ES4626/ES4650 Layer 3 Gigabit Switch Management Guide 1 www.edge-core.
Preface ES4626/ES4650 is a routing switch that can be deployed as the core layer device for campus and enterprise networks, or as an aggregation device for IP metropolitan area networks (MAN). The ES4626 provides 24 fixed 1000MB port (4 of which are fixed 1000MB Combo fiber cable port/copper cable ports) and 2 10GB XFP ports. The ES4650 provides 48 fixed 1000MB port (4 of which are fixed 1000MB Combo fiber cable port/copper cable ports) and 2 10GB XFP ports.
Contents Preface 2 Contents 3 Chapter 1 Switch Management _________________________________________ 12 1.1 Management Options ____________________________________________ 12 1.1.1 Out-of-band Management ____________________________________________ 12 1.1.2 In-band Management________________________________________________ 15 1.2 Management Interface____________________________________________ 21 1.2.1 CLI Interface ______________________________________________________ 21 1.2.
2.2.4 traceroute _________________________________________________________ 46 2.2.5 show ______________________________________________________________ 47 2.2.6 debug _____________________________________________________________ 53 2.3 Configuring Switch IP Addresses _________________________________ 53 2.3.1 Configuring Switch IP Addresses Task Sequence _________________________ 53 2.3.2 Commands for Configuring Switch IP Addresses _________________________ 54 2.
3.4.1 Monitor and Debug Commands _______________________________________115 3.4.2 Port Troubleshooting Help____________________________________________116 3.5 WEB Management ______________________________________________ 116 3.5.1 Ethenet port configuration ___________________________________________116 3.5.2 Vlan interface configuration __________________________________________118 3.5.3 Port mirroring configuration_________________________________________ 120 3.5.
5.4 VLAN Troubleshooting Help _____________________________________ 160 5.4.1 Monitor and Debug Information______________________________________ 160 5.4.2 VLAN Troubleshooting Help_________________________________________ 162 5.5 WEB Management ______________________________________________ 162 5.5.1 Vlan configuration _________________________________________________ 162 5.5.2 GVRP configuration________________________________________________ 168 5.5.
8.2 802.1X Configuration____________________________________________ 211 8.2.1 802.1X Configuration Task Sequence ___________________________________211 8.2.2 802.1X Configuration Command _____________________________________ 216 8.3 802.1X Apply Example___________________________________________ 226 8.4 802.1X Trouble Shooting ________________________________________ 227 8.4.1 802.1X Debug and Monitor Command_________________________________ 227 8.4.2 802.
10.3 Port Channel Example_________________________________________ 262 10.4 Port Channel Troubleshooting Help ____________________________ 264 10.4.1 Monitor and Debug Commands ______________________________________ 264 10.4.2 Port Channel Troubleshooting Help ___________________________________ 269 10.5 Web Management _____________________________________________ 270 10.5.1 LACP port group configuration ______________________________________ 270 10.5.
12.4.3 Time difference _______________________________________________________ 308 12.4.4 Show sntp ___________________________________________________________ 308 Chapter 13 13.1 QoS Configuration _________________________________________ 309 QoS__________________________________________________________ 309 13.1.1 Introduction to QoS ________________________________________________ 309 13.1.2 QoS Configuration __________________________________________________311 13.1.
15.3.2 RIP Configuration _________________________________________________ 369 15.3.3 Typical RIP Scenario _______________________________________________ 385 15.3.4 RIP Troubleshooting Help ___________________________________________ 387 15.4 OSPF ________________________________________________________ 389 15.4.1 Introduction to OSPF_______________________________________________ 389 15.4.2 OSPF Configuration________________________________________________ 392 15.4.
16.6 IGMP_________________________________________________________ 485 16.6.1 Introduction to IGMP ______________________________________________ 485 16.6.2 IGMP configuration ________________________________________________ 486 16.6.3 Typical IGMP Scenario _____________________________________________ 492 16.6.4 IGMP Troubleshooting Help _________________________________________ 492 16.7 web Management _____________________________________________ 495 16.7.
Chapter 1 Switch Management 1.1 Management Options After purchasing the switch, the user needs to configure the switch for network management. ES4626/ES4650 provides two management options: in-band management and out-of-band management. 1.1.1 Out-of-band Management Out-of-band management is the management through Console interface. Generally, the user will use out-of-band management for the initial switch configuration, or when in-band management is not available.
Serial port cable One end attach to the RS-232 serial port, the other end to the Console port. ES4626/ES4650 Functional Console port required. Step 2 Entering the HyperTerminal Open the HyperTerminal included in Windows after the connection established. The example below is based on the HyperTerminal included in Windows XP. 1) Click Start menu - All Programs – Accessories – Communication - HyperTerminal. Fig 1-2 Opening HyperTerminal (1) 2) Type a name for opening HyperTerminal, such as “Switch”.
Fig 1-4 Opening HyperTerminal (3) 4) COM1 property appears, select “9600” for “Baud rate”, “8” for “Data bits”, “none” for “Parity checksum”, “1” for stop bit and “none” for traffic control; or, you can also click “Revert to default” and click “OK”.
Power on the switch. The following appears in the HyperTerminal windows, that is the CLI configuration mode for ES4626. ES4626 Management Switch Copyright (c) 2001-2004 by Accton Technology Corporation. All rights reserved. Reset chassis ... done. Testing RAM... 134,217,728 RAM OK. Initializing... Attaching to file system ... done. Loading nos.img ... done. Starting at 0x10000... Current time is WED APR 20 09: 37: 52 2005 ES4626 Series Switch Operating System, Software Version ES4626 1.1.0.
the switch. In the case when in-band management fails due to switch configuration changes, out-of-band management can be used for configuring and managing the switch. 1.1.2.1 Management via Telnet To manage the switch with Telnet, the following conditions should be met: 1) Switch has an IP address configured 2) The host IP address (Telnet client) and the switch’s VLAN interface IP address is in the same network segment.
management (i.e. Console mode), The configuration commands are as follows (All switch configuration prompts are assumed to be “switch” hereafter if not otherwise specified): Switch> Switch>en Switch#config Switch(Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip address 10.1.128.251 255.255.255.0 Switch(Config-If-Vlan1)#no shutdown Step 2: Run Telnet Client program. Run Telnet client program included in Windows with the specified Telnet target.
will be able to enter the switch’s CLI configuration interface. The commands used in the Telnet CLI interface after login is the same as in that in the Console interface. Fig 1-8 Telnet Configuration Interface 1.1.2.
Switch(Config)#ip http server Step 2: Run HTTP protocol on the host. Open the Web browser on the host and type the IP address of the switch. Or run directly the HTTP protocol on the Windows. For example, the IP address of the switch is “10.1.128.251”. Fig 1-9 Run HTTP Protocol Step 3: Logon to the switch To logon to the HTTP configuration interface, valid login user name and password are required; otherwise the switch will reject HTTP access.
Fig 1-10 Web Login Interface Input the right username and password, and then the main Web configuration interface is shown as below.
Fig 1-11 Main Web Configuration Interface 1.2 Management Interface 1.2.1 CLI Interface CLI interface is familiar to most users. As aforementioned, out-of-band management and Telnet login are all performed through CLI interface to manage the switch. CLI Interface is supported by Shell program, which consists of a set of configuration commands. Those commands are categorized according to their functions in switch configuration and management. Each category represents a different configuration mode.
z Input verification z Fuzzy match support 1.2.1.1 Configuration Modes User Mode Admin Mode ACL configuration mode Route configuration mode DHCP address pool configuration mode Vlan Mode Interface Mode Global Mode Fig 1-12 Shell Configuration Modes 1.2.1.1.1 User Mode On entering the CLI interface, entering user entry system first. If as common user, it is defaulted to User Mode. The prompt shown is “Switch>”, the symbol “>” is the prompt for User Mode.
Mode, it will also return to the Admin Mode. ES4626/ES4650 also provides a shortcut key sequence "Ctrl+z”, this allows an easy way to exit to Admin Mode from any configuration mode (except User Mode). Under Admin Mode, when disable command is run, it will return to User Mode. When exit command is run, it will exit the entry and enter user entry system direct. Next users can reenter the system on entering corresponding user name and password.
port-channel command to command settings under as port-channel port-channelx)# Global Mode. such to Global Mode. duplex mode, speed, etc. 1.2.1.1.3.2 VLAN Mode Using the vlan command under Global Mode can enter the corresponding VLAN Mode. Under VLAN Mode the user can configure all member ports of the corresponding VLAN. Run the exit command to exit the VLAN Mode to Global Mode. 1.2.1.1.3.
1.2.1.1.3.5 ACL Mode ACL type Standard IP ACL Mode Entry Prompt Operates Exit Type Switch(Config-Std-Nacl- Configure Use the “exit” access-list ip a)# parameters command to command for return under Standard Global Mode. Global Mode. IP to ACL Mode Extended IP ACL Mode Type Switch(Config-Ext-Nacl- Configure Use the “exit” access-list ip b)# parameters command to command for return under Extended Global Mode. Global Mode. IP to ACL Mode 1.2.1.
1.2.1.3 Shortcut Key Support ES4626/ES4650 provides several shortcut keys to facilitate user configuration, such as up, down, left, right and Blank Space. If the terminal does not recognize Up and Down keys, ctrl+p and ctrl+n can be used instead. Key(s) Function BackSpace Delete a character before the cursor, and the cursor moves back. Up “↑” Show previous command entered. Up to ten recently entered commands can be shown. Down “↓” Show next command entered.
“?” 1.Under any command line prompt, enter “?” to get a command list of the current mode and related brief description. 2.Enter a “?” after the command keyword with a embedded space. If the position should be a parameter, a description of that parameter type, scope, etc, will be returned; if the position should be a keyword, then a set of keywords with brief description will be returned; if the output is “”, then the command is complete, press Enter to run the command. 3.
ES4626/ES4650 Shell support fuzzy match in searching command and keyword. Shell will recognize commands or keywords correctly if the entered string causes no conflict. For example: 1. For Admin configuration command “show interfaces status ethernet 1/1”, typing “sh in status e 1/1” will work 2.
1.2.2.2 Interface Panel On the top of the management page, the switch interface shows the current status of the ports. Click the ports which are in the state of “Link Up”, the port statistics are shown on the right.
Chapter 2 Basic Switch Configuration 2.1 Basic Switch Configuration Commands The basic configuration for the switch including all the commands for entering and exiting the Admin Mode and Interface Mode, setting and displaying switch clock and displaying system version information. 2.1.1calendar set Command: calendar set {- |
- } Function: Set system date and time.
2.1.3 enable Command: enable Function: Enter Admin Mode from User Mode. Parameter: 0 and 15 are user access levels. 0 is normal user level. In this level, users can enter Admin Mode and conduct major commands such as show, ping and traceroute etc. But users can‘t enter Global Mode. 15 is privileged user level. In this level, users can conduct all the command of this level. is password for logging on to the privileged user mode.
Function: Modify the password to enter Admin Mode from the User Mode, press Enter after type in this command displays and parameter for the users to configure. Parameter: 0 is normal user access level, users can enter Admin Mode and conduct major commands such as show, ping and trace route etc. But users can‘t enter Global Mode. 15 is privileged user level. In this level, users can conduct all the command of this level.
0 exec timeout value indicate the system will never exit Admin Mode automatically. Example: Set timeout value for the switch to exit Admin Mode to 6 minutes. Switch(Config)#exec timeout 6 2.1.7 exit Command: exit Function: Exit the current mode to the previous mode. Under Global Mode, this command will return the user to Admin Mode, and in Admin Mode to User Mode, etc. Command mode: All configuration modes. Example: Switch#exit Switch> 2.1.
parameter of this command will delete the mapping. Parameter: is the host name, up to 15 characters are allowed; is the corresponding IP address for the host name, takes a dot decimal format. Command mode: Global Mode Usage Guide: Set the association between host and IP address, which can be used in commands like “ping ”. Example: Set IP address of a host with the hostname of “beijing” to 200.121.1.1. Switch(Config)#ip host beijing 200.121.1.
Example: Set username as “admin” and set password as “admin” Switch(Config)#username admin password 0 admin Switch(Config)# Related Command: username nopassword、username access-level、show users 2.1.12 username nopassword Command: username nopassword Function: Set the username for logging on the switch and set the password as null. Parameter: is the username. It can’t exceed 16 characters.
2.1.15 set default Command: set default Function: Reset the switch to factory settings. Command mode: Admin Mode Usage Guide: Reset the switch to factory settings. That is to say, all configurations made by the user to the switch will disappear. When the switch is restarted, the prompt will be the same as when the switch was powered on for the first time. Note: After the command, “write” command must be executed to save the operation. The switch will reset to factory settings after restart.
Command: write Function: Save the currently configured parameters to the Flash memory. Admin Mode Command mode: Usage Guide: After a set of configuration with desired functions, the setting should be saved to the Flash memory, so that the system can revert to the saved configuration automatically in the case of accidentally powered down or power failure. This is the equivalent to the copy running-config startup-config command. Related commands: copy running-config startup-config 2.
packets (i.e. ping failed), the last two packets are replied successfully, the successful rate is 40%. The switch represent ping failure with a “.”, for unreachable target; and ping success with “!” , for reachable target. Switch#ping protocol [IP]: Target IP address: 10.1.128.
remote host. If a connection to another remote host is desired, the current TCP connection must be dropped. 2.2.2.2 Telnet Task Sequence 1. Configuring Telnet Server 2. Telnet to a remote host from the switch. 1. Configuring Telnet Server Command Explanation Global Mode Enable the Telnet server function in the ip telnet server switch: the “no telnet-server enable” no ip telnet server command disables the Telnet function.
Command: monitor no monitor Function: Enable debug information for Telnet client login to the switch, the Console end debug display will be disabled at the same time; the “no monitor” command disables the debug information and re-enables the Console end debug display. . Command mode: Admin Mode Usage Guide: When Telnet client accessing the switch enables Debug information, the information is not shown in the Telnet interface, instead, it is displayed in the terminal connecting to the Console port.
no ip telnet server Function: Enable the Telnet server function in the switch: the “no telnet-server enable” command disables the Telnet function in the switch. Default: Telnet server function is enabled by default. Command mode: Global Mode Usage Guide: This command is available in Console only. The administrator can use this command to enable or disable the Telnet client to login to the switch. Example: Disable the Telnet server function in the switch. Switch(Config)#no telnet-server enable 2.2.2.3.
connection is protected from being intercepted and decrypted. The switch meets the requirements of SSH2.0. It supports SSH2.0 client software such as SSH Secure Client and putty. Users can run the above software to manage the switch remotely. The switch presently supports RSA authentication, 3DES cryptography protocol and SSH user password authentication etc. 2.2.3.2SSH Server Configuration Sequence 1.
2.2.3.3.1 ssh-server enable Command: ssh-server enable no ssh-server enable Function: Enable SSH function on the switch; the “no ssh-server enable” command disables SSH function. Command mode: Global Mode Default: SSH function is disabled by default. Usage Guide: In order that the SSH client can log on the switch, the users need to configure the SSH user and enable SSH function on the switch. Example: Enable SSH function on the switch. Switch(Config)#ssh-server enable 2.2.3.3.
Parameter: is timeout value; valid range is 10 to 600 seconds. Command mode: Global Mode Default: SSH authentication timeout is 180 seconds by default. Example: Set SSH authentication timeout to 240 seconds. Switch(Config)#ssh-server timeout 240 2.2.3.3.
2.2.3.3.6 monitor Command: monitor no monitor Function: Display SSH debug information on the SSH client side and stop displaying SSH debug information on the Console; the “no monitor” command stops displaying SSH debug information on the SSH client side and enables to display SSH debug information on the Console.
2.2.3.5.1 show ssh-user Command: show ssh-user Function: Display the configured SSH usernames. Parameter: Admin Mode Example: Switch#show ssh-user test Related command: ssh-user 2.2.3.5.2 show ssh-server Command: show ssh-server Function: Display SSH state and users which log on currently. Command mode: Admin Mode Example: Switch#show ssh-server ssh-server is enabled connection version 1 2.0 state user name session started test Related command: ssh-server enable, no ssh-server enable 2.2.3.5.
sector. Parameter: is the target host IP address in dot decimal format. is the hostname for the remote host. is the maximum gateway number allowed by Traceroute command. Is the timeout value for test packets in milliseconds, between 100 – 10000. Default: The default maximum gateway number is 16, timeout in 2000 ms. Command mode: Admin Mode Usage Guide: Traceroute is usually used to locate the problem for unreachable network nodes. Related command: ip host 2.2.
Command mode: Admin Mode Example: Check for currently enabled debug switch. Switch#show debugging STP: Stp input packet debugging is on Stp output packet debugging is on Stp basic debugging is on Switch# Related command: debug 2.2.5.3 dir Command: dir Function: Display the files and their sizes in the Flash memory. Command mode: Admin Mode Example: Check for files and their sizes in the Flash memory. Switch#dir boot.rom 329,828 1900-01-01 00: 00: 00 --SH boot.conf 94 1900-01-01 00: 00: 00 --SH nos.
2.2.5.5 show memory Command: show memory Function: Display the contents in the memory. Command mode: Admin Mode Usage Guide: This command is used for switch debug purposes. The command will interactively prompt the user to enter start address of the desired information in the memory and output word number. The displayed information consists of three parts: address, Hex view of the information and character view.
2.2.5.7 show startup-config Command: show startup-config Function: Display the switch parameter configurations written into the Flash memory at the current operation, those are usually also the configuration files used for the next power-up. Default: If the configuration parameters read from the Flash are the same as the default operating parameter, nothing will be displayed.
Port VID : 1 VLAN number belong to the current Interface Trunk allowed Vlan : ALL VLAN allowed to be crossed by Trunk. 2.2.5.9 show tcp Command: show tcp Function: Display the current TCP connection status established to the switch. Command mode: Admin Mode Example: Switch#show tcp LocalAddress 0.0.0.0 LocalPort 23 0.0.0.0 80 Displayed information ForeignAddress 0.0.0.0 0.0.0.0 ForeignPort 0 State LISTEN 0 Description LISTEN LocalAddress Local address of the TCP connection.
2.2.5.11 show users Command: show users Function: Display all user information that can login the switch . Usage Guide: This command can be used to check for all user information that can login the switch . Example: Switch#show users User level admin havePasword 0 Online user info: user 1 ip login time(second) usertype Switch# Related command: username password、username access-level 2.2.5.
2.2.6 debug All the protocols ES4626/ES4650 supports have their corresponding debug commands. The users can use the information from debug command for troubleshooting. Debug commands for their corresponding protocols will be introduced in the later chapters. 2.3 Configuring Switch IP Addresses All Ethernet ports of ES4626/ES4650 is default to DataLink layer ports and perform layer 2 forwarding.
no ip address [secondary]” command deletes VLAN [secondary] interface IP address. 2. BootP configuration Command Explanation ip address bootp Enable the switch to be a BootP client and no ip address bootp obtain IP address and gateway address through BootP negotiation; the “no ip bootp-client enable” command disables the BootP client function. 3.
Switch(Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip address 10.1.128.1 255.255.255.0 Switch(Config-If-Vlan1)#exit Switch(Config)# Related command: ip address bootp、ip address dhcp 2.3.2.2 ip address bootp Command: ip address bootpno ip address bootp Function: Enable the switch to be a BootP client and obtain IP address and gateway address through BootP negotiation; the “no ip bootp-client enable” command disables the BootP client function and releases the IP address obtained in BootP .
Switch (Config)#interface vlan 1 Switch (Config-If-Vlan1)# ip address dhcp Switch (Config-If-Vlan1)#exit Switch (Config)# Related command: ip address, ip address bootp 2.4 SNMP 2.4.1Introduction to SNMP SNMP (Simple Network Management Protocol) is a standard network management protocol widely used in computer network management. SNMP is an evolving protocol.
requests, replies with Get-Response message. On some special situations, like network device ports are on Up/Down status or the network topology changes, Agents can send Trap messages to NMS to inform the abnormal events. Besides, NMS can also be set to alert to some abnormal events by enabling RMON function. When alert events are triggered, Agents will send Trap messages or log the event according to the settings. Inform-Request is mainly used for inter-NMS communication in the layered network management.
Fig 2-1 ASN.1 Tree Instance In this figure, the OID of the object A is 1.2.1.1. NMS can locate this object through this unique OID and gets the standard variables of the object. MIB defines a set of standard variables for monitored network devices by following this structure. If the variable information of Agent MIB needs to be browsed, the MIB browse software needs to be run on the NMS. MIB in the Agent usually consists of public MIB and private MIB.
group 1, 2, 3 and 9: Statistics: Maintain basic usage and error statistics for each subnet monitored by the Agent. History: Record periodical statistic samples available from Statistics. Alarm: Allow management console users to set any count or integer for sample intervals and alert thresholds for RMON Agent records. Event: A list of all events generated by RMON Agent. Alarm depends on the implementation of Event. Statistics and History display some current or history subnet statistics.
community string. 3. Configure IP address of SNMP management base Command Explanation snmp-server securityip Configure the secure IP address which is no snmp-server securityip allowed to access the switch on the NMS; the “no snmp-server ” securityip command deletes configured secure address. snmp-server SecurityIP enable Enable or disable secure IP address check snmp-server SecurityIP disable function on the NMS. 4.
command is used for SNMP v3. {include|exclude} no snmp-server view 8. Configuring TRAP Command Explanation snmp-server enable traps Enable the switch to send Trap message. no snmp-server enable traps This command is used for SNMP v1/v2/v3. snmp-server host {v1|v2c|{v3 receive SNMP Trap information.
2.4.4.2.2 snmp-server community Command: snmp-server community {ro|rw} nmp-server community Function: Configure the community string for the switch; the “no snmp-server community ” command deletes the configured community string. Parameter: is the community string set; ro|rw is the specified access mode to MIB, ro for read-only and rw for read-write. Command mode: Global Mode Usage Guide: The switch supports up to 4 community strings.
no snmp-server engineid Function: Configure the engine ID; the “no snmp-server engineid < engine-string >” command restores the default engine ID. Parameter: is the engine ID which is 1-32 hexadecimal characters. Command mode: Global Mode Default: The engine ID is manufacturer number + local MAC address by default. Example 1: Set the engine ID to A66688999F. Switch(config)#snmp-server engineid A66688999F Example 2: Restore the default engine ID. Switch(config)#no snmp-server engineid 2.4.4.
snmp-server group {NoauthNopriv|AuthNopriv|AuthPriv} Function: Configure a new SNMP server group; the “no snmp-server group {NoauthNopriv|AuthNopriv|AuthPriv}” command deletes the group. Parameter: is the group name; NoauthNopriv means no encryption and no authentication; AuthNopriv means authentication and no encryption; AuthPriv means authentication and encryption; read-string is view name with read permission.
Command: snmp-server host {v1|v2c|{v3 {NoauthNopriv|AuthNopriv|AuthPriv}}} no snmp-server host {v1|v2c|{v3 {NoauthNopriv|AuthNopriv |AuthPriv}}} Function: This command functions differently for different versions of SNMP. For SNMP v1/v2, this command is used to configure Trap community string and the IP address of the NMS which receives SNMP Trap messages.
used for SNMP v1 and SNMP v2. Example 1: Set the secure IP address to 1.1.1.5 Switch(config)#snmp-server securityip 1.1.1.5 Example 2: Delete the secure IP address Switch(config)#no snmp-server securityip 1.1.1.5 2.4.4.2.10 snmp-server SecurityIP enable Command: snmp-server SecurityIP enable snmp-server SecurityIP disable Function: Enable or disable secure IP address check function on the NMS. Command mode: Global Mode Default: Secure IP address check function is enabled by default.
Switch(Config)#snmp-server community private rw Switch(Config)#snmp-server community public ro Switch(Config)#snmp-server securityip 1.1.1.5 The NMS can use “private” as the community string to access the switch with read-write permission, or use “public” as the community string to access the switch with read-only permission. Scenario 2: NMS will receive Trap messages from the switch (Note: NMS may have community string verification for the Trap messages.
Function: Display all SNMP counter information.
snmp packets output Total number of SNMP packet outputs. too big errors Number of “Too_ big” error SNMP packets. maximum packet size Maximum length of SNMP packets. no such name errors Number of packets requesting for non-existent MIB objects. bad values errors Number of “Bad_values” error SNMP packets. general errors Number of “General_errors” error SNMP packets. response PDUs Number of response packets sent. trap PDUs Number of Trap packets sent. 2.4.6.1.
