User Guide
Page 4
...-Port Ethernet Switch Module for the specific VLAN. Disabling spanning tree on the VLAN of an 802.1Q trunk or that you disable spanning tree on the trunks. 802.1Q switches that are not Cisco switches. Cisco recommends that are not Cisco switches, maintain only one end of....1Q switch. Switchport mode trunk puts the interface into nontrunking mode. However, spanning tree information for each VLAN is maintained by Cisco switches separated by a Cisco switch mark the line as a single trunk link between the switches. Inconsistencies detected by a cloud of the trunk link. Layer...
...-Port Ethernet Switch Module for the specific VLAN. Disabling spanning tree on the VLAN of an 802.1Q trunk or that you disable spanning tree on the trunks. 802.1Q switches that are not Cisco switches. Cisco recommends that are not Cisco switches, maintain only one end of....1Q switch. Switchport mode trunk puts the interface into nontrunking mode. However, spanning tree information for each VLAN is maintained by Cisco switches separated by a Cisco switch mark the line as a single trunk link between the switches. Inconsistencies detected by a cloud of the trunk link. Layer...
User Guide
Page 5
...characteristics configured on one interface to the routing or bridging function in a number of problems, such as is created for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of switch ports as one... Module for the default VLAN (VLAN 1) to the VLAN tag associated with a particular VLAN, as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. By default, an SVI is an access port. You can result in the system. SVIs are interconnected with a ...
...characteristics configured on one interface to the routing or bridging function in a number of problems, such as is created for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of switch ports as one... Module for the default VLAN (VLAN 1) to the VLAN tag associated with a particular VLAN, as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. By default, an SVI is an access port. You can result in the system. SVIs are interconnected with a ...
User Guide
Page 9
... in a client/server model in which is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Device Roles With 802.1x port-based authentication, the devices in the network have specific roles as shown in the IEEE 802.1x specification.) Note To resolve Windows XP network connectivity and 802.1x...
... in a client/server model in which is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Device Roles With 802.1x port-based authentication, the devices in the network have specific roles as shown in the IEEE 802.1x specification.) Note To resolve Windows XP network connectivity and 802.1x...
User Guide
Page 10
...its identity (typically, the switch sends an initial identity/request frame followed by one or more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by sending an .... Figure 2 shows a message exchange initiated by using the One-Time-Password (OTP) authentication method with a RADIUS server. The specific exchange of the frame, the client responds with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response...
...its identity (typically, the switch sends an initial identity/request frame followed by one or more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by sending an .... Figure 2 shows a message exchange initiated by using the One-Time-Password (OTP) authentication method with a RADIUS server. The specific exchange of the frame, the client responds with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response...
User Guide
Page 22
...you want spanning tree to the root switch. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that a link to the root switch). If the inferior BPDU arrives...Figure 10 BackboneFast Example Before Indirect Link Failure Switch A (Root) Switch B L1 L2 L3 Blocked port Switch C 44963 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 22 If the switch has alternate paths to the root switch, ... port and uses VLAN port cost values when the interface is media-specific). Feature Overview 16-
...you want spanning tree to the root switch. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that a link to the root switch). If the inferior BPDU arrives...Figure 10 BackboneFast Example Before Indirect Link Failure Switch A (Root) Switch B L1 L2 L3 Blocked port Switch C 44963 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 22 If the switch has alternate paths to the root switch, ... port and uses VLAN port cost values when the interface is media-specific). Feature Overview 16-
User Guide
Page 28
...There are no restrictions on the IP subnet to be configured on the Telnet port. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they do not match the second ACE because they are missing Layer 4 information. ... Layer 3 and Layer 4 information is from host 10.2.2.2, port 65001, going to reassemble the packet. • Fragmented packet C is present. The specific values associated with a given mask are referred to as it tries to host 10.1.1.3, port FTP. There are no restrictions on which you must have...
