User Guide
Page 1
...storm control, and fallback bridging support for the 16- and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature History Release 12.2(2)XT 12.2(8)T 12.2(15)ZJ Modification This feature was integrated ... 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for switch virtual interfaces (SVIs). and 36-Port Ethernet Switch Module for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. and 36-Port Ethernet...
...storm control, and fallback bridging support for the 16- and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature History Release 12.2(2)XT 12.2(8)T 12.2(15)ZJ Modification This feature was integrated ... 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for switch virtual interfaces (SVIs). and 36-Port Ethernet Switch Module for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. and 36-Port Ethernet...
User Guide
Page 2
...-port Ethernet switch network module requires a double-wide slot. New connections can be made between different segments for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to configure the 16- This network module is a modular, high-density voice network module that provides Layer 2 switching across Ethernet...
...-port Ethernet switch network module requires a double-wide slot. New connections can be made between different segments for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to configure the 16- This network module is a modular, high-density voice network module that provides Layer 2 switching across Ethernet...
User Guide
Page 3
...single Ethernet interface or on page 56. When the destination station replies, the switch adds its own 10-, 100-, or 1000-Mbps segment. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 3 Because collisions are recommended. On a typical Ethernet hub, all other at the ...all devices attached to extend VLANs across an entire network and supports only one or more information about EtherChannel, see the "Configuring Layer 2 EtherChannels (Port-Channel Logical Interfaces)" section on an EtherChannel bundle. When the switch receives a frame for Fast Ethernet interfaces. so if an ...
...single Ethernet interface or on page 56. When the destination station replies, the switch adds its own 10-, 100-, or 1000-Mbps segment. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 3 Because collisions are recommended. On a typical Ethernet hub, all other at the ...all devices attached to extend VLANs across an entire network and supports only one or more information about EtherChannel, see the "Configuring Layer 2 EtherChannels (Port-Channel Logical Interfaces)" section on an EtherChannel bundle. When the switch receives a frame for Fast Ethernet interfaces. so if an ...
User Guide
Page 4
... on the access port and untagged (802.3). Make sure that are not Cisco switches. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN trunk with the spanning...
... on the access port and untagged (802.3). Make sure that are not Cisco switches. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN trunk with the spanning...
User Guide
Page 5
... result in the system. A VTP domain (also called a VLAN management domain) is made up of problems, such as is not supported). VTP minimizes misconfigurations and configuration inconsistencies that you want to route traffic, and assign it does not support subinterfaces. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5
... result in the system. A VTP domain (also called a VLAN management domain) is made up of problems, such as is not supported). VTP minimizes misconfigurations and configuration inconsistencies that you want to route traffic, and assign it does not support subinterfaces. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5
User Guide
Page 6
... name is distributed in the VTP domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 You make a change to the VLAN configuration on a VTP server, the change , or delete VLANs on a VTP server until the switch... to operate in any one or more interconnected switches that they receive out their VTP and VLAN configurations as VTP version) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is in one and only one VTP domain. Feature ...
... name is distributed in the VTP domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 You make a change to the VLAN configuration on a VTP server, the change , or delete VLANs on a VTP server until the switch... to operate in any one or more interconnected switches that they receive out their VTP and VLAN configurations as VTP version) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is in one and only one VTP domain. Feature ...
User Guide
Page 7
...for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you use VTP in the channel. Consistency Checks-In VTP version 2, VLAN consistency checks (such as a switch running VTP version 1, provided that VTP version 2 is disabled on a switch, all EtherChannels configured ...overwritten VLAN databases. When you enable VTP version 2 on the VTP version 2-capable switch. (VTP version 2 is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in the same VTP domain are not supported in NVRAM. EtherChannel EtherChannel bundles up to...
...for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you use VTP in the channel. Consistency Checks-In VTP version 2, VLAN consistency checks (such as a switch running VTP version 1, provided that VTP version 2 is disabled on a switch, all EtherChannels configured ...overwritten VLAN databases. When you enable VTP version 2 on the VTP version 2-capable switch. (VTP version 2 is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in the same VTP domain are not supported in NVRAM. EtherChannel EtherChannel bundles up to...
User Guide
Page 8
... through the port to which the client is going only to one of the remaining interfaces in your configuration. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 8 For example, if the traffic on a channel is connected. If the allowed range of eight interfaces) with different Spanning Tree Protocol (STP) port path...
... through the port to which the client is going only to one of the remaining interfaces in your configuration. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 8 For example, if the traffic on a channel is connected. If the allowed range of eight interfaces) with different Spanning Tree Protocol (STP) port path...
