Guest

Products & Services

Cisco® Gigabit Ethernet Enhanced High-Speed WAN Interface Cards

  • Viewing Options

  • PDF (258.4 KB)
  • Feedback

General

Q. What are the 4- and 8-port Cisco ® Gigabit Ethernet Enhanced High-Speed WAN Interface Cards (EHWICs)?
A. The 4- and 8-port Cisco EtherSwitch ® 10/100/1000 Gigabit Ethernet EHWICs are Power over Ethernet (PoE)-capable integrated EHWIC switches for the Cisco Integrated Services Routers Generation 2 (ISR G2) routers. The Cisco Gigabit Ethernet EHWICs have either four or eight 10/100/1000 switched Gigabit Ethernet ports, with options for PoE support on all ports. The cards provide line-rate Layer 2 switching across the Gigabit Ethernet ports, using Cisco IOS ® Software embedded in Cisco Catalyst ® switches.
For the remainder of this document, the Cisco 4- and 8-port Cisco Gigabit Ethernet EHWICs are referred to as Cisco EtherSwitch EHWICs or EHWIC switches where applicable.
Features such as port autosensing, IEEE 802.1p, quality of service (QoS), VLAN trunking with 802.1Q, and 802.1d Spanning Tree Protocol are standard on the EHWIC switch. The PoE version of the EHWIC switch can power IEEE 802.3af-compliant devices such as Cisco IP Phones, Cisco wireless access points, or any other device with a power draw of up to 20W.
The EHWIC switches enable Cisco's industry-leading power initiatives, Cisco EnergyWise, Cisco Enhanced Power over Ethernet (ePoE), and per-port PoE power monitoring.
Cisco IOS Software on Cisco Catalyst switches allows network administrators to manage a single device using Cisco management tools or the router command-line interface (CLI) for LAN and WAN management, in addition to delivering a consistent user experience at branch offices.
Q. What are the product part numbers for the Cisco EtherSwitch EHWICs?
A. Four are available; they are listed in Table 1.

Table 1. Product Part Numbers for 4- and 8-Port Cisco EtherSwitch EHWICs

Product Number

Description

EHWIC-4ESG

4-port Cisco Gigabit EtherSwitch 10/100/1000BASE-TX autosensing EHWIC

EHWIC-4ESG-P

4-port Cisco Gigabit EtherSwitch 10/100/1000BASE-TX autosensing EHWIC with POE

EHWIC-D-8ESG

8-port Cisco Gigabit EtherSwitch 10/100/1000BASE-TX autosensing EHWIC

EHWIC-D-8ESG-

8-port Cisco Gigabit EtherSwitch 10/100/1000BASE-TX autosensing EHWIC with POE

Q. What do the Cisco EtherSwitch EHWICs offer the branch office?
A. The 4- and 8-port Cisco EtherSwitch EHWICs can reduce your company's total cost of ownership (TCO) by integrating Gigabit Ethernet switch ports within Cisco ISR G2 routers. These low-density Gigabit Ethernet switches offer small to medium-sized branch-office customers a combination of routing and Gigabit Ethernet switching integrated into a single device.
This integration allows network administrators to manage a single device using Cisco management tools or the router CLI for LAN and WAN management, reducing network complexity, lowering maintenance contract costs, and lessening staff training needs. It also simplifies software qualification efforts, and delivers a consistent user experience at branch offices.
The support for Cisco EnergyWise and Cisco ePoE enhances the ability of the branch office to scale to next-generation requirements and still meet important environmental initiatives for IT teams to operate a power-efficient network.
Q. Are the Cisco EtherSwitch EHWICs compatible with the first generation of Cisco Integrated Services Routers (ISRs)?
A. No. The EHWIC switch modules are made for the architecture in Cisco ISR G2 routers and are thus not backward-compatible with the previous generation of ISRs.
Q. How many Cisco EtherSwitch EHWICs can I install in the Cisco ISR G2 routers?
A. The maximum number of EHWIC switch modules supported varies among the ISR G2 models. From the Cisco 2911 and up, the previous limitation of a maximum of two high-speed WAN interface card (HWIC) switch modules per system has been lifted. You can install as many EHWIC switches as you have free EHWIC slots (refer to Table 2).

