Home
/
3Com
/
4007
/
Implementation Manual

3Com 4007, Implementation Manual, Page: 329 / 684

Share

Page: 329 / 684

3Com 4007 Implementation Manual Download Page 329

The Packet Filtering Language

329

Implementing

Sequential Tests in a

Packet Filter

Filter language expressions are normally evaluated to completion —
a packet is accepted if the value remaining on the top of the stack is
nonzero. Frequently, however, a single test is insufficient to filter packets
effectively. When more tests are warranted, you want to accept a packet
that satisfies one of two cases:

■

At least one criterion specified in two or more tests (that is, ORs the
results of the tests)

OR

■

All criteria specified in two or more tests (that is, ANDs the results of
the tests)

The

accept

and

reject

instructions are used to implement sequential tests,

as shown in Figure 26.

In order to optimize a filter’s performance, it is best to exit a filter as early
as possible. If you wait until the last instruction to make the forward or
filter decision, more processing is needed.

The accept and reject criteria allow you to exit a filter early. When using
these instructions, construct the packet filter so that tests that apply to
the majority of the network traffic are performed first. This ensures that
the filter is exited after the first instruction for the majority of packets.
Only a small number of packets will require additional tests.

For example, assume you want to create a filter that checks for particular
IPX attributes that you want to filter, but most of the traffic on your
network is IP traffic. In this case, it would be best to first check each
packet to see if it is a IP frame. If it is, you could accept the packet
immediately. Now only the smaller number of packets that contain IPX
information would be subjected to additional tests.

«
...
327
328
329
330
331
...
»

Summary of Contents for 4007

Page 1: ...http www 3com com Switch 4007 Implementation Guide Release 3 0 5 Part No 10013673 Published May 2000 ...

Page 2: ... such rights as are provided in 3Com s standard commercial license for the Software Technical data is provided with limited rights only as provided in DFAR 252 227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in or delivered to you in conjunction with this Use...

Page 3: ...ptions 40 Requirements 40 Options 41 Order of Installation Activities 41 System Architecture 41 Management Options 42 Management Module Console 42 Switching Module Administration Console 43 Web Management software 43 SNMP Based Network Management Overview 44 Management Access 45 Terminal Port Access 45 Modem Port Access 46 Access Levels 46 System Configuration Process 47 Configuration Procedure 47...

Page 4: ...tionship Between Two Management Modules 59 The Failover Process 60 Connectivity Rules 61 Verifying Management Module Operation 62 The Display Button 63 Making Management Connections 63 Connecting to a 10BASE T Ethernet Port 63 Using an MDI to MDI Crossover Cable 64 Connecting to an RS 232 Console Port 64 Using a Modem 66 Verifying Network Connectivity 67 EME Technical Specifications 69 4 CONFIGURI...

Page 5: ...Setting Terminal Timeout Value 83 Setting Terminal Type 84 Troubleshooting the Terminal Interface 84 Customizing Your System 86 Assigning a Unique Name 86 Setting EME Diagnostics 86 Assigning a Contact Name and Location 86 Configuring the Internal Clock 87 Configuring User Logins 89 User Access Levels 89 User Login Functions 89 Login Limitations 89 Administer Access 89 Setting the Password 90 Addi...

Page 6: ...esetting the Chassis 104 Resetting Switching Modules 104 Resetting the EME 105 Resetting the EME to Default Values 105 Accessing the Administration Console 106 Running Diagnostic Tests 107 Reporting Diagnostic Errors 108 Setting servdiag Characteristics 108 The cont_mode Characteristic 108 The loop_count Characteristic 108 The verbosity Characteristic 109 Displaying servdiag Characteristics 109 Ob...

Page 7: ...ent Area 123 Overheat Power off Process 124 Overheat Recovery Process 125 Saved Power Management Configurations 125 Displaying Operating Conditions 126 Displaying Chassis Information 126 Displaying Module Information 127 Basic Information For One Module 127 Basic Information For All Modules 127 Detailed Information For All Modules 127 Displaying Power Information 128 Displaying Chassis Inventory I...

Page 8: ...unk Changes 143 Effects of Replacing Modules 144 Replacing Modules of the Same Type 144 Replacing Modules of Different Types 144 8 ETHERNET Ethernet Overview 146 Features 146 Benefits 147 Link Bandwidths 147 Link Availability 147 Other Benefits 147 Key Concepts 148 Ethernet Packet Processing 150 Key Guidelines for Implementation 152 Link Bandwidths 152 Trunks 152 Port Enable and Disable Port State...

Page 9: ...ction and Network Resiliency 164 Bridging Implementation Summary 165 Key Guidelines for Implementation 167 Physical Ports and Bridge Ports 167 Option For Fast Aging 167 If You Want To Use STP 167 Port Forwarding Behavior 168 Routing Over Blocked STP Ports 168 STP Compatible with Trunking 168 STP Not Compatible with Resilient Links 169 Bridge Ports and Trunks 169 Multicast Limits and Trunks 169 Bri...

Page 10: ...tate 183 Bridge Priority 184 Bridge Maximum Age 184 Bridge Hello Time 184 Bridge Forward Delay 184 STP Group Address 185 Bridge Port STP Parameters 186 Port State 186 Port Path Cost 186 Port Priority 186 MAC Address Table Design 187 Address Space 187 Important Considerations 187 Address Aging 189 Address Table Dependencies 189 Normal Aging Process 190 If the STP State is Enabled 190 STP Topology C...

Page 11: ...4 Configuring a Rate Limit on Queue 1 204 Important Considerations 205 Handling Tagged and Untagged Packets 206 Standards Protocols and Related Reading 206 11 IP MULTICAST FILTERING WITH IGMP Overview 208 Benefits 208 Key Concepts 210 Devices That Generate IP Multicast Packets 210 Group Addresses and Group Members 210 Communication Protocols 210 IP Multicast Delivery Process 211 How Routers and Sw...

Page 12: ...ing in a Trunk 225 Trunk Control Message Protocol TCMP 226 Key Guidelines for Implementation 227 General Guidelines 227 Trunk Capacity Guidelines 229 Automatic Backplane Trunking 230 Important Considerations 230 Defining Trunks 231 Important Considerations 231 Modifying Trunks 233 Important Considerations 233 Removing Trunks 233 Important Consideration 233 Standards Protocols and Related Reading 2...

Page 13: ... Concepts 246 Related Standards and Protocols 246 Tagging Types 247 VLAN IDs 248 Terminology 249 Key Guidelines for Implementation 250 Migration Path for Network based VLANs 250 VLANs Created by Router Port IP Interfaces 252 Design Guidelines 253 Procedural Guidelines 254 Number of VLANs 256 Equation for VLANs on Multilayer Switching Modules 256 VLAN Aware Mode 258 General Guidelines 259 VLAN allO...

Page 14: ... Important Considerations 282 Example 1 Routing Between Multilayer Modules 283 Example 2 One Armed Routing Configuration 286 Network based IP VLANs 289 Important Considerations 289 Example Network based VLANs 290 Ignore STP Mode 293 Important Considerations 293 Example Ignore STP Mode 293 Rules of VLAN Operation 295 Ingress Rules 295 Egress Rules 298 Standard Bridging Rules for Outgoing Frames 298...

Page 15: ...Builder Tool 315 Downloading Custom Packet Filters 317 Setting Up Your Environment 317 Loading a Custom Filter on the Switch 4007 318 The Packet Filtering Language 319 Principles for Writing a Custom Filter 319 How the Packet Filter Language Works 319 Procedure for Writing a Custom Filter 320 Packet Filter Opcodes 322 Implementing Sequential Tests in a Packet Filter 329 Common Syntax Errors 331 Cu...

Page 16: ...n 342 Packet Filter One 344 Packet Filter Two 345 Combining a Subset of the Filters 346 Combining All the Filters 347 Optimizing the Filter with Accept and Reject Commands 348 16 IP ROUTING Routing Overview 352 Routing in a Subnetworked Environment 354 Integrating Bridging and Routing 355 Bridging and Routing Models 355 3Com Bridging and Routing 356 IP Routing Overview 358 Features and Benefits 35...

Page 17: ...nterface 371 Enable IP Routing 372 Administering IP Routing 372 Address Resolution Protocol ARP 372 Important Considerations 374 ARP Proxy 375 Important Considerations 375 Example 375 Internet Control Message Protocol ICMP 376 ICMP Router Discovery 377 Important Considerations 377 Example 378 ICMP Redirect 378 Important Considerations 379 Broadcast Address 380 Important Considerations 380 Directed...

Page 18: ...es 390 Creating RIP Routing Policies 391 Domain Name System DNS 392 Important Considerations 392 User Datagram Protocol UDP Helper 393 Implementing UDP Helper 393 Configuring Overlapped Interfaces 394 Important Considerations 394 Standards Protocols and Related Reading 395 Requests For Comments RFCs 395 Standards Organizations 395 Related Reading 396 17 VIRTUAL ROUTER REDUNDANCY PROTOCOL VRRP VRRP...

Page 19: ...uter 412 Configuring VRRP 414 Configuring Router 1 as the Master Router 414 Configuring the Protocol IP VLAN of the Master Router 415 Configuring the IP Interfaces 416 Configuring the Master Router 417 Configuring Router 2 as the Backup Router 417 Configuring the Protocol IP VLAN of the Backup Router 418 Configuring the IP Interfaces 419 Configuring the Backup Router 420 Switching from Master Rout...

Page 20: ...ed Groups 430 Reserved MAC Addresses 431 How IGMP Supports IP Multicast 432 Electing the Querier 432 Query Messages 432 Host Messages 432 Response to Queries 432 Join Message 433 Leave Group Messages 433 Role of IGMP in IP Multicast Filtering 433 How DVMRP Supports IP Multicast 434 Spanning Tree Delivery 434 Managing the Spanning Tree 435 Interface Relationships 436 Broadcasting 436 Pruning 436 Gr...

Page 21: ...ache 444 Using IP Multicast Traceroute 445 Important Considerations 446 Standards Protocols and Related Reading 446 19 OPEN SHORTEST PATH FIRST OSPF ROUTING OSPF Overview 448 Features 448 Benefits 450 Key Concepts 453 Autonomous Systems 453 Areas 453 Neighbors and Adjacency 453 Router Types 454 Router IDs 455 Protocol Packets 455 How OSPF Routing Works 456 Starting Up 456 Finding Neighbors 456 Est...

Page 22: ... 470 Specifying Cost Metrics for Preferred Paths 470 Delay 471 Hello Interval 471 Retransmit Interval 472 Dead Interval 472 Password 472 Statistics 473 Important Considerations 473 Link State Databases 475 Router Link State Advertisements 475 Network Link State Advertisements 476 Summary Link State Advertisements 477 External Link State Advertisements 478 Important Considerations 479 Neighbors 480...

Page 23: ...Import Example 2 Reject Route 496 Implementing Export Policies 496 Export Policies for RIP and Static Routes 499 Export Policies for Direct Interfaces 500 Export Example 1 Prohibit Advertisement of non OSPF Interfaces 500 Export Example 2 Prohibit Advertisement of Static Address 501 Export Example 3 Prohibit Advertisement of RIP Routes 501 Export Example 4 Advertisement of Direct Interfaces 502 Ex...

Page 24: ...es 519 Important Considerations 519 Primary and Secondary Routes 520 Static Routes 520 Dynamic Routes Using RIP 520 Routing Tables 521 Selecting the Best Route 522 IPX Servers 523 Important Considerations 523 Primary and Secondary Servers 524 Static Servers 524 Dynamic Servers Using SAP 524 Maintaining Server Information 525 SAP Aging 525 SAP Request Handling 525 Server Tables 525 IPX Forwarding 5...

Page 25: ... Physical Layer Protocols 539 Link Layer Protocols 539 Network Layer Protocols 539 Transport Layer Protocols 540 Session Layer Protocols 543 Presentation Layer Protocols 544 AppleTalk Network Elements 545 AppleTalk Networks 545 AppleTalk Nodes 545 Named Entities 546 AppleTalk Zones 546 Seed Routers 546 Terminology 546 Key Implementation Guidelines 547 AppleTalk Interfaces 548 Important Considerati...

Page 26: ... Routing Table Maintenance Protocol 561 Zone Information Protocol 562 Name Binding Protocol 563 Standards Protocols and Related Reading 564 22 QOS AND RSVP QoS Overview 566 Features 566 Benefits 567 Methods of Using QoS 567 Key Concepts 568 Related Standards and Protocols 568 IEEE 802 1p 568 Resource Reservation Protocol RSVP 569 Terminology 569 Key Guidelines for Implementation 573 Procedural Gui...

Page 27: ...imer Options 590 Examples of Classifiers and Controls 591 Example 1 Traffic To From a Specific Server 591 Example 2 Filtering Traffic to a Destination 593 Example 3 Using Two Classifiers to Filter Traffic 595 Example 4 Assigning High Priority to Specific Traffic 598 Example 5 Nonflow Multimedia Tagged Traffic 599 Example 6 Bridged Nonflow IP Unicast Traffic 601 Modifying and Removing Classifiers a...

Page 28: ...ling Baselines 618 Roving Analysis 619 Key Guidelines for Implementation 620 Important Considerations 620 Ping 622 Important Consideration 622 Using Ping 622 Ping Responses 622 Strategies for Using Ping 623 traceRoute 623 Using traceRoute 623 traceRoute Operation 624 SNMP 624 SNMP Overview 625 Manager Agent Operation 625 SNMP Messages 625 Trap Reporting 626 Setting Up SNMP on Your System 630 Admin...

Page 29: ...ol Directory Group 642 Protocol Distribution Group 642 Address Map Group 643 Network Layer Host Group 643 Network Layer Matrix Group 643 Application Layer Host Group 643 Application Layer Matrix Group 644 Probe Configuration Group Capabilities 644 Management Information Base MIB 644 MIB Files 645 Compiler Support 647 MIB Objects 647 MIB Tree 648 MIB II 651 RMON 1 MIB 652 RMON 2 MIB 653 3Com Enterp...

Page 30: ...ide Web Site 659 3Com FTP Site 659 3Com Bulletin Board Service 660 Access by Analog Modem 660 Access by Digital Modem 660 3Com Facts Automated Fax Service 661 Support from Your Network Supplier 661 Support from 3Com 661 Returning Products for Repair 663 INDEX ...

Page 31: ...more about the Switch 4007 Management Module Read Chapter 1 of this guide which provides an overview of the configuration process Become familiar with the Switch 4007 Command Reference Guide which documents the commands that you use to configure and manage Layer 2 Switching Modules and Multilayer Switching Modules through a built in menu driven interface called the Administration Console Audience ...

Page 32: ...se notes The Switch 4007 software and management interfaces are built from CoreBuilder 9000 switch technology In Switch 4007 software releases 3 0 0 and 3 0 5 the prompts and displays in all interfaces may indicate this heritage Conventions Table 1 and Table 2 list icon and text conventions that are used throughout this guide Table 1 Icons Icon Type Description Information note Information that de...

Page 33: ... interface enter the following command ip interface remove This guide always gives the full form of a command in uppercase and lowercase letters However you can abbreviate commands by entering only enough characters to differentiate each command Commands are not case sensitive The words enter and type When you see the word enter in this guide you must type something and then press Return or Enter ...

Page 34: ... online PDF versions of all Switch 4007 documents software and hardware guides except for release notes which you must download from the 3Com Web site World Wide Web All user guides and release notes are available in Adobe Acrobat Reader PDF or HTML format from the 3Com Web site at http support 3com com Although they do not ship with your chassis in paper form you can order printed and bound copie...

Page 35: ...omments ne 3com com Please include the following information when you comment Document title Document part number found on the front or back page of each document Page number if appropriate Example Switch 4007 Implementation Guide Part Number 10013673 Page 25 Year 2000 Compliance For information on Year 2000 compliance and 3Com products visit the 3Com Year 2000 Web page http www 3com com products ...

Page 36: ...36 ABOUT THIS GUIDE ...

Page 37: ...I UNDERSTANDING YOUR SWITCH 4007 SYSTEM Chapter 1 Configuration Overview ...

Page 38: ......

Page 39: ...opics Physical Configuration Requirements and Options System Architecture Management Options Management Access System Configuration Process The Switch 4007 chassis supports frame based technology with the Gigabit Ethernet switch fabric module and Fast Ethernet and Gigabit Ethernet interface modules Layer 2 Switching Modules and Multilayer Switching Modules For overview information about all Switch...

Page 40: ...lowing items One Switch 4007 chassis A sufficient number of power supplies to support all installed components A sufficient number of cooling fans to support all installed components One Management Module The Management Module may be referred to as the Enterprise Management Engine EME in this guide or in the product s management interfaces This is because the heritage of the Switch 4007 product li...

Page 41: ...cement in the chassis see the Switch 4007 Getting Started Guide or the appropriate module Quick Start Guide For module software compatibility information see the Switch 4007 Release Notes System Architecture The Switch 4007 system uses separate channels for network traffic and management traffic A separate 10 Mbps management LAN MLAN carries management traffic to and from the EME which acts as the...

Page 42: ...nages all system level functions such as login management IP and SNMP connectivity software downloads to all modules in the chassis system inventory management and power management You can connect to the EME in the following ways RS 232 Terminal serial port RS 232 Modem auxiliary serial port RJ 45 10BaseT Ethernet port With the serial ports you can manage your system locally through a terminal con...

Page 43: ...ement software A suite of HTML based applications are shipped with your Switch 4007 chassis package The suite consists of embedded Web Management software applications as well as other tools that you can install Embedded Web Management applications Use the embedded Web Management applications for most of your device configuration and management tasks You can manage a single port or device or using...

Page 44: ...oach to network management you can use an external application that uses the Simple Network Management Protocol SNMP to communicate with the Switch 4007 As part of the IP protocol suite SNMP is the standard management protocol for multivendor networks SNMP supports transaction based queries so that the protocol can format messages and transmit information between reporting devices and data collect...

Page 45: ...se you can remain on the system and monitor it during system reboots In addition certain error messages are sent to the serial port regardless of the interface through which the associated action was initiated A Macintosh or PC attachment can use any terminal emulation program for connecting to the terminal serial port A workstation attachment under UNIX can use an emulator such as TIP For more in...

Page 46: ...s levels and passwords on the Management Module because that is the first point of entry These conditions apply to both the Management Module CLI and the Administration Console CLI of switching modules For example if a user logs in to the Management Module with Write privileges then the user connects to any module s Administration Console at the same level Only one user at a time can log in with A...

Page 47: ... a module is immediately ready to configure and manage according to your network needs See Configuration Procedure next in this chapter for a list of required and recommended steps Configuration Procedure Follow the steps that apply to your system configuration and network needs and ignore the steps that do not apply Configure the Management Module You must configure the Management Module with cer...

Page 48: ... port based protocol based or network based VLANs and set related modes On Multilayer Switching Modules you must define VLANs before you define routing interfaces For more information about VLANs see Chapter 14 3 Configure routing interfaces and set related parameters You can use the following protocols to configure routing interfaces and set related parameters IP See Chapter 16 IP Multicast See C...

Page 49: ...ng features such as event logging baselining and roving analysis to analyze your network periodically and identify potential network problems before they become serious problems To test and validate paths in your network use tools like ping and traceRoute SNMP and Management Information Bases MIBs provide ways to collect performance data on your network For more information about these features se...

Page 50: ...50 CHAPTER 1 CONFIGURATION OVERVIEW ...

Page 51: ...TANDING THE MANAGEMENT MODULE Chapter 2 Overview of the Management Module Chapter 3 Installing Management Modules Chapter 4 Configuring and Using EME Options Chapter 5 Managing the Chassis Power and Temperature ...

Page 52: ......

Page 53: ...d the following documents Switch 4007 Getting Started Guide Enterprise Management Engine Quick Start Guide for the CoreBuilder 9000 Enterprise Switch Enterprise Management Controller Quick Start Guide for the CoreBuilder 9000 Enterprise Switch Release Notes for appropriate modules or groups of modules at specific software releases The heritage of the Switch 4007 product line is the CoreBuilder 900...

Page 54: ...ble Allowing you to implement fault tolerant power which allows the chassis to reserve some of its power capacity to protect against a power supply failure Exchanges information with all other modules through the 10 Mbps management LAN which keeps management traffic separate from network traffic Module Components The Management Module consists of the following two components System Management Comp...

Page 55: ... can manage how the chassis reacts to low power situations The chassis can also provide fault tolerant power which protects the system against power supply failures File System A storage area on the Management Module stores the event log and software configuration files The file system also acts as a temporary storage area for software images that are being downloaded to it or any other module in ...

Page 56: ...he Management Module through the CoreBuilder 9000 Web Management suite of applications Impact on the Network The Management Module generates packets on the network when it Establishes and maintains a Telnet session either as a client or a server Translates an IP address to a MAC address using the Address Resolution Protocol ARP Initiates or responds to a ping command Responds to a Simple Network M...

Page 57: ... installed your chassis in a rack on a shelf or on a table and that you have read the following documents Switch 4007 Getting Started Guide Enterprise Management Engine Quick Start Guide for the CoreBuilder 9000 Enterprise Switch Release Notes for appropriate modules or groups of modules at specific software releases The heritage of the Switch 4007 product line is the CoreBuilder 9000 product line...

Page 58: ...MEs see Creating a Redundant Configuration next in this chapter Hot Insert and Hot Swap You do not need to turn off power to install modules in the Switch 4007 chassis You can install modules while the chassis is operating This action is called a hot insert You can also remove a module and install a replacement in that slot while the chassis is operating This action is called a hot swap If your ch...

Page 59: ...n the other higher numbered slot slot 9 This module will become the secondary EME Wait approximately two minutes before installing the second EME If the EME that is installed in the higher numbered slot boots up faster that the EME that is installed in the lower numbered slot then the EME in the higher slot will be the Primary This also can happen if diagnostics are set to enable on the EME in the...

Page 60: ...xample temporary files You can configure the system software to set these parameters during initialization All files that are designated not to be automatically copied to the secondary EME are lost after a fail over The Failover Process If you remove deinstall the primary EME or if the module fails in some way the following process occurs automatically 1 The system initiates the fail over mechanis...

Page 61: ...ish EME redundancy You can only access the secondary EME through its console port or its auxiliary port not the 10BaseT port You cannot Telnet to the secondary EME from an external source because both the primary EME and the secondary EME share the same IP address for the front panel port The front panel port is enabled only for the primary EME and disabled on the secondary EME Therefore when you ...

Page 62: ...9000 Enterprise Management Engine vx xx Copyright c 1999 3Com Corporation Login To ensure that a broken module LED is not providing a false indication of current conditions enter the show chassis command to verify that chassis operating conditions are normal When two Management Modules are installed in a chassis and the Primary Management Module fails over the Standby LED on that Management Module...

Page 63: ...the release of software that is running the Management Module Example 0300 Making Management Connections This section describes the connections that you can make to communicate with the Management Module Choose the connection that is most appropriate to your installation After you have connected to the Management Module you can configure its characteristics Connecting to a 10BASE T Ethernet Port C...

Page 64: ...le Port Connect the Management Module to a terminal or modem using the RS 232 Console Port or RS 232 Auxiliary Port connectors 9 pin connectors are used for the RS 232 ports Table 8 and Table 9 list the console port and auxiliary port pinouts Table 7 MDI to MDI Crossover Cable Pinouts Management Module Signal Management Module Pin Switch Pin Switch Signal TD 1 3 RD TD 2 6 RD RD 3 1 TD RD 6 2 TD Ta...

Page 65: ...ta RD 3 Transmit Data TD 4 Data Terminal Ready DTR 5 Signal Ground GND 6 Data Set Ready DSR 7 Request to Send RTS 8 Clear to Send CTS 9 reserved Table 10 RS 232 9 Pin to 9 Pin Cable Connection Pin Assignments Signal Management Module Pin DTE Pin Signal CD 1 N A Not Used RX 2 3 TX TX 3 2 RX DTR 4 6 DSR GND 5 5 GND DSR 6 4 DTR RTS 7 8 CTS CTS 8 7 RTS Reserved 9 N A Not Used Table 11 RS 232 9 Pin to ...

Page 66: ...ble command for modem use you must change the DTR parameter as follows to ensure proper modem operation GND 5 7 GND DSR 6 20 DTR RTS 7 5 CTS CTS 8 4 RTS Reserved 9 N A Not Used Table 11 RS 232 9 Pin to 25 Pin Cable Connection Pin Assignments Signal Management Module Pin DTE Pin Signal Table 12 Modem Commands Required for Console Ports a at F Restore factory defaults b at d0 Ignore changes in DTR s...

Page 67: ...ve enabled 2 Confirm that the Network Activity LED on each installed module correctly indicates network traffic status Table 13 lists the Network Activity LED status indicators Not all modules have Network Activity LEDs Table 13 Network Activity LED Status 10BASE T Port Status Network Activity LED Status Link Down Off Receiving Traffic Flashing Green No Traffic Port Enabled and Link Up Steady Gree...

Page 68: ...software See Chapter 3 If downloading software does not solve the problem call your supplier for assistance Display reads STBY EME is in standby mode 1 Wait 60 seconds to see if the EME corrects the situation itself 2 If more than one EME exists in the chassis verify that only one EME is set to Primary using show module all Then use the reset eme command to alleviate the problem 3 Follow the corre...

Page 69: ...Motorola 68EC040 processor and two Motorola 68302 processors Memory 16 MB of Flash EPROM 6 MB of RAM 512 KB of Flash PROM for controller functions 512 KB of SRAM for controller functions External Modem Support For 100 Hayes compatible modems Baud rates supported up to 38 400 baud Table 16 EME Power Specifications Element Power Consumption EME 12 W 5 V 1 0 W 12 V Table 17 EME Environmental Specific...

Page 70: ...70 CHAPTER 3 INSTALLING MANAGEMENT MODULES ...

Page 71: ...g the Terminal Customizing Your System Configuring User Logins Configuring SNMP Values Configuring the Event Log Using the File System Resetting System Components Accessing the Administration Console Running Diagnostic Tests Obtaining Technical Assistance The management interfaces display cb9000 and refer to the Management Module as the Enterprise Management Engine EME because the heritage of the ...

Page 72: ... in this chapter set terminal console hangup set terminal console prompt set terminal timeout system set terminal timeout session 3 Configure contact information customize the prompt and enable or disable diagnostics See Customizing Your System in this chapter set eme contact set eme diagnostics set eme location set eme name 4 Set the time and date See Customizing Your System in this chapter set c...

Page 73: ...swords are case sensitive After you log in with your user name and password the system prompt appears By factory default the prompt appears as CB9000 Enter commands at the prompt Commands are not case sensitive you can mix uppercase and lowercase characters For information about ways to enter commands see Entering Commands next in this chapter Terminating a Connection Whether you are connected in ...

Page 74: ...o connect the system Enter the system IP address in the appropriate field in the software interface 8 Log in to the EME and manage the system as appropriate The EME supports up to four incoming Telnet sessions You cannot use Telnet to connect to an EME if the EME is in standby mode You can connect an EME in standby mode to the network to provide redundancy only CAUTION Do not change the IP address...

Page 75: ...ty See Configuring User Logins for more information 2 Use Telnet or SNMP to reach the EME using the IP address that you assigned In routed networks you can connect to the EME using only the default gateway Serial Line Internet Protocol Connections Vendors initiate Serial Line Internet Protocol SLIP sessions differently Consult the documentation for your system Although the 3Com SLIP implementation...

Page 76: ... a break character to the EME From the EME command line interface set the SLIP port to command mode or disable the interface Configuring Access to the Web Interface To enable or disable access to the embedded Web management interface use the following commands at the prompt set web access disable set web access enable To set a time value for the Web interface session to time out use the following ...

Page 77: ...le the show command 2 Enter the first several letters of the selected command parameter 3 Press the spacebar to complete the command 4 Press Enter to process the completed command Example CB9000 sh spacebar CB9000 show CB9000 show cha CB9000 show cha spacebar CB9000 show chassis CB9000 show chassis Enter If the characters that you enter are not sufficient to determine a unique command the EME wait...

Page 78: ...e options followed by one space and and press Enter The question mark does not appear when you type it It is included in examples for illustration purposes only You must include a space between the command and the After the system provides the list requested it presents the prompt with the last command that you entered minus the Example CB9000 Possible completions clear connect download logout pin...

Page 79: ...ervdiag snapshot snmp sntp terminal web CB9000 show Each command as a list of options associated with it The options that are available to complete the command may depend on the type of module that is in the chassis slot If you enter an option from the list followed by a any additional options that can be used appear or if none are available the following message appears Confirm with Carriage Retu...

