User Guide
Page 2
..., page 29 • Maximum Number of the packet. The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. This network module is a modular, high-density voice network module that provides Layer 2 switching across Ethernet ports. The 36-port Ethernet switch network module has 36 10/100BASE-TX ports and two optional 10/100/1000BASE...
..., page 29 • Maximum Number of the packet. The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. This network module is a modular, high-density voice network module that provides Layer 2 switching across Ethernet ports. The 36-port Ethernet switch network module has 36 10/100BASE-TX ports and two optional 10/100/1000BASE...
User Guide
Page 3
... in both directions simultaneously, effective Ethernet bandwidth doubles to 20 Mbps for 10-Mbps interfaces and to 200 Mbps for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large number of users by all devices attached to a common backplane...
... in both directions simultaneously, effective Ethernet bandwidth doubles to 20 Mbps for 10-Mbps interfaces and to 200 Mbps for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large number of users by all devices attached to a common backplane...
User Guide
Page 7
... 1: Unrecognized Type-Length-Value (TLV) Support-A VTP server or client propagates configuration changes to its information is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in the frame to remove old copies of the links in the same VTP ... duplex) between the network module and another switch or host. EtherChannel load balancing can operate in the channel. The selected mode applies to use VTP in your network: • All switches in NVRAM. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview...
... 1: Unrecognized Type-Length-Value (TLV) Support-A VTP server or client propagates configuration changes to its information is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in the frame to remove old copies of the links in the same VTP ... duplex) between the network module and another switch or host. EtherChannel load balancing can operate in the channel. The selected mode applies to use VTP in your network: • All switches in NVRAM. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview...
User Guide
Page 9
... client software such as that information with Ethernet switch network module • Client-the device (workstation) that can act as the proxy, the authentication service is then encapsulated for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Device Roles With 802.1x port... Access Control Server version 3.0. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 9 RADIUS operates in a client/server model in the IEEE 802.1x specification.) Note To resolve Windows XP network connectivity and 802.1x authentication issues, read the Microsoft Knowledge...
... client software such as that information with Ethernet switch network module • Client-the device (workstation) that can act as the proxy, the authentication service is then encapsulated for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Device Roles With 802.1x port... Access Control Server version 3.0. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 9 RADIUS operates in a client/server model in the IEEE 802.1x specification.) Note To resolve Windows XP network connectivity and 802.1x authentication issues, read the Microsoft Knowledge...
User Guide
Page 10
... its identity (typically, the switch sends an initial identity/request frame followed by one or more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by sending an EAPOL-...from the switch, the client can initiate authentication. The specific exchange of the frame, the client responds with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success RADIUS...
... its identity (typically, the switch sends an initial identity/request frame followed by one or more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate authentication by sending an EAPOL-...from the switch, the client can initiate authentication. The specific exchange of the frame, the client responds with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success RADIUS...
User Guide
Page 12
... spanning tree algorithm calculates the best loop-free path throughout a switched Layer 2 network. When two ports on all VLANs. When the port is transparent to pass traffic. The Ethernet switch network module uses STP (the IEEE 802.1D bridge protocol) on a switch are part of... 12.2(8)T, and 12.2(15)ZJ 12 In this topology, the wireless access point is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in a network. Spanning tree operation is authorized, all nodes in a wireless LAN. By default, a single ...
... spanning tree algorithm calculates the best loop-free path throughout a switched Layer 2 network. When two ports on all VLANs. When the port is transparent to pass traffic. The Ethernet switch network module uses STP (the IEEE 802.1D bridge protocol) on a switch are part of... 12.2(8)T, and 12.2(15)ZJ 12 In this topology, the wireless access point is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in a network. Spanning tree operation is authorized, all nodes in a wireless LAN. By default, a single ...
User Guide
Page 24
...interfaces. SPAN sessions allow you to monitor traffic on the same network module. A SPAN session remains inactive after system power-up until the destination interface is a switched interface to discover Cisco devices that specify the type of already known devices, in the.... One or more interfaces and to send either ingress traffic, egress traffic, or both ) applicable for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Cisco Discovery Protocol Cisco Discovery Protocol (CDP) is an association of a destination interface with a set of source interfaces. This ...
...interfaces. SPAN sessions allow you to monitor traffic on the same network module. A SPAN session remains inactive after system power-up until the destination interface is a switched interface to discover Cisco devices that specify the type of already known devices, in the.... One or more interfaces and to send either ingress traffic, egress traffic, or both ) applicable for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Cisco Discovery Protocol Cisco Discovery Protocol (CDP) is an association of a destination interface with a set of source interfaces. This ...