Table 2. Support Matrix for 4- and 8-Port Cisco EtherSwitch EHWICs. Maximum number cards per platform

 

Cisco 1921

Cisco 1941 and 1941W

Cisco 2901

Cisco 2911

Cisco 2921

Cisco 2951

Cisco 3925

Cisco 3925E

Cisco 3945

Cisco 3945E

EHWIC-4ESG

1

2

2

4

4

4

4

3

4

3

EHWIC-4ESG-P

1

2

2

4

4

4

4

3

4

3

EHWIC-D-8ESG

1

1

1

2

2

2

2

1

2

1

EHWIC-D-8ESG-P

1

1

1

2

2

2

2

1

2

1

Q. Why does the Cisco 1921 Integrated Services Router support only a single EHWIC switch module?
A. Unlike the Cisco 1941 and Cisco 2900 and 3900 Series ISRs, the Cisco 1921 platform does not have a backplane switch. The internal Gigabit Ethernet link of the EHWIC switch is connected directly to one of the internal CPU Gigabit Ethernet ports over a serializer/deserializer (SerDes). Thus the Cisco 1921 supports only one EHWIC switch module.
Q. What is the capacity of the internal connection for a Cisco EtherSwitch EHWIC?
A. The EHWIC switch modules do not use the 800-Mbps enhanced Double Data Rate DDR bus. It uses a 1-Gbps SerDes connection directly to the Multigigabit Fabric (MGF), enabling the higher Gigabit Ethernet capacity plus direct module-to-module communication.
Q. What devices can I connect to the Cisco EtherSwitch EHWIC external ports?
A. You can connect any device with a 10BASE-T, 100BASE-TX, or 1000BASE-TX interface.
Q. Can I configure the individual ports as routed ports?
A. No, the Cisco EtherSwitch EHWICs do not support routed ports. Layer 3 routing is done by using a Cisco IOS Software-based Switched Virtual Interface (SVI). The SVI is a Cisco IOS Software-based interface on which you can apply Layer 3 features such as Network Address Translation (NAT), QoS, access control lists (ACLs), routing, and IP addressing.
Q. Do the Cisco EtherSwitch EHWICs support inter-VLAN routing through the router CPU?
A. Yes, the Cisco EtherSwitch EHWICs support inter-VLAN routing through the SVI interface. All Layer 2 traffic destined for another VLAN or to a WAN interface on the router is routed through CPU via the SVI interface.
Q. Is stacking of Cisco EtherSwitch EHWICs supported?
A. Yes. With the new EHWIC switch, grouping switch modules together is called cascading. EHWIC switch modules are capable of cascading on all Cisco ISR G2 platforms that use an internal MGF.
Cascading multiple EHWIC switches over the MGF makes the system behave like a single switch. Many of the switch features, such as protected port and port and VLAN mirroring, will be able to function across modules - a feature that was not possible in earlier HWIC switch products.
For scaling cascaded switch modules, you are no longer limited to only two switch modules. The number of EHWIC slots on the platform limits the number of EHWIC switch modules that can be cascaded. Cascading is not supported on the Cisco 1921 because this platform supports only one EHWIC switch.
Layer 2 switching of packets will thus either be internal to each EHWIC switch, or go through the MGF when you have multiple EHWIC switch modules in the system acting as a unified switch. The router CPU is not involved in this operation.
Q. Do I have to use external ports when cascading Cisco EtherSwitch EHWICs?
A. No, cascading is supported over the internal MGF connection; hence external interfaces are no longer needed for this purpose.
Q. Will Cisco EtherSwitch EHWICs use the Cisco High-Speed Intrachassis Module Interconnect (HIMI) or VLAN connect feature to communicate over the MGF?
A. No, the EHWIC switch does not support the HIMI or the VLAN connect feature. The switch has a gigabit link to the MGF and transparently integrates into the system without having to set up additional features such as HIMI. Connecting over the MGF enables the EHWIC switch to directly communicate with other MGF-enabled modules in the system without involving CPU (Figure 1).

Figure 1. Direct Module-to-Module Connection Without Involving CPU

Q. How do the Cisco EtherSwitch EHWICs work with the Wireless LAN (WLAN) of a Cisco 1941?
A. The switch communicates with the wireless access point on the Cisco 1941 over the MGF, making it possible for devices associated with the wireless access point to communicate directly with devices connected to the EHWIC switch without CPU involvement. This feature is supported only for devices in the same VLAN.
Q. What are the packet paths using the MGF?
A. The packet paths shown in Figures 2 through 4 illustrate traffic flow in three examples of Cisco EtherSwitch EHWIC deployments.

Figure 2. Inter-VLAN Traffic Flow (Routed by CPU)

In Figure 2, traffic from an EHWIC switch port in VLAN 1 travels to another EHWIC switch port in VLAN 2. Traffic from an EHWIC switch port in VLAN 1 goes to the CPU through the MGF, and then is routed by Cisco IOS Software through VLAN 2 to the MGF and finally out the EHWIC switch port in VLAN 2.