2.4.6.1.3 show snmp engineid Command: show snmp engineid Function: Display SNMP engine ID information. Command mode: Admin Mode Example: Switch#show snmp engineid SNMP engineID: 3138633303f1276c Engine Boots is: 1 Displayed information Description SNMP engineID SNMP engine ID Engine Boots The number of times that the engine boots. 2.4.6.1.4 show snmp user Command: show snmp user Function: Display user name information.
Example: Switch#show snmp group Group Name: initial Security Level: noAuthnoPriv Read View: one Write View: Notify View: one Displayed information Description Group Name Group name Security level Security level Read View Read view name Write View Write view name Notify View Notify view name Users don’t specify view names. 2.4.6.1.6 show snmp view Command: show snmp view Function: Display view information.
Command: show snmp mib Function: Display all the MIB supported on the switch. Command mode: Admin Mode 2.4.6.2SNMP Troubleshooting Help When users configure the SNMP, the SNMP server may fail to run properly due to physical connection failure and wrong configuration, etc. Users can troubleshoot the problems by following the guide below: Good condition of the physical connection.
There are two methods for BootROM upgrade: TFTP and FTP, which can be selected at BootROM command settings. Console cable connection cable connection Fig -2-2 Typical topology for switch upgrade in BootROM mode The upgrade procedures are listed below: Step 1: As shown in the figure, a PC is used as the console for the switch. A console cable is used to connect PC to the management port on the switch. The PC should have FTP/TFTP server software installed and has the img file required for the upgrade.
BootRom version: 1.0.4 Creation date: Jun 9 2006, 14: 54: 12 Attached TCP/IP interface to lnPci0. [Boot]: Step 3: Under BootROM mode, run “setconfig” to set the IP address and mask of the switch under BootROM mode, server IP address and mask, and select TFTP or FTP upgrade. Suppose the switch address is 192.168.1.2/24, and PC address is 192.168.1.66/24, and select TFTP upgrade, the configuration should like: [Boot]: setconfig Host IP Address: 10.1.1.1 192.168.1.2 Server IP Address: 10.1.1.
[Boot]: Step 6: After successful upgrade, execute “run” command in BootROM mode to return to CLI configuration interface. [Boot]: run(or reboot) Other commands in BootROM mode 1. DIR command Used to list existing files in the FLASH. [Boot]: dir boot.rom boot.conf 327,440 1900-01-01 00: 00: 00 --SH 83 1900-01-01 00: 00: 00 --SH nos.img 2,431,631 1980-01-01 00: 21: 34 ---- startup-config 2,922 1980-01-01 00: 09: 14 ---- temp.img 2,431,631 1980-01-01 00: 00: 32 ---2.
There are two types of data connections: active connection and passive connection. In active connection, the client transmits its address and port number for data transmission to the sever, the management connection maintains until data transfer is complete.
allowed to save in ROM only. ES4626/ES4650 mandates the name of the boot file to be boot.rom. Configuration file: including start up configuration file and active configuration file. The distinction between start up configuration file and active configuration file can facilitate the backup and update of the configurations. Start up configuration file: refers to the configuration sequence used in switch start up.
(3)Configure retransmission times before timeout for packets without acknowledgement (4)Shut down TFTP server 1. FTP/TFTP client configuration (1)FTP/TFTP client upload/download file Command Explanation Admin Mode copy FTP/TFTP client upload/download file [ascii | binary] (2)For FTP client, server file list can be checked. Global Mode For FTP client, server file list can be checked.
Command Explanation Global Mode tftp-server retransmission-number < Set maximum retransmission time within timeout interval. number > (3)Modify TFTP server connection retransmission time Command Explanation Global Mode tftp-server retransmission-number < Set maximum retransmission time within timeout interval. number > 2.5.2.2.2 FTP/TFTP Configuration Commands 2.5.2.2.
Usage Guide: The command provides command line prompt messages. If the user enters a command like copy ftp: // or copy ftp: // and press Enter, the following prompt will appear: ftp server ip address [x.x.x.x] : ftp username> ftp password> ftp filename> This prompts for the FTP server address, username, password and file name. Example: (1)Save the mirror in FLASH to FTP server 10.1.1.1, the login username for the FTP server is “Switch”, and the password is “Accton”. Switch#copy nos.
no ftp-server enable Function: Start FTP server, the “no ftp-server enable” command shuts down FTP server and prevents FTP user from logging in. Default: FTP server is not started by default. Command mode: Global Mode Usage Guide: When FTP server function is enabled, the switch can still perform ftp client functions. FTP server is not started by default. Example: enable FTP server service. Switch#config Switch(Config)# ftp-server enable 2.5.2.2.
keyword Source/Target IP address running-config Active configuration file startup-config Start up configuration file nos.img System file boot.rom System boot file Command mode: Admin Mode Usage Guide: The command provides command line prompt messages. If the user enters a command like copy tftp: // or copy tftp: // and press Enter, the following prompt will appear: tftp server ip address> tftp filename> This prompts for the TFTP server address and file name.
Related command: tftp-server timeout 2.5.2.2.9 tftp-server retransmission-number Command: tftp-server retransmission-number Function: Set the retransmission time for TFTP server Parameter: < number> is the time to re-transfer, the valid range is 1 to 20. Default: The default value is 5 retransmission. Command mode: Global Mode Example: Modify the retransmission to 10 times. Switch#config Switch(Config)#tftp-server retransmission-number 10 2.5.2.2.
Scenario 1: The switch is used as FTP/TFTP client. The switch connects from one of its ports to a computer, which is a FTP/TFTP server with an IP address of 10.1.1.1; the switch acts as a FTP/TFTP client, the IP address of the switch management VLAN is 10.1.1.2. Download “nos.img” file in the computer to the switch. FTP Configuration Computer side configuration: Start the FTP server software on the computer and set the username “Switch”, and the password “switch”. Place the “12_30_nos.
Switch (Config-If-Vlan1)#no shut Switch (Config-If-Vlan1)#exit Switch (Config)#ftp-server enable Switch(Config)# username Switch password 0 Admin Computer side configuration: Login to the switch with any FTP client software, with the username “Admin” and password “switch”, use the command “get nos.img 12_25_nos.img” to download “nos.img” file from the switch to the computer. Scenario 3: The switch is used as TFTP server.
Switch (Config-If-Vlan1)#exit Switch (Config)#exit Switch#copy ftp: //Switch: Admin@10.1.1.1/Profile1 Profile1 Switch#copy ftp: //Switch: Admin@10.1.1.1/Profile2 Profile2 Switch#copy ftp: //Switch: Admin@10.1.1.1/Profile3 Profile3 With the above commands, the switch will have the user profile configuration file in the computer downloaded to the FLASH.
230 User logged in, proceed. 200 PORT Command successful. 150 Opening ASCII mode data connection for /bin/ls. recv total = 480 nos.img nos.rom parsecommandline.cpp position.doc qmdict.zip shell maintenance statistics.xls … (some display omitted here) show.txt snmp.TXT 226 Transfer complete. Switch (Config)# 2.5.2.4 FTP/TFTP Troubleshooting Help 2.5.2.4.1 Monitor and Debug Commands 2.5.2.4.1.
Default: No display by default. Command mode: Admin Mode Example: Switch#show tftp timeout Retry Times : 60 : 10 Displayed information Explanation Timeout Timeout time. Retry Times Retransmission times. 2.5.2.4.2 FTP Troubleshooting Help When upload/download system file with FTP protocol, the connectivity of the link must be ensured, i.e., use the “Ping” command to verify the connectivity between the FTP client and server before running the FTP program.
150 Opening ASCII mode data connection for nos.img (1526037 bytes). 226 Transfer complete. & If the switch is upgrading system file or system start up file through FTP, the switch must not be restarted until “close ftp client” or “226 Transfer complete.” is displayed, indicating upgrade is successful, otherwise the switch may be rendered unable to start. If the system file and system start up file upgrade through FTP fails, please try to upgrade again or use the BootROM mode to upgrade. 2.5.2.4.
2.6 WEB Management Click Switch Basic Configuration. Users can deploy the switch basic configuration such as enter or quit privileged mode, enter or quit interface mode, show switch clock and show switch system version etc. 2.6.1 Switch Basic Configuration Click Switch Basic Configuration, Switch Basic Configuration. Users can configure switch clock, CLI prompt message and timeout value for exiting Admin Mode etc. 2.6.1.
2.6.2SNMP Configuration Click Switch Basic Configuration, SNMP Configuration. The switch SNMP configuration is shown. Users can configure SNMP. 2.6.2.1 SNMP manager configuration Click Switch Basic Configuration, SNMP Configuration, SNMP manager configuration. Configure switch community string. See the equivalent CLI command at 2.4.4.2.2 & Community string (0-255 character) - Configure community string & Access priority - Specify access mode to MIB. There are two options: Read only and Read and write.
2.6.2.3 Configure ip address of snmp manager Click Switch Basic Configuration, SNMP Configuration. Users can configure the secure IP address for NMS allowed to access the switch. See the equivalent CLI command at 2.4.4.2.6 & Security ip address - NMS secure IP address & State - Valid means to set; Invalid means to delete For example: Set Security ip address to 41.1.1.100, set State to Valid, and then click Apply. The configuration is applied on the switch. 2.6.2.
Click Switch Basic Configuration, SNMP Configuration, RMON and TRAP configuration. Users can configure switch RMON: & Snmp Agent state - Enable/disable the switch as SNMP agent. See the equivalent CLI command at 2.4.4.2.3 & RMON state - Enable/disable RMON on the switch. See the equivalent CLI command at 2.4.4.2.1 & Trap state - Enable the switch to send Trap messages. See the equivalent CLI command at 2.4.4.2.
file in binary format For example: Get system file nos.img from TFTP server 10.1.1.1. Input the information as below, and then click Apply 2.6.3.2TFTP server configuration Click TFTP server service. The configuration page is shown. See the equivalent CLI command at 2.2.2.2 The explanation of each field is as below: Server state - Server status, enable or disable. See the equivalent CLI command at 2.5.2.2.10 TFTP Timeout - Value of TFTP timeout. See the equivalent CLI command at 2.5.2.2.
Server file name - Server file name Operation type – Upload means to upload file, Download means to download file. Transmission type-ascii means to transmit file in ASCII format, binary means to transmit file in binary format 2.6.3.4FTP server configuration Click FTP server service. The configuration page which includes server configuration and client configuration is shown. The explanation of each field for client configuration is as below: FTP server state - Server state, enabled or disabled.
Debug command - Debug command Show clock - Show clock. See the equivalent CLI command at 2.2.4.1 Show flash - Show flash file information. See the equivalent CLI command at 2.2.4.3 Show history - Show recent user input history. See the equivalent CLI command at 2.2.4.4 Show running-config - Show the current effective switch configuration. See the equivalent CLI command at 2.2.4.6 Show switchport interface - Show port vlan attribute. See the equivalent CLI command at 2.2.4.
Click show switchport interface. The configuration page is shown. See the equivalent CLI command at 2.2.4.8 The explanation of each field is as below: Port - Port list Select port1/1, and then click Apply. The port Vlan information is shown. 2.6.4.3Other Other parts are quite straight forward. Click the node. The relevant information is shown. There is no need to input or to select. For example: Show clock: Show flash file: 2.6.
Prompt - Command line prompt messages 2.6.6Switch on-off configuration Click Switch on-off information node. The configuration page is shown. The explanation of each field is as below: RIP Status - Enable or disable RIP. See the equivalent CLI command at 15.3.2.2.17 IGMP Snooping – Enable or disable IGMP Snooping. See the equivalent CLI command at 7.2.2.1 Switch GVRP Status – Enable or disable GVRP. See the equivalent CLI command at 5.3.2.5 Check the items, and click Apply.
2.6.8Telnet service configuration On the mainpage, click Talent server configuration on the left column Users can configure telnet service. Click Telnet server user configuration to configure telnet service. See the equivalent CLI command at 2.2.2.3.3: Telnet server State – Enable or disable telnet server. See the equivalent CLI command at 2.2.2.3.3 Click Telnet security IP to configure secure IP address which can configure telnet service. See the equivalent CLI command at 2.2.2.3.
2.6.10 & Basic host configuration Basic host configuration - Set the mapping relationship between the host and IP address. See the equivalent CLI command at 2.1.8 Set Hostname to London, set IP address to 200.121.1.1,and then click Apply. The configuration is applied on the switch.
Chapter 3 Port Configuration 3.1 Introduction to Port The front panel of ES4626 provide 4 Combo ports (these Combo ports can be configured as either 1000MB copper ports or 1000MB SFP fiber ports, but only one type can be selected), 20 1000MB copper ports and 2 XFP 10GB fiber port. If the user need to configure some network ports, he/she can use the “interface ethernet ” command to enter the appropriate Ethernet port configuration mode, where stands for one or more ports.
Command Explanation Interface Mode Enter the network port configuration mode. interface ethernet 2. Configure the properties for the Ethernet ports Command Explanation Interface Mode combo-forced-mode { copper-forced Set the combo port mode (combo ports | copper-preferred-auto | sfp-forced | only); sfp-preferred-auto } command restores the default combo no combo-forced-mode mode for combo ports, i.e. fiber ports first.
3.2.1.2 Ethernet Port Configuration Commands 3.2.1.2.1 Rate-limit Command: rate-limit {input|output} no rate-limit {input|output} Function: Enable the bandwidth control function for the port: the “no bandwidth control” command disables the bandwidth control function for the port.
Command mode: Interface Mode Default: The default setting for combo mode of combo ports is fiber cable port first. Usage Guide: The combo mode of combo ports and the port connection condition determines the active port of the combo ports. A combo port consists of one fiber port and a copper cable port. It should be noted that the speed-duplex command applies to the copper cable port while the negotiation command applies to the fiber cable port, so they will not conflict.
3.2.1.2.3 flow control Command: flow control no flow control Function: Enable the flow control function for the port: the “no flow control” command disables the flow control function for the port. Command mode: Interface Mode Default: Port flow control is disabled by default. Usage Guide: After the flow control function is enabled, the port will notify the sending device to slow down the sending speed to prevent packet loss when traffic received exceeds the capacity of port cache.
Command: loopback no loopback Function: Enable the loopback test function in Ethernet port; the “no loopback” command disables the loopback test on Ethernet port. Command mode: Interface Mode Default: Loopback test is disabled in Ethernet port by default. Usage Guide: Loopback test can be used to verify the Ethernet ports are working normally. After loopback enabled, the port will assume a connection established to itself, and all traffic send from the port will receive in this very port.
Parameter: is a string, up to 32 characters are allowed. Command mode: Interface Mode Default: No name is set by default. Usage Guide: This command facilitates the management of the switch. The user can name the ports according to their usage, for example, 1/1-2 ports used by the financial department, and they can be named "financial”; 2/9 port is used by the engineering department, and can be named “engineering”; 3/12 port connects to the server, and can be named “Servers”.
to pass through the switch at line speed. Parameter: use dlf to limit unicast traffic for unknown destination; multicast to limit multicast traffic; broadcast to limit broadcast traffic. stands for the number of packets allowed to pass through per second for non-10Gb ports; for 10 Gb ports, this is the number of packets allowed to pass through multiplies 1,040. The valid range for both ports is 1 to 262,143.
Command: speed-duplex {auto | force10-half | force10-full | force100-half | force100-full | { {force1g-half | force1g-full} [nonegotiate [master | slave]] } } no speed-duplex Function: Set the speed and duplex mode for 1000Base-TX or 100Base-TX ports; the “no speed-duplex” command restores the default speed and duplex mode setting, i.e. auto speed negotiation and duplex.
1. Enter VLAN Mode 2. Configure the IP address for VLAN interface and enables VLAN interface. 1. Enter VLAN Mode Command Explanation Global Mode ip address { [secondary] | bootp | dhcp} Enter VLAN Interface Mode; the “no interface vlan ” command deletes specified VLAN interface or no ip address [ ] startup client protocol for bootp/dhcp 2. Configure the IP address for VLAN interface and enables VLAN interface.
Switch(Config-If-Vlan1)# 3.2.2.2.2 ip address Command: ip address{ [secondary] | bootp | dhcp} no ip address [ ] [secondary] Function: Set the IP address and mask for the switch; the “no ip address [ ]” command deletes the specified IP address setting. Parameter: is the IP address in dot decimal format; is the subnet mask in dot decimal format; [secondary] indicates the IP configured is a secondary IP address.
3.2.3 Port Mirroring Configuration 3.2.3.1 Introduction to Port Mirroring Port mirroring refers to duplicate the data frames sent/received on a port to another port, where the duplicated port is referred to as mirror source port, and the duplicating port is referred to as mirror destination port. A protocol analyzer (such as Sniffer) or RMON monitoring instrument is often attached to the mirror destination port to monitor and manage the network and diagnostic.
3.2.3.3 Port Mirroring Configuration 3.2.3.3.1 port monitor Command: port monitor [rx| tx| both] no port monitor Parameter: is the list of the monitored source interfaces; rx is the inbound traffic of the monitored source interface; tx is the outbound traffic of the monitored source interface; both is the inbound and outbound traffic of the monitored source interface. Command mode: Interface Mode Default: There is no monitored interface by default.
Switch#show port monitor 3.2.3.5.2 Device Mirroring Troubleshooting Help If problems occur configuring port mirroring, please check the following first for causes: & Whether the mirror destination port is a member of a trunk group or not, if yes, modify the trunk group.
SW3: Switch3(Config)#interface ethernet 1/10 Switch3(Config-Ethernet1/10)# speed-duplex force100-full Switch3(Config-Ethernet1/10)#duplex full 3.4 Port Troubleshooting Help 3.4.1 Monitor and Debug Commands 3.4.1.1 clear counters Command: clear counters [{ethernet | vlan | port-channel | }] Function: Clear the statistics of the specified port.
duplex mode, traffic control on/off, broadcast storm control and statistics for packets sent/received. Usage Guide: If no port is specified, then information for all ports will be displayed. Example: Display information about port 4/1. Switch#show interfaces status ethernet 4/1 3.4.
cable is support; normal means that only the straight cable is support. See the equivalent CLI command at 3.2.1.2.6 & Admin Status – Enable or disable port. See the equivalent CLI command at 3.2.1.2.9 & speed/duplex status – Set port duplex. The supported types include: auto, 10M/Half, 10M/Full, 100M/Half, 100M/Full, 1000M/Half and 1000M/Full. See the equivalent CLI command at 3.2.1.2.2 and 3.2.1.2.10 & port flow control status – Configure port flow control. See the equivalent CLI command at 3.2.
Click Port configuration, Ethernet port configuration, Bandwidth control. Users can configure port bandwidth control. See the equivalent CLI command at 3.2.1.2.1 & Port – Specify the port & Bandwidth control level – Port bandwidth control; valid ranges is 1 to 10000 in Mbps.
Click Port configuration, Vlan interface configuration. The VLAN port configuration page is shown. Users can configure port Layer 3 information such as IP address and network mask etc. 3.5.2.1 Allocate IP address for L3 port Click Port configuration, Vlan interface configuration, Allocate IP address for L3 port. Users can configure port Layer 3 IP address. See the equivalent CLI command at 3.2.2.2.
3.5.3 Port mirroring configuration Click Port configuration, Port mirroring configuration. Users can configure port mirroring. 3.5.3.1 Mirror configuration Click Port configuration, Port mirroring configuration, Mirror configuration. Users can configure port mirroring for source interface and destination interface. Source Interface configuration. See the equivalent CLI command at 3.2.3.3.
3.5.4.1Show port information Click Port configuration, Port debug and maintenance, Show port information. The port statistics information is shown. See the equivalent CLI command at 3.4.1.2 For example: Select to display Ethernet1/1, and then click Refresh. The statistics information of port Ethernet 1/1 is shown.
Chapter 4 MAC Table Configuration 4.1 Introduction to MAC Table MAC table is a table identifies the mapping relationship between destination MAC addresses and switch ports. MAC addresses can be categorized as static MAC addresses and dynamic MAC addresses.
1/5 1/12 PC1 PC2 PC3 PC4 MAC:00-01-11-11-11-11 MAC:00-01-22-22-22-22 MAC:00-01-33-33-33-33 MAC:00-01-44-44-44-44 Fig 4-1 MAC Table dynamic learning The topology of the figure above: 4 PCs connected to ES4626/ES4650, where PC1 and PC2 belongs to a same physical segment (same collision domain), the physical segment connects to port 1/5 of ES4626/ES4650; PC3 and PC4 belongs to the same physical segment that connects to port 1/12 of ES4626/ES4650.
for MAC address entry in ES4626/ES4650. Aging time can be modified in ES4626/ES4650. 4.1.2 Forward or Filter The switch will forward or filter received data frames according to the MAC table. Take the above figure as an example, assuming ES4626/ES4650 has learnt the MAC address of PC1 and PC3, and the user manually configured the mapping relationship for PC2 and PC4 to ports.
ports; when the destination MAC address in a unicast frame is not found in the MAC table, the switch will broadcast the unicast frame. When VLANs are configured, the switch will forward unicast frame within the same VLAN. If the destination MAC address is found in the MAC table but belonging to different VLANs, the switch can only broadcast the unicast frame in the VLAN it belongs to. 4.2 MAC Table Configuration 4.2.
Function: Add or modify static address entry , the “no mac-address-table” command delete static address entries and dynamic address entries. Parameter: static stands for static address entry; dynamic for dynamic address entry; for MAC address to add or delete; for port name to forward the MAC frame; for VLAN number.
4.3 Typical Configuration Examples 1/5 1/7 1/9 1/11 PC1 PC2 PC3 PC4 MAC:00-01-11-11-11-11 MAC:00-01-22-22-22-22 MAC:00-01-33-33-33-33 MAC:00-01-44-44-44-44 Fig 4-2 MAC Table typical configuration example Scenario: Four PCs as shown in the above figure connect to port 1/5, 1/7, 1/9, 1/11 of switch, all the four PCs belong to the default VLAN1. As required by the network environment, dynamic learning is enabled.
Command: show mac-address-table [static|aging-time|discard] [address ] Function: Show the current MAC table Parameter: static static entry; aging-time address aging time; discardiia filter entry; entry’s MAC address; entry’s VLAN number; entry’s interface name Command mode: Admin mode Default: MAC address table is not displayed by default. Usage guide: This command can display various sorts of MAC address entries.
the MAC address again to forward data in the new port. However, in some cases, security or management policy may require MAC addresses to be bound with the ports, only data stream from the binding MAC are allowed to be forwarded in the ports. That is to say, after a MAC address is bound to a port, only the data stream destined for that MAC address can flow in from the binding port, data stream destined for the other MAC addresses that not bound to the port will not be allowed to pass through the port. 4.5.
switchport port-security timeout Enable port locking timer function; the “no switchport port-security timeout” no switchport port-security timeout restores the default setting. switchport port-security mac-address Add static secure MAC address; “no no switchport port-security switchport the port-security mac-address” command deletes static secure MAC address.
enabled, the Spanning Tree and Port Aggregation functions must be disabled, and the port enabling MAC address binding must not be a Trunk port. Example: Enable MAC address binding function for port 1and and lock the port. When a port is locked, the MAC address learning function for the port will be disabled. Switch(Config)#interface Ethernet 1/1 Switch(Config-Ethernet1/1)#port security 4.5.1.2.2.
Switch(Config-Ethernet1/1)# switchport port-security timeout 30 4.5.1.2.2.4 switchport port-security mac-address Command: switchport port-security mac-address no switchport port-security mac-address Function: Add static secure MAC address; the “no switchport port-security mac-address” command deletes static secure MAC address. Command mode: Interface Mode Parameter: stands for the MAC address to be added/deleted.
Parameter: < value> is the up limit for static secure MAC address, the valid range is 1 to 128. Default: The default maximum port secure MAC address number is 1. Usage Guide: The MAC address binding function must be enabled before maximum secure MAC address number can be set.
4.5.1.3.1.1 show port-security Command: show port-security Function: display the global configuration of secure ports. Command mode: Admin Mode Default: Configuration of secure ports is not displayed by default. Usage Guide: This command displays the information for ports that are currently configured as secure ports.
Usage Guide: This command displays the detailed configuration information for the secure port.
