Assigning IP Addresses to Switch Virtual Interfaces
Cisco Intelligent Power Management
Creating a Static Entry in the MAC Address Table
MAC Address-Based Traffic Blocking
Configuring and Verifying the Aging Timer
Configuring the Switched Port Analyzer
Removing Sources or Destinations from a SPAN Session
Configuring Layer 2 Quality of Service
Configuring 802.1p COS-based queue mapping
Configuring the CoS value for an Interface
Configuring LAN Ports for Layer 2 Switching
Default Layer 2 LAN Interface Configuration
Configuring LAN Interfaces for Layer 2 Switching
Configuring a LAN Port for Layer 2 Switching
Configuring a Layer 2 Switching Port as a Trunk
Multiple Spanning Tree protocol
Configuring Optional STP Features
Enabling PortFast BPDU Filtering
Managing the Cisco NIM ES2-4 and Cisco NIM ES2-8 Using OIR
The Cisco 4-Port and 8-Port Layer 2 Gigabit EtherSwitch Network Interface Module (NIM) integrates the Layer 2 features and provides a 1-Gbps connection to the multigigabit fabric (MGF) for intermodule communication.
The Cisco NIM-ES2-4 and Cisco NIM-ES2-8 are capable of providing up to 30 watts of power per port with the robust Power over Ethernet (POE), Power over Ethernet Plus (PoE+), and Enhanced Power over Ethernet (ePoE) features, which work on Cisco 4000 Series ISR families.
The following is the feature history for the Cisco 4-Ports and 8-Ports Layer 2 Gigabit EtherSwitch Network Interface Modules :
Finding Support Information for Platforms and Cisco IOS Software Images
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Cisco IOS XE Release 3.15S is required to install the Cisco NIM-ES2-4 or Cisco NIM-ES2-8.
To determine the version of Cisco IOS software that is running on your router, log in to the router and enter the show version command:
Cisco IOS XE Software, Version 03.15.00.S - Standard Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(2)S, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Sun 22-Mar-15 02:32 by mcpre
This section describes the features and some important concepts about the Cisco NIM-ES2-4 and Cisco NIM-ES2-8:
Note For a list of Cisco IOS switch feature documentation with information on various supported features on your Cisco NIM-ES2-4 and Cisco NIM-ES2-8, see the Related Documentation
The Cisco 4-Ports and 8-Ports Layer 2 Gigabit EtherSwitch Network Interface Modules (Cisco NIM-ES2-4 and Cisco NIM-ES2-8) are switch modules to which you can connect Cisco IP phones, Cisco wireless access point workstations, and other network devices such as video devices, routers, switches, and other network switch modules.
The following Cisco 4-Ports and 8-Ports Layer 2 Gigabit EtherSwitch Network Interface Modules are supported on the Cisco 4000 Series ISRs:
For complete information about the Cisco NIM-ES2-4 and Cisco NIM-ES2-8 hardware, see the Installing the Cisco 4-Port and 8-Port Layer 2 Gigabit EtherSwitch Network Interface Module guide.
The following are the switching software features supported on the Cisco NIM-ES2-4 and Cisco NIM-ES2-8:
To configure IP routing, you need to assign IP addresses to Layer 3 network interfaces. This enables communication with the hosts on those interfaces that use IP. IP routing is disabled by default, and no IP addresses are assigned to Switch Virtual Interfaces (SVIs).
An IP address identifies a destination for IP packets. Some IP addresses are reserved for special uses and cannot be used for host, subnet, or network addresses. RFC 1166, “Internet Numbers,” contains the official description of these IP addresses.
An interface can have one primary IP address. A a subnet mask identifies the bits that denote the network number in an IP address.
Beginning in privileged EXEC mode, follow these steps to assign an IP address and a network mask to an SVI
The IEEE 802.1x standard defines a client/server-based access control and authentication protocol that prevents clients from connecting to a LAN through publicly accessible ports unless they are authenticated. The authentication server authenticates each client connected to a port before making available any services offered by the router or the LAN.