Figure 3. Intra-VLAN Traffic (Single Module)

Figure 3 depicts the flow of traffic between local ports of an EHWIC switch in the same VLAN. The traffic is switched locally and does not go to the MGF.

Figure 4. Intra-VLAN Traffic (Cascaded System)

Figure 4 shows traffic flowing between ports in the same VLAN when multiple EHWIC switches form a cascaded system. The packets travel from the EHWIC switch to the MGF and then to the other EHWIC switch.
Q. Can I assign each switch port to a unique VLAN? If so, are there any limitations?
A. You can assign each switch port to its own VLAN, effectively providing some equivalence to routed ports. However, this assignment can cause serious performance and feature limitations because all traffic is handled by the software-based SVI interfaces. SVI interfaces, being virtual interfaces, are treated uniquely among interface types on the router. Many features are neither supported nor tested on these interfaces, including Point-to-Point Protocol over Ethernet (PPPoE) termination, Layer 2 Tunneling Protocol Version 3 (L2TPv3) termination, MAC address assignment, Layer 3 QoS, and others. You should carefully test any desired feature and solution before deploying it.
Q. Does the Cisco EtherSwitch EHWIC support any high-availability functions such as Hot Standby Router Protocol (HSRP)?
A. Yes, Cisco high-availability protocols HSRP and Global Load Balancing Protocol (GLBP) are supported, along with RFC 3768, Virtual Router Redundancy Protocol (VRRP).
Q. Can I mix onboard interfaces with EHWIC switch interfaces in the same high-availability group?
A. Yes.
Q. Can I connect two Cisco EtherSwitch EHWICs in two different routers?
A. Connecting between two chassis works the same as connecting a Cisco EtherSwitch EHWIC and an external Cisco Catalyst switch. The two EHWICs must be connected to each other using an external connection.
Q. Are there any restrictions or considerations I should be aware of?
A. Yes, Following is a summary of a few limitations when using the EHWIC switch:

• When the EHWIC switch is used on a platform without the MGF (Cisco 1921), only a single module is supported because the externally connected HWIC stacking feature is not supported on the EHWIC switch.

• The EHWIC switch is not supported on older ISR platforms (Cisco 1841 and Cisco 2800 and 3800 Series).

• You cannot use the EHWIC switch in conjunction with the HWICs with part numbers HWIC-4ESW and HWIC-D-9ESW and the network module with part number NM-16ESW/NM-36ESW.

• The EHWIC switch does not support HIMI or VLAN connect.

• The EHWIC switch does not support routed ports.

• The aggregated throughput of all the external ports to the MGF is 1 Gbps.

• IEEE 802.3at is not supported because of software limitations. It will be possible to enhance the software in the future and support 802.3at because the hardware already has support.

Positioning

Q. How does using the Cisco EtherSwitch EHWICs with the Cisco ISR G2 provide a lower cost of ownership for the branch office?
A. The new Cisco EtherSwitch EHWIC switches integrate Gigabit Ethernet switching, IP routing, and voice gateway capabilities into a single chassis, accommodating today's need for high traffic data, voice, and high-definition video in the branch office. Benefits of using this switch in the Cisco Integrated Services Routers include low management and maintenance expenses, low operational complexity, and accelerated time to deploy.
Q. How do the Cisco EtherSwitch EHWICs compare to the Cisco Catalyst desktop switches?
A. Cisco Catalyst desktop switches offer a wide variety of port densities and connectivity options. They are the industry leaders in scalable desktop switching and Layer 2 functions. With the Cisco Catalyst Enhanced Image Software, the desktop switches can route IP traffic at wire speed and run standard routing protocols.
The Cisco EtherSwitch EHWICs forward Layer 2 traffic at wire speed with a subset of the Layer 2 features of the desktop switches. However, the Cisco EtherSwitch EHWIC can take advantage of direct access to WAN interfaces, a wide set of Layer 3 options plus support for traditional protocols, encryption, and other security features. The Cisco EtherSwitch EHWICs also offer reduced TCO in presenting a single point of management, inclusion in the Cisco SMARTnet ® router contract, and the ability to use the redundancy options of the router such as the redundant power system (RPS).

Features

Q. What features are supported on the Cisco EtherSwitch EHWICs?
A. Table 3 lists the features supported on the Cisco EtherSwitch EHWICs.

