Extreme Networks Summit Summit24 Installation And User Manual Download Page 94 | Manualshive

Page: 94 / 244

background image

94

Summit24e3 Switch Installation and User Guide

Access Policies

How Access Control Lists Work

When a packet arrives on an ingress port, the fields of the packet corresponding to an access mask are
compared with the values specified by the associated access lists to determine a match.

It is possible that a packet will match more than one access control list. If the resulting actions of all the
matches do not conflict, they will all be carried out. If there is a conflict, the actions of the access list
using the higher precedence access mask are applied. When a match is found, the packet is processed. If
the access list is of type deny, the packet is dropped. If the list is of type permit, the packet is
forwarded. A permit access list can also apply a QoS profile to the packet and modify the packet’s
802.1p value and the DiffServe code point.

Access Mask Precedence Numbers

The access mask precedence number is optional, and determines the order in which each rule is
examined by the switch. Access control list entries are evaluated from highest precedence to lowest
precedence. Precedence numbers range from 1 to 25,600, with the number 1 having the highest precedence.
However, an access mask without a precedence specified has a higher precedence than any access mask
with a precedence specified. The first access mask defined without a specified precedence has the
highest precedence. Subsequent masks without a specified precedence have a lower precedence, and so
on.

Specifying a Default Rule

You can specify a default access control list to define the default access to the switch. You should use an
access mask with a low precedence for the default rule access control list. If no other access control list
entry is satisfied, the default rule is used to determine whether the packet is forwarded or dropped. If
no default rule is specified, the default behavior is to forward the packet.

NOTE

If your default rule denies traffic, you should not apply this rule to the Summit24e3 port used as a
management port.

The following example shows an access control list that is used to specify an default rule to explicitly
deny all traffic:

create access-mask ingress_mask ports precedence 25000

create acess-list DenyAll ingress_mask ports 2-26 deny

Once the default behavior of the access control list is established, you can create additional entries using
precedence numbers.

The following access control list example shows an access control list that will forward traffic from the
10.1.2.x subnet even while the above default rule is in place:

create access-mask ip_src_mask source-ip/24 precedence 1000

create access-list TenOneTwo ip_src_mask source-ip 10.1.2.0/24 permit

«
...
92
93
94
95
96
...
»

Summary of Contents for Summit Summit24

Page 1: ...rks Inc 3585 Monroe Street Santa Clara California 95051 888 257 3000 http www extremenetworks com Summit24e3 Switch Installation and User Guide Software Version 2 0 Published August 2002 Part number 100102 00 Rev 02 ...

Page 2: ...me Turbodrive logo is a service mark of Extreme Networks which may be registered or pending registration in certain jurisdictions Specifications are subject to change without notice NetWare and Novell are registered trademarks of Novell Inc Merit is a registered trademark of Merit Network Inc Solaris is a trademark of Sun Microsystems Inc F5 BIG ip and 3DNS are registered trademarks of F5 Networks...

Page 3: ... Summit24e3 Switch Rear View 21 Power Socket 21 Serial Number 21 MAC Address 21 Summit24e3 Switch LEDs 21 Port Connections 22 Full Duplex 22 Mini GBIC Type and Hardware Software Support 22 Mini GBIC Type and Specifications 22 Safety Information 23 Chapter 2 Switch Installation Determining the Switch Location 25 Following Safety Information 26 Installing the Switch 26 Rack Mounting 26 Free Standing...

Page 4: ... Tree Protocol 34 Quality of Service 35 Unicast Routing 35 Load Sharing 35 ESRP Aware Switches 35 Software Licensing 36 Feature Licensing 36 Security Licensing 37 Obtaining a Security License 37 Security Features Under License Control 37 Software Factory Defaults 38 Chapter 4 Accessing the Switch Understanding the Command Syntax 39 Syntax Helper 40 Command Shortcuts 40 Summit24e3 Switch Numerical ...

Page 5: ...Settings 55 Authenticating Users 56 RADIUS Client 56 Configuring TACACS 60 Using Network Login 62 Using Network Login in Campus Mode 62 Using Network Login in ISP Mode 65 DHCP Server on the Switch 66 Network Login Configuration Commands 66 Displaying Network Login Settings 66 Disabling Network Login 67 Using the Simple Network Time Protocol 67 Configuring and Using SNTP 67 SNTP Configuration Comma...

Page 6: ...guring VLANs on the Switch 85 VLAN Configuration Commands 85 VLAN Configuration Examples 86 Displaying VLAN Settings 86 Chapter 8 Forwarding Database FDB Overview of the FDB 87 FDB Contents 87 FDB Entry Types 87 How FDB Entries Get Added 88 Associating a QoS Profile with an FDB Entry 88 Configuring FDB Entries 88 FDB Configuration Examples 90 Displaying FDB Entries 90 Chapter 9 Access Policies Ove...

Page 7: ...ying Access Profiles 105 Routing Access Policies for RIP 105 Routing Access Policies for OSPF 107 Making Changes to a Routing Access Policy 108 Removing a Routing Access Policy 108 Routing Access Policy Commands 109 Chapter 10 Network Address Translation NAT Overview 111 Internet IP Addressing 112 Configuring VLANs for NAT 112 NAT Modes 113 Configuring NAT 114 Configuring NAT Rules 114 Creating NA...

Page 8: ...pplications and Types of QoS 134 Voice Applications 134 Video Applications 134 Critical Database Applications 134 Web Browsing Applications 135 File Server Applications 135 Configuring QoS for a Port or VLAN 135 Traffic Groupings 136 Access List Based Traffic Groupings 136 MAC Based Traffic Groupings 137 Explicit Class of Service 802 1p and DiffServ Traffic Groupings 138 Configuring DiffServ 140 P...

Page 9: ...60 STPD BPDU Tunneling 160 STP Configurations 160 Configuring STP on the Switch 162 STP Configuration Example 165 Displaying STP Settings 165 Disabling and Resetting STP 165 Chapter 15 IP Unicast Routing Overview of IP Unicast Routing 167 Router Interfaces 168 Populating the Routing Table 168 Subnet Directed Broadcast Forwarding 170 Proxy ARP 170 ARP Incapable Devices 170 Proxy ARP Between Subnets...

Page 10: ...e Advertisement of VLANs 185 RIP Version 1 Versus RIP Version 2 185 Overview of OSPF 186 Link State Database 186 Areas 187 Point to Point Support 190 Route Re Distribution 191 Configuring Route Re Distribution 191 OSPF Timers and Authentication 192 Configuring RIP 192 RIP Configuration Example 195 Displaying RIP Settings 196 Resetting and Disabling RIP 196 Configuring OSPF 197 Configuring OSPF Wai...

Page 11: ...onfiguration Changes 219 Returning to Factory Defaults 219 Using TFTP to Upload the Configuration 219 Using TFTP to Download the Configuration 221 Downloading a Complete Configuration 221 Downloading an Incremental Configuration 221 Scheduled Incremental Configuration Download 222 Remember to Save 222 Upgrading and Accessing BootROM 222 Upgrading BootROM 222 Accessing the BootROM menu 223 Boot Opt...

Page 12: ...12 Contents Summit24e3 Switch Installation and User Guide Index Index of Commands ...

Page 13: ...ll TCP and UDP traffic 101 14 Access list allows TCP traffic 102 15 Host A initiates a TCP session to host B 102 16 Permit established access list filters out SYN packet to destination 103 17 ICMP packets are filtered out 103 18 RIP access policy example 106 19 OSPF access policy example 108 20 NAT Overview 111 21 Gigabit Ethernet fiber EAPS MAN ring 120 22 EAPS operation 121 23 EAPS fault detecti...

Page 14: ...14 Figures Summit24e3 Switch Installation and User Guide ...

Page 15: ...s 55 15 RADIUS Commands 57 16 TACACS Commands 61 17 Network Login Configuration Commands 66 18 Greenwich Mean Time Offsets 68 19 SNTP Configuration Commands 69 20 Switch Port Commands 72 21 Switch Port Mirroring Configuration Commands 76 22 EDP Commands 77 23 VLAN Configuration Commands 85 24 FDB Configuration Commands 89 25 Access Control List Configuration Commands 97 26 Routing Access Policy Co...

Page 16: ...ration Commands 163 46 STP Disable and Reset Commands 165 47 Relative Route Priorities 171 48 Basic IP Commands 173 49 Route Table Configuration Commands 174 50 ICMP Configuration Commands 175 51 Router Show Commands 178 52 Router Reset and Disable Commands 178 53 UDP Forwarding Commands 181 54 LSA Type Numbers 186 55 OSPF Link Types 190 56 RIP Configuration Commands 192 57 RIP Show Commands 196 5...

Page 17: ...tors who are responsible for installing and setting up network equipment It assumes a basic working knowledge of Local area networks LANs Ethernet concepts Ethernet switching and bridging concepts Routing concepts Internet Protocol IP concepts Simple Network Management Protocol SNMP NOTE If the information in the release notes shipped with your switch differs from the information in this guide fol...

Page 18: ...splays This typeface indicates command syntax or represents information as it appears on the screen The words enter and type When you see the word enter in this guide you must type something and then press the Return or Enter key Do not press the Return or Enter key when an instruction simply says type Key names Key names are written with brackets such as Return or Esc If you must press two or mor...

Page 19: ...Q and IEEE 802 1p Spanning Tree Protocol STP IEEE 802 1D Quality of Service QoS including support for IEEE 802 1p MAC QoS and four hardware queues Wire speed Internet Protocol IP routing DHCP BOOTP Relay Network Address Translation NAT Extreme Standby Router Protocol ESRP Aware support Ethernet Automated Protection Switching EAPS support Routing Information Protocol RIP version 1 and RIP version 2...

Page 20: ...witch front view The Summit24e3 switch has 24 autosensing 10BASE T 100BASE TX ports using RJ 45 connectors and provides two unpopulated Extreme mini GBIC ports using LC connectors You can use the 1000BASE SX mini GBIC in the Summit24e3 switch Console Port Use the console port 9 pin D type connector for connecting a terminal and carrying out local management Reset Button The reset button is used to...

Page 21: ... down to 90 V Serial Number Use this serial number for fault reporting purposes MAC Address This label shows the unique Ethernet MAC address assigned to this device NOTE The Summit24e3 switch certification and safety label is located on the bottom of the switch Summit24e3 Switch LEDs Table 3 describes the light emitting diode LED behavior on the Summit24e3 switch Table 3 Summit24e3 Switch LED Beha...