Page 80: ...okes and their functions Table 20 Terminal Keystroke Functions Keystroke Function Backspace Moves the cursor back one character and deletes that character Ctrl C Terminates the current command and returns to a blank command line at any time Ctrl D Closes a Telnet session Ctrl R Retypes the previous command string on the command line Delete Moves the cursor back one character and deletes that chara...

Page 81: ... the connect slot 1 command To configure the terminal 1 Consult the user guide that was shipped with your terminal for instructions about setting the terminal values 2 After you configure your terminal to match the factory defaults of the EME press Enter The following message appears CoreBuilder 9000 Enterprise Management Engine vx xx Copyright c 1999 3Com Corporation 3 At the Login prompt enter a...

Page 82: ...listed in Table 21 The syntax for the command is set terminal port option Where port is either console or auxiliary and the options are as listed in Table 21 After you enter each new set terminal command changing the baud rate for example you must change the settings for the terminal to match the new setting before you can reestablish communication Customizing Terminal Settings The EME allows you ...

Page 83: ...customize your terminal prompt use the set terminal prompt command Example CB9000 set terminal prompt EME3 To avoid confusion use the same identification for both the terminal prompt and for the name of your EME Setting Terminal Timeout Value Use the set terminal timeout session or set terminal timeout system commands to specify the amount of time that you want your terminal to remain active durin...

Page 84: ...100 Terminal type changed Troubleshooting the Terminal Interface Table 22 lists some common problems that can occur as you configure the EME to communicate with a terminal Table 22 EME Terminal Interface Problems Symptom Corrective Action Nothing appears on the screen screen is blank Make sure that the RS 232 cable meets the specifications in Chapter 2 Make sure that the RS 232 cable is securely c...

Page 85: ...e screen The EME is running in maintenance mode Enter boot to return to management mode and the CB9000 prompt Module fails to respond after download Retry the download If the module appears not to be operating contact your service provider Module reports that a particular subnetwork is reserved Subnet 151 104 252 0 is reserved for chassis use Use a different subnetwork Statistics are inaccurate EM...

Page 86: ...prompt and the name for your EME To display the current system name use the show eme command Setting EME Diagnostics You can set the EME to bypass diagnostics When you reset the EME or reboot it with diagnostics enabled the EME performs diagnostics before it returns to full functionality The EME boots faster with these diagnostics disabled Diagnostics are enabled by default To prevent the diagnost...

Page 87: ...00 set clock date_time 17 58T00 05 09 tuesday The internal clock is powered by its own battery and continues to work even if the chassis loses power Even when the EME is powered off this battery is designed to operate for 10 years You can change the timezone using the set clock time_zone command You can also enable your chassis for daylight savings time using the set clock daylight_saving_time com...

Page 88: ...ombo 20 GMT 6 00 ZP6 21 GMT 7 00 WAST 22 GMT 8 00 CCT 23 GMT 9 00 JST 24 GMT 9 30 Darwin Adelaide 25 GMT 10 00 EAST GST 26 GMT 11 00 Magadan Solomon Is N Caledonia 27 GMT 12 00 IDLE NZST NZT 28 Input an offset from GMT Select timezone index 1 28 1 Adjusts the server reply universal time to local time properly The default time zone is Greenwich Mean Time GMT ...

Page 89: ...a set command To add login names you must be logged in with a user name that has been assigned Administer access User Login Functions You can configure up to 10 user logins in any combination of access levels using the EME More than one user at a time can log in to the command interface Login Limitations Only one user at a time can log in with Administer privileges If a second user with Administer...

Page 90: ... about how to recover system defaults if you forget or lose the Administer password Example 1 Enter the set login password command CB9000 set login password 2 Enter the password at the prompt Enter Login password 3 At the next prompt reenter the password Verify re enter password Login successfully entered Adding New Users You can configure up to 10 user logins with access rights as described previ...

Page 91: ... new password by displaying Login successfully entered Showing Current Users To show the existing login names for the EME enter CB9000 show login The following type of information appears Login Table Index Login Name Access Active Sessions 1 admin Administer 1 2 Pete Write 0 3 Larry Write 0 4 Marie Administer 0 5 Richard Read 0 6 not used 7 not used 8 not used 9 not used 10 not used Active Login S...

Page 92: ...ion Index Index number of each of the 10 available logins Login Name Name assigned to each login Access Privilege level assigned to this login name Administer Write or Read Active Sessions Number of active sessions under this login name Active Login Sessions Session Type User privileges and whether session is local or remote Session Time Length of the session ...

Page 93: ...dex number of the user or users that you want to clear or all to clear all users except yourself as the Administer user Use the show login command to display all login names and their corresponding index numbers If you clear all users you can log in to the EME with the default username admin and no password To clear the username with index number 3 enter CB9000 clear login 3 To clear all users ent...

Page 94: ...SNMP commands that you may need to configure Interaction Between the EME and SNMP The EME interacts with SNMP to Respond to SNMP requests Generate SNMP traps Act as an agent in an SNMP managed environment enabling you to configure your EME If you plan to manage your chassis using an SNMP workstation you must enable the 10BASE T front panel Ethernet port and set the following attributes for the EME...

Page 95: ... Gateway Use the set ip default_gateway command to assign default gateways to networks The default gateway is the IP address of the gateway for example a router that receives and forwards packets whose addresses are unknown to the local network The EME uses the default gateway when sending alert packets to a management workstation on a network other than the local network For example to specify th...

Page 96: ...unity to read and write SNMP objects using the SNMP get get next and set commands respectively Trap Sends a trap to the specified IP address when an event occurs Read trap Allows the specified IP address to read SNMP objects and receive traps All read write and trap Allows the specified IP address to read SNMP objects change the objects using the SNMP set command and receive traps Use the set comm...

Page 97: ...s traps from other SNMP devices including switching modules in the chassis that have the EME IP address in their Community Table For example to allow an EME to function as the trap receiver for other SNMP devices on the network use the following command CB9000 set snmp trap receive enable To enable that device to send traps to the EME add the EME IP address to that device s Community Table To disa...

Page 98: ...EME prompt show snmp extensions To view SNMP traps on your system use this command at the EME prompt show snmp traps Interpreting EME Trap Messages The EME console receives a trap message when a change is made or an error occurs in a chassis that has an installed EME The designated trap receiver for example a management workstation also receives a trap if you have entered this information in the E...

Page 99: ...is device on 15 58 Fri 09 Jul 99 Enterprise 3Com SNMP Generic Trap SNMP Authentication Failure Message Information Authentication Failure Address 192 104 6 163 Obtaining More Information About SNMP More information about protocols is available from the references in Table 25 Table 24 EME Trap Message Fields Field Description Enterprise Describes the enterprise organization responsible for this typ...

Page 100: ...or the EME to take when the event log buffer is full You can set the system to stop logging events or to begin overwriting old events Mechanism that triggers the EME to copy the event log to a file server The EME can upload the event log when the event log reaches a certain percent usage default is 80 percent when a user defined time interval has passed or when you initiate the event log upload Be...

Page 101: ...ch store software configuration files show file clear file clear file_system Displaying Files in the File System The show file command displays files in the file system storage Example CB9000 show file Eme flash disk directory contents list Current number of files is 13 Maximum number of files was 15 FileSize Date Time FileName 170551 Jul 25 1999 10 27 26 EventLog 71288 Jul 24 1999 10 39 01 BladeC...

Page 102: ... to delete file a 1 y n y File a 1 deleted Are you sure you want to delete file a 11 y n y File a 11 deleted The system continues to prompt you about files until all files are either deleted or saved Deleting All Files and Resetting the Management Module The clear file_system command deletes all files that are stored in the file system reinitializes the file system and resets the Management Module...

Page 103: ...em WARNING This command will clear all files and reset the EME Consult the user guide for information on operational considerations before continuing with this command Do you wish to continue with clear file_system command y n y Preparing to clear file_system Ready to clear file_system Do you wish to continue with clear file_system command y n y Clearing file system please wait for EME to reset Af...

Page 104: ...mands to reset modules installed in the chassis from the EME prompt reset module slot sublsot cold Use this command after you downgrade software releases This command cycles power off on to the indicated module and runs its diagnostics Diags software which updates the module s Power On Verification POV software reset module all cold Use this command when you downgrade from Release 3 0 0 software t...

Page 105: ...ter password this command is the only way to reset this password to the default value which is no password You cannot use this command remotely because you must press the EME Reset button on the front panel after you enter the command CAUTION Do not use this command unless absolutely necessary This command resets all user configurable values and options to defaults and terminates all network commu...

Page 106: ...dules includes a menu driven command line management interface called the Administration Console To access a module s Administration Console use the connect command from the EME and specify the modules s slot number and subslot number which is always 1 For example to access a module in slot 4 enter CB9000 connect 4 1 When the Administration Console appears you can enter options from the top level ...

Page 107: ...it does not pass network traffic Do not use this command unless you suspect a problem on the module and you do not need to use the module in your network The following example runs the Boot test on an interface module in slot 2 This module passes the test CB9000 servdiag 2 1 boot Test may take up to 4 minutes and 0 seconds Do you wish to continue y n y Module 02 01 accepted diagnostic Event Receiv...

Page 108: ... mode can be one of the following continue The test reports an error then proceeds to the next test after it encounters the error halt_on_fatal The test stops when it encounters a fatal error The module is no longer functional This is the default continuation mode halt_on_nonfatal_and_fatal The test stops when it encounters a nonfatal error or a fatal error The module is not longer functional The ...

Page 109: ... Characteristics Use the show servdiag command to view the characteristics of this option CB9000 show servdiag Verbosity nonverbose Loop count 1 Continue mode continue Obtaining Technical Assistance To receive assistance for installing and troubleshooting the EME call your 3Com reseller or the 3Com Customer Service Organization Be prepared to supply a representative with the following information ...

Page 110: ...110 CHAPTER 4 CONFIGURING AND USING EME OPTIONS ...

Page 111: ... chapter contains the following topics Managing Power in the Chassis Load Sharing Power Supplies Budgeting Power Overheat Conditions Saved Power Management Configurations Displaying Operating Conditions The management interfaces display cb9000 and refer to the Management Module as the Enterprise Management Engine EME because the heritage of the Switch 4007 is the CoreBuilder 9000 switch ...

Page 112: ... into the rear of the 7 slot chassis Because power supplies are modular and plug into the backplane replacing a faulty power supply is a quick procedure High power capacity The power mode and the amount of power available determine the current power limit The actual power that is delivered depends on whether you are running in non fault tolerant mode or in fault tolerant mode For detailed informat...

Page 113: ...e total power budget in your system consider the system overhead System overhead includes power that the chassis itself and its components fans backplane signalling and the EME consume Calculate the total power requirements for all installed modules before you install any new module in the chassis To determine each new module s power requirements see the documentation that is supplied with each mo...

Page 114: ...ting Power on page 118 for more information about how the EME manages power Power Fault Tolerant Mode Power fault tolerant mode is a user selectable mode in which power that is equivalent to one power supply is held in reserve This reserve power is not available to installed modules unless a power supply fails or if you switch the power mode from power fault tolerant mode to power non fault tolera...

Page 115: ...ault the chassis is set to non fault tolerant mode To set the chassis to power fault tolerant mode or to power non fault tolerant mode enter set power mode at the EME prompt Use the following syntax set power mode fault_tolerant set power mode non_fault_tolerant The following example sets the power mode to fault tolerant CB9000 set power mode fault_tolerant Power will switch to FAULT_TOLERANT mode...

Page 116: ...wer slot slot mode disable In the following example power is enabled to slot 2 CB9000 set power slot 2 mode enable Slot 2 enabled CB9000 If there is Sufficient power available to meet the requirements of the new module the EME enables power to the specified slot and reduces the power budget by the amount of power that module consumes Insufficient power to meet the requirements of the new module th...

Page 117: ...anage the power of an EME module An EME always draws power when it is inserted in the chassis and you cannot power off an EME module using an EME command Using the Default Power Class Setting Each module is shipped with a default power class setting Setting Power Class To set the power class for a module that is in a specified slot enter the set power class command at the EME prompt using the foll...

Page 118: ...Allocating Power for Installed Modules Increasing the Unallocated Power Budget Determining Chassis Power Budget Power Supply Output in Non Fault Tolerant Mode Power Supply Output in Fault Tolerant Mode Allocating Power for Installed Modules Before you install a new module in the chassis use the show power budget command to confirm that there is sufficient power for installed modules The show power...

Page 119: ...ted power budget whenever you need more power for installed switch fabric modules and interface modules or to power on newly installed modules To increase the unallocated power budget 1 Add one or more power supplies For instructions and information see the 7 Slot Chassis Power Supply Installation Guide which is available on the Switch 4007 Software and Online Manuals CD or from the 3Com Web site ...

Page 120: ...Amount of power available 2 Examine the output of the show power budget command If necessary add another power supply to your chassis to provide sufficient additional power to enable power fault tolerant mode Example CB9000 show power budget Power Management Information Chassis Power Budget Voltage Type Voltage Level Watts Capacity Watts Available Watts Consumed 3V 3 556 1154 00 517 00 637 00 5V 5...

Page 121: ...wer available in power fault tolerant mode by voltage type when the power supplies are 820 watts Table 28 Power Output in Non Fault Tolerant Mode 7 slot Chassis Output Voltage Volts 1 Power Supply Watts 2 Power Supplies Watts 3 682 1364 5 210 449 3 and 5 821 1671 12 22 94 2 4 12 TOTAL WATTS 1739 3590 Table 29 Power Output in Fault Tolerant Mode 7 slot Chassis Output Voltage Volts 1 Power Supply Wa...

Page 122: ...play shows the word TEMP 2 If an SNMP agent is present in the chassis power management informs the SNMP agent of the overheat condition 3 A 1 minute delay is provided during which the Primary EME and external management entities are notified of the overheat condition 4 Approximately 1 minute later the EME initiates a power off strategy to all modules installed in the overheat management areas wher...

Page 123: ...uto_power_down mode disable is in effect when an overheat condition occurs the chassis and all installed powered on modules continue to run Under these circumstances an extended overheat condition may cause heat related hardware damage 3Com recommends that you run the chassis with overheat_auto_power_down enable in effect In the following example overheat power down mode is enabled CB9000 set powe...

Page 124: ...at have the lowest power class setting This reduction of power consumption should provide a 2 C drop in temperature per slot at the temperature sensor for the overheat management area The system generates overheat traps every 10 seconds approximately 3 If two or more modules in the affected overheat management area have the same power class they power off from highest slot number to lowest slot nu...

Page 125: ...ore modules have the same power class setting they power on from the lowest slot number to the highest slot number Saved Power Management Configurations The EME stores Saved power management configuration data for all installed network modules in on board EME non volatile RAM NVRAM Unmanaged power allocation data that describes the type per voltage and the amount of power watts that are available ...

Page 126: ...on about chassis operating conditions including temperature and power supply conditions The following information is provided by this command Type The specific model of a chassis Backplane The type and revision level of the backplane Power supply If a power supply is present in a slot its normal or faulty status and its model number Fan The status of each chassis fan tray Temperature Chassis tempe...

Page 127: ... specific slot use the following command syntax show module slot subslot Where slot subslot is the location of the module in the chassis The following example displays basic information for the EME installed in slot 17 subslot 1 in a 16 slot chassis CB9000 show module 17 1 Slot Module Status Description 17 01 3CB9EME Active Enterprise Management Controller Basic Information For All Modules To disp...

Page 128: ...AULT_TOLERANT Fault Tolerant Status FAULT_TOLERANT Overheat Power Down Mode DISABLE Table 31 Commands Used to Display Current Power Conditions Command Description show power budget Indicates how power output is distributed among all installed load sharing power supplies This information helps you to determine if chassis power is sufficient to permit the addition of modules and to avoid an unintent...

Page 129: ...ventory power supply show inventory summary Displaying EME Information The show eme command displays various aspects of information that have been configured on the EME Example CB9000 show eme Name CoreBuilder 9000 Location Boston For assistance contact John Smith System Administrator Operational Version v3 0 Boot Version v3 0 Serial Number 9ABJ001292 Service Date 1999 04 Mac Address 08 00 8f 30 c...

Page 130: ...130 CHAPTER 5 MANAGING THE CHASSIS POWER AND TEMPERATURE ...

Page 131: ...er 9 Bridge Wide and Bridge Port Parameters Chapter 10 Class of Service CoS Chapter 11 IP Multicast Filtering with IGMP Chapter 12 Trunking Chapter 13 Resilient Links Chapter 14 Virtual LANs VLANs Chapter 15 Packet Filtering Chapter 16 IP Routing Chapter 17 Virtual Router Redundancy Protocol VRRP Chapter 18 IP Multicast Routing ...

Page 132: ...Chapter 19 Open Shortest Path First OSPF Routing Chapter 20 IPX Routing Chapter 21 AppleTalk Routing Chapter 22 QoS and RSVP Chapter 23 Device Monitoring ...

Page 133: ...ME module that is installed in the chassis nvData You can manage module parameters in these ways From the module menu of the Administration Console See the Switch 4007 Command Reference Guide You can use the Administration Console after you log in to the EME and connect to a module slot From the Web Management software See the Switch 4007 Getting Started Guide The management interfaces sometimes d...

Page 134: ...ed to a module and then disconnect from that module the baseline is disabled You must reconnect to the module and use the requestedState option to change the baseline value for that module to enable Administer nvData This chapter discusses the redundancy and administering nvData options You can also use the module parameters to Modify the module name View the module s date and time Clear the modul...

Page 135: ...d other options if applicable 4 Read the screen for details explaining how to modify or quit the module menu options screen Terminology Before you use the module parameters to set or modify function values review the following terms Reset Option in the nvData menu Use this option to reset module values to their factory defaults Staging Option in the nvData menu If disabled the module resets to its...

Page 136: ...last download performed on the module you selected using the displayDownload option Save the nvData settings when you hot swap a module using the staging option The nvData settings are saved when you set the staging bit on a module to enable and hot swap that module to another Switch 4007 chassis If you hot swap a module with the staging option set to disable to a Switch 4007 chassis slot where th...

Page 137: ... secondary Management Modules Enterprise Management Engines or EMEs Slot 7 is reserved for the switch fabric module The backplane in the Switch 4007 chassis uses a star wired interconnect configuration to connect the switch fabric module slot to all other switching module slots Slots 1 6 are reserved for Layer 2 and Multilayer Switching Modules You can install any supported switching module in any...

Page 138: ...y traffic WIth a 9 port switch fabric only one backplane port can carry traffic 3CB9LF20MM 20 Port 100BASE FX MT RJ Fast Ethernet Layer 2 Switching Module enabled Port 21 enabled Port 22 disabled With a 24 port switch fabric both backplane ports on this module can carry traffic With a 9 port switch fabric only one backplane port can carry traffic 3CB9LG9MC 9 port Gigabit Ethernet Layer 2 Switching...

Page 139: ...orts only if you plan to configure the two ports as a trunk port See Table 32 for information about backplane port settings and Chapter 12 for information about configuring trunk ports Interface Modules no on board switching 3CB9LG4 4 Port GBIC Gigabit Ethernet GEN Interface Module Front panel ports are enabled when GBICs are installed Uses the switch fabric module backplane ports These modules do...

Page 140: ...nstalled a 9 port Switch Fabric Module Next you installed a 36 port Fast Ethernet Layer 2 Switching Module in slot 4 After both module s boot sequences were finished you should see a LED 4 on the switch fabric module to be lighted green This indicates that the switching module recognizes that there is a module in slot 4 Next in that same chassis suppose you installed a 4 port Gigabit Ethernet Mult...

Page 141: ...e with the switch fabric module backplane ports that are assigned to its slot The module s 24 backplane ports are assigned to the chassis slots as indicated in Table 34 Table 34 Mapping the 24 port Switch Fabric Module SFM Chassis Slot No SFM backplane port numbers that are assigned to the slot SFM LEDs that are assigned to the backplane ports 1 1 2 3 4 1 2 13 14 2 5 6 7 8 3 4 15 16 3 9 10 11 12 5...

Page 142: ...mentation To ensure that you understand the port numbering that the system reports for certain aspects of your configuration bridging information trunks and virtual LANs observe these guidelines when you configure your system Before you attempt to configure any bridging parameters determine your physical port configuration If you use trunking to group ports configure your trunks before you attempt...

Page 143: ...in slot 3 removing the module places ports 1 through 3 in the VLAN in the link down state If there are no remaining ports in the VLAN after you remove the module the VLAN summary display lists all ports for the VLAN as being in the link down state See Chapter 14 for more information about VLANs Trunk Changes When you remove a module trunk changes occur as follows There are no trunking changes to t...

Page 144: ... the new module takes on the configuration of the previous module Replacing Modules of Different Types More complicated changes occur when you replace modules of different types different model numbers Swapping a 20 port Fast Ethernet Layer 2 Switching Module with a 12 port Fast Ethernet Multilayer Switching module has the following effects Port numbering is reduced to 10 ports The new module conf...

Page 145: ...eading You can manage Ethernet features in either of these ways From the ethernet menu of the Administration Console See the Switch 4007 Command Reference Guide You can use the Administration Console after you log in to the Enterprise Management Engine and connect to a module slot From the Ethernet folder of the Web Management software See the Switch 4007 Getting Started Guide The management inter...

Page 146: ...port identifier Port mode Port speed 10 Mbps 100 Mbps or 1000 Mbps and duplex mode half duplex or full duplex Autonegotiation A feature that allows some ports to automatically identify and negotiate speed and duplex mode with a receiving device Flow control A Fast Ethernet or Gigabit Ethernet port mode that pauses and resumes transmissions PACE Interactive Access An algorithm that reduces network ...

Page 147: ...ease is accomplished using trunking technology also called link aggregation which works at Open Systems Interconnection OSI Layer 2 For more information about trunking see Chapter 12 Link Availability Ethernet technologies also allow you to design high levels of availability into your network through the use of trunking A trunk enhances network availability because its underlying TCMP technology d...

Page 148: ...ull duplex transmissions Autonegotiation A feature that allows some ports to identify and negotiate speed and duplex mode with a receiving device Flow control A Fast Ethernet or Gigabit Ethernet port mode that pauses and resumes transmissions Trunking A technology that combines multiple Fast Ethernet or Gigabit Ethernet ports into a single high speed channel thereby increasing bandwidth between sw...

Page 149: ... feature avoids repetitive collisions and prevents an end station from capturing the link With conventional Ethernet a packet collision can cause the last station that transmitted successfully to monopolize Ethernet access and cause delays Network areas 3Com uses a three tiered framework to describe the different functional areas in a LAN Wiring closet This area provides connections to user workst...

Page 150: ...ame is in error Figure 1 shows the order in which frame discard tests are made Figure 1 How Frame Processing Affects Ethernet Receive Frame Statistics rxFrames noRxBuffers rxInternalErrs lengthErrs alignmentErrs fcsErrs rxUcastFrames rxMcastFrames Frames received from the network Frames discarded because buffer space was exhausted Frames discarded because frame was in error Frames delivered by the...

Page 151: ...mission Figure 2 shows the order in which these discard tests are made Figure 2 How Frame Processing Affects Ethernet Transmit Frame Statistics txUcastFrames txMcastFrames txDiscards txQOverflows excessDeferrals excessCollision carrierSenseErr txInternalErrs txFrames Frames delivered to the port Frames discarded because port was disabled Frames discarded because transmit queue was full Frames succ...

Page 152: ...d campus interconnect areas Downlinks from the data center to the campus interconnect area When multiple links are trunked it can be difficult to manage and troubleshoot individual port to port connections if a connectivity problem occurs This issue may not be of concern in a server farm room But if you use trunking extensively between wiring closets and data centers the large number of connection...

Page 153: ...mes The portState is off line for disabled ports and on line for enabled ports with an active link Port Labels Port labels serve as useful reference points and as an accurate way to identify ports for management applications Implementing Port Labels Label Ethernet ports so that you can easily identify the devices that are attached to them such as LANs workstations or servers For example you can as...

Page 154: ... which features they negotiate Table 36 Port Types and Autonegotiation Attributes Port Type Supports Autonegotiation Negotiable Attributes Default Values for Negotiable Attributes 10 100BASE TX Yes Port speed Duplex mode 10 Mbps Half duplex 100BASE FX No Not applicable Not applicable 1000BASE SX Yes Duplex mode Flow control Full duplex If autonegotiation is enabled the system s best effort is On 1...

Page 155: ...ntrol is On When you enable autonegotiation the system ignores your requested portMode information for 10 100BASE TX ports and your requested flowControl information for 1000BASE SX ports When you disable autonegotiation the system recognizes the requested portMode values for ports that have portMode options and the requested flowControl values for 1000BASE SX ports Backplane ports do not support ...

Page 156: ...t come up If the duplex modes differ link errors occur Table 37 lists the duplex port mode options available for each port type Enabling full duplex mode on a port disables collision detection Autonegotiation must be disabled on a port before a port mode selection can take effect Table 37 Port Mode Options Port Type Duplex Port Mode Resulting Port Mode Default 10 100BASE TX 100full 100half 10full ...

Page 157: ...l packets in receive or transmit statistics Table 38 Flow Control Options Flow Control Option Description Available on Port Type on Port recognizes flow control packets and responds by pausing transmission The port can generate flow control packets as necessary to slow incoming traffic Gigabit Ethernet Fast Ethernet off Port ignores flow control packets and does not generate flow control packets G...

Page 158: ...l duplex links Do not use PACE Interactive Access when a repeater is connected to a switch port Port Monitoring The Ethernet port monitoring feature can prevent port duplex mismatches or excessive collisions from interfering with normal traffic forwarding When enabled this feature performs these functions Monitors 10 100Mbps Ethernet ports for excessive collisions multiple collisions late collisio...

Page 159: ...r destinations The sending stations stop transmitting broadcast a collision alert and wait a random amount of time before trying again Media Specifications Table 39 summarizes the system s Ethernet media options Table 39 Ethernet Media Specifications Type Speed Media Connector Recommended Distance max 10 100BASE TX 10 100 Mbps Category 5 UTP RJ 45 100 m 100BASE FX 100 Mbps single mode fiber multim...

Page 160: ...ptimal compatibility performance and regulatory compliance use only GBIC transceivers and conditioned launch cables that 3Com supports For information about currently supported GBIC specifications and conditioned launch cables see the 3Com Web site http www 3com com gigabit_ethernet gbics Related Reading For more information about Ethernet media options see the Switch 4007 Getting Started Guide ...

Page 161: ...essing IP Fragmentation IPX SNAP Translation Broadcast and Multicast Limits GARP VLAN Registration Protocol GVRP Standards Protocols and Related Reading You can manage most bridge wide and bridge port commands in either of these ways From the bridge menu of the Administration Console after you log in to the Management Module and connect to the module s slot From the Bridge folder of the Web Manage...

Page 162: ... that prevents some potential damaging errors or undesirable frames from spreading or multiplying on the network Because bridges only forward a percentage of total traffic received they diminish the traffic that devices on connected segments experience and increase available bandwidth in each LAN Bridges allow a larger number of devices to communicate than a single LAN can support Bridges can dete...

Page 163: ...quired This term contrasts with static addresses which are addresses that are manually configured A bridge maintains a database called the address table which lists all static and dynamic addresses and associates them with appropriate port numbers For more information about the module address tables see MAC Address Table Design later in this chapter Aging Addresses A dynamic address remains in the...

Page 164: ... destination address is not known to the bridge the bridge forwards the frame to all active bridge ports other than the bridge port on which the frame was received This process is called flooding Other factors such as VLANs also affect how a bridge processes frames Loop Detection and Network Resiliency To operate most efficiently your network topology should have only one active path between any t...

Page 165: ...mary Your module supports several features that relate to the bridging process and are therefore organized under the bridge menu on the interface The following features are covered in this chapter Compliance with IEEE 802 1D MAC Bridges standard Modules comply with the requirements that are outlined in the IEEE 802 1D Media Access Control MAC Bridges standard Each module Supports transparent bridg...

Page 166: ...any 802 3_RAW IPX packets that are forwarded from Ethernet to FDDI to be translated to FDDI_SNAP instead of FDDI_RAW and vice versa See IPX SNAP Translation in this chapter for more information GARP VLAN Registration Protocol Multilayer Switching Modules only GVRP simplifies the management of IEEE 802 1Q VLAN configurations in large networks by making aspects of VLAN configuration dynamic See GARP...

Page 167: ...es for Implementation This section highlights the major issues to consider when you are planning how to configure bridging options on a module Additional more specific guidelines are included in various sections throughout this chapter usually under the heading Important Considerations Physical Ports and Bridge Ports All front panel ports as well as backplane ports on all modules operate as bridge...