Table 3. Detailed EHWIC Switch Feature List

Features

EHWIC Switch

New Features

10/100/1000-T

ü

ü

IEEE 02.1Q Trunking

ü

 

IEEE 802.1D Spanning Tree

ü

 

Static and dynamic MAC address learning

ü

 

IEEE 802.1x port-based and multiple supplicant

ü

 

IEEE 802.3af (15.4W)

ü

 

ePoE (20W)

ü

ü

IEEE 802.1p

ü

 

IEEE 802.1u (guest VLAN)

ü

 

Internet Group Management Protocol (IGMP) Snooping

ü

 

Auxiliary VLANs

ü

 

Number of VLANs supported (platform dependent)

16-64

ü

4095 possible VLAN IDs

ü

 

Shaped Deficit Weighted Round Robin (SDWRR) and fixed scheduling

ü

ü

Eight QoS queues per port

ü

ü

IEEE 802.1p for 802.1q tagged packets

ü

 

Port-based priority for untagged packets

ü

 

Priority override

ü

 

Switched Port Analyzer (SPAN)

ü

 

SPAN across multiple EHWICs

ü

ü

Number of Spanning Tree Protocol instances

1 per VLAN (64 maximum)

 

Per-port storm control

ü

 

MAC notification

ü

 

100 secure MAC addresses

ü

 

Dynamic Secure Port

ü

ü

Secure port filtering (port security)

ü

 

Private VLAN edge (protected port)

ü

 

Intrachassis cascading (no external link between EHWIC cards)

ü

ü

Protected port (across multiple EHWICs)

ü

ü

Bridge protocol data unit (BPDU) guard

ü

 

PortFast

ü

 

Jumbo Frames

ü

 

VLAN Trunking Protocol (VTP) (client, server, and transparent modes)

ü

 

Per VLAN Spanning Tree (PVST)

ü

 

Cisco EnergyWise technology

ü

 

Per-port power monitoring and policing

ü

ü

HSRP, Virtual Router Redundancy Protocol (VRRP), and GLBP on VLAN interfaces

ü

 

Automatic Media-Dependant Interface Crossed Over (Auto-MDIX)

ü

 

MGF integration

ü

 

Multiple cards automatically stacked, no CLI needed

ü

ü

Number of EHWIC slots limit the number of modules supported; the Cisco 1921 supports only one module

ü

ü

Complete integration with WLAN through MGF

ü

ü

CiscoWorks LAN Management Solution (LMS)

ü

 

Remote Monitoring (RMON) support

ü

 

Q. What features are not supported on the Cisco EtherSwitch EHWICs?
A. Table 4 lists the features that are not supported on the Cisco EtherSwitch EHWICs.

Table 4. Cisco EtherSwitch EHWIC: Features Not Supported

Features Not Supported

Layer 3 switching (this switching is done through the router)

Dynamic VLAN for access port

VTP pruning

Routed port

Per-port enabling and disabling of unknown multicast and unicast packets

Cisco Group Management Protocol (GMP) client

Cisco Cluster Management Suite (CMS) support

IEEE 802.1s Multiple Spanning Tree Protocol (MSTP)

IEEE 802.1w Rapid Spanning Tree Protocol (RSTP)

Q. Which 802.1x features do the Cisco EtherSwitch EHWICs support?
A. The EHWIC switch supports 802.1x authentication on a per-port basis, allowing the HWIC to enable or disable ports based on 802.1x authentication.
Q. Do the Cisco EtherSwitch EHWICs support bridging to the switched virtual interfaces (SVIs)?
A. Yes, SVIs can become members of bridge groups and perform transparent bridging.
Q. Do the Cisco EtherSwitch EHWICs support data-link switching plus (DLSW+)?
A. Yes.
Q. Is SPAN supported on the Cisco EtherSwitch EHWICs?
A. Yes, SPAN is supported on all EHWIC switch ports and also across modules when cascaded using the internal MGF connection.
Q. What SPAN features are supported on the EHWIC switch?
A. The following SPAN features are supported:

• One active SPAN session is supported at any given time.

• All ports on an EHWIC switch as well as all ports in a cascaded system can be mirrored in one SPAN session.

• Only one destination is allowed.

• SPAN ports should be on the same EHWIC module or cascaded system.

Q. Are there any performance effects I should be aware of when enabling SPAN port mirroring?
A. No; because forwarding to the SPAN port takes place independently of the normal forwarding, switch performance is not affected. SPAN across a cascaded system does not affect performance because SPAN traffic travels over the MGF.
Q. Do the Cisco EtherSwitch EHWICs support Auto-MDIX detection?
A. Yes.
Q. What is the maximum number of VLANs supported for the Cisco EtherSwitch EHWICs?
A. The number depends on the platform (refer to Table 5).

