ExtremeWare XOS Concepts Guide Software Version 10.1 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 http://www.extremenetworks.
©2003 Extreme Networks, Inc. All rights reserved. Extreme Networks, ExtremeWare and BlackDiamond are registered trademarks of Extreme Networks, Inc. in the United States and certain other jurisdictions.
Contents Preface Part 1 Chapter 1 Introduction Terminology 13 13 Conventions 14 Related Publications 14 Using ExtremeWare XOS ExtremeWare XOS Overview Virtual LANs (VLANs) Spanning Tree Protocol Quality of Service Unicast Routing IP Multicast Routing Load Sharing Chapter 2 17 17 18 18 18 18 Accessing the Switch Understanding the Command Syntax Syntax Helper Command Shortcuts Modular Switch Numerical Ranges Stand-alone Switch Numerical Ranges Names Symbols Limits 21 22 22 23 23 23 24 24 Line-Ed
Contents Chapter 3 4 User Account Administrator Account Default Accounts Creating a Management Account 27 27 28 29 Domain Name Service Client Services 29 Checking Basic Connectivity Ping Traceroute 30 30 31 Managing the Switch Overview 33 Understanding the XOS Shell Configuring the Number of Active Shell Sessions 34 34 Using the Console Interface 34 Using the 10/100 Ethernet Management Port 34 Using Telnet Connecting to Another Host Using Telnet Configuring Switch IP Parameters Disconnectin
Contents Chapter 4 Chapter 5 Chapter 6 Configuring Slots and Ports on a Switch Configuring a Slot on a Modular Switch 53 Configuring Ports on a Switch Enabling and Disabling Switch Ports Configuring Switch Port Speed and Duplex Setting 54 54 55 Jumbo Frames Enabling Jumbo Frames Path MTU Discovery IP Fragmentation with Jumbo Frames IP Fragmentation within a VLAN 56 56 56 57 57 Load Sharing on the Switch Configuring Switch Load Sharing Load-Sharing Examples Verifying the Load-Sharing Configuration
Contents Chapter 7 Chapter 8 6 FDB Configuration Examples 77 MAC-Based Security 78 Displaying FDB Entries 78 Quality of Service (QoS) Overview of Policy-Based Quality of Service 82 Applications and Types of QoS Voice Applications Video Applications Critical Database Applications Web Browsing Applications File Server Applications 82 82 83 83 83 83 Configuring QoS 84 QoS Profiles 84 Traffic Groupings Explicit Class of Service (802.
Contents Filtering Events Sent to Targets Formatting Event Messages Displaying Real-Time Log Messages Displaying Events Logs Uploading Events Logs Displaying Counts of Event Occurrences Displaying Debug Information Chapter 9 Part 2 Chapter 10 101 108 108 109 109 110 111 Security Security Overview 113 Network Access Security 113 IP Access Lists (ACLs) Creating IP Access Lists ACL File Syntax Example ACL Rule Entries Using Access Lists on the Switch Displaying and Clearing ACL Counters 113 114 114 1
Contents Chapter 11 Chapter 12 8 STP Configurations Basic STP Configuration Multiple STPDs on a Port VLAN Spanning Multiple STPDs EMISTP Deployment Constraints 142 142 145 145 146 Per-VLAN Spanning Tree STPD VLAN Mapping Native VLAN 148 148 148 Rapid Spanning Tree Protocol RSTP Terms RSTP Concepts RSTP Operation 148 149 149 152 STP Rules and Restrictions 159 Configuring STP on the Switch STP Configuration Examples 159 160 Displaying STP Settings 163 Virtual Router Redundancy Protocol Overvie
Contents Verifying the IP Unicast Routing Configuration Chapter 13 Chapter 14 180 Routing Configuration Example 180 Configuring DHCP/BOOTP Relay Verifying the DHCP/BOOTP Relay Configuration UDP Echo Server 182 182 183 Interior Gateway Protocols Overview RIP Versus OSPF 186 186 Overview of RIP Routing Table Split Horizon Poison Reverse Triggered Updates Route Advertisement of VLANs RIP Version 1 Versus RIP Version 2 187 187 187 187 187 187 188 Overview of OSPF Link-State Database Areas Point-to-
Contents BGP Peer Groups BGP Route Flap Dampening BGP Route Selection Stripping Out Private AS Numbers from Route Updates Route Re-Distribution Configuring Route Re-Distribution Chapter 15 Part 3 Appendix A Appendix B 10 210 211 212 213 213 213 IP Multicast Routing Overview PIM Overview IGMP Overview 215 216 217 Configuring IP Multicasting Routing 218 Configuration Examples PIM-DM Configuration Example Configuration for IR1 Configuration for ABR1 219 219 220 221 Appendixes Software Upgrade and
Contents Appendix C Debug Mode 238 System Health Check 238 System Odometer 238 Contacting Extreme Technical Support 239 Supported Protocols, MIBs, and Standards Index Index of Commands ExtremeWare XOS 10.
Contents 12 ExtremeWare XOS 10.
Preface This preface provides an overview of this guide, describes guide conventions, and lists other publicati ons that might be useful. Introduction This guide provides the required information to configure ExtremeWare XOS software running on either modular or stand-alone switches from Extreme Networks. The guide is intended for use by network administrators who are responsible for installing and setting up network equipment.
Preface Conventions Table 1 and Table 2 list conventions that are used throughout this guide. Table 1: Notice Icons Icon Notice Type Alerts you to... Note Important features or instructions. Caution Risk of personal injury, system damage, or loss of data. Warning Risk of severe personal injury. Table 2: Text Conventions Convention Description Screen displays This typeface indicates command syntax, or represents information as it appears on the screen.
Part 1 Using ExtremeWare XOS
1 ExtremeWare XOS Overview ExtremeWare XOS is the full-featured software operating system that is designed to run on the Extreme Networks BlackDiamond 10800 family of switches. NOTE ExtremeWare XOS 10.1 only supports Extreme Networks BlackDiamond 10800 family products. This does not includes other BlackDiamond families, Alpine, and Summit “i”, Summit 24e3, and Summit 200 series platforms.
ExtremeWare XOS Overview NOTE For more information on STP, see Chapter 10. Quality of Service ExtremeWare XOS has Policy-Based Quality of Service (QoS) features that enable you to specify service levels for different traffic groups. By default, all traffic is assigned the normal QoS policy profile. If needed, you can customize other QoS policies and apply them to different traffic types so that they have different guaranteed minimum bandwidth, maximum bandwidth, and priority.
NOTE For information on load sharing, see Chapter 4. ExtremeWare XOS 10.
ExtremeWare XOS Overview 20 ExtremeWare XOS 10.
2 Accessing the Switch This chapter covers the following topics: • Understanding the Command Syntax on page 21 • Line-Editing Keys on page 24 • Command History on page 25 • Common Commands on page 25 • Configuring Management Access on page 27 • Domain Name Service Client Services on page 29 • Checking Basic Connectivity on page 30 Understanding the Command Syntax This section describes the steps to take when entering a command.
Accessing the Switch 3 The value part of the command specifies how you want the parameter to be set. Values include numerics, strings, or addresses, depending on the parameter. 4 After entering the complete command, press [Return]. NOTE If an asterisk (*) appears in front of the command-line prompt, it indicates that you have outstanding configuration changes that have not been saved. For more information on saving configuration changes, see Appendix A. Syntax Helper The CLI has a built-in syntax helper.
Understanding the Command Syntax configure engineering delete port 1:3,4:6 Similarly, on the stand-alone switch, instead of entering the command configure vlan engineering delete port 1-3,6 you could enter the following shortcut: configure engineering delete port 1-3,6 Although it is helpful to have unique names for system components, this is not a requirement.
Accessing the Switch Symbols You may see a variety of symbols shown as part of the command syntax. These symbols explain how to enter the command, and you do not type them as part of the command itself. Table 3 summarizes command syntax symbols. Table 3: Command Syntax Symbols Symbol Description angle brackets < > Enclose a variable or value. You must specify the variable or value.
Command History Table 4: Line-Editing Keys (continued) Key(s) Description [Ctrl] + H or Backspace Deletes character to left of cursor and shifts remainder of line to left. Delete or [Ctrl] + D Deletes character under cursor and shifts remainder of line to left. [Ctrl] + K Deletes characters from under cursor to end of line. Insert Toggles on and off. When toggled on, inserts text and shifts previous text to right. Left Arrow Moves cursor to left. Right Arrow Moves cursor to right.
Accessing the Switch Table 5: Common Commands (continued) Command Description configure banner Configures the banner string. You can enter up to 24 rows of 79-column text that is displayed before the login prompt of each session. Press [Return] at the beginning of a line to terminate the command and apply the banner. To clear the banner, press [Return] at the beginning of the first line.
Configuring Management Access Table 5: Common Commands (continued) Command Description unconfigure switch {all} Resets all switch parameters (with the exception of defined user accounts, and date and time information) to the factory defaults. If you specify the keyword all, the switch erases the currently selected configuration image in flash memory and reboots. As a result, all parameters are reset to default settings.
Accessing the Switch If an asterisk (*) appears in front of the command-line prompt, it indicates that you have outstanding configuration changes that have not been saved. For example: * Summit1:19# Default Accounts By default, the switch is configured with two accounts, as shown in Table 6. Table 6: Default Accounts Account Name Access Level admin This user can access and change all manageable parameters. However, the user may not delete all admin accounts.
Domain Name Service Client Services NOTE If you forget your password while logged out of the command line interface, contact your local technical support representative, who will advise on your next course of action. Creating a Management Account The switch can have a total of 16 management accounts. You can use the default names (admin and user), or you can create new names and passwords for the accounts. Passwords can have a minimum of 0 characters and can have a maximum of 30 characters.
Accessing the Switch You can specify up to eight DNS servers for use by the DNS client using the following command: configure dns-client add domain-suffix | name-server You can specify a default domain for use when a host name is used without a domain. Use the following command: configure dns-client default-domain For example, if you specify the domain “xyz-inc.
Checking Basic Connectivity Table 7: Ping Command Parameters (continued) Parameter Description ttl Sets the IP header ttl value. If a ping request fails, the switch continues to send ping messages until interrupted. Press [Control] + C to interrupt a ping request. The statistics are tabulated after the ping is interrupted. Traceroute The traceroute command enables you to trace the routed path between the switch and a destination endstation.
Accessing the Switch 32 ExtremeWare XOS 10.
3 Managing the Switch This chapter covers the following topics: • Overview on page 33 • Understanding the XOS Shell on page 34 • Using the Console Interface on page 34 • Using the 10/100 Ethernet Management Port on page 34 • Using Telnet on page 35 • Using Trivial File Transfer Protocol (TFTP) on page 38 • Using SNMP on page 39 • Authenticating Users on page 48 • Using the Simple Network Time Protocol on page 48 Overview Using ExtremeWare XOS, you can manage the switch using the following methods: • Acce
Managing the Switch Understanding the XOS Shell When you login to ExtremeWare XOS from a terminal, you enter the XOS shell and the XOS shell prompt is displayed. At the shell prompt, you input the commands to be executed on the switch. Once the switch processes and executes a command, the results are relayed to and displayed on your terminal. The XOS shell supports ANSI, VT100, and XTERM terminal emulation, and the shell adjusts to the correct terminal type and window size.