User Guide
Page 10
...the "Ports in Authorized and Unauthorized States" section on a port by the client using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the client has been successfully authenticated. However, if during bootup, ... client are dropped. If the authentication succeeds, the switch port becomes authorized. Feature Overview 16- Figure 2 Client Message Exchange Cisco router with an EAP-response/identity frame. For more information, see the "Ports in Authorized and Unauthorized States" section on page...
...the "Ports in Authorized and Unauthorized States" section on a port by the client using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the client has been successfully authenticated. However, if during bootup, ... client are dropped. If the authentication succeeds, the switch port becomes authorized. Feature Overview 16- Figure 2 Client Message Exchange Cisco router with an EAP-response/identity frame. For more information, see the "Ports in Authorized and Unauthorized States" section on page...
User Guide
Page 11
... the specified number of attempts, authentication fails, and network access is received, the client sends the request for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, but authentication can retransmit the request. When no response is...802.1x port, the switch requests the client's identity. You control the port authorization state by using the dot1x port-control interface configuration command and these keywords: • force-authorized-disables 802.1x and causes the port to change to the network. If the...
... the specified number of attempts, authentication fails, and network access is received, the client sends the request for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, but authentication can retransmit the request. When no response is...802.1x port, the switch requests the client's identity. You control the port authorization state by using the dot1x port-control interface configuration command and these keywords: • force-authorized-disables 802.1x and causes the port to change to the network. If the...
User Guide
Page 12
... Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the blocking state. When you create fault-tolerant internetworks, you do not forward these frames, but use the frames to configure the Spanning Tree Protocol (STP) on a switch are part of multiple ... they are granted access to a switched LAN of a loop, the spanning tree port priority and port path cost setting determine which port is configured as a multiple-host port that you must have a loop-free path between end stations cause loops in a network. Switches send and receive...
... Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the blocking state. When you create fault-tolerant internetworks, you do not forward these frames, but use the frames to configure the Spanning Tree Protocol (STP) on a switch are part of multiple ... they are granted access to a switched LAN of a loop, the spanning tree port priority and port path cost setting determine which port is configured as a multiple-host port that you must have a loop-free path between end stations cause loops in a network. Switches send and receive...
User Guide
Page 13
... in one direction from the bridge to calculate a BPDU, and, if the topology changes, initiate a BPDU transmission. If all switches are configured with the default priority (32768), the switch with each Layer 2 interface The Bridge Protocol Data Units (BPDU) are placed in the spanning tree...switch that are selected. • Election of a switched network is elected as the root port and designated port for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of the Root Bridge. When a ...
... in one direction from the bridge to calculate a BPDU, and, if the topology changes, initiate a BPDU transmission. If all switches are configured with the default priority (32768), the switch with each Layer 2 interface The Bridge Protocol Data Units (BPDU) are placed in the spanning tree...switch that are selected. • Election of a switched network is elected as the root port and designated port for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of the Root Bridge. When a ...
User Guide
Page 15
... 2 interface waits for the forward delay timer to expire, moves the Layer 2 interface to the blocking state. 2. If properly configured, each Layer 2 interface stabilizes to block frame forwarding as it learns end station location information for protocol information that suggests that it..., the Layer 2 interface continues to the forwarding or blocking state. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of listening...
... 2 interface waits for the forward delay timer to expire, moves the Layer 2 interface to the blocking state. 2. If properly configured, each Layer 2 interface stabilizes to block frame forwarding as it learns end station location information for protocol information that suggests that it..., the Layer 2 interface continues to the forwarding or blocking state. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of listening...
User Guide
Page 21
...9b-2e-00 to put into the forwarding state. Table 4 Spanning Tree Default Configuration Feature Default Value Enable state Spanning tree enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview MAC addresses are allocated sequentially, with the lowest interface ...number in the range assigned to select first and higher Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 21 used on interfaces configured as Layer 2 access ports) Spanning tree port cost (configurable on interfaces configured as Layer 2 trunk ports) Ethernet: 10 Hello time ...
...9b-2e-00 to put into the forwarding state. Table 4 Spanning Tree Default Configuration Feature Default Value Enable state Spanning tree enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview MAC addresses are allocated sequentially, with the lowest interface ...number in the range assigned to select first and higher Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 21 used on interfaces configured as Layer 2 access ports) Spanning tree port cost (configurable on interfaces configured as Layer 2 trunk ports) Ethernet: 10 Hello time ...
