Nokia ESB26 User Manual Download

Page: 1 / 421

2004 by Nokia

Nokia

ESB26 GigabitEthernet Switch

User Guide

Summary of Contents for ESB26

Page 1: ... 2004 by Nokia Nokia ESB26 GigabitEthernet Switch User Guide ...

Page 2: ...Document History I S S U E D A T E I S S U E D C O M M E N T S MN700004 Rev 01 15 Jan 2004 First draft ...

Page 3: ...NECTION 20 INTRODUCTION 20 CONFIGURING A TELNET SESSION 20 SWITCHING BETWEEN SESSIONS 24 4 USER PRIVILEGE LEVELS 25 INTRODUCTION 25 SUPPORTED STANDARDS MIBS AND RFCS 27 DEFAULT USER PRIVILEGE LEVELS CONFIGURATION 27 CONFIGURING AND DISPLAYING USER PRIVILEGES 27 5 ETHERNET INTERFACE CONFIGURATION 30 INTRODUCTION 30 SUPPORTED STANDARDS MIBS AND RFCS 31 DEFAULT FAST AND GIGA ETHERNET PORTS CONFIGURAT...

Page 4: ... TREE PROTOCOL STP 110 INTRODUCTION 110 CONFIGURING AND DEBUGGING STP 110 DISPLAYING PORT SPANNING TREE TOPOLOGY SETTINGS 117 13 RAPID SPANNING TREE PROTOCOL RSTP 121 INTRODUCTION 121 SELECTION OF THE ROOT BRIDGE AND ROOT PORT 122 SELECTION OF THE DESIGNATED BRIDGE AND DESIGNATED PORT 122 CHANGING PORT STATES 123 CONFIGURING AND DEBUGGING RSTP 124 DISPLAYING PORT RAPID SPANNING TREE TOPOLOGY SETTI...

Page 5: ...E 242 20 IGMP SNOOPING 243 INTRODUCTION 243 JOINING A MULTICAST GROUP 243 LEAVING A MULTICAST GROUP 243 IMMEDIATE LEAVE PROCESSING 244 IGMP SNOOPING COMMANDS 244 21 MULTICAST VLAN REGISTRATION MVR 255 INTRODUCTION 255 DESCRIPTION OF COMMANDS 256 22 TRANSPARENT LAN SERVICES TLS 265 INTRODUCTION 265 FEATURE OVERVIEW 265 SUPPORTED STANDARDS MIBS AND RFCS 266 PREREQUISITES 267 DEFAULT TLS CONFIGURATIO...

Page 6: ...SING WATCHDOG MODE 337 CONFIGURING THE RESET LOOP DETECTION FEATURE 338 CONFIGURING THE SNMP REQUEST FAILURE DETECTION FEATURE 339 CONFIGURING THE APPLICATION SUSPENSION DETECTION FEATURE 340 DISPLAYING THE WATCHDOG CONFIGURATION 341 31 NTP CLIENT DESCRIPTION 342 INTRODUCTION 342 THE NTP TIMESERVER COMMANDS 342 WHY USE NTP PROTOCOL 343 CONFIGURING AND DISPLAYING NTP SERVER SETTINGS 343 MD5 AUTHENT...

Page 7: ... BIST 378 BIST COMMANDS 379 36 DIAGNOSTIC TESTS 382 ESB26 DIAGNOSTICS RELATED COMMANDS 382 THE DIAGNOSTICS RELATED COMMANDS 382 37 DNS RESOLVER 390 INTRODUCTION 390 FEATURE OVERVIEW 390 SUPPORTED STANDARDS MIBS AND RFCS 391 DEFAULT DNS RESOLVER CONFIGURATION 392 CONFIGURING AND DISPLAYING DNS RESOLVER 392 CONFIGURATION EXAMPLE 393 RELATED COMMANDS 393 APPENDIX LOADER SYSLOADER AND DUAL BOOT I OVER...

Page 8: ...Guide The syntax of CLI command lines explained in Basic CLI Operating Conventions and the further topics and discussed throughout this guide is represented by the following general format device name keyword s parameter s keyword s parameter s OR device name config keyword s parameter s keyword s parameter s where The angle bracket is the CLI prompt symbol in View mode The pound symbol is the CLI...

Page 9: ...be used in this guide to enclose selectable entities for the purpose of clarification Acronyms Used in This Guide L3 OSI Layer 3 requirements DHCP Dynamic host configuration protocol Downlink The Ethernet links connecting to equipment that perform host data processing GARP Generic Attribute Registration Protocol GMRP Group Multicast Registration Protocol GVRP GARP VLAN Registration Protocol MAC Me...

Page 10: ... Multiple Spanning Tree Protocol IEEE 802 1s QoS Quality of Service IGMP snooping to control IP multicast traffic GMRP GARP Multicast Registration Protocol GVRP GARP VLAN Registration Protocol MVR Multicast VLAN Registration Console CLI Command line Interface connection Telnet CLI connection SNMP Simple Network Management Protocol v1 v2c and v3 support RMON Remote Monitoring Traffic mirroring for ...

Page 11: ...zation measurement Inform requests for SNMPv2c MAC address per port in BPDU for xSTP Enhanced DHCP boot process Startup configuration integrity check Option to save downloaded file to the internal Flash memory Image file upload Enhanced password security passwords are saved in the internal Flash memory and not in the running config startup or script files Cable crossover support ...

Page 12: ...ase T ports in gigabit mode while the other runs in 100Mbit mode The intended use of the ESB26 is to collect the Ethernet links of different computer units and preprocessor units of DX200 based network elements and allow access to them from the upper levels The ESB26 can be used in all M98F DX200 based network elements The ESB26 can be assembled into a place of ESB20 ESB20 A by using the existing ...

Page 13: ...550s or ESB26s Figure 1 1 Example of Operational Environment for the ESB26 with L2 OSRs OSR OSR IPET IPET IPET IPET TGSU TGSU IPET cabinet IPET cabinet Legend Forwarding Blocked VLANs Rapid STP 3550 3550 3550 3550 3550 3550 ESB26 ESB26 ESB26 ESB26 ESB26 ESB26 ESB26 ESB26 ESB26 ESB26 ESB26 ESB26 Rapid STP OSRs used as L3 devices Cisco 3550s or ESB26s possible with L3 software Cisco 3550s or ESB26s ...

Page 14: ...d Switching Characteristics Bridging Address table Forwarding Rate Internal Bandwidth max Buffers Memory Priority Queuing Virtual LAN Per IEEE 802 1d 802 1w 802 1s spanning tree 16 K MAC address per switch 148 800 packets per second maximum for 100Base ports 1 488 000 packets per second maximum for 1000Base ports 5 3 Gbps Full Duplex 32 Mbytes 8 Queues per port provides CoS per 802 1p Port Based V...

Page 15: ...during power up and in faulty condition Blinking orange when no image software is loaded Off power is off Physical Characteristics Dimensions 233 4x220mm with PCB thickness of 1 6mm and spacing of 20 34mm 4T Supported chassis models CC3C ACC4C ACM2C ALASWC AIPETC A Environmental Characteristics Operating Temperature According to Nokia Environmental Specification Commercial Range 0 70 C Humidity Co...

Page 16: ...inutes GVRP disabled GMRP disabled SSH disabled LACP disabled LAN ports status enabled Port auto negotiation enabled Port mirroring disabled VLANs disabled Rapid STP disabled DHCP enabled Hot Swap The card can be inserted and removed while power is applied to the IPA2800 chassis Before removing the card press the Reset button twice within two seconds This will disconnect power from the card for 20...

Page 17: ...nd how to perform basic switch operations Unpacking After unpacking Verify that the ESB26 unit has not been damaged during shipment It is recommended that you keep the shipping package until the unit has been installed and verified as being fully operational As all electronic devices with static sensitive components ESB26 should be handled with care Front Panel SER1 OPR RST ETH2 ETH1 Operation ind...

Page 18: ... Pin 4 Using the CLI to Configure the Switch The configuration program uses a CLI Command Line Interface that enables you to start using the switch quickly and without extensive background knowledge It does this by prompting you for the information required to perform basic configuration procedures Using the CLI you will be able to do the following Establish host names and interfaces Enable transp...

Page 19: ...er on the unit After a few seconds the following is displayed on the terminal screen Press any key to stop auto boot 0 Verifying validity of primary application OK Start primary application BUILT IN SELF TEST CPU Core Test Passed CPU Notify RAM Test Passed CPU Interface Test Passed Testing Switch Core Passed On board Power Test Passed N O K I A Switch model NOKIA ESB26 SW version 3 2 89 ER created...

Page 20: ...y initiates CLI commands Based on user input the CLI returns various data in response You type all commands on one line and then press Enter The CLI response is displayed on your screen You can use abbreviated commands provided they are unique For example enter the letters sho for the show command Certain commands display multiple screens with this prompt at the bottom of the screen More Press on ...

Page 21: ... Tab Use command line completion by pressing the Tab key Typing at the beginning of the line generates a list of available commands Typing at any point within the line will show possible completions CLI Modes There are several CLI modes and associated prompt levels The prompt is the string that appears after the host name ESB26 by default The following are the main CLI modes View Mode user level T...

Page 22: ...vice name cfg protocol indicates that you are in the Configure Protocol mode To access Configure mode from Privileged mode use the configure terminal command Startup Modes There are also two separate special startup modes called Loader and Sysloader They are designed mainly for techical support purposes and are not user configurable Both of them are covered in detail in the Appendix Messages Sever...

Page 23: ...e Command History A memory buffer in the ESB26 retains the last 20 commands you entered Using Telnet Any workstation with a telnet facility should be able to communicate with the ESB26 over a TCP IP network Up to five active telnet sessions can access the ESB26 concurrently The telnet session will be disconnected after a specified time of inactivity Before you can start a telnet session you must s...

Page 24: ...he IP address use the following command in Global Configuration mode Command Syntax device name config ip address A1 B1 C1 D1 M A2 B2 C2 D2 dhcp A3 B3 C3 D3 Argument Description A1 B1 C1 D1 IP address of the configured IP interface M Subnet mask of the configured IP interface in the range 1 30 A2 B2 C2 D2 Subnet mask of the configured IP interface dhcp Use dhcp client A3 B3 C3 D3 Request IP addres...

Page 25: ...00 1 1 1 The default gateway IP address is 100 1 1 1 in network 100 1 0 0 General Commands Table 2 3 shows the commands you can use at all times regardless of the type of prompt displayed Table 2 3 General Commands exit Escape current mode and go to previous mode help Display help information no Negate a command or set its defaults quit Escape current mode and go to previous mode View Mode and Pri...

Page 26: ...d is available only in Privileged mode session Telnet session commands the command is available only in Privileged mode show Shows running system information telnet Start telnet client the command is available only in Privileged mode terminal Terminal configuration setup ping Sends ICMP echo messages the command is available only in Privileged mode traceroute Trace routing path the command is avai...

Page 27: ...d Enable mode specifies the number of lines the CLI displays in response to a command before displaying the More string Command Syntax device name terminal length show ip The show ip command in View or Privileged Enable mode displays the IP address of the ESB26 and its subnet mask Command Syntax device name show ip Example device name show ip IP ADDR 212 29 220 136 NET MASK 255 255 255 192 device ...

Page 28: ...ceroute request can be received default is 2 seconds ping The ping command in Privileged Enable mode allows to ping a unit Command Syntax device name ping A B C D NUMBER TIMEOUT DELAY LENGTH Argument Description A B C D The destination IP address NUMBER Number of echo packets to send default 5 TIMEOUT Wait for response in seconds default 2 seconds DELAY Delay between packets in seconds default imm...

Page 29: ...into the global Configuration mode device name config Configuration Command Types Configuration commands are categorized as follows Global configuration commands Defines system wide parameters Interface configuration commands Defines the characteristics of an interface for example a Serial or Ethernet interface To access these commands use the interface command in global Configuration mode Line su...

Page 30: ...vice name Line VTY Configuration Configures the VTY sub mode to allow accessing the ESB26 via telnet config VTY Interface Configuration Configures interface ports or port groups config if 1 1 1 or config if group VLAN Configuration Configures Virtual LANs VLANs config vlan Protocol Configuration Configures protocols cfg protocol Resilient Link Configuration Configures resilient links config resil ...

Page 31: ...ddition you can use telnet from the switch to access other devices in the network To open the telnet session you must specify the IP address of the device that you want to manage For more information see Configuring the Device s IP Parameters Once the connection is established you will be prompted to log in VT100 emulation and VT100 keys must be used Any workstation with a telnet facility should b...

Page 32: ...ress of the remote host PORT Optional The port at which the remote service is running in range 1 65535 The default value for telnet service is 23 session The session command in Privileged Enable mode displays the session indexes of all the open sessions The session number can be used for terminating the session Command Syntax device name session Example device name session your current session is ...

Page 33: ...the switch The following session types will be displayed Console Telnet SSH RADIUS Command Syntax device name who Example device name who Codes current session configuring vty on console connected on console vty on telnet 1 connected from 10 2 71 137 telnet The telnet command in Global Configuration mode disables or enables telnet connections to the switch The stop parameter disables all telnet co...

Page 34: ...tion timeout value The switch logs out when the connection timeout time expires The default timeout value is 10 minutes A timeout value of zero disables timeout disconnection equivalent to unlimited The no form of this command restores the default 10 minutes timeout value If the command is configured without parameters it will display the current timeout value Command Syntax device name config vty...

Page 35: ... Shift SESSION NUMBER or Ctrl Example device name telnet 192 0 103 13 connecting to 192 0 103 13 current session is 6 red hat linux release 7 1 seawolf kernel 2 4 2 2 on an i686 login xxxx password last login thu mar 7 11 20 42 from 192 0 103 1 xxxx io xxxx device name config ctrl shift 4 choose session to switch to the current session is 4 your sessions are 4 ...

Page 36: ...ce Numbering shows the levels priority only and is not used in the CLI The default privilege level assigned to users is level 0 highest privilege NOTE Users names passwords and privileges are stored in the internal flash memory so they protected from interruptions in switch s power supply For safety reasons the passwords cannot be retrieved in any human readable form Table 4 1 shows the CLI privil...

Page 37: ...authentication The example refers only to freeRADIUS server authentication The format may be different for other distributions of RADIUS server In general privilege levels are vendor specific attributes and are between 0 and 15 Users without privilege or wrong privilege are assigned privilege Guest 1 To describe Nokia vendor specific extensions add a file with the name dictionary nokia to RADIUS d...

Page 38: ...ion Table 4 2 User Privilege Level Default Configuration P a r a m e t e r D e f a u l t V a l u e User privilege level for local users Administrator 0 User privilege level for RADIUS users Guest 15 Configuring and Displaying User Privileges Table 4 3 lists the user privilege configuration and display commands Table 4 3 User Privilege Commands C o m m a n d D e s c r i p t i o n username Establish...

Page 39: ...ssword again for confirmation Type the password again for confirmation group Sets the privilege group for the user If the group option is not used the user will be assigned Administrators privilege administrators Assigns the user group Administrators privilege with full read write privilege without restrictions net admins technicians Assigns the user group Net admins privilege with read write priv...

Page 40: ...sers configured on the device that have lower or same user privileges as the current user This means that only users with Administrator privilege can see all other users Command Syntax device name show users Example device name show users how users Local users Username JohnSmith Privilege Administrator Username AnnKay Privilege Guest Username JoeBlack Privilege Network Admin Total users 3 device n...

Page 41: ...n connect to a single workstation or server or to a hub through which workstations or servers connect to the network When stations on different ports need to communicate the switch forwards frames from one port to the other at wire speed to ensure that each session receives the full available bandwidth To switch frames between ports efficiently the switch maintains an address table When a frame en...

Page 42: ...b RFCs RFC 1213 Management Information Base for Network Management of TCP IP based internets MIB II Default Fast and Giga Ethernet Ports Configuration Table 5 1 shows the default Fast Ethernet and Giga Ethernet Ports configuration Table 5 1 Fast Ethernet and Giga Ethernet Ports Default Configuration P a r a m e t e r D e f a u l t V a l u e Interface state Enabled Port name None Backpressure mode ...

Page 43: ... Ethernet or Giga Ethernet port to facilitate switch administration duplex speed Specifies the port speed backpressure Changes the backpressure mode flow control Changes the flow control mode default vlan Changes the default VLAN PVID of the configured interface remote fault detect Enables remote fault detection on the configured interface that is connected to a 100Base Fiber pair Not relevant for...

Page 44: ...d by commas range is indicated with hyphen e g 1 1 1 1 1 2 1 1 6 Entering Interface Group Configuration mode is indicated by the command prompt changing to config if group agXX Link aggregation interface s name e g ag01 Example 1 Accessing Interface Configuration mode for interface 1 1 2 device name config interface 1 1 2 device name config if 1 1 2 device name config Example 2 Specifying a range ...

Page 45: ...sover detection allows the switch port to automatically detect transmit and receive polarity of the Ethernet cable e g the type of the cable is irrelevant By default the switch is configured to use auto negotiation to determine the port speed and duplex setting for each port except for the Fast Ethernet Fiber ports that are set to Full 100 You can manually configure the duplex setting and the spee...

Page 46: ...Setting the Flow Control Mode The flow control command in Interface Configuration mode changes the flow control mode Flow control is a technique for ensuring that a transmitting port does not send too much data to a receiving port at a given time If a buffer on a port runs out of space the port transmits a special packet that requests remote ports to delay sending packets for a period of time The ...

Page 47: ...s enabled on such an interface the switch indicates link down on the port if the remote peer detects link down NOTE The remote fault detect command is available only on 100Base Fiber ports Not relevant for ESB26 Command Syntax device name config if UU SS PP remote fault detect device name config if UU SS PP no remote fault detect Setting Crossover Detection The crossover command in Interface Confi...

Page 48: ...o mdi mdix device name config if UU SS PP no crossover Argument Description auto Sets automatic crossover detection on the port mdi Sets the manually port to MDI Medium Dependent Interface mdix Sets the manually port to MDIX MDI crossover Displaying the Interface Settings and Statistics Table 5 4 lists the Fast Ethernet and Giga Ethernet Ports displaying commands Table 5 4 Fast Ethernet and Giga E...

Page 49: ...sable 0001 1 1 8 eth enable down unknown disable disable 0001 Example 2 The following example displays the settings of a specific interface device name show interface 1 1 8 Name Type 100BaseTX L3 EnableState enable Link up Duplex speed mode autonegotiate Duplex speed status full 100 Flow control mode disable Flow control status disable Backpressure disable Broadcast limit unlimited Default VLAN 1 ...