Table 5. Maximum Number of Supported VLANs per Platform

Platform

VLANs

Cisco 1900 Integrated Services Router

16

Cisco 2901 Integrated Services Router

16

Cisco 2911 Integrated Services Router

32

Cisco 2921, 2951, and 3925 Integrated Services Routers

48

Cisco 3945 Integrated Services Router

64

Cisco 3925E and 3945E Integrated Services Routers

64

Q. Does the Cisco EtherSwitch EHWIC support Cisco Cluster Management Suite (CMS)?
A. No. Cisco CMS is currently not supported by EHWIC switches.
Q. Does a Cisco EtherSwitch EHWIC provide line-rate switching?
A. Yes.
Q. How many MAC addresses does the EHWIC switch support?
A. The EHWIC switch supports up to 8000 MAC addresses.
Q. Can you manually or dynamically create VLAN MAC-address tables?
A. Yes. You can both dynamically and manually create VLAN MAC-address tables.
Q. Is online insertion and removal (OIR) supported for the Cisco EtherSwitch EHWICs?
A. No. OIR for the 4- and 8-port EHWICs is not supported on the Cisco ISRs.

Inline Power and Optional Power Supply

Q. What are the capabilities of the inline power option?
A. The inline power option provides the following capabilities to the HWIC:

• Inline power provides 48-VDC power over standard Category 5 unshielded twisted pair (UTP) cable up to 100 meters. Instead of requiring wall power, terminal devices such as IP telephones can use inline power provided from the optional internal power supply on the respective chassis.

• Using the Phone Discovery feature, the EHWIC switch automatically detects the presence of an IP phone and supplies Cisco product-based inline power.

Q. How is IP phone power provided to the 4- and 8-port EHWIC switches?
A. Power is provided through field-replaceable power supplies that, along with the inline power modules (4- and 8-port modules: part numbers ILPM-4 and ILPM-8), provide the PoE function.
Q. How much power can each port on the Cisco EtherSwitch EHWIC supply?
A. Each port can supply a maximum of 20 watts if using ePoE, up to a total of 120W per EHWIC switch.
Q. Do I need the power daughter card, and how does it connect to the power-supply chassis internal to the router?
A. Yes, you need the power daughter card with the Cisco EtherSwitch EHWIC switch to supply inline power to IP phones. The inline power is supplied by the backplane connector when the EHWIC is installed in the router.
Q. What happens if I exceed the system power-supply limit on the Cisco EtherSwitch EHWICs? Will the power daughter card load share the power to supply power to each of my devices?
A. The power daughter card does not load share power. The maximum power is based on the respective power supplies supported on the various router chassis. Devices connected to the network EHWICs receive power up to the maximum rated capacity of the respective power supply, and any remaining devices exceeding the power wattage limit do not receive any power because the limit has been reached.
Q. What happens if I exceed the power limit on a port of the Cisco EtherSwitch EHWICs?
A. If a port exceeds 20W, an overload condition is detected and power to the port is removed.
Q. What is the Inline power daughter card part number for the Cisco EtherSwitch EHWICs?
A. The EHWIC switch is using the same daughter card for inline power as the HWIC, hence it has the same part number (ILPM-4 and ILPM-8).
Q. Can I upgrade my existing Cisco EtherSwitch EHWIC switch to include inline power?
A. Yes, the internal power-supply chassis, power supply, and power-supply daughter card for the EHWIC are all orderable separately.
Q. Is the inline power function 802.3af-compliant?
A. Yes, both 4- and 8-port Cisco EHWICs are 802.3af-compliant.
Q. Do the default power supplies provide any PoE capability?
A. There is no connection to the PoE bus in the routers without the PoE power-supply option.
Q. Can I provide PoE using a DC power supply?
A. There is no ability to provide PoE functions with a DC power supply.

Security Support

Q. What security features are available for the Cisco EtherSwitch EHWICs?
A. Cisco offers several security options, including:

• Port security: Secure and Dynamic Secure Port

• TACACS+: Authentication of management access to the switches

Q. What is Secure and Dynamic Secure Port?
A. Secure and Dynamic Secure Port is a new feature implemented in the Cisco EtherSwitch EHWICs. Secure Port helps protect unauthorized access to the network by restricting MAC addresses that can be connected to the switch interface. Only defined MAC addresses have access to the network. If you attempt to connect a new device, for example, a laptop, on the port that has already enabled port security and the port has reached the maximum number of allowed MAC addresses, the device will not be allowed access to the network until an administrator changes the configuration on the switch.
The features of Port Security follow:

• Restrict only specified MAC addresses on a certain port. Devices that have other MAC addresses cannot connect to the network.

