Home
/
Brocade Communications Systems
/
FastIron
/
Administration Manual

Brocade Communications Systems FastIron, Administration Manual, Page: 387 / 388

Share

372 pages before
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388

Page: 387 / 388

Brocade Communications Systems FastIron Administration Manual Download Page 387

Joint Interoperability Test Command

●

JITC overview............................................................................................................... 387

JITC overview

The Joint Interoperability Test Command (JITC) mode on a FastIron device is compliant with the
standards established by JITC, a United States military organization that tests technology pertaining to
multiple branches of the armed services and the government.

The JITC mode implemented on a FastIron device enforces default behavior for some features to
ensure strict JITC certification compliance.

AES-CTR encryption mode support for SSH

The Advanced Encryption Standard - Cipher Block Chaining (AES-CBC) encryption mode for Secure
Shell (SSH) is vulnerable to certain plain-text attacks. The JITC mode uses AES-CTR (Counter)
encryption mode for SSH instead of AES-CBC mode for enhanced security.

In the JITC mode, by default, the AES-CBC encryption mode for SSH is disabled and the AES-CTR
(Counter) encryption mode is enabled. The

ip ssh encryption disable-aes-cbc

command that disables

the AES-CBC mode can be seen in the running configuration. The encryption algorithms such as
aes256-ctr, aes192-ctr, or aes128-ctr are enabled and the CBC mode ciphers are removed.

The AES-CBC mode can be re-enabled by issuing the

no ip ssh encryption disable-aes-cbc

command, which will bring back the pre-existing CBC ciphers (aes256-cbc, aes192-cbc, aes128-cbc,
and 3des-cbc) along with the CTR ciphers.

NOTE

The AES-CTR mode must be configured both on the client and server sides to establish an SSH
connection.

SHA1 authentication support for NTP

In the JITC mode, the symmetric key scheme supported for cryptographic authentication of messages
uses the SHA1 keyed hash algorithm instead of the MD5 authentication scheme. The MD5
authentication for Network Time Protocol (NTP) is disabled by default in the JITC mode and the

disable

authentication md5

command can be seen in the running configuration. Only the SHA1 authentication

scheme is available to define the authentication key for NTP in the JITC mode. SHA1 authentication
must be enabled manually using the

authentication-key key-id

command. In the JITC mode, only the

SHA1 option is available.

The MD5 authentication scheme can be re-enabled by issuing the

no disable authentication md5

command. By doing so, the default JITC mode behavior is overridden.

FastIron Ethernet Switch Administration Guide

387

53-1003625-01

«
...
385
386
387
388
»

Summary of Contents for FastIron

Page 1: ...53 1003625 01 31 March 2015 FastIron Ethernet Switch Administration Guide Supporting FastIron Software Release 08 0 30...

Page 2: ...r its use This informational document describes features that may not be currently available Contact a Brocade sales office for information on feature and product availability Export of technical data...

Page 3: ...management applications 22 Configuring a global management VRF 24 Displaying management VRF information 25 Basic Software Features 29 Basic system parameter configuration 29 Entering system administr...

Page 4: ...e Enter key after the message of the day banner 87 Setting a privileged EXEC CLI level banner 88 Displaying a console message when an incoming Telnet session is detected 88 Operations Administration a...

Page 5: ...nfiguration notes and feature limitations 125 Hitless reload or switchover requirements and limitations 126 What happens during a Hitless switchover or failover 126 Enabling hitless failover on the FS...

Page 6: ...views 154 SNMP version 3 traps 155 Defining an SNMP group and specifying which view is notified of traps 156 Defining the UDP port for SNMP v3 traps 156 Trap MIB changes 157 Specifying an IPv6 host a...

Page 7: ...MED configuration 196 Enabling LLDP MED 197 Enabling SNMP notifications and Syslog messagesfor LLDP MED topology changes 197 Changing the fast start repeat count 197 Defining a location id 198 Definin...

Page 8: ...version 5 245 sFlow support for IPv6 packets 246 sFlow configuration considerations 247 Configuring and enabling sFlow 249 Enabling sFlow forwarding 254 sFlow version 5 feature configuration 256 Confi...

Page 9: ...297 Brocade Syslog messages 297 Power over Ethernet 339 Power over Ethernet overview 339 Power over Ethernet terms used in this chapter 339 Methods for delivering Power over Ethernet 340 PoE autodisc...

Page 10: ...PoE ports 373 Decoupling of PoE and datalink operations on PoE LAG ports 373 Decoupling of PoE and datalink operations on regular PoE ports 374 40 Gbps Breakout Ports 377 Overview of 40 Gbps breakout...

Page 11: ...and operands Identifies the names of user manipulated GUI elements Identifies text to enter at the GUI italic text Identifies emphasis Identifies variables Identifies document titles Courier font Iden...

Page 12: ...backslash Notes cautions and warnings Notes cautions and warning statements may be used in this document They are listed in the order of increasing severity of potential hazards NOTE A Note provides a...

Page 13: ...tion on contacting the Technical Assistance Center go to http www brocade com services support index html If you have purchased Brocade product support directly from Brocade use one of the following m...

Page 14: ...oncern at Brocade and we have made every effort to ensure the accuracy and completeness of this document However if you find an error or an omission or you think that a topic needs further development...

Page 15: ...Series ICX 7450 Series ICX 7750 Series NOTE The Brocade ICX 6430 C switch supports the same feature set as the Brocade ICX 6430 switch unless otherwise noted NOTE The Brocade ICX 6450 C12 PD switch s...

Page 16: ...link operation health and improve fault isolation of Ethernet network to increase management capability Refer to IEEE 802 3ah EFM OAM on page 114 sFlow sample mode The sample mode can be changed to in...

Page 17: ...betical order and follow a standard format to present syntax parameters usage guidelines examples and command history NOTE Many commands from previous FastIron releases are also included in the comman...

Page 18: ...How command information is presented in this guide 18 FastIron Ethernet Switch Administration Guide 53 1003625 01...

Page 19: ...pply to management ports Only packets that are specifically addressed to the management port MAC address or the broadcast MAC address are processed by the Layer 2 switch or Layer 3 switch All other pa...

Page 20: ...ber of any configured trunks No port name IPG MII 0 bits time IPG GMII 0 bits time IP MTU 1500 bytes 300 second input rate 83728 bits sec 130 packets sec 0 01 utilization 300 second output rate 24 bit...

Page 21: ...o maintain multiple routing tables and forwarding tables on the same router A management VRF can be configured to control the flow of management traffic as described in this section NOTE For informati...

Page 22: ...bility check fails while either the management VRF or the source interface is being configured the following warning message is displayed However the configuration command is accepted The source inter...

Page 23: ...vrf command does not affect the existing SSH connections The changes are be applied only to new incoming connection requests Telnet client When the VRF name is specified in the telnet vrf command the...

Page 24: ...y for TFTP You cannot change in the management VRF configuration while TFTP is in progress NOTE The TFTP source interface configuration command ip tftp source interface must be compatible with the man...

Page 25: ...gement vrf If you try to delete a management VRF that was not configured the system displays the following error message device config no management vrf red Error VRF red is not the current management...

Page 26: ...nabled Telnet connections inbound 1 established client ip address 10 53 1 181 user is lab privilege super user using vrf default vrf 2 minutes 46 seconds in idle 2 established client ip address 10 20...

Page 27: ...plication Displays the management application names Rx Drop Pkts Displays the number of packets dropped in the inbound traffic Tx Drop Pkts Displays the number of packets dropped in the outbound traff...

Page 28: ...Displaying management VRF information 28 FastIron Ethernet Switch Administration Guide 53 1003625 01...

Page 29: ...NOTE Before assigning or modifying any router parameters you must assign the IP subnet interface addresses for each port NOTE For information about configuring IP addresses DNS resolver DHCP assist an...

Page 30: ...community strings refer to Security Access chapter in the FastIron Ethernet Switch Security Configuration Guide Specifying an SNMP trap receiver You can specify a trap receiver to ensure that all SNMP...

Page 31: ...host 10 2 2 2 0 FastIron 12 device config write memory The port value parameter allows you to specify which UDP port will be used by the trap receiver This parameter allows you to configure several tr...

Page 32: ...SNMP traps are enabled at system startup SNMP Layer 2 traps The following traps are generated on devices running Layer 2 software SNMP authentication keys Power supply failure Fan failure Cold start L...

Page 33: ...isabled The counters include traffic that is denied by ACLs or MAC address filters To enable SNMP to display VE statistics enter the enable snmp ve statistics command device config enable snmp ve stat...

Page 34: ...ector failed Dynamic Log Buffer 50 entries Oct 15 18 01 11 info dg logout from USER EXEC mode Oct 15 17 59 22 info dg logout from PRIVILEGE EXEC mode Oct 15 17 38 07 info dg login to PRIVILEGE EXEC mo...

Page 35: ...tes on a client server basis The current implementation runs NTP as a secondary server and or a NTP Client As a secondary server the device operates with one or more upstream servers and one or more d...

Page 36: ...NTP server and client can communicate using IPv4 or IPv6 address NTP implementation supports below association modes Client Server Symmetric active passive Broadcast server Broadcast client NTP suppor...

Page 37: ...The second reason for leap seconds is that the speed of the Earth s rotation is not constant It sometimes speeds up and sometimes slows down but when averaged over long intervals the trend indicates...

Page 38: ...SNTP configuration is already removed When the NTP server is enabled it will start listening on the NTP port for client requests and responds with the reference time Its stratum number will be the up...