Until the client is authenticated, IEEE 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) traffic through the port to which the client is connected. After authentication, normal traffic can pass through the port. See Configuring IEEE 802.1X Port-Based Authentication chapter in the Cisco 7600 Series Router Software Configuration Guide, Cisco IOS Release 15S.
IGMP snooping allows switches to examine IGMP packets and make forwarding decisions based on their content. You can configure the switch to use IGMP snooping in subnets that receive IGMP queries from either IGMP or the IGMP snooping querier. IGMP snooping constrains IPv4 multicast traffic at Layer 2 by configuring Layer 2 LAN ports dynamically to forward IPv4 multicast traffic only to those ports that want to receive it.
Layer 2 switches can use IGMP snooping to constrain the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast devices. As the name implies, IGMP snooping requires the LAN switch to snoop on the IGMP transmissions between the host and the router and to keep track of multicast groups and member ports. When the switch receives an IGMP report from a host for a particular multicast group, the switch adds the host port number to the forwarding table entry; when it receives an IGMP Leave Group message from a host, it removes the host port from the table entry. It also periodically deletes entries if it does not receive IGMP membership reports from the multicast clients. For more information on this feature, see http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-2_1_e/configuration/guide/scg3750x/swigmp.html.
The Cisco NIM-ES2-8-P supports POE (802.3af) and POE+(802.3at) on all its 8 ports. PoE provides up to 15.4 Watts of power, and PoE+ provides up to 30 Watts of power. By using PoE, you do not need to supply connected PoE- enabled devices with wall power. This eliminates the cost for additional electrical cabling that would otherwise be necessary for connected devices.
Note To ensure the PoE feature is functional, verify the availability of PoE power on your router using the show platform and show power commands.
The NIM-ES2-8-P PoE configuration is same as on ISR 4400 router FPGE ports. Please see Configuring PoE for FPGE Ports for how to configure PoE on NIM-ES2-8-P ports.
In this example, power is being supplied to an IP phone though NIM-ES2-8-P Gi0/1/1 port.
The PDs and the switch negotiate power through CDP messages for an agreed power-consumption level. The negotiation allows high-power Cisco PDs to operate at their highest power mode.
The PoE plus feature enables automatic detection and power budgeting; the switch maintains a power budget, monitors, and tracks requests for power, and grants power only when it is available. See the Configuring the External PoE Service Module Power Supply Mode section in the Catalyst 3560 Switch Software Configuration Guide, Cisco IOS Release 15.0(2)SE and Later.
Power policing allows to monitor the real-time power consumption. On a per-PoE port basis, the switch senses the total power consumption, polices the power usage, and reports the power usage. For more information on this feature, see Related Documentation.
This section includes the following:
Creating a Static Entry in the MAC Address Table
Perform the following task to create a static entry in the MAC address table.
Perform the following task to block all traffic to or from a MAC address in a specified VLAN.
Spanning Tree Protocol (STP) is a Layer 2 link management protocol that provides path redundancy while preventing undesirable loops in the network. For a Layer 2 Ethernet network to function properly, only one active path can exist between any two stations. Spanning tree operation is transparent to end stations, which cannot detect whether they are connected to a single LAN segment or to a switched LAN of multiple segments. For more information on this feature, see http://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/software/feature/guide/geshwic_cfg.html.
This section describes how to configure a Switched Port Analyzer (SPAN) session on Cisco NIM-ES2-4 and Cisco NIM-ES2-8. The following restrictions apply to the Cisco NIM-ES2-4 and Cisco NIM-ES2-8:
Note Tx, Rx, or both Tx and Rx monitoring is supported.
To configure the source for a SPAN session, use the monitor session session source { interface type 0/slot/port | vlan vlan_ID [, | - | rx | tx | both ]} command in global configuration mode. This command specifies the SPAN session, the source interfaces or VLANs, and the traffic direction to be monitored.
To configure the destination for a SPAN session, use the monitor session session destination { interface type slot/subslot/port | - | rx | tx | both ]} command in global configuration mode.
Use the show monitor session command to verify the sources and destinations configured for the SPAN session.
To remove sources or destinations from the SPAN session, use the no monitor session session command in global configuration mode as shown in the following example:
Cisco NIM-ES2-4 and Cisco NIM-ES2-8 supports four egress queues on each port for L2 data traffic. The four queues are strict priority queues by default, which is, queue one is lowest priority queue and queue four is highest priority queue. Shaped Deficit Weight Round Robin (SDWRR) is also supported and the weight of each queue can be configured.
The Cisco NIM-ES2-4 and Cisco NIM-ES2-8 L2 QoS configuration is a global configuration and it is not per module nor per port.
Beginning in privileged EXEC mode, follow these steps to configure the CoS based queue mapping:
To disable the new CoS settings and return to default settings, use the no wrr-queue cos-map global configuration command.
Beginning in privileged EXEC mode, follow these steps to configure the SDWRR priority:
Assign SDWRR weights to the four CoS queues. The range for the WRR values weight1 through weight4 is 1 to 255. |
||
Note Once SDWRR priority is configured the SDWRR scheduling will be activated and strict priority will be disabled. To disable the SDWRR scheduling and enable the strict priority scheduling, use the no wrr-queue bandwidth global configuration command.
Beginning in privileged EXEC mode, follow these steps to define the default CoS value of a port or to assign the default CoS to all incoming packets on the port:
To return to the default setting, use the no switchport priority {default | override} interface configuration command.
Virtual local-area networks (VLANs) are a group of end stations with a common set of requirements, independent of physical location. VLANs have the same attributes as a physical LAN but allow you to group end stations even if they are not located physically on the same LAN segment. For more information on this feature, see http://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/software/feature/guide/geshwic_cfg.html.
This chapter describes how to use the command-line interface (CLI) to configure Gigabit Ethernet, and 10/100/1000-Gigabit Ethernet LAN ports for Layer 2 switching on the Cisco 4000 series routers. The configuration tasks in this section apply to LAN ports on LAN switching modules.
Table 1-2 lists the Layer 2 LAN port modes and describes how they function on LAN ports.
Note DTP is a point-to-point protocol. However, some internetworking devices might forward DTP frames improperly. To avoid this problem, ensure that LAN ports connected to devices that do not support DTP are configured with the access keyword if you do not intend to trunk across those links. To enable trunking to a device that does not support DTP, use the nonegotiate keyword to cause the LAN port to become a trunk but not generate DTP frames.
Table 1-3 shows the Layer 2 LAN port default configuration.
These sections describe how to configure Layer 2 switching on the Cisco4000 series routers:
Note Use the default interface {ethernet | fastethernet | gigabitethernet | tengigabitethernet} slot/subslot/port command to revert an interface to its default configuration.
To configure a LAN port for Layer 2 switching, perform this task:
Router(config)# interface type 1 slot/subslot/port |
||
(Optional) Shuts down the interface to prevent traffic flow until configuration is complete. |
||
Router# show running-config interface [ type 1 slot/port ] |
||
Router# show interfaces [ type 1 slot/subslot/port ] switchport |
||
Router# show interfaces [ type 1 slot/subslot/port ] trunk |
After you enter the switchport command, the default mode is switchport mode dynamic desirable. If the neighboring port supports trunking and is configured to allow trunking, the link becomes a Layer 2 trunk when you enter the switchport command. By default, LAN trunk ports negotiate encapsulation. If the neighboring port supports ISL and 802.1Q encapsulation and both ports are set to negotiate the encapsulation type, the trunk uses ISL encapsulation (10-Gigabit Ethernet ports do not support ISL encapsulation).
These section describe configuring a Layer 2 switching port as a trunk:
Note ● Complete the steps in the “Configuring a LAN Port for Layer 2 Switching” section before performing the tasks in this section.
To configure the Layer 2 switching port as an ISL or 802.1Q trunk, perform this task:
When configuring the Layer 2 switching port as 802.1Q trunk, note the following information:
Note Complete the steps in the “Configuring a LAN Port for Layer 2 Switching” section before performing the tasks in this section.
