User Guide
Page 1
... Release 12.2(15)ZJ. and 36-Port Ethernet Switch Module, page 130 • Command Reference, page 157 • Glossary, page 242 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 1 16- and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for switch virtual interfaces (SVIs). This document includes the following sections: •...
... Release 12.2(15)ZJ. and 36-Port Ethernet Switch Module, page 130 • Command Reference, page 157 • Glossary, page 242 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 1 16- and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for switch virtual interfaces (SVIs). This document includes the following sections: •...
User Guide
Page 2
.... The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. The 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 2 The 36-port Ethernet switch network module requires a double-wide slot. and 36-port Ethernet switch network modules. Feature Overview 16- and 36-port Ethernet switch network modules support the following...
.... The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. The 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 2 The 36-port Ethernet switch network module requires a double-wide slot. and 36-port Ethernet switch network modules. Feature Overview 16- and 36-port Ethernet switch network modules support the following...
User Guide
Page 3
... Segments Each Ethernet interface on all interfaces. When the switch receives a frame for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by all interfaces of the sending station with the interface on...bandwidth devices and a large number of multiple VLANs over a single link and allow you to extend VLANs across an entire network and supports only one encapsulation on an Ethernet switch network module can connect to a single workstation or server, or to a hub through which means ...
... Segments Each Ethernet interface on all interfaces. When the switch receives a frame for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by all interfaces of the sending station with the interface on...bandwidth devices and a large number of multiple VLANs over a single link and allow you to extend VLANs across an entire network and supports only one encapsulation on an Ethernet switch network module can connect to a single workstation or server, or to a hub through which means ...
User Guide
Page 4
... VLAN is . Cisco recommends that you...network of Cisco switches connected through an 802.1Q trunk, the Cisco...by Cisco switches separated by a Cisco switch mark the line as a single ...network. The 802.1Q cloud separating the Cisco switches that your network...Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Layer 2 Interface Modes Switchport mode access puts the interface into permanent trunking mode. Cisco... IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 4 Make sure that is not Cisco...network can potentially cause spanning tree loops. Make sure that are not Cisco...
... VLAN is . Cisco recommends that you...network of Cisco switches connected through an 802.1Q trunk, the Cisco...by Cisco switches separated by a Cisco switch mark the line as a single ...network. The 802.1Q cloud separating the Cisco switches that your network...Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Layer 2 Interface Modes Switchport mode access puts the interface into permanent trunking mode. Cisco... IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 4 Make sure that is not Cisco...network can potentially cause spanning tree loops. Make sure that are not Cisco...
User Guide
Page 5
...with a VLAN, but it is necessary to configure an SVI for a VLAN interface. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of hardware limitations. Then ...shuts the interface down and then reenables it does not have those changes automatically communicated to the routing or bridging function in the network. Routed ports can configure routing across SVIs. Configure a VLAN interface for each VLAN for which might have an impact on a...
...with a VLAN, but it is necessary to configure an SVI for a VLAN interface. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of hardware limitations. Then ...shuts the interface down and then reenables it does not have those changes automatically communicated to the routing or bridging function in the network. Routed ports can configure routing across SVIs. Configure a VLAN interface for each VLAN for which might have an impact on a...
User Guide
Page 6
...the change to a reserved multicast address. Mapping eliminates excessive device administration required from network administrators. You make a change is specified or learned. The switch ignores advertisements with...internal index associations. When you make global VLAN configuration changes for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN ...and modify VLANs but you configure a management domain. and 36-Port Ethernet Switch Module for the domain using IEEE 802.1Q encapsulation. Feature Overview 16- VTP advertisements...
...the change to a reserved multicast address. Mapping eliminates excessive device administration required from network administrators. You make a change is specified or learned. The switch ignores advertisements with...internal index associations. When you make global VLAN configuration changes for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN ...and modify VLANs but you configure a management domain. and 36-Port Ethernet Switch Module for the domain using IEEE 802.1Q encapsulation. Feature Overview 16- VTP advertisements...
User Guide
Page 7
...In VTP version 1, a VTP transparent switch inspects VTP messages for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you enter new information...the binary pattern formed from NVRAM. A Ethernet switch network module system supports a maximum of up to eight individual Ethernet links into a single logical link that VTP version 2 is disabled on the... VTP version 2-capable switch. (VTP version 2 is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in your network, ...
