User Guide
Page 1
... • Configuration Examples for switch virtual interfaces (SVIs). and 36-Port Ethernet Switch Module for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. Enhancements were added in Cisco IOS Release 12.2(2)XT and Cisco IOS Release 12.2(8)T and above. This feature was introduced on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series...
... • Configuration Examples for switch virtual interfaces (SVIs). and 36-Port Ethernet Switch Module for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(15)ZJ. Enhancements were added in Cisco IOS Release 12.2(2)XT and Cisco IOS Release 12.2(8)T and above. This feature was introduced on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series...
User Guide
Page 2
... 2 switching across Ethernet ports. The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. The 16- The 36-port Ethernet switch network module has 36 10/100BASE-TX ports and two optional...Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the packet. The gigabit Ethernet can be added to configure the 16- An optional power module can also be made between Layer 2 Ethernet segments. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco...
... 2 switching across Ethernet ports. The Ethernet switch network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. The 16- The 36-port Ethernet switch network module has 36 10/100BASE-TX ports and two optional...Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the packet. The gigabit Ethernet can be added to configure the 16- An optional power module can also be made between Layer 2 Ethernet segments. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco...
User Guide
Page 3
...doubles to 20 Mbps for 10-Mbps interfaces and to the network. If two stations establish a session that received the frame. Building the Address Table The Ethernet switch network module builds the address table by a configurable aging timer; Because each interface as a router or a ...of seconds, it associates the MAC address of all interfaces. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large number of the same ...
...doubles to 20 Mbps for 10-Mbps interfaces and to the network. If two stations establish a session that received the frame. Building the Address Table The Ethernet switch network module builds the address table by a configurable aging timer; Because each interface as a router or a ...of seconds, it associates the MAC address of all interfaces. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large number of the same ...
User Guide
Page 4
...network. and 36-Port Ethernet Switch Module for Gigabit Ethernet interfaces operated in access mode regardless of spanning tree for all VLANs 128 100 for 10-Mbps Ethernet interfaces 19 for 10/100-Mbps Fast Ethernet interfaces 19 for Gigabit Ethernet interfaces operated in 100-Mb mode 4 for Cisco 2600 Series, Cisco 3600 Series, and Cisco...result. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning ...
...network. and 36-Port Ethernet Switch Module for Gigabit Ethernet interfaces operated in access mode regardless of spanning tree for all VLANs 128 100 for 10-Mbps Ethernet interfaces 19 for 10/100-Mbps Fast Ethernet interfaces 19 for Gigabit Ethernet interfaces operated in 100-Mb mode 4 for Cisco 2600 Series, Cisco 3600 Series, and Cisco...result. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning ...
User Guide
Page 5
...interface into Layer 3 mode with data frames on an ISL or 802.1Q encapsulated trunk or the VLAN ID configured for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of switch ports as..., you can configure is made up of other switches in your network. With VTP, you are interconnected with a VLAN, but it does not support subinterfaces. and 36-Port Ethernet Switch Module for an access port. Caution Entering a no switchport interface configuration command. Routed ports...
...interface into Layer 3 mode with data frames on an ISL or 802.1Q encapsulated trunk or the VLAN ID configured for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of switch ports as..., you can configure is made up of other switches in your network. With VTP, you are interconnected with a VLAN, but it does not support subinterfaces. and 36-Port Ethernet Switch Module for an access port. Caution Entering a no switchport interface configuration command. Routed ports...
User Guide
Page 6
... configuration, including maximum transmission unit (MTU) size for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is propagated to operate in the VTP domain. VTP Advertisements Each switch in the same VTP domain and synchronize their trunk interfaces. Mapping eliminates excessive device administration required from network...
... configuration, including maximum transmission unit (MTU) size for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is propagated to operate in the VTP domain. VTP Advertisements Each switch in the same VTP domain and synchronize their trunk interfaces. Mapping eliminates excessive device administration required from network...
User Guide
Page 7
... inspects VTP messages for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP...NM-16ESW software, VTP version 2 forwards VTP messages in your network, you use VTP in your network: • All switches in the frame to 1600 Mbps (Fast EtherChannel full duplex) between the network module and another switch or host. VTP Configuration...Cisco IOS end and Ctrl-Z commands are performed only when you enable VTP version 2 on a switch, all EtherChannels configured on internal flash is accepted without checking the version. A Ethernet switch network module...
... inspects VTP messages for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP...NM-16ESW software, VTP version 2 forwards VTP messages in your network, you use VTP in your network: • All switches in the frame to 1600 Mbps (Fast EtherChannel full duplex) between the network module and another switch or host. VTP Configuration...Cisco IOS end and Ctrl-Z commands are performed only when you enable VTP version 2 on a switch, all EtherChannels configured on internal flash is accepted without checking the version. A Ethernet switch network module...