• Restrict the number of MAC addresses on a certain port. The port inserts the MAC address dynamically to the configuration when a new device has plugged in until it reaches the maximum number of allowed MAC addresses.

Q. Are Secure Port and static MAC address configuration the same thing?
A. No. A secure port and static MAC address configuration are mutually exclusive.
Q. Can I configure Secure Port on all Cisco EtherSwitch EHWIC port types?
A. No. A secure port cannot:

• Be a trunk port

• Be a destination port for SPAN

• Be part of a Cisco EtherChannel port-channel interface

• Be an 802.1X port.

Q. What are the secure MAC address types?
A.

• Static secure MAC addresses: These addresses are manually configured by using the mac-address-table secure configuration command, stored in the address table, and added to the switch running configuration.

• Dynamic secure MAC addresses: These addresses are dynamically configured, stored only in the address table, and removed when the switch restarts.

• Sticky secure MAC addresses: These addresses can be dynamically learned or manually configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, when the switch restarts the interface does not need to dynamically reconfigure them.

Secure addresses do not age out.
Q. How do sticky secure MAC addresses work?
A. You can configure an interface to convert the dynamic MAC addresses to sticky secure MAC addresses and to add them to the running configuration by enabling sticky learning. After sticky learning is enabled, the interface converts all the dynamic secure MAC addresses, including those dynamically learned before sticky learning was enabled, to sticky secure MAC addresses. All sticky secure MAC addresses are added to the running configuration.
The sticky secure MAC addresses do not automatically become part of the configuration file, which is the startup configuration used each time the switch restarts. If the sticky secure MAC addresses are saved in the configuration file, when the switch restarts the interface does not need to relearn these addresses. Otherwise, the sticky secure addresses are lost.
If sticky learning is disabled, the sticky secure MAC addresses are converted to dynamic secure addresses and removed from the running configuration.
Q. Do the Cisco EtherSwitch EHWICs support 802.1x authentication?
A. Yes.
Q. Can I enable 802.1x authentication on all port types of an EHWIC switch?
A. No. The 802.1X protocol is supported on Layer 2 static-access ports, but it is not supported on the following port types:

• Trunk port: If you try to enable 802.1X on a trunk port, an error message appears, and 802.1X is not enabled. If you try to change the mode of an 802.1X-enabled port to trunk, the port mode is not changed.

• Dynamic ports: A port in dynamic mode can negotiate with its neighbor to become a trunk port. If you try to enable 802.1X on a dynamic port, an error message appears, and 802.1X is not enabled. If you try to change the mode of an 802.1X-enabled port to dynamic, the port mode is not changed.

• Dynamic-access ports: If you try to enable 802.1X on a dynamic-access (VLAN Query Protocol [VQP]) port, an error message appears, and 802.1X is not enabled. If you try to change an 802.1X-enabled port to dynamic VLAN assignment, an error message appears, and the VLAN configuration is not changed.

• Cisco EtherChannel port: Before enabling 802.1X on the port, you must first remove the port from the Cisco EtherChannel before enabling 802.1X on it. If you try to enable 802.1X on an EtherChannel or on an active port in an EtherChannel, an error message appears, and 802.1X is not enabled. If you enable 802.1X on a not-yet-active port of an EtherChannel, the port does not join the EtherChannel.

• Secure port: You cannot configure a secure port as an 802.1X port. If you try to enable 802.1X on a secure port, an error message appears, and 802.1X is not enabled. If you try to change an 802.1X-enabled port to a secure port, an error message appears, and the security settings are not changed.

• SPAN destination port: You can enable 802.1X on a port that is a SPAN destination port; however, 802.1X is disabled until the port is removed as a SPAN destination. You can enable 802.1X on a SPAN source port.

Q. Does 802.1x authentication require an external server?
A. The 802.1x port authentication standard uses RADIUS to validate the device on the port. RADIUS runs on a separate server.
Q. Is private VLANs supported?
A. Private VLAN (PVLAN) edge (protected port) is supported. Unlike private VLANs, the PVLAN edge feature is significant only locally to the switch, and no isolation is provided between two protected ports located on different switches. A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port in the same switch. You cannot forward traffic between protected ports at Layer 2; you must forward all traffic passing between protected ports through a Layer 3 device.