Using Telnet The management port on the MSM is a DTE port. The TCP/IP configuration for the management port is done using the same syntax as used for VLAN configuration. The VLAN mgmt comes pre configured with only the 10/100 UTP management port as a member. When you configure the IP address for the VLAN mgmt, it gets assigned to the primary MSM. You can connect to the management port on the primary MSM for any switch configuration.
Managing the Switch Configuring Switch IP Parameters To manage the switch by way of a Telnet connection or by using an SNMP Network Manager, you must first configure the switch IP parameters.
Using Telnet The switch comes configured with a default VLAN named default. To use Telnet or an SNMP Network Manager, you must have at least one VLAN on the switch, and it must be assigned an IP address and subnet mask. IP addresses are always assigned to each VLAN. The switch can be assigned multiple IP addresses. NOTE For information on creating and configuring VLANs, see Chapter 5.
Managing the Switch save 8 When you are finished using the facility, log out of the switch by typing: logout or quit Disconnecting a Telnet Session An administrator-level account can disconnect a Telnet management session. If this happens, the user logged in by way of the Telnet connection is notified that the session has been terminated. To terminate a Telnet session, follow these steps: 1 Log in to the switch with administrator privileges.
Using SNMP Enabling the TFTP Server By default, the TFTP server is disabled on the switch. You can choose to enable the TFTP server by using the following command: enable tftp To disable the TFTP server on the switch, use the following command disable tftp You must be logged in as an administrator to enable or disable the TFTP server. To change the default TCP server/daemon port number, use the following command: configure tftp port [ | default] The range for the port number is 1 through 65535.
Managing the Switch Most of the commands that support SNMPv1/v2c use the keyword snmp; most of the commands that support SNMPv3 use the keyword snmpv3. Accessing Switch Agents To have access to the SNMP agent residing in the switch, at least one VLAN must have an IP address assigned to it. By default, SNMP access and SNMPv1/v2c traps are enabled. SNMP access and SNMP traps can be disabled and enabled independently—you can disable SNMP access but still allow SNMP traps to be sent, or vice versa.
Using SNMP • Login statistics — Enable/disable state for idle timeouts — Maximum number of CLI sessions SNMPv3 SNMPv3 is an enhanced standard for SNMP that improves the security and privacy of SNMP access to managed devices and provides sophisticated control of access to the device MIB. The prior standard versions of SNMP, SNMPv1 and SNMPv2c provided no privacy and little (or no) security.
Managing the Switch In addition, the SNMPv3 target and notification MIBs provide a more procedural approach for the generation and filtering of notifications. SNMPv3 objects are stored in non-volatile memory unless specifically assigned to volatile storage. Objects defined as permanent cannot be deleted or modified. NOTE In SNMPv3, many objects can be identified by a human-readable string or by a string of hex octets.
Using SNMP SNMPEngineBoots can also be configured from the command line. SNMPEngineBoots can be set to any desired value but will latch on its maximum, 2147483647. Use the following command to set the SNMPEngineBoots: configure snmpv3 engine-boots <(1-2147483647)> Users, Groups, and Security SNMPv3 controls access and security using the concepts of users, groups, security models, and security levels. Users. Users are created by specifying a user name.
Managing the Switch Users are associated with groups using the following command: configure snmpv3 add group {hex} user {hex} {sec-model [snmpv1| snmpv2 | usm]} {volatile} To show which users are associated with a group, use the following command: show snmpv3 group {{hex} {user {hex} }} To delete a group, use the following command: configure snmpv3 delete access [all-non-defaults | {{hex} {sec-model [snmpv1 | snmpv2c | usm] sec-level [noauth |
Using SNMP relationship between a MIB view and an access group. The users of the access group can then read, write, or receive notifications from the part of the MIB defined in the MIB view as configured in the access group. A view name, a MIB subtree/mask, and an inclusion or exclusion define every MIB view. For example, there is a System group defined under the MIB-2 tree. The Object Identifier (OID) for MIB-2 is 1.3.6.1.2, and the System group is defined as MIB-2.1.1, or directly as 1.3.6.1.2.1.1.
Managing the Switch name also points to the filter profile used to filter the notifications. Finally, the notification tags are added to a notification table so that any target addresses using that tag will receive notifications. Target Addresses A target address is similar to the earlier concept of a trap receiver.
Using SNMP When you create a filter profile, you are only associating a filter profile name with a target parameter name. The filters that make up the profile are created and associated with the profile using a different command.
Managing the Switch Configuring Notifications Since the target parameters name is used to point to a number of objects used for notifications, configure the target parameter name entry first. You can then configure the target address, filter profiles and filters, and any necessary notification tags. Authenticating Users ExtremeWare XOS provides two methods to authenticate users who login to the switch: • RADIUS client • TACACS+ NOTE You cannot configure RADIUS and TACACS+ at the same time.
Using the Simple Network Time Protocol Configuring and Using SNTP To use SNTP, follow these steps: 1 Identify the host(s) that are configured as NTP server(s). Additionally, identify the preferred method for obtaining NTP updates. The options are for the NTP server to send out broadcasts, or for switches using NTP to query the NTP server(s) directly. A combination of both methods is possible. You must identify the method that should be used for the switch being configured.
Managing the Switch Table 8: Time zone configuration command options (continued) absolute_day Specifies a specific day of a specific year on which to begin or end DST. Format is: where: • is specified as 1-12 • is specified as 1-31 • is specified as 1970 - 2035 The year must be the same for the begin and end dates. time_of_day_hour Specifies the time of day to begin or end Daylight Savings Time. May be specified as an hour (0-23). Default is 2.
Using the Simple Network Time Protocol Table 9: Greenwich mean time offsets GMT Offset in Hours GMT Offset in Minutes Common Time Zone References +0:00 +0 GMT - Greenwich Mean UT or UTC - Universal (Coordinated) Cities London, England; Dublin, Ireland; Edinburgh, Scotland; Lisbon, Portugal; Reykjavik, Iceland; Casablanca, Morocco WET - Western European -1:00 -60 WAT - West Africa Azores, Cape Verde Islands -2:00 -120 AT - Azores -3:00 -180 -4:00 -240 AST - Atlantic Standard Caracas; La Pa
Managing the Switch Table 9: Greenwich mean time offsets (continued) GMT Offset in Hours GMT Offset in Minutes Common Time Zone References +11:00 +660 +12:00 +720 IDLE - International Date Line East NZST - New Zealand Standard Cities Wellington, New Zealand; Fiji, Marshall Islands NZT - New Zealand SNTP Example In this example, the switch queries a specific NTP server and a backup NTP server. The switch is located in Cupertino, CA, and an update occurs every 20 minutes.
4 Configuring Slots and Ports on a Switch This chapter covers the following topics: • Configuring a Slot on a Modular Switch on page 53 • Configuring Ports on a Switch on page 54 • Jumbo Frames on page 56 • Load Sharing on the Switch on page 58 • Switch Port-Mirroring on page 59 • Extreme Discovery Protocol on page 60 • on page 60 • Switch Port-Mirroring on page 59 Configuring a Slot on a Modular Switch If a slot has not been configured for a particular type of module, then any type of module is accept
Configuring Slots and Ports on a Switch the slot configuration must be cleared or configured for the new module type. To clear the slot of a previously assigned module type, use the following command: clear slot All configuration information related to the slot and the ports on the module is erased. If a module is present when you issue this command, the module is reset to default settings.
Configuring Ports on a Switch disable ports 7:3,7:5,7:12-7:15 Even though a port is disabled, the link remains enabled for diagnostic purposes. Configuring Switch Port Speed and Duplex Setting By default, the switch is configured to use autonegotiation to determine the port speed and duplex setting for each port. You can manually configure the duplex setting and the speed of 10/100 Mbps ports, and you can manually configure the duplex setting of Gigabit Ethernet ports.
Configuring Slots and Ports on a Switch Table 10: Support for Autonegotiation on Various Ports PHY Autonegotiation Speed Duplex 10 G Not configurable; On 10 G Not configurable 1 G fiber On/Off 1G Not configurable; Full duplex 1 G copper at 1000 Mbps Not configurable 1G Not configurable 1 G copper at 10/100 Mbps On/Off 10/100 Mbps Full/Half duplex Jumbo Frames Jumbo frames are Ethernet frames that are larger than 1522 bytes, including four bytes used for the cyclic redundancy check (CRC)
Jumbo Frames The path MTU discovery process ends when one of the following is true: • The source host sets the path MTU low enough that its datagrams can be delivered without fragmentation. • The source host does not set the DF bit in the datagram headers. If it is willing to have datagrams fragmented, a source host can choose not to set the DF bit in datagram headers.
Configuring Slots and Ports on a Switch Load Sharing on the Switch Load sharing allows you to increase bandwidth and availability by using a group of ports to carry traffic in parallel between switches. Load sharing allows the switch to use multiple ports as a single logical port. For example, VLANs see the load-sharing group as a single logical port. Most load-sharing algorithms guarantee packet sequencing between clients.
Switch Port-Mirroring configure sharing delete ports Load-Sharing Examples This section provides examples of how to define load-sharing on modular and stand-alone switches.
Configuring Slots and Ports on a Switch Up to eight mirroring filters and one monitor port can be configured. Once a port is specified as a monitor port, it cannot be used for any other function. NOTE Frames that contain errors are not mirrored.
5 Virtual LANs (VLANs) This chapter covers the following topics: • Overview of Virtual LANs on page 61 • Types of VLANs on page 62 • VLAN Names on page 70 • Configuring VLANs on the Switch on page 71 • Displaying VLAN Settings on page 72 • VLAN Tunneling (VMANs) on page 73 Setting up Virtual Local Area Networks (VLANs) on the switch eases many time-consuming tasks of network administration while increasing efficiency in network operations.
Virtual LANs (VLANs) Types of VLANs VLANs can be created according to the following criteria: • Physical port • 802.1Q tag • Ethernet, LLC SAP, or LLC/SNAP Ethernet protocol type • MAC address • A combination of these criteria Port-Based VLANs In a port-based VLAN, a VLAN name is given to a group of one or more ports on the switch. All ports are members of the port-based VLAN default.
Types of VLANs Spanning Switches with Port-Based VLANs To create a port-based VLAN that spans two switches, you must do two things: 1 Assign the port on each switch to the VLAN. 2 Cable the two switches together using one port on each switch per VLAN. Figure 2 illustrates a single VLAN that spans a BlackDiamond switch and another Extreme switch. All ports on the BlackDiamond switch belong to VLAN Sales. Ports 1 through 29 on the other Extreme switch also belong to VLAN Sales.
