VERTICAL HORIZON VH-2402-L3 FAST ETHERNET SWITCH MANAGEMENT GUIDE 9033691-01
ii VH-2402-L3 Management Guide
Notice Only qualified personnel should perform installation procedures. NOTICE Enterasys Networks reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice.
Table of Contents Before You Start.................................................................... 1 General Deployment Strategy............................................... 1 VLAN Layout ......................................................................... 2 Assigning IP Interface Addresses and Subnet Masks to VLANs ................................................................................... 3 Defining Static Routes...........................................................
Notice Layer 3 Multicasting.............................................................53 Setup IP Multicast................................................................54 Multicast Interface Configuration .........................................54 IGMP Interface Configuration ..............................................56 DVMRP................................................................................59 PIM-DM................................................................................
DVMRP Routing Table...................................................... 108 Load Factory Defaults ....................................................... 108 Reboot............................................................................... 110 SNMP ................................................................................ 112 Authentication ................................................................... 112 Traps ...............................................................................
Notice TCP/IP ...............................................................................150 Packet Headers .................................................................151 TCP....................................................................................151 IP .......................................................................................153 Ethernet .............................................................................154 TCP and UDP Well-Known Ports ...........................
1. Configuring the Switch Using the Console Interface The VH-2402-L3 supports a console management interface that allows the user to connect to the switch’s management agent via a serial port and a terminal or a computer running a terminal emulation program. The console can also be used over the network using the TCP/IP TELNET protocol. The console program can be used to configure the switch to use an SNMP-based network management software over the network.
1. Determine how the network would be best segmented. This is probably done using VLANs in an existing layer 2 switched network. 2. Develop an IP addressing scheme. This involves allocating a block of IP addresses to each network segment. Each network subnet is then assigned a network address and a subnet mask. 3. Determine which network resources must be shared by the subnets. Shared resources may be connected directly to the Layer 3 switch, if need be.
configured with a bit more care. Layer 3 VLANs (VLANs that have an IP interface assigned to them) can be thought of as network links – not just as a collection of associated end users. Further, Layer 3 VLANs are assigned an IP interface address and subnet mask to enable IP routing between them. IEEE 802.1Q VLANs must be configured on the switch before they can be assigned IP interface addresses or subnet masks. Further, the static VLAN configuration is specified on a per port basis.
Connecting to the Switch The console interface is used by connecting the Switch to a VT100-compatible terminal or a computer running an ordinary terminal emulator program (e.g., the Hyper Terminal program included with the Windows operating system) using an RS-232C serial cable. Your terminal parameters will need to be set to: • VT-100/ANSI compatible • 9,600 baud • 8 data bits • No parity • One stop bit • No flow control You can also access the same functions over a TELNET interface.
4. Items in UPPERCASE are commands. Moving the selection to a command and pressing Enter will execute that command, e.g. APPLY, etc. The APPLY command makes the configuration active for the current session only. If the switch is rebooted, the unsaved changes will be lost and the last configuration saved to Non-Volatile RAM will be loaded into the switch. Use Save Changes from the main menu to enter the current configuration into the switch’s Non-volatile RAM.
Figure 1-1. Initial Console Screen The factory default Username is “admin”, there is no factory default password. Enter “admin” for the Username and leave the Password field blank to access the console initially.
Enter the factory default username (“admin”) and leave the Password field blank. Press Enter and Access will be given to the main menu, as shown below: Figure 1-2. Main Menu The first user automatically gets Root privileges (See Table 1-1). It is recommended to create at least one Root-level user for the Switch.
Figure 1-3. Main Menu Figure 1-4. Setup User Accounts Menu User Accounts Management From the Main Menu, highlight Setup User Accounts and press Enter, then the Setup User Accounts menu appears. 1. Toggle the Action:< > field to using the space bar. This will allow the addition of a new user. The other options are - this allows the deletion of a user entry, and - this allows for changes to be made to an existing user entry. 2.
the new user should have , , or privileges. The space bar toggles between the three options. 3. Highlight APPLY and press enter to make the user addition effective. 4. Press Esc. to return to the previous screen or Ctrl+T to go to the root screen. 5. APPLY makes changes to the switch configuration for the current session only. All permanent changes must be entered into non-volatile ram using the Save Changes command on the Main Menu.
Saving Changes Selecting APPLY from a console menu makes the configuration effective for the current session only. The configuration data will be lost if the switch is restarted. To make the configuration effective after a switch restart, select Save Changes to enter the configuration into non-volatile (NV-RAM). The VH-2402-L3 has two levels of memory; normal RAM and non-volatile or NV-RAM. Configuration changes are made effective by highlighting Apply and pressing Enter.
To retain any configuration changes permanently, highlight Save Changes from the main menu. The following screen will appear to verify that your new settings have been saved to NV-RAM: Figure 1-6. Save Changes Confirmation Screen Once the switch configuration settings have been saved to NV-RAM, they become the default settings for the switch. These settings will be used every time the switch is rebooted.
Highlight Reboot from the Main Menu and press Enter. Figure 1-8. System Reboot Menu To execute a factory reset, highlight either Reboot & Load Factory Default Configuration or Reboot & Load Factory Default Configuration Except IP Address and press enter. A confirmation screen will appear. Highlight Yes and press Enter to reset the switch’s NV-RAM to the factory default settings.
Updating or Deleting User Accounts To update or delete a user password: Choose Setup User Accounts from the Main Menu. The following Setup User Accounts menu appears: Figure 1-9. User Accounts Management menu 1. Toggle the Action: field using the space bar to choose Add, Update, or Delete. 2. Type in the Username for the user account you wish to change and enter the Old Password for that user account. 3. You can now modify the password or the privilege level for this user account. 4.
7. You must enter the configuration changes into the nonvolatile ram (NV-RAM) using Save Changes from the Main Menu if you want the configuration to be used after a switch reboot. Only a user with Root privileges can make changes to user accounts. Viewing Current User Accounts Access to the console, whether using the console port or via TELNET, is controlled using a user name and password. Up to eight user accounts can be created.
Deleting a User Account To delete a user account: Figure 1-11. Deleting User Accounts 1. Toggle the Action: field to Delete. 2. Enter the Username and Old Password for the account you want to delete. You must enter the password for the account to be able to delete it. 3. Highlight APPLY and press Enter to make the deletion of the selected user take effect. 4.
Setting Up The Switch Basic Setup This section will help prepare the Switch user by describing the Switch Information, IP Setup, Remote Management Setup, Configure Ports, Serial Port Settings and Switch Settings menus. Figure 1-12.
Figure 1-13. Switch Information Menu The Switch Information shows the operation mode of switch (Layer 3 or Layer 2), which (if any) external modules are installed, and the switch’s MAC Address (assigned by the factory and unchangeable). In addition, the Boot PROM and Firmware Version numbers are shown. This information is helpful to keep track of PROM and Firmware updates and to obtain the switch’s MAC address for entry into another network device’s address table – if necessary.
The IP Setup screen allows you to change the settings for the Ethernet interface used for in-band communication. The fields listed under the Current Switch IP Settings heading are those that are currently being used by the switch. Those fields listed under the Restart Settings heading are those which will be used after the APPLY button is selected. To set the switch’s IP address: Highlight IP Setup from the main menu and press Enter. Figure 1-14. IP Setup Menu The switch’s factory default IP address is 10.
Gateway:[0.0.0.0] field and enter the IP address of the gateway. If you will manage the switch from the subnet on which it is installed, you can leave the default address in this field. To use the BOOTP/DHCP protocols to assign the switch an IP address, subnet mask, and default gateway address: Toggle the Get IP From: field using the space bar to choose from Manual, BOOTP, or DHCP. This selects how the switch will be assigned an IP address on the next reboot (or startup).
a number (represented in decimal) between 0 and 255. The value should be 255.0.0.0 for a Class A network, 255.255.0.0 for a Class B network, and 255.255.255.0 for a Class C network, but custom subnet masks are allowed. • Default Gateway - IP address that determines where packets with a destination address outside the current subnet should be sent. This is usually the address of a router or a host acting as an IP gateway.
Figure 1-15. Remote Management Setup Menu Management stations are computers on the network that will be used to manage the switch. You can limit the number of possible management stations by entering up to three IP addresses in the Management Station IP Settings: field. If the three IP Address:[0.0.0.0] fields contain all zeros (“0”), then any station with any IP address can access the switch to manage and configure it. If there is one or more IP addresses entered in the IP Address:[0.0.0.
Figure 1-16. Setup Trap Recipients Menu The IP Address field is the IP address of a management station (a computer) that is configured to receive the SNMP traps from the switch. The SNMP Community String is similar to a password in that stations that do not know the correct string cannot receive or request SNMP information from the switch. The Status field can be toggled between Enabled and Disabled to enable or disable the receipt of SNMP traps by the listed management stations.
