Part No. 208700-C November 2001 4401 Great America Parkway Santa Clara, CA 95054 Using the Business Policy Switch 2000 Version 2.
Copyright © 2001 Nortel Networks All rights reserved. Printed in the USA. November 2001. The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document.
USA requirements only Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy.
Japan/Nippon requirements only Voluntary Control Council for Interference (VCCI) statement Taiwan requirements Bureau of Standards, Metrology and Inspection (BSMI) Statement Canada requirements only Canadian Department of Communications Radio Interference Regulations This digital apparatus (Business Policy Switch 2000) does not exceed the Class A limits for radio-noise emissions from digital apparatus as set out in the Radio Interference Regulations of the Canadian Department of Communications.
rights other than those granted to you under this License Agreement. You are responsible for the selection of the Software and for the installation of, use of, and results obtained from the Software. 1. Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of the Software on only one machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable.
e) The terms and conditions of this License Agreement form the complete and exclusive agreement between Customer and Nortel Networks. f) This License Agreement is governed by the laws of the country in which Customer acquires the Software. If the Software is acquired in the United States, then this License Agreement is governed by the laws of the state of New York.
Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 How to get help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Policy-enabled networks with QoS shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 QoS filtering of multiple VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Enhancements for QoS configuration using the Web . . . . . . . . . . . . . . . . . . . . . . 53 Port Naming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 DA filtering using MAC address-based security . . . . . . . . . .
Contents 9 Port mirroring (conversation steering) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Autosensing and autonegotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 BootP automatic IP configuration/MAC address . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Configuration and switch management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Multifield packet classification . . . . . . . . . . . . . . . . . .
Contents VLANs spanning multiple switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 VLANs spanning multiple 802.1Q tagged switches . . . . . . . . . . . . . . . . . . . 118 VLANS spanning multiple untagged switches . . . . . . . . . . . . . . . . . . . . . . . . 118 Shared servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 VLAN workgroup summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 11 MAC Address Table screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 MAC Address Security Configuration Menu screen . . . . . . . . . . . . . . . . . . . . . . 176 MAC Address Security Configuration screen . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 MAC Address Security Port Configuration screen . . . . . . . . . . . . . . . . . . . . . . . . 181 MAC Address Security Port Lists screens . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Spanning Tree Port Configuration screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 Spanning Tree Switch Settings screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256 Spanning Tree VLAN Membership screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 TELNET/SNMP/Web Access Configuration screen . . . . . . . . . . . . . . . . . . . . . . 262 Software Download screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 13 COPS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307 Chapter 5 Sample QoS configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 Creating interface groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311 Accepting default mapping values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Appendix A Technical specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 Environmental . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 Electrical . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 Physical dimensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 15 Configuring Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380 Configuring IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381 Configuring authentication process for EAPOL-based security . . . . . . . . . . . . . . . . . 384 Appendix D Connectors and pin assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387 RJ-45 (10BASE-T/100BASE-TX) port connectors . . . . .
Contents 208700-C
Figures Figure 1 Business Policy Switch 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Figure 2 Business Policy Switch 2000 front panel . . . . . . . . . . . . . . . . . . . . . . . . . 40 Figure 3 Business Policy Switch 2000 LED display panel . . . . . . . . . . . . . . . . . . . 43 Figure 4 Business Policy Switch 2000 back panel . . . . . . . . . . . . . . . . . . . . . . . . . 46 Figure 5 Removing the cascade module filler panel . . . . . . . . . . . . . . . . .
Figures Figure 30 Default VLAN Configuration screen example . . . . . . . . . . . . . . . . . . . . . 123 Figure 31 VLAN Configuration screen example . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Figure 32 Default VLAN Port Configuration screen example . . . . . . . . . . . . . . . . . 125 Figure 33 VLAN Port Configuration screen example . . . . . . . . . . . . . . . . . . . . . . . 126 Figure 34 VLAN configuration spanning multiple switches . . . . . . . . . . . . . . . . . . .
Figures 19 Figure 65 MAC Address Security Table screen . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 Figure 66 EAPOL Security Configuration screen . . . . . . . . . . . . . . . . . . . . . . . . . . 192 Figure 67 VLAN Configuration Menu screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 Figure 68 VLAN Configuration screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Figure 69 MAC Address Configuration for MAC-SA Based VLAN screen . . . . .
Figures Figure 100 ASCII Configuration File Download screen . . . . . . . . . . . . . . . . . . . . . . 280 Figure 101 System Log screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283 Figure 102 Schematic of QoS policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288 Figure 103 Web-based management menu page . . . . . . . . . . . . . . . . . . . . . . . . . . 312 Figure 104 Interface Configuration page . . . . . . . . . . . . . . . . . .
Figures 21 Figure 135 LED display panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 Figure 136 Stack Operational Mode screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Figure 137 System Characteristics screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370 Figure 138 Configuring 802.1Q VLANs (1 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 Figure 139 Configuring 802.1Q VLANs (2 of 3) . . . . . . . .
Figures 208700-C
Tables Table 1 Business Policy Switch 2000 front-panel description . . . . . . . . . . . . . . . 40 Table 2 Business Policy Switch 2000 LED descriptions . . . . . . . . . . . . . . . . . . . . 43 Table 3 Business Policy Switch 2000 back-panel descriptions . . . . . . . . . . . . . . . 46 Table 4 International power cord specifications . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Table 5 SNMP MIB support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Tables Table 30 High Speed Flow Control Configuration Screen Fields . . . . . . . . . . . . . 213 Table 31 MultiLink Trunk Configuration Menu screen options . . . . . . . . . . . . . . . . 216 Table 32 MultiLink Trunk Configuration screen fields . . . . . . . . . . . . . . . . . . . . . . 218 Table 33 MultiLink Trunk Utilization screen fields . . . . . . . . . . . . . . . . . . . . . . . . . 220 Table 34 Port Mirroring Configuration screen fields . . . . . . . . . . . . . . . . . . . . . . .
Tables 25 Table 64 Electrical parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 Table 65 Physical dimensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362 Table 66 Performance specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362 Table 67 RJ-45 port connector pin assignments Table 68 DB-9 Console port connector pin assignments . . . . . . . . . . . . . . . . . . .
Tables 208700-C
Preface This guide describes the Nortel Networks* Business Policy Switch 2000* features and uses. The terms “Business Policy Switch 2000,” “Business Policy Switch,” and “BPS 2000” are used synonymously in this document. The Business Policy Switch introduces policy-enabled networking features to optimize consistent performance and behavior for your network traffic. The Differentiated Services (DiffServ) network architecture offers varied levels of service for different types of data traffic.
Preface • “How to get help” on page 31 Before you begin This guide is intended for network managers and administrators with the following background: • • • • Basic knowledge of networks, Ethernet bridging, and IP and IPX routing Familiarity with networking concepts and terminology Specific knowledge about the networking devices, protocols, topologies, and interfaces that comprise your network Experience with windowing systems, graphical user interfaces (GUIs), or Web browsers Related publications Fo
Preface 29 • Using Web-based Management for the Business Policy Switch 2000 Software Version 2.0 (part number 209570-C) Describes how to use the Web-based management tool to configure switch features. • Reference for the Business Policy Switch 2000 Command Line Interface Software Version 2.0 (part number 212160-B) Describes how to use Command Line Interface (CLI) commands to configure and manage the BPS 2000.
Preface • 100 Watt DC-DC Converter Installation and Reference Guide (part number 209132-B) Describes installation and removal procedures for the 100-watt DC-to-DC converter for your Business Policy Switch 2000. • Reference Note: Gigabit Ethernet Physical Layer Considerations (part number 201540-B) Provides information about gigabit transmission over fiber optic cable and mode conditioning. • Release Notes for Optivity Quick2Config for the Business Policy Switch 2000 2.2.
Preface 31 • Known Anomalies for Optivity Policy Services Version 2.0 (part number 306974-E Rev 00) Describes known anomalies with Optivity Policy Services. You can print selected technical manuals and release notes free, directly from the Internet. Go to the www.nortelnetworks.com/documentation URL. (The product family for the BPS 2000 is Data and Internet.) Find the product for which you need documentation. Then locate the specific category and model or version for your hardware or software product.
Preface 208700-C
Chapter 1 The Business Policy Switch 2000 This chapter introduces the Business Policy Switch 2000 and covers the following topics: • • • • • • • • “General description,” next “Stacking compatibility” on page 33 “Upgrading software” on page 35 “Software version 2.
• • Pure BPS 2000—This stack has only BPS 2000 switches. It is sometimes referred to as a pure stack. The stack operational mode for this type of stack is Pure BPS 2000 Mode. Hybrid—This stack has a combination of BPS 2000 switches and BayStack 450 and/or BayStack 410 switches. It is sometimes referred to as a mixed stack. The stack operational mode for this type of stack is Hybrid Mode.
Upgrading software Note: Use the Command Line Interface (CLI), console interface (CI) menus, or the Web-based management system to upgrade to software version 2.0. For detailed instructions, refer to Chapter 3, Reference for the Business Policy Switch 2000 Command Line Interface Software Version 2.0, and Using Web-based Management for the Business Policy Switch 2000 Software Version 2.0. You use one of the management systems to upgrade or downgrade software.
Upgrading software in a Pure BPS 2000 stack To download, or upgrade, software in a Pure BPS 2000 stack: 1 Download the operational software, or agent, image. 2 Download the diagnostics image. However, if you are currently using software version 1.0, 1.0.1, or 1.1, you must upgrade to software version 1.1.1 before upgrading to version 2.0. Note: Once you begin the upgrading process, do not interrupt the process at all.
— BPS 2000—versions 1.1, 1.1.1, 1.2, and 2.0 This section describe the steps for the following software upgrades: • • “Upgrading software when ISVN is 2,” next “Upgrading software when ISVN is 1” on page 37 Upgrading software when ISVN is 2 To upgrade a Hybrid stack to BPS 2000 software version 2.0 when the ISVN numbers of the units are 2: 1 Download the BPS 2000 image file. The system resets. 2 Download the BPS 2000 diags file. The system resets.
Note: If you do not download both the BPS 2000 and BayStack 410/450 images simultaneously, the stack may not form. The system resets. 2 Download the other BayStack 450 image file. The system resets. 3 Download the BPS 2000 diags file. The system resets. 4 Validate that the ISVN on both the BPS 2000 and the BayStack are 2. Note: Once you begin the upgrading process, do not interrupt the process at all. Interrupting the downloading (or upgrading) process may cause loss of connectivity.
To find out which version of the BPS 2000 software is running, use the console interface (CI) menus or the Web-based management system: • • CI menus—From the main menu of the console, choose Systems Characteristics menu. The software currently running is displayed in sysDescr. Web-based management system—Open the System Information page, which is under Administration on the main menu. The software currently running is displayed in the sysDescription field.
Figure 1 Business Policy Switch 2000 9713FA Front panel Figure 2 shows the front-panel configuration for the Business Policy Switch 2000. Descriptions of the front-panel components follow the figure. For descriptions of the back-panel Business Policy Switch components, see “Back panel” on page 46.
Table 1 Business Policy Switch 2000 front-panel description (continued) 3 Port connectors 4 LED display panel Console port The console port allows you to access the console interface (CI) screens and customize your network using the supplied menus and screens (see Chapter 3). The console port is a DB-9, RS-232-D male serial port connector.
The 10BASE-T/100BASE-TX port connectors are configured as MDI-X (media-dependent interface-crossover). These ports connect over straight cables to the network interface card (NIC) in a node or server, similar to a conventional Ethernet repeater hub. If you are connecting to an Ethernet hub or Ethernet switch, use a crossover cable unless an MDI connection exists on the associated port of the attached device (see “Appendixes).
LED display panel Figure 3 shows the Business Policy Switch LED display panel. See Table 2 for a description of the LEDs.
Table 2 Business Policy Switch 2000 LED descriptions (continued) Label Type Cas Up Stack mode Color State Meaning Off The switch is in standalone mode. Green On The switch is connected to the upstream unit’s Cascade A In connector. Amber On This unit has detected a problem with the switch connected to the cascade up connector. In order to maintain the integrity of the stack, this unit has bypassed its upstream neighbor and has wrapped the stack backplane onto an alternate path.
Table 2 Business Policy Switch 2000 LED descriptions (continued) Label Type Color State Meaning Base Base mode Green On The switch is configured as the stack base unit. Off The switch is not configured as the stack base unit (or is in standalone mode). Blinking Stack configuration error: indicates that multiple base units or no base units are configured in the stack. Amber On This unit is operating as the stack configuration’s temporary base unit.
Table 2 Business Policy Switch 2000 LED descriptions (continued) Label Type Color State Meaning Link Link status Green On Valid communications link established. Off The communications link connection is bad or there is no connection to this port. Blinking The corresponding port is management disabled. Blinking Indicates network activity for the corresponding port. A high level of network activity can cause the LEDs to appear to be on continuously.
You can connect up to eight switches into a redundant stack configuration. Installation instructions are provided with each BayStack 400-ST1 Cascade Module (see Installing the BayStack 400-ST1 Cascade Module). Use a flathead screwdriver to remove the filler panel that covers the Cascade Module slot (Figure 5). For more information about cascade modules, see Installing the Cascade 400-ST1 Cascade Module. See your Nortel Networks sales representative for cascade module ordering information.
Cooling fans Three cooling fans are located on one side of the Business Policy Switch to provide cooling for the internal components. (See Figure 1 on page 40.) When you install the switch, be sure to allow enough space on both sides of the switch for adequate air flow. See Installing the Business Policy Switch 2000 for detailed information. AC power receptacle The AC power receptacle accepts the AC power cord (supplied).
Table 4 International power cord specifications (continued) Country/Plug description Specifications United Kingdom: • BS1363 male plug with fuse • Harmonized cord 240 VAC 50 Hz Single phase Typical plug 229FA Australia: • AS3112-1981 Male plug 240 VAC 50 Hz Single phase 230FA Redundant power supply unit (RPSU) and uninterruptible power supply (UPS) The redundant power supply connector allows you to connect a backup power supply unit to the Business Policy Switch.
For further information, refer to Installation and Reference for the BayStack 10 Power Supply Unit (part number 208296-C). Contact your Nortel Networks sales representative for more information. 100 Watt DC-DC Converter The 100 Watt DC-DC Converter operates in conjunction with the Nortel Networks BayStack 10 Power Supply Unit and 200 Watt AC/DC Power Supply Module.
• • • — “View CPU/memory utilization” on page 55 — “Increased RMON alarms” on page 55 — “QoS filtering of multiple VLANs” on page 53 Introduced with software version 1.2 — “CLI management system” on page 56 — “Increased VLANs” on page 56 — “Multiple Spanning Tree Protocol groups” on page 57 — “ASCII configuration file” on page 61 — “IP manager list” on page 64 Introduced with software version 1.
Support for BPS 2000-1GT, BPS 2000-2GT, and BPS 2000-2GE MDAs Support for the BPS 2000-1GT, BPS 2000-2GT, and BPS 2000-2GE MDAs is provided with software version 2.0. The BPS 200-1GT, BPS 2000-2GT, and BPS 2000-2GE MDAs provide support for 8 priority queues for egress traffic and Weighted Round Robin (WRR) queuing.
Y Note: You must use the BPS 2000-1GT, BPS 2000-2GT, or BPS 2000-2GE MDA with the Business Policy Switch in order to be able to configure the shaping features of QoS. Refer to “Policy-enabled networking” on page 70, for a more complete description of policy-enabled networks, and refer to Chapter 4 for a complete discussion of policy-enabled networks, Differentiated Services (DiffServ), and Quality of Service (QoS).
Finally, several of the Advanced QoS Web pages have been changed to make QoS configuration easier. Refer to Using Web-based Management for the Business Policy Switch 2000 Software Version 2.0, for complete information about the Web-based management interface for configuring QoS parameters. Port Naming You can name, or specify a text string for, each port starting with software version 2.0. This feature provides easy identification of the connected users.
Refer to Using Web-based Management for the Business Policy Switch 2000 Software Version 2.0, and Reference for the Business Policy Switch 2000 Command Line Interface Software Version 2.0 and for information on configuring MAC address-based DA filtering. IP address for each unit in a stack You can assign an IP address to each unit in a stack from a single console port with BPS 2000 software version 2.0.
CLI management system With software version 1.2, the BPS 2000 offers a Command Line Interface (CLI) management system. You can issue CLI commands through the serial port of the switch or through a Telnet session. (The SNMPv3 and RMON features are not supported.) You can work with the CLI interactively, when you use the CLI command to configure the switch command-by-command. You can also work with the CLI all at once, when you use the CLI command to configure the network.
Multiple Spanning Tree Protocol groups BPS 2000 switches support the Spanning Tree Protocol (STP) as defined in IEEE 802.1D. As defined in the IEEE 802.1D standard, the Spanning Tree Protocol detects and eliminates logical loops in a bridged or switched network. When multiple paths exist, the spanning tree algorithm configures the network so that a bridge or switch uses only the most efficient path.
In the default configuration of the BPS 2000, a single STG with the ID of 1 includes all ports on the switch. It is called the default STG. Although ports can be added to or deleted from the default STG, the default STG (STG1) itself cannot be deleted from the system. Also you cannot delete the default VLAN (VLAN1) from STG1. The tagging for the BPDUs from STG1, or the default STG, is user-configurable (as are tagging settings for all STGs).
• • When you create a VLAN, that VLAN automatically belongs to STG 1, the default STG. If you want the VLAN in another STG, you must move the VLAN by assigning it to another STG. You move a newly created VLAN to an existing STG by following this order: — Create the VLAN — Add the VLAN to an existing STG Note: Beginning with software version 2.0, you can move VLANs directly into STGs; you no longer need to delete them from the previous, or default, STG first.
• Because some STP-compliant devices do not support tagging, you can configure whether to send tagged or untagged BPDUs, even from tagged ports, with the BPS 2000 with software version 1.2. The VLAN ID for the tagged BPDUs will be 4000+STG ID. Note: Beginning with software version 2.0, you can select a VLAN ID for tagged BPDUs for each STG. Valid VLAN IDs are 1 to 4094. • • An untagged port cannot span multiple STGs.
Spanning Tree Fast Learning Spanning Tree Fast Learning is an enhanced port mode supported by the BPS 2000. If you enable Spanning Tree Fast Learning on a port with no other bridges, the port is brought up more quickly following the switch initialization or a spanning tree change.
Use a text editor to edit the ASCII configuration; the command format is the same as that of the CLI. You can initiate the ASCII configuration file download using CLI commands only while connected to the base unit, and the ASCII configuration script will execute to completion. When you initiate downloading the ASCII configuration file from the console interface, the console does not display output.
! ------------------------------------------------------! ! create vlan portbased vlan create 100 name vlan100 type port ! ! add Mlts created above to this VLAN vlan members add 100 17 ! ! create vlan ip protocol based vlan create 150 name vlan150 type protocol-ipEther2 ! ! add ports to this VLAN ! in this case all ports vlan members add 150 ALL vlan ports ALL priority 3 ! ! create vlan MACSA based vlan create 90 name MAC90 type macsa ! add ports to this VLAN ! in this case all ports vlan members add 90
speed auto duplex auto ! ! ! ------------------------------------------------------! SNMP configuration ! ------------------------------------------------------snmp host 192.168.100.125 private snmp community private ! ! exit end ! ------------------------------------------------------! Finished ! ------------------------------------------------------- Note: To add comments to the ASCII configuration file, add an exclamation point (!) to the beginning of the line.
