Mellanox MLNX-OS® User Manual for SX1018HP Ethernet Managed Blade Switch Rev 1.6.9 Software Version 3.3.4100 www.mellanox.
Rev 1.6.9 NOTE: THIS HARDWARE, SOFTWARE OR TEST SUITE PRODUCT (“PRODUCT(S)”) AND ITS RELATED DOCUMENTATION ARE PROVIDED BY MELLANOX TECHNOLOGIES “AS-IS” WITH ALL FAULTS OF ANY KIND AND SOLELY FOR THE PURPOSE OF AIDING THE CUSTOMER IN TESTING APPLICATIONS THAT USE THE PRODUCTS IN DESIGNATED SOLUTIONS. THE CUSTOMER'S MANUFACTURING TEST ENVIRONMENT HAS NOT MET THE STANDARDS SET BY MELLANOX TECHNOLOGIES TO FULLY QUALIFY THE PRODUCTO(S) AND/OR THE SYSTEM USING IT.
Rev 1.6.9 Table of Contents Document Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 About this Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Rev 1.6.9 4.2.1 4.2.2 4.2.3 4.2.4 4.3 Upgrading MLNX-OS® Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deleting Unused Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Downgrading MLNX-OS Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Upgrading System Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 42 42 45 File Management . . . . . . . . . . . . .
Rev 1.6.9 5.5 Spanning Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 5.5.1 5.5.2 5.5.3 5.5.4 5.5.5 5.6 Port Priority and Cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Port Type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . BPDU Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Rev 1.6.9 Document Revision History Table 1 - Document Revision History - Ethernet Document Revision Date Changes Rev 1.6.9 September 2013 Updated Section 4.6, “Event Notifications,” on page 49 Updated Section 4.4.2, “Text Configuration Files,” on page 48 Added Section 4.9, “mDNS,” on page 53 Rev 1.6.8 August 2013 Added Section 4.4.2, “Text Configuration Files,” on page 48 Updated Section 2.4, “Licenses,” on page 19. Rev 1.6.7 June 2013 Updated Section 6.2.3, “Configuring OSPF,” on page 101.
Rev 1.6.9 About this Manual This manual provides general information concerning the scope and organization of this User’s Manual. Intended Audience This manual is intended for network administrators who are responsible for configuring and managing Mellanox Technologies’ SwitchX based Switch Platforms. Related Documentation The following table lists the documents referenced in this User’s Manual. Table 2 - Reference Documents Document Name Description InfiniBand Architecture Specification, Vol.
Rev 1.6.9 Glossary Table 3 - Glossary AAA Authentication, Authorization, and Accounting. Authentication - verifies user credentials (username and password). Authorization - grants or refuses privileges to a user/client for accessing specific services. Accounting - tracks network resources consumption by users. ARP Address Resolution Protocol. A protocol that translates IP addresses into MAC addresses for communication over a local area network (LAN). CLI Command Line Interface.
Rev 1.6.9 Table 3 - Glossary MTU (Maximum Transfer Unit) The maximum size of a packet payload (not including headers) that can be sent /received from a port Network Adapter A hardware device that allows for communication between computers in a network PFC/FC Priority Based Flow Control applies pause functionality to traffic classes OR classes of service on the Ethernet link. RADIUS Remote Authentication Dial In User Service.
Rev 1.6.9 1 Introduction Mellanox® Operating System (MLNX-OS®) enables the management and configuration of Mellanox Technologies’ SwitchX® silicon based switch platforms. MLNX-OS supports the Virtual Protocol Interconnect (VPI) technology which enables it to be used for both Ethernet and InfiniBand technology providing the user with greater flexibility. MLNX-OS provides a full suite of management options, including support for Mellanox’s Unified Fabric Manager® (UFM), SNMP V1,2,3, and web user interface.
