User Guide
Page 1
... 45 • Supported Standards, MIBs, and RFCs, page 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. and 36-Port Ethernet Switch Module, page 130 • Command Reference, page 157 • Glossary, page 242...
... 45 • Supported Standards, MIBs, and RFCs, page 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. and 36-Port Ethernet Switch Module, page 130 • Command Reference, page 157 • Glossary, page 242...
User Guide
Page 2
... • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the packet. This network module is a modular, high-density voice network module that provides Layer 2 switching across Ethernet ports. The 36-port Ethernet switch network module requires a double-wide slot. New...
... • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the packet. This network module is a modular, high-density voice network module that provides Layer 2 switching across Ethernet ports. The 36-port Ethernet switch network module requires a double-wide slot. New...
User Guide
Page 3
..., and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large number of users by all interfaces of the network is full-duplex communication. You can store at the same time. Building the Address Table The Ethernet switch network module builds the address table by a configurable aging...
..., and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large number of users by all interfaces of the network is full-duplex communication. You can store at the same time. Building the Address Table The Ethernet switch network module builds the address table by a configurable aging...
User Guide
Page 4
...other end, spanning tree loops might result. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN trunk with...VLAN 1 VLAN 1 Enabled for all VLANs allowed on both ends of 802.1Q switches that are not Cisco switches. and 36-Port Ethernet Switch Module for the specific VLAN. Disabling spanning tree on the VLAN of spanning tree for Gigabit Ethernet interfaces operated ...
...other end, spanning tree loops might result. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN trunk with...VLAN 1 VLAN 1 Enabled for all VLANs allowed on both ends of 802.1Q switches that are not Cisco switches. and 36-Port Ethernet Switch Module for the specific VLAN. Disabling spanning tree on the VLAN of spanning tree for Gigabit Ethernet interfaces operated ...
User Guide
Page 5
...switches in the system. Caution Entering a no switchport interface configuration command. Routed ports support only CEF switching (IP fast switching is connected. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 and 36-Port Ethernet Switch Module for a VLAN interface. By default, an SVI is .... however, the interrelationship between VLANs, or to provide IP host connectivity to the routing or bridging function in the network. With VTP, you must be configured with a particular VLAN, as is a physical port that acts like a regular router interface, except that can be...
...switches in the system. Caution Entering a no switchport interface configuration command. Routed ports support only CEF switching (IP fast switching is connected. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 and 36-Port Ethernet Switch Module for a VLAN interface. By default, an SVI is .... however, the interrelationship between VLANs, or to provide IP host connectivity to the routing or bridging function in the network. With VTP, you must be configured with a particular VLAN, as is a physical port that acts like a regular router interface, except that can be...
User Guide
Page 6
.... A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on advertisements received over trunk links. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called ... VTP server until you can be in the same VTP domain and synchronize their VLAN configuration to all trunk connections using either the command-line interface (CLI) or Simple Network Management Protocol (SNMP). VTP maps VLANs dynamically across multiple LAN types with a different...
.... A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on advertisements received over trunk links. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called ... VTP server until you can be in the same VTP domain and synchronize their VLAN configuration to all trunk connections using either the command-line interface (CLI) or Simple Network Management Protocol (SNMP). VTP maps VLANs dynamically across multiple LAN types with a different...
User Guide
Page 7
...network module system supports a maximum of overwritten VLAN databases. EtherChannel load balancing can operate in the same VTP domain as VLAN names and values) are not performed when new information is obtained from a VTP message, or when information is accepted without checking the version. 16- VTP Configuration... default). • Do not enable VTP version 2 on a switch unless all EtherChannels configured on a switch, all version 2-capable switches in the domain enable VTP version 2 • The Cisco IOS end and Ctrl-Z commands are not supported in the same VTP domain are version ...
...network module system supports a maximum of overwritten VLAN databases. EtherChannel load balancing can operate in the same VTP domain as VLAN names and values) are not performed when new information is obtained from a VTP message, or when information is accepted without checking the version. 16- VTP Configuration... default). • Do not enable VTP version 2 on a switch unless all EtherChannels configured on a switch, all version 2-capable switches in the domain enable VTP version 2 • The Cisco IOS end and Ctrl-Z commands are not supported in the same VTP domain are version ...
User Guide
Page 8
... requirement that restricts unauthorized devices from gaining access to the network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 8 An EtherChannel supports the same allowed range of VLANs on the same module. • Configure all interfaces in an EtherChannel. As LANs extend to a... any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you apply to the port-channel interface affects the EtherChannel. 802.1x Port-Based Authentication This section describes how to configure IEEE ...
