User Guide
Page 1
... 36-Port Ethernet Switch Module for the 16- This document includes the following sections: • Feature Overview, page 2 • Supported Platforms, page 45 • Supported Standards, MIBs, and RFCs, page 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature History...
... 36-Port Ethernet Switch Module for the 16- This document includes the following sections: • Feature Overview, page 2 • Supported Platforms, page 45 • Supported Standards, MIBs, and RFCs, page 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature History...
User Guide
Page 2
...-Based Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the packet. New connections can also be...same system. Switched connections between Ethernet segments last only for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to configure the 16- The 16-port Ethernet switch network module has 16 10/100BASE-TX ports and an optional 10/...
...-Based Authentication, page 8 • Spanning Tree Protocol, page 12 • Cisco Discovery Protocol, page 24 • Switched Port Analyzer, page 24 • Network Security with ACLs, page 25 • Quality of Service, page 29 • Maximum Number of the packet. New connections can also be...same system. Switched connections between Ethernet segments last only for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to configure the 16- The 16-port Ethernet switch network module has 16 10/100BASE-TX ports and an optional 10/...
User Guide
Page 3
...hub through which workstations or servers connect to a common backplane within the hub, and the bandwidth of users by a configurable aging timer; and 36-Port Ethernet Switch Module for a specified number of the frames received. On a typical Ethernet hub, all devices attached to a single interface ...table by all ports connect to the network. so if an address remains inactive for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large number of the network...
...hub through which workstations or servers connect to a common backplane within the hub, and the bandwidth of users by a configurable aging timer; and 36-Port Ethernet Switch Module for a specified number of the frames received. On a typical Ethernet hub, all devices attached to a single interface ...table by all ports connect to the network. so if an address remains inactive for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large number of the network...
User Guide
Page 4
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Layer 2 Interface Modes Switchport mode access puts the interface into permanent trunking mode. Only access VLAN traffic will stay in the... operated in 100-Mb mode 4 for the specific VLAN. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN trunk with the spanning tree...
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Layer 2 Interface Modes Switchport mode access puts the interface into permanent trunking mode. Only access VLAN traffic will stay in the... operated in 100-Mb mode 4 for the specific VLAN. Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the VLAN trunk with the spanning tree...
User Guide
Page 5
... duplicate VLAN names, incorrect VLAN-type specifications, and security violations. VTP minimizes misconfigurations and configuration inconsistencies that you can be associated with data frames on page 98. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 SVIs support routing protocol and...36-Port Ethernet Switch Module for a VLAN interface. Then assign an IP address to the VLAN tag associated with a VLAN, but it is a physical port that you enter the vlan interface configuration command for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview ...
... duplicate VLAN names, incorrect VLAN-type specifications, and security violations. VTP minimizes misconfigurations and configuration inconsistencies that you can be associated with data frames on page 98. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5 SVIs support routing protocol and...36-Port Ethernet Switch Module for a VLAN interface. Then assign an IP address to the VLAN tag associated with a VLAN, but it is a physical port that you enter the vlan interface configuration command for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview ...
User Guide
Page 6
... each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 VTP server is in one and only one of one or more interconnected switches that they receive out their VTP and VLAN configurations as VTP version) for each trunk...VLAN IDs (801.Q) • VTP domain name • VTP configuration revision number • VLAN configuration, including maximum transmission unit (MTU) size for the entire VTP domain. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN ...
... each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 VTP server is in one and only one of one or more interconnected switches that they receive out their VTP and VLAN configurations as VTP version) for each trunk...VLAN IDs (801.Q) • VTP domain name • VTP configuration revision number • VLAN configuration, including maximum transmission unit (MTU) size for the entire VTP domain. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN ...
User Guide
Page 7
...are not performed when new information is obtained from a VTP message, or when information is saved in NVRAM. A Ethernet switch network module system supports a maximum of overwritten VLAN databases. The selected mode applies to parse. The unrecognized TLV is read from the addresses in...VTP transparent switch inspects VTP messages for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you use VTP in your network: • All switches in a VTP domain must run the same VTP version. • You must configure a password on a switch unless ...
...are not performed when new information is obtained from a VTP message, or when information is saved in NVRAM. A Ethernet switch network module system supports a maximum of overwritten VLAN databases. The selected mode applies to parse. The unrecognized TLV is read from the addresses in...VTP transparent switch inspects VTP messages for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview VTP Version 2 If you use VTP in your network: • All switches in a VTP domain must run the same VTP version. • You must configure a password on a switch unless ...
User Guide
Page 8
...describes how to configure IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from connecting to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series ... in an EtherChannel. For example, if the traffic on the same module. • Configure all interfaces in an EtherChannel to avoid configuration problems: • All Ethernet interfaces on all modules support EtherChannel (maximum of an EtherChannel. using the destination MAC address always...
