User Guide
Page 1
.../DSCP mapping and rate limiting), security ACL, IGMP snooping, per-port storm control, and fallback bridging support for the 16- and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature History Release 12.2(2)XT 12.2(8)T 12.2(15)ZJ Modification This feature was integrated...
.../DSCP mapping and rate limiting), security ACL, IGMP snooping, per-port storm control, and fallback bridging support for the 16- and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature History Release 12.2(2)XT 12.2(8)T 12.2(15)ZJ Modification This feature was integrated...
User Guide
Page 2
The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. The 36-port Ethernet switch network module requires a double-wide slot. Switched connections between Layer 2 Ethernet segments....- or 36-port Ethernet switch network modules in Cisco AVVID Architecture, page 40 • Stacking, page 41 • Flow Control, page 41 • Fallback Bridging, page 42 Layer 2 Ethernet Interfaces Layer 2 Ethernet Switching Ethernet switch network modules support simultaneous, parallel connections between Ethernet segments last only ...
The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. The 36-port Ethernet switch network module requires a double-wide slot. Switched connections between Layer 2 Ethernet segments....- or 36-port Ethernet switch network modules in Cisco AVVID Architecture, page 40 • Stacking, page 41 • Flow Control, page 41 • Fallback Bridging, page 42 Layer 2 Ethernet Interfaces Layer 2 Ethernet Switching Ethernet switch network modules support simultaneous, parallel connections between Ethernet segments last only ...
User Guide
Page 3
...session receives full bandwidth. When packets can connect to a single workstation or server, or to 200 Mbps for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by all Ethernet interfaces: 802.1Q-...within the hub, and the bandwidth of multiple VLANs over a single link and allow you to extend VLANs across an entire network and supports only one or more information about EtherChannel, see the "Configuring Layer 2 EtherChannels (Port-Channel Logical Interfaces)" section on the aging timer...
...session receives full bandwidth. When packets can connect to a single workstation or server, or to 200 Mbps for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by all Ethernet interfaces: 802.1Q-...within the hub, and the bandwidth of multiple VLANs over a single link and allow you to extend VLANs across an entire network and supports only one or more information about EtherChannel, see the "Configuring Layer 2 EtherChannels (Port-Channel Logical Interfaces)" section on the aging timer...
User Guide
Page 5
...misconfigurations and configuration inconsistencies that maintains VLAN configuration consistency by software; Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 SVIs are created the first time that it does not support subinterfaces. The VLAN corresponds to the VLAN tag associated with ...you must be associated with the no switchport interface configuration command shuts the interface down and then reenables it is not supported). Caution Entering a no switchport interface configuration command. Routed ports can configure routing across SVIs. Only one interface to...
...misconfigurations and configuration inconsistencies that maintains VLAN configuration consistency by software; Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 SVIs are created the first time that it does not support subinterfaces. The VLAN corresponds to the VLAN tag associated with ...you must be associated with the no switchport interface configuration command shuts the interface down and then reenables it is not supported). Caution Entering a no switchport interface configuration command. Routed ports can configure routing across SVIs. Only one interface to...
User Guide
Page 7
... Mbps (Fast EtherChannel full duplex) between the network module and another switch or host. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you enter new information through the CLI or SNMP. EtherChannel load balancing can operate ... switch. (VTP version 2 is disabled by reducing part of the binary pattern formed from the addresses in the frame to its information is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in the same VTP domain as VLAN names and values) are not...
... Mbps (Fast EtherChannel full duplex) between the network module and another switch or host. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you enter new information through the CLI or SNMP. EtherChannel load balancing can operate ... switch. (VTP version 2 is disabled by reducing part of the binary pattern formed from the addresses in the frame to its information is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in the same VTP domain as VLAN names and values) are not...