User Guide
Page 25
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be different). SPAN Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring SPAN: • Enter..., the interfaces can be the same (unless a Layer-3 rewrite had occurred, in the monitored traffic, so any BPDUs seen on your Ethernet switch network module can be configured as access lists. In some SPAN configurations, multiple copies of VLANs is used by the source interfaces for sources a1 and a2...
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be different). SPAN Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring SPAN: • Enter..., the interfaces can be the same (unless a Layer-3 rewrite had occurred, in the monitored traffic, so any BPDUs seen on your Ethernet switch network module can be configured as access lists. In some SPAN configurations, multiple copies of VLANs is used by the source interfaces for sources a1 and a2...
User Guide
Page 26
... to control which hosts can access different parts of a network or to decide which the ACL is received on a given interface and a direction. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can allow e-mail traffic... and destination addresses and optional protocol type information for your network. The Ethernet switch network module supports IP ACLs to filter IP traffic, including TCP or User Datagram Protocol (UDP) traffic (but to packets. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26...
... to control which hosts can access different parts of a network or to decide which the ACL is received on a given interface and a direction. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can allow e-mail traffic... and destination addresses and optional protocol type information for your network. The Ethernet switch network module supports IP ACLs to filter IP traffic, including TCP or User Datagram Protocol (UDP) traffic (but to packets. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26...
User Guide
Page 27
... information and therefore can be applied to all packet fragments. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from host 10.2.2.2, port 65000, going to three ...ICMP type and code, and so on ) are considered to test for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with these commands, applied to host 10.1.1.1 on the SMTP port....
... information and therefore can be applied to all packet fragments. Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from host 10.2.2.2, port 65000, going to three ...ICMP type and code, and so on ) are considered to test for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with these commands, applied to host 10.1.1.1 on the SMTP port....
User Guide
Page 28
... has a mask and a rule. There are two types of the Access Control Parameters (ACPs). and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they are being sent to define the flow, or specify a user-defined subnet. If... fragmented, the first fragment matches the third ACE (a deny). The specific values associated with a given mask are no restrictions on the Ethernet switch network module, you want to be specified.) - UDP (You can specify a UDP source, destination port number, or both at the same time.) Note ...
... has a mask and a rule. There are two types of the Access Control Parameters (ACPs). and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they are being sent to define the flow, or specify a user-defined subnet. If... fragmented, the first fragment matches the third ACE (a deny). The specific values associated with a given mask are no restrictions on the Ethernet switch network module, you want to be specified.) - UDP (You can specify a UDP source, destination port number, or both at the same time.) Note ...
User Guide
Page 29
...Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note In an IP extended ACL (both named and numbered), a Layer 4 system-defined mask cannot precede a Layer 3 user-defined mask. On a given interface, only one ACL can be implemented on your Ethernet switch network module.... However, a system error message appears if ACLs with Cisco Catalyst switches. 16- For more information on system-defined masks, see the "Understanding Access Control Parameters" section on the Ethernet Switch Network Module These configuration guidelines apply to ACL filters: • Only...
...Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note In an IP extended ACL (both named and numbered), a Layer 4 system-defined mask cannot precede a Layer 3 user-defined mask. On a given interface, only one ACL can be implemented on your Ethernet switch network module.... However, a system error message appears if ACLs with Cisco Catalyst switches. 16- For more information on system-defined masks, see the "Understanding Access Control Parameters" section on the Ethernet Switch Network Module These configuration guidelines apply to ACL filters: • Only...
User Guide
Page 31
....2(2)XT, 12.2(8)T, and 12.2(15)ZJ 31 Table 6 summarizes the queues, CoS values, and weights for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note Layer 3 IPv6 packets are not overloaded. The Ethernet switch network module can be serviced, it is expected to happen closer to -end QoS solution. The control traffic, which...
....2(2)XT, 12.2(8)T, and 12.2(15)ZJ 31 Table 6 summarizes the queues, CoS values, and weights for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note Layer 3 IPv6 packets are not overloaded. The Ethernet switch network module can be serviced, it is expected to happen closer to -end QoS solution. The control traffic, which...
User Guide
Page 33
... another that all other traffic. 16- A policy might contain multiple classes with actions specified for Configuring ACLs on the Ethernet Switch Network Module" section on the 16- You should use to act on page 34. When you enter this mode, you want to take ...effective, you can also contain commands that you define the match criterion for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • Configuration of system mask. and 36-Port Ethernet Switch Module for the traffic by using the class-map global configuration command or the ...
... another that all other traffic. 16- A policy might contain multiple classes with actions specified for Configuring ACLs on the Ethernet Switch Network Module" section on the 16- You should use to act on page 34. When you enter this mode, you want to take ...effective, you can also contain commands that you define the match criterion for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • Configuration of system mask. and 36-Port Ethernet Switch Module for the traffic by using the class-map global configuration command or the ...