Page 22: ...switch supports the SFP GBIC also known as the mini GBIC The system uses identifier bits to determine the media type of the mini GBIC that is installed The Summit24e3 supports only the mini GBIC This section describes the mini GBIC type and specifications Mini GBIC Type and Specifications Table 4 describes the mini GBIC type and distances for the Summit24e3 switch 10 100 Mbps Port Status LEDs Colo...

Page 23: ... GBIC installed in your switch To correct this problem make sure you install an Extreme supported mini GBIC into the port on the switch Remove the LC fiber optic connector from the mini GBIC prior to removing the mini GBIC from the switch Table 4 Mini GBIC Types and Distances Standard Media Type Mhz Km Rating Maximum Distance Meters 1000BASE SX 850 nm optical window 50 125 µm multimode fiber 50 12...

Page 24: ...24 Summit24e3 Switch Installation and User Guide Summit24e3 Switch Overview ...

Page 25: ...in hazardous radiation exposure Determining the Switch Location The Summit24e3 switch is suited for use in the office where it can be free standing or mounted in a standard 19 inch equipment rack Alternately the device can be rack mounted in a wiring closet or equipment room Two mounting brackets are supplied with the switch When deciding where to install the switch ensure that The switch is acces...

Page 26: ...desk or to attach the switch to a wall To rack mount the Summit24e3 switch 1 Place the switch upright on a hard flat surface with the front facing you 2 Remove the existing screws from the sides of the case retain the screws for Step 4 3 Locate a mounting bracket over the mounting holes on one side of the unit 4 Insert the screws and fully tighten with a suitable screwdriver as shown in Figure 3 F...

Page 27: ...o the console port is used for direct local management The switch console port settings are set as follows Baud rate 9600 Data bits 8 Stop bit 1 Parity None Flow control None NOTE If you set the switch console port flow control to XON XOFF rather than None you will be unable to access the switch Do not set the switch console port flow control to XON XOFF The terminal connected to the console port ...

Page 28: ... Checking the Installation After turning on power to the Summit24e3 switch the device performs a Power On Self Test POST RTS request to send 7 Out CTS clear to send 8 In Table 6 Console Connector Pinouts Function Pin Number Direction Screen TxD RxD Ground RTS CTS DSR DCD DTR Cable connector 9 pin female Summit Cable connector 25 pin male female PC Terminal Screen RxD TxD Ground RTS DTR CTS DSR DCD...

Page 29: ... 2 At your terminal press Return one or more times until you see the login prompt 3 At the login prompt enter the default user name admin to log on with administrator privileges For example login admin Administrator capabilities allow you to access all switch functions NOTE For more information on switch security see Chapter 4 Accessing the Switch 4 At the password prompt press Return The default ...

Page 30: ...e the LC fiber optic connector from the mini GBIC prior to removing the mini GBIC from the switch Preparing to Install or Replace a Mini GBIC To ensure proper installation complete the following tasks before inserting the mini GBIC Disable the port that is needed to install or replace the mini GBIC Inspect and clean the fiber tips coupler and connectors Prepare and clean an external attenuator if ...

Page 31: ...g Mini GBIC port status LED on your Summit24e3 switch you do not have an Extreme supported mini GBIC installed in your switch To correct this problem make sure you install an Extreme supported mini GBIC into the port on the switch To remove the mini GBIC connector labeled Module A gently squeeze the sides to release it and pull the mini GBIC out of the slot To remove the mini GBIC connector labele...

Page 32: ...32 Summit24e3 Switch Installation and User Guide Switch Installation ...

Page 33: ...g support for IEEE 802 1Q and IEEE 802 1p Spanning Tree Protocol STP IEEE 802 1D Quality of Service QoS including support for IEEE 802 1p MAC QoS and four hardware queues Wire speed Internet Protocol IP routing DHCP BOOTP Relay Network Address Translation NAT Extreme Standby Router Protocol ESRP Aware support Ethernet Automated Protection Switching EAPS support Routing Information Protocol RIP ver...

Page 34: ...ntages They help to control broadcast traffic If a device in VLAN Marketing transmits a broadcast frame only VLAN Marketing devices receive the frame They provide extra security Devices in VLAN Marketing can only communicate with devices on VLAN Sales using routing services They ease the change and movement of devices on networks NOTE For more information on VLANs see Chapter 7 Virtual LANs VLANs ...

Page 35: ...cast Routing Load Sharing Load sharing allows you to increase bandwidth and resiliency by using a group of ports to carry traffic in parallel between systems The sharing algorithm allows the switch to use multiple ports as a single logical port For example VLANs see the load sharing group as a single virtual port The algorithm also guarantees packet sequencing between clients NOTE For information ...

Page 36: ...ns describe the features that are associated with license keys Feature Licensing Summit24e3 switches support software licensing for different levels of functionality In ExtremeWare version 6 2e 1 release 2 0 for the Summit24e3 platform and above feature support is separated into two sets Edge and Advanced Edge Edge is a subset of Advanced Edge Edge Functionality Edge functionality requires no lice...

Page 37: ...treme Networks Support website at http www extremenetworks com support techsupport asp or by phoning Extreme Networks Technical Support at 800 998 2408 408 579 2826 Security Licensing Certain additional ExtremeWare security features such as the use of Secure Shell SSH2 encryption may be under United States export restriction control Extreme Networks ships these security features in a disabled stat...

Page 38: ...ON Disabled BOOTP Enabled on the default VLAN default QoS All traffic is part of the default queue 802 1p priority Recognition enabled 802 3x flow control Enabled on Gigabit Ethernet ports Virtual LANs Two VLANs predefined VLAN named default contains all ports and belongs to the STPD named s0 802 1Q tagging All packets are untagged on the default VLAN default Spanning Tree Protocol Disabled for th...

Page 39: ...e privilege level Most configuration commands require you to have the administrator privilege level To use the command line interface CLI follow these steps 1 Enter the command name If the command does not include a parameter or values skip to step 3 If the command requires more information continue to step 2 2 If the command includes a parameter enter the parameter name and values 3 The value par...

Page 40: ...ers NOTE When using abbreviated syntax you must enter enough characters to make the command unambiguous and distinguishable to the switch Command Shortcuts All named components of the switch configuration must have a unique name Components are named using the create command When you enter a command to configure a named component you do not need to use the keyword of the component For example to cr...

Page 41: ...lues or arguments can be specified For example in the syntax use image primary secondary you must specify either the primary or secondary image when entering the command Do not type the square brackets vertical bar Separates mutually exclusive items in a list one of which must be entered For example in the syntax config snmp community read only read write string you must specify either the read or...

Page 42: ...t end of command Ctrl N or Down Arrow Displays next command in command history buffer and places cursor at end of command Table 10 Common Commands Command Description clear session number Terminates a Telnet session from the switch config account username encrypted password Configures a user account password Passwords must have a minimum of 1 character and can have a maximum of 32 characters User ...

Page 43: ...atic Daylight Savings Time change The default setting is autodst config vlan name ipaddress ip_address mask Configures an IP address and subnet mask for a VLAN create account admin user username encrypted password Creates a user account This command is available to admin level users and to users with RADIUS command authorization The username is between 1 and 32 characters the password is between 0...

Page 44: ...rposes The default setting is enabled enable clipaging Enables pausing of the screen display when show command output reaches the end of the page The default setting is enabled enable idletimeouts Enables a timer that disconnects all sessions both Telnet and console after 20 minutes of inactivity The default setting is disabled enable ssh2 port tcp_port_number Enables SSH2 Telnet sessions By defau...

Page 45: ...ith a sign For example Summit24e3 18 Prompt Text The prompt text is taken from the SNMP sysname setting The number that follows the colon indicates the sequential line command number If an asterisk appears in front of the command line prompt it indicates that you have outstanding configuration changes that have not been saved For example Summit24e3 19 Default Accounts By default the switch is conf...

Page 46: ...he prompt NOTE If you forget your password while logged out of the command line interface contact your local technical support representative who will advise on your next course of action Creating a Management Account The switch can have a total of 16 management accounts You can use the default names admin and user or you can create new names and passwords for the accounts Passwords can have a min...

Page 47: ...IP address of a hostname Table 12 describes the commands used to configure DNS Checking Basic Connectivity The switch offers the following commands for checking basic connectivity ping traceroute Table 12 DNS Commands Command Description config dns client add ipaddress Adds a DNS name server s to the available server list for the DNS client Up to three name servers can be configured config dns cli...

Page 48: ...ostname is the hostname of the destination endstation To use the hostname you must first configure DNS from uses the specified source address in the ICMP packet If not specified the address of the transmitting interface is used ttl configures the switch to trace up to the time to live number of the switch port uses the specified UDP port number Table 13 Ping Command Parameters Parameter Descriptio...

Page 49: ... page 67 Overview Using ExtremeWare you can manage the switch using the following methods Access the CLI by connecting a terminal or workstation with terminal emulation software to the console port Access the switch remotely using TCP IP through one of the switch ports Remote access includes Telnet using the CLI interface SSH2 using the CLI interface SNMP access using ExtremeWare Enterprise Manage...

Page 50: ... want to manage Check the user manual supplied with the Telnet facility if you are unsure of how to do this Once the connection is established you will see the switch prompt and you may log in Connecting to Another Host Using Telnet You can Telnet from the current CLI session to another host using the following command telnet ipaddress hostname port_number If the TCP port number is not specified t...

Page 51: ...d subnet mask to a VLAN The switch comes configured with a default VLAN named default To use Telnet or an SNMP Network Manager you must have at least one VLAN on the switch and it must be assigned an IP address and subnet mask IP addresses are always assigned to a VLAN The switch can be assigned multiple IP addresses NOTE For information on creating and configuring VLANs see Chapter 7 Virtual LANs...

Page 52: ...ric For example config iproute add default 123 45 67 1 7 Save your configuration changes so that they will be in effect after the next switch reboot by typing save 8 When you are finished using the facility log out of the switch by typing logout or quit Disconnecting a Telnet Session An administrator level account can disconnect a Telnet management session If this happens the user logged in by way...

Page 53: ...use SSH2 is currently under U S export restrictions before enabling SSH2 you must first obtain a security license from Extreme Networks The procedure for obtaining a security license key is described in Chapter 3 ExtremeWare Overview To enable SSH2 use the following command enable ssh2 port tcp_port_number An authentication key must be generated for each SSH2 session This can be done automatically...

Page 54: ...ed trap receiver can be one or more network management stations on your network The switch sends SNMP traps to all trap receivers You can have a maximum of 16 trap receivers configured for each switch Entries in this list can also be created modified and deleted using the RMON2 trapDestTable MIB variable as described in RFC 2021 Community strings The community strings allow a simple method of auth...