To configure the Layer 2 trunk to use DTP, perform this task:
Router(config-if)# switchport mode dynamic { auto | desirable } |
|
Reverts to the default trunk trunking mode (switchport mode dynamic desirable). |
When configuring the Layer 2 trunk to use DTP, note the following information:
Note Complete the steps in the “Configuring a LAN Port for Layer 2 Switching” section before performing the tasks in this section.
To configure the Layer 2 trunk not to use DTP, perform this task:
When configuring the Layer 2 trunk not to use DTP, note the following information:
Note Complete the steps in the “Configuring a LAN Port for Layer 2 Switching” section before performing the tasks in this section.
(Optional) Configures the access VLAN, which is used if the interface stops trunking. The vlan_ID value can be 1 through 4094, except reserved VLANs. |
|
Note Complete the steps in the “Configuring a LAN Port for Layer 2 Switching” section before performing the tasks in this section.
To configure the 802.1Q native VLAN, perform this task:
When configuring the native VLAN, note the following information:
Note Complete the steps in the “Configuring a LAN Port for Layer 2 Switching” section before performing the tasks in this section.
To configure the list of VLANs allowed on a trunk, perform this task:
Router(config-if)# switchport trunk allowed vlan { add | except | none | remove } vlan [, vlan [, vlan [,...]] |
(Optional) Configures the list of VLANs allowed on the trunk. |
When configuring the list of VLANs allowed on a trunk, note the following information:
STP is a Layer 2 link-management protocol that provides path redundancy while preventing undesirable loops in the network. For a Layer 2 Ethernet network to function properly, only one active path can exist between any two stations. STP operation is transparent to end stations, which cannot detect whether they are connected to a single LAN segment or a switched LAN of multiple segments.
Cisco 4-Ports and 8-Ports Layer 2 Gigabit EtherSwitch Network Interface Modules use STP (the IEEE 802.1D bridge protocol) on all VLANs. By default, a single instance of STP runs on each configured VLAN (provided you do not manually disable STP). You can enable and disable STP on a per-VLAN basis.
Cisco 4-Ports and 8-Ports Layer 2 Gigabit EtherSwitch Network Interface Modules support the following three STP:
MST maps multiple VLANs into a spanning tree instance, with each instance having a spanning tree topology independent of other spanning tree instances. This architecture provides multiple forwarding paths for data traffic, enables load balancing, and reduces the number of spanning tree instances required to support a large number of VLANs. MST improves the fault tolerance of the network because a failure in one instance (forwarding path) does not affect other instances (forwarding paths).
Per-VLAN Spanning Tree+ (PVST+) is an extension of the PVST standard. Per-VLAN Spanning Tree+ (PVST+) allows interoperability between CST and PVST in Cisco switches and supports the IEEE 802.1Q standard.
Rapid-PVST uses the existing configuration for PVST+; however, Rapid-PVST uses RSTP to provide faster convergence. Independent VLANs run their own RSTP instance. Dynamic entries are flushed immediately on a per-port basis upon receiving a topology change. UplinkFast and BackboneFast configurations are ignored in Rapid-PVST mode; both features are included in RSTP.
Table 1-4 shows the default STP configuration.
Note STP is disabled by default on all VLANs.
You can enable STP on a per-VLAN basis. The Cisco 4-Ports and 8-Ports Layer 2 Gigabit EtherSwitch Network Interface Modules maintain a separate instance of STP for each VLAN (except on VLANs on which you disable STP).
To enable STP on a per-VLAN basis, perform this task:
Enables STP on a per-VLAN basis. The vlan_ID value can be 1 through 4094, except reserved VLANs (see Table 1-4). |
||
Reverts all STP parameters to default values for the specified VLAN. |
||
Disables STP on the specified VLAN; see the following Cautions for information regarding this command. |
||
This example shows how to enable STP on VLAN 200:
Note STP is disabled by default.
This example shows how to verify the configuration:
Note You must have at least one interface that is active in VLAN 200 to create a VLAN 200 spanning tree. In this example, two interfaces are active in VLAN 200.
