Alcatel OmniSwitch 6624 Network Configuration Manual Download Page 334

Page: 334 / 546

AVLAN Configuration Overview

Configuring Authenticated VLANs

page 18-4

OmniSwitch 6624/6648 Network Configuration Guide

April 2004

AVLAN Configuration Overview

Configuring authenticated VLANs requires several major steps. The steps are outlined here and described
throughout this chapter. See

“Sample AVLAN Configuration” on page 18-5

for a quick overview of

implementing the commands used in these procedures.

Set up authentication clients

. See

“Setting Up Authentication Clients” on page 18-7

Configure at least one authenticated VLAN

. A router port must be set up in at least one authenti-

cated VLAN for the DHCP relay. See

“Configuring Authenticated VLANs” on page 18-26

Configure at least one authenticated mobile port

. Required for connecting the clients to the switch.

See

“Configuring Authenticated Ports” on page 18-28

Set up the DHCP server

. Required if you are using Telnet or Web browser clients. Required for any

clients that need to get IP addresses after authentication. See

“Setting Up the DHCP Server” on

page 18-29

Configure the authentication server authority mode

. See

“Configuring the Server Authority Mode”

on page 18-32

Specify accounting servers for authentication sessions

. Optional; accounting may also be done

through the switch logging feature in the switch. See

“Specifying Accounting Servers” on page 18-35

The following is a summary of commands used in these procedures.

Commands

Used for ...

vlan authentication

Enabling authentication on VLAN(s)

vlan router ip

Setting up a router port on the authenticated
VLAN.

vlan port mobile
vlan port authenticate

Creating authenticated port(s)

aaa avlan dns

Configuring a DNS name; required for Web
browser clients

ip helper address
aaa avlan default dhcp
ip helper avlan only

Configuring the DHCP server; required for for
Telnet and Web browser clients.

aaa vlan no

Removing a user from an authenticated VLAN

aaa ldap-server
aaa radius-server

Setting up switch communication with authenti-
cation servers

aaa authentication vlan single-mode
aaa authentication vlan multiple-mode

Enabling authentication and setting the authority
mode for servers

aaa accounting vlan

Specifying accounting for AVLAN sessions.

Summary of Contents for OmniSwitch 6624

Page 1: ...Part No 060179 10 Rev C April 2004 OmniSwitch 6624 6648 Network Configuration Guide www alcatel com...

Page 2: ...OmniVista are registered trademarks of Alcatel Internetworking Inc OmniAccess Omni Switch Router PolicyView RouterView SwitchManager VoiceView WebView X Cell X Vision and the Xylan logo are trademark...

Page 3: ...ults 1 3 Configuring Ethernet Ports Tutorial 1 4 Ethernet Ports Overview 1 6 OmniSwitch 6648 1 6 OmniSwitch 6624 1 7 OmniSwitch 6600 U24 1 7 10 100 Crossover Supported 1 7 Setting Ethernet Port Parame...

Page 4: ...4 Configuring Static MAC Addresses 2 5 Static MAC Addresses on Link Aggregate Ports 2 5 Configuring MAC Address Table Aging Time 2 6 Displaying MAC Address Table Information 2 7 Chapter 3 Configuring...

Page 5: ...11 Defining an IP Router Port 4 11 Modifying an IP Router Port 4 12 Defining Maximum Transmission Unit MTU Size 4 12 What is Single MAC Router Mode 4 13 Bridging VLANs Across Multiple Switches 4 14 V...

Page 6: ...Defaults 6 2 Sample VLAN Port Assignment 6 3 Statically Assigning Ports to VLANs 6 4 Dynamically Assigning Ports to VLANs 6 4 How Dynamic Port Assignment Works 6 5 VLAN Mobile Tag Classification 6 5...

Page 7: ...7 15 How to Define a MAC Port Binding Rule 7 16 How to Define a MAC IP Address Binding Rule 7 16 How to Define an IP Port Binding Rule 7 16 How to Define a Port Protocol Binding Rule 7 17 Defining MA...

Page 8: ...g with Link Aggregation 9 6 Configuring the Frame Type 9 7 Show 802 1Q Information 9 8 Application Example 9 9 Verifying 802 1Q Configuration 9 11 Chapter 10 Configuring Static Link Aggregation 10 1 I...

Page 9: ...Configuring Ports to Join and Removing Ports in a Dynamic Aggregate Group 11 12 Configuring Ports To Join a Dynamic Aggregate Group 11 12 Removing Ports from a Dynamic Aggregate Group 11 16 Modifying...

Page 10: ...cols 12 4 IP Forwarding 12 5 Creating an IP Router Port 12 5 Creating a Static Route 12 6 Creating a Default Route 12 6 Configuring Address Resolution Protocol ARP 12 7 Adding a Permanent Entry to the...

Page 11: ...ling a RIP Host Route 13 9 RIP Redistribution 13 9 Enabling RIP Redistribution 13 10 Configuring a RIP Redistribution Policy 13 10 Configuring a Redistribution Metric 13 11 Configuring a RIP Redistrib...

Page 12: ...y Overview 15 4 DHCP 15 4 DHCP and the OmniSwitch 15 5 DHCP Relay and Authentication 15 5 External DHCP Relay Application 15 6 Internal DHCP Relay 15 7 DHCP Relay Implementation 15 8 Global DHCP 15 8...

Page 13: ...thentication Servers 17 3 Quick Steps For Configuring Authentication Servers 17 4 Server Overview 17 5 Backup Authentication Servers 17 5 Authenticated Switch Access 17 5 Authenticated VLANs 17 6 Port...

Page 14: ...uired Files for Web Browser Clients 18 8 SSL for Web Browser Clients 18 11 DNS Name and Web Browser Clients 18 11 Installing the AV Client 18 12 Loading the Microsoft DLC Protocol Stack 18 12 Loading...

Page 15: ...the Maximum Number of Requests 19 10 Re authenticating an 802 1X Port 19 10 Initializing an 802 1X Port 19 11 Configuring Accounting for 802 1X 19 11 Verifying the 802 1X Port Configuration 19 11 Cha...

Page 16: ...he QoS Log 21 14 What Kind of Information Is Logged 21 14 Number of Lines in the QoS Log 21 14 Log Detail Level 21 15 Forwarding Log Events to PolicyView 21 15 Forwarding Log Events to the Console 21...

Page 17: ...37 Creating MAC Groups 21 38 Creating Port Groups 21 39 Port Groups and Maximum Bandwidth 21 40 Verifying Condition Group Configuration 21 42 Using Map Groups 21 43 Sample Map Group Configuration 21 4...

Page 18: ...Layer 3 ACLs 22 14 Layer 3 ACL Example 1 22 14 Layer 3 ACL Example 2 22 15 Multicast Filtering ACLs 22 15 Verifying the ACL Configuration 22 16 ACL Application Example 22 18 Chapter 23 Configuring IP...

Page 19: ...figuring the Querier Aging and Election Timeout 23 12 Restoring the Querier Aging and Election Timeout 23 12 IPMS Application Example 23 13 Displaying IPMS Configurations and Statistics 23 15 Chapter...

Page 20: ...ealth Threshold Limits 24 26 Configuring Sampling Intervals 24 27 Viewing Sampling Intervals 24 27 Viewing Health Statistics for the Switch 24 28 Viewing Health Statistics for a Specific Interface 24...

Page 21: ...or Task Statistics 26 7 Displaying the Memory Monitor Size Statistics 26 9 Appendix A Software License and Copyright Statements A 1 Alcatel License Agreement A 1 ALCATEL INTERNETWORKING INC AII SOFTWA...

Page 22: ...Contents xxii OmniSwitch 6624 6648 Network Configuration Guide April 2004...

Page 23: ...nterprise edge workgroup switches offer ing 24 and 48 10 100 ports respectively The OmniSwitch 6600 U24 is a next generation enterprise edge workgroup switch offering 24 fiber 100 Mbps ports In additi...

Page 24: ...features that are typically deployed in a multi switch environment What is in this Manual This configuration guide includes information about configuring the following features VLANs VLAN router ports...

Page 25: ...parameter Many chapters include a Quick Steps section which is a procedure covering the basic steps required to get a software feature up and running In Depth Information All chapters include overview...

Page 26: ...n the switch directory structure basic file and directory utilities switch access security SNMP and web based management It is recommended that you read this guide before connecting your switch to the...

Page 27: ...es procedures for readying an individual switch for integration into a network Topics include the software directory architecture image rollback protections authenticated switch access managing switch...

Page 28: ...hat you are using Acrobat Reader with the global search option look for the following button in the toolbar Note When printing pages from the documentation PDFs de select Fit to Page if it is selected...

Page 29: ...sed in the configuration examples For more details about the syntax of commands see the OmniSwitch CLI Reference Guide Configuration procedures described in this chapter include Setting Trap Port Link...

Page 30: ...Ethernet 100 Mbps Gigabit Ethernet 1 Gb 1000 Mbps 2 Port Gigabit Uplink Modules OS6600 GNI C2 copper uplink module OS6600 GNI U2 fiber uplink module Switching Routing Support Layer 2 Switching Layer 3...

Page 31: ...e Speed interfaces speed Auto Duplex Mode interfaces duplex Auto copper ports Full fiber ports Interface Configuration interfaces admin Up Enabled Inter Frame Gap interfaces ifg 12 bytes Maximum Flood...

Page 32: ...to full duplex in order to set Flow Control described below 3 This step enables flow control for this port with the flow command If the data buffers on the switch are full flow control allows the swit...

Page 33: ...address 00 d0 95 12 ed 04 BandWidth Megabits 100 Duplex Full Long Accept Disable Runt Accept Disable Long Frame Size Bytes 1518 Runt Size Bytes 64 Input Bytes Received 0 Lost Frames 0 Unicast Frames 0...

Page 34: ...t Ethernet when the Gigabit Ethernet modules are installed For more information on Ethernet hardware configurations refer to the OmniSwitch 6600 Series Hardware Users Guide The OmniSwitch software sup...

Page 35: ...rnet when the Giga bit Ethernet modules are installed For more information on Ethernet hardware configurations refer to the OmniSwitch 6600 Series Hardware Users Guide 10 100 Crossover Supported By de...

Page 36: ...ort link enable To enable trap port link messages on a single port enter trap followed by the slot number a slash the port number and port link enable For example to enable trap port link messages on...

Page 37: ...to enable flow control on port 3 on slot 2 enter flow 2 3 To enable flow control on a range of ports enter flow followed by the slot number a slash the first port number a hyphen and the last port num...

Page 38: ...wait time for an entire switch slot enter flow followed by the slot number wait and the desired wait time in microseconds For example to configure a flow control wait time of 96 microseconds on slot...

Page 39: ...slot 2 port 3 and document the interface type as Fast Ethernet enter flow fastethernet 2 3 no wait Setting Interface Line Speed The interfaces speed command is used to set the line speed on a specific...

Page 40: ...ure the duplex mode on an entire slot enter interfaces followed by the slot number duplex and the desired duplex setting auto full or half For example to set the duplex mode on slot 2 to full enter in...

Page 41: ...ic port a range of ports or all ports on a switch slot Values for this command range from 9 to 12 bytes Note This command is only valid on Gigabit ports Gigabit Ethernet is supported only on ports 49...

Page 42: ...terfaces 2 1 3 no l2 statistics As an option you can document the interface type by entering ethernet fastethernet or gigaethernet before the slot number For example to reset all Layer 2 statistics co...

Page 43: ...flood multicast For example to enable the maximum flood rate for multicast traffic on slot 2 enter interfaces 2 flood multicast As an option you can document the interface type by entering ethernet f...

Page 44: ...slot number a slash the port number alias and the text description which can be up to 40 charac ters long For example to configure an alias of ip_phone1 for port 3 on slot 2 enter interfaces 2 3 alias...

Page 45: ...and the remote link partner is forced to 10 half duplex This is due to the fact that when the local device is set to auto negotiating 10 100 full duplex it senses the remote device is not auto negotia...

Page 46: ...ngle port a range of ports or an entire NI use the interfaces flow command Please note that if auto negotiation is disabled then flow control will also be disabled To enable or disable flow control on...

Page 47: ...rfaces Displays general interface information such as hardware MAC address input and output errors show interfaces accounting Displays interface accounting information show interfaces counters Display...

Page 48: ...Verifying Ethernet Port Configuration Configuring Ethernet Ports page 1 20 OmniSwitch 6624 6648 Network Configuration Guide April 2004...

Page 49: ...so filtered to determine if the source and destination address are on the same LAN segment If the destination address is not found in the MAC address table then the packet is forwarded to all other sw...

Page 50: ...e Protocol Operation Interface 1 00 00 00 00 00 01 learned 0800 bridging 8 1 1 00 d0 95 6a 73 9a learned aaaa0003 bridging 10 23 Total number of Valid MAC addresses above 2 The show mac address table...

Page 51: ...ddress aging time for VLAN 200 to 1200 seconds the default is 300 seconds using the following command mac address table aging time 1200 vlan 200 Note Optional To verify the static MAC address configur...

Page 52: ...e Assigning a MAC address to the silent device s port creates a record in the MAC address table and ensures that packets destined for the silent device are forwarded out that port When defining a stat...