Page 55: ...imum of 127 characters and can be enclosed by double quotation marks config snmp delete trapreceiver ip_address community string all Deletes the IP address of a specified trap receiver or all authorized trap receivers config snmp syscontact string Configures the name of the system contact A maximum of 255 characters is allowed config snmp syslocation string Configures the location of the switch A ...

Page 56: ...r authentication The privileges assigned to the user admin versus nonadmin at the RADIUS server take precedence over the configuration in the local switch database Per Command Authentication Using RADIUS The RADIUS implementation can be used to perform per command authentication Per command authentication allows you to define several levels of user capabilities by controlling the permitted command...

Page 57: ...ng primary secondary server ipaddress hostname udp_port client ip ipaddress Configures the RADIUS accounting server Specify the following primary secondary Configure either the primary or secondary RADIUS server ipadress hostname The IP address or hostname of the server being configured udp_port The UDP port to use to contact the RADUIS server The default UDP port setting is 1646 client ip ipaddre...

Page 58: ...assword and service type information ClientCfg txt Client Name Key type version prefix 10 1 2 3 256 test type nas v2 pfx pm1 type nas pm1 pm2 type nas pm2 merit edu homeless hmoemreilte ses homeless testing type proxy v1 xyz merit edu moretesting type Ascend NAS v1 anyoldthing 1234 whoknows type NAS RAD_RFC ACCT_RFC 10 202 1 3 andrew linux type nas 10 203 1 41 eric type nas 10 203 1 42 eric type n...

Page 59: ...authentication enable the CLI authorization function and indicate a profile name for that user If authorization is enabled without specifying a valid profile the user is unable to perform any commands Next define the desired profiles in an ASCII configuration file called profiles This file contains named profiles of exact or partial strings of CLI commands A named profile is linked with a user thr...

Page 60: ...strative Profile Name Profile1 Filter Id unlim Extreme Extreme CLI Authorization Enabled lulu Password Service Type Administrative Profile Name Profile1 Filter Id unlim Extreme Extreme CLI Authorization Enabled gerald Password Service Type Administrative Profile Name Profile2 Filter Id unlim Extreme Extreme CLI Authorization Enabled Contents of the file profiles PROFILE1 deny enable disable ipforw...

Page 61: ...tify itself when communicating with the TACACS server config tacacs primary secondary shared secret encrypted string Configures the shared secret string used to communicate with the TACACS server config tacacs accounting primary secondary server ipaddress hostname udp_port client ip ipaddress Configures the TACACS accounting server You can use the same server for accounting and authentication conf...

Page 62: ...rt for authentication ISP mode ISP mode is used when the port and VLAN used will remain constant All network settings are configured for that VLAN These two network login modes have the following functional similarities Until authentication takes place ports on the VLAN are kept in a non forwarding state each mode requires the user to open a web browser with the IP address of the switch This is th...

Page 63: ... username is auto the permanent VLAN is corp and the URL to be redirected to is the Extreme Networks home page http 192 207 37 16 Configuring Campus Mode To configure the switch to use network login in campus mode follow these steps 1 Configure the switch as a RADIUS client See RADIUS Client on page 56 2 Configure a DHCP range for the port or ports in the VLAN on which you want to enable network l...

Page 64: ...lease Windows NT 2000 use the ipconfig command line utility Use the command ipconfig release to release the IP configuration and ipconfig renew to get the temporary IP address from the switch If you have more than one Ethernet adapter specify the adapter by using a number for the adapter following the ipconfig command You can find the adapter number using the command ipconfig all At this point the...

Page 65: ...ress Using Network Login in ISP Mode In ISP mode a RADIUS server might be used to provide user authentication No Extreme specific lines are required for the dictionary or the user file Configuring ISP Mode Configure the switch to use network login in ISP mode using this command enable netlogin ports portlist vlan name NOTE Network login is used on a per port per VLAN basis A port that is tagged ca...

Page 66: ... displays as not authenticated No packets sent by the user on port 9 will get past the port Table 17 Network Login Configuration Commands Command Description config vlan name dhcp address range ipaddress1 ipaddress2 Configures a set of DHCP addresses for a VLAN config vlan name dhcp lease timer lease timer Configures the timer value in seconds returned as part of the DHCP response config vlan name...

Page 67: ...nd Using SNTP To use SNTP follow these steps 1 Identify the host s that are configured as NTP server s Additionally identify the preferred method for obtaining NTP updates The options are for the NTP server to send out broadcasts or for switches using NTP to query the NTP server s directly A combination of both methods is possible You must identify the method that should be used for the switch bei...

Page 68: ...TP updates are distributed using GMT time To properly display the local time in logs and other timestamp information the switch should be configured with the appropriate offset to GMT based on geographical location Table 18 describes GMT offsets Table 18 Greenwich Mean Time Offsets GMT Offset in Hours GMT Offset in Minutes Common Time Zone References Cities 0 00 0 GMT Greenwich Mean UT or UTC Univ...

Page 69: ... 5 00 300 ZP5 Russia Zone 4 5 30 330 IST India Standard Time New Delhi Pune Allahabad India 6 00 360 ZP6 Russia Zone 5 7 00 420 WAST West Australian Standard 8 00 480 CCT China Coast Russia Zone 7 9 00 540 JST Japan Standard Russia Zone 8 10 00 600 EAST East Australian Standard GST Guam Standard Russia Zone 9 11 00 660 12 00 720 IDLE International Date Line East NZST New Zealand Standard NZT New Z...

Page 70: ...interval 1200 enable sntp client config sntp client primary server 10 0 1 1 config sntp client secondary server 10 0 1 2 config sntp client update interval seconds Configures the interval between polling for time information from SNTP servers The default setting is 64 seconds disable sntp client Disables SNTP client functions enable sntp client Enables Simple Network Time Protocol SNTP client func...

Page 71: ...ses Configuring Switch Port Speed and Duplex Setting By default the switch is configured to use autonegotiation to determine the port speed and duplex setting for each port You can manually configure the duplex setting and the speed of 10 100 Mbps ports 10BASE T and 100BASE TX ports can connect to either 10BASE T or 100BASE T networks By default the ports autonegotiate port speed You can also conf...

Page 72: ... port will not autonegotiate the settings speed The speed of the port duplex The duplex setting half or full duplex config ports portlist auto on Enables autonegotiation for the particular port type 802 3u for 10 100 Mbps ports or 802 3z for Gigabit Ethernet ports config ports portlist display string string Configures a user defined string for a port The string is displayed in certain show command...

Page 73: ...haring algorithms allow you to select the distribution technique used by the load sharing group to determine the output port selection Algorithm selection is not intended for use in predictive traffic engineering You can configure the address based load sharing algorithm on the Summit24e3 switch restart ports portlist Resets autonegotiation for one or more ports by resetting the physical link show...

Page 74: ... mac_source Indicates that the switch should examine the MAC source address mac_destination Indicates that the switch should examine the MAC destination address mac_source_destination Indicates that the switch should examine the MAC source and destination address ip_source Indicates that the switch should examine the IP source address ip_source_destination Indicates that the switch should examine ...

Page 75: ...ave those ports deleted from the VLAN when load sharing becomes enabled NOTE Do not disable a port that is part of a load sharing group Disabling the port prevents it from forwarding traffic but still allows the link to initialize As a result a partner switch does not receive a valid indication that the port is not in a forwarding state and the partner switch will continue to forward packets Verif...

Page 76: ... traffic coming into or out of the switch on port 1 to the mirror port enable mirroring to port 3 tagged config mirroring add port 1 Extreme Discovery Protocol The Extreme Discovery Protocol EDP is used to gather information about neighbor Extreme Networks switches EDP is used to by the switches to exchange topology information Information communicated using EDP includes Switch MAC address switch ...

Page 77: ... 22 lists EDP commands Table 22 EDP Commands Command Description disable edp ports portlist Disables the EDP on one or more ports enable edp ports portlist Enables the generation and processing of EDP messages on one or more ports The default setting is enabled show edp Displays EDP information ...

Page 78: ...78 Summit24e3 Switch Installation and User Guide Configuring Ports on a Switch ...

Page 79: ...d a VLAN LAN segments are not restricted by the hardware that physically connects them The segments are defined by flexible user groups you create with the command line interface Benefits Implementing VLANs on your networks has the following advantages VLANs help to control traffic With traditional networks congestion can be caused by broadcast traffic that is directed to all network devices regar...

Page 80: ... of VLAN Finance and ports 17 through 24 are part of VLAN Marketing Figure 7 Example of a port based VLAN on the Summit24e3 switch For the members of the different IP VLANs to communicate the traffic must be routed by the switch This means that each VLAN must be configured as a router interface with a unique IP address Spanning Switches with Port Based VLANs To create a port based VLAN that spans ...

Page 81: ...member of the corresponding VLANs as well Figure 9 illustrates two VLANs spanning two switches On system 1 ports 1 through 8 and port 26 are part of VLAN Accounting ports 17 through 24 and port 25 are part of VLAN Engineering On system 2 all ports on slot 1 are part of VLAN Accounting all ports on slot 8 are part of VLAN Engineering Figure 9 Two port based VLANs spanning two switches SH_004 1 2 3 ...

Page 82: ...s using one or more trunks In a port based VLAN each VLAN requires its own pair of trunk ports as shown in Figure 9 Using tags multiple VLANs can span two switches with a single trunk Another benefit of tagged VLANs is the ability to have a port be a member of multiple VLANs This is particularly useful if you have a device such as a server that must belong to multiple VLANs The device must have a ...

Page 83: ...ver connected to port 16 on system 1 has a NIC that supports 802 1Q tagging The server connected to port 16 on system 1 is a member of both VLAN Marketing and VLAN Sales All other stations use untagged traffic SH_006 1 2 3 4 A B 5 6 7 8 4 3 2 1 Marketing Sales M M S S M S S S Tagged port Marketing Sales M M S S System 2 50015 S S M M S S System 1 802 1Q Tagged server SH_007 Tagged Ports Sales Syst...

Page 84: ...port with an 802 1Q tag containing a VLANid of zero are treated as untagged VLAN Names Each VLAN is given a name that can be up to 32 characters VLAN names can use standard alphanumeric characters The following characters are not permitted in a VLAN name Space Comma Quotation mark VLAN names must begin with an alphabetical letter Quotation marks can be used to enclose a VLAN name that does not beg...

