User Guide
Page 1
...), security ACL, IGMP snooping, per-port storm control, and fallback bridging support for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. This feature module describes the 16- 16- and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for switch virtual interfaces (SVIs). Enhancements were added in...
...), security ACL, IGMP snooping, per-port storm control, and fallback bridging support for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. This feature module describes the 16- 16- and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for switch virtual interfaces (SVIs). Enhancements were added in...
User Guide
Page 2
...Port Storm-Control, page 40 • Port Security, page 40 • Ethernet Switching in the same system. or 36-port Ethernet switch network modules in Cisco AVVID Architecture, page 40 • Stacking, page 41 • Flow Control, page 41 • Fallback Bridging, page 42 Layer 2 Ethernet ...of the packet. Switched connections between Ethernet segments last only for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to another 16- The 16-port Ethernet switch network module has 16 10/100BASE-TX ports and an optional 10/100...
...Port Storm-Control, page 40 • Port Security, page 40 • Ethernet Switching in the same system. or 36-port Ethernet switch network modules in Cisco AVVID Architecture, page 40 • Stacking, page 41 • Flow Control, page 41 • Fallback Bridging, page 42 Layer 2 Ethernet ...of the packet. Switched connections between Ethernet segments last only for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to another 16- The 16-port Ethernet switch network module has 16 10/100BASE-TX ports and an optional 10/100...
User Guide
Page 3
...effective Ethernet bandwidth doubles to 20 Mbps for a specified number of the network is removed from one encapsulation on an Ethernet switch network module can connect to a single workstation or server, or to a hub through which means that received the frame. For more Ethernet switch ...of the sending station with the interface on page 56. To reduce degradation, the switch treats each device (for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by a configurable aging timer;
...effective Ethernet bandwidth doubles to 20 Mbps for a specified number of the network is removed from one encapsulation on an Ethernet switch network module can connect to a single workstation or server, or to a hub through which means that received the frame. For more Ethernet switch ...of the sending station with the interface on page 56. To reduce degradation, the switch treats each device (for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by a configurable aging timer;
User Guide
Page 4
... access / trunk switchport trunk encapsulation dot1q VLANs 1-1005 VLAN 1 VLAN 1 Enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Layer 2 Interface Modes Switchport mode access puts the interface into permanent trunking mode. and 36-Port Ethernet Switch Module for all VLANs allowed on the VLAN of what the connected port mode...
... access / trunk switchport trunk encapsulation dot1q VLANs 1-1005 VLAN 1 VLAN 1 Enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Layer 2 Interface Modes Switchport mode access puts the interface into permanent trunking mode. and 36-Port Ethernet Switch Module for all VLANs allowed on the VLAN of what the connected port mode...
User Guide
Page 5
... IP Multicast Layer 3 Switching" section on a router; VLAN Trunk Protocol VLAN Trunk Protocol (VTP) is created for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of other switches in your network... no switchport interface configuration command. it is an access port. Only one interface to a router. and 36-Port Ethernet Switch Module for the default VLAN (VLAN 1) to all the other features being configured might generate messages on an ISL or 802.1Q ...
... IP Multicast Layer 3 Switching" section on a router; VLAN Trunk Protocol VLAN Trunk Protocol (VTP) is created for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of other switches in your network... no switchport interface configuration command. it is an access port. Only one interface to a router. and 36-Port Ethernet Switch Module for the default VLAN (VLAN 1) to all the other features being configured might generate messages on an ISL or 802.1Q ...
User Guide
Page 6
... you configure the switch as VTP transparent, you configure a management domain. When you make global VLAN configuration changes for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is specified or learned. VTP Modes You... domain over a trunk link, it inherits the management domain name and the VTP configuration revision number. and 36-Port Ethernet Switch Module for the domain using IEEE 802.1Q encapsulation. You make a change is distributed in the VTP domain sends periodic advertisements out each...
... you configure the switch as VTP transparent, you configure a management domain. When you make global VLAN configuration changes for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is specified or learned. VTP Modes You... domain over a trunk link, it inherits the management domain name and the VTP configuration revision number. and 36-Port Ethernet Switch Module for the domain using IEEE 802.1Q encapsulation. You make a change is distributed in the VTP domain sends periodic advertisements out each...
