Home
/
Dell
/
PowerConnect M6220
/
User Configuration Manual

Dell PowerConnect M6220, User Configuration Manual

Share

Page: 186 / 1294

Dell PowerConnect M6220 User Configuration Manual Download Page 186

186

Configuring Authentication, Authorization, and Accounting

profiles have an implicit “deny all” rule, such that any command that does

not match any rule in the profile is considered to have been denied by that

profile.
A user can be assigned to more than one profile. If there are conflicting rules

in profiles, the “permit” rule always takes precedence over the “deny” rule.

That is, if any profile assigned to a user permits a command, then the user is

permitted access to that command. A user may be assigned up to 16 profiles.
A number of profiles are provided by default. These profiles cannot be altered

by the switch administrator. See "Administrative Profiles" on page 204 for the

list of default profiles.
If the successful authorization method does not provide an administrative

profile for a user, then the user is permitted access based upon the user's

privilege level. This means that, if a user successfully passes enable

authentication or if exec authorization assigns a privilege level, the user is

permitted access to all commands. This is also true if none of the

administrative profiles provided are configured on the switch. If some, but

not all, of the profiles provided in the authentication are configured on the

switch, then the user is assigned the profiles that exist, and a message is

logged that indicates which profiles could not be assigned.

Accounting

Accounting is used to record security events, such as a user logging in or

executing a command. Accounting records may be sent upon completion of

an event (stop-only) or at both the beginning and end of an event (start-

stop). There are three types of accounting: commands, dot1x, and exec.

•

Commands

—Sends accounting records for command execution.

•

Dot1x

—Sends accounting records for network access.

•

Exec

—Sends accounting records for management access (logins).

For more information about the data sent in accounting records, see "Which

RADIUS Attributes Does the Switch Support?" on page 198 and "Using

Servers to Control Management Access" on page 201.
Table 9-4 shows the valid methods for each type of accounting:

«
...
184
185
186
187
188
...
»

Summary of Contents for PowerConnect M6220

Page 1: ...Dell PowerConnect M6220 M6348 M8024 and M8024 k Switch User s Configuration Guide Regulatory Models PCM6220 PCM6348 PCM8024 and PCM8024 k ...

Page 2: ...ogic PowerConnect and OpenManage are trademarks of Dell Inc Microsoft Windows Windows Server MS DOS and Windows Vista are either trademarks or registered trademarks of Microsoft Corporation in the United States and or other countries sFlow is a registered trademark of InMon Corporation Cisco is a registered trademark of Cisco Systems Mozilla and Firefox are registered trademarks of the Mozilla Fou...

Page 3: ...mple Mode 54 Port Aggregator 55 System Time Management 55 Log Messages 55 Integrated DHCP Server 56 Management of Basic Network Information 56 IPv6 Management Features 56 Dual Software Images 56 File Management 57 Switch Database Management Templates 57 Automatic Installation of Firmware and Configuration 57 sFlow 58 SNMP Alarms and Trap Logs 58 CDP Interoperability through ISDP 58 Remote Monitori...

Page 4: ... 60 Security Features 60 Configurable Access and Authentication Profiles 60 Password Protected Management Access 61 Strong Password Enforcement 61 TACACS Client 61 RADIUS Support 61 SSH SSL 62 Inbound Telnet Control 62 Denial of Service 62 Port Protection 62 Captive Portal 63 Dot1x Authentication IEEE 802 1X 63 MAC Based 802 1X Authentication 63 Dot1x Monitor Mode 64 MAC Based Port Security 64 Acc...

Page 5: ...Layer Discovery Protocol LLDP 69 Link Layer Discovery Protocol LLDP for Media Endpoint Devices 69 Connectivity Fault Management IEEE 802 1ag 69 Priority based Flow Control PFC 70 Data Center Bridging Exchange DBCx Protocol 70 Fibre Channel over Ethernet FCoE Initialization Protocol Snooping 70 Cisco Protocol Filtering 71 DHCP Layer 2 Relay 71 Virtual Local Area Network Supported Features 71 VLAN S...

Page 6: ...gation 75 Link Aggregate Control Protocol LACP 75 Routing Features 77 Address Resolution Protocol ARP Table Management 77 VLAN Routing 77 IP Configuration 77 Open Shortest Path First OSPF 77 BOOTP DHCP Relay Agent 78 IP Helper and UDP Relay 78 Routing Information Protocol 78 Router Discovery 78 Routing Table 78 Virtual Router Redundancy Protocol VRRP 79 Tunnel and Loopback Interfaces 79 IPv6 Routi...

Page 7: ...t Features 84 Distance Vector Multicast Routing Protocol 84 Internet Group Management Protocol 84 IGMP Proxy 84 Protocol Independent Multicast Dense Mode 84 Protocol Independent Multicast Sparse Mode 85 Protocol Independent Multicast Source Specific Multicast 85 Protocol Independent Multicast IPv6 Support 85 MLD MLDv2 RFC2710 RFC3810 85 3 Hardware Overview 87 PowerConnect M6220 M6348 M8024 and M80...

Page 8: ...tch Administrator 101 Starting the Application 102 Understanding the Interface 103 Defining Fields 105 Understanding the Device View 106 Using the Device View Port Features 106 5 Using the Command Line Interface 107 Accessing the Switch Through the CLI 107 Console Connection 107 Telnet Connection 108 Understanding Command Modes 109 Entering CLI Commands 111 Using the Question Mark to Get Help 111 ...

Page 9: ...23 Why Is Basic Network Information Needed 124 How Is Basic Network Information Configured 125 What Is Out of Band Management and In Band Management 125 Default Network Information 127 Configuring Basic Network Information Web 128 Out of Band Interface 128 IP Interface Configuration Default VLAN IP Address 129 Route Entry Configuration Switch Default Gateway 130 Domain Name Server 132 Default Doma...

Page 10: ...t M6220 Stack 145 Creating a PowerConnect M6348 Stack 146 Creating a PowerConnect M8024 k Stack 147 PowerConnect 7000 Series and M6348 Stacking Compatibility 149 How is the Stack Master Selected 150 Adding a Switch to the Stack 151 Removing a Switch from the Stack 152 How is the Firmware Updated on the Stack 152 What is Stacking Standby 153 What is Nonstop Forwarding 153 Switch Stack MAC Addressin...

Page 11: ...F Settings 167 Viewing and Clearing Stacking and NSF Information 169 Stacking and NSF Usage Scenarios 169 Basic Failover 170 Preconfiguring a Stack Member 172 NSF in the Data Center 174 NSF and VoIP 175 NSF and DHCP Snooping 176 NSF and the Storage Access Network 177 NSF and Routed Access 179 9 Configuring Authentication Authorization and Accounting 181 AAA Overview 181 Methods 182 Access Lines 18...

Page 12: ...files 192 TACACS Authorization Example Custom Administrative Profile 193 TACACS Authorization Example Per command Authorization 194 RADIUS Authorization Example Direct Login to Privileged EXEC Mode 195 RADIUS Authorization Example Administrative Profiles 195 Using RADIUS Servers to Control Management Access 196 How Does RADIUS Control Management Access 196 Which RADIUS Attributes Does the Switch S...

Page 13: ...ty Levels 209 What Are the System Startup and Operation Logs 209 What Is the Log Message Format 210 What Factors Should Be Considered When Configuring Logging 211 Default Log Settings 211 Monitoring System Information and Configuring Logging Web 213 Device Information 213 System Health 215 System Resources 216 Integrated Cable Test for Copper Cables 217 Optical Transceiver Diagnostics 218 Log Glob...

Page 14: ... 236 Logging Configuration Examples 238 Configuring Local and Remote Logging 238 Configuring Email Alerting 239 11 Managing General System Settings 243 System Settings Overview 243 Why Does System Information Need to Be Configured 244 What is Simple Mode 245 What is the Port Aggregator Feature 247 What Is the LAG Dependency Feature in Port Aggregator Mode 248 What Are SDM Templates 248 Why is the ...

Page 15: ...ettings 271 SNTP Authentication 272 SNTP Server 274 Summer Time Configuration 278 Time Zone Configuration 279 Slot Summary 280 Supported Cards 281 Configuring System Settings CLI 282 Configuring System Information 282 Configuring the Banner 283 Managing the SDM Template 284 Configuring the Operational Mode and Port Aggregator Features 284 Configuring SNTP Authentication and an SNTP Server 286 Sett...

Page 16: ...Pv3 User Security Model USM 306 Communities 309 Notification Filter 311 Notification Recipients 312 Trap Flags 315 OSPFv2 Trap Flags 316 OSPFv3 Trap Flags 317 Trap Log 318 Configuring SNMP CLI 319 Configuring the SNMPv3 Engine ID 319 Configuring SNMP Views Groups and Users 320 Configuring Communities 323 Configuring SNMP Notifications Traps and Informs 325 SNMP Configuration Examples 328 Configuri...

Page 17: ...the Running Configuration Saved 339 Managing Images and Files Web 340 File System 340 Active Images 341 File Download 342 File Upload 344 Copy Files 346 Managing Images and Files CLI 347 Downloading and Activating a New Image TFTP 347 Managing Files in Internal Flash 348 Uploading a Configuration File SCP 349 Managing Configuration Scripts SFTP 350 File and Image Management Configuration Examples ...

Page 18: ... Auto Configuration Web 365 Auto Install Configuration 365 Managing Auto Configuration CLI 366 Managing Auto Configuration 366 Auto Configuration Example 367 Enabling DHCP Auto Configuration and Auto Image Download 367 15 Monitoring Switch Traffic 369 Traffic Monitoring Overview 369 What is sFlow Technology 369 What is RMON 372 What is Port Mirroring 373 Why is Traffic Monitoring Needed 374 Defaul...

Page 19: ...Table 389 RMON Event Control 390 RMON Event Log 392 RMON Alarms 393 Port Statistics 395 LAG Statistics 396 Port Mirroring 397 Monitoring Switch Traffic CLI 399 Configuring sFlow 399 Configuring RMON 401 Viewing Statistics 403 Configuring Port Mirroring 404 Traffic Monitoring Configuration Examples 405 Configuring sFlow 405 Configuring RMON 407 16 Configuring iSCSI Optimization 409 iSCSI Optimizati...

Page 20: ...ell Compellent Arrays 414 iSCSI CoS and Priority Flow Control Enhanced Transmission Selection Interactions 415 Default iSCSI Optimization Values 416 Configuring iSCSI Optimization Web 417 iSCSI Global Configuration 417 iSCSI Targets Table 418 iSCSI Sessions Table 419 iSCSI Sessions Detailed 420 Configuring iSCSI Optimization CLI 421 iSCSI Optimization Configuration Examples 423 Configuring iSCSI O...

Page 21: ...ation 444 Captive Portal Global Status 445 Captive Portal Activation and Activity Status 446 Interface Activation Status 447 Interface Capability Status 448 Client Summary 449 Client Detail 450 Captive Portal Interface Client Status 451 Captive Portal Client Status 452 Configuring Captive Portal CLI 453 Configuring Global Captive Portal Settings 453 Creating and Configuring a Captive Portal 454 Co...

Page 22: ...ion 470 Link Dependency Configuration 473 Link Dependency Summary 475 Configuring Port Characteristics CLI 476 Configuring Port Settings 476 Configuring Link Dependencies 477 Port Configuration Examples 479 Configuring Port Settings 479 Configuring a Link Dependency Groups 480 19 Configuring Port and System Security 481 IEEE 802 1X 482 What is IEEE 802 1X 482 What are the 802 1X Port States 483 Wh...

Page 23: ...X Values 518 Configuring Port Security CLI 521 Denial of Service 522 20 Configuring Access Control Lists 523 ACL Overview 523 What Are MAC ACLs 524 What Are IP ACLs 525 What Is the ACL Redirect Function 525 What Is the ACL Mirror Function 525 What Is ACL Logging 526 What Are Time Based ACLs 526 What Are the ACL Limitations 527 How Are ACLs Configured 528 Preventing False ACL Matches 528 Configurin...

Page 24: ...s 551 Configuring an IP ACL 551 Configuring a MAC ACL 553 Configuring a Time Based ACL 555 Configuring a Management Access List 556 21 Configuring VLANs 561 VLAN Overview 561 Switchport Modes 564 VLAN Tagging 565 GVRP 566 Double VLAN Tagging 566 Voice VLAN 568 Private VLANs 570 Additional VLAN Features 576 Default VLAN Behavior 577 Configuring VLANs Web 579 VLAN Membership 579 VLAN Port Settings 5...

Page 25: ...604 Configuring Double VLAN Tagging 606 Configuring MAC Based VLANs 607 Configuring IP Based VLANs 608 Configuring a Protocol Based VLAN 608 Configuring GVRP 610 Configuring Voice VLANs 612 VLAN Configuration Examples 613 Configuring VLANs Using Dell OpenManage Administrator 616 Configure the VLANs and Ports on Switch 2 620 Configuring VLANs Using the CLI 621 Configuring a Voice VLAN 625 22 Config...

Page 26: ...ings 648 Configuring Spanning Tree CLI 650 Configuring Global STP Bridge Settings 650 Configuring Optional STP Features 651 Configuring STP Interface Settings 652 Configuring MSTP Switch Settings 653 Configuring MSTP Interface Settings 654 STP Configuration Examples 655 Configuring STP 655 Configuring MSTP 657 23 Discovering Network Devices 659 Device Discovery Overview 659 What Is ISDP 659 What i...

Page 27: ...Device Information 677 Configuring ISDP and LLDP CLI 678 Configuring Global ISDP Settings 678 Enabling ISDP on a Port 679 Viewing and Clearing ISDP Information 679 Configuring Global LLDP Settings 680 Configuring Port based LLDP Settings 680 Viewing and Clearing LLDP Information 681 Configuring LLDP MED Settings 682 Viewing LLDP MED Information 683 Device Discovery Configuration Examples 683 Confi...

Page 28: ...ontrol 698 Configuring Protected Ports 699 Configuring LLPF 700 Port Based Traffic Control Configuration Example 701 25 Configuring L2 Multicast Features 703 L2 Multicast Overview 703 What Are the Multicast Bridging Features 704 What Is L2 Multicast Traffic 704 What Is IGMP Snooping 705 What Is MLD Snooping 707 What Is Multicast VLAN Registration 708 When Are L3 Multicast Features Required 709 Wha...

Page 29: ...erier 725 VLAN Querier Status 728 MFDB IGMP Snooping Table 729 MLD Snooping General 730 MLD Snooping Global Querier Configuration 732 MLD Snooping VLAN Querier 733 MLD Snooping VLAN Querier Status 735 MFDB MLD Snooping Table 736 MVR Global Configuration 737 MVR Members 738 MVR Interface Configuration 739 MVR Statistics 742 GARP Timers 743 GMRP Parameters 745 MFDB GMRP Table 747 Configuring L2 Mult...

Page 30: ...n 763 What is the Administrator s Role 765 Default Dot1ag Values 766 Configuring Dot1ag Web 767 Dot1ag Global Configuration 767 Dot1ag MD Configuration 767 Dot1ag MA Configuration 768 Dot1ag MEP Configuration 769 Dot1ag MIP Configuration 770 Dot1ag RMEP Summary 771 Dot1ag L2 Ping 772 Dot1ag L2 Traceroute 772 Dot1ag L2 Traceroute Cache 773 Dot1ag Statistics 774 Configuring Dot1ag CLI 775 Configurin...

Page 31: ... Configuring Traffic Snooping and Inspection Web 789 DHCP Snooping Configuration 789 DHCP Snooping Interface Configuration 790 DHCP Snooping VLAN Configuration 792 DHCP Snooping Persistent Configuration 794 DHCP Snooping Static Bindings Configuration 795 DHCP Snooping Dynamic Bindings Summary 797 DHCP Snooping Statistics 798 IPSG Interface Configuration 799 IPSG Binding Configuration 800 IPSG Bind...

Page 32: ...hy Are Link Aggregation Groups Necessary 820 What Is the Difference Between Static and Dynamic Link Aggregation 820 What is LAG Hashing 821 How Do LAGs Interact with Other Features 822 LAG Configuration Guidelines 823 Default Link Aggregation Values 823 Configuring Link Aggregation Web 824 LAG Configuration 824 LACP Parameters 825 LAG Membership 827 LAG Hash Configuration 828 LAG Hash Summary 829 ...

Page 33: ...9 Configuring PFC Using the Web Interface 840 Configuring PFC Using the CLI 842 PFC Configuration Example 844 DCB Capability Exchange 846 Interoperability with IEEE DCBx 847 DCBx and Port Roles 847 Configuration Source Port Selection Process 849 Disabling DCBX 851 Configuring DCBx 851 FIP Snooping 854 Enabling and Disabling FIP Snooping 854 Configuring the FC Map Value 855 Configuring Ports for FI...

Page 34: ...aging the MAC Address Table Web 863 Static Address Table 863 Dynamic Address Table 865 Managing the MAC Address Table CLI 866 Managing the MAC Address Table 866 31 Configuring Routing Interfaces 867 Routing Interface Overview 867 What Are VLAN Routing Interfaces 867 What Are Loopback Interfaces 868 What Are Tunnel Interfaces 869 Why Are Routing Interfaces Needed 870 Default Routing Interface Value...

Page 35: ... are DHCP Options 884 What Additional DHCP Features Does the Switch Support 885 Default DHCP Server Values 885 Configuring the DHCP Server Web 886 DHCP Server Network Properties 886 Address Pool 888 Address Pool Options 892 DHCP Bindings 894 DHCP Server Reset Configuration 895 DHCP Server Conflicts Information 896 DHCP Server Statistics 897 Configuring the DHCP Server CLI 898 Configuring Global DH...

Page 36: ...r Discovery Configuration 915 Router Discovery Status 916 Route Table 917 Best Routes Table 918 Route Entry Configuration 919 Configured Routes 921 Route Preferences Configuration 922 Configuring IP Routing Features CLI 923 Configuring Global IP Routing Settings 923 Adding Static ARP Entries and Configuring ARP Table Settings 924 Configuring Router Discovery IRDP 925 Configuring Route Table Entrie...

Page 37: ...atistics 941 DHCP Relay VLAN Configuration 942 DHCP Relay Agent Configuration 943 IP Helper Global Configuration 944 IP Helper Interface Configuration 946 IP Helper Statistics 948 Configuring L2 and L3 Relay Features CLI 949 Configuring L2 DHCP Relay 949 Configuring L3 Relay IP Helper Settings 951 Relay Agent Configuration Example 953 35 Configuring OSPF and OSPFv3 955 OSPF Overview 956 What Are O...

Page 38: ...guration 975 OSPF Link State Database 976 OSPF Virtual Link Configuration 976 OSPF Virtual Link Summary 978 OSPF Route Redistribution Configuration 979 OSPF Route Redistribution Summary 980 NSF OSPF Configuration PCM6220 PCM6348 and PCM8024 k Only 981 Configuring OSPFv3 Features Web 982 OSPFv3 Configuration 982 OSPFv3 Area Configuration 983 OSPFv3 Stub Area Summary 986 OSPFv3 Area Range Configurat...

Page 39: ...guring OSPFv3 Features CLI 1011 Configuring Global OSPFv3 Settings 1011 Configuring OSPFv3 Interface Settings 1013 Configuring Stub Areas and NSSAs 1015 Configuring Virtual Links 1017 Configuring an OSPFv3 Area Range 1018 Configuring OSPFv3 Route Redistribution Settings 1019 Configuring NSF Settings for OSPFv3 PCM6220 and PCM6348 Only 1020 OSPF Configuration Examples 1021 Configuring an OSPF Borde...

Page 40: ...ummary 1048 RIP Route Redistribution Configuration 1049 RIP Route Redistribution Summary 1050 Configuring RIP Features CLI 1051 Configuring Global RIP Settings 1051 Configuring RIP Interface Settings 1052 Configuring Route Redistribution Settings 1053 RIP Configuration Example 1055 37 Configuring VRRP 1057 VRRP Overview 1057 How Does VRRP Work 1057 What Is the VRRP Router Priority 1058 What Is VRR...

Page 41: ...xample 1072 VRRP with Load Sharing 1072 VRRP with Route and Interface Tracking 1076 38 Configuring IPv6 Routing 1081 IPv6 Routing Overview 1081 How Does IPv6 Compare with IPv4 1082 How Are IPv6 Interfaces Configured 1082 Default IPv6 Routing Values 1083 Configuring IPv6 Routing Features Web 1085 Global Configuration 1085 Interface Configuration 1086 Interface Summary 1087 IPv6 Statistics 1088 IPv6...

Page 42: ... 1106 What Is a Stateless Server 1106 What Is the DHCPv6 Relay Agent Information Option 1106 What Is a Prefix Delegation 1106 Default DHCPv6 Server and Relay Values 1107 Configuring the DHCPv6 Server and Relay Web 1108 DHCPv6 Global Configuration 1108 DHCPv6 Pool Configuration 1109 Prefix Delegation Configuration 1111 DHCPv6 Pool Summary 1112 DHCPv6 Interface Configuration 1113 DHCPv6 Server Bindi...

Page 43: ...5 DiffServ Overview 1125 How Does DiffServ Functionality Vary Based on the Role of the Switch 1126 What Are the Elements of DiffServ Configuration 1126 Default DiffServ Values 1127 Configuring DiffServ Web 1128 DiffServ Configuration 1128 Class Configuration 1129 Class Criteria 1130 Policy Configuration 1132 Policy Class Definition 1134 Service Configuration 1137 Service Detailed Statistics 1138 F...

Page 44: ...4 How Is Traffic Shaping Used on Egress Traffic 1154 How Are Traffic Queues Defined 1155 Which Queue Management Methods Are Supported 1155 CoS Queue Usage 1156 Default CoS Values 1156 Configuring CoS Web 1157 Mapping Table Configuration 1157 Interface Configuration 1160 Interface Queue Configuration 1161 Interface Queue Drop Precedence Configuration 1162 Configuring CoS CLI 1164 Mapping Table Conf...

Page 45: ...CLI 1176 43 Managing IPv4 and IPv6 Multicast 1177 L3 Multicast Overview 1177 What Is IP Multicast Traffic 1178 What Multicast Protocols Does the Switch Support 1179 What Are the Multicast Protocol Roles 1179 When Is L3 Multicast Required on the Switch 1180 What Is the Multicast Routing Table 1180 What Is IGMP 1181 What Is MLD 1182 What Is PIM 1183 What Is DVMRP 1193 Default L3 Multicast Values 119...

Page 46: ...formation 1208 IGMP Interface Source List Information 1209 IGMP Proxy Interface Configuration 1210 IGMP Proxy Configuration Summary 1211 IGMP Proxy Interface Membership Info 1212 Detailed IGMP Proxy Interface Membership Information 1213 Configuring MLD and MLD Proxy Web 1214 MLD Global Configuration 1214 MLD Routing Interface Configuration 1215 MLD Routing Interface Summary 1216 MLD Routing Interf...

Page 47: ...1238 DVMRP Next Hop Summary 1239 DVMRP Prune Summary 1241 DVMRP Route Summary 1242 Configuring L3 Multicast Features CLI 1243 Configuring and Viewing IPv4 Multicast Information 1243 Configuring and Viewing IPv6 Multicast Route Information 1245 Configuring and Viewing IGMP 1246 Configuring and Viewing IGMP Proxy 1248 Configuring and Viewing MLD 1249 Configuring and Viewing MLD Proxy 1250 Configurin...

Page 48: ...nfiguring and Viewing DVMRP Information 1260 L3 Multicast Configuration Examples 1261 Configuring Multicast VLAN Routing With IGMP and PIM SM 1261 Configuring DVMRP 1265 44 System Process Definitions 1267 Index 1275 ...

Page 49: ...o small form factor pluggable SFP 10 GbE ports The PowerConnect M8024 switch provides 16 internal 10 GbE ports and two 10 GbE expansion slots for external 10 GbE uplinks Each expansion slot can support an SFP module four ports CX4 module three ports or 10GBase T module two ports The the M8024 supports mixed environments using combinations of SFP 10GBase T and CX4 modules The PowerConnect M8024 k s...

Page 50: ...d Page names field names menu options button names and CLI commands and keywords courier font Command line text CLI output and file names In a command line square brackets indicate an optional entry In a command line inclusive brackets indicate a selection of compulsory parameters separated by the character One option must be selected For example spanning tree mode stp rstp mstp means that for the...

Page 51: ... provides information about the switch models in the series including front and back panel features It also describes the installation and initial configuration procedures CLI Reference Guide provides information about the command line interface CLI commands used to configure and manage the switch The document provides in depth CLI descriptions syntax default values and usage guidelines ...

Page 52: ...52 Introduction ...

Page 53: ... product The release notes are part of the firmware download System Management Features Stacking Features PCM6220 PCM6348 and PCM8024 k Only Security Features Switching Features Virtual Local Area Network Supported Features Spanning Tree Protocol Features Link Aggregation Features Routing Features IPv6 Routing Features Quality of Service QoS Features Layer 2 Multicast Features Layer 3 Multicast Fe...

Page 54: ...en the required hardware is present or both For example a port can be preconfigured with both trunk and access mode information The trunk mode information is applied only when the port is placed into trunk mode and the access mode information is only applied when the port is placed into access mode Likewise OSPF routing can be configured in the switch without being enabled on any port This capabil...

Page 55: ...time and date locally on the switch You can also configure the time zone and information about time shifts that might occur during summer months If you use SNTP to obtain the time you can require communications between the switch and the SNTP server to be encrypted For information about configuring system time settings see Managing General System Settings on page 243 Log Messages The switch mainta...

Page 56: ...mation Other configurable network information includes a Domain Name Server DNS hostname to IP address mapping and a default domain name If the switch detects an IP address conflict on the management interface it generates a trap and sends a log message For information about configuring basic network information see Setting the IP Address and Other Basic Network Information on page 123 IPv6 Manage...

Page 57: ...ou to reallocate system resources to support a different mix of features based on your network requirements PowerConnect M6220 M6348 M8024 and M8024 k switches support the following three templates Dual IPv4 and IPv6 default IPv4 Routing IPv4 Data Center For information about setting the SDM template see Managing General System Settings on page 243 Automatic Installation of Firmware and Configurat...

Page 58: ... alarms see Configuring SNMP on page 297 CDP Interoperability through ISDP Industry Standard Discovery Protocol ISDP allows the PowerConnect switch to interoperate with Cisco devices running the Cisco Discovery Protocol CDP ISDP is a proprietary Layer 2 network protocol which inter operates with Cisco network equipment and is used to share information between neighboring devices routers bridges ac...

Page 59: ...matic Firmware Update for New Stack Members By default if a switch is added to a stack and the switch is running a different backup version of firmware than the active version on the stack master the backup firmware on the new member is automatically updated to match the stack master the backup version of firmware on the new member is activated and the new member is rebooted Stacking Compatibility...

Page 60: ...r When you add a unit the Stack Firmware Synchronization feature automatically synchronizes the firmware version with the version running on the stack master The synchronization operation may result in either an upgrade or a downgrade of firmware on the mismatched stack member In addition the running config on the member is updated to match the master switch The startup config on the standby and m...

Page 61: ...rall risk of a security breach For information about configuring password settings see Configuring Authentication Authorization and Accounting on page 181 TACACS Client The switch has a TACACS client TACACS provides centralized security for validation of users accessing the switch TACACS provides a centralized user management system while still retaining consistency with RADIUS and other authentic...

Page 62: ...he switch supports configurable Denial of Service DoS attack protection for eight different types of attacks For information about configuring DoS settings see Configuring Port and System Security on page 481 Port Protection A port may be put into the disabled state for any of the following reasons BPDU Storm Protection By default if Spanning Tree Protocol STP bridge protocol data units BPDUs are ...

Page 63: ...t configuring the Captive Portal features see Configuring Captive Portal on page 425 Dot1x Authentication IEEE 802 1X Dot1x authentication enables the authentication of system users through a local internal server or an external server Only authenticated and approved system users can transmit and receive data Supplicants are authenticated using the Extensible Authentication Protocol EAP PEAP EAP T...

Page 64: ...at port When a frame is seen on a locked port and the frame source MAC address is not tied to that port the protection mechanism is invoked For information about configuring MAC based port security see Configuring Port and System Security on page 481 Access Control Lists ACL Access Control Lists ACLs ensure that only authorized users have access to specific resources while blocking off any unwarra...

Page 65: ...database of MAC address IP address VLAN ID port tuples that are specified as authorized DHCP snooping can be enabled globally and on specific VLANs Ports within the VLAN can be configured to be trusted or untrusted DHCP servers must be reached through trusted ports For information about configuring DHCP Snooping see Snooping and Inspecting Traffic on page 781 Dynamic ARP Inspection Dynamic ARP Ins...

Page 66: ...ffer overflows For information about configuring flow control see Configuring Port Based Traffic Control on page 687 Head of Line Blocking Prevention Head of Line HOL blocking prevention prevents traffic delays and frame loss caused by traffic competing for the same egress port resources HOL blocking queues packets and the packets at the head of the queue are forwarded before packets at the end of...

Page 67: ...ace with Crossover MDIX VLAN Aware MAC based Switching Packets arriving from an unknown source address are sent to the CPU and added to the Hardware Table Future packets addressed to or from this address are more efficiently forwarded Back Pressure Support On half duplex links a receiver may prevent buffer overflows by jamming the link so that it is unavailable for additional traffic On full duple...

Page 68: ...ts on the relevant virtual local area network VLAN The flooding occupies bandwidth and loads all nodes connected on all ports Storm control limits the amount of broadcast unknown unicast and multicast frames accepted and forwarded by the switch For information about configuring Broadcast Storm Control settings see Configuring Port Based Traffic Control on page 687 Port Mirroring Port mirroring mon...

Page 69: ...or Media Endpoint Devices The Link Layer Discovery Protocol for Media Endpoint Devices LLDP MED provides an extension to the LLDP standard for network configuration and policy device location Power over Ethernet management and inventory management For information about configuring LLDP MED settings see Discovering Network Devices on page 659 Connectivity Fault Management IEEE 802 1ag The Connectiv...

Page 70: ...The protocol is also used to detect misconfiguration of the peer DCB devices and optionally for configuration of peer DCB devices For information about configuring DCBx settings see Configuring Data Center Bridging Features on page 837 DCBx is a link local protocol and operates only on individual links When configuring FIP snooping on a port channel ensure that all of the physical links in the por...

Page 71: ...ed MAC Group Addresses 01 80 C2 00 00 00 to 01 80 C2 00 00 0F For information about configuring LLPF settings see Configuring Port Based Traffic Control on page 687 DHCP Layer 2 Relay This feature permits Layer 3 Relay agent functionality in Layer 2 switched networks The switch supports L2 DHCP relay configuration on individual ports link aggregation groups LAGs and VLANs For information about con...

Page 72: ...ation Protocol based VLANs are used for isolating Layer 2 traffic for differing Layer 3 protocols GARP and GVRP Support The switch supports the configuration of Generic Attribute Registration Protocol GARP timers GARP VLAN Registration Protocol GVRP relies on the services provided by GARP to provide IEEE 802 1Q compliant VLAN pruning and dynamic VLAN creation on 802 1Q trunk ports When GVRP is ena...

Page 73: ... no ability to browse information on the internal LAN For information about configuring the Guest VLAN see Configuring Port and System Security on page 481 Double VLANs The Double VLAN feature IEEE 802 1QinQ allows the use of a second tag on network traffic The additional tag helps differentiate between customers in the Metropolitan Area Networks MAN while preserving individual customer s VLAN ide...

Page 74: ...panning Tree Protocol RSTP detects and uses network topologies to enable faster spanning tree convergence after a topology change without creating forwarding loops The port settings supported by STP are also supported by RSTP Multiple Spanning Tree Multiple Spanning Tree MSTP operation maps VLANs to spanning tree instances Packets assigned to various VLANs are transmitted along different paths wit...

Page 75: ...les fault tolerance protection from physical link disruption higher bandwidth connections and improved bandwidth granularity Per IEEE 802 1AX only links with the same operational characteristics such as speed and duplex setting may be aggregated PowerConnect switches aggregate links only if they have the same operational speed and duplex setting as opposed to the configured speed and duplex settin...

Page 76: ...76 Switch Features achievable between a given pair of systems LACP automatically determines configures binds and monitors the binding of ports to aggregators within the system ...

Page 77: ...nterfaces on page 867 IP Configuration The switch IP configuration settings to allow you to configure network information for VLAN routing interfaces such as IP address and subnet mask MTU size and ICMP redirects Global IP configuration settings for the switch allow you to enable or disable the generation of several types of ICMP messages and enable or disable the routing mode For information abou...

Page 78: ... RIP like OSPF is an IGP used within an autonomous Internet system RIP is an IGP that is designed to work with moderate size networks For information about configuring RIP see Configuring RIP on page 1043 Router Discovery For each interface you can configure the Router Discovery Protocol RDP to transmit router advertisements These advertisements inform hosts on the local network about the presence...

Page 79: ...letion and management of tunnel and loopback interfaces Tunnel interfaces facilitate the transition of IPv4 networks to IPv6 networks A loopback interface is always expected to be up so you can configure a stable IP address that other network devices use to contact or identify the switch For information about configuring tunnel and loopback interfaces see Configuring Routing Interfaces on page 867...

Page 80: ...ol for IPv6 networking OSPFv3 is a new routing component based on the OSPF version 2 component In dual stack IPv6 you can configure and use both OSPF and OSPFv3 components For information about configuring OSPFv3 see Configuring OSPF and OSPFv3 on page 955 DHCPv6 DHCPv6 incorporates the notion of the stateless server where DHCPv6 is not used for IP address assignment to a client rather it only pro...

Page 81: ...h queuing This provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are not required CoS queue characteristics such as minimum guaranteed bandwidth and transmission rate shaping are configurable at the queue or port level For information about configuring CoS see Configuring Class of Service on page 1153 Auto Voice over IP VoIP This feature pro...

Page 82: ...ast Support Multicast service is a limited broadcast service that allows one to many and many to many connections In Layer 2 multicast services a single frame addressed to a specific multicast address is received and copies of the frame to be transmitted on each relevant port are created IGMP Snooping Internet Group Management Protocol IGMP Snooping is a feature that allows a switch to forward mul...

Page 83: ...ess In IPv6 MLD snooping performs a similar function With MLD snooping IPv6 multicast data is selectively forwarded to a list of ports intended to receive the data instead of being flooded to all of the ports in a VLAN This list is constructed by snooping IPv6 multicast control packets Multicast VLAN Registration The Multicast VLAN Registration MVR protocol like IGMP Snooping allows a Layer 2 swit...

Page 84: ...oring multicast routers PowerConnect M6220 M6348 M8024 and M8024 k switches perform the multicast router part of the IGMP protocol which means it collects the membership information needed by the active multicast router IGMP Proxy The IGMP Proxy feature allows the switch to act as a proxy for hosts by sending IGMP host messages on behalf of the hosts that the switch discovered through standard IGM...

Page 85: ...ns such as audio or video broadcasts PIM SSM does not use shared trees Protocol Independent Multicast IPv6 Support PIM DM and PIM SM support IPv6 routes MLD MLDv2 RFC2710 RFC3810 MLD is used by IPv6 systems listeners and routers to report their IP multicast addresses memberships to any neighboring multicast routers The implementation of MLD v2 is backward compatible with MLD v1 MLD protocol enable...

Page 86: ...86 Switch Features ...

Page 87: ... this section show the front panels of the PowerConnect M6220 M6348 M8024 and M8024 k switches PowerConnect M6220 Front Panel The PowerConnect M6220 front panel provides four 10 100 1000Base T RJ 45 ports The front panel has two 10 gigabit bays that can support Stacking CX 4 SFP XFP or 10GBase T modules Each module provides support for two ports The stacking module can only be used in Bay 1 the 10...

Page 88: ...witch automatically detects crossed and straight through cables on RJ 45 ports The 10 100 100Base T Auto sensing RJ 45 ports support half and full duplex mode 10 Gb Module Stacking Module or 10 Gb Module 10 100 100Base T Auto sensing Full Duplex RJ 45 Ports Console Port ...

Page 89: ...8 front panel provides 16 10 100 1000Base T ports There are also 32 internal 1 gigabit ports that connect to each of the server blades Figure 3 2 PowerConnect M6348 Front Panel 10 Gb CX4 Ports Console Port 10 100 100Base T Auto sensing Full Duplex RJ 45 Ports 10 Gb SFP Ports ...

Page 90: ...rts four ports the CX 4 module supports three ports and the 10GBase T module supports two ports The modules can be used in any combination and are sold separately There are also 16 internal 10 gigabit ports that connect to each of the server blades Figure 3 3 PowerConnect M8024 Front Panel The 10GBase T ports support 100 megabit 1 gigabit and 10 gigabit full duplex speeds 10 Gb SFP Module 10 Gb CX...

Page 91: ...2 Port The console RS 232 port is used only for management through a serial interface This port provides a direct connection to the switch and is used to access the CLI from a console terminal connected to an EIA TIA 232 port To connect from the console port on the PowerConnect M6220 M6348 M8024 to a terminal use the serial cable with a USB Type A connector on one end and a female DB 9 connector o...

Page 92: ...onnected to the chassis management controller through the chassis mid plane Traffic on this port is segregated from operational network traffic on the switch ports and cannot be switched or routed to the operational network NOTE If you are installing a stack of switches you need to assemble and cable the stack before powering up and configuring it When a stack is powered up for the first time the ...

Page 93: ... integrated external 10 100 1000Base T port on the PCM6220 and PCM6348 has two LEDs Figure 3 5 illustrates the 10 100 100Base T port LEDs Figure 3 5 10 100 1000Base T Port LEDs Table 3 1 contains port LED definitions for the integrated 10 100 1000 Base T ports on the PowerConnect M6220 and M6348 switches Table 3 1 10 100 1000Base T Port Definitions LED Color Definition Link LED Off There is no lin...

Page 94: ...r port and the Stacking 10 GbE module does not have any LEDs 10GBase T Module LEDs Each 10GBase T Module has three LEDs Table 3 4 contains 10GBase T port LED definitions for the PowerConnect M6220 and M8024 Table 3 2 PowerConnect M6348 SFP Port LEDs Definitions LED Color Activity Definition LNK Solid green The port is linked Off The port is not linked ACT Blinking green The port is sending and or ...

Page 95: ...w The link is operating at a speed other than 10 Gbps Off No link Act Blinking Green Activity Off No activity Wrong Bay PCM6220 Only Solid Red Module is in the wrong bay NOTE On the PowerConnect M6220 the module must be inserted into Bay 2 to operate When the module is inserted into Bay 1 it will not operate and the Wrong Bay LED is solid red Table 3 5 XFP Port LEDs Definitions LED Color Definitio...

Page 96: ...e 3 6 contains the status LED definitions for the PowerConnect M6220 and M6348 switches Table 3 6 PCM6220 and PCM6348 Power and Status LED Definitions LED Color Definition Green Power is being supplied to the switch Off The switch does not have power Blue The switch is the stack master Off The switch is not the stack master Amber A fault has occurred or the switch is booting System Power LED Syste...

Page 97: ...h MAC addresses are used as follows Table 3 7 PCM8024 and PCM8024 k Power and Status LED Definitions LED Color Definition Green Power is being supplied to the switch Off The switch does not have power Blue The switch is operating normally Off The switch is powered off Amber A fault has occurred or the switch is currently booting Table 3 8 MAC Address Use Base switch address Base 1 Out of band port...

Page 98: ...el ID PCT8132 Machine Type PowerConnect 8132 Temperature Sensors Unit Description Temperature Status Celsius 1 MAC 32 Good 1 CPU 31 Good 1 PHY left side 26 Good 1 PHY right side 29 Good Fans Unit Description Status 1 Fan 1 OK 1 Fan 2 OK 1 Fan 3 OK 1 Fan 4 OK 1 Fan 5 OK 1 Fan 6 No Power Power Supplies Unit Description Status Average Current Since Power Power Date Time Watts Watts 1 System OK 42 0 4...

Page 99: ...ole show ip interface vlan 1 Routing Interface Status Down Primary IP Address 1 1 1 2 255 255 255 0 Method Manual Routing Mode Enable Administrative Mode Enable Forward Net Directed Broadcasts Disable Proxy ARP Enable Local Proxy ARP Disable Active State Inactive MAC Address 001E C9F0 0050 Encapsulation Type Ethernet IP MTU 1500 Bandwidth 10000 kbps Destination Unreachables Enabled ICMP Redirects ...

Page 100: ...100 Hardware Overview ...

Page 101: ...nManage Switch Administrator Dell OpenManage Switch Administrator is a web based tool to help you manage and monitor a PowerConnect M6220 M6348 M8024 M8024 k switch Table 4 1 lists the web browsers that are compatible with Dell OpenManage Switch Administrator The browsers have been tested on a PC running the Microsoft Windows operating system Table 4 1 Compatible Browsers Browser Version Internet ...

Page 102: ...a switch see Setting the IP Address and Other Basic Network Information on page 123 3 When the Login window displays enter a user name and password Passwords are both case sensitive and alpha numeric Figure 4 1 Login Screen 4 Click Submit NOTE The switch is configured with a default user name of root and the default password is calvin For information about creating a user and password or changing ...

Page 103: ... left side of the page the navigation pane provides an expandable view of features and their components Configuration and status options The main panel contains the fields you use to configure and monitor the switch Page tabs Some pages contain tabs that allow you to access additional pages related to the feature Command buttons Command buttons are located at the bottom of the page Use the command...

Page 104: ...l com About Contains the version and build number and Dell copyright information Log Out Logs out of the application and returns to the login screen Save Saves the running configuration to the startup configuration When you click Apply changes are saved to the running configuration When the system boots it loads the startup configuration Any changes to the running configuration that were not saved...

Page 105: ...ring and managing the switch The online help pages are context sensitive For example if the IP Addressing page is open the help topic for that page displays if you click Help Apply Updates the running configuration on the switch with the changes Configuration changes take effect immediately Clear Resets statistic counters and log files to the default configuration Query Queries tables Left arrow a...

Page 106: ...ssful login The graphic provides information about switch ports and system health Figure 4 3 PowerConnect M8024 k Device View Using the Device View Port Features The switching port coloring indicates if a port is currently active Green indicates that the port has a link red indicates that an error has occurred on the port and blue indicates that the link is down Each port image is a hyperlink to t...

Page 107: ...n IP address and the management station you use to access the device must be able to ping the switch IP address For information about assigning an IP address to a switch see Setting the IP Address and Other Basic Network Information on page 123 Console Connection Use the following procedures to connect to the CLI by connecting to the console port For more information about creating a serial connec...

Page 108: ...rotocol network Telnet connections are enabled by default and the Telnet port number is 23 The switch supports up to four simultaneous Telnet sessions All CLI commands can be used over a Telnet session To connect to the switch using Telnet the switch must have an IP address and the switch and management station must have network connectivity You can use any Telnet client on the management station ...

Page 109: ...s changing terminal settings on a temporary basis performing basic tests and listing system information Privileged EXEC Commands in this mode permit you to view all switch settings and to enter the global configuration mode Global Configuration Commands in this mode manage the device configuration on a global level and apply to system features rather than to a specific protocol or interface Interf...

Page 110: ...er the enable command console Use the exit command or press Ctrl Z to return to User EXEC mode Global Configuration From Privileged EXEC mode use the configure command console config Use the exit command or press Ctrl Z to return to Privileged EXEC mode Interface Configuration From Global Configuration mode use the interface command and specify the interface type and ID console config if To exit t...

Page 111: ...with particular Group Ids vlan Create a new VLAN or delete an existing VLAN Enter a question mark after each word you enter to display available command keywords or parameters console config vlan database Type vlan database to enter VLAN mode protocol Configure Protocol Based VLAN parameters If the help output shows a parameter in angle brackets you must replace the parameter with a value console ...

Page 112: ...dentify a single matching command continue entering characters until the switch can uniquely identify the command Use the question mark to display the available commands matching the characters already entered Entering Abbreviated Commands To execute a command you need to enter enough characters so that the switch can uniquely identify a command For example to enter Global Configuration mode from ...

Page 113: ...istory buffer By default the history buffer is enabled and stores the last 10 commands entered These commands can be recalled reviewed modified and reissued This buffer is not preserved after switch resets Table 5 2 CLI Error Messages Message Text Description Invalid input detected at marker Indicates that you entered an incorrect or unavailable command The carat shows where the invalid text is de...

Page 114: ...able 5 4 describes how to enter the port type in the CLI The port type is not case sensitive Table 5 3 History Buffer Navigation Keyword Source or Destination Up arrow key Ctrl P Recalls commands in the history buffer beginning with the most recent command Repeats the key sequence to recall successively older commands Down arrow key Ctrl N Returns to more recent commands in the history buffer afte...

Page 115: ...8024 and PCM8024 k the unit number is always 1 For stackable switches PCM6220 and PCM6348 the unit number can be 1 12 All internal and external integrated ports are in slot 0 For the PCM6220 and PCM8024 switches the slot number can also be 1 or 2 if optional modules are installed For the PCM8024 k the slot number can be 0 or 1 The PCM6348 does have an expansion slot so the slot number is always 0 ...

Page 116: ...116 Using the Command Line Interface ...

Page 117: ...client Enabled on out of band OOB interface VLAN 1 Members All switch ports SDM template Dual IPv4 and IPv6 routing Simple mode Disabled PCM6220 PCM6348 and PCM8024 Enabled PCM8024 k Users root password calvin level 15 Minimum password length 8 characters IPv6 management mode Enabled SNTP client Disabled Global logging Enabled Switch auditing Disabled CLI command logging Disabled Web logging Disab...

Page 118: ...nd PCM8024 k Enabled sFlow Enabled ISDP Enabled Versions 1 and 2 RMON Enabled TACACS Not configured RADIUS Not configured SSH SSL Disabled Telnet Enabled Denial of Service Protection Disabled Captive Portal Disabled Dot1x Authentication IEEE 802 1X Disabled MAC Based Port Security All ports are unlocked Access Control Lists ACL None configured IP Source Guard IPSG Disabled DHCP Snooping Disabled D...

Page 119: ...300 seconds Dynamic Addresses Cisco Protocol Filtering LLPF No protocols are blocked DHCP Layer 2 Relay Disabled Default VLAN ID 1 Default VLAN Name Default GVRP Disabled GARP Timers Leave 60 centiseconds Leave All 1000 centiseconds Join 20 centiseconds Voice VLAN Disabled Guest VLAN Disabled RADIUS assigned VLANs Disabled Double VLANs Disabled Spanning Tree Protocol STP Enabled STP Operation Mode...

Page 120: ...sabled OSPFv3 Enabled DiffServ Enabled Auto VoIP Disabled Auto VoIP Traffic Class 6 PFC PCM8024 k only Disabled no classifications configured DCBx version PCM8024 k only Auto detect FIP snooping PCM8024 k only Disabled globally and on all VLANs iSCSI PCM6348 PCM8024 PCM8024 k Enabled Bridge Multicast Filtering Enabled MLD Snooping Enabled IGMP Snooping Enabled IGMP Snooping Querier Disabled GMRP D...

Page 121: ...Default Settings 121 ...

Page 122: ...122 Default Settings ...

Page 123: ...Network Information Overview What Is the Basic Network Information The basic network information includes settings that define the PowerConnect M6220 M6348 M8024 M8024 k switch in relation to the network Table 7 1 provides an overview of the settings this chapter describes Table 7 1 Basic Network Information Feature Description IP Address On an IPv4 network the a 32 bit number that uniquely identi...

Page 124: ... identify and locate other devices on the network and on the Internet For example to upgrade the switch software by using a TFTP Default Gateway Typically a router interface that is directly connected to the switch and is in the same subnet The switch sends IP packets to the default gateway when it does not recognize the destination IP address in a packet DHCP Client Requests network information f...

Page 125: ...arted Guide at support dell com manuals If you do not use the wizard to prompt you for the initial configuration information you can enable the DHCP client on the switch to obtain network information from a DHCP server on your network or you can statically assign the network information After you configure the switch with an IP address and create a user account you can continue to use the console ...

Page 126: ...wing list highlights some advantages of using OOB management instead of in band management Traffic on the OOB port is segregated from traffic on the production network so you can keep the management traffic and network traffic separate If the production network is experiencing problems you can still access the switch management interface and troubleshoot issues Because the OOB port is intended to ...

Page 127: ...stination Unreachable Fragmentation needed but DF set notification the switch will reduce the MSS However many firewalls block ICMP Destination Unreachable messages which causes the destination to request the packet again until the connection times out In order to resolve this issue you can reduce the MSS setting to a more appropriate value on the local host or alternatively you can set the MTU on...

Page 128: ...ge to assign the Out of Band Interface IP address and subnet mask or to enable disable the DHCP client for address information assignment DHCP is enabled by default on the OOB interface To display the Out of Band Interface page click System IP Addressing Out of Band Interface in the navigation panel Figure 7 1 Out of Band Interface To enable the DHCP client and allow a DHCP server on your network ...

Page 129: ...onfiguration page click Routing IP IP Interface Configuration in the navigation panel Figure 7 2 IP Interface Configuration Default VLAN Assigning Network Information to the Default VLAN To assign an IP Address and subnet mask to the default VLAN 1 From the Interface menu select VLAN 1 2 From the Routing Mode field select Enable 3 From the IP Address Configuration Method field specify whether to a...

Page 130: ...ion page to configure the default gateway for the switch The Default VLAN uses the switch default gateway as its default gateway To display the Route Entry Configuration page click Routing Router Route Entry Configuration in the navigation panel Figure 7 3 Route Configuration Default VLAN NOTE You do not need to configure any additional fields on the page For information about VLAN routing interfa...

Page 131: ...eway 1 Open the Route Entry Configuration page 2 From the Route Type field select Default Figure 7 4 Default Route Configuration Default VLAN 3 In the Next Hop IP Address field enter the IP address of the default gateway 4 Click Apply For more information about configuring routes see Configuring IP Routing on page 907 ...

Page 132: ...itch uses the DNS server to translate hostnames into IP addresses To display the Domain Name Server page click System IP Addressing Domain Name Server in the navigation panel Figure 7 5 DNS Server To configure DNS server information click the Add link and enter the IP address of the DNS server in the available field Figure 7 6 Add DNS Server ...

Page 133: ...ame Use the Default Domain Name page to configure the domain name the switch adds to a local unqualified hostname To display the Default Domain Name page click System IP Addressing Default Domain Name in the navigation panel Figure 7 7 Default Domain Name ...

Page 134: ...per host To display the Host Name Mapping page click System IP Addressing Host Name Mapping Figure 7 8 Host Name Mapping To map a host name to an IP address click the Add link type the name of the host and its IP address in the appropriate fields and then click Apply Figure 7 9 Add Static Host Name Mapping Use the Show All link to view all configured host name to IP address mappings ...

Page 135: ...using the configured DNS server to resolve a hostname For example if you ping www dell com from the CLI the switch uses the DNS server to lookup the IP address of dell com and adds the entry to the Dynamic Host Name Mapping table To display the Dynamic Host Name Mapping page click System IP Addressing Dynamic Host Name Mapping in the navigation panel Figure 7 10 View Dynamic Host Name Mapping ...

Page 136: ...Client on the Default VLAN Beginning in Privileged EXEC mode use the following commands to enable the DHCP client on the default VLAN which is VLAN 1 Command Purpose configure Enter Global Configuration mode interface out of band Enter Interface Configuration mode for the OOB port ip address dhcp Enable the DHCP client CTRL Z Exit to Privileged EXEC mode show ip interface out of band Display netwo...

