Cisco NM-1A-OC3-POM User Guide
Cisco NM-1A-OC3-POM - Atm OC3 Module Manual
 |
UPC - 882658003332
View all Cisco NM-1A-OC3-POM manuals
Add to My Manuals
Save this manual to your list of manuals |
Cisco NM-1A-OC3-POM manual content summary:
- Cisco NM-1A-OC3-POM | User Guide - Page 1
, page 2 • Supported Platforms, page 45 • Supported Standards, MIBs, and RFCs, page 45 • Prerequisites, page 46 • Configuration Tasks, page 46 • Configuration Examples for the 16- and 36-Port Ethernet Switch Module, page 130 • Command Reference, page 157 • Glossary, page 242 Cisco IOS Release 12 - Cisco NM-1A-OC3-POM | User Guide - Page 2
Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to configure the 16- and 36-port Ethernet switch network modules. This network module is supported on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. The - Cisco NM-1A-OC3-POM | User Guide - Page 3
36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by high-bandwidth devices and a large number of users by assigning each device (for example, a server) to its own 10 - Cisco NM-1A-OC3-POM | User Guide - Page 4
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Layer 2 Interface Modes Switchport mode access puts the interface into nontrunking mode. The interface will stay in access Configuration Feature Interface mode Trunk encapsulation Allowed VLAN range Default VLAN (for access - Cisco NM-1A-OC3-POM | User Guide - Page 5
36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview access port. A routed port behaves like a regular router interface, except that it does not support subinterfaces. Routed ports can be configured with a Layer 3 routing protocol. Configure - Cisco NM-1A-OC3-POM | User Guide - Page 6
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is made up of one or more interconnected switches that share the same VTP domain name. A switch can be configured the VLAN configuration on a VTP server, the change - Cisco NM-1A-OC3-POM | User Guide - Page 7
your network, you must decide whether to use VTP version 1 or version 2. VTP version 2 supports the following features not supported in version 1: Unrecognized Type-Length-Value (TLV) Support-A VTP server or client propagates configuration changes to its other trunks, even for TLVs it is not able to - Cisco NM-1A-OC3-POM | User Guide - Page 8
other problems. Follow these guidelines and restrictions to avoid configuration problems: • All Ethernet interfaces on all modules support publicly accessible ports. The authentication server authenticates each client connected to a switch port before making available any services offered - Cisco NM-1A-OC3-POM | User Guide - Page 9
as shown in Figure 1. Figure 1 802.1x Device Roles Authentication server (RADIUS) 88852 Workstation (client) Cisco router with Ethernet switch network module • Client-the device (workstation) that requests access to the LAN and switch services and responds to the requests from the switch. The - Cisco NM-1A-OC3-POM | User Guide - Page 10
supported on the network access Cisco router with Ethernet switch network module Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success RADIUS Access-Request RADIUS Access-Challenge RADIUS Access-Request RADIUS Access - Cisco NM-1A-OC3-POM | User Guide - Page 11
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in Authorized and Unauthorized States The switch port state determines whether or not the client is granted access to the network. The port starts in the unauthorized state - Cisco NM-1A-OC3-POM | User Guide - Page 12
as a client to the switch. Figure 3 Wireless LAN Example Access point Cisco router with Ethernet switch network module Authentication server (RADIUS) 88850 Wireless client Spanning Tree Protocol This section describes how to configure the Spanning Tree Protocol (STP) on Ethernet switch network - Cisco NM-1A-OC3-POM | User Guide - Page 13
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge numerical priority value) is elected as the root switch. If all switches are configured with the default priority (32768), the switch with the lowest MAC address in the - Cisco NM-1A-OC3-POM | User Guide - Page 14
Feature Overview 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that affect the entire spanning tree performance: Table 2 STP Timers Timer Hello timer Forward delay timer - Cisco NM-1A-OC3-POM | User Guide - Page 15
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 and the transitory states of listening and learning at power up. If properly configured, each Layer 2 interface stabilizes to the forwarding or blocking state. When - Cisco NM-1A-OC3-POM | User Guide - Page 16
a blocking Layer 2 interface, so there is no address database update.) • Receives BPDUs and directs them to the system module. • Does not transmit BPDUs received from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 16 - Cisco NM-1A-OC3-POM | User Guide - Page 17
this point, so there is no address database update.) • Receives BPDUs and directs them to the system module. • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 17 - Cisco NM-1A-OC3-POM | User Guide - Page 18
end station location into its address database. • Receives BPDUs and directs them to the system module. • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 18 - Cisco NM-1A-OC3-POM | User Guide - Page 19
. • Incorporates end station location information into its address database. • Receives BPDUs and directs them to the system module. • Processes BPDUs received from the system module. • Receives and responds to network management messages. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 19 - Cisco NM-1A-OC3-POM | User Guide - Page 20
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer 2 not receive BPDUs. • Does not receive BPDUs for transmission from the system module. MAC Address Allocation The MAC address allocation manager has a pool of MAC - Cisco NM-1A-OC3-POM | User Guide - Page 21
the forwarding state and blocks other interfaces. The possible priority range is 0 to 255, configurable in increments of 4 (the default is 128). Cisco IOS software uses the port priority value when the interface is configured as an access port and uses VLAN port priority values when the interface is - Cisco NM-1A-OC3-POM | User Guide - Page 22
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 interface is configured as an access port and uses VLAN port cost values when the interface is configured as a states, and into the forwarding state. Figure 10 shows an example topology with no link failures. Switch A, the root switch - Cisco NM-1A-OC3-POM | User Guide - Page 23
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview If link L1 fails, the topology to account for the failure of link L1. Figure 11 BackboneFast Example After Indirect Link Failure Switch A (Root) Switch B L1 Link failure L2 - Cisco NM-1A-OC3-POM | User Guide - Page 24
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Cisco Discovery Protocol Cisco Discovery Protocol (CDP) is a protocol that runs over Layer 2 (the data link layer) on all Cisco routers, bridges, access servers that support Subnetwork Access Protocol (SNAP). Each CDP-configured - Cisco NM-1A-OC3-POM | User Guide - Page 25
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be configured For example, a bidirectional (both ingress and egress) SPAN session is configured for VLANs. • Monitoring of VLANs is not supported • Only one SPAN session may be run - Cisco NM-1A-OC3-POM | User Guide - Page 26
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding ACLs Packet example, you can allow e-mail traffic to be forwarded but not Telnet traffic. ACLs can be configured to block inbound traffic. An ACL contains an ordered list of access - Cisco NM-1A-OC3-POM | User Guide - Page 27
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 13 Using ACLs to Control Traffic to a Network Feature Overview Host A Cisco router with Ethernet switch network module Host B Human Resources network Research & Development network = - Cisco NM-1A-OC3-POM | User Guide - Page 28
host 10.1.1.3, and the earlier permit ACEs were checking different hosts. Understanding Access Control Parameters Before configuring ACLs on the Ethernet switch network module, you must have a thorough understanding of the Access Control Parameters (ACPs). ACPs are referred to as masks in the switch - Cisco NM-1A-OC3-POM | User Guide - Page 29
the same mask; therefore, a Ethernet switch network module supports this ACL. • Only four user-defined masks can be defined for the entire system. These can be used for either security or quality of service (QoS) but cannot be shared by QoS and security. You can configure as many ACLs as you require - Cisco NM-1A-OC3-POM | User Guide - Page 30
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Understanding Quality of Service the User Priority bits. On interfaces configured as Layer 2 802.1Q trunks, all 3 IP packets can carry a Differentiated Services Code Point (DSCP) value. The supported DSCP values are 0, 8, 10, 16 - Cisco NM-1A-OC3-POM | User Guide - Page 31
of 3 are placed into the highest priority queues. If the queue has no packets to be serviced, it is skipped. Weighted Random Early Detection (WRED) is not supported on the Fast Ethernet ports. You cannot configure port-based QoS on the Layer 2 switch ports. Basic QoS Model Figure 15 shows the basic - Cisco NM-1A-OC3-POM | User Guide - Page 32
