ATX USER’S GUIDE S s B bp G P R E S E 1.6 P S U P U S T A LY P LY S S U U U T T T A A A T T S S S E R O E IN B W G R N O U T E P TM T FastNET ATX NMS PORT PACKET PROCESSING ENGINE POWER OCTAL IEEE 802.3 / ETHERNET 10BASE-T SEGMENT 1X 2X 3X 4X 5X 6X 7X 8X LINK PROC ACT COL 1 2 3 4 5 6 7 8 OFFLINE PWR QUAD IEEE 802.
Notice NOTICE Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice.
Notice DOC NOTICE This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications. Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la class A prescrites dans le Règlement sur le brouillage radioélectrique édicté par le ministère des Communications du Canada.
Notice EXCLUSION OF WARRANTY AND DISCLAIMER OF LIABILITY 1. EXCLUSION OF WARRANTY. Except as may be specifically provided by Cabletron in writing, Cabletron makes no warranty, expressed or implied, concerning the Program (including its documentation and media).
Notice DECLARATION OF CONFORMITY Application of Council Directive(s): Manufacturer’s Name: Manufacturer’s Address: European Representative Name: European Representative Address: Conformance to Directive(s)/Product Standards: Equipment Type/Environment: 89/336/EEC 73/23/EEC Cabletron Systems, Inc. 35 Industrial Way PO Box 5005 Rochester, NH 03867 Mr. J.
CONTENTS CHAPTER 1 INTRODUCTION 1.1 1.2 1.3 1.4 1.5 1.6 USING THIS MANUAL .........................................................................1-1 DOCUMENT CONVENTIONS .............................................................1-3 RELATED DOCUMENTATION ...........................................................1-4 GETTING HELP.......................................................................................1-5 ATX ARCHITECTURE .....................................................................
Contents 1.8.7 Appletalk Routing........................................................................1-34 AppleTalk addressing..........................................................1-34 AppleTalk zones ...................................................................1-34 How a Macintosh learns its address..................................1-35 How a router learns its address .........................................1-35 Seed Routers ...................................................................
Contents 3.2.11 Disabling Routing Functions....................................................3-12 3.3 CONFIGURING IPX ROUTING..........................................................3-12 3.3.1 Assigning an IPX Address ..........................................................3-13 3.3.2 Displaying IPX Addresses ..........................................................3-13 3.3.3 Enabling IPX Routing Functions ...............................................3-14 3.3.4 Displaying IPX Routing Functions......
Contents 3.11.4 Example #1: LOCAL Port Mirroring .......................................3-38 3.11.5 Example #2: REMOTE Port Mirroring....................................3-39 3.12 IPX ROUTING OVER SOURCE ROUTE COMMANDS................3-40 3.13 PING COMMANDS ............................................................................3-40 3.14 TRACE ROUTE COMMANDS...........................................................3-40 3.15 EVENT LOGGING COMMANDS.....................................................
Contents CHAPTER 5 FILTERS 5.1 5.2 5.3 5.4 FILTERING AND PERFORMANCE CONSIDERATIONS ...............5-2 USING FILTERS FOR SECURITY PURPOSES....................................5-2 USING FILTERS TO IMPROVE PERFORMANCE.............................5-3 ADDRESS TABLE FILTERS....................................................................5-4 5.4.1 Destination Address Filter............................................................5-5 5.4.2 Source Address Filter ..............................................
Contents 5.10.1 Filtering for Security Purposes.................................................5-20 Example 1 — Blocking access to a network segment ................5-20 Example 2 — Blocking access to specific stations ......................5-22 Example 3 — Restricting access to authorized users.................5-25 Example 4 — Filtering by vendor ID ...........................................5-26 Example 5 — Configuring a firewall filter to control multicasts .............................................
Contents 8.3 MAINTENANCE .....................................................................................8-3 8.3.1 Power Fuse......................................................................................8-3 8.3.2 Fan Filters........................................................................................8-4 8.3.3 Hot Swapping the Power Supply................................................
Contents xii
CHAPTER 1 INTRODUCTION Welcome to the Cabletron Systems ATX User Guide. This manual explains installation instructions, and provides specifications for the ATX. 1.1 USING THIS MANUAL This manual is for system administrators responsible for configuring, monitoring, and maintaining the ATX. You should have a familiarity with internetworking concepts and principles when you install the ATX. A basic understanding of SNMP is helpful.
Introduction • Chapter 2, Installing and Connecting to the Network, describes the ATX front panel, how to install the ATX, and how to connect the Local Console Manager. • Chapter 3, Configuring, provides instructions for configuring bridging, and IP, IPX, and AppleTalk Phase II routing using the Local Console Manager. It also provides the MIB variables for configuring multicast storm protection and some common variables you may want to change.
Introduction • Appendix E, Big Endian to Little Endian Address Conversion, describes how to convert MAC addresses from big endian (Token Ring native) to little endian (Ethernet) format. 1.
Introduction 1.3 RELATED DOCUMENTATION You may need to refer to the following documentation: • ATX MIB Reference Guide – contains enterprise MIB information. • Token Ring Switch Module User Guide – contains instructions on installing the modules into the ATX and connecting your TokenRing module to the network. • FDDI Dual-Attached Intelligent Module User Guide – contains instructions on installing the modules into the ATX and connecting your intelligent FDDI module to the network.
Introduction 1.4 GETTING HELP If you need additional support related to this device, or if you have any questions, comments, or suggestions concerning this manual, contact Cabletron Systems Technical Support: Phone: (603) 332-9400 Monday – Friday 8 A.M. – 8 P.M. Eastern Time CompuServe: GO CTRON from any ! prompt Internet mail: support@ctron.com FTP: ctron.com (134.141.197.
Introduction • Any previous Return Material Authorization (RMA) numbers For additional information about Cabletron Systems products, visit our World Wide Web site: http://www.cabletron.com/ 1.5 ATX ARCHITECTURE The ATX is a high-performance, multi-protocol, LANswitch providing multi-technology, multi-layer switching capacity, performance and intelligence, creating a unique platform for LAN to ATM migration. The ATX has five slots for various interface modules and space for two power supplies.
Introduction Processing Engine. The ATX offers features which allow you to easily manage and maintain your network, such as: • Protection against multicast storms. • Data flow control based on packet filters that you define. • Compilation of statistics for traffic generated by each user device connected to an ATX segment.
Introduction With an innovative, multiple RISC processor architecture, the ATX’s Packet Processing Engine is capable of filtering and forwarding at full line speed. Further, the ATX’s protocolindependence and high performance allow for transparent, plugand-play network operation. The ATX offers all the benefits of interconnecting LANs across a backbone with an increase in performance over existing bridges. 1.6.
Introduction unicast address. Name_Query_Request frames provide the ATX with the name of the source workstation, the MAC address, the port which recieved the frame and any applicable RIF information. The Name_Recognized_Response provides the ATX with information including the name of the workstation, the MAC address of the workstation and any applicable RIF information.
Introduction 1.6.3 IPX with Token Ring Source Routing Token ring networks often interconnect with source routing (SR) bridges. Although the source routing is a MAC layer feature, all packets must provide the correct source route information to the bridges in order to traverse the networks.
Introduction preserves network bandwidth for important user data and frees up valuable end station processing. By defining virtual workgroups, broadcasts will only be seen by other end stations within the same virtual workgroup. With the functionality to define workgroups by port grouping, IP network address and/or IPX network number, a station can be part of multiple workgroups based on their location and protocol. Each workgroup can be defined by port, IP network address and/or IPX network number.
Introduction Packet Processing Engine SYNCHRONIZATION Main Processor AMD 29030 RISC CPU Turbo Processor AMD 29030 RISC CPU 1.6 Gbps SHARED MEMORY Dual Synchronous Protocol Independent Bus RISC PROCESSOR 4 SEGMENT ETHERNET DUAL RISC PROCESSOR FAST ETHERNET 4 Segments 4 Segments RISC PROCESSOR FDDI Dual Ring RISC PROCESSOR Emerging Technologies Multiple Segments DUAL RISC PROCESSOR 4 SEGMENT TOKEN RING 4 Rings Figure 1-2. ATX Architecture 1.6.
Introduction • 3T02-04, 3T05-04 and 3T01-04 - Four ring Token Ring modules accepting data frames from and sending data frames to four Token Ring networks. The 3T02 and 3T01 modules support UTP and STP cable types respectively, while the 3T05 supports either UTP or STP. • 3F00-01 and 3F55-01 - DAS (dual-attached station) FDDI modules. These modules transfer packets from and to a FDDI network.
Introduction as the originating packet, the ATX immediately forwards the packet to the segment associated with the destination address. Local traffic, data packets whose source and destination address is on the same segment, is automatically discarded. The ATX forwards data packets to network segments based on the IEEE 802.1D spanning tree algorithm, which converts multiple LANs into a “spanning tree” of networks.
Introduction multicast packets. If source routing is desired, and either Ethernet or FDDI is to be used as a backbone between Token Rings, then the Ethernet or FDDI port should be configured for SRT bridging. (SRT over Ethernet is not a standard, but is available for use between multiple ATX chassis in backbone applications. In this case, the “Ethernet” may actually be a microwave or satellite link with an Ethernet-like interface.
Introduction 1.7.1 Transparent Bridging Transparent or spanning tree bridging requires no initial programming. After being installed on the network, bridges “learn” and remember the location of the attached devices by reading the source addresses of incoming packets. Then they place the source address and port information in a lookup table. When a packet comes into a port, the bridge reads the destination address and attempts to find the location of the destination node using its lookup table.
Introduction learning database to learn addresses on the incorrect ports. This could result in frames not getting forwarded and loss of communication. • SRTB is a global parameter and is enabled only on Token Ring ports with SRT bridging mode. • The RIF database supports 8,192 entires. • SRTB can be enabled based on IP, IPX and other protocols (SNA, NetBIOS, etc.) • All existing protocol translations (IP, IPX, SNA, NetBIOS and AppleTalk) are supported when SRTB is enabled.
Introduction Station A Bridge B Station C Ring 7 Ring 43 data packet address 43 B 7 data Figure 1-3. Source Routing Example In the example in Figure 1-3, a data packet traveling from station C on LAN 43 through bridge B to station A on LAN 7 must specify the full route it is to take. The source station is responsible for specifying the route, hence the term “source routing.
Introduction where each bridge is likely to become congested. Station C Station A Congested Alternative Route Figure 1-4. Data Path Using Source Routing Bridging In contrast to spanning tree bridging, all bridges and all links are active with source routing bridging; the least-congested path is chosen at discovery time. With products like the ATX, such congestion avoidance is rarely necessary, since the bridge is capable of handling nearly any traffic load without experiencing congestion. 1.7.
Introduction 1.7.5 Translation The ATX is a translating bridge; meaning it translates packets across unlike protocols. For example, if an Ethernet (802.3) data packet is to be forwarded to an FDDI segment, the ATX translates the packet to FDDI packet format. Conversely, the ATX translates FDDI packets to be forwarded to an Ethernet segment to Ethernet (802.3) packet format. This means the ATX can transparently exchange data packets between FDDI and Ethernet LANs.
