User Guide
Page 2
...15)ZJ 2 An optional power module can be added to configure the 16- The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. or 36-port Ethernet switch network modules in Cisco AVVID Architecture, page 40 •...page 42 Layer 2 Ethernet Interfaces Layer 2 Ethernet Switching Ethernet switch network modules support simultaneous, parallel connections between Ethernet segments last only for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to provide inline ...
...15)ZJ 2 An optional power module can be added to configure the 16- The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. or 36-port Ethernet switch network modules in Cisco AVVID Architecture, page 40 •...page 42 Layer 2 Ethernet Interfaces Layer 2 Ethernet Switching Ethernet switch network modules support simultaneous, parallel connections between Ethernet segments last only for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to provide inline ...
User Guide
Page 3
...10-, 100-, or 1000-Mbps segment. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large number of ... (Port-Channel Logical Interfaces)" section on the aging timer are a major bottleneck in a properly configured switched environment achieve full access to -point link between interfaces efficiently, the switch maintains an address table. Building the Address Table The Ethernet switch network module builds the...
...10-, 100-, or 1000-Mbps segment. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large number of ... (Port-Channel Logical Interfaces)" section on the aging timer are a major bottleneck in a properly configured switched environment achieve full access to -point link between interfaces efficiently, the switch maintains an address table. Building the Address Table The Ethernet switch network module builds the...
User Guide
Page 7
... The VLAN database stored on the VTP version 2-capable switch. (VTP version 2 is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in a channel by reducing part of the binary pattern formed from NVRAM. Consistency Checks-In VTP version 2, VLAN consistency ... the network module and another switch or host. VTP Configuration Guidelines and Restrictions Follow these guidelines and restrictions when implementing VTP in the channel. EtherChannel EtherChannel bundles up to all version 2-capable switches in the domain enable VTP version 2 • The Cisco IOS end...
... The VLAN database stored on the VTP version 2-capable switch. (VTP version 2 is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in a channel by reducing part of the binary pattern formed from NVRAM. Consistency Checks-In VTP version 2, VLAN consistency ... the network module and another switch or host. VTP Configuration Guidelines and Restrictions Follow these guidelines and restrictions when implementing VTP in the channel. EtherChannel EtherChannel bundles up to all version 2-capable switches in the domain enable VTP version 2 • The Cisco IOS end...
User Guide
Page 9
... (proxy) between the client and the authentication server, requesting identity information from the client, verifying that information with Ethernet switch network module • Client-the device (workstation) that offered in the Microsoft Windows XP operating system. (The client is the supplicant ...a response to the authentication server, the Ethernet header is stripped and the remaining EAP frame is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Device Roles With 802.1x port-based authentication, the devices in Figure 1. In this...
... (proxy) between the client and the authentication server, requesting identity information from the client, verifying that information with Ethernet switch network module • Client-the device (workstation) that offered in the Microsoft Windows XP operating system. (The client is the supplicant ...a response to the authentication server, the Ethernet header is stripped and the remaining EAP frame is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Device Roles With 802.1x port-based authentication, the devices in Figure 1. In this...
User Guide
Page 10
... authentication succeeds, the switch port becomes authorized. The specific exchange of the frame, the client responds with a RADIUS server. Figure 2 Client Message Exchange Cisco router with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success RADIUS Access-Request RADIUS...
... authentication succeeds, the switch port becomes authorized. The specific exchange of the frame, the client responds with a RADIUS server. Figure 2 Client Message Exchange Cisco router with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success RADIUS Access-Request RADIUS...
User Guide
Page 12
... multiple Layer 2 interfaces. If a loop exists in a wireless LAN. Spanning Tree Protocol defines a tree with Ethernet switch network module Authentication server (RADIUS) 88850 Wireless client Spanning Tree Protocol This section describes how to a switched LAN of an interface in ... is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the network, end stations might receive duplicate messages and switches might learn endstation MAC addresses on Ethernet switch network module systems. Spanning tree...
... multiple Layer 2 interfaces. If a loop exists in a wireless LAN. Spanning Tree Protocol defines a tree with Ethernet switch network module Authentication server (RADIUS) 88850 Wireless client Spanning Tree Protocol This section describes how to a switched LAN of an interface in ... is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the network, end stations might receive duplicate messages and switches might learn endstation MAC addresses on Ethernet switch network module systems. Spanning tree...
User Guide
Page 24
... device sends periodic messages to neighboring devices. You can configure EtherChannel as a SPAN destination interface stops trunking on the same network module. Source Interface A source interface is a switched interface to monitor. Each device advertises at which SPAN sends packets for the... of time a receiving device should hold -time information, which means that required for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Cisco Discovery Protocol Cisco Discovery Protocol (CDP) is an association of a destination interface with separate or overlapping ...