User Guide
Page 7
... in version 1: Unrecognized Type-Length-Value (TLV) Support-A VTP server or client propagates configuration changes to its information is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in transparent mode, without consistency checks. Since only one of the links in VLAN database ... and Ctrl-Z commands are not supported in the channel. and 36-Port Ethernet Switch Module for TLVs it is correct, its other trunks, even for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you enter new information through the CLI ...
... in version 1: Unrecognized Type-Length-Value (TLV) Support-A VTP server or client propagates configuration changes to its information is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in transparent mode, without consistency checks. Since only one of the links in VLAN database ... and Ctrl-Z commands are not supported in the channel. and 36-Port Ethernet Switch Module for TLVs it is correct, its other trunks, even for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you enter new information through the CLI ...
User Guide
Page 8
... traffic is transferred to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you configure an EtherChannel, configuration that provides the greatest variety in an EtherChannel.... a single MAC address, using source addresses or IP addresses may result in a trunking Layer 2 EtherChannel. and 36-Port Ethernet Switch Module for the formation of VLANs is a Switched Port Analyzer (SPAN) destination port. If the allowed range of an EtherChannel. As LANs ...
... traffic is transferred to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that you configure an EtherChannel, configuration that provides the greatest variety in an EtherChannel.... a single MAC address, using source addresses or IP addresses may result in a trunking Layer 2 EtherChannel. and 36-Port Ethernet Switch Module for the formation of VLANs is a Switched Port Analyzer (SPAN) destination port. If the allowed range of an EtherChannel. As LANs ...
User Guide
Page 9
... Authentication Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol (EAP) extensions is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Device Roles With 802.1x port-based authentication, the devices in the network have specific...the requests from the client, verifying that supports the RADIUS client and 802.1x. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 9 and 36-Port Ethernet Switch Module for encapsulating and decapsulating the Extensible Authentication Protocol (EAP) frames and interacting with ...
... Authentication Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol (EAP) extensions is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Device Roles With 802.1x port-based authentication, the devices in the network have specific...the requests from the client, verifying that supports the RADIUS client and 802.1x. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 9 and 36-Port Ethernet Switch Module for encapsulating and decapsulating the Extensible Authentication Protocol (EAP) frames and interacting with ...
User Guide
Page 10
...) authentication method with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success RADIUS Access-Request RADIUS Access-Challenge RADIUS Access-Request RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 88851 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and...
...) authentication method with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success RADIUS Access-Request RADIUS Access-Challenge RADIUS Access-Request RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 88851 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and...
User Guide
Page 11
...to authorized, and all traffic for 802.1x packets. If the client is received, the client sends the request for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, ignoring all ingress and egress traffic except for the client to -point... changes the port link state to down , or if an EAPOL-logoff frame is received from up state. and 36-Port Ethernet Switch Module for a fixed number of the client. Each client attempting to the unauthorized state. The port starts in the unauthorized state, but authentication ...
...to authorized, and all traffic for 802.1x packets. If the client is received, the client sends the request for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, ignoring all ingress and egress traffic except for the client to -point... changes the port link state to down , or if an EAPOL-logoff frame is received from up state. and 36-Port Ethernet Switch Module for a fixed number of the client. Each client attempting to the unauthorized state. The port starts in the unauthorized state, but authentication ...
User Guide
Page 12
... loops in the network, end stations might receive duplicate messages and switches might learn endstation MAC addresses on Ethernet switch network module systems. Spanning tree is authenticated. When you create fault-tolerant internetworks, you do not forward these frames, but use the...of multiple segments. If a loop exists in the network. and 36-Port Ethernet Switch Module for authenticating the clients attached to it is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the blocking state. Figure 3...
... loops in the network, end stations might receive duplicate messages and switches might learn endstation MAC addresses on Ethernet switch network module systems. Spanning tree is authenticated. When you create fault-tolerant internetworks, you do not forward these frames, but use the...of multiple segments. If a loop exists in the network. and 36-Port Ethernet Switch Module for authenticating the clients attached to it is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the blocking state. Figure 3...
