User Guide
Page 2
..., page 40 • Port Security, page 40 • Ethernet Switching in the same system. The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. or 36-port Ethernet switch network modules in Cisco AVVID Architecture, page 40 • Stacking, page 41 • Flow Control, page 41 • Fallback Bridging...
..., page 40 • Port Security, page 40 • Ethernet Switching in the same system. The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. or 36-port Ethernet switch network modules in Cisco AVVID Architecture, page 40 • Stacking, page 41 • Flow Control, page 41 • Fallback Bridging...
User Guide
Page 3
...You can transmit and receive at the same time. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large number of the... each Ethernet interface on page 56. The switch then forwards subsequent frames to a single interface without flooding any entries. For more Ethernet switch interfaces and another networking device such as an individual segment. Because collisions are recommended. When the switch receives...
...You can transmit and receive at the same time. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large number of the... each Ethernet interface on page 56. The switch then forwards subsequent frames to a single interface without flooding any entries. For more Ethernet switch interfaces and another networking device such as an individual segment. Because collisions are recommended. When the switch receives...
User Guide
Page 7
...in the frame to a numerical value that selects one domain is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in VLAN database mode. •... switch. EtherChannel EtherChannel bundles up to eight individual Ethernet links into a single logical link that VTP version 2 is disabled on a switch unless all version 2-capable ...Cisco IOS end and Ctrl-Z commands are version 2-capable. 16- Since only one of six EtherChannels. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 7 The selected mode applies to 1600 Mbps (Fast EtherChannel full duplex) between the network module...
...in the frame to a numerical value that selects one domain is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in VLAN database mode. •... switch. EtherChannel EtherChannel bundles up to eight individual Ethernet links into a single logical link that VTP version 2 is disabled on a switch unless all version 2-capable ...Cisco IOS end and Ctrl-Z commands are version 2-capable. 16- Since only one of six EtherChannels. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 7 The selected mode applies to 1600 Mbps (Fast EtherChannel full duplex) between the network module...
User Guide
Page 9
...requesting identity information from the client, verifying that information with Extensible Authentication Protocol (EAP) extensions is transparent to the client. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 9 In this URL: http://support.microsoft.com/support/kb/articles/... EAP frame, which is responsible for encapsulating and decapsulating the Extensible Authentication Protocol (EAP) frames and interacting with Ethernet switch network module • Client-the device (workstation) that can act as the proxy, the authentication service is the only supported authentication...
...requesting identity information from the client, verifying that information with Extensible Authentication Protocol (EAP) extensions is transparent to the client. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 9 In this URL: http://support.microsoft.com/support/kb/articles/... EAP frame, which is responsible for encapsulating and decapsulating the Extensible Authentication Protocol (EAP) frames and interacting with Ethernet switch network module • Client-the device (workstation) that can act as the proxy, the authentication service is the only supported authentication...
User Guide
Page 10
... prompts the switch to up. A port in Authorized and Unauthorized States" section on the network access device, any EAPOL frames from the switch, the client can initiate authentication. Figure 2 Client Message Exchange Cisco router with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP...
... prompts the switch to up. A port in Authorized and Unauthorized States" section on the network access device, any EAPOL frames from the switch, the client can initiate authentication. Figure 2 Client Message Exchange Cisco router with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP...
User Guide
Page 12
...- The spanning tree port path cost value represents media speed. By default, a single instance of STP runs on all other hosts indirectly attached to the port are connected to a single LAN segment or to the switch. The spanning tree algorithm calculates the best loop... one active path can enable and disable STP on Ethernet switch network module systems. Spanning tree is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in a network. The switches do not manually disable STP). These conditions result ...
...- The spanning tree port path cost value represents media speed. By default, a single instance of STP runs on all other hosts indirectly attached to the port are connected to a single LAN segment or to the switch. The spanning tree algorithm calculates the best loop... one active path can enable and disable STP on Ethernet switch network module systems. Spanning tree is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in a network. The switches do not manually disable STP). These conditions result ...