Page 85: ...ust represent a unique IP subnet You cannot configure the same IP subnet on different VLANs 3 Assign a VLANid if any ports in this VLAN will use a tag 4 Assign one or more ports to the VLAN As you add each port to the VLAN decide if the port will use an 802 1Q tag VLAN Configuration Commands Table 23 describes the commands used to configure a VLAN Table 23 VLAN Configuration Commands Command Descr...

Page 86: ... add port 1 3 tagged config sales add port 4 7 Displaying VLAN Settings To display VLAN settings use the following command show vlan name detail The show command displays summary information about each VLAN which includes Name VLANid How the VLAN was created IP address STPD information QoS profile information Ports assigned Tagged untagged status for each port How the ports were added to the VLAN ...

Page 87: ...es in the FDB Dynamic entries Initially all entries in the database are dynamic Entries in the database are removed aged out if after a period of time aging time the device has not transmitted This prevents the database from becoming full with obsolete entries by ensuring that when a device is removed from the network its entry is deleted from the database Dynamic entries are deleted from the data...

Page 88: ...e discarded Blackhole entries are treated like permanent entries in the event of a switch reset or power off on cycle Blackhole entries are never aged out of the database How FDB Entries Get Added Entries are added into the FDB in the following two ways The switch can learn entries The system updates its FDB with the source MAC address from a packet the VLAN and the port identifier on which the so...

Page 89: ...bentry mac_address vlan name dynamic qosprofile qosprofile ingress qosprofile qosprofile ingress qosprofile qosprofile qosprofile qosprofile Creates a permanent dynamic FDB entry Assigns a packet with the specified MAC address and VLAN to a specific QoS profile If you only specify the ingress QoS profile the egress QoS profile defaults to none and vice versa If both profiles are specified the sour...

Page 90: ...vlan net34 dynamic qosprofile qp2 This entry has the following characteristics MAC address is 00A023123456 VLAN name is net34 The entry will be learned dynamically QoS profile qp2 will be applied when the entry is learned Displaying FDB Entries To display FDB entries use the following command show fdb mac_address vlan name ports portlist permanent where the following is true mac_address Displays t...

Page 91: ...categories of access policies are Access control lists Rate limits Routing access policies Access Control Lists Access control lists are used to perform packet filtering and forwarding decisions on incoming traffic Each packet arriving on an ingress port is compared to the access list in sequential order and is either forwarded to a specified QoS profile or dropped These forwarded packets can also...

Page 92: ...res are enabled on the switch Each access mask is created with a unique name and defines a list of fields that will be examined by any access control list that uses that mask and by any rate limit that uses the mask An access mask consists of a combination of the following thirteen fields Ethernet destination MAC address Ethernet source MAC address VLANid IP Type of Service TOS or DiffServ code po...

Page 93: ...the access mask used by the list NOTE Unlike an access list a rate limit can only be applied to a single port Each port will have its own rate limit defined separately For packets that match a particular list and arrive at a rate below the limit you can specify the following action Permit Forward the packet You can send the packet to a particular QoS profile and modify the packet s 802 1p value an...

Page 94: ...her precedence than any access mask with a precedence specified The first access mask defined without a specified precedence has the highest precedence Subsequent masks without a specified precedence have a lower precedence and so on Specifying a Default Rule You can specify a default access control list to define the default access to the switch You should use an access mask with a low precedence...

Page 95: ...me To add an access mask entry use the following command create access mask name To add an access list entry use the following command create access list name To add a rate limit entry use the following command create rate limit name Maximum Entries If you try to create an access mask when no more are available the system will issue a warning message Three access masks are constantly used by the s...

Page 96: ...elete access mask name To delete an access list entry use the following command delete access list name To delete a rate limit entry use the following command delete rate limit name Verifying Access Control List Configurations To verify access control list settings you can view the access list configuration To view the access list configuration use the following command show access list name ports...

Page 97: ... the destination MAC address source mac Specifies the source MAC address vlan Specifies the VLANid ethertype Specify IP ARP or the hex value to match tos Specifies the IP precedence value code point Specifies the DiffServ code point value ipprotocol Specify an IP protocol or the protocol number dest ip Specifies an IP destination address and subnet mask A mask length of 32 indicates a host entry d...

Page 98: ...e Specifies the Ethertype field tos Specifies the IP precedence field code point Specifies the DiffServ code point field ipprotocol Specifies the IP protocol field dest ip Specifies the IP destination field and subnet mask You must supply the subnet mask dest L4port Specifies the destination port field source ip Specifies the IP source address field and subnet mask You must supply the subnet mask ...

Page 99: ...e Specify IP ARP or the hex value to match tos Specifies the IP precedence value code point Specifies the DiffServ code point value ipprotocol Specify an IP protocol or the protocol number dest ip Specifies the IP destination address and subnet mask A mask length of 32 indicates a host entry dest L4port Specify the destination port source ip Specifies the IP source address and subnet mask source L...

Page 100: ...P address for NET20 VLAN is 10 10 20 1 24 The workstations are configured using addresses 10 10 10 100 and 10 10 20 100 IPForwarding is enabled Figure 12 Permit established access list example topology The following sections describe the steps used to configure the example Step 1 Deny IP Traffic delete access mask name Deletes an access mask Any access lists or rate limits that reference this mask...

Page 101: ... the outcome of the access control list Figure 13 Access control list denies all TCP and UDP traffic Step 2 Allow TCP traffic The next set of access list commands permits TCP based traffic to flow Because each session is bi directional an access list must be defined for each direction of the traffic flow UDP traffic is still blocked The following commands create the access control list create acce...

Page 102: ...ost A to be able to establish a TCP session to host B and to prevent any TCP sessions from being initiated by host B as illustrated in Figure 15 The commands for this access control list is as follows create access mask tcp_connection_mask ipprotocol dest ip 32 dest L4port permit established ports precedence 1000 create access list telnet deny tcp_connection_mask ipprotocol tcp dest ip 10 10 10 10...

Page 103: ... in Figure 17 Figure 17 ICMP packets are filtered out Example 3 Rate limiting Packets This example creates a rate limit to limit the incoming traffic from the 10 10 10 x subnet to 10 Mbps on ingress port 2 Ingress traffic on port 2 below the rate limit is sent to QoS profile qp1 with its DiffServ code point set to 7 Ingress traffic on port 2 in excess of the rate limit will be dropped The commands...

Page 104: ...ermitted access or denied access Three modes are available Permit The permit access profile mode permits the operation as long as it matches any entry in the access profile If the operation does not match any entries in the list the operation is denied Deny The deny access profile mode denies the operation as long as it matches any entry in the access profile If it does not match all specified ent...

Page 105: ... configured the access profile mode to be none you must specify each entry type as either permit or deny If you do not specify the entry type it is added as a permit entry If you have configured the access profile mode to be permit or deny it is not necessary to specify a type for each entry Deleting an Access Profile Entry To delete an access profile entry use the following command config access ...

Page 106: ...10 0 0 10 24 Figure 18 RIP access policy example Assuming the backbone VLAN interconnects all the routers in the company and therefore the Internet router does not have the best routes for other local subnets the commands to build the access policy for the switch would be create access profile nointernet ipaddress config access profile nointernet mode deny config access profile nointernet add 10 0...

Page 107: ...routes from being advertised into that area To configure an external filter policy use the following command config ospf area area_id external filter access_profile none NOTE If any of the external routes specified in the filter have already been advertised those routes will remain until the associated LSAs in that area time out ASBR Filter For switches configured to support RIP and static route r...

Page 108: ...IP access policies depends on the protocol timer to age out entries NOTE Changes to profiles applied to OSPF typically require rebooting the switch or disabling and re enabling OSPF on the switch Removing a Routing Access Policy To remove a routing access policy you must remove the access profile from the routing protocol or VLAN All the commands that apply an access profile to form an access poli...

Page 109: ...edence ipaddress mask An IP address and mask If the attribute exact is specified for an entry then a exact match with address and mask is performed subnets within the address range do not match entry against entry config access profile access_profile delete seq_number Deletes an access profile entry using the sequence number config access profile access_profile mode permit deny none Configures the...

Page 110: ...es when performing route advertisements config rip vlan name all import filter access_profile none Configures RIP to ignore certain routes received from its neighbor config rip vlan name all trusted gateway access_profile none Configures RIP to use the access list to determine which RIP neighbor to receive or reject the routes create access profile access_profile type ipaddress Creates an access p...

Page 111: ...P addresses typically public Internet IP addresses This conversion is done transparently by having a NAT device rewrite the source IP address and Layer 4 port of the packets Figure 20 NAT Overview You can configure NAT to conserve IP address space by mapping a large number of inside private addresses to a much smaller number of outside public addresses In implementing NAT you must configure at lea...

Page 112: ... table to map the return packets on the outside VLAN back into their corresponding inside sessions Internet IP Addressing When implementing NAT in an Internet environment it is strongly recommended that you use one of the reserved private IP address ranges for your inside IP addresses These ranges have been reserved specifically for networks not directly attached to the Internet Using IP addresses...

Page 113: ...fficient use of the external address space As each new connection is initiated from the inside the NAT device picks the next available source Layer 4 port on the first available outside IP address When all ports on a given IP address are in use the NAT device uses ports off of the next outside IP address Some systems reserve certain port ranges for specific types of traffic so it is possible to ma...

Page 114: ...tic dynamic portmap and auto constrain In the examples in this section advanced port and destination matching options have been removed For information on how to use some of the more advanced rule matching features refer to Advanced Rule Matching on page 116 Table 27 NAT Configuration Commands Command Description config nat add vlan outside_vlan map source any ipaddress bits netmask l4 port any nu...

Page 115: ...le config nat add out_vlan_1 map source 192 168 1 0 24 to 216 52 8 1 216 52 8 31 Creating Portmap NAT Rules To configure portmap NAT rules use this command config nat add delete vlan outside_vlan map source any ipaddress bits netmask to ip mask netmask ipaddress tcp udp both portmap min max The addition of an L4 protocol name and the portmap keyword tells the switch to use portmap mode Optionally ...

Page 116: ...nd mask allows the NAT rule to be applied to only packets with a specific destination IP address L4 Port Specific NAT The addition of the L4 port optional keyword after the source IP address and mask allows the NAT rule to be applied to only packets with a specific L4 source or destination port If you use the L4 port command after the source IP mask the rule will only match if the port s specified...