To enable PortFast on a Layer 2 access port, perform this task:
Router(config)# interface { type 2 slot/port } |
||
Enables PortFast on a Layer 2 access port connected to a single workstation or server. |
||
Router# show running interface { type 1 slot/port } |
This example shows how to enable PortFast on Gigabit Ethernet interface 1:
This example shows how to verify the configuration:
To enable the default PortFast configuration, perform this task:
This example shows how to enable the default PortFast configuration:
These sections describe how to configure PortFast BPDU filtering.
To enable PortFast BPDU filtering globally, perform this task:
BPDU filtering is set to default on each port. This example shows how to enable PortFast BPDU filtering on the port and verify the configuration in PVST+ mode:
To enable PortFast BPDU filtering on a nontrunking port, perform this task:
This example shows how to enable PortFast BPDU filtering on a nontrunking port:
To enable BPDU Guard globally, perform this task:
UplinkFast increases the bridge priority to 49152 and adds 3000 to the STP port cost of all Layer 2 LAN interfaces on the Cisco 7600 series router, decreasing the probability that the router will become the root bridge. The max_update_rate value represents the number of multicast packets transmitted per second (the default is 150 packets per second). UplinkFast cannot be enabled on VLANs that have been configured for bridge priority. To enable UplinkFast on a VLAN with bridge priority configured, restore the bridge priority on the VLAN to the default value by entering a no spanning-tree vlan vlan_ID priority command in global configuration mode.
Note When you enable UplinkFast, it affects all VLANs on the Cisco 7600 series router. You cannot configure UplinkFast on an individual VLAN.
To enable UplinkFast, perform this task:
This example shows how to enable UplinkFast with an update rate of 400 packets per second:
This example shows how to verify that UplinkFast is enabled:
Note BackboneFast operates correctly only when enabled on all network devices in the network. BackboneFast is not supported on Token Ring VLANs. This feature is supported for use with third-party network devices.
To enable BackboneFast, perform this task:
This example shows how to enable BackboneFast:
This example shows how to verify that BackboneFast is enabled:
This section provides information on managing the Cisco NIM-ES2-4 and Cisco NIM-ES2-8 on the Cisco 4000 Series ISR using OIR. The online insertion and removal (OIR) feature allows you to insert or remove your Cisco NIM-ES2-4 and Cisco NIM-ES2-8 from a Cisco 4000 series ISR without powering down the module. This process is also referred to as a surprise or hard OIR. The Cisco 4000 series ISR also supports any-to-any OIR, which means that a Network Interface Module (NIM) in a slot can be replaced by another NIM using the OIR feature.
When a module is inserted, power is available on the NIM, and it initializes itself to start functioning. The hot-swap functionality allows the system to determine when a change occurs in the unit’s physical configuration and to reallocate the unit's resources to allow all interfaces to function adequately. This feature allows interfaces on the NIM to be reconfigured while other interfaces on the router remain unchanged. The software performs the necessary tasks involved in handling the removal and insertion of the NIM.
You can choose to gracefully power down your Cisco NIM-ES2-4 and Cisco NIM-ES2-8 before removing it from router. This type of OIR is also known as managed OIR or soft OIR. The managed OIR feature allows you to stop the power supply to your module using the hw-module subslot [ stop ] command and remove the module from one of the subslots while other active modules remain installed on the router.
Note If you are not planning to immediately replace a module after performing OIR, ensure that you install a blank filter plate in the subslot.
The stop option allows you to gracefully deactivate a module; the module is rebooted when the start option of the command is executed. The reload option will stop or deactivate a specified module and restart it.
This section provides the sample output for thee hw-module subslot slot / subslot reload command. The following example shows what appears when you enter the hw-module subslot slot-number/subslot-number reload command:
Installing the Cisco 4-Port and 8-Port Layer 2 Gigabit EtherSwitch Network Interface Module |
|
General information about configuration and command reference. |
Software Configuration Guide for the Cisco 4000 Integrated Services Router |
Regulatory Compliance and Safety Information for the Cisco 4000 Integrated Services Router |
|
Software Activation on Cisco Integrated Services Routers and Cisco Integrated Service Routers G2 |
Software Activation on Cisco Integrated Services Routers and Cisco Integrated Service Routers G2 |