User Guide
Page 1
... Tasks, page 46 • Configuration Examples for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. 16- This feature module describes the 16- and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for the 16- and 36-Port Ethernet Switch Module, page 130 • Command Reference, page 157...
... Tasks, page 46 • Configuration Examples for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. 16- This feature module describes the 16- and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for the 16- and 36-Port Ethernet Switch Module, page 130 • Command Reference, page 157...
User Guide
Page 2
... a server or as a stacking link to another 16- New connections can be added to configure the 16- or 36-port Ethernet switch network modules in Cisco AVVID Architecture, page 40 • Stacking, page 41 • Flow Control, page 41 • Fallback Bridging, page 42 Layer 2 Ethernet ...40 • Port Security, page 40 • Ethernet Switching in the same system. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to provide inline power for the next packet. The 36-port Ethernet switch...
... a server or as a stacking link to another 16- New connections can be added to configure the 16- or 36-port Ethernet switch network modules in Cisco AVVID Architecture, page 40 • Stacking, page 41 • Flow Control, page 41 • Fallback Bridging, page 42 Layer 2 Ethernet ...40 • Port Security, page 40 • Ethernet Switching in the same system. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to provide inline power for the next packet. The 36-port Ethernet switch...
User Guide
Page 3
..., the switch adds its address table, it floods the frame to 200 Mbps for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large number of all other ...between interfaces efficiently, the switch maintains an address table. 16- Switching Frames Between Segments Each Ethernet interface on an Ethernet switch network module can configure a trunk on a single Ethernet interface or on which workstations or servers connect to ensure that uses a significant level ...
..., the switch adds its address table, it floods the frame to 200 Mbps for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large number of all other ...between interfaces efficiently, the switch maintains an address table. 16- Switching Frames Between Segments Each Ethernet interface on an Ethernet switch network module can configure a trunk on a single Ethernet interface or on which workstations or servers connect to ensure that uses a significant level ...
User Guide
Page 4
... Ethernet Switch Module for the specific VLAN. The interface will travel on the trunks. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines ...VLAN on both ends of 802.1Q switches that your network is treated as broken and block traffic for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Layer 2 Interface Modes Switchport mode access puts the interface into permanent trunking mode. The 802....
... Ethernet Switch Module for the specific VLAN. The interface will travel on the trunks. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines ...VLAN on both ends of 802.1Q switches that your network is treated as broken and block traffic for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Layer 2 Interface Modes Switchport mode access puts the interface into permanent trunking mode. The 802....
User Guide
Page 5
....) The number of VLANs within a VTP domain. Furthermore, when you want to permit remote switch administration. and 36-Port Ethernet Switch Module for which might have an impact on the device to put the interface into Layer 3 mode with a Layer 3 routing protocol. Configure... a VLAN interface for each VLAN for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of switch ports as is not...
....) The number of VLANs within a VTP domain. Furthermore, when you want to permit remote switch administration. and 36-Port Ethernet Switch Module for which might have an impact on the device to put the interface into Layer 3 mode with a Layer 3 routing protocol. Configure... a VLAN interface for each VLAN for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of switch ports as is not...
User Guide
Page 6
... update their trunk interfaces. If you configure the switch as VTP transparent, you make global VLAN configuration changes for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is propagated to a reserved multicast address..., you can create, modify, and delete VLANs and specify other switches based on received advertisements. and 36-Port Ethernet Switch Module for the domain using IEEE 802.1Q encapsulation. The following global configuration information is specified or learned. Feature Overview 16- A...
... update their trunk interfaces. If you configure the switch as VTP transparent, you make global VLAN configuration changes for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is propagated to a reserved multicast address..., you can create, modify, and delete VLANs and specify other switches based on received advertisements. and 36-Port Ethernet Switch Module for the domain using IEEE 802.1Q encapsulation. The following global configuration information is specified or learned. Feature Overview 16- A...
User Guide
Page 7
...TLV) Support-A VTP server or client propagates configuration changes to its information is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in transparent mode, without consistency checks. When ... Mode-In VTP version 1, a VTP transparent switch inspects VTP messages for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you use VTP in your ... reducing part of up to 1600 Mbps (Fast EtherChannel full duplex) between the network module and another switch or host. If the digest on the switch. The selected mode ...