Configure Ports Highlight Configure Ports from the main menu and press enter: Figure 1-17. Configure Ports Screen Toggle the View Ports:<1 to 12 > field, using the space bar, to view the configuration of either ports 1 through 12 or ports 13 through 24. To configure an specific port, toggle the Configure Port:[ ] field until the appropriate port number appears. Toggle the State: field to either Enable or Disable a given port.
Serial Port Settings The Serial Port Settings screen allows the configuration of the switch’s serial port and out-of-band TCP/IP communications using SLIP. Highlight Serial Port Settings and press enter. Figure 1-18. Serial Port Settings Screen Toggle the Serial port setting: field to select either the Console or SLIP protocol. The following fields can then be set: Console Settings Parameter Description Baud Rate Displays the serial bit rate used to communicate with a management station.
uses 8 data bits. Stop bits Displays the number of bits used to indicate that a word has been completely transmitted. The console interface uses 1 stop bit. Auto-Logout This sets the time the interface can be idle before the switch automatically logs-out the user. The options are 2 mins, 5 mins, 10 mins, 15 mins, or Never. SLIP Settings Parameter Description Baud Rate Sets the serial bit rate that will be used to communicate the next time the Switch is restarted.
Switch Operation Mode Putting the switch in IP Routing mode does not – by itself – enable IP routing. The switch must be configured to use IP interfaces before it is capable of IP routing. The switch can operate in one of two modes: 1. Layer 2 Only, Support IEEE 802.1Q VLANs: the switching process is based upon the source and destination MAC addresses only. 802.1Q VLANs are supported and the switch is considered as a VLANtag aware device. 2. IP Routing, Support IEEE 802.
Changing the Switch Operation Mode To change the switch’s operating mode: Highlight Switch Settings on the main menu and press enter. Figure 1-19. Switch Settings Screen Highlight Switch Operation Mode on the Switch Settings menu and press enter. Figure 1-20.
The field Select switch operation mode:< > can be toggled using the space bar to one of the two switch operation modes: Layer 2 Only, Support IEEE 802.1Q VLANs and IP Routing, Support IEEE 802.1Q VLANs. To make a change in the operation mode of the switch effective, highlight APPLY and press enter. Figure 1-21. Change Mode Confirmation Screen Type y and press Enter. The switch will then save the changes made during the current session and reboot. The switch must be rebooted to change the operation mode.
Figure 1-22. Main Menu – Layer 2 Switching Mode Figure 1-23.
Screen Hierarchy The contents of the Console Interface are arranged following the structure shown in the table below. The table is arranged starting with the name of the entry on the Main Menu. The sub menus start with the name of the first menu, followed by the name of any sub-menus. The sub-menu names are indented. Some menus are available only when the switch is in IP Routing mode. These menus are shown in bold.
Network Monitoring Network Monitoring Menu Port Utilization Port Error Packets Port Packet Analysis Browse MAC Address Table GVRP Browse Router Port IGMP Snooping Switch History Save Changes Save Changes Confirmation Screen (no sub-menus) Reboot Reboot Reboot Save Configuration & Reboot Reboot & Load Factory Default Configuration Reboot & Load Factory Default Configuration Except IP Address Logout System Logout (no sub-menus) Spanning Tree Configure Spanning Tree STP Group Configuration STP Port Se
Filtering Filtering Menu Setup MAC Address Filter Setup IP Address Filter Priority Setup MAC Address Priority Mirroring Mirroring Menu Target Port Selection Port Mirroring Settings Multicasting Multicasting Menu IGMP Snooping (Layer 2 Only) Set up IEEE 802.
Layer 2 Switch Settings To access the Layer 2 Switch Settings menu, highlight Switch Settings from the Main Menu. Then highlight Layer 2 Switch Settings on the Switch Settings menu and press Enter: Figure 1-24. Layer 2 Switch Settings Menu The following fields can then be set: Parameter Switch GVRP : Description Allows the Group VLAN Registration Protocol (GVRP) to be globally Enabled or Disabled on the switch.
switch’s reaction to a Broadcast/Multicast storm. Broadcast Storm Mode: This field can be toggled between Enabled and Disabled using the space bar. This enables or disables, globally, the switch’s reaction to Broadcast storms, triggered at the threshold set above. Multicast Storm Mode: This field can be toggled between Enabled and Disabled using the space bar. This enables or disables, globally, the switch’s reaction to Multicast storms, triggered at the threshold set above.
support. Highlight VLANs from the Main Menu and press enter. Figure 1-25. VLAN Menu To create an 802.1Q VLAN, highlight Edit 802.1Q VLANs and press enter: Figure 1-26. Edit 802.
bar between Add/Modify and Delete. Add/Modify allows for the creation of a new VLAN or for changes to an existing VLAN. Delete allows for the deletion of an existing VLAN from the switch. VID# Allows the entry of the VLAN ID (VID) of an existing VLAN. VLANs can be identified by either the VID or the VLAN name. VLAN Name: Allows the entry of the name of an existing VLAN. VLANs can be identified by either the VID or the VLAN name.
unchanged. When a tagged packet exits the port, the tag is stripped and the packet is changed to an untagged packet. Tagging - specifies the port as a Tagging member of the VLAN. When an untagged packet is transmitted by the port, the packet header is changed to include the 32-bit tag associated with the PVID (Port VLAN Identifier – see below). When a tagged packet exits the port, the packet header is unchanged. T To create an 802.
If the port is attached to a device that is not IEEE 802.1Q VLAN compliant (VLAN-tag unaware), then the port should be set to U – Untagged. If the port is attached to a device that is IEEE 802.1Q VLAN compliant, (VLAN-tag aware), then the port should be set to T – Tagged. Press APPLY to make the additions/deletions effective for the current session. To make enter the IP Interfaces into Non-volatile RAM, highlight Save Changes from the Main Menu and press enter.
Highlight VLANs from the Main Menu and press Enter. Figure 1-28. VLAN Menu Highlight Configure 802.1Q Port Settings and press enter: Figure 1-29. Configure 802.1Q Port Settings Parameter Description Configure Port from [ ] to [ ] This allows the entry of a contiguous range of port numbers to be configured.
specific VLAN and is used to make forwarding decisions for untagged packets received by the port. For example, if port #2 is assigned a PVID of 3, then all untagged packets received on port #2 will be assigned to VLAN 3. This number is generally the same as the VID# number assigned to the port in the Edit 802.1Q VLANs menu above. Ingress Filter: This field can be toggled using the space bar between Enable and Disable.
Highlight VLANs on the main menu and press Enter: Figure 1-30. VLAN Menu To edit an existing 802.1Q VLAN, highlight Edit 802.1Q VLANs and press Enter: Figure 1-31. Edit 802.1Q VLANs Menu To edit an existing 802.1Q VLAN, highlight the Action: field and toggle between Add/Modify and Delete. In the Add/Modify mode, both individual entrees to a selected VLAN and entire VLANs can be added. In the Delete mode, entire VLANs can be deleted.
Name for the 802.1Q VLAN you want to edit and press enter. To delete an entire VLAN, toggle the Action: field to Delete, enter either the VID or the VLAN Name in the appropriate field and press Enter. Highlight Apply and press Enter. The selected VLAN will be deleted. To enter the change into Non-volatile RAM, select Save Changes from the Main Menu. 802.1Q VLANs are edited by specifying which ports will be Egress Members, Forbidden non-members or non-members.
keys to highlight the PVID#[ ] field and enter the PVID for the port. Use the arrow keys to highlight the remaining fields and the space bar to toggle between Enable and Disable. Setting Up IP Interfaces A VLAN that does not have a corresponding IP interface defined for it, will function as a Layer 2 Only VLAN – regardless of the Switch Operation mode. Each VLAN must be configured prior to setting up the corresponding IP interface.
Any IP address from the allowed range of IP addresses for each subnet can be chosen as an IP address for an IP interface on the switch. For this example, we have chosen the next IP address above the network address for the IP interface’s IP address: VLAN Name VID Network Address IP Address System (default) 1 10.32.0.0 10.32.0.1 Engineering 2 10.64.0.0 10.64.0.1 Marketing 3 10.96.0.0 10.96.0.1 Finance 4 10.128.0.0 10.128.0.1 Sales 5 10.160.0.0 10.160.0.1 Backbone 6 10.192.0.0 10.
Figure 1-32. Layer 3 - Main Menu Highlight Layer 3 IP Networking from the Main Menu and press enter. Figure 1-33. Layer 3 – IP Networking Menu Highlight Setup IP Interface and press enter.