Page 53: ...dress status type permanent reset or learned is not specified then only permanent addresses are removed from the table The following example removes a MAC address entry with a reset status that is ass...

Page 54: ...eds 1200 seconds If a VLAN ID is not specified then the aging time value is applied to all VLANs configured on the switch When using the mac address table aging time command in a switch configuration...

Page 55: ...n example of the output for the show mac address table and show mac address table aging time commands is also given in Sample MAC Address Table Configuration on page 2 2 show mac address table Display...

Page 56: ...Displaying MAC Address Table Information Managing Source Learning page 2 8 OmniSwitch 6624 6648 Network Configuration Guide April 2004...

Page 57: ...ed traffic stopping all traffic on the port or only blocking traffic that violates LPS criteria In This Chapter This chapter describes how to configure LPS parameters through the Command Line Interfac...

Page 58: ...port 1 Maximum number of learned MAC addresses allowed per port 100 Maximum number of configurable MAC address ranges per LPS port 1 Maximum number of learned MAC addresses per OmniSwitch 6624 6648 ap...

Page 59: ...f learned MAC addresses allowed on the same ports to 25 using the following command port security 3 6 12 4 6 12 5 6 12 maximum 25 3 Configure the amount of time in which source learning is allowed on...

Page 60: ...d on the port A list of configured authorized source MAC addresses allowed on the port Additional LPS functionality allows the user to specify how the LPS port handles unauthorized traffic The followi...

Page 61: ...hen used as criteria for authorizing future traffic from this source MAC on that same port In other words learned authorized MAC addresses become configured criteria for an LPS port For example if the...

Page 62: ...the source learning MAC address table However when a MAC is authorized for learning on an LPS port an entry is made in the MAC address table in the same manner as if it was learned on a non LPS port s...

Page 63: ...igured and dynamic in the LPS table for the specified port For example no port security 5 10 Configuring a Source Learning Time Limit By default the source learning time limit is disabled Use the port...

Page 64: ...rned MAC address are allowed on this port If the maximum number of MAC addresses allowed is reached before the switch LPS time limit expires then all source learning of dynamic and configured MAC addr...

Page 65: ...multiple ports specify a range of ports or multiple slots For example port security 4 1 5 mac range low 00 20 da 00 00 10 high 00 20 da 00 00 50 port security 2 1 4 4 5 8 mac range low 00 20 d0 59 0c...

Page 66: ...s required to return the port back to normal operation To configure the security violation mode for an LPS port enter port security followed by the port s slot port designation then violation followed...

Page 67: ...ls about the syntax of commands see the OmniSwitch CLI Reference Guide Configuration procedures described in this chapter include Creating Modifying VLANs on page 4 5 Defining VLAN Port Assignments on...

Page 68: ...ase Maximum authenticated VLANs per stack 128 MAC Router Mode Supported Single CLI Command Prefix Recognition All VLAN management commands support prefix recognition See the Using the CLI chapter in t...

Page 69: ...AN 30 400 on off on off off NA on VLAN 400 1 Create VLAN 255 with a description e g Finance IP Network using the following command vlan 255 name Finance IP Network 2 Define an IP router port using the...

Page 70: ...ion in the current Spanning Tree algorithm Enabling or disabling classification of mobile port traffic by 802 1Q tagged VLAN ID Enabling or disabling VLAN authentication Defining VLAN IP router ports...

Page 71: ...active network device Non active port assign ments are allowed but do not change the VLAN s operational state Ports are either statically or dynamically assigned to VLANs When a port is assigned to a...

Page 72: ...switch ports to a VLAN Regardless of how a port is assigned to a VLAN once the assignment occurs a VLAN port association VPA is created and tracked by VLAN management software on each switch To view...

Page 73: ...h to allow dynamic VLAN port assignment requires the following steps 1 Use the vlan port mobile command to enable mobility on switch ports that will participate in dynamic VLAN assignment See Chapter...

Page 74: ...er only IP and IPX protocol rules support the dynamic assignment of one mobile port to multiple VLANs The following table provides a list of commands used to define the various types of VLAN rules For...

Page 75: ...ause the VLAN mobile tag classification attribute is disabled on VLAN 224 In essence the VLAN mobile tag attribute provides a dynamic 802 1Q tagging capability Mobile ports can now receive and process...

Page 76: ...VLAN 755 vlan 255 stp disable vlan 755 stp enable STP does not become operationally active on a VLAN unless the VLAN is operationally active which occurs when at least one active port is assigned to...

Page 77: ...er port e g 193 204 173 21 3 A subnet mask defaults to the IP address class 4 The router port forwarding status defaults to forwarding A forwarding router port sends IP frames to other subnets A route...

Page 78: ...40 0 0 1 If a change is made to any of the other parame ters and the Class C mask is not specified again in the command syntax the mask will revert back to the default Class A value of 255 0 0 0 For...

Page 79: ...base chassis MAC address for the switch As a result up to 4094 IP router port VLANs are supported per single switch or per stack of switches This also eliminates the need to allocate additional MAC a...

Page 80: ...agram shows the physical configuration of an example VLAN bridging domain VLAN Bridging Domain Physical Configuration In the above diagram VLAN 10 exists on all four switches and the connection ports...

Page 81: ...ugh they are physically connected to different stacks VLAN Bridging Domain Logical View Creating a VLAN bridging domain across multiple switches and or stacks of switches allows VLAN members to commun...

Page 82: ...Verifying the VLAN Configuration Configuring VLANs page 4 16 OmniSwitch 6624 6648 Network Configuration Guide April 2004...

Page 83: ...o the topology Supports two Spanning Tree operating modes flat single STP instance per switch and 1x1 single STP instance per VLAN Supports two Spanning Tree Algorithms 802 1D standard and 802 1w rapi...

Page 84: ...ch 6624 6648 Switch Management Guide for more information Parameter Description Command Default Spanning Tree operating mode bridge mode 1x1 a separate Spanning Tree instance for each VLAN BPDU switch...

Page 85: ...dentified STP calculates the best path that leads from each bridge back to the root and blocks any connections that would cause a network loop To determine the best path to the root STP uses the path...

Page 86: ...ost value to the root The root bridge does not have a root port Designated Port The designated bridge provides the LAN with the shortest path to the root The designated port connects the LAN to this b...

Page 87: ...D as the root bridge ID When a bridge receives BPDU on its root port that contains more attractive information higher prior ity parameters and or lower path costs it forwards this information on to ot...

Page 88: ...Examples The following diagram shows an example of a physical network topology that incorporates data path redundancy to ensure fault tolerance These redundant paths however create loops in the networ...

Page 89: ...e designated ports because Switch D is the root and each port connects to a LAN Ports 2 10 3 1 and 3 8 are the root ports for Switches A B and C respectively because they offer the shortest path towar...

Page 90: ...ere is one STP instance for the entire switch port states are determined across VLANs Multiple connections between switches are considered redundant paths even if they are configured in different VLAN...

Page 91: ...hes If a port in VLAN 10 and a port in VLAN 20 both connect to the same switch within their respective VLANs they are not considered redundant data paths and STP will not block one of them However if...

Page 92: ...lat STP mode When a switch is running in the 1x1 STP mode each VLAN is in essence a virtual STP bridge with its own STP instance and configurable parameters To change STP parameters while running in t...

Page 93: ...or an individual VLAN use the show spantree command For more information about this command see the OmniSwitch CLI Reference Guide Enabling Disabling the VLAN BPDU Switching Status By default BPDU ar...

Page 94: ...to 2 seconds If the switch is running in the flat Spanning Tree mode then a hello time value is defined for VLAN 1 Lowering the hello time interval improves the robustness of the Spanning Tree topolog...

Page 95: ...ay time propagated in a root bridge Configuration BPDU is the value used by all other bridges in the tree for their own forward delay time Therefore if this value is changed for the root bridge VLAN a...

Page 96: ...ally set Enabling Disabling STP on a Port By default STP is enabled on all ports If STP is disabled on a port the port is put in a forwarding state for the Spanning Tree instance For example if a port...

Page 97: ...e associated with the port If the switch is running in the flat Spanning Tree mode then the port priority applies across all VLANs associated with the port VLAN 1 is referenced as the port s VLAN even...

Page 98: ...s VLAN even if the port is associated with other VLANs To change the path cost for a port enter bridge followed by an existing VLAN ID or VLAN 1 if using a flat Spanning Tree instance then the port s...

Page 99: ...ually changed again or the port mode is changed to dynamic Ports operating in a manual mode state do not participate in the Spanning Tree Algorithm Dynamic mode indicates that the active Spanning Tree...

Page 100: ...port is at the edge of a bridged LAN does not receive BPDU and has only one MAC address learned Edge ports however will operationally revert to a point to point or a no point to point connection type...

Page 101: ...ection command only configures one port at a time Connection Type on Link Aggregate Ports Physical ports that belong to a link aggregate do not participate in the Spanning Tree Algorithm Instead the a...

Page 102: ...dministrative status for this VLAN was enabled by default when the VLAN was created VLAN 255 on each switch is configured to use the 802 1w rapid reconfiguration Spanning Tree Algorithm and Protocol P...

Page 103: ...an the same values for ports 2 10 and 3 1 The ports that provide the connection between Switch B and Switch C are in a discarding blocking state because this connection has a higher path cost than the...

Page 104: ...0 04 Designated Root 000A 00 d0 95 00 00 01 Cost to Root Bridge 4 Root Port Slot 3 Interface 8 Next Best Root Cost 0 Next Best Root Port None Hold Time 1 Topology Changes 3 Topology age 0 4 37 Current...

Page 105: ...ow For more information about the resulting displays from these commands see the OmniSwitch CLI Refer ence Guide An example of the output for the show spantree and show spantree ports commands is also...

Page 106: ...Verifying the Spanning Tree Configuration Configuring Spanning Tree Parameters page 5 24 OmniSwitch 6624 6648 Network Configuration Guide April 2004...

Page 107: ...Static Link Aggregation and Chapter 11 Configuring Dynamic Link Aggregation Dynamic assignment applies only to mobile ports When traffic is received on a mobile port the packets are classified using...

Page 108: ...if using IP and IPX protocol rules Maximum VLAN associations per mobile port using VLAN mobile tag classification 32768 Switch ports eligible for static VLAN assignment Non mobile fixed ports Mobile p...

Page 109: ...ile 3 4 5 4 Disable the default VLAN parameter for mobile ports 3 4 and 3 5 using the following command vlan port 3 4 5 default vlan disable With this parameter disabled VLAN 255 will not carry any tr...

Page 110: ...t VLAN See Chapter 10 Configuring Static Link Aggregation and Chapter 11 Configuring Dynamic Link Aggregation for more information When a port is statically assigned to a VLAN a VLAN port association...

Page 111: ...lan 802 1q command is still used to statically tag VLANs for the port see Chapter 9 Configuring 802 1Q for more information Consider the following when using VLAN mobile tag classification Using mobil...

Page 112: ...obile tagging enabled Since the work stations are sending tagged packets destined for the mobile tag enabled VLANs each port is assigned to the appropriate VLAN without user intervention As the diagra...

Page 113: ...age 6 7 Tagged Mobile Port Traffic Triggers Dynamic VLAN Assignment OmniSwitch 6648 OmniSwitch 6648 OmniSwitch 6648 OmniSwitch 6648 OmniSwitch Port 2 VLAN 2 VLAN 1 VLAN 4 IP Network 130 0 0 0 Default...

Page 114: ...til the port is dynamically assigned to another VLAN Use the vlan port default vlan command to prevent the default VLAN from carrying non matching traffic see Understanding Mobile Port Prop erties on...

Page 115: ...e diagram on page 6 10 shows Port 1 is assigned to VLAN 2 because the workstation is transmitting IP traffic on network 130 0 0 0 that matches the VLAN 2 network address rule Port 2 is assigned to VLA...

Page 116: ...on 4 Configure the method of traffic classification VLAN rules or tagged VLAN ID that will trigger dynamic assignment of a mobile port to the VLANs created in Step 3 See VLAN Rule Classification on pa...

Page 117: ...ports regardless of the QoS settings See Chapter 21 Configuring QoS for more information Use the show vlan port mobile command to display a list of ports that are mobile or are eligible to become mobi...

Page 118: ...t networks make sure that ignoring BPDU on a mobile port will not cause network loops to go undetected Connectivity problems could also result if a mobile BPDU port dynamically moves out of its config...

Page 119: ...matches VLAN criteria the port is assigned to that VLAN Secondary VLANs are any VLAN a port is subse quently assigned to that is not the configured default VLAN for that port A mobile port can obtain...

Page 120: ...OmniSwitch 6648 OmniSwitch 6648 OmniSwitch OmniSwitch 6648 OmniSwitch 6648 OmniSwitch 6648 If default VLAN is enabled Device traffic that does not match any VLAN rules is forwarded on the mobile port...

Page 121: ...eated from occasional network users e g laptop are not unnecessarily retained If restore default VLAN is disabled Why disable restore default VLAN VPAs are retained even when port traffic is idle for...

Page 122: ...or more mobile ports See Verifying VLAN Port Associations and Mobile Port Properties on page 6 19 for more information Enable Disable Default VLAN To enable or disable forwarding of mobile port traffi...