Page 168: ... or see the command bridge vlan stpMode in the Switch 4007 Command Reference Guide STP Compatible with Trunking You can enable STP on the same module and ports on which you configure trunks STP understands that a trunk is one logical bridge port In fact you may find it useful to configure a backup trunk that STP places in the blocking state Of course a trunk itself has resilient properties in poin...

Page 169: ...ered port in the trunk and the Port column shows each port that is associated with the trunk The Label column contains the trunk name if you have assigned one Multicast Limits and Trunks If you want to specify a multicast limit for a trunk be sure to apply it to the trunk s anchor port lowest numbered port only However be aware that the multicast limit will operate on each port in the trunk even t...

Page 170: ...idge port active and puts redundant bridge ports in the blocking state A port in the blocking state neither forwards nor receives data frames After STP logically eliminates the redundant paths the network configuration stabilizes Thereafter if one or more of the bridges or communication paths in the stable topology fail STP recognizes the changed configuration and within a few seconds consults the...

Page 171: ...hich the bridge is receiving information Figure 3 shows the hierarchy of the STP bridges and their ports Figure 3 Hierarchy of the Root Bridge and the Designated Bridge Actions That Result from CBPDU Information From the information that the CBPDUs provide Bridges elect a single bridge to be the root bridge The root bridge has the lowest bridge ID among all the bridges on the extended network Brid...

Page 172: ...e designated port Bridges choose a root port that gives the best path from themselves to the root bridge Bridges select ports to include in the STP topology The ports that are selected include the root port plus any designated ports Data traffic is forwarded to and from ports that have been selected in the STP topology Figure 4 shows a bridged network with its STP elements Figure 4 STP Root and De...

Page 173: ...only if the root IDs transmitting bridge IDs and costs when compared are equal In other words the port identifier is a tiebreaker in which the lowest port identifier takes priority This identifier is used primarily for selecting the preferred port when two ports of a bridge are attached to the same LAN or when two routes are available from the bridge to the root bridge Comparing CBPDUs Here are th...

Page 174: ...s own bridge ID as the transmitting ID for example 85 Thus its CBPDU looks like this 85 0 85 2 The bridge receives CBPDUs on each of its ports from all other bridges and saves the best CBPDU from each port The bridge determines the best CBPDU by comparing the information in each message that arrives at a particular port to the message that is currently stored at that port In general the lower the ...

Page 175: ...ed LANs If the bridge receives a better CBPDU on a port than the message it would transmit it no longer transmits CBPDUs on that LAN When the algorithm stabilizes only the designated bridge transmits CBPDUs on that LAN How Multiple Bridges Interpret CBPDUs The previous section looked at how a single bridge reviews CBPDUs and makes decisions The following examples illustrate how STP determines the ...

Page 176: ...igure 5 Starting the Spanning Tree Calculation LAN 5 Bridge A Bridge B Bridge C Bridge D Bridge E Bridge F LAN 1 LAN 2 LAN 3 LAN 6 LAN 4 12 0 12 10 0 10 20 0 20 81 0 81 29 0 29 35 0 35 XX X XX CBPDU root ID cost transmitter ID L2 3 L2 3 L2 3 L2 3 L2 3 L2 3 ...

Page 177: ... Bridge B Bridge C Bridge D Bridge E Bridge F LAN 1 LAN 2 LAN 3 LAN 6 LAN 4 10 11 12 10 0 10 10 11 20 10 12 81 10 11 29 10 11 35 Root bridge R B D R B R D R D D D D R B CBPDU root ID cost transmitter ID XX X XX R Root port D Designated port B Backup port B L2 3 L2 3 L2 3 L2 3 L2 3 L2 3 ...

Page 178: ...The root path cost of the designated bridge for the LAN to which this port is attached If the bridge has more than one port attachment the port with the lowest cost becomes the root port and the other ports become either designated or backup ports If bridges have redundant links to the same LAN then the port with the lowest port identifier becomes the root port In Figure 6 Bridge F has two links t...

Page 179: ...ng bridge ID is compared between Bridge C and Bridge D Because Bridge C s ID 20 is smaller than Bridge D s 29 Bridge C becomes the designated bridge for LAN 3 The designated bridge for LAN 6 is either Bridge D or Bridge E Because Bridge D s transmitting bridge ID 29 is lower than Bridge E s 35 Bridge D becomes the designated bridge for that LAN The designated bridge for LAN 4 is Bridge F the only ...

Page 180: ...ng state is similar to the listening state except that data frames are received on that port for the purpose of learning which stations are attached to that port After spending the specified time in this state without receiving information to change the port back to the blocking state the bridge changes the port to the forwarding state The time that the port spends in each of the listening and lea...

Page 181: ...ening state the forward delay must expire before the port can transition to the learning state Then another forward delay must expire before the port can transition to the forwarding state If you disable a port in the listening learning or forwarding state or if port initialization fails then that port becomes disabled Disabled Blocking Listening Learning Forwarding Port enabled by either network ...

Page 182: ...layed to the root bridge The root bridge then sets the Topology Change Flag in its CBPDU so that the information is broadcast to all bridges It transmits this CBPDU for a fixed amount of time to ensure that all bridges are informed of the topology change If a port changes from the blocking state to the forwarding state as a result of the topology change STP sends the topology information to all th...

Page 183: ...ge maximum age Bridge hello time STP group address See the Switch 4007 Command Reference Guide for value ranges and defaults for these parameters as well as definitions of fields in the displays Bridge Wide STP State You can set the bridge wide STP state to one of these options Default Enabled This setting allows any bridge port on the module to run STP as long as it too has STP enabled The bridge...

Page 184: ...ied value that you set for maximum age on a given module is only used if the module is selected as the root bridge Otherwise the module uses the maximum age value that is assigned to it by the root bridge via the CBPDU The bridge display shows both values the one set by the root bridge and the one configured on the device Bridge Hello Time Hello time is the period between the configuration message...

Page 185: ...evice The forward delay value may also be used in the address aging process and may be used to delay link up and link down traps See Address Aging later in this chapter for more information STP Group Address The STP group address is a single address to which a bridge listens when it receives STP information Each bridge on the network sends STP frames to the group address Every bridge on the networ...

Page 186: ...rt A higher path cost value makes the LAN that is reached through the port more likely to be low in the STP topology The lower the LAN is in the topology the less through traffic it carries For this reason assign a high path cost to a LAN that has a lower bandwidth or to one on which you want to minimize traffic Port Priority The STP port priority influences the choice of port when the bridge has ...

Page 187: ... is contiguous In closed VLAN mode the address table is dynamically allocated among the VLANs so that in effect each VLAN operates with its own address table The address threshold Multilayer Switching Modules only is the value at which a module reports the total number of addresses that are known Specifically when this threshold is reached the module generates the SNMP trap called addressThreshold...

Page 188: ...ity measure and increments a statistical counter From the bridge display of the Administration Console see the rxSecurityDiscs field From the Bridge Display option on the Web Management interface see the Received Security Discards column The number of static MAC addresses that you can configure depends on the availability of module resources You can configure up to 16 static addresses minimum If y...

Page 189: ...bled disabled or agingOnly These options are explained later in this section The module s detection of link state changes on ports shorter aging intervals may be applied for a certain period of time depending on the STP state that you have selected The value that you configure for STP forward delay on the module or that is assigned to the module by the STP root bridge The value used depends on the...

Page 190: ...e command If the STP State is Enabled When you set the bridge spanningTree stpState option to enabled and the module is operating in a stable STP network configuration the module ages all dynamically learned addresses as described in Normal Aging Process the preceding section Two situations can affect this process Module receives notice of an STP topology change Module detects a port down event ST...

Page 191: ...he forward delay value applies If the STP State is Disabled In this state the module does not participate in STP operations The aging process works as follows Multilayer Switching Modules These modules age dynamic addresses as described in Normal Aging Process earlier in this section except for when link down events are detected When a port goes down or is disabled the module immediately flushes a...

Page 192: ...to using the value in bridge agingTime after a period of time equal to bridge spanningTree stpForwardDelay bridge spanningTree stpMaxAge seconds has transpired Important Considerations The factory default values for the aging period bridge agingTime and for the STP forward delay bridge spanningTree stpForwardDelay align with the recommendations in the IEEE 802 1D specification Here are some things...

Page 193: ... STP state on Layer 2 Switching Modules the reporting of link up and down events is delayed by the value of the functioning forward delay This delay helps ensure that the application Transcend Enterprise VLAN Manager EVM operates correctly EVM associates a MAC address with each port that it assigns to a VLAN If MAC addresses are not flushed out fast enough after a link up or link down event the ne...

Page 194: ...forward the frame The frame exceeded the configured broadcast or multicast rate limit A frame that is forwarded to a bridge port is then transmitted to a physical interface unless it is discarded A module can discard a frame at this point for the following reasons The transmit bridge port is blocked The frame is too large for the corresponding physical interface A user defined packet filter Multil...

Page 195: ... frames received in that second of time are dropped This feature is useful for suppressing potential multicast or broadcast storms To set a bridge port limit 1 Measure the normal broadcast and multicast traffic flow on the bridge port and determine an appropriate limit 2 At the top level module prompt enter bridge port multicastLimit 3 Specify the port number 4 Specify the type of frame to which t...

Page 196: ... both multicast and broadcast packets You can set similar limits using options on the Quality of Service menu If you want to specify a limit for a trunk you only need to specify the trunk s anchor port the lowest numbered port However be aware that the limit operates on each link in the trunk even though you only configured it on the anchor port If you have IP multicast application traffic on your...

Page 197: ...tate other than forwarding no longer participates in GVRP Important Considerations To use GVRP consider the following GVRP updates are not sent out to any blocked STP ports GVRP operates only on ports that are in the STP forwarding state If GVRP is enabled a port that changes to the STP forwarding state automatically begins to participate in GVRP A port that changes to an STP state other than forw...

Page 198: ...cally configured Although static updates are saved in nonvolatile RAM GVRP s dynamic updates are not When GVRP is disabled the module deletes all VLAN interfaces that were learned through GVRP and leaves unchanged all VLANs that were configured through the Administration Console or through the Web management software Standards Protocols and Related Reading Refer to the following standard for more ...

Page 199: ...gged Packets Standards Protocols and Related Reading You can administer Class of Service CoS commands from the bridge cos menu of the Administration Console See the Switch 4007 Command Reference Guide You can use the Administration Console after you log in to the Enterprise Management Engine and connect to a module slot The management interfaces display cb9000 and refer to the Management Module as...

Page 200: ...oped a variety of QoS oriented features that work at higher levels in the Open Systems Interconnection OSI model Users can configure these features to better control how different types of traffic are processed and forwarded through the switch and ultimately the network as whole QoS techniques are designed to address the different latency and throughput needs of time sensitive applications as well...

Page 201: ...h the device queues in a way that is configured by the network administrator The standard identifies eight different priority levels using numbers 0 through 7 Table 43 outlines the different types of traffic that the standards body envisioned carrying different priority levels However you can apply the eight numbers however you want to identify your network application traffic Table 43 Priority Le...

Page 202: ...et Carries priority level information and VLAN information Queues and Priority Levels Compliance with the IEEE 802 1p standard means that a device must recognize eight priority levels 0 7 however the number of queues in a given device can vary Eight queues are not required When there are fewer than eight device queues a packet s priority level does not always indicate how it will be processed rela...

Page 203: ...itecture When CoS is enabled a Layer 2 Switching Module uses two CoS queues per port Queue 1 is always the high priority queue Each Fast Ethernet port has a queue specific buffer of 64 KB Each Gigabit Ethernet port has a queue specific buffer of 128 KB You can affect the flow of queue 1 traffic by configuring a rate limit See Configuring a Rate Limit on Queue 1 later in this chapter Queue 2 is alw...

Page 204: ...ssign to each queue actually apply to all ports in the module When you assign one or more priority levels to one of the queues the module automatically assigns the remaining priority levels to the other queue If CoS is disabled you can still modify the priority assignments to each queue they simply do not effect traffic until you enable CoS Configuring a Rate Limit on Queue 1 You can configure a r...

Page 205: ...he default rate limit of 100 percent means that queue 1 can starve queue 2 under the right conditions That is on a given port packets in queue 2 are always buffered if there are any packets in queue 1 on that same port Queue 2 packets are processed only after all packets from queue 1 have been processed If the queue 2 buffers become full the module begins to drop packets in that queue Table 44 Imp...

Page 206: ...ag is retained upon forwarding the packet the module leaves the priority level as is whether CoS is enabled or not If a tagged packet enters the module and VLAN rules cause the tag to be stripped prior to forwarding the CoS priority information is lost thereafter unless the packet is later processed by a device that can insert tags and priority levels other than 0 Standards Protocols and Related R...

Page 207: ...ystem Key Implementation Guidelines Processing IP Multicast Packets Effects of MAC Address Aliasing Operating as the Querier Locating Multicast Routers Aging the IGMP Tables Standards Protocols and Related Reading You can manage IGMP commands on Layer 2 Switching Modules in either of these ways From the bridge multicast igmp menu of the Administration Console See the Switch 4007 Command Reference ...

Page 208: ...ctions are disabled or not present in a Layer 2 switch the switch floods all IP multicast packets to all ports that is it operates in compliance with the IEEE 802 1D MAC Bridges base standard If IGMP functions are present and enabled a switch can forward IP multicast traffic only to ports that require it and filter it on other ports Defined in Internet RFC 1112 and RFC 2236 IGMP performs two main ...

Page 209: ...IP multicast applications are available each year support for IGMP in switches helps prolong the life span of existing network topologies and available bandwidth To understand the fundamental benefit that IGMP provides for users attached to a switch see Figure 8 Figure 8 IP Multicast Traffic Flow Before and After IGMP Snooping L2 IP multicast application sources Switch floods IP multicast traffic ...

Page 210: ... Addresses and Group Members An IP multicast packet differs from a unicast packet by the presence of a multicast group address in the destination address field of the IP header Each application uses a unique group address and hosts refer to these group addresses when they tell network devices which IP multicast transmissions they want to receive In doing so hosts become group members Hosts can joi...

Page 211: ...his contrasts with a unicast approach which would generate one copy per recipient The single copy of each IP multicast packet travels until the path to reach group members diverges at which point the packet is replicated to ensure that one copy of the packet continues on each branch in the delivery tree Thus a significant benefit of the IP multicast delivery process is bandwidth conservation How R...

Page 212: ...port querying the one with the lowest IP address is elected as the querier The querier periodically sends a query message to all hosts on the subnetwork or broadcast domain and requests that they reply with the IP multicast groups for which they want to receive traffic A host responds to a query by sending an IGMP report The querier as well as IGMP capable devices between hosts and the querier sno...

Page 213: ... is the last group member on the subnetwork by issuing a group specific query Leave group messages lower leave latency that is the time between when the last group member on a given subnetwork or segment sends a report and when a router or switch stops forwarding traffic for that group This process conserves bandwidth The alternative is for the router or switch to wait for an aging period to expir...

Page 214: ...that you configure a source IP address See Operating as the Querier later in this chapter Display a command configuration summary Display VLANs with active snooping activity Display group and port information per VLAN Display the designated querier per VLAN Display IP multicast router ports per VLAN Display the port in the VLAN that last received a query With snooping and querying enabled your swi...

Page 215: ...sable querying as long as one or more other devices in the subnetwork or broadcast domain can act as the querier If you enable querying on a given module you must also enable snooping for querying to work properly To maximize the effectiveness of IGMP in a flat network design or large broadcast domain that includes IP multicast sources the querier should be positioned as close to the source of IP ...

Page 216: ... interfere with the flow of IP multicast traffic If you select the BcastOnly option the rate limit does not affect multicast packets For more information about the bridge port multicast limit feature see Chapter 9 To reduce the effects of MAC address aliasing verify that your IP multicast applications do not use binary group addresses in the range 224 239 0 128 0 x where x equals 0 255 See Effects...

Page 217: ...st domain that lead to multicast routers Port that leads to the querier if another device is the querier IGMP Queries All ports in the broadcast domain IGMP Leave Group Messages All ports in the broadcast domain Packets with addresses 224 139 0 128 0 x where x 0 255 All ports in the broadcast domain See Effects of MAC Address Aliasing later in this chapter Packets addressed to known registered IP ...

Page 218: ...ng module cannot distinguish such packets MAC address aliasing has two main implications Some packets are forwarded to more ports than actually require it For example if requests for multicast group 226 1 2 3 are registered on port 1 and requests for group 227 1 2 3 are registered on port 2 these IP addresses map to the same MAC address and the module forwards traffic for both groups to both ports...

Page 219: ...nternet Assigned Numbers Authority IANA at http www iana org Table 46 Examples of Class D Permanent Address Assignments Address Meaning 224 0 0 0 Base Address Reserved 224 0 0 1 All systems on this subnet 224 0 0 2 All routers on this subnet 224 0 0 4 All DVMRP routers 224 0 0 5 All OSPF routers 224 0 0 6 All OSPF designated routers 224 0 0 7 All ST routers 224 0 0 8 All ST hosts 224 0 0 9 All RIP...

Page 220: ...traffic to them For example If the module is operating as the querier any upstream router the router that leads back toward an IP multicast source also needs to see IGMP reports so it can decide whether to begin stop or continue forwarding group traffic on the subnetwork that includes the switch Downstream routers need to receive all IP multicast traffic because other group members may be attached...

Page 221: ...dd one query response interval 10 seconds Thus it is approximately 4 5 minutes Standards Protocols and Related Reading The following standards apply to the technologies that are described in this chapter IEEE 802 1D Media Access Control MAC Bridges A base standard that specifies requirements for transparent bridging To obtain copies of standards register for an on line subscription the Institute o...

Page 222: ...222 CHAPTER 11 IP MULTICAST FILTERING WITH IGMP ...

Page 223: ...ading You can manage trunks in either of these ways From the bridge trunk menu of the Administration Console See the Command Reference Guide You can use the Administration Console after you log in to the Enterprise Management Engine and connect to a module slot in the Switch 4007 chassis From the Bridge trunk folder of the Web Management software See the Switch 4007 Getting Started Guide The manag...

Page 224: ...the following trunking features Define You specify ports and characteristics associated with the trunk Modify You modify a trunk s characteristics or add or remove a port from the trunk Remove You remove a trunk definition from the module Benefits Trunking can help you meet your network capacity and availability needs With trunks you can cost effectively increase the bandwidth between switches or ...

Page 225: ...on a trunk the module logically groups the physical ports that you specify into a single bridge port identified by a single bridge port number in bridge statistics For example Figure 11 shows that Ethernet ports 2 3 and 4 are represented by bridge port 2 after trunking The lowest numbered port in the trunk called the anchor port represents the entire trunk After trunking you can select bridge port...

Page 226: ...es all of the physical ports in the trunk If you plan to use trunks aggregated links define the appropriate trunks before you define your VLANs If you define a VLAN with certain ports and subsequently configure some of those ports to be part of a trunk the module removes those ports from the VLAN and places them in the default VLAN When you define a VLAN that includes trunk ports you must specify ...

Page 227: ...ort has not yet become active inUse A trunk port is fully active on the trunk Key Guidelines for Implementation Consider the following important factors when you implement and configure trunks General Guidelines Create trunks before you define VLANs An interface module supports four point to point trunks each built from up to eight ports All channels in a trunk must connect Correctly configured po...

Page 228: ...ludes downlinks into the data center or campus interconnect Data center This area receives connections from wiring closets and campus interconnect areas Most local server farms reside here Campus Interconnect This area only appears as a separate location in larger networks smaller networks usually have just wiring closets and data centers The campus interconnect links campus data centers to each o...

Page 229: ...000 Mbps trunk This is true with all vendor implementations A trunked Fast Ethernet pipeline may seem to offer comparable bandwidth to a single Gigabit Ethernet link and trunked Fast Ethernet may seem like a good way to buy some time before you upgrade connections to Gigabit Ethernet Table 47 shows that trunking Fast Ethernet may not be an effective strategy If you cannot upgrade to Gigabit Ethern...

Page 230: ...ic module If automatic backplane trunking is enabled then you cannot configure backplane port trunking on the switch fabric module or interface modules If you enable a slot that slot automatically trunks any backplane ports If automatic backplane trunking is disabled then you can configure backplane trunking on the switch fabric module and have those trunks automatically configured at the managed ...

Page 231: ...modules with trunk max traces available No trunking is allowed on either Layer 2 or Multilayer Switching Modules with a single backplane port Defining Trunks To define a trunk you specify the ports that you want to be in the trunk Important Considerations If you have already defined other trunks on your Switch you cannot select ports that are part of an existing trunk Devices that you use in a tru...

Page 232: ...th a trunk specifying port 1 defines the VLAN to include all of the physical ports in the trunk If you have not defined trunks simply specify one or more port numbers or specify all to assign all ports to the VLAN interface When you create a trunk that includes ports that are part of a VLAN those ports are removed from the VLAN You must modify the VLAN and add the new bridge port to the appropriat...

Page 233: ...runk If you have more than one media type on your Switch for example Fast Ethernet and Gigabit Ethernet you are prompted for a media type before you are prompted for the trunk information Any changes that you make to the trunk s characteristics take effect immediately and do not interrupt trunk operations If you add or remove a port however you must reboot the Switch to implement the change You ca...

Page 234: ...02 3u 100BASE T Fast Ethernet over UTP or fiber IEEE 802 3z 1000BASE SX Gigabit Ethernet over multimode fiber and 1000BASE LX Gigabit Ethernet over multi or singlemode fiber Although the standard for trunking link aggregation is not yet finalized 3Com trunking technology currently interoperates with similar technology from other vendors including Sun Microsystems and Cisco Systems ...

Page 235: ...ilient Link State Resilient Link Active Port Resilient Link Remove After you log in to the Management Module EME and connect to a slot that houses a Layer 2 Switching Module you can manage resilient links from the bridge link menu of the Administration Console For more information on specific commands see the Switch 4007 Command Reference Guide The management interfaces display cb9000 and refer to...

Page 236: ...ap to the network management station to alert you of the signal loss The standby port assumes the profile and carries the network traffic of the main port If the main link has a higher bandwidth than its standby link traffic is switched back to the main link provided that no loss of link is detected for 2 minutes Otherwise you must manually switch traffic back to the main link Switchover time to t...

Page 237: ...ime if those links fail 3Com recommends that you implement resilient links in these network configurations Switch to switch downlinks from the wiring closet to the data center The resilient link pair must terminate on a Layer 2 data center switch Server to switch connections in the data center and campus interconnect areas Key Concepts When you define a resilient link pair you define The main port...

Page 238: ... STP is enabled You cannot disable ports that are part of a resilient link unless a link failure occurs You need to define a resilient link only at one end of the link If an active standby port fails and you have defined a link on the main port the ports toggle and the main port becomes active Resilient Link Define and Modify To define or modify a resilient link specify the ports that you want to ...

Page 239: ...ffic When the link state is disabled the resilient link no longer transmits or receives frames Resilient Link Active Port The active port is the port that carries traffic You can designate either the main port or the standby port as the active port Important Considerations Only one port in a resilient link pair is active at a time By default the module defines the main port in a resilient pair as ...

Page 240: ...240 CHAPTER 13 RESILIENT LINKS ...

Page 241: ...LAN Overview Key Concepts Key Guidelines for Implementation VLAN allOpen or allClosed Mode Port based VLANs The Default VLAN User Configured Port based VLANs Dynamic Port based VLANs Using GVRP Protocol based VLANs Network based IP VLANs Ignore STP Mode Rules of VLAN Operation Modifying and Removing VLANs Monitoring VLAN Statistics The management interfaces display cb9000 and refer to the Manageme...

Page 242: ...alogous to an IP subnetwork and an IP interface on a router Need for VLANs If a bridge port in a LAN switching device receives a frame with a broadcast multicast or unknown destination address it forwards the data to all bridge ports in the VLAN that are associated with the frame except the port on which it was received This process is referred to as bridge flooding As networks grow and the amount...

Page 243: ...es and other changes and simplify network administration Create virtual workgroups in which members of the same department or section appear to share the same LAN with most of the network traffic staying in the same VLAN broadcast domain They can isolate broadcast and multicast traffic to a single broadcast domain as well as unicast traffic Help avoid flooding and minimize broadcast and multicast ...

Page 244: ... members of a port based VLAN that spans modules you configure port 21 the lowered numbered backplane port as part of the VLAN When you have multiple VLANs this module backplane port must be tagged for all but one of the VLANs For one VLAN such as the default VLAN the backplane port can be untagged but for the other VLANs the backplane port must be tagged Switch Fabric Module The central backplane...

Page 245: ...dules called the default VLAN The system also supports static VLAN configuration for both Layer 2 and Multilayer Switching Modules and dynamic port based VLAN configuration for Multilayer Switching Modules See User Configured Port based VLANs and Dynamic Port based VLANs Using GVRP later in this chapter for information on static and dynamic VLAN configuration Protocol based VLANs No Yes Determine ...

Page 246: ...at but it takes advantage of an additional 3 bits to specify the priority levels used for Class of Service differentiation Generic Attribute Registration Protocol GARP This protocol is defined in IEEE 802 1p which is a supplement to the IEEE 802 1D standard GARP is a Layer 2 transport mechanism that allows switches and end systems to propagate information across the switching domain Ignore STP mod...

Page 247: ...ed in the IEEE 802 1Q standard In frame tagging mode an explicit header that identifies to which VLAN the frame belongs is inserted into each frame of interswitch data Frames in the same VLAN can be tagged or untagged An untagged port in a VLAN cannot insert a tag but it can recognize a tagged frame Use this mode for VLANs in an IEEE 802 1Q environment You must evaluate tagging for each switching ...

Page 248: ...t the next available VLAN ID Data frames sent by the system are tagged per IEEE 802 1Q which contains the VID if tagging is enabled on the transmit port for that VLAN Tagged IEEE 802 1Q data frames that are received on the system are assigned to the VLAN that corresponds to both the VID contained in the tag and the protocol type Be aware of these additional guidelines The default VLAN always uses ...

Page 249: ...VLAN display shows an origin of router if you have defined a router port IP interface on a single bridge port When you define a router port IP interface you must place the system in allClosed mode This setting removes any allOpen VLANs and re creates the default VLAN See Chapter 16 for more information on defining router port IP interfaces Protocol suite On Multilayer Switching Modules the protoco...

Page 250: ...s of VLAN Operation later in this chapter Key Guidelines for Implementation Consider the following guidelines when you configure VLANs on your Switch 4007 system Migration Path for Network based VLANs On your multi layer modules you can either configure network based IP VLANs or you can define a single VLAN with the protocol type IP and then define multiple IP routing interfaces fro that single pr...

Page 251: ...rface This latter procedure is not recommended because it makes the IP VLAN a network based VLAN which will not be supported at releases higher than 3 0 If you continue to use network based VLANs for Release 3 0 on your Multilayer Switching Modules you are limited to defining only one IP routing interface for that VLAN When you define an IP routing interface with the interface type vlan the system...

Page 252: ...he router port to ignore Spanning Tree states on the port After you define the router port IP interface and change the VLAN mode to allClosed the following events occur The Multilayer Switching Module deletes all other VLANs and redefines the default VLAN You must redefine any VLANs that you had configured keeping in mind that unicast traffic will no longer be forwarded between VLANs You must defi...

Page 253: ...g the module nvData staging command and use the EME staging option to apply the configuration You can also use EME commands to upload and download module configurations saved on a server See the Switch 4007 Enterprise Management Engine User Guide for more information about the EME If you lose track of your changes in a complicated VLAN configuration it may be better to perform a nonvolatile data n...

Page 254: ...d protocol based and network based information for Multilayer Switching Modules b Include the appropriate front panel ports Tag the front panel ports if you need to that is if the ports overlap with another VLAN and tagging is the only distinguishing characteristic Remember that if you tag a port the attached device must support IEEE 802 1Q tagging If you are configuring a Multilayer Switching Mod...

Page 255: ...participating switching modules For example if the VLAN s participating modules reside in slots 3 and 5 include switch fabric module ports 5 and 9 in the VLAN definition on the switch fabric module Tag these switch fabric module ports if the backplane ports of the corresponding switching modules are tagged For each VLAN verify that the tagging type for a switch fabric module port matches its assoc...

Page 256: ...yle of all ports this formula generally yields a maximum if you change to use the Release 1 2 tag style of taggedVlanPorts then this formula generally yields a minimum number of VLANs A result of up to 64 is valid If your result is greater than 64 you must observe 64 as the limit for the number of VLANs supported The number of allowable VLANs includes the default VLAN and the number of protocol su...

Page 257: ...the Multilayer Switching Module IP AppleTalk unspecified for the default VLAN and generic IPX which counts as 4 protocol suites 125 7 minus 3 14 In this configuration the module supports a minimum of 14 VLANs As shown in Table 53 these 7 protocol suites use 8 protocols 3 IP 2 AppleTalk 1 unspecified and 2 generic IPX Example 2 You have 5 protocol suites IP unspecified AppleTalk IPX 802 2 Sub Netwo...