...There are no restrictions on the IP subnet to be configured on the Telnet port. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they do not match the second ACE because they are missing Layer 4 information. ... Layer 3 and Layer 4 information is from host 10.2.2.2, port 65001, going to reassemble the packet. • Fragmented packet C is present. The specific values associated with a given mask are referred to as it tries to host 10.1.1.3, port FTP. There are no restrictions on which you must have...
User Guide
Page 30
...16, 18, 24, 26, 32, 34, 40, 46, 48, and 56. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 30 The QoS implementation for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding Quality of being delivered in the Layer 2 frame. Other frame types cannot... Task Force (IETF). Implementing QoS in your switch, you can also be carried in a timely manner. Classification can select specific network traffic, prioritize it according to its relative importance, and use congestion-management and congestion-avoidance techniques to provide preferential treatment....
...16, 18, 24, 26, 32, 34, 40, 46, 48, and 56. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 30 The QoS implementation for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding Quality of being delivered in the Layer 2 frame. Other frame types cannot... Task Force (IETF). Implementing QoS in your switch, you can also be carried in a timely manner. Classification can select specific network traffic, prioritize it according to its relative importance, and use congestion-management and congestion-avoidance techniques to provide preferential treatment....
User Guide
Page 33
...and 36-Port Ethernet Switch Module for each one type of profile. A policy might contain multiple classes with actions specified for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • Configuration of a policy map. - You create a class map by using the class policy-... has been defined with these restrictions: - This policy is shared among many ports. Classification Based on . If you can include setting a specific DSCP value in class maps with the ACL, you use to classify, you have a class map that uses the permit tcp any any ACE...
...and 36-Port Ethernet Switch Module for each one type of profile. A policy might contain multiple classes with actions specified for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • Configuration of a policy map. - You create a class map by using the class policy-... has been defined with these restrictions: - This policy is shared among many ports. Classification Based on . If you can include setting a specific DSCP value in class maps with the ACL, you use to classify, you have a class map that uses the permit tcp any any ACE...
User Guide
Page 35
...egress queue depending on page 96. The CoS-to-DSCP and DSCP-to -COS mapping is less than or equal to those interfaces associated with a specific VLAN ID egressing from the CPU to trust either CoS or DSCP, but not both at the same time. For configuration information, see the "... member ports. When the switch receives an IGMP join report from the internal DSCP value. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • On an interface configured for 10 VLANs and 20 groups would be configured on the egress interface...
...egress queue depending on page 96. The CoS-to-DSCP and DSCP-to -COS mapping is less than or equal to those interfaces associated with a specific VLAN ID egressing from the CPU to trust either CoS or DSCP, but not both at the same time. For configuration information, see the "... member ports. When the switch receives an IGMP join report from the internal DSCP value. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • On an interface configured for 10 VLANs and 20 groups would be configured on the egress interface...
User Guide
Page 38
...forwards IP multicast group traffic to those hosts listed in the forwarding table for that interface are interested in traffic for the specific multicast group. Global Storm-Control Global storm-control prevents switchports on one of the interfaces. When hosts need to these ... the group for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 17 Second Host Joining a Multicast Group Cisco router with one host in the network configuration can send a leave message. When the switch receives a leave message from a VLAN, it sends out a group-specific query to the VLAN...
...forwards IP multicast group traffic to those hosts listed in the forwarding table for that interface are interested in traffic for the specific multicast group. Global Storm-Control Global storm-control prevents switchports on one of the interfaces. When hosts need to these ... the group for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 17 Second Host Joining a Multicast Group Cisco router with one host in the network configuration can send a leave message. When the switch receives a leave message from a VLAN, it sends out a group-specific query to the VLAN...
User Guide
Page 40
...to small branch offices. Instead of the total available bandwidth that make it an ideal choice for extending Cisco AVVID (Architecture for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Per-Port Storm-Control A packet storm occurs when a large number of broadcast, unicast, ...the port is a section describing the default settings on your network. Also included is different from a specific host based on a port. Ethernet Switching in Cisco AVVID Architecture This section describes the Ethernet switching capabilities of the concepts involved in a branch office on the...