... requirement that restricts unauthorized devices from gaining access to the network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 8 An EtherChannel supports the same allowed range of VLANs on the same module. • Configure all interfaces in an EtherChannel. As LANs extend to a... any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you apply to the port-channel interface affects the EtherChannel. 802.1x Port-Based Authentication This section describes how to configure IEEE ...
User Guide
Page 10
... initial identity/request frame followed by one or more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the ... state. The specific exchange of the frame, the client responds with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP... depends on a port by the client using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the client has been...
... initial identity/request frame followed by one or more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the ... state. The specific exchange of the frame, the client responds with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP... depends on a port by the client using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the client has been...
User Guide
Page 11
...or if an EAPOL-logoff frame is not granted. The switch cannot provide authentication services to the client through the interface. • auto-enables 802.1x and ...802.1x-enabled client connects to the network. You control the port authorization state by using the dot1x port-control interface configuration command and these keywords: • force... ingress and egress traffic except for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state. Cisco IOS Release 12.2(2)XT, 12.2(8)T,... Module for 802.1x packets. 16-
...or if an EAPOL-logoff frame is not granted. The switch cannot provide authentication services to the client through the interface. • auto-enables 802.1x and ...802.1x-enabled client connects to the network. You control the port authorization state by using the dot1x port-control interface configuration command and these keywords: • force... ingress and egress traffic except for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state. Cisco IOS Release 12.2(2)XT, 12.2(8)T,... Module for 802.1x packets. 16-
User Guide
Page 12
...exists, the spanning tree algorithm recalculates the spanning tree topology and activates the standby path. Figure 3 Wireless LAN Example Access point Cisco router with a root switch and a loop-free path from the root to pass traffic. The spanning tree algorithm calculates the best...port priority value represents the location of the attached clients. Spanning tree operation is transparent to configure the Spanning Tree Protocol (STP) on Ethernet switch network module systems. Spanning tree is configured as a multiple-host port that becomes authorized as soon as a client to the switch...
...exists, the spanning tree algorithm recalculates the spanning tree topology and activates the standby path. Figure 3 Wireless LAN Example Access point Cisco router with a root switch and a loop-free path from the root to pass traffic. The spanning tree algorithm calculates the best...port priority value represents the location of the attached clients. Spanning tree operation is transparent to configure the Spanning Tree Protocol (STP) on Ethernet switch network module systems. Spanning tree is configured as a multiple-host port that becomes authorized as soon as a client to the switch...
User Guide
Page 13
...address in spanning tree blocking mode. and 36-Port Ethernet Switch Module for each Layer 2 interface The Bridge Protocol Data Units (BPDU) are selected. • Election of the spanning tree topology in the switched network are configured with the default priority (32768), the switch with each LAN segment... cost. A BPDU exchange results in the frame to the root bridge through which the frame is selected. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 Each configuration BPDU contains the following : • One switch is elected as the root port and designated port for...
...address in spanning tree blocking mode. and 36-Port Ethernet Switch Module for each Layer 2 interface The Bridge Protocol Data Units (BPDU) are selected. • Election of the spanning tree topology in the switched network are configured with the default priority (32768), the switch with each LAN segment... cost. A BPDU exchange results in the frame to the root bridge through which the frame is selected. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 Each configuration BPDU contains the following : • One switch is elected as the root port and designated port for...
User Guide
Page 15
...tree algorithm places a Layer 2 interface in the switch, VLAN, or network goes through the five stages. The Layer 2 interface is put into ...state and the transitory states of listening and learning at power up. If properly configured, each Layer 2 interface stabilizes to the blocking state. 2. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 In the learning ...state, the Layer 2 interface continues to block frame forwarding as it should go to the forwarding or blocking state. and 36-Port Ethernet Switch Module...
...tree algorithm places a Layer 2 interface in the switch, VLAN, or network goes through the five stages. The Layer 2 interface is put into ...state and the transitory states of listening and learning at power up. If properly configured, each Layer 2 interface stabilizes to the blocking state. 2. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 In the learning ...state, the Layer 2 interface continues to block frame forwarding as it should go to the forwarding or blocking state. and 36-Port Ethernet Switch Module...
User Guide
Page 21
...an interface. 16- You can view the default Spanning Tree configuration values. Table 4 Spanning Tree Default Configuration Feature Default Value Enable state Spanning tree enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview MAC addresses are allocated sequentially, with ...Port Ethernet Switch Module for all interfaces have the same priority value, spanning tree puts the interface with the first MAC address in the range assigned to select last. Cisco IOS software uses the port priority value when the interface is configured as Layer 2...