You must change the Telnet access field through direct access to the interface; you cannot change the Telnet access field through Telnet. You must set the Telnet feature after the first power-up. Note: To avoid locking a user out of the switch, Nortel Networks recommends that you configure ranges of IP addresses that you allow access. When you configure the access, you are setting access for the next session. The current session any user has open is unaffected.
The BayStack 450-1GBIC MDA supports the following GBICs: • • • • 1000BASE-SX—This GBIC uses shortwave 850 nm fiber optic connectors to connect devices over multimode (550 m or 1,805 ft) fiber optic cable. 1000BASE-LX—This GBIC uses longwave 1,300 nm fiber optic connectors to connect devices over single mode (5 km or 3.1 mi) or multimode (550 m or 1,805 ft) fiber optic cable.
Automatic PVID With software version 1.1, the BPS 2000 provides the Automatic PVID feature for configuring virtual local area networks (VLANs). Refer to “Virtual Local Area Networks (VLANs)” on page 71 for more complete information on VLANs. Refer to Chapter 3 for information on configuring Automatic PVID using the Console Interface (CI) menus. Refer to Using Web-based Management for the Business Policy Switch 2000 Software Version 2.
Figure 6 VLAN broadcast domains within the switch S1 VLAN 3 VLAN 2 Port 2 Port 4 Port 10 PVID = 2 VLAN 1 Port 8 PVID = 3 V2 V2 V2 Port 6 Port 11 PVID = 1 V3 V1 V2 Key VLAN 1 (PVID = 1) VLAN 2 (PVID = 2) VLAN 3 (PVID = 3) BS45019A In Figure 6 the ports have the following PVID/VLAN associations: • Ports 8, 6, and 11 are untagged members of VLAN 1. The PVID/VLAN association for ports 6 and 11 is: PVID = 1. • Ports 2, 4, 10, and 8 are untagged members of VLAN 2.
Refer to Chapter 3 for information on configuring Automatic PVID using the Console Interface (CI) menus. Refer to Using Web-based Management for the Business Policy Switch 2000 Software Version 2.0 for information on configuring this feature using the Web-based management system. And, refer to Reference for the Business Policy Switch 2000 Command Line Interface Software Version 2.0 for information on configuring Automatic PVID with CLI commands.
BootP menu item for a stack of only BPS 2000 switches In a stack consisting only of BPS 2000 switches, you can perform BootP using the MAC address of the base unit. Refer to “BootP automatic IP configuration/MAC address” on page 87 for more information on BootP and MAC addresses. You must use the console interface (CI) menus to choose this option. Refer to Chapter 3 for information on using the base unit MAC address for BootP.
The Business Policy Switch 2000 uses DiffServ to manage network traffic and resources. The information that is required to support DiffServ and multi-field classification is transferred using the Common Open Policy Services (COPS) protocol. COPS is a query and response protocol that exchanges policy information messages using the Transmission Control Protocol (TCP). All configuration can be performed using SNMP, the CLI, and the Web-based interface.
segment. Although Ethernet switches and bridges divide a network into smaller collision domains, they do not affect the broadcast domain. In simple terms, a virtual local area network (VLAN) provides a mechanism to fine-tune broadcast domains. Your Business Policy Switch allows you to create three types of VLANs: • IEEE 802.1Q port-based VLANs A port-based VLAN is a VLAN in which the ports are explicitly configured to be in the VLAN.
1 Is the packet tagged? 2 Does the packet belong in a MAC SA-based VLAN? 3 Does the packet belong in a protocol-based VLAN? If none of the criteria applies, the packet belongs in the VLAN identified by the PVID of the ingress port. See Chapter 2, “Network configuration,” for more information. In addition, you configure VLANs as: • Shared VLAN Learning (SVL) mode—Multiple VLANs use a single forwarding database.
When a switch port is configured to be a member of a VLAN, it is added to a group of ports (workgroup) that belong to one broadcast domain. You can assign different ports (and therefore the devices attached to these ports) to different broadcast domains. This feature allows network flexibility because you can reassign VLANs to accommodate network moves, additions, and changes, eliminating the need to change physical cabling. Using 256 VLANs The BPS 2000 software version 1.
2.0. To use Device Manager (DM) to configure VLANs, refer to Reference for the Business Policy Switch 2000 Management Software Version 2.0. And, to configure this feature using CLI commands, refer to Reference for the Business Policy Switch 2000 Command Line Interface Software Version 2.0.
Figure 7 Business Policy Switch 2000 security feature RADIUS server To Network Center RADIUS-based security Switch Teachers’ offices and classrooms Student Dormitory Legend = Secure locked area Library BS45077A In this configuration example, the following security measures are implemented: • The switch — RADIUS-based security is used to limit administrative access to the switch through user authentication (see “RADIUS-based network security” on page 78).
• — MAC address-based security is used to allow up to 448 authorized stations (MAC addresses) access to one or more switch ports (see “MAC address-based security” on page 78). — The switch is located in a locked closet, accessible only by authorized Technical Services personnel. Student dormitory Dormitory rooms are typically occupied by two students and have been prewired with two RJ-45 jacks.
RADIUS-based network security The RADIUS-based security feature allows you to set up network access control, using the Remote Authentication Dial-In User Services (RADIUS) security protocol. The RADIUS-based security feature uses the RADIUS protocol to authenticate local console and Telnet logins. You will need to set up specific user accounts (user names and passwords, and Service-Type attributes) on your RADIUS server before the authentication process can be initiated.
Chapter 1 The Business Policy Switch 2000 79 Note: Ensure that you do not enter the MAC address for the stack or any of the units you are using. • Create a list of up to 448 MAC source addresses (SAs) and specify which SAs are authorized to connect to your switch or stack configuration. The 448 MAC SAs can be configured within a single standalone switch, or they can be distributed in any order among the units in a single stack configuration.
Chapter 1 The Business Policy Switch 2000 EAPOL-based security BPS 2000 software version 1.1 provides support for security based on the Extensible Authentication Protocol over LAN (EAPOL), which uses the EAP as described in the IEEE Draft P802.1X to allow you to set up network access control on internal LANs. For information on configuring EAPOL-based security using the Console Interface (CI) menus, refer to Chapter 3.
Chapter 1 The Business Policy Switch 2000 81 • • • • Authenticator—software with the sole purpose of authorizing a supplicant that is attached to the other end of a LAN segment. Authentication Server—a RADIUS server that provides authorization services to the Authenticator. Port Access Entity (PAE)—a software entity associated with each port that supports the Authenticator or Supplicant functionality. In the preceding example, the Authenticator PAE resides on the switch.
Chapter 1 The Business Policy Switch 2000 EAPOL dynamic VLAN assignment If EAPOL-based security is enabled on a port, and then the port is authorized, the EAPOL feature dynamically changes the port’s VLAN configuration according to preconfigured values, and assigns a new VLAN. The new VLAN configuration values are applied according to previously stored parameters (based on the user_id) in the Authentication server.
Chapter 1 The Business Policy Switch 2000 83 • • VLAN membership attributes — Tunnel-Type: value 13, Tunnel-Type-VLAN — Tunnel-Medium-Type: value 6, Tunnel-Medium-Type-802 — Tunnel-Private-Group-Id: ASCII value 1 to 4094 (this value is used to identify the specified VLAN) Port priority (vendor-specific) attributes — Vendor Id: value 562, Nortel Networks vendor Id — Attribute Number: value 1, Port Priority — Attribute Value: value 0 (zero) to 7 (this value is used to indicate the port priority value assig
Chapter 1 The Business Policy Switch 2000 EAPOL-based security configuration rules The following configuration rules apply to your BPS 2000 when using EAPOL-based security: • • • Before configuring your switch, you must configure the Primary RADIUS Server and Shared Secret fields.
Chapter 1 The Business Policy Switch 2000 85 Configuration parameters storage All configuration parameters are stored in flash memory. These parameters are updated every 10 seconds (if a change occurs) or whenever a reset command is executed. Note: Do not power off the switch within 10 seconds of changing any configuration parameters. Powering down the switch within 10 seconds of changing configuration parameters can cause the changed configuration parameters to be lost.
Chapter 1 The Business Policy Switch 2000 Port mirroring (conversation steering) The port mirroring feature (sometimes referred to as conversation steering) allows you to designate a single switch port as a traffic monitor for up to two specified ports or two media access control (MAC) addresses. You can specify port-based monitoring, where all traffic on specified ports is monitored, or address-based monitoring, where traffic between specified MAC addresses is monitored.
Chapter 1 The Business Policy Switch 2000 87 Autosensing is used when the attached device is not capable of autonegotiation or is using a form of autonegotiation that is not compatible with the IEEE 802.3u autonegotiation standard. In this case, because it is not possible to sense the duplex mode of the attached device, the Business Policy Switch reverts to half-duplex mode.
Chapter 1 The Business Policy Switch 2000 For more information and an example of a BootP configuration file, see Appendixes. Configuration and switch management The Business Policy Switch is shipped directly from the factory ready to operate in any 10BASE-T or 100BASE-TX standard network. You must assign an IP address to the switch or stack, depending on the mode of operation. You can set both addresses by using the console port or BootP, which resides on the switch.
Chapter 1 The Business Policy Switch 2000 89 With software version 1.2 and higher, the CLI is used to automate general management and configuration of the BPS 2000. Use the CLI through a Telnet connection or through the serial port on the console. Refer to Reference for the Business Policy Switch 2000 Command Line Interface Software Version 2.0 for complete information on using the CLI. • Any generic SNMP-based network management software.
Chapter 1 The Business Policy Switch 2000 Table 5 SNMP MIB support (continued) Application Standard MIBs RMON rfc2819.mib Proprietary MIBs MLT rcMLT Common Open Policy Service (COPS) support rfc.2940.mib Policy Management Policy Info Base SNMPv3 MIBs RFCs 2570, 2571, 2572, 2573, 2574, 2575, 2576 MIB2 rfc1213.mib IF-MIB rfc2863.mib Etherlike MIB rfc2665.mib pib802, pibFramework, pibIp, pibNtn, mibntqos, pibNtnEvol Interface Extension MIB s5ifx100.mib Switch Bay Secure s5sbs102.
Chapter 1 The Business Policy Switch 2000 91 Table 6 Supported SNMP traps (continued) Trap name Configurable Sent when coldStart Always on The system is powered on. warmStart Always on The system restarts due to a management reset. s5CtrMIB (Nortel proprietary traps): s5CtrUnitUp Always on A unit is added to an operational stack. s5CtrUnitDown Always on A unit is removed from an operational stack. s5CtrHotSwap Always on A unit is hot-swapped in an operational stack.
Chapter 1 The Business Policy Switch 2000 RFCs For more information about networking concepts, protocols, and topologies, consult the following RFCs: • • • • • • • • • • • • • • • • • • 208700-C RFC 1213 (MIB-II) RFC 1493 (Bridge MIB) RFC 2863 (Interfaces Group MIB) RFC 2665 (Ethernet MIB) RFC 2737 (Entity MIBv2) RFC 2819 (RMON MIB) RFC 1757 (RMON) RFC 1271 (RMON) RFC 1157 (SNMP) RFC 2748 (COPS) RFC 2940 (COPS Clients) RFC 3084 (COPS Provisioning) RFC 2570 (SNMPv3) RFC 2571 (SNMP Frameworks) RFC 2573
Chapter 2 Network configuration Use Business Policy Switches to connect workstations, personal computers (PCs), and servers to each other by connecting these devices directly to the switch, through a shared media hub connected to the switch or by creating a virtual LAN (VLAN) through the switch.
Chapter 2 Network configuration To find out which version of the BPS 2000 software is running, use the console interface (CI) menus or the Web-based management system: • • CI menus—From the main menu of the console, choose Systems Characteristics menu. The software currently running is displayed in sysDescr. Web-based management system—Open the System Information page, which is under Administration on the main menu. The software currently running is displayed in the sysDescription field.
Chapter 2 Network configuration 95 Desktop switch application Figure 8 shows a Business Policy Switch used as a desktop switch, where desktop workstations are connected directly to switch ports. This configuration provides dedicated 100 Mb/s connections to the network center, the server, and as many as 26 users. This configuration uses the optional BPS2000-4TX MDA (10BASE-T/100BASE-TX MDA).
Chapter 2 Network configuration Figure 9 Business Policy Switch used as a segment switch After Before Server Business Policy Switch 2000 10BASE-T hubs Up to 22 users Server Up to 23 users Up to 23 users Up to 23 users To Network Center Up to 88 users Key 10 Mb/s 100 Mb/s 200 Mb/s - 88 users share 10 Mb/s (10/88 Mb/s per user) - Server bottleneck (10 Mb/s bandwidth) - Network center bottleneck (10 Mb/s bandwidth) -Total of 88 users To Network Center Up to 23 users - Four sets of 23 users; eac
Chapter 2 Network configuration 97 High-density switched workgroup application Figure 10 shows an example of using a Business Policy Switch with a high-speed (gigabit) connection to a Nortel Networks Passport™ 1100 switch. BayStack 303 and BayStack 304 switches are also shown in this example of a high-density switched workgroup.
Chapter 2 Network configuration Figure 10 Configuring power workgroups and a shared media hub Business Policy Switch 2000 F BayStack 303 switch F Server CPU PS1 PS2 FAN Accelar 1100 switch 100BASE-TX hub BayStack 304 switch Key 10 Mb/s 100 Mb/s 1000 Mb/s (Gigabit) 9841EA Fail-safe stack application Figure 11 shows an example of eight Business Policy Switches that are stacked together as a single managed unit.
Chapter 2 Network configuration 99 Figure 11 Fail-safe stack example Up to 24 users Business Policy Switch 2000 Up to 28 users F Up to 28 users F Up to 28 users CPU PS1 PS2 FAN Accelar switch Up to 28 users Up to 28 users Up to 28 users Up to 28 users Key 100 Mb/s 1000 Mb/s 9842EA Business Policy Switch stack operation BPS 2000 switches configured with Business Policy Switch software version 1.0 provide fail-safe stackability when you install the optional BayStack 400-ST1 Cascade Module.
Chapter 2 Network configuration • • “Stack configurations” on page 104 “Redundant cascade stacking feature” on page 108 Note: If you are implementing a mixed stack with the Business Policy Switch and BayStack 450 and BayStack 410 switches, refer to Appendixes for configuration and interoperability information. BayStack 400-ST1 Cascade Module The front-panel components of the BayStack 400-ST1 Cascade Module are shown in Figure 12. Component descriptions follow the figure.
Chapter 2 Network configuration 101 Unit Select switch The Unit Select switch (up = Base) determines the base unit for the stack configuration (see “Base unit”). The Unit Select switch status is displayed on the Business Policy Switch LED display panel. When the Unit Select switch is in the Base (up) position, all other Unit Select switches in the stack configuration must be set to Off (down).
Chapter 2 Network configuration Base unit Note: For stacking three or more units (maximum 8 units per stack), order the optional 1 meter (39.27 inch) cascade max-return cable (order number AL2018001). The base unit is the unique stack unit that you configure with the Unit Select switch on the front panel of the BayStack 400-ST1 Cascade Module.
Chapter 2 Network configuration 103 Stack MAC address When the switch is participating in a stack configuration, a stack MAC address is automatically assigned during the stack initialization. The base unit’s MAC address, with a software offset, is used for the stack MAC address.
Chapter 2 Network configuration Removing a unit from the stack If a unit is removed from the stack (therefore operating in standalone mode), the following switch configuration settings revert back to the settings configured before the unit became a member of the stack: • IP address • Password: console, Web, Telnet, SNMP (including DM) • Stack operational mode • SNMP community strings Stack configurations As shown in Figure 14, the cascade connectors and cables on the BayStack 400-ST1 Cascade M
Chapter 2 Network configuration 105 Figure 14 Stack up configuration example Out 1 Unit 8 Unit 7 Unit 6 Unit 5 Unit 4 Unit 3 Unit 2 Unit 1 2 In 3 4 9813EA Table 7 describes the stack up configuration illustration references. Table 7 Stack up configuration description 1 Last unit 2 Base unit 3 Cascade Cable (part number 303978-A) 4 Cascade Cable (part number 303979-A) Using the Business Policy Switch 2000 Version 2.
Chapter 2 Network configuration Stack down configurations In Figure 15, data flows from the base unit (unit 1) to the next switch, which is assigned as unit 2, and continues until the last switch in the stack is assigned as unit 8. The physical order of the switches is from top to bottom (unit 1 to unit 8).
Chapter 2 Network configuration 107 Table 8 describes the stack down configuration illustration references. Table 8 Stack down configuration description 1 Base unit 2 Last unit 3 Cascade cable (part number 303978-A) 4 Cascade max-return cable (part number 303979-A) Certain network management station (NMS) applications assume a stack down configuration for the graphical user interface (GUI) that represents the stack (see Figure 15).
Chapter 2 Network configuration Redundant cascade stacking feature Business Policy Switches allow you to connect up to 8 units into a redundant cascade stack. If any single unit fails or if a cable is accidently disconnected, other units in the stack remain operational, without interruption. Figure 16 shows an example of how a stack configuration reacts to a failed or powered-down unit in the stack configuration: 1 As shown in Figure 16, unit 3 becomes nonoperational.
Chapter 2 Network configuration 109 Figure 16 Redundant cascade stacking feature Cascade A Out Cascade A In 1 Unit 1 Unit 2 A Unit 3 B Unit 4 Unit 5 2 3 4 9815EA Table 9 describes the redundant cascade stacking illustration references. Table 9 Redundant cascade stacking descriptions 1 Base unit 2 Last unit 3 Cascade cable (part number 303978-A) 4 Cascade max-return cable (part number 303979-A) Using the Business Policy Switch 2000 Version 2.
Chapter 2 Network configuration IEEE 802.1Q VLAN workgroups Note: For guidelines on configuring VLANs, STGs, and MLT, refer to Chapter 1. Business Policy Switches support up to 64 VLANs (maximum of 48 MAC source address-based VLANs) with IEEE 802.1Q tagging available per port. With software version 1.2, the BPS 2000 supports up to 256 VLANs (maximum of 48 MAC source addressed-based VLANs.) Note: Only standalone or pure stacks of BPS 2000 support 256 VLANs.
Chapter 2 Network configuration 111 Figure 17 Port-based VLAN example VLAN 1 VLAN 2 Business Policy Switch 2000 9798EA IEEE 802.1Q tagging Business Policy Switches operate in accordance with the IEEE 802.1Q tagging rules. Important terms used with the 802.1Q tagging feature are: • • VLAN identifier (VID)—the 12-bit portion of the VLAN tag in the frame header that identifies an explicit VLAN.
Chapter 2 Network configuration • • • • • • • • Untagged frame— a frame that does not carry any VLAN tagging information in the frame header. VLAN port members— a set of ports that form a broadcast domain for a specific VLAN. A port can be a member of one or more VLANs. Untagged member—a port that has been configured as an untagged member of a specific VLAN. When an untagged frame exits the switch through an untagged member port, the frame header remains unchanged.
Chapter 2 Network configuration 113 Figure 18 Default VLAN settings 802.1Q Switch VLAN 1 Port 1 Port 2 Port 3 Port 4 Port 5 Port 6 Port 7 Port 8 PVID = 1 DA CRC SA Incoming untagged packet Data Outgoing untagged packet (unchanged) CRC Data SA DA Key By default: All ports are assigned PVID = 1 All ports are untagged members of VLAN 1 BS45010A When you configure VLANs, you configure the switch ports as tagged or untagged members of specific VLANs (see Figure 19 through Figure 24).
Chapter 2 Network configuration Figure 19 Port-based VLAN assignment Data SA Port 4 CRC DA Port 2 Port 3 Tagged member of VLAN 2 Port 5 Port 1 PVID = 2 Untagged packet 802.1Q Switch Before Port 6 Port 7 Port 8 Untagged member of VLAN 2 BS45011A As shown in Figure 20, the untagged packet is marked (tagged) as it leaves the switch through port 5, which is configured as a tagged member of VLAN 2.
Chapter 2 Network configuration 115 Figure 21 Policy-based VLAN assignment Data SA Port 4 CRC Port 1 DA Port 2 Port 3 802.1Q Switch Before Port 6 Port 7 Tagged member of VLAN 3 Port 5 Policy VLAN = 3 PVID = 2 Untagged packet Port 8 Untagged member of VLAN 3 BS45011B As shown in Figure 22, the untagged packet is marked (tagged) as it leaves the switch through port 5, which is configured as a tagged member of VLAN 3.
Chapter 2 Network configuration In Figure 23, tagged incoming packets are assigned directly to VLAN 2 because of the tag assignment in the packet. Port 5 is configured as a tagged member of VLAN 2, and port 7 is configured as an untagged member of VLAN 2. Figure 23 802.1Q tag assignment CRC Data Tag Before SA DA Port 4 Tagged packet Port 2 Port 3 802.
Chapter 2 Network configuration 117 As shown in Figure 24, the tagged packet remains unchanged as it leaves the switch through port 5, which is configured as a tagged member of VLAN 2. However, the tagged packet is stripped (untagged) as it leaves the switch through port 7, which is configured as an untagged member of VLAN 2. Figure 24 802.1Q tagging (after 802.1Q tag assignment) Port 4 Port 1 Port 2 802.
Chapter 2 Network configuration VLANs spanning multiple 802.1Q tagged switches Figure 25 shows VLANs spanning two Business Policy Switches. The 802.1Q tagging is enabled on S1, port 2 and on S2, port 1 for VLAN 1 and VLAN 2. Both ports are tagged members of VLAN 1 and VLAN 2. Figure 25 VLANs spanning multiple 802.
Chapter 2 Network configuration 119 Refer to Chapter 1 for additional guidelines on configuring VLANs and spanning tree groups. Figure 26 VLANs spanning multiple untagged switches VLAN 1 S1 VLAN 2 Business Policy Switch 2000 Untagged ports S2 Non-802.1Q tagging switch 9800EA When the STP is enabled on these switches, only one link between each pair of switches will be forwarding traffic. Because each port belongs to only one VLAN at a time, connectivity on the other VLAN is lost.
Chapter 2 Network configuration Figure 27 Possible problems with VLANs and Spanning Tree Protocol Station A Business Policy Switch 2000 S1 VLAN 1 No Communications Forwarding VLAN 2 Blocking Business Policy Switch 2000 S2 VLAN 1 VLAN 2 Station B 9801EA As shown in Figure 27, with STP enabled, only one connection between Switch S1 and Switch S2 is forwarding at any time. Communications failure occurs between VLAN 2 of S1 and VLAN 2 of S2, blocking communications between Stations A and B.
Chapter 2 Network configuration 121 Figure 28 Multiple VLANs sharing resources Business Policy Switch 2000 S1 V2 V2 V1 V3 V2 V1 Key VLAN 1 (PVID=1) VLAN 2 (PVID=2) VLAN 3 (PVID=3) 9803EA In the above configuration, all of the switch ports are set to participate as VLAN port members. This arrangement allows the switch to establish the appropriate broadcast domains within the switch (Figure 29). Refer to Chapter 1 for additional guidelines on configuring VLANs and spanning tree groups.
Chapter 2 Network configuration Figure 29 VLAN broadcast domains within the switch S1 VLAN 3 VLAN 2 Port 2 Port 4 Port 10 PVID = 2 VLAN 1 Port 8 PVID = 3 V2 V2 V2 V3 Port 6 Port 11 PVID = 1 V1 V2 Key VLAN 1 (PVID = 1) VLAN 2 (PVID = 2) VLAN 3 (PVID = 3) BS45019A For example, to create a broadcast domain for each VLAN shown in Figure 29, configure each VLAN with a port membership, and each port with the appropriate PVID/VLAN association: • • • • • • Ports 8, 6, and 11 are untagged membe
Chapter 2 Network configuration 123 To configure the VLAN port membership for VLAN 1: 1 Select Switch Configuration from the Business Policy Switch Main Menu (or press w). 2 From the Switch Configuration Menu, select VLAN Configuration (or press v). 3 From the VLAN Configuration Menu select VLAN Configuration (or press v).
Chapter 2 Network configuration Ports 2, 4, 6, 8, 10, and 11 are now untagged members of VLAN 3 as shown in Figure 29 on page 122.
Chapter 2 Network configuration 125 Figure 32 Default VLAN Port Configuration screen example VLAN Port Configuration Unit: Port: Filter Tagged Frames: Filter Untagged Frames: Filter Unregistered Frames: Port Name: PVID: Port Priority: Tagging: [ 1 ] [ 1 ] [ No ] [ No ] [ No ] [Port 1] [ 1 ] [ 0 ] [ Untagged Access ] AutoPVID (all ports): [ Disabled ] Use space bar to display choices, press or to select choice. Press Ctrl-R to return to previous menu.
Chapter 2 Network configuration Figure 33 VLAN Port Configuration screen example VLAN Port Configuration Unit: Port: Filter Tagged Frames: Filter Untagged Frames: Filter Unregistered Frames: Port Name: PVID: Port Priority: Tagging: [ 1 ] [ 8 ] [ No ] [ No ] [ No ] [ Student port ] [ 3 ] [ 0 ] [Untagged Access] AutoPVID (all ports): [ Disabled ] Use space bar to display choices, press or to select choice. Press Ctrl-R to return to previous menu.
Chapter 2 Network configuration 127 Figure 34 VLAN configuration spanning multiple switches Business Policy Switch 2000 Non-802.1Q tagging switch S4 S2 Both ports are tagged members of VLAN 1 and VLAN 2 Untagged ports (STP disabled) Business Policy Switch 2000 S1 V1 Non-802.1Q tagging switch S3 V2 V2 V1 V3 V2 Key VLAN 1 (PVID=1) VLAN 2 (PVID=2) VLAN 3 (PVID=3) 9802EA Using the Business Policy Switch 2000 Version 2.
Chapter 2 Network configuration VLAN configuration rules VLANs operate according to specific configuration rules. When creating VLANs, consider the following rules that determine how the configured VLAN reacts in any network topology: • • • • • • • You must be in the Pure BPS 2000 Stack mode and using software version 1.2 to be able to configure between 65 and 256 VLANs. (You can configure up to 64 VLANs in Hybrid mode.
Chapter 2 Network configuration 129 Multicast stream from exiting any other port that does not connect to another host member, thus conserving bandwidth. The following section describes how Business Policy Switches provide the same benefit as IP Multicast routers, but in the local area. IGMP is used by IP Multicast routers to learn about the existence of host group members on their directly attached subnets (see RFC 2236).
Chapter 2 Network configuration Figure 35 IP Multicast propagation with IGMP routing IGMP Host Host membership query Host membership query Internet Designated router #1 Designated router #2 Non-IP Multicast filtering switch Multicast stream Host membership report Non-IP Multicast filtering switch Host membership report BS45021B The Business Policy Switch can automatically set up IP Multicast filters so the IP Multicast traffic is only directed to the participating end nodes (see Figure 36).
Chapter 2 Network configuration 131 One client, connected to S2, responds with a host membership report. Switch S2 intercepts the report from that port, and generates a proxy report to its upstream neighbor, S1. Also, two clients connected to S4 respond with host membership reports, causing S4 to intercept the reports and to generate a consolidated proxy report to its upstream neighbor, S1.
Chapter 2 Network configuration After the switches learn which ports are requesting access to the IP Multicast stream, all other ports not responding to the queries are blocked from receiving the IP Multicast (Figure 37).
Chapter 2 Network configuration 133 IGMP snooping configuration rules The IGMP snooping feature operates according to specific configuration rules. When configuring your switch for IGMP snooping, consider the following rules that determine how the configuration reacts in any network topology: • • • • • • • • • A port that is configured for port mirroring cannot be configured as a static router port.
Chapter 2 Network configuration IEEE 802.1p prioritizing For more information on prioritizing traffic, refer to Chapter 4, “Policy-enabled networks.” You can use the VLAN Configuration screens to prioritize the order in which the switch forwards packets, on a per-port basis. For example, if messages from a specific segment are crucial to your operation, you can set the switch port connected to that segment to a higher priority level (by default, all switch ports are set to low priority).
Chapter 2 Network configuration 135 MultiLink Trunks Note: For guidelines on configuring VLANs, STGs, and MLT, refer to Chapter 1. MultiLink Trunks allow you to group up to four switch ports together to form a link to another switch or server, thus increasing aggregate throughput of the interconnection between the devices (up to 800 Mb/s in full-duplex mode). You can configure up to six MultiLink Trunks.
Chapter 2 Network configuration Figure 39 Switch-to-switch trunk configuration example Business Policy Switch 2 S1 T1 F F Business Policy Switch 2000 S2 T2 Business Policy Switch 2 S3 9804EA You can configure each of the trunks shown in Figure 39 with up to four switch ports to provide up to 800 Mb/s aggregate bandwidth through each trunk, in full-duplex mode.
Chapter 2 Network configuration 137 Figure 40 Switch-to-server trunk configuration example FS1 FS2 T1 S1 Business Policy Switch 2000 9805EA Client/server configuration using MultiLink Trunks Figure 41 shows an example of how MultiLink Trunking can be used in a client/server configuration. In this example, both servers connect directly to Switch S1. FS2 is connected through a trunk configuration (T1). The switch-to-switch connections are through trunks (T2, T3, T4, and T5).
Chapter 2 Network configuration Figure 41 Client/server configuration example FS1 FS2 T1 S1 Business Policy Switch 2000 F F T2 T3 Business Policy Switch 2000S3 T4 Business Policy Switch 2000S4 T5 Business Policy Switch 200 S2 9806EA For detailed information about configuring trunks, see Chapter 3. Before you configure trunks When you create and enable a trunk, the trunk members (switch ports) take on certain settings necessary for correct operation of the MultiLink Trunking feature.
Chapter 2 Network configuration 139 Ensure that the chosen switch ports are set to Enabled, using either the Port Configuration screen (see Chapter 3) or other network management system. Trunk member ports must have the same VLAN configuration. 3 All network cabling should be complete and stable before configuring any trunks, to avoid configuration errors.
Chapter 2 Network configuration • • • • • • When you set any trunk member to Disabled (not active) through the Port Configuration screen or through network management, the trunk member is removed from the trunk. The trunk member has to be reconfigured to rejoin the trunk through the Trunk Configuration screen on the CI menus, or another management system. A screen prompt precedes this action when you are using CI menus.
Chapter 2 Network configuration 141 Figure 42 Loss of distributed trunk members Business Policy Switch 2000 BPS2000 MDA Unit 1 Unit 2 Unit 3 BPS2000 MDA Unit 4 BPS2000 MDA Unit 5 Unit 6 BPS2000 MDA T1 Accelar 1150/1150R Routing Switch (XLR1102SR I/O Modules) Unit 7 Unit 8 CPU PS1 PS2 FAN 9843EA However, until you correct the cause of the failure or change the trunk Status field to Disabled, you will be unable to modify any of the following parameters for the affected trunk: • • • • • • VLAN confi
Chapter 2 Network configuration LAN speed, in Mb/s). Another three-port trunk (T2) is configured with an aggregate bandwidth of 210 Mb/s, with a comparable Path Cost of 4. When the Path Cost calculations for both trunks are equal, the software chooses the trunk with the larger aggregate bandwidth (T1) to determine the most efficient path. Also, the trunk cannot span multiple spanning tree groups.
Chapter 2 Network configuration 143 Figure 44 Example 1: correctly configured trunk S1 Port Configuration screen Business Policy Switch 2 S1 T1 Business Policy Switch 2000 S2 S2 Port Configuration screen 9808EA If Switch S2’s trunk member port 11 is physically disconnected and then reconnected to port 13, the Spanning Tree Port Configuration screen for Switch S1 changes to show port 6 in the Blocking state (Figure 45). Using the Business Policy Switch 2000 Version 2.
Chapter 2 Network configuration Figure 45 Example 2: detecting a misconfigured port [Blocking] S1 Port Configuration screen Business Policy Switch 2 S1 T1 Business Policy Switch 2000 S2 S2 Port Configuration screen 9809EA Additional tips about the MultiLink Trunking feature When you create a MultiLink Trunk, the individual trunk members (the specific ports that make up the trunk) logically connect and react as a single entity.
Chapter 2 Network configuration 145 All configured trunks are indicated in the Spanning Tree Configuration screen. The Trunk field lists the active trunks, adjacent to the port numbers that correspond to the specific trunk member for that trunk. When a trunk is active, you can disable spanning tree participation using the Trunk Configuration screen or using the Spanning Tree Configuration screen.
Chapter 2 Network configuration • • Port-based mirroring Address-based mirroring A sample Port Mirroring Configuration screen accompanies each network configuration example. Note that the displayed screens do not show all of the screen prompts that precede some actions. Note: Use the CI menus, the CLI, or the Web-based management system to configure port mirroring.
Chapter 2 Network configuration 147 Figure 46 shows the Port Mirroring Configuration screen setup for this example.
Chapter 2 Network configuration As shown in the Port Mirroring Configuration screen example (Figure 47), port 23 is designated as the Monitor Port for ports 24 and 25 in Switch S1. Note: The Unit value (in the Unit/Port field) is not configurable when the switch is operating standalone. For detailed information about the Port Mirroring screen fields, see Chapter 3.
Chapter 2 Network configuration 149 Address-based mirroring configuration Figure 48 shows an example of an address-based mirroring configuration where port 23, the designated monitor port for Switch S1, is monitoring traffic occurring between address A and address B.
Chapter 2 Network configuration • Monitor all traffic between address A and address B (conversation between the two stations). Figure 49 shows the Port Mirroring Configuration screen setup for this example. In this example, port 23 becomes the designated Monitor Port for Switch S1 when you press Enter in response to the [Yes] screen prompt. Note: The screen data displayed at the bottom of the screen changes to show the new currently active port mirroring configuration after you press Enter.
Chapter 2 Network configuration 151 Figure 49 Port Mirroring Configuration address-based screen example Port Mirroring Configuration Monitoring Mode: Monitor Unit/Port: [ [ Address A /23 ] Unit/Port X: Unit/Port Y: [ [ / / Address A: Address B: -> Address B ] ] ] [ 00-44-55-44-55-22 ] [ 00-33-44-33-22-44 ] Is your port mirroring configuration complete? [ Yes ] Currently Active Port Mirroring Configuration --------------------------------------------Monitoring Mode: -> Address A or Address B ->
Chapter 2 Network configuration • • VLAN configuration settings for any ports configured for port-based mirroring cannot be changed. Use the Port Mirroring Configuration screen to disable port mirroring (or reconfigure the port mirroring ports), then change the VLAN configuration settings. For port-based monitoring of traffic, use one of the following modes for monitoring broadcast, IP Multicast, or unknown DA frames: — Monitor all traffic received by port X.
Chapter 3 Using the console interface This chapter describes how to configure and manage the Business Policy Switch using the menu-driven console interface (CI). This chapter covers the following topics: • • • • “Compatibility with BayStack 450 switches,” next “Accessing the CI menus and screens” on page 154 “Using the CI menus and screens” on page 155 “Main Menu” on page 158 Compatibility with BayStack 450 switches The BPS 2000 software version 2.0 is compatible with BayStack 450 software version 4.
Chapter 3 Using the console interface You can use 256 port-, protocol-, and MAC SA-based VLANs for the stack with a Pure BPS 2000 stack running software version 1.2 or higher. (The maximum number of MAC SA-based VLANs is 48.) If you are working with a mixed, or hybrid, stack, you can use 64 VLANs for the entire stack.
Chapter 3 Using the console interface 155 Using the CI menus and screens The CI menus and screens provide options that allow you to configure and manage Business Policy Switches. Help prompts at the bottom of each menu and screen explain how to enter data in the highlighted field and how to navigate the menus and screens. The Console Port default settings are: 9600 baud with eight data bits, one stop bit, and no parity as the communications format, with flow control set to disabled.
Chapter 3 Using the console interface The option takes effect immediately after you press [Enter]. Alternatively, you can press the key corresponding to the underlined letter in the option name. For example, to select the Switch Configuration option in the main menu, press the w key. Note that the text characters are not case-sensitive. Additional navigation aids follow: • • • • • • • To toggle between values in a form: — Use the spacebar to highlight the value. — Press [Enter].
Chapter 3 Using the console interface 157 Figure 51 Map of console interface screens Main Menu IP Configuration/Setup SNMP Configuration System Characteristics Switch Configuration Console/Comm Port Configuration Identify Unit Numbers1 Renumber Stack Units1 Display Hardware Units Spanning Tree Configuration TELNET/SNMP/Web Access Configuration Software Download Configuration File Display Event Log Reset Reset to Default Settings Command Line Interface Logout MAC Address Table MAC Address Security Config.
Chapter 3 Using the console interface Main Menu This section describes the options available from the CI main menu (Figure 52). The CI screens and submenus for these options are described in the following sections. Note: Some menu options shown in this main menu example and in other screen examples in this chapter may not appear on your screen, depending on the switch options installed. However, the full menu options are shown in the screen examples and described in the following sections.
Chapter 3 Using the console interface 159 Table 10 describes the CI main menu options Table 10 Console interface Main Menu options Option Description IP Configuration/ Setup... Displays the IP Configuration/Setup screen (see “IP Configuration/Setup screen” on page 162). This screen allows you to set or modify IP configuration parameters and to ping other network devices. SNMP Configuration... Displays the SNMP Configuration screen (see “SNMP Configuration screen” on page 167).
Chapter 3 Using the console interface Table 10 Console interface Main Menu options (continued) Option Description Software Download... Displays the Software Download screen (see “Software Download screen” on page 265). This screen allows you to revise the Business Policy Switch software image that is located in nonvolatile flash memory (NVRAM). Configuration File... Displays the Configuration File Menu screen (see “Configuration File Menu screen” on page 274).
Chapter 3 Using the console interface 161 Table 10 Console interface Main Menu options (continued) Option Description Attenzione: Nel caso in cui si selezioni la reimpostazione dei valori di default, tutte le impostazioni configurate verranno sostituite dai default di fabbrica premendo il tasto [Invio]. Command Line Interface Allows a properly authorized user to initiate a CLI management session. Refer to Reference for the Business Policy Switch 2000 Command Line Interface Release 2.
Chapter 3 Using the console interface IP Configuration/Setup screen The IP Configuration/Setup screen (Figure 53) allows you to set or modify the Business Policy Switch IP configuration parameters. Data that you enter in the user-configurable fields takes effect as soon as you press [Enter]. To open the IP Configuration/Setup screen: ➨ Choose IP Configuration/Setup (or press i) from the main menu.
Chapter 3 Using the console interface 163 Table 11 IP Configuration/Setup screen fields Field Description Unit To view or configure an IP address for a specific unit, choose that unit number. BootP Request Mode One of four modes of operation for BootP. (See “Choosing a BootP request mode” on page 164 for details about the four modes.
Chapter 3 Using the console interface Table 11 IP Configuration/Setup screen fields (continued) Field Description In-Band Subnet Mask The subnet address mask associated with the in-band IP address shown on the screen (see In-Band Switch IP Address field). Network routers use the subnet mask to determine the network or subnet address portion of a host’s IP address.
Chapter 3 Using the console interface 165 • BootP or Last Address Note: Whenever the switch is broadcasting BootP requests, the BootP process will eventually time out if a reply is not received. When the process times out, the BootP request mode automatically changes to BootP Disabled mode. To restart the BootP process, change the BootP request mode to any of the three following modes: • • • BootP When Needed BootP Always BootP or Last Address.
Chapter 3 Using the console interface If an IP address is not currently in use, these actions take effect immediately. If an IP address is currently in use, these actions take effect only after the switch is reset or power cycled. BootP Disabled Allows the switch to be managed only by using the IP address set from the console terminal. When selected, this mode operates as follows: • • The switch does not broadcast BootP requests, regardless of whether an IP address is set from the console terminal.
Chapter 3 Using the console interface 167 SNMP Configuration screen The SNMP Configuration screen (Figure 54) allows you to set or modify the SNMP configuration parameters. To open the SNMP Configuration screen: ➨ Choose SNMP Configuration (or press m) from the main menu. Figure 54 SNMP Configuration screen SNMP Configuration Read-Only Community String: Read-Write Community String: [ public ] [ private ] Trap #1 IP Address: Community String: [ 0.0.0.0 ] [ ] Trap #2 IP Address: Community String: [ 0.
Chapter 3 Using the console interface Table 12 describes the SNMP Configuration screen fields. Table 12 SNMP Configuration screen fields Field Description Read-Only Community String The community string used for in-band read-only SNMP operations. Read-Write Community String Trap #1 IP Address* Community String Authentication Trap Autotopology Default Value public Range Any ASCII string of up to 32 printable characters The community string used for in-band read-write SNMP operations.
Chapter 3 Using the console interface 169 System Characteristics screen The System Characteristics screen (Figure 55) allows you to view system characteristics and contains three user-configurable fields: sysContact, sysName, and sysLocation. To open the System Characteristics screen: ➨ Choose System Characteristics (or press s) from the main menu.
Chapter 3 Using the console interface Table 13 describes the System Characteristics screen fields. Table 13 System Characteristics screen fields Field Description Operation Mode Read-only field that indicates the operation mode of the unit, for example: • When the unit is part of a stack configuration, the (read-only) field indicates the unit is operational in a stack, and lists the current unit number of this switch. In this example (see Figure 55 on page 169), the current unit number is Unit 2.
Chapter 3 Using the console interface 171 Table 13 System Characteristics screen fields (continued) Field Description sysContact The name and phone number of the person responsible for the switch. sysName sysLocation Default Value Zero-length string Range Any ASCII string of up to 56 printable characters* A name that uniquely identifies the switch. Default Value Zero-length string Range Any ASCII string of up to 56 printable characters* The physical location of the switch.
Chapter 3 Using the console interface Figure 56 Switch Configuration Menu screen Switch Configuration Menu MAC Address Table MAC Address Security Configuration... EAPOL Security Configuration… VLAN Configuration... Port Configuration... High Speed Flow Control Configuration... MultiLink Trunk Configuration... Port Mirroring Configuration... Rate Limiting Configuration... IGMP Configuration... Display Port Statistics Clear All Port Statistics Stack Operational Mode...
Chapter 3 Using the console interface 173 Table 14 Switch Configuration Menu screen options (continued) Option Description EAPOL Security Configuration... Displays the EAPOL Security Configuration menu (see “EAPOL Security Configuration screen” on page 191). This screen allows you to set up Extensible Authentication Protocol over LAN (EAPOL)based security. VLAN Configuration... Displays the VLAN Configuration Menu (see “VLAN Configuration Menu screen” on page 195).
Chapter 3 Using the console interface Table 14 Switch Configuration Menu screen options (continued) Option Description Clear All Port Statistics Allows you to clear all port statistics.
Chapter 3 Using the console interface 175 Figure 57 MAC Address Table Screen MAC Address Table Aging Time: Find an Address: Select VLAN ID: Number of addresses: 00-00-81-65-20-02 00-00-81-C1-9B-81 00-00-81-C1-F6-81 00-03-4B-40-2B-F4 00-08-C7-02-C4-C0 00-08-C7-20-CC-AE 00-08-C7-90-2E-E5 00-20-AF-9E-9E-FD 00-60-08-95-A6-F5 00-60-97-22-54-7C 00-80-2D-08-0B-5F 00-80-2D-22-4E-01 00-80-2D-22-93-F6 Unit: Unit: Unit: Unit: Unit: Unit: Unit: Unit: Unit: Unit: Unit: Unit: Unit: 2 2 2 2 2 2 2 2 2 2 2 2 2 Port: Po
Chapter 3 Using the console interface Table 15 MAC Address Table screen fields (continued) Field Description Find an Address Allows the user to search for a specific MAC address. Select VLAN ID Default Value 00-00-00-00-00-00 (no MAC address assigned) Range 00-00-00-00-00-00 to FF-FF-FF-FF-FF-FF Enter the VLAN ID number you want to display the MAC addresses for.
Chapter 3 Using the console interface 177 When the switch software detects a security violation on the specified MAC SAs, the response can be to send a trap, turn on the destination address (DA) filtering that is based on SA filtering, disable the specific port, or any combination of these three options. To open the MAC Address Security Configuration screen: ➨ Choose MAC Address Security Configuration from the Switch Configuration Menu.
Chapter 3 Using the console interface Table 16 MAC Address Security Configuration Menu Options (continued) Option Description MAC Address Security Port Lists... Displays the MAC Address Security Port Lists screen (see “MAC Address Security Port Lists screens” on page 184). This screen allows you to create port lists that can be used as an allowed source port list for a MAC address in the MAC Address Security Table screen. MAC Address Security Table...
Chapter 3 Using the console interface 179 MAC Address Security Configuration screen The MAC Address Security Configuration screen (Figure 59) allows you to enable or disable the MAC address security feature and to specify the appropriate system responses to any unauthorized network access to your switch. ➨ Choose MAC Address Security Configuration from the MAC Address Security Configuration Menu to open the MAC Address Security Configuration screen.
Chapter 3 Using the console interface Table 17 describes the MAC Address Security Configuration screen fields. Table 17 MAC Address Security Configuration fields Field Description MAC Address Security When this field is set to enabled, the software checks source MAC addresses of packets that arrive on secure ports against MAC addresses listed in the MAC Address Security Table for allowed membership.
Chapter 3 Using the console interface 181 Table 17 MAC Address Security Configuration fields (continued) Field Description DA Filtering on Intrusion Detected When set to enabled, this field isolates the intruding node by filtering (discarding) packets sent to that MAC address.
Chapter 3 Using the console interface To open the MAC Address Security Port Configuration screen: ➨ Choose MAC Address Security Port Configuration from the MAC Address Security Configuration Menu.
Chapter 3 Using the console interface 183 Figure 60 MAC Security Port Configuration screen (1 of 2) MAC Security Port Configuration Port ---1 2 3 4 5 6 7 8 9 10 11 12 13 14 Trunk ----- Security -----------[ Disabled ] [ Disabled ] [ Disabled ] [ Disabled ] [ Disabled ] [ Disabled ] [ Disabled ] [ Disabled ] [ Disabled ] [ Disabled ] [ Disabled ] [ Disabled ] [ Disabled ] [ Disabled ] More... Press Ctrl-N to display choices for additional ports..
Chapter 3 Using the console interface Table 18 describes the MAC Security Port Configuration screen fields. Table 18 MAC Security Port Configuration screen fields Field Description Port Displays a numbered port list. Trunk Displays the trunk number if the port is a member of that trunk. Default Security blank field This field value determines whether or not security is enabled or disabled on the port level or switch level.
Chapter 3 Using the console interface 185 Figure 62 MAC Address Security Port Lists screens MAC Address Security Port Lists Entry ----S1 Screen 1 Port List --------[ ] S2 [ ] S3 ] S4 [ Entry ----S8 [ S5 S9 [ ] [ ] S6 S10 [ ] ] S7 S11 [ ] Entry[ ----S15 [ ] MAC Address Security Port Lists Screen 2 Port List --------[ ] ] Screen 3 MAC Address Security Port Lists Port List --------[ ] More...
Chapter 3 Using the console interface Figure 63 MAC Address Security Port Lists screen MAC Address Security Port Lists Entry ----S1 S2 S3 S4 S5 S6 S7 Port List --------[ 1/1-7,2/1-7,2/9,3/1-4,4/12 ] [ 2/1-7,2/9,4/3-5 ] [ 1/3,2/7,3/1-4 ] [ 4/12 ] [ 1/NONE,2/NONE,3/NONE,4/NONE ] [ 1/ALL,2/ALL,3/ALL,4/ALL ] [ 3/ALL ] More... Press Ctrl-N to display next screen. PortT Enter unit/port, “1/NONE”, “1/ALL”, “2/3,4/7-9”. Press or when done. Press Ctrl-R to return to previous menu.
Chapter 3 Using the console interface 187 A unit/port number list is composed of one or more list items, each of which can be a single number or a range of numbers (where the numbers represents one or more ports). If a list item is preceded by a number and then a slash (/), the number represents a stack unit. For example, 1/1-7,2/1-7,2/9,3/1-4,4/12 is a valid unit/port number list (see entry S1 in Figure 63 on page 186).
Chapter 3 Using the console interface As an alternative method instead, you can highlight the field and then enter +2/9 [Return]. The existing field keeps the previous list and adds the new port number (2/9) between ports 2/7 and 3/14. (If you choose to add port 2/8 to the existing port number list, the field accepts the new port 2/8 but shows the new port number list field as: 1/3,2/7-8,3/1-4.
Chapter 3 Using the console interface 189 MAC Address Security Table screens The MAC Address Security Table screens allow you specify the ports that each MAC address is allowed to access. You must also include the MAC addresses of any routers that are connected to any secure ports. There are 16 available MAC Address Security Table screens (Figure 64) that you can use to create up to 448 MAC address entries (28 per screen).
Chapter 3 Using the console interface Figure 65 MAC Address Security Table screen MAC Address Security Table [ [ [ [ [ [ [ [ [ [ [ [ [ [ MAC Address ----------44-33-22-44-55-44 22-44-33-55-66-55 22-55-33-44-33-22 44-22-33-55-44-22 22-33-44-55-33-44 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Find an Address: Allowed Source -------------] [ S1 ] ] [ S2 ] ] [ S3 ] ] [ S4 ] ] [ S3 ] ] [ ] ] [ ] ] [ ] ] [ ] ] [ ] ] [ ] ] [ ] ] [ ] ] [ ] [ [ [ [ [ [ [ [ [ [ [ [ [ [ MAC Addr
Chapter 3 Using the console interface 191 Table 20 MAC Address Security Table Screen Fields (continued) Field Description Allowed Source Allows you to specify the ports that each MAC address is allowed to access. The options for the Allowed Source field include a single unit/port number or a port list value that you have previously configured in the MAC Address Security Port Lists screen. Default Range - (Blank field) A single unit/port or a port list value (for example, 1/3, 1/6, 3/4, S1, S5, etc.).
Chapter 3 Using the console interface To open the EAPOL Security Configuration screen: ➨ Choose EAPOL Security Configuration (or press e) from the Switch Configuration Menu.
Chapter 3 Using the console interface 193 Table 21 EAPOL security configuration screen options (continued) Option Description Unit Allows you to select the unit number (when stacking is configured) to view or configure. To view or configure another unit, type its unit number and press [Enter], or press the spacebar to toggle the unit numbers. If you set this field value to All, other screen field values you modify apply to all stack ports.
Chapter 3 Using the console interface Table 21 EAPOL security configuration screen options (continued) Option Description Administrative Traffic Control Allows you to choose whether EAPOL authentication is set for incoming and outgoing traffic or for incoming traffic only. For example, if you set the specified unit/port field value to Incoming and Outgoing, and the EAPOL authentication fails, then both incoming and outgoing traffic on the specified unit/port is blocked.
Chapter 3 Using the console interface 195 Table 21 EAPOL security configuration screen options (continued) Option Description Server Timeout Default 30 seconds Range 1 to 65535 seconds Allows you to specify how long the switch waits for the RADIUS server to respond to all EAP packets. Maximum Requests Default 30 seconds Range 1 to 65535 seconds Allows you to specify the number of times the switch attempts to resend EAP packets to a supplicant.
Chapter 3 Using the console interface You can configure up to 48 MAC SA-based VLANs. Up to 48 MAC addresses can be used with the existing MAC SA-based VLANs. Due to hardware limitations, it is possible that some MAC address cannot be entered, depended on the values of MAC addresses previously entered. When you create VLANs, you can assign various ports (and therefore the devices attached to these ports) to different broadcast domains.
Chapter 3 Using the console interface 197 Table 22 describes the VLAN Configuration Menu screen options. Table 22 VLAN Configuration Menu Screen options Option Description VLAN Configuration... Displays the VLAN Configuration screen (see “VLAN Configuration screen” on page 197). This screen allows you to set up VLAN workgroups. MAC Addresses for MAC-SA Based VLAN Allows you to configure MAC source address-based VLANs.
Chapter 3 Using the console interface You can add or remove port members from a VLAN in accordance with the IEEE 802.1Q tagging rules. Refer to Chapter 2 for a description of important terms used with 802.1Q VLANs. You can also use this screen to create and to delete specific VLANs, to assign VLAN names, and to assign any VLAN as the management VLAN. To open the VLAN Configuration screen: ➨ Choose VLAN Configuration (or press v) from the VLAN Configuration Menu screen.
Chapter 3 Using the console interface 199 Figure 68 VLAN Configuration screen VLAN Configuration Create VLAN: Delete VLAN: VLAN Name: Management VLAN: IVL/SVL: Unit #1 Unit #2 [ 1 ] [ ] [ VLAN #1 ] [ Yes ] Now: 1 [ IVL ] VLAN Type: Protocol Id (PID): User-Defined PID: VLAN State: 1-6 ------ Port Membership 7-12 13-18 19-24 ---------------- TUUUUU UUUUUU UUUUUU UUUUUU UUUUUU UUUUUU [ [ [ [ Port-Based None ] 0x0000 ] Active ] ] UUUUUU UUUUUU KEY: T= Tagged Port Member, U = Untagged Port Member, -
Chapter 3 Using the console interface Table 23 VLAN Configuration screen fields (continued) Field Description The specified VLAN is deleted as soon as you press [Return]. The software does not prompt you to reconsider this action. If you delete a VLAN, all configuration parameters that are associated with that VLAN are deleted also. You cannot delete VLAN 1. By default, all switch ports are assigned as untagged members of VLAN 1 with all ports configured as PVID = 1. See Chapter 1 for more information.
Chapter 3 Using the console interface 201 Table 23 VLAN Configuration screen fields (continued) Field Description Range User-Defined PID VLAN State Port Membership None, IP Ether2, Ipx 802.3, Ipx 802.2, Ipx Snap, Ipx Ether2, AplTk Ether2Snap, Declat Ether2, DecOth Ether2, Sna 802.2, Sna Ether2, NetBios 802.2, Xns Ether2,Vines Ether2, Ipv6 Ether2, User-Defined, Rarp Ether2 Allows you to create your own user-defined VLAN where you specify the Protocol Identifier (PID) for the VLAN.
Chapter 3 Using the console interface Predefined Protocol Identifier (PID) description Table 24 defines the standard protocol-based VLANs and PID types that are supported by the Business Policy Switch and BayStack 450 and BayStack 410 switches. Table 24 Predefined Protocol Identifier (PID) PID Name Encapsulation PID Value (hex) VLAN Type IP Ether2 Ethernet type 2 0800, 0806 Standard IP on Ethernet Type 2 frames Ipx 802.3 Ethernet 802.2 FF FF Novell IPX on Ethernet 802.3 frames Ipx 802.
Chapter 3 Using the console interface 203 User-Defined Protocol Identifier Description In addition to the standard predefined protocols, user-defined protocol-based VLANs are supported. For user-defined protocol-based VLANs, you specify the protocol identifier (PID) for the VLAN. Any frames that match the specified PID in any of the following ways are assigned to that user-defined VLAN: • • • The ethertype for Ethernet type 2 frames The PID in Ethernet SNAP frames The DSAP or SSAP value in Ethernet 802.
Chapter 3 Using the console interface MAC Address Configuration for MAC-SA-Based VLAN screen The MAC Address Configuration for MAC-SA Based VLAN screen (Figure 69) allows you to configure specific MAC SA-based VLANs. This screen allows you to select a MAC SA-based VLAN.
Chapter 3 Using the console interface 205 Port restrictions Ports on the BayStack 450-1GBIC, 450-1SR, 450-1SX, 450-1LR, 450-1LX MDAs and BayStack 410 ports do not have the ability to assign incoming untagged frames to a protocol-based VLAN. To allow these ports to participate in protocol-based VLANs, you must set the Tagging field value in the VLAN Port Configuration screen to Tagged Trunk. Incoming untagged frames will be assigned to the PVID VLAN.
Chapter 3 Using the console interface Figure 70 VLAN Port Configuration screen VLAN Port Configuration Unit: Port: Filter Tagged Frames: Filter Untagged Frames: Filter Unregistered Frames: Port Name: PVID: Port Priority: Tagging: [ [ [ [ [ [ [ [ [ AutoPVID (all ports): [ 1 ] 1 ] No ] No ] No ] Unit 1, Port 1 ] 1 ] 0 ] Tagged Trunk ] Disabled ] Use space bar to display choices, press or to select choice. Press Ctrl-R to return to previous menu. Press Ctrl-C to return to Main Menu.
Chapter 3 Using the console interface 207 Table 27 VLAN Port Configuration screen fields (continued) Field Description Filter Unregistered Frames Sets this port to filter (discard) all received unregistered packets. The Business Policy Switch does not support the Yes option. Port Name PVID Port Priority Tagging Default No Range No, Yes The default port name (with associated stack unit number when configured) assigned to this port.
Chapter 3 Using the console interface Table 27 VLAN Port Configuration screen fields (continued) Field Description AutoPVID Automatically associates this PVID specific VLAN. Default Disabled Range Enabled, Disabled VLAN Display by Port screen The VLAN Display by Port screen (Figure 71) allows you to view VLAN characteristics associated with a specified switch port. Choose VLAN Display by Port (or press d) from the VLAN Configuration Menu screen to open the VLAN Display by Port screen.
Chapter 3 Using the console interface 209 Table 28 VLAN Display by Port screen fields Field Description Unit Allows you to select a switch in your stack. To view another switch, type its switch number and press [Enter], or press the spacebar to toggle the switch numbers. Port Allows you to select the number of the port you want to view. To view another port, type its port number and press [Enter], or press the spacebar on your keyboard to toggle the port numbers.
