Sun FireTM B1600 Blade System Chassis Switch Administration Guide Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. 650-960-1300 Part No. 817-2576-10 June 2003, Revision A Send comments about this document to: docfeedback@sun.
Copyright 2003 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved. Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.sun.com/patents and one or more additional patents or pending patent applications in the U.S.
Copyright (c) 2003 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved. This product protected by one or more U.S. Patents. Patents Pending. This distribution may include materials developed by third parties. Sun, Sun Microsystems, the Sun logo, Java, Solaris, Sun Fire and the 100% Pure Java logo are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries.
Contents 1. Introduction 1.1 1.2 Overview 1-2 1.1.1 Switch Architecture 1.1.2 Ways of Accessing the Switch Management Application Description of Hardware 1.2.1 1.2.2 2. 1-1 Ethernet Ports Up-link Ports 1-3 1.2.1.2 Internal Ports 1-4 1-5 Features of the Switch 1.4 Switch Default Settings Initial Configuration 1-6 1-9 2-1 Connecting to the Switch Interface 2.1.1 Configuration Options 2.1.1.1 2.2 1-3 1.2.1.1 Status LEDs 1-2 1-3 1.3 2.
3. General Management of the Switch 3.1 Using the Web Interface 3.1.1 3.2 Navigating the Web Browser Interface 3.1.1.1 Home Page 3.1.1.2 Configuration Options Panel Display 3.1.3 Main Menu 3-5 Basic Configuration 3-8 3.2.2 3.2.3 3.2.4 3.2.5 3-4 3-4 3-8 3.2.1.1 Web Interface: Displaying and Specifying Identification Details 3-8 3.2.1.2 Command-line Interface: Displaying and Specifying Identification Details 3-10 3.2.1.
3.2.7 3.3 3.2.6.2 Command-line Interface: Configuring User Authentication 3-32 3.2.6.3 MIB variables Associated With User Authentication 3-33 Configuring SNMP 3-33 3.2.7.1 Configuring SNMP Access 3.2.7.2 Specifying Trap Managers and Trap Types Configuring Global Network Protocols 3.3.1 3.3.2 3.3.3 3.3.4 3.3.5 VLAN Configuration 3-34 3-36 3-39 3-39 3.3.1.1 Displaying Basic VLAN Information 3.3.1.2 Enabling or Disabling GVRP (Global Setting) 3.3.1.3 Configuring VLANs 3.3.1.
3.3.6 3.4 Mapping IP Precedence 3-87 3.3.5.6 Mapping DSCP Priority 3-90 Address Table Settings 3-92 3.3.6.1 Displaying the Address Table 3.3.6.2 Changing the Aging Time Port Configuration Displaying Connection Status 3.4.2 Configuring Interface Connections 3.4.4 3.4.5 3.4.6 3-92 3-94 3-96 3.4.1 3.4.3 viii 3.3.5.5 3-96 3-102 3.4.2.1 Web Interface: Configuring Interface Connections 3-103 3.4.2.2 Command-line Interface: Configuring Interface Connections 3-105 3.4.2.
3.4.7 3.5 3.4.6.1 Displaying the Current Interface Settings for STA 3-125 3.4.6.2 Configuring Interface Settings for STA 3.4.6.3 Checking the STA Protocol Status for Interfaces 3.5.2 3.5.3 3.5.4 3-132 Filtering Traffic From the Down Link Ports to the Management Port 3-134 3.4.7.1 Web Interface: Filtering Traffic to the Management Port 3-135 3.4.7.2 Command-line Interface: Filtering Traffic to the Management Port 3-136 3.4.7.
3.5.4.3 4. Command-Line Reference 4.1 4-1 Using the Command-Line Interface 4.1.1 4.1.2 Accessing the CLI 4-2 4-2 4.1.1.1 Console Connection 4.1.1.2 Telnet Connection Entering Commands 4-2 4-3 4-4 4.1.2.1 Keywords and Arguments 4.1.2.2 Minimum Abbreviation 4.1.2.3 Command Completion 4.1.2.4 Getting Help on Commands 4.1.2.5 Showing Commands 4.1.2.6 Partial Keyword Lookup 4.1.2.7 Negating the Effect of Commands 4.1.2.8 Using Command History 4.1.2.
4.3.2 4.3.3 4.3.4 4.3.1.7 exit 4-19 4.3.1.8 quit 4-19 Flash/File Commands 4-20 4.3.2.1 copy 4-20 4.3.2.2 delete 4.3.2.3 dir 4.3.2.4 whichboot 4.3.2.5 boot system 4-22 4-23 4-25 4-26 System Management Commands 4.3.3.1 hostname 4-28 4.3.3.2 username 4-29 4.3.3.3 enable password 4.3.3.4 ip http port 4.3.3.5 ip http server 4.3.3.6 jumbo frame 4.3.3.7 logging on 4.3.3.8 logging history 4.3.3.9 clear logging 4-36 4.3.3.10 show logging 4-37 4.3.3.
4.3.5 4.3.6 4.3.7 xii 4.3.4.4 radius-server key 4.3.4.5 radius-server retransmit 4.3.4.6 radius-server timeout 4.3.4.7 show radius-server 4.3.4.8 tacacs-server host 4-52 4.3.4.9 tacacs-server port 4-52 4.3.4.10 tacacs-server key 4-53 4.3.4.11 show tacacs-server SNMP Commands 4-49 4-50 4-51 4-54 4-54 4.3.5.1 snmp-server community 4.3.5.2 snmp-server contact 4.3.5.3 snmp-server location 4.3.5.4 snmp-server host 4.3.5.5 snmp-server enable traps 4.3.5.
4.3.8 4.3.9 4.3.10 4.3.7.5 show ip interface 4-75 4.3.7.6 show ip redirects 4-75 4.3.7.7 ping 4.3.7.8 ip filter 4.3.7.9 show ip filter 4-77 Interface Commands 4-81 4-83 4.3.8.1 interface 4.3.8.2 description 4.3.8.3 speed-duplex 4.3.8.4 negotiation 4-86 4.3.8.5 capabilities 4-87 4.3.8.6 flowcontrol 4-89 4.3.8.7 shutdown 4.3.8.8 switchport broadcast packet-rate 4.3.8.9 clear counters 4.3.8.10 show interfaces status 4.3.8.11 show interfaces counters 4.3.8.
4.3.12 4.3.11.2 spanning-tree mode 4.3.11.3 spanning-tree forward-time 4.3.11.4 spanning-tree hello-time 4.3.11.5 spanning-tree max-age 4.3.11.6 spanning-tree priority 4.3.11.7 spanning-tree pathcost method 4.3.11.8 spanning-tree transmission-limit 4.3.11.9 spanning-tree cost 4.3.11.10 spanning-tree port-priority 4.3.11.11 spanning-tree edge-port 4.3.11.12 spanning-tree protocol-migration 4.3.11.13 spanning-tree link-type 4.3.11.
4.3.14 4.3.13.4 show garp timer 4-135 4.3.13.5 bridge-ext gvrp 4-135 4.3.13.6 show bridge-ext 4-136 IGMP Snooping Commands 4-138 4.3.14.1 ip igmp snooping 4-139 4.3.14.2 ip igmp snooping vlan static 4.3.14.3 ip igmp snooping version 4.3.14.4 show ip igmp snooping 4.3.14.5 show mac-address-table multicast 4.3.14.6 ip igmp snooping querier 4.3.14.7 ip igmp snooping query-count 4.3.14.8 ip igmp snooping query-interval 4.3.14.
4.3.16 4.3.17 Mirror Port Commands 4-164 4.3.16.1 port monitor 4-164 4.3.16.2 show port monitor 4-165 Link Aggregation Commands 4-166 4.3.17.1 channel-group 4.3.17.2 lacp 4-168 A. Management Information Base A.1 Supported MIBs A-2 A.2 Supported Traps A-3 B. Troubleshooting A-1 B-1 B.1 Diagnosing Switch Indicators B-2 B.2 Diagnosing Port Connections B-2 B.3 Accessing the Management Interface B.4 Using System Logs B.4.1 B.
Glossary Index Glossary-1 Index-1 Contents xvii
xviii Sun Fire B1600 Blade System Chassis Switch Administration Guide • June 2003
Preface This Sun Fire B1600 Blade System Chassis Switch Administration Guide provides information that enables you to understand and use the switch inside the Switch and System Controller (SSC) module in the system chassis. There are two interfaces to the switch: a command-line interface and a web interface. This manual describes both. The manual is intended for network administrators who are responsible for managing the system chassis.
Chapter 3 describes all of the key switch features and shows you how to configure these features through both the web interface and the console interface. It also provides a list of comparable MIB variables used by SNMP management applications. Chapter 4 provides a detailed listing of all the console interface commands and parameters. Appendix A lists the Management Information Bases (MIB) and traps supported by this switch.
Typographic Conventions Typeface Meaning Examples AaBbCc123 The names of commands and files; on-screen computer output Display system files. Use dir to list all files. AaBbCc123 What you type, when contrasted with on-screen computer output >enable Password: AaBbCc123 Book titles, new words or terms, words to be emphasized. Replace command-line variables with real names or values. Read Chapter 6 in the Sun Fire B1600 Installation and Maintenance Guide. These are called class options.
Contacting Sun Technical Support If you have technical questions about this product that are not answered in this document, go to: http://www.sun.com/service/contacting Sun Welcomes Your Comments Sun is interested in improving its documentation and welcomes your comments and suggestions. You can submit your comments by going to: http://www.sun.
CHAPTER 1 Introduction The Sun Fire B1600 blade system chassis includes two (Switch and System Controller (SSC) modules. The SSC includes a high-performance Gigabit Ethernet switch. The 16 internal full-duplex Gigabit ports on this switch provide high-capacity connectivity within the chassis, while the eight external full-duplex Gigabit ports connect to the wider network. This chapter contains the following sections: ■ Section 1.1, “Overview” on page 1-2 ■ Section 1.
1.1 Overview The switches provide Gigabit Ethernet connectivity for the Sun Fire B1600 blade system chassis. If a fault develops in one switch, operation continues without interruption on the second. All components in the chassis—blades, SSCs and power supply units (PSUs)—plug into a common midplane which provides all interconnection between the components. Each of the 16 server blades is connected to a single port on each switch by a Gigabit Ethernet link that provides the blade’s principal means of I/O.
When you connect through a web browser the switch provides HTTP management access with a graphical user interface. The information provided by SNMP can be displayed by an appropriately configured management application that is able to use SNMP. 1.2 Description of Hardware The SSC includes the switch board, the SC, cooling fans, as well as midplane and rear panel connectors. The SC provides management access to the server chassis and switch board.
1.2.1.2 Internal Ports The switch also includes 16 internal 1000BASE-X Gigabit Ethernet ports that connect to the blades in the chassis. These ports are fixed at 1000 Mbit/sec, full duplex. The internal ports are named SNP0 to SNP15 in the configuration interface. The switch also includes an internal 10/100BASE-TX port called NETMGT, which is connected to the SC's network port and to the external management port on the SSC’s front panel through an internal hub.
1.2.2 Status LEDs Switch level indicators are located on the SSC module. The 1000BASE-T up-link ports and the 10/100BASE-TX management port located on the rear panel of the SSC also include indicators for both Link and Speed. Ready to Remove Service Required Active SERIAL MGT 4 NET MGT 0 Network Mgt. Port SSC Exterior Panel TABLE 1-1 Port LEDs LED 5 1 6 2 Uplink Port Designations Serial Mgt.
1.3 Features of the Switch The switch provides a wide range of advanced performance-enhancing features. Multicast filtering provides support for real-time network applications. Port-based and tagged virtual local area networks (VLANs), plus support for automatic GARP VLAN Registration Protocol (GVRP) provides traffic security and efficient use of network bandwidth. Quality of Service (QoS) priority queueing ensures the minimum delay for moving real-time multi-media data across the network.
can be dynamically learned through GVRP or ports can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can: ■ Eliminate broadcast storms, which severely degrade performance in a flat network. ■ Simplify network management for node changes and moves by remotely configuring VLAN membership for any port, rather than having to manually change the network connection.
This switch also supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic can be prioritized based on the priority bits in the IP frame’s Type of Service (ToS) octet. When these services are enabled, the priorities are mapped to a Class of Service value by the switch, and the traffic is then sent to the corresponding output queue.
1.4 Switch Default Settings TABLE 1-2 Switch Default Settings Function Default System Settings • Web Mgt. Enabled • Secure Web Mgt.
TABLE 1-2 Switch Default Settings (Continued) Function Default • Edge Port (Fast Forwarding) Enabled by default for SNP0-15, disabled for NETP0-7 Address Aging 300 seconds Virtual LANs • GVRP Disabled • Default VLAN PVID 1 (for untagged frames) • Management VLAN VLAN 2 (for the management port) • Tagging RX: All frames, TX: Untagged frames • Ingress Filtering Disabled Multicast Filtering 1-10 • IGMP Snooping Enabled ARP Enabled • Cache Timeout 20 minutes Sun Fire B1600 Blade System
CHAPTER 2 Initial Configuration For full information about performing the initial configuration of the switch, refer to the Sun Fire B1600 Blade System Chassis Software Setup Guide. This chapter contains the following sections: ■ Section 2.1, “Connecting to the Switch Interface” on page 2-2 ■ Section 2.
2.1 Connecting to the Switch Interface 2.1.1 Configuration Options For management access, the switch module provides a command-line configuration interface (CLI). This program can be accessed by first connecting to the RJ-45 serial console port on the switch, and then logging into the switch’s CLI from the System Controller’s (SC) command prompt as shown below, where SSCn indicates either SSC0 or SSC1. sc>: console sscn/swt Username: admin Password: CLI session with the Sun Fire B1600 is opened.
Web Interface – The switch also includes an embedded HTTP Web agent. This agent can be accessed using a standard Web browser from any computer on the management network. SNMP Software – The switch’s management agent is based on Simple Network Management Protocol (SNMP), supporting versions 1, 2c, and 3. This SNMP agent enables the switch to be managed from any system in the management network using management software, such as Solstice Domain ManagerTM software.
The default strings are: ■ public – With read-only access. Authorized management stations are only able to retrieve MIB objects. ■ private – With read/write access. Authorized management stations are able to both retrieve and modify MIB objects. Note – If you do not intend to utilize SNMP, delete both of the default community strings. When there are no community strings, SNMP management access to the switch is disabled. To configure a community string: 1.
3. Save the configuration settings by following the instructions in the Sun Fire B1600 Blade System Chassis Software Setup Guide.
2-6 Sun Fire B1600 Blade System Chassis Switch Administration Guide • June 2003
CHAPTER 3 General Management of the Switch This chapter describes how to perform basic configuration tasks and includes the following sections: ■ Section 3.1, “Using the Web Interface” on page 3-2 ■ Section 3.2, “Basic Configuration” on page 3-8 ■ Section 3.3, “Configuring Global Network Protocols” on page 3-39 ■ Section 3.4, “Port Configuration” on page 3-96 ■ Section 3.
3.1 Using the Web Interface The Sun Fire B1600 blade system chassis switch provides an embedded HTTP web agent. Using a web browser, you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0 or above or Netscape Navigator 6.2 or above). Note – You can also use the command-line interface (CLI) to manage the switch over a serial connection to the console port or though Telnet.
3.1.1 Navigating the Web Browser Interface To access the web-browser interface, you must first enter a user name and password. The administrator has read/write access to all configuration parameters and statistics. The default administrator user name and password is admin. 3.1.1.1 Home Page When your web browser connects with the switch’s web agent, the home page is displayed.
3.1.1.2 Configuration Options Configurable parameters have a text field or a menu. Once a configuration change has been made on a page, click the Save button to confirm the new setting. The following table summarizes the web page configuration buttons. TABLE 3-1 Web Page Configuration Buttons Button Action Cancel Cancels specified values and restores current values. Reset Cancels specified values and restores current values. Save Sets specified values to the system.
3.1.3 Main Menu Using the on-board web agent, you can define system parameters, manage and control the switch and all its ports, and monitor network conditions. The following table briefly describes the selections available from this program.
TABLE 3-2 Menu Summary of Tasks You Can Perform Using the Web Agent (Continued) Subordinate Menu Description Class of Service Configures Class of Service 3-78 • Basic Traffic Prioritisation Configures default CoS priorities, maps CoS priorities to output queues, and configures Weighted Round Robin queueing 3-78 • Layer 3/4 Traffic Prioritisation Selects layer 3/4 priority service, maps IP precedence tags to CoS values, and maps DSCP tags to CoS values 3-85 Address Tables Sets address aging; dis
TABLE 3-2 Summary of Tasks You Can Perform Using the Web Agent (Continued) Menu Subordinate Menu Description Static Addresses Displays or edits static entries in the Address Table; enables and disables learning of permanent entries 3-121 Spanning Tree Configures port settings for the global spanning tree 3-125 • Spanning Tree Protocol Configures STP port-level settings for interface(s) on the global spanning tree 3-125 Management Port See Page Port configuration 3-96 Connection Status Dis
3.2 Basic Configuration 3.2.1 Displaying System Information You can identify the system by providing a descriptive name, location, and contact information. When displaying system information using the web interface or CLI, the following parameters are displayed or can be configured: 3.2.1.1 ■ Host Name – The name assigned to the switch. ■ Location – The system chassis location. ■ Contact – The administrator responsible for the system.