Page 117: ...ion use the following command show nat connections This command displays the current NAT connection table including source IP Layer 4 port mappings from inside to outside Disabling NAT To disable NAT use the following command disable nat config nat syn timeout seconds Configures the timeout for an entry with an unacknowledged TCP SYN state The default setting is 60 seconds config nat tcp timeout s...

Page 118: ...118 Summit24e3 Switch Installation and User Guide Network Address Translation NAT ...

Page 119: ...such as a Metropolitan Area Network MAN or large campuses see Figure 21 EAPS protection switching is similar to what can be achieved with the Spanning Tree Protocol STP but offers the advantage of converging in less than a second when a link in the ring breaks In order to use EAPS you must enable EDP on the switch For more information on EDP refer to Chapter 6 EAPS operates by declaring an EAPS do...

Page 120: ...cks the secondary port for all non control traffic belonging to this EAPS domain thereby avoiding a loop in the ring like STP Layer 2 switching and learning mechanisms operate per existing standards on this ring NOTE Like the master node each transit node is also configured with a primary port and a secondary port on the ring but the primary secondary port distinction is ignored as long as the nod...

Page 121: ... a ring is based on a single control VLAN per EAPS domain This EAPS domain provides protection to one or more data carrying VLANs called protected VLANs The control VLAN is used only to send and receive EAPS messages the protected VLANs carry the actual data traffic As long as the ring is complete the EAPS master node blocks the protected VLANs from accessing its secondary port NOTE The control VL...

Page 122: ... traffic can flow through the master s secondary port The master node also flushes its forwarding database FDB and sends a message on the control VLAN to all of its associated transit nodes to flush their forwarding databases as well so that all of the switches can learn the new paths to Layer 2 end stations on the reconfigured ring topology Trap Message Sent by a Transit Node When any transit nod...

Page 123: ... Remember which port has been temporarily blocked 3 Set the state to Preforwarding When the master node receives its health check packet back on its secondary port and detects that the ring is once again complete it sends a message to all its associated transit nodes to flush their forwarding databases When the transit nodes receive the message to flush their forwarding databases they perform thes...

Page 124: ...tected VLAN to the specified EAPS domain or deletes the specified protected VLAN from the specified EAPS domain config eaps old_name name new_name Renames an existing EAPS domain create eaps name Creates an EAPS domain with the specified name Only a singe domain is supported on this platform delete eaps name Deletes the specified EAPS domain disable eaps Disables the EAPS function for an entire sw...

Page 125: ...ransit node they will be ignored If you later reconfigure that transit node as the master node the polling timer values will be used as the current values Use the hellotime keyword and its associated seconds parameter to specify the amount of time the master node waits between transmissions of health check packets on the control VLAN seconds must be greater than 0 when you are configuring a master...

Page 126: ...e secondary port If the ring is complete the master node prevents a loop by logically blocking all data traffic in the transmit and receive directions on its secondary port If the master node subsequently detects a break in the ring it unblocks its secondary port and allows data traffic to be transmitted and received through it To configure a node port as primary or secondary use the following com...

Page 127: ...e profiles Otherwise the Summit24e3 may drop EAPS control packets preventing EAPS from operating reliably The following command example adds the control VLAN keys to the EAPS domain eaps_1 config eaps eaps_1 add control vlan keys Configuring the EAPS Protected VLANs You must configure one or more protected VLANs for each EAPS domain The protected VLANs are the data carrying VLANs NOTE When you con...

Page 128: ...ation To display EAPS status information use the following command show eaps name detail If you enter the show eaps command without an argument or keyword the command displays a summary of status information for all configured EAPS domains You can use the detail keyword to display more detailed status information NOTE The output displayed by this command depends on whether the node is a transit no...

Page 129: ... Master Primary port 14 Port status Up Tag status Tagged Secondary port 13 Port status Blocked Tag status Tagged Hello Timer interval 1 sec Fail Timer interval 3 sec Eaps Domain has following Controller Vlan Vlan Name VID rhsc 0020 EAPS Domain has following Protected Vlan s Vlan Name VID blue 1003 traffic 1001 Number of Protected Vlans 2 Table 30 show eaps Display Fields Field Description EAPS Ena...

Page 130: ...S is enabled on this domain Yes EAPS is enabled on this domain no EAPS is not enabled Mode The configured EAPS mode for this switch transit or master Primary Secondary port The port numbers assigned as the EAPS primary and secondary ports On the master node the port distinction indicates which port is blocked to avoid a loop Port status Unknown This EAPS domain is not running so the port status ha...

Page 131: ...fied by its MAC address EAPS Domain has Controller Vlans Lists the assigned name and ID of the control VLAN EAPS Domain has Protected Vlans 2 Lists the assigned names and VLAN IDs of all the protected VLANs configured on this EAPS domain Number of Protected Vlans The count of protected VLANs configured on this EAPS domain 1 These fields apply only to transit nodes they are not displayed for a mast...

Page 132: ...132 Summit24e3 Switch Installation and User Guide Ethernet Automatic Protection Switching ...

Page 133: ...etworks that have heterogeneous traffic patterns Using Policy based QoS you can specify the service level that a particular traffic type receives Overview of Policy Based Quality of Service Policy based QoS allows you to protect bandwidth for important categories of applications or specifically limit the bandwidth associated with less critical traffic For example if voice over IP traffic requires ...

Page 134: ...ever the bandwidth must be constant and predictable because voice applications are typically sensitive to latency inter packet delay and jitter variation in inter packet delay The most important QoS parameter to establish for voice applications is minimum bandwidth followed by priority Video Applications Video applications are similar in needs to voice applications with the exception that bandwidt...

Page 135: ...to reduce session loss if the queue that floods Web traffic becomes over subscribed File Server Applications With some dependencies on the network operating system file serving typically poses the greatest demand on bandwidth although file server applications are very tolerant of latency jitter and some packet loss depending on the network operating system and the use of TCP or UDP NOTE Full duple...

Page 136: ... more specific traffic grouping takes precedence By default all traffic groupings are placed in the QoS profile Qp1 The supported traffic groupings are listed in Table 33 The groupings are listed in order of precedence highest to lowest The four types of traffic groupings are described in detail on the following pages Access List Based Traffic Groupings Access list based traffic groupings are base...

Page 137: ...a QoS profile whenever traffic is destined to the MAC address For any port on which the specified MAC address is learned in the specified VLAN the port is assigned the specified QoS profile For example create fdbentry 00 11 22 33 44 55 vlan default dynamic qosprofile qp3 The QoS profile is assigned when the MAC address is learned If a client s location moves the assigned QoS profile moves with the...

Page 138: ...he switching or routing configuration of the switch For example 802 1p information can be preserved across a routed switch boundary and DiffServ code points can be observed or overwritten across a layer 2 switch boundary NOTE Re marking DiffServ code points is supported through access lists See Chapter 9 Access Policies for more information Configuring 802 1p Priority Extreme switches support the ...

Page 139: ...ty Information By default 802 1p priority information is not replaced or manipulated and the information observed on ingress is preserved when transmitting the packet This behavior is not affected by the switching or routing configuration of the switch However the switch is capable of replacing the 802 1p priority information To replace 802 1p priority information you will use an access list to se...

Page 140: ...t TOS bits called the code point The switch can assign the QoS profile used to subsequently transmit the packet based on the code point The QoS profile controls a hardware queue used when transmitting the packet out of the switch and determines the forwarding characteristics of a particular code point Viewing DiffServ information can be enabled or disabled by default it is disabled To view DiffSer...

Page 141: ... being transmitted by the switch This is done with no impact on switch performance To replace the DiffServ code point you will use an access list to set the new code point value See Chapter 9 Access Policies for more information on using access lists You will use the set code point parameter of the create access list command to replace the value To display the DiffServ configuration use the follow...

Page 142: ... use the following command config ports portlist qosprofile qosprofile In the following modular switch example all traffic sourced from port 7 uses the QoS profile named qp3 when being transmitted config ports 7 qosprofile qp3 VLAN A VLAN traffic grouping indicates that all intra VLAN switched traffic and all routed traffic sourced from the named VLAN uses the indicated QoS profile To configure a ...

Page 143: ...ormance use the following command show ports portlist qosmonitor The QoS monitor rate screen packets per second does not display any results for at least five seconds Once the rate is displayed it is updated each second NOTE The QoS monitor can display up to four ports at a time NOTE The QoS monitor displays the statistics of incoming packets The real time display corresponds to the 802 1p values ...

Page 144: ...gs of a source port or VLAN re apply the QoS profile to the source port or VLAN as documented You can also save and reboot the switch Traffic Rate Limiting The Summit24e3 rate limiting method is based on creating a rate limit a specific type of access control list Traffic that matches a rate limit is constrained to the limit set in the access control list Rate limits are discussed in Chapter 9 Acc...

Page 145: ...ation is performed after the host is moved DLCS information is dynamic therefore if the switch is rebooted the information is lost This information is still stored in the policy server To delete the information from the policy system you must explicitly delete configuration parameters from the EEM or ExtremeWare EPICenter Policy Applet user interface As a workaround you can delete the switch that ...

Page 146: ...146 Summit24e3 Switch Installation and User Guide Quality of Service QoS ...

Page 147: ...s arising before they cause major network faults In this way statistics can help you get the best out of your network Status Monitoring The status monitoring facility provides information about the switch This information may be useful for your technical support representative if you have a problem ExtremeWare includes many show commands that display information about different switch functions an...

Page 148: ... memory information Specify the detail option to view task specific memory usage show switch Displays the current switch information including sysName sysLocation sysContact MAC address Current time and time system uptime and time zone Operating environment fans NVRAM configuration information Scheduled reboot information show tech support Displays the output for the following commands show versio...

Page 149: ...r of good packets that have been received by the port Received Byte Count RX Byte Count The total number of bytes that were received by the port including bad or lost frames This number includes bytes contained in the Frame Check Sequence FCS but excludes bytes in the preamble Received Broadcast RX Bcast The total number of frames received by the port that are addressed to a broadcast address Rece...

Page 150: ...r The total number of frames received by the port that were less than 64 bytes long Receive Fragmented Frames RX Frag The total number of frames received by the port were of incorrect length and contained a bad FCS value Receive Jabber Frames RX Jab The total number of frames received by the port that was of greater than the support maximum length and had a Cyclic Redundancy Check CRC error Receiv...

Page 151: ...ce Each entry in the log contains the following information Timestamp The timestamp records the month and day of the event along with the time hours minutes and seconds in the form HH MM SS If the event was caused by a user the user name is also provided Fault level Table 41 describes the three levels of importance that the system can assign to a fault By default log entries that are assigned a cr...