Page 123: ...ed all secondary VPAs for that port are automati cally dropped regardless of the restore default VLAN status for that port Switch ports are disabled when a device is disconnected from the port a confi...

Page 124: ...For example vlan port 3 1 802 1x enable vlan port 5 2 802 1x disable To enable or disable 802 1X on multiple ports specify a range of ports and or multiple slots vlan port 6 1 32 8 10 24 9 3 14 802 1...

Page 125: ...igned to the VLAN using the vlan port default command The VLAN is now the port s configured default VLAN qtagged The port was statically assigned to the VLAN using the vlan 802 1q com mand The VLAN is...

Page 126: ...display from this command see the OmniSwitch CLI Reference Guide Understanding show vlan port mobile Output The show vlan port mobile command provides information regarding a port s mobile status If...

Page 127: ...address or protocol type matches VLAN rule criteria In This Chapter This chapter contains information and procedures for defining VLAN rules through the Command Line Interface CLI CLI commands are us...

Page 128: ...P generic rule because only one is allowed per switch Switch ports eligible for VLAN rule classifi cation dynamic VLAN assignment Mobile 10 100 Ethernet and gigabit ports Switch ports not eligible for...

Page 129: ...rule for VLAN 255 that will capture mobile port DHCP traffic that contains a source MAC address that falls within the range specified by the rule For example vlan 255 dhcp mac 00 DA 95 00 59 10 00 DA...

Page 130: ...AN even if the port receives traffic that matches other rules VLAN Rule Types There are several types of configurable VLAN rules available for classifying different types of network device traffic The...

Page 131: ...show vlan port command output however will contain an entry for the temporary VLAN port asso ciation that occurs during this process Once a device connected to a mobile port receives an IP address fr...

Page 132: ...les determine VLAN assignment based on a device s source MAC address This is the simplest type of rule and provides the maximum degree of control and security Members of the VLAN will consist of devic...

Page 133: ...rt is assigned to the VLAN only for the purpose of forwarding broadcast types of VLAN traf fic to a device connected to that same port Port rules are mostly used for silent devices such as printers th...

Page 134: ...evel of precedence When a frame is received on a mobile port switch software starts with rule one in the rule precedence table and progresses down the list until there is a successful match between ru...

Page 135: ...e contains a matching source MAC address source port and source IP subnet address Frame only contains a matching source MAC address port and IP address do not match Frame only contains a matching IP a...

Page 136: ...ned to the rule s VLAN 10 Port IP Address Binding Frame contains a matching source port and source IP subnet address Frame only contains a matching source IP address port does not match Frame only con...

Page 137: ...s recommended however to use predefined rules such as MAC address network address and generic protocol rules whenever possible to ensure accurate results when capturing mobile port traffic When a VLAN...

Page 138: ...pecified when using the vlan dhcp mac command to create a DHCP MAC rule Therefore to specify multiple MAC addresses for the same VLAN create a DHCP MAC rule for each address If dealing with a large nu...

Page 139: ...addresses e g 01 00 00 c5 09 1a are ignored even if they fall within a specified MAC range and are not allowed as the low or high end boundary MAC If an attempt is made to use a multicast address for...

Page 140: ...fic IP network address MAC port IP address binding rule 2 The device must attach to a specific switch port and use a specific source MAC address and use a specific protocol MAC port Protocol binding r...

Page 141: ...a slot port designation and a protocol type For example the following commands define a MAC port protocol binding rule for VLAN 355 and VLAN 455 vlan 355 binding mac port protocol 00 00 da 59 0c 12 3...

Page 142: ...mmand defines a MAC IP binding rule for VLAN 1501 vlan 1501 binding mac ip 00 02 9a 3e f1 07 172 16 6 3 In this example frames received on any mobile port must contain a source MAC address of 00 02 9a...

Page 143: ...s capture frames that contain a source MAC address that matches the MAC address specified in the rule The mobile port that receives the matching traffic is dynamically assigned to the rule s VLAN Usin...

Page 144: ...d and the rule is not created Use the no form of the vlan mac range command to remove a MAC range rule Note that it is only neces sary to enter the low end MAC address to identify which rule to remove...

Page 145: ...ght hex digits If an address less than eight digits is entered the entry is prefixed with zeros to equal eight characters For example the following command results in an IPX network address rule for n...

Page 146: ...IP SNAP protocol type to qualify for dynamic assignment to VLAN 1503 The second command specifies that frames received on any mobile port must contain a DSAP SSAP protocol value of f0 f0 to qualify fo...

Page 147: ...traffic Port rules only apply to outgoing mobile port broadcast types of traffic and do not classify incoming traf fic In addition multiple VLANs can have the same port rule defined The advantage to...

Page 148: ...ned making it easy to duplicate for testing purposes The Test VLAN contains its own DHCP server and DHCP clients The clients gain membership to the VLAN through DHCP port rules The Production VLAN car...

Page 149: ...rver 2 Branch VLAN IP network address rule 10 13 0 0 External Router 1 Test VLAN Production VLAN Connects Test VLAN to Production VLAN External Router 2 Production VLAN Branch VLAN DHCP Relay provides...

Page 150: ...ort Rules DHCP Servers Both DHCP servers become members in their respective VLANs via IP subnet rules Routers Router 1 provides connectivity between the Test VLAN and the Production VLAN It does not h...

Page 151: ...ut VLAN rules configured on the switch use the show commands listed below For more information about the resulting display from this command see the OmniSwitch CLI Reference Guide An example of the ou...

Page 152: ...Verifying VLAN Rule Configuration Defining VLAN Rules page 7 26 OmniSwitch 6624 6648 Network Configuration Guide April 2004...

Page 153: ...r In This Chapter This chapter describes the AMAP and GMAP protocols and how to configure them through the Command Line Interface CLI CLI commands are used in the configuration examples for more detai...

Page 154: ...rotocols Maximum number of IP addresses propagated by AMAP 255 Parameter Description Command Default AMAP status amap Enabled Discovery time interval amap discovery time 30 seconds Common time interva...

Page 155: ...witches are on the Spanning Tree path OmniSwitch A and OmniSwitch C have AMAP enabled OmniSwitch B does not OmniSwitch A is adjacent to OmniSwitch C and vice versa If OmniSwitch B enables AMAP the adj...

Page 156: ...seconds by default To avoid synchronization with adjacent switches the common timeout interval is jittered randomly by plus or minus ten percent Ports wait for a Hello response using the discovery tim...

Page 157: ...ddition to disabling or enabling AMAP you can view a list of adjacent switches or configure the timeout intervals for Hello packet transmission and reception Enabling or Disabling AMAP To display whet...

Page 158: ...forms of the command with the desired value any value between 1 and 65535 Note that use of the time command keyword is optional For example amap common 600 amap common time 600 Displaying AMAP Inform...

Page 159: ...nterface 7 1 VLAN 1 Remote Interface 4 8 VLAN 455 Remote IP Address Configured 3 192 206 183 10 192 206 184 20 192 206 185 30 A visual illustration of these connections is shown here See the OmniSwitc...

Page 160: ...that are learned on leaf ports ports that are not running Spanning Tree It does not advertise MAC addresses for VLANs assigned by authentication or binding rule classification and it does not adverti...

Page 161: ...st tick To display the current gaptime interval enter the following command show gmap To change the gaptime interval use either of these forms of the command with the desired value any value between 1...

Page 162: ...with the desired value any value between 1 and 65535 Note that use of the time command keyword is optional For example gmap hold 500 gmap hold time 250 Displaying GMAP Statistics Use the show gmap co...

Page 163: ...mmands see 802 1Q Commands in the OmniSwitch CLI Reference Guide Configuration procedures described in this chapter include Setting up an 802 1Q VLAN for a specific port See Enabling Tagging on a Port...

Page 164: ...d Chapter 6 Assigning Ports to VLANs 802 1Q Defaults Table The following table shows the default settings of the configurable 802 1Q parameters 802 1Q Defaults IEEE Specification Draft Standard P802 1...

Page 165: ...ds an 802 1Q header to the packet Egress processing of packets is done by the switch hardware Packets have an 802 1Q tag which may be stripped off based on 802 1Q tagging stripping rules If a port is...

Page 166: ...ort associations For the purposes of Quality of Service QoS 802 1Q ports are always considered to be trusted ports For more information on QoS and trusted ports see Chapter 21 Configuring QoS Alcatel...

Page 167: ...t vlan 5 802 1q 3 4 Tagging would now be enabled on port 3 4 with a VID of 5 To add tagging to a port and label it with a text name you would enter the text identification following the slot and port...

Page 168: ...it with a text name enter the text identifica tion following the slot and port number or link aggregation group identification number For example to enable tagging on link aggregation group 8 with a...

Page 169: ...nd untagged traffic use the same command with the all keyword as shown vlan 802 1q 3 4 frame type all Note If you configure a port to accept only VLAN tagged frames then any frames received on this po...

Page 170: ...gation group to be a tagged port you can view the settings by using the show 802 1q command as demonstrated show 802 1q 3 4 Acceptable Frame Type Any Frame Type Force Tag Internal off Tagged VLANS Int...

Page 171: ...LAN 2 by entering vlan 2 as shown below VLAN 1 is the default VLAN for the switch vlan 2 2 Set port 1 1 as a tagged port and assign it to VLAN 2 by entering the following vlan 2 802 1q 1 1 3 Check the...

Page 172: ...ptable Frame Type tagged only Force Tag Internal on Tagged VLANS Internal Description 2 TAG PORT 2 1 VLAN 2 Connecting Stack 2 and Stack 3 Using 802 1Q The following steps apply to Stack 2 They will a...

Page 173: ...5 3 Create VLAN 3 by entering the following vlan 3 4 Configure 802 1Q tagging with a tagging ID of 3 on static link aggregation group 5 on VLAN 3 by entering the following vlan 3 802 1q 5 5 Check the...

Page 174: ...Verifying 802 1Q Configuration Configuring 802 1Q page 9 12 OmniSwitch 6624 6648 Network Configuration Guide April 2004...

Page 175: ...figuration Guide for information on configuring static link aggregation on OmniSwitch 7700 7800 and 8800 switches which use different procedures and have many different operating ranges In This Chapte...

Page 176: ...ggregation groups per OmniSwitch 6624 or 6600 U24 switch 4 Maximum number of link aggregation groups per OmniSwitch 6648 switch 8 Number of links per group supported on a single switch 2 4 or 8 Number...

Page 177: ...aggregation group on the local switch with the static agg agg num command For example static agg 1 1 agg num 1 static agg 1 2 agg num 1 static agg 1 3 agg num 1 static agg 1 4 agg num 1 3 Create a VL...

Page 178: ...4 Primary Port 1 1 You can also use the show linkagg port port command to display information on specific ports See Displaying Static Link Aggregation Configuration and Statistics on page 10 16 for mo...

Page 179: ...pes of link aggregation groups Static link aggregate groups Dynamic link aggregate groups This chapter describes static link aggregation also known as OmniChannel For information on dynamic link aggre...

Page 180: ...CLI to monitor static aggregate groups Relationship to Other Features Link aggregation groups are supported by other switch software features The following features have CLI commands or command param...

Page 181: ...rs on page 10 13 for more information Note See the Link Aggregation Commands chapter in the OmniSwitch CLI Reference Guide for complete documentation of CLI commands for link aggregation Configuring M...

Page 182: ...f physical links that you plan to use For example if you are planning to use 2 physical links you should create a group with a size of 2 and not 4 or 8 As an option you can also specify a name and or...

Page 183: ...o a static aggregate group you use the static agg agg num command by entering static agg followed by the slot number a slash the port number agg num and the number of the static aggregate group In add...

Page 184: ...17 24 10 100 CONSOLE 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 1 2 EXPANSION STACKING EXPANSION 25 26 27 28 TM OmniSwitch 6624 OK1 OK2 PS1 PS2 PRI SEC TEMP FAN LINK ACT LINK ACT LINK...

Page 185: ...49 50 51 52 TM OmniSwitch 6648 OK1 OK2 PS1 PS2 PRI SEC TEMP FAN 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 25 26 LINK ACT LINK ACT LINK ACT LINK ACT LINK ACT LINK ACT LINK ACT L...

Page 186: ...long to only one aggregate group In addition mobile ports cannot be aggregated See Chapter 6 Assigning Ports to VLANs for more information on mobile ports As an option you can use the ethernet fasteth...

Page 187: ...me for a static aggregate group the name must be specified within quotes e g Static Aggregate Group 4 Deleting a Static Aggregate Group Name To remove a name from a static aggregate group you use the...

Page 188: ...Switch B Sample Network Using Static Link Aggregation Follow the steps below to configure this network Note Only the steps to configure the local i e Switch A are provided here since the steps to con...

Page 189: ...6624 6648 Network Configuration Guide April 2004 page 10 15 5 Repeat steps 1 through 4 on Switch B All the commands would be the same except you would substi tute the appropriate port numbers Note Opt...

Page 190: ...D UP 2 2 2 Dynamic 40000002 4 ENABLED DOWN 0 0 3 Dynamic 40000003 8 ENABLED DOWN 0 2 4 Static 40000005 2 DISABLED DOWN 0 0 When you use the show linkagg command with the link aggregation group number...