FIGURE 3-3 Switch Setup ⇒ System Identity Window Chapter 3 General Management of the Switch 3-9
3.2.1.2 Command-line Interface: Displaying and Specifying Identification Details Console(config)#hostname R&D 5 Console(config)#snmp-server location WC 9 Console(config)#snmp-server contact Charles Console#show system System description: Sun Fire B1600 System OID string: 1.3.6.1.4.1.674.10895.4 System information System Up time: 0 days, 0 hours, 55 minutes, and 54.
3.2.1.3 MIB Variables: Identification Details TABLE 3-3 SNMP MIB variables Corresponding to the Switch Setup ⇒ System Identity Window Field Name MIB Variable Access Value Range System Name (Host Name) MIB-II. system. sysName Read/write String (size(0-255)) System Location MIB-II. system. sysLocation Read/write String (size(0-255)) System Contact Read/write String (size(0-255)) System Up Time MIB-II. system. sysUpTime Read only Timeticks (in centiseconds) System Description MIB-II.
3.2.2 Setting the IP Address By default, the switch searches for its IP address, default gateway, and netmask using DHCP. You can manually configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Any other format will not be accepted by the software. Note – The IP address of the switch is in fact the IP address of the VLAN containing the management port (NETMGT).
Text / Hex – Indicates whether the client ID has been entered as a text string (1-15 characters) or as a hexidecimal value. The data type used will depend on the requirements of your DHCP server. Note – The Client ID specified in this menu will be overwritten by the SC the next time the system, or the switch itself, is rebooted. The Client ID field will be removed from the next firmware release. ■ ■ Manual – The IP parameters are set to specified values.
FIGURE 3-5 Open Switch Setup ⇒ Network Identity Window Note – If you receive an error message saying that the data you have entered is invalid, confirm that you have specified each of the IP addresses correctly.
Command-line Interface: Specifying the Management VLAN and IP Details ● Specify the management interface, IP address, and default gateway: Console#config Console(config)#interface vlan 2 Console(config-if)#ip address 10.1.0.2 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 10.1.0.
3.2.2.2 Using DHCP/BOOTP By default, the switch uses DHCP/BOOTP services to find its IP configuration information. Web Interface: Using Dynamic IP Configuration Services 1. Open Switch Setup ⇒ Network Identity. 2. Specify the management VLAN interface. 3. Specify the IP Address Mode by selecting DHCP or BOOTP. By default, the System Controller in the chassis provides a client identifier to the switch.
If the address assigned by DHCP is no longer functioning, you will not be able to renew the IP settings through the web interface. You can only restart the DHCP service through the web interface if the current address is still valid. Note – If you lose your management connection, use a console connection and the show ip interface command to determine the new switch address.
MIB variables: Using Dynamic IP Configuration Services TABLE 3-5 3.2.3 MIB Variables Associated With Dynamic IP Configuration Services Field Name MIB Variable Value Range Default Value Management VLAN sun... Read/write switchMgt. switchManagementVlan Integer (1-4094) 1 IP Address Mode sun... Read/write vlanMgt. vlanTable.vlanEntry. vlanAddressMethod user (1), bootp (2), dhcp (3) dchp DHCP Client ID sun... Read/write ipMgt.
FIGURE 3-7 3.2.3.2 Open Switch Setup ⇒ Software Window (showing version information) Comand-line Interface: Displaying Switch Software Version Information Use the following command to display version information: Console#show version Unit1 Serial number Service tag Hardware version Number of ports Main power status Redundant power status Agent(master) Unit id Loader version Boot rom version Operation code version Console# :1 : :R0B :25 :up :not present :1 :0.0.6.5 :0.0.7.3 :1.0.0.
3.2.3.3 MIB Variables Associated With Software Version Information TABLE 3-6 3-20 MIB Versions Associated With Software Version Information Field Name MIB Variable Access Value Range Switch Serial Number SUN. switchMgt. switchInfoTable. switchInfoEntry. swSerialNumber Read only Display string (size (0..80)) Switch Hardware Version SUN. switchMgt. switchInfoTable. switchInfoEntry. swHardwareVer Read only Display string (size (0..20)) Switch Port Number SUN. switchMgt. switchInfoTable.
3.2.4 Managing Firmware You can upload and download firmware to and from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can also set the switch to use new firmware without overwriting the previous version. When downloading software files, note the following points: ■ The destination file name should not contain slashes (\ or /). ■ The leading character of the file name should not be a period (.).
FIGURE 3-8 The Switch Status ⇒ Software Window (for downloading firmware) Note – If you receive an error message saying that the data you have entered is invalid, you might have typed an incorrect IP address or an incorrect file name, or you not might have the correct access permissions for TFTP transfer. Alternatively, it is possible that there is not enough memory available on the switch.
3. Type the source and destination file names. 4. Set the new file to start up the system. 5. Restart the switch. Console#copy tftp file TFTP server ip address: 10.1.0.99 Choose file type: 1. config: 2. opcode: <1-2>: 2 Source file name: v10.bix Destination file name: V10000 \Write to FLASH Programming. -Write to FLASH finish. Success. Console#config Console(config)#boot system opcode: V10000 Console(config)#exit Console#reload To start new firmware, use the reload command to reboot the system.
TABLE 3-7 3-24 MIB Variables Associated With Downloading Firmware (Continued) Field Name MIB Variable Access Value Range TFTP Destination File Name sun... tftpMgt. tftpDestFile Read/write String (size (0-127)) TFTP Action sun... tftpMgt. tftpAction Read/write notDownloading (1), downloadToPROM (2), downloadToRAM (3) (not supported) upload (4) TFTP Status sun... tftpMgt.
3.2.5 Saving or Restoring Configuration Settings You can upload and download configuration settings to and from a TFTP server. The configuration file can later be downloaded to restore the switch’s settings. When downloading configuration files, note the following points: 3.2.5.1 ■ The destination file name should not contain slashes (\ or /). ■ The leading character of the file name should not be a period (.). ■ The maximum length for file names on the TFTP server is 127 characters.
FIGURE 3-10 The Switch Setup ⇒ Software Window (for downloading a configuration file) If you download to a new file name, select the new file from the pull-down menu and click Save. To use the new settings, reboot the system by clicking Save and Restart. FIGURE 3-11 The Switch Setup ⇒ Software Window (enabling you to specify the operation code and configuration file to use at startup) Command-line Interface: Downloading a File of Configuration Settings 1. Type the IP address of the TFTP server. 2.
4. Restart the switch. Console#copy tftp startup-config TFTP server ip address: 192.168.1.19 Source configuration file name: startup2.0 Startup configuration file name [startup] : startup2.0 \Write to FLASH Programming. -Write to FLASH finish. Success. Console#reload System will be restarted, continue ?y If you download the startup configuration file under a new file name, you can set this file as the startup file at a later time, and then restart the switch.
TABLE 3-8 MIB Variables Associated With Downloading Configuration Settings Field Name MIB Variable Access Value Range TFTP Status sun... tftpMgt. tftpStatus Read/write tftpSuccess (1), tftpStatusUnknown (2), tfttpGeneralError (3), tftpNoResponseFromServer (4), tftpDownloadChecksumError (5), tftpDownloadIncompatibleImage (6), tftpTftpFileNotFound(7), tftpTftpAccessViolation(8) 3.2.6 Restart Configuration File sun... restartMgt.
RADIUS-aware or TACACS+-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user that requires management access to a switch. Note – When setting up privilege levels on a RADIUS or TACACS+ server, remember that level 0 allows guest (Normal Exec) access to the switch. Only level 15 allows administrator (Privileged Exec) access. ■ RADIUS uses UDP while TACACS+ uses TCP.
■ ■ 3.2.6.1 Timeout for reply8 – Number of seconds (between 1 and 65,535) the switch waits for a reply before resending a request. The default is 5. Local Access Authentication ■ User Account – The name (between 1 and 8 characters) of the user. The maximum number of users is 5. ■ Access Level – The user level. Specify Normal or Privileged. ■ Password – The user password. A plain text string of between 1 and 8 characters that is case sensitive. Web Interface: Configuring User Authentication 1.
FIGURE 3-12 The Switch Config ⇒ Security Window for Use With Authentication Servers To configure authentication parameters for local access: 1. Type a user name. 2. Select an access level, Normal or Privileged. 3. Type a password. 4. Click Add.
FIGURE 3-13 3.2.6.2 The Switch Config ⇒ Security Window Showing Locally Stored Logins Command-line Interface: Configuring User Authentication 1. Assign a user name and access level. Type 0 for Normal access and 15 for Privileged access. 2. Specify the password. 3. Configure the required settings for RADIUS and TACACS+ remote client authentication.
3.2.6.3 MIB variables Associated With User Authentication TABLE 3-9 3.2.7 MIB Variables Associated With User Authentication Field Name MIB Variable User Name Not Defined Password Not Defined Access Level Not Defined Authenticatio n Sequence Not Defined RADIUS Server Address Default Value Access Value Range sun... securityMgt.radiusMgt. radiusServerAddress Read/write IP address 10.11.12 .13 RADIUS Server Port Number sun... securityMgt.radiusMgt.
Equipment commonly managed with SNMP includes switches, routers, and host computers. SNMP is typically used to configure these devices for proper operation in a network environment, as well as to monitor them to evaluate performance or detect potential problems. The blade system chassis switch includes an on-board SNMP agent that continuously monitors the status of its hardware and the traffic passing through its ports.
FIGURE 3-14 The Switch Config ⇒ Communication Window for Adding and Removing Community Strings Command-line Interface: Adding and Removing Community Strings The following example adds the string blueberry with read/write access. Console(config)#snmp-server community blueberry rw Console(config)# MIB Variables Associated With Community Strings Note – There are no MIB variables for these functions.
3.2.7.2 Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the switch to specified trap managers. You must specify trap managers so that key events are reported by this switch to your management station (using network management platforms such as Soltice Domain Manager). You can specify up to five management stations that will receive trap messages from the switch. The traps supported by this switch are listed under “Supported Traps” on page A-3.
FIGURE 3-15 The Switch Config ⇒ Communication Window Listing the Stations That Receive Traps From the Switch Command-line Interface: Specifying Trap Management Stations This example adds a trap manager and enables link-up-down and authentication traps. Console(config)#snmp-server host 10.1.0.
MIB Variables Associated With Trap Management TABLE 3-10 3-38 MIB Variables Associated With Trap Management Field Name MIB Variable Access Value Range Trap Destination Address sun... trapDestMgt. trapDestTable. trapDestEntry. trapDestAddress No access IP address Trap Destination Community sun... trapDestMgt. trapDestTable. trapDestEntry. trapDestCommunity Read/create String (size (0-127)) Trap Destination Version sun... trapDestMgt. trapDestTable. trapDestEntry.
3.3 Configuring Global Network Protocols This section describes how to configure global switch settings for virtual LANs, multicast service, Spanning Tree Algorithm, handling data based on specific class-ofservice requirements, and displaying the address table or setting static addresses. 3.3.1 VLAN Configuration In conventional networks with routers, broadcast traffic is split up into separate domains. Switches do not inherently support broadcast domains.
the connection supports VLANs. Then assign ports on the other VLAN-aware network devices along the path that will carry this traffic to the same VLAN(s), either manually or dynamically using GVRP. However, if you want a port on this switch to participate in one or more VLANs, but none of the intermediate network devices nor the host at the other end of the connection supports VLANs, then you should add this port to the VLAN as an untagged port.
page 3-114.) You should also determine security boundaries in the network and disable GVRP on end-station ports where you need to prevent advertisements from being propagated, or forbid ports from joining restricted VLANs. Note – If you have host devices that do not support GVRP, you must configure static VLANs for the switch ports connected to these devices (as described in “Adding Static Members to VLANs” on page 3-50).
Command-line Interface: Displaying Basic VLAN Information ● Type the following command: Console#show bridge-ext Max support vlan numbers: 32 Max support vlan ID: 4094 Extended multicast filtering services: No Static entry individual port: Yes VLAN learning: IVL Configurable PVID tagging: Yes Local VLAN capable: Yes Traffic classes: Enabled Global GVRP status: Disabled GMRP: Disabled Console# 3-42 Sun Fire B1600 Blade System Chassis Switch Administration Guide • June 2003
MIB Variables Associated With Basic VLAN Information TABLE 3-11 MIB Variables Associated With Basic VLAN Information Field Name MIB Variable Access Value Range Default Value VLAN Version Number MIB-II. dot1dBridge. qBridgeMIB. qBridgeMIBObjects . dot1qBase. dot1qVlanVersionNumber Read only version1 (1) version1 Maximum VLAN ID MIB-II. dot1dBridge. BridgeMIB. BridgeMIBObjects. dot1qBase. dot1qMaxVlanId Read only Integer 4094 Maximum Number of Supported VLANs MIB-II. dot1dBridge. qBridgeMIB.
TABLE 3-11 3-44 MIB Variables Associated With Basic VLAN Information (Continued) Default Value Field Name MIB Variable Access Value Range Traffic Classes Enabled MIB-II. dot1dBridge. pBridgeMIB. pBridgeMIBObjects. dot1dExtBase. dot1dTrafficClassesEnabled Read/ write true (1), false (2) true GMRP Status MIB-II. dot1dBridge. pBridgeMIB. pBridgeMIBObjects. dot1dExtBase. dot1dGmrpStatus Read/ write enabled (1), disabled (2) disabled GVRP Status MIB-II. dot1dBridge. qBridgeMIB.
3.3.1.2 Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network. GVRP must be enabled to permit automatic VLAN registration, and to support VLANs which extend beyond the local switch. Web Interface: Enabling or Disabling GVRP (Global Setting) 1.
MIB Variables Associated With GVRP TABLE 3-12 3.3.1.3 MIB Variables Associated With GVRP Field Name MIB Variable Access Value Range GVRP Status MIB-II. dot1dBridge. qBridgeMIB. qBridgeMIBObjects . dot1qBase. dot1qGvrpStatus Read/write enabled (1), disabled (2) Default Value disabled Configuring VLANs When configuring VLANs using the web interface or CLI, the following parameters are displayed or can be configured: ■ ID – The ID of configured VLAN (1 to 4094).
2. Click Enable, Disable or Remove. To add interfaces to a VLAN: 1. Select an entry. 2. Click Membership. (See “Adding Static Members to VLANs” on page 3-50.
Command-line Interface: VLAN Configuration The following sample commands create a new VLAN and display all VLAN information: Console(config)#vlan database Console(config-vlan)#vlan 3 name R&D media ethernet state active Console(config-vlan)# Console#show vlan VLAN Type Name Status Ports/Channel groups ---- ------- ---------------- --------- ---------------------------------------1 Static DefaultVlan Active SNP0 SNP1 SNP2 SNP3 SNP4 SNP5 SNP6 SNP7 SNP8 SNP9 SNP10 SNP11 SNP12 SNP13 SNP14 SNP15 NETP0 NETP1 NETP
MIB Variables Associated With VLAN Configuration TABLE 3-13 MIB Variables Associated With VLAN Configuration Field Name MIB Variable Access Value Range Default Value VLAN ID MIBII.dot1dBridge. qBridgeMIB. qBridgeMIBObjects . dot1qVlan. dot1qVlanCurrentT able. dot1qVlanCurrentE ntry. dot1qVlanIndex No access Integer 1 VLAN Name MIBII.dot1dBridge. qBridgeMIB. qBridgeMIBObjects . dot1qVlan. dot1qVlanStaticTa ble. dot1qVlanStaticEn try.
TABLE 3-13 3.3.1.4 MIB Variables Associated With VLAN Configuration (Continued) Field Name MIB Variable Access Value Range VLAN Type MIBII.dot1dBridge. qBridgeMIB. qBridgeMIBObjects . dot1qVlan. dot1qVlanCurrentT able. dot1qVlanCurrentE ntry. dot1qVlanStatus Read only other(1), permanent(2), dynamicGvrp(3) VLAN Ports MIBII.dot1dBridge. qBridgeMIB. qBridgeMIBObjects . dot1qVlan. dot1qVlanCurrentT able. dot1qVlanCurrentE ntry.
■ Add Tagged: The interface is a member of the VLAN. All packets transmitted by the port on this VLAN will be tagged, that is, carry a tag and therefore carry VLAN or COS information. ■ Add Untagged: The interface is a member of the VLAN. All packets transmitted by the port will be untagged, that is, not carry a tag and therefore not carry VLAN or COS information. ■ Add Forbidden: The interface is forbidden from automatically joining the VLAN through GVRP.
FIGURE 3-18 The Switch Config ⇒ VLANs Window Command-line Interface: Adding Ports Manually to a VLAN The following example adds two ports to VLAN 3 (named R&D), forbids server blade port SNP13 from joining the VLAN dynamically (using GVRP), and finally displays the VLAN’s membership: Console(config)#interface ethernet NETP1 Console(config-if)#switchport allowed vlan add 3 tagged Console(config-if)#exit Console(config)#interface ethernet NETP2 Console(config-if)#switchport allowed vlan add 3 untagged Conso
MIB Variables Associated With Adding Ports to a VLAN TABLE 3-14 MIB Variables Associated With Adding Ports to a VLAN Field Name MIB Variable Access Value Range VLAN ID MIB-II. dot1dBridge. qBridgeMIB. qBridgeMIBObjects. dot1qVlan. dot1qVlanStaticTable. dot1qVlanStaticEntry. dot1qVlanIndex Index Row VLAN Name MIB-II. dot1dBridge. qBridgeMIB. qBridgeMIBObjects. dot1qVlan. dot1qVlanStaticTable. dot1qVlanStaticEntry.
TABLE 3-14 3.3.2 MIB Variables Associated With Adding Ports to a VLAN (Continued) Field Name MIB Variable Access Value Range VLAN Forbidden Ports MIB-II. dot1dBridge. qBridgeMIB. qBridgeMIBObjects. dot1qVlan. dot1qPortVlanTable. dot1qPortVlanEntry. dot1qVlanForbiddenEgressPorts Read/create Octet string (port list) Port Trunk Index sun... (Channel portMgt. Groups) portTable portEntry. portTrunkIndex Read only VLAN Static Row Status Read/create enable(1), disable(2) MIB-II. dot1dBridge.
The purpose of IP multicast filtering is to optimize a switched network’s performance, so that multicast packets will only be forwarded to those ports containing multicast group hosts or multicast routers/switches, instead of flooding traffic to all ports in the subnet (VLAN). 3.3.2.1 Configuring IGMP Snooping Parameters You can configure the switch to forward multicast traffic intelligently.
■ Query Interval – The frequency (between 60 and 125 seconds) at which the switch sends IGMP host-query messages. The default is 125 seconds. ■ Query Report Delay – The time (between 5 and 25 seconds) between receiving an IGMP Report for an IP multicast address on a port before the switch sends an IGMP Query out of that port and removes the entry from its list. The default is 10 seconds.
FIGURE 3-19 The Switch Config ⇒ Broadcast & Multicast Window Chapter 3 General Management of the Switch 3-57
Command-line Interface: Configuring IGMP Snooping Parameters This example modifies the settings for multicast filtering, and then displays the current status.
MIB Variables Associated With IGMP Parameters TABLE 3-15 3.3.2.2 MIB Variables Associated With IGMP Parameters Field Name MIB Variable Access Value Range Default Value Snooping Status sun... igmpSnoopMgt. igmpSnoopStatus Read/write enabled (1), disabled (2) enabled Snooping Querier sun... igmpSnoopMgt. igmpSnoopQuerier Read/write enabled (1), disabled (2) enabled Snooping Query Count sun... Read/write igmpSnoopMgt. igmpSnoopQueryCount Integer (2-10) 2 Snooping Query Interval sun...
When specifying interfaces connected to multicast routers through the web interface or CLI, the following parameters are displayed or can be configured: ■ ■ All known ports in VLAN connected to multicast routers: ■ VLAN – The VLAN on the switch. (The pull-down menu includes the VLAN ID and name.) ■ Interface – The interfaces connected to a multicast router and the whether the assignment was static (Static) or dynamic (IGMP).
FIGURE 3-20 The Switch Config ⇒ Broadcast & Multicast Window (Multicast Router Ports selected) Chapter 3 General Management of the Switch 3-61
Command-line Interface: Specifying Interfaces Connected to Multicast Routers The following example configures port NETP0 as a multicast router port within VLAN 1 and then displays a confirmation of this configuration: Console(config)#ip igmp snooping vlan 1 mrouter ethernet NETP0 Console(config)#exit Console#show ip igmp snooping mrouter vlan 1 VLAN M'cast Router Port Type ---- ------------------ ------1 NETP0 Static MIB Variables Associated With Interfaces Connected to Multicast Routers TABLE 3-16 MIB Va
TABLE 3-16 Field Name MIB Variables Associated With Interfaces Connected to Multicast Routers MIB Variable Access Value Range Snooping sun... Multicast Router igmpSnoopMgt. Static Ports igmpSnoopRouterStaticTable. igmpSnoopRouterStaticEntry. igmpSnoopRouterStaticPorts Read/create Octet string (port list) Snooping sun... Multicast Router igmpSnoopMgt. Static Status igmpSnoopRouterStaticTable. igmpSnoopRouterStaticEntry.
3.3.2.3 Configuring Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in “Configuring IGMP Snooping Parameters” on page 3-55. For certain applications that require tighter control, you might need to manually assign a multicast service to a specific interface. First add all the ports connected to participating hosts to a common VLAN, and then assign the multicast service to that VLAN group.
2. Type the IP address for the multicast service in the text field. 3. Click Add. FIGURE 3-21 The Switch Config ⇒ Broadcast & Multicast Window (Multicast Services selected) Note – If you receive an error message saying that the data you have entered is invalid, check that you have specified each of the IP addresses correctly.
Command-line Interface: Configuring Multicast Services The following example assigns a multicast address to port NETP0 and then displays all the known multicast services supported on VLAN 1. Console(config)#ip igmp snooping vlan 1 static 224.0.0.12 ethernet NETP0 Console(config)#exit Console#show mac-address-table multicast vlan 1 VLAN M'cast IP addr. Member ports Type ---- --------------- ------------ ------1 224.0.0.12 NETP1 IGMP 1 224.1.2.
3.3.3 Broadcast Storm Control (Global Setting) Broadcast storms can occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much broadcast traffic on your network, performance can be severely degraded or everything can come to a complete halt.
FIGURE 3-22 3.3.3.2 The Switch Config ⇒ Broadcast & Multicast Window (Broadcast Storms selected) Command-line Interface: Using Broadcast Storm Control The following example shows how to set the broadcast threshold to 64 packets per second.
Note – Note that the switchport broadcast command enables broadcast storm control on the specified interface and sets the broadcast threshold for every interface on the switch.
3.3.4 Spanning Tree Algorithm Configuration The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (that is, an STA-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link fails.
The following global STA paramters are fixed and cannot be changed: ■ Bridge ID – The priority and MAC address of the switch. ■ Designated Root – The priority and MAC address of the device in the spanning tree that the switch has accepted as the root device. ■ Root Port – The number of the port on the switch that is closest to the root. The switch communicates with the root device through this port.
■ Maximum Age – The maximum time (in seconds) the switch can wait without receiving a configuration message before attempting to reconfigure. All switch ports (except for designated ports) receive configuration messages at regular intervals. Any port that ages out the STA information provided in the last configuration message it received becomes the designated port for the connected LAN. If it is a root port, a new root port is selected from among the switch ports connected to the network.
FIGURE 3-23 The Switch Config ⇒ Spanning Tree ⇒ Basic Configuration Window Note – If you receive an error saying that the data you have entered is invalid, check that the values you have given for Priority, Hello Time, Maximum Age, and Forward Delay are within the specified ranges for these parameters.
Command-line Interface: Configuring Basic STA Settings The following command displays global STA settings, followed by settings for each port. Console#show spanning-tree Spanning-tree information -------------------------------------------------------------Spanning tree mode :RSTP Spanning tree enable/disable :enable Priority :32768 Bridge Hello Time (sec.) :2 Bridge Max Age (sec.) :20 Bridge Forward Delay (sec.) :15 Root Hello Time (sec.) :2 Root Max Age (sec.) :20 Root Forward Delay (sec.
MIB Variables Associated With Basic STA Settings TABLE 3-19 MIB Variables Associated With Basic STA Settings Field Name MIB Variable Access Value Range Default Value STA System Status sun...staMgt. staSystemStatus Read/write enabled (1), disabled (2) enabled STA Protocol Type sun...staMgt. staProtocolType Read/write stp (1), rstp (2), rstp Bridge ID Consists of bridge priority plus MAC address. Designated Root sun...xstMgt. mstInstanceCfgTable. mstInstanceCfgEntry.
TABLE 3-19 3.3.4.2 MIB Variables Associated With Basic STA Settings (Continued) Field Name MIB Variable Access Value Range Default Value Bridge Maximum Age MIB-II. dot1dStp. dot1dStpBridgeMaxAge Read/write Integer (600-4000) centiseconds 2000 centiseconds Bridge Forward Delay MIB-II. dot1dStp. dot1dStpBridgeForwardDelay Read/write Integer (400-3000) centiseconds 1500 centiseconds STA Configuration Changes MIB-II. dot1dBridge.dot1dStp.
FIGURE 3-24 The Switch Config ⇒ Spanning Tree ⇒ Advanced Configuration Window Note – If you receive an error saying that the data you have entered is invalid, check that you have specified a transmission limit within the specified range. Command-line Interface: Configuring Advanced STA Settings This example sets the spanning tree path cost method and transmission limit.
3.3.5 Class of Service Configuration Class of Service (COS) enables you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. The switch supports COS with four priority queues for each port. Data packets in a port’s highpriority queue are transmitted before those in the low-priority queues. You can set the default priority for each interface and configure the mapping of frame priority tags to the switch’s priority queues. 3.3.5.
FIGURE 3-25 The Switch Config ⇒ Class of Service Command-line Interface: Configuring Class of Service This example assigns a default priority of 5 to port NETP1.
MIB Variables Associated With Class of Service TABLE 3-21 3.3.5.2 MIB Variables Associated With Class of Service Field Name MIB Variable Access Value Range Default Value Port Default User Priority MIB-II. dot1dBridge. pBridgeMIB. pBridgeMIBObjects. dot1dPriority. dot1dPortPriorityTable. dot1dPortPriorityEntry.
The priority levels recommended in the IEEE 802.1p standard for various network applications are shown in the following table. However, you can map the priority levels to the switch’s output queues in any way that benefits application traffic for your own network. TABLE 3-23 IEEE 802.
FIGURE 3-26 The Switch Config ⇒ Class of Service Window for Mapping COS Values to Traffic Classes Command-line Interface: Mapping COS Values to Traffic Classes The following example shows how to map COS values 0, 1 and 2 to COS priority queue 0, value 3 to COS priority queue 1, values 4 and 5 to COS priority queue 2, and values 6 and 7 to COS priority queue 3: Console(config)#interface ethernet NETP0 Console(config)#queue cos-map 0 0 1 2 Console(config)#queue cos-map 1 3 Console(config)#queue cos-map 2 4
MIB Variables Associated With Mapping COS Values to Traffic Queues TABLE 3-24 MIB Variables Associated With Mapping COS Values to Traffic Queues Field Name MIB Variable Access Traffic Class Priority MIB-II. Notdot1dBridge. accessible pBridgeMIB. pBridgeMIBObjects. dot1dPriority. dot1dTrafficClassTable. dot1dTrafficClassEntry. dot1dTrafficClassPriority Traffic Class MIB-II. dot1dBridge. pBridgeMIB. pBridgeMIBObjects. dot1dPriority. dot1dTrafficClassTable. dot1dTrafficClassEntry.
3.3.5.3 Setting the Service Weight for Traffic Classes This switch uses the Weighted Round Robin (WRR) algorithm to determine the frequency at which it services each priority queue. As described in “Mapping COS Values to Egress Queues” on page 3-80, the traffic classes are mapped to one of the four egress queues provided for each port. You can assign a weight to each of these queues (and thereby to the corresponding traffic priorities).
Command-line Interface: Setting the Service Weight for Traffic Classes The following example shows how to assign WRR weights of 1, 4, 16, and 64 to the COS priority queues 0, 1, 2 and 3. Console(config)#queue bandwidth 1 4 16 64 Console(config)#exit Console#show queue bandwidth Queue ID Weight -------- -----0 1 1 4 2 16 3 64 Console# MIB Variables: Setting the Service Weight for Traffic Classes TABLE 3-25 Setting the Service Weight for Traffic Classes Field Name 3.3.5.
■ The precedence for priority mapping is IP Precedence or DSCP Priority, and then Default Port Priority. ■ IP Precedence and DSCP Priority cannot both be enabled. Enabling one of these priority types automatically disables the other. When mapping layer 3/4 priorities to COS values through the web interface or CLI, the following parameters can be configured: ■ Enable Priority Services – The current operating status for mapping for layer 3/4 priorities to COS values. The default is disabled.
To disable layer 3/4 traffic prioritization completely, use the following commands: Console(config)#no map ip precedence Console(config)#no map ip dscp MIB Variables Associated With Traffic Prioritisation TABLE 3-26 3.3.5.5 MIB Variables Associated With Traffic Prioritization Field Name MIB Variable Access Value Range Default Value IP Precedence/ DSCP Status sun... priorityMgt.
■ Class of Service Value – The COS value that is mapped to the selected IP Precedence value. Note that “0” represents low priority and “7” represents high priority. Web Interface: Mapping IP Precedence 1. Open Switch Config ⇒ Class of Service ⇒ Layer 3/4 Traffic Prioritisation. 2. Scroll to Mapping IP Precedence to Class of Service Values. 3. Select an entry from the IP Precedence table. 4. Select a value from the Class of Service Value menu. 5. Click Save.
Command-line Interface: Mapping IP Precedence The following example maps IP Precedence value 1 to COS value 0 on port SNP515, and then displays all the IP Precedence settings for that port.
3.3.5.6 Mapping DSCP Priority The DSCP is six bits wide, enabling coding for up to 64 different forwarding behaviors. The DSCP replaces the ToS bits, but it retains backward compatibility with the three precedence bits so that non-DSCP compliant, ToS-enabled devices, will not conflict with the DSCP mapping. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. The DSCP default values are defined in the following table.
FIGURE 3-30 The Switch Config ⇒ Class of Service Window for Mapping DSCP to COS Values Command-line Interface: Mapping DSCP Priority The following example maps DSCP value 0 to COS value 1 on port SNP516, and then displays all the DSCP Priority settings for that port. Console(config)#interface ethernet SNP5 Console(config-if)#map ip dscp 0 cos 1 Console(config-if)#end Console#show map ip dscp ethernet SNP5 DSCP mapping status: disabled Port DSCP COS ----------- ---- --SNP1 0 1 SNP1 1 0 SNP1 2 0 SNP1 3 0 .
MIB Variables Associated With Mapping DSCP to CoS Values TABLE 0-1 3.3.6 MIB Variables Associated With Mapping DSCP to COS Values Field Name MIB Variable Access Value Range IP DSCP Value sun... priorityMgt. prioIpDscpTable. prioIpDscpEntry. prioIpDscpValue Notaccessible Integer (0-63) IP DSCP CoS sun... priorityMgt. prioIpDscpTable. prioIpDscpEntry. prioIpDscpCos Read/write Integer (0-7) Default Value page 3-90 Address Table Settings Switches store the addresses for all known devices.
■ Address Type – Whether an address was learned or statically configured. Web Interface: Viewing the Address Tables 1. Open Switch Config ⇒ Address Tables. 2. Specify an interface, VLAN, MAC address, or address type (any combination) for the search criteria. 3. Click Query. FIGURE 3-31 The Switch Config ⇒ Address Tables Window Command-line Interface: Viewing the Address Tables This example displays the address table entries for port NETP1.
MIB Variables Associated With the Address Tables TABLE 3-30 3.3.6.2 MIB Variables Associated With the Address Tables Field Name MIB Variable Access Interface MIB-II. Read only dot1dBridge.dot1dTp. dot1dTpFdbTable.dot1dTpFdbEntry. dot1dTpFdbPort not learned (0), Port list (1-24) MAC Address MIB-II. Read only dot1dBridge.dot1dTp. dot1dTpFdbTable.dot1dTpFdbEntry. dot1dTpFdbAddress MAC address VLAN MIB-II. dot1dBridge.qBridgeMIB. qBridgeMIBObjects. dot1qVlan. dot1qVlanStaticTable.
FIGURE 3-32 The Switch Config ⇒ Address Tables Window (showing aging time option) Command-line Interface: Changing the Aging Time This example sets the aging time to 400 seconds. Console(config)#mac-address-table aging-time 400 Console(config)# MIB Variables Associated With Aging Time TABLE 3-31 MIB Variables Associated With Aging Time Field Name MIB Variable Access Value Range Default Value Aging Time MIB-II dot1dBridge.dot1dTp.
3.4 Port Configuration This section includes configuration menus for the down-link ports, up-link ports, and management port. Most of these menus apply to all port types. However, the management port only supports a few basic menus, and Packet Filtering (page 3134) is only provided for the management port. Note – The port designations used in the following menus include NETP0 to NETP7 for up-link ports, SNP0 to SNP15 for down-link ports, and NETMGT for the management port. 3.4.
■ Auto-negotiation – The configured state of auto-negotiation. Either enabled or disabled. ■ Protect Status – The configured state of broadcast storm control on the interface. To set the threshold value, see “Broadcast Storm Control (Global Setting)” on page 3-67. ■ MAC Address19 – The physical layer address of the port. ■ Port Capabilities20 – The capabilities that are advertised for a port during autonegotiation.
FIGURE 3-33 3-98 The Up Links ⇒ Connections Status Window Sun Fire B1600 Blade System Chassis Switch Administration Guide • June 2003
Command-line Interface: Displaying the Connection Status of a Port This example shows the connection status for Port NETP7.
MIB Variables Associated With the Connection Status of Ports TABLE 3-32 3-100 MIB Variables Associated With the Connection Status of Ports Default Value Field Name MIB Variable Access Value Range Port Type sun... portMgt. portTable. portEntry. portType Read only other(1), hundredBaseTX(2), hundredBaseFX(3), thousandBaseSX(4), thousandBaseLX(5), thousandBaseT(6), thousandBaseMiniGBIC(7) thousandBaseSFP(8) MAC Address MIB-II. interfaces. ifTable.ifEntry.
TABLE 3-32 MIB Variables Associated With the Connection Status of Ports (Continued) Default Value Field Name MIB Variable Access Value Range Port Speed Duplex Status sun... portMgt. portTable.portEntry . portSpeedDpxStatus Read only error(1), halfDuplex10(2), fullDuplex10(3), halfDuplex100(4), fullDuplex100(5), halfDuplex1000(6), fullDuplex1000(7) Port Capabilities sun... portMgt. portTable.portEntry .
3.4.2 Configuring Interface Connections You can use the Port Setup page to enable/disable an interface, set auto-negotiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control. When configuring interface connections through the web interface or CLI, the following parameters are displayed or can be configured: ■ Port/s – The port or aggregate link (up links NETP0 to NETP7, and down links SNP0 to SNP15).
Note – The integrated switches on the Sun Fire B1600 blade system chassis are each composed of two switch chips linked together. It is only possible to enable flow control between two ports that are on the same switch chip. The ports NETP0, NETP1, NETP4, NETP5, and SNP8 through SNP15 are on one switch chip. The ports NETP2, NETP3, NETP6, NETP7, and SNP0 through SNP7 are on the other.
FIGURE 3-34 3-104 The Up Links ⇒ Status Window (showing attribues of NETP0) Sun Fire B1600 Blade System Chassis Switch Administration Guide • June 2003
3.4.2.2 Command-line Interface: Configuring Interface Connections Select the interface, and then enter the required settings. Console#Console(config)#interface ethernet NETP1 Console(config-if)#description RD SW#17 Console(config-if)#shutdown . . . Console(config-if)#no shutdown Console(config-if)#negotiation Console(config-if)#capabilities 1000full Console(config-if)#capabilities 1000full Console(config-if)#capabilities flowcontrol . . .
TABLE 3-33 3-106 MIB Variables for Interface Connections (Continued) Field Name MIB Variable Access Value Range Port Capabilities sun... portMgt. portTable.portEnt ry. portCapabilities Read/write Bits{ portCap10half (0), portCap10full (1), portCap100half (2), portCap100full (3), portCap1000half (4), portCap1000full (5), reserved6-13 (6-13), portCapSym (14), portCapFlowCtrl (15)} Port Speed Duplex Configuration sun... portMgt. portTable.portEnt ry.
3.4.3 Configuring Aggregated Links You can create multiple links between devices that work as one virtual, aggregate link. An aggregated link offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault-tolerant link between two devices. You can create up to six aggregated links at a time. The switch supports both static aggregated links and dynamic Link Aggregation Control Protocol (LACP).
3.4.3.1 Dynamically Configuring an Aggregated Link with LACP Web Interface: Dynamic Aggregated Links (LACP) 1. Click Up Links/Down Links ⇒ Link Aggregation. 2. Locate the required port in the Link Aggregation table. 3. Click Enable LACP or Disable LACP. Note – The action buttons take immediate effect. To avoid creating a loop in the network, be sure you enable LACP before connecting the ports, and also disconnect the ports before disabling LACP.
Command-line Interface: Dynamic Aggregated Links (LACP) The following example enables LACP for ports NETP0 and NETP1. These ports can be connected to two LACP-enabled ports on another switch to form an aggregated link.
MIB Variables Associated With Dynamic Aggregated Links TABLE 3-34 MIB Variables Associated With Dynamic Aggregated Links Access Value Range Default Value Trunk Maximum sun... ID trunkMgt. trunkMaxId Read only Integer 6 Trunk Valid Number sun... trunkMgt. trunkValidNumber Read only Integer (1-6) Trunk Index sun... Index trunkMgt. trunkTable.trunkEntry. trunkIndex Trunk Ports sun... Read/create Octet string trunkMgt. (port list) trunkTable.trunkEntry. trunkPorts Trunk Creation sun...
3.4.3.2 Statically Configuring an Aggregated Link Web Interface: Statically Configuring an Aggregated Link 1. Click Up Links / Down Links ⇒ Link Aggregation. 2. Select a trunk from the Select Trunk menu. 3. Select the required port. 4. Click Add or Remove. Note – The action buttons take immediate effect.
Command-line Interface: Statically Configuring an Aggregated Link This example creates port-channel 2 using ports NETP2 and NETP3. These ports can be connected to two ports on another switch to form an aggregated link.
MIB Variables Associated With Static Aggregated Links TABLE 3-35 MIB Variables Associated With Static Aggregated Links Access Value Range Default Value Trunk Maximum sun... ID trunkMgt.trunkMaxId Read only Integer 6 Trunk Valid Number sun... trunkMgt. trunkValidNumber Read only Integer (1-6) Trunk Index sun... trunkMgt.trunkTable. trunkEntry.trunkIndex Index Integer Trunk Ports sun... trunkMgt.trunkTable. trunkEntry.trunkPorts Read/create Octet string (port list) Trunk Creation sun...
3.4.4 Configuring VLAN Behavior for Interfaces You can configure VLAN behavior for specific interfaces, including default VLAN identifier (PVID), accepted frame types, ingress filtering, GARP VLAN Registration Protocol (GVRP) status, and Group Address Registration Protocol (GARP) timers.
3.4.4.1 ■ Ingress filtering only affects tagged frames. ■ If ingress filtering is disabled, the interface accepts any VLAN-tagged frame if the tag matches a VLAN known on the switch (except for those VLANs explicitly forbidden on the port). ■ If ingress filtering is enabled, the interface discards incoming frames tagged for VLANs that do not include the ingress port in their member set. ■ Ingress filtering does not affect VLAN independent BPDU frames, such as GVRP or STP.
2. Modify the required settings for each interface. 3. Click Save.
Scroll down to the VLAN membership table, and configure the VLANs required for the selected interface. FIGURE 3-38 3.4.4.2 The Up Links ⇒ VLANs Window (cont’d) Command-line Interface: Configuring VLAN Behavior for Interfaces This example sets port NETP4 to accept only tagged frames, assigns PVID 4 as the native VLAN ID, enables GVRP, sets the GARP timers, and then sets the switchport mode to hybrid.
3.4.4.3 MIB Variables Associated With VLAN Behavior of Interfaces TABLE 3-36 3-118 MIB Variables Associated With VLAN Behavior of Interfaces Field Name MIB Variable Access Value Range Default Value Port PVID MIB-II. dot1dBridge. qBridgeMIB. qBridgeMIBObjects. dot1qVlan. dot1qPortVlanTable . dot1qPortVlanEntry . dot1qPvid Read/write Integer (1-4094) 1 Port Acceptable Frame Type MIB-II. dot1dBridge. qBridgeMIB. qBridgeMIBObjects. dot1qVlan. dot1qPortVlanTable . dot1qPortVlanEntry .
TABLE 3-36 MIB Variables Associated With VLAN Behavior of Interfaces (Continued) Field Name MIB Variable Access Value Range Default Value Port GVRP Status MIB-II. dot1dBridge. qBridgeMIB. qBridgeMIBObjects. dot1qVlan. dot1qPortVlanTable . dot1qPortVlanEntry . dot1qPortGVRPStatu s Read/write enabled (1), disabled (2) disabled GARP Join Time MIB-II. dot1dBridge. pBridgeMIB. pBridgeMIBObjects. dot1dGarp. dot1dPortGarpTable . dot1dPortGarpEntry .
TABLE 3-36 3-120 MIB Variables Associated With VLAN Behavior of Interfaces (Continued) Field Name MIB Variable Access Value Range VLAN Static Name MIB-II. dot1dBridge. qBridgeMIB. qBridgeMIBObjects. dot1qVlan. dot1qVlanStaticTab le. dot1qVlanStaticEnt ry. dot1qVlanStaticNam e Read/ create Octet string (size (0-32)) VLAN Static Row Status MIB-II. dot1dBridge. qBridgeMIB. qBridgeMIBObjects. dot1qVlan. dot1qVlanStaticTab le. dot1qVlanStaticEnt ry.
3.4.5 Configuring Static Addresses You can use address filtering to set static addresses that are bound to a specific port and VLAN, or to enable port security that restricts all inbound traffic to the entries currently listed in the address table (including either dynamic or static addresses). Note the following points about static addresses and port security: ■ Setting Static Addresses – A static address can be assigned to a specific interface on the switch.
■ Duration – The address can be set to the following type: ■ ■ 3.4.5.1 Permanent – The assignment is permanent, and restored after the switch is reset. Delete on Reset – The assignment lasts until the switch is reset. Web Interface: Configuring Static Addresses 1. Open Up Links / Down Links ⇒ Address Filtering. 2. Select the interface. 3. Select Secure Port to enable port security. 4. Select VLAN, MAC address, and duration. 5. Click Add.
3.4.5.
TABLE 3-37 3-124 MIB Variables Associated With Static Addresses (Continued) Field Name MIB Variable Access Value Range VLAN Index MIB-II. dot1dBridge. qBridgeMIB. qBridgeMIBObjects . dot1qVlan. dot1qVlanStaticTa ble. dot1qVlanStaticEn try. dot1qVlanIndex Index Integer Static Address MIB-II. dot1dBridge. dot1dStatic. dot1dStaticTable. dot1dStaticEntry. dot1dStaticAddres s Read/write MAC address Static Status MIB-II. dot1dBridge. dot1dStatic. dot1dStaticTable. dot1dStaticEntry.
3.4.6 Managing Interfaces for Spanning Tree Algorithm You can configure RSTP attributes for specific interfaces, including port priority, path cost, link type, and edge port. You can use a different priority or path cost for ports of same media type to indicate the preferred path, link type to indicate a pointto-point connection or shared-media connection, and edge port to indicate if the connected device can support fast forwarding. 3.4.6.
■ ■ Link Type (Admin Link type25) – The link type connected to the interface. ■ Point-to-Point – A connection to exactly one other bridge. ■ Shared – A connection to two or more bridges. ■ Auto – The switch automatically determines if the interface is connected to a point-to-point link or to shared media. Edge Port (Admin Edge Port25) – You can enable this option if an interface is connected to a LAN segment that is at the end of a bridged LAN or to an end node.
FIGURE 3-40 The Up Links ⇒ Spanning Tree Window Command-line Interface: Displaying the Current Interface Settings for STA This example shows the STA attributes for port NETP4: Console#show spanning-tree ethernet NETP4 SNP0 information -------------------------------------------------------------Admin status : enable Role : designate State : forwarding Path cost : 10000 Priority : 128 Designated cost : 10000 Designated port : 128.1 Designated root : 32768.00209C23C267 Designated bridge : 32768.
MIB Variables Associated With a Port’s STA Settings TABLE 3-38 3-128 MIB Variables Associated With a Port’s STA Settings Field Name MIB Variable Access Value Range Port sun...xstMgt. mstInstancePortTable. mstInstancePortEntry Index Interger (1-25) STA Port State sun...xstMgt. mstInstancePortTable. mstInstancePortEntry. mstInstancePortState Read only discarding (1), learning (2), forwarding (3) Default Value STA Port Priority sun...xstMgt. Read/write mstInstancePortTable.
TABLE 3-38 MIB Variables Associated With a Port’s STA Settings (Continued) Field Name MIB Variable STA Port Enable sun...mstMgt. (Admin status) mstInstancePortTable. mstInstancePortEntry. mstInstancePortEnable STA Port Role 3.4.6.2 Access Value Range Read/write enabled (1), disabled (2) sun...mstMgt. Read only mstInstancePortTable. mstInstancePortEntry. mstInstancePortPortRole enabled disabled (1), root (2), designated (3), alternate (4), backup (5) STA Port sun...mstMgt.
■ The default values for Ethernet connections are 2,000,000 (half duplex), 1,000,000 (full duplex), and 500,000 (aggregated link). The default values for Fast Ethernet connections are 200,000 (half duplex), 100,000 (full duplex), and 50,000 (aggregated link). The default values for Gigabit Ethernet connections are 10,000 (full duplex) and 5000 (aggregated link). Note – When the Path Cost Method is set to short (page 3-76), the maximum path cost is 65,535.
FIGURE 3-41 The Up Links ⇒ Spanning Tree Window for NETP4 Command-line Interface: Configuring STA Settings for a Port This example sets STP attributes for port NETP5.
MIB Variables for Configuring a Port’s STA Settings TABLE 3-39 3.4.6.3 MIB Variables for Configuring a Port’s STA Settings Field Name MIB Variable Access Value Range Default Value STA Port Priority sun...mstMgt. mstInstancePortTable. mstInstancePortEntry. mstInstancePortPriority Read/write Integer (0-240) 128 STA Port Path Cost sun...mstMgt. mstInstancePortTable. mstInstancePortEntry.
FIGURE 3-42 The Up Links ⇒ Spanning Tree Window (showing STA status) Command-line Interface: Checking the STA Protocol Status for an Interface This example uses the protocol migration command to verify the spanning tree message type (RSTP or STP-compatible) to send on this interface.
3.4.7 Filtering Traffic From the Down Link Ports to the Management Port You can configure the packet filtering to prevent specified IP traffic from reaching the internal management port (NETMGT) from the down-link ports. Note – Traffic is not allowed between up-link ports and the management port. The system default is to stop all IP packets from passing from the down-link ports to the management port (NETMGT).
3.4.7.1 ■ Source – The frame’s TCP/UDP source address, netmask, and port range (between 0 and 65,535). ■ Destination – The frame’s TCP/UDP destination address, netmask, and port range (between 0 and 65,535). ■ Fragment – The rule will only match packets with the More Fragments (MF) bit set or with a fragment offset greater than zero. If fragment is not set, the rule will match both fragments and non-fragmented packets. ■ Log – Logs any matching packets in the log buffer.
3.4.7.2 Command-line Interface: Filtering Traffic to the Management Port The following example allows all packets to pass through the filter by permitting any protocol type, and using a null address and network mask for both the source address and destination address. For a full list of examples, refer to Section 4.3.7.8, “ip filter” on page 4-77. Console(config)#ip filter permit any 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.
3.4.7.3 MIB Variables Associated With Filtering Traffic to the Management Port TABLE 3-41 MIB Variables Associated With Filtering Traffic to the Management Port Field Name MIB Variable Access Value Range Index sun... securityMgt. packetFilterUnitMgt. pfuRuleTable. pfuRuleEntry. pfuRuleIndex No access Integer (1-128) Action sun... securityMgt. packetFilterUnitMgt. pfuRuleTable. pfuRuleEntry. pfuRuleAction Read/create permit (1), deny (2) Protocol sun... securityMgt. packetFilterUnitMgt.
TABLE 3-41 3-138 MIB Variables Associated With Filtering Traffic to the Management Port (Continued) Default Value Field Name MIB Variable Access Value Range Destination IP Port Range sun... securityMgt. packetFilterUnitMgt. pfuRuleTable. pfuRuleEntry. pfuRuleDstPortRange1 & pfuRuleDstPortRange2 Read/create Integer (1-65536) TCP Code sun... securityMgt. packetFilterUnitMgt. pfuRuleTable. pfuRuleEntry. pfuRuleTcpCode Read/create Integer (0-63) TCP Code Bitmask sun... securityMgt.
3.5 Monitoring Port and Management Traffic This section describes switch monitoring functions, including those used to mirror traffic to a monitor port for analysis, display detailed network statistics for any port, or display key statistics on SNMP traffic passing through the management port. Note – The integrated switches on the Sun Fire B1600 blade system chassis are each composed of two switch chips linked together.
FIGURE 3-44 3.5.1.2 The Monitoring ⇒ Port Mirroring Window Command-line Interface: Configuring Port Mirroring Use the interface command to select the monitor port, then use the port monitor command to specify the source port. Note that default mirroring under the CLI is for both received and transmitted packets.
3.5.1.3 MIB Variables Associated With Port Mirroring TABLE 3-42 3.5.2 MIB Variables Associated With Port Mirroring Field Name MIB Variable Access Value Range Mirror Source Port sun... Not mirrorMgt. accessible mirrorTable.mirrorE ntry. mirrorSourcePort Integer Mirror sun... Not Destination Port mirrorMgt. accessible mirrorTable.mirrorE ntry. mirrorDestinationPo rt Integer Mirror Type Read/create rx (1), sun... tx (2), mirrorMgt. both (3) mirrorTable.mirrorE ntry.
Note – RMON groups 2, 3 and 9 can only be accessed using SNMP. TABLE 3-43 Traffic Statistics Statistic Description Interface Statistics • Received Octets The total number of octets received on the interface, including framing characters. • Received Unicast Packets The number of subnetwork-unicast packets delivered to a higher-layer protocol.
TABLE 3-43 Traffic Statistics (Continued) Statistic Description • Transmit Discarded Packets The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being transmitted. One possible reason for discarding such a packet could be to free up buffer space. • Transmit Errors The number of outbound packets that could not be transmitted because of errors.
TABLE 3-43 Traffic Statistics (Continued) Statistic Description RMON Statistics 3-144 • Drop Events The total number of events in which packets were dropped due to lack of resources. • Jabbers The total number of frames received that were longer than 1518 octets (excluding framing bits, but including FCS octets), and had either an FCS or alignment error. • Received Bytes Total number of bytes of data received on the network.
3.5.2.1 Web Interface: Viewing Port Statistics 1. Open Monitoring ⇒ Statistics. 2. Select the required interface. 3. Click Select. You can also use the Refresh button at the bottom of the page to update the screen.
Scroll down the page to view RMON statistics.
3.5.2.2 Command-line Interface: Viewing Port Statistics This example shows statistics for port SNP13.
3.5.2.3 MIB Variables Associated With Port Statistics TABLE 3-44 MIB Variables Associated With Port Statistics Field Name MIB Variable Access Range • In Octets MIB-II. interfaces.ifNumber.ifTable.ifEnt ry.ifInOctets Read only Integer • In Unicast Packets MIB-II. interfaces.ifNumber.ifTable.ifEnt ry. ifInUcastPkts Read only Integer • In Multicast Packets MIB-II. ifMIB.ifMIBObjects.ifXTable.ifXEn try. ifInMulticastPkts Read only Integer • In Broadcast Packets MIB-II. ifMIB.ifMIBObjects.
TABLE 3-44 MIB Variables Associated With Port Statistics (Continued) Field Name MIB Variable Access Range • Out Discards MIB-II. interfaces.ifTable.ifEntry.ifOutD iscards Read only Integer • Out Errors MIB-II. interfaces.ifTable.ifEntry.ifOutE rrors Read only Integer • Alignment Errors MIB-II. transmission.dot3StatsTable.dot3S tatsEntry. dot3StatsAlignmentErrors Read only Integer • Late Collisions MIB-II. transmission.dot3StatsTable.dot3S tatsEntry.
TABLE 3-44 MIB Variables Associated With Port Statistics (Continued) Field Name MIB Variable Access Range • SQE Test Errors MIB-II. transmission.dot3StatsTable.dot3S tatsEntry. dot3StatsSQETestErrors Read Only Integer • Frames Too Long MIB-II. transmission.dot3StatsTable.dot3S tatsEntry. dot3StatsFrameTooLongs Read only Integer • Deferred Transmissions MIB-II. transmission.dot3StatsTable.dot3S tatsEntry.
TABLE 3-44 MIB Variables Associated With Port Statistics (Continued) Field Name MIB Variable Access Range • Multicast Packets MIB-II. rmon.statistics.etherStatsTable.e therStatsEntry.etherStatsMulticas tPkts Read only Integer • CRC/Alignment Errors MIB-II. rmon.statistics.etherStatsTable.e therStatsEntry.etherStatsCRCAlign Errors Read only Integer • Undersize Packets MIB-II. rmon.statistics.etherStatsTable.e therStatsEntry.
3.5.3 Showing SNMP Statistics You can display key statistics on SNMP traffic crossing the management port. This information can be used to debug SNMP errors, or to display the overall amount of SNMP traffic processed by the switch, as well as any illegal attempts to access the switch through SNMP. TABLE 3-45 SNMP Traffic Statistics Statistic Description SNMP packets input 3-152 • SNMP packets input The total number of messages delivered to the SNMP entity from the transport service.
TABLE 3-45 SNMP Traffic Statistics (Continued) Statistic Description SNMP packets output 3.5.3.1 • SNMP packets output The total number of SNMP messages which were passed from the SNMP protocol entity to the transport service. • Too big errors The total number of SNMP PDUs delivered to the SNMP protocol entity for which the error-status is “tooBig.” • No such name errors The total number of SNMP PDUs delivered to the SNMP protocol entity for which the error-status is “noSuchName.
FIGURE 3-47 3-154 The Monitoring SNMP Statistics Window Sun Fire B1600 Blade System Chassis Switch Administration Guide • June 2003
3.5.3.2 Command-line Interface: Viewing SNMP Statistics This example shows SNMP statistics for the switch. Console#show snmp SNMP traps: Authentication: enable Link-up-down: enable SNMP communities: 1. private, and the privilege is read/write 2.
3.5.3.3 MIB Variables Associated With SNMP Statistics TABLE 3-46 MIB Variables Associated With SNMP Statistics Field Name MIB Variable Access Range In Packets MIB-II.snmp.snmpInPkts Read only Integer In Bad Versions MIB-II.snmp.snmpInBadVersions Read only Integer In Bad Community Names MIBII.snmp.snmpInBadCommunityNames Read only Integer In Bad Community Uses MIBII.snmp.snmpInBadCommunityUses Read only Integer In ASN Parse Errors MIB-II.snmp.
■ Enable Logging – The status of logging of debug or error messages to switch memory. The default is disabled. ■ Logging Level – The error level (between 0 and 7) of system log messages saved to switch memory based on severity. Note that the messages saved include the selected level down to level 0. The defaults are level 3 to 0 for Flash memory and level 7 to 0 for RAM.
FIGURE 3-48 3.5.4.2 The Monitoring ⇒ Logs Window Command-line Interface: Configuring Message Logs This example enables logging, sets the recorded messages for Flash memory to level 3 (that is “errors”), and then shows the log messages stored in Flash. Console(config)#logging on Console(config)#logging history flash 3 Console#show logging flash Syslog logging: Enable History logging in FLASH: level errors [0] 0:0:5 1/1/1 "PRI_MGR_InitDefault function fails.
3.5.4.3 MIB Variables Associated With Message Logs TABLE 3-48 MIB Variables Associated With Message Logs Field Name MIB Variable Access Value Range Log Status sun... sysLogMgt. sysLogStatus Read/write enabled (1), disabled (2) History Flash Level sun... Read/write sysLogMgt. sysLogStatus.sysLog .HistoryFlashLevel Integer (0-7) History RAM Level sun... Read/write sysLogMgt. sysLogStatus.sysLog .HistoryRAMLevel Integer (0-7) Log Messages Not Defined.
3-160 Sun Fire B1600 Blade System Chassis Switch Administration Guide • June 2003
CHAPTER 4 Command-Line Reference This chapter describes how to use the command-line interface (CLI) and includes the following sections: ■ Section 4.1, “Using the Command-Line Interface” on page 4-2 ■ Section 4.2, “Command Groups” on page 4-11 ■ Section 4.
4.1 Using the Command-Line Interface 4.1.1 Accessing the CLI When accessing the management interface for the switch over a direct connection to the switch’s console port, or through a Telnet connection, the switch can be managed by entering command keywords and parameters at the prompt. Using the switch's command-line interface (CLI) is very similar to entering commands on a UNIX system. 4.1.1.1 Console Connection To access the switch through the console port, perform these steps: 1.
4.1.1.2 Telnet Connection Telnet operates over the IP transport protocol. In this environment, your management station and any network device you want to manage over the network must have a valid IP address. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. Each address consists of a network portion and host portion. For example, the IP address, 10.1.0.1, consists of a network portion (10.1.0) and a host portion (1). Note – The IP address for the switch is unassigned by default.
After entering the Telnet command, the login screen displays: Username: admin Password: CLI session with the Sun Fire B1600 is opened. To end the CLI session, enter [Exit]. Vty-0# Note – You can open up to four sessions to the switch through Telnet. 4.1.2 Entering Commands This section describes how to enter CLI commands. 4.1.2.1 Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters.
4.1.2.2 Minimum Abbreviation The CLI accepts a minimum number of characters that uniquely identify a command. For example, the command logging history can be entered as logging h. If an entry is ambiguous, the system prompts for further input. 4.1.2.3 Command Completion If you terminate input with a Tab key, the CLI prints the remaining characters of a partial keyword up to the point of ambiguity. In the logging history example, typing log followed by a tab results in printing the command up to logging.
4.1.2.5 Showing Commands If you type a ? at the command prompt, the system displays the first level of keywords for the current command class (Normal Exec or Privileged Exec) or configuration class (Global, Interface, Line, or VLAN Database). You can also display a list of valid keywords for a specific command.
4.1.2.6 Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided. (Remember not to leave a space between the command and question mark.) For example s? shows all the keywords starting with “s.” Console#show s? snmp spanning-tree 4.1.2.
mark ? at the prompt to display a list of the commands available for the current mode. The command classes and associated modes are displayed in the following table: TABLE 4-1 Command Modes Class Mode Exec Normal Privileged Configuration* Global Interface Line VLAN Database * You must be in Privileged Exec mode to access any of the configuration modes. 4.1.2.
Username: guest Password: guest login password CLI session with the Sun Fire B1600 is opened. To end the CLI session, enter [Exit]. Console>enable Password: privileged level password Console# 4.1.2.11 Configuration Commands Configuration commands are privileged level commands used to modify switch settings. These commands modify the running configuration only and are not saved when the switch is rebooted.
To enter the other modes, at the configuration prompt type one of the following commands. Use the exit command to return to Configuration mode or the end command to return to Privileged Exec mode.
4.2 Command Groups The system commands can be broken down into the functional groups shown below.
TABLE 4-4 Command Groups (Continued) Command Group Description Page Priority Sets port priority for untagged frames, relative weight for each priority queue, and the maximum number of queues enabled; also sets priority for IP precedence and DSCP 4-150 Mirror Port 4-164 Mirrors data to another port for analysis without affecting the data passing through or the performance of the monitored port Link Aggregation and LACP Statically groups multiple ports into an aggregated link; 4-166 configures Link
4.3 Detailed Command Description 4.3.1 General Commands TABLE 0-2 4.3.1.
Default Setting Level 15 Command Mode Normal Exec Command Usage ■ super is the default password required to change the command mode from Normal Exec to Privileged Exec. (To set this password, see the enable password command on page 4-30.) ■ The # character is appended to the end of the prompt to indicate that the system is in privileged access mode. Example Console>enable Password: privileged level password Console# Related Commands disable (4-14) enable password (4-30) 4.3.1.
Command Mode Privileged Exec Command Usage The > character is appended to the end of the prompt to indicate that the system is in normal access mode. Example Console#disable Console> Related Commands enable (4-13) 4.3.1.3 configure Use this command to activate Global Configuration mode. You must enter this mode to modify any settings on the switch.
Example Console#configure Console(config)# Related Commands end (4-18) 4.3.1.4 show history Use this command to show the contents of the command history buffer. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands.
Example In this example, the show history command lists the contents of the command history buffer: Console#show history Execution command history: 2 config 1 show history Configuration command history: 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console# The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode, and commands from the Configuration command history buffer when you are in any of the configuration modes.
Command Mode Privileged Exec Command Usage This command resets the entire system. Example This example shows how to reset the switch: Console#reload System will be restarted, continue ? y 4.3.1.6 end Use this command to return to Privileged Exec mode.
4.3.1.7 exit Use this command to return to the previous configuration mode or exit the configuration program. Default Setting None Command Mode Any Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI session: Console(config)#exit Console#exit Press ENTER to start session User Access Verification Username: 4.3.1.8 quit Use this command to exit the CLI session.
Command Usage The quit and exit commands can both exit the configuration program. Example This example shows how to quit a CLI session: Console#quit Press ENTER to start session User Access Verification Username: 4.3.2 Flash/File Commands These commands are used to manage the system code or configuration files. 4.3.2.
Syntax copy copy copy copy copy file {file | running-config | startup-config | tftp} running-config {file | startup-config | tftp} startup-config {file | running-config | tftp} tftp {file | running-config | startup-config} tftp https-certificate ■ file – Keyword that allows you to copy to/from a file. ■ running-config – Keyword that allows you to copy to/from the current running configuration. ■ startup-config – The configuration used for system initialization.
Example The following example shows how to upload the configuration settings to a file on the TFTP server: Console#copy file tftp Choose file type: 1. config: 2. opcode: <1-2>: 1 Source file name: startup TFTP server ip address: 10.1.0.99 Destination file name: startup.01 TFTP completed. Success. Console# The following example shows how to copy the running configuration to a file. Console#copy running-config file destination file name : startup Write to FLASH Programming. \Write to FLASH finish. Success.
Syntax delete filename filename – Name of the configuration file or image name. Default Setting None Command Mode Privileged Exec Command Usage ■ If the file type is boot-ROM or is used for system startup, then this file cannot be deleted. ■ The file Factory_Default_Config.cfg cannot be deleted. Example This example shows how to delete the test2.cfg configuration file from Flash memory. Console#delete test2.cfg Console# Related Commands dir (4-23) 4.3.2.
The type of file or image to display includes: ■ boot-rom – Boot ROM ■ config – Configuration file ■ opcode – Run-time operation code. ■ filename – Name of the file to display. If this file exists but contains errors, information on the file cannot be displayed. Default Setting None Command Mode Privileged Exec Command Usage ■ If you enter the command dir without any parameters, the system displays all files.
Example The following example shows how to display all file information: Console#dir file name file type startup size (byte) -------------------------------- -------------- ------- ------diag_0060 Boot-Rom image Y 111360 run_01642 Operation Code N 1074304 run_0200 Operation Code Y 1083008 Factory_Default_Config.cfg Config File N 2574 startup Config File Y 2710 -------------------------------------------------------------Total free space: 0 Console# 4.3.2.
Example This example shows the information displayed by the whichboot command Console#whichboot file name file type startup size (byte) ----------------- -------------- ------- ----------diag_0060 Boot-Rom image Y 111360 run_0200 Operation Code Y 1083008 startup Config File Y 2710 Console# 4.3.2.5 boot system Use this command to specify the file or image used to start up the system.
Example Console(config)#boot system config: startup Console(config)# Related Commands dir (4-23) whichboot (4-25) 4.3.3 System Management Commands These commands are used to control system logs, passwords, user names, browser configuration options, and display or configure a variety of other system information.
TABLE 4-6 System Management Commands (Continued) Command Function Mode Page show startupconfig Displays the contents of the configuration file (stored in Flash memory) that is used to start up the system PE 4-38 show runningconfig Displays the configuration data currently in use PE 4-40 show system Displays system information NE, 4-42 PE show users Shows all active console and Telnet sessions, including NE, 4-44 user name, idle time, and IP address of Telnet clients PE show version Displa
Example Console(config)#hostname Server_Chassis_35 Console(config)# 4.3.3.2 username Use this command to add named users, require authentication at login, specify or change a user's password (or specify that no password is required), or specify or change a user's access level. Use the no form to remove a user name. Syntax username name {access-level level | nopassword | password {0 | 7} password} no username name ■ name – The name of the user.
Command Mode Global Configuration Command Usage There is no need to specify encrypted passwords on the command line. The option 7 is used internally by the switch at system bootup time to enable the switch to read any encrypted passwords stored in the configuration file. Example This example shows how the set the access level and password for a user. Console(config)#username bob access-level 15 Console(config)#username bob password 0 smith Console(config)# 4.3.3.
Command Mode Global Configuration Command Usage ■ You cannot set a null password. You have to enter a password to change the command mode from Normal Exec to Privileged Exec with the enable command (page 4-13). ■ There is no need to specify encrypted passwords on the command line. The option 7 is used internally by the switch at system bootup time to enable the switch to read any encrypted passwords stored in the configuration file.
Command Mode Global Configuration Example Console(config)#ip http port 769 Console(config)# Related Commands ip http server (4-32) 4.3.3.5 ip http server Use this command to allow the switch to be monitored or configured from a browser. Use the no form to disable this function.
Example Console(config)#ip http server Console(config)# Related Commands ip http port (4-31) 4.3.3.6 jumbo frame Use this command to enable support for jumbo frames. Use the no form to disable it. Syntax jumbo frame no jumbo frame Default Setting disabled Command Mode Global Configuration Command Usage ■ The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9000 bytes. Compared to standard Ethernet frames that run only up to 1.
■ Enabling jumbo frames limits the maximum threshold for broadcast storm control to 64 packets per second. (See the switchport broadcast command on page 4-91.) Example Console(config)#jumbo-frame Console(config)# 4.3.3.7 logging on Use this command to control logging of error messages. This command sends debug or error messages to switch memory. The no form disables the logging process.
Related Commands logging history (4-35) clear logging (4-36) 4.3.3.8 logging history Use this command to limit syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history {flash | ram} level no logging history {flash | ram} ■ flash – The event history stored in Flash memory (permanent memory). ■ ram – The event history stored in temporary RAM (memory flushed on power reset).
Command Mode Global Configuration Command Usage The message level specified for Flash memory must be a higher priority (numerically lower) than that specified for RAM. Example Console(config)#logging history ram 0 Console(config)# 4.3.3.9 clear logging Use this command to clear messages from the log buffer. Syntax clear logging [flash | ram] ■ flash – The event history stored in Flash memory (permanent memory). ■ ram – The event history stored in temporary RAM (memory flushed on power reset).
Related Commands show logging (4-37) 4.3.3.10 show logging Use this command to display the current logging configuration, along with any system and event messages stored in memory. Syntax show logging {flash | ram} ■ flash – Event history stored in Flash memory (permanent memory). ■ ram – Event history stored in temporary RAM (memory flushed on power reset).
Example The following example shows that system logging is enabled, the message level for Flash memory is errors (default level 3 to 0), the message level for RAM is debugging (default level 7 to 0), and lists one sample error. Console#show logging flash Syslog logging: Enable History logging in FLASH: level errors [0] 0:0:5 1/1/1 "PRI_MGR_InitDefault function fails." level: 3, module: 13, function: 0, and event no.
Command Usage ■ Use this command in conjunction with the show running-config command to compare the information in running memory to the information stored in non-volatile memory. ■ This command displays settings for key command modes. Each mode group is separated by ! symbols, and includes the configuration mode command, and corresponding commands.
! ! spanning-tree mst-configuration name XSTP REGION 0 ! interface ethernet SNP0 description Blade Slot 1 flowcontrol switchport allowed vlan add 1 untagged switchport native vlan 1 spanning-tree edge-port spanning-tree link-type auto . . interface vlan 2 ip address 0.0.0.0 255.0.0.0 !! no bridge-ext gvrp! ! authentication login local tacacs-server host 0.0.0.0 tacacs-server port 0 ! line console ! ! line vty ! ! end Console# Related Commands show running-config (4-40) 4.3.3.
Command Mode Privileged Exec Command Usage ■ Use this command in conjunction with the show startup-config command to compare the information in running memory to the information stored in non-volatile memory. ■ This command displays settings for key command modes. Each mode group is separated by ! symbols, and includes the configuration mode command, and corresponding commands.
! vlan database vlan 1 name DefaultVlan media ethernet state active vlan 2 name MgtVlan media ethernet state active ! ! ! spanning-tree mst-configuration ! interface ethernet SNP0 description Blade Slot 0 flowcontrol switchport allowed vlan add 1 untagged switchport native vlan 1 spanning-tree edge-port spanning-tree link-type auto . . interface vlan 2 ip address 0.0.0.0 255.0.0.0 ! ! no bridge-ext gvrp ! ! authentication login local tacacs-server host 0.0.0.
Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage ■ For a description of the items shown by this command, refer to “Displaying System Information” on page 3-8. ■ The POST results should all display PASS. If any POST test indicates FAIL, contact your distributor for assistance. Example Console#show system System description: Sun Fire B1600 System OID string: 1.3.6.1.4.1.42.2.24.1 System information System Up time: 0 days, 0 hours, 55 minutes, and 54.
4.3.3.14 show users Shows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet clients. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The session used to execute this command is indicated by a * symbol next to the Line (session) index number. Example Console#show users Username accounts: Username Privilege -------- --------admin 15 guest 0 Online users: Line Username Idle time (h:m:s) Remote IP addr.
Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage See “Displaying Switch Software Versions” on page 3-18 for detailed information about the software items. The meaning of hardware items are as follows: ■ Serial Number – The serial number of the main board. ■ Service Tag – Not applicable for this switch. ■ Hardware Version – The hardware version of the main board. ■ Number of Ports – The number of ports on the switch ■ Main Power Status – The power status for the switch.
RADIUS and TACACS are logon authentication protocols that use software running on a central server to control access to RADIUS-aware or TACACS-aware devices on the network. An authentication server contains a database of multiple user name and password pairs with associated privilege levels for each user that requires management access to a switch.
Authentication methods may be specified in any order. Default Setting None Command Mode Global Configuration Command Usage ■ RADIUS uses UDP while TACACS uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server, while TACACS encrypts the entire body of the packet.
4.3.4.2 radius-server host Use this command to specify the RADIUS server. Use the no form to restore the default. Syntax radius-server host host_ip_address no radius-server host host_ip_address – The IP address of the server. Default Setting 10.11.12.13 Command Mode Global Configuration Example Console(config)#radius-server host 192.168.1.25 Console(config)# 4.3.4.3 radius-server port Use this command to set the RADIUS server network port. Use the no form to restore the default.
Default Setting 1812 Command Mode Global Configuration Example Console(config)#radius-server port 181 Console(config)# 4.3.4.4 radius-server key Use this command to set the RADIUS encryption key. Use the no form to restore the default. Syntax radius-server key key_string no radius-server key key_string – The encryption key used to authenticate logon access for the client. Do not use blank spaces in the string. The maximum length is 20 characters.
4.3.4.5 radius-server retransmit Use this command to set the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries – The number of times (between 1 and 30) the switch tries to authenticate logon access through the RADIUS server. Default Setting 2 Command Mode Global Configuration Example Console(config)#radius-server retransmit 5 Console(config)# 4.3.4.
Default Setting 5 Command Mode Global Configuration Example Console(config)#radius-server timeout 10 Console(config)# 4.3.4.7 show radius-server Use this command to display the current settings for the RADIUS server. Default Setting None Command Mode Privileged Exec Example Console#show radius-server Remote radius server configuration: Server IP address: 10.11.12.
4.3.4.8 tacacs-server host Use this command to specify the TACACS server. Use the no form to restore the default. Syntax tacacs-server host host_ip_address no tacacs-server host host_ip_address – IP address of server. Default Setting None Command Mode Global Configuration Example Console(config)#tacacs-server host 192.168.1.25 Console(config)# 4.3.4.9 tacacs-server port Use this command to set the TACACS server network port. Use the no form to restore the default.
Default Setting None Command Mode Global Configuration Example Console(config)#tacacs-server port 181 Console(config)# 4.3.4.10 tacacs-server key Use this command to set the TACACS encryption key. Use the no form to restore the default. Syntax tacacs-server key key_string no tacacs-server key key_string – The encryption key used to authenticate logon access for the client. Do not use blank spaces in the string. The maximum length is 20 characters.
4.3.4.11 show tacacs-server Use this command to display the current settings for the TACACS server. Default Setting None Command Mode Privileged Exec Example Console#show tacacs-server Remote TACACS server configuration: Server IP address: 10.11.12.13 Communication key with tacacs server: green Server port number: 1824 Console# 4.3.5 SNMP Commands Controls access to this switch from SNMP management stations, as well as the error types sent to trap managers.
TABLE 4-10 4.3.5.1 SNMP Commands Command Function Mode Page snmp-server host Specifies the recipient of an SNMP notification operation GC 4-57 snmp-server enable traps Enables the device to send SNMP traps (SNMP notifications) GC 4-59 show snmp Displays the status of SNMP communications NE, PE 4-60 snmp-server community Use this command to define the community access string for the Simple Network Management Protocol. Use the no form to remove the specified community string.
Command Usage The first snmp-server community command you enter enables all versions of SNMP (SNMP v1 and SNMP v2c). The no snmp-server community command disables all versions of SNMP. Example Console(config)#snmp-server community alpha rw Console(config)# 4.3.5.2 snmp-server contact Use this command to set the system contact string. Use the no form to remove the system contact information.
Related Commands snmp-server location (4-57) 4.3.5.3 snmp-server location Use this command to set the system location string. Use the no form to remove the location string. Syntax snmp-server location text no snmp-server location text – String that describes the system location. (Maximum length: 255 characters) Default Setting None Command Mode Global Configuration Example Console(config)#snmp-server location WC-19 Console(config)# Related Commands snmp-server contact (4-56) 4.3.5.
Syntax snmp-server host host-addr community-string version version-number no snmp-server host host-addr ■ host-addr – Name or Internet address of the host (the targeted recipient). (Maximum host addresses: 5 trap destination IP address entries) ■ community-string – Password-like community string sent with the notification operation.
Related Commands snmp-server enable traps (4-59) 4.3.5.5 snmp-server enable traps Use this command to enable the switch to send Simple Network Management Protocol traps (SNMP notifications). Use the no form to disable SNMP notifications. Syntax snmp-server enable traps [authentication | link-up-down] no snmp-server enable traps [authentication | link-up-down] ■ authentication – The keyword to issue authentication failure traps. ■ link-up-down – The keyword to issue link-up or link-down traps.
Example Console(config)#snmp-server enable traps link-up-down Console(config)# Related Commands snmp-server host (4-57) 4.3.5.6 show snmp Use this command to check the status of SNMP communications. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage This command provides information on the community access strings, counter information for SNMP input and output protocol data units, and whether or not SNMP logging has been enabled with the snmp-server enable traps command.
Example Console#show snmp SNMP traps: Authentication: enable Link-up-down: enable SNMP communities: 1. private, and the privilege is read/write 2.
4.3.6 Line Commands You can access the on-board configuration program by attaching a VT100 compatible device to the switch’s serial port. These commands are used to set communication parameters for the serial port or Telnet (a virtual terminal). Note – The connection parameters for the serial interface are fixed at 8 data bits, 1 stop bit, no parity, and 9600 bps.
Default Setting There is no default line. Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as Vty in screen displays such as show users. Example To enter console line mode, enter the following command: Console(config)#line console Console(config-line)# Related Commands show line (4-68) show users (4-44) 4.3.6.2 login Use this command to enable password checking at login.
Default Setting login local Command Mode Line Configuration Command Usage ■ There are three authentication modes provided by the switch itself at login: login selects authentication by a single global password as specified by the password line configuration command. When using this method, the management interface starts in Normal Exec (NE) mode. login local selects authentication using the user name and password specified by the username command (the default setting).
Syntax password {0 | 7} password no password ■ {0 | 7} - 0 means input plain password, 7 means input encrypted password. ■ password - Character string that specifies the line password. (Maximum length: 8 characters plain text, 32 encrypted, case sensitive) Default Setting No password is specified. Command Mode Line Configuration Command Usage ■ When a connection is started on a line with password protection, the system prompts for the password.
4.3.6.4 exec-timeout Use this command to set the interval that the system waits for user input before terminating the current session. Use the no form to restore the default. Syntax exec-timeout [seconds] no exec-timeout seconds - Integer that specifies the number of seconds.
Syntax password-thresh threshold no password-thresh threshold – The number of allowed password attempts. (Range: 1-120; 0: no threshold) Default Setting The default value is three attempts. Command Mode Line Configuration Command Usage ■ When the login attempt threshold is reached on the console port, the system interface becomes silent for a specified amount of time before allowing the next login attempt. (Use the silent-time command to set this interval.
Syntax silent-time [seconds] no silent-time seconds – The number of seconds to disable console response. (Range: 0-65535; 0: no silent-time) Default Setting The default value is no silent-time. Command Mode Line Configuration Example To set the silent time to 60 seconds, enter this command: Console(config-line)#silent-time 60 Console(config-line)# Related Commands password-thresh (4-66) 4.3.6.7 show line Use this command to display the terminal line’s parameters.
Default Setting Shows all lines Command Mode Normal Exec, Privileged Exec Example To show the connection settings for all lines, enter this command: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Silent time: Disabled Baudrate: 9600 Databits: 8 Parity: none Stopbits: 1 Vty configuration: Password threshold: 3 times Interactive timeout: 600 Console# 4.3.
TABLE 4-12 IP Commands Command Function Mode Page ip dhcp clientidentifier Specifies the DHCP client identifier for the switch. Note that the System Controller assigns the client identifier for the switch each time either it or the switch boots. Therefore we do not recommend you specify a client identifier.
Command Mode Interface Configuration (VLAN) Command Usage ■ You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server. The factory default is to use DHCP. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. Any other format will not be accepted by the software. ■ If you select the bootp or dhcp option, IP is enabled but does not function until a BOOTP or DHCP reply is received.
Default Setting None Command Mode Privileged Exec Command Usage ■ DHCP requires the server to reassign the client’s last address if available. ■ If the BOOTP or DHCP server is moved to a different domain, the network portion of the address provided to the client is based on this new domain. Example In the following example, the device is reassigned the same address.
Syntax ip dhcp client-identifier {text text | hex hex} no ip dhcp client-identifier ■ text – A text string. (Range: 1-15 characters) ■ hex – The hexidecimal value. Default Setting The DHCP client identifier is supplied by the System Controller in the SSC whenever the System Controller resets the switch. Therefore, do not change this value from the switch command-line interface.
4.3.7.4 ip default-gateway Use this command to a establish a static route between the switch and management stations that exist on another network segment. Use the no form to remove the static route. Syntax ip default-gateway gateway no ip default-gateway gateway – The IP address of the default gateway Default Setting No static route is established. Command Mode Global Configuration Command Usage A gateway must be defined if the management station is located in a different IP segment.
4.3.7.5 show ip interface Use this command to display the settings of an IP interface. Default Setting All interfaces Command Mode Privileged Exec Command Usage This switch can only be assigned one IP address. This address is used for managing the switch. Example Console#show ip interface IP address and netmask: 10.1.0.54 255.255.255.0 on VLAN 2, and address mode: User specified. Console# Related Commands show ip redirects (4-75) 4.3.7.
Command Mode Privileged Exec Example Console#show ip redirects ip default gateway 10.1.0.254 Console# Related Commands ip default-gateway (4-74) 4.3.7.7 ping Use this command to send ICMP echo request packets to another node on the network. Syntax ping host [count count][size size] ■ host – The IP address of the host. ■ count – The number of packets to send. (Range: 1-16, default: 5) ■ size – The number of bytes in a packet.
Command Usage ■ Use the ping command to see if another site on the network can be reached. ■ The following are some results of the ping command: Normal response – The normal response occurs in one to ten seconds, depending on network traffic. Destination does not respond – If the host does not respond, the switch displays timeout. Destination unreachable – The gateway for this destination indicates that the destination is unreachable.
Syntax ip filter [rule-number] action protocol {source source-bitmask} {destination destination-bitmask} [fragments] [log] The port number is not checked. The fragments option is allowed. ip filter [rule-number] action protocol {source source-bitmask} [source-port-range] {destination destination-bitmask} [destination-port-range] [log] The port number is checked; that is, if either source-port-range or destinationport-range is specified, the fragments option is not allowed.
1 (fin) – Finish 2 (syn) – Synchronize 4 (rst) – Reset 8 (psh) – Push 16 (ack) – Acknowledgement 32 (urg) – Urgent pointer code-keyword-seq – The following code keywords can be specified, but must follow the indicated sequence: fin | syn | rst | psh | ack | urg (The code keyword must be ON if specified and OFF if not specified.) ■ fragments – The rule only matches packets with the More Fragments (MF) bit set or with a fragment offset greater than zero.
SYN flag valid, use code 2 2 Both SYN and ACK valid, use code 18 18 SYN valid and ACK invalid, use code 2 18 Example – Address filters This example allows all packets to pass through the filter by permitting any protocol type, and using a null address and network mask for both the source address and destination address. Console(config)#ip filter permit any 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Console(config)# This accepts any incoming packets if the source address is within subnet 10.7.1.x.
This also blocks all TCP packets from class C addresses 192.168.1.0 with SYN set. Console(config)#ip filter deny tcp 192.168.1.0 255.255.255.0 0.0.0.0 0.0.0.0 code 2 2 Console(config)# Example – Checking for port numbers This example allows TCP packets from class C addresses 192.168.1.0 to anywhere when set for destination port 80. Console(config)#ip filter permit tcp 192.168.1.0 255.255.255.0 0.0.0.0 0.0.0.0 80 Console(config)# This example drops any TCP packets from source 10.7.1.1 to destination 10.
Command Mode Privileged Exec Example In this example, the only specified rule permits packets within the subnet 10.1.0.x to pass between the management port and the down-link ports. Console#show ip filter Ip filter: Rule:1, Action: permit, Protocol: any, Log: disable, Fragments: disable Source: 10.1.0.0 255.255.255.0 any Destination: 10.1.0.0 255.255.255.
4.3.8 Interface Commands These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN. TABLE 4-13 4.3.8.
■ ethernet port-name port-name – down link: SNP0-15; up link: NETP0-7; mgt: NETMGT ■ port-channel channel-id (Range: 1 to 6) ■ vlan vlan-id (Range: 1 to 4094) Default Setting None Command Mode Global Configuration Example To specify the first up-link port, enter the following command: Console(config)#interface ethernet NETP0 Console(config-if)# 4.3.8.2 description Use this command to add a description to an interface. Use the no form to remove the description.
Command Mode Interface Configuration (Ethernet, Port Channel) Example The following example configures a description for down-link port SNP5. Console(config)#interface ethernet SNP5 Console(config-if)#description RD-SW#3 Console(config-if)# 4.3.8.3 speed-duplex Use this command to configure the speed and duplex mode of a given interface when auto-negotiation is disabled. Use the no form to restore the default.
Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage ■ To force operation to the speed and duplex mode specified in a speedduplex command, use the no negotiation command to disable autonegotiation on the selected interface. However, note that auto-negotiation cannot be disabled on the down-link ports. These ports are fixed at 1000 Mbit/sec, full duplex.
Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage ■ Down-link ports SNP0-15 are fixed with auto-negotiation disabled. ■ When auto-negotiation is enabled the switch will negotiate the best settings for a link based on the capabilites command. When auto-negotiation is disabled, you must manually specify the link attributes with the speedduplex and flowcontrol commands.
Syntax capabilities {1000full | 100full | 100half | 10full | 10half | flowcontrol | symmetric} no port-capabilities [1000full | 100full | 100half | 10full | 10half | flowcontrol | symmetric] ■ 1000full – Supports 1000 Mbit/sec full-duplex operation ■ 100full – Supports 100 Mbit/sec full-duplex operation ■ 100half – Supports 100 Mbit/sec half-duplex operation ■ 10full – Supports 10 Mbit/sec full-duplex operation ■ 10half – Supports 10 Mbit/sec half-duplex operation ■ flowcontrol – Supports flow co
Example The following example configures port NETP5 capabilities to 100half, 100full and flowcontrol. Console(config)#interface ethernet NETP5 Console(config-if)#no capabilities 10half Console(config-if)#no capabilities 10hfull Console(config-if)#no capabilities 1000full Console(config-if)#capabilities 100half Console(config-if)#capabilities 100full Console(config-if)#capabilities flowcontrol Console(config-if)# Related Commands negotiation (4-86) speed-duplex (4-85) flowcontrol (4-89) 4.3.8.
Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage ■ Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.3x for full-duplex operation. ■ To force flow control on or off (with the flowcontrol or no flowcontrol command), use the no negotiation command to disable auto-negotiation on the selected interface.
4.3.8.7 shutdown Use this command to disable an interface. To restart a disabled interface, use the no form. Syntax shutdown no shutdown Default Setting All interfaces are enabled. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This command allows you to disable a port due to abnormal behavior (for example, excessive collisions), and then reenable it after the problem has been resolved. You may also want to disable a port for security reasons.
Syntax switchport broadcast packet-rate rate no switchport broadcast rate – The threshold level in packets per second. (Range: 16, 64, 128, 256) Default Setting Enabled for all ports 256 packets per second Command Mode Interface Configuration (Ethernet) Command Usage ■ When broadcast traffic exceeds the specified threshold, packets above that threshold are dropped. ■ This command can enable or disable broadcast storm control for the selected interface.
4.3.8.9 clear counters Use this command to clear statistics on an interface. Syntax clear counters interface interface – ethernet port-name port-name – down link: SNP0-15; up link: NETP0-7; mgt: NETMGT Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset. This command sets the base value for displayed statistics to zero for the current management session.
Syntax show interfaces status [interface] interface ■ ethernet port-name ■ port-name – down link: SNP0-15; up link: NETP0-7; mgt: NETMGT ■ port-channel channel-id (Range: 1-6) ■ vlan vlan-id (Range: 1-4094) Default Setting Shows status for all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed. For a description of the items displayed by this command, see “Displaying Connection Status” on page 3-96.