Page 39: ...m number is configured Configuring multiple machines in the same network with the master command can cause instability in timekeeping if the machines do not agree on the time NTP Client An NTP client...

Page 40: ...red master command is not configured system clock is synchronized and the reference time is the NTP time If the local clock is not valid the system clock is not synchronized If the local clock is vali...

Page 41: ...s of associations poll based and broadcast based NTP poll based associations The following modes are the NTP polling based associations 1 Server mode 2 Client mode 3 Symmetric Active Passive The serve...

Page 42: ...rations involving potentially large client population Broadcast based NTP associations are also recommended for use on networks that have limited bandwidth system memory or CPU resources The devices o...

Page 43: ...in to configure NTP you must use the clock set command to set the time on your device to within 1000 seconds of the coordinated Universal Time UTC Disable SNTP by removing all the SNTP configurations...

Page 44: ...Enabling NTP authentication To enable Network Time Protocol NTP strict authentication use the authenticate command To disable the function use the no form of this command By default authentication is...

Page 45: ...ment for NTP To enable or disable the VLAN containment for NTP use the access control vlan command To remove the specified NTP VLAN configuration use the no form of this command NOTE The management in...

Page 46: ...figure the software clock to synchronize a peer or to be synchronized by a peer use the peer command A maximum of 8 NTP peers can be configured To disable this capability use the no form of this comma...

Page 47: ...ntp ve 100 Syntax no ntp interface management 1 ethernet port ve id The management 1 parameter is the management port 1 The ethernet port parameter specifies the ethernet port number Specify the port...

Page 48: ...80000000 03 21 29 3653007907 GMT 00 Thu Dec 01 2011 clock offset is 2 3307 msec root delay is 24 6646 msec root dispersion is 130 3376 msec peer dispersion is 84 3335 msec system poll interval is 64...

Page 49: ...h delay offset disp 172 19 69 1 172 24 114 33 3 25 64 3 2 89 0 234 39377 2001 235 234 INIT 16 64 0 0 00 0 000 15937 synced selected candidate outlayer x falseticker configured The following table prov...

Page 50: ...481 16 4453 18 4423 22 0025 filter disp 15 6660 0 0030 17 7730 17 7700 17 6670 17 6640 17 6610 16 6635 filter epoch 55824 56866 55686 55688 55690 55692 55694 55759 Use the show ntp associations detail...

Page 51: ...e server to which the peer is synchronized Time Last time stamp that the peer received from its master our mode This system s mode relative to peer active passive client server bdcast bdcast client pe...

Page 52: ...0 100 12 67 Brocade config ntp peer 10 100 12 83 NTP client mode configuration Sample CLI commands to configure the Brocade device in NTP client mode Brocade config ntp server 10 1 2 3 minpoll 5 maxpo...

Page 53: ...n describe how to configure the port parameters shown in Basic Software Features on page 29 All Brocade ports are pre configured with default values that allow the device to be fully operational at in...

Page 54: ...ice is not part of a stack the stack unit ID is 1 slot Specifies the slot number Can be 1 or 3 port Specifies the port number in the slot Range is from 1 to 24 24 port models or 1 to 48 48 port models...

Page 55: ...he port number in the slot Default stacking ports in slot 2 and slot 3 are ports 1 and 2 This example shows how to specify port 2 in slot 2 of unit 3 in a stack Brocade config interface ethernet 3 2 2...

Page 56: ...onfig interface ethernet 1 1 1 to 1 1 10 Brocade config mif 1 1 1 1 1 10 port name connected to the nearest device Syntax no port name text To remove the assigned port name use no form of the command...

Page 57: ...information The management option specifies the management port for which you want to display the interface information The slot option specifies all the ports in a slot for which you want to display...

Page 58: ...opper ports on devices that do not support 803 3u must be configured with like parameters such as speed 10 100 1000 duplex half full MDI MDIX and Flow Control Port speed and duplex mode configuration...

Page 59: ...s come up they may not receive any In or Out Errors When both local and remote partners have a force mode configuration such as 100 full half or 10 full half for example ICX6610 24F 1 1 1 local link 1...

Page 60: ...um port speed advertisement works only when auto negotiation is enabled CLI command speed duplex auto If auto negotiation is OFF the device will reject the maximum port speed advertisement configurati...

Page 61: ...itches stack unit slotnum portnum FSX 800 and FSX 1600 chassis devices slotnum portnum FESX compact switches portnum You can list all of the ports individually use the keyword to to specify ranges of...

Page 62: ...se the keyword in order to specify ranges of ports or a combination of both You can enable port speed down shift on one or two ports at a time 3 To disable port speed down shift enter the no form of t...

Page 63: ...ce mode configuration MDI and MDIX configuration Brocade devices support automatic Media Dependent Interface MDI and Media Dependent Interface Crossover MDIX detection on all Gbps Ethernet Copper port...

Page 64: ...ve v1 device config vif 1 disable Syntax disable To re enable a virtual interface enter the enable command at the Interface configuration level For example to re enable virtual interface v1 enter the...

Page 65: ...th or without flow control Flow control is enabled by default globally and on all full duplex ports You can disable and re enable flow control at the Global CONFIG level for all ports When flow contro...

Page 66: ...n Stackable device issuing the command for 10 100 1000M port 0 1 21 displays the following output device show interfaces ethernet 0 1 21 GigabitEthernet0 1 21 is up line protocol is up Port up for 30...

Page 67: ...will resemble one of the following depending on the configuration If flow control negotiation is enabled and a neighbor advertises Pause Not Capable the display shows Flow Control is config enabled op...

Page 68: ...nd XOFF default thresholds TABLE 8 Limit when Jumbo disabled of buffer limit Limit when Jumbo enabled of buffer limit 1G ports Total buffers 272 272 XOFF 240 91 216 82 XON 200 75 184 70 10G ports Tota...

Page 69: ...d 802 3x Pause frames whether or not symmetric flow control is enabled To enable symmetric flow control globally on all full duplex data ports of a standalone unit enter the symmetric flow control ena...

Page 70: ...enter a command such as the following device config symmetric flow control set 2 buffers 128 Total buffers modified 1G 320 10G 128 Syntax symmetric flow control set 1 2 buffers value symmetric flow c...

Page 71: ...command you use depends on the interface type on which IPG is being configured The default interpacket gap is 96 bits time which is 9 6 microseconds for 10 Mbps Ethernet 960 nanoseconds for 100 Mbps E...

Page 72: ...port 9 1 Syntax no ipg xgmii bit time Enter 96 192 for bit time The default is 96 bit time IPG on FastIron Stackable devices On FCX and ICX devices you can configure an IPG for each port An IPG is a...

Page 73: ...abled oper enabled negotiation disabled Mirror disabled Monitor disabled Not member of any active trunks Not member of any configured trunks No port name Inter Packet Gap IPG is 112 bit times IP MTU 1...

Page 74: ...and SFP transceivers on ICX devices refer to the Brocade Optics Family Datasheet on the Brocade website Enabling and disabling 100BaseFX on Chassis based and stackable devices NOTE The following proce...

Page 75: ...1 4 gig default auto gig This command overrides the global setting and sets the negotiation mode to auto Gbps for ports 1 4 Syntax gig default neg full auto auto gig neg off NOTE When Gbps negotiation...

Page 76: ...D For example if your VoIP phone queries for VLAN information only once upon boot up you must reboot the VoIP phone before it can accept the VLAN configuration If your phone is powered by a PoE device...

Page 77: ...e primary port flap dampening configuration regardless of any previous configuration The Brocade device counts the number of times a port link state toggles from up to down and not from down to up The...

Page 78: ...rror disable Port 2 1 is forced down by link error disable Use the show link error disable all command to display the ports with the port flap dampening feature enabled For FastIron Stackabledevices t...

Page 79: ...tEthernet15 is up line protocol is up Link Error Dampening is Enabled Port up for 6 seconds Hardware is GigabitEthernet address is 0000 0000 010e bia 0000 0000 010e Configured speed auto actual 1Gbit...

Page 80: ...where packets are echoed back to the input port In Strict Mode loop detection must be configured on the physical port In Loose Mode loop detection is configured on the VLAN of the receiving port Loose...

Page 81: ...in one VLAN and receive packets in another VLAN In this way loop detection running in Loose Mode disables both ingress and egress ports Enabling loop detection Use the loop detection command to enabl...

Page 82: ...cifying the recovery time interval on page 82 Syntax no errdisable recovery cause loop detection Use the no form of the command to disable this feature Specifying the recovery time interval The recove...

Page 83: ...ports 3 You can re enable err disable ports one by one by disable then enable under interface config re enable all by clear loop detect or configure errdisable recovery cause loop detection for autom...

Page 84: ...x actual fdx Member of 9 L2 VLANs port is tagged port state is FORWARDING BPDU guard is Disabled ROOT protect is Disabled Link Error Dampening is Disabled STP configured to ON priority is level0 Loop...

Page 85: ...ction shutdown disable command 3 Enter the loop detection shutdown disable command Brocade config interface ethe 1 7 Brocade config if e1000 1 7 loop detection shutdown disable Periodic log message ge...

Page 86: ...ed Brocade config banner motd Press Return Enter TEXT message End with the character Welcome to FESX A delimiting character is established on the first line of the banner motd command You begin and en...

Page 87: ...nly Username The user can then login to the device However if the requirement to press the Enter key is enabled the following messages are displayed when accessing the switch from Telnet Authorized Ac...

Page 88: ...re the Brocade device to display a message on the Console when a user establishes a Telnet session This message indicates where the user is connecting from and displays a configurable text message Bro...