Figure 1-34. Layer 3 – IP Networking Menu Toggle the Action: field to Add/Modify. Choose a name for the interface to be added and enter it in the Interface Name:[ ] field. The IP interface name must be the same as its corresponding VLAN’s name. The corresponding VLAN ID must also be entered in the VID[ ] field. Enter the interface’s IP address and subnet mask in the corresponding fields. Toggle the Active: field to yes, highlight APPLY and press enter to make the IP interface effective.
interface. Subnet Mask:[ ] This field allows the entry of a subnet mask to be applied to this IP interface. Active: This field is toggled between Yes and No using the space bar. This entry determines whether the subnet will be active or not. VID:[ ] This field allows the entry of the VLAN ID number for the VLAN the IP interface belongs to.
IGMP Snooping Settings To configure IGMP Snooping, highlight IGMP Snooping Settings from the Multicasting Menu and press Enter. Figure 1-36. IGMP Snooping IGMP Snooping can be globally enabled or disabled from the IGMP Snooping Settings menu. To configure IGMP Snooping: Toggle the Switch IGMP Snooping: field to Enabled.
Parameter Description Switch IGMP Snooping: This field can be toggled using the space bar between Disabled and Enabled. This is used to Enable or Disable IGMP Snooping, globally, on the switch. Querier State: This field can be toggled between NonQuerier, V1-Querier, and V2-Querier. This is used to specify the IGMP version (1 or 2) that will be used by the IGMP interface when making queries.
Figure 1-37. Setup IEEE 802.1Q Multicast Forwarding When the switch is in Layer 2 operating mode, IEEE 802.1Q multicast forwarding allows the static entry of multicast MAC addresses, which will be sources of multicast packets, and switch port numbers, to which these multicast packets will be forwarded.
Delete allows for the deletion of a previously made entry. Allows the specification of the VLAN ID (VID) of the VLAN the static multicast group member belongs to. VID:[ ] Multicast MAC Address:[ ] Allows the entry of the MAC address of a static multicast group member. (E/F/-): [ ][ ][ ] To set a port’s multicast group membership status, highlight the first field of.
multicast messages (IGMP) coming from the network to be propagated to the router. A router port has the following behavior: • All IGMP Report packets will be forwarded to the router port. • IGMP queries (from the router port) will be flooded to all ports. • All UDP multicast packets will be forwarded to the router port.
Action: This field can be toggled between Add/Modify and Delete using the space bar. To add a port to the static router port table, select Add/Modify and enter the VID of the VLAN the router port will belong to. Delete allows for the deletion of a previously made entry. Router Port (M/-):[ ][ ][ ] Each port can be set individually as a router port by highlighting the port’s entry using the arrow keys, and then toggling between M and – using the space bar.
Setup IP Multicast To setup IP multicasting on the switch: Highlight IP Multicasting Settings from the Multicast Menu and press Enter. Highlight Multicast Interface Configuration from the Setup Multicast Menu and press Enter. Figure 1-40. Setup IP Multicast Menu Multicast Interface Configuration To configure the multicast interface, highlight Multicast Interface Configuration and press Enter.
. Figure 1-41. Multicast Interface Configuration This menu allows the assignment of a multicast routing protocol to an IP interface. The IP interface must have been previously configured on the switch. In addition, IGMP may be enabled or disabled for the selected IP interface. The available multicast protocols are the Protocol Independent Multicast – Dense Mode (PIM-DM), and the Distance-Vector Multicast Routing Protocol (DVMRP). INACT is not a multicast routing protocol.
bar. This will enable or disable IGMP for the IP interface entered above. Protocol: This field can be toggled between Protocol Independent Multicasting – Dense Mode (PIMDM), Distance Vector Multicasting Routing Protocol (DVMRP), and INACT (inactive). INACT is not a multicast routing protocol. It is used to make a given interface inactive for IP Multicast routing yet can still route IP traffic. IGMP Interface Configuration Figure 1-42.
The Robustness Var:[2 ] field allows IGMP to be ‘tuned’ for sub-networks that are expected to lose a lot of packets. A high value (max. 255) for the robustness variable will help compensate for ‘lossy’ sub-networks. A low value (min. 2) should be used for less ‘lossy’ sub-networks. Parameter Description Interface Name:[ ] Allows the entry of the name of the IP interface that is to be configured for IGMP. This must be a previously configured IP interface.
Figure 1-43. IGMP Static Member Configuration Parameter Description Action: This field can be toggled between Add/Modify and Delete. Add/Modify allows you to enter a new IGMP Static Member into the table, or to modify an existing entry. Delete allows you to delete an existing entry. Interface Name:[ ] Enter the IP Interface name the IGMP Static Member belongs to in this field. IGMP Static Group IP:[ ] Enter the IP address of the IGMP Static Group in this field.
Total Entries: Displays the total number of entries into the switch’s IGMP Static Member table. DVMRP <> To configure DVMRP for an IP interface, highlight DVMRP Interface Configuration from the Setup IP Multicast menu and press Enter. Figure 1-44. DVMRP Interface Configuration This menu allows the Distance-Vector Multicast Routing Protocol to be configured for each IP interface defined on the switch.
DVMRP resembles the Routing Information Protocol (RIP), but is extended for multicast delivery. It relies upon RIP hop counts to calculate ‘shortest paths’ back to the source of a multicast message, but defines a ‘route cost’ to calculate which branches of a multicast delivery tree should be ‘pruned’ – once the delivery tree is established. When a sender initiates a multicast, DVMRP initially assumes that all users on the network will want to receive the multicast message.
interface. The DVMRP route cost is a relative number that represents the real cost of using this route in the construction of a multicast delivery tree. It is similar to, but not defined as, the hop count in RIP. The default cost is 1. State: This field can be toggled between Enabled and Disabled and enables or disables DVMRP for the IP interface. The default is Disabled. IP Address: Displays the IP address corresponding to the IP Interface name entered above.
Figure 1-45. PIM-DM Interface Configuration The Protocol Independent Multicast – Dense Mode (PIMDM) protocol should be used in networks with a low delay (low latency) and high bandwidth as PIM-DM is optimized to guarantee delivery of multicast packets, not to reduce overhead.
Parameter Interface Name:[ Description ] Allows the entry of the name of the IP interface for which PIM-DM is to be configured. This must be a previously defined IP interface. IP Address Displays the IP address for the IP interface named above. Hello Interval:[30 ] This field allows an entry of between 0 and 9,999 seconds and determines the interval between sending Hello packets to other routers on the network.
is Disabled. Port Mirroring To configure a port for port mirroring: Highlight Mirroring from the Main Menu and press enter. Figure 1-46. Mirroring Menu To select the target port, highlight Target Port Selection and press enter.
Figure 1-47. Target Port Selection The target port is the port where information will be duplicated and sent for capture and network analysis. This is the port where a network analyzer would be attached to capture packets duplicated from the source port. To select the source port(s) for mirroring, highlight Port Mirroring Settings and press enter. Figure 1-48.
Source Port [24] Allows the entry of the port number of the port to be mirrored. This port is the source of the packets to be duplicated and forwarded to the Target port. Direction: This field can be toggled between Either, Ingress and Egress. Ingress mirrors only received packets, while Egress mirrors only transmitted packets. Priority To configure a forwarding priority for a given MAC address, highlight Priority from the main menu and press Enter. Figure 1-49.
below is a member of. ] Allows the entry of the MAC address of the station for which priority queuing is to be specified. Priority Level: This field can be toggled using the space bar between Low, Med-L (Medium Low), Med-H (Medium High), and High, corresponding to the priority of packets sent to or transmitted from the MAC address entered above. Source/Destination: This field can be toggled using the space bar between Src. (Source), Dst.
Highlight MAC Address Filter and press enter. Figure 1-51. Setup MAC Address Filter When the switch is in Layer 2 Only operating mode, MAC addresses can be entered into the static filtering table. The switch can be configured to filter packets from this MAC address (a source), or to it (a destination). The switch can also be configured to filter all packets to or from this MAC address (either a source or a destination).
(Destination), and Either, corresponding to whether the MAC address entered above will be transmitting packets (a source), receiving packets (a destination) or both (either). Layer 3 (IP Routing) Filtering With the switch configured to Layer 3 Operation mode, both MAC and IP addresses can be entered into the filtering table, using there respective entry menus. To enter an address, highlight Filtering from the Main Menu and press enter. Figure 1-52.
Figure 1-53. IP Address Filtering Setup Parameter Description Action: This field can be toggled between Add/Modify and Delete using the space bar. IP Address:[ Allows the entry of an IP address to be filtered from the switch. ] Source/Destination: This field can be toggled between Src. (source), Dst. (destination), and Either.
Figure 1-54. Forwarding Menu – Layer 2 Highlight MAC Address Forwarding from the Forwarding Menu and press enter. Figure 1-55. Static Unicast MAC Forwarding Setup Parameter Description Action: The field can be toggled between Add/Modify and Delete using the space bar. VID:[ ] Allows the entry of the VLAN ID (VID) of the VLAN the MAC address below is a member of.