Example Console#show interfaces status ethernet SNP11 Information of SNP11 Basic information: Port type: 1000SX Mac address: 00-00-e8-00-00-0a Configuration: Name: Blade Slot 11 Port admin status: Up Speed-duplex: Auto Capabilities: 1000full, Broadcast storm status: Enabled Broadcast storm limit: 256 packets/second Flow control status: Enabled Lacp status: Disabled Current status: Link status: Down Operation speed-duplex: 1000full Flow control type: Dot3X Console# 4.3.8.
Command Usage If no interface is specified, information on all interfaces is displayed. For a description of the items displayed by this command, see “Showing Port Statistics” on page 3-141.
Syntax show interfaces switchport [interface] interface ■ ethernet port-name port-name – down link: SNP0-15; up link: NETP0-7; mgt: NETMGT ■ port-channel channel-id (Range: 1-6) Default Setting Shows all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed.
Example This example shows the configuration setting for Ethernet port NETP7. Console#show interfaces switchport ethernet NETP7 Information of NETP7 Broadcast threshold: Enabled, 256 packets/second Lacp status: Enabled VLAN membership mode: Hybrid Ingress rule: Disabled Acceptable frame type: All frames Native VLAN: 1 Priority for untagged traffic: 0 Gvrp status: Enabled Allowed Vlan: 1(u), Forbidden Vlan: 2, Console# 4.3.
4.3.9.1 mac-address-table static Use this command to map a static address to a destination port. Use the no form to remove an address. Syntax mac-address-table static mac-address {interface interface} vlan vlan-id [action] no mac-address-table static mac-address vlan vlan-id ■ mac-address – MAC address.
■ A static address cannot be learned on another port until the address is removed with the no form of this command. Example Console(config)#mac-address-table static 00-e0-29-94-34-de interface ethernet SNP1 vlan 1 delete-on-reset Console(config)# 4.3.9.2 clear mac-address-table dynamic Use this command to remove any learned entries from the forwarding database and to clear the transmit and receive counts for any static or system configured entries.
■ mask – Bits to ignore in the address. ■ interface ethernet port-name port-name – down link: SNP0-15; up link: NETP0-7; mgt: NETMGT port-channel channel-id (Range: 1-6) ■ vlan-id – VLAN ID (Range: 1-4094) ■ sort – Sort by address, vlan or interface. Default Setting None Command Mode Privileged Exec Command Usage The MAC Address Table contains the MAC addresses associated with each interface.
Syntax mac-address-table aging-time seconds no mac-address-table aging-time seconds – The time is the number of seconds (18 to 2184). Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information. Example Console(config)#mac-address-table aging-time 300 Console(config)# 4.3.9.5 show mac-address-table aging-time Use this command to show the aging time for entries in the address table.
Example Console#show mac-address-table aging-time Aging time: 300 sec. Console# 4.3.10 Port Security Commands These commands can be used to disable the learning function or manually specify secure addresses for a port.
Command Mode Interface Configuration (Ethernet) Command Usage ■ If you enable port security, the switch stops dynamically learning new addresses on the specified port. Only incoming traffic with source addresses already stored in the dynamic or static address table are accepted. ■ To use port security, first allow the switch to dynamically learn the
4.3.11 Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) for the overall switch, and commands that configure STA for the selected interface.
Syntax spanning-tree no spanning-tree Default Setting Spanning tree is enabled. Command Mode Global Configuration Command Usage The Spanning Tree Algorithm can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.
■ rstp – Rapid Spanning Tree Protocol (IEEE 802.1w) Default Setting rstp Command Mode Global Configuration Command Usage ■ Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits, as described below: ■ STP Mode – If the switch receives an 802.1D BPDU after a port’s migration delay timer expires, the switch assumes it is connected to an 802.
The minimum value is the higher of 4 or [(max-age / 2) + 1]. Default Setting 15 seconds Command Mode Global Configuration Command Usage This command sets the maximum time (in seconds) the root device will wait before changing states (that is, discarding to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames.
Default Setting 2 seconds Command Mode Global Configuration Command Usage This command sets the time interval (in seconds) at which the root device transmits a configuration message. Example Console(config)#spanning-tree hello-time 5 Console(config)# 4.3.11.5 spanning-tree max-age Use this command to configure the spanning tree bridge maximum age globally for this switch. Use the no form to restore the default.
Command Mode Global Configuration Command Usage This command sets the maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals. Any port that ages out STA information (provided in the last configuration message) becomes the designated port for the attached LAN.
Command Usage Bridge priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STA root device (0=highest, 61440=lowest). However, if all devices have the same priority, the device with the lowest MAC address will then become the root device. Example Console(config)#spanning-tree priority 40000 Console(config)# 4.3.11.7 spanning-tree pathcost method Use this command to configure the path cost method used for Rapid Spanning Tree.
Example Console(config)#spanning-tree pathcost method long Console(config)# 4.3.11.8 spanning-tree transmission-limit Use this command to configure the minimum interval between the transmission of consecutive RSTP BPDUs. Use the no form to restore the default. Syntax spanning-tree transmission-limit count no spanning-tree transmission-limit count – The transmission limit in seconds.
Syntax spanning-tree cost cost no spanning-tree cost cost – The path cost for the interface.
Related Commands spanning-tree port-priority (4-114) 4.3.11.10 spanning-tree port-priority Use this command to configure the priority for the specified interface. Use the no form to restore the default. Syntax spanning-tree port-priority priority no spanning-tree port-priority priority – The priority for an interface.
Related Commands spanning-tree cost (4-112) 4.3.11.11 spanning-tree edge-port Use this command to specify an interface as an edge port. Use the no form to restore the default.
Example Console(config)#interface ethernet SNP5 Console(config-if)#spanning-tree edge-port Console(config-if)# 4.3.11.12 spanning-tree protocol-migration Use this command to re-check the appropriate BPDU format to send on the selected interface.
4.3.11.13 spanning-tree link-type Use this command to configure the link type for Rapid Spanning Tree. Use the no form to restore the default. Syntax spanning-tree link-type {auto | point-to-point | shared} no spanning-tree link-type ■ auto – Automatically derived from the duplex mode setting. ■ point-to-point – Point-to-point link. ■ shared – Shared medium.
4.3.11.14 show spanning-tree Use this command to show the configuration for the spanning tree. Syntax show spanning-tree [interface] interface ■ ethernet port-name port-name – down link: SNP0-15; up link: NETP0-7; mgt: NETMGT ■ port-channel channel-id (Range: 1-6) Default Setting None Command Mode Privileged Exec Command Usage 4-118 ■ Use the show spanning-tree command with no parameters to display the spanning tree configuration for the switch and for every interface in the tree.
Example Console#show spanning-tree Spanning tree information -------------------------------------------------------Spanning tree mode :RSTP Spanning tree enable/disable :enable Priority :32768 Bridge Hello Time (sec.) :2 Bridge Max Age (sec.) :20 Bridge Forward Delay (sec.) :15 Root Hello Time (sec.) :2 Root Max Age (sec.) :20 Root Forward Delay (sec.) :15 Designated Root :8.0000E8666672 Current root port :0 Current root cost :0 Number of topology changes :0 Last topology changes time (sec.
4.3.12 VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is used, and enable automatic VLAN registration for the selected interface.
4.3.12.1 vlan database Use this command to enter VLAN database mode. All commands in this mode will take effect immediately. Default Setting None Command Mode Global Configuration Command Usage ■ Use the VLAN database command mode to add, change, and delete VLANs. After finishing configuration changes, you can display the VLAN settings by entering the show vlan command. ■ Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN.
Syntax vlan vlan-id [name vlan-name] media ethernet [state {active | suspend}] no vlan vlan-id [name | state] ■ vlan-id – ID of configured VLAN. (Range: 1-4094, no leading zeroes) ■ name – Keyword to be followed by the VLAN name. vlan-name – ASCII string from 1 to 15 characters. ■ media ethernet – Ethernet media type. ■ state – Keyword to be followed by the VLAN state. ■ active – VLAN is operational. ■ suspend – VLAN is suspended. Suspended VLANs do not pass packets.
Related Commands show vlan (4-130) 4.3.12.3 interface vlan Use this command to enter interface configuration mode for VLANs, and configure a physical interface. Syntax interface vlan vlan-id vlan-id – The ID of the configured VLAN.
Syntax switchport mode {trunk | hybrid} no switchport mode ■ trunk – Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify the source VLAN. However, note that frames belonging to the port’s default VLAN (associated with the PVID) are sent untagged. ■ hybrid – Specifies a hybrid VLAN interface. The port may transmit tagged or untagged frames.
Default Setting All frame types Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage When set to receive all frame types, any received frames that are untagged are assigned to the default VLAN. Example The following example shows how to restrict the traffic received on SNP1 to tagged frames: Console(config)#interface ethernet SNP1 Console(config-if)#switchport acceptable-frame-types tagged Console(config-if)# 4.3.12.
Command Usage ■ Ingress filtering only affects tagged frames. ■ If ingress filtering is disabled, the interface accepts any VLAN-tagged frame if the tag matches a VLAN known to the switch (except for VLANs explicitly forbidden on this port). ■ If ingress filtering is enabled, incoming frames tagged for VLANs that do not include this ingress port in their member set are discarded. ■ Ingress filtering does not affect VLAN independent BPDU frames, such as GVRP or STP.
Command Usage ■ If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN, the interface will automatically be added to VLAN 1 as an untagged member. For all other VLANs, an interface must first be configured as an untagged member before you can assign its PVID to that group. ■ If acceptable frame types is set to all or switchport mode is set to hybrid, the PVID will be inserted into all untagged frames entering the ingress port.
To restore the management port to its factory-default VLAN (VLAN 2) and remove it from any other VLANs you have added it to, type the following commands: Console(config)#interface ethernet NETMGT Console(config-if)#switchport allowed vlan add 2 Console(config-if)#switchport native vlan 2 Console(config-if)#switchport allowed vlan remove vlan id where vlan id is the number of a VLAN other than VLAN 2 to which you have added NETMGT.
Example The following example shows how to add VLANs 1, 2, 5 and 6 to the allowed list as tagged VLANs for port SNP1: Console(config)#interface ethernet SNP1 Console(config-if)#switchport allowed vlan Console(config-if)#switchport allowed vlan Console(config-if)#switchport allowed vlan Console(config-if)#switchport allowed vlan Console(config-if)# 4.3.12.9 add add add add 1 2 5 6 tagged tagged tagged tagged switchport forbidden vlan Use this command to configure forbidden VLANs.
Example The following example shows how to prevent port SNP1 from being added to VLAN 3: Console(config)#interface ethernet SNP1 Console(config-if)#switchport forbidden vlan add 3 Console(config-if)# 4.3.12.10 show vlan Use this command to show VLAN information. Syntax show vlan [id vlan-id | name vlan-name] ■ id – Keyword to be followed by the VLAN ID. vlan-id – ID of the configured VLAN. (Range: 1-4094, no leading zeroes) ■ name – Keyword to be followed by the VLAN name.
Example The following example shows how to display information for VLAN 1: Console#show vlan id 1 VLAN Type Name Status Ports/Channel groups ---- ------- ---------------- --------- ---------------------1 Static DefaultVlan Active SNP0 SNP1 SNP2 SNP3 SNP4 SNP5 SNP6 SNP7 SNP8 SNP9 SNP10 SNP11 SNP12 SNP13 SNP14 SNP15 NETP0 NETP1 NETP2 NETP3 NETP4 NETP5 NETP6 NETP7 2 Static MgtVlan Active NETMGT Console# 4.3.
4.3.13.1 switchport gvrp Use this command to enable GVRP for a port. Use the no form to disable it. Syntax switchport gvrp no switchport gvrp Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Example Console(config)#interface ethernet SNP1 Console(config-if)#switchport gvrp Console(config-if)# 4.3.13.2 show gvrp configuration Use this command to show if GVRP is enabled or disabled.
Default Setting Shows both global and interface-specific configuration. Command Mode Normal Exec, Privileged Exec Example Console#show gvrp configuration Whole system: GVRP configuration: Enabled SNP0: Gvrp configuration: Enabled SNP1: Gvrp configuration: Enabled . . . 4.3.13.3 garp timer Use this command to set the values for the join, leave and leaveall timers. Use the no form to restore the timers' default values.
Default Setting ■ join: 20 centiseconds ■ leave: 60 centiseconds ■ leaveall: 1000 centiseconds Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage ■ Group Address Registration Protocol (GARP) is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN. The default values for the GARP timers are independent of the media access method or data rate.
4.3.13.4 show garp timer Use this command to show the GARP timers for the selected interface. Syntax show garp timer [interface] interface ■ ethernet port-name port-name – down link: SNP0-15; up link: NETP0-7; mgt: NETMGT ■ port-channel channel-id (Range: 1-6) Default Setting Shows all GARP timers. Command Mode Normal Exec, Privileged Exec Example Console#show garp timer ethernet SNP1 SNP1 GARP timer status: Join timer: 20 sec. Leave timer: 60 sec. Leaveall timer: 1000 sec.
Syntax bridge-ext gvrp no bridge-ext gvrp Default Setting Enabled Command Mode Global Configuration Command Usage GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. This function should be enabled to permit automatic VLAN registration, and to support VLANs which extend beyond the local switch. Example Console(config)#bridge-ext gvrp Console(config)# 4.3.13.
Command Usage The meanings of items displayed by this command are as follows: ■ Max support vlan numbers – The VLAN version used by the switch as specified in the IEEE 802.1Q standard. ■ Max support vlan ID – Maximum VLAN ID recognized by the switch. ■ Extended multicast filtering services – The switch does not support the filtering of individual multicast addresses based on GMRP (GARP Multicast Registration Protocol).
Example Console#show bridge-ext Max support vlan numbers: 255 Max support vlan ID: 4094 Extended multicast filtering services: No Static entry individual port: Yes VLAN learning: IVL Configurable PVID tagging: Yes Local VLAN capable: Yes Traffic classes: Enabled Global GVRP status: Enabled GMRP: Disabled Console# 4.3.14 IGMP Snooping Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service.
TABLE 4-19 IGMP Snooping Commands (Continued) Command Function Mode Page ip igmp snooping query-interval Configures the query interval GC 4-145 ip igmp snooping Configures the report delay query-max-responsetime GC 4-146 ip igmp snooping Configures the query timeout router-port-expiretime GC 4-147 PE 4-142 show ip igmp snooping Shows the IGMP snooping configuration Multicast Router Commands 4.3.14.
Example The following example enables IGMP snooping. Console(config)#ip igmp snooping Console(config)# 4.3.14.2 ip igmp snooping vlan static Use this command to add a port to a multicast group. Use the no form to remove the port.
Example The following shows how to statically configure a multicast group on a port: Console(config)#ip igmp snooping vlan 1 static 224.0.0.12 ethernet SNP5 Console(config)# 4.3.14.3 ip igmp snooping version Use this command to configure the IGMP snooping version. Use the no form to restore the default.
Example The following configures the switch to use IGMP Version 1: Console(config)#ip igmp snooping version 1 Console(config)# 4.3.14.4 show ip igmp snooping Use this command to show the IGMP snooping configuration. Default Setting None Command Mode Privileged Exec Command Usage See “Configuring IGMP Snooping Parameters” on page 3-55 for a description of the displayed items.
4.3.14.5 show mac-address-table multicast Use this command to show known multicast addresses. Syntax show mac-address-table multicast [vlan vlan-id] [user | igmp-snooping] ■ vlan-id – VLAN ID (1 to 4094) ■ user – Display only the user-configured multicast entries. ■ igmp-snooping – Display only entries learned through IGMP snooping. Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER, depending on selected options.
4.3.14.6 ip igmp snooping querier Use this command to enable the switch as an IGMP snooping querier. Use the no form to disable it. Syntax ip igmp snooping querier no ip igmp snooping querier Default Setting Disabled Command Mode Global Configuration Command Usage If enabled, the switch will serve as querier if elected. The querier is responsible for asking hosts if they want to receive multicast traffic. Example Console(config)#ip igmp snooping querier Console(config)# 4.3.14.
count - The maximum number of queries issued for which there has been no response before the querier takes action to drop a client from the multicast group. (Range: 2-10) Default Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action.
Syntax ip igmp snooping query-interval seconds no ip igmp snooping query-interval seconds – The frequency at which the switch sends IGMP host-query messages. (Range: 60-125) Default Setting 125 seconds Command Mode Global Configuration Example The following shows how to configure the query interval to 100 seconds: Console(config)#ip igmp snooping query-interval 100 Console(config)# 4.3.14.9 ip igmp snooping query-max-response-time Use this command to configure the snooping report delay.
Command Mode Global Configuration Command Usage ■ The switch must be using IGMPv2 for this command to take effect. ■ This command defines the time after a query, during which a response is expected from a multicast client. If a querier has sent a number of queries defined by the ip igmp snooping query-count, but a client has not responded, a countdown timer is started using an initial value set by this command.
Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must use IGMPv2 for this command to take effect. Example The following shows how to configure the timeout to 500 seconds: Console(config)#ip igmp snooping router-port-expire-time 500 Console(config)# Related Commands ip igmp snooping version (4-141) 4.3.14.11 ip igmp snooping vlan mrouter Use this command to statically configure a multicast router port. Use the no form to remove the configuration.
Default Setting No static multicast router ports are configured. Command Mode Global Configuration Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your switch, you can manually configure that interface to join all the current multicast groups.
Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static or Dynamic. Example The following shows the ports attached to multicast routers: Console#show ip igmp snooping mrouter VLAN M'cast Router Ports Type ---- ------------------- ------1 NETP5 Static 2 NETP6 Dynamic Console# 4.3.15 Priority Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion.
TABLE 4-20 Priority Commands (Continued) Command Function Mode Page show interfaces switchport Displays the administrative and operational status of an interface PE 4-96 Layer 3 and 4 Priority Commands 4.3.15.
Command Usage ■ The precedence for priority mapping is IP Precedence or IP DSCP, and default switchport priority. ■ The default priority applies for an untagged frame received on a port set to accept all frame types (i.e, receives both untagged and tagged frames). This priority does not apply to IEEE 802.1Q VLAN tagged frames. If the incoming frame is an IEEE 802.1Q VLAN tagged frame, the IEEE 802.1p User Priority bits are used. ■ This switch provides four priority queues for each port.
Command Mode Global Configuration Command Usage WRR allows bandwidth sharing at the egress port by defining scheduling weights. Example The following example shows how to assign WRR weights of 1, 3, 5 and 7 to the COS priority queues 0, 1, 2 and 3: Console(config)#queue bandwidth 1 3 5 7 Console(config)# Related Commands show queue bandwidth (4-155) 4.3.15.3 queue cos-map Use this command to assign class-of-service (COS) values to the COS priority queues.
Default Setting This switch supports Class of Service by using four priority queues, with Weighted Round Robin queuing for each port. Eight separate traffic classes are defined in IEEE 802.1p. The default priority levels are assigned according to recommendations in the IEEE 802.1p standard as shown in the following table. TABLE 4-21 IEEE 802.
Example The following example shows how to map COS values 0, 1 and 2 to COS priority queue 0, value 3 to COS priority queue 1, values 4 and 5 to COS priority queue 2, and values 6 and 7 to COS priority queue 3: Console(config)#interface ethernet Console(config-if)#queue cos-map 0 Console(config-if)#queue cos-map 1 Console(config-if)#queue cos-map 2 Console(config-if)#queue cos-map 3 Console(config-if)# SNP1 0 1 2 3 4 5 6 7 Related Commands show queue cos-map (4-156) 4.3.15.
Example Console#show queue bandwidth Queue ID Weight -------- -----0 16 1 64 2 128 3 240 Console# 4.3.15.5 show queue cos-map Use this command to show the class-of-service priority map.
Example Console#show queue cos-map ethernet SNP11 Information of SNP11 Queue ID Traffic class -------- ------------0 1 2 1 0 3 2 4 5 3 6 7 Console# 4.3.15.6 map ip precedence (Global Configuration) Use this command to enable IP precedence mapping (IP Type of Service). Use the no form to disable IP precedence mapping.
Example The following example shows how to enable IP precedence mapping globally: Console(config)#map ip precedence Console(config)# 4.3.15.7 map ip precedence (Interface Configuration) Use this command to set IP precedence priority (IP Type of Service priority). Use the no form to restore the default table. Syntax map ip precedence ip-precedence-value cos cos-value no map ip precedence precedence-value – 3-bit precedence value.
Example The following example shows how to map IP precedence value 1 to COS value 0: Console(config)#interface ethernet SNP5 Console(config-if)#map ip precedence 1 cos 0 Console(config-if)# 4.3.15.8 map ip dscp (Global Configuration) Use this command to enable IP DSCP mapping (Differentiated Services Code Point mapping). Use the no form to disable IP DSCP mapping.
4.3.15.9 map ip dscp (Interface Configuration) Use this command to set IP DSCP priority (Differentiated Services Code Point priority). Use the no form to restore the default table. Syntax map ip dscp dscp-value cos cos-value no map ip dscp ■ dscp-value – 8-bit DSCP value. (Range: 0-255) ■ cos-value – Class-of-Service value (Range: 0-7) Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not specified are mapped to COS value 0.
■ DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802.1p standard, and then mapped to the queue defaults. ■ Mapping specific values for DSCP is implemented as an interface configuration command, but any changes apply to all interfaces on the switch. Example The following example shows how to map IP DSCP value 1 to COS value 0: Console(config)#interface ethernet SNP5 Console(config-if)#map ip dscp 1 cos 0 Console(config-if)# 4.3.15.
Example Console#show map ip precedence ethernet SNP5 Precedence mapping status: disabled Port ----------SNP5 SNP5 SNP5 SNP5 SNP5 SNP5 SNP5 SNP5 Console# Precedence COS ---------- --0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 Related Commands map ip precedence (Global Configuration) (4-157) map ip precedence (Interface Configuration) (4-158) 4.3.15.11 show map ip dscp Use this command to show the IP DSCP priority map.
Command Mode Privileged Exec Example Console#show map ip dscp ethernet SNP1 DSCP mapping status: disabled Port DSCP COS ----------- ---- --SNP1 0 0 SNP1 1 0 SNP1 2 0 SNP1 3 0 . . .
4.3.16 Mirror Port Commands This section describes how to mirror traffic from a source port to a target port. TABLE 4-23 4.3.16.1 Mirror Port Commands Command Function Mode Page port monitor Configures a mirror session IC 4-164 show port monitor Shows the configuration for a mirror port PE 4-165 port monitor Use this command to configure a mirror session. Use the no form to clear a mirror session. It is only possible to monitor one port on the switch at a time.
Command Mode Interface Configuration (Ethernet, destination port) Command Usage ■ You can mirror traffic from a source port to a destination port for real-time analysis. You can then attach a logic analyzer or RMON probe to the destination port and study the traffic crossing the source port in a completely unobtrusive manner. ■ The destination port is set by specifying an Ethernet interface.
Command Mode Privileged Exec Command Usage This command displays the currently configured source port, destination port, and mirror mode (RX, TX, RX/TX).
aggregated links. For example, an aggregated link consisting of two 1000 Mbit/sec ports can support an aggregate bandwidth of 4 Gbit/sec when operating at full duplex.
Syntax channel-group channel-id no channel-group channel-id – The port-channel index (Range: 1-6) Default Setting The current port will be added to this aggregated link. Command Mode Interface Configuration (Ethernet) Command Usage ■ When configuring static aggregated links, you can only link switches of the same type. ■ Use no channel-group to remove a port group from an aggregated link. ■ Use no interfaces port-channel to remove an aggregated link from the switch.
Syntax lacp no lacp Default Setting Enabled Command Mode Interface Configuration (Ethernet) Command Usage ■ The ports on both ends of an aggregated link must be configured for full duplex, either by forced mode or auto-negotiation. ■ An aggregated link formed with another switch using LACP will automatically be assigned the next available port-channel ID. ■ If the target switch has also enabled LACP on the connected ports, the aggregated link will be activated automatically.
Example The following shows LACP enabled on ports NETP0 to NETP2. Because LACP has also been enabled on the ports at the other end of the links, the show interfaces status port-channel 1 command shows that port-channel 1 has been established.
APPENDIX A Management Information Base An SNMP management station can configure and monitor network devices by setting or reading device variables specified in the Management Information Base (MIB). The key MIB groups supported by the switch are listed in this appendix. Also, note that specific MIB variables used for each configuration task are listed in Chapter 3, “General Management of the Switch.” This appendix contains the following sections: ■ Section A.1, “Supported MIBs” on page A-2 ■ Section A.
A.1 Supported MIBs The standard MIBs are listed in the following table. A-2 TABLE A-1 Supported MIBs RFC No.
The Sun private enterprise MIB is listed below. TABLE A-2 A.2 Sun Private Enterprise MIB Title Version CSSP.MIB 01.00.00 Supported Traps SNMP traps supported include the following items: TABLE A-3 SNMP Traps RFC No.
A-4 Sun Fire B1600 Blade System Chassis Switch Administration Guide • June 2003
APPENDIX B Troubleshooting If you are having problems connecting to the network, check your network cabling to ensure that the device in question is properly connected to the network. Then see “Diagnosing Switch Indicators” on page B-2 to verify that the corresponding port on the switch is functioning properly. If you are having problems connecting to the management interface, see the troubleshooting chart under “Accessing the Management Interface” on page B-2.
B.1 Diagnosing Switch Indicators If you have a connected a device to a port on the switch, but the Link LED is off, then check the following items: ■ Be sure the cable is plugged into both the switch and corresponding device. ■ Verify that the proper cable type is used and its length does not exceed specified limits. ■ Check the adapter on the connected device and cable connections for possible defects. Replace the defective adapter or cable if necessary.
■ Check that you have a valid network connection to the switch and that the port you are using has not been disabled. See “Port Configuration” on page 3-96. ■ If there are only Layer 2 switches between the management station and system chassis, make sure that: ■ ■ ■ The switch’s management VLAN is configured with a valid IP address and subnet mask. ■ The management station has an IP address in the same subnet as the management VLAN.
B.4 Using System Logs If a fault does occur, refer to the other manuals for the system chassis to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: 1. Enable logging. 2. Set the error messages reported to include all categories. 3. Designate the SNMP host that is to receive the error messages. 4. Repeat the sequence of commands or other actions that lead up to the error. 5.
TABLE B-1 Log Messages Level3 Message Description Trunk 1 link-down notification Aggregated link down 6 VLAN link up 6 VLAN XX link-down notification VLAN link down 6 Authentication failure notification SNMP access authentication failure 6 STA root change notification STA root change 6 STA topology change notification STA topology change 6 RMON rising alarm notification RMON rising alarm 6 RMON falling alarm notification RMON falling alarm 6 VLAN XX2 link-up notification 1 Indi
B.5.2 System Errors The key error messages generated by the switch are listed in the following table. To control the message levels issued by the switch, see “logging history” on page 4-35. TABLE B-2 System Error Messages Level3 Message Description module1 create task fail. Specified software module cannot create the task. 2 module task idle too long. Specified software module stayed in idle state too long. 2 Allocate string2 memory fail. Allocate memory failed for specified String.
TABLE B-3 Command Line Error Messages (Continued) Message Description Failed to get string Show command failed. Failed to set string Configuration command failed. Failed to write certificate file to flash. Certificate file has an error, private key file error (such as incorrect pass phrase), or private key does not match the certificate public key. Incomplete command. Incomplete command. Insufficient memory. Not enough memory. Insufficient memory to display or save running config.
TABLE B-3 Command Line Error Messages (Continued) Message Description This command for console only. Line mode (vty) can not use console parameter commands. This command is only valid for adding a single port to a an aggregated link. Only one port can be added to an aggregated link with this command. This command is only valid for the name of a single port. When setting the port description, multi-port selection is not accepted. This command is not supported for management port in current release.
B.5.4 Web Interface Errors The error messages generated by this switch for the Web interface are listed in the following table. Note that these messages are not written to the log file. TABLE B-4 Web Interface Error Messages Menu Message Description Switch Setup System Identity User privileges are not enough to perform this operation. Privileges insufficient. Network Identity Current IP Address Mode is not DHCP or BOOTP. When restarting DHCP, the switch must be in DHCP or BOOTP mode.
TABLE B-4 Menu Security VLAN B-10 Web Interface Error Messages (Continued) Message Description Data is invalid. General error. Illegal SNMP trap IP address. Illegal IP address format. Please select a Community String. Select a community string to remove. Please type a Community String. Type a community string to add. Trap Manager table is full or data is invalid. Trap Manager table is full or data is invalid User privileges are not enough to perform this operation. Privileges insufficient.
TABLE B-4 Web Interface Error Messages (Continued) Menu Membership Message Description Data is invalid General error. User privileges are not enough to perform this operation. Privileges insufficient. Data is invalid. General error. User privileges are not enough to perform this operation. Privileges insufficient. Broadcast & Multicast Broadcast Parameters Threshold is out of range. Maximum broadcast storm threshold level exceeded. User privileges are not enough to perform this operation.
TABLE B-4 Web Interface Error Messages (Continued) Menu Advanced Configuration Message Description Data is invalid. General error. User privileges are not enough to perform this operation. Privileges insufficient. Cos Value is out of range. CoS Value is out of range. Data is invalid. General error. Priority is out of range. Priority is out of range. Queue weight must be in a order of Q0<=Q1<=Q2<=Q3 Invalid Queue weight. Traffic Class is out of range. Traffic Class is out of range.
TABLE B-4 Web Interface Error Messages (Continued) Menu VLANs Address Filtering Spanning Tree Config Port Message Description Cannot set aggregated link status. Cannot enable LACP for a static member of an aggregated link. Data is invalid. General error. User privileges are not enough to perform this operation. Privileges insufficient. Data is invalid. General error. Please enter a valid PVID. PVID is invalid. Select a correct one. Please enter a valid timer. Timer is invalid.
TABLE B-4 Web Interface Error Messages (Continued) Menu Message Packet Filtering User privileges are not enough to perform this operation. Description Privileges insufficient. Monitoring Port Mirroring Logs B-14 Data is invalid. General error. User privileges are not enough to perform this operation. Privileges insufficient. Data is invalid. General error. User privileges are not enough to perform this operation. Privileges insufficient.
APPENDIX C Specifications This appendix contains the following sections: ■ Section C.1, “Switch Architecture” on page C-2 ■ Section C.2, “Management Features” on page C-3 ■ Section C.3, “Physical” on page C-3 ■ Section C.4, “Power” on page C-4 ■ Section C.5, “Environmental” on page C-4 ■ Section C.
C.
C.2 Management Features TABLE C-2 C.
C.4 Power TABLE C-4 C.5 Item Specifications Operating Voltage +12 VDC Maximum Current 5.2 A Power Consumption 62 Watts maximum Heat Dissipation 211 BTU/hr maximum Environmental TABLE C-5 C.6 Environmental Specifications Item Specifications Temperature • Operating: 5 to 45 ˚C (41 to 113 ˚F) • Storage: -40 to 70 ˚C (-40 to 158 ˚F) Humidity Operating: 10% to 90% (non-condensing) Standards TABLE C-6 C-4 Power Specifications Supported Standards Standard Description IEEE 802.
TABLE C-6 Supported Standards (Continued) Standard Description IEEE 802.3x full-duplex flow control (ISO/IEC 8802-3) IEEE 802.
C-6 Sun Fire B1600 Blade System Chassis Switch Administration Guide • June 2003
Glossary 10BASE-T IEEE 802.3 specification for 10 Mbit/sec Ethernet over two pairs of Category 3, 4, or 5 UTP cable. 100BASE-TX IEEE 802.3u specification for 100 Mbit/sec Fast Ethernet over two pairs of Category 5 UTP cable. 1000BASE-T IEEE 802.3ab specification for Gigabit Ethernet over two pairs of Category 5, 5e 100-ohm UTP cable. 1000BASE-X IEEE 802.3 shorthand term for any 1000 Mbit/sec Gigabit Ethernet based on 8B/10B signaling.
Dynamic Host Control Protocol (DHCP) End Station Ethernet A workstation, server, or other device that does not act as a network interconnection. A network communication system developed and standardized by DEC, Intel, and Xerox, using baseband transmission, CSMA/CD access, logical bus topology, and coaxial cable. The successor IEEE 802.
IEEE 802.1w IEEE 802.3 An IEEE standard for the Rapid Spanning Tree Protocol (RSTP) which is designed to supersede IEEE 802.1D. RSTP provides considerably faster convergence for topology changes. Defines carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications. IEEE 802.3ab Defines CSMA/CD access method and physical layer specifications for 1000BASE-T Fast Ethernet. IEEE 802.3ac Defines frame extensions for VLAN tagging. IEEE 802.
Layer 2 Data Link layer in the ISO 7-Layer Data Communications Protocol. This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses. Layer 3 Network layer in the ISO 7-Layer Data Communications Protocol. This layer handles the routing functions for data moving from one open system to another.
Shielded Twisted Pair (STP) Cable Simple Network Management Protocol (SNMP) Spanning Tree Protocol (STP) Switched Ports Terminal Access Controller Access Control System (TACACS) Telnet Transmission Control Protocol/Internet Protocol (TCP/IP) Trivial File Transfer Protocol (TFTP) Unshielded Twisted Pair (UTP) Cable Twisted-pair wire covered with an external aluminum-foil or woven copper shield designed to reduce excessive noise pick up or radiation.
Glossary-6 Sun Fire™ B1600 Blade System Chassis Switch Administration Guide • April 2003
Index A D acceptable frame types, 3-114, 4-124 address table, 3-92, 4-100 aging time, 3-94, 4-101 aggregated links, 4-166 aging time, 3-94, 4-101 DHCP, 3-16, 4-71 client identifier, 3-12, 4-72 Differentiated Services Code Point See DSCP down-link ports, 1-4 downloading software, 3-21, 4-20 DSCP, 3-90, 4-159 B BOOTP, 3-16, 4-71 broadcast storm port setting, 3-103, 4-91 threshold, 3-67, 4-91 C Class of Service See CoS CLI, 4-2 command-line interface See CLI community string, 2-3, 3-34, 4-55 configuratio
description, 3-40 global setting, 3-45, 4-135 interface configuration, 3-115, 4-132 I IEEE 802.1D, 3-70, 4-106 IEEE 802.
traps, supported, A-3 version, 2-3, 3-36, 4-58 software downloads, 3-21, 4-20 software version, displaying, 3-18, 4-44 Spanning Tree Algorithm See STA Spanning Tree Protocol See STP specifications, C-1 SSC, 0-xix, 1-1, 1-3 STA, 3-70, 4-105, 4-106 configuring interfaces, 3-129, 4-105 description, 3-70 edge port, 3-126, 3-130, 4-115 interface settings, 3-125, 4-118 link type, 3-126, 3-130, 4-117 path cost, 3-125, 3-129 priority, 3-125, 3-129, 4-114 protocol migration, 3-132, 4-116 startup configuration file,
Index-4 Sun Fire™ B1600 Blade System Chassis Switch Administration Guide • January 2003