Chapter 3 Using the console interface Figure 72 Port Configuration screen (1 of 2) Port ---1 2 3 4 5 6 7 8 9 10 11 12 13 14 Trunk Status ----- -----[ Enabled ] [ Enabled ] [ Enabled ] [ Enabled ] [ Enabled ] [ Enabled ] [ Enabled ] [ Enabled ] [ Enabled ] [ Enabled ] [ Enabled ] [ Enabled ] [ Enabled ] [ Enabled ] Link ---Down Down Down Down Up Down Down Down Up Down Down Down Down Down Port Configuration Unit: [ 1 ] LnkTrap Autonegotiation ------- --------------[ On ] [ Enabled ] [ On ] [ Enabled ]
Chapter 3 Using the console interface 211 Note: When a gigabit MDA is installed, only the Status field for that MDA port is configurable. See “High Speed Flow Control Configuration screen” on page 212 to set the autonegotiation field for the gigabit MDA port. Table 29 describes the Port Configuration screen fields.
Chapter 3 Using the console interface Table 29 Port Configuration screen fields (continued) Field Description Speed/Duplex* Allows you to manually configure any port to support an Ethernet speed of 10 Mb/s or 100 Mb/s, in half- or full-duplex mode. This field is set (by default) to 1000 Mb/s, full-duplex for gigabit ports only. NOTE: Use the High Speed Flow Control Configuration screen (next) to set autonegotiation for all gigabit ports.
Chapter 3 Using the console interface 213 Figure 74 High Speed Flow Control Configuration High Speed Flow Control Configuration Unit: [ 1 ] Autonegotiation: Flow Control: Preferred Phy: [ Enabled ] Disabled [ Right ] Active Phy: Right Use space bar to display choices, press or to select choice. Press Ctrl-R to return to previous menu. Press Ctrl-C to return to Main Menu. Table 30 describes the High Speed Flow Control Configuration screen fields.
Chapter 3 Using the console interface Table 30 High Speed Flow Control Configuration Screen Fields (continued) Field Description Flow Control Allows you to control traffic and avoid congestion on the Gigabit MDA port. Two modes are available (see “Choosing a high speed flow control mode” for details about the two modes). The Flow Control field cannot be configured unless you set the Autonegotiation field value to Disabled.
Chapter 3 Using the console interface 215 Asymmetric mode This mode allows the link partner to send flow control pause frames to the Gigabit MDA port. When a pause frame is received, the receiving port suspends transmission of frames for a number of slot times specified in the control frame or until a pause-release control frame is received. In this mode, the Gigabit MDA port is disabled from transmitting pause frames to its link partner.
Chapter 3 Using the console interface Figure 75 MultiLink Trunk Configuration Menu screen MultiLink Trunk Configuration Menu MultiLink Trunk Configuration... MultiLink Trunk Utilization... Return to Switch Configuration Menu Use arrow keys to highlight option, press or to select option. Press Ctrl-R to return to previous menu. Press Ctrl-C to return to Main Menu. Table 31 describes the MultiLink Trunk Configuration Menu screen options.
Chapter 3 Using the console interface 217 Any mix of up to eight Business Policy Switches and BayStack 450 and BayStack 410 switches can be stacked to provide a total of 224 ports (when all MDA slots are configured with the maximum port availability). See Appendix B, for more information about a mixed stack configuration. When the trunks are enabled, the trunk members take on default settings necessary for correct operation of the MultiLink Trunking feature.
Chapter 3 Using the console interface Table 32 describes the MultiLink Trunk Configuration screen fields. Table 32 MultiLink Trunk Configuration screen fields Field Description Trunk Column header for the read-only fields in this screen. The read-only data displayed in the Trunk column indicates the trunk (1 to 6) that corresponds to the switch ports specified in the user-configurable Trunk Members fields.
Chapter 3 Using the console interface 219 MultiLink Trunk Utilization screen The MultiLink Trunk Utilization screen (Figure 77 and Figure 78) allows you to monitor the percentage of bandwidth used by configured trunk members. You can choose the type of traffic to monitor. Figure 77 shows an example of bandwidth utilization rates for trunk member ports. Because two screens are necessary to show all of the configured trunks (up to six), the screen prompts you to Press [Ctrl]-N to view trunks five and six.
Chapter 3 Using the console interface Figure 78 MultiLink Trunk Utilization screen (2 of 2) MultiLink Trunk Utilization Trunk ----5 6 Traffic Type ------------[ Rx and Tx ] [ [ [ [ Rx Rx Rx Rx and and and and Tx Tx Tx Tx Unit/Port --------8/22 8/23 ] ] ] ] Last 5 Minutes -------------45.0% 55.0% 3/2 1/2 7/2 5/6 65.0% 45.0% 25.0% 75.0% Last 30 Minutes --------------35.0% 25.0% 30.0% 50.0% 40.0% 80.0% Last Hour -------50.0% 70.0% 55.0% 35.0% 50.0% 55.
Chapter 3 Using the console interface 221 Table 33 MultiLink Trunk Utilization screen fields (continued) Field Description Last 30 Minutes This read-only field indicates the percentage of packets (of the type specified in the Traffic Type field) utilized by the port in the last 30 minutes. This field provides a running average of network activity and is updated every 15 seconds.
Chapter 3 Using the console interface Figure 79 Port Mirror Configuration screen Port Mirroring Configuration Monitoring Mode: Monitor Unit/Port: Unit/Port X: Unit/Port Y: Address A: Address B: [ -> Port X [ 3/12 ] [ 4/5 [ 4/6 or Port Y -> ] ] ] [ 00-00-00-00-00-00 ] [ 00-00-00-00-00-00 ] Currently Active Port Mirroring Configuration --------------------------------------------Monitoring Mode -> Port X or Port Y -> Monitor Unit: 3 Port: 12 Unit X: 4 Port X: 5 Unit Y: 4 Port Y: 6 Use space bar to
Chapter 3 Using the console interface 223 Table 34 Port Mirroring Configuration screen fields (continued) Field Description Unit/Port X Indicates one of the ports (of the specified unit) that will be monitored by the designated port monitor when one of the port-based monitoring modes is selected. This port will be monitored according to the value of Port X in the Monitoring Mode field (see Table 35).
Chapter 3 Using the console interface Table 35 Monitoring modes Field Description Port-based: Disabled Default value for this feature. -> Port X Monitor all traffic received by Port X. Port X -> Monitor all traffic transmitted by Port X. <-> Port X Monitor all traffic received and transmitted by Port X. -> Port X or Port Y -> Monitor all traffic received by Port X or transmitted by Port Y. Note: Do not use this mode for broadcast or multicast traffic.
Chapter 3 Using the console interface 225 To open the Rate Limiting Configuration screen: ➨ Choose Rate Limiting Configuration (or press l) from the Switch Configuration Menu screen.
Chapter 3 Using the console interface Figure 81 Rate Limiting Configuration screen (2 of 2) Port Packet Type ---------------15 [ Both ] 16 [ Both ] 17 [ Multicast ] 18 [ Both ] 19 [ Both ] 20 [ Both ] 21 [ Broadcast ] 22 [ Both ] 23 [ Both ] 24 [ Multicast ] 25 [ Both ] 26 [ Both ] 27 [ Both ] 28 [ Both ] Switch[ Both ] Stack [ Both ] Rate Limiting Configuration Unit: [ 1 ] Limit Last 5 Minutes Last Hour ----------------------------[ None ] 44.0% 56.0% [ None ] 67.0% 34.0% [ 10% ] 65.0% 48.
Chapter 3 Using the console interface 227 Table 36 Rate Limiting Configuration screen fields Field Description Port Indicates the switch port numbers that correspond to the field values in that row of the screen (for example, the field values in row 2 apply to switch port 2). Note that the values applied in the Switch or Stack row (last 2 rows) affect all standalone switch ports or all switch ports in a stack. Packet Type Allows you to select the packet types for rate-limiting or viewing.
Chapter 3 Using the console interface To open the IGMP Configuration Menu screen: ➨ Choose IGMP Configuration (or press g) from the Switch Configuration Menu screen. Figure 82 IGMP Configuration Menu screen IGMP Configuration Menu IGMP Configuration... Display Multicast Group Membership Return to Switch Configuration Menu Use arrow keys to highlight option, press or to select option. Press Ctrl-R to return to previous menu. Press Ctrl-C to return to Main Menu.
Chapter 3 Using the console interface 229 Table 37 IGMP Configuration Menu screen options Option Description IGMP Configuration... Displays the IGMP Configuration screen (see “IGMP Configuration screen” on page 229). This screen allows you to set up IGMP VLAN configurations. Display Multicast Group Membership... Displays the Multicast Group Membership screen (see“Multicast Group Membership screen” on page 232. This screen allows you to view all IP Multicast addresses that are active in the current LAN.
Chapter 3 Using the console interface Figure 83 IGMP Configuration screen IGMP Configuration VLAN: Snooping: Proxy: Robust Value: Query Time: Set Router Ports: Unit #1 Unit #2 1-6 -----------X---X Static 7-12 ------X--------- [ [ [ [ [ [ 1 ] Enabled ] Enabled ] 2 ] 125 seconds ] Version 1 ] Router Ports 13-18 19-24 -----------X------------------- KEY: X = IGMP Port Member (and VLAN Member), - = Not an IGMP Member Use space bar to display choices, press or to select choice.
Chapter 3 Using the console interface 231 Table 38 IGMP Configuration screen fields (continued) Field Description Proxy Allows the switch to consolidate IGMP Host Membership Reports received on its downstream ports and to generate a consolidated proxy report for forwarding to its upstream neighbor. This field affects all VLANs (for example, if you disable proxy on the VLAN specified in the screen’s VLAN field, ALL VLANs are disabled for proxy).
Chapter 3 Using the console interface Table 38 IGMP Configuration screen fields (continued) Field Description Static Router Ports Allows a user to assign switch ports to any port that has a path to a multicast router. When the unit is part of a stack configuration, the screen displays the unit numbers of the switches configured in the stack, along with the corresponding ports. The configured ports do not filter any IP Multicast traffic.
Chapter 3 Using the console interface 233 Figure 84 Multicast Group Membership screen Multicast Group Membership VLAN: [ Multicast Group Address ------------------------277.37.32.6 277.37.32.5 277.37.32.4 277.37.32.3 277.37.32.2 277.37.32.1 1 ] Port ---------------Unit: 1 Port: Unit: 1 Port: Unit: 1 Port: Unit: 1 Port: Unit: 1 Port: Unit: 1 Port: Press Ctrl-R to return to previous menu. Main Menu. 1 1 1 1 1 1 Press Ctrl-C to return to Table 39 describes the Multicast Group Membership screen options.
Chapter 3 Using the console interface Port Statistics screen The Port Statistics screen (Figure 85) allows you to view detailed information about any switch or port in a stacked or standalone configuration. The screen is divided into two sections (Received and Transmitted) so that you can compare and evaluate throughput or other port parameters. All screen data is updated approximately every 2 seconds.
Chapter 3 Using the console interface 235 Figure 85 Port Statistics screen Port Statistics Unit: [ 2 ] Port: [ 1 ] Received Transmitted --------------------------------------------------------------------Packets: 0 Packets: 0 Multicasts: 0 Multicasts: 0 Broadcasts: 0 Broadcasts: 0 Total Octets: 0 Total Octets: 0 Lost Packets: 0 Packets 64 bytes: 0 Packets 64 bytes: 0 65-127 bytes 0 65-127 bytes 0 128-255 bytes 0 128-255 bytes 0 256-511 bytes 0 256-511 bytes 0 512-1023 bytes 0 512-1023 bytes 0 1024-1518 by
Chapter 3 Using the console interface Table 40 Port Statistics screen fields Field Description Unit Only appears if the switch is participating in a stack configuration. The field allows you to select the number of the unit you want to view or configure. To view or configure another unit, type its unit number and press [Enter], or press the spacebar on your keyboard to toggle the unit numbers. Port Allows you to select the number of the port you want to view or reset to zero.
Chapter 3 Using the console interface 237 Table 40 Port Statistics screen fields (continued) Field Description 128-255 bytes Received column: Indicates the total number of 128-byte to 255-byte packets received on this port. Transmitted column: Indicates the total number of 128-byte to 255-byte packets transmitted successfully on this port. 256-511 bytes Received column: Indicates the total number of 256-byte to 511-byte packets received on this port.
Chapter 3 Using the console interface Table 40 Port Statistics screen fields (continued) Field Description The following field values appear only when the port selected in the Unit/Port field is configured with a Gigabit MDA. Pause Frames Transmitted column: Indicates the total number of pause frames transmitted on this port. Pause frames cause the transmitting port to temporarily suspend the transmission of packets when the receiving port’s frame buffer is full (Gigabit ports only).
Chapter 3 Using the console interface 239 Table 41 describes the Stack Operational Mode screen fields. Table 41 Stack Operational Mode screen fields Field Description Current Stack Operational Mode A read-only field that indicates the current mode of your stack. This field identifies a stack that contains only Business Policy Switches or a stack that contains a variety of switches. Default Range Next Stack Operational Mode Allows you to set the configuration modes of your stack.
Chapter 3 Using the console interface Figure 87 Console/Comm Port Configuration screen Console/Comm Port Configuration Comm Port Data Bits: Comm Port Parity: Comm Port Stop Bits: Console Port Speed: 8 Data Bits No Parity 1 Stop Bit [ 2400 Baud Console Switch Password Type: Console Stack Password Type: Telnet Switch Password Type: Telnet Stack Password Type: [ [ [ [ Console Console Console Console [ [ [ [ Read-Only Switch Password: Read-Write Switch Password: Read-Only Stack Password: Read-Write St
Chapter 3 Using the console interface 241 Table 42 Console/Comm Port Configuration screen fields (continued) Field Description Achtung: Bei Auswahl einer Baud rate, die nicht mit der Baudrate des Konsolenterminals übereinstimmt, geht die Kommunikation mit der Konsolenschnittstelle verloren, wenn Sie die Eingabetaste drücken. Stellen Sie in diesem Fall das Konsolenterminal so ein, daß es mit der neuen Einstellung der Service-Schnittstelle übereinstimmt.
Chapter 3 Using the console interface Table 42 Console/Comm Port Configuration screen fields (continued) Field Description Console Stack Password Type Enables password protection for accessing the console interface (CI) of any participating switch in a stack configuration through a console terminal. If you set this field to Required, you can use the Logout option to restrict access to the CI of any stack unit.
Chapter 3 Using the console interface 243 Table 42 Console/Comm Port Configuration screen fields (continued) Field Description Default Value: secure Range: Any ASCII string of up to 15 printable characters Caution: If you change the system-supplied default passwords, be sure to write the new passwords down and keep them in a safe place. If you forget the new passwords, you cannot access the console interface. In that case, contact Nortel Networks for help.
Chapter 3 Using the console interface Table 42 Console/Comm Port Configuration screen fields (continued) Field Description Console Read-Only Stack Password When the Console Switch Password field is set to Required (for Telnet, for Console, or for Both), this field allows read-only password access to the CI of any participating switch in a stack configuration.
Chapter 3 Using the console interface 245 Table 42 Console/Comm Port Configuration screen fields (continued) Field Description Attenzione: In caso di modifica delle password predefinite nel sistema, assicurarsi di annotare le nuove password e di conservarle in un luogo sicuro. Nel caso in cui le nuove password vengano dimenticate, non sarà possibile accedere all'interfaccia della console. In tal caso, contattare la Nortel Networks per avere assistenza.
Renumber Stack Units screen The Renumber Stack Units screen (Figure 88) allows you to renumber the units configured in the stack. When selected, this option identifies the unit number of each unit in the stack configuration by lighting the corresponding number of (100 Mb/s port) LEDs on each unit for approximately 10 seconds. For example, unit 3 will display three LEDs. Note: This menu option and screen appears only when the switch is participating in a stack configuration.
Chapter 3 Using the console interface 247 Table 43 describes the Renumber Stack Units screen options. Table 43 Renumber Stack Units screen options Option Description Current Unit Number Read-only fields listing the current unit number of each of the configured stack units. The entries in this column are displayed in order of their current physical cabling with respect to the base unit, and can show nonconsecutive unit numbering if one or more units were previously moved or modified.
Chapter 3 Using the console interface Figure 89 Hardware Unit Information screen Hardware Unit Information Unit #1 Unit #2 Switch Model ---------------BPS 2000 BPS 2000 MDA Model --------None None Press Ctrl-R to return to previous menu. Menu. Cascade MDA ----------400-ST1 400-ST1 Software Version ---------------v.1.2.0.0 v.1.2.0.
Chapter 3 Using the console interface 249 Figure 90 Spanning Tree Configuration Menu Spanning Tree Configuration Menu Spanning Tree Group Configuration Spanning Tree Port Configuration... Display Spanning Tree Switch Settings Display Spanning Tree VLAN Membership Return to Main Menu Use arrow keys to highlight option, press or to select option. Press Ctrl-R to return to previous menu. Press Ctrl-C to return to Main Menu.
Chapter 3 Using the console interface Note: Because multiple STGs are available only in Pure BPS 2000 Stack mode, the first and fourth menu items do not appear when you work in Hybrid Stack, or mixed stack, mode. Spanning Tree Group Configuration screen The Spanning Tree Group Configuration screen allows you to create and configure spanning tree groups (STGs). Multiple STGs, up to 8, are available with software version 1.2 and higher. The STGs are available only in Pure BPS 2000 Stack mode.
Chapter 3 Using the console interface 251 Figure 91 Spanning Tree Group Configuration Spanning Tree Group Configuration Create STP Group: Delete STP Group: Bridge Priority: Bridge Hello Time: Bridge Max.
Chapter 3 Using the console interface Table 45 Spanning Tree Group Configuration parameters (continued) Parameter Description Bridge Priority For the STP Group, indicates the management-assigned priority value of the bridge ID in hexadecimal notation, which is the most significant byte of the bridge ID. The STA uses this parameter to determine the root bridge (or designated bridge). For example, the bridge with the lowest bridge ID becomes the root bridge, with Bridge Priority values.
Chapter 3 Using the console interface 253 Table 45 Spanning Tree Group Configuration parameters (continued) Parameter Description Add VLAN Membership Allows you to add a VLAN to the specified spanning tree group. Default Value 1 Range 1 to 4094 NOTE: Beginning with BPS 2000 software version 1.2, the system displays the following message when you add a VLAN to a spanning tree group: Vlan X removed from STP A. Vlan X added to STP B.
Chapter 3 Using the console interface The Spanning Tree Port Configuration screen allows you to set the STG participation for each switch port or all ports and to display spanning tree settings for individual switch ports or all switch ports. Note: If spanning tree participation of any trunk member is changed (enabled or disabled), the spanning tree participation of all members of that trunk is changed similarly. Figure 92 shows sample port displays for the two Spanning Tree Port Configuration screens.
Chapter 3 Using the console interface 255 Note: Because multiple STGs are available only in Pure BPS 2000 Stack mode, STP Group does not appear when you work in Hybrid Stack, or mixed stack, mode. Table 46 describes the Spanning Tree Port Configuration screen fields. Table 46 Spanning Tree Port Configuration screen fields Field Description STP Group The field allows you to select the number of the spanning tree group (STG) you want to view.
Chapter 3 Using the console interface Table 46 Spanning Tree Port Configuration screen fields (continued) Field Description Path Cost This read-only field is a bridge spanning tree parameter that determines the lowest path cost to the root. Default Value 10 or 100 (1 for Gigabit port) Path Cost = 1000/LAN speed (in Mb/s) The higher the LAN speed, the lower the path cost. See also Priority.