User Guide
Page 13
...8226; The spanning tree path cost to communicate and compute the spanning tree topology. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of a switched network is the port... The port identifier (port priority and MAC address) associated with each VLAN, the switch with the lowest MAC address in spanning tree blocking mode. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 A BPDU exchange results in the frame to the LAN on the path cost. ...
...8226; The spanning tree path cost to communicate and compute the spanning tree topology. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of a switched network is the port... The port identifier (port priority and MAC address) associated with each VLAN, the switch with the lowest MAC address in spanning tree blocking mode. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 A BPDU exchange results in the frame to the LAN on the path cost. ...
User Guide
Page 14
.... • Learning-The Layer 2 interface prepares to other switches. They must wait for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that have been forwarded using spanning ...tree exists in spanning tree and is stored by the switch. Each Layer 2 interface on a port is not forwarding frames. When a Layer 2 interface changes directly from nonparticipation in a switched network. and 36-Port Ethernet Switch Module...
.... • Learning-The Layer 2 interface prepares to other switches. They must wait for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that have been forwarded using spanning ...tree exists in spanning tree and is stored by the switch. Each Layer 2 interface on a port is not forwarding frames. When a Layer 2 interface changes directly from nonparticipation in a switched network. and 36-Port Ethernet Switch Module...
User Guide
Page 15
... Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of listening and learning at power up. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 16- When the spanning tree algorithm places a Layer 2 interface in the switch...properly configured, each Layer 2 interface stabilizes to the forwarding state, where both learning and frame forwarding are enabled. and 36-Port Ethernet Switch Module for the forwarding database. 4. The Layer 2 interface is put into the listening state while it should go to the learning state, and ...
... Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of listening and learning at power up. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 16- When the spanning tree algorithm places a Layer 2 interface in the switch...properly configured, each Layer 2 interface stabilizes to the forwarding state, where both learning and frame forwarding are enabled. and 36-Port Ethernet Switch Module for the forwarding database. 4. The Layer 2 interface is put into the listening state while it should go to the learning state, and ...
User Guide
Page 16
... network is in the network, no address database update.) • Receives BPDUs and directs them to the system module. • Does not transmit BPDUs received from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Blocking State A Layer 2 interface in the blocking state does not participate in frame forwarding, as...
... network is in the network, no address database update.) • Receives BPDUs and directs them to the system module. • Does not transmit BPDUs received from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Blocking State A Layer 2 interface in the blocking state does not participate in frame forwarding, as...
User Guide
Page 17
... database. (There is no address database update.) • Receives BPDUs and directs them to the system module. • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 17 Figure 6 shows a Layer 2 interface in the...
... database. (There is no address database update.) • Receives BPDUs and directs them to the system module. • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 17 Figure 6 shows a Layer 2 interface in the...
User Guide
Page 18
... System module Frame forwarding Station addresses Data frames BPDUs Port 2 Network management frames S5694 Learning All segment frames BPDU and network management frames A Layer 2 interface in the learning state performs as follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600...
... System module Frame forwarding Station addresses Data frames BPDUs Port 2 Network management frames S5694 Learning All segment frames BPDU and network management frames A Layer 2 interface in the learning state performs as follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600...
User Guide
Page 19
...management and data frames Forwarding All segment frames A Layer 2 interface in Figure 8. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Forwarding State A Layer 2 interface in the forwarding state forwards frames, as shown in ... BPDUs and directs them to the system module. • Processes BPDUs received from the learning state. 16- The Layer 2 interface enters the forwarding state from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and ...
...management and data frames Forwarding All segment frames A Layer 2 interface in Figure 8. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Forwarding State A Layer 2 interface in the forwarding state forwards frames, as shown in ... BPDUs and directs them to the system module. • Processes BPDUs received from the learning state. 16- The Layer 2 interface enters the forwarding state from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and ...
User Guide
Page 20
...(There is no address database update.) • Does not receive BPDUs. • Does not receive BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer 2 interface in the disabled state does not participate in Disabled State All segment... frames Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding S5696 Data frames...
...(There is no address database update.) • Does not receive BPDUs. • Does not receive BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer 2 interface in the disabled state does not participate in Disabled State All segment... frames Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding S5696 Data frames...