Rev 1.6.9 Table 5 - Ethernet Features Feature Description Ethernet support • • • • • • • • • 48K Unicast MAC addresses VLAN (802.1Q) - 4K LAG/LACP (802.3ad), 16 links per LAG (36 LAGs) Rapid Spanning Tree (802.1w) Flow control (802.3x) IGMP snooping v1,2 LLDP ETS (802.1Qaz) PFC (802.
Rev 1.6.9 2 Getting Started The procedures described in this chapter assume that you have already installed and powered on your switch according to the instructions in the Hardware Installation Guide, which was shipped with the product. 2.1 Configuring the Switch for the First Time Connect to the HP Chassis Manager and run “connect interconnect ”. Step 1. No remote IP connection is available at this stage. Configure a serial terminal from EM with the settings described below.
Rev 1.6.9 Table 7 - Configuration Wizard Session - IP Configuration by DHCP (Sheet 2 of 3) Wizard Session Display (Example) Comments Step 2: Use DHCP on mgmt0 interface? [yes] Perform this step to obtain an IP address for the switch. (mgmt0 is the management port of the switch.) If you wish the DHCP server to assign the IP address, type “yes” and press . If you type “no” (no DHCP), then you will be asked whether you wish to use the “zeroconf” configuration or not.
Rev 1.6.9 Table 7 - Configuration Wizard Session - IP Configuration by DHCP (Sheet 3 of 3) Wizard Session Display (Example) You have entered the following information: 1. Hostname: 2. Use DHCP on mgmt0 interface: yes 3. Enable IPv6: yes 4. Enable IPv6 autoconfig (SLAAC) on mgmt0 interface: yes 5. Admin password (Enter to leave unchanged): (CHANGED) To change an answer, enter the step number to return to. Otherwise hit to save changes and exit.
Rev 1.6.9 Table 8 - Configuration Wizard Session - IP Zeroconf Configuration Wizard Session Display - IP Zeroconf Configuration (Example) Mellanox configuration wizard Do you want to use the wizard for initial configuration? y Step 1: Hostname? [switch-112126] Step 2: Use DHCP on mgmt0 interface? [no] Step 3: Use zeroconf on mgmt0 interface? [no] yes Step 4: Default gateway? [192.168.10.
Rev 1.6.9 Table 9 - Configuration Wizard Session - Static IP Configuration Wizard Session Display - Static IP Configuration (Example) Mellanox configuration wizard Do you want to use the wizard for initial configuration? y Step 1: Hostname? [switch-112126] Step 2: Use DHCP on mgmt0 interface? [yes] n Step 3: Use zeroconf on mgmt0 interface? [no] Step 4: Primary IP address? 192.168.10.4 Mask length may not be zero if address is not zero (interface mgmt0) Step 5: Netmask? [0.0.0.0] 255.255.255.
Rev 1.6.9 Step 5. Check the mgmt0 interface configuration before attempting a remote (for example, SSH) connection to the switch. Specifically, verify the existence of an IP address. switch # show interfaces mgmt0 Interface mgmt0 state Admin up: yes Link up: yes IP address: 169.254.15.134 Netmask: 255.255.0.
Rev 1.6.9 Mellanox Switch switch > 2.3 Step 3. Login to the switch (default username is admin, password admin) Step 4. Once you get the prompt, you are ready to use the system. Refer to MLNX-OS Command Reference Guide for additional information on the CLI commands. Starting the Web Interface To start a WebUI connection to the switch platform: Step 1. Set up an Ethernet connection between the switch and a local network machine using a standard RJ-45 connector. Step 2.
Rev 1.6.9 Figure 3: Display After Login 2.4 Licenses MLNX-OS software package can be extended with premium features. Installing a license allows you to access the specified premium features. This section is relevant only to switch systems with an internal management capability.
Rev 1.6.9 Table 10 - MLNX-OS Licenses OPN 2.4.1 Valid on product Description UPGR-6036F-56E SX6036 56GbE link speed UPGR-1036-GW SX1036 InfiniBand, Ethernet L3, Gateway UPGR-1036F-56E SX1036 56GbE link speed UPGR-1024-GW SX1024 InfiniBand, Ethernet L3, Gateway UPGR-1024-56E SX1024 56GbE link speed LIC-fabric-inspector SX6036F/T/ SX65XX InfiniBand fabric inspector monitoring and health. Installing MLNX-OS® License (CLI) To install an MLNX-OS license via CLI: Step 1.