Page 137: ... immediately renew an IPv4 address lease show dhcp lease interface interface Display IPv4 addresses leased from a DHCP server show ipv6 dhcp interface interface Display information about the IPv6 DHCP information for all interfaces or for the specified interface debug dhcp packet Display debug information about DHCPv4 client activities and to trace DHCPv4 packets to and from the local DHCPv4 clien...

Page 138: ...ask gateway_ip Configure a static IP address and subnet mask Optionally you can also configure a default gateway CTRL Z Exit to Privileged EXEC mode show ip interface out of band Verify the network information for the OOB port Command Purpose configure Enter Global Configuration mode interface vlan 1 Enter Interface Configuration mode for VLAN 1 ip address ip_address subnet_mask Enter the IP addre...

Page 139: ... up to six DNS servers The first server you configure is the primary DNS server ip domain name name Define a default domain name to complete unqualified host names ip host name ip_address Use to configure static host name to address mapping in the host cache ip address conflict detect run Trigger the switch to run active address conflict detection by sending gratuitous ARP packets for IPv4 address...

Page 140: ...rative laptop host name to its IP address The administrator uses the OOB port to manage the switch To configure the switch 1 Make sure the OOB port on the chassis controller is connected to the management network DHCP is enabled by on the switch OOB interface by default If the DHCP client on the switch has been disabled use the following commands to enable the DHCP client on the OOB port console c...

Page 141: ...ation console show hosts Host name Default domain sunny dell com dell com Name address lookup is enabled Name servers Preference order 10 27 138 20 10 27 138 21 Configured host name to address mapping Host Addresses admin laptop 10 27 65 103 cache TTL Hours Host Total Elapsed Type Addresses No hostname is mapped to an IP address 6 Verify that the static hostname is correctly mapped console ping ad...

Page 142: ...142 Setting Basic Network Information ...

Page 143: ...s the link bandwidth for parallel stacking links is the same The 10G SFP ports default to Ethernet mode so the ports must be reconfigured as stacking ports If Priority Flow Control PFC is enabled on any port in the stack stacking is supported at distances up to 100 meters on the stacking ports If PFC is not enabled stacking is supported up to the maximum distance supported by the transceiver on th...

Page 144: ...nit is selected as the standby or the system can select the standby automatically When units are in a stack the following activities occur All units are checked for software version consistency The switch Control Plane is active only on the master The Control Plane is a software layer that manages system and hardware configuration and runs the network control protocols to set system configuration ...

Page 145: ...nections within a stack Up to eight redundant stacking links can be configured on a stacking unit four in each direction Creating a PowerConnect M6220 Stack You can stack up to 12 PowerConnect M6220 units supporting up to 240 1 Gb ports PCM6220 switches can be stacked only with other PCM6220 switches Create a stack by connecting adjacent units using the stacking ports on the top of the switch pane...

Page 146: ...itch by using a stacking cable The first stacking port on switch six is connected to the second stacking port on switch one Creating a PowerConnect M6348 Stack You can stack up to 12 PowerConnect M6348 switches supporting up to 576 1 GB ports PCM6348 switches can be stacked with other PCM6348 switches or with PC70xx switches Create a stack by connecting adjacent units using the stacking ports on t...

Page 147: ...ted 3 Use the remaining stacking cable to connect the remaining free ports from port one of the last switch to port two of the first switch Figure 8 2 Connecting a Stack of PowerConnect M6348 Switches Creating a PowerConnect M8024 k Stack You can stack up to six PowerConnect M8024 k switches Create a stack by connecting adjacent units using the 10G SFP fiber ports in a ring topology You can use th...

Page 148: ...ne cable from a stacking port on the switch to a stacking port on the next switch 3 Repeat this process until all of the devices are connected 4 To complete the ring topology for the stack connect one stacking port on the last switch to the remaining stacking port on the first switch 5 Connect additional cables in parallel for increased stacking bandwidth Up to eight ports can be connected in para...

Page 149: ...itch models in the PowerConnect 7000 Series as well as the PowerConnect M6348 switch as long as all switches are running the same firmware version For example a single stack of six switches might include the following members Two PC7048 switches One PC7024 switch Three PCM6348 switches Any member can be the stack master Fiber Optic Cables Connect the Stack SFP Ports Configured as Stack Ports ...

Page 150: ...ction is unassigned and there is another stack master in the system then the switch changes its configured stack master value to disabled If the stack master function is enabled or unassigned and there is no other stack master in the system then the switch becomes stack master If the stack master function is disabled the unit remains a non stack master If the entire stack is powered OFF and ON aga...

Page 151: ...nits beginning with the unit directly attached to the currently powered up unit Always power up new stack units closest to an existing powered unit first Do not connect a new member to the stack after it is powered up Also do not connect two functional powered up stacks together Hot insertion of units into a stack is not supported If a new switch is added to a stack of switches that are powered an...

Page 152: ...unit If the stack is not configured in a ring topology then the stack may split and the isolated members will reboot and re elect a new stack master No changes or configuration are applied to the other stack members however the dynamic protocols will try to reconverge as the topology could change because of the failed unit If you remove a unit and plan to renumber the stack issue a no member unit ...

Page 153: ...escribed in terms of three semi independent functions called the forwarding plane the control plane and the management plane The forwarding plane forwards data packets and is implemented in hardware The control plane is the set of protocols that determine how the forwarding plane should forward packets deciding which data packets are allowed to be forwarded and where they should go Application sof...

Page 154: ...ilover using the initiate failover command which causes the former stack master to reboot cold start and the new master to perform a warm restart Initiating a failover reloads the stack master triggering the backup unit to take over Before the failover the stack master pushes application data and other important information to the backup unit Although the handoff is controlled and causes minimal n...

Page 155: ... might fail before the checkpoint service gets data to the backup if an event occurs shortly before a failover Table 8 1 Applications that Checkpoint Data Application Checkpointed Data ARP Dynamic ARP entries Auto VOIP Calls in progress Captive Portal Authenticated clients DHCP server Address bindings persistent DHCP snooping DHCP bindings database DOT1Q Internal VLAN assignments DOT1S Spanning tr...

Page 156: ...place in the network make sure you power down the whole stack before you redeploy the stack master so that the stack members do not continue to use the MAC address of the redeployed switch NSF Network Design Considerations You can design your network to take maximum advantage of NSF For example by distributing a LAG s member ports across multiple units the stack can quickly switch traffic from a p...

Page 157: ...g additional configuration If you have multiple PowerConnect switches stacking them helps make management of the switches easier because you configure the stack as a single unit and do not need to configure individual switches Default Stacking Values Stacking is always enabled By default the 10G SFP ports on the PowerConnect M8024 k are in Ethernet mode and must be configured to be used as stackin...

Page 158: ...24 k switch For details about the fields on a page click at the top of the page Unit Configuration Use the Unit Configuration page to change the unit number and unit type Management Member or Standby To display the Unit Configuration page click System Stack Management Unit Configuration in the navigation panel Figure 8 4 Stack Unit Configuration NOTE The changes you make to the Stacking configurat...

Page 159: ... Type for a Stack Member To change the switch ID or type 1 Open the Unit Configuration page 2 Click Add to display the Add Unit page Figure 8 5 Add Remote Log Server Settings 3 Specify the switch ID and select the model number of the switch 4 Click Apply ...

Page 160: ...ck Stack Summary Use the Stack Summary page to view a summary of switches participating in the stack To display the Stack Summary page click System Stack Management Stack Summary in the navigation panel Figure 8 6 Stack Summary ...

Page 161: ...hether the firmware image on a new stack member can be automatically upgraded or downgraded to match the firmware image of the stack master To display the Stack Firmware Synchronization page click System Stack Management Stack Firmware Synchronization in the navigation panel Figure 8 7 Stack Firmware Synchronization ...

Page 162: ...hes page to view information regarding each type of supported switch for stacking and information regarding the supported switches To display the Supported Switches page click System Stack Management Supported Switches in the navigation panel Figure 8 8 Supported Switches ...

Page 163: ... of the interface the running mode as well as the link status and link speed of the stackable port To display the Stack Port Summary page click System Stack Management Stack Port Summary in the navigation panel Figure 8 9 Stack Port Summary NOTE By default the ports on the PCM8024 k are configured to operate as Ethernet ports To configure a port as a stack port you must change the Configured Stack...

Page 164: ...d statistics including data rate and error rate To display the Stack Port Counters page click System Stack Management Stack Point Counters in the navigation panel Figure 8 10 Stack Port Counters Stack Port Diagnostics The Stack Port Diagnostics page is intended for Field Application Engineers FAEs and developers only ...

Page 165: ...Initiate Failover The failover results in a warm restart of the stack master Initiating a failover reloads the stack master triggering the backup unit to take over NOTE The OSPF feature uses NSF to enable the hardware to continue forwarding IPv4 packets using OSPF routes while a backup unit takes over stack master responsibility To configure NSF on a stack that uses OSPF or OSPFv3 see NSF OSPF Con...

Page 166: ...he Checkpoint Statistics page to view information about checkpoint messages generated by the stack master To display the Checkpoint Statistics page click System Stack Management Checkpoint Statistics in the navigation panel Figure 8 12 Checkpoint Statistics ...

Page 167: ... and NSF settings Command Purpose configure Enter Global Configuration mode switch current_ID renumber new_ID Change the switch ID number The valid range is 1 10 NOTE Changing the ID number causes all switches in the stack to be reset to perform stack master renumbering The running configuration is cleared when the units reset stack Enter Global Stack Configuration mode initiate failover Move the ...

Page 168: ...net or stacking nsf Enable nonstop forwarding on the stack exit Exit to Global Config mode boot auto copy sw Enable the Stack Firmware Synchronization feature boot auto copy sw allow downgrade Allow the firmware version on the newly added stack member to be downgraded if the firmware version on manager is older exit Exit to Privileged EXEC mode show auto copy sw View the Stack Firmware Synchroniza...

Page 169: ...F and DHCP Snooping Command Purpose show switch stack member number View information about all stack members or the specified member show switch stack standby View the ID of the switch that will assume the role of the stack master if it goes down show switch stack port View information about the stacking ports show switch stack port counters View the statistics about the data the stacking ports ha...

Page 170: ... 13 Basic Stack Failover When all four units are up and running the show switch CLI command gives the following output console show switch SW Management Status Standby Status Preconfig Model ID Plugged in Model ID Switch Status Code Version 1 Stack Member PCM6348 PCM6348 OK 9 19 0 2 2 Stack Member PCM6348 PCM6348 OK 9 19 0 2 3 Mgmt Switch PCM6348 PCM6348 OK 9 19 0 2 4 Stack Member PCM6348 PCM6348 ...

Page 171: ...nsole configure console config stack console config stack no member 2 console config stack exit console config exit console show switch SW Management Status Standby Status Preconfig Model ID Plugged in Model ID Switch Status Code Version 1 Stack Member PCM6348 PCM6348 OK 9 19 0 2 2 Unassigned PCM6348 Not Present 0 0 0 0 3 Mgmt Switch PCM6348 PCM6348 OK 9 19 0 2 4 Stack Member PCM6348 PCM6348 OK 9 ...

Page 172: ...348 switch To configure the switch 1 View the list of SIDs to determine which SID identifies the switch to preconfigure console show supported switchtype 2 Preconfigure the 7048P switch SID 6 as member number 2 in the stack console configure console config stack console config stack member 2 6 console config stack exit console config exit SID Switch Mode ID Code Type 1 PCM6348 0x100b000 2 PCT7024 ...

Page 173: ...fields have been omitted from the following output due to space limitations console show switch SW Management Status Standby Status Preconfig Model ID Plugged in Model ID Switch Status Code Version 1 Mgmt Sw PCM6348 PCM6348 OK M 10 2 2 Unassigned PCT7048P Not Present 0 0 0 0 ...

Page 174: ... same VLAN Spanning tree is enabled on the VLAN Assume spanning tree selects AS1 as the root bridge Assume the LAG to AS1 is the root port on the stack and the LAG to AS2 is discarding Unit 1 is the stack master If unit 1 fails the stack removes the Unit 1 link to AS1 from its LAG The stack forwards outgoing packets through the Unit 2 link to AS1 during the failover During the failover the stack c...

Page 175: ...ng the remaining LAG member If phone B has learned VLAN or priority parameters through LLDP MED it continues to use those parameters The stack resumes sending LLDPDUs with MED TLVs once the control plane restarts Phone B may miss an LLDPDU from the stack but should not miss enough PDUs to revert its VLAN or priority assuming the administrator has not reduced the LLDPDU interval or hold count If ph...

Page 176: ...ce IP address and source MAC address Dynamic ARP Inspection DAI uses the bindings database to verify that ARP messages contain a valid sender IP address and sender MAC address DHCP snooping checkpoints its bindings database Figure 8 16 NSF and DHCP Snooping If the stack master fails all hosts connected to that unit lose network access until that unit reboots The hardware on surviving units continu...

Page 177: ...ccess switch the hardware traps ARP packets to the CPU on untrusted ports During a restart the control plane drops ARP packets Thus new traffic sessions may be briefly delayed until after the control plane restarts If IPSG is enabled and a DHCP binding is not checkpointed to the backup unit before the failover that host will not be able to send data packets until it renews its IP address lease wit...

Page 178: ...n on its backup NIC to a different IP address on the disk array The hardware forwards the packets to establish this new session but assuming the session is established before the control plane is restarted on the backup unit the new session receives no priority treatment in the hardware Session B remains established and fully functional throughout the restart and continues to receive priority trea...

Page 179: ...e LSAs to inform its OSPF neighbors the aggregation routers that it is going through a graceful restart The grace LSAs reach the neighbors before they drop their adjacencies with the access router PIM starts sending hello messages to its neighbors on the aggregation routers using a new generation ID to prompt the neighbors to quickly resend multicast routing information PIM neighbors recognize the...

Page 180: ...hes and the control plane deletes any stale unicast routes not relearned at this point The forwarding plane reconciles L3 multicast hardware tables Throughout the process the hosts continue to receive their multicast streams possibly with a short interruption as the top aggregation router learns that one of its LAG members is down The hosts see no more than a 50 ms interruption in unicast connecti...

Page 181: ...A Overview Authentication Authorization Accounting Authentication Examples Authorization Examples Using RADIUS Servers to Control Management Access Using TACACS Servers to Control Management Access Default Configurations AAA Overview AAA is a framework for configuring management security in a consistent way Three services make up AAA Authentication Validates the user identity Authentication takes ...

Page 182: ...er is not AAA gives the user flexibility in configuration by allowing different method lists to be assigned to different access lines In this way it is possible to configure different security requirements for the serial console than for telnet for example Methods A method performs the configured service Not every method is available for every service Some methods require a username and password a...

Page 183: ... the RADIUS and TACACS protocols respectively These methods can return an error if the switch is unable to contact the server Access Lines There are five access lines console telnet SSH HTTP and HTTPS HTTP and HTTPS are not configured using AAA method lists Instead the authentication list for HTTP and HTTPS is configured directly authorization and accounting are not supported The default method li...

Page 184: ...e Configuring Port and System Security on page 481 Table 9 2 shows the valid methods for each type of authentication Authorization Authorization is used to determine which services the user is allowed to access For example the authorization process may assign a user s privilege level which determines the set of commands the user can execute There are three kinds of authorization commands exec and ...

Page 185: ...iles The Administrative Profiles feature allows the network administrator to define a list of rules that control the CLI commands available to a user These rules are collected in a profile The rules in a profile can define the set of commands or a command mode to which a user is permitted or denied access Within a profile rule numbers determine the order in which the rules are applied When a user ...

Page 186: ...ion or if exec authorization assigns a privilege level the user is permitted access to all commands This is also true if none of the administrative profiles provided are configured on the switch If some but not all of the profiles provided in the authentication are configured on the switch then the user is assigned the profiles that exist and a message is logged that indicates which profiles could...

Page 187: ... login loc local line telnet login authentication loc exit username guest password password passwords strength minimum numeric characters 2 passwords strength minimum character classes 4 passwords strength check username admin password paSS1 word2 privilege 15 passwords lock out 3 The following describes each line of this code The aaa authentication login loc local command creates a login authenti...

Page 188: ...sword paSS1 word2 privilege 15 command creates a user with the name admin and password paSS1 word2 This user is enabled for privilege level 15 Note that because password strength checking was enabled the password was required to have at least two numeric characters one uppercase character one lowercase character and one special character The passwords lock out 3 command locks out a local user afte...

Page 189: ...2 3 4 command is the first step in defining a TACACS server at IP address 1 2 3 4 The result of this command is to place the user in tacacs server mode to allow further configuration of the server The key secret command defines the shared secret This must be the same as the shared secret defined on the TACACS server The line telnet command enters the configuration mode for the telnet line The logi...

Page 190: ... an enable authentication list called raden that contains the method radius If this method fails then the user will fail to execute the enable command The radius server host 1 2 3 4 command is the first step in defining a RADIUS server at IP address 1 2 3 4 The result of this command is to place the user in radius server mode to allow further configuration of the server The key secret command defi...

Page 191: ...uch that a user can enter privileged EXEC mode directly aaa authorization exec locex local line telnet authorization exec locex exit With the users that were previously configured the guest user will still log into user EXEC mode since the guest user only has privilege level 1 the default The admin user will be able to login directly to privileged EXEC mode since his privilege level was configured...

Page 192: ...privilege level 14 so assigning a user a lower privilege level will be of no value A privilege level greater than 15 is invalid and treated as if privilege level zero had been supplied The shell service must be enabled on the TACACS server If this service is not enabled authorization will fail and the user will be denied access to the switch TACACS Authorization Example Administrative Profiles The...

Page 193: ... command accounting rule 89 permit command configure rule 88 permit command password rule 87 permit command username rule 86 permit command show user rule 85 permit command radius server rule 84 permit command tacacs server rule 83 permit mode radius auth config rule 82 permit mode radius acct config rule 81 permit mode tacacs config exit The following describes each line in the above configuratio...

Page 194: ...time the user enters a command a request is sent to the TACACS server to ask if the user is permitted to execute that command Exec authorization does not need to be configured to use per command authorization Apply the following configuration to use TACACS to authorize commands aaa authorization commands taccmd tacacs line telnet authorization commands taccmd exit The following describes each line...

Page 195: ...in the above configuration The aaa authorization exec rad radius command creates an exec authorization method list called rad that contains the method radius The authorization exec rad command assigns the rad exec authorization method list to be used for users accessing the switch via telnet Notes If the privilege level is zero that is blocked then authorization will fail and the user will be deni...

Page 196: ...kup servers are contacted How Does RADIUS Control Management Access Many networks use a RADIUS server to maintain a centralized user database that contains per user authentication information RADIUS servers provide a centralized authentication method for Telnet Access Web Access Console to Switch Access Access Control Port 802 1X Like TACACS RADIUS access control utilizes a database of user inform...

Page 197: ...nd prompts the user for a name and password The switch encrypts the supplied information and a RADIUS client transports the request to a pre configured RADIUS server Figure 9 1 RADIUS Topology The server can authenticate the user itself or make use of a back end device to ascertain authenticity In either case a response may or may not be forthcoming to the client If the server accepts the user it ...

Page 198: ...butes on the RADIUS server s when utilizing the switch RADIUS service NOTE To set the privilege level it is recommended to use the Service Type attribute instead of the Cisco AV pair priv lvl attribute Table 9 5 Supported RADIUS Attributes Type RADIUS Attribute Name 802 1X User Manager Captive Portal 1 USER NAME Yes Yes No 2 USER PASSWORD Yes Yes No 4 NAS IP ADDRESS Yes No No 5 NAS PORT Yes Yes No...

Page 199: ...lient for Accounting Yes No 46 ACCT SESSION TIME Yes Yes No 49 ACCT TERMINATECAUSE Yes No No 52 ACCT INPUTGIGAWORDS Yes No No 53 ACCT OUTPUTGIGAWORDS Yes No No 61 NAS PORT TYPE Yes No No 64 TUNNEL TYPE Yes No No 65 TUNNEL MEDIUM TYPE Yes No No 79 EAP MESSAGE Yes No No 80 MESSAGEAUTHENTICAT OR Set by RADIUS client for Accounting Yes No 81 TUNNEL PRIVATEGROUP ID Yes No No Table 9 5 Supported RADIUS ...

Page 200: ...ERMINATION ACTION Indication as to the action taken when the service is completed EAP MESSAGE Contains an EAP message to be sent to the user This is typically used for MAB clients VENDOR SPECIFIC The following Cisco AV Pairs are supported shell priv lvl shell roles FILTER ID Name of the filter list for this user TUNNEL TYPE Used to indicate that a VLAN is to be assigned to the user when set to tun...

Page 201: ...and a user attempts to access the user interface on the switch the switch prompts for the user login credentials and requests services from the TACACS client The client then uses the configured list of servers for authentication and provides results back to the switch Figure 9 2 shows an example of access management using TACACS Figure 9 2 Basic TACACS Topology You can configure the TACACS server ...

Page 202: ...ta Which TACACS Attributes Does the Switch Support Table 9 6 lists the TACACS attributes that the switch supports and indicates whether the authorization or accounting service supports sending or receiving the attribute The authentication service does not use attributes You can configure these attributes on the TACACS server s when utilizing the switch TACACS service Table 9 6 Supported TACACS Att...

Page 203: ...tication login defaultList none Authentication login networkList local Authentication enable enableList enable none Authentication enable enableNetList enable Authorization exec dfltExecAuthList none Authorization commands dfltCmdAuthList none Accounting exec dfltExecList tacacs start stop Accounting commands dfltCmdList tacacs stop only Table 9 8 Default AAA Methods AAA Service type Console Telne...

Page 204: ...cess Line Authentication Authorization HTTP local n a HTTPS local n a 802 1X none none Table 9 10 Default Administrative Profiles Name Description network admin Allows access to all commands network security Allows access to network security features such as 802 1X Voice VLAN Dynamic ARP Inspection and IP Source Guard router admin Allows access to Layer 3 features such as IPv4 Routing IPv6 Routing...

Page 205: ...horization and Accounting 205 CP admin Allows access to the Captive Portal feature network operator Allows access to all User EXEC mode commands and show commands Table 9 10 Default Administrative Profiles Continued Name Description ...

Page 206: ...206 Configuring Authentication Authorization and Accounting ...

Page 207: ...s Monitored The CLI and web based interfaces provide information about physical aspects of the switch such as system health and cable diagnostics as well as information about system events such as management login history The switch also reports system resource usage The system logging utility can monitor a variety of events including the following System events System state changes and errors tha...

Page 208: ...M log or buffered log When the RAM log file reaches the configured maximum size the oldest message is deleted from the RAM when a new message is added If the system restarts all messages are cleared In addition to the RAM log you can specify that log files are sent to the following sources Console If you are connected to the switch CLI through the console port messages display to the screen as the...

Page 209: ...s the first 32 messages received after system reboot The log file stops when it is full The second log type is the system operation log The system operation log stores the last 1000 messages received during system operation The oldest messages are overwritten when the file is full A message is only logged in one file On system startup if the Log file is enabled the startup log stores messages up t...

Page 210: ...and Files on page 333 What Is the Log Message Format The first part of the log message up to the first left bracket is fixed by the Syslog standard RFC 3164 The second part up to the two percent signs is standardized for all Dell PowerConnect logs The variable text of the log message follows The log message is limited to 96 bytes Each log message uses the following format PRI This consists of the ...

Page 211: ...gging Dell recommends that network administrators deploy a syslog server in their network and configure all switches to log messages to the syslog server Switch administrators should also consider enabling persistent logging on the switch When managing logs on a stack of switches the RAM log and persistent log files exist only on the top of stack platform Other platforms in the stack forward their...

Page 212: ...rity level of emergency and alert are sent immediately with each log message in a separate mail The email subject is Urgent Log Messages Log messages with a severity level of critical error and warning are sent periodically in a single email The email subject is Non Urgent Log Messages Messages with a severity level of notice and below are not sent in an email ...

Page 213: ... displays after you successfully log on to the switch by using the Dell OpenManage Switch Administrator This page is a virtual representation of the switch front panel Use the Device Information page to view information about the port status system status and the switch stack Click on a port to access the Port Configuration page for the selected port To display the Device Information page click Ho...

Page 214: ...214 Monitoring and Logging System Information Figure 10 2 Stack View For more information about the device view features see Understanding the Device View on page 106 ...

Page 215: ...stem Information 215 System Health Use the Health page to view status information about the switch power and ventilation sources To display the Health page click System General Health in the navigation panel Figure 10 3 Health ...

Page 216: ...mation System Resources Use the System Resources page to view information about memory usage and task utilization To display the System Resources page click System General System Resources in the navigation panel Figure 10 4 System Resources ...

Page 217: ...ime Domain Reflectometry TDR technology to test the quality and characteristics of a copper cable attached to a port Cables up to 120 meters long can be tested Cables are tested when the ports are in the down state with the exception of the Approximated Cable Length test SFP SFP and QSFP cables with passive copper assemblies are not capable of performing TDR tests To display the Integrated Cable T...

Page 218: ... Cable Test Summary Optical Transceiver Diagnostics Use the Optical Transceiver Diagnostics page to perform tests on Fiber Optic cables To display the Optical Transceiver Diagnostics page click System Diagnostics Optical Transceiver Diagnostics in the navigation panel NOTE Optical transceiver diagnostics can be performed only when the link is present ...

Page 219: ...ging System Information 219 Figure 10 7 Optical Transceiver Diagnostics To view a summary of all optical transceiver diagnostics tests performed click the Show All link Figure 10 8 Optical Transceiver Diagnostics Summary ...

Page 220: ...nd flash based log file The Severity table lists log messages from the highest severity Emergency to the lowest Debug When you select a severity level all higher levels are automatically selected To prevent log messages from being sent to the console RAM log or flash log file clear all check boxes in the Severity column To display the Global Settings page click System Logs Global Settings in the n...

Page 221: ... the RAM Log page to view information about specific RAM cache log entries including the time the log was entered the log severity and a description of the log To display the RAM Log click System Logs RAM Log in the navigation panel Figure 10 10 RAM Log Table ...

Page 222: ... description of the log To display the Log File click System Logs Log File in the navigation panel Figure 10 11 Log File Remote Log Server Use the Remote Log Server page to view and configure the available log servers to define new log servers and to set the severity of the log events sent to the server To display the Remote Log Server page click System Logs Remote Log Server ...

Page 223: ... Remote Log Server Adding a New Remote Log Server To add a log server 1 Open the Remote Log Server page 2 Click Add to display the Add Remote Log Server page 3 Specify the IP address or hostname of the remote server 4 Define the UDP Port and Description fields ...

Page 224: ... Log Server 5 Select the severity of the messages to send to the remote server 6 Click Apply Click the Show All link to view or remove remote log servers configured on the system NOTE When you select a severity level all higher severity levels are automatically selected ...

Page 225: ...ration page to enable the email alerting feature and configure global settings so that system log messages can be sent to from the switch to one or more email accounts To display the Email Alert Global Configuration page click System Email Alerts Email Alert Global Configuration in the navigation panel Figure 10 15 Email Alert Global Configuration ...

Page 226: ...ail alert messages To display the Email Alert Mail Server Configuration page click System Email Alerts Email Alert Mail Server Configuration in the navigation panel Figure 10 16 Email Alert Mail Server Configuration Adding a Mail Server To add a mail server 1 Open the Email Alert Mail Server Configuration page 2 Click Add to display the Email Alert Mail Server Add page 3 Specify the hostname of th...

Page 227: ... Click Apply 5 If desired click Configuration to return to the Email Alert Mail Server Configuration page to specify port and security settings for the mail server Click the Show All link to view or remove mail servers configured on the switch Figure 10 18 Show All Mali Servers ...

Page 228: ... sent by the switch You can customize the subject for the message severity and entry status To display the Email Alert Subject Configuration page click System Email Alerts Email Alert Subject Configuration in the navigation panel Figure 10 19 Email Alert Subject Configuration To view all configured email alert subjects click the Show All link Figure 10 20 View Email Alert Subjects ...

Page 229: ...sent You can configure multiple recipients and associate different message severity levels with different recipient addresses To display the Email Alert To Address Configuration page click System Email Alerts Email Alert To Address Configuration in the navigation panel Figure 10 21 Email Alert To Address Configuration To view configured recipients click the Show All link ...

Page 230: ... Alert Statistics Use the Email Alert Statistics page to view the number of emails that were successfully and unsuccessfully sent and when emails were sent To display the Email Alert Statistics page click System Email Alerts Email Alert Statistics in the navigation panel Figure 10 23 Email Alert Statistics ...

Page 231: ... commands to view system health and resource information Running Cable Diagnostics Beginning in Privileged EXEC mode use the following commands to run the cable diagnostic tests Command Purpose show system Display various system information show system power Displays the power supply status show system temperature Displays the system temperature and fan status show memory cpu Displays the total an...

Page 232: ...terface down The interface is specified in unit slot port format For example 1 0 3 is GbE interface 3 on unit 1 of the stack show copper ports tdr interface Display the diagnostic information collected by the test copper port tdr command for all copper interfaces or a specific interface show fiber ports optical transceiver interface Display the optical transceiver diagnostics for all fiber ports I...

Page 233: ...isc name Optional Include a message discriminator to help filter log messages The disc name can contain up to eight alphanumeric characters Spaces are not permitted severity Optional Enter the number or name of the desired severity level For information about severity levels see Table 10 1 logging facility facility type Set the facility for logging messages Permitted facility type values are local...

Page 234: ...n mode for the specified log server description description Describe the log server Use up to 64 characters If the description includes spaces surround it with quotation marks level severity Specify the severity level of the logs that should be sent to the remote log server For information about severity levels see Table 10 1 port udp port Specify the UDP port to use for sending log messages The r...

Page 235: ...nfiguration mode for the mail server security tlsvl none Optional Specify the security protocol to use with the mail server port 25 465 Configure the TCP port to use for SMTP which can be 25 SMTP or 465 SMTP over SSL username username If the SMTP server requires authentication specify the username to use for the switch The same username and password settings must be configured on the SMTP host pas...

Page 236: ...For information about severity levels see Table 10 1 Log messages below the specified level are not emailed logging email urgent severity none Determine which log messages are critical and should be sent in a single email as soon as they are generated severity Optional Enter the number or name of the severity level for critical messages For information about severity levels see Table 10 1 logging ...

Page 237: ...recipient to verify that the feature is properly configured CTRL Z Exit to Privileged EXEC mode show logging email config View the configured settings for email alerts show logging email statistics View information about the number of emails sent and the time they were sent clear logging email statistics Clear the email alerting statistics Command Purpose ...

Page 238: ...n the console and sent to a remote syslog server To configure the switch 1 Enable switch auditing and CLI command logging console configure console config logging audit console config logging cli command 2 Specify where the logs are sent locally and what severity level of message is to be logged You can specify the severity as the level number as shown in the first two commands or as the keyword s...

Page 239: ...ges 973 Dropped CLI Command Logging enabled Switch Auditing enabled Web Session Logging disabled SNMP Set Command Logging disabled Syslog server 192 168 2 10 logging debug Messages 0 dropped 412 Messages dropped due to lack of resources Buffer Log 186 FEB 02 05 53 03 0 0 0 0 1 UNKN 1073741088 bootos c 232 1 Event 0xaaaaaaaa 189 FEB 02 05 53 03 0 0 0 0 1 UNKN 1073741088 bootos c 248 2 Starting code...

Page 240: ...milar to the following Figure 10 24 Email Alert Message Format For emergency level messages the subject is LOG MESSAGE EMERGENCY For messages with a severity level of alert critical and error the subject is LOG MESSAGE To configure the switch 1 Specify the mail server to use for sending messages console configure console config mail server ip address 192 168 2 34 2 Configure the username and passw...

Page 241: ...t that will appear in the email alert Subject line console config logging email message type urgent subject LOG MESSAGES EMERGENCY console config logging email message type non urgent subject LOG MESSAGES 7 Verify the configuration console show mail server all config Mail Servers Configuration No of mail servers configured 1 Email Alert Mail Server Address 192 168 2 34 Email Alert Mail Server Port...

Page 242: ...ation Email Alert To Address Table For Msg Type 1 Address1 administrator dell com For Msg Type 2 Address1 administrator dell com Email Alert Subject Table For Msg Type 1 subject is LOG MESSAGES EMERGENCY For Msg Type 2 subject is LOG MESSAGE ...

Page 243: ...em Settings CLI General System Settings Configuration Examples System Settings Overview The system settings include the information described in Table 11 1 This information helps identify the switch Table 11 1 System Information Feature Description System Name The switch name host name If you change the system name the CLI prompt changes from console to the system name System contact Identifies th...

Page 244: ... Determines the maximum resources a switch or router can use for various features For more information see What Are SDM Templates on page 248 Table 11 2 Time Settings Feature Description SNTP Controls whether the switch obtains its system time from an SNTP server and whether communication with the SNTP server requires authentication and encryption You can configure information for up to eight SNTP...

Page 245: ...rts of the Aggregator Group Simple mode has the following characteristics A user with privilege level 15 can change the mode of operation using the CLI Web and SNMP interfaces Operational mode is set to Normal mode on resetting the configuration to Factory defaults from the software boot menu When you change the operational mode a trap is generated apart from logging a message A limited set of con...

Page 246: ...ts that are shown using the show port aggregator port summary command In Simple mode you can set the LACP mode on a group but not on an individual port Use the show interface status command to check the lag status The switch handles traffic in the following way when in Simple Mode Tagged traffic would be dropped if the incoming port is not a member of the incoming packet s VLAN Untagged traffic is...

Page 247: ...roup can include 1 up to the total number of available internal ports The number of external ports that can be included in a group is limited to the maximum number of ports that can be included in a LAG On the PowerConnect M6220 M6348 M8024 and M8024 k switches eight ports is the maximum number No member port either internal or external can participate in more than one Aggregator NOTE The default ...

Page 248: ...n of the maximum resources a switch or router can use for various features Different SDM templates allow different combinations of scaling factors enabling different allocations of resources depending on how the device is used In other words SDM templates enable you to reallocate system resources to support a different mix of features based on your network requirements PowerConnect M6220 M6348 M80...

Page 249: ...ow Does SNTP Work SNTP assures accurate switch clock time synchronization Time synchronization is performed by a network SNTP server Time sources are established by Stratums Stratums define the accuracy of the reference clock The higher the stratum where zero is the highest the more accurate the clock The switch is at a stratum that is one lower than its time source For example if the SNTP server ...

Page 250: ...uration Is Required for Plug In Modules The switch supports several different plug in modules also known as cards for the expansion slots located on the back of the switch For information about the slots and the supported modules see PowerConnect M6220 M6348 M8024 and M8024 k Front Panel on page 87 You can preconfigure the card type prior to inserting it into the switch Hot swap support is not ava...

Page 251: ...ggregation Control Protocol LACP trunk group therefore like LACP groups PA groups are limited to eight external member ports For M6220 and M6348 stacked switches each unit in the stack has a default PA group The default groups include the following ports M6220 Internal ports Gi1 0 1 Gi1 0 16 and all fixed front panel 1G ports Gi1 0 17 Gi1 0 20 M8024 and M8024 k Internal ports Te1 0 1 Te1 0 16 and ...

Page 252: ...ck with Two Members Aggregator Group Member Internal Ports Member Uplink External Ports Group 1 Gi1 0 1 Gi1 0 2 Gi1 0 3 Gi1 0 4 Gi1 0 5 Gi1 0 6 Gi1 0 7 Gi1 0 8 Gi1 0 9 Gi1 0 10 Gi1 0 11 Gi1 0 12 Gi1 0 13 Gi1 0 14 Gi1 0 15 Gi1 0 16 Gi1 0 17 Gi1 0 18 Gi1 0 19 Gi1 0 20 Gi1 0 21 Gi1 0 22 Gi1 0 23 Gi1 0 24 Gi1 0 25 Gi1 0 26 Gi1 0 27 Gi1 0 28 Gi1 0 29 Gi1 0 30 Gi1 0 31 Gi1 0 32 Gi1 0 33 Gi1 0 34 Gi1 0 3...

Page 253: ...d if desired Table 11 6 PCM8024 and PCM8024 k Default Port Aggregator Group Mapping Aggregator Group Member Internal Ports Member Uplink External Ports Group 1 Te1 0 1 Te1 0 2 Te1 0 3 Te1 0 4 Te1 0 5 Te1 0 6 Te1 0 7 Te1 0 8 Te1 0 9 Te1 0 10 Te1 0 11 Te1 0 12 Te1 0 13 Te1 0 14 Te1 0 15 Te1 0 16 Te1 0 17 Te1 0 18 Te1 0 19 Te1 0 20 Te1 0 21 Te1 0 22 Te1 0 23 Te1 0 24 NOTE 1G and 10G external ports ca...

Page 254: ...20 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page System Information Use the System Information page to configure the system name contact name location and asset tag To display the System Information page click System General System Information in the navigation panel Figure 11 1 System Information NOTE From the System Information page you can also i...

Page 255: ...neral System Information page click the Telnet link 2 Click the Telnet button Figure 11 2 Telnet 3 Select the Telnet client and click OK NOTE The Telnet client feature does not work with Microsoft Windows Internet Explorer 7 and later versions Initiating this feature from any browser running on a Linux operating system is not supported ...

Page 256: ...256 Managing General System Settings Figure 11 3 Select Telnet Client The selected Telnet client launches and connects to the switch CLI Figure 11 4 Telnet Session ...

Page 257: ...igure a message for the switch to display when a user connects to the switch by using the CLI You can configure different banners for various CLI modes and access methods To display the CLI Banner page click System General CLI Banner in the navigation panel Figure 11 5 CLI Banner ...

Page 258: ...ate resource settings and to select the template that the switch uses If you select a new SDM template for the switch to use you must reboot the switch before the template is applied To display the SDM Template Preference page click System General SDM Template Preference in the navigation panel Figure 11 6 SDM Template Preference ...

Page 259: ...est privilege level can change the operating mode To display the Operational Mode Configuration page click System Operational Mode Operational Mode Configuration in the navigation panel Figure 11 7 Operational Mode Configuration Enabling Simple Mode To enable Simple mode 1 From the Simple Mode field select Enable 2 Click Apply 3 Confirm that you want to enable Simple mode as Figure 11 8 shows ...

Page 260: ...are automatically logged off the system To log on to the switch you must enter a username and password in the logon screen When the switch is operating in Simple mode many of the pages available in normal mode are not available and the navigation panel displays only the features that are available in Simple mode Figure 11 9 Operational Mode Configuration ...

Page 261: ...uration Use the Global Configuration page to configure LAG failover settings for all port aggregator groups To display the Global Configuration page click Switching Port Aggregator Global Configuration in the tree view Figure 11 10 Port Aggregator Global Configuration ...

Page 262: ...groups By default all ports are in aggregator group 1 To display the Port Configuration page click Switching Port Aggregator Port Configuration in the tree view Figure 11 11 Port Aggregator Port Configuration Viewing the Port Aggregator Member Port Summary and Configuring Members To view a summary of the ports assigned to each aggregator group 1 Open the Port Configuration page 2 Click Summary ...

Page 263: ...a group Each port can only belong to only one Port Aggregator group 6 Click Apply Removing Ports from an Aggregator Group To remove a port from an aggregator group 1 Open the Port Configuration Summary page 2 Select the Remove option for the group with the ports to remove 3 Click Apply All ports assigned to the Port Aggregator group are removed from the group and are not assigned to any group NOTE...

Page 264: ... aggregator group settings for each aggregator group To display the Group Configuration page click Switching Port Aggregator Group Configuration in the tree view Figure 11 13 Port Aggregator Group Configuration Viewing the Port Aggregator Group Summary To view a summary of the aggregator group settings 1 Open the Group Configuration page 2 Click Summary ...

Page 265: ...em Settings 265 Figure 11 14 Port Aggregator Group Configuration Summary 3 To modify the settings for an aggregator group click the Modify link associated with the group to access the Group Configuration page for the group ...

Page 266: ...To display the Internal Port VLAN Configuration page click Switching Port Aggregator Internal Port VLAN Configuration in the tree view Figure 11 15 Port Aggregator Internal Port VLAN Configuration Viewing the Internal Port VLAN Configuration Summary To view about the VLANs assigned to the internal ports within a group 1 Open the Internal Port VLAN Configuration page 2 Click Summary ...

Page 267: ...Managing General System Settings 267 Figure 11 16 Port Aggregator Group Configuration Summary 3 To view the VLAN settings for a different group select the group from the Group ID menu ...

Page 268: ...mary Use the Port Channel Summary page to view information about the LAG members and LAG status for each group To display the Port Channel Summary page click Switching Port Aggregator Port Channel Summary in the tree view Figure 11 17 Port Aggregator Port Channel Summary ...

Page 269: ...ry Use the Group VLAN MAC Summary page to view the MAC address table entries for each Port Aggregator group To display the Group VLAN MAC Summary page click Switching Port Aggregator Group VLAN MAC Summary in the tree view Figure 11 18 Group VLAN MAC Summary ...

Page 270: ...the Clock page The Clock page also displays information about the time settings configured on the switch To display the Clock page click System Time Synchronization Clock in the navigation panel Figure 11 19 Clock NOTE The system time cannot be set manually if the SNTP client is enabled Use the SNTP Global Settings page to enable or disable the SNTP client ...

Page 271: ...or disable the SNTP client configure whether and how often the client sends SNTP requests and determine whether the switch can receive SNTP broadcasts To display the SNTP Global Settings page click System Time Synchronization SNTP Global Settings in the navigation panel Figure 11 20 SNTP Global Settings ...

Page 272: ...ed encryption key ID Click System Time Synchronization SNTP Authentication in the navigation panel to display the SNTP Authentication page Figure 11 21 SNTP Authentication Adding an SNTP Authentication Key To configure SNTP authentication 1 Open the SNTP Authentication page 2 Click the Add link The Add Authentication Key page displays NOTE The SNTP server must be configured with the same authentic...

Page 273: ...ate a unicast SNTP server select the Trusted Key check box If the check box is clear the key is untrusted and cannot be used for authentication 5 Click Apply The SNTP authentication key is added and the device is updated To view all configured authentication keys click the Show All link The Authentication Key Table displays You can also use the Authentication Key Table to remove or edit existing k...

Page 274: ...TP servers and to add new SNTP servers that the switch can use for time synchronization The switch can accept time information from both IPv4 and IPv6 SNTP servers To display the SNTP Server page click System Time Synchronization SNTP Server in the navigation panel If no servers have been configured the fields in the following image are not displayed ...

Page 275: ...Managing General System Settings 275 Figure 11 24 SNTP Servers Defining a New SNTP Server To add an SNTP server 1 Open the SNTP Servers page 2 Click Add The Add SNTP Server page displays ...

Page 276: ...address IPv6 address or a hostname DNS 5 If you require authentication between the SNTP client on the switch and the SNTP server select the Encryption Key ID check box and then select the key ID to use To define a new encryption key see Adding an SNTP Authentication Key on page 272 NOTE The SNTP server must be configured with the same authentication information to allow time synchronization to tak...

Page 277: ...em Settings 277 To view all configured SNTP servers click the Show All link The SNTP Server Table displays You can also use the SNTP Server Table page to remove or edit existing SNTP servers Figure 11 26 SNTP Servers Table ...

Page 278: ...page click System Time Synchronization Summer Time Configuration in the navigation panel Figure 11 27 Summer Time Configuration To use the preconfigured summer time settings for the United States or European Union select the Recurring check box and specify USA or EU from the Location menu NOTE The fields on the Summer Time Configuration page change when you select or clear the Recurring check box ...

Page 279: ...igure time zone information including the amount time the local time is offset from UTC and the acronym that represents the local time zone To display the Time Zone Configuration page click System Time Synchronization Time Zone Configuration in the navigation panel Figure 11 28 Time Zone Configuration ...

Page 280: ...l System Settings Slot Summary Use the Slot Summary page to view information about the expansion slot status To display the Slot Summary page click Switching Slots Summary in the navigation panel Figure 11 29 Slot Summary ...

Page 281: ...pported Cards Use the Supported Cards page to view information about the supported plug in modules for the switch To display the Supported Cards page click Switching Slots Supported Cards in the navigation panel Figure 11 30 Supported Cards ...

Page 282: ...system information Command Purpose configure Enter Global Configuration mode hostname name Configure the system name The CLI prompt changes to the host name after you execute the command snmp server contact name Configure the name of the switch administrator If the name contains a space use quotation marks around the name snmp server location location Configure the switch location asset tag unit u...

Page 283: ...sage that displays when you connect to the switch motd and login or enter User EXEC mode exec Use quotation marks around a message if it includes spaces line telnet ssh console Enter the terminal line configuration mode for Telnet SSH or the console motd banner Specify that the configured MOTD banner displays To prevent the banner from displaying enter no motd banner exec banner Specify that the c...

Page 284: ... Z Exit to Privileged EXEC mode show sdm prefer template View information about the SDM template the switch is currently using Use the template variable to view the parameters for the specified template Command Purpose configure Enter Global Configuration mode mode simple Enable Simple mode Switching modes clears the running configuration You are prompted to confirm that you want to continue NOTE ...

Page 285: ...ed 10 100 Configure the speed of all member ports in the aggregator group zone lacp auto static off Configure the LACP mode of the group to dynamic auto static or none off minimum active uplinks 1 4 Set the minimum number of uplinks to be active for the aggregator group CTRL Z Exit to Privileged EXEC mode show port aggregator group summary View summary information about the Port Aggregator groups ...

Page 286: ...nization to take place between the two devices Command Purpose configure Enter Global Configuration mode sntp authentication key key_id md5 key_word Define an authentication key for SNTP The variables are key_id The encryption key ID which is a number from 1 4294967295 key_word The authentication key which is a string of up to eight characters sntp trusted key key_id Specify the authentication key...

Page 287: ...they are entered key_id Optional Enter an authentication key to use The key must be previously defined by the sntp authentication key command sntp unicast broadcast client enable This command enables the SNTP client and allows the switch to poll configured unicast SNTP servers for updates or receive broadcasts from any SNTP server sntp client poll timer seconds Specify how often the SNTP client re...

Page 288: ... 13 minutes offset Minutes difference from UTC Range 0 59 acronym The acronym for the time zone Range Up to four characters clock summer time recurring usa eu week day month hh mm week day month hh mm offset offset zone acronym Use this command if the summer time starts and ends every year based on a set pattern For switches located in the United States or European Union use the usa or eu keywords...

Page 289: ...ange 1 31 month Month Range The first three letters by name hh mm Time in 24 hour format in hours and minutes Range hh 0 23 mm 0 59 offset Number of minutes to add during the summertime Range 1 1440 acronym The acronym for the time zone to be displayed when summertime is in effect Range Up to four characters CTRL Z Exit to Privileged EXEC mode show clock detail View information about the time Incl...

Page 290: ...her switch administrators of the connected topology To configure the switch 1 Configure the hosts name console configure console config hostname PCM6348 2 Configure the contact location and asset tag Notice that the prompt changed to the host name PCM6348 config snmp server contact Jane Doe PCM6348 config snmp server location RTP100 PCM6348 config asset tag 006429 3 Configure the message that disp...

Page 291: ...t M6348 Temperature Sensors Unit Description Temperature Status Celsius 1 System 57 Good Power Supplies Unit Description Status 1 Main OK 5 View additional information about the system PCM6348 show system id Service Tag 0000000 Chassis Service Tag Serial Number TW282987BK0002 Asset Tag 111222 Unit Service tag Chassis Serv tag Serial number Asset tag 1 0000000 TW282987BK0002 111222 6 Initiate a new...

Page 292: ...292 Managing General System Settings Figure 11 31 Verify MOTD ...

Page 293: ...3456465 md5 sntpkey console config sntp trusted key 23456465 console config sntp authenticate 2 Specify the IP address of the SNTP server to poll and include the authentication key This command automatically enables polling and sets the priority to 1 console config sntp server 192 168 10 30 key 23456465 console config sntp unicast client enable 3 Verify the configuration console show sntp configur...

Page 294: ...l System Settings 4 View the SNTP status on the switch console show sntp status Client Mode Unicast Last Update Time MAR 01 09 12 43 2010 Unicast servers Server Status Last response 192 168 10 30 Other 09 12 43 Mar 1 2011 ...

Page 295: ...ure console config clock timezone 5 zone EST 2 Configure the summer time daylight saving time to use the preconfigured settings for the United States console config clock summer time recurring us 3 Set the local time and date console config clock set 16 13 06 03 01 2010 4 Verify the time settings console show clock detail 00 27 19 EST UTC 5 00 Feb 3 2039 No time source Time zone Acronym is EST Off...

Page 296: ...296 Managing General System Settings ...

Page 297: ...anagement of a device through communication between an SNMP manager and an SNMP agent on the remote device The SNMP manager is typically part of a Network Management System NMS that runs on an administrative host The switch software includes Management Information Base MIB objects that the SNMP agent queries and modifies The switch uses standard public MIBs and private MIBs A MIB acts as a structu...

Page 298: ...hentication Timeliness Protects against message delay or message redundancy The SNMP agent compares incoming message to the message time information Key Management Defines key generation key updates and key use Authentication or Privacy Keys are modified in the SNMPv3 User Security Model USM What Are SNMP Traps SNMP is frequently used to monitor systems for fault conditions such as temperature vio...

Page 299: ...h Default SNMP Values By default SNMPv2 is automatically enabled on the device SNMPv1 and SNMPv3 are disabled To enable SNMPv3 you must define a local engine ID for the device The local engineID is by default set to the switch MAC address however when the switch operates in a stacking mode it is important to manually configure the local engineID for the stack This local engineID must be defined so...

Page 300: ...Portal traps Disabled OSPF traps Disabled Table 12 2 SNMP Default Views View Name OID Subtree View Type Default iso Included snmpVacmMIB Excluded usmUser Excluded snmpCommunityTable Excluded DefaultSuper iso Included Table 12 3 SNMP Default Groups Group Name Security Level Read Write Notify DefaultRead No Auth No Priv Default Default DefaultWrite No Auth No Priv Default Default Default DefaultSupe...

Page 301: ... a page click at the top of the page SNMP Global Parameters Use the Global Parameters page to enable SNMP and Authentication notifications To display the Global Parameters page click System SNMP Global Parameters in the navigation panel Figure 12 1 SNMP Global Parameters NOTE For some features the control to enable or disable traps is available from a configuration page for that feature and not fr...

Page 302: ...ccessible and which are blocked You can create a view that includes or excludes OIDs corresponding to interfaces To display the View Settings page click System SNMP View Settings in the navigation panel Figure 12 2 SNMP View Settings Adding an SNMP View To add a view 1 Open the View Settings page 2 Click Add The Add View page displays ...

Page 303: ...gure 12 3 Add View 3 Specify a name for the view and a valid SNMP OID string 4 Select the view type 5 Click Apply The SNMP view is added and the device is updated Click Show All to view information about configured SNMP Views ...

Page 304: ... network managers to assign access rights to specific device features or features aspects To display the Access Control Group page click System SNMP Access Control in the navigation panel Figure 12 4 SNMP Access Control Group Adding an SNMP Group To add a group 1 Open the Access Control Configuration page 2 Click Add The Add an Access Control Configuration page displays ...

Page 305: ...s Control Group 3 Specify a name for the group 4 Select a security model and level 5 Define the context prefix and the operation 6 Click Apply to update the switch Click Show All to view information about existing access control configurations ...

Page 306: ...Security Model in the navigation panel Figure 12 6 SNMPv3 User Security Model Adding Local SNMPv3 Users to a USM To add local users 1 Open the User Security Model page 2 Click Add Local User The Add Local User page displays NOTE You can also use the Local User Database page under Management Security to configure SNMPv3 settings for users For more information see Configuring Authentication Authoriz...