Page 258: ...ease uses VLAN resources differently than did Release 2 x and may cause a change in the total number of allowable VLANs VLAN aware mode is currently supported only through the Administration Console not through Web Management or SNMP Initial installation of Release 3 0 provides a default VLAN aware mode of allPorts which is consistent with the 3 0 ingress rules and resource allocation If you upgra...

Page 259: ...he VLAN mode after you have defined VLANs the interface module or switch fabric module deletes all configured VLANs and redefines the default VLAN See Modifying the VLAN Mode later in this chapter You can control STP settings as follows For all types of modules you can enable or disable STP for the entire module but not individual VLANs For all types of modules regardless of the VLAN mode you can ...

Page 260: ... the system does not define the IP routing interface unless you have an IP VLAN configured See the appropriate routing protocol chapter for an overview of your routing options and guidelines See Chapter 16 for information on defining either a IP router interface for a static IP VLAN or a router port IP interface If you plan to use trunks aggregated links define the appropriate trunks before you de...

Page 261: ...ures for a router port IP interface on a Multilayer Switching Module you must place the system in allClosed mode After you define a router port IP interface and the system creates the router port VLAN you cannot change the VLAN mode until you delete the router port IP interface Select a VLAN mode as follows allOpen Use this less restrictive mode if you have no security issues about the forwarding ...

Page 262: ...one STP on the module See Ignore STP Mode later in this chapter for information on this mode To disable STP blocking on a per port basis with allOpen or allClosed VLANs you can use the bridging option bridge port stpState on the Administration Console See Chapter 9 for bridging information Your selection of a VLAN mode affects how you manipulate bridge port addresses Examples If you select allClos...

Page 263: ...ter port IP interfaces You cannot change the mode if you have router interfaces defined on the module 2 Modify the VLAN mode to specify the new VLAN mode When you change the mode the module deletes all of your existing configured VLANs for the module and reverts to the default VLAN 3 Reconfigure your VLANs and for Multilayer Switching Modules redefine your routing interfaces ...

Page 264: ...yer Switching Modules For nonoverlapped protocol based VLANs Either the protocol type is unique per VLAN or the member ports are unique per VLAN For overlapped protocol based VLANs multiple VLANs of the same protocol type that share ports IEEE 802 1Q tagging for shared ports the shared ports can employ a tagging mode of none in only one of the same protocol type VLANs shared ports in all other VLA...

Page 265: ...is allClosed the packet is not forwarded Figure 13 An allOpen Mode Configuration Using allClosed Mode Closed VLANs maintain their own unique address tables as shown in Figure 14 For Layer 2 modules port based inter VLAN traffic can be routed through a Layer 3 module As shown in Figure 14 traffic can only be passed if the path is routed around VLAN 1 and VLAN 2 Figure 14 An allClosed Mode Configura...

Page 266: ...ing types of port based VLANs The default VLAN a special predefined VLAN User configured port based VLANs In addition Multilayer Switching Modules support dynamic port based VLANs created using GVRP The Default VLAN The system predefines a port based VLAN to initially include all of the system s bridge ports without any tagging For example if you have four 10 port 100BASE FX Fast Ethernet Layer 2 ...

Page 267: ... default VLAN the ports of a newly inserted module are added to the default VLAN If you have removed the default VLAN and at least one other VLAN exists the ports of a newly inserted module are not added to any VLAN If you have removed the default VLAN and no other VLANs exist a new default VLAN is created containing all ports when a new module is inserted To ensure that data can be forwarded veri...

Page 268: ...have the default VLAN as well as other VLANs on a module and you subsequently modify an existing trunk that has ports in one of the VLANs any port that is removed from the trunk is removed from the VLAN and placed in the default VLAN For example on a 12 port Multilayer Switching Module Trunking with the default VLAN removed If you remove the default VLAN there is no place to return ports altered b...

Page 269: ... port Multilayer Switching Module See Chapter 12 for more information on using trunks Ports Before Action Trunking Action Ports After Action ipvlan1 ports 1 11 Define trunk with ports 5 8 ipvlan1 ports 1 4 9 11 Ports Before Action Trunking Action Ports After Action ipvlan1 ports 1 11 Ports 5 8 are trunk ports Modify existing trunk to have ports 6 8 Remove port 5 the anchor port ipvlan1 ports 1 4 6...

Page 270: ...ns are IEEE 802 1Q tagging or no tagging The IEEE 802 1Q tagging option embeds explicit VLAN membership information in each frame Overlapped VLANs require tagging that is two port based VLAN interfaces may contain the same bridge port if one of the VLAN interfaces defines the shared port to use IEEE 802 1Q tagging This rule is true for either allOpen or allClosed mode For example a shared bridge p...

Page 271: ...Tag status none or IEEE 802 1Q Unique name of the VLAN interface Example 1 A Single VLAN Configuration The configuration in Figure 15 shows a single VLAN for example a modified default VLAN that spans two switching modules and pass traffic through the switch fabric module which resides in slot 8 but is logically represented above the other modules Figure 15 Single VLAN Example XX Slot 3 YY Slot 6 ...

Page 272: ...nnects to Port 21 of the switch fabric module Station A can pass traffic to Station B Example 2 VLANs with Tagged Backplane Ports The configuration in shows two VLANs that span two Layer 2 switching modules and pass traffic through the switch fabric module which resides in slot 7 but is logically represented above the other modules VLAN1 the default user modified VLAN2 user configured port based V...

Page 273: ...agging none front panel ports 1 5 Tagging 802 1Q backplane port 21 22 VLAN1 default VLAN Index 1 VID 1 Ports 1 5 21 22 Tagging none front panel ports 1 5 Tagging 802 1Q backplane port 21 22 VLAN1 default VLAN Index 1 VID 1 Ports 1 5 Tagging 802 1Q fabric ports 1 5 Tagged port Switch Fabric Module VLAN1 VLAN2 20 port Layer 2 Switching Module Switch 4007 Chassis Port 1 Port 21 Port 5 Port 21 Slot 1 ...

Page 274: ...rship of both VLANs is port based the shared ports on both the front panel and backplane ports must be explicitly tagged Station E must support tagging because it is connected to a tagged port The two overlapped front panel ports on Module YY can receive frames that are flooded on VLAN2 from Station A Station B and Station E or on VLAN3 from Station C Station D and Station E This communication is ...

Page 275: ...ag identifies and knows to which VLAN the frame belongs Figure 17 Multiple VLAN Example with Tagged Front Panel Ports Switch Fabric Module VLAN2 VLAN3 Tagged port XX Slot 3 YY Slot 5 ZZ Slot 6 Switch 4007 Chassis Port 5 Port 17 Port 21 Backplane ports Port 21 22 Port 21 22 A B E C D ...

Page 276: ...AN2 VLAN Index 2 VID 20 Ports 1 4 21 22 Tagging none front panel ports 1 2 Tagging 802 1Q front panel ports 3 4 and backplane port 21 22 VLAN2 VLAN Index 2 VID 20 Ports 5 17 Tagging none port 5 Tagging 802 1Q port 17 VLAN3 VLAN Index 3 VID 30 Ports 3 6 21 22 Tagging 802 1Q front panel ports 3 4 and backplane port 21 22 Tagging none front panel ports 5 6 VLAN3 VLAN Index 3 VID 30 Ports 1 5 21 22 Ta...

Page 277: ...stination The method of VLAN advertisement used by all GVRP capable switches involves protocol data units PDUs similar to the method used by STP GVRP capable devices send their updates to a well known multicast address and all GVRP capable devices listen to this address for information changes Enabling GVRP allows the Multilayer Switching Module dynamically adjust active network topologies in resp...

Page 278: ...VRAM while static updates are saved in NVRAM When GVRP is disabled the Multilayer Switching Module deletes all VLAN interfaces that were learned through GVRP and leaves unchanged all VLANs that were configured through the Administration Console SNMP or the Web Management software GVRP manages the active topology not nontopological data such as VLAN protocols If you need to classify and analyze pac...

Page 279: ... one end station is propagated throughout the network Figure 18 Sample Configuration Using GVRP LAN 1 R R D LAN 2 R D D Station sending update with VID D Declaration of Attribute R Registration of Attribute D R D R D R R R D R D L2 3 L2 3 L2 3 L3 Switch 4007 with Multilayer Switching Module ...

Page 280: ...ned on Layer 2 modules The Multilayer Switching Modules support routing for three protocol suites IP IPX and AppleTalk To define a protocol based VLAN interface specify this information The VID or accept the next available VID The bridge ports that are part of the VLAN interface If you have trunk ports specify the anchor port for the trunk The protocol for the specified ports in the VLAN Tag statu...

Page 281: ... Novell IPX IPX supports all of the following 4 IPX types IPX Type II Ethernet Version 2 IPX 802 2 LLC DSAP SSAP value 0xE0 hex IPX 802 3 Raw DSAP SSAP value 0xFF hex IPX 802 2 SNAP DSAP SSAP value 0xAA hex 4 1 1 1 1 2 1 0 0 1 This protocol does not use an Ethernet protocol type AppleTalk DDP AARP Ethernet Version 2 SNAP PID 1 2 Xerox XNS XNS IDP XNS Address Translation XNS Compatibility Ethernet ...

Page 282: ...tween them only via an external router or a Multilayer Switching Module configured for routing The Multilayer Switching Module s routing over bridging model lets you configure routing protocol interfaces based on a static VLAN defined for one or more protocols You must first define a VLAN to support one or more protocols and then assign a routing interface for each protocol associated with the VLA...

Page 283: ...network is on a shared port For allOpen VLANs using the destination MAC address in the frame causes the frame to be bridged otherwise it is routed in the same manner as for allClosed VLANs 4 Enable IP routing You perform similar steps to create IPX and AppleTalk routing interfaces For more information see the chapters in this guide for routing protocols such as IP IPX and AppleTalk Example 1 Routi...

Page 284: ...faces enable IP routing and enable RIP Figure 19 Routing Between Two Multilayer Modules Switch Fabric Module VLAN2 IP VLAN with interface 22 2 2 10 VLAN3 on backplane and fabric ports VLAN4 IP VLAN with interface 44 4 4 10 12 port Multilayer Module Switch 4007 Chassis Port 9 Port 17 Slot 3 12 port Multilayer Module Slot 5 Tagged port T VLAN1 ports 9 17 13 U VLAN3 IP VLAN with interface 33 3 3 20 2...

Page 285: ...fault VLAN Index 1 VID 1 Ports 9 17 Tagging 802 1Q fabric ports 9 17 VLAN2 VLAN Index 2 VID 20 Ports 1 10 Protocol type IP No Layer 3 address Tagging none front panel ports IP router interface 22 2 2 10 VLAN4 VLAN Index 4 VID 40 Ports 1 10 Protocol type IP No Layer 3 address Tagging none front panel ports IP router interface 44 4 4 10 VLAN3 VLAN Index 3 VID 30 Port 13 Protocol type IP No Layer 3 a...

Page 286: ...P routing interface for IP VLAN 2 150 10 2 12 is defined to be on the same subnetwork as the devices connected to the Layer 2 modules in slots 1 and 2 For example a PC is defined as 150 10 2 1 VLAN3 a port based VLAN that is defined on the Layer 2 module in slot 2 It is defined as a protocol based VLAN for IP on the Layer 3 module in slot 4 The IP routing interface for IP VLAN 3 150 10 3 12 is def...

Page 287: ...yer 2 module Switch 4007 Chassis Port 1 Port 21 22 Port 5 Port 21 22 Port 9 Port 21 22 Port 13 Port 13 Tagged port T VLAN1 U VLAN2 T VLAN1 T VLAN2 T VLAN3 T VLAN4 T VLAN1 U VLAN2 T VLAN3 T VLAN1 U VLAN4 Router Interfaces for VLAN2 VLAN3 VLAN4 Slot 1 20 port Layer 2 module Slot 2 20 port Layer 2 module Slot 3 12 port Multilayer Module Slot 4 A B ...

Page 288: ...2 VID 20 Ports 1 10 21 22 Tagging none front panel ports backplane port 21 22 VLAN2 VLAN Index 2 VID 20 Ports 1 5 21 22 Tagging none front panel ports backplane port 21 22 VLAN2 VLAN Index 2 VID 20 Port 13 Protocol type IP No Layer 3 address Tagging 802 1Q backplane port 13 IP interface 150 10 2 12 VLAN2 VLAN Index 2 VID 20 Ports 1 5 9 Tagging none port 1 5 Tagging 802 1Q port 13 VLAN3 VLAN Index ...

Page 289: ...LAN defined on a port the VLAN is treated as an ordinary IP protocol based VLAN and network based information is ignored When they are overlapped network based VLAN interfaces take precedence over protocol based and port based VLAN interfaces You can define only one IP routing interface for a network based VLAN When you define an IP routing interface with the interface type vlan the system will no...

Page 290: ...ith Layer 3 address 22 2 2 0 on the Multilayer Switching Module in slot 3 The IP routing interface for IP VLAN 2 22 2 2 10 on the Multilayer Switching Module in slot 3 is on the same subnet as the IP routing interface that is defined for VLAN2 on the Multilayer Switching Module in slot 5 22 2 2 20 VLAN3 a protocol based VLAN for IPX 802 3 on the Multilayer Switching Module in slot 3 The IPX routin...

Page 291: ...ged port Switch Fabric Module VLAN2 IP VLAN for 22 2 2 0 network VLAN3 IPX network 1 VLAN4 IP VLAN for 44 4 4 0 network 12 port Multilayer Module Switch 4007 Chassis Port 9 Port 13 Port 17 Port 13 Slot 3 12 port Multilayer Module Slot 5 T VLAN2 IP T VLAN3 IPX T VLAN2 IP T VLAN3 IPX ...

Page 292: ... VID 20 Ports 9 17 Tagging 802 1Q fabric ports 9 17 VLAN3 VLAN Index 3 VID 30 Ports 6 12 13 Protocol type IPX 802 3 Tagging none ports 6 12 Tagging 802 1Q backplane port 13 IPX routing interface defined for IPX network 1 VLAN3 VLAN Index 3 VID 30 Port 13 Protocol type IPX 802 3 Tagging 802 1Q backplane port 13 Router interface defined for same IPX network 1 VLAN3 VLAN Index 3 VID 30 Ports 9 17 Tag...

Page 293: ...AN for routing you can configure your module to ignore the STP blocking mode for that VLAN This setting avoids disruptions to routing connectivity based on the STP state To disable STP blocking on a per port basis with allOpen or allClosed VLANs use the bridging option bridge port stpState on the Administration Console See the Chapter 9 for bridging information Ignore STP mode affects bridging as ...

Page 294: ...Multilayer Switching Module Figure 22 Ignore STP Mode Switch Fabric Module VLAN2 IP VLAN for 22 2 2 0 network VLAN3 IP VLAN for 33 3 3 0 network VLAN4 IP VLAN for 44 4 4 0 network 12 port Multilayer Module Switch 4007 Chassis Port 9 Port 13 Port 17 Port 13 Slot 3 12 port Multilayer Module Slot 5 Path through default VLAN Path through front panel ports in VLAN2 Ignore STP mode enabled A B ...

Page 295: ... the VLAN to which an incoming frame belongs The frame is assigned to the VLAN that has the most specific match The system uses this protocol match hierarchy to find the most specific match The ingress rules use the following hierarchy to determine the most specific match 1 IEEE 802 1Q tag VID value 2 For Multilayer Switching Modules a specific protocol match for example IP IPX or AppleTalk 3 The ...

Page 296: ...hat matches both the frame s VID and protocol type Yes No Yes No No Yes No Yes No Yes Receive port is untagged in a VLAN that matches the frame sprotocol type frame tagged with a VID A VLAN is defined that matches both the frame s VID and protocol type VLAN mode is allOpen Assign frame to null VLAN Assign frame to matched VLAN Assign frame to null VLAN Assign frame to matched VLAN To Egress rules ...

Page 297: ...red VLANs if The VID of the frame matches that of a VLAN and The protocol type of the frame matches that of the same VLAN The frame is assigned to the null VLAN It can still be forwarded untagged if the destination address of the frame is associated with another port in the bridge address table allClosed The tagged frame is assigned to one of the configured VLANs if The receive port is in a VLAN w...

Page 298: ...destination address is received then it is flooded that is forwarded to all ports on the VLAN that is associated with the frame except the port on which it was received See Examples of Flooding and Forwarding Decisions later in this chapter If the frame s destination address matches a MAC address of one of the bridge s ports or it matches an appropriate multicast address such as STP if STP is enab...

Page 299: ...AN If the frame is assigned to a specific VLAN but the transmit port is not part of this VLAN Examples of Flooding and Forwarding Decisions This section provides several examples of flooding and forwarding decisions Example 1 Flooding Decisions for Protocol based VLANs Table 58 lists how flooding decisions are made according to three VLANs that are set up by protocol assuming a 12 port configurati...

Page 300: ...ut this VLAN is not available to the network administrator Also this VLAN has no VID associated with it and has no IEEE 802 1Q tagging on any of the ports Incoming IP frames are assigned to this VLAN if they cannot be assigned to any of the network based IP VLANs The following IP protocols are applicable to network based VLANs IP hexadecimal 0800 or 0x0800 ARP 0x0806 RARP is 0x8035 Table 59 VLAN E...

Page 301: ...0 0 0 0 Otherwise assign to the network based IP VLAN if the IP source address is consistent with the VLAN subnetwork Otherwise assign to the All IP Subnets VLAN RARP frames These frames are assigned to the All IP Subnets Multicast VLAN Example 3 Decisions for One Network based VLAN Table 60 lists the information for one network based IP VLAN and how forwarding and flooding decisions are made for ...

Page 302: ...ult VLAN is intact those ports come under jurisdiction of the Default VLAN unspecified protocol type and no explicit or implicit tagging Verify that each bridge port is associated with at least one VLAN in order to handle traffic If you modify the Default VLAN to remove certain ports verify that those ports are included in another VLAN If the VLAN is in allClosed mode those ports are not able to p...

Page 303: ... of these conditions When the VLANs are defined for the same protocol type or the type unspecified for port based VLANs but do not have any overlapping ports for example an IP VLAN1 with ports 1 6 and IP VLAN2 with ports 7 12 If the VLANs are explicitly defined for different protocol types but may have overlapping ports for example an IP VLAN and an IPX VLAN that both use ports 2 4 ...

Page 304: ...304 CHAPTER 14 VIRTUAL LANS VLANS ...

Page 305: ...its to Filter Size Using Port Groups in Custom Packet Filters Port Group Management and Control Functions Long Custom Filter Example Packet filtering is supported on Multilayer Switching Modules only You can control and manage packet filters in either of these ways From the bridge packetFilter menu of the Administration Console See the Switch 4007 Command Reference Guide You can use the Administra...

Page 306: ...et Fast Ethernet Fiber Distributed Data Interface FDDI or Gigabit Ethernet frames by the destination address source address type length or any attribute within the first 64 bytes Keep in mind that the offsets may differ between FDDI and Ethernet packets so the same filter may not work on all interfaces Ethernet and FDDI packet fields are shown in Figure 24 You can only filter Layer 2 traffic not L...

Page 307: ... Output Packet Filtering Transmit Path Output packet filtering applies to packets after they have been through the switch s internal forward processing transmit path Internal Packet Filtering Receive Internal Path Internal packet filtering applies to packets intended for the switch itself such as pings Telnet packets and so forth on the receive internal path Destination Address 6 octets Source Add...

Page 308: ... in Table 61 Table 61 Packet Processing Paths Path Description Transmit all txA All frames that are transmitted to the segment that is connected to the port Transmit multicast txM All multicast including broadcast frames that are transmitted to the segment connected to the port Receive all rxA All frames that are received by the port from the segment that is connected to the port Receive multicast...

Page 309: ...e and software filters that are supplied with the Filter Builder application Filter Builder provides one standard filter that is executed by the hardware the others are custom filters that are executed in software See Table 63 later in this chapter Port Groups A collection of ports that you can reference in a packet filter You create port groups from the Administration Console You can specify diff...

Page 310: ...ently use custom filters only on ports and paths that need them Processing too many frames in software can affect performance on the ports where custom filters are assigned If you are trying to filter a certain type of broadcast or multicast packet assign the filter to either the TxM or the RxM paths allowing only unicast traffic to bypass the filter Each packet processing path on a port may have ...

Page 311: ...eference Guide Listing packet filters You can list the packet filters that are defined for the module The display includes the filter identification filter name if any and filter assignments Use the bridge packetfilter list command Displaying packet filters When you display the contents of a single packet filter you select the packet filter using the filter id number that you see when you list the...

Page 312: ... it the packet filter definition is converted into the internal format that is used by the packet filter code Use the EME s download command to transfer the filter to the Switch 4007 then the bridge packetfilter load command to transfer it from the EME to the Multilayer Switching Module Assigning packet filters When you assign a packet filter to one or more ports you must select the ports and a pr...

Page 313: ...dministration Console The built in text editor provides a minimal set of EMACS style editing functions that you can use to edit a packet filter definition one line at a time A single line is limited to no more than 79 characters The number of lines is limited only by available memory Because the built in editor is deliberately limited in scope this method is most suited to making small temporary c...

Page 314: ...d shifts the remainder of the line left one position Delete Current Character Ctrl d Deletes a single character under the cursor and shifts the remainder of the line left one position Delete Line Ctrl k Deletes the remainder of the line from the current cursor position If the cursor is positioned over the first character all of the characters on the line are deleted but the line is retained A seco...

Page 315: ...o the Switch 4007 are not supported in Release 3 0 This includes automatic filter downloads defining port groups and assigning filters to ports port groups and paths on the switch Instead connect to the switch manually to perform these functions through the Administration Console as described in the Packet Filters chapter of the Command Reference Guide With Filter Builder you can implement custom ...

Page 316: ...le filter use this interface Create or Edit Filter window If you are familiar with the packet filtering or to create a complex filter use this interface For more information on the Filter Builder tool see the Web Management User Guide and the Filter Builder s Help system Table 63 Predefined Filter Builder Packet Filters Filter Name Type Filtering Function Implemented fddiforwardip Custom Forwards ...

Page 317: ...message is displayed and the transfer is aborted If you download a filter file and then do not perform the second part of the process to store the filter the filter file will be lost upon reset of the module The filter is stored in a buffer on the module and not in NVRAM until it is loaded It is not saved when a module is reset Setting Up Your Environment Before you attempt to load a Filter Builde...

Page 318: ... to eme 000000289 Downloading file from eme to module 6 1 000000289 File transfer completed successfully The predefined filters that come with Filter Builder are found in the 3Com Filterbuilder Filters directory which is the default directory for Filter Builder when installed from WebManage exe 3 Connect to the module For example CB9000 connect 6 1 4 At the module prompt load the filter For exampl...

Page 319: ...finition Comments are stripped When assigned to a port the packet filter is converted from the stored format to a run time format to optimize the performance of the filter Each module is limited to a maximum of 16 packet filter programs How the Packet Filter Language Works A program in the packet filter language typically consists of a series of one or more instructions that results in the top of ...

Page 320: ... expected by the instruction Any mismatch in implicit operand size results in an error operand size mismatch when you load the program into the system When you write a packet filter be sure that you use comments preceded by to describe each step in the filter This habit helps you to revise filters and enables others to understand and use the filters you create To write a packet filter follow these...

Page 321: ...following the first outside a quoted string are ignored so use the to begin your comments Comments are not stored in the system they are useful when the filter is created and saved externally Operand sizes The following operand sizes are supported 1 byte b 2 bytes w 4 bytes l 6 bytes a Included primarily for use with 48 bit IEEE globally assigned MAC addresses Maximum length The maximum length for...

Page 322: ... Requirements Description name name 2 n bytes where n is the length of the name Assigns a user defined name to the packet filter The name may be any sequence of ASCII characters other than quotation marks The name is limited to 32 characters You can include only a single name statement in each packet filter program pushField size offset 3 bytes Pushes a field from the target packet onto the stack ...

Page 323: ... f pushTop 1 byte Pushes the current top of the stack onto the stack that is it reads the top of the stack and pushes the value onto the stack which effectively duplicates the item currently on top of the stack The size of the contents of the stack determines the size of the push Use pushTop for each additional comparison you intend to make with the current top of the stack The pushTop instruction...

Page 324: ...f pushTop 1 byte Pushes the current top of the stack onto the stack that is it reads the top of the stack and pushes the value onto the stack which effectively duplicates the item currently on top of the stack The size of the contents of the stack determines the size of the push Use pushTop for each additional comparison you intend to make with the current top of the stack The pushTop instruction ...

Page 325: ... pushLiteral w 0x0806 ne pushSPGM 1 byte Pushes the source port group mask SPGM onto the top of the stack The SPGM is a bitmap representing the groups to which the source port of a packet belongs This instruction pushes 4 bytes on to the stack Each port group mask is represented by a single bit in the SPGM bitmap Port group masks are assigned to the bitmap in sequence starting with port group mask...

Page 326: ...yte containing the non zero value is pushed onto the stack otherwise a byte containing 0 is pushed The size of the operands is determined by the contents of the stack lt less than 1 byte Pops two values from the stack and performs an unsigned comparison If the first is less than the second a byte containing the non zero value is pushed onto the stack otherwise a byte containing 0 is pushed The con...

Page 327: ...sive OR 1 byte Pops two values from the stack and pushes the bit wise exclusive OR of these values back onto the stack The contents of the stack determines the operand size and the result This is a bit wise operator Each bit of the operands is logically compared to produce the resulting bit not 1 byte Pops a byte from the stack if its value is non zero a byte containing 0 is pushed back onto the s...

Page 328: ...nd operand Bits shifted out of the left side of the operand are discarded and zeros are shifted in from the right The resulting value is pushed back onto the stack The contents of the top of the stack determines the size of the first operand and the size of the result The second operand is always 1 byte and only the low 5 bits of the byte are used as the shift count shiftr shift right 1 byte Pops ...

Page 329: ...s best to exit a filter as early as possible If you wait until the last instruction to make the forward or filter decision more processing is needed The accept and reject criteria allow you to exit a filter early When using these instructions construct the packet filter so that tests that apply to the majority of the network traffic are performed first This ensures that the filter is exited after ...

Page 330: ...ect packet and terminate test sequence First test Nonzero result Next test Yes No Name Filter AppleTalk datagrams pushField w 12 Get the type field pushTop Make a copy pushLiteral 0x809b EtherTalk Phase I type eq Test if the packet type is equal to the AppleTalk type reject reject the packet and end Otherwise pushLiteral w 0x5dc Largest 802 3 packet size lt If this value is less than the value in ...

Page 331: ... Stack underflow The opcode requires one or more operands An insufficient number of operands are currently on the stack Stack overflow The opcode pushes an operand on the stack The stack does not have sufficient room for the operand No result found on top of stack The program must end with a byte operand on the top of the stack After the last instruction in the program is executed the stack is eit...

Page 332: ...size 1 2 4 or 6 Missing open quote on string The string specified does not have a starting quotation mark String is too long The string specified is too long Strings are limited to 32 characters exclusive of the opening and closing quotation marks Missing close quote on string The string specified does not have an ending quotation mark Multiple name statements in program More than one name stateme...

Page 333: ...her OUI value change the literal value loaded in the last pushLiteral l instruction The OUI must be padded with an additional 00 to fill out the literal to 4 bytes Length Filter This filter operates on the length field of a frame It allows packets to be forwarded that are less than 400 bytes in length To customize this filter to another length value change the literal value loaded in the pushLiter...

Page 334: ...ield pushLiteral w 0x0800 Load IP type value eq Check for match name Type 900 or Multicast pushField w 12 Get type field pushLiteral w 0x900 Push type value to test against gt Is type field 900 hex reject If yes reject frame done pushLiteral b 0x01 Multicast bit is low order pushField b 0 bit and Get 1 st byte of destination not Isolate multicast bit Top of stack 1 to accept 0 to reject name Forwa...

Page 335: ... XNS Routing Filter This filter operates on the type and data fields of a frame It discards all XNS routing packets name XNS from 08 00 02 pushField w 12 Get type field pushLiteral w 0x0600 Load type value ne Check for mis match reject Toss any non XNS frames pushLiteral l 0xffffff00 Set up mask to isolate first 3 bytes pushField l 6 Get first 4 bytes of source address and Top of stack now has OUI...

Page 336: ...packet filter program requires 1 byte for the opcode and size plus additional bytes for any explicit operands Module overhead is 22 bytes plus a per packet filter overhead of 13 bytes For example assume a packet filter program requires 200 bytes for storing the instructions in the program If this packet filter is the only one loaded the nonvolatile memory required is 22 bytes for module overhead p...

