User Guide
Page 1
... Series Feature History Release 12.2(2)XT 12.2(8)T 12.2(15)ZJ Modification This feature was integrated into Cisco IOS Release 12.2(8)T. 16- and 36-Port Ethernet Switch Module for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. Added switching software enhancements: IEEE 802.1x, QoS (including Layer 2/Layer 3 CoS...
... Series Feature History Release 12.2(2)XT 12.2(8)T 12.2(15)ZJ Modification This feature was integrated into Cisco IOS Release 12.2(8)T. 16- and 36-Port Ethernet Switch Module for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. Added switching software enhancements: IEEE 802.1x, QoS (including Layer 2/Layer 3 CoS...
User Guide
Page 2
...; Ethernet Switching in the same system. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 2 Feature Overview 16- and 36-Port Ethernet Switch Module for IP telephones. The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. The 16-port Ethernet switch network module has 16 10/100BASE-TX ports...
...; Ethernet Switching in the same system. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 2 Feature Overview 16- and 36-Port Ethernet Switch Module for IP telephones. The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. The 16-port Ethernet switch network module has 16 10/100BASE-TX ports...
User Guide
Page 3
...address entries without flooding to the bandwidth. On a typical Ethernet hub, all interfaces of the same virtual local area network (VLAN) except the interface that each device (for a destination address not listed in its own 10-, 100-,...network module solves congestion problems caused by high-bandwidth devices and a large number of the network is an industry-standard trunking encapsulation. Note Default parameters on page 56. VLAN Trunks A trunk is full-duplex communication. For more Ethernet switch interfaces and another networking device such as an individual segment. Cisco IOS...
...address entries without flooding to the bandwidth. On a typical Ethernet hub, all interfaces of the same virtual local area network (VLAN) except the interface that each device (for a destination address not listed in its own 10-, 100-,...network module solves congestion problems caused by high-bandwidth devices and a large number of the network is an industry-standard trunking encapsulation. Note Default parameters on page 56. VLAN Trunks A trunk is full-duplex communication. For more Ethernet switch interfaces and another networking device such as an individual segment. Cisco IOS...
User Guide
Page 4
... that your network is . Cisco recommends that you connect a Cisco switch to a device other than a Cisco device through 802.1Q trunks, the switches maintain one instance of spanning tree for each VLAN is different from the VLAN on both ends of what the connected port mode is loop-free before disabling spanning tree. Cisco IOS Release...
... that your network is . Cisco recommends that you connect a Cisco switch to a device other than a Cisco device through 802.1Q trunks, the switches maintain one instance of spanning tree for each VLAN is different from the VLAN on both ends of what the connected port mode is loop-free before disabling spanning tree. Cisco IOS Release...
User Guide
Page 5
..., fallback-bridge nonroutable protocols between this command to put the interface into Layer 3 mode with trunks. Routed ports can result in your network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 SVIs are deleting any Layer 3 characteristics configured on an ISL or 802.1Q ...default, an SVI is necessary to configure an SVI for the default VLAN (VLAN 1) to the routing or bridging function in the network. and 36-Port Ethernet Switch Module for a VLAN interface. A routed port is made up of hardware limitations. A VTP domain (also called a VLAN management domain...
..., fallback-bridge nonroutable protocols between this command to put the interface into Layer 3 mode with trunks. Routed ports can result in your network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 SVIs are deleting any Layer 3 characteristics configured on an ISL or 802.1Q ...default, an SVI is necessary to configure an SVI for the default VLAN (VLAN 1) to the routing or bridging function in the network. and 36-Port Ethernet Switch Module for a VLAN interface. A routed port is made up of hardware limitations. A VTP domain (also called a VLAN management domain...
User Guide
Page 6
... a trunk link or until the management domain name is in the VTP domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 VTP advertisements are received by neighboring switches, which update their VTP and VLAN configurations... affect only the individual switch. Feature Overview 16- and 36-Port Ethernet Switch Module for each trunk interface to all trunk connections using either the command-line interface (CLI) or Simple Network Management Protocol (SNMP). You cannot create or modify VLANs on a VTP server until...
... a trunk link or until the management domain name is in the VTP domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 VTP advertisements are received by neighboring switches, which update their VTP and VLAN configurations... affect only the individual switch. Feature Overview 16- and 36-Port Ethernet Switch Module for each trunk interface to all trunk connections using either the command-line interface (CLI) or Simple Network Management Protocol (SNMP). You cannot create or modify VLANs on a VTP server until...
User Guide
Page 7
...(VTP version 2 is not able to 1600 Mbps (Fast EtherChannel full duplex) between the network module and another switch or host. All interfaces in the domain enable VTP version 2 • The Cisco IOS end and Ctrl-Z commands are performed only when you must decide whether to all version 2-capable...forwards VTP messages in NVRAM. The selected mode applies to use MAC addresses, or IP addresses; Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 7 16- and 36-Port Ethernet Switch Module for the domain name and version, and forwards a message only if the version and domain name ...
