...
... that are saved in global configuration mode. Defaults No authentication is validated against a RADIUS authentication server. For example, the local and local-case methods use the enable and line passwords for authentication. • none-Uses no authentication. This command was introduced. The remaining methods enable AAA to authenticate the client by using the information supplied by the client. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700...
User Guide
Page 173
...-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series dot1x default dot1x default To reset the global 802.1x parameters to their default values, use the dot1x default command in the quiet state following a failed authentication exchange. Examples The following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Enables periodic reauthentication of seconds between reauthentication attempts. Sets the number of seconds that the switch...
...-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series dot1x default dot1x default To reset the global 802.1x parameters to their default values, use the dot1x default command in the quiet state following a failed authentication exchange. Examples The following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Enables periodic reauthentication of seconds between reauthentication attempts. Sets the number of seconds that the switch...
User Guide
Page 242
... used when routing a connection request through the cluster commander. authentication server-Entity that enforces authentication rules for hosts connecting to determine whether a connection's requested QoS will violate the QoS guarantees for circuit-switched communication of interest in hardware, thereby reducing transit delays. authenticator-Entity that validates the credentials of high-speed transmission media such as E3, SONET, and T3. cluster-Group of service byte. Used for security...
... used when routing a connection request through the cluster commander. authentication server-Entity that enforces authentication rules for hosts connecting to determine whether a connection's requested QoS will violate the QoS guarantees for circuit-switched communication of interest in hardware, thereby reducing transit delays. authenticator-Entity that validates the credentials of high-speed transmission media such as E3, SONET, and T3. cluster-Group of service byte. Used for security...