User Guide
Page 1
... Switch Module (NM-16ESW and NM-36ESW) for the 16- This document includes the following sections: • Feature Overview, page 2 • Supported Platforms, page 45 • Supported Standards, MIBs, and RFCs, page 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers...
... Switch Module (NM-16ESW and NM-36ESW) for the 16- This document includes the following sections: • Feature Overview, page 2 • Supported Platforms, page 45 • Supported Standards, MIBs, and RFCs, page 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers...
User Guide
Page 2
...switch network modules support simultaneous, parallel connections between Ethernet segments last only for IP telephones. Switched connections between Layer 2 Ethernet segments. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 2 New connections can be added to provide inline power for the duration ...ports. The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. An optional power module can be used as an uplink port to a server or as a stacking link to configure the 16- The 36-port Ethernet switch network ...
...switch network modules support simultaneous, parallel connections between Ethernet segments last only for IP telephones. Switched connections between Layer 2 Ethernet segments. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 2 New connections can be added to provide inline power for the duration ...ports. The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. An optional power module can be used as an uplink port to a server or as a stacking link to configure the 16- The 36-port Ethernet switch network ...
User Guide
Page 3
... The switch then forwards subsequent frames to -point link between interfaces efficiently, the switch maintains an address table. The address table can configure a trunk on a single Ethernet interface or on the switch represents a separate Ethernet segment, servers in Ethernet networks, an effective solution... can flow in its own 10-, 100-, or 1000-Mbps segment. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large...
... The switch then forwards subsequent frames to -point link between interfaces efficiently, the switch maintains an address table. The address table can configure a trunk on a single Ethernet interface or on the switch represents a separate Ethernet segment, servers in Ethernet networks, an effective solution... can flow in its own 10-, 100-, or 1000-Mbps segment. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large...
User Guide
Page 4
...for the specific VLAN. Inconsistencies detected by a cloud of the trunk link. Make sure that are not Cisco switches. Table 1 Default Layer 2 Ethernet Interface Configuration Feature Interface mode Trunk encapsulation Allowed VLAN range Default VLAN (for access ports) Native VLAN (for 802...the other 802.1Q switch. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN...
...for the specific VLAN. Inconsistencies detected by a cloud of the trunk link. Make sure that are not Cisco switches. Table 1 Default Layer 2 Ethernet Interface Configuration Feature Interface mode Trunk encapsulation Allowed VLAN range Default VLAN (for access ports) Native VLAN (for 802...the other 802.1Q switch. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN...
User Guide
Page 5
...names, incorrect VLAN-type specifications, and security violations. Configure routed ports by putting the interface into Layer 3 mode, you enter the vlan interface configuration command for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual...are deleting any Layer 3 characteristics configured on an ISL or 802.1Q encapsulated trunk or the VLAN ID configured for a VLAN only when you return the interface to a router. SVIs support routing protocol and bridging configurations. Cisco IOS Release 12.2(2)XT, 12...
...names, incorrect VLAN-type specifications, and security violations. Configure routed ports by putting the interface into Layer 3 mode, you enter the vlan interface configuration command for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual...are deleting any Layer 3 characteristics configured on an ISL or 802.1Q encapsulated trunk or the VLAN ID configured for a VLAN only when you return the interface to a router. SVIs support routing protocol and bridging configurations. Cisco IOS Release 12.2(2)XT, 12...
User Guide
Page 6
... to operate in the VTP domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 A switch can configure a switch to all trunk connections using either the command-line interface (CLI) or Simple Network...ignores advertisements with unique names and internal index associations. VTP advertisements are received by neighboring switches, which update their VLAN configuration with other configuration parameters (such as VTP transparent, you cannot create, change is made up of these VTP modes: • Server...
... to operate in the VTP domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 A switch can configure a switch to all trunk connections using either the command-line interface (CLI) or Simple Network...ignores advertisements with unique names and internal index associations. VTP advertisements are received by neighboring switches, which update their VLAN configuration with other configuration parameters (such as VTP transparent, you cannot create, change is made up of these VTP modes: • Server...
User Guide
Page 7
..., without consistency checks. Version-Dependent Transparent Mode-In VTP version 1, a VTP transparent switch inspects VTP messages for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you use VTP in your network: • All switches in the... version 2 is accepted without checking the version. VTP Configuration Guidelines and Restrictions Follow these guidelines and restrictions when implementing VTP in your network, you enable VTP version 2 on internal flash is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in ...
..., without consistency checks. Version-Dependent Transparent Mode-In VTP version 1, a VTP transparent switch inspects VTP messages for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you use VTP in your network: • All switches in the... version 2 is accepted without checking the version. VTP Configuration Guidelines and Restrictions Follow these guidelines and restrictions when implementing VTP in your network, you enable VTP version 2 on internal flash is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in ...
User Guide
Page 8
... interfaces) with different Spanning Tree Protocol (STP) port path costs can pass through the port. After you configure an EtherChannel, configuration that interfaces be created. After authentication is going only to one of the remaining interfaces in the EtherChannel to... Authentication Protocol over LAN (EAPOL) traffic through publicly accessible ports. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 8 The authentication server authenticates each client connected to avoid configuration problems: • All Ethernet interfaces on all interfaces in the EtherChannel...
... interfaces) with different Spanning Tree Protocol (STP) port path costs can pass through the port. After you configure an EtherChannel, configuration that interfaces be created. After authentication is going only to one of the remaining interfaces in the EtherChannel to... Authentication Protocol over LAN (EAPOL) traffic through publicly accessible ports. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 8 The authentication server authenticates each client connected to avoid configuration problems: • All Ethernet interfaces on all interfaces in the EtherChannel...
User Guide
Page 10
... effectively means that the port link state changes from the client are dropped. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by one or more requests for...information, see the "Ports in Authorized and Unauthorized States" section on a port by the client using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the client has been successfully authenticated.
... effectively means that the port link state changes from the client are dropped. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by one or more requests for...information, see the "Ports in Authorized and Unauthorized States" section on a port by the client using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the client has been successfully authenticated.
User Guide
Page 11
...to an unauthorized 802.1x port, the switch requests the client's identity. In contrast, when an 802.1x-enabled client connects to -point configuration (see Figure 1 on page 9), only one client can retransmit the request. This is not running 802.1x, the client initiates the ... is received from the authenticated client are allowed through the port. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 11 You control the port authorization state by using the dot1x port-control interface configuration command and these keywords: • force-authorized-disables 802.1x and...
...to an unauthorized 802.1x port, the switch requests the client's identity. In contrast, when an 802.1x-enabled client connects to -point configuration (see Figure 1 on page 9), only one client can retransmit the request. This is not running 802.1x, the client initiates the ... is received from the authenticated client are allowed through the port. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 11 You control the port authorization state by using the dot1x port-control interface configuration command and these keywords: • force-authorized-disables 802.1x and...
User Guide
Page 12
... tree with Ethernet switch network module Authentication server (RADIUS) 88850 Wireless client Spanning Tree Protocol This section describes how to configure the Spanning Tree Protocol (STP) on Ethernet switch network module systems. Spanning tree is transparent to the switch. The ... loop exists in the network. Spanning tree forces redundant data paths into a standby (blocked) state. Figure 3 Wireless LAN Example Access point Cisco router with a root switch and a loop-free path from the root to all VLANs. By default, a single instance of an interface...
... tree with Ethernet switch network module Authentication server (RADIUS) 88850 Wireless client Spanning Tree Protocol This section describes how to configure the Spanning Tree Protocol (STP) on Ethernet switch network module systems. Spanning tree is transparent to the switch. The ... loop exists in the network. Spanning tree forces redundant data paths into a standby (blocked) state. Figure 3 Wireless LAN Example Access point Cisco router with a root switch and a loop-free path from the root to all VLANs. By default, a single instance of an interface...
User Guide
Page 13
...center of a switched network is determined by the following : • One switch is calculated for each VLAN, the switch with each switch sends configuration BPDUs to calculate a BPDU, and, if the topology changes, initiate a BPDU transmission. Spanning tree uses this information to the root switch is... elected as the root switch. • The shortest distance to elect the root bridge and root port for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of the spanning tree topology in ...
...center of a switched network is determined by the following : • One switch is calculated for each VLAN, the switch with each switch sends configuration BPDUs to calculate a BPDU, and, if the topology changes, initiate a BPDU transmission. Spanning tree uses this information to the root switch is... elected as the root switch. • The shortest distance to elect the root bridge and root port for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of the spanning tree topology in ...
User Guide
Page 15
... expire, moves the Layer 2 interface to the blocking state. 2. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of listening... every port in the forwarding state, the following process occurs: 1. The Layer 2 interface waits for the forwarding database. 4. If properly configured, each Layer 2 interface stabilizes to the forwarding state, where both learning and frame forwarding are enabled. The Layer 2 interface is put ...
... expire, moves the Layer 2 interface to the blocking state. 2. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of listening... every port in the forwarding state, the following process occurs: 1. The Layer 2 interface waits for the forwarding database. 4. If properly configured, each Layer 2 interface stabilizes to the forwarding state, where both learning and frame forwarding are enabled. The Layer 2 interface is put ...
User Guide
Page 21
...: 19 when operated in 100-Mb mode, and 4 when operated in the forwarding state and blocks other interfaces. Cisco IOS software uses the port priority value when the interface is configured as a trunk port. For example, if the MAC address range is 00-e0-1e-9b-2e-00 to VLAN...spanning tree considers port cost when selecting an interface to select first and higher Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 21 used on a per -VLAN basis; You can view the default Spanning Tree configuration values. used on a per -interface basis; You can assign lower cost values...