Virtual LANs (VLANs) Figure 3: Two port-based VLANs spanning two switches System 1 Accounting Engineering System 2 EX_063 VLAN Accounting spans system 1 and system 2 by way of a connection between system 2, port 29 and system 1, slot 1, port 6. VLAN Engineering spans system 1 and system 2 by way of a connection between system 2, port 32, and system 1, slot 8, port 6. Using this configuration, you can create multiple VLANs that span multiple switches, in a daisy-chained fashion.
Types of VLANs Uses of Tagged VLANs Tagging is most commonly used to create VLANs that span switches. The switch-to-switch connections are typically called trunks. Using tags, multiple VLANs can span multiple switches using one or more trunks. In a port-based VLAN, each VLAN requires its own pair of trunk ports, as shown in Figure 3. Using tags, multiple VLANs can span two switches with a single trunk. Another benefit of tagged VLANs is the ability to have a port be a member of multiple VLANs.
Virtual LANs (VLANs) Figure 4: Physical diagram of tagged and untagged traffic M = Marketing S = Sales System 1 = Tagged port Marketing & Sales M S S 802.1Q Tagged server M M M S S S S System 2 EX_064 Figure 5 is a logical diagram of the same network.
Types of VLANs • The server connected to port 25 on system 1 is a member of both VLAN Marketing and VLAN Sales. • All other stations use untagged traffic. As data passes out of the switch, the switch determines if the destination port requires the frames to be tagged or untagged. All traffic coming from and going to the server is tagged. Traffic coming from and going to the trunk ports is tagged. The traffic that comes from and goes to the other stations on this network is not tagged.
Virtual LANs (VLANs) Figure 6: Protocol-based VLANs 1 2 3 4 A 192.207.35.1 B 5 6 7 8 192.207.36.1 My Company 192.207.35.0 Finance 1 2 192.207.36.
Types of VLANs configure protocol add [etype | llc | snap] {[etype | llc | snap] } ... Supported protocol types include: — etype—EtherType. The values for etype are four-digit hexadecimal numbers taken from a list maintained by the IEEE. This list can be found at the following URL: http://standards.ieee.org/regauth/ethertype/index.html — llc—LLC Service Advertising Protocol (SAP).
Virtual LANs (VLANs) VLAN Names Each VLAN is given a name that can be up to 32 characters. VLAN names can use standard alphanumeric characters. The following characters are not permitted in a VLAN name: • Space • Comma • Quotation mark VLAN names must begin with an alphabetical letter. The names can be no longer than 32 characters and must begin with an alphabetic character. The remainder of the name can be alphanumeric or contain underscore (_) characters. VLAN names cannot be keywords.
Configuring VLANs on the Switch Configuring VLANs on the Switch This section describes the commands associated with setting up VLANs on the switch. Configuring a VLAN involves the following steps: 1 Create and name the VLAN. 2 Assign an IP address and mask (if applicable) to the VLAN, if needed. NOTE Each IP address and mask assigned to a VLAN must represent a unique IP subnet. You cannot configure the same IP subnet on different VLANs.
Virtual LANs (VLANs) configure configure configure configure sales tag 120 sales add port 1-3 tagged default delete port 4,7 sales add port 4,7 The following modular switch example creates a protocol-based VLAN named ipsales. Slot 5, ports 6 through 8, and slot 6, ports 1, 3, and 4-6 are assigned to the VLAN. In this example, you can add untagged ports to a new VLAN without first deleting them from the default VLAN, because the new VLAN uses a protocol other than the default protocol.
VLAN Tunneling (VMANs) Displaying Protocol Information To display protocol information, use the following command: show protocol {} This show command displays protocol information, which includes: • Protocol name. • List of protocol fields. • VLANs that use the protocol. VLAN Tunneling (VMANs) You can “tunnel” any number of 802.1Q and/or Cisco ISL VLANs into a single VLAN that can be switched through an Extreme Ethernet infrastructure.
Virtual LANs (VLANs) The configuration for the switches shown in Figure 7 is: configure dot1q ethertype 88a8 enable jumbo-frame ports 31,32 configure jumbo-frame size 1530 create vlan Tunnel1 configure vlan Tunnel1 tag 50 configure vlan Tunnel1 add port 1-4 untag configure vlan Tunnel1 add port 31,32 tagged create vlan Tunnel2 configure vlan Tunnel2 tag 60 configure vlan Tunnel2 add port 5-8 untag create vlan Tunnel2 add port 31,32 tagged On the BlackDiamond switch, the configuration is: configure dot1q e
6 Forwarding Database (FDB) This chapter describes the following topics: • Overview of the FDB on page 75 • FDB Configuration Examples on page 77 • MAC-Based Security on page 78 • Displaying FDB Entries on page 78 Overview of the FDB The switch maintains a database of all media access control (MAC) addresses received on all of its ports. It uses the information in this database to decide whether a frame should be forwarded or filtered.
Forwarding Database (FDB) FDB Entry Types FDB entries may be dynamic or static, and may be permanent or non-permanent. The following describes the types of entries that can exist in the FDB: • Dynamic entries—A dynamic entry is learned by the switch by examining packets to determine the source MAC address, VLAN, and port information. The switch then creates or updates an FDB entry for that MAC address.
FDB Configuration Examples Non-permanent static entries are created by the switch software for various reasons, typically upon switch boot up. They are identified by the “s” flag in show fdb output. If the FDB entry aging time is set to zero, all entries in the database are considered static, non-aging entries. This means that they do not age, but they are still deleted if the switch is reset.
Forwarding Database (FDB) create fdbentry 00:A0:23:12:34:56 vlan net34 dynamic qosprofile qp2 This entry has the following characteristics: • MAC address is 00:A0:23:12:34:56. • VLAN name is net34. • The entry will be learned dynamically. • QoS profile qp2 will be applied as an egress QoS profile when the entry is learned. Overriding 802.
Displaying FDB Entries • broadcast-mac—Specifies the broadcast MAC address. May be used as an alternate to the colon-separated byte form of the address ff:ff:ff:ff:ff:ff • permanent—Displays all permanent entries, including the ingress and egress QoS profiles. • ports —Displays the entries for a set of ports or slots and ports. • remap—Displays the remapped FDB entries. • vlan —Displays the entries for a VLAN. With no options, the command displays all FDB entries.
Forwarding Database (FDB) 80 ExtremeWare XOS 10.
7 Quality of Service (QoS) This chapter covers the following topics: • Overview of Policy-Based Quality of Service on page 82 • Applications and Types of QoS on page 82 • Configuring QoS on page 84 • QoS Profiles on page 84 • Traffic Groupings on page 85 — Explicit Class of Service (802.
Quality of Service (QoS) Overview of Policy-Based Quality of Service Policy-based QoS allows you to protect bandwidth for important categories of applications or specifically limit the bandwidth associated with less critical traffic. For example, if voice–over-IP traffic requires a reserved amount of bandwidth to function properly, using policy-based QoS, you can reserve sufficient bandwidth critical to this type of application.
Applications and Types of QoS Video Applications Video applications are similar in needs to voice applications, with the exception that bandwidth requirements are somewhat larger, depending on the encoding. It is important to understand the behavior of the video application being used.
Quality of Service (QoS) Table 11: Traffic Type and QoS Guidelines Traffic Type Key QoS Parameters Web browsing Minimum bandwidth for critical applications, maximum bandwidth for non-critical applications File server Minimum bandwidth Configuring QoS To configure QoS, you define how your switch responds to different categories of traffic by creating and configuring QoS profiles.
Traffic Groupings — When configured to do so, the priority of a QoS profile can determine the 802.1p bits used in the priority field of a transmitted packet (described later). — The priority of a QoS profile determines the DiffServ code point value used in an IP packet when the packet is transmitted (described later). A QoS profile does not alter the behavior of the switch until it is assigned to a traffic grouping. Recall that QoS profiles are linked to hardware queues.
Quality of Service (QoS) Table 13: Traffic Groupings by Precedence (continued) • DiffServ (IP TOS) • 802.1P Physical Groupings • Source port Explicit Class of Service (802.1p and DiffServ) Traffic Groupings This category of traffic groupings describes what is sometimes referred to as explicit packet marking, and refers to information contained within a packet intended to explicitly determine a class of service.
Traffic Groupings Observing 802.1p Information When ingress traffic that contains 802.1p prioritization information is detected by the switch, the traffic is mapped to various hardware queues on the egress port of the switch. Eight hardware queues are supported. The transmitting hardware queue determines the bandwidth management and priority characteristics used when transmitting packets. To control the mapping of 802.1p prioritization values to hardware queues, 802.
Quality of Service (QoS) Figure 9: IP packet header encapsulation 0 1 2 3 4 5 6 7 DiffServ code point 0 bits Version 31 IHL Type-of-service Identification Time-to-live Total length Flags Protocol Fragment offset Header checksum Source address Destination address Options (+ padding) Data (variable) EW_023 Observing DiffServ Information When a packet arrives at the switch on an ingress port, the switch examines the first six of eight TOS bits, called the code point.
Verifying Configuration and Performance You can change the QoS profile assignment for all 64 code points using the following command: configure diffserv examination code-point qosprofile Once assigned, the rest of the switches in the network prioritize the packet using the characteristics specified by the QoS profile.
Quality of Service (QoS) QoS Monitor The QoS monitor is a utility that monitors the hardware queues associated with any port(s). The QoS monitor keeps track of the number of frames that a specific queue is responsible for transmitting on a physical port. Real-Time Performance Monitoring QoS features real-time performance monitoring with a snapshot display of the monitored ports.
8 Status Monitoring and Statistics This chapter describes the following topics: • Status Monitoring on page 91 • Slot Diagnostics on page 91 • Port Statistics on page 93 • Port Errors on page 93 • Port Monitoring Display Keys on page 94 • System Temperature on page 95 • System Health Checking on page 96 • System Redundancy on page 96 • Event Management System/Logging on page 100 Viewing statistics on a regular basis allows you to see how well your network is performing.
Status Monitoring and Statistics If you run the diagnostic routine on an I/O module, that module is taken offline while the diagnostic test is performed. Traffic to and from the ports on the module are temporarily unavailable. Once the diagnostic test is completed, the I/O module is reset and becomes operational again. You must enter the Bootloader to run the diagnostic routine on the backup MSM. The module is taken offline while the diagnostics test is performed.
Port Statistics • 2—XOS secondary image • 3—Diagnostics for image 1 (initiates diagnostics for the primary image) • 4—Diagnostics for image 2 (initiates diagnostics for the secondary image) For example, to run diagnostics on the primary image, use the following command: boot 3 When the test is finished, the MSM reboots and runs the XOS software.