...In VTP version 1, a VTP transparent switch inspects VTP messages for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you enter new information...the binary pattern formed from NVRAM. A Ethernet switch network module system supports a maximum of up to eight individual Ethernet links into a single logical link that VTP version 2 is disabled on the... VTP version 2-capable switch. (VTP version 2 is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in your network, ...
User Guide
Page 8
...prevent unauthorized devices (clients) from connecting to a LAN through the port to a single MAC address, using source addresses or IP addresses may result in an EtherChannel, it ... insecure environments could be physically contiguous or on the same module. • Configure all interfaces in an EtherChannel to the network. For example, if the traffic on all interfaces in ... making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that interfaces be created. The authentication ...
...prevent unauthorized devices (clients) from connecting to a LAN through the port to a single MAC address, using source addresses or IP addresses may result in an EtherChannel, it ... insecure environments could be physically contiguous or on the same module. • Configure all interfaces in an EtherChannel to the network. For example, if the traffic on all interfaces in ... making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that interfaces be created. The authentication ...
User Guide
Page 9
... server (RADIUS) 88852 Workstation (client) Cisco router with Ethernet switch network module • Client-the device (workstation) that supports the RADIUS client and 802.1x. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Device Roles With ...802.1x port-based authentication, the devices in the network have specific roles as an intermediary (proxy) between the...
... server (RADIUS) 88852 Workstation (client) Cisco router with Ethernet switch network module • Client-the device (workstation) that supports the RADIUS client and 802.1x. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Device Roles With ...802.1x port-based authentication, the devices in the network have specific roles as an intermediary (proxy) between the...
User Guide
Page 10
...section on page 11. If the authentication succeeds, the switch port becomes authorized. For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by using the One...the authentication server until authentication succeeds or fails. The specific exchange of the frame, the client responds with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success RADIUS...
...section on page 11. If the authentication succeeds, the switch port becomes authorized. For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by using the One...the authentication server until authentication succeeds or fails. The specific exchange of the frame, the client responds with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success RADIUS...
User Guide
Page 11
...connected to the unauthorized state. If the link state of attempts, authentication fails, and network access is received, the client sends the request for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in Authorized and Unauthorized States The switch port state determines ... only EAPOL frames to authenticate. The switch detects the client when the port link state changes to the network. and 36-Port Ethernet Switch Module for a fixed number of the client and begins relaying authentication messages between the client and the authentication server.
...connected to the unauthorized state. If the link state of attempts, authentication fails, and network access is received, the client sends the request for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in Authorized and Unauthorized States The switch port state determines ... only EAPOL frames to authenticate. The switch detects the client when the port link state changes to the network. and 36-Port Ethernet Switch Module for a fixed number of the client and begins relaying authentication messages between the client and the authentication server.
User Guide
Page 12
...Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the network. For a Layer 2 Ethernet network to the network. The spanning tree algorithm calculates the best loop-free path throughout a switched Layer 2 network. Spanning Tree Protocol defines a tree with Ethernet switch network module... Cisco router with a root switch and a loop-free path from the root to configure the Spanning Tree Protocol (STP) on a switch are connected to a single LAN segment or to all VLANs. By default, a single instance of an interface in the network ...
...Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in the network. For a Layer 2 Ethernet network to the network. The spanning tree algorithm calculates the best loop-free path throughout a switched Layer 2 network. Spanning Tree Protocol defines a tree with Ethernet switch network module... Cisco router with a root switch and a loop-free path from the root to configure the Spanning Tree Protocol (STP) on a switch are connected to a single LAN segment or to all VLANs. By default, a single instance of an interface in the network ...
User Guide
Page 13
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of the switch that are transmitted in the frame to communicate ... tree topology in the VLAN becomes the root switch. 16- Each configuration BPDU contains the following minimal information: • The unique bridge ID of a switched network is determined by the following : • One switch is transmitted receive the BPDU. A BPDU exchange results in the following : • The unique bridge ID (...
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of the switch that are transmitted in the frame to communicate ... tree topology in the VLAN becomes the root switch. 16- Each configuration BPDU contains the following minimal information: • The unique bridge ID of a switched network is determined by the following : • One switch is transmitted receive the BPDU. A BPDU exchange results in the following : • The unique bridge ID (...