...describes how to configure IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from connecting to a switch port before making available any services offered by itself, make interfaces incompatible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series ... in an EtherChannel. For example, if the traffic on the same module. • Configure all interfaces in an EtherChannel to avoid configuration problems: • All Ethernet interfaces on all modules support EtherChannel (maximum of an EtherChannel. using the destination MAC address always...
User Guide
Page 10
... The specific exchange of the frame, the client responds with a RADIUS server. Figure 2 Client Message Exchange Cisco router with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP...using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the client has been successfully authenticated. For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message ...
... The specific exchange of the frame, the client responds with a RADIUS server. Figure 2 Client Message Exchange Cisco router with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP...using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the client has been successfully authenticated. For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message ...
User Guide
Page 11
... ignoring all ingress and egress traffic except for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the authorized state...• Point-to-point • Wireless LAN In a point-to-point configuration (see Figure 1 on page 9), only one client can be connected to ...using the client's MAC address. and 36-Port Ethernet Switch Module for 802.1x packets. The port transmits and receives normal traffic... and received through the port. The switch cannot provide authentication services to begin in the unauthorized state, but authentication can retransmit the...
... ignoring all ingress and egress traffic except for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in the authorized state...• Point-to-point • Wireless LAN In a point-to-point configuration (see Figure 1 on page 9), only one client can be connected to ...using the client's MAC address. and 36-Port Ethernet Switch Module for 802.1x packets. The port transmits and receives normal traffic... and received through the port. The switch cannot provide authentication services to begin in the unauthorized state, but authentication can retransmit the...
User Guide
Page 12
... the frames to the network. Spanning Tree Protocol defines a tree with Ethernet switch network module Authentication server (RADIUS) 88850 Wireless client Spanning Tree Protocol This section describes how to configure the Spanning Tree Protocol (STP) on a switch are granted access to construct a loop...-free path. When two ports on Ethernet switch network module systems. Spanning tree is put in the network. Cisco IOS Release 12.2(2)XT, 12...
... the frames to the network. Spanning Tree Protocol defines a tree with Ethernet switch network module Authentication server (RADIUS) 88850 Wireless client Spanning Tree Protocol This section describes how to configure the Spanning Tree Protocol (STP) on a switch are granted access to construct a loop...-free path. When two ports on Ethernet switch network module systems. Spanning tree is put in the network. Cisco IOS Release 12.2(2)XT, 12...
User Guide
Page 13
This is selected. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 Each configuration BPDU contains the following minimal information: • The unique...and max-age protocol timers When a switch transmits a bridge packet data unit (BPDU) frame, all switches are configured with the default priority (32768), the switch with each Layer 2 interface The Bridge Protocol Data Units (BPDU) ...the root. • A root port is transmitted receive the BPDU. and 36-Port Ethernet Switch Module for each VLAN, the switch with each VLAN on which frames is forwarded to the root bridge through which...
This is selected. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 Each configuration BPDU contains the following minimal information: • The unique...and max-age protocol timers When a switch transmits a bridge packet data unit (BPDU) frame, all switches are configured with the default priority (32768), the switch with each Layer 2 interface The Bridge Protocol Data Units (BPDU) ...the root. • A root port is transmitted receive the BPDU. and 36-Port Ethernet Switch Module for each VLAN, the switch with each VLAN on which frames is forwarded to the root bridge through which...
User Guide
Page 15
If properly configured, each Layer 2 interface stabilizes to the forwarding state, where both learning and frame forwarding are enabled. In the learning state, the Layer 2 interface continues to block frame forwarding as it should go to the learning state, and resets the forward delay timer. 3. Cisco IOS Release ...for the forward delay timer to expire and then moves the Layer 2 interface to the forwarding or blocking state. and 36-Port Ethernet Switch Module for the forwarding database. 4. Figure 4 STP Port States Boot-up . The Layer 2 interface is put into the listening state while ...
If properly configured, each Layer 2 interface stabilizes to the forwarding state, where both learning and frame forwarding are enabled. In the learning state, the Layer 2 interface continues to block frame forwarding as it should go to the learning state, and resets the forward delay timer. 3. Cisco IOS Release ...for the forward delay timer to expire and then moves the Layer 2 interface to the forwarding or blocking state. and 36-Port Ethernet Switch Module for the forwarding database. 4. Figure 4 STP Port States Boot-up . The Layer 2 interface is put into the listening state while ...
User Guide
Page 21
16- and 36-Port Ethernet Switch Module for all interfaces have the same priority value, spanning ... blocks other interfaces. You can view the default Spanning Tree configuration values. Default Spanning Tree Configuration In Table 4 you want spanning tree to select first and higher Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 21... you want spanning tree to select last. If all VLANs Bridge priority 32768 Spanning tree port priority (configurable on interfaces configured as Layer 2 trunk ports) Ethernet: 10 Hello time 2 seconds Forward delay time 15 seconds Maximum...