Page 152: ...t specified only messages of critical priority are displayed If you enable the log display on a terminal connected to the console port your settings will remain in effect even after your console session is ended unless you explicitly disable the log display When using a Telnet connection if your Telnet session is disconnected because of the inactivity timer or for other reasons the log display is ...

Page 153: ...efer to your UNIX documentation for more information about the syslog host facility Logging Configuration Changes ExtremeWare allows you to record all configuration changes and their sources that are made using the CLI by way of Telnet or the local console The changes are logged to the system log Each log entry includes the user account name that performed the change and the source IP address of t...

Page 154: ... syslog host config syslog delete host name ip facility priority Deletes a syslog host address facility The syslog facility level for local use local0 local7 priority Filters the log to display messages with the selected priority or higher more critical Priorities include critical emergency alert error warning notice info and debug If not specified only critical priority messages and are sent to t...

Page 155: ...intelligent remotely controlled device or software agent that continually collects statistics about a LAN segment or VLAN The probe transfers the information to a management workstation on request or when a predefined threshold is crossed Management workstation Communicates with the RMON probe and collects the statistics from it The workstation does not have to be on the same network as the probe ...

Page 156: ...ents group creates entries in an event log and or sends SNMP traps to the management workstation An event is triggered by an RMON alarm The action taken can be configured to ignore it to log the event to send an SNMP trap to the receivers listed in the trap receiver table or to both log and send a trap The RMON traps are defined in RFC 1757 for rising and falling thresholds Effective use of the Ev...

Page 157: ...the processes necessary for collecting switch statistics Event Actions The actions that you can define for each alarm are shown in Table 44 To be notified of events using SNMP traps you must configure one or more trap receivers as described in Chapter 5 Managing the Switch Table 44 Event Actions Action High Threshold No action Notify only Send trap to all trap receivers Notify and log Send trap pl...

Page 158: ...158 Summit24e3 Switch Installation and User Guide Status Monitoring and Statistics ...

Page 159: ...dge specification defined by the IEEE Computer Society To explain STP in terms used by the 802 1D specification the switch will be referred to as a bridge Overview of the Spanning Tree Protocol STP is a bridge based mechanism for providing fault tolerance on networks STP allows you to implement parallel paths for network traffic and ensure that Redundant paths are disabled when the main paths are ...

Page 160: ...ts The default device configuration contains a single STPD called s0 The default VLAN is a member of STPD s0 All STP parameters default to the IEEE 802 1D values as appropriate STPD BPDU Tunneling You can configure ExtremeWare to allow a BDPU to traverse a VLAN without being processed by STP even if STP is enabled on the port This is known as BPDU tunneling To enable and disable BPDU tunneling on ...

Page 161: ...ut into blocking state and the connection between switch Y and switch Z is put into blocking state After STP converges all the VLANs can communicate and all bridging loops are prevented The VLAN Marketing which has not been assigned to either STPD1 or STPD2 communicates using all five switches The topology has no loops because STP has already blocked the port connection between switch A and switch...

Page 162: ... 3 by disabling the trunk ports for that connection on each switch Switch 2 has no ports assigned to VLAN marketing Therefore if the trunk for VLAN marketing on switches 1 and 3 is blocked the traffic for VLAN marketing will not be able to traverse the switches Configuring STP on the Switch To configure STP follow these steps 1 Create one or more STP domains using the following command create stpd...

Page 163: ...Max age Bridge priority The following parameters can be configured on each port Path cost Port priority NOTE The device supports the RFC 1493 Bridge MIB Parameters of only the s0 default STPD are accessible through this MIB Table 45 shows the commands used to configure STP Table 45 STP Configuration Commands Command Description config stpd stpd_name add vlan name Adds a VLAN to the STPD config stp...

Page 164: ...become the root bridge The range is 0 through 65 535 The default setting is 32 768 A setting of 0 indicates the highest priority create stpd stpd_name Creates an STPD When created an STPD has the following default parameters n Bridge priority 32 768 n Hello time 2 seconds n Forward delay 15 seconds enable ignore bpdu vlan name Configures the switch to ignore STP BPDUs which prevents ports in the V...

Page 165: ...ist This command displays the following information STPD port configuration STPD state root bridge and so on STPD port state forwarding blocking and so on Disabling and Resetting STP To disable STP or return STP settings to their defaults use the commands listed in Table 46 Table 46 STP Disable and Reset Commands Command Description delete stpd stpd_name Removes an STPD An STPD can only be removed...

Page 166: ...e3 Switch Installation and User Guide Spanning Tree Protocol STP unconfig stpd stpd_name Restores default STP values to a particular STPD or to all STPDs Table 46 STP Disable and Reset Commands Command Description ...

Page 167: ...the following publications for additional information RFC 1256 ICMP Router Discovery Messages RFC 1812 Requirements for IP Version 4 Routers NOTE For more information on interior gateway protocols refer to Chapter 16 Overview of IP Unicast Routing The switch provides full layer 3 IP unicast routing It exchanges routing information with other routers on the network using either the Routing Informat...

Page 168: ...nd 5 are assigned to Personnel Finance belongs to the IP network 192 207 35 0 the router interface for Finance is assigned the IP address 192 206 35 1 Personnel belongs to the IP network 192 207 36 0 its router interface is assigned IP address 192 207 36 1 Traffic within each VLAN is switched using the Ethernet MAC addresses Traffic between the two VLANs is routed using the IP addresses Figure 28 ...

Page 169: ...outes you want advertised by the router You can decide if you want all static routes to be advertised using one of the following commands enable disable rip export static enable disable ospf export static The default setting is disabled Static routes are never aged out of the routing table A static route must be associated with a valid IP subnet An IP subnet is associated with a single VLAN by its...

Page 170: ...d entries and you can view them using the show ipfdb command You can also configure the VLAN router interface to either forward and process all subnet directed broadcast packets or to simply forward these packets after they have been added to the IP forwarding database The latter option allows you to improve CPU forwarding performance by having upper layers such as UDP and TCP ignore broadcast pac...

Page 171: ...with a class B address of 100 101 102 103 and a mask of 255 255 0 0 The switch is configured with the IP address 100 101 102 1 and a mask of 255 255 255 0 The switch is also configured with a proxy ARP entry of IP address 100 101 0 0 and mask 255 255 0 0 without the always parameter When the IP host tries to communicate with the host at address 100 101 45 67 the IP hosts communicates as if the two...

Page 172: ...the router has no other dynamic or static route to the requested destination 4 Turn on IP routing for one or all VLANs using the following command enable ipforwarding vlan name 5 Turn on RIP or OSPF using one of the following commands enable rip enable ospf Verifying the IP Unicast Routing Configuration Use the show iproute command to display the current configuration of IP unicast routing for the...

Page 173: ...e When always is specified the switch answers ARP Requests without filtering requests that belong to the same subnet of the receiving router interface config iparp delete ipaddress Deletes an entry from the ARP table Specify the IP address of the entry config iparp delete proxy ipaddress mask all Deletes one or all proxy ARP entries config iparp timeout minutes Configures the IP ARP timeout period...

Page 174: ...a value of 255 255 255 255 for mask to indicate a host entry config iproute add blackhole ipaddress mask Adds a blackhole address to the routing table All traffic destined for the configured IP address is dropped and no Internet Control Message Protocol ICMP message is generated config iproute add default gateway metric Adds a default gateway to the routing table A default gateway must be located ...

Page 175: ...etting is 600 seconds lifetime The default setting is 1 800 seconds preference The preference level of the router An ICMP Router Discover Protocol IRDP client always uses the router with the highest preference level Change this setting to encourage or discourage the use of this router The default setting is 0 disable icmp parameter problem vlan name Disables the generation of ICMP messages for the...

Page 176: ... the generation of an ICMP timestamp response type 14 code 0 when an ICMP timestamp request is received The default setting is enabled If a VLAN is not specified the command applies to all IP interfaces enable icmp unreachables vlan name Enables the generation of ICMP network unreachable messages type 3 code 0 and host unreachable messages type 3 code 1 when a packet cannot be forwarded to the des...

Page 177: ...from stations connected to ports 2 and 4 have access to the router by way of the VLAN Finance Ports 3 and 5 reach the router by way of the VLAN Personnel The example in Figure 29 is configured as follows create vlan Finance create vlan Personnel config Finance add port 2 4 config Personnel add port 3 5 unconfig irdp Resets all router advertisement settings to the default values Table 50 ICMP Confi...

Page 178: ...iguration information for one or all VLANs show ipconfig vlan name detail Displays IP configuration settings show ipfdb ipaddress netmask vlan name Displays the contents of the IP forwarding database FDB table If no option is specified all IP FDB entries are displayed show iproute priority vlan vlan permanent ipaddress netmask origin direct static blackhole rip bootp icmp ospf intra ospf inter osp...

Page 179: ...hable messages If a VLAN is not specified the command applies to all IP interfaces disable icmp redirects vlan name Disables the generation of ICMP redirect messages If a VLAN is not specified the command applies to all IP interfaces disable icmp time exceeded vlan name Disables the generation of ICMP time exceeded messages If a VLAN is not specified the command applies to all IP interfaces disabl...

Page 180: ...the IP destination address modified as configured and changes are made to the IP and UDP checksums and decrements to the TTL field as appropriate If the UDP forwarding is used for BOOTP or DHCP forwarding purposes do not configure or use the existing bootprelay function However if the previous bootprelay functions are adequate you may continue to use them NOTE UDP forwarding only works across a la...

Page 181: ...ntrol on a per type per VLAN basis You would alter the default settings for security reasons to restrict the success of tools that can be used to find an important application host or topology information The controls include the disabling of transmitting ICMP messages associated with unreachables port unreachables time exceeded parameter problems redirects time stamp and address mask requests For...

Page 182: ... DHCP BOOTP port number appropriate DHCP BOOTP proxy functions are invoked create udp profile profile_name Creates a UDP forwarding profile You must use a unique name for the UDP forwarding profile delete udp profile profile_name Deletes a UDP forwarding profile show udp profile profile_name Displays the profile names input rules of UDP port destination IP address or VLAN and the source VLANs to w...

Page 183: ...er assumes that you are already familiar with IP unicast routing If not refer to the following publications for additional information RFC 1058 Routing Information Protocol RIP RFC 1723 RIP Version 2 RFC 2328 OSPF Version 2 Interconnections Bridges and Routers by Radia Perlman ISBN 0 201 56332 0 Published by Addison Wesley Publishing Company Overview The switch supports the use of two interior gat...