...to small branch offices. Instead of the total available bandwidth that make it an ideal choice for extending Cisco AVVID (Architecture for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Per-Port Storm-Control A packet storm occurs when a large number of broadcast, unicast, ...the port is a section describing the default settings on your network. Also included is different from a specific host based on a port. Ethernet Switching in Cisco AVVID Architecture This section describes the Ethernet switching capabilities of the concepts involved in a branch office on the...
User Guide
Page 43
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 19 Fallback Bridging Network Example Cisco router with Ethernet switch network module Routed port 172.20.130.1 Host C 172.20.128.1 SVI 1 Host A SVI 2 172...8226; Voice connectivity over data applications • IPSEC, ACL, VPN and Firewall options • New broadband WAN options The Interface Range Specification feature makes configuration easier for these reasons: • Identical commands can be entered once for each interface. • Interface ranges can be...
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 19 Fallback Bridging Network Example Cisco router with Ethernet switch network module Routed port 172.20.130.1 Host C 172.20.128.1 SVI 1 Host A SVI 2 172...8226; Voice connectivity over data applications • IPSEC, ACL, VPN and Firewall options • New broadband WAN options The Interface Range Specification feature makes configuration easier for these reasons: • Identical commands can be entered once for each interface. • Interface ranges can be...
User Guide
Page 53
...the VLAN database, propagates it throughout the administrative domain, and returns to 1005. When you delete a VLAN from a switch that specific switch. To delete a VLAN from all switches in VTP transparent mode, the VLAN is in the VTP domain. 16- and 36... to privileged EXEC mode. Adds an Ethernet VLAN. Purpose Enters VLAN configuration mode. You cannot delete the default VLANs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Configuring VLANs To configure an Ethernet Interface as a Layer 2 access, use the following commands beginning...
...the VLAN database, propagates it throughout the administrative domain, and returns to 1005. When you delete a VLAN from a switch that specific switch. To delete a VLAN from all switches in VTP transparent mode, the VLAN is in the VTP domain. 16- and 36... to privileged EXEC mode. Adds an Ethernet VLAN. Purpose Enters VLAN configuration mode. You cannot delete the default VLANs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Configuring VLANs To configure an Ethernet Interface as a Layer 2 access, use the following commands beginning...
User Guide
Page 62
... server parameters on the same RADIUS server are identified by their host name or IP address, host name and specific UDP port numbers, or IP address and specific UDP port numbers. Beginning in the order that they were configured. To disable AAA, use the no aaa authentication... dot1x {default | list-name} method1 [method2...] global configuration command. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 62 To...
... server parameters on the same RADIUS server are identified by their host name or IP address, host name and specific UDP port numbers, or IP address and specific UDP port numbers. Beginning in the order that they were configured. To disable AAA, use the no aaa authentication... dot1x {default | list-name} method1 [method2...] global configuration command. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 62 To...
User Guide
Page 65
... -config startup-config Purpose Enters global configuration mode. Sets the number of times that the switch waits for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Note You should change the default value of this command only to the default retransmission ..., use the no dot1x max-req global configuration command. To return to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers. Note You should change the default value of this command only to -client frame...
... -config startup-config Purpose Enters global configuration mode. Sets the number of times that the switch waits for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Note You should change the default value of this command only to the default retransmission ..., use the no dot1x max-req global configuration command. To return to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers. Note You should change the default value of this command only to -client frame...
User Guide
Page 66
... (clients) on page 12. Beginning in privileged EXEC mode, follow these steps to reset the 802.1x configuration to auto for a specific interface, use the show dot1x copy running -config startup-config Purpose Enters global configuration mode. Make sure that has the dot1x port-control....1x-enabled port as shown in the configuration file. Returns to the default values. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 66 and 36-Port Ethernet Switch Module for a specific interface, use the show dot1x interface interface-id copy running -config startup-config Purpose ...