-------------------------------------------------------------------------------------------------Vlan 1 Mac Address Type Ports 0000.0000.
4.6.1.1 Unicast address configuration Click MAC address table configuration, MAC address table configuration, Unicast address configuration. Users can add and delete MAC address. See the equivalent CLI command at 4.2.
For example: Select VID 1; select interface Ethernet1/1; select Port status to Static, and then click Apply. All the static MAC addresses on the interface Ethernet 1/1 are deleted. 4.6.1.3 Static MAC query Click MAC address table configuration, MAC address table configuration, Static MAC query. Users can query MAC address. See the equivalent CLI command at 4.4.1.1: & Query by VID – Specify VID to search static MAC address. Check “Search” box to search MAC address according to VID.
mac-address-table. The current MAC address information is shown. See the equivalent CLI command at 4.4.1.1: 4.6.2 MAC address table configuration Click MAC address table configuration, MAC address binding configuration. Users can configure secure port features. 4.6.2.1 Enbale port Mac-binding Click MAC address table configuration, MAC address binding configuration, Enbale port Mac-binding. Users can configure secure port features. 4.6.2.1.
Lock port. User can lock the secure port. See the equivalent CLI command at 4.5.1.2.2.3 & Port – Specify port For example: Select port Ethernet1/1, and then click Apply. The port Ethernet1/1 is locked. Click Remove to disable port MAC address binding. 4.6.2.2.2 Dynamic MAC converting Click MAC address table configuration, MAC address binding configuration, Lock port, Dynamic MAC converting. Users can convert the MAC address which is learned dynamically to secure static IP address.
CLI command at 4.5.1.2.2.5: & Port – Specify the port & Port security MAC –Port security MAC address & Operation type – add static security address; Remove static security address For example: Select port Ethernet1/1; set MAC address to 00-11-11-11-11-11; Select add static security address, and then click Apply. The configuration is applied on the switch. 4.6.2.2.5 Clearing port MAC Click MAC address table configuration, MAC address binding configuration, Lock port, Clearing port MAC.
4.5.1.2.2.7 & Port – Specify the port & Max security MAC number (1-128) – Maximum MAC number For example: Select port Ethernet1/1; set Max security MAC number to 30, and then click Apply. The configuration is applied on the switch. Click Remove to restore the default setting. 4.6.2.3.2 Port violation mode Click MAC address table configuration, MAC address binding configuration, MAC binding attribution configuration, Port violation mode. Users can configure port violation mode.
& & specified port. See the equivalent CLI command at 4.5.1.3.1.3 Show all port-security – Show secure port configuration. See the equivalent CLI command at 8.5.1.3.1.1 Show all port-security address – Show secure port MAC address. See the equivalent CLI command at 4.5.1.3.1.3 Click Show Port Configuration. The security configuration is shown.
Chapter 5 VLAN Configuration 5.1 Introduction to VLAN VLAN (Virtual Local Area Network) is a technology that divides the logical addresses of devices within the network to separate network segments basing on functions, applications or management requirements. This way, virtual workgroups can be formed regardless of the physical location of the devices. IEEE announced IEEE 802.
z Enhancing network security VLAN and GVRP (GARP VLAN Registration Protocol) defined by 802.1Q are implemented in ES4626/ES4650. The chapter will describe the use and configuration of VLAN and GVRP in details. 5.2 VLAN Configuration 5.2.1 VLAN Configuration Task Sequence 1. Creating or deleting VLAN 2. Specifying or deleting VLAN name 3. Assigning Switch ports for VLAN 4. Set the port type for the switch 5. Set Trunk port 6. Set Access port 7.
4. Set Trunk port Command Explanation Interface Mode Set/delete VLAN allowed to be Switchport allowedvlan crossed by Trunk. The “no”. {add| remove } command restores the default no switchport allowed vlan setting. switchport native vlan Set/delete PVID for Trunk port. no switchport native vlan 5. Set Access port Command Explanation Interface Mode Add the current port to specified switchport VLAN the specified VLANs. allowed add vlan “no”.
5.2.2VLAN Configuration Commands 5.2.2.1 vlan Command: vlan [name ] no vlan [name] Function: Create a VLAN and enter VLAN configuration mode, and can set VLAN name. In VLAN Mode, the user can assign the switch port to the VLAN. The “no vlan ” command deletes specified VLANs. Parameter: is the VLAN ID to be created/deleted, valid range is 1 to 4094.
Switch(Config-ethernet1/8)#switchport mode access Switch(Config-ethernet1/8)#switchport access vlan 100 Switch(Config-ethernet1/8)#exit 5.2.2.3 switchport interface Command: switchport interface no switchport interface Function: Specify Ethernet port to VLAN; the “no switchport interface ” command deletes one or one set of ports from the specified VLAN.
Switch(Config-ethernet1/8)#switchport mode access Switch(Config-ethernet1/8)#exit 5.2.2.5 switchport trunk allowed vlan Command: switchport trunk allowed vlan {|all} no switchport trunk allowed vlan Function: Set trunk port to allow VLAN traffic; the “no switchport trunk allowed vlan” command restores the default setting. Parameter: is the list of VLANs allowed to pass through in the specified Trunk port; keyword “all” indicate allow all VLAN traffic on the Trunk port.
Switch(Config-ethernet1/5)#exit 5.2.2.7 switchport ingress-filtering Command: switchport ingress-filtering no switchport ingress-filtering Function: Enable the VLAN ingress rule for a port; the “no vlan ingress disable” command disable the ingress rule. Command mode: Interface Mode Default: VLAN ingress rules are enabled by default.
Example: Set VLAN100, VLAN200 and VLAN300 to Private VLAN. Set VLAN100 to Primary VLAN; set VLAN200 to Isolated VLAN; set VLAN300 to Community VLAN. 5.2.2.9 private-vlan association Command: private-vlan association no private-vlan association Function: Set Private VLAN association; the “no private-vlan association” command cancels Private VLAN association. Parameter: Sets Secondary VLAN list which is associated to Primary VLAN.
Fig 5-2 Typical VLAN Application Topology The existing LAN is required to be partitioned to 3 VLANs due to security and application requirements. The three VLANs are VLAN2, VLAN100 and VLAN200. Those three VLANs must cross location A and B. One switch is placed in each site, and cross-location requirement can be met if VLAN traffic can be transferred between the two switches. Configuration Configuration description Item VLAN2 Site A and site B switch port 2 – 4.
Switch(Config)#vlan 2 Switch(Config-Vlan2)#switchport interface ethernet 1/2-4 Switch(Config-Vlan2)#exit Switch(Config)#vlan 100 Switch(Config-Vlan100)#switchport interface ethernet 1/5-7 Switch(Config-Vlan100)#exit Switch(Config)#vlan 200 Switch(Config-Vlan200)#switchport interface ethernet 1/8-10 Switch(Config-Vlan200)#exit Switch(Config)#interface ethernet 1/11 Switch(Config-Ethernet1/11)#switchport mode trunk Switch(Config-Ethernet1/11)#exit Switch(Config)# Switch B: Switch(Config)#vlan 2 Switch(Config-
and population of such register information to the other switches. Switches support GVRP can receive VLAN dynamic register information from the other switches, and update local VLAN register information according the information received. GVRP enabled switch can also populate their won VLAN register information to the other switches. The VLAN register information populated includes local static information manually configured and dynamic information learnt from the other switches.
5.3.2 GVRP Commands 5.3.2.1 garp timer join Command: garp timer join no garp timer join Function: Set the join timer for GARP; the “ no garp timer join” command restores the default timer setting. Parameter: < timer-value> is the value for join timer, the valid range is 100 to 327650 ms. Command mode: Interface Mode Default: The default value for join timer is 200 ms.
5.3.2.3 garp timer hold Command: garp timer hold no garp timer hold Function: Set the hold timer for GARP; the “ no garp timer hold” command restores the default timer setting. Parameter: < timer-value> is the value for GARP hold timer, the valid range is 100 to 327650 ms. Command mode: Interface Mode Default: The default value for hold timer is 100 ms. Usage Guide: When GARP application entities receive a join message, join message will not be sent immediately.
no bridge-ext gvrp Function: Enable the GVRP function for the switch or the current Trunk port; the “no gvrp” command disables the GVRP function globally or for the port. Command mode: Interface Mode and Global Mode. Default: GVRP is disabled by default. Usage Guide: Port GVRP can only be enabled after global GVRP is enabled. When global GVRP is disabled, port GVRP configurations also void. Note GVRP can only be enabled on Trunk ports. Example: Enable the GVRP function globally and for Trunk port 1/10.
To enable dynamic VLAN information register and update among switches, GVRP protocol is to be configured in the switch. Configure GVRP in Switch A, B and C, enable Switch B to learn VLAN100 dynamically so that the two workstation connected to VLAN100 in Switch A and C can communicate with each other through Switch B without static VLAN100 entries.
Switch(Config)# bridge-ext gvrp Switch(Config)#vlan 100 Switch(Config-Vlan100)#switchport interface ethernet 1/2-6 Switch(Config-Vlan100)#exit Switch(Config)#interface ethernet 1/11 Switch(Config-Ethernet1/11)#switchport mode trunk Switch(Config-Ethernet1/11)# bridge-ext gvrp Switch(Config-Ethernet1/11)#exit 5.4 VLAN Troubleshooting Help 5.4.1 5.4.1.
The max. vlan entrys: 4094 Universal Vlan: 1 2 Total Existing Vlans is: 2 Displayed information Explanation VLAN VLAN number Name VLAN name Type VLAN property, of statically configured or dynamically leaned. Media VLAN interface type: Ethernet Ports Access port within a VLAN Universal Vlan Universal VLAN. Dynamic Vlan Dynamic VLAN (not shown in this example) 5.4.1.2 show garp timer Command: show garp timer [] Function: Display the global and port information for GARP.
Gvrp Timers(milliseconds) LeaveAll : 5.4.1.4 10000 debug gvrp Command: debug gvrp no debug gvrp Function: Enable the GVRP debug function: the “ no debug gvrp” command disables this debug function. Command mode: Admin Mode Default: GVRP debug information is disabled by default. Usage Guide: Use this command to enable GVRP debug, GVRP packet processing information can be displayed. Example: Enable GVRP debug. Switch#debug gvrp 5.4.
Click Vlan configuration, Vlan configuration, Create/Remove VLAN. User can add or remove vlan. 5.5.1.1.1 VID allocation Click Vlan configuration, Vlan configuration, Create/Remove VLAN, VID allocation. Users can add or remove vlan. See the equivalent CLI command at 5.2.2.1: Operation type – Add new VID: Add a new vlan; Remove: Remove a vlan VID – Specify VLAN ID For example: Select Add new VID; set VID to 100, and then click Apply. The new VLAN 100 is created.
5.5.1.2 Allocate port for Vlan Click Vlan configuration, Vlan configuration, Allocate ports for VLAN. Users can configure the vlan information on the switch. 5.5.1.2.1 Allocate port for Vlan Click Vlan configuration, Vlan configuration, Allocate ports for VLAN, Allocate port for Vlan. Users can add Ethernet ports to VLAN. See the equivalent CLI command at 5.2.2.4 For example: Select VLAN ID as 1; set Port to 1/1, and then click Apply. Ethernet 1/1 is added to VLAN 1.
Port – Specify the port Type – Specify port type: access, trunk. See the equivalent CLI command at 5.2.2.5 Vlan ingress rules – Enable or disable vlan ingress rule. See the equivalent CLI command at 5.2.2.8 For example: Select port Ethernet1/1; select Type to Trunk; select Enable Vlan ingress rules, and then click Apply. The configuration is applied on the switch. The port mode information is shown in Port mode configuration window: 5.5.1.
trunk port. Users can configure vlan attributes of trunk ports: Set trunk native vlan: Set the native vlan of the port. See the equivalent CLI command at 5.2.2.7: Port – Specify the port Trunk native vlan – Specify native vlan id Operation type – Set native vlan: Add new VLAN; Remove native vlan: Leave the native vlan For example: Select port Ethernet1/8; set Trunk native vlan to 100; select Operation type to Set native vlan, and then click Set. The native vlan of Ethernet 1/8 is set to vlan 100.
for access port. Users can add Access port to the specified VLAN, or delete Access port from the specified VLAN: Port – Specify the port Vlan ID – Specify VLAN ID For example: Select port Ethernet1/1; select Vlan ID 1, and then click Apply. The port Ethernet 1/1 is added to VLAN 1. The results are shown in Information Display window: 5.5.1.6 Allocate port for Vlan Click Vlan configuration, Vlan configuration, Enable/Disable Vlan ingress rule. Users can configure VLAN ingress rules. 5.5.1.6.
5.5.2 GVRP configuration Click Vlan configuration, GVRP configuration. Users can configure GVRP. 5.5.2.1 Enable global GVRP Click Vlan configuration, GVRP configuration, Enable global GVRP. Users can enable or disable GVRP globally. See the equivalent CLI command at 5.3.2.5. For example: Select Enable GVRP, and then click Apply. The GVRP is enabled globally on the switch. 5.5.2.2 Enable port GVRP Click Vlan configuration, GVRP configuration, Enable port GVRP. Users can enable or disable GVRP on the port.
applied on the switch. 5.5.3 VLAN debug and maintenance Click Vlan configuration, Vlan debug and maintenance. Users can view Vlan information on the switch. 5.5.3.1 show Vlan Click Vlan configuration, VLan debug and maintenance, show Vlan. The Vlan information is shown on Information display window. See the equivalent CLI command at 5.4.1.1 5.5.3.2 show garp Click Vlan configuration, VLan debug and maintenance, show garp. The GARP information is shown on Information display window.
5.5.3.3show gvrp Click Vlan configuration, VLan debug and maintenance, show gvrp. The GVRP information is shown on Information display window. See the equivalent CLI command at 5.4.1.
Chapter 6 MSTP Configuration 6.1 MSTP Introduction The MSTP (Multiple STP) is a new spanning-tree protocol which is based on the STP and the RSTP. It runs on all the bridges of a bridged-LAN. It calculates a common and internal spanning tree (CIST) for the bridge-LAN which consists of the bridges running the MSTP, the RSTP and the STP. It also calculates the independent multiple spanning-tree instances (MSTI) for each MST domain (MSTP domain).
Figure 6-1 Example of CIST and MST Region In the above network, if the bridges are running the STP other the RSTP, one port between Bridge M and Bridge B should be blocked. But if the bridges in the yellow range run the MSTP and are configured in the same MST region, MSTP will treat this region as a bridge. Therefore, one port between Bridge B and Root is blocked and one port on Bridge D is blocked. 6.1.1.1 Operations Within An MSTP Region The IST connects all the MSTP bridges in a region.
region to become the CST. The MSTI is only valid within its MST region. An MSTI has nothing to do with MSTIs in other MST regions. The bridges in a MST region receive the MST BPDU of other regions through Boundary Ports. They only process CIST related information and abandon MSTI information. 6.1.2 Port Roles The MSTP bridge assigns a port role to each port which runs MSTP.
spanning-tree Enable/Disable MSTP no spanning-tree Global Mode spanning-tree mode {mstp|stp} no spanning-tree mode Set MSTP running mode Interface Mode Force port migration to run under MSTP spanning-tree mcheck 2.
Command Explanation Global Mode Enter MSTP region mode. The “ no spanning-tree mst configuration spanning-tree mst configuration” no spanning-tree mst configuration command restores the default setting.
Command Explanation Interface Mode spanning-tree link-type p2p Set the port link type {auto|force-true|force-false} no spanning-tree link-type spanning-tree portfast Set the port to be an boundary port no spanning-tree portfast 6.2.2 MSTP Configuration Command 6.2.2.1 abort Command: abort Function: Abort the current MSTP region configuration, quit MSTP region mode and return to global mode.
no instance [vlan ] Function: In MSTP region mode, create the instance and set the mappings between VLANs and instances; The command “no instance [vlan ]” removes the specified instance and the specified mappings between the VLANs and instances. Parameter: Normally, sets the instance number. The valid range is from 0 to 48.; In the command “no instance [vlan ]”, sets the instance number.
Command: revision-level no revision-level Function: In MSTP region mode, this command is to set revision level for MSTP configuration; The command “no revision-level” restores the default setting to 0. Parameter: is revision level. The valid range is from 0 to 65535. Command mode: MSTP Region Mode Default: The default revision level is 0. Usage Guide: This command is to set revision level for MSTP configuration.
blocking to forwarding. This delay is called the forward delay. The forward delay is co working with hello time and max age. The parameters should meet the following conditions. Otherwise, the MSTP may work incorrectly. 2 * (Bridge_Forward_Delay - 1.0 seconds) >= Bridge_Max_Age Bridge_Max_Age >= 2 * (Bridge_Hello_Time + 1.0 seconds) Example: In global mode, set MSTP forward delay time to 20 seconds. Switch(Config)#spanning-tree forward-time 20 6.2.2.
Switch(Config-Port-Range)#spanning-tree link-type p2p force-true 6.2.2.10 spanning-tree maxage Command: spanning-tree maxage
Function: Force the port to run in the MSTP mode. Command mode: Interface Mode Default: The port is in the MSTP mode by default. Usage Guide: If a network which is attached to the current port is running IEEE 802.1D STP, the port converts itself to run in STP mode. The command is used to force the port to run in the MSTP mode. But once the port receives STP messages, it changes to work in the STP mode again. This command can only be used when the switch is running in IEEE802.1s MSTP mode.
Name MAC address of the bridge Revision 0 Usage Guide: Whether the switch is in the MSTP region mode or not, users can enter the MSTP mode, configure the attributes, and save the configuration. When the switch is running in the MSTP mode, the system will generate the MST configuration identifier according to the MSTP configuration. Only if the switches with the same MST configuration identifier are considered as in the same MSTP region. Example: Enter MSTP region mode.
6.2.2.16 spanning-tree mst port-priority Command: spanning-tree mst port-priority no spanning-tree mst port-priority Function: Set the current port priority for the specified instance; The command “no spanning-tree mst port-priority” restores the default setting. Parameter: sets the instance ID. The valid range is from 0 to 48; sets port priority. The valid range is from 0 to 240.
Function: Set the current port as boundary port; The command “no spanning-tree portfast” sets the current port as non-boundary port. Command mode: Interface Mode Default: All the ports are non-boundary ports by default when enabling MSTP. Usage Guide: When a port is set to be a boundary port, the port converts its status from discarding to forwarding without bearing forward delay. Once the boundary port receives the BPDU, the port becomes a non-boundary port. Example: Set port 1/5-6 as boundary ports.
Address Route Cost Port Priority Bridge Priority 32768 32768 32768 32768 Port 1 128 128 128 Port 2 128 128 128 Port 3 128 128 Port 4 128 128 Port 5 128 128 Port 6 128 128 Port 7 128 128 Port 1 200000 200000 200000 Port 2 200000 200000 200000 Port 3 200000 200000 Port 4 200000 200000 Port 5 200000 200000 Port 6 200000 200000 Port 7 200000 200000 By default, the MSTP establishes a tree topology (in blue lines) rooted with SW1.
SW2(Config)#vlan 30 SW2(Config-Vlan30)#exit SW2(Config)#vlan 40 SW2(Config-Vlan40)#exit SW2(Config)#vlan 50 SW2(Config-Vlan50)#exit SW2(Config)#spanning-tree mst configuration SW2(Config-Mstp-Region)#name mstp SW2(Config-Mstp-Region)#instance 3 vlan 20;30 SW2(Config-Mstp-Region)#instance 4 vlan 40;50 SW2(Config-Mstp-Region)#exit SW2(Config)#interface e1/1-7 SW2(Config-Port-Range)#switchport mode trunk SW2(Config-Port-Range)#exit SW2(Config)#spanning-tree SW3: SW3(Config)#vlan 20 SW3(Config-Vlan20)#exit SW3(
SW4(Config-Vlan20)#exit SW4(Config)#vlan 30 SW4(Config-Vlan30)#exit SW4(Config)#vlan 40 SW4(Config-Vlan40)#exit SW4(Config)#vlan 50 SW4(Config-Vlan50)#exit SW4(Config)#spanning-tree mst configuration SW4(Config-Mstp-Region)#name mstp SW4(Config-Mstp-Region)#instance 3 vlan 20;30 SW4(Config-Mstp-Region)#instance 4 vlan 40;50 SW4(Config-Mstp-Region)#exit SW4(Config)#interface e1/1-7 SW4(Config-Port-Range)#switchport mode trunk SW4(Config-Port-Range)#exit SW4(Config)#spanning-tree SW4(Config)#spanning-tree mst
SW1 1 1 5 SW2 2 2 2 3 3x 1x 6 4 6x 4 5x 7 SW3 7x SW4 Figure 6-3 SW2 5 The Topology Of the Instance 0 after the MSTP Calculation 2 2 3x 3 6 4 6 4x 5x 7 SW3 7x SW4 Figure 6-4 The Topology Of the Instance 3 after the MSTP Calculation 188
5x SW2 2 2x 3 3x 6 4 6 4 7x SW3 7 5 SW4 Figure 6-5 The Topology Of the Instance 4 after the MSTP Calculation MSTP Troubleshooting 6.4 MSTP Troubleshooting 6.4.1Monitoring And Debugging Command 6.4.1.1 show spanning-tree Command: show spanning-tree [mst []] [interface ] [detail] Function: Display the MSTP Information. Parameter: sets the instance ID.
Force Version: 3 ########################### Instance 0 ########################### Self Bridge Id : 32768 - Root Id 00: 03: 0f: 01: 0e: 30 : 16384.00: 03: 0f: 01: 0f: 52 Ext.RootPathCost : 200000 Region Root Id : this switch Int.RootPathCost : 0 Root Port ID : 128.1 Current port list in Instance 0: Ethernet1/1 Ethernet1/2 (Total 2) PortName ID ExtRPC IntRPC State Role DsgBridge DsgPort -------------- ------- --------- --------- --- ---- ------------------ ------Ethernet1/1 128.
PortName ID IntRPC State Role DsgBridge DsgPort -------------- ------- --------- --- ---- ------------------ ------Ethernet1/1 128.001 0 FWD MSTR 32768.00030f010e30 128.001 Ethernet1/2 128.002 0 BLK ALTR 32768.00030f010e30 128.
Function: Display the configuration of the MSTP in the privileged mode. Command mode: Privileged Mode Usage Guide: In the privileged mode, this command can show the parameters of the MSTP configuration such as MSTP name, revision, VLAN and instance mapping. Example: Display the configuration of the MSTP on the switch.
Switch(Config-Mstp-Region)# 6.4.1.4debug spanning-tree Command: debug spanning-tree no debug spanning-tree Function: Enable the MSTP debugging information; The command “no debug spanning-tree” disables the MSTP debugging information Command mode: Privileged Mode Usage Guide: This command is the general switch for all the MSTP debugging. Users should enable the detailed debugging information, then they can use this command to display the relevant debugging information.
Chapter 7 IGMP Snooping Configuration 7.1 Introduction to IGMP Snooping IGMP (Internet Group Management Protocol) is a protocol used in IP multicast. IGMP is used by multicast enabled network devices (such as routers) for host membership query, and by hosts that are joining a multicast group to inform the router to accept packets of a certain multicast address. All those operations are done through IGMP message exchange. The router will use a multicast address (224.0.0.
2.
query max-response-time 7.2.2 IGMP Snooping Configuration Command 7.2.2.1 ip igmp snooping Command: ip igmp snooping no ip igmp snooping Function: Enable the IGMP Snooping function in the switch: the “no ip igmp snooping” command disables the IGMP Snooping function. Command mode: Global Mode Default: IGMP Snooping is disabled by default. Usage Guide: Enabling IGMP Snooping to allow the switch to monitor multicast traffic in the network and decide which ports can receive multicast traffic.
Function: Specify static multicast router port in the VLAN; the “no ip igmp snooping vlan mrouter” command deletes multicast router port. Parameter: is the specified VLAN number; is the specified multicast router port number. Command mode: Global Mode Default: No M-Router port is set in the default VLAN.
snooping vlan immediate-leave” command disables the IGMP fast leave function. Parameter: is the VLAN number specified. Command mode: Global Mode Default: This function is disabled by default. Usage Guide: Enabling IGMP fast leave function speeds up the process for port to leave multicast group. This command is valid only in Snooping, and is not applicable to Query. Example: Enable the IGMP fast leave function for VLAN 100. Switch(Config)#ip igmp snooping vlan 100 immediate-leave 7.2.2.