Introduction The ATX uses a standardized internal format called canonical format, for packet translation. (Refer to Appendix B, Packet Translation Procedure for an explanation of the packet translation procedure.) The ATX converts all incoming packets into its internal format and then converts each packet from its internal format to either FDDI, Ethernet, or Token Ring format, depending on the packet's destination. The ATX can interoperate with other vendors' translating bridges.
Introduction private/enterprise/sigma/ecs1/admin/config. The default setting for this MIB is 0. Query the MIB and change this value to the address of the SNMP management station, then SET. If the [configNMSAddress] MIB is not changed, traps are sent to the last SNMP manager which polled the device. 1.8.1 IP Routing IP routing allows end-nodes to send packets to end-nodes elsewhere on the network using the IP protocol suite.
Introduction destination device. If the device is on the network, it will respond with its hardware address. Reverse Address Resolution Protocol (RARP) If the ATX is not configured with an IP address, it uses reverse ARP (RARP), to send out broadcasts of its physical hardware address to find its IP address. Proxy ARP Proxy ARP provides a mechanism whereby the ATX can respond to an ARP request on behalf of a device that is located on a network behind it.
Introduction 1.8.2 Multiple IP Networks Per Port RE NMS PORT T SE A B ps LY LY Gb 6 1. ER W PP PP SU PO EN TM SU FastNET ATX GI STAT TU NE US RB ST O AT ST US AT US The ATX’s routing software allows you to configure a single IP network to span multiple physical network segments (ATX ports). This enables you to configure multiple physical networks as one logical network. PACKET PROCESSING ENGINE POWER OCTAL IEEE 802.
Introduction B ps LY RE NMS PORT T SE PP Gb 1. SU 6 PP LY A TM SU PO FastNET ATX W ER EN GI STAT TU NE US RB ST O AT ST US AT US In addition, by overlapping logical networks, a user who moves to another physical network segment can remain on the same logical network and retain their net/host IP address, even if he or she is sharing the new physical network segment with other logical networks.
Introduction upon the operating system or TCP/IP being used. The host becomes aware of a gateway in one of three ways: • The host is manually configured with a default gateway address. • The host is listening to Routing Information Protocol (RIP) broadcasts. • The host is participating in the router discovery protocol (ICMP). When using LCM each ATX port can be configured for zero or more IP addresses, with associated subnet masks. Each IP address defines an IP subnetwork.
Introduction addressing (i.e., those IP addresses with 1110 as their high-order four bits). Using Internet standard dotted decimal notation, host group IP addresses range from 224.0.0.0 to 239.255.255.255. The IP address 224.0.0.1 is assigned to the permanent group of all IP hosts. Members of a host group can: • Join and leave the host group at any time • Be included as a member in multiple host groups. A host group can be permanent or temporary.
Introduction For example, in Figure 1-8, LANs B, C, and D are bridged to backbone LAN A. A packet originating from LAN C destined to the host group member on LAN B will traverse LANs C and A but not LAN D. Similarly, an IP multicast packet destined to the group member on LAN B that originated on that LAN will not be forwarded to the other LANS.
Introduction NMS PORT 5X 6X 7X LINK 1X 2X 3X 4X 5X 6X 7X 3 4 5 6 7 8 TX 16 TX 16 RX TX RX TX 16 OFFLINE SEGMENT 1 PROC PWR RX TX 16 OFFLINE INTELLIGENT FDDI TH RU WR AP RX TX X P T R W MULTI-MODE SEGMENT 1 FDDI MIC A TX PWR OFFLINE OFFLINE QUAD IEEE 802.
Introduction The architecture behind source-routing bridges is that a packet header containing a route is inserted by the source end-station. For the source end-station to discover a route to a destination endstation, it must learn of a route by transmitting a special type of packet called an explorer packet.The explorer packet is duplicated by source-routing bridges as it discovers possible route choices. A copy of the explorer packet is sent over every possible route.
Introduction destination source data multicast bit=0 (not a source-routing packet) destination source RI data multicast bit set (source-routing packet) Figure 1-12. Packet Headers With And Without Source-routing Bit Set In TCP/IP hosts, an explorer packet exchange is normally accomplished as part of the Address Resolution Protocol (ARP). ARP is used to dynamically map IP addresses to MAC addresses. The resulting source route is kept as part of the ARP cache.
Introduction • Transmit IP multicast packets as single route explorer packets. • Transmit subnet-specific broadcasts as single route explorer packets. 1.8.5 Configuring IP Routing Over Source Routing The IP routing over source-routing feature is integrated with the multiple IP networks per ATX port feature. Configuration is specified for each binding of an IP subnet. • No source-routing - ARP requests are sent as transparent explorer packet. This is normal for non-Token Ring LANs.
Introduction Routing Information Protocol (RIP) RIP is one of the protocols that allows the ATX to build an accurate, current routing table. Routers, including the ATX, send out broadcasts every 60 seconds advertising the networks they know about, the routes to those networks, and the number of hops to get to there. In this way the ATX is constantly up-to-date on the state of its neighboring networks.
Introduction 1.8.7 Appletalk Routing AppleTalk routing allows end-nodes to send packets to and receive packets from other end-nodes through the use of AppleTalk Phase 2 protocol. The ATX stores a table of routing information it learns through Routing Table Maintenance Protocol (RTMP) packets sent out by other routers. The ATX also sends out RTMP packets to let other routers know of the routes it has learned. By storing the RTMP packets, the ATX knows where to forward packets it receives.
Introduction to an address. In the ATX implementation, the maximum number of zones that a router may be configured is 22 ports. Each configured zone may be available on any subset of ports. How a Macintosh learns its address A Macintosh learns its network address automatically; you don’t have to assign addresses. This process is called address acquisition and is performed every time a Macintosh enables its datalink, either automatically at start-up or using the network control panel.
Introduction receives a response, it knows its network range and then performs additional AARP probes to choose a host number. The router then sends RTMP requests to begin building its routing table. Next the router asks other routers for a list of zones so it can create a zone list. Although a router maintains a list of zones, it does not reside in a zone the way an end-node does. Note: An AppleTalk internet router cannot have two ports connected to the same network.
Introduction A router that learns its network address from a seed router shows a status of garnered; meaning you did not configure it. 1.
B ps RE NMS PORT T SE LY Gb PP 1.6 SU PP LY A TM SU PO EN FastNET ATX WE R GI STAT TU NE US RB ST O AT ST US AT US Introduction PACKET PROCESSING ENGINE POWER OCTAL IEEE 802.3 / ETHERNET 10BASE-T SEGMENT 1X 2X 3X 4X 5X 6X 7X 8X LINK PROC ACT COL 1 2 3 4 5 6 7 8 PWR OFFLINE QUAD IEEE 802.
Introduction B ps RE NMS PORT T SE LY Gb PP 1.6 PP LY A TM SU FastNET ATX SU PO WE EN R GI STAT TU NE US RB ST O AT ST US AT US To solve this problem, you could connect A to B with one trunk group, and connect B to C with a second trunk group. PACKET PROCESSING ENGINE POWER OCTAL IEEE 802.3 / ETHERNET 10BASE-T SEGMENT 1X 2X 3X 4X 5X 6X 7X 8X LINK PROC ACT COL 1 2 3 4 5 6 7 8 PWR OFFLINE QUAD IEEE 802.
Introduction 1.10.1 Command Syntax Conventions The following conventions apply as you use LCM commands: • Press the Return key to execute a command after you type it in. • A port range is either a single port number, or a list of port numbers separated by commas or hyphens. For example, “3” is port 3; “3, 7” are ports 3 and 7; “3-5” are ports 3, 4, and 5; and “35, 7” are ports 3, 4, 5, and 7. • To quit any command press the Control-C keys (^C or Ctrl-C).
Introduction 1.10.2 Basic LCM Commands The basic LCM commands allow you to get help and log out. LCM commands used for configuring your ATX are described in the configuration chapters. When you want to use LCM, begin by pressing the Return key several times to get the LCM prompt (ATX >). Note: The LCM prompt (ATX>) does not appear on the screen immediately. Pressing the Return key repeatedly brings up the LCM prompt. RETURN is the default password. exit Logs you out of LCM.
Introduction [clear|[overwrite|stopwhenfull][add|del][FILTERS]] eventtrap {on | off} to set or display event filter to manage event/SNMP trap mapping exit or logout to logout filters {display|modify|add|delete} to manage port filters help or ? this menu ident for software version and board IDs ipaddr [PORTS {a|cl|de|di} [ADR [MSK]]] to set or display IP addresses iproute [PORT-RANGE [OPTIONS]] to set IP routing methods ipxaddr [[[PORT#] NETWORK] FRAMING] to set IPX Network addresses ipxrout
Introduction Usage: bridge [PORT-RANGE [{off | transparent | sr | srt} [noBPDU]]] ATX> id Software Currently Running: Release ATX 3.3.09 12-Mar-97 Next Bootstrap (2nd bank) : Release ATX 3.3.
Introduction Usage: nbcache [PORT-RANGE [{off | on}]] Usage: nbname {display|delete} [big] {|any} Usage: ping [-rvsx] host [datasize [count]] -r = record route -v = verbose -s = send one packet per second continuously -x = send packets continuously w/o delay Usage: pvc [{disp|add|delete|clearall}] PORT# VPI_RX VCI_RX VPI_TX VCI_TX [VIFN|PHYSPORT] Usage: Usage: srtb [{ip|ipx|other|all} {on|off}] [ste|are] translate [PORT-RANGE [{arp|bootp|srArp|ipx|ipxsr|apple|none|netbios|sna|all} OPTI
Introduction [{arp|bootp|srArp|ipx|ipxsr|apple|none|netbios|sna|all} OPTION]] Port 2 is not configured for token ring. Port 3 is not configured for token ring. Port 4 is not configured for token ring. Port 5 is not configured for token ring. Port 6: no translations. Port 7 multimedia translations: sna passBoth Port 8 multimedia translations: arp oneto6swap Port 9 multimedia translations: arp oneto6swap Port 10 is not configured for token ring. Port 11 is not configured for token ring.
Introduction 1-46
CHAPTER 2 INSTALLING AND CONNECTING TO THE NETWORK Carefully unpack the ATX from the shipping carton and inspect it for possible damage. If any damage is evident, contact Cabletron Systems Technical Support. You can also order additional modules separately. The shipping carton contains: • The ATX chassis. • Two power cords. • Documentation – In addition to this manual, the ATX MIB Reference Guide and Release Notes are also included.
Installing and Connecting to the Network S s B bp R ES ET G 1.6 P U S S U P P LY P LY A S S TU TU TU TA TA TA S S E R O E IN B W G R N O TU E P TM S FastNET ATX NMS PORT PACKET PROCESSING ENGINE POWER OCTAL IEEE 802.3 / ETHERNET 10BASE-T SEGMENT 1X 2X 3X 4X 5X 6X 7X 8X LINK PROC ACT COL 1 2 3 4 5 6 7 8 OFFLINE PWR QUAD IEEE 802.
Installing and Connecting to the Network ATX switches and their functions are described in Table 2-2. Refer to the module documentation for a description of the switches for that module. Table 2-2. Description Of ATX Switches Switch RESET 1 0 Function Restarts the system software. Turns the power supply on or off. The power is on when the rocker switch is on 1. There is a switch for each power supply. 2.