MAC Address:[ Port: [ ] ] Allows the entry of the MAC address of an end station that will be entered into the switch’s static forwarding table. Allows the entry of the port number on which the MAC address entered above resides. IP Forwarding Static/Default Routes With the switch in Layer 3 Operation mode, entries into the switch’s forwarding table can be made using both MAC addresses and IP addresses. Static IP forwarding is accomplished by the entry of an IP address into the Static IP Routing table.
Parameter Description The field can be toggled between Add and Delete using the space bar. Action: IP Address:[ Subnet Mask:[ Gateway IP:[ Metric:[1 ] Allows the entry of an IP address that will be a static entry into the switch’s IP forwarding table. ] ] ] Allows the entry of a subnet mask corresponding to the IP address above. Allows the entry of an IP address of a default gateway for the IP address above.
Parameter Description Action: The field can be toggled between Add and Delete using the space bar. Interface Name:[ The name of the IP interface the ARP entry resides on. IP Address:[ ] The IP address of the ARP entry. ] MAC Address:[ ] The MAC address of the ARP entry. Spanning Tree Switch Spanning Tree Settings To globally configure STP on the switch highlight Spanning Tree on the main menu and press Enter. Figure 1-58.
The factory default setting should cover the majority of installations. It is advisable to keep the default settings as set at the factory; unless, it is absolutely necessary to change them. Parameter Description Status: This field can be toggled between Enabled and Disabled using the space bar. This will enable or disable the Spanning Tree Protocol (STP), globally, for the switch.
voting process between switches on the network to determine which switch will be the root switch. A low number indicates a high priority, and a high probability that this switch will be elected as the root switch. The Hello Time cannot be longer than the Max. Age. Otherwise, a configuration error will occur. Observe the following formulas when setting the above parameters: Max. Age ≤ 2 x (Forward Delay - 1 second) Max.
have to correspond to any name that has been previously entered in the switch’s configuration.
Figure 1-60. STP Port Settings Toggle the View Ports:< > field to the range of ports to be configured. The Fast Ethernet ports displayed for configuration in groups of 12 and the two (optional) Gigabit Ethernet ports are displayed together. In addition to setting Spanning Tree parameters for use on the switch level, the VH-2402-L3 allows for the configuration of groups of ports, each port-group of which will have its own spanning tree, and will require some of its own configuration settings.
It is advisable to define an STP Group to correspond to a VLAN group of ports. Parameter Description View Ports:< Configure Ports:[ to [ ] Port Cost:[ Priority:[ This field can be toggled using the space bar between 1 to 12, 13 to 24, and 2526. This is used to select the range of ports displayed in the console. > ] ] ] Allows the entry of a range of port numbers to be configured. A Port Cost can be set from 1 to 65535.
Port trunking allows several ports to be grouped together and to act as a single link. This gives a bandwidth that is a multiple of a single link’s bandwidth. Port trunking is most commonly used to link a bandwidth intensive network device or devices – such as a server – to the backbone of a network. The VH-2402-L3 allows the creation of up to 6 port trunking groups, each group consisting of up of up to 8 links (ports).
Parameter Description Group ID:[1] This field can be toggled between any one of the six possible port trunking groups configurable on the switch. Port:[1] The Master port of trunk group. Group Width:[ ] Method: 9033691-01 Allows the entry of the number of contiguous ports that will make up the port trunking group. These ports will be in sequential order from the Master Port. This field can be toggled between Enabled and Disabled. This is used to turn a port trunking group on or off.
Switch Utilities Layer 2 Switch Utilities To access the Switch Utilities menu, highlight Utilities from the Main Menu and press enter. Figure 1-62. Switch Utilities Menu Trivial File Transfer Protocol (TFTP) services allow the switch firmware to be upgraded by transferring a new firmware file from a TFTP server to the switch.
Figure 1-63. Upgrade Firmware Enter the IP address of the TFTP server in the Server IP Address:[ ] field. The TFTP server must be on the same IP subnet as the switch. Enter the path and the filename to the firmware file on the TFTP server. Note that in the above example, the firmware file is in the root directory of the C drive of the TFTP server. The TFTP server must be running TFTP server software to perform the file transfer.
Figure 1-64. Download Configuration File Enter the IP address of the TFTP server and specify the location of the switch configuration file on the TFTP server. Highlight APPLY and press enter record the IP address of the TFTP server. Use Save Changes from the Main Menu to enter the address into NV-RAM Highlight START and press enter to initiate the file transfer. Uploading a Settings File To upload a settings file to the TFTP server, highlight Upload configuration file to TFTP Server and press enter.
Figure 1-65. Upload Setting File Enter the IP address of the TFTP server and the path and filename of the settings file on the TFTP server and press APPLY. Highlight START and press enter to initiate the file transfer. Uploading a History Log File To save a History Log on a TFTP server, highlight Save Log to TFTP Server and press enter. Figure 1-66.
Enter the IP address of the TFTP server and the path and filename for the history log on the TFTP server. Highlight APPLY and press enter to make the changes current. Highlight START and press enter to initiate the file transfer. Testing Connectivity with Ping To test the connection with another network device using Ping, highlight Ping Test and press enter. Figure 1-67.
Highlight Utilities on the Main Menu and press Enter. Highlight BOOTP/DHCP Relay on the Switch Utilities menu and press Enter. Figure 1-68. BOOTP/DHCP Relay Menu Parameter Description BOOTP/DHCP Relay Status This field can be toggled between Enabled and Disabled using the space bar. It is used to enable or disable the BOOTP/DHCP Relay service on the switch. The default is Disabled.
determine whether to forward a given BOOTP or DHCP packet. Figure 1-69. BOOTP/DHCP Relay Interface Configuration Parameter Description This field can be toggled between Add and Delete using the space bar. Toggle to Add and enter the subnet name for which BOOTP Relay will be active. Action: Interface Name:[ ] The interface name of the IP interface on which the BOOTP or DHCP servers reside on. IP Address: Displays the IP address corresponding to the subnet name entered above.
DNS Relay To enter the IP addresses of DNS servers (for the DNS Relay service): Highlight DNS Relay on the Switch Utilities menu and press enter. Figure 1-70. DNS Relay Setup Parameter Description DNSR Status This field can be toggled between Disabled and Enabled using the space bar, and is used to enable or disable the DNS Relay service on the switch. Name Server: [1] [ ] Allows the entry of the IP address of a primary (number 1) and a secondary (number 2) domain name server (DNS).
Status: bar between Disabled and Enabled. This determines if the static DNS table will be used or not. To make a static DNS table entry: Highlight Static Table Setting on the DNS Relay menu and press Enter. Figure 1-71. DNS Relay Setup Parameter Description Action: The Action: field can be toggled between Add/Edit and Delete. Enter the Domain name and its corresponding IP address. Domain Name The domain name of the static DNS table entry.
Network Monitoring The VH-2402-L3 provides extensive network monitoring capabilities that can be viewed under Network Monitoring from the Main Menu. Network monitoring on the switch is divided into Layer 2 and Layer 3 functions, depending upon which operating mode the switch is in. Layer 2 network monitoring functions are visible on the console when the switch is in Layer 2 Only operating mode. Layer 3 network monitoring functions are added to the console when the switch is in IP Routing operating mode.
To display the network data compiled by the switch: Highlight Network Monitoring on the Main Menu and press enter. Figure 1-72. Network Monitoring Menu Port Utilization The Port Utilization screen shows the number of packets transmitted and received per second and calculates the percentage of the total available bandwidth being used on the port (displayed under %Util.). To view the port utilization: Highlight Port Utilization on the Network Monitoring menu and press enter.
Figure 1-73. Port Utilization able Parameter Description Port The switch’s port number. Interval:<2 sec> The time between updates received from the switch. Suspend stops the updates. The default is 2 seconds. TX/sec The rate at which the given port is transmitting packets, in packets per second. RX/sec The rate at which the given port is receiving packets, in packets per second. %Util The percentage utilization of the given port’s available bandwidth.
To view the error statistics for a port: Highlight Port Error Packets on the Network Monitoring menu and press enter. Figure 1-74. Port Error Packets The Port field can be toggled between Port 1~26 to select which group of ports will be displayed. Enter the port number of the port to be viewed. The Interval:<2 sec> field can be toggled from 2 seconds to 1 minute, or suspend. This sets the interval at which the error statistics are updated.
the sum of CRC errors and code errors (frames received with rxerror signal). Undersize The total number of frames received that were less than 64 octets long (excluding framing bits, but including FCS octets) and were otherwise well formed. Oversize The total number of frames received that were longer than 1518 octets (excluding framing bits, but including FCS octets) and were otherwise well formed.
bit-times into the transmission of a packet. Ex. Coll. Excessive Collisions. The number of frames for which transmission failed due to excessive collisions. Single Coll.* Single Collision Frames. The number of successfully transmitted frames for which transmission is inhibited by more than one collision. Coll. An estimate of the total number of collisions on this network segment.