Usage Guide: Larger robustness; parameter means worse network conditions; smaller robustness; parameter means better network conditions. The user can set the robustness parameter according to their network conditions. Example: Set the robustness parameter for the IGMP Query of VLAN 100 to 3. Switch(Config)#ip igmp snooping vlan 100 query robustness 3 7.2.2.
Fig 7-1 Enabling IGMP Snooping function As shown in the above figure, a VLAN 100 is configured in the switch, including port 1, 2, 6, 10 and 12 on slot 1. Four hosts are connected to port 2, 6, 10, 12 respectively and the multicast router is connected to port 1.
traffic of program 2 and port 12 will not receive traffic of program 1. Scenario2IGMPQuery Fig 7-2 The switches as IGMP Queriers The configuration of Switch2 is the same as the switch in scenario 1, Switch1 takes the place of Multicast Router in scenario 1. Let’s assume VLAN 60 is configured in Switch1, including port 1, 2, 6, 10 and 12. Port 1 connects to the multicast server, and port 2 connects to Switch2. In order to send Query at regular interval, IGMP query must enable in Global mode and in VLAN60.
Multicast Configuration The same as scenario 1. IGMP Snooping listening result: Similar to scenario 1. 7.4 IGMP Snooping Troubleshooting Help 7.4.1 Monitor and Debug Commands 7.4.1.1 show ip igmp snooping Command: show ip igmp snooping [vlan ] Parameter: is id of VLAN to display the IGMP Snooping information. Command mode: Admin Mode Usage Guide: If VLAN id is not specified, then summary information for IGMP Snooping and Query in all VLAN will be displayed.
igmp snooping vlan status : Disabled igmp snooping vlan query : Disabled igmp snooping vlan mrouter port : (null) -------------------------------IGMP information for VLAN 4: igmp snooping vlan status : Disabled igmp snooping vlan query : Disabled igmp snooping vlan mrouter port : (null) -------------------------------IGMP information for VLAN 511: igmp snooping vlan status : Disabled igmp snooping vlan query : Disabled igmp snooping vlan mrouter port : (null) -------------------------------IGMP
igmp snooping status : Enabled igmp snooping vlan status : Enabled igmp snooping vlan mrouter port : Ethernet1/4 igmp snooping vlan mrouter state : UP igmp snooping vlan mrouter present : Yes igmp snooping vlan immediate leave : No igmp snooping vlan query : Disabled igmp snooping vlan robustness :2 igmp snooping vlan query interval : 125 igmp snooping vlan query max response time : 10 igmp snooping vlan query TX :0 igmp snooping vlan query SX :2 igmp snooping multicast information:
port igmp snooping vlan mrouter All M-Router port (if any) status of all VLANs in the switch, state this will not be displayed if no M-Router port is specified. igmp snooping vlan mrouter Whether query packets present in the M-Router present igmp snooping vlan query TX Query packet number sent by the VLAN igmp snooping vlan query SX Query packet number received by the VLAN igmp snooping multicast mac Multicast addresses learnt by the IGMP Snooping forward table.
processing information can be displayed. Example: Enable IGMP Snooping debug. Switch#debug ip igmp snooping 7.4.2 IGMP Snooping Troubleshooting Help & IGMP Snooping function cannot be used with IGMP Query, Snooping is not available when Query is enabled. The user must make sure whether IGMP Snooping or IGMP Query is to be enabled. & When IGMP Snooping is used, M-Router port must be specified in the corresponding VLAN, or the switch cannot perform IGMP Snooping properly. 7.
The explanation of each field is as below: VLAN ID – Configure query vlan ID Query State – query state: open or close. See the equivalent CLI command at 7.2.2.6 Robustness – Robustness. See the equivalent CLI command at 7.2.2.7 Query Interval – Query interval. See the equivalent CLI command at 7.2.2.8 Max Response – Maximum response time. See the equivalent CLI command at 7.2.2.9 For example: Select Vlan in the VLAN ID dropdown menu; select Query State as Open; set other attributes, and then click Apply.
7.5.3 IGMP Snooping static multicast configuration Click IGMP Snooping static multicast configuration. Users can configure IGMP Snooping static multicast. 7.5.3.1 IGMP Snooping static multicast configuration The explanation of each field is as below: VLAN ID – Configure Vlan ID Multicast group member port – Configure multicast group member port Multicast address – Configure multicast address Operation type – Add: Add static multicast member port; Remove: Remove static multicast member port.
Chapter 8 802.1X CONFIGURATION 8.1 802.1X Introduction IEEE 802.1X is a kind of port-based network access control technology. The access equipment is authenticated and controlled at the physical access level of LAN equipment. The physical access level used here means the ports of switch equipment.
EAPOL protocol defined in 802.1x is adopted between user access equipment (PC) and access control unit (access switch); EAP protocol is also adopted between access control unit and authentication server. Authentication data is sealed in EAP messages, which are included in other high-layer protocol messages, such as RADIUS, so as to reach authentication server through complex network.
1) Configure port authorization status 2) Configure port access control method: base on MAC address or base on port 3) Configure switch 802.1x extend function 3. The configuration of something about user access equipment(not required) 4. The configuration of something about RADIUS server 1) Configure RADIUS authentication key 2) Configure RADIUS server 3) Configure RADIUS service parameter 1.Enable switch 802.
Command Explanation port configuration mode dot1x port-control {auto|force-authorized|force-una uthorized } no dot1x port-control Configure port 802.1x authorize status; use the “no” command to restore default configuration. port configuration mode dot1x port-control {auto|force-authorized|force-una uthorized } no dot1x port-control 2) Configure port 802.1x authorize status; use the “no” command to restore default configuration.
Command Explanation Global configuration mode dot1x macfilter enable no dot1x macfilter enable dot1x function; use the “no” command to disable 802.1x address filter function . accept-mac [interface ] no Enable switch 802.1x address filter dot1x accept-mac [interface Add 802.1x address filter table item; use the “no” command to remove 802.1x address filter table item.
dot1x timeout tx-period no dot1x timeout tx-period Configure the timeout interval of switch resending EAP-request/identity frame to suppliant; use the “no” command to restore default. privileged configuration mode dot1x re-authenticate [interface ] Configure the 802.1x re-authentication to all port or some specific port (not need to wait timeout). 4.
radius-server retransmit Configure RADIUS retransmit times; use no radius-server retransmit default configuration. radius-server Configure RADIUS server timeout timer; timeout the “no” command to restore use the “no” command to restore no radius-server timeout default configuration. 8.2.2 802.1X Configuration Command 8.2.2.
while the user is offline, an “offline” message will not inform Radius authentication server. Example: Enable the switch AAA accounting function. Switch(Config)#aaa-accounting enable 8.2.2.3 dot1x accept-mac Command: dot1x accept-mac [interface ] no dot1x accept-mac [interface ] Function: adds one MAC address list to dot1x address filter table.
8.2.2.5 dot1x enable Command: dot1x enable no dot1x enable Function: Enable switch global and port 802.1x function; use the “no” command to disable 802.1x function . Command mode: global configuration mode and port configuration mode Default: switch without enable 802.1x function in global mode; if switch enables 802.1x function in global, then the port default without enable 802.1x function. Instructions: If you want to make 802.1x authentication for a port, enable 802.
Command: dot1x macfilter enable no dot1x macfilter enable Function: Enable switch dot1x address filter function; use the “no” command to disable dot1x address filter function. Command mode: global configuration mode Default: switch disable dot1x address filter function. Instructions: While enable switch dot1x address filter function, switch will filter authentication MAC address, only the authentication requirement which from dot1x address filter list will be accepted.
Switch(Config-Ethernet1/3)#dot1x max-user 5 8.2.2.10 dot1x port-control Command: dot1x port-control {auto|force-authorized|force-unauthorized } no dot1x port-control Function: Configure port 802.1x authorize status; use the “no” command to restore default. Parameter: auto is used to enable 802.
Command: dot1x re-authenticate [interface ] Function: Configure the 802.1x re-authenticate to all port or some specific port in time, not need to wait for time to expire. Parameter: is port ID, if there’s no parameter, it means all port. Command mode: privilege configuration mode Instructions: This command which belong to privilege mode, after configured this command, switch re-authenticate to client at once, not need to wait re-authenticate clock expire.
8.2.2.15 dot1x timeout re-authperiod Command: dot1x timeout re-authperiod no dot1x timeout re-authperiod Function: Configure switch re-authenticate time interval to supplicant; use the “no” command to restore default. Parameter: re-authenticate time interval, unit is second, The range: 1~65535. Command mode: global configuration mode Default: Default is 3600 seconds. Instructions: When modify switch re-authenticate time interval to supplicant, must enable dot1x re-authentication first.
according to configuration gradation; if configure primary, will use this RADIUS server first. Command mode: global configuration mode Default: system without configure RADIUS accounting server. Instructions: This command for specify accounting RADIUS server IP address and port ID which connect with switch, may configure many command.
8.2.2.19 radius-server dead-time Command: radius-server dead-time no radius-server dead-time Function: Configure the recover time after RADIUS server dead; use the “no” command to restore default configuration. Parameter: is the recover time after RADIUS server dead in minutes, The range: 1~255. Command mode: global configuration mode Default: Default is 5 minutes.
Function: Configure RADIUS authentication message retransmit times; use the “no” command to restore default configuration. Parameter: is RADIUS server retransmit times, The range: 0~100. Command mode: global configuration mode Default: Default is 3 times. Instructions: After this command specify switch sending data packet to RADIUS server, the times which need to retransmit this data packet when it cannot receive RADIUS server response.
8.3 802.1X Apply Example 10. 1. 1. 2 10. 1. 1. 1 Ra d i u s Se r v e r 10. 1. 1. 3 Figure 8-2 IEEE802.1x configuration example topology figure Computer connect to switch port 1/2, IEEE802.1x authentication function in port 1/2 is enabled, the access method adopt default method is based on MAC address authentication. Configure switch IP address to 10.1.1.2. Connect any port except for port 1/2 to RADIUS authentication server. Configure RADIUS authentication server IP address as 10.1.1.3.
8.4 802.1X Trouble Shooting 8.4.1 802.1X Debug and Monitor Command 8.4.1.1 show aaa config Command: show aaa config Function: Displays the existing configuration commands while the switch works as RADIUS client. Command mode: privilege mode Instructions: Display switch whether is enable aaa authentication, accounting function, and authentication key, authentication, accounting server information, etc.
.Socket No = 0 accounting server[1].Host IP = 192.168.1.208 .Udp Port = 1813 .Is Primary = 0 .Is Server Dead = 0 .Socket No = 0 Time Out = 3 Retransmit = 3 Dead Time = 5 Account Time Interval = 0 Display Content Is Aaa Enabled Description Display AAA authentication function whether is enable. 1 means enable; 0 means disable; Display Is Account Enabled AAA accounting function whether is enable.
8.4.1.2 show aaa authenticated-user Command: show aaa authenticated-user Function: Displays the online authenticated users. Command mode: privilege mode Instructions: Other online user information is typically used for technical support engineers for diagnosis and troubleshooting.
Example: 1. Show radius authenticated-user statistics information. Switch #show radius authenticated-user count --------------------- Radius user statistic--------------------The authenticated online user num is: The total user num is: 1 1 2.
802.1x is enabled on ethernet 1 Authentication Method: Port based Status Authorized Port-control Auto Supplicant 00-03-0F-FE-2E-D3 Authenticator State Machine State Authenticated Backend State Machine State Idle Reauthentication State Machine State Stop Display Content Global 802.1x Parameters reauthenabled Explanation Global 802.
Backend State Machine Backend state machine status Reauthentication Reauthentication state machine status State Machine 8.4.1.6 debug aaa Command: debug aaa no debug aaa Function: Enable aaa debug information; use the “no” command to close aaa debug information. Command mode: privilege configuration mode Parameter: None Instructions: Enables aaa debug information, may check the negotiation process of Radius protocol, it’s conduce to debug trouble when have troubles.
z z z port. For enabling the 802.1x authentication function, it is necessary to disable the trunk functions of the port. If the switch is configured correctly and the authentication is still not passed, it is recommended to examine whether links are established between the switch and RADIUS server, the switch and 802.1x; the configuration of switch port VLAN should also be examined. The event log of RADIUS server is examined for determining the reasons of problems.
z z z authentication and accounting)It is equivalent to CLI command 8.2.2.19. System recovery time (1-255 minute) - Configure the recover time after RADIUS server dead. It is equivalent to 8.2.2.18. RADIUS Retransmit times(0-100) - Configure RADIUS authentication message retransmit times. It is equivalent to CLI command 8.2.2.20. RADIUS server timeout (1-1000 second) - Configure RADIUS server timeout timer. It is equivalent to CLI command 8.2.2.20.
8.5.1.3 RADIUS accounting configuration Click Authentication configuration, RADIUS client configuration, RADIUS accounting configuration. Configure RADIUS accounting server IP address and monitor port ID. It is equivalent to CLI command 8.2.2.16. z Accounting server IP - server IP address. z Accounting server port (optional) – is the accounting server port ID, The range: 0~65535, the “0” means that it’s not work as authentication server.
Click Authentication configuration, 802.1X configuration, open 802.1x function configuration management list, user may configure switch 802.1x function. 8.5.2.1 802.1X Configuration Click Authentication configuration, 802.1X configuration, 802.1X configuration. Configure 802.1x global configuration: z 802.1x status – Enable, disable switch 802.1x function. It is equivalent to CLI command 8.2.2.5.
8.5.2.2 802.1X port authentication configuration Click Authentication configuration, 802.1X configuration, 802.1X port authentication configuration. Configure port 802.1xFunction: z Port – assign port z 802.1x status – port 802.1x status, Enable, 802.1x function is enable; Close, 802.1x function is close, the same as CLI command 8.2.2.5. z Authentication type - Configure port 802.1x authentication status. Auto means enable 802.
Click Authentication configuration, 802.1X configuration, 802.1x port mac configuration. Add a MAC address table to dot1x address filter. It is equivalent to CLI command 8.2.2.3. z Port –If specify port, the added list only suitable for specific port, specify All Ports, the added list suitable for all port.
Chapter 9 ACL Configuration 9.1 Introduction to ACL ACL (Access Control List) is an IP packet filtering mechanism employed in switches, providing network traffic control by granting or denying access through the switches, effectively safeguards the security of networks. The user can lay down a set of rules according to some information specific to the packet, each rule describes the action for a packet with certain information matched: “permit” or “deny”.
decide whether to permit or deny access. 9.1.3 Access list Action and Global Default Action There are two access list action and default action: “permit” or “deny”. The following rules apply: z An access list can consist of several rules. Filtering of packets is to compare packet conditions to the rules, from the first rule to the first matched rule; the rest of the rules will not be processed. z Global default action applies only to IP packets in the incoming direction on the ports.
3. Bind access list to a specific direction of the specified port. 1. Configuring access list (1) Configuring a numbered standard IP access list Command Explanation Global Mode access list {deny | permit} {{ } | any-source | {host-source }} no access list Create a numbered standard IP access list, if the access list already exists, then a rule will add to the current access list; the “no access list ” command deletes a numbered standard IP access list.
access list {deny | permit} {eigrp | gre | igrp | ipinip | ip | } {{ } | any-source | {host-source }} {{ } | any-destination | {host-destination }} [precedence ] [tos ] Create a numbered IP extended IP access rule for other specific IP protocol or all IP protocols; if the numbered extended access list of specified number does not exist, then an access list will be created using this number.
[no] {deny | permit} icmp {{ } | any-source | {host-source }} {{ } | any-destination | {host-destination }} [ []] [precedence ] [tos ] Create an extended name-based ICMP IP access rule; the “no” form command deletes this name-based extended IP access rule [no] {deny | permit} igmp {{ } | any-source | {host-source }} {{ } | any-destination | {host-destination }} []
disable global packet filtering function firewall disable (2) Configure default action. Command Explanation Global Mode 3. firewall default permit Set default action to “permit” firewall default deny Set default action to “deny” Bind access-list to a specific direction of the specified port.
[tos ] no access-list Function: Create a numbered extended IP access rule for specific IP protocol or all IP protocols; if the numbered extended access list of specified number does not exist, then an access list will be created using this number. The “no” form command deletes a numbered extended IP access list.
be created, and entries can be added to that ACL. Example: Create a standard IP access list numbered 20, allowing packets from 10.1.1.0/24 and deny packets from 10.1.1.0/16. Switch(Config)#access list 20 permit 10.1.1.0 0.0.0.255 Switch(Config)#access list 20 deny 10.1.1.0 0.0.255.255 9.2.2.3 firewall Command: firewall { enable | disable} Function: Enable or disable firewall. Parameter: Enable for allow firewall function; disable for prevent firewall action. Default: The firewall is disabled by default.
Function: Create a name-based extended IP access list; the “no ip access extended ” command delete the name-based extended IP access list Parameter: is the name for access list, the character string length is 1 – 8, pure digit sequence is not allowed. Command mode: Global Mode Default: No IP address is configured by default. Usage Guide: When this command is run for the first time, only an empty access list with no entry will be created.
Example: Bind access list “aaa” to the incoming direction of the port. Switch(Config-Ethernet1/1)#ip access-group aaa in 9.2.2.
d-port 32 9.2.2.9 permit | deny(standard) Command: {deny | permit} {{ } | any | {host }} no {deny | permit} {{ } | any | {host }} Function: Create a standard name-based IP access rule; the “no” form command deletes the name-based standard IP access rule Parameter: Parameter: is the source IP address in dot decimal format; is the mask complement for source IP in dot decimal format.
Switch#show firewall Firewall Status: Enable. Firewall Default Rule: Permit. Switch#show access lists access list 110(used 1 time(s)) access list 110 deny tcp 10.0.0.0 0.0.0.255 any-destination d-port 21 Switch#show access-group interface ethernet 1/10 interface name: Ethernet1/10 the ingress acl use in firewall is 110. 9.4 ACL Troubleshooting Help 9.4.1 ACL Debug and Monitor Commands 9.4.1.1 show access lists Command: show access lists [|] Function: Displays the access list configured.
access list 10 deny any-source Deny all IP packets passage. access list 100(used 1 time(s)) Numbered ACL100, reference time: 1. access list 100 deny ip any-source Deny IP packets of any source addresses and any-destination destination addresses. access list 100 deny tcp any-source any-destination 9.4.1.2 Deny TCP packets of any source IP addresses and destination IP addresses.
Command mode: Admin Mode Usage Guide: Example: Switch#show firewall Firewall Status: Enable. Firewall Default Rule: Permit. Displayed information Explanation Firewall Status: Enable. Enable packet filtering function Firewall Default Rule: Permit. The default action for packet filtering is “permit” 9.4.2 ACL Troubleshooting Help & The check for entries in the ACL is in a top-down order, and ends whenever an entry is matched.
ACL name configuration – Configure name ACL, including standard ACL and extended ACL Filter configuration - Enable filter globally. ACL filter is binded to the port by default. 9.5.1Add standard numeric IP ACL configuration Click Numeric ACL configuration, Add standard numeric. Users can configure ACL. See the equivalent CLI command at 9.2.2.
Users can configure the following types of numeric ACL: Add ICMP numeric extended ACL - Add ICMP numeric extended ACL Add IGMP numeric extended ACL - Add IGMP numeric extended ACL Add TCP numeric extended ACL - Add TCP numeric extended ACL Add UDP numeric extended ACL - Add UDP numeric extended ACL Add numeric extended ACL for other protocols - numeric extended ACL for other protocols Click the node. The configuration page is shown. See the equivalent CLI command at 9.2.2.
Target port – Specify the target port For other protocols, the following fields need to be configured: Matched protocol – Specify the matched protocol: IP, EIGRP, OSPF, IPINIP and Input protocol manually. When “Input protocol manually, users can imput protocol number. For example: Configure an extended ACL numbered 110 which denies the TCP packets with the source address as 10.0.0.0/24 and target port as 21.
Source address type - Specified IP address or allow any address Source IP address – Specify source IP address Reverse network mask – Specify reverse network mask Operation type – Add; Remove For example: Add a stanard name ACL. Set ACL name to ac1; configure other fields; set Operation type to Add, and then click Apply. 9.5.5Extended ACL name configuration Click ACL name configuration.
Firewall default action – Configure firewall default action. “accept” is used to allow packets to pass; “refuse” is used to deny packets to pass. See the equivalent CLI command at 9.2.2.4 For example: Set Packet filtering to Enable; set Firewall default action to accept, and then click Apply. 9.5.7ACL port binding configuration Click Filter configuration. The configuration page is shown.. See the equivalent CLI command at 9.2.2.
Chapter 10 Port Channel Configuration 10.1 Introduction to Port Channel To understand Port Channel, Port Group should be introduced first: Port Group is a group of physical ports in the configuration level, only physical ports in the Port Group can take part in link aggregation and become a member port of Port Channel. Logically, Port Group is not a port but a port sequence.
For Port Channel to work properly, member ports of the Port Channel must have the same properties as the following: ) All ports in full duplex mode. ) Ports are of the same speed. ) All ports are Access ports and belong to the same VLAN or are all Trunk ports. ) If the ports are Trunk ports, then their “Allowed VLAN” and “Native VLAN” property should also be the same.
Command Explanation Interface Mode port-group mode {active|passive|on} Add ports to the no port-group port group and set their mode. 3. Enter port-channel configuration mode. Command Explanation Global Mode interface port-channel Create and enter port-channel configuration mode. 10.2.2 Port Channel Configuration Commands 10.2.2.
Switch(Config)# port-group 1 Delete a port group. Switch(Config)#no port-group 1 10.2.2.2 port-group mode Command: port-group mode {active|passive|on} no port-group Function: Add the physical port to the port channel; The command “no port-group ” removes the port from the port channel. Parameter: sets the port channel number.
saved and will be restored until the ports are aggregated. Note such restoration will be performed only once, if an aggregated group is ungrouped and aggregated again, the initial user configuration will not be restored. If it is the configuration to other modules, such as shutdown or speed configuration, then the configuration to current port will apply to all member ports in the corresponding port group. Example: Enter configuration mode for port-channel1.
Switch2 (Config)#port-group 2 Switch2 (Config)#interface eth 1/6 Switch2 (Config-Ethernet1/6)#port-group 2 mode passive Switch2 (Config-Ethernet1/6)#exit Switch2 (Config)# interface eth 1/8-9 Switch2 (Config-Port-Range)#port-group 2 mode passive Switch2 (Config-Port-Range)#exit Switch2 (Config)#interface port-channel 2 Switch2 (Config-If-Port-Channel2)# Configuration result: Shell prompts ports aggregated successfully after a while, now port 1, 2, 3 of Switch1 forms a aggregated port named “Port-Channel1”,
Switch1 (Config-Ethernet1/2)#exit Switch1 (Config)#interface eth 1/3 Switch1 (Config-Ethernet1/3)# port-group 1 mode on Switch1 (Config-Ethernet1/3)#exit Switch2#config Switch2 (Config)#port-group 2 Switch2 (Config)#interface eth 1/6 Switch2 (Config-Ethernet1/6)#port-group 2 mode on Switch2 (Config-Ethernet1/6)#exit Switch2 (Config)# interface eth 1/8-9 Switch2 (Config-Port-Range)#port-group 2 mode on Switch2 (Config-Port-Range)#exit Configuration result: Add port 1, 2, 3 of Switch1 to port-group1 in order,
“port-channel” displays port aggregation information. Command mode: Admin Mode Usage Guide: If “port-group-number” is not specified, then information for all port groups will be displayed. Example: Add port 1/1 and 1/2 to port-group1. 1. Display summary information for port-group1.
port Ethernet1/2 : both of the port and the agg attributes are not equal the general information of the port are as follows: portnumber: 2 actor_port_agg_id: 0 partner_oper_key: 0x0002 actor_oper_port_key: 0x0102 mode of the port: ACTIVE lacp_aware: enable begin: FALSE port_enabled: FALSE partner_oper_sys: 0x000000000000 lacp_ena: TRUE ready_n: TRUE the attributes of the port are as follows: mac_type: ETH_TYPE duplex_type: FULL speed_type: ETH_SPEED_100M port_type: ACCESS the machine state and
4. Display member port information for port-group1. Switch# show port-group 1 port Sorted by the ports in the group 1 : -------------------------------------------the portnum is 1 port Ethernet1/1 related information: Actor part Administrative port number port priority 1 0x8000 aggregator id port key Operational 0 0x0100 0x0101 . 1 port state LACP activety LACP timeout . . Aggregation 1 1 Synchronization . . Collecting . . Distributing . . Defaulted 1 1 Expired . .