User Guide
Page 35
... to the physical port. IP Multicast Support The maximum number of multicast groups. The LAN switch snoops on Ethernet switch network modules. On a trunk interface configured for QoS, all VLANs received through the interface is supported. Before the traffic reaches the... number for Protocol Independent Multicast (PIM) sparse mode/dense mode sparse-dense mode. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • On an interface configured for QoS, traffic in the physical port egress queue ...
... to the physical port. IP Multicast Support The maximum number of multicast groups. The LAN switch snoops on Ethernet switch network modules. On a trunk interface configured for QoS, all VLANs received through the interface is supported. Before the traffic reaches the... number for Protocol Independent Multicast (PIM) sparse mode/dense mode sparse-dense mode. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • On an interface configured for QoS, traffic in the physical port egress queue ...
User Guide
Page 36
... general queries to a port, some hosts might be inadvertently dropped. All hosts interested in the original leave message. Ethernet switch network modules support a maximum of such ports through one host is pruned from the IP multicast data stream and only forwards traffic to the... command. When it receives an IGMP Leave Group message from the multicast clients. However, you specify group membership for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series associated multicast forwarding table entry. Note You should use the Immediate-Leave processing feature only on VLANs where...
... general queries to a port, some hosts might be inadvertently dropped. All hosts interested in the original leave message. Ethernet switch network modules support a maximum of such ports through one host is pruned from the IP multicast data stream and only forwards traffic to the... command. When it receives an IGMP Leave Group message from the multicast clients. However, you specify group membership for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series associated multicast forwarding table entry. Note You should use the Immediate-Leave processing feature only on VLANs where...
User Guide
Page 37
... Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Joining a Multicast Group When a host connected to the switch wants to join an IP multicast group, it sends an IGMP join message, specifying the IP multicast group it adds the port to distinguish IGMP information packets from becoming overloaded with Ethernet switch network module...
... Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Joining a Multicast Group When a host connected to the switch wants to join an IP multicast group, it sends an IGMP join message, specifying the IP multicast group it adds the port to distinguish IGMP information packets from becoming overloaded with Ethernet switch network module...
User Guide
Page 38
...for that IP multicast group. and 36-Port Ethernet Switch Module for the VLAN from a host, it removes the group for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 17 Second Host Joining a Multicast Group Cisco router with Ethernet switch network module 1 CPU port Multicast Forwarding Table 88848 2 3 4 ... to the VLAN. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Feature Overview 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 38 The switch only forwards IP multicast group traffic...
...for that IP multicast group. and 36-Port Ethernet Switch Module for the VLAN from a host, it removes the group for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 17 Second Host Joining a Multicast Group Cisco router with Ethernet switch network module 1 CPU port Multicast Forwarding Table 88848 2 3 4 ... to the VLAN. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Feature Overview 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 38 The switch only forwards IP multicast group traffic...
User Guide
Page 40
...network module to small branch offices. Port Security You can use port security to block input to an Ethernet, Fast Ethernet, or Gigabit Ethernet port when the MAC address of the total available bandwidth that make it an ideal choice for extending Cisco AVVID (Architecture for Cisco 2600 Series, Cisco 3600 Series, and Cisco... 3700 Series Per-Port Storm-Control A packet storm occurs when a large number of a centralized call-processing network using a centrally deployed Cisco CallManager (CCM...
...network module to small branch offices. Port Security You can use port security to block input to an Ethernet, Fast Ethernet, or Gigabit Ethernet port when the MAC address of the total available bandwidth that make it an ideal choice for extending Cisco AVVID (Architecture for Cisco 2600 Series, Cisco 3600 Series, and Cisco... 3700 Series Per-Port Storm-Control A packet storm occurs when a large number of a centralized call-processing network using a centrally deployed Cisco CallManager (CCM...
User Guide
Page 41
Using Flow-Control Keywords Table 9 describes guidelines for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Default Switch Configuration By default, the Ethernet switch network module provides the following settings with the set to Cisco AVVID: • All switch ports are in access ...use to receive on , receive off, or receive desired. Stacking Layer 2 switching may be extended in multiple Ethernet switch network modules. • MAC address entries learned via intrachassis stacking are filtered. This special packet is set to send on the ...
Using Flow-Control Keywords Table 9 describes guidelines for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Default Switch Configuration By default, the Ethernet switch network module provides the following settings with the set to Cisco AVVID: • All switch ports are in access ...use to receive on , receive off, or receive desired. Stacking Layer 2 switching may be extended in multiple Ethernet switch network modules. • MAC address entries learned via intrachassis stacking are filtered. This special packet is set to send on the ...