Status Monitoring and Statistics To view port transmit errors, use the following command: show ports {} txerrors The following port transmit error information is collected by the system: • Port Number • Link Status—The current status of the link. Options are: — Ready (the port is ready to accept a link). — Active (the link is present at this port).
System Temperature Table 16: Port monitoring display keys Key(s) Description U Displays the previous page of ports. D Displays the next page of ports. [Esc] or [Return] Exits from the screen. 0 Clears all counters. [Space] Cycles through the following screens: • Packets per second • Bytes per second • Percentage of bandwidth Available using the show port utilization command only.
Status Monitoring and Statistics To view the current temperature of the fan trays, use the following command: show fans {detail} The following sample output displays the temperature information: FanTray 1 information: ... Temperature: 25.1 deg C ... System Health Checking The system health checker tests the backplane, the CPU, and I/O modules by periodically forwarding packets and checking for the validity of the forwarded packets.
System Redundancy Table 17: System redundancy terms (continued) Term Description Device Manager The Device Manager is a process that runs on every node and is responsible for monitoring and controlling all of the devices in the system. The Device Manager consists of a process and a client library that is dynamically linked to every process that runs under XOS.
Status Monitoring and Statistics Configuring Node Parameters To configure the parameters of a node, use the following command: configure node slot priority Configuring the Node State You can bring a node offline to run diagnostics or perform software upgrades. If you specify the primary node to be offline, the system will failover to the backup node and the previous primary node will become the new backup node.
System Redundancy Relaying Configuration Information This is the first level of checkpointing that is required to facilitate a failover: the primary’s configuration information is transferred to the backup MSM, and the backup MSM ignores their own flash configuration file. When you initially boot the switch, the primary MSM configuration takes effect.
Status Monitoring and Statistics Viewing Node Statistics ExtremeWare XOS allows you to view node statistic information. Each node installed in your system is self-sufficient and runs the XOS management applications. By reviewing this output, you can see the general health of the system along with other node parameters. To view the node statistics information, use the following command: show node {detail} Table 18 lists the node statistic information collected by the switch.
Event Management System/Logging • display log messages in real-time, and filter the messages that are displayed, both on the console and from telnet sessions • display stored log messages from the memory buffer or NVRAM • upload event logs stored in memory buffer or NVRAM to a TFTP server • display counts of event occurrences, even those not included in filter • display debug information, using a consistent configuration method Sending Event Messages to Log Targets There are five types of targets that can
Status Monitoring and Statistics configured to get messages of severity info and greater, the NVRAM target gets messages of severity warning and greater, and the memory buffer target gets messages of severity debug-data and greater. All the targets are associated by default with a filter named DefaultFilter, that passes all events at or above the default severity threshold.
Event Management System/Logging configure log target [console | memory-buffer | nvram | session | syslog [ [local0 ... local7]]] {severity {only}} When you specify a severity level, messages of that severity and greater will be sent to the target. If you want only messages of the specified severity to be sent to the target, use the keyword only.
Status Monitoring and Statistics show log events [ | [all | ] {severity {only}}] {details} For example, to see the conditions associated with the STP.InBPDU subcomponent, use the following command: show log events stp.
Event Management System/Logging wanted to pass a small set of events, and block most. If you want to exclude a small set of events, there is a default filter that passes events at or above the default severity threshold (unless the filter has been modified), named DefaultFilter, that you can copy to use as a starting point for your filter. Once you have created your filter, you can then configure filter items that include or exclude events from the filter.
Status Monitoring and Statistics Strict Match VID - Virtual LAN ID (tag), VLAN - Virtual LAN name L4 - Layer-4 Port #, Num - Number, Str - String Nbr - Neighbor, Rtr - Routerid, EAPS - EAPS Domain Proc - Process Name : Y - every match parameter entered must be present in the event N - match parameters need not be present in the event The show log configuration filter command shows each filter item, in the order that it will be applied and whether it will be included or excluded.
Event Management System/Logging Table 20: Simple regular expressions (continued) Regular Expression Matches port.*vlan port 2:3 in vlan test add ports to vlan port/vlan myvlan$ delete myvlan error in myvlan Does Not Match myvlan port 2:3 ports 2:4,3:4 myvlan link down Matching Parameters Rather than using a text match, EMS allows you to filter more efficiently based on the message parameter values.
Status Monitoring and Statistics destination MAC address, since the event contains no destination MAC address. If you specify the strict-match keyword, then the filter will never match event XYZ.event5, since this event does not contain the destination MAC address.
Event Management System/Logging This setting may be saved to the FLASH configuration and will be restored on boot up (to the console-display session). To turn on log display for the current session: enable log target session This setting only affects the current session, and is lost when you log off the session. The messages that are displayed depend on the configuration and format of the target.
Status Monitoring and Statistics The uploaded messages can be formatted differently from the format configured for the targets, and you can choose to upload the messages in order of newest to oldest, or in chronological order (oldest to newest). Displaying Counts of Event Occurrences EMS adds the ability to count the number of occurrences of events. Even when an event is filtered from all log targets, the event is counted.
Event Management System/Logging Displaying Debug Information By default, a switch will not generate events of severity Debug-Summary, Debug-Verbose, and Debug-Data unless the switch is in debug mode. Debug mode causes a performance penalty, so it should only be enabled for specific cases where it is needed.
Status Monitoring and Statistics 112 ExtremeWare XOS 10.
9 Security This chapter describes the following topics: • Security Overview on page 113 • Network Access Security on page 113 — IP Access Lists (ACLs) on page 113 • Switch Protection on page 119 — Policies on page 120 • Management Access Security on page 128 — Authenticating Users Using RADIUS or TACACS+ on page 129 Security Overview Extreme Networks products incorporate a number of features designed to enhance the security of your network.
Security Access lists are typically applied to traffic that crosses layer 3 router boundaries, but it is possible to use access lists within a layer 2 VLAN. Access lists in ExtremeWare XOS apply to all traffic. This is somewhat different from the behavior in ExtremeWare. For example, if you deny all the traffic to a port, no traffic, including control packets, such as OSPF or RIP, will reach the switch and the adjacency will be dropped. You must explicitly allow those type of packets (if desired).
IP Access Lists (ACLs) protocol udp; source-port 190; destination-port } then { permit; } 1200-1400; } ACL rule entries are evaluated in order, from the beginning of the file to the end, as follows: • If the packet matches all the match conditions, the action in the then statement is taken and evaluation process terminates.
Security Table 21: ACL Match Conditions Match Conditions Description Applicable IP Protocols source-address IP source address and mask All IP destination-address IP destination address and mask All IP protocol IP protocol field.
IP Access Lists (ACLs) Table 21: ACL Match Conditions (continued) Applicable IP Protocols Match Conditions Description ICMP-code ICMP code field. This value or keyword provides more specific ICMP information than the icmp-type. Since the value’s meaning depends upon the associated icmp-type, you must specify the icmp-type along with the icmp-code.In place of the numeric value, you can specify one of the following text synonyms (the field values also listed).
Security source-address 10.203.134.0/24; destination-address 140.158.18.16/32; protocol udp; source-port 190; destination-port 1200-1400; } then { accept; } } The following rule entry accepts TCP packets from the 10.203.134.0/24 subnet with a source port larger than 190 and ACK & SYN bits set, and also increments the counter tcpcnt: entry if tcpacl { { source-address 10.203.134.
Switch Protection Once the ACL is checked, it can be applied to an interface. To apply an ACL, use the following command: configure access-list [any | ports ] {ingress} If you use the any keyword, the ACL is applied to all the interfaces, and is referred to as the wildcard ACL. This ACL is evaluated for ports without a specific ACL applied to it, and is also applied to packets that do not match the ACL applied to the interface.
Security Policies Policies are a more general concept than routing access profiles and route maps. ExtremeWare XOS uses policies to implement routing access profiles and route maps. A central manager processes policies, and various policy clients, such as BGP or OSPF, get the policies from the central manager.
Switch Protection origin egp; } } Policy entries are evaluated in order, from the beginning of the file to the end, as follows: • If a match occurs, the action in the then statement is taken — if the action contains an explicit permit or deny, the evaluation process terminates. — if the action does not contain an explicit permit or deny, then the action is an implicit permit, and the evaluation process terminates. • If a match does not occur, then the next policy entry is evaluated.
Security Table 23: Policy Match Conditions (continued) Match Condition Description route-origin [direct | static | icmp | egp | ggp | hello | Matches the origin (different from BGP route origin) of a rip | isis | esis | cisco-igrp | ospf | bgp | idrp | dvmrp | route. mospf | pim-dm | pim-sm | ospf-intra | ospf-inter | A match statement "route-origin bgp" will match routes ospf-as-external | ospf-extern-1 | ospf-extern-2 | whose origin are "I-bgp" or "e-bgp" or "I-mbgp" or "e-mbgp".
Switch Protection Table 25: Policy Regular Expression Examples Attribute Regular Expression Example Matches Path that starts with 99 followed by 34 “^99 34 “ 99 34 45 Path that ends with 99 “ 99 $” 45 66 99 Path of any length that “4 5 6 .*” begins with AS numbers 4, 5, 6 456456789 Path of any length that ends with AS numbers 4, 5, 6 456 123456 “.* 4 5 6” Here are some additional examples of using regular expressions in the AS-Path statement.
Security Table 26: Policy Actions (continued) Action Description community [add | delete] [no-advertise | no-export | no-export-subconfed | { …. } | : { ….}]; Adds/deletes communities to/from a route's community attribute. Communities must be enclosed in double quotes (""). community remove; Strips off the entire community attribute from a route.
Switch Protection 25 deny 22.44.66.0 255.255.254.0 Yes Equivalent ExtremeWare XOS Policy-Map definition: entry If entry-5 { { nlri 22.16.0.0/14; } then { permit; } } entry if entry-10 { { nlri 192.168.0.0/18 exact; } then { permit; } } entry if entry-15 { { nlri any/8; } then { deny; } } entry if entry-20 { { nlri 10.10.0.0/18; } then { permit; } } entry if entry-25 { { nlri 22.44.66.
Security nlri nlri nlri 22.16.0.0/14; 192.168.0.0/18 exact ; 10.10.0.0/18; } then { permit; } } entry deny_entry { if match any { nlri any/8; nlri 22.44.66.0/23 } then { deny; } } exact; Translating a Route Map to a Policy You may be more familiar with using route maps on other Extreme Networks’ switches. This example shows the policy equivalent to a route map.
Switch Protection then { permit; } } entry if entry-20 { community { 6553800; } then { deny; } } entry if entry-30 { med 30; { } then { next-hop 10.201.23.10; as-path 20; as-path 30; as-path 40; as-path 40; permit; } } entry if entry-40 { { } then { local-preference 120; weight 2; permit; } } entry if entry-50 match any { { origin incomplete; community 19661200; } then { dampening half-life 20 reuse-limit 1000 suppress-limit 3000 max-suppress 40 permit; } } entry if entry-60 { { next-hop 192.
Security permit; } } entry if deny_rest { { } then { deny; } } Using Policies Once the policy file is on the switch, it can be checked to see if it is syntactically correct. Use the following command to check the policy syntax: check policy To apply a policy, use the command appropriate to the client.
Authenticating Users Using RADIUS or TACACS+ Authenticating Users Using RADIUS or TACACS+ ExtremeWare XOS provides two methods to authenticate users who login to the switch: • RADIUS • TACACS+ RADIUS Remote Authentication Dial In User Service (RADIUS, RFC 2138) is a mechanism for authenticating and centrally administrating access to network nodes. The ExtremeWare XOS RADIUS implementation allows authentication for Telnet or console access to the switch.
Security To disable RADIUS authentication, use the following command: disable radius Configuring RADIUS Accounting Extreme switches are capable of sending RADIUS accounting information. As with RADIUS authentication, you can specify two servers for receipt of accounting information.
Authenticating Users Using RADIUS or TACACS+ Using RADIUS Servers with Extreme Switches Extreme Networks switches have two levels of user privilege: • Read-only • Read-write Because there are no CLI commands available to modify the privilege level, access rights are determined when you log in.
Security 132 ExtremeWare XOS 10.
Part 2 Using Switching and Routing Protocols
10 Spanning Tree Protocol (STP) This chapter covers the following topics: • Overview of the Spanning Tree Protocol on page 135 • Spanning Tree Domains on page 137 • STP Configurations on page 142 • Per-VLAN Spanning Tree on page 148 • Rapid Spanning Tree Protocol on page 148 • STP Rules and Restrictions on page 159 • Configuring STP on the Switch on page 159 • Displaying STP Settings on page 163 Using the Spanning Tree Protocol (STP) functionality of the switch makes your network more fault tolerant.
Spanning Tree Protocol (STP) STP Terms Table 27 describes the terms associated with STP. Table 27: STP terms Term Description autobind If enabled, autobind automatically adds or removes ports from the STPD. If ports are added to the carrier VLAN, the member ports of the VLAN are automatically added to the STPD. If ports are removed from the carrier VLAN, those ports are also removed from the STPD.
Spanning Tree Domains Spanning Tree Domains The switch can be partitioned into multiple virtual bridges. Each virtual bridge can run an independent Spanning Tree instance. Each Spanning Tree instance is called a Spanning Tree Domain (STPD). Each STPD has its own root bridge and active path. After an STPD is created, one or more VLANs can be assigned to it. A physical port can belong to multiple STPDs. In addition, a VLAN can span multiple STPDs.
Spanning Tree Protocol (STP) Specifying the Carrier VLAN The following example: • Creates and enables an STPD named s8 • Creates a VLAN named v5 • Assigns VLAN v5 to STPD s8 • Creates the same tag ID for the VLAN and the STPD (the carrier VLAN’s StpdID must be identical to the VLANid of one of the member VLANs) create vlan v5 configure vlan configure vlan create stpd s8 configure stpd configure stpd enable stpd s8 v5 tag 100 v5 add ports 1:1-1:20 tagged s8 add vlan v5 ports all emistp s8 tag 100 Notice h
Spanning Tree Domains Encapsulation Modes You can configure ports within an STPD to accept specific BPDU encapsulations. This STP port encapsulation is separate from the STP mode of operation. For example, you can configure a port to accept the PVST+ BPDU encapsulation while running in 802.1D mode. An STP port has three encapsulation modes: • 802.1d mode This mode is used for backward compatibility with previous STP versions and for compatibility with third-party switches using IEEE standard 802.1d.
Spanning Tree Protocol (STP) STP States Each port that belongs to a member VLAN participating in STP exists in one of the following states: • Blocking A port in the blocking state does not accept ingress traffic, perform traffic forwarding, or learn MAC source addresses. The port does receive STP BPDUs. During initialization, the switch always enters the blocking state. • Listening A port in the listening state does not accept ingress traffic, perform traffic forwarding, or learn MAC source addresses.
Spanning Tree Domains STP ports mode is changed to match, otherwise the STP ports inherit either the carrier VLANs encapsulation mode on that port or the STPD default encapsulation mode. To remove ports, use the following command: configure stpd delete vlan ports [all | } If you manually delete a protected VLAN or port, only that VLAN or port is removed.
Spanning Tree Protocol (STP) Rapid Root Failover ExtremeWare XOS supports rapid root failover for faster STP failover recovery times in STP 802.1d mode. If the active root port link goes down ExtremeWare XOS recalculates STP and elects a new root port. Rapid root failover allows the new root port to immediately begin forwarding, skipping the standard listening and learning phases.
STP Configurations • Engineering is the carrier VLAN on STPD2. • Marketing is a member of both STPD1 and STPD2 and is a protected VLAN. Figure 10: Multiple Spanning Tree Domains Sales, Personnel, Marketing Manufacturing, Engineering, Marketing Switch A Switch Y Switch B STPD 1 Switch Z Switch M STPD 2 Sales, Personnel, Manufacturing, Engineering, Marketing EX_048 When the switches in this configuration start up, STP configures each STPD such that there are no active loops in the topology.
Spanning Tree Protocol (STP) Figure 11: Tag-based STP configuration Marketing & Sales Marketing, Sales & Engineering Switch 1 Switch 3 Switch 2 Sales & Engineering EX_049 The tag-based network in Figure 11 has the following configuration: • Switch 1 contains VLAN Marketing and VLAN Sales. • Switch 2 contains VLAN Engineering and VLAN Sales. • Switch 3 contains VLAN Marketing, VLAN Engineering, and VLAN Sales.
STP Configurations Multiple STPDs on a Port Traditional 802.1d STP has some inherent limitations when addressing networks that have multiple VLANs and multiple STPDs. For example, consider the sample depicted in Figure 12. Figure 12: Limitations of traditional STPD A A B S1 S2 A B S1 B S2 A B EX_050 The two switches are connected by a pair of parallel links. Both switches run two VLANs, A and B.
Spanning Tree Protocol (STP) Alternatively, the same VLAN may span multiple large geographical areas (because they belong to the same enterprise) and may traverse a great many nodes. In this case, it is desirable to have multiple STP domains operating in a single VLAN, one for each looped area. The justifications include the following: • The complexity of the STP algorithm increases, and performance drops, with the size and complexity of the network. The 802.
STP Configurations Figure 14: VLANs traverse domains inside switches S1 S1 S2 S2 Correct Wrong EX_052 • The VLAN partition feature is deployed under the premise that the overall inter-domain topology for that VLAN is loop-free. Consider the case in Figure 15, VLAN red (the only VLAN in the figure) spans domains 1, 2, and 3. Inside each domain, STP produces a loop-free topology. However, VLAN red is still looped, because the three domains form a ring among themselves.
Spanning Tree Protocol (STP) Per-VLAN Spanning Tree Switching products that implement Per-VLAN Spanning Tree (PVST) have been in existence for many years and are widely deployed. To support STP configurations that use PVST, ExtremeWare XOS has an operational mode called PVST+. NOTE In this document, PVST and PVST+ are used interchangeably. PVST+ is an enhanced version of PVST that is interoperable with 802.1Q STP. The following discussions are in regard to PVST+, if not specifically mentioned.
Rapid Spanning Tree Protocol RSTP Terms Table 28 describes the terms associated with RSTP. Table 28: RSTP terms Term Description root port Provides the shortest path to the root bridge. All bridges except the root bridge, contain one root port. For more information about the root port, see “Port Roles” on page 149. designated port Provides the shortest path connection to the root bridge for the attached LAN segment. There is only one designated port on each LAN segment.
Spanning Tree Protocol (STP) Table 29: RSTP port roles (continued) Port Role Description Backup Supports the designated port on the same attached LAN segment. Backup ports only exist when the bridge is connected as a self-loop or to a shared-media segment.
Rapid Spanning Tree Protocol To change the existing configuration of a port in an STPD, and return the port to factory defaults, use the following command: unconfigure stpd ports link-type To display detailed information about the ports in an STPD, use the following command: show stpd ports { {detail}} RSTP Timers For RSTP to rapidly recover network connectivity, RSTP requires timer expiration.
Spanning Tree Protocol (STP) Table 32: Derived timers (continued) Timer Description Recent root The timer starts when a port leaves the root port role. When this timer is running, another port cannot become a root port unless the associated port is put into the blocking state. The default value is the same as the forward delay time. The Protocol migration timer is neither user-configurable nor derived; it has a set value of 3 seconds. The timer starts when a port transitions from STP (802.
Rapid Spanning Tree Protocol The following sections provide more information about RSTP behavior.
Spanning Tree Protocol (STP) Designated Port Rapid Behavior When a port becomes a new designated port, or the STP priority changes on an existing designated port, the port becomes an unsynced designated port. In order for an unsynced designated port to rapidly move into the forwarding state, the port must propose a confirmation of its role on the attached LAN segment, unless the port is an edge port. Upon receiving an “agree” message, the port immediately enters the forwarding state.
Rapid Spanning Tree Protocol • All other ports in the network are in the forwarding state Figure 17: Initial network configuration A B C A,0 A,1 A,2 F E D A,1 A,2 A,3 Designated port Root port Blocked port EX_055a The preceding steps describe how the network reconverges. 1 If the link between bridge A and bridge F goes down, bridge F detects the root port is down.
Spanning Tree Protocol (STP) 2 Bridge E believes that bridge A is the root bridge. When bridge E receives the BPDU on its root port from bridge F, bridge E: • Determines that it received an inferior BPDU.
Rapid Spanning Tree Protocol 4 Bridge D believes that bridge A is the root bridge.
Spanning Tree Protocol (STP) 6 To complete the topology change, the following occurs: • Bridge D moves the port that received the agree message into the forwarding state • Bridge F confirms that its receiving port (the port that received the “propose” message) is the root port, and immediately replies with an “agree” message to bridge E to unblock the proposing port Figure 23: Completing the topology change A B C A,0 A,1 A,2 Root port Designated port F E D A,5 A,4 A,3 EX_055g Figure 24 displ
STP Rules and Restrictions STP Rules and Restrictions This section summarizes the rules and restrictions for configuring STP. • The carrier VLAN must span all of the ports of the STPD. • The StpdID must be the VLANid of one of its member VLANs, and that VLAN can not be partitioned. • A default VLAN can not be partitioned. If a VLAN traverses multiple STP domains, the VLAN must be tagged. • An STPD can carry, at most, one VLAN running in PVST+ mode, and its StpdID must be identical with that VLANid.
Spanning Tree Protocol (STP) After you have created the STPD, you can optionally configure STP parameters for the STPD. NOTE You should not configure any STP parameters unless you have considerable knowledge and experience with STP. The default STP parameters are adequate for most networks.
Configuring STP on the Switch • Assigns the Engineering VLAN to the STPD • Assigns the carrier VLAN • Enables STP create vlan engineering configure vlan engineering tag 150 configure vlan engineering add ports 2:5-2:10 tagged create stpd backbone_st enable stpd backbone_st auto-bind vlan engineering configure stpd backbone_st tag 150 enable stpd backbone_st By default, the port encapsulation mode for user-defined STPDs is emistp. EMISTP Configuration Example Figure 25 is an example of EMISTP.
Spanning Tree Protocol (STP) create stpd s1 configure stpd s1 add green ports all configure stpd s1 tag 200 configure stpd s1 add red ports 1:1-1:2 emistp enable stpd s1 create stpd s2 configure stpd s2 add yellow ports all configure stpd s2 tag 300 configure stpd s2 add red ports 1:3-1:4 emistp enable stpd s2 RSTP 802.1w Configuration Example Figure 26 is an example of a network with multiple STPDs that can benefit from RSTP.
Displaying STP Settings In this example, the commands configure switch A in STPD1 for rapid reconvergence. Use the same commands to configure each switch and STPD in the network.
Spanning Tree Protocol (STP) To display the STP state of a port, use the following command: show stpd ports { {detail}} This command displays the following information: • STPD port configuration • STPD port mode of operation • STPD path cost • STPD priority • STPD state (root bridge, and so on) • Port role (root bridge, edge port, etc.
11 Virtual Router Redundancy Protocol This chapter covers the following topics: • Overview on page 165 • Determining the VRRP Master on page 166 • Additional VRRP Highlights on page 168 • VRRP Operation on page 169 • VRRP Configuration Parameters on page 171 • VRRP Examples on page 172 This chapter assumes that you are already familiar with the Virtual Router Redundancy Protocol (VRRP).
Virtual Router Redundancy Protocol VRRP Terms Table 33 describes terms associated with VRRP. Table 33: VRRP Terms Term Description virtual router A VRRP router is a group of one or more physical devices that acts as the default gateway for hosts on the network. The virtual router is identified by a virtual router identifier (VRID) and an IP address. VRRP router Any router that is running VRRP. A VRRP router can participate in one or more virtual routers.
Determining the VRRP Master VRRP Tracking Example Figure 27 is an example of VRRP tracking. Figure 27: VRRP tracking VRRP master 200.1.1.1/24 (track-vlan) vlan vlan1 Host 2: 200.1.1.14/24 Gateway: 200.1.1.1 Router L2 switch or hub 10.10.10.121 Host 1: 200.1.1.13/24 Gateway: 200.1.1.1 VRRP backup 200.1.1.
Virtual Router Redundancy Protocol Electing the Master Router VRRP uses an election algorithm to dynamically assign responsibility for the master router to one of the VRRP routers on the network. A VRRP router is elected master if the router has the highest priority (the range is 1 - 255). If the master router becomes unavailable, the election process provides dynamic failover and the backup router that has the highest priority assumes the role of master.
VRRP Operation • VRRP and Spanning Tree can be simultaneously enabled on the same switch. • VRRP and ESRP cannot be simultaneously enabled on the same switch. VRRP Operation This section describes two VRRP network configuration: • A simple VRRP network • A fully-redundant VRRP network Simple VRRP Network Configuration Figure 28 shows a simple VRRP network. Figure 28: Simple VRRP network Switch A Switch B Switch A = Master VRID = 1 Virtual router IP address = 192.168.1.
Virtual Router Redundancy Protocol physical interface. Each physical interface on each backup router must have a unique IP address. The virtual router IP address is also used as the default gateway address for each host on the network. If the master router fails, the backup router assumes forwarding responsibility for traffic addressed to the virtual router MAC address.
VRRP Configuration Parameters VRRP Configuration Parameters Table 34 lists the parameters that are configured on a VRRP router. Table 34: VRRP Configuration Parameters Parameter Description vrid Virtual router identifier. Configured item in the range of 1- 255. This parameter has no default value. priority Priority value to be used by this VRRP router in the master election process. A value of 255 is reserved for a router that is configured with the virtual router IP address.
Virtual Router Redundancy Protocol VRRP Examples This section provides the configuration syntax for the two VRRP networks discussed in this chapter. Configuring the Simple VRRP Network The following illustration shows the simple VRRP network described in Figure 28. Switch A Switch B Switch A = Master VRID = 1 Virtual router IP address = 192.168.1.3 MAC address = 00-00-5E-00-01-01 Priority = 255 Switch B = Backup VRID = 1 Virtual router IP address = 192.168.1.
VRRP Examples Configuring the Fully-Redundant VRRP Network The following illustration shows the fully-redundant VRRP network configuration described in Figure 29. Switch A Switch B Master for virtual IP 192.168.1.3 Master VRID = 1 Backup for virtual IP 192.168.1.5 Backup VRID = 2 MAC address = 00-00-5E-00-01-01 Master for virtual IP 192.168.1.5 Master VRID = 2 Backup for virtual IP 192.168.1.
Virtual Router Redundancy Protocol 174 ExtremeWare XOS 10.
12 IP Unicast Routing This chapter describes the following topics: • Overview of IP Unicast Routing on page 175 • Proxy ARP on page 178 • Relative Route Priorities on page 179 • Configuring IP Unicast Routing on page 179 • Routing Configuration Example on page 180 • Configuring DHCP/BOOTP Relay on page 182 This chapter assumes that you are already familiar with IP unicast routing.
IP Unicast Routing Router Interfaces The routing software and hardware routes IP traffic between router interfaces. A router interface is simply a VLAN that has an IP address assigned to it. As you create VLANs with IP addresses belonging to different IP subnets, you can also choose to route between the VLANs. Both the VLAN switching and IP routing function occur within the switch. NOTE Each IP address and mask assigned to a VLAN must represent a unique IP subnet.
Overview of IP Unicast Routing Populating the Routing Table The switch maintains an IP routing table for both network routes and host routes.
IP Unicast Routing Multiple Routes When there are multiple, conflicting choices of a route to a particular destination, the router picks the route with the longest matching network mask. If these are still equal, the router picks the route using the following criteria (in the order specified): • Directly attached network interfaces • ICMP redirects • Static routes • Directly attached network interfaces that are not active.
Relative Route Priorities For example, an IP host is configured with a class B address of 100.101.102.103 and a mask of 255.255.0.0. The switch is configured with the IP address 100.101.102.1 and a mask of 255.255.255.0. The switch is also configured with a proxy ARP entry of IP address 100.101.0.0 and mask 255.255.0.0, without the always parameter. When the IP host tries to communicate with the host at address 100.101.45.
IP Unicast Routing configure vlan ipaddress {} Ensure that each VLAN has a unique IP address. 3 Configure a default route using the following command: configure iproute add default {vr } {} {multicast-only | unicast-only} Default routes are used when the router has no other dynamic or static route to the requested destination.
Routing Configuration Example Figure 31: Unicast routing configuration example 1 2 3 4 A 192.207.35.1 B 5 6 7 8 192.207.36.1 MyCompany 192.207.35.0 Finance 1 2 192.207.36.0 Personnel 3 4 IP NetBIOS IP NetBIOS IP NetBIOS IP NetBIOS = IP traffic = NetBIOS traffic EX_047 The stations connected to the system generate a combination of IP traffic and NetBIOS traffic. The IP traffic is filtered by the protocol-sensitive VLANs. All other traffic is directed to the VLAN MyCompany.
IP Unicast Routing The example in Figure 31 is configured as follows: create vlan Finance create vlan Personnel create vlan MyCompany configure Finance protocol ip configure Personnel protocol ip configure Finance add port 1:*,3:* configure Personnel add port 2:*,4:* configure MyCompany add port all configure Finance ipaddress 192.207.35.1 configure Personnel ipaddress 192.207.36.
Configuring DHCP/BOOTP Relay UDP Echo Server You can use UDP Echo packets to measure the transit time for data between the transmitting and receiving end. To enable UDP echo server support, use the following command: rtlookup To disable UDP echo server support, use the following command: enable bootp vlan ExtremeWare XOS 10.
IP Unicast Routing 184 ExtremeWare XOS 10.
13 Interior Gateway Protocols This chapter describes the following topics: • Overview on page 186 • Overview of RIP on page 187 • Overview of OSPF on page 188 • Route Re-Distribution on page 193 • RIP Configuration Example on page 196 • Configuring OSPF on page 197 • OSPF Configuration Example on page 199 • Displaying OSPF Settings on page 200 This chapter assumes that you are already familiar with IP unicast routing.
Interior Gateway Protocols Overview The switch supports the use of two interior gateway protocols (IGPs); the Routing Information Protocol (RIP), and the Open Shortest Path First (OSPF) protocol. RIP is a distance-vector protocol, based on the Bellman-Ford (or distance-vector) algorithm. The distance-vector algorithm has been in use for many years, and is widely deployed and understood. OSPF is a link-state protocol, based on the Dijkstra link-state algorithm.
Overview of RIP Overview of RIP RIP is an Interior Gateway Protocol (IGP) first used in computer routing in the Advanced Research Projects Agency Network (ARPAnet) as early as 1969. It is primarily intended for use in homogeneous networks of moderate size. To determine the best path to a distant network, a router using RIP always selects the path that has the least number of hops. Each router that data must traverse is considered to be one hop.
Interior Gateway Protocols RIP Version 1 Versus RIP Version 2 A new version of RIP, called RIP version 2, expands the functionality of RIP version 1 to include: • Variable-Length Subnet Masks (VLSMs). • Support for next-hop addresses, which allows for optimization of routes in certain environments. • Multicasting. RIP version 2 packets can be multicast instead of being broadcast, reducing the load on hosts that do not support routing protocols.
Overview of OSPF Database Overflow The OSPF database overflow feature allows you to limit the size of the LSDB and to maintain a consistent LSDB across all the routers in the domain, which ensures that all routers have a consistent view of the network. Consistency is achieved by: • Limiting the number of external LSAs in the database of each router. • Ensuring that all routers have identical LSAs.
Interior Gateway Protocols in LSA traffic, and reduces the computations needed to maintain the LSDB. Routing within the area is determined only by the topology of the area. The three types of routers defined by OSPF are as follows: • Internal Router (IR)—An internal router has all of its interfaces within the same area. • Area Border Router (ABR)—An ABR has interfaces in multiple areas. It is responsible for exchanging summary advertisements with other ABRs.
Overview of OSPF • External routes originating from the NSSA can be propagated to other areas, including the backbone area. The CLI command to control the NSSA function is similar to the command used for configuring a stub area, as follows: configure ospf area nssa stub-default-cost The translate option determines whether type 7 LSAs are translated into type 5 LSAs. When configuring an OSPF area as an NSSA, the translate should only be used on NSSA border routers, where translation is to be enforced.
Interior Gateway Protocols Figure 32: Virtual link using Area 1 as a transit area Virtual link ABR Area 2 ABR Area 1 Area 0 EX_044 Virtual links are also used to repair a discontiguous backbone area. For example, in Figure 33, if the connection between ABR1 and the backbone fails, the connection using ABR2 provides redundancy so that the discontiguous area can continue to communicate with the backbone using the virtual link.
Route Re-Distribution Point-to-Point Support You can manually configure the OSPF link type for a VLAN. Table 37 describes the link types. Table 37: OSPF Link Types Link Type Number of Routers Description Auto Varies ExtremeWare XOS automatically determines the OSPF link type based on the interface type. This is the default setting. Broadcast Any Routers must elect a designated router (DR) and a backup designated router (BDR) during synchronization. Ethernet is an example of a broadcast link.
Interior Gateway Protocols Figure 34: Route re-distribution OSPF AS Backbone Area 0.0.0.0 ABR Area 121.2.3.4 ASBR ASBR RIP AS EX_046 Configuring Route Re-Distribution Exporting routes from one protocol to another, and from that protocol to the first one, are discreet configuration functions. For example, to run OSPF and RIP simultaneously, you must first configure both protocols and then verify the independent operation of each.
Route Re-Distribution Re-Distributing Routes into OSPF Enable or disable the exporting of BGP, RIP, static, and direct (interface) routes to OSPF using the following commands: enable ospf export [bgp | direct | e-bgp | i-bgp | rip | static] [cost type [ase-type-1 | ase-type-2] {tag } | ] disable ospf export [bgp | direct | e-bgp | i-bgp | rip | static] These commands enable or disable the exporting of RIP, static, and direct routes by way of LSA to other OSPF routers as AS-exter
Interior Gateway Protocols RIP Configuration Example Figure 35 illustrates a BlackDiamond switch that has three VLANs defined as follows: • Finance — Protocol-sensitive VLAN using the IP protocol. — All ports on slots 1 and 3 have been assigned. — IP address 192.207.35.1. • Personnel — Protocol-sensitive VLAN using the IP protocol. — All ports on slots 2 and 4 have been assigned. — IP address 192.207.36.1. • MyCompany — Port-based VLAN. — All ports on slots 1 through 4 have been assigned.
Configuring OSPF In this configuration, all IP traffic from stations connected to slots 1 and 3 have access to the router by way of the VLAN Finance. Ports on slots 2 and 4 reach the router by way of the VLAN Personnel. All other traffic (NetBIOS) is part of the VLAN MyCompany.
Interior Gateway Protocols configure ospf vlan [ | all] timer {} You can configure the following parameters: • Retransmit interval—The length of time that the router waits before retransmitting an LSA that is not acknowledged. If you set an interval that is too short, unnecessary retransmissions will result. The default value is 5 seconds.
OSPF Configuration Example OSPF Configuration Example Figure 36 is an example of an autonomous system using OSPF routers. The details of this network follow. Figure 36: OSPF configuration example Area 0 IR 2 10.0.1.1 IR 1 10.0.1.2 10.0.3.2 Headquarters ABR 2 10.0.3.1 HQ 3 0_ 0_ _1 HQ _1 0_ 0_ 2 10.0.2.2 ABR 1 10.0.2.1 161.48.2.2 Los Angeles LA 26 6_ _2 60 Ch i_1 2 8_ _4 Virtual link 161.48.2.1 61 160.26.26.1 _1 160.26.25.1 160.26.26.2 160.26.25.
Interior Gateway Protocols • Two internal routers Area 6 is a stub area connected to the backbone by way of ABR1. It is located in Los Angeles and has the following characteristics: • Network number 161.48.x.x • One identified VLAN (LA_161_48_2) • Three internal routers • Uses default routes for inter-area routing Two router configurations for the example in Figure 36 are provided in the following section.
Displaying OSPF Settings To display information about one or all OSPF areas, use the following command: show ospf area The detail option displays information about all OSPF areas in a detail format. To display information about OSPF interfaces for an area, a VLAN, or for all interfaces, use the following command: show ospf interfaces {vlan | area } The detail option displays information about all OSPF interfaces in a detail format.
Interior Gateway Protocols 202 ExtremeWare XOS 10.
14 Exterior Gateway Routing Protocols This chapter covers the following topics: • Overview on page 204 • BGP Attributes on page 204 • BGP Communities on page 205 • BGP Features on page 205 This chapter describes how to configure the Border Gateway Protocol (BGP), an exterior routing protocol available on the switch.
Exterior Gateway Routing Protocols Overview BGP is an exterior routing protocol that was developed for use in TCP/IP networks. The primary function of BGP is to allow different autonomous systems (ASs) to exchange network reachability information. An autonomous system is a set of routers that are under a single technical administration. This set of routers uses a different routing protocol (such as OSPF) for intra-AS routing.
BGP Communities BGP Communities A BGP community is a group of BGP destinations that require common handling.
Exterior Gateway Routing Protocols Figure 37: Route reflectors Non-client Client Route Reflector Client Cluster EX_042 Route Confederations BGP requires networks to use a fully-meshed router configuration. This requirement does not scale well, especially when BGP is used as an interior gateway protocol. One way to reduce the size of a fully-meshed AS is to divide the AS into multiple sub-autonomous systems and group them into a routing confederation.
BGP Features Route Confederation Example Figure 38 shows an example of a confederation. Figure 38: Routing confederation AS 200 SubAS 65001 A EBGP 192.1.1.6/30 B 192.1.1.5/30 192.1.1.17/30 192.1.1.9/30 192.1.1.22/30 IBGP 192.1.1.21/30 192.1.1.18/30 C EBGP EBGP 192.1.1.13/30 192.1.1.14/30 IBGP E D 192.1.1.10/30 SubAS 65002 EX_043 In this example, AS 200 has five BGP speakers. Without a confederation, BGP would require that the routes in AS 200 be fully meshed.
Exterior Gateway Routing Protocols create bgp neighbor 192.1.1.18 remote-AS-number 65001 enable bgp neighbor all To configure router B, use the following commands: create vlan ba configure vlan ba add port 1 configure vlan ba ipaddress 192.1.1.5/30 enable ipforwarding vlan ba configure ospf add vlan ba area 0.0.0.0 create vlan bc configure vlan bc add port 2 configure vlan bc ipaddress 192.1.1.22/30 enable ipforwarding vlan bc configure ospf add vlan bc area 0.0.0.
BGP Features enable bgp neighbor all To configure router D, use the following commands: create vlan db configure vlan db add port 1 configure vlan db ipaddress 192.1.1.10/30 enable ipforwarding vlan db configure ospf add vlan db area 0.0.0.0 create vlan de configure vlan de add port 2 configure vlan de ipaddress 192.1.1.14/30 enable ipforwarding vlan de configure ospf add vlan de area 0.0.0.0 disable bgp configure bgp as-number 65002 configure bgp routerid 192.1.1.
Exterior Gateway Routing Protocols 1 Enable aggregation using the following command: enable bgp aggregation 2 Create an aggregate route using the following commands: configure bgp add aggregate-address {address-family [ipv4-unicast | ipv4-multicast]} {as-match | as-set} {summary-only} {advertise-policy } {attribute-policy } Using the Loopback Interface If you are using BGP as your interior gateway protocol, you may decide to advertise the interface as available, regardless of
BGP Features configure bgp neighbor [all | ] peer-group [ | none] {acquire-all} If you do not specify acquire-all, only the mandatory parameters are inherited from the peer group. If you specify acquire-all, all of the parameters of the peer group are inherited. This command disables the neighbor before adding it to the peer group. To remove a neighbor from a peer group, use the peer-group none option.
Exterior Gateway Routing Protocols Use the following command to enable route flap dampening for a BGP peer group: configure bgp peer-group {address-family [ipv4-unicast | ipv4-multicast]} dampening {{half-life {reuse-limit supress-limit max-suppress }} | policy-filter [ | none]} Disabling Route Flap Dampening Use the following command to disable route flap dampening for a BGP neighbor (dis
Route Re-Distribution Stripping Out Private AS Numbers from Route Updates Private AS numbers are AS numbers in the range 64512 through 65534. You can remove private AS numbers from the AS path attribute in updates that are sent to external BGP (EBGP) neighbors. Possible reasons for using private AS numbers include: • The remote AS does not have officially allocated AS numbers. • You want to conserve AS numbers if you are multi-homed to the local AS.
Exterior Gateway Routing Protocols an individual route from the routing table to BGP. If you use both commands to redistribute routes, the routes redistributed using the network command take precedence over routes redistributed using the export command. 214 ExtremeWare XOS 10.
15 IP Multicast Routing This chapter covers the following topics: • Overview on page 215 — PIM Overview on page 216 — PIM Overview on page 216 — IGMP Overview on page 217 — on page 218 • Configuring IP Multicasting Routing on page 218 • Configuration Examples on page 219 For more information on IP multicasting, refer to the following publications: • RFC 1112 – Host Extension for IP Multicasting • RFC 2236 – Internet Group Management Protocol, Version 2 • PIM-DM Version 2 – draft_ietf_pim_v2_dm_03 • PIM-SM
IP Multicast Routing • A method for the IP host to communicate its multicast group membership to a router (for example, Internet Group Management Protocol (IGMP)). NOTE You should configure IP unicast routing before you configure IP multicast routing. PIM Overview The switch supports both dense mode and sparse mode operation. You can configure dense mode or sparse mode on a per-interface basis. Once enabled, some interfaces can run dense mode, while others run sparse mode.
Overview The PMBR also forwards PIM-SM traffic to a PIM-DM network, based on the (*.*.RP) entry. The PMBR sends a join message to the RP and the PMBR forwards traffic from the RP into the PIM-DM network. No commands are required to enable PIM mode interoperation. PIM mode interoperation is automatically enabled when a dense mode interface and a sparse mode interface are enabled on the same switch.
IP Multicast Routing configure igmp snooping vlan ports add static router To remove these entries, use the corresponding command: configure igmp snooping vlan ports delete static group [ | all] configure igmp snooping vlan ports delete static router To display the IGMP snooping static groups, use the following command: show igmp snooping vlan static [group | router] IGMP Snooping Filters IGMP snooping filters allow you
Configuration Examples Configuration Examples Figure 39 andFigure 40 are used in Chapter 13 to describe the OSPF configuration on a switch. Refer to Chapter 13 for more information about configuring OSPF. In the first example, the system labeled IR1 is configured for IP multicast routing, using PIM-DM. In the second example, the system labeled ABR1 is configured for IP multicast routing using PIM-SM.
IP Multicast Routing Configuration for IR1 The router labeled IR1 has the following configuration: configure vlan HQ_10_0_1 ipaddress 10.0.1.2 255.255.255.0 configure vlan HQ_10_0_2 ipaddress 10.0.2.2 255.255.255.0 configure ospf add vlan all area 0.0.0.0 enable ipforwarding enable ospf enable ipmcforwarding configure pim add vlan all dense enable pim The following example configures PIM-SM. Figure 40: IP multicast routing using PIM-SM configuration example IR 2 10.0.1.1 IR 1 10.0.1.2 10.0.3.
Configuration Examples Configuration for ABR1 The router labeled ABR1 has the following configuration: configure vlan HQ_10_0_2 ipaddress 10.0.2.1 255.255.255.0 configure vlan HQ_10_0_3 ipaddress 10.0.3.1 255.255.255.0 configure vlan LA_161_48_2 ipaddress 161.48.2.2 255.255.255.0 configure vlan CHI_160_26_26 ipaddress 160.26.26.1 255.255.255.0 configure ospf add vlan all area 0.0.0.
IP Multicast Routing 222 ExtremeWare XOS 10.
Part 3 Appendixes
A Software Upgrade and Boot Options This appendix describes the following topics: • Downloading a New Image on page 225 • Saving Configuration Changes on page 227 • Using TFTP to Upload the Configuration on page 229 • Using TFTP to Download the Configuration on page 230 • Accessing the Bootloader on page 230 Downloading a New Image The image file contains the executable code that runs on the switch. It comes preinstalled from the factory.
Software Upgrade and Boot Options Before the download begins, you are asked if you want to install the image immediately after the download is finished. If you install the image immediately after download, you must reboot the switch. Enter y to install the image after download. Enter n to install the image at a later time. If you download and install the software image on the active partition, you need to reboot the switch.
Saving Configuration Changes Table 38 describes the image version fields. Table 38: Image version fields Field Description major Specifies the ExtremeWare XOS Major version number. minor Specifies the ExtremeWare XOS Minor version number. patch Identifies a specific patch release. build Specifies the ExtremeWare XOS build number. This value is reset to zero for each new Major and Minor release. Software Signatures Each ExtremeWare XOS image contains a unique signature.
Software Upgrade and Boot Options NOTE Configuration files are text files with a .cfg file extension. When you enter the name of the file in the CLI, the system automatically adds the .cfg file extension. If you have made a mistake, or you must revert to the configuration as it was before you started making changes, you can tell the switch to use the backup configuration on the next reboot.
Using TFTP to Upload the Configuration Using TFTP to Upload the Configuration You can upload the current configuration in an ASCII file to a TFTP server on your network. This allows you to send a copy of the configuration file to the Extreme Networks Technical Support department for problem-solving purposes. To upload the configuration, use the following command: tftp -p -l where the following is true: • ip_address—Is the IP address of the TFTP server.
Software Upgrade and Boot Options where file-name specifies the name of the configuration file to delete. After you delete a file from the system, it is no longer available Using TFTP to Download the Configuration You can download ASCII files that contain XOS configurations to the switch to modify the switch configuration. To download the configuration, use the following command: tftp -g -r where the following is true: • ip_address—Is the IP address of the TFTP server.
Accessing the Bootloader NOTE To access the Bootloader, you can depress any key until the applications load and run on the switch. As soon as you see the BOOTLOADER-> prompt, release the key. You can issue a series of commands to: — View the installed images — Select the image to boot from — Select the configuration to use To see a list of available commands or additional information about a specific command, press h or type help. The following describes some ways that you can use the bootloader.
Software Upgrade and Boot Options 232 ExtremeWare XOS 10.
B Troubleshooting If you encounter problems when using the switch, this appendix may be helpful. If you have a problem not listed here or in the release notes, contact your local technical support representative. LEDs Power LED does not light: Check that the power cable is firmly connected to the device and to the supply outlet. On powering-up, the MGMT LED lights yellow: The device has failed its Power On Self Test (POST) and you should contact your supplier for advice.
Troubleshooting Status LED on the I/O module turns amber: Check the syslog message for a related I/O module error. If the error is an inserted an I/O module that conflicts with the software configuration, use one of the following commands to reset the slot configuration: clear slot configure slot module Otherwise, contact Extreme Networks for further assistance. ENV LED on the MSM turns amber: Check each of the power supplies and all of the fans.
Using the Command-Line Interface The Telnet workstation cannot access the device: Check that the device IP address, subnet mask and default router are correctly configured, and that the device has been reset. Ensure that you enter the IP address of the switch correctly when invoking the Telnet facility. Check that Telnet access was not disabled for the switch. If you attempt to log in and the maximum number of Telnet sessions are being used, you should receive an error message indicating so.
Troubleshooting Port Configuration No link light on 10/100 Base port: If patching from a hub or switch to another hub or switch, ensure that you are using a CAT5 cross-over cable. This is a CAT5 cable that has pins 1&2 on one end connected to pins 3&6 on the other end. Excessive RX CRC errors: When a device that has auto-negotiation disabled is connected to an Extreme switch that has auto-negotiation enabled, the Extreme switch links at the correct speed, but in half duplex mode.
Using the Command-Line Interface you already have a VLAN using untagged traffic on a port. Only one VLAN using untagged traffic can be configured on a single physical port. VLAN configuration can be verified by using the following command: show vlan { | stpd} The solution for this error is to remove ports 1 and 2 from the VLAN currently using untagged traffic on those ports.
Troubleshooting The switch keeps aging out endstation entries in the switch Forwarding Database (FDB): Reduce the number of topology changes by disabling STP on those systems that do not use redundant paths. Specify that the endstation entries are static or permanent. Debug Mode The Event Management System (EMS) provides a standardized way to filter and store messages generated by the switch. With EMS, you must enable debug mode to display debug information.
Contacting Extreme Technical Support Chassis SLOT 1 SLOT 2 SLOT 3 SLOT 4 SLOT 5 SLOT 6 SLOT 7 SLOT 8 SLOT 9 SLOT 10 : : : : : : : : : : : 430200 431200 432200 433200 434200 435200 436200 437200 Nov-13-2003 Nov-13-2003 Nov-13-2003 Nov-13-2003 Nov-13-2003 Nov-13-2003 Nov-13-2003 Nov-13-2003 439200 0 Nov-13-2003 Nov-13-2003 Contacting Extreme Technical Support If you have a network issue that you are unable to resolve, contact Extreme Networks technical support.
Troubleshooting 240 ExtremeWare XOS 10.
C Supported Protocols, MIBs, and Standards The following is a list of software standards and protocols supported by ExtremeWare XOS. General Routing and Switching RFC 1812 Requirements for IP Version 4 Routers RFC 793 Transmission Control Protocol RFC 1519 An Architecture for IP Address Allocation with CIDR RFC 826 Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.
Supported Protocols, MIBs, and Standards RIP RFC 1058 Routing Information Protocol RFC 2453 RIP Version 2 OSPF RFC 2328 OSPF Version 2 RFC 1765 OSPF Database Overflow RFC 1587 The OSPF NSSA Option RFC 2370 The OSPF Opaque LSA Option BGP4 RFC 1771 A Border Gateway Protocol 4 (BGP-4) RFC 1745 BGP4/IDRP for IP---OSPF Interaction RFC 1965 Autonomous System Confederations for BGP RFC 2385 Protection of BGP Sessions via the TCP MD5 Signature Option RFC 2796 BGP Route Reflection - An Alternative to Full
Management - SNMP & MIBs RFC 1157 Simple Network Management Protocol (SNMP) RFC 3412 Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) RFC-1215 Convention for defining traps for use with the SNMP RFC 3413 Simple Network Management Protocol (SNMP) Applications RFC 1901 Introduction to Community-based SNMPv2 RFC 3414 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) RFC 1902 Structure of Management Information for Version
Supported Protocols, MIBs, and Standards DiffServ - Standards and MIBs RFC 2474 Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers RFC 2597 Assured Forwarding PHB Group RFC 2598 An Expedited Forwarding PHB RFC 2475 An Architecture for Differentiated Services 244 ExtremeWare XOS 10.
Index Numerics 1d mode, STP 139 A access control lists 114 access levels 27 access lists description 113 access profiles Telnet 39 accounts creating 29 deleting 29 viewing 29 ACL match conditions 116, 121, 123 ACLs 114 Address Resolution Protocol.
Index primary and secondary saving changes uploading to file console connection controlling Telnet access conventions notice icons, About This Guide text, About This Guide 228 227 229 34 39 14 14 D database applications, and QoS database overflow, OSPF default gateway passwords STP domain users default VLAN deleting a session DHCP relay, configuring DiffServ, configuring disabling a switch port disabling route advertising (RIP) disconnecting a Telnet session distance-vector protocol, description DNS desc
Index configuring in RSTP link-state database link-state protocol, description load sharing configuring description dynamic load-sharing group, description master port static verifying the configuration logging in 150 188 186 display filtering link type link-state database normal area NSSA opaque LSAs point-to-point links redistributing routes redistributing to BGP router types settings, displaying stub area virtual link wait interval, configuring 58 58 58 58 58 58 59 28 M MAC-based security 78 managem
Index MAC address in response responding to requests subnets proxy ARP, description public community, SNMP PVST+ description native VLAN VLAN mapping PVST+ mode 178 178 178 178 40 148 148 148 139 Q QoS 802.
Index example Greenwich Mean Time offset Greenwich Mean Time Offsets (table) NTP servers Spanning Tree Protocol.
Index IP fragmentation mgmt mixing port-based and tagged names port-based protocol filters protocol-based renaming routing tagged trunks tunneling types vMAN tunneling configuring description example voice applications, QoS VRRP advertisement interval and ESRP and Spanning Tree backup router configuration parameters (table) default gateway description electing the master examples interfaces IP address IP address owner MAC address master determining master down interval master router multicast address opera
Index of Commands C clear counters 110 clear log counters 110 clear session 25, 38 clear slot 54, 234 configure account 25 configure banner 26 configure bgp add aggregate-address 210 configure bgp add network 213 configure bgp neighbor dampening 211 configure bgp neighbor peer-group 211 configure bgp peer-group no dampening 212 configure bootprelay add 182 configure bootprelay delete 182 configure cli max-session 34 configure diffserv examination code-point 89 configure dns-client add 30 configure dns-clie
Index of Commands configure snmpv3 delete user 43 configure snmpv3 engine-boots 43 configure snmpv3 engine-id 42 configure snmpv3 target-params user mp-model 46 configure sntp-client 50 configure sntp-client update-interval 50 configure stpd add vlan 140, 159 configure stpd default-encapsulation 139 configure stpd delete vlan 141 configure stpd mode 138 configure stpd port link-type 150, 151 configure stpd ports mode 139 configure stpd tag 159 configure sys-health-check interval 96 configure telnet port 35
Index of Commands L logout ls 38 229 M mtrace mv 218 229 N nslookup 29 P ping 27, 29, 30 Q quit 38 R reboot rm run diagnostics 227 229 92 S save configuration show accounts show banner show bgp neighbor show bgp peer-group show checkpoint-data show dhcp-client state show edp show fans show fdb show igmp snooping filter show igmp snooping static group show iparp show ipconfig show iproute show log show log components show log configuration filter show log configuration target show log counters s
Index of Commands 4 ExtremeWare XOS 10.