Figure 1-75. Port Packet Analysis Table Parameter Description Interval:<2 sec> The interval (in seconds) that the table is updated. The default is 2 seconds. Frames The number of packets (or frames) received or transmitted by the switch with the size, in octets, given by the column on the right. Frames/sec The number of packets (or frames) transmitted or received, per second, by the switch.
RX Bytes Displays the number of bytes (octets) received by the switch in total number (Total), and rate (Total/sec). RX Frames Displays the number of packets (frames) received by the switch in total number (Total), and rate (Total/sec). TX Bytes Displays the number of bytes (octets) transmitted by the switch in total number (Total), and rate (Total/sec). TX Frames Displays the number of packets (frames) transmitted by the switch in total number (Total), and rate (Total/sec).
Figure 1-76. Browse MAC Address Table The Browse By: field can be toggled between ALL, MAC Address, Port, and VLAN. This sets a filter to determine which MAC addresses from the forwarding table are displayed. ALL specifies no filter. To search for a particular MAC address: Toggle the Browse By: field to MAC Address. A MAC Address:[000000000000] field will appear. Enter the MAC address in the field and press enter.
Figure 1-77. GVRP Status Table Browse Router Port This displays which of the switch’s ports are currently configured as router ports. A router port configured by a user (using the console or web-based management interfaces) is displayed as a static router port, designated by S. A router port that is dynamically configured by the switch is designated by D. To view the Router Port table: Highlight Browse Router Port from the Network Monitoring menu and press Enter.
Figure 1-78 . Browse Router Port The Jump to VID:[1 ] field allows the entry of any VLAN ID (VID) of any VLAN defined on the switch. Enter the VID, highlight GO and press enter. The table will then jump to the VID entered. S signifies a static router port, configured by the user. D signifies a dynamically assigned router port, configured by the switch. IGMP Snooping Table This allows the switch’s IGMP Snooping table to be viewed.
Figure 1-79. IGMP Snooping Status Table Switch History Log − This allows the Switch History Log to be viewed. The switch records all traps, in sequence, that identify events on the switch. The time since the last cold start of the switch is also recorded. To view the switch history log: Highlight Switch History from the Network Monitoring menu and press enter. Figure 1-80.
Layer 3 Network Monitoring When the switch is in Layer 3 (IP Routing) mode, several items are added to the Network Monitoring menu. The following items are added to the Network Monitoring menu when the switch is in Layer 3 (IP Routing) mode: • Browse IP Address • Routing Table • ARP Table • IP Multicast Forwarding Table • IGMP Group Table • DVMRP Routing Table To view the Network Monitoring menu: Highlight Network Monitoring from the Main Menu and press Enter. Figure 1-81.
IP Address Forwarding Table To view the IP address forwarding table: Highlight Browse IP Address from the Network Monitoring menu and press enter. Figure 1-82. IP Forwarding Table – Layer 3 To display a particular IP address, enter the IP address in the Jump to IP Address:[0.0.0.0] field, highlight GO, and press enter. Routing Table To view the contents of the IP Routing table: Highlight Routing Table on the Network Monitoring menu and press Enter.
Figure 1-83. View the IP Routing Table To display a particular Destination IP address, enter either the IP address in the Jump to Destination Address:[0.0.0.0] field, the gateway address in the Gateway:[0.0.0.0] field, or the subnet mask in the Mask:[0.0.0.0] field, highlight GO, and press enter. ARP Table To view the ARP table: Highlight ARP Table on the Network Monitoring menu and press enter.
Figure 1-84. View the ARP Table To display a particular IP interface or an IP address, enter either the IP interface name in the Jump to Interface Name:[ ] field or enter the IP address in the IP Address:[0.0.0.0] field, highlight GO, and press enter. IP Multicast Forwarding Table To view the IP multicast forwarding table: Highlight IP Multicast Forwarding Table from the Network Monitoring menu and press enter. Figure 1-85.
To display a particular multicast group, enter either the IP address in the Jump to Multicast Group:[0.0.0.0] field, enter the source IP address in the Source IP:[0.0.0.0] field, or the source subnet mask in the Source Mask:[0.0.0.0] field, highlight GO, and press enter. This sets a filter to determine which IP addresses and multicast groups from the table are displayed. To display a particular source IP address, enter either the IP address in the Jump to IP Address:[0.0.0.
DVMRP Routing Table To view the DVMRP Routing table: Highlight DVMRP Routing Table from the Network Monitoring menu and press enter. Figure 1-87. Browse DVMRP Routing Table The Jump to Source IP Address:[ ] and Source Mask:[ ] fields allow the entry of an IP address and corresponding subnet mask to search the table for. Highlight GO and press enter and the DVMRP Routing table will be searched for the IP address and subnet mask above.
Figure 1-88. Reboot Highlight one of the two Load Factory Default Configuration entries and press enter. A confirmation screen will appear. Press Y for Yes and press enter. The factory defaults for the VH-2402-L3 are listed in Appendix D of this manual.
Reboot The VH-2402-L3 has several reboot options. To reboot the switch from the console: Highlight Reboot from the Main Menu and press enter. Figure 1-89. Reboot Menu The reboot options are as follows: Reboot simply restarts the switch. Any configuration settings not saved using Save Changes from the Main Menu will be lost. The switch’s configuration will be restored to the last configuration saved in NV-RAM.
Reboot & Load Factory Default Configuration Except IP Address restarts the switch using the default factory configuration, except the user configured IP address will be retained. All other configuration data will be lost. A confirmation screen will appear: Figure 1-90. System Reboot Confirmation To reboot the switch, in the mode entered above, highlight Yes and press enter.
2. Switch Management Concepts SNMP The Simple Network Management Protocol (SNMP) is an OSI layer 7 (the application layer) protocol for remotely monitoring and configuring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, switches, and other network devices. SNMP can be used to perform many of the same functions as a directly connected console, or can be used within an integrated network management software package such as NetSight.
characters may be entered under the Remote Management Setup menu of the console program. Traps Traps are messages that alert network personnel of events that occur on the Switch. The events can be as serious as a reboot (someone accidentally turned OFF the Switch), or less serious like a port status change. The Switch generates traps and sends them to the trap recipient (or network manager).
• Authentication Failure This trap signifies that someone has tried to logon to the switch using an invalid SNMP community string. The switch automatically stores the source IP address of the unauthorized user. • Topology Change A Topology Change trap is sent by the Switch when any of its configured ports transitions from the Learning state to the Forwarding state, or from the Forwarding state to the Blocking state. The trap is not sent if a new root trap is sent for the same transition.
network manager. MIB values can be either read-only or read-write. Read-only MIBs variables can be either constants that are programmed into the Switch, or variables that change while the Switch is in operation. Examples of read-only constants are the number of port and type of ports. Examples of readonly variables are the statistics counters such as the number of errors that have occurred, or how many kilobytes of data have been received and forwarded through a port.
source MAC addresses and their associated port numbers, are deleted from the table if they are not accessed within the aging time. The aging time can be from 10 to 1,000,000 seconds with a default value of 300 seconds. A very long aging time can result in dynamic forwarding table entries that are out-of-date or no longer exist. This may cause incorrect packet forwarding decisions by the switch. If the Aging Time is too short however, many entries may be aged out too soon.
Filtering occurs to keep local traffic confined to its segment. • Filtering done by the Spanning Tree Protocol, which can filter packets based on topology, making sure that signal loops don’t occur. • Filtering done for VLAN integrity. Packets from a member of a VLAN (VLAN 2, for example) destined for a device on another VLAN (VLAN 3) will be filtered.
The VH-2402-L3 STP allows two levels of spanning trees to be configured. The first level constructs a spanning tree on the links between switches. This is referred to as the Switch or Global level. The second level is on a port group basis. Groups of ports are configured as being members of a spanning tree and the algorithm and protocol are applied to the group of ports. This is referred to as the Port or VLAN level.
Forward Delay Timer The amount time spent by a port in the learning and listening states waiting for a BPDU that may return the port to the blocking state. 15 seconds Table 2-1.
STP communicates between switches on the network using Bridge Protocol Data Units (BPDUs). Each BPDU contains the following information: • The unique identifier of the switch that the transmitting switch currently believes is the root switch • The path cost to the root from the transmitting port • The port identifier of the transmitting port The switch sends BPDUs to communicate and construct the spanning-tree topology.
When STP is enabled using the default parameters, the path between source and destination stations in a switched network might not be ideal. For instance, connecting higherspeed links to a port that has a higher number than the current root port can cause a root-port change. The goal is to make the fastest link the root port. STP Port States The BPDUs take some time to pass through a network.
A port transitions from one state to another as follows: • From initialization (switch boot) to blocking • From blocking to listening or to disabled • From listening to learning or to disabled • From learning to forwarding or to disabled • From forwarding to disabled • From disabled to blocking Figure 2-1.
through the states of listening and learning at power up. If properly configured, each port stabilizes to the forwarding or blocking state. No packets (except BPDUs) are forwarded from, or received by, STP enabled ports until the forwarding state is enabled for that port. Default Spanning-Tree Configuration Feature Default Value Enable state STP enabled for all ports Port priority 128 Port cost 19 Bridge Priority 32,768 Table 2-3.
Note: The Hello Time cannot be longer than the Max. Age. Otherwise, a configuration error will occur. • Max. Age The Max. Age can be from 6 to 40 seconds. At the end of the Max. Age, if a BPDU has still not been received from the Root Bridge, your Switch will start sending its own BPDU to all other Switches for permission to become the Root Bridge. If it turns out that your Switch has the lowest Bridge Identifier, it will become the Root Bridge.
connection is based on the STP calculation of the most current Bridge and Port settings. Now, if Bridge A broadcasts a packet to Bridge C, then Bridge C will drop the packet at port 2 and the broadcast will end there. Setting-up STP using values other than the defaults, can be complex. Therefore, you are advised to keep the default factory settings and STP will automatically assign root bridges/ports and block loop connections.
Figure 2-3. After Applying the STA Rules The switch with the lowest Bridge ID (switch C) was elected the root bridge, and the ports were selected to give a high port cost between switches B and C. The two (optional) Gigabit ports (default port cost = 10) on switch A are connected to one (optional) Gigabit port on both switch B and C. The redundant link between switch B and C is deliberately chosen as a 100 Mbps Fast Ethernet link (default port cost = 19).
The VH-2402-L3 supports 6 port trunking groups, which may include from 2 to 8 switch ports each, except for a Gigabit port trunking group which consists of the 2 (optional) Gigabit Ethernet ports of the front panel. These ports are the two 1000BASE-SX, -LX –TX or GBIC ports contained in a frontpanel mounted module. Port Trunking Group Figure 2-4. Port trunking Group Data transmitted to a specific host (destination address) will always be transmitted over the same port in a trunk group.
order they were sent. A trunk connection can be made with any other switch that maintains host-to-host data streams over a single trunk port. Switches that use a load-balancing scheme that sends the packets of a host-to-host data stream over multiple trunk ports cannot have a trunk connection with the VH-2402-L3 switch. VLANs A VLAN is a collection of end nodes grouped by logic rather than physical location.
IEEE 802.1Q VLANs Some relevant terms: Tagging - The act of putting 802.1Q VLAN information into the header of a packet. Untagging - The act of stripping 802.1Q VLAN information out of the packet header. Ingress port - A port on a switch where packets are flowing into the switch and VLAN decisions must be made. Egress port - A port on a switch where packets are flowing out of the switch, either to another switch or to an end station, and tagging decisions must be made. IEEE 802.
• Egress rules – determines if the packet must be sent tagged or untagged. Figure 2-5. IEEE 802.1Q Packet Forwarding 802.1Q VLAN Tags The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address. Their presence is indicated by a value of 0x8100 in the EtherType field. When a packet’s EtherType field is equal to 0x8100, the packet carries the IEEE 802.1Q/802.1p tag.
802.1Q standard. Because the VID is 12 bits long, 4094 unique VLANs can be identified. The tag is inserted into the packet header making the entire packet longer by 4 octets. All of the information contained in the packet originally is retained. Figure 2-6. IEEE 802.1Q Tag The EtherType and VLAN ID are inserted after the MAC source address, but before the originial EtherType/Length or Logical Link Control.
Figure 2-7. Adding an IEEE 802.1Q Tag Port VLAN ID Packets that are tagged (are carrying the 802.1Q VID information) can be transmitted from one 802.1Q compliant network device to another with the VLAN information intact. This allows 802.1Q VLANs to span network devices (and indeed, the entire network – if all network devices are 802.1Q compliant). Unfortunately, not all network devices are 802.1Q compliant. These devices are referred to as tag-unaware. 802.1Q devices are referred to as tag-aware.
Every physical port on a switch has a PVID. 802.1Q ports are also assigned a PVID, for use within the switch. If no VLANs are defined on the switch, all ports are then assigned to a default VLAN with a PVID equal to 1. Untagged packets are assigned the PVID of the port on which they were received. Forwarding decisions are based upon this PVID, in so far as VLANs are concerned. Tagged packets are forwarded according to the VID contained within the tag.
can then be used by other 802.1Q compliant devices on the network to make packet forwarding decisions. Ports with untagging enabled will strip the 802.1Q tag from all packets that flow into and out of those ports. If the packet doesn’t have an 802.1Q VLAN tag, the port will not alter the packet. Thus, all packets received by and forwarded by an untagging port will have no 802.1Q VLAN information. (Remember that the PVID is only used internally within the switch).
point of reception. This eliminates the subsequent processing of packets that will just be dropped by the destination port. VLANs in Layer 2 Only Mode The switch initially configures one VLAN, VID = 1, called the DEFAULT_VLAN. The factory default setting assigns all ports on the switch to the DEFAULT_VLAN. Packets cannot cross VLANs if the switch is in Layer 2 Only mode. If a member of one VLAN wants to connect to another VLAN, the link must be through an external router.
A switch that implements layer 3 (or ‘subnet’) VLANs without performing any routing function between these VLANs is referred to as performing ‘IP Switching’. IP Addressing and Subnetting This section gives basic information needed to configure your Layer 3 switch for IP routing. The information includes how IP addresses are broken down and how subnetting works. You will learn how to assign each interface on the router an IP address with a unique subnet.
IP addresses use a “dotted decimal” notation. Here are some examples of IP addresses written in this format: 1. 2. 3. 210.202.204.205 189.21.241.56 125.87.0.1 This allows IP address to be written in a string of 4 decimal (base 10) numbers. Computers can only understand binary (base 2) numbers, and these binary numbers are usually grouped together in bytes, or eight bits. (A bit is a binary digit – either a “1” or a “0”). The dots (periods) simply make the IP address easier to read.
Binary Octet Digit 27 26 25 24 23 22 21 2 Decimal Equivalent Binary Number 128+64+32+16+8+4+2+1= 255 128 1 64 1 32 1 16 1 8 1 4 1 2 1 1 1 0 Table 2-4. Binary to Decimal Conversion Each digit in an 8-bit binary number (an octet) represents a power of two. The left-most digit represents 2 raised to the 7th power (2x2x2x2x2x2x2=128) while the right-most digit represents 2 raised to the 0th power (any number raised to the 0th power is equal to one, by definition).
always be pinged from a local node because it forms a loopback and points back to the same node. Class D addresses are reserved for multicasting. Class E Addresses are reserved for future use. They are not used for node addresses. The part of the IP address that belongs to the network is the part that is ‘hidden’ by the ‘1’s in the subnet mask. This can be seen below: • • • Class A Class B Class C NETWORK.node.node.node NETWORK.NETWORK.node.node NETWORK.NETWORK.NETWORK.
11111111.00000000.00000000.00000000 Class A Subnet Mask 255.0.0.0 00001010.00000000.00000000.00000000 Network Address 10.0.0.0 The Default subnet masks are: • • • Class A – 11111111.00000000.00000000.00000000 255.0.0.0 Class B – 11111111.11111111.00000000.00000000 255.255.0.0 Class C – 1111111.11111111.11111111.00000000 255.255.255.0 Additional bits can be added to the default subnet mask for a given Class to further subnet a network.
11111111.11100000.00000000.00000000 Subnet Mask 255.224.0.0 00001010.00100000.00000000.00000000 Network Address 10.32.0.0 00001010.00101010.11111111.11111111 Broadcast Address 10.32.255.255 This example uses an 11-bit subnet mask. (There are 3 additional bits added to the default Class A subnet mask). So the number of subnets is: 23 – 2 = 8 – 2 = 6 Subnets of all “0”s and all “1”s are not allowed, so 2 subnets are subtracted from the total.
11111111.11100000.00000000.00000000 – and you can see that there are 11 “1”s or 11 bits used to mask the network address from the node address. Written in CIDR notation this becomes: 10.32.0.0/11 # of Bits Subnet Mask 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 255.192.0.0 255.224.0.0 255.240.0.0 255.248.0.0 255.252.0.0 255.254.0.0 255.255.0.0 255.255.128.0 255.255.192.0 255.255.224.0 255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128 255.255.255.192 255.255.
Table 2-6. Class B Subnet Masks # of Bits 2 3 4 5 6 Subnet Mask 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 CIDR Notation /26 /27 /28 /29 /30 # of Subnets 2 6 14 30 62 # of Hosts 62 30 14 6 2 Total Hosts 124 180 196 180 124 Table 2-7. Class C Subnet Masks Setting up IP Interfaces The Layer 3 switch allows ranges of IP addresses (OSI layer 3) to be assigned to VLANs (OSI layer 2). Each VLAN must be configured prior to setting up the corresponding IP interface.
In this case, 6 IP interfaces are required, so a CIDR notation of 10.32.0.0/11 (or a 11-bit) addressing scheme will work. This addressing scheme will give a subnet mask of 11111111.11100000.00000000.00000000 (binary) or 255.224.0.0 (decimal). Using a 10.xxx.xxx.xxx IP address notation, the above example would give 6 network addresses and 6 subnets. Any IP address from the allowed range of IP addresses for each subnet can be chosen as an IP address for an IP interface on the switch.
Layer 3-Based VLANs Layer 3-based VLANs use network-layer addresses (subnet address for TCP/IP) to determine VLAN membership. These VLANs are based on layer 3 information, but this does not constitute a ‘routing’ function. The VH-2402-L3 allows an IP subnet to be configured for each 802.1Q VLAN that exists on the switch.
A diagram of the OSI model is shown below (note that this is not a complete listing of the protocols contained within each layer of the model): Figure 2-8. OSI Seven Layer Network Model Each layer is a distinct set of programs executing a distinct set of protocols designed to accomplish some necessary tasks. They are separated from the other layers within the same system or network, but must communicate and interoperate.
Figure 2-9. The Protocol Stack Between two protocol stacks, members of the same layer are known as peers and communicate by well-known (open and published) protocols. Within a protocol stack, adjacent layers communicate by an internal interface. This interface is usually not publicly documented and is frequently proprietary. It has some of the same characteristics of a protocol and two stacks from the same software vendor may communicate in the same way.
Layer 1 This is referred to as the physical layer. It handles the electrical connections and signaling required to make a physical link from one point in the network to another. It is on this layer that the unique Media Access Control (MAC) address is defined. Layer 2 This layer, commonly called the switching layer, allows end station addressing and the establishment of connections between them.
destination. IP security allows for authentication and encryption. IP not only allows for user-to-user communication, but also for transmission from point-tomultipoint (known as IP multicasting). Layer 4 This layer, known as the transport layer, establishes the communication path between user applications and the network infrastructure and defines the method of communicating. TCP and UDP are well-known protocols in the transport layer.
TCP/IP The TCP/IP protocol suite is a set of protocols that allow computers to share resources across a network. TCP and IP are only two of the Internet suite of protocols, but they are the best known and it has become common to refer the entire family of Internet protocols as TCP/IP. TCP/IP is a layered set of protocols. An example, such as sending e-mail, can illustrate this. There is first a protocol for sending and receiving e-mail.
only knows the address of the source and the destination of the packet, and it makes its best effort to deliver the packet to its destination. The information required for IP to do its job is contained in a series of octets added to the beginning of the packet called headers. A header contains a few octets of data added to the packet by the protocol in order to keep track of it. Other protocols on other network devices can add and extract their own headers to and from packets as they cross networks.
contain are. If there are 100 octets of data in each packet, the first packet is numbered 0, the second 100, the third 200, etc. To insure that the data in a packet is received uncorrupted, TCP adds the binary value of all the octets in the packet and writes the sum in the checksum field. The receiving TCP recalculates the checksum and if the numbers are different, the packet is dropped. Figure 2-10. TCP Packet Header When packets have been successfully received, TCP sends an acknowledgement.
The transmitting TCP decrements the number in the window field and when it reaches zero, the transmitting TCP stops sending data. When the receiving TCP can accept more data, it increases the number in the window field. In practice, a single packet can acknowledge the receipt of data and give permission for more data to be sent. IP TCP sends its packets to IP with the source and destination IP addresses. IP is only concerned with these IP addresses.
The flags and fragment offset are used to keep track of packets that must be divided among several smaller packets to cross networks for which they are too large. The Time-to-Live (TTL) is the number of gateways the packet is allowed to cross between the source and destination. This number is decremented by one when the packet crosses a gateway and when the TTL reaches zero, the packet is dropped. This helps reduce network traffic if a loop develops.
Figure 2-12. Ethernet Packet Header When a packet is received, the headers are removed. The Ethernet Network Interface Card (NIC) removes the Ethernet header and checks the checksum. It then looks at the type code. If the type code is for IP, the packet is given to IP. IP then removes the IP header and looks at its protocol field. If the protocol field is TCP, the packet is sent to TCP.
computer to another. TCP uses these port numbers to keep track of connections. Specific port numbers are assigned to applications that wait for requests. These port numbers are referred to as ‘well-known’ ports. TCP will open a connection to the FTP server using some random port number, 1234 for example, on the local computer. TCP will specify port 21 for the FTP server. Port 21 is the well-known port number for FTP servers.
FTP transfers actually involve two different connections. The connection begins by the FTP sending commands to send a particular file. Once the commands are sent, a second connection is opened for the actual data transfer. Although it is possible to send data on the same connection, it is very convenient for the FTP client to be able to continue to send commands (such as ‘stop sending this file’).
Figure 2-13. Ethernet Packet Header The UDP header is shorter than a TCP header. UDP also uses a checksum to verify that data is received uncorrupted. The Internet Control Message Protocol (ICMP) is also a simplified protocol used for error messages and messages used by TCP/IP. ICMP, like UDP, processes messages that will fit into a single packet. ICMP does not, however use ports because its messages are processed by the network software.
Mapping Domain Names to Addresses Name-to-address translation is performed by a program called a Name server. The client program is called a Name resolver. A Name resolver may need to contact several Name servers to translate a name to an address. The Domain Name System (DNS) servers are organized in a somewhat hierarchical fashion. A single server often holds names for a single network, which is connected to a root DNS server – usually maintained by an ISP.
DHCP Servers The Dynamic Host Configuration Protocol (DHCP) is used to dynamically assign a TCP/IP network configuration to network devices and computers on the network. It also ensures that IP address conflicts do not occur. IP addresses are assigned from a pool of free addresses. Each IP address assigned has a ‘lease’ and a ‘lease expiration period’. The lease must be periodically renewed. If the lease is expires, the IP address is returned to the pool of available IP addresses.
For two DHCP servers to communicate across different subnets, the BOOTP/DHCP Relay of the VH2402-L3 must be used. The DHCP servers are identified by IP addresses. IP Routing IP handles the task of determining how packets will get from their source to their destination. This process is referred to as routing. For IP to work, the local system must be attached to a network.
A single gateway is usually defined as a default gateway, if that gateway connects the local network to a backbone network or to the Internet. This default gateway is also used whenever no specific route is found for a packet, or when there are several gateways on a network. Local computers can use default gateways, but the gateways themselves need a more complete routing table to be able to forward packets correctly.
Gateways that connect networks of different packet size limits split the large packets into smaller ones and forward the smaller packets on their attached networks. ARP The Address Resolution Protocol (ARP) determines the MAC address and IP address correspondence for a network device. A local computer will maintain an ARP cache which is a table of MAC addresses and the corresponding IP addresses.
Multicast Groups Class D IP addresses are assigned to a group of network devices that comprise a multicast group. The four most significant four bits of a Class D address are set to “1110”. The following 28 bits is referred to as the ‘multicast group ID’. Some of the range of Class D addresses are registered with the Internet Assigned Numbers Authority (IANA) for special purposes. For example, the block of multicast addresses ranging from 224.0.0.1 to 224.0.0.
224.0.0.8 ST Hosts 224.0.0.9 All RIP2 Routers 224.0.0.10 All IGRP Routers 224.0.0.11 Mobile Agents 224.0.0.12 DHCP Servers and Relay Agents 224.0.0.13 All PIM Routers 224.0.0.14 RSVP Encapsulation 224.0.0.15 All CBT Routers 224.0.0.16 Designated Sbm 224.0.0.17 All Sbms 224.0.0.18 VRRP 224.0.0.19 Unassigned through 224.0.0.225 224.0.0.21 DVMRP on MOSPF Table 2-10.
‘querier’. This router then keep track of the membership of multicast groups that have active members on the network. IGMP is used to determine whether the router should forward multicast packets it receives to the subnetworks it is attached to or not. A multicast router that has received a multicast packet will check to determine if there is at least one member of a multicast group that has requested to receive multicast packets from this source. If there is one member, the packet is forwarded.
• • • • An IGMP “report” is sent by a user’s computer to join a group IGMP version 1 does not have an explicit ‘leave’ message. Group members have an expiration timer, and if this timer expires before a query response is returned, the member is dropped from the group. IGMP version 2 introduces an explicit “leave” report. When a user wants to leave a group, this report is sent to the multicast router (for IGMP version 2). Multicast routers send IGMP queries (to the all-hosts group address: 224.0.0.