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series • Policing determines whether a packet is in or out of profile according to the configured services the queues according to the configured weights the permit and deny actions in the access control entries (ACEs) have different - Cisco NM-1A-OC3-POM | User Guide - Page 33
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview • Configuration of a deny action is not supported in QoS ACLs on the 16- and 36-port Ethernet switch network modules of system mask. For example, a policy map cannot access service-policy interface configuration - Cisco NM-1A-OC3-POM | User Guide - Page 34
the packet for internal use. The IETF defines the six most-significant bits of the 1-byte type of service (ToS) field as the DSCP. The priority represented by a particular DSCP value is configurable. The supported DSCP values are 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56. • Trust the CoS - Cisco NM-1A-OC3-POM | User Guide - Page 35
service. Note No policers can be configured on the egress interface on Ethernet switch network modules. Mapping Tables The Ethernet switch network modules support example, the maximum number for 10 VLANs and 20 groups would be 200, under the 242 limit. IP Multicast Support and the router and keeps - Cisco NM-1A-OC3-POM | User Guide - Page 36
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series associated multicast forwarding table entry. When it receives an IGMP Leave Group message from a host, it removes the host port from the table entry. After it relays the IGMP queries from the multicast router configure - Cisco NM-1A-OC3-POM | User Guide - Page 37
port numbers of Host 1 and the router. Figure 16 Initial IGMP Join Message Cisco router with Ethernet switch network module 1 IGMP Report 224.1.2.3 CPU port Multicast IGMP packets (!IGMP) to the router and to the host that has joined the group. If another host (for example, Host 4) sends an IGMP - Cisco NM-1A-OC3-POM | User Guide - Page 38
Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 17 Second Host Joining a Multicast Group Cisco router with Ethernet switch network module 1 or in the network configuration can cause a storm. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ - Cisco NM-1A-OC3-POM | User Guide - Page 39
Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 switch supports global storm-control for broadcast, multicast, and unicast traffic. This example of given period of time. In this example, the broadcast traffic exceeded the configured threshold between time intervals T1 and - Cisco NM-1A-OC3-POM | User Guide - Page 40
or Gigabit Ethernet port when the MAC address of the station attempting to access the port is different from any of the MAC addresses specified for that some of the concepts involved in configuring Ethernet ports on the Ethernet switch network module to support Cisco IP phones in a branch office - Cisco NM-1A-OC3-POM | User Guide - Page 41
36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Default Switch Configuration By default, the Ethernet switch network module provides the following settings with respect to Cisco AVVID: • All switch ports are in access VLAN 1. • All - Cisco NM-1A-OC3-POM | User Guide - Page 42
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 a router, but it is not connected to a router. A routed port is not associated with a particular VLAN, does not support subinterfaces fallback bridging network example. The multilayer switch has two interfaces configured as SVIs with - Cisco NM-1A-OC3-POM | User Guide - Page 43
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 19 Fallback Bridging Network Example Cisco router with Ethernet switch network module are not supported in this release: • CGMP client, CGMP fast-leave • Dynamic ports • Dynamic access ports • Secure - Cisco NM-1A-OC3-POM | User Guide - Page 44
Guide • Quick Start Guides for Cisco 3600 series routers • Cisco 3600 Series Hardware Installation Guide • Quick start guides for Cisco 3700 series routers • Hardware installation documents for Cisco 3700 series • WAN Interface Card Hardware Installation Guide For information about configuring - Cisco NM-1A-OC3-POM | User Guide - Page 45
platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that - Cisco NM-1A-OC3-POM | User Guide - Page 46
later release • Basic configuration of the Cisco 2600 series, Cisco 3600 series, or Cisco 3700 series router In addition, complete the following tasks before configuring this feature: • Configure IP routing For more information on IP routing, refer to the Cisco IOS IP Configuration Guide, Release 12 - Cisco NM-1A-OC3-POM | User Guide - Page 47
36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks • Configuring Power Management on the Interface, page 98 • Configuring IP Multicast Layer 3 Switching, page 98 • Configuring IGMP Snooping, page 102 • Configuring Global Storm-Control - Cisco NM-1A-OC3-POM | User Guide - Page 48
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Defining a Range Macro To define an interface range macro, use the define interface-range command in global configuration mode: Step 1 Command Purpose Router(config)# define interface-range macro - Cisco NM-1A-OC3-POM | User Guide - Page 49
Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Configuring the Interface Speed To set the interface speed, use the following commands in global configuration mode: Step 1 Step 2 Command Purpose Router(config)# interface fastethernet - Cisco NM-1A-OC3-POM | User Guide - Page 50
Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series 0 output buffers swapped out Router# Configuring a Description for an Interface the interface.) Exits configuration mode. Note Ports do not support Dynamic Trunk Protocol ( - Cisco NM-1A-OC3-POM | User Guide - Page 51
-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Verifying an Ethernet Interface as a Layer 2 Trunk Step 1 Use the following show commands to verify the configuration of an Ethernet interface as a Layer 2 trunk: Router# show running - Cisco NM-1A-OC3-POM | User Guide - Page 52
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuring an Ethernet Interface as a Layer 2 Access To configure an Ethernet Interface as a Layer 2 access use the following commands beginning in global configuration mode: Step 1 Step 2 Step - Cisco NM-1A-OC3-POM | User Guide - Page 53
Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Configuring VLANs To configure an Ethernet Interface as a Layer 2 access, use the following commands beginning in EXEC mode: Step 1 Step 2 Step 3 Command Router# vlan database Router(vlan - Cisco NM-1A-OC3-POM | User Guide - Page 54
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Step 1 Step 2 Step 3 Command Router# vlan database Router(vlan)# no vlan vlan-id Router(vlan)# exit Verifying VLAN Deletion Purpose Enters VLAN configuration mode. Deletes the VLAN. Updates the - Cisco NM-1A-OC3-POM | User Guide - Page 55
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 1 Step 2 Step 3 Command Router# vlan database Router(vlan)# vtp server Router(vlan)# vtp domain domain-name Step 4 Router(vlan)# vtp password password-value Step 5 - Cisco NM-1A-OC3-POM | User Guide - Page 56
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Verifying VTP Step 1 Use the show vtp status to verify VTP status: Router# show vtp status VTP Version : 2 Configuration Revision : 247 Maximum VLANs supported locally : 1005 Number of - Cisco NM-1A-OC3-POM | User Guide - Page 57
the current state: 00h:10m:57s Step 3 Router# show running-config interface port-channel 2 Building configuration... Current configuration: ! interface Port-channel2 no ip address switchport switchport access vlan 10 switchport mode access end Router# Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12 - Cisco NM-1A-OC3-POM | User Guide - Page 58
Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Step 4 Router# show etherchannel 2 port-channel Port-channels in the group Port-channel: Po2 Age of the Port-channel = 00h:23m:33s Logical slot/port = 10/2 Number - Cisco NM-1A-OC3-POM | User Guide - Page 59
Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Removing an Interface from an EtherChannel To remove an Ethernet interface from an EtherChannel, use the following commands in global configuration mode: Step 1 Step 2 Command Router(config - Cisco NM-1A-OC3-POM | User Guide - Page 60
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series • Setting the Switch-to-Client Frame-Retransmission Number, page 65 • Enabling Multiple Hosts, page 66 Understanding the Default 802.1x Configuration Multiple host support Client timeout period Authentication server timeout - Cisco NM-1A-OC3-POM | User Guide - Page 61
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks 802.1x Configuration Guidelines These are the 802.1x authentication configuration guidelines: • When the 802.1x protocol is enabled, ports are authenticated before any other - Cisco NM-1A-OC3-POM | User Guide - Page 62
enables RADIUS requests to be sent to multiple UDP ports on a server at the same IP address. If two different host entries on the same RADIUS server are configured for the same service-for example, authentication-the second host entry configured acts as the fail-over backup to the first one. The - Cisco NM-1A-OC3-POM | User Guide - Page 63