Page 191: ...r information on configuring dynamic link aggregation on OmniSwitch 7700 7800 and 8800 switches which use different procedures and have many different operating ranges In This Chapter This chapter des...

Page 192: ...aracters Number of links per group supported on a single switch 2 4 or 8 Number of links per group supported in a stack 2 4 8 or 16 Group actor admin key 0 to 65535 Group actor system priority 0 to 65...

Page 193: ...stem ID lacp linkagg partner system id 00 00 00 00 00 00 Group Partner System Priority lacp linkagg partner system priority 0 Group Partner Administrative Key lacp linkagg partner admin key 0 Actor Po...

Page 194: ...lacp agg 1 3 actor admin key 2 lacp agg 1 4 actor admin key 2 lacp agg 1 5 actor admin key 2 lacp agg 1 6 actor admin key 2 lacp agg 1 7 actor admin key 2 lacp agg 1 8 actor admin key 2 3 Create a VL...

Page 195: ...0 1f cc 00 00 00 Actor System Id 00 20 da 81 d5 b0 Actor System Priority 0 Actor Admin Key 1 Actor Oper Key 0 Partner System Id 00 20 da 81 d5 b1 Partner System Priority 0 Partner Admin Key 2 Partner...

Page 196: ...e commands look like entered sequentially on the command line on the partner switch lacp linkagg 2 size 8 lacp agg 2 9 actor admin key 2 lacp agg 2 10 actor admin key 2 lacp agg 2 11 actor admin key 2...

Page 197: ...flows on the physical links Load balancing distributes traffic by using a hash coding of source and destination MAC addresses Ports must be the same speed within the same aggregate group Alcatel s lin...

Page 198: ...onfigure dynamic aggregate groups and see Displaying Dynamic Link Aggregation Configuration and Statistics on page 11 36 for information on using the CLI to moni tor dynamic aggregate groups Local Act...

Page 199: ...in addition to configuring it on individual ports The following features have CLI commands or command parameters that support link aggregation VLANs For more information on VLANs see Chapter 4 Configu...

Page 200: ...ge 11 3 please see Modifying Dynamic Link Aggregate Group Parameters on page 11 17 for more information Note See the Link Aggregation Commands chapter in the OmniSwitch CLI Reference Guide for complet...

Page 201: ...table below These parameters must be entered after size and the user specified number of links For example to create a dynamic aggregate group with aggregate number 3 consisting of two ports called ag...

Page 202: ...be aggregated enter lacp agg followed by the slot number a slash the port number actor admin key and the user specified actor administrative key which can range from 0 to 65535 In addition ports must...

Page 203: ...100 17 24 10 100 CONSOLE 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 1 2 EXPANSION STACKING EXPANSION 25 26 27 28 TM OmniSwitch 6624 OK1 OK2 PS1 PS2 PRI SEC TEMP FAN LINK ACT LINK ACT...

Page 204: ...ON 49 50 51 52 TM OmniSwitch 6648 OK1 OK2 PS1 PS2 PRI SEC TEMP FAN 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 25 26 LINK ACT LINK ACT LINK ACT LINK ACT LINK ACT LINK ACT LINK AC...

Page 205: ...ong to only one aggregate group In addition mobile ports cannot be aggregated See Chapter 6 Assigning Ports to VLANs for more information on mobile ports You must execute the lacp agg actor admin key...

Page 206: ...t modify a port s configuration See Chapter 1 Configuring Ethernet Ports for information on configuring Ethernet ports Removing Ports from a Dynamic Aggregate Group To remove a port from a dynamic agg...

Page 207: ...me see Modifying the Dynamic Aggregate Group Name on page 11 17 Group administrative state see Modifying the Dynamic Aggregate Group Administrative State on page 11 18 Group local actor switch actor a...

Page 208: ...namic Aggregate Group To enable the dynamic aggregate group administrative state enter lacp linkagg followed by the dynamic aggregate group number and admin state enable For example to enable dynamic...

Page 209: ...le to change the actor system priority of dynamic aggregate group 4 to 2000 you would enter lacp linkagg 4 actor system priority 2000 Restoring the Dynamic Aggregate Group Actor System Priority To res...

Page 210: ...u would enter lacp linkagg 4 partner admin key 10 Restoring the Dynamic Aggregate Group partner Administrative Key To remove a partner administrative key from a dynamic aggregate group s configuration...

Page 211: ...ID from the dynamic aggregate group s configura tion use the no form of the lacp linkagg partner system id command by entering lacp linkagg followed by the dynamic aggregate group number and no partn...

Page 212: ...o exchange LACPDU frames By default this bit is set timeout Specifies that bit 1 in LACPDU frames is set which indicates that a short timeout is used for LACPDU frames When this bit is disabled a long...

Page 213: ...aggregate to their default settings on dynamic aggregate actor port 2 in slot 5 you would enter lacp agg 5 2 actor admin state no active no aggregate Note Since individual bits with the LACPDU frame a...

Page 214: ...following subsections describe how to configure a user specified value and how to restore the value to its default value with the lacp agg actor system priority command Configuring an Actor Port Syst...

Page 215: ...ort 1 in slot 2 to 100 you would enter lacp agg 2 1 actor port priority 100 As an option you can use the ethernet fastethernet and gigaethernet keywords before the slot and port number to document the...

Page 216: ...or more information on mobile ports Modifying the Partner Port System Administrative State The system administrative state of a dynamic aggregate group partner i e remote switch port is indi cated by...

Page 217: ...words For example to restore bits 0 active and 2 aggregate to their default settings on dynamic aggregate partner port 1 in slot 7 you would enter lacp agg 7 1 partner admin state no active no aggrega...

Page 218: ...the administrative key of a dynamic aggregate group partner port 1 in slot 6 to 1000 enter lacp agg 6 1 partner admin key 1000 As an option you can use the ethernet fastethernet and gigaethernet keyw...

Page 219: ...acp agg the slot number a slash the port number and no partner admin system id For example to remove a user configured system ID from dynamic aggregate partner port 2 in slot 6 you would enter lacp ag...

Page 220: ...namic aggregate partner port 1 in slot 7 to 200 you would enter lacp agg 7 1 partner admin port 200 As an option you can use the ethernet fastethernet and gigaethernet keywords before the slot and por...

Page 221: ...tel CLI syntax For example to modify the port priority of dynamic aggregate partner port 3 in slot 4 to 100 and document that the port is a Fast Ethernet port you would enter lacp agg fastethernet 4...

Page 222: ...en configured on dynamic aggregate group 7 with 802 1Q tagging and 802 1p priority bit settings Sample Network Using Dynamic Link Aggregation The steps to configure VLAN 10 Spanning Tree example are d...

Page 223: ...g vlan 10 4 If the Spanning Tree Protocol STP has been disabled on this VLAN STP is enabled by default enable it on VLAN 10 by entering vlan 10 stp enable Note Optional Use the show spantree ports com...

Page 224: ...actor admin key 7 lacp agg 4 2 actor admin key 7 lacp agg 4 3 actor admin key 7 lacp agg 4 4 actor admin key 7 3 Create VLAN 12 by entering vlan 12 4 Configure 802 1Q tagging with a tagging ID i e VL...

Page 225: ...nfiguration Guide April 2004 page 11 35 10 Repeat steps 1 through 9 on Switch C All the commands would be the same except you would substi tute the appropriate port numbers Note If you do not use the...

Page 226: ...aggregate groups both dynamic and static you would enter show linkagg A screen similar to the following would be displayed Number Aggregate SNMP Id Size Admin State Oper State Att Sel Ports 1 Static...

Page 227: ...r Admin System Priority 20 Partner Oper System Priority 20 Partner Admin System Id 00 00 00 00 00 00 Partner Oper System Id 00 00 00 00 00 00 Partner Admin Key 8 Partner Oper Key 0 Attached Agg Id 0 A...

Page 228: ...Displaying Dynamic Link Aggregation Configuration and Statistics Configuring Dynamic Link Aggregation page 11 38 OmniSwitch 6624 6648 Network Configuration Guide April 2004...

Page 229: ...IP and how to configure it through the Command Line Interface CLI It includes instructions for enabling IP forwarding as well as basic IP configuration commands e g ip default ttl CLI commands are us...

Page 230: ...e network device Non active port assignments are allowed but do not change the VLAN s operational state To forward packets to a different VLAN on the switch you must create a router port on each VLAN...

Page 231: ...ted with several Layer 3 and Layer 4 protocols These protocols are built into the base code loaded on the switch A brief overview of supported IP protocols is included below Transport Protocols IP is...

Page 232: ...work using the CLI File Transfer Protocol FTP Enables the transfer of files between hosts This protocol is used to load new images onto the switch Additional IP Protocols There are several additional...

Page 233: ...ng an IP Router Port You must configure an IP router port on a VLAN for devices on that VLAN to communicate with devices on other VLANs You can only create one IP router port per VLAN VLAN router port...

Page 234: ...ay 171 11 2 1 When you create a static route the default metric value of 1 is used However you can change the priority of the route by increasing its metric value The lower the metric value the higher...

Page 235: ...main in the table until they time out You can set this timeout value and you can also manually add or delete permanent addresses to from the table Adding a Permanent Entry to the ARP Table As describe...

Page 236: ...ic entry from the table Clearing a Dynamic Entry from the ARP Table Dynamic entries can be cleared using the clear arp cache command This command clears all dynamic entries Permanent entries must be c...

Page 237: ...ter ID By default the primary address of the router is used as the router ID However if a primary address has not been configured the router ID is used by OSPF to identify the switch on the network Th...

Page 238: ...t issuing SYN ACK responses The half open TCP connections can exhaust TCP resources such that no other TCP connections are accepted Land Attack Spoofed packets are sent with the SYN flag set to a host...

Page 239: ...decay is set to 2 and the switch port scan penalty value threshold is set to 2000 In one minute 10 TCP closed port packets and 10 UDP closed port packets are received This would bring the total penalt...

Page 240: ...gned penalty the total penalty value for the switch is increased by the penalty value of the packet in question To assign a penalty value to TCP UDP packets bound for a closed port use the ip dos scan...

Page 241: ...penalty value cross the port scan penalty value threshold To enable SNMP trap generation enter the ip dos scan trap command as shown ip dos scan trap enable To disable DoS traps enter the same ip dos...

Page 242: ...sts ip service command options for specifying TCP UDP services and also includes the well known port number associated with each service service port ftp 21 ssh 22 telnet 23 http 80 secure http 443 av...

Page 243: ...ually means that a failure has occurred in the route lookup of the destination IP in the packet Host Unreachable Message Usually indicates delivery failure such as a unresolved client s hardware addre...

Page 244: ...unreachable 0 3 host unreachable 3 1 protocal unreachable 3 2 port unreachable 3 3 frag needed but DF bit set 3 4 source route failed 3 5 destination network unknown 3 6 destination host unknown 3 7...

Page 245: ...rk unreachable message enter the following icmp unreachable net unreachable enable See Chapter 22 IP Commands for specifics on the ICMP message commands Enabling All ICMP Types To enable all ICMP mess...

Page 246: ...e to set the Source Quench minimum packet gap to 100 microseconds enter the following icmp type 4 code 0 min pkt gap 100 Likewise to set the Timestamp Reply minimum packet gap to 100 microseconds ente...

Page 247: ...nds the program will wait for a response before timing out For example to send a ping with a count of 2 a size of 32 bytes an interval of 2 seconds and a timeout of 10 seconds you would enter ping 172...

Page 248: ...information about the displays that result from these commands see the OmniSwitch CLI Refer ence Guide show ip interface Displays the usability status of interfaces configured for IP show ip route Di...

Page 249: ...g RIP using optional RIP configuration parameters e g RIP send receive option RIP interface metric It also details RIP redistribution which allows a RIP network to exchange routing information with ne...

Page 250: ...0 RIP Interface Metric ip rip interface metric 1 RIP Interface Send Version ip rip interface send version v2 RIP Interface Receive Version ip rip interface recv version both RIP Host Route ip rip host...

Page 251: ...2 using the vlan port default command For example the following command assigns port 2 on slot 1 to VLAN 2 vlan 2 port default 1 2 5 Create an IP router port on VLAN 1 using the vlan router ip comman...

Page 252: ...en Shortest Path First OSPF An IGP that provides a routing function similar to RIP but uses different techniques to determine the best route for a datagram OSPF is part of Alcatel s optional Advanced...

Page 253: ...ackets their calculation of the network mask could possibly be wrong For this reason RIPv1 compatible RIPv2 packets cannot contain networks that would be misinterpreted by RIPv1 These networks must on...

Page 254: ...y IP forwarding is required you may not want to use RIP If you are not using RIP it is best not to load it to save switch resources Enabling RIP RIP is disabled by default Use the ip rip status comman...

Page 255: ...5 0 1 you would enter ip rip interface 171 15 0 1 status enable To disable a RIP interface use the disable keyword with the ip rip interface status command For exam ple to disable RIP routing on RIP i...

Page 256: ...routes generated by a switch by assigning a metric value to routes generated by that switch s RIP interface For example routes generated by a neighboring switch may have a hop count of 1 However you...

Page 257: ...not accept better routes from other gateways Use the ip rip force holddowntimer command to configure the interval during which a RIP route remains in a forced hold down state Enter the command and th...