Page 89: ...al USB Hotplug 136 Commands 137 OAM Overview For easy software image management all Brocade devices support the download and upload of software images between the flash modules on the devices and a Tr...

Page 90: ...c 1996 2012 Brocade Communications Systems Inc All rights reserved UNIT 1 compiled on Mar 2 2012 at 12 38 17 labeled as ICX64S07400 10360844 bytes from Primary ICX64S07400 bin SW Version 07 4 00T311 B...

Page 91: ...P ASIC 2 type C300 rev 00 subrev 00 SL 8 SX FI 48GPP 48 port Gig Copper PoE Serial BFVxxxxxxxx P ASIC 14 type C300 rev 00 subrev 00 SL 9 SX FIZMR6 0 port Management Serial Wxxxxxxxxx License SX_V6_HW...

Page 92: ...ash code version installed in the secondary flash area The Boot Monitor Image size line lists the boot code version installed in flash memory The device does not have separate primary and secondary fl...

Page 93: ...commands device verify md5 secondary 01c410d6d153189a4a5d36c955653861 device Done Size 2044830 MD5 01c410d6d153189a4a5d36c955653862 Verification FAILED In the previous example the codes did not match...

Page 94: ...r SWRxxxxx bin Layer 3 Flash timeout The operations that require access to the flash device are expected to be completed within the default flash timeout value of 12 minutes If the operations exceed t...

Page 95: ...entered at the CLI To display a list of files stored in flash memory do one of the following For devices other than FCX and ICX enter the dir command at the monitor mode To enter monitor mode from an...

Page 96: ...module 3 fcx xfp 2 port 10g module stack port 2 2 1 2 2 2 stack enable vlan 1 name DEFAULT VLAN by port no spanning tree metro rings 1 metro ring 1 master ring interfaces ethernet 1 1 2 ethernet 1 1...

Page 97: ...sr OV bin snmpset c rw community string brcd ip addr 1 3 6 1 4 1 1991 1 1 2 1 5 0 ipaddress tftp ip addr 1 3 6 1 4 1 1991 1 1 2 1 6 0 octetstringascii file name 1 3 6 1 4 1 1991 1 1 2 1 7 0 integer co...

Page 98: ...system tftp command is not supported in a stacking environment Displaying the boot preference Use the show boot preference command to display the boot sequence in the startup config and running confi...

Page 99: ...config or write terminal command at any CLI prompt Each device can have one startup configuration file and one running configuration file The startup configuration file is shared by both flash module...

Page 100: ...the IPv6 copy command on page 104 NOTE You can name the configuration file when you copy it to a TFTP server However when you copy a configuration file from the server to a Brocade device the file is...

Page 101: ...configuration file that you create must follow the same syntax rules as the startup config file the device creates The configuration file is a script containing CLI configuration commands The CLI reac...

Page 102: ...t 2 no spanning tree The CLI responds like this device config interface ethernet 2 Error cannot configure secondary ports of a trunk device config no spanning tree device config If the file contains c...

Page 103: ...sizes for startup config file and running config Each Brocade device has a maximum allowable size for the running config and the startup config file If you use TFTP to load additional information int...

Page 104: ...s the name of the file you want to copy to the IPv6 TFTP server The primary keyword specifies the primary boot image while the secondary keyword specifies the secondary boot image Copying a file from...

Page 105: ...ory Copying a file to the running or startup configuration For example to copy a configuration file from an IPv6 TFTP server to the running or startup configuration enter a command such as the followi...

Page 106: ...FC 2373 The source file name parameter specifies the name of the file you want to copy from flash memory Copying the running or startup configuration to an IPv6 TFTP server For example to copy a devic...

Page 107: ...tftp ipv6 address source file name running config startup config The tftp ipv6 address parameter specifies the address of the TFTP server You must specify this address in hexadecimal using 16 bit valu...

Page 108: ...r 21 Download a startup config file from a TFTP server to the flash memory of the Brocade device 22 Upload the running config from the flash memory of the Brocade device to the TFTP server 23 Download...

Page 109: ...to occur from the primary code flash module or the secondary code flash module The default is primary Reloading after a specific amount of time To schedule a system reload to occur after a specific am...

Page 110: ...device or TFTP server If you are copying an image file to flash first copy the other image to your TFTP server then delete it from flash Use the erase flash CLI command at the Privileged EXEC level to...

Page 111: ...2 3at PoE Plus controller type Each PoE firmware file delivered by Brocade is meant to be used on the specific platform only If the file is used on a platform for which it is not meant then this error...

Page 112: ...ing Configuration Guide The required parameter is the IP address or host name of the device The source ip addr specifies an IP address to be used as the origin of the ping packets The count num parame...

Page 113: ...shown in the display as Success rate is XX percent X Y The optional max print per sec number parameter specifies the maximum number of target responses the Brocade device can display per second while...

Page 114: ...t links in the first mile The OAM capabilities facilitate network operation and troubleshooting Basic 802 3 frames convey OAM data between two ends of the physical link EFM OAM is optional and can be...

Page 115: ...delivery In combination with the limited rate of 10 frames per second this information can be used to limit the bandwidth allocated to OAM traffic Timers Two configurable timers control the protocol o...

Page 116: ...mode Waits for the remote device to initiate the Discovery process Sends information PDUs May send event notification PDUs May respond to variable request PDUs May react to received loopback control...

Page 117: ...the errdisable recovery cause loam critical event command to enable automatic recovery of ports from error disabled state The ports will recover automatically from the error disabled state upon the e...

Page 118: ...lot port command to start or stop the remote loopback procedure on a remote device device config link oam remote loopback ethernet 2 1 1 start device config link oam remote loopback ethernet 2 1 1 sto...

Page 119: ...10 1 4 link oam mode active link status up oam status up Local information multiplexer action forward parse action forward stable satisfied state up loopback state disabled dying gasp false critical...

Page 120: ...s 0 dying gasp records 0 Rx statistics information OAMPDUs 377967 loopback control OAMPDUs 0 loopback control OAMPDUs dropped 0 variable request OAMPDUs 0 variable response OAMPDUs 0 unique event noti...

Page 121: ...ollowing sample output of the show link oam statistics detail ethernet command displays detailed OAM statistics on a specific Ethernet port device config show link oam statistics detail ethernet 1 1 3...

Page 122: ...availability feature set that ensures no loss of data traffic during the following events Management module failure or role change Software failure Addition or removal of modules Operating system upg...

Page 123: ...nt module Some advantages of a hitless switchover over a hitless software reload are A manual switchover is quicker since the standby module does not have to reboot Switched traffic through the Ethern...

Page 124: ...bers in hardware After the new active management module becomes operational new switched flows are learned and forwarded accordingly The Layer 2 control protocol states are not interrupted during the...

Page 125: ...with dynamic ACLs and VLANs IPv4 ACLs IPv6 ACLs DHCP snooping Dynamic ARP inspection EAP with RADIUS IP source guard Multi device port authentication including use with dynamic ACLs and VLANs Supporte...

Page 126: ...uration must not be classified as too large greater than 512KB A TFTP session must not be in progress An image sync session must not be in progress The current active management card cannot have a mem...

Page 127: ...PFv2 and OSPFv3 information is copied to the standby As baseline synchronization is performed the console of the active management module displays the progress of the synchronization ACTIVE Detected S...

Page 128: ...ync with an interface module information on the interface module can be overwritten in some cases which can cause an interruption of traffic forwarding How a Hitless switchover or failover impacts sys...

Page 129: ...fig enter y or n n Please save the running config and try switch over again Syntax switch over activerole If this command is entered when hitless failover is disabled the following message will appear...

Page 130: ...on fast reboot For a description of how this feature impacts major system functions refer to Supported protocols and services for hitless management events on page 123 You must have both active and st...

Page 131: ...he hitless reload command to perform the hitless upgrade you must first copy the software image that supports hitless software upgrade onto the flash memory of the active and standby management module...

Page 132: ...0 0 0 0 There is 0 current jumbo IPC session Possible errors recv msg no callback 2 last msg_type 20 from stack0 e1 9 Syntax show ipc device show ipc_stat Total available Hsync channel space 1048580...

Page 133: ...r Once this period elapses the route purging starts if by then all other protocols have finished non stop routing or graceful restart When switchover occurs the route purge timer starts If non stop ro...

Page 134: ...n mode using the vrf command 2 Configure route distinguisher using the rd command 3 Enter the IPv6 address family configuration mode using the address family ipv6 command 4 Configure the router purge...

Page 135: ...and 10G copper module ports On ICX 7250 devices EEE is supported on 1G copper ports You may notice port flap on the port when EEE is enabled EEE is not supported on 1G fiber ports ICX7450 48F 4x10F m...

Page 136: ...l USB and the internal flash External USB Hotplug considerations Only USB drives of up to 128 GB of any vendor type are supported USB 3 0 is not supported You can copy files of less than 2 GB only Mak...

Page 137: ...xternal USB drive to the system s startup configuration file Refer to the FastIron Command Reference Guide for details on using the External USB Hotplug commands Commands ip hitless route purge timer...

Page 138: ...ult is 45 seconds Modes Global configuration IPv6 address family configuration Usage Guidelines Under normal circumstances you may not need to change the value of the route purge timer If you anticipa...

Page 139: ...a static IPv6 route for a destination network with the prefix 2001 DB8 0 32 a next hop gateway with the global address 2001 DB8 0 ee44 1 and an administrative distance of 110 enter the following comma...