Installing and Connecting to the Network ATX ES/1 ? PO WE R S US S ATU AT ATU B A ST E ST ST LY LY O PP PP GIN RB TU SU SU EN POWER FDDI MIC B OPTICAL BYPASS AC T TH RU WR AP AC RING A Fasteners T TH RU WR AP R WE PO ST Elite SwitchingHub ES/1 RE SE T PACKET PROCESSING ENGINE NMS PORT FDDI MIC A US AT RX TX RING B HIGH SPEED SERIAL INTERFACE / RS-449 RS-449 DCE RXPROC HSSI HSSI RS-449 LINK TWPWR OFFLINE SEGMENT 1 OFFLINE QUAD IEEE 802.
Installing and Connecting to the Network The ATX should now be ready for operation after completing its automatic power-up diagnostics sequence and is connected to the network. 2.3.1 Checking the Power-up Sequence Before connecting the ATX to any other devices, power on the unit and observe the power-up diagnostics sequence to check for proper operation as described below. The power-up diagnostics sequence completes in approximately 45 seconds depending on the number and type of modules installed.
Installing and Connecting to the Network S US US TU AT AT TA ST ST S E O ER IN W G RB PO TU EN Layer 1 Y PL P SU A Y PL ON if redundant Packet Processing Engine FDDI modules (3F00-01 and 3F55-01) B P SU C P RU RA RX W O PR TH RING A RING B TX PWR RX ST Proc TX 16 Power LINK RX Proc COL TX Power Token Ring modules (3T02-04 and 3T01-04) (16 LED ON if set for 16Mbps ring speed) Ethernet modules (3E02-04 and 3E08-04) 10BASE-T or 10BASE-FL Fast Ethernet modules (3H08-04, 3H02-04 and
Installing and Connecting to the Network supplies. LEDs are described in Table 2-1. When you power up your ATX, the following occurs: 1. All LEDs turn on briefly (this does not apply to all Ethernet Switch models, refer to the Ethernet Switch Module User Guide). 2. Individual module LEDs become active, starting with the LEDs on the PPE and continuing downward until all the modules have completed power-up diagnostics. a.
Installing and Connecting to the Network 2. Observe the power-up sequence again. 3. If the power-up sequence is still abnormal, contact Cabletron Systems Technical Support, See Chapter 1, Getting Help. Replacing the Power Supply It is critical that the power supply inserted into the top slot of the ATX chassis be installed very carefully if you are installing it while the ATX is powered on.
Installing and Connecting to the Network Power supply must be under these tabs PSA PSB Power supply must rest on this support shelf Figure 2-4. Chassis With Power Supply A Positioning Tabs And Supporting Shelf Indicated To replace the power supply in slot A (the top slot) 1. Turn power switch on Power Supply A (PSA) off. 2. Remove the two thumb screws holding the power supply in place. 3. Pull the power supply straight out. 4.
Installing and Connecting to the Network PSA PSB Figure 2-5. ATX With Power Supply A Position Indicated 2.4 CONNECTING THE LOCAL CONSOLE MANAGER The Local Console Manager is a tool for configuring, monitoring, and managing the ATX through an out-of-band RS-232 connection. To connect LCM: 1. Attach a null modem at either the terminal end or the ATX port end. The null modem cable should be a female DB-25 cable. Pinout information is listed in Appendix C, Null Modem Cable Pinouts. 2.
Installing and Connecting to the Network 3. Set the terminal to 9600 baud, 8 data bits, 1 stop bit, and no parity. 4. Press the Return key a few times. If the ATX is powered on, it will respond with its prompt ATX>. LCM is now ready to use. Refer to Chapter 1, Local Console Manager for a general overview of LCM and the command syntax. Commands for configuring, monitoring and managing, and filters are provided in the chapters dealing with those topics.
Installing and Connecting to the Network 2-12
CHAPTER 3 CONFIGURING The ATX does not require any additional configuration to operate as a standard transparent bridge. However, if you want it to communicate with an SNMP manager, you have to assign an IP address to the port through which you will be communicating with the SNMP manager. If you want the ATX to perform IP, IPX routing, or AppleTalk, you need to do some configuring.
Configuring A LAN 1 B C LAN 2 LAN 3 Figure 3-1. Typical Bridging Application Bridges regulate network traffic on the basis of the source and destination addresses that are in each data packet. Bridges are protocol-transparent, meaning they can handle different types of traffic regardless of the network protocol, for example, IP and IPX. A bridge reads the source and destination address of every data packet it receives and from this information determines where to send the packet.
Configuring As a bridge reads addresses from the packets it processes, it builds an address table. In this way, it learns the addresses of connected devices. New devices can be added to the network, addresses can be changed, and devices can be removed from the network, without reconfiguring the bridge. 3.1.1 Enabling Bridging Functions The bridging functions you can enable for the ATX include: • Transparent – End nodes take no part in routing; thus, a transparent bridge places no burden on end nodes.
Configuring transparent bridging on port 2. LCM responds: Port 2 bridging: SRT (segment = 1 bridge = 9) To change the bridging functions for a port, re-issue the bridge command (as described above), using the new option. To set the segment number, use the srsegment command and to set the bridge number use the srbridge command. The default value for the bridge and segment numbers is 0 (zero). Note: In order to accomplish routing tasks, the ATX must be configured to recognize hexadecimal references.
Configuring [noBPDU]]] Port Port Port Port . . . Port 2 3 4 5 bridging: bridging: bridging: bridging: Transparent/Translating SRT (segment = 1 bridge = 9) SR (segment = 41 bridge = 9) Transparent/Translating 21 bridging: Transparent/Translating You could also type: bridge to look at a specific port or ports. For example bridge 2-4 would display bridging functions for ports 2, 3, and 4. 3.1.3 Disabling Bridging To turn off the bridging functions for a port or port range: 1.
Configuring • Class A addresses are used in very large networks that support many nodes. The first byte identifies the network and the other three bytes identify the node. The first byte of a class A address must be in the range 1-126. The address 100.125.110.10 would identify node 125.110.10 on network 100. • Class B addresses are used for medium sized networks. The first two bytes identify the network and the last two identify the node. The first byte of a class B address must be in the range 128191.
Configuring 3.2.3 Changing a Subnet Mask You can optionally set the subnet mask for a port. If the subnet mask is 0.0.0.0, the ATX will automatically convert the displayed mask to the standard default, based on the port’s IP address class. (Class A address masks are 255.0.0.0, Class B address masks are 255.255.0.0, Class C address masks are 255.255.255.0.) To change the subnet mask: 1. Type: ipaddr For example, ipaddr 6 192.138.217.40 255.255.240.
Configuring Table 3-1. Displaying IP Addresses Port IP Address Address Mask MAC Address 8 192.138.217.50 255.255.255.0 00:40:27:00:06:9e 9 192.138.217.30 255.255.255.0 00:40:27:00:04:b4 3.2.5 Enabling IP Routing Functions The IP routing functions you can enable for ports on the ATX may be any combination of the following: • Off – no IP routing at all. • On – IP routing, but no inter-router protocols.
Configuring Type: iproute For example, iproute 5-6 rip bootp would enable routing on ports 5 and 6 with the RIP and bootp options on. LCM responds: Port 5 routing: IP Routing, RIP, Bootp relay Port 6 routing: IP Routing, RIP, Bootp relay 3.2.6 Adding an IP Address to a Port To add an IP address to an ATX port: Type: ipaddr add
Configuring Port IP Address Address Mask MAC Address 7 192.138.217.20 255.255.255.0 00:40:27:00:04:4a 8 192.138.217.50 255.255.255.0 00:40:27:00:06:9e 9 192.138.217.30 255.255.255.0 00:40:27:00:04:b4 Note: All IP addresses sharing a common subnet must use the same subnet mask. In addition, two IP addresses assigned to the same physical interface must belong to distinct IP subnetworks.
Configuring addresses on port 2. LCM responds by prompting for the next command. To display the current IP Address Table, type ipaddr with no arguments. Note: Before you may issue the clearAll command to an ATX port, IP routing must be disabled for that port. To re-enable routing for the port, an IP address must be assigned. 3.2.9 IP Multicast Routing LCM Commands The iproute command displays the IP routing functions enabled for each port.
Configuring 3.2.10 Displaying IP Routing Functions To display the IP routing functions that are enabled for all ports: Type: iproute LCM responds with a list of all ports and the routing functions that are enabled. Usage: iproute [PORT-RANGE] [off] [on] [rip] [proxy] [bootp]] Port 2 routing: IP Routing, RIP Port 3 routing: IP Routing, RIP Bootp relay Port 4 routing: IPX Port 5 routing: IP Routing, Proxy ARP . . .
Configuring 3.3.1 Assigning an IPX Address IPX addresses for each port must be unique and non-zero. When you assign an address, you can also designate the frame type. Frame types are listed below with the value you enter listed in parenthesis: • Ethernet 2 (ethernet2) • Raw 8023, the default for Ethernet (ethernet802.3) • 8022, the default for Token-Ring and FDDI (llc802.2 or ethernet802.
Configuring Type: ipxaddress Table 3-2. Displaying IPX Addresses Port IPX Network Node ID Framing 2 0x11223344 00:40:27:00:06:1f Ethernet 802.3 3 0x55667788 00:40:27:00:06:c3 Ethernet 802.3 4 0x99001122 00:40:27:00:06:3e Ethernet 802.3 5 0x33445566 00:40:27:00:03:7a LLC 802.2 6 0x12345678 00:40:27:00:05:c7 Ethernet 802.3 7 0x77665544 00:40:27:00:04:4a LLC 802.2 8 0x31265488 00:40:27:00:06:9e Ethernet 802.3 9 0x22446688 00:40:27:00:04:b4 Ethernet 802.3 3.3.
Configuring 3.3.4 Displaying IPX Routing Functions To display the IPX routing functions that are enabled for all ports: Type: ipxroute LCM responds with a list of all ports and the routing functions that are enabled. Usage: ipxroute [PORT-RANGE [{off | on | sr}]] Port Port Port Port . . . Port 2 3 4 5 IPX IPX IPX IPX routing: routing: routing: routing: enabled enabled enabled enabled 21 IPX routing: enabled You could also type: ipxroute to look at a specific port or ports.
Configuring their network number. Refer to Chapter 1, Appletalk Routing for a conceptual overview of AppleTalk routing, including the concept of a seed router. Whenever you enable a port, it goes through the process of acquiring its address again. Once the network has been seeded, a newly enabled port takes its network information from the other routers on the network. 3.4.1 Enabling AppleTalk Routing To enable AppleTalk routing on a port or port range: Type: atroute on.
Configuring Port 8 AppleTalk routing: enabled . . . Port 21 AppleTalk routing: disabled 3.4.3 Disabling AppleTalk Routing AppleTalk routing can be disabled on a per port basis using LCM. AppleTalk packets that are received on disabled ports are discarded. To disable AppleTalk routing on a port or port range: Type: atroute off. For example, atroute 4–8 off would disable AppleTalk routing on ports 4, 5, 6, 7, and 8.