Page 307: ... update the switch Click Show All to view the User Security Model Table which contains information about configured Local and Remote Users Adding Remote SNMPv3 Users to a USM To add remote users 1 Open the SNMPv3 User Security Model page 2 Click Add Remote User The Add Remote User page displays ...

Page 308: ...SNMP Figure 12 8 Add Remote Users 3 Define the relevant fields 4 Click Apply to update the switch Click Show All to view the User Security Model Table which contains information about configured Local and Remote Users ...

Page 309: ...ames are changed access rights are also changed SNMP Communities are defined only for SNMP v1 and SNMP v2 To display the Communities page click System SNMP Communities in the navigation panel Figure 12 9 SNMP Communities Adding SNMP Communities To add a community 1 Open the Communities page 2 Click Add The Add SNMPv1 2 Community page displays ...

Page 310: ...f an SNMP management station and the community string to act as a password that will authenticate the management station to the SNMP agent on the switch 4 Select the access mode 5 Click Apply to update the switch Click Show All to view the communities that have already been configured ...

Page 311: ...or a feature aspect The Notification Filter page also allows you to filter notifications To display the Notification Filter page click System SNMP Notification Filters in the navigation panel Figure 12 11 SNMP Notification Filter Adding a Notification Filter To add a filter 1 Open the Notification Filter page 2 Click Add The Add Filter page displays ...

Page 312: ...n about the filters that have already been configured Notification Recipients Use the Notification Recipients page to view information for defining filters that determine whether traps are sent to specific users and the trap type sent SNMP notification filters provide the following services Identifying Management Trap Targets Trap Filtering Selecting Trap Generation Parameters Providing Access Con...

Page 313: ...Configuring SNMP 313 Figure 12 13 SNMP Notification Recipient Adding a Notification Recipient To add a recipient 1 Open the Notification Recipient page 2 Click Add The Add Recipient page displays ...

Page 314: ... notifications 4 Select whether to send traps or informs to the specified recipient 5 Define the relevant fields for the SNMP version you use 6 Configure information about the port on the recipient 7 Click Apply to update the switch Click Show All to view information about the recipients that have already been configured ...

Page 315: ...disable When the condition identified by an active trap is encountered by the switch a trap message is sent to any enabled SNMP Trap Receivers and a message is written to the trap log To access the Trap Flags page click Statistics RMON Trap Manager Trap Flags in the navigation panel Figure 12 15 Trap Flags ...

Page 316: ...disable When the condition identified by an active trap is encountered by the switch a trap message is sent to any enabled SNMP Trap Receivers and a message is written to the trap log To access the OSPFv2 Trap Flags page click Statistics RMON Trap Manager OSPFv2 Trap Flags in the navigation panel Figure 12 16 OSPFv2 Trap Flags ...

Page 317: ...disable When the condition identified by an active trap is encountered by the switch a trap message is sent to any enabled SNMP Trap Receivers and a message is written to the trap log To access the OSPFv3 Trap Flags page click Statistics RMON Trap Manager OSPFv3 Trap Flags in the navigation panel Figure 12 17 OSPFv3 Trap Flags ...

Page 318: ...og page is used to view entries that have been written to the trap log To access the Trap Log page click Statistics RMON Trap Manager Trap Log in the navigation panel Figure 12 18 Trap Logs Click Clear to delete all entries from the trap log ...

Page 319: ...domain the following guidelines are recommended For standalone switches use the default keyword to configure the Engine ID For a stack of switches configure your own EngineID and verify that is unique within your administrative domain Changing the value of SNMP EngineID has important side effects A user s password entered on the command line is converted to an MD5 or SHA security digest This diges...

Page 320: ...to Privileged EXEC mode show snmp engineid View the local SNMP engine ID Command Purpose configure Enter Global Configuration mode snmp server view view name oid tree included excluded Configure the SNMP view When you configure groups users and communities you can specify a view to associate with the group user or community view name Specifies the name of the view Range 1 30 characters oid tree Sp...

Page 321: ...MP Version 2 security model v3 Indicates the SNMP Version 3 security model noauth Indicates no authentication of a packet Applicable only to the SNMP Version 3 security model auth Indicates authentication of a packet without encrypting it Applicable only to the SNMP Version 3 security model priv Indicates authentication of a packet with encryption Applicable only to the SNMP Version 3 security mod...

Page 322: ...to informs Range 5 32 characters auth md5 The HMAC MD5 96 authentication level auth sha The HMAC SHA 96 authentication level password A password Range 1 to 32 characters auth md5 key The HMAC MD5 96 authentication level Enter a pregenerated MD5 key auth sha key The HMAC SHA 96 authentication level Enter a pregenerated SHA key md5 key Character string length 32 hex characters sha key Character stri...

Page 323: ...me ipaddress ip_address Configure the community string and specify access criteria for the community community string Acts as a password and is used to authenticate the SNMP management station to the switch The string must also be defined on the NMS in order for the NMS to access the SNMP agent on the switch Range 1 20 characters ro Indicates read only access rw Indicates read write access view na...

Page 324: ...Community string that acts like a password and permits access to the SNMP protocol Range 1 20 characters group name Name of a previously defined group The group defines the objects available to the community Range 1 30 characters ip address Management station IP address Default is all IP addresses exit Exit to Privileged EXEC mode show snmp View SNMP settings and verify the configuration Command P...

Page 325: ...se the CLI command help or see the CLI Command Reference snmp server filter filter name oid tree included excluded Configure a filter for SNMP traps and informs based on OIDs Each OID is linked to a device feature or a feature aspect filter name Specifies the label for the filter record that is being updated or created The name is used to reference the record Range 1 30 characters oid tree Specifi...

Page 326: ...re resending informs The default is 15 seconds Range 1 300 characters retries Maximum number of times to resend an inform request The default is 3 attempts traps Indicates that SNMP traps are sent to this host version 1 Indicates that SNMPv1 traps will be used version 2 Indicates that SNMPv2 traps will be used community string Specifies a password like community string sent with the notification o...

Page 327: ...t without authentication auth Specifies authentication of a packet without encrypting it priv Specifies authentication and encryption of a packet seconds Number of seconds to wait for an acknowledgment before resending informs This is not allowed for hosts configured to send traps The default is 15 seconds Range 1 300 seconds retries Maximum number of times to resend an inform request This is not ...

Page 328: ... features that produce traps The traps are sent to the host with an IP address of 192 168 3 65 using the community string public To configure the switch 1 Configure the public community string console configure console config snmp server community public ro 2 Configure the private community string console config snmp server community private rw 3 Enable all traps and specify the IP address of the ...

Page 329: ...supplying the appropriate authentication credentials secretkey To configure the switch 1 Configure the view view_snmpv3 and specify the objects to include console configure console config snmp server view view_snmpv3 internet included 2 Create the group group_snmpv3 and allow read write access to the view configured in the previous step console config snmp server group group_snmpv3 v3 auth read vi...

Page 330: ...itch The output includes the SNMPv1 2 configuration in the previous example console show snmp Community String Community Access View Name IP Address private Read Write Default All public Read Only Default All Traps are enabled Authentication trap is enabled Version 1 2 notifications Version 3 notifications System Contact System Location Community String Group Name IP Address private DefaultWrite A...

Page 331: ... Read Views Write Notify DefaultRead V1 NoAuth NoPriv Default Default DefaultRead V2 NoAuth NoPriv Default Default DefaultSuper V1 NoAuth NoPriv DefaultSu per Default Super Default Super DefaultSuper V2 NoAuth NoPriv DefaultSu per Default Super Default Super DefaultWrite V1 NoAuth NoPriv Default Default Default DefaultWrite V2 NoAuth NoPriv Default Default Default group_snmpv3 V3 Auth NoPriv view_...

Page 332: ...332 Configuring SNMP ...

Page 333: ...48 M8024 and M8024 k switches maintain several different types of files on the flash file system Table 13 1 describes the files that you can manage The table also lists the type of action you can take on the file which is one or more of the following Download the file to the switch from a remote system Upload the file from the switch to a remote system Copy the file from one location on the file s...

Page 334: ... Upload Copy An additional configuration file that serves as a backup Configuration script Download Upload Text file with CLI commands When you activate a script on the switch the commands are executed and added to the running config Log files Upload Provides various information about events that occur on the switch For more information see Monitoring and Logging System Information SSH key files D...

Page 335: ...ation The switch can maintain three separate configuration files startup config running config and backup config The switch loads the startup config file when the switch boots Any configuration SSL certificate files Download Contains information to encrypt authenticate and validate HTTPS sessions The switch supports the following files for SSL SSL Trusted Root Certificate File PEM Encoded SSL Serv...

Page 336: ...n file from the switch to a remote server for the following reasons To create a backup copy To use the configuration file on another switch To manually edit the file You might download a configuration file from a remote server to the switch for the following reasons To restore a previous configuration To load the configuration copied from another switch To load the same configuration file on multi...

Page 337: ...h to the file and the correct file name Managing Images When you download a new image to the switch it overwrites the backup image if it exists To use the new image you must activate it and reload the switch The image that was previously the active image becomes the backup image after the switch reloads If you upgrade to a newer image and find that it is not compatible with your network you can re...

Page 338: ...our of ten commands and the script fails the script stops at four and the final six commands are not executed Scripts cannot be modified or deleted while being applied Validation of scripts checks for syntax errors only It does not validate that the script will run The file extension must be scr A maximum of seven scripts are allowed on the switch The combined size of all script files on the switc...

Page 339: ... SNMP to upload a configuration file to a TFTP server the agentTransferUploadFileName object must be set to the local filename which is either startup config or backup config How Is the Running Configuration Saved Changes you make to the switch configuration while the switch is operating are written to the running config These changes are not automatically written to the startup config When you re...

Page 340: ...nd files on a PowerConnect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page File System Use the File System page to view a list of the files on the device and to modify the image file descriptions To display the File System page click System File Management File System in the navigation panel Figure 13 1 File System ...

Page 341: ...to set the firmware image to use when the switch boots If you change the boot image it does not become the active image until you reset the switch To display the Active Images page click System File Management Active Images in the navigation panel Figure 13 2 Active Images ...

Page 342: ...wnload in the navigation panel Figure 13 3 File Download Downloading Files To download a file to the switch 1 Open the File Download page 2 Select the type of file to download to the switch 3 Select the transfer mode If you select a transfer mode that requires authentication additional fields appear in the Download section If you select HTTP as the download method some of the fields are hidden NOT...

Page 343: ... the name of the file and the path on the server where it is located For SFTP and SCP provide the user name and password 6 Click Apply to begin the download Figure 13 4 File Download in Progress 7 The file is downloaded to the switch NOTE After you start a file download the page refreshes and a transfer status field appears to indicate the number of bytes transferred The web interface is blocked u...

Page 344: ...click System File Management File Upload in the navigation panel Figure 13 5 File Upload Uploading Files To upload a file from the switch to a remote system 1 Open the File Upload page 2 Select the type of file to download to the remote server 3 Select the transfer mode If you select a transfer mode that requires authentication additional fields appear in the Upload section If you select HTTP as t...

Page 345: ...for the file For SFTP and SCP provide the user name and password 6 Click Apply to begin the upload 7 The file is uploaded to the specified location on the remote server NOTE If you are using HTTPS to manage the switch the download method will be HTTPS NOTE For some file uploads and methods the page refreshes and a transfer status field appears to indicate the number of bytes transferred The web in...

Page 346: ...or all members of a stack Copy the running startup or backup configuration file to the startup or backup configuration file Restore the running configuration to the factory default settings To display the Copy Files page click System File Management Copy Files in the navigation panel Figure 13 7 Copy Files ...

Page 347: ...o use TFTP to download the image NOTE Upload download and copy functions use the copy command The basic syntax for the command is copy source destination This section shows several different ways to use the copy command Command Purpose copy tftp ip address hostname path file name image Use TFTP to download the firmware image at the specified source to the non active image If the image file is in t...

Page 348: ...emove the specified file erase startup config backup image backup config Erase the startup configuration the backup configuration or the backup image copy startup config backup config Save the startup configuration to the backup configuration file copy running config startup config Copy the current configuration to the startup configuration This saves the current configuration to NVRAM show startu...

Page 349: ...mote system by using SCP Command Purpose copy file scp user ip address hostname path file name Adds a description to an image file The file can be one of the following files backup config image operational log running config script file name startup config startup log Password entry After you enter the copy command the CLI prompts you for the password associated with the username ...

Page 350: ...script dest name Downloads the specified script from the remote server to the switch Password entry After you enter the copy command the CLI prompts you for the password associated with the username script validate script name Checks the specified script for syntax errors The script is automatically validated when you download it to the switch You can validate again with this command script list V...

Page 351: ...repare the download and then download and upgrade the switch image 1 Check the connectivity between the switch and the TFTP server console ping 10 27 65 103 Pinging 10 27 65 103 with 0 bytes of data Reply From 10 27 65 103 icmp_seq 0 time 10 msec Reply From 10 27 65 103 icmp_seq 1 time 10 msec Reply From 10 27 65 103 icmp_seq 2 time 10 msec Reply From 10 27 65 103 icmp_seq 3 time 10 msec 10 27 65 ...

Page 352: ... the switch After you execute the copy command you must verify that you want to start the download The downloaded image replaces the currently inactive image which may be image1 or image2 console copy tftp 10 27 65 103 images dell_0308 stk image Mode TFTP Set TFTP Server IP 10 27 65 103 TFTP Path images TFTP Filename dell_0308 stk Data Type Code unit image1 image2 current active next active 1 4 1 ...

Page 353: ...var Image Descriptions image1 image2 Images currently available on Flash 7 Copy the running configuration to the startup configuration to save the current configuration to NVRAM console copy running config startup config This operation may take a few minutes Management interfaces will not be available during this time Are you sure you want to save y n y Configuration Saved 8 Reset the switch to bo...

Page 354: ...a text editor on an administrative computer and type the commands as if you were entering them by using the CLI Figure 13 9 Create Config Script 2 Save the file with an scr extension and copy it to the appropriate directory on your TFTP server 3 Download the file from the TFTP server to the switch console copy tftp 10 27 65 103 labhost scr script labhost scr Mode TFTP Set TFTP Server IP 10 27 65 1...

Page 355: ...35 bytes transferred Validating configuration script configure exit configure ip host labpc1 192 168 3 56 ip host labpc2 192 168 3 58 ip host labpc3 192 168 3 59 Configuration script validated File transfer operation completed successfully 5 Run the script to execute the commands console script apply labhost scr Are you sure you want to apply the configuration script y n y configure exit configure...

Page 356: ...ript was successfully applied console show hosts Host name test Name address lookup is enabled Name servers Preference order 192 168 3 20 Configured host name to address mapping Host Addresses labpc1 192 168 3 56 labpc2 192 168 3 58 labpc3 192 168 3 59 ...

Page 357: ...Auto Configuration begins the automatic download and installation process when the switch or stack master is initialized and no configuration file startup config is found or when the switch boots and loads a saved configuration that has Auto Configuration enabled Auto Configuration is enabled by default Allow downgrade is also enabled by default What Is the DHCP Auto Configuration Process The swit...

Page 358: ...CLI prompt as in response to the hostname command Obtaining Other Dynamic Information The following information is also processed and may be returned by a BOOTP or DHCP server Name of configuration file the file field in the DHCP header or option 67 to be downloaded from the TFTP server Identification of the TFTP server providing the file The TFTP server can be identified by name or by IP address ...

Page 359: ...the image file itself but rather a text file that contains the path and name of the image file Upon receipt of option 125 the switch downloads the text file from the TFTP server reads the name of the image file and downloads the image file from the TFTP server After the switch successfully downloads and installs the new image it automatically reboots The download or installation might fail for one...

Page 360: ...configuration file The default network configuration file consists of a set of IP address to hostname mappings using the command ip host hostname address The switch finds its own IP address as learned from the DHCP server in the configuration file and extracts its hostname from the matching command If the default network configuration file does not contain the switch s IP address the switch attemp...

Page 361: ...nfig file No 3 hostname cfg Host specific config file associated with hostname Yes 4 host cfg Default config file Yes Table 14 2 TFTP Request Types TFTP Server Address Available Host specific Switch Config Filename Available TFTP Request Method Yes Yes Issue a unicast request for the host specific router config file to the TFTP server Yes No Issue a unicast request for a default network or router ...

Page 362: ...ion Process You can terminate the Auto Configuration process at any time before the image or configuration file is downloaded This is useful when the switch is disconnected from the network Termination of the Auto Configuration process ends further periodic requests for a host specific file The Auto Configuration process automatically starts after a reboot if the configuration file is not found on...

Page 363: ...red A configuration file either from bootfile or option 67 option for the switch must be available from a TFTP server The switch must be connected to the network and have a Layer 3 interface that is in an UP state A DNS server must contain an IP address to hostname mapping for the TFTP server if the DHCP server response identifies the TFTP server by name A DNS server must contain an IP address to ...

Page 364: ...bout the TFTP server and bootfile the switch makes three unicast TFTP requests for the specified bootfile If the unicast attempts fail or if a TFTP server address was not provided the switch makes three broadcast requests to any available TFTP server for the specified bootfile AutoSave Disabled If the switch is successfully auto configured the running configuration is not saved to the startup conf...

Page 365: ...a page click at the top of the page Auto Install Configuration Use the Auto Install Configuration page to allow the switch to obtain network information such as the IP address and subnet mask and automatically download a host specific or network configuration file during the boot process if no startup config file is found To display the Auto Configuration page click System General Auto Install Con...

Page 366: ... the startup config file Command Purpose configure Enter Global Configuration mode boot autoinstall start Enable the Auto Configuration feature on the switch boot host dhcp Enable Auto Configuration for the next reboot cycle The command does not change the current behavior of Auto Configuration but it does save the command to NVRAM boot host autosave Allow the switch to automatically save the conf...

Page 367: ...to the switch This example describes the procedures to complete the configuration To use DHCP auto configuration 1 Create a default config file for the switches named host cfg For information about creating configuration files see Managing Images and Files 2 Upload the host cfg file to the TFTP server 3 Upload the image file to the TFTP server 4 Configure an address pool on the DHCP server that co...

Page 368: ...368 Auto Image and Configuration Update 5 Connect a port OOB port for out of band management or any switch port for in band management on each switch to the network 6 Boot the switches ...

Page 369: ...Monitoring RMON agents What is sFlow Technology sFlow is an industry standard technology for monitoring high speed switched and routed networks PowerConnect M6220 M6348 M8024 M8024 k switch software has a built in sFlow agent that can monitor network traffic on each port and generate sFlow data to an sFlow receiver also known as a collector sFlow helps to provide visibility into network activity w...

Page 370: ...d Samples are not aggregated into a flow table on the switch they are forwarded immediately over the network to the sFlow receiver The sFlow system is tolerant to packet loss in the network because statistical modeling means the loss is equivalent to a slight change in the sampling rate sFlow receiver can receive data from multiple switches providing a real time synchronized view of the whole netw...

Page 371: ...lts in the generation of Counter Records sFlow Agents collect Counter Records and Packet Flow Records and send them as sFlow datagrams to sFlow Collectors Packet Flow Sampling Packet Flow Sampling carried out by each sFlow instance ensures that any packet observed at a Data Source has an equal chance of being sampled irrespective of the Packet Flow s to which it belongs Packet Flow Sampling is acc...

Page 372: ...RMON Like sFlow RMON is a technology that enables the collection and analysis of a variety of data about network traffic PowerConnect M6220 M6348 M8024 M8024 k switch software includes an RMON probe also known as an RMON agent that collect information and analyze packets The data that is collected is defined in the RMON MIB RFC 2819 RMON is defined in an Internet Engineering Task Force IETF specif...

Page 373: ...and receives The Port Mirroring feature creates a copy of the traffic that the source port handles and sends it to a destination port The source port is the port that is being monitored The destination port is monitoring the source port The destination port is where you would connect a network protocol analyzer to learn more about the traffic that is handled by the source port A port monitoring se...

Page 374: ...ovide information about network performance and utilization This information can be useful in network planning and resource allocation Information about traffic flows can also help troubleshoot problems in the network Default Traffic Monitoring Values The sFlow agent is enabled by default but sampling and polling are disabled on all ports Additionally no sFlow receivers collectors are configured T...

Page 375: ...traffic on a PowerConnect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page sFlow Agent Summary Use the sFlow Agent Summary page to view information about sFlow MIB and the sFlow Agent IP address To display the Agent Summary page click System sFlow Agent Summary in the navigation panel Figure 15 2 sFlow Agent Summary ...

Page 376: ...ceiver to which the switch sends sFlow datagrams You can configure up to eight sFlow receivers that will receive datagrams To display the Receiver Configuration page click System sFlow Receiver Configuration in the navigation panel Figure 15 3 sFlow Receiver Configuration Click Show All to view information about configured sFlow receivers ...

Page 377: ...ration page to configure the sFlow sampling settings for switch ports To display the Sampler Configuration page click System sFlow Sampler Configuration in the navigation panel Figure 15 4 sFlow Sampler Configuration Click Show All to view information about configured sampler data sources ...

Page 378: ... to configure how often a port should collect counter samples To display the Sampler Configuration page click System sFlow Sampler Configuration in the navigation panel Figure 15 5 sFlow Poll Configuration Click Show All to view information about the ports configured to collect counter samples ...

Page 379: ...istics page to display statistics for both received and transmitted packets The fields for both received and transmitted packets are identical To display the page click Statistics RMON Table Views Interface Statistics in the navigation panel Figure 15 6 Interface Statistics ...

Page 380: ...raffic Etherlike Statistics Use the Etherlike Statistics page to display interface statistics To display the page click Statistics RMON Table Views Etherlike Statistics in the navigation panel Figure 15 7 Etherlike Statistics ...

Page 381: ...h Traffic 381 GVRP Statistics Use the GVRP Statistics page to display switch statistics for GVRP To display the page click Statistics RMON Table Views GVRP Statistics in the navigation panel Figure 15 8 GVRP Statistics ...

Page 382: ...play information about EAP packets received on a specific port For more information about EAP see Configuring Port and System Security on page 481 To display the EAP Statistics page click Statistics RMON Table Views EAP Statistics in the navigation panel Figure 15 9 EAP Statistics ...

Page 383: ...3 Utilization Summary Use the Utilization Summary page to display interface utilization statistics To display the page click Statistics RMON Table Views Utilization Summary in the navigation panel Figure 15 10 Utilization Summary ...

Page 384: ...mary Use the Counter Summary page to display interface utilization statistics in numeric sums as opposed to percentages To display the page click Statistics RMON Table Views Counter Summary in the navigation panel Figure 15 11 Counter Summary ...

Page 385: ...e the Switchport Statistics page to display statistical summary information about switch traffic address tables and VLANs To display the page click Statistics RMON Table Views Switchport Statistics in the navigation panel Figure 15 12 Switchport Statistics ...

Page 386: ...the RMON Statistics page to display details about switch use such as packet processing statistics and errors that have occurred on the switch To display the page click Statistics RMON RMON Statistics in the navigation panel Figure 15 13 RMON Statistics ...

Page 387: ... physical port or a port channel you can define how many buckets exist and the time interval between each bucket snapshot To display the page click Statistics RMON RMON History Control in the navigation panel Figure 15 14 RMON History Control Adding a History Control Entry To add an entry 1 Open the RMON History Control page 2 Click Add The Add History Entry page displays ...

Page 388: ...ory of statistics 4 Specify an owner the number of historical buckets to keep and the sampling interval 5 Click Apply to add the entry to the RMON History Control Table To view configured history entries click the Show All tab The RMON History Control Table displays From this page you can remove configured history entries ...

Page 389: ...age to display interface specific statistical network samplings Each table entry represents all counter values compiled during a single sample To display the RMON History Table page click Statistics RMON RMON History Table in the navigation panel Figure 15 16 RMON History Table ...

Page 390: ...hold is crossed for a particular RMON counter The event information can be stored in a log and or sent as a trap to a trap receiver To display the page click Statistics RMON RMON Event Control in the navigation panel Figure 15 17 RMON Event Control Adding an RMON Event To add an event 1 Open the RMON Event Control page 2 Click Add The Add an Event Entry page displays ...

Page 391: ...ick Apply The event is added to the RMON Event Table and the device is updated Viewing Modifying or Removing an RMON Event To manage an event 1 Open the RMON Event Control page 2 Click Show All to display the Event Control Table page 3 To edit an entry a Select the Edit check box in for the event entry to change b Modify the fields on the page as needed 4 To remove an entry select the Remove check...

Page 392: ...itoring Switch Traffic RMON Event Log Use the RMON Event Log page to display a list of RMON events To display the page click Statistics RMON RMON Events Log in the navigation panel Figure 15 19 RMON Event Log ...

Page 393: ...esholds are crossed for the configured RMON counters The alarm triggers an event to occur The events can be configured as part of the RMON Events group For more information about events see RMON Event Log on page 392 To display the page click Statistics RMON RMON Alarms in the navigation panel Figure 15 20 RMON Alarms ...

Page 394: ...Figure 15 21 Add an Alarm Entry 3 Complete the fields on this page as needed Use the help menu to learn more information about the data required for each field 4 Click Apply The RMON alarm is added and the device is updated To view configured alarm entries click the Show All tab The Alarms Table displays From this page you can remove configured alarms ...

Page 395: ... to chart port related statistics on a graph To display the page click Statistics RMON Charts Port Statistics in the navigation panel Figure 15 22 Ports Statistics To chart port statistics select the type of statistics to chart and if desired the refresh rate then click Draw ...

Page 396: ...ge to chart LAG related statistics on a graph To display the page click Statistics RMON Charts LAG Statistics in the navigation panel Figure 15 23 LAG Statistics To chart LAG statistics select the type of statistics to chart and if desired the refresh rate then click Draw ...

Page 397: ...s is mirrored to a destination port To display the Port Mirroring page click Switching Ports Traffic Mirroring Port Mirroring in the navigation panel Figure 15 24 Port Mirroring Configuring a Port Mirror Session To configure port mirroring 1 Open the Port Mirroring page 2 Click Add The Add Source Port page displays 3 Select the port to be mirrored 4 Select the traffic to be mirrored ...

Page 398: ...ck Apply 6 Repeat the previous steps to add additional source ports 7 Click Port Mirroring to return to the Port Mirroring page 8 Enable the administrative mode and specify the destination port Figure 15 26 Configure Additional Port Mirroring Settings 9 Click Apply ...

Page 399: ...p address port Configure the address of the sFlow receiver and optionally the destination UDP port for sFlow datagrams rcvr_index The index of this sFlow receiver Range 1 8 ip address The sFlow receiver IP address port The destination Layer 4 UDP port for sFlow datagrams Range 1 65535 sflow rcvr_index destination owner owner_string timeout timeout Specify the identity string of the receiver and se...

Page 400: ...interface type can be Gigabitethernet gi or Tengigabitethernet te for example gi1 0 3 5 enables polling on ports 3 4 and 5 sampling rate The statistical sampling rate for packet sampling from this source A sampling rate of 1 counts all packets A value of n means that out of n incoming packets 1 packet will be sampled Range 1024 65536 size The maximum number of bytes that should be copied from the ...

Page 401: ...specified receiver show sflow index sampling View information about the configured sFlow sampler instances for the specified receiver Command Purpose configure Enter Global Configuration mode rmon event number log trap community description string owner string Configure an RMON event number The event index Range 1 65535 log Specify that an entry is made in the log table for each event trap communi...

Page 402: ... is used when a rising or falling threshold is crossed Range 1 65535 delta The sampling method for the selected variable and calculating the value to be compared against the thresholds If the method is delta the selected variable value at the last sample is subtracted from the current value and the difference compared with the thresholds absolute The sampling method for the selected variable and c...

Page 403: ...ckets specified for the RMON collection history group of statistics If unspecified defaults to 50 Range 1 65535 seconds The number of seconds in each polling cycle If unspecified defaults to 1800 Range 1 3600 CTRL Z Exit to Privileged EXEC mode show rmon alarms collection history events history log statistics View information collected by the RMON probe Command Purpose show interfaces counters if_...

Page 404: ...or ingress rx or egress tx traffic If you not specify both ingress and egress traffic is monitored monitor session session_number destination interface interface Configure a destination probe port for a monitor session session_number The monitoring session ID which is always 1 interface The Ethernet interface to which the monitored source traffic is copied monitor session session_number mode Enabl...

Page 405: ...r owner string is configured To configure the switch 1 Configure information about the sFlow receiver console configure console config sflow 1 destination 192 168 30 34 console config sflow 1 destination owner receiver1 timeout 100000 2 Configure the polling and sampling information for gigabit Ethernet ports 10 20 console config sflow 1 polling gi1 0 10 15 60 console config sflow 1 sampling gi1 0...

Page 406: ...ource Index Interval gi1 0 10 1 60 gi1 0 11 1 60 gi1 0 12 1 60 gi1 0 13 1 60 gi1 0 14 1 60 gi1 0 15 1 60 gi1 0 23 1 60 console show sflow 1 sampling Sampler Receiver Packet Max Header Data Source Index Sampling Rate Size gi1 0 10 1 8192 128 gi1 0 11 1 8192 128 gi1 0 12 1 8192 128 gi1 0 13 1 8192 128 gi1 0 14 1 8192 128 gi1 0 15 1 8192 128 gi1 0 23 1 8192 128 ...

Page 407: ...compare the MIB counter to the configured rising and falling thresholds If the rise is equal to or greater than 20 event 1 goes into effect To configure the switch 1 Create the event The trap is sent to the private SNMP community console configure console config rmon event 1 description emergency event log trap private 2 Create the alarm console config rmon alarm 1 1 3 6 1 2 1 2 2 1 14 1 30 delta ...

Page 408: ...408 Monitoring Switch Traffic ...

Page 409: ...ptimization Overview iSCSI optimization provides a means of monitoring iSCSI sessions and iSCSI traffic on the switch This is accomplished by monitoring or snooping traffic to detect packets used by iSCSI stations to establish iSCSI sessions and connections Data from these exchanges may optionally be used to create classification rules to assign traffic between the stations to a configured traffic...

Page 410: ... sessions generally use well known TCP ports 3260 or 860 to contact targets When iSCSI optimization is enabled by default the switch identifies IP packets to or from these ports as iSCSI session traffic In addition the switch separately tracks connections associated with a login session ISID dynamically allocated source destination TCP port numbers You can configure the switch to monitor traffic f...

Page 411: ...class queue By default iSCSI flows are assigned to the highest VLAN priority tag or DSCP value mapped to the highest queue not used for stack management or voice VLAN Use the classofservice dot1p mapping command or the Quality of Service Class of Service Mapping Table Configuration page to configure the relevant Class of Service parameters for the queue in order to complete the setting You can con...

Page 412: ...s Target s IP Address ISID Initiator defined session identifier Initiator s IQN iSCSI Qualified Name Target s IQN Initiator s TCP Port Target s TCP Port If no iSCSI traffic is detected for a session for a configurable aging period the session data is cleared ...

Page 413: ...ntified by LLDP It is advisable to enable spanning tree portfast and disable unicast storm control on ports connected to the initiators as well If the iSCSI CoS policy feature is enabled on the switch and an EQL array is detected the switch applies additional iSCSI CoS policies to the EQL inter array traffic on TCP ports 9876 and 25555 If the iSCSI CoS policy is disabled and EQL arrays are present...

Page 414: ... Priority priority configured for iSCSI PFC by the iscsi cos vpt command default priority is 4 The existing application priority entries being transmitted if any will not be disturbed How Does iSCSI Optimization Interact with Dell Compellent Arrays Dell PowerConnect switches support a macro that may be used to configure a port connected to a Dell Compellent storage array The name of the macro is p...

Page 415: ...uto configuration via DCBX the iSCSI packets are classified based on the user priority present in the VLAN tag and in this case enabling iSCSI CoS classification via the iSCSI command set provides no benefit Since EQL iSCSI devices require ETS settings to function correctly with DCBx the PC80xx and M8024 k series PowerConnect switches which do not support ETS should disable DCB when EQL devices ar...

Page 416: ...AN instead of by DSCP values VLAN Priority tag iSCSI flows are assigned by default the highest 802 1p VLAN priority tag mapped to the highest queue not used for stack management or the voice VLAN DSCP When DSCP is selected as the classification iSCSI flows are assigned by default the highest DSCP tag mapped to the highest queue not used for stack management or the voice VLAN Remark Not enabled iSC...

Page 417: ...switch For details about the fields on a page click at the top of the page iSCSI Global Configuration Use the Global Configuration page to allow the switch to snoop for iSCSI sessions connections and to configure QoS treatment for packets where the iSCSI protocol is detected To access the iSCSI Global Configuration page click System iSCSI Global Configuration in the navigation panel Figure 16 1 iS...

Page 418: ...figure iSCSI targets on the switch To access the Targets Table page click System iSCSI Targets in the navigation panel Figure 16 2 iSCSI Targets Table To add an iSCSI Target click Add at the top of the page and configure the relevant information about the iSCSI target Figure 16 3 Add iSCSI Targets ...

Page 419: ...an iSCSI initiator and iSCSI target communicate over one or more TCP connections The maximum number of iSCSI sessions is 192 Redundant MPIO paths may not be accounted for in the iSCSI sessions table if a separate iSCSI login is not issued during establishment of the session To access the Sessions Table page click System iSCSI Sessions Table in the navigation panel Figure 16 4 iSCSI Sessions Table ...

Page 420: ...tailed Use the Sessions Detailed page to view detailed information about an iSCSI sessions that the switch has discovered To access the Sessions Detailed page click System iSCSI Sessions Detailed in the navigation panel Figure 16 5 iSCSI Sessions Detail ...

Page 421: ...SCSI target port and optionally address and name tcp port n TCP port number or list of TCP port numbers on which the iSCSI target listens to requests Up to 16 TCP ports can be defined in the system in one command or by using multiple commands ip address IP address of the iSCSI target When the no form of this command is used and the tcp port to be deleted is one bound to a specific IP address the a...

Page 422: ...cp The VLAN Priority Tag or DSCP value to assign received iSCSI session packets remark Mark the iSCSI frames with the configured DSCP value when egressing the switch iscsi aging time time Optionally set aging time range 1 43 200 seconds for iSCSI connections When all connections associated with a session are aged out the session is deleted exit Exit to Privilege Exec mode show iscsi Display iSCSI ...

Page 423: ...n steps required Configuring iSCSI Optimization Between Servers and a Disk Array Figure 16 6 illustrates a stack of three PowerConnect M6220 M6348 M8024 and M8024 k switches connecting two servers iSCSI initiators to a disk array iSCSI targets An iSCSI application running on the management unit the top unit in the diagram has installed priority filters to ensure that iSCSI traffic that is part of ...

Page 424: ... console config iscsi cos enable console config exit The default target port and IP address criteria is used to determine which packets are snooped for iSCSI session data ports 860 and 3260 any IP address 3 If the array is a Compellent storage array execute the Compellent macro on the ports attached to the array console config console config macro global apply profile compellent nas interface_name...

Page 425: ...rnet during their stay The hotel might charge for Internet use or the hotel might allow guests to connect only after they indicate that they have read and agree to the acceptable use policy What Does Captive Portal Do The Captive Portal feature allows you to require a user to enter login information on a custom Web page before gaining access to the network When the user connects to the port and op...

Page 426: ...n a RADIUS server Is the Captive Portal Feature Dependent on Any Other Feature If you require RADIUS authentication you must configure the RADIUS server information on the switch see Using RADIUS Servers to Control Management Access on page 196 You must also configure the RADIUS attributes for Captive Portal users on the RADIUS server For information about the RADIUS attributes to configure see Ta...

Page 427: ... password and another that only requires the username For each Captive Portal you can customize the welcome screen including the colors and logo If you require authentication consider the number of users that must exist in the user database The local user database supports up to 128 users If you need to support more than 128 authenticated users you must use a remote RADIUS server for authenticatio...

Page 428: ...If an unverified client opens a web browser and tries to connect to the network the Captive Portal redirects all the HTTP HTTPS traffic from the unverified clients to the authenticating server on the switch A Captive Portal web page is sent back to the unverified client If the verification mode for the Captive Portal associated with the port is Guest the client can be verified without providing au...

Page 429: ...gh the captive portal to explicitly deauthenticate from the network When User Logout Mode is disabled or the user does not specifically request logout the connection status will remain authenticated until the Captive Portal deauthenticates the user based on the configured session timeout value In order for the user logout feature to function properly the client browser must have JavaScript enabled...

Page 430: ...e in the Username field selects the Acceptance Use Policy check box and clicks Connect to gain network access By default the user does not need to be defined in a database or enter a password to access the network because the default verification mode is Guest Note that duplicate Username entries can exist in this mode because the client IP and MAC addresses are obtained for identification Table 1...

Page 431: ...ocal Users None configured Interface associations None Interface status Not blocked If the Captive Portal is blocked users cannot gain access to the network through the Captive Portal Use this function to temporarily protect the network during unexpected events such as denial of service attacks Supported Captive Portal users 1024 Supported local users 128 Supported Captive Portals 10 Table 17 1 De...

Page 432: ...or details about the fields on a page click at the top of the page Captive Portal Global Configuration Use the Captive Portal Global Configuration page to control the administrative state of the Captive Portal feature and configure global settings that affect all captive portals configured on the switch To display the Captive Portal Global Configuration page click System Captive Portal Global Conf...

Page 433: ...rtals The switch supports 10 Captive Portal configurations Captive Portal configuration 1 is created by default and cannot be deleted Each captive portal configuration can have unique guest or group access modes and a customized acceptance use policy that displays when the client connects To display the Captive Portal Configuration page click System Captive Portal Configuration Figure 17 5 Captive...

Page 434: ... click Add to create a new Captive Portal instance Figure 17 6 Add Captive Portal Configuration From the Captive Portal Configuration page click Summary to view summary information about the Captive Portal instances configured on the switch Figure 17 7 Captive Portal Summary ...

Page 435: ...nks to the Captive Portal customization appear 2 Click Download Image to download one or more custom images to the switch You can use a downloaded custom image for the branding logo default Dell logo on the Authentication Page and Logout Success page the account image default blue banner with keys on the Authentication Page and the background image default blank on the Logout Success Page Figure 1...

Page 436: ...d is located and select the image 5 Click Apply to download the selected file to the switch 6 To customize the Authentication Page which is the page that a user sees upon attempting to connect to the network click the Authentication Page link Figure 17 9 Captive Portal Authentication Page ...

Page 437: ...tal Logout Page 10 Customize the look and feel of the Logout Page such as the page title and logout instructions 11 Click Apply to save the settings to the running configuration or click Preview to view what the user will see To return to the default views click Clear 12 Click the Logout Success Page link to configure the page that contains the logout window A user is required to logout only if th...

Page 438: ...password that must first be validated against a local database or RADIUS server Authorized users can gain network access once the switch confirms the user s credentials By default each Captive Portal instance contains the default group The default group can be renamed or a different group can be created and assigned to each Captive Portal instance A Captive Portal instance can be associated to one...

Page 439: ...o users have been added to the switch many of the fields do not display on the screen Figure 17 12 Local User Configuration From the Local User page click Add to add a new user to the local database NOTE Multiple user groups can be selected by holding the CTRL key down while clicking the desired groups ...

Page 440: ...al User page click Show All to view summary information about the local users configured in the local database Figure 17 14 Captive Portal Local User Summary To delete a configured user from the database select the Remove check box associated with the user and click Apply ...

Page 441: ...e column and are comma delimited vendor ID attribute ID Table 17 2 Captive Portal User RADIUS Attributes Attribute Number Description Range Usage Default User Name 1 User name to be authorized 1 32 characters Required None User Password 2 User password 8 64 characters Required None Session Timeout 27 Logout once session timeout is reached seconds If the attribute is 0 or not present then use the v...

Page 442: ...or RADIUS you assign a User Group to a Captive Portal Configuration All users who belong to the group are permitted to access the network through this portal The User Group list is the same for all Captive Portal configurations on the switch To display the User Group page click System Captive Portal User Group Figure 17 15 User Group ...

Page 443: ...roup Figure 17 16 Add User Group From the User Group page click Show All to view summary information about the user groups configured on the switch Figure 17 17 Captive Portal User Group Summary To delete a configured group select the Remove check box associated with the group and click Apply ...

Page 444: ...rtal can have multiple interfaces associated with it but an interface can be associated to only one Captive Portal at a time To display the Interface Association page click System Captive Portal Interface Association Figure 17 18 Captive Portal Interface Association NOTE When you associate an interface with a Captive Portal the interface is disabled in the Interface List Each interface can be asso...

Page 445: ...ins a variety of information about the Captive Portal feature From the Captive Portal Global Status page you can access information about the Captive Portal activity and interfaces To display the Global Status page click System Captive Portal Status Global Status Figure 17 19 Captive Portal Global Status ...

Page 446: ... you select a captive portal the activation and activity status for that portal displays To display the Activation and Activity Status page click System Captive Portal Status Activation and Activity Status Figure 17 20 Captive Portal Activation and Activity Status NOTE Use the Block and Unblock buttons to control the blocked status If the Captive Portal is blocked users cannot gain access to the n...

Page 447: ...erface Activation Status page shows information for every interface assigned to a captive portal instance To display the Interface Activation Status page click System Captive Portal Interface Status Interface Activation Status Figure 17 21 Interface Activation Status ...

Page 448: ... status information for various capabilities Specifically this page indicates what services are provided through the Captive Portal to clients connected on this interface The list of services is determined by the interface capabilities To display the Interface Capability Status page click System Captive Portal Interface Status Interface Capability Status Figure 17 22 Interface Capability Status ...

Page 449: ...to disconnect one or more authenticated clients The list of clients is sorted by client MAC address To display the Client Summary page click System Captive Portal Client Connection Status Client Summary Figure 17 23 Client Summary To force the captive portal to disconnect an authenticated client select the Remove check box next to the client MAC address and click Apply To disconnect all clients fr...

Page 450: ... The Client Detail page shows detailed information about each client connected to the network through a captive portal To display the Client Detail page click System Captive Portal Client Connection Status Client Detail Figure 17 24 Client Detail ...

Page 451: ...Status Use the Interface Client Status page to view clients that are authenticated to a specific interface To display the Interface Client Status page click System Captive Portal Client Connection Status Interface Client Status Figure 17 25 Interface Client Status ...

Page 452: ...atus Use the Client Status page to view clients that are authenticated to a specific Captive Portal configuration To display the Client Status page click System Captive Portal Client Connection Status Client Status Figure 17 26 Captive Portal Client Status ...

Page 453: ...monitor Use this command on networks that use an HTTP proxy server port num The port number to monitor Range 1 65535 excluding ports 80 443 and the configured switch management port https port port num Optional Configure an additional HTTPS port for Captive Portal to monitor Use this command on networks that use an HTTPS proxy server port num The port number to monitor Range 1 65535 excluding port...

Page 454: ...ptive Portal configuration identified by CP ID 1 is the default CP configuration name string Add a name to the Captive Portal instance string CP configuration name Range 1 32 characters protocol http https Specify whether to use HTTP or HTTPs during the Captive Portal user verification process verification guest local radius Specify how to process user credentials the user enters on the verificati...

Page 455: ...tication through the Captive Portal url The URL for redirection Range 1 512 characters group group number For Local and RADIUS verification Configure the group number associated with this Captive Portal configuration By default only the default group exists To assign a different user group to the Captive Portal instance you must first configure the group group number The number of the group to ass...

Page 456: ...nce cp id The Captive Portal instance Range 1 10 status View additional information about the Captive Portal instance interface View information about the interface s associated with the specified Captive Portal show captive portal interface configuration cp id status View information about the interfaces associated with the specified Captive Portal instance cp id The Captive Portal instance Range...

Page 457: ...up name Range 1 32 characters user user id name name Create a new user for the local user authentication database user id User ID Range 1 128 name user name Range 1 32 characters user user id password password Configure the password for the specified user user id User ID Range 1 128 password User password Range 8 64 characters user user id group group id Associate a group with a Captive Portal use...

Page 458: ...d User ID Range 1 128 clear captive portal users Optional Delete all captive portal user entries from the local database Command Purpose show captive portal configuration cp id client status Display information about the clients authenticated to all Captive Portal configurations or a to specific configuration cp id The Captive Portal instance Range 1 10 show captive portal interface interface clie...

Page 459: ...cides to configure the three Captive Portals Table 17 3 describes Table 17 3 Captive Portal Instances Captive Portal Name Description Guest Free Internet access is provided in each guest room but guests must enter a name and agree to the acceptable use policy before they can gain access The manager wants guests to be redirected to the resort s home web page upon successful verification No logout i...

Page 460: ...he images you download must be accessible from the switch either on the system you use to manage the switch or on a server that is on the same network as the switch 7 Customize the authentication logout and logout success web pages that a Captive Portal user will see Dell recommends that you use Use Dell OpenManage Administrator to customize the Captive Portal authentication logout and logout succ...

Page 461: ...roup 2 name Conference console config CP user group 3 name Employee console config CP exit 3 Configure the Guest Captive Portal console config captive portal console config CP configuration 2 console config CP 2 name Guest console config CP 2 redirect console config CP 2 redirect url http www luxuryresorturl com console config CP 2 interface gi1 0 1 console config CP 2 interface gi1 0 2 console co...

Page 462: ...sers to the local database console config CP user 1 name EaglesNest1 console config CP user 1 password Enter password 8 to 64 characters Re enter password console config CP user 1 group 2 Continue entering username and password combinations to populate the local database 8 Add the User Name User Password Session Timeout and Dell Captive Portal Groups attributes for each employee to the database on...

Page 463: ...t M6220 M6348 M8024 and M8024 k switches support both external and internal ports The external ports connect devices such as PCs or servers to the switch by using cables The internal ports are used to connect to server blades in the chassis The number and type of physical ports available on your PowerConnect M6220 M6348 M8024 M8024 k switch depends on the model What Physical Port Characteristics C...

Page 464: ... partner Speed Specifies the transmission rate for frames Duplex mode Specifies whether the interface supports transmission between the switch and the connected client in one direction at a time half or both directions simultaneously both Maximum frame size Indicates the maximum frame size that can be handled by the port Flow control This is a global setting that affects all ports For more informa...

Page 465: ... a link dependency group with the up link action essentially creates a backup link for the dependent link and alleviates the need to implement STP to handle the fail over Link Dependency Scenarios The Link Dependency feature supports the scenarios in the following list Port dependent on port If a port loses the link the switch brings up down the link on another port Port dependent on LAG If all po...

Page 466: ...ge 867 Loopback interfaces For more information see Configuring Routing Interfaces on page 867 The PowerConnect M6220 M8024 and M8024 k include expansion slots that support optional modules that can provide additional physical ports For information about the expansion slots and the supported modules for each switch see PowerConnect M6220 M6348 M8024 and M8024 k Front Panel on page 87 What is Inter...

Page 467: ...nsole config interface tengigabitEthernet 3 0 6 To enter Interface Configuration mode for port 1 on a 10 Gigabit Ethernet module in slot 1 use the following command console config interface tengigabitEthernet 1 1 1 For many features you can configure a range of interfaces When you enter Interface Configuration mode for multiple interfaces the commands you execute apply to all interfaces specified ...

Page 468: ...istics NOTE You can switch to another interface or range of interfaces by entering the interface command while in Interface Configuration mode It is not necessary to exit Interface Configuration mode to select a different interface ...

Page 469: ...racteristics that this chapter describes Table 18 2 Default Port Values Feature Description Administrative status All ports are enabled Description None defined Auto negotiation Enabled Speed Auto negotiate Duplex mode Auto negotiate Flow control Enabled Maximum frame size 1518 Link Dependency None configured ...

Page 470: ...ing and monitoring port characteristics on a PowerConnect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page Port Configuration Use the Port Configuration page to define port parameters To display the Port Configuration page click Switching Ports Port Configuration in the navigation panel Figure 18 1 Port Configuration ...

Page 471: ...Ports list select the check box in the Edit column for the port to configure 4 Select the desired settings 5 Click Apply Figure 18 2 Configure Port Settings 6 Select the Copy Parameters From check box and select the port with the settings to apply to other ports 7 In the Ports list select the check box es in the Copy To column that will have the same settings as the port selected in the Copy Param...

Page 472: ...472 Configuring Port Characteristics In the following example Ports 3 4 and 5 will be updated with the settings that are applied to Port 1 Figure 18 3 Copy Port Settings 8 Click Apply ...

Page 473: ...n page click Switching Link Dependency Configuration in the navigation panel Figure 18 4 Link Dependency Configuration Creating a Link Dependency Group To create link dependencies 1 Open the Link Dependency Configuration page 2 In the Group ID field select the ID of the group to configure 3 Specify the link action 4 To add a port to the Member Ports column click the port in the Available Ports col...

Page 474: ...ble Ports column and then click the button to the right of the Available Ports column In the following example Group 1 is configured so that Port 3 is dependent on Port 4 Figure 18 5 Link Dependency Group Configuration 6 Click Apply The Link Dependency settings for the group are modified and the device is updated ...

Page 475: ...lays the groups whether they have been configured or not To display the Link Dependency Summary page click Switching Link Dependency Link Dependency Summary in the navigation panel Figure 18 6 Link Dependency Summary To configure a group click the Modify link associated with the ID of the group to configure Clicking the Modify link takes you to the Link Dependency Configuration page The Group ID i...

Page 476: ...ple gigabitethernet 1 0 3 You can also specify a range of interfaces with the interface range command for example interface range gigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 description string Add a description to the port The text string can be from1 64 characters shutdown Administratively disable the interface speed 10 100 1000 10000 auto 100 1000 10000 Configure the speed of...

Page 477: ...n View a summary of the configuration for all ports show interfaces advertise View a summary of the speeds that are advertised on each port show interfaces description View configured descriptions for all ports show interfaces detail interface View detailed information about the specified port Command Purpose configure Enter Global Configuration mode link dependency group group_id Enter the link d...

Page 478: ... the member ports take when the dependent link goes down down When the dependent link is down the group members are down the members are up otherwise up When the dependent link goes down the group members are brought up the members are down otherwise CTRL Z Exit to Privileged EXEC mode show link dependency group group_id View link dependency settings for all groups or for the specified group along...

Page 479: ...d duplex settings for the port console config if Gi1 0 1 speed 100 console config if Gi1 0 1 duplex full console config if Gi1 0 1 exit 3 Enter Interface Configuration mode for ports 10 11 12 20 and 24 console config interface range gigabitEthernet 1 0 10 12 1 0 20 1 0 24 4 Enable jumbo frame support on the interfaces console config if mtu 9216 console config if CTRL Z 5 View summary information a...

Page 480: ...switch 1 Enter the configuration mode for Group 1 console configure console config link dependency group 1 2 Configure the member and dependency information for the group console config linkDep group 1 add gigabitethernet 1 0 3 console config linkDep group 1 depends on gigabitethernet 1 0 4 console config linkDep group 1 exit 3 Enter the configuration mode for Group 2 console config link dependenc...

Page 481: ...ss is permitted only to authorized devices clients Port MAC locking is used to enable security on a per port basis When a port is locked only packets with allowable source MAC addresses can be forwarded All other packets are discarded Port MAC locking allows a configurable limit to the number of source MAC addresses that can be learned on a port The topics covered in this chapter include IEEE 802 ...

Page 482: ...ent connected to the authenticated port that requests access to the network Authenticator The network device that prevents network access prior to authentication Authentication Server The network server such as a RADIUS server that performs the authentication on behalf of the authenticator and indicates whether the user is authorized to access system services Figure 19 1 shows the 802 1X network c...