Expired . . Selected Unselected Displayed information Explanation portnumber Port number port priority Port Priority system system ID system priority System Priority LACP activety Whether port is added to the group in “active” mode, 1 for yes. LACP timeout Port timeout mode, 1 for short timeout. Aggregation Whether aggregation is possible for the port, 0 for independent port that do not allow aggregation. Synchronization Whether port is synchronized with the partner end.
Number of port Port number in the port-channel. Standby port Port that is in “standby” status, which means the port is qualified to join the channel but cannot join the channel due to the maximum port limit, thus the port status is “standby” instead of “selected”. 10.4.1.2 debug lacp Command: debug lacp no debug lacp Function: Enables the LACP debug function: the “no debug lacp” command disables this debug function. Command mode: Admin Mode Default: LACP debug information is disabled by default.
otherwise LACP packet wouldn’t be initialed. & LACP cannot be used on port enabled Security and 802.1x, therefore it cannot be enabled if those two protocols are present on the port. & Port Channel Configuration 10.5 Web Management Click Port Channel configuration. LACP port group configuration node and LACP port configuration node are shown. LACP port group page is used to configure and show goupe; LACP port page is used to configure and show group member ports. 10.5.
10.5.2 LACP port configuration Click LACP port configuration. The configuration page is shown. See the equivalent CLI command at 10.2.2.2 The explanation of each field is as below: group num - Group number Port - Specify the port Port mode - Configure port mode: active, passive or on Operation type - Add port to group or Remove port from group For example: Set group num to 1; set Port to Ethernet 1/1; set Port mode to active; set Operation type to Add port to group, and then click Apply.
Chapter 11 DHCP Configuration 11.1 Introduction to DHCP DHCP [RFC2131] is the acronym for Dynamic Host Configuration Protocol. It is a protocol that assigns IP address dynamically from the address pool as well as other network configuration parameters such as default gateway, DNS server, default route and host image file position within the network. DHCP is the enhanced version of BootP.
DHCP packets so that the DHCP packets exchange can be completed between the DHCP client and server. ES4626/ES4650 can act as both a DHCP server and a DHCP relay. DHCP server supports not only dynamic IP address assignment, but also manual IP address binding (i.e. specify a specific IP address to a specified MAC address or specified device ID over a long period.
Command Explanation DHCP Address Pool Mode network-address [mask | prefix-length] Configures the address scope that can be allocated to the address pool no network-address default-router Configures default gateway for DHCP [address1[address2[…address8]]] clients no default-router dns-server Configures DNS server for DHCP clients [address1[address2[…address8]]] no dns-server Configures Domain name for DHCP domain-name clients; the “no domain-name” command no domain-nam
(3) Configure manual DHCP address pool parameters Command Explanation DHCP Address Pool Mode hardware-address Specifies the hardware address when [{Ethernet | IEEE802|}] assigning address manually no hardware-address host [ Specifies the IP address to be assigned | ] to the specified client when binding no host address manually client-identifier Specifies the unique ID of the user when no client-identifier
on bootup. This command is together with the “next sever”. Example: The path and filename for the file to be imported is “c: \temp\nos.img”. Switch(dhcp-1-config)#bootfile c: \temp\nos.img Related command: next-server 11.2.2.2 client-identifier Command: client-identifier no client-identifier Function: Specify the unique ID of the user when binding address manually; the “no client-identifier” command deletes the identifier.
Command: default-router [[…]] no default-router Function: Configure default gateway(s) for DHCP clients; the “no default-router” command deletes the default gateway. Parameter: address1…address8 are IP addresses, in dotted decimal format. Default: No default gateway is configured for DHCP clients by default.
Example: Specify “company.com.cn" as the DHCP clients’ domain name. Switch(dhcp-1-config)#domain-name company.com.cn 11.2.2.7 hardware-address Command: hardware-address [{Ethernet | IEEE802|}] no hardware-address Function: Specify the hardware address of the user when binding address manually; the “no hardware-address” command deletes the setting.
system will assign a mask automatically according to the IP address class. This command is used with “hardware address” command or “client identifier” command when binding address manually. If the identifier or hardware address of the requesting client matches the specified identifier or hardware address, the DHCP server assigns the IP address defined in “host” command to the client. Example: Specify IP address 10.1.128.
Command mode: Global Mode Usage Guide: This command can be used to exclude one or several consecutive addresses in the pool from being assigned dynamically so that those addresses can be used by the administrator for other purposes. Example: Reserve addresses from 10.1.128.1 to 10.1.128.10 from dynamic assignment. Switch(Config)#ip dhcp excluded-address 10.1.128.1 10.1.128.10 11.2.2.
11.2.2.13 lease Command: lease { [] [][] | infinite } no lease Function: Set the lease for addresses in the address pool; the “no lease” command restores the default setting. Parameter: is number of days from 0 to 365; is number of miniature from 0 to 59; infinite means perpetual use. Default: The default lease duration is 1 day.
Function: Set the node type for the specified port; the “no netbios-node-type” command cancels the setting. Parameter: b-node stands for broadcasting node, h-node for hybrid node that broadcasts after point-to-point communication; m-node for hybrid node communicates in point-to-point after broadcast; p-node for point-to-point node; is the node type in Hex from 0 to FF. Default: No client node type is specified by default.
Command: next-server [[…]] no next-server Function: Set the server address for storing the client import file; the “no next-server” command cancels the setting. Parameter: address1…address8 are IP addresses, in the dotted decimal format. Command Mode: DHCP Address Pool Mode Usage Guide: This command configures the address for the server hosting client import file. This is usually used for diskless workstations that need to download configuration file from the server on bootup.
Default: DHCP service is disabled by default. Command mode: Global Mode Usage Guide: Both DHCP server and DHCP relay are included in the DHCP service. When DHCP service enables, both DHCP server and DHCP relay are enabled. ES4626/ES4650 can only assign IP address for the DHCP clients and enable DHCP relay when DHCP server function is enabled. Example: Enable DHCP server. Switch(Config)#service dhcp 11.
DHCP relay can not only send DHCP broadcasting packets to the specified DHCP servers, but can also send other specified UDP broadcast packet to specified servers. 11.3.1 DHCP Relay Configuration Task Sequence 1. Enable DHCP relay. 2. Configure DHCP relay to forward DHCP broadcast packet. 3. Configure DHCP relay to forward other UDP broadcast packet. 4. Disable DHCP relay from forwarding DHCP broadcast packet. 1. Enable DHCP relay. DHCP server and DHCP relay is enabled as the DHCP service is enabled.. 2.
11.3.2.1 ip forward-protocol udp Command: ip forward-protocol udp no ip forward-protocol udp Function: Set DHCP relay to forward UPD broadcast packets on the port; the “no ip forward-protocol udp ” command cancels the service. Default: DHCP relay forwards DHCP broadcast packet by default (UDP port 67). Command mode: Global Mode Usage Guide: The forwarding destination address is set in the “ip helper-address” command described later. Example: Set TFTP packets to be forwarded to 192.168.1.
command to stop the DHCP message forwarding. The command “no ip dhcp relay information policy drop” restores the DHCP message forwarding. Default: DHCP relay forwards DHCP broadcasting messages by default. Command mode: Global Mode Usage Guide: When DHCP messages shouldn’t be forwarded for certain reasons, this command can be used to stop the forwarding. Example: Disable DHCP broadcasting messages forwarding function. Switch(Config)# ip dhcp relay information policy drop 11.
Switch(dhcp-A-config)#dns-server 10.16.1.202 Switch(dhcp-A-config)#netbios-name-server 10.16.1.209 Switch(dhcp-A-config)#netbios-node-type H-node Switch(dhcp-A-config)#exit Switch(Config)#ip dhcp excluded-address 10.16.1.200 10.16.1.210 Switch(Config)#ip dhcp pool B Switch(dhcp-B-config)#network 10.16.2.0 24 Switch(dhcp-B-config)#lease 1 Switch(dhcp-B-config)#default-route 10.16.2.200 10.16.2.201 Switch(dhcp-B-config)#dns-server 10.16.2.202 Switch(dhcp-B-config)#option 72 ip 10.16.2.
Switch (Config)#vlan 2 Switch (Config-Vlan-2)#exit Switch (Config)#interface Ethernet 1/2 Switch (Config-Erthernet1/2)#switchport access vlan 2 Switch (Config-Erthernet1/2)#exit Switch (Config)#interface vlan 2 Switch (Config-if-Vlan2)#ip address 10.1.1.1 255.255.255.0 Switch (Config-if-Vlan2)#exit Switch (Config)#ip forward-protocol udp 67 Switch (Config)#interface vlan 1 Switch (Config-if-Vlan1)#ip help-address 10.1.1.
11.5.1.1 clear ip dhcp binding Command: clear ip dhcp binding {
| all } Function: Delete the specified IP address-hardware address binding record or all IP address-hardware address binding records. Parameter: is the IP address that has a binding record, in dotted decimal format. all refers to all IP addresses that have a binding record.Related command: ip dhcp conflict logging,show ip dhcp conflict 11.5.1.3 clear ip dhcp server statistics Command: clear ip dhcp server statistics Function: Delete the statistics for DHCP server, clear the DHCP server count. Command mode: Admin Mode Usage Guide: DHCP count statistics can be viewed with “show ip dhcp server statistics” command, all information is accumulated. You can use this command to clear the count for easier statistics checking. Example: clear the count for DHCP server.
11.5.1.5 show ip dhcp conflict Command: show ip dhcp conflict Function: Display log information for address that has conflict record. Command mode: Admin Mode Example: Switch# show ip dhcp conflict IP Address Detection method 10.1.1.1 Ping Detection Time FRI JAN 02 00: 07: 01 2002 Displayed information Explanation IP Address Conflicting IP address Detection method Method in which the conflict is detected. Detection Time Time when the conflict is detected. 11.5.1.
Message Send BOOTREPLY 1911 DHCPOFFER 6 DHCPACK 6 DHCPNAK 0 DHCPRELAY 1907 DHCPFORWARD 0 Switch# Displayed information Explanation Address pools Number of DHCP address pools configured. Database agents Number of database agents.
Command: debug ip dhcp server { events|linkage|packets } no debug ip dhcp server { events|linkage|packets } Function: Enable DHCP server debug information: the “no debug ip dhcp server { events|linkage|packets }” command disables the debug information for DHCP server. Default: Debug information is disabled by default. Command mode: Admin Mode 11.5.
11.6.1.1 Enable DHCP Click DHCP configuration, DHCP server configuration, Enable DHCP. Users can enable or disable DHCP server, and configure logging server: DHCP server status – Enable or disable DHCP server. See the equivalent CLI command at 11.2.2.19 Conflict logging status – Enable or disable conflict logging. See the equivalent CLI command at 11.2.2.9 Logging server(optional) – Specify DHCP logging server IP address. See the equivalent CLI command at 11.2.2.
www.edge-core.com; for Address range for allocating, set IP address to 10.1.128.0; set Network mask to 255.255.255.0; set DHCP client node type to broadcast node; set Address lease timeout to 3 day 12 hour 30 minute, and then click Apply. The configuration is applied on the switch. 11.6.1.3 Client's default gateway configuration Click DHCP configuration, DHCP server configuration, Client's default gateway configuration. Users can configure DHCP client’s default gateway.
Click DHCP configuration, DHCP server configuration, Client DNS server configuration. Users can configure DHCP client DNS server. See the equivalent CLI command at 11.2.2.5: DHCP pool name – Select DHCP pool DNS server - Configure DNS server. Users can configure maximum eight DNS servers. DNS server 1 has the highest priority and DNS server 8 has the lowest priority. For example: Select DHCP pool name to 1; set DNS server 1 to 10.1.128.3, and then click Apply. The configuration is applied on the switch.
11.6.1.6 DHCP file server address configuration Click DHCP configuration, DHCP server configuration, DHCP file server address configuration. Users can configure DHCP client bootfile name and file server: DHCP pool name – Select DHCP pool name DHCP client bootfile name (1-128 character) – Specify bootfile name. See the equivalent CLI command at 11.2.2.1 File server – Specify file server. See the equivalent CLI command at 11.2.2.
11.6.1.7 DHCP network parameter configuration Click DHCP configuration, DHCP server configuration, DHCP network parameter configuration. Users can specify DHCP network parameters. See the equivalent CLI command at 11.2.2.
11.6.1.9 Excluded address Click DHCP configuration, DHCP server configuration, Manual address pool configuration.Users can configure the exclusive addresses on the DCHP pool. See the equivalent CLI command at 11.2.2.10: Starting address – Specify starting address Ending address - Specify ending address Operation type – Apply or delete the operation For example: Set Starting address to 10.1.128.1; set Ending address to 10.1.128.
11.6.2 DHCP relay configuration Click DHCP configuration, DHCP relay configuration. Users can configure DHCP relay. 11.6.2.1 DHCP relay configuration Click DHCP configuration, DHCP relay configuration, DHCP relay configuration. Users can configure DHCP relay: DHCP forward UDP configuration: Configure DHCP port to forward UDP packets. See the equivalent CLI command at 11.3.2.1: Port – Specify UDP port For example: Set Port to 69, and then click Add. The configuration is applied on the switch.
packet. See the equivalent CLI command at 11.3.2.2: IP address – Specify server IP address L3 Interface – Specify layer 2 interface For example: Set IP address to 192.168.1.5; set L3 Interface to Vlan1, and then click Add. The configuration is applied on the switch. Configure the relay policy to non-forward: Click Apply, DHCP relay is disabled on the switch; click Default, DHCP relay is enabled on the switch. 11.6.3 DHCP debugging Click DHCP configuration, DHCP debugging.
11.6.3.3 Delete DHCP server statistics log Click DHCP configuration, DHCP debugging, Delete DHCP server statistics log. Users can delete DHCP server statistics and restore the counter to zero. For example: Click Apply. All the DHCP statistics are deleted. 11.6.3.4 Show IP-MAC binding Click DHCP configuration, DHCP debugging, Show IP-MAC binding. Users can display IP-MAC binding. 11.6.3.5 Show conflict-logging Click DHCP configuration, DHCP debugging, Show conflict-logging.
Chapter 12 SNTP Configuration The Network Time Protocol (NTP) is widely used for clock synchronization for global computers connected to the Internet. NTP can assess packet sending/receiving delay in the network, and estimate computer clock deviation independently, so as to achieve high accuracy in network computer clocking. In most positions, NTP can provide accuracy from 1 to 50ms according to the characteristics of the synchronization source and network route.
Command: sntp poll no sntp poll Function: Set the interval for SNTP client to send request to NTP/SNTP; the “no sntp polltime” command cancels polltime set and restores the default setting. Parameter: < interval> is the interval value from 16 to 16284. Default: The default poll is 64 seconds. Command mode: Global Mode Example: Set the client to send request to the server every 128 seconds. Switch#config Switch(Config)#sntp poll 128 12.1.
12.2 Typical SNTP Configuration Examples SNTP/NTP Server Switch1 SNTP/NTP Server Switch2 Switch3 Fig 12-1 Typical SNTP Configuration All ES4626/ES4650 switches in the autonomous zone are required to perform time synchronization, which is done through two redundant SNTP/NTP servers. For time to be synchronized, the network must be properly configured. There should be reachable route between any ES4626/ES4650 and the two SNTP/NTP servers. Assume the IP addresses of the SNTP/NTP servers are 10.1.1.
Parameter: N/A. Command mode: Admin Mode Example: Display current SNTP configuration. Switch#show sntp SNTP server 2.1.0.2 Version 1 Last Receive never 12.3.1.2 debug sntp Command: debug sntp {adjust | packets | select } no debug sntp {adjust | packets | select} Function: Display or disable SNTP debug information. Parameter: adjust stands for SNTP clock adjustment information; packet for SNTP packets, select for SNTP clock selection.
interval of sending request from SNTP client to NTP/SNTP server. See the equivalent CLI command at 12.1.2 For example: Set Interval to 128, and then click Apply. The configuration is applied on the switch. 12.4.3 12.4.3 Time difference Click SNTP configuration, Time difference. Users can configure SNTP client time difference. See the equivalent CLI command at 12.1.3 & Time zone – Configure time zone.
Chapter 13 QoS Configuration 13.1 QoS 13.1.1 Introduction to QoS QoS (Quality of Service) is a set of capabilities that allow you to create differentiated services for network traffic, thereby providing better service for selected network traffic. QoS is a guarantee for service quality of consistent and predictable data transfer service to fulfill program requirements.
DSCP: Differentiated Services Code Point, classification information carried in Layer 3 IP packet header, occupying 6 bits, in the range of 0 to 63, and is downward compatible with IP Precedence. Classification: The entry action of QoS, classifying packet traffic according to the classification information carried in the packet and ACLs. Policing: Ingress action of QoS that lays down the policing policy and manages the classified packets.
may discard some low priority packets in case of bandwidth shortage. If devices of each hop in a network support differentiated service, an end-to-end QoS solution can be created. QoS configuration is flexible, the complexity or simplicity depends on the network topology and devices and analysis to incoming/outgoing traffic. 13.1.1.
classify the data stream. Different classes of data streams will be processed with different policies. 3. Configure a policy map. After data steam classification, a policy map can be created to associate with the class map created earlier and enter class mode. Then different policies (such as bandwidth limit, priority degrading, assigning new DSCP value) can be applied to different data streams. You can also define a policy set that can be use in a policy map by several classes.
Global Mode policy-map no policy-map Create a policy map and enter policy class no class After a policy map is created, it can be associated to a class. Different policy or new DSCP value can be applied to different data streams in class mode; map mode; the “no policy-map ” command deletes the specified policy map. the “no class ” command deletes the specified class.
no mls qos trust status of the port. mls qos cos { } no mls qos cos Configure the default CoS service-policy {input | output } no service-policy {input | output } Apply a policy map to the mls qos dscp-mutation no mls qos dscp-mutation Apply value of the port; the “no mls qos cos” command restores the default setting.
mls qos map {cos-dscp | dscp-cos to | dscp-mutation to |ip-prec-dscp | policed-dscp to } no mls qos map {cos-dscp | dscp-cos | dscp-mutation | ip-prec-dscp | policed-dscp} 13.1.2.
Switch(Config-ClassMap)# exit Switch(Config)#no class-map c1 13.1.2.2.3 match Command: match {access-group | ip dscp | ip precedence | vlan } no match {access-group | ip dscp | ip precedence | vlan } Function: Configure the matching criterion in the class map: the “no match {access-group | ip dscp | ip precedence | vlan }” command deletes the specified matching criterion.
policy map configuration mode. Example: Create and delete a policy map named “p1”. Switch(Config)#policy-map p1 Switch(Config-PolicyMap)#exit Switch(Config)#no policy-map p1 13.1.2.2.5 class Command: class no class Function: Associate a class to a policy map and enter the policy class map mode; the “no class ” command deletes the specified class. Parameter: < class-map-name> is the class map name used by the class.
Switch(Config)#policy-map p1 Switch(Config-PolicyMap)#class c1 Switch(Config--Policy-Class)#set ip precedence 3 Switch(Config--Policy-Class)#exit Switch(Config-PolicyMap)#exit 13.1.2.2.
no mls qos aggregate-policer Function: Define a policy set that can be used in one policy map by several classes; the “no mls qos aggregate-policer ” command deletes the specified policy set.
Switch(Config-PolicyMap)#exit 13.1.2.2.10 mls qos trust Command: mls qos trust [cos [pass-through-dscp]|dscp [pass-through-cos]| ip-precedence [pass-through-cos] |port priority ] [no] mls qos trust Function: Configure port trust; the “no mls qos trust” command disables the current trust status of the port.
Default: The default CoS value is 0. Command mode: Interface Mode Example: Set the default CoS value of port ethernet 1/1 to 5, i.e., packets coming in through this port will be assigned a default CoS value of 5 if no CoS value present. Switch(Config)#interface ethernet 1/1 Switch(Config-Ethernet1/1)#mls qos cos 5 13.1.2.2.
Default: There is no policy by default. Command mode: Interface Mode Usage Guide: For configuration of DSCP mutation mapping on the port to take effect, the trust status of that port must be “trust DSCP”. Applying DSCP mutation mapping allows DSCP value specified directly convert to new DSCP value without class and policy process. DSCP mutation mapping is effective to the local port only, “trust DSCP” refers to the DSCP value before DSCP mutation in this case.
queue mode wrr Function: Queue mode strict configure the queue out. Configure the queue to the output queue queue mode wrr restores wrr queue out Default: non-queue mode. Command mode: Interface Mode Usage Guide: When queue queue out mode is used, packets are no longer sent with WRR weighted algorithm, but send packets queue after queue. Example: Set the queue out mode to queue. Switch(Config-Ethernet1/1)# queue mode strict 13.1.2.2.16 wrr-queue cos-map Command: wrr-queue cos-map
mapping, DSCP to CoS mapping, DSCP to DSCP mutation mapping, IP precedence to DSCP and policed DSCP mapping; the “no mls qos map {cos-dscp | dscp-cos | dscp-mutation | ip-prec-dscp | policed-dscp}” command restores the default mapping. Parameter: cos-dscp defines the mapping from CoS value to DSCP,
1 2 3 4 5 6 7. Switch(Config)#mls qos map cos-dscp 0 1 2 3 4 5 6 7 13.1.3 QoS Example Scenario 1: Enable QoS function, change the queue out weight of port ethernet 1/1 to 1: 1: 2: 2: 4: 4: 8: 8, and set the port in trust CoS mode without changing DSCP value, and set the default CoS value of the port to 5.
Switch(Config-PolicyMap)#class c1 Switch(Config--Policy-Class)#police 10000 4000 exceed-action drop Switch(Config--Policy-Class)#exit Switch(Config-PolicyMap)#exit Switch(Config)#interface ethernet 1/2 Switch(Config-Ethernet1/2)#service-policy input p1 Configuration result: An ACL name 1 is set to matching segment 192.168.1.0.
precedence. Thus inside the QoS domain, packets of different priority will go to different queues and get different bandwidth. The configuration steps are listed below: QoS configuration in Switch1: Switch#config Switch(Config)#access-list 1 permit 192.168.1.0 0.0.0.
Usage Guide: This command indicates whether QoS is enabled or not. Example: Switch #show mls-qos Qos is enabled Displayed information Explanation Qos is enabled QoS is enabled. 13.1.4.1.2 show mls qos aggregate-policer Command: show mls qos aggregate-policer [] Function: Display policy set configuration information for QoS. Parameter: is the policy set name. Default: N/A.
Example: Switch #show mls qos interface ethernet 1/2 Ethernet1/2 default cos: 0 DSCP Mutation Map: Default DSCP Mutation Map Attached policy-map for Ingress: p1 Displayed information Explanation Ethernet1/2 Port name default cos: 0 Default CoS value of the port. DSCP Mutation Map: Default DSCP Port DSCP map name Mutation Map Attached policy-map for Ingress: p1 Name of the policy bound to the port.
Queue and weight type: Queue to weight mapping. QType WFQ or PQ queue out method Switch # show mls qos interface policers ethernet 1/2 Ethernet1/2 Attached policy-map for Ingress: p1 Displayed information Explanation Ethernet1/2 Port name Attached policy-map for Ingress: p1 Policy map bound to the port.
IpPrecedence-dscp map: ipprec: 0 1 2 3 4 5 6 7 ------------------------------------dscp: 0 8 16 24 32 40 48 56 Dscp-cos map: d1 : d2 0 1 2 3 4 5 6 7 8 9 0: 0 0 0 0 0 0 0 0 1 1 1: 1 1 1 1 1 1 2 2 2 2 2: 2 2 2 2 3 3 3 3 3 3 3: 3 3 4 4 4 4 4 4 4 4 4: 5 5 5 5 5 5 5 5 6 6 5: 6 6 6 6 6 6 7 7 7 7 6: 7 7 7 7 Policed-dscp map: d1 : d2 0 0: 13.1.4.1.