Configuring the previously seeded information. You can create a new network range by using the ataddr command to assign a new range. However, if the network has already been seeded, the number you assign will not be used; the seeded information takes precedence. To assign a network number: Type: ataddr – For example, ataddr 4 5–10 would create the network number range 5–10 on port 4. LCM responds: Port CFG-Range Active Range DDP-Addr 4 5-10 0-0 0.
Configuring 3.4.5 Displaying the Network Number You can find the current network range for any port on which AppleTalk routing is enabled by using LCM. To find the network number for a port: Type: ataddr LCM responds: Usage: ataddr [ ] Port CFG-Range Active Range DDP-Addr 2 3 4 0-0 300-400 100-200 0-0 298-400 100-200 0.0 300.2 300.
Configuring Port 6 Engineering To make the zone name you are adding the designated default zone name: Type: atzone <“zone name”> on default. For example, atzone 6 “Engineering” on default, would create the default zone name Engineering on port 6. LCM responds: AppleTalk Zones Port 6 (default)Engineering 3.4.7 Displaying a Zone Name You can use LCM to display AppleTalk zone names that are currently assigned.
Configuring additional hardware on your network. You can use LCM to configure trunking. You can enable trunking between ATXs or between an ATX and a Fast Network 10. For more information on trunking, see section, 1.9 Trunking. 3.5.1 Enabling Trunking To enable trunking you would: 1. Connect the desired ports of the ATXs together using the appropriate cables. ATX A is handling only a small traffic load. Therefore, the A to B trunk group has just two ports per ATX.
Configuring group is momentarily halted to guarantee the first-in, first-out ordering of the Ethernet packets. Note: The ATX-to-ATX connections must be point-to-point. There cannot be any other devices on those LAN segments. The ports used for trunking can be in any order. However, both ends of the ATXto-ATX connections must have trunking enabled for the ports that are being used for the connections. 3.5.
Configuring For example, if you configure port 3 to accept no more than 5 multicasts per 60 seconds, any multicasts destined for port 3 are discarded after the first 5. After 60 seconds have elapsed, another 5 multicasts to port 3 will be allowed. This maintains an effective maximum rate of 5 multicast packets per minute. 3.7 MODIFYING MIB VARIABLES Specific instructions for controlling ATX operations, modifying parameters, etc., depend on the NMS you are using.
Configuring 3.7.2 System Name The system name is a name assigned to the ATX by the network administrator. By convention, the system name is the fully qualified domain name. (This name then becomes the LCM prompt.) sysName - {system 5} DisplayString (SIZE (0..255)) 3.7.3 System Location The system location identifies the physical location of the ATX. sysLocation - {system 6} DisplayString (SIZE (0..255)) 3.7.
Configuring Note: configAnyPass permits read-write access. configGetPass permits read only access. Get Password The get password variable (configGetPass) must be set to the value of the community name used by the SNMP manager for performing get operations. A zero length password means that any community name is acceptable. configGetPass - {config 3} DisplayString (SIZE (0..24)) Aging Parameter Dynamic (learned) addresses are automatically deleted from the ATX address table after a certain length of time.
Configuring Configuration Alarm Dynamic When the ATX learns a new address or ages (deletes) an old address it may or may not send a trap based on the value of this variable. configAlarmDynamic, addrAlarmMAC 3.8 CONFIGURING NETBIOS NAME CACHING The Netbios name caching function initially comes up disabled. To enable or disable name caching, the ports to enable must be provided. If you enable a port for Netbios Name Caching, you’ve turned on the capability to learn the netbios names coming from that port.
Configuring value of the Netbios aging timer. The age-timeout argument can be modified and is interpreted in terms of seconds. This timer is the amount of time a Netbios name remains in cache without activity. The default will be the same as that for spanning tree which is 5 minutes or 300 seconds. To empty out all entries from cache, one can set the timeout to zero. The default value is 300 seconds. nbtimer [age_timeout] The nbname command requires at least one argument.
Configuring workgroup mktg 11,12-18 ipx 0x1234 3.10 CLASSIFICATION When a broadcast packet is received on a workgroup defined port, the packet is classified as being IP (IP, ARP or RARP), IPX(SAP, RIP, SPX or NCP) or ALL (any protocol type). Based on this classification, the broadcast will only be forwarded to the ports within that workgroup. If there is no workgroup defined for the receiving port the broadcast is forwarded out all other ports regardless of the exiting port’s workgroup configuration. 3.
Configuring Broadcast from C will only be seen by A, B and D Broadcast from D will only be seen by C Broadcast from E will be seen by all forwarding ports 3.10.2 Workgroup of Type IP The destination IP address within the broadcast packet is used to determine the workgroup (see Example #2). This IP address is matched against the IP network address and IP network mask defined in the workgroup for the receiving port.
Configuring ATX LAN Switch A P3 P4 P7 P5 B C E P6 D An ARP from: A or B destined for 100.100.1.xxx will only be seen by A, B and C A or B destined for 100.100.2.xxx will only be seen by A, B and C A or B destined for 100.100.3.xxx will only be seen by A, B and C C destined for 100.100.1.xxx will only be seen by D C destined for 100.100.2.xxx will be seen by all forwarding ports C destined for 100.100.3.xxx will be seen by all forwarding ports D destined for 100.100.1.
Configuring 3.10.3 Workgroup of Type IPX To determine the workgroup of an IPX broadcast the destination IPX network number is used (see Example #3). If the destination IPX network number is zero, the packet is forwarded out all of the IPX workgroups for the receiving port. If the broadcast has a nonzero IPX network number, there are a few possibilities. The IPX workgroup with the same IPX network number is used.
Configuring C destined for the 0x1234 network will only be seen by D C destined for the 0x999 network will be seen by all forwarding ports C destined for the 0x000 network will only be seen by D D destined for the 0x1234 network will only be seen by C D destined for the 0x999 network will be seen by all forwarding ports D destined for the 0x000 network will only be seen by C E destined for the 0x1234 network will be seen by all forwarding ports E destined for the 0x999 network will stay local to E E dest
Configuring A SAP from: A or B destined for the 0x1234 network will only be seen by A, B and C A or B destined for the 0x999 network will only be seen by A, B and C A or B destined for the 0x000 network will only be seen by A, B and C C destined for the 0x1234 network will only be seen by D and E C destined for the 0x999 network will only be seen by D and E C destined for the 0x000 network will only be seen by D and E D destined for the 0x1234 network will only be seen by C and E D destined for the 0x999
Configuring C sends an IP packet destined for any network other than 100.100.1.0 the broadcast is forwarded out every other forwarding port. Even though port 5 is a member of two workgroups it does not fall back to the RED workgroup’s criteria. 3.10.5 Workgroup to Workgroup Communication This type of communication can only be achieved by routing. With the ATX LAN Switch having the ability to route IP packets, it will route between IP workgroups (See Example #5).
Configuring ipaddress P7 134.141.200.7 255.255.255.0 ATX LAN Switch A P3 P4 P7 P5 B C E P6 D Results: • Stations A, B and C IP communication will be switched between ports 3, 4 and 5 since they are on the same subnet of 100. • Stations D and E IP communication will be switched between ports 6 and 7. • If A, B or C needs to communicate with D or E and vice versa. The receiving port will have the ability to route the packet to the 200 or 100 subnet respectively since routing is enabled on all ports.
Configuring The LCM command format for Remote Port Mirroring is: Local ATX (in reference to the diagnostic port) mirror remote off off - to turn remote port mirroring off mirror remote to port# oversized port# - the diagnostic port on the local ATX oversized - discard or truncate; what to do with oversized packets Remote ATX (in reference to the diagnostic port) mirror port-range off off - to turn remote port mirroring off mirror port-range to Ipaddr port-range - range of mirrored ports on remote ATX Ipadd
Configuring Furthermore, mirroring traffic of a higher speed interface out to a lower speed interface may impose a strain on performance (e.g. capturing FDDI traffics to a 4 Mbps Token Ring). When the size of the mirrored packet exceeds the size of the maximum transport unit (MTU) of the diagnostic port, the packet is labeled as oversized. As an option for local mirroring in an intermixed mode, the ATX can be configured to truncate or discard oversized packets. 3.11.
Configuring 3.11.3 Mirrored Filters The ATX also allows you (via the existing port filtering feature; (Chapter 5 in the ATX LAN Switch User’s Guide) to establish “mirror filters” which can help reduce the amount of traffic seen by the diagnostic port. Using a “mirror filter,” you can restrict the amount of monitored traffic by filtering inbound or outbound packets according to source and destination addresses, packet types, frame protocols and offsets within the data field.
Configuring Mirror Filters with LOCAL Port Mirroring: • Desired - analyze IP traffic from station A (on P2) to station B (on P3) and vice versa • Implementation - add a PMEntry and PMExit filter to ports 2 and 3 with Protocol Type of 800(type IP in hex). The reason for a PMEntry and PMExit filter is when A and B communicate there is communication both ways, i.e. IP packets are transmitted and received by P2. 3.11.
Configuring Config on ATX #2 mirror remote 2 to 134.141.100.1 Mirror Filters with REMOTE Port Mirroring: • Desired - to see packets from station A (on P2) only • Implementation - add a PMEntry filter to port 2 on ATX #2 with station A’s MAC address as the source address in the filter. 3.12 IPX ROUTING OVER SOURCE ROUTE COMMANDS Command ipxroute is expanded with additional option sr to support IPX SR on token ring and FDDI ports. Option sr implies on.
Configuring 3.15 EVENT LOGGING COMMANDS The Event Log is established using the LCM. New LCM commands have been added in order to manage the event logging. There are 3 new LCM commands: 3.15.
Configuring option will turn off event logging. The event logging entries will be kept in a circular buffer, and the logging entries will be overwritten if necessary. If the “stopwhenfull” option is given, the logging mechanism will cease entering logging entries into the event logging queue once it is full. By default, entries will be overwritten. 3.15.
Configuring networks like Ethernet and FDDI. RIF is not supported on Ethernet networks and is seldom used on FDDI networks. In order to merge source routed Token Ring networks with transparent Ethernet or FDDI networks the ATX must strip the RIF when communicating to Ethernet or FDDI and insert the RIF when communicating back to Token Ring. Source route networks contain the following features and parameters: • SRTB is a global parameter and is enabled only on Token Ring ports with SRT bridging mode.
Configuring Other - enables stripping and caching of RIF on AppleTalk, SNA and NetBIOS frames All - enables stripping and caching of RIF on IP, IPX and OTHER (default when enabled) On - enables SRTB globally; enabled per port when SRT is switching mode Off - disables SRTB globally (default) STE - enables the ATX to use a Spanning Tree Explorer frame when transmitting onto a Source Route network that it does not have a RIF entry for (default when enabled) ARE - enables the ATX to use a All Route Explorer fr
Configuring Table 3-3 SRTB USAGE IN THE ATX Entrance Port Config Exit Port Config Strip and Cache Append RIF from Data Base Forward as: SRT-TP FRAME (FDDI or TR) SRT (TR only) NO YES ARE OR STE (null RIF) SRT-SR FRAME (FDDI or TR) SRT (TR only) NO NO SOURCE ROUTE SRT-TP FRAME (TR only) SRT (TR only) NO YES SOURCE ROUTE SRT-SR FRAME (TR only) SRT (TR only) NO NO SOURCE ROUTE SRT (TR only) TP (Eth, FDDI or TR) YES NO TRANSPARENT SRT (TR only) SR (TR only) NO NO SOURCE ROUT
Configuring and NetBIOS frames. All other protocols will NOT have their RIF cached. Support for other protocols will be in future releases. Example #1: Port 1 is configured for transparent Port 2 is configured for source route transparent SRTB is enabled LCM Commands: bridge 1 transparent bridge 2 SRT SRTB all on ARE A BRIDGE F SR ONLY BRIDGE ATX P2 P1 LAN SWITCH RING 1 B RING 2 Station A sends out a broadcast for station B.