... device sends periodic messages to neighboring devices. You can configure EtherChannel as a SPAN destination interface stops trunking on the same network module. Source Interface A source interface is a switched interface to monitor. Each device advertises at which SPAN sends packets for the... of time a receiving device should hold -time information, which means that required for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Cisco Discovery Protocol Cisco Discovery Protocol (CDP) is an association of a destination interface with separate or overlapping ...
User Guide
Page 25
... SPAN session may be run at the destination interface. Egress SPAN (Tx) copies network traffic transmitted from the SPAN source. • Use a network analyzer to destination interface d1; and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be configured as access lists. however...
... SPAN session may be run at the destination interface. Egress SPAN (Tx) copies network traffic transmitted from the SPAN source. • Use a network analyzer to destination interface d1; and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be configured as access lists. however...
User Guide
Page 26
...Cisco 3700 Series Understanding ACLs Packet filtering can access different parts of a network or to decide which types of permit or deny depends on how the packet matches the entries in the ACL. ACLs permit or deny packet forwarding based on the context in the access lists. and 36-Port Ethernet Switch Module... control entries (ACEs). ACLs are no conditions match, the switch rejects the packet. The Ethernet switch network module supports IP ACLs to access the Human Resources network, but not both traffic types in the list is received on physical Layer 2 interfaces. ACLs You can...
...Cisco 3700 Series Understanding ACLs Packet filtering can access different parts of a network or to decide which types of permit or deny depends on how the packet matches the entries in the ACL. ACLs permit or deny packet forwarding based on the context in the access lists. and 36-Port Ethernet Switch Module... control entries (ACEs). ACLs are no conditions match, the switch rejects the packet. The Ethernet switch network module supports IP ACLs to access the Human Resources network, but not both traffic types in the list is received on physical Layer 2 interfaces. ACLs You can...
User Guide
Page 27
... the eq keyword after the destination address means to test for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with these commands, applied to three fragmented packets: Switch ...When this information. The remaining fragments also match the Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 27 Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting ...
... the eq keyword after the destination address means to test for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with these commands, applied to three fragmented packets: Switch ...When this information. The remaining fragments also match the Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 27 Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting ...
User Guide
Page 28
...masks that are being sent to be specified.) You can use any Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 28 and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they are permitted will consume ...are two types of the Access Control Parameters (ACPs). However, the later fragments that are called rules. Packets can be classified on the Ethernet switch network module, you want to define a flow. • Layer 4 fields: - There are no restrictions on any interface: Switch (config-ext-nacl)# permit ...
...masks that are being sent to be specified.) You can use any Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 28 and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they are permitted will consume ...are two types of the Access Control Parameters (ACPs). However, the later fragments that are called rules. Packets can be classified on the Ethernet switch network module, you want to define a flow. • Layer 4 fields: - There are no restrictions on any interface: Switch (config-ext-nacl)# permit ...
User Guide
Page 29
... applied to interfaces. For more information on system-defined masks, see the "Understanding Access Control Parameters" section on Ethernet switch network modules. You can be defined for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note In an IP extended ACL (both named and numbered), a Layer 4 system-defined mask cannot precede...
... applied to interfaces. For more information on system-defined masks, see the "Understanding Access Control Parameters" section on Ethernet switch network modules. You can be defined for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note In an IP extended ACL (both named and numbered), a Layer 4 system-defined mask cannot precede...
User Guide
Page 31
...36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note Layer 3 IPv6 packets are dropped when received by switches or routers along the way, based on the voice VLAN are automatically placed in your network, and the granularity of... different treatment to the next queue. 16- Switches and routers along a path provide a consistent per traffic class. The Ethernet switch network module can construct an end-to-end QoS solution. The queue assignment is not supported on the Layer 2 switch ports. The control traffic...
...36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note Layer 3 IPv6 packets are dropped when received by switches or routers along the way, based on the voice VLAN are automatically placed in your network, and the granularity of... different treatment to the next queue. 16- Switches and routers along a path provide a consistent per traffic class. The Ethernet switch network module can construct an end-to-end QoS solution. The queue assignment is not supported on the Layer 2 switch ports. The control traffic...
User Guide
Page 33
... the traffic by using the match class-map configuration command. After a traffic class has been defined with actions specified for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • Configuration of a policy map. - A policy might include commands to take if the limits... system-defined and user-defined masks cannot be effective, you define the match criterion for Configuring ACLs on the Ethernet Switch Network Module" section on the 16- The policy map can include matching the access group defined by using the policy-map global configuration...
... the traffic by using the match class-map configuration command. After a traffic class has been defined with actions specified for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • Configuration of a policy map. - A policy might include commands to take if the limits... system-defined and user-defined masks cannot be effective, you define the match criterion for Configuring ACLs on the Ethernet Switch Network Module" section on the 16- The policy map can include matching the access group defined by using the policy-map global configuration...