Chapter 3 Using the console interface 257 Figure 93 Spanning Tree Switch Settings Spanning Tree Switch Settings STP Group: [ 1 ] Bridge Priority: Designated Root: Root Port: Root Path Cost: Hello Time: Maximum Age Time: Forward Delay: Bridge Hello Time: Bridge Maximum Age Time: Bridge Forward Delay: 8000 8000000342F6DE21 Unit: 2 Port: 2 30 2 seconds 20 seconds 15 seconds 2 seconds 20 seconds 15 seconds Use space bar to display choices, press or to select choice.
Chapter 3 Using the console interface Table 47 describes the Spanning Tree Switch Settings parameters. Table 47 Spanning Tree Switch Settings parameters Parameter Description STP Group The field allows you to select the number of the spanning tree group (STG) you want to view. To view another STG, type that STG ID number and press [Enter], or press the spacebar on your keyboard to to toggle the STP Group numbers.
Chapter 3 Using the console interface 259 Table 47 Spanning Tree Switch Settings parameters (continued) Parameter Description Maximum Age Time For STP Group, indicates the Maximum Age Time parameter value that the root bridge is currently using. This value specifies the maximum age that a Hello message can attain before it is discarded.
Chapter 3 Using the console interface Table 47 Spanning Tree Switch Settings parameters (continued) Parameter Description The Forward Delay parameter value specifies the amount of time that the bridge ports remain in the Listening and Learning states before entering the Forwarding state. Note that all bridges participating in the spanning tree network use the root bridge’s Forward Delay parameter value. See also Forward Delay.
Chapter 3 Using the console interface 261 Figure 94 Spanning Tree VLAN Membership screen Spanning Tree VLAN Membership STP Group: [ 1 ] Total VLAN Membership: 3 1 | 2 | 3 | Use space bar to display choices, press or to select choice. Press Ctrl-R to return to previous menu. Press Ctrl-C to return to Main Menu. Table 48 describes the Spanning Tree VLAN Membership parameters.
Chapter 3 Using the console interface TELNET/SNMP/Web Access Configuration screen The TELNET/SNMP/Web Access Configuration screen (Figure 95) allows a user at a remote console terminal to communicate with the Business Policy Switch as if the console terminal were directly connected to it. You can have up to 4—or 10, if you are running software version 1.2 or higher—active Telnet sessions at one time.
Chapter 3 Using the console interface 263 Table 49 describes the TELNET/SNMP/Web Access Configuration screen fields. Table 49 TELNET/SNMP/Web Access Configuration screen fields Field Description TELNET Access Allows a user remote access to the management systems through a Telnet session. Login Timeout Login Retries Inactivity Timeout Event Logging Default Value: Enabled Range: Enabled, Disabled Specifies the amount of time a user has to enter the correct password at the console-terminal prompt.
Chapter 3 Using the console interface Table 49 TELNET/SNMP/Web Access Configuration screen fields (continued) Field Description TELNET Access Specifies if Telnet access is allowed and only to those on the list. SNMP Access WEB Access Default Value: Access: Enabled; Use List: Yes Range: Access: Enabled, Disabled; Use List: Yes, No Specifies if SNMP access is allowed and only to those on the list. (SNMP access includes the DM system.
Chapter 3 Using the console interface 265 Software Download screen The Software Download screens (Figure 96 and Figure 97) allow you to revise the Business Policy Switch software image that is located in nonvolatile flash memory. Caution: Do not interrupt power to the device during the software download process. If the power is interrupted, the firmware image can become corrupted. Achtung: Unterbrechen Sie die Stromzufuhr zum Gerät nicht, während die Software heruntergeladen wird.
Chapter 3 Using the console interface To download the software image, you need a properly configured Trivial File Transfer Protocol (TFTP) server in your network, and an IP address for the switch (or stack, if configured). To learn how to configure the switch or stack IP address, refer to “IP Configuration/Setup screen” on page 162.
Chapter 3 Using the console interface 267 Figure 96 Software Download screen for Pure BPS 2000 Stack mode Software Download BPS 2000 Image Filename: BPS 2000 Diagnostics Filename: [ [ ] ] TFTP Server IP Address: [ 0.0.0.0 ] Start TFTP Load of New Image: [ No ] Enter text, press or when complete. Press Ctrl-R to return to previous menu. Press Ctrl-C to return to Main Menu.
Chapter 3 Using the console interface Table 50 describes the Software Download screen fields. Table 50 Software Download screen fields Field Description BPS 2000 Image The Business Policy Switch software image load file name. Filename BPS 2000 Diagnostics Filename 450 Image Filename TFTP Server IP Address Default Value Zero-length string Range An ASCII string of up to 30 printable characters The Business Policy Switch diagnostics file name.
Chapter 3 Using the console interface 269 Note: If your station cannot ping the TFTP server during the downloading process, you may receive the following message: Image is Invalid Actually, the problem is that the TFTP server is not reachable, rather than any problems with the image. LED Indications during the download process The software download process automatically completes without user intervention. The process erases the contents of flash memory and replaces it with a new software image.
Chapter 3 Using the console interface 2 In the BPS 2000 Image Filename field, enter the name of the BPS 2000 image file. 3 In the TFTP Server IP Address, enter the IP address of your TFTP load host. 4 Use the space bar to toggle to BPS 2000 Image in the Start TFTP Load of New Image field. 5 Press [Enter]. The system resets and opens to the BPS2000 banner. 6 Press [Ctrl + Y] to access the main menu. 7 Choose Software Download (or press f) from the main menu.
Chapter 3 Using the console interface 271 Before you attempt to download new software (or upgrade software) to a Hybrid (mixed) stack, you must ensure that the Interoperability Software Version Numbers (ISVN) are identical. That is, the ISVN number for the BayStack 450 switch and BayStack 410 switch must have the same ISVN as the BPS 2000. If the ISVNs are not the same, the stack does not operate. The ISVNs and the accompanying software release are: • • ISVN 1 — BayStack 410 or Bay Stack 450—version 3.
Chapter 3 Using the console interface 7 Choose Software Download (or press f) from the main menu. The Software Download screen appears (Figure 97). 8 In the BPS 2000 Diagnostics Filename field, enter the name of the BPS 2000 diags file. 9 In the TFTP Server IP Address, enter the IP address of your TFTP load host. 10 Use the space bar to toggle to BPS 2000 Diagnostics in the Start TFTP Load of New Image field. 11 Press [Enter]. The system resets and opens to the BPS2000 banner.
Chapter 3 Using the console interface 273 6 Press [Enter]. The system resets and opens to the BPS2000 banner. 7 Press [Ctrl + Y] to access the main menu. 8 Choose Software Download (or press f) from the main menu. The Software Download screen appears (Figure 97). 9 In the 450 Image Filename field, enter the name of the other 450 image file. 10 In the TFTP Server IP Address, enter the IP address of your TFTP load host.
Chapter 3 Using the console interface Configuration File Menu screen The Configuration File Menu screen (Figure 98) allows you to upload and download the configuration parameters of a BPS 2000 switch or stack to a TFTP server. With software version 1.2 or higher, you can also download an ASCII configuration file from a TFTP server. These options allow you to store your switch/stack configuration parameters on a TFTP server.
Chapter 3 Using the console interface 275 Table 51 describes the Configuration File Menu screen options. Table 51 Configuration File Menu screen options Option Description Configuration File Download/Upload... Displays the Configuration File Download/Upload screen (see “Configuration File Download/Upload screen” on page 275). Ascii Configuration File Download... Displays the ASCII Configuration File Download screen (see “ASCII Configuration File Download screen” on page 279).
Chapter 3 Using the console interface Figure 99 Configuration File Download/Upload screen Configuration File Download/Upload Configuration Image Filename: TFTP Server IP Address: Copy Configuration Image to Server: Retrieve Configuration Image from Server: [ ] [ 132.245.164.4 ] [ No ] [ No ] Enter text, press or when complete. Press Ctrl-R to return to previous menu. Press Ctrl-C to return to Main Menu. Table 52 describes the Configuration File Download/Upload screen fields.
Chapter 3 Using the console interface 277 Table 52 Configuration File Download/Upload screen fields Field Description Configuration Image Filename The file name you have chosen for the configuration file. Choose a meaningful file name that will allow you to identify the file for retrieval when required. The file must already exist on your TFTP server and must be read/write enabled.
Chapter 3 Using the console interface Requirements The following requirements apply to the Configuration File feature: • The Configuration File feature can only be used to copy standalone switch configuration parameters to other standalone switches or to copy stack configuration parameters to other stack configurations. For example, you cannot duplicate the configuration parameters of a unit in a stack configuration and use it to configure a standalone switch.
Chapter 3 Using the console interface 279 Table 53 describes Configuration File parameter information.
Chapter 3 Using the console interface Figure 100 ASCII Configuration File Download screen ASCII Configuration File Download ASCII Configuration Filename: TFTP Server IP Address: Retrieve Configuration File from Server: Last Manual Configuration Status: [ ] [ 132.245.164.4 ] [ No ] Passed Last Auto Configuration Status: Auto Configuration on Reset: Passed [ Disabled ] Enter text, press or when complete. Press Ctrl-R to return to previous menu. Press Ctrl-C to return to Main Menu.
Chapter 3 Using the console interface 281 Table 54 ASCII Configuration File Download screen fields Field Description ASCII Configuration Filename Enter the file name you have chosen for the ASCII configuration file. Choose a meaningful file name that will allow you to identify the file for retrieval when required. The file must already exist on your TFTP server and must be read/ write enabled.
Chapter 3 Using the console interface System Log screen The System Log screen (Figure 101) displays or clears messages obtained from system nonvolatile random access memory (NVRAM) or dynamic random access memory (DRAM) and NVRAM. When the switch is part of a stack configuration, the System screen displays only the data for the Business Policy Switch you are connected to through the Console/Comm port.
Chapter 3 Using the console interface 283 Figure 101 System Log screen System Log Display Unit: Display Messages From: Display configuration complete?: Clear Messages From: Idx --1. 2. 3. 4. 5.
Chapter 3 Using the console interface Table 55 System Log screen fields Field Description Unit This field only appears if the switch is participating in a stack configuration. The field allows you to select the unit number of the Business Policy Switch you want to view. To view the log messages of another Business Policy Switch, type its unit number and press [Enter], or press the spacebar on your keyboard to toggle the unit numbers.
Chapter 4 Policy-enabled networks This chapter provides an overview of Differentiated Services Quality of Service (QoS) network architecture. The BPS 2000 provides a Web-based management interface, a Command Line Interface (CLI), and the graphical user interface Device Manager (DM) to configure QoS. Refer to Using Web-based Management for the Business Policy Switch 2000 Software Version 2.0, Reference for the Business Policy Switch 2000 Command Line Interface Software Version 2.
Chapter 4 Policy-enabled networks Summary Policy-enabled networks allow system administrators to prioritize the network traffic, thereby providing better service for selected applications. Using Quality of Service (QoS), the system administrators can establish service level agreements (SLAs) with customers of the network. In general, QoS helps with two network problems: bandwidth and time-sensitivity.
Chapter 4 Policy-enabled networks 287 • — Layer 4 destination port number — Ingress port number Layer 2 packets — VLAN ID number — IEEE 802.1q tag presence — EtherType, which is the Layer 3 protocol type (such as AppleTalk) — IEEE 802.
Chapter 4 Policy-enabled networks Figure 102 Schematic of QoS policy Ports Packets Filter Classifier Action Meter Marker Queues Shaper Dropper P o r t 802.1p DSCP Loss-Sensitivity 10451EA Note: To use the QoS shaping feature with software version 2.0, you must use the BPS 2000-1GT, BPS 2000-2GT, or BPS 2000-2GE MDA in a Business Policy Switch.
Chapter 4 Policy-enabled networks 289 To ensure that the traffic stream conforms to the bandwidth assigned, policing within the network is necessary. Traffic shaping may also be used to temporarily delay traffic to ensure that the flows conform to downstream bandwidth limits. DiffServ Concepts DiffServ is described in IETF RFCs 2474 and 2475.
Chapter 4 Policy-enabled networks QoS classes The BPS 2000 supports the following Nortel Networks QoS classes: • • • • Critical and Network classes have the highest priority over all other traffic. Premium class is an end-to-end service functioning similarly to a virtual leased line. Traffic in this service class is normally guaranteed an agreed-upon peak bandwidth. Traffic requiring this service should be shaped at the network boundary in order to undergo a negligible delay and delay variance.
Chapter 4 Policy-enabled networks 291 Table 56 Service classes (continued) Traffic category Service class Application type Required treatment Real time, delay tolerant, Gold high variable bandwidth Single human communication with no interaction (such as Web site streaming video). High-priority scheduling providing guaranteed minimum provisioned bandwidth. Competes for additional bandwidth. Non-real time, mission critical, interactive Silver Transaction processing (such as Telnet, Web browsing).
Chapter 4 Policy-enabled networks Note: Layer 2 and IP filters cannot coexist in the same group. A filter or filter group is associated through a policy with interface groups. Packets received from any port that is in an interface group are classified with the same filters. Each group of filters is associated with actions that are executed when the packet matches the filters in the group.
Chapter 4 Policy-enabled networks 293 Beginning with software version 2.0, you can filter multiple VLANs with a single layer 2 filter. You can filter up to 32 VLANs with a single layer 2 filter. Note: If a layer 2 filter specifies layer 3 or layer 4 information, that filter must match IP traffic only. Layer 2 classifiers can be associated with the following actions: • • • Drop matching packets. Change DSCP of matching IP packets.
Chapter 4 Policy-enabled networks IP filters have the same actions as layer 2 filters. If an IP filter is installed on a trusted port, then it cannot change the DSCP of the matching IP traffic or 802.1p user priority. If an IP filter is installed on an untrusted port, then it must change the DSCP, IEEE 802.1p, and drop precedence of the matching IP traffic. If an IP filter is installed on an unrestricted port, you configure that interface to change or not either the DSCP, IEEE 802.
Chapter 4 Policy-enabled networks 295 Refer to Table 57 and Table 58 for more information on layer 2 traffic, either IP or non-IP, and trusted, untrusted, or unrestricted ports. Note: Layer 2 filters should have the same evaluation order (or precedence order) as shown in this example to ensure that IP traffic will be treated properly. Ports BPS 2000 ports are classified into three categories: trusted, untrusted, and unrestricted ports. These three categories are also referred to as interface classes.
Chapter 4 Policy-enabled networks Table 57 Possible user re-marking of QoS fields by class of interface Type of filter Action Trusted Untrusted Unrestricted IEEE 802.
Chapter 4 Policy-enabled networks 297 The Business Policy Switch does not trust the DSCP of IP traffic received from an untrusted port, but it does trust the DSCP of IP traffic received from a trusted port. Filters installed on trusted ports cannot change the DSCP of the IP packets received on these ports. These filters specify an action that must change the IEEE 802.
Chapter 4 Policy-enabled networks Table 59 Default mapping of DSCP to QoS class and IEEE 802.
Chapter 4 Policy-enabled networks 299 Queue sets You can change the default IEEE 802.1p to queue mapping and the default DSCP to IEEE 802.1p mapping using the Web-based management interface, SNMP, the CLI, or DM. Note that the IEEE 802.1p to queue mapping for an interface (port) depends on the number of queues available at that interface. This number depends on the queue set associated with the interface. The cascade port has a set of 2 queues that are serviced using an absolute priority discipline.
Chapter 4 Policy-enabled networks You cannot change the characteristics of these queue sets (such as the service discipline, packet or buffer thresholds, and queue weights for WRR scheduler). Interface groups Every port should be assigned to an interface group, which is used to apply policies to traffic received by this port. And, each port can belong to only one interface group. The Web-based interface for Advanced QoS uses the term “Interface Configurations” for this function.
Chapter 4 Policy-enabled networks 301 Metering overview QoS metering, which operates at ingress, provides different levels of service to data streams through user-configurable parameters. A meter is used to measure the traffic stream against a traffic profile, which you create. Thus, creating meters yields In-Profile and Out-of-Profile traffic. Beginning with software version 2.0, you no longer need to configure a meter if you are not metering data.
Chapter 4 Policy-enabled networks Shaping overview Shaping, or traffic shaping, which operates at egress, smooths the traffic on the uplink connection to the network core to provide efficient bandwidth utilization. Shaping is available only on the output ports of the BPS 2000-1GT, BPS 2000-2GT, or BPS 2000-2GE MDAs. Note: You must install the BPS 2000-1GT, BPS 2000-2GT, or BPS 2000-2GE MDA in a Business Policy Switch in order to use shaping.
Chapter 4 Policy-enabled networks 303 Once you configure one Policy with a Shaping Group, you can configure additional Policies that reference existing Shaping Group numbers—this is aggregate shaping. All Policies with the same Shaping Group number are shaped at egress as if they were a single Policy. To define shaping criteria, you set a Shaping Rate in Kbps (1000 bits per second in each Kb/s) and a Shaping Burst Rate that specifies an allowed data burst larger than the Shaping Rate for a brief period.
Chapter 4 Policy-enabled networks Table 60 Shaping possibilities by class of interface Action Trusted Untrusted Shaping Traffic flow must be IP Yes or layer 2 packets (matching IP) with a specific DSCP value Note: If a filter group has multiple filters, all filters must match the identical DSCP value. Unrestricted • Traffic flow must be associated with policies that have actions that update the 802.1p value at egress.
Chapter 4 Policy-enabled networks 305 The policies, by connecting these user-defined configurations, control the traffic on the switch. Ports are assigned to interface groups that are linked to policies. Although a single policy can reference only one interface group, you can configure several policies that reference the same interface group. The policies determine the traffic treatment of the flows. Beginning with software version 2.
Chapter 4 Policy-enabled networks The filter groups are associated with policies, and policies are organized into a hierarchy. The policy with the highest precedence is evaluated first. The filters and filter groups are associated with interface groups, in that packets from a specific port will have the same filters as all others in the particular interface group (role combination). Meters, operating at ingress, keep the sorted packets within certain parameters.
Chapter 4 Policy-enabled networks 307 However, traffic destined for the switch and received through a port on the base unit of a stack is not dropped even if filters targeting the traffic are installed and drop has been specified. This behavior prevents you from completely isolating yourself from the switch. Consider this behavior when you configure filters and when you allocate ports for the purposes of configuring and or monitoring the switch.
Chapter 4 Policy-enabled networks 208700-C
Chapter 5 Sample QoS configuration You can configure QoS using the Common Open Policy Services (COPS), the CLI, the Web-based management system, SNMP, or Device Manager. This section presents a sample QoS configuration using the Web-based management system using the QoS Advanced pages. For more information on configuring QoS with the Web-based management system, refer to Using Web-based Management for the Business Policy Switch 2000 Software Version 2.0.
Chapter 5 Sample QoS configuration With software version 2.0, you can easily configure QoS parameters using the QoS Quick Config Web pages. QoS Quick Config allows you to configure multiple QoS components using only two Web pages. Although QoS Quick config does not provide the full range of options as the QoS Advanced Pages, Quick Config is suitable for many QoS applications. Refer to Using Web-based Management for the Business Policy Switch 2000 Software Version 2.
Chapter 5 Sample QoS configuration 311 Note: You cannot modify many configured items, including interfaces, interface groups, filters, filter groups, actions, meters, and shapers. You must first delete the current item and then enter a new one with the modifications. Creating interface groups To create an interface group: 1 In the Web-based management interface, click the Application > QoS > QoS Advanced menu option.