Match acl name: 1 Displayed information Explanation Class map name: c1 Name of the Class map Match acl name: 1 Classifying rule for the class map. 13.1.4.1.6 show policy-map Command: show policy-map [] Function: Display policy map of QoS. Parameter: < policy-map-name> is the policy map name. Default: N/A. Command mode: Admin Mode Usage Guide: Display all configured policy-map or specified policy-map information.
& Policy map can only be bound to ingress direction, egress is not supported yet. & If the policy is too complex to be configured due to hardware resource limit, error massages will be provided. 13.1.5 Web Management Select QoS configuration and it consist of six sections as following: z z z z z z Enable QoS Class-map configuration Policy-map configuration Apply QoS to port Egress-queue configuration QoS mapping configuration 13.1.5.
13.1.5.2.1 Add/Remove Class-map Click Add/Remove class-map then entry the configure page. It is equivalent to CLI command 13.1.2.2.2. All sections describe as following: z Class - map name z Operation type-Create class table and Remove class table. Adding class-map name, specify the class-map name, select Create class table, then click Apply. 13.1.5.2.2 Class-map Configuration Click Class-map configuration then entry the configure page. It is equivalent to CLI command 13.1.2.2.3.
13.1.5.3 Policy-map Configuration Click Policy-map configuration to display the extension, including five sections: z Add/Remove policy-map z Policy-map priority configuration z Policy-map bandwidth configuration z Add/Remove aggregate policer z Apply aggregate policer 13.1.5.3.1 Add/Remove Policy-map Click Add/Remove policy-map then entry the configure page. It is equivalent to CLI command 13.1.2.2.4. All sections describe as following: z Policy-map name z Operation type.
13.1.5.3.2 Policy-map Priority Configuration Click Policy-map priority configuration to entry configure page. It is equivalent to CLI command 13.1.2.2.6. All sections describe as following: z Policy-map name z Class-map name z Priority type. DSCP value or IP precedence value z Priority value z Operation type. Set or Remove.
z drop and policied-dscp-transmit, the latter is by a mapping function between given DSCP and corresponding policy and mark the DSCP into the packet. Operation type-Set or Remove. To configure Policy-map bandwidth configuration, select p1 to Policy-map name, input c1 to Class-map name, all sections choose as default setting, select Set to Operation type, then click Apply. 13.1.5.3.4 Add/Remove Aggregate Policer Click Add/Remove aggregate policer to entry configure page.
Click Apply aggregate policer to entry the configure page. It is equivalent to CLI command 13.1.2.2.9. All sections describe as following: z Aggregate policer name z Policy-map name z Class-map name To apply the aggregate policer agg1 by c1 class-map, input the graphic presentation value, then click Add. 13.1.5.
z Default-Will back to startup setting. This command will modify the configuration. The parameter will take effect alternative port trust status and port priority. To configure the port Ethernet 1/1 with trust mode, should set the packet by COS value classification first and keep it without changing DSCP value. Choosing the Ethernet1/1 port and select the cos and pass-through-dcsp for Port trust status, then click Apply. 13.1.5.4.
z z Operation-Set or Remove Reset-Will set column as startup defaults. This command will not modify the configuration. Apply-Will take effort to all setting. This command will modify the configuration. If would like to set the policy-map in port Ethernet 1/1. Choosing Ethernet1/1 for port and p1 for policy-map; to select Input for port direction and Set for operation, then click Apply. 13.1.5.4.4 Apply DSCP Mutation Mapping Click Apply DSCP mutation mapping to entry the configure page.
Click Egress-queue WRR weight configuration to entry the configure page. It is equivalent to CLI command 13.1.2.2.14. All sections describe as following: z Port nameWeight for queue 0-7 z Operation-Set or Remove z Reset-Will set column as startup defaults. This command will not modify the configuration. z Apply-Will take effort to all setting. This command will modify the configuration.
Click Mapping CoS values to egress queue to entry the configure page. It is equivalent to CLI command 13.1.2.2.16. All sections describe as following: z Queue-ID z CoS value-Mapping CoS values to Egress queue. Up to 8 queue to be supported. z Reset-Will set column as startup defaults. This command will not modify the configuration. z Default-Will back to startup setting. This command will modify the configuration.
z Operation-Set or Remove If would like applying CoS value 2 to map DSCP value 20, it should input the DSCP value 20 in CoS value 2 column, selecting Set for Operation type, then click Apply. 13.1.5.6.2 DSCP-to-CoS Mapping Click DSCP-to-CoS mapping to entry configure page.
To configure the DSCP mutation mapping should input the required value first, selecting Set for Operation type, then click Apply. 13.1.5.6.4 IP-Precedence-to-DSCP Mapping Click IP-Precedence-to-DSCP mapping to entry the configure page.
value 30 first and policed DSCP 1/2 for value10/20, selecting Set for Operation type, then click Apply. 13.2 PBR This chapter describes how to configure the PBR through the examples. 13.2.1 PBR Introduction The PBR (Policy-Based Routing) allows modifying the next hop of the packets according to IP source address, IP destination address, IP precedence, ToS, IP protocol, source port number and destination port number etc. 13.2.2 PBR Configuration 13.2.2.
The policy has to apply to the port. 13.2.2.2 PBR Command 13.2.2.2.1 mls qos Commands: mls qos no mls qos Function: Enable the QoS globally, and the PBR is enabled automatically; The command “no mls qos” disables the QoS and the PBR globally. Command mode: Global Mode Default: The PBR is disabled. Usage Guide: When the QoS is enabled, the PBR is enabled automatically. But the PBR can’t be enabled independently. Example: Enable and disable the QoS and the PBR.
deletes the specified match. Parameter: access-group specifies the ACL. The attribute is the ACL number or name. Default: By default, there is no match. Command mode: Class-map Mode Usage Guide: Only one match can be set in one class-map. When the ACL applies to the PBR, the actions of permit and deny are to specify the next hop or not to specify the next hop when IP messages meet the match.
Default: By default, there is no policy-map. Command mode: Policy-map Mode Usage Guide: Before create a policy-map class, users must create a policy-map and enter the policy mode; Inside a policy-map, users can set the next hop according to the traffic. The priority of the classes is decided by the sequence of configuration. For example, if class c1 is configured before class c2, c1 has high priority than c2. Example: Enter a policy-map mode.
Parameter: input applies the specified policy-map to the current port for the inbound traffic; output applies the specified policy-map to the current port for the outbound traffic. Default: By default, there is no bound policy-map. Command mode: Interface Mode Usage Guide: The port trust and applied port policy-map are mutually exclusive. The new configuration will replace the previous one. Each port can only apply a policy-map for one direction.
Configuration Result: Set the ACL a1 which includes 2 policies. The first policy allows the traffic which has the source IP address as 192.168.1.0/24. The second policy denies the traffic which has the source IP address as 192.168.1.0/24 and has the destination IP address as 192.168.0.0/16. Then, enable the QoS globally. Create a class-map called c1. Set the match for the ACL a1 in the class-map c1. Create a policy-map called p1. Quote c1 in the policy-map p1. Set the next hop IP address as 218.31.1.119.
Chapter 14 Layer 3 Forward Configuration ES4626/ES4650 supports Layer3 forwarding. Layer3 forwarding is to forward Layer3 protocol packets (IP packets) across VLANs. Such forwarding addresses using IP address, when a port receives an IP packet, it will index in its own route table and decide the operation according to the index result. If the IP packet is destined to another subnet reachable from this switch, then the packet will be forwarded from the appropriate port.
14.1.2 Layer3 interface configuration 14.1.2.1 Layer3 Interface Configuration Task Sequence Create Layer3 Interface Command Explanation Global Mode Create a VLAN interface (VLAN interface is interface vlan no interface vlan a Layer3 interface); the “no interface vlan ” command deletes the VLAN interface (Layer3 interface) created in the switch. 14.1.2.2 Layer3 Interface Configuration Commands 14.1.2.2.
14.2 IP Forwarding 14.2.1 Introduction to IP Forwarding Gateway devices can forward IP packets from one subnet to another; such forwarding uses the route to find a path. IP forwarding of ES4626/ES4650 is done with the participation of hardware and wire speed forwarding can be achieved. In addition, flexible management is provided to adjust and monitor forwarding.
Command mode: Global Mode Usage Guide: This command is used to optimize the aggregation algorithm: if the route table contains no default route, the next hop most frequently referred to will be used to construct a virtual default route to simplify the aggregation result. This method has the benefit of more effectively simplifying the aggregation result.
0 mask requests, 0 mask replies, 0 quench 0 parameter, 0 timestamp, 0 timestamp replies Sent: 0 total 0 errors 0 time exceeded 0 redirects, 0 unreachable, 0 echo, 0 echo replies 0 mask requests, 0 mask replies, 0 quench 0 parameter, 0 timestamp, 0 timestamp replies TCP statistics: TcpActiveOpens 0, TcpAttemptFails TcpCurrEstab 0, TcpEstabResets 0 0 TcpInErrs 0, TcpInSegs 0 TcpMaxConn 0, TcpOutRsts 0 TcpOutSegs 0, TcpPassiveOpens 0 0, TcpRtoAlgorithm 0 TcpRetransSegs TcpRtoMax 0, TcpRtoMin
quench 0 parameter, 0 timestamp, 0 timestamp replies Sent: 0 total 0 errors 0 time exceeded 0 redirects, 0 unreachable, 0 echo, 0 echo replies 0 mask requests, 0 mask replies, 0 Statistics of total ICMP packets sent and classified information quench 0 parameter, 0 timestamp, 0 timestamp replies TCP statistics: TCP packet statistics. UDP statistics: UDP packet statistics. 14.2.3.1.
resolution. ES4626/ES4650 supports both dynamic ARP and static configuration. Furthermore, ES4626/ES4650 supports the configuration of proxy ARP for some applications. For instance, when an ARP request is received on the port, requesting an IP address in the same IP segment of the port but not the same physical network, if the port enabled proxy ARP, the port would reply to the ARP its own MAC address and forward the actual packets received.
Default: No static ARP entry is set by default. Command mode: VLAN Interface Mode Usage Guide: Static ARP entries can be configured in the switch. Example: Configure static ARP for interface VLAN1. Switch(Config-If-Vlan1)#arp 1.1.1.1 00-03-0f-f0-12-34 eth 1/2 14.3.2.2.2 ip proxy-arp Command: ip proxy-arp no ip proxy-arp Function: Enable proxy ARP for VLAN interface; the “no ip proxy-arp” command disables proxy ARP. Default: Proxy ARP is disabled by default.
identifier of specified VLAN; for entry of specified MAC address; “static” for static ARP entry; “dynamic” for dynamic ARP entry; “count” displays number of ARP entries. Command mode: Admin Mode Usage Guide: Displays the content of current ARP table such as IP address, MAC address, hardware type and interface name, etc. Example: Switch#sh arp Total arp items: 3, matched: 3, Incomplete: 0 Address Hardware Addr Interface Port Flag 50.1.1.6 00-0a-eb-51-51-38 Vlan50 Ethernet3/11 Dynamic 50.
14.3.3.1.3 debug arp Command: debug arp no debug arp Function: Enable the ARP debug function: the “no debug arp” command disables this debug function. Default: ARP debug is disabled by default. Command mode: Admin Mode Usage Guide: Display contents for ARP packets received/sent, including type, source and destination address, etc. Example: Enable ARP debug. Switch#debug arp ip arp debug is on Switch#%Apr 19 15: 59: 42 2005 IP ARP: rcvd, type 1, src 192.168.2.100, 000A.EB5B. 780C, dst 192.168.2.1, 0000.
Chapter 15 Routing Protocol Configuration To communicate with a remote host over the Internet, a host must choose a proper route via a set of routers/L3 switches. Both routers or layer3 switches calculate the route using CPU, the difference is that layer3 switch adds the calculated route to the switch chip and forward by the chip at wire speed, while the router always store the calculated route in the route table or route buffer, and data forwarding is performed by the CPU.
layer3 switch has its own route table containing all routes used by that switch. Each route entry in the route table specifies the VLAN interface should be used for forwarding packet to reach a destination host or the next hop layer3 switch to the host. The route table mainly consists of the following: z Destination address: used to identify the destination address or destination network of a packet.
convenient for load balance and route backup. However, it also has its own defects. Static route, as its name indicates, is static. It won’t modify the route automatically on network failure, and manual configuration is required on such occasions, therefore it is not suitable for mid and large-scale networks. Static route is mainly used for the following two conditions: 1) in stable networks to reduce load of route selection and routing data streams.
Configures a default route; ip route 0.0.0.0 0.0.0.0 [] no ip route 0.0.0.0 0.0.0.0 [] the “no ip route []” command deletes a default route entry. 15.2.3.2 Static Route Configuration Commands z z ip route show ip route 15.2.3.2.
15.2.3.2.2 show ip route Command: show ip route [dest ] [mask ] [nextHop ] [protocol {connected | static | rip| ospf | ospf_ase | bgp | dvmrp}] [] [preference ] [count] Function: Display the route table.
Mask Mask of the destination network Nexthop Next hop IP address Interface The layer3 switch interface to next hop. Pref Route priority, if route of the other types exist to the destination network, only the route of the higher priority will be displayed in the core route table. 15.2.4 Configuration Scenario The figure below is a simple network consisting of three ES4626/ES4650 layer3 switches, the network mask for all switches and PC IP addresses is 255.255.255.0.
!Next hop use the partner IP address Switch(Config)#ip route 10.1.4.0 255.255.255.0 10.1.3.1 Configuration of layer3 switch Switch-2 Switch#config Switch(Config)#ip route 0.0.0.0 0.0.0.0 10.1.3.2 This way, ping connectivity can be established between PC1 and PC3, and PC2 and PC3 15.2.5 Troubleshooting Help 15.2.5.
RIP is first introduced in ARPANET, this is a protocol dedicated to small, simple networks. RIP is a distance vector routing protocol based on the Bellman-Ford algorithm. Network devices running vector routing protocol send 2 kind of information to the neighboring devices regularly: • Number of hops to reach the destination network, or metrics to use or number of networks to pass. • What is the next hop, or the director (vector) to use to reach the destination network.
224.0.0.9). Subnet mask field and RIP authentication filed (simple plaintext password and MD5 password authentication are supported), and support variable length subnet mask. RIP-II used some of the zero field of RIP-I and require no zero field verification. layer3 switches send RIP-II packets in multicast by default, both RIP-I and RIP-II packets will be accepted.
b. Configure RIP advertisement (2) Configure RIP routing parameters. a. configure route aggregation b. configure route introduction (default route metric, configure routes of the other protocols to be introduced in RIP) c. Enable interface to send/receive additional routing metric of RIP packets d. Configure interface authentication mode and password (3) Configure other RIP parameters a. Configure RIP routing priority b. Configure zero field verification for RIP packets c.
[no] rip broadcast 2) Configure RIP routing parameters. a. Configure route aggregation Command RIP configuration mode auto-summary no auto-summary Indicates RIP layer3 switch allow all ports to send broadcast/multicast packets; the “no rip broadcast” command disables all ports to send broadcast/multicast packets Explanation Configures route aggregation; the “no auto-summary” command disables route aggregation. b.
ip rip authentication key no ip rip authentication key Sets the authentication key; the “no ip rip authentication key-chain” command means no authentication key is used. 3) Configure other RIP parameters a. Configure RIP routing priority b. Configure zero field verification for RIP packets c.
Sets the version of RIP packets to receive on ip rip receive version {1 | 2 | 1 2} all ports; the “no ip rip receive version” command restores the default, i.e., receive no ip rip receive version both v1 and v2 packets, enables receiving RIP packets on the interface. ip rip receive version none Disables receiving RIP packets on the interface ip rip send version none Disables sending RIP packets on the interface 4.
z z z z router rip timer basic version show ip protocols z show ip rip z debug ip rip packet z debug ip rip recv z debug ip rip send 15.3.2.2.1 auto-summary Command: auto-summary no auto-summary Function: Configure route aggregation; the “no auto-summary” command disables route aggregation. Parameter: N/A. Default: Auto route aggregation is not used by default.
introducing routes from the other routing protocols to RIP. When using “redistribute” command to introduce routes of the other protocols without specifying detailed route metric, the default route metric set by “default-metric” command applies. Example: Set the default route metric for introducing routes of the other protocols into RIP to 3. Switch(Config-router-rip)#default-metric 3 Related command: redistribute 15.3.2.2.
Related command: ip rip authentication key 15.3.2.2.5 ip rip metricin Command: ip rip metricin no ip rip metricin Function: Set the additional route metric receiving RIP packets on the interface; the “no ip rip metricin” command restores the default setting. Parameter: < value> is the additional route metric, ranging from 1 to 15. Default: The default additional route metric used for RIP to receive packets is 1. Command mode: Interface Mode Related command: ip rip metricout 15.3.2.2.
Related command: no ip rip send version 15.3.2.2.8 ip rip send version none Command: ip rip send version none Function: Disable sending RIP packets on the interface Default: Sending RIP packet is enabled by default.
in multicast by default, packets are only broadcasted when v2-broadcast is set on the interface. 15.3.2.2.11 ip rip work Command: ip rip work no ip rip work Function: Configure the interface to run RIP or not; the “no ip rip work” command disables RIP packet sending/receiving on the interface. Default: After enabling RIP, RIP is enabled on the ports by default.
Default: Other routes are not introduced to RIP by default. If routes of the other routing protocols are introduced without metric value, the default metric value is used. Command mode: RIP configuration Mode Usage Guide: Use this command to introduce routes of the other routing protocols as RIP route to improve RIP performance. Example: Set on the route metric of OSPF route to 5, and static route metric to 8.
Function: Set the route priority of RIP; the “no rip preference” command restores the default setting. Parameter: < value> is the priority value, ranging from 0 to 255. Default: The default RIP priority is 120. Command mode: RIP configuration mode Usage Guide: Each routing protocol has its own priority, the value of which is decided by the specific routing policy. The priority determines the best route of what routing protocol will be the route in the core route table.
Command mode: RIP configuration mode Usage Guide: The system advertises RIP update packets every 30 seconds by default. If no update packet form a route is received after 180 seconds, this route is considered to be invalid. However, the route will be kept in the route table for another 120 seconds, and will be deleted after that.
and perform routing troubleshooting according to the output of this command. Example: Switch#sh ip protocols RIP information rip is turning on default metrict 16 neighbour is: NULL preference is 100 rip version information is: interface send version receive version vlan2 V2BC V12 vlan3 V2BC V12 vlan4 V2BC V12 Displayed information Explanation RIP is turning on The running routing protocol is RIP. default metric RIP protocol default metric value.
RIP information rip is turning on default metric 16 neighbour is preference is 100 Displayed information Explanation rip is turning on RIP routing is enabled default metric 16 The default metric for introduced route is 16. neighbour is The specified destination address. preference is 100 RIP routing priority is 100. 15.3.2.2.
2: 11.11.11.2 0.0.0.0 0.0.0.0 2 00: 04: 20: start at 260********************* received a rip packet from rip packet cmd : 2 15.3.2.2.23 159.226.42.1 version: 1 debug ip rip recv Command: debug ip rip recv no debug ip rip recv Function: Enable the RIP packet debug function for receiving: the “no debug ip rip recv” command disables the debug function. Default: Debug is disabled by default.
Function: Enable the RIP packet debug function for sending: the “no debug ip rip send” command disables the debug function. Default: Debug is disabled by default. Command mode: Admin Mode Example: Switch#debug ip rip send 00: 02: 50: start at 170********************* send packets to packet header: no. 1: 11.11.11.2 cmd: response, version: 1 dest dest_mask 159.226.0.0 0.0.0.0 gatedway metric 0.0.0.0 1 00: 02: 50: start at 170********************* send packets to 159.226.255.
The configuration for SwitchA, SwitchB and SwitchC is shown below: a) Configuration of layer3 switch SwitchA !Configuration of the IP address for interface vlan1 SwitchA#config SwitchA(Config)# interface vlan 1 SwitchA(Config-If-Vlan1)# ip address 10.1.1.1 255.255.255.0 SwitchA (Config-If-vlan1)#exit !Configuration of the IP address for interface vlan2 SwitchA(Config)# interface vlan 2 SwitchA(Config-If-vlan2)# ip address 20.1.1.1 255.255.255.
SwitchC(Config)# interface vlan 2 SwitchC(Config-If-vlan2)# ip address 20.1.1.2 255.255.255.0 SwitchC (c config-If-vlan2)#exit !Enable RIP SwitchC(Config)#router rip SwitchC(Config-router-rip)#exit !Enable vlan2 to send/receive RIP packets SwitchC(Config)#interface vlan 2 SwitchC (Config-If-vlan2)#ip rip work SwitchC (Config-If-vlan2)exit SwitchC(Config)#exit SwitchC# 15.3.4 RIP Troubleshooting Help 1. Monitor and Debug Commands 2. RIP Troubleshooting Help 15.3.4.
preference is : 100 Explanation to displayed information: Displayed information Explanation Automatic network summarization is not in Disable RIP auto aggregation effect default metric for redistribute is : 16 The default metric for introduced route is 16. neigbour is The specified destination address. preference is : 100 RIP routing priority is 100.
Displayed information Explanation Automatic network summarization is not in Disable RIP auto aggregation effect default metric for redistribute is : RIP protocol default metric value. neigbour is: The neighbor layer3 switch connecting to this RIP switch. Preference RIP routing priority.
algorithm to generate a route table based on that database. Autonomous system (AS) is a self-managed interconnected network. In large networks, such as the Internet, a giant interconnected network is broken down to autonomous systems. Big enterprise networks connecting to the Internet are independent AS, since the other host on the Internet are not managed by those AS and they don’t share interior routing information with the layer3 switches on the Internet.
autonomous system, they can be grouped as internal switches, edge switches, AS edge switches and backbone switches). OSPF supports load balance and multiple routes to the same destination of equal costs. OSPF supports 4 level routing mechanisms (process routing according to the order of route inside an area, route between areas, first category exterior route and second category exterior route).
to be configured as STUB areas to reduce the topology database size. Type4 LSA (ASBR summary LSA) and type5 LSA (AS exterior LSA) are not allowed to flood into/through STUB areas. STUB areas must use the default routes, the layer3 switches on STUB area edge advertise the default routes to STUB areas by summary LSA, those default routes flood inside STUB only and will not get out of STUB area.
(1) Configure OSPF packet sending mechanism parameters a. Configure OSPF packet verification b. Set the OSPF interface to receive only c. Configure the cost for sending packets from the interface d. Configure OSPF packet sending timer parameter (timer of broadcast interface sending HELLO packet to poll, timer of neighboring layer3 switch invalid timeout, timer of LSA transmission delay and timer of LSA retransmission. (2) Configure OSPF route introduction parameters a.
ip ospf enable area no ip ospf enable area Sets an area for the specified interface; the “no ip ospf enable area” command cancels the setting. (required) 2. Configure OSPF sub-parameters (1) Configure OSPF packet sending mechanism parameters a. Configure OSPF packet verification b. Set the OSPF interface to receive only c.
Sets the default tag value for introducing external routes; the “no default redistribute tag” command cancels the tag value setting. Sets the default cost for introducing external default redistribute cost routes; the “no default redistribute cost” no default redistribute cost command cancels the cost for introducing external routes. .
virtuallink neighborid transitarea
z z z router ospf stub cost virtuallink neighborid z show ip ospf z show ip ospfase z show ip ospf cumulative z show ip ospf database z show ip ospf interface z show ip ospf neighbor z show ip ospf routing z show ip ospf virtual-links z show ip protocols z debug ip ospf event z debug ip ospf lsa z debug ip ospf packet z debug ip ospf spf 15.4.2.2.
Default: The default interval in OSPF for introducing exterior routes is 1 second. Command Mode: OSPF protocol configuration mode Usage Guide: OSPF introduces exterior routing information regularly and advertise the information throughout the autonomous system. This command is used to modify the interval for introducing exterior routing information. Example: Set the interval in OSPF for introducing exterior routes to 3 second. Switch(Config-Router-Ospf)#default redistribute interval 3 15.4.2.2.
15.4.2.2.5 default redistribute type Command: default redistribute type { 1 | 2 } no default redistribute type Function: Set the default route type(s) for exterior routes introduction; the “no default redistribute type” command restores the default setting. Parameter: 1 and 2 stand for type1 and type2 exterior routes, respectively. Default: The system assumes to introduce Type2 exterior routes by default.