Rev 1.6.9 Figure 4: No Licenses Installed Step 3. Enter your license key(s) in the text box. If you have more than one license, please enter each license in a separate line. Click “Add Licenses” after entering the last license key to install them. If you wish to add another license key in the future, you can simply enter it in the text box and click “Add Licenses” to install it.
Rev 1.6.9 Figure 5: Enter Licence Key(s) in Text Box All installed licenses should now be displayed.
Rev 1.6.9 Step 4. Save the configuration to complete the license installation. If you do not save the installation session, you will lose the installed licenses at the next system boot. 2.4.3 Retrieving a Lost License Key In case of a lost MLNX-OS® license key, contact your authorized Mellanox reseller and provide the switch’s chassis serial number. To obtain the switch’s chassis serial number: Step 1. Login to the switch. Step 2.
Rev 1.6.9 3 User Interfaces 3.1 Command Line Interface (CLI) MLNX-OS® is equipped with an industry-standard CLI. The CLI is accessed through SSH or Telnet sessions, or directly via the console port on the front panel (if it exists). Refer to the MLNX-OS Command Reference Guide for complete set of commands, syntax and examples. 3.1.1 CLI Modes The CLI can be in one of following modes, and each mode makes available a certain group (or level) of commands for execution.
Rev 1.6.9 3.1.2 Syntax Conventions To help you identify the parts of a CLI command, this section explains conventions of presenting the syntax of commands. Table 12 - Syntax Conventions Syntax Convention Description Example < > Angled brackets Indicate a value/variable that must be replaced. <1...65535> or [ ] Square brackets Enclose optional parameters. However, only one parameter out of the list of parameters listed can be used.
Rev 1.6.
Rev 1.6.
Rev 1.6.9 Terminal length: 60 rows Terminal type: xterm Auto-logout: disabled Paging: enabled Progress tracking: enabled Prefix modes: enabled ... // 4. Re-enable auto-logout after 15 minutes switch (config) # cli session auto-logout 15 // 5.
Rev 1.6.9 Table 13 - Angled Brackets Parameter Description Parameter 3.2 Description An IPv4 network prefix specifying a network. Used in conjunction with a netmask to determine which bits are significant. e.g. “192.168.0.0”. An extended regular expression as defined by the “grep” in the man page. (The value you provide here is passed on to “grep -E”.) ID of a node belonging to a cluster. This is a numerical value greater than zero.
Rev 1.6.9 • Ethernet Management Make sure to save your changes before switching between menus or sub-menus. Click the “Save” button to the right of “Save Changes?”. Figure 7: WebUI 3.2.1 Setup Menu The Setup menu makes available the following submenus (listed in order of appearance from top to bottom): Table 14 - Setup Submenus Submenu Title Description Interfaces Used to obtain the status of, configure, or disable interfaces to the InfiniBand fabric.
Rev 1.6.9 Table 14 - Setup Submenus Submenu Title 3.2.2 Description Routing Used to set, remove or display the default gateway, and the static and dynamic routes. Hostname Used to set or modify the hostname. Used to set or delete static hosts. DNS Used to set, remove, modify or display static and dynamic name servers. Login Messages Used to edit the login messages: Message of the Day (MOTD), Remote Login message, and Local Login message.
Rev 1.6.9 Table 15 - System Submenus Submenu Title 3.2.3 Description Inventory Displays a table with the following information about the system modules: module name, type, serial number, ordering part number and Asic firmware version. Power Management Displays a table with the following information about the system power supplies: power supply name, power, voltage level, current consumption, and status.