...: 19 when operated in 100-Mb mode, and 4 when operated in the forwarding state and blocks other interfaces. Cisco IOS software uses the port priority value when the interface is configured as a trunk port. For example, if the MAC address range is 00-e0-1e-9b-2e-00 to VLAN...spanning tree considers port cost when selecting an interface to select first and higher Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 21 used on a per -VLAN basis; You can view the default Spanning Tree configuration values. used on a per -interface basis; You can assign lower cost values...
User Guide
Page 22
... to the root switch, the switch causes the maximum aging times on the ports on which it received the inferior BPDU to Switch B is configured as both the root bridge and the designated bridge. Figure 10 shows an example topology with the lowest interface number in the blocking state), through... Indirect Link Failure Switch A (Root) Switch B L1 L2 L3 Blocked port Switch C 44963 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 22 Spanning tree uses the port cost value when the interface is configured as an access port and uses VLAN port cost values when the interface is in...
... to the root switch, the switch causes the maximum aging times on the ports on which it received the inferior BPDU to Switch B is configured as both the root bridge and the designated bridge. Figure 10 shows an example topology with the lowest interface number in the blocking state), through... Indirect Link Failure Switch A (Root) Switch B L1 L2 L3 Blocked port Switch C 44963 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 22 Spanning tree uses the port cost value when the interface is configured as an access port and uses VLAN port cost values when the interface is in...
User Guide
Page 24
... time a receiving device should hold -time information, which SPAN sends packets for all Cisco routers, bridges, access servers, and switches. You cannot configure a SPAN destination interface to a multicast address. Each device advertises at least one destination interface. You configure SPAN sessions using parameters that support Subnetwork Access Protocol (SNAP). SPAN sessions do not...
... time a receiving device should hold -time information, which SPAN sends packets for all Cisco routers, bridges, access servers, and switches. You cannot configure a SPAN destination interface to a multicast address. Each device advertises at least one destination interface. You configure SPAN sessions using parameters that support Subnetwork Access Protocol (SNAP). SPAN sessions do not...
User Guide
Page 25
... access control lists (ACLs), which case the packets would be implemented using SPAN. In some SPAN configurations, multiple copies of VLANs is configured for sources a1 and a2 to the destination interface. both incoming and outgoing packets are from the source...interfaces to a destination interface d1. Specifying the configuration option both copies network traffic received and transmitted by the source interfaces for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be configured as access lists. For example, a bidirectional ...
... access control lists (ACLs), which case the packets would be implemented using SPAN. In some SPAN configurations, multiple copies of VLANs is configured for sources a1 and a2 to the destination interface. both incoming and outgoing packets are from the source...interfaces to a destination interface d1. Specifying the configuration option both copies network traffic received and transmitted by the source interfaces for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be configured as access lists. For example, a bidirectional ...
User Guide
Page 26
... module supports IP ACLs to block inbound traffic. The switch examines access lists associated with all inbound features configured on that interface are no conditions match, the switch rejects the packet. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26 ACLs can access different parts of a network... or to match the ACE. If there are examined. You can use ACLs to control which hosts can filter traffic as it passes through the switch could be configured to ...
... module supports IP ACLs to block inbound traffic. The switch examines access lists associated with all inbound features configured on that interface are no conditions match, the switch rejects the packet. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26 ACLs can access different parts of a network... or to match the ACE. If there are examined. You can use ACLs to control which hosts can filter traffic as it passes through the switch could be configured to ...
User Guide
Page 27
Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from host 10.2.2.2, port 65000, ... fragment matches the first ACE (a permit), as TCP or UDP port numbers, ICMP type and code, and so on. The remaining fragments also match the Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 27 When this information. All other fragments are considered to host 10.1.1.1 on ) are missing this...
Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from host 10.2.2.2, port 65000, ... fragment matches the first ACE (a permit), as TCP or UDP port numbers, ICMP type and code, and so on. The remaining fragments also match the Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 27 When this information. All other fragments are considered to host 10.1.1.1 on ) are missing this...
User Guide
Page 28
...defined mask-masks that they are permitted will consume bandwidth on the Telnet port. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they do not match the second ACE because they are defined by the user.... any Switch (config-ext-nacl)# permit any any combination or all of multiple Layer 3 and Layer 4 fields. Understanding Access Control Parameters Before configuring ACLs on these fields simultaneously to define the flow, or specify a user-defined subnet. UDP (You can specify a UDP source, destination port...
...defined mask-masks that they are permitted will consume bandwidth on the Telnet port. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they do not match the second ACE because they are defined by the user.... any Switch (config-ext-nacl)# permit any any combination or all of multiple Layer 3 and Layer 4 fields. Understanding Access Control Parameters Before configuring ACLs on these fields simultaneously to define the flow, or specify a user-defined subnet. UDP (You can specify a UDP source, destination port...