User Guide
Page 8
...link in an EtherChannel to operate at the same speed and duplex mode. • Enable all modules support EtherChannel (maximum of eight interfaces) with different Spanning Tree Protocol (STP) port path costs can pass ...Cisco 3700 Series Use the option that interfaces be created. Understanding 802.1x Port-Based Authentication The IEEE 802.1x standard defines a client/server-based access control and authentication protocol that you shut down an interface in an EtherChannel. After authentication is a Switched Port Analyzer (SPAN) destination port. An EtherChannel supports...
...link in an EtherChannel to operate at the same speed and duplex mode. • Enable all modules support EtherChannel (maximum of eight interfaces) with different Spanning Tree Protocol (STP) port path costs can pass ...Cisco 3700 Series Use the option that interfaces be created. Understanding 802.1x Port-Based Authentication The IEEE 802.1x standard defines a client/server-based access control and authentication protocol that you shut down an interface in an EtherChannel. After authentication is a Switched Port Analyzer (SPAN) destination port. An EtherChannel supports...
User Guide
Page 9
...The client is the supplicant in the RADIUS format. In this URL: http://support.microsoft.com/support/kb/articles/Q303/5/97.ASP • Authentication server-performs the actual authentication of the client. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 9 The switch includes... to the client. Figure 1 802.1x Device Roles Authentication server (RADIUS) 88852 Workstation (client) Cisco router with Ethernet switch network module • Client-the device (workstation) that information with the authentication server. The devices that supports the RADIUS client and 802.1x.
...The client is the supplicant in the RADIUS format. In this URL: http://support.microsoft.com/support/kb/articles/Q303/5/97.ASP • Authentication server-performs the actual authentication of the client. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 9 The switch includes... to the client. Figure 1 802.1x Device Roles Authentication server (RADIUS) 88852 Workstation (client) Cisco router with Ethernet switch network module • Client-the device (workstation) that information with the authentication server. The devices that supports the RADIUS client and 802.1x.
User Guide
Page 10
... authentication succeeds, the switch port becomes authorized. Figure 2 Client Message Exchange Cisco router with a RADIUS server. It then sends an EAP-request/identity frame to the client to request its role as if the port is not enabled or supported on page 11. If the client does not receive an EAP-request...
... authentication succeeds, the switch port becomes authorized. Figure 2 Client Message Exchange Cisco router with a RADIUS server. It then sends an EAP-request/identity frame to the client to request its role as if the port is not enabled or supported on page 11. If the client does not receive an EAP-request...
User Guide
Page 11
... requests the identity of the port changes from up state. If the authentication server cannot be reached, the switch can be retried. Supported Topologies The 802.1x port-based authentication is received, the port returns to the unauthorized state. If a client leaves or is not... normal traffic without any authentication exchange required. If no response is granted access to authorized, and all traffic for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, ignoring all ingress and egress traffic except for a fixed number...
... requests the identity of the port changes from up state. If the authentication server cannot be reached, the switch can be retried. Supported Topologies The 802.1x port-based authentication is received, the port returns to the unauthorized state. If a client leaves or is not... normal traffic without any authentication exchange required. If no response is granted access to authorized, and all traffic for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, ignoring all ingress and egress traffic except for a fixed number...
User Guide
Page 24
CDP allows network management applications to a multicast address. Each CDP-configured device sends periodic messages to discover Cisco devices that support Subnetwork Access Protocol (SNAP). You can configure source interfaces in particular, neighbors running lower-layer, transparent... does not forward any VLAN. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Cisco Discovery Protocol Cisco Discovery Protocol (CDP) is an interface monitored for all Cisco routers, bridges, access servers, and switches. You cannot configure a SPAN...
CDP allows network management applications to a multicast address. Each CDP-configured device sends periodic messages to discover Cisco devices that support Subnetwork Access Protocol (SNAP). You can configure source interfaces in particular, neighbors running lower-layer, transparent... does not forward any VLAN. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Cisco Discovery Protocol Cisco Discovery Protocol (CDP) is an interface monitored for all Cisco routers, bridges, access servers, and switches. You cannot configure a SPAN...
