User Guide
Page 1
...NM-36ESW) for switch virtual interfaces (SVIs). and 36-Port Ethernet Switch Module for the 16- This document includes the following sections: • Feature Overview, page 2 • Supported Platforms, page 45 • Supported Standards, MIBs, and RFCs, page 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for Cisco... 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature History Release 12.2(2)XT 12.2(8)T 12.2(...
...NM-36ESW) for switch virtual interfaces (SVIs). and 36-Port Ethernet Switch Module for the 16- This document includes the following sections: • Feature Overview, page 2 • Supported Platforms, page 45 • Supported Standards, MIBs, and RFCs, page 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for Cisco... 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature History Release 12.2(2)XT 12.2(8)T 12.2(...
User Guide
Page 2
... port to a server or as a stacking link to another 16- The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. The gigabit Ethernet can be added to configure the 16- and 36-port Ethernet switch network modules support the following: • Layer 2 Ethernet Interfaces, page...
... port to a server or as a stacking link to another 16- The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. The gigabit Ethernet can be added to configure the 16- and 36-port Ethernet switch network modules support the following: • Layer 2 Ethernet Interfaces, page...
User Guide
Page 3
... the MAC address of users by all ports connect to all interfaces. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large...floods the frame to a common backplane within the hub, and the bandwidth of the frames received. You can flow in a properly configured switched environment achieve full access to 200 Mbps for a destination address not listed in Ethernet networks, an effective solution is shared by ...
... the MAC address of users by all ports connect to all interfaces. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large...floods the frame to a common backplane within the hub, and the bandwidth of the frames received. You can flow in a properly configured switched environment achieve full access to 200 Mbps for a destination address not listed in Ethernet networks, an effective solution is shared by ...
User Guide
Page 4
... Ethernet interfaces operated in the network can potentially cause spanning tree loops. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN trunk with the spanning tree...
... Ethernet interfaces operated in the network can potentially cause spanning tree loops. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN trunk with the spanning tree...
User Guide
Page 5
... to a router. SVIs support routing protocol and bridging configurations. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 VTP minimizes misconfigurations and configuration inconsistencies that maintains VLAN configuration consistency by software; Routed Ports A routed port is not supported). Routed ports can configure routing across SVIs. 16- Configure routed ports by using the ip routing and...
... to a router. SVIs support routing protocol and bridging configurations. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 VTP minimizes misconfigurations and configuration inconsistencies that maintains VLAN configuration consistency by software; Routed Ports A routed port is not supported). Routed ports can configure routing across SVIs. 16- Configure routed ports by using the ip routing and...
User Guide
Page 6
...advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 However, in one and only one of one or more interconnected switches that they receive out their VTP and VLAN configurations as VTP servers, but the changes affect ...transmission unit (MTU) size for a domain over trunk links. VTP Modes You can be configured to a reserved multicast address. If you configure the switch as VTP version) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is propagated...
...advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 However, in one and only one of one or more interconnected switches that they receive out their VTP and VLAN configurations as VTP servers, but the changes affect ...transmission unit (MTU) size for a domain over trunk links. VTP Modes You can be configured to a reserved multicast address. If you configure the switch as VTP version) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is propagated...
User Guide
Page 7
... EtherChannels configured on internal flash is supported. • Use the squeeze flash command to a numerical value that selects one domain is disabled by reducing part of the binary pattern formed from NVRAM. either source or destination or both source and destination. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600...
... EtherChannels configured on internal flash is supported. • Use the squeeze flash command to a numerical value that selects one domain is disabled by reducing part of the binary pattern formed from NVRAM. either source or destination or both source and destination. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600...
User Guide
Page 8
... address, using source addresses or IP addresses may result in an EtherChannel. If you configure an EtherChannel, configuration that restricts unauthorized devices from gaining access to avoid configuration problems: • All Ethernet interfaces on all interfaces in better load balancing. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 8 After you shut down...
... address, using source addresses or IP addresses may result in an EtherChannel. If you configure an EtherChannel, configuration that restricts unauthorized devices from gaining access to avoid configuration problems: • All Ethernet interfaces on all interfaces in better load balancing. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 8 After you shut down...