Voice Support

Q. Can I have data and voice on the same port of the Cisco EtherSwitch EHWICs?
A. Yes. You can have both data and voice on the same port, although having both voice and data on the same VLAN is not recommended because of voice quality concerns. We recommend using voice VLANs for your voice traffic.
Q. What is the voice VLAN feature?
A. The voice VLAN feature allows the switch to automatically configure a Cisco IP Phone. It also allows you to add IP phones to the network while retaining the current addressing scheme by creating a new subnet for voice traffic.
Q. Do I need to configure a trunk port to enable the voice VLAN feature?
A. No. You can configure voice VLAN directly on an access port.
Q. What is the difference between an auxiliary VLAN for the Cisco Catalyst switches and the voice VLAN for the Cisco EtherSwitch EHWICs?
A. There is no difference on the EHWIC switch. Voice VLANs are configured on Cisco EtherSwitch EHWICs using an auxiliary VLAN function in the background.
Q. What is a voice VLAN identifier (VVID)?
A. The VVID is a value in the range of 0 to 1025. VLAN0 is the VVID for 802.1p encapsulation, and VLAN1025 is the VVID for 802.3 (untagged) mode.
Q. Can I send data traffic over a voice VLAN?
A. Only voice packets should be allowed on voice VLANs. Data packets should stay on native or trunking VLANs to preserve QoS. If data and voice traffic are configured on the same VLAN, voice traffic does not have the higher priority over data traffic needed to ensure voice quality.
Q. What voice protocols are supported for originating and terminating voice-over-IP (VoIP) calls with the Cisco EtherSwitch HWICs?
A. Skinny Client Control Protocol (SCCP), H.323, and Media Gateway Control Protocol (MGCP) are supported.
Q. Can you connect several IP phones together in a daisy-chain fashion to connect to the Cisco EtherSwitch EHWICs?
A. You can connect Cisco IP Phones in a daisy-chain fashion to the EHWIC switch. Only the first phone in the chain can be powered by the inline power from the EHWIC. All the other phones in the daisy chain must be plugged into wall power. You should configure the EHWIC switch such that the first IP phone treats all other Cisco IP Phones connected to it as trusted devices. Thus, any voice call from any of the IP phones in the daisy chain gets the same high priority as the first IP phone.

Note: All voice and data traffic on the port in this configuration has the same priority if it is configured in the same VLAN. Hence, Cisco strongly recommends that you not connect any workstations at the far end of the Cisco IP Phone daisy chain because both the voice and data traffic in this scenario get the same high priority and the quality of voice calls may be adversely affected.

Q. What are the benefits of daisy chaining IP phones and PCs together?
A. Daisy chaining IP phones and PCs together saves ports on the EHWIC switch.

QoS Features

Q. What QoS features are available for the Cisco EtherSwitch EHWICs?
A. The Cisco EtherSwitch HWICs support IEEE 802.1p class-of-service (CoS) priority for 802.1Q tagged frames, port-based priority for native frames, and port priority to overwrite the IEEE 802.1p priority.
Q. What type of queuing does the Cisco EtherSwitch EHWIC support?
A. The EHWIC switch uses Shaped Deficit Weighted Round Robin (SDWRR).
Q. What is SDWRR?
A. Shaped Deficit Weighted Round Robin (SDWRR) is a scheduling mechanism well suited for high-speed multiplexing of variable-length packet flows, designed to overcome starvation and jitter problems commonly associated with schedulers based on Strict Priority and first in, first out (FIFO).
In Strict Priority the scheduler serves a flow only if no higher-priority packets are queued, possibly resulting in constant starvation of lower-priority flows when the traffic consists of a large quantity of higher-priority packets. In FIFO scheduling, packets are served in the order they arrive. The problem here is that QoS markings are not honored; in addition, a misbehaving flow could risk monopolizing the bandwidth.
SDWRR solves the problems with Strict Priority and FIFO by allocating a minimal amount of bandwidth to a traffic flow, thereby preventing long-term starvation of that flow. It also enables traffic flows to share excess capacity, such as unreserved bandwidth plus reserved but unused bandwidth. SDWRR defines how much attention the queue is given in case of congestion. The weight essentially defines the number of packets taken from queue each time the Weighted Round Robin (WRR) scheduler runs through queues in sequence.
Q. How many queues per port does the Cisco EtherSwitch EHWIC support?
A. It supports eight QoS queues per port.
Q. What is port-based reclassification?
A. Port-based reclassification allows you to reclassify IEEE 802.1p CoS values on a per-port basis (with CLIs). This feature enables finer granularity of control to implement LAN-edge QoS. It helps to prevent rogue PCs that are transmitting packets from getting higher priority relative to mission-critical applications, such as IP telephony.
Q. What is 802.1p prioritization?
A. The 802.1Q/p standard defines the use of the 3-bit CoS field in the 802.1Q tag field, thus supporting up to eight CoSs.
Q. How does 802.1p priority support IP telephony?
A. The Cisco IP Phones, such as the Cisco Unified IP Phone 7900 Series, tag the voice packets with CoS 5 priority. Therefore, the EHWIC switch classifies these packets as high priority by placing them in the appropriate queue, and then provides expedited forwarding. This prioritization helps minimize delay and jitter for voice applications.
Q. What is port-based prioritization?
A. Port-based prioritization applies only to untagged packets. You can configure a 3-bit field for ingress port priority on a per-port basis through a CLI. This 3-bit field performs the same classification and egress queue selection function as the CoS field for tagged packets. Note that the frame never gets tagged during this process.
If the configured ingress port priority is high (values 4 to 7), the untagged frame is sent to the high-priority queue on the egress port. If the default ingress port priority is low (values 0 to 3), the untagged frame is sent to the low-priority queue on the egress port. Three bits are used for port priority to provide compatibility with the CoSs achieved using CoS for tagged frames.
Q. How does port prioritization support IP telephony?
A. For ports where IP phones, such as the Cisco Unified IP Phone 7900, are attached, the default port priority should be low priority (such as a value in the range 0 to 3). This priority helps ensure that traffic from computers attached to the IP phones does not get high priority relative to the voice tagged packets from the phone.
In general, unless the port is a trusted device whose traffic deserves to be high priority, default port priority to all the access ports should be low (priority values 0 to 3).
Q. How does prioritization apply to ingress and egress ports?
A. The 802.1p and port-based prioritizations apply only to traffic leaving the egress port. Traffic entering the ingress port is sent directly to the shared memory or CPU, depending on the priority.
Q. Can the Cisco EtherSwitch EHWICs support 802.1p and port prioritizations at the same time?
A. Yes. The switch uses 802.1p prioritization for the incoming tagged packets and port-based prioritization for the incoming untagged packets. The two modes function in a mutually exclusive and complementary manner.
Q. Can I assign the 802.1p priority for untagged 802.3 packets?
A. Yes, you can assign the EHWIC switch for untagged 802.3 packets an 802.1p priority to refine the traffic inside your network.
Q. Is QoS affected if voice and data packets are configured on the same VLAN?
A. Normally voice and data traffic are configured on different VLANs, but you can configure them on the same VLAN. Voice quality is degraded, depending on the amount of data traffic, so this configuration is not recommended.

Network Management

Q. How are the Cisco EtherSwitch EHWICs managed?
A. Like all Cisco network elements, the EHWIC switch can be managed with Simple Network Management Protocol (SNMP), with Remote Monitoring (RMON), with a Telnet session, or directly through a router console connection.
Q. Do the Cisco EtherSwitch EHWICs support CiscoView and CiscoWorks?
A. Yes, CiscoWorks Resource Manager Essentials and CiscoView are supported, both of which are part of the CiscoWorks Family.
Q. Does the Cisco Configuration Professional support the Cisco EtherSwitch EHWICs?
A. Yes.

Ordering Information

Q. Which platforms support the Cisco EtherSwitch EHWICs, and what is the minimum Cisco IOS Software release and feature set required to support it?
A. The Cisco EtherSwitch EHWICs are supported in all Cisco IOS Software feature sets on the platforms listed in Table 6.

Table 6. Minimum Supported Cisco IOS Software Version

Integrated Services Router Version

Minimum Cisco IOS Software Release

Cisco 1900 Series: Cisco 1921 and 1941

15.1(2)T: IP Base

Cisco 2900 Series: Cisco 2901, 2911, 2921, and 2951

15.1(2)T: IP Base

Cisco 3900 Series: Cisco 3925, 3925E, 3945 and 3945E

15.1(2)T: IP Base

Q. Where can I find the data sheet for the Cisco EtherSwitch EHWICs?
A. Data sheets and Q&As for all Cisco ISR G2 modules are available at: http://wwwin.cisco.com/artg/interface_cards_g2.shtml.
Q. Are there any additional memory requirements for the Cisco EtherSwitch EHWICs?
A. No, the Cisco ISR G2 platforms come with a minimum of 256 MB, which is more than enough to accommodate one or more EHWICs.
Q. Are there any Cisco IOS Software image requirements for supporting PoE?
A. There are no image or feature set requirements for supporting PoE. You must install an inline power module on the switch card, either discretely or by purchasing the PoE models when ordering. The hosting router must have a PoE power supply installed.