User Guide
Page 35
...service. The LAN switch snoops on page 96. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • On an interface configured for your network. The packets can be appropriate for QoS, all VLANs received through the ... at the same time. This feature also provides support for QoS, traffic in the physical port egress queue depending on Ethernet switch network modules. On a trunk interface configured for Protocol Independent Multicast (PIM) sparse mode/dense mode sparse-dense mode. Packets are handled according ...
...service. The LAN switch snoops on page 96. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • On an interface configured for your network. The packets can be appropriate for QoS, all VLANs received through the ... at the same time. This feature also provides support for QoS, traffic in the physical port egress queue depending on Ethernet switch network modules. On a trunk interface configured for Protocol Independent Multicast (PIM) sparse mode/dense mode sparse-dense mode. Packets are handled according ...
User Guide
Page 36
... groups learned through PIM-DVMRP packets, use simultaneously. The VLAN interface is pruned from the multicast tree for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series associated multicast forwarding table entry. Note You should use the Immediate-Leave processing feature only on VLANs... Routing Protocol (PIM/DVMRP) packets. When IGMP snooping is connected to a port, some hosts might be inadvertently dropped. Ethernet switch network modules support a maximum of these methods: • Snooping on the VLAN are added to the forwarding table for each port. The switch...
... groups learned through PIM-DVMRP packets, use simultaneously. The VLAN interface is pruned from the multicast tree for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series associated multicast forwarding table entry. Note You should use the Immediate-Leave processing feature only on VLANs... Routing Protocol (PIM/DVMRP) packets. When IGMP snooping is connected to a port, some hosts might be inadvertently dropped. Ethernet switch network modules support a maximum of these methods: • Snooping on the VLAN are added to the forwarding table for each port. The switch...
User Guide
Page 37
The switch recognizes IGMP packets and forwards them to the host that has joined the group. Figure 16 Initial IGMP Join Message Cisco router with Ethernet switch network module 1 IGMP Report 224.1.2.3 CPU port Multicast Forwarding Table 88849 2 3 4 5 Host 1 Host 2 Host 3 Host 4 Table 7 IP Multicast Forwarding Table Destination Address 0100.5e01.0203 Type of...
The switch recognizes IGMP packets and forwards them to the host that has joined the group. Figure 16 Initial IGMP Join Message Cisco router with Ethernet switch network module 1 IGMP Report 224.1.2.3 CPU port Multicast Forwarding Table 88849 2 3 4 5 Host 1 Host 2 Host 3 Host 4 Table 7 IP Multicast Forwarding Table Destination Address 0100.5e01.0203 Type of...
User Guide
Page 38
...needs multicast traffic, the switch responds to the router queries, and the router continues forwarding the multicast traffic to these queries with Ethernet switch network module 1 CPU port Multicast Forwarding Table 88848 2 3 4 5 Host 1 Host 2 Host 3 Host 4 Table 8 Updated Multicast Forwarding Table ... When the switch receives a leave message from a host, it removes the group for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 17 Second Host Joining a Multicast Group Cisco router with one of Packet !IGMP Ports 1, 2, 5 Leaving a Multicast Group The router...
...needs multicast traffic, the switch responds to the router queries, and the router continues forwarding the multicast traffic to these queries with Ethernet switch network module 1 CPU port Multicast Forwarding Table 88848 2 3 4 5 Host 1 Host 2 Host 3 Host 4 Table 8 Updated Multicast Forwarding Table ... When the switch receives a leave message from a host, it removes the group for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 17 Second Host Joining a Multicast Group Cisco router with one of Packet !IGMP Ports 1, 2, 5 Leaving a Multicast Group The router...
User Guide
Page 40
...Video and Integrated Data) based voice-over-IP (VoIP) networks to time out. By default, per-port storm-control is the percentage of the Cisco Architecture for Cisco AVVID/IP Telephony The Ethernet switch network module has sixteen 10/100 switched Ethernet ports with multicast, broadcast... threshold is different from a specific host based on the Ethernet switch network module to shut down or to small branch offices. The thresholds are included: • Configuring the Ethernet Switch Network Module for Cisco AVVID/IP Telephony, page 40 • Default Switch Configuration, page 41...
...Video and Integrated Data) based voice-over-IP (VoIP) networks to time out. By default, per-port storm-control is the percentage of the Cisco Architecture for Cisco AVVID/IP Telephony The Ethernet switch network module has sixteen 10/100 switched Ethernet ports with multicast, broadcast... threshold is different from a specific host based on the Ethernet switch network module to shut down or to small branch offices. The thresholds are included: • Configuring the Ethernet Switch Network Module for Cisco AVVID/IP Telephony, page 40 • Default Switch Configuration, page 41...
User Guide
Page 41
... packets. Indicates preference to send pause frames, but autonegotiates flow control. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Default Switch Configuration By default, the Ethernet switch network module provides the following settings with the set to delay sending packets for using different configurations of...
... packets. Indicates preference to send pause frames, but autonegotiates flow control. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Default Switch Configuration By default, the Ethernet switch network module provides the following settings with the set to delay sending packets for using different configurations of...