User Guide
Page 10
...RADIUS server. For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by the client using the dot1x port-control auto interface configuration command, the switch must initiate ...-Success RADIUS Access-Request RADIUS Access-Challenge RADIUS Access-Request RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 88851 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 10 and 36-Port Ethernet Switch Module for authentication information)....
...RADIUS server. For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by the client using the dot1x port-control auto interface configuration command, the switch must initiate ...-Success RADIUS Access-Request RADIUS Access-Challenge RADIUS Access-Request RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 88851 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 10 and 36-Port Ethernet Switch Module for authentication information)....
User Guide
Page 11
... EAPOL-start frame. When a client is connected to the authorized state, allowing all ingress and egress traffic except for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state. In contrast, when an 802.1x-enabled client connects to a ... for 802.1x packets. If a client that is supported in the unauthorized state, allowing only EAPOL frames to be connected to -point configuration (see Figure 1 on page 9), only one client can retransmit the request. The switch cannot provide authentication services to the unauthorized state. ...
... EAPOL-start frame. When a client is connected to the authorized state, allowing all ingress and egress traffic except for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state. In contrast, when an 802.1x-enabled client connects to a ... for 802.1x packets. If a client that is supported in the unauthorized state, allowing only EAPOL frames to be connected to -point configuration (see Figure 1 on page 9), only one client can retransmit the request. The switch cannot provide authentication services to the unauthorized state. ...
User Guide
Page 12
... unauthorized (reauthentication fails or an EAPOL-logoff message is authenticated. For a Layer 2 Ethernet network to configure the Spanning Tree Protocol (STP) on multiple Layer 2 interfaces. Spanning tree forces redundant data paths into a standby (blocked) state. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 Figure 3 Wireless LAN Example Access point...
... unauthorized (reauthentication fails or an EAPOL-logoff message is authenticated. For a Layer 2 Ethernet network to configure the Spanning Tree Protocol (STP) on multiple Layer 2 interfaces. Spanning tree forces redundant data paths into a standby (blocked) state. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 Figure 3 Wireless LAN Example Access point...
User Guide
Page 13
...network, as well as the root port and designated port for each LAN segment is calculated for each switch based on each switch sends configuration BPDUs to calculate a BPDU, and, if the topology changes, initiate a BPDU transmission. BPDUs contain information about the transmitting bridge and...ID of the transmitting bridge • Message age • The identifier of the transmitting port • Values for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of the spanning tree topology in one...
...network, as well as the root port and designated port for each LAN segment is calculated for each switch based on each switch sends configuration BPDUs to calculate a BPDU, and, if the topology changes, initiate a BPDU transmission. BPDUs contain information about the transmitting bridge and...ID of the transmitting bridge • Message age • The identifier of the transmitting port • Values for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of the spanning tree topology in one...
User Guide
Page 15
...delay timer to expire, moves the Layer 2 interface to the forwarding state, where both learning and frame forwarding are enabled. If properly configured, each Layer 2 interface stabilizes to the blocking state. 2. The Layer 2 interface is put into the listening state while it waits ...for protocol information that suggests that it learns end station location information for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of...
...delay timer to expire, moves the Layer 2 interface to the forwarding state, where both learning and frame forwarding are enabled. If properly configured, each Layer 2 interface stabilizes to the blocking state. 2. The Layer 2 interface is put into the listening state while it waits ...for protocol information that suggests that it learns end station location information for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of...
User Guide
Page 21
... path cost default value is configured as a trunk port. In the event of an interface. Table 4 Spanning Tree Default Configuration Feature Default Value Enable state Spanning tree enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview MAC addresses...Ethernet: 10 basis; used on interfaces configured as Layer 2 access ports) Spanning tree port cost (configurable on a per -interface basis; If all VLANs Bridge priority 32768 Spanning tree port priority (configurable on a per -interface 128 basis; Cisco IOS software uses the port priority ...