Rev 1.6.9 Table 17 - Ports Submenus Submenu Title 3.2.5 Description Phy Profile Provides the ability to manage phy profiles. Protocol type Manages the link protocol type Status Menu The Status menu makes available the following sub-menus (listed in order of appearance from top to bottom): Table 18 - Status Submenus Submenu Title 3.2.
Rev 1.6.9 The IB SM Mgmt menu makes available the following sub-menus (listed in order of appearance from top to bottom): Table 19 - IB SM Mgmt Submenus Submenu Title 3.2.7 Description Summary Displays the local Subnet Manager (SM) status (running time, failures, etc). Base SM Used to manage basic SM configuration (enabling SM, priority level, and restoring initial configuration). Advanced SM Used to manage basic SM configuration (enabling SM, priority level, and restoring initial configuration).
Rev 1.6.9 Table 20 - Fabric Inspctr Submenus Submenu Title 3.2.8 Description IB Nodes Displays information about InfiniBand nodes in the fabric. It is possible to filter display by the type of InfiniBand node (HCA adapter, switch, etc). IB Ports Displays all active InfiniBand ports in the fabric.
Rev 1.6.9 4 System Management 4.1 Management Interface 4.1.1 Configuring Management Interfaces with Static IP Addresses If your switch system was set during initialization to obtain dynamic IP addresses through DHCP and you wish to switch to static assignments, perform the following steps: Step 1. Change to Config mode. Run: switch > switch > enable switch # configure terminal Step 2.
Rev 1.6.9 For all other systems (and software versions) DHCP is disabled by default. If a user connects through SSH, runs the wizard and turns off DHCP, the connection is immediately terminated as the management interface loses its IP address. # ssh admin@192.168.10.
Rev 1.6.9 Step 4. (Optional) Verify in-band management configuration. Run: switch (config) # show interfaces vlan10 Interface vlan10 status: Comment: Admin up: yes Link up: yes DHCP running: no IP address: 10.10.10.10 Netmask: 255.255.255.
Rev 1.6.9 Partition 1: SX_PPC_M460EX SX_3.3.3130 2013-03-20 21:32:25 ppc Partition 2: SX_PPC_M460EX SX_3.3.3130 2013-03-20 21:32:25 ppc Images available to be installed: image-PPC_M460EX-SX_3.3.3256.img SX_PPC_M460EX SX_3.3.3256 2013-03-20 21:32:25 ppc Serve image files via HTTP/HTTPS: no No image install currently in progress. Boot manager password is set. No image install currently in progress. Require trusted signature in image being installed: yes (default) switch (config) # Step 3.
Rev 1.6.9 switch (config) # show images Installed images: Partition 1: SX 2013-04-28 16:02:50 Partition 2: SX 2013-04-28 16:52:50 Images available to be installed: new_image.img SX 2013-04-28 16:52:50 Serve image files via HTTP/HTTPS: no No image install currently in progress. Boot manager password is set. No image install currently in progress. Require trusted signature in image being installed: yes (default) switch (config) # Step 6. Install the new image.
Rev 1.6.9 new_image.img SX 2011-04-28 16:52:50 Installed images: Partition 1: SX 2011-04-28 16:02:50 Partition 2: SX 2011-04-28 16:52:50 Last boot partition: 1 Next boot partition: 2 No boot manager password is set. switch (config) # Step 9. Save current configuration. Run: switch (config) # configuration write switch (config)# Step 10. Reboot the switch to run the new image.
Rev 1.6.9 When performing upgrade from the WebUI, make sure that the image you are trying to upgrade to is not located already in the system (i.e. fetched from the CLI). 4.2.2 Deleting Unused Images To delete unused images: Step 1. Enter Config mode. Run: switch > switch > enable switch # configure terminal Step 2. Get a list of the unused images. Run switch (config) # show images Images available to be installed: image-PPC_M460EX-SX_3.1.1224.img SX-OS_PPC_M460EX SX_3.1.