Page 337: ...ed to ports in groups 3 and 8 Port Group Filter Operation When an address is learned on a port the address and the port number the packet was received on are inserted into the bridge address table and a bit mask that is associated with the address that denotes the group membership is inserted into the port group mask table The bridge address table stores each SA DA MAC address with the port number...

Page 338: ... port mask of the destination port respectively You can use these commands to verify if the source and destination addresses of the packets are members of the same port group to implement your filtering algorithm A frame is received unicast multicast broadcast on the source port The source port group mask SPGM is found in the table of port group masks using the received port as the index The desti...

Page 339: ...are in port group 2 and the rxAll path filter is applied to 1 5 then the appropriate filtering restricts the flooding to the corresponding port group Table 68 and Table 69 show how each port pair filters or does not filter a broadcast frame that is received on port 1 and destined for ports 2 3 4 5 The result is that the frame is flooded to ports 2 3 and the frame is filtered from ports 4 5 Table 6...

Page 340: ...ting groups You can list the port groups currently defined on the module The group id group name if any group mask and the slots where the group is loaded are displayed Displaying groups The display of a port group shows the group id the name of the group and all the addresses or ports included in that group Deleting groups When you delete port groups from a module those groups are no longer avail...

Page 341: ...ilter built from three simple packet filters Each of the shorter simpler packet filters can be used on its own to accomplish its own task Combined these filters create a solution for a larger filtering problem Filtering Problem Your network contains market data feed servers that receive time critical financial data needed for trading floor applications At the center of the trading floor networks i...

Page 342: ...e socket value is located 24 bytes into the packet in IP datagrams and 30 bytes into the packet in XNS datagrams You can use this information to create pseudocode that simplifies the process of writing the actual filter It helps to first write the pseudocode in outline form as shown here 1 Determine if the packet has a broadcast address 2 Determine if the packet is an XNS datagram 3 Examine socket...

Page 343: ...bound and and together with ge and lt test to determine if the socket value is within the range If it is place a one on the stack and Compare if XNS in range IP FILTERING SECTION pushField w 12 Get the type field of the packet and place it on top of the stack pushLiteral w 0x0800 Put the type value for IP on top of the stack eq If the two values on the top of the stack are equal then return a non ...

Page 344: ...filter Name Forward only XNS packets It is important to distinguish the function of each filter when it is loaded onto a system that has more than one filter stored in memory Naming is also useful for archiving filters on a remote system so that the filters can be saved and loaded on one or more systems 2 Enter executable instruction 1 pushField a 0 Clear the stack 3 Enter executable instruction 2...

Page 345: ...er executable instruction 7 eq If the two values on the top of the stack are equal then return a non zero value This returns non zero for XNS broadcast frames Packet Filter Two This filter is designed to accept packets within the socket range of 0x76c and 0x898 When combined with Filter One above it forwards XNS packets Follow these steps to create this filter 1 Name the filter Name Socket range f...

Page 346: ... determine if the socket value is within the range If it is place a non zero value on the stack Combining a Subset of the Filters The next filter places a non zero value on the stack for IP packets with a socket range of 0x76c 1900 and 0x898 2200 The filter combines packet filters one and two modifying them for IP These steps show how to create this filter 1 Name the filter name Only IP pkts w in ...

Page 347: ...bed earlier in Combining a Subset of the Filters Name Only IP pkts w in socket range pushField w 12 Get the type field of the packet and place it on top of the stack pushLiteral w 0x0800 Put the type value for IP on top of the stack eq If the two values on the top of the stack are equal then return a non zero value pushLiteral w 0x76c Put the lowest socket value on top of the stack 1900 pushField ...

Page 348: ... not discard if IP in range or XNS in range The complete packet filter discards IP and XNS packets that are within the specified range Optimizing the Filter with Accept and Reject Commands The following combination filter performs the same function but uses the accept reject and pushTop commands to exit the filter as soon as possible to save processing time ...

Page 349: ... the stack lt Compare if the value of the socket is less than the upper bound and and together with ge and lt test to determine if the socket value is within the range If it is place a one on the stack and Compare if XNS in range reject reject if XNS and in range IP FILTERING SECTION The type field of the packet was place on top of the stack by the PushTop command pushLiteral w 0x0800 Put the type...

Page 350: ...350 CHAPTER 15 PACKET FILTERING ...

Page 351: ...Internet Control Message Protocol ICMP ICMP Redirect Broadcast Address Directed Broadcast Routing Information Protocol RIP Routing Policies Domain Name System DNS User Datagram Protocol UDP Helper Standards Protocols and Related Reading For information about how to perform IP multicast routing see Chapter 18 For information about Open Shortest Path First OSPF see Chapter 19 The management interfac...

Page 352: ...to a slot that houses a Multilayer Switching Module From the IP folder of the Web Management software See the Switch 4007 Getting Started Guide Routing Overview Routing distributes packets over potentially dissimilar networks A router is the device that accomplishes this task Your module as a Layer 3 device can act as a router Routers typically Connect enterprise networks Connect subnetworks or cl...

Page 353: ...ding connectivity between devices within a workgroup department or building Figure 27 Typical Routing Architecture Layer 2 switch Layer 2 switch Layer 2 switch Layer 2 switch Router Gigabit Ethernet Router Router Layer 2 switch Sales Engineering Marketing Connecting enterprise networks Connecting enterprise networks L3 L3 L3 L3 L2 L2 L2 L2 L2 ...

Page 354: ...ubnetworked subnetted environments When you put your system into such a network the system streamlines your network architecture by routing traffic between subnetworks and switching within subnetworks See Figure 28 Figure 28 Subnetwork Routing Architecture Router Gigabit Ethernet Router Sales Engineering Marketing L3 L3 L3 ...

Page 355: ...ng and Routing Models Your module implements routing differently from the way bridges and routers usually coexist Traditionally network systems first try to route packets that belong to recognized protocols all other packets are bridged In the 3Com model the Multilayer Switching Module first tries to determine if the frame is to be switched or routed If the destination MAC address is not an intern...

Page 356: ...is case the host sends an ARP request for its default gateway MAC address then transmits the packet using the MAC address of the default gateway Figure 30 illustrates bridging on a 3Com Multilayer Switching Module 1 The packet enters the module 2 The bridging layer examines the destination MAC address of the packet The destination MAC address does not correspond to the MAC address of one of the mo...

Page 357: ... associated with the port where the packet was received 4 The routing layer a Selects a destination interface based on the destination network address b Determines the MAC address of the next hop either the destination host or another gateway c Passes the packet back to the bridging layer 5 The bridging layer then selects a segment port based on the destination MAC address and forwards the packet ...

Page 358: ...an IP router sends a packet it does not know the complete path to a destination only the next hop the next device on the path to the destination Each hop involves three steps 1 The IP routing algorithm computes the next hop IP address and the next router interface using routing table entries 2 The Address Resolution Protocol ARP translates the next hop IP address into a physical MAC address 3 The ...

Page 359: ...the importance and the type of traffic on your network Resiliency If a router in the network goes down the other routers update their routing tables to compensate for this occurrence in a typical case there is no need for you to manually intervene Key Concepts IP routers use the following elements to transmit packets Multiple IP Interfaces per VLAN Media Access Control MAC addresses Network layer ...

Page 360: ...ical hardware address On a LAN the MAC address is the unique hardware number of your device The MAC address on an Ethernet LAN is the same as your Ethernet address Network Layer Address The network layer address refers to a logical address that applies to a specific protocol A network layer address exists at Layer 3 of the OSI reference model IP Addresses IP addresses are 32 bit addresses that con...

Page 361: ...classes of IP addresses are A B and C Class A address Uses 8 bits for the network part and 24 bits for the host part Although only a few Class A networks can be created each can contain a very large number of hosts Class B address Uses 16 bits for the network part and 16 bits for the host part Class C address Uses 24 bits for the network part and 8 bits for the host part Each Class C network can c...

Page 362: ...subnet mask indicate the host part of the IP address as shown in Figure 35 Figure 35 Subnet Masking Figure 36 shows an example of an IP address that includes network subnetwork and host parts Suppose the IP address is 158 101 230 52 with a subnet mask of 255 255 255 0 Since this is a Class B address this address is divided as follows 158 101 is the network part 230 is the subnetwork part 52 is the...

Page 363: ...remaining 4 bits Because the octets are actually binary numbers the number of subnetworks that are possible with this mask is 4 096 212 and the number of hosts that are possible in each subnetwork is 16 24 Subnet Mask Numbering An alternate method to represent the subnet mask numbers is based on the number of bits that signify the network portion of the mask Many Internet Service Providers ISPs no...

Page 364: ...s but not use them With VLSMs you can assign another subnet mask for instance 27 to the same IP address So you can assign a longer subnet mask that consequently uses fewer host IP addresses As a result routing tables are smaller and more efficient This method of further subdividing addresses using VLSMs is being used increasingly more as networks grow in size and number However be aware that this ...

Page 365: ... address of the packet See RFCs 1219 and 1878 for information about understanding and using VLSMs Router Interfaces A router interface connects the router to a subnetwork On your Multilayer Switching Module more than one port can connect to the same subnetwork Each router interface has an IP address and a subnet mask This router interface address defines both the number of the network to which the...

Page 366: ...l number depends upon what other protocols are being routed A router or host uses the routing table when the destination IP address of the packet is not on a network or subnetwork to which it is directly connected The routing table provides the IP address of a router that can forward the packet toward its destination The routing table consists of the following elements Destination IP address The d...

Page 367: ... Because static routes do not automatically change in response to network topology changes manually configure only a small number of reasonably stable routes Static routes do not time out but they can be learned Dynamically Routers use a protocol such as RIP or OSPF to automatically exchange routing data and to configure their routing tables dynamically Routes are recalculated at regular intervals...

Page 368: ... switch They are Port based routing routing versus bridging The module first tries to route packets that belong to recognized protocols and all other packets are bridged When you configure a port based IP interface the port ignores the spanning tree state even if the port state is set to blocking VLAN based routing routing over bridging The module first tries to determine if the frame will be swit...

Page 369: ...ting To route network traffic using IP you must perform these tasks in the following order 1 Configure Trunks Optional 2 Configure IP VLANs 3 Establish Your IP Interfaces 4 Enable IP Routing Configure Trunks Optional Trunks also known as aggregated links work at Layer 2 and allow you to combine multiple Fast Ethernet or Gigabit Ethernet into a single high speed link between two switches If you int...

Page 370: ... IP Interfaces To establish an IP interface 1 Determine your interface parameters 2 Define the IP interfaces Interface Parameters Each IP routing interface has these standard characteristics IP address An address from the range of addresses that the Internet Engineering Task Force IETF assigns to your organization This address is specific to your network and Multilayer Switching Module Subnet mask...

Page 371: ...eb Management Console to set up IP interfaces see the Switch 4007 Getting Started Guide Defining an IP Interface After you determine the VLAN index IP address and subnet mask for each IP interface you can define each interface Use the Administration Console or the Web Management Console to define an IP interface Remember that you must define a VLAN and select IP as a protocol that the VLAN support...

Page 372: ...ry You may want to use the default route in place of routes to numerous destinations that all have the same gateway IP address If you do not use a default route ICMP is more likely to return an address not found error Before you can define static routes you must define at least one IP interface See Defining an IP Interface earlier in this chapter for more information Remember the following guideli...

Page 373: ...e 39 Figure 39 Example of an ARP Cache If the IP address does not have a corresponding MAC address the host or router broadcasts an ARP request packet to all the devices on the network The ARP request contains information about the target and source addresses for the protocol IP addresses See Figure 40 Figure 40 Example of an ARP Request Packet When devices on the network receive this packet they ...

Page 374: ... cache For example some applications do not respond to ARP requests and consequently specific network operations may time out for lack of address resolution Enter a static ARP entry in a test environment if your test analyzer cannot respond to an ARP request Setting an ARP cache age time of zero no aging is useful in the middle of lengthy tests so that ARP requests do not have to be issued If you ...

Page 375: ...issues with ARP proxy Do not use ARP proxy if you are using VLSMs because ARP proxy works by seeing the entire network configuration as one network ARP proxy increases ARP traffic to handle the increased mapping of IP addresses to MAC addresses Example In the following example Server A cannot use the router as a gateway to Server B if ARP proxy is disabled because Server A has its subnet mask set ...

Page 376: ...rs do not have a route to the destination network To help routers and hosts discover problems in packet transmission a mechanism called Internet Control Message Protocol ICMP reports errors back to the source when routing problems occur With ICMP you can determine whether a delivery failure resulted from a local or a remote problem Server A Server B 158 101 1 2 255 255 0 0 158 101 2 1 255 255 0 0 ...

Page 377: ...y is the preferred choice For more information about ICMP Redirect and ICMP Router Discovery see Internet Control Message Protocol ICMP and ICMP Router Discovery later in this chapter ICMP Router Discovery ICMP Router Discovery directs a host to use the router with the highest preference level as the default gateway ICMP does this by enabling hosts that are attached to multicast or broadcast netwo...

Page 378: ...rm Example Figure 43 shows how ICMP can dynamically determine a router to act as the default gateway Figure 43 ICMP Router Discovery See the documentation for your workstation to determine whether you can configure your workstation to use this protocol See RFC 1256 for detailed information about ICMP Router Discovery ICMP Redirect ICMP Redirect adds another layer of intelligence to routing ICMP Re...

Page 379: ...CMP Redirect the hardware routes the frame and no messages are sent back to the sending device At some point however the number of retries associated with less intelligent hardware routing overtake any benefits that are associated with the speedier routing that hardware provides To maximize the effectiveness of ICMP Redirect have ICMP Redirect on the module that is connected to the greatest number...

Page 380: ...u can choose to have your module on a per interface basis enable or disable the forwarding of directed broadcast frames Important Considerations Keep the following points in mind when you use directed broadcast When your module receives a directed broadcast and the destination is different from the interface on which it was received Your module forwards the directed broadcast if directed broadcast...

Page 381: ...Parameters RIP has several parameters to consider when you set up RIP to use in your network When you configure an IP interface the module already has the RIP parameters set to the defaults listed in Table 73 RIP Mode The four available settings for RIP mode are as follows Disabled The Multilayer Switching Module ignores all incoming RIP packets and does not generate any RIP packets of its own Lea...

Page 382: ...umber of hops that the packet needs to get to its destination The RIP cost is a number between 1 and 15 A number higher than 15 is not allowed because RIP cannot negotiate more than 15 hops Most facilities assign a cost of 1 to all interfaces However if you have two links with differing speeds such as a dial up link versus a direct link you may want to raise the cost of the dial up link so that th...

Page 383: ... the same network The module uses this address for sending updates Each interface that you define initially uses the default broadcast address 255 255 255 255 as the advertisement address If you change the broadcast address the address that you specify becomes the new RIP advertisement address Effects and Consequences After you add an advertisement address you cannot subsequently change the broadc...

Page 384: ...sent from and received by the routing table in your module Both RIP and OSPF have routing policy capabilities This section describes the RIP routing policies OSPF routing policies are discussed in Chapter 19 There are two basic types of routing policies Import policies Import policies control what routes are added to the routing table That is the import policies control which routes your module ca...

Page 385: ...e network When a route needs to be added to the routing table 1 The protocol OSPF or RIP that receives the route sends that route to the routing table manager 2 The routing table manager searches the Import policies 3 If the import policy allows the route to be accepted the routing table manager adds the route to the routing table otherwise the route is discarded The router also needs to periodica...

Page 386: ...tric is 0 through 16 hops If you specify 0 the module does not modify the metric if you specify 16 you are specifying that the route is unreachable 16 represents infinity Administrative weight Controls the relative weight of each policy with respect to another policy The range extends from 1 to 16 with 16 taking the greatest precedence Figure 44 IP Routing Policies RIP OSPF Import Export Routing t...

Page 387: ... By adjusting the relative importance of certain policies over others you can exercise great control over the type and amount of traffic to and from your system Implementing RIP Routing Policies RIP routing policies determine which RIP routes can be accepted into the routing table and which RIP and OSPF routes can be advertised RIP Metric Adjustments You can use the following arithmetic operators ...

Page 388: ...nterfaces with or without metric adjustments all all routers Specified route mask accept Accept specified route on specified interfaces with or without metric adjustments all all accept Accept all routes on specified interfaces with or without metric adjustments Specified router Specified route mask reject Reject specified route from specified router on specified interfaces Metrics do not apply be...

Page 389: ...olicy that matches the origin protocol The policy with the lowest index Table 76 RIP Export Policy Conditions Protocol Source Router Route Action Description RIP OSPF static Specified router or all routers Specified route mask accept Advertise RIP OSPF static specified route from specified source router on specified interfaces with or without metric adjustments RIP OSPF static Specified router or ...

Page 390: ...a that RIP uses to convert a routing table metric into one that RIP understands 4 Establish a policy to report OSPF routes so that the metrics that are reported with these routes are imported into RIP without being changed Effects and Consequences Consider the following points when you use routing policies Configure the administrative weight setting carefully because this setting has the highest p...

Page 391: ...of hops for the route Administrative weight The level of importance of this policy 1 is low priority 16 is high priority The policy takes effect on the selected interfaces only if the origin protocol matches the protocol that is enabled for the selected interfaces Sketch out a topology of your routers and the proposed routing policies of each to get an understanding of how the routers work togethe...

Page 392: ...the associated IP address You can resolve an IP address to a host name or a host name to an IP address on a name server Enter either the host name or the IP address the DNS client displays the pair Important Considerations When you set up DNS servers on your LAN remember the following Always set up more than one DNS name server a primary and secondary server so that the lookup service does not hav...

Page 393: ...3Com implements a generic UDP Helper agent in the module that can apply to any UDP port Implementing UDP Helper You have to set the following UDP Helper parameters UDP port number A logical address not a port interface on your module BOOTP including DHCP uses UDP port 67 IP forwarding address The IP address to which the packets are forwarded You can have up to 63 combinations of port numbers and I...

Page 394: ...network Sequential The module assigns each overlapped IP interface in turn as the source network for forwarded packets You can view the UDP Helper configuration when you configure the forwarding address Important Considerations Consider the following points when you use UDP Helper The maximum BOOTP hop count how many steps the module uses to forward a packet through the router is 16 the default ho...

Page 395: ...Messages RFC 1058 RIP RFC 1723 RIP Version 2 RFC 1786 IP Routing Policies RFC 2400 Internet Official Protocol Standards You can obtain RFCs from the Internet using the following URL http sunsite auc dk RFC Standards Organizations Standards organizations ensure interoperability create reports and recommend solutions for communications technology The most important standards groups are International...

Page 396: ... the following books High Speed Networks TCP IP and ATM Design Principles William Stallings Prentice Hall 1998 Local Area Networks Architectures and Implementations James Martin Prentice Hall 1994 Internetworking with TCP IP Principles Protocols and Architecture Douglas Comer Prentice Hall 1995 ...

Page 397: ...tocols and Related Reading Before you implement VRRP be sure that you have a good understanding of how IP networks function See Chapter 16 for more information about IP networks Also be sure to read this chapter thoroughly before you set up VRRP on your network After you log in to the system and connect to a slot that houses a Multilayer Switching Module you can manage VRRP in these ways From the ...

Page 398: ... host address providing that the destination resides on the same subnet as the sending device If the destination address resides on a non local subnet then the sending device must use one of the following methods to learn the route to the remote network Routing Protocols ICMP Router Discovery Static Route Default Gateway Routing Protocols Routing protocols provide dynamic updates to end stations i...

Page 399: ...tore connectivity even if there are alternate paths available VRRP addresses this drawback by defining an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN The election process automatically detects a failure of the primary Master router and transfers all traffic forwarding to the backup router All of this is done without your interv...

Page 400: ...assumes all forwarding responsibilities on behalf of Router A This transfer of forwarding responsibilities allows the workstation to have continued access across the WAN to the server Key Concepts This section contains some VRRP definitions that you should know before reading further VRRP router A router running the VRRP protocol A VRRP router can Act as a Master router with actual addresses on a ...

Page 401: ...which a virtual router is defined but not enabled A virtual router is also in the initialize state when its associated interface is not operational How VRRP Works When you assign Master router responsibilities to one of the virtual routers on the LAN the Master controls the IP addresses associated with a virtual router The Master router forwards the IP packets sent to the IP addresses it controls ...

Page 402: ... assuming primary router responsibilities becomes the single point of failure See Figure 46 for an example of a network topology that Allows all routers on the LAN to be backed up by more than one virtual router Allows hosts on any subnetwork to reach destinations on any other subnetwork in the extended network Figure 46 Multiple Virtual Routers Backing Up Each Other The parallel design in Figure ...

Page 403: ...e a different view of the topology than others a backup router failure is more likely with the resultant loss of some or all end hosts connection to the network Important Considerations This section provides information to be aware of when you implement VRRP The Master router forwards the IP addresses that you have associated with the primary virtual router and Responds to ARP requests for the IP ...

Page 404: ...mented Good network design is critical in ensuring the success of router redundancy The virtual routers must be on the same VLAN VRRP supports Proxy ARP the virtual router uses the virtual router MAC address in Proxy ARP replies VRRP supports Fiber Distributed Data Interface FDDI and Ethernet Consider using VRRP in conjunction with port based routing to provide router redundancy on your campus bac...

Page 405: ... RIP 2 and OSPF have their own facilities to track routes across networks You can continue to use these protocols with VRRP routers but on any given subnetwork you must configure the same routing protocols with the same parameters Figure 47 shows how in a parallel routing environment OSPF is configured on each interface in the 99 99 1 0 subnetwork and RIP 2 is configured on each interface in the 9...

Page 406: ...outer called the Querier always has the lowest IP address in the subnetwork If the Querier goes down another router can be designated to take its place The fewer routers that you have designated as possible Queriers the more efficient the handover is Be aware that if you introduce a parallel router topology to take advantage of VRRP you can introduce a topology that is not optimal for IGMP operati...

Page 407: ...rol traffic on your network you must apply the same rate limits to all virtual routers on the LAN Master as well as Backups Failure to match routing policies among all virtual routers on the LAN could for example leave some routing destinations unreachable Dynamic Host Configuration Protocol DHCP Consider using VRRP if your network uses the Dynamic Host Configuration Protocol DHCP DHCP provides fo...

Page 408: ...Switching Modules route traffic between locally attached and externally attached hosts using their respective internal and external LANs To provide router redundancy for traffic flow between locally and externally attached end stations this topology requires two virtual routers to be configured LAN1 the Primary router on the backplane port of BA2 with the Backup router on the backplane port of BA1...

Page 409: ...2 2 52 33 3 52 IP Addrs 44 4 53 17 55 5 53 17 VRRP vid 52 primary for subnets 22 2 52 33 3 52 LAN 1 All IP Addresses are submitted to a Class C with a mask of 255 255 255 0 1 3 4 2 Default VLAN on these ports Protocol VLAN Protocol IP configured on this port VRRP configured on this port IP 22 2 52 1 Gateway 22 2 52 16 1 IP 33 3 52 2 Gateway 33 3 52 16 2 IP 44 4 53 3 Gateway 44 4 53 16 3 IP 55 5 53...

Page 410: ...rt of BA2 is configured with a single Protocol IP VLAN with multiple IP interfaces The backplane port of the BA2 is the default gateway for each departmental subnetwork end station The backplane port of the BA2 functions as a one armed router for traffic between departmental end stations on Layer 2 modules The External Switch is populated with departmental end stations on different subnetworks The...

Page 411: ...BA2 front panel port and the External switch goes down The following events occur 1 VRRP switches over to Backup preserving addressability between end stations on LAN2 2 The Master router for LAN2 External Switch becomes the front panel port of the BA1 3 The Master router for LAN1 the switch fabric module remains the backplane port of the BA2 However successful recovery of operations depends upon ...

Page 412: ...routing table for the backplane port router of BA2 shows 22 2 52 17 as the next hop for the subnetworks 44 4 53 55 5 53 The backplane port of BA1 is still the Backup VRRP router and the backplane port of BA2 is still the Master VRRP router for locally attached end stations VRRP VID 52 Traffic flow between end station 1 and end station 2 progresses in the following manner VRRP with a Single Virtual...

Page 413: ... 2 52 17 33 3 52 17 44 4 53 17 55 5 53 17 VRRP vid 52 backup for subnets 22 2 52 33 3 52 44 4 53 55 5 53 Trunked Link IP Addr 22 2 52 16 33 3 52 16 44 4 53 16 55 5 53 16 VRRP vid 52 primary for subnets 22 2 52 33 3 52 44 4 53 55 5 53 LAN Switch 4007 CA3 CA4 BA2 All IP Addresses are submitted to a Class C with a mask of 255 255 255 0 1 2 3 4 Default VLAN on these ports Protocol VLAN Protocol IP con...

Page 414: ...n Slot 3 and Router 2 is on the Backplane Port of a 10 Port 100BASE FX Fast Ethernet Layer 3 Switching Module in Slot 5 This involves two general tasks Configuring Router 1 as the Master Router Configuring Router 2 as the Backup Router Configuring Router 1 as the Master Router Configuring Router 1 as the Master router as shown in Figure 48 involves the following tasks Configuring the Protocol IP V...

Page 415: ...X II IPX 802 2 IPX 802 3 IPX 802 2 SNAP ip Enter protocol suite q to quit IPX Apple XNS DECnet SNA Vines X25 NetBEUI IPX II IPX 802 2 IPX 802 3 IPX 802 2 SNAP q Configure layer 3 address n y y n Configure per port tagging n y y n Enter VLAN Name vlan 2 CB9000 slot3 1 12 E FEN TX L3 bridge vlan summary all VLAN summary VLAN Mode allOpen VLAN aware mode allPorts Index VID Type Origin 1 1 open static...

Page 416: ...ubnet mask 255 0 0 0 255 255 255 0 Enter interface type vlan port vlan vlan Enter VLAN interface index 2 2 2 CB9000 slot3 1 12 E FEN TX L3 ip int def 55 5 5 1 255 255 255 0 vlan 2 CB9000 slot3 1 12 E FEN TX L3 ip interface summary all IP routing is disabled Index IP address Subnet mask State Type ID 1 44 4 4 1 255 255 255 0 Up VLAN 2 2 55 5 5 1 255 255 255 0 Up VLAN 2 ...

Page 417: ... VRID 1 255 1 52 Enter address mode auto learn IP address auto learn auto Enter primary IP Address index 1 2 1 1 Enter the advertise interval in sec 1 255 1 1 Enter Authentication Type none pass pass none CB9000 slot3 1 12 E FEN TX L3 ip vrrp mode Enter VLAN interface index 2 2 2 Enter virtual router ID 52 52 52 Vrid 52 Enter virtual router mode enabled disabled disabled enable CB9000 slot3 1 12 E...

Page 418: ...UI unspecified IPX II IPX 802 2 IPX 802 3 IPX 802 2 SNAP ip Enter protocol suite q to quit IPX Apple XNS DECnet SNA Vines X25 NetBEUI IPX II IPX 802 2 IPX 802 3 IPX 802 2 SNAP q Configure layer 3 address n y y n Configure per port tagging n y y n Enter VLAN Name vlan 2 CB9000 slot5 1 10 E FEN FX L3 bridge vlan summary all VLAN summary VLAN Mode allOpen VLAN aware mode allPorts Index VID Type Origi...

Page 419: ...ine 44 4 4 2 255 255 255 0 vlan 2 CB9000 slot5 1 10 E FEN FX L3 ip int define 55 5 5 2 255 255 255 0 vlan 2 CB9000 slot5 1 10 E FEN FX L3 ip int summary all IP routing is disabled Index IP address Subnet mask State Type ID 1 44 4 4 2 255 255 255 0 Up VLAN 2 2 55 5 5 2 255 255 255 0 Up VLAN 2 ...

Page 420: ... 2 Enter VRID 1 255 1 52 Enter address mode auto learn IP address auto learn auto Enter primary IP Address index 1 2 1 1 Enter backup virtual router priority 1 254 100 100 Enter the advertise interval in sec 1 255 1 1 Enter virtual router preempt mode no yes yes yes Enter Authentication Type none pass pass none CB9000 slot5 1 10 E FEN FX L3 ip vrrp mode 2 52 enable CB9000 slot5 1 10 E FEN FX L3 ip...

Page 421: ...3 disable CB9000 slot5 1 10 E FEN FX L3 ip vrrp detail all all VLAN Index 2 Ports 11 VRID State Interval Pri Preempt Mode Auth Password AddrMode Error 52 Master 1 sec 100 yes enable none N A learn none Address PrimaryIpAddr MasterIpAddr 44 4 4 1 44 4 4 2 44 4 4 2 55 5 5 1 Virtual Router statistics becomeMaster advertReceived advIntErrors 1 61 0 ...