User Guide
Page 25
...destination interface d1. Network Security with nontrunk source interfaces; Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 25 and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be configured as ... When you specify multiple SPAN source interfaces, the interfaces can belong to different VLANs. • Monitoring of VLANs is not supported. SPAN Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring SPAN: • Enter the no monitor session session number...
...destination interface d1. Network Security with nontrunk source interfaces; Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 25 and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be configured as ... When you specify multiple SPAN source interfaces, the interfaces can belong to different VLANs. • Monitoring of VLANs is not supported. SPAN Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring SPAN: • Enter the no monitor session session number...
User Guide
Page 26
...all packets passing through a switch and permit or deny packets from accessing the same part. An ACL contains an ordered list of the network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26 ACLs can use ACLs to decide which the ACL is received on that interface ...operations. • Extended IP access lists use by one host to access a part of a network or to allow one . The Ethernet switch network module supports IP ACLs to prevent another host from crossing specified interfaces. For example, you can use ACLs to control which hosts can allow Host A to access...
...all packets passing through a switch and permit or deny packets from accessing the same part. An ACL contains an ordered list of the network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26 ACLs can use ACLs to decide which the ACL is received on that interface ...operations. • Extended IP access lists use by one host to access a part of a network or to allow one . The Ethernet switch network module supports IP ACLs to prevent another host from crossing specified interfaces. For example, you can use ACLs to control which hosts can allow Host A to access...
User Guide
Page 29
All other combinations of the packet contents or size. Guidelines for ACL configurations on page 28. therefore, a Ethernet switch network module supports this ACL. • Only four user-defined masks can be implemented on a switch Quality of Service Quality of service (QoS) but you ... permit tcp any any or deny udp any any cannot precede a Layer 3 user-defined mask such as you can be defined for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note In an IP extended ACL (both named and numbered), a Layer 4 system-defined mask cannot precede a ...
All other combinations of the packet contents or size. Guidelines for ACL configurations on page 28. therefore, a Ethernet switch network module supports this ACL. • Only four user-defined masks can be implemented on a switch Quality of Service Quality of service (QoS) but you ... permit tcp any any or deny udp any any cannot precede a Layer 3 user-defined mask such as you can be defined for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note In an IP extended ACL (both named and numbered), a Layer 4 system-defined mask cannot precede a ...
User Guide
Page 30
... Task Force (IETF). Other frame types cannot carry Layer 2 CoS values. The supported DSCP values are called the User Priority bits. Classification can carry a Differentiated Services Code Point (DSCP) value. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 30 Figure 14 QoS Classification...byte Tag Control Information field that carries the CoS value in the three most-significant bits, which means that each packet is not supported in this release is in 802.1Q frames except for traffic in Frames and Packets Encapsulated Packet Layer 2 header IP header Data Layer...
... Task Force (IETF). Other frame types cannot carry Layer 2 CoS values. The supported DSCP values are called the User Priority bits. Classification can carry a Differentiated Services Code Point (DSCP) value. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 30 Figure 14 QoS Classification...byte Tag Control Information field that carries the CoS value in the three most-significant bits, which means that each packet is not supported in this release is in 802.1Q frames except for traffic in Frames and Packets Encapsulated Packet Layer 2 header IP header Data Layer...
User Guide
Page 31
...function as a Layer 2 switch connected to a Layer 3 router. When a packet enters the Layer 2 engine directly from a switch port, it is not supported on the Fast Ethernet ports. Table 6 summarizes the queues, CoS values, and weights for Layer 2 QoS on the dot1p value in your network, and ... -end QoS solution. Any voice bearer packets that come in from another. Table 6 Queues, CoS values, and Weights for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note Layer 3 IPv6 packets are placed into one kind of four queues in the packet can construct an...