...TLV) Support-A VTP server or client propagates configuration changes to its information is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in transparent mode, without consistency checks. When ... Mode-In VTP version 1, a VTP transparent switch inspects VTP messages for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you use VTP in your ... reducing part of up to 1600 Mbps (Fast EtherChannel full duplex) between the network module and another switch or host. If the digest on the switch. The selected mode ...
User Guide
Page 8
... a client/server-based access control and authentication protocol that interfaces be created. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 8 and 36-Port Ethernet Switch Module for the formation of VLANs is successful, normal traffic can form an EtherChannel as...authentication server authenticates each client connected to hotels, airports, and corporate lobbies, insecure environments could be physically contiguous or on the same module. • Configure all interfaces in an EtherChannel to avoid configuration problems: • All Ethernet interfaces on a channel is going ...
... a client/server-based access control and authentication protocol that interfaces be created. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 8 and 36-Port Ethernet Switch Module for the formation of VLANs is successful, normal traffic can form an EtherChannel as...authentication server authenticates each client connected to hotels, airports, and corporate lobbies, insecure environments could be physically contiguous or on the same module. • Configure all interfaces in an EtherChannel to avoid configuration problems: • All Ethernet interfaces on a channel is going ...
User Guide
Page 9
... Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 9 16- Figure 1 802.1x Device Roles Authentication server (RADIUS) 88852 Workstation (client) Cisco router with Ethernet switch network module • Client-the device (workstation) that information with the authentication server. The authentication server validates the identity of the client. The switch includes the RADIUS...
... Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 9 16- Figure 1 802.1x Device Roles Authentication server (RADIUS) 88852 Workstation (client) Cisco router with Ethernet switch network module • Client-the device (workstation) that information with the authentication server. The authentication server validates the identity of the client. The switch includes the RADIUS...
User Guide
Page 10
... determines that the client has been successfully authenticated. For more information, see the "Ports in the authorized state. Figure 2 Client Message Exchange Cisco router with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success RADIUS Access-Request RADIUS...
... determines that the client has been successfully authenticated. For more information, see the "Ports in the authorized state. Figure 2 Client Message Exchange Cisco router with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success RADIUS Access-Request RADIUS...
User Guide
Page 11
...state. The port starts in the authorized state. If a client that is received, the client sends the request for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, but authentication can be reached, the switch can retransmit the request...not running 802.1x, the client initiates the authentication process by using the client's MAC address. 16- and 36-Port Ethernet Switch Module for a fixed number of the client and begins relaying authentication messages between the client and the authentication server. When a client is...
...state. The port starts in the authorized state. If a client that is received, the client sends the request for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, but authentication can be reached, the switch can retransmit the request...not running 802.1x, the client initiates the authentication process by using the client's MAC address. 16- and 36-Port Ethernet Switch Module for a fixed number of the client and begins relaying authentication messages between the client and the authentication server. When a client is...
User Guide
Page 12
...network. The spanning tree algorithm calculates the best loop-free path throughout a switched Layer 2 network. If a loop exists in a network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 Feature Overview 16- If the port becomes unauthorized (reauthentication fails or an EAPOL-...represents the location of the attached clients. Switches send and receive spanning tree frames at regular intervals. and 36-Port Ethernet Switch Module for authenticating the clients attached to all of an interface in the blocking state. The switches do not manually disable STP). ...
...network. The spanning tree algorithm calculates the best loop-free path throughout a switched Layer 2 network. If a loop exists in a network. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 Feature Overview 16- If the port becomes unauthorized (reauthentication fails or an EAPOL-...represents the location of the attached clients. Switches send and receive spanning tree frames at regular intervals. and 36-Port Ethernet Switch Module for authenticating the clients attached to all of an interface in the blocking state. The switches do not manually disable STP). ...
User Guide
Page 13
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of a switched network is determined by the following: • The unique ... to be the root switch • The spanning tree path cost to the root bridge. • Ports included in the VLAN becomes the root switch. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 This is the switch closest to the root bridge through which the frame is the...