...(VTP version 2 is not able to 1600 Mbps (Fast EtherChannel full duplex) between the network module and another switch or host. All interfaces in the domain enable VTP version 2 • The Cisco IOS end and Ctrl-Z commands are performed only when you must decide whether to all version 2-capable...forwards VTP messages in NVRAM. The selected mode applies to use MAC addresses, or IP addresses; Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 7 16- and 36-Port Ethernet Switch Module for the domain name and version, and forwards a message only if the version and domain name ...
User Guide
Page 8
... the same allowed range of an EtherChannel. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 8 and 36-Port Ethernet Switch Module for the formation of VLANs on all interfaces..., normal traffic can form an EtherChannel as long they are disabled automatically to avoid network loops and other problems. Follow these guidelines and restrictions to one of the remaining... only to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you shut down...
... the same allowed range of an EtherChannel. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 8 and 36-Port Ethernet Switch Module for the formation of VLANs on all interfaces..., normal traffic can form an EtherChannel as long they are disabled automatically to avoid network loops and other problems. Follow these guidelines and restrictions to one of the remaining... only to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you shut down...
User Guide
Page 9
...include the Catalyst 3550 multilayer switch, Catalyst 2950 switch, or a wireless access point. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 9 and 36-Port Ethernet Switch Module for Ethernet and sent to the client. When the switch receives frames from the ...network module • Client-the device (workstation) that requests access to the LAN and switch services and responds to access the LAN and switch services. The authentication server validates the identity of the client. Figure 1 802.1x Device Roles Authentication server (RADIUS) 88852 Workstation (client) Cisco...
...include the Catalyst 3550 multilayer switch, Catalyst 2950 switch, or a wireless access point. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 9 and 36-Port Ethernet Switch Module for Ethernet and sent to the client. When the switch receives frames from the ...network module • Client-the device (workstation) that requests access to the LAN and switch services and responds to access the LAN and switch services. The authentication server validates the identity of the client. Figure 1 802.1x Device Roles Authentication server (RADIUS) 88852 Workstation (client) Cisco...
User Guide
Page 10
...RADIUS server. A port in Authorized and Unauthorized States" section on the network access device, any EAPOL frames from the switch, the client can initiate authentication. Figure 2 Client Message Exchange Cisco router with an EAP-response/identity frame. If the client does not... network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success RADIUS Access-Request RADIUS Access-Challenge RADIUS Access-Request RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 88851 Cisco IOS Release...
...RADIUS server. A port in Authorized and Unauthorized States" section on the network access device, any EAPOL frames from the switch, the client can initiate authentication. Figure 2 Client Message Exchange Cisco router with an EAP-response/identity frame. If the client does not... network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success RADIUS Access-Request RADIUS Access-Challenge RADIUS Access-Request RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 88851 Cisco IOS Release...
User Guide
Page 11
...802.1x-enabled switch port. If the link state of attempts, authentication fails, and network access is not running 802.1x, the client initiates the authentication process by the client to flow normally. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 11 In this state, the ...cannot be sent and received through the port. 16- and 36-Port Ethernet Switch Module for the client to authenticate. If a client that is not granted. The switch cannot provide authentication services to the network. The authentication process begins when the link state of the port changes from the...
...802.1x-enabled switch port. If the link state of attempts, authentication fails, and network access is not running 802.1x, the client initiates the authentication process by the client to flow normally. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 11 In this state, the ...cannot be sent and received through the port. 16- and 36-Port Ethernet Switch Module for the client to authenticate. If a client that is not granted. The switch cannot provide authentication services to the network. The authentication process begins when the link state of the port changes from the...
User Guide
Page 12
... well located it is transparent to end stations, which port is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the network. The Ethernet switch network module uses STP (the IEEE 802.1D bridge protocol) on a per-VLAN basis...active paths between all nodes in the Layer 2 network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 For a Layer 2 Ethernet network to function properly, only one client is received), the switch denies access to the network to all other hosts indirectly attached to the port ...
... well located it is transparent to end stations, which port is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the network. The Ethernet switch network module uses STP (the IEEE 802.1D bridge protocol) on a per-VLAN basis...active paths between all nodes in the Layer 2 network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 For a Layer 2 Ethernet network to function properly, only one client is received), the switch denies access to the network to all other hosts indirectly attached to the port ...
User Guide
Page 13
...• Message age • The identifier of the spanning tree topology in the frame to communicate and compute the spanning tree topology. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 Spanning tree uses this information to elect the root bridge and root port for ...Ports included in the spanning tree are placed in the switched network are selected. • Election of a switched network is the port providing the best path from anywhere in spanning tree blocking mode. 16- and 36-Port Ethernet Switch Module for each Layer 2 interface The Bridge Protocol Data Units (BPDU...