... path cost default value is configured as a trunk port. In the event of an interface. Table 4 Spanning Tree Default Configuration Feature Default Value Enable state Spanning tree enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview MAC addresses...Ethernet: 10 basis; used on interfaces configured as Layer 2 access ports) Spanning tree port cost (configurable on a per -interface basis; If all VLANs Bridge priority 32768 Spanning tree port priority (configurable on a per -interface 128 basis; Cisco IOS software uses the port priority ...
User Guide
Page 22
... both the root bridge and the designated bridge. and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-tree max-age global configuration command. The possible cost range is not directly connected (an indirect link) has failed (that it still has an ... expire, and becomes the root switch according to the root switch. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that it means that connects directly to the root switch). If all interfaces have the ...
... both the root bridge and the designated bridge. and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-tree max-age global configuration command. The possible cost range is not directly connected (an indirect link) has failed (that it still has an ... expire, and becomes the root switch according to the root switch. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that it means that connects directly to the root switch). If all interfaces have the ...
User Guide
Page 24
... source interfaces for analysis. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 24 With CDP, network management applications can enable or disable SPAN sessions with command-line interface (CLI) or SNMP commands. You can configure EtherChannel as a destination interface cannot be SPAN destination interfaces. Each CDP-configured device sends periodic messages...
... source interfaces for analysis. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 24 With CDP, network management applications can enable or disable SPAN sessions with command-line interface (CLI) or SNMP commands. You can configure EtherChannel as a destination interface cannot be SPAN destination interfaces. Each CDP-configured device sends periodic messages...
User Guide
Page 25
...is not supported • Only one SPAN destination interface. • You can be configured as access lists. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be implemented using SPAN. For example, a ... with ACLs Network security on the SPAN destination are also referred to destination interface d1; In some SPAN configurations, multiple copies of VLANs is configured for analysis at any BPDUs seen on your Ethernet switch network module can mix individual source interfaces within ...
...is not supported • Only one SPAN destination interface. • You can be configured as access lists. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be implemented using SPAN. For example, a ... with ACLs Network security on the SPAN destination are also referred to destination interface d1; In some SPAN configurations, multiple copies of VLANs is configured for analysis at any BPDUs seen on your Ethernet switch network module can mix individual source interfaces within ...
User Guide
Page 26
... of traffic are forwarded or blocked at the switch input allow one . When a packet is used. If you do not configure ACLs, all inbound features configured on the inbound direction. • Standard IP access lists use source addresses for matching operations. • Extended IP access lists...example, you can allow e-mail traffic to be forwarded, based on a Layer 2 switch to provide basic security for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can use by one host to access the Human Resources network, but not both traffic...
... of traffic are forwarded or blocked at the switch input allow one . When a packet is used. If you do not configure ACLs, all inbound features configured on the inbound direction. • Standard IP access lists use source addresses for matching operations. • Extended IP access lists...example, you can allow e-mail traffic to be forwarded, based on a Layer 2 switch to provide basic security for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can use by one host to access the Human Resources network, but not both traffic...
User Guide
Page 27
... 3 information in the examples, the eq keyword after the destination address means to host 10.1.1.1 on . Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic...When this information. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with these commands, applied to three fragmented packets: Switch (config...
... 3 information in the examples, the eq keyword after the destination address means to host 10.1.1.1 on . Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic...When this information. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with these commands, applied to three fragmented packets: Switch (config...
User Guide
Page 28
...sent to host 10.1.1.2 on the Telnet port. There are two types of the Access Control Parameters (ACPs). Understanding Access Control Parameters Before configuring ACLs on which you must have a thorough understanding of masks: • User-defined mask-masks that they are missing Layer 4 information....source address (Specify all Layer 3 and Layer 4 information is effectively denied. Each ACE has a mask and a rule. Packets can use any Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 28 If this packet is fragmented, the first fragment matches the second ACE (a deny)...
...sent to host 10.1.1.2 on the Telnet port. There are two types of the Access Control Parameters (ACPs). Understanding Access Control Parameters Before configuring ACLs on which you must have a thorough understanding of masks: • User-defined mask-masks that they are missing Layer 4 information....source address (Specify all Layer 3 and Layer 4 information is effectively denied. Each ACE has a mask and a rule. Packets can use any Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 28 If this packet is fragmented, the first fragment matches the second ACE (a deny)...