Rev 1.6.9 2. Disable paging of CLI output. Run: switch-112094 [standalone: master] (config) # no cli default paging enable 3. Display commands to recreate current running configuration. Run: switch-112094 [standalone: master] (config) # show running-config 4. Copy the output to a text file. 4.2.3.1 Downloading Image Step 1. Log into the system to obtain the serial number. Run: switch-112094 [standalone: master] (config) # show inventory Step 2.
Rev 1.6.9 Partition 1: 2010-09-19 03:46:25 Partition 2: 2010-09-19 03:46:25 Last boot partition: 1 Next boot partition: 1 No boot manager password is set. switch (config) # Step 4. Install the MLNX-OS image. Run: switch Step 1 100.0% Step 2 100.0% Step 3 100.0% Step 4 100.0% switch Step 5.
Rev 1.6.9 In case you are downloading to an older software version which has never been run yet on the switch, use the following command sequence as well: switch (config) # no boot next fallback-reboot enable switch (config) # configuration write Step 7. Reload the switch. Run: switch (config) # reload 4.2.3.3 Switching to Partition with Older Software Version The system saves a backup configuration file when upgrading from an older software version to a newer one.
Rev 1.6.9 If one or more of the switch modules is programmed with a firmware version other than the default version, then MLNX-OS will automatically attempt to burn the default firmware version instead. If a firmware update takes place, then the login process will be delayed for a few minutes. To verify that the firmware update was successful, login to MLNX-OS and run the command “show asic-version” (can be run in any mode). This command lists all of the switch modules along with their firmware versions.
Rev 1.6.
Rev 1.6.9 4.4.1 BIN Configuration Files BIN configuration files are not human readable and cannot be edited.
Rev 1.6.9 When applying a text-based configuration file, the configuration is appended to the switch’s existing configuration. Reboot is not required. 4.5 Logging 4.5.1 Monitor To print logging events to the terminal: Set the modules or events you wish to print to the terminal.
Rev 1.6.9 4.6.1 Supported Events The following table presents the supported events and maps them to their relevant MIB OID.
Rev 1.6.9 Table 22 - Supported Event Notifications and MIB Mapping Event Name 4.6.
Rev 1.6.9 Step 1. Enter to Config mode. Run: switch > switch > enable switch # configure terminal Step 2. Set your mailhub to the IP address to be your mail client’s server – for example, Microsoft Outlook exchange server. switch (config) # email mailhub Step 3. Add your email address for notifications. Run: switch (config) # email notify recipient Step 4. Configure the system to send notifications for a specific event.
Rev 1.6.9 This is a test email. ==== Done. For further information, please refer to Mellanox MLNX-OS Command Reference Guide. 4.7 USB Support 4.7.1 Accessing a USB Device for Read/Write MLNX-OS can access USB devices attached to switch systems. USB devices are automatically recognized and mounted upon insertion.
Rev 1.6.9 In order to block sending mDNS traffic from the management interface use the following command: switch (config) # no ha dns enable switch (config) # 4.10 User Management and Security 4.10.1 Authentication, Authorization and Accounting (AAA) AAA is a term describing a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.
Rev 1.6.9 It is used for several reasons: • RADIUS facilitates centralized user administration • RADIUS consistently provides some level of protection against an active attacker For information on the RADIUS commands, please refer to Mellanox MLNX-OS Command Reference Guide. 4.10.1.
Rev 1.6.9 4.10.2 Secure Shell (SSH) It is recommended not to use more than 100 concurrent SSH sessions to the switch. 4.10.2.1 Adding a Host and Providing an SSH Key To add entries to the global known-hosts configuration file and its SSH value, perform the following steps: Step 1. Change to Config mode Run: switch [standalone: master] > enable switch [standalone: master] # configure terminal switch [standalone: master] (config) # Step 2.
Rev 1.6.9 4.11 Network Management Interfaces 4.11.1 SNMP Simple Network Management Protocol (SNMP), is a network protocol for the management of a network and the monitoring of network devices and their functions. SNMP supports asynchronous event (trap) notifications and queries. MLNX-OS supports: • SNMP versions v1, v2c and v3 • SNMP trap notifications • Standard MIBs • Mellanox private MIBs 4.11.1.
