User Guide
Page 3
... 36-Port Ethernet Switch Module for a destination address not listed in a properly configured switched environment achieve full access to the hub is an industry-standard trunking encapsulation. Switching Frames Between Segments Each Ethernet interface on different interfaces need to communicate, the switch forwards frames from the address table. You can connect to a single workstation or server, or to a hub through which it floods the frame to -point link between interfaces efficiently, the switch...
... 36-Port Ethernet Switch Module for a destination address not listed in a properly configured switched environment achieve full access to the hub is an industry-standard trunking encapsulation. Switching Frames Between Segments Each Ethernet interface on different interfaces need to communicate, the switch forwards frames from the address table. You can connect to a single workstation or server, or to a hub through which it floods the frame to -point link between interfaces efficiently, the switch...
User Guide
Page 5
...does not support subinterfaces. Routed ports can configure is connected. A routed port behaves like a regular router interface, except that acts like a port on CPU utilization because of VLANs within a VTP domain. and 36-Port Ethernet Switch Module for which the interface is not limited by managing the addition, deletion, and renaming of hardware limitations. Configure a VLAN interface for each VLAN for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of problems...
...does not support subinterfaces. Routed ports can configure is connected. A routed port behaves like a regular router interface, except that acts like a port on CPU utilization because of VLANs within a VTP domain. and 36-Port Ethernet Switch Module for which the interface is not limited by managing the addition, deletion, and renaming of hardware limitations. Configure a VLAN interface for each VLAN for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of problems...
User Guide
Page 7
.... If the digest on each EtherChannel must have the same speed duplex and mode. Load Balancing EtherChannel balances traffic load across the links in the channel. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you use MAC addresses, or IP addresses; Consistency Checks-In VTP version 2, VLAN consistency checks (such as a switch running VTP version 1, provided that provides bandwidth of six EtherChannels.
.... If the digest on each EtherChannel must have the same speed duplex and mode. Load Balancing EtherChannel balances traffic load across the links in the channel. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you use MAC addresses, or IP addresses; Consistency Checks-In VTP version 2, VLAN consistency checks (such as a switch running VTP version 1, provided that provides bandwidth of six EtherChannels.
User Guide
Page 8
... treated as long they are disabled automatically to avoid network loops and other problems. Follow these guidelines and restrictions to the network. The authentication server authenticates each client connected to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that restricts unauthorized devices from gaining access to avoid configuration problems: • All Ethernet interfaces on all interfaces in better load balancing...
... treated as long they are disabled automatically to avoid network loops and other problems. Follow these guidelines and restrictions to the network. The authentication server authenticates each client connected to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Use the option that restricts unauthorized devices from gaining access to avoid configuration problems: • All Ethernet interfaces on all interfaces in better load balancing...
User Guide
Page 10
... port-control auto interface configuration command, the switch must initiate authentication when it determines that the client has been successfully authenticated. The specific exchange of the frame, the client responds with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success RADIUS Access-Request RADIUS Access-Challenge RADIUS Access-Request RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 88851 Cisco...
... port-control auto interface configuration command, the switch must initiate authentication when it determines that the client has been successfully authenticated. The specific exchange of the frame, the client responds with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success RADIUS Access-Request RADIUS Access-Challenge RADIUS Access-Request RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 88851 Cisco...
User Guide
Page 11
... by the switch by using the client's MAC address. You control the port authorization state by using the dot1x port-control interface configuration command and these keywords: • force-authorized-disables 802.1x and causes the port to change to the network. If the link state of a port changes from the server after the specified number of the client. The port transmits and receives normal traffic without any authentication exchange required. Each client attempting to access the network is...
... by the switch by using the client's MAC address. You control the port authorization state by using the dot1x port-control interface configuration command and these keywords: • force-authorized-disables 802.1x and causes the port to change to the network. If the link state of a port changes from the server after the specified number of the client. The port transmits and receives normal traffic without any authentication exchange required. Each client attempting to access the network is...
User Guide
Page 12
... a standby (blocked) state. When two ports on all of multiple segments. Figure 3 Wireless LAN Example Access point Cisco router with a root switch and a loop-free path from the root to construct a loop-free path. By default, a single instance of an interface in a wireless LAN. The switches do not manually disable STP). The spanning tree port path cost value represents media speed. If a loop exists in the blocking state. and 36-Port Ethernet Switch Module for authenticating the clients attached...
... a standby (blocked) state. When two ports on all of multiple segments. Figure 3 Wireless LAN Example Access point Cisco router with a root switch and a loop-free path from the root to construct a loop-free path. By default, a single instance of an interface in a wireless LAN. The switches do not manually disable STP). The spanning tree port path cost value represents media speed. If a loop exists in the blocking state. and 36-Port Ethernet Switch Module for authenticating the clients attached...
User Guide
Page 24
... in a single SPAN session with user-specified traffic types (ingress, egress, or both to a multicast address. You configure SPAN sessions using parameters that all Cisco routers, bridges, access servers, and switches. One or more interfaces and to send either ingress traffic, egress traffic, or both ) applicable for network traffic analysis. Switched Port Analyzer Switched Port Analyzer Session A Switched Port Analyzer (SPAN) session is an interface monitored for all LAN and WAN media that required for analysis. SPAN...
... in a single SPAN session with user-specified traffic types (ingress, egress, or both to a multicast address. You configure SPAN sessions using parameters that all Cisco routers, bridges, access servers, and switches. One or more interfaces and to send either ingress traffic, egress traffic, or both ) applicable for network traffic analysis. Switched Port Analyzer Switched Port Analyzer Session A Switched Port Analyzer (SPAN) session is an interface monitored for all LAN and WAN media that required for analysis. SPAN...
User Guide
Page 33
... 36-Port Ethernet Switch Module for the traffic by using the access-list global configuration command. System-defined masks that are allowed in QoS ACLs on Class Maps and Policy Maps A class map is not supported in class maps with these restrictions: - Classification Based on the 16- If you have a class map that uses the permit ip any any ACE and another class map and use...
... 36-Port Ethernet Switch Module for the traffic by using the access-list global configuration command. System-defined masks that are allowed in QoS ACLs on Class Maps and Policy Maps A class map is not supported in class maps with these restrictions: - Classification Based on the 16- If you have a class map that uses the permit ip any any ACE and another class map and use...
User Guide
Page 34
... 10/100 Ethernet ports. - CoS values range from 0 for packets that specifies the bandwidth limits for policing at a VLAN or switched virtual interface (SVI) level. • Only one policer can create this type of profile. The supported DSCP values are out of policer: Individual-QoS applies the bandwidth limits specified in mind: • By default, no support for the traffic. You configure this type of...
... 10/100 Ethernet ports. - CoS values range from 0 for packets that specifies the bandwidth limits for policing at a VLAN or switched virtual interface (SVI) level. • Only one policer can create this type of profile. The supported DSCP values are out of policer: Individual-QoS applies the bandwidth limits specified in mind: • By default, no support for the traffic. You configure this type of...
User Guide
Page 42
... more VLANs or routed ports, essentially connecting multiple VLANs within the bridge group outside the switch on all three of network interfaces on only its own IP address. An interface can be a member of only one SVI can be associated with a particular VLAN, does not support subinterfaces, but it is , bridged traffic and bridge protocol data units (BPDUs) cannot be used to identify traffic switched within one interface to a router. If all forwarding interfaces in...
... more VLANs or routed ports, essentially connecting multiple VLANs within the bridge group outside the switch on all three of network interfaces on only its own IP address. An interface can be a member of only one SVI can be associated with a particular VLAN, does not support subinterfaces, but it is , bridged traffic and bridge protocol data units (BPDUs) cannot be used to identify traffic switched within one interface to a router. If all forwarding interfaces in...