Configuring Example 2: Port 1 is configured for Transparent Port 2 is configured for Source Route Transparent Port 3 is configured for Source Route SRTB is enabled globally LCM Commands: bridge 1 transparent bridge 2 SRT bridge 3 SR SRTB all on ARE A ETHERNET BRIDGE 1 ATX P1 LAN P2 SWITCH B RING 1 P3 C RING 2 Station A sends out a broadcast for station B. The ATX will see that station A resides on P1 and enter station A into the Bridge Address Table with no RIF associated.
Configuring Scenario 2 Station C sends out a broadcast for station B. The frame from station C will have a Null RIF (2 bytes). Since the ATX’s P3 is configured for SR, the ATX will add Ring 2, Bridge 1 to the frame and send it out P2. The conversation between station B and C will be source routed and the ATX will behave like a SR bridge. The conversation between station B and C will be source routed and the ATX will behave like a SR bridge.
Configuring UNSUPPORTED CONFIGURATION FDDI ATX LAN SWITCH WITH SRTB ENABLED ATX LAN SWITCH WITH SRTB ENABLED TR TR SOURCE ROUTE BRIDGE SOURCE ROUTE BRIDGE TR STATION A Example #4: Maximum Transmit Unit The maximum frame size on FDDI is 4500 bytes, maximum on Ethernet is 1518 bytes and the maximum on Token Ring is 17800 bytes. As you can see when transmitting a TR frame over Ethernet or FDDI via a bridge, there could be a frame size conflict.
Configuring describe a few configurations and possible solutions that address this problem. A B ATX WITH SRTB ENABLED SR ONLY BRIDGE C FDDI ATX WITH SRTB ENABLED SR ONLY BRIDGE D Scenario 1: Local Stations Problem: Assume station A has already communicated and the ATX has learned it as a local transparent station. If station A has a MTU of anything greater than 4500 and wants to transfer a file to station B, it will not work.
Configuring Scenario 2: Stations across a Source Route only bridge Problem: Assume station C has already communicated and the ATX has learned the RIF associated with it. If station C has a MTU of anything larger than 4500 and wants to transfer a file to station D, it will not work. Reason: The ATX does have the Routing Control field to tell station C that it can’t handle a 4500 frame size but the default for the ATX is 8144.
Configuring 3-52
CHAPTER 4 MONITORING AND MANAGING THE ATX Monitoring your ATX consists of collecting and analyzing statistics and status information. You can use LCM to gather some information, but you need to use an NMS as your primary tool. Managing your ATX consists of bringing modules on or offline, disabling or enabling ports, setting the community name for the ATX, and changing the console baud rate, all of which can be done using LCM. 4.
Monitoring and Managing the ATX • General status and statistics • IP status and statistics • ICMP status and statistics • UDP status and statistics • SNMP status and statistics • Spanning Tree status and statistics. Note: All statistics counters are cleared when the ATX is reset. Counters for individual ports are reset when the module is disabled and then re-enabled. Module statistics are generic to all modules and are included in this chapter.
Monitoring and Managing the ATX • Number of packets that were sourced from outside a network that were not forwarded to the network. • Number of packets with CRC errors on each network. The following are the statistics collected by the ATX for each endnode: • Number of seconds since the end-node last sent a packet on the network. • Number of packets generated by the end-node. • Number of bytes generated by the end-node. • Number of packets generated by the end-node with destination outside of its network.
Monitoring and Managing the ATX 4.1.1 General Status and Statistics The following statistics profile the general status of the ATX. (The MIB variable that collects the statistics is provided in square brackets.) • The number of centiseconds (hundredth of a second) since the ATX was last reset. [sysUpTime] • What the ATX is being used for: bridging, IP Routing, or Bridging and IP Routing. [sysServices] • The physical location of the ATX.
Monitoring and Managing the ATX • The total number of IP packets received from all ports (including the UART). [ipInReceives] • The number of packets received that were discarded by IP due to errors in the IP header. [ipInHdrErrors] • The number of packets received that were discarded by IP due to an invalid (or non-routable) destination IP address in the IP header. [ipInAddrErrors] • The number of packets received that were routed by IP towards a final IP destination.
Monitoring and Managing the ATX • The number of IP fragments received which needed to be reassembled within this ATX. [ipReasmReqds] • The number of IP datagrams which were successfully reassembled. [ipReasmOKs] • The number of failures (for whatever reason: timed-out, errors, etc.) detected by the IP re-assembly algorithm. [ipReasmFails] • The number of IP datagrams that have been successfully fragmented within this ATX.
Monitoring and Managing the ATX • The number of ICMP Parameter Problem messages received. [icmpInParmProbs] • The number of ICMP Source Quench messages received. [icmpInSrcQuenchs] • The number of ICMP Redirect messages received. [icmpInRedirects] • The number of ICMP Echo (request) messages received. [icmpInEchos] • The number of ICMP Echo Reply messages received [icmpInEchoReps] • The number of ICMP Time-stamp (request) messages received.
Monitoring and Managing the ATX • The number of ICMP Parameter Problem messages sent. [icmpOutParmProbs] • The number of ICMP Source Quench messages sent. [icmpOutSrcQuenchs] • The number of ICMP Redirect messages sent. [icmpOutRedirects] • The number of ICMP Echo (request) messages sent. [icmpOutEchos] • The number of ICMP Echo Reply messages sent. [icmpOutEchoReps] • The number of ICMP Time-stamp (request) messages sent. [icmpOutTimestamps] • The number of ICMP Time-stamp Reply messages sent.
Monitoring and Managing the ATX level; all datagrams forwarded to UDP are always forwarded to the ATX's local management agent. [udpInErrors] • The total number of UDP datagrams sent from this ATX. [udpOutDatagrams] 4.1.5 SNMP Status and Statistics The following statistics relate specifically to SNMP. (The MIB variable that collects the statistics is provided in square brackets.) • The number of SNMP PDUs received by the ATX. [snmpInPkts] • The number of SNMP PDUs created by the ATX and passed to the PPE.
Monitoring and Managing the ATX • The total number of SNMP GetRequest PDUs received by the ATX, which have been processed with no errors. [snmpInGetRequests] • The total number of SNMP GetNext PDUs received by the ATX, which have been processed with no errors. [snmpInGetNexts] • The total number of SNMP SetRequest PDUs received by the ATX, which have been processed with no errors. [snmpInSetRequests] • The total number of SNMP PDUs created by the ATX, with a value of tooBig in the PDU's ErrorStatus.
Monitoring and Managing the ATX • Whether a topology change is currently in progress. [stTopChange] • If a topology change is in progress then this is the time since the topology change was initiated. If a topology change is not in progress then this is the time since a topology change was finished. [stTopChangeTime] 4.2 MODULE STATUS AND STATISTICS The status and statistics described in this section are applicable to all Input/Output Modules. • Whether the module's temperature is too hot.
Monitoring and Managing the ATX • The time, in centiseconds, since a packet was last received from the station. • The number of packets received from the station which were forwarded. • The number of packets transmitted to the station. You can configure the ATX to collect extended statistics by using an SNMP Manager to set the MIB variable ppeExtendStats to one. The ATX is shipped with no extended statistics collection as the default.
Monitoring and Managing the ATX address as source address match. [filterPktCnts] • Number of packets sent from Segment A to Station B. Configure pseudo source filter on port A with Station B's address as destination address match. [filterPktCnts] 4.3 MONITORING STATUS You can monitor the ATX with LCM, to see its status at a glance. The LCM commands that allow the monitoring the status of the ATX are described in the sections that follow. 4.3.
Monitoring and Managing the ATX Type: to display port 2 status... If you don’t want to view the status of each port, use the Ctrl-C keys to return to the LCM prompt. The status of the entire unit includes the number of learned addresses and the number of defined filters, plus the following information for each of the ATX’s modules: • Type – lists the module types; if there is no module present, the type will be listed as Vacant.
Monitoring and Managing the ATX • TempOk – indicates whether the module is overheating. Normal is displayed when the module temperature is within range. Too-Hot is shown for abnormal temperature status. • Ports – lists the port numbers of the ports on the module. 4.3.2 Displaying MAC Addresses The addresses display any command displays all MAC addresses.
Monitoring and Managing the ATX Address 08:00:20:02:3a:44 00:40:27:03:b7:21 00:80:20:a2:3b:0a Type Learned Static Other Port Age(secs) Frames-from Frames-to 3 26 1 0 5 5 17110 195 4 1 1423 121 Enter to continue, Ctrl-C to exit: To display a specific address: Type: addresses display For example, if you typed, addresses display 02:04:06:03:2a:43, LCM would display the following information: Address Type Port Age(secs) Frames-from 02:04:06:03:2a:43 Learned 5 21 1181 Frames-to 73
Monitoring and Managing the ATX Address Type Port Age(secs) Frames-from Frames-to 10 00 90 c1 d1 1d Learned 6 0 1036886 8624 10 00 04 20 c9 39 Learned 6 0 63995 4432 4.3.3 Displaying Manufacturing Information The ident command identifies ATX manufacturing information, including the version of software that has been saved in flash memory, the part number, revision number, and serial numbers of all of the modules. It also displays the length of time since the ATX was last rebooted.
Monitoring and Managing the ATX 4.4.1 Disabling a Port There may be times when you need to disable a specific port. Disabling a port effectively stops all of the bridging and IP routing functions for that port. Ports that have been disabled won’t be able to accept SNMP packets, and therefore can’t communicate with an NMS. To disable a port or port range: Type: disable For example, disable 7-9 would disable ports 7, 8, and 9.
Monitoring and Managing the ATX Enabling bridging/routing functions for port 7 Enabling bridging/routing functions for port 8 Enabling bridging/routing functions for port 9 You can use the bridge and iproute commands to see what functions are configured or to change the configuration. 4.4.3 Taking a Module Offline If you need to take a module offline, you can use LCM, or you can use the reset button on the module itself.
Monitoring and Managing the ATX 4.4.5 Setting The Baud Rate You can set the baud rate for your LCM console connection. The options for baud rate include: • 1200 • 2400 • 4800 • 9600 • 19200 Note: Make sure that the baud rate you set matches the baud rate setting for the terminal you are using. The default rate is 9600. To change the setting: Type: baud For example, baud 4800 would set the baud rate to 4800. LCM responds: Baud rate is 4800. 4.4.
Monitoring and Managing the ATX the MIB variable configAnyPass; you must then enter the community name to perform any gets or sets. What you type is not echoed to the screen, so you won’t see what you are typing. To assign a community name 1. Type: community 2. Enter the old community name. 3. If one hasn’t been assigned, you don’t need to enter anything. LCM prompts you for the new community name. 4. Enter the new community name. 5. LCM prompts you to verify the new community name by retyping it. 6.
Monitoring and Managing the ATX 4-22
CHAPTER 5 FILTERS One of the most significant features of the ATX is its powerful userconfigurable filtering capabilities. Flexible filtering is useful for implementing security measures and improving network performance. For some applications, filtering capabilities may be so important that they are the primary reason for using a bridge. A filter is an instruction to the ATX to screen packets based on the criteria you select. All bridges by nature filter packets; they discard local traffic.
Filters 5.1 FILTERING AND PERFORMANCE CONSIDERATIONS When filters are implemented, the ATX must process packets to determine if they should be filtered. The processing that takes place on filters can therefore exact a toll on ATX throughput (or forwarding) performance. Typically, if you are using address table filters or a small number of combination port filters, they will have little effect on performance.
Filters Detailed examples of filter applications are presented later in this chapter. (See Filtering Application Examples.) 5.3 USING FILTERS TO IMPROVE PERFORMANCE In many applications, ATX filters can be used to enhance network performance by preventing certain types of traffic which may degrade performance. A filter that defines logical barriers to protect a network segment or segments from conditions that may degrade network performance is referred to as a firewall filter.
Filters but it is not a filter. Multicast storm protection is described in Chapter 3, Configuring Multicast Storm Protection. 5.4 ADDRESS TABLE FILTERS The simplest type of filters are address table filters. These filters use the Bridge Address Table to screen local traffic. To make highly efficient address filtering possible, the ATX address table includes filter flags.
Filters to filter (ON) or not filter (OFF) packets from the specified address. With the address table entry shown in Table 5-1, you could use any of the three types of address table filtering which are described in the sections that follow: • Destination address filter • Source address filter • Source address multicast filter 5.4.1 Destination Address Filter A destination address filter may be used to discard all traffic destined to a specific MAC address.
Filters An example of a source address filter is shown in Table 5-3. For illustration purposes, this example uses the same format as the address table entry shown previously. The actual format used for configuring filters depends on the NMS you use. Table 5-3.
Filters designated MAC address will be filtered. Multicast packets are those destined for more than one address (using a multicast destination address). This is useful for preventing broadcast traffic from a particular station. Table 5-5.
Filters port filters are described in the next section. The ATX allows you to implement up to 100 combination port filters (total, for all connected ports). Combination port filters may be logically linked to one another as described previously in the AppleTalk example. Each combination port filter generates statistics when invoked, and thresholds can be set to trigger alarms to the NMS. 5.5.
Filters • Pseudo – allows you to create a pseudo filter to monitor traffic patterns without discarding packets. • And/Or – allows you to combine multiple port filters using the and/or operators to create boolean filter expressions. These options are discussed in detail in the section “Combination port filter options”. When you are adding filters, you are prompted for all of the possible field value options.
Filters Source Range Mask MAC address mask to apply to the range of source MAC addresses. ff:ff:ff:ff:ff:ff is the default. Destination Range Either NA (not applicable), True (filter the packet if the destination MAC address is within the range), or False (filter the packet if the destination MAC address is outside of the range). NA is the default. Destination Range Start Starting MAC address for the destination range of MAC addresses.
Filters Exit. NA is the default. Note: You can assign a filter to a group by entering a group number rather than a port number. You can assign a group number to specified ports using an NMS. Port group numbers start at 22. Protocol Match Either NA (not applicable), True (filter the packet if the protocol type matches), or False (filter the packet if the protocol type does not match). NA is the default.
Filters Field Origin Either IP, MAC, or SR (see Field Offset below). The origin is the field from which the offset count starts. IP is the default. Field Offset The decimal offset of the portion of the packet (as stored in canonical format) to be examined. If the origin is IP, then the offset is relative to the end of the IP Header (an offset of zero indicates the portion immediately following the end of the IP Header).
Filters Values greater than 3600 (one hour) are not valid; a value of zero indicates that no alarms should be generated. Zero is the default. Threshold Number of occurrences allowed within the specified threshold time; occurrences above this number cause an alarm to be generated. (The ATX’s configAlarmDynamic MIB parameter must be set.) Zero is the default. Filter Index Filter number for this filter. For example, a value of one indicates that this is the first filter in the filter table.
Filters • Monitoring traffic patterns as an aid in determining optimum network design, usage policies, etc. • Monitoring potential security threats. • Evaluating security policies. Values: either Yes (don’t filter the packet; just count the packet for statistical purposes) or No (filter the packet if it meets the filtering criteria). Yes is the default.
Filters Note: If you are adding a filter to be used in conjunction with another filter and they must be ordered sequentially, use the filters display command to find the index number of the existing filter. Complete the following steps to add a filter or pseudo filter to a port. To accept a default value, just press Return: 1. Type: filters add 2. Enter the port number. 2 is the default.
Filters 6. Enter the first MAC address in the source range. 7. Enter the last MAC address in the source range. 8. Enter the source range MAC address mask. ff:ff:ff:ff:ff:ff is the default address mask. If ff:ff:ff:ff:ff:ff is the mask you want to use, you don’t need to enter anything. If you want to use a different mask, enter that value. 9. Select whether the filter will use a destination range of MAC addresses. NA, is the default; meaning the filter will not use a destination range.
Filters 14. Enter the protocol type to match. 15. Select whether the filter will use a field match. NA is the default. You don’t need to enter anything if you are not using a field match. If you are not using a field match, go to Step 20. If you are using a field match type either: True – Filter the packet if the masked value matches. False – Filter the packet if the masked valued does not match. 16. Enter the field origin. 17. Enter the field offset. 18. Enter the field value. 19. Enter the field mask.
Filters If you want the filter to have another index number, enter the value you wish to use. LCM displays the filter you have just entered and prompts you whether you want to save it. Enter y (Yes) to save the filter or n (No) to cancel it. If you save the filter, it is redisplayed. 5.7 MODIFYING A FILTER You can make changes to filters that you have already set up. You modify a filter in much the same way as you add a filter. LCM prompts you through each field.
Filters 5.9 DISPLAYING A FILTER To display a filter complete the following steps: 1. Type: filters display. LCM prompts you for the port number. 2. Enter the port number.
Filters • Using a firewall filter to prevent problems and enhance performance. For each application example, the situation is described first, and the objective to be accomplished is explained. Then, how the objective would be accomplished using the ATX is explained in general terms. In these examples, single letters are used to represent MAC-layer addresses. Real MAC addresses consist of a string of numbers, (22:14:15:4:5:6). Note: The way that you configure filters will depend on the NMS you use.
Filters Server Server FDDI Backbone LAN 12 B ps RE NMS PORT T SE Gb LY PP 6 1. SU PP LY A TM SU PO W ER EN GI STAT TU NE US RB ST O AT ST US AT US ATX FastNET ATX PACKET PROCESSING ENGINE POWER OCTAL IEEE 802.
Filters packets from Accounting destined for Engineering (LAN 4 to LAN 3). Each filter includes: • The source LAN or port number • The destination port • Match flags The filters are constructed as follows: • Filter 1: Identifier is port 4 as a destination Fields are source LAN = 3, Match • Filter 2: Identifier is port 3 as a destination Fields are source LAN = 4, Match Any packet whose source is LAN 4 and destination is Port 3 will be filtered.
Filters NMS PORT Accounting B ps LY 1. RE SE T Gb PP 6 PP LY A TM SU PO FastNET ATX SU Manufacturing W ER EN GI STAT TU NE US RB ST O AT ST US AT US ATX PACKET PROCESSING ENGINE POWER OCTAL IEEE 802.3 / ETHERNET 10BASE-T SEGMENT 1X 2X 3X 4X 5X 6X 7X 8X LINK PROC ACT COL 1 2 3 4 5 6 7 8 OFFLINE LAN 1 PWR LAN 2 QUAD IEEE 802.
Filters • Filter fields – destination address F-H (range, match) source LAN = 1 (match). Note that a Match flag is specified for both fields; this instructs the ATX to filter any packets which match both fields (traffic from LAN 1 and to addresses F-H on LAN 2). Several methods are available to accomplish this.
Filters Example 3 — Restricting access to authorized users The example, shown in Figure 5-3, is very similar to the previous example. The difference is that access to stations F, G, and H will not be denied to all LAN 1 users. Instead, only authorized users on LAN 1 will be able to access the sensitive-data computers, stations F, G, and H on LAN 2. RE LAN 1 NMS PORT T SE A B ps LY LY Gb 1.
Filters all traffic that does not match both fields. All packets destined for the restricted computers (F, G, or H) will be filtered unless the source address is the address of an authorized user (B, C, or D). Only authorized users will be able to access stations F, G, or H on LAN 2. Note that the ATX is not storing information designed to identify restricted devices or authorized or unauthorized users.
Filters Note: In order for this trap to work, you must have ConfigAlarmDynamic set and your NMS must be able to process traps from the ATX. Example 5 — Configuring a firewall filter to control multicasts To optimize network performance, you can configure filters to reduce multicasts (packets broadcast to multiple destinations). Furthermore, you can prevent multicasts of packets of a particular protocol type. In this example, four LANs are interconnected by an ATX (Figure 5-4).
Filters This filter is configured as follows: • Filter identifier – port number of the port attached to LAN 4 as a destination • Filter fields – protocol type = AppleTalk I, match source LAN = LAN 1, match destination address = 01-00-00-00-00-00 with mask 01-00-00-00-00-00, match This filter will block AppleTalk multicasts (or all AppleTalk traffic if the destination address field is omitted) from LAN 1 to LANs 2 and 3, yet AppleTalk I traffic to LAN 4 will be permitted (because LAN 4 is not specified for
CHAPTER 6 TRAPS The ATX sends trap PDUs to an SNMP Manager, using a preconfigured SNMP Manager IP address. (See configNMSAddress in the ATX MIB Reference Guide). If no address has been pre-configured, then the ATX sends the traps to the source IP address of the last SNMP datagram received from an SNMP Manager. If no address has been pre-configured, and if no datagrams have been received since the ATX was booted, then the ATX uses the broadcast IP address.
Traps for one of the debugging attributes; those PDUs must always provide the configAnyPass. • egpNeighborLoss (5) – Not used by the ATX. • enterpriseSpecific (6) – The ATX is reporting some interesting information, which is contained in the variablebindings portion of the PDU.
Traps 6.2 ATX UNIQUE TRAP IDS The ATX possesses unique trap IDs which allow a SNMP Manager (Spectrum Element Manager, Spectrum) to have more control over SNMP Traps. Each trap is given a unique Trap ID, which gives detailed information about the trap and why it was sent. This also gives you the ability to select the traps you want generated and the traps you want to suppress. • Tempok (1) - Sent whenever the module’s temperature transitions from too hot to okay, and vice versa.
Traps • trunkState (10) - A trunking state change transition has occurred. The possible transitions are: • CLOSED - ONEWAY • ONEWAY - PERTURBED • PERTURBED - JOINED • JOINED - HELDDOWN • CLOSED - HELDDOWN • ONEWAY - HELDDOWN • PERTURBED - HELDDOWN trunkBridgeAddr (11) - The associated trunking MAC address of the bridge ID of the remote bridge has changed. trunkIPAddr (12) - The associated trunking IP address of the remote bridge has changed. trunkError (13) - An error has occurred in trunking.
Traps topChangeEnd (20) - The spanning tree topology has stopped changing. ifErrors (21) - Sent whenever the number of hardware errors in received and transmitted packets has exceeded the port's limit. stRootID (22) - The spanning tree root bridge ID for the unit has changed. stRootCost (23) - The unit's spanning tree cost to the root bridge has changed. stRootPort (24) - The unit's spanning tree root port has changed. stMaxAge (25) - The unit's spanning tree maximum age has changed.
Traps fddimibSMTCFState (200) - Sent whenever the FDDI port's CFM state has changed.The fddimibPORTMACIndicated (one or two instances, depending upon whether the FDDI connection is a SAS or a DAS) is also included. fddimibMACUpstreamNbr (201) - Sent whenever the FDDI port's upstream neighbor has changed. configPowerAc1 (202) - Sent whenever the AC input to the unit's first power supply transitions from on to off, and vice versa.
Traps sfddiOBSFuseBad (212) - Sent whenever the fuse to the FDDI port's optical bypass becomes bad, or switches from bad to good. sfddiStationState (213) - Sent whenever the FDDI port's Station State has changed. swanActualSpeed (214) - The actual line speed of the WAN port has changed. fddismtUpstreamRsp (215) - The upstream neighbor of the requested FDDI device has been learned. hwFatalErr (216) - Sent whenever a module dies unexpectably.
Traps eePromReconfig (230) - The unit's EEPROM has been reconfigured. maxNextHop (231) - Maximum number of next hops reached. ripBadNet (232) - RIP received with wrong local network number. routeAgeOut (233) - Route aged out. sipxSAPAgeOut (234) - IPX service aged out. ipUnknownDest (235) - IP packet to unknown destination received by host. pppLinkOpen (236) - PPP link to open pppLinkClose (237) - PPP link to close. pppNeighborIpAddrChange (238) - PPP neighbor IP address change.
-9
Traps 6-10
CHAPTER 7 DIAGNOSTICS AND TROUBLESHOOTING The main topics covered in this chapter are: • Power-up diagnostics • Diagnostics while the ATX is operational • Status and activity indicators (LEDs) • Troubleshooting 7.1 DIAGNOSTICS OVERVIEW The ATX incorporates several built-in diagnostic and testing capabilities which are convenient to use and cause minimal or no disruption to the operational network. These capabilities are effective for isolating problems within the ATX.
Diagnostics and Troubleshooting • Power-up • Reset using the front panel reset button • Reset via the NMS (a soft reset) • Automatic reset occurs in response to a non-recoverable failure The power-up diagnostics test processors, memory, and other critical components on all ATX modules. Power-up diagnostics also verify proper interaction between all system modules. The processors on the PPE are tested first, and then each of the interface modules is tested in order (from top to bottom of the unit).
Diagnostics and Troubleshooting modules are on for approximately 3 seconds. b. The ENGINE STATUS LED on the PPE begins to flash. c. The ENGINE STATUS LED continues to slowly flash while the remaining modules are running power diagnostics. d. The TURBO STATUS LED stays on for approximately 3 seconds; then it flashes. 3. After the last interface module has completed its power-up diagnostics the Packet Processing Engine's ENGINE STATUS LED will stay on solidly. 4.
Diagnostics and Troubleshooting 7.2.3 Software Checksum Comparison When the ATX reboots, its operational software is verified by a checksum comparison before it is loaded. If the software fails the checksum test due to an aborted new software distribution procedure, the ATX will automatically use its backup version of software. (A backup version of software is always stored in nonvolatile memory.) The operational parameters of the ATX software are also protected by a checksum comparison.
Diagnostics and Troubleshooting Failure Indicators If an FDDI or Ethernet module has failed, its front panel STATUS LED will be off. NMS Failure Traps As each module completes its power-up diagnostics, it saves information on any detected failures. These results are passed to the NMS when the power-up diagnostics are completed (assuming the ATX is operational). The results sent to the NMS indicate which component has failed. 7.
Diagnostics and Troubleshooting loopback tests, the ATX creates LLC Type 1 test packets for LANs, and PPP echo-request packets for WANs and UARTs. Both types of loopback tests can be initiated by the NMS, and test results are reported to the NMS. Refer to the ATX MIB Reference Guide for the MIB variables. 7.3.2 Diagnostic Results ATX diagnostic results are indicated in two ways: • By observing the front panel LEDs. • By reading NMS trap messages.
Diagnostics and Troubleshooting Table 7-1. Meaning Of ATX LEDs LED Meaning POWER STATUS On – Power is on and the voltage is within the acceptable range. ENGINE STATUS On – Packet Processing Engine is ready for operation. Blinking – A module is overheating. TURBO STATUS On – Turbo (a key packet processing component on the Packet Processing Engine) is ready for operation. POWER SUPPLY A On – Power supply A is generating sufficient voltage for the ATX to operate.
Diagnostics and Troubleshooting S US US TU AT AT TA ST ST S E O ER IN W G RB PO TU EN Layer 1 Y PL P SU A Y PL ON if redundant Packet Processing Engine FDDI modules (3F00-01, 3T05-04 and 3F55-01) B P SU C P RU RA RX W O PR TH RING A RING B TX PWR RX ST Proc TX 16 Power LINK RX Proc COL TX Power Token Ring modules (3T02-04 and 3T01-04) (16 LED ON if set for 16Mbps ring speed) Ethernet modules (3E02-04 and 3E08-04) 10BASE-T or 10BASE-FL Fast Ethernet modules (3H08-04, 3H02-04 and
Diagnostics and Troubleshooting Because every situation is potentially unique and may involve unique external factors, the corrective actions suggested here should be considered as guidelines only. 7.5.1 ATX Does Not Power Up If your ATX does not power up, check each one of the following; if it still doesn’t power up, contact Cabletron Systems Technical Support. • Make sure the power source is operational. • Make sure the power cord is securely connected. • Make sure the power supply switch is on.
Diagnostics and Troubleshooting • Check for loose port connections. Check all connectors to the modules (especially twisted pair connectors, which may be fragile). • Check to make sure all the modules are firmly connected; check all the screws are fully tightened. • Number of carrier losses is increasing. This indicates that the transceiver is not present or the transceiver's 10BASE-T connection is suspect. Check the transceivers to ensure they are firmly connected.
Diagnostics and Troubleshooting • Check that a pathway to the ATX exists (intermediate bridges and routers are functioning). • Verify ATX’s IP addresses, one at a time using LCM. • Verify values of configNMSAddress, configAnyPass, and/or configGetPass.
Diagnostics and Troubleshooting 7-12
CHAPTER 8 ADDING/SWAPPING MODULES AND MAINTENANCE The ATX configuration may include a total of five interface modules in various combinations. This means any configuration that does not use all five interface slots may be expanded by installing additional interface modules. Install the additional interface module in any vacant interface slot. Caution: Observe all Electrostatic Discharge (ESD) precautions before handling the ATX.
Adding/Swapping Modules and Maintenance 4. Loosen the screws at each end of the panel that covers the interface slot and remove the protective panel. 5. Gently slide the module into the plastic guides in the module slot until it is completely inserted. 6. Push the module firmly into place to fully engage the connectors at the back of the module with the backplane at the rear of the ATX chassis. 7. Tighten the screws on each side of the module's front panel. 8.
Adding/Swapping Modules and Maintenance 3. Remove the installed interface module by pulling gently but firmly on the “ears” at the ends of the module's front panel. 4. Gently slide the new module into the plastic guides in the module slot until it is completely inserted. 5. Push the module firmly into place, as far as it will go, to fully engage the connectors at the back of the module with the backplane at the rear of the ATX chassis. 6.
Adding/Swapping Modules and Maintenance 1. Disconnect the power cord from the ATX. 2. Pull the small plastic fuse drawer below the power input connector directly outward. 3. Remove and replace the fuse. Caution: For continued protection against fire hazard, replace only with 250V slow-blow 6.3 amp fuses. 4. Push the fuse drawer back into the power input filter housing until it snaps into place. 8.3.2 Fan Filters Each ATX comes equipped with three fans located in the back of the unit.
Adding/Swapping Modules and Maintenance supply into the chassis at an angle, or if you position the power supply above the tabs shown in Figure 8-1, you risk short circuiting the PPE board. Power supply must be under these tabs PSA PSB Power supply must rest on this support shelf Figure 8-1. Chassis With Power Supply A Positioning Tabs And Supporting Shelf Indicated To replace the power supply in slot A (the top slot): 1. Turn power switch on Power Supply A (PSA) off. 2.
Adding/Swapping Modules and Maintenance 4. Slide the new power supply straight into the chassis under the tabs shown in Figure 8-1. The power supply should be placed as shown by the dotted line rectangle in Figure 8-2. 5. Tighten the two screws that hold the power supply into the chassis. 6. Turn the PSA power switch on . PSA PSB Figure 8-2.
APPENDIX A SPECIFICATIONS FOR THE ATX A.1 PACKET PROCESSING ENGINE Dual AMD 29000 RISC processors 4 MB FLASH memory 8 MB main memory 2 MB shared memory 128 KB configuration memory 1.6 Gbps internal bandwidth A.2 STANDARDS COMPLIANCE A.2.1 Protocols • ANSI FDDI X3T9.5 (SMT 7.3/MAC-2) • IEEE 802.1d, 802.2, 802.3, 802.5, 802.5m • RFCs for IP, UDP, ICMP, ARP, PPP, RARP, Proxy ARP, RIP, IP packet fragmentation (791), MIB II (1213), SNMP A.2.2 Switching Modes • Transparent Bridging, 802.
Specifications For The ATX A.2.3 Local Routing • IP Routing (RIP) • AppleTalk Routing • IPX Routing (RIP, SAP, Diagnostic) • IP Multicast Support (DVMRP) A.2.4 Interfaces • EIA • RS-232C A.3 PHYSICAL (BASE UNIT) Height 7.0 in. (17.78 cm) Width 16.8 in. (42.67 cm) Depth 18.0 in. (45.72 cm) Weight 31.25 lb. (14.20 kg) Installation options Tabletop or rack-mount A.4 PHYSICAL (POWER SUPPLY) A-2 Height 2.6 in. (6.60 cm) Width 6.7 in. (17.02 cm) Depth 14.6 in. (37.08 cm) Weight 7 lb. (3.
Specifications For The ATX A.5 ELECTRICAL Input voltage Auto-ranging from 100 to 120 or 200 to 240 Vac Frequency 47 to 65 Hz AC power 380 W Maximum AC Current Requirements 4 amps – 100 to 120 Vac 2 amps – 200 to 240 Vac A.6 ENVIRONMENTAL Operating temperature 5˚ C to 40˚ C (41˚ F to 104˚ F) Relative humidity 0% to 95%, non-condensing Storage temperature -30˚ C to 90˚ C (-22˚ F to 194˚ F) A.7 SLOTS I/O module slots Five A.