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 1 Step 2 Command Purpose configure terminal Enters global configuration mode. radius-server host {hostname | Configures the RADIUS server parameters on the switch. ip - Cisco NM-1A-OC3-POM | User Guide - Page 64
Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command configure terminal dot1x re-authentication dot1x timeout re-authperiod seconds end show dot1x copy running-config startup-config - Cisco NM-1A-OC3-POM | User Guide - Page 65
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Note You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers - Cisco NM-1A-OC3-POM | User Guide - Page 66
Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Enabling Multiple Hosts You can attach multiple hosts to a single 802.1x-enabled port as shown in Figure 3 on page 12. In this - Cisco NM-1A-OC3-POM | User Guide - Page 67
the show spanning-tree vlan command to verify spanning tree configuration: Router# show spanning-tree vlan 200 VLAN200 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768, address 0050.3e8d.6401 Configured hello time 2, max age 20, forward delay 15 Current - Cisco NM-1A-OC3-POM | User Guide - Page 68
Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuring Spanning Tree Port Priority To configure the spanning tree port priority of an interface, use the following commands beginning in global configuration mode: Step 1 Step 2 Command Router(config)# interface - Cisco NM-1A-OC3-POM | User Guide - Page 69
36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 3 Command Router(config-if)# [no] spanning-tree vlan vlan-id cost port-cost Step 4 Router(config-if)# end Verifying Spanning Tree Port Cost Purpose Configures the VLAN port - Cisco NM-1A-OC3-POM | User Guide - Page 70
Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Verifying the Bridge Priority of a VLAN Step 1 Use the show spanning-tree vlan bridge command to verify the bridge priority: Router# show spanning-tree vlan 200 bridge brief - Cisco NM-1A-OC3-POM | User Guide - Page 71
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Configuring the Root Bridge The Ethernet switch network module maintains a separate instance of spanning tree for each active VLAN configured on the switch. A bridge ID, - Cisco NM-1A-OC3-POM | User Guide - Page 72
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Beginning in privileged EXEC mode, follow these steps to enable BackboneFast: Step 1 Step 2 Step 3 Step 4 Step 5 Command configure configuration mode: Step 1 Step 2 Command Router(config)# no spanning-tree vlan vlan-id Router - Cisco NM-1A-OC3-POM | User Guide - Page 73
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Enabling Known MAC Address Traffic To enable the MAC address secure option, use the following commands beginning in privileged EXEC mode: Step 1 Step 2 Step 3 Command Router# configure terminal Router - Cisco NM-1A-OC3-POM | User Guide - Page 74
)# mac-address-table aging-time seconds Router(config)# end Purpose Enters global configuration mode. Configures the MAC address aging-timer age in seconds Exits configuration mode. Caution Cisco advises that you not change the aging timer because the Ethernet switch network module could go out of - Cisco NM-1A-OC3-POM | User Guide - Page 75
36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Enabling Cisco Discovery Protocol To enable Cisco Discovery Protocol (CDP) globally, use the following command in global configuration mode: Step 1 Command Router(config)# cdp run - Cisco NM-1A-OC3-POM | User Guide - Page 76
Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Verifying CDP Neighbors Step 1 Use the show cdp neighbors command to verify information about the neighboring equipment: Router# show cdp neighbors Capability Codes: R - - Cisco NM-1A-OC3-POM | User Guide - Page 77
. Note Multiple SPAN sessions can be configured. But only one SPAN session is supported at a time. The following example shows how to configure SPAN session 1 to monitor bidirectional traffic from source interface Fast Ethernet 5/1: Router(config)# monitor session 1 source interface fastethernet - Cisco NM-1A-OC3-POM | User Guide - Page 78
on configuring router ACLs, refer to the "Configuring IP Services" chapter in the Cisco IP Configuration Guide for Cisco IOS Release 12.2. For detailed information about the commands, refer to Cisco IOS IP Command Reference for Cisco IOS Release 12.2. For a list of Cisco IOS features not supported - Cisco NM-1A-OC3-POM | User Guide - Page 79
Cisco 3700 Series Configuration Tasks ACL Numbers The number you use to denote your ACL shows the type of access list that you are creating. Table 11 lists the access list number and corresponding type and shows whether or not they are supported by the switch. The Ethernet switch network module - Cisco NM-1A-OC3-POM | User Guide - Page 80
the source. (See first bullet item.) Note The log option is not supported on Ethernet switch network modules. end Returns to privileged EXEC mode. show access-lists [number | name] Displays the access list configuration. copy running-config startup-config (Optional) Saves your entries in the - Cisco NM-1A-OC3-POM | User Guide - Page 81
to each protocol, refer to the Cisco IP Command Reference for Cisco IOS Release 12.2. Note The Ethernet switch network module does not support dynamic or reflexive access lists. It also does not support filtering based on the minimize-monetary-cost type of service (TOS) bit. When creating ACEs in - Cisco NM-1A-OC3-POM | User Guide - Page 82
host with source and source-wildcard of source 0.0.0.0. Note Only the ip, tcp, and udp protocols are supported on Ethernet switch interfaces. Verifies the access list configuration. (Optional) Saves your entries in the configuration file. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 82 - Cisco NM-1A-OC3-POM | User Guide - Page 83
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Use the no access-list access-list-number global configuration command to delete the entire access list. You cannot delete individual ACEs from numbered access in the supported range of access list numbers. - Cisco NM-1A-OC3-POM | User Guide - Page 84
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Beginning in privileged EXEC mode, follow these steps to create a standard access list using names: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command Purpose configure terminal Enters global configuration mode. ip access - Cisco NM-1A-OC3-POM | User Guide - Page 85
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks When making the standard and extended ACL, remember that, by default, the end of the ACL contains an implicit deny statement for everything if - Cisco NM-1A-OC3-POM | User Guide - Page 86
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Step 5 Step 6 Command show running-config copy running-config startup-config Purpose Displays the access list configuration. (Optional) Saves your entries in the configuration file. Note The ip - Cisco NM-1A-OC3-POM | User Guide - Page 87
multiple access control entries, which are commands that match fields against the contents of the packet. • Policy maps with ACL classification in the egress direction are not supported and cannot be attached to an interface by using the service-policy input policy-map-name interface configuration - Cisco NM-1A-OC3-POM | User Guide - Page 88
within the QoS Domain Trusted interface Catalyst 2950 wiring closet Trunk Cisco router with Ethernet switch network module Classification of traffic performed here 88855 Beginning in privileged EXEC mode, follow these steps to configure the port to trust the classification of the traffic that - Cisco NM-1A-OC3-POM | User Guide - Page 89
is a VLAN interface that you created by using the interface vlan vlan-id global configuration command. The DCSP-to-CoS map will be applied to packets arriving from a router to the Ethernet switch network module through an SVI. Returns to privileged EXEC mode. Verifies your entries. (Optional) Saves - Cisco NM-1A-OC3-POM | User Guide - Page 90
setting, use the no mls qos cos {default-cos | override} interface configuration command. Note The mls qos cos command replaced the switchport priority command in Cisco IOS Release 12.1(6)EA2. Configuring a QoS Policy Configuring a QoS policy typically requires classifying traffic into classes - Cisco NM-1A-OC3-POM | User Guide - Page 91
to privileged EXEC mode. show access-lists Verifies your entries. copy running-config startup-config (Optional) Saves your entries in the configuration file. To delete an ACL, use the no access-list access-list-number global configuration command. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and - Cisco NM-1A-OC3-POM | User Guide - Page 92
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Beginning in privileged EXEC mode, follow these steps to create an IP extended ACL for IP traffic: Step 1 Step 2 Command configure terminal access-list access-list-number {deny | permit | remark - Cisco NM-1A-OC3-POM | User Guide - Page 93
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Classifying Traffic by Using Class Maps You use the class-map global configuration is supported. Only one match criterion per class map is supported, and only one ACL per class map is supported. For access- - Cisco NM-1A-OC3-POM | User Guide - Page 94
access-group acl-index-or-name, specify the number or name of the ACL created in Step 2. Note In a policy map, the class named class-default is not supported. The switch does not filter traffic based on the policy map defined by the class class-default policy-map configuration command. Cisco IOS - Cisco NM-1A-OC3-POM | User Guide - Page 95
the no police rate-bps burst-byte [exceed-action {drop | dscp dscp-value}] policy-map configuration command. To remove the policy map and interface association, use the no service-policy input policy-map-name interface configuration command. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 95 - Cisco NM-1A-OC3-POM | User Guide - Page 96
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuring CoS Maps This section describes how to configure the DSCP maps: • Configuring the CoS-to-DSCP Map, page 96 • Configuring modules support these DSCP values: 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56. Cisco - Cisco NM-1A-OC3-POM | User Guide - Page 97
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration cos, enter the CoS value to which the DSCP values correspond. The supported DSCP values are 0, 8, 10, 16, 18, 24, 26, 1. Access Control Parameters are called masks in the switch CLI commands and output. Cisco IOS - Cisco NM-1A-OC3-POM | User Guide - Page 98
Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuring Power Management on the Interface To manage the powering of the Cisco IP phones, use the following commands beginning in privileged EXEC mode: Step 1 Step 2 Command Router# configure terminal Router(config - Cisco NM-1A-OC3-POM | User Guide - Page 99
and procedures, refer to these publications: • Cisco IOS IP Configuration Guide, Release 12.2, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ • Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 at this URL: http://www - Cisco NM-1A-OC3-POM | User Guide - Page 100
Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 32, Forwarding:29051/-278/1186/0, Other:85724/8/56665 Router# Note The negative counter means that the outgoing 224.0.0.10 Outgoing access list is not set Inbound access list is not - Cisco NM-1A-OC3-POM | User Guide - Page 101
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks IP fast switching on the route-cache flags are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP - Cisco NM-1A-OC3-POM | User Guide - Page 102
36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Note The RPF-MFD flag indicates that the flow is completely hardware switched. The H flag indicates that the flow is hardware-switched on the outgoing interface. Configuring IGMP Snooping This section - Cisco NM-1A-OC3-POM | User Guide - Page 103
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 4 Step 5 Command Purpose show ip igmp snooping [vlan vlan-id] Displays snooping configuration vlan-id global configuration command for the specified VLAN number (for example, vlan1). Enabling IGMP - Cisco NM-1A-OC3-POM | User Guide - Page 104
Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco manually configured multicast router interfaces. (Optional) Saves your configuration to the startup configuration. Configuring Global Storm-Control This section describes how to configure - Cisco NM-1A-OC3-POM | User Guide - Page 105
-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Enabling Global switchport characteristics, including storm-control levels set on the interface: Router# show storm-control Use the show interface counters privileged EXEC commands - Cisco NM-1A-OC3-POM | User Guide - Page 106
Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series The following is sample output from the show interface counters broadcast privileged EXEC command: Router# show interface counters broadcast Port Fa0/1 Fa0/2 BcastSuppDiscards 0 0 Configuring Per-Port Storm - Cisco NM-1A-OC3-POM | User Guide - Page 107
Separate Voice and Data Subnets For ease of network administration and increased scalability, network managers can configure the Ethernet switch network module to support Cisco IP phones such that the voice and data traffic reside on separate subnets. You should always use separate VLANs when - Cisco NM-1A-OC3-POM | User Guide - Page 108
Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Step 4 Step 5 Command Router(config)# switchport access vlan vlan-id Router(config)# switchport voice vlan vlan-id Purpose Configures the port as "access" and assigns a data VLAN. Configures the voice port - Cisco NM-1A-OC3-POM | User Guide - Page 109
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 3 Step 4 Step 5 Command Purpose Router(config)# switchport access vlan vlan-id Sets the native VLAN for untagged traffic. The value of vlan-id represents the ID of - Cisco NM-1A-OC3-POM | User Guide - Page 110
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series • Configuring Voice Ports, page 112 • Step 2 Step 3 Command Purpose Router# config terminal Enters global configuration mode. Router(config)# snmp-server host Enters the trap manager IP - Cisco NM-1A-OC3-POM | User Guide - Page 111
address and subnet mask. Returns to global configuration mode. Enters the IP address of the default router. Returns to privileged EXEC mode. Use Configuring the DNS Each unique IP address can have a host name associated with it. The Cisco IOS software maintains a EC mode, and related Telnet support - Cisco NM-1A-OC3-POM | User Guide - Page 112
, the DNS, accomplishes this task. This service is enabled by default. Configuring Voice Ports This section describes how to configure voice ports on the Ethernet switch network module. The following topics are included: • Configuring a Port to Connect to a Cisco 7960 IP phone, page 113 • Disabling - Cisco NM-1A-OC3-POM | User Guide - Page 113
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Configuring a Port to Connect to a Cisco 7960 IP phone Because a Cisco 7960 IP phone also supports connection to a PC or other device, a port connecting a Ethernet switch - Cisco NM-1A-OC3-POM | User Guide - Page 114
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Verifying Inline Power Configuration Step 1 Use the show power inline interface configured command to verifies the change by displaying the setting as configured: Router# show power inline interface - Cisco NM-1A-OC3-POM | User Guide - Page 115
MAC address and the associated VLAN ID, module, and port number associated with the address. The following shows an example of a list of addresses as they would appear in the dynamic, secure, or static address table. Router# show mac 4d01h:%SYS-5-CONFIG_I:Configured from console by consolec Slot - Cisco NM-1A-OC3-POM | User Guide - Page 116
Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Changing Step 1 Use the show mac-address-table aging-time command to verify configuration: Router# show mac-address-table aging-time Removing Dynamic Addresses To remove a - Cisco NM-1A-OC3-POM | User Guide - Page 117
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Verifying Dynamic Addresses Step 1 Use the show mac-address-table dynamic command to verify configuration: Router# show mac-address-table dynamic Adding Secure Addresses - Cisco NM-1A-OC3-POM | User Guide - Page 118
Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuring Static Addresses A static address has the following characteristics: • It is manually entered in the address table and must be manually removed. • It can be a unicast or - Cisco NM-1A-OC3-POM | User Guide - Page 119
by connecting the Gigabit Ethernet ports of the Ethernet switch network module, use the following commands beginning in global configuration mode: Step 1 Step 1 Step 2 Command Router(config)# interface Gigabit slot/port Router(config-if)# [no] switchport stacking-link interface Gigabit slot/port - Cisco NM-1A-OC3-POM | User Guide - Page 120
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuring Layer 3 Interfaces The Ethernet switch network module supports two types of Layer 3 interfaces for routing and bridging: • SVIs: You should configure SVIs for any VLANs for which you - Cisco NM-1A-OC3-POM | User Guide - Page 121
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Configuring Fallback Bridging This section describes how to configure fallback bridging on your switch. It contains this configuration information: • Understanding the Default - Cisco NM-1A-OC3-POM | User Guide - Page 122
Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Note The protected port feature is not compatible in the bridge group. The ibm and dec keywords are not supported. For bridge-group, specify the bridge group number. The range - Cisco NM-1A-OC3-POM | User Guide - Page 123
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Beginning in privileged EXEC mode, follow these steps to prevent the switch from forwarding frames for stations that it has dynamically learned: Step 1 Step 2 - Cisco NM-1A-OC3-POM | User Guide - Page 124
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series To return to the default aging-time interval, use the no bridge bridge-group aging-time global configuration destination address. Any number of addresses can be configured in the system without a performance penalty. Beginning - Cisco NM-1A-OC3-POM | User Guide - Page 125