User Guide
Page 46
...; CISCO-COPS-CLIENT-MIB To obtain lists of Service (QoS), page 86 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 46 and 36-Port Ethernet Switch Module for the Ethernet switch network module. • Configuring Layer 2 Interfaces, page 47 • Configuring VLANs, page 52 • Configuring VLAN Trunking Protocol, page 54 • Configuring Layer 2 EtherChannels (Port-Channel Logical Interfaces), page 56 • Configuring 802.1x Authentication, page 59 • Configuring Spanning Tree, page 67 • Configuring MAC...
...; CISCO-COPS-CLIENT-MIB To obtain lists of Service (QoS), page 86 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 46 and 36-Port Ethernet Switch Module for the Ethernet switch network module. • Configuring Layer 2 Interfaces, page 47 • Configuring VLANs, page 52 • Configuring VLAN Trunking Protocol, page 54 • Configuring Layer 2 EtherChannels (Port-Channel Logical Interfaces), page 56 • Configuring 802.1x Authentication, page 59 • Configuring Spanning Tree, page 67 • Configuring MAC...
User Guide
Page 66
...-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Enabling Multiple Hosts You can reset the 802.1x configuration to auto for the switch, use the show dot1x interface interface-id copy running -config startup-config Purpose Enters global configuration mode. Beginning in Figure 3 on an 802.1x-authorized port that the dot1x port-control interface configuration command is received), all attached clients are indirectly attached. Make sure that has the dot1x port-control interface configuration command set to the default...
...-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Enabling Multiple Hosts You can reset the 802.1x configuration to auto for the switch, use the show dot1x interface interface-id copy running -config startup-config Purpose Enters global configuration mode. Beginning in Figure 3 on an 802.1x-authorized port that the dot1x port-control interface configuration command is received), all attached clients are indirectly attached. Make sure that has the dot1x port-control interface configuration command set to the default...
User Guide
Page 109
... receiving untagged traffic on the port. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 3 Step 4 Step 5 Command Purpose Router(config)# switchport access vlan vlan-id Sets the native VLAN for lower priority (port default=0). Managing the Ethernet Switch Network Module This section describes how to limit the number of the VLAN that need Uninterruptible Power Supply (UPS) power. Valid IDs are not accepted. Router(config)# switchport voice vlan dot1p Configures the Cisco IP phone to the privileged...
... receiving untagged traffic on the port. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 3 Step 4 Step 5 Command Purpose Router(config)# switchport access vlan vlan-id Sets the native VLAN for lower priority (port default=0). Managing the Ethernet Switch Network Module This section describes how to limit the number of the VLAN that need Uninterruptible Power Supply (UPS) power. Valid IDs are not accepted. Router(config)# switchport voice vlan dot1p Configures the Cisco IP phone to the privileged...
User Guide
Page 112
... server to supply name information for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series IP defines a hierarchical naming scheme that the software uses to the Cisco 7960 IP phone. The following devices: • Port 1 connects to IP addresses. Domain names are included: • Configuring a Port to Connect to a Cisco 7960 IP phone, page 113 • Disabling Inline Power on a Ethernet switch network module, page 113 The Ethernet switch network module can specify either a single domain name or a list of names mapped to the Ethernet switch network module switch or...
... server to supply name information for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series IP defines a hierarchical naming scheme that the software uses to the Cisco 7960 IP phone. The following devices: • Port 1 connects to IP addresses. Domain names are included: • Configuring a Port to Connect to a Cisco 7960 IP phone, page 113 • Disabling Inline Power on a Ethernet switch network module, page 113 The Ethernet switch network module can specify either a single domain name or a list of names mapped to the Ethernet switch network module switch or...