Page 184: ...elatively simple to understand and implement and it has been the de facto routing standard for many years RIP has a number of limitations that can cause problems in large networks including A limit of 15 hops between the source and destination networks A large amount of bandwidth taken up by periodic broadcasts of the entire routing table Slow convergence Routing decisions based on hop count no co...

Page 185: ...on reverse is a scheme for eliminating the possibility of loops in the routed topology In this case a router advertises a route over the same interface that supplied the route but the route uses a hop count of 16 defining it as unreachable Triggered Updates Triggered updates occur whenever a router changes the metric for a route and it is required to send an update message immediately even if it i...

Page 186: ...autonomous system When several equal cost routes to a destination exist traffic can be distributed among them The cost of a route is described by a single metric NOTE A Summit24e3 can support up to two non passive OSPF interfaces and cannot be a designated or a backup designated router Link State Database Upon initialization each router transmits a link state advertisement LSA on each of its inter...

Page 187: ...que LSAs are a generic OSPF mechanism used to carry auxiliary information in the OSPF database Opaque LSAs are most commonly used to support OSPF traffic engineering Normally support for opaque LSAs is auto negotiated between OSPF neighbors In the event that you experience interoperability problems you can disable opaque LSAs across the entire system using the following command disable ospf capabi...

Page 188: ...to configure the VLAN to be part of a different OSPF area use the following command config ospf vlan name area areaid If this is the first instance of the OSPF area being used you must create the area first using the following command create ospf area areaid Stub Areas OSPF allows certain areas to be configured as stub areas A stub area is connected to only one other area The area that connects to...

Page 189: ...not have a direct physical attachment to the backbone a virtual link is used A virtual link provides a logical path between the ABR of the disconnected area and the ABR of the normal area that connects to the backbone A virtual link must be established between two ABRs that have a common area with one ABR connected to the backbone Figure 30 illustrates a virtual link NOTE Virtual links can not be ...

Page 190: ...s ExtremeWare automatically determines the OSPF link type based on the interface type This is the default setting Broadcast Any Routers must elect a designated router DR and a backup designated router BDR during synchronization Ethernet is an example of a broadcast link Point to point Up to 2 Synchronizes faster than a broadcast link because routers do not elect a DR or BDR Does not operate with m...

Page 191: ...2 Route re distribution Configuring Route Re Distribution Exporting routes from OSPF to RIP and from RIP to OSPF are discreet configuration functions To run OSPF and RIP simultaneously you must first configure both protocols and then verify the independent operation of each Then you can configure the routes to export from OSPF to RIP and the routes to export from RIP to OSPF Re Distributing Routes...

Page 192: ...le the exporting of static direct and OSPF learned routes into the RIP domain using the following commands enable rip export static direct ospf ospf intra ospf inter ospf extern1 ospf extern2 cost metric tag number disable rip export static direct ospf ospf intra ospf inter ospf extern1 ospf extern2 These commands enable or disable the exporting of static direct and OSPF learned routes into the RI...

Page 193: ...RIP v1 and v2 packets If no VLAN is specified the setting is applied to all VLANs The default setting is any config rip txmode none v1only v1comp v2only vlan name Changes the RIP transmission mode for one or all VLANs Specify none Do not transmit any packets on this interface v1only Transmit RIP v1 format packets to the broadcast address v1comp Transmit RIP v2 format packets to the broadcast addre...

Page 194: ...ll OSPF routes ospf intra OSPF intra area routes ospf inter OSPF inter area routes ospf extern1 OSPF AS external route type 1 ospf extern2 OSPF AS external route type 2 The metric range is 0 15 If set to 0 RIP uses the route metric obtained from the route origin enable rip originate default always cost metric tag number Configures a default route to be advertised by RIP if no other default route i...

Page 195: ...on all IP traffic from stations connected to ports 2 and 4 have access to the router by way of the VLAN Finance Ports 3 and 5 reach the router by way of the VLAN Personnel The example in Figure 33 is configured as follows create vlan Finance create vlan Personnel config Finance add port 2 4 config Personnel add port 3 5 config Finance ipaddress 192 207 35 1 config Personnel ipaddress 192 207 36 1 ...

Page 196: ...t and Disable Commands Command Description config rip delete vlan name all Disables RIP on an IP interface When RIP is disabled on the interface the parameters are not reset to their defaults disable rip Disables RIP disable rip aggregation Disables the RIP aggregation of subnet information on a RIP v2 interface disable rip export static direct ospf ospf intra ospf inter ospf extern1 ospf extern2 ...

Page 197: ...uch as PPP The default setting is auto The passive parameter indicates that the interface does not send or receive OSPF packets config ospf vlan name neighbor add ipaddress Configures the IP address of a point to point neighbor config ospf vlan name neighbor delete ipaddress Deletes the IP address of a point to point neighbor config ospf area areaid vlan name all cost automatic number Configures t...

Page 198: ...ssive parameter indicates that the interface does not send or receive OSPF packets config ospf area areaid add range ipaddress mask advertise noadvertise type 3 type 7 Configures a range of IP addresses in an OSPF area If advertised the range is exported as a single LSA by the ABR config ospf area areaid delete range ipaddress mask Deletes a range of IP addresses in an OSPF area config ospf area a...

Page 199: ... seconds The LSAs added to the LSDB during the interval are batched together for refresh or timeout The default setting is 30 seconds config ospf metric table 10M_cost 100M_cost 1G_cost Configures the automatic interface costs for 10 Mbps 100 Mbps and 1 Gbps interfaces The default cost for 10 Mbps is 10 for 100 Mbps is 5 and for 4 Gbps is 1 config ospf routerid automatic routerid Configures the OS...

Page 200: ...al is required by the OSPF standard to be equal to the routerdeadinterval Under some circumstances setting the waitinterval to smaller values can help OSPF routers on a broadcast network to synchronize more quickly at the expense of possibly electing an incorrect DR or BDR This value should not be set to less than the hellointerval The default value is equal to the routerdeadinterval create ospf a...

Page 201: ...l The interval after which a neighboring router is declared down due to the fact that hello packets are no longer received from the neighbor This interval should be a multiple of the hello interval The default value is 40 seconds Router wait interval WaitInterval The interval between the interface coming up and the election of the DR and BDR This interval should be greater than the hello interval ...

Page 202: ...e default is to display in the summary format A common use of this command is to omit all optional parameters resulting in the following shortened form show ospf lsdb The shortened form displays all areas and all types in a summary format Table 60 OSPF Show Commands Command Description show ospf Displays global OSPF information show ospf area detail Displays information about all OSPF areas show o...

Page 203: ...ssociated OSPF area and OSPF interface information is removed The backbone area cannot be deleted A non empty area cannot be deleted disable ospf Disables OSPF process in the router disable ospf export direct Disables exporting of local interface direct routes into the OSPF domain disable ospf export rip Disables exporting of RIP routes in the OSPF domain disable ospf export static Disables export...

Page 204: ...204 Summit24e3 Switch Installation and User Guide Interior Gateway Routing Protocols ...

Page 205: ... IP hosts This group of hosts can include devices that reside on the local network within a private network or outside of the local network IP multicast routing consists of the following functions A router that can forward IP multicast packets A method for the IP host to communicate its multicast group membership to a router for example Internet Group Management Protocol IGMP NOTE You should confi...

Page 206: ... IGMP querier the switch stops forwarding IP multicast packets to any port When a port sends an IGMP leave message the switch removes the IGMP snooping entry after 10 seconds The switch sends a query to determine which ports want to remain in the multicast group If other members of the VLAN want to remain in the multicast group the router ignores the leave message but the port that requests remova...

Page 207: ...ooping router_timeout host_timeout Configures the IGMP snooping timers Timers should be set to approximately 2 5 times the router query interval in use on the network Specify the following router_timeout The interval in seconds between the last time the router was discovered and the current time The range is 10 to 2 147 483 647 seconds 68 years The default setting is 260 seconds host_timeout The i...

Page 208: ...tions are specified all IP multicast cache entries are flushed disable igmp vlan name Disables the router side IGMP processing on a router interface No IGMP query is generated but the switch continues to respond to IGMP queries received from other devices If no VLAN is specified IGMP is disabled on all router interfaces disable igmp snooping Disables IGMP snooping IGMP snooping can be disabled onl...

Page 209: ...emperature and humidity controlled indoor area free or airborne materials that can conduct electricity Too much humidity can cause a fire Too little humidity can produce electrical shock and fire NOTE For more information about the Summit24e3 temperature and humidity ranges see Appendix B Power The Summit24e3 switch has one power input on the switch The unit must be grounded Do not connect the pow...

Page 210: ...NEMA 5 15P 10 A 125 V configuration Denmark The supply plug must comply with section 107 2 D1 standard DK2 1a or DK2 5a Switzerland The supply plug must comply with SEV ASE 1011 Argentina The supply plug must comply with Argentinian standards Connections Fiber Optic ports Optical Safety Never look at the transmit LED laser through a magnifying device while it is powered on Never look directly at t...

Page 211: ...um batteries are not listed by the Environmental Protection Agency EPA as a hazardous waste Therefore they can typically be disposed of as normal waste If you are disposing of large quantities contact a local waste management service No hazardous compounds are used within the battery module The weight of the lithium contained in each coin cell is approximately 0 035 grams Two types of batteries ar...

Page 212: ...212 Summit24e3 Switch Installation and User Guide Safety Information ...

Page 213: ...A C108 8 M1983 Class A VCCI Class A AS NZS 3548 EN55022 1998 Class A CISPR 22 1998 Class A EN55024 1998 includes IEC 61000 4 2 3 4 5 6 8 11 EN 61000 3 2 3 CNS 13438 Class A Heat Dissipation 74 W maximum 252 BTU hr maximum Power Supply AC Line Frequency 50 Hz to 60 Hz Input Voltage Options 90 VAC to 264 VAC auto ranging Current Rating 100 120 200 240 VAC 2 0 1 0 A Switch Power Off Temperature power...

Page 214: ...0 to 95 relative humidity noncondensing Standards EN60068 to Extreme IEC68 schedule Certification Marks CE European Community TUV GS German Notified Body TUV S Argentina GOST Russian Federation ACN 090 029 066 C Tick Australian Communication Authority Underwriters Laboratories USA and Canada MIC South Korea BSMI Republic of Taiwan NOM Mexican Official Normalization Electronic Certification and Nor...