Page 258: ...that defines the route types that will be redistributed into RIP Only the route types you configure will be redistributed into RIP When you configure a redistri bution policy RIP is automatically ena...

Page 259: ...edist ospf metric 2 The valid metric range is 0 to 15 default is 0 Note You must configure a redistribution policy before configuring a redistribution metric for that type See Configuring a RIP Redist...

Page 260: ...igured redistribution filters Note Local interfaces will not be added to the RIP routing table unless RIP redistribution is enabled and a filter is added for the local protocol Configuring a Redistrib...

Page 261: ...these routes separately or not using the ip rip redist filter redist control command Enter the command specify the route type to be redistributed enter the destination IP address mask then enter a ro...

Page 262: ...both switches on either end of a link must share the same password Use the ip rip interface auth type command to configure the authentication type Enter the IP address of the RIP interface then enter...

Page 263: ...ing For example to configure a password nms you would enter ip rip interface 172 22 2 115 auth key nms Verifying the RIP Configuration A summary of the show commands used for verifying the RIP configu...

Page 264: ...Verifying the RIP Configuration Configuring RIP page 13 16 OmniSwitch 6624 6648 Network Configuration Guide April 2004...

Page 265: ...rameters through the Command Line Interface CLI CLI commands are used in the configuration examples for more details about the syntax of commands see the OmniSwitch CLI Reference Guide The following p...

Page 266: ...aces router VLAN IP addresses ip router discovery interface Disabled Advertisement destination address for an active RDP interface ip router discovery interface advertise ment address All systems mult...

Page 267: ...command refer to the RDP Commands chapter in the OmniSwitch CLI Reference Guide 2 Create an RDP interface for a router IP address In this example the interface has an address of 172 17 6 2 ip router...

Page 268: ...Interface Yes IP Interface status Enabled RDP Interface Yes RDP Interface status Enabled VRRP Interface status Enabled VRRP masters 2 100 10 10 2 100 10 10 3 Advertisement address 224 0 0 1 Max Advert...

Page 269: ...ddresses In addition routers send advertisement messages when their RDP interface becomes active and then subsequently at random intervals When a host receives a router advertisement message it adds t...

Page 270: ...the same time It is important to note that advertisements are only transmitted on RDP interfaces if the following condi tions are met The RDP global status is enabled on the switch An IP interface exi...

Page 271: ...ng information through to the host from the router If the victim is a secure web server that uses SSL the attacker sitting in between the server and an end host could inter cept unencrypted traffic As...

Page 272: ...RDP interface for VLAN router IP 17 255 10 2 ip router discovery interface 17 255 10 2 enable The first time an RDP interface is enabled it is not necessary to enter enable as part of the command How...

Page 273: ...ount of time that RDP will observe before sending the next transmission Both of these values are referred to as the maximum advertisement interval and the minimum advertisement interval Note that when...

Page 274: ...command For example the following command sets this value to 3000 seconds for packets sent from the 17 255 10 2 router RDP interface ip router discovery interface 17 255 10 2 advertisement lifetime 30...

Page 275: ...example of the output for the show ip router discovery and show ip router discovery interface commands is also given in Quick Steps for Configuring RDP on page 14 3 show ip router discovery Displays...

Page 276: ...Verifying the RDP Configuration Configuring RDP page 14 12 OmniSwitch 6624 6648 Network Configuration Guide April 2004...

Page 277: ...to be forwarded across VLANs that have IP routing enabled In This Chapter This chapter describes the basic components of DHCP Relay and how to configure them CLI commands are used in the configuration...

Page 278: ...DHCP assigns a permanent IP address to a host Dynamic DHCP assigns an IP address to a host for a limited period of time or until the host explicitly relinquishes the address Manual The network admini...

Page 279: ...as IP address 128 100 16 1 use the following command ip helper address 128 100 16 1 2 Set the forward delay timer for the BOOTP DHCP relay To set the timer for a 15 second delay use the following comm...

Page 280: ...e 15 10 for more information An additional function provided by the DHCP Relay service enables automatic IP address configuration for default VLAN 1 when an unconfigured switch boots up If this functi...

Page 281: ...cket protocol type source IP address or if the packet is a DHCP request See Chapter 7 Defining VLAN Rules for more information DHCP Relay and Authentication Authentication clients may use DHCP to get...

Page 282: ...t to the outgoing router port attached to the OmniSwitch DHCP Clients are Members of the Same VLAN The external router inserts the subnet address of the first hop segment into the DHCP request frames...

Page 283: ...ame will simply be switched In this case the DHCP server and clients must be members of the same VLAN they could also all be members of the default VLAN One way to accomplish this is to use DHCP rules...

Page 284: ...or disabling the relay service You should configure DHCP Relay on switches where packets are routed between IP networks The following command defines a DHCP server address ip helper address 125 255 17...

Page 285: ...leted If an IP address is not specified with this syntax then all IP helper addresses are deleted The following command deletes an helper address for IP address 125 255 17 11 ip helper no address 125...

Page 286: ...ay time value is 1 to 65535 seconds Setting Maximum Hops This value specifies the maximum number of relays the BOOTP DHCP packet can go through until it reaches its server destination This limit keeps...

Page 287: ...acket contains a subnet mask for the IP address the mask is applied to the VLAN 1 router port address Otherwise a default mask is determined based upon the class of the IP address For example if the I...

Page 288: ...An example of the output for the show ip helper command is also given in Quick Steps for Setting Up DHCP Relay on page 15 3 show ip helper Displays the current forward delay time the maximum number o...

Page 289: ...ands see the OmniSwitch CLI Reference Guide This chapter provides an overview of VRRP and includes information about the following Virtual routers see Creating a Virtual Router on page 16 7 IP address...

Page 290: ...Redundancy Protocol Compatible with HSRP No Maximum number of virtual routers 7 Maximum number of IP addresses 1 for the IP address owner more than 1 address may be configured if the router is a back...

Page 291: ...oe 3 Configure an IP address for the virtual router vrrp 6 4 ip 10 10 2 3 4 Repeat steps 1 through 3 on all of the physical switches that will participate in backing up the address es associated with...

Page 292: ...nfigured with a virtual router VRID 1 which is associated with IP address A OmniSwitch A is the master router because it contains the physical interface to which IP address A is assigned OmniSwitch B...

Page 293: ...a set of associated IP addresses on the LAN On the OmniSwitch only one IP address is assigned to an interface but other VRRP routers may have multiple IP addresses per interface In addition the VRID m...

Page 294: ...rtisements sent by the master router any other packets originating from the master router and as the MAC address in ARP replies instead of a VRRP router s physical MAC address The address has the foll...

Page 295: ...and to check for conflicting parame ters For information about configuring VRRP parameters see the remaining sections of this chapter Basic Virtual Router Configuration At least two virtual routers mu...

Page 296: ...rd The vrrp command may also be used to specify whether the virtual router is enabled or disabled it is disabled by default However the virtual router must have an IP address assigned to it before it...

Page 297: ...y be modified The vrrp command is then used to set the advertising interval for virtual router 6 to 5 seconds Configuring Virtual Router Priority VRRP functions with one master virtual router and at l...

Page 298: ...uter if is available regardless of the preempt mode setting and the priority values of the backup routers To disable preemption for a virtual router use the vrrp command with the no preempt keywords F...

Page 299: ...icult for a VRRP packet to be sent from a remote network to disrupt VRRP operation To configure authentication for a virtual router use the authenticate keyword and the desired password with the vrrp...

Page 300: ...from the configuration The virtual router does not have to be disabled before you delete it Setting VRRP Traps A VRRP router has the capability to generate VRRP SNMP traps for events defined in the VR...

Page 301: ...outer 2 s IP address 10 10 2 245 The CLI commands used to configure this setup are as follows 1 First create two virtual routers for VLAN 5 Note that VLAN 5 must already be created and available on th...

Page 302: ...IP address A using the virtual router MAC address for VRID 1 00 00 5E 00 01 01 OmniSwitch 1 is the master for VRID 1 since it contains the physical interface to which 10 10 2 3 is assigned If OmniSwit...

Page 303: ...terface CLI to communicate with the servers to retrieve authentication information about users Configuration procedures described include Configuring an ACE Server This procedure is described in ACE S...

Page 304: ...ocol v3 Attribute Syntax Definitions RFC 2253 Lightweight Directory Access Protocol v3 UTF 8 String Representation of Distinguished Names RFC 2254 The String Representation of LDAP Search Filters RFC...

Page 305: ...ely LDAP Authentication Servers Defaults for the aaa ldap server command are as follows Description Keyword Default Number of retries on the server before the switch tries a backup server retransmit 3...

Page 306: ...Server name rad1 Server type RADIUS IP Address 1 10 10 2 1 IP Address 2 10 10 3 5 Retry number 3 Timeout in sec 2 Authentication port 1645 Accounting port 1646 Server name ldap2 Server type LDAP IP Ad...

Page 307: ...ve one backup host of the same type configured through the aaa radius server and aaa ldap server commands respectively In addition each authentication method Authenticated Switch Access Authenticated...

Page 308: ...p for authentication single authority mode uses a single list an authentication server and any backups to poll with authentication requests Multiple author ity mode uses multiple lists one list for ea...

Page 309: ...s are supported The RADIUS server contains a database of user names and passwords and may also contain challenges responses and other authentication criteria For more information about configuring 802...

Page 310: ...e server to the switch s network directory This file is required so that the switch will know the IP address of the ACE Server For information about loading files onto the switch see the OmniSwitch 66...

Page 311: ...hem Attribute 26 is for vendor specific information and is discussed in Vendor Specific Attributes for RADIUS on page 17 11 Attributes 40 59 are used for RADIUS accounting servers and are listed in RA...

Page 312: ...o the accounting server as part of the accounting request packet 26 Vendor Specific See Vendor Specific Attributes for RADIUS on page 17 11 27 Session Timeout Not supported 28 Idle Timeout Not support...

Page 313: ...nticated users on VLAN 23 may use Ethernet II or SNAP encapsulation Authenti cated users on VLAN 24 may use IPX with Ethernet II Num RADIUS VSA Type Description 1 Alcatel Auth Group integer The authen...

Page 314: ...e cumbersome because it requires using read and write bitmasks for command families on the switch 1 To display the functional bitmasks of the desired command families use the show aaa priv hexa comman...

Page 315: ...s Type Four values should be included in the dictionary file 1 acct start 2 acct stop 6 failure and 7 acct on Start and stop correspond to login logout The accounting on message is sent when the RADIU...

Page 316: ...IUS server enter the server name and the desired parameter to be modified aaa radius server rad1 key mozart If you are modifying the server and have just entered the aaa radius server command to creat...

Page 317: ...he Alcatel software CD to the configuration directory on the server Each server type has a command line tool or a GUI tool for importing LDIF files Database LDIF files may also be copied and used as t...

Page 318: ...zationalUnit ou organizational unit name list of optional attributes Below are definitions of some LDIF file entries Common Entries The most common LDIF entries describe people in companies and organi...

Page 319: ...anization Attributes required by a particular object class must also be defined Some commonly used attributes that comprise a DN include the following Country c State or Province st Locality l Organiz...

Page 320: ...po nent of the DN Retrieving Directory Search Results Results of directory searches are individually delivered to the LDAP client LDAP referrals to other serv ers are not returned to the LDAP client o...

Page 321: ...parsing the various components contained within the URLs to process the searches LDAP URLs can specify and implement complex or simple searches of a directory depending on what is submitted in the URL...

Page 322: ...n installing LDAP enabled directory servers refer to the vendor specific instructions attributes Attributes to be returned for entry search results All attributes are returned if search attributes are...

Page 323: ...iguring Functional Privileges on the Server Configuring the functional privileges attributes bop asa func priv read 1 bop asa func priv read 2 bop asa func priv write 1 bop asa func priv write 2 requi...

Page 324: ...83d021c07f1 ors40595 129 Note The bop shakey and bop md5key values must be recomputed and copied to the server any time a user s password is changed LDAP Accounting Attributes Logging and accounting f...

Page 325: ...s For Layer 2 Authentication Only Number of bytes received on the port during the client s session from log in to log out variable length digits Number of bytes sent on the port during the client s se...

Page 326: ...t Entries are associated with the switch the user is logged into Each dynamic entry contains information about the user s connection The related attribute in the server is bop loggedusers A specific o...

Page 327: ...e Creating an LDAP Authentication Server An example of creating an LDAP server aaa ldap server ldap2 host 10 10 3 4 dn cn manager password tpub base c us In this example the switch will be able to com...

Page 328: ...Hbase img file on the switch certs pem If the CA is not well known the CA s certificate must be transfered to the switch via FTP to the flash certified or flash working directory and should be named...

Page 329: ...r Configuration To display information about authentication servers use the following command An example of the output for this command is given in Quick Steps For Configuring Authentication Servers o...

Page 330: ...Verifying the Authentication Server Configuration Managing Authentication Servers page 17 28 OmniSwitch 6624 6648 Network Configuration Guide April 2004...

Page 331: ...manage the switch For more information about Authenti cated Switch Access see the Switch Security chapter in the OmniSwitch 6624 6648 Switch Manage ment Guide In This Chapter This chapter describes a...

Page 332: ...AP schema information are given in Chapter 17 Managing Authentication Servers RADIUS or LDAP client in the switch The switch must be set up to communicate with the RADIUS or LDAP server This chapter b...

Page 333: ...red on the switch as an authentication port This is the physical port through which authentication clients are attached to the switch See Config uring Authenticated Ports on page 18 28 DHCP Server A D...

Page 334: ...ee Setting Up the DHCP Server on page 18 29 5 Configure the authentication server authority mode See Configuring the Server Authority Mode on page 18 32 6 Specify accounting servers for authentication...

Page 335: ...DHCP server if users will be getting IP addresses from DHCP The IP helper address is the IP address of the DHCP server the AVLAN default DHCP address is the address of any router port configured on t...

Page 336: ...S or LDAP for authentication sessions aaa accounting vlan rad3 local Note Verify the authentication server configuration by entering the show aaa authentication vlan command or verify the accounting s...

Page 337: ...enti cating or after authentication in order to move into a different VLAN When multiple authenticated VLANs are configured after the client authenticates the client must issue a DHCP release renew re...

Page 338: ...l txt file is available in the flash switch directory when you install the Hsecu img file as described in the next section The file may be edited with any text editor and the format of the username an...

Page 339: ...t file is copied to the Mac desktop 3 Double click the javlanInstall sit file on the desktop 4 Double click on the application javlanInstall AppleScript inside the newly created directory The work sta...

Page 340: ...are using a self signed SSL certificate or the certificate provided by Alcatel wv cert pem see DNS Name and Web Browser Clients on page 18 11 To set up the Mac OSX 1 for authentication 1 In the browse...

Page 341: ...flash switch directory on the switch to the workstation 2 On the Mac workstation open a Terminal application at the root see the previous section for informa tion about enabling root access Enter the...

Page 342: ...Client as Primary Network Login on page 18 18 Configure the AV Client for DHCP optional See Configuring the AV Client Utility on page 18 18 Loading the Microsoft DLC Protocol Stack Windows 2000 and Wi...

Page 343: ...the Protocol network component 6 In the Select Network Protocol dialog box click on the Have Disk button 7 Specify the drive and path where the MSDLC32 EXE files you should have already extracted them...

Page 344: ...page 18 14 OmniSwitch 6624 6648 Network Configuration Guide April 2004 3 We recommend that you follow the instructions on the screen regarding closing all Windows programs before proceeding with the i...

Page 345: ...screen or you may click the Browse button to select a different directory Click on the Next button The software loads and the following window displays 5 This window gives you the option of restartin...

Page 346: ...wnload the AV Client from the Alcatel website onto the Windows desktop 2 Double click the AV Client icon The installation routine begins and the following window displays 3 We recommend that you follo...

Page 347: ...the Browse button to select a different directory Click on the Next button The software loads and the following window displays 5 This window recommends that you read a text file included with the cl...

Page 348: ...the correct path for your disk drive in the space provided and click OK You can also browse to the directory where the AV Client is installed and click OK Select Alcatel AVLAN Login Provider 4 Select...

Page 349: ...Select the AV Client tab 2 Click on the box next to Enable AV Client Service at Logon The check mark in the box will disap pear and the Apply button will activate 3 To apply the change click the Appl...

Page 350: ...h 6624 6648 Network Configuration Guide April 2004 Viewing AV Client Components The configuration utility includes a screen that lists each component version and build date for the AV Client To view t...

Page 351: ...er name is configured on the authentication server 3 Enter the password for this user in the Password field If the client is set up for basic dialog mode and the user enters the correct password the u...

Page 352: ...ocedure click the Logoff button The following screen indicates that the AV Client is sending a logoff request to the authentication server The next message on the screen indicates that the AV Client i...

Page 353: ...tion of disabling DHCP operations Delay for IP Address Request You can specify a delay between the moment the client workstation moves into an authentication VLAN and the moment a DHCP request is issu...

Page 354: ...he DHCP tab The following screen displays 2 Click the box next to Enable DHCP Operations Several options will activate in the utility window as shown in the following screen When you click on a box ne...

Page 355: ...k Configuration Guide April 2004 page 18 25 4 To apply the change click the Apply button When you click the OK button the screen will close and the change will take effect If you decide not to impleme...

Page 356: ...the user s MAC address is unknown enter the show avlan user command first Specify the VLAN ID or slot number to get information about a particular VLAN or slot only For example show avlan user 23 name...

Page 357: ...use the show aaa avlan auth ip command Setting Up the Default VLAN for Authentication Clients By default authentication users cannot traffic in the default VLAN prior to authentication however the swi...

Page 358: ...ticated VLANs use the avlan port bound command with the enable keyword avlan port bound enable This command allows some port binding rules MAC Port IP address MAC Port Port IP address and MAC Port Pro...

Page 359: ...aaa avlan dns name auth company When this command is configured a Web browser client may enter auth company in the browser command line to initiate the authentication process To remove a DNS path from...

Page 360: ...ation about authentication server authority modes see Configuring the Server Authority Mode on page 18 32 After authentication a client may be moved into a VLAN in which the client s current IP addres...

Page 361: ...the aaa avlan default dhcp command so that Telnet and Web browser clients can obtain IP addresses prior to authentication This gateway is a router port in any of the authenticated VLANs in the networ...

Page 362: ...ccount ing Servers on page 18 35 Configuring Single Mode This mode should be used when all authenticated VLANs on the switch are using a single authentication server with optional backups configured w...

Page 363: ...ch will use ldap1 to attempt to authenticate users If ldap1 becomes unavailable the switch will use backup server ldap2 Both servers contain user information including which VLANs users may be authent...

Page 364: ...he same server services more than one VLAN the same user ID and password may be used to authenticate into one of several VLANs depending on which VLAN the user selects at authentication Clients are on...

Page 365: ...7 Managing Authentication Servers Up to four account ing servers may be specified For example aaa accounting vlan rad1 ldap2 In this example a RADIUS server rad1 is used for all accounting of authenti...

Page 366: ...ee the OmniSwitch CLI Reference Guide show aaa authentication vlan Displays information about authenticated VLANs and the server config uration show aaa accounting vlan Displays information about acco...

Page 367: ...scribes 802 1X ports used for port based access control and how to configure them through the Command Line Interface CLI CLI commands are used in the configuration examples for more details about the...

Page 368: ...ork Access Control 802 1X RADIUS Usage Guidelines Description Keyword Default Port control in both directions or incoming only direction both in both Port control authorized on the port port control f...

Page 369: ...e shows the default for authenticating 802 1X ports through the aaa authentication 802 1x command Note By default accounting is disabled for 802 1X authentication sessions Description Keyword Default...

Page 370: ...must be configured with the vlan authentication command For information about configuring VLANs with authentication see Chapter 4 Configuring VLANs 3 Associate the RADIUS server or servers with authen...

Page 371: ...s authenticated through an 802 1X port the port is blocked The port will only accept 802 1X frames EAPoL frames When an 802 1X frame is received from a supplicant the switch sends an EAP packet to req...

Page 372: ...n the global 802 1X setting If the switch is set to open global all traffic is allowed on the port If the switch is set to open unique only traffic with the authenticated MAC address is allowed on the...

Page 373: ...o an authenticated VLAN if the RADIUS authentication server speci fies a VLAN for that user and the authenticated VLAN is set up on the switch through the vlan authentication command For information a...

Page 374: ...ly traffic coming from the authen ticated device s MAC address or it may be configured to allow any traffic through the port after authenti cation The keyword open unique indicates that only traffic f...

Page 375: ...he port is authenticated To configure the port authorization use the 802 1x command with the port control keyword and the force authorized force unauthorized or auto option 802 1x 3 1 port control for...

Page 376: ...s sent to the supplicant during an authentication attempt use the max req keyword with the 802 1x command For example 802 1x 3 1 max req 3 In this example the maximum number of requests that will be s...

Page 377: ...keyword local to specify that the Switch Logging function in the switch should be used to log 802 1X sessions RADIUS servers are configured with the aaa radius server command aaa accounting 802 1x ra...

Page 378: ...Verifying the 802 1X Port Configuration Configuring 802 1X page 19 12 OmniSwitch 6624 6648 Network Configuration Guide April 2004...

Page 379: ...switch When policies are created on the directory server through PolicyView the PolicyView application automatically configures the switch to communicate with the server This chapter includes informat...

Page 380: ...Servers RFCs Supported RFC 2251 Lightweight Directory Access Protocol v3 RFC 3060 Policy Core Information Model Version 1 Specification Maximum number of policy servers supported on the switch 4 Maxi...

Page 381: ...DAP server and QoS policies configured directly on the switch For more information about creating policies directly on the switch see Chapter 21 Configuring QoS Information about installing the LDAP p...

Page 382: ...from downloading policies to the switch By default policy servers are enabled to download policies To disable a server use the policy server command with the admin keyword and down option policy serve...

Page 383: ...een policy server 10 10 2 3 policy server 10 10 2 3 port number 5000 show policy server Server IP Address port enabled status primary 1 10 10 2 3 389 Yes Up X 2 10 10 2 3 5000 No Down To remove an ent...

Page 384: ...disable SSL use no ssl with the command policy server 10 10 2 3 no ssl SSL is disabled for the 10 10 2 3 policy server No additional policies may be saved to the directory server from the PolicyView...

Page 385: ...lied from PolicyView or vice versa it will activate all current configuration For more information about configuring policies through the CLI see Chapter 21 Configuring QoS Verifying the Policy Server...

Page 386: ...Verifying the Policy Server Configuration Managing Policy Servers page 20 8 OmniSwitch 6624 6648 Network Configuration Guide April 2004...

Page 387: ...sed for Layer 2 and Layer 3 4 filtering Since filtering is used in many different network situations ACLs are described in a separate chapter see Chapter 22 Configuring ACLs In This Chapter This chapt...

Page 388: ...802 1p rules 62 30 64 29 Maximum number of policy conditions 2048 Maximum number of policy actions 2048 Maximum number of policy services 256 Maximum number of groups network MAC service port 1024 Ma...

Page 389: ...ct to the WAN are not given more bandwidth bottlenecks may still occur Also adding enough bandwidth to compensate for peak load periods will mean that at times some bandwidth will be unused In additio...

Page 390: ...he PolicyView online help How Policies Are Used When a flow comes into the switch the QoS software in the switch checks to see if there are any policies with conditions that match the flow If there ar...

Page 391: ...or QoS settings may require that other switch features be configured in a particular way A summary of related features is given here Dynamic Link Aggregates Policies may be used to prioritize dynamic...

Page 392: ...Use the Condition Combination Table Each row represents items that may be combined any cavaets are listed in the Notes column For information about combining conditions with actions see Condition Acti...

Page 393: ...No additional action parameters are allowed Use the policy condition action combinations table as a guide when creating policy rules How to Use the Condition Action Combination Table Each row represe...

Page 394: ...dth bridging ToS or DSCP priority routing bridging when qos classifyl3 bridged is enabled 802 1p 802 1p bridging routing source slot port or port group source interface type disposition maximum bandwi...

Page 395: ...cs interval qos stats interval 60 seconds Global bridged disposition qos default bridged disposition accept Global routed disposition qos default routed disposition accept Global multicast disposition...

Page 396: ...bandwidth port bandwidth currently not supported Maximum signalled bandwidth via RSVP qos port maximum signal bandwidth port bandwidth currently not supported Maximum bandwidth qos port maximum bandw...

Page 397: ...ation about this command Other traffic Any traffic that does not match a policy is accepted or denied based on the global dispo sition setting on the switch The global disposition is by default accept...

Page 398: ...to change any of the global defaults See Global QoS Defaults on page 21 9 for a list of the global defaults See Configuring Global QoS Parameters on page 21 13 for information about configuring global...

Page 399: ...ons By default bridged routed and multicast flows that do not match any policies are accepted on the switch To change the global default disposition which determines whether the switch will accept den...

Page 400: ...may be logged includes rules Layer 2 and Layer 3 information etc For a detailed explanation about the types of informa tion that may be logged see the OmniSwitch CLI Reference Guide A brief summary o...

Page 401: ...e switch Forwarding Log Events to PolicyView In addition to managing policies created directly on the switch the switch manages policies downloaded from an external LDAP server These policies are crea...

Page 402: ...og lines qos log level and debug qos commands The log display may also be output to the console through the qos log console command or sent to the policy software in the switch which manages policies...

Page 403: ...a packet with a fragment offset of 1 will be dropped IP packets with a fragment offset of 1 are typically used for security attacks Enabling Disabling Fragment Classification To enable fragment class...

Page 404: ...os classifyl3 bridged is enabled all bridged IP packets will be dropped To configure the switch to classify bridged traffic as Layer 3 use the qos classifyl3 bridged command qos classifyl3 bridged To...

Page 405: ...al Settings To display information about the global configuration use the following show commands For more information about the syntax and displays of these commands see the OmniSwitch CLI Refer ence...

Page 406: ...as untrusted For more information about configuring 802 1Q for fixed ports see Chapter 9 Configuring 802 1Q Mobile ports are also always trusted however mobile ports may or may not accept Q tagged tr...

Page 407: ...that port 2 on slot 3 will be able to recognize 802 1p bits A policy condition Traffic is then created to classify traffic containing 802 1p bits set to 4 and destined for port 2 on slot 3 The policy...

Page 408: ...t used to classify traffic until the qos apply command is entered See Applying the Config uration on page 21 46 To view information about how the switch will classify particular condition parameters u...

Page 409: ...ntially on the command line is given here policy condition cond3 source ip 10 10 2 3 policy action action2 priority 7 policy rule my_rule condition cond3 action action2 qos apply ASCII File Only Synta...

Page 410: ...an create a separate condition for each address service or port use groups and attach the group to a single condition See Using Condition Groups in Policies on page 21 34 for more information about se...

Page 411: ...e or modify a policy action use the policy action command with the desired action parameter A policy action should specify the way traffic should be treated For example it might specify a priority for...

Page 412: ...t first be removed from the policy rule my_rule See Creating Policy Rules on page 21 26 for more information about setting up rules If a6 is not used by a policy rule it will be deleted after the next...

Page 413: ...Rules With Compatible Actions on page 21 28 and Layer 3 Rules With Conflicting Actions on page 21 28 for more information about precedence and Layer 3 flows Prece dence is particularly important for...

Page 414: ...wever the switch will apply only the rule with the highest precedence For example policy condition X source ip 10 10 2 3 policy action W 802 1p 5 policy action Z maximum bandwidth 10m policy rule Rule...

Page 415: ...ide and the OmniSwitch CLI Reference Guide For more information about applying rules see Applying the Configuration on page 21 46 Logging Rules Logging a rule may be useful for determining the source...

Page 416: ...be used to classify traffic until the next qos apply Only mac1 is actively being used on the switch to classify traffic show policy condition Displays information about all pending and applied policy...

Page 417: ...Yes No No No Yes 0 Cnd Act dmac1 pri2 In this example the rule my_rule does not display because it is inactive Rules are inactive if they are administratively disabled through the policy rule command...

Page 418: ...nter the command and the relevant keyword and value The switch will display information about the potential traffic and attempt to match it to a policy pending policies only For example show policy cl...

Page 419: ...0 82 5 Packet headers L2 Port 0 0 0 0 IfType any any MAC 000000 000000 000000 000000 VLAN 0 0 802 1p 0 L3 L4 IP 143 209 92 131 198 60 82 5 TOS DSCP 0 0 Using applied l3 policies Classify L3 Matches ru...

Page 420: ...conditions to reduce the number of rules required to filter particular types of traffic For more information about ACLs see Chapter 22 Configuring ACLs Sample Group Configuration 1 Create the group a...

Page 421: ...twork policy group use the policy network group command Specify the name of the group and the IP address es to be included in the group Each IP address should be separated by a space A mask may also b...

Page 422: ...licy Conditions on page 21 24 for more information about configuring policy conditions The network group will be deleted at the next qos apply Creating Services Policy services are made up of TCP or U...

Page 423: ...ion Service groups are described in Creating Service Groups on page 21 37 Note Service configuration is not active until the qos apply command is entered To remove a policy service enter the no form o...

Page 424: ...oup from the condition first then enter the no policy service group command For example policy condition c6 no service group no policy service group serv_group The policy condition command removes the...

Page 425: ...tions on page 21 24 for more information about configuring policy conditions The MAC group will be deleted at the next qos apply Creating Port Groups Port groups are made up of slot and port number co...

Page 426: ...er the ports in the port group is distributed over the active ports in a source port group This functionality is different from the OmniSwitch 7700 7800 8800 which allows each port in a port group the...

Page 427: ...this example each port will receive the maximum bandwidth because the ports in the destination port group are split over slots and or physical grouping If the ports in the destination port group howev...

Page 428: ...pending and applied policy network groups or a particular network group Use the applied keyword to dis play information about applied groups only show policy service Displays information about all pen...

Page 429: ...ps on page 21 44 policy map group tosGroup 1 2 5 4 5 5 6 7 2 Attach the map group to a policy action See Creating Policy Actions on page 21 25 for more infor mation about creating policy actions polic...

Page 430: ...same map group but instead specifies mapping 802 1p to ToS policy action Map2 map tos to 802 1p using Group2 In this case if ToS traffic comes into the switch and matches a policy that specifies the...

Page 431: ...all pending and applied map groups use the show policy map group command To display only information about applied map groups use the applied keyword with the command For more information about the o...

Page 432: ...ed The commands are listed in the following table Port and Policy Commands All port parameters and policy parameters must be applied with the qos apply command The pending configuration is useful for...

Page 433: ...ion In some cases you may want to remove all of your rules and start over again To completely erase pend ing policies from the configuration use the qos flush command For example qos flush If you then...

Page 434: ...splay information about applied rules only show policy network group Displays information about all pending and applied policy network groups or a particular network group Use the applied keyword to d...

Page 435: ...ring ACLs Policies may also be used for prioritizing traffic in dynamic link aggregation groups For more informa tion about dynamic link aggregates see Chapter 11 Configuring Dynamic Link Aggregation...

Page 436: ...ritization Example In this example IP traffic is routed from the 10 10 4 0 network through the OmniSwitch To create a policy rule to prioritize the traffic from Network 1 first create a condition for...

Page 437: ...sts pings use the debug qos internal command with the pingonly keyword debug qos internal pingonly The switch will now drop only ICMP echo requests This functionality is different from the OmniSwitch...

Page 438: ...be mapped to 802 1p values in a network called Network C A map group tosGroup is created with mapping values policy map group tos_group 1 4 4 5 7 7 policy condition SubnetA source ip 10 10 5 0 mask 25...

Page 439: ...layer Typically uses IP addresses or IP ports for filtering note that IPX filtering is not supported Multicast ACLs for filtering IGMP traffic In This Chapter This chapter describes ACLs and how to co...

Page 440: ...r Layer 3 rules with particular actions ACL Filter rules Priority rules Bandwidth ToS rules 802 1p rules 62 30 64 29 Maximum number of policy conditions 2048 Maximum number of policy actions 2048 Maxi...

Page 441: ...Optional Test the condition with the show policy classify command using information from the policy condition For example show policy classify l3 source ip 192 68 82 0 This command displays informatio...

Page 442: ...situations it is recommended that the global disposition be set to deny and that rules be created to allow certain types of traffic through the switch To set the global disposition to deny use the qo...

Page 443: ...gured first in the list will take precedence Note If you configure bridged traffic to be classified as Layer 3 through the qos classifyl3 bridged command Layer 2 ACL rules are effectively disabled for...

Page 444: ...rity and maximum bandwidth actions at the same time so both rules are used Note See Chapter 21 Configuring QoS for more information about valid condition action combina tions Example Layer 3 Rules Wit...

Page 445: ...dged frames For information about configuring the switch to classify Layer 3 information in bridged frames see Classifying Bridged Traffic as Layer 3 on page 21 18 Valid Combinations There are limitat...

Page 446: ...s on page 22 11 For a quick tutorial on how to configure ACLs see Quick Steps for Creating ACLs on page 22 3 Setting the Global Disposition By default flows that do not match any policies are accepted...

Page 447: ...ion command to deny or drop it will result in dropping all traffic from the switch that does not match any policy to accept traffic You must create policies one for source and one for destination to a...

Page 448: ...groups the policy condition specifies whether the condition group is a source or destination group If a network group was not used a separate condition would have to be created for each IP address Su...

Page 449: ...pt If you do not specify a disposition for the policy action the default accept will be used Creating Policy Rules for ACLs A policy rule is made up of a condition and an action For example to create...

Page 450: ...r MAC group VLAN Physical slot port or port group Interface type The switch classifies the MAC address as both source and destination The condition parameters in the policy rule must be all source par...

Page 451: ...ot match any accept policy The following example is included to show that you must configure two rules to allow Layer 2 flows in this atypical scenario To allow Layer 2 traffic into the switch two rul...

Page 452: ...llowing policy condition keywords are used for Layer 3 ACLs Layer 3 ACL Example 1 In this example the default routed disposition is accept the default Since the default is accept the qos default route...

Page 453: ...ery of IP multicast traffic by sending packets only to those stations that request it Potential multicast group members may be filtered out so that IPMS does not send multicast packets to those statio...

Page 454: ...s all policy rules configured on the switch show policy rule Policy From Prec Enab Inact Refl Log Save my_rule cli 0 Yes Yes No No Yes Cnd Act cond5 action2 my_rule5 cli 0 Yes No No No Yes Cnd Act con...

Page 455: ...abled on the switch use the show active policy rule command For example show active policy rule Policy From Prec Enab Inact Refl Log Save Matches my_rule5 cli 0 Yes No No No Yes 0 Cnd Act cond2 pri2 m...

Page 456: ...olicy condition outside_cond service traffic_in 3 Create a policy action outside_action to deny the traffic policy action outside_action disposition drop 4 Then combine the condition and the action in...

Page 457: ...ntly deliver traffic only to the respective ports This mechanism is often referred to as IGMP snooping or IGMP gleaning Alcatel s implementation of IGMP snooping is called IP Multicast Switching IPMS...

Page 458: ...294967295 seconds Membership Timeout 0 to 4294967295 seconds Neighbor Timeout 0 to 4294967295 seconds Querier Timeout 0 to 4294967295 seconds Querier Aging and Election Timeout 0 to 4294967295 seconds...

Page 459: ...that a multicast packet is received by the switch on the source or expected port Note Jumbo multicast packets are not supported The maximum MTU size supported by Alcatel s IPMS software is 1500 IPMS...

Page 460: ...iguring the IGMP version In IGMPv2 each membership report contains only one multicast group In IGMPv3 membership reports contain many multicast groups up to the Maximum Transmission Unit MTU size of t...

Page 461: ...ood rates set with the interfaces flood rate command high enough to accommodate both flood and IPMS traffic In addition a tutorial is provided in IPMS Application Example on page 23 13 that shows how...

Page 462: ...Neighbor IPMS static neighbor ports receive all multicast streams on the designated VLAN and also receive IGMP reports for the VLAN The following subsections describe how to configure and remove a sta...

Page 463: ...static querier followed by the VLAN number which must be between 0 and 4095 a space the slot number of the port a slash and the port number For example to configure port 4 in slot 10 with designated V...

Page 464: ...a space and the VLAN number which must be between 0 and 4095 For example to configure a static member with an IP address of 11 0 0 1 on port 10 in slot 3 with desig nated VLAN 3 you would enter ip mu...

Page 465: ...and or received The default IPMS leave timeout is 1 second The following subsections describe how to configure a user specified leave timeout value and how to restore it with the ip multicast leave t...

Page 466: ...e the no form of the ip multicast query interval command by entering ip multicast no query interval Modifying the Membership Timeout The default IPMS membership timeout i e the time the switch will wa...

Page 467: ...ut to its default i e 90 seconds value you use the no form of the ip multicast neighbor timeout command by entering ip multicast no neighbor timeout as shown below ip multicast no neighbor timeout Mod...

Page 468: ...to restore it with the ip multicast other querier timeout command Configuring the Querier Aging and Election Timeout You can modify the IPMS querier aging and election timeout from 0 to 4294967295 se...

Page 469: ...ds Follow the steps below to configure this network Note All the steps following Step 1 which must be executed first may be entered in any order 1 Enable IPMS switch wide by entering ip multicast swit...

Page 470: ...0 ip multicast leave timeout 120 As an option you can use the show ip multicast switching show ip multicast neighbors and show ip multicast queriers commands to confirm your settings as shown below sh...

Page 471: ...0 0 0 1 2 3 9 254 Note See the IP Multicast Switching Commands chapter in the OmniSwitch CLI Reference Guide for complete documentation on IPMS show commands show ip multicast switching Displays the c...

Page 472: ...Displaying IPMS Configurations and Statistics Configuring IP Multicast Switching page 23 16 OmniSwitch 6624 6648 Network Configuration Guide April 2004...

Page 473: ...MS if those limits are violated In This Chapter This chapter describes the port mirroring remote monitoring RMON probes and switch health features and how to configure them through the Command Line In...

Page 474: ...tch Health see Configuring Resource and Tempera ture Thresholds on page 24 25 Configuring Sampling Intervals see Configuring Sampling Intervals on page 24 27 Resetting Health Statistics see Resetting...

Page 475: ...ple a stack of 4 OmniSwitch 6648 can support 8 mirroring sessions Port Capacity Requirements Mirrored monitored and mirroring monitoring ports must be of identical capacity both ports support identica...

Page 476: ...belonging to a different VLAN For example port mirroring 6 source 2 3 destination 2 4 unblocked 7 2 Enable the port mirroring session port mirroring 6 enable Note Optional To verify the port mirrorin...

Page 477: ...MON Functionality Not Supported RMON 10 group RMON2 Host group HostTopN group Matrix group Filter group Packet Capture group An external RMON probe that includes RMON 10 group and RMON2 may be used wh...

Page 478: ...w Entry Slot Port Flavor Status Duration System Resources 4001 4 1 Ethernet Active 00 25 00 275 bytes 4008 4 8 Ethernet Active 00 25 00 275 bytes 4005 4 5 Ethernet Active 00 03 03 275 bytes 3 To view...

Page 479: ...g last hour Maximum utilization level during last hour Resource Utilization Raw Sample Values Saved for previous 60 seconds Resource Utilization Current Sample Values Stored Resource Utilization Maxim...