...function as a Layer 2 switch connected to a Layer 3 router. When a packet enters the Layer 2 engine directly from a switch port, it is not supported on the Fast Ethernet ports. Table 6 summarizes the queues, CoS values, and weights for Layer 2 QoS on the dot1p value in your network, and ... -end QoS solution. Any voice bearer packets that come in from another. Table 6 Queues, CoS values, and Weights for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note Layer 3 IPv6 packets are placed into one kind of four queues in the packet can construct an...
User Guide
Page 32
... no QoS processing occurs on the packet. • If multiple ACLs are marked or changed accordingly. Classification Based on page 34. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 32 The result of traffic. Actions at the egress interface include queueing and scheduling...with the same characteristics (class). Classification occurs only on their configured WRR weights. Based on the ACL. No support exists for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series • Policing determines whether a packet is out of profile based on the CoS, determines into ...
... no QoS processing occurs on the packet. • If multiple ACLs are marked or changed accordingly. Classification Based on page 34. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 32 The result of traffic. Actions at the egress interface include queueing and scheduling...with the same characteristics (class). Classification occurs only on their configured WRR weights. Based on the ACL. No support exists for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series • Policing determines whether a packet is out of profile based on the CoS, determines into ...
User Guide
Page 33
...configuration mode. Actions can also contain commands that uses the permit tcp any any ACE and another class map and use of profile. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 33 and 36-port Ethernet switch network modules. • System-defined masks... policy-map configuration command and the police policy-map class configuration command. After a packet is not supported in class maps with actions specified for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • Configuration of a deny action is matched against a specific traffic flow...
...configuration mode. Actions can also contain commands that uses the permit tcp any any ACE and another class map and use of profile. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 33 and 36-port Ethernet switch network modules. • System-defined masks... policy-map configuration command and the police policy-map class configuration command. After a packet is not supported in class maps with actions specified for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • Configuration of a deny action is matched against a specific traffic flow...
User Guide
Page 34
...values range from 0 for low priority to each type of profile or nonconforming. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series A policy map also has these classification options: • Trust the IP DSCP in the incoming packet, and...bandwidth limits specified in the policer separately to 7 for packets that is meaningless for the average burst rate is configurable. The supported DSCP values are supported on a physical port. There is received, the switch assigns the default port CoS value and classifies traffic based on page ...
...values range from 0 for low priority to each type of profile or nonconforming. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series A policy map also has these classification options: • Trust the IP DSCP in the incoming packet, and...bandwidth limits specified in the policer separately to 7 for packets that is meaningless for the average burst rate is configurable. The supported DSCP values are supported on a physical port. There is received, the switch assigns the default port CoS value and classifies traffic based on page ...
User Guide
Page 35
... Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • On an interface configured for QoS, all VLANs received through the interface is supported. For configuration information, see the "Configuring CoS Maps" section on Ethernet switch network modules. This feature also provides support...The product of the number of multicast groups and the number of multicast groups. Mapping Tables The Ethernet switch network modules support these types of VLAN and Multicast Groups The maximum number is classified, policed, and marked according to the policy map ...
... Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • On an interface configured for QoS, all VLANs received through the interface is supported. For configuration information, see the "Configuring CoS Maps" section on Ethernet switch network modules. This feature also provides support...The product of the number of multicast groups and the number of multicast groups. Mapping Tables The Ethernet switch network modules support these types of VLAN and Multicast Groups The maximum number is classified, policed, and marked according to the policy map ...
User Guide
Page 36
... snooping are added to all VLANs. The switch learns of 255 IP multicast groups and support both user-defined and IGMP snooping-learned settings. Immediate-Leave processing ensures optimal bandwidth management for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series associated multicast forwarding table entry. The switch responds to the router queries...
... snooping are added to all VLANs. The switch learns of 255 IP multicast groups and support both user-defined and IGMP snooping-learned settings. Immediate-Leave processing ensures optimal bandwidth management for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series associated multicast forwarding table entry. The switch responds to the router queries...