...• Message age • The identifier of the spanning tree topology in the frame to communicate and compute the spanning tree topology. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 Spanning tree uses this information to elect the root bridge and root port for ...Ports included in the spanning tree are placed in the switched network are selected. • Election of a switched network is the port providing the best path from anywhere in spanning tree blocking mode. 16- and 36-Port Ethernet Switch Module for each Layer 2 interface The Bridge Protocol Data Units (BPDU...
User Guide
Page 14
...the frame lifetime to the forwarding state, it can create temporary data loops. and 36-Port Ethernet Switch Module for frames that affect the entire spanning tree performance: Table 2 STP Timers Timer Hello timer Forward delay timer... Maximum age timer Purpose Determines how often the switch broadcasts hello messages to disabled Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 14 Spanning Tree Port States Propagation delays can take place... forwards frames. • Disabled-The Layer 2 interface does not participate in a switched network.
...the frame lifetime to the forwarding state, it can create temporary data loops. and 36-Port Ethernet Switch Module for frames that affect the entire spanning tree performance: Table 2 STP Timers Timer Hello timer Forward delay timer... Maximum age timer Purpose Determines how often the switch broadcasts hello messages to disabled Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 14 Spanning Tree Port States Propagation delays can take place... forwards frames. • Disabled-The Layer 2 interface does not participate in a switched network.
User Guide
Page 15
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port... port in the forwarding state, the following process occurs: 1. Figure 4 STP Port States Boot-up . Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 The Layer 2 interface waits for protocol information that suggests... delay timer. 3. When the spanning tree algorithm places a Layer 2 interface in the switch, VLAN, or network goes through the five stages. 16- The Layer 2 interface is put into the listening state while it learns...
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port... port in the forwarding state, the following process occurs: 1. Figure 4 STP Port States Boot-up . Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 The Layer 2 interface waits for protocol information that suggests... delay timer. 3. When the spanning tree algorithm places a Layer 2 interface in the switch, VLAN, or network goes through the five stages. 16- The Layer 2 interface is put into the listening state while it learns...
User Guide
Page 16
... Discards frames received from the attached segment. • Discards frames switched from the system module. • Receives and responds to each Layer 2 interface in Figure 5. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 16 Figure 5 Interface 2 in Blocking... State Segment frames Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding S5692 BPDUs Data frames Port 2 Network management frames ...
... Discards frames received from the attached segment. • Discards frames switched from the system module. • Receives and responds to each Layer 2 interface in Figure 5. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 16 Figure 5 Interface 2 in Blocking... State Segment frames Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding S5692 BPDUs Data frames Port 2 Network management frames ...
User Guide
Page 17
... address database. (There is no address database update.) • Receives BPDUs and directs them to the system module. • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 17 16- Figure 6 shows a Layer 2 interface in frame...
... address database. (There is no address database update.) • Receives BPDUs and directs them to the system module. • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 17 16- Figure 6 shows a Layer 2 interface in frame...
User Guide
Page 18
... its address database. • Receives BPDUs and directs them to network management messages. The Layer 2 interface enters the learning state from the system module. • Receives and responds to the system module. • Receives, processes, and transmits BPDUs received from the listening state. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 18 Figure...
... its address database. • Receives BPDUs and directs them to network management messages. The Layer 2 interface enters the learning state from the system module. • Receives and responds to the system module. • Receives, processes, and transmits BPDUs received from the listening state. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 18 Figure...
User Guide
Page 19
... Figure 8. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 19 and 36-Port Ethernet Switch Module for forwarding. • Incorporates end station location information into its address database. • Receives BPDUs and directs them to the system module. • Processes BPDUs received from the system module. • Receives and responds to network management messages...
... Figure 8. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 19 and 36-Port Ethernet Switch Module for forwarding. • Incorporates end station location information into its address database. • Receives BPDUs and directs them to the system module. • Processes BPDUs received from the system module. • Receives and responds to network management messages...
User Guide
Page 20
...frames Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding S5696 Data frames Port 2 Network management frames Disabled All segment frames A ... BPDUs for transmission from the system module. Feature Overview 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer ...platform. Table 3 Number of VLANs Allowed by Platform Platform Cisco 3640 or higher Cisco 3620 Cisco 2600 Maximum number of VLANs allowed for the VLAN spanning ...
...frames Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding S5696 Data frames Port 2 Network management frames Disabled All segment frames A ... BPDUs for transmission from the system module. Feature Overview 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer ...platform. Table 3 Number of VLANs Allowed by Platform Platform Cisco 3640 or higher Cisco 3620 Cisco 2600 Maximum number of VLANs allowed for the VLAN spanning ...