Page 483: ... page 196 What are the 802 1X Port States The 802 1X port state determines whether to allow or prevent network traffic on the port A port can configured to be in one of the following 802 1X control modes Auto default MAC based Force authorized Force unauthorized These modes control the behavior of the port The port state is either Authorized or Unauthorized If the port is in the authorized state t...

Page 484: ...wable MAC address and corresponding access rights of the client must be pre populated in the authentication server When a port configured for MAB receives traffic from an unauthenticated client the switch Authenticator Sends a EAP Request packet to the unauthenticated client Waits a pre determined period of time for a response Retries resends the EAP Request packet up to three times Considers the ...

Page 485: ...nding on whether the host authenticates fails the authentication or is a guest The RADIUS server informs the switch of the selected VLAN as part of the authentication Authenticated and Unauthenticated VLANs Hosts that authenticate normally use a VLAN that includes access to network resources Hosts that fail the authentication might be denied access to the network or placed on a quarantine VLAN wit...

Page 486: ...nauthenticated users This feature provides a mechanism to allow users access to hosts on the guest VLAN For example a company might provide a guest VLAN to visitors and contractors to permit network access that allows visitors to connect to external network resources such as the Internet with no ability to browse information on the internal LAN In port based 802 1X mode when a client that does not...

Page 487: ...t can be enabled in conjunction with 802 1X authentication Monitor mode provides a way for network administrators to identify possible issues with the 802 1X configuration on the switch without affecting the network access to the users of the switch It allows network access even in case where there is a failure to authenticate but logs the results of the authentication process for diagnostic purpo...

Page 488: ...N Unauth RADIUS Timeout Default behavior Port State Deny Port State Permit VLAN Default PVID of the port Unauth VLAN enabled Port State Deny Port State Permit VLAN Unauth EAPOL Timeout Default behavior Port State Deny Port State Permit 3 EAPOL Timeout Guest VLAN timer expiry or MAB timer expiry Guest VLAN enabled Port State Permit VLAN Guest Port State Permit VLAN Guest MAB Success Case Port State...

Page 489: ...entication Server The Internal Authentication Server IAS is a dedicated database for localized authentication of users for network access through 802 1X In this database the switch maintains a list of username and password combinations to use for 802 1X authentication You can manually create entries in the database or you can upload the IAS information to the switch If the authentication method fo...

Page 490: ...Seconds between reauthentication attempts 3600 Authentication server timeout 30 seconds Resending EAP identity Request 30 seconds Quiet period 60 seconds Supplicant timeout 30 seconds Max EAP request 2 times Maximum number of supplicants per port for MAC based authentication mode 16 Guest VLAN Disabled Unauthenticated VLAN Disabled Dynamic VLAN creation Disabled RADIUS assigned VLANs Disabled IAS ...

Page 491: ...nect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page Dot1x Authentication Use the Dot1x Authentication page to configure the 802 1X administrative mode on the switch and to configure general 802 1X parameters for a port To display the Dot1x Authentication page click Switching Network Security Dot1x Authentication Authentication in the navigation...

Page 492: ...tings to change for all ports that are selected for editing Figure 19 3 Configure Dot1x Settings 5 Click Apply Re Authenticating One Port To reauthenticate a port 1 Open the Dot1x Authentication page 2 Click Show All The Dot1x Authentication Table displays 3 Check Edit to select the Unit Port to re authenticate 4 Check Reauthenticate Now 5 Click Apply The authentication process is restarted on the...

Page 493: ...e the administrative port control 1 Open the Dot1x Authentication page 2 Click Show All The Dot1x Authentication Table displays 3 Scroll to the right side of the table and select the Edit check box for each port to configure Change Admin Port Control to Authorized Unauthorized or Automode as needed for chosen ports Only MAC Based and Automode actually use 802 1X to authenticate Authorized and Unau...

Page 494: ...assigned VLANs and to enable Monitor Mode to help troubleshoot 802 1X configuration issues To display the Port Access Control Configuration page click Switching Network Security Dot1x Authentication Monitor Mode Port Access Control Configuration in the navigation panel NOTE The VLAN Assignment Mode field is the same as the Admin Mode field on the System Management Security Authorization Network RA...

Page 495: ...o view log messages about 802 1X client authentication attempts The information on this page can help you troubleshoot 802 1X configuration issues To display the Port Access Control History Log Summary page click Port Access Control Configuration page click Switching Network Security Dot1x Authentication Monitor Mode Port Access Control History Log Summary in the navigation panel ...

Page 496: ...s Configuration Use the Internal Authentication Server Users Configuration page to add users to the local IAS database and to view the database entries To display the Internal Authentication Server Users Configuration page click System Management Security Internal Authentication Server Users Configuration in the navigation panel ...

Page 497: ...To add IAS users 1 Open the Internal Authentication Server Users Configuration page 2 Click Add to display the Internal Authentication Server Users Add page 3 Specify a username and password in the appropriate fields NOTE If no users exist in the IAS database the IAS Users Configuration Page does not display the fields shown in the image ...

Page 498: ...thentication Server Users Table page click Show All Removing an IAS User To delete an IAS user 1 Open the Internal Authentication Server Users Configuration page 2 From the User menu select the user to remove select the user to remove 3 Select the Remove check box Figure 19 9 Removing an IAS User 4 Click Apply ...

Page 499: ...er Global Configuration mode aaa accounting dot1x default Sets 802 1X accounting to the default operational mode aaa authentication dot1x default method1 Specify the authentication method to use to authenticate 802 1X clients that connect to the switch method1 The method keyword can be radius none or ias dot1x system auth control Globally enable 802 1X authentication on the switch interface interf...

Page 500: ...on of the client force unauthorized Denies all access through this interface by forcing the port to transition to the unauthorized state ignoring all attempts by the client to authenticate The switch cannot provide authentication services to the client through the interface mac based Enables 802 1X authentication on the interface and allows multiple hosts to authenticate on a single port The hosts...

Page 501: ...the specified interface The interface variable includes the interface type and number for example gigabitethernet 1 0 3 You can also specify a range of interfaces with the interface range command for example interface range gigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 dot1x reauthentication Enable periodic re authentication of the client dot1x timeout re authperiod seconds Set t...

Page 502: ...s supported on the port when MAC based 802 1X authentication is enabled on the port CTRL Z Exit to Privileged EXEC mode dot1x re authenticate interface Manually initiate the re authentication of all 802 1X enabled ports or on the specified 802 1X enabled port The interface variable includes the interface type and number dot1x initialize interface Start the initialization sequence on all ports or o...

Page 503: ... for example interface range gigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 dot1x guest vlan vlan id Specify the guest VLAN dot1x unauth vlan vlan id Specify the unauthenticated VLAN The VLAN must already have been created CTRL Z Exit to Privileged EXEC mode show dot1x advanced interface View the current 802 1X configuration NOTE When dynamically creating VLANs the uplink port sho...

Page 504: ... to access the network through the switch ports The administrator must configure the following settings on systems other than the switch before configuring the switch 1 Add the users to the client database on the Authentication Server such as a RADIUS server with Cisco Secure Access Control Server ACS software 2 Configure the settings on the client such a PC running Microsoft Windows to require 80...

Page 505: ...ication which allows multiple hosts to authenticate on a single port The hosts are distinguished by their MAC addresses and hosts authenticate separately with the RADIUS server Port 9 is connected to a server in a part of the network that has secure physical access i e the doors to the wiring closet and data center are locked so this port is set to the Authorized state meaning that the device conn...

Page 506: ...er key secret console config exit 2 Enable 802 1X port based access control on the switch console config dot1x system auth control 3 Configure ports 9 and 24 to be in the Authorized state which allows the devices to connect to these ports to access the switch services without authentication console config interface range gi1 0 9 gi1 0 24 Authentication Server RADIUS LAN PowerConnect Switch Server ...

Page 507: ...onsole config if Gi1 0 8 dot1x port control mac based console config if Gi1 0 8 dot1x max users 2 7 Set Port 8 to switchport mode general The port must be in general mode in order to enable MAC based 802 1X authentication console config if Gi1 0 8 switchport mode general console config if Gi1 0 8 exit console config exit 8 View the client connection status When the clients on Ports 1 3 and 7 suppl...

Page 508: ...w a summary of the port status console show dot1x Administrative Mode Enabled Port Admin Oper Reauth Reauth Mode Mode Control Period Gi1 0 1 auto Authorized FALSE 3600 Gi1 0 2 auto N A FALSE 3600 Gi1 0 3 auto Authorized FALSE 3600 Gi1 0 4 auto N A FALSE 3600 Gi1 0 5 auto N A FALSE 3600 Gi1 0 6 auto N A FALSE 3600 Gi1 0 7 mac based Authorized FALSE 3600 Gi1 0 8 mac based N A FALSE 3600 Gi1 0 9 forc...

Page 509: ...ing Authentication Based VLAN Assignment The network in this example uses three VLANs to control access to network resources When a client connects to the network it is assigned to a particular VLAN based on one of the following events It attempts to contact the 802 1X server and is authenticated It attempts to contact the 802 1X server and fails to authenticate It does not attempt to contact the ...

Page 510: ... the downlink or access ports ports connected to one or more hosts Ports 1 23 are downstream ports Port 24 is an uplink port An external RADIUS server handles the VLAN assignment NOTE Dynamic VLAN creation applies only to authorized ports The VLANs for unauthorized and guest users must be configured on the switch and cannot be dynamically created based on RADIUS based VLAN assignment NOTE The conf...

Page 511: ...onsole config radius server key qwerty123 console config radius server host 10 10 10 10 console Config auth radius exit 3 Enable 802 1X on the switch console config dot1x system auth control 4 Create a default authentication login list and use the RADIUS server for port based authentication for connected clients console config aaa authentication dot1x default radius 5 Allow the switch to accept VL...

Page 512: ...00 10 Set the guest VLAN on the ports to VLAN 300 This command automatically enables the Guest VLAN Mode on the downlink ports Any client that connects to the port and does not attempt to authenticate is placed on the guest VLAN console config if dot1x guest vlan 300 console config if exit 11 Enter Interface Configuration mode for port 24 the uplink trunk port console config interface gi1 0 24 12 ...

Page 513: ... be forwarded on the trunk port even if the RADIUS server assigns a connected host to a VLAN in this range and the switch dynamically creates the VLAN To configure the switch 1 Configure information about the external RADIUS server the switch uses to authenticate clients The RADIUS server IP address is 10 10 10 10 and the shared secret is qwerty123 console config radius server key qwerty123 consol...

Page 514: ...tication exchange required This port does not connect to any end users so there is no need for 802 1X based authentication console config if Gi1 0 24 dot1x port control force authorized 10 Set the uplink port to trunk mode so that it accepts tagged traffic and transmits it to the connected device another switch or router console config if Gi1 0 24 switchport mode trunk 11 Forbid the trunk from for...

Page 515: ...erv service policy command to apply the filter to an interface if you configure the RADIUS server or 802 1X authenticator to assign the DiffServ filter In the following example Company XYZ uses IEEE 802 1X to authenticate all users Contractors and temporary employees at Company XYZ are not permitted to have access to SSH ports and data rates for Web traffic is limited When a contractor is authenti...

Page 516: ...onsole config policy classmap exit console config policy map class cl http console config policy classmap police simple 1000000 64 conform action transmit violate action drop console config policy classmap exit console config policy map exit 4 Enable DiffServ on the switch console config diffserv 5 Configure information about the external RADIUS server the switch uses to authenticate clients The R...

Page 517: ...ports 1 23 and enable MAC based authentication console config interface range gi1 0 1 23 console config if dot1x port control mac based 9 Set the ports to an 802 1Q VLAN The ports must be in general mode in order to enable MAC based 802 1X authentication console config if switchport mode general console config if exit console config exit ...

Page 518: ...ctive on a port you can set the number of allowable dynamic addresses to one After the MAC address of the first device is learned no other devices will be allowed to forward frames into the network When link goes down on a port all of the dynamically locked addresses are cleared from the source MAC address table the feature maintains When the link is restored that port can once again learn address...

Page 519: ... of the page Port Security Use the Port Security page to enable MAC locking on a per port basis When a port is locked you can limit the number of source MAC addresses that are allowed to transmit traffic on the port To display the Port Security page click Switching Network Security Port Security in the navigation panel Figure 19 11 Network Security Port Security Configuring Port Security Settings ...

Page 520: ...em Security 3 In the Ports list select the check box in the Edit column for the port to configure 4 Select the desired settings for all ports that are selected for editing Figure 19 12 Configure Port Security Settings 5 Click Apply ...

Page 521: ... 10 11 and 12 port security discard trap seconds Enable port security on the port This prevents the switch from learning new addresses on this port after the maximum number of addresses has been learned discard Discards frames with unlearned source addresses This is the default if no option is indicated trap seconds Sends SNMP traps and defines the minimal amount of time in seconds between two con...

Page 522: ...ies which would interrupt the service of a host or make a network unstable Use the Denial of Service page to configure settings to help prevent DoS attacks DoS protection is disabled by default To display the Denial of Service page click System Management Security Denial of Service in the navigation panel Figure 19 13 Denial of Service ...

Page 523: ... provide traffic flow control restrict contents of routing updates and decide which types of traffic are forwarded or blocked ACLs can reside in a firewall router a router connecting two internal networks or a Layer 3 switch such as a PowerConnect M6220 M6348 M8024 M8024 k switch You can also create an ACL that limits access to the management interfaces based on the connection method for example T...

Page 524: ...s 3 and 4 PowerConnect M6220 M6348 M8024 and M8024 k switches support both IPv4 and IPv6 ACLs What Are MAC ACLs MAC ACLs are Layer 2 ACLs You can configure the rules to inspect the following fields of a packet Source MAC address Source MAC mask Destination MAC address Destination MAC mask VLAN ID Class of Service CoS 802 1p EtherType L2 ACLs can apply to one or more interfaces Multiple access list...

Page 525: ...unction The redirect function allows traffic that matches a permit rule to be redirected to a specific physical port or LAG instead of processed on the original port The redirect function and mirror function are mutually exclusive In other words you cannot configure a given ACL rule with mirror and redirect attributes What Is the ACL Mirror Function ACL mirroring provides the ability to mirror tra...

Page 526: ...hin an ACL for a predefined time interval by specifying a time range on a per rule basis within an ACL so that the time restrictions are imposed on the ACL rule With a time based ACL you can define when and for how long an individual rule of an ACL is in effect To apply a time to an ACL first you define a specific time interval and then apply it to an individual ACL rule so that it is operational ...

Page 527: ... with 1023 ingress and 511 egress IPv4 rules or 509 ingress and 253 egress IPv6 rules You can configure mirror or redirect attributes for a given ACL rule but not both The PowerConnect M6220 M6348 M8024 and M8024 k switches support a limited number of counter resources so it may not be possible to log every ACL rule You can define an ACL with any number of logging rules but the number of rules tha...

Page 528: ...y an IP protocol should also specify the EtherType value for the frame In general any rule that specifies matching on an upper layer protocol field should also include matching constraints for each of the lower layer protocols For example a rule to match packets directed to the well known UDP port number 22 SSH should also include matching constraints on the IP protocol field protocol 0x11 or UDP ...

Page 529: ...870 Jumbo frames 0x888E EAP over LAN EAPOL 802 1x 0x88CC Link Layer Discovery Protocol 0x8906 Fibre Channel over Ethernet 0x8914 FCoE Initialization Protocol 0x9100 Q in Q Table 20 2 Common IP Protocol Numbers IP Protocol Number Protocol 0x00 IPv6 Hop by hop option 0x01 ICMP 0x02 IGMP 0x06 TCP 0x08 EGP 0x09 IGP 0x11 UDP Table 20 1 Common EtherType Numbers Continued EtherType Protocol ...

Page 530: ...s on a page click at the top of the page IP ACL Configuration Use the IP ACL Configuration page to add or remove IP based ACLs To display the IP ACL Configuration page click Switching Network Security Access Control Lists IP Access Control Lists Configuration in the navigation panel Figure 20 1 IP ACL Configuration Adding an IPv4 ACL To add an IPv4 ACL 1 Open the IP ACL Configuration page 2 Click ...

Page 531: ... Apply Removing IPv4 ACLs To delete an IPv4 ACL 1 From the IP ACL Name menu on the IP ACL Configuration page select the ACL to remove 2 Select the Remove checkbox 3 Click Apply Viewing IPv4 ACLs To view configured ACLs click Show All from the IP ACL Configuration page ...

Page 532: ...n traffic to a particular queue filter on some traffic change VLAN tag shut down a port and or redirect the traffic to a particular port To display the IP ACL Rule Configuration page click Switching Network Security Access Control Lists IP Access Control Lists Rule Configuration in the navigation panel NOTE There is an implicit deny all rule at the end of an ACL list This means that if an ACL is a...

Page 533: ...gure 20 4 IP ACL Rule Configuration Removing an IP ACL Rule To delete an IP ACL rule 1 From the Rule ID menu select the ID of the rule to delete 2 Select the Remove option near the bottom of the page 3 Click Apply to remove the selected rule ...

Page 534: ...isplay the MAC ACL Configuration page click Switching Network Security Access Control Lists MAC Access Control Lists Configuration in the navigation panel Figure 20 5 MAC ACL Configuration Adding a MAC ACL To add a MAC ACL 1 Open the MAC ACL Configuration page 2 Click Add to display the Add MAC ACL page 3 Specify an ACL name ...

Page 535: ...rom the MAC ACL Name menu on the MAC ACL Configuration page select the ACL to rename or remove 2 To rename the ACL select the Rename checkbox and enter a new name in the associated field 3 To remove the ACL select the Remove checkbox 4 Click Apply Viewing MAC ACLs To view configured ACLs click Show All from the MAC ACL Configuration page ...

Page 536: ...A default deny all rule is the last rule of every list To display the MAC ACL Rule Configuration page click Switching Network Security Access Control Lists MAC Access Control Lists Rule Configuration in the navigation panel Figure 20 7 MAC ACL Rule Configuration Removing a MAC ACL Rule To delete a MAC ACL rule 1 From the Rule ID menu select the ID of the rule to delete 2 Select the Remove option n...

Page 537: ...y the IP ACL Configuration page click Switching Network Security Access Control Lists IPv6 Access Control Lists IPv6 ACL Configuration in the navigation panel Figure 20 8 IPv6 ACL Configuration Adding an IPv6 ACL To add an IPv6 ACL 1 Open the IPv6 ACL Configuration page 2 Click Add to display the Add IPv6 ACL page 3 Specify an ACL name ...

Page 538: ...on page to define rules for IPv6 based ACLs The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded Additionally you can specify to assign traffic to a particular queue filter on some traffic change VLAN tag shut down a port and or redirect the traffic to a particular port By default no specific value is in effect for any of t...

Page 539: ...trol Lists IPv6 Access Control Lists Rule Configuration in the navigation menu Figure 20 10 IPv6 ACL Rule Configuration Removing an IPv6 ACL Rule To delete an IPv6 ACL rule 1 From the Rule ID menu select the ID of the rule to delete 2 Select the Remove option near the bottom of the page 3 Click Apply to remove the selected rule ...

Page 540: ... and Interfaces From the web interface you can configure the ACL rule in the ingress or egress direction so that the ACLs implement security rules for packets entering or exiting the port You can apply ACLs to any physical including 10 Gb interface LAG or routing port To display the ACL Binding Configuration page click Switching Network Security Access Control Lists Binding Configuration in the na...

Page 541: ...zation Time Range Configuration in the navigation panel The following image shows the page after at least one time range has been added Otherwise the page indicates that no time ranges are configured and the time range configuration fields are not displayed Figure 20 12 Time Range Configuration Adding a Time Range To configure a time range 1 From the Time Range Entry Configuration page click Add 2...

Page 542: ...e field select the name of the time range to configure 6 Specify an ID for the time range You can configure up to 10 different time range entries to include in the named range However only one absolute time entry is allowed per time range 7 Configure the values for the time range entry 8 Click Apply 9 To add additional entries to the named time range repeat step 5 through step 8 ...

Page 543: ...Purpose configure Enter global configuration mode access list name deny permit every icmp igmp ip tcp udp number srcip srcmask any eq portkey portvalue dstip dstmask any eq portkey portvalue precedence precedence tos tos tosmask dscp dscp log time range time range name assign queue queue id redirect interface mirror interface Create a named ACL if it does not already exist and create a rule for th...

Page 544: ... the traffic matching this rule to be forwarded to the specified interface interface interface Optional Enter interface configuration mode for the specified interface The interface variable includes the interface type and number for example gigabitethernet 1 0 3 You can also specify a range of interfaces with the interface range command for example interface range gigabitethernet 1 0 8 12 configur...

Page 545: ...ask any dstmac dstmacmask any bpdu ethertypekey 0x0600 0xFFFF vlan eq 0 4095 cos 0 7 secondary vlan eq 0 4095 secondary cos 0 7 log time range time range name assign queue queue id mirror redirect interface Specify the rules match conditions for the MAC access list srcmac Valid source MAC address in format xxxx xxxx xxxx srcmacmask Valid MAC address bitmask for the source MAC address in format xxx...

Page 546: ... interface Optional Enter interface configuration mode for the specified interface The interface variable includes the interface type and number for example gigabitethernet 1 0 3 You can also specify a range of interfaces with the interface range command for example interface range gigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 mac access group name direction seqnum Bind the speci...

Page 547: ...y portvalue any destination ipv6 prefix prefix length eq portkey portvalue flow label value dscp dscp log time range time range name assign queue queue id mirror redirect interface Specify the match conditions for the IPv6 access list deny permit Specifies whether the IP ACL rule permits or denies an action every Allows all protocols number Standard protocol number or protocol keywords icmp igmp i...

Page 548: ...matching this rule to be forwarded to the specified interface interface interface Optional Enter interface configuration mode for the specified interface The interface variable includes the interface type and number for example gigabitethernet 1 0 3 You can also specify a range of interfaces with the interface range command for example interface range gigabitethernet 1 0 8 12 configures interfaces...

Page 549: ...ure Enter global configuration mode time range name Create a named time range and enter the Time Range Configuration mode for the range absolute start time date end time date Configure a nonrecurring time entry for the named time range start time date Time and date the ACL rule starts going into effect The time is expressed in a 24 hour clock in the form of hours minutes For example 8 00 is 8 00 a...

Page 550: ...ay or combinations of days Monday Tuesday Wednesday Thursday Friday Saturday Sunday Other possible values are daily Monday through Sunday weekdays Monday through Friday weekend Saturday and Sunday time Time the ACL rule starts going into effect first occurrence or ends second occurrence The time is expressed in a 24 hour clock in the form of hours minutes CTRL Z Exit to Privileged EXEC mode show t...

Page 551: ...iguring a MAC ACL Configuring a Time Based ACL Configuring a Management Access List Configuring an IP ACL The commands in this example set up an IP ACL that permits hosts in the 192 168 77 0 24 subnet to send TCP and UDP traffic only to the host with an IP address of 192 168 77 50 The ACL is applied to port 2 on the PowerConnect switch ...

Page 552: ... 168 77 50 console config console config access list list1 permit tcp 192 168 77 0 0 0 0 255 192 168 77 50 0 0 0 0 2 Define the rule to set similar conditions for UDP traffic as for TCP traffic console config access list list1 permit udp 192 168 77 0 0 0 0 255 192 168 77 3 0 0 0 255 console config exit 192 168 77 1 192 168 77 2 192 168 77 3 192 168 77 4 Layer 2 Switch PowerConnect Switch Layer 3 P...

Page 553: ...C Access List named mac1 console config console config mac access list extended mac1 2 Configure a rule to deny all IPX traffic regardless of the source or destination MAC address console config mac access list deny any any ipx 3 Configure a rule to permit all other types of traffic regardless of the source or destination MAC address console config mac access list permit any any console config mac...

Page 554: ...rol Lists console show mac access lists mac1 MAC ACL Name mac1 Inbound Interface s ch1 48 Gi1 0 1 Gi1 0 48 Rule Number 1 Action deny Ethertype ipx Rule Number 2 Action permit Match All TRUE mac1 2 ch1 48 Gi1 0 1 Gi1 0 48 Inbound ...

Page 555: ...through Friday console config time range periodic weekdays 8 00 to 12 00 3 Configure an entry for the time range that applies to the afternoon shift Monday through Friday console config time range periodic weekdays 13 00 to 18 00 4 Configure an entry for the time range that applies to Saturday and Sunday console config time range periodic weekend 8 30 to 12 30 console config time range exit 5 Crea...

Page 556: ...more in band ports LAGs or VLANs to limit management access by method for example Telnet or HTTP and or source IP address NOTE Management ACLs cannot be applied to the OOB port Management Access List Commands Beginning in Privileged EXEC mode use the following commands to create a management access list There is an implicit deny all rule at the end of every management ACL This means that any host ...

Page 557: ...a forward slash Range 0 32 service service Indicates service type Can be one of the following telnet ssh http https tftp snmp sntp or any priority priority value Priority for the rule Range 1 64 permit interface type interface number service service priority priority value Permit access to the management interface from the specified port VLAN or LAG and meet the other optional criteria permit serv...

Page 558: ... 65 0 network on VLAN 1 and assign a priority of 1 to the rule console config macl permit ip source 10 27 65 0 mask 255 255 255 0 vlan 1 priority 1 3 Create a rule that allows access from hosts in the 10 27 65 0 network on connected to port 9 and assign a priority of 2 to the rule console config macl permit ip source 10 27 65 0 mask 255 255 255 0 Gi1 0 9 priority 2 console config macl exit 4 Activ...

Page 559: ...Configuring Access Control Lists 559 console show management access class Management access class is enabled using access list mgmt_ACL ...

Page 560: ...560 Configuring Access Control Lists ...

Page 561: ...t traffic to the connected host Large broadcast domains can result in network congestion and end users might complain that the network is slow In addition to latency large broadcast domains are a greater security risk since all hosts receive all broadcasts Virtual Local Area Networks VLANs allow you to divide a broadcast domain into smaller logical networks Like a bridge a VLAN switch forwards tra...

Page 562: ...48 M8024 and M8024 k switches support a configurable VLAN ID range of 2 4093 A VLAN with VLAN ID 1 is configured on the switch by default VLAN 1 is named default which cannot be changed However you can associate names with any other VLANs that you create In a tagged frame the VLAN is identified by the VLAN ID in the tag In an untagged frame the VLAN identifier is the Port VLAN ID PVID specified fo...

Page 563: ...red for the port The VLAN membership for this network is port based or static PowerConnect M6220 M6348 M8024 and M8024 k switches also support VLAN assignment based on any of the following criteria MAC address of the end station IP subnet of the end station Protocol of the packet transmitted by the end station Payroll VLAN 300 Engineering VLAN 100 Tech Pubs VLAN 200 Router Switch ...

Page 564: ...g Untagged packets received on a trunk port are forwarded on the native VLAN Packets received on another interface belonging to the native VLAN are transmitted untagged on a trunk port Table 21 1 VLAN Assignment VLAN Assignment Description Port based Static This is the most common way to assign hosts to VLANs The port where the traffic enters the switch determines the VLAN membership IP Subnet Hos...

Page 565: ...VLAN tag in the header VLAN tagging is required when a VLAN spans multiple switches which is why trunk ports transmit and receive only tagged frames Tagging may be required when a single port supports multiple devices that are members of different VLANs For example a single port might be connected to an IP phone a PC and a printer the PC and printer are connected via ports on the IP phone IP phone...

Page 566: ...n Protocol GVRP helps to dynamically manage VLAN memberships on trunk ports When GARP is enabled switches can dynamically register and de register VLAN membership information with other switches attached to the same segment Information about the active VLANs is propagated across all networking switches in the bridged LAN that support GVRP You can configure ports to forbid dynamic VLAN assignment t...

Page 567: ...d from an interface has a tag removed if one or more tags are present In Figure 21 2 two customers share the same metro core The service provider assigns each customer a unique ID so that the provider can distinguish between the two customers and apply different rules to each When the configurable EtherType is assigned to something different than the 802 1Q 0x8100 EtherType it allows the traffic t...

Page 568: ...ssion rate is vital The priority level enables the separation of voice and data traffic coming onto the port A primary benefit of using Voice VLAN is to ensure that the sound quality of an IP phone is safeguarded from deteriorating when the data traffic on the port is high The switch uses the source MAC address of the traffic traveling through the port to identify the IP phone data flow The Voice ...

Page 569: ...ormation all traffic is tagged with the VLAN ID of the Voice VLAN The phone is considered to be authorized to send traffic but not necessarily authenticated Segregating Traffic with the Voice VLAN You can configure the switch to support Voice VLAN on a port that is connecting the VoIP phone Both of the following methods segregate the voice traffic and the data traffic in order to provide better se...

Page 570: ...he Voice VLAN port does not deteriorate the voice traffic Voice VLAN and LLDP MED The interactions with LLDP MED are important for Voice VLAN LLDP MED notifies the Voice VLAN component of the presence and absence of a VoIP phone on the network The Voice VLAN component interacts with LLDP MED for applying VLAN ID priority and tag information to the VoIP phone traffic Private VLANs Private VLANs par...

Page 571: ...secondary VLAN is an isolated VLAN Private VLANs may be configured across a stack and on physical and port channel interfaces Private VLAN Usage Scenarios Private VLANs are typically implemented in a DMZ for security reasons Servers in a DMZ are generally not allowed to communicate with each other but they must communicate to a router through which they are connected to the users Such servers are ...

Page 572: ... connected to a promiscuous port is allowed to communicate with any endpoint within the private VLAN Multiple promiscuous ports can be defined for a single private VLAN domain In the configuration shown in Figure 21 3 the port connected from SW1 to R1 TE1 1 1 is configured as a promiscuous port It is possible to configure a port channel as a promiscuous port in order to provide a level of redundan...

Page 573: ...able private VLAN operation across multiple switches that are not stacked trunk ports must be configured between the switches to transport the private VLANs The trunk ports must be configured with the promiscuous isolated and community VLANs Trunk ports must also be configured on all devices separating the switches In regular VLANs ports in the same VLAN switch traffic at L2 However for a private ...

Page 574: ...N A N A N A isolated N A N A N A N A N A stack trunk allow allow allow allow allow To From promiscuous community 1 community 2 isolated stack trunk promiscuous N A N A N A N A N A community 1 allow allow deny deny allow community 2 N A N A N A N A N A isolated N A N A N A N A N A stack trunk allow allow deny deny allow To From promiscuous community 1 community 2 isolated stack trunk promiscuous N ...

Page 575: ...LAN GVRP MVRP cannot be enabled after the private VLAN is configured The administrator will need to disable both before configuring the private VLAN DHCP snooping can be configured on the primary VLAN If it is enabled for a secondary VLAN the configuration does not take effect if a primary VLAN is already configured If IP source guard is enabled on private VLAN ports then DHCP snooping must be ena...

Page 576: ...N traffic Private VLAN Configuration Example See Configuring a Private VLAN on page 626 Additional VLAN Features The PowerConnect M6220 M6348 M8024 and M8024 k switches also support the following VLANs and VLAN related features VLAN routing interfaces See Configuring Routing Interfaces on page 867 Guest VLAN See Configuring Port and System Security on page 481 ...

Page 577: ...cast domain and receive all broadcast and multicast traffic received on any port When you create a new VLAN all trunk ports are members of the VLAN by default The configurable VLAN range is 2 4093 VLANs 4094 and 4095 are reserved Ports in trunk and access mode have the default behavior shown in Table 21 2 and cannot be configured with different tagging or ingress filtering values When you add a VL...

Page 578: ...cess Double VLAN tagging Disabled If double VLAN tagging is enabled the default EtherType value is 802 1Q Maximum number of configurable MAC to VLAN bindings 128 Maximum number of configurable IP Subnet to VLAN bindings 64 GVRP Disabled If GVRP is enabled the default port parameters are GVRP State Disabled Dynamic VLAN Creation Disabled GVRP Registration Disabled Number of dynamic VLANs that can b...

Page 579: ...dynamically through GVRP or when the Static row is changed and Apply is clicked There are two tables on the page Ports Displays and assigns VLAN membership to ports To assign membership click in Static for a specific port Each click toggles between U T and blank See Table 21 8 for definitions LAGs Displays and assigns VLAN membership to LAGs To assign membership click in Static for a specific LAG ...

Page 580: ...the port a trunk port use the Port Settings page Figure 21 4 VLAN Membership Adding a VLAN To create a VLAN Blank Blank the interface is not a VLAN member Packets in this VLAN are not forwarded on this interface Table 21 8 VLAN Port Membership Definitions Port Control Definition ...

Page 581: ...k Apply Configuring Ports as VLAN Members To add member ports to a VLAN 1 Open the VLAN Membership page 2 From the Show VLAN menu select the VLAN to which you want to assign ports 3 In the Static row of the VLAN Membership table click the blank field to assign the port as an untagged member Figure 21 6 shows Gigabit Ethernet ports 5 8 being added to VLAN 300 ...

Page 582: ...582 Configuring VLANs Figure 21 6 Add Ports to VLAN 4 Click Apply 5 Verify that the ports have been added to the VLAN ...

Page 583: ...Configuring VLANs 583 In Figure 21 7 the presence of the letter U in the Current row indicates that the port is an untagged member of the VLAN Figure 21 7 Add Ports to VLAN ...

Page 584: ... in the navigation panel Figure 21 8 VLAN Port Settings From the Port Settings page click Show All to see the current VLAN settings for all ports You can change the settings for one or more ports by clicking the Edit option for a port and selecting or entering new values NOTE You can add ports to a VLAN through the table on the VLAN Membership page or through the PVID field on the Port Settings pa...

Page 585: ...ll Ports VLAN LAG Settings Use the VLAN LAG Settings page to map a LAG to a VLAN and to configure specific VLAN settings for the LAG To display the LAG Settings page click Switching VLAN LAG Settings in the navigation panel Figure 21 10 VLAN LAG Settings ...

Page 586: ... LAG Settings page click Show All to see the current VLAN settings for all LAGs You can change the settings for one or more LAGs by clicking the Edit option for a port and selecting or entering new values Figure 21 11 VLAN LAG Table ...

Page 587: ...hared across all ports of the switch The MAC to VLAN table supports up to 128 entries To display the Bind MAC to VLAN page click Switching VLAN Bind MAC to VLAN in the navigation panel Figure 21 12 Bind MAC to VLAN From the Bind MAC to VLAN page click Show All to see the MAC addresses that are mapped to VLANs From this page you can change the settings for one or more entries or remove an entry ...

Page 588: ... to assign an IP Subnet to a VLAN The IP Subnet to VLAN configurations are shared across all ports of the switch There can be up to 64 entries configured in this table To display the Bind IP Subnet to VLAN page click Switching VLAN Bind IP Subnet to VLAN in the navigation panel Figure 21 14 Bind IP Subnet to VLAN ...

Page 589: ...9 From the Bind IP Subnet to VLAN page click Show All to see the IP subnets that are mapped to VLANs From this page you can change the settings for one or more entries or remove an entry Figure 21 15 Subnet VLAN Bind Table ...

Page 590: ...LAN GVRP Parameters in the navigation panel Figure 21 16 GVRP Parameters From the GVRP Parameters page click Show All to see the GVRP configuration for all ports From this page you can change the settings for one or more entries NOTE Per port and per LAG GVRP Statistics are available from the Statistics RMON page For more information see Monitoring Switch Traffic on page 369 ...

Page 591: ...Configuring VLANs 591 Figure 21 17 GVRP Port Parameters Table ...

Page 592: ...hich VLANs and then enable certain ports to use these settings Protocol based VLANs are most often used in situations where network segments contain hosts running multiple protocols To display the Protocol Group page click Switching VLAN Protocol Group in the navigation panel Figure 21 18 Protocol Group ...

Page 593: ...pply 5 Click Protocol Group to return to the main Protocol Group page 6 From the Group ID field select the group to configure 7 In the Protocol Settings table select the protocol and interfaces to associate with the protocol based VLAN In Figure 21 20 the Protocol Group 1 named IPX is associated with the IPX protocol and ports 14 16 Ports 20 22 are selected in Available Ports list After clicking t...

Page 594: ...594 Configuring VLANs Figure 21 20 Configure Protocol Group 8 Click Apply 9 Click Show All to see the protocol based VLANs and their members Figure 21 21 Protocol Group Table ...

Page 595: ...ration page to specify the value of the EtherType field in the first EtherType tag pair of the double tagged frame To display the Double VLAN Global Configuration page click Switching VLAN Double VLAN Global Configuration in the navigation panel Figure 21 22 Double VLAN Global Configuration ...

Page 596: ... EtherType tag pair of the double tagged frame To display the Double VLAN Interface Configuration page click Switching VLAN Double VLAN Interface Configuration in the navigation panel Figure 21 23 Double VLAN Interface Configuration To view a summary of the double VLAN configuration for all interfaces and to edit settings for one or more interfaces click Show All ...

Page 597: ...Configuring VLANs 597 Figure 21 24 Double VLAN Port Parameter Table ...

Page 598: ...lay the page click Switching VLAN Voice VLAN Configuration in the navigation panel Figure 21 25 Voice VLAN Configuration NOTE IEEE 802 1X must be enabled on the switch before you disable voice VLAN authentication Voice VLAN authentication can be disabled in order to allow VoIP phones that do not support authentication to send and receive unauthenticated traffic on the Voice VLAN ...

Page 599: ... be a member of one untagged VLAN When you configure the interface as a VLAN member the Command Purpose configure Enter global configuration mode vlan vlan id vlan range Create a new VLAN or a range of VLANs and enter the interface configuration mode for the specified VLAN or VLAN range vlan id A valid VLAN IDs Range 2 4093 vlan range A list of valid VLAN IDs to be added List separate non consecut...

Page 600: ...nterface configuration mode for the specified interface The interface variable includes the interface type and number for example gigabitethernet 1 0 3 You can also specify a range of interfaces with the interface range command for example interface range gigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 switchport mode access Configure the interface as an untagged layer 2 VLAN inter...

Page 601: ...hen in trunking mode Separate non consecutive VLAN IDs with a comma and no spaces Use a hyphen to designate a range of IDs The vlan list format is all add remove except vlan atom vlan atom where all Specifies all VLANs from 1 to 4093 This keyword is not allowed on commands that do not permit all VLANs in the list to be set at the same time add Adds the list of VLANs to the allowed set remove Remov...

Page 602: ...guring VLANs show interfaces switchport interface Display information about the VLAN settings configured for the specified interface The interface variable includes the interface type and number Command Purpose ...

Page 603: ...rface range gigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 switchport mode general Configure the interface as a tagged and an untagged layer 2 VLAN interface switchport general allowed vlan add remove vlan list tagged untagged Configure the VLAN membership for the port You can also use this command to change the egress tagging for packets without changing the VLAN assignment add v...

Page 604: ...e tagged only Optional Specifies that the port will only accept tagged frames Untagged frames are dropped at ingress switchport general ingress filtering disable Optional Turn off ingress filtering so that all received tagged frames are forwarded whether or not the port is a member of the VLAN in the tag CTRL Z Exit to Privileged EXEC mode show interfaces switchport interface Display information a...

Page 605: ...Configuring VLANs 605 CTRL Z Exit to Privileged EXEC mode show interfaces switchport port channel channel id Display information about the VLAN settings configured for the specified LAG Command Purpose ...

Page 606: ...d 12 mode dvlan tunnel Enable Double VLAN Tunneling on the specified interface exit Exit to global configuration mode dvlan tunnel ethertype 802 1Q vman custom 0 65535 primary tpid Configure the EtherType to use for interfaces with double VLAN tunneling enabled 802 1Q Configures the EtherType as 0x8100 vman Configures the EtherType as 0x88A8 custom Custom configures the EtherType for the DVLAN tun...

Page 607: ...lobal configuration mode vlan database Enter VLAN database mode vlan association mac mac address vlan id Associate a MAC address with a VLAN mac address MAC address to associate Range Any MAC address in the format xxxx xxxx xxxx or xx xx xx xx xx xx vlanid VLAN to associate with subnet Range 1 4093 CTRL Z Exit to Privileged EXEC mode show vlan association mac mac address Display the VLAN associate...

Page 608: ...ation can be associated with one group only If adding an interface to a group causes any conflicts with protocols currently associated with the group adding the interface s to the group fails and no interfaces are added to the group Ensure that the referenced VLAN is created prior to the creation of the protocol based group except when GVRP is expected to create the VLAN Command Purpose configure ...

Page 609: ...ith the group this command fails and the protocol is not added to the group groupid The protocol based VLAN group ID protocol The protocol you want to add The ethertype can be any valid number in the range 0x0600 0xffff protocol vlan group all groupid Optional Add all physical interfaces to the protocol based group identified by groupid You can add individual interfaces to the protocol based group...

Page 610: ...the name of a protocol group use the show port protocol all command vlanid A valid VLAN ID CTRL Z Exit to Privileged EXEC mode show port protocol all groupid Display the Protocol Based VLAN information for either the entire system or for the indicated group Command Purpose configure Enter global configuration mode gvrp enable Enable GVRP on the switch interface interface Enter interface configurat...

Page 611: ...o spaces Use a hyphen to designate a range of IDs gvrp registration forbid Optional Deregister all VLANs on a port and prevent any dynamic registration on the port gvrp vlan creation forbid Optional Disable dynamic VLAN creation exit Exit to global configuration mode vlan database Enter VLAN database mode vlan makestatic vlan id Optional Change a dynamically created VLAN one that is created by GVR...

Page 612: ...1p priority none untagged data priority trust untrust auth enable disable dscp value Enable the voice vlan capability on the interface vlanid The voice VLAN ID priority The Dot1p priority for the voice VLAN on the port trust Trust the dot1p priority or DSCP values contained in packets arriving on the voice vlan port untrust Do not trust the dot1p priority or DSCP values contained in packets arrivi...

Page 613: ...n of RADIUS Assigned VLANs on page 513 Table 21 9 Example VLANs VLAN ID VLAN Name VLAN Type Purpose 100 Engineering Port based All employees in the Engineering department use this VLAN Confining this department s traffic to a single VLAN helps reduce the amount of traffic in the broadcast domain which increases bandwidth 200 Marketing Port based All employees in the Marketing department use this V...

Page 614: ...tiple ports and hosts The Payroll and File servers are connected to the switches through a LAG Some of the Marketing hosts connect to Switch 1 and some connect to Switch 2 The Engineering and Marketing departments share the same file server Because security is a concern for the Payroll VLAN the ports and LAG that are members of this VLAN will accept and transmit only traffic tagged with VLAN 400 T...

Page 615: ... LAG Function Switch 1 1 Connects to Switch 2 2 15 Host ports for Payroll 16 20 Host ports for Marketing LAG1 ports 21 24 Connects to Payroll server Switch 2 1 Connects to Switch 1 2 10 Host ports for Marketing 11 30 Host ports for Engineering LAG1 ports 35 39 Connects to file server LAG2 ports 40 44 Uplink to router ...

Page 616: ...s and ports on Switch 1 None of the hosts that connect to Switch 1 use the Engineering VLAN VLAN 100 so it is not necessary to create it on that switch To configure Switch 1 1 Create the Marketing Sales and Payroll VLANs a From the Switching VLAN VLAN Membership page click Add b In the VLAN ID field enter 200 c In the VLAN Name field enter Marketing d Click Apply Figure 21 27 Add VLANs e Repeat st...

Page 617: ...k the space for ports 16 20 so the U untagged displays for each port Figure 21 28 VLAN Membership VLAN 200 3 Click Apply 4 Assign ports 2 15 and LAG1 to the Payroll VLAN a From the Switching VLAN VLAN Membership page select 400 Payroll from the Show VLAN field b In the Static row click the space for ports 2 15 and LAG 1 so the U untagged displays for each port and then click Apply ...

Page 618: ...h PVID 400 a From the Switching VLAN LAG Settings page make sure Po1 is selected b Configure the following settings Port VLAN Mode General PVID 400 Frame Type AdmitAll c Click Apply Figure 21 29 LAG Settings 6 Configure port 1 as a trunk port a From the Switching VLAN Port Settings page make sure port Gi1 0 1 is selected b From the Port VLAN Mode field select Trunk c Click Apply ...

Page 619: ... 31 shows VLAN 200 in which port 1 is a tagged member and ports 16 20 are untagged members Figure 21 31 Trunk Port Configuration 8 Configure the MAC based VLAN information a Go to the Switching VLAN Bind MAC to VLAN page b In the MAC Address field enter a valid MAC address for example 00 1C 23 55 E9 8B c In the Bind to VLAN field enter 300 which is the Sales VLAN ID d Click Apply ...

Page 620: ...and Ports on Switch 2 Use the following steps to configure the VLANs and ports on Switch 2 Many of the procedures in this section are the same as procedures used to configure Switch 1 For more information about specific procedures see the details and figures in the previous section To configure Switch 2 1 Create the Engineering Marketing Sales and Payroll VLANs Although the Payroll hosts do not co...

Page 621: ... Configure the MAC based VLAN information 10 If desired copy the running configuration to the startup configuration Configuring VLANs Using the CLI This example shows how to perform the same configuration by using CLI commands Configure the VLANs and Ports on Switch 1 Use the following steps to configure the VLANs and ports on Switch 1 None of the hosts that connect to Switch 1 use the Engineering...

Page 622: ...s console config if switchport access vlan 400 console config if exit 4 Assign LAG1 to the Payroll VLAN and specify that frames will always be transmitted tagged with a VLAN ID of 400 By default all VLANs are members of a trunk port console config interface port channel 1 console config if Po1 switchport mode trunk console config if Po1 switchport trunk native vlan 400 console config if Po1 exit 5...

Page 623: ...so that it persists across a system reset use the following command console copy running config startup config 8 View the VLAN settings console show vlan 9 View the VLAN membership information for a port console show interfaces switchport gi1 0 1 Port Gi1 0 1 VLAN Membership mode Trunk Mode Operating parameters PVID 1 Ingress Filtering Enabled Acceptable Frame Type VLAN Only Default Priority 0 GVR...

Page 624: ...connect to this switch traffic from the Payroll department must use Switch 2 to reach the rest of the network and Internet through the uplink port For that reason Switch 2 must be aware of VLAN 400 so that traffic is not rejected by the trunk port 2 Configure ports 2 10 as access ports and add VLAN 200 to the ports 3 Configure ports 11 30 as access ports and add VLAN 100 to the ports 4 Configure L...

Page 625: ...tem Security on page 481 To configure the switch 1 Create the voice VLAN console configure console config vlan 25 console config vlan25 exit 2 Enable the Voice VLAN feature on the switch console config voice vlan 3 Configure port 10 to be in general mode console config interface gi1 0 10 console config if Gi1 0 10 switchport mode general 4 Enable port based 802 1X authentication on the port This s...

Page 626: ... VLAN Authentication Disabled Configuring a Private VLAN 1 Configure the VLANs and their roles This example configures VLAN 100 as the primary VLAN secondary VLAN 101 as the community VLAN and secondary VLANs 102 and 103 as the isolated VLANs switch configure switch config vlan 100 switch config vlan 100 private vlan primary switch config vlan 100 exit switch config vlan 101 switch config vlan 101...

Page 627: ...n 100 101 console config if Gi1 0 11 interface gi1 0 12 console config if Gi1 0 12 switchport mode private vlan host console config if Gi1 0 12 switchport private vlan host association 100 101 5 Assign the isolated VLAN ports console config interface gi1 0 10 console config if Gi1 0 10 switchport mode private vlan host console config if Gi1 0 10 switchport private vlan host association 100 102 con...

Page 628: ...ate vlan Primary VLAN Secondary VLAN Community 100 102 101 console config show vlan VLAN Name Ports Type 1 default Po1 128 Default Te1 1 1 Gi1 0 1 10 Gi1 0 13 24 100 VLAN0100 Te1 1 1 Static Gi1 0 11 12 101 VLAN0101 Gi1 0 11 Static 102 VLAN0102 Gi1 0 12 Static ...

Page 629: ...single path between end stations on a network PowerConnect M6220 M6348 M8024 and M8024 k switches support Classic STP Multiple STP and Rapid STP What Are Classic STP Multiple STP and Rapid STP Classic STP provides a single path between end stations avoiding and eliminating loops Multiple Spanning Tree Protocol MSTP supports multiple instances of Spanning Tree to efficiently channel VLAN traffic ov...

Page 630: ...ier of the bridge and its configurable priority number When two switches have an equal bridge ID value the switch with the lowest MAC address is the root bridge After the root bridge is elected each switch finds the lowest cost path to the root bridge The port that connects the switch to the lowest cost path is the root port on the switch The switches in the spanning tree also determine which port...

Page 631: ...e 22 1 Small Bridged Network Assume that Switch A is elected to be the Root Bridge and Port 1 on Switch B and Switch C are calculated to be the root ports for those bridges Port 2 on Switch B and Switch C would be placed into the Blocking state This creates a loop free topology End stations in VLAN 10 can talk to other devices in VLAN 10 and end stations in VLAN 20 have a single path to communicat...

Page 632: ... Port 2 on Switch B and Switch C could be used these inefficiencies could be eliminated MSTP does just that by allowing the configuration of MSTIs based upon a VLAN or groups of VLANs In this simple case VLAN 10 could be associated with Multiple Spanning Tree Instance MSTI 1 with an active topology similar to Figure 22 2 and VLAN 20 could be associated with MSTI 2 where Port 1 on both Switch A and...

Page 633: ...Configuring the Spanning Tree Protocol 633 The logical representation of the MSTP environment for these three switches is shown in Figure 22 3 Figure 22 3 Logical MSTP Environment ...

Page 634: ...alternate paths through each Region Above Switch A is elected as both the MSTI 1 Regional Root and the CIST Regional Root Bridge and after adjusting the Bridge Priority on Switch C in MSTI 2 it would be elected as the MSTI 2 Regional Root To further illustrate the full connectivity in an MSTP active topology the following rules apply 1 Each Bridge or LAN is in only one Region 2 Every frame is asso...

Page 635: ...thout considering the VLAN membership of the ports This results in unexpected behavior if the active topology of an MSTI depends on a port that is not a member of the VLAN assigned to the MSTI and the port is selected as root port In this configuration port TE 1 0 11 is selected as the root port and ports TE1 0 12 and TE1 0 13 are blocked To resolve the issue set the port path cost of the directly...

Page 636: ...ts that are connected to end devices such as a desktop computer printer or file server to transition to the forwarding state without going through the listening and learning states BPDU Filtering Ports that have the PortFast feature enabled continue to transmit BPDUs The BPDU filtering feature prevents PortFast enabled ports from sending BPDUs If BPDU filtering is configured globally on the switch...

Page 637: ...ding loops induced by BPDU packet loss The reasons for failing to receive packets are numerous including heavy traffic software problems incorrect configuration and unidirectional link failure When a non designated port no longer receives BPDUs the spanning tree algorithm considers that this link is loop free and begins transitioning the link from blocking to forwarding Once in forwarding state th...

Page 638: ...on to a forwarding state When the port receives a BPDU packet the system sets it to non edge port and recalculates the spanning tree which causes network topology flapping In normal cases these ports do not receive any BPDU packets However someone may forge BPDU to maliciously attack the switch and cause network flapping BPDU protection can be enabled in RSTP to prevent such attacks When BPDU prot...

Page 639: ...ate Enabled globally and on all ports Spanning tree mode RSTP Classic STP and MSTP are disabled Switch priority 32768 BPDU flooding Disabled PortFast mode Disabled PortFast BPDU filter Disabled Loop guard Disabled BPDU protection Disabled Spanning tree port priority 128 Maximum aging time 20 seconds Forward delay time 15 seconds Maximum hops 20 Spanning tree transmit hold count 6 MSTP region name ...