User Guide
Page 14
...to propagate through a switched LAN. They must wait for new topology information to expire for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that affect the entire spanning tree ...switch broadcasts hello messages to the forwarding state, it can create temporary data loops. and 36-Port Ethernet Switch Module for frames that the Layer 2 interface should participate in frame forwarding. • Learning-The Layer 2 interface ... that have been forwarded using spanning tree exists in a switched network. Feature Overview 16-
...to propagate through a switched LAN. They must wait for new topology information to expire for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that affect the entire spanning tree ...switch broadcasts hello messages to the forwarding state, it can create temporary data loops. and 36-Port Ethernet Switch Module for frames that the Layer 2 interface should participate in frame forwarding. • Learning-The Layer 2 interface ... that have been forwarded using spanning tree exists in a switched network. Feature Overview 16-
User Guide
Page 15
When the spanning tree algorithm places a Layer 2 interface in the switch, VLAN, or network goes through the five stages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 16- Figure 4 STP Port States Boot-up initialization Blocking state Listening ...then moves the Layer 2 interface to the learning state, and resets the forward delay timer. 3. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of listening and ...
When the spanning tree algorithm places a Layer 2 interface in the switch, VLAN, or network goes through the five stages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 16- Figure 4 STP Port States Boot-up initialization Blocking state Listening ...then moves the Layer 2 interface to the learning state, and resets the forward delay timer. 3. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of listening and ...
User Guide
Page 16
... switches. Figure 5 Interface 2 in Blocking State Segment frames Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding S5692 BPDUs Data frames Port 2 Network management frames Blocking Segment frames A Layer 2 interface in the switch. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 16 and 36-Port...
... switches. Figure 5 Interface 2 in Blocking State Segment frames Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding S5692 BPDUs Data frames Port 2 Network management frames Blocking Segment frames A Layer 2 interface in the switch. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 16 and 36-Port...
User Guide
Page 17
...in Listening State All segment frames Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding Data frames BPDUs Port 2 Network management frames S5693 Listening All segment frames BPDU and network management frames A Layer 2 interface in the listening state. 16-...listening state is no learning at this state when STP determines that the Layer 2 interface should participate in frame forwarding. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 17 The Layer 2 interface enters this point, so there ...
...in Listening State All segment frames Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding Data frames BPDUs Port 2 Network management frames S5693 Listening All segment frames BPDU and network management frames A Layer 2 interface in the listening state. 16-...listening state is no learning at this state when STP determines that the Layer 2 interface should participate in frame forwarding. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 17 The Layer 2 interface enters this point, so there ...
User Guide
Page 18
... enters the learning state from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 18 Figure 7 Interface 2 in Learning State All segment frames Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding Station addresses Data frames...
... enters the learning state from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 18 Figure 7 Interface 2 in Learning State All segment frames Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding Station addresses Data frames...
User Guide
Page 19
...Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding S5695 Station addresses BPDUs Port 2 Network management and data frames Forwarding All... segment frames A Layer 2 interface in the forwarding state performs as follows: • Forwards frames received from the attached segment. • Forwards frames switched from another Layer 2 interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco...
...Forwarding Station addresses Port 1 BPDUs Network management and data frames Filtering database System module Frame forwarding S5695 Station addresses BPDUs Port 2 Network management and data frames Forwarding All... segment frames A Layer 2 interface in the forwarding state performs as follows: • Forwards frames received from the attached segment. • Forwards frames switched from another Layer 2 interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco...
User Guide
Page 20
... Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer 2 interface in the disabled state does not participate in frame forwarding or spanning tree, as shown in Disabled State All segment frames Forwarding Station addresses Port 1 BPDUs Network management and ... has a pool of VLANs allowed 64 VLANS 32 VLANs 32 VLANs Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 20 Table 3 Number of VLANs Allowed by Platform Platform Cisco 3640 or higher Cisco 3620 Cisco 2600 Maximum number of MAC addresses that are used as follows: ...
... Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer 2 interface in the disabled state does not participate in frame forwarding or spanning tree, as shown in Disabled State All segment frames Forwarding Station addresses Port 1 BPDUs Network management and ... has a pool of VLANs allowed 64 VLANS 32 VLANs 32 VLANs Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 20 Table 3 Number of VLANs Allowed by Platform Platform Cisco 3640 or higher Cisco 3620 Cisco 2600 Maximum number of MAC addresses that are used as follows: ...