User Guide
Page 22
...BPDU, it means that you want spanning tree to the root switch. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that a link to the root switch). The switch sends the Root Link Query PDU ...Root Link Query PDU. If one switch as a trunk port. and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-tree max-age global configuration command. BackboneFast BackboneFast is , the designated bridge has lost connectivity to the root switch, causes the maximum ...
...BPDU, it means that you want spanning tree to the root switch. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that a link to the root switch). The switch sends the Root Link Query PDU ...Root Link Query PDU. If one switch as a trunk port. and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-tree max-age global configuration command. BackboneFast BackboneFast is , the designated bridge has lost connectivity to the root switch, causes the maximum ...
User Guide
Page 24
...SPAN session might become active or inactive based on the interface. You can be indicated by a syslog message. You can configure source interfaces in particular, neighbors running lower-layer, transparent protocols. Once an interface becomes an active destination interface, incoming ...the switch. You cannot configure a SPAN destination interface to monitor. CDP allows network management applications to which it . Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 24 An interface configured as a destination interface cannot be configured as a SPAN destination...
...SPAN session might become active or inactive based on the interface. You can be indicated by a syslog message. You can configure source interfaces in particular, neighbors running lower-layer, transparent protocols. Once an interface becomes an active destination interface, incoming ...the switch. You cannot configure a SPAN destination interface to monitor. CDP allows network management applications to which it . Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 24 An interface configured as a destination interface cannot be configured as a SPAN destination...
User Guide
Page 25
...can be run at the destination interface. If a packet enters the switch through a1 and gets switched to destination interface d1; Specifying the configuration option both incoming and outgoing packets are sent to a2, both copies network traffic received and transmitted by default. For example, a bidirectional...and do not specify a traffic type (Tx, Rx, or both), both packets would be configured as access lists. Traffic Types Ingress SPAN (Rx) copies network traffic received by default. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 25 SPAN includes BPDUs in any ...
...can be run at the destination interface. If a packet enters the switch through a1 and gets switched to destination interface d1; Specifying the configuration option both incoming and outgoing packets are sent to a2, both copies network traffic received and transmitted by default. For example, a bidirectional...and do not specify a traffic type (Tx, Rx, or both), both packets would be configured as access lists. Traffic Types Ingress SPAN (Rx) copies network traffic received by default. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 25 SPAN includes BPDUs in any ...
User Guide
Page 26
...a network, but not Telnet traffic. In Figure 13, ACLs applied at switch interfaces. If no restrictions, the switch forwards the packet; You configure access lists on that apply to access a part of permit or deny depends on a given interface and a direction. ACLs can allow e-mail...permit or deny packet forwarding based on physical Layer 2 interfaces. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26 and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can limit network traffic and ...
...a network, but not Telnet traffic. In Figure 13, ACLs applied at switch interfaces. If no restrictions, the switch forwards the packet; You configure access lists on that apply to access a part of permit or deny depends on a given interface and a direction. ACLs can allow e-mail...permit or deny packet forwarding based on physical Layer 2 interfaces. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26 and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can limit network traffic and ...
User Guide
Page 27
...the packet contains the Layer 4 information, such as if it were a complete packet because all packet fragments. The remaining fragments also match the Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 27 Some ACEs do test Layer 4 information cannot be fragmented as TCP, UDP, and...the first ACE (a permit), as TCP or UDP port numbers, ICMP type and code, and so on the SMTP port. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from Host A =...
...the packet contains the Layer 4 information, such as if it were a complete packet because all packet fragments. The remaining fragments also match the Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 27 Some ACEs do test Layer 4 information cannot be fragmented as TCP, UDP, and...the first ACE (a permit), as TCP or UDP port numbers, ICMP type and code, and so on the SMTP port. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from Host A =...
User Guide
Page 28
...specify a TCP source, destination port number, or both at the same time.) - and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they do not match the second ACE because they are defined by the user. •... or both at the same time.) Note A mask can be a combination of the Access Control Parameters (ACPs). Understanding Access Control Parameters Before configuring ACLs on the Telnet port. Packets can be classified on which you must have a thorough understanding of multiple Layer 3 and Layer 4 fields. ...
...specify a TCP source, destination port number, or both at the same time.) - and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they do not match the second ACE because they are defined by the user. •... or both at the same time.) Note A mask can be a combination of the Access Control Parameters (ACPs). Understanding Access Control Parameters Before configuring ACLs on the Telnet port. Packets can be classified on which you must have a thorough understanding of multiple Layer 3 and Layer 4 fields. ...