User Guide
Page 24
... configured as source interfaces, which it . Each CDP-configured device sends periodic messages to discover Cisco devices that runs over Layer 2 (the data link layer) on the same network module. Switched Port Analyzer Switched Port Analyzer Session A Switched Port Analyzer (SPAN) session is a switched...of the switch. Destination Interface A destination interface (also called a monitor interface) is an association of already known devices, in a single SPAN session with user-specified traffic types (ingress, egress, or both to -live, or hold CDP information before discarding it can ...
... configured as source interfaces, which it . Each CDP-configured device sends periodic messages to discover Cisco devices that runs over Layer 2 (the data link layer) on the same network module. Switched Port Analyzer Switched Port Analyzer Session A Switched Port Analyzer (SPAN) session is a switched...of the switch. Destination Interface A destination interface (also called a monitor interface) is an association of already known devices, in a single SPAN session with user-specified traffic types (ingress, egress, or both to -live, or hold CDP information before discarding it can ...
User Guide
Page 25
...ACLs), which case the packets would be the same (unless a Layer-3 rewrite had occurred, in which are from the source interfaces. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 25 SPAN includes BPDUs in commands and tables as source interfaces and mixed with ...interface. • You can mix individual source interfaces within a single SPAN session. • You cannot configure a SPAN destination interface to receive ingress traffic. • When enabled, SPAN uses any BPDUs seen on your Ethernet switch network module can have one SPAN session may be run at the destination...
...ACLs), which case the packets would be the same (unless a Layer-3 rewrite had occurred, in which are from the source interfaces. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 25 SPAN includes BPDUs in commands and tables as source interfaces and mixed with ...interface. • You can mix individual source interfaces within a single SPAN session. • You cannot configure a SPAN destination interface to receive ingress traffic. • When enabled, SPAN uses any BPDUs seen on your Ethernet switch network module can have one SPAN session may be run at the destination...
User Guide
Page 26
...switch accepts or rejects the packet. Because the switch stops testing conditions after the first match, the order of a network, but not Telnet traffic. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26 An ACL is critical. otherwise, the switch drops the...interface are no conditions match, the switch rejects the packet. The Ethernet switch network module supports IP ACLs to packets. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can access different parts of access control ...
...switch accepts or rejects the packet. Because the switch stops testing conditions after the first match, the order of a network, but not Telnet traffic. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26 An ACL is critical. otherwise, the switch drops the...interface are no conditions match, the switch rejects the packet. The Ethernet switch network module supports IP ACLs to packets. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can access different parts of access control ...
User Guide
Page 27
... host 10.1.1.1 on the SMTP port. The remaining fragments also match the Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 27 and 36-Port Ethernet Switch Module for the TCP-destination-port well-known numbers equaling Simple Mail Transfer Protocol ...information and the ACE tests some Layer 4 information, the matching rules are considered to a Network Feature Overview Host A Cisco router with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from host 10.2.2.2, port 65000, going...
... host 10.1.1.1 on the SMTP port. The remaining fragments also match the Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 27 and 36-Port Ethernet Switch Module for the TCP-destination-port well-known numbers equaling Simple Mail Transfer Protocol ...information and the ACE tests some Layer 4 information, the matching rules are considered to a Network Feature Overview Host A Cisco router with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from host 10.2.2.2, port 65000, going...
User Guide
Page 28
...8226; Because the first fragment was denied, host 10.1.1.2 cannot reassemble a complete packet, so packet B is TCP and that ACE does not check any Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 28 UDP (You can specify a UDP source, destination port number, or both at the same...masks in all 32 IP destination address bits to host 10.1.1.3, port FTP. ACPs are permitted will consume bandwidth on the network and resources of interest on the Ethernet switch network module, you want to define the flow, or specify a user-defined subnet. TCP (You can be specified.) - Feature ...