Page 480: ...PU Threshold 80 Temperature Threshold 50 2 Enter the appropriate command to change the desired health threshold or health sampling interval parameter settings or reset all health statistics for the sw...

Page 481: ...roring session is supported per OmniSwitch 6624 in a stack and up to two port mirroring sessions are supported per OmniSwitch 6648 in a stack When a port mirroring session is configured both the mirro...

Page 482: ...rored and mirroring ports Note that when port mirroring is enabled there may be some performance degradation since all frames received and transmitted by the mirrored port need to be copied and sent t...

Page 483: ...and Management frames to and from the mirroring and mirrored ports Frames received from an RMON probe attached to the mirroring port can be seen as being received by the mirrored port These frames fro...

Page 484: ...hown in the following example port mirroring 6 source 2 3 destination 2 4 This command line specifies mirroring session 6 with the source mirrored port located in slot 2 port 3 and the destination mir...

Page 485: ...e source and destination slot ports optional unblocked VLAN ID number and enable as shown in the following example port mirroring 6 source 2 3 destination 2 4 unblocked 750 enable This command line sp...

Page 486: ...slot 2 port 3 and the mirroring port located in slot 6 port 4 The mirroring direction is unidirectional and inward bound port mirroring 6 source 2 3 destination 6 4 inport In this example the command...

Page 487: ...onal NONE OFF 9 2 1 2 11 inport 7 ON To display a specific session enter show port mirroring status followed by the port mirroring session ID number For example show port mirroring status 6 Session Mi...

Page 488: ...ON probe attached to the mirroring port can be seen as being received by the mirrored port These frames from the mirroring port are marked as if they are received on the mirrored port before being sen...

Page 489: ...s group includes port utilization and error statistics measured by the RMON probe for each monitored Ethernet interface on the switch Examples of these statistics include CRC Cyclic Redundancy Check a...

Page 490: ...The following command enables RMON Alarm probe number 11235 rmon probes alarm 11235 enable To enable or disable an entire group of RMON probes of a particular flavor type such as Ethernet Statistics...

Page 491: ...atistics probes enter show rmon probes stats A display showing all current statistics RMON probes should appear as shown in the following example Entry Slot Port Flavor Status Duration System Resource...

Page 492: ...the following sections Sample Display for Ethernet Statistics Probe The display shown here identifies RMON Probe 4005 s Owner description and interface location OmniSwitch Auto Probe on slot 4 port 5...

Page 493: ...n and interface location Analyzer t 128 251 18 166 on slot 1 port 35 as well as the probe s Alarm Rising Threshold and Alarm Falling Threshold maximum allowable values beyond which an alarm will be ge...

Page 494: ...linked to ether StatsCollisions 2008 Rising trap Rising Event an Alarm condition detected by the RMON probe in which a trap was generated based on a Rising Threshold Alarm with an elapsed time of 39 m...

Page 495: ...Output Memory and CPU Utilization Levels Module level and Port level Input Output Utilization Levels For each monitored resource the following variables are defined Most recent utilization level perc...

Page 496: ...ge CPU usage and chassis temperature See page 24 25 for more information show health threshold Displays current health threshold settings See page 24 26 for details health interval Configures sampling...

Page 497: ...uide Note When you specify a new value for a threshold limit the value is automatically applied across all levels of the switch switch module and port You cannot select differing values for each level...

Page 498: ...ow health threshold Rx Threshold 80 TxRx Threshold 80 Memory Threshold 80 CPU Threshold 80 Temperature Threshold 50 To display a specific health threshold enter the show health threshold command follo...

Page 499: ...lowed by the number of seconds For example to specify a sampling interval value of 6 seconds enter the following command health interval 6 Valid values for the seconds parameter include 1 2 3 4 5 6 10...

Page 500: ...own above the Device Resources field displays the device resources that are being measured for example Receive displays statistics for traffic received by the switch Transmit Receive displays statisti...

Page 501: ...r traffic received by the switch while Trans mit Receive displays statistics for traffic transmitted and received by the switch The Limit field displays currently configured resource threshold levels...

Page 502: ...Monitoring Switch Health Diagnosing Switch Problems page 24 30 OmniSwitch 6624 6648 Network Configuration Guide April 2004...

Page 503: ...in resolving configuration or authentication issues as well as general switch errors This chapter describes the switch logging feature how to configure it and display switch logging information throug...

Page 504: ...pported IDLE 255 DIAG 0 IPC DIAG 1 QDRIVER 2 QDISPATCHER 3 IPC LINK 4 NI SUPERVISION 5 INTERFACE 6 802 1Q 7 VLAN 8 GM 9 BRIDGE 10 STP 11 LINKAGG 12 QOS 13 RSVP 14 IP 15 IPMS 17 AMAP 18 GMAP 19 AAA 20...

Page 505: ...Switch Logging Defaults Parameter Description CLI Command Default Value Comments Enabling Disabling switch logging swlog Enabled Switch logging severity level swlog appid level No application ID or se...

Page 506: ...is set to the warning level 3 Specify the output device to which the switch logging information will be sent swlog output console In this example the switch logging information will be sent to the co...

Page 507: ...the log file to other output devices such as the console or remote IP address In this case the log records generated are copied to all configured output devices Switch logging information can be disp...

Page 508: ...wlog appid level command is used to assign the severity levels to the applications The syntax for the swlog appid level command requires that you identify a switch application and assign it a severity...

Page 509: ...ULE 24 APPID_L3HRE EIPC 26 APPID_EIPC CHASSIS 64 APPID_CHASSISUPER PORT MGR 65 APPID_PORT_MANAGER CONFIG 66 APPID_CONFIGMANAGER CLI 67 APPID_CLI SNMP 68 APPID_SNMP_AGENT WEB 69 APPID_WEBMGT MIPGW 70 A...

Page 510: ...he warning severity level or 5 to the system application ID number 75 by using the severity level and application names swlog appid system level warning The following command makes the same assignment...

Page 511: ...e enter the following command swlog output console To disable the switch logging output to the console enter the following command no swlog output console No confirmation message will appear on the co...

Page 512: ...o your console screen by using the show swlog command The following information is displayed The enable disable status of switch logging A list of current output devices configured for switch logging...

Page 513: ...e ls command which is described in the OmniSwitch 6624 6648 Switch Management Guide to determine the amount of available flash memory For example to set the switch logging file to 500000 bytes enter s...

Page 514: ...12 42 11 2002 SYSTEM info Switch Logging files cleared by command MON NOV 11 13 07 26 2002 WEB info The HTTP session login successfu l MON NOV 11 13 18 24 2002 WEB info The HTTP session login success...

Page 515: ...echanism that can also be useful in maintain ing and servicing the switch For information about this feature see Chapter 25 Using Switch Logging The configuration snapshot command can be used to captu...

Page 516: ...shows Memory Monitoring default values Functionality Supported Fence Post Bad Address Detection Leak Monitoring Memory Classification Global Statistical Gathering Task Statistical Gathering Size Stati...

Page 517: ...malloc ssAppChild mip_msg_qu CliShell0 Vx C Sem 035fe590 28 0011f038 semCCreate zcSelect mip_msg_do The information displayed above includes the task that owns the memory block the type of memory blo...

Page 518: ...OmniSwitch CLI Reference Guide If a memory leak of unclassified memory is detected the service will generate a sysTrace System Trace message The system trace facility provides a consistent high level...

Page 519: ...xem SSYaccStac CliShell0 01e3d928 272 02b33a3c malloc SSYaccStac SSYaccPars CliShell0 024fdca8 4 02b33a3c malloc SSLexLexem SSYaccStac CliShell0 035fe3e0 56 02b33a3c malloc SSLexLexem SSYaccStac CliSh...

Page 520: ...lobal statistics a display similar to the following should appear debug memory monitor show log global Current 33741 Cumulative 687952 In the screen sample shown above the Current and Cumulative field...

Page 521: ...imer 214 214 tDrcIprm 1801287 1801315 DrcTm 479453 675448 WebView 53690 340083 Rmon 285084 334616 SlbCtrl 578 578 PolMgr 808 15704 Qos 47096 938852 UdpRly 8320 8348 Vrrp 622 1198 Ipx 29634 29634 ipmpm...

Page 522: ...M 612 12555 tCSCSMtask 586128 15256874 tSwLogTask 13519 In the screen sample shown above the Task Name field identifies the Task ID The Current and Cumulative fields display statistics indicating the...

Page 523: ...3 512 1024 26778 365552 1024 2048 24572 358630 2048 4096 49648 274071 4096 8192 50793 1534291 8192 16384 478292 673610 16384 32768 431784 1075783 32768 65536 850216 1588017 65536 5130020 25675316 In t...

Page 524: ...Configuring Debug Memory Commands Monitoring Memory page 26 10 OmniSwitch 6624 6648 Network Configuration Guide April 2004...

Page 525: ...Licensee s system Licensee agrees not to assign sublicense transfer pledge lease rent or share their rights under this License Agreement Licensee may retain the program media for backup purposes with...

Page 526: ...Y NOT APPLY TO LICENSEE THIS WARRANTY GIVES THE LICENSEE SPECIFIC LEGAL RIGHTS LICENSEE MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM STATE TO STATE 6 Limitation of Liability AII s cumulative liability t...

Page 527: ...enforcement of rights or subsequent actions in the event of future breaches 13 Notes to United States Government Users Software and documentation are provided with restricted rights Use duplication or...

Page 528: ...Redistributions must contain a verbatim copy of this document 4 The names and trademarks of the authors and copyright holders must not be used in advertising or otherwise to promote the sale use or ot...

Page 529: ...ights These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it For example if you distribute copies of such a program whether grati...

Page 530: ...e modified program normally reads commands interactively when run you must cause it when started running for such interactive use in the most ordinary way to print or display an announcement including...

Page 531: ...l compliance 5 You are not required to accept this License since you have not signed it However nothing else grants you permission to modify or distribute the Program or its derivative works These act...

Page 532: ...r published by the Free Software Foundation 10 If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different write to the author to ask for permi...

Page 533: ...ass Ave Cambridge MA 02139 USA Also add information on how to contact you by electronic and paper mail If the program is interactive make it output a short notice like this when it starts in an intera...

Page 534: ...ight notice and the entire permission notice in its entirety including the disclaimer of warranties 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions a...

Page 535: ...tware EMWEB PRODUCT licensed from Agranat Systems Inc Agranat Agranat has granted to AII certain warranties of performance which warran ties or portion thereof AII now extends to Licensee IN NO EVENT...

Page 536: ...ABILITY FOR ANY SPECIAL INDIRECT PUNITIVE INCIDENTAL AND CONSEQUENTIAL DAMAGES and iv any further distribution of the Run Time Module shall be subject to the same restric tions set forth herein With r...

Page 537: ...authentication 17 14 aaa vlan no command 18 26 Access Control Lists see ACLs accounting servers 18 35 ACE Server for authentication 17 8 ACLs application examples 22 3 22 18 bridged traffic 22 7 defau...

Page 538: ...router VRRP 16 6 binding VLAN rules 7 6 7 14 BPDU see Bridge Protocol Data Units bridge forward delay command 5 13 bridge hello time command 5 12 bridge max age command 5 13 bridge mode command 5 8 b...

Page 539: ...11 3 deleting groups 11 11 displaying 11 36 group actor administrative key 11 18 group actor system ID 11 19 group actor system priority 11 19 group administrative state 11 18 group names 11 17 group...

Page 540: ...penalty command 12 12 ip dos scan threshold command 12 13 ip dos scan trap command 12 13 ip dos scan udp open port penalty command 12 12 ip helper address command 15 8 18 30 ip helper avlan only comma...

Page 541: ...p agg partner admin state command 11 26 lacp agg partner admin system id command 11 28 lacp agg partner admin system priority command 11 29 lacp linkagg actor admin key command 11 18 lacp linkagg acto...

Page 542: ...0 policies configured via PolicyView 21 48 policy action 802 1p command 21 21 policy action command 21 20 21 22 policy action map command 21 43 policy actions see actions policy condition command 21 2...

Page 543: ...command 21 15 qos fragment timeout command 21 17 QoS log cleared 21 16 displayed 21 16 number of display lines 21 14 see also logged events qos log level command 21 15 qos port command 21 20 qos port...

Page 544: ...hreshold command 24 26 show icmp statistics command 12 18 show ip config command 12 9 12 10 show ip interface command 12 5 show ip rip command 13 6 show ip rip interface command 13 7 show ip rip redis...

Page 545: ...id level command 25 6 swlog clear command 25 11 swlog command 25 6 swlog output command 25 9 swlog output flash file size command 25 11 T TCN BPDU see Topology Change Notification BPDU TCP statistics...

Page 546: ...ddress 7 6 7 18 7 19 port 7 7 7 21 precedence 7 8 protocol 7 6 7 20 types 7 4 vlan stp command 4 10 vlan user command 7 21 VLANs 4 1 4 5 802 1Q 9 3 administrative status 4 6 application examples 4 3 4...

Search results

Summary of Contents for OmniSwitch 6624

Reviews:

Brands by name

Popular brands

Alcatel OmniSwitch 6624, Network Configuration Manual

Search results

Summary of Contents for OmniSwitch 6624

Reviews:

Brands by name

Popular brands