Page 640: ...ing STP settings on a PowerConnect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page STP Global Settings The STP Global Settings page contains fields for enabling STP on the switch To display the STP Global Settings page click Switching Spanning Tree Global Settings in the navigation panel Figure 22 5 Spanning Tree Global Settings ...

Page 641: ...l 641 STP Port Settings Use the STP Port Settings page to assign STP properties to individual ports To display the STP Port Settings page click Switching Spanning Tree STP Port Settings in the navigation panel Figure 22 6 STP Port Settings ...

Page 642: ...STP settings for multiple ports 1 Open the STP Port Settings page 2 Click Show All to display the STP Port Table Figure 22 7 Configure STP Port Settings 3 For each port to configure select the check box in the Edit column in the row associated with the port 4 Select the desired settings 5 Click Apply ...

Page 643: ...ports parameters To display the STP LAG Settings page click Switching Spanning Tree STP LAG Settings in the navigation panel Figure 22 8 STP LAG Settings Configuring STP Settings for Multiple LAGs To configure STP settings on multiple LAGS 1 Open the STP LAG Settings page 2 Click Show All to display the STP LAG Table ...

Page 644: ...h the LAG 4 Select the desired settings 5 Click Apply Rapid Spanning Tree Rapid Spanning Tree Protocol RSTP detects and uses network topologies that allow a faster convergence of the spanning tree without creating forwarding loops To display the Rapid Spanning Tree page click Switching Spanning Tree Rapid Spanning Tree in the navigation panel Figure 22 10 Rapid Spanning Tree ...

Page 645: ...Configuring the Spanning Tree Protocol 645 To view RSTP Settings for all interfaces click the Show All link The Rapid Spanning Tree Table displays Figure 22 11 RSTP LAG Settings ...

Page 646: ...Spanning Tree to efficiently channel VLAN traffic over different interfaces MSTP is compatible with both RSTP and STP a MSTP bridge can be configured to behave entirely as a RSTP bridge or a STP bridge To display the MSTP Settings page click Switching Spanning Tree MSTP Settings in the navigation panel Figure 22 12 MSTP Settings ...

Page 647: ...tings for multiple VLANS 1 Open the MSTP Settings page 2 Click Show All to display the MSTP Settings Table Figure 22 13 Configure MSTP Settings 3 For each Instance ID to modify select the check box in the Edit column in the row associated with the VLAN 4 Update the Instance ID settings for the selected VLANs 5 Click Apply ...

Page 648: ...To display the MSTP Interface Settings page click Switching Spanning Tree MSTP Interface Settings in the navigation panel Figure 22 14 MSTP Interface Settings Configuring MSTP Settings for Multiple Interfaces To configure MSTP settings for multiple interfaces 1 Open the MSTP Interface Settings page 2 Click Show All to display the MSTP Interface Table ...

Page 649: ...g Tree Protocol 649 Figure 22 15 Configure MSTP Interface Settings 3 For each interface to configure select the check box in the Edit column in the row associated with the interface 4 Update the desired settings 5 Click Apply ...

Page 650: ...priority priority Specify the priority of the bridge Range 0 61440 The switch with the lowest priority value is elected as the root switch spanning tree max age seconds Specify the switch maximum age time which indicates the amount of time in seconds a bridge waits before implementing a topological change Valid values are from 6 to 40 seconds spanning tree forward time seconds Specify the switch f...

Page 651: ...ured in PortFast mode from sending BPDUs spanning tree loopguard default Enable loop guard on all ports spanning tree bpdu protection Enable BPDU protection on the switch interface interface Enter interface configuration mode for the specified interface The interface variable includes the interface type and number for example gigabitethernet 1 0 3 or port channel 4 You can also specify a range of ...

Page 652: ...erfaces with the interface range command for example interface range gigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 The range keyword is also valid for LAGs port channels spanning tree disable Disable spanning tree on the port spanning tree port priority priority Specify the priority of the port Range 0 240 The priority value is used to determine which ports are put in the forward...

Page 653: ...added to the existing MST instance To specify a range of VLANs use a hyphen To specify a series of VLANs use a comma Range 1 4093 exit Return to global configuration mode spanning tree mst instance id priority priority Set the switch priority for the specified spanning tree instance instance id ID of the spanning tree instance Range 1 4094 priority Sets the switch priority for the specified spanni...

Page 654: ...ommon spanning tree Range 0 200000000 spanning tree mst instance id cost cost Configure the path cost for MST calculations If a loop occurs the spanning tree considers path cost when selecting an interface to put in the forwarding state instance ID ID of the spanning tree instance Range 1 4094 cost The port path cost Range 0 200 000 000 spanning tree mst instance id port priority priority Specify ...

Page 655: ...he following examples Configuring STP Configuring MSTP Configuring STP This example shows a LAN with four switches On each switch ports 1 2 and 3 connect to other switches and ports 4 20 connect to hosts in Figure 22 16 each PC represents 17 host systems Figure 22 16 STP Example Network Diagram ...

Page 656: ...apability to prevent network loops For all other STP settings the administrator uses the default STP values To configure the switch 1 Connect to Switch A and configure the priority to be higher a lower value than the other switches which use the default value of 32768 console config console config spanning tree priority 8192 2 Configure ports 4 20 to be in Port Fast mode console config interface r...

Page 657: ...re the MST region name and revision level are the same for all switches in the region To configure the switches 1 Create VLAN 10 Switch A and Switch B and VLAN 20 all switches console configure console config vlan 10 20 console config vlan10 20 exit console config vlan exit NOTE Even Switch B does not have any ports that are members of VLAN 10 this VLAN must be created to allow the formation of MS...

Page 658: ...figure Switch A to be the root bridge of the spanning tree CIST Regional Root by configuring a higher root bridge priority console config spanning tree priority 8192 7 Switch A only Make Switch A the Regional Root for MSTI 1 by configuring a higher priority for MST ID 10 console config spanning tree mst 10 priority 12288 8 Switch A only Change the priority of MST ID 20 to ensure Switch C is the Re...

Page 659: ...tch to broadcast information about itself and to learn information about neighboring devices What Is ISDP The Industry Standard Discovery Protocol ISDP is a proprietary Layer 2 network protocol that inter operates with Cisco devices running the Cisco Discovery Protocol CDP ISDP is used to share information between neighboring devices The switch software participates in the CDP protocol and is able...

Page 660: ...matically translate into configuration An external application may query the MED MIB and take management actions in configuring functionality Why are Device Discovery Protocols Needed The device discovery protocols are used primarily in conjunction with network management tools to provide information about network topology and configuration and to help troubleshoot problems that occur on the netwo...

Page 661: ...ameter Default Value ISDP Mode Enabled globally and on all ports ISDPv2 Mode Enabled globally and on all ports Message Interval 30 seconds Hold Time Interval 180 seconds Device ID none Device ID Format Capability Serial Number Host Name Device ID Format Serial Number Table 23 2 LLDP Defaults Parameter Default Value Transmit Mode Enabled on all ports Receive Mode Enabled on all ports Transmit Inter...

Page 662: ...able 23 3 summarizes the default values for LLDP MED Table 23 3 LLDP MED Defaults Parameter Default Value LLDP MED Mode Disabled on all ports Config Notification Mode Disabled on all ports Transmit TVLs MED Capabilities Network Policy ...

Page 663: ...werConnect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page ISDP Global Configuration From the ISDP Global Configuration page you can configure the ISDP settings for the switch such as the administrative mode To access the ISDP Global Configuration page click System ISDP Global Configuration in the navigation panel Figure 23 1 ISDP Global Configu...

Page 664: ... Table From the ISDP Cache Table page you can view information about other devices the switch has discovered through the ISDP To access the ISDP Cache Table page click System ISDP Cache Table in the navigation panel Figure 23 2 ISDP Cache Table ...

Page 665: ...must also be enabled globally in order for the interface to transmit ISDP packets If the ISDP mode on the ISDP Global Configuration page is disabled the interface will not transmit ISDP packets regardless of the mode configured on the interface To access the ISDP Interface Configuration page click System ISDP Interface Configuration in the navigation panel Figure 23 3 ISDP Interface Configuration ...

Page 666: ...666 Discovering Network Devices To view view the ISDP mode for multiple interfaces click Show All Figure 23 4 ISDP Interface Summary ...

Page 667: ... Statistics From the ISDP Statistics page you can view information about the ISDP packets sent and received by the switch To access the ISDP Statistics page click System ISDP Statistics in the navigation panel Figure 23 5 ISDP Statistics ...

Page 668: ...ration page to specify LLDP parameters Parameters that affect the entire system as well as those for a specific interface can be specified here To display the LLDP Configuration page click Switching LLDP Configuration in the navigation panel Figure 23 6 LLDP Configuration ...

Page 669: ... 669 To view the LLDP Interface Settings Table click Show All From the LLDP Interface Settings Table page you can view and edit information about the LLDP settings for multiple interfaces Figure 23 7 LLDP Interface Settings Table ...

Page 670: ...ng Network Devices LLDP Statistics Use the LLDP Statistics page to view LLPD related statistics To display the LLDP Statistics page click Switching LLDP Statistics in the navigation panel Figure 23 8 LLDP Statistics ...

Page 671: ...ections Use the LLDP Connections page to view the list of ports with LLDP enabled Basic connection details are displayed To display the LLDP Connections page click Switching LLDP Connections in the navigation panel Figure 23 9 LLDP Connections ...

Page 672: ...information about a device connected to a port that has been discovered through LLDP click the port number in the Local Interface table it is a hyperlink or click Details and select the port with the connected device Figure 23 10 LLDP Connection Detail ...

Page 673: ...LDP MED Global Configuration page to change or view the LLDP MED parameters that affect the entire system To display the LLDP MED Global Configuration page click Switching LLDP LLDP MED Global Configuration in the navigation panel Figure 23 11 LLDP MED Global Configuration ...

Page 674: ...DP MED Interface Configuration page to specify LLDP MED parameters that affect a specific interface To display the LLDP MED Interface Configuration page click Switching LLDP LLDP MED Interface Configuration in the navigation panel Figure 23 12 LLDP MED Interface Configuration ...

Page 675: ...Discovering Network Devices 675 To view the LLDP MED Interface Summary table click Show All Figure 23 13 LLDP MED Interface Summary ...

Page 676: ...e LLDP MED Local Device Information page to view the advertised LLDP local data for each port To display the LLDP MED Local Device Information page click Switching LLDP LLDP MED Local Device Information in the navigation panel Figure 23 14 LLDP MED Local Device Information ...

Page 677: ... MED Remote Device Information page to view the advertised LLDP data advertised by remote devices To display the LLDP MED Remote Device Information page click Switching LLDP LLDP MED Remote Device Information in the navigation panel Figure 23 15 LLDP MED Remote Device Information ...

Page 678: ...EC mode use the following commands to configure ISDP settings that affect the entire switch Command Purpose configure Enter Global Configuration mode isdp enable Administratively enable ISDP on the switch isdp advertise v2 Allow the switch to send ISDPv2 packets isdp holdtime time Specify the number of seconds the device that receives ISDP packets from the switch should store information sent in t...

Page 679: ...er interface configuration mode for the specified interface isdp enable Administratively enable ISDP on the switch exit Exit to Global Config mode exit Exit to Privileged Exec mode show isdp interface all View the ISDP mode on all interfaces Command Purpose show isdp entry all deviceid View information about all entries or a specific entry in the ISDP table show isdp neighbors View the neighboring...

Page 680: ...rts enabled for LLDP transmit interval The interval in seconds at which to transmit local data LLDP PDUs Range 5 32768 seconds hold value Multiplier on the transmit interval used to set the TTL in local data LLDP PDUs Range 2 10 reinit delay The delay in seconds before re initialization Range 1 10 seconds exit Exit to Privileged EXEC mode show lldp View global LLDP settings Command Purpose configu...

Page 681: ...e system capabilities TLV port desc Transmits the port description TLV exit Exit to Global Config mode exit Exit to Privileged EXEC mode show lldp interface all View LLDP settings for all interfaces Command Purpose show lldp local device all interface detail interface View LLDP information advertised by all ports or the specified port Include the keyword detail to see additional information show l...

Page 682: ...rface interface Enter interface configuration mode for the specified Ethernet interface lldp med Enable LLDP MED on the interface lldp med confignotification Allow the port to send topology change notifications lldp med transmit tlv capabilities network policy location inventory Specify which optional TLVs in the LLDP MED set are transmitted in the LLDP PDUs exit Exit to Global Config mode exit Ex...

Page 683: ...onds that a remote device should keep the ISDP information sent by the switch before discarding it console configure console config isdp holdtime 60 2 Specify how often in seconds the ISDP enabled ports should transmit information console config isdp timer 45 3 Enable ISDP on interface 1 0 3 console config interface gigabitEthernet1 0 3 console config if Gi1 0 3 isdp enable Command Purpose show ll...

Page 684: ... interface gi1 0 3 Interface Mode Gi1 0 3 Enabled Configuring LLDP This example shows how to configure LLDP settings for the switch and to allow Gigabit Ethernet port 1 0 3 to transmit all LLDP information available To configure the switch 1 Configure the transmission interval hold multiplier and reinitialization delay for LLDP PDUs sent from the switch console configure console config lldp timers...

Page 685: ...t description to be transmitted in LLDP PDUs console config if Gi1 0 3 description Test Lab Port 6 Exit to Privileged EXEC mode console config if Gi1 0 3 CTRL Z 7 View global LLDP settings on the switch console show lldp LLDP Global Configuration Transmit Interval 60 seconds Transmit Hold Multiplier 5 Reinit Delay 3 seconds Notification Interval 5 seconds 8 View summary information about the LLDP ...

Page 686: ...tail Interface Gi1 0 3 Chassis ID Subtype MAC Address Chassis ID 00 1E C9 AA AA 07 Port ID Subtype Interface Name Port ID gi 1 0 3 System Name console System Description PowerConnect M6348 3 16 22 30 VxWorks 6 5 Port Description Test Lab Port System Capabilities Supported bridge router System Capabilities Enabled bridge Management Address Type IPv4 Address 192 168 2 1 ...

Page 687: ...Configuring Port Based Traffic Control Web Configuring Port Based Traffic Control CLI Port Based Traffic Control Configuration Example Port Based Traffic Control Overview Table 24 1 provides a summary of the features this chapter describes Table 24 1 Port Based Traffic Control Features Feature Description Flow control Allows traffic transmission between a switch port and another Ethernet device to...

Page 688: ...rm is the result of an excessive number of broadcast multicast or unknown unicast messages simultaneously transmitted across a network by a single port Forwarded message responses can overload network resources and cause network congestion The storm control feature allows the switch to measure the incoming broadcast multicast and or unknown unicast packet rate per port and discard packets when the...

Page 689: ...ossible between two protected ports What is Link Local Protocol Filtering The Link Local Protocol Filtering LLPF feature can help troubleshoot network problems that occur when a network includes proprietary protocols running on standards based switches LLPF allows a PowerConnect M6220 M6348 M8024 M8024 k switch to filter out various Cisco proprietary protocol data units PDUs and or ISDP if problem...

Page 690: ...y Protocol ISDP is enabled on an interface and the LLPF feature on an interface is enabled and configured to drop ISDP PDUs the ISDP configuration overrides the LLPF configuration and the ISDP PDUs are allowed on the interface Default Port Based Traffic Control Values Table 24 2 lists the default values for the port based traffic control features that this chapter describes Table 24 2 Default Port...

Page 691: ...d traffic on a PowerConnect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page Flow Control Global Port Parameters Use the Global Parameters page for ports to enable or disable flow control support on the switch To display the Global Parameters page click Switching Ports Global Parameters in the navigation menu Figure 24 1 Global Port Parameters ...

Page 692: ...g Ports Storm Control in the navigation menu Figure 24 2 Storm Control Configuring Storm Control Settings on Multiple Ports To configure storm control on multiple ports 1 Open the Storm Control page 2 Click Show All to display the Storm Control Settings Table 3 In the Ports list select the check box in the Edit column for the port to configure 4 Select the desired storm control settings ...

Page 693: ...Configuring Port Based Traffic Control 693 Figure 24 3 Storm Control 5 Click Apply ...

Page 694: ...o see each other s traffic To display the Protected Port Configuration page click Switching Ports Protected Port Configuration in the navigation menu Figure 24 4 Protected Port Configuration Configuring Protected Ports To configure protected ports 1 Open the Protected Ports page 2 Click Add to display the Add Protected Group page 3 Select a group 0 2 4 Specify a name for the group ...

Page 695: ... Group 5 Click Apply 6 Click Protected Port Configuration to return to the main page 7 Select the port to add to the group 8 Select the protected port group ID Figure 24 6 Add Protected Ports 9 Click Apply 10 To view protected port group membership information click Show All ...

Page 696: ...rt and click Apply LLPF Configuration Use the LLPF Interface Configuration page to filter out various proprietary protocol data units PDUs and or ISDP if problems occur with these protocols running on standards based switches To display the LLPF Interface Configuration page click Switching Network Security Proprietary Protocol Filtering LLPF Interface Configuration the navigation menu ...

Page 697: ...Configuring Port Based Traffic Control 697 Figure 24 8 LLPF Interface Configuration To view the protocol types that have been blocked for an interface click Show All Figure 24 9 LLPF Filtering Summary ...

Page 698: ...et 1 0 3 You can also specify a range of interfaces with the interface range command for example interface range gigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 storm control broadcast level rate Enable broadcast storm recovery mode on the interface and optionally set the threshold rate threshold as percentage of port speed The percentage is converted to a PacketsPerSecond value ba...

Page 699: ...for all interfaces or the specified interface Command Purpose configure Enter global configuration mode switchport protected groupid name name Specify a name for one of the three protected port groups groupid Identifies which group the port is to be protected in Range 0 2 name Name of the group Range 0 32 characters interface interface Enter interface configuration mode for the specified interface...

Page 700: ...tethernet 1 0 3 You can also specify a range of interfaces with the interface range command for example interface range gigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 service acl input blockcdp blockvtp blockdtp blockudld blockpagp blocksstp blockall Use the appropriate keyword or combination of keywords to block any or all of the following PDUs on the interface VTP DTP UDLD PAgP ...

Page 701: ...d to ports 3 4 and 9 from being able to communicate with each other To configure the switch 1 Configure storm control for broadcast traffic on all physical interfaces console config interface range gi1 0 1 24 console config if storm control broadcast level 10 2 Configure LLPF to block PAgP and VTP PDUs on all physical interfaces console config if service acl blockpagp blockvtp console config if ex...

Page 702: ...st Ucast Intf Mode Level Mode Level Mode Level Gi1 0 1 Enable 10 Enable 5 Disable 5 console show service acl interface gi1 0 1 Protocol Mode CDP Disabled VTP Enabled DTP Disabled UDLD Disabled PAGP Enabled SSTP Disabled ALL Disabled console show switchport protected 0 Name clients Member Ports Gi1 0 1 Gi1 0 2 Gi1 0 3 Gi1 0 4 Gi1 0 9 ...

Page 703: ...figuring L2 Multicast Features CLI Case Study on a Real World Network Topology L2 Multicast Overview Multicast traffic is traffic from one source that has multiple destinations The L2 multicast features on the switch help control network flooding of Ethernet multicast and IP multicast traffic by keeping track of multicast group membership It is essential that a multicast router be connected to a P...

Page 704: ... IP multicast addresses are 224 0 0 x for IPv4 and FF0x for IPv6 Multicast data traffic is flooded to all ports in the VLAN if no multicast router ports have been identified Once a multicast router port is identified multicast data traffic is forwarded to the multicast router ports The MFDB is populated by snooping the membership reports sent to the multicast routers This causes multicast data tra...

Page 705: ... L2 multicast group forwarding table IGMP snooping learns about multicast routers by listening for the following messages IGMP Membership queries PIMv1 hellos PIMv2 hellos DVMRP probes Group addresses that fall into the range 224 0 0 x are never pruned by IGMP snooping they are always flooded to all ports in the VLAN Note that this flooding is based on the IP address not the corresponding 01 00 5e...

Page 706: ...st router port is identified IGMP snooping is enabled by default Multicast filtering is enabled by default IGMP snooping forwards multicast sources to multicast routers by default Reserved multicast IP addresses 224 0 0 x are always flooded to all ports in the VLAN Unregistered multicast traffic may be flooded in the VLAN by a user configuration option IGMP Snooping Querier When PIM and IGMP are e...

Page 707: ...of ports that want to receive the data instead of being flooded to all ports in a VLAN This list is constructed in the MFDB by snooping IPv6 multicast control packets MLD snooping floods multicast data packets until a multicast router port has been identified MLD snooping forwards unregistered multicast data packets to IPv6 multicast routers MLD snooping discovers multicast routers by listening fo...

Page 708: ...traffic such as traffic from an IPTV application to avoid duplication of multicast streams for clients in different VLANs Clients can dynamically join or leave the mutlicast VLAN without interfering with their membership in other VLANs MVR like IGMP snooping allows a layer 2 switch to listen to IGMP messages to learn about multicast group membership There are two types of MVR ports source and rece...

Page 709: ...th MVR and IGMP snooping are enabled MVR listens to the IGMP join and report messages for static multicast group information and IGMP snooping manages dynamic multicast groups When Are L3 Multicast Features Required In addition to L2 multicast features the switch suports IPv4 and IPv6 multicast features You configure the IPv4 IPv6 multicast features if the switch functions as a multicast router th...

Page 710: ...up membership information GVRP and GMRP use the same set of GARP Timers to specify the amount of time to wait before transmitting various GARP messages NOTE If a multicast source is connected to a VLAN on which both L3 multicast and IGMP snooping are enabled the multicast source is forwarded to the mrouter ports that have been discovered when the multicast source is first seen If a new mrouter is ...

Page 711: ...nooping in its purpose but IGMP snooping is more widely used GMRP must be running on both the host and the switch to function properly and IGMP MLD snooping must be disabled on the switch as IGMP snooping and GMRP cannot simultaneously operate within the same VLAN ...

Page 712: ... 3 map to 01 00 5E 03 03 03 As a result if a host requests 225 1 1 1 then it might receive multicast traffic of group 226 1 1 1 as well IGMP MLD Snooping in a Multicast Router IGMP MLD snooping is a Layer 2 feature and is achieved by using the L2 multicast forwarding table If a multicast source is connected to a VLAN on which both L3 multicast and IGMP MLD snooping are enabled the multicast source...

Page 713: ...in the VLAN This restriction applies to both multicast router connected ports and host connected ports IGMP Snooping and GMRP IGMP snooping and GMRP are not compatible Only one of IGMP snooping or GMRP should be configured to filter multicast groups for any VLAN Simultaneous operation of GMRP and IMGP snooping is not supported and will lead to undesirable results such as flooding in the VLAN due t...

Page 714: ...t router timeout 300 seconds IGMP MLD snooping leave timeout 10 seconds IGMP snooping querier Disabled IGMP version v2 MLD version v1 IGMP MLD snooping querier query interval 60 seconds IGMP MLD snooping querier expiry interval 60 seconds IGMP MLD snooping VLAN querier Disabled VLAN querier election participate mode Disabled Snooping Querier VLAN Address 0 0 0 0 MVR running Disabled MVR multicast ...

Page 715: ...Configuring L2 Multicast Features 715 GMRP Disabled globally and per interface Table 25 1 L2 Multicast Defaults Continued Parameter Default Value ...

Page 716: ...Global Parameters page to enable or disable bridge multicast filtering IGMP snooping or MLD snooping on the switch To display the Multicast Global Parameters page click Switching Multicast Support Global Parameters in the navigation menu Figure 25 1 Multicast Global Parameters NOTE It is strongly recommended that users enable IGMP snooping if MLD snooping is enabled and vice versa This is because ...

Page 717: ...roup To display the Bridge Multicast Group page click Switching Multicast Support Bridge Multicast Group in the navigation menu Figure 25 2 Bridge Multicast Group Understanding the Port and LAG Member Tables The Bridge Multicast Group tables display which Ports and LAGs are members of the multicast group and whether they re static S dynamic D or forbidden F The tables have two rows Static and Curr...

Page 718: ...gement settings Adding and Configuring Bridge Multicast Address Groups To configure a bridge multicast group 1 From the Bridge Multicast Group page click Add The Add Bridge Multicast Group page displays Table 25 2 Port LAG IGMP Management Settings Port Control Definition D Dynamic Indicates that the port LAG was dynamically joined to the Multicast group displays in the Current row S Static Attache...

Page 719: ...group IP or MAC address associated with the selected VLAN 4 In the Bridge Multicast Group tables assign a setting by clicking in the Static row for a specific port LAG Each click toggles between S F and blank not a member 5 Click Apply The bridge multicast address is assigned to the multicast group ports LAGs are assigned to the group with the Current rows being updated with the Static settings an...

Page 720: ...e drop down menu The Bridge Multicast Address and the assigned ports LAGs display 3 Check the Remove check box 4 Click Apply The selected bridge multicast group is removed and the device is updated MRouter Status Use the MRouter Status page to display the status of dynamically learned multicast router interfaces To access this page click Switching Multicast Support MRouter Status in the navigation...

Page 721: ... Switching Multicast Support IGMP Snooping General in the navigation menu Figure 25 5 General IGMP Snooping Modifying IGMP Snooping Settings for Multiple Ports LAGs or VLANs To modify the IGMP snooping settings 1 From the General IGMP snooping page click Show All The IGMP Snooping Table displays 2 Select the Edit checkbox for each Port LAG or VLAN to modify In Figure 25 6 ports 2 and 3 are to be m...

Page 722: ...ts LAGs or VLANs To copy IGMP snooping settings 1 From the General IGMP snooping page click Show All The IGMP Snooping Table displays 2 Select the Copy Parameters From checkbox 3 Select a Unit Port LAG or VLAN to use as the source of the desired parameters 4 Select the Copy To checkbox for the Unit Ports LAGs or VLANs that these parameters will be copied to In Figure 25 7 the settings for port 3 w...

Page 723: ...Configuring L2 Multicast Features 723 Figure 25 7 Copy IGMP Snooping Settings 5 Click Apply The IGMP snooping settings are modified and the device is updated ...

Page 724: ...ing querier settings such as the IP address to use as the source in periodic IGMP queries when no source address has been configured on the VLAN To display the Global Querier Configuration page click Switching Multicast Support IGMP Snooping Global Querier Configuration in the navigation menu Figure 25 8 Global Querier Configuration ...

Page 725: ...ividual VLANs To display the VLAN Querier page click Switching Multicast Support IGMP Snooping VLAN Querier in the navigation menu Figure 25 9 VLAN Querier Adding a New VLAN and Configuring its VLAN Querier Settings To configure a VLAN querier 1 From the VLAN Querier page click Add The page refreshes and the Add VLAN page displays ...

Page 726: ... Querier 2 Enter the VLAN ID and if desired an optional VLAN name 3 Return to the VLAN Querier page and select the new VLAN from the VLAN ID menu 4 Specify the VLAN querier settings 5 Click Apply The VLAN Querier settings are modified and the device is updated ...

Page 727: ...Configuring L2 Multicast Features 727 To view a summary of the IGMP snooping VLAN querier settings for all VLANs on the switch click Show All Figure 25 11 Add VLAN Querier ...

Page 728: ... VLAN Querier Status page to view the IGMP snooping querier settings for individual VLANs To display the VLAN Querier Status page click Switching Multicast Support IGMP Snooping VLAN Querier Status in the navigation menu Figure 25 12 IGMP Snooping VLAN Querier Status ...

Page 729: ...age to view the multicast forwarding database MFDB IGMP Snooping Table and Forbidden Ports settings for individual VLANs To display the MFDB IGMP Snooping Table page click Switching Multicast Support IGMP Snooping MFDB IGMP Snooping Table in the navigation menu Figure 25 13 MFDB IGMP Snooping Table ...

Page 730: ...dd MLD members To access this page click Switching Multicast Support MLD Snooping General in the navigation panel Figure 25 14 MLD Snooping General Modifying MLD Snooping Settings for VLANs To configure MLD snooping 1 From the General MLD snooping page click Show All The MLD Snooping Table displays ...

Page 731: ...icast Features 731 Figure 25 15 MLD Snooping Table 2 Select the Edit checkbox for each VLAN to modify 3 Edit the MLD snooping fields as needed 4 Click Apply The MLD snooping settings are modified and the device is updated ...

Page 732: ...he Copy To checkbox for the VLANs that these parameters will be copied to 5 Click Apply The MLD snooping settings are modified and the device is updated MLD Snooping Global Querier Configuration Use the MLD Snooping Global Querier Configuration page to configure the parameters for the MLD snooping querier To display the Global Querier Configuration page click Switching Multicast Support MLD Snoopi...

Page 733: ...To display the MLD Snooping VLAN Querier page click Switching Multicast Support MLD Snooping VLAN Querier in the navigation menu Figure 25 17 MLD Snooping VLAN Querier Adding a New VLAN and Configuring its MLD Snooping VLAN Querier Settings To configure an MLD snooping VLAN querier 1 From the VLAN Querier page click Add The page refreshes and the Add VLAN page displays ...

Page 734: ... name 3 Return to the VLAN Querier page and select the new VLAN from the VLAN ID menu 4 Specify the VLAN querier settings 5 Click Apply The VLAN Querier settings are modified and the device is updated To view a summary of the IGMP snooping VLAN querier settings for all VLANs on the switch click Show All Figure 25 19 Add VLAN Querier ...

Page 735: ... Use the VLAN Querier Status page to view the MLD snooping querier settings for individual VLANs To display the VLAN Querier Status page click Switching Multicast Support MLD Snooping VLAN Querier Status in the navigation menu Figure 25 20 MLD Snooping VLAN Querier Status ...

Page 736: ... MFDB MLD Snooping Table page to view the MFDB MLD snooping table settings for individual VLANs To display the MFDB MLD Snooping Table page click Switching Multicast Support MLD Snooping MFDB MLD Snooping Table in the navigation menu Figure 25 21 MFDB MLD Snooping Table ...

Page 737: ...figuration page to enable the MVR feature and configure global parameters To display the MVR Global Configuration page click Switching MVR Configuration Global Configuration in the navigation panel Figure 25 22 MVR Global Configuration NOTE MVR is not supported on the PowerConnect M6220 ...

Page 738: ...configure MVR group members To display the MVR Members page click Switching MVR Configuration MVR Members in the navigation panel Figure 25 23 MVR Members Adding an MVR Membership Group To add an MVR membership group 1 From the MVR Membership page click Add The MVR Add Group page displays ...

Page 739: ... MVR Interface Configuration Use the MVR Interface Configuration page to enable MVR on a port configure its MVR settings and add the port to an MVR group To display the MVR Interface Configuration page click Switching MVR Configuration MVR Interface Configuration in the navigation panel Figure 25 25 MVR Interface Configuration ...

Page 740: ...ick Show All Figure 25 26 MVR Interface Summary Adding an Interface to an MVR Group To add an interface to an MVR group 1 From the MVR Interface page click Add Figure 25 27 MVR Add to Group 2 Select the interface to add to the MVR group 3 Specify the MVR group IP multicast address 4 Click Apply ...

Page 741: ...ace from an MVR Group To remove an interface from an MVR group 1 From the MVR Interface page click Remove Figure 25 28 MVR Remove from Group 2 Select the interface to remove from an MVR group 3 Specify the IP multicast address of the MVR group 4 Click Apply ...

Page 742: ...st Features MVR Statistics Use the MVR Statistics page to view MVR statistics on the switch To display the MVR Statistics page click Switching MVR Configuration MVR Statistics in the navigation panel Figure 25 29 MVR Statistics ...

Page 743: ...rs used by GVRP and GMRP on the switch To display the Timers page click Switching GARP Timers in the navigation panel Figure 25 30 GARP Timers Configuring GARP Timer Settings for Multiple Ports To configure GARP timers on multiple ports 1 Open the Timers page 2 Click Show All to display the GARP Timers Table ...

Page 744: ...Multicast Features Figure 25 31 Configure STP Port Settings 3 For each port or LAG to configure select the check box in the Edit column in the row associated with the port 4 Specify the desired timer values 5 Click Apply ...

Page 745: ... the same settings as the port selected in the Copy Parameters From field 3 Click Apply to copy the settings GMRP Parameters Use the GMRP Parameters page to configure the administrative mode of GMRP on the switch and on each port or LAG To display the GMRP Parameters page click Switching GARP GMRP Parameters in the navigation panel Figure 25 32 GMRP Parameters Configuring GMRP Parameters on Multip...

Page 746: ...ulticast Features Figure 25 33 GMRP Port Configuration Table 3 For each port or LAG to configure select the check box in the Edit column in the row associated with the port 4 Specify the desired timer values 5 Click Apply ...

Page 747: ...r LAGs list select the check box es in the Copy To column that will have the same settings as the port selected in the Copy Parameters From field 3 Click Apply to copy the settings MFDB GMRP Table Use the MFDB GMRP Table page to view all of the entries in the Multicast Forwarding Database that were created for the GMRP To display the MFDB GMRP Table page click Switching GARP MFDB GMRP Table in the...

Page 748: ...atic mac multicast address vlan vlan id interface interface id Register a MAC layer Multicast address in the bridge table mac multicast address MAC multicast address in the format xxxx xxxx xxxx or xx xx xx xx xx xx interface id A physical interface or port channel mac address table multicast forbidden address vlan vlan id mac multicast address ip multicast address add remove interface interface l...

Page 749: ...P report for a multicast group is not received in the number of seconds specified by the seconds value this port is deleted from the VLAN member list of that multicast group This command also enables IGMP snooping on the VLAN ip igmp snooping vlan vlan id last member query interval seconds Specify the leave time out value for the VLAN If an IGMP report for a multicast group is not received within ...

Page 750: ...ping querier on the switch or on the VLAN specified with the vlan id parameter Use the optional ip address parameter to specify the IP address that the snooping querier switch should use as the source address when generating periodic queries ip igmp snooping querier query interval interval count Set the IGMP snooping querier query interval time which is the amount of time in seconds that the switc...

Page 751: ... to Privileged EXEC mode show ip igmp snooping querier detail vlan vlan id View IGMP snooping querier settings configured on the switch on all VLANs or on the specified VLAN Command Purpose configure Enter global configuration mode ipv6 mld snooping vlan vlan id Enable MLD snooping on the specified VLAN ipv6 mld snooping vlan vlan id groupmembership interval seconds Specify the host time out value...

Page 752: ...ping vlan vlan id mcrtexpiretime seconds Specify the multicast router time out value for to associate with a VLAN This command sets the number of seconds to wait to age out an automatically learned multicast router port CTRL Z Exit to Privileged EXEC mode show ipv6 mld snooping vlan vlan id View the MLD snooping settings on the VLAN Command Purpose configure Enter global configuration mode ipv6 ml...

Page 753: ...ping querier address ipv6 address Specify the IP address that the snooping querier switch should use as the source address when generating periodic queries ipv6 mld snooping querier query interval interval count Set the MLD snooping querier query interval time which is the amount of time in seconds that the switch waits before sending another periodic query The range is 1 1800 seconds ipv6 mld sno...

Page 754: ...specify a range of ports with the interface range command for example interface range gigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 mvr Enable MVR on the port mvr immediate Enable MVR immediate leave mode on the port mvr type source receiver Specify the MVR port type mvr vlan vlan id group mcast address Allow the port to participate in the specified MVR group The vlan id paramete...

Page 755: ...value variable is in centiseconds The range is 10 100 for join 20 600 for leave and 200 6000 for leaveall gmrp enable Enable GMRP globally on the switch interface interface Enter interface configuration mode for the specified port or LAG The interface variable includes the interface type and number for example gigabitethernet 1 0 3 For a LAG the interface type is port channel You can also specify ...

Page 756: ... the topology that the scenarios in this case study use Figure 25 35 Case Study Topology The topology in Figure 25 35 includes the following elements Snooping Switches D1 D2 D3 with IGMP snooping enabled on VLANs 10 20 Multicast Router D4 with PIM SM enabled and IGMP snooping disabled on VLANs 10 20 Multicast Listeners Client A G ...

Page 757: ...a report for 239 20 30 42 2 The report is forwarded to multicast router D4 via D1 1 0 15 and D3 1 0 20 3 A forwarding entry is created by D1 for VLAN 20 239 20 30 42 1 0 8 1 0 15 4 Client G receives the multicast stream from Server B 5 D3 receives the multicast stream and it is forwarded to D4 because D4 is a multicast router 6 Client D sends a report for 239 20 30 42 7 The report is forwarded to ...

Page 758: ... 20 to reach their respective attached clients PIM SM is enabled and IGMP snooping is disabled on router D4 and IGMP snooping is enabled on D1 D2 and D3 Multicast Source and Listener directly connected to Multicast Router on the same routing VLAN Server A Client B 1 Because multicast routing is enabled on D4 VLAN 10 an IP multicast table entry is created to include D4 1 0 15 D4 1 0 20 as part of t...

Page 759: ...urce connected to Multicast Router via intermediate snooping switches and Listener directly connected to multicast router in a different routing interface Server B Client B Server A and Clients B C and E are on the same subnet VLAN10 192 168 10 70 24 Server B is in a different subnet VLAN20 192 168 20 70 24 1 Client B sends a report for 239 20 30 42 2 Multicast Router D4 learns group 239 20 30 42 ...

Page 760: ...el 1 3 The report from Client E is forwarded to D3 via D2 PortChannel 1 4 A multicast forwarding entry is created on D3 VLAN10 239 20 30 42 PortChannel 1 1 0 20 5 The report from Client E is forwarded to D4 via D3 1 0 20 6 Multicast Router D4 learns group 239 20 30 42 7 The multicast stream from Server B reaches D4 via trunk links because it is a multicast router 8 An IP multicast routing entry is...

Page 761: ...ag Configuration Example Dot1ag Overview With the emergence of Ethernet as a Metropolitan and Wide Area Networking technology different operators often work together to provide end to end services to enterprise customers This has driven the need of a new set of OAM Operations Administration and Maintenance Protocols Service Level Connectivity Fault Management CFM is the OAM protocol provision for ...

Page 762: ...s which can be nested but cannot overlap Each organization can have its own maintenance domain The MD level limits administrator access to the appropriate domain Figure 26 1 depicts three domains the customer subscribes to the services of a provider who in turn subscribes to the services of two operators This scenario is a likely one since no operator has complete coverage of a large region A serv...

Page 763: ... are software or sometimes hardware per service entities where CFM functionalities are present MEPs define the boundary of a maintenance domain They initiate and respond to CFM messages MEPs prevent the leaking of CFM messages between domains for example among operators or between operators and customers Each MEP has a configurable unique identifier MEPID in a maintenance domain MEPs periodically ...

Page 764: ... MA is a logical connection between one or more MEPs that enables monitoring a particular service instance Each MA is associated with a unique SVLAN ID An MA is identified by a maintenance association ID All MEPs in the MA are assigned the maintenance identifier MAID for the association An MD consists of one or more MAs at the same domain level Figure 26 3 depicts one provider level domain and two...

Page 765: ...he Administrator can also use utilities to troubleshoot connectivity faults when reported via SNMP traps All the domains within the customer domain should use different domain levels Configuration Tasks The administrator defines the maintenance domains by configuring the domain level from 0 7 and a name For each domain the administrator defines maintenance associations that are specified by a SVLA...

Page 766: ...lt and no maintenance domains associations or endpoints are configured by default Table 26 1 shows the global default values for Dot1ag When you configure an association between a VLAN and a maintenance domain the following default value applies When you associate endpoints with SVLAN IDs the following default values apply and are configurable Table 26 1 Dot1ag Global Defaults Parameter Default Va...

Page 767: ...the page Dot1ag Global Configuration Use the Global Configuration page to enable and disable the Dot1ag admin mode and to configure the time after which inactive RMEP messages are removed from the MEP database To display the page click Switching Dot1ag Global Configuration in the tree view Figure 26 4 Dot1ag Global Configuration Dot1ag MD Configuration Use the MD Configuration page to configure ma...

Page 768: ...guration page to associate a maintenance domain level with one or more VLAN ID provide a name for each maintenance association MA and to set the interval between continuity check messages sent by MEPs for the MA To display the page click Switching Dot1ag MA Configuration in the tree view Figure 26 6 Dot1ag MA Configuration ...

Page 769: ...the top of the page Dot1ag MEP Configuration Use the MEP Configuration page to define switch ports as Management End Points MEPs are configured per domain and per VLAN To display the page click Switching Dot1ag MEP Configuration in the tree view Figure 26 7 Dot1ag MEP Configuration ...

Page 770: ...elected domain before you configure a MEP to be used within an MA see the MA Configuration page Dot1ag MIP Configuration Use the MIP Configuration page to define a switch port as an intermediate bridge for a selected domain To display the page click Switching Dot1ag MIP Configuration in the tree view Figure 26 8 Dot1ag MIP Configuration ...

Page 771: ...MEP Summary Use the RMEP Summary page to view information on remote MEPs that the switch has learned through CFM PDU exchanges with MEPs on the switch To display the page click Switching Dot1ag RMEP Summary in the tree view Figure 26 9 Dot1ag RMEP Summary ...

Page 772: ...MEP ID or by its MAC address To display the page click Switching Dot1ag L2 Ping in the tree view Figure 26 10 Dot1ag L2 Ping Dot1ag L2 Traceroute Use the L2 Traceroute page to generate a Link Trace message from a specified MEP The MEP can be specified by the MAC address or by the remote MEP ID To display the page click Switching Dot1ag L2 Traceroute in the tree view ...

Page 773: ...1 Dot1ag L2 Traceroute Dot1ag L2 Traceroute Cache Use the L2 Traceroute Cache page to view link traces retained in the link trace database To display the page click Switching Dot1ag L2 Traceroute Cache in the tree view Figure 26 12 Dot1ag L2 Traceroute Cache ...

Page 774: ...vity Fault Management Dot1ag Statistics Use the Statistics page to view Dot1ag information for a selected domain and VLAN ID To display the page click Switching Dot1ag Statistics in the tree view Figure 26 13 Dot1ag Statistics ...

Page 775: ...net cfm enable Enables connectivity fault management services ethernet cfm mep archive hold time time Set the time interval range 1 65535 seconds after which inactive RMEPs are removed ethernet cfm cc level level vlan vlan id interval 1 10 60 600 Configure the Continuity Check Message CCM transmit interval for the specified VLAN ethernet cfm domain name level level Create a maintenance domain MD b...

Page 776: ... Define the port as a maintenance endpoint MEP and associate it with an SVLAN in a domain When the MEP is enabled it will generate CCM messages ethernet cfm mep level level direction up down mpid mep id vlan vlan id Enable a MEP at the specified level and direction ethernet cfm mep active Set the administrative state of the MEP to active ethernet cfm mip level level Create a MIP at the specified l...

Page 777: ... a loopback message from the MEP with the specified MAC address ping ethernet cfm remote mpid mep id Generate a loopback message from the MEP with the specified MEP ID traceroute ethernet cfm mac mac addr Generate a Link Trace message from the MEP with the specified MAC address traceroute ethernet cfm remote mpid mep id Generate a Link Trace message from the MEP with the specified MEP ID show ethe...

Page 778: ...traffic on the provider network Figure 26 14 Dot1ag Configuration for a Metro Ethernet Customer Network To configure the switch 1 Enable CFM globally on the switch and then create a level 6 management domain named CustDom for end to end CFM on the Metro Ethernet network VLAN 200 is associated with this domain console config console config ethernet cfm enable console config ethernet cfm domain Cust...

Page 779: ...enabled and activated as a MEP console config interface gigabitethernet 1 0 5 console config if Gi1 0 5 ethernet cfm mep level 6 direction down mpid 20 vlan 200 console config if Gi1 0 5 ethernet cfm mep enabled level 6 vlan 200 mpid 20 console config if Gi1 0 5 ethernet cfm mep active level 6 vlan 200 mpid 20 console config if Gi1 0 5 exit 3 On an intermediate switch configure the MIP for the cus...

Page 780: ...780 Configuring Connectivity Fault Management ...

Page 781: ...eb Configuring Traffic Snooping and Inspection CLI Traffic Snooping and Inspection Configuration Examples Traffic Snooping and Inspection Overview DHCP Snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP server to filter harmful DHCP messages and to build a bindings database The IPSG and DAI features use the DHCP Snooping bindings database to help enforce swit...

Page 782: ... specified on individual physical ports or LAGS that are members of a VLAN When a port or LAG is configured as untrusted it could potentially be used to launch a network attack DHCP servers must be reached through trusted ports DHCP snooping enforces the following security rules DHCP packets from a DHCP server DHCPOFFER DHCPACK DHCPNAK DHCPRELEASEQUERY are dropped if they are received on an untrus...

Page 783: ...tatic bindings into the binding database When a switch learns of new bindings or loses bindings the switch immediately updates the entries in the database The switch also updates the entries in the binding file The frequency at which the file is updated is based on a configurable delay and the updates are batched If the absolute lease time of the snooping database entry expires that entry is remov...

Page 784: ... and VLAN with the client interface and VLAN in the bindings database If the interfaces do not match the application logs the event and drops the message For valid client messages DHCP snooping compares the source MAC address to the DHCP client hardware address When there is a mismatch DHCP snooping drops the packet and generates a log message if logging of invalid packets is enabled If DHCP relay...

Page 785: ...ty controls source MAC address learning in the layer 2 forwarding database MAC address table When a frame is received with a previously unlearned source MAC address port security queries the IPSG feature to determine whether the MAC address belongs to a valid binding If IPSG is disabled on the ingress port IPSG replies that the MAC is valid If IPSG is enabled on the ingress port IPSG checks the bi...

Page 786: ...on the interfaces physical ports or LAGs that are members of that VLAN Individual interfaces are configured as trusted or untrusted The trust configuration for DAI is independent of the trust configuration for DHCP snooping Optional DAI Features If the network administrator has configured the option DAI verifies that the sender MAC address equals the source MAC address in the Ethernet header There...

Page 787: ...tion from the rogue DHCP server However if the workstation with the rogue DHCP server is connected to a port that is configured as untrusted and is a member of a DHCP Snooping enabled VLAN the port discards the DHCP server messages Default Traffic Snooping and Inspection Values DHCP snooping is disabled globally and on all VLANs by default Ports are untrusted by default Table 27 1 Traffic Snooping...

Page 788: ...P Disabled DAI trust state Disabled untrusted DAI Rate limit 15 packets per second DAI Burst interval 1 second DAI mode Disabled on all VLANs DAI logging invalid packets Disabled DAI ARP ACL None configured DAI Static flag Disabled validation by ARP ACL and DHCP snooping binding database Table 27 1 Traffic Snooping Defaults Continued Parameter Default Value ...

Page 789: ...0 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page DHCP Snooping Configuration Use the DHCP Snooping Configuration page to control the DHCP Snooping mode on the switch and to specify whether the sender MAC Address for DHCP Snooping must be validated To access the DHCP Snooping Configuration page click Switching DHCP Snooping Global Configuration in the...

Page 790: ...nooping Interface Configuration page to configure the DHCP Snooping settings on individual ports and LAGs To access the DHCP Snooping Interface Configuration page click Switching DHCP Snooping Interface Configuration in the navigation panel Figure 27 3 DHCP Snooping Interface Configuration ...

Page 791: ...Snooping and Inspecting Traffic 791 To view a summary of the DHCP snooping configuration for all interfaces click Show All Figure 27 4 DHCP Snooping Interface Configuration Summary ...

Page 792: ...ion Use the DHCP Snooping VLAN Configuration page to control the DHCP snooping mode on each VLAN To access the DHCP Snooping VLAN Configuration page click Switching DHCP Snooping VLAN Configuration in the navigation panel Figure 27 5 DHCP Snooping VLAN Configuration ...

Page 793: ...Snooping and Inspecting Traffic 793 To view a summary of the DHCP snooping status for all VLANs click Show All Figure 27 6 DHCP Snooping VLAN Configuration Summary ...

Page 794: ...bindings database can be stored locally on the switch or on a remote system somewhere else in the network The switch must be able to reach the IP address of the remote system to send bindings to a remote database To access the DHCP Snooping Persistent Configuration page click Switching DHCP Snooping Persistent Configuration in the navigation panel Figure 27 7 DHCP Snooping Persistent Configuration...

Page 795: ...ooping Static Bindings Configuration page to add static DHCP bindings to the binding database To access the DHCP Snooping Static Bindings Configuration page click Switching DHCP Snooping Static Bindings Configuration in the navigation panel Figure 27 8 DHCP Snooping Static Bindings Configuration ...

Page 796: ...Traffic To view a summary of the DHCP snooping status for all VLANs click Show All Figure 27 9 DHCP Snooping Static Bindings Summary To remove a static binding select the Remove checkbox associated with the binding and click Apply ...

Page 797: ... Dynamic Bindings Summary lists all the DHCP snooping dynamic binding entries learned on the switch ports To access the DHCP Snooping Dynamic Bindings Summary page click Switching DHCP Snooping Dynamic Bindings Summary in the navigation panel Figure 27 10 DHCP Snooping Dynamic Bindings Summary ...

Page 798: ...nooping Statistics The DHCP Snooping Statistics page displays DHCP snooping interface statistics To access the DHCP Snooping Statistics page click Switching DHCP Snooping Statistics in the navigation panel Figure 27 11 DHCP Snooping Statistics ...

Page 799: ...uration Use the IPSG Interface Configuration page to configure IPSG on an interface To access the IPSG Interface Configuration page click Switching IP Source Guard IPSG Interface Configuration in the navigation panel Figure 27 12 IPSG Interface Configuration ...

Page 800: ...ation Use the IPSG Binding Configuration page displays DHCP snooping interface statistics To access the IPSG Binding Configuration page click Switching IP Source Guard IPSG Binding Configuration in the navigation panel Figure 27 13 IPSG Binding Configuration ...

Page 801: ...page displays the IPSG Static binding list and IPSG dynamic binding list the static bindings configured in Binding configuration page To access the IPSG Binding Summary page click Switching IP Source Guard IPSG Binding Summary in the navigation panel Figure 27 14 IPSG Binding Summary ...

Page 802: ...iguration Use the DAI Configuration page to configure global DAI settings To display the DAI Configuration page click Switching Dynamic ARP Inspection Global Configuration in the navigation panel Figure 27 15 Dynamic ARP Inspection Global Configuration ...

Page 803: ...terface for which information is to be displayed or configured To display the DAI Interface Configuration page click Switching Dynamic ARP Inspection Interface Configuration in the navigation panel Figure 27 16 Dynamic ARP Inspection Interface Configuration To view a summary of the DAI status for all interfaces click Show All ...

Page 804: ...804 Snooping and Inspecting Traffic Figure 27 17 DAI Interface Configuration Summary ...

Page 805: ...s to be displayed or configured To display the DAI VLAN Configuration page click Switching Dynamic ARP Inspection VLAN Configuration in the navigation panel Figure 27 18 Dynamic ARP Inspection VLAN Configuration To view a summary of the DAI status for all VLANs click Show All Figure 27 19 Dynamic ARP Inspection VLAN Configuration Summary ...

Page 806: ...figuration Use the DAI ACL Configuration page to add or remove ARP ACLs To display the DAI ACL Configuration page click Switching Dynamic ARP Inspection ACL Configuration in the navigation panel Figure 27 20 Dynamic ARP Inspection ACL Configuration ...