Page 50: ...l packets that are not forwarded to the switching core for transmission This counter should reflect all the data octets received on the line For oversized packets when they exceed the allocated buffer size only buffer size bytes are counted and all the rest of the bytes are not Collisions This counter is incremented once for every received packet when a Collision Event has been detected Broadcast ...

Page 51: ...e for every received and transmitted packet that is 64 bytes in size This counter includes rejected received and transmitted packets In OutPkts 65 127 This counter is incremented once for every received and transmitted packet that is 65 to 127 bytes in size This counter includes rejected received and transmitted packets In OutPkts 128 255 This counter is incremented once for every received and tra...

Page 52: ...packets that are not forwarded to the switching core for transmission This counter should reflect all the data octets received on the line For oversized packets the exceeded allocated buffer size only buffer size bytes are counted and all the rest of the bytes are not InUcastPkts This counter is incremented once for every good unicast packet not including Multicast and Broadcast packets received I...

Page 53: ...ce Configuration mode clears the statistics of the configured port If you specify the keyword all the command clears the statistics of all the ports Command Syntax device name config if UU SS PP reset all Argument Description all Optional Clears the statistics of all the ports Clearing All Ports Statistics The clear interface statistics command in Privileged Enable mode clears the statistics of al...

Page 54: ...witch SNMP management SNMP traps and informs Ping to the switch TFTP download or upload Outgoing Syslog messages By default management of the switch is accessible through all ports Also all outgoing management packets are with highest priority 7 when port is tagged NOTE You can also disable management on a VLAN by the management command in VLAN Configuration mode Management traffic on a VLAN is al...

Page 55: ...ement Management ports 1 1 2 1 1 5 Related Commands Table 5 9 shows the commands related to Fast and Giga Ethernet port configuration Table 5 9 Fast and Giga Ethernet Port Configuration Related Commands C o m m a n d D e s c r i p t i o n D e s c r i b e d i n add ports default Sets PVID of specified port s Commands to Configure VLAN Settings add ports default management Controls access to switch ...

Page 56: ... trap message to the Simple Network Management Protocol SNMP manager The port s behavior depends on the configuration that determines its response to a security violation Configuring and Displaying Port Security Settings Table 6 1 Port Security Commands C o m m a n d D e s c r i p t i o n port security Enables port security on the configured interface show port security Displays the port security ...

Page 57: ...e 2 By default port security is disabled When port security is enabled the default action is to generate an SNMP trap show port security The show port security command in Privileged Enable mode displays the security status of the specified port as configured by the port security command described below If the argument is not specified the security status of all ports configured with the command is...

Page 58: ...lic v1 device name config snmp server target addr MyHost 9 0 0 0 162 MyParam tag1 NOTE The snmp server notify command is repeated for each trap type Refer to the Configuring and Displaying the SNMP Server Settings section for details The trap type is represented by the NOTIFY NAME character string and a tag that has the same name as the notify name Next configure the port to learn a maximum of 3 M...

Page 59: ...0b f8 1 1 3 dynamic 0 Finally check the port security definitions device name show port security 1 1 2 Depending on previous settings the screen should display results as follows The port is secured Action on security violation send a trap Max secured addresses 3 Current secured addresses 3 ...

Page 60: ...it by aggregating multiple Mega ports see the example in Figure 7 1 Figure 7 1 Four Ports Combined into a Link Aggregation Group The Link Aggregation Control Protocol LACP ensures smooth and steady traffic flow by automating the configuration re configuration and maintenance of aggregated links The LACP feature dynamically adapts aggregated links to changes in traffic conditions Load sharing is ma...

Page 61: ...ation also provides intermediate data rate levels between the standard data rates of 10 Mbps 100 Mbps and 1000 Mbps as well as rates beyond 1000 Mbps if required Increased availability If a link within a LAG fails or is replaced the traffic is not disrupted and communication is maintained even though the available capacity is reduced Load sharing Traffic is distributed across multiple links minimi...

Page 62: ...e limitation prevents all compatible ports from aggregating When enabled LACP always tries to configure the maximum number of compatible ports in a LAG up to the maximum allowed by the hardware If LACP is unable to aggregate all the ports that are compatible for example the remote system might have more restrictive hardware limitations then all the ports that cannot be actively included in the LAG...

Page 63: ... 00 00 00 01 12 05 1 1 5 AG07 dynamic 0 4 0001 00 00 00 01 12 06 1 1 1 AG07 dynamic 0 5 0001 00 00 00 01 12 07 1 1 2 AG07 dynamic 0 6 0001 00 00 00 01 12 08 1 1 3 AG07 dynamic 0 7 0001 00 00 00 01 12 09 1 1 4 AG07 dynamic 0 8 0001 00 00 00 01 12 0a 1 1 5 AG07 dynamic 0 9 0001 00 00 00 01 12 0b 1 1 1 AG07 dynamic 0 10 0001 00 00 00 01 12 0d 1 1 1 AG07 dynamic 0 11 0001 00 00 00 01 12 28 1 1 2 AG07 ...

Page 64: ...n Group operate at the same data rate e g 10 Mbps 100 Mbps or 1000 Mbps The ports that participate in a LAG must all be of the same bandwidth 10 100 BaseTx copper ports must belong to the same slot or device but need not be contiguous e g you may include ports 1 1 3 and 1 1 5 in a LAG without including port 1 1 2 When the switch is connected to a LAN and Spanning Tree protocol is not active physic...

Page 65: ... specified static aggregate specified by the LAG id number Adding a Port to a Static Link Aggregation Group The link aggregation static id command in Interface Configuration mode adds the configured interface to the specified static link aggregation group The no form of the command removes the configured interface from the static LAG to which it belongs By default static LAG is disabled NOTE The l...

Page 66: ...n mode globally enables LACP on the switch and allows configuration of global and per interface LACP parameters The link aggregation lacp disable command in Protocol Configuration mode globally disables LACP on the switch and blocks configuration of global and per interface LACP parameters By default LACP is disabled Command Syntax device name cfg protocol link aggregation lacp enable disable Argu...

Page 67: ... the configured interface is not LACP enabled the interface is configured with default argument values If the interface is LACP enabled only explicitly entered optional arguments take effect When an interface is set to LACP passive mode it will not start to exchange LACP frames until it receives such frames from the remote switch When an interface is set to LACP active mode it will send LACP frame...

Page 68: ...gregation Groups The show interface link aggregation command in Privileged Enable mode displays the link aggregation groups in the system as specified by the command arguments If no argument is specified the list includes all static and dynamic link aggregation groups NOTE The show link aggregation command replaces the show trunk command The show trunk command is also supported Command Syntax devi...

Page 69: ...ameters Command Syntax device name show link aggregation lacp Example device name show link aggregation lacp System ID 00 a0 12 02 02 02 System priority 32768 Port Mode Key Prty 1 1 1 active 3 32768 1 1 2 active 3 32768 1 1 3 active 3 32768 Configuration Examples Simple LACP Configuration The following example establishes dynamic link aggregation between two switches as shown Figure 7 2 Figure 7 2...

Page 70: ...gation lacp System ID 00 00 02 03 04 05 System priority 32768 No LAC ports configured 4 Enable LACP on interface 1 1 17 device name configure terminal device name config interface 1 1 17 device name config if 1 1 17 link aggregation lacp 5 Enable LACP on interface 1 1 20 device name config if 1 1 17 interface 1 1 20 device name config if 1 1 20 link aggregation lacp device name config if 1 1 20 en...

Page 71: ...ol link aggregation lacp enable Switch1 cfg protocol end 2 Display the LACP configuration Switch1 show link aggregation lacp System ID 00 00 02 03 04 05 System priority 32768 No LAC ports configured 3 Enable LACP on interfaces 1 1 1 1 1 2 1 1 3 1 1 4 1 1 5 and 1 1 6 Switch1 config interface 1 1 1 Switch1 config if 1 1 1 link aggregation lacp Switch1 config if 1 1 1 interface 1 1 2 Switch1 config i...

Page 72: ...itch2 cfg protocol end 2 Display the LACP configuration Switch2 show link aggregation lacp System ID 00 a0 12 05 3a 80 System priority 32768 No LAC ports configured 3 Enable LACP on interfaces 1 1 1 1 1 2 1 1 3 and 1 1 4 Switch2 configure terminal Switch2 config interface 1 1 1 Switch2 config if 1 1 1 link aggregation lacp Switch2 config if 1 1 1 interface 1 1 2 Switch2 config if 1 1 2 link aggreg...

Page 73: ...on interfaces 1 1 3 and 1 1 4 Switch3 configure terminal Switch3 config interface 1 1 3 Switch3 config if 1 1 3 link aggregation lacp Switch3 config if 1 1 3 interface 1 1 4 Switch3 config if 1 1 4 link aggregation lacp Switch3 config if 1 1 4 end 4 Display the LACP configuration Switch3 show link aggregation lacp System ID 00 a0 12 10 94 c0 System priority 32768 Port Mode Key Prty 1 1 3 active 5 ...

Page 74: ...thm to prevent the two LAGs from forming a loop For more information on the Rapid Spanning Tree algorithm see RSTP Rapid Spanning Tree Protocol The configuration of Switch2 is identical to that of Switch1 However there are differences in the display of the RSTP configuration parameters since RSTP automatically selects one switch Switch 1 in our case as the root bridge and the other switch Switch 2...

Page 75: ... 1 20 end Displaying the Configuration on Switch 1 1 Displaying the static LAG configuration Switch1 show interface link aggregation static Aggregate Type Management Name Ports AG01 static TRUNK1 1 1 1 1 1 4 AG03 static TRUNK3 1 1 17 1 1 20 2 Displaying the RSTP parameter settings and Rapid Spanning Tree topology Switch1 show rapid spanning tree Rapid spanning tree enabled ProtocolSpecification ie...

Page 76: ...e topology Switch2 show rapid spanning tree Rapid spanning tree enabled ProtocolSpecification ieee8021w Priority 32768 TimeSinceTopologyChange 4 Sec TopChanges 1 DesignatedRoot 32768 00 A0 12 11 02 A3 RootPort AG01 RootCost 10 MaxAge 20 Sec HelloTime 2 Sec ForwardDelay 15 Sec BridgeMaxAge 20 Sec BridgeHelloTime 2 Sec BridgeForwardDelay 15 Sec TxHoldCount 3 MigrationTimer 3 Sec DetectLineCRCReconfi...

Page 77: ...local monitor session is an association of a destination port with source ports and source VLANs You configure monitor sessions by using parameters that specify the source of network traffic to the monitor For example in Figure 8 1 all traffic on ports 1 1 1 1 1 2 1 1 3 1 1 4 1 1 10 and 1 1 12 is monitored by the port 1 1 13 A network analyzer on port 1 1 13 receives all network traffic from these...

Page 78: ...8 Traffic Monitoring MN700004 Rev 01 67 Figure 8 1 Example of Monitor Session Configuration on Interface Figure 8 2 Example of Monitor Session Configuration on VLANs ...

Page 79: ...ession you can monitor source port traffic such as received Rx transmitted Tx or bidirectional On the Rx the switch supports any number of source ports up to the maximum number of available ports on the switch and any number of source VLANs up to the maximum number of VLANs supported On the Tx the switch supports up to eight source ports A source port has the following characteristics It can be an...

Page 80: ... to function only when the analyzer port destination is set by the monitor session destination command in Global Configuration mode When activating a monitor session on a port list the analyzer port destination is automatically removed from all the VLANs in which it was a member and automatically added as an untagged member to all the VLANs in which the monitored ports are members When activating ...

Page 81: ...VLANs To add or delete VLANs to or from an existing traffic monitoring session you need to disable the monitor session definitions and to create new monitor session Command Syntax device name config monitor session rx tx destination interface UU SS PP device name config monitor session rx tx source vlan VLAN LIST interface PORT LIST device name config no monitor session rx tx Argument Description ...

Page 82: ...itor Analyzer Source Monitored Source Transmit Receive 1 1 8 ports 1 1 10 1 1 20 Configuration Examples Configuration Example for Monitor Session on Ports The following example based in Figure 8 1 shows how to configure the monitor session on ports Interface 1 1 13 mirrors the traffic on interfaces 1 1 1 1 1 2 1 1 3 1 1 4 1 1 10 and 1 1 12 The traffic is monitored both for Rx and Tx device name co...

Page 83: ...101 The traffic is monitored both for Rx and Tx device name config monitor session rx destination interface 1 1 4 device name config monitor session tx destination interface 1 1 4 device name config monitor session rx source vlan 100 101 device name config monitor session tx source vlan 100 101 device name config end device name show monitor session Monitor Analyzer Source Monitored Source Transmi...

Page 84: ...preference One port is configured as preferred by the prefer port command described below Active port refers to the current active port You can determine the active port manually using the active port command described below only if the preferred port has not been established By default if you have not configured a preferred or active port and the two ports have the same bandwidth capacity the act...

Page 85: ... Resilient link Configuration mode for settings of the specified resilient link When applied in a specified Resilient link Configuration mode the resilient link command changes the editing focus from the current resilient link to the newly specified resilient link The no form of the resilient link command removes the specified resilient link from the list of defined resilient links The no form is ...

Page 86: ... the ports command to define the resilient link with the new pair of ports If one of the added ports belongs to a VLAN s the other port will be included in the same VLAN s with the same tagging If any of the ports belonging to a resilient link will be included into any VLAN in the future the other port of the resilient link will automatically be included in the VLAN The ports command is rejected i...

Page 87: ... Description UU SS PP The preferred port number Example After having configured ports 1 1 4 and 1 1 5 as resilient link 3 preferring port 1 1 4 device name config resil link 3 prefer port 1 1 4 active port The active port command in Resilient link Configuration mode switches the active port of the currently edited resilient link Active port refers to the current active port You can determine the a...

Page 88: ...ayed N1 N2 Optional Range of ID numbers of resilient link to be displayed Examples 1 Displaying information on all currently configured resilient links device name config resil link 1 show RLink Port1 Port2 Prefer Active 1 1 1 1 1 1 2 Port 1 Port 2 2 1 1 5 1 1 6 Port 1 2 Displaying information on resilient link 3 device name config resil link 1 show 3 RLink Port1 Port2 Prefer Active 3 1 1 3 1 1 4 ...

Page 89: ...device name config resil link 1 show counter 5 RLink Swap count 5 3 3 Displaying the swap count on the configured resilient links in the range 1 to 4 device name config resil link 1 show counter 1 4 RLink Swap count 1 7 3 0 show resilient links The show resilient links command in Privileged Enable mode displays a table of the configured resilient links The table specifies the resilient link ID num...

Page 90: ...n on the configured resilient links in the range 1 to 4 device name show resilient links 1 4 RLink Port1 Port2 Prefer Active 1 1 1 1 1 1 2 3 1 1 3 1 1 4 show resilient links counter The show resilient links counter command in Privileged Enable mode produces a table showing how many swaps each resilient link has undergone in the current session You can specify by ID number or by a range of ID numbe...

Page 91: ...nfigured resilient links device name show resilient links counter RLink Swap count 1 7 3 0 5 3 2 Displaying the swap count on all resilient link 5 device name show resilient links counter 5 RLink Swap count 5 3 3 Displaying the swap count on the configured resilient links in the range 1 to 4 device name show resilient links counter 1 4 RLink Swap count 1 7 3 0 ...

Page 92: ...views See Defining SNMP Views 4 Create groups See Defining SNMP Groups 5 Create the users See Defining an SNMP User 6 If you need to limit the managed communication for users according to access list criteria see Displaying the Named Access Lists 7 The show access lists command in Privileged Enable mode displays the defined named access lists Command Syntax device name show access lists Example Th...

Page 93: ...en 10 and 64 characters that represent a hexadecimal number Internally this string is represented by a sequence of 5 to 32 whole bytes each byte representing two hexadecimal digits The user should enter an odd number of hexadecimal digits otherwise the parser would pad the last byte with zeros in the byte s four most significant bits As a result an extra zero will be inserted before the last digit...

Page 94: ...ng SNMP messages on this port Otherwise it will use the standard SNMP port 161 The no form of this command disables the SNMP server By default the SNMP server is disabled NOTE If the SNMP server is disabled it can still be configured from the Command Line Interface but it cannot respond to SNMP PDUs and cannot send traps Command Syntax device name config snmp server enable udp port device name con...

Page 95: ... Argument Description VIEWNAME The name of the View The view name is limited to 32 characters OID TREE Starting point inside the MIB tree given in dot notation included The Object ID is included in the view excluded The Object ID is excluded from the view MASK Bit mask defining OID wildcard Example 1 The following commands create the view MyView and add two rules to it The first rule enables acces...

Page 96: ...nmp server group command in Global Configuration mode creates an SNMP group with a specified security model v1 v2c or v3 and defines the access right for this group by associating views to this group If the security model is v3 you can specify the security level noAuth Auth or AuthPriv The no form of the command deletes the SNMP group data If you specify only the group name all groups with that na...

Page 97: ...pecifies what portion of the MIB database is accessible for notifications Example 1 device name config snmp server group GR1 v3 auth read v3_read write v3_write notify v3_read Example 2 The following example shows how to delete the group named MyGroup device name config no snmp server group MyGroup Example 3 The following example shows how to delete a group that is named MyGroup2 and has security ...

Page 98: ... to 32 characters GROUP NAME The name of the group to which the user is associated v1 v2c v3 Enter the SNMP version number v1 v2c or v3 If you enter v3 you have additional options priv ENCRYPTION Optional Specifies that the PDUs sent from this user should be encrypted with the key generated from the password auth Optional An authentication level setting session Specifying this argument requires ei...

Page 99: ...If the parameter is not supplied logging of all notifications is enabled disabled NOTE If logging of particular notifications has been disabled with a specific with an argument no snmp server log notify Tag1 command using the general without the argument snmp server log notify command will not enable them In this case you have to explicitly enable these notifications E g if you have set device nam...

Page 100: ... D e f a u l t V a l u e Named access list Not created Exact match Disabled Creating a Named Access List The access list command in Global Configuration mode configures an access list that controls the inbound and or outbound data traffic according to criteria specified in the command arguments The no form of this command removes the specified access list The access list defaults to an implicit de...

Page 101: ...ne permit 34 34 34 6 16 device name show access lists access list jiji permit any ccess list phone permit 34 34 34 6 16 Assigning an Access List to a User The snmp server access list command in Global Configuration mode assigns an access list to the specified user The no form of this command removes the access list assigned to the specified user The access list can permit or deny access to a user ...