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of a switched network is determined by the following: • The unique ... to be the root switch • The spanning tree path cost to the root bridge. • Ports included in the VLAN becomes the root switch. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 This is the switch closest to the root bridge through which the frame is the...
User Guide
Page 14
...tree and is stored by the switch. Spanning Tree Port States Propagation delays can create temporary data loops. and 36-Port Ethernet Switch Module for frames that the Layer 2 interface should participate in frame forwarding. • Learning-The Layer 2 interface prepares to other switches.... Ports must allow the frame lifetime to expire for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that affect the entire spanning tree performance: Table 2 STP Timers...
...tree and is stored by the switch. Spanning Tree Port States Propagation delays can create temporary data loops. and 36-Port Ethernet Switch Module for frames that the Layer 2 interface should participate in frame forwarding. • Learning-The Layer 2 interface prepares to other switches.... Ports must allow the frame lifetime to expire for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that affect the entire spanning tree performance: Table 2 STP Timers...
User Guide
Page 15
...waits for the forward delay timer to expire, moves the Layer 2 interface to the forwarding or blocking state. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 If properly configured, each Layer 2 interface stabilizes ...Layer 2 interface waits for protocol information that suggests that it learns end station location information for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the...forwarding are enabled. 16- and 36-Port Ethernet Switch Module for the forwarding database. 4.
...waits for the forward delay timer to expire, moves the Layer 2 interface to the forwarding or blocking state. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 If properly configured, each Layer 2 interface stabilizes ...Layer 2 interface waits for protocol information that suggests that it learns end station location information for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the...forwarding are enabled. 16- and 36-Port Ethernet Switch Module for the forwarding database. 4.
User Guide
Page 16
... State A Layer 2 interface in the blocking state does not participate in the switch. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 16 A port always enters the blocking state following switch initialization. and 36-Port Ethernet Switch Module for forwarding. • Does not incorporate end station location into its address database...
... State A Layer 2 interface in the blocking state does not participate in the switch. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 16 A port always enters the blocking state following switch initialization. and 36-Port Ethernet Switch Module for forwarding. • Does not incorporate end station location into its address database...
User Guide
Page 17
...Interface 2 in Listening State All segment frames Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding Data frames BPDUs Port 2 Network management frames S5693 Listening All segment frames BPDU and network management frames A Layer ...update.) • Receives BPDUs and directs them to the system module. • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 17 16...
...Interface 2 in Listening State All segment frames Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding Data frames BPDUs Port 2 Network management frames S5693 Listening All segment frames BPDU and network management frames A Layer ...update.) • Receives BPDUs and directs them to the system module. • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 17 16...
User Guide
Page 18
Figure 7 shows a Layer 2 interface in frame forwarding. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 18 Feature Overview 16- Figure 7 Interface 2 in Learning State All segment frames Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding Station addresses Data frames BPDUs Port 2 Network management...
Figure 7 shows a Layer 2 interface in frame forwarding. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 18 Feature Overview 16- Figure 7 Interface 2 in Learning State All segment frames Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding Station addresses Data frames BPDUs Port 2 Network management...
User Guide
Page 19
... 1 BPDUs Network management and data frames Filtering database System module Frame forwarding S5695 Station addresses BPDUs Port 2 Network management and data frames Forwarding All segment frames A Layer 2 interface in Figure 8. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ ...19 The Layer 2 interface enters the forwarding state from the system module. • Receives and responds to network management messages. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Forwarding State A Layer 2 interface in the...
... 1 BPDUs Network management and data frames Filtering database System module Frame forwarding S5695 Station addresses BPDUs Port 2 Network management and data frames Forwarding All segment frames A Layer 2 interface in Figure 8. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ ...19 The Layer 2 interface enters the forwarding state from the system module. • Receives and responds to network management messages. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Forwarding State A Layer 2 interface in the...
User Guide
Page 20
... are used as follows: • Discards frames received from the attached segment. • Discards frames switched from the system module. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer 2 interface in the disabled state does not participate in frame forwarding or spanning tree, as...
... are used as follows: • Discards frames received from the attached segment. • Discards frames switched from the system module. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer 2 interface in the disabled state does not participate in frame forwarding or spanning tree, as...