Rev 1.6.
Rev 1.6.9 4.11.1.2 Private MIB Table 27 - Private MIBs Supported MIB Comments MELLANOX-SMI-MIB Mellanox Private MIB main structure (no objects) MELLANOX-PRODUCTS-MIB List of OID – per managed system (sysObjID) MELLANOX-IF-VPI-MIB IfTable extensions MELLANOX-EFM-MIB Deprecated MIB (based on Mellanox-MIB) Traps definitions are supported. MELLANOX-ENTITY-MIB Enhances the standard ENTITY-MIB (contains GUID and ASIC revision).
Rev 1.6.9 For additional information refer to MELLANOX-EFM-MIB. For event-to-MIB mapping, please refer to Table 22, “Supported Event Notifications and MIB Mapping,” on page 50. 4.11.1.4 Configuring SNMP To set up the SNMP: Step 1. Activate the SNMP server on the MLNX-OS switch (in configure mode) using the following commands: Community strings are case sensitive. Director switches (SX65xx systems) require SNMP timeout configuration on the agent of 60 seconds.
Rev 1.6.9 Step 3. Enter privacy password and its confirmation. switch (config) # snmp-server user admin v3 prompt auth md5 priv des Auth password: ******** Confirm: ******** Privacy password: ******** Confirm: ******** switch (config) # To retrieve the system table, run the following SNMP command: snmpwalk -v3 -l authPriv -a MD5 -u admin -A “” -x DES -X “” SNMPv2-MIB::system 4.11.1.
Rev 1.6.9 This particular event is used as an example only. Step 5. Verify the list of traps and informs being sent to out of the system.
Rev 1.6.9 5 Ethernet Switching 5.1 Interface Interface Ethernet have the following physical set of configurable parameters 5.1.1 • Admin state – enabling or disabling the interface.
Rev 1.6.9 Specific ports can be split by using a QSFP 1X4 breakout cable to split one 40 Gb/s port into 4 lanes (4 SFP+ connectors). These 4 lanes then go, one lane to each of the 4 SFP+ connectors. Some ports can be split into 2 10 Gb/s ports, using lanes 1 and 2 only. When a QSFP port is split into 2 10Gb/s ports then only SFP+ connectors #1 and #2 are used. Connectors #3 and #4 are left unconnected. Splitting the interface deletes all configuration on that interface.
Rev 1.6.9 5.1.1.1 Changing the Module Type to a Split Mode To split a port of an interface: Step 1. Shut down all the ports related to the interface. Run: • in case of split-2, shut down the current interface only • in case of split-4, shut down the current interface and the other interface switch switch switch switch switch Step 2.
Rev 1.6.9 The module-type can be changed only from the first member of the split and not from the interface that was split. The following warning will be displayed: The following interfaces will be unmapped: 1/4/1 1/ 4/2 1/4/3 1/4/4. Step 3. Type yes when prompted Type 'yes' to confirm unsplit. Step 4. 5.
Rev 1.6.9 If the physical port is operationally up, this port will be an active member of the aggregation. Consequently, it will be able to convey traffic. 5.2.2 Configuring Link Aggregation Control Protocol (LACP) To configure LACP: Step 1. Log in as admin. Step 2. Enter config mode. Run: switch > enable switch # configure terminal Step 3. Create a port-channel entity. Run: switch (config) # interface port-channel 1 switch (config interface port-channel 1) # Step 4. Change back to config mode.
Rev 1.6.9 • 5.3.1 Trunk – Trunk port is a port connecting 2 switches. It accepts only tagged frames with VLANs of which the port is a member. On egress, traffic sent from the Trunk port is tagged. By default, a Trunk port is, automatically, a member on all current VLANs. Configuring Access Mode and Assigning Port VLAN ID (PVID) To configure Access mode and assign PVID to interfaces: Step 1. Log in as admin. Step 2. Enter config mode. Run: switch > enable switch # configure terminal Step 3.