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Note Only network administrators with a good understanding of how switches and STP function should make adjustments to spanning-tree parameters. Poorly planned adjustments can - Cisco NM-1A-OC3-POM | User Guide - Page 126
Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Step 3 Command bridge-group bridge-group priority number Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Changes the - Cisco NM-1A-OC3-POM | User Guide - Page 127
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks • Changing the Forward-Delay Interval, page 127 • Changing the Maximum-Idle Interval, page 128 Note Each switch in a spanning tree adopts the interval between - Cisco NM-1A-OC3-POM | User Guide - Page 128
Configuration Tasks 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Changing the Maximum-Idle , yet still permit switching throughout the network as a whole. For example, when switched LAN subnetworks are separated by a WAN, BPDUs can be - Cisco NM-1A-OC3-POM | User Guide - Page 129
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Monitoring and Maintaining the Network To monitor and maintain the network, use one or more of the privileged EXEC commands in Table 17: Table - Cisco NM-1A-OC3-POM | User Guide - Page 130
Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module Configuration Examples for the 16- and 36-Port Ethernet Switch Module This section provides the following configuration examples: • Range of - Cisco NM-1A-OC3-POM | User Guide - Page 131
Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module *Oct FastEthernet5/4, changed state to up Router(config-if)# Multiple Range Configuration Example The following example shows how to use a comma - Cisco NM-1A-OC3-POM | User Guide - Page 132
Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module Interface Speed Example The following example shows the interface speed being set to 100 Mbps on the Fast Ethernet interface 5/4: Router(config - Cisco NM-1A-OC3-POM | User Guide - Page 133
Module VTP Examples • VTP Server Example, page 133 • VTP Client Example, page 133 • Disabling VTP (VTP Transparent Mode) Example, page 133 • VTP version 2 Example, page 133 VTP Server Example The following example shows how to configure the switch as a VTP server: Router# vlan database Router - Cisco NM-1A-OC3-POM | User Guide - Page 134
36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module Router(vlan)# exit APPLY completed. Exiting.... Router# EtherChannel Load Balancing Example • Layer 2 EtherChannels Example, page 134 - Cisco NM-1A-OC3-POM | User Guide - Page 135
36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module • Setting the Switch-to-Client Frame-Retransmission Number Example, page 135 • Enabling Multiple Hosts Example, page 135 Enabling 802 - Cisco NM-1A-OC3-POM | User Guide - Page 136
Spanning-Tree Port Cost Example The following example shows how to change the spanning-tree port cost of a Fast Ethernet interface: Router# configure terminal Router(config)# interface fastethernet 5/8 Router(config-if)# spanning-tree cost 18 Router(config-if)# end Router# 136 Cisco IOS Release 12 - Cisco NM-1A-OC3-POM | User Guide - Page 137
Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module The following example shows how to verify the configuration of the interface when it is configured as an access port: Router# show spanning - Cisco NM-1A-OC3-POM | User Guide - Page 138
Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module BackboneFast Example The following example shows BackboneFast being enabled on the Ethernet switch module: Router# configure terminal Router(config - Cisco NM-1A-OC3-POM | User Guide - Page 139
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module Switched Port Analyzer (SPAN) Source Examples • SPAN Source Configuration Example, page 139 • SPAN Destinations Example, page 139 - Cisco NM-1A-OC3-POM | User Guide - Page 140
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module The following example shows that the switch accepts addresses on network 36.0.0.0 subnets and denies all packets coming from 56 - Cisco NM-1A-OC3-POM | User Guide - Page 141
Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module Including Comments About Entries in ACLs Example The following example shows an IP numbered standard ACL using the access-list access-list - Cisco NM-1A-OC3-POM | User Guide - Page 142
36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module The following example displays only IP standard and extended ACLs: Switch# show ip access-lists Standard IP access list 1 permit 172.20 - Cisco NM-1A-OC3-POM | User Guide - Page 143
for the 16- and 36-Port Ethernet Switch Module Compiling ACLs Example For detailed information about compiling ACLs, refer to the Security Configuration Guide and the "IP Services" chapter of the Cisco IOS IP and IP Routing Configuration Guide for Cisco IOS Release 12.2. Figure 21 shows a small - Cisco NM-1A-OC3-POM | User Guide - Page 144
Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module The following example uses an extended ACL to deny traffic from port 80 (HTTP). It permits all other types of traffic: Switch(config)# access-list - Cisco NM-1A-OC3-POM | User Guide - Page 145
Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module Switch(config-pmap)# exit Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport mode access Switch(config-if)# service-policy - Cisco NM-1A-OC3-POM | User Guide - Page 146
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module The following example shows the output from configuring IGMP snooping: Router# show mac-address-table multicast igmp-snooping - Cisco NM-1A-OC3-POM | User Guide - Page 147
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module The following example shows output from the multicast routing table: Router# show ip mroute IP Multicast Routing Table Flags:D - Cisco NM-1A-OC3-POM | User Guide - Page 148
255.0 This configuration instructs the IP server required for its configuration. Cisco IOS supports a DHCP server function. If this function is used, the Ethernet switch network module serves as a local DHCP server and a helper address would not be required. Inter-VLAN Routing Example Configuring - Cisco NM-1A-OC3-POM | User Guide - Page 149
following example shows a single subnet configuration for the Ethernet switch network module switch: Router# FastEthernet 5/2 description Port to IP Phone in single subnet switchport access vlan 40 switchport voice vlan dot1p spanning-tree portfast The Ethernet switch network module instructs the - Cisco NM-1A-OC3-POM | User Guide - Page 150
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module The following example illustrates the configuration on the PC: interface FastEthernet2/3 switchport access vlan 10 Note Using a - Cisco NM-1A-OC3-POM | User Guide - Page 151
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module Flow Control on Gigabit Ethernet Ports Example The following examples show how to turn transmit and receive flow control on - Cisco NM-1A-OC3-POM | User Guide - Page 152
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module The following is sample output from the show interfaces privileged EXEC command for Gigabit Ethernet interface 0/2: Switch( - Cisco NM-1A-OC3-POM | User Guide - Page 153
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address - Cisco NM-1A-OC3-POM | User Guide - Page 154
Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module 0 babbles, are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled - Cisco NM-1A-OC3-POM | User Guide - Page 155
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module Fallback Bridging Example This section describes how to configure fallback bridging on your switch. It contains this - Cisco NM-1A-OC3-POM | User Guide - Page 156
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Examples for the 16- and 36-Port Ethernet Switch Module Changing the Switch Priority Example The following example shows how to set the switch priority to 100 for bridge group 10: - Cisco NM-1A-OC3-POM | User Guide - Page 157
• ip igmp snooping vlan mrouter • ip igmp snooping vlan static • match (class-map configuration) • mls qos cos • mls qos map • mls qos trust • permit (access-list configuration) • police • policy-map • service-policy • show access-lists Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 157 - Cisco NM-1A-OC3-POM | User Guide - Page 158
Command Reference 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series • show class-map • show dot1x • show ip access-lists • show ip igmp snooping • show ip igmp snooping mrouter • show mls masks • show mls qos interface • show mls qos maps • show - Cisco NM-1A-OC3-POM | User Guide - Page 159
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 of all Remote Authentication Dial-In User Service (RADIUS) servers for authentication. • line-Uses the authentication server. The remaining methods enable AAA to authenticate the client by using locally configured data. For example, - Cisco NM-1A-OC3-POM | User Guide - Page 160
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series If you specify group radius, you must configure the RADIUS server by entering the radius-server host global configuration command. If you are not using a RADIUS server, you can use the local or local-case methods, which access - Cisco NM-1A-OC3-POM | User Guide - Page 161