Page 807: ...n ACL Summary To remove an ARP ACL select the Remove checkbox associated with the ACL and click Apply DAI ACL Rule Configuration Use the DAI ARP ACL Rule Configuration page to add or remove DAI ARP ACL Rules To display the DAI ARP ACL Rule Configuration page click Switching Dynamic ARP Inspection ACL Rule Configuration in the navigation panel ...

Page 808: ... ARP Inspection Rule Configuration To view a summary of the ARP ACL rules that have been created click Show All Figure 27 23 Dynamic ARP Inspection ACL Rule Summary To remove an ARP ACL rule select the Remove checkbox associated with the rule and click Apply ...

Page 809: ...9 DAI Statistics Use the DAI Statistics page to display the statistics per VLAN To display the DAI Statistics page click Switching Dynamic ARP Inspection Statistics in the navigation panel Figure 27 24 Dynamic ARP Inspection Statistics ...

Page 810: ... message ip dhcp snooping log invalid Enable the logging of DHCP messages filtered by the DHCP Snooping application ip dhcp snooping binding mac address vlan vlan id ip address interface interface Configure a static binding in the DHCP snooping static bindings database mac address The client s MAC address vlan id The number of the VLAN the client is authorized to use ip address The IP address of t...

Page 811: ...net 1 0 8 12 configures interfaces 8 9 10 11 and 12 ip dhcp snooping trust Configure the interface or range of interfaces as a trusted port DHCP server messages are not filtered on trusted ports exit Exit to Global Configuration mode interface range vlan vlan id Enter interface configuration mode for the specified VLAN or range of VLANs CTRL Z Exit to Privileged EXEC mode show ip dhcp snooping int...

Page 812: ... in the packet is not in the DHCP snooping binding database Use the option port security keyword to also prevent packet forwarding if the sender MAC address is not in forwarding database table or the DHCP snooping binding database NOTE To enforce filtering based on the source MAC address port security must also be enabled on the interface by using the port security command in Interface Configurati...

Page 813: ...d For example if a command enables source MAC address and destination validations and a second command enables IP address validation only the source MAC address and destination MAC address validations are disabled as a result of the second command src mac For validating the source MAC address of an ARP packet dst mac For validating the destination MAC address of an ARP packet ip For validating the...

Page 814: ...ace Use the keyword none to specify that the interface is not rate limited for Dynamic ARP Inspection none To set no rate limit pps Packets per second Range 0 300 seconds The number of seconds Range 1 15 ip arp inspection trust Specify that the interface as trusted for Dynamic ARP Inspection CTRL Z Exit to Privileged EXEC mode show ip arp inspection interfaces interface View the Dynamic ARP Inspec...

Page 815: ...aximum number of DHCP packets with a rate limit of 100 packets per second LAG 1 which is also a member of VLAN 100 and contains ports 21 24 is the trunk port that connects the switch to the data center so it is configured as a trusted port Figure 27 25 DHCP Snooping Configuration Topology The commands in this example also enforce rate limiting and remote storage of the bindings database The switch...

Page 816: ... per second LAG 1 is a trusted port and keeps the default value for rate limiting unlimited console config interface range gi1 0 1 20 console config if ip dhcp snooping limit rate 100 console config if exit 4 Specify that the DHCP snooping database is to be stored remotely in a file called dsDb txt on a TFTP server with and IP address of 10 131 11 1 console config ip dhcp snooping database tftp 10...

Page 817: ...configure the switch 1 Enter interface configuration mode for the host ports and enable IPSG console config interface range gi1 0 1 20 console config if ip verify source port security 2 Enable port security on the ports console config if port security 3 View IPSG information console show ip verify source More or q uit Interface Filter IP Address MAC Address Vlan Gi1 0 1 ip mac 192 168 3 45 00 1C 2...

Page 818: ...818 Snooping and Inspecting Traffic ...

Page 819: ...ation The maximum number of LAGs that may be configured is limited to the maximum number of ports possible in the switch stack or stand alone switch divided by two This allows for a flexible configuration of LAGs where LAGs may have up to eight ports or as few as two ports You can configure LAGs until all ports in the system are assigned to a LAG Assignment of interfaces to dynamic LAGs is based o...

Page 820: ...ndwidth between two switches This is accomplished by effectively aggregating multiple ports together that act as a single logical connection between the two switches LAGs also provide redundancy If a link fails traffic is automatically redistributed across the remaining links What Is the Difference Between Static and Dynamic Link Aggregation Link aggregation can be configured as either dynamic or ...

Page 821: ...among the physical ports of the LAG while preserving the per flow packet order The hashing algorithm uses various packet attributes to determine the outgoing physical port The switch supports the following set of packet attributes to be used for hash computation Source MAC VLAN EtherType and incoming port Destination MAC VLAN EtherType and incoming port Source IP and Source TCP UDP port numbers De...

Page 822: ... be configured when it s a member of a LAG However this configuration is only actually applied when the port leaves the LAG The LAG interface can be a member of a VLAN complying with IEEE 802 1Q STP Spanning tree does not maintain state for members of a LAG but the Spanning Tree does maintain state for the LAG interface As far as STP is concerned members of a LAG do not exist Internally the STP st...

Page 823: ...me speed and must be in full duplex mode The port cannot be a mirrored port The following are the interface restrictions The configured speed of a LAG member cannot be changed An interface can be a member of only one LAG Default Link Aggregation Values The LAGs on the switch are created by default but no ports are members Table 28 1 summarizes the default values for the MAC address table Table 28 ...

Page 824: ...nitoring LAGs on a PowerConnect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page LAG Configuration Use the LAG Configuration page to set the name and administrative status up down of a LAG To display the LAG Configuration page click Switching Ports LAG Configuration in the navigation panel Figure 28 2 LAG Configuration ...

Page 825: ...the LACP Parameters page to configure LACP LAGs To display the LACP Parameters page click Switching Link Aggregation LACP Parameters in the navigation panel Figure 28 3 LACP Parameters Configuring LACP Parameters for Multiple Ports To configure LACP settings 1 Open the LACP Parameters page 2 Click Show All The LACP Parameters Table page displays ...

Page 826: ...onfiguring Link Aggregation Figure 28 4 LACP Parameters Table 3 Select the Edit check box associated with each port to configure 4 Specify the LACP port priority and LACP timeout for each port 5 Click Apply ...

Page 827: ...ership in the navigation panel Figure 28 5 LAG Membership Adding a Port to a Static LAG To add a static LAG member 1 Open the LAG Membership page 2 Click in the LAG row to toggle the port to the desired LAG The LAG number displays for that port The LAG number increases each time you click until the number reaches the maximum LAG number and then returns to blank no LAG assigned 3 Click Apply The po...

Page 828: ...t is added as a dynamic LAG member to the selected LAG LAG Hash Configuration Use the LAG hash algorithm to set the traffic distribution mode on the LAG You can set the hash type for each LAG To display the LAG Hash Configuration page click Switching Link Aggregation LAG Hash Configuration in the navigation panel Figure 28 6 LAG Hash Configuration NOTE The port must be assigned to a LAG before it ...

Page 829: ...ummary The LAG Hash Summary page lists the channels on the system and their assigned hash algorithm type To display the LAG Hash Summary page click Switching Link Aggregation LAG Hash Summary in the navigation panel Figure 28 7 LAG Hash Summary ...

Page 830: ...interface Enter interface configuration mode for the specified LAG The interface variable includes the interface type which is port channel and the LAG number for example port channel 3 You can also specify a range of LAGs with the interface range port channel command for example interface range port channel 3 6 configures LAGs 3 4 5 and 6 description description Configure a description for the LA...

Page 831: ...ures interfaces 8 9 10 11 and 12 channel group port channel number mode on auto Add the port s to the LAG specified with the port channel number value Use the auto keyword to add the port s as dynamic members or use on to specify that the LAG membership is static port channel number Number of a valid port channel for the current port to join on Forces the port to join a channel without LACP static...

Page 832: ... ID 3 Source IP and source TCP UDP port 4 Destination IP and destination TCP UDP port 5 Source destination MAC VLAN EtherType and source MODID port 6 Source destination IP and source destination TCP UDP port 7 Enhanced hashing mode CTRL Z Exit to Privileged EXEC mode show interfaces port channel port channel number View LAG information for the specified LAG or for all LAGs show statistics port cha...

Page 833: ...LAG You can also specify a range of LAGs to configure with the interface range port channel command for example interface range port channel 1 3 10 configures LAGs 1 2 3 and 10 lacp port priority value Set the Link Aggregation Control Protocol priority for the port or range of ports The priority value range is 1 65535 lacp timeout long short Specify whether to wait a long or short time between LAC...

Page 834: ...ion mode for the ports that are to be configured as LAG members console config interface range gi1 0 1 3 gi1 0 6 7 2 Add the ports to LAG 2 with LACP console config if channel group 1 mode active 3 View information about LAG 1 console show interfaces port channel 1 NOTE The examples in this section show the configuration of only one switch Because LAGs involve physical links between two switches t...

Page 835: ... 1 Enter interface configuration mode for the ports that are to be configured as LAG members console config interface range gi1 0 10 12 gi1 0 14 gi1 0 17 2 Add the ports to LAG 2 without LACP console config if channel group 2 mode on 3 View information about LAG 2 console show interfaces port channel 2 Channel Ports Hash Algorithm Ch Type min links Po2 Inactive Gi1 0 10 Gi1 0 11 Gi1 0 12 Gi1 0 14 ...

Page 836: ...836 Configuring Link Aggregation ...

Page 837: ...8024 k switches support Data Center Bridging DCB features to increase the reliability of Ethernet based networks in the data center The Ethernet enhancements that DCB provides are well suited for Fibre Channel over Ethernet FCoE environments and iSCSI applications Table 29 1 provides a summary of the features this chapter describes NOTE Data Center features are supported only on the PCM8024 k for ...

Page 838: ...y connected peers FIP Snooping Inspects and monitors FIP frames and applies policies based upon the L2 header information in those frames Table 29 2 Default Port Based Traffic Control Values Feature Default PFC PCM8024 k only Disabled no priority classifications are configured DCBx version Auto detect FIP snooping Disabled globally and on all VLANs FC map value 0x0efc00 FIP snooping port mode Host...

Page 839: ...1p priority value These priority values must be mapped to internal class of service CoS values The PFC feature allows you to specify the CoS values that should be paused due to greater loss sensitivity instead of dropped when congestion occurs on a link Unless configured as no drop all CoS priorities are considered non pausable drop when priority based flow control is enabled until no drop is spec...

Page 840: ...ed on the interface so that the 802 1p priority values are carried through the network see VLAN Tagging on page 565 Additionally make sure that 802 1p priority values are mapped to CoS values see Configuring Class of Service on page 1153 If DCBX is enabled the manually configured PFC parameters no drop priorities must match the peers PFC parameters If they do not match PFC will not be operationall...

Page 841: ...riorities are subject to being paused to prevent data loss To display the PFC Configuration page click Switching PFC PFC Configuration in the navigation menu Figure 29 1 PFC Configuration PFC Statistics Page Use the PFC Statistics page to view the PFC statistics for interfaces on the switch To display the PFC Statistics page click Switching PFC PFC Statistics in the navigation menu ...

Page 842: ...ng in Privileged EXEC mode use the following commands to configure PFC NOTE If DCBx is enabled and the switch is set to autoconfigure from a DCBX peer configuring PFC is not necessary because the DCBx protocol automatically configures the PFC parameters Command Purpose configure Enter global configuration mode ...

Page 843: ...rity flow control to enable if the lldp dcbx port role auto down or lldp dcbx port role auto up command has already been applied priority flow control priority priority id drop no drop Use the no drop option to enable the priority group for lossless behavior To enable lossy behavior use the drop form of the command priority id Specify the IEEE 802 1p priority value range 0 7 NOTE Only two queues c...

Page 844: ...p priority 5 to traffic class 4 The following command changes the priority to traffic class mapping to be one to one based upon the default switch settings For lossless service a priority must be mapped one to one to a traffic class For more information about traffic classes see Configuring Class of Service on page 1153 console configure console config classofservice dot1p mapping 5 4 2 Enter Inte...

Page 845: ...ata Center Bridging Features 845 4 Enable VLAN tagging on the ports so the 802 1p priority is identified Trunk mode can also be enabled on port channels console config if switchport mode trunk console config if exit ...

Page 846: ...because some features may allow asymmetric configuration Peer configuration of DCB features DCBx can be used by a device to perform configuration of DCB features in its peer device if the peer device is willing to accept configuration DCBx is expected to be deployed in Fibre Channel over Ethernet FCoE topologies in support of lossless operation for FCoE traffic In these scenarios all network eleme...

Page 847: ...y DCBx device based on the OUI of the organization TLV then the switch changes its DCBx mode on that port to support the version detected There is no timeout mechanism to move back to IEEE mode If the DCBx peer times out multiple peers are detected the link is reset link down up or if commanded by the operator DCBx resets its operational mode to IEEE The interaction between the DCBx component and ...

Page 848: ...lso willing to accept a configuration from the link partner and propagate it internally to the auto downstream ports as well as receive configuration propagated internally by other auto upstream ports Specifically the willing parameter is enabled on the port and the recommendation TLV is sent to the peer and processed if received locally The first auto upstream port to successfully accept a compat...

Page 849: ... by the operator set the port to the manual role Since it is not possible to configure the port role for a port channel it is recommended that the individual links have an identical port role configured on all links in the port channel auto up or auto down Since only one port in the system can be configured as the configuration source configuring interfaces as auto up is a preferable alternative t...

Page 850: ...over the configuration source port are propagated to the other auto configuration ports Ports receiving auto configuration information from the configuration source ignore their current settings and utilize the configuration source information When a configuration source is selected all auto upstream ports other than the configuration source are marked as willing disabled To reduce flapping of con...

Page 851: ...ring DCBx You can use the CLI to configure DCBx Beginning in Privileged EXEC mode use the following commands to configure DCBx Command Purpose configure Enter global configuration mode lldp dcbx version auto cin cee ieee Optionally configure the administrative version for the DCBx protocol auto Automatically select the version based on the peer response default cin Force the mode to Cisco Intel Nu...

Page 852: ...nge of interfaces with the interface range command for example interface range tengigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 lldp tlv select dcbxp pfc application priority Override the global configuration for the LLDP DCBx TLVs on this interface Entering the command with no parameters enables transmission of all TLVs pfc Transmit the PFC configuration TLV application priority...

Page 853: ...uld be connected to a trusted FCF manual Ports operating in the Manual role do not have their configuration affected by peer devices or by internal propagation of configuration These ports will advertise their configuration to their peer if DCBx is enabled on that port The willing bit is set to disabled on manual role ports configuration source In this role the port has been manually selected to b...

Page 854: ...by preventing FCoE MAC spoofing The role of FIP snooping enabled ports on the switch falls under one of the following types Perimeter or Edge port connected directly to a Fibre Channel end node or ENode Fibre Channel forwarder FCF facing port that receives traffic from FCFs targeted to the ENodes The default port role in an FCoE enabled VLAN is as a perimeter port FCF facing ports are configured b...

Page 855: ...e hosts toward the Fibre Channel forwarders FCFs such as an FC router that has a direct FC link into storage the switch needs to know the interfaces the FCFs are on By default an interface is configured to be a host facing interface not an FCF facing interface Dell recommends that FCF facing ports be placed into auto upstream mode in order to receive DCBx information and propagate it to the Conver...

Page 856: ...de feature fip snooping Globally enable FIP snooping on the switch vlan vlan_id Enter VLAN configuration mode for a VLAN or range of VLANs fip snooping enable Enable the snooping of FIP packets on the specified VLAN or VLAN range FIP snooping must be enabled on both the native VLAN on trunk ports and all VLANs configured to carry FCoE traffic fip snooping fc map fc_map_value Optionally configure t...

Page 857: ...tive FIP snooping sessions show fip snooping fcf fcf mac Display information about the interfaces connected to Fibre Channel forwarder FCF Use the optional fcf mac parameter to display additional information about the session with the specified FCF device show fip snooping enode enode mac Display information about the interfaces connected to FCoE end nodes ENodes Use the optional enode mac paramet...

Page 858: ...onsole config feature fip snooping 2 Create VLAN 100 This command also enters the VLAN configuration mode for VLAN 100 console config vlan 100 console config vlan100 fip snooping enable console config vlan100 exit 3 Enter Interface Configuration mode for ports 1 2 3 16 and 17 console config interface range te1 0 1 3 te1 0 16 17 4 Enable VLAN tagging to allow the ports to carry 802 1p priority valu...

Page 859: ...sole config if exit 9 Optionally use the FIP snooping show commands to verify the configuration view FIP snooping sessions and view information about the ports that are connected to end nodes or FCFs Enhanced Transmission Selection Operation with DCBx PowerConnect M8024 k switches can act as a proxy for ETS information via the auto configuration mechanism ETS information received from the configur...

Page 860: ...860 Configuring Data Center Bridging Features ...

Page 861: ...ss Table Populated The MAC address table can contain two types of addresses Static The address has been manually configured and does not age out Dynamic The address has been automatically learned by the switch and can age out when it is not in use Static addresses are configured by the administrator and added to the table Dynamic addresses are learned by examining information in the Ethernet frame...

Page 862: ...ress can be associated with multiple VLANs How Is the MAC Address Table Maintained Across a Stack The MAC address table is synchronized across all stack members When a member joins the stack its previous MAC address table is overwritten by the table maintained by the stack Default MAC Address Table Values Table 30 1 summarizes the default values for the MAC address table Table 30 1 MAC Address Tab...

Page 863: ...k at the top of the page Static Address Table Use the Static Address Table page to view MAC addresses that have been manually added to the MAC address table and to configure static MAC addresses To display the Static Address Table page click Switching Address Tables Static Address Table in the navigation panel Figure 30 1 Static MAC Address Adding a Static MAC Address To add a static MAC address 1...

Page 864: ...0 2 Adding Static MAC Address 3 Select the interface to associate with the static address 4 Specify the MAC address and an associated VLAN ID 5 Click Apply The new static address is added to the Static MAC Address Table and the device is updated ...

Page 865: ... VLAN and table sorting key Packets forwarded to an address stored in the address table are forwarded directly to those ports The Dynamic Address Table also contains information about the aging time before a dynamic MAC address is removed from the table To display the Dynamic Address Table click Switching Address Tables Dynamic Address Table in the navigation panel Figure 30 3 Dynamic Address Tabl...

Page 866: ...including the interface type and number mac address table aging time 0 10 1000000 Specify the number of seconds that must pass before an unused dynamically learned MAC address is removed from the MAC address table A value of 0 disables the aging time for the MAC address table exit Exit to Privileged EXEC mode show mac address table static dynamic View information about the entries in the MAC addre...

Page 867: ...ee IP Routing Configuration Example on page 928 in the Configuring IP Routing chapter For a configuration example that includes tunnel and loopback interface creation see Interconnecting an IPv4 Backbone and Local IPv6 Network on page 1030 Routing Interface Overview Routing interfaces are logical interfaces that can be configured with an IP address Routing interfaces provide a means of transmittin...

Page 868: ...r for only some of the VLANs on the port VLAN Routing can be used to allow more than one physical port to reside on the same subnet It could also be used when a VLAN spans multiple physical networks or when additional segmentation or security is required What Are Loopback Interfaces A loopback interface is a logical interface that is always up and because it cannot go down allows the switch to hav...

Page 869: ...ncrypted PowerConnect M6220 M6348 M8024 and M8024 k switches support tunnels to encapsulate IPv6 traffic in IPv4 tunnels to provide functionality to facilitate the transition of IPv4 networks to IPv6 networks The switch supports two types of tunnels configured 6 in 4 and automatic 6 to 4 Configured tunnels have an explicit configured endpoint and are considered to be point to point interfaces Auto...

Page 870: ...equired when the switch is used as a layer 3 device VLAN routing must be configured to allow the switch to forward IP traffic between subnets and allow hosts in different networks to communicate In Figure 31 1 the PowerConnect switch is configured as an L3 device and performs the routing functions for hosts connected to the L2 switches For Host A to communicate with Host B no routing is necessary ...

Page 871: ...ere you need to send traffic to a switch such as in switch management The loopback interface IP address is a good choice for communicating with the switch in these cases because the loopback interface cannot go down when the switch is powered on and operational Tunnel Interface Tunnels can be used in networks that support both IPv6 and IPv4 The tunnel allows non contiguous IPv6 networks to be conn...

Page 872: ... values However when you create a loopback interface the default values are similar to those of VLAN routing interfaces as Table 31 1 shows When you create a tunnel it has the default values shown in Table 31 2 Table 31 1 VLAN Routing Interface and Loopback Interface Defaults Parameter Default Value Forward Net Directed Broadcasts Disabled Encapsulation Type Ethernet N A for loopbacks Proxy Arp En...

Page 873: ...48 M8024 M8024 k switch For details about the fields on a page click at the top of the page IP Interface Configuration Use the IP Interface Configuration page to update IP interface data for this switch The IP interface configuration includes the ability to configure the bandwidth Destination Unreachable messages and ICMP Redirect messages To display the page click Routing IP IP Interface Configur...

Page 874: ...o an interface by the DHCP server To display the page click Routing IP DHCP Lease Parameters in the navigation panel Figure 31 3 DHCP Lease Parameters VLAN Routing Summary Use the VLAN Routing Summary page to view summary information about VLAN routing interfaces configured on the switch To display the page click Routing VLAN Routing Summary in the navigation panel ...

Page 875: ...gure 31 4 VLAN Routing Summary Tunnel Configuration Use the Tunnels Configuration page to create configure or delete a tunnel To display the page click Routing Tunnels Configuration in the navigation panel Figure 31 5 Tunnel Configuration ...

Page 876: ...ring Routing Interfaces Tunnels Summary Use the Tunnels Summary page to display a summary of configured tunnels To display the page click Routing Tunnels Summary in the navigation panel Figure 31 6 Tunnels Summary ...

Page 877: ...oopbacks Configuration page to create configure or remove loopback interfaces You can also set up or delete a secondary address for a loopback To display the page click Routing Loopbacks Loopbacks Configuration in the navigation panel Figure 31 7 Loopback Configuration ...

Page 878: ...s Loopbacks Summary Use the Loopbacks Summary page to display a summary of configured loopback interfaces on the switch To display the page click Routing Loopbacks Loopbacks Summary in the navigation panel Figure 31 8 Loopbacks Summary ...

Page 879: ...dress subnet_mask secondary Configure the IP address Use the dhcp keyword to enable the DHCP client and obtain an IP address from a network DHCP server Use none to release the address obtained from the DHCP server Use ip_address and subnet_mask to assign a static IP address If you configure a static address you can use the secondary keyword to specify that the address is a secondary IP address ip ...

Page 880: ...is 1 10000000 ip unreachables Allow the switch to send ICMP Destination Unreachable messages in response to packets received on the interface ip redirects Allow the switch to send ICMP Redirect messages in response to packets received on the interface exit Exit to Global Config mode ip default gateway ip_address Configure the default gateway All switch interfaces use the same default gateway exit ...

Page 881: ...loopback id Create the loopback interface and enter Interface Configuration mode for the specified loopback interface ip address ip_address subnet_mask secondary Configure a static IP address and subnet mask Use the secondary keyword to specify that the address is a secondary IP address CTRL Z Exit to Privileged EXEC mode show ip interface loopback loopback id View interface configuration informat...

Page 882: ...tunnel tunnel mode ipv6ip 6to4 Specify the mode of the tunnel If you use the 6to4 keyword the tunnel is an automatic tunnel If you omit the keyword the tunnel is a point to point configured tunnel ipv6 enable Enable IPv6 on this interface using the Link Local address tunnel source ipv4addr vlan vlan id Specify the source transport address of the tunnel either which can be an IPv4 address or a VLAN...

Page 883: ...P is generally used between clients and servers for the purpose of assigning IP addresses gateways and other network settings such as DNS and SNTP server information How Does DHCP Work When a host connects to the network the host s DHCP client broadcasts a message requesting information from any DHCP server that receives the broadcast One or more DHCP servers respond to the request The response in...

Page 884: ...vers and so on When a client broadcasts a request for information the request includes the option codes that correspond to the information the client wants the DHCP server to supply The Web pages and CLI commands to configure DHCP server settings include many predefined options for the information that is most commonly requested by DHCP clients For example DHCP client discover requests typically i...

Page 885: ...guration on individual ports link aggregation groups LAGs and VLANs For information about Layer 2 and Layer 3 DHCP Relay see Configuring L2 and L3 Relay Features on page 931 DHCP Snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP server It filters harmful DHCP messages and builds a bindings database of MAC address IP address VLAN ID port tuples that are speci...

Page 886: ...0 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page DHCP Server Network Properties Use the Network Properties page to define global DHCP server settings and to configure addresses that are not included in any address pools To display the Network Properties page click Routing IP DHCP Server Network Properties in the navigation panel Figure 32 2 DHCP Serv...

Page 887: ...ld is the only address to exclude or if the excluded addresses are non contiguous leave the To field as the default value of 0 0 0 0 Otherwise enter the last IP address to excluded from a contiguous range of IP addresses In Figure 32 3 the From field contains the IP address 192 168 2 1 and the To field contains the IP address 192 168 2 5 This means that the following IP addresses are not available...

Page 888: ...e Excluded Addresses page 3 Select the check box next to the address or address range to delete Figure 32 4 Delete Excluded Addresses 4 Click Apply Address Pool Use the Address Pool page to create the pools of IP addresses and other network information that can be assigned by the server To display the Address Pool page click Routing IP DHCP Server Address Pool in the navigation panel ...

Page 889: ...twork Pool to display the Add Network Pool page 3 Assign a name to the pool and complete the desired fields In Figure 32 6 the network pool name is Engineering and the address pool contains all IP addresses in the 192 168 5 0 subnet which means a client that receives an address from the DHCP server might lease an address in the range of 192 168 5 1 to 192 168 5 254 ...

Page 890: ...the primary and secondary DNS servers 4 Click Apply Adding a Static Pool To create and configure a static pool of IP addresses 1 Open the Address Pool page 2 Click Add Static Pool to display the Add Static Pool page 3 Assign a name to the pool and complete the desired fields NOTE The IP address 192 168 5 1 should be added to the global list of excluded addresses so that it is not leased to a clien...

Page 891: ...d the name of the client in the pool is LabHost1 The client s MAC address is mapped to the IP address 192 168 11 54 the default gateway is 192 168 11 1 and the DNS servers the client will use have IP addresses of 192 168 5 100 and 192 168 2 5 Figure 32 7 Add Static Pool 4 Click Apply ...

Page 892: ...Server Address Pool Options in the navigation panel Figure 32 8 Address Pool Options Defining DHCP Options To configure DHCP options 1 Open the Address Pool page 2 Select the Add Options check box 3 Select the check box that corresponds to the value type ASCII Hexadecimal or IP address 4 Specify the value s in the corresponding field Figure 32 9 shows an example of adding the SMTP server IP addres...

Page 893: ...Configuring DHCP Server Settings 893 Figure 32 9 Add DHCP Option 5 Click Apply 6 To verify that the option has been added to the address pool open the Address Pool Options page ...

Page 894: ...l Options DHCP Bindings Use the DHCP Bindings page to view information about the clients that have leased IP addresses from the DHCP server To display the DHCP Bindings page click Routing IP DHCP Server DHCP Bindings in the navigation panel Figure 32 11 DHCP Bindings ...

Page 895: ... clear the client bindings for one or more clients You can also reset bindings for clients that have leased an IP address that is already in use on the network To display the Reset Configuration page click Routing IP DHCP Server Reset Configuration in the navigation panel Figure 32 12 Reset DHCP Bindings ...

Page 896: ...cts Information page to view information about clients that have leased an IP address that is already in use on the network To display the Conflicts Information page click Routing IP DHCP Server Conflicts Information in the navigation panel Figure 32 13 DHCP Server Conflicts Information ...

Page 897: ...ver Statistics page to view general DHCP server statistics messages received from DHCP clients and messages sent to DHCP clients To display the Server Statistics page click Routing IP DHCP Server Server Statistics in the navigation panel Figure 32 14 DHCP Server Statistics ...

Page 898: ...Configuration mode service dhcp Enable the DHCP server ip dhcp ping packets Specify the number in a range from 2 10 of packets a DHCP server sends to a pool address as part of a ping operation ip dhcp conflict logging Enable conflict logging on DHCP server ip dhcp bootp automatic Enable the allocation of the addresses to the BootP client ip dhcp excluded address lowaddress highaddress Specify the ...

Page 899: ... infinite Specify the duration of the lease for an IP address that is assigned from a DHCP server to a DHCP client duration Days the lease is valid You can optionally specify the hours and minutes after specifying the days infinite 60 day lease default router address1 address2 address8 Specify the list of default gateway IP addresses to be assigned to the DHCP client dns server address1 address2 a...

Page 900: ... hexadecimal format type Indicates the protocol of the hardware platform It is 1 for Ethernet and 6 for IEEE 802 client identifier uniqueidentifier Specify the unique identifier for a DHCP client The unique identifier is a valid notation in hexadecimal format In some systems such as Microsoft DHCP clients the client identifier is required instead of hardware addresses The unique identifier is a co...

Page 901: ...o Privileged EXEC mode show ip dhcp pool configuration name all View the settings for the specified address pool or for all configured address pools Command Purpose show ip dhcp binding address View the current binding information in the DHCP server database Specify the IP address to view a specific binding clear ip dhcp binding address Delete an automatic address binding from the DHCP server data...

Page 902: ...nfigure the switch 1 Create an address pool named Engineering and enter into DHCP pool configuration mode for the pool console configure console config ip dhcp pool Engineering 2 Specify the IP addresses that are available in the pool console config dhcp pool network 192 168 5 0 255 255 255 0 3 Specify the IP address to use as the default gateway console config dhcp pool default router 192 168 5 1...

Page 903: ... View DHCP server settings console show ip dhcp global configuration Service DHCP Enable Number of Ping Packets 2 Excluded Address 192 168 2 1 to 192 168 2 20 1 2 2 2 to 1 5 5 5 192 168 5 1 to 192 168 5 20 192 168 5 100 to 192 168 5 100 Conflict Logging Enable Bootp Automatic Disable 9 View information about all configured address pools console show ip dhcp pool configuration all Pool Engineering ...

Page 904: ... the IP addresses that are available in the pool console config dhcp pool hardware address 00 1C 23 55 E9 F3 3 Specify the IP address and subnet mask to assign to the client console config dhcp pool host 192 168 2 10 255 255 255 0 4 Specify the IP address to use as the default gateway console config dhcp pool default router 192 168 2 1 5 Specify the primary and secondary DNS servers the hosts will...

Page 905: ...configuration Tyler PC Pool Tyler PC Pool Type Static Client Name TylerPC Hardware Address 00 1c 23 55 e9 f3 Hardware Address Type ethernet Host 192 168 2 10 255 255 255 0 Lease Time 1 days 0 hrs 0 mins DNS Servers 192 168 2 101 Default Routers 192 168 2 1 Domain Name executive dell com Option 69 ip 192 168 1 33 ...

Page 906: ...906 Configuring DHCP Server Settings ...

Page 907: ...ion Example IP Routing Overview The PowerConnect M6220 M6348 M8024 and M8024 k switches are multilayer switches that support static and dynamic routing Table 33 1 describes some of the general routing features that you can configure on the switch Table 33 1 IP Routing Features Feature Description ICMP message control You can configure the type of ICMP messages that the switch responds to as well a...

Page 908: ...the following route types in the routing table Default The default route is the route the switch will use to send a packet if the routing table does not contain a longer matching prefix for the packet s destination Static A static route is a route that you manually add to the routing table Static Reject Packets that match a reject route are discarded instead of forwarded The router may send an ICM...

Page 909: ...ects Enabled ICMP Rate Limit Interval 1000 milliseconds ICMP Rate Limit Burst Size 100 Maximum Next Hops 4 Global Default Gateway None Dynamic ARP Entry Age Time 1200 seconds Automatic Renewal of Dynamic ARP Entries Disabled ARP Response Timeout 1 second ARP Retries 4 Maximum Static ARP Entries 128 IRDP Advertise Mode Disabled IRDP Advertise Address 224 0 0 1 IRDP Maximum Advertise Interval 600 se...

Page 910: ...uring IP Routing Route Preference Values Preference values are as follows Local 0 Static 1 OSPF Intra 110 OSPF Inter 110 OSPF External 110 RIP 120 Table 33 2 IP Routing Defaults Continued Parameter Default Value ...

Page 911: ...6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page IP Configuration Use the Configuration page to configure routing parameters for the switch as opposed to an interface The IP configuration settings allow you to enable or disable the generation of various types of ICMP messages To display the page click Routing IP Configuration in the navigation panel Fig...

Page 912: ...iguring IP Routing IP Statistics The IP statistics reported on the Statistics page are as specified in RFC 1213 To display the page click Routing IP Statistics in the navigation panel Figure 33 2 IP Statistics ...

Page 913: ...ring IP Routing 913 ARP Create Use the Create page to add a static ARP entry to the Address Resolution Protocol table To display the page click Routing ARP Create in the navigation panel Figure 33 3 ARP Create ...

Page 914: ...ation page to change the configuration parameters for the Address Resolution Protocol Table You can also use this screen to display the contents of the table To display the page click Routing ARP Table Configuration in the navigation panel Figure 33 4 ARP Table Configuration ...

Page 915: ...er Discovery Configuration Use the Configuration page to enter or change router discovery parameters To display the page click Routing Router Discovery Configuration in the navigation panel Figure 33 5 Router Discovery Configuration ...

Page 916: ...Routing Router Discovery Status Use the Status page to display router discovery data for each interface To display the page click Routing Router Discovery Status in the navigation panel Figure 33 6 Router Discovery Status ...

Page 917: ...iguring IP Routing 917 Route Table Use the Route Table page to display the contents of the routing table To display the page click Routing Router Route Table in the navigation panel Figure 33 7 Route Table ...

Page 918: ... Routing Best Routes Table Use the Best Routes Table page to display the best routes from the routing table To display the page click Routing Router Best Routes Table in the navigation panel Figure 33 8 Best Routes Table ...

Page 919: ... click Routing Router Route Entry Configuration in the navigation panel Figure 33 9 Route Entry Configuration Adding a Route and Configuring Route Preference To configure routing table entries 1 Open the Route Entry Configuration page 2 Click Router Route Entry Configuration The screen refreshes and the Router Route Entry Configuration page displays ...

Page 920: ... Reject route The fields to configure are different for each route type Default Enter the default gateway address in the Next Hop IP Address field Static Enter values for Network Address Subnet Mask Next Hop IP Address and Preference Static Reject Enter values for Network Address Subnet Mask and Preference 4 Click Apply The new route is added to the routing table ...

Page 921: ...k Routing Router Configured Routes in the navigation panel Figure 33 11 Configured Routes To remove a configured route select the check box in the Remove column of the route to delete and click Apply NOTE For a static reject route the next hop interface value is Null0 Packets to the network address specified in static reject routes are intentionally dropped ...

Page 922: ...ic routes These values are arbitrary values that range from 1 to 255 and are independent of route metrics Most routing protocols use a route metric to determine the shortest path known to the protocol independent of any other protocol To display the page click Routing Router Route Preferences Configuration in the navigation panel Figure 33 12 Router Route Preferences Configuration ...

Page 923: ...y enable IPv4 routing on the switch ip icmp echo reply Allow the switch to generate ICMP Echo Reply messages ip icmp error interval burst interval burst size Limit the rate at which IPv4 ICMP error messages are sent burst interval How often the token bucket is initialized Range 0 2147483647 milliseconds burst size The maximum number of messages that can be sent during a burst interval Range 1 200 ...

Page 924: ... the ARP count of maximum requests for retries The range is 1 10 arp cachesize integer Configure the maximum number of entries in the ARP cache arp dynamicrenew Allow the ARP component to automatically renew dynamic ARP entries when they age out exit Exit to Privileged EXEC mode show arp brief View the user configured static ARP entries The static entries display regardless of whether they are rea...

Page 925: ...0 1 all hosts IP multicast address or 255 255 255 255 limited broadcast address ip irdp holdtime seconds Configure the value of the holdtime field of the router advertisement sent from this interface ip irdp maxadvertinterval seconds Configure the maximum time allowed between sending router advertisements from the interface ip irdp minadvertinterval seconds Configure the minimum time allowed betwe...

Page 926: ...ference Configure a static route Use the keyword null instead of the next hop router IP address to configure a static reject route ip address IP address of destination interface subnet mask Subnet mask of destination interface prefix length Length of prefix Must be preceded with a forward slash Range 0 32 bits nextHopRtr IP address of the next hop router null Specifies that the route is a static r...

Page 927: ...prefixes Indicates that the ip address and subnet mask pair becomes the prefix and the command displays the routes to the addresses that match that prefix protocol Specifies the protocol that installed the routes Range connected ospf rip static show ip route configured View the configured routes whether they are reachable or not show ip route summary View summary information about the routing tabl...

Page 928: ... is configured on Switch A Additionally a default route is configured on Switch A so that all traffic with an unknown destination is sent to the backbone router through port 24 which is a member of VLAN 50 A default route is configured on PowerConnect Switch B to use Switch A as the default gateway The hosts use the IP address of the VLAN routing interface as their default gateway This example ass...

Page 929: ...onsole config interface vlan 20 console config if vlan20 ip address 192 168 20 20 255 255 255 0 console config if vlan20 exit 4 Assign an IP address to VLAN 50 console configure console config interface vlan 50 console config if vlan50 ip address 192 168 50 50 255 255 255 0 console config if vlan50 exit 5 Configure a static route to the network that VLAN 30 is in using the IP address of the VLAN 2...

Page 930: ... vlan20 ip address 192 168 20 25 255 255 255 0 console config if vlan20 exit 3 Assign an IP address to VLAN 30 This command also enables IP routing on the VLAN console configure console config interface vlan 30 console config if vlan30 ip address 192 168 30 30 255 255 255 0 console config if vlan30 exit 4 Configure the VLAN 20 routing interface on Switch A as the default gateway so that any traffi...

Page 931: ... requests and replies However buying and maintaining a DHCP server on each subnet can be expensive and is often impractical The relay features on the PowerConnect M6220 M6348 M8024 and M8024 k switches can help enable communication between DHCP clients and DHCP servers that reside in different subnets Configuring L3 DHCP relay also enables the bootstrap protocol BOOTP relay What Is L3 DHCP Relay N...

Page 932: ... when forwarding the request to the server and removes them when sending the reply to the clients If an interface has more than one IP address the relay agent uses the primary IP address configured as its relay agent IP address What Is L2 DHCP Relay In Layer 2 switched networks there may be one or more infrastructure devices for example a switch between the client and the L3 Relay agent DHCP serve...

Page 933: ... on routing interfaces Each relay entry maps an ingress interface and destination UDP port number to a single IPv4 address the helper address Multiple relay entries may be configured for the same interface and UDP port in which case the relay agent relays matching packets to each server address Interface configuration takes priority over global configuration If the destination UDP port for a packe...

Page 934: ...P server unicasts back to the relay agent For other protocols the relay agent only relays broadcast packets from the client to the server Packets from the server back to the client are assumed to be unicast directly to the client Because there is no relay in the return direction for protocols other than DHCP the relay agent retains the source IP address from the original client packet The relay ag...

Page 935: ...ss must be the all ones broadcast address FF FF FF FF FF FF The destination IP address must be the limited broadcast address 255 255 255 255 or a directed broadcast address for the receive interface The IP time to live TTL must be greater than 1 The protocol field in the IP header must be UDP 17 The destination UDP port must match a configured relay entry NOTE If the packet matches a discard relay...

Page 936: ... data FTP Data 21 FTP FTP 37 Time Time 42 NAMESERVER Host Name Server 43 NICNAME Who is 53 DOMAIN Domain Name Server 69 TFTP Trivial File Transfer 111 SUNRPC Sun Microsystems Rpc 123 NTP Network Time 137 NetBiosNameService NT Server to Station Connections 138 NetBiosDatagramService NT Server to Station Connections 139 NetBios SessionServiceNT Server to Station Connections 161 SNMP Simple Network M...

Page 937: ... Parameter Default Value L2 DHCP Relay Admin Mode Disabled globally and on all interfaces and VLANs Trust Mode Disabled on all interfaces Circuit ID Disabled on all VLANs Remote ID None configured L3 DHCP Relay UDP Relay Mode IP Helper Enabled Hop Count 4 Minimum Wait Time 0 seconds Circuit ID Option Mode Disabled Circuit ID Check Mode Enabled Information Option Insert Disabled on all VLAN interfa...

Page 938: ...ge to enable or disable the switch to act as a DHCP Relay agent This functionality must also be enabled on each port you want this service to operate on see DHCP Relay Interface Configuration on page 939 The switch can also be configured to relay requests only when the VLAN of the requesting client corresponds to a service provider s VLAN ID that has been enabled with the L2 DHCP relay functionali...

Page 939: ... on individual ports To access this page click Switching DHCP Relay Interface Configuration in the navigation panel Figure 34 2 DHCP Relay Interface Configuration To view a summary of the L2 DHCP relay configuration on all ports and LAGS click Show All NOTE L2 DHCP relay must also be enabled globally on the switch ...

Page 940: ...940 Configuring L2 and L3 Relay Features Figure 34 3 DHCP Relay Interface Summary ...

Page 941: ...elay Interface Statistics Use this page to display statistics on DHCP Relay requests received on a selected port To access this page click Switching DHCP Relay Interface Statistics in the navigation panel Figure 34 4 DHCP Relay Interface Statistics ...

Page 942: ...le and configure DHCP Relay on specific VLANs To access this page click Switching DHCP Relay VLAN Configuration in the navigation panel Figure 34 5 DHCP Relay VLAN Configuration To view a summary of the L2 DHCP relay configuration on all VLANs click Show All Figure 34 6 DHCP Relay VLAN Summary ...

Page 943: ... 943 DHCP Relay Agent Configuration Use the Configuration page to configure and display a DHCP relay agent To display the page click Routing DHCP Relay Agent Configuration in the navigation panel Figure 34 7 DHCP Relay Agent Configuration ...

Page 944: ... UDP Relay and Helper IP configuration To display the page click Routing IP Helper Global Configuration in the navigation panel Figure 34 8 IP Helper Global Configuration Adding an IP Helper Entry To configure an IP helper entry 1 Open the IP Helper Global Configuration page 2 Click Add to display the Add Helper IP Address page ...

Page 945: ... 4 Enter the IP address of the server to which the packets with the given UDP Destination Port will be relayed 5 Click Apply The UDP Helper Relay is added and the device is updated NOTE If the DefaultSet option is specified the device by default forwards UDP Broadcast packets for the following services IEN 116 Name Service port 42 DNS port 53 NetBIOS Name Server port 137 NetBIOS Datagram Server po...

Page 946: ...figuration for a specific interface To display the page click Routing IP Helper Interface Configuration in the navigation panel Figure 34 10 IP Helper Interface Configuration Adding an IP Helper Entry to an Interface To add an IP helper entry to an interface 1 Open the IP Helper Interface Configuration page 2 Click Add to display the Add IP Helper Address page ...

Page 947: ...packets arriving on the given interface with the given destination UDP port 6 Enter the IP address of the server to which the packets with the given UDP Destination Port will be relayed 7 Click Apply The UDP Helper Relay is added to the interface and the device is updated NOTE If the DefaultSet option is specified the device by default forwards UDP Broadcast packets for the following services IEN ...

Page 948: ...nd L3 Relay Features IP Helper Statistics Use the Statistics page to view UDP Relay Statistics for the switch To display the page click Routing IP Helper Statistics in the navigation panel Figure 34 12 IP Helper Statistics ...

Page 949: ...d port or LAG The interface variable includes the interface type and number for example gigabitethernet 1 0 3 For a LAG the interface type is port channel You can also specify a range of ports with the interface range command for example interface range gigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 dhcp l2relay Enable L2 DHCP relay on the port s or LAG s dhcp l2relay trust Config...

Page 950: ...nterfaces or for the specified interface show dhcp l2relay vlan vlan range View L2 DHCP relay settings for the specified VLAN show dhcp l2relay stats interface all interface View the number of DHCP packets processed and relayed by the L2 relay agent To reset the statistics to 0 use the clear dhcp l2relay statistics interface all interface command show dhcp l2relay agent option vlan vlan id View th...

Page 951: ... certain UDP broadcast packets received on any interface Specify the one of the protocols defined in the command or the UDP port number server address The IPv4 unicast or directed broadcast address to which relayed UDP broadcast packets are sent The server address cannot be an IP address configured on any interface of the local router dest udp port A destination UDP port number from 0 to 65535 int...

Page 952: ...er server address The IPv4 unicast or directed broadcast address to which relayed UDP broadcast packets are sent The server address cannot be an IP address configured on any interface of the local router dest udp port A destination UDP port number from 0 to 65535 exit Exit to Global Config mode exit Exit to Privileged EXEC mode show ip helper address vlan vlan id View IP helper L3 relay settings f...

Page 953: ... assumes that multiple VLAN routing interfaces have been created and configured with IP addresses To configure the switch 1 Relay DHCP packets received on VLAN 10 to 192 168 40 35 console config console config interface vlan 10 console config if vlan10 ip helper address 192 168 40 35 dhcp VLAN 30 DHCP Server 192 168 40 35 DHCP Clients VLAN 10 L3 Switch VLAN 20 No DHCP DHCP Server 192 168 40 22 SNM...

Page 954: ...p helper address discard dhcp console config if vlan20 exit 5 DHCP packets received from clients in any VLAN other than VLAN 10 and VLAN 20 are relayed to 192 168 40 22 console config ip helper address 192 168 40 22 dhcp 6 Verify the configuration console show ip helper address IP helper is enabled NOTE The following command is issued in Global Configuration mode so it applies to all interfaces ex...

Page 955: ...cols are configured separately within the software but their functionality is largely similar for IPv4 and IPv6 networks The topics covered in this chapter include OSPF Overview OSPF Feature Details Default OSPF Values Configuring OSPF Features Web Configuring OSPFv3 Features Web Configuring OSPF Features CLI Configuring OSPFv3 Features CLI OSPF Configuration Examples NOTE In this chapter referenc...

Page 956: ...at these are not used as actual IP addresses For simplicity the area can be configured and referred to in normal integer notation For example Area 20 is identified as 0 0 0 20 and Area 256 as 0 0 1 0 The area identified as 0 0 0 0 is referred to as Area 0 and is considered the OSPF backbone All other OSPF areas in the network must connect to Area 0 directly or through a virtual link The backbone a...

Page 957: ...m other protocols and originate external LSAs How Are Routes Selected OSPF determines the best route using the route metric and the type of the OSPF route The following order is used for choosing a route if more than one type of route exists 1 Intra area the destination prefix is in the same area as the router computing the route 2 Inter area the destination is not in the same area as the router c...

Page 958: ...rics in this way Stub router mode is global and applies to router LSAs for all areas Other routers prefer alternate paths that avoid the stub router however if no alternate path is available another router may compute a transit route through a stub router Because the stub router does not adjust the metric for stub links in its router LSA routes to destinations on these networks are unaffected Thus...

Page 959: ...nderlying path has cost greater than hexadecimal 0xffff the maximum size of an interface cost in a router LSA should be considered non operational To configure a router for stub router mode use the max metric router lsa command in Global Router Configuration mode The following example sets the router to start in stub router mode on a restart and remain in stub router mode for 5 minutes ABR R0 conf...

Page 960: ...son it is common to give the network administrator the option of configuring the cost for an area range When a static cost is configured the cost advertised in the type 3 LSA does not depend on the cost of the component networks Thus topology changes within an area do not propagate outside the area resulting in greater stability within the OSPF domain PowerConnect switches also use area ranges to ...

Page 961: ...r eliminate the packet drops caused by bursts in OSPF control packets The changes are as follows Introduce LSA transmit pacing limiting the rate of LS Update packets that OSPF can send Introduce LSA refresh groups so that OSPF efficiently bundles LSAs into LS Update packets when periodically refreshing self originated LSAs To configure LSA transmit pacing use the timers pacing flood command in rou...

Page 962: ...r and link failures This feature enables a network administrator to disable LSA flooding on an interface Flood blocking only affects flooding of LSAs with area or AS i e domain wide scope Such LSAs are expected to be flooded to neighbors on other unblocked interfaces and eventually reach neighbors on blocked interfaces An LSA with interface flooding scope cannot be blocked there is no other way fo...

Page 963: ...owed on virtual interfaces it is less likely to be used on a virtual interface since virtual interfaces are created specifically to allow flooding between two backbone routers So the option of flood blocking on virtual interfaces is not supported See Configuring Flood Blocking on page 1038 for a configuration example ...

Page 964: ... Parameter Default Value Router ID None Admin Mode Enabled RFC 1583 Compatibility Enabled OSPFv2 only ABR Status Enabled Opaque LSA Status Enabled OSPFv2 only Exit Overflow Interval Not configured SPF Delay Time 5 OSPFv2 only SPF Hold Time 10 OSPFv2 only External LSDB Limit None Default Metric Not configured Maximum Paths 4 AutoCost Reference Bandwidth 100 Mbps Default Passive Setting Disabled Def...

Page 965: ...lt Value Admin Mode Disabled Advertise Secondaries Enabled OSPFv2 only Router Priority 1 Retransmit Interval 5 seconds Hello Interval 10 seconds Dead Interval 40 seconds LSA Ack Interval 1 second Interface Delay Interval 1 second MTU Ignore Disabled Passive Mode Disabled Network Type Broadcast Authentication Type None OSPFv2 only Metric Cost Not configured ...

Page 966: ...onitoring OSPF features on a PowerConnect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page OSPF Configuration Use the Configuration page to enable OSPF on a router and to configure the related OSPF settings To display the page click Routing OSPF Configuration in the navigation panel Figure 35 1 OSPF Configuration ...

Page 967: ...ing OSPF Interface Configuration At least one router must have OSPF enabled for this web page to display To display the page click Routing OSPF Area Configuration in the navigation panel If a Stub Area has been created the fields in the Stub Area Information are available If a NSSA has been created the fields in the NSSA Area Information are available Figure 35 2 OSPF Area Configuration ...

Page 968: ...ub Area To configure the area as an OSPF stub area click Create Stub Area The pages refreshes and displays additional fields that are specific to the stub area Figure 35 3 OSPF Stub Area Configuration Use the Delete Stub Area button to remove the stub area ...

Page 969: ...So Stubby Area To configure the area as an OSPF not so stubby area NSSA click NSSA Create The pages refreshes and displays additional fields that are specific to the NSSA Figure 35 4 OSPF NSSA Configuration Use the NSSA Delete button to remove the NSSA area ...

Page 970: ...ng OSPF and OSPFv3 OSPF Stub Area Summary The Stub Area Summary page displays OSPF stub area detail To display the page click Routing OSPF Stub Area Summary in the navigation panel Figure 35 5 OSPF Stub Area Summary ...

Page 971: ...nge Configuration Use the Area Range Configuration page to configure and display an area range for a specified NSSA To display the page click Routing OSPF Area Range Configuration in the navigation panel Figure 35 6 OSPF Area Range Configuration ...

Page 972: ... Use the Interface Statistics page to display statistics for the selected interface The information is displayed only if OSPF is enabled To display the page click Routing OSPF Interface Statistics in the navigation panel Figure 35 7 OSPF Interface Statistics ...

Page 973: ... 973 OSPF Interface Configuration Use the Interface Configuration page to configure an OSPF interface To display the page click Routing OSPF Interface Configuration in the navigation panel Figure 35 8 OSPF Interface Configuration ...

Page 974: ...ay the OSPF neighbor table list When a particular neighbor ID is specified detailed information about a neighbor is given The information below is only displayed if OSPF is enabled To display the page click Routing OSPF Neighbor Table in the navigation panel Figure 35 9 OSPF Neighbor Table ...

Page 975: ...r ID When a particular neighbor ID is specified detailed information about a neighbor is given The information below is only displayed if OSPF is enabled and the interface has a neighbor The IP address is the IP address of the neighbor To display the page click Routing OSPF Neighbor Configuration in the navigation panel Figure 35 10 OSPF Neighbor Configuration ...

Page 976: ...g OSPF Link State Database in the navigation panel Figure 35 11 OSPF Link State Database OSPF Virtual Link Configuration Use the Virtual Link Configuration page to create or configure virtual interface information for a specific area and neighbor A valid OSPF area must be configured before this page can be displayed To display the page click Routing OSPF Virtual Link Configuration in the navigatio...

Page 977: ...Configuring OSPF and OSPFv3 977 Figure 35 12 OSPF Virtual Link Creation After you create a virtual link additional fields display as the Figure 35 13 shows Figure 35 13 OSPF Virtual Link Configuration ...

Page 978: ...3 OSPF Virtual Link Summary Use the Virtual Link Summary page to display all of the configured virtual links To display the page click Routing OSPF Virtual Link Summary in the navigation panel Figure 35 14 OSPF Virtual Link Summary ...

Page 979: ...configure redistribution in OSPF for routes learned through various protocols You can choose to redistribute routes learned from all available protocols or from selected ones To display the page click Routing OSPF Route Redistribution Configuration in the navigation panel Figure 35 15 OSPF Route Redistribution Configuration ...

Page 980: ...tribution Summary Use the Route Redistribution Summary page to display OSPF Route Redistribution configurations To display the page click Routing OSPF Route Redistribution Summary in the navigation panel Figure 35 16 OSPF Route Redistribution Summary ...

Page 981: ...NSF summary information for the OSPF feature NSF is a feature used in switch stacks to maintain switching and routing functions in the event of a stack unit failure For information about NSF see What is Nonstop Forwarding on page 153 in the Managing a Switch Stack chapter To display the page click Routing OSPF NSF OSPF Configuration in the navigation panel Figure 35 17 NSF OSPF Configuration ...

Page 982: ...ring and monitoring OSPFv3 features on a PowerConnect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page OSPFv3 Configuration Use the Configuration page to activate and configure OSPFv3 for a switch To display the page click IPv6 OSPFv3 Configuration in the navigation panel Figure 35 18 OSPFv3 Configuration ...

Page 983: ...PFv3 983 OSPFv3 Area Configuration Use the Area Configuration page to create and configure an OSPFv3 area To display the page click IPv6 OSPFv3 Area Configuration in the navigation panel Figure 35 19 OSPFv3 Area Configuration ...

Page 984: ... Area To configure the area as an OSPFv3 stub area click Create Stub Area The pages refreshes and displays additional fields that are specific to the stub area Figure 35 20 OSPFv3 Stub Area Configuration Use the Delete Stub Area button to remove the stub area ...

Page 985: ...o Stubby Area To configure the area as an OSPFv3 not so stubby area NSSA click Create NSSA The pages refreshes and displays additional fields that are specific to the NSSA Figure 35 21 OSPFv3 NSSA Configuration Use the Delete NSSA button to remove the NSSA area ...

Page 986: ...F and OSPFv3 OSPFv3 Stub Area Summary Use the Stub Area Summary page to display OSPFv3 stub area detail To display the page click IPv6 OSPFv3 Stub Area Summary in the navigation panel Figure 35 22 OSPFv3 Stub Area Summary ...

Page 987: ...OSPFv3 Area Range Configuration Use the Area Range Configuration page to configure OSPFv3 area ranges To display the page click IPv6 OSPFv3 Area Range Configuration in the navigation panel Figure 35 23 OSPFv3 Area Range Configuration ...

Page 988: ...e the Interface Configuration page to create and configure OSPFv3 interfaces This page has been updated to include the Passive Mode field To display the page click IPv6 OSPFv3 Interface Configuration in the navigation panel Figure 35 24 OSPFv3 Interface Configuration ...

Page 989: ...ace Statistics page to display OSPFv3 interface statistics Information is only displayed if OSPF is enabled Several fields have been added to this page To display the page click IPv6 OSPFv3 Interface Statistics in the navigation panel Figure 35 25 OSPFv3 Interface Statistics ...

Page 990: ...bor ID When a particular neighbor ID is specified detailed information about that neighbor is given Neighbor information only displays if OSPF is enabled and the interface has a neighbor The IP address is the IP address of the neighbor To display the page click IPv6 OSPFv3 Neighbors in the navigation panel Figure 35 26 OSPFv3 Neighbors ...

Page 991: ...lay the OSPF neighbor table list When a particular neighbor ID is specified detailed information about a neighbor is given The neighbor table is only displayed if OSPF is enabled To display the page click IPv6 OSPFv3 Neighbor Table in the navigation panel Figure 35 27 OSPFv3 Neighbor Table ...

Page 992: ...the link state and external LSA databases The OSPFv3 Link State Database page has been updated to display external LSDB table information in addition to OSPFv3 link state information To display the page click IPv6 OSPFv3 Link State Database in the navigation panel Figure 35 28 OSPFv3 Link State Database ...

Page 993: ...ion page to define a new or configure an existing virtual link To display this page a valid OSPFv3 area must be defined through the OSPFv3 Area Configuration page To display the page click IPv6 OSPFv3 Virtual Link Configuration in the navigation panel Figure 35 29 OSPFv3 Virtual Link Configuration ...

Page 994: ...994 Configuring OSPF and OSPFv3 After you create a virtual link additional fields display as the Figure 35 30 shows Figure 35 30 OSPFv3 Virtual Link Configuration ...

Page 995: ...Virtual Link Summary Use the Virtual Link Summary page to display virtual link data by Area ID and Neighbor Router ID To display the page click IPv6 OSPFv3 Virtual Link Summary in the navigation panel Figure 35 31 OSPFv3 Virtual Link Summary ...

Page 996: ...bution Configuration Use the Route Redistribution Configuration page to configure route redistribution To display the page click IPv6 OSPFv3 Route Redistribution Configuration in the navigation panel Figure 35 32 OSPFv3 Route Redistribution Configuration ...

Page 997: ...stribution Summary Use the Route Redistribution Summary page to display route redistribution settings by source To display the page click IPv6 OSPFv3 Route Redistribution Summary in the navigation panel Figure 35 33 OSPFv3 Route Redistribution Summary ...

Page 998: ...F summary information for the OSPFv3 feature NSF is a feature used in switch stacks to maintain switching and routing functions in the event of a stack unit failure For information about NSF see What is Nonstop Forwarding on page 153 in the Managing a Switch Stack chapter To display the page click Routing OSPFv3 NSF OSPFv3 Configuration in the navigation panel Figure 35 34 NSF OSPFv3 Configuration...

Page 999: ...igure Enter global configuration mode router ospf Enter OSPF configuration mode router id ip address Set the 4 digit dotted decimal number that uniquely identifies the router auto cost reference bandwidth ref_bw Set the reference bandwidth used in the formula to compute link cost for an interface link cost ref_bw interface bandwidth The ref_bw variable is the reference bandwidth in Mbps Range 1 42...

Page 1000: ...ospf external inter area intra area distance Set the preference values of OSPF route types in the router The range for the distance variable is 1 255 Lower route preference values are preferred when determining the best route enable Enable OSPF exit overflow interval seconds Specify the exit overflow interval for OSPF as defined in RFC 1765 The interval is the number of seconds after entering over...

Page 1001: ... SPF delay and hold time delay time SPF delay time Range 0 65535 seconds hold time SPF hold time Range 0 65535 seconds exit Exit to Global Configuration mode exit Exit to Privileged EXEC mode show ip ospf View OSPF global configuration and status show ip ospf statistics View OSPF routing table calculation statistics clear ip ospf configuration redistribution counters neighbor interface vlan vlan i...

Page 1002: ...Set the OSPF priority for the interface The number value variable specifies the priority of an interface Range 0 to 255 The default priority is 1 which is the highest router priority A value of 0 indicates that the router is not eligible to become the designated router on this network ip ospf retransmit interval seconds Set the OSPF retransmit interval for the interface The seconds variable is the...

Page 1003: ... interface to broadcast or point to point OSPF selects a designated router and originates network LSAs only for broadcast networks No more than two OSPF routers may be present on a point to point link ip ospf authentication none simple key encrypt key key id Set the OSPF Authentication Type and Key for the specified interface encrypt MD5 encrypted authentication key key Authentication key for the ...

Page 1004: ...rface a member of the specified area ip address Base IPv4 address of the network area wildcard mask The network mask indicating the subnet area id The ID of the area Range IP address or decimal from 0 4294967295 exit Exit to Global Config mode exit Exit to Privileged EXEC mode show ip ospf interface vlan vlan id View summary information for all OSPF interfaces configured on the switch or for the s...

Page 1005: ...rea area id nssa translator stab intv integer Configure the translator stability interval of the NSSA The integer variable is the period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router Range 0 3600 area area id nssa default information originate metric metric value metric type metric type value Con...

Page 1006: ...nk If the area has not been previously created it is created by this command If the area already exists the virtual link information is added or modified authentication Specifies authentication type message digest Specifies that message digest authentication is used null No authentication is used Overrides password or message digest authentication if configured for the area md5 Use MD5 Encryption ...

Page 1007: ...econds variable indicates the number of seconds to wait before the virtual interface is assumed to be dead Range 1 65535 area area id virtual link neighbor id transmit delay seconds Set the OSPF Transit Delay for the interface The seconds variable is the number of seconds to increment the age of the LSA before sending based on the estimated time it takes to transmit from the interface Range 0 3600...

Page 1008: ...advertise Configure a summary prefix for routes learned in a given area area id Identifies the OSPF NSSA to configure Range IP address or decimal from 0 4294967295 ip address IP address subnet mask Subnet mask associated with IP address summarylink Specifies a summary link LSDB type nssaexternallink Specifies an NSSA external link LSDB type advertise Advertisement of the area range not advertise S...

Page 1009: ...p static connected metric integer metric type 1 2 tag integer subnets Configure OSPF to allow redistribution of routes from the specified source protocol routers rip Specifies RIP as the source protocol static Specifies that the source is a static route connected Specifies that the source is a directly connected route metric Specifies the metric to use when redistributing the route Range 0 1677721...

Page 1010: ...conds keyword is the number of seconds that the restarting router asks its neighbors to wait before exiting helper mode The restarting router includes the restart interval in its grace LSAs range 1 1800 seconds nsf helper planned only Allow OSPF to act as a helpful neighbor for a restarting router Include the planned only keyword to indicate that OSPF should only help a restarting router performin...

Page 1011: ... router auto cost reference bandwidth ref_bw Set the reference bandwidth used in the formula to compute link cost for an interface link cost ref_bw interface bandwidth The ref_bw variable is the reference bandwidth in Mbps Range 1 4294967 default information originate always metric metric value metric type type value Control the advertisement of default routes always Normally OSPFv3 originates a d...

Page 1012: ... then there is no limit The limit variable is the maximum number of non default AS external LSAs allowed in the router s link state database Range 1 to 2147483647 maximum paths maxpaths Set the number of paths that OSPFv3 can report for a given destination Range 1 4 passive interface default Configure OSPFv3 interfaces as passive by default This command overrides any interface level passive mode s...

Page 1013: ...pecifies the priority of an interface Range 0 to 255 The default priority is 1 which is the highest router priority A value of 0 indicates that the router is not eligible to become the designated router on this network ipv6 ospf retransmit interval seconds Set the OSPFv3 retransmit interval for the interface The seconds variable is the number of seconds between link state advertisements for adjace...

Page 1014: ...OSPFv3 network type on the interface to broadcast or point to point OSPFv3 selects a designated router and originates network LSAs only for broadcast networks No more than two OSPFv3 routers may be present on a point to point link ipv6 ospf cost interface cost Set the metric cost of the interface The interface cost variable specifies the cost link state metric of the OSPFv3 interface Range 1 65535...

Page 1015: ...ng interface show ipv6 ospf interface stats interface type interface number View per interface OSPFv3 statistics Command Purpose configure Enter global configuration mode ipv6 router ospf Enter OSPFv3 configuration mode area area id stub Create a stub area for the specified area ID area area id stub no summary Prevent Summary LSAs from being advertised into the stub area area area id default cost ...

Page 1016: ... LSAs are not advertised into the NSSA role The translator role where role is one of the following always The router assumes the role of the translator when it becomes a border router candidate The router to participate in the translator election process when it attains border router status interval The period of time that an elected translator continues to perform its duties after it determines t...

Page 1017: ...d virtual link neighbor id hello interval seconds Set the OSPFv3 hello interval for the virtual link The seconds variable indicates the number of seconds to wait before sending Hello packets from the virtual interface Range 1 65535 area area id virtual link neighbor id dead interval seconds Set the OSPFv3 dead interval for the virtual link The seconds variable indicates the number of seconds to wa...

Page 1018: ...gure a summary prefix for routes learned in a given area area id Identifies the OSPFv3 NSSA to configure Range IP address or decimal from 0 4294967295 ipv6 prefix prefix length IPv6 address and prefix length summarylink Specifies a summary link LSDB type nssaexternallink Specifies an NSSA external link LSDB type advertise Advertisement of the area range not advertise Suppresses advertisement of th...

Page 1019: ...es from the specified source protocol routers static Specifies that the source is a static route connected Specifies that the source is a directly connected route metric Specifies the metric to use when redistributing the route Range 0 16777214 metric type 1 Type 1 external route metric type 2 Type 2 external route tag Value attached to each external route which might be used to communicate inform...

Page 1020: ...e seconds keyword is the number of seconds that the restarting router asks its neighbors to wait before exiting helper mode The restarting router includes the restart interval in its grace LSAs range 1 1800 seconds nsf helper planned only Allow OSPFv3 to act as a helpful neighbor for a restarting router Include the planned only keyword to indicate that OSPFv3 should only help a restarting router p...

Page 1021: ...d OSPFv3 Configuring an OSPF Border Router and Setting Interface Costs This example shows how to configure the PowerConnect switch as an OSPF border router The commands in this example configure the areas and interfaces on Border Router A shown in Figure 35 35 Figure 35 35 OSPF Area Border Router Area 2 Area 3 Area 0 Backbone Area Internal Router Border Router A Border Router B VLAN 70 192 150 2 2...

Page 1022: ...onfig if vlan70 ip address 192 150 2 2 255 255 255 0 console config if vlan70 exit console config interface vlan 80 console config if vlan80 ip address 192 150 3 1 255 255 255 0 console config if vlan80 exit console config interface vlan 90 console config if vlan90 ip address 192 150 4 1 255 255 255 0 console config if vlan90 exit 4 Enable OSPF on the switch and specify a router ID console config ...

Page 1023: ...ole config if vlan80 ip ospf area 0 0 0 2 console config if vlan80 ip ospf priority 255 console config if vlan80 ip ospf cost 64 console config if vlan80 exit console config interface vlan 90 console config if vlan90 ip ospf area 0 0 0 2 console config if vlan90 ip ospf priority 255 console config if vlan90 ip ospf cost 64 console config if vlan90 exit NOTE OSPF is globally enabled by default To m...

Page 1024: ... 1 is defined as a stub area and Area 2 is defined as an NSSA area Figure 35 36 illustrates this example OSPF configuration Figure 35 36 OSPF Configuration Stub Area and NSSA Area NOTE OSPFv2 and OSPFv3 can operate concurrently on a network and on the same interfaces although they do not interact This example configures both protocols simultaneously ...

Page 1025: ...00 2 3 64 eui64 4 Associate the interface with area 0 0 0 0 and enable OSPFv3 console config if vlan6 ip ospf area 0 0 0 0 console config if vlan6 ipv6 ospf console config if vlan6 exit 5 Configure IP and IPv6 addresses on VLAN routing interface 12 console config interface vlan 12 console config if vlan12 ip address 10 3 100 3 255 255 255 0 console config if vlan12 ipv6 address 3000 3 100 64 eui64...

Page 1026: ...te 10 23 67 0 255 255 255 0 10 2 3 3 2 Create VLANs 5 10 and 17 console config vlan 5 10 17 3 On VLANs 5 10 and 17 configure IPv4 and IPv6 addresses and enable OSPFv3 For IPv6 associate VLAN 5 with Area 0 VLAN 10 with Area 1 and VLAN 17 with Area 2 console config interface vlan 5 console config if vlan5 ip address 10 2 3 2 255 255 255 0 console config if vlan5 ipv6 address 3000 2 3 64 eui64 consol...

Page 1027: ... range of IP addresses associated with each interface and then associating those ranges with Areas 1 0 and 2 respectively console config router network 10 1 2 0 0 0 0 255 area 0 0 0 1 console config router network 10 2 3 0 0 0 0 255 area 0 0 0 0 console config router network 10 2 4 0 0 0 0 255 area 0 0 0 2 6 For IPv4 Configure a metric cost to associate with static routes when they are redistribut...

Page 1028: ...a 1 and connects to Area 2 This example assumes other OSPF settings such as area and interface configuration have already been configured Figure 35 37 illustrates the relevant components in this example OSPF configuration Figure 35 37 OSPF Configuration Virtual Link Switch B is an ABR that directly connects Area 0 to Area 1 Note that in the previous example Switch B connected to a stub area and an...

Page 1029: ...link 5 5 5 5 console config rtr exit Switch C is a ABR that enables a virtual link from the remote Area 2 in the AS to Area 0 The following commands define a virtual link that traverses Area 1 to Switch B 2 2 2 2 To configure Switch C 1 For IPv4 assign the router ID create the virtual link to Switch B and associate the VLAN routing interfaces with the appropriate areas console config router ospf c...

Page 1030: ...uting interface on both devices connects to the local IPv6 network OSPFv3 is used to exchange IPv6 routes between the two devices The tunnel interface allows data to be transported between the two remote IPv6 networks over the IPv4 network Figure 35 38 IPv4 and IPv6 Interconnection Example To configure Switch A 1 Create the VLANs console config vlan 2 15 2 Enable IPv4 and IPv6 routing on the switc...

Page 1031: ... network point to point console config if vlan2 exit 7 Configure the tunnel console config interface tunnel 0 console config if tunnel0 ipv6 address 2001 1 64 console config if tunnel0 tunnel mode ipv6ip console config if tunnel0 tunnel source 20 20 20 1 console config if tunnel0 tunnel destination 10 10 10 1 console config if tunnel0 ipv6 ospf console config if tunnel0 ipv6 ospf network point to ...

Page 1032: ...an15 exit 6 Configure the IPv6 address and OSPFv3 information for VLAN 2 console config interface vlan 2 console config if vlan2 ipv6 address 2020 2 2 64 console config if vlan2 ipv6 ospf console config if vlan2 ipv6 ospf network point to point console config if vlan2 exit 7 Configure the tunnel console config interface tunnel 0 console config if tunnel0 ipv6 address 2001 2 64 console config if tu...

Page 1033: ...9 Static Area Range Cost Example Topology 1 Configure R0 terminal length 0 config hostname ABR R0 line console exec timeout 0 exit vlan 101 103 exit ip routing router ospf router id 10 10 10 10 network 172 20 0 0 0 0 255 255 area 0 network 172 21 0 0 0 0 255 255 area 1 area 1 range 172 21 0 0 255 255 0 0 summarylink timers spf 3 5 exit R3 ABR R0 VLAN 103 Area 0 R1 R2 Area 1 VLAN 104 VLAN 101 VLAN ...

Page 1034: ...ospf dead interval 4 ip ospf network point to point exit interface te1 0 22 description R2 switchport mode trunk exit interface vlan 103 ip address 172 20 1 10 255 255 255 0 ip ospf hello interval 1 ip ospf dead interval 4 ip ospf network point to point exit interface te1 0 23 switchport mode trunk description R3 exit exit 2 Configure R1 terminal length 0 config hostname R1 line console exec timeo...

Page 1035: ...al 1 ip ospf dead interval 4 ip ospf network point to point exit interface te1 0 22 switchport mode trunk exit interface loopback 0 ip address 172 21 254 1 255 255 255 255 exit exit 3 Configure R2 terminal length 0 config line console serial timeout 0 exit ip routing router ospf router id 2 2 2 2 network 172 21 0 0 0 0 255 255 area 1 timers spf 3 5 exit vlan 102 104 exit interface vlan 102 ip addr...

Page 1036: ... 0 ip address 172 21 254 2 255 255 255 255 exit exit 4 R3 config terminal length 0 config line console serial timeout 0 exit ip routing router ospf router id 3 3 3 3 network 172 21 0 0 0 0 255 255 area 0 timers spf 3 5 exit vlan 103 exit interface vlan 103 ip address 172 21 1 1 255 255 255 0 routing ip ospf hello interval 1 ip ospf dead interval 4 ip ospf network point to point exit interface te1 ...

Page 1037: ...ee1 Length 28 Network Mask 255 255 0 0 Metric 2 Min The cost can be set to 0 the minimum value OSPF re advertises the summary LSA with a metric of 0 ABR R0 config router area 1 range 172 21 0 0 255 255 0 0 summarylink advertise cost 0 16777215 Set area range cost ABR R0 config router area 1 range 172 21 0 0 255 255 0 0 summarylink advertise cost 0 ABR R0 show ip ospf range 1 Prefix Subnet Mask Typ...

Page 1038: ...ary LSA with this metric according to RFC 2328 the summary LSA is flushed The individual routes are not re advertised Configuring Flood Blocking Figure 35 40 shows an example topology for flood blocking The configuration follows Figure 35 40 Flood Blocking Topology 1 Configure R0 terminal length 0 config hostname R0 line console exec timeout 0 exit vlan 101 103 exit ip routing R3 R0 VLAN 103 R1 R2...

Page 1039: ...hport mode trunk description R1 exit interface vlan 102 ip address 172 21 2 10 255 255 255 0 ip ospf hello interval 1 ip ospf dead interval 4 ip ospf network point to point exit interface te1 0 22 description R2 switchport mode trunk exit interface vlan 103 ip address 172 20 1 10 255 255 255 0 ip ospf hello interval 1 ip ospf dead interval 4 ip ospf network point to point exit interface te1 0 23 s...

Page 1040: ...nt exit interface te1 0 21 switchport mode trunk exit interface vlan 104 ip address 172 21 3 1 255 255 255 0 routing ip ospf hello interval 1 ip ospf dead interval 4 ip ospf network point to point exit interface te1 0 22 switchport mode trunk exit interface loopback 0 ip address 172 21 254 1 255 255 255 255 exit exit 3 Configure R2 terminal length 0 config line console serial timeout 0 exit ip rou...

Page 1041: ...5 255 0 routing ip ospf hello interval 1 ip ospf dead interval 4 ip ospf network point to point exit interface te1 0 22 switchport mode trunk exit interface loopback 0 ip address 172 21 254 2 255 255 255 255 exit exit 4 Configure R3 terminal length 0 config line console serial timeout 0 exit ip routing router ospf router id 3 3 3 3 network 172 21 0 0 0 0 255 255 area 0 timers spf 3 5 exit vlan 103...

Page 1042: ...s not receive this LSA directly from R0 it still correctly computes the route through the R0 R1 show ip route Route Codes R RIP Derived O OSPF Derived C Connected S Static B BGP Derived IA OSPF Inter Area E1 OSPF External Type 1 E2 OSPF External Type 2 N1 OSPF NSSA External Type 1 N2 OSPF NSSA External Type 2 O IA 100 0 0 0 24 110 2 via 172 21 1 10 00h 01m 35s 0 25 OSPF also blocks external LSAs o...

Page 1043: ...s a distance vector protocol and uses UDP broadcasts to maintain topology information and hop counts to determine the best route to transmit IP traffic RIP is best suited for small homogenous networks How Does RIP Determine Route Information The routing information is propagated in RIP update packets that are sent out both periodically and in the event of a network topology change On receipt of a ...

Page 1044: ...t the metric is set to infinity What RIP Versions Are Supported There are two versions of RIP RIP 1 defined in RFC 1058 Routes are specified by IP destination network and hop count The routing table is broadcast to all stations on the attached network RIP 2 defined in RFC 1723 Route specification is extended to include subnet mask and gateway The routing table is sent to a multicast address reduci...

Page 1045: ...r interface default values for RIP Table 36 1 RIP Global Defaults Parameter Default Value Admin Mode Enabled Split Horizon Mode Simple Auto Summary Mode Disabled Host Routes Accept Mode Enabled Default Information Originate Disabled Default Metric None configured Route Redistribution Disabled for all sources Table 36 2 RIP Per Interface Defaults Parameter Default Value Admin Mode Disabled Send Ver...

Page 1046: ...nd monitoring RIP features on a PowerConnect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page RIP Configuration Use the Configuration page to enable and configure or disable RIP in Global mode To display the page click Routing RIP Configuration in the navigation panel Figure 36 1 RIP Configuration ...

Page 1047: ...figuration Use the Interface Configuration page to enable and configure or to disable RIP on a specific interface To display the page click Routing RIP Interface Configuration in the navigation panel Figure 36 2 RIP Interface Configuration ...

Page 1048: ...P RIP Interface Summary Use the Interface Summary page to display RIP configuration status on an interface To display the page click Routing RIP Interface Summary in the navigation panel Figure 36 3 RIP Interface Summary ...

Page 1049: ... values are entered an alert message is displayed with the list of all the valid values To display the page click Routing RIP Route Redistribution Configuration in the navigation panel Figure 36 4 RIP Route Redistribution Configuration NOTE Static reject routes are not redistributed by RIP For a static reject route the next hop interface value is Null0 Packets to the network address specified in s...

Page 1050: ...ibution Summary Use the Route Redistribution Summary page to display Route Redistribution configurations To display the page click Routing RIP Route Redistribution Summary in the navigation panel Figure 36 5 RIP Route Redistribution Summary ...

Page 1051: ...on mode split horizon none simple poison Set the RIP split horizon mode none RIP does not use split horizon to avoid routing loops simple RIP uses split horizon to avoid routing loops poison RIP uses split horizon with poison reverse increases routing packet update size auto summary Enable the RIP auto summarization mode no hostroutesaccept Prevent the switch from accepting host routes default inf...

Page 1052: ...he interface to allow RIP control packets of the specified version s to be received ip rip authentication none simple key encrypt key key id set the RIP Version 2 Authentication Type and Key for the interface key Authentication key for the specified interface Range 16 bytes or less encrypt Specifies the Ethernet unit port of the interface to view information key id Authentication key identifier fo...

Page 1053: ...commands you use to configure ACLs see Configuring ACLs CLI on page 543 accesslistname The name used to identify an existing ACL ospf Apply the specified access list when OSPF is the source protocol static Apply the specified access list when packets come through the static route connected Apply the specified access list when packets come from a directly connected route redistribute static connect...

Page 1054: ...stributed external 2 Adds routes imported into OSPF as Type 2 external routes into any match types presently being redistributed nssa external 1 Adds routes imported into OSPF as NSSA Type 1 external routes into any match types presently being redistributed nssa external 2 Adds routes imported into OSPF as NSSA Type 2 external routes into any match types presently being redistributed distance rip ...

Page 1055: ...g console config ip routing 2 Create VLANs 10 20 and 30 console config vlan 10 20 30 3 Assign an IP address and enable RIP on each interface Additionally the commands specify that each interface can receive both RIP 1 and RIP 2 frames but send only RIP 2 formatted frames console config interface vlan 10 console config if vlan10 ip address 192 168 10 1 255 255 255 0 console config if vlan10 ip rip ...

Page 1056: ... config if vlan30 exit 4 Enable auto summarization of subprefixes when crossing classful boundaries console config router rip console config router auto summary console config router exit console config exit 5 Verify the configuration console show ip rip RIP Admin Mode Enable Split Horizon Mode Simple Auto Summary Mode Enable Host Routes Accept Mode Enable Global route changes 0 Global queries 0 D...

Page 1057: ... periods due to the failure of the default gateway router during which all traffic directed towards it is lost until the failure is detected How Does VRRP Work VRRP eliminates the single point of failure associated with static default routes by enabling a backup router to take over from a master router without affecting the end stations using the route The end stations will use a virtual IP addres...

Page 1058: ...he VRRP master If the VRRP master fails other members of the VRRP group will elect a master based on the configured router priority values For example router A is the interface owner and master and it has a priority of 255 Router B is configured with a priority of 200 and Router C is configured with a priority of 190 If Router A fails Router B assumes the role of VRRP master because it has a highe...

Page 1059: ...RP master responds to both fragmented and un fragmented ICMP Echo Request packets The VRRP master responds to Echo Requests sent to the virtual router s primary address or any of its secondary addresses Members of the virtual router who are in backup state discard ping packets destined to VRRP addresses just as they discard any Ethernet frame sent to a VRRP MAC address When the VRRP master respond...

Page 1060: ...s up the value of the priority decrement is added to the current router priority If the resulting priority is more than the backup router priority the original VRRP master resumes control VRRP route tracking monitors the reachability of an IP route A tracked route is considered up when a routing table entry exists for the route and the route is accessible When the tracked route is removed from the...

Page 1061: ...rameter Default Value Admin Mode Disabled Virtual Router ID VRID None Range 1 255 Preempt Mode Enabled Preempt Delay 0 Seconds Learn Advertisement Timer Interval Enabled Accept Mode Disabled Priority 100 Advertisement Interval 1 Authentication None Route Tracking No routes tracked Interface Tracking No interfaces tracked ...

Page 1062: ...toring VRRP features on a PowerConnect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page VRRP Configuration Use the Configuration page to enable or disable the administrative status of a virtual router To display the page click Routing VRRP Configuration in the navigation panel Figure 37 1 VRRP Configuration ...

Page 1063: ...ng VRRP 1063 VRRP Virtual Router Status Use the Router Status page to display virtual router status To display the page click Routing VRRP Router Status in the navigation panel Figure 37 2 Virtual Router Status ...

Page 1064: ...Virtual Router Statistics Use the Router Statistics page to display statistics for a specified virtual router To display the page click Routing VRRP Router Statistics in the navigation panel Figure 37 3 Virtual Router Statistics ...

Page 1065: ...65 VRRP Router Configuration Use the Configuration page to configure a virtual router To display the page click Routing VRRP Router Configuration Configuration in the navigation panel Figure 37 4 VRRP Router Configuration ...

Page 1066: ... to add new tracked routes To display the page click Routing VRRP Router Configuration Route Tracking Configuration in the navigation panel Figure 37 5 VRRP Route Tracking Configuration Configuring VRRP Route Tracking To configure VRRP route tracking 1 From the Route Tracking Configuration page click Add The Add Route Tracking page displays ...

Page 1067: ...estination network address track route prefix for the route to track Use dotted decimal format for example 192 168 10 0 4 Specify the prefix length for the tracked route 5 Specify a value for the Priority Decrement to define the amount that the router priority will be decreased when a tracked route becomes unreachable 6 Click Apply to update the switch ...

Page 1068: ...new tracked interfaces To display the page click Routing VRRP Router Configuration Interface Tracking Configuration in the navigation panel Figure 37 7 VRRP Interface Tracking Configuration Configuring VRRP Interface Tracking To configure VRRP interface tracking 1 From the Interface Tracking Configuration page click Add The Add Interface Tracking page displays ...

Page 1069: ...virtual router ID and VLAN routing interface that will track the interface 3 Specify the interface to track 4 Specify a value for the Priority Decrement to define the amount that the router priority will be decreased when a tracked interface goes down 5 Click Apply to update the switch ...

Page 1070: ...r Interface Configuration mode for the specified VLAN vrrp vr id Allow the interface to create in the VRRP group specified by the vr id parameter which is a number from 1 255 vrrp vr id description Optional Create a text description that identifies the VRRP group vrrp vr id preempt delay seconds Enable the preemption mode value for the virtual router configured on a specified interface You can opt...

Page 1071: ...rement priority Specify an interface the virtual router vr id on the interface will track If the interface goes down the virtual router priority is decreased by the amount specified by the priority value vrrp vr id track ip route ip address prefix length decrement priority Specify a route that the virtual router vr id on the interface will track If the route to the destination network specified by...

Page 1072: ... Sharing VRRP with Route and Interface Tracking VRRP with Load Sharing In Figure 37 9 two L3 PowerConnect switches are performing the routing for network clients Router A is the default gateway for some clients and Router B is the default gateway for other clients Figure 37 9 VRRP with Load Sharing Network Diagram ...

Page 1073: ...onsole config interface vlan 10 console config if vlan10 ip address 192 168 10 1 255 255 255 0 console config if vlan10 exit 3 Enable VRRP for the switch console config ip vrrp 4 Assign a virtual router ID to the VLAN routing interface for the first VRRP group console config interface vlan 10 console config if vlan10 vrrp 10 5 Specify the IP address that the virtual router function will use The ro...

Page 1074: ...Create and configure the VLAN routing interface to use as the default gateway for network clients This example assumes all other routing interfaces such as the interface to the external network have been configured console config interface vlan 10 console config if vlan10 ip address 192 168 10 2 255 255 255 0 console config if vlan10 exit 3 Enable VRRP for the switch console config ip vrrp 4 Assig...

Page 1075: ...alue is 255 by default console config if vlan10 vrrp 20 ip 192 168 10 2 9 Configure an optional description to help identify the VRRP group console config if vlan10 vrrp 20 description backup 10 Enable the VRRP groups on the interface console config if vlan10 ip vrrp 10 mode console config if vlan10 ip vrrp 20 mode console config if vlan10 exit console config exit ...

Page 1076: ... IP address 192 168 10 15 as the default gateway Figure 37 10 VRRP with Tracking Network Diagram Without VRRP interface or route tracking if something happened to VLAN 25 or the route to the external network as long as Router A remains up it will continue to be the VRRP master even though traffic from the clients does not have a path to the external network However if the interface and or route tr...

Page 1077: ...ess that the virtual router function will use console config if vlan10 vrrp 10 ip 192 168 10 15 6 Configure the router priority console config if vlan10 vrrp 10 priority 200 7 Enable preempt mode so that the router can regain its position as VRRP master if its priority is greater than the priority of the backup router console config if vlan10 vrrp 10 preempt 8 Enable the VRRP groups on the interfa...

Page 1078: ...p routing 2 Create and configure the VLAN routing interface to use as the default gateway for network clients This example assumes all other routing interfaces such as the interface to the external network have been configured console config interface vlan 10 console config if vlan10 ip address 192 168 10 2 255 255 255 0 console config if vlan10 exit 3 Enable VRRP for the switch console config ip ...

Page 1079: ...Configuring VRRP 1079 8 Enable the VRRP groups on the interface console config if vlan10 ip vrrp 10 mode console config if vlan10 exit console config exit ...

Page 1080: ...1080 Configuring VRRP ...

Page 1081: ...gs on page 1105 For information about IPv6 multicast see Managing IPv4 and IPv6 Multicast on page 1177 For configuration examples that include IPv6 interface configuration see OSPF Configuration Examples on page 1021 IPv6 Routing Overview IPv6 is the next generation of the Internet Protocol With 128 bit addresses versus 32 bit addresses for IPv4 IPv6 solves the address depletion issues seen with I...

Page 1082: ...bed in RFC2462 Unlike IPv4 IPv6 does not have broadcasts There are two types of IPv6 addresses unicast and multicast Unicast addresses allow direct one to one communication between two hosts whereas multicast addresses allow one to many communication Multicast addresses are used as destinations only Unicast addresses will have 00 through fe in the most significant octets and multicast addresses wi...

Page 1083: ...p addresses computed by routing protocols are usually link local addresses During the period of transitioning the Internet to IPv6 a global IPv6 Internet backbone may not be available One transition mechanism is to tunnel IPv6 packets inside IPv4 to reach remote IPv6 islands When a packet is sent over such a link it is encapsulated in IPv4 in order to traverse an IPv4 network and has the IPv4 head...

Page 1084: ...ss AutoConfig Mode Disabled Routing Mode Enabled Interface Maximum Transmit Unit 1500 Router Duplicate Address Detection Transmits 1 Router Advertisement NS Interval Not configured Router Lifetime Interval 1800 seconds Router Advertisement Reachable Time 0 seconds Router Advertisement Interval 600 seconds Router Advertisement Managed Config Flag Disabled Router Advertisement Other Config Flag Disa...

Page 1085: ...a PowerConnect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page Global Configuration Use the Global Configuration page to enable IPv6 forwarding on the router enable the forwarding of IPv6 unicast datagrams and configure global IPv6 settings To display the page click Routing IPv6 Global Configuration in the navigation panel Figure 38 1 IPv6 Globa...

Page 1086: ...face Configuration page to configure IPv6 interface parameters This page has been updated to include the IPv6 Destination Unreachables field To display the page click Routing IPv6 Interface Configuration in the navigation panel Figure 38 2 IPv6 Interface Configuration ...

Page 1087: ...outing 1087 Interface Summary Use the Interface Summary page to display settings for all IPv6 interfaces To display the page click Routing IPv6 Interface Summary in the navigation panel Figure 38 3 IPv6 Interface Summary ...

Page 1088: ...6 Routing IPv6 Statistics Use the IPv6 Statistics page to display IPv6 traffic statistics for one or all interfaces To display the page click Routing IPv6 IPv6 Statistics in the navigation panel Figure 38 4 IPv6 Statistics ...

Page 1089: ...g 1089 IPv6 Neighbor Table Use the IPv6 Neighbor Table page to display IPv6 neighbor details for a specified interface To display the page click IPv6 IPv6 Neighbor Table in the navigation panel Figure 38 5 IPv6 Neighbor Table ...

Page 1090: ...bout the network information automatically assigned to an interface by the DHCPv6 server This page displays information only if the DHCPv6 client has been enabled on an IPv6 routing interface To display the page click Routing IPv6 DHCPv6 Client Parameters in the navigation panel Figure 38 6 DHCPv6 Client Parameters ...

Page 1091: ... Configuration Use the IPv6 Route Entry Configuration page to configure information for IPv6 routes To display the page click Routing IPv6 IPv6 Routes IPv6 Route Entry Configuration in the navigation panel Figure 38 7 IPv6 Route Entry Configuration ...

Page 1092: ...uting IPv6 Route Table Use the IPv6 Route Table page to display all active IPv6 routes and their settings To display the page click Routing IPv6 IPv6 Routes IPv6 Route Table in the navigation panel Figure 38 8 IPv6 Route Table ...

Page 1093: ...f any other protocol The best route to a destination is chosen by selecting the route with the lowest preference value When there are multiple routes to a destination the preference values are used to determine the preferred route If there is still a tie the route with the best route metric is chosen To avoid problems with mismatched metrics you must configure different preference values for each ...

Page 1094: ...Pv6 Routes Configured IPv6 Routes in the navigation panel Figure 38 10 Configured IPv6 Routes To remove a configured route select the check box in the Delete column of the route to remove and click Apply NOTE For a static reject route the next hop interface value is Null0 Packets to the network address specified in static reject routes are intentionally dropped ...

Page 1095: ...igure Enter global configuration mode sdm prefer dual ipv4 and ipv6 default Select a Switch Database Management SDM template to enable support for both IPv4 and IPv6 Changing the SDM template requires a system reload ipv6 unicast routing Globally enable IPv6 routing on the switch ipv6 hop limit limit Set the TTL value for the router The valid range is 0 to 255 ipv6 icmp error interval burst interv...

Page 1096: ...setting an address Link local multicast IPv4 compatible and IPv4 mapped addresses are not allowed to be configured Include the EUI 64 keyword to have the system add the 64 bit interface ID to the address You must use a network prefix length of 64 in this case For VLAN interfaces use the dhcp keyword to enable the DHCPv6 client and obtain an IP address form a network DHCPv6 server ipv6 mtu size VLA...

Page 1097: ...onfiguration off link Do not use the prefix for onlink determination ipv6 nd ra interval maximum minimum Set the transmission interval between router Neighbor Discovery advertisements maximum The maximum interval duration Range 4 1800 seconds minimum The minimum interval duration Range 3 0 75 maximum seconds ipv6 nd ra lifetime seconds Set the value that is placed in the Router Lifetime field of t...

Page 1098: ...teful configuration flag in router advertisements sent from the interface ipv6 nd managed config flag Set the managed address configuration flag in router advertisements When the value is true end nodes use DHCPv6 When the value is false end nodes automatically configure addresses ipv6 nd reachable time milliseconds Set the router advertisement time to consider a neighbor reachable after neighbor ...

Page 1099: ...next hop address The IPv6 address of the next hop that can be used to reach the specified network A link local next hop address must have a prefix length of 128 The next hop address cannot be an unspecified address all zeros a multicast address or a loopback address If a link local next hop address is specified the interface VLAN or tunnel must also be specified preference Also known as Administra...

Page 1100: ...ce integer Set the default distance preference for static IPv6 routes Lower route preference values are preferred when determining the best route The default distance preference for static routes is 1 exit Exit to Global Config mode Command Purpose ...

Page 1101: ...ength protocol interface type interface number best View the routing table ipv6 address Specifies an IPv6 address for which the best matching route would be displayed protocol Specifies the protocol that installed the routes Is one of the following keywords connected ospf static ipv6 prefix prefix length Specifies an IPv6 network for which the matching route would be displayed interface type inter...

Page 1102: ...s ipv6 route 0 null 254 Use this in all routers except the ones with direct Internet connectivity Routers with direct Internet connectivity should advertise a default route The effect of this route is that when a router does not have connectivity to the Internet the router will quickly discard packets that it cannot deliver If the router learns a default route from another router the learned route...

Page 1103: ...cific route will have precedence Another use for the Reject route is to prevent internal hosts from communication with specific addresses or ranges of addresses The effect is the same as an outgoing access list with a deny statement A route is generally more efficient than an access list that performs the same function If you need more fine grained filtering such as protocols or port numbers use t...

Page 1104: ...1104 Configuring IPv6 Routing ...

Page 1105: ...ients and servers for the purpose of assigning IP addresses gateways and other networking definitions such as Domain Name System DNS and Network Time Protocol NTP parameters However IPv6 natively provides IP address auto configuration through IPv6 Neighbor Discovery Protocol NDP and through the use of Router Advertisement messages Thus the role of DHCPv6 within the network is different than that o...

Page 1106: ... response A DHCPv6 server then responds by providing only networking definitions such as DNS domain name and server definitions NTP server definitions or SIP definitions What Is the DHCPv6 Relay Agent Information Option The DHCPv6 Relay Agent Information Option allows for various sub options to be attached to messages that are being relayed by the local router to a DHCPv6 server The DHCPv6 server ...

Page 1107: ...ients may request multiple IPv6 prefixes Also DHCPv6 clients may request specific IPv6 prefixes If the configured DHCPv6 pool contains the specific prefix that a DHCPv6 client requests then that prefix will be delegated to the client Otherwise the first available IPv6 prefix within the configured pool will be delegated to the client Default DHCPv6 Server and Relay Values By default the DHCPv6 serv...

Page 1108: ...uring and monitoring the DHCPv6 server on a PowerConnect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page DHCPv6 Global Configuration Use the Global Configuration page to configure DHCPv6 global parameters To display the page click Routing IPv6 DHCPv6 Global Configuration in the navigation panel Figure 39 2 DHCPv6 Global Configuration ...

Page 1109: ...omain names of DNS servers To display the page click Routing IPv6 DHCPv6 Pool Configuration in the navigation panel Figure 39 3 shows the page when no pools have been created After a pool has been created additional fields display Figure 39 3 Pool Configuration Configuring a DHCPv6 Pool To configure the pool 1 Open the Pool Configuration page 2 Select Create from the Pool Name menu and type a name...

Page 1110: ...om the DNS Server Address menu select an existing DNS Server Address to associate with this pool or select Add and specify a new server to add 5 From the Domain Name menu select an existing domain name to associate with this pool or select Add and specify a new domain name 6 Click Apply ...

Page 1111: ...iguration page to configure a delegated prefix for a pool At least one pool must be created using DHCPv6 Pool Configuration before a delegated prefix can be configured To display the page click Routing IPv6 DHCPv6 Prefix Delegation Configuration in the navigation panel Figure 39 5 Prefix Delegation Configuration ...

Page 1112: ...se the Pool Summary page to display settings for all DHCPv6 Pools At least one pool must be created using DHCPv6 Pool Configuration before the Pool Summary displays To display the page click Routing IPv6 DHCPv6 Pool Summary in the navigation panel Figure 39 6 Pool Summary ...

Page 1113: ...e the DHCPv6 Interface Configuration page to configure a DHCPv6 interface To display the page click Routing IPv6 DHCPv6 Interface Configuration in the navigation panel The fields that display on the page depend on the selected interface mode Figure 39 7 DHCPv6 Interface Configuration ...

Page 1114: ...Figure 39 8 shows the screen when the selected interface mode is Server Figure 39 8 DHCPv6 Interface Configuration Server Mode Figure 39 9 shows the screen when the selected interface mode is Relay Figure 39 9 DHCPv6 Interface Configuration Relay Mode ...

Page 1115: ...tings 1115 DHCPv6 Server Bindings Summary Use the Server Bindings Summary page to display all DHCPv6 server bindings To display the page click Routing IPv6 DHCPv6 Bindings Summary in the navigation panel Figure 39 10 Server Bindings Summary ...

Page 1116: ...nd Relay Settings DHCPv6 Statistics Use the DHCPv6 Statistics page to display DHCPv6 statistics for one or all interfaces To display the page click Routing IPv6 DHCPv6 Statistics in the navigation panel Figure 39 11 DHCPv6 Statistics ...

Page 1117: ...pool parameters for DHCPv6 clients that obtain IPv6 network information dynamically Command Purpose configure Enter Global Configuration mode service dhcpv6 Enable the DHCPv6 server ipv6 dhcp relay agent info opt option Configure a number to represent the DHCPv6 Relay Agent Information Option The option parameter is an integer from 54 65535 ipv6 dhcp relay agent info remote id subopt suboption Con...

Page 1118: ...fix length client DUID name hostname valid lifetime valid lifetime infinite preferred lifetime preferred lifetime infinite Define an IPv6 prefixes within a pool for distributing to specific DHCPv6 Prefix delegation clients prefix prefix length Delegated IPv6 prefix client DUID DHCP Unique Identifier for the client e g 00 01 00 09 f8 79 4e 00 04 76 73 43 76 hostname Client hostname used for logging...

Page 1119: ...interface vlan vlan id interface vlan vlan id remote id duid ifid user defined string Configure the interface for DHCPv6 relay functionality destination Keyword that sets the relay server IPv6 address relay address An IPv6 address of a DHCPv6 relay server interface Sets the relay server interface vlan id A valid VLAN ID remote id duid ifid user defined string The Relay Agent Information Option rem...

Page 1120: ...viated exchange between the client and server pref value Preference value used by clients to determine preference between multiple DHCPv6 servers Range 0 4294967295 CTRL Z Exit to Privileged Exec Mode show ipv6 dhcp interface tunnel tunnel id vlan vlan id View DHCPv6 information for all interfaces or for the specified interface Command Purpose show ipv6 dhcp binding address View the current bindin...

Page 1121: ...l VLAN routing interface 100 is configured as a DHCPv6 server Setting NDP on the interface to send the other config flag option allows the interface to prompt DHCPv6 clients to request only stateless server information To configure the switch 1 Enable the DHCPv6 feature console configure console config service dhcpv6 2 Create the DHCPv6 pool and configure stateless information console config ipv6 ...

Page 1122: ...nts The prefix to DUID mapping is defined within the DHCPv6 pool To configure the switch 1 Create the DHCPv6 pool and specify the domain name and DNS server information console config ipv6 dhcp pool my pool2 console config dhcp6s pool domain name dell com console config dhcp6s pool dns server 2001 DB8 A328 22C 1 2 Specify the prefix delegations for specific clients The first two commands provide m...

Page 1123: ... the destination address of the relay server and the interface used for reachability to the relay server To configure the switch 1 Create VLAN 300 and define its IPv6 address console config interface vlan 300 console config if vlan300 ipv6 address 2001 DB8 03a 64 2 Configure the interface as a DHCPv6 relay agent and specify the IPv6 address of the relay server The command also specifies that the r...

Page 1124: ...1124 Configuring DHCPv6 Server and Relay Settings Relay Interface Number Vl100 Relay Remote ID Option Flags ...

Page 1125: ...v CLI DiffServ Configuration Examples DiffServ Overview Standard IP based networks are designed to provide best effort data delivery service Best effort service implies that the network delivers the data in a timely fashion although there is no guarantee that it will During times of congestion packets may be delayed sent sporadically or dropped For typical Internet applications such as email and f...

Page 1126: ...ate queue management algorithms Before configuring DiffServ on PowerConnect M6220 M6348 M8024 and M8024 k switches you must determine the QoS requirements for the network as a whole The requirements are expressed in terms of rules which are used to classify inbound or outbound traffic on a particular interface What Are the Elements of DiffServ Configuration During configuration you define DiffServ...

Page 1127: ... by dropping or re marking those that exceed the class s assigned data rate Counting the traffic within the class Service Assigns a policy to an interface for inbound traffic Default DiffServ Values Table 40 1 shows the global default values for DiffServ NOTE You can use an 802 1X authenticator or RADIUS server to dynamically assign DiffServ filters to ports when a host connects to a port and auth...

Page 1128: ...4 k switch For details about the fields on a page click at the top of the page DiffServ Configuration Use the DiffServ Configuration page to display the DiffServ administrative mode setting as well as the current and maximum number of rows in each of the main DiffServ private MIB tables To display the page click Quality of Service Differentiated Services DiffServ Configuration in the navigation pa...

Page 1129: ...he page click Quality of Service Differentiated Services Class Configuration in the navigation panel Figure 40 2 DiffServ Class Configuration Adding a DiffServ Class To add a DiffServ class 1 From the DiffServ Class Configuration page click Add to display the Add Class page Figure 40 3 Add DiffServ Class 2 Enter a name for the class and select the protocol to use for class match criteria ...

Page 1130: ... Show All Figure 40 4 View DiffServ Class Summary Class Criteria Use the DiffServ Class Criteria page to define the criteria to associate with a DiffServ class As packets are received these DiffServ classes are used to identify packets To display the page click Quality of Service Differentiated Services Class Criteria in the navigation panel ...

Page 1131: ...Configuring Differentiated Services 1131 Figure 40 5 DiffServ Class Criteria ...

Page 1132: ...n of classes with one or more policy statements To display the page click Quality of Service Differentiated Services Policy Configuration in the navigation panel Figure 40 6 DiffServ Policy Configuration Adding a New Policy Name To add a policy 1 From the DiffServ Policy Configuration page click Add to display the Add Policy page ...

Page 1133: ...ted Services 1133 Figure 40 7 Add DiffServ Policy 2 Enter the new Policy Name 3 Click Apply to save the new policy 4 To view a summary of the policies configured on the switch click Show All Figure 40 8 View DiffServ Policies ...

Page 1134: ...e to associate a class to a policy and to define attributes for that policy class instance To display the page click Quality of Service Differentiated Services Policy Class Definition in the navigation panel Figure 40 9 DiffServ Policy Class Definition To view a summary of the policy attributes click Show All ...

Page 1135: ...arked with either an IP DSCP IP precedence or CoS value 1 Select Marking from the Traffic Conditioning drop down menu on the DiffServ Policy Class Definition page The Packet Marking page displays Figure 40 11 Policy Class Definition Packet Marking 2 Select IP DSCP IP Precedence or Class of Service to mark for this policy class 3 Select or enter a value for this field 4 Click Apply to define the po...

Page 1136: ...icing page displays the Policy Name Class Name and Policing Style Select a value for the following fields Color Mode The type of color policing used Color Blind or Color Aware Conform Action Selector The action taken on packets that are considered conforming below the police rate Options are Send Drop Mark CoS Mark IP DSCP Mark IP Precedence Violate Action The action taken on packets that are cons...

Page 1137: ...age to activate a policy on a port To display the page click Quality of Service Differentiated Services Service Configuration in the navigation panel Figure 40 13 DiffServ Service Configuration To view a summary of the services configured on the switch click Show All Figure 40 14 DiffServ Service Summary ...

Page 1138: ...the DiffServ Service Detailed Statistics page to display packet details for a particular port and class To display the page click Quality of Service Differentiated Services Service Detailed Statistics in the navigation panel Figure 40 15 DiffServ Service Detailed Statistics ...

Page 1139: ... to create a mirroring session in which the traffic that matches the specified policy and member class is mirrored to a destination port To display the Flow Based Mirroring page click Switching Ports Traffic Mirroring Flow Based Mirroring in the navigation panel Figure 40 16 Flow Based Mirroring ...

Page 1140: ...nformation CLI Command Description configure Enter global configuration mode diffserv Set the DiffServ operational mode to active exit Exit to Privileged EXEC mode show diffserv Display the DiffServ general information which includes the current administrative mode setting as well as the current and maximum number of DiffServ components CLI Command Description configure Enter global configuration ...

Page 1141: ... match ip dscp Add to the specified class definition a match condition based on the value of the IP DiffServ Code Point DSCP field in a packet match ip precedence Add to the specified class definition a match condition based on the value of the IP match ip tos Add to the specified class definition a match condition based on the value of the IP TOS field in a packet match protocol Add to the specif...

Page 1142: ...iption configure Enter global configuration mode class map match all class map name ipv6 Define a new DiffServ class match any Configure a match condition for all the packets match class map Add to the specified class definition the set of match conditions defined for another class match dstip6 Add to the specified class definition a match condition based on the destination IPv6 address of a packe...

Page 1143: ...o the specified class definition a match condition based on the source IPv6 address of a packet match srcl4port Add to the specified class definition a match condition based on the source layer 4 port of a packet using a single keyword a numeric notation or a numeric range notation CLI Command Description configure Enter global configuration mode policy map policy name in Create a new DiffServ pol...

Page 1144: ...m action drop set cos transmit cos set prectransmit cos set dscp transmit dscpval transmit violateaction drop set cos transmit cos set prec transmit cos set dscp transmit dscpval transmit Establish the traffic policing style for the specified class The simple form of the police command uses a single data rate and burst size resulting in two outcomes conform and nonconform datarate Data rate in kil...

Page 1145: ...ue Mark all packets for the associated traffic stream with the specified IP DSCP value mark ip precedence value Mark all packets for the associated traffic stream with the specified IP precedence value range 0 7 mirror interface redirect interface Use mirror to mirror all packets for the associated traffic stream that matches the defined class to the specified destination port or LAG Use redirect ...

Page 1146: ...Global Configuration mode for all system interfaces or Interface Configuration mode for a specific interface exit Exit to Privilege Exec mode show diffserv service brief in out Display all interfaces in the system to which a DiffServ policy has been attached show diffserv service interface interface in out Display policy service information for the specified interface where interface is replaced b...

Page 1147: ...nternet or other external network to different departments within a company Each of four departments has its own Class B subnet that is allocated 25 of the available bandwidth on the port accessing the Internet Figure 40 17 DiffServ Internet Access Example Network Diagram Finance Marketing Test Development Internet Layer 3 Switch Port 1 0 5 Outbound 1 0 1 1 0 2 1 0 3 1 0 4 Source IP 172 16 10 0 25...

Page 1148: ...5 0 console config classmap exit console config class map match all development_dept console config classmap match srcip 172 16 40 0 255 255 255 0 console config classmap exit 3 Create a DiffServ policy for inbound traffic named internet_access adding the previously created department classes as instances within this policy This policy uses the assign queue attribute to put each department s traff...

Page 1149: ..._access console config if Gi1 0 3 exit console config interface gigabitethernet 1 0 4 console config if Gi1 0 4 service policy in internet_access console config if Gi1 0 4 exit 5 Set the CoS queue configuration for the presumed egress Gigabit Ethernet interface 1 0 1 such that each of queues 1 2 3 and 4 get a minimum guaranteed bandwidth of 25 All queues for this interface use weighted round robin...

Page 1150: ...ample shows one way to provide the necessary quality of service how to set up a class for UDP traffic have that traffic marked on the inbound side and then expedite the traffic on the outbound side The configuration script is for Router 1 in the accompanying diagram a similar script should be applied to Router 2 Figure 40 18 DiffServ VoIP Example Network Diagram Internet Layer 3 Switch Operating a...

Page 1151: ... DiffServ code point DSCP of EF expedited forwarding This handles incoming traffic that was previously marked as expedited elsewhere in the network console config class map match all class_ef console config classmap match ip dscp ef console config classmap exit 4 Create a DiffServ policy for inbound traffic named pol_voip then add the previously created classes class_ef and class_voip as instances...

Page 1152: ...licy classmap exit console config policy map exit 5 Attach the defined policy to an inbound service interface console config interface gigabitethernet 1 0 1 console config if Gi1 0 1 service policy in pol_voip console config if Gi1 0 1 exit console config exit ...

Page 1153: ...s chapter include CoS Overview Default CoS Values Configuring CoS Web Configuring CoS CLI CoS Configuration Example CoS Overview The CoS feature lets you give preferential treatment to certain types of traffic over others To set up this preferential treatment you can configure the ingress ports the egress ports and individual queues on the egress ports to provide customization that suits your envi...

Page 1154: ... priority designations based on one of the following fields in the packet header 802 1 Priority values 0 7 IP DSCP values 0 63 A mapping table associates the designated field values in the incoming packet headers with a traffic class priority actually a CoS traffic queue Ports in Untrusted Mode If you configure an ingress port in untrusted mode the system ignores any priority designations encoded ...

Page 1155: ... have an equal offered load toward a congested output port CoS queue 2 will receive 3 6 of the bandwidth CoS queue 1 will receive 2 6 of the bandwidth and CoS queue 0 will receive 1 6 of the bandwidth The minimum bandwidth setting can be used to override the strict priority and weighted settings The highest numbered strict priority queue will receive no more bandwidth than 100 percent minus the su...

Page 1156: ...is value provides a scaling factor for increasing the number of packets of the selected drop precedence level that are dropped as the queue depth increases The drop probability supports configuration in the range of 0 to 10 and the discrete values 25 50 and 75 Values not listed are truncated to the next lower value in hardware CoS Queue Usage CoS queue 7 is reserved by the system and is not assign...

Page 1157: ... display the page click Quality of Service Class of Service Mapping Table Configuration in the navigation panel CoS 802 1P is the default mode so this is the page that displays when Mapping Table Configuration is selected from the Class of Service menu page IP DSCP value to queue mapping IP DSCP Queue 0 7 24 31 1 8 23 0 32 47 2 48 63 3 Interface Shaping Rate 0 Kbps Minimum Bandwidth 0 Scheduler Ty...

Page 1158: ...1158 Configuring Class of Service Figure 41 1 Mapping Table Configuration CoS 802 1P ...

Page 1159: ...Configuring Class of Service 1159 To access the DSCP Queue Mapping Table click the DSCP Queue Mapping Table link at the top of the page Figure 41 2 DSCP Queue Mapping Table ...

Page 1160: ... the decay exponent for WRED queues defined on the interface Each interface CoS parameter can be configured globally or per port A global configuration change is applied to all interfaces in the system To display the Interface Configuration page click Quality of Service Class of Service Interface Configuration in the navigation panel Figure 41 3 Interface Configuration ...

Page 1161: ...ing method and the queue management method The configuration process is simplified by allowing each CoS queue parameter to be configured globally or per port A global configuration change is applied to the same queue ID on all ports in the system To display the Interface Queue Configuration page click Quality of Service Class of Service Interface Queue Configuration in the navigation panel Figure ...

Page 1162: ...led interface queue The settings you configure control the minimum and maximum thresholds and a drop probability scaling factor for the selected drop precedence level These parameters can be applied to each drop precedence level on a per interface queue basis or can be set globally for the same drop precedence level and queue ID on all interfaces To display the Interface Queue Drop Precedence Conf...

Page 1163: ...Configuring Class of Service 1163 Figure 41 5 Interface Queue Drop Precedence Configuration To access the Interface Queue Drop Precedence Status page click the Show All link at the top of the page ...

Page 1164: ...ort tengigabitethernet unit slot port or port channel port channel number classofservice dotlp mapping priority Map an 802 1p priority to an internal traffic class for a switch You can also use this command in Global Configuration mode to configure the same mappings on all interfaces classofservice trust dot1p ip dscp untrusted Set the class of service trust mode of an interface exit Exit to Globa...

Page 1165: ...s the shaping bandwidth value from 64 to 4294967295 kbps random detect exponential weighting constant exponent Configure the WRED decay exponent range 0 15 for the interface The weighting constant exponent determines how much of the previous average queue length sample is added to the current average queue length A value of 0 indicates that no weight is given to the previous sample and only the in...

Page 1166: ...e for each specified queue The queue id value ranges from 0 to 6 cos queue random detect queue id Set the queue management type for the specified queue to WRED The no version of this command resets the value to taildrop exit Exit to Global Config mode exit Exit to Privilege Exec mode show interfaces cos queue Display the class of service queue configuration for a specified interface or all interfa...

Page 1167: ...terface Configuration mode where interface is replaced by gigabitethernet unit slot port tengigabitethernet unit slot port or port channel port channel number random detect queue parms queue id queue id min thresh min1 min2 min3 min4 max thresh max1 max2 max3 max4 drop prob prob1 prob2 prob3 prob4 Configure the maximum and minimum thresholds for one or more queue IDs on a WRED enabled interface qu...

Page 1168: ...hich serves to direct packets A B and D to their respective queues on the egress port These three packets utilize the 802 1p to CoS Mapping Table for port te1 0 10 In this example the 802 1p user priority 3 is configured to send the packet to queue 5 instead of the default queue 3 Since packet C does not contain a VLAN tag the 802 1p user priority does not exist so port te1 0 10 relies on its defa...

Page 1169: ...ig interface gigabitethernet 1 0 10 console config if Gi1 0 10 classofservice trust dot1p 2 For port 10 configure the 802 1p user priority 3 to send the packet to queue 5 instead of the default queue queue 3 console config if Gi1 0 10 classofservice dot1p mapping 3 5 3 For port 10 specify that untagged VLAN packets should have a default priority of 2 console config if Gi1 0 10 vlan priority 2 cons...

Page 1170: ... generally use the default WRR scheduling mode as opposed to strict priority to avoid starving other traffic For example the following commands assign user priority 4 to CoS queue 4 and reserve 50 of the scheduler bandwidth to CoS queue 4 classofservice dot1p mapping 4 4 cos queue min bandwidth 0 0 0 0 50 0 0 ...

Page 1171: ...se Auto VoIP is limited to 16 sessions Voice VLAN is the preferred solution for enterprises wishing to deploy a large scale voice service The topics covered in this chapter include Auto VoIP Overview Default Auto VoIP Values Configuring Auto VoIP Web Configuring Auto VoIP CLI Auto VoIP Overview The Auto VoIP feature explicitly matches VoIP streams in Ethernet switches and provides them with a bett...

Page 1172: ...sify voice traffic onto a VLAN How Does Auto VoIP Use ACLs Auto VoIP borrows ACL lists from the global system pool ACL lists allocated by Auto VoIP reduce the total number of ACLs available for use by the network operator Enabling Auto VoIP uses one ACL list to monitor for VoIP sessions Each monitored VoIP session utilizes two rules from an additional ACL list This means that the maximum number of...

Page 1173: ...Configuration Use the Global Configuration page to enable or disable Auto VoIP on all interfaces To display the Auto VoIP Global Configuration page click Quality of Service Auto VoIP Global Configuration in the navigation menu Figure 42 1 Auto VoIP Global Configuration Auto VoIP Interface Configuration Use the Interface Configuration page to enable or disable Auto VoIP on a particular interface To...

Page 1174: ...1174 Configuring Auto VoIP Figure 42 2 Auto VoIP Interface Configuration ...

Page 1175: ...Configuring Auto VoIP 1175 To display summary Auto VoIP configuration information for all interfaces click the Show All link at the top of the page Figure 42 3 Auto VoIP ...

Page 1176: ...leged Exec mode use the following commands in to enable Auto VoIP and view its configuration CLI Command Description configure Enter Global Configuration mode switchport voice detect auto Enable the VoIP Profile on all the interfaces of the switch You can also enter Interface Configuration mode and use the same command to enable it on a specific interface exit Exit to Global Configuration Exec mod...

Page 1177: ...only to hosts who are members of the multicast group Multicast enables efficient use of network bandwidth because each multicast datagram needs to be transmitted only once on each network link regardless of the number of destination hosts Multicasting contrasts with IP unicasting which sends a separate datagram to each recipient host The IP routing protocols can route multicast traffic but the IP ...

Page 1178: ...s connected to the network This approach works well for broadcast packets that are intended to be seen or processed by all connected nodes In the case of multicast packets however this approach could lead to less efficient use of network bandwidth particularly when the packet is intended for only a small number of nodes Packets will be flooded into network segments where no node has any interest i...

Page 1179: ...cast distribution tree that enables forwarding multicast datagrams only on the links that are required to reach a destination group member Protocols such as DVMRP and PIM handle this function IGMP and MLD are multicast group discovery protocols that are used between the clients and the local multicast router PIM SM PIM DM and DVMRP are multicast routing protocols that are used across different sub...

Page 1180: ... Protocols to Enable IGMP is required on any multicast router that serves IPv4 hosts IGMP is not required on inter router links MLD is required on any router that serves IPv6 hosts MLD is not required on inter router links PIM DM PIM SM and DVMRP are multicast routing protocols that help determine the best route for IP PIM and DVMRP and IPv6 PIM multicast traffic For more information about when to...

Page 1181: ...multicast router to learn multicast group membership information and forward multicast packets based upon the group membership information The IGMP Proxy is capable of functioning only in certain topologies that do not require Multicast Routing Protocols i e DVMRP PIM DM and PIM SM and have a tree like topology as there is no support for features like reverse path forwarding RPF to correct packet ...

Page 1182: ...lticast address listeners information from systems on an attached network These queries are used to build and refresh the multicast address listener state on attached networks Multicast listeners respond to these queries by reporting their multicast addresses listener state and their desired set of sources with Current State Multicast address Records in the MLD2 Membership Reports The Multicast ro...

Page 1183: ...hosts want the multicast traffic unless they specifically ask for it It initially creates a shared distribution tree centered on a defined rendezvous point RP through which source traffic is relayed to the ultimate receiver Multicast traffic sources first send the multicast data to the RP which in turn sends the data down the shared tree to the receivers Shared trees centered on an RP do not neces...

Page 1184: ...applications and help ensure that the multicast traffic is recovered quickly in such scenarios PIM SM Protocol Operation This section describes the workings of PIM SM protocol per RFC 4601 The protocol operates essentially in three phases as explained in the following sections Phase 1 RP Tree Figure 43 1 PIM SM Shared Tree Join In this example an active receiver attached to leaf router at the bott...

Page 1185: ... an active source for group G sends a packet the designated router DR that is attached to this source is responsible for Registering this source with the RP and requesting the RP to build a tree back to that router To do this the source router encapsulates the multicast data from the source in a special PIM SM message called the Register message and unicasts that data to the RP When the RP receive...

Page 1186: ...ted in the entire router path along the SPT including the RP Figure 43 3 PIM SM Sender Registration Part 2 As soon as the SPT is built from the Source router to the RP multicast traffic begins to flow unencapsulated from source S to the RP Once this is complete the RP Router will send a Register Stop message to the first hop router to tell it to stop sending the encapsulated data to the RP ...

Page 1187: ...fic function called SwitchToSptDesired S G in the standard and generally takes a number of seconds to switch to the SPT In the above example the last hop router at the bottom of the drawing sends an S G Join message toward the source to join the SPT and bypass the RP This S G Join messages travels hop by hop to the first hop router i e the router connected directly to the source thereby creating a...

Page 1188: ...art 2 Finally special S G RP bit Prune messages are sent up the Shared Tree to prune off this S G traffic from the Shared Tree If this were not done S G traffic would continue flowing down the Shared Tree resulting in duplicate S G packets arriving at the receiver ...

Page 1189: ... and IPv6 Multicast 1189 Figure 43 6 PIM SM SPT Part 3 At this point S G traffic is now flowing directly from the first hop router to the last hop router and from there to the receiver Figure 43 7 PIM SM SPT Part 4 ...

Page 1190: ... and from there to the receiver Notice that traffic is no longer flowing to the RP The PIM standard requires support for multi hop RP in that a router running PIM can act as an RP even if it is multiple router hops away from the multicast source This requires that the first hop router perform encapsulation of the multicast data and forward it as unicast toward the RP In practice this encapsulation...

Page 1191: ...p router subsequently receives the PIM Join from the RP the block is replaced with a regular multicast forwarding entry so that subsequent data packets are forwarded in the hardware If the initial Register message s does not reach the RP or the PIM Join sent in response does not reach the first hop router then the data stream would never get forwarded To solve this the negative entry is timed out ...

Page 1192: ...ing data all downstream routers and hosts want to receive a multicast datagram PIM DM initially floods multicast traffic throughout the network Routers that do not have any downstream neighbors prune back the unwanted traffic In addition to PRUNE messages PIM DM makes use of graft and assert messages Graft messages are used whenever a new host wants to join the group Assert messages are used to sh...

Page 1193: ... avoided Understanding DVMRP Multicast Packet Routing DVMRP is based on RIP it forwards multicast datagrams to other routers in the AS and constructs a forwarding table based on information it learns in response More specifically it uses this sequence A new multicast packet is forwarded to the entire multicast network with respect to the time to live TTL of the packet The TTL restricts the area to...

Page 1194: ... given multicast traffic stream DVMRP is similar to PIM DM in that it floods multicast packets throughout the network and prunes branches where the multicast traffic is not desired DVMRP was developed before PIM DM and it has several limitations that do not exist with PIM DM You might use DVMRP as the multicast routing protocol if it has already been widely deployed within the network Microsoft Ne...

Page 1195: ...witches are as follows 1536 IPv4 512 IPv6 PCM8024 512 IPv4 256 IPv6 PCM8024 k 1536 IPv4 512 IPv6 PCM6348 1536 IPv4 512 IPv6 Static Multicast Routes None configured Interface TTL Threshold 1 IGMP Defaults IGMP Admin Mode Disabled globally and on all interfaces IGMP Version v3 IGMP Robustness 2 IGMP Query Interval 125 seconds IGMP Query Max Response Time 100 seconds IGMP Startup Query Interval 31 se...

Page 1196: ...led on an interface PIM SM Join Prune Interval 60 seconds when enabled on an interface PIM SM BSR Border Disabled PIM SM DR Priority 1 when enabled on an interface PIM Candidate Rendezvous Points RPs None configured PIM Static RP None configured PIM Source Specific Multicast SSM Range None configured Default SSM group address is 232 0 0 0 8 for IPv4 multicast and ff3x 32 for IPv6 multicast PIM BSR...

Page 1197: ...pecific on a PowerConnect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page Multicast Global Configuration Use the Global Configuration page to configure the administrative status of Multicast Forwarding in the router and to display global multicast parameters To display the page click IPv4 Multicast Multicast Global Configuration in the navigatio...

Page 1198: ...ge to configure the TTL threshold of a multicast interface At least one VLAN routing interface must be configured on the switch before fields display on this page To display the page click IPv4 Multicast Multicast Interface Configuration in the navigation panel Figure 43 10 Multicast Interface Configuration ...

Page 1199: ...Route Table Use the Route Table page to view information about the multicast routes in the IPv4 multicast routing table To display the page click IPv4 Multicast Multicast Multicast Route Table Multicast Route Table Figure 43 11 Multicast Route Table ...

Page 1200: ...n range of multicast addresses on a given routing interface Use the Admin Boundary Configuration page to configure a new or existing administratively scoped boundary To see this page you must have configured a valid routing interface and multicast To display the page click IPv4 Multicast Multicast Admin Boundary Configuration in the navigation panel Figure 43 12 Multicast Admin Boundary Configurat...

Page 1201: ...n Boundary Summary Use the Admin Boundary Summary page to display existing administratively scoped boundaries To display the page click IPv4 Multicast Multicast Admin Boundary Summary in the navigation panel Figure 43 13 Multicast Admin Boundary Summary ...

Page 1202: ...Use the Static MRoute Configuration page to configure a new static entry in the Mroute table or to modify an existing entry To display the page click IPv4 Multicast Multicast Static MRoute Configuration in the navigation panel Figure 43 14 Multicast Static MRoute Configuration ...

Page 1203: ... Static MRoute Summary Use the Static MRoute Summary page to display static routes and their configurations To display the page click IPv4 Multicast Multicast Static MRoute Summary in the navigation panel Figure 43 15 Multicast Static MRoute Summary ...

Page 1204: ...atures that are not protocol specific on a PowerConnect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page IPv6 Multicast Route Table Use the Multicast Route Table page to view information about the multicast routes in the IPv6 multicast routing table To display the page click IPv6 Multicast Multicast Multicast Route Table Figure 43 16 IPv6 Multica...

Page 1205: ...the IGMP and IGMP proxy features on a PowerConnect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page IGMP Global Configuration Use the Global Configuration page to set IGMP on the system to active or inactive To display the page click IPv4 Multicast IGMP Global Configuration in the navigation panel Figure 43 17 IGMP Global Configuration ...

Page 1206: ... and or display router interface parameters You must configure at least one valid routing interface before you can access this page and configure IP Multicast IGMP To display the page click IPv4 Multicast IGMP Routing Interface Interface Configuration in the navigation panel Figure 43 18 IGMP Interface Configuration ...

Page 1207: ...ace Summary page to display IGMP routing parameters and data You must configure at least one IGMP router interface to access this page To display the page click IPv4 Multicast IGMP Routing Interface Interface Summary in the navigation panel Figure 43 19 IGMP Interface Summary ...

Page 1208: ...che parameters and data for an IP multicast group address Group membership reports must have been received on the selected interface for data to display on the page To display the page click IPv4 Multicast IGMP Routing Interface Cache Information in the navigation panel Figure 43 20 IGMP Cache Information ...

Page 1209: ...lay detailed membership information for an interface Group membership reports must have been received on the selected interface for data to display information To display the page click IPv4 Multicast IGMP Routing Interface Source List Information in the navigation panel Figure 43 21 IGMP Interface Source List Information ...

Page 1210: ...e acts as proxy to all hosts residing on its router interfaces Use the Interface Configuration page to configure IGMP proxy for a VLAN interface You must have configured at least one VLAN routing interface before configuring or displaying data for an IGMP proxy interface and it should not be an IGMP routing interface To display the page click IPv4 Multicast IGMP Proxy Interface Interface Configura...

Page 1211: ...display proxy interface configurations by interface You must have configured at least one VLAN routing interface configured before data displays on this page To display the page click IPv4 Multicast IGMP Proxy Interface Configuration Summary in the navigation panel Figure 43 23 IGMP Proxy Configuration Summary ...

Page 1212: ...red at least one VLAN routing interface before you can display interface membership information and it should not be an IGMP routing interface Also if no group membership reports have been received on the selected interface no data displays on this page To display the page click IPv4 Multicast IGMP Proxy Interface Interface Membership Info in the navigation panel Figure 43 24 IGMP Proxy Interface ...

Page 1213: ...ne VLAN routing interface before you can display detailed interface membership information and it should not be an IGMP routing interface Also if no group membership reports have been received on the selected interface you cannot display data To display the page click IPv4 Multicast IGMP Proxy Interface Interface Membership Info Detailed in the navigation panel Figure 43 25 IGMP Proxy Interface Me...

Page 1214: ...e MLD and MLD proxy features on a PowerConnect M6220 M6348 M8024 M8024 k switch For details about the fields on a page click at the top of the page MLD Global Configuration Use the Global Configuration page to administratively enable and disable the MLD service To display the page click IPv6 Multicast MLD Global Configuration in the navigation panel Figure 43 26 MLD Global Configuration ...

Page 1215: ...ted IPv6 router interfaces to discover the presence of multicast listeners the nodes who wish to receive the multicast data packets on its directly attached interfaces To access this page click IPv6 Multicast MLD Routing Interface Interface Configuration in the navigation panel Figure 43 27 MLD Routing Interface Configuration ...

Page 1216: ...to display information and statistics on a selected MLD enabled interface You must configure at least one IGMP VLAN routing interface to access this page To access this page click IPv6 Multicast MLD Routing Interface Interface Summary in the navigation panel Figure 43 28 MLD Routing Interface Summary ...

Page 1217: ...eported to operational MLD routing interfaces You must configure at least one MLD VLAN routing interface to access this page Also group membership reports must have been received on the selected interface in order for data to be displayed here To access this page click IPv6 Multicast MLD Routing Interface Cache Information in the navigation panel Figure 43 29 MLD Routing Interface Cache Informatio...

Page 1218: ...interface You must configure at least one MLD VLAN routing interface to access this page Also group membership reports must have been received on the selected interface in order for data to be displayed here To access this page click IPv6 Multicast MLD Routing Interface Source List Information in the navigation panel Figure 43 30 MLD Routing Interface Source List Information ...

Page 1219: ...219 MLD Traffic The MLD Traffic page displays summary statistics on the MLD messages sent to and from the router To access this page click IPv6 Multicast MLD Routing Interface MLD Traffic in the navigation panel Figure 43 31 MLD Traffic ...

Page 1220: ...ership reports on one VLAN interface for MLD Membership reports received on all other MLD enabled VLAN routing interfaces Use the Interface Configuration page to enable and disable ports as MLD proxy interfaces To display this page click IPv6 Multicast MLD Proxy Interface Interface Configuration in the navigation panel Figure 43 32 MLD Proxy Interface Configuration ...

Page 1221: ...Summary Use the Configuration Summary page to view configuration and statistics on MLD proxy enabled interfaces To display this page click IPv6 Multicast MLD Proxy Interface Configuration Summary in the navigation panel Figure 43 33 MLD Proxy Configuration Summary ...

Page 1222: ...terface Membership Information page lists each IP multicast group for which the MLD proxy interface has received membership reports To display this page click IPv6 Multicast MLD Proxy interface Interface Membership Info in the navigation panel Figure 43 34 Interface Membership Information ...

Page 1223: ...ation Detailed page provides additional information about the IP multicast groups for which the MLD proxy interface has received membership reports To display this page click IPv6 Multicast MLD Proxy Interface Interface Membership Info Detailed in the navigation panel Figure 43 35 Interface Membership Information Detailed ...

Page 1224: ...e switch It is strongly recommended that IGMP be enabled on any switch on which IPv4 PIM is enabled and MLD be enabled on any switch for which IPv6 PIM is enabled This ensures that the multicast router behaves as expected To display the page click IPv4 Multicast PIM Global Configuration or IPv6 Multicast PIM Global Configuration in the navigation panel Figure 43 36 PIM DM Global Configuration NOTE...

Page 1225: ...Status Use the Global Status page to view the administrative status of PIM DM or PIM SM on the switch To display the page click IPv4 Multicast PIM Global Status or IPv6 Multicast PIM Global Status in the navigation panel Figure 43 37 PIM Global Status ...

Page 1226: ...e the Interface Configuration page to configure specific VLAN routing interfaces with PIM To display the page click IPv4 Multicast PIM Interface Configuration or IPv6 Multicast PIM Interface Configuration in the navigation panel Figure 43 38 PIM Interface Configuration ...

Page 1227: ... the Interface Summary page to display a PIM enabled VLAN routing interface interface and its settings To display the page click IPv4 Multicast PIM Interface Summary or IPv6 Multicast PIM Interface Summary in the navigation panel Figure 43 39 PIM Interface Summary ...

Page 1228: ...figured rendezvous points RPs for each port using PIM To access the page click IPv4 Multicast PIM Candidate RP Configuration or IPv6 Multicast PIM Candidate RP Configuration Figure 43 40 Candidate RP Configuration Adding a Candidate RP To add PIM Candidate rendezvous points RPs for each IP multicast group 1 Open the Candidate RP Configuration page 2 Click Add The Add Candidate RP page displays ...

Page 1229: ... be configured 4 Enter the group address transmitted in Candidate RP Advertisements 5 Enter the prefix length transmitted in Candidate RP Advertisements to fully identify the scope of the group which the router supports if elected as a Rendezvous Point 6 Click Apply Changes The new Candidate RP is added and the device is updated ...

Page 1230: ...e PIM domain uses the BSR to dynamically learn the RP configuring a static RP is not required However you can configure the static RP to override any dynamically learned RP from the BSR To access the page click IPv4 Multicast PIM Static RP Configuration or IPv6 Multicast PIM Static RP Configuration Figure 43 42 Static RP Configuration Adding a Static RP To add a static RP for the PIM router 1 Open...

Page 1231: ... of the RP for the group range 4 Enter the group address of the RP 5 Enter the group mask of the RP 6 Check the Override option to configure the static RP to override the dynamic candidate RPs learned for same group ranges 7 Click Apply The new Static RP is added and the device is updated ...

Page 1232: ...uter To display the page click IPv4 Multicast PIM SSM Range Configuration or IPv6 Multicast PIM SSM Range Configuration Figure 43 44 SSM Range Configuration Adding an SSM Range To add the Source Specific Multicast SSM Group IP Address and Group Mask IPv4 or Prefix Length IPv6 for the PIM router 1 Open the SSM Range Configuration page 2 Click Add The Add SSM Range page displays ...

Page 1233: ...SM Range check box to add the default SSM Range The default SSM Range is 232 0 0 0 8 for IPv4 multicast and ff3x 32 for IPv6 multicast 4 Enter the SSM Group IP Address 5 Enter the SSM Group Mask IPv4 or SSM Prefix Length IPv6 6 Click Apply The new SSM Range is added and the device is updated ...

Page 1234: ...n Use this page to configure information to be used if the interface is selected as a bootstrap router To display the page click IPv4 Multicast PIM BSR Candidate Configuration or IPv6 Multicast PIM BSR Candidate Configuration Figure 43 46 BSR Candidate Configuration ...

Page 1235: ...SR Candidate Summary Use this page to display information about the configured BSR candidates To display this page click IPv4 Multicast PIM BSR Candidate Summary or IPv6 Multicast PIM BSR Candidate Summary Figure 43 47 BSR Candidate Summary ...

Page 1236: ...click at the top of the page DVMRP Global Configuration Use the Global Configuration page to configure global DVMRP settings It is strongly recommended that IGMP be enabled on any switch on which DVMRP is enabled The use cases for enabling DVMRP without IGMP are few and enabling IGMP ensures that the multicast router behaves as expected To display the page click IPv4 Multicast DVMRP Global Configu...

Page 1237: ...RP interface Otherwise you see a message telling you that no router interfaces are available and the configuration screen is not displayed It is strongly recommended that IGMP be enabled on any interface on which DVMRP is enabled This ensures that the multicast router behaves as expected To display the page click IPv4 Multicast DVMRP Interface Configuration in the navigation panel Figure 43 49 DVM...

Page 1238: ...elected interface You must configure at least one VLAN routing interface before you can display data for a DVMRP interface Otherwise you see a message telling you that no VLAN router interfaces are available and the configuration summary screen is not displayed To display the page click IPv4 Multicast DVMRP Configuration Summary in the navigation panel ...

Page 1239: ...t 1239 Figure 43 50 DVMRP Configuration Summary DVMRP Next Hop Summary Use the Next Hop Summary page to display the next hop summary by Source IP To display the page click IPv4 Multicast DVMRP Next Hop Summary in the navigation panel ...

Page 1240: ...1240 Managing IPv4 and IPv6 Multicast Figure 43 51 DVMRP Next Hop Summary ...

Page 1241: ...6 Multicast 1241 DVMRP Prune Summary Use the Prune Summary page to display the prune summary by Group IP To display the page click IPv4 Multicast DVMRP Prune Summary in the navigation panel Figure 43 52 DVMRP Prune Summary ...

Page 1242: ... and IPv6 Multicast DVMRP Route Summary Use the Route Summary page to display the DVMRP route summary To display the page click IPv4 Multicast DVMRP Route Summary in the navigation panel Figure 43 53 DVMRP Route Summary ...

Page 1243: ...ess mask rpf address preference Create a static multicast route for a source range source address The IP address of the multicast data source mask The IP subnet mask of the multicast data source rpf address The IP address of the next hop towards the source preference The cost of the route Range 1 255 interface vlan vlan id Enter Interface Configuration mode for the specified VLAN ip mcast boundary...

Page 1244: ...guration settings such as flags timer settings incoming and outgoing interfaces RPF neighboring routers and expiration times of all the entries in the multicast mroute table containing the groupipaddr value show ip mcast mroute source sourceipaddr summary groupipaddr View the multicast configuration settings such as flags timer settings incoming and outgoing interfaces RPF neighboring routers and ...

Page 1245: ...e VLAN interface is not required preference The cost of the route Range 1 255 exit Exit to Privileged EXEC mode show ipv6 mroute detail summary View a summary or all the details of the multicast table show ipv6 mroute group groupipaddr detail summary View the multicast configuration settings such as flags timer settings incoming and outgoing interfaces RPF neighboring routers and expiration times ...

Page 1246: ...allows tuning of the interface that is tuning for the expected packet loss on a subnet If a subnet is expected to have significant loss the robustness variable may be increased for the interface The range for robustness is 1 255 ip igmp query interval seconds Configure the query interval for the specified interface The query interval determines how fast IGMP Host Query packets are transmitted on t...

Page 1247: ... Set the number of Group Specific Queries sent before the router assumes that there are no local members on the interface The range for count is 1 20 CTRL Z Exit to Privileged EXEC mode show ip igmp View system wide IGMP information show ip igmp interface vlan vlan id View IGMP information for all interfaces or for the specified interface show ip igmp interface stats vlan vlan id View IGMP statist...

Page 1248: ...bal configuration mode interface vlan vlan id Enter Interface Configuration mode for the specified VLAN ip igmp proxy Configure the interface as an IGMP proxy interface ip igmp proxy reset status Optional Reset the host interface status parameters of the IGMP Proxy ip igmp proxy unsolicit rprt interval seconds Configure the unsolicited report interval for the IGMP proxy interface The range for sec...

Page 1249: ...ed interface The query interval determines how fast MLD Host Query packets are transmitted on this interface The range for seconds is 0 3600 seconds ipv6 mld query max response time seconds Configure the maximum response time interval for the specified interface It is the maximum query response time advertised in MLD queries on this interface The range for seconds is 0 25 seconds ipv6 mld last mem...

Page 1250: ...nterface vlan vlan id View the registered multicast groups on the interface show ipv6 mld membership View the list of interfaces that have registered in any multicast group NOTE Configure only the upstream interface as the MLD proxy MLD should be enabled on all downstream interfaces IPv6 routing must be enabled on the switch for the MLD proxy feature to operate Command Purpose configure Enter glob...

Page 1251: ... This command displays information only when MLD Proxy is operational Command Purpose configure Enter global configuration mode ip routing Enable ip routing Routing is required for PIM to calculate where to prune the multicast trees ip pim dense Enable PIM DM on the switch ip igmp Enable IGMP IGMP is required for PIM to operate properly ip multicast Enable IPv4 IPv6 multicast routing interface vla...

Page 1252: ...ble IP routing Routing is required for PIM operation ipv6 unicast routing Enable IPv6 routing IPv6 routing is required for the operation of PIM ipv6 pim dense Enable PIM DM on the switch ip multicast Enable IPv6 IPv6 multicast routing ip igmp Enable IGMP IGMP is required for PIM to operate properly interface vlan vlan id Enter Interface Configuration mode for the specified VLAN ipv6 pim Enable PIM...

Page 1253: ...ulticast 1253 show ipv6 pim interface vlan vlan id View the PIM information for the specified interface show ipv6 pim neighbor interface vlan vlan id all View a summary or all the details of the multicast table Command Purpose ...

Page 1254: ... mask length priority interval interval Configure the switch to announce its candidacy as a bootstrap router BSR vlan id A valid VLAN ID hash mask length The length of a mask that is to be ANDed with the group address before the hash function is called All groups with the same seed hash correspond to the same RP For example if this value is 24 only the first 24 bits of the group addresses matter T...

Page 1255: ...hat if there is a conflict the RP configured with this command prevails over the RP learned by BSR ip pim ssm default group address group mask Define the Source Specific Multicast SSM range of IP multicast addresses default Defines the SSM range access list to 232 0 0 0 8 group address group mask defines the SSM range interface vlan vlan id Enter Interface Configuration mode for the specified VLAN...

Page 1256: ... groupaddr View the RP router being selected for the specified multicast group address from the set of active RP routers The RP router for the group is selected by using a hash algorithm show ip pim bsr router candidate elected View the bootstrap router BSR information show ip pim rp mapping View group to RP mappings of which the router is aware either configured or learned from the BSR Command Pu...

Page 1257: ...onal Indicates the BSR candidate advertisement interval The range is from 1 to 16383 seconds The default value is 60 seconds ipv6 pim rp candidate vlan vlan id group address prefix length interval interval Configure the router to advertise itself to the BSR router as a PIM candidate Rendezvous Point RP for a specific multicast group range vlan id A valid VLAN ID group address prefix length Group I...

Page 1258: ... sending PIM hello messages on the interface ipv6 pim bsr border Prevent bootstrap router BSR messages from being sent or received through the interface ipv6 pim dr priority priority Set the priority value for which a router is elected as the designated router DR The election priority range is 0 2147483647 ipv6 pim join prune interval interval Configure the interface join prune interval for the PI...

Page 1259: ...lticast group address from the set of active RP routers The RP router for the group is selected by using a hash algorithm show ipv6 pim bsr router View the bootstrap router BSR information show ipv6 pim rp mapping View group to RP mappings of which the router is aware either configured or learned from the BSR Command Purpose ...

Page 1260: ...ng interface ip dvmrp Enable DVMRP on the interface ip dvmrp metric metric Configure the metric range 1 31 for an interface This value is used in the DVMRP messages as the cost to reach this network exit Exit to Privileged EXEC mode show ip dvmrp interface vlan vlan id View the multicast information for the specified interface show ip dvmrp neighbor View neighbor information for DVMRP show ip dvmr...

Page 1261: ...enabled on the switch and interfaces to manage the multicast routing VLAN 10 is statically configured as the RP for the multicast group The configuration in this example takes place on L3 switch A shown in Figure 43 54 The red arrows indicate the path that multicast traffic takes L3 Switch A is configured as the RP for the PIM domain so it is in charge of sending the multicast stream to L3 Switch ...

Page 1262: ...r switches OSPF is configured to route unicast traffic between the VLANs and PIM is enabled to rout multicast traffic between the two VLANs Since IGMP snooping is enabled by default on all VLANs no commands to enable it appear in the example below To configure Switch A 1 Create the two VLANs IGMP MLD Snooping is disabled globally Port 23 Port 24 L3 Switch A PIM RP Video Server VLAN 10 Members VLAN...

Page 1263: ... config router router id 3 3 1 1 console config router exit 4 Configure VLAN 10 as a VLAN routing interface and specify the OSPF area When you assign an IP address to the VLAN routing is automatically enabled console config interface vlan 10 console config if vlan10 ip address 192 168 10 4 255 255 255 0 console config if vlan10 ip ospf area 0 5 Enable IGMPv2 and PIM SM on the VLAN routing interfac...

Page 1264: ...nsole config ip igmp console config ip pim sparse 9 Configure VLAN 10 as the RP and specify the range of multicast groups for PIM SM to control The 239 9 x x address is chosen as it is a locally administered address that maps to MAC addresses that do not conflict with control plane protocols console config ip pim rp address 192 168 10 4 239 9 0 0 255 255 0 0 ...

Page 1265: ...r it is recommended that it be enabled to ensure correct operation of multicast routing Disable IGMP MLD snooping console config ip igmp console config no ip igmp snooping console config no ipv6 mld snooping 3 Globally enable DVMRP console config ip dvmrp 4 Enable DVMRP and IGMP on VLAN routing interfaces 10 and 20 console config interface vlan 10 console config if vlan10 ip address 192 168 10 1 2...

Page 1266: ...1266 Managing IPv4 and IPv6 Multicast ...

Page 1267: ...task USB etc bcmATP RX bcmATP TX BCM system task Acknowledged Transport Protocol bcmCNTR 0 BCM system task SDK Statistics collection bcmDISC BCM system task SDK Discovery task bcmDPC BCM system task SDK DPC task bcmL2X 0 BCM system task SDK L2 SOC shadow table maintenance bcmLINK 0 BCM system task SDK Physical link status monitor bcmNHOP BCM system task SDK transport Next Hop task bcmRLINK BCM sys...

Page 1268: ...tor Update task cliWebIORedirectTask CLI Web IO Redirection Task cmgrInsertTask Card Manager Insertion Handler cmgrTask Card Manager Status built in and plug in card configuration processing Cnfgr_Thread Configurator startup manager CP Wired If Captive Portal cpuUtilMonitorTask CPU Utilities monitor DapiDebugTask Device API debug processing DHCP Server Processing Task DHCP snoop dhcpsPingTask DHCP...

Page 1269: ...tlAddrTask dtlTask Device Transform Layer Silicon Integration Layer dvmrpMapTask DVMRP Mapping Layer Dynamic ARP Inspection Dynamic ARP Inspection task EDB Entity MIB Processing task EDB Trap Entity MIB Trap task emWeb UI processing task envMonTask Environment Monitor fans power supplies temperature fdbTask Forwarding Data Base Manager fftpTask FTP processing gccp_t GARP Central Control Point task...

Page 1270: ...k ip6MapLocalDataTask ip6MapNbrDiscTask ip6MapProcessingTask ip6MapRadvdTask ipcom_sysl IpHelperTask ipMapForwardingTask ipMapProcessingTask ipnetd IP Stack iscsiTask ISCSI task isdpTask ISDP task lldpTask LLDP task LOG System LOG processing LOGC System LOG processing MAC Age Task MAC address table aging MAC Send Task MAC address table learning macalTask Management ACL packet processing Table 44 1...

Page 1271: ...sk pimsmMapTask PIMSM task pingAsync Ping response processing pktRcvrTask Multicast control plane packet receiver dispatch pmlTask Port MAC Locking management task portAggTask Port Aggregator task radius_rx_task radius_task RADIUS server tasks ripMapProcessingTask RIP Mapping layer RLIM cnfgr task VRRP configuration RLIM task VRRP message processing RMONTask RMON Statistics Collection serialInput ...

Page 1272: ...cket processing sshdEvTask SSH task ssltTask SSL task Stk Mgr Task Stack Manager Task tacacs_rx_task tacacs_task TACACS tasks tArpCallback tArpReissue ARP tasks tArpTimerExp ARP Timer Expiry tCpktSvc NSF Processing tCptvPrtl Captive portal control plane processing tDhcp6sTask tDhcpsTask DHCP Tasks tEmWeb Web page server tErfTask VxWorks Task tExcTask VxWorks Executive TimeRange Processing Task ACL...

Page 1273: ...cessing tTffsPTask VxWorks True Flash File System driver tXbdService VxWorks flash file system load leveler usbFlashDriveTask USB Flash driver processing umCfgUpdateTask umWorkerTask unitMgrTask Stack Management Unit Manager tasks USL Worker Task USL Message processing primarily MAC address table CLI commands UtilTask Mgmt UI login logout processing voipTask Voice Over IP VRRPdaemon VRRP task Tabl...

Page 1274: ...1274 System Process Definitions ...

Page 1275: ...ime based 555 web based configuration 530 ACLs See also IP ACL IPv6 ACL and MAC ACL active images 341 address table See MAC address table administrative profiles 185 defaults 204 RADIUS authorization 195 TACACS authorization 192 alternate store and forward 66 ARP 77 dynamic ARP inspection 65 ARP inspection see DAI ARP table configuring CLI 924 configuring web 914 authentication 183 examples 187 au...

Page 1276: ... auto provisioning iSCSI 413 Auto VoIP and ACLs 1172 B back pressure 67 banner CLI 290 BOOTP DHCP relay agent 78 BPDU filtering 75 636 flooding 636 guard 75 protection 638 bridge multicast address groups configuring 718 bridge multicast group table 717 bridge table 861 broadcast storm control See storm control C cable test 207 217 captive portal 63 CLI configuration 453 client management 458 confi...

Page 1277: ... defined 335 DHCP auto configuration 360 downloading 338 editing 338 SNMP 339 configuration scripts 338 354 configuration saving the 339 Configuring 883 connectivity fault management See IEEE 802 1ag console port connecting to 107 copy files 346 CoS and iSCSI 410 and PFC 839 CLI configuration 1164 configuration example 1168 defaults 1156 defined 1153 queue management methods 1155 traffic queues 11...

Page 1278: ... default VLAN 136 OOB port 136 DHCP relay 71 885 CLI configuration 949 defaults 937 example 953 layer 2 932 layer 3 931 understanding 931 VLAN 933 web based configuration 938 DHCP server 56 address pool configuration 902 CLI configuration 898 defaults 885 examples 902 leases 137 options 884 web based configuration 886 DHCP snooping 65 885 bindings database 783 defaults 787 example 815 logging 784 ...

Page 1279: ...rv 81 discovery device 659 document conventions 50 domain name server 132 domain name default 133 Dot1x 63 dot1x authentication 184 double VLAN tagging 566 downloading files 342 DSCP value and iSCSI 411 dual images 56 dual IPv4 and IPv6 template 248 Duplex mode 88 DVMRP 84 defaults 1195 example 1265 understanding 1193 web based configuration 1236 when to use 1194 dynamic ARP inspection 65 dynamic ...

Page 1280: ...based 340 file system 340 files and stacking 339 downloading to the switch 337 types 333 uploading from the switch 337 filter assignments authentication server 514 filter DiffServ 489 FIP snooping 854 enabling and disabling 854 firmware managing 337 updating the stack 152 upgrade example 351 firmware synchronization stacking 152 flow control configuring 698 default 690 838 understanding 688 flow b...

Page 1281: ...s 765 example 778 MEPs and MIPs 763 troubleshooting tasks 766 understanding 761 IEEE 802 1d 74 IEEE 802 1Q 72 IEEE 802 1Qaz 847 IEEE 802 1X 63 and DiffServ 489 authentication 63 configuring 504 defined 482 monitor mode 64 487 501 port authentication 499 port states 483 RADIUS assigned VLANs 502 reauthenticating ports 492 VLAN assignment 485 IEEE 802 1x authentication 184 IEEE 802 3x See flow contr...

Page 1282: ...8 933 IP multicast traffic layer 2 704 layer 3 1178 IP protocol numbers common 529 IP routing CLI configuration 923 defaults 909 example 928 understanding 907 web based configuration 911 IP source guard 65 IPSG and port security 785 example 817 purpose 787 understanding 785 IPv4 and IPv6 networks interconnecting 1030 IPv4 multicast web based configuration 1197 IPv4 routing template 248 IPv6 compar...

Page 1283: ...DP 58 CLI configuration 678 configuring 679 enabling 679 example 683 understanding 659 web based configuration 663 J jumbo frames 67 L LACP 75 adding a LAG port 828 CLI configuration 833 web based configuration 825 LAG and port aggregator 247 and STP 822 CLI configuration 830 defaults 823 examples 834 guidelines configuration 823 interaction with other features 822 LACP 75 purpose 820 static and d...

Page 1284: ...55 log server remote 223 logging ACL 526 CLI configuration 231 considerations 211 defaults 211 destination for log messages 208 example 238 file 222 log message format 210 operation logs 209 severity levels 209 system startup logs 209 trap log 318 web based configuration 213 loopback 79 loopback interface configuring 881 purpose 871 understanding 868 LSA OSPF 957 M M6348 and stacking 149 MAC ACL e...

Page 1285: ...w based 1139 MLD 85 defaults 1195 understanding 1182 web based configuration 1214 MLD snooping 83 defaults 714 787 understanding 707 VLAN configuration 751 mode interface configuration 466 simple 245 module CX 4 250 monitor mode IEEE 802 1X 487 monitoring system information 207 MSTP example 657 operation in the network 631 support 74 understanding 629 MTU configuring 477 MTU management interface 1...

Page 1286: ...ion 136 default 127 defined 123 example 140 purpose 124 web based configuration 128 network pool DHCP 889 nonstop forwarding see NSF NSF and DHCP snooping 176 and routed access 179 and the storage access network 177 and VoIP 175 in the data center 174 network design considerations 156 understanding 153 numbering ports 114 O OAM 761 OOB port 92 128 DHCP client 136 OpenManage Switch Administrator ab...

Page 1287: ...guration 1224 IPv6 web based configuration 1224 PIM DM using 1192 PIM SM using 1183 SSM range 1232 understanding 1183 plug in modules configuring 250 port access control 494 characteristics 463 configuration examples 479 configuring multiple 471 defaults 469 defined 463 device view features 106 example 479 locking 519 OOB 92 protected 66 694 699 statistics 395 traffic control 687 837 port aggregat...

Page 1288: ...d VLAN 564 Q QoS CoS queuing diffserv 81 queues CoS 1155 R RADIUS 61 and DiffServ 489 authentication 190 authorization 195 for management access control 196 supported attributes 198 understanding 196 RAM log 221 real time clock 244 redirect ACL 525 relay agent DHCPv6 1106 relay DHCP 931 remote logging 234 RIP 78 CLI configuration 1051 defaults 1045 determining route information 1043 example 1055 s...

Page 1289: ...le best routes 918 configuring 926 IPv6 1099 1101 RSTP understanding 629 running config saving 339 S save system settings 339 SDM template configuration guidelines 249 managing 284 understanding 248 SDM templates 57 security port defined 518 port based CLI configuration 499 defaults 490 518 examples 504 web based configuration 491 sFlow 58 CLI management 399 defaults 374 example 405 understanding ...

Page 1290: ...defaults 157 defined 143 design consideration 156 failover 60 failover example 170 failover initiating 154 features 59 file management 339 firmware synchronization 152 firmware update 152 MAC address table 862 MAC addresses 156 NSF usage scenario 169 preconfiguration 172 purpose 157 removing a switch 152 standby 153 switch compatibility 149 web based configuration 158 static reject route 908 stati...

Page 1291: ...254 system time 249 T TACACS 61 authentication 188 authorization 191 192 management access control 201 supported attributes 202 understanding 201 tagging VLAN 565 telnet configuration options 62 connecting to the switch 108 TFTP image download 347 time domain reflectometry 217 time management 55 time range 549 time zone 279 time setting the system 295 time based ACLs 526 555 traffic class queue 41...

Page 1292: ...4 RADIUS assigned 513 routing 77 routing interfaces 867 879 static 564 support 71 switchport modes 564 trunk port 600 understanding 561 voice 72 569 voice traffic 569 voice example 625 voice understanding 568 web based configuration 579 VLAN membership defining 579 VLAN priority tag and iSCSI 411 VLAN routing 867 870 VLAN tagging 565 VLANs dynamically created 513 RADIUS assigned 513 voice traffic ...

Page 1293: ...058 route and interface tracking example 1076 route tracking 1059 router priority 1058 understanding 1057 web based configuration 1062 W web based configuration 102 web based interface understanding 103 writing to memory 339 ...

Page 1294: ...1294 Index ...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands