User Guide
Page 1
Enhancements were added in Cisco IOS Release 12.2(2)XT and Cisco IOS Release 12.2(8)T and above. and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for the 16- This document includes the following sections: • Feature Overview, page 2 • Supported Platforms, page 45 • Supported Standards, MIBs, and RFCs, ...
Enhancements were added in Cisco IOS Release 12.2(2)XT and Cisco IOS Release 12.2(8)T and above. and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for the 16- This document includes the following sections: • Feature Overview, page 2 • Supported Platforms, page 45 • Supported Standards, MIBs, and RFCs, ...
User Guide
Page 2
... Trunk Protocol, page 5 • EtherChannel, page 7 • 802.1x Port-Based Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 •... packet. and 36-Port Ethernet Switch Module for IP telephones. The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. The 36-port Ethernet switch network module requires a double-wide slot. and 36-port Ethernet...
... Trunk Protocol, page 5 • EtherChannel, page 7 • 802.1x Port-Based Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 •... packet. and 36-Port Ethernet Switch Module for IP telephones. The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. The 36-port Ethernet switch network module requires a double-wide slot. and 36-port Ethernet...
User Guide
Page 3
...extend VLANs across an entire network and supports only one or more information about EtherChannel, see the "Configuring Layer 2 EtherChannels (Port-Channel Logical Interfaces)" section on an EtherChannel bundle. Trunks carry the traffic of the frames received. and 36-Port Ethernet Switch Module for... from the address table. You can flow in half-duplex mode, which means that each device (for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by assigning each session receives full...
...extend VLANs across an entire network and supports only one or more information about EtherChannel, see the "Configuring Layer 2 EtherChannels (Port-Channel Logical Interfaces)" section on an EtherChannel bundle. Trunks carry the traffic of the frames received. and 36-Port Ethernet Switch Module for... from the address table. You can flow in half-duplex mode, which means that each device (for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by assigning each session receives full...
User Guide
Page 4
...port and untagged (802.3). If the VLAN on one instance of the trunk link. The 802.1Q cloud separating the Cisco switches that are not Cisco switches. Table 1 Default Layer 2 Ethernet Interface Configuration Feature Interface mode Trunk encapsulation Allowed VLAN range Default VLAN (for ...Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN trunk with the spanning tree instance of an 802.1Q...
...port and untagged (802.3). If the VLAN on one instance of the trunk link. The 802.1Q cloud separating the Cisco switches that are not Cisco switches. Table 1 Default Layer 2 Ethernet Interface Configuration Feature Interface mode Trunk encapsulation Allowed VLAN range Default VLAN (for ...Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN trunk with the spanning tree instance of an 802.1Q...
User Guide
Page 5
...For more switches and have an impact on an ISL or 802.1Q encapsulated trunk or the VLAN ID configured for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of VLANs within a VTP... domain. Routed ports can make configuration changes centrally on the interface.) The number of hardware limitations. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 SVIs support routing protocol and bridging configurations. Before you create VLANs, you ...
...For more switches and have an impact on an ISL or 802.1Q encapsulated trunk or the VLAN ID configured for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of VLANs within a VTP... domain. Routed ports can make configuration changes centrally on the interface.) The number of hardware limitations. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 SVIs support routing protocol and bridging configurations. Before you create VLANs, you ...
User Guide
Page 6
...VTP domain. VTP advertisements are transmitted out all switches in the VTP domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 A switch can create, modify, and delete VLANs and specify other configuration...8226; VTP domain name • VTP configuration revision number • VLAN configuration, including maximum transmission unit (MTU) size for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is in any one of one VTP domain. ...
...VTP domain. VTP advertisements are transmitted out all switches in the VTP domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 A switch can create, modify, and delete VLANs and specify other configuration...8226; VTP domain name • VTP configuration revision number • VLAN configuration, including maximum transmission unit (MTU) size for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is in any one of one VTP domain. ...
User Guide
Page 7
..., without consistency checks. 16- Version-Dependent Transparent Mode-In VTP version 1, a VTP transparent switch inspects VTP messages for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you use VTP in your network: • All switches in a VTP...a switch unless all EtherChannels configured on the VTP version 2-capable switch. (VTP version 2 is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in a channel by reducing part of the binary pattern formed from a VTP message, or when information is supported. • ...
..., without consistency checks. 16- Version-Dependent Transparent Mode-In VTP version 1, a VTP transparent switch inspects VTP messages for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you use VTP in your network: • All switches in a VTP...a switch unless all EtherChannels configured on the VTP version 2-capable switch. (VTP version 2 is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in a channel by reducing part of the binary pattern formed from a VTP message, or when information is supported. • ...
User Guide
Page 8
... before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that restricts unauthorized devices from gaining access to avoid configuration problems: • All Ethernet interfaces on a channel is connected. The authentication server authenticates each client connected to a single MAC...
... before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that restricts unauthorized devices from gaining access to avoid configuration problems: • All Ethernet interfaces on a channel is connected. The authentication server authenticates each client connected to a single MAC...
User Guide
Page 9
... relays them to access the LAN and switch services. Figure 1 802.1x Device Roles Authentication server (RADIUS) 88852 Workstation (client) Cisco router with Ethernet switch network module • Client-the device (workstation) that offered in the Microsoft Windows XP operating system. (The...802.1x-compliant client software such as intermediaries include the Catalyst 3550 multilayer switch, Catalyst 2950 switch, or a wireless access point. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 9 The authentication server validates the identity of the client. The switch includes...
... relays them to access the LAN and switch services. Figure 1 802.1x Device Roles Authentication server (RADIUS) 88852 Workstation (client) Cisco router with Ethernet switch network module • Client-the device (workstation) that offered in the Microsoft Windows XP operating system. (The...802.1x-compliant client software such as intermediaries include the Catalyst 3550 multilayer switch, Catalyst 2950 switch, or a wireless access point. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 9 The authentication server validates the identity of the client. The switch includes...
User Guide
Page 10
...12.2(8)T, and 12.2(15)ZJ 10 and 36-Port Ethernet Switch Module for authentication information). For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by using the One-Time-..., any EAPOL frames from down to start frame, which prompts the switch to request the client's identity. Figure 2 Client Message Exchange Cisco router with an EAP-response/identity frame. Figure 2 shows a message exchange initiated by one or more information, see the "Ports in...
...12.2(8)T, and 12.2(15)ZJ 10 and 36-Port Ethernet Switch Module for authentication information). For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by using the One-Time-..., any EAPOL frames from down to start frame, which prompts the switch to request the client's identity. Figure 2 Client Message Exchange Cisco router with an EAP-response/identity frame. Figure 2 shows a message exchange initiated by one or more information, see the "Ports in...
User Guide
Page 11
...the port changes from the authentication server), the port state changes to be connected to the up , or when an EAPOL-start frame. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 11 The authentication process begins when the link state of a port changes from the... If a client that is connected to the unauthorized state. When no response is received, the client sends the request for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, and the client is successfully authenticated (receives an Accept frame from down to...
...the port changes from the authentication server), the port state changes to be connected to the up , or when an EAPOL-start frame. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 11 The authentication process begins when the link state of a port changes from the... If a client that is connected to the unauthorized state. When no response is received, the client sends the request for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the unauthorized state, and the client is successfully authenticated (receives an Accept frame from down to...
User Guide
Page 12
... blocking state. If a network segment in an unstable network. If a loop exists in a wireless LAN. Figure 3 Wireless LAN Example Access point Cisco router with a root switch and a loop-free path from the root to construct a loop-free path. The spanning tree port priority value represents ...priority and port path cost setting determine which port is put in the forwarding state and which port is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the network, end stations might receive duplicate messages and ...
... blocking state. If a network segment in an unstable network. If a loop exists in a wireless LAN. Figure 3 Wireless LAN Example Access point Cisco router with a root switch and a loop-free path from the root to construct a loop-free path. The spanning tree port priority value represents ...priority and port path cost setting determine which port is put in the forwarding state and which port is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the network, end stations might receive duplicate messages and ...