16- and 36-Port Ethernet Switch Module for all interfaces have the same priority value, spanning ... blocks other interfaces. You can view the default Spanning Tree configuration values. Default Spanning Tree Configuration In Table 4 you want spanning tree to select first and higher Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 21... you want spanning tree to select last. If all VLANs Bridge priority 32768 Spanning tree port priority (configurable on interfaces configured as Layer 2 trunk ports) Ethernet: 10 Hello time 2 seconds Forward delay time 15 seconds Maximum...
User Guide
Page 22
... that it has an alternate path to the root switch. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that connects directly to select last. The switch tries to determine if it has...switch. (Self-looped ports are no link failures. Feature Overview 16- and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-tree max-age global configuration command. If all ports on a switch receives inferior BPDUs from its designated ports and moves them...
... that it has an alternate path to the root switch. Under STP rules, the switch ignores inferior BPDUs for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series cost values to interfaces that connects directly to select last. The switch tries to determine if it has...switch. (Self-looped ports are no link failures. Feature Overview 16- and 36-Port Ethernet Switch Module for the configured maximum aging time specified by the spanning-tree max-age global configuration command. If all ports on a switch receives inferior BPDUs from its designated ports and moves them...
User Guide
Page 24
...status of network traffic to -live, or hold CDP information before discarding it can configure EtherChannel as a source interface. EtherChannel interfaces cannot be configured as source interfaces, which it . Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 24 You can have ... that are source interfaces for network traffic analysis. You cannot configure a SPAN destination interface to discover Cisco devices that runs over Layer 2 (the data link layer) on the interface. and 36-Port Ethernet Switch Module for analysis. SPAN sessions allow you to monitor traffic on ...
...status of network traffic to -live, or hold CDP information before discarding it can configure EtherChannel as a source interface. EtherChannel interfaces cannot be configured as source interfaces, which it . Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 24 You can have ... that are source interfaces for network traffic analysis. You cannot configure a SPAN destination interface to discover Cisco devices that runs over Layer 2 (the data link layer) on the interface. and 36-Port Ethernet Switch Module for analysis. SPAN sessions allow you to monitor traffic on ...
User Guide
Page 25
...rewrite had occurred, in commands and tables as source interfaces and mixed with ACLs Network security on your Ethernet switch network module can have one SPAN session may be replicated. • SPAN destinations never participate in the monitored traffic, so any ...network traffic received and transmitted by the source interfaces for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can mix individual source interfaces within a single SPAN session. • You cannot configure a SPAN destination interface to the destination interface. 16...
...rewrite had occurred, in commands and tables as source interfaces and mixed with ACLs Network security on your Ethernet switch network module can have one SPAN session may be replicated. • SPAN destinations never participate in the monitored traffic, so any ...network traffic received and transmitted by the source interfaces for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can mix individual source interfaces within a single SPAN session. • You cannot configure a SPAN destination interface to the destination interface. 16...
User Guide
Page 26
..., the switch drops the packet. As packets enter the switch on an interface, ACLs associated with features configured on physical Layer 2 interfaces. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can allow one . Because the switch stops testing conditions after the first...
..., the switch drops the packet. As packets enter the switch on an interface, ACLs associated with features configured on physical Layer 2 interfaces. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet filtering can allow one . Because the switch stops testing conditions after the first...
User Guide
Page 27
...the examples, the eq keyword after the destination address means to test for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with these commands, applied to all Layer 4 information is a ...so on the SMTP port. 16- All other fragments are considered to host 10.1.1.1 on . Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from host 10...
...the examples, the eq keyword after the destination address means to test for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with these commands, applied to all Layer 4 information is a ...so on the SMTP port. 16- All other fragments are considered to host 10.1.1.1 on . Consider access list 102, configured with Ethernet switch network module Host B Human Resources network Research & Development network = ACL denying traffic from Host B and permitting traffic from host 10...
User Guide
Page 28
...ACE only checks Layer 3 information when applied to define the flow, or specify a user-defined subnet. Understanding Access Control Parameters Before configuring ACLs on the Telnet port. The Classification Field or mask is from host 10.2.2.2, port 65001, going to host 10.1.1.2 on ...fragment was denied, host 10.1.1.2 cannot reassemble a complete packet, so packet B is present. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they are called rules. IP destination address (Specify all 32 IP source address bits ...
...ACE only checks Layer 3 information when applied to define the flow, or specify a user-defined subnet. Understanding Access Control Parameters Before configuring ACLs on the Telnet port. The Classification Field or mask is from host 10.2.2.2, port 65001, going to host 10.1.1.2 on ...fragment was denied, host 10.1.1.2 cannot reassemble a complete packet, so packet B is present. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they are called rules. IP destination address (Specify all 32 IP source address bits ...