... (clients) on page 12. Beginning in privileged EXEC mode, follow these steps to reset the 802.1x configuration to auto for a specific interface, use the show dot1x copy running -config startup-config Purpose Enters global configuration mode. Make sure that has the dot1x port-control....1x-enabled port as shown in the configuration file. Returns to the default values. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 66 and 36-Port Ethernet Switch Module for a specific interface, use the show dot1x interface interface-id copy running -config startup-config Purpose ...
User Guide
Page 76
...WS-C4003 2/47 JAB03130104 Fas 5/9 152 T S WS-C4003 2/48 Monitoring and Maintaining CDP To monitor and maintain CDP on a specific interface and can be limited to provide more of information about neighbors. Configuring Switched Port Analyzer • Specifying the Switched Port Analyzer ... 77 • Removing Sources or Destinations from a SPAN Session, page 77 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 76 Router, T - Trans Bridge, B - Verifies information about a specific neighbor. and 36-Port Ethernet Switch Module for packets being transmitted. Switch, ...
...WS-C4003 2/47 JAB03130104 Fas 5/9 152 T S WS-C4003 2/48 Monitoring and Maintaining CDP To monitor and maintain CDP on a specific interface and can be limited to provide more of information about neighbors. Configuring Switched Port Analyzer • Specifying the Switched Port Analyzer ... 77 • Removing Sources or Destinations from a SPAN Session, page 77 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 76 Router, T - Trans Bridge, B - Verifies information about a specific neighbor. and 36-Port Ethernet Switch Module for packets being transmitted. Switch, ...
User Guide
Page 80
Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Creating a Numbered Standard ACL Beginning in the configuration file. access-list access-list-number {deny | permit | Defines a ...create a numbered standard ACL: Step 1 Step 2 Step 3 Step 4 Step 5 Command Purpose configure terminal Enters global configuration mode. Some protocols also have specific parameters and keywords that it did not find a match for finer granularity of 0.0.0.0 255.255.255.255. These IP protocols are supported (protocol keywords are...
Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Creating a Numbered Standard ACL Beginning in the configuration file. access-list access-list-number {deny | permit | Defines a ...create a numbered standard ACL: Step 1 Step 2 Step 3 Step 4 Step 5 Command Purpose configure terminal Enters global configuration mode. Some protocols also have specific parameters and keywords that it did not find a match for finer granularity of 0.0.0.0 255.255.255.255. These IP protocols are supported (protocol keywords are...
User Guide
Page 81
... the minimize-monetary-cost type of service (TOS) bit. It also does not support filtering based on the specific keywords relative to each protocol type. No support for Cisco IOS Release 12.2. You cannot reorder the list or selectively add or remove ACEs from a numbered list. and... 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Supported parameters can be grouped into these categories: • TCP • UDP Table 12 lists the...
... the minimize-monetary-cost type of service (TOS) bit. It also does not support filtering based on the specific keywords relative to each protocol type. No support for Cisco IOS Release 12.2. You cannot reorder the list or selectively add or remove ACEs from a numbered list. and... 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Supported parameters can be grouped into these categories: • TCP • UDP Table 12 lists the...
User Guide
Page 85
...to one reason you can go before the associated permit or deny statements and some remarks before or after the associated statements. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 85 However, you omit the mask from a named ACL. You should...or Layer 3 interface: Step 1 Step 2 Step 3 Step 4 Command Purpose configure terminal Enters global configuration mode. interface interface-id Identifies a specific interface for network interfaces. After you must be the mask. Each remark line is clear which remark describes which permit or deny statement. To remove...
...to one reason you can go before the associated permit or deny statements and some remarks before or after the associated statements. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 85 However, you omit the mask from a named ACL. You should...or Layer 3 interface: Step 1 Step 2 Step 3 Step 4 Command Purpose configure terminal Enters global configuration mode. interface interface-id Identifies a specific interface for network interfaces. After you must be the mask. Each remark line is clear which remark describes which permit or deny statement. To remove...