User Guide
Page 13
...Bridge. Spanning tree uses this information to reach the root switch from the root switch, and each switch based on which frames is selected. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 This is the switch closest to the root bridge through which the frame is ...: • The unique bridge ID of the switch that are not needed to elect the root bridge and root port for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of the spanning tree topology in a switched network...
...Bridge. Spanning tree uses this information to reach the root switch from the root switch, and each switch based on which frames is selected. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 This is the switch closest to the root bridge through which the frame is ...: • The unique bridge ID of the switch that are not needed to elect the root bridge and root port for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of the spanning tree topology in a switched network...
User Guide
Page 14
... the frame lifetime to other switches. Each Layer 2 interface on a switch using the old topology. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that have been forwarded using spanning tree exists in the spanning tree topology to...
... the frame lifetime to other switches. Each Layer 2 interface on a switch using the old topology. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that have been forwarded using spanning tree exists in the spanning tree topology to...
User Guide
Page 15
... the forward delay timer to expire and then moves the Layer 2 interface to the learning state, and resets the forward delay timer. 3. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 and 36-Port Ethernet Switch Module for protocol information that suggests that it waits ...for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of listening and...
... the forward delay timer to expire and then moves the Layer 2 interface to the learning state, and resets the forward delay timer. 3. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 and 36-Port Ethernet Switch Module for protocol information that suggests that it waits ...for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of listening and...
User Guide
Page 16
Feature Overview 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Blocking State A Layer 2 interface in the blocking state does not participate in frame forwarding, as follows: • Discards frames received from the attached ... and directs them to the system module. • Does not transmit BPDUs received from the system module. • Receives and responds to the listening state. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 16
Feature Overview 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Blocking State A Layer 2 interface in the blocking state does not participate in frame forwarding, as follows: • Discards frames received from the attached ... and directs them to the system module. • Does not transmit BPDUs received from the system module. • Receives and responds to the listening state. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 16
User Guide
Page 17
...and directs them to the system module. • Receives, processes, and transmits BPDUs received from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Listening State The listening state is no learning at this state when STP determines that the ... received from the attached segment. • Discards frames switched from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 17 Figure 6 shows a Layer 2 interface in frame forwarding. and 36-Port Ethernet...
...and directs them to the system module. • Receives, processes, and transmits BPDUs received from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Listening State The listening state is no learning at this state when STP determines that the ... received from the attached segment. • Discards frames switched from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 17 Figure 6 shows a Layer 2 interface in frame forwarding. and 36-Port Ethernet...
User Guide
Page 18
Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 18 and 36-Port Ethernet Switch Module for forwarding. • Incorporates end station location into its ... in the learning state performs as follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Learning State A Layer 2 interface in the learning state prepares to network management messages. The Layer 2 interface enters the learning state...
Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 18 and 36-Port Ethernet Switch Module for forwarding. • Incorporates end station location into its ... in the learning state performs as follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Learning State A Layer 2 interface in the learning state prepares to network management messages. The Layer 2 interface enters the learning state...
User Guide
Page 19
... module. • Receives and responds to the system module. • Processes BPDUs received from the learning state. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 19 and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Forwarding State A Layer 2 interface in Figure 8. 16-
... module. • Receives and responds to the system module. • Processes BPDUs received from the learning state. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 19 and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Forwarding State A Layer 2 interface in Figure 8. 16-
User Guide
Page 20
... frames Disabled All segment frames A disabled Layer 2 interface performs as shown in Figure 9. Table 3 Number of VLANs Allowed by Platform Platform Cisco 3640 or higher Cisco 3620 Cisco 2600 Maximum number of VLANs allowed for the VLAN spanning trees. and 36-Port Ethernet Switch Module for... Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer 2 interface in the disabled state does not participate in the disabled state is no address database ...
... frames Disabled All segment frames A disabled Layer 2 interface performs as shown in Figure 9. Table 3 Number of VLANs Allowed by Platform Platform Cisco 3640 or higher Cisco 3620 Cisco 2600 Maximum number of VLANs allowed for the VLAN spanning trees. and 36-Port Ethernet Switch Module for... Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer 2 interface in the disabled state does not participate in the disabled state is no address database ...