Page 140: ...port number associated with the interface If you specify a VE or tunnel interface also specify the VE or tunnel number You can also specify the next hop gateway as a tunnel interface If you specify a...

Page 141: ...router gateway for the route The next hop ip addr is the IPv6 address of the next hop router gateway for the route NOTE The vrf needs to be a valid VRF to be used in this command IPv6 over IPv4 tunne...

Page 142: ...nfig interface tunnel 1 device config tnif 1 tunnel source ethernet 1 3 1 device config tnif 1 tunnel destination 10 162 100 1 device config tnif 1 tunnel mode ipv6ip device config tnif 1 ipv6 enable...

Page 143: ...all IPv6 tunnels or for a specific tunnel interface For example to clear statistics for tunnel 1 enter the following command at the Privileged EXEC level or any of the Config levels of the CLI device...

Page 144: ...0 Tunnel mode ipv6ip No port name MTU 1480 bytes encapsulation IPV4 Syntax show interfacestunnel number The number parameter indicates the tunnel interface number for which you want to display informa...

Page 145: ...are enabled No Inbound Access List Set No Outbound Access List Set OSPF enabled The display command above reflects the following configuration device show running config interface tunnel 1 interface...

Page 146: ...Displaying interface level IPv6 settings 146 FastIron Ethernet Switch Administration Guide 53 1003625 01...

Page 147: ...el of defense when the packet arrives at a Brocade device The next level uses one of the following methods Community string match In SNMP versions 1 and 2 User based model in SNMP version 3 SNMP views...

Page 148: ...ge You can assign other SNMP community strings and indicate if the string is encrypted or clear By default the string is encrypted To add an encrypted community string enter commands such as the follo...

Page 149: ...tring rw To add a non encrypted community string you must explicitly specify that you do not want the software to encrypt the string Here is an example device config snmp server community 0 private rw...

Page 150: ...ble Link down Enable Authentication Enable Locked address violation Enable Power supply failure Enable Fan failure Enable Temperature warning Enable STP new root Enable STP topology change Enable ospf...

Page 151: ...d 4 Create user groups using the snmp server group command Refer to Defining an SNMP group on page 152 5 Create user accounts and associate these accounts to user groups using the snmp server user com...

Page 152: ...an SNMP user group enter a command such as the following device config snmp server group admin v3 auth read all write all Syntax no snmp server group groupname v1 v2c v3 auth noauth priv access stand...

Page 153: ...user Specifies one of the following encryption types used to encrypt the privacy password Data Encryption Standard DES A symmetric key algorithm that uses a 56 bit key Advanced Encryption Standard AES...

Page 154: ...curity reasons not the actual password The priv encrypted parameter is optional after you enter the md5 or sha password The priv parameter specifies the encryption type DES or AES used to encrypt the...

Page 155: ...arameter are included in the view or excluded from the view NOTE All MIB objects are automatically excluded from any view unless they are explicitly included therefore when creating views using the sn...

Page 156: ...standard ACL attached to the group The ipv6 ipv6 ACL name option configures IPv6 ACL for SNMP group and allows incoming SNMP packets to be filtered based on the IPv6 ACL attached to the group The rea...

Page 157: ...TIFICATION TYPE instead of TRAP TYPE As per the SMIv2 format each notification has an OID associated with it The root node of the notification is snTraps OID enterprise foundry 0 For example OID for s...

Page 158: ...server host ipv6 2001 DB8 89 13 Syntax snmp serverhost ipv6 ipv6 address The ipv6 address must be in hexadecimal format using 16 bit values between colons as documented in RFC 2373 Viewing IPv6 SNMP s...

Page 159: ...nter a command such as the following device show snmp group groupname exceptifgrp security model v3 security level authNoPriv ACL id 0 IPv6 ACL name ipv6acl readview exceptif writeview none Syntax sho...

Page 160: ...s the engine ID that needs to be used in the snmp server engineid command 1 3 6 1 6 3 15 1 1 1 0 Unsupported security level 1 3 6 1 6 3 15 1 1 2 0 Not in time packet 1 3 6 1 6 3 15 1 1 3 0 Unknown use...

Page 161: ...nfig snmp server group admin v3 priv read internet write internet device config snmp server group restricted v3 priv read internet device config snmp server user ops ops v3 encrypted auth md5 ab8e9cd6...

Page 162: ...Example 2 162 FastIron Ethernet Switch Administration Guide 53 1003625 01...

Page 163: ...C CC Other Brocade devices listening on that address receive the updates and can display the information in the updates Brocade devices can send and receive FDP updates on Ethernet interfaces FDP is d...

Page 164: ...lobal CONFIG level of the CLI device config fdp advertise ipv4 To configure a Layer 3 switch to advertise the IPv6 address enter the following command at the Interface level of the CLI device config i...

Page 165: ...p neighbor command device show fdp neighbor Capability Codes R Router T Trans Bridge B Source Route Bridge S Switch H Host I IGMP r Repeater indicates a CDP device Device ID Local Int Holdtm Capabilit...

Page 166: ...this line lists the VLAN memberships and other VLAN information for the neighbor port that sent the update to this device Entry address es The Layer 3 protocol addresses configured on the neighbor po...

Page 167: ...for Ethernet port 2 3 The port sends FDP updates every 5 seconds Neighbors that receive the updates can hold them for up to 180 seconds before discarding them Syntax show fdp interface ethernet port...

Page 168: ...version 1 and CDP version 2 packets NOTE The Brocade device can interpret only the information fields that are common to both CDP version 1 and CDP version 2 NOTE When you enable interception of CDP p...

Page 169: ...dress es IP address 10 95 6 143 Platform cisco RSP4 Capabilities Router Interface Eth 1 1 Port ID outgoing port FastEthernet5 0 0 Holdtime 150 seconds Version Cisco Internetwork Operating System Softw...

Page 170: ...FastEthernet5 0 0 Holdtime 156 seconds Version Cisco Internetwork Operating System Software IOS tm RSP Software RSP JSV M Version 12 0 5 T1 RELEASE SOFTWARE fc1 Copyright c 1986 1999 by cisco Systems...

Page 171: ...Foundry Discovery Protocol FDP and Cisco Discovery Protocol CDP Packets FastIron Ethernet Switch Administration Guide 171 53 1003625 01...

Page 172: ...Clearing CDP information 172 FastIron Ethernet Switch Administration Guide 53 1003625 01...

Page 173: ...ents frames or send LLDP advertisements only or receive LLDP advertisements only LLDP media endpoint devices LLDP MED The Layer 2 network discovery protocol extension described in the ANSI TIA 1057 st...

Page 174: ...LDP the advertisement is stored by the receiving device in a standard Management Information Base MIB accessible by a Network Management System NMS using a management protocol such as the Simple Netwo...

Page 175: ...ter or WLAN access point Network troubleshooting Information generated by LLDP can be used to detect speed and duplex mismatches Accurate topologies simplify troubleshooting within enterprise networks...

Page 176: ...or IP telephony Collects Endpoint inventory information Network troubleshooting Helps to detect improper network policy configuration LLDP MED class An LLDP MED class specifies an Endpoint type and it...

Page 177: ...ion from another LLDP agent nor can it acknowledge information received from another LLDP agent LLDP operating modes When LLDP is enabled on a global basis by default each port on the Brocade device w...

Page 178: ...nown as type length value TLV TLVs have Type Length and Value fields where Type identifies the kind of information being sent Length indicates the length in octets of the information string Value is t...

Page 179: ...frame size LLDP MED TLVs Brocade devices honor and send the following LLDP MED TLVs as defined in the TIA 1057 standard LLDP MED capabilities Network policy Location identification Extended power via...

Page 180: ...ay output on the Brocade device show lldp local info Chassis ID MAC address 0000 0033 e2c0 The chassis ID TLV is always the first TLV in the LLDPDU Port ID The Port ID identifies the port from which L...

Page 181: ...LLDP in its MIB The TTL value is automatically computed based on the LLDP configuration settings The TTL value will appear similar to the following on the remote device and in the CLI display output...

Page 182: ...h information related to topology changes These Syslog messages correspond to the lldpXMedTopologyChangeDetected SNMP notifications Refer to Enabling SNMP notifications and Syslog messagesfor LLDP MED...

Page 183: ...ically set to 2 seconds LLDP configuration notes and considerations LLDP is supported on Ethernet interfaces only If a port is 802 1X enabled the transmission and reception of LLDP packets will only t...

Page 184: ...ets or change the operating mode to one of the following Transmit LLDP information only Receive LLDP information only You can configure a different operating mode for each port on the Brocade device F...

Page 185: ...he transmit only mode you will configure the port to both transmit and receive LLDP packets NOTE LLDP MED is not enabled when you enable the receive only operating mode To enable LLDP MED you must con...

Page 186: ...ords to enable the LLDP processing on 802 1x blocked ports use the lldp pass through configuration command Enabling LLDP processing on 802 1x blocked port To enable the LLDP processing on all 802 1x b...

Page 187: ...is a number from 1 to 64 The default is number of LLDP neighbors per port is four Use the show lldp command to view the configuration Enabling LLDP SNMP notifications and Syslog messages SNMP notifica...

Page 188: ...an LLDP agent can send within a specified time frame When you enable LLDP the system automatically sets the LLDP transmit delay timer to two seconds If desired you can change the default behavior fro...

Page 189: ...automatically sets the holdtime multiplier for TTL to four If desired you can change the default behavior from four to a value between two and ten To compute the TTL value the system multiplies the L...