Page 422: ...WW site http www ietf cnri reston va us rfc rfc2338 txt The Internet Assigned Numbers Authority IANA assigns and maintains lists of all assigned numbers used for operation of the Internet protocol type Ethernet codes PPP codes IP port numbers ICMP parameters IP Multicast addresses HTTP parameters IEEE 802 numbers and so forth The Directory of General Assigned Numbers can be found at the following ...

Page 423: ...uring IGMP Options Configuring DVMRP Interfaces Configuring DVMRP Tunnels Configuring DVMRP Default Routes Viewing the DVMRP Routing Table Viewing the DVMRP Cache Using IP Multicast Traceroute Standards Protocols and Related Reading You can manage IP multicast routing parameters from the ip multicast menu in the Administration Console of Multilayer Switching Modules See the Switch 4007 Command Ref...

Page 424: ...entire subnetwork for example Broadcast transmissions produce one to many communication but some of the receivers may not want or need to receive the communication Multicast Model A multicast address is used for one to many and many to many communication in an environment where users and network devices either explicitly or implicitly communicate their desire to receive the communication In contra...

Page 425: ... network infrastructures to support IP multicast When the application content is time sensitive or requires significant bandwidth for example a video stream the IP multicast process provides an efficient delivery mechanism The business benefits of using IP multicast are that it Enables the simultaneous delivery of information to many receivers in the most efficient logical way Vastly reduces the l...

Page 426: ...transmissions fundamentally depend on multicast enabled Layer 3 devices traditional routers or Layer 3 switches hereafter both are called routers to direct packets on an efficient path from sources to destinations As shown in Figure 50 routers that support IP multicast must accomplish two important tasks Communicate with other routers to determine the shortest loopfree delivery path between an IP ...

Page 427: ...t traffic between sources and multicast group members In the event that some routers in your network only transmit unicast packets you can configure a transitional technique called tunneling to extend the service area Tunnels provide a virtual point to point link between two multicast routers where the path between them includes one or more routers that do not support multicast routing unicast rou...

Page 428: ... in an interface a router sends copies of the group traffic to all ports even if only one port of those ports leads to group members This is because the multicast routing protocol does not track exactly where group members reside on that interface The ability to filter IP multicast traffic on ports within a routing interface that do not lead to group members is highly desirable although it is not ...

Page 429: ...can use it to test multicast applications and technology or to connect private multicast LANs Some organizations broadcast public information over the MBONE examples include IETF Internet Engineering Task Force meetings and NASA National Aeronautics and Space Administration United States space shuttle launches Key Concepts This section describes several terms and concepts related to IP multicast r...

Page 430: ...hey need to go Multicast Addresses A multicast packet differs from a unicast packet by the presence of a multicast group address in the destination address field of the IP header IP multicast uses a Class D destination address format which has the high order four bits set to 1 1 1 0 followed by a 28 bit multicast group identifier Registered Groups The Internet Assigned Numbers Authority IANA maint...

Page 431: ...1 00 5E 0A 08 05 To send a multicast packet a source station inserts the Class D address in the IP packet the network interface card maps that address to a IEEE 802 Ethernet multicast MAC address and sends the frame A host that wants to receive packets that are addressed to this group notifies its IP layer as such Table 78 Examples of Class D Permanent Address Assignments Address Meaning 224 0 0 0...

Page 432: ...ges The querier normally sends messages called IGMP Host Membership Query Messages or queries every 125 seconds All the hosts hear the query because it is addressed to 224 0 0 1 the all systems on this subnetwork Class D address A query is not forwarded beyond the subnetwork from which it originates Host Messages Hosts use IGMP to build their own types of IP multicast messages as described in this...

Page 433: ...ther that host is the last group member on the subnetwork by issuing a group specific query Leave group messages lower leave latency that is the time between when the last group member on a given subnetwork sends a report and when a router stops forwarding traffic for that group onto the subnetwork This process conserves bandwidth The alternative is for the router to wait for at least two queries ...

Page 434: ...path so that multicast storms do not occur Spanning Tree Delivery DVMRP version 3 x uses the Reverse Path Multicast RPM algorithm to construct a delivery tree that begins at the source and spans out to reach group members on a loopless path through the network Hence DVMRP seeks to form a source rooted spanning tree for each source group pair The shape of each tree changes dynamically depending on ...

Page 435: ...erent implementation of the spanning tree concept it is not used with IP multicast Managing the Spanning Tree RPM uses three main techniques to dynamically adjust the shape of an IP multicast spanning tree broadcasting pruning and grafting These techniques balance the goal of an efficient delivery path with the goal of effective service for all potential group members Figure 53 shows the broadcast...

Page 436: ...s explained next to upstream routers if their interfaces do not lead to group members IGMP reports if they want to continue receiving traffic for that source group pair Some IP multicast applications try to actively send traffic on the network even if no group members are requesting their traffic Your module can detect which ports lead to routers and send these infrequent broadcast packets only to...

Page 437: ...Interface Characteristics All DVMRP interfaces and DVMRP tunnels have two characteristics a metric that specifies the cost for the interface and a time to live TTL threshold Metric Value The DVMRP metric is a numeric value or cost for that path The higher the assigned cost the less likely it is that the multicast packets will be routed over that interface provided that other path options exist TTL...

Page 438: ...s chapter For information about configuring IGMP functions on a Layer 3 module see Configuring IGMP Options later in this chapter To figure IGMP functions on Switch 4007 Layer 2 Switching Modules see Chapter 11 in this guide 3 Enable DVMRP on each interface that is to perform IP multicast routing You can modify the default TTL threshold and DVMRP metric values for each interface For general inform...

Page 439: ...that bridge ports are not configured with a bridge port multicast limit that is too low Impact of IEEE 802 1Q on Multicasts Multicasting in 802 1Q VLAN tagging environments may have performance implications for a Multilayer Switching Module Specifically if you have multiple VLANs associated with a single port the module is forced to replicate multicast packets to each VLAN that has multicast group...

Page 440: ...modes enabled at all times They add little processing overhead to the module ConfiguringDVMRP Interfaces DVMRP is the protocol used to develop source rooted spanning trees between routers in the network You can enable or disable DVMRP on individual routing interfaces Important Considerations The default setting for DVMRP on each new interface is disabled If DVMRP is disabled the interface cannot p...

Page 441: ...ine a tunnel end point you must configure a routing interface and enable DVMRP on the interface Think of a tunnel end point as being layered on top of an existing IP multicast routing interface The maximum number of IP multicast tunnels that you can define on a Switch 4007 Multilayer Switching Module is 8 To define a tunnel you specify the following tunnel characteristics The index number of the l...

Page 442: ...el display lists tunnels in ascending order by the tunnel index number Tunnel index numbers provide a way to identify and remove individual tunnels which is especially useful when multiple tunnel end points are configured on the same routing interface When you remove a tunnel the module does not dynamically reorder remaining tunnels in the multicast tunnel display For example if you had three tunn...

Page 443: ... forwards it to the router which advertises the default route How to Configure A Default Route To configure a default route on an interface you Specify the interface index number Set the default route metric Specify a value from 1 through 32 to signify the cost of the route Set the default route mode There are two options all The interface advertises the default route plus all other known routes t...

Page 444: ...uld forward traffic if group members exist The module may never actually process IP multicast traffic from the sources listed in the routing table This depends on whether group members exist on directly attached subnetworks or on subnetworks from downstream routers See the Command Reference Guide for definitions of the fields of information and symbols used in the DVMRP route display Viewing the D...

Page 445: ...pecify a source and group address 2 The module sends a traceroute Query packet to the last hop multicast router the upstream router for this source group pair 3 The last hop router turns the Query packet into a Request packet by adding a response data block containing its interface addresses and packet statistics It then forwards the Request packet via unicast to the router that it believes is the...

Page 446: ... route is encountered along the path All interim devices must support IP multicast traceroute for you to see a complete path on the display Standards Protocols and Related Reading DVMRP was first defined in RFC 1075 and has been modified in various Internet drafts IGMP was first defined in RFC 1112 and has been modified in various Internet drafts To learn more about DVMRP and IGMP IP multicast tec...

Page 447: ...nes for Implementing OSPF Autonomous System Boundary Routers Areas Default Route Metric OSPF Interfaces Link State Databases Neighbors Router IDs OSPF Memory Partition Stub Default Metrics Virtual Links OSPF Routing Policies OSPF Statistics After you log in to the system and connect to a slot that houses a Multilayer Switching Module you can manage OSPF routing from the ip ospf menu of the Adminis...

Page 448: ...ctor protocol like RIP periodically exchange all or a portion of their tables but only with their neighbors Routers using a link state protocol like OSPF send small portions of their tables throughout the network by flooding For information about how to perform IP routing see Chapter 16 Features Your system supports OSPF Version 2 as defined in RFC 1583 OSPF routing on your system includes these f...

Page 449: ...col On nonbroadcast multiaccess networks you must statically configure neighbors Your system allows you to display all neighbors in the locality of the router as well configure them when needed For more information see Neighbors later in this chapter Router IDs A router ID identifies the router to other routers within the autonomous system In addition it serves as a tie breaker in the designated r...

Page 450: ...u an overview of OSPF activity on the interface For more information see OSPF Statistics later in this chapter Benefits The benefits of OSPF are what set it apart from both RIP and other Shortest Path First based algorithms before it While designing OSPF the Internet Engineering Task Force IETF proposed a number of modifications which dealt with improving the existing SPF model These modifications...

Page 451: ... with a single scheme configured for each area This partitioning allows some areas to use much stricter authentication than others Host specific and network specific route support OSPF supports traffic forwarding to single hosts or networks Each network the router knows has both an IP destination address and a mask The mask indicates the number of nodes on the network A mask of all ones 0xffffffff...

Page 452: ...e range of addresses that are being described by the particular route Including this mask enables the implementation of variable length subnet masks VLSMs which means that a single IP network number can be subnetworked or broken up into many subnetworks of various sizes When networks are subnetworked OSPF forwards each IP packet to the network that is the best match for the packet s destination It...

Page 453: ...ers create their topology databases using the data in link state advertisements LSAs from other routers in the autonomous system Areas Autonomous systems can be subdivided into smaller more manageable groups of contiguous networks called areas Each OSPF router in an area must have identical topological link state databases These databases may include area links summarized links and external links ...

Page 454: ...r each area that is connected to it including the backbone area Area border routers also send configuration summaries for their attached areas to the backbone area which then distributes this information to other OSPF areas in the autonomous system In Figure 54 four area border routers link the areas in autonomous system A Autonomous system boundary routers ASBRs Autonomous system boundary routers...

Page 455: ...d maintain communications with their neighbors In nonmulticast networks routers find neighbors by sending unicast hello packets to other statically configured routers Database description packets Neighbor routers use database description packets to synchronize their link state summary databases Link state request packets To collect network topology data routers transmit link state request packets ...

Page 456: ...its own address in another router s hello packet the two routers establish two way communications as neighbors Establishing Adjacencies If neighboring OSPF routers succeed in exchanging and synchronizing their link state databases they appear as adjacent in all router and network link advertisements Electing the Backup Designated Router OSPF selects a backup designated router for the network segme...

Page 457: ...outer then becomes adjacent to all other routers on the network segment by sending Hello packets to them Calculating Shortest Path Trees OSPF routers collect raw topological data from the LSAs that they receive Each router then prunes this data down to a tree of the shortest network paths centered on itself In a series of iterations the router examines the total cost to reach each router or networ...

Page 458: ...s in the autonomous system except stub areas Key Guidelines for Implementing OSPF Consider the following guidelines when you design a scalable and dependable OSPF internetwork These parameters must be consistent across all routers The following OSPF interface parameters must be consistent across all routers on an attached network Hello interval Dead interval Password Addressing scheme The addressi...

Page 459: ...k state information with each other Instead they exchange link state information with only the designated and backup designated routers Autonomous System Boundary Routers Autonomous system boundary routers ASBRs are the links between the OSPF autonomous system and the outside network They exchange their autonomous system topology data with boundary routers in other autonomous systems ASBRs can imp...

Page 460: ... default route A router never becomes an ASBR if all of the router s interfaces reside in a stub area This last rule overrides all other cases where a router can become an ASBR You create IP interfaces with the ip interface option You configure RIP on IP interfaces with the ip rip options You configure OSPF on IP interfaces with the ip ospf options You create default route metrics with the ip ospf...

Page 461: ...ts own distinct address space Stub area An OSPF area that does not accept or distribute external address advertisements Instead the area border router generates a default external route that is advertised into the stub area for destinations outside the autonomous system Use the stub area designation to minimize topological data that is stored in the area s routers Range An address that covers a ra...

Page 462: ...ed into stub areas Instead the area border router that is attached to the stub area advertises a single default external route into the area This relationship conserves significant LSA database space that would otherwise be used to store external link state advertisements flooded into the area In Figure 54 area 2 is a stub area that is reached only through area border router 1 It is possible to ha...

Page 463: ...y router 1 Router 5 Area 0 backbone Area 1 Autonomous system A Area border router 2 Area 2 stub Area 3 Area border router 3 Area border router 1 Autonomous system boundary router 2 Autonomous system B Area border router 4 Virtual link Segment 2 Segment 3 Segment 1 Segment 4 Segment 6 Segment 7 Segment 8 Point to point link Segment 5 ...

Page 464: ...Databases All routers that are connected to an area maintain identical routing databases about the area Routers that are connected to multiple areas maintain a separate routing database for each attached area For example in Figure 54 Routers 1 2 3 and 4 maintain identical routing databases about backbone area 0 Routers 5 and 6 maintain identical routing databases about area 1 Area border router 1 ...

Page 465: ...ea fall within a specified address range This summary route or address range is defined by an IP address and mask combination OSPF supports Variable Length Subnet Masks VLSMs so you can summarize a range of addresses on any bit boundary in a network or subnetwork address For example an address range specified with an IP address of 142 194 0 0 with a mask of 255 255 0 0 describes a single route to ...

Page 466: ... Stub areas cannot contain autonomous system boundary routers ASBRs Backbone area A stable fault tolerant backbone is vital to your OSPF internetwork It ensures communication between all areas within the AS Consider the following guidelines when you design the backbone area If you have only one area in your autonomous system then you do not need to configure a backbone area 0 0 0 0 A backbone area...

Page 467: ... physically connected to the backbone the router can use that neighbor to establish a virtual link to the backbone Do not use too many virtual links to connect ABRs for the following reasons Stability of the virtual link depends on the stability of the underlying area that it spans This dependency on underlying areas can make troubleshooting difficult Virtual links cannot run across stub areas Avo...

Page 468: ...ric By default the default route metric is not defined which means that the router does not advertise itself as the area s default router When you remove the default route metric the router no longer advertises itself as the default router OSPF Interfaces You configure OSPF router interfaces by adding OSPF characteristics to existing IP VLAN interfaces The OSPF interface has the following characte...

Page 469: ...the backup designated router takes over as the designated router To configure a router to be chosen as a designated router you must understand how the designated router is elected The routing interface that has the highest routing priority within an area is elected as the designated router using the Hello protocol In case of a tie two or more routers having the same highest routing priority the ro...

Page 470: ... cost based on the module media type you can set the cost manually to a different value In most cases you can accept the default value that the system sets Specifying Cost Metrics for Preferred Paths In OSPF the best path is the one that offers the least cost metric A cost is associated with each router output interface and each route as follows Each output interface is assigned a default cost by ...

Page 471: ...when a router receives similar LSAs LSAs that have identical sequence and checksums it then compares the ages of each LSA and stores the LSA that has the least age value in the LSA database This LSA is then used for routing table calculations LSA ages out When an LSA reaches the maximum age allowed by the system the router first refloods the LSA onto the network When it is no longer needed to ensu...

Page 472: ... for that neighbor The dead interval must be the same for all routers on the network The default value for the dead interval is 4 times the default value for the Hello interval 40 seconds Password OSPF supports simple password authentication You can set security passwords for OSPF interfaces so that only routers that know the password participate in OSPF exchanges Therefore configure routers in th...

Page 473: ...ated router and backup designated router Because router priority is assigned on a per interface basis a single router with interfaces within several different areas can serve as designated router for those areas But because a designated router has several CPU intensive responsibilities it is not a good idea to select the same router as designated router for many areas simultaneously Routers that h...

Page 474: ...or the dead interval is 40 seconds Set the dead interval to 4 times the value specified for the hello timer Set the dead interval to the same value for all routers on the same network segment Retransmit interval The default value for the retransmit interval is 5 seconds Set the retransmit interval to greater than the expected round trip delay between any two routers on the attached network Set the...

Page 475: ...ginating router s links interfaces to the area Information contained in each link state advertisement includes LSID Link State ID The ID of the router that generated the LSA Router ID ID of the router that originated the LSA LS Seq Link State Sequence The sequence number of the advertisement Used to detect old or duplicate link state advertisements LS age The time in seconds since the LSA was gene...

Page 476: ... is the IP address mask of the neighboring router Metric Cost of using this outbound router link With the exception of stub networks this value must be other than 0 Network Link State Advertisements The designated router for each area originates a network link state advertisement for each transit network a network that has more than one attached router This advertisement describes all routers that...

Page 477: ...tisement header Each summary link state advertisement includes this information LSID Link State ID Possible values For Type 3 summary link advertisements this is the IP network number For Type 4 summary link advertisements this is the ASBR s router ID Router ID ID of the router that originated the LSA LS Seq Link State Sequence The sequence number of the advertisement Used to detect old or duplica...

Page 478: ...based on one of these cost metric types Type 1 Router adds the internal cost metric to the external route metric For example if an ABR is advertising Type 1 external route metrics the cost of the route from any router within the AS is equal to the cost associated with reaching the advertising ABR plus the cost of the external route Type 2 Routers do not add the internal route metric to the externa...

Page 479: ...d by a different router on the same LAN then the advertising boundary router specifies that router s address in the forwarding address field Otherwise it leaves the field as 0 Metric The cost to reach the advertised destination Type Possible values Type 1 Normal link state metric Type 2 The metric is larger than any local link state path See the discussion of Type 1 and Type 2 external metrics ear...

Page 480: ...igure 54 earlier in this chapter includes several sets of OSPF neighbor routers In backbone area 0 Routers 2 and 3 and area border routers 1 and 3 are neighbors on segment 1 the backbone network Routers 1 and 2 are neighbors on a point to point link Routers 3 and 4 and area border router 2 are neighbors on segment 4 No routers are neighbors on segments 2 3 5 and 6 In area 1 Router 5 and area borde...

Page 481: ...s Init A Hello packet has recently been seen by a neighbor but two way communication has not been established Two way Bidirectional communication has been established Two way is the most advanced state of a neighbor relationship before beginning to establish an adjacency In fact the designated router and backup designated router are selected from the set of neighbors that are in a state of two way...

Page 482: ...he moment that the neighbor goes into the database exchange state These LSAs are sent to the neighbor in database description packets ReqQ Request Queue The number of LSAs that are required from the neighbor in order to synchronize the neighboring routers link state databases The router requests these LSAs by sending link state request packets to the neighbor The neighbor then responds with link s...

Page 483: ...er that you want to associate with the specified interface The Hello protocol then dynamically retrieves the additional neighbor information as described in Neighbor Information in the previous section Important Considerations Consider the following guidelines when you configure neighbors Routers use OSPF hello packets to learn neighbor addresses dynamically on broadcast networks Define static nei...

Page 484: ... are available Default A unique ID that the system generates and uses as the default router ID Interface The index of an IP interface on the router Address An ID that you define in the form of an IP address OSPF routing must be inactive before you can add or modify an OSPF router ID To deactivate OSPF routing set the OSPF mode to disabled See the Command Reference Guide for details After you add t...

Page 485: ...mory for to perform all of its functions and enable most features Under this option OSPF always has a partition of memory available for its use Under the default OSPF memory allocation scheme two values have meaning Current partition maximum size Allocated memory size Current Partition Maximum Size The current partition maximum size is the maximum amount of memory that OSPF can allocate It is calc...

Page 486: ...rts An attempt to allocate memory past the OSPF current partition maximum size generates a soft restart condition that momentarily causes the router to go down This may occur for example because The routing table grew suddenly because it received a large number of external link state advertisements LSAs such as RIP routes learned from an ASBR that had to be added to the internal database The route...

Page 487: ...hing upon the space available to other protocols Stub Default Metrics Generally a stub area is a network that is connected to an OSPF routing domain by a single area border router ABR External link state advertisements are not advertised into stub areas Instead the ABR injects a Type 3 summary link state advertisement that contains a single external default route into the stub area The routers wit...

Page 488: ...ea Virtual Links The backbone area 0 0 0 0 must link to all areas If any areas are disconnected from the backbone some areas of the autonomous system AS become unreachable In the rare case that it is impossible to physically connect an area to the backbone you can use a virtual link The virtual link provides a logical path to the backbone for the disconnected area Virtual links are used to ensure ...

Page 489: ...ckbone area Instead connectivity to the backbone is achieved using a virtual link configured between router A and router B Area 0 0 0 2 is the transit area and router B is the entry point into backbone area 0 0 0 0 The virtual link in Figure 55 provides area 0 0 0 1 and router A with a logical connection to the backbone Here is the virtual link configuration for both routers shown in Figure 55 Rou...

Page 490: ... added to the routing table and export polices that dictate which routes are advertised to other routers You can use routing policies to Increase security For security reasons you may not want the router to advertise certain routes For example Organization A may have defined one of its ASBRs with a direct connection to Organization B that they use for direct communication For security or performan...

Page 491: ...se to advertise the route to other routers with a different cost Important Considerations Consider the following guidelines when you work with OSPF routing policies You can only apply OSPF policies against external routes External routes refer to routes that are advertised over the network using external link state advertisements LSAs These routes include Directly connected non OSPF interfaces Phy...

Page 492: ...atches the route address excluding wildcards If multiple matches still exist the router uses the policy that matches the origin protocol If multiple matches still exist then the router uses the policy that has the lowest index number You can set up an IP RIP or OSPF import or export policy to accept or advertise the default route as long as the default route exists in the routing table When you de...

Page 493: ...o not reset these modules for several minutes after making configuration changes Because all routers within the same OSPF area must maintain similar databases all routers must receive all link state advertisements that are sent over the network and store those advertisements in their link state databases By defining an import policy however you can control what routes from a router s external link...

Page 494: ... routes to which you want the policy to apply specified by a network address and subnet mask The action that you want the router to take accept or reject Accept configures the router to add the route to its routing table Reject prevents the router from adding the route to its routing table OSPF Routing Table Accept Incoming traffic non self originated IP Network Link State Database Import Policy R...

Page 495: ...o the routing table with the cost metric that has been defined by the import policy In case multiple policies match the same route you can also assign an administrative weight to define an order of precedence Import Policies at a Glance Table 80 lists the possible import policy configurations Table 80 OSPF Import Policies Route Address Route Subnet Mask Policy Action Metric Adjustment Description ...

Page 496: ...es that are originated by the router itself You can also adjust the cost and external metric type of each route that you allow the router to advertise See the discussion about Type 1 and Type 2 metrics in External Link State Advertisements earlier in this chapter for more information about external metric types Table 81 Import Policy Example Policy Field Definition Policy type import Route address...

Page 497: ...ss Figure 57 Export Policy Process You define these criteria as part of an export policy The method by which the route was learned by the router Possible origins include directly connected interfaces and static routes as well as RIP routes imported by autonomous system boundary routers When you define an export policy against a directly connected interface you can specify one or all of the physica...

Page 498: ...k state advertisements and as a result is not propagated over the network For export policies that define routes to be advertised in external LSAs you can define a new cost metric value for the route or you can adjust the existing cost metric using one of these operators adds the specified number to the existing cost metric subtracts the specified number from the existing cost metric multiplies th...

Page 499: ... specified metric type with a cost of C RIP or Static 0 0 0 0 B Accept C Type 1 Type 2 RIP or Static Route B originating from any router is advertised as the specified metric type with a cost of C RIP or Static 0 0 0 0 0 0 0 0 Accept C Type 1 Type 2 RIP or Static routes originating from any router are advertised as the specified metric type with a cost of C RIP or Static A B Reject N A N A RIP or ...

Page 500: ...OSPF routers must maintain similar link state databases and shortest path trees you cannot define an export policy to restrict the advertisement of directly connected OSPF interfaces Table 84 OSPF Export Policies for Directly Connected Interfaces Origin Protocol Interface Policy Action Metric Adjustment External Metric Type Description Direct Specific non OSPF interface or All non OSPF interfaces ...

Page 501: ...IP route 138 140 9 0 originates from router 131 141 126 9 Although the router can add the 138 140 9 0 route to its routing table this policy prohibits the boundary router from migrating the route from its routing table to its link state database As a result the route is not propagated over the network Table 86 Export Policy to Reject Static Routes Policy Field Definition Policy type export Origin ...

Page 502: ...rtises the interface over the network as a Type 2 external metric with an associated cost of 12 overriding the external metric type and cost that are defined for the interface in the system s routing table Export Example 5 Advertisement of Static Routes The policy defined in Table 89 configures a router to advertise all static routes as Type 1 external metrics with a cost of 1 Table 88 Export Poli...

Page 503: ... to advertise all routes that are imported from a RIP network as Type 2 external metrics with associated costs of 10 Table 90 Export Policy to Accept RIP Routes Policy Field Definition Policy type export Origin protocol rip Source address 0 0 0 0 Route address 0 0 0 0 Policy action accept Metric adjustment 10 ASE Type Type 2 Administrative weight 1 ...

Page 504: ...st computations made Each time that a router comes online or each time there is a change in topology the router must perform SPF computations Memory failures Number of nonfatal memory allocation failures LSAs transmitted Number of link state advertisements transmitted LSAs received Number of link state advertisements received Route update errors Number of nonfatal routing table update failures Rec...

Page 505: ...ts RFC 1583 Moy J OSPF Version 2 March 1994 RFC 1850 Baker F and Coltrun R OSPF Version 2 Management Information Base November 1995 Other useful reading includes Moy John OSPF Anatomy of an Internet Routing Protocol Reading MA Addison Wesley Longman ISBN 0201634724 1997 RFC 1245 Moy J OSPF Protocol Analysis July 1991 RFC 1586 DeSouza O and Rodriguez M Guidelines for Running OSPF Over Frame Relay N...

Page 506: ...506 CHAPTER 19 OPEN SHORTEST PATH FIRST OSPF ROUTING ...

Page 507: ...vers IPX Forwarding IPX RIP Mode IPX SAP Mode IPX Statistics Standards Protocols and Related Reading After you log in to the system and connect to a slot that houses a Multilayer Switching Module you can manage IPX routing features from the ipx menu of the Administration Console See the Switch 4007 Command Reference Guide The management interfaces display cb9000 and refer to the Management Module ...

Page 508: ... which is used for connectionless communications IPX packets are encapsulated and carried by Ethernet packets and Token Ring frames Figure 58 shows the relationship of the IPX protocol to the Open System Interconnection OSI reference model Figure 58 IPX Protocol in the OSI Reference Model Application Presentation Session Transport Network Data link Physical Layers in the OSI Reference Model Applic...

Page 509: ...ode IPX SAP mode Benefits You can use IPX routing to Provide services for connectionless communications Reduce the cost of equipment moves upgrades and other changes and simplify network administration Create VLAN to IPX interfaces to create virtual workgroups with most of the network traffic staying in the same IPX interface broadcast domain Help avoid flooding and minimize broadcast and multicas...

Page 510: ...etworks in the IPX network Each IPX VLAN interface is associated with a VLAN that supports IPX The Multilayer Switching Module has one interface defined for each subnetwork to which it is directly connected A router operates at the network layer of the Open Systems Interconnection OSI Reference Model The router receives instructions to route packets from one segment to another from the network lay...

Page 511: ...specifies the upper layer protocol that receives the packet Destination network A 4 byte field that contains the network number of the destination node When a sending node sets this field to 0 the system routes the packet as if the sending and destination nodes were on the same local segment Destination node A 6 byte field that contains the physical address of the destination node Destination sock...

Page 512: ...ta A field that contains information for upper layer network processes IPX Packet Delivery Successful packet delivery depends both on proper addressing and on the network configuration The packet s Media Access Control MAC protocol header and IPX header address handle packet addressing The sending node must have the destination s complete network address including the destination network node and ...

Page 513: ...quest The router s response includes its network and node address in the IPX header After the sending node determines the intermediate router s address it can send packets to the destination node Network 000000AA Node 000000000001 Socket 4003 Node Node 000000000020 000000000021 Network 000000BB Node 000000000003 Socket 0451 MAC Header Destination Node 000000000020 Source Node 000000000001 IPX Head...