Rev 1.6.9 Step 5. Enter the interface context. Run: switch (config) # interface ethernet 1/36 switch (config interface ethernet 1/36) # Step 6. From within the interface context, configure the interface mode to Access. Run: switch (config interface ethernet 1/36) # switchport mode hybrid switch (config interface ethernet 1/36) # Step 7. From within the interface context, configure the Access VLAN membership.
Rev 1.6.9 Step 4. Change back to config mode. Run: switch (config vlan 10) # exit switch (config) # Step 5. Enter the interface context. Run: switch (config) # interface ethernet 1/35 switch (config interface ethernet 1/35) # Step 6. From within the interface context, configure the interface mode to Hybrid. Run: switch (config interface ethernet 1/35) # switchport mode hybrid switch (config interface ethernet 1/35) # Step 7. From within the interface context, configure the allowed VLAN membership.
Rev 1.6.9 host, is to converge quickly, while the required behavior of a port connected to a switch entity is to converge based on the RSTP parameters. Additionally, it adds security issues on a port and switch basis, allowing the operator to determine the state and role of a port or the entire switch should an abnormal event occur.
Rev 1.6.9 BPDU filtering is configured per interface. When configured, the port does not send any BPDUs and drops all BPDUs that it receives. To configure BPDU filter, use the following command: switch (config interface etherent )# spanning-tree bpdufilter {enable , disable} Configuring BPDU filtering on a port connected to a switch can cause bridging loops because the port filters any BPDU it receives and goes to forwarding state. 5.5.
Rev 1.6.9 ticast-group by sending a join request message towards the network router, and responds to queries sent from the network router by dispatching a join report. A given port can be either manually configured to be a router-port or it can be dynamically manifested when having received a query, hence, the network router is connected to this port.
Rev 1.6.9 Step 6. Define the MRouter port on the VLAN. Run: switch (config) # vlan 2 switch (config vlan 2) # ip igmp mrouter interface ethernet 1/1 switch (config vlan 2) # To change the Interface Switchport to Hybrid: Step 1. Log in as admin. Step 2. Enter config mode. Run: switch > enable switch # configure terminal Step 3. Enable IGMP snooping globally. Run: switch (config) # ip igmp snooping switch (config) # Step 4. Create a VLAN.
Rev 1.6.9 Step 2. Enter config mode. Run: switch > enable switch # configure terminal Step 3. Enable LLDP globally on the switch. Run: switch (config) # lldp switch (config) # Step 4. Enable LLDP per interface. Run: switch (config interface ethernet 1/1) # lldp receive switch (config interface ethernet 1/1) # lldp transmit Step 5. Show LLDP local information.
Rev 1.6.
Rev 1.6.9 Step 4. Choose the desirable priority you want to enable using the command dcb priority-flow-control priority enable. switch (config) # dcb priority-flow-control priority 5 enable To enable PFC per interface: Step 1. Log in as admin. Step 2. Change to config mode. Run: switch > enable switch # configure terminal Step 3. Enable PFC globally on the switch. Run: switch (config) # dcb priority-flow-control enable Step 4.
Rev 1.6.9 Step 1. Log in as admin. Step 2. Enter config mode. Run: switch > enable switch # configure terminal Step 3. Run the command dcb ets disable. switch (config) # no dcb ets enable To configure the WRR bandwidth percentage: Step 1. Log in as admin. Step 2. Enter config mode. Run: switch > enable switch # configure terminal Step 3. Make sure ETS feature is enabled. Run: switch (config) # dcb ets enable Step 4. Choose the WRR bandwidth rate and distribution.