Page 190: ...ly advertised System name 802 1 capabilities VLAN name not automatically advertised Untagged VLAN ID 802 3 capabilities Link aggregation information MAC PHY configuration and status Maximum frame size...

Page 191: ...ed To advertise a IPv4 management address enter a command such as the following device config lldp advertise management address ipv4 10 157 2 1 ports e 1 4 The management address will appear similar t...

Page 192: ...l route only feature is turned on the bridge capability will not be included since no bridging takes place By default the system capabilities are automatically advertised when LLDP is enabled on a glo...

Page 193: ...de device show lldp local info System name FCX624SHPOE ADV Router Syntax no lldp advertise system name ports ethernet port list all 802 1 capabilities Except for the VLAN name the Brocade device will...

Page 194: ...DI information not automatically advertised Link aggregation TLV The link aggregation time length value TLV indicates the following Whether the link is capable of being aggregated Whether the link is...

Page 195: ...maximum 802 3 frame size capability of the port This value is expressed in octets and includes the four octet Frame Check Sequence FCS The default maximum frame size is 1522 The advertised value may c...

Page 196: ...llable Syntax no lldp advertise power via mdi ports ethernet port list all LLDP MED configuration This section provides the details for configuring LLDP MED The following table lists the global and in...

Page 197: ...responding Syslog messages are enabled as well When you enable LLDP MED SNMP notifications the device will send traps and Syslog messages when an LLDP MED Endpoint neighbor entry is added or removed S...

Page 198: ...ID formats are defined in the following sections Coordinate based location Coordinate based location is based on the IETF RFC 3825 6 standard which specifies a Dynamic Host Configuration Protocol DHCP...

Page 199: ...pecify one of the following wgs84 geographical 3D World Geodesic System 1984 CRS Code 4327 Prime Meridian Name Greenwich nad83 navd88 North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenw...

Page 200: ...he entry refers to Specify one of the following client dhcp server network element where dhcp server or network element should only be used if it is known that the Endpoint is in close physical proxim...

Page 201: ...County Japan City or rural area Korea County United States County 3 City township or shi JP Examples Canada City or town Germany City Japan Ward or village Korea City or village United States City or...

Page 202: ...house number Example A 1 2 21 Landmark or vanity address A string name for a location It conveys a common local designation of a structure a group of buildings or a place that helps to locate the plac...

Page 203: ...ame When the postal community name is defined the civic community name typically CA type 3 is replaced by this value Example Alviso 31 Post office box P O box When a P O box is defined the street addr...

Page 204: ...om the North America Numbering Plan format supplied to the Public Safety Answering Point PSAP for ECS purposes To configure an ECS based location for LLDP MED enter a command such as the following at...

Page 205: ...licy differs for tagged untagged and priority tagged traffic Refer to the appropriate syntax below For tagged traffic Syntax no lldp med network policy application application type taggedvlan vlan ID...

Page 206: ...hat the specified application type will use untagged indicates that the device is using an untagged frame format priority tagged indicates that the device uses priority tagged frames In this case the...

Page 207: ...ess power to the Endpoint while making more power available to other ports The LLDP MED Power via MDI TLV advertises an Endpoint IEEE 802 3af power related information including the following Power ty...

Page 208: ...at that instance is less than the advertised power draw For a PSE Network Connectivity device the power level represents the amount of power that is available on the port at the time If the PSE is op...

Page 209: ...start repeat count 3 LLDP maximum neighbors 392 LLDP maximum neighbors per port 4 Syntax show lldp The following table describes the information displayed by the show lldp statistics command Field Des...

Page 210: ...4 60963 121925 0 0 0 0 0 5 0 0 0 0 0 0 0 6 0 0 0 0 0 0 0 7 0 0 0 0 0 0 0 8 0 0 0 0 0 0 0 9 0 0 0 0 0 0 0 10 60974 0 0 0 0 0 0 11 0 0 0 0 0 0 0 12 0 0 0 0 0 0 0 13 0 0 0 0 0 0 0 14 0 0 0 0 0 0 0 Synta...

Page 211: ...ined by the system and can be viewed in the output of the show LLDP neighbors detail command or retrieved through SNMP Rx TLVs Discarded The number of TLVs the port received then discarded Neighbors A...

Page 212: ...report NOTE The show lldp neighbors detail output will vary depending on the data received Also values that are not recognized or do not have a recognizable format may be displayed in hexadecimal bin...

Page 213: ...details for all ports Displaying LLDP configuration details The show lldp local info command displays the local information advertisements TLVs that will be transmitted by the LLDP agent NOTE The sho...

Page 214: ...erica Pkwy CA Type 24 CA Value 95054 CA Type 27 CA Value 5 CA Type 28 CA Value 551 CA Type 29 CA Value office CA Type 23 CA Value John Doe MED Location ID Data Format ECS ELIN Value 1234567890 MED Ext...

Page 215: ...nformation after a port becomes disabled and the LLDP neighbor information ages out However if a port is disabled then re enabled before the neighbor information ages out the device will clear the cac...

Page 216: ...Clearing cached LLDP neighbor information 216 FastIron Ethernet Switch Administration Guide 53 1003625 01...

Page 217: ...L 2CX4 SX FI624100FX SX FI 24HF SX FI424C SX FI624C SX FI 24GPP SX FI424P SX FI624HF SX FI424F SX FI624P SX FI424HF SX FI62XG SX FI42XG Throughput is 100 percent when only SX third generation modules...

Page 218: ...such as the following at the Privileged EXEC level of the CLI device phy cable diagnostics tdr 1 1 1 The clear diag tdr command clears results of any previous TDR test from test registers for port 1 1...

Page 219: ...ed Syntax show cable diagnostics tdr stackid slot port In the output shown Local pair indicates the assignment of wire pairs from left to right where Pair A is the left most pair The following table s...

Page 220: ...n configure your Brocade device to monitor optical transceivers in the system either globally or by specified ports When this feature is enabled the system will monitor the temperature and signal powe...

Page 221: ...e same function That is they both disable digital optical monitoring Displaying information about installed media Use the show media show media slot and show media ethernet commands to obtain informat...

Page 222: ...e 100M M FX LR SFP Vendor Brocade Communications Inc Version A Part FTLF1323P1BTL FD Serial UD3085J Port 1 10 Type EMPTY Port 1 11 Type 100M M FX SR SFP Vendor Brocade Communications Inc Version A Par...

Page 223: ...c slot 4 Port Temperature Tx Power Rx Power Tx Bias Current 4 1 30 8242 C 001 8822 dBm 002 5908 dBm 41 790 mA Normal Normal Normal Normal 4 2 31 7070 C 001 4116 dBm 006 4092 dBm 41 976 mA Normal Norma...

Page 224: ...e Description Low Alarm Monitored level has dropped below the low alarm threshold set by the manufacturer of the optical transceiver Low Warn Monitored level has dropped below the low warn threshold s...

Page 225: ...that these values are set by the manufacturer of the optical transceiver and cannot be configured Syslog messages for optical transceivers The system generates Syslog messages for optical transceiver...

Page 226: ...es 10G SFPP TWX 0101 FCoE 1M Active Cable 58 1000026 01 No 10G SFPP TWX 0301 FCoE 3M Active Cable 58 1000027 01 No 10G SFPP TWX 0501 FCoE 5M Active Cable 58 1000023 01 No 10G SFPP ER 10GBase ER SFP 40...

Page 227: ...32 Label Type Brocade part number Supports Digital Optical Monitoring 40Ge LR4 40GE LR4 10km QSFP LC 57 1000263 01 Yes 40GE SR4 100m QSFP 57 1000128 1 Yes Hardware Component Monitoring FastIron Ether...

Page 228: ...FastIron Fiber optic Transceivers 228 FastIron Ethernet Switch Administration Guide 53 1003625 01...

Page 229: ...U Slot 9 SW Version 04 3 00b17T3e3 Copyright c 1996 2008 Brocade Communications Inc Inc Compiled on Sep 25 2008 at 04 09 20 labeled as SXR04300b17 4031365 bytes from Secondary sxr04300b17 bin BootROM...

Page 230: ...ize 1835008 Version 10 1 03T205 swz10103b003 HW Stackable ICX7750 26Q Internal USB Serial 40D41E003CF90029 Vendor UNIGEN Total size 1910 MB UNIT 1 SL 1 ICX7750 20QXG 20 port Management Module Serial C...

Page 231: ...r all the ports including management ports are cleared and the elapsed time is calculated and displayed for each of the interfaces When the management interface is cleared using the clear statistics m...

Page 232: ...utBroadcastPkts 3 InMulticastPkts 63180114 OutMulticastPkts 63428165 InUnicastPkts OutUnicastPkts InBadPkts InFragments InDiscards OutErrors CRC Collisions InErrors LateCollisions InGiantPkts 0 InShor...

Page 233: ...sent The count includes unicast multicast and broadcast packets InBroadcastPkts The total number of good broadcast packets received OutBroadcastPkts The total number of good broadcast packets sent In...

Page 234: ...o of errors to total traffic is acceptable for half duplex connections If the ratio of errors to input packets is greater than two or three percent performance degradation could be noticed In half dup...

Page 235: ...of bits received per second OutBitsPerSec The number of bits sent per second InPktsPerSec The number of packets received per second OutPktsPerSec The number of packets sent per second InUtilization Th...

Page 236: ...nter values command the counters are cleared reset to zero For each port region you can enable a maximum of two traffic counters regardless of whether traffic counters are enabled on individual ports...

Page 237: ...N ID for which outbound traffic will be counted Enter a number from 0 4095 or enter all to indicate all VLANs The priority queue parameter identifies the 802 1p priority queue for which traffic will b...

Page 238: ...ration A Layer 2 protocol e g spanning tree had the port in a Blocked state The source port was suppressed for multi target packets The priority queue specified in the traffic counter was not allowed...

Page 239: ...e ethernet port Specify the port variable in the format stack unit slotnum portnum Egress queue statistics TABLE 35 Parameter Description Queue counters The QoS traffic class Queued packets The number...

Page 240: ...icasts 0 output errors 0 collisions Relay Agent Information option Disabled Egress queues Queue counters Queued packets Dropped Packets 0 0 0 1 0 0 2 0 0 3 0 0 4 0 0 5 0 0 6 0 0 7 0 0 Clearing the egr...

Page 241: ...terface The interface group collects statistics on total traffic into and out of the agent interface No configuration is required to activate collection of statistics for the Layer 2 Switch or Layer 3...

Page 242: ...total number of good packets received that were directed to the broadcast address This number does not include multicast packets Multicast pkts The total number of good packets received that were dir...

Page 243: ...ot include framing bits but does include FCS octets NOTE 48GC modules do not support count information on jabbers and report 0 Collisions The best estimate of the total number of collisions on this Et...

Page 244: ...shown below device config rmon history 1 interface 1 buckets 10 interval 10 owner nyc02 Syntax rmon historyentry number interface port buckets number interval sampling interval owner text string You c...

Page 245: ...When sFlow is enabled on a Layer 2 or Layer 3 switch the system performs the following sFlow related tasks Samples traffic flows by copying packet header information Identifies ingress and egress int...

Page 246: ...6 packets exists only on devices running software that supports IPv6 The configuration procedures for this feature are the same as for IPv4 except where the collector is a link local address on a Laye...

Page 247: ...slight and noticeable increase of up to 20 in CPU utilization In typical scenarios this is normal behavior for sFlow and does not affect the functionality of other features on the switch sFlow and ag...

Page 248: ...4 and the sFlow source is configured for IPv4 address then an IPv4 address will be selected from the configured interface At any point of time only one source of the Ethernet VE or loopback interface...

Page 249: ...w and port monitoring together on the same port FastIron X Series devices support port monitoring and sFlow together on the same device The caveat is that these features cannot be configured together...

Page 250: ...ng an sFlow collector on IPv6 devices To specify an sFlow collector on an IPv6 device enter a command such as the following device config sflow destination ipv6 2001 DB8 0 0b 02a This command specifie...

Page 251: ...e mode command NOTE The sflow sample mode command is not supported on Brocade ICX 7750 Brocade ICX 7450 Brocade ICX 7250 Brocade ICX 6430 Brocade ICX 6650 and FSX 800 1600 devices Changing the samplin...

Page 252: ...ing factor for port 4 2 will be 1 meaning that every sample taken by the hardware will be exported while the subsampling factor for port 4 8 will be 4 meaning that one out of every four samples taken...

Page 253: ...pling rate This is useful in cases where ports have different bandwidths For example if you are using sFlow on 10 100 ports and Gbps Ethernet ports you might want to configure the Gbps ports to use a...

Page 254: ...ch sample will be taken The software rounds the value you enter up to the next odd power of 2 The actual sampling rate becomes one of the values listed in the section Changing the sampling rate NOTE C...

Page 255: ...rwarding enter the following command device config sflow enable You can now enable sFlow forwarding on individual ports as described in the next two sections Syntax no sflow enable Enabling sFlow forw...

Page 256: ...face ID for sampled broadcast and multicast packets For broadcast and multicast traffic the egress interface ID for sampled traffic is always 0x80000000 When broadcast and multicast packets are sample...

Page 257: ...ou can specify the maximum size of the flow sample sent to the sFlow collector If a packet is larger than the specified maximum size then only the contents of the packet up to the specified maximum nu...

Page 258: ...Brocade device to export data destined to the CPU to the sFlow collector enter the following command device config sflow export cpu traffic Syntax no sflow export cpu traffic By default this feature...

Page 259: ...e source destination IP and the same incoming outgoing port the VLAN field differs in the two samples A VLAN VE can only belong to one VRF The collector does not have any VRF knowledge but based on th...

Page 260: ...512 actual rate 512 Subsampling factor 1 Port 5 17 configured rate 1500 actual rate 2048 Subsampling factor 4 Port 5 16 configured rate 1500 actual rate 2048 Subsampling factor 4 Port 5 15 configured...

Page 261: ...ndicates how many have been configured Configured UDP source port The UDP source port used to send data to the collector Polling interval The port counter polling interval Configured default sampling...

Page 262: ...The ports on which you enabled sFlow Module Sampling Rates The configured and actual sampling rates for each module If a module does not have any sFlow enabled ports the rates are listed as 0 Port Sa...

Page 263: ...ands in this example configure a link utilization list with port 1 1 as the uplink port and ports 1 2 and 1 3 as the downlink ports device config relative utilization 1 uplink eth 1 1 downlink eth 1 2...

Page 264: ...not always equal 100 This is true in cases where the ports exchange some traffic with other ports in the system or when the downlink ports are configured together in a port based VLAN In the following...

Page 265: ...egister it increments the relevant error count by 1 Otherwise it restarts the timer and waits for the given interval Hardware error registers are cleared when read so after Sysmon reads the value they...

Page 266: ...r rolls over On the other hand if you choose logging to syslog messages are sent to the configured syslog servers Configure system monitoring You can use the following commands at the privileged EXEC...

Page 267: ...lobal level The no form of this command resets the parameter to default value Syntax sysmon log backoff number no sysmon log backoff Parameters number Specifies the number of times to skip an event lo...

Page 268: ...ine the global value later the latest value prevails The threshold is defined as N W where N is the number of events and W is the number of consecutive polling periods When the threshold is reached ac...

Page 269: ...persists it will be continuously logged internally and or externally to syslog as defined by the action The log back off count skips configured number of logs before logging again action Specifies the...

Page 270: ...ke when the error count exceeds the specified threshold and log back off values none The error is logged in the internal sysmon logs This is the default value syslog The error is logged to syslog Mode...

Page 271: ...ggered events Specifies the threshold in terms of the number of events Valid values are 1 through 10 polling interval Specifies the number of polling windows The device polls the internal registers at...

Page 272: ...W implies that there is no threshold and no event will be triggered events Specifies the threshold in terms of the number of events Valid values are 1 through 10 polling interval Specifies the number...

Page 273: ...ures system monitoring for cross bar errors The no form of this command resets the parameters to default values Syntax sysmon xbar error count threshold events polling interval log backoff value actio...

Page 274: ...ing interval log backoff value action none syslog no sysmon xbar link Parameters threshold Defines the failure threshold for the fabric adapter error count event The threshold is defined as N W where...

Page 275: ...C errors ConfigTable0 errors TCAM error TCAM action parity errors Token bucket priority parity errors State variable parity errors Link list RAM ECC errors FBUF RAM ECC errors Egress VLAN parity error...

Page 276: ...voids overflow of the internal log or of the syslog action Specifies the action to take when the error count exceeds the specified threshold and log back off values none No action is taken This is the...

Page 277: ...sysmon counters for cross bar You can specify all or a cross bar identified by the index error Clears the cross bar sysmon error counters You can specify all or a cross bar identified by the index lin...

Page 278: ...gs Aug 3 03 59 22 C Sysmon XBAR LINK SFM1 XBAR1 FPORT0 NO SYNC Aug 3 03 59 22 C Sysmon FA Link SLOT9 FA16 Link0 HG Link error Aug 3 03 58 22 W Sysmon PP ERROR SLOT4 PP6 error occurred Aug 3 03 59 34 W...

Page 279: ...nit on which errors to be displayed all Displays errors for all stack units link error Displays the link error count on FCX and ICX devices This option is not supported on FSX devices stack unit Speci...

Page 280: ...r 0 Sysmon SFM 1 xbar 0 HG link Rx error detected number of times HG link BadLen BadHeader ReformatErr 0 0 0 0 1 0 0 0 2 0 1 0 3 0 0 0 4 0 0 0 5 0 0 0 6 0 0 0 7 0 0 0 8 0 0 0 9 0 0 0 10 0 0 0 11 0 0 0...

Page 281: ...s Stacking unit 4 FCX Link error detect Port 24 Link error detect 0 remote fault detect 0 lane error detect 0 Port 25 Link error detect 0 remote fault detect 0 lane error detect 0 Port 26 Link error d...

Page 282: ...Event FA_LINK Enabled Threshold 2 10 Log Backoff Number 10 Action log internal syslog Sysmon Event XBAR_ERROR_COUNT Enabled Threshold 2 10 Log Backoff Number 10 Action log internal syslog Sysmon Event...

Page 283: ...llowing command displays the statistics for all SFMs on the device Brocade config show sysmon system sfm all SFM 1 Xbar 2 X link Status FlowCtrl FA dev Link Status FlowCtrl 2 OK 0x0 19 0 OK 0x0 3 OK 0...

Page 284: ...show sysmon system sfm 284 FastIron Ethernet Switch Administration Guide 53 1003625 01...

Page 285: ...ce to retain Syslog messages after a soft reboot reload command Refer to Retaining Syslog messages after a soft reboot on page 293 The Syslog service on a Syslog server receives logging messages from...

Page 286: ...y of Syslog messages on the management console When you enable this feature the software displays a Syslog message on the management console when the message is generated However to enable display of...

Page 287: ...gging is enabled by default with the following settings Messages of all severity levels Emergencies Debugging are logged By default up to 50 messages are retained in the local Syslog buffer This can b...

Page 288: ...e letter codes Static and dynamic buffers The software provides two buffers Static logs power supply failures fan failures and temperature warning or shutdown messages Dynamic logs all other message t...

Page 289: ...on whether you have set the time and date on the onboard system clock If you have set the time and date on the onboard system clock the date and time are shown in the following format mm dd hh mm ss w...

Page 290: ...was generated when the device had been running for 21 days seven hours two minutes and 40 seconds device show logging Syslog logging enabled 0 messages dropped 0 flushes 0 overruns Buffer logging leve...

Page 291: ...no logging buffered debugging device config no logging buffered informational Syntax no loggingbuffered level num entries The level parameter can have one of the following values alerts critical debu...

Page 292: ...gure the Brocade device to use two Syslog servers the device uses the same facility on both servers device config logging facility local0 Syntax loggingfacility facility name The facility name can be...

Page 293: ...logging Syslog logging enabled 0 messages dropped 0 flushes 0 overruns Buffer logging level ACDMEINW 3 messages logged level code A alert C critical D debugging M emergency E error I informational N...

Page 294: ...yslog messages from the local buffer To clear the Syslog messages stored in the local buffer of the Brocade device enter the clear logging command device clear logging Syntax clear logging Syslog mess...

Page 295: ...e in slot 5 encountered unrecoverable PCI config read failure Module will be deleted 0d00h00m02s A System Module in slot 5 encountered PCI config read error Bus 10 Dev 3 Reg Offset 0 0d00h00m00s W Sys...

Page 296: ...Syslog messages for hardware errors 296 FastIron Ethernet Switch Administration Guide 53 1003625 01...

Page 297: ...nformational Debugging Brocade Syslog messages Message num modules modules and 1 power supply need more power supply Explanation Indicates that the chassis needs more power supplies to run the modules...

Page 298: ...s enabled for the port but the RADIUS Access Accept message did not include VLAN information This is treated as an authentication failure Message Level Alert Message MAC Authentication failed for mac...

Page 299: ...ndicates the chassis slot containing the module The module state can be one of the following active standby crashed coming up unknown Message Level Alert Message OSPF LSA Overflow LSA Type lsa type Ex...

Page 300: ...he memory address is in hexadecimal format Message Level Alert Message System Module in slot slot num encountered PCI memory write error Mem Addr memory address Explanation The module encountered a ha...

Page 301: ...alidation failure The module will be disabled or powered down Message Level Alert Message System Module in slot slot num encountered unrecoverable PCI memory read failure Module will be deleted Explan...

Page 302: ...e module Message Level Alert Message Authentication shut down portnum due to DOS attack Explanation Denial of Service DoS attack protection was enabled for multi device port authentication on the spec...

Page 303: ...AC Filter applied to port port id by username from session id filter id filter ids Explanation Indicates a MAC address filter was applied to the specified port by the specified user during the specifi...

Page 304: ...hile singleton was configured on the port Message Level Informational Message user name login to PRIVILEGED mode Explanation A user has logged into the Privileged EXEC mode of the CLI The user name is...

Page 305: ...ge root ID Message Level Informational Message Bridge root changed vlan vlan id new root ID string root interface portnum Explanation A Spanning Tree Protocol STP topology change has occurred The vlan...

Page 306: ...t member of a VE virtual interface Explanation The RADIUS server returned an IP ACL or MAC address filter but the port is a member of a virtual interface VE Message Level Informational Message DOT1X p...

Page 307: ...onfiguration Message Level Informational Message DOT1X port portnum MAC mac address Invalid MAC filter ID this ID is user defined and cannot be used Explanation The port was assigned a MAC address fil...

Page 308: ...on could not take place on the port This happened because strict security mode was enabled and one of the following occurred Insufficient system resources were available on the device to apply an IP A...

Page 309: ...only password deleted added modified from console telnet ssh snmp OR Line password deleted added modified from console telnet ssh snmp Explanation A user created re configured or deleted an Enable or...

Page 310: ...protocol up Explanation The line protocol on a port has come up The portnum is the port number Message Level Informational Message Interface portnum state down Explanation A port has gone down The por...

Page 311: ...xplanation BPDU guard violation occurred in MSTP Message Level Informational Message OPTICAL MONITORING port port number is not capable Explanation The optical transceiver is qualified by Brocade but...

Page 312: ...SER PRIVILEGE EXEC mode Explanation The specified user logged into the device using Telnet or SSH from either or both the specified IP address and MAC address The user logged into the specified EXEC m...

Page 313: ...Explanation A user enabled or disabled an SSH or Telnet session or changed the SSH enable disable configuration through the SNMP console SSH or Telnet session Message Level Informational Message start...

Page 314: ...re has detected a superior BPDU and goes into the inconsistent state on vlan id port id Message Level Informational Message STP VLAN vlan id BPDU guard port port number detect Received BPDU putting in...

Page 315: ...l Informational Message System Fan speed changed automatically to fan speed Explanation The system automatically changed the fan speed to the speed specified in this message Message Level Informationa...

Page 316: ...slot port to unit slot port on vlan id Explanation A MAC address is deleted from a range of interfaces which are members of the specified VLAN Message Level Informational Message System Static MAC ent...

Page 317: ...ber of minutes Message Level Informational Message Trunk group ports created by 802 3ad link aggregation module Explanation 802 3ad link aggregation is configured on the device and the feature has dyn...

Page 318: ...ormational Message Stack Stack unit unit has been added to the stack system Explanation The specified unit has been added to the stacking system Message Level Informational Message System Management M...

Page 319: ...Temperature actual temp C degrees warning level warning temp C degrees shutdown level shutdown temp C degrees Explanation The actual temperature reading for a unit in a stack is above the warning tem...

Page 320: ...on 802 1W selected a new root bridge as a result of the BPDUs received on a bridge port Message Level Informational Message vlan vlan id New RootPort portnum RootSelection Explanation 802 1W changed t...

Page 321: ...e allowed on an individual interface has been exceeded The rate indicates the maximum rate allowed The portnum indicates the port This message can occur if fragment thottling is enabled Message Level...

Page 322: ...portnum type number drop Explanation Indicates that the DHCP client receives DHCP server reply packets on untrusted ports and packets are dropped Message Level Notification Message DOT1X issues softw...

Page 323: ...S has come up The system id is the system ID of the IS IS The circuit id is the ID of the circuit over which the adjacency was established Message Level Notification Message ISIS L2 ADJACENCY DOWN sys...

Page 324: ...the victim of a TCP SYN DoS attack All TCP SYN packets will be dropped for the number of seconds specified by the locku p value When the lockup period expires the packet counter is reset and measureme...

Page 325: ...emoved from slot slot num Explanation Indicates that a module was removed from a chassis slot The slot num is the number of the chassis slot from which the module was removed Message Level Notificatio...

Page 326: ...ntication failure network mask mismatch hello interval mismatch dead interval mismatch option mismatch unknown The packet type can be one of the following hello database description link state request...

Page 327: ...interface received a bad packet The router id is the router ID of the Brocade device The ip addr is the IP address of the interface on the Brocade device The src ip addr is the IP address of the inter...

Page 328: ...eived an OSPF packet with an invalid type The parameters are the same as for the Bad Checksum message The pkt type type value is unknown indicating that the packet type is invalid Message Level Notifi...

Page 329: ...ription link state request link state update link state ack unknown The lsa type is the type of LSA The lsa id is the LSA ID The lsa router id is the LSA router ID Message Level Notification Message O...

Page 330: ...anged The router id is the router ID of the Brocade device The ip addr is the IP address of the neighbor The nbr router id is the router ID of the neighbor The ospf state indicates the state to which...

Page 331: ...bad version area mismatch unknown NBMA neighbor unknown virtual neighbor authentication type mismatch authentication failure network mask mismatch hello interval mismatch dead interval mismatch option...

Page 332: ...nknown Message Level Notification Message OSPF virtual intf rcvd bad pkt rid router id intf addr ip addr pkt src addr src ip addr pkt type pkt type Explanation Indicates that an OSPF interface receive...

Page 333: ...lsa type is the type of LSA The lsa id is the LSA ID The lsa router id is the LSA router ID Message Level Notification Message OSPF virtual intf state changed rid router id area area id nbr ip addr st...

Page 334: ...nation Threshold parameters for ICMP transit through traffic have been configured on an interface and the maximum burst size for ICMP packets on the interface has been exceeded The portnum is the port...

Page 335: ...The portnum is the port or interface where VRRP or VRRP E is configured The virtual router id is the virtual router ID VRID configured on the interface The vrrp state can be one of the following init...

Page 336: ...ddr Explanation Port has received a query with a MLD version that does not match the port MLD version This message is rated limited to appear a maximum of once every 10 hours Message Level Warning Mes...

Page 337: ...y packets matching the values above were dropped during the five minute interval represented by the log entry Message Level Warning Message multicast no software resource resource name rate limited nu...

Page 338: ...of the filter list The direction indicates whether the filter was applied to incoming packets or outgoing packets The value can be one of the following in out The V1 or V2 value specifies the RIP vers...

Page 339: ...ture enabling multicast enabled full streaming audio and video applications for converged services such as Voice over IP VoIP Wireless Local Area Access WLAN points IP surveillance cameras and other I...

Page 340: ...n the two pairs 802 3af and 802 3at compliant PDs are able to accept power from either set of pairs Brocade PoE devices use the Endspan method compliant with the 802 3af and 802 3at standards The Ends...

Page 341: ...ch and the PD and delivers power over the network using the spare pairs of wires Alternative B The intermediate device has multiple channels typically 6 to 24 and each of the channels has data input a...

Page 342: ...ched to the network When an 802 3af or 802 3at compatible device is plugged into a PoE PoE or PoH port the PD reflects test voltage back to the power sourcing device the Brocade device ultimately caus...

Page 343: ...the power supply or power supplies Each PoE or PoE port supports a maximum of 15 4 or 30 watts of power per power consuming device Each PoH port supports a maximum of 95 watts of power lower wattage...

Page 344: ...command to display detailed information about the PoE power supplies installed in a FastIron PoE device For more information refer to section Displaying detailed information about PoE power supplies...

Page 345: ...installed in a chassis that is operating with 54 volt capable power supplies that are not actively providing power the system configures the power supplies to operate at 52 volts In this case the new...

Page 346: ...surveillance cameras IP surveillance technology provides digital streaming of video over Ethernet providing real time remote access to video feeds from cameras The main benefit of using IP surveillan...

Page 347: ...ll it individually on every switch in the stack NOTE The CLI syntax to install PoE firmware is different on FSX FCX and ICX platforms NOTE Installation of PoE firmware interrupts PoE services on the i...

Page 348: ...9 because of power management PoE Power disabled on port 3 1 10 because of power management PoE Power disabled on port 3 1 11 because of power management PoE Power disabled on port 3 1 12 because of p...

Page 349: ...of 30000 mwatts on port 3 1 21 Will retry when more power budget PoE Failed power allocation of 30000 mwatts on port 3 1 22 Will retry when more power budget PoE Failed power allocation of 30000 mwat...

Page 350: ...rmware Download on slot 1 30 percent completed U1 MSG PoE Info Firmware Download on slot 1 40 percent completed U1 MSG PoE Info Firmware Download on slot 1 50 percent completed U1 MSG PoE Info Firmwar...

Page 351: ...PoE Power disabled on port 1 1 19 because of admin off PoE Power disabled on port 1 1 20 because of admin off PoE Power disabled on port 1 1 21 because of admin off PoE Power disabled on port 1 1 22...

Page 352: ...t for legacy power consuming devices on a stackable device enter the following command at the stack unit CONFIG level of the CLI device config unit 2 no legacy inline power On chassis devices you can...

Page 353: ...rough CDP Many power consuming devices such as Cisco VoIP phones and other vendors devices use the Cisco Discovery Protocol CDP to advertise their power requirements to power sourcing devices such as...

Page 354: ...m power level on one port and a power class on another port The Brocade PoE PoE or High PoE device adjusts the power on a port only if there are available power resources If power resources are not av...

Page 355: ...over HDBaseT PoH 0 default 15 4 15 4 15 4 1 optional 4 4 4 2 optional 7 7 7 3 optional 15 4 15 4 15 4 4 optional 15 4 30 95 Refer to Considerations for setting power levels on page 354 for essential...

Page 356: ...power allocations For information about resetting the power class refer to Resetting PoE parameters on page 358 Setting the power budget for a PoE interface module on an FSX device By default each Po...

Page 357: ...has the higher value Ports that are configured with the same inline power priority are given precedence based on the slot number and port number in ascending order provided enough power is available...

Page 358: ...the maximum power level power limit command even though you are keeping the current configured maximum power level at 3000 If you do not specify the maximum power level the device will apply the defa...

Page 359: ...Honored 146 times Port Admin Oper Power mWatts PD Type PD Class Pri Fault State State Consumed Allocated Error 1 1 1 On On 6385 7000 802 3af Class 2 3 n a 1 1 2 On On 6479 7000 802 3af Class 2 3 n a...

Page 360: ...E power consuming devices Both values are shown in milliwatts Power Allocations The number of times the device fulfilled PoE requests for power Port The slot number and port number Admin State Specifi...

Page 361: ...table in the section Setting the power class for a PoE power consuming device on page 355 shows the different power classes and their respective maximum power allocations This field can also be Unkno...

Page 362: ...mit thereby powering down the port PD DC fault A succession of underload and overload states or a PD DC DC fault caused the port to shutdown short circuit A short circuit was detected on the port deli...

Page 363: ...of PD Ports 2 Total PD Power Available to PSE 0 Total PD Power Switched to PSE 0 Port Oper Oper Fault State Mode Error 1 2 1 On 802 3at n a 1 2 2 Off n a n a The following shows an example of the sho...

Page 364: ...displayed n a No error or fault condition on the PD port Displaying detailed information about PoE power supplies The show inline power detail command displays detailed operational information about t...

Page 365: ...W Power Supply Data On stack 3 Power Supply 1 Max Curr 7 5 Amps Voltage 54 0 Volts Capacity 410 Watts POE Details Info On Stack 3 General PoE Data Firmware Version 02 1 0 Cumulative Port State Data P...

Page 366: ...mption Allocation Budget 3 0 0 48 513 90 W 739 200 W 65535 0 W 4 0 0 48 1346 497 W 1440 0 W 65535 0 W 6 0 0 24 0 0 W 0 0 W 65535 0 W 7 0 0 48 43 72 W 61 600 W 65535 0 W 8 0 0 24 0 0 W 0 0 W 65535 0 W...

Page 367: ...n Fan 1 Air Flow Direction Front to Back Fan 2 Air Flow Direction Front to Back Slot 1 Current Temperature 49 0 deg C Sensor 1 39 5 deg C Sensor 2 Slot 2 Current Temperature NA Warning level 100 0 deg...

Page 368: ...28640 30000 802 3at Class 4 3 n a Total 679371 720000 ICX7250 24P Router show inline power detail Power Supply Data On stack 1 Power Supply Data Power Supply 1 Max Curr 6 6 Amps Voltage 54 0 Volts Ca...

Page 369: ...by Brocade Technical Support for troubleshooting Max Curr The PoE power supply maximum current capacity Voltage The PoE power supply current input voltage Capacity The PoE power supply total power ca...

Page 370: ...e of insufficient power Ports Off No PD The number of ports on the Interface module to which no PDs are connected Ports Off Fault The number of ports on the Interface module that are not receiving pow...

Page 371: ...state unless the decouple datalink keyword is used as a command option when configuring inline power on the LAG ports For more information refer to Decouple the PoE and datalink operations on PoE por...

Page 372: ...ower on the primary port with the power by class option The following example configures inline power on the primary port 1 1 1 with power by class option 3 Device config inline power ethernet 1 1 1 p...

Page 373: ...OTE The decouple datalink keyword was introduced in Release 08 0 01 to support the Decoupling of PoE and Datalink Operations feature Decoupling of inline power and datalinks is not supported in releas...

Page 374: ...e of 12000 mWatts and decouples the datalink operations and the inline power for this port Device config inline power ethernet 1 1 4 decouple datalink power limit 12000 5 Configure a LAG The following...

Page 375: ...g example configures inline power on the PoE port Ethernet 1 1 1 with power by class option 3 and decouples the datalink operations from the PoE operations for this port Device config if e1000 1 1 1 i...

Page 376: ...fies an actual power value of12000 mWatts and decouples the datalink operations and the PoE operations for this port Device config if e1000 1 1 4 inline power decouple datalink power limit 12000 Power...

Page 377: ...on page 378 for more information NOTE Breakout can be configured only when the device is in store and forward mode Breakout is not supported in cut through mode NOTE Stacking cannot be enabled on ICX...

Page 378: ...nd must be reissued The resulting configuration must be saved and the unit must then be reloaded before the four 10 Gbps sub ports are created and accessible For example to configure ports 1 3 1 throu...

Page 379: ...2 3 4 The four 10 Gbps sub ports for port 1 2 3 can be represented as 1 2 3 1 1 2 3 2 1 2 3 3 and 1 2 3 4 The following example shows no breakout on port 1 2 4 a 40 Gbps port that is up device show i...

Page 380: ...1 1 1 Down None None None None No 1 0 cc4e 2439 3700 1 1 2 Down None None None None No 1 0 cc4e 2439 3701 1 1 3 Down None None None None No 1 0 cc4e 2439 3702 1 1 4 Down None None None None No 1 0 cc4...

Page 381: ...terface ethernet 1 2 4 2 device config if e10000 1 2 2 2 port name subport2 device config if e10000 1 2 2 2 interface ethernet 1 2 4 3 device config if e10000 1 2 2 3 port name subport3 device config...

Page 382: ...8192 bytes per dot Copy Done Device config end Device reload NOTE If there had been any configuration on any sub ports 1 3 1 1 to 1 3 6 4 the no breakout command would have returned an error The confi...

Page 383: ...wing example displays breakout port information for an ICX 7750 48F Port 1 2 1 is the only port with active sub ports however ports 1 2 2 and 1 2 4 are configured for breakout pending reload Device sh...

Page 384: ...Displaying information for breakout ports 384 FastIron Ethernet Switch Administration Guide 53 1003625 01...

Page 385: ...tp www openssl org THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR...

Page 386: ...If you include any Windows specific code or a derivative thereof from the apps directory application code you must include an acknowledgment This product includes software written by Tim Hudson tjh c...

Page 387: ...ctr or aes128 ctr are enabled and the CBC mode ciphers are removed The AES CBC mode can be re enabled by issuing the no ip ssh encryption disable aes cbc command which will bring back the pre existing...

Page 388: ...and the incoming SNMP packets can be filtered based on the IPv6 ACL attached to the group For more information refer to Defining an SNMP group on page 152 and Defining an SNMP group and specifying wh...

Reviews:

No comments