Page 514: ...s its own node address in the source address field of the packet s MAC header c Increases the transport control field of the IPX header by 1 and transmits the packet on the destination node segment If the packet is destined for a network number to which the router is not directly connected the router sends the packet to the next router along the path to the destination node The sending router a Lo...

Page 515: ...etBIOS protocol Network Basic Input Output System protocol An application programming interface API that adds special functions for PC based LANs Node The node address of the router that can forward packets to each network segment when this is set to all 0s the router is directly connected RIP Routing Information Protocol Allows the exchange of routing information on a NetWare network IPX routers ...

Page 516: ...or SAP if you plan to use them 6 Define IPX forwarding See the Command Reference Guide for commands that you use for these steps General Guidelines Consider the following general guidelines before you configure IPX routing on your Multilayer Switching Module Every IPX interface has one IPX VLAN and other associated information The IPX router has one IPX interface defined for each network to which ...

Page 517: ...NAP State The status of the IPX interface The IPX interface status can be up available for communication or down unavailable for communication VLAN interface index VLAN index The VLAN that is associated with a IPX interface When the system prompts you for this option it indicates the available VLAN indexes Important Considerations Consider the following guidelines when you set up an IPX interface ...

Page 518: ...ial requirements such as the need for redundant paths assign a cost of 1 to each interface and do not modify this setting When you modify an IPX interface you can change its IPX address Cost Format Associated IPX VLAN index If you use the OddLengthPadding feature 10 MB switching modules support only make sure that you select only those interfaces that require odd length padding If you enable this ...

Page 519: ...ynamically Use the Administration Console to make static entries in the table Important Considerations Consider the following guidelines when you set up an IPX route The first line in the output the status line indicates whether IPX forwarding is enabled IPX RIP mode is active IPX RIP mode triggered updates are enabled IPX SAP mode is active IPX SAP triggered updates are enabled The secondary rout...

Page 520: ...amically learned routes are removed immediately All dynamic servers that depend on these routes are also removed from the Server Information Table Primary and Secondary Routes You can set up both Primary and Secondary routes in the routing table To set up routes in the routing table see the IPX routing chapter in the Switch 4007 Command Reference Guide Static Routes You manually configure a static...

Page 521: ...tive router sends a RIP message every 60 seconds This message contains both the network number for each destination network and the number of hops to reach it In RIP each router through which a packet must travel to reach a destination counts as one network hop Routing Tables A routing table collects information about all intranetwork segments This table allows a router to send packets toward thei...

Page 522: ...shows an example of a typical routing information table Figure 61 Sample Routing Table The routing information table is updated statically or dynamically Selecting the Best Route Large networks contain many possible routes to each destination A router performs the following steps to find the best route toward a destination If one route requires the lowest number of ticks the router selects it as t...

Page 523: ... you Remove them Remove the corresponding interface Remove the route to the corresponding network address A static server must have an IPX network address that corresponds to a configured interface or to a static route If an interface goes down any static servers on that interface are removed from the server table until the interface comes back up Static servers take precedence over dynamically le...

Page 524: ...ers Using SAP Servers are automatically added to and removed from the information table through SAP This automatic SAP update helps you keep up with changing network environments and allows servers to advertise their services and addresses quickly and reliably As servers boot up they advertise their services When servers are brought down they use SAP to broadcast that their services are no longer ...

Page 525: ...e can cause this situation Each SAP agent maintains a timer for each entry in its server information tables The timer tracks the elapsed time since this entry has been updated This information is either new or changed and the SAP agent immediately passes it on Changes are quickly captured and stored throughout the intranetwork SAP Request Handling When a SAP agent receives a general request it not...

Page 526: ... Age of server The time in seconds since the server s last table update IPX Forwarding You can control whether the system forwards or discards IPX packets with the ipx forwarding option Important Considerations Consider the following guidelines before you use the ipx forwarding option When you enable ipx forwarding the Multilayer Switching Module acts as a normal IPX router It forwards IPX packets...

Page 527: ...uters on the network and age those networks that might become inaccessible if a router is abnormally disconnected from the network Important Considerations Consider the following guidelines before you use the ipx rip mode option The system has three RIP modes Off The system processes no incoming RIP packets and generates no RIP packets of its own Passive The system processes all incoming RIP packe...

Page 528: ...he protocol receiving the route forwards the route to the routing table manager The routing table manager compares the route to the import policy to determine whether to accept or drop the route If the routing table manager accepts the route it stores the route in the routing table The default import policy is none that is the router places all routes into the routing table RIP Export Policies At ...

Page 529: ...th the RIP policy Source Node Address The MAC address of the router that can forward packets to the network Action Whether this router accepts or rejects a route that matches the policy Metric Increase or decrease a route metric by a value that you specify This parameter is valid only if the Policy Action is set to Accept import policies To change the route metric of an export policy you must adju...

Page 530: ...px sap mode option The Multilayer Switching Module has three SAP modes Off The system does not process any incoming SAP packets and does not generate any SAP packets of its own Passive The system processes all incoming SAP packets and responds to SAP requests but it does not broadcast periodic or triggered SAP updates Active The system processes all incoming SAP packets responds to explicit reques...

Page 531: ... sends it out The default export policy is none that is the router advertises all services SAP Policy Parameters These parameters define SAP policies Policy type Import apply the policy to received services or Export apply the policy to advertised services Route origin The origin of the service for this policy if it is an export policy static SAP or all Service type The Novell standard 6 digit hex...

Page 532: ...r value IPX Statistics You can view the following IPX statistics on your system IPX summary statistics IPX RIP statistics IPX SAP statistics IPX forwarding statistics IPX interface statistics In the display the status line indicates whether IPX forwarding is enabled RIP mode is active RIP mode triggered updates are enabled SAP mode is active SAP mode triggered updates are enabled The secondary rou...

Page 533: ...owing standards and protocols apply when you use IPX to route packets on your system IEEE 802 2 IEEE 802 2 LLC IEEE 802 3 IEEE 802 3 RAW IEEE 802 3 SNAP Internet Packet eXchange IPX RFC 1234 RFC 1552 Routing Information Protocol RIP RFC 1058 Service Advertisement Protocol SAP NetWare Protocol ...

Page 534: ...534 CHAPTER 20 IPX ROUTING ...

Page 535: ...rwarding AppleTalk Traffic Checksum Error Detection AppleTalk Echo Protocol AEP AppleTalk Statistics Standards Protocols and Related Reading After you log in to the system and connect to a slot that houses a Multilayer Switching Module you can manage AppleTalk features from the appletalk menu of the Administration Console See the Switch 4007 Command Reference Guide The management interfaces displa...

Page 536: ...stance vector based routing protocol RTMP constructs best paths based on hop count information propagated by neighbors Features AppleTalk routing includes these features AppleTalk Interfaces An AppleTalk interface is one that can send and receive AppleTalk traffic When you configure an AppleTalk interface you define the behavior and role of the interface within the AppleTalk routing domain For exa...

Page 537: ...use to test the connectivity and response of an AppleTalk device See AppleTalk Echo Protocol AEP later in this chapter for more information AppleTalk Statistics You can also display AppleTalk statistics for a number of AppleTalk protocols These statistics can help you diagnose and troubleshoot network issues and performance problems See AppleTalk Statistics later in this chapter for more informati...

Page 538: ...k protocols and their relationship to the OSI Reference Model These protocols provide physical connectivity end to end network services and data delivery Figure 63 AppleTalk Protocols and the OSI Reference Model Application Presentation Session Transport Network Data link Physical OSI Reference Model AppleTalk Data Stream Protocol ADSP Routing Table Maintenance Protocol RTMP PostScript TokenTalk L...

Page 539: ...ee link access protocols LAPs TokenTalk LAP TLAP Ethernet LAP ELAP LocalTalk LAP LLAP The AppleTalk Address Resolution Protocol AARP which translates hardware addresses to AppleTalk addresses also exists at the data link layer because it is closely related to the Ethernet and token ring LAPs AARP is usually included in the definition of each LAP so it does not appear in the reference model See App...

Page 540: ...ame Binding Protocol NBP Routing Table Maintenance Protocol RTMP This protocol maintains information about AppleTalk addresses and connections between different networks It specifies that each router Learns new routes from other routers Deletes a route if the local router has not broadcast the route to the network for a certain period of time Each router builds a routing table for dynamic routing ...

Page 541: ... the status of an entry from good to suspect 2 After an additional period of time the RTMP changes the status of an entry from suspect to bad 3 After an additional period of time the RTMP changes the status of an entry from bad to really bad 4 The router removes the entry of a nonresponding router with a really bad status The data in the routing table is cross referenced to the Zone Information Ta...

Page 542: ...le Figure 64 A Simple AppleTalk Network Table 91 Routing Table for Router 24 in Figure 64 Network Range Distance in hops Interface State 5 5 1 2 Good 12 12 3 3 Good 18 20 2 3 Good 103 103 0 1 Good 64 64 1 3 Good Zone Administration Zone Accounting Zone Marketing Router Router Router Network 20 40 Network 8 8 Network 47 47 L3 L3 L3 ...

Page 543: ...l ADSP ensures delivery of DDP packets to a destination without any losses or corruption Name Binding Protocol NBP This protocol translates alphanumeric entity names to AppleTalk addresses NBP maintains a table of node addresses and named entities within each node Because each node also maintains its own list of named entities the names directory within an AppleTalk network is not centralized The ...

Page 544: ...pares the network number in the matching ZIT entry with the network number in the RTMP table to find the interface for routing the packet AppleTalk Session Protocol ASP The ASP passes commands between a workstation and a server after they connect to each other ASP ensures that the commands are delivered in the same order that they were sent and returns the results of these commands to the workstat...

Page 545: ...ded Phase 1 and extended Phase 2 3Com routers support extended network numbers While the system does not translate Phase 1 packets to Phase 2 packets it does route packets to a Phase 1 network because it anticipates that a gateway exists between the two networks to translate the packets An extended intranetwork can span a range of logical networks Network numbers in an extended network consist of ...

Page 546: ... chapter Seed Routers A seed router initializes the intranet with AppleTalk configuration information including network numbers and zone names The seed router broadcasts this information so that nonseed routers can learn it You designate a seed router through the Administration Console A nonseed router listens for a seed router and takes configuration information from the first one it detects A no...

Page 547: ...protocol used to test the accessibility of a system and make an estimate of the route trip transmission time that is required to reach the system Checksum A method providing error detection for AppleTalk packets calculated by summing a set of values Key Implementation Guidelines Consider the following guidelines when designing a dependable and scalable AppleTalk network All AppleTalk routers on th...

Page 548: ...s a network number from within this range Address The AppleTalk interface address which is based on the network range and a unique network node number 1 through 253 and expressed in the format network node The network number identifies the network The node number uniquely identifies the AppleTalk node on the network The router selects the network number from the range of numbers assigned to the ne...

Page 549: ...inclusive Node numbers 0 254 and 255 are reserved by the AppleTalk protocol The maximum number of active AppleTalk devices on a network is equal to the number of network numbers multiplied by the number of possible node numbers All seed routers on a particular network must have the same value for both the start and end of the network number range For example if you have a segment to which multiple...

Page 550: ...e how to forward data on the basis of its destination network number Exchanging information between routers so that the routers can maintain their routing tables All AppleTalk routers periodically exchange routing tables by broadcasting RTMP packets onto the network every 10 seconds each packet contains a router s routing table entries When a router receives the routing table of another router it ...

Page 551: ...rrently not in its table the router adds the entry to its routing table and increments the route s distance hop count by 1 When a network is removed from the RTMP table whether manually or though the aging process the router also scans the Zone Information Table ZIT and removes ZIT entries that contain the deleted network number If the Zone Information Table contains an entry whose network number ...

Page 552: ... Address Resolution protocol called Probe When a node on the network initializes it randomly selects an AppleTalk address for itself At the same time the node sends 10 AARP probe packets The probe packets determine whether any other nodes on the network are using the selected address If the address already exists the initializing node randomly selects another address and sends another set of probe...

Page 553: ...ess becomes the node s address If the system receives a reply it repeats the process until it discovers an available address AARP entries include the following information AARP address AARP address of the node in network node format MAC address MAC layer address of the node Interface Interface through which the node can be reached Age Number of seconds before the system ages out the cache entry If...

Page 554: ...leTalk zones Figure 65 AppleTalk Networks and Zones This example shows an AppleTalk intranet with three subnetworks 47 47 20 40 and 8 8 Three AppleTalk zones span these networks Administration Accounting and Marketing Network 20 40 includes two nodes in the Administration zone and five nodes in the Accounting zone Network 47 47 includes a node from the Accounting zone and all nodes in the Marketin...

Page 555: ...requests from the originating router the corresponding zones associated with the newly discovered network When ZIP receives the associated zones it then updates the ZIT entry If the Zone Information Table contains an entry whose network number range is not in the RTMP table the router then concludes that the network is no longer on the Internet and deletes the network s ZIT entry This means whenev...

Page 556: ...ers do not query for zone information until the network has been aged out of their routing tables If you do not age out the network range some routers may not remove the network from their routing tables Devices attached to these networks are then unaware of the new zone information which can result in some users seeing the new zones in their Choosers while others see the old zones To age out the ...

Page 557: ... a minimum of 10 minutes while routers on the internetwork age out the existing network information 3 Redefine all AppleTalk interfaces with the new zone information 4 Start the seed routers 5 Start the nonseed routers Although ZIP defines the minimum down time of 10 minutes the exact time required to ensure that the network range is aged from all routers depends on the complexity and size of the ...

Page 558: ...rding you disable the forwarding of Datagram Delivery Protocol DDP packets Because AppleTalk uses this network layer protocol this setting also disables the routing of AppleTalk packets This means that AppleTalk interfaces do not forward routable AppleTalk traffic All AppleTalk traffic is dropped In addition all traffic from nonroutable protocols or protocols not yet configured for routing are dro...

Page 559: ...ecksum generation and verification is disabled Disabled is the preferred setting Enabling the checksum generation or verification significantly impacts the router s performance You may want to disable checksum generation and verification if you have older devices that cannot receive packets that contain checksums AppleTalk Echo Protocol AEP The system supports the AppleTalk Echo Protocol which sen...

Page 560: ...leTalk services such as RTMP NBP and ZIP rely on DDP for packet delivery as illustrated in Figure 63 earlier in this chapter Your system allows you to view a variety of DDP statistics including inBcastErrors Number of dropped DDP datagrams for which the system was not their final destination and they were sent to the broadcast MAC address inCsumErrors Number of DDP datagrams that were dropped beca...

Page 561: ...le Maintenance Protocol AppleTalk uses the Routing Table Maintenance Protocol RTMP to build and maintain routing tables Your system allows you to view a variety of RTMP statistics including inDatas Number of good RTMP data packets that were received inOtherErrs Number of RTMP packets received that were rejected for an error other than a version mismatch inRequests Number of good RTMP request packe...

Page 562: ...es that have been received inGniReplies Number of ZIP GetNetInfo reply packets that have been received inGniRequests Number of ZIP GetNetInfo request packets that have been received inLocalZones Number of Zip GetLocalZones requests packets that have been received inObsoletes Number of ZIP Takedown or ZIP Bringup packets that have been received inQueries Number of ZIP queries that have been receive...

Page 563: ...o request with an invalid zone name outZoneLists Number of transmitted ZIP GetZoneList reply packets Name Binding Protocol AppleTalk uses the Name Binding Protocol NBP to convert user friendly entity names which are user defined and change infrequently into AppleTalk network addresses which are dynamically assigned and change frequently Your system allows you to view a variety of NBP statistics in...

Page 564: ...Reading For more information about AppleTalk technology see the following publications Gursharan S Sidhu Richard F Andrews and Alan B Oppenheimer Inside AppleTalk Second Edition Addison Wesley Publishing Company 1990 RFC 1742 AppleTalk Management Information Base II ...

Page 565: ...s Modifying and Removing Classifiers and Controls QoS Excess Tagging Transmit Queues and QoS Bandwidth RSVP You can manage QoS features from the qos menu of the Administration Console See the Switch 4007 Command Reference Guide You can use the Administration Console after you log in to the system and connect to a slot that houses a Multilayer Switching Module The management interfaces display cb90...

Page 566: ...s are growing Features The Multilayer Switching Modules that are available on the Switch 4007 support the following QoS features QoS Classifiers Define how the Multilayer Switching Module groups packets to schedule them with the appropriate service level QoS Controls Assign rate limits and IEEE 802 1p priorities as well as prioritize packets that are associated with one or more classifiers Using t...

Page 567: ... volume of traffic grows Reduce the need to constantly add bandwidth to the network Manage network congestion Methods of Using QoS Your Multilayer Switching Module s implementation of QoS focuses on traffic classification policy based management and bandwidth It provides multiple service levels mapped to several transmit queues classification of traffic types and weighted fair queueing of priority...

Page 568: ...ional bits of the tag control information to set a user priority level for policy based services such as QoS You can classify traffic using a specific IEEE 802 1p priority tag value or several tag values You can also define a control that inserts a priority tag value in forwarded frames The IEEE 802 1p priority tag values are 0 through 7 Table 92 shows the IEEE 802 1p user priority values and the ...

Page 569: ...from the source to the destination must agree to observe the RSVP call request parameters before traffic can flow Terminology The following terms apply to QoS Classifiers Two types of classifiers define how your Multilayer Switching Module groups packets in order to schedule them with the appropriate service level Flow classifiers Apply to routed IP unicast and IP multicast traffic only not bridge...

Page 570: ...assign rate limits and priorities to the packets that are associated with one or more classifiers Rate limit Limits the amount of input bandwidth used by incoming classified traffic optionally on a per port basis When you define a control you can specify one of three rate limits none no rate limit receivePort a separate limit on each specified receive port or aggregate limits on groups of receive ...

Page 571: ...eds and allows you to occasionally exceed the configured rate TCP drop control TCP drop control allows you to create QoS Flow Classifiers that allow traffic going from source IP addresses to destination IP addresses to be dropped or otherwise controlled using one way TCP flow filtering This control can only be used for flow classifiers that use the TCP IP protocol Timer option The QoS Timer option...

Page 572: ...ground traffic For nonflow classifiers only IEEE 802 1P tag values range from 0 through 7 To allow low priority queues to get serviced and to prevent starvation of best effort traffic in the low priority queue 3Com has implemented the following map priorities 1 2 map to the low queue priorities 0 3 map to the best queue priorities 4 7 map to the high queue These are the defaults which you can chan...

Page 573: ...the rate limit parameters c Apply an IEEE 802 1p priority tag value to forwarded traffic General Guidelines You must define a classifier before you can assign a control to it A classifier does not affect traffic scheduling until you configure a control for that classifier Traffic that is not classified and controlled is treated with a transmit priority of best best effort using the default classif...

Page 574: ...odule GBIC Model Number 3CB9RG4 Aggregate works the same as ReceivePort if specified QoS Classifiers You define classifiers to distinguish certain types of traffic from other types of traffic A classifier directs the Multilayer Switching Module how to identify a certain type of traffic After you define a classifier you must apply a control to the classifier Important Considerations Review the foll...

Page 575: ... your classifiers The Multilayer Switching Module provides a default classifier 499 which you cannot remove or modify To first modify one of the predefined nonflow classifiers with controls you must remove the control In Figure 66 U means unicast M means multicast and B means broadcast Also the range 0 through 7 implies that a nonflow classifier recognizes all IEEE 802 1p priority tags See Table 9...

Page 576: ... cannot classify to the IP address or socket level The classifier number indicates precedence The classifier with the lowest number takes precedence if a packet meets the criteria for more than one classifier For example you can use two classifiers as follows You define a flow classifier with classifier number 6 which recognizes all TCP or UDP traffic from IP address 3 3 3 3 The control that you a...

Page 577: ...or more address port patterns filters for that classifier Each address port pattern counts toward the flow classifier limit Therefore if you define a flow classifier with 10 address port patterns you can have up to 90 additional flow classifiers Because a flow classifier handles IP routed traffic only it is expected that you have an IP VLAN an IP routing interface and IP routing enabled For inform...

Page 578: ...gh 65535 Whether you want to define another address port pattern filter for this classifier Specifying Addresses and Address Masks You can classify traffic using source and destination IP addresses and their associated source and destination IP address masks For a classifier aimed at filtering traffic to a specific destination from a particular source for instance you may define a single address p...

Page 579: ...ons are associated with well known port numbers For example FTP which uses TCP uses port 20 for the data transfer connection and port 21 for the control connection TELNET which also uses TCP uses port 23 SNMP which uses UDP uses port 161 SMTP the mail protocol uses port 25 and the World Wide Web service uses port 80 You can consult the services database file etc services on a UNIX server that is t...

Page 580: ...se custom select the protocol type ethernet or DSAP SSAP For ethernet type enter the hexadecimal value For DSAP SSAP type enter the DSAP and SSAP hexadecimal values An IEEE 802 1p tag value in the range of from 0 through 7 or all You can make the Multilayer Switching Module recognize any IEEE 802 1p tagged frames with any combination of the priority tags in the range of from 0 through 7 The tag va...

Page 581: ...kets used to establish TCP connections Whether to drop packets used to establish TCP connections This is a form of one way filtering for flow classifiers only The default is no Enable control start and stop times Similar to how a VCR operates this timer allows you to set the desired beginning and ending period for a control The default is no If you select yes you set the following Input time type ...

Page 582: ...limit of none to a control and thereby emphasize the service level and priority tag Assign a rate limit type of receivePort or aggregate to the control and define multiple rate limit values for different subsets of ports Each classifier can have only one control Therefore although you can apply a control to a classifier that has multiple rate limit values for subsets of ports that control can have...

Page 583: ...ion tool such as the Administration Console to display summary and detail information for your controls When you define a control you supply the following information Control number in the range of from 5 through 50 unless you remove the predefined controls from predefined classifiers Control name a unique name of up to 32 characters long Rate limit type for the control none receivePort or aggrega...

Page 584: ...E 802 1p priority tag values in the range of from 0 through 7 or none to apply to forwarded frames By default no tags are applied unless the associated classifier defines a tag value In that case the tag value from the associated classifier is used for the forwarded frames Whether to drop packets used to establish TCP connections This is a form of one way filtering for flow classifiers only The de...

Page 585: ...aggregate you have many additional options After you specify a service level and loss eligibility status for conforming packets you can also specify a service level for nonconforming excess packets packets that exceed the specified rate limit whether the nonconforming excess are loss eligible how the rate limit for receive ports should be expressed the rate limit value a burst size and the receive...

Page 586: ...er in this chapter Service levels also define the loss eligibility status for conforming and nonconforming excess By default conforming packets are not loss eligible nonconforming excess are loss eligible The Multilayer Switching Module supports these service levels High For any type of rate limit transmits the packet first top priority Best For any type of rate limit transmits the packet on a bes...

Page 587: ...oes not function with nonflow classifiers or UDP It is only available for flow classifiers that include TCP Figure 67 illustrates how TCP handshaking works between the source and destination to establish a connection By dropping only the initial TCP packet used to establish TCP connections those packets containing a signature of SYN 1 ACK 0 you can establish one way TCP flow filtering Figure 67 TC...

Page 588: ...twork fails This next example illustrates how TCP one way filtering can be effective Figure 69 shows the same situation but with TCP drop control enabled to filter only those packets with the SYN 1 and ACK 0 signature Figure 69 QoS Control Action Drop Control Enabled QoS Classifier Source IP 0 0 0 0 Destination IP 10 1 1 0 QoS Control Action Drop all 10 1 1 254 10 1 2 254 Admin End user network Qo...

Page 589: ... The default setting for the timer control is no no timer control QoS controlled classifiers are in effect all the time when timer control is not enabled Starting and ending days in the following syntax mm dd For example to enter a date of May 20 enter 05 20 Starting and ending times in the following syntax hh mm For example to enter a time of 10 o clock in the morning enter 10 00 Days of the week...

Page 590: ...reached Every Day of the Week Select a start day and then the start time and end time The control is activated between the start and end times every 7 days Weekdays Select start and end time The control is activated every weekday between the start and end times for the current week Weekends Select a start and end time The control is activated during each day of the current weekend and is removed w...

Page 591: ...ier is defined with two address and port patterns filters to classify traffic from subnetworks of the 168 101 0 0 network to the database server 168 101 162 151 and traffic from the server to the subnetworks This kind of configuration can be called a to from classifier The control applied to this classifier gives high priority to the traffic to and from the server Figure 70 To From Flow Classifier...

Page 592: ... 101 162 151 Destination IP address mask 255 255 255 255 Start end source port range 2020 2020 Add another filter address port pattern y Source IP address 168 101 162 151 Source IP address mask 255 255 255 255 Destination IP address 168 101 0 0 Destination IP address mask 255 255 0 0 Start end destination port range 2020 2020 Add another filter address port pattern n Control Field Definition Contr...

Page 593: ...d 192 1 2 0 from the Research and Development 168 20 30 0 subnetwork The associated control for this classifier sets a service level of drop to drop all traffic that is sent by the 168 20 30 0 subnet to the Accounting network Figure 71 Flow Classifier for Traffic to from a Subnetwork L3 Accounting servers on 192 1 1 0 R D clients on 168 20 30 0 subnet Accounting clients on 192 1 2 0 Filter X X X S...

Page 594: ...lassifier name IPFilter1 Cast type all IP protocol type all Source IP address 168 20 30 0 Source IP address mask 255 255 255 0 Destination IP address 192 1 0 0 Destination IP address mask 255 255 0 0 Start end source destination port range 0 65535 Add another address port pattern n Control Field Definition Control number 6 Control name IPFilter1 Rate limit type none Service Level drop Classifiers ...

Page 595: ...traffic between two hosts 192 20 3 3 and 193 20 3 3 while classifier 3 drops IP traffic TCP and UDP not ICMP to and from one of the hosts 192 20 3 3 This example shows how the classifier number can be used to dictate precedence Figure 72 Flow Classifier for Traffic to from a Subnetwork 192 20 3 0 subnet 192 20 4 0 subnet 193 20 3 0 subnet 193 20 8 0 subnet 192 20 3 3 193 20 3 3 L3 Switch 4007 with...

Page 596: ...55 Destination IP address 193 20 3 3 Destination IP address mask 255 255 255 255 Start end source port range 0 65535 Add another filter address port pattern y Source IP address 193 20 3 3 Source IP address mask 255 255 255 255 Destination IP address 192 20 3 3 Destination IP address mask 255 255 255 255 Start end destination port range 0 65535 Add another filter address port pattern n Control Fiel...

Page 597: ...rce IP address mask 255 255 255 255 Destination IP address 0 0 0 0 all Destination IP address mask 0 0 0 0 Start end source port range 0 65535 Add another filter address port pattern y Source IP address 0 0 0 0 all Source IP address mask 0 0 0 0 Destination IP address 192 20 3 3 Destination IP address mask 255 255 255 255 Start end destination port range 0 65535 Add another filter address port pat...

Page 598: ...o Web Traffic Classifier definition for high priority Web traffic Classifier Field Classifier Definition Classifier number 17 Classifier name httpServer1 Cast type unicast IP protocol type TCP Source IP address 0 0 0 0 Source IP address mask 0 0 0 0 Destination IP address 0 0 0 222 Destination IP address mask 0 0 0 255 Start end source port range 80 80 Add another filter address port pattern y Sou...

Page 599: ...nd a rate limit of 2048 Kbps Figure 74 Nonflow Classifier Control for Bridged Multimedia Traffic Source IP address mask 0 0 0 255 Destination IP address 0 0 0 0 Destination IP address mask 0 0 0 0 Start end destination port range 80 80 Add another filter address port pattern n Control Field Definition Control number 7 Control name httpServer1 Rate limit type none Service level high 802 1p tag for ...

Page 600: ...all unicast multicast broadcast UMB Protocol type any IEEE 802 1Q tag s 5 Control Field Definition Control number 4 Control name Interactive_Multimedia Rate limit type receivePort Service level high Loss eligible status no Excess service level drop Excess loss eligible status Representation of rate limit Kbytes sec Rate limit value 2048 KB Burst size 181 KB Bridge ports 1 through 13 802 1p tag for...

Page 601: ...ic with a high priority transmit service level and a rate limit of 75 percent of the link bandwidth Figure 75 Nonflow Classifier Control for Bridged IP Unicast Traffic Nonflow classifier definition for bridged IP unicast traffic Classifier Field Classifier Definition Classifier number 430 Classifier name IP_Unicast Cast type unicast U Protocol type IP IEEE 802 1Q tag s 0 through 7 Server Clients 1...