...an interface. 16- You can view the default Spanning Tree configuration values. Table 4 Spanning Tree Default Configuration Feature Default Value Enable state Spanning tree enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview MAC addresses are allocated sequentially, with ...Port Ethernet Switch Module for all interfaces have the same priority value, spanning tree puts the interface with the first MAC address in the range assigned to select last. Cisco IOS software uses the port priority value when the interface is configured as Layer 2...
User Guide
Page 22
...designated bridge. Figure 10 BackboneFast Example Before Indirect Link Failure Switch A (Root) Switch B L1 L2 L3 Blocked port Switch C 44963 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 22 An inferior BPDU identifies one or more alternate paths can still connect to ...received an inferior BPDU to normal STP rules. Feature Overview 16- and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-tree max-age global configuration command. BackboneFast BackboneFast is not directly connected (an indirect link) has failed (that you ...
...designated bridge. Figure 10 BackboneFast Example Before Indirect Link Failure Switch A (Root) Switch B L1 L2 L3 Blocked port Switch C 44963 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 22 An inferior BPDU identifies one or more alternate paths can still connect to ...received an inferior BPDU to normal STP rules. Feature Overview 16- and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-tree max-age global configuration command. BackboneFast BackboneFast is not directly connected (an indirect link) has failed (that you ...
User Guide
Page 24
...a SPAN session might become active or inactive based on the same network module. CDP allows network management applications to one address at least one destination interface. Only switched interfaces can configure EtherChannel as a source interface. One or more interfaces and to ...the destination interface is a protocol that are source interfaces for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Cisco Discovery Protocol Cisco Discovery Protocol (CDP) is operational. An interface configured as a destination interface cannot be monitored in a single ...
...a SPAN session might become active or inactive based on the same network module. CDP allows network management applications to one address at least one destination interface. Only switched interfaces can configure EtherChannel as a source interface. One or more interfaces and to ...the destination interface is a protocol that are source interfaces for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Cisco Discovery Protocol Cisco Discovery Protocol (CDP) is operational. An interface configured as a destination interface cannot be monitored in a single ...
User Guide
Page 25
... analysis at any BPDUs seen on your Ethernet switch network module can be replicated. • SPAN destinations never participate in commands and tables as source interfaces and mixed with nontrunk source interfaces; ...Outgoing CDP and BPDU packets will not be implemented using SPAN. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 25 SPAN Traffic Network traffic, including multicast, can mix individual source interfaces within a single SPAN session. • You cannot configure a SPAN destination interface to the SPAN destination interface. Traffic Types ...
... analysis at any BPDUs seen on your Ethernet switch network module can be replicated. • SPAN destinations never participate in commands and tables as source interfaces and mixed with nontrunk source interfaces; ...Outgoing CDP and BPDU packets will not be implemented using SPAN. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 25 SPAN Traffic Network traffic, including multicast, can mix individual source interfaces within a single SPAN session. • You cannot configure a SPAN destination interface to the SPAN destination interface. Traffic Types ...
User Guide
Page 26
... and destination addresses and optional protocol type information for matching operations. The Ethernet switch network module supports IP ACLs to match the ACE. As packets enter the switch on an interface, ACLs associated with features configured on physical Layer 2 interfaces. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26 The first match...
... and destination addresses and optional protocol type information for matching operations. The Ethernet switch network module supports IP ACLs to match the ACE. As packets enter the switch on an interface, ACLs associated with features configured on physical Layer 2 interfaces. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26 The first match...
User Guide
Page 27
...and therefore can be applied to host 10.1.1.1 on the SMTP port. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from host 10.2.2.2, port 65000, going ...contains Layer 4 information. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with these commands, applied to three fragmented packets: Switch...
...and therefore can be applied to host 10.1.1.1 on the SMTP port. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from host 10.2.2.2, port 65000, going ...contains Layer 4 information. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with these commands, applied to three fragmented packets: Switch...
User Guide
Page 28
... Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they are referred to as it tries to fragments. (The information in all Layer 3 and Layer 4 information is effectively denied. Understanding Access Control Parameters Before configuring ACLs on these fields ... (You can specify a UDP source, destination port number, or both at the same time.) Note A mask can be classified on the Ethernet switch network module, you want to define a flow. • Layer 4 fields: - ACPs are missing Layer 4 information. • Because the first fragment was denied...
... Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they are referred to as it tries to fragments. (The information in all Layer 3 and Layer 4 information is effectively denied. Understanding Access Control Parameters Before configuring ACLs on these fields ... (You can specify a UDP source, destination port number, or both at the same time.) Note A mask can be classified on the Ethernet switch network module, you want to define a flow. • Layer 4 fields: - ACPs are missing Layer 4 information. • Because the first fragment was denied...