Summit24e3 Switch Installation and User Guide Software Version 2.0 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 http://www.extremenetworks.com Published: August 2002 Part number: 100102-00 Rev.
©2002 Extreme Networks, Inc. All rights reserved. Extreme Networks and BlackDiamond are registered trademarks of Extreme Networks, Inc. in the United States and certain other jurisdictions.
Contents Preface Chapter 1 Chapter 2 Introduction 17 Conventions 17 Related Publications 18 Summit24e3 Switch Overview Summary of Features 19 Summit24e3 Switch Front View Console Port Reset Button 20 20 20 Summit24e3 Switch Rear View Power Socket Serial Number MAC Address 21 21 21 21 Summit24e3 Switch LEDs 21 Port Connections 22 Full-Duplex 22 Mini-GBIC Type and Hardware/Software Support Mini-GBIC Type and Specifications Safety Information 22 22 23 Switch Installation Determining the
Chapter 3 Chapter 4 4 - Contents Connecting Equipment to the Console Port 27 Powering On the Switch 28 Checking the Installation 28 Logging In for the First Time 29 Installing or Replacing a Mini-Gigabit Interface Connector (Mini-GBIC) Safety Information Preparing to Install or Replace a Mini-GBIC Installing and Removing a Mini-GBIC 30 30 30 31 ExtremeWare Overview Summary of Features Virtual LANs (VLANs) Spanning Tree Protocol Quality of Service Unicast Routing Load Sharing ESRP-Aware Switches
Checking Basic Connectivity Ping Traceroute Chapter 5 Chapter 6 47 48 48 Managing the Switch Overview 49 Using the Console Interface 50 Using Telnet Connecting to Another Host Using Telnet Configuring Switch IP Parameters Disconnecting a Telnet Session Controlling Telnet Access 50 50 50 52 52 Using Secure Shell 2 (SSH2) Enabling SSH2 53 53 Using SNMP Accessing Switch Agents Supported MIBs Configuring SNMP Settings Displaying SNMP Settings 54 54 54 54 55 Authenticating Users RADIUS Client Confi
Verifying the Load-Sharing Configuration Chapter 7 Chapter 8 Chapter 9 6 - Contents 75 Switch Port-Mirroring Port-Mirroring Commands Port-Mirroring Example 75 76 76 Extreme Discovery Protocol EDP Commands 76 77 Virtual LANs (VLANs) Overview of Virtual LANs Benefits 79 79 Types of VLANs Port-Based VLANs Tagged VLANs 80 80 82 VLAN Names Default VLAN Renaming a VLAN 84 84 85 Configuring VLANs on the Switch VLAN Configuration Commands VLAN Configuration Examples 85 85 86 Displaying VLAN Settin
Access Mask Precedence Numbers Specifying a Default Rule The permit-established Keyword Adding Access Mask, Access List, and Rate Limit Entries Deleting Access Mask, Access List, and Rate Limit Entries Verifying Access Control List Configurations Access Control List Commands Access Control List Examples Chapter 10 Chapter 11 94 94 95 95 96 96 96 100 Using Routing Access Policies Creating an Access Profile Configuring an Access Profile Mode Adding an Access Profile Entry Deleting an Access Profile Entry
Commands for Configuring and Monitoring EAPS Creating and Deleting an EAPS Domain Defining the EAPS Mode of the Switch Configuring EAPS Polling Timers Configuring the Primary and Secondary Ports Configuring the EAPS Control VLAN Configuring the EAPS Protected VLANs Enabling and Disabling an EAPS Domain Enabling and Disabling EAPS Unconfiguring an EAPS Ring Port Displaying EAPS Status Information Chapter 12 Chapter 13 8 - Contents 123 124 125 125 126 126 127 127 128 128 128 Quality of Service (QoS) Over
Chapter 14 Chapter 15 Port Monitoring Display Keys 150 Setting the System Recovery Level 151 Logging Local Logging Remote Logging Logging Configuration Changes Logging Commands 151 152 153 153 153 RMON About RMON RMON Features of the Switch Configuring RMON Event Actions 155 155 155 156 157 Spanning Tree Protocol (STP) Overview of the Spanning Tree Protocol 159 Spanning Tree Domains Defaults STPD BPDU Tunneling 159 160 160 STP Configurations 160 Configuring STP on the Switch STP Configuratio
Chapter 16 Chapter 17 10 - Contents Configuring DHCP/BOOTP Relay Verifying the DHCP/BOOTP Relay Configuration 179 180 UDP-Forwarding Configuring UDP-Forwarding UDP-Forwarding Example ICMP Packet Processing UDP-Forwarding Commands 180 180 181 181 181 Interior Gateway Routing Protocols Overview RIP Versus OSPF 183 184 Overview of RIP Routing Table Split Horizon Poison Reverse Triggered Updates Route Advertisement of VLANs RIP Version 1 Versus RIP Version 2 184 185 185 185 185 185 185 Overview of OS
Deleting and Resetting IP Multicast Settings Appendix A Safety Information Important Safety Information Power Power Cord Connections Lithium Battery Appendix B Technical Specifications Appendix C Supported Standards Appendix D Software Upgrade and Boot Options Appendix E 208 209 209 210 210 210 Downloading a New Image Rebooting the Switch 217 218 Saving Configuration Changes Returning to Factory Defaults 219 219 Using TFTP to Upload the Configuration 219 Using TFTP to Download the Configur
Index Index of Commands 12 - Contents Summit24e3 Switch Installation and User Guide
Figures 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 Summit24e3 Switch Installation and User Guide Summit24e3 switch front view Summit24e3 switch rear view Fitting the mounting bracket Null-modem cable pin-outs PC-AT serial null-modem cable pin-outs Mini-GBIC modules Example of a port-based VLAN on the Summit24e3 switch Single port-based VLAN spanning two switches Two port-based VLANs spanning two switches Physical diagram of tagged and untagged traffic Logica
- Figures Summit24e3 Switch Installation and User Guide
Tables 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 Summit24e3 Switch Installation and User Guide Notice Icons Text Conventions Summit24e3 Switch LED Behavior Mini-GBIC Types and Distances 1000BASE-SX Specifications Console Connector Pinouts ExtremeWare Summit24e3 Factory Defaults Command Syntax Symbols Line-Editing Keys Common Commands Default Accounts DNS Commands Ping Command Parameters SNMP Configuration Commands RADIUS Commands TACACS+ Commands Network Lo
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 16 - Tables 802.1p Priority Value-to-QoS Profile to Hardware Queue Default Mapping 802.
Preface This preface provides an overview of this guide, describes guide conventions, and lists other publications that may be useful. Introduction This guide provides the required information to install the Summit24e3 switch and configure the ExtremeWare™ software running on the Summit24e3 switch. This guide is intended for use by network administrators who are responsible for installing and setting up network equipment.
Preface Table 1: Notice Icons (continued) Icon Notice Type Alerts you to... Caution Risk of personal injury, system damage, or loss of data. Warning Risk of severe personal injury. Table 2: Text Conventions Convention Description Screen displays This typeface indicates command syntax, or represents information as it appears on the screen. The words “enter” and “type” When you see the word “enter” in this guide, you must type something, and then press the Return or Enter key.
1 Summit24e3 Switch Overview This chapter describes the features and functionality of the Summit24e3 switch: • Summary of Features on page 19 • Summit24e3 Switch Front View on page 20 • Summit24e3 Switch Rear View on page 21 • Summit24e3 Switch LEDs on page 21 • Mini-GBIC Type and Hardware/Software Support on page 22 Summary of Features The Summit24e3 supports the following ExtremeWare features: • Virtual local area networks (VLANs) including support for IEEE 802.1Q and IEEE 802.
Summit24e3 Switch Overview • RADIUS client and per-command authentication support • TACACS+ support • Network Login • Console command-line interface (CLI) connection • Telnet CLI connection • SSH2 connection • Simple Network Management Protocol (SNMP) support • Remote Monitoring (RMON) • Traffic mirroring for ports Summit24e3 Switch Front View Figure 1 shows the Summit24e3 switch front view.
Summit24e3 Switch Rear View NOTE See “Summit24e3 Switch LEDs” on page 21 for more details. Summit24e3 Switch Rear View Figure 2 shows the rear view of the Summit24e3 switch. Figure 2: Summit24e3 switch rear view Power socket SH_24e3rear Power Socket The Summit24e3 switch automatically adjusts to the supply voltage. The power supply operates down to 90 V. Serial Number Use this serial number for fault-reporting purposes.
Summit24e3 Switch Overview Table 3: Summit24e3 Switch LED Behavior (continued) 10/100 Mbps Port Status LEDs Color Indicates Green Link is present; port is enabled. Green blinking Link is present; there is activity. Off Link is not present or the port is disabled. Mini-GBIC Port Status LEDs Color Indicates Amber Frames are being transmitted/received on this port. Amber blinking A non-supported GBIC is installed on this port. Green Link is present; port is enabled; full-duplex operation.
Mini-GBIC Type and Hardware/Software Support Table 4: Mini-GBIC Types and Distances Maximum Distance (Meters) Standard Media Type Mhz•Km Rating 1000BASE-SX (850 nm optical window) 50/125 µm multimode fiber 400 500 50/125 µm multimode fiber 500 550 62.5/125 µm multimode fiber 160 220 62.5/125 µm multimode fiber 200 275 Table 5 describes the specifications for the 1000BASE-SX Mini-GBIC.
Summit24e3 Switch Overview 24 Summit24e3 Switch Installation and User Guide
2 Switch Installation This chapter describes the following topics: • Determining the Switch Location on page 25 • Installing the Switch on page 26 • Connecting Equipment to the Console Port on page 27 • Powering On the Switch on page 28 • Checking the Installation on page 28 • Logging In for the First Time on page 29 • Installing or Replacing a Mini-Gigabit Interface Connector (Mini-GBIC) on page 30 CAUTION Use of controls or adjustments of performance or procedures other than those specified herein can r
Switch Installation Following Safety Information Before installing or removing any components of the switch, or before carrying out any maintenance procedures, read the safety information provided in Appendix A of this guide. Installing the Switch The Summit24e3 switch can be mounted in a rack, or placed free-standing on a tabletop. Rack Mounting CAUTION Do not use the rack mount kits to suspend the switch from under a table or desk, or to attach the switch to a wall.
Connecting Equipment to the Console Port Free-Standing The Summit24e3 switch is supplied with four self-adhesive rubber pads. Apply the pads to the underside of the device by sticking a pad in the marked area at each corner of the switch. Stacking the Switch and Other Devices You can place up to four Summit switches on top of one another. NOTE This relates only to physically placing the devices on top of one another.
Switch Installation Table 6: Console Connector Pinouts Function Pin Number Direction RTS (request to send) 7 Out CTS (clear to send 8 In Figure 4 shows the pin-outs for a 9-pin to RS-232 25-pin null-modem cable.
Logging In for the First Time During the POST, all ports are temporarily disabled, the port LED is off, and the MGMT LED flashes. The MGMT LED flashes until the switch successfully passes the POST. If the switch passes the POST, the MGMT LED blinks at a slow rate (1 blink per second). If the switch fails the POST, the MGMT LED shows a solid amber light. NOTE For more information on the LEDs, see Chapter 1, “Summit24e3 Switch Overview”.
Switch Installation NOTE After two incorrect login attempts, the Summit24e3 switch locks you out of the login facility. You must wait a few minutes before attempting to log in again. Installing or Replacing a Mini-Gigabit Interface Connector (Mini-GBIC) This section describes the safety precautions and preparation steps that you must perform before inserting and securing a mini-GBIC.
Installing or Replacing a Mini-Gigabit Interface Connector (Mini-GBIC) Installing and Removing a Mini-GBIC You can add and remove mini-GBICs from your Summit24e3 switch without powering off the system. Figure 6 shows the two types of mini-GBIC connectors. Figure 6: Mini-GBIC modules Module A Module B XM_024 Mini-GBICs are a Class 1 laser device. Use only Extreme-approved devices. NOTE Remove the LC fiber-optic connector from the mini-GBIC prior to removing the mini-GBIC from the switch.
Switch Installation 32 Summit24e3 Switch Installation and User Guide
3 ExtremeWare Overview This chapter describes the following topics: • Summary of Features on page 33 • Security Licensing on page 37 • Software Factory Defaults on page 38 ExtremeWare is the full-featured software operating system that is designed to run on the Summit24e3 switch. This section describes the supported ExtremeWare features for the Summit24e3 switch.
ExtremeWare Overview • RADIUS client and per-command authentication support • TACACS+ support • Network Login • Console command-line interface (CLI) connection • Telnet CLI connection • SSH2 connection • Simple Network Management Protocol (SNMP) support • Remote Monitoring (RMON) • Traffic mirroring for ports Virtual LANs (VLANs) ExtremeWare has a VLAN feature that enables you to construct your broadcast domains without being restricted by physical connections.
Summary of Features Quality of Service ExtremeWare has Quality of Service (QoS) features that support IEEE 802.1p, MAC QoS, and four queues. These features enable you to specify service levels for different traffic groups. By default, all traffic is assigned the “normal” QoS policy profile. If needed, you can create other QoS policies and rate-limiting access control lists and apply them to different traffic types so that they have different maximum bandwidth, and priority.
ExtremeWare Overview and the FDB timer used by the other vendor’s layer 2 switch. As such, ESRP can be used with layer 2 switches from other vendors, but the recovery times vary. The VLANs associated with the ports connecting an ESRP-aware switch to an ESRP-enabled switch must be configured using an 802.1Q tag on the connecting port, or, if only a single VLAN is involved, as untagged using the protocol filter any.
Security Licensing Obtaining a Router License You can order the desired functionality from the factory, using the appropriate model of the desired product. If you order licensing from the factory, the switch arrives packaged with a certificate that contains the unique license key(s), and instructions for enabling the correct functionality on the switch. The certificate is typically packaged with the switch documentation.
ExtremeWare Overview Software Factory Defaults Table 7 shows factory defaults for Summit24e3 ExtremeWare features. Table 7: ExtremeWare Summit24e3 Factory Defaults Item Default Setting Serial or Telnet user account admin with no password and user with no password Telnet Enabled SSH2 Disabled SNMP Enabled SNMP read community string public SNMP write community string private RMON Disabled BOOTP Enabled on the default VLAN (default) QoS All traffic is part of the default queue 802.
4 Accessing the Switch This chapter describes the following topics: • Understanding the Command Syntax on page 39 • Line-Editing Keys on page 41 • Command History on page 42 • Common Commands on page 42 • Configuring Management Access on page 44 • Domain Name Service Client Services on page 47 • Checking Basic Connectivity on page 47 Understanding the Command Syntax This section describes the steps to take when entering a command.
Accessing the Switch Syntax Helper The CLI has a built-in syntax helper. If you are unsure of the complete syntax for a particular command, enter as much of the command as possible and press [Return]. The syntax helper provides a list of options for the remainder of the command. The syntax helper also provides assistance if you have entered an incorrect command. Command Completion with Syntax Helper ExtremeWare provides command completion by way of the [Tab] key.
Line-Editing Keys Names All named components of the switch configuration must have a unique name. Names must begin with an alphabetical character and are delimited by whitespace, unless enclosed in quotation marks. Symbols You may see a variety of symbols shown as part of the command syntax. These symbols explain how to enter the command, and you do not type them as part of the command itself. Table 8 summarizes command syntax symbols.
Accessing the Switch Table 9: Line-Editing Keys (continued) Symbol Description Insert Toggles on and off. When toggled on, inserts text and shifts previous text to right. Left Arrow Moves cursor to left. Right Arrow Moves cursor to right. Home or [Ctrl] + A Moves cursor to first character in line. End or [Ctrl] + E Moves cursor to last character in line. [Ctrl] + L Clears screen and movers cursor to beginning of line.
Common Commands Table 10: Common Commands (continued) Command Description config sys-recovery-level [none | critical | all] Configures a recovery option for instances where an exception occurs in ExtremeWare. Specify one of the following: • none — Recovery without system reboot. • critical — ExtremeWare logs an error to the syslog, and reboots the system after critical exceptions. • all — ExtremeWare logs an error to the syslog, and reboots the system after any exception.
Accessing the Switch Table 10: Common Commands (continued) Command Description disable ssh2 Disables SSH2 Telnet access to the switch. disable telnet Disables Telnet access to the switch. enable bootp vlan [ | all] Enables BOOTP for one or more VLANs. enable cli-config-logging Enables the logging of CLI configuration commands to the Syslog for auditing purposes. The default setting is enabled.
Configuring Management Access A user-level account can use the ping command to test device reachability, and change the password assigned to the account name. If you have logged on with user capabilities, the command-line prompt ends with a (>) sign. For example: Summit24e3:2> Administrator Account An administrator-level account can view and change all switch parameters. It can also add and delete users, and change the password associated with any account name.
Accessing the Switch To add a password to the default admin account, follow these steps: 1 Log in to the switch using the name admin. 2 At the password prompt, press [Return]. 3 Add a default admin password by entering the following command: config account admin 4 Enter the new password at the prompt. 5 Re-enter the new password at the prompt. To add a password to the default user account, follow these steps: 1 Log in to the switch using the name admin.
Domain Name Service Client Services Deleting an Account To delete a account, you must have administrator privileges. To delete an account, use the following command: delete account NOTE The account name admin cannot be deleted.
Accessing the Switch Ping The ping command enables you to send Internet Control Message Protocol (ICMP) echo messages to a remote IP device. The ping command is available for both the user and administrator privilege level. The ping command syntax is: ping {continuous} {size {- }} [ | ] {from | with record-route | from with record-route} Options for the ping command are described in Table 13.
5 Managing the Switch This chapter describes the following topics: • Overview on page 49 • Using the Console Interface on page 50 • Using Telnet on page 50 • Using Secure Shell 2 (SSH2) on page 53 • Using SNMP on page 54 • Authenticating Users on page 56 • Using Network Login on page 62 • Using the Simple Network Time Protocol on page 67 Overview Using ExtremeWare, you can manage the switch using the following methods: • Access the CLI by connecting a terminal (or workstation with terminal-emulation soft
Managing the Switch Using the Console Interface The CLI built into the switch is accessible by way of the 9-pin, RS-232 port labeled console, located on the front of the Summit 24e3 switch. Once the connection is established, you will see the switch prompt and you can log in. Using Telnet Any workstation with a Telnet facility should be able to communicate with the switch over a TCP/IP network. Up to eight active Telnet sessions can access the switch concurrently.
Using Telnet enable bootp vlan [ | all] By default, BOOTP is enabled on the default VLAN. If you configure the switch to use BOOTP, the switch IP address is not retained through a power cycle, even if the configuration has been saved. To retain the IP address through a power cycle, you must configure the IP address of the VLAN using the command-line interface, Telnet, or Web interface. All VLANs within a switch that are configured to use BOOTP to get their IP address use the same MAC address.
Managing the Switch 5 Assign an IP address and subnetwork mask for the default VLAN by using the following command: config vlan ipaddress {} For example: config vlan default ipaddress 123.45.67.8 255.255.255.0 Your changes take effect immediately. NOTE As a general rule, when configuring any IP addresses for the switch, you can express a subnet mask by using dotted decimal notation, or by using classless inter-domain routing notation (CIDR).
Using Secure Shell 2 (SSH2) To re-enable Telnet on the switch, at the console port use the following: enable telnet You must be logged in as an administrator to enable or disable Telnet. Using Secure Shell 2 (SSH2) Secure Shell 2 (SSH2) is a feature of ExtremeWare that allows you to encrypt Telnet session data between the switch and a network administrator using SSH2 client software. The ExtremeWare SSH2 switch application is based on the Data Fellows™ SSH2 server implementation.
Managing the Switch After you obtain the SSH2 key value, copy the key to the SSH2 client application. Also, ensure that the client is configured for any nondefault TCP port information that you have configured on the switch. Once these tasks are accomplished, you may form an SSH2-encrypted session with the switch.
Using SNMP Table 14: SNMP Configuration Commands Command Description config snmp add trapreceiver community Adds the IP address of a specified trap receiver. The IP address can be a unicast, multicast, or broadcast address. A maximum of 16 trap receivers is allowed. config snmp community [read-only | read-write] Adds an SNMP read or read/write community string. The default read-only community string is public. The default read-write community string is private.
Managing the Switch Authenticating Users ExtremeWare provides two methods to authenticate users who login to the switch: • Radius client • TACACS+ RADIUS Client Remote Authentication Dial In User Service (RADIUS, RFC 2138) is a mechanism for authenticating and centrally administrating access to network nodes. The ExtremeWare RADIUS client implementation allows authentication for Telnet or console access to the switch. NOTE You cannot configure RADUIS and TACACS+ at the same time.
Authenticating Users Table 15: RADIUS Commands Command Description config radius [primary | secondary] server [ | ] {} client-ip Configures the primary and secondary RADIUS server. Specify the following: • [primary | secondary] — Configure either the primary or secondary RADIUS server. • [ | ] — The IP address or hostname of the server being configured. • — The UDP port to use to contact the RADUIS server.
Managing the Switch Table 15: RADIUS Commands (continued) Command Description enable radius-accounting Enables RADIUS accounting. The RADIUS client must also be enabled. show radius Displays the current RADIUS client configuration and statistics. show radius-accounting Displays the current RADIUS accounting client configuration and statistics unconfig radius {server [primary | secondary]} Unconfigures the radius client configuration.
Authenticating Users users user Password Filter-Id = admin Password Filter-Id = = "" "unlim" = "", Service-Type = Administrative "unlim" eric Password = "", Service-Type = Administrative Filter-Id = "unlim" albert Password = "password", Service-Type = Administrative Filter-Id = "unlim" samuel Password = "password", Service-Type = Administrative Filter-Id = "unlim" RADIUS Per-Command Configuration Example Building on this example configuration, you can use RADIUS to perform per-command authentication
Managing the Switch In PROFILE2, a user associated with this profile can use any enable command, the clear counter command and the show management command, but can perform no other functions on the switch. We also know from the users file that gerald has these capabilities.
Authenticating Users attempting to administer the switch. TACACS+ is used to communicate between the switch and an authentication database. NOTE You cannot use RADIUS and TACACS+ at the same time. You can configure two TACACS+ servers, specifying the primary server address, secondary server address, and UDP port number to be used for TACACS+ sessions. Table 16 describes the commands that are used to configure TACACS+.
Managing the Switch Table 16: TACACS+ Commands (continued) Command Description show tacacs Displays the current TACACS+ configuration and statistics. show tacacs-accounting Displays the current TACACS+ accounting client configuration and statistics. unconfig tacacs {server [primary | secondary]} Unconfigures the TACACS+ client configuration. unconfig tacacs-accounting {server [primary | secondary]} Unconfigures the TACACS+ accounting client configuration.
Using Network Login • A DHCP server • A RADIUS server configuration The RADIUS server must have the following options configured in its dictionary file for network login: Extreme. attr Extreme-Netlogin-Vlan 203 string (1, 0, ENCAPS) The following optional configuration parameters can also be specified: Extreme .attrExtreme-Netlogin-Url 204 string (1, 0, ENCAPS) Extreme.attr Extreme-Netlogin-Url-Desc 205 string (1, 0, ENCAPS) NOTE These settings are for the Merit 3.6 version of RADIUS.
Managing the Switch config config config enable create config config config enable corp ipaddress 10.201.26.11/24 radius primary server 10.201.26.243 client-ip 10.201.26.11 radius primary shared-secret secret radius vlan temporary temporary add port 9 temporary ipaddress 192.168.0.1/24 temporary dhcp-address-range 192.168.0.20 - 192.168.0.
Using Network Login — the permanent VLAN — the URL to be redirected to (optional) — the URL description (optional) • The port is moved to the permanent VLAN. You can verify this using the show vlan command. For more information on the show vlan command, see “Displaying VLAN Settings” on page 86. After a successful login has been achieved, there are several ways that a port can return to a non-authenticated, non-forwarding state: • The user successfully logs out using the logout web browser window.
Managing the Switch DHCP Server on the Switch A DHCP server with limited configuration capabilities is included in the switch to provide IP addresses to clients. DHCP is enabled on a per port, per VLAN basis. To enable or disable DHCP on a port in a VLAN, use one of the following commands: enable dhcp ports vlan disable dhcp ports vlan Network Login Configuration Commands Table 17 describes the commands used to configure network login.
Using the Simple Network Time Protocol until authentication takes place. After authentication has taken place and the permanent IP address is obtained, the show command displays the port state as authenticated. #show netlogin info ports 9 vlan corp Port 9: VLAN: corp Port State: Authenticated Temp IP: Unknown DHCP: Not Enabled User: auto MAC: 00:10:A4:A9:11:3B Disabling Network Login Network login must be disabled on a port before you can delete a VLAN that contains that port.
Managing the Switch NTP queries are first sent to the primary server. If the primary server does not respond within 1 second, or if it is not synchronized, the switch queries the secondary server (if one is configured). If the switch cannot obtain the time, it restarts the query process. Otherwise, the switch waits for the sntp-client update interval before querying again.
Using the Simple Network Time Protocol Table 18: Greenwich Mean Time Offsets (continued) GMT Offset in Hours GMT Offset Common Time Zone in Minutes References +1:00 +60 CET - Central European +2:00 +120 EET - Eastern European, Russia Zone 1 Athens, Greece; Helsinki, Finland; Istanbul, Turkey; Jerusalem, Israel; Harare, Zimbabwe +3:00 +180 BT - Baghdad, Russia Zone 2 Kuwait; Nairobi, Kenya; Riyadh, Saudi Arabia; Moscow, Russia; Tehran, Iran +4:00 +240 ZP4 - Russia Zone 3 Abu Dhabi, UAE; Musc
Managing the Switch Table 19: SNTP Configuration Commands (continued) Command Description config sntp-client update-interval Configures the interval between polling for time information from SNTP servers. The default setting is 64 seconds. disable sntp-client Disables SNTP client functions. enable sntp-client Enables Simple Network Time Protocol (SNTP) client functions. show sntp-client Displays configuration and statistics for the SNTP client.
6 Configuring Ports on a Switch This chapter describes the following topics: • Enabling and Disabling Switch Ports on page 71 • Load Sharing on the Switch on page 73 • Switch Port-Mirroring on page 75 • Extreme Discovery Protocol on page 76 Enabling and Disabling Switch Ports By default, all ports are enabled.
Configuring Ports on a Switch To configure the system to autonegotiate, use the following command: config ports auto on Flow control is supported only on Gigabit Ethernet ports. It is enabled or disabled as part of autonegotiation. If autonegotiation is set to off, flow control is disabled. When autonegotiation is turned on, flow control is enabled.
Load Sharing on the Switch Table 20: Switch Port Commands (continued) Command Description restart ports Resets autonegotiation for one or more ports by resetting the physical link. show ports {} collisions Displays real-time collision statistics. show ports {} configuration Displays the port configuration. show ports {} info {detail} Displays detailed system-related information. show ports {} packet Displays a histogram of packet statistics.
Configuring Ports on a Switch The address-based load-sharing algorithm uses addressing information to determine which physical port in the load-sharing group to use for forwarding traffic out of the switch. Addressing information is based on the packet protocol, as follows: — IP packets — Uses the source and destination MAC and IP addresses. — All other packets — Uses the source and destination MAC address.
Switch Port-Mirroring • Port-based and round-robin load sharing algorithms do not apply. To define a load-sharing group, you assign a group of ports to a single, logical port number. To enable or disable a load-sharing group, use the following commands: enable sharing grouping {address-based} disable sharing Load-Sharing Example This section provides an example of how to define load-sharing on a Summit24e3 switch.
Configuring Ports on a Switch NOTE Frames that contain errors are not mirrored. The mirrored port always transmits tagged frames. The default port tag will be added to any untagged packets as they are mirrored. This allows you to mirror multiple ports or VLANs to a mirror port, while preserving the ability of a single protocol analyzer to track and differentiate traffic within a broadcast domain (VLAN) and across broadcast domains (for example, across VLANs when routing).
Extreme Discovery Protocol EDP Commands Table 22 lists EDP commands. Table 22: EDP Commands Command Description disable edp ports Disables the EDP on one or more ports. enable edp ports Enables the generation and processing of EDP messages on one or more ports. The default setting is enabled. show edp Displays EDP information.
Configuring Ports on a Switch 78 Summit24e3 Switch Installation and User Guide
7 Virtual LANs (VLANs) This chapter describes the following topics: • Overview of Virtual LANs on page 79 • Types of VLANs on page 80 • VLAN Names on page 84 • Configuring VLANs on the Switch on page 85 • Displaying VLAN Settings on page 86 Setting up Virtual Local Area Networks (VLANs) on the switch eases many time-consuming tasks of network administration while increasing efficiency in network operations.
Virtual LANs (VLANs) With traditional networks, network administrators spend much of their time dealing with moves and changes. If users move to a different subnetwork, the addresses of each endstation must be updated manually. Types of VLANs VLANs can be created according to the following criteria: • Physical port • 802.1Q tag • A combination of these criteria Port-Based VLANs In a port-based VLAN, a VLAN name is given to a group of one or more ports on the switch.
Types of VLANs Figure 8: Single port-based VLAN spanning two switches Sales System 1 1 2 3 4 A B 5 6 7 8 1 System 2 2 3 4 SH_004 To create multiple VLANs that span two switches in a port-based VLAN, a port on system 1 must be cabled to a port on system 2 for each VLAN you want to have span across the switches. At least one port on each switch must be a member of the corresponding VLANs, as well. Figure 9 illustrates two VLANs spanning two switches.
Virtual LANs (VLANs) VLAN Accounting spans system 1 and system 2 by way of a connection between system 1, port 26 and system 2, slot 1, port 6. VLAN Engineering spans system 1 and system 2 by way of a connection between system 1, port 25, and system 2, slot 8, port 6. Using this configuration, you can create multiple VLANs that span multiple switches, in a daisy-chained fashion. Each switch must have a dedicated port for each VLAN.
Types of VLANs Figure 10: Physical diagram of tagged and untagged traffic System 1 S S M 1 2 3 4 A B 5 6 7 8 50015 M M M = Marketing S = Sales = Tagged port Marketing & Sales 802.1Q Tagged server 1 M S 2 S 3 S S 4 System 2 SH_006 Figure 11 is a logical diagram of the same network.
Virtual LANs (VLANs) As data passes out of the switch, the switch determines if the destination port requires the frames to be tagged or untagged. All traffic coming from and going to the server is tagged. Traffic coming from and going to the trunk ports is tagged. The traffic that comes from and goes to the other stations on this network is not tagged. Mixing Port-Based and Tagged VLANs You can configure the switch using a combination of port-based and tagged VLANs.
Configuring VLANs on the Switch Renaming a VLAN To rename an existing VLAN, use the following command: config vlan name The following rules apply to renaming VLANs: • Once you change the name of the default VLAN, it cannot be changed back to default. • You cannot create a new VLAN named default. • You cannot change the VLAN name MacVlanDiscover. Although the switch accepts a name change, once it is rebooted, the original name is recreated.
Virtual LANs (VLANs) Table 23: VLAN Configuration Commands (continued) Command Description config vlan name Renames a previously configured VLAN. create vlan Creates a named VLAN. delete vlan Removes a VLAN. unconfig ports monitor vlan Removes port-based VLAN monitoring. unconfig vlan ipaddress Resets the IP address of the VLAN. VLAN Configuration Examples The following Summit24e3 switch example creates a tag-based VLAN named video.
8 Forwarding Database (FDB) This chapter describes the following topics: • Overview of the FDB on page 87 • Configuring FDB Entries on page 88 • Displaying FDB Entries on page 90 Overview of the FDB The switch maintains a database of all media access control (MAC) addresses received on all of its ports. It uses the information in this database to decide whether a frame should be forwarded or filtered.
Forwarding Database (FDB) interface are stored as permanent. The Summit24e3 switches support a maximum of 64 permanent entries. Once created, permanent entries stay the same as when they were created. For example, the permanent entry store is not updated when any of the following take place: — A VLAN is deleted. — A VLAN identifier (VLANid) is changed. — A port mode is changed (tagged/untagged). — A port is deleted from a VLAN. — A port is disabled. — A port enters blocking state.
Configuring FDB Entries Table 24: FDB Configuration Commands Command Description clear fdb [{ | vlan | ports }] Clears dynamic FDB entries that match the filter. When no options are specified, the command clears all FDB entries. config fdb agingtime Configures the FDB aging time. The range is 15 through 1,000,000 seconds. The default value is 300 seconds. A value of 0 indicates that the entry should never be aged out.
Forwarding Database (FDB) FDB Configuration Examples The following example adds a permanent entry to the FDB: create fdbentry 00:E0:2B:12:34:56 vlan marketing port 4 The permanent entry has the following characteristics: • MAC address is 00:E0:2B:12:34:56. • VLAN name is marketing. • Port number for this device is 4.
9 Access Policies This chapter describes the following topics: • Overview of Access Policies on page 91 • Using Access Control Lists on page 92 • Using Routing Access Policies on page 104 • Making Changes to a Routing Access Policy on page 108 • Removing a Routing Access Policy on page 108 • Routing Access Policy Commands on page 109 Overview of Access Policies Access policies are a generalized category of features that impact forwarding and route forwarding decisions.
Access Policies Routing Access Policies Routing access policies are used to control the advertisement or recognition of routing protocols, such as RIP or OSPF. Routing access policies can be used to ‘hide’ entire networks, or to trust only specific sources for routes or ranges of routes. The capabilities of routing access policies are specific to the type of routing protocol involved, but are sometimes more efficient and easier to implement than access lists.
Using Access Control Lists • Drop Drop the packets. Matching packets are not forwarded. • Permit-established Drop the packet if it would initiate a new TCP session (see, “The permit-established Keyword” on page 95). • Permit Forward the packet. You can send the packet to a particular QoS profile, and modify the packet’s 802.1p value and/or DiffServe code point. Rate Limits Each entry that makes up a rate limit contains a unique name and specifies a previously created access mask.
Access Policies How Access Control Lists Work When a packet arrives on an ingress port, the fields of the packet corresponding to an access mask are compared with the values specified by the associated access lists to determine a match. It is possible that a packet will match more than one access control list. If the resulting actions of all the matches do not conflict, they will all be carried out. If there is a conflict, the actions of the access list using the higher precedence access mask are applied.
Using Access Control Lists The permit-established Keyword The permit-established keyword is used to directionally control attempts to open a TCP session. Session initiation can be explicitly blocked using this keyword. NOTE For an example of using the permit-established keyword, refer to “Using the Permit-Established Keyword” on page 100. The permit-established keyword denies the access control list.
Access Policies The maximum number of rate-limiting rules allowed is 315 (63*5). This number is part of the total access control list rules (1014). Deleting Access Mask, Access List, and Rate Limit Entries Entries can be deleted from access masks, access lists, and rate limits. An access mask entry cannot be deleted until all the access lists and rate limits that reference it are also deleted.
Using Access Control Lists Table 25: Access Control List Configuration Commands Command Description create access-list access-mask {dest-mac } {source-mac } {vlan } {ethertype [IP | ARP | ]} {tos | code-point } {ipprotocol [tcp|udp|icmp|igmp|]} {dest-ip /} {dest-L4port } {source-ip /} {source-L4port | {icmp-type } {icmp-code
Access Policies Table 25: Access Control List Configuration Commands (continued) Command Description create access-mask {dest-mac} {source-mac} {vlan } {ethertype} {tos | code-point} {ipprotocol} {dest-ip /} {dest-L4port} {source-ip /} {source-L4port | {icmp-type} {icmp-code}} {permit-established} {egressport} {ports} {precedence } Creates an access mask. The mask specifes which packet fields to examine.
Using Access Control Lists Table 25: Access Control List Configuration Commands (continued) Command Description create rate-limit access-mask {dest-mac } {source-mac } {vlan } {ethertype [IP | ARP | ]} {tos | code-point } {ipprotocol [tcp|udp|icmp|igmp|]} {dest-ip /} {dest-L4port } {source-ip /} {source-L4port | {icmp-type
Access Policies Table 25: Access Control List Configuration Commands (continued) Command Description delete access-mask Deletes an access mask. Any access lists or rate limits that reference this mask must first be deleted. delete rate-limit Deletes a rate limit. show access-list { | ports } Displays access-list information. show access-mask {} Displays access-list information. show rate-limit { | ports } Displays access-list information.
Using Access Control Lists First, create an access-mask that examines the IP protocol field for each packet. Then create two access-lists, one that blocks all TCP, one that blocks UDP. Although ICMP is used in conjunction with IP, it is technically not an IP data packet. Thus, ICMP data traffic, such as ping traffic, is not affected.
Access Policies Figure 14: Access list allows TCP traffic TCP UDP ICMP 10.10.10.100 10.10.20.100 EW_035 Step 3 - Permit-Established Access List. When a TCP session begins, there is a three-way handshake that includes a sequence of a SYN, SYN/ACK, and ACK packets. Figure 15 shows an illustration of the handshake that occurs when host A initiates a TCP session to host B. After this sequence, actual data can be passed.
Using Access Control Lists Figure 16: Permit-established access list filters out SYN packet to destination SYN SYN 10.10.10.100 10.10.20.100 EW_037 Example 2: Filter ICMP Packets This example creates an access list that filters out ping (ICMP echo) packets. ICMP echo packets are defined as type 8 code 0.
Access Policies Using Routing Access Policies To use routing access policies, you must perform the following steps: 1 Create an access profile. 2 Configure the access profile to be of type permit, deny, or none. 3 Add entries to the access profile. Entries are IP addresses and subnet masks 4 Apply the access profile. Creating an Access Profile The first thing to do when using routing access policies is to create an access profile.
Using Routing Access Policies Specifying Subnet Masks The subnet mask specified in the access profile command is interpreted as a reverse mask. A reverse mask indicates the bits that are significant in the IP address. In other words, a reverse mask specifies the part of the address that must match the IP address to which the profile is applied. If you configure an IP address that is an exact match that is specifically denied or permitted, use a mask of /32 (for example, 141.251.24.28/32).
Access Policies • Export Filter — Use an access profile to determine which RIP routes are advertised into a particular VLAN, using the following command: config rip vlan [ | all] export-filter [ | none] Examples In the example shown in Figure 18, a switch is configured with two VLANs, Engsvrs and Backbone. The RIP protocol is used to communicate with other routers on the network.
Using Routing Access Policies config rip vlan backbone import-filter nosales This configuration results in the switch having no route back to the VLAN Sales. Routing Access Policies for OSPF Because OSPF is a link-state protocol, the access policies associated with OSPF are different in nature than those associated with RIP. Access policies for OSPF are intended to extend the existing filtering and security capabilities of OSPF (for example, link authentication and the use of IP address ranges).
Access Policies Figure 19: OSPF access policy example Internet Internet Switch being configured 10.0.0.10 / 24 Backbone (OSPF) area 0.0.0.0 10.0.0.11 / 24 Engsvrs 10.1.1.1 / 24 Engsvrs area 0.0.0.1 10.0.0.12 / 24 Sales 10.2.1.1 / 24 Sales area 0.0.0.2 EW_002 To configure the switch labeled Internet, the commands would be as follows: create config config config access-profile okinternet ipaddress access-profile okinternet mode permit access-profile okinternet add 192.1.1.
Routing Access Policy Commands Routing Access Policy Commands Table 26 describes the commands used to configure routing access policies. Table 26: Routing Access Policy Configuration Commands Command Description config access-profile add {} {permit | deny} [ipaddress {exact}] Adds an entry to the access profile. The explicit sequence number, and permit or deny attribute should be specified if the access profile mode is none.
Access Policies Table 26: Routing Access Policy Configuration Commands (continued) Command Description config ospf asbr-filter [ | none] Configures the router to use the access policy to limit the routes that are advertised into OSPF for the switch as a whole for switches configured to support RIP and static route re-distribution into OSPF.
10 Network Address Translation (NAT) This chapter covers the following topics: • Overview on page 111 • Internet IP Addressing on page 112 • Configuring VLANs for NAT on page 112 • Configuring NAT on page 114 • Displaying NAT Settings on page 117 • Disabling NAT on page 117 Overview NAT is a feature that allows one set of IP addresses, typically private IP addresses, to be converted to another set of IP addresses, typically public Internet IP addresses.
Network Address Translation (NAT) IP addresses. The other type of VLAN is configured as outside, which corresponds to the public (probably Internet) IP addresses you want the inside addresses translated to. The mappings between inside and outside IP addresses are done via rules that specify the IP subnets involved and the algorithms used to translate the addresses. NOTE The NAT modes in ExtremeWare support translating traffic initiating only from inside addresses.
Configuring VLANs for NAT NAT Modes There are 4 different modes used to determine how the outside IP addresses and Layer 4 ports are assigned. • Static mapping • Dynamic mapping • Port-mapping • Auto-constraining Static Mapping When static mapping is used, each inside IP address uses a single outside IP address. The Layer 4 ports are not changed, only the IP address is rewritten.
Network Address Translation (NAT) Configuring NAT The behavior of NAT is determined by the rules you create to translate the IP addresses. You must attach each rule to a specific VLAN. All rules are processed in order. The options specified on the NAT rule determine the algorithm used to translate the inside IP addresses to the outside IP addresses. For outgoing (inside to outside) packets, the first rule to match is processed. All following rules are ignored.
Creating NAT Rules Creating Static and Dynamic NAT Rules To create static or dynamic NAT rules, use this command: config nat [add | delete] vlan map source [any | [/| ]] to [/ | | - ] This is the simplest NAT rule. You specify the outside vlan name, and a subnet of inside IP addresses, which get translated to the outside IP address using the specified mode (static in this case).
Network Address Translation (NAT) This rule uses auto-constrain NAT. Remember that each inside IP address will be restricted in the number of simultaneous connections. Most installations should use portmap mode. Auto-Constrain Example config nat add out_vlan_3 map source 192.168.3.0/24 to 216.52.8.64/32 both auto-constrain Advanced Rule Matching By default, NAT rules only match connections based on the source IP address of the outgoing packets.
Displaying NAT Settings Table 28: NAT Timeout Commands (continued) Command Description config nat syn-timeout Configures the timeout for an entry with an unacknowledged TCP SYN state. The default setting is 60 seconds. config nat tcp-timeout Configures the timeout for a fully setup TCP SYN session. The default setting is 120 seconds. config nat udp-timeout Configures the timeout for an UDP session. The default setting is 120 seconds.
Network Address Translation (NAT) 118 Summit24e3 Switch Installation and User Guide
11 Ethernet Automatic Protection Switching This chapter describes the use of the Ethernet Automatic Protection Switching (EAPS™) protocol, and includes information on the following topics: • Overview of the EAPS Protocol on page 119 • Commands for Configuring and Monitoring EAPS on page 123 Overview of the EAPS Protocol The EAPS protocol provides fast protection switching to Layer 2 switches interconnected in an Ethernet ring topology, such as a Metropolitan Area Network (MAN) or large campuses (see Figur
Ethernet Automatic Protection Switching Figure 21: Gigabit Ethernet fiber EAPS MAN ring Transit node Transit node Gigabit Ethernet Fiber EAPS MAN ring Transit node Transit node Master node EW_070 One port of the master node is designated the master node’s primary port (P) to the ring; another port is designated as the master node’s secondary port (S) to the ring.
Overview of the EAPS Protocol Figure 22: EAPS operation S4 S3 S5 S2 S6 P S S1 Direction of health-check message Secondary port is logically blocked Master node EW_071 If the ring is complete, the master node logically blocks all data traffic in the transmit and receive directions on the secondary port to prevent a loop. If the master node detects a break in the ring, it unblocks its secondary port and allows data traffic to be transmitted and received through it.
Ethernet Automatic Protection Switching Figure 23: EAPS fault detection and protection switching Break in ring S4 sends "link down" message to master node S4 S3 S5 S2 S6 S3 sends "link down" message to master node P S S1 Master node opens secondary port to allow traffic to pass Master node EW_072 A master node detects a ring fault in either of two ways: • Polling response • Trap message sent by a transit node Polling The master node transmits a health-check packet on the control VLAN at a use
Commands for Configuring and Monitoring EAPS Restoration Operations The master node continues sending health-check packets out its primary port even when the master node is operating in the failed state. As long as there is a break in the ring, the fail-period timer of the master node will continue to expire and the master node will remain in the failed state.
Ethernet Automatic Protection Switching Table 29: EAPS Commands (continued) Command Description config eaps [add | delete] protect vlan Adds the specified protected VLAN to the specified EAPS domain, or deletes the specified protected VLAN from the specified EAPS domain. config eaps name Renames an existing EAPS domain. create eaps Creates an EAPS domain with the specified name. Only a singe domain is supported on this platform.
Commands for Configuring and Monitoring EAPS Defining the EAPS Mode of the Switch To configure the EAPS node type of the switch, use the following command: config eaps mode [master | transit] One node on the ring must be configured as the master node for the specified domain; all other nodes on the ring are configured as transit nodes for the same domain. The following command example identifies this switch as the master node for the domain named eaps_1.
Ethernet Automatic Protection Switching NOTE When the master node declares a failed state, it also flushes its forwarding database (FDB) and sends a “flush FDB” message to all the transit switches on the ring by way of the control VLAN. The reason for flushing the FDB is so that the switches can relearn the new directions to reach Layer 2 end stations via the reconfigured topology.
Commands for Configuring and Monitoring EAPS NOTE When you configure the VLAN that will act as the control VLAN, that VLAN must be assigned a QoS profile of Qp8, and the ring ports of the control VLAN must be tagged. By assigning the control VLAN a QoS profile of Qp8, you ensure that EAPS control VLAN traffic is serviced before any other traffic and that control VLAN messages reach their intended destinations.
Ethernet Automatic Protection Switching Enabling and Disabling EAPS To enable the EAPS function for the entire switch, use the following command: enable eaps To disable the EAPS function for the entire switch, use the following command: disable eaps Unconfiguring an EAPS Ring Port Unconfiguring an EAPS port sets its internal configuration state to INVALID, which causes the port to appear in the Idle state with a port status of Unknown when you use the show eaps {} detail command to display the stat
Commands for Configuring and Monitoring EAPS Preforwarding Timer interval: 3 sec Last update: From Master Id 00:E0:2B:81:20:00, Sat Mar 17 17:03:37 2001 Eaps Domain has following Controller Vlan: Vlan Name VID "rhsc" 0020 EAPS Domain has following Protected Vlan(s): Vlan Name VID "traffic" 1001 Number of Protected Vlans: 1 The following example of the show eaps {} detail command displays detailed EAPS information for a single EAPS domain named “eaps2” on the master node.
Ethernet Automatic Protection Switching Table 30: show eaps Display Fields (continued) Field Description State: On a transit node, the command displays one of the following states: • Idle—The EAPS domain has been enabled, but the configuration is not complete. • Links-Up—This EAPS domain is running, and both its ports are up and in the FORWARDING state. • Links-Down—This EAPS domain is running, but one or both of its ports are down.
Commands for Configuring and Monitoring EAPS Table 30: show eaps Display Fields (continued) Field Preforwarding Timer Description interval:1 The configured value of the timer. This value is set internally by the EAPS software. Last update:1 Displayed only for transit nodes; indicates the last time the transit node received a hello packet from the master node (identified by its MAC address).
Ethernet Automatic Protection Switching 132 Summit24e3 Switch Installation and User Guide
12 Quality of Service (QoS) This chapter covers the following topics: • Overview of Policy-Based Quality of Service on page 133 • Applications and Types of QoS on page 134 • Configuring QoS for a Port or VLAN on page 135 • Traffic Groupings on page 136 — MAC-Based Traffic Groupings on page 137 — Explicit Class of Service (802.
Quality of Service (QoS) NOTE As with all Extreme switch products, QoS has no impact on switch performance. Using even the most complex traffic groupings has no cost in terms of switch performance. Applications and Types of QoS Different applications have different QoS requirements.
Configuring QoS for a Port or VLAN Web Browsing Applications QoS needs for Web browsing applications cannot be generalized into a single category. For example, ERP applications that use a browser front-end may be more important than retrieving daily news information. Traffic groupings can typically be distinguished from each other by their server source and destinations.
Quality of Service (QoS) Traffic Groupings Once a QoS profile is modified for bandwidth and priority, you assign traffic a grouping to the profile. A traffic grouping is a classification of traffic that has one or more attributes in common. Traffic is typically grouped based on the applications discussed starting on page -134.
Traffic Groupings prescribe the bandwidth management and priority handling for that traffic grouping. This level of packet filtering has no impact on performance. MAC-Based Traffic Groupings QoS profiles can be assigned to destination MAC addresses.
Quality of Service (QoS) Explicit Class of Service (802.1p and DiffServ) Traffic Groupings This category of traffic groupings describes what is sometimes referred to as explicit packet marking, and refers to information contained within a packet intended to explicitly determine a class of service. That information includes: • IP DiffServ code points, formerly known as IP TOS bits • Prioritization bits used in IEEE 802.
Traffic Groupings supports four hardware queues. The transmitting hardware queue determines the bandwidth management and priority characteristics used when transmitting packets. To control the mapping of 802.1p prioritization values to hardware queues, 802.1p prioritization values can be mapped to a QoS profile. The default mapping of each 802.1p priority value to QoS profile is shown in Table 34. Table 34: 802.
Quality of Service (QoS) Configuring DiffServ Contained in the header of every IP packet is a field for IP Type of Service (TOS), now also called the DiffServ field. The TOS field is used by the switch to determine the type of service provided to the packet. Observing DiffServ code points as a traffic grouping mechanism for defining QoS policies and overwriting the Diffserv code point fields are supported in the Summit24e3 switch. Figure 25 shows the encapsulation of an IP packet header.
Traffic Groupings enable diffserv examination ports [ | all] NOTE DiffServ examination requires one access mask while it is enabled. See “Maximum Entries” on page 95 for more information. Changing DiffServ Code point assignments in the QoS Profile The DiffServ code point has 64 possible values (26 = 64). By default, the values are grouped and assigned to the default QoS profiles listed in Table 37.
Quality of Service (QoS) enable diffserv examination ports all In the following example, all the traffic from network 10.1.2.x is assigned the DiffServe code point 23 and the 802.1p value of 2: create access-mask SriIpMask source-ip/24 create access-list TenOneTwo access-mask SrcIpMask source-ip 10.1.2.
Verifying Configuration and Performance Verifying Configuration and Performance Once you have created QoS policies that manage the traffic through the switch, you can use the QoS monitor to determine whether the application performance meets your expectations. QoS Monitor The QoS monitor is a utility that monitors the incoming packets on a port or ports. The QoS monitor keeps track of the number of frames and the frames per second, sorted by 802.1p value, on each monitored port.
Quality of Service (QoS) • Priority • A list of all traffic groups to which the QoS profile is applied Additionally, QoS information can be displayed from the traffic grouping perspective by using one or more of the following commands: • show fdb permanent — Displays destination MAC entries and their QoS profiles. • show switch — Displays information including PACE enable/disable information. • show vlan — Displays the QoS profile assignments to the VLAN.
Dynamic Link Context System DLCS Guidelines Follow these guidelines when using DLCS: • Only one user is allowed on one workstation at a given time. • A user can be logged into many workstations simultaneously. • An IP-address can be learned on only one port in the network at a given time. • Multiple IP-addresses can be learned on the same port. • DLCS mapping is flushed when a user logs in or logs out, or when an end-station is shutdown.
Quality of Service (QoS) 146 Summit24e3 Switch Installation and User Guide
13 Status Monitoring and Statistics This chapter describes the following topics: • Status Monitoring on page 147 • Port Statistics on page 149 • Port Errors on page 149 • Port Monitoring Display Keys on page 150 • Setting the System Recovery Level on page 151 • Logging on page 151 • RMON on page 155 Viewing statistics on a regular basis allows you to see how well your network is performing.
Status Monitoring and Statistics Table 39: Status Monitoring Commands (continued) Command Description show log {} Displays the current snapshot of the log. Options include: • priority — Filters the log to display message with the selected priority or higher (more critical). Priorities include critical, emergency, alert, error, warning, notice, info, and debug. If not specified, all messages are displayed.
Port Statistics Port Statistics ExtremeWare provides a facility for viewing port statistic information. The summary information lists values for the current counter against each port on each operational module in the system, and it is refreshed approximately every 2 seconds. Values are displayed to nine digits of accuracy.
Status Monitoring and Statistics • Transmit Deferred Frames (TX Deferred) — The total number of frames that were transmitted by the port after the first transmission attempt was deferred by other network traffic. • Transmit Errored Frames (TX Error) — The total number of frames that were not completely transmitted by the port because of network errors (such as late collisions or excessive collisions). • Transmit Parity Frames (TX Parity) — The bit summation has a parity mismatch.
Setting the System Recovery Level Setting the System Recovery Level You can configure the system to automatically reboot after a software task exception, using the following command: config sys-recovery-level [none | critical | all] Where the following is true: • none — Configures the level to recovery without a system reboot. • critical — Configures ExtremeWare to log an error into the syslog and automatically reboot the system after a critical exception.
Status Monitoring and Statistics Table 42: Fault Log Subsystems Subsystem Description Syst General system-related information. Examples include memory, power supply, security violations, fan failure, overheat condition, and configuration mode. STP STP information. Examples include an STP state change. Brdg Bridge-related functionality. Examples include low table space and queue overflow. SNMP SNMP information. Examples include community string violations.
Logging Remote Logging In addition to maintaining an internal log, the switch supports remote logging by way of the UNIX syslog host facility. To enable remote logging, follow these steps: 1 Configure the syslog host to accept and log messages. 2 Enable remote logging by using the following command: enable syslog 3 Configure remote logging by using the following command: config syslog {add} {} Specify the following: — ipaddress — The IP address of the syslog host.
Status Monitoring and Statistics Table 43: Logging Commands (continued) Command Description config log display {} Configures the real-time log display. Options include: • config syslog {add} {} config syslog delete { priority — Filters the log to display messages with the selected priority or higher (more critical). Priorities include critical, emergency, error, alert, warning, notice, info, and debug.
RMON Table 43: Logging Commands (continued) Command Description show log config Displays the log configuration, including the syslog host IP address, the priority level of messages being logged locally, and the priority level of messages being sent to the syslog host. RMON Using the Remote Monitoring (RMON) capabilities of the switch allows network administrators to improve system efficiency and reduce the load on the network.
Status Monitoring and Statistics Statistics The RMON Ethernet Statistics group provides traffic and error statistics showing packets, bytes, broadcasts, multicasts, and errors on a LAN segment or VLAN. Information from the Statistics group is used to detect changes in traffic and error patterns in critical areas of the network. History The History group provides historical views of network performance by taking periodic samples of the counters supplied by the Statistics group.
RMON By default, RMON is disabled. However, even in the disabled state, the switch response to RMON queries and sets for alarms and events. By enabling RMON, the switch begins the processes necessary for collecting switch statistics. Event Actions The actions that you can define for each alarm are shown in Table 44. Table 44: Event Actions Action High Threshold No action Notify only Send trap to all trap receivers. Notify and log Send trap; place entry in RMON log.
Status Monitoring and Statistics 158 Summit24e3 Switch Installation and User Guide
14 Spanning Tree Protocol (STP) This chapter describes the following topics: • Overview of the Spanning Tree Protocol on page 159 • Spanning Tree Domains on page 159 • STP Configurations on page 160 • Configuring STP on the Switch on page 162 • Displaying STP Settings on page 165 • Disabling and Resetting STP on page 165 Using the Spanning Tree Protocol (STP) functionality of the switch makes your network more fault tolerant.
Spanning Tree Protocol (STP) A port can belong to only one STPD. If a port is a member of multiple VLANs, then all those VLANs must belong to the same STPD.
STP Configurations • Marketing is defined on all switches (switch A, switch B, switch Y, switch Z, and switch M). Two STPDs are defined: • STPD1 contains VLANs Sales and Personnel. • STPD2 contains VLANs Manufacturing and Engineering. The VLAN Marketing is a member of the default STPD, but not assigned to either STPD1 or STPD2.
Spanning Tree Protocol (STP) Figure 27: Tag-based STP configuration Marketing & Sales Marketing, Sales & Engineering Switch 1 Switch 3 Switch 2 Sales & Engineering SH_009 The tag-based network in Figure 27 has the following configuration: • Switch 1 contains VLAN Marketing and VLAN Sales. • Switch 2 contains VLAN Engineering and VLAN Sales. • Switch 3 contains VLAN Marketing, VLAN Engineering, and VLAN Sales.
Configuring STP on the Switch 3 Enable STP for one or more STP domains using the following command: enable stpd {} NOTE All VLANs belong to a STPD. If you do not want to run STP on a VLAN, you must add the VLAN to a STPD that is disabled. Once you have created the STPD, you can optionally configure STP parameters for the STPD. CAUTION You should not configure any STP parameters unless you have considerable knowledge and experience with STP.
Spanning Tree Protocol (STP) Table 45: STP Configuration Commands (continued) Command Description config stpd maxage Specifies the maximum age of a BPDU in this STPD. The range is 6 through 40. The default setting is 20 seconds. Note that the time must be greater than, or equal to 2 * (Hello Time + 1) and less than, or equal to 2 * (Forward Delay –1). config stpd ports cost Specifies the path cost of the port in this STPD.
Displaying STP Settings STP Configuration Example The following Summit24e3 switch example creates and enables an STPD named Backbone_st. It assigns the Manufacturing VLAN to the STPD. It disables STP on ports 1 through 7 and port 12.
Spanning Tree Protocol (STP) Table 46: STP Disable and Reset Commands Command Description unconfig stpd {} Restores default STP values to a particular STPD or to all STPDs.
15 IP Unicast Routing This chapter describes the following topics: • Overview of IP Unicast Routing on page 167 • Proxy ARP on page 170 • Relative Route Priorities on page 171 • Configuring IP Unicast Routing on page 172 • IP Commands on page 172 • Routing Configuration Example on page 177 • Displaying Router Settings on page 178 • Resetting and Disabling Router Settings on page 178 • Configuring DHCP/BOOTP Relay on page 179 • UDP-Forwarding on page 180 This chapter assumes that you are already familiar wi
IP Unicast Routing Router Interfaces The routing software and hardware routes IP traffic between router interfaces. A router interface is simply a VLAN that has an IP address assigned to it. As you create VLANs with IP addresses belonging to different IP subnets, you can also choose to route between the VLANs. Both the VLAN switching and IP routing function occur within the switch. NOTE Each IP address and mask assigned to a VLAN must represent a unique IP subnet.
Overview of IP Unicast Routing — Locally, by way of interface addresses assigned to the system — By other static routes, as configured by the administrator NOTE If you define a default route, and subsequently delete the VLAN on the subnet associated with the default route, the invalid default route entry remains. You must manually delete the configured default route. Dynamic Routes Dynamic routes are typically learned by way of RIP or OSPF.
IP Unicast Routing IP Route Sharing IP route sharing allows multiple equal-cost routes to be used concurrently. IP route sharing can be used with static routes or with OSPF routes. In OSPF, this capability is referred to as equal cost multipath (ECMP) routing. To use IP route sharing, use the following command: enable iproute sharing Next, configure static routes and/or OSPF as you would normally. ExtremeWare supports unlimited route sharing across static routes and up to eight ECMP routes for OSPF.
Relative Route Priorities • The valid IP ARP Request is received on a router interface. • The target IP address matches the IP address configured in the proxy ARP table. • The proxy ARP table entry indicates that the system should always answer this ARP Request, regardless of the ingress VLAN (the always parameter must be applied). Once all the proxy ARP conditions are met, the switch formulates an ARP Response using the configured MAC address in the packet.
IP Unicast Routing Table 47: Relative Route Priorities (continued) Route Origin Priority BOOTP 5000 To change the relative route priority, use the following command: config iproute priority [rip | bootp | icmp | static | ospf-intra | ospf-inter | ospf-as-external | ospf-extern1 | ospf-extern2] Configuring IP Unicast Routing This section describes the commands associated with configuring IP unicast routing on the switch.
IP Commands Table 48: Basic IP Commands Command Description clear iparp { | vlan } Removes dynamic entries in the IP ARP table. Permanent IP ARP entries are not affected. clear ipfdb { | vlan } Removes the dynamic entries in the IP forwarding database. If no options are specified, all dynamic IP FDB entries are removed. config bootprelay add Adds the IP destination address to forward BOOTP packets.
IP Unicast Routing Table 48: Basic IP Commands (continued) Command Description enable ipforwarding {vlan } Enables IP routing for one or all VLANs. If no argument is provided, enables routing for all VLANs that have been configured with an IP address. The default setting for ipforwarding is disabled. enable ipforwarding broadcast {vlan } Enables forwarding IP broadcast traffic for one or all VLANs. If no argument is provided, enables broadcast forwarding for all VLANs.
IP Commands Table 49: Route Table Configuration Commands (continued) Command Description enable iproute sharing Enables load sharing if multiple routes to the same destination are available. Only paths with the same lowest cost are shared. The default setting is disabled. rtlookup [ | ] Performs a look-up in the route table to determine the best route to reach an IP address. Table 50 describes the commands used to configure IP options and the ICMP protocol.
IP Unicast Routing Table 50: ICMP Configuration Commands (continued) Command Description enable icmp parameter-problem {vlan } Enables the generation of an ICMP parameter-problem message (type 12) when the switch cannot properly process the IP header or IP option information. The default setting is enabled. If a VLAN is not specified, the command applies to all IP interfaces.
Routing Configuration Example Table 50: ICMP Configuration Commands (continued) Command Description unconfig irdp Resets all router advertisement settings to the default values. Routing Configuration Example Figure 29 illustrates a Summit24e3 switch that has two VLANs defined as follows: • Finance — Contains ports 2 and 4. — IP address 192.207.35.1. • Personnel — Contains ports 3 and 5. — IP address 192.207.36.1. Figure 29: Unicast routing configuration example 192.207.35.1 192.207.36.1 192.207.35.
IP Unicast Routing config Finance ipaddress 192.207.35.1 config Personnel ipaddress 192.207.36.1 config rip add vlan Finance config rip add vlan Personnel enable ipforwarding enable rip Displaying Router Settings To display settings for various IP routing components, use the commands listed in Table 51. Table 51: Router Show Commands Command Description show iparp { | permanent} Displays the IP Address Resolution Protocol (ARP) table.
Configuring DHCP/BOOTP Relay Table 52: Router Reset and Disable Commands (continued) Command Description disable bootprelay Disables the forwarding of BOOTP requests. disable icmp address-mask {vlan } Disables the generation of an ICMP address-mask reply messages. If a VLAN is not specified, the command applies to all IP interfaces. disable icmp parameter-problem {vlan } Disables the generation of ICMP parameter-problem messages.
IP Unicast Routing 3 Configure the addresses to which DHCP or BOOTP requests should be directed, using the following command: config bootprelay add To delete an entry, use the following command: config bootprelay delete { | all} Verifying the DHCP/BOOTP Relay Configuration To verify the DHCP/BOOTP relay configuration, use the following command: show ipconfig This command displays the configuration of the BOOTP relay service, and the addresses that are currently configured.
UDP-Forwarding UDP-Forwarding Example In this example, the VLAN Marketing and the VLAN Operations are pointed toward a specific backbone DHCP server (with IP address 10.1.1.1) and a backup server (with IP address 10.1.1.2). Additionally, the VLAN LabUser is configured to use any responding DHCP server on a separate VLAN called LabSvrs.
IP Unicast Routing Table 53: UDP-Forwarding Commands (continued) Command Description config vlan udp-profile Assigns a UDP-forwarding profile to the source VLAN. Once the UDP profile is associated with the VLAN, the switch picks up any broadcast UDP packets that matches with the user configured UDP port number, and forwards those packets to the user-defined destination. If the UDP port is the DHCP/BOOTP port number, appropriate DHCP/BOOTP proxy functions are invoked.
16 Interior Gateway Routing Protocols This chapter describes the following topics: • Overview on page 183 • Overview of RIP on page 184 • Overview of OSPF on page 186 • Route Re-Distribution on page 191 • Configuring RIP on page 192 • RIP Configuration Example on page 195 • Displaying RIP Settings on page 196 • Resetting and Disabling RIP on page 196 • Configuring OSPF on page 197 • Displaying OSPF Settings on page 202 • Resetting and Disabling OSPF Settings on page 203 This chapter assumes that you are al
Interior Gateway Routing Protocols OSPF is a link-state protocol, based on the Dijkstra link-state algorithm. OSPF is a newer Interior Gateway Protocol (IGP), and solves a number of problems associated with using RIP on today’s complex networks. NOTE Both RIP and OSPF can be enabled on a single VLAN. RIP Versus OSPF The distinction between RIP and OSPF lies in the fundamental differences between distance-vector protocols and link-state protocols.
Overview of RIP Routing Table The routing table in a router using RIP contains an entry for every known destination network.
Interior Gateway Routing Protocols NOTE If you are using RIP with supernetting/Classless Inter-Domain Routing (CIDR), you must use RIPv2 only. In addition, RIP route aggregation must be turned off. Overview of OSPF OSPF is a link-state protocol that distributes routing information between routers belonging to a single IP domain, also known as an autonomous system (AS). In a link-state routing protocol, each router maintains a database describing the topology of the autonomous system.
Overview of OSPF Database Overflow The OSPF database overflow feature allows you to limit the size of the LSDB and to maintain a consistent LSDB across all the routers in the domain, which ensures that all routers have a consistent view of the network. Consistency is achieved by: • Limiting the number of external LSAs in the database of each router. • Ensuring that all routers have identical LSAs.
Interior Gateway Routing Protocols • Area Border Router (ABR) An ABR has interfaces in multiple areas. It is responsible for exchanging summary advertisements with other ABRs. You can create a maximum of 7 non-zero areas. • Autonomous System Border Router (ASBR) An ASBR acts as a gateway between OSPF and other routing protocols, or other autonomous systems. Backbone Area (Area 0.0.0.0) Any OSPF network that contains more than one area is required to have an area configured as area 0.0.0.
Overview of OSPF where translation is to be enforced. If translate is not used on any NSSA border router in a NSSA, one of the ABRs for that NSSA is elected to perform translation (as indicated in the NSSA specification). The option should not be used on NSSA internal routers. Doing so inhibits correct operation of the election algorithm. Normal Area A normal area is an area that is not: • Area 0. • Stub area. • NSSA. Virtual links can be configured through normal areas.
Interior Gateway Routing Protocols Figure 31: Virtual link providing redundancy Virtual link Area 2 ABR 1 Area 1 ABR 2 Area 0 Area 3 EW_017 Point-to-Point Support You can manually configure the OSPF link type for a VLAN. Table 55 describes the link types. Table 55: OSPF Link Types Link Type Number of Routers Description Auto Varies ExtremeWare automatically determines the OSPF link type based on the interface type. This is the default setting.
Route Re-Distribution Route Re-Distribution Both RIP and OSPF can be enabled simultaneously on the switch. Route re-distribution allows the switch to exchange routes, including static routes, between the two routing protocols. Figure 32 is an example of route re-distribution between an OSPF autonomous system and a RIP autonomous system. Figure 32: Route re-distribution OSPF AS Backbone Area 0.0.0.0 ABR Area 121.2.3.
Interior Gateway Routing Protocols enable ospf export [static | rip | direct] [cost [ase-type-1 | ase-type-2] {tag }] disable ospf export [static | rip | direct] These commands enable or disable the exporting of RIP, static, and direct routes by way of LSA to other OSPF routers as AS-external type 1 or type 2 routes. The default setting is disabled. The cost metric is inserted for all RIP-learned, static, and direct routes injected into OSPF.
Configuring RIP Table 56: RIP Configuration Commands (continued) Command Description config rip delete vlan [ | all] Disables RIP on an IP interface. When RIP is disabled on the interface, the parameters are not reset to their defaults. config rip garbagetime {} Configures the RIP garbage time. The timer granularity is 10 seconds. The default setting is 120 seconds. config rip routetimeout {} Configures the route timeout. The default setting is 180 seconds.
Interior Gateway Routing Protocols Table 56: RIP Configuration Commands (continued) Command Description enable rip aggregation Enables aggregation of subnet information on interfaces configured to send RIP v2 or RIP v2-compatible traffic. The switch summarizes subnet routes to the nearest class network route. The following rules apply when using RIP aggregation: • Subnet routes are aggregated to the nearest class network route when crossing a class boundary.
RIP Configuration Example RIP Configuration Example Figure 33 illustrates a switch that has two VLANs defined as follows: • Finance — Contains ports 2 and 4 — IP address 192.207.35.1. • Personnel — Contains ports 3 and 5 — IP address 192.207.36.1. Figure 33: RIP configuration example 192.207.35.1 192.207.36.1 192.207.35.0 Finance 2 192.207.36.0 Personnel 3 192.207.35.11 4 5 192.207.35.13 192.207.36.12 192.207.36.
Interior Gateway Routing Protocols enable ipforwarding config rip add vlan all enable rip Displaying RIP Settings To display settings for RIP, use the commands listed in Table 57. Table 57: RIP Show Commands Command Description show rip {detail} Displays RIP configuration and statistics for all VLANs. show rip stat {detail} Displays RIP-specific statistics for all VLANs. show rip stat vlan Displays RIP-specific statistics for a VLAN.
Configuring OSPF Configuring OSPF Each switch that is configured to run OSPF must have a unique router ID. It is recommended that you manually set the router ID of the switches participating in OSPF, instead of having the switch automatically choose its router ID based on the highest interface IP address. Not performing this configuration in larger, dynamic environments could result in an older link state database remaining in use. Table 59 describes the commands used to configure OSPF.
Interior Gateway Routing Protocols Table 59: OSPF Configuration Commands (continued) Command Description config ospf [vlan | area | virtual-link ] timer Configures the timers for one interface or all interfaces in the same OSPF area.
Configuring OSPF Table 59: OSPF Configuration Commands (continued) Command Description config ospf ase-summary delete Deletes an aggregated OSPF external route. config ospf delete virtual-link Removes a virtual link. config ospf delete vlan [ | all] Disables OSPF on one or all VLANs (router interfaces). config ospf direct-filter [ | none] Configures a route filter for direct routes.
Interior Gateway Routing Protocols Table 59: OSPF Configuration Commands (continued) Command Description config ospf vlan timer [] Configures the OSPF wait interval. Specify the following: • rxmtinterval — The length of time that the router waits before retransmitting an LSA that is not acknowledged. If you set an interval that is too short, unnecessary retransmissions will result. The default value is 5 seconds.
Configuring OSPF Table 59: OSPF Configuration Commands (continued) Command Description enable ospf export static [cost [ase-type-1 | ase-type-2] {tag }] Enables the distribution of static routes into the OSPF domain. Once enabled, the OSPF router is considered to be an ASBR. The default tag number is 0. The default setting is disabled.
Interior Gateway Routing Protocols Displaying OSPF Settings To display settings for OSPF, use the commands listed in Table 60. Table 60: OSPF Show Commands Command Description show ospf Displays global OSPF information. show ospf area {detail} Displays information about all OSPF areas. show ospf area Displays information about a particular OSPF area. show ospf ase-summary Displays the OSPF external route aggregation configuration.
Resetting and Disabling OSPF Settings Resetting and Disabling OSPF Settings To return OSPF settings to their defaults, use the commands listed in Table 61. Table 61: OSPF Reset and Disable Commands Command Description delete ospf area [ | all] Deletes an OSPF area. Once an OSPF area is removed, the associated OSPF area and OSPF interface information is removed. The backbone area cannot be deleted. A non-empty area cannot be deleted. disable ospf Disables OSPF process in the router.
Interior Gateway Routing Protocols 204 Summit24e3 Switch Installation and User Guide
17 IP Multicast Routing This chapter describes the following topics: • Overview on page 205 • Configuring IP Multicasting Routing on page 206 • Displaying IP Multicast Routing Settings on page 207 • Deleting and Resetting IP Multicast Settings on page 208 For more information on IP multicasting, see the following publications: • RFC 1112 – Host Extension for IP Multicasting • RFC 2236 – Internet Group Management Protocol, Version 2 Overview IP multicast routing is a function that allows a single IP host t
IP Multicast Routing IGMP is enabled by default on the switch. However, the switch can be configured to disable the generation of period IGMP query packets. IGMP query should be enabled when the switch is configured to perform IP unicast or IP multicast routing. IGMP Snooping IGMP snooping is a layer 2 function of the switch. It does not require multicast routing to be enabled. The feature reduces the flooding of IP multicast traffic.
Displaying IP Multicast Routing Settings Table 62: IGMP Configuration Commands Command Description config igmp Configures the IGMP timers. Timers are based on RFC2236. Specify the following: config igmp snooping • query_interval — The amount of time, in seconds, the system waits between sending out General Queries. The range is 1 to 2,147,483,647 seconds (68 years).
IP Multicast Routing Table 63: IP Multicast Routing Show Commands (continued) Command Description show ipmc cache {detail} {} {
A Safety Information Important Safety Information WARNING! Read the following safety information thoroughly before installing your Extreme Networks switch. Failure to follow this safety information can lead to personal injury or damage to the equipment. Installation, maintenance, removal of parts, and removal of the unit and components must be done by qualified service personnel only.
Safety Information • The appliance coupler (the connector to the unit and not the wall plug) must have a configuration for mating with an EN60320/IEC320 appliance inlet. • France and Peru only This unit cannot be powered from IT† supplies. If your supplies are of IT type, this unit must be powered by 230 V (2P+T) via an isolation transformer ratio 1:1, with the secondary connection point labeled Neutral, connected directly to ground.
Important Safety Information WARNING! Danger of explosion if battery is incorrectly replaced. Replace only with the same or equivalent type recommended by the manufacturer. Dispose of used batteries according to the manufacturer’s instructions. • Disposal requirements vary by country and by state. • Lithium batteries are not listed by the Environmental Protection Agency (EPA) as a hazardous waste. Therefore, they can typically be disposed of as normal waste.
Safety Information 212 Summit24e3 Switch Installation and User Guide
B Technical Specifications Physical Dimensions Summit24e3 Height: 1.75 inches (4.44 cm) Width: 17 inches (43.18 cm) Depth: 8 inches (20.32 cm) Weight: 8 lbs (3.6 kg) Safety Agency Certifications UL 1950 3rd Edition, listed EN60950:1992/A1-4:1997 plus ZB/ZC Deviations IEC 950CB Low Voltage Directive (LVD) CSA 22.2#950-95 AS/NZS 3260 EN60825-1 FCC CFR 21 Electromagnetic Compatibility FCC CFR 47 part 15 Class A ICES-0003 A/C108.
Technical Specifications Environmental Requirements Operating Temperature 0° to 40° C (32° to 104° F) Storage Temperature -40° to 70 ° C (-40° to 158° F) Operating Humidity 10% to 95% relative humidity, noncondensing Standards EN60068 to Extreme IEC68 schedule Certification Marks CE (European Community) TUV/GS (German Notified Body) TUV/S (Argentina) GOST (Russian Federation) ACN 090 029 066 C-Tick (Australian Communication Authority) Underwriters Laboratories (USA and Canada) MIC (South Kor
C Supported Standards The following is a list of software standards supported by ExtremeWare for the Summit24e3 switch. Standards and Protocols RFC 1058 RIP RFC 783 TFTP RFC 1723 RIP v2 RFC 1542 BootP RFC 1112 IGMP RFC 854 Telnet RFC 2236 IGMP v2 RFC 768 UDP RFC 2328 OSPF v2 (incl.
Supported Standards 216 Summit24e3 Switch Installation and User Guide
D Software Upgrade and Boot Options This appendix describes the following topics: • Downloading a New Image on page 217 • Saving Configuration Changes on page 219 • Using TFTP to Upload the Configuration on page 219 • Using TFTP to Download the Configuration on page 221 • Upgrading and Accessing BootROM on page 222 • Boot Option Commands on page 223 Downloading a New Image The image file contains the executable code that runs on the switch. It comes preinstalled from the factory.
Software Upgrade and Boot Options Rebooting the Switch To reboot the switch, use the following command: reboot { time
Saving Configuration Changes Saving Configuration Changes The configuration is the customized set of parameters that you have selected to run on the switch. As you make configuration changes, the new settings are stored in run-time memory. Settings that are stored in run-time memory are not retained by the switch when the switch is rebooted. To retain the settings, and have them load when you reboot the switch, you must save the configuration to nonvolatile storage.
Software Upgrade and Boot Options • Automatically upload the configuration file every day, so that the TFTP server can archive the configuration on a daily basis. Because the filename is not changed, the configured file stored in the TFTP server is overwritten every day. To upload the configuration, use the following command: upload configuration [ | ] {every
Using TFTP to Download the Configuration Using TFTP to Download the Configuration You can download ASCII files that contain CLI commands to the switch to modify the switch configuration. Three types of configuration scenarios that can be downloaded: • Complete configuration • Incremental configuration • Scheduled incremental configuration Downloading a Complete Configuration Downloading a complete configuration replicates or restores the entire configuration to the switch.
Software Upgrade and Boot Options To download an incremental configuration, use the following command: download configuration [ | ] {incremental} Scheduled Incremental Configuration Download You can schedule the switch to download a partial or incremental configuration on a regular basis. You could use this feature to update the configuration of the switch regularly from a centrally administered TFTP server.
Boot Option Commands Accessing the BootROM menu Interaction with the BootROM menu is only required under special circumstances, and should be done only under the direction of Extreme Networks Customer Support. The necessity of using these functions implies a non-standard problem which requires the assistance of Extreme Networks Customer Support. To access the BootROM menu, follow these steps: 1 Attach a serial cable to the console port of the switch.
Software Upgrade and Boot Options Table 65: Boot Option Commands (continued) Command Description download image [ | ] {primary | secondary} Downloads a new image from a TFTP server over the network. If no parameters are specified, the image is saved to the current image. reboot {time
E Troubleshooting If you encounter problems when using the switch, this appendix may be helpful. If you have a problem not listed here or in the release notes, contact your local technical support representative. LEDs Power LED does not light: Check that the power cable is firmly connected to the device and to the supply outlet. On powering-up, the MGMT LED lights amber: The device has failed its Power On Self Test (POST) and you should contact your supplier for advice.
Troubleshooting • Both ends of the Gigabit link are set to the same autonegotiation state. Both sides of the Gigabit link must be enabled or disabled. It the two are different, typically the side with autonegotiation disabled will have the link LED lit, and the side with autonegotiation enabled will not be lit. The default configuration for a Gigabit port is autonegotiation enabled.
Using the Command-Line Interface Check that the port through which you are trying to access the device has not been disabled. If it is enabled, check the connections and network cabling at the port. Check that the port through which you are trying to access the device is in a correctly configured VLAN. Try accessing the device through a different port. If you can now access the device, a problem with the original port is indicated. Re-examine the connections and cabling.
Troubleshooting The only way to establish a full duplex link is to either force it at both sides, or run auto-negotiation on both sides (using full duplex as an advertised capability, which is the default setting on the Extreme switch). NOTE A mismatch of duplex mode between the Extreme switch and another network device will cause poor network performance. Viewing statistics using the show port rx command on the Extreme switch may display a constant increment of CRC errors.
Debug Tracing with a number, or contains non-alphabetical characters, you must use quotation marks whenever referring to the VLAN name. VLANs, IP Addresses and default routes: The system can have an IP address for each configured VLAN. It is necessary to have an IP address associated with a VLAN if you intend to manage (Telnet, SNMP, ping) through that VLAN or route IP traffic. You can also configure multiple default routes for the system.
Troubleshooting • support@extremenetworks.com You can also visit the support website at: • http://www.extremenetworks.com/extreme/support/techsupport.asp to download software updates (requires a service contract) and documentation.
Index Numerics 802.
schedule download uploading to file console connection console port connecting equipment to controlling Telnet access conventions notice icons, About This Guide text, About This Guide creating access lists access masks rate limits 222 219 50 27 52 17 18 95 95 95 D database applications, and QoS database overflow, OSPF default passwords settings users default STP domain default VLAN delete access list access masks rate limit deleting a session DHCP and UDP-Forwarding DHCP relay, configuring DHCP server Dif
installation free-standing rack verifying interfaces, router Internet Group Management Protocol.
O opaque LSAs, OSPF Open Shortest Path First.
rate limits adding deleting rate-limiting receive errors remote logging Remote Monitoring.
displaying settings domains examples forward delay hello time max age overview path cost port priority port state, displaying stub area, OSPF Summit24e3 switch certification marks dimensions electromagnetic compatibility environmental requirements front view heat dissipation LEDs load sharing load sharing example MAC address media distances, supported media types, supported port configuration power socket power supply specifications power-off specifications rear view reset button serial number size verifyin
types UDP-Forwarding voice applications, QoS 80 180 134 W web browsing applications, and QoS weight, Summit24e3 switch Summit24e3 Switch Installation and User Guide 135 213 Index - 237
- Index Summit24e3 Switch Installation and User Guide
Index of Commands C clear counters clear dlcs clear fdb clear igmp snooping clear iparp clear ipfdb clear ipmc cache clear log clear session config access-profile config access-profile add config access-profile delete config access-profile mode config account config banner config bootprelay add config bootprelay delete config dns-client add config dns-client default-domain config dns-client delete config download server config eaps name config eaps add control vlan config eaps add protect vlan config eaps
config ospf direct-filter config ospf lsa-batching-timer config ospf metric-table config ospf originate-default config ospf routerid config ospf spf-hold-time config ospf timer config ospf vlan config ospf vlan area config ospf vlan neighbor add config ospf vlan neighbor delete config ospf vlan timer config ports auto off config ports auto on config ports display-string config ports qosprofile config radius server config radius shared-secret config radius-accounting config radius-accounting shared-secret co
disable edp ports 77 disable icmp 179 disable icmp address-mask 179 disable icmp parameter-problem 175 disable icmp port-unreachables 179 disable icmp redirects 179 disable icmp time-exceeded 179 disable icmp timestamp 179 disable icmp unreachables 179 disable icmp useredirects 179 disable idletimeouts 43 disable igmp 208 disable igmp snooping 208 disable ignore-bpdu 160 disable ignore-bpdu vlan 165 disable ignore-stp vlan 165 disable ipforwarding 173, 179 disable ipforwarding broadcast 173, 179 disable ipf
enable learning port enable log display enable loopback-mode vlan enable mirroring enable nat enable netlogin ports enable osfp export direct enable ospf enable ospf capability opaque-lsa enable ospf export enable ospf export rip enable ospf export static enable ports enable radius enable radius-accounting enable rip enable rip aggregation enable rip export enable rip originate-default enable rip poisonreverse enable rip splithorizon enable rip triggerupdates enable rmon enable route sharing enable sharing
show radius show radius-accounting show rate-limit show rip show rip stat show rip vlan show session show sharing address-based show sntp client show sntp-client show stpd show stpd port show switch show tacacs show tacacs-accounting show tech-support show udp-profile show version show vlan 58 58 96, 100 196 196 196 52 73, 74 68 70 165 165 68, 144, 148, 222 62 62 148 182 148 86, 142, 144 T telnet traceroute 47, 50 47, 48 U unconfig eaps unconfig eaps primary port unconfig eaps secondary port unconfig ic
- Index of Commands Summit24e3 Switch Installation and User Guide