Function: Set the cost for running OSPF on the interface; the “no ip ospf cost” command restores the default setting. Parameter: < cost> is the OSPF cost, ranging from 1 to 65535. Default: The default cost for OSPF protocol is 1. Command mode: Interface Mode Example: Set the OSPF route cost of interface vlan1 to 3. Switch(Config-If-Vlan1)#ip ospf cost 3 15.4.2.2.
interface. Example: Specify interface vlan1 to area 1. Switch(Config-If-Vlan1)#ip ospf enable area 1 15.4.2.2.10 ip ospf hello-interval Command: ip ospf hello-interval
15.4.2.2.12 ip ospf priority Command: ip ospf priority no ip ospf priority Function: Set the priority of the interface in “designated layer3 switch” (DR) election; the “no ip ospf priority” command restores the default setting. Parameter: < priority> is the priority value, ranging from 0 to 255. Defaulted: The priority of the interface when electing designated layer3 switch is 1.
Command: ip ospf tranmsit-delay
for AS exterior routes introduced; the “no preference [ ase ]” command restores the default setting. Parameter: ase means the priority is used when introducing exterior routes outside the AS; is the priority value ranging from 1 to 255. Default: The default priority of OSPF protocol is 110; the default priority to introduce exterior route is 150.
Command: router id no router id Function: Configure the ID number for the layer3 switch running OSPF; the “no router id” command cancels the ID number. Parameter: is the ID number for the layer3 switch in dotted decimal format. Default: No layer3 switch ID number is configured by default, an address from the IP addresses of all the interfaces is selected to be the layer3 switch ID number.
Command Mode: OSPF protocol configuration mode Usage Guide: An area can be configured to a STUB area if the area has only one egress point (connect to one layer3 switch only), or need not select egress point for each exterior destination. Type4 LSA (ASBR summary LSA) and type5 LSA (AS exterior LSA) are not allowed to flood into/through STUB areas, this saves the resource for processing exterior routing information for layer3 switches inside the area.
Command mode: Admin Mode Example: Switch#show ip ospf my router ID is 11.11.4.1 preference=10 ase perference=150 export metric=1 export tag=-2147483648 area ID 0 interface count: 1 80times spf has been run for this area net range: LSRefreshTime is1800 area ID 1 interface count: 1 41times spf has been run for this area net range: netid11.11.3.255 netaddress11.11.0.0 netmask255.255.252.0 LSRefreshTime is1800 Displayed information Explanation my router ID The ID of the current layer3 switch.
Displayed information Explanation Destination Target network segment or address AdvRouter Route election NextHop Next hop address Age Aging time. SeqNumber Sequence number. Type Exterior routes type for introduction. Cost Cost for introducing exterior routes 15.4.2.2.24 show ip ospf cumulative Command: show ip ospf cumulative Function: Display OSPF statistics. Default: Not displayed.
LS_RTR 3 LS_NET 3 AS internal route 4 LS_SUM_NET 1 LS_SUM_ASB 0 LS_ASE 3 AS external route 0 Displayed information Explanation IO cumulative Statistics for OSPF packets in/out. type Packet type: including HELLO packet, DD packet, LS request, update and acknowledging packet, etc. In Packet in statistics. Out Packet out statistics. Areaid OSPF statistics from a specific OSPF area. 15.4.2.2.
11.11.4.2 11.11.4.2 1 2147483662 1 35126 Cost Checksum Summary Network LSAs LS ID ADV rtr Age Sequence (Net's IP) 11.11.1.0 11.11.4.1 0 2147483656 1 6777215 11.11.2.255 11.11.4.1 0 2147483649 1 6777215 11.11.3.255 11.11.4.1 0 2147483680 1 6777215 ASBR Summary LSAs LS ID ADV rtr Age Sequence Cost Checksum (ASBR's Rtr ID) Area 2>>>>>>>> Area ID: 1 Router LSAs LS ID ADV rtr Age Sequence Cost Checksum 1 6777215 (Router ID) 11.11.2.1 11.11.2.1 1 2147483698 14.14.
LS ID Route type ADV rtr Age Sequence Cost Checksu Forw addr RouteTag (Ext Net's IP) Displayed information Explanation OSPF router ID The ID of the layer3 switch. Area 1>>>>>>>> Area ID: 0 Represent the LSA database information from area 1 to area 0. Router LSAs Route LSA Network LSAs Network LSA Summary Network LSAs Summary network LSA ASBR Summary LSAs Autonomous system exterior LSA 15.4.2.2.
Type layer3 switch type, such as designated layer3 switch. Priority Configure the priority in electing designated layer3 switch. Transit Delay The delay value for interface to transfer LAS. DR The designated layer3 switch. BDR Backup designated layer3 switch. Authentication key OSPF packet authentication key. Timer: OSPF protocol timer: including time set for Hello、Poll、Dead、Retrans HELLO packet, poll interval packet, route invalid, route retransmission, etc.
interface ip 51.1.1.1 area id 0 interface ip 52.1.1.1 area id 0 interface ip 100.1.1.1 area id 0 interface ip 110.1.1.1 area id 0 interface ip 150.1.1.1 area id 0 router id 12.2.0.0 state NFULL router ip addr 150.1.1.2 priority 0 DR 150.1.1.1 BDR 0.0.0.0 last hello 59011 last exch 49607 Displayed information Explanation interface ip The IP address of an interface in the current layer3 switch. area id The id of the area for the interface router id The ID of the neighbor layer3 switch.
AS external routes: Destination Cost Dest Type Next Hop ADV rtr Displayed information Explanation AS internal routes Autonomous system interior route. AS external routes Autonomous system exterior route. Destination Destination network segment Area Area number. Cost Cost value. Dest Type Route Type Next Hop Next hop ADV rtr Advertise the interface address of the layer3 switch. 15.4.2.2.
interface count: 2 7times spf has been run for this area net range: LSRefreshTime is1800 RIP information rip is shutting down Displayed information Explanation OSPF is running The running routing protocol is OSPF protocol. My router ID The ID number of the layer3 switch running. Preference OSPF routing priority. Ase perference Autonomous system exterior routes priority Export metric Metrics for exporting OSPF routes. Export tag Tag value for exporting OSPF routes.
Default: Debug is disabled by default. Command mode: Admin Mode 15.4.2.2.33 debug ip ospf packet Command: debug ip ospf packet no debug ip ospf packet Function: Enable the OSPF packet debug function; the “no debug ip ospf packet” command disables this debug function. Default: Debug is disabled by default. Command mode: Admin Mode Example: Switch#debug ip ospf packet packet length: 44 02: 40: 54: receive ACK from 11.11.1.3 02: 40: 56: receive a packet from 11.11.1.
15.4.3 Typical OSPF Scenario Scenario 1: OSPF autonomous system. This scenario takes an OSPF autonomous system consists of five ES4626/ES4650 layer3 switches for example, where layer3 switch Switch1 and Switch5 make up OSPF area 0, layer3 switch Switch2 and Switch3 form OSPF area 1 (assume vlan1 interface of layer3 switch Switch1 belongs to area 0), layer3 switch Switch4 forms OSPF area2 (assume vlan2 interface of layer3 Switch5 belongs to area 0).
Switch1(Config)#interface vlan2 Switch1 (Config-if-vlan2)#ip ospf enable area 0 Switch1 (Config-if-vlan2)#exit Switch1(Config)#exit Switch1# Layer3 switch Switch2: !Configure the IP address for interface vlan1 and vlan2. Switch2#config Switch2(Config)# interface vlan 1 Switch2(Config-if-vlan1)# ip address 10.1.1.2 255.255.255.0 Switch2(Config-if-vlan1)#no shut-down Switch2(Config-if-vlan1)#exit Switch2(Config)# interface vlan 3 Switch2(Config-if-vlan3)# ip address 20.1.1.1 255.255.255.
Switch3(Config-if-vlan3)#exit Switch3(Config)#exit Switch3# Layer3 switch Switch4: !Configuration of the IP address for interface vlan3 Switch4#config Switch4(Config)# interface vlan 3 Switch4(Config-if-vlan3)# ip address30.1.1.2 255.255.255.0 Switch4(Config-if-vlan3)#no shut-down Switch4(Config-if-vlan3)#exit !Enable OSPF protocol, configure the OSPF area interfaces vlan3 resides in.
Switch5(Config-if-vlan3)#exit Switch5(Config)#exit Switch5# Scenario 2: Typical OSPF protocol complex topology. N1 N11 SWI TCH1 N12 N13 N3 N2 SWI TCH2 SWI TCH4 SWI TCH5 SWI TCH3 SWI TCH6 N4 Domai n 1 Domai n 0 N10 N14 SWI TCH9 N8 SWI TCH11 N9 N7 SWI TCH10 SWI TCH12 N15 SWI TCH7 N5 SWI TCH8 Domai n 3 Domai n 2 N6 Fig 15-4 Typical complex OSPF autonomous system. The figure is a typical complex OSPF autonomous system network topology.
floods in area 1, those LSA are included in the area 1 database to get the routes to network N11 and N15. In addition, layer3 switch Switch3 and Switch4 must summary the topology of area 1 to the backbone area (area 0, all non-0 areas must be connected via area 0, direct connections are not allowed), and advertise the networks in area 1 (N1-N4) and the costs from Switch3 and Switch4 to those networks.
Switch1(Config-If-Vlan2)exit !Configuration of the IP address and area number for interface vlan1 Switch1(Config)# interface vlan 1 Switch1(Config-If-Vlan1)#ip address 20.1.1.1 255.255.255.0 Switch1(Config-If-Vlan1)#ip ospf enable area 1 Switch1(Config-If-Vlan1)#exit 2)Switch2: !Configuration of the IP address for interface vlan2 Switch2#config Switch2(Config)# interface vlan 2 Switch2(Config-If-Vlan2)# ip address 10.1.1.2 255.255.255.
Switch3(Config-If-Vlan2)#exit !Configuration of the IP address and area number for interface vlan3 Switch3(Config)# interface vlan 3 Switch3(Config-If-Vlan3)#ip address 20.1.3.1 255.255.255.0 Switch3(Config-If-Vlan3)#ip ospf enable area 1 Switch3(Config-If-Vlan3)#exit !Configuration of the IP address and area number for interface vlan1 Switch3(Config)# interface vlan 1 Switch3(Config-If-Vlan1)#ip address 10.1.5.1 255.255.255.0 Switch3(Config-If-Vlan1)#ip ospf enable area 0 !Configure MD5 key authentication.
15.4.4 OSPF Troubleshooting Help 1. Monitor and Debugging Commands 2. OSPF Troubleshooting Help 15.4.4.1 Monitor and Debugging Commands Command Explanation Admin Mode Show interface status Displays interface information to verify the interface and datalink layer protocols are up. Show ip ospf Displays the current running status and configuration information for OSPF.
(1)show ip ospf Example: Switch#show ip ospf my router ID is 11.11.4.1 preference=10 ase perference=150 export metric=1 export tag=-2147483648 area ID 0 interface count: 1 80times spf has been run for this area net range: LSRefreshTime is1800 area ID 1 interface count: 1 41times spf has been run for this area net range: netid11.11.3.255 netaddress11.11.0.0 netmask255.255.252.0 LSRefreshTime is1800 Displayed information Explanation my router ID The ID of the current layer3 switch.
A 5.1.1.0 255.255.255.0 12.1.1.2 Vlan12 150 A 5.1.2.0 255.255.255.0 12.1.1.2 Vlan12 150 A 5.1.3.0 255.255.255.0 12.1.1.2 Vlan12 150 A 5.1.4.0 255.255.255.0 12.1.1.2 Vlan12 150 A 5.1.5.0 255.255.255.0 12.1.1.2 Vlan12 150 A 5.1.6.0 255.255.255.0 12.1.1.2 Vlan12 150 A 5.1.7.0 255.255.255.0 12.1.1.2 Vlan12 150 A 5.1.8.0 255.255.255.0 12.1.1.2 Vlan12 150 A 5.1.9.0 255.255.255.0 12.1.1.2 Vlan12 150 A 5.1.10.0 255.255.255.0 12.1.1.2 Vlan12 150 A 5.1.11.0 255.255.
Switch#show ip ospf cumulative IO cumulative type in out HELLO 1048 253 DD 338 337 LS Req 62 LS Update 753 LS Ack 495 ASE count 0 219 295 308 checksum original LSA 340 0 LS_RTR 179 LS_NET 1 LS_SUM_NET 160 LS_SUM_ASB 0 LS_ASE 0 received LSA 325 Areaid 0 nbr count 1 spf times interface count 1 120 DB entry count 6 LS_RTR 2 LS_NET 2 LS_SUM_NET 3 LS_SUM_ASB 0 LS_ASE 3 LS_SUM_ASB 0 LS_ASE 3 Areaid 1 nbr count 2 spf times interface count 1 52 DB entry count 6 LS_RTR 3 LS_NET
(Router ID) 11.11.4.1 11.11.4.1 0 2147483808 0 42401 11.11.4.2 11.11.4.2 18 2147483863 1 6777215 Router LSA 11.11.4.1 11.11.4.1 0 2147483808 0 42401 11.11.4.2 11.11.4.2 18 2147483863 1 6777215 Network LSAs LS ID ADV rtr Age Sequence Cost Checksum 1 35126 Cost Checksum (DR's IP) 11.11.4.2 11.11.4.2 1 2147483662 Summary Network LSAs LS ID ADV rtr Age Sequence (Net's IP) 11.11.1.0 11.11.4.1 0 2147483656 1 6777215 11.11.2.255 11.11.4.
(DR's IP) 11.11.1.1 11.11.4.1 0 2147483649 1 6777215 11.11.1.3 14.14.14.1 15 2147483705 1 53384 Summary Network LSAs LS ID ADV rtr Age Sequence Cost Checksum 1 6777215 Cost Checksum (Net's IP) 11.11.4.255 11.11.4.1 0 2147483677 ASBR Summary LSAs LS ID ADV rtr Age Sequence (ASBR's Rtr ID) AS External LSAs LS ID Route type ADV rtr Age Sequence Cost Checksu Forw addr RouteTag (Ext Net's IP) Displayed information Explanation OSPF router ID The ID of the layer3 switch.
Area The area of the interface Net type Network type, such as broadcast, p2mp, etc. cost Cost value. State Status Type Layer3 switch type, such as designated layer3 switch. Priority Configure the priority in electing designated layer3 switch. Transit Delay The delay value for interface to transfer LAS. DR The designated layer3 switch. BDR Backup designated layer3 switch. Authentication key OSPF packet authentication key.
state NFULL priority 0 DR 150.1.1.1 BDR 0.0.0.0 last hello 66289 last exch 49607 Displayed information Explanation interface ip The IP address of an interface in the current layer3 switch. area id The id of the area for the interface router id The ID of the neighbor layer3 switch. router ip addr The IP address of the interface in the neighbor layer3 switch. state Link-state status priority Priority. DR ID of the designated layer3 switch. BDR ID of the backup designated layer3 switch.
For example, displayed information can be: Switch#show ip ospf virtual-links no virtual-link (10)show ip protocols “show ip protocols” command can be used to display the information of the routing protocols running in the switch. For example, displayed information can be: Switch#sh ip protocols OSPF is running. my router ID is 100.1.1.
All interface and link protocols are in the UP state (use “show interface status” command). Then IP addresses of different network segment should be configured in all interfaces. Enable OSPF(use “router rip” command) first, then configure OSPF areas for appropriate interfaces to reside in.
15.5.2 RIP Click RIP configuration.
the equivalent CLI command at 15.3.2.2.11 The explanation of each field is as below: Port – Port name Enable port to receive/transmit RIP packet – set; cancel For example: Disable to receive/transmit RIP packet on vlan2. Select vlan1; select vlan1; select cancel, and then click Apply. 15.5.2.3 Configuring import routes generated by other routing protocols to RIP Import routes generated by other routing protocols to RIP Click Enable imported route. See the equivalent CLI command at 15.3.2.2.
15.5.2.5 RIP port configuration Click RIP port imported route. The configuration page is shown. The explanation of each field is as below: Port – Specify the port Receiving RIP version – Configure receiving RIP version on the port: version 1, version 2 and version 1 and 2. See the equivalent CLI command at 15.3.2.2.9 Sending RIP version – Configure sending RIP version on the port: version 1, version2(BC) and version2(MC). See the equivalent CLI command at 15.3.2.2.
15.5.2.6 Global RIP mode configuration Click RIP mode configuration. The configuration page is shown. The explanation of each field is as below: Set receiving/sending RIP version for all ports – Configure receiving/sending RIP version for all ports: version1, version2 and Cancel (default version). See the equivalent CLI command at 15.3.2.2.19 Auto-summary – Configure auto-summary: apply and cancel: See the equivalent CLI command at 15.3.2.2.1 Rip priority(0-255) – Specify rip priority.
15.5.2.7 RIP timer configuration Click RIP timer configuration. The configuration page is shown. See the equivalent CLI command at 15.3.2.2.18 The explanation of each field is as below: Update timer – Update packet timer Invalid timer – RIP route invalid timer Holddown timer – Time length of a route which can stay in the route table after it is invalid. For example: Set each field and then click Apply. 15.5.3 OSPF Click OSPF configuration.
15.5.3.1.1 Enable/disable OSPF Click OSPF enable. The configuration page is shown. See the equivalent CLI command at 15.4.2.2.19 The explanation of each field is as below: OSPF enable - OSPF enable; OSPF disable Reset – Clear the selection For example: Enable OSPF protocol. Select OSPF enable, and then click Apply. 15.5.3.1.2 OSFP Router-ID configuration Click Router-ID configuration. The configuration page is shown. See the equivalent CLI command at 15.4.2.2.
15.5.3.1.4 Configure OSPF area for port Click OSPF area configuration for port. The configuration page is shown. See the equivalent CLI command at 15.4.2.2.9 The explanation of each field is as below: Vlan port – Vlan port list Area ID – Area ID Reset – Reset Default – Restore the default value For example: Set the port Vlan1 to belong to area 1; Set Vlan port to Vlan1; set Area ID to 1, and then click Apply. 15.5.3.2 OSPF transmitting parameters configuration Click OSPF Tx-parameter configuration.
Reset - Reset For example: Set OSFP port Vlan1 to use MD5 authentication with the password of 123abc and with KeyID of 1. Select Vlan Port to Vlan1; set Authentication mode to MD5; set Authentication key to 123abc; set KeyID to 1, and then click Apply. 15.5.3.2.2 OSPF passive interface configuration Click Passive interface configuration. The configuration page is shown. See the equivalent CLI command at 15.4.2.2.
equivalent CLI command at 18.4.2.2.8 Sending link-state packet delay – Configure sending link-state packet delay on the port. See the equivalent CLI command at 18.4.2.2.14 Sending link-state packet retransmit interval – Specify sending link-state packet retransmit interval to neighbor router. See the equivalent CLI command at 15.4.2.2.13 Reset - Reset Default - Restore the default value. 15.5.3.3 OSPF Imported route parameter configuration Click OSPF Imported route parameter configuration.
15.5.3.3.2 Import external routing information configuration Click Import external routing information. The configuration page is shown. See the equivalent CLI command at 15.4.2.2.17. The explanation of each field is as below: Imported type – Configure imported route type: Static, RIP, connected,BGP Type – Specify - Set default imported route type. 1 and 2 stand for Type 1 external route and Type 2 external route. Tag – Configure route tag Metric value – Set route metric value 15.5.3.
OSPF priority relative to other routing protocols. Priority – set priority value 15.5.3.4.2 OSPF STUB area and default route cost configuration Click OSPF STUB area and default route cost. The configuration page is shown. See the equivalent CLI command at 15.4.2.2.20 The explanation of each field is as below: Cost – Stub area default cost areaID – Stub area ID 15.5.3.4.3 OSPF virtual link configuration Click OSPF virtual link configuration. The configuration page is shown.
15.5.3.4.4 Port DR priority configuration Click Port DR priority configuration. The configuration page is shown. See the equivalent CLI command at 15.4.2.2.12 The explanation of each field is as below: Vlan Port – Specify Vlan port Priority – Specify priority 15.5.3.5 OSPF debug Click OSPF debug. The configuration page is shown: show ip ospf – Show OSPF information. See the equivalent CLI command at 15.4.2.2.22 show ip ospf ase – Show external AS OSPF information. See the equivalent CLI command at 15.4.
Chapter 16 Multicast Protocol Configuration 16.1 Multicast Protocol Overview 16.1.1 Introduction to Multicast When sending information (including data, voice and video) to a small number of users in the network, there are several ways of transmission, for instance, the unicast method that establish a separate data transmission channel for each user or the broadcast method sending information to all users in the network regardless of whether they need the information or not.
16.1.2 Multicast Address The multicast packets uses Class D IP address as their destination addresses, ranging from 224.0.0.0 to 239.255.255.255. Class D addresses cannot be used in the source IP address field of an IP packet. In unicast, the path a packet travels is from the source address to the destination address, and the packet is transfer in the network hop-by-hop. However, in IP multicast, the destination address of a packet is a group (group address) instead of one single address.
224.0.0.17 All SBMS 224.0.0.18 VRRP When transferring unicast IP packets on Ethernet, the destination MAC address is the MAC of the receiver. However, in transferring multicast packets, as the destination is no longer one specific recipient but a group with unknown members, the destination address used Is the multicast MAC address. Multicast MAC address is corresponding 5to the multicast IP address.
network, and can significantly save the network bandwidth and reduce network traffic. The multicast feature can be conveniently used to provide some new value-added services, including online live broadcast, network TV, remote education, remote medical service, network radio, realtime video/audio meeting that can be summarized in the following three fields: 1) Multimedia and stream application. 2) Data warehouse and financial (like stocks) application.
239.255.0.1 7.1.1.100 Vlan4 0 2005: 1 239.255.0.1 1.1.1.100 Vlan1 0 2006: 1 2007: 1 Switch # Displayed information Explanation Name The interface list used by the multicast protocol and basic information for the interfaces.
upstream nodes to inform the upstream node that no more forwarding for that multicast group is necessary. The upstream nodes will delete the corresponding interface, multicast forwarding entry(S,G), from the outgoing interface list. Hence a shortest path tree (SPT) rooted by source S is established. The prune process is initiated by leaf routers first. The above procedures are referred to as the Flooding-Prune process.
PIM-DM in the appropriate interfaces. Command Explanation Interface Mode ip pim dense-mode no ip pim dense-mode Enable PIM-DM protocol; the “no ip pim dense-mode” command disables PIM-DM protocol (required) 2. Configure PIM-DM sub-parameters Configure PIM-DM interface parameters a.
command disables PIM-DM protocol on the interface. Parameter: N/A. Default: PIM-DM protocol is disabled by default. Command mode: Interface Mode Usage Guide: Example: Enable PIM-DM protocol on interface vlan1. Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip pim dense-mode 16.3.2.
SWITCHB SWITCHA Et her net 1/ 1 vl an2 Et her net 1/ 2 vl an1 Et her net 1/ 1 vl an1 Et her net 1/ 2 vl an2 Fig 16-1 Typical PIM-DM environment The followings are the configurations of SwitchA and SwitchB.
show ip pim interface Display PIM-DM interface information Enable the debug function for displaying detailed PIM information; the “no” format of debug ip pim this command disables this debug function. 16.3.4.1.1 show ip pim mroute dm Command: show ip pim mroute dm Function: Display the PIM-DM packet forwarding entry Parameter: N/A. Default: No display by default.
Displayed information Explanation (5.1.1.100, 225.0.0.1) Forwarding entry. Incoming interface Incoming interface or RPF interface. Outgoing interface list Outgoing interface list. Prune interface list Downstream prune interface list. 16.3.4.1.2 show ip pim neighbor Command: show ip pim neighbor [] Function: Display information for neighbors of the PIM interface. Parameter: is the interface name, i.e. display PIM neighbor information of the specified interface.
Function: Display information for the PIM interface. Parameter: is the interface name, i.e. display PIM information of the specified interface. Default: PIM information is displayed by default on all interfaces. Command mode: Admin Mode Example: Display PIM information of interface vlan 1. Switch#sh ip pim interface vlan 1 Interface Vlan1 : 2.1.1.2 owner is pimdm, Vif is 1, Hello Interval is 30 Neighbor-Address Interface 2.1.1.