Specifications For The ATX Power supply B Reset A.10 SOFTWARE LOADING FLASH memory via TFTP A.11 ADDRESS TABLE SIZE 8,192 dynamic (learned) entries default, expandable to 16,384 A.12 CERTIFICATION A-4 Safety UL 1950, CSA C22.2 950, EN 60950, and IEC 950 Emission FCC Part 15 Class A, EN 55022 Class A, and VCCI Class I.
APPENDIX B PACKET TRANSLATION PROCEDURE Since the ATX is a multi-media unit, packets are converted from the different media into a standard canonical format. The Offset field for the filters command refers to the canonical format packet. The exact translation procedure is defined by RFC 1188 and RFC 1042, except for the encapsulation of Ethernet AppleTalk packets which uses Protocol ID of 00-00-F8 instead of all zeros. For further information, refer to the RFCs, or to the figures which follow.
Packet Translation Procedure DA (big endian) SA (big endian) dsap ssap control protocol ID data or frame type more data more data Figure B-2.
Packet Translation Procedure header IP version length identification TTL total length service type flags fragment offset protocol checksum source IP address Ethernet Frame destination IP address padding (if necessary) IP options (if any)... Figure B-3. IP Header (After Canonical Packet Format) UDP source port UDP destination port UDP message length UDP checksum Figure B-4.
Packet Translation Procedure source port destination port sequence number acknowledgment number header reserved plus length code bits options (if any)... window padding (if necessary) Figure B-5.
APPENDIX C NULL MODEM CABLE PINOUTS To connect LCM you need to insert a null modem cable at either the terminal end or the ATX port end. The null modem cable can be either a female DB25 or DB9 straight-through serial cable. Pinout information is provided in Figure C-1.
Null Modem Cable Pinouts C-2
APPENDIX D GLOSSARY 4B/5B Primary data encoding scheme used for FDDI. AARP (AppleTalk Address Resolution Protocol) AppleTalk ARP performs network address to datalink address mapping on Ethernet, Token Ring, and FDDI ports. This facility is similar to IP ARP with the additional capability to probe for active addresses as described in the address acquisition section. address A set of characters that uniquely identifies a station, peripheral device, node, or other unit in a network.
Glossary agent Network management software that runs within a managed network device. alarm See trap. ANSI American National Standards Institute – One of several organizations that establishes standards which apply to internetworking and bridging. ARP address resolution protocol – An auxiliary protocol of the IP layer used to perform dynamic address translation between MAC addresses and internet addresses. Converts IP addresses to MAC addresses.
Glossary attenuation The amount of power (or light) lost as power travels through a medium, from the transmitter to the receiver. Difference between transmitted and received power, in decibels (dB). AUI (attachment unit interface) A standard connector type used for Ethernet connections. backbone The major, central transmission path for a network. A backbone usually handles high-volume, high-density traffic. Typically a backbone connects various LANs into an integrated network.
Glossary BPDU (bridge protocol data unit) A data unit transmitted as part of the IEEE 802.1d Spanning Tree Protocol. The exchange of BPDUs allows bridges within a network to logically configure the network as a single spanning tree. bps (bits per second) The basic unit of data communications rate measurement. bridge An intelligent, protocol independent device used to connect similar or dissimilar LANs. bursty Adjective used to describe sporadic heavy volumes of network traffic (e.g., bursty traffic).
Glossary combination port filter A filter which may include several configurable fields and may be used to filter bridge traffic in a very specific manner. concentrator A device that provides attachment points for stations that are not connected directly to an FDDI dual ring. The concentrator is connected directly to the network; the stations connect to the concentrator. congestion A condition where a portion of the network is overloaded with more data than can be transmitted in the desired time period.
Glossary DAS (dual attachment station) An FDDI station connected to both the primary and secondary rings. data link layer Layer 2 in the OSI model. Defines frame construction, addressing, error detection and other services to higher layers. datagram Abbreviated and connectionless single-packet message sent from one station to another. data rate (or speed) The maximum number of bits of information that can be transmitted per second.
Glossary downstream from another station if it receives the token or data after the other station receives the token or data. dual homing A method of connecting concentrators and stations that permits an alternate or backup path to the dual ring in case the primary connection fails. dynamic address An address “learned” by the bridge as opposed to addresses that are manually entered into the bridge's address table. The bridge “learns” addresses by reading them from the data packets it processes.
Glossary entity An active element within an Open Systems Interconnection (OSI) network layer or sublayer. Ethernet input/output module The ATX component which accepts and sends data packets to and from a connected Ethernet network. extended LAN A collection of LANs interconnected by protocol-independent bridges.
Glossary filtering rate A measure (in packets per second) of a bridge's efficiency in examining each frame, comparing it with an address table, and then deciding whether to discard the frame or forward it. forwarding rate The rate (in packets per second) at which a bridge can receive a stream of packets from one network segment, complete all processing, and transmit the packets to another network segment.
Glossary ICMP (Internet control message protocol) An auxiliary protocol of IP used to convey advice and error messages about events in the IP layer. IEEE (Institute of Electrical and Electronic Engineers) International professional society which issues networking and other standards. The IEEE created the 802 family of LAN standards. IEEE 802.2 The data link layer standard; used with IEEE 802.3, 802.4, and 802.5. IEEE 802.
Glossary initialization Transition of a device or network from startup state to operational state. intelligent bridge A bridge that is able to identify source and destination addresses. internet A large communications infrastructure composed of wide and local area networks. A generic reference to a network built using internetworking technology. Internet A large collection of connected networks which use TCP/IP.
Glossary module. I/O See input-output module. IP (Internet protocol) IP is the basic datagram protocol used at the network layer of the TCP/IP stack. ISO (International Standards Organization) An organization that creates, controls and publishes standards. jitter Clocking deviation on a network. Kbps (kilobits per second) 1,000 bits per second. LAN (local area network) A network that interconnects a variety of devices (computers, printers, servers, etc.) within a limited geographical area.
Glossary LLC (logical link control) A part of the data link layer of the OSI model that defines the transmission of a frame of data between two stations (with no intermediate switching nodes). LMA (local management agent) Software running on a network device to control the device in terms of network management functions. local traffic Traffic within a given network segment. logical ring The circular path a token follows in an FDDI network.
Glossary Mbps (megabits per second) 1 million bits per second. MIB (management information base) A collection of objects unique to a specific device that can be accessed via a network management protocol. The ATX has its own MIB. MIC (media interface connector) Optical fiber connector type used for ATX bridge FDDI port. A MIC consists of two parts: the MIC plug, which terminates the optical fiber cable, and the MIC receptacle on the FDDI node or station.
Glossary router on each of those networks. The destination router(s) then multicasts a lookup request on the destination network. A response is then returned by an end-node in a directly addressed packet. Note that wildcards are allowed to enable the chooser to display all objects of any given type. network Interconnected computer systems, terminals, and data communication facilities. A network must have at least three endpoints and may have any number of links and nodes.
Glossary optical transmitter A circuit that converts an electrical signal to an optical signal. OSI (Open Systems Interconnection) Refers to the OSI reference model, a logical structure for network operations. OSI is the internationally accepted framework of standards for internetwork communication. packet A group of bits including data and control elements arranged in a specific format that are transmitted and switched as a composite whole.
Glossary requirements and the encoding of data for transmission. physical layer Layer 1 of the OSI model. Defines and handles the electrical and physical connections between systems. PMD (Physical Layer Medium Dependent) FDDI standard that defines the medium and protocols used to transfer symbols between physical layer protocols. power budget The difference between transmit power and receiver sensitivity, including any safety margins.
Glossary protocol suite A group of protocols related to a common framework. RARP (reverse address resolution protocol) A protocol that translates MAC addresses to IP addresses. ring A network of stations that uses a circular logical topology. Data is passed from station to station, for examination or copying, and is finally returned to the originating station, which removes the data it transmitted from the network.
Glossary network and master (M) ports for the attachment of stations or other concentrators. SAS (single attachment station) An FDDI station that uses only one connection (an S port) for connection to the FDDI ring. segment When two or more networks are interconnected to form an internetwork, the original networks are referred to as segments. service A set of functions offered to a user by a provider.
Glossary opposed to those automatically “learned” by the bridge). STP (spanning tree protocol) A protocol which ensures that only one path will be used between two devices; prevents active loops (multiple paths to devices) by closing certain paths. With STP operating, a redundant link serves as a backup link only if a normal path fails. symbol The smallest signaling element used by the MAC sublayer. Each symbol corresponds to a specific sequence of code bits to be transmitted by the physical layer.
Glossary transmit. token ring Local area network access mechanism and topology in which a supervisory frame (the token) is passed from station to station. Stations wishing to gain access to the network wait for the token to arrive before transmitting data. topology The arrangement of devices and cables that make up a network. translating bridge A bridge that can pass data between LANs that use different protocols.
Glossary TTRT (target token rotation time) A time defined for tokens to travel around an FDDI ring; used to synchronize the clocking of traffic on the ring. UDP (user datagram protocol) A TCP/IP protocol for the connectionless transport layer. upstream Refers to the relative position of a station in a ring or network to another station in the same ring or network. A station is upstream from its neighbor if it receives the token or data before its neighbor receives the token or data.
Glossary groups must consist of ports with all the same underlying link type. WAN (wide area network) A communication network that spans a large geographic area. ZIP (Zone Information Protocol) In the AppleTalk routing protocol, ZIP is used to disseminate zone information from routers to end nodes and between routers. End nodes ask for their zone on start-up and a global list of available zones each time someone opens the Chooser.
Glossary D-24
APPENDIX E BIG ENDIAN TO LITTLE ENDIAN CONVERSION The chart below provides the bit swap values and a conversion formula. Table E-1.
Big Endian To Little Endian Conversion 1. First, swap the big endian bits, use the conversion chart to find the equivalent values. For example: 00 00 F6 09 47 88 00 00 6F 90 74 88 2. Now that you have the bits swapped, use the conversion chart to find the equivalent values. For example: 0=0 6=6 F=F 9=9 7=E 4=2 8=1 So the little endian equivalent is 00 00 6F 90 E2 11.
INDEX A adding filters 5-15 IP addresses 3-6 IPX addresses 3-13 address classes, IP 3-5 Address Resolution Protocol.
Index bridging functions 3-5 IP routing 3-12 IPX routing 3-15 ports 4-18 displaying baud rate 4-20 bridge functions 3-4 ES/1 status 4-13 filters 5-19 IP addresses 3-7 IP routing functions 3-12 IPX addresses 3-13 IPX routing functions 3-15 MAC addresses 4-15 manufacturing information 4-17 configurable fields 5-8 deleting 5-18 displaying 5-19 enhancing performance 5-3 examples of 5-19 firewall, example 5-27 modifying 5-18 performance considerations 5-2 security example 5-20 security uses 5-2 type field defi
Index L P LCM connecting 2-10 description of 1-39 LCM command syntax 1-40 LED sequence normal operation 7-6 power-up 7-2 LEDs, front panel meaning 2-2 Local Console Manager.
Index Service Advertising Protocol.