Chapter 5 Sample QoS configuration Figure 103 3 Web-based management menu page Click Interface Config. The Interface Configuration page opens (Figure 104).
Chapter 5 Sample QoS configuration 313 Figure 104 Interface Configuration page The Interface Group Creation section of this page allows you to define groups of interfaces. You can view your interface configurations in the read-only Interface Queue Table and the Interface Group Table. 4 Use the Interface Group Creation section to create a new Role Combination. In the Role Combination field, enter Webbrowsing. (Remember, this is an example. You can enter any string in this field.
Chapter 5 Sample QoS configuration 5 In the Interface Class field, choose untrusted. By selecting untrusted, incoming DSCP values will be changed. (Refer to Chapter 4 for more information on trusted, untrusted, and unrestricted interfaces classes.) By using system defaults or manual configurations, you configure whether the DSCP value is changed. Note: Nortel Networks recommends that you use the default configurations.
Chapter 5 Sample QoS configuration 315 a Click the ports you want to add to the specified interface group, or click All to add all ports on the unit. b Click Submit. . Note: If you delete a role combination, you must remove all ports in the Interface Group Assignment page first. A role combination cannot be deleted if it is referenced by an installed meter. Accepting default mapping values If you choose to accept the default values for IEEE 802.
Chapter 5 Sample QoS configuration Note: When you choose the value Ignore, the system matches all fields for that parameter. Defining an IP filter You create IP filters for IP packets that are to be forwarded through the BPS 2000 on specific ingress ports. In each IP packet, there is a differentiated services (DiffServ) field in the packet header that you can mark for specific treatment. This field is called the DiffServ code point (DSCP).
Chapter 5 Sample QoS configuration 317 Figure 106 IP Classification page (1 of 2) Figure 107 IP Classification page (2 0f 2) 2 In the Destination Address box, click Network Address. a In the Network Address field, enter 134.177.69.0. Using the Business Policy Switch 2000 Version 2.
Chapter 5 Sample QoS configuration This address is used to match the destination IP address in the packet’s IP header. b 3 In the Subnet Mask field, enter 255.255.255.0. In the Source Address box, click Network Address. a In the Network Address field, enter 134.177.0.0. This is the IP address to match against the packet’s source IP address. b 4 In the Subnet Mask field, enter 255.255.0.0. In the DSCP field, choose 0x20 from the list.
Chapter 5 Sample QoS configuration 319 Figure 108 IP Classification Group page 2 In the Filter Group Name field, enter IPacket. This unique identification label distinguishes this filter group from other filter groups. Note: Do not leave spaces in your naming entry. 3 Click the Group check box in the Filter Group Table to include the entry in the filter group. 4 Enter the Order number 1. This step establishes the evaluation order of filters in the group. 5 Click Submit.
Chapter 5 Sample QoS configuration Figure 109 IP Group Modification page The system returns you to IP Classification page. The new filter appears in the IP Filter Table, and the new filter group appears in the IP Filter Group Table (Figure 110 and Figure 111).
Chapter 5 Sample QoS configuration 321 Figure 110 IP Classification page (1 of 2) Figure 111 IP Classification page (2 0f 2) Using the Business Policy Switch 2000 Version 2.
Chapter 5 Sample QoS configuration Defining a layer 2 filter You configure layer 2 filters by defining IEEE 802-based parameters and selective layer 3 and layer 4 parameters. Layer 2 filter groups are defined by specifying the layer 2 filter to be included in the given filter group. Note: Beginning with software version 2.0, you can reference up to 32 VLANs with a single layer 2 filter.
Chapter 5 Sample QoS configuration 323 Figure 112 Layer 2 Classification page (1 of 2) Figure 113 Layer 2 Classification page (2 of 2) 2 In the VLAN field, click VLAN and choose VLAN # 1. This filter matches packets in VLAN 1. 3 In the VLAN Tag field, choose Tagged. Only packets that have an IEEE 802.1p tag match this layer 2 filter. 4 In the EtherType field, click Ignore. All EtherTypes are ignored. Using the Business Policy Switch 2000 Version 2.
Chapter 5 Sample QoS configuration 5 In the 802.1p Priority field, click Priority and 0, 1, 2. Only packets that have IEEE 802.1p user priority 0, 1, 2 will match this filter. 6 In the DSCP field, accept the default Ignore. Any values that are in the DSCP field are ignored. 7 In the Protocol field, select Ignore. All IP protocols are matched against the packet’s IP protocol field. 8 In the Destination IP Layer4 Port Range field, click Ignore.
Chapter 5 Sample QoS configuration 325 Figure 114 Layer 2 Classification page with new entry (1 of 2) Figure 115 Layer 2 Classification page with new entry (2 of 2) Creating a Layer2 Filter Group Table entry Now you can create a layer 2 filter group in the Layer2 Filter Group Table section of the Layer2 Classification page. To create a layer 2 filter group entry: Using the Business Policy Switch 2000 Version 2.
Chapter 5 Sample QoS configuration 1 Click Create Filter Group in the Layer2 Filter Group Table section of the Layer 2 Classification page (Figure 112 and Figure 113). The Layer2 Group page opens (Figure 116). Figure 116 Layer2 Group page 2 In the Filter Group Name field, enter layer2filter. This entry is a unique identification label to distinguish this filter group from other filter groups. Note: Do not leave spaces in your naming entry.
Chapter 5 Sample QoS configuration 327 Figure 117 Layer 2 Group Modification page The system returns you to Layer 2 Classification page. The new filter group appears in the Layer2 Filter Group Table (Figure 118). Using the Business Policy Switch 2000 Version 2.
Chapter 5 Sample QoS configuration Figure 118 Layer 2 Classification page Configuring actions When you assign actions to filters, you specify the type of behavior you want a policy to apply to a flow of IP and IEEE 802 packets. Actions applied to filters establish packet-specific criteria that determine how a packet is to be processed. You specify the actions associated with specific IP and layer 2 filter groups. When filters match incoming packets, the actions are performed on those packets.
Chapter 5 Sample QoS configuration 329 Figure 119 Actions page Note: Beginning with software version 2.0, the Action page opens with configured actions for the classes of service as well as a few other typical actions. 2 In the Action Name field of the Action Creation section, enter Generic. 3 In the Transmit/Drop Frame field, choose Transmit. 4 In the Update DSCP field, choose 47,0x2F. This entry changes the DSCP value to the decimal value 47 in the match packet.
Chapter 5 Sample QoS configuration 7 Click Submit. The entry is displayed in the Action Table (Figure 120). Figure 120 Action page with entry in Action Table In summary, you have configured a new action named Generic. This action specifies a high drop precedence, a low user priority, and a DSCP value of 0x2F for packets that match a filter associated with this action.
Chapter 5 Sample QoS configuration 331 Configuring meters Metering operates at ingress and provides different levels of service to data streams through user-configurable parameters. An example would be to limit traffic entering a port to a specified bandwidth, such as 25 Kb/s (Committed Rate).
Chapter 5 Sample QoS configuration Figure 121 Meters page Note: Beginning with software version 2.0, the Meter page opens with configured meters for the classes of service as well as a few other typical actions. 2 In the Name field of the Meter Creation section, enter Practice. 3 In the Committed Rate field, enter 3000. 4 In the Maximum Burst Rate field of the Committed Burst Size section, enter 3500.
Chapter 5 Sample QoS configuration 333 6 Click Submit. The new entry is displayed in the Meter Table (Figure 122). Figure 122 Meter page with new entry in Meter Table In summary, you have configured a new meter named Practice. This meter specifies committed data, with a committed rate of 3000 Kbps and a committed burst size of 2047 bytes, for packets that match a filter associated with this meter. Using the Business Policy Switch 2000 Version 2.
Chapter 5 Sample QoS configuration Configuring shapers Note: To use the QoS shaping feature, you must install the BPS 2000-1GT, BPS 2000-2GT, or BPS 2000-2GE MDA in a Business Policy Switch. Shaping operates at egress and specifies the maximum rate at which traffic will be transmitted over a given time. Traffic is allowed to exceed this rate in short bursts. You specify a burst size to indicate the maximum burst size of traffic allowed to egress without a shaping delay.
Chapter 5 Sample QoS configuration 335 Figure 123 Shapers page 2 In the Name field of the Shaper Creation section, enter Shape1. 3 In the Shaping Rate field, enter 64. You must enter a multiple of 64 Kbps in this field. 4 In the Maximum Burst Rate field, enter 70. 5 Choose 2729 milliseconds from the pull-down menu for Maximum Burst Duration. The switch calculates from 1 to 6 durations and presents the results to you in a pull-down menu. Choose the one you want.
Chapter 5 Sample QoS configuration Figure 124 Shapers page with new entry in Shaper Table You configured a shaper named Shape1, with a 64-Kb/s rate, a maximum burst size of 2,047 bytes, and a queue depth of 16 packets. Configuring policies Now you are ready to configure a policy. A policy is an interface group, a group of filters (filter set) and the associated meter, shaper or shaper group, and action.
Chapter 5 Sample QoS configuration 337 Figure 125 Policies page (1 or 2) Figure 126 Policies page (2 of 2) 2 In the Policy Name field of the Policy Creation area, enter IPpolicy. Using the Business Policy Switch 2000 Version 2.
Chapter 5 Sample QoS configuration This entry is a unique name to identify this target. Note: You cannot have spaces in the naming field. 3 In the Filter Group Type, choose IP Filter Group. This entry is the filter group that will be associated with this policy. 4 In the Filter Group field, choose IPacket. This entry is the filter group you created in the IP Classification Group page, IP Filter Group Table. 5 In the Role Combination field, choose Webbrowsing.
Chapter 5 Sample QoS configuration 339 You may want to have the traffic associated with the policy you are now creating shaped as a group (or aggregate) with the traffic associated with other, installed policies. To do so, choose the Shaping Group identified in the Policy Table with the policy or policies you want to group with this traffic, rather than using the Shaper field. 12 In the Track Statistics field, choose Yes. 13 Click Submit.
Chapter 5 Sample QoS configuration Figure 127 Policies page with new entry (1 of 2) Figure 128 Policies page with new entry (2 of 2) In summary, you configured a QoS policy called IPpolicy. This policy applies a combination of packet filtering (matching) criteria and actions to individual interfaces (ports) in the hardware. You specified that this policy will use the IPacket filter group with the elements that you specified.
Chapter 5 Sample QoS configuration 341 You enable or disable each policy using the pull-down menu under the Status heading. The default value is Enabled. Assigning mapping values Note: Nortel Networks recommends that you use the default mapping values to ensure end-to-end QoS connectivity across Nortel Network products. To manually configure the mapping among 802.1p priority values, priority, and DSCP mapping, you must use with the following QoS Advanced pages: • • • • “Assigning 802.
Chapter 5 Sample QoS configuration Figure 129 802.1p Priority Queue Assignment page 2 In the Queue Set field in the 802.1p Priority Assignment (View By) section, select 1. This value is the queue set you want to modify. 3 Click Submit. The 802.1p Priority Assignment Table is updated with the queue set you requested. 4 Change the value of Priority 5 from 2 to 1. Note: Clicking Submit in the 802.1p Priority Assignment Table section results in a system reset.
Chapter 5 Sample QoS configuration 343 ➨ Click the Application > QoS > QoS Advanced > Devices > DSCP Mapping menu option. The DSCP Mapping page opens (Figure 130). Figure 130 DSCP Mapping page To change the DSCP to an 802.1p priority: 1 Click the Application > QoS > QoS Advanced > Devices > DSCP Mapping menu option. The DSCP Mapping page opens (Figure 130). 2 Click the Modify icon of DSCP 0x1. The DSCP Mapping page opens (Figure 131) for DSCP 0x1. Using the Business Policy Switch 2000 Version 2.
Chapter 5 Sample QoS configuration Figure 131 DSCP Mapping page 3 In the 802.1 User Priority field, choose 1. 4 In the Drop Precedence field, choose Not Loss Sensitive. 5 In the Service Class field, choose Standard. 6 Click Submit. The DSCP Mapping page opens with the updated information (Figure 132).
Chapter 5 Sample QoS configuration 345 Figure 132 DSCP Mapping page Assigning 802.1p user priority mapping Now, you want to map the 802.1p priority to a specific DSCP. To configure IEEE 802.1p user priority to DSCP mapping: 1 Click the Application > QoS > QoS Advanced > Devices > Priority Mapping menu option. The 802.1p Priority Mapping page opens (Figure 133). Using the Business Policy Switch 2000 Version 2.
Chapter 5 Sample QoS configuration Figure 133 802.1p Priority Mapping page 2 Change the DSCP value for 802.1. Priority 2 to 0x0. 3 Click Submit. Verifying DSCP queue assignments Next, view the DSCP queue assignments. Note: When you want to map DSCP to a queue, you must map DSCP to 802.1p, and then map 802.1p to a queue. To view DSCP queue assignments: 1 Click the Application > QoS > QoS Advanced > Devices > DSCP Q Assign menu option. The DSCP Queue Assignment page opens (Figure 134).
Chapter 5 Sample QoS configuration 347 Figure 134 DSCP Queue Assignment page 2 Choose Queue Set 1. 3 Click Submit. 4 View the queue assignment. Using the Business Policy Switch 2000 Version 2.
Chapter 5 Sample QoS configuration 208700-C
Chapter 6 Troubleshooting This chapter describes how to isolate and diagnose problems with your Business Policy Switch and covers the following topics: • “Interpreting the LEDs,” next • “Diagnosing and correcting problems” on page 353 The chapter topics lead you through a logical process for troubleshooting the Business Policy Switch.
Chapter 6 Troubleshooting Figure 135 LED display panel Business Policy Switch 2000 Cas Pwr 1 3 5 7 9 11 13 15 17 19 21 23 Up Status Dwn 10/100 Activity 2 4 6 8 10 12 14 16 18 20 22 24 RPSU Base 10/100 Activity 9714EA Table 61 Business Policy Switch LED descriptions Label Type Color State Meaning Pwr Power status Green On DC power is available to the switch’s internal circuitry. Off No AC power to switch or power supply failed.
Chapter 6 Troubleshooting 351 Table 61 Business Policy Switch LED descriptions (continued) Label Type Color State Meaning Green On The switch is connected to the upstream unit’s Cascade A In connector. Amber On This unit has detected a problem with the switch connected to the cascade up connector. In order to maintain the integrity of the stack, this unit has bypassed its upstream neighbor and has wrapped the stack backplane onto an alternate path.
Chapter 6 Troubleshooting Table 61 Business Policy Switch LED descriptions (continued) Label Type Color State Meaning Base Base mode Green On The switch is configured as the stack base unit. Off The switch is not configured as the stack base unit (or is in standalone mode). Blinking Stack configuration error: indicates that multiple base units or no base units are configured in the stack. Amber On This unit is operating as the stack configuration’s temporary base unit.
Chapter 6 Troubleshooting 353 Diagnosing and correcting problems This section discusses some common problems in using the BPS 2000, such as joining stacks and upgrading software in mixed stacks.
Chapter 6 Troubleshooting Avvertenza: Per evitare lesioni fisiche dovute a scariche pericolose di corrente, non rimuovere mai il coperchio superiore del dispositivo. I componenti interni non possono essere manipolati dall’utente. Normal power-up sequence In a normal power-up sequence, the LEDs appear as follows: 1 After power is applied to the switch, the Pwr (Power) LED turns on within 5 seconds.
Chapter 6 Troubleshooting 355 Table 62 Corrective actions Symptom Probable cause Corrective action All LEDs are off. The switch is not receiving AC Verify that the AC power cord is fastened securely power. at both ends and that power is available at the AC power outlet. The fans are not operating or Verify that there is sufficient space for adequate the airflow is blocked, causing airflow on both sides of the switch. the unit to overheat.
Chapter 6 Troubleshooting The Business Policy Switch negotiates port speeds according to the IEEE 802.3u autonegotiating standard. The switch adjusts (autonegotiates) its port speed and duplex mode to match the best service provided by the connected station, up to 100 Mb/s in full-duplex mode as follows: • If the connected station uses a form of autonegotiation that is not compatible with the IEEE 802.
Chapter 6 Troubleshooting 357 Port interface Ensure that the devices are connected using the appropriate crossover or straight-through cable (see Appendix). Upgrading software Note: Use the Command Line Interface (CLI), console interface (CI) menus, or the Web-based management system to upgrade to software version 2.0. For detailed instructions, refer to Chapter 3, Reference for the Business Policy Switch 2000 Command Line Interface Software Version 2.
Chapter 6 Troubleshooting Upgrading software in a Pure BPS 2000 stack To download, or upgrade, software in a Pure BPS 2000 stack: 1 Download the operational software, or agent, image. 2 Download the diagnostics image. However, if you are currently using software version 1.0, 1.0.1, or 1.1, you must upgrade to software version 1.1.1 before upgrading to version 2.0. Note: Once you begin the upgrading process, do not interrupt the process at all.
Chapter 6 Troubleshooting 359 • • “Upgrading software when ISVN is 2,” next “Upgrading software when ISVN is 1” on page 359 Upgrading software when ISVN is 2 To upgrade a Hybrid stack to BPS 2000 software version 2.0 when the ISVN numbers of the units are 2: 1 Download the BPS 2000 image file. The system resets. 2 Download the BPS 2000 diags file. The system resets. Note: Once you begin the upgrading process, do not interrupt the process at all.
Chapter 6 Troubleshooting The system resets. 4 Validate that the ISVN on both the BPS 2000 and the BayStack are 2. Note: Once you begin the upgrading process, do not interrupt the process at all. Interrupting the downloading (or upgrading) process may cause loss of connectivity. Joining stacks You can join two stacks, whether entirely BPS 2000 units, or mixed units. You do not have to renumber the units in either stack.
Appendix A Technical specifications This appendix provides technical specifications for the Business Policy Switch 2000. Environmental Table 63 lists environmental specifications.
Appendix A Technical specifications Table 64 Electrical parameters (continued) Input current 1.5 A @ 100 VAC .6 A @ 240 VAC Maximum thermal output 500 BTU/hr Physical dimensions Table 65 lists physical dimensions. Table 65 Physical dimensions Parameter Specifications Height 7.04 cm (2.77 in.) Width 43.82 cm (17.25 in.) Depth 38.35 cm (15.1 in) Weight 4.8 kg (10.60 lb) Performance specifications Table 66 lists performance specifications.
Appendix A Technical specifications 363 Data rate The data rate is 10 Mb/s Manchester encoded or 100 Mb/s 4B/5B encoded. Interface options The BPS2000 has 10BASE-T/100BASE-TX switch ports with RJ-45 (8-pin modular) connectors for MDA-X interfaces. Refer to Installing Media Dependent Adapters (MDAs) and Installing Gigabit Interface Converters and Small Form Factor Pluggable Interface Converters for information on the interface connectors on available uplink modules.
Appendix A Technical specifications • EN55022:1995, Class A • EN61000-3-2:1995 • EN61000-3-3:1994 Electromagnetic immunity The module meets the EN50082-1:1997 standard. Declaration of Conformity The Declaration of Conformity for the BPS 2000 complies with ISO/IEC Guide 22 and EN45014. The declaration identifies the product models, the Nortel Networks name and address, and the specifications recognized by the European community.
Appendix B Interoperability in a mixed stack configuration This appendix presents important interoperability guidelines when you implement a mixed stack configuration. A mixed stack consists of a combination of Business Policy Switches and BayStack 450 and/or BayStack 410 switches.