16.3.4.2 PIM-DM Troubleshooting Help In configuring and using PIM-DM protocol, the PIM-DM protocol may fail to run properly due to reasons such as physical connection failure or wrong configurations. The user should ensure the following: Good condition of the physical connection. All interface and link protocols are in the UP state (use “show interfaces status” command). Next, enable PIM-DM protocol on the interface (use the “ip pim dense-mode” command).
sends a join message to the upstream node in the RP direction. Each routers between the leaf router and the RP will created a (*, G) entry in their forwarding table, indicating packets sent by any source to multicast group G applies to this entry. When RP receives a packet sending to multicast group G, the packet will move along the established route to reach the leaf router and the host. This completes a RP-rooted RPT. (2) Multicast source registration.
(1) Configure PIM-SM interface parameters 1) Configure PIM-SM HELLO packet interval 2) Configure a interface as the PIM-SM area border (2) Configure PIM-SM global parameters 1) Configure a switch as the candidate BSR. 2) Configure a switch as the candidate RP. 3. Disable PIM-SM protocol 1. Enable PIM-SM protocol Basic configuration of PIM-SM routing protocol on Route switch is quite simple: just enable PIM-SM in the appropriate interfaces.
This command is a global candidate BSR configuration command. It is used to configure ip pim bsr-candidate information for PIM-SM candidate BSR and to [hashlength] [Priority] comtend for the BSR router with the other no ip pim bsr-candidate candidate BSRs; the “no ip pim bsr-candidate” command cancels the BSR configuration. 2) Configure a switch as the candidate RP.
16.4.2.2.1 ip pim sparse-mode Command: ip pim sparse-mode no ip pim sparse-mode Function: Enable PIM-SM protocol on the interface; the “no ip pim sparse-mode” command disables PIM-SM protocol on the interface. Parameter: N/A. Default: PIM-SM protocol is disabled by default. Command mode: Interface Mode Example: Enable PIM-SM protocol on interface vlan1. Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip pim sparse-mode 16.4.2.2.
Parameter: is the interval for sending PIM HELLO packets, ranging from 1 to 18724s. Parameter: The default interval for sending PIM HELLO is 30s. Command mode: Interface Mode Usage Guide: The HELLO message enables PIM-DM switches to locate each other and establish the neighborhood. PIM-DM switches claim their existence by sending HELLO message to their neighbors. If no HELLO message from a neighbor is received in a specified period, that neighbor is considered to be lost.
router with the other candidate RPs; the “no ip pim rp-candidate []” command cancels the RP configuration. Parameter: is the name of specified interface; access-list is the number of group range list can be used as the RP in the switch, ranging from 1 to 99, if this parameter is omitted, the router can work as the RP for all multicast groups; interval is the interval for the local candidate RP to send C-RP packets, ranging from 1 to 16383 seconds.
The followings are the configurations of SWITCHA, SWITCHB, SWITCHC, and SWITCHD.
Switch(Config-If-Vlan3)# ip pim sparse-mode 16.4.4 PIM-SM Troubleshooting Help 16.4.4.1 Monitor and Debug Commands 16.4.4.1.1 show ip pim bsr-router Command: show ip pim bsr-router Function: Display pim bsr-router information. Parameter: N/A. Default: No display by default. Command mode: Admin Mode Example: Display pim bsr-router information. Switch #show ip pim bsr-router Switch # PIMv2 Bootstrap information BSR address: 192.4.1.3 Priority: 192, Hash mask length: 30 Expires : 00: 02: 13.
Function: Display PIM information of interface vlan 2. Switch #show ip pim interface vlan2 Switch # Interface Vlan2 : 192.3.1.2 owner is pimsm, Vif is 1, Hello Interval is 30, pim sm jp interval is (60) Neighbor-Address Interface 192.3.1.3 Switch # Vlan2 Uptime Expires 00: 12: 18 00: 01: 38 Displayed information Explanation Interface (the former) Interface name and interface IP. owner Multicast routing protocol of the interface. Vif Corresponding virtual interface index to the interface.
Incoming interface : Vlan1, RPF Nbr 0.0.0.0, pref 0, metric 0 Outgoing interface list: (Vlan2), protos: 0x2, UpTime: 00: 10: 18, Exp: 00: 03: 18 Switch # Displayed information Explanation (192.1.1.1, 225.0.0.1) Forwarding entry. Incoming interface Incoming interface, or RPF interface. Outgoing interface list Outgoing interface list. 16.4.4.1.4 show ip pim neighbor Command: show ip pim neighbor [] Function: Display information for neighbors of the PIM interface.
16.4.4.1.5 show ip pim rp Command: show ip pim rp [mapping | group-address] Function: Display PIM RP related information Parameter: mapping displays the group address and RP association. group-address is the group address. Default: No display by default. Command mode: Admin Mode Function: Display the RP information for PIM area 226.1.1.1. Switch #show ip pim rp 226.1.1.1 RP Address for this group is: 192.2.1.1 Displayed information Explanation RP Address RP address of the group. 16.4.4.1.
16.4.4.1.7 debug ip pim bsr Command: debug ip pim bsr Function: Enable the PIM candidate RP/BSR informaiton debug function; the “no” format of the command disables this debug function. Parameter: N/A. Default: Disabled. Command mode: Admin Mode Usage Guide: If detailed information about PIM candidate RP/BSR packets, etc. is required, this debug command can be used. Example: Switch # debug ip pim bsr PIM BSR debug is on 00: 16: 23: PIM: Received v2 BSR on Vlan4 from 192.4.1.
16.5 DVMRP 16.5.1 Introduction to DVMRP Distance Vector Multicast Routing Protocol (DVMRP) is a dense mode multicast routing protocol. It employs a RIP like route exchange mechanism to establish a forwarding broadcast tree for each source, then a truncated broadcast tree (short path tree to the source) will be created by dynamic pruning/grafting. Reverse path forwarding (RPF) is used to decide whether multicast packet should be forwarded to the downstream nodes.
way like the RIP. That is to say, route advertisements are sent between DVMRP neighbors periodically (every 60 seconds by default). The routing information in the DVMRP route selection table is used to establish the source distribution tree, which can be used to determine which neighbor can reach the source sending multicast information. Interfaces leading to this neighbor are referred to as the upstream interface. Routing report packet contains source network and the hops for assessing route metrics.
Enable DVMRP; the “no ip dvmrp enable” [no] ip dvmrp command disables DVMRP (required) 2. Configure connectivity with CISCO routers/switches CISCO does not really implemented DVMRP, but provides connectivity with DVMRP. As CISCO routers/switches send report packet but not probe packets, neighbor timeout issue should be addressed in establish connectivity with CISCO routers/switches. The following command makes a DSRS-5950 switch to decide the timeout of a neighbor by report packet intervals.
ip dvmrp report-interval Set the interval for sending DVMRP report messages; the “no ip dvmrp report interval” no ip dvmrp report-interval command restores the default setting. d. Configuring DVMRP route timeout time Command Explanation Global Mode ip dvmrp route-timeout Set timeout interval for DVMRP routes; the “no ip dvmrp route-timeout” command no ip dvmrp route-timeout restores the default setting. 4.
16.5.2.2.1 ip dvmrp cisco-compatible Command: ip dvmrp cisco-compatible no ip dvmrp cisco-compatible Function: Enable connectivity with CISCO neighbor A, B, C, D; the “no ip dvmrp cisco-compatible” command disables connectivity with CISCO neighbors. Parameter: are the Neighboring IP addresses Default: The connectivity with CISCO neighbors is disabled by default.
graft-interval” command restores the default setting. Parameter: is the interval for sending DVMRP graft packets, ranging from 5 to 3600s. Parameter: The default interval for sending DVMRP graft messages is 5s.
Command mode: Interface Mode Usage Guide: When neighborhood established in DVMRP, a neighbor is considered nonsexist if no probe message from that neighbor is received in the neighbor timeout interval, and the neighborhood is terminated. Neighbor timeout interval must be greater than the interval for sending probe messages. Example: Configure the DVMRP neighbor timeout interval for the interface to 30s. Switch (Config)#interface vlan 1 Switch(Config-If-vlan1)#ip dvmrp nbr-timeout 30 16.5.2.2.
updating report message for a route from the neighbor of the route is received in the specified interval, then the route is considered to be invalid. This interval configured must be no greater than the timeout interval for the route. Example: Set the interval for sending DVMRP route report messages to 100s. Switch (Config)#ip dvmrp report-interval 100 16.5.2.2.
multicast-enabled switch. DVMRP treats tunneling interface the same way as common physical interfaces. Example: Configure a DVMRP tunnel on Ethernet interface vlan1 to the remote neighbor 1.1.1.1. Switch(Config-If-Vlan1)#ip dvmrp tunnel 1.1.1.1 metric 10 16.5.3 Typical DVMRP Scenario As shown in the figure below, the Ethernet interfaces of SwitchA and SwitchB are added to the appropriate vlan, and DVMRP protocol is enabled on each vlan interface.
16.5.4.1 Monitor and Debug Commands 16.5.4.1.1 show ip dvmrp mroute Command: show ip dvmrp mroute Function: Display the DVMRP packet forwarding entries.. Parameter: N/A. Default: Not displayed. Command mode: Admin Mode Usage Guide: This command is used to display DVMRP multicast forwarding entries, or the forwarding entries in the system FIB table for forwarding multicast packets.
Function: Display information for DVMRP neighbors. Parameter: is the interface name, i.e. display neighbor information of the specified interface. Default: Not displayed. Command mode: Admin Mode Example: Display neighbor information of Ethernet interface vlan1. Switch #show ip dvmrp neighbor vlan1 Switch # Neighbor-Address Interface Uptime 192.168.1.
mask. Nexthop Next hop address Interface The interface on which the route is discovered. Gateway Gateway address Metric Route metric value state Route state (active, hold, etc) 16.5.4.1.4 show ip dvmrp tunnel Command: show ip dvmrp tunnel [] Function: Display information for a DVMRP tunnel. Parameter: is the interface name, i.e. display the tunnel information of the specified interface. Default: Not displayed.
Command mode: Admin Mode Usage Guide: If detailed information about DVMRP packets (except prune and graft) is required, this debug command can be used. Example: Switch#debug ip dvmrp detail DVMRP detail debug is on Switch#01: 18: 09: 35: DVMRP: Received probe on vlan1 from 192.168.1.22 01: 18: 09: 35: DVMRP: probe Vers: majorv 3, minorv 255 01: 18: 09: 35: DVMRP: probe flags: PG 01: 18: 09: 35: DVMRP: probe genid: 0x48 01: 18: 09: 35: DVMRP: probe nbrs: 192.168.1.
02: 22: 20: 40: DVMRP: Graft source 192.168.1.105, group 224.1.1.1 02: 22: 20: 40: DVMRP: Send graft-ACK on vlan1 to 105.1.1.2, len 16 02: 22: 20: 40: DVMRP: Graft-Ack Vers: majorv 3, minorv 255 02: 22: 20: 40: DVMRP: Graft-ACK source 192.168.1.105, group 224.1.1.1 16.5.4.2 DVMRP Troubleshooting Help In configuring and using DVMRP protocol, the DVMRP protocol may fail to run properly due to reasons such as physical connection failure or wrong configurations.
by the multicast switches, i.e., respond with membership report packets. The switches send membership query packets in regular interval, and decide whether hosts of their subnet join some group or not; on receiving quit group reports from the hosts, they send query of associated group (IGMP v2) to determine whether there are members in a certain group. There are so far three versions of IGMP: IGMP v1 (define in RFC1112), IGMP v2 (defined in RFC2236) and IGMP v3.
(2) Configure IGMP query parameters. a. Configure transmission interval of query packets in IGMP b. Configure maximum response time for IGMP queries c. Configure timeout setting for IGMP queries (3) Configure IGMP version 2、 Disable IGMP 1. Enable IGMP There is no special command for enabling IGMP in layer3 switches, the IGMP automatically enables when any multicast protocol is enabled on the respective interface. Command Explanation Interface Mode ip dvmrp | ip pim dense-mode | ip pim sparse-mode 2.
Interface Mode ip igmp query-interval no ip igmp query-interval Set the interval for sending IGMP query messages; the “no ip IGMP query interval” command restores the default setting. ip igmp query-max-response-time Set the maximum time for a interface to response to a IGMP query; the “no ip igmp no ip igmp igmrp command restores the default setting.
16.6.2.2.1 ip igmp access-group Command: ip igmp access-group {} no ip igmp access-group Function: Set the filter criteria for IGMP group on the interface; the “no ip igmp access-group” command cancels the filter criteria. Parameter: {} is the sequence number of name of the access list, where the range of acl_num is 1 to 99.
Command: ip igmp query-interval no ip igmp query-interval Function: Set the interval for sending IGMP query messages; the “no ip IGMP query interval” command restores the default setting. Parameter: is the interval for sending IGMP query packets, ranging from 1 to 65535s. Default: The default interval for sending IGMP query messages is 125s.
300s. Default: The default value is 265 seconds. Command mode: Interface Mode Usage Guide: In a shared network with several routers running IGMP, one switch will be selected as the querier for that shared network, the other switches act as timers monitoring the status of the querier; if no query packet from the querier is received after the query timeout time, a new switch will be elected to be the new querier.
Command mode: Interface Mode Usage Guide: This command is used to provide forward compatibility between different versions. It should be noted that v1 and v2 are not interconnectable, and the same version of IGMP must be ensured for the same network. Example: Configure the IGMP running on the interface to version 1. Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip igmp version 1 16.6.
1. Monitor and debug commands 2.IGMP Troubleshooting Help 16.6.4.1 Monitor and Debug Commands 16.6.4.1.1 show ip igmp groups Command: show ip igmp groups [{}] Function: Display IGMP group information. Parameter: is the interface name, i.e. display group information of the specified interface; is the group address, i.e., view group information. Default: Not displayed.
Switch # show ip igmp interface vlan1 Vlan1 is up, line protocol is up Internet address is 192.168.1.11, subnet mask is 255.255.255.0 IGMP is enabled, I am querier IGMP current version is V2 IGMP query interval is 125s IGMP querier timeout is 265s IGMP max query response time is 10s Inboud IGMP access group is not set Multicast routing is enable on interface Multicast TTL threshold is 1 Multicast designed router (DR) is 192.168.1.22 Muticast groups joined by this system: 0 16.6.4.1.
used. Example: Switch# debug ip igmp packet igmp packet debug is on Switch #02: 17: 38: 58: IGMP: Send membership query on dvmrp2 for 0.0.0.0 02: 17: 38: 58: IGMP: Received membership query on dvmrp2 from 192.168.1.11 for 0.0.0.0 02: 17: 39: 26: IGMP: Send membership query on vlan1 for 0.0.0.0 02: 17: 39: 26: IGMP: Received membership query on dvmrp2 from 192.168.1.11 for 0.0.0.0 16.6.4.
packets forwarding. See the equivalent CLI command at 16.2.1.1.1. Users don’t need to configure the parameters. For the detailed explanation of the displayed information, see chapter 16.2.1.1.1 16.7.2 PIM-DM configuration In PIM-DM configuration mode, users can enable PIM-DM or disable PIM-DM protocol on the port. See the equivalent CLI command at 16.3.2.3: Enable PIM-DM – “yes” is used to enable PIM-DM protocol; “no” is used to disable PIM-DM protocol.
PIM-SM protocol. Vlan Port - Specify the layer 3 port Apply – Apply the configuration Default – Disable PIM-SM on the layer 3 interface Click PIM-SM parameter configuration. Users can configure PIM-SM parameters on the layer 3 port. See the equivalent CLI command at 16.4.2.2.
Click Set router as RP candidate. Users can configure candidate RP for PIM-SM. See the equivalent CLI command at 16.4.2.2.5: Set router as RP candidate – “yes” is used to set the switch as RP candidate; “yes” is used to cancel the switch as RP candidate Port – Specify layer 3 VLAN ID Group-List – Specify access-list number Interval – Specify interval of sending candidate RP messages Apply – Apply the configuration 16.7.
Click DVMRP parameter configuration. Users can configure DVMRP interface parameters: See the equivalent CLI command at 16.5.2.2.4 and 16.5.2.2.5: Vlan Port - Specify the layer 3 port DVMRP report metric configuration – Configure DVMRP report metric for the port. See the equivalent CLI command at 16.5.2.2.4 DVMRP neighbor timeout configuration – Configure DVMRP neighbor timeout for the port. See the equivalent CLI command at 16.5.2.2.
Click DVMRP tunnel configuration. Users can create and delete DVMRP tunnel. See the equivalent CLI command at 16.5.2.2.9: Neighbor ip address – Specify neighbor ip address Metric – Specify metric to neighbor Vlan Port –Specify the layer 3 port Apply – Create DVMRP tunnel to neighbor Delete tunnel - Delete DVMRP tunnel to neighbor 16.7.5 IGMP configuration In IGMP mode, click IGMP additive parameter configuration. Users can configure IGMP interface parameters. See the equivalent CLI command at 16.6.2.2.
command at 16.6.2.2.5 Vlan Port –Specify the layer 3 port Apply – Apply the configuration Default – Restore the default settings (including ACL for IGMP group, IGMP query interval, Max-response IGMP request time and IGMP query timeout. If users have configured static group and join group, the static group and the join group on the port are deleted.) Note: This page is related to six CLI commands. When users only set one parameter, there is a warning for not configuring other parameters.
Click Show ip dvmrp route. See the equivalent CLI command at 16.5.4.1.3 Click Show ip dvmrp tunnel. See the equivalent CLI command at 16.5.4.1.
Chapter 17 VRRP Configuration 17.1 Introduction to VRRP VRRP (Virtual Router Redundancy Protocol) is a redundancy protocol. It uses a backup mechanism to increase reliability of the router (or the layer 3 switch) to connect the outside network. It is designed for the local area network which supports multicast or broadcast, such as Ethernet. It is proposed by IETF, and widely used these days. Normally, the default gateway should be configured on all the hosts in the LAN.
17.2 VRRP Configuration 17.2.1 1. 2. 3. 4. 5. VRRP Configuration Task Sequence Create/Delete virtual router (required) Configure VRRP virtual IP address and VRRP interface (required) Enable/disable virtual router (required) Configure VRRP authentication (optional) Configure VRRP accessorial parameters (optional) (1)Configure VRRP preempt mode (2)Configure VRRP priority (3)Configure VRRP timer (4)Configure VRRP monitored interface 1.
Configure authentication mode of VRRP ip vrrp authentication mode text no ip vrrp authentication mode messages sent by the current interface; the “no ip vrrp authentication mode” command restores the default authentication mode. Configure the authentication string of the ip vrrp authentication string VRRP packets sent on the interface; the no ip vrrp authentication string “no ip vrrp authentication string” restores the default authentication string. 5.
Command mode: Global Mode Usage Guide: This command is used to create or delete the virtual router. The virtual router is identified by the sequence numbers. Users have to create the virtual router before they configure the virtual router parameters. Example: Configure the virtual router with sequence number 10. Switch(config)# router vrrp 10 17.2.2.2 virtual-ip Command: virtual-ip {master| backup} no virtual-ip Function: Configure VRRP virtual IP address. Parameter:
Switch(Config-Router-Vrrp)# interface vlan 1 17.2.2.4 enable Command: enable Function: Enable the VRRP Command mode: VRRP Mode Usage Guide: Enable the virtual router. Users have to configure the VRRP virtual IP address and the VRRP interface before they enable the VRRP. After this configuration, the interface is added to the standby group. Example: Enable the virtual router with the sequence number 10. Switch(config)# router vrrp 10 Switch(Config-Router-Vrrp)# enable 17.2.2.
the routers in the same standby group should set to the same authentication mode. Example: Set the VRRP authentication mode to plain text mode. Switch(config)#interface vlan 1 Switch(Config-If-Vlan1)# ip vrrp authentication mode text 17.2.2.
no priority Function: Configure VRRP priority; the “no priority” command restores to its default value 100. IP Owner’s VRRP priority is always 255. Parameter: is the VRRP priority, valid range is 1 to 255. Command mode: VRRP Mode Default: The VRRP priority for the backup routers (or the layer 3 switches) is 100 by default, whereas the VRRP priority for the master router (or the layer 3 switch) is 255 by default.
users can set greater adver_interval value or set greater preempt delay time. Example: Set VRRP timer to 3 seconds Switch(Config-Router-Vrrp)# advertisement-interval 3 17.2.2.11 circuit-failover Command: circuit-failover no circuit-failover Function: Configure the VRRP monitored interface. Parameter: < ifname > is the name of the monitored interface is reduced value of the VRRP priority, valid range is 1 to 253.
Fig 17-1 Typical VRRP Application Topology SWITCHA and SWITCHB are layer 3 LAN switches in the same standby group. Set SWITCHA to master switch. The configuration steps are listed below: SWITCHA: SwitchA(config)#interface vlan 1 SwitchA (Config-If-Vlan1)# ip address 10.1.1.5 255.255.255.0 SwitchA (Config-If-Vlan1)#exit SwitchA (config)#router vrrp 1 SwitchA(Config-Router-Vrrp)# virtual-ip 10.1.1.
Interface is Vlan2 Priority is 100 Advertisement interval is 1 sec Preempt mode is TRUE VrId <10> State is Initialize Virtual IP is 10.1.10.
17.2.4.2 VRRP Troubleshooting Help VRRP may not work properly due to bad physical connection or wrong configuration.
Chapter 18 Cluster Network Management 18.1 Introduction to cluster network management Cluster network management is an in-band configuration management. Unlike CLI, SNMP and Web Config which implement a direct management of the target switches through a management workstation, cluster network management implements a direct management of the target switches (member switches) through an intermediate switch (commander switch). A commander switch can manage multiple member switches.
18.2 Basic Cluster Network Management Configuration 18.2.
Command Explanation Global Mode cluster commander Create or delete a cluster [vlan] no cluster commander cluster ip-pool Configure private IP address pool no cluster ip-pool for member switches of the cluster cluster member {candidate-sn | mac-address Add or remove a member switch [] }[password ] no cluster member < mem-id > 3.Configure attributes of the cluster in the commander switch Command Explanation Global Mode Enable
Command Explanation Admin Mode In the commander switch, this command is used to configure and rcommand member manage member switches. In the member switch, this command is used to configure the rcommand commander member switch itself. In the commander switch, this command is used to reset the cluster reset member member switch. cluster update member [ascii | binary] 18.2.
Function: Sets interval of sending cluster registration packet; the “no cluster register timer” command restores the default setting. Parameter: is interval of sending cluster registration packet in seconds, valid range is 30 to 65535. Command mode: Global Mode Default: Cluster register timer is 60 seconds by default. Example: Set the interval of sending cluster registration packet to 80 seconds. Switch(Config)#cluster register timer 80 18.2.2.
Parameter: is the cluster’s name; is the VLAN of the Layer 3 device which the cluster belongs to. If it is omitted, the cluster belongs to VLAN1. Command mode: Global Mode Default: There is no cluster by default. Usage Guide: This command sets the switch as a commander switch and creates a cluster. Before executing this command, users must configure a private IP address pool.
18.2.2.6 cluster auto-add Command: cluster auto-add enable no cluster auto-add enable Function: When this command is executed in the commander switch, the newly discovered candidate switches will be added to the cluster as a member switch automatically; the “no cluster auto-add enable” command disables this function. Command mode: Global Mode Default: This function is disabled by default. That means that the candidate switches are not automatically added to the cluster.
Usage Guide: This command is used to configure the commander switch remotely. Users have to telnet the commander switch by passing the authentication. The command “exit” is used to quit the configuration interface of the commander switch. If this command is executed in the commander switch, an error will be displayed. Example: In the member switch, enter the configuration interface of the commander switch. Switch#rcommand commander 18.2.2.
Keyword Source address or destination address startup-config Startup configuration file nos.img System file boot.rom System startup file Command mode: Admin Mode Usage Guide: The commander switch sends the remote upgrade command to the member switch. The member switch is upgraded and reset. If this command is executed in a non-commander switch, an error will be displayed.
no cluster heartbeat Function: In the commander switch, set interval of sending heartbeat packets among the switches of the cluster; the “no cluster heartbeat” command restores the default setting. Parameter: is the interval of heartbeat of the cluster, valid range is 1 to 65535. Command mode: The interval of heartbeat is 8 seconds by default. Default: Global Mode Usage Guide: In the commander switch, this command is used to set the interval of heartbeat.
