Cisco NME-APPRE-302-K9 User Guide

Cisco NME-APPRE-302-K9 - Application eXtension Platform Enhanced Network Module NME-302 Manual

Get Cisco NME-APPRE-302-K9 - Application eXtension Platform Enhanced Network Module NME-302 PDF manuals and user guides
UPC - 882658173400
View all Cisco NME-APPRE-302-K9 manuals
Add to My Manuals
Save this manual to your list of manuals

Cisco NME-APPRE-302-K9 manual content summary:

  • Cisco NME-APPRE-302-K9 | User Guide - Page 1
    , and fallback bridging support for switch virtual interfaces (SVIs). This feature module describes the 16- and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in Cisco IOS Release 12.2(2)XT and Cisco IOS Release 12
  • Cisco NME-APPRE-302-K9 | User Guide - Page 2
    -Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to configure the 16- and 36-port Ethernet switch network modules. This network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series
  • Cisco NME-APPRE-302-K9 | User Guide - Page 3
    an industry-standard trunking encapsulation. You can configure a trunk on a single Ethernet interface or on an EtherChannel bundle. For more information about EtherChannel, see the "Configuring Layer 2 EtherChannels (Port-Channel Logical Interfaces)" section on page 56. Cisco IOS Release 12.2(2)XT
  • Cisco NME-APPRE-302-K9 | User Guide - Page 4
    Default Layer 2 Ethernet Interface Configuration Feature Interface mode Trunk encapsulation Allowed VLAN range Default VLAN (for access ports) Native VLAN (for 802.1Q trunks) Spanning Tree Protocol (STP) STP port priority STP port cost Default Value switchport mode access / trunk switchport trunk
  • Cisco NME-APPRE-302-K9 | User Guide - Page 5
    limited by software; however, the interrelationship between this number and the number of other features being configured might have an impact on CPU utilization because of hardware limitations. Routed ports support only CEF switching (IP fast switching is not supported). VLAN Trunk Protocol VLAN
  • Cisco NME-APPRE-302-K9 | User Guide - Page 6
    to other switches in the same VTP domain and synchronize their VLAN configuration with other switches based on advertisements received over trunk links. VTP server is the default mode. • Client-VTP clients behave the same way as VTP servers, but you cannot create, change, or delete VLANs
  • Cisco NME-APPRE-302-K9 | User Guide - Page 7
    disabled by default). • Do not enable VTP version 2 on a switch unless all switches in the same VTP domain are version 2-capable. When you enable VTP version 2 on a switch, all version 2-capable switches in the domain enable VTP version 2 • The Cisco IOS end and Ctrl-Z commands are not supported in
  • Cisco NME-APPRE-302-K9 | User Guide - Page 8
    EtherChannel interfaces are disabled automatically to avoid network loops and other problems. Follow these guidelines and restrictions to avoid configuration problems: • All Ethernet interfaces on all modules support EtherChannel (maximum of eight interfaces) with no requirement that interfaces be
  • Cisco NME-APPRE-302-K9 | User Guide - Page 9
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco User Service (RADIUS) security system with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server; it is available in Cisco software that supports the RADIUS client and 802.1x. Cisco IOS Release 12.2(2)XT,
  • Cisco NME-APPRE-302-K9 | User Guide - Page 10
    to request the client's identity. Note If 802.1x is not enabled or supported on the network access device, any EAPOL frames from the client are dropped. -Password (OTP) authentication method with a RADIUS server. Figure 2 Client Message Exchange Cisco router with Ethernet switch network module
  • Cisco NME-APPRE-302-K9 | User Guide - Page 11
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco default authentication services Supported Topologies The 802.1x port-based authentication is supported in two topologies: • Point-to-point • Wireless LAN In a point-to-point configuration Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 11
  • Cisco NME-APPRE-302-K9 | User Guide - Page 12
    switch network module uses STP (the IEEE 802.1D bridge protocol) on all VLANs. By default, a single instance of STP runs on each configured VLAN (provided that you do not manually disable tree port path cost value represents media speed. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12
  • Cisco NME-APPRE-302-K9 | User Guide - Page 13
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco configuration BPDUs to communicate and compute the spanning tree topology. Each configuration each switch based on the path cost. • A designated bridge for switches are configured with the default priority (32768 , and path cost. Spanning tree
  • Cisco NME-APPRE-302-K9 | User Guide - Page 14
    Feature Overview 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that From learning to forwarding or to disabled • From forwarding to disabled Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 14
  • Cisco NME-APPRE-302-K9 | User Guide - Page 15
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco power up. If properly configured, each Layer 2 learning state, and resets the forward delay timer. 3. In frame forwarding as it learns end station location information for the Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15
  • Cisco NME-APPRE-302-K9 | User Guide - Page 16
    switched from another interface for forwarding. • Does not incorporate end station location into its address database. (There is no learning the system module. • Does not transmit BPDUs received from the system module. • Receives and responds to network management messages. Cisco IOS Release 12
  • Cisco NME-APPRE-302-K9 | User Guide - Page 17
    switched from another interface for forwarding. • Does not incorporate end station location into its address database. (There is no learning system module. • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 18
    for forwarding. • Incorporates end station location into its address database. • Receives BPDUs and directs them to the system module. • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12
  • Cisco NME-APPRE-302-K9 | User Guide - Page 19
    2 interface for forwarding. • Incorporates end station location information into its address database. • Receives BPDUs and directs them to the system module. • Processes BPDUs received from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12
  • Cisco NME-APPRE-302-K9 | User Guide - Page 20
    forwarding. • Does not incorporate end station location into its address database receive BPDUs for transmission from the system module. MAC Address Allocation The MAC address allocation Cisco 3640 or higher Cisco 3620 Cisco 2600 Maximum number of VLANs allowed 64 VLANS 32 VLANs 32 VLANs Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 21
    of 4 (the default is 128). Cisco IOS software uses the port priority value when the interface is configured as an access port and uses VLAN port priority values when the interface is configured as a trunk port. Spanning Tree Port Cost The spanning tree port path cost default value is derived from
  • Cisco NME-APPRE-302-K9 | User Guide - Page 22
    other interfaces. The possible cost range is 0 to 65535 (the default is media-specific). Spanning tree uses the port cost value when the interface is configured as an access port and uses VLAN port cost values when the interface is configured as a trunk port. BackboneFast BackboneFast is initiated
  • Cisco NME-APPRE-302-K9 | User Guide - Page 23
    Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series takes approximately 30 seconds, twice the Forward Delay time if the default Forward Delay time of 15 seconds is set. Figure 11 ) Added switch 44965 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 23
  • Cisco NME-APPRE-302-K9 | User Guide - Page 24
    ) applicable for all the source interfaces. You can configure source interfaces in any VLAN. You can configure EtherChannel as source interfaces, which means that all interfaces in the specified VLANs are source interfaces for the SPAN session. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
  • Cisco NME-APPRE-302-K9 | User Guide - Page 25
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be configured as source interfaces and mixed with nontrunk source interfaces; however, the destination interface never encapsulates. Traffic Types Ingress
  • Cisco NME-APPRE-302-K9 | User Guide - Page 26
    be forwarded but not Telnet traffic. ACLs can be configured to block inbound traffic. An ACL contains an ordered . The Ethernet switch network module supports IP ACLs to filter IP traffic, including TCP or User Datagram Protocol (UDP) traffic Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 26
  • Cisco NME-APPRE-302-K9 | User Guide - Page 27
    fragment unless the fragment contains Layer 4 information. Consider access list 102, configured with these commands, applied to three fragmented packets: Switch (config)# access-list 102 permit tcp any host 10.1.1.1 eq smtp Switch (config)# access-list 102 deny tcp any host 10.1.1.2 eq telnet Switch
  • Cisco NME-APPRE-302-K9 | User Guide - Page 28
    mask-masks that are defined by the user. • System-defined mask-these masks can be configured on any interface: Switch (config-ext-nacl)# permit tcp any any Switch (config-ext-nacl)# deny tcp any any Switch (config-ext-nacl)# permit udp any any Switch (config-ext-nacl)# deny udp any any Switch
  • Cisco NME-APPRE-302-K9 | User Guide - Page 29
    the same mask; therefore, a Ethernet switch network module supports this ACL. • Only four user-defined masks can be defined for the entire system. These can be used for either security or quality of service (QoS) but cannot be shared by QoS and security. You can configure as many ACLs as you require
  • Cisco NME-APPRE-302-K9 | User Guide - Page 30
    which are called the User Priority bits. On interfaces configured as Layer 2 802.1Q trunks, all traffic is user priority) Layer 3 IPv4 Packet Version length ToS (1 byte) Len ID Offset TTL Proto FCS IP-SA IP-DA Data DSCP 60980 Note Layer 2 ISL Frame is not supported in this release. Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 31
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco you can construct an end-to-end QoS solution. Implementing serviced, it is skipped. Weighted Random Early Detection (WRED) is not supported on the Fast Ethernet ports. You cannot configure Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
  • Cisco NME-APPRE-302-K9 | User Guide - Page 32
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series • Policing determines whether a packet is in or out of profile according to the configured queues to place the packet, then services the queues according to the configured weights. 60979 Classification Classification is the
  • Cisco NME-APPRE-302-K9 | User Guide - Page 33
    Series, and Cisco 3700 Series Feature Overview • Configuration of a deny action is not supported in QoS ACLs on the 16- and 36-port Ethernet switch network modules. • System-defined masks are allowed in class maps with these restrictions: - A combination of system-defined and user-defined masks
  • Cisco NME-APPRE-302-K9 | User Guide - Page 34
    the packet for internal use. The IETF defines the six most-significant bits of the 1-byte type of service (ToS) field as the DSCP. The priority represented by a particular DSCP value is configurable. The supported DSCP values are 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56. • Trust the CoS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 35
    queue depending on the COS value. Packets are handled according to type of service. Note No policers can be configured on the egress interface on Ethernet switch network modules. Mapping Tables The Ethernet switch network modules support these types of marking to apply to the switch: • CoS value to
  • Cisco NME-APPRE-302-K9 | User Guide - Page 36
    manipulation by IGMP snooping. Multicast group membership lists can consist of both user-defined and IGMP snooping-learned settings. Ethernet switch network modules support a maximum of 255 IP multicast groups and support both IGMP version 1 and IGMP version 2. If a port spanning-tree, a port group
  • Cisco NME-APPRE-302-K9 | User Guide - Page 37
    numbers of Host 1 and the router. Figure 16 Initial IGMP Join Message Cisco router with Ethernet switch network module 1 IGMP Report 224.1.2.3 CPU port Multicast Forwarding Table 88849 2 3 4 forwarding table as shown in Table 8. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 37
  • Cisco NME-APPRE-302-K9 | User Guide - Page 38
    Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 17 Second Host Joining a Multicast Group Cisco router with Ethernet switch network module 1 or in the network configuration can cause a storm. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 38
  • Cisco NME-APPRE-302-K9 | User Guide - Page 39
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco is disabled by default. The switch supports global storm-control example, the broadcast traffic exceeded the configured threshold between time intervals T1 and T2 and storm-control unicast interface configuration commands to set up the
  • Cisco NME-APPRE-302-K9 | User Guide - Page 40
    module to support Cisco IP phones in a branch office on your network. Also included is a section describing the default settings on the Ethernet switch network module. The following topics are included: • Configuring the Ethernet Switch Network Module for Cisco AVVID/IP Telephony, page 40 • Default
  • Cisco NME-APPRE-302-K9 | User Guide - Page 41
    Overview Default Switch Configuration By default, the Ethernet switch network module provides the following settings with respect to Cisco AVVID: • All switch ports are in access VLAN 1. • All switch ports are static access ports, not 802.1Q trunk ports. • Default voice VLAN is not configured on
  • Cisco NME-APPRE-302-K9 | User Guide - Page 42
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco support subinterfaces configured as a routed port with its own IP address. If all three of these ports are assigned to the same bridge group, non-IP protocol frames can be forwarded among the end stations connected to the switch. Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 43
    client, CGMP fast-leave • Dynamic ports • Dynamic access ports • Secure ports • Dynamic trunk protocol • Dynamic VLANs • GARP, GMRP, and GVRP • ISL tagging (The chip does not support ISL.) • Layer 3 switching onboard • Monitoring of VLANs Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 43
  • Cisco NME-APPRE-302-K9 | User Guide - Page 44
    series • WAN Interface Card Hardware Installation Guide For information about configuring Voice over IP features, refer to these documents: • Cisco 2600 Series Software Configuration Guide • Cisco IOS Voice, Video, and Fax Configuration Guide, Release 12.2 • Cisco IOS Voice, Video, and Fax Command
  • Cisco NME-APPRE-302-K9 | User Guide - Page 45
    platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that
  • Cisco NME-APPRE-302-K9 | User Guide - Page 46
    MAC Table Manipulation - Port Security, page 72 • Configuring Cisco Discovery Protocol, page 74 • Configuring Switched Port Analyzer, page 76 • Configuring Network Security with ACLs, page 78 • Configuring Quality of Service (QoS), page 86 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 46
  • Cisco NME-APPRE-302-K9 | User Guide - Page 47
    ranges can include both VLANs and physical interfaces. • You are not required to enter spaces before or after the comma. • The interface range command only supports VLAN interfaces that are configured with the interface vlan command. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 47
  • Cisco NME-APPRE-302-K9 | User Guide - Page 48
    2 Trunk, page 50 • Configuring an Ethernet Interface as a Layer 2 Access, page 52 Interface Speed and Duplex Configuration Guidelines When configuring an interface speed and duplex mode, note these guidelines: • If both ends of the line support autonegotiation, Cisco highly recommends the default
  • Cisco NME-APPRE-302-K9 | User Guide - Page 49
    Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Configuring the Interface Speed To set the interface speed, use the following commands in global configuration mode: Step 1 Step 2 Command Purpose Router(config)# interface fastethernet
  • Cisco NME-APPRE-302-K9 | User Guide - Page 50
    any of the default VLANs from a trunk. Activates the interface. (Required only if you shut down the interface.) Exits configuration mode. Note Ports do not support Dynamic Trunk Protocol (DTP). Ensure that the neighboring switch is set to a mode that will not send DTP. Cisco IOS Release 12.2(2)XT
  • Cisco NME-APPRE-302-K9 | User Guide - Page 51
    Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Verifying an Ethernet Interface as a Layer 2 Trunk Step 1 Use the following show commands to verify the configuration of an Ethernet interface as a Layer 2 trunk: Router# show running-config
  • Cisco NME-APPRE-302-K9 | User Guide - Page 52
    | fastethernet] slot/port switchport Configuring VLANs This section describes how to configure the VLANs on the Ethernet switch network modules, and it contains the following sections: • Configuring VLANs (optional) • Deleting a VLAN from the Database (optional) Cisco IOS Release 12.2(2)XT, 12
  • Cisco NME-APPRE-302-K9 | User Guide - Page 53
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Configuring VLANs To configure Configuration. Purpose Enters VLAN configuration default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default delete the default VLANs for
  • Cisco NME-APPRE-302-K9 | User Guide - Page 54
    active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Router# Configuring VLAN Trunking Protocol This section describes how to configure the VLAN Trunking Protocol (VTP) on the Ethernet switch network module, and contains the
  • Cisco NME-APPRE-302-K9 | User Guide - Page 55
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 1 Step 2 Step 3 Command Router# vlan database Router(vlan)# vtp server Router(vlan)# vtp domain domain-name Step 4 Router(vlan)# vtp password password out all of its trunk links. To disable VTP
  • Cisco NME-APPRE-302-K9 | User Guide - Page 56
    the port-channel logical interface. Note Cisco IOS software creates port-channel interfaces for Layer 2 EtherChannels when you configure Layer 2 Ethernet interfaces with the channel-group command. You cannot put Layer 2 Ethernet interfaces into a manually created port-channel interface. Note Layer
  • Cisco NME-APPRE-302-K9 | User Guide - Page 57
    state: 00h:10m:57s Step 3 Router# show running-config interface port-channel 2 Building configuration... Current configuration: ! interface Port-channel2 no ip address switchport switchport access vlan 10 switchport mode access end Router# Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 57
  • Cisco NME-APPRE-302-K9 | User Guide - Page 58
    Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 config)# end Purpose Configures EtherChannel load balancing, use the no form of this command to return EtherChannel load balancing to the default configuration. Exits configuration
  • Cisco NME-APPRE-302-K9 | User Guide - Page 59
    mac | src-ip | dst-ip | src-dst-ip} Router(config)# end Purpose Configures EtherChannel load balancing. Use the no keyword to return EtherChannel load balancing to the default configuration. Exits configuration mode. Configuring Removing an EtherChannel To remove an EtherChannel, use the following
  • Cisco NME-APPRE-302-K9 | User Guide - Page 60
    Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series • Setting the Switch-to-Client Frame-Retransmission Number, page 65 • Enabling Multiple Hosts, page 66 Understanding the Default 802.1x Configuration Table 10 shows the default 802.1x configuration. Table 10
  • Cisco NME-APPRE-302-K9 | User Guide - Page 61
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks 802.1x Configuration Guidelines These are the 802.1x authentication configuration guidelines: • When the 802.1x protocol is enabled, ports are authenticated before any other
  • Cisco NME-APPRE-302-K9 | User Guide - Page 62
    36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Command Step 4 interface interface-id Step 5 dot1x port-control auto Step 6 end Step 7 show dot1x Step 8 copy running-config startup-config Purpose Enters interface configuration mode, and specify the
  • Cisco NME-APPRE-302-K9 | User Guide - Page 63
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 1 Step 2 Command Purpose configure terminal Enters global configuration mode. radius-server host {hostname | Configures the RADIUS server parameters on the switch.
  • Cisco NME-APPRE-302-K9 | User Guide - Page 64
    36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command configure terminal dot1x re-authentication dot1x timeout re-authperiod seconds end show dot1x copy running-config startup-config Purpose Enters global
  • Cisco NME-APPRE-302-K9 | User Guide - Page 65
    and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Note You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and
  • Cisco NME-APPRE-302-K9 | User Guide - Page 66
    , follow these steps to reset the 802.1x configuration to the default values: Step 1 Step 2 Step 3 Step 4 Step 5 Command configure terminal dot1x default end show dot1x copy running-config startup-config Purpose Enters global configuration mode. Resets the configurable 802.1x parameters to the
  • Cisco NME-APPRE-302-K9 | User Guide - Page 67
    Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Configuring Spanning Tree • Enabling Spanning Tree, page 67 • Configuring Spanning Tree Port Priority, page 68 • Configuring Spanning Tree Port Cost, page 68 • Configuring the Bridge Priority
  • Cisco NME-APPRE-302-K9 | User Guide - Page 68
    (config-if)# [no] spanning-tree cost port-cost Purpose Selects an interface to configure. Configures the port cost for an interface. The value of port-cost can be from 1 to 200,000,000 (1 to 65,535 in Cisco IOS Releases 12.1(2)E and earlier). Use the no form of this command to restore the defaults
  • Cisco NME-APPRE-302-K9 | User Guide - Page 69
    36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 3 Command Router(config-if)# [no] spanning-tree vlan vlan-id cost port-cost Step 4 Router(config-if)# end Verifying Spanning Tree Port Cost Purpose Configures the VLAN port
  • Cisco NME-APPRE-302-K9 | User Guide - Page 70
    -tree vlan vlan-id max-age max-age Router(config)# end Purpose Configures the maximum aging time of a VLAN. The value of max-age can be from 6 to 40 seconds. Use the no form of this command to restore the defaults. Exits configuration mode. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 70
  • Cisco NME-APPRE-302-K9 | User Guide - Page 71
    config)# end Purpose Configures a switch as the root switch. Use the no form of this command to restore the defaults. Exits configuration mode. Configuring BackboneFast is not supported on Token Ring VLANs. This feature is supported for use with third-party switches. Cisco IOS Release 12.2(2)XT,
  • Cisco NME-APPRE-302-K9 | User Guide - Page 72
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Beginning in privileged EXEC mode, follow these steps to enable BackboneFast: Step 1 Step 2 Step 3 Step 4 Step 5 Command configure terminal spanning-tree backbonefast end show spanning-tree vlan vlan-id copy running-config
  • Cisco NME-APPRE-302-K9 | User Guide - Page 73
    id>] Router(config)# end Purpose Enters global configuration mode. Creates static or dynamic entry in the MAC address table. Exits configuration mode. Note Only the port where the link is up will see the dynamic entry validated in the Ethernet switch network module. Cisco IOS Release 12.2(2)XT
  • Cisco NME-APPRE-302-K9 | User Guide - Page 74
    aging-time seconds Router(config)# end Purpose Enters global configuration mode. Configures the MAC address aging-timer age in seconds Exits configuration mode. Caution Cisco advises that you not change the aging timer because the Ethernet switch network module could go out of synchronization
  • Cisco NME-APPRE-302-K9 | User Guide - Page 75
    36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Enabling Cisco Discovery Protocol To enable Cisco Discovery Protocol (CDP) globally, use the following command in global configuration mode: Step 1 Command Router(config)# cdp run
  • Cisco NME-APPRE-302-K9 | User Guide - Page 76
    [detail] Router# show cdp traffic Purpose Resets the traffic counters to zero. Deletes the Configuring Switched Port Analyzer • Specifying the Switched Port Analyzer Session, page 77 • Configuring SPAN Destinations, page 77 • Removing Sources or Destinations from a SPAN Session, page 77 Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 77
    To remove sources or destinations from a SPAN session, use the following command in global configuration mode: Step 1 Command Router(config)# no monitor session session-number Purpose Clears existing SPAN configuration for a session. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 77
  • Cisco NME-APPRE-302-K9 | User Guide - Page 78
    the "Configuring IP Services" chapter in the Cisco IP Configuration Guide for Cisco IOS Release 12.2. For detailed information about the commands, refer to Cisco IOS IP Command Reference for Cisco IOS Release 12.2. For a list of Cisco IOS features not supported on the Ethernet switch network module
  • Cisco NME-APPRE-302-K9 | User Guide - Page 79
    Cisco 3700 Series Configuration Tasks ACL Numbers The number you use to denote your ACL shows the type of access list that you are creating. Table 11 lists the access list number and corresponding type and shows whether or not they are supported by the switch. The Ethernet switch network module
  • Cisco NME-APPRE-302-K9 | User Guide - Page 80
    Note The log option is not supported on Ethernet switch network modules. end Returns to privileged EXEC mode. show access-lists [number | name] Displays the access list configuration. copy running-config startup-config (Optional) Saves your entries in the configuration file. Use the no access
  • Cisco NME-APPRE-302-K9 | User Guide - Page 81
    to each protocol, refer to the Cisco IP Command Reference for Cisco IOS Release 12.2. Note The Ethernet switch network module does not support dynamic or reflexive access lists. It also does not support filtering based on the minimize-monetary-cost type of service (TOS) bit. When creating ACEs in
  • Cisco NME-APPRE-302-K9 | User Guide - Page 82
    Step 3 Step 4 show access-lists [number | name] copy running-config startup-config The source is the number of the network or host from which the are supported on Ethernet switch interfaces. Verifies the access list configuration. (Optional) Saves your entries in the configuration file. Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 83
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Use the no access-list access-list-number global configuration by default, the end of the access list contains an implicit deny statement for all packets if it did not find a match before reaching the end.
  • Cisco NME-APPRE-302-K9 | User Guide - Page 84
    The log option is not supported on Ethernet switch interfaces. end Returns to privileged EXEC mode. show access-lists [number | name] Displays the access list configuration. copy running-config startup-config (Optional) Saves your entries in the configuration file. Step 1 Step 2 Step 3 Step
  • Cisco NME-APPRE-302-K9 | User Guide - Page 85
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks When making the standard and extended ACL, remember that, by default, the end of the ACL contains an implicit deny statement for everything if it did not find a match before
  • Cisco NME-APPRE-302-K9 | User Guide - Page 86
    Configuring Quality of Service (QoS) Before configuring module: • Understanding the Default QoS Configuration, page 87 • Configuring Classification Using Port Trust States, page 87 • Configuring a QoS Policy, page 90 • Configuring CoS Maps, page 96 • Displaying QoS Information, page 97 Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 87
    Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Understanding the Default QoS Configuration • The default port CoS value is 0. • The default port trust state is untrusted. • No policy maps are configured. • No policers are configured. • The default
  • Cisco NME-APPRE-302-K9 | User Guide - Page 88
    within the QoS Domain Trusted interface Catalyst 2950 wiring closet Trunk Cisco router with Ethernet switch network module Classification of traffic performed here 88855 Beginning in privileged EXEC mode, follow these steps to configure the port to trust the classification of the traffic that
  • Cisco NME-APPRE-302-K9 | User Guide - Page 89
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Command Step 3 mls qos trust {cos | dscp} Step 4 Step 5 Step 6 end show mls qos interface [interface-id] [policers] copy running-config startup-config Purpose Configures the port trust state. By default
  • Cisco NME-APPRE-302-K9 | User Guide - Page 90
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Step 3 Step 4 Step 5 Step 6 Command mls qos cos {default-cos | override} end show mls qos interface copy running-config startup-config Purpose Configures the default CoS value for the port. For
  • Cisco NME-APPRE-302-K9 | User Guide - Page 91
    details. end Returns to privileged EXEC mode. show access-lists Verifies your entries. copy running-config startup-config (Optional) Saves your entries in the configuration file. To delete an ACL, use the no access-list access-list-number global configuration command. Cisco IOS Release 12
  • Cisco NME-APPRE-302-K9 | User Guide - Page 92
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Beginning in privileged EXEC mode, follow these steps to create an IP extended ACL for IP traffic: Step 1 Step 2 Command configure end show access-lists copy running-config startup-config Purpose Enters global configuration
  • Cisco NME-APPRE-302-K9 | User Guide - Page 93
    5 Step 6 Step 7 end show class-map [class-map-name] copy running-config startup-config Purpose Enters global configuration mode. Creates an IP standard By default, no match criterion is supported. Only one match criterion per class map is supported, and only one ACL per class map is supported. For
  • Cisco NME-APPRE-302-K9 | User Guide - Page 94
    Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 class-default is not supported. The switch does not filter traffic based on the policy map defined by the class class-default policy-map configuration command. Cisco IOS Release
  • Cisco NME-APPRE-302-K9 | User Guide - Page 95
    the no police rate-bps burst-byte [exceed-action {drop | dscp dscp-value}] policy-map configuration command. To remove the policy map and interface association, use the no service-policy input policy-map-name interface configuration command. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 95
  • Cisco NME-APPRE-302-K9 | User Guide - Page 96
    the default map, use the no mls qos map cos-dscp global configuration command. Configuring the DSCP-to-CoS Map You use the DSCP-to-CoS map to map DSCP values in incoming packets to a CoS value, which is used to select one of the four egress queues. The Ethernet switch network modules support these
  • Cisco NME-APPRE-302-K9 | User Guide - Page 97
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Table 14 shows the default DSCP-to-CoS map. Table 14 Default DSCP-to-CoS Map DSCP values 0 CoS values 0 8, 10 16, 18 24, 26 32, 34 40, 46 48 56 1 2 3 4 5 6 7 If
  • Cisco NME-APPRE-302-K9 | User Guide - Page 98
    Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuring Power Management on the Interface To manage the powering of the Cisco IP phones, use the following commands beginning in privileged EXEC mode: Step 1 Step 2 Command Router# configure terminal Router(config
  • Cisco NME-APPRE-302-K9 | User Guide - Page 99
    and procedures, refer to these publications: • Cisco IOS IP Configuration Guide, Release 12.2, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ • Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 at this URL: http://www
  • Cisco NME-APPRE-302-K9 | User Guide - Page 100
    Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Verifying IP Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are never
  • Cisco NME-APPRE-302-K9 | User Guide - Page 101
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks IP fast switching on the same interface is disabled nbr 10.15.1.20, RPF-MFD Outgoing interface list:Null Router# Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 101
  • Cisco NME-APPRE-302-K9 | User Guide - Page 102
    globally enable IGMP snooping on the Ethernet switch network module: Step 1 Step 2 Step 3 Step 4 Step 5 Command configure terminal ip igmp snooping end show ip igmp snooping copy running-config startup-config Purpose Enters global configuration mode. Globally enables IGMP snooping in all existing
  • Cisco NME-APPRE-302-K9 | User Guide - Page 103
    Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 4 Step 5 Command Purpose show ip igmp snooping [vlan vlan-id] Displays snooping configuration. (Optional) vlan-id is the number of the VLAN. copy running-config startup-config (Optional
  • Cisco NME-APPRE-302-K9 | User Guide - Page 104
    Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Step 4 Command show mac-address-table multicast [vlan vlan-id] [user | igmp-snooping] [count] Step 5 copy running-config startup-config Purpose Displays MAC address table
  • Cisco NME-APPRE-302-K9 | User Guide - Page 105
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Enabling Global Storm-Control Enable global storm-control globally and enter the percentage of total available bandwidth that you want to be used by
  • Cisco NME-APPRE-302-K9 | User Guide - Page 106
    the shutdown keyword to disable the port during a storm. The default is to filter out the traffic. end Returns to privileged EXEC mode. show storm-control [interface] [{broadcast Verifies your entries. | multicast | unicast | history}] 106 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
  • Cisco NME-APPRE-302-K9 | User Guide - Page 107
    . This is a vital component in designing Cisco AVVID networks. The Ethernet switch network module provides the performance and intelligent services of Cisco IOS software for branch office applications. The Ethernet switch network module can identify user applications-such as voice or multicast video
  • Cisco NME-APPRE-302-K9 | User Guide - Page 108
    Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Step 4 Step 5 Command Router(config)# switchport access vlan vlan-id Router(config)# switchport voice vlan vlan-id Purpose Configures the port as "access" and assigns a data VLAN
  • Cisco NME-APPRE-302-K9 | User Guide - Page 109
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 3 Step 4 Step 5 Command Purpose Router(config)# switchport access vlan vlan-id Sets the native VLAN for untagged traffic. The value of vlan-id represents the ID of
  • Cisco NME-APPRE-302-K9 | User Guide - Page 110
    that the information was entered correctly by displaying the running configuration: Router# show running-config Configuring IP Information This section describes how to assign IP information on the Ethernet switch network module. The following topics are included: • Assigning IP Information to the
  • Cisco NME-APPRE-302-K9 | User Guide - Page 111
    connection to the switch will be lost. Specifying a Domain Name and Configuring the DNS Each unique IP address can have a host name associated with it. The Cisco IOS software maintains a EC mode, and related Telnet support operations. This cache speeds the process of converting names to addresses
  • Cisco NME-APPRE-302-K9 | User Guide - Page 112
    , the DNS, accomplishes this task. This service is enabled by default. Configuring Voice Ports This section describes how to configure voice ports on the Ethernet switch network module. The following topics are included: • Configuring a Port to Connect to a Cisco 7960 IP phone, page 113 • Disabling
  • Cisco NME-APPRE-302-K9 | User Guide - Page 113
    4 Step 5 Router(config-if)# end Router# show interface switchport Purpose Enters global configuration mode. Enters interface configuration mode, and enter the port to be configured. Instructs the switch to use 802.1p priority tagging for voice traffic and to use VLAN 0 (default native VLAN) to
  • Cisco NME-APPRE-302-K9 | User Guide - Page 114
    no monitor session session-id Router(config)# end Purpose Enters global configuration mode. Disables port monitoring for a specific session. Returns to privileged EXEC mode. Managing the ARP Table To communicate with a device (on Ethernet, for example), the software first must determine the 48-bit
  • Cisco NME-APPRE-302-K9 | User Guide - Page 115
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Managing the MAC Address Tables This section describes how to manage the MAC address tables on the Ethernet switch network module. The following topics are included: •
  • Cisco NME-APPRE-302-K9 | User Guide - Page 116
    (config)# end Purpose Enters global configuration mode. Enters the MAC address to be removed from dynamic MAC address table. Returns to privileged EXEC mode. You can remove all dynamic entries by using the clear mac-address-table dynamic command in privileged EXEC mode. 116 Cisco IOS Release
  • Cisco NME-APPRE-302-K9 | User Guide - Page 117
    commands beginning in privileged EXEC mode: Step 1 Step 2 Step 3 Command Router# configure terminal Router(config)# no mac-address-table secure hw-addr vlan vlan-id Router(config)# end Purpose Enters global configuration mode. Enters the secure MAC address, its associated port, and the VLAN ID
  • Cisco NME-APPRE-302-K9 | User Guide - Page 118
    Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuring Static Addresses A static address has the following characteristics: • It is manually entered in the address table and must be manually removed. • It can be a unicast or
  • Cisco NME-APPRE-302-K9 | User Guide - Page 119
    Ethernet switch network module, use the following commands beginning in global configuration mode: Step 1 Step 1 Step 2 Command Router(config)# interface Gigabit slot/port Router(config-if)# [no] switchport stacking-link interface Gigabit slot/port Router(config)# end Purpose Enters the current
  • Cisco NME-APPRE-302-K9 | User Guide - Page 120
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuring Layer 3 Interfaces The Ethernet switch network module supports two types of Layer 3 interfaces for routing and bridging: • SVIs: You should configure SVIs for any VLANs for which you
  • Cisco NME-APPRE-302-K9 | User Guide - Page 121
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Configuring Fallback Bridging This section describes how to configure fallback bridging on your switch. It contains this configuration information: • Understanding the Default Fallback Bridging Configuration
  • Cisco NME-APPRE-302-K9 | User Guide - Page 122
    Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Note The protected port feature is not compatible Step 6 Step 7 end show running-config copy running-config startup-config Purpose Enters global configuration mode. Assigns a
  • Cisco NME-APPRE-302-K9 | User Guide - Page 123
    the bridge group number. The range is 1 to 255. • For seconds, enter a number from 0 to 1000000. The default is 300 seconds. Returns to privileged EXEC mode. Verifies your entry. (Optional) Saves your entry in the configuration file. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 123
  • Cisco NME-APPRE-302-K9 | User Guide - Page 124
    Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series To return to the default aging-time interval, use the no bridge bridge-group aging-time global configuration command. Filtering Frames by a Specific MAC Address A switch examines
  • Cisco NME-APPRE-302-K9 | User Guide - Page 125
    Step 4 Step 5 end show running-config copy running-config startup-config Purpose Enters global configuration mode. Changes the priority of the switch. • For bridge-group, specify the bridge group number. The range is 1 to 255. • For number, enter a number from 0 to 65535. The default is 32768. The
  • Cisco NME-APPRE-302-K9 | User Guide - Page 126
    Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Step 3 Command bridge-group bridge-group priority number Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Changes the priority of an
  • Cisco NME-APPRE-302-K9 | User Guide - Page 127
    configure terminal bridge bridge-group hello-time seconds end show running-config copy running-config startup-config Purpose Enters global configuration configuration file. To return to the default setting, use the no bridge bridge-group forward-time seconds global configuration command. Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 128
    end show running-config copy running-config startup-config Purpose Enters global configuration mode. Enters interface configuration configuration file. To reenable spanning tree on the interface, use the no bridge-group bridge-group spanning-disabled interface configuration command. 128 Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 129
    36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Monitoring and Maintaining statically configured entries. Displays details about the bridge group. Displays classes of entries in the bridge forwarding database. Cisco IOS Release
  • Cisco NME-APPRE-302-K9 | User Guide - Page 130
    -Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module Configuration Examples for the 16- and 36-Port Ethernet Switch Module This section provides the following configuration examples: • Range
  • Cisco NME-APPRE-302-K9 | User Guide - Page 131
    Router(config-if)# Optional Interface Feature Examples • Interface Speed Example, page 132 • Setting the Interface Duplex Mode Example, page 132 • Adding a Description for an Interface Example, page 132 • Configuring an Ethernet Interface as a Layer 2 Trunk Example, page 132 Cisco IOS Release
  • Cisco NME-APPRE-302-K9 | User Guide - Page 132
    mode trunk Router(config-if)# no shutdown Router(config-if)# end Router# exit VLAN Configuration Example The following example shows how to configure the VLAN: Router# vlan database Router(vlan)# vlan 3 VLAN 3 added: Name: VLAN0003 Router(vlan)# exit APPLY completed. Exiting.... 132 Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 133
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module VTP Examples • VTP Server Example, page 133 • VTP Client Example, page 133 • Disabling VTP (VTP Transparent Mode) Example,
  • Cisco NME-APPRE-302-K9 | User Guide - Page 134
    port-channel load-balance src-dst-ip Router(config)# end Router(config)# Removing an EtherChannel Example The following example shows port-channel 1 being removed: Router# configure terminal Router(config)# no interface port-channel 1 Router(config)# end Note Removing the port-channel also removes
  • Cisco NME-APPRE-302-K9 | User Guide - Page 135
    802.1x on Fast Ethernet port 0/1: Switch# configure terminal Switch(config)# aaa new-model Switch(config)# aaa authentication dot1x default group radius Switch(config)# interface fastethernet0/1 Switch(config-if)# dot1x port-control auto Switch(config-if)# end Configuring the Switch-to-RADIUS-Server
  • Cisco NME-APPRE-302-K9 | User Guide - Page 136
    following example shows how to change the spanning-tree port cost of a Fast Ethernet interface: Router# configure terminal Router(config)# interface fastethernet 5/8 Router(config-if)# spanning-tree cost 18 Router(config-if)# end Router# 136 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
  • Cisco NME-APPRE-302-K9 | User Guide - Page 137
    forward-time 21 Router(config)# end Router# Maximum Aging Time for a VLAN Example The following example configures the maximum aging time for VLAN 200 to 36 seconds: Router# configure terminal Router(config)# spanning-tree vlan 200 max-age 36 Router(config)# end Router# Cisco IOS Release 12.2(2)XT
  • Cisco NME-APPRE-302-K9 | User Guide - Page 138
    MAC address table: Router(config)# mac-address-table static beef.beef.beef int fa0/11 vlan 1 Router(config)# end Cisco Discovery Protocol (CDP) Example The following example shows CDP counter configuration being configured on the NM-16ESW: Router# clear cdp counters 138 Cisco IOS Release 12.2(2)XT
  • Cisco NME-APPRE-302-K9 | User Guide - Page 139
    to any others, and display the results: Switch (config)# access-list 2 deny host 171.69.198.102 Switch (config)# access-list 2 permit any Switch(config)# end Switch# show access-lists Standard IP access list 2 deny 171.69.198.102 permit any Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
  • Cisco NME-APPRE-302-K9 | User Guide - Page 140
    to permit Gigabit Ethernet port 0/1, which is configured as a Layer 2 port, with the Marketing_group ACL applied to incoming traffic. Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ip access-group marketing_group in ... 140 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15
  • Cisco NME-APPRE-302-K9 | User Guide - Page 141
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module entering the interface: Switch(config)# interface gigabitethernet0/3 Router(config-if)# ip access- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 141
  • Cisco NME-APPRE-302-K9 | User Guide - Page 142
    Gigabit Ethernet interface 0/1: Switch# show running-config interface gigabitethernet0/1 Building configuration... Current configuration :112 bytes ! interface GigabitEthernet0/1 ip access-group 11 in snmp trap link-status no cdp enable end! 142 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15
  • Cisco NME-APPRE-302-K9 | User Guide - Page 143
    for the 16- and 36-Port Ethernet Switch Module Compiling ACLs Example For detailed information about compiling ACLs, refer to the Security Configuration Guide and the "IP Services" chapter of the Cisco IOS IP and IP Routing Configuration Guide for Cisco IOS Release 12.2. Figure 21 shows a small
  • Cisco NME-APPRE-302-K9 | User Guide - Page 144
    Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module The following example uses an extended ACL to deny traffic from port 80 (HTTP). It permits all other types of traffic: Switch(config)# access
  • Cisco NME-APPRE-302-K9 | User Guide - Page 145
    Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module Switch(config-pmap)# exit Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport mode access Switch(config-if)# service-policy
  • Cisco NME-APPRE-302-K9 | User Guide - Page 146
    for VLAN 2: Router# show running-config interface vlan 2 Building configuration... Current configuration :82 bytes ! interface Vlan2 ip address 192.168.5.90 255.255.255.0 ip pim sparse-mode end The following example shows output verifying multicasting support: Router# show ip igmp group IGMP
  • Cisco NME-APPRE-302-K9 | User Guide - Page 147
    Router# configure terminal Router(config)# interface gigabitethernet0/2 Router(config-if)# storm-control threshold 70 Router(config-if)# end Router# show storm-control Name: Gi0/2 Switchport: Enabled Administrative Mode: dynamic desirable Operational Mode: down Administrative Trunking Encapsulation
  • Cisco NME-APPRE-302-K9 | User Guide - Page 148
    .0 This configuration instructs the IP phone to generate a packet with an 802.1Q VLAN ID of 150 with an 802.1p value of 5 (default for voice server required for its configuration. Cisco IOS supports a DHCP server function. If this function is used, the Ethernet switch network module serves as a local
  • Cisco NME-APPRE-302-K9 | User Guide - Page 149
    switch network module instructs the IP phone to generate an 802.1Q frame with a null VLAN ID value but with an 802.1p value (default is COS of example illustrates the configuration on the IP phone: interface FastEthernet2/2 switchport voice vlan 5 switchport mode trunk Cisco IOS Release 12.2(2)XT,
  • Cisco NME-APPRE-302-K9 | User Guide - Page 150
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module The following example illustrates the configuration on the PC: interface FastEthernet2/3 switchport access vlan 10 Note Using a
  • Cisco NME-APPRE-302-K9 | User Guide - Page 151
    : Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet0/10 Switch(config-if)# no switchport Switch(config-if)# ip address 10.1.2.3 255.255.0.0 Switch(config-if)# no shutdown Switch(config-if)# end Cisco IOS Release 12
  • Cisco NME-APPRE-302-K9 | User Guide - Page 152
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module The following is sample output from the show interfaces privileged EXEC command for Gigabit Ethernet interface 0/2: Switch(config interface resets 0 default
  • Cisco NME-APPRE-302-K9 | User Guide - Page 153
    configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet0/10 Switch(config-if)# no switchport Switch(config-if)# ip address 10.1.2.3 255.255.0.0 Switch(config-if)# no shutdown Switch(config-if)# end resets Cisco IOS Release 12.2(2)XT,
  • Cisco NME-APPRE-302-K9 | User Guide - Page 154
    is disabled Security level is default Split horizon is enabled ICMP config interface gigabitethernet0/2 Building configuration... Current configuration : 122 bytes ! interface GigabitEthernet0/2 no switchport ip address 192.20.135.21 255.255.255.0 speed 100 mls qos trust dscp end 154 Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 155
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module Fallback Bridging Example This section describes how to configure fallback bridging on your switch. It contains this
  • Cisco NME-APPRE-302-K9 | User Guide - Page 156
    Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module Changing the Switch Priority Example The following example shows how to set the switch priority to 100 for bridge group 10: Switch(config)# bridge
  • Cisco NME-APPRE-302-K9 | User Guide - Page 157
    module. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications. • aaa authentication dot1x • class • class-map • debug dot1x • debug eswilp • debug ip igmp snooping • debug spanning-tree • deny (access-list configuration) • dot1x default
  • Cisco NME-APPRE-302-K9 | User Guide - Page 158
    Command Reference 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series • show class-map • show dot1x • show ip show storm-control • spanning-tree backbonefast • storm-control • switchport 158 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
  • Cisco NME-APPRE-302-K9 | User Guide - Page 159
    the client by using locally configured data. For example, the local and local-case methods use the username and password that are saved in the Cisco IOS configuration file. The enable and line methods use the enable and line passwords for authentication. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and
  • Cisco NME-APPRE-302-K9 | User Guide - Page 160
    dot1x default group radius none You can verify your settings by entering the show running-config privileged EXEC command. Related Commands Command aaa new-model show running-config Description Enables the AAA access control model. Displays the running configuration on the switch. 160 Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 161
    the service-policy interface configuration command; default policy-map configuration command. After entering the class command, you enter policy-map class configuration mode. When you are in this mode, these configuration commands are available: • default: sets a command to its default. Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 162
    , use the exit command. To return to privileged EXEC mode, use the end command. Note For more information about configuring IP ACLs, refer to the "Configuring IP Services" chapter in the Cisco IOS IP Configuration Guide, Release 12.2. Examples The following example shows how to create a policy map
  • Cisco NME-APPRE-302-K9 | User Guide - Page 163
    the class map. Defaults No class maps are defined. Command Modes Global configuration Command History Release configured in a class map. The ACL can have multiple access control entries (ACEs). Note The switch does not support any deny conditions in an ACL configured in a class map. Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 164
    -map 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Note For more information about configuring IP ACLs, refer to the "Configuring IP Services" chapter in the Cisco IOS IP Configuration Guide, Release 12.2. Examples The following example
  • Cisco NME-APPRE-302-K9 | User Guide - Page 165
    Remote Authentication Dial-In User Service [RADIUS] client). configuration, and the interaction with the port manager module. Enables debugging of the reauthentication state machine, which manages periodic reauthentication of the client. Defaults Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15
  • Cisco NME-APPRE-302-K9 | User Guide - Page 166
    port manager debugging messages. Defaults Debugging is disabled. services on the Ethernet switch network module being displayed: Router# debug eswilp igmp Related Commands Command show debugging Description Displays information about the types of debugging that are enabled. 166 Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 167
    example shows debugging messages for the IGMP snooping services being displayed: Router# debug ip igmp snooping IGMP snooping enabled Related Commands Command Description show ip igmp snooping Displays the IGMP snooping configuration. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
  • Cisco NME-APPRE-302-K9 | User Guide - Page 168
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco bpdu bpdu-opt config etherchannel events exceptions configuration changes. Displays debugging messages for EtherChannel support UplinkFast events. Defaults Debugging is platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series
  • Cisco NME-APPRE-302-K9 | User Guide - Page 169
    Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series debug spanning-tree Related Commands Command show debugging show spanning-tree Description Displays information about the types of debugging that are enabled. Displays spanning-tree state information. Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 170
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series deny (access-list configuration) To configure conditions for a named or numbered IP access control list (ACL), use the deny command in access-list configuration . 170 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
  • Cisco NME-APPRE-302-K9 | User Guide - Page 171
    TCP) or User Datagram Protocol Configuring IP Services" chapter in the Cisco IOS IP Configuration Guide, Release 12.2. Examples The following example shows how to create an extended IP ACL and to configure deny conditions for it: Switch(config)# ip access-list extended Internetfilter Switch(config
  • Cisco NME-APPRE-302-K9 | User Guide - Page 172
    configuration) 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 configuration) Sets conditions for an IP ACL. show access-lists Displays ACLs configured on a switch. show ip access-lists Displays IP ACLs configured on the switch. 172 Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 173
    36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series dot1x default dot1x default To reset the global 802.1x parameters to their default values, use the dot1x default command in global configuration mode. dot1x default Syntax Description This command has
  • Cisco NME-APPRE-302-K9 | User Guide - Page 174
    Modes Global configuration Command History Release 12.1(6)EA2 12.2(15)ZJ Modification This command was introduced. This command was implemented on the following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Usage Guidelines You should change the default value
  • Cisco NME-APPRE-302-K9 | User Guide - Page 175
    . Related Commands Command dot1x default show dot1x Description Enables manual control of the authorization state of the port. Displays 802.1x statistics, administrative status, and operational status for the switch or for the specified interface. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and
  • Cisco NME-APPRE-302-K9 | User Guide - Page 176
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series dot1x port-control To enable manual control of the authorization state of the port, use the dot1x port-control command in interface configuration mode. To return to the default setting, use the no
  • Cisco NME-APPRE-302-K9 | User Guide - Page 177
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series dot1x port-control Examples The following example shows how to enable 802.1x on Fast Ethernet interface 0/1: Switch(config)# interface fastethernet0/1 Switch(config . Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 177
  • Cisco NME-APPRE-302-K9 | User Guide - Page 178
    36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series dot1x re-authenticate To manually initiate a reauthentication of port number of the interface to reauthenticate. Defaults There is no default setting. Command Modes Privileged EXEC Command History
  • Cisco NME-APPRE-302-K9 | User Guide - Page 179
    Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series dot1x re-authentication dot1x re-authentication To enable periodic reauthentication of the client, use the dot1x re-authentication command in global configuration mode. To return to the default setting, use
  • Cisco NME-APPRE-302-K9 | User Guide - Page 180
    client provided an invalid password), use the dot1x quiet-period command in global configuration mode. To return to the default setting, use the problems with certain clients and authentication servers. If you want to provide a faster response time to the user, enter a smaller number than the default
  • Cisco NME-APPRE-302-K9 | User Guide - Page 181
    Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series dot1x timeout re-authperiod dot1x timeout re-authperiod To set the number of seconds between reauthentication attempts, use the dot1x timeout re-authperiod command in global configuration mode. To return to the default
  • Cisco NME-APPRE-302-K9 | User Guide - Page 182
    The default is 30 seconds. Command Modes Global configuration Command History Release 12.1(6)EA2 12.2(15)ZJ Modification This command was introduced. This command was implemented on the following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Usage Guidelines
  • Cisco NME-APPRE-302-K9 | User Guide - Page 183
    , refer to the "Configuring IP Services" chapter in the Cisco IOS IP Configuration Guide, Release 12.2. Examples The following example shows how to apply a numbered ACL to an interface: Switch(config)# interface fastethernet0/1 Switch(config-if)# ip access-group 101 in Cisco IOS Release 12.2(2)XT
  • Cisco NME-APPRE-302-K9 | User Guide - Page 184
    ) show ip access-lists show access-lists Description Configures conditions for an IP ACL. Defines an IP ACL. Configures conditions for an IP ACL. Displays IP ACLs configured on the switch. Displays ACLs configured on the switch. 184 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
  • Cisco NME-APPRE-302-K9 | User Guide - Page 185
    to 2699. Defaults No named or numbered IP ACLs are defined. Command Modes Global configuration Command History configuration mode. Note For more information about configuring IP ACLs, refer to the "Configuring IP Services" chapter in the Cisco IOS IP Configuration Guide, Release 12.2. Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 186
    -list 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Examples The following example shows how to configure a standard ACL named Internetfilter1: Switch(config)# ip access-list standard Internetfilter1 Switch(config-std-nacl)# permit 192.5.34
  • Cisco NME-APPRE-302-K9 | User Guide - Page 187
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series ip igmp snooping ip igmp snooping To globally enable Internet Group Management Protocol (IGMP) snooping, use the ip igmp snooping command in global configuration mode. To disable IGMP snooping,
  • Cisco NME-APPRE-302-K9 | User Guide - Page 188
    36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Command ip igmp snooping vlan static show ip igmp snooping Description Configures a Layer 2 port as a member of a group. Displays the IGMP snooping configuration. 188 Cisco IOS Release 12.2(2)XT, 12
  • Cisco NME-APPRE-302-K9 | User Guide - Page 189
    36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series ip igmp snooping vlan ip igmp snooping vlan To enable Internet Group Management Protocol (IGMP) snooping on a specific VLAN, use the ip igmp snooping vlan command in global configuration mode. To disable
  • Cisco NME-APPRE-302-K9 | User Guide - Page 190
    the VLAN. The Immediate-Leave configuration is saved in nonvolatile RAM (NVRAM). The Immediate-Leave feature is supported only with IGMP version 2 hosts. Examples The following example shows how to enable IGMP Immediate-Leave processing on VLAN 1: Switch(config)# ip igmp snooping vlan 1 immediate
  • Cisco NME-APPRE-302-K9 | User Guide - Page 191
    Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series ip igmp snooping vlan immediate-leave Command Description show ip igmp snooping Displays the IGMP snooping configuration. show mac-address-table multicast Displays the Layer 2 multicast entries for a VLAN. Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 192
    ip igmp snooping vlan mrouter 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series ip igmp snooping vlan mrouter To add a multicast router port and to configure the multicast router learning method, use the ip igmp snooping vlan mrouter command in
  • Cisco NME-APPRE-302-K9 | User Guide - Page 193
    ip igmp snooping vlan static show ip igmp snooping mrouter Description Configures IGMP Immediate-Leave processing. Configures a Layer 2 port as a member of a group. Displays the statically and dynamically learned multicast router ports. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 193
  • Cisco NME-APPRE-302-K9 | User Guide - Page 194
    groups are saved in nonvolatile RAM (NVRAM). Static connections to multicast routers are supported only on switch ports. Examples The following example shows how to statically configure a host on an interface: Switch(config)# ip igmp snooping vlan 1 static 0100.5e02.0203 interface fastethernet0
  • Cisco NME-APPRE-302-K9 | User Guide - Page 195
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series ip igmp snooping vlan static Command Description ip igmp snooping vlan mrouter Configures a Layer 2 port as a multicast router port. show mac-address-table multicast Displays the Layer 2
  • Cisco NME-APPRE-302-K9 | User Guide - Page 196
    is supported. Note For more information about configuring IP ACLs, refer to the "Configuring IP Services" chapter in the Cisco IOS IP Configuration Guide, Release 12.2. Examples The following example shows how to classify traffic on an interface by using the access group named acl2: Switch(config
  • Cisco NME-APPRE-302-K9 | User Guide - Page 197
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series match (class-map configuration) Related Commands Command class class-map dot1x re- Displays QoS class maps. Displays QoS policy maps. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 197
  • Cisco NME-APPRE-302-K9 | User Guide - Page 198
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series mls qos cos To define the default class of service (CoS) value of a port or to assign the default CoS to all incoming packets on the port, use the mls qos cos command in interface configuration mode. To return to the default
  • Cisco NME-APPRE-302-K9 | User Guide - Page 199
    - and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series mls qos cos The following example shows how to assign all the packets entering a port to the default port CoS value of 4: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# mls qos cos
  • Cisco NME-APPRE-302-K9 | User Guide - Page 200
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series mls qos map To define the class of service (CoS)-to-Differentiated Services Code Point (DSCP) map or DSCP-to-CoS map, use the mls qos map command in global configuration mode. To return to the default . The supported DSCP values
  • Cisco NME-APPRE-302-K9 | User Guide - Page 201
    DSCP values 8, 8, 8, 8, 24, 32, 56, and 56: Switch# configure terminal Switch(config)# mls qos map cos-dscp 8 8 8 8 24 32 56 56 You default CoS value of a port or assigns the default CoS to all incoming packets on the port. Configures the port trust state. Displays QoS mapping information. Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 202
    mls qos trust 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series mls qos trust To configure the port trust state and classify traffic by examining the class of service (CoS) or Differentiated Services Code Point (DSCP) value, use the mls qos
  • Cisco NME-APPRE-302-K9 | User Guide - Page 203
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series mls qos trust The following example shows how to configure a VLAN interface to be a DSCP-trusted port. DSCP-to-COS mapping occurs for all packets with the configured VLAN ID of 60 egressing from
  • Cisco NME-APPRE-302-K9 | User Guide - Page 204
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series permit (access-list configuration) To configure conditions for a named or numbered IP access control list (ACL), use the permit command in access-list configuration . 204 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
  • Cisco NME-APPRE-302-K9 | User Guide - Page 205
    TCP) or User Datagram Protocol Configuring IP Services" chapter in the Cisco IOS IP Configuration Guide, Release 12.2. Examples The following example shows how to create an extended IP ACL and configure permit conditions for it: Switch(config)# ip access-list extended Internetfilter2 Switch(config
  • Cisco NME-APPRE-302-K9 | User Guide - Page 206
    permit (access-list configuration) 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Note In an IP ACL. Displays ACLs configured on a switch. Displays IP ACLs configured on the switch. 206 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
  • Cisco NME-APPRE-302-K9 | User Guide - Page 207
    Gigabit-capable Ethernet ports. Policers cannot be configured on egress Fast Ethernet and Gigabit-capable Ethernet ports. To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode, use the end command. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15
  • Cisco NME-APPRE-302-K9 | User Guide - Page 208
    Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Note For more information about configuring access control lists (ACLs), refer to the "Configuring Network Security with ACLs" chapter in the Catalyst 2950 Desktop Switch Software Configuration Guide for this
  • Cisco NME-APPRE-302-K9 | User Guide - Page 209
    is not supported. The switch does not filter traffic based on the policy map defined by the class class-default policy-map configuration command. To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command. Before you can configure policies
  • Cisco NME-APPRE-302-K9 | User Guide - Page 210
    but only in the ingress direction. Note For more information about configuring access control lists (ACLs), refer to the "Configuring Network Security with ACLs" chapter in the Catalyst 2950 Desktop Switch Software Configuration Guide for this release. Examples The following example shows how to
  • Cisco NME-APPRE-302-K9 | User Guide - Page 211
    " chapter in the Catalyst 2950 Desktop Switch Software Configuration Guide for this release. Examples The following example shows how to apply plcmap1 to an ingress interface: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# service-policy input plcmap1 You can verify your settings
  • Cisco NME-APPRE-302-K9 | User Guide - Page 212
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show access-lists To display access control lists (ACLs) configured on the switch, use the show access ip host 10.146.106.192 any 212 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
  • Cisco NME-APPRE-302-K9 | User Guide - Page 213
    36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show access-lists Related Commands Command ip access-list show ip access-lists Description Configures an IP ACL on the switch. Displays the IP ACLs configured on a switch. Cisco IOS Release 12.2(2)XT
  • Cisco NME-APPRE-302-K9 | User Guide - Page 214
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show class-map To display quality of service following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series access-group name testingacl Class Map match-any class-default (id 0) Match any Class Map match-all
  • Cisco NME-APPRE-302-K9 | User Guide - Page 215
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show class-map Related Commands Command class-map match (class-map configuration) Description Creates a class map to be used for matching packets to the class whose name you specify. Defines the
  • Cisco NME-APPRE-302-K9 | User Guide - Page 216
    show dot1x 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show dot1x To display the 802.1x statistics, .b0f8.fbfb Multiple Hosts Disallowed Current Identifier 2 Authorized n/a no 216 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
  • Cisco NME-APPRE-302-K9 | User Guide - Page 217
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco configurable.When relaying a request from the Remote Authentication Dial-In User Service the switch resets the port Configuring 802.1x Port-Based Authentication" chapter in the Catalyst 2950 Desktop Switch Software Configuration Guide Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 218
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Table 20 show dot1x interface Field Descriptions Field Description Status Status of the port (authorized or unauthorized). The status of a port appears as authorized if the dot1x port-control interface configuration reset by
  • Cisco NME-APPRE-302-K9 | User Guide - Page 219
    and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show dot1x Table 21 Authentication Protocol Related Commands Command dot1x default Description Resets the global 802.1x parameters to their default values. Cisco IOS Release 12.2(2)XT, 12.2(8)T,
  • Cisco NME-APPRE-302-K9 | User Guide - Page 220
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show ip access-lists To display IP access control lists (ACLs) configured on the switch, use the show list 103 permit tcp any any eq www 220 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
  • Cisco NME-APPRE-302-K9 | User Guide - Page 221
    extended) access-list (IP standard) ip access-list show access-lists Description Configures an extended ACL on the switch. Configures a standard ACL on the switch. Configures an IP ACL on the switch. Displays ACLs configured on a switch. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 221
  • Cisco NME-APPRE-302-K9 | User Guide - Page 222
    Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show ip igmp snooping To display the Internet Group Management Protocol (IGMP) snooping configuration of the switch snooping is enabled on this Vlan 222 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
  • Cisco NME-APPRE-302-K9 | User Guide - Page 223
    Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Configures IGMP Immediate-Leave processing. ip igmp snooping vlan mrouter Configures a Layer 2 port as a multicast router port. show mac-address-table multicast Displays the Layer 2 multicast entries for a VLAN. Cisco IOS
  • Cisco NME-APPRE-302-K9 | User Guide - Page 224
    show ip igmp snooping mrouter 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show ip igmp snooping mrouter To display information on dynamically learned and manually configured multicast router ports, use the show ip igmp snooping mrouter
  • Cisco NME-APPRE-302-K9 | User Guide - Page 225
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show mls masks show mls masks To display the details of the Access Control Parameters (ACPs) used for quality of service ACLs. Note You can configure up to four ACPs ( Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 225
  • Cisco NME-APPRE-302-K9 | User Guide - Page 226
    Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Related Commands Command ip access-group policy-map Description Applies an IP ACL to an interface. Creates or modifies a policy map that can be attached to multiple interfaces and enters policy-map configuration mode
  • Cisco NME-APPRE-302-K9 | User Guide - Page 227
    of a port or assigns the default CoS to all incoming packets on the port. Defines the CoS-to-DSCP map and DSCP-to-CoS map. Configures the port trust state. Ingress traffic can be trusted and classification is performed by examining the CoS or DSCP value. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and
  • Cisco NME-APPRE-302-K9 | User Guide - Page 228
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show mls qos maps To display quality of service (QoS) mapping information, use the show 34 40 46 48 56 cos: 0 1 1 1 2 2 3 3 4 4 5 6 7 228 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
  • Cisco NME-APPRE-302-K9 | User Guide - Page 229
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show mls qos maps The following is Related Commands Command mls qos map Description Defines the CoS-to-DSCP map and DSCP-to-CoS map. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 229
  • Cisco NME-APPRE-302-K9 | User Guide - Page 230
    following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Usage Guidelines Use the show policy-map command without keywords to display all policy maps configured on the switch. Note In a policy map, the class named class-default is not supported. The switch does
  • Cisco NME-APPRE-302-K9 | User Guide - Page 231
    16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show policy-map The following is sample output from policy map that can be attached to multiple interfaces to specify a service policy. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 231
  • Cisco NME-APPRE-302-K9 | User Guide - Page 232
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco and configuration of supported. Valid interfaces include physical ports and VLANs. (Optional) Displays the default path cost method. (Optional) Displays root-switch status and configuration Cisco 2600 series, Cisco 3600 series, and Cisco 3700
  • Cisco NME-APPRE-302-K9 | User Guide - Page 233
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco IEEE compatible Spanning Tree protocol Bridge Identifier has priority 32768, address 00e0.1eb2.ddc0 Configured hello Port path cost 100, Port priority 128 Designated root has priority 32768, address 0010.0b3f.ac80 Cisco IOS Release 12.2(2)
  • Cisco NME-APPRE-302-K9 | User Guide - Page 234
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Designated bridge has priority 32768, address 00e0.1eb2.ddc0 Designated port is 1, path cost 1 is down Port path cost 100, Port priority 128 Designated 1e9f.4abf Designated port is 3, path cost 410 Timers: message age 0, forward
  • Cisco NME-APPRE-302-K9 | User Guide - Page 235
    Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show corresponding keyword. When no option is specified, the default is to display broadcast storm-control information. Examples % 0.00% 0.00% 20.32% Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 235
  • Cisco NME-APPRE-302-K9 | User Guide - Page 236
    and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Table 22 describes the current storm ends. Related Commands Command storm-control Description Enables broadcast, multicast, or unicast storm control on a port. 236 Cisco IOS Release 12.2(2)XT,
  • Cisco NME-APPRE-302-K9 | User Guide - Page 237
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series spanning-tree backbonefast spanning-tree backbonefast To enable the BackboneFast feature, use the spanning-tree backbonefast command in global configuration mode. To return to the default switch: Switch(config)# spanning-tree
  • Cisco NME-APPRE-302-K9 | User Guide - Page 238
    Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series storm-control To enable broadcast, multicast, or unicast storm control on a port and to specify the action taken when a storm occurs on a port, use the storm-control command in interface configuration mode. To
  • Cisco NME-APPRE-302-K9 | User Guide - Page 239
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series storm-control Usage Guidelines Use the storm-control command to enable or disable broadcast, multicast, or unicast storm control on a port. After a port is disabled during a storm, use the no shutdown interface configuration
  • Cisco NME-APPRE-302-K9 | User Guide - Page 240
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series switchport To set an interface that is in Layer 3 mode into Layer 2 mode for Layer 2 configuration, use the switchport command in interface configuration and become a Cisco-routed port: Switch(config-if)# no switchport The
  • Cisco NME-APPRE-302-K9 | User Guide - Page 241
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series switchport Note The switchport command without keywords is not used on platforms that do not support Cisco protection settings. show running-config Displays the current operating configuration. Cisco IOS Release 12.2(2)XT, 12
  • Cisco NME-APPRE-302-K9 | User Guide - Page 242
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Glossary 802.1d-IEEE standard for MAC bridges. 802.1p-IEEE standard for queuing and multicast support which multiple service types ( support for user-defined traffic classes. CCN-Cisco Communications Network (Cisco of Service. An
  • Cisco NME-APPRE-302-K9 | User Guide - Page 243
    Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 a hot standby router group with a lead router that services all packets sent to the hot standby address. The spanning tree. Support for dot1q trunks to map multiple spanning trees to a single spanning tree. Cisco IOS Release 12.2(2)XT
  • Cisco NME-APPRE-302-K9 | User Guide - Page 244
    Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series QoS-quality of service. Measure of performance for a transmission system that reflects its transmission quality and service availability. RADIUS-Remote Access Dial-In User Service. A service used to authenticate
  • Cisco NME-APPRE-302-K9 | User Guide - Page 245
    Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Glossary VQP-VLAN Query Protocol. VTP-VLAN Trunking Protocol. flow, where lower weights are the first to be serviced. WRR-Weighted Round-Robin. Type of round-robin Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 245
  • Cisco NME-APPRE-302-K9 | User Guide - Page 246
    Glossary 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series 246 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
1
Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
16- and 36-Port Ethernet Switch Module for
Cisco 2600 Series, Cisco 3600 Series, and
Cisco 3700 Series
Feature History
This feature module describes the 16- and 36-Port Ethernet Switch Module (NM-16ESW and
NM-36ESW) for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in
Cisco IOS Release 12.2(2)XT and Cisco IOS Release 12.2(8)T and above. Enhancements were added in
Cisco IOS Release 12.2(15)ZJ.
This document includes the following sections:
Feature Overview, page 2
Supported Platforms, page 45
Supported Standards, MIBs, and RFCs, page 45
Prerequisites, page 46
Configuration Tasks, page 46
Configuration Examples for the 16- and 36-Port Ethernet Switch Module, page 130
Command Reference, page 157
Glossary, page 242
Release
Modification
12.2(2)XT
This feature was introduced on the Cisco
2600
series, Cisco
3600
series, and
Cisco 3700 series routers.
12.2(8)T
This feature was integrated into Cisco IOS Release 12.2(8)T.
12.2(15)ZJ
Added switching software enhancements: IEEE 802.1x, QoS (including
Layer 2/Layer 3 CoS/DSCP mapping and rate limiting), security ACL,
IGMP snooping, per-port storm control, and fallback bridging support for
switch virtual interfaces (SVIs).