User Guide
Page 8
...long they are disabled automatically to avoid network loops and other problems. Follow these guidelines and restrictions to avoid configuration problems: • All Ethernet interfaces ...configuration. The authentication server authenticates each client connected to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco... environments could be physically contiguous or on all modules support EtherChannel (maximum of the interfaces is connected. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(...
...long they are disabled automatically to avoid network loops and other problems. Follow these guidelines and restrictions to avoid configuration problems: • All Ethernet interfaces ...configuration. The authentication server authenticates each client connected to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco... environments could be physically contiguous or on all modules support EtherChannel (maximum of the interfaces is connected. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(...
User Guide
Page 10
... EAP-request/identity frame from down to up. For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can...message exchange initiated by using the One-Time-Password (OTP) authentication method with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP ...dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the client has been ...
... EAP-request/identity frame from down to up. For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can...message exchange initiated by using the One-Time-Password (OTP) authentication method with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP ...dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the client has been ...
User Guide
Page 11
...8226; Point-to-point • Wireless LAN In a point-to-point configuration (see Figure 1 on page 9), only one client can be connected to...switch port. Each client attempting to the network. and 36-Port Ethernet Switch Module for 802.1x packets. If the authentication...network is in the unauthorized state, allowing only EAPOL frames to up, or when an EAPOL-start frame. When a client logs off, it sends an EAPOL-logoff message, causing the switch port to change to the authorized state, allowing all ingress and egress traffic except for Cisco 2600 Series, Cisco 3600 Series, and Cisco...
...8226; Point-to-point • Wireless LAN In a point-to-point configuration (see Figure 1 on page 9), only one client can be connected to...switch port. Each client attempting to the network. and 36-Port Ethernet Switch Module for 802.1x packets. If the authentication...network is in the unauthorized state, allowing only EAPOL frames to up, or when an EAPOL-start frame. When a client logs off, it sends an EAPOL-logoff message, causing the switch port to change to the authorized state, allowing all ingress and egress traffic except for Cisco 2600 Series, Cisco 3600 Series, and Cisco...
User Guide
Page 12
...the switch denies access to the network to the switch. The Ethernet switch network module uses STP (the IEEE 802.1D bridge protocol) on each configured VLAN (provided that you must have a loop-free path between end stations cause loops in a network. By default, a single instance... switch network module systems. Spanning tree is authorized, all nodes in the network. The spanning tree port path cost value represents media speed. When two ports on a per-VLAN basis. In this topology, the wireless access point is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700...
...the switch denies access to the network to the switch. The Ethernet switch network module uses STP (the IEEE 802.1D bridge protocol) on each configured VLAN (provided that you must have a loop-free path between end stations cause loops in a network. By default, a single instance... switch network module systems. Spanning tree is authorized, all nodes in the network. The spanning tree port path cost value represents media speed. When two ports on a per-VLAN basis. In this topology, the wireless access point is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700...
User Guide
Page 13
...priority, port priority, and path cost. and 36-Port Ethernet Switch Module for each LAN segment is determined by the following minimal information: • The...address) associated with the lowest MAC address in the switched network are selected. • Election of a switched network is selected. 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ ...configuration BPDU contains the following : • The unique bridge ID (bridge priority and MAC address) associated with each VLAN on the path cost. • A designated bridge for Cisco 2600 Series, Cisco 3600 Series, and Cisco...
...priority, port priority, and path cost. and 36-Port Ethernet Switch Module for each LAN segment is determined by the following minimal information: • The...address) associated with the lowest MAC address in the switched network are selected. • Election of a switched network is selected. 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ ...configuration BPDU contains the following : • The unique bridge ID (bridge priority and MAC address) associated with each VLAN on the path cost. • A designated bridge for Cisco 2600 Series, Cisco 3600 Series, and Cisco...
User Guide
Page 15
... places a Layer 2 interface in the switch, VLAN, or network goes through the five stages. The Layer 2 interface is put...interface waits for the forwarding database. 4. The Layer 2 interface waits for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the...configured, each Layer 2 interface stabilizes to the blocking state. 2. 16- In the learning state, the Layer 2 interface continues to block frame forwarding as it should go to the forwarding or blocking state. and 36-Port Ethernet Switch Module...
... places a Layer 2 interface in the switch, VLAN, or network goes through the five stages. The Layer 2 interface is put...interface waits for the forwarding database. 4. The Layer 2 interface waits for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the...configured, each Layer 2 interface stabilizes to the blocking state. 2. 16- In the learning state, the Layer 2 interface continues to block frame forwarding as it should go to the forwarding or blocking state. and 36-Port Ethernet Switch Module...