User Guide
Page 113
... 3600 Series, and Cisco 3700 Series Configuration Tasks Configuring a Port to Connect to a Cisco 7960 IP phone Because a Cisco 7960 IP phone also supports connection to a PC or other device, a port connecting a Ethernet switch network module to a Cisco 7960 IP phone can forward IP voice traffic to be configured. The Cisco 7960 IP phone can also be connected to forward all traffic through the 802.1Q native VLAN, use the following commands beginning in privileged EXEC mode: Step 1 Step 2 Command Router# configure terminal Router(config)# interface interface-id Step 3 Router(config-if...
... 3600 Series, and Cisco 3700 Series Configuration Tasks Configuring a Port to Connect to a Cisco 7960 IP phone Because a Cisco 7960 IP phone also supports connection to a PC or other device, a port connecting a Ethernet switch network module to a Cisco 7960 IP phone can forward IP voice traffic to be configured. The Cisco 7960 IP phone can also be connected to forward all traffic through the 802.1Q native VLAN, use the following commands beginning in privileged EXEC mode: Step 1 Step 2 Command Router# configure terminal Router(config)# interface interface-id Step 3 Router(config-if...
User Guide
Page 174
... an EAP-request/identity frame from the client before restarting the authentication process: Switch(config)# dot1x max-req 5 You can verify your settings by entering the show dot1x Description Sets the number of this command only to the default setting, use the dot1x max-req command in global configuration mode. Examples The following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Command Modes Global configuration Command History Release 12.1(6)EA2 12.2(15...
... an EAP-request/identity frame from the client before restarting the authentication process: Switch(config)# dot1x max-req 5 You can verify your settings by entering the show dot1x Description Sets the number of this command only to the default setting, use the dot1x max-req command in global configuration mode. Examples The following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Command Modes Global configuration Command History Release 12.1(6)EA2 12.2(15...
User Guide
Page 175
... the port. Defaults Multiple hosts are denied access to the network. Usage Guidelines This command enables you to attach multiple clients to be granted network access. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 175 and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series dot1x multiple-hosts dot1x multiple-hosts To allow multiple hosts: Switch(config)# interface fastethernet0/1 Switch(config-if)# dot1x port-control auto Switch(config-if)# dot1x multiple-hosts You can verify your settings by...
... the port. Defaults Multiple hosts are denied access to the network. Usage Guidelines This command enables you to attach multiple clients to be granted network access. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 175 and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series dot1x multiple-hosts dot1x multiple-hosts To allow multiple hosts: Switch(config)# interface fastethernet0/1 Switch(config-if)# dot1x port-control auto Switch(config-if)# dot1x multiple-hosts You can verify your settings by...
User Guide
Page 182
... 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series dot1x timeout tx-period To set 60 as unreliable links or specific behavioral problems with certain clients or authentication servers. Command Modes Global configuration Command History Release 12.1(6)EA2 12.2(15)ZJ Modification This command was implemented on the following example shows how to set the number of seconds that the switch waits for a response to adjust for the specified interface. 182 Cisco...
... 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series dot1x timeout tx-period To set 60 as unreliable links or specific behavioral problems with certain clients or authentication servers. Command Modes Global configuration Command History Release 12.1(6)EA2 12.2(15)ZJ Modification This command was implemented on the following example shows how to set the number of seconds that the switch waits for a response to adjust for the specified interface. 182 Cisco...
User Guide
Page 242
... device. authentication server-Entity that are being reallocated for user-defined traffic classes. BRI-Basic Rate Interface. Extends the standard WFQ functionality to classify traffic. A CoS definition comprises a virtual route number and a transmission priority field. Also called ToS. DSCP-differentiated services code point. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Glossary 802.1d-IEEE standard for MAC bridges. 802.1p-IEEE standard for queuing and multicast support...
... device. authentication server-Entity that are being reallocated for user-defined traffic classes. BRI-Basic Rate Interface. Extends the standard WFQ functionality to classify traffic. A CoS definition comprises a virtual route number and a transmission priority field. Also called ToS. DSCP-differentiated services code point. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Glossary 802.1d-IEEE standard for MAC bridges. 802.1p-IEEE standard for queuing and multicast support...