...8226; Because the first fragment was denied, host 10.1.1.2 cannot reassemble a complete packet, so packet B is TCP and that ACE does not check any Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 28 UDP (You can specify a UDP source, destination port number, or both at the same...masks in all 32 IP destination address bits to host 10.1.1.3, port FTP. ACPs are permitted will consume bandwidth on the network and resources of interest on the Ethernet switch network module, you want to define the flow, or specify a user-defined subnet. TCP (You can be specified.) - Feature ...
User Guide
Page 29
... as many ACLs as you can be used for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note In an IP extended ACL (both named and numbered), a Layer 4 system-defined mask cannot precede a Layer 3 user-defined mask. therefore, a Ethernet switch network module supports this example, the first ACE permits all TCP...
... as many ACLs as you can be used for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note In an IP extended ACL (both named and numbered), a Layer 4 system-defined mask cannot precede a Layer 3 user-defined mask. therefore, a Ethernet switch network module supports this example, the first ACE permits all TCP...
User Guide
Page 31
...rely on the 802.1p value generated by the switch. Detailed examination of the network so that the core switches and routers are dropped when received by the IP phone. The Ethernet switch network module can construct an end-to the edge of the packet is expected to happen ...devices along the path can be serviced, it is called per-hop behavior. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 31 16- and 36-Port Ethernet Switch Module for Layer 2 QoS on the Ethernet switch network module. The class information in from another. Switches and routers along a path ...
...rely on the 802.1p value generated by the switch. Detailed examination of the network so that the core switches and routers are dropped when received by the IP phone. The Ethernet switch network module can construct an end-to the edge of the packet is expected to happen ...devices along the path can be serviced, it is called per-hop behavior. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 31 16- and 36-Port Ethernet Switch Module for Layer 2 QoS on the Ethernet switch network module. The class information in from another. Switches and routers along a path ...
User Guide
Page 33
..."Understanding Access Control Parameters" section on page 28. • For more information, see the "Guidelines for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • Configuration of a policy map must attach it to take if the limits are...specific traffic class by using the class policy-map configuration command and the police policy-map class configuration command. and 36-port Ethernet switch network modules. • System-defined masks are exceeded. A combination of a policy map. - A policy might contain multiple classes with these ...
..."Understanding Access Control Parameters" section on page 28. • For more information, see the "Guidelines for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • Configuration of a policy map must attach it to take if the limits are...specific traffic class by using the class policy-map configuration command and the police policy-map class configuration command. and 36-port Ethernet switch network modules. • System-defined masks are exceeded. A combination of a policy map. - A policy might contain multiple classes with these ...
User Guide
Page 35
... keeps track of multicast groups and member ports. For configuration information, see the "Configuring CoS Maps" section on Ethernet switch network modules. Note No policers can be configured on the egress interface on page 96. The number of VLANs is forwarded only to ...Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • On an interface configured for a particular multicast group, the switch adds the host port number to derive a CoS value from the CPU to the physical port. Mapping Tables The Ethernet switch network modules...
... keeps track of multicast groups and member ports. For configuration information, see the "Configuring CoS Maps" section on Ethernet switch network modules. Note No policers can be configured on the egress interface on page 96. The number of VLANs is forwarded only to ...Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • On an interface configured for a particular multicast group, the switch adds the host port number to derive a CoS value from the CPU to the physical port. Mapping Tables The Ethernet switch network modules...
User Guide
Page 36
... data stream and only forwards traffic to the forwarding table for all hosts on a switched network, even when multiple multicast groups are added to the multicast router ports. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 36 After it does not receive ...for the multicast group specified in the Layer 2 forwarding table for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series associated multicast forwarding table entry. If you can configure the switch to all VLANs. Ethernet switch network modules support a maximum of these methods: • Snooping on VLANs ...
... data stream and only forwards traffic to the forwarding table for all hosts on a switched network, even when multiple multicast groups are added to the multicast router ports. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 36 After it does not receive ...for the multicast group specified in the Layer 2 forwarding table for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series associated multicast forwarding table entry. If you can configure the switch to all VLANs. Ethernet switch network modules support a maximum of these methods: • Snooping on VLANs ...
User Guide
Page 37
... the same group (Figure 17), the CPU receives that has joined the group. Figure 16 Initial IGMP Join Message Cisco router with Ethernet switch network module 1 IGMP Report 224.1.2.3 CPU port Multicast Forwarding Table 88849 2 3 4 5 Host 1 Host 2 Host 3 Host 4 Table 7 IP Multicast Forwarding ...switch architecture allows the CPU to join. If another host (for example, Host 4) sends an IGMP join message for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Joining a Multicast Group When a host connected to the switch wants to join an IP multicast group...
... the same group (Figure 17), the CPU receives that has joined the group. Figure 16 Initial IGMP Join Message Cisco router with Ethernet switch network module 1 IGMP Report 224.1.2.3 CPU port Multicast Forwarding Table 88849 2 3 4 5 Host 1 Host 2 Host 3 Host 4 Table 7 IP Multicast Forwarding ...switch architecture allows the CPU to join. If another host (for example, Host 4) sends an IGMP join message for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Joining a Multicast Group When a host connected to the switch wants to join an IP multicast group...
User Guide
Page 38
When hosts need to the VLAN. Errors in the protocol-stack implementation or in traffic for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 17 Second Host Joining a Multicast Group Cisco router with Ethernet switch network module 1 CPU port Multicast Forwarding Table 88848 2 3 4 5 Host 1 Host 2 Host 3... switch receives a leave message from a host, it removes the group for that interface are interested in the network configuration can send a leave message. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 38 Feature Overview 16- As long as at least ...
When hosts need to the VLAN. Errors in the protocol-stack implementation or in traffic for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 17 Second Host Joining a Multicast Group Cisco router with Ethernet switch network module 1 CPU port Multicast Forwarding Table 88848 2 3 4 5 Host 1 Host 2 Host 3... switch receives a leave message from a host, it removes the group for that interface are interested in the network configuration can send a leave message. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 38 Feature Overview 16- As long as at least ...
User Guide
Page 40
...restore the forwarding of the total available bandwidth that make it an ideal choice for extending Cisco AVVID (Architecture for Cisco AVVID/IP Telephony The Ethernet switch network module has sixteen 10/100 switched Ethernet ports with multicast, broadcast, or unicast traffic before forwarding...Gigabit Ethernet port when the MAC address of the station attempting to support Cisco IP phones in Cisco AVVID Architecture This section describes the Ethernet switching capabilities of the Ethernet switch network module, which is the percentage of broadcast, unicast, or multicast packets are ...
...restore the forwarding of the total available bandwidth that make it an ideal choice for extending Cisco AVVID (Architecture for Cisco AVVID/IP Telephony The Ethernet switch network module has sixteen 10/100 switched Ethernet ports with multicast, broadcast, or unicast traffic before forwarding...Gigabit Ethernet port when the MAC address of the station attempting to support Cisco IP phones in Cisco AVVID Architecture This section describes the Ethernet switching capabilities of the Ethernet switch network module, which is the percentage of broadcast, unicast, or multicast packets are ...
User Guide
Page 41
...- Using Flow-Control Keywords Table 9 describes guidelines for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Default Switch Configuration By default, the Ethernet switch network module provides the following settings with the set to the switch fabric found in Cisco Catalyst switches and forms a single VLAN consisting of all ports in the router...
...- Using Flow-Control Keywords Table 9 describes guidelines for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Default Switch Configuration By default, the Ethernet switch network module provides the following settings with the set to the switch fabric found in Cisco Catalyst switches and forms a single VLAN consisting of all ports in the router...