Appendix B Interoperability in a mixed stack configuration • Web-based management system—Open the System Information page, which is under Administration on the main menu. The software currently running is displayed in the sysDescription field. You can use 256 port-, protocol-, and MAC SA-based VLANs for the stack with a Pure BPS 2000 stack running software version 2.0. (The maximum number available of MAC SA-based is 48).
Appendix B Interoperability in a mixed stack configuration 367 Base unit In a mixed stack configuration, a Business Policy Switch must be configured as the base unit (Unit Select switch set to On on the cascade module). All other units in the stack must have their Unit Select switch set to Off. The base unit switch is the unique stack switch that you configure with the Unit Select switch on the front panel of the BayStack 400-ST1 Cascade Module.
Appendix B Interoperability in a mixed stack configuration 7 Add the newly configured Business Policy Switch to your existing stack. Figure 136 Stack Operational Mode screen Stack Operational Mode Current Stack Operation Mode: Pure BPS 2000 Stack Next Stack Operation Mode: [ Hybrid Stack ] Stack BootP Mac Address Type: [ Stack Mac Address ] Use space bar to display choices, press or to select choice. Press Ctrl-R to return to previous menu. Press Ctrl-C to return to Main Menu.
Appendix B Interoperability in a mixed stack configuration 369 Temporary base unit In a mixed stack containing only one Business Policy Switch If there is only one Business Policy Switch in your mixed stack configuration and it fails, the next upstream BayStack 410 or BayStack 450 switch from the failed base unit will become the temporary base unit and will continue stack operation. The base unit change is indicated by the base LED on the temporary base unit’s LED display panel turning on (amber).
Appendix B Interoperability in a mixed stack configuration You can verify the software version and the ISVN in the sysDescr field (see Figure 137) in the System Characteristics screen. Figure 137 System Characteristics screen System Characteristics Operation Mode: Size Of Stack: Base Unit: Stack, Unit # 1 2 1 MAC Address: 00-80-2C-8D-23-DF Reset Count: Last Reset Type: Power Status: Local MDA Type: sysDescr: 16 Management Reset Primary Power None Business Policy Switch 2000 HW:AB3 FW:Vx.x SW:v1.0.
Appendix B Interoperability in a mixed stack configuration 371 Using the console interface Console/Comm port In order to use all the Business Policy Switch management features (for example, downloading software), you must connect your console terminal into a Business Policy Switch port within your mixed stack. For more information about the console/comm port, see Chapter 1.
Appendix B Interoperability in a mixed stack configuration Before you attempt to download new software (or upgrade software) to a Hybrid (mixed) stack, you must ensure that the Interoperability Software Version Numbers (ISVN) are identical. That is, the ISVN number for the BayStack 450 switch and BayStack 410 switch must have the same ISVN as the BPS 2000. If the ISVNs are not the same, the stack does not operate.
Appendix B Interoperability in a mixed stack configuration 373 1 Download the BPS 2000 image file and the BayStack 450/410 file simultaneously. Note: If you do not download both the BPS 2000 and BayStack 410/450 images simultaneously, the stack may not form. The system resets. 2 Download the other BayStack 450 image file. The system resets. 3 Download the BPS 2000 diags file. The system resets. 4 Validate that the ISVN on both the BPS 2000 and the BayStack are 2.
Appendix B Interoperability in a mixed stack configuration 4 a On the unit that was the Base Unit of this stack, use the Unit Select switch to deselect it as the Base Unit. b Redo all the cabling so that all units will work as one stack. Power-up the newly joined units by plugging in the power cords. It may take a few minutes for the entire stack to display on the console. All units will show as their new numbers within the newly joined stack.
Appendix C Quick steps to features If you are a system administrator with experience configuring Business Policy Switch 2000 VLANs, MultiLink Trunking, Port Mirroring, IGMP Snooping, and EAPOL authentication processes, use the flowcharts on the following pages as quick configuration guides. The flowcharts refer you to the “configuration rules” appropriate for each feature. The flowcharts cover the following features: • • • • • 802.
Appendix C Quick steps to features Figure 138 Configuring 802.1Q VLANs (1 of 3) Start Key VLAN Configuration screen 3 Off-page reference On-page reference Select the appropriate value for the Create VLAN field. Select the appropriate value for the VLAN Type field. Yes Select the appropriate PID value for the PID field. Is VLAN Type Port-Based? Is the PID user-defined? No Is VLAN Type ProtocolBased? No Yes No Yes Enter the user-defined PID value. Activate VLAN State.
Appendix C Quick steps to features 377 Figure 139 Configuring 802.1Q VLANs (2 of 3) 1 VLAN Port members Configured? No Configure Port Members as Tagged Port Member, Untagged Port Member, or Not a Member of VLAN (see "VLAN Configuration Rules" for more information). Yes Press [Ctrl]-R to return to previous menu. Choose VLAN Port Configuration (or press c) to open the VLAN Port Configuration screen. Set the Port field, as appropriate for your configuration. Is PVID correct? No Set PVID.
Appendix C Quick steps to features Figure 140 Configuring 802.1Q VLANs (3 of 3) 2 Is VLAN tag correct? No Set Tagging field on VLAN Port Configuration screen. Yes Is filtering correct? No Set tagged, untagged, unregistered filters, if necessary. Yes Is Port Priority correct? No Set Port Priority. See also the Traffic Class Configuration screen, if necessary.
Appendix C Quick steps to features 379 Configuring MultiLink Trunks To create or modify a MultiLink Trunk, follow the flowchart in Figure 141. To open the MultiLink Trunk Configuration screen: ➨ Choose MultiLink Trunk Configuration (or press t) from the MultiLink Trunk Configuration Menu screen Figure 141 Configuring MultiLink Trunks MultiLink Trunk Configuration screen Are all trunk members configured? No Configure trunk members (see "MultiLink Trunking Configuration Rules").
Appendix C Quick steps to features Configuring Port Mirroring To create or modify port-mirroring ports, follow the flowcharts in Figure 142 and Figure 143). To open the Port Mirroring Configuration screen: ➨ Choose Port Mirroring Configuration (or press i) from the Switch Configuration Menu screen Figure 142 Configuring Port Mirroring (1 of 2) Port Mirroring Configuration screen Is Monitoring Mode field set? No Set Monitoring Mode field.
Appendix C Quick steps to features 381 Figure 143 Configuring Port Mirroring (2 of 2) 1 2 Are Address A and B configured? No Configure Addresses. Yes Is Port Mirroring Enabled? No Enable Port Mirroring (see "Port Mirroring Configuration Rules"). Yes Key Done Off-page reference On-page reference BS45052A Configuring IGMP Snooping To create or modify IGMP Snooping ports, follow the flowcharts in Figures Figure 144 to Figure 146.
Appendix C Quick steps to features Figure 144 Configuring IGMP Snooping (1 of 3) IGMP Configuration screen Are VLANs created/port members configured? No Go to VLAN flowchart. Create VLANs/ configure port members, as required. Yes Is the Snooping field set correctly? No Set the correct value for the Snooping field. Yes Is Snooping field set? No 2 Yes Is the Proxy field set correctly? No Set the correct value for the Proxy field.
Appendix C Quick steps to features 383 Figure 145 Configuring IGMP Snooping (2 of 3) 2 Is the Robust Value field set correctly? No Set the correct value for the Robust Value field. No Set the correct value for the Query Timer field. Yes Is the Query Timer field set correctly? Yes Is the Set Router Ports field set correctly? No Set the correct value for the IGMP version in the Set Router Ports field. Yes Is the Proxy field set correctly? No Set the correct value for the Proxy field.
Appendix C Quick steps to features Figure 146 Configuring IGMP Snooping (3 of 3) 3 Are all IGMP members configured? No Configure all IGMP members (see "IGMP Configuration Rules"). Yes All VLANs on this port are now configured as IGMP router ports. Is the Port a trunk member? No Yes All trunk members for that trunk are automatically configured as IGMP Static Router Ports.
Appendix C Quick steps to features 385 To open the EAPOL Security Configuration screen: ➨ Choose EAPOL Security Configuration from the Switch Configuration Menu screen. Figure 147 Authenticaton process flowchart (1 of 2) Login screen Authentication successful? No Access denied. See System Administrator. Yes Authentication server sent VLAN ID? Switch restores VLAN ID and PVID values from NVRAM. No A Yes Does VLAN exist? No Switch sets VLAN ID and PVID values to VLAN 1.
Appendix C Quick steps to features Figure 148 Authenticaton process flowchart (2 of 2) A Authentication server sent Port Priority value? No Switch restores Port Priority value from NVRAM. Yes Is Port Priority value range 0 to 7? No Switch sets Port Prioity value to 0. Yes Switch sets Port Priority value to preconfigured values stored in the Authentication server.
Appendix D Connectors and pin assignments This appendix describes the Business Policy Switch 2000 port connectors and pin assignments. RJ-45 (10BASE-T/100BASE-TX) port connectors The RJ-45 port connectors (Figure 149) are wired as MDI-X ports to connect end stations without using crossover cables. (See “MDI and MDI-X devices” on page 388 for information about MDI-X ports.) For 10BASE-T connections, use Category 3 (or higher) UTP cable. For 100BASE-TX connections, use only Category 5 UTP cable.
Appendix D Connectors and pin assignments Table 67 lists the RJ-45 (8-pin modular) port connector pin assignments.
Appendix D Connectors and pin assignments 389 MDI-X to MDI cable connections Business Policy Switch switches use MDI-X ports that allow you to connect directly to end stations without using crossover cables (Figure 150).
Appendix D Connectors and pin assignments Figure 151 MDI-X to MDI-X cable connections Business Policy Switch 2000 1 8 T R 8 1 8 Switch or hub 8 1 1 1 RX+ 1 1 RX+ 1 2 RX- 2 2 RX- 2 3 TX+ 3 3 TX+ 3 4 4 4 4 5 5 5 5 6 TX- 6 6 7 7 7 7 8 8 8 8 MDI-X port Crossover cable TX- T R 6 MDI-X port BS45057A DB-9 (RS-232-D) Console/Comm Port connector The DB-9 Console/Comm Port connector (Figure 152) is configured as a data communications equipment (DCE) connector.
Appendix D Connectors and pin assignments 391 Table 68 lists the DB-9 Console connector pin assignments.
Appendix D Connectors and pin assignments 208700-C
Appendix E Default Settings Table 69 lists the factory default settings for the Business Policy Switch 2000 according to the console interface (CI) screens and fields for the settings. Table 69 Factory default settings Field Default setting Appears in this CI screen Unit 1 “IP Configuration/Setup screen” on page 162 BootP Request Mode BootP Disabled In-Band Stack IP Address 0.0.0.0 (no IP address assigned) In-Band Switch IP Address 0.0.0.0 (no IP address assigned) In-Band Subnet Mask 0.0.
Appendix E Default Settings Table 69 Factory default settings (continued) Field Default setting Appears in this CI screen Aging Time 300 seconds “MAC Address Table screen” on page 174 Find an Address 00-00-00-00-00-00 (no MAC address assigned) Port Mirroring Address A: 00-00-00-00-00-00 (no MAC address assigned) Port Mirroring Address B: 00-00-00-00-00-00 (no MAC address assigned) MAC Address Security Disabled MAC Address Security SNMP-Locked Disabled Partition Port on Intrusion Detected
Appendix E Default Settings 395 Table 69 Factory default settings (continued) Field Default setting Appears in this CI screen Create VLAN 1 “VLAN Configuration screen” on page 197 Delete VLAN blank field VLAN Name VLAN # (VLAN number) Management VLAN Yes, VLAN #1 IVL/SVL IVL VLAN Type Port-based Protocol ID (PID) None User-Defined PID 0x0000 VLAN State Inactive Subnet Addr 0.0.0.0. Subnet Mask 0.0.0.0.
Appendix E Default Settings Table 69 Factory default settings (continued) Field Default setting Appears in this CI screen Unit 1 “VLAN Display by Port screen” on page 208 Port 1 PVID 1 (read only) Port Name Unit 1, Port 1 (read only) Unit 1 Status Enabled (for all ports) Autonegotiation Enabled (for all ports) Speed/Duplex 100Mbs/Half (when Autonegotiation is Disabled) Trunk 1 to 6 (depending on configuration status) Trunk Members (Unit/Port) Blank field STP Learning Normal Tru
Appendix E Default Settings 397 Table 69 Factory default settings (continued) Field Default setting Appears in this CI screen Monitoring Mode Disabled “Port Mirroring Configuration screen” on page 221 Monitor/Unit Port Zero-length string Unit/Port X Zero-length string Unit/Port Y Zero-length string Address A 00-00-00-00-00-00 (no MAC address assigned) Address B 00-00-00-00-00-00 (no MAC address assigned) Packet Type Both Limit None VLAN 1 Snooping Enabled Proxy Enabled Robust Value
Appendix E Default Settings Table 69 Factory default settings (continued) Field Default setting Appears in this CI screen Note: The following two fields only appear when the switch is a participant in a stack configuration.
Appendix E Default Settings 399 Table 69 Factory default settings (continued) Field Default setting Event Logging All Allowed Source IP Address (10 user-configurable fields) First field: 0.0.0.0 (no IP address assigned) Appears in this CI screen Remaining nine fields: 255.255.255.255 (any address is allowed) Using the Business Policy Switch 2000 Version 2.
Appendix E Default Settings Table 69 Factory default settings (continued) Field Default setting Allowed Source Mask (10 user-configurable fields) First field: 0.0.0.0 (no IP address assigned) Appears in this CI screen Remaining nine fields: 255.255.255.255 (any address is allowed) Image Filename Zero-length string TFTP Server IP Address 0.0.0.0 (no IP address assigned) Start TFTP Load of New Image No Configuration Image Filename Zero-length string TFTP Server IP Address 0.0.0.
Appendix F Sample BootP Configuration File This appendix provides a sample BootP configuration file. The BootP server searches for this file, called bootptab (or BOOTPTAB.TXT, depending on your operating system), which contains the site-specific information (including IP addresses) needed to perform the software download and configuration. You can modify this sample BootP configuration file or create one of your own.
Appendix F Sample BootP Configuration File # Caution # # Omitting a Forward slash (/) when the entry is continued to the next # line, can cause the interruption of the booting process or the # incorrect image file to download. Always include forward slashes # where needed. # # Important Note: # # If a leading zero (0) is used in the IP address it is calculated as an # octal number. If the leading character is "x" (upper or lower case), # it is calculated as a hexadecimal number.
Index Numbers ASCII Configuration Filename field 281 256 VLANs 56 assymmetric mode 214 450 Image Filename field 268 authentication 80, 191 802.1p Priority Mapping page 345 Authentication Trap field 168 802.
Index sample configuration file 401 Stack BootP Mac Address Type 239 When Needed mode 165 BPS 2000 Diagnostics Filename field 268 Configuration File Menu 274 Configuration File option 160 Configuration Image Filename field 277 Bridge Hello Time field 252, 259 configuration rules EAPOL 84 IGMP 133, 151 MultiLink Trunking 58, 133, 139, 151 port mirroring 139, 151 spanning tree 58, 139, 151 spanning tree groups 58, 59 stacking 367 VLANs 58, 139, 151 Bridge Max.
Index 405 Current Stack Operational Mode field 239 EAPOL Security Configuration screen 173, 191 Current Unit Number field 247 EAPOL-based network security 66, 80 configuration rules 84 customer support 31 Entry field 186 D errors 69 DA Filtering on Intrustion Detected field 181 event log 282 DB-9 console/comm port connector 390 Event Logging field 263 Declaration of Conformity 364 Excessive Collisions field 237 Default Gateway field 164 default settings 160, 393 F Deferred Packets field 23
Index High Speed Flow Control Configuration screen 173, 212 IP Configuration screen 159, 162 hybrid stack 38, 93, 153, 365 IP Filter Creation section 316 hybrid stacks software upgrades 35 IP Filter Group Table section 318 I IP manager list 64, 262 Identify Unit Numbers screen 245 IP Configuration/Setup screen 159 IP Group Modification page 319 ISVN numbers 35, 271, 369 IVL/SVL field 200 IEEE 802.1p 134, 294, 328, 341 IEEE 802.1Q tagging important terms 111 IEEE 802.
Index MAC Address Configuration for MAC-SA Based VLAN screen 204 MAC Address field 170, 190, 247 MAC Address Security Configuration field 177 MAC Address Security Configuration Menu 176 MAC Address Security Configuration option 172 MAC Address Security Configuration screen 179 MAC Address Security field 180 MAC Address Security Port Configuration field 177 MultiLink Trunk Configuration Menu 215 MultiLink Trunk Configuration screen 173, 215, 216 MultiLink Trunking 138 configuration example 135 configuration
Index Partition Time field 180 Predefined Protocol Identifier (PID) 202 Path Cost field 256 Preferred Phy field 214 per-hop-behavior 288 Primary RADIUS Server field 245 ping 69, 164 prioritization 309 Policies page 336 prioritizing traffic 134, 286 Policy Table 336 Priority field 255 policy-enabled networking 70 actions 304 COPS 307 DiffServ 70, 288 filters 291 metering 65, 301 policy 304 queue sets 299 shaping 52 product support 31 Port Configuration screen 173, 209 Q port connectors
Index layer 2 filter groups 322, 325 layer 2 filtering 53 layer 2 filters 291, 322 management 309 mapping vlaues 341 metered committed rate 331 meters 301, 331 multiple VLAN filtering 53 order 292 out-of-profile action 304, 336 out-of-profile traffic 301, 331 policy 304, 336, 338 policy server 307 port types 293, 294, 295, 303, 314 ports 300, 314 precedence 292, 338 queue sets 299 queue sizes 334 queues 302 Quick Config pages 310 role combinations 300, 312, 314 sample configuration 310 shaped committed rate
Index RADIUS-based network security 78 Speed/Duplex field 212 Security field 184 stack MAC address 103 security lists 78 stack operational mode 57, 74 Select VLAN ID field 176 Stack Operational Mode screen 174, 238 Server Timeout field 195 stack up/down configurations 104 Service Level Agreement 289 stacking 33, 44, 93, 153, 158, 170, 238, 365, 366 base unit 102 cascade module slot 46 compatibility 33 considerations 107 initial installation 102 installation guidelines 107 network example 98
Index 411 sysServices field 170 Trap IP Address fields 168 System Characteristics screen 159, 169 TELNET Stack Password Type field 242 troubleshooting 43, 141, 151 autonegotiation 211, 355 cabling 357 config file 61 configuration file 278 defaults 160 joining stacks 360, 373 MAC address filtering 78 MDAs 355 mixed stack 38, 153 MLT 144 port connections 354 port interface 355 port speed 355 ports 205 power-up sequence 354 QoS 52, 294, 295, 300, 302, 303, 306, 314, 315, 331, 338 security 64 software dow
Index Uplink/Expansion slot 41 user priority 134 User-Defined PID field 201 User-Defined Protocol Identifier Description (PID) 203 V VID used for tagged BPDU field 253 VLAN Configuration Menu 173, 195 VLAN Configuration screen 197 VLAN Display by Port screen 208 VLAN Membership field 261 VLAN Name field 200 VLAN Names field 209 VLAN State field 201 VLAN Type field 200 VLANs 56, 110 Configuration Menu 173, 196 configuration rules 59, 128, 139, 151 default settings 112 EAPOL 82 examples 126 IVL 73 MAC-