Rev 1.6.9 Step 5. Run the command show dcb ets to verify the configuration. switch (config) # show dcb ets ETS enabled TC Bandwidth -------------------------0 30% 1 30% 2 10% 3 30% Number of Traffic Class: 4 switch (config) # 5.9 Access Control List An Access Control List (ACL) is a list of permissions attached to an object, to filter or match switches packets. When the pattern is matched at the hardware lookup engine, a specified action (e.g. permit/deny) is applied.
Rev 1.6.9 5.9.2 ACL Actions An ACL action is a set of actions can be activated in case the packet hits the ACL rule. To modify the VLAN tag of the egress traffic as part of the ACL “permit” rule: Step 1. Create access-list action profile: a.Create an action access-list profile using the command access-list action b.Add rule to map a VLAN using the command vlan-map within the action profile configuration mode Step 2. Create an access-list and bind the action rule: a.
Rev 1.6.9 There is no limitation on the number of mirroring sources and more than a single source can be mapped to a single analyzer destination. 5.10.1 Mirroring Sessions Port mirroring is performed by configuring mirroring sessions. A session is an association of a mirror port (or more) and an analyzer port.
Rev 1.6.9 There is no limitation on the number of the source interfaces mapped to a mirroring session. Ingress and egress traffic flows of a specific source interface can be mapped to two different sessions. LAG The source interface can be a physical interface or a LAG. Port mirroring can be configured on a LAG interface but not on a LAG member. When a port is added to a mirrored LAG it inherits the LAG’s mirror configuration.
Rev 1.6.9 The system on the receiving end of the analyzer port must be set to handle the egress traffic. If it is not, it might discard it and indicate this in its statistics (packet too long). 5.10.1.3 Header Format Ingress traffic from the source interface can be manipulated in several ways depending on the network layout using the command header-format.
Rev 1.6.9 The default behavior in congestion situations is to drop any excessive frames that may clog the system. ETS, PFC and FC configurations do not apply to the destination port. 5.10.1.5 Truncation When enabled, the system can truncate the mirrored packets into smaller 64-byte packets (default) which is enough to capture the packets’ L2 and L3 headers. 5.10.2 Configuring Mirroring Sessions Figure 13 presents two network scenarios with direct and remote connectivity to the analyzer equipment.
Rev 1.6.9 Step 3. Add destination interface. Run: switch (config monitor session 1) # destination interface ethernet 1/2 Step 4. (Optional) Set header format. Run: switch (config monitor session 1) # header-format add-ethernet-header destination-mac 00:0d:ec:f1:a9:c8 add-vlan 10 priority 5 traffic-class 2 For remote connectivity use the header formats add-vlan or add-ethernet-header. For local connectivity, use local. Step 5. (Optional) Truncate the mirrored traffic to 64-byte packets.
Rev 1.6.9 Source interfaces Interface direction ------------------------eth1/1 both To verify the attributes of running mirroring sessions: switch (config) # show monitor session summary Session Admin Status Mode Destination 1 Enable Up add-eth eth1/2 2 Disable Down add-vlan eth1/2 3 Enable Up add-eth eth1/5 7 Disable Down local 5.11 Source eth1/1(b) eth1/8(i), po1(e) eth1/18(e) sFlow sFlow (ver. 5) is a procedure for statistical monitoring of traffic in networks.
Rev 1.6.9 5.11.2 Statistical Samples The sFlow agent samples interface counters time based. Polling interval is configurable to any value between 5-3600 seconds with the default being 20 seconds. The following statistics are gathered by the CPU: Table 31 - List of Statistical Counters Counter Description Total packets The number of packets that pass through sFlow-enabled ports. Number of flow samples The number of packets that are captured by the sampling mechanism.
Rev 1.6.9 Step 6. (Optional) Set the sampling rate of the mechanism. Run: switch (config sflow) # sampling-rate 16000 This means that one every 16000 packet gets collected for sampling. Step 7. (Optional) Set the maximum size of the data path sample. Run: switch (config sflow) # max-sample-size 156 Step 8. (Optional) Set the frequency in which counters are polled. Run: switch (config sflow) # counter-poll-interval 19 Step 9.