Figure 2-16. IGMP State Transitions Multicast Routing Algorithms An algorithm is not a program. An algorithm is a statement of how a problem can be solved. A program is written to implement an algorithm. Multicast packets are delivered by constructing multicast trees where the multicast router is the trunk, the branches are the various subnetworks that may be present, and the leaves are end recipients of the multicast packets.
refinement of flooding is to have the router check to determine if a given multicast packet has been received before (in a certain amount of time). If it has, then the packet does not need to be forwarded at all and can be dropped. If the packet is being received for the first time, it should be flooded to all interface, except the interface on which it was received. This will ensure that all routers on the network will receive at least one copy of the multicast packet.
is forwarded on all links except the link on which the packet was received. If the packet was not received on the shortest link back to the source, the packet is dropped. If a link-state routing protocol is in use, RPB on a local router can determine if the path from the source through the local router to an immediately neighboring router. If it is not, the packet will be dropped at the next router and the packet should not be forwarded.
send a prune message to the previous router. This will remove the leaf router’s branch from the spanning tree, and no more multicast packets (from that source) will be forwarded to it. Prune messages have a TTL equal to one, so they can be sent only one hop (one router) back toward the source.
which the packet was received. Subsequent prune messages are used to prune branches of the delivery tree that are either not on the shortest path back to the multicast source, or that have no active multicast group members. A ‘graft’ message is added that allows a previously pruned branch of the multicast delivery tree to be reactivated. This allows for lower latency when a leaf router adds a new member to a multicast membership group.
Routing Protocols Protocol-Independent Multicast – Dense Mode There are two protocols in Protocol Independent Multicast (PIM), Protocol Independent MulticastDense Mode (PIM-DM) which is used when the multicast destinations are closely spaced, and Protocol Independent Multicast-Sparse Mode (PIMSM) which is used when the multicast destinations are spaced further apart. PIM-DM is most commonly implemented in an intranetwork (LAN) where the distance between users is minimal.
There are a few rules to the routing table update process that help to improve performance and stability. A router will not replace a route with a newly learned one if the new route has the same hop count (sometimes referred to as ‘cost’). So learned routes are retained until a new route with a lower hop count is learned. When learned routes are entered into the routing table, a timer is started. This timer is restarted every time this route is advertised.
RIP Version 1 Message Format There are two types of RIP messages: routing information messages and information requests. The same format is used by both types. Figure 2-17. RIP v.
The COMMAND field specifies an operation according the following table: Command Meaning 1 Request for partial or full routing information 2 Response containing network-distance pairs from sender’s routing table 3 Turn on trace mode (obsolete) 4 Turn off trace mode (obsolete) 5 Reserved for Sun Microsystem’s internal use 9 Update Request 10 Update Response 11 Update Acknowledgement Table 2-12.
RIP 1 Route Interpretation RIP was designed to be used with classed address schemes, and does not include an explicit subnet mask. An extension to version 1 does allow routers to exchange subnetted addresses, but only if the subnet mask used by the network is the same as the subnet mask used by the address. This means the RIP version 1 cannot be used to propagate classless addresses. Routers running RIP version 1 must send different update messages for each IP interface to which it is connected.
Figure 2-18. RIP Message Format RIP version 2 also adds a 16-bit route tag that is retained and sent with router updates. It can be used to identify the origin of the route. Because the version number in RIP2 occupies the same octet as in RIP1, both versions of the protocols can be used on a given router simultaneously without interference.
Appendix A. Troubleshooting STP Spanning Tree Protocol Failure A failure in the STA generally leads to a bridging loop. A bridging loop in an STP environment comes from a port that should be in the blocking state, but is forwarding packets. Figure A-1. STP Loop In this example, B has been elected as the designated bridge and port 2 on C is in the blocking state. The election of B as the designated bridge is determined by the exchange of BPDUs between B and C. B had a better BPDU than C.
It should be noted: A port must continue to receive BPDUs advertising superior paths to remain in the blocking state. There are a number of circumstances in which the STA can fail – mostly related to the loss of a large number of BPDUs. These situations will cause a port in the blocking state to transition to the forwarding state. Full/Half Duplex Mismatch A mismatch in the duplex state of two ports is a very common configuration error for a point-to-point link.
sending packets even if A is using the link. A will then detect collisions and begin to run the flow control algorithm. If there is enough traffic between B and A, all packets (including BPDUs) will be dropped. If the BPDUs sent from A to B are dropped for longer than the MAX AGE, B will lose its connection to the root (A) and will unblock its connection to C. This will lead to a data loop.
This type of failure is difficult to detect because the Linkstate LEDs for Ethernet links rely on the transmit side of the cable to detect a link. If a unidirectional failure on a link is suspected, it is usually required to go to the console or other management software and look at the packets received and transmitted for the port. A unidirectional port will have many packets transmitted but none received, or vice versa, for example.
Identifying a Data Loop Broadcast storms have a very similar effect on the network to data loops, but broadcast storm controls in modern switches have (along with subnetting and other network practices) have been very effective in controlling broadcast storms. The best way to determine if a data loop exists is to capture traffic on a saturated link and check if similar packets are seen multiple times.
physical loop in the network and which ports break which loops is extremely helpful. Minimize the number of ports in the blocking state. A single blocking port transitioning to the forwarding state at an inappropriate time can cause a large part of a network to fail. Limiting the number of blocked ports help to limit the risk of an inappropriate transition. Figure A-4. STP Network Layout This is a common network design.
between switches A and B and two blocked ports per VLAN. This increases the chance of a data loop. Figure A-5. After Applying STP In this example, the VLAN definitions are extended to switches A and B. This gives only a single blocked port per VLAN and allows the removal of all redundant links by removing switch A or B from the network. Impact of Layer 3 Switching.
• Receiving packets and forwarding them to the correct interface based upon their destination address With layer 3 switching, there is no performance penalty to introducing a routing hop and creating an additional segment of the network. Figure A-6. Using Layer 3 VLANs Using layer 3 switches and IP routing eliminates the need for STP port blocking because the packets are routed by destination addresses.
Appendix B. Brief Review of Bitwise Logical Operations AND The logical AND operation compares 2 bits and if they are both “1”, then the result is “1”, otherwise, the result is “0”. 0 1 0 0 0 1 0 1 OR The logical OR operation compares 2 bits and if either or both bits are “1”, then the result is “1”, otherwise, the result is “0”. 0 1 0 0 0 1 0 1 XOR The logical XOR (exclusive OR) operation compares 2 bits and if exactly one of them is a “1”, then the result is “1”, otherwise the result is “0”.
The logical NOT operation simply changes the value of a single bit. If it is a “1”, the result is “0”, if it is a “0”, the result is “1”. This operation is carried out on a single bit.
Appendix C. Technical Specifications General Standards: IEEE 802.3 10BASE-T Ethernet IEEE 802.3u 100BASE-TX Fast Ethernet IEEE 802.3z 1000BASE-SX Gigabit Ethernet IEEE 802.1 P/Q VLAN IEEE 802.3x Full-duplex Flow Control ANSI/IEEE 802.
General (Cont’d) Network Cables: 10BASE-T: 100BASE-TX: Fiber Optic: Number of Ports: 2-pair UTP Cat. 3,4,5 (100 m) EIA/TIA- 568 100-ohm STP (100 m) 2-pair UTP Cat. 5 (100 m) EIA/TIA-568 100-ohm STP (100 m) IEC 793-2:1992 Type A1a - 50/125um multimode Type A1b - 62.
Physical and Environmental Safety: UL, CSA, CE Mark, TUV/GS UL 1950 & CSA22.2 No 950, IEC 950 (CB), TUV (EN60950) Performance Transmission Method: Store-and-forward RAM Buffer: 16 MB per device Filtering Address Table: 8K MAC address per device Packet Filtering/ Forwarding Rate: Full-wire speed for all connections. 148,800 pps per port (for 100Mbps)1,488,000 pps per port (for 1000Mbps) MAC Address Learning: Forwarding Table Age Time: 9033691-01 Automatic update. Max age:10–9999 seconds.
Index A AC inputs.............................................190 Administrator...........................................7 Aging Time, definition of....................116 Aging Time, range of ..........................117 APPLY....................................................5 Automatic learning............................117 B Baud Rate ..............................................24 BOOTP protocol....................................19 BOOTP server .......................................
Super User ...............................................9 T tagging.................................................130 Tagging ...............................................130 TCP/IP Settings .....................................17 1 terminal emulator ....................................4 terminal parameters .................................4 Third-party vendors’ SNMP software.116 Transmission Methods ........................191 Trap managers .....................................