Page 102: ...y access in the view to all variables participating in the notification Table 10 4 Agent Notification Configuration Commands C o m m a n d D e s c r i p t i o n snmp server notify Defines a notification and specifies the type trap inform snmp server target param Defines the notification target parameter snmp server target addr Defines the notification target address snmp server target profile Incl...

Page 103: ...s reinitializing itself and that its configuration may have been altered warmStart Indicates that the SNMP entity acting as an agent is reinitializing itself such that its configurationis unaltered authenticationFailure Indicates that the SNMP entity acting as an agent has received a protocol message that is not properly authenticated The authentication method depends on the version of SNMP that i...

Page 104: ...have passed the program threshold Indicates that level of oversize packets have passed the program threshold Indicates that level of runts packets have passed the program threshold Indicates that RAM space reaches critical minimum Indicates that a task is suspended Defining the Notification Target Parameter The snmp server target param command in Global Configuration mode defines the notification ...

Page 105: ...e Notification Target Address The snmp server target addr command in Global Configuration mode defines the notification target address The no form of this command deletes the notification target address Command Syntax device name config snmp server target addr NAME A B C D udp port PAR NAME TAG1 TAG2 TAGN device name config snmp server target addr NAME addtag deltag TAG NAME device name config no ...

Page 106: ...figuration mode includes or excludes a branch of the MIB tree in a notification profile The no form of this command removes the notification target profile Use this command only if you need to supply filters that do not match the user definition In most cases the user can use the user defined filters by applying the snmp server user command in Global Configuration mode NOTE Before you use this com...

Page 107: ...g is used for the textual identification of the contact person for this managed node together with information on how to contact this person If no contact information is known the value is a zero length string Command Syntax device name config snmp server contact LINE TEXT device name config no snmp server contact Example device name config snmp server contact tom comp com Argument Description LIN...

Page 108: ... 80 characters long Example device name config snmp server location ROOM 256 SNMP Displaying Commands Table 10 7 lists the display commands for the SNMP Agent Table 10 7 SNMPv3 Agent Display Commands C o m m a n d D e s c r i p t i o n show snmp server Displays the status of the SNMP server show snmp server engineID Displays the current SNMP agent engine ID and all remote Engine IDs that are known...

Page 109: ... disable Inform retries 10 Inform timeout 2 secs device name Displaying the Engine ID The show snmp server engineID command in Privileged Enable mode displays the local SNMP engine ID of the SNMP agent all Engine IDs that are known to the agent and information about the Inform operation values that are different from their default values Command Syntax device name show snmp server engineID Example...

Page 110: ...s the viewmask of a particular view if it is configured If the name of the view is specified only data for the views with the specified name is displayed on the screen If the view name is not specified all views are displayed on the screen The view name is not case sensitive and can be entered partially The viewmask length is 32B A view is displayed in symbolic format when some portions of the vie...

Page 111: ...ype can be Volatile the data is in volatile memory and after reboot it will be lost or Non Volatile the data is in Non volatile memory it will be restored after reboot Displaying the Notification Target Parameters The show snmp server target param command in Privileged Enable mode displays the notification target parameters Command Syntax device name show snmp server target param Example device na...

Page 112: ...notify Notify Name fanStatusChangelinkDown Notify type inform Tag tag1 Notify Name linkUp Notify type inform Tag tag1 Notify Name resilientLinkStatusChange Notify type trap Tag tag device name Displaying the Notification Target Address The show snmp server target addr command in Privileged Enable mode displays the notification target address Command Syntax device name show snmp server target addr ...

Page 113: ...ddress 193 124 13 6 Specify the default UDP port 162 the parameter name PARAMNAME and a tag TAG device name config snmp server target addr ADDRESSNAME 193 124 13 6 162 PARAMNAME TAG 4 To configure SNMP V2c inform notification define a notification target parameter with name PARAMNAME and security name usrV2 security model v2 device name config snmp server target param PARAMNAME usrV2 v2c 5 Create ...

Page 114: ...uthentication and authentication password string Create a remote user with engine ID 123456789abcd device name config snmp server user usrRemote group grpRemote v3 auth sha auth_password remote 123456789abcd 6 Configure a group with name grpRemote SNMP version number 3 authentication level auth Specify a read view all Specify a write view all Specify the notify view all device name config snmp ser...

Page 115: ...ntries If the switch is reset or a power Off On cycle occurs dynamic entries are deleted from the database The dynamic entries can also be deleted by a specified command More information about setting the aging time and deleting dynamic entries is provided further on in this section Static entries Static entries are configured by the user These are permanent entries which are retained in the datab...

Page 116: ...ess table Adds an entry to the FDB table clear mac address table Clears the specified MAC addresses no mac address table Clears the specified MAC addresses show mac address table Displays the specified data pertaining to the FDB table mac address table aging time Sets the FDB aging time show mac address table aging time Displays the FDB table aging time Description of Commands Adding FDB Table Ent...

Page 117: ...n Privileged Enable mode no mac address table commands applied in Configuration mode The commands are implemented as follows clear mac address table The clear mac address table command in Privileged Enable mode clears the MAC addresses specified by the command arguments Command Syntax device name clear mac address table dynamic filtered secure static multicast address HH HH HH HH HH HH vlan vlan i...

Page 118: ...ast aging time address HH HH HH HH HH HH vlan vlan id device name config no mac address table static address HH HH HH HH HH HH vlan vlan id interface UU SS PP Argument Description address HH HH HH HH HH HH The specified MAC address is cleared if it complies with all other specified arguments interface UU SS PP Optional MAC addresses on the specified interface are cleared if they comply with all ot...

Page 119: ...l other specified arguments vlan vlan id Optional Information is displayed about the MAC addresses for the specified VLAN if they comply with all other specified arguments dynamic Optional Information is displayed only about the dynamic MAC addresses filtered Optional Information is displayed only about the filtered MAC addresses secure Optional Information is displayed only about the secure MAC a...

Page 120: ...ay take up to twice as long as the value that has been set e g if 300 seconds have been specified the actual age out period may take between 300 and 600 seconds Command Syntax device name config mac address table aging time TIME device name config no mac address table aging time Argument Description TIME The aging time value in seconds in the range 10 816 Example The following example sets the MAC...

Page 121: ...ging STP You can use STP configuration commands per switch or per interface To enable per switch STP configuration commands you must enter Protocol Configuration mode by using the following command in global Configuration mode device name config protocol device name cfg protocol The cfg protocol prompt line indicates Protocol Configuration mode To access the STP interface configuration commands us...

Page 122: ...o specified interface configuration mode and displays the STP settings for that interface Reconfigures the STP or RSTPto use the alternate backup link in case of CRC errors NOTE A BPDU Bridge Protocol Data Unit transmission is an STP information exchange packet sent out at periodic intervals to other units in the network to detect loops in the network topology Table 12 2 STP Commands in Interface ...

Page 123: ...elloTime 1 sec HoldTime 1 sec BridgeMaxAge 20 sec BridgeHelloTime 1 sec BridgeForwardDelay 15 sec DetectLineCRCReconfig disabled spanning tree enable disable The spanning tree enable disable command in Protocol Configuration mode enables disables the Spanning Tree option The Spanning Tree algorithm dynamically creates a tree through the network used to efficiently direct packets to their destinati...

Page 124: ... no form of this command resets the default value NOTE You cannot assign hello time a value greater than MaxAge 2 1 Command Syntax device name cfg protocol spanning tree hello time hello time device name cfg protocol no spanning tree hello time Argument Description hello time The time interval in seconds between BPDU transmissions from the ports of this unit The default value is 2 seconds spanning...

Page 125: ...e The time in seconds during which learned Spanning Tree information is maintained before being discarded The default value is 20 seconds spanning tree interface The spanning tree interface command in Protocol Configuration mode changes the mode to the specified interface Configuration mode and enables the setting of the STP in the specified interface if a specific interface is specified If all is...

Page 126: ... enable command in Protocol Configuration mode switches the device to using the existing alternate backup link instead of the current link when the CRC errors on the line reach critical level The error level is considered critical when the CRC error rate exceeds 1 for a 3 seconds interval The command triggers reconfiguring of the Spanning Tree or the Rapid Spanning Tree so it is effective only whe...

Page 127: ...ce The no form of this command resets the default path cost value of 10 Command Syntax device name config if UU SS PP spanning tree path cost 1 200000000 device name config if UU SS PP no spanning tree path cost Argument Description 1 200000000 STP path cost value assigned to the configured interface spanning tree priority The spanning tree priority command in Interface Configuration mode sets the...

Page 128: ... a single end station is connected and where powering that end station on and off would cause the Topology Change Notification mechanism to be triggered By default the topology change detection is enabled Command Syntax device name config if UU SS PP spanning tree detect tc device name config if UU SS PP no spanning tree detect tc Displaying Port Spanning Tree Topology Settings Table 12 4 STP Disp...

Page 129: ...30405 128 63 0 Enabled 01 01 03 128 listn 19 0 32768 000002030405 128 62 2 Enabled show spanning tree interface The show spanning tree interface command in Privileged Enable mode displays the Spanning Tree topology for the specified port Command Syntax device name show spanning tree interface UU SS PP Example The following example displays the STP interface parameters when the bridge is not the Ro...

Page 130: ... the Spanning Tree protocol STP Enabling STP Debug Information The debug stp command in Privileged Enable mode displays the information related to processing the Spanning Tree protocol STP Use the no form of this command to disable the display of STP information The STP debug commands will not be saved after reload By default the debug is disabled Command Syntax device name debug stp all flush tc ...

Page 131: ...s of the STP Debug The show debug stp command in Privileged Enable mode displays the debug status for the Spanning Tree protocol STP The debug commands can help the network manager to monitor a session as it proceeds on the switch Command Syntax device name show debug stp ...

Page 132: ...signments P o r t R o l e D e f i n i t i o n Root Port Port connected to the root bridge switch State forwarding and link enabled Designated Port Port connected to the designated switch the switch closest to the root switch Frames are forwarded to the root through the designated switch Alternate Port Port that offers a path to the root bridge switch alternate to the path provided by the Root Port...

Page 133: ...e port that has the best Port Identifier as the Root Port The Port Identifier comprises two parts One part is fixed and unique for each Port on a Bridge The other part is a manageable priority component as described in IEEE Std 802 1w 2001 Part 3 Media Access Control MAC Bridges Amendment 2 Rapid Reconfiguration Section 9 2 7 Encoding of Port Identifiers The unique Port Identifiers are compared nu...

Page 134: ... one other Bridge i e it is served by a point to point LAN segment or to two or more Bridges i e it is served by a shared medium LAN segment Rapid transition of a Designated Port to Forwarding is possible only if the LAN segment associated with the Port is point to point or if the port is defined to be an edge Port Otherwise the transition of a Designated Port from Discarding to Learning and from ...

Page 135: ...ridge AND both Port States are known not to be Forwarding if they attach to LANs that connect to Bridges whose Port Roles are not consistent with that Bridge OR 4 The Port is a Designated Port attached to a LAN that is known not to be attached to any other Bridge Ports Condition 1 above makes use of Forwarding Delay as the basis for establishing that enough time has elapsed to allow the transition...

Page 136: ...anning tree forward delay Sets the time duration in Listening and Learning states that precede the Forwarding state in hundredths of seconds Also used to age dynamic entries in the Forwarding database when a topology change is under way rapid spanning tree max age Sets the time in seconds that learned RSTP information is kept before being discarded rapid spanning tree interface Changes to specifie...

Page 137: ...id spanning tree The rapid spanning tree command in Protocol Configuration mode displays the current RSTP parameter configuration To display Rapid Spanning Tree topology for a specified port or all ports use the show rapid spanning tree command or the show rapid spanning tree interface command in View or Privileged mode Command Syntax device name cfg protocol rapid spanning tree Example device nam...

Page 138: ... value it will display the currently configured priority value Command Syntax device name cfg protocol rapid spanning tree priority 0 65535 device name cfg protocol no rapid spanning tree priority Argument Description 0 65535 The rapid spanning tree bridge priority in increments of 4096 Any other number will be rounded down The default value is 32768 IEEE802 1w rapid spanning tree hello time The r...

Page 139: ... spanning tree forward delay forward delay device name cfg protocol no rapid spanning tree forward delay Argument Description forward delay The time in seconds that the switch stays in each of the Listening and Learning states that precede the Forwarding State The default value is 15 seconds rapid spanning tree max age The rapid spanning tree max age command in Protocol Configuration mode sets the...

Page 140: ...ge Rapid Spanning Tree topology for all ports is displayed Examples 1 The following examples display the output of the RSTP interface for an interface with link enabled device name cfg protocol rapid spanning tree interface 1 1 1 PortPriority 128 PortState forwarding PortRole Designated Port PortEnable enabled PortPathCost 200000 DesignatedRoot This bridge is the root DesignatedCost 0 DesignatedRo...

Page 141: ...The no form of this command disables the admin status The EdgePort parameter is controlled by the RSTP state machine and the Command Line Interface CLI Admin EdgePort The admin EdgePort parameter can be set by the CLI on a per Port basis in order to indicate that a given Port is permitted to transit directly to the Forwarding Port State when a Port becomes Designated This functionality is provided...

Page 142: ...d spanning tree edge port rapid spanning tree link type The rapid spanning tree link type command in Interface Configuration mode sets the RSTP port link type administrative of the port The no form of the command resets the link type to its default value auto There are two statuses of link state operational and administrative 1 Admin Link Type Auto From the point of view of determining the value o...

Page 143: ...Syntax device name config if UU SS PP rapid spanning tree link type auto point to point shared device name config if UU SS PP no rapid spanning tree link type Argument Description auto Indicates that the link type status is chosen dynamically according to the link state point to point Indicates that the configured interface is connected to one switch which runs RSTP In point to point rapid transit...

Page 144: ...000 200 20 000 1 200 000 000 100 Gbps 200 20 2 000 1 200 000 000 1 Tbps 20 2 200 1 200 000 000 10 Tbps 2 1 20 1 200 000 000 rapid spanning tree priority The rapid spanning tree priority command in Interface Configuration mode sets the RSTP priority for the configured interface The no form of this command resets the default priority value of 128 Command Syntax device name config if 1 1 1 rapid span...

Page 145: ... from that link unless the legacy switch is a designated switch The RSTP supports a mechanism that forces the port to restart protocol migration process force the renegotiation with neighboring switches by mean of 1 CLI command rapid spanning tree detect protocols 2 A link up event Command Syntax device name config if 1 1 1 rapid spanning tree detect protocols Displaying Port Rapid Spanning Tree T...

Page 146: ...isabled Port Pri Prt role State PCost DCost Designated bridge DPrt FwrdT 01 01 03 128 Root frwrd 200000 0 04096 00A012000003 128 31 1 01 01 04 128 Altern discr 200000 0 04096 00A012000003 128 37 1 show rapid spanning tree interface The show rapid spanning tree interface command in Privileged Enable mode displays the Rapid Spanning Tree topology for the specified port Command Syntax device name sho...

Page 147: ... Rapid Spanning Tree protocol RSTP show debug rstp Displays the status of Rapid Spanning Tree protocol RSTP debugging Enabling RSTP Debug Information The debug rstp command in Privileged Enable mode displays the information related to processing the Rapid Spanning Tree protocol RSTP Use the no form of this command to disable the display of RSTP information The RSTP debug commands will not be saved...

Page 148: ...tSpanPRS End Roles Selection 0xa139eb20 tSpanPRT Designated synced port 1 2 4 0xa139eb20 tSpanPRT Designated proposing port 1 2 4 0xa1391880 tSpanPRS 0xa1391880 tSpanPRS Select Port Roles 0xa1391880 tSpanPRS 0xa1391880 tSpanPRS 0xa1391880 tSpanPRS Port 1 2 1 Is DesignatedPort 0xa1391880 tSpanPRS Port 1 2 4 Is DesignatedPort 0xa1391880 tSpanPRS 0xa1391880 tSpanPRS 0xa1391880 tSpanPRS End Roles Sele...

Page 149: ...ebug options handshake Activates Hand Shake protocol debugging IEEE 802 1w roles Activates debugging of role selection designated port root port etc flush Activates debugging of port table flushing MAC addresses Displaying the Status of the RSTP Debug The show debug rstp command in Privileged Enable mode displays the status of Rapid Spanning Tree protocol RSTP debugging The debug commands can help...

Page 150: ...etwork NOTE Terms used in this section are defined in Table 14 1 Bridges running MST provide interoperability with Single Spanning Tree SST bridges as follows MST bridges run Internal Spanning Tree IST IST adds internal information about the MST region to the Common Spanning Tree CST information IST connects all the MST bridges in the region and appears as a sub tree in the CST that includes the w...

Page 151: ...to ensure that all LANs in the Bridged Local Area Network are simply and fully connected Internal Spanning Tree IST The connectivity provided by the CIST within a given MST Region The IST is the first MSTI in the region numbered as MSTI0 and it exists by default and cannot be removed All other MST instances are numbered from 1 to 15 Multiple Spanning Tree Instance MSTI One of a number of Spanning ...

Page 152: ...s The configuration includes the name of the region the revision number and the MST instance to VLAN assignment map A region can have one member or multiple members with the same MST configuration Each member must be capable of processing RSTP BPDUs There is no limit to the number of MST regions in a network but each region can support up to 16 spanning tree instances You can assign a VLAN to only...

Page 153: ...ndary of the region is selected as the IST master When an MSTP switch initializes it sends BPDUs claiming itself as the root of the CST and the IST master with both of the path costs to the CST root and to the IST master set to zero The switch also initializes all of its MST instances and claims to be the root for all of them If the switch receives superior MST root information lower bridge ID low...

Page 154: ...topology Because of this the spanning tree parameters related to BPDU transmission for example hello time forward delay max age and max hops are configured only on the CST instance but affect all MST instances Parameters related to the spanning tree topology for example switch priority port cost port priority can be configured on both the CST instance and the MST instance The IST and MST instances...

Page 155: ... measured in seconds Data traffic from one port of a pseudobridge a port at the edge of a region to another port follows a path entirely contained within the pseudobridge or MST region Data traffic belonging to different VLANs might follow different paths within the MST regions established by MST The system prevents looping by doing either of the following Blocking the appropriate pseudobridge por...

Page 156: ... If an MST bridge is the root bridge for an MST instance then it is the IST master of that MST region If the CST root is outside the MST region then one of the MST bridges at the boundary is selected as the IST master Other bridges on the boundary that belong to the same region eventually block the boundary ports that lead to the root If two or more bridges at the boundary of a region have an iden...

Page 157: ...agate the same values Port Priority The MSTP uses the port priority when selecting an interface to put into the forwarding state if a loop occurs To interfaces that you want selected first you can assign higher priority values and to interfaces that you want selected last you can assign lower priority values A higher priority value corresponds to a lower numerical value and a lower priority value ...

Page 158: ...ich is either a single spanning tree switch or a switch with a different MST configuration Benefits MSTP enables load balancing over a large number of VLANs MSTP reduces the number of spanning tree instances required to support a large number of VLANs by using VLAN grouping MSTP provide rapid convergence which can reduce link convergence time to less than two seconds MSTP continues operating witho...

Page 159: ...ked on that VLAN although the MSTP will show a forwarding state Make sure that this consistency is maintained either by matching the VLAN memberships to the MSTP state or by changing MSTP parameters such as path cost and priority so the traffic will be diverted to correct ports Default MSTP Configuration Table 14 2 lists the MSTP default parameter values Table 14 2 MSTP Default Parameter Values P ...

Page 160: ... n g e 100 Kbps 200 000 000 20 000 000 200 000 000 1 200 000 000 1 Mbps 20 000 000 2 000 000 20 000 000 1 200 000 000 10 Mbps 2 000 000 200 000 2 000 000 1 200 000 000 100 Mbps 200 000 20 000 200 000 1 200 000 000 1 Gbps 20 000 2 000 200 000 1 200 000 000 10 Gbps 2 000 200 20 000 1 200 000 000 100 Gbps 200 20 2 000 1 200 000 000 1 Tbps 20 2 200 1 200 000 000 10 Tbps 2 1 20 1 200 000 000 Configurin...

Page 161: ...the MSTP transmit holdcounter Enabling MSTP The mstp command in Protocol Configuration mode enables the MSTP when the enable argument is specified disables the MSTP when the disable argument is specified and enters into Protocol MSTP Configuration mode if no argument is specified By default MSTP is disabled Command Syntax device name cfg protocol mstp enable disable Argument Description enable Ena...

Page 162: ... the Configuration without Storing the MST Map The abort command in Protocol MSTP Configuration mode exits Protocol MSTP Configuration mode without saving the MST configuration map When the abort command is used the changes in the VLAN ID to MSTI mapping will not be saved To save the changes in the VLAN ID to MSTI mapping use the apply command in Protocol MSTP Configuration mode NOTE The apply com...

Page 163: ...rward Delay Time The mstp forward delay command in Protocol Configuration mode configures the forward time for all MST instances The no form of this command resets the value to its default The forward delay is the number of seconds a port waits before changing from its spanning tree learning and listening states to the forwarding state By default the forward delay time is 15 seconds Command Syntax...

Page 164: ...and Syntax device name cfg protocol mstp max hops hops count device name cfg protocol no mstp max hops Argument Description hops count The number of hops in a region The range is 1 40 Setting the MSTP Hold Counter The mstp hold count command in Protocol Configuration mode specifies the maximim number of packets that can be sent for a hello time period The no form of this command resets the value t...

Page 165: ...a comma The list must be entered in increasing order of ID numbers For example instance 1 vlan 10 20 30 maps VLANs 10 20 and 30 to MST instance 1 Command Syntax device name cfg protocol mstp instance instance id vlan VLAN LIST device name cfg protocol mstp no instance instance id 1 The VLAN blocking is implemented by removing the port internally from that VLAN This can cause InErrors counter of su...

Page 166: ...t protocols Forces the port to work by the Rapid Spanning Tree Protocol RSTP and not by the Spanning Tree Protocol STP mstp cisco compliant Enables the port to work with Cisco compliant devices Setting the MSTP Port Priority The mstp port priority command in Interface Configuration mode defines the MST port priority The no form of this command returns the interface to its default settings By defau...

Page 167: ...s derived from the link speed of an interface If a loop occurs the MSTP uses cost when selecting an interface to put in the forwarding state You can assign lower cost values to interfaces that you want to be selected first and higher cost values that you want to interfaces to be selected last If all interfaces have the same cost value the MSTP puts the interface with the lowest interface number in...

Page 168: ...t which may be used in order to determine whether a port that becomes Designated is permitted to transit directly to Forwarding A value of enabled in the show commands indicates that this state transition is permitted to occur If a BPDU is received on the Port then the value of operational EdgePort is set to disabled Following a port initialization or following a link up event operational EdgePort...

Page 169: ...ned in accordance with the specific procedures defined for the switch entity concerned as defined in Admin link type auto If these procedures determine that the port is connected to a point to point LAN segment then Operational link type is set to point to point otherwise it is set to Shared In the absence of a specific definition of how to determine whether the port is connected to a point to poi...

Page 170: ... 7 displays a Nokia ESB26 generated BPDU that matches IEEE 802 1s The BPDU includes two M records Table 14 8 displays an example of a Cisco BPDU NOTE In Cisco compliance mode Nokia ESB26 generates and parses BPDUs with the format of Cisco BPDUs as it is displayed in Table 14 8 Before parsing the BPDUs first are displayed the dumps BiNOS dump and Cisco dump The differences from the 802 1s specifica...

Page 171: ... Identifier 80 00 00 a0 12 11 29 92 CIST Ext Path Cost 00 00 00 00 CIST Regional Root Identifier 80 00 00 a0 12 11 29 92 CIST Port Identifier 80 0b Message age 00 00 Max age 14 00 Hello Time 02 00 Forward Delay 0f 00 Version 1 length should be 0 00 Version 3 length Mrecords total length 00 60 MSTI configuration Identifier Key Revision Name 51 Bytes 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0...

Page 172: ...Table 14 8 Cisco BPDU parsed by a BiNOS device F i e l d n a m e V a l u e N o t e ETH Dest 01 80 c2 00 00 00 ETH Src 00 08 a3 37 f1 c1 ETH Len 00 84 LLC 42 42 03 Protocol Identifier 00 00 Protocol version Identifier 03 BPDU type 02 CIST Flags 68 CIST Root Identifier 60 00 00 07 eb d5 a2 00 CIST Ext Path Cost 00 00 00 00 CIST Bridge Identifier 60 00 00 07 eb d5 a2 00 CIST Port Identifier 80 01 Mes...

Page 173: ... MSTID field The priority of the sending bridge and the port priority are sent without bridge ID and port ID of the sending bridge MSTI Internal root path cost MSTI Transmitting Bridge Idnetifier MSTI Port Identifier MSTI Remaining hops 00 00 00 00 60 01 00 07 eb d5 a2 00 80 01 14 00 NOTE If the Cisco BPDUs are parsed as specified in IEEE 802 1s standard some offsets and shifts may cause wrong val...

Page 174: ...evision 1 Instance Vlans mapped 0 1 4094 Displaying the Configuration The show command in Protocol MSTP Configuration mode displays the current Multiple Spanning Tree Protocol MSTP configuration The configuration displayed includes the region name the MTSP revision number and the VLAN ID to MSTI mapping Command Syntax device name cfg protocol mstp show Example device name cfg protocol mstp show Pe...

Page 175: ...device name cfg protocol mstp show mstp Multiple spanning trees enabled ProtocolSpecification ieee8021s Priority 0 TimeSinceTopologyChange 0 Sec TopChanges 0 CIST Root 00001 00 A0 12 0F 2F 27 CIST Port 01 01 02 CIST Cost 200000 MaxAge 20 Sec HelloTime 2 Sec ForwardDelay 15 Sec BridgeMaxAge 0 Sec BridgeHelloTime 2 Sec BridgeForwardDelay 15 Sec ProtoMigratioDelay 3 Sec MaxHopCount 40 TxHoldCount 3 M...

Page 176: ...xAge The maximum age in seconds of received protocol information before it is discarded HelloTime The time interval in seconds between the transmissions of Configuration BPDUs by a Bridge that is attempting to become the Root or is the Root ForwardDelay The forward time for all MST instances The forward delay is the number of seconds a port waits before changing from its spanning tree learning and...

Page 177: ...red MST instances for a specified interface or all the switch s interfaces Table 14 11 describes the parameters displayed by the show mstp instance command Command Syntax device name show mstp instance instance id all interface UU SS PP Argument Description instance id The MST instance ID the range is 0 to 15 all All instances interface UU SS PP Optional Settings of MSTP port specified by Unit Slo...

Page 178: ...signated bridge port path cost Designated Bridge The ID of the designated bridge for this network Designated Port Id The ID of the designated bridge port AdminEdgePort The administrative settings for the edge port OperEdgePort The current Edge port working mode AdminLink Type The administrative settings for the link type Link Type The current link type working mode Running Version The running vers...

Page 179: ...d BPDUs no debug mstp Disables all debug actions in the MSTP show debug mstp Displays the status of the current debug actions in the MSTP Debugging the MSTP Flushing of MAC Address Table The debug mstp flush command in Privileged Enable mode activates the MAC address table flush debugging in the Multiple Spanning Tree Protocol MSTP Use the no form of this command to disable the display of MAC addr...

Page 180: ...the devices handshaking in the Multiple Spanning Tree Protocol MSTP Use the no form of this command to disable the handshaking debugging The debug mstp handshake command will not be saved after reload By default MSTP port handshake debugging is disabled Command Syntax device name debug mstp handshake all instance id device name no debug mstp handshake all instance id Argument Description all Displ...

Page 181: ...E port 20 mst 0 tMstPIM 1970 01 01 01 25 35 PIM RECEIVE REPEATED_DESIG port 20 mst 0 tMstPIM 1970 01 01 01 25 35 PIM REPEATED_DESIG CURRENT port 20 mst 0 Debugging the MSTP BPDU The debug mstp bpdu command in Privileged Enable mode displays information about the received and transmitted BPDUs packet in the Multiple Spanning Tree Protocol MSTP The no form of this command disables the display of the...

Page 182: ... the Multiple Spanning Tree Protocol MSTP for a specified port range Use the no form of this command to disable the MSTP PRTM debugging The debug mstp prt command will not be saved after reload By default MSTP PRTM debugging is disabled Command Syntax device name debug mstp prt all flags events stats from Pa to Pz device name no debug mstp prt all flags events stats Argument Description all Displa...

Page 183: ...cified port range Pa Number of the first port specifying the port range The number must be in logical port number format Pz Number of the last port specifying the port range The number must be in logical port number format Example device name debug mstp tcm all from 1 to 20 tMstPRT 1970 01 01 16 02 53 TCM INACTIVE INACTIVE port 20 mst 2 tMstPRT 1970 01 01 16 02 53 TCM DETECTED ACTIVE port 18 Disab...

Page 184: ... the debug actions in the Multiple Spanning Tree Protocol MSTP that are currently active in the switch Command Syntax device name show debug mstp Example device name show debug mstp MSTP debugging status MSTI Dbg Role Dbg Handshake Dbg Flush 0 ON ON OFF Port debugging status Port Dbg RX Dbg TX Dbg Validation Dbg Sanity 1 1 1 OFF ON OFF OFF 1 1 2 OFF ON OFF OFF 1 1 3 OFF ON OFF OFF 1 1 4 OFF ON OFF...

Page 185: ...device name configure terminal device name config interface 1 1 1 2 Assign port priority 2 to instance 1 and path cost 22 to instance 2 device name config if 1 1 1 mstp 1 port priority 2 device name config if 1 1 1 mstp 2 path cost 22 device name config if 1 1 1 end 3 Display the MSTP port configuration device name show mstp instance all interface 1 1 1 MST instance 0 Port Enable enabled Port Prio...

Page 186: ...llo time to 4 seconds max age time to 34 seconds and max hop count to 23 device name cfg protocol mstp hello time 4 device name cfg protocol mstp max age 34 device name cfg protocol mstp max hops 23 device name cfg protocol end 3 Display the MSTP configuration device name show mstp Multiple spanning trees enabled ProtocolSpecification ieee8021s Priority 32768 TimeSinceTopologyChange 0 Sec TopChang...

Page 187: ...instances on each switch The example shows how redundancy is achieved with MSTP Figure 14 3 displays the connections schematically After configuring the network the show mstp command is used on each switch to verify that the MST instances are configured correctly Figure 14 3 Schematic MSTI Configuration Configuring Switch 1 1 Create VLANs V100 and V200 and add the appropriate ports to each VLAN de...

Page 188: ...00 and V200 and add the appropriate ports to each VLAN device name configure terminal device name config vlan device name config vlan config default device name config vlan default remove ports 1 1 1 1 1 3 device name config vlan default exit device name config vlan create v100 100 device name config vlan config v100 device name config vlan v100 add ports 1 1 1 1 1 3 tagged device name config vlan...

Page 189: ...e the MSTP device name config protocol device name cfg protocol mstp enable 3 Enter into Protocol MSTP Configuration mode device name cfg protocol mstp 4 Add VLANS to MTSIs 0 1 and 2 device name cfg protocol mstp instance 0 vlan 1 99 101 199 201 4094 device name cfg protocol mstp instance 1 vlan 100 device name cfg protocol mstp instance 2 vlan 200 Configuring Switch 4 1 Create VLAN V200 and add t...

Page 190: ...20 Sec BridgeHelloTime 2 Sec BridgeForwardDelay 15 Sec ProtoMigratioDelay 3 Sec MaxHopCount 40 TxHoldCount 3 MST00 VLAN mapped 1 99 101 199 201 4094 Regional Root 32768 00 A0 00 01 09 0B RemainingHopCount 39 TopChanges 6 Port Pri Prt role State PCost DCost Designated bridge DPrt 01 01 01 128 Designat frwrd 200000 0 32768 00A0120A0168 128 001 01 01 02 128 Designat frwrd 200000 0 32768 00A0120A0168 ...

Page 191: ...e PCost DCost Designated bridge DPrt 01 01 01 128 Designat frwrd 200000 0 32768 00A00001090B 128 001 01 01 02 128 Designat frwrd 200000 0 32768 00A00001090B 128 002 01 01 03 128 Designat frwrd 200000 0 32768 00A00001090B 128 003 01 01 10 128 Designat frwrd 200000 0 32768 00A00001090B 128 010 MST01 VLAN mapped 100 Regional Root 00001 00 A0 12 0A 01 68 RemainingHopCount 39 TopChanges 4 Port Pri Prt ...

Page 192: ...Root frwrd 200000 0 32768 00A00001090B 128 001 01 01 10 128 Designat frwrd 200000 0 32768 00A012BBBBBB 128 010 MST01 VLAN mapped 100 Regional Root 00001 00 A0 12 0A 01 68 RemainingHopCount 39 TopChanges 2 Port Pri Prt role State PCost DCost Designated bridge DPrt 01 01 01 128 Root frwrd 200000 0 00000 00A0120A0168 128 001 01 01 02 128 Altern block 200000 0 32768 00A00001090B 128 001 01 01 10 128 D...

Page 193: ...68 00A0120B0BC4 128 010 MST01 VLAN mapped 100 Regional Root 00001 00 A0 12 0A 01 68 RemainingHopCount 39 TopChanges 5 Port Pri Prt role State PCost DCost Designated bridge DPrt 01 01 01 128 Altern block 200000 0 32768 00A00001090B 128 002 01 01 02 128 Root frwrd 200000 0 00000 00A0120A0168 128 002 01 01 10 128 Designat frwrd 200000 0 32768 00A0120B0BC4 128 010 MST02 VLAN mapped 200 Regional Root 0...

Page 194: ...opChanges 6 CIST Root 32768 00 A0 00 01 09 0B CIST Port 01 01 03 CIST Cost 0 MaxAge 20 Sec HelloTime 2 Sec ForwardDelay 15 Sec BridgeMaxAge 20 Sec BridgeHelloTime 2 Sec BridgeForwardDelay 15 Sec ProtoMigratioDelay 3 Sec MaxHopCount 40 TxHoldCount 3 MST00 VLAN mapped 1 99 101 199 201 4094 Regional Root 32768 00 A0 00 01 09 0B RemainingHopCount 39 TopChanges 6 Port Pri Prt role State PCost DCost Des...

Page 195: ... 3 device name show mstp Multiple spanning trees enabled ProtocolSpecification ieee8021s Priority 0 TimeSinceTopologyChange 0 Sec TopChanges 3 CIST Root 32768 00 A0 00 01 09 0B CIST Port 01 01 02 CIST Cost 0 MaxAge 20 Sec HelloTime 2 Sec ForwardDelay 15 Sec BridgeMaxAge 20 Sec BridgeHelloTime 2 Sec BridgeForwardDelay 15 Sec ProtoMigratioDelay 3 Sec MaxHopCount 40 TxHoldCount 3 MST00 VLAN mapped 1 ...

Page 196: ...LAN mapped 200 Regional Root 00002 00 A0 00 01 09 0B RemainingHopCount 39 TopChanges 3 Port Pri Prt role State PCost DCost Designated bridge DPrt 01 01 02 128 Root frwrd 200000 0 00000 00A00001090B 128 001 01 01 10 128 Designat frwrd 200000 0 32768 00A012BBBBBB 128 010 ...

Page 197: ...nstrain multicasts at Layer 2 in the host s VLAN NOTE In all cases you can use IGMP snooping to constrain multicasts at Layer 2 without the need to install or configure software on hosts When a host wants to join an IP multicast group it sends an IGMP join message which creates a corresponding GMRP join message When the switch receives the GMRP join message it adds the port through which the join ...

Page 198: ...ion is configured all the multicast traffic is passed on the master port For more information about Link Aggregation refer to the Link Aggregation Groups LAGs chapter Default GMRP Configuration Table 15 1 shows the default GMRP configuration Table 15 1 GMRP Default Configuration P a r a m e t e r D e f a u l t V a l u e GMRP global enable state Disabled GARP timers Join time 200 ms Leave time 600 ...

Page 199: ...ed Enable mode display the current GMRP status of the switch enabled or disabled Command Syntax device name cfg protocol gmrp device name show gmrp Example 1 device name cfg protocol gmrp GMRP enabled Example 2 device name show gmrp GMRP enabled Changing the GMRP Status The gmrp command in Protocol Configuration mode changes the switch s GMRP status to enable or disable By default GMRP is disabled...

Page 200: ...ice name show gmrp GMRP enabled Related Commands The table below shows the GMRP related commands Table 15 3 GMRP Related Commands C o m m a n d D e s c r i p t i o n D e s c r i b e d i n garp timer Sets the GARP timer values GVRP GARP VLAN Registration Protocol chapter Description of Commands section show garp timer Displays the GARP timer configuration GVRP GARP VLAN Registration Protocol chapte...

Page 201: ...o join several VLANs and then notify the network switches of the VLANs they want to join The dynamic VLANs that were learned can be viewed by the command show vlan dynamic For more information see the Commands to Display the VLAN Configuration section in the VLANs Virtual LANs chapter Configuring and Displaying GVRP Settings You can use the following GVRP commands Table 16 1 GVRP Commands C o m m ...

Page 202: ...vrp enable disable The gvrp enable disable command in Protocol Configuration mode changes the switch s GVRP status to enable or disable When GVRP is enabled VLANs are allowed to learn details of neighboring VLANs and to apply self configuration settings based on the information that is learned Command Syntax device name cfg protocol gvrp enable disable Example device name config protocol device na...

Page 203: ...l garp timer leave leaveall 300 20000 device name cfg protocol garp timer join 100 6666 device name cfg protocol no garp timer join leave leaveall device name cfg protocol no garp timer Argument Description join GARP Join timer leave GARP Leave timer leaveall GARP LeaveAll timer 300 20000 100 6666 Refresh interval for the specified timer The leave timer refresh interval must be equal to or smaller...

Page 204: ...200 Leave 600 LeaveAll 10000 device name port gvrp enable disable The port gvrp enable disable command in Interface Configuration mode changes the port GVRP status to enable or disable respectively Disabling GVRP on a port will disable GVRP packets transmit from that port Command Syntax device name config if 1 1 1 port gvrp enable disable ...

Page 205: ...ity devices within a VLAN can communicate directly only with devices in the same VLAN Communication between devices in different VLANs must pass through a routing device or Layer 3 switch Better control of broadcast traffic Traditional networks may become congested by broadcast traffic that is directed to all network devices whether or not they require it With VLANs you can increase the efficiency...

Page 206: ...determined based on the Port of arrival of the frame into the Switch This classification mechanism requires the association of a specific VLAN ID the Port VLAN Identifier or PVID with each of the Switch s Ports The PVID is also known as the port s default VLAN The PVID for a given port provides the VID for untagged and priority tagged frames received through that port The PVID for each port contai...

Page 207: ...a NIC that supports 802 1Q tagging Assigning a VLAN Tag Each VLAN may be assigned an 802 1Q VLAN tag As ports are added to a VLAN with an 802 1Q tag defined you need to decide whether each port will have tagging assigned for that VLAN The default mode of the switch is to have all ports assigned to the default VLAN that has the name default and an 802 1Q VLAN tag VLAN ID of 1 Not all ports in the V...

Page 208: ...N configuration mode and in any specific VLAN configuration mode show vlan Displays the VLANs configuration show vlan dynamic Displays the dynamic VLANs show vlan management Displays the management VLANs show vlan The show vlan command in Privileged Enable mode displays information regarding the VLANs defined in the system The command is equivalent to the show command in VLAN Configuration mode Co...

Page 209: ...ame show vlan dynamic Commands to Configure VLAN Settings BiNOS allows you to configure 802 1Q compatible VLANs Compatibility with the 802 1Q standard lets you assign a single switch port to two or more VLANs while still allowing for interfacing with older switches that require a separate port for each VLAN An example of three VLANs on one switch is shown in Figure 17 2 Figure 17 2 Three VLANs on ...

Page 210: ...s a specific VLAN configuration mode use the config command in the global VLAN Configuration mode Table 17 2 summarizes the commands that are available in the global VLAN Configuration mode Table 17 2 Commands in Global VLAN Configuration Mode C o m m a n d D e s c r i p t i o n create Creates a VLAN with specified name and tag number delete Deletes the VLAN specified by its name delete id Deletes...

Page 211: ...n mode provides access to VLAN Configuration commands Command Syntax device name config vlan device name config vlan create The create command in VLAN Configuration mode creates a VLAN with the specified name and tag VLAN serial number Command Syntax device name config vlan create NAME vlan id Argument Description NAME VLAN name vlan id VLAN tag number in the range 2 4094 Example device name confi...

Page 212: ...atically assigns VLAN names that match the tag numbers With the create range command you can also add specified port s as either tagged or untagged ports The VLAN name that is automatically assigned is of the form Vlan_dddd where dddd represents a 1 to 4 digit number equal to the matching tag number For example the VLAN created with tag number 123 gets the name Vlan_123 Command Syntax device name ...

Page 213: ...aces before or after the comma that separates sequential lists are not allowed Example device name config vlan create range 15 20 1 1 1 1 1 3 untagged This example creates a sequence of VLANs that you can display as follows device name config vlan show Name VTag Tagged ports Untagged ports default 1 1 1 1 1 1 26 Vlan_15 15 1 1 1 1 1 3 Vlan_16 16 1 1 1 1 1 3 Vlan_17 17 1 1 1 1 1 3 Vlan_18 18 1 1 1 ...

Page 214: ...guration mode as indicated by the prompt line that follows device name config vlan config vlan_52 device name config vlan vlan_52 2 Switching the configuration mode from one specific VLAN to another as indicated by the prompt line that follows device name config vlan vlan_52 config XYZ device name config vlan XYZ add ports The add ports command in Specific VLAN Configuration mode adds the specifie...

Page 215: ... 1 12 1 1 15 configured to it The result is displayed by the show command that can be applied in any specific or global VLAN Configuration mode device name config vlan xxx add ports 1 1 2 1 1 5 untagged device name config vlan xxx add ports 1 1 8 1 1 9 1 1 12 tagged device name config vlan xxx show Name VTag Tagged ports Untagged ports default 1 1 1 1 1 1 26 xxx 9 1 1 1 1 1 8 1 1 9 1 1 2 1 1 5 1 1...

Page 216: ...me config vlan VLAN NAME remove ports PORT LIST Argument Description PORT LIST One or more port numbers specified by the following options UU SS PP unit slot and port number e g 1 1 8 specifying a single port UU 1 or 2 digit unit number specifying all ports on unit UU SS unit and slot number specifying all ports on slot A hyphenated range of ports e g 1 1 9 1 1 16 Several port numbers and or range...

Page 217: ...sabling the GVRP won t erase the converted VLANs Command Syntax device name config vlan config dynamic vlan id Argument Description vlan id Specifies the VLAN ID number in the range 2 4094 Example Configuring the dynamic GVRP VLAN 2 device name config vlan config dynamic 2 device name config vlan Dynamic_2 management The management command in VLAN Configuration mode provides access to the switch s...

Page 218: ...VLAN IDs in the form k k1 k2 l l1 l2 m m1 m2 where commas are used as term separators and hyphenated terms represent ranges For example The expression 2 4 8 32 64 512 represents VLAN IDs 2 4 the range from 8 to 32 and the range from 64 to 512 Example In the following example the switch can be managed only by VLAN 2 VLAN 100 101 and 102 were created but the switch cannot be managed from the worksta...

Page 219: ...ame config vlan create v102 102 device name config vlan config v102 device name config vlan v102 add ports 1 1 4 untagged device name config vlan v102 add ports default 1 1 4 device name config vlan v102 add ports 1 1 13 tagged device name config vlan v102 exit device name config vlan config default device name config vlan default remove ports 1 1 2 1 1 4 1 1 13 device name config vlan default exi...

Page 220: ...QoS policies can reserve sufficient bandwidth for this type of application Other applications deemed less critical can be limited in their bandwidth usage During periods of light traffic QoS policies have little effect and packets are transmitted as soon as they arrive During periods of congestion outbound packets accumulating at an interface are sorted into eight queues They are transmitted from ...

Page 221: ...or example going from Gigabit Ethernet to Fast Ethernet Database applications such as those associated with ERP typically do not demand significant bandwidth and are tolerant of delay You can establish a minimum bandwidth using a priority less than that of delay sensitive applications Web browsing applications cannot be generalized into a single category Casual and application oriented traffic can...

Page 222: ...formation when it transmits an 802 1Q tagged frame The 802 1p priority information that is transmitted is determined by the hardware queue that is used when transmitting the packet To replace 802 1p priority information use the qos remark command in Global Configuration mode NOTE The switch does not change the VLAN Priority Tag VPT for a switched packet that comes with an 802 1Q tag since it assum...

Page 223: ...ets are treated equally Packets are sent out in the order in which they arrive Higher priority packets are not transmitted faster than lower priority packets When FIFO is used ill behaved sources can consume all the bandwidth bursty sources can cause delays in time sensitive or important traffic and important traffic can be dropped because less important traffic fills the queue Strict Priority SP ...

Page 224: ... limited to its maximum bandwidth according to its assigned weight no queue achieves more than a predetermined proportion of overall capacity when the line is under stress The weighting factors are specified as relative percentages either as the actual number of packets transmitted each turn or as the byte count transmitted in 256 byte quanta The values for all the queues must be positive and must...

Page 225: ...resulting from packet based allocation For each queue divide the percentage of bandwidth you want to allocate to the queue by the packet size in bytes For example assume the packet size for protocol A is 1086 bytes protocol B is 291 bytes and protocol C is 831 bytes We want to allocate 20 percent for A 60 percent for B and 20 percent for C The ratios would be 20 1086 60 291 20 831 or 0 01842 0 206...

Page 226: ...nd delay Weighted Random Early Detection WRED Mechanism One of the queuing schemes that have lately been gaining prominence is the WRED Unlike other queuing schemes it is designed to prevent congestions beforehand rather than to manage them once they occur WRED overcomes a situation known as tail drop which occurs when a burst of packets saturates a switch s or router s buffer causing the last few...

Page 227: ...igured on the switch When excessive traffic is detected on the switch the output interface applies the traffic shaping and controls the excess traffic If the switch queues overflow the traffic is dropped Supported Standards MIBs and RFCs Standards IEEE 802 1p Priority Queuing MIBs No MIBs are supported by this feature RFCs RFC 2697 A Single Rate Three Color Marker RFC 2698 A Two Rate Three Color M...

Page 228: ...riority Port Priority 0 Port override No Port s congestion avoidance algorithm Tail drop Drop level per user priority Green MAC address priority 0 Traffic shaping Disabled Table 18 2 Default Queue to Priority Assignment P r i o r i t y Q u e u e 7 7 6 6 5 5 4 4 3 3 2 2 1 1 0 0 ...

Page 229: ...cing 802 1p Priority Information in Transmitted Packets To override priorty on the incoming traffic per port see Replacing 802 1p Priority Information on a Port To set QoS priority manually per destination MAC address see Setting the Destination MAC Address Priority To override QoS scheduling algorithm settings see QoS Scheduling Commands To set traffic shaping see Configuring Traffic Shaping QoS ...

Page 230: ...Command Syntax device name config qos map priority txq0 txq1 txq2 txq3 txq4 txq5 txq6 txq7 Argument Description p r i o r i t y T h e 8 0 2 1 p p r i o r i t y l e v e l i n r a n g e 0 7 txq0 Transmit queue 0 txq1 Transmit queue 1 txq2 Transmit queue 2 txq3 Transmit queue 3 txq4 Transmit queue 4 txq5 Transmit queue 5 txq6 Transmit queue 6 txq7 Transmit queue 7 Example The default mapping of 802 1...

Page 231: ... Table 18 3 shows the default re marking of queues to 802 1p priority levels Command Syntax device name config qos remark priority txq0 txq1 txq2 txq3 txq4 txq5 txq6 txq7 Argument Description priority The 802 1p priority level in range 0 7 txq0 Transmit queue 0 txq1 Transmit queue 1 txq2 Transmit queue 2 txq3 Transmit queue 3 txq4 Transmit queue 4 txq5 Transmit queue 5 txq6 Transmit queue 6 txq7 T...

Page 232: ...ity Assigns a priority value that can override the 802 1p priority levels for incoming frames qos mac Assigns QoS priority level manually for destination MAC address per VLAN qos drop level priority Specifies the color mark per QoS priority qos shaper Sets the transmit rate for the transmit queue Replacing 802 1p Priority Information on a Port The qos priority command in Interface Configuration mo...

Page 233: ...els for tagged and untagged incoming frames on interface 1 1 1 The show qos priority txq map command specifying the interface number verifies the configuration device name config if 1 1 1 qos priority 3 override gred device name config if 1 1 1 end device name show qos priority 1 1 1 Interface priority level txq override Drop Algorithm 1 1 1 3 3 yes GRED Example 2 device name config interface 1 1 ...

Page 234: ...y given for the MAC address in range of 0 7 Example In the following example we define two static MAC addresses on the same VLAN and interface The configured priorities give preference to packets with destination MAC address 00 01 02 03 04 06 over the packets with destination MAC address 00 01 02 03 04 05 device name config qos mac static 00 01 02 03 04 05 vlan 1 1 1 5 priority 3 device name confi...

Page 235: ...c Shaping The qos shaper command in Interface Configuration mode sets the rate for the transmit port or transmit port and queue Traffic shaping is used to control the rate of outgoing traffic in order to make sure that the traffic conforms to the maximum rate of transmission provided for it The no form of this command removes the traffic shaping Each transmit port can be configured to transmit at ...

Page 236: ... burst 16 device name config if 1 1 1 end device name show qos shaper Interface 1 1 1 qos shaper queue 2 rate 2M burst 64K QoS Assignment Displaying Commands Table 18 6 lists the commands to display the priority assignment Table 18 6 Available Priority Assignment Displaying Commands C o m m a n d D e s c r i p t i o n show qos priority txq map Displays the port priority mapping show qos drop level...

Page 237: ...ce name show qos drop level Example device name show qos drop level Priority Drop Level 0 green 1 green 2 red 3 yellow 4 green 5 green 6 green 7 green Displaying Traffic Shaping The show qos shaper command in Privileged Enable mode displays the transmit rate for the transmit port or transmit port and queue NOTE Since the rate granularity is limited whenever you set the rate you will see a message ...

Page 238: ...es first hybrid type scheduling qos scheduling hybrid 2 Configures second hybrid type scheduling qos scheduling hybrid 3 Configures from 3rd hybrid type scheduling qos scheduling hybrid 4 Configures from 4th hybrid type scheduling qos scheduling hybrid 5 Configures from 5th hybrid type scheduling qos scheduling hybrid 6 Configures from 6th hybrid type scheduling show qos scheduling Displays the cu...

Page 239: ...nfig exit device name show qos scheduling all Interface scheduling txq0 txq1 txq2 txq3 txq4 txq5 txq6 txq7 1 1 1 wrr 1 1 1 1 1 1 2 2 1 1 2 wrr 1 1 1 1 1 2 2 1 1 1 3 wrr 1 1 1 1 2 2 1 1 1 1 48 wrr 1 1 1 1 2 2 1 1 1 2 1 wrr 1 1 1 1 2 2 1 1 1 2 2 wrr 1 1 1 1 2 2 1 1 1 2 3 wrr 1 1 1 1 2 2 1 1 1 2 4 wrr 1 1 1 1 2 2 1 1 Configuring Hybrid 1 QoS Queue Handling The qos scheduling hybrid 1 command in Globa...

Page 240: ...s for transmission When txq7 is empty txq6 is serviced as long as it has packets When both txq6 and txq7 are empty the rest of the queues are serviced according to their assigned weights By default the SP scheduling is applied Command Syntax device name config qos scheduling hybrid 2 txq0 weight txq1 weight txq2 weight txq3 weight txq4 weight txq5 weight Argument Description txq0 weight txq5 weigh...

Page 241: ...ults on the specified port device name config if 1 1 4 qos scheduling hybrid 3 packets 10 10 20 20 40 device name config if 1 1 4 end device name show qos scheduling 1 1 4 Interface scheduling txq0 txq1 txq2 txq3 txq4 txq5 txq6 txq7 1 1 4 hybrid 3 10 10 20 20 40 Configuring Hybrid 4 QoS Queue Handling The qos scheduling hybrid 4 command in Global Configuration or Interface Configuration mode is us...

Page 242: ...ghted Round Robin WRR According to this configuration tqx7 is serviced as long as it has packets for transmission When txq7 is empty txq6 is serviced as long as it has packets When txq6 is empty txq5 is serviced as long as it has packets When txq5 is empty txq4 is serviced as long as it has packets When txq4 is empty txq3 is serviced as long as it has packets When txq3 txq4 txq5 txq6 and txq7 are ...

Page 243: ...empty the rest of the queues are serviced according to their assigned weights By default the SP scheduling is applied Command Syntax device name config qos scheduling hybrid 4 txq0 weight txq1 weight txq1 weight Argument Description txq0 weight txq1 weight The weights assigned to the weighted transmit queues The values must be positive and add up to 10 or 100 Example The following example configur...

Page 244: ...t i o n D e s c r i b e d i n clear mac address table Clears the specified MAC addresses Understanding and Configuring MAC Address Table no mac address table Clears the specified MAC addresses Understanding and Configuring MAC Address Table show mac address table Displays the specified data pertaining to the MAC address table Understanding and Configuring MAC Address Table ...

Page 245: ...explicitly relinquishes the address Dynamic allocation allows automatic reuse of an address that is no longer needed by the client to which it was assigned Thus dynamic allocation is particularly useful for assigning an address to a client that will be connected to the network only temporarily or for sharing a limited pool of IP addresses among a group of clients that do not need permanent IP addr...

Page 246: ...th auto negotiation on no VLANs Rapid STP and DHCP enabled In this scenario because being enabled the DHCP client will next attempt to obtain an IP address and configure the switch For the factory preset IP address and the related settings refer to the Ex Factory Default Settings table in the Specifications chapter The entrire startup process is schematically presented in Figure 19 1 DHCP Client B...

Page 247: ... commands refer to Configuring the DHCP Client chapter The entrire startup process is schematically presented in Figure 19 2 It uses asterisks to indicate the following This configuration is saved to the non volatile memory File consistency is tested by a check sum algorithm This means that there is no startup configuration file The DHCP Negotiation Process As shown in Table 19 1 the parameter neg...

Page 248: ...19 DHCP Client MN700004 Rev 01 237 Figure 19 2 Schematic Representation of the Boot Process continued on the next page ...

Page 249: ...e option to suggest the lease time it would like to have The requested IP address option is to be filled in only in a DHCPREQUEST message when the client is verifying network parameters obtained previously If a server receives a DHCPREQUEST message with an invalid requested IP address the server should respond to the client with a DHCPNAK message and may choose to report the problem to the system ...

Page 250: ...ploy the IP address is reduced The configuration error can also be reduced and the costumers can control the assigned IP address Configuring the DHCP Client Table 19 1 lists the DHCP client commands Table 19 1 DHCP Client Commands C o m m a n d D e s c r i p t i o n ip address dhcp Provides the switch its IP configuration information dynamically dhcp client discover rto Sets the DHCPDISCOVER messa...

Page 251: ...eceived after the first attempt the DHCP client will keep re sending the request at predefined time intervals until it eventually manages to negotiate an IP address The second request will be send one second after the initial one and for each subsequent request the time interval will increase exponentially by the factor of two 2 4 8 16 32 64 until the limiting value of 64 seconds is reached From t...

Page 252: ...ame config ip address dhcp device name config exit device name show dhcp client DHCP client is active IP address is acquired by DHCP DISCOVER messages retransmission timeout is infinite Lease time left 61 Displaying the Slot and Location The show positioning command in Privileged Enable mode displays the chassis and slot numbers of the switch NOTE The chassis number is displayed in hexadecimal for...

Page 253: ...HCP Client with Ethernet Interface 1 The following command enables DHCP client configuration device name config ip address dhcp 2 The following command displays the DHCP Client Configuration device name config exit device name show dhcp client DHCP client is active IP address is acquired by DHCP DISCOVER messages retransmission timeout 1 minute s Lease time left 35 ...

Page 254: ...GMP join request Multicast groups learned through IGMP snooping are dynamic However you can statically configure MAC multicast groups by using the ip igmp snooping vlan static configuration command If you specify group membership for a multicast group address statically your setting supersedes any automatic manipulation by IGMP snooping Multicast group membership lists can consist of both user def...

Page 255: ...cast tree for the multicast group specified in the original leave message Immediate Leave processing ensures optimal bandwidth management for all hosts on a switched network even when multiple multicast groups are in use simultaneously IGMP Snooping Commands The following IGMP Snooping commands are available Table 20 1 IGMP Snooping Commands C o m m a n d D e s c r i p t i o n ip igmp snooping Ena...

Page 256: ...abled or disabled on a per VLAN basis After you configure a VLAN interface for multicast routing no configuration is needed for the switch to access external multicast routers dynamically by using IGMP snooping When you enable IGMP snooping the switch automatically learns the interfaces to which multicast routers are connected When you disable IGMP snooping the entire configuration is erased Globa...

Page 257: ...094 UU SS PP The interface to the multicast router Example device name config ip igmp snooping vlan 200 mrouter interface 1 1 1 ip igmp snooping vlan static The ip igmp snooping vlan static command in Global Configuration mode configures a Host or physical interface statically to join a multicast group The no form of this command removes the static multicast definition Hosts or physical interfaces...

Page 258: ...Immediate Leave processing When you enable IGMP Immediate Leave processing the switch immediately removes a port when it detects an IGMP version 2 leave message on that port You should use the Immediate Leave feature only when there is a single receiver present on every port in the VLAN Command Syntax device name config ip igmp snooping vlan vlan id immediate leave device name config no ip igmp sn...

Page 259: ...ip igmp snooping forbidden PORT LIST device name config no ip igmp snooping forbidden PORT LIST Argument Description PORT LIST Port list of the form u s p u s p u s p Where u s and p represent a 1 or 2 digit unit number slot number and port number respectively You can specify u for all ports on unit number u u s for all ports on slot number s on unit u u s p for port p on slot s on unit u a hyphen...

Page 260: ...econds The range is 1 125 This value will be inserted in the response time field of the specific query packet generated by the switch The response time must be greater than zero and less than the query interval robustness robustness value The number of specific query packets sent by the switch The default value is 2 Any number higher then 1 is a valid value Example device name config ip igmp snoop...

Page 261: ...ies the host response timeout in seconds to set the query frame in the range 1 25 By default the value is 10 seconds NOTE The configured response timeout value is specified in seconds but the value inserted in the packet is in 1 10 second units Example The following example shows how to set the general query packet every 5 seconds in VLAN 5 interface 1 1 1 with response timeout of 15 seconds devic...

Page 262: ...nually configured multicast router interfaces Command Syntax device name show ip igmp snooping mrouter vlan vlan id Argument Description vlan vlan id Optional ID of VLAN for which information is displayed If this argument is not specified information for all VLANs is displayed Example The following example displays static and dynamic multicast router interfaces for all VLANs device name show ip ig...

Page 263: ... ip igmp snooping send query The show ip igmp snooping send query command in Privileged Enable mode displays the query generator information Command Syntax device name show ip igmp snooping send query Example device name show ip igmp snooping send query Responses interval is 15 sec show mac address table multicast igmp The show mac address table multicast igmp command in Privileged Enable mode dis...

Page 264: ...ow ip igmp statistics command in Privileged Enable mode or in global Configuration mode displays the current settings of various IGMP Statistics Counters according to the specified parameter Command Syntax device name show ip igmp snooping statistics parameter Argument Description groups Number of simultaneous groups leaves Number of leave packets received ports Number of ports registered per VLAN...

Page 265: ...ing MN700004 Rev 01 254 leaves Clears the leave packets received counter ports Clears the registered ports counter queries Clears the query packets received counter reports Clears the report packets received counter ...

Page 266: ...vices are provided A maximum of 256 MVR multicast groups can be configured on a switch Any multicast data sent to a configured multicast address is sent to all receiver ports that have registered to receive data on that multicast address even if the source and receiver ports are on different VLANs The device can force the multicast server to send all the configured multicast frames to the switch t...

Page 267: ...s available in global Configuration mode Table 21 1 MVR Global Configuration Commands C o m m a n d D e s c r i p t i o n mvr Enables MVR The no form of this command disables MVR mvr mode Specifies whether the mode of operation is static or dynamic mvr group Statically configures an MVR group IP multicast address or a sequence of MVR group IP multicast addresses on the switch mvr querytime Sets th...

Page 268: ...n a user on a receiver port sends a join to a multicast group it immediately starts receiving the multicast data The response to joins and channel zapping is quick at the expense of loading the switch with traffic from all the configured multicast groups all the time If no multicast group is defined the default will be 224 0 0 1 Under normal conditions dynamic mode is preferable static Multicast d...

Page 269: ...B C D The IP multicast address of the MVR group count Optional Configure multiple contiguous MVR group addresses The default is 1 The allowed range is 1 256 Example See the examples below mvr querytime The optional mvr querytime command in Global Configuration mode sets the maximum time to wait for IGMP report memberships on a receiver port This time applies only to receiver ports and affects leav...

Page 270: ...sing the mvr command make sure that IGMP snooping is enabled device name config ip igmp snooping device name config mvr 2 The following example shows how to disable MVR device name config no mvr Use the show mvr privileged EXEC command to display the current setting for maximum multicast groups 3 The following example shows how to configure 228 1 23 4 as an IP multicast address device name config ...

Page 271: ... MVR configuration commands available in Interface Configuration mode Table 21 2 MVR Interface Configuration Commands C o m m a n d D e s c r i p t i o n mvr type Configures the port either as an MVR receiver port or as a source port mvr immediate Enables or disables the Immediate Leave feature of MVR on a port mvr group Statically configures the specified MVR group IP multicast address for the sp...

Page 272: ...Example See the examples below mvr group The mvr group command in Interface Configuration mode configured on receiver ports statically configures the specified MVR group IP multicast address for the specified VLAN ID This is the IP address of the multicast group that the port is allowed to join The no form of this command with an IP address specified removes the configured port from membership in ...

Page 273: ...ame config interface 1 1 1 device name config if 1 1 1 mvr type source 3 The following example shows how to remove port 1 1 1 as an MVR port device name config interface 1 1 1 device name config if 1 1 1 no mvr group MVR Show Commands Table 21 3 summarizes the MVR show commands Table 21 3 MVR Show Commands C o m m a n d D e s c r i p t i o n show mvr Displays configured MVR parameters with regard ...

Page 274: ...roups 256 MVR Global query response time 5 MVR Mode Dynamic show mvr interface The show mvr interface command in Privileged enable mode lists the current MVR configurations of the switch s MVR configured ports Command Syntax device name show mvr interface Example device name show mvr interface Interface Type Status Immediate Leave 1 1 1 Receiver Active up Enable 1 1 2 Receiver Inactive up Disable ...

Page 275: ...21 Multicast VLAN Registration MVR MN700004 Rev 01 264 MVR Group Active Interface List 224 0 0 3 1 1 1 1 1 2 1 1 4 224 0 0 4 none ...

Page 276: ...as those who share the same set of network access rights Service providers can use the TLC feature to offer services that provide the same high speed VLAN based experience that customers enjoy in the LAN across the metropolitan area network MAN and the WAN The TLC feature adds a VLAN header to the packet with EtherType field that is different from the 802 1Q tag of the customer traffic in the swit...

Page 277: ...nal tag Jumbo Frame The Jumbo frame is an extension to current Ethernet Frame specifications for hardware and frame format to support payloads greater than 1500 Bytes for Type interpretation and Length interpretation frames This is useful for Gigabit Ethernet technology providing a means to carry large MTU packets without fragmentation over a high speed broadcast network Jumbo frames are used betw...

Page 278: ...packet s priority can also be based on the IP ToS field The TLS ports must be set on a VLAN The VLAN number could be any VLAN from the VLAN range 1 4094 as long as the TLS uplink is tagged on this VLAN and the TLS user is untagged on this VLAN Default TLS Configuration Table 22 1 shows the default TLS configuration Table 22 1 TLS Default Configuration P a r a m e t e r D e f a u l t V a l u e Tran...

Page 279: ...Configuration Commands C o m m a n d D e s c r i p t i o n tls Enables disables TLS on the switch tls ethertype Assigns the EtherType value tls uplink Assigns a TLS uplink to the configured interface Enabling Disabling the TLS The tls command in Global Configuration mode enables or disables the TLS on the switch NOTE TLS cannot coexist with IGMP Snooping Command Syntax device name config tls enabl...

Page 280: ... Note that the interface remains TLS uplink port until the TLS is globally disabled or changed to TLS user NOTE The TLS must be enabled before executing this command To enable the TLS use the tls enable command in Global configuration mode The TLS uplink must be configured as tagged on the TLS VLAN Command Syntax device name config if UU SS PP tls uplink device name config if UU SS PP no tls uplin...

Page 281: ...mmand enables more efficient packet processing on workstations and servers by increasing the maximum packet size to 10K Jumbo frames are frames larger than the standard Ethernet frame size which is 1518 bytes including Layer 2 header and Frame Check Sequence FCS The default MTU size is also 10K bytes once jumbo frame support has been enabled NOTE 1 The tls jumbo frame command will take effect only...

Page 282: ...evice name config tls enable 2 Set the EtherType to 0x7000 device name config tls ethertype 7000 3 Set the TLS uplink on interface 1 2 1 device name config interface 1 2 1 device name config if 1 2 1 tls uplink 4 Add the TLS uplink as user in VLAN default VLAN ID 1 Note that the TLS user is a member in VLAN 1 by default device name config vlan device name config vlan config default device name con...

Page 283: ...ch write command has an alias or nearly alias copy reload or show command Description of Commands Copy Commands The Copy commands summarized in Table 23 1 perform the following operations Download new software versions to the switch Save or load the start up configuration Save the start up configuration as the running configuration Table 23 1 Copy Commands C o m m a n d D e s c r i p t i o n copy ...

Page 284: ...at is running on your system The image is upgraded by using a download procedure from a TFTP server on the network The primary application becomes secondary and stores the new image as a primary when you use the option leave primary sw For more information about the dual boot feature primary and secondary application of the switch refer to the System Lodaer chapter Command Syntax device name copy ...

Page 285: ...ftware running on the TFTP server Example The following command downloads the start up configuration file named START001 located on C on the TFTP server at IP address 192 192 54 0 device name copy startup config download from 192 192 54 0 c START001 copy startup config upload to The copy startup config upload to command in Privileged Enable mode saves the start up configuration on the remote serve...

Page 286: ...the previous running configuration and the current switch configuration Command Syntax device name copy running config download from A B C D CONFIG_FILE Argument Description A B C D The IP address of the TFTP server CONFIG_FILE The path and name of the source file located on the TFTP server Note that the path specification and any file name limitations may depend on the software running on the TFT...

Page 287: ...rgument Description A B C D The IP address of the TFTP server FILE NAME The path and name of the source file located on the TFTP server Note that the path specification and any file name limitations may depend on the software running on the TFTP server NOTE Update of Sysloader software should be done only by instruction of Technical Support Powering down the switch in during sysloader save can pre...

Page 288: ...start the switch write memory Stores the unit s current configuration on the NVRAM of the switch The command is equivalent to the copy running config startup config command write terminal The write terminal command in Privileged Enable mode displays detailed information regarding the current configuration of the unit on the terminal monitor The command is equivalent to the show running config comm...

Page 289: ...y running config startup config command Command Syntax device name write memory Reload Commands The Reload commands summarized in Table 23 3 can be used to perform the following operations Reboot the switch with or without saving the current configuration Reload factory default configuration settings The reload commands are available in Privileged Enable mode Table 23 3 Reload Commands C o m m a n...

Page 290: ...eyword is optional device name reload save save current configuration and reboot the switch y n y Rebooting 2 Rebooting the switch without saving the current configuration device name reload no save Proceed with reload y n y Rebooting reload to defaults The reload to defaults command in Privileged Enable mode resets the switch to its factory default configuration and reboots it Command Syntax devi...

Page 291: ...witch configuration saved to NVRAM show running config Displays current run time information regarding the configuration of the switch The command is equivalent to the write terminal command show boot mode Displays the configured boot mode show startup config The show startup config command in Privileged Enable mode displays the switch configuration saved to NVRAM configured information that is sa...

Page 292: ...fig Example device name show running config building the configuration current configuration ESB26 Version 3 3 0 Further information displayed includes the following IP Address SNMP Server Configuration Web Server Configuration Protocol Configuration Spanning tree enable disable VLAN Configuration Monitor Session configuration IGMP And Multicast Configuration Port configuration show boot mode The ...

Page 293: ...command in Privileged mode clears system data from NVRAM and reboots does not affect the contents of the file system When you run a script file the current running configuration of the switch is merged with the new settings that are configured by the script file The number of configuration script files that you can store is limited only by the storage space available in the switch s file system 64...

Page 294: ...r command but may be also used in View and Privileged modes upload toscp Uploads a file from the file system to the TFTP server Secure copy Description of Commands script file system The script file system command in Global Configuration mode accesses script file system configuration mode Command Syntax device name config script file system copy from running config The copy from running config com...

Page 295: ...config DEST FILE Argument Description DEST FILE Optional The name of the destination file in the script file system Example device name config script file system copy from startup config saving script file startup_config to file system done delete The delete command in Script file system Configuration mode deletes the specified file from the file system NOTE The specified file is deleted without r...

Page 296: ...em display FILE NAME Argument Description FILE NAME The name of the script file in the script file system Example device name config script file system display test1 start file password a1h8rrzg11d4u log trap errors no banner ip address 10 4 0 10 255 255 0 0 mac address table aging time 300 end file download from The download from command in Script file system Configuration mode copies the specifi...

Page 297: ...r the first time If the file system is already initialized all the files that are stored in it are removed Before execution a warning is issued requesting your confirmation to format the script file system Command Syntax device name config script file system format file system Example device name config script file system format file system all stored files will be removed format y n y script file...

Page 298: ...y n y configuration from file successful show script file system The show script file system command in Privileged or Script file system Configuration mode displays the names and lengths of all script files stored in the file system This command is equivalent to the dir command but may be used in View and Privileged modes Command Syntax device name config script file system dir Example device name...

Page 299: ...ame config script file system upload to 10 4 0 4 test1 upload complete scp The scp command in Script file system Configuration mode allows for secure copying of files over insecure network Command Syntax device name config script file system scp A B C D NAME FILE DEST FILE Argument Description A B C D The IP address of the TFTP server NAME Username to use SOURCE FILE Name of the source file that i...

Page 300: ... C o m m a n d s System Information show version show cpu utilization show system Passwords password enable password Banner Hostname and Service Commands banner motd default banner set no banner hostname service advanced vty service terminal length System Time and Date date show date show clock time server Logging log cli console log telnet console log trap log remote Debug Information debug stp d...

Page 301: ...rmation regarding the software and hardware versions of the switch Command Syntax device name show version Example device name show version N O K I A Switch model NOKIA ESB26 SW version 3 3 0 created Jan 14 2004 15 59 00 Java version Java image not loaded Loader version 2 4 created Jan 30 2003 09 51 45 Up time 0 days 1 hours 21 min 40 sec The asterisk indicates that this is the current working ver...

Page 302: ...st priority and averaged for preset calculation periods The calculation of the CPU utilization is obtained by dividing the number of the idle ticks by the total ticks for a calculation period and presenting the result in percentage format indicating the CPU utilization 0 100 Command Syntax device name show cpu utilization Example device name show cpu utilization CPU usage 6 show system Displays sy...

Page 303: ...ts the default state By default no password is required to access Privileged mode When a password is set by the enable password command a prompt for the password is issued in response to the enable command in View mode Command Syntax device name config enable password PASSWORD PASS_CONFIRM device name config no enable password Argument Description PASSWORD A character string without blank spaces P...

Page 304: ...TD_STRING Argument Description MOTD_STRING Any string including blank spaces and practically any character except for a question mark no banner The no banner command in Global Configuration mode removes the motd message of the day string set by the banner motd default or banner set command Command Syntax device name config no banner hostname The hostname command in Global Configuration mode sets t...

Page 305: ... the terminal screen The no form of this command resets the default value of 20 lines A value of zero removes the limit This configuration command applies to all VTY interfaces Command Syntax device name config service terminal length 0 512 device name config no service terminal length Argument Description 0 512 Limit to number of lines displayed on the screen 0 represents unlimited length System ...

Page 306: ... May June July August September October November December Capitalization is not required YEAR Year in four digit number format in the 1993 2035 range Example The following example sets system time to 12 30 00 and date 1 April 2004 device name config date 12 30 00 1 apr 2004 show date The show date command in Privileged Enable mode displays the current system time Command Syntax device name show da...

Page 307: ...t is running with following peers Time server 192 168 0 4 Refresh time 10 minutes Time zone shift 2 hour s time server The time server command in Global Configuration mode sets your device to synchronize the system time with the specified remote host The no form of this command removes the timeserver definitions Remote system time synchronization allows the system to accurately keep the correct ti...

Page 308: ...However Nokia strongly recommends using only the new style of the command for setting up time synchronization clients For details on time server summer time command refer to Configuring Daylight Saving Time DST Argument Description time Specifies Time Protocol RFC868 daytime Specifies Daytime Protocol RFC867 swap Swaps day and month for daytime format This would be required if the positions of day...

Page 309: ... Remote server IP 10 2 127 160 Refresh 10 min Managing the Session Log The following commands enable you to keep a log of your session log cli console The log cli console command in Global Configuration mode directs log output messages issued by the system to the CLI console attached to COM port The no form of this command stops log output to the CLI console Command Syntax device name config log c...

Page 310: ... o r i t y l e v e l L o g m e s s a g e t y p e s 0 Emergencies Only emergency messages are logged 1 Alerts 2 Critical 3 Errors 4 Warnings 5 Notifications 6 Informational 7 Debugging All messages are logged Command Syntax device name config log trap emergencies alerts critical errors warnings notifications informational debugging device name config no log trap log remote The log remote command in...

Page 311: ... web server commands Table 25 4 Web Server Commands C o m m a n d D e s c r i p t i o n web server Enables the web server BiNOSView show web server Displays the web server status web server The web server command in Global Configuration mode enables the use of the web server BiNOSView The no form of the command disables use of the web server By default the web server is enabled Command Syntax devi...

Page 312: ...debug mstp roles handshake pim prt tcm flush all instance id device name no debug mstp roles handshake pim prt tcm flush all instance id device name debug mstp bpdu rx tx sanity check validation all UU SS PP device name no debug mstp bpdu rx tx sanity check instance id validation all UU SS PP Argument Description roles Displays logs of the port roles handshake Displays port handshaking logs pim Di...

Page 313: ...p The debug stp command in Privileged Enable mode displays the STP debug messages The no form of the command disables the debug messages The STP debug commands will not be saved after reload To view the debug messages you also need to enable log cli console for more information see Managing the Session Log Command Syntax device name debug stp all flush tc tcn device name no debug stp all flush tc ...

Page 314: ...N700004 Rev 01 303 Command Syntax device name show debug mstp rstp stp Argument Description mstp Multiple Spanning Tree Protocol debugging information rstp Rapid Spanning Tree Protocol debugging information stp Spanning Tree Protocol debugging information ...

Page 315: ...network administrators with comprehensive network fault diagnosis planning and performance tuning information Feature Overview Packets Definitions Good Packets Good packets are error free packets that have a valid frame length For example on Ethernet good packets are error free packets that are between 64 and 1518 octets long They follow the form defined in IEEE 802 3 Bad Packets Bad packets are p...

Page 316: ...ds can be specified on the absolute or delta value of a variable In addition alarm thresholds can be set manually or automatically Alarms inform you of a network performance problem and can trigger automated action responses through the Events group The Events Group The Events group controls the generation and notification of events from the switch The Events group creates entries in an event log ...

Page 317: ... UU SS PP Optional The port to display Example 1 Displaying statistics for a specified port in Privileged mode device name show rmon statistics 1 1 3 octets 2430596 jabbers 0 collisions 0 pkts 26357 broadcast 488 pkts 64 271222 multicast 0 pkts 65 127 110050 crcalignerrors 5 pkts 128 255 63053 undersize 1 pkts 256 511 36452 oversize 0 pkts 512 1023 1491 fragments 36 pkts 1024 1518 2507 dropevents ...

Page 318: ...teps Step 1 Define the trap destination Step 2 Define event descriptions Step 3 Define alarm conditions Step 4 View RMON definitions in configuration list Defining and Viewing Event Descriptions rmon event The rmon event command in Global Configuration mode defines RMON event descriptions The no form of this command removes the specified event If no event index is specified all existing RMON event...

Page 319: ...ation is snmp trap The community string as defined previously is PUBLIC The event owner is STN1 2 To remove a particular event device name no rmon event 1 3 To remove all defined RMON events device name config no rmon event remove all defined rmon events y n y show rmon event The show rmon event command in Privileged Enable mode displays the information for the specified RMON event If no event ind...

Page 320: ...Command Syntax device name config rmon alarm alarm index counter 1 17 UU SS PP 1 4294967295 absolute delta rising threshold falling threshold rising index falling index OWNER device name config no rmon alarm alarm index Argument Description alarm index Alarm index in the range 1 65535 If the index is new alarm conditions are created If the index already exists alarm conditions are updated 1 17 Cou...

Page 321: ...nge 0 65535 OWNER Alarm owner character string without blank spaces Example In the following example the threshold type is absolute so the falling event is insignificant The index is given an arbitrary value of zero If the threshold type were delta the index would be assigned the number of the event of the falling value device name config rmon alarm 1 counter 2 1 1 3 5 absolute 20000 0 1 0 STN1 In...

Page 322: ...leged mode device name show rmon alarm 1 2 Displaying the currently defined RMON alarms in Privileged mode device name show rmon alarm alarm 1 status active owned by STN1 counter octets interface 1 1 3 sampling interval h m s 00 00 05 sampletype absolute current value 5986918 startup rising risingthreshold 20000 fallingthreshold 0 risingeventindex 1 fallingeventindex 0 ...

Page 323: ...ecause the periodic monitoring facility can generate SNMP traps it can be used to trigger other diagnostic data polling based on the switch s operational status Table 27 1 displays the operational indicators that are monitored for ESB26 Table 27 1 Periodic Monitoring Operational Indicators I n d i c a t o r M o n i t o r e d A s Temperature Measured value Ports Measured value CPU usage Measured va...

Page 324: ...hen alert notification is enabled alerts are triggered when the status is Fail Measured values What is the temperature How many packet errors are there The monitor function returns actual measured values for temperature and port operation The limit and delta commands in Monitoring Configuration mode are used to define alert notification triggers for these indicators Limit based Alert Triggering A ...

Page 325: ...e trigger values differ from the limit value 55 by whole multiples of the difference value in this case 3 For temperature monitoring the limit value is interpreted as degrees Fahrenheit or Celsius depending on the scale selected for monitoring For port monitoring the limit value is interpreted as the percent of error packets This is defined differently for Full Duplex and Half Duplex traffic For F...

Page 326: ...rts monitoring Enabled Power supply monitoring Enabled CPU usage Enabled RAM memory usage Enabled Log message alert Enabled Trap alert Enabled Limit values for monitoring alert See table 27 3 Delta value for monitoring alert Disabled Monitoring period See table 27 4 Table 27 3 Limit Values for Monitoring Alert Default Parameter Values P a r a m e t e r D e f a u l t V a l u e Limit value for tempe...

Page 327: ...ic monitoring Table 27 5 Commands to Enable Periodic Monitoring C o m m a n d D e s c r i p t i o n monitor all Enables or disables monitoring of all the periodic indicators monitor cpu usage Enables or disables monitoring of the CPU usage monitor ports Enables or disables monitoring of the switch s ports monitor ram usage Enables or disables monitoring of the RAM usage monitor session Enables or ...

Page 328: ...e CPU usage The CPU usage monitor constantly collects samples of CPU usage and periodically calculates their average value from previous percentage estimates If the calculated value exceeds a configured limit value the monitor issues a log alert To see the CPU usage use the show cpu utilization command in Privileged Enable mode By default CPU usage monitoring is enabled Command Syntax device name ...

Page 329: ...e device name config no monitor ram usage device name config monitor ram usage Argument Description enable Enables monitoring of RAM usage disable Disables monitoring of RAM usage Monitoring the Traffic The monitor session command in Global Configuration mode starts or ends a traffic monitoring session For a detailed description of this command refer to the Traffic Monitoring chapter Monitoring th...

Page 330: ...You must enter into the specific monitoring indicator s configuration mode to use these commands To see how to enter into each indicator s configuration mode see table 27 5 Table 27 6 Periodic Monitoring Configuration Commands C o m m a n d D e s c r i p t i o n enable Enables the periodic monitoring for a specific indicator disable Disables the periodic monitoring for a specific indicator default...

Page 331: ...ommand in Monitoring Configuration mode restores the indicator s monitoring configuration to default settings Command Syntax device name config monitor INDICATOR default Setting the Monitoring Time Period The period command in Monitoring Configuration mode sets the time intervals at which the indicator is polled for its status The no form of the command resets the period to its default value Table...

Page 332: ... the indicator s status is Failed or the indicator s measured value exceeds its configured limit or the indicator s measured value crosses a configured delta point By default log messages are enabled Command Syntax device name config monitor INDICATOR log enable disable Argument Description enable Enables the monitoring alerts disable Disables the monitoring alerts Example This example enables log...

Page 333: ...lue device name config monitor INDICATOR no limit Argument Description value The value of the limit A zero value 0 disables limit based alerts and erases the limit Example 1 The following example sets a reference value of 7 percent error packets device name config monitor cpu usage limit 7 Example 2 The following example restores the cpu usage monitoring limit to 80 device name config monitor cpu ...

Page 334: ... when it is lower than the limit temperature device name config monitor temperature delta 5 greater Example 2 The following example triggers an alert when the measured temperature is higher or lower than the limit by 3 6 9 etc device name config monitor temperature delta 3 always Example 3 The following example stops delta based temperature monitoring device name config monitor temperature no delt...

Page 335: ... usage ports Monitoring the ports ram usage Monitoring the RAM memory usage session Monitoring the traffic temperature Monitoring the temperature Example 1 Use the command without any options to display the monitoring status of all enabled indicators device name show monitor On board Power Test Period 60 sec Log Enabled Temperature Test Period 20 sec Traps Enabled Log Enabled Temperature limit 55C...

Page 336: ...vileged Enable mode Table 27 4 lists the default monitoring period values Command Syntax device name config monitor INDICATOR show Example The following example shows the configuration settings for temperature monitoring device name config monitor temperature C show Period 20 sec Traps Enabled Log Enabled Temperature limit 55C Displaying the Temperature The show temperature command in Privileged E...

Page 337: ...on mode device name config monitor cpu usage 3 Display CPU usage monitoring settings device name config cpu usage show Period 10 sec Traps Enabled Log Enabled Limit value 80 4 Set the limit for CPU usage monitoring alerts to 5 device name config monitor cpu usage limit 5 5 Set the delta to trigger alerts for changes of 1 in the error rate device name config monitor cpu usage delta 1 greater device...

Page 338: ...alerts CPU usage delta current 7 tHiSwMonitr 1970 01 01 00 55 33 alerts CPU Usage BIST OK 5 max 7 RAM Usage Monitoring In the following example RAM usage monitoring is enabled and configured with period limit and delta commands 1 Enable RAM usage monitoring device name config monitor ram usage enable 2 Enter into the RAM usage Monitoring Configuration mode device name config monitor ram usage 3 Di...

Page 339: ...name config log history nvram trap errors Traps are displayed on the CLI console Note that the RAM usage is checked at 5 second intervals as specified with the period command tHiSwMonitr 1970 01 01 00 14 08 alerts RAM Usage BIST fail 134477 Kb limit 124474Kb Related Commands Table 27 9 shows the periodic monitoring related commands Table 27 9 Periodic Monitoring Related Commands C o m m a n d D e ...

Page 340: ...itical Error Warning Notice Information Debug lowest level You can configure the System to store messages from the Error level up Lower level trap messages are never stored By default only Emergency level messages are stored on the NVRAM All lower level trap messages are filtered out To change the level of the trap message logging filter use the log history nvram trap command See NVRAM System Trap...

Page 341: ...Specifies the lowest trap message level that will be stored on the NVRAM log record priority Causes displayed and logged trap messages to include the optional PRIORITY field clear log nvram Removes all System trap messages from the NVRAM show log history nvram Displays the contents of the stored system message history Description of Commands log history nvram trap The log history nvram trap comman...

Page 342: ...log nvram command in Privileged Enable mode removes all System trap messages from the NVRAM The history starts from scratch Command Syntax device name clear log nvram show log history nvram The show log history nvram command in Privileged Enable mode displays the contents of the stored system message history You can select output of the first oldest specified number of messages the last latest spe...

Page 343: ...rrors test error message ttftptask 2002 01 01 07 45 05 errors transfer timed out ttftptask 2002 01 01 07 45 07 errors tftpget error occurred while transferring the file ttftptask 2002 01 01 07 56 23 errors transfer timed out ttftptask 2002 01 01 07 56 23 errors tftpget error occurred while transferring the file tcliuart 2002 01 01 08 08 11 test emergency message tcliuart 2002 01 01 08 10 17 test e...

Page 344: ...n mode the configuration session history is generated and stored into NVRAM in the following format time_stamp user_id device console telnet ssh configuration session number start command 1 command 2 configuration session number end The history session is stored in script like format so that user can easily re execute the commands later Configuring History Settings Table 29 1 summarizes the NVRAM ...

Page 345: ...ration mode for the command to take effect Command Syntax device name config record configuration history nvram device name config no record configuration history nvram clear configuration history nvram The clear configuration history nvram command in Global Configuration mode removes all the recorded configuration commands from NVRAM Command Syntax device name config clear configuration history n...

Page 346: ...ce name show configuration history MON MAR 11 07 18 03 2002 vty console Configuration session 2 start configure terminal ip address 131 119 251 201 24 exit Configuration session 2 end 2 The following example displays the specified configuration session session number 1 device name show configuration history 1 THU MAR 07 18 40 17 2002 vty console configuration session 1 start configure terminal net...

Page 347: ... size The show configuration history size command in Privileged Enable mode displays the number of sessions currently stored in the NVRAM Command Syntax device name show configuration history size Example device name show configuration history size Configuration history consists of 4 sessions show configuration history status The show configuration history status command in Privileged Enable mode ...

Page 348: ...atchdog prompt on the display To access the Watchdog mode use the service sw watchdog command in Global Configuration mode The Watchdog integrates three features 1 Reset Loop Detection Detects and stops a reset loop 2 SNMP Request Failure Detection Detects when an SNMP request fails and resets the switch 3 Application Suspension Detection Detects suspended applications and issues log notifications...

Page 349: ...set loop is detected Command Syntax device name sw watchdog add sw watchdog system reset loop TIME port UU SS PP Argument Description UU SS PP Represents the unit slot and port numbers of the interface configured as maintenance port in case of reset loop e g 1 1 1 TIME Time period in seconds within which if more than 3 resets occur the switch will be considered to be in a reset loop The valid rang...

Page 350: ...et loop Enabling SNMP Request Failure Detection The add sw watchdog system snmp request reset command in Watchdog Configuration mode enables the SNMP request failure detection specifies the timeout period and resets the device in case of SNMP request failure Command Syntax device name sw watchdog add sw watchdog system snmp request reset TIME Argument Description TIME Timeout for the SNPM request ...

Page 351: ...ng for suspended applications and logs notifications to the NVRAM upon detecting a suspended application Command Syntax device name sw watchdog add sw watchdog application all APPLICATION suspension Argument Description all Enables monitoring of all applications APPLICATION Name of the application to be monitored e g tLacp Enables monitoring of individual applications Example To configure monitori...

Page 352: ...itoring of the tLacp application device name sw watchdog remove sw watchdog application tLacp suspension tLacp_Susp removed from watchdog device name sw watchdog Displaying the Watchdog Configuration To display the current Watchdog configuration in Priviledged Enable mode use the show sw watchdog command Command Syntax device name show sw watchdog Example device name show sw watchdog Watch Dog Obj...

Page 353: ...nternet time synchronization Most importantly there are more than 100000 free NTP timeservers in the world Using the NTP protocol the Nokia ESB26 switch time can be synchronized by the network administrator almost anywhere in the world with a minimal effort Because of its mode of operation a complicated election algorithm and MD5 authentication and the Nokia ESB26 switch capabilities the NTP Clien...

Page 354: ...of free highly accurate NTP timeservers around the world highly accurate time synchronization Configuring and Displaying NTP Server Settings To run NTP synchronization you must set some parameters before starting to poll servers You can configure the client to poll up to five remote NTP timeservers in contrast to the Daytime and Time remote synchronization protocols that synchronize with only one ...

Page 355: ... server ntp add A B C D Argument Description A B C D IP address of NTP server providing clock synchronization Example The following example adds the NTP server with IP address 186 102 20 11 device name config time server ntp add 186 102 20 11 time server ntp delete The time server ntp delete command in Global Configuration mode deletes the specified server from the NTP server list Command Syntax d...

Page 356: ...small letters Once the key has been defined NTP will use it to authenticate incoming data for all defined servers until the key is deleted Servers that don t use authentication or servers that use an incorrect NTP key for an associated NTP client will be ignored Description of Commands time server ntp key add The time server ntp key add command in Global Configuration mode defines the MD5 authenti...

Page 357: ...onfig time server ntp key delete KEY ID KEY Argument Description KEY ID A number in the range 1 65535 KEY Optional A string of 1 to 20 non blank characters some special characters such as question marks are not allowed time server ntp key show The time server ntp key show command in Global Configuration mode displays the existing MD5 authentication key ID and string Command Syntax device name conf...

Page 358: ...f local hour relative to GMT Positive East negative West of Greenwich Examples 1 The following example Configures the NTP Client by adding an NTP server without an authentication mechanism Starts the NTP client with a 10 minute polling interval and time zone GMT 3 hours device name config time server ntp add 192 168 0 2 device name config time server ntp start 10 3 2 The following example sets the...

Page 359: ...t invoke the recurring or the nonrecurring option respectively Table 31 2 Daylight Saving Time Commands Command Description time server summer time recurring Configures the switch to perform DST adjustment that recurs yearly time server summer time date Configures the switch to perform one time DST adjustment on specified dates Enabling the Daylight Saving Time Adjustment The time server summer ti...

Page 360: ...the day of the first2 N2 last2 week Sun Mon as the start day for the DST MONTH2 Configures the end month Jan Dec for the DST HH MM SS2 Configures the exact time on DAY2 when the DST should end T Time adjustment specified in minutes from 1 to 1440 Example This example shows how to advance the system time automatically 1 hour every year starting on the second Monday of April at 01 00 00 this year an...

Page 361: ... DST The valid values are from 1993 to 2035 HH MM SS2 Configures the exact time of the d2 day when the DST should end T Time adjustment specified in minutes from 1 to 1440 Example 1 This example demonstrates advancing the system time 1 hour on May 1st 2004 at 02 00 00 and moving it back on December 3rd 2004 at 02 00 00 device name config time server summer time date 1 May 2004 02 00 00 3 Dec 2004 ...

Page 362: ...rk could determine a user s password the password is concealed by a method based on the RSA Message Digest Algorithm MD5 When the RADIUS server receives a request it validates the sending client If the RADIUS server does not have a shared secret with the client that sent the request RADIUS will silently discard the request Otherwise the client is valid and the RADIUS server consults a database of ...

Page 363: ...tch transmits each RADIUS request to the server before giving up Use the radius server timeout command to specify how many seconds a switch waits for a reply to a RADIUS request before retransmitting the request Use the radius server deadtime command to specify how many minutes a RADIUS server which is not responding to authentication requests is passed over by requests for RADIUS authentication r...

Page 364: ... the allowed number of retransmissions to the default value of 3 Command Syntax device name config radius server retransmit count device name config no radius server retransmit Argument Description count Number of allowed retransmissions in the range 1 30 radius server timeout The radius server timeout command in Global Configuration mode specifies the number of seconds a switch waits for a reply ...

Page 365: ...dius server is not responding For details on how to use the username command refer to Creating a New User with a Privilege Level Using RADIUS to Configure Login Authentication Use the aaa authentication login default command with the radius method keyword to specify RADIUS as the login authentication method aaa authentication login default The aaa authentication command in Global Configuration mod...

Page 366: ... 2 RADIUS Configuration Example To demonstrate a RADIUS configuration proceed as follows 1 Install a RADIUS server on Server 1 2 Configure the RADIUS server 3 Edit RADIUS Server s Clients File and add the switch IP address with a distinctive key Add the line 10 2 200 200 123456 Edit the RADIUS Server s Users File Add two users as follows johnwilliams auth type local password h5yr9b reply message u...

Page 367: ...dius server deadtime 3 Save the configuration and restart the switch The results of the above configuration will be as shown in the examples below If you try to access the switch using Username jamessmith the result will be REJECT username jamessmith password your payment balance is outstanding access denied username If you try to access the switch using Username johnwilliams Password h5yr9b the r...

Page 368: ...onnection Some Security Considerations When you log into the SSH server for the first time the SSH client usually issues a security alert message such as Regard this as a warning that the security and secrecy of the data on your computer may be jeopardized If in a later login the same message appears even though you have confirmed your trust on the initial connection then either you are exposed to...

Page 369: ...ation Description of Commands ssh generate key dsa The generate key dsa command in Global Configuration mode generates the starting public parameters for the DSA algorithm that is used in the key exchange phase of the login For more information see Supported Standards below Remember that you must enter this command before starting your BiNOS SSH server for the first time Save the current configura...

Page 370: ...as The SSH client of SSH Communications Security Corp The OpenSSH secure shell client The PuTTY terminal program The F Secure SSH client Any other client that supports SSH version 2 Supported Standards draft ietf secsh architecture 07 draft ietf secsh transport 09 draft ietf secsh connect 09 draft ietf secsh userauth 09 FIPS 186 Digital Signature Standard FIPS 180 1 Secure Hash Algorithm RFC 1851 ...

Page 371: ...framework for authentication methods instead of simply employing usernames and passwords for access The protocol in 802 1X is called EAP encapsulation over LANs EAPOL Communication between supplicants in the network and the Authentication Server is performed through EAPOL packets 802 1X consists of three components for port control Supplicant Authentication Server and Authenticator Supplicant A su...

Page 372: ...repackages it into EAPOL and sends it to the supplicant The supplicant responds to the challenge via the authenticator and passes the response to the authentication server If the supplicant provides a proper ID the authentication server responds with a success message which is then passed onto the supplicant If the response is a failure the port remains unauthorized and no user traffic is allowed ...

Page 373: ...ted without trying to authenticate them The default setting for this supplicant mode is no maximum limit NOTE 802 1X supplicant modes can be set per port Traffic Modes 802 1X supports two traffic modes Bi directional traffic control and Unidirectional traffic control The table below shows the 802 1X traffic modes Table 34 2 802 1X Traffic Modes M o d e D e s c r i p t i o n Bi directional traffic ...

Page 374: ...icate The switch cannot provide authentication services to the supplicant through the interface auto enables 802 1X authentication and causes the port to begin in the unauthorized state allowing only EAPOL frames to be sent and received through the port The authentication process begins when the link state of the port transitions from down to up or when an EAPOL start frame is received The switch ...

Page 375: ...X Configuration The table below shows the default 802 1X configuration Table 34 3 802 1X Default Configuration P a r a m e t e r D e f a u l t V a l u e Maximum number of requests 2 Re authentication Disabled Re authentication period 3600 seconds Quiet timer period 60 seconds Period for communication timeouts 30 seconds Traffic Control Mode Bi directional Authorization mode Force Authorized Suppli...

Page 376: ...the RADIUS server see Understanding and Configuring Remote Authentication Dial In User Service RADIUS This setting enables the 802 1X port authentication process and makes the switch an authenticator Configured as Authenticator the switch is able to send the EAP messages to the supplicant proxy the information to the configured authentication RADIUS server s and act on the messages received from t...

Page 377: ...the authentication process The no form of this command reset this value to its default By default the maximum number of requests is 2 Command Syntax device name config dot1x max req requests number device name config no dot1x max req Argument Description requests number The maximum number of request is in range 1 10 Example device name config dot1x max req 3 Enabling Periodic Re authentication The...

Page 378: ... The no form of this command resets the period to its default value By default the communication timeouts for the 802 1X supplicants is 30 second Command Syntax device name config dot1x timeout host time device name config no dot1x timeout host Argument Description time The authentication timeout period in seconds in the range 1 65535 Example device name config dot1x timeout host 45 Setting the Pe...

Page 379: ...eriod is 60 second Command Syntax device name config dot1x timeout quiet period time device name config no dot1x timeout quiet period Argument Description time The Quiet timer period is a value in range 1 65535 Example device name config dot1x timeout quiet period 120 Setting a Period for Communication Timeouts The dot1x timeout tx period command in Global Configuration mode sets the number of sec...

Page 380: ...the 802 1X interface configuration commands Table 34 5 802 1X Interface Configuration Commands C o m m a n d D e s c r i p t i o n dot1x port control Sets the 802 1X particular control type for the specified port dot1x re authenticate Activates re authentication for all supplicants that are connected to a specified port dot1x multiple hosts Sets 802 1X to Multiple Hosts mode on a specified port do...

Page 381: ...onfig if 1 1 1 dot1x re authenticate Setting 802 1X to Multiple Hosts Mode for a Specified Port The dot1x multiple hosts command in Interface Configuration mode sets 802 1X to Multiple Hosts mode on the specified port The no form of this command sets the default 802 1X supplicant mode on a specified port By default the 802 1X supplicant mode on a specified port is Single Host mode Command Syntax d...

Page 382: ...ands C o m m a n d D e s c r i p t i o n dot1x Displays the 802 1X authentication setting globally and on a per port basis show dot1x Displays information regarding 802 1X authentication show dot1x radius Displays all RADIUS servers that are configured show dot1x interface Displays the 802 1X for a specific port show dot1x hosts Display 802 1X information for all supplicants Displaying 802 1X Auth...

Page 383: ... Status Time 1 192 168 0 40 1812 ALIVE configured 00 55 42 Example 2 device name show dot1x radius statistic RADIUS server 192 168 0 40 1812 Sent Packets RADIUS Request 270 Received Packets RADIUS Accept 135 RADIUS Reject 0 RADIUS Challenge 135 RADIUS Unknown 0 Displaying the 802 1X for a Specific Port The show dot1x interface command in Privileged Enable mode or the dot1x command in Interface Con...

Page 384: ... Fail 0 Total OUT Retransmit Radius Frames 170 Total IN EAP Radius Frames 170 Total IN EAPOL Frames 170 EAPOL Start 0 EAPOL LogOff 0 EAPOL Packet ID Response 85 EAPOL Packet Response 85 EAPOL Key 0 EAPOL ASF Alert 0 EAPOL Unknown 0 EAPOL Broken 0 Last EAP Version Received 1 Last EAPOL Packet Received from 00 40 95 95 80 31 Example 3 device name config if 1 1 5 dot1x Control Direction In Authentica...

Page 385: ...he status of the 802 1X debug actions that are currently activated in the switch Enabling Debuggig The debug dot1x command in Privileged Enable mode enables specific 802 1X debugging The no form of this command turns off the 802 1X debugging The dot1x debug commands will not be saved after reload By default the debug is disabled Command Syntax device name debug dot1x all core radius reauthsm devic...

Page 386: ...t be saved after reload By default the debug is disabled Command Syntax device name debug dot1x basm event status timers device name no debug dot1x basm event status timers Argument Description event Debug backend state machine events status Debug backend state machine status timers Debug backend state machine timers Specific Packet Debugging The debug dot1x packet command in Enable Mode debugs 80...

Page 387: ...status events timers PBA Backend State Machine debugging is on status events timers PBA RADIUS debugging is on packet send packet receive events PBA EAPOL debugging is on packet send packet receive Configuration Example 1 Set the RADIUS server and specify the IP address key username password and AAA authentication device name configure terminal device name config radius server host 9 0 0 26 device...

Page 388: ...erver key Specifies the password used between the router and the RADIUS server Understanding and Configuring Remote Authentication Dial In User Service RADIUS username Adds a username and an associated password to the local authentication database Understanding and Configuring Remote Authentication Dial In User Service RADIUS aaa authentication login default Specifies the default login authenticat...

Page 389: ...scription of the Built in Tests T e s t D e s c r i p t i o n CPU Notify RAM Test On boot the entire DRAM is tested This test is run once at startup CPU Interface Test Checks the existence of the UART register write read operation Only COM1 is checked Data Buffer Test Checks the integrity of NVRAM database 1 To display BIST failure results use the show self test command in Privileged mode 2 To dis...

Page 390: ...w self test Issues a report on the current built in test status obtained by the last BIST Description of Commands self test The self test command in Privileged Enable mode initiates BIST by Request All BIST tests are executed except for CPU Notify RAM Test not allowed because it resets the memory Execution of BIST by Request updates the statuses of test results The command issues a full BIST statu...

Page 391: ...vice name show self test full Examples 1 The following example displays a brief report about the current BIST status when all tests resulted with Passed statuses device name show self test No problem encountered by BIST 2 The following example displays a brief report about the current BIST status when the Crossbar Existence test resulted with Failed status device name show self test Problem encoun...

Page 392: ...35 Built In Self Test BIST MN700004 Rev 01 381 On board Power Test On board Power PHY Passed On board Power CPU Passed On board Power OC Passed Temperature Test Temperature Passed ...

Page 393: ... script file system structure check and serial prom validation CPU functionality Validates the proper operation of Central Processing Unit Switch chip set functionality Validates the proper back plane operation R W memory functionality Validated the proper operation of read write RAM LAN ports functionality Verifies the proper operation of LAN ports using loopback interface The Diagnostics Related...

Page 394: ... in System mode enters the self test mode for performing diagnostics and testing the device functionality Command Syntax device_name show system self test device_name self test test cpu The test cpu command in self test mode validates the proper operation of Central Processing Unit Command Syntax device_name self test test cpu Example device_name self test test cpu CPU validation OK test nvm conte...

Page 395: ... self test test nvm contents java image Example device_name self test test nvm contents java image Image Size 0x200000 CRC Value 0x9A4109E5 Java image in NVM is OK test nvm contents loader The test nvm contents loader command in self test mode performs diagnostics of the Boot loader image This diagnostic is performed by verfying the correct CRC of the boot loader image Command Syntax device_name s...

Page 396: ...ript file system Script file system in NVM is OK test nvm contents startup configuration The test nvm contents startup configuration command in self test mode performs diagnostics of the startup configuration file saved in internal Flash memory This diagnostic is performed by checking for correct CRC of the startup configuration Command Syntax device_name self test test nvm contents startup config...

Page 397: ...t Data Bus Test Walking One OK Data Bus Test Walking Zero OK Address Bus Test Walking One OK Address Bus Test Walking Zero OK RAM Device Test 100 OK Entering into self test switch mode Please wait test ports The test ports command in self test mode checks the normal operation of all ports using internal loopback During the test the normal switch operation is interrupted and the device enters Debug...

Page 398: ...re validation OK Testing loader Image Size 0x7bf00 CRC Value 0x0495d8b3 Loader in NVM is OK Testing application Image Size 0x2D7313 CRC Value 0xD78F9816 Application image in NVM is OK Testing startup configuration Startup configuration in NVM is OK Testing script file system Script file system in NVM is OK Testing java image Image Size 0x200000 CRC Value 0x9A4109E5 Java image in NVM is OK Testing ...

Page 399: ...CPU Core Test Not performed Switch Core Test Not performed NVM Data Test Not performed RAM Test Not performed Ports Test Not performed show test results The show test results command in self test mode displays all test results that have been performed Command Syntax device_name self test show test results Example device_name self test show test results CPU Core Test Passed Switch Core Test Passed ...

Page 400: ...e_name self test DBG test end Example device_name self test DBG test end Return to normal switch operation Procceed y n y Verifying validity of primary application OK Start primary application Return to normal switch operation Please wait device_name show system ...

Page 401: ... contacts the nameservers for the domain directly for the answer If the nameservers are not known the ISP looks for the information at the root servers or registry servers For com net org these start with a gtld servers net Feature Overview You can define up to three DNS servers If a query to the primary address fails to be resolved after three attempts the next gateway address is queried This pro...

Page 402: ...37 DNS Resolver MN700004 Rev 01 391 Figure 37 1 Simplified Example of How DNS Works Supported Standards MIBs and RFCs Standards No standards are supported by this feature ...

Page 403: ...esolver Table 37 2 lists the DNS Resolver commands Table 37 2 DNS Resolver Commands C o m m a n d D e s c r i p t i o n ip dns server Specifies the IP address of one or more DNS servers show ip dns Displays the current configuration of the DNS Resolver Setting DNS Server The ip dns server command in Global Configuration mode specifies the IP address of one or more DNS servers Up to three DNS serve...

Page 404: ...mary gateway address and all others are secondary addresses Because IP address 201 98 7 15 is the last address listed it is also the last address consulted to resolve a query device name config ip dns server 209 157 22 199 device name config ip dns server 205 96 7 15 device name config ip dns server 201 98 7 15 The following command displays the DNS configuration device name config end device name...

Page 405: ...ver Related Commands C o m m a n d D e s c r i p t i o n D e s c r i b e d i n ping Allows pinging to another unit e g switch PC router Getting Started View Mode and Privileged Mode traceroute Traces routing path Getting Started View Mode and Privileged Mode ...

Page 406: ... pressing any key enters Sysloader mode and pressing any key enters Loader mode The switch then goes into the respective Loader Sysloader interactive mode requests login password and starts a CLI If no key is pressed the auto startup of the switch application is performed The commands available in each of these startup modes and their use are covered in detail below Loader Commands Summary Table A...

Page 407: ...p address Configures IP address of the loader Used for manufacturing purposes only list Prints command list manufacturing details Configures manufacture details quit Disconnects and logs out Table APPENDIX 3 Board Configuration Commands more Filters command output assembly number Configures the assembly part of the manufacturing serial number board revision Configures the board revision part of th...

Page 408: ...ive help system list Print command list quit Disconnect and logout Description of Commands Commands for Downloading Software and Starting the Switch Manually To start the execution of the switch s application use the following command start application The start application command in Loader mode terminates the loader and starts the execution of the switch s application Command Syntax Loader start...

Page 409: ...ion of the transfer the switch checks if the received file is a valid switch application code If it is the received image is stored in the internal FLASH memory This role of the download command is to provide a rescue solution in case the switch becomes inoperable and a new application image cannot be received by the TFTP transfer Command Syntax Loader download application Example Loader download ...

Page 410: ...ing purposes only config The config command in Loader Configuration mode switches the CLI from initial mode to Loader configuration mode Example Loader config Loader config mac address The mac address command in Loader Configuration mode displays or changes the MAC address of the switch If no optional parameter is entered the current MAC address is displayed Command Syntax Loader config mac addres...

Page 411: ...er Configuration mode changes the IP address of the loader This IP address is used only for manufacturing purposes The change is effective after restarting the switch Command Syntax Loader config ip address IP Address Argument Description IP Address The switch MAC address Example Loader config ip address A B C D M Set IP address optionally with num of subnet mask bits Loader config ip address 192 ...

Page 412: ...PPENDIX 6 Loader Memory Mode Configuration Commands C o m m a n d D e s c r i p t i o n memory Switches from Loader initial to Loader memory debug tools mode copy Copies a block of memory display Displays a block of memory fill Fill a block of memory with a specified value memory The memory command in Loader mode switches the CLI from Loader mode to Loader memory Command Syntax Loader memory The c...

Page 413: ...f any or the default after reload the start address and block length are 0 and 256 respectively by default If only the start address is specified the previous or default block length is repeated Command Syntax Loader memory display ST_ADDR BLK_LEN Argument Description ST_ADDR Hexadecimal start address optionally prefixed with 0x BLK_LEN Hexadecimal or decimal block length Use 0x prefix for hexadec...

Page 414: ...ysloader CLI Auto Starts first the primary application and if it fails the second application is activated If both applications fail to start the device enters the Sysloader CLI Images Images that are provided to customers contain system loader and application image at the same time When upgrading from a single boot version the image is downloaded as an ordinary image and after rebooting it upgrad...

Page 415: ...minates the Sysloader and starts execution of the application primary or secondary download primary secondary application Copies the application from a source computer to the switch s permanent storage memory through a console connection by X modem transfer version Displays the switch model type and the Sysloader version show boot mode Displays the configured boot mode primary secondary auto swap ...

Page 416: ...h a console connection by X modem transfer When you set the download command on the console the switch waits for a file transfer The transfer starts in an X modem format Upon completion of the transfer the switch checks if the received file is a valid switch application code If it is the received image is stored in the internal FLASH memory This role of the download application command is to provi...

Page 417: ...mode swaps the primary and secondary applications Command Syntax device name swap application show boot mode The show boot mode command in Sysloader mode displays the configured boot mode Command Syntax device name show boot mode Example device_name show boot mode Boot mode is primary version The version command in Sysloader mode displays the switch model type and the Sysloader version Command Syn...

Page 418: ...band IP address of sysloader used for manufacturing only config The config command in Sysloader mode switches the CLI from Sysloader mode to Sysloader Configuration mode The CLI prompt will change after executing this command Command Syntax device name config mac address The mac address command in Sysloader Configuration mode displays or changes the MAC address of the switch If no argument is spec...

Page 419: ...config The clean boot config command in Sysloader Configuration mode clears the Sysloader EEPROM NOTE Only Technical Support should use this command Command Syntax device name config clean boot config clean log history The clean log history command in Sysloader configuration mode erases all the log history records For more information regarding the log history see Logging System Trap Messages to t...

Page 420: ...loader Configuration Commands C o m m a n d D e s c r i p t i o n memory Switches from Sysloader mode to Sysloader Memory mode copy Copies a block of memory display Displays a block of memory fill Fills a block of memory with a specified value memory The memory command in Loader mode switches from Sysloader mode to Sysloader Memory mode The CLI prompt will change after executing this command Comma...

Page 421: ...d block length are 0 and 256 respectively by default If only the start address is specified the previous or default block length is repeated Command Syntax device name memory display st addr blk len Argument Description st addr Hexadecimal start address optionally prefixed with 0x blk len Hexadecimal or decimal block length Use 0x prefix for hexadecimal number fill The fill command in Sysloader Me...

Search results

Summary of Contents for ESB26

Reviews:

Related manuals for ESB26

Brands by name

Popular brands

Nokia ESB26, User Manual

Search results

Summary of Contents for ESB26

Reviews:

Related manuals for ESB26

Brands by name

Popular brands