Page 602: ...r source destination information flow classifier or change IEEE 802 1p values nonflow classifier You may want to modify a control to specify a different service level queue or rate limit Control Field Definition Control number 5 Control name IP_Unicast Rate limit type receivePort Service level high Loss eligible status no Excess service level low Excess loss eligible status yes Representation of r...

Page 603: ... the Multilayer Switching Module deletes these definitions If you want to modify a control that uses the rate limit type of aggregate or receivePort with several rate limit values you can change one rate limit value without affecting the other defined rate limit values QoS Excess Tagging Your Multilayer Switching Module enables you to tag nonconforming excess packets that is packets that exceed th...

Page 604: ... and the tagging and has the QoS flow The upstream system passes the excess traffic with the tag of 2 standard priority to the downstream system The downstream system can prioritize traffic from this flow at Layer 2 using its default 802 1p classifier 404 for conforming packets and classifier 402 for nonconforming excess packets along with the corresponding controls 4 and 2 For this configuration ...

Page 605: ...ion IP address 0 0 0 0 Destination IP address mask 0 0 0 0 Start end source destination port range 2010 2020 Add another filter address port pattern n Control Field Definition Control number 5 Control name VideoServer1 Rate limit type receivePort Service level high Loss eligible status no Excess service level low Excess loss eligible status yes Representation of rate limit Kbytes sec Rate limit va...

Page 606: ...dify QoS bandwidth By default the weighting of the queues is 75 percent high priority traffic and 25 percent best effort traffic Keep in mind that the weighting does not represent guaranteed output bandwidth for these queues because they are served in relative percentages after the control queue is serviced When you modify the QoS bandwidth you specify the percentage of bandwidth to be used for th...

Page 607: ...t each hop along the path back to the source routers such as your Layer 3 switching module register the reservation and try to provide the required QoS If a router cannot provide the required QoS its RSVP process sends an error to the end system that initiated the request RSVP is designed for multicast applications but it also supports resource reservations for unicast applications as well as poin...

Page 608: ... total reservable bandwidth You specify a percentage of the output link a value of from 0 through 200 with 50 as the default This percentage is the amount of bandwidth that you allow RSVP to reserve in the Multilayer Switching Module You can over subscribe over 100 and specify a value up to 200 Maximum per reservation bandwidth The largest reservation that RSVP attempts to install Specify this ban...

Page 609: ...ion request dotted lines flows upstream along a multicast delivery tree with routing capable devices such as Switch 4007 Multilayer Switching Modules until it merges with another reservation request for the same source Figure 77 Sample RSVP Configuration Source station End stations L3 Switch 4007 with Multilayer Module L3 L3 L3 L3 L3 L3 CoreBuilder 3500 Layer 3 Switches ...

Page 610: ... sample RSVP detail display Figure 78 identifies the RSVP data flow as it passes through the Layer 3 module and provides the following information Session information including destination IP addresses and ports protocols sender receivers and RSVP reservations Session sender information that identifies port numbers source IP addresses previous hop addresses Logical Interface Handle LIH values Time...

Page 611: ... 0 155 42880 16000 2 2 158 101 90 22 1 144 54784 16000 Session Receiver Port Next hop ST Filter IP Port 1 1 8 158 101 90 22 FF 158 101 232 50 32827 2 2 4 158 101 232 50 FF 158 101 238 9 32809 Session Receiver LIH TTD Bandwidth Burst 1 1 8 148 42880 16000 2 2 4 152 54784 16000 Session Reservation Port Next hop ST Filter IP Port 1 1 8 158 101 90 22 FF 158 101 232 50 32827 2 2 4 158 101 232 50 FF 158...

Page 612: ...612 CHAPTER 22 QOS AND RSVP ...

Page 613: ...features are available on Switch 4007 Layer 2 and Multilayer Switching Modules Differences in implementation between these module groups are noted where applicable The chapter covers these topics Chapter Scope Device Monitoring Overview Key Concepts and Tools Event Logging Baselining Roving Analysis Ping traceRoute SNMP Remote Monitoring RMON Management Information Base MIB ...

Page 614: ...h fabric modules Features implemented on the EME module include Event Logging Ping Simple Network Management Protocol SNMP For information about using these features see the chapters in Part II of this guide Features implemented on Switch 4007 modules include Baselining Roving Analysis Ping EME and Layer 3 only traceRoute Layer 3 only SNMP Features implemented on all switching modules include RMON...

Page 615: ... are implemented in the Web Management software You manage features that are implemented in the interface module and switch fabric module from the menus of the Administration Console after you log in to the Enterprise Management Engine and connect to a module in the Switch 4007 chassis For information about the Administration Console see the Command Reference Guide RMON MIBs are accessible only th...

Page 616: ...mance data is collected on the network Key Concepts and Tools Key concepts and tools for the device monitoring of your system are described in this section to give you a perspective of the scope of device monitoring Administration Console The Administration Console provides you with access to all the features of your system You can use the Administration console after you log in to the EME and con...

Page 617: ...are agents collect information about throughput record errors or packet overflows and measure performance based on established thresholds Through a polling process agents pass this information to a centralized network management station whenever they receive an SNMP query Management applications then make the data useful and alert the user if there are problems on the device For more information a...

Page 618: ...tant Considerations Baselining is maintained across Administration Console sessions Statistics that you view after setting the baseline indicate that they are relative to the baseline To view statistics as they relate only to the most recent power on disable the baseline Baselining affects the statistics that are displayed for Ethernet ports and bridges Displaying the Current Baseline You can get ...

Page 619: ...Analyzer to the System Roving analysis is implemented for Layer 2 and Multilayer Switching Modules of the Switch 4007 system The monitor port and the analyzer port must be on the same module The purpose of roving analysis is to Analyze traffic loads on each segment so that you can continually optimize your network loads by moving network segments Troubleshoot switched network problems for example ...

Page 620: ...rs as there are ports on the module up to a maximum of 12 The network analyzer cannot be located on the same bridge port as the port that you want to monitor For more accurate analysis attach the analyzer to a dedicated port instead of through a repeater When the analyzer port is set it cannot receive or transmit any other data Instead it receives only the data from the port s to be monitored If S...

Page 621: ...d analyzer start Table 95 lists which RMON groups can continue to collect data and which cannot after the port has become a monitor port The RMON groups that require samples of traffic from the ASICs will not work because they do not receive any traffic data when a port is defined as a monitor port The Multilayer Switching Modules are capable of doing either roving analysis or traffic sampling but...

Page 622: ...network name server Also you must add the IP address on the name server to the list of name server addresses that are associated with the network domain name See Chapter 16 Using Ping The system provides two ping functions ping Uses the hostname or IP address to ping a host with default options advancedPing Uses the hostname or IP address to ping a host with the advanced ping options that you spec...

Page 623: ...et sizes ping the remote host repeatedly increasing the packet size each time traceRoute Use the traceRoute feature to track the route of an IP packet through the network TraceRoute information includes all of the nodes in the network through which a packet passes to get from its origin to its destination The traceRoute feature uses the IP time to live TTL field in User Datagram Protocol UDP probe...

Page 624: ...raceRoute feature prints the address of each responding system If no response occurs in the 3 second time out interval traceRoute displays an asterisk for that probe Other characters that can be displayed include the following N Network is unreachable H Host is unreachable P Protocol is unreachable F Fragmentation is needed n Unknown packet type SNMP Simple Network Management Protocol SNMP one of ...

Page 625: ...f the management station or stations Managers send requests to agents either to send information or to set a parameter and agents provide the requested data or set the parameter Agents can also send information to the managers without being requested by the managers through trap messages which inform the manager that certain events have occurred SNMP Messages SNMP supports queries called messages ...

Page 626: ...orted to your management station to be used by the Network Management Platforms such as HP OpenView Network Node Manager or SunNet Manager You do not need to enable all traps to effectively manage a switch To decrease the burden on the management station and on your network you can limit the traps reported to the management station MIBs are not required to document traps The SNMP agent supports th...

Page 627: ... Power Supply Failure 3C System MIB The trap that is generated when a power supply unit fails in a system with a dual power supply 13 Address Threshold 3C System MIB The number of addresses stored in the bridge reaches a certain threshold 14 System Fan Failure 3C System MIB One of the system fans fails 15 SMT Hold Condition 3C FDDI MIB FDDI SMT state either in holding prm or holding sec 16 SMP Pee...

Page 628: ...ese conditions If one of the ports in a resilient link pair changes state which causes a switchover of the active port If there was no active port and a port has become active 31 Resilient Link No Switch Trap 3C Resilient link MIB This trap is generated when one of the ports in a resilient link pair changes state but does not cause a switchover of the active port If such a switchover occurs trap 3...

Page 629: ...hresholds This could be due to a duplex mismatch or a malfunctioning device on the port Layer 2 modules only 35 QOS Intruder QOS MIB This trap is generated when a user attempts to access a network restricted with a QoS One Way TCP Filter The trap contains the following information Source IP Address Destination IP Address Destination IP Port Number QoS Classifier Number To prevent a denial of servi...

Page 630: ...n of information about your system You can view many system specific settings Your views of MIB information differ depending on the system SNMP management method that you choose In addition you can configure a system SNMP agent to send traps to an SNMP manager to report significant events Administering SNMP Trap Reporting For network management applications you can use the Administration Console t...

Page 631: ...N is implemented for the Layer 2 and Multilayer Switching Modules and the switch fabric module of the Switch 4007 system To manage RMON you use the IP address that is assigned to the EME See Chapter 16 for information about managing IP interfaces You can gain access to the RMON capabilities of the system through SNMP applications such as Transcend Network Control Services software not through the ...

Page 632: ...console traditional network management applications poll network devices such as switches bridges and routers at regular intervals The console gathers statistics identifies trends and highlights network events The console polls network devices constantly to determine if the network is within its normal operating conditions As network size and traffic levels grow however the network management cons...

Page 633: ...cend RMON Agents RMON requires one probe per LAN segment Because a segment is a portion of the LAN that is separated by a bridge or router the cost of implementing many probes in a large network can be high To solve this problem 3Com has built an inexpensive RMON probe into the Transcend SmartAgent software in each system With this probe you deploy RMON widely around the network at a cost of no mo...

Page 634: ...g Modules support additional RMON 1 and RMON 2 groups The system will keep as much protocolDir group 11 protocolDist group 12 and probeConfig group 19 data as its resources will allow All other RMON group data is hardware sampled The system can be configured to keep hardware sampled RMON group data on up to four ports per module RMON data for Gigabit Ethernet is supported on Layer 2 modules RMON d...

Page 635: ...d stores periodic statistical samples from the statistics group Alarm 3 Allows you to define thresholds for any MIB variable and trigger alarms Host 4 Discovers new hosts on the network by keeping a list of source and destination physical addresses that are seen in good packets HostTopN 5 Allows you to prepare reports that describe the hosts that top a list sorted by one of their statistics Matrix...

Page 636: ...but otherwise well formed Number of received packets that are oversized but otherwise well formed Number of received undersized packets with either a CRC or an alignment error Number of detected transmit collisions Byte sizes include the 4 byte FCS but exclude the framing bits Table 99 lists the ethernet packet length counters that are implemented in the RMON 1 statistics group to keep track of th...

Page 637: ...ackets that are oversized but otherwise well formed Number of received undersized packets with either a CRC or an alignment error Number of detected transmit collisions Estimate of the mean physical layer network utilization Alarm Group The system supports the following RMON alarm mechanisms Counters Gauges Integers Timeticks These RMON MIB objects yield alarms when the network exceeds predefined ...

Page 638: ...ers An alarm calculates the difference in counter values over a set time interval and remembers the high and low values When the value of a counter exceeds a preset threshold the alarm reports this occurrence Using Transcend Network Control Services or any other SNMP network management application you can assign alarms to monitor any counter gauge timetick or integer See the documentation for your...

Page 639: ...er previously falling below the low threshold An alarm does not occur if the value has not fallen below the low threshold before rising above the high threshold The counter value falls below the low threshold after previously exceeding the high threshold An alarm does not occur if the value has not first risen above the high threshold For example in Figure 81 an alarm occurs the first time that th...

Page 640: ...stTopN group reports on hosts that top a list that is sorted in order of one of their statistics Information from this group includes Number of received packets Number of transmitted packets Number of received octets Number of transmitted octets Number of transmitted broadcast packets Number of transmitted multicast packets Matrix Group The matrix group records the following statistics about conve...

Page 641: ...dition deletion and configuration of entries in the list protocolDist 12 Maintains a table of aggregate statistics on the amount of traffic that each protocol generates per LAN segment not for each host or application running on each host AddressMap 13 Maintains a table that maps each network address to a specific MAC address and port on an attached device and the physical address on the subnetwor...

Page 642: ... the supported protocols have sent It features two tables a protocol distribution control table that manages the collection of the statistics for the supported protocols and a protocol distribution statistics table that records the statistics In the control table each row represents a network interface associated with the probe and controls rows in the statistics table a row for each protocol asso...

Page 643: ...ng entries can be placed in the data table Network Layer Host Group The nlHost group gathers statistics about packets based on their network layer address The RMON 1 host group gathers statistics based on MAC address This group features a host control table and a host data table Network Layer Matrix Group The nlMatrix group gathers statistics about pairs of hosts based on network layer address The...

Page 644: ...one object in the probeConfig group the probeCapabilities object The function of this object is to identify the RMON groups that the probe supports Management Information Base MIB This section provides information on the Management Information Base MIB A MIB is a structured set of data that describes the way that the network is functioning The management software known as the agent gains access to...

Page 645: ...ib RFC 2037 Layer 2 Layer 3 and EME ETHERNET mib Ethernet MIB RFC 1398 Layer 2 and Layer 3 FDDI SMT73 MIB mib FDDI SMT 7 3 MIB RFC 1512 Layer 3 only dot3CollTable dot3Test group dot3Errors group dot3ChipSets group FDDI MIB mib FDDI Station Management MIB RFC 1285 Layer 3 only IANAifType MIB V1SMI mib Internet Assigned Numbers Authority MIB SMI Version 1 RFC 1573 Layer 2 and Layer 3 IF MIB V1SMI mi...

Page 646: ... Layer 3 hostTopN Layer 3 matrix Layer 3 event Layers 2 and 3 axonFddiRmon mib AXON RMON MIB proprietary support Layer 3 only On FDDI modules these replace the RMON 1 statistics and history groups FDDI modules support all other RMON 1 and RMON 2 groups axFddiStatistics axFddiHistory RMON2 MIB V1SMI mib RMON v2 SMI Version 1 MIB RFC 2021 Layer 3 only protocolDir RMONv2 protocolDist RMONv2 addressMa...

Page 647: ... Enterprise MIBs later in this chapter Compiler Support Compiler Support ASN 1 MIB files are provided for these MIB compilers SunNet Manager version 2 0 SMICng version 2 2 06 MIB Objects The data in the MIB consists of objects that represent features of the equipment that an agent can control and manage Examples of objects in the MIB include a port that you can enable or disable and a counter that...

Page 648: ...ferent management features are derived from the MIB you can better understand how to use the information they provide MIBs include MIB II other standard MIBs such as the RMON MIB and vendors private MIBs such as enterprise MIBs from 3Com These MIBs and their objects are part of the MIB tree MIB Tree The MIB tree is a structure that groups MIB objects in a hierarchy and uses an abstract syntax nota...

Page 649: ...ends the OID to the agent which in turn determines if the OID is supported If the OID is supported the agent returns information about the object For example to retrieve an object from the RMON MIB the software uses this OID 1 3 6 1 2 1 16 which indicates this path iso 1 indent org 3 dod 6 internet 1 mgmt 2 mib 1 RMOM 16 ...

Page 650: ...aces 2 at 3 ip 4 icmp 5 tcp 6 udp 7 egp 8 enterprises 1 transmission 10 snmp 11 RMON 16 MIB I MIB II Statistics 1 History 2 Alarm 3 Hosts 4 HostTopN 5 Matrix 6 Filter 7 Capture 8 Event 9 TokenRing 10 RMON 1 ProtocolDir 11 Protocol Dist 12 AddressMap 13 nlHost 14 nlMatrix 15 alHost 16 alMatrix 17 userHistory 18 probeConfig 19 RMON 2 3Com 43 synernetics 114 chipcom 49 startek 260 onstream 135 retix ...

Page 651: ...p indicates the group s branch in the MIB subtree MIB I supports groups 1 through 8 MIB II supports groups 1 through 8 plus two additional groups Table 101 MIB II Group Descriptions MIB II Group Purpose system 1 Operates on the managed node interfaces 2 Operates on the network interface for example a port or MAC that attaches the device to the network at 3 Were used for address translation in MIB ...

Page 652: ...lds Hosts 4 Statistics stored for each station s MAC address HostTopN 5 Stations ranked by traffic or errors Matrix 6 Map of traffic communication among devices that is who is talking to whom Filter 7 Packet selection mechanism Capture 8 Traces of packets according to predefined filters Event 9 Reporting mechanisms for alarms Token Ring 10 Ring Station Statistics and status information associated ...

Page 653: ...ption Protocol Directory 11 Lists the inventory of protocols that the probe can monitor Protocol Distribution 12 Collects the number of octets and packets for protocols detected on a network segment Address Map 13 Lists MAC address to network address bindings discovered by the probe and the interface on which the bindings were last seen Network Layer Host 14 Counts the amount of traffic sent from ...

Page 654: ...y 3cigmpSnoop mib 3Com IGMP Snooping MIB Layer 2 only 3com0304 mib 3Com Resilient Links MIB 43 10 15 Layer 2 and Layer 3 3cPolicy mib 3Com Policy Management MIB 43 29 4 23 Layer 3 only 3cPoll mib 3Com Remote Polling MIB 43 29 4 22 Layer 2 and Layer 3 3cProd mib 3Com Transcend Product Management MIB 43 1 Layer 2 Layer 3 and EME 3cQos mib 3Com QoS MIB 43 29 4 21 Layer 3 only 3cSys mib 3Com System MI...

Page 655: ... 10 1 14 1 Layer 2 and Layer 3 3cWeb mib 3Com Web Management MIB 43 29 4 24 Layer 2 and Layer 3 MIB names and numbers are usually retained when organizations restructure their businesses therefore some of the 3Com Enterprise MIB names may not contain the word 3Com ...

Page 656: ...656 CHAPTER 23 DEVICE MONITORING ...

Page 657: ...IV REFERENCE Appendix A Technical Support Index ...

Page 658: ......

Page 659: ...line systems World Wide Web Site 3Com FTP Site 3Com Bulletin Board Service 3Com Facts Automated Fax Service World Wide Web Site To access the latest networking information on the 3Com Corporation World Wide Web site enter this URL into your Internet browser http www 3com com This service provides access to online support information such as technical documentation and software as well as support o...

Page 660: ... modem to 8 data bits no parity and 1 stop bit Call the telephone number nearest you Access by Digital Modem ISDN users can dial in to the 3Com BBS using a digital modem for fast access up to 64 Kbps To access the 3Com BBS using ISDN call the following number 1 847 262 6000 Country Data Rate Telephone Number Australia Up to 14 400 bps 61 2 9955 2073 Brazil Up to 14 400 bps 55 11 5181 9666 France U...

Page 661: ...on ready Product model name part number and serial number A list of system hardware and software including revision levels Diagnostic error messages Details about recent configuration changes if applicable If you are unable to contact your network supplier see the following section on how to contact 3Com Support from 3Com If you are unable to obtain assistance from the 3Com online technical resour...

Page 662: ...in Europe call 31 0 30 6029900 phone 31 0 30 6029999 fax From the following European countries you may use the toll free numbers Austria Belgium Denmark Finland France Germany Hungary Ireland Israel Italy 06 607468 0800 71429 800 17309 0800 113153 0800 917959 0130 821502 00800 12813 1 800 553117 177 3103794 1678 79489 Netherlands Norway Poland Portugal South Africa Spain Sweden Switzerland U K 080...

Page 663: ...2 435860 44 1442 435718 From the following European countries you may call the toll free numbers select option 2 and then option 2 Austria Belgium Denmark Finland France Germany Hungary Ireland Israel Italy Netherlands Norway Poland Portugal South Africa Spain Sweden Switzerland U K 06 607468 0800 71429 800 17309 0800 113153 0800 917959 0130 821502 00800 12813 1800553117 177 3103794 1678 79489 080...

Page 664: ......

Page 665: ...twork 360 source 163 specifying for flow classifiers 579 addressing scheme OSPF 458 addressMap group RMON V2 643 addressThresholdEvent 187 adjacencies OSPF 456 administer access 89 password forgotten 105 user override 89 Administration Console accessing 43 password levels 46 administration console DISCONNECT command 106 logging on to 106 ADSP AppleTalk Data Stream Protocol 544 advancedPing command...

Page 666: ...able ZIT 544 551 zones 546 548 554 555 AppleTalk Address Resolution Protocol AARP 536 area border routers 454 464 467 475 477 area IDs OSPF 473 areas 448 451 453 461 465 backbone 462 466 backbone OSPF 473 stub 462 466 487 transit 462 ARP Address Resolution Protocol cache 372 defined 372 location in OSI Reference Model 358 reply 373 request 373 ASBRs 459 ASCII based editor for packet filters 313 AS...

Page 667: ... flow 578 nonflow 580 CBPDU best 174 information 173 changing default VLAN 267 port numbering via module removals 143 port numbering via module replacements 144 chassis contents showing 129 checksum 547 configuring AppleTalk 559 Chooser Macintosh 546 Class of Service 199 classifiers QoS assigning numbers 576 defining 573 575 defining flow 577 defining nonflow 580 flow routing requirements 577 580 ...

Page 668: ...iption packets OSPF 455 datagrams 560 DB 9 connector 64 DDP Datagram Delivery Protocol 539 dead interval OSPF 458 472 474 DECnet protocols for VLANs 281 default classifier 499 576 restrictions 573 default control 1 583 restrictions 573 Default gateway 94 default gateway 75 95 default route metrics OSPF 448 461 468 default route IP 368 gateway address 372 default route OSPF 468 default settings por...

Page 669: ...bandwidth to 147 152 enterprise MIBs 654 eq opcode 326 equation for calculating number of VLANs 256 errors ICMP redirect 377 ping 622 routing interface 371 VLAN 371 Ethernet 159 aggregated links 147 collision 159 configurations 147 continuous operations providing 147 CSMA CD 146 159 definition 146 Fast Ethernet 146 frames processing 150 Gigabit Ethernet 146 Gigabit Interface Converter GBIC 159 gui...

Page 670: ...69 IP and VLAN requirements 577 range of numbers 576 routing requirements 577 580 specifying addresses and masks 579 specifying ports and ranges 579 flow control Gigabit Ethernet ports 157 flows RSVP 608 flush command snmp trap 631 flushing SNMP trap addresses 631 FORCE command 105 forward delay 184 forwarded frames setting priority tags 571 forwarding AppleTalk traffic 558 for VLANs 298 port stat...

Page 671: ...STP mode 259 262 293 sample configuration 293 import policies 384 in band management 55 independent VLAN Learning IVL 261 index VLAN interface 371 ingress rules 250 VLANs 295 installable software files 43 Filter Builder 44 installation EME 58 verifying network communication 67 instructions packet filter opcodes 321 322 operands 321 322 Interaction Between the EME and SNMP 94 interface address Appl...

Page 672: ...efining end points 441 IP packets filter 342 346 IP protocols for VLANs 281 IP routing address classes 361 administering 372 defining static routes 372 features and benefits 359 OSI reference model 358 router interface 365 routing table 366 368 transmission process 358 types of routes 372 IPX dynamic route 524 Interior Gateway Protocols IGPs 520 RIP policies 528 routing table example 522 routing p...

Page 673: ...address aliasing 218 Macintosh Chooser 546 management IP interface 366 LAN 41 station RMON MIB 632 manual versus dynamic VLAN configuration 278 masks flow classifier 578 subnet 362 370 matrix group RMON 640 maximum age 184 MBONE 429 MDI to MDI crossover cable 64 media Ethernet 159 Fast Ethernet 159 Gigabit Ethernet 159 memory EME 69 memory partition 449 memory partition OSPF 485 methods of using Q...

Page 674: ...work numbers extended 545 nonextended 545 network ranges 546 548 550 551 aging out of AppleTalk tables 556 network supplier support 661 network troubleshooting 619 network based VLANs 243 245 allOpen mode and 265 ingress rules 295 using 289 networks and AppleTalk devices 549 AppleTalk phase 1 547 AppleTalk phase 2 547 connecting to AppleTalk phase 1 547 nlHost group RMON V2 643 nlMatrix group RMON...

Page 675: ...75 databases 449 471 475 protocol 448 request packets 455 update packets 455 link state databases viewing 479 link state sequence 475 location in OSI Reference Model 358 memory partition 449 485 metric 476 mode 468 neighbors 449 455 456 457 459 471 472 480 and adjacencies 453 static 483 viewing information 481 network link advertisements 476 packets database description 455 Hello 455 hello 456 483...

Page 676: ...ting 311 opcodes 322 operands 321 port group example 337 predefined 316 procedure for writing 320 processing paths 312 pseudocode 342 run time storage 336 sequential tests 329 stack 321 standard 309 storage space 336 syntax errors 331 332 packets conforming 570 Ethernet type 307 excess 571 FDDI type 307 fields for operands 322 loss eligible 571 tagging excess 572 PAP Printer Access Protocols 544 p...

Page 677: ...emoving trunk 268 power allocating sufficient 118 fault tolerant mode defined 114 fault tolerant mode and reserve budget 115 modes 113 non fault tolerant mode extra power supply and 114 power supply failure in 114 requirements 116 power budget increasing unallocated 118 maintained by EMEs 119 power capacity power fault tolerant mode 112 power class default 117 power class settings 117 setting the ...

Page 678: ...nformation ZIP 555 562 pruning IP multicast 437 pushDPGM opcode 326 337 pushField size 322 pushLiteral opcode 323 324 pushSPGM opcode 325 337 pushTop opcode 325 Q QoS Quality of Service and RSVP 569 bandwidth 571 606 burst size 571 586 classifiers 569 assigning numbers 576 defining 575 defining flow 577 defining nonflow 580 modifying 602 predefined 574 removing 602 specifying ports and ranges 579 ...

Page 679: ...ht 386 example 391 explained 385 export 528 import 528 IPX 528 metric adjustment 386 387 parameters 391 policy conditions 388 policy conflicts 389 RJ 45 connector 63 RMON Remote Monitoring 632 addressMap group 643 agents 633 alarms 637 638 alHost application layer host group 643 alMatrix application layer matrix group 644 and roving analysis 621 axFddiHistory group 637 axFddiStatistics group 636 b...

Page 680: ...ort 493 496 routing table IP contents 366 default route 368 372 described 366 dynamic routes 367 metric 366 static routes 367 372 status 367 routing table IPX example 522 roving analysis and RMON 621 and Spanning Tree 620 definition 619 process overview 620 rules 620 RS 232 9 pin to 25 pin cable pinout 65 9 pin to 9 pin cable pinout 65 RSVP Resource Reservation Protocol 569 607 overview 566 protoc...

Page 681: ...ommand 91 show login display 92 SHOW POWER commands 128 SHOW SERVDIAG command 109 SHOW TERMINAL command 81 show web access 76 show web timeout 76 Showing and Clearing IP Settings 95 singlemode fiber 159 SMC versus SCC 54 SNMP 55 SNMP Simple Network Management Protocol 94 agent defined 625 630 working with SNMP manager 630 defined 624 displaying configurations 630 management 94 manager defined 625 ...

Page 682: ...lt 117 switched traffic and nonflow classifiers 569 switches bandwidth to 147 152 system access methods 45 System Controller Component SCC 54 System Management Component SMC 54 system parameters options and guidelines 135 T table Routing Table Maintenance Protocol RTMP 551 tag status rules 298 tagging 249 egress rules for transmit ports 299 excess packets 572 for port based VLANs 270 for protocol ...

Page 683: ...l TCMP 226 U UDP User Datagram Protocol port number 394 ports 579 UDP Helper administering 393 configuring overlapped IP interfaces 394 display 394 guidelines 394 hop count 393 overlapped IP interfaces 394 threshold 393 UDP port number 393 unspecified protocol 270 untagged ports 299 updates SAP triggered 527 530 updates GVRP 277 users access levels 89 adding 89 clearing 93 configuring logins 89 sh...

Page 684: ...net Masks 364 VRRP Virtual Router Redundancy Protocol advertisement messages 403 and DHCP 407 and dynamic routing protocols 405 and ICMP Redirect 407 and IGMP 406 and QOS 407 and STP Spanning Tree Protocol 405 410 concepts 400 configuration example on the CoreBuilder 9000 414 important considerations 403 initialize state 401 one armed router 412 overview 398 primary IP address 401 prioritzing back...

Reviews:

No comments