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series class class To define a traffic classification for the policy to act on using the class-map name or access group, use the class policy-map configuration by using the service-policy interface configuration command; however, - Cisco NM-1A-OC3-POM | User Guide - Page 162
privileged EXEC mode, use the end command. Note For more information about configuring IP ACLs, refer to the "Configuring IP Services" chapter in the Cisco IOS IP Configuration Guide, Release 12.2. Examples The following example shows how to create a policy map named policy1. When attached to the - Cisco NM-1A-OC3-POM | User Guide - Page 163
example, when defining a class map, only one match command can be entered. Only one access control list (ACL) can be configured in a class map. The ACL can have multiple access control entries (ACEs). Note The switch does not support any deny conditions in an ACL configured in a class map. Cisco - Cisco NM-1A-OC3-POM | User Guide - Page 164
Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Note For more information about configuring IP ACLs, refer to the "Configuring IP Services" chapter in the Cisco IOS IP Configuration Guide, Release 12.2. Examples The following example shows how to configure the - Cisco NM-1A-OC3-POM | User Guide - Page 165
which is responsible for controlling access to the network through 802 server. Enables debugging of the 802.1x process, which includes 802.1x initialization, configuration, and the interaction with the port manager module : Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. - Cisco NM-1A-OC3-POM | User Guide - Page 166
and Cisco 3700 series routers. The dot1x, filtermgr, and fltdrv keywords were added. Usage Guidelines The undebug eswilp command is the same as the no debug eswilp command. Examples The following example shows debugging messages for the IGMP snooping services on the Ethernet switch network module - Cisco NM-1A-OC3-POM | User Guide - Page 167
platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Usage Guidelines Use the debug ip igmp snooping command to troubleshoot the IGMP snooping feature. Examples The following example shows debugging messages for the IGMP snooping services being displayed: Router# debug - Cisco NM-1A-OC3-POM | User Guide - Page 168
-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series debug tree configuration changes. Displays debugging messages for EtherChannel support. on the following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Usage Guidelines The - Cisco NM-1A-OC3-POM | User Guide - Page 169
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series debug spanning-tree Related Commands Command show debugging show spanning-tree Description Displays information about the types of debugging that are enabled. Displays - Cisco NM-1A-OC3-POM | User Guide - Page 170
) 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series deny (access-list configuration) To configure conditions for a named or numbered IP access control list (ACL), use the deny command in access-list configuration mode. To remove a deny condition - Cisco NM-1A-OC3-POM | User Guide - Page 171
IP ACLs, refer to the "Configuring IP Services" chapter in the Cisco IOS IP Configuration Guide, Release 12.2. Examples The following example shows how to create an extended IP ACL and to configure deny conditions for it: Switch(config)# ip access-list extended Internetfilter Switch(config-ext - Cisco NM-1A-OC3-POM | User Guide - Page 172
deny (access-list configuration) 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Note In these examples, all other IP access is implicitly denied. You can verify your settings by entering the show ip access-lists or show access-lists - Cisco NM-1A-OC3-POM | User Guide - Page 173
. Command Modes Global configuration Command History Release 12.1(6)EA2 12.2(15)ZJ Modification This command was introduced. This command was implemented on the following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Examples The following example shows how to - Cisco NM-1A-OC3-POM | User Guide - Page 174
series, and Cisco 3700 series routers. Usage Guidelines You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers. Examples The following example shows how - Cisco NM-1A-OC3-POM | User Guide - Page 175
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series dot1x multiple-hosts dot1x multiple-hosts To allow multiple hosts (clients) on an 802.1x-authorized port that has the dot1x port-control interface configuration access to the network. Examples The following example manual - Cisco NM-1A-OC3-POM | User Guide - Page 176
command was implemented on the following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Usage Guidelines The 802.1x protocol is supported on Layer 2 static-access ports. You can use the auto keyword only if the port is not configured as one of these types: • Trunk - Cisco NM-1A-OC3-POM | User Guide - Page 177
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series dot1x port-control Examples The following example shows how to enable 802.1x on Fast Ethernet interface 0/1: Switch(config)# interface fastethernet0/1 Switch(config-if)# dot1x port-control auto - Cisco NM-1A-OC3-POM | User Guide - Page 178
series, and Cisco 3700 series routers. Usage Guidelines You can use this command to reauthenticate a client without waiting for the configured number of seconds between reauthentication attempts (reauthperiod) and automatic reauthentication. Examples The following example shows how to manually - Cisco NM-1A-OC3-POM | User Guide - Page 179
following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Usage Guidelines You configure the amount of time between periodic reauthentication attempts by using the dot1x timeout re-authperiod global configuration command. Examples The following example shows how - Cisco NM-1A-OC3-POM | User Guide - Page 180
60 seconds. Command Modes Global configuration Command History Release 12.1(6)EA2 12.2(15)ZJ Modification This command was introduced. This command was implemented on the following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Usage Guidelines During the quiet - Cisco NM-1A-OC3-POM | User Guide - Page 181
dot1x re-authentication global configuration command. You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients or authentication servers. Examples The following example shows how to - Cisco NM-1A-OC3-POM | User Guide - Page 182
Cisco 3600 series, and Cisco 3700 series routers. Usage Guidelines You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients or authentication servers. Examples The following example - Cisco NM-1A-OC3-POM | User Guide - Page 183
forwards all packets. IP access groups can be separated on Layer 2 and Layer 3 interfaces. Note For more information about configuring IP ACLs, refer to the "Configuring IP Services" chapter in the Cisco IOS IP Configuration Guide, Release 12.2. Examples The following example shows how to apply - Cisco NM-1A-OC3-POM | User Guide - Page 184
Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series You can verify your settings by entering the show access-lists or show ip access-lists privileged EXEC command. Related Commands Command deny (access-list configuration) ip access-list permit (access-list configuration - Cisco NM-1A-OC3-POM | User Guide - Page 185
list command determines the prompt you get when you enter access-list configuration mode. Note For more information about configuring IP ACLs, refer to the "Configuring IP Services" chapter in the Cisco IOS IP Configuration Guide, Release 12.2. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ - Cisco NM-1A-OC3-POM | User Guide - Page 186
-list 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Examples The following example shows how to configure a standard ACL named Internetfilter1: Switch(config)# ip access-list standard Internetfilter1 Switch(config-std-nacl)# permit 192 - Cisco NM-1A-OC3-POM | User Guide - Page 187
the existing VLAN interfaces. The configuration is saved in nonvolatile RAM (NVRAM). Examples The following example shows how to globally enable IGMP . Enables IGMP Immediate-Leave processing. Configures a Layer 2 port as a multicast router port. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2( - Cisco NM-1A-OC3-POM | User Guide - Page 188
- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Command ip igmp snooping vlan static show ip igmp snooping Description Configures a Layer 2 port as a member of a group. Displays the IGMP snooping configuration. 188 Cisco IOS Release 12.2(2)XT - Cisco NM-1A-OC3-POM | User Guide - Page 189
the following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Usage Guidelines This command automatically configures the VLAN if it is not already configured. The configuration is saved in nonvolatile RAM (NVRAM). Examples The following example shows how to enable - Cisco NM-1A-OC3-POM | User Guide - Page 190
routers. Usage Guidelines Use the Immediate-Leave feature only when there is only one IP multicast receiver present on every port in the VLAN. The Immediate-Leave configuration is saved in nonvolatile RAM (NVRAM). The Immediate-Leave feature is supported only with IGMP version 2 hosts. Examples - Cisco NM-1A-OC3-POM | User Guide - Page 191
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series ip igmp snooping vlan immediate-leave Command Description show ip igmp snooping Displays the IGMP snooping configuration. show mac-address-table multicast Displays the Layer 2 multicast - Cisco NM-1A-OC3-POM | User Guide - Page 192
is useful for controlling traffic in Cisco router environments. The configured learning method is saved in nonvolatile RAM (NVRAM). Static connections to multicast routers are supported only on switch ports. Examples The following example shows how to configure Fast Ethernet interface 0/6 as - Cisco NM-1A-OC3-POM | User Guide - Page 193
ip igmp snooping vlan static show ip igmp snooping mrouter Description Configures IGMP Immediate-Leave processing. Configures a Layer 2 port as a member of a group. Displays the statically and dynamically learned multicast router ports. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 193 - Cisco NM-1A-OC3-POM | User Guide - Page 194
, and Cisco 3700 series routers. Usage Guidelines The command is used to statically configure the IP multicast group member ports. The static ports and groups are saved in nonvolatile RAM (NVRAM). Static connections to multicast routers are supported only on switch ports. Examples The following - Cisco NM-1A-OC3-POM | User Guide - Page 195
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series ip igmp snooping vlan static Command Description ip igmp snooping vlan mrouter Configures a Layer 2 port as a multicast router port. show mac-address-table multicast Displays the Layer 2 - Cisco NM-1A-OC3-POM | User Guide - Page 196
packets. Only IP access groups are supported. Only one match command per class map is supported. Note For more information about configuring IP ACLs, refer to the "Configuring IP Services" chapter in the Cisco IOS IP Configuration Guide, Release 12.2. Examples The following example shows how to - Cisco NM-1A-OC3-POM | User Guide - Page 197
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series match (class-map configuration) access group. Creates a class map to be used for matching packets to the class whose name you specify. Controls access to an interface. Displays QoS class maps. Displays QoS policy maps. Cisco - Cisco NM-1A-OC3-POM | User Guide - Page 198
Modes Interface configuration Command History Release 12.1(6)EA2 12.2(15)ZJ Modification This command was introduced. It replaced the switchport priority command. This command was implemented on the following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Usage - Cisco NM-1A-OC3-POM | User Guide - Page 199
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series mls qos cos The following example shows how to assign all the DSCP map or the DSCP-to-CoS map. mls qos trust Configures the port trust state. show interface fax/y switchport Displays switchport - Cisco NM-1A-OC3-POM | User Guide - Page 200
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series mls qos map To define the class of service (CoS)-to-Differentiated Services Code Point (DSCP) map or DSCP-to-CoS map, use the mls qos map command in global configuration value with a space. The supported DSCP values are 0, 8, 10 - Cisco NM-1A-OC3-POM | User Guide - Page 201
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco map by entering consecutive mls qos map commands. The supported DSCP values are 0, 8, 10, 16, 18, example shows how to define the CoS-to-DSCP map. CoS values 0 to 7 are mapped to DSCP values 8, 8, 8, 8, 24, 32, 56, and 56: Switch# configure - Cisco NM-1A-OC3-POM | User Guide - Page 202
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series mls qos trust To configure the port trust state and classify traffic by examining the class of service (CoS) or Differentiated Services it is an IP packet. Examples The following example shows how to configure a port to be a - Cisco NM-1A-OC3-POM | User Guide - Page 203
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series mls qos trust The following example shows how to configure a VLAN interface to be a DSCP-trusted port. DSCP-to-COS mapping occurs for all packets with the configured VLAN ID of 60 egressing from - Cisco NM-1A-OC3-POM | User Guide - Page 204
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series permit (access-list configuration) To configure conditions for a named or numbered IP access control list (ACL), use the permit command in access-list configuration mode. To remove a permit condition - Cisco NM-1A-OC3-POM | User Guide - Page 205
IP ACLs, refer to the "Configuring IP Services" chapter in the Cisco IOS IP Configuration Guide, Release 12.2. Examples The following example shows how to create an extended IP ACL and configure permit conditions for it: Switch(config)# ip access-list extended Internetfilter2 Switch(config-ext - Cisco NM-1A-OC3-POM | User Guide - Page 206
permit (access-list configuration) 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Note In these examples, all other IP access is implicitly denied. You can verify your settings by entering the show ip access-lists or show access-lists - Cisco NM-1A-OC3-POM | User Guide - Page 207
introduced. This command was implemented on the following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Usage Guidelines You can configure up to six policers on ingress Fast Ethernet ports. You can configure up to 60 policers on ingress Gigabit-capable Ethernet - Cisco NM-1A-OC3-POM | User Guide - Page 208
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Note For more information about configuring access control lists (ACLs), refer to the "Configuring Network Security with ACLs" chapter in the Catalyst 2950 Desktop Switch Software Configuration Guide for this release. Examples - Cisco NM-1A-OC3-POM | User Guide - Page 209
This command was implemented on the following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Usage Guidelines Entering the policy-map command enables the policy-map configuration mode. These configuration commands are available: • class: defines the classification - Cisco NM-1A-OC3-POM | User Guide - Page 210
direction. Note For more information about configuring access control lists (ACLs), refer to the "Configuring Network Security with ACLs" chapter in the Catalyst 2950 Desktop Switch Software Configuration Guide for this release. Examples The following example shows how to create a policy map - Cisco NM-1A-OC3-POM | User Guide - Page 211
the following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Usage Guidelines Only one policy map per ingress interface is supported. Service policy maps cannot be defined on egress interfaces. Note For more information about configuring access control lists (ACLs - Cisco NM-1A-OC3-POM | User Guide - Page 212
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show access-lists To display access control lists (ACLs) configured on the switch, use the show access-lists command in privileged EXEC mode. show access-lists [name | number] Syntax Description - Cisco NM-1A-OC3-POM | User Guide - Page 213
36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show access-lists Related Commands Command ip access-list show ip access-lists Description Configures an IP ACL on the switch. Displays the IP ACLs configured on a switch. Cisco IOS Release 12.2(2)XT - Cisco NM-1A-OC3-POM | User Guide - Page 214
Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show class-map To display quality of service (QoS) class Examples The following is sample output from the show class-map test command: Switch# show class-map test Class Map match-all test (id 2) Match access - Cisco NM-1A-OC3-POM | User Guide - Page 215
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show class-map Related Commands Command class-map match (class-map configuration) Description Creates a class map to be used for matching packets to the class whose name you specify. Defines the - Cisco NM-1A-OC3-POM | User Guide - Page 216
Cisco 3700 series routers. Usage Guidelines If you do not specify an interface, global parameters and a summary appear. If you specify an interface, details for that interface appear. If you specify an interface with the statistics keyword, statistics appear for all physical ports. Examples The - Cisco NM-1A-OC3-POM | User Guide - Page 217
State INITIALIZE Note In the previous example, the supp-timeout, server-timeout, and reauth-max values in the Global 802.1x Parameters section are not configurable.When relaying a request from the Remote Authentication Dial-In User Service (RADIUS) authentication server to the client, the supp - Cisco NM-1A-OC3-POM | User Guide - Page 218
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Table 20 show dot1x interface Field Descriptions Field Description Status Status of the port (authorized or unauthorized). The status of a port appears as authorized if the dot1x port-control interface configuration server. - Cisco NM-1A-OC3-POM | User Guide - Page 219
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show dot1x Table 21 show dot1x statistics Field default Description Resets the global 802.1x parameters to their default values. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 219 - Cisco NM-1A-OC3-POM | User Guide - Page 220
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show ip access-lists To display IP access control lists (ACLs) configured on the switch, use the show ip access-lists command in privileged EXEC mode. show ip access-lists [name | number] Syntax - Cisco NM-1A-OC3-POM | User Guide - Page 221
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show ip access-lists Related Commands Command access-list (IP extended) access-list (IP standard) ip access-list show access-lists Description Configures an extended ACL on the switch. - Cisco NM-1A-OC3-POM | User Guide - Page 222
show ip igmp snooping 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show ip igmp snooping To display the Internet Group Management Protocol (IGMP) snooping configuration of the switch or the VLAN, use the show ip igmp snooping command in - Cisco NM-1A-OC3-POM | User Guide - Page 223
Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configures IGMP Immediate-Leave processing. ip igmp snooping vlan mrouter Configures a Layer 2 port as a multicast router port. show mac-address-table multicast Displays the Layer 2 multicast entries for a VLAN. Cisco - Cisco NM-1A-OC3-POM | User Guide - Page 224
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show ip igmp snooping mrouter To display information on dynamically learned and manually configured multicast router In this example, Fa0/3 is a dynamically learned router port, and Fa0/2 is a configured static router port. - Cisco NM-1A-OC3-POM | User Guide - Page 225
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show mls masks show mls masks To display the details of the Access Control Parameters (ACPs) used for quality of service (QoS) and security access You can configure up to four ACPs (QoS and security) on a switch. Examples The - Cisco NM-1A-OC3-POM | User Guide - Page 226
Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Related Commands Command ip access-group policy-map Description Applies an IP ACL to an interface. Creates or modifies a policy map that can be attached to multiple interfaces and enters policy-map configuration mode - Cisco NM-1A-OC3-POM | User Guide - Page 227
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show mls qos interface show mls qos interface To display quality of service (QoS) information at the interface level, use the show mls qos interface command in privileged EXEC mode. show mls qos - Cisco NM-1A-OC3-POM | User Guide - Page 228
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show mls qos maps To display quality of service Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Usage Guidelines Maps are used to generate an internal Differentiated Services map. Examples The following - Cisco NM-1A-OC3-POM | User Guide - Page 229
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show mls qos maps The following is Related Commands Command mls qos map Description Defines the CoS-to-DSCP map and DSCP-to-CoS map. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 229 - Cisco NM-1A-OC3-POM | User Guide - Page 230
following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Usage Guidelines Use the show policy-map command without keywords to display all policy maps configured on the switch. Note In a policy map, the class named class-default is not supported. The switch does - Cisco NM-1A-OC3-POM | User Guide - Page 231
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show policy-map The following is sample output from policy map that can be attached to multiple interfaces to specify a service policy. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 231 - Cisco NM-1A-OC3-POM | User Guide - Page 232
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco supported. Valid interfaces include physical ports and VLANs. (Optional) Displays the default path cost method. (Optional) Displays root-switch status and configuration the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. - Cisco NM-1A-OC3-POM | User Guide - Page 233
-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series show spanning-tree Examples The following is tree 1 is executing the IEEE compatible Spanning Tree protocol Bridge Identifier has priority 32768, address 00e0.1eb2.ddc0 Configured hello time 2, max age 20 - Cisco NM-1A-OC3-POM | User Guide - Page 234
show spanning-tree 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Designated bridge has priority 32768, address 00e0.1eb2.ddc0 Designated port is 1, path cost 10 Timers: message age 0, forward delay 0, hold 0 BPDU: sent 0, - Cisco NM-1A-OC3-POM | User Guide - Page 235
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco replaced the show port storm-control command. This command was implemented on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers display broadcast storm-control information. Examples The following is sample output from - Cisco NM-1A-OC3-POM | User Guide - Page 236
show storm-control 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Table 22 describes the fields shown in the display. Table 22 show storm-control Field Descriptions Field Interface Filter State Upper Lower Current - Cisco NM-1A-OC3-POM | User Guide - Page 237
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series spanning-tree backbonefast spanning-tree backbonefast To enable the BackboneFast feature, use the spanning-tree backbonefast command in global configuration mode. To return to the default setting - Cisco NM-1A-OC3-POM | User Guide - Page 238
Modes Interface configuration Command History Release 12.1(6)EA2 12.2(15)ZJ Modification This command was introduced. It replaced the port storm-control command. This command was implemented on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. 238 Cisco IOS Release - Cisco NM-1A-OC3-POM | User Guide - Page 239
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series storm-control Usage Guidelines Use the storm-control command to enable or disable broadcast, multicast, or unicast storm control on a port. After a port is disabled during a storm, use the no shutdown interface configuration - Cisco NM-1A-OC3-POM | User Guide - Page 240
switchport 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series switchport To set an interface that is in Layer 3 mode into Layer 2 mode for Layer 2 configuration, use the switchport command in interface configuration mode. To set an interface in - Cisco NM-1A-OC3-POM | User Guide - Page 241
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series switchport Note The switchport command without keywords is not used on platforms that do not support Cisco show running-config Displays the current operating configuration. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15) - Cisco NM-1A-OC3-POM | User Guide - Page 242
Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Glossary 802.1d-IEEE standard for MAC bridges. 802.1p-IEEE standard for queuing and multicast support. 802.1q-IEEE standard for VLAN frame tagging. 802.1x-IEEE standard for port-based network access Class of Service. An - Cisco NM-1A-OC3-POM | User Guide - Page 243
Cisco's FX interface is an RJ-11 connector that allows an analog Cisco's FXS interface is an RJ-11 connector that allows connections to basic telephone service equipment, keysets, and PBXs. HSRP-Hot Standby Router . ISDN interface to primary rate access. Primary rate access consists of one 64-kbps D - Cisco NM-1A-OC3-POM | User Guide - Page 244
Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series QoS-quality of service. Measure of performance for a transmission system that reflects its transmission quality and service availability. RADIUS-Remote Access Dial-In User Service. A service used to authenticate - Cisco NM-1A-OC3-POM | User Guide - Page 245
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Glossary VQP-VLAN Query Protocol. VTP- a weight to each flow, where lower weights are the first to be serviced. WRR-Weighted Round-Robin. Type of round-robin scheduling that prevents low-priority - Cisco NM-1A-OC3-POM | User Guide - Page 246
Glossary 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series 246 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
 |
 |
1
Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
16- and 36-Port Ethernet Switch Module for
Cisco 2600 Series, Cisco 3600 Series, and
Cisco 3700 Series
Feature History
This feature module describes the 16- and 36-Port Ethernet Switch Module (NM-16ESW and
NM-36ESW) for Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers in
Cisco IOS Release 12.2(2)XT and Cisco IOS Release 12.2(8)T and above. Enhancements were added in
Cisco IOS Release 12.2(15)ZJ.
This document includes the following sections:
•
Feature Overview, page 2
•
Supported Platforms, page 45
•
Supported Standards, MIBs, and RFCs, page 45
•
Prerequisites, page 46
•
Configuration Tasks, page 46
•
Configuration Examples for the 16- and 36-Port Ethernet Switch Module, page 130
•
Command Reference, page 157
•
Glossary, page 242
Release
Modification
12.2(2)XT
This feature was introduced on the Cisco
2600
series, Cisco
3600
series, and
Cisco 3700 series routers.
12.2(8)T
This feature was integrated into Cisco IOS Release 12.2(8)T.
12.2(15)ZJ
Added switching software enhancements: IEEE 802.1x, QoS (including
Layer 2/Layer 3 CoS/DSCP mapping and rate limiting), security ACL,
IGMP snooping, per-port storm control, and fallback bridging support for
switch virtual interfaces (SVIs).