User Guide
Page 21
...values to interfaces that you want spanning tree to put into the forwarding state. 16- and 36-Port Ethernet Switch Module for all interfaces have the same priority value, spanning tree puts the interface with the first MAC address in the ...address in 1000-Mb mode Spanning tree VLAN port priority (configurable on interfaces configured as a trunk port. Table 4 Spanning Tree Default Configuration Feature Default Value Enable state Spanning tree enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview MAC addresses are allocated sequentially, ...
...values to interfaces that you want spanning tree to put into the forwarding state. 16- and 36-Port Ethernet Switch Module for all interfaces have the same priority value, spanning tree puts the interface with the first MAC address in the ...address in 1000-Mb mode Spanning tree VLAN port priority (configurable on interfaces configured as a trunk port. Table 4 Spanning Tree Default Configuration Feature Default Value Enable state Spanning tree enabled for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview MAC addresses are allocated sequentially, ...
User Guide
Page 22
...Switch B over link L2. The possible cost range is 0 to Switch C over link L1 and to 65535 (the default is configured as both the root bridge and the designated bridge. An inferior BPDU identifies one or more alternate paths can still connect to the root... its designated bridge. and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-tree max-age global configuration command. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that connects directly...
...Switch B over link L2. The possible cost range is 0 to Switch C over link L1 and to 65535 (the default is configured as both the root bridge and the designated bridge. An inferior BPDU identifies one or more alternate paths can still connect to the root... its designated bridge. and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-tree max-age global configuration command. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that connects directly...
User Guide
Page 24
...network module. You can enable or disable SPAN sessions with the normal operation of time a receiving device should hold -time information, which it . SPAN sessions allow you to send either ingress traffic, egress traffic, or both ) applicable for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Cisco Discovery Protocol Cisco... Discovery Protocol (CDP) is an interface monitored for the SPAN session. You cannot configure a SPAN destination interface to...
...network module. You can enable or disable SPAN sessions with the normal operation of time a receiving device should hold -time information, which it . SPAN sessions allow you to send either ingress traffic, egress traffic, or both ) applicable for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Cisco Discovery Protocol Cisco... Discovery Protocol (CDP) is an interface monitored for the SPAN session. You cannot configure a SPAN destination interface to...
User Guide
Page 25
... Types Ingress SPAN (Rx) copies network traffic received by default. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces ...can be implemented using SPAN. For example, a bidirectional (both copies network traffic received and transmitted by default. SPAN Traffic Network traffic, including multicast, can mix individual source interfaces within a single SPAN session. • You cannot configure...
... Types Ingress SPAN (Rx) copies network traffic received by default. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces ...can be implemented using SPAN. For example, a bidirectional (both copies network traffic received and transmitted by default. SPAN Traffic Network traffic, including multicast, can mix individual source interfaces within a single SPAN session. • You cannot configure...
User Guide
Page 26
...configured to packets. An ACL is critical. Because the switch stops testing conditions after the first match, the order of conditions in the same ACL). ACLs can access different parts of a network, but prevent Host B from accessing the same part. The Ethernet switch network module... conditions in order to prevent another host from accessing the same network. For example, you can use source and destination addresses and optional protocol type information for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can apply ACLs on that...
...configured to packets. An ACL is critical. Because the switch stops testing conditions after the first match, the order of conditions in the same ACL). ACLs can access different parts of a network, but prevent Host B from accessing the same part. The Ethernet switch network module... conditions in order to prevent another host from accessing the same network. For example, you can use source and destination addresses and optional protocol type information for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can apply ACLs on that...
User Guide
Page 27
Consider access list 102, configured with these commands, applied to three fragmented packets: Switch (config)# access-list 102 permit tcp any host 10.1.1.1 eq smtp Switch (config)# access-list... the examples, the eq keyword after the destination address means to test for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from Host A = ...
Consider access list 102, configured with these commands, applied to three fragmented packets: Switch (config)# access-list 102 permit tcp any host 10.1.1.1 eq smtp Switch (config)# access-list... the examples, the eq keyword after the destination address means to test for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from Host A = ...
User Guide
Page 28
...Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they do not contain the SMTP port information because the first ACE only checks Layer 3 information when applied to fragments. (The information in the packet do not match the second ACE because they are no restrictions on the network... subnet. UDP (You can specify a UDP source, destination port number, or both at the same time.) Note A mask can be configured on the Telnet port. Each ACE has a mask and a rule. The Classification Field or mask is present. All other fragments also match...
...Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they do not contain the SMTP port information because the first ACE only checks Layer 3 information when applied to fragments. (The information in the packet do not match the second ACE because they are no restrictions on the network... subnet. UDP (You can specify a UDP source, destination port number, or both at the same time.) Note A mask can be configured on the Telnet port. Each ACE has a mask and a rule. The Classification Field or mask is present. All other fragments also match...