Page 215: ...C 854 Telnet RFC 768 UDP RFC 791 IP RFC 792 ICMP RFC 793 TCP RFC 826 ARP RFC 2068 HTTP RFC 2131 BootP DHCP relay RFC 2030 Simple Network Time Protocol RFC 1256 Router discovery protocol RFC 1812 IP router requirement RFC 1519 CIDR Management and Security RFC 1157 SNMP v1 v2c RFC 1213 MIB II RFC 1354 IP forwarding table MIB RFC 1493 Bridge MIB RFC 2037 Entity MIB RFC 1573 Evolution of Interface RFC...

Page 216: ...216 Summit24e3 Switch Installation and User Guide Supported Standards ...

Page 217: ...load procedure from either a Trivial File Transfer Protocol TFTP server on the network Downloading a new image involves the following steps Load the new image onto a TFTP server on your network if you will be using TFTP Download the new image to the switch using the following command download image ipaddress hostname filename primary secondary where the following is true ipaddress Is the IP addres...

Page 218: ...ime cancel where date is the date and time is the time using a 24 hour clock format when the switch will be rebooted The values use the following format mm dd yyyy hh mm ss If you do not specify a reboot time the reboot occurs immediately following the command and any previously schedule reboots are cancelled To cancel a previously scheduled reboot use the cancel option ...

Page 219: ... configuration primary secondary To use the configuration use the following command use configuration primary secondary The configuration takes effect on the next reboot NOTE If the switch is rebooted while in the middle of a configuration save the switch boots to factory default settings The configuration that is not in the process of being saved is unaffected Returning to Factory Defaults To ret...

Page 220: ...ry time where the following is true ipaddress Is the IP address of the TFTP server hostname Is the hostname of the TFTP server You must enable DNS to use this option filename Is the name of the ASCII file The filename can be up to 255 characters long and cannot include any spaces commas quotation marks or special characters every time Specifies the time of day you want the configuration automatica...

Page 221: ...plete configuration use the following command download configuration hostname ipaddress filename After the ASCII configuration is downloaded by way of TFTP you are prompted to reboot the switch The downloaded configuration file is stored in current switch memory during the rebooting process and is not retained if the switch has a power failure When the switch completes booting it treats the downlo...

Page 222: ...uled incremental downloads use the following command download configuration cancel Remember to Save Regardless of which download option is used configurations are downloaded into switch runtime memory only The configuration is saved only when the save command is issued or if the configuration file itself contains the save command If the configuration currently running in the switch does not match ...

Page 223: ...ed in primary or 2 for the image stored in secondary Then press the f key to boot from newly selected on board flash memory To boot to factory default configuration press the d key for default and the f key to boot from the configured on board flash Boot Option Commands Table 65 lists the CLI commands associated with switch boot options Table 65 Boot Option Commands Command Description config down...

Page 224: ...on is saved to the primary configuration area show configuration Displays the current configuration to the terminal You can then capture the output and store it as a file upload configuration ipaddress hostname filename every time Uploads the current run time configuration to the specified TFTP server If every time is specified the switch automatically saves the configuration to the server once pe...

Page 225: ...representative LEDs Power LED does not light Check that the power cable is firmly connected to the device and to the supply outlet On powering up the MGMT LED lights amber The device has failed its Power On Self Test POST and you should contact your supplier for advice A link is connected but the Port Status LED does not light Check that All connections are secure Cables are free from damage The d...

Page 226: ...nal or terminal emulator The settings are 9600 baud 8 data bits 1 stop bit no parity no flow control The SNMP Network Manager cannot access the device Check that the device IP address subnet mask and default router are correctly configured and that the device has been reset Check that the device IP address is correctly recorded by the SNMP Network Manager refer to the user documentation for the Ne...

Page 227: ...m remains You should manually delete the routes if no VLAN IP address is capable of using them You forget your password and cannot log in If you are not an administrator another user having administrator access level can log in delete your user name and create a new user name for you with a new password Alternatively another user having administrator access level can log in and initialize the devi...

Page 228: ...ng the command config port port auto off if you are connecting it to devices that do not support auto negotiation Ensure that you are using multi mode fiber MMF when using a 1000BASE SX Mini GBIC 1000BASE SX does not work with single mode fiber SMF VLANs You cannot add a port to a VLAN If you attempt to add a port to the default VLAN and get an error message similar to Summit24e3 28 config vlan de...

Page 229: ...on and devices to which it is attempting to connect and then reboot the endstation The switch keeps aging out endstation entries in the switch Forwarding Database FDB Reduce the number of topology changes by disabling STP on those systems that do not use redundant paths Specify that the endstation entries are static or permanent Debug Tracing ExtremeWare includes a debug tracing facility for the s...

Page 230: ...and User Guide Troubleshooting support extremenetworks com You can also visit the support website at http www extremenetworks com extreme support techsupport asp to download software updates requires a service contract and documentation ...

Page 231: ... outside subnet 171 configuring proxy ARP 170 incapable device 170 proxy ARP between subnets 171 proxy ARP description of 170 responding to ARP requests 170 table displaying 172 autonegotiation 71 B backbone area OSPF 188 blackhole entries FDB 88 boot option commands table 223 BOOTP and UDP Forwarding 180 BOOTP relay configuring 179 BOOTP using 50 BootROM menu accessing 223 prompt 223 upgrading 22...

Page 232: ...ng a domain 127 enabling and disabling on a switch 128 polling timers configuring 125 ring port unconfiguring 128 show eaps display fields table 129 status information displaying 128 switch mode defining 125 ECMP See IP route sharing EDP commands table 77 description 76 electromagnetic compatibility 213 enabling a switch port 71 Equal Cost Multi Path ECMP routing See IP route sharing errors port 1...

Page 233: ...license keys 37 licensing Advanced Edge functionality 36 description 36 Edge functionality 36 license keys 37 ordering 37 verifying 36 line editing keys 41 link state database 186 link state protocol description 184 load sharing algorithms 73 configuring 74 description 73 load sharing group description 73 master port 74 verifying the configuration 75 local logging 152 log display 152 logging and T...

Page 234: ...scription 75 example 76 switch configuration commands table 76 power supply specifications 213 powering on the switch 28 power off specifications 213 primary image 217 private community SNMP 54 protocol analyzers use with port mirroring 76 proxy ARP communicating with devices outside subnet 171 conditions 170 configuring 170 MAC address in response 171 responding to requests 170 subnets 171 table ...

Page 235: ...ting table populating 168 routing See IP unicast routing S safety information 209 saving configuration changes 219 scheduling configuration download 222 secondary image 217 security licensing description 37 obtaining 37 serial port See console port sessions deleting 52 shortcuts command 40 Simple Network Management Protocol See SNMP size Summit24e3 switch 213 SNMP community strings 54 configuratio...

Page 236: ...n SNMP 54 system name SNMP 54 T TACACS and RADIUS 56 61 configuration commands table 61 description 60 servers specifying 61 tagging VLAN 82 technical support 229 Telnet connecting to another host 50 controlling access 52 disconnecting a session 52 logging 152 maximum sessions 50 opening a session 50 using 50 Terminal Access Controller Access Control System Plus See TACACS TFTP server 217 using 21...

Page 237: ...Summit24e3 Switch Installation and User Guide Index 237 types 80 UDP Forwarding 180 voice applications QoS 134 W web browsing applications and QoS 135 weight Summit24e3 switch 213 ...

Page 238: ...238 Index Summit24e3 Switch Installation and User Guide ...

Page 239: ...proxy 170 173 config iparp delete 173 config iparp delete proxy 173 config iparp timeout 173 config iproute add 174 config iproute add blackhole 174 config iproute add default 52 172 174 config iproute delete 174 config iproute delete blackhole 174 config iproute delete default 174 config iproute priority 172 174 config irdp 175 config log display 152 154 config mirroring add 76 config mirroring d...

Page 240: ...pd hellotime 163 config stpd maxage 164 config stpd port cost 164 config stpd port priority 164 config stpd priority 164 config syslog 153 154 config syslog delete 154 config sys recovery level 43 151 config tacacs 61 config tacacs shared secret 61 config tacacs accounting 61 config tacacs accounting shared secret 61 config time 43 config timezone 43 67 config udp profile add 181 config udp profil...

Page 241: ...196 disable rip poisonreverse 196 disable rip splithorizon 196 disable rip triggerupdates 196 disable rmon 156 disable sharing 72 75 disable snmp access 55 disable snmp traps 55 disable sntp client 70 disable ssh2 44 disable stpd 165 disable stpd port 165 disable syslog 154 disable tacacs 61 disable tacacs accounting 61 disable tacacs authorization 61 disable telnet 44 52 download bootrom 47 223 d...

Page 242: ...3 H history 42 44 L logout 52 N nslookup 47 P ping 47 48 Q quit 52 R reboot 218 224 restart ports 73 rtlookup 175 S save 52 219 224 show access list 96 100 show access mask 96 100 show access profile 110 show accounts 46 show banner 44 show configuration 224 show debug tracing 229 show diagnostics 147 show dlcs 145 show dns client 47 show eaps 124 128 show edp 77 show fdb 90 show fdb permanent 137...

Page 243: ...vlan 86 142 144 T telnet 47 50 traceroute 47 48 U unconfig eaps 124 unconfig eaps primary port 128 unconfig eaps secondary port 128 unconfig icmp 176 179 unconfig igmp 208 unconfig irdp 177 179 unconfig management 55 unconfig ospf 203 unconfig ports display string 73 unconfig ports monitor vlan 86 unconfig radius 58 unconfig radius accounting 58 unconfig rip 196 unconfig stpd 166 unconfig switch 4...

Page 244: ...244 Index of Commands Summit24e3 Switch Installation and User Guide ...

Reviews:

No comments

Related manuals for Summit Summit24

Brand: Aastra Pages: 12

Brand: Aastra Pages: 2

SmartSwitch 6500

Brand: Cabletron Systems Pages: 62

Brand: Eaton Pages: 40

Brand: SIMON RWA Pages: 3

Brand: CZHOON Pages: 4

Champion KD-2X1

Brand: Key Digital Pages: 12

Brand: LEGRAND Pages: 12

Brand: Optical Systems Design Pages: 20

Brand: WIKA Pages: 8

SwitchView SC8 DVI

Brand: Avocent Pages: 2

Brand: Intermatic Pages: 1

Brand: NETGEAR Pages: 8

Brand: Vega Pages: 28

AVS-OCT-6448-210

Brand: AMX Pages: 1

SET-2000 Oil/Sludge

Brand: Labkotec Pages: 15

Brand: Labgear Pages: 8

Brand: Thinklogical Pages: 17

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands