manualshive.com logo in svg

Foundry Networks NetIron M2404C, User Manual

The Foundry Networks NetIron M2404C is a high-performance switch with advanced features for networking applications. For detailed instructions on setting up and configuring your device, download the free User Manual from our website. Dive into the manual to maximize the potential of your network infrastructure.

Share
Download
background image

 

 

Foundry NetIron 

M2404C and M2404F 

Metro Access Switches 

User Guide 

Version 2.0.0

3

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

4980 Great America Parkway 

Santa Clara, CA 95054 

Tel 408.207.1700 

www.foundrynetworks.com

 

April 2008 

Summary of Contents for NetIron M2404C

Page 1: ...Foundry NetIron M2404C and M2404F Metro Access Switches User Guide Version 2 0 03 4980 Great America Parkway Santa Clara CA 95054 Tel 408 207 1700 www foundrynetworks com April 2008...

Page 2: ...ner The trademarks logos and service marks Marks displayed herein are the property of Foundry or other third parties You are not permitted to use these Marks without the prior written consent of Found...

Page 3: ...and intended audience of this User Guide It details the organization of the guide the subjects that will be covered and a brief summary of each chapter This chapter consists of the following sections...

Page 4: ...plete syntax for all the commands available in the currently supported software version and describes in detail all features and related commands supplied with the device This guide does not include i...

Page 5: ...er protocol for carrying authentication authorization and configuration information between a Network Access Server Switch Chapter 6 Configuring Interfaces describes the switching frames between segme...

Page 6: ...6 Configuring Hierarchical Quality of Service HQoS explains how to configure the HQoS feature Chapter 17 Configuring Access Control List ACL explains how to create ACLs traffic rate limit traffic redi...

Page 7: ...core networks and related features such as Virtual Private LAN Services intended for transparently connecting geographically dispersed corporate sites over MPLS networks Chapter 26 Configuring MPLS H...

Page 8: ...BASIC CLI OPERATING CONVENTIONS 4 SPECIAL KEYS 4 CLI COMMAND SYNTAX CONVENTIONS 5 CLI MODES 6 CLI MESSAGES 9 COMMAND HISTORY 9 USING NO FORMS OF COMMANDS 9 DYNAMIC COMPLETION OF THE ARGUMENTS 9 COMMA...

Page 9: ...ses a CLI Command Line Interface that enables the user to start using the device quickly and without extensive background knowledge It does this by prompting the user for the information required to p...

Page 10: ...d on the front panel 2 Configure the terminal to operate at o 9600 bps o 8 data bits o 1 stop bit o No parity o No flow control o 25 lines and 80 columns window size 3 Establish a session with the uni...

Page 11: ...een The user may abbreviate CLI commands down to the least number of leading characters that are not ambiguous in the available vocabulary For example the user may enter the letters sho for the show c...

Page 12: ...ry buffer Ctrl U Delete the line Ctrl W Erase the last word Ctrl Z Return to Enable mode Esc and then B Move back one word Esc and then D Forward kill word Esc and then F Move forward one word Esc Sto...

Page 13: ...g on the prompt level The current CLI mode determines the available commands Enter a question mark at the system prompt to obtain a list of commands available for each command mode View Mode User leve...

Page 14: ...before the pound symbol to indicate the present configuration mode The following example indicates that the CLI is in Protocol Configuration mode device name cfg protocol To access the Global Configu...

Page 15: ...ubnet DHCP Host DHCP server host specific configuration device name config dhcp host Key chain Key chain management device name config keychain Route map Route maps configuration device name config ro...

Page 16: ...ommands that the user has entered This feature is particularly useful for recalling long or complex commands or entries including access lists A memory buffer in the device retains the last 20 entered...

Page 17: ...Collisions 0 In OutPkts 65 127 0 Broadcast 0 In OutPkts 128 255 0 Multicast 0 In OutPkts 256 511 0 CRCAlignErrors 0 In OutPkts 512 1023 0 Undersize 0 In OutPkts 1024 MaxFrameSize 0 Oversize 0 TotalInP...

Page 18: ...nfig include interface Building the configuration interface 1 1 1 interface 1 1 2 interface 1 1 3 interface 1 1 4 interface 1 1 5 interface 1 1 6 General Commands Table 4 lists the commands the user c...

Page 19: ...ion Protocol GARP Generic Attribute Registration Protocol GMRP GARP Multicast Registration Protocol GVRP GARP VLAN Registration Protocol HQoS Hierarchical Quality of Service IRDP ICMP Router Discovery...

Page 20: ...LECTING AND USING A MANAGEMENT METHOD 5 DOWNLOADING AND UPLOADING THE APPLICATION SOFTWARE IMAGE AND CONFIGURATION FILES 7 IP UNICAST ROUTING DEFAULT CONFIGURATION 8 LOGIN AND PASSWORD 11 DEFAULT PASS...

Page 21: ...8 Foundry Networks Inc Page 2 of 35 Table of Figures Figure 1 Initial Switch Setup Illustration 3 Figure 2 Connect the workstation to the console port using a standard null modem 4 Figure 3 Web interf...

Page 22: ...Switch Setup configuration involves assigning network settings and a password to the device Completing the basic configuration will allow the user to access the device applications and manage the devi...

Page 23: ...ttings to which the user has connected the cable The settings should be set to match the default settings for the device which are 9600 bps 8 data bits 1 stop bit No parity No flow control 25 lines an...

Page 24: ...methods Command line interface management Web interface management SNMP management Command Line Interface Management The user can perform command line interface management via the local console port...

Page 25: ...kstation 3 Check that the user can communicate with the device by entering a ping command 4 If the user gets an error message verify that the IP information has been entered correctly 5 Configure the...

Page 26: ...P TFTP allows downloading the application software image files over the network from a TFTP server The user can configure the access point by using configuration files the user creates download from a...

Page 27: ...Testing Switch Core Passed Data Buffer Test Passed Power Supply Test Passed On board Power Test Passed Fan Test Passed Foundry Networks Switch model NetIron M2404C SW version 2 0 03b7 created Oct 19 2...

Page 28: ...s the IP address to the sw0 IP interface To manage the device by way of a Telnet connection or by using an SNMP Network Manager the user must first configure the switch IP parameters and the default g...

Page 29: ...nd or Outband interface to perform Telnet SNMP etc Creating an IP Interface The interface command in Global Configuration mode accesses the configuration mode of a specific IP interface and creates an...

Page 30: ...on Example 1 The following example displays the Loader current IP address Loader config ip address Loader IP address 10 2 111 111 subnet mask ffff0000 Example 2 The following example assigns a new IP...

Page 31: ...the password username Adds a username and an associated password to the local authentication database Default Passwords Table 5 shows the default passwords Table 5 Passwords Default Configuration Para...

Page 32: ...mode from View mode The no form of this command removes the password When a password is set by the enable password command a prompt for the password is issued in response to the enable command in Vie...

Page 33: ...owing command sets the password to loaderp device name config password loader loaderp loaderp Using the password loaderp User Access Verification Password loaderp Loader Caps Lock Notification The cap...

Page 34: ...password It is recommended to use a string up to 64 characters CONFIRM PASSWORD Retype the password for confirmation group Optional Sets a privilege user group administrators Assigns the user group Ad...

Page 35: ...the backdoor password To recover the device password the user should go through the following the steps 1 Contact the Technical Support Staff for the backdoor password 2 Provide the Media Access Contr...

Page 36: ...n a Telnet session Specify the IP address of the device the user wants to manage NOTE When the LAN is connected to the in band interface the user must configure an in band port IP address When the LAN...

Page 37: ...e mode initiates a Telnet client s connection to the specified remote host To see the open Telnet connections use the session command in Privileged Enable mode Use the log telnet console command in Gl...

Page 38: ...ypes are displayed Console Telnet SSH Command Syntax device name who device name who Example device name who Codes current session configuring vty on console connected on console vty on telnet 1 conne...

Page 39: ...ter session the VTY from which other sessions originate If the result is negative the command closes the specified session to the remote host If the session is terminated the user with the Telnet conn...

Page 40: ...mmand Description line vty Accesses VTY Virtual Telnet Type Configuration mode exec timeout Sets the VTY connection timeout value access class Filters Telnet and SSH connections to the switch Accessin...

Page 41: ...s class command in VTY Configuration mode filters Telnet and SSH connections to the device The no form of this command removes access restrictions If no access list name is specified in the no access...

Page 42: ...how to restrict Telnet connections to one IP address Figure 5 Telnet Server Example 1 Set the named access list to allow Telnet only for the management station 212 192 50 2 device name config access l...

Page 43: ...y Enables advanced mode VTY Table 10 shows the default VTY parameters Table 10 Default VTY Configuration Parameter Default Value Terminal length 25 lines The MOTD and login banners Not configured defa...

Page 44: ...ice name config hostname HOSTNAME device name config no hostname Argument Description HOSTNAME A character string that must follow the rules for ARPANET host names Names can be up to 30 characters lon...

Page 45: ...on banner motd default Sets the default MOTD message of the day string banner set Assigns the specified string to a single line MOTD message of the day banner set multiline Assigns the specified strin...

Page 46: ...CHANGE CONFIGURATION WITHOUT NOTICING THE SYSADMIN device name config end device name write Building the configuration Configuration is successfully written to NVRAM device name reload no save DO NOT...

Page 47: ...TD enter a multi line text terminated by the caret character in a separate line device name config banner set multiline Enter a multiline text Finish with string at the beginning of a row this is mult...

Page 48: ...y the existing configuration Table 12 lists the commands to save and delete the configuration on the switch Table 12 Saving and Deleting the Configuration Commands Command Description write erase Rese...

Page 49: ...how running config command in Privileged Enable mode display the device currently configured settings that differ from the factory default values The user can view the Running Configuration file start...

Page 50: ...nternet notify internet snmp server user public group public v1 snmp server user private group private v1 Displaying the Start up Configuration The show startup config command in Privileged Enable mod...

Page 51: ...nfiguration is maintained in a file that contains the saved configuration After the switch is rebooted only the factory defaults and the configuration in the start up configuration file will be restor...

Page 52: ...his is the default no save Optional Do not save the running configuration definitions to defaults Optional Reset the device to its factory default configuration and reboot it Example 1 Saving the curr...

Page 53: ...d in this document and lists their meaning Table 15 Acronyms Acronym Meaning ACL Access Control List MOTD Message of the day MPLS Multi Protocol Label Switching OSPF Open Shortest Path First version 2...

Page 54: ...ted by this feature RFC 854 Telnet Protocol Specification VTY Virtual Telnet Type Commands No standards are supported by this feature No MIBs are supported by this feature RFC 791 Internet Protocol DA...

Page 55: ...DISPLAYING THE MAC ADDRESS TABLE AGING TIME 13 ADDITIONAL MAC ADDRESS COMMANDS 15 DISABLING LEARNING OF NEW MAC ADDRESSES COMMANDS 15 MANAGING THE ARP TABLE 18 OVERVIEW 18 ARP COMMANDS 18 SCRIPT FILE...

Page 56: ...P SERVER SETTINGS 66 CONFIGURING NTP SERVER AUTHENTICATION 68 SYSTEM TIME AND DATE COMMANDS 70 CONFIGURATION EXAMPLE 75 DOMAIN NAME SYSTEM DNS RESOLVER 76 OVERVIEW 76 DNS RESOLVER DEFAULT CONFIGURATIO...

Page 57: ...ss Switches Switch Administration Rev 03 Table of Figures 2008 Foundry Networks Inc Page 3 of 87 Table of Figures Figure 1 The Time Service When Used Via TCP 65 Figure 2 The Time Service When Used Via...

Page 58: ...AC address priority and the port number associated with each address Adding Entries to the MAC Address Table Entries are added into the MAC address table in the following ways 1 The device can learn e...

Page 59: ...static flag in the show mac address table output Secure entries A secure entry is an entry that was originally learned dynamically or statically but has been made static using the Port VLAN Security...

Page 60: ...in use The aging time parameter defines how long the device retains unseen addresses in the table This parameter is applied to all VLANs If the value assigned to the aging time is too short addresses...

Page 61: ...static address has these characteristics It is manually entered in the address table and must be manually removed It must be an unicast address It does not age and is retained when the device is rest...

Page 62: ...02 03 04 interface 1 1 1 vlan 2496 Adding a Filtered Entry The mac address table filtered command in Global Configuration mode adds a filtered entry to the MAC address table Once the MAC address is ad...

Page 63: ...C addresses For more information see Configuring Multicast Layer 2 If no argument is specified the entire multicast MAC addresses will be deleted You can remove a specific multicast MAC address or rem...

Page 64: ...ng to the MAC address table as specified by the command arguments If the count argument is used the command will display the number of MAC addresses in the MAC address table Command Syntax device name...

Page 65: ...e secure MAC addresses static Optional Information is displayed only about the static MAC addresses self Optional Information is displayed only about the switch address and all specified VLANs on it c...

Page 66: ...vlan id device name config no mac address table learning display interface UU SS PP vlan vlan id Argument Description vlan VLAN LIST List of source VLAN IDs Use commas as separators and hyphens to in...

Page 67: ...vice name config no mac address table learning display vlan 1 9 device name config exit device name show mac address table VID Mac PORT STATUS PRIORITY 1 0001 00 12 f2 00 00 02 self 0 2 0010 00 12 f2...

Page 68: ...s the MAC address table aging time Setting the MAC Address Table Aging Time The mac address table aging time command in Global Configuration mode sets the MAC address table aging time The no form of t...

Page 69: ...th source MAC address that is a multicast or broadcast address Table 6 MAC Based DoS Attack Prevention Command Command Description mac address table prevent dos attack Enables DoS attack prevention En...

Page 70: ...the following features will not function correctly Port limit Port Security dot1x port control DHCP Snoop Command Syntax device name config learning new address enable disable Argument Description ena...

Page 71: ...tion Rev 03 Managing the MAC Address Table 2008 Foundry Networks Inc Page 17 of 87 Command Syntax device name config if UU SS PP port learning new address enable disable Argument Description enable En...

Page 72: ...se will be kept in the ARP table Table 8 lists the commands for Managing the ARP Table Table 8 ARP Table Commands Command Description ip arp Adds a static ARP entry clear ip arp Removes the dynamic an...

Page 73: ...VLAN number is set all ARP packets received with VLAN numbers different from the configured value are discarded If the VLAN number is not set the VLAN information is obtained via the ARP protocol NOTE...

Page 74: ...e ARP overwriting data timer to its default value The ARP table is updated at periodic time intervals ARP updates are not accepted within each interval For example if the timer is set to 9 seconds ARP...

Page 75: ...script files from the file system Rename script files Run script files View the contents of script files You can show a list of the files stored in the file system and the user can clean the entire fi...

Page 76: ...he textual contents of the specified script file show script file system Displays the names and lengths of all script files stored in the file system dir Displays the names and lengths of all script f...

Page 77: ...e startup configuration to be stored on the device By default the file will be saved under the name startup_config cfg Command Syntax device name config script file system copy startup config FILE NAM...

Page 78: ...he destination file Examples The following command copies a file from a TFTP server to the local Usr directory device name config script file system copy tftp 10 0 0 60 test usr test1 The following co...

Page 79: ...mmand Syntax device name config script file system display FILE NAME Argument Description FILE NAME The name of the script file in the script file system Example device name config script file system...

Page 80: ...ion the name of the file can be optionally changed This command is equivalent to the mv command in all modes Command Syntax device name config script file system move source path source device path fi...

Page 81: ...file to be renamed is stored Can only be flash the local flash system device path Optional The device and the path to the file to be renamed The path should end with the name of the file file name Th...

Page 82: ...Configuration mode sets file attributes Command Syntax device name config script file system attrib FILE NAME Argument Description FILE NAME The name of the file which attributes must be set in the sc...

Page 83: ...will be executed and for setting different Loader parameters The file system provides options for downloading deleting and copying files stored in flash memory An option for downloading several images...

Page 84: ...eter ls List files in flash move Moves the specified file to the specified destination del Deletes the specified file from the file system format Formats FS File System on flash memory removing all th...

Page 85: ...in Loader or Privileged Enable mode deletes the directory specified by path and name Command Syntax Loader rmdir PATH device name rmdir PATH Argument Description PATH The path ending with the directo...

Page 86: ...ptional The name assigned to the destination file Examples The following command copies a file from a TFTP server to the local Usr directory device name copy tftp 10 0 0 60 test usr test1 The followin...

Page 87: ...tem device path Optional The device and the path to the file to be displayed The path should end with the name of the file file name The name of the file dump HEX format START Optional Start offset NO...

Page 88: ...file name Optional The name assigned to the destination file Deleting a File The del command in Loader or Privileged Enable mode deletes the specified file from the file system The device prompts the...

Page 89: ...using TFTP Server Command Syntax Loader copy application tftp A B C D FILE NAME DST FILENAME device name copy application tftp A B C D FILE NAME DST FILENAME no validation Argument Description A B C D...

Page 90: ...y on the TFTP server Ensure that the permissions on the file are set correctly Permissions on the file should be at least read for the specific username A power outage or other problem during the down...

Page 91: ...Loader del boot v2 0 Z 4 3 Copy the desired file into Flash Example Loader copy application tftp 10 3 71 187 v2 0 02 Z TFTP receiving file 5300324 Image Size 0x50E036 CRC Value 0xD66707AE NOTE The swi...

Page 92: ...ice It comes preinstalled from the factory As new versions of the image are released the user should upgrade the user s system software The image is upgraded by using a download procedure from a TFTP...

Page 93: ...ion 1 2 3 created Jul 6 2006 15 49 17 Java version Java image not loaded Loader version 1 0 1 created May 1 2006 08 39 46 Up time 0 days 18 hours 31 min 9 sec Displaying the Device Uptime The show upt...

Page 94: ...figuration make sure that there are no conflicts between the two configuration files Ensure that the permissions in the file are set correctly The user should always have permission to read the specif...

Page 95: ...Privileged Enable mode NOTE The switch remains operational while uploading configuration files Commands for Downloading and Uploading Configuration Files Table 15 lists the commands to download and u...

Page 96: ...ice server IP path file name startup config Argument Description device Optional The device from which the file is to be copied It can be provided either as a TFTP server the format used should be tft...

Page 97: ...tftp 192 192 54 1 START002 Saving the Switch Configuration The copy running config startup config command in Privileged Enable mode copies the running configuration to the startup configuration This i...

Page 98: ...running configuration to the specified file on the remote server at the specified IP address The user can upload the current configuration to a TFTP server on the network The uploaded file retains th...

Page 99: ...to the NVRAM to defaults resets the device to its factory default configuration and reboots it If no keyword is provided the command is equivalent the reload save command When the user uses the reload...

Page 100: ...loader Command Line Interface CLI The loader then passes to interactive mode requests a login password and starts a CLI session If no key is pressed the device initiates the auto startup application I...

Page 101: ...software version to the switch by using TFTP Server Starting the Application Software The start application command in Loader mode terminates the loader and starts the execution of the application Co...

Page 102: ...he software running on the TFTP server Example The following command downloads the new software version file named VERxxx located on the TFTP server at IP address 192 192 54 1 Loader copy application...

Page 103: ...ample Loader manufacturing details Serial number as100808 Assembly No 123 HW revision 456 The Loader Configuration Commands Table 20 lists the Loader configuration commands Table 20 Loader Configurati...

Page 104: ...ask If no argument is specified the current IP address and subnet mask will be displayed Command Syntax Loader config ip address A B C D M A1 B1 C1 D1 A2 B2 C2 D2 Argument Description A B C D M Option...

Page 105: ...p Configuration File The clean startup configuration all command in Loader Configuration mode sets the startup configuration file to the factory default values Command Syntax Loader config clean start...

Page 106: ...a backup copy of the EEPROM memory contents will be made flash Specifies that a backup copy of the FLASH memory contents will be made A B C D Specifies the IP address of the TFTP server where the back...

Page 107: ...application to be either local FS File System or FTP server boot param application Sets the name of the application file file name only without path boot param ftp server Sets the IP of the FTP serve...

Page 108: ...oot param ftp server command in Loader Configuration mode sets the IP address of the FTP server Command Syntax Loader config boot param ftp server A B C D Argument Description A B C D The IP address o...

Page 109: ...al Sets the default name of the startup configuration binary Optional Sets the binary startup configuration Displaying the Boot Parameters Configuration The boot param command in Loader and Loader Con...

Page 110: ...of memory that is specified by block length from the specified source address to the specified destination address Command Syntax Loader memory copy src addr dst addr blk len Argument Description src...

Page 111: ...or decimal block length use 0x prefix for hexadecimal number value Hexadecimal byte value to fill optionally prefixed with 0x Printing Command List The list command in Loader mode prints the command l...

Page 112: ...l bytes in files 6 203 Kb of lost chains 0 total bytes in lost chains 0 Formatting Flash Memory The format command in Loader Configuration mode formats the file system and removes all contents includi...

Page 113: ...f 87 argument If an application file with the specified target name exists it will be overwritten Loader config exit Loader copy application tftp 10 4 0 4 M2404Cv2 0 bin TFTP receiving file 3385202 3...

Page 114: ...problems in gaining access using the passwords please contact the Technical Support department Table 24 Password Commands Command Description password Changes the device login password enable passwor...

Page 115: ...word to Access Privileged Enable Mode The enable password command in Global Configuration mode sets a password to access Privileged Enable mode from View mode The no form of this command removes the p...

Page 116: ...e sensitive String of up to 20 characters CONFIRM PASSWORD Type the password again for confirmation Example The following command sets the password to loaderp device name config password loader loader...

Page 117: ...etro Access Switches Switch Administration Rev 03 Protecting Access to Switch 2008 Foundry Networks Inc Page 63 of 87 Warning The password typed is all in uppercase characters Please check if your Cap...

Page 118: ...ion tree enables a user to choose the accuracy needed by selecting a level stratum within the tree for machine placement A time server placed higher in the tree lower stratum number provides a higher...

Page 119: ...ow the time service works when used via UDP The server listens for a datagram on port 37 When a datagram arrives the server returns a datagram containing the time value If the server is unable to dete...

Page 120: ...corrected with the local DST time offset The DST is followed by the U S standards The user can have the device advance the clock one hour at 2 00 a m on the first Sunday in April and move back the clo...

Page 121: ...the NTP servers in a sequential order in the order that they were inserted via the CLI Command Syntax device name config time server ntp add A B C D Argument Description A B C D Specifies the IP addr...

Page 122: ...valent to 31 days zone Shift of local hour relative to GMT positive East negative West of Greenwich The range is 12 to 12 Displaying the NTP Servers The time server ntp show command in Global Configur...

Page 123: ...ption key id The key number in the range 1 65535 KEY A string of 1 to 20 non blank characters Some special characters such as question marks are not allowed The string is case sensitive A B C D Option...

Page 124: ...g messages Table 29 lists the commands that set and display the system time and date Table 29 Time and Date Commands Command Description date Sets the system time and date show date Displays the curre...

Page 125: ...e Command Syntax device name show date device name show clock detail Argument Description detail Optional If detail is specified the command also displays the type of the currently used synchronizatio...

Page 126: ...me swap NOTE The old style of this command wherein the IP address argument precedes the daytime protocol is supported for backward compatibility However Foundry Networks strongly recommends using only...

Page 127: ...a Recurrent Summer Time DST Period The time server summer time recurring command in Global Configuration mode sets the System clock to an annually recurring summer time DST period The no form of the c...

Page 128: ...e server summer time recurring 2 mon apr 01 00 00 2 tue oct 01 00 00 60 Setting a One time Summer Time DST Period The time server summer time date command in Global Configuration mode adjusts the Syst...

Page 129: ...e config time server summer time date 1 May 2004 2 0 0 3 Dec 2004 2 0 0 60 Configuration Example The following example demonstrates how the device uses an NTP server 1 Add the NTP server located in IP...

Page 130: ...tute the host name for the IP address with the ping and traceroute commands in Privileged Enable mode The application software supports a cache mechanism for names that are already resolved If a resol...

Page 131: ...dary addresses Because IP address 201 98 7 15 is the last address listed it is also the last address consulted to resolve a query device name config ip dns server 209 157 22 199 device name config ip...

Page 132: ...amed access list that controls the inbound and or outbound data traffic according to criteria specified in the command arguments The no form of this command removes the specified access list The named...

Page 133: ...s access from any source The access list named host1 permits host 10 0 0 26 that meet an exact match device name config access list accept_all permit any device name config access list host1 permit 10...

Page 134: ...and STP BPDUs will reach the CPU even when the CPU is loaded with heavy traffic Overview The Rate Limit Mechanism To break the correlation between the management device the CPU the remaining switchin...

Page 135: ...r the entire switch 1500 PPS Rate limit to the CPU for the entire switch 1500 PPS Low packet rate threshold 200 PPS High packet rate threshold 5000 PPS Packet Rate Threshold Commands Table 35 lists th...

Page 136: ...U Packet Threshold The show packets_threshold command in Privileged Enable mode displays the current CPU packet rate threshold levels Table 36 describes the parameters displayed by the show packets_th...

Page 137: ...y Networks Inc Page 83 of 87 Related Commands Table 37 shows the CPU related commands 111Table 37 CPU Related Commands Command Description Described in add cpu port Includes the CPU as a member of the...

Page 138: ...ach control plane packet according to protocol Table 38 Control Plane Priority per Protocol Protocol Control Packets Priority xSTP BPDU 7 GVRP BPDU 7 LACP LACPDU 7 SAToP UDP 0 7 MEF8 Ethernet 0 7 MEF...

Page 139: ...lists their meanings Table 39 Acronyms Acronym Meaning ARP Address Resolution Protocol CLI Command Line Interface DLC Data Link Control DNS Domain Name System DoS Denial of Service DST Daylight Savin...

Page 140: ...CPU Resource Control Supported Standards MIBs and RFCs Features Standards MIBs RFCs Managing the MAC Address Table No Standards are supported by this feature Standard MIB 8021Q_d6 mib No RFCs are supp...

Page 141: ...eature No MIBs are supported by this feature No RFCs are supported by this feature Files System No standards are supported by this feature No MIBs are supported by this feature No RFCs are supported b...

Page 142: ...ND PRIVILEGE GROUPS 6 TACACS AUTHENTICATION AND PRIVILEGE GROUPS 7 USER PRIVILEGES CONFIGURATION 9 USER PRIVILEGE LEVELS DEFAULT CONFIGURATION 9 CONFIGURING AND DISPLAYING USER PRIVILEGES 9 CONFIGURAT...

Page 143: ...BASED AUTHENTICATION 45 OVERVIEW 45 MODE OF OPERATION 46 802 1X CONFIGURATION FLOW 49 802 1X DEFAULT CONFIGURATION 50 CONFIGURING AND DISPLAYING 802 1X 51 802 1X GLOBAL CONFIGURATION COMMANDS 51 802...

Page 144: ...Security Alert Message Issued by the SSH Client 14 Figure 2 SSH Configuration Flow 15 Figure 3 RADIUS Communication Example 20 Figure 4 The Authentication Steps 21 Figure 5 The Accounting Steps 22 Fig...

Page 145: ...oofing and IP source routing RADIUS Remote Authentication Dial In User Service RADIUS is an AAA Authentication Authorization and Accounting client server protocol and software that secures networks ag...

Page 146: ...o commands The device then verifies with the TACACS server if the user is authorized to issue commands at the specified privilege level It is also possible to explicitly specify the permissible comman...

Page 147: ...vilege Table 1 shows the five default CLI privilege levels Table 1 Default Command Privilege Levels Privilege Description Administrators 0 Full read write privilege without restriction for Layer 2 and...

Page 148: ...dictionary foundry contain will contain text that is similar to the following text VENDOR Foundry Networks ATTRIBUTE FOUNDRY privilege group 1 integer FOUNDRY VALUE FOUNDRY privilege group Administra...

Page 149: ...eartext ivo123 service exec priv lvl 3 user root priv level 15 converted internally by the switch to 0 privilege group Administrators user root login cleartext rtpsw service exec priv lvl 15 TACACS au...

Page 150: ...cifies the default login authentication method show privilege Displays the privilege level that is assigned to the current user Creating a New User with a Privilege Level The username command in Globa...

Page 151: ...vilege for Layer 2 and Layer 3 guests Assigns the user group Guests privilege with read only privilege in non privileged node Setting the Login Authentication The aaa authentication login default comm...

Page 152: ...ce name show privilege device name show privilege Example device name show privilege Current user privilege is Technician Configuration Examples Setting RADIUS as the Primary Authentication 1 Set the...

Page 153: ...ce name config tacacs server key TacacsPlus 2 Add a local user with username of ivo and password ivo123 device name config username ivo password ivo123 ivo123 group users 3 Add a local user with usern...

Page 154: ...nutes Additionally the implementation limits the number of failed authentication attempts a client may perform in a single session the recommended limit is 3 attempts If the threshold is exceeded the...

Page 155: ...warning that the security and secrecy of the data on the computer may be jeopardized If in a later login the same message appears even though the user has confirmed the trust on the initial connectio...

Page 156: ...70 SSH Configuration Flow The following flow chart shows the process of configuring the SSH parameters Figure 2 SSH Configuration Flow Start Start the SSH server End Set database to RADIUS Set usernam...

Page 157: ...ublic Parameters for the DSS Algorithm 5 Start the SSH See Starting the SSH Server Table 5 lists the commands for managing the SSH Server Table 5 SSH Commands Command Description ssh generate key dsa...

Page 158: ...ializes and starts the application software SSH server Only after executing this command can the user logs into the device securely Use the who command in View or Privileged Enable mode to display the...

Page 159: ...erate key dsa DSA parameters will be stored only after writing configuration in memory 4 Write configuration to the memory device name write memory 5 Start the SSH Server device name config ssh start...

Page 160: ...Authentication Features Rev 03 SSH Configuration 2008 Foundry Networks Inc Page 19 of 70 DSA parameters will be stored only after writing configuration in memory 5 Write configuration to the memory de...

Page 161: ...uration information necessary for the client to provide service to the user A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of authentication servers A typical RADIUS...

Page 162: ...t also provides information about the type of session that the user wants to initiate The RADIUS server reacts to the Access Request by searching the username in a database If the username is not foun...

Page 163: ...es the RADIUS accounting procedure Figure 5 The Accounting Steps 1 The access server sends an Accounting Request Start packet A Start packet is sent after the user is authenticated 2 The RADIUS server...

Page 164: ...Remote Authentication Dial in User Service RADIUS 2008 Foundry Networks Inc Page 23 of 70 NOTE RADIUS Accounting server must be configured to log accounting messages Radius Accounting is used to moni...

Page 165: ...s Configure RADIUS accounting server timers settings see RADIUS Accounting Timers Setting Is RADIUS authentication required Start Define the remote RADIUS authentication server Configure NAS for authe...

Page 166: ...n running on the RADIUS server See Setting the Authentication and Encryption Key If the user is using the local database add usernames and passwords to the local database To configure the RADIUS serve...

Page 167: ...uthentication and one for remote authentication RADIUS Configuration Commands Table 7 lists the RADIUS configuration commands Table 7 RADIUS Configuration Commands Command Description radius server ho...

Page 168: ...G The shared secret text string used as a password between the device and the RADIUS server Example device name config radius server key qwerty981 Setting the Login Authentication The aaa authenticati...

Page 169: ...the source IP address Command Syntax device name config radius client source ip A B C D device name config no radius client source ip Argument Description A B C D Optional The RADIUS client source IP...

Page 170: ...no form of this command restores the default value of 3 seconds Command Syntax device name config radius server timeout seconds device name config no radius server timeout Argument Description second...

Page 171: ...Accounting Server The radius acc server host command in Global Configuration mode specifies the IP address of the remote RADIUS accounting server host and optionally assigns a UDP authentication port...

Page 172: ...RADIUS accounting timers Table 10 RADIUS Accounting Timers Configuration Commands Command Description radius acc server retransmit Specifies the number of times the device transmits each RADIUS accou...

Page 173: ...ument Description seconds Number of seconds between retransmissions in the range 1 60 Example device name config radius acc server timeout 30 Setting the RADIUS Accounting Server Dead Time The radius...

Page 174: ...mple 1 device name show radius client source ip No RADIUS client source IP Example 2 device name show radius client source ip RADIUS client source IP address is 10 2 2 2 Configuration Example Figure 7...

Page 175: ...minal device name config radius server host 10 2 42 137 device name config radius server key foundry device name config radius acc server host 9 0 0 31 device name config radius acc server key foundry...

Page 176: ...me richy the result will be REJECT Username richy Pay the bill first Password Username If the user tries to access the device using username user password looser the result will be ACCEPT Username use...

Page 177: ...Overview The following terms are used in TACACS implementation Authentication Authentication is the action of determining who a user or entity is Authorization Authorization is the action of determin...

Page 178: ...the server receives all the information it needs to authenticate the user Besides a username and password the server may also request other identifying items that are supposedly known only to the use...

Page 179: ...ameters Start Yes No End Configure TACACS server Set the encryption key used between the switch and the TACACS daemon Specify the default login authentication method Configure TACACS authentication se...

Page 180: ...CACS Secret Key 3 If the user is using the local database add usernames and passwords to the local database For more information see Switch Setup and Maintenance 4 Specify the default login authentica...

Page 181: ...ption key for encrypting and decrypting all traffic between the NAS and the TACACS server The no form of the command disables the shared secret key The user must configure the same key on the TACACS s...

Page 182: ...TACACS client The no form of the command sets the source IP address for TACACS client to its default value By default the IP stack chooses the source IP address Command Syntax device name config taca...

Page 183: ...user If absent each user must have service exec statement in order to be granted authorization for shell login request user ivo login cleartext ivo service exec priv lvl 3 device name show privilege...

Page 184: ...tacacs server key TacacsPlus 2 Add a local user with username of ivo and password ivo123 device name config username ivo password ivo123 ivo123 group users 3 Add a local user with username of root and...

Page 185: ...minal Access Controller Access Control System Plus TACACS 2008 Foundry Networks Inc Page 44 of 70 Username richy Password Username If the user tries to access the device using local username root and...

Page 186: ...s performed through EAPOL packets 802 1x consists of three components for port control Supplicant Authentication Server and Authenticator Supplicant A supplicant is the user host or client that wants...

Page 187: ...via the authenticator and passes the response to the authentication server If the host provides a proper ID the authentication server responds with a success message which is then passed onto the sup...

Page 188: ...le 15 802 1x Traffic Modes Mode Description Bi directional traffic control Unauthorized hosts on locked ports have neither incoming nor outgoing traffic This is the default traffic mode Unidirectional...

Page 189: ...to access the network by the supplicant s MAC address If the host is successfully authenticated receives an Accept frame from the authentication server the port state changes to authorized and all fra...

Page 190: ...t With enabled authentication and valid information from the RADIUS server a port that has been successfully authenticated is placed in the specified VLAN and removed from other VLANs in which it has...

Page 191: ...Default Value Maximum number of requests 2 Re authentication Disabled Re authentication period 3600 seconds Quiet timer period 60 seconds Period for communication timeouts 30 seconds Start Configure...

Page 192: ...the adapters and with the appropriate ID information This varies depending on the 802 1x host software The RADIUS server must be configured with the IP address of any device that requests information...

Page 193: ...est dot1x unicast client compatibility Sets a mode that allows dot1x to work with supplicants but without sending EAPOL packets to 802 1x group MAC addresses dot1x default Sets the global dot1x config...

Page 194: ...st re authentication can be set globally or for supplicants connected to individual ports By default the re authentication is disabled Command Syntax device name config dot1x re authenticate UU SS PP...

Page 195: ...authentication period in seconds in the range 1 86400 Example device name config dot1x timeout re authperiod 4200 Setting a Period of Time for the Quiet Timer The dot1x timeout quiet period command in...

Page 196: ...ig dot1x timeout tx period time device name config no dot1x timeout tx period Argument Description time The period for communication timeouts is a value in the range 1 65535 Example device name config...

Page 197: ...er NOTE If the user applies the dot1x accounting enable command without the period argument after an interim update period has been set the periodic Interim Update messages for authenticated clients a...

Page 198: ...disabled per port 802 1x will not function correctly device name config if UU SS PP dot1x port control auto Warning Dot1x port control may not work correctly since learning is disabled on the port Co...

Page 199: ...iple Hosts Per MAC Authorization on this port max hosts Optional Specifies the maximum number of hosts for this port number Optional The maximum number of hosts allowed for this port If no value is sp...

Page 200: ...2 1x information related to dynamic VLAN members show dot1x radius accounting Displays statistics information for the RADIUS accounting servers Displaying 802 1x Authentication Information The show do...

Page 201: ...all RADIUS servers that are configured Command Syntax device name show dot1x radius statistic Argument Description statistic Optional Displays statistic information for the configured RADIUS servers...

Page 202: ...ized Hosts 1 UnAuthorized Hosts 0 MAC Vlan State RadID Session time ReAuth 00 12 F2 31 80 6D 2 Authenticated 1 00 28 12 00 00 01 Example 2 device name show dot1x interface 1 1 5 statistic Total OUT EA...

Page 203: ...g Information for All Dot1x Enabled Interfaces The show dot1x accounting command in Privileged Enable mode displays the accounting information for all dot1x enabled interfaces When the interface param...

Page 204: ...2 Displaying Information for the RADIUS Accounting Servers The show dot1x radius accounting command in Privileged Enable mode displays information for the RADIUS Accounting servers If the optional st...

Page 205: ...ets debugging debug dot1x radius Debugs RADIUS events debug dot1x reauthsm Debugs re authentication debug dot1x core Debugs 802 1x core process show debug dot1x Displays the status of the 802 1x debug...

Page 206: ...ult the debug is disabled Command Syntax device name debug dot1x basm event status timers device name no debug dot1x basm event status timers Argument Description event Debug backend state machine eve...

Page 207: ...les the re authentication debugging The no form of this command turns off the re authentication debugging The dot1x debug commands will not be saved after reload By default the debug is disabled Comma...

Page 208: ...packet send packet receive events PBA EAPOL debugging is on packet send packet receive Configuration Example Set the RADIUS server and specify the IP address key username password and AAA authenticati...

Page 209: ...eaning AAA Authentication Authorization and Accounting CLI Command Line Interface DSA Digital Signature Algorithm DSS Digital Signature Standard EAP Extensible Authentication Protocol EAPOL EAP encaps...

Page 210: ...e Shell Server SSH draft ietf secsh architecture 07 draft ietf secsh transport 09 draft ietf secsh connect 09 draft ietf secsh userauth 09 FIPS 186 Digital Signature Standard FIPS 180 1 Secure Hash Al...

Page 211: ...Foundry Networks Inc Page 70 of 70 802 1x Port Based Authentication IEEE 802 1x Standard for Local and metropolitan area networks Port Based Network Access Control No MIBs are supported by this featur...

Page 212: ...STICS 18 CONFIGURING AND DISPLAYING DEVICE MANAGEMENT PORTS 19 CONFIGURING AND DISPLAYING LAYER 3 INTERFACES 22 LINK AGGREGATION GROUPS LAG 25 OVERVIEW 26 THE LINK AGGREGATION CONTROL PROTOCOL LACP 26...

Page 213: ...Table of Figures Figure 1 Crossover and Straight Through Connections 13 Figure 2 Four Ports Combined into a Link Aggregation Group 25 Figure 3 Example of LAG Containing Two Ports 38 Figure 4 Example o...

Page 214: ...rkstation or server or to a hub through which workstations or servers connect to the network When stations on different ports need to communicate the device forwards frames from one port to the other...

Page 215: ...the Fast and Giga Ethernet Ports configuration commands Table 2 Fast and Giga Ethernet Configuration Commands Command Description interface Enables configuration of a specific physical interface inter...

Page 216: ...ode from Interface 1 1 1 Configuration mode to Interface 1 1 2 Configuration mode Command Syntax device name config interface UU SS PP device name config if UU SS PP device name config if UU1 SS1 PP1...

Page 217: ...shutdown command in Interface Configuration mode disables the interface to receive forward and learn The no form of this command enables the interface The shutdown command disables all functions on t...

Page 218: ...e performance either leave autonegotiation enabled on both the remote and local ports or set the same duplex mode for both of them Command Syntax device name config if UU SS PP speed auto 10 100 1000...

Page 219: ...led NOTE Backpressure is available only when the port transmits or receives in half duplex mode Command Syntax device name config if UU SS PP backpressure enable disable Argument Description enable En...

Page 220: ...pter Configuring VLANs By default the PVID is VLAN 1 NOTE The user can also change the default VLAN of an interface by using the add ports default command in Specific VLAN Configuration mode Command S...

Page 221: ...ured interface The no form of the command disables the multicast rate limit This feature allows the user to protect the device against massive reception of multicast packets that can interrupt the pro...

Page 222: ...fig if UU SS PP unknown limit limit unlimited device name config if UU SS PP no unknown limit Argument Description limit The unknown packets limit is in thousand packets per second The valid range is...

Page 223: ...pe to MDI MDIX or enables automatic detection of transmit receive twisted pairs of the Ethernet cable The no form of this command sets the crossover detection to automatic mode MDI MDIX is a type of E...

Page 224: ...sover Argument Description auto Sets automatic crossover detection on the port mdi Sets the port to MDI Medium Dependent Interface mdix Sets the port to MDIX MDI crossover Displaying Interface Setting...

Page 225: ...per VLAN Port No Learning new address Enabled Max Packet Size MRU 1528 Displaying the Interface Statistics The show interface statistics command in Privileged Enable mode displays the interface statis...

Page 226: ...For oversized packets when they exceed the allocated buffer size only buffer size bytes are counted and all the rest of the bytes are not Collisions This counter is incremented once for every received...

Page 227: ...to one If the link to the port is connected for the first time during run time the counter is initialized to one TotalInPkts This counter is incremented once for every received packet This includes r...

Page 228: ...received packets in the last five seconds before the command was executed Last1minInBps This counter shows the rate in bits per second of the received packets in the last one minute before the command...

Page 229: ...when any of the following events occurs 1 Undersized frames less than 64 bytes for untagged frames or less than 68 bytes for tagged frames which are correctly aligned and well formed without Frame Ch...

Page 230: ...s Command Syntax device name config if UU SS PP reset all Argument Description all Optional Clears the statistics of all the ports Clearing All Ports Statistics The clear interface statistics command...

Page 231: ...rms Ping to the device TFTP download or upload Outgoing Syslog messages By default management of the device is accessible on all ports NOTE The user can also disable management on a VLAN by the no man...

Page 232: ...Access Switches Configuring Interfaces Rev 03 Fast Ethernet and Giga Ethernet Port 2008 Foundry Networks Inc Page 21 of 57 Command Syntax device name show port management Example device name show port...

Page 233: ...nd management and cannot be used to pass data NOTE It is strongly recommended to use regular IP interfaces instead of OutBand interfaces when debugging and management traffic is expected For more info...

Page 234: ...G SIMPLEX MULTICAST inet 10 2 50 155 16 broadcast 10 2 255 255 Ethernet address is 00 12 f2 0f 30 8a 239538 packets received 15206 packets sent 3617 multicast packets received 56 multicast packets sen...

Page 235: ...interface packets received Number of packets received on the IP interface packets sent Number of packets sent from the IP interface multicast packets sent Number of multicast packets sent from the IP...

Page 236: ...imit by aggregating multiple Giga ports see Figure 2 for example Figure 2 Four Ports Combined into a Link Aggregation Group The Link Aggregation Control Protocol LACP ensures smooth and steady traffic...

Page 237: ...rate levels between the standard data rates of 10 Mbps 100 Mbps and 1000 Mbps as well as rates beyond 1000 Mbps if required Increased availability If a link within a LAG fails or is replaced the traf...

Page 238: ...port ability to aggregate with other ports is determined by the following factors o The port physical characteristics such as data transfer rate duplex capability medium type etc o User defined config...

Page 239: ...the LACP detects any compatible connected pairs of LACP enabled ports The role of the LACP exchange is to detect that a local LACP port is connected to another LACP port and to share between these two...

Page 240: ...ACP system may decide either to exclude an affected port from current LAG or move it to another LAG If a port that is included in a dynamic LAG is disconnected the LACP immediately excludes this port...

Page 241: ...G group See Setting a Name for a Static LAG Table 10 lists the static LAG configuration commands Table 10 Static LAG Configuration Commands Command Description link aggregation static id Adds the conf...

Page 242: ...ion static id id number name NAME device name config no link aggregation static id id number name Argument Description id number Link aggregation ID number in the range 1 31 NAME Link aggregation user...

Page 243: ...e name cfg protocol link aggregation lacp enable disable Argument Description enable Enables LACP disable Disables LACP Specifying the System Priority The link aggregation lacp system priority command...

Page 244: ...eceives such frames from the remote device When an interface is set to LACP active mode it will send LACP frames as required by the LACP By default the LACP port is active with priority is 32768 Comma...

Page 245: ...Access Control Groups ACG for more information see Configuring Access Control Lists ACLs Transparent LAN Services TLS for more information see Configuring Transparent LAN Services TLS Table 12 The LA...

Page 246: ...LAG Range Interface Configuration mode for configuring several LAGs Link Aggregation Groups The command changes the device configuration mode into LAG Range Interface Configuration mode In the LAG Ran...

Page 247: ...tatic and dynamic link aggregation groups NOTE The show link aggregation command replaces the show trunk command The show trunk command is also supported Command Syntax device name show interface link...

Page 248: ...nfiguration mode sets the LAG packet distribution between the ports The no form of the commands restores to the default settings The packet distribution can be according to Source and destination MAC...

Page 249: ...en two devices as shown in Figure 3 Figure 3 Example of LAG Containing Two Ports On each of the two devices LACP is enabled in active mode on interfaces 1 1 1 and 1 1 4 as an aggregated link The confi...

Page 250: ...name config if 1 1 4 link aggregation lacp device name config if 1 1 4 end 6 Display the LACP configuration device name show link aggregation lacp System ID 00 12 f2 03 04 05 System priority 32768 Po...

Page 251: ...enable Switch1 cfg protocol end 2 Display the LACP configuration Switch1 show link aggregation lacp System ID 00 12 f2 03 04 05 System priority 32768 No LAC ports configured 3 Enable LACP on interfac...

Page 252: ...protocol Switch2 cfg protocol link aggregation lacp enable Switch2 cfg protocol end 2 Display the LACP configuration Switch2 show link aggregation lacp System ID 00 12 f2 05 3a 80 System priority 327...

Page 253: ...m priority 32768 No LAC ports configured 3 Enable LACP on interfaces 1 1 9 and 1 1 12 Switch3 configure terminal Switch3 config interface 1 1 9 Switch3 config if 1 1 9 link aggregation lacp Switch3 co...

Page 254: ...d Spanning Tree algorithm to prevent the two LAGs from forming a loop For more information on the Rapid Spanning Tree algorithm see Configuring Rapid Spanning Tree Protocol RSTP The configuration of S...

Page 255: ...ch1 show interface link aggregation static Agg Type Management Name Ports AG01 static TRUNK1 1 1 1 1 1 4 AG03 static TRUNK3 1 1 9 1 1 12 2 Displaying the RSTP parameter settings and Rapid Spanning Tre...

Page 256: ...8021w Priority 32768 TimeSinceTopologyChange 4 Sec TopChanges 1 DesignatedRoot 32768 00 12 F2 11 02 A3 RootPort AG01 RootCost 10 MaxAge 20 Sec HelloTime 2 Sec ForwardDelay 15 Sec BridgeMaxAge 20 Sec B...

Page 257: ...disabled and the standby port is enabled If the main link becomes operational the user can then re enable the main port and disable the standby port again Switchover time to the backup link is less th...

Page 258: ...nk Configuration mode When using shut down mode between 2 switches the user should configure shutdown mode only on one side When adding a new port to an existing resilient link the VLAN of the resilie...

Page 259: ...ng Resilient Link feature with H VPLS Resilient Link Configuration Default Configuration Table 15 shows the default Resilient Link configuration Table 15 Resilient Link Default Configuration Parameter...

Page 260: ...s of the specified resilient link The no form of the command removes the specified resilient link from the list of defined resilient links When applied in a specified Resilient Link Configuration mode...

Page 261: ...rt is said to be preferred if it is always the main port as long as it has the link Traffic will be switched back to the main port as soon as its connection is recovered The preferred port can be esta...

Page 262: ...ween two switches Command Syntax device name config resil link N backup link shut down device name config resil link N no backup link shut down Resilient Links Display Commands Table 17 lists the Resi...

Page 263: ...information on resilient link 3 device name config resil link 1 show 3 RLink Port1 Port2 Prefer Backup Active 3 1 1 3 1 1 4 standby Example 3 Displaying information on the configured resilient links i...

Page 264: ...Example 1 Displaying the swap count on all currently configured resilient links device name config resil link 1 show counter RLink Swap count 1 7 3 0 5 3 Example 2 Displaying the swap count on resili...

Page 265: ...Resilient link Configuration mode device name config resilient link 2 2 Set ports 1 1 1 and 1 1 9 as Resilient Links device name config resil link 2 ports 1 1 1 1 1 9 3 Set the port 1 1 9 to be prefer...

Page 266: ...ndry Networks Inc Page 55 of 57 Acronyms The following provides a list of acronyms that are used in this document and lists their meaning Table 18 Acronyms Acronym Meaning LACP Link Aggregation Contro...

Page 267: ...or Network Management of TCP IP based internets MIB II qwerinterface table and onfigL2IfaceTable RMON MIB Private MIB foundry_switch mib RFC 2863 The Interfaces Group MIB configL2IfaceTable and interf...

Page 268: ...figuring Interfaces Rev 03 Supported Platforms 2008 Foundry Networks Inc Page 57 of 57 Features Standards MIBs RFCs Network Wide Resilience No standards are supported by this feature Private MIB found...

Page 269: ...THE VLAN PARAMETERS 16 DISPLAYING THE VLAN CONFIGURATION 20 CONFIGURING AND DISPLAYING MANAGEMENT VLANS 20 CONFIGURATION EXAMPLES 22 PORT SECURITY 35 OVERVIEW 35 LIMITING THE NUMBER OF MAC ADDRESSES 3...

Page 270: ...9 Figure 6 VLAN Configuration Example 23 Figure 7 Management VLAN Configuration Example 32 Figure 8 Switching Decisions without the Super VLAN Agent 47 Figure 9 Switching Decisions with the Super VLA...

Page 271: ...n Area Network MAN and the Wide Area Network WAN The application software TLS changes the EtherType field in the 802 1Q tag of the customer traffic in the device at the edge of the service provider ne...

Page 272: ...is not required in VLANs Security Devices within a VLAN can communicate directly only with devices in the same VLAN Communication between devices in different VLANs must pass through a routing device...

Page 273: ...d or untagged member By default all ports are members of VLAN 1 referred to as default VLAN and are untagged members of this VLAN A VLAN may be tagged on some ports and untagged on others As traffic f...

Page 274: ...e of tagged VLANs Several computers are connected to some switches that are connected to Switch 4 If the direct communication between the users needs to be denied each user can be put on a different V...

Page 275: ...a given port provides the VID for untagged and priority tagged frames received through that port The PVID value may be configured by the default vlan command in Interface Configuration mode or by the...

Page 276: ...its egress port The transmitting hardware queue determines the bandwidth management and priority characteristics used when transmitting packets NOTE The device does not change the VLAN Priority Tag V...

Page 277: ...gure 5 VLAN Configuration Flow VLAN Default Configuration The following tables shows the VLAN default configuration Table 1 VLAN Default Configuration Start Yes No End Remove CPU from VLAN Disable Mul...

Page 278: ...g the Default Port VLAN 6 Add ports as tagged members to the VLAN See Adding Ports to a VLAN 7 For routing configuration attach an IP interface to the VLAN See Attaching an IP Interface to a VLAN 8 Re...

Page 279: ...fig vlan config NAME1 device name config vlan NAME1 device name config vlan NAME1 config NAME2 device name config vlan NAME2 Argument Description NAME1 NAME2 Represent the names of existing VLANs Exam...

Page 280: ...g vlan Dynamic_ vid Argument Description vlan id Specifies the VLAN ID number in the range 2 4093 Example Configuring the dynamic GVRP VLAN 2 device name config vlan config dynamic 2 device name confi...

Page 281: ...device name config vlan create accounting 2 Removing a VLAN by the VLAN Name The delete command in VLAN Configuration mode deletes the VLAN specified by its VLAN name The VLAN named default VLAN ID 1...

Page 282: ...ge vlan id1 vlan id2 PORT LIST tagged PORT LIST untagged remove cpu port device name config vlan create range vlan id1 vlan id2 PORT LIST untagged PORT LIST tagged remove cpu port Argument Description...

Page 283: ...a sequence of VLANs in the specified tag number range The VLANs in the specified range do to not have to contain the same configuration Command Syntax device name config vlan delete range vlan id1 vl...

Page 284: ...N tagging in the Ethernet packet in ingress and egress Tagged ports look for a VLAN tag that is assigned in ingress packets In egress packets the VLAN is assigned to the packet according to the config...

Page 285: ...an be applied in any Specific or Global VLAN Configuration mode device name config vlan xxx add ports 1 1 2 1 1 5 untagged device name config vlan xxx add ports 1 1 8 1 1 9 1 1 12 tagged device name c...

Page 286: ...ame config vlan VLAN NAME add ports default PORT LIST Argument Description PORT LIST One or more port numbers specified by the following options UU SS PP a single port specified by unit slot and port...

Page 287: ...The rif command in Specific VLAN Configuration mode attaches an IP interface to the VLAN The no form of the command detaches the IP interface from the VLAN By using the rif command the user binds the...

Page 288: ...onfiguration and Specific VLAN Configuration modes and the show vlan command in Privileged Enable mode displays information regarding the static VLANs defined in the system Command Syntax device name...

Page 289: ...GVRP Before applying the management command verify that the following conditions are met The user must be able to move the network management station to a device port assigned to the same VLAN as the...

Page 290: ...management VLAN This means that ARP packets will be transmitted only on the defined management VLAN if all the VLANs are defined as management VLANs the ARP packets the device transmits will be dupli...

Page 291: ...100 Switch1 config vlan user_100 add ports 1 1 1 untagged Switch1 config vlan user_100 add ports default 1 1 1 Switch1 config vlan user_100 add ports 1 1 9 tagged Switch1 config vlan user_100 exit 3 C...

Page 292: ...dd ports 1 1 9 tagged 7 Display the configured VLANs Switch1 config vlan user_102 show Name VTag Rout If Tagged ports Untagged ports default 1 sw0 1 1 1 1 1 28 user_100 100 1 1 9 1 1 1 user_101 101 1...

Page 293: ...ort 1 1 9 as tagged connected to Switch 4 Switch2 config vlan config user_201 Switch2 config vlan user_201 add ports 1 1 2 untagged Switch2 config vlan user_201 add ports default 1 1 2 Switch2 config...

Page 294: ...t 1 1 1 as untagged connected to a user to VLAN user_300 and add VLAN user_300 as PVID to port 1 1 1 Add port 1 1 9 as tagged connected to Switch 4 Switch3 config vlan config user_300 Switch3 config v...

Page 295: ...302 add ports 1 1 9 tagged Switch3 config vlan user_302 exit 7 Display the configured VLANs Switch3 config vlan user_302 show Name VTag Rout If Tagged ports Untagged ports default 1 sw0 1 1 1 1 1 28 u...

Page 296: ...er_102 with VLAN ID 102 Switch4 config vlan create user_102 102 6 Add ports 1 1 1 1 1 9 as tagged 1 1 1 is connected to the users on Switch 1 and 1 1 9 is connected to the router to VLAN user_102 Swit...

Page 297: ...6 Add ports 1 1 3 1 1 9 as tagged 1 1 3 is connected to the users on Switch 3 and 1 1 9 is connected to the router to VLAN user_301 Switch4 config vlan config user_301 Switch4 config vlan user_301 add...

Page 298: ...02 add ports 1 1 2 1 1 9 tagged vlan create user_300 300 config user_300 add ports 1 1 3 1 1 9 tagged vlan create user_301 301 config user_301 add ports 1 1 3 1 1 9 tagged vlan create user_302 302 con...

Page 299: ...config vlan Research exit 5 Create the VLAN Production with VLAN ID 200 device name config vlan create Production 200 6 Add ports 1 1 6 1 1 8 as untagged to VLAN Production and attach the subnet sw2 t...

Page 300: ...tagged ports sw0 010 002 200 204 16 1 1 1 1 1 1 28 sw2 021 010 003 006 16 200 1 1 6 1 1 8 sw4 010 003 002 001 24 100 1 1 2 1 1 5 device name show running config interface sw2 ip address 21 10 3 6 16 i...

Page 301: ...me config vlan config v100 device name config vlan v100 add ports 1 1 3 untagged device name config vlan v100 add ports default 1 1 3 device name config vlan v100 add ports 1 1 9 tagged device name co...

Page 302: ...s 1 1 2 1 1 3 1 1 9 1 1 10 1 1 11 device name config vlan default end 12 Display the management VLANs device name show vlan management Management VLANs 2 management filter tx arp disabled 13 Display t...

Page 303: ...this port VLAN are permitted to access the port Overview If the port security option is activated on a port only secure MAC addresses that are configured to this port VLAN are permitted to access thi...

Page 304: ...dress is deleted from the MAC address table manually or after the aging time period a new dynamic entry will be learned with a new MAC address or one of the previously learned filtered MAC addresses P...

Page 305: ...ort and VLAN only packets with MAC addresses specified as secure for this port and VLAN are permitted to access the port NOTE When a packet with a secure source MAC address matches more than one port...

Page 306: ...cure port 1 1 11 for VLAN 5 with a maximum of five secure addresses device name config interface 1 1 11 device name config if 1 1 11 port security max mac count 5 vlan 5 Opening a Shut Down Port The p...

Page 307: ...a port This is because once one of the above features is enabled the first packet s received from any source will only be used for learning purposes until the respective MAC address is learned on the...

Page 308: ...by the port security command The command without the argument will display the port security configuration for all the available ports on the device Command Syntax device name show port security UU SS...

Page 309: ...traffic with tag 5 on port 1 1 1 only 5 addresses will be learned and the port will be disabled device name show port security port vid action max addr secure addr filtered addr status 1 1 1 5 shutdow...

Page 310: ...ted whenever a packet arrives on any VLAN Example 1 device name show port limit port num vlan max mac count current mac count 1 1 11 20 15 0 Example 2 device name show port limit 1 1 11 VLAN 20 The po...

Page 311: ...three The system is allowed to learn up to three MAC addresses and to send SNMP traps on in the event of over learning 1 Configure the SNMP trap host to receive traps device name configure terminal de...

Page 312: ...security violation 1 Configure port 1 1 4 as secured learning maximum 5 secure addresses and shutting down in case of security violation device name configure terminal device name config interface 1...

Page 313: ...onfig if 1 1 3 port security action shutdown device name config if 1 1 3 interface 1 1 4 device name config if 1 1 4 port security max mac count 5 device name config if 1 1 4 port security action trap...

Page 314: ...g VLANs Rev 03 Port Security 2008 Foundry Networks Inc Page 46 of 73 device name config if 1 1 3 end device name show port security port vid action max addr secure addr filtered addr status 1 1 3 all...

Page 315: ...nfrastructure but in separate virtual broadcast domains are addressed from the same IPv4 subnet and share a common default gateway IP address Super VLAN enhances RFC 3069 by allowing several Super VLA...

Page 316: ...eature described in the Configuring Access Control List chapter Consider the network in Figure 10 The users that are connected to Router 2 cannot communicate directly with each other only with the ser...

Page 317: ...g The Super VLAN blocks all the traffic types unicast broadcast and multicast between the sub VLANs Use the super vlan command in Interface Configuration mode to set the Super VLAN Super VLAN for Ring...

Page 318: ...LAN translation VLAN translation provides traffic to the user VLAN from more than one uplink port or trunk at the same time guaranteeing that communication between users remains impossible For example...

Page 319: ...ion Table 10 Super VLAN Default Configuration Parameter Default Value Super VLAN Disabled Super VLAN ring mode Disabled VLAN Translation Disabled Residential user Disabled Start Enable and configure M...

Page 320: ...or Link Aggregation interface The no form of this command removes the Super VLAN from the interface Command Syntax device name config if UU1 SS1 PP1 super vlan UU2 SS2 PP2 agNN1 device name config if...

Page 321: ...2 represents the LAG ID number For detailed information see chapter Configuring Link Aggregation Groups LAG vlan vlan id Optional Specifies the VLAN ID number in the range 2 4093 When configured only...

Page 322: ...d to specify if a port participating in the user VLAN will be included in the VLAN translation process There may be ports in this VLAN that should be restricted from taking part in the translation so...

Page 323: ...residential user map command in Global Configuration mode sets the VLAN translation from TLS User VLAN external VLAN to the transport VLAN The no form of the command removes the VLAN mapping The trans...

Page 324: ...if 1 1 1 interface 1 1 2 device name config if 1 1 2 super vlan 1 1 9 3 Enable Super VLAN on interface 1 1 3 with the uplink 1 1 9 device name config if 1 1 2 interface 1 1 3 device name config if 1...

Page 325: ...plink Configuration In the following example Figure 14 two users are connected to one uplink LAG Link Aggregation Group port Figure 14 Super VLAN Configuration with LAG Uplink Configuring Switch 1 1 C...

Page 326: ...and 1 1 2 with uplink ag07 device name config if 1 1 8 interface 1 1 1 device name config if 1 1 1 super vlan ag07 device name config if 1 1 1 interface 1 1 2 device name config if 1 1 2 super vlan a...

Page 327: ...Switch1 config if 1 1 1 super vlan 1 1 10 Switch1 config if 1 1 1 interface 1 1 2 Switch1 config if 1 1 2 super vlan 1 1 10 4 Display the Super VLAN configuration Switch1 show super vlan User Interfa...

Page 328: ...configure terminal Switch4 config protocol Switch4 cfg protocol mstp enable Switch4 cfg protocol mstp fast ring enable Switch4 cfg protocol exit 2 Configure Super VLAN on the user interface 1 1 14 Swi...

Page 329: ...and 1 1 8 must be added to VLAN 10 user VLAN as tagged Ports 1 1 1 and 1 1 2 must be added to VLAN 100 transport VLAN Switches D1 and D2 will be configured as the D3 switch The Residential port is con...

Page 330: ...access group 100 option SwitchD3 config if 1 1 8 acg 100 redirect vlan 100 span root track SwitchD3 config if 1 1 8 acg 100 apply SwitchD3 config if 1 1 8 residential user enable SwitchD3 config if 1...

Page 331: ...ements the VLAN configuration information that is read from the PDUs NOTE The device advertises its static VLANs only if there are ports that are members of these VLANs The device advertises its stati...

Page 332: ...e duration of the Leave Period timer for the GARP applications in milliseconds The timer controls the period of time that the registrar state machine will wait in the LV Leave state before entering th...

Page 333: ...ore details on resource allocation of Access Lists please refer to the Configuring Access Control Lists ACLs chapter GVRP Configuration Commands Table 15 lists the GVRP configuration commands Table 15...

Page 334: ...join timer value leave join 3 The value for the leaveall timer must be greater than the value for the leave timer If the user attempts to set a timer value that does not adhere to these rules an erro...

Page 335: ...for each GARP timer NOTE Set the same GARP timer values on all Layer 2 connected devices If the GARP timers are set differently on Layer 2 connected devices the GARP applications for example GMRP and...

Page 336: ...nfiguration mode device name configure terminal device name config protocol 2 Enable GVRP on the switch Note that when GVRP is enabled only 64 VLANs are supported device name cfg protocol gvrp enable...

Page 337: ...e GVRP on the switch device name cfg protocol gvrp enable Only the first 64 vlans will be saved proceed y n y device name cfg protocol end 3 Display the dynamic VLANs after they are learned by GVRP wh...

Page 338: ...e name config vlan gvrp_vlan add ports default 1 1 1 1 1 2 device name config vlan gvrp_vlan exit device name config vlan config default device name config vlan default remove ports 1 1 1 1 1 2 device...

Page 339: ...timer join 200 GARP join timer value is set to 200 milliseconds device name cfg protocol end 5 Display the GARP timers configuration device name show garp timer Timer Value milliseconds Join 200 Leave...

Page 340: ...their meaning Table 17 Acronyms Acronym Meaning ACL Access Control List GARP Generic Attribute Registration Protocol GVRP GARP VLAN Registration Protocol LAG Link Aggregation Group LAN Local Area Netw...

Page 341: ...003 IEEE 802 1P IEEE 802 1u 2001 IEEE 802 1Q No RFCs are supported by this feature Port Security No standards are supported by this feature No MIBs are supported by this feature No RFCs are supported...

Page 342: ...ture is configured on switches All relevant commands can be found in the document The chapter consists of the following sections TABLE OF FIGURES 2 TRANSPARENT LAN SERVICES TLS 3 OVERVIEW 4 PREREQUISI...

Page 343: ...ge 2 of 16 Table of Figures Figure 1 IP Packet Frame Format 3 Figure 2 IP Packet Frame Format with the Additional TLS Tag Header 4 Figure 3 TLS Implementation 4 Figure 4 Protocol Tunneling Network Con...

Page 344: ...h act like Ethernet tunnels to separate groups of users the engineering department from the corporate marketing department for example Each VLAN supports a population of users with something in common...

Page 345: ...vider network where the PE switch removes the encapsulation and delivers the unmodified frame to the destination CE switch see Figure 3 Figure 3 TLS Implementation The 802 1Q VLAN ID tag VID in the us...

Page 346: ...The tunneling of IEEE control packets provides a scalable approach to PDU tunneling by encapsulating the PDUs in the ingress edge switches and then multicasting them both done in hardware These encap...

Page 347: ...TLS core port is a tagged member in this VLAN and the TLS access port is an untagged member in this VLAN TLS Configuration Flow Figure 5 displays the process to configure TLS parameters Figure 5 TLS C...

Page 348: ...Provider Network PN side as a core uplink port See Setting the Interface as a TLS Core Uplink Port 5 Set the port on the Customer Edge CE side as an access port See Setting the Interface as a TLS Acce...

Page 349: ...erarchical Virtual Private LAN Services H VPLS chapter for details on this operation Setting the TLS EtherType Value The tls ethertype command in Global Configuration mode sets the EtherType value By...

Page 350: ...U SS PP no tls uplink device name config if AGNN tls uplink device name config if AGNN no tls uplink Example device name config interface ag02 device name config if AG02 tls uplink Setting the Interfa...

Page 351: ...y the tls user command in Interface Configuration mode and core uplink ports set by the tls uplink command in Interface Configuration mode are properly set 3 The MSTP protocol is enabled for more info...

Page 352: ...k Displaying the Configured TLS Tunneling The show tls tunneled ieee pdu command in Privileged Enable mode displays the configured TLS tunneling Command Syntax device name show tls tunneled ieee pdu E...

Page 353: ...e 1 1 3 device name config if 1 1 3 tls user device name config if 1 1 3 exit 5 Add the TLS core uplink port as a tagged member to VLAN 10 Also add access user port as an untagged member to that VLAN...

Page 354: ...4 untagged device name config vlan vlantls add ports default 1 1 4 device name config vlan vlantls exit device name config vlan exit 3 Set the TLS core uplink ports device name config interface 1 1 1...

Page 355: ...iguration 1 Enable TLS device name configure terminal device name config tls enable 2 Create the TLS VLAN device name config vlan create vlantls 10 device name config vlan config vlantls device name c...

Page 356: ...ovides a list of acronyms that are used in this document and lists their meaning Table 4 Acronyms Acronym Meaning ACL Access Control List LAN Local Area Network MAC Media Access Control MAN Metropolit...

Page 357: ...ks Inc Page 16 of 16 Supported Platforms Feature NetIron M2404F NetIron M2404C Transparent LAN Services TLS Supported Standards MIBs and RFCs Feature Standards MIBs RFCs Transparent LAN Services TLS N...

Page 358: ...d and contains the related configuration commands This chapter consists of the following sections TABLE OF FIGURES 2 ETHERNET SERVICES 3 OVERVIEW 3 ETHERNET SERVICES CONFIGURATION FLOW 4 CONFIGURING E...

Page 359: ...Switches Configuring Ethernet Services Rev 03 Table of Figures 2008 Foundry Networks Inc Page 2 of 19 Table of Figures Figure 1 Ethernet Services 4 Figure 2 Ethernet Services Configuration Flow 5 Fig...

Page 360: ...e no mapping is done between the service delimiting customer VLAN tag and the new provider VLAN tag In contrast to traditional TLS the Ethernet Services feature allows such mapping to be established o...

Page 361: ...t Services Learning MAC addresses on PEs is done on a per Service VLAN and per customer VLAN basis Within the PE devices double MAC learning takes place and for this reason packets are switched both i...

Page 362: ...e show Displays information about the service being configured show tls services Displays all services that have been configured on the device so far encapsulate qinq Defines the type of encapsulation...

Page 363: ...is command deletes the service with the specified name and removes all Service Distribution Points and Service Access Points that have been added to this service Command Syntax device name config tls...

Page 364: ...on Command Syntax device name config tls SEVICE NAME sap UU SS PP c vlans VLAN LIST 1 4093 untagged device name config tls SERVICE NAME no sap UU SS PP c vlans VLAN LIST 1 4093 untagged Argument Descr...

Page 365: ...SAPs will also be switched Example device name config tls TEST1 sap 1 1 1 c vlan wildcard 0x5 0xfff0 defines a SAP comprising port 1 1 1 and VLANs with tag 2 15 Creating an SDP based on a Port and VLA...

Page 366: ...ustomer traffic is to be classified and translated into service traffic and vice versa Table 2 lists the MAC address learning configuration commands Table 2 MAC Address Learning Configuration Commands...

Page 367: ...ode removes an existing entry from the MAC address table on a per service and per SAP or per SDP basis Command Syntax device name config clear mac address table static dynamic secure filtered address...

Page 368: ...ll be displayed for the specified service SDP port Configuring Watermark Table 3 lists the Watermark configuration commands Table 3 Watermark Configuration Command Command Description security max mac...

Page 369: ...o prevent exceeding the maximum MAC count The no form of this command removes a watermark previously specified Command Syntax device name config tls SERVICE NAME security watermark 1 4096 trap log dev...

Page 370: ...n oam bridge tls Creates a specific MEF OAM per VPN domain Creating the MEF OAM TLS Domain The oam bridge tls command in Global Configuration mode creates a specific MEF OAM per VPN domain The no form...

Page 371: ...1 1 1 9 1 1 25 R2 config vlan default exit R2 config vlan create tlsvlan 100 R2 config vlan config tlsvlan R2 config vlan tlsvlan add ports default 1 1 1 1 1 9 1 1 25 R2 config vlan tlsvlan add ports...

Page 372: ...onfigure terminal sw2 config vlan sw2 config vlan config default sw2 config vlan default remove ports 1 1 1 1 1 2 1 1 8 sw2 config vlan default exit sw2 config vlan create v4 4 sw2 config vlan config...

Page 373: ...e terminal R2 config tls TEST1 2 Configure Service Distribution Points and Service Access Points on R2 device R2 config tls TEST1 encapsulate qinq R2 config tls TEST1 sdp 1 1 25 s vlan 12 R2 config tl...

Page 374: ...lans 3 4 sap 1 1 9 c vlans 3 4 Service State Up 6 Display all services that have been configured on the R1 device so far R1 show tls services Idx Service Name S VLAN L Vlan Encapsulation State Secured...

Page 375: ...Table 5 provides a list of acronyms that are used in this document and lists their meaning Table 5 Acronyms Acronym Meaning LAN Local Area Network MEF OAM Metro Ethernet Forum MEF Operations Administr...

Page 376: ...008 Foundry Networks Inc Page 19 of 19 Supported Platforms Feature NetIron M2404F NetIron M2404C Ethernet Services Supported Standards MIBs and RFCs Feature Standards MIBs RFCs Ethernet Services No St...

Page 377: ...r explains how SNMP works and describes how to set it up on the network The chapter consists of the following sections TABLE OF FIGURES 2 SIMPLE NETWORK MANAGEMENT PROTOCOL 3 OVERVIEW 3 SNMP DEFAULT C...

Page 378: ...SNMP Agent and Manager Communication 3 Figure 2 Trap Sent to SNMP Manager Successfully 5 Figure 3 Inform Request Sent to SNMP Manager Successfully 5 Figure 4 Trap Unsuccessfully Sent to SNMP Manager...

Page 379: ...which is entirely and independently represented within a single UDP datagram A message consists of a version identifier an SNMP community name and a Protocol Data Unit PDU PDUs are the packets that ar...

Page 380: ...ngine ID is a 5 to 32 byte long administratively unique identifier of a participant in SNMP communication within a single management domain The SNMP Manager and SNMP Agent must be configured by an adm...

Page 381: ...n the other hand if the user is concerned about traffic on the network or memory in the router and the user does not need to receive every notification use traps Figure 2 through Figure 5 illustrate t...

Page 382: ...however the notification reaches the SNMP Manager Figure 5 Inform Request Successfully Resent to SNMP Manager The Discovery Mechanism In order to protect the user network against message reply delay a...

Page 383: ...dress of the recipient To reduce a configuration complexity the Application Software Agent implements an auto discovery procedure for obtaining the snmpEngineIDs of different Inform recipients When an...

Page 384: ...y trap messages that are available in SNMPv1 Whereas traps do not provide the agent with an indication that the message was received the inform request requires the manager to confirm reception and is...

Page 385: ...nt on behalf of an authorized user The user name is included in the SNMPv3 PDUs similar to SNMPv1 v2c community string When the agent receives a request from a user it checks its VACM database to dete...

Page 386: ...the Agent Engine ID 2 Enable the SNMP agent See Enabling the SNMP Server 3 Create views See Defining SNMPv3 Views 4 Create groups See Defining SNMP Groups 5 Create the users See Defining an SNMP User...

Page 387: ...ting two hexadecimal digits The user should enter an even number of hexadecimal digits otherwise the parser would pad the last byte with zeros in the byte four most significant bits As a result an ext...

Page 388: ...PDUs and cannot send traps Command Syntax device name config snmp server enable udp port device name config no snmp server enable Argument Description udp port Optional The number of the UDP port on...

Page 389: ...ng OID wildcard Example 1 The following commands create the view MyView and add two rules to it The first rule enables access to all Object IDs under the MIB 2 tree all object identifiers that start w...

Page 390: ...t for this group by associating views to this group The no form of the command deletes the SNMP group data If the user specifies only the group name all groups with that name will be removed regardles...

Page 391: ...rs that is the name of the view in which the user enters data and configure the contents of the agent s MIB notify NOTIFY VIEW A string not to exceed 32 characters that is the name of the view which s...

Page 392: ...config snmp server user USER NAME group GROUP NAME v3 priv ENCRYPTION_PASSWORD auth md5 sha AUTHENTICATION_PASSWORD remote ENGINE ID device name config no snmp server user USER NAME group GROUP NAME...

Page 393: ...ess list rule The access list rules contain a permit or deny action and a source IP address To define the named access list use the snmp server access list and access list commands in Global Configura...

Page 394: ...on perform the following steps 1 Enable the SNMP agent if it is disabled See Enabling the SNMP Server 2 Create views groups and users that include the notification variables with notify access right S...

Page 395: ...ication packets Defining SNMP Notification The snmp server notify command in Global Configuration mode defines the notification and specifies the type trap inform The no form of this command disables...

Page 396: ...n see Troubleshooting and Monitoring resilientLinkStatusChange This trap indicates that the resilient link status was changed identified by the resilientLinkIndex linkUp This trap indicates that the S...

Page 397: ...rises above its pre programmed threshold For more information see Configuring Remote Monitoring RMON fallingAlarm This trap indicates RMON alarm which is generated when a value falls below its pre pr...

Page 398: ...information see Switch Administration imageCrcCheckFailed This trap indicates that the software image CRC check failed portRedundantLinkChange This trap indicates that the status of a redundant link h...

Page 399: ...elected by the Multiple Spanning Tree algorithm For more information see Configuring Multiple Spanning Tree Protocol MSTP mstpTopologyChange This trap indicates that the topology change is detected by...

Page 400: ...n provides information about the security parameters of the packet containing the SET request The snmpSetExecuted notification will be sent directly by the SNMP agent Note The generation of the snmpSe...

Page 401: ...InfoTable batmSvcDeleted This trap is sent when an existing row is deleted from the svcBaseInfoTable batmSvcStatusChanged This trap is generated when there is a change in the administrative or operati...

Page 402: ...log notify command the general snmp server log notify command without the specific tag name will not enable these notifications In this case the user has to explicitly enable these notifications For e...

Page 403: ...cation target parameter The no form of this command removes the notification target parameter The SNMP server target parameter sets the trap security parameters and specifies the user that sends the t...

Page 404: ...on target address The no form of this command deletes the notification target address Command Syntax device name config snmp server target addr NAME A B C D udp port PAR NAME TAG1 TAG2 TAGN device nam...

Page 405: ...2 snmp snmpEnableAuthTraps Command Syntax device name config snmp server authentication failure trap device name config no snmp server authentication failure trap Defining a Notification Target Profi...

Page 406: ...ault value By default the number of retries is 3 times Command Syntax device name config snmp server inform retry number device name config no snmp server inform retry Argument Description number The...

Page 407: ...source notify IFNAME device name config no snmp server source notify Argument Description IFNAME Name of a loopback IP interface in the form loN where N is an integer in the range 1 9 If the selected...

Page 408: ...domain name If the name is unknown the value is a zero length string Command Syntax device name config snmp server system name LINE TEXT device name config no snmp server system name Argument Descrip...

Page 409: ...local SNMP engine of the agent to which they are associated Shows all the users defined for the SNMP agent show snmp server view Displays all configured views for the SNMP agent show snmp server targ...

Page 410: ...snmpEngineTime 2394 Remote snmpEngineID 80000523010A000001 snmpEngineBoots 273 snmpEngineTime 978 IP address 10 0 0 1 Displaying the SNMP Groups The show snmp server group command in Privileged Enabl...

Page 411: ...d with the unmatched OIDs Command Syntax device name show snmp server view VIEW NAME Argument Description VIEWNAME Optional The name of the view The view name is limited to 32 characters Example The f...

Page 412: ...ROFILE Displaying the Notification Target Profiles The show snmp server target profiles command in Privileged Enable mode displays the notification target profiles Command Syntax device name show snmp...

Page 413: ...nd snmp server log sent notify commands are present in the SNMP running configuration the device will display the following output device name show snmp server log notify 1993 01 01 04 07 13 10 0 0 33...

Page 414: ...out to be sent to 10 0 0 1 Retries left 9 elapsed 0 timeout 2 Status SENDING_PROBE Inform ID 4 about to be sent to 10 0 0 1 Retries left 9 elapsed 0 timeout 2 Status SENDING_PROBE Inform ID 3 about to...

Page 415: ...device name config snmp server view viewAll 1 3 included 3 Create a group with read only access to the view device name config snmp server group groupAllReadOnly v1 read viewAll write none notify non...

Page 416: ...coldstart notification device name config snmp server notify coldstart tag1 8 Add to tag1 the linkdown notification device name config snmp server notify linkDown tag1 9 Add to tag1 the linkup notific...

Page 417: ...one 6 Display the created groups and access rights that were assigned above device name show snmp server group group name public_grp security model v1 read view MyView write view MyView notify view no...

Page 418: ...rminal device name config snmp server enable 2 Configure the engine ID of the Agent device name config snmp server engineID 1234567890 3 Create snmp view starting from the 1 3 6 object ID in the MIB t...

Page 419: ...target address with name trapPC and IP address 192 168 0 30 Specify the default UDP port 162 the parameter name parTrap and a tag tagRmonTrap device name config snmp server target addr trapPC 192 168...

Page 420: ...linkDown tag NotifyTag2 coldStart and warmStart tag NotifyTag3 device name config snmp server notify linkUp NotifyTag1 device name config snmp server notify linkDown NotifyTag2 device name config snm...

Page 421: ...ication sent interface 1 1 1 1993 01 01 00 02 26 linkUp notification sent interface 1 1 1 1993 01 01 00 04 11 linkDown notification sent interface 1 1 1 10 Include all notification tags in the notify...

Page 422: ...48 Acronyms Table 8 provides a list of acronyms that are used in this document and lists their meaning Table 8 Acronyms Acronym Meaning MIB Management Information Base PDU Protocol Data Unit SNMP Sim...

Page 423: ...ature RFC 1157 SNMPv1 The Simple Network Management Protocol A full Internet Standard RFC 1213 Management Information Base for Network Management of TCP IP based internets MIB II RFC 2579 Textual Conv...

Page 424: ...Networks Inc Page 48 of 48 Feature Standards MIBs RFCs RFC 3416 Version 2 of the Protocol Operations for the Simple Network Management Protocol SNMP RFC 3417 Transport Mappings for the Simple Network...

Page 425: ...lines are presented The chapter consists of the following sections TABLE OF FIGURES 2 SPANNING TREE PROTOCOL STP 3 OVERVIEW 3 STP CONFIGURATION FLOW 16 STP DEFAULT CONFIGURATION 17 CONFIGURING AND DIS...

Page 426: ...r 5 Figure 3 Example for Calculating the Diameter 9 Figure 4 Spanning Tree Port States 10 Figure 5 STP and Redundant Connectivity 12 Figure 6 Topology Change Example 13 Figure 7 Topology Change Exampl...

Page 427: ...MAC addresses associated to bridge interfaces or in the case of a device a port number STP defines a tree with a root device and a loop free path from the root to all devices in the Layer 2 network ST...

Page 428: ...ridge is the logical center of the STP topology in a switched network All paths that are not needed for reaching the root bridge from anywhere in the switched network are placed in STP blocking mode P...

Page 429: ...tains the length of time since the BPDU was first originated by the root bridge The root bridge will send all of its BPDUs with a message age value of zero and all subsequent switches will add one to...

Page 430: ...the increment that each bridge adds to the message age before forwarding a BPDU Lost message lost_msg the number of BPDUs that may get lost as a BPDU moves from one end to the other end of the bridge...

Page 431: ...d below and to leave them at the recommended IEEE value lost_msg 3 transit_delay 1 BPDU_delay 1 Msg_overestimate 1 Tx_halt_delay 1 med_access_delay 0 5 maximum_transmission_halt_delay 1 These values m...

Page 432: ...cond Lowering the hello time to one second is the easiest and surest way to decrease the STP parameters However the user needs to keep in mind that lowering the hello time from two seconds to one seco...

Page 433: ...he switched LAN before starting to forward frames They must allow the frame lifetime to expire for forwarded frames that have used the old topology Each port on a switch using STP exists in one of the...

Page 434: ...ate and resets the forward delay timer 3 In the learning state the port continues to block frame forwarding as the device learns end station location information for the forwarding database 4 When the...

Page 435: ...icipate in frame forwarding The port enters the learning state from the listening state A port in the learning state performs as follows Discards frames received on the port Discards frames switched f...

Page 436: ...forwards those packets as unknown multicast addresses STP and Redundant Connectivity A redundant backbone can be created with STP by connecting two device ports to another device or to two different d...

Page 437: ...e two workstations until the address tables will age out To avoid connection loss caused by a topology change STP implements a mechanism called topology change notification TCN When a topology change...

Page 438: ...ng all the bridges to reduce their address aging timer to forward delay time Figure 8 Topology Change Example with TC Message Line Error Detection The application software allows the Root port and the...

Page 439: ...rnet Group Multicast Protocol IGMP Fast recovery the Multicast traffic takes advantage of the connectivity and convergence time provided by the Spanning Tree Protocols In Figure 9 all devices run both...

Page 440: ...al Query to all its non mrouter ports The client s respond to the General Query with an IGMP report Switch C forwards the IGMP report to its mrouter ports and the report goes to the multicast router t...

Page 441: ...d STP Bridge Priority 32768 STP Hello time 2 seconds STP Forward delay 15 seconds STP Maximum Aging Time 20 seconds Line error detection Disabled STP Interface Path cost 10 STP Interface Priority 128...

Page 442: ...ace Path Cost STP Global Configuration Table 3 lists the STP global configuration commands Table 3 STP Global Configuration Commands Command Description spanning tree Enables disables the STP option s...

Page 443: ...nfiguring Multiprotocol Label Switching MPLS and Hierarchical Virtual Private LAN Services H VPLS chapter for additional details NOTE STP uses a single Access List resource for each GigE port each gro...

Page 444: ...mode sets the number of seconds a port waits before changing from its STP learning and listening states to the forwarding state The no form of this command resets the default value In addition when a...

Page 445: ...e line reach a critical level By default the Spanning Tree line error detection is disabled Command Syntax device name cfg protocol spanning tree line error detect enable disable Argument Description...

Page 446: ...on unit u u s p for port p on slot s on unit u a hyphenated range blank spaces are not allowed a list separated by commas blank spaces are not allowed Example The following example shows how to enable...

Page 447: ...erfaces By default the port path cost is 10 Command Syntax device name config if UU SS PP spanning tree path cost path cost device name config if UU SS PP no spanning tree path cost Argument Descripti...

Page 448: ...abled on a per port basis by the spanning tree detect tc command The intent of this facility is to allow topology change detection to be disabled on ports where it is known that a single end station i...

Page 449: ...ping disabled SpanIgmpFastRecovery enabled Table 6 The Global Parameters Displayed by the STP show Commands Parameter Description Spanning tree The spanning global state ProtocolSpecification The prot...

Page 450: ...ange BridgeForwardDelay The value of the Forward Delay parameter in seconds when the Bridge is the Root or is attempting to become the Root DetectLineCRCReconfig Indicates whether detection of CRC err...

Page 451: ...or all interfaces from Protocol Configuration mode device name cfg protocol spanning tree interface all Port Pri State PCost DCost Designated bridge DPrt FwrdT DtctTc 01 01 01 128 listn 19 19 32768 00...

Page 452: ...guration BPDUs DesignatedBridge The unique Bridge Identifier of one of the following The Bridge to which the port belongs in the case of a Designated Port The Bridge believed to be the Designated Brid...

Page 453: ...one of the following The Bridge to which the Port belongs in the case of a Designated Port The Bridge believed to be the Designated Bridge for the LAN to which this port is attached This parameter is...

Page 454: ...08192 00 12 F2 00 00 03 DesignatedCost 19 DesignatedBridge 32768 00 12 F2 11 29 82 DesignatedPort 128 1 FrwrdTransitions 0 TopChangeDetection Enabled Example 2 The following example displays the STP...

Page 455: ...128 63 0 Enabled 01 01 19 128 listn 19 0 32768 000002030405 128 62 2 Enabled Debugging STP Table 9 lists the STP debugging commands Table 9 STP Debugging Commands Command Description debug stp Display...

Page 456: ...and in Privileged Enable mode displays the debug status for the STP The debug commands can help the network manager to monitor a session as it proceeds on the device Command Syntax device name show de...

Page 457: ...nfigure terminal SwitchA config protocol SwitchA cfg protocol spanning tree enable 2 Set the STP bridge priority to 4096 to make Switch A the Bridge Root SwitchA cfg protocol spanning tree priority 40...

Page 458: ...ol SwitchD configure terminal SwitchD config protocol SwitchD cfg protocol spanning tree enable SwitchD cfg protocol exit 2 Set port 1 1 1 with path cost 4 SwitchD config interface 1 1 1 SwitchD confi...

Page 459: ...1 2 Enabled 01 01 02 128 frwrd 19 38 32768 0012F2010101 128 03 0 Disabled 01 01 03 128 frwrd 19 38 32768 0012F2010101 128 03 0 Disabled 01 01 04 128 frwrd 19 38 32768 0012F2010101 128 04 0 Disabled 01...

Page 460: ...ndry NetIron M2404C and M2404F Metro Access Switches Configuring STP Rev 03 Spanning Tree Protocol STP 2008 Foundry Networks Inc Page 36 of 38 01 01 10 128 frwrd 19 19 32768 0012F2030303 128 10 1 Enab...

Page 461: ...is document and their meaning Table 10 Acronyms Acronym Meaning ACL Access Control List BID Bridge ID BPDU Bridge Protocol Data Units H VPLS Hierarchical VPLS IGMP Internet Group Multicast Protocol LA...

Page 462: ...atforms 2008 Foundry Networks Inc Page 38 of 38 Supported Platforms Feature NetIron M2404F NetIron M2404C Spanning Tree Protocol Supported Standards MIBs and RFCs Feature Standards MIBs RFCs Spanning...

Page 463: ...an illustrated configuration example This document contains the following major sections TABLE OF FIGURES 2 RAPID SPANNING TREE PROTOCOL RSTP 3 OVERVIEW 3 RSTP CONFIGURATION FLOW 9 RSTP DEFAULT CONFIG...

Page 464: ...of Figures Figure 1 Proposal and Agreement Handshaking for Rapid Convergence 5 Figure 2 Sequence of Events during Rapid Convergence 6 Figure 3 RSTP BPDU Flags 6 Figure 4 Spanning Tree IGMP Example 8...

Page 465: ...tree RSTP assigns port roles and determines the active topology RSTP selects the device with the highest switch priority as is done in the STP RSTP assigns to each bridge port throughout the Bridged L...

Page 466: ...t it negotiates a rapid transition with the other port by using the proposal agreement handshake to ensure a loop free topology Figure 1 shows an example for proposal and agreement handshaking for rap...

Page 467: ...ll other ports to synchronize with the new root information The switch is synchronized with superior root information received on the root port if all other ports are synchronized An individual port o...

Page 468: ...e byte version 1 Length field is set to zero which means that no version 1 protocol information is present Figure 3 shows the RSTP BPDU flag fields Figure 3 RSTP BPDU Flags The sending switch proposes...

Page 469: ...t continues sending BPDUs with the proposal flag set until the forward delay timer expires at which time the port transitions to the forwarding state Processing Inferior BPDU Information If a port rec...

Page 470: ...ter port of Switch C that links to Switch B is blocked If a topology change occurs and the link between Switch C and Switch A goes down the blocked port of Switch C turns into forwarding state If Span...

Page 471: ...s Inc Page 9 of 34 Figure 5 Spanning Tree IGMP Fast Recovery Example The STP IGMP Fast recovery is disabled by default To set the STP IGMP Fast recovery use the spanning tree igmp fast recovery comman...

Page 472: ...Value Rapid Spanning Tree Protocol Disabled RSTP Bridge Priority 32768 RSTP Hello time 2 seconds RSTP Forward delay 15 seconds RSTP Maximum Aging Time 20 seconds Line error detection Disabled RSTP Edg...

Page 473: ...nds on the dynamically built topology several parameters should be set before connecting the network To set these parameters proceed as follows 1 Enable the RSTP on the switch See Enabling Disabling R...

Page 474: ...ee max age Sets the time in seconds that learned Rapid Spanning Tree information is kept before being discarded Enabling Disabling RSTP The rapid spanning tree command in Protocol Configuration mode e...

Page 475: ...on bridge priority The rapid spanning tree bridge priority in increments of 4096 The default value is 32768 IEEE802 1w Valid priority values are 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 4...

Page 476: ...axAge 2 1 Command Syntax device name cfg protocol rapid spanning tree forward delay forward delay device name cfg protocol no rapid spanning tree forward delay Argument Description forward delay The t...

Page 477: ...priority Sets the RSTP priority for the configured interface rapid spanning tree detect protocols Forces the port to work using the Rapid Spanning Tree Protocol RSTP and instead of the Spanning Tree...

Page 478: ...ollowing a link up event operational EdgePort is set to the value of admin EdgePort Hence if a port that has been marked as an edge port proves not to be one due to the presence of another bridge then...

Page 479: ...e is set to Auto then the value of Operational link type is determined in accordance with the specific procedures defined for the device entity concerned as defined in Admin link type auto If these pr...

Page 480: ...and blocks the other interfaces Table 4 shows the default RSTP path cost values Command Syntax device name config if UU SS PP rapid spanning tree path cost path cost device name config if UU SS PP no...

Page 481: ...y 802 1D BPDUs configuration messages and TCN messages However when the switch stops receiving BPDUs it cannot automatically revert to the RSTP mode because the switch cannot determine whether the leg...

Page 482: ...opology for all ports Displaying the RSTP Configuration The rapid spanning tree command in Protocol Configuration mode displays the current RSTP parameter configuration Table 8 describes the parameter...

Page 483: ...Configuration BPDUs through a given LAN port at most one Configuration BPDU shall be transmitted in any Hold Time period This parameter is fixed at 1 second BridgeMaxAge The value of the Max Age param...

Page 484: ...for all interfaces Command Syntax device name cfg protocol rapid spanning tree interface UU SS PP device name config if UU SS PP device name cfg protocol rapid spanning tree interface all device name...

Page 485: ...RSTP Show Commands for a Specific Interface Parameter Description PortPriority The port priority which is part of the port identifier PortState The current state of the port i e Disabled Listening Le...

Page 486: ...agement to determine the topology of the Bridged LAN FrwrdTransitions How many times the port transited to Forwarding state Admin EdgePort This value indicates whether the user forced the port to be a...

Page 487: ...this port is attached This parameter is used Together with the Designated port and Port Identifier parameters for the port to ascertain whether this port should be the Designated port for the LAN to w...

Page 488: ...figuration and Topology for All Ports The show rapid spanning tree command in Privileged Enable mode displays the current RSTP parameters settings and the RSTP topology for all ports Table 8 and Table...

Page 489: ...ugging Enabling RSTP Debug Information The debug rstp command in Privileged Enable mode enables the display of RSTP related debug information The no form of this command disables the display of RSTP r...

Page 490: ...880 tSpanPRS Port 1 1 9 Is DesignatedPort 0xa1391880 tSpanPRS Port 1 1 12 Is BackupPort 0xa1391880 tSpanPRS 0xa1391880 tSpanPRS 0xa1391880 tSpanPRS End Roles Selection By default the debug is disabled...

Page 491: ...the Rapid Spanning Tree Protocol Figure 7 shows the network configuration followed by the switches configuration For more information regarding the formulas that appear in this example see chapter Con...

Page 492: ...pid spanning tree max age 10 Configuration of Switch B 1 Enable Rapid Spanning Tree Protocol SwitchB config terminal SwitchB config protocol SwitchB cfg protocol rapid spanning tree enable Configurati...

Page 493: ...s since they are connected to PCs SwitchE config interface 1 1 3 SwitchE config if 1 1 3 rapid spanning tree edge port SwitchE config if 1 1 3 interface 1 1 4 SwitchE config if 1 1 4 rapid spanning tr...

Page 494: ...DesignatedRoot 04096 00 12 F2 11 29 92 RootPort 1 1 8 RootCost 400000 MaxAge 20 Sec HelloTime 2 Sec ForwardDelay 15 Sec BridgeMaxAge 20 Sec BridgeHelloTime 2 Sec BridgeForwardDelay 15 Sec TxHoldCount...

Page 495: ...their meaning Table 12 Acronyms Acronym Meaning ACL Access Control List BPDU Bridge Protocol Data Units CLI Command Line Interface H VPLS Hierarchical VPLS IGMP Internet Group Multicast Protocol LAN L...

Page 496: ...etworks Inc Page 34 of 34 Supported Platforms Feature NetIron M2404F NetIron M2404C Rapid Spanning Tree Protocol Supported Standards MIBs and RFCs Feature Standards MIBs RFCs Rapid Spanning Tree Proto...

Page 497: ...FIGURES 2 OVERVIEW 3 MULTIPLE SPANNING TREE REGIONS 3 MST TO SST INTEROPERABILITY 6 MST INSTANCES 7 INTEROPERABILITY WITH 802 1D STP 9 FAST RING MODE 9 SPANNING TREE IGMP FAST RECOVERY 13 CISCO COMPL...

Page 498: ...Event 10 Figure 4 MSTP in Ring Topology with a Router in Link Down Event 12 Figure 5 Spanning Tree IGMP Example 13 Figure 6 Spanning Tree IGMP Fast Recovery Example 14 Figure 7 MSTP Configuration Flow...

Page 499: ...s a sub tree in the CST that includes the whole bridged domain Adjacent single Spanning Tree SST and MST regions regard the MST region as a single virtual bridge The Common and Internal Spanning Tree...

Page 500: ...ions A and B are interconnected CIST A common and internal spanning tree which is a collection of the ISTs in each MST region and the common spanning tree CST that interconnects the MST regions and si...

Page 501: ...egion and appears as a subtree in the CST that encompasses the entire switched domain with the root of the subtree being the IST master The MST region appears as a virtual switch to adjacent STP switc...

Page 502: ...in the BPDUs it generates When the count reaches zero the switch discards the BPDU and ages the information held for the port The message age and maximum age information in the RSTP portion of the BPD...

Page 503: ...t recommend partitioning the network into a large number of regions Boundary Ports A boundary port is a port that connects to a LAN the designated bridge of which is either an SST bridge or a bridge w...

Page 504: ...ex state of the port If you have a half duplex link physically connected point to point to a single port on a remote switch running RSTP you can override the default setting of the link type and enabl...

Page 505: ...no longer receives 802 1D BPDUs because it cannot determine whether the legacy switch has been removed from the link unless the legacy switch is the designated switch Also a switch might continue to...

Page 506: ...raffic will flow in the new direction in a split second Figure 3 MSTP in Ring Topology in a Link Down Event NOTE When MSTP Fast Ring is used all of the user ports must be configured as MSTP edge ports...

Page 507: ...that is not MSTP enabled is connected to the ring NOTE In case of Interoperability Fast Ring it is obligatory to configure the two switches closest to the router as Border Bridges and to disable STP...

Page 508: ...Configuration mode The MSTP Fast Ring mode is disabled by default To set the MSTP Fast Ring mode use the mstp fast ring ring ports command in Protocol Configuration mode To set the Interoperability Fa...

Page 509: ...The multicast router sends an IGMP query to the clients for their multicast group memberships IP hosts reply with IGMP Reports The traffic flows from the router through Switch D and Switch A to Switc...

Page 510: ...ture that changes the BPDU format to conform to the IEEE 802 1s standard adopted in Cisco devices at the time of this writing The Cisco compliance feature is managed by the mstp cisco compliance comma...

Page 511: ...0 00 00 00 00 00 00 00 00 00 00 01 60 b0 d3 6e cc e1 45 40 14 da 65 22 bd 08 f3 cd 00 00 00 00 80 00 00 a0 12 11 29 92 28 4e 80 01 00 a0 12 11 29 92 00 00 00 00 80 80 28 4e 80 02 00 a0 12 11 29 92 00...

Page 512: ...a 65 22 bd 08 f3 cd CIST Internal Root Path Cost 00 00 00 00 CIST Bridge Identifier 80 00 00 a0 12 11 29 92 CIST Remaining hops 28 MSTI1 Flags MSTI Regional Root Identifier MSTI Internal root path cos...

Page 513: ...he version 3 length CIST Internal root path cost CIST Bridge identifier CIST remaining hops Version 3 length Mrecords total length 00 5a MSTI configuration Identifier Key Revision Name 50 Bytes 00 00...

Page 514: ...D and port ID of the sending bridge MSTI Internal root path cost 00 00 00 00 The whole M Record structure is different In the 802 1s there is no MSTID field The priority of the sending bridge and the...

Page 515: ...it in response to the Proposal it has made Consequently if the Alternate port becomes Root the Cisco device does not recognize it as belonging to another region although it has received a Root Agreeme...

Page 516: ...h MSTP will show a forwarding state Make sure that this consistency is maintained either by matching the VLAN memberships to the MSTP state or by changing MSTP parameters such as path cost and priorit...

Page 517: ...e lowest in the net Assign VLANs to Instances Is the bridge going to be a root Yes Set the MSTP Timers Hello hold forward delay etc see Configuring Global MSTP Parameters Set the loop free ports as ed...

Page 518: ...Link Type Auto MSTP Link Flapping feature Disabled Cisco MSTP compliance Disabled IEE 802 1s 2002 compliance is enabled Fast Ring mode Disabled Fast Ring Border Bridge mode Disabled Learn mode Standa...

Page 519: ...et bridge priorities in order to get a specific bridge to be the root another bridge to replace it on failure and so on See Setting the Bridge Priority 4 2 Set port priorities and path costs so traffi...

Page 520: ...ds Command Description mstp Enters the Protocol MSTP Configuration mode name Defines the configuration name revision Defines the configuration revision abort Exits the configuration without saving the...

Page 521: ...ame cfg protocol mstp name NAME device name cfg protocol mstp no name Argument Description NAME The configuration name The name length up to 31 characters case sensitive Example device name cfg protoc...

Page 522: ...en using the apply command the changes in the VLAN ID to MSTI mapping will be saved If you do not want to save the changes in the VLAN ID to MSTI mapping use the abort command in Protocol MSTP Configu...

Page 523: ...ation messages before attempting a reconfiguration By default the time value is 20 seconds Command Syntax device name cfg protocol mstp max age seconds device name cfg protocol no mstp max age Argumen...

Page 524: ...Protocol Configuration mode enables the Ring Border Bridge functionality on a switch running MSTP The Ring Border Bridge operates in conditions of Ring Topology and MSTP fast ring environment therefo...

Page 525: ...dard Defines permanently enabled learning on non edge ring ports 2 100 Optional Defines how long learning will be disabled after a topology change has occurred in seconds Configuring MSTI Parameters T...

Page 526: ...iguration mode sets the bridge priority for an MST instance The no form of this command resets the switch priority for the MST instance to its default value NOTE When using Fast Ring Border Bridge mod...

Page 527: ...E 802 1s compliant mode mstp bpdu rx Prevents an MSTP edge port from receiving bridge protocol data units BPDUs mstp bpdu tx Enables disables sending of BPDU packets on the specified interface mstp de...

Page 528: ...lower path cost when building the spanning tree The default value is derived from the link speed of the interface Table 4 displays the default value calculated from the media speed of the interface C...

Page 529: ...t returns to the Admin status You can use the flush port option to force MSTP to flush the edge port on which the option is configured when the link on that port goes down The MSTP Edge Port should be...

Page 530: ...rational link type is set to point to point otherwise it is set to Shared In the absence of a specific definition of how to determine whether the port is connected to a point to point LAN segment or n...

Page 531: ...1 1 1 1 8 device name config if range no mstp link flapping Setting MSTP Migration The mstp detect protocols command in Interface Configuration mode causes the port to switch to RSTP mode The MST pro...

Page 532: ...t from receiving bridge protocol data units BPDUs NOTE The mstp bpdu rx command will take effect only if the port is configured as an MSTP edge port by the mstp edge port command in Interface Configur...

Page 533: ...tually becomes Designated and moves to forwarding state This might cause a loop if the reason for not receiving BPDUs has been other than actual failure of a link bridge When the mstp detect bpdu loss...

Page 534: ...orts on the device When the mstp restrict tcn enable is configured on a port the port will not propagate detected topology changes to other ports on the bridge and the rest of the bridges in the topol...

Page 535: ...cludes the region name the MTSP revision number and the VLAN ID to MSTI mapping Command Syntax device name cfg protocol mstp show pending Example device name cfg protocol mstp show pending Pending MST...

Page 536: ...4 4093 6 11 Displaying the MSTP Configuration The show mstp command in Privileged Enable mode displays the MSTP configuration and the MSTP ports state Table 9 and Table 10 describe the parameters disp...

Page 537: ...he supported IEEE standard Priority The bridge priority which is part of the bridge identifier TimeSinceTopologyChange The count in seconds since tcWhile timer Topology Change State Machine timer spec...

Page 538: ...the rate of at which packets are sent This value is connected to the Port Transmit State Machine FastRing Indicates whether the Fast Ring feature is enabled or disabled on the switch MST00 Indicates...

Page 539: ...entifier parameter conveyed in received Configuration BPDUs DPrt The Port Identifier of the Bridge Port on the Designated Bridge through which the Designated Bridge transmits the Configuration Message...

Page 540: ...tes whether the port is enabled or disabled Port Priority The port priority for this MST Instance Port State The state of the port for this MST Instance Forward Transitions The number of times the por...

Page 541: ...RestrictRoot Shows if the root restriction is enabled on a port Debugging MSTP Table 12 lists the MSTP debugging commands To display any MSTP logs you should enable log trap debug Setting a particula...

Page 542: ...Displaying the MSTP Debug The show debug mstp command in Privileged Enable mode displays the status of the debug actions in the Multiple Spanning Tree Protocol MSTP that are currently activated in the...

Page 543: ...onfigure terminal device name config interface 1 1 1 2 Assign port priority 2 to instance 1 and path cost 22 to instance 2 Enable BPDU guard Restricted Root and Restricted TCN on port 1 1 1 device nam...

Page 544: ...minLink Type PointToPoint Link Type PointToPoint RestrictedRoot disabled RestrictedTCN disabled Detect lost BPDUs enabled Running Version RSTP Link flapping disabled MSTP Global Parameters Configurati...

Page 545: ...wrd 200000 0 00000 0012F20F2F27 128 006 01 01 13 128 Designat frwrd 200000 200000 32768 0012F211227A 128 013 MST01 VLAN mapped 1 Priority 32768 Regional Root 32769 00 12 F2 11 07 08 RemainingHopCount...

Page 546: ...nfig vlan create v200 200 device name config vlan config v200 device name config vlan v200 add ports 1 1 2 1 1 3 tagged device name config vlan v200 exit device name config vlan exit 2 Enter into Prot...

Page 547: ...riority 0 4 Enter into Protocol MSTP Configuration mode device name cfg protocol mstp 5 Add VLANS to MTSIs 0 1 and 2 device name cfg protocol mstp instance 0 vlan 1 99 101 199 201 4093 device name cfg...

Page 548: ...into Protocol Configuration mode and enable MSTP device name config protocol device name cfg protocol mstp enable 3 Enter into Protocol MSTP Configuration mode device name cfg protocol mstp 4 Add VLA...

Page 549: ...Disabled Port Pri Prt role State PCost DCost Designated bridge DPrt 01 01 01 128 Designat frwrd 200000 0 00000 0012F20A0168 128 001 01 01 02 128 Designat frwrd 200000 0 00000 0012F20A0168 128 002 01...

Page 550: ...128 Designat frwrd 200000 0 32768 00A00001090B 128 010 MST01 VLAN mapped 100 Priority 32768 Regional Root 00001 00 12 F2 0A 01 68 RemainingHopCount 39 TimeSinceTopologyChange 3039 Sec TopChanges 4 Bor...

Page 551: ...039 Sec TopChanges 3 Border Bridge Disabled Port Pri Prt role State PCost DCost Designated bridge DPrt 01 01 01 128 Altern block 200000 0 32768 0012F20A0168 128 001 01 01 02 128 Root frwrd 200000 0 32...

Page 552: ...earnMode Standard MST00 VLAN mapped 1 99 101 199 201 4093 Priority 32768 Regional Root 32768 00 A0 00 01 09 0B RemainingHopCount 39 TimeSinceTopologyChange 3039 Sec TopChanges 2 Border Bridge Disabled...

Page 553: ...h 3 changes its role from alternate to root Figure 9 Link Failure between Two Switches In this case the show mstp command will show the following On Switch 2 and Switch 4 The output displayed by the s...

Page 554: ...03 128 Designat frwrd 200000 0 00000 0012F20A0168 128 003 01 01 10 128 Designat frwrd 200000 0 00000 0012F20A0168 128 010 MST02 VLAN mapped 200 Priority 32768 Regional Root 00002 00 A0 00 01 09 0B Re...

Page 555: ...t DCost Designated bridge DPrt 01 01 02 128 Root frwrd 200000 0 32768 00A00001090B 128 001 01 01 10 128 Designat frwrd 200000 0 32768 0012F2BBBBBB 128 010 MST02 VLAN mapped 200 Priority 32768 Regional...

Page 556: ...ecovery Switch1 cfg protocol spanning tree igmp fast recovery Switch1 cfg protocol exit 4 Set port 1 1 8 as an edge port Switch1 config interface 1 1 8 Switch1 config if 1 1 8 mstp edge port Switch1 c...

Page 557: ...or accelerating its operation in ring topology Switch3 cfg protocol mstp fast ring ring ports 1 1 1 1 1 2 Switch3 cfg protocol mstp learn mode temporary disabled 2 Switch3 cfg protocol exit 3 Set the...

Page 558: ...ble BPDU guard Restricted Root and Restricted TCN on this port Switch1 config interface 1 1 8 Switch1 config if 1 1 8 mstp edge port Switch1 config if 1 1 8 mstp bpdu rx discard Switch1 config if 1 1...

Page 559: ...protocol mstp enable 2 Set port 1 1 8 as an edge port Enable BPDU guard Restricted Root and Restricted TCN on this port Switch3 config interface 1 1 8 Switch3 config if 1 1 8 mstp edge port Switch3 co...

Page 560: ...ode none Switch1 cfg protocol mstp 0 priority 8192 2 Configure VLANs Switch1 configure terminal Switch1 config vlan Switch1 config vlan create v10 10 Switch1 config vlan create v20 20 Switch1 config v...

Page 561: ...tch2 config vlan create v10 10 Switch2 config vlan create v20 20 Switch2 config vlan create v30 30 Switch2 config vlan config default Switch2 config vlan default remove ports 1 1 1 1 1 26 Switch2 conf...

Page 562: ...port security on the client port Switch4 configure terminal Switch4 config interface 1 1 1 Switch4 config if 1 1 1 mstp edge port Switch4 config if 1 1 1 port security Switch4 config interface 1 1 2 S...

Page 563: ...urity Switch5 config interface 1 1 3 Switch5 config if 1 1 3 mstp edge port Switch5 config if 1 1 3 port security 3 Configure VLANs Switch5 configure terminal Switch5 config vlan Switch5 config vlan c...

Page 564: ...by the CIST within a given MST Region The IST is the first MSTI in the region numbered as MSTI0 and it exists by default and cannot be removed All other MST instances are numbered from 1 to 15 MSTI Mu...

Page 565: ...non Designated Port of a MST Bridge that is connected to one of the LANs whose MCID matches exactly the MCID of the Designated Bridge of that LAN NOTE It follows from this definition that the MCID is...

Page 566: ...e 70 of 70 Supported Platforms Feature NetIron M2404F NetIron M2404C Multiple Spanning Tree Protocol Supported Standards MIBs and RFCs Feature Standards MIBs RFCs Multiple Spanning Tree Protocol IEEE...

Page 567: ...ING AND DISPLAYING IGMP SNOOPING 10 CONFIGURING THE IGMP SNOOPING PARAMETERS 10 DISPLAYING THE IGMP SNOOPING CONFIGURATION 17 CONFIGURING AND DISPLAYING MULTICAST QUERIER 20 DISPLAYING AND CLEARING TH...

Page 568: ...ble of Figures Figure 1 IGMP Version 1 Message Fields 3 Figure 2 IGMP Version 2 Message Fields 4 Figure 3 Initial IGMP Join Message 5 Figure 4 Second Host Joining a Multicast Group 6 Figure 5 IGMP Con...

Page 569: ...llowing the user to significantly reduce multicast traffic passing through the device Overview Multicast Address Multicast IP addresses range from 224 0 0 0 to 239 255 255 255 They are also referred t...

Page 570: ...field is meaningful only in membership query messages and specifies the maximum allowed time before sending a responding report in units of 1 10 second In all other messages it is set to zero by the s...

Page 571: ...Report message specifying the multicast group GDA it wants to join The IGMP Snooping switch recognizes the IGMP Report message sent by the host and adds the corresponding port to the forwarding list f...

Page 572: ...he 01 00 5E 01 02 03 multicast MAC address that are not IGMP packets to the host that has joined the group If another host for example host D sends an IGMP join message for the same group Figure 4 the...

Page 573: ...iginal Leave message Immediate Leave processing ensures optimal bandwidth management for all hosts on a switched network even when multiple multicast groups are in use simultaneously NOTE IGMP Snoopin...

Page 574: ...egardless of the configuration of the incoming port Prerequisites By default the maximum number of multicast entries that can be configured on a device is 256 When Link Aggregation is configured all t...

Page 575: ...ult Configuration Parameter Default Value IGMP Snooping Disabled Start Enable IGMP snooping Set limit of IGMP reports per some ports Configure uplink ports as m router ports Configure query sender on...

Page 576: ...he traffic is forwarded Configuring and Displaying IGMP Snooping To set the IGMP Snooping proceed as follows 1 Enable IGMP Snooping See Enabling Disabling IGMP Snooping 2 Set the multicast routers por...

Page 577: ...Enabling Disabling IGMP Snooping The ip igmp snooping command in Global Configuration mode enables IGMP Snooping on all existing VLANs The no form of this command disables IGMP Snooping on all existi...

Page 578: ...GMP queries are received or that have been set as mrouter ports receive all multicast traffic in the VLAN IGMP does not process membership reports for groups in the local link IP Multicast range 224 0...

Page 579: ...p u s p Where u s and p represent a 1 or 2 digit unit number slot number and port number respectively The user can specify u for all ports on unit number u u s for all ports on slot number s on unit u...

Page 580: ...ore the number of maximum groups to the default value use the no form of this command By default the maximum value is 2000 Command Syntax device name config ip igmp snooping vlan vlan id interface UU...

Page 581: ...ng is enabled Command Syntax device name config ip igmp snooping forbidden PORT LIST device name config no ip igmp snooping forbidden PORT LIST Argument Description PORT LIST Port list of the form u s...

Page 582: ...query query interval The maximum time interval that the device waits after sending a group specific query to determine if hosts are still interested in a specific multicast group The range is 11 3276...

Page 583: ...of the IP interface sw0 Command Syntax device name config ip igmp snooping query source ip zero device name config no ip igmp snooping query source ip zero Displaying the IGMP Snooping Configuration...

Page 584: ...an id Argument Description vlan vlan id Optional ID of VLAN for which information is displayed If this argument is not specified information for all VLANs is displayed Example The following example di...

Page 585: ...d and or dynamically learned IGMP multicast MAC addresses Command Syntax device name show mac address table multicast vlan vlan id user igmp snooping count device name show mac address table multicast...

Page 586: ...Command Description ip igmp snooping send query Sets the query generator show ip igmp snooping send query Displays the query generator information Setting the Switch as Querier The ip igmp snooping se...

Page 587: ...ing the Query Generator Information The show ip igmp snooping send query command in Privileged Enable mode displays the query generator information Command Syntax device name show ip igmp snooping sen...

Page 588: ...Number of report packets received Clearing the IGMP Snooping Statistics The clear ip igmp snooping command in Privileged Enable mode clears all the counters if no parameter is configured or the speci...

Page 589: ...g ip igmp snooping Configuring Switch 3 1 Enable IGMP Snooping device name configure terminal device name config ip igmp snooping 2 Set interface 1 1 16 as multicast router mrouter port device name co...

Page 590: ...evice name show ip igmp snooping mrouter vlan port static dynamic 0001 1 1 16 static device name show ip igmp snooping send query vlan group Query Interval Response Time interfaces 0001 224 000 000 00...

Page 591: ...ooping 2008 Foundry Networks Inc Page 25 of 43 device name show ip igmp snooping statistics reports 3 report packets received device name show ip igmp snooping vlan 1 vlan 1 IGMP snooping is globally...

Page 592: ...eams by sending out Internet Group Management Protocol IGMP join and leave messages These messages can originate from an IGMP version 2 compatible set top box with an Ethernet connection or from a PC...

Page 593: ...from a subscriber on a receiver port it sends out an IGMP query on that port and waits for IGMP group membership reports If no reports are received within a configured time period the receiver port i...

Page 594: ...AN as MVR VLAN End Add receiver ports as untagged to MVR VLAN see Configuring VLANs Add source ports as tagged or untagged to MVR VLAN see Configuring VLANs Create subscriber receiver VLAN see Configu...

Page 595: ...ion see IGMP Snooping 2 Enable MVR See Enabling and Disabling MVR 3 Set MVR mode to dynamic if the user wants to use the MVR dynamic mode If the user wants to use the MVR static mode the mode configur...

Page 596: ...iguration is erased By default MVR is disabled NOTE The IGMP snooping must be enabled before enabling the MVR feature Command Syntax device name config mvr device name config no mvr Example The follow...

Page 597: ...n this mode is slower than the response in dynamic mode but the device is not loaded with traffic from unused multicast groups vlan vlan id Optional ID of the VLAN on which MVR multicast data is expec...

Page 598: ...p count Optional Configures multiple contiguous MVR group addresses in the range 1 256 The default is 1 group Example 1 The following example shows how to configure 228 1 23 4 as an IP multicast addre...

Page 599: ...ets a port to receive multicast traffic sent to the IP multicast address mvr immediate Enables the Immediate Leave state on a port no mvr Disables the MVR on the configured port Setting the MVR Port T...

Page 600: ...icast group IP address that the port is allowed to join When the mvr group command is used without specifying an IP address all groups are allowed to join The no form of this command with an IP addres...

Page 601: ...ing the MVR Configuration Table 11 lists the MVR display commands Table 11 MVR Display Commands Command Description show mvr Displays configured MVR parameters show mvr interface Displays the current...

Page 602: ...ample device name show mvr interface Interface Type Status Immediate Leave 1 1 1 Receiver Active up Enable 1 1 2 Receiver Inactive up Disable 1 1 9 Source Active up Displaying the MVR Members The show...

Page 603: ...f 1 1 2 interface 1 1 3 device name config if 1 1 3 mvr type receiver device name config if 1 1 3 mvr group 224 1 1 27 8 Set the MVR source port 1 1 9 device name config if 1 1 3 interface 1 1 9 devic...

Page 604: ...Switches Configuring Multicast Layer 2 Rev 03 Multicast VLAN Registration MVR 2008 Foundry Networks Inc Page 38 of 43 1 1 3 Receiver Inactive down Enable device name show mvr members MVR Group Active...

Page 605: ...lly including the multicast source The device then forwards traffic that the source has multicast to the group only to the ports from which it received join messages for that group The device periodic...

Page 606: ...cess list resource allocation Configuring and Displaying GMRP Table 13 lists the GMRP commands Table 13 GMRP Commands Command Description gmrp Changes and displays the GMRP status show gmrp Displays t...

Page 607: ...41 of 43 Displaying the GMRP Status The gmrp command in Protocol Configuration mode and the equivalent show gmrp command in Privileged Enable mode display the current GMRP status enabled or disabled...

Page 608: ...s that are used in this document and lists their meaning Acronym Meaning CPU Central Processing Unit GARP Generic Attribute Registration Protocol GDA Group Destination Address GMRP GARP Multicast Regi...

Page 609: ...MIBs and RFCs Features Standards MIBs RFCs Multicast VLAN Registration MVR No standards are supported by this feature No MIBs are supported by this feature No RFCs are supported by this feature GARP...

Page 610: ...mands can be found in the document TABLE OF FIGURES 2 OVERVIEW 3 QOS CONFIGURATION FLOW 16 QOS DEFAULT CONFIGURATION 16 CONFIGURING QUALITY OF SERVICE FEATURES 19 QOS PRIORITY MAPPING COMMANDS 19 QOS...

Page 611: ...S Architecture 4 Figure 2 802 1p Priority Header Fields 5 Figure 3 Type of Service ToS Header Fields 6 Figure 4 Strict Priority Queuing 7 Figure 5 Weighted Round Robin Queuing 8 Figure 6 IPv4 Header S...

Page 612: ...to eight queues They are transmitted from the queues according to the queuing mechanism configured for the interface When using QoS feature each physical port sorts inbound and outbound traffic into e...

Page 613: ...er by their server source and destinations Most browser based applications have an asymmetric dataflow small dataflows from the browser client large dataflows from the server to the browser client Web...

Page 614: ...lobal Configuration mode By default 802 1p priority information is not replaced or manipulated and the information observed on ingress is preserved when the packet is transmitted This behavior is not...

Page 615: ...n Another advantage is that end stations can perform their own packet marking on an application specific basis The application software can observe and manipulate the DSCP information with no performa...

Page 616: ...are serviced with respect to each other Strict Priority SP With Strict Priority SP queue handling the queues are ranked in order The highest ranking queue txq7 is serviced first until it is empty the...

Page 617: ...that if a packet length exceeds the queue allowed bandwidth the packet is still transmitted during its time slot but its quota is overdrawn so that on the next time slot it receives a smaller allotme...

Page 618: ...for example using the IP Precedence bit or the 6 bit Differentiated Services Code Point DSCP setting in IP packets or source and destination addresses The network uses the QoS specification to classif...

Page 619: ...NCE D T R 0 0 Figure 7 ToS Octet Fields The ToS fields are described in Table 1 and Table 2 Table 1 ToS Fields Bits Number ToS Field 5 7 Precedence level as described in Table 2 4 0 Normal delay 1 Low...

Page 620: ...specifies that a packet marked with a DSCP value of 000000 recommended receives the traditional best effort service from a DS compliant node that is a network node that complies with the entire core D...

Page 621: ...nce dP values 1 2 and 3 Assured Forwarding PHB can be expressed as follows AFny In this example n represents the AF class number 1 2 or 3 and y represents the dP value 1 2 or 3 within the AFn class In...

Page 622: ...pacity utilization while minimizing packet loss and delay Weighted Random Early Detection WRED Unlike other queuing schemes Weighted Random Early Detection WRED is designed to prevent congestions befo...

Page 623: ...must be retransmitted by the application if they are retransmitted at all but also the ability of WRED to prevent the congestion will be impaired since UDP does not use the slow start flow control me...

Page 624: ...othen out peaks and troughs This will cause WRED to react slowly both to oncoming congestions and to the state when the queue size has fallen back beneath the minimum threshold NOTE If the user sets t...

Page 625: ...S Default Configuration Table 4 shows the QoS default configuration Table 4 QoS Default Configuration Feature Default Value Start Set the Priority Value Mapping to QoS Queues Set 802 1p Priority Infor...

Page 626: ...0 DSCP value mapping to transmit queues in DSCP to CoS mapping txq0 Drop level in DSCP to CoS mapping Yellow DSCP Remarking Policy Not defined Priority Remarking Policy Not defined Traffic shaping Dis...

Page 627: ...es Default Configuration Profile Threshold Value Green maximum 100 128 pps the value cannot be changed by the user Green minimum 75 96 pps Green mark probability 5 Yellow maximum 100 128 pps the value...

Page 628: ...To Set DSCP to CoS mapping 1 Set the DSCP to CoS mapping See Setting the DSCP to CoS Mapping 2 Set ACL on the traffic on which the user wants to apply DSCP to CoS use the access list command in Globa...

Page 629: ...levels to the eight transmit queues Command Syntax device name config qos map priority txq0 txq1 txq2 txq3 txq4 txq5 txq6 txq7 Argument Description priority The 802 1p priority level in range 0 7 txq0...

Page 630: ...recedence level by DSCP and conformance level qos policy priority Sets the priority remarking policy for remarking priority and optionally the conformance level by the transmit queue and conformance l...

Page 631: ...xq 1 1 1 3 3 Setting the Destination MAC Address Priority The qos mac command in Global Configuration mode assigns QoS priority level manually per destination MAC address per VLAN The no form of the c...

Page 632: ...3 device name config qos mac static 00 01 02 03 04 06 vlan 1 1 1 5 priority 6 device name config end device name show mac address table VID Mac PORT STATUS PRIORITY 1 0001 00 01 02 03 04 05 1 1 5 stat...

Page 633: ...value NOTE When remarking the DSCP value in the IP header the user must set the value of the dscp argument in the qos traffic class command to the remarked value For more information regarding the AC...

Page 634: ...nd conformance level The no form of the command removes the DSCP remarking policy The remarking policy depends on the traffic DSCP and CoS Class of Service parameters This option allows setting differ...

Page 635: ...ing priority and optionally the conformance level by the transmit queue and conformance level The no form of the command removes the priority remarking policy The remarking policy depends on the traff...

Page 636: ...figuration mode sets the rate for the transmit port Traffic shaping is used to control the rate of outgoing traffic in order to make sure that the traffic conforms to the maximum rate of transmission...

Page 637: ...isplays the port priority mapping show qos traffic class Displays the DSCP to CoS mapping show qos policy dscp Displays the DSCP remarking policy for remarking DSCP priority transmit queue and drop pr...

Page 638: ...to CoS mapping Command Syntax device name show qos traffic class Example device name show qos traffic class Index DSCP Priority Drop Level 0 none none none 1 none none none 2 2 3 green 3 none none non...

Page 639: ...none none none none green 6 none none none none green 7 none none none none green 8 none none none none green 9 none none none none green 10 none none none none yellow 0 none none none none yellow 1 n...

Page 640: ...ue NOTE Since the rate granularity is limited whenever the user sets the rate a message that specifies the rate that is actually configured will be seen Command Syntax device name show qos tx shaper E...

Page 641: ...current QoS scheduling settings Command Syntax device name show qos scheduling Configuring Weighted Round Robin QoS Queue Handling The qos scheduling wrr command in Global Configuration mode applies...

Page 642: ...weight txq3 weight txq4 weight txq5 weight txq6 weight Argument Description txq0 weight txq6 weight The weights assigned to the weighted transmit queues The values must be positive and in the range 1...

Page 643: ...Interface scheduling txq0 txq1 txq2 txq3 txq4 txq5 txq6 txq7 All int hybrid 2 1 1 2 5 1 1 Configuring Hybrid 3 QoS Queue Handling The qos scheduling hybrid 3 command in Global Configuration mode is us...

Page 644: ...s configuration tqx7 is serviced as long as it has packets for transmission When txq7 is empty txq6 is serviced as long as it has packets When txq6 is empty txq5 is serviced as long as it has packets...

Page 645: ...q0 weight txq1 weight txq2 weight Argument Description txq0 weight txq2 weight The weights assigned to the weighted transmit queues The values must be positive in the range 1 15 A higher value means h...

Page 646: ...ighted transmit queues The values must be positive in the range 1 15 A higher value means higher weight Example The following example configures hybrid 6 scheduling The show qos scheduling command dis...

Page 647: ...s The no form of the command removes the Tail drop profile NOTE The three profiles that can be set are shared by the tail drop and WRED algorithms Therefore for all the congestion avoidance mechanisms...

Page 648: ...The following example shows how to set Tail drop thresholds for priority 3 and apply it on interface 1 1 1 device name config qos tx queue set 1 tail drop priority 3 50 device name config interface 1...

Page 649: ...ts the profile parameters to be used in the Weighted Random Early Detection WRED calculations The no form of the command removes the WRED profile WRED is a congestion avoidance mechanism that slows tr...

Page 650: ...tor The range is 1 15 exponential weighting constant exponent Optional Sets the WRED exponential weight factor for the average queue size calculation The range is 1 15 Example The following example sh...

Page 651: ...ll profiles profile Optional Displays the information for the specified profile The profile number is in the range 1 3 Example 1 device name show qos tx random detect queue set Pr Green Green Green Ye...

Page 652: ...0 is used a new DSCP value specified by the last argument will be assigned only to packets with DSCP value equal to 0 When argument any is used a new DSCP value specified by the last argument will be...

Page 653: ...f the command disables the DSCP to Priority mapping on the selected port NOTE The user should first configure the global DSCP to Priority table and then enable the DSCP to Priority mapping on a port C...

Page 654: ...tos map DSCP priority drop precedence 0 2 yellow 1 0 green 2 0 green 3 0 green 4 0 green 5 0 green 6 0 green 7 0 green 8 0 green 9 0 green 10 0 green 11 0 green 12 0 green 13 0 green 14 0 green 15 0...

Page 655: ...el exp to cos Performs the one to one mapping of outer EXP field of the MPLS header qos mpls inner label exp map Defines the EXP to VPT mapping for the inner MPLS labels qos mpls outer label exp map D...

Page 656: ...ured interface Command Syntax device name config if UU PP SS qos mpls inner label exp map 0 7 0 7 0 7 0 7 0 7 0 7 0 7 0 7 overwrite device name config if UU PP SS no qos mpls exp map Argument Descript...

Page 657: ...e show qos mpls exp map interface 1 1 1 qos mpls inner label exp map 1 1 1 1 1 1 1 1 overwrite Configuration Examples QoS Mapping Examples Mapping Priority to Queue In the following example we change...

Page 658: ...r all incoming packets on interface 1 1 2 device name config if 1 1 1 interface 1 1 2 device name config if 1 1 2 qos priority 2 device name config if 1 1 2 end 3 The show qos priority txq map command...

Page 659: ...CoS Mapping The following example sets the mapping of DSCP 22 2 and 4 with priorities 2 3 and 4 respectively and the precedence level 1 Set DSCP 22 with priority 2 and mark it as yellow device name co...

Page 660: ...Traffic shaping configuration device name show qos tx shaper Interface 1 1 1 qos shaper rate 2048K burst 64K WRED Configuration Examples WRED Configuration The following example enables WRED with def...

Page 661: ...n the interface and specifies parameters for the different queues 1 Set WRED profile 2 device name configure terminal device name config qos tx queue set 2 random detect priority 0 50 10 75 10 exponen...

Page 662: ...ice name configure terminal device name config qos traffic class 8 dscp 8 priority 3 green device name config access list 100 permit ip any any precedence 1 device name config interface 1 1 1 device n...

Page 663: ...128 100 5 2 7 25 20 128 100 5 16 13 128 100 5 2 Sample DiffServ Implementation Figure 10 shows a sample DiffServ implementation with two remote routers 1 and 2 and a central router between them Figur...

Page 664: ...atch the traffic received on interface 1 1 9 device name configure terminal device name config access list 101 remark EF device name config access list 101 permit udp any any device name config access...

Page 665: ...104 exit 5 Set ACG 105 for FTP Silver class marking the DSCP value with 18 and vpt value with 2 device name config if 1 1 9 ip access group 105 option device name config if 1 1 9 acg 105 set traffic...

Page 666: ...1 10 ip access group 113 device name config if 1 1 10 ip access group 114 device name config if 1 1 10 ip access group 115 device name config if 1 1 10 ip access group 116 device name config if 1 1 1...

Page 667: ...le 1 with the threshold for priority 2 silver class device name config qos tx queue set 1 tail drop priority 2 25 7 Set WRED profile 2 with the threshold for priority 3 silver class device name config...

Page 668: ...class dscp 22 device name config if 1 1 10 acg 113 priority 3 green device name config if 1 1 10 acg 113 exit 6 Set ACG 114 for SMTP Silver class marking the DSCP value with 20 and vpt value with 3 co...

Page 669: ...t tcp any any vpt 3 eq telnet device name config access list 104 remark Silver2 device name config access list 104 permit tcp any any vpt 3 eq smtp device name config access list 105 remark Silver3 de...

Page 670: ...cronyms that are used in this document and lists their meaning Table 18 Acronyms Acronym Meaning ACL Access Control List DSCP Differentiated Services Code Point ECN Explicit Congestion Notification PH...

Page 671: ...Standards MIBs RFCs Quality of Service QoS IEEE 802 1p Priority Queuing No MIBs are supported by this feature RFC 2474 Definition of the Differentiated Services Field DS Field in the IPv4 and IPv6 He...

Page 672: ...N 3 CARRIER GRADE ETHERNET SERVICES AND SLAS 3 OVERVIEW 6 HQOS SPECIFICATIONS 7 HQOS MANAGEMENT 7 HQOS ADVANTAGES 8 HIERARCHICAL QOS USAGE EXAMPLES 9 QOS HQOS IMPLEMENTATION 11 OVERVIEW 11 INTERNAL AR...

Page 673: ...he Platform 11 Figure 8 Internal Architecture and Main Functional Blocks 13 Figure 9 Traffic Flow through the Device 16 Figure 10 QoS in Local Switching Path 17 Figure 11 QoS in the Add Path 19 Figure...

Page 674: ...ion of their purchased bandwidth This chapter describes how the device can enable multi level SLA assurance based on Hierarchical QoS HQoS implementation While providing enhanced HQoS functionality th...

Page 675: ...Ports It then classifies this traffic according to the defined services and encapsulates it according to VPWS VPLS standards so it can be sent over the MPLS core network and reach its appropriate des...

Page 676: ...ither UNI EVC or CoS Class of Service level The traffic through a UNI must be shared by all EVCs defined on that UNI and finally each EVC traffic is divided to the various CoS levels and each CoS leve...

Page 677: ...n ingress Traffic from each service is classified to its own flow for policing and QoS fields marking On egress other packet handling functions are done per CoS i e queuing scheduling shaping o Typica...

Page 678: ...Up to 48 queues allocated per EVC 24 ingress 24 egress Up to 512 queues per customer site service 256 ingress 256 egress Hierarchical scheduling and shaping o 2 levels of scheduling per customer site...

Page 679: ...ss after device decision and packet duplication o As a result in cases where the traffic from a specific customer service needs to be switched to several network interfaces the shapers on the network...

Page 680: ...dth that he really requires since the bandwidth can t be shared between the applications HQoS model implementation Each application receives its own set of SLA attributes e g CIR reserved bandwidth bu...

Page 681: ...DIA traffic can burst to use up to 5Mb s without losing packets 10Mb s V VP PN N Figure 6 Multi Service SLA In all the examples presented above had the flat QoS model been implemented the lower prior...

Page 682: ...the service provider s network also called the Add path Distributing the traffic received from the network to its destinations users that are connected to the device also called the Drop path The plat...

Page 683: ...sponsible for switching traffic that passes from network to network pass through traffic The Network HQoS provides additional traffic marking queuing scheduling shaping before it is sent to the Enhanc...

Page 684: ...ming packets and appropriately mark either 802 1p VPT or DSCP field In this case the mapping is done according to 802 1p DSCP only o Un trusted when the service provider doesn t trust the subscriber s...

Page 685: ...a rate and a burst size per queue and per port 2 shaping levels It is important to emphasize that the scheduling mechanism used either strict or WRR applies also to control packets sent by the local...

Page 686: ...to a hybrid SP WFQ L1 scheduler with dual rate shaper 128 L1 schedulers total 64 ingress and 64 egress The L1 schedulers are serviced using hybrid SP WFQ scheduling with equal non configurable weight...

Page 687: ...divided into two main types User access side and Network uplink side The traffic can flow through the device between each interface type and the same type or the other type creating overall four poss...

Page 688: ...the traffic flow and allows further QoS actions to be performed per flow The following actions can be performed Flow filtering which allows protecting the device and other network resources from being...

Page 689: ...uling Scheduling between the queues is performed according to either Strict Priority SP or Weighted Round Robin WRR algorithm These algorithms can be hybrid some queues SP other WRR in order to assure...

Page 690: ...rt FC Traffic Type UC MC BC 24 queues per port Color aware WRED per queue 256MB shared buffer shared with Service Ingress and Egress queues Dual rate shaper per queue WFQ SP scheduler per port Dual ra...

Page 691: ...y WRED Tail drop in the case of congestion or over subscription Marking Remarking o Marking of VPT field according to the internal FC and Color Egress VPT is not affected by the results of policing o...

Page 692: ...es are connected to a fixed hierarchy of Schedulers and Dual Rate Shapers o The L2 level 2 Schedulers are connected directly to the queues Each L2 Scheduler services up to 32 queues using hybrid SP an...

Page 693: ...rop priority for Green and Yellow traffic Network Egress Scheduling A single Scheduler services each network output port with its 24 queues Each of the two Schedulers has its own Dual Rate Shaper and...

Page 694: ...C FC Color FC maps to egress queue Policing Single Rate metering 2 Color marking 802 1p DSCP remarking Switching Bridging Local Switching traffic goes back to Service side Replication for multicast tr...

Page 695: ...Packet Processor As it progresses through the Packet Processor the following HQoS mechanisms are applied on it Mapping to Forwarding Class FC and Color FC will determine one of 8 egress queues per acc...

Page 696: ...priority traffic This also allows for more flexible SLA definitions Shaping Single rate shaping can be performed on 2 levels per queue and per port This allows shaping of traffic per FC thus allocati...

Page 697: ...lowed to transmit Two instances of WFQ scheduling are applied to L2 schedulers and network queues One instance is for all in profile traffic within the CIR and a different instance is for all excess t...

Page 698: ...mentation a set of resources such as queues schedulers buffer space etc will be allocated inside the device In HQoS terminology this is called instantiation of a policy Once another customer has subsc...

Page 699: ...SAP or customer site a group of SAPs o Defines the configuration of service ingress L1 and L2 schedulers including their WFQ and shaping profiles Egress Scheduling Policy o Applied per SAP or custome...

Page 700: ...s Max number of service ingress policies 64 Max number of service egress policies 64 Max number of scheduling ingress policies instances 64 32 if both High and Low priority is used in each instance Ma...

Page 701: ...egress policies assign queues to parent schedulers Schedulers used in service policies must have already been defined Assigning a queue with a parent scheduler that wasn t previously configured is not...

Page 702: ...red then default parameters will be used WRED profile WFQ profile Order of Configuration 1 The first configuration step defines the following policies o Shaping profiles o WFQ profiles o WRED profiles...

Page 703: ...ation but also means to verify SLAs end to end That is SLA attributes that are defined by the MEF bandwidth profiles delay delay variation and packet loss must be measurable in order to verify the ser...

Page 704: ...96 Egress service WFQ 1 96 Network WFQ 1 96 96 Ingress scheduler WFQ 1 96 96 Egress scheduler WFQ 1 96 96 Shaping Default Configuration By default the shaping is disabled Note that no shaping profile...

Page 705: ...figure profiles 1 33 57 HQoS Granularity Table The following table shows the extent to which a larger entity is subdivided For an example Network queues CIR and PIR values in the range of 4096Kbps 163...

Page 706: ...6Kbps 16384Kbps 64Kbps 16384Kbps 65536Kbps 256Kpbs 65536Kbps 1G 4096Kbps 0KB 256KB 1KB 256KB 2MB 8KB 2MB 16MB 64KB Network queues CBS and MBS 16MB 128MB 128KB 160Kbps 20480Kbps 80Kbps 20480Kbps 81920K...

Page 707: ...uring HQoS Rev 03 Configuration 2008 Foundry Networks Inc Page 36 of 98 Configuration NOTE The HQoS feature is supported on both M2404F and M2404C switches HQoS Configuration Flow Figure 16 Figure 17...

Page 708: ...d profile Configure the wred profile parameters Define the forwarding class FC Set the FC unicast queue Remove default network policy and network egress queue policy on uplinks Apply network policy an...

Page 709: ...scheduler level Define the L2 scheduler Define the service egress policy Set the scheduler shaper profile Set the scheduler wfq profile Configure the scheduler wfq profile weights Define a queue Set...

Page 710: ...level Define the L2 scheduler Define the service ingress policy Set the scheduler shaper profile Configure the shaper profile parameters L1 and L2 Set the scheduler wfq profile Configure the scheduler...

Page 711: ...ing profile is predefined in the system WRED Default Configuration Default WRED profiles defined as part of the default configuration for all queues network queues service ingress queues and service e...

Page 712: ...cy configuration Table 3 Ingress Scheduling Policy Default Configuration Default Value Parameter Priority Parent WFQ Profile L1 low priority scheduler is enabled Low0 low 0 L2 low priority scheduler i...

Page 713: ...int Bcast and Mcast Queue In Color 0 Best Effort be 1 9 Yellow 1 Low 2 l2 2 10 Yellow 2 Assured af 3 11 Yellow 3 Low 1 l1 4 12 Green 4 High 2 h2 5 13 Green 5 Expedited ef 6 14 Green 6 High 1 h1 7 15 G...

Page 714: ...Service Egress Policy default configuration Table 9 Service Egress Policy Default Configuration Forwarding Class FC Unicast Queue Low Priority Multicast Queues Low Priority Broadcast Queues Low Prior...

Page 715: ...reen 2 Assured af Yellow 3 Low 1 l1 Green 4 High 2 h2 Green 5 Expedited ef Green 6 High 1 h1 Green 7 Network Control nc Green Network Egress Policy Default Configuration The following default configur...

Page 716: ...egress remarking configuration also knows as the Forwarding Class Name FC Name Refer to Configuring Service Queues Table 14 Default Network Egress Configuration Forwarding Class FC Name In profile Gr...

Page 717: ...he mapping between the Broadcast Queue and the Forwarding Class multicast queue Sets the mapping between the Multicast Queue and the Forwarding Class queue Creates a service queue This command changes...

Page 718: ...mmand Syntax device name config hqos hqos egress policy hqos egress policy id device name config hqos no hqos egress policy hqos egress policy id Argument Description hqos egress policy id Specifies t...

Page 719: ...cast Queue VPT DSCP FC Color Service Association SAP Name Customer Site Example 2 device name config hqos hqos egress policy 4 device name config hqos eg 4 description This is Egress Policy device nam...

Page 720: ...to Forwarding Class configuration mode In fc mode the user can configure a queue for unicast traffic and broadcast and multicast queues for multipoint traffic The no form of this command removes all...

Page 721: ...n fc FC NAME dscp default 0 63 green yellow device name config hqos in fc FC NAME no dscp 0 63 Argument Description default Sets as default FC for all dscp values that do not have an explicit rule Thi...

Page 722: ...g between the Multicast Queue and the Forwarding Class Command Syntax device name config hqos in fc FC NAME multicast queue 1 32 parent SCHEDULER NAME device name config hqos eq fc FC NAME multicast q...

Page 723: ...profile service wfq profile id device name config hqos eg que queue id no service wfq profile Argument Description service wfq profile id Specifies the policy ID indicating the WFQ queue weight parame...

Page 724: ...an be applied Refer to the Configuring MPLS and H VPLS chapter for applying the ingress scheduler policy The no form of this command removes the service ingress HQoS Policy from the VPLS Command Synta...

Page 725: ...E device name config hqos NETWORK POLICY NAME device name config hqos no network policy NETWORK POLICY NAME Argument Description NETWORK POLICY NAME Specifies the name of the network policy as a text...

Page 726: ...config hqos NETWORK POLICY NAME egress Configuring Ingress Network Policy The ingress command in HQoS Network Policy Configuration mode changes the mode so that the ingress network policy can be confi...

Page 727: ...hat the forwarding class to be mapped is the High 1 Forwarding Class nc Specifies that the forwarding class to be mapped is the Network Control Forwarding Class yellow Remarking rule is applied for ou...

Page 728: ...ngress Network Policy Configuration mode sets the mapping between the LSP EXP value and the Forwarding Class on network ingress Command Syntax device name config hqos net in NETWORK POLICY NAME lsp ex...

Page 729: ...17 Network Queue Policy Configuration Commands Command Description network egress queue policy Defines network queue policy description Associate a description with a network queue policy fc Defines a...

Page 730: ...orm of this command removes the description from the network queue policy The description can be seen using the command show hqos network egress queue policy Command Syntax device name config hqos net...

Page 731: ...ueue id wred profile wred profile id device name config hqos net que que queue id no wred profile Argument Description wred profile id Specifies the WRED profile ID Before associating the policy to th...

Page 732: ...form of this command detaches the shaping profile Command Syntax device name config hqos net que que queue id shaper shaping profile id device name config hqos net que que queue id no shaper Argument...

Page 733: ...k Queue Policy Forwarding Class Configuration mode sets the mapping between the Multicast Queue and the Forwarding Class Command Syntax device name config hqos net queue fc FC NAME multicast queue 1 3...

Page 734: ...ler policy in VPLS Service configuration mode Applies a scheduler policy to the SAP ingress scheduler policy in Customer site configuration mode Applies a scheduler policy to the customer site egress...

Page 735: ...LICY NAME description description string device name config hqos eg sched policy SCHEDULER POLICY NAME no description Argument Description description string A description string to associate with the...

Page 736: ...ME no shaper device name config hqos eg sched policy sched SCHEDULER NAME shaper shaping profile id device name config hqos eg sched policy sched SCHEDULER NAME no shaper Argument Description shaping...

Page 737: ...hedulers are assigned equal weights For service ingress L 2 schedulers the profile ID is in the range 1 48 For service egress L 2 schedulers the profile ID is in the range 1 48 Defining Scheduler Prio...

Page 738: ...6 characters Applying Scheduler Policy to a Customer Site The hqos ingress scheduler policy and hqos egress scheduler policy commands in Customer Site Configuration mode apply a scheduler policy to t...

Page 739: ...ID no customer site CUSTOMER SITE NAME Argument Description CUSTOMER SITE NAME Specifies the customer site name as text string of up to 9 characters Shaping Profile WFQ Profile and WRED Profile Comman...

Page 740: ...assigning scheduling weight values to in profile and out of profile traffic WFQ profiles are configured in HQoS Configuration mode Service WFQ profiles contain just one weight applied to both in prof...

Page 741: ...ommand removes the WFQ profile Command Syntax device name config hqos network wfq profile net wfq profile id weight weight cir weight cir weight device name config hqos no network wfq profile net wfq...

Page 742: ...er wfq profile id device name config hqos eg sched policy sched SCHEDULER NAME no scheduler wfq profile Argument Description scheduler wfq profile id Specifies the scheduler WFQ Profile ID Applying WF...

Page 743: ...e no form of this command Command Syntax device name config hqos shaper profile shaping profile id cir pir cbs mbs device name config hqos no shaper profile shaping profile id Argument Description sha...

Page 744: ...ervice ingress egress L1 L2 Schedulers The no form of the command removes the specified Scheduler Shaping Profile Command Syntax device name config hqos shaper profile ingress egress shaping profile i...

Page 745: ...network port The no form of the command removes the specified shaper profile Command Syntax device name config hqos net que que queue id shaper profile shaping profile id device name config hqos net q...

Page 746: ...ork queues Configuring WRED Parameters for Green Traffic The green command in HQoS WRED Configuration mode configures WRED parameters for green traffic Command Syntax device name config hqos wred wred...

Page 747: ...ue entity The no form of this command removes the WRED profile from the service network queue entity Command Syntax device name config hqos in queue queue id wred profile wred profile id device name c...

Page 748: ...Displaying Service Ingress Policy The show hqos service ingress policy command in Privileged Enable mode displays the service ingress policy Command Syntax device name show hqos service ingress policy...

Page 749: ...os service egress policy egress policy id Argument Description egress policy id Specifies the service egress policy ID in the range 1 64 Example device name show hqos service egress policy Service Egr...

Page 750: ...POLICY NAME Argument Description SCHEDULER POLICY NAME Specifies the name of the scheduler policy composed of up to 6 characters Example device name show hqos scheduler policy Scheduler Policies Poli...

Page 751: ...r The show hqos service sap command in Privileged Enable mode displays the overall HQoS configuration of the SAP Command Syntax device name show hqos service sap UU SS PP VLAN ID ingress egress Argume...

Page 752: ...ecifies the name of the network queue policy Example device name show hqos network egress queue policy Network Egress Queue Policies Policy Name Description NET_Q1 Default Network Queue Egress Policy...

Page 753: ...ork policy Network Policies Policy Name Description NET_D Default Network Policy NET_P1 Network Policy for port 1 1 27 NET_P2 Network Policy for port 1 1 28 device name show hqos network policy NET_P2...

Page 754: ...n Green Green Yellow Yellow Yellow Min Max Prob Min Max Prob 500 1000 1 200 300 10 Displaying Shaping Profile The show hqos shaper profile command in Privileged Enable mode displays the shaper profile...

Page 755: ...er profile 20 Network Queue Shaper Id 20 CIR PIR CBS PBS 4992 5952 16 16 device name show hqos shaper profile 1 Port Shaper Id 1 CIR PIR CBS PBS 10000 20000 16 16 Statistics Display Commands Table 22...

Page 756: ...le device name show hqos service sap 1 1 1 23 statistics Sap Ingress Queue Statistics Queue Tx Pkts Green Pkts Yellow Pkts Tx Octets Green Octets Yellow Octets 1 0 0 0 0 0 0 10 0 0 0 0 0 0 Sap Egress...

Page 757: ...the three customers has two offices that use different kind of traffic when corresponding to each other For every customer different scheduler and queue policies are configured Service Ingress Schedul...

Page 758: ...n service egress queue and wfq between service ingress queues The VoIP traffic is assigned highest priority The VPN and Internet services share a common egress queue with the WRED profile applied to i...

Page 759: ...Mbps Configuration scheduler policy Gold and queue policy 10 1 Create WRED Policy SW1 configure terminal SW1 config hqos SW1 config hqos wred profile 5 SW1 config hqos wred 5 green 1000 4000 10 SW1 c...

Page 760: ...guring scheduler policy Silver and queue policy 11 1 Create Scheduler WFQ Profiles SW1 config hqos scheduler wfq profile ingress 20 weight 50 cir weight 200 SW1 config hqos scheduler wfq profile ingre...

Page 761: ...y 11 Configuration scheduler policy Platinum and queue policy 12 1 Create the following Shaping Profiles SW1 config hqos shaper ingress 6 3000 3000 8 8 SW1 config hqos shaper ingress 73 2000 2000 8 8...

Page 762: ...licy Name VLAN Source Sap Type VPT DSCP CIR MB s PIR Mb s CBS MB s MBS Mb s Destination Weight CIIR Weight WRED Total Bandwidth VPN 30 VoIP1 H1 Gold 10 30 SW1 VLAN 10 1 1 8 8 SAP 1 1 1 SW2 10 33 VPN 3...

Page 763: ...service egress queues SW2 config hqos eg 15 fc l1 SW2 config hqos eg fc l1 queue 10 parent Sched1 SW2 config hqos eg fc l1 exit SW2 config hqos eg 15 fc be SW2 config hqos eg fc be queue 10 parent Sch...

Page 764: ...olicy 16 7 Create Queues SW2 config hqos eg 15 queue 10 parent VoIP2 SW2 config hqos eg que 10 exit SW2 config hqos eg 15 queue 11 parent VPN2 8 Map FEC to service egress queues SW2 config hqos eg 15...

Page 765: ...c h2 SW2 config hqos eg fc h2 queue 12 parent VoIP3 SW2 config hqos eg fc h2 exit 8 Apply egress scheduler and hqos egress policies to SAP port SW2 config vpls 50 sap 1 1 3 option vlan 50 SW2 config v...

Page 766: ...e 58 SW3 config hqos net que que 11 exit SW3 config hqos net queue QuePol queue 12 SW3 config hqos net queue QuePol shaper 20 SW3 config hqos net que que 12 exit 3 Map FECs to network queues SW3 confi...

Page 767: ...qos net queue fc h1 queue 11 SW3 config hqos net queue fc h1 exit SW3 config hqos net queue Queue fc l1 SW3 config hqos net queue fc l1 queue 12 SW3 config hqos net queue fc l1 exit SW3 config hqos ne...

Page 768: ...BS Excess Burst Size EIR Excess Information Rate EVC Ethernet Virtual Circuit FC Forwarding Class HQoS Hierarchical QoS MEF Metro Ethernet Forum OAM Operations Administration Maintenance QoS Quality o...

Page 769: ...age 98 of 98 Supported Platforms Feature NetIron M2404F NetIron M2404C Hierarchical Quality of Service HQoS Supported Standards MIBs and RFCs Feature Standards MIBs RFCs Hierarchical Quality of Servic...

Page 770: ...ts and Access Control Groups It consists of the following sections TABLE OF FIGURES 2 OVERVIEW 3 ACL CONFIGURATION FLOW 11 DEFAULT ACL CONFIGURATION 12 CONFIGURING AND DISPLAYING ACLS 12 CONFIGURING A...

Page 771: ...3 Packet Flow Architecture 8 Figure 4 Redirecting Traffic with Access Control Group ACG 10 Figure 5 ACL Configuration Flow 11 Figure 6 Standard ACL Configuration Example 15 Figure 7 Extended ACL Confi...

Page 772: ...on ACL can also allow the user to control the rate according to any criteria the user chooses from the ACL criteria The ability to control the rate per VLAN or per interface with the ACL provides a co...

Page 773: ...ticular Sequential Processing ACLs are processed sequentially The device steps through the list line by line testing the packet against each filtering condition in the list The first condition that ma...

Page 774: ...the maximum number of allowed conditions Since this number is shared by all the ports that belong to a port controller applying rules that are highly ACL resource consumptive on one port may prevent...

Page 775: ...e number of entries that the user changes up to 32 green entries and up to 32 yellow entries amounting to a total range of 2 to 16 conditions Rate limit per VLAN cannot be configured on ports that are...

Page 776: ...quently than in enterprise networks Ethernet technology was developed for shared networks which means that no specific limits were put on the bandwidth capacity allocated to a single user at any given...

Page 777: ...es such as bandwidth rate limiting and network access hierarchies to ensure the integrity of the network The devices implement the modern and more efficient hardware implementation of routing switchin...

Page 778: ...The CIR determines the long term average transmission rate Traffic that falls below this rate will always conform The CBS determines how large traffic bursts can be before some of the traffic exceeds...

Page 779: ...edirect command in Interface or VLAN ACG Configuration mode VLAN Rewrite The traffic redirection feature can also be used for changing the VLAN tag field inside the VLAN header If the user redirects t...

Page 780: ...CL type specific notes and ACL processing Sequential Processing Deny by Default Ordered Processing List Length Limitations Choose ACL type to use Filter by EtherType mask ACL number 500 599 Protocol f...

Page 781: ...t first know the specific network needs and then choose the most suitable ACL Standard IP ACL when only the source IP address should be used See 7Creating a Standard IP ACL Extended IP ACL when multip...

Page 782: ...values in the range 1 to 99 Command Syntax device name config access list acl number deny permit SOURCE SOURCE WILDCARD provider vlan vlan id wildcard mask vlan vlan id wildcard mask untagged vpt pri...

Page 783: ...gged frames will be matched vpt Optional The VLAN Priority Tag VPT in the VLAN tag header Priority values range from 0 to 7 precedence precedence Optional Packets can be filtered by precedence level a...

Page 784: ...this command removes the specified ACL The extended ACL filters the traffic by the following parameters Source IP address in the IP packet header Destination IP address in the IP packet header IP prot...

Page 785: ...can also use the following syntax device name config access list acl number deny permit icmp SOURCE SOURCE WILDCARD DESTINATION DESTINATION WILDCARD icmp type icmp code tos tos precedence precedence...

Page 786: ...to specify the destination 1 Use a 32 bit quantity in 4 part dotted decimal format 2 Use the keyword any as an abbreviation for a destination of 0 0 0 0 and destination wildcard of 255 255 255 255 3...

Page 787: ...identifier in the range 1 4093 The provider vlan option is applied to the tls uplink interface in order to match the external VLAN vlan vlan id Optional Specifies a VLAN ID number in the range 1 4093...

Page 788: ...Value alternate address Alternate Host Address 6 conversion error Datagram Conversion Error 31 domain name reply Domain Name Reply 35 domain name request Domain Name Request 36 echo Echo ping 8 echo r...

Page 789: ...stratively Prohibited 9 host isolated Source Host Isolated 8 host precedence unreachable Host Precedence Violation 14 host tos unreachable Destination Host Unreachable for Type of Service 12 host unkn...

Page 790: ...l Kerberos shell 544 login Login rlogin 513 lpd Printer service 515 nntp Network News Transport Protocol 119 pim auto rp PIM Auto RP 496 pop2 Post Office Protocol v2 109 pop3 Post Office Protocol v3 1...

Page 791: ...os session service 139 ntp Network Time Protocol 123 pim auto rp PIM Auto RP 496 rip Routing Information Protocol router in routed 520 snmp Simple Network Management Protocol 161 snmptrap SNMP Traps 1...

Page 792: ...16 host 202 20 0 1 eq ftp device name config access list 101 permit tcp host 202 20 0 1 eq telnet 192 98 0 0 16 device name config access list 101 permit tcp host 202 20 0 1 eq ftp 192 98 0 0 16 To a...

Page 793: ...permit igmp 192 98 0 0 16 any To apply this ACG to an interface 1 1 1 by using the ip access group command device name config interface 1 1 1 device name config if 1 1 1 ip access group 102 Creating a...

Page 794: ...the ACL Valid values are in the range 300 399 deny Denies access if the conditions are matched permit Permits access if the conditions are matched igmp Specifies the IGMP protocol SOURCE Number of the...

Page 795: ...connected to the device through port number 1 1 2 to send IGMP membership reports packets for multicast group 224 1 1 1 all other packets going through that interface should be blocked and should not...

Page 796: ...vpt priority Optional The VLAN Priority Tag VPT in the VLAN tag header Priority values range from 0 to 7 provider vpt priority Optional Specifies the VLAN Priority Tag VPT in the provider VLAN tag hea...

Page 797: ...me config access list 405 permit any host 00 12 f2 02 43 32 known unicast 1 1 2 1 1 4 device name config access list 406 permit any any multicast device name config access list 407 permit any any broa...

Page 798: ...Specifies a VLAN ID number in the range 1 4093 wildcard mask Optional Specifies the VLAN mask in hexadecimal format The provider and or user VLAN identifiers can be defined for all TLS packets which...

Page 799: ...will be permitted since it uses ethertype 0x8100 Adding a Comment to an ACL The access list remark command in Global Configuration mode associates an explanatory remark for the specified ACL To remov...

Page 800: ...the traffic that matches the conditions of the configured ACG to the specified interface and VLAN set vlan Changes the VLAN ID on the traffic that matches the conditions of the configured ACG to the...

Page 801: ...g ACL Valid values are in the ranges 1 199 and 300 399 for an ACG applied to an interface or a VLAN in Optional The ACL is applied on the incoming traffic note that even if the in keyword is not speci...

Page 802: ...1 2 ip access group 101 device name config if 1 1 2 ip access group 1 device name config if 1 1 2 end Enabling QoS Statistics The statistics command in Interface AG interface or VLAN ACG Configuratio...

Page 803: ...ng this mode Command Syntax device name config if UU SS PP mac access group in acl number option device name config if UU SS PP acg acl num device name config if UU SS PP no mac access group in acl nu...

Page 804: ...e or VLAN The no form of this command removes the EtherType ACG NOTE The number of ACGs per VLAN is limited The user can set ACGs for up to 1K interfaces per VLAN In order to have the maximal number o...

Page 805: ...ONE 13 device name config vlan config ONE device name config vlan ONE ether type access group 502 device name config vlan ONE end Assigning Priority to an ACG The priority command in Interface or VLAN...

Page 806: ...mand in Global Configuration mode and performs DSCP to CoS mapping according to the DSCP value in the packet Rate Limiting by the ACG The rate limit command in Interface or VLAN ACG Configuration mode...

Page 807: ...imit Argument Description single rate Sets the rate limit to use the Single Rate Three Color Marker RFC 2697 RATE Committed Information Rate CIR in Kbps The values which can be configured are 64 kbps...

Page 808: ...mum 128 allowed for the ACL conditions Redirecting Traffic to Specified Interface The redirect command in Interface or VLAN ACG Configuration mode redirects the traffic that matches the conditions of...

Page 809: ...1 1 1 ip access group 110 option device name config if 1 1 1 acg 110 set vlan 300 Saving the ACG Options and Terminating the Configuration The apply command in Interface or VLAN ACG Configuration mode...

Page 810: ...Example device name show ip access lists Standard IP access list 1 permit host 192 98 2 1 permit 192 0 0 0 0 255 255 255 remark test acl Extended IP access list 100 permit tcp 192 98 0 0 0 0 255 255...

Page 811: ...d MAC access list 404 permit any host 00 12 f2 02 43 33 unknown unicast Extended MAC access list 405 permit any host 00 12 f2 02 43 32 known unicast 1 1 2 1 1 4 Extended MAC access list 406 permit any...

Page 812: ...ode displays the MAC ACGs configured on interfaces aggregation groups and VLANs Command Syntax device name show mac access groups Example The following example displays the ACGs configuration per inte...

Page 813: ...1 ip access group 100 mac access group 401 option rate limit single rate 64K 4K 4K exceed action mark yellow interface 1 1 2 ip access group 150 ether type access group 502 Configuration Examples In...

Page 814: ...device name config if 1 1 1 acg 103 exit device name config if 1 1 1 ip access group 1 7 Set the rate limit of 3M on PC1 connection to the server and no rate limit to the rest of the traffic on the p...

Page 815: ...ts with VPT 5 1 Set an ACL with a VPT rule for VPT 5 device name config access list 100 permit ip any any vpt 5 device name config access list 1 permit any 2 Set the ACG on the desired interface with...

Page 816: ...xisting ACGs device name show ip access groups Interface 1 1 2 ip access group 101 option set traffic class ip access group 1 Rate Limit with DSCP Remarking Policy Configuration The following example...

Page 817: ...is marked green and is remarked with priority 7 according to the given qos policy rule traffic above 1Mbps is dropped by the rate limiter 1 Create an ACL device name configure terminal device name con...

Page 818: ...le see Figure 12 shows how to change the VLAN ID on traffic from host on user 1 1 1 1 from VLAN 10 to VLAN 20 User ports 1 1 1 and 1 1 2 are members of VLAN 10 and VLAN 20 respectively User port 1 1 3...

Page 819: ...y Networks Inc Page 50 of 50 Supported Platforms Feature NetIron M2404F NetIron M2404C Configuring ACLs Supported Standards MIBs and RFCs Feature Standards MIBs RFCs Configuring ACLs No standards are...

Page 820: ...LLING AND MODIFYING ROUTING INFORMATION 20 OVERVIEW 20 CONFIGURING ROUTING FILTERS 23 CONFIGURING ROUTE MAP MATCH COMMANDS 28 CONFIGURING ROUTE MAP SET COMMANDS 30 CONFIGURATION EXAMPLES 31 CONFIGURIN...

Page 821: ...s Configuring Routing Information Rev 03 Table of Figures 2008 Foundry Networks Inc Page 2 of 48 Table of Figures Figure 1 The LSRR Option 5 Figure 2 Hosts Connected to Proxy ARP Server 32 Figure 3 Ne...

Page 822: ...VLAN Configuration mode NOTE The user can disable the routing IP forwarding between the IP interfaces subnets on the device by using the ip forward command in IP Table Configuration mode Populating th...

Page 823: ...es Each dynamic routing protocol has a default administrative distance as indicated in Table 2 NOTE If the user wants to override a static route by information received from a dynamic routing protocol...

Page 824: ...field the recorded route address replaces the source address just used and the pointer is increased by four The recorded route address is the Internet module own IP address as known in the environmen...

Page 825: ...static routes ip arp Adds a static ARP entry clear ip arp Removes the dynamic and static entries learned in the ARP table Creating a Static Route The ip route command in Global Configuration mode defi...

Page 826: ...tribute static command in OSPF Router Configuration mode advertises the static routes The no form of the command removes the static routes distribution By default static routes are not advertised Comm...

Page 827: ...y as a next hop of the static routes use the IP address that belongs to one of the connected IP interfaces When the configuration contains a static ARP entry and a static route for the same IP address...

Page 828: ...uring the IP Interface Table 4 lists the IP interface commands Table 4 IP Interface Commands Command Description interface Accesses the configuration mode of a specific IP interface and creates the IP...

Page 829: ...dress for the sw0 IP interface NOTE Secondary IP addresses cannot be configured for IP interface sw0 An IP interface can have one primary IP address and seven secondary IP addresses Primary IP address...

Page 830: ...lays the configuration of IP interface sw1 where 192 168 0 143 24 is the primary IP address and 192 168 70 65 24 is added to the IP interface as a secondary device name show ip interface sw1 Interface...

Page 831: ...the textual description Command Syntax device name config if IFNAME description LINE device name config if IFNAME no description Argument Description LINE Descriptive text a character string that may...

Page 832: ...bes the parameters displayed by the show ip interface command Command Syntax device name show ip interface brief IFNAME Argument Description brief Optional Displays brief information of all the define...

Page 833: ...packets received Number of packets received on the IP interface packets sent Number of packets sent from the IP interface multicast packets sent Number of multicast packets sent from the IP interface...

Page 834: ...ing the IP Table Table 7 lists the IP table commands Table 7 IP Table Commands Command Description router ip table Enters into the IP Table Configuration mode ip forward Enables routing between the co...

Page 835: ...h source routing header options Enabling LSRR Packet Processing The ip source route command in Global Configuration mode enables processing of packets with source routing header options The no form of...

Page 836: ...tion The Router Manager debug commands will not be saved after reload By default the debug is disabled Command Syntax device name debug router_manager events device name debug router_manager packet re...

Page 837: ...it 3 Enter into the VLAN Configuration mode device name config vlan 4 Create VLAN named Acct_vlan with VLAN ID 100 device name config vlan create Acct_vlan 100 5 Enter into VLAN Acct_vlan Configuratio...

Page 838: ...6 1 1 28 sw4 010 003 002 001 24 100 1 1 2 1 1 5 Setting a Static ARP Entry 1 Create a static ARP entry with IP address 130 0 0 6 and MAC address 00 40 95 08 32 2A device name configure terminal devic...

Page 839: ...single administrative authority For administrative purposes the Internet is divided into autonomous systems An autonomous system consists of a group of routers and networks sharing a common routing p...

Page 840: ...se a supernet because route confusion is prevented Networks can be advertised by redistributing dynamic routes A dynamic route is a route that is learned from another protocol or represented by the IP...

Page 841: ...e the way routers make path decisions by setting arbitrary metric values on links along the path end to end These arbitrary values are typically single integers with lower values indicating better pat...

Page 842: ...e numbering the user must specify the sequence number in the range 1 4294967295 for each entry of the IP prefix list command Whether sequence numbers are generated automatically or entered manually th...

Page 843: ...tch any entries of a prefix list is denied The optional keywords ge and le that specify range limits on the prefix length can be used for matching prefixes that are more specific than the exact prefix...

Page 844: ...refix list sequence numbers manually in the prefix list commands 1 If the user create a list with the same sequential number as a previous list the new list replaces the old one NOTE 2 IP prefixes are...

Page 845: ...ries of a prefix list that are more specific than the given length This argument is specified only following a prefix list name and a prefixed IP address as an additional constraint first match Option...

Page 846: ...in Route map Configuration mode Each route map command has a list of match and set commands associated with it The match commands specify the match criteria for the conditions under which redistributi...

Page 847: ...nfig route map test device name config route map test permit 10 device name config route map match ip address acl test device name config route map set metric 15 Configuring Route Map Match Commands T...

Page 848: ...AME Argument Description ACL NAME Name of routing access list that defines the match criteria Matching Metric The match metric command in Route map Configuration mode matches the specified metric Any...

Page 849: ...et metric command in Route map Configuration mode sets the specified metric value for matched routes when send is activated The metric value range is very large for compatibility with other protocols...

Page 850: ...Command Syntax device name config route map set ip next hop A B C D device name config route map no set ip next hop A B C D Argument Description A B C D The IP address of the next hop Configuration Ex...

Page 851: ...ations with devices outside of the subnet are transmitted by the router Proxy ARP is a method for transparent implementation of subnets for hosts that do not support subnetting With the help of ARP a...

Page 852: ...to MAC address mappings Hosts that may fake their identity an act known as spoofing in order to intercept packets that are not intended for them Proxy ARP is inapplicable in networks that do not use...

Page 853: ...By default Proxy ARP is disabled Command Syntax device name config if swN ip arp proxy device name config if swN no ip arp proxy Displaying Proxy ARP Configuration The show ip arp proxy command in Pr...

Page 854: ...quest packet is then encapsulated in an Ethernet frame with Host A s MAC address as the source address and a broadcast FF FF FF FF FF FF as the destination address Since the ARP request is a broadcast...

Page 855: ...sts in Subnet A is populated with the MAC address of the router for all the hosts on the Subnet B Hence all packets destined to Subnet B are sent to the router The router forwards those packets to the...

Page 856: ...disabled by default and thus the router discards Directed Broadcast packets directed to its connected subnets if the router is not specifically configured by the end user Prerequisites Before enabling...

Page 857: ...ected broadcast is always enabled globally i e on all existing IP interfaces If an attempt is made to enable this feature on a separate IP interface this will result in IP directed broadcast enabled o...

Page 858: ...so listen in the routing protocol updates to find routers IRDP presents a router discovery method using ICMP messages This method is independent of any specific routing protocol and does not require m...

Page 859: ...e the highest preference level The router can be configured with address preference levels to use or not use particular routers as default gateways The Lifetime Field The lifetime field within the rou...

Page 860: ...ts preference value See Assigning the Default Gateway Preference Value Table 20 lists the IRDP configuration commands To view the IRDP configuration use the show running config or show startup config...

Page 861: ...f this command sets the default value The user can use the blackhole argument to specify explicitly that the device is not to be used as a gateway by any client on the network The preference value in...

Page 862: ...by the IRDP to its clients The no form of this command sets the default value By default the holdtime is three times the value of the upper boundary of the IRDP time interval maxadvertinterval set by...

Page 863: ...default value of 600 Command Syntax device name config if sw1 ip irdp minadvertinterval value device name config if sw1 no ip irdp minadvertinterval Argument Description value Lower IRDP advertisement...

Page 864: ...P debugging status IRDP packet receive debugging is on Configuration Examples Configuring IRDP Advertisement 1 Enter into IP Interface Configuration mode and enable IRDP on the IP interface sw1 device...

Page 865: ...08 Foundry Networks Inc Page 46 of 48 device name config interface sw1 device name config if sw1 ip irdp 2 Advertise the IP router address 192 168 0 100 as the default gateway device name config if sw...

Page 866: ...Meaning ACL Access Control List ARP Address Resolution Protocol AS Autonomous System ASBR Autonomous System Border Router CIDR Classless Inter Domain Routing ICMP Internet Control Message Protocol IG...

Page 867: ...n the Presence of Subnets RFC 1042 A Standard for the Transmission of IP Datagrams over IEEE 802 Networks RFC 1122 Requirements for Internet Hosts Communication Layers Controlling and Modifying Routin...

Page 868: ...NG OSPF 9 CONFIGURING OSFP GLOBAL PARAMETERS 9 CONFIGURING THE OSPF TIMERS 19 CONFIGURING OSPF AREA PARAMETERS 21 CONFIGURING OSPF IP INTERFACE PARAMETERS 27 CONFIGURING OSPF TRAFFIC ENGINEERING TE 33...

Page 869: ...of Figures 2008 Foundry Networks Inc Page 2 of 68 Table of Figures Figure 1 OSPF Topology 4 Figure 2 Virtual Link Providing Redundancy 6 Figure 3 OSPF Configuration Flow 7 Figure 4 OSPF Configuration...

Page 870: ...path tree provides the route to each destination in the autonomous system When several equal cost routes to a destination exist traffic can be distributed among them The cost of a route is described b...

Page 871: ...e of the distance to all networks outside of its area by examining the collected advertisements and adding in the backbone distance to each advertising router Stub Area OSPF allows certain areas to be...

Page 872: ...int segments neighbor discovery is done dynamically through the OSPF multicast 224 0 0 5 using the OSPF Hello protocol On NBMA Non Broadcast Multiple Access networks neighbors must be configured manua...

Page 873: ...ot required as DR BDR election is not done on point to multipoint segments This network type is well suited for frame relay hub and spoke networks where conservation of IP addresses or minimizing reso...

Page 874: ...ion on a per area basis is shorthand for applying the timers and authentication to each IP interfaces in the area at the time of configuration If the user adds more networks to the area the user must...

Page 875: ...lling interval 60 seconds ABR behavior RFC 2328 OSPF Version 2 Router ID The lowest IP address of the networks assigned to the area Overflow Interval 0 Number of LSAs allowed in the router link state...

Page 876: ...d assign specific costs to the default summary route See Configuring OSPF Area Parameters 5 Redistribute OSPF routes from one routing domain into another routing domain See Redistributing Routing Info...

Page 877: ...e router link state database passive interface Suppresses routing updates on the specified IP interface Enabling OSPF The router ospf command in Global Configuration mode enables OSPF and accesses Rou...

Page 878: ...ased calculation for that IP interface When the user changes the reference bandwidth please ensure the new entered value is consistent with all routers Command Syntax device name config router auto co...

Page 879: ...name config router default information originate always metric value metric type 1 2 route map MAP NAME device name config router default information originate always metric type 1 2 metric value rout...

Page 880: ...gns the routes an OSPF metric of 20 device name config router ospf device name config router default metric 20 device name config router redistribute rip Setting the Administrative Distance The distan...

Page 881: ...M ACL NAME device name config router distance ospf external external distance intra area intra area distance inter area inter area distance device name config router no distance ospf NOTE The command...

Page 882: ...should always be filtered by the distribute list command Command Syntax device name config router redistribute connected kernel rip static route map MAP NAME metric metric metric type 1 2 device name...

Page 883: ...ax device name config router distribute list ACL NAME out connected kernel rip static device name config router no distribute list ACL NAME out connected kernel rip static Argument Description ACL NAM...

Page 884: ...ommand Syntax device name config router network A B C D M area A B C D area id device name config router no network A B C D M area A B C D area id Argument Description A B C D M OSPF network prefix A...

Page 885: ...the Routing Updates on a Specified IP Interface The passive interface command in Router OSPF Configuration mode suppresses routing updates on the specified IP interface The no form of this command re...

Page 886: ...outer OSPF Configuration mode sets the time countdown starting when the router enters Overflow state after which the router will attempt to resume transmitting LSAs The no form of this command sets th...

Page 887: ...before the hold timer expires the SPF calculation is not executed until the hold time expires the hold timer interval is doubled after the SPF calculation is executed and it is started again the size...

Page 888: ...ig router timers nssaTranslator seconds device name config router no timers nssaTranslator Argument Description seconds NSSA Translator Stability interval in the range 1 65535 seconds Configuring OSPF...

Page 889: ...n the range 0 4294967295 A B C D OSPF area ID in IP address format authentication Enables authentication for the OSPF area message digest Optional Enables MD5 authentication for the OSPF area Example...

Page 890: ...20 Setting the Area Export List The area export list command in Router OSPF Configuration mode sets a filter by the specified routing access list for networks that are announced to other areas The no...

Page 891: ...col Command Syntax device name config router area area id A B C D nssa no summary translate always translate never translate candidate device name config router no area area id A B C D nssa no summary...

Page 892: ...rs in an area are assigned in a contiguous range the user can configure the area border router to advertise a summary route that covers all the individual networks within the area that fall into the s...

Page 893: ...f there is no connection to the backbone area Establishing a Virtual Link through a Transit Area The area virtual link command in Router OSPF Configuration mode establishes a virtual link through the...

Page 894: ...in the range 1 65535 seconds dead interval dead interval Interval after which a neighbor is declared dead the default value is 40 seconds in the range 1 65535 seconds Example 1 The following example e...

Page 895: ...the OSPF designated router for the network ospf priority Sets the router priority for the configured IP interface to help determine the OSPF designated router for the network ip ospf dead interval Set...

Page 896: ...ospf authentication key PASSWORD device name config if swN no ip ospf authentication key device name config if swN ospf authentication key PASSWORD device name config if swN no ospf authentication ke...

Page 897: ...fig if swN no ip ospf message digest key key id device name config if swN ospf message digest key key id md5 PASSWORD device name config if swN no ospf message digest key key id Argument Description k...

Page 898: ...value of 1 Each broadcast and Non Broadcast Multi Access NBMA network has a designated router If the network is a transit network the designated router generates a link state advertisement for the ne...

Page 899: ...hello interval command in IP Interface Configuration mode specify the length of time between the hello packets that the router sends on an IP interface The no form of the commands sets the hello inte...

Page 900: ...state update packet on an IP interface The no form of the commands sets the transmit delay to the default value of 1 second The transmit delay timer increments the age of LSA update packets on the IP...

Page 901: ...hange information The no form of the command disables the opaque option By default the opaque option is enabled Command Syntax device name config no opaque capability Specifying OSPF TE Router Address...

Page 902: ...0 0 0 0 Opaque Type 1 Traffic Engineering LSA Opaque ID 0x0 Opaque Info 8 octets of data Router Address 9 0 0 2 Opaque Type 1 Traffic Engineering LSA Opaque ID 0x2 Opaque Info 96 octets of data Link 9...

Page 903: ...Description show ip ospf Displays various OSPF router statistics such as the contents of IP routing tables caches and databases show ip ospf database Displays the OSPF database for a specific router...

Page 904: ...total 3 active 3 number of fully adjacent neighbors in this area 1 area has no authentication number of full virtual adjacencies going through this area 1 area has no authentication number of full vi...

Page 905: ...0x8000003e 0x8a12 1 192 168 1 10 192 168 1 10 845 0x80000005 0x2d20 1 192 168 30 100 192 168 30 100 664 0x8000000f 0xf7f3 2 192 168 30 107 192 168 30 107 690 0x80000048 0xc6e3 2 net link states area 0...

Page 906: ...id 192 168 30 107 as external link states ls age 47 options 2 ls type as external lsa link state id 1 0 0 0 external network number advertising router 192 168 30 107 ls seq number 8000000e checksum 0...

Page 907: ...7 1220 0x80000001 0xe2fa 192 168 10 0 24 192 168 20 0 192 168 30 100 1684 0x80000002 0x06e2 192 168 20 0 24 Example 5 In the following example the show ip ospf database command displays the database r...

Page 908: ...9 options 2 ls type summary lsa link state id 192 168 10 0 summary network number advertising router 192 168 30 100 ls seq number 80000004 checksum 0x7080 length 28 network mask 24 tos 0 metric 10 Tab...

Page 909: ...erface IFNAME device name show ip ospf interface IFNAME Argument Description IFNAME IP interface name in the format swN The range is 0 255 Example device name show ip ospf interface sw0 sw0 is up line...

Page 910: ...interface rxmtl rqstl dbsml 192 168 0 2 1 2 way drother 00 00 31 192 168 0 2 sw1 0 0 0 192 168 0 50 1 full backup 00 00 32 192 168 0 50 sw1 0 0 0 192 168 30 100 1 full dr 00 00 38 192 168 0 100 sw1 0...

Page 911: ...ent the neighbor goes into Database Exchange state Example 2 The following example displays information on the neighbor specified by IP address device name show ip ospf neighbor 192 168 0 2 neighbor 1...

Page 912: ...g OSPF Debug Information The debug ospf command in Privileged Enable mode displays the information related to processing the Open Shortest Path First OSPF protocol Use the no form of this command to d...

Page 913: ...e no form of this command to disable the display of OSPF information The OSPF debug commands will not be saved after reload By default the debug is disabled Command Syntax device name debug ospf nsm e...

Page 914: ...ument Description all Sets debug for all OSPF packets dd Sets debug for OSPF database description ls ack Sets debug for OSPF link state acknowledgements ls request Sets debug for OSPF link state reque...

Page 915: ...State Request debugging is on OSPF packet Link State Update debugging is on OSPF packet Link State Acknowledgment debugging is on OSPF LSA flooding debugging is on Configuration Example Figure 4 shows...

Page 916: ...SFP Configuration mode RSW3 configure terminal RSW3 config router ospf 2 Set the OSPF Router ID RSW3 config router router id 192 168 1 3 3 Enable OSPF for the network 192 168 1 0 24 and assign the are...

Page 917: ...1 3 7 Set area 3 as stub area RSW4 config router area 3 stub 8 Set redistribution of RIP information RSW4 config router redistribute rip RSW5 Configuration 1 Enable OSPF and enter into Router OSFP Con...

Page 918: ...s Refresh timer 10 secs This router is an ABR ABR type is Standard RFC2328 This router is an ASBR injecting external routing information Number of external LSA 1 Maximum number of external LSA 10000 T...

Page 919: ...00 02 Neighbor Count is 1 Adjacent neighbor count is 1 sw3 is up line protocol is up Internet Address 192 168 0 1 24 Area 0 0 0 3 Stub Router ID 192 168 0 1 Network Type BROADCAST Cost 10 Transmit Del...

Page 920: ...0 192 168 0 1 1836 0x80000001 0x8172 0 0 0 0 0 10 0 0 0 192 168 0 1 1836 0x80000001 0x5987 10 0 0 0 8 20 0 0 0 192 168 0 1 1787 0x80000001 0x3b91 20 0 0 0 8 30 0 0 0 192 168 0 1 299 0x80000002 0x5279...

Page 921: ...0 area 0 0 0 0 ASBR via 10 0 0 2 sw1 R 192 168 1 3 10 area 0 0 0 0 ABR via 10 0 0 2 sw1 20 area 2 2 2 2 ABR via 30 0 0 2 sw2 OSPF external routing table RSW4 show ip route Codes K kernel route C conne...

Page 922: ...head short duration detection of failures in the path between adjacent forwarding engines BFD allows a single mechanism to be used for failure detection over any media and at any protocol layer with a...

Page 923: ...interface configuration commands Table 15 BFD Interface Configuration Commands Command Description bfd Enables BFD on a specified interface bfd minimum receive interval Specifies the minimum time int...

Page 924: ...f sw10 bfd minimum receive interval 200 Setting Sending Interval of BFD Packets The bfd send interval command in IP Interface Configuration mode specifies the time period at which device requests to s...

Page 925: ...nabling Disabling BFD for OSPF The bfd command in Router OSPF mode enables BFD for OSPF If an IP address is specified then the BFD operates only for that OSPF neighbor The no form of the command disab...

Page 926: ...process Example device name debug bfd packets BFD Display Table 18 lists the BFD display commands Table 18 BFD Display Command Command Description show bfd Displays information about the BFD configur...

Page 927: ...ace information Example device name show bfd interface sw10 Debug levels none Interface sw10 Send interval 100 Min receive interval 300 Interval multiplier 5 Displaying BFD Peer Information The show b...

Page 928: ...ceive interval value to 200 on interface sw10 when BFD is enabled on interface sw10 device name configure terminal device name config interface sw10 device name config if sw10 bfd minimum receive inte...

Page 929: ...ce name config if sw10 end 9 Display the modified multiplier interval on interface sw10 device name show bfd Debug levels none Interface lo0 has BFD disabled Interface sw0 has BFD disabled Interface s...

Page 930: ...g bfd 15 Display the debug level device name show bfd Debug levels none Interface lo0 has BFD disabled Interface sw0 has BFD disabled Interface sw10 Send interval 200 Min receive interval 200 Interval...

Page 931: ...face Device1 configure terminal Device1 config interface sw20 Device1 config if sw20 ip address 20 0 0 1 24 Device1 config if sw20 bfd Device1 config if sw20 exit 2 Create a VLAN with the specified na...

Page 932: ...vice2 config if sw20 bfd Device2 config if sw20 exit 2 Create a VLAN with the specified name vl20 and ID 20 Device2 config vlan Device2 config vlan create vl20 20 3 Change the configuration mode to a...

Page 933: ...iguration per Protocol and Filters Interface Configuration by the Specified Interface Device1 show interface sw20 Debug levels none Interface sw20 Send interval 100 Min receive interval 300 Interval m...

Page 934: ...of acronyms that are used in this document Table 19 Acronymns Acronym Meaning BFD Bidirectional Forwarding Detection FRR Fast ReRoute LDP Label Distribution Protocol LSP Label Switched Path LSR Label...

Page 935: ...ding Detection BFD Supported Standards MIBs and RFCs Feature Standards MIBs RFCs Open Shortest Path First OSPF STD 54 OSPF Version 2 RFC 1850 OSPF Version 2 Management Information Base RFC 1370 Applic...

Page 936: ...CONFIGURATION FLOW 60 EFM OAM DEFAULT CONFIGURATION 61 EFM OAM PROTOCOL CONFIGURATION 62 EFM OAM INTERFACE CONFIGURATION COMMANDS 65 EFM OAM MONITORING AND NETWORK TESTING COMMANDS 70 EFM OAM DISPLAY...

Page 937: ...y Networks Inc OVERVIEW 135 SETTING SAA 135 SAA DEFAULT CONFIGURATION 136 CONFIGURING SAA 136 CONFIGURING THE MEF OAM FOR THE SAA TEST 142 CONFIGURING THE SAA PERFORMANCE MONITORING PROFILES 142 SAA D...

Page 938: ...802 3ah Standard 55 Figure 10 Managing Customer Switches passive using the EFM 802 3ah Standard 56 Figure 11 Using 802 3ah over Virtual Ethernet Links 56 Figure 12 EFM OAM Configuration Flow 61 Figur...

Page 939: ...articipate in service level assurance and fault isolation From the operational aspect the following basic functions are supported Network discovery 802 1q bridged network discovery per VLAN Connectivi...

Page 940: ...ame loss delay and jitter Each specific threshold measurement between two MAC nodes will be called Monitoring process Figure 2 MEF OAM Periodic Service Assurance Test for Specific MAC The network admi...

Page 941: ...nnectivity and jitter and two way connectivity jitter frame loss and latency tests are checked each time this calculation occurs against a pre configured threshold Threshold conditions specify thresho...

Page 942: ...tamp of this device on this specific VLAN last seen on network field When a device receives a Connectivity Test Response it should handle it as follows Add a record of this PDU to the connectivity cyc...

Page 943: ...omain Receive PDUs only at the specified rate not faster from the same ports on the same VLANs If the generated packet is an OAM Multicast Response the bridge should find in its FDB the port on which...

Page 944: ...CEs To specify the VLANs for the MEF OAM domain use the add vlans command in MEF OAM Configuration mode To specify the ports for the MEF OAM domain use the add ports command in MEF OAM Configuration m...

Page 945: ...is triggered for a specific two way monitoring process threshold jitter frame loss or latency two way monitoring Warning test name exceeded limit of threshold for MAC HH HH HH HH HH HH on OAM Domain...

Page 946: ...rocess name Configuration Process Error Log Messages The following error message is sent when MEF OAM PDU received from un allowed port or VLAN and will not be processed Error Unallowed PDU received f...

Page 947: ...ain Configure specific two way monitoring processes End Add VLANs to the MEF OAM domain Add ports to the MEF OAM domain Define the VLAN ID to use for the specified two way monitoring process Set the m...

Page 948: ...seconds EtherType 0x889C Multicast address prefix 01 12 F2 10 00 00 Hello packets monitoring Enabled Hello interval 15 seconds Connectivity Timeout 90 seconds Hello Packet Size 64 Hello Packets Rate 1...

Page 949: ...he user has finished the data collection remove the OAM configuration 3 Jitter accuracy of 5 milliseconds is supported 4 When using OAM on a setup with xSTP do not configure OAM on more than 5 devices...

Page 950: ...d monitoring or change the jitter warning threshold value to monitor and the time period during which jitter should be monitored See Enabling Frame Loss Error Monitoring and Setting Threshold Value 13...

Page 951: ...ode sets the time period of the MEF OAM connectivity matrix recalculation cycle The no form of this command resets the recalculation rate to the default cycle By default the recalculation cycle is 15...

Page 952: ...name config oam ethertype 0x0001 Save the configuration and RESTART the device for this setting to take effect device name config no oam ethertype Save the configuration and RESTART the device for thi...

Page 953: ...ent packets will be sent only to the ports in the range defined for that domain By default the size of the connectivity test request payload is 64 bytes Command Syntax device name oam ping HH HH HH HH...

Page 954: ...If the domain argument is used the VLANs will be taken only from this domain Otherwise the first available domain will be used By default the number of hops for the OAM traceroute operation is 48 NOTE...

Page 955: ...Domain Configuration Commands Command Description oam bridge Creates a specific MEF OAM domain and enters into the MEF OAM Configuration mode oam bridge tls Creates a specific MEF OAM per TLS domain...

Page 956: ...F OAM domain level Each device can be a member in seven different MEF OAM domains By default when creating or modifying an MEF OAM domain its level is 255 NOTE If the domain level is not specified in...

Page 957: ...PLS Domain The oam bridge vpls command in Global Configuration mode creates a specific MEF OAM per VPLS domain The no form of this command removes the participation in specific MEF OAM domain When the...

Page 958: ...ports 1 1 1 1 1 5 Removing Ports from the OAM Bridge The remove ports command in MEF OAM Configuration mode removes ports from the MEF OAM domain NOTE This command is not supported for VPLS domain Com...

Page 959: ...NOTE This command is not supported for VPLS domain Command Syntax device name config oam LEVEL remove vlans VLAN LIST Argument Description VLAN LIST List of VLAN IDs separated by commas or range Examp...

Page 960: ...oam LEVEL remove vpls VC ID Argument Description VC ID VPLS ID number in the range 0 4294967295 If VC ID is not defined or is not active on the device an error is returned Example device name config t...

Page 961: ...delay Warning No broadcast from MAC HH HH HH HH HH HH on OAM Domain domain on VLAN vlan id during seconds seconds By default the connectivity timeout threshold is 90 seconds Command Syntax device name...

Page 962: ...Hello packets The range is 64 1486 Setting the OAM Packets Priority The oam priority command in MEF OAM Configuration mode sets the 802 1p priority in the OAM packets The no form of this command reset...

Page 963: ...without the jitter value enables the jitter monitoring with the default threshold By default jitter monitoring is enabled and the jitter threshold is 600 milliseconds Command Syntax device name confi...

Page 964: ...warnings should be monitored oam frame loss error Enables the frame loss error monitoring and optionally sets the round trip frame loss error threshold value oam frame loss warning Enables the frame...

Page 965: ...ing an OAM Two way Monitoring Process The oam process command in MEF OAM Configuration mode enters into predefined OAM Process Configuration mode The no form of this command removes the OAM process By...

Page 966: ...iption jitter error Optional The round trip jitter error threshold value in milliseconds The range is 1 10000 period jitter error time Optional The period in seconds during which the jitter errors sho...

Page 967: ...rame loss error tenth percent device name config oam LEVEL NAME no oam frame loss error Argument Description frame loss error percent Optional The round trip frame loss error threshold in percent The...

Page 968: ...on period of 90 seconds Command Syntax device name config oam LEVEL NAME oam latency error latency error period latency error time device name config oam LEVEL NAME no oam latency error Argument Descr...

Page 969: ...nd Syntax device name config oam LEVEL NAME oam priority priority device name config oam LEVEL NAME no oam priority Argument Description priority 802 1p class of service setting The range is 0 7 Setti...

Page 970: ...rgument Description milliseconds The OAM process timeout value The range is 10 8000 milliseconds MEF OAM Display Commands Table 5 lists the MEF OAM commands for displaying the OAM information Table 5...

Page 971: ...m connectivity timeout 90 oam jitter 600 oam pdu limit 40 all the device ports are members of the MEF OAM domain oam create process 00 12 F2 11 02 22 TEST2 repeat minutes 0 seconds 2 oam vlan 2 oam ti...

Page 972: ...period 90 oam jitter warning 600 period 180 exit Example 2 The following example displays the MEF OAM Configuration when the MEF OAM is not loaded device name show oam MEF OAM Configuration oam recalc...

Page 973: ...period oam jitter error period Round trip jitter error threshold value in milliseconds which is calculated for a calculation period oam jitter warning period Round trip jitter warning threshold value...

Page 974: ...OAM MEF OAM domain Cntvty Connectivity verification is used to detect connectivity problems OK indicates that the connection is operational and MEF OAM PDUs are received at intervals shorter than the...

Page 975: ...d for the frame loss warning threshold has been exceeded The displayed number indicates the frame loss as computed using the respective mathematical formula 2WLtncy Two way latency is defined as the t...

Page 976: ...OFF Directed Connectivity Timeout OFF Frame Loss Calculation Status is OFF Latency Calculation Status is OFF Bi Directional Jitter Calculation Status is OFF Uni Directional Jitter Calculation Status...

Page 977: ...Bucket Size 46 packets Configured Threshold for Average Latency 2000 MS Measured Latency 6 MS Trigger is OFF Warning Threshold Configured Measurement Duration 180 MS Configured Measurement Bucket Siz...

Page 978: ...e trigger status Measured Success Percent The current process frame loss in percent Configured Frame Loss Error Trigger The threshold the user configured for the frame loss error event in percent Erro...

Page 979: ...c HH HH HH HH HH HH Optional Specifies MAC address to limit the results Example device name show oam connectivity MAC VLAN Domain 1WJitter Port MS Since Last PDU Processed 00 12 F2 11 02 22 11 255 5 9...

Page 980: ...ys the MEF OAM detailed status Command Syntax device name show system show oam internal buckets mac HH HH HH HH HH HH vlan vlan id Argument Description mac HH HH HH HH HH HH Optional Specifies MAC add...

Page 981: ...e1 has only VLAN 2 defined Figure 5 Example for Configuring three Switches for Automated Connectivity Monitoring Configuring Device1 1 Define switch membership in MEF OAM domain 255 Device1 configure...

Page 982: ...2 configure terminal Device2 config oam bridge 2 Set the interval between MEF OAM multicast transmissions for domain 255 to 10 seconds Device2 config oam 255 oam hello interval 10 3 Enable one way jit...

Page 983: ...itches in the MEF OAM domain and set the threshold to trigger an alert whenever any switch has not sent Hello packet for 45 seconds on any VLAN already discovered by MEF OAM Device3 config oam 255 oam...

Page 984: ...ernet configuration using a MEF OAM protocol The switches in Figure 6 have Layer 2 connectivity through the provider network for VLAN 1 Provider is obligated to the following SLA Bi Directional Jitter...

Page 985: ...ng ce1 config oam process 255 SLA1 oam timeout 990 ce1 config oam process 255 SLA1 oam jitter error 800 period 120 ce1 config oam process 255 SLA1 no oam jitter warning ce1 config oam process 255 SLA1...

Page 986: ...is being updated please wait ce2 config Receiving Log Messages When a threshold is met the logging system displays a message For error thresholds the message priority is warning and for warning thresh...

Page 987: ...46 00 Sending ping Reply 00 12 F2 22 46 00 OAM 1 VC ID 1 Delay 5ms 4 Set VPLS mode and define VPLS instance 1 Device1 config vpls mode unqualified Device1 config vpls 1 Device1 config vpls 1 def vc id...

Page 988: ...1 VC ID 1 Delay 5ms 4 Set VPLS mode and define VPLS instance 1 Device2 config vpls mode unqualified Device2 config vpls 1 Device2 config vpls 1 def vc id 1 Device2 config vpls 1 sap 1 1 1 Device2 conf...

Page 989: ...VC ID 1 Type 5 Ethernet Flags RUNNING MTU 1500 SDP Primary Destination 11 0 0 1 Configuration static PW Status Established Active Uplink Port Not defined Group ID 0 Access Ports 1 1 1 Display general...

Page 990: ...OAM is optional and can be disabled on each physical port OAM initiatives are classified into three layers transport connectivity and service The transport layer is the collection of forwarding entiti...

Page 991: ...itionally manage the remote device without utilizing an IP layer This can be done by using link layer SNMP counters request and reply loopback testing and other techniques described in this draft An x...

Page 992: ...mechanism to detect the presence of an OAM sublayer on the remote device During the discovery process information about OAM entities capabilities and configuration are exchanged Link monitoring This...

Page 993: ...UI allocation is controlled by the IEEE and OUIs are the first three bytes of a MAC address If the switch address is recognized the 32 bit enterprise specific model should be equal to the SNMP model n...

Page 994: ...Rules for Active Mode A DTE in Active mode Initiates the OAM Discovery process Sends Information PDUs May send Event Notification PDUs May send Variable Request Response PDUs May send Loopback Contro...

Page 995: ...nformation OAMPDU Dying Gasp This condition is detected when the receiver goes down The Dying Gasp condition is considered as unrecoverable Conditions for dying gasp Management of the reload command D...

Page 996: ...and remote device are also tested and displayed Loopback using hardware created frames at wire speed This allows testing the link under extreme high load conditions The frames are discarded on the act...

Page 997: ...ation Parameter Default Value EFM OAM Enabled Number of OAMPDUs 5 OAMPDUs Event propagation Enabled Sending of the event notification OAMPDUs Enabled Priority Null Aging interval 5 seconds Start End C...

Page 998: ...PDUs that will be sent when the protocol needs to send multiple successive messages Event Notification OAMPDU efm oam propagate events Enables the sending of local event notifications to the remote de...

Page 999: ...e of 5 OAMPDUs Command Syntax device name cfg protocol efm oam multiple pdu count pdu count device name cfg protocol no efm oam multiple pdu count Argument Description pdu count Specifies the number o...

Page 1000: ...le device name cfg protocol no efm oam log events Setting OAMPDUs Priority The efm oam priority command in Protocol Configuration mode sets priority for the sent OAMPDUs The no form of this command re...

Page 1001: ...ned keep alive interval the neighboring device is considered inoperative The no form the command resets the Hello Interval to its default By default the Hello Interval is 1000 milliseconds NOTE The st...

Page 1002: ...umber of entries in efm oam history Enabling disabling the EFM OAM State on the Specified Interface The efm oam command in Interface Configuration mode enables disables EFM OAM on the specified interf...

Page 1003: ...configured on a local port once EFM OAM negotiation takes place loopback will always be forced on the remote port If such a setting is added after the EFM OAM negotiation is over loopback will be imm...

Page 1004: ...eshold monitoring accumulates the number of errors on the specified interface within the specified time window and checks the count of these errors in the specified time frame When the threshold is ex...

Page 1005: ...e event counters are updated Command Syntax device name config if UU SS PP efm oam threshold frame errors seconds seconds error count error count device name config if UU SS PP no efm oam threshold fr...

Page 1006: ...ent forward status 1 1 3 Setting the Number of Entries in EFM OAM History The efm oam history limit command in Protocol Configuration mode sets the maximum number of entries in efm oam history The no...

Page 1007: ...onitoring will be performed number number Optional Number of echo packets to send in the range 1 10 The default value is 5 packets delay delay Optional Delay between packets in seconds in the range 1...

Page 1008: ...e remote device and makes the hardware generate a test packet burst This means that a single packet generated by CPU is repetitively sent by the hardware When the burst is received back it is ignored...

Page 1009: ...pping loopback Started Completed Sent 3 packets 4530 octets Received Successfully 1 packets 1510 octets Local Remote InOctets 182078 InOctets 127025 OutOctets 173909 OutOctets 119198 InUcastPkts 734 I...

Page 1010: ...name efm oam get 1 1 1 Waiting to receive remote statistics values Remote Interface Status Stable Remote If Status Stable Remote MAC 00 12 F2 27 14 23 InOctets 363254 OutOctets 181663 InUcastPkts 0 In...

Page 1011: ...Unknown 1 1 3 Active 00 00 00 00 00 00 Unknown UU SS PP Unknown 1 1 4 Active 00 00 00 00 00 00 Unknown UU SS PP Unknown 1 1 5 Active 00 00 00 00 00 00 Unknown UU SS PP Unknown 1 1 6 Active 00 00 00 0...

Page 1012: ...Stable Local Thresholds Bit Errors Disabled Frame Errors 256 Window 20 Link down actions Shutdown None Forward status to None Displaying EFM OAM History The show efm oam history command in Privileged...

Page 1013: ...For the efm oam history clear command to take effect EFM OAM must first be enabled in the Protocol Configuration mode When EFM OAM is not enabled the EFM OAM is disabled error message will appear Comm...

Page 1014: ...Log messages implemented by the EFM OAM Name Severity Description text EFM OAM Remote CriticalEvent Error Event Received on interface UU SS PP EFM OAM Remote DyingGasp Error Dying Gasp Event Received...

Page 1015: ...alEvent Emergency Critical Event detected on local device by EFM OAM EFM OAM Local DyingGasp Fatal Dying Gasp Event detected on local device by EFM OAM EFM OAM Local LinkFault Error Link Fault occurre...

Page 1016: ...EVC that span one or more links It is end to end within an Ethernet network Ethernet OAM Capabilities Ethernet OAM is able to monitor the health of links because providers and customers might not have...

Page 1017: ...hard and soft faults such as software failure memory corruption or misconfiguration The failure detection is achieved by each Maintenance association End Point MEP transmitting a CCM periodically wit...

Page 1018: ...e CFM provides an alarm suppression mechanism for notifications that get generated as the result of CCM timeouts A CCM does not require a response and a multicast CCM it requires only N transmissions...

Page 1019: ...rification Loopback Messages A unicast Loopback Message LBM is used for fault verification To verify the connectivity between MEP and its peer MEP or a MEP the LBM is initiated by a MEP with a destina...

Page 1020: ...e path however it can receive many LTRs Link Trace Responses from different MPs along the trace path and the destination MEP as the result of the message traversing hop by hop As mentioned previously...

Page 1021: ...nd one for defects that are confined to a single MA The defects are ranked by priority If a higher priority defect occurs after a lower priority defect has triggered a Fault Alarm then the MEP will tr...

Page 1022: ...F Metro Access Switches Network Administration Tools Rev 03 802 1ag Connectivity Fault Management CFM 2008 Foundry Networks Inc Page 86 of 155 CFM OAM Configuration Flow Figure 18 displays the process...

Page 1023: ...FM Set Maintenance Domain parameters Create a Maintenance Domain Create Maintenance Associations Add Remove local ports to the Maintenance Association Start Define the VLANs to be under monitoring Set...

Page 1024: ...ting on the enclosing domain Defect priority 1 The statistics information for all defined domains Are displayed All MAs defined in DOMAIN NAME Are displayed All defined domains Are displayed Timeout u...

Page 1025: ...Enables the compatibility with the old version 6 1 of IEEE 802 1ag protocol show use draft61 Shows if the compatibility with the old version 6 1 of IEEE 802 1ag protocol is enabled or disabled Enabli...

Page 1026: ...et of Domain Service Access Points DoSAPs A Maintenance Domain is or is intended to be fully connected internally A DoSAP associated with a Maintenance Domain has connectivity to every other DoSAP in...

Page 1027: ...e config cfm profile NAME device name config cfm profile NAME device name config cfm no profile NAME Argument Description NAME Specifies the name of the CFM profile Setting the Frame Loss Error Thresh...

Page 1028: ...illiseconds The range is 1 10000 period jitter error time Optional The period in seconds during which the jitter errors should be monitored The range is 1 3600 Setting Two Way Jitter Warning Threshold...

Page 1029: ...eshold Value The latency warning command in CFM Profile Configuration mode sets the round trip latency warning threshold value By default latency warning monitoring is enabled with a threshold of 1600...

Page 1030: ...Connectivity Test Request Packets The size command in CFM Profile Configuration mode sets the size of connectivity test request packets By default the size of Loopback Request packets is 64 bytes Comm...

Page 1031: ...IEEE 802 1ag protocol is enabled or disabled Command Syntax device name config cfm show use draft61 Example device name config cfm show use draft61 Compatibility with old version is Enable Configurin...

Page 1032: ...tivity errors only for a list of MEPs with uniques MAIDs Example device name config cfm domain name D1 level 3 device name config cfm D1 ma name MA1 vlan id 3 priority 4 device name config cfm D1 MA1...

Page 1033: ...stname management address all Argument Description none The content of the Sender ID TLV is not sent to the remote MEPs hostname The content of the Sender ID TLV includes only the hostname of the devi...

Page 1034: ...c maintenance association By default the hello interval value is 1 second Command Syntax device name config cfm DONAME NAME MA NAME hello interval 100 milliseconds 10 milliseconds 1 second 1 minute 10...

Page 1035: ...with a SAP that provides access to a single service instance Example device name config cfm D1 ma name MA1 vlan id 3 device name config cfm D1 MA1 mep 1 port 1 2 3 out Specifying MIP Creation Policy T...

Page 1036: ...explicit depends on the presence of MEPs at lower level False No All above All above MIP policy defer No if the domain MIP configuration does not exist The decision regarding the MIPs is taken consid...

Page 1037: ...mote MEPs hostname The content of the Sender ID TLV includes only the hostname of the device management address The content of the Sender ID TLV includes only the management address of the device all...

Page 1038: ...level mep 1 8191 Argument Description priority Specifies the defect priority for the specified MEP in the range 0 5 1 8191 Specifies the MEP ID of the MEP in the specified range Example In this exampl...

Page 1039: ...oring The no form of this command disables one way jitter monitoring Command Syntax device name config cfm DOMAIN NAME MA NAME jitter bucket size 10 20 threshold error 1 10000 threshold warning 1 1000...

Page 1040: ...CFM should first be enabled in the Protocol Configuration mode Otherwise the CFM not active error message will be displayed Command Syntax device name show cfm UU SS PP interfaces domain level 0 7 Ar...

Page 1041: ...e name name Level ID MEP OUT 345 Up UP d2 ma2 3 7 Local MIPs MP Port Domain MA MD VLAN Type name name Level ID MIP 1 1 10 d1 ma1 5 5 Example 3 device name show cfm interfaces Port 1 1 1 MP Direction I...

Page 1042: ...in the Protocol Configuration mode Otherwise the CFM not active error message will be generated Command Syntax device name show cfm connectivity domain NAME ma MA NAME extended Argument Description do...

Page 1043: ...packets For each MEP there are two types of states Administrative and Operative Table 24 Parameters Displayed by the show cfm Command Local MEP Parameter Description Adm State Specifies whether CFM p...

Page 1044: ...Status is TEST perhaps due to an IEEE Std 802 3ah OAM intrusive loopback operation NoDAT status indicates that no data and no CFM Messages have been received for an excessive length of time Note that...

Page 1045: ...Example 2 device name cfm linktrace domain d4 ma ma4 mep 10 target mip 00 12 F2 11 12 12 Tracing link from 10 to MAC 00 12 F2 11 12 12 Sending Linktrace Message Waiting to receive Linktrace Replies R...

Page 1046: ...id 11 00 12 F2 22 5A 00 Done Sent 10 Received 10 Success rate 100 Time msec min avg max 0 1 5 Example 2 device name cfm loopback domain d4 ma ma4 mip 00 12 F2 22 5A 00 number 50 size 1462 Sending 50 l...

Page 1047: ...onfiguring two Devices in CFM Protocol The following example is based on Figure 19 The example shows how to configure an Ethernet network using a CFM protocol Figure 19 Example for Configuring two Dev...

Page 1048: ...d7 ma7 senderid content hostname Device1 config cfm d7 ma7 mip policy explicit 6 Add port 1 1 1 as MEP to a specified maintenance association Device1 config cfm d7 ma7 mep 1 port 1 1 1 out Device1 co...

Page 1049: ...and CFM Connectivity Statistics Device1 show cfm Domain d7 Level 7 Hello interval ms 1000 Maintenance association ma7 VLAN ID 10 Priority 6 Mip Policy default Local MEPs MEP Port Adm Oper Sent Last S...

Page 1050: ...y received Sending Linktrace Message Waiting to receive Linktrace Replies Reply with ttl 63 transID 7684 from 00 12 F2 11 02 22 5 ms Done Linktrace statistics TTL 63 Foundry MAC 00 12 F2 11 02 22 0 00...

Page 1051: ...1 1 2 as MEP to a specified maintenance association Device1 config cfm d7 ma7 mep 2 port 1 1 2 out Device1 config cfm d7 ma7 end Configuring Device2 1 Create a VLAN with the specified name vl10 and I...

Page 1052: ...e CFM protocol Device3 configure terminal Device3 config cfm enable 5 Create a maintenance domain with a specified name d7 and level 7 and create a maintenance association within a specified domain De...

Page 1053: ...00 12 F2 11 02 22 Up Up 1330 0 0 16 39 41 000 203 00 12 F2 11 02 22 Down Down 1025 0 0 16 39 26 000 Clear the remote MEPs with the clear connectivity command Device1 configure terminal Device1 config...

Page 1054: ...ture network topologies Design use RTR to designing future network topologies Extended IP support RTR allows the user to measure various types of IP traffic such as UDP and TCP Overview RTR Response T...

Page 1055: ...IP it is acceptable for less demanding applications Data latency is just as critical as data loss in VoIP and multimedia environments in which delays must not impact end user performance Real time int...

Page 1056: ...UDP Echo Periodically issue UDP echo requests and measure the delays until UDP echo replies arrive Aggregate the measurements to estimate the network performance for real time traffic oriented applica...

Page 1057: ...ll the collected information is stored in the SLO measurement database A presentation module provides the ability to graphically view network measurement statistics and thresholds On the typical netwo...

Page 1058: ...cal links and dashed lines indicate examples for monitored SLOs In this example remote site routers may monitor application services VoIP metrics and connectivity to selected network points Figure 23...

Page 1059: ...User Datagram Protocol UDP Echo Response Time The User Datagram Protocol UDP Echo operation calculates UDP response times between a router and any IP enabled device The response time is computed by me...

Page 1060: ...guring and Displaying the RTR To set the RTR proceed as follows 1 Create an RTR test and enter into the RTR Configuration mode See Creating a Response Time Test and Entering into RTR Configuration Mod...

Page 1061: ...test name default is assigned Command Syntax device name config rtr test TEST NAME OWNER NAME device name config rtr device name config no rtr test TEST NAME OWNER NAME Argument Description TEST NAME...

Page 1062: ...Argument Description TEST NAME The name of the test OWNER NAME Optional The name of the owner of the test action type trapOnly The action type that can be an SNMP notification only pingProbeFailed Se...

Page 1063: ...od Optional Execute the test after a period of time in seconds The range is 1 65535 seconds Example device name config rtr schedule test me now Specific RTR Test Configuration Commands Table 31 lists...

Page 1064: ...Internet Control Message Protocol ICMP Echo operation measures end to end response time between the router and devices using IP tcpConnect Performs a TCP Connect test The Transmission Control Protoco...

Page 1065: ...Configuration mode sets the time period at which the operation should send out probes to gather statistics The no form of this command resets the time period to its default value This command applies...

Page 1066: ...tatistics number device name config rtr no probe statistics Argument Description number Probe statistics count in the range 0 255 Tagging a Packet The tag command in RTR Configuration mode includes a...

Page 1067: ...istics Argument Description TEST NAME The name of the test OWNER NAME Optional The name of the owner of the test probe statistics Optional Displays probe statistics which have been performed by the te...

Page 1068: ...bes per repetition 5 Frequency of repetition 60 Probe timeout 5 Trap generation pingProbeFailed 2 pingTestFailed 4 pingTestCompleted data size 0 data fill none Probe history count 20 By pass route tab...

Page 1069: ...h name test1 with owner of the test named mon device name configure terminal device name config rtr test test1 mon 2 Set the test parameters type protocol and target IP address device name config rtr...

Page 1070: ...l The ping command sends an Internet Control Message Protocol ICMP echo request to the IP address or selected hostname Trace Route The Trace route tool works by sending by sending ICMP echo packets wi...

Page 1071: ...ompares them to predefined SLA thresholds In cases that the statistics value passes the threshold SAA sends a notification SAA is based on the RTR Response Time Reporter feature SAA uses RTR infrastru...

Page 1072: ...sabled Maximum number of concurrent active tests 10 Repeat frequency Not specified Number of probes count 1 Number of probe statistics 50 Probe data length 64 bytes Probe timeout 3 seconds Traps Not g...

Page 1073: ...of concurrent active tests The no form of the command resets the number of concurrently active tests to its default value By default the maximum number of concurrent active tests is 10 Command Syntax...

Page 1074: ...hutdown Configuring Repeat Frequency The frequency command in SAA Test Configuration mode specifies the repeat frequency The no form of the command removes the repeat frequency By default no repeat fr...

Page 1075: ...config saa test probe count 10 device name config saa test frequency 20 Probes are send at the following interval in seconds 1 2 3 4 5 6 7 8 9 10 20sec 1 2 3 4 5 6 7 8 9 10 Configuring Probe Statistic...

Page 1076: ...Configuration mode specifies the probe data length The no form of the command removes the probe data length By default the probe data length is 64 bytes Command Syntax device name config saa test dat...

Page 1077: ...sed up or down For more information see Configuring SNMP chapter Command Syntax device name config saa test reaction configuration pingProbeFailed pingTestFailed number device name config saa test rea...

Page 1078: ...of the MEF OAM connectivity probes to use for connectivity jitter calculations and frame loss By default the bucket size is 50 priority 0 7 Optional Specifies the priority of the MEF OAM probes By def...

Page 1079: ...ofile Configuration mode enables jitter error monitoring and optionally sets the jitter error threshold value The no form of this command disables the jitter error monitoring By default the jitter err...

Page 1080: ...ed device name config saa profile frame loss error FRAMELOSSERROR_PERCENT_THRESHOLD device name config saa profile no frame loss error Argument Description FRAMELOSSERROR_PERCENT_THRESHOLD The frame l...

Page 1081: ...fault Test type mef oam Administrative status enabled MAC 00 A0 12 49 4A 00 Service 10 Bucket 50 Probe priority 3 Profile Id 1 Profile Name Profile Probes per repetition 1 Frequency of repetition not...

Page 1082: ...7 Optional Specifies the existing profile ID Example device name show saa profile 1 Profile name P index 1 Frame Loss 5 Jitter 20 Latency 200 Configuration Example In the following example an H VPLS s...

Page 1083: ...an create v10 10 Device1 config vlan config v10 Device1 config vlan v10 add ports 1 1 27 1 1 28 untagged Device1 config vlan v10 add ports default 1 1 27 1 1 28 Device1 config vlan v10 rif lo1 Device1...

Page 1084: ...config vpls sdp 1 1 1 1 no shutdown Device1 config vpls sdp 1 1 1 1 exit Device1 config vpls 10 exit Device3 Configuration 1 Create interface lo1 and VLAN v10 Device3 configure terminal Device3 config...

Page 1085: ...3 3 3 exit Device3 config vpls 10 exit Create an SAA Threshold Profile and Configure an SAA Test on Device1 1 Create an SAA threshold profile and set the jitter error threshold value latency error thr...

Page 1086: ...HH HH HH HH 3 Enable the SAA test Device3 config saa test no shutdown Device3 config saa test end Display the SAA Test Result and SAA Threshold Profile on Device1 1 Display the SAA test results Devic...

Page 1087: ...oundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools Rev 03 Service Assurance Application SAA 2008 Foundry Networks Inc Page 151 of 155 Frame Loss 5 Jitter 20 Latency 20...

Page 1088: ...0 EVC Ethernet Virtual Connection ISAP Intermediate Service Access Point LBM Loopback message LBR Loopback Reply LTM Linktrace Message LTR Linktrace Reply MEPID Maintenance association End Point Iden...

Page 1089: ...ged Local Area Networks MEF OAM Metro Ethernet Forum Ethernet Service OAM Phase I draft No MIBs are supported by this feature No RFCs are supported by this feature Intermediate 802 3ah EFM OAM IEEE Dr...

Page 1090: ...Rev 03 Supported Platforms 2008 Foundry Networks Inc Page 154 of 155 Features Standards MIBs RFCs Diagnosing Connectivity Problems No standards are supported by this feature No MIBs are supported by t...

Page 1091: ...4 ARCHITECTURE 5 USAGE GUIDELINES 20 SETTING THE MAXIMAL NUMBER OF CONCURRENT SAA TESTS 20 CONFIGURE AN SAA TEST 20 CONTROLLING THE TEST NOTIFICATIONS 24 CREATE A THRESHOLD PROFILE 25 ATTACH THE SPECI...

Page 1092: ...igure 1 DISMAN PING MIB 5 Figure 2 pingCtlTable 6 Figure 3 pingResultsTable 10 Figure 4 pingProbeHistoryTable 12 Figure 5 SAA MIB 13 Figure 6 saaPingCtlTable 13 Figure 7 saaPingResultsTable 15 Figure...

Page 1093: ...history enable the user to define performance profiles that include rising and falling thresholds for the statistics A profile is created see Create a Threshold Profile and then it is attached to the...

Page 1094: ...he database and retrieves data and provides it to the SNMP agent or CLI upon request The feature s main purpose is to configure SAA via SNMP and to gather and display PW statistical data The MIBs requ...

Page 1095: ...user to control the properties of a ping test such as the number of packets to be sent the timeout interval the interval of time in which a test will be repeated whether or not to store probe statisti...

Page 1096: ...ntifiers for the information in these entries will have the same subidentifiers except for the column subidentifier up to the end of the encoded owner index To configure VACM to permit access to this...

Page 1097: ...esired state that a pingCtlEntry should be in enabled 1 Attempt to activate the test as defined by this pingCtlEntry disabled 2 Deactivate the test as defined by this pingCtlEntry Refer to the corresp...

Page 1098: ...ct to the value of pingCtlTrapProbeFailureFilter The object pingCtlTrapProbeFailureFilter can be used to specify the number of successive probe failures that are required before a pingProbeFailed noti...

Page 1099: ...robe packets On hosts with more than one IP address this option can be used to force the source address to be something other than the primary IP address of the interface the probe packet is sent on I...

Page 1100: ...n this table results in all corresponding same pingCtlOwnerIndex and pingCtlTestName index values pingResultsTable and pingProbeHistoryTable entries being deleted A value MUST be specified for pingCtl...

Page 1101: ...maximum ping round trip time RTT received A value of 0 for this object implies that no RTT has been received pingResultsAverageRtt This object indicates the current average ping round trip time RTT pi...

Page 1102: ...nds from when a probe was sent to when its response was received or when it timed out The value of this object is reported as 0 when it is not possible to transmit a probe pingProbeHistoryStatus This...

Page 1103: ...SAA test can be attached to SAA profile containing connectivity results thresholds This way SAA provides alarming capabilities on threshold crossing RTR module is extended to support pluggable OAM to...

Page 1104: ...the table one would create vacmViewTreeFamilyTable entries with the value of vacmViewTreeFamilySubtree including the owner index portion and vacmViewTreeFamilyMask wildcarding the column subidentifie...

Page 1105: ...rameloss This object indicates the two way calculated two way frame loss saaThresholdCtlTable This table defines the threshold profiles for SAA test It is indexed by unique set of thresholds uniquely...

Page 1106: ...be created and deleted in the saaThresholdCtlTable Profile must be created and activated before being bound to a SAA test saaCtlTable This table controls the applying of a threshold profile to SAA te...

Page 1107: ...MEFOAMCtlTable objects Table 8 saaPingMEFOAMCtlTable Objects Object Name Description saaPingMEFOAMDomain The value of this object is used to specify MEF OAM Domain saaPingMEFOAMMACAddr The value of th...

Page 1108: ...ltsAverageRtt pingResultsProbeResponses pingResultsSentProbes pingResultsRttSumOfSquares pingResultsLastGoodProbe pingTestFailed This notification is generated when a ping test is determined to have f...

Page 1109: ...tt pingResultsProbeResponses pingResultsSentProbes pingResultsRttSumOfSquares pingResultsLastGoodProbe SAA MIB The SAA MIB contains the following notification saaThresholdCrossed This notification is...

Page 1110: ...following action 1 Set the maximum number of concurrent active tests by setting the pingMaxConcurrentRequests with value 5 Execute SNMP SET RESPONSE START 1 set pingMaxConcurrentRequests with value 5...

Page 1111: ...2 set saaPingMEFOAMCtlTable saaPingMEFOAMVpnId default T1 with value 10 SNMP SET RESPONSE END SNMP SET RESPONSE START 3 set saaPingMEFOAMCtlTable saaPingMEFOAMMACAddr default T1 with value 11 22 33 4...

Page 1112: ...device name config saa test probe count 5 4 Specify the probes number stored in the statistics history table Execute SNMP SET RESPONSE START 1 set pingProbeHistoryTable default T1 with value 10 SNMP...

Page 1113: ...e 74 SNMP SET RESPONSE END This equals the command device name config saa test data size 64 1489 Argument Description 64 1489 Specifies the length in bytes of the probe test data By default data size...

Page 1114: ...MP SET RESPONSE END NOTE The saaThresholdCrossed notification can be configured only by snmp server notify command and can be received when thresholds are crossed up or down For more information see C...

Page 1115: ...2 set saaThresholdProfileName 1 with value Profile SNMP SET RESPONSE END This equals the command device name config saa profile 1 2147483647 PROFILENAME Argument Description 1 2147483647 Specifies the...

Page 1116: ...atency error 200 4 Enable frame loss error monitoring and set the frame loss error threshold value Execute SNMP SET RESPONSE START 1 set saaThresholdProfileFrameloss 1 with value 5 0 SNMP SET RESPONSE...

Page 1117: ...ONSE END This equals the command device name config saa test profile 1 2147483647 Argument Description 1 2147483647 Specifies the ID of the existing profile that is attached to the current SAA test Ex...

Page 1118: ...d the following action NOTE It is not allowed to remove a profile associated with a test If the user wants to delete a profile it should not be attached to current SAA test Execute SNMP SET RESPONSE S...

Page 1119: ...ry with index pingResultsProbeResponses default T1 SNMP SET RESPONSE END SNMP SET RESPONSE START 7 get saaPingResultsTable row entry with index saaPingResultsJitter default T1 SNMP SET RESPONSE END SN...

Page 1120: ...saa test T1 Test Name T1 Test Owner default Test type mef oam Administrative status enabled MAC 11 22 33 44 55 66 Service 1 Bucket 20 Probe priority 3 Profile Id 1 Profile Name Profile Probes per repe...

Page 1121: ...ption TESTNAME Specifies the name of the test OWNERNAME Optional Name of the owner of the test probe statistics Optional Displays probe statistics Example The following example displays the probe stat...

Page 1122: ...PONSE END SNMP SET RESPONSE START 3 get saaThresholdCtlTable entry row with index saaThresholdCtlTable 1 saaThresholdProfileFrameloss if exists SNMP SET RESPONSE END This equals the command device nam...

Page 1123: ...nment should be configured for Device1 and Device3 For additional information regarding the H VPLS configuration please refer to the Configuring MPLS and H VPLS chapter Figure 11 Performance monitorin...

Page 1124: ...saa test frequency 50 Device1 config saa test data size 74 Device1 config saa test timeout 5 6 Enable the SAA test Device1 config saa test no shutdown Device1 config saa test end 7 Send a pingTestCom...

Page 1125: ...nd Configure an SAA Test on Device1 1 Create an SAA threshold profile and set the jitter error threshold value latency error threshold value and frame loss error threshold value SNMP SET RESPONSE STAR...

Page 1126: ...1 with value 1 SNMP SET RESPONSE END SNMP SET RESPONSE START 3 set saaCtlTable saaCtlRowStatus default T1 with value active 1 SNMP SET RESPONSE END 5 Set the probes count probe statistics repeat frequ...

Page 1127: ...END 3 Enable the SAA test SNMP SET RESPONSE START 1 set pingCtlTable pingCtlRowStatus default T1 with value active 1 SNMP SET RESPONSE END SNMP SET RESPONSE START 2 set pingCtlTable pingCtlAdminStatus...

Page 1128: ...9 get saaPingResultsTable row entry with index saaPingResultsFrameloss default T1 SNMP SET RESPONSE END 2 Display the SAA threshold profile SNMP SET RESPONSE START 1 get saaThresholdCtlTable entry row...

Page 1129: ...y Fault Management EFM OAM Ethernet in the First Mile Operations Administration and Maintenance standards as defined by IEEE 802 3ah D3 0 MIB Management information Base MEF OAM Metro Ethernet Forum M...

Page 1130: ...ndards MIBs RFCs No standards are supported by this feature pingMIB requires that the user should be able to initiate a ping test to be executed on the managed device RFC2925 allows functionality for...

Page 1131: ...undry Network s implementation of the Remote Monitoring RMON feature The chapter consists of the following sections REMOTE MONITORING RMON 2 OVERVIEW 2 DISPLAYING RMON STATISTICS MONITORING 3 CONFIGUR...

Page 1132: ...orm defined in IEEE 802 3 Bad Packets Bad packets are packets that have proper framing and are therefore recognized as packets but contain errors within the packet or have an invalid length For exampl...

Page 1133: ...for rising and falling thresholds Effective use of the Events group saves you time Rather than having to watch real time graphs for important occurrences you can depend on the Events group for notifi...

Page 1134: ...hing core for transmission This counter should reflect all the data octets received on the line For oversized packets when they exceed the allocated buffer size only buffer size bytes are counted and...

Page 1135: ...command packet size limit no matter if CRC is valid or not DropEvents Not supported TotalInPkts This counter is incremented once for every received packet This includes rejected and local packets that...

Page 1136: ...ecuted Last1minInPkts Counts the number of packets received on the switch during the minute before the command was executed Last5minInPkts Counts the number of packets received on the switch during th...

Page 1137: ...scriptions show rmon event Displays the information for the specified RMON event rmon alarm counter Defines RMON alarm conditions show rmon alarm Displays the specified RMON alarm Setting an RMON Even...

Page 1138: ...all defined RMON events device name config no rmon event remove all defined rmon events y n y Displaying the RMON Event The show rmon event command in Privileged Enable mode displays the information f...

Page 1139: ...ions are updated counter index The index in range 1 17 of the counters of the statistics kept for a particular Ethernet interface For more information about the RMON counters see Table 4 UU SS PP Inte...

Page 1140: ...ulticastPkts The total number of good packets received that were directed to a multicast address Note that this number does not include packets directed to the broadcast address 6 CRCAlignErrors The t...

Page 1141: ...etween 65 and 127 octets inclusive excluding framing bits but including FCS octets 14 Pkts128to255Octets The total number of packets including bad packets received with lengths between 128 and 255 oct...

Page 1142: ...alarm If no argument is specified all currently defined RMON alarms are displayed Command Syntax device name show rmon alarm alarm index Argument Description alarm index Optional Alarm index in the r...

Page 1143: ...08 Foundry Networks Inc Page 13 of 14 Acronyms Table 5 provides a list of acronyms that are used in this document and lists their meaning Table 5 Acronyms Acronym Meaning CRC Cyclic Redundancy Check R...

Page 1144: ...14 Supported Platforms Feature NetIron M2404F NetIron M2404C Remote Monitoring RMON Supported Standards MIBs and RFCs Feature Standards MIBs RFCs Remote Monitoring RMON No standards are supported by t...

Page 1145: ...part of this chapter is dedicated to an explanation of the relevant logging commands The chapter consists of the following sections SYSTEM MESSAGE LOGGING 2 OVERVIEW 2 MESSAGE LOGGING DEFAULT CONFIGU...

Page 1146: ...ate log files Optional timestamps with configurable formats can be included in the message body They apply to all messages independent of origin module and destination Uptime The time since the last r...

Page 1147: ...e NVRAM Messages are time stamped to enhance real time debugging and management Trap level for logging should be configured per device NVRAM history buffer CLI console VTY terminal Telnet console and...

Page 1148: ...2 Mail system 3 System daemons 4 Security authorization messages 0 5 Messages generated internally by Syslog 6 Line printer subsystem 7 Network news subsystem 8 UUCP subsystem 9 Clock daemon 0 10 Sec...

Page 1149: ...oup Management Protocol RMON rmon Remote Monitoring module SNMP snmp Simple Network Management Protocol STP stp Spanning Tree Protocol RSTP rstp Rapid Spanning Tree Protocol MSTP mstp Multiple Spannin...

Page 1150: ...og server IP address None configured Logging to buffer Log module default buffer trap debugging NOTE When the module MODULE NAME argument is not specified the default module is assumed NOTE By default...

Page 1151: ...the CLI console that is attached to the COM port log telnet console Directs log output messages issued by the system to a Telnet console if the user is connected through Telnet client log server sysl...

Page 1152: ...is specified the log output contains messages from all system modules See Table 4 for the module name keyword trap TRAP LEVEL Specifies the literal trap value that limits the log output to the specif...

Page 1153: ...configuration to be changed If no module is specified the remote server is added to the default configuration To enable console logging to a Syslog server do the following Configure the Syslog server...

Page 1154: ...EVEL Specifies the literal trap value that limits the log output to a specified severity level See Table 2 for the trap level keywords Resizing Memory Buffer The log buffer resize to command in Global...

Page 1155: ...he priority field in the messages to be displayed and logged sequence number Includes the sequence number in the log messages syslog prefix Includes the prefix in the log message for every Syslog host...

Page 1156: ...t is MM dd hh mm ss msec localtime Optional Displays the local time zone offset relative to GMT timezone Optional Displays the time zone name msec Optional Adds milliseconds to the format NVRAM based...

Page 1157: ...Severity level is one critical Logs messages in the event of an internal error or a non supported event Severity level is two emergencies Logs messages in the event of an internal error that causes th...

Page 1158: ..._0 2002 01 01 07 05 13 errors test error message ttftptask 2002 01 01 07 45 05 errors transfer timed out ttftptask 2002 01 01 07 45 07 errors tftpget error occurred while transferring the file ttftpta...

Page 1159: ...mand Description show log Displays the logging configuration log buffer upload to Uploads the log buffer to a TFTP server using the specified file name Displaying the Logging Configuration The show lo...

Page 1160: ...ergencies cli console trap notifications telnet console trap warnings Synchronous logging terminals Example 2 This example shows that the OSPF module sends log messages to the remote Syslog server 192...

Page 1161: ...he user re enters Global Configuration mode and continues as long as that mode or any mode under it is active In subsequent configuration sessions as long as configuration history recording is enabled...

Page 1162: ...figure terminal interface sw0 ip address 131 119 251 201 24 ip ospf authentication key abcdefgh exit interface sw1 ip address 36 56 0 201 16 ip ospf authentication key ijklmnop exit Configuration sess...

Page 1163: ...Enabling Log Messages The following example shows how to enable log messages for the notification level that will be displayed by the console port on Telnet session and on remote Syslog server with I...

Page 1164: ...100 Flow control mode disable Flow control status disable Backpressure disable Broadcast limit unlimited Multicast limit unlimited Unknown limit unlimited Default VLAN 1 Port Crossover AUTO MDI MDIX...

Page 1165: ...t Protocol RIP Routing Information Protocol TIME Time synchronization clients IRDP ICMP Router Discovery Protocol IGMP Internet Group Management Protocol RMON Remote Monitoring module SNMP Simple Netw...

Page 1166: ...undry Networks Inc Page 22 of 22 Supported Platforms Feature NetIron M2404F NetIron M2404C System Message Logging Supported Standards MIBs and RFCs Feature Standards MIBs RFCs System Message Logging N...

Page 1167: ...RVER MODES 12 CONFIGURING THE DHCP SERVER OPTIONAL PARAMETERS 14 CONFIGURING THE DHCP SUBNET SPECIFIC PARAMETERS 24 CONFIGURING THE DHCP HOST SPECIFIC PARAMETERS 25 DHCP SERVER CONFIGURATION AND STATI...

Page 1168: ...onfiguration Flow 10 Figure 6 DHCP Server Example 37 Figure 7 Multiple DCHP Relay Agents 41 Figure 8 DHCP Relay Example 43 Figure 9 Network Topology Using DHCP 43 Figure 10 Format of the Virtual Circu...

Page 1169: ...ddress Dynamic allocation allows automatic reuse of an address that is no longer needed by the client to which it was assigned Thus dynamic allocation is particularly useful for assigning an address t...

Page 1170: ...lay agents eliminates the need to have a DHCP server on each physical network segment From the client s point of view DHCP is an extension of the BOOTP mechanism This behavior allows existing BOOTP cl...

Page 1171: ...ive out lengthy but non infinite leases to allow detection of the fact that the client has been retired In some environments it will be necessary to reassign network addresses due to exhaustion of ava...

Page 1172: ...server The DHCP server can use this information to implement IP address or other parameter assignment policies Figure 2 shows a typical network topology in which DHCP is in used The aggregation router...

Page 1173: ...o port DHCP broadcast isolation is achieved when the client ports are within a single VLAN During client to server exchanges broadcast requests from clients connected to VLAN access ports are intercep...

Page 1174: ...ts Static IP addresses are considerably more expensive to purchase than are automatically allocated IP addresses Reduced client configuration tasks and costs The DHCP server minimizes operational over...

Page 1175: ...e process of configuring the DHCP Server parameters Start Enable DHCP server globally per port per vlan Set the IP Address Distribution Mechanism Add a subnet or a host Set the Merit Dump File Set the...

Page 1176: ...ear Dynamic Host Configuration Protocol DHCP Debug Disabled Operating the DHCP Server Starting the DHCP Server Table 2 lists the DHCP server starting commands Table 2 DHCP Starting Commands Command De...

Page 1177: ...HCP Server per VLAN The service dhcp command in Specific VLAN Configuration mode Enables or disables the DHCP server per VLAN Once DHCP server is enabled all the VLANs that belong to the DHCP subnet a...

Page 1178: ...ption enable Enables the Round Robin mechanism disable Disables the Round Robin mechanism DHCP Server Modes Table 3 lists the DHCP server configuration modes Table 3 DHCP Server Configuration Modes Co...

Page 1179: ...g dhcp subnet device name config dhcp no subnet A B C D M Argument Description A B C D M The IP subnet address and the subnet mask WORD Optional The name of the defined subnet Example Defining subnet...

Page 1180: ...he DHCP Server optional parameters Table 4 DHCP Server Optional Parameters Commands Command Description dbexpire Specifies how long in seconds the DHCP server should wait before aborting a database tr...

Page 1181: ...Leases Database Expiration Time The dbexpire command in DHCP Server Configuration mode specifies how long in seconds the DHCP server should wait before aborting a database transfer Transfers that exc...

Page 1182: ...he IP addresses Command Syntax device name config dhcp option domain name servers A B C D device name config dhcp no option domain name servers A B C D device name config dhcp subnet option domain nam...

Page 1183: ...e option root path command in DHCP Server Configuration or in DHCP Subnet Configuration mode specifies the name of the path that contains the client s root file system in NFS notation The no form of t...

Page 1184: ...efault router gateway 20 20 0 100 device name config service dhcp device name config dhcp option router 20 20 0 100 Setting the Subnet Mask The option subnet mask command in DHCP Server Configuration...

Page 1185: ...o option broadcast address device name config dhcp subnet option broadcast address A B C D device name config dhcp subnet no option broadcast address Argument Description A B C D The broadcast address...

Page 1186: ...A B C D device name config dhcp no option log servers A B C D device name config dhcp subnet option log servers A B C D device name config dhcp subnet no option log servers A B C D Argument Descriptio...

Page 1187: ...ame config dhcp subnet no option bootstrap filename Argument Description WORD Character string specifying the bootstrap file name path with up to 254 characters Example The following example defines t...

Page 1188: ...for the internal DHCP database storage device name config service dhcp device name config dhcp database tftp 10 12 144 11 filename Leases dat write delay 60 Setting the DHCP Database Agent to FTP The...

Page 1189: ...hcp no max lease time Argument Description value The maximum lease time in seconds The range is 60 604800 seconds Specifying the Pathname of the Boot File The option bootfile name command in DHCP Serv...

Page 1190: ...dresses assigned by the DHCP server for leasing to the clients max lease time Specifies the maximal duration of leases in seconds Configuring IP Address Range The range command in DHCP Subnet Configur...

Page 1191: ...3 Set the requested IP address See Setting an IP Address for a Manual Binding to a DHCP Client Table 6 lists the commands to configure the DHCP host specific parameters Table 6 The DHCP Host Specific...

Page 1192: ...nd Command Syntax device name config dhcp host fixed ip address A B C D device name config dhcp host no fixed ip address Argument Description A B C D The IP address of the client Example The following...

Page 1193: ...Example The following example specifies the file name of the boot image for host Machine1 as Boot_file device name config service dhcp device name config dhcp host Machine1 device name config dhcp ho...

Page 1194: ...istics leases Displays the statistics and status of the specified lease or the status of all leases that are currently in use Displaying the DHCP Configuration The show ip dhcp command in Privileged E...

Page 1195: ...IP address 192 168 2 210 Bootstrap server IP 55 55 55 55 Bootstrap file name Host img Unknown Circuit ID policy is PERMIT Example 2 Displaying the DHCP server subnet configuration device name show ip...

Page 1196: ...20 has 11 free and 0 used IP addresses Displaying the DHCP Server Packets Statistics The show ip dhcp packets command in Privileged Enable mode displays statistics about all known DHCP packet types wh...

Page 1197: ...bnet The subnet can be specified by an IP address or name If the argument all is specified this command displays the status of all defined subnets Command Syntax device name show ip dhcp statistics su...

Page 1198: ...ll active leases Example 1 The following example displays the status all active DHCP leases device name show ip dhcp statistics leases all IP address Name Lease Expiration MAC Address 4 4 4 100 lab_3...

Page 1199: ...DHCP server will not reply to the host request for an IP address Command Syntax device name config dhcp unknown circuit id deny permit Argument Description permit The DHCP server assigns addresses fro...

Page 1200: ...e IP address of a TFTP server The no form of the command disables the DHCP option 66 Command Syntax device name config dhcp option tftp server A B C D device name config dhcp no option tftp server Arg...

Page 1201: ...e Command Syntax device name config dhcp reset packet stats Example device name config service dhcp device name config dhcp reset packet stats DHCP packet statistics reset successfully DHCP Server Deb...

Page 1202: ...ns The show debug dhcp command in Privileged Enable mode displays the status of the debug actions that are currently activated in the DHCP server The debug commands can help the network manager to mon...

Page 1203: ...0 0 24 3 Set the IP address range device name config dhcp subnet range 30 30 30 1 30 30 30 100 4 Set the client s default gateway to 30 30 30 110 device name config dhcp subnet option router 30 30 30...

Page 1204: ...ation mode to configure host PC2 device name config dhcp host PC2 14 Set the host PC2 MAC address device name config dhcp host hardware address 00 01 44 d0 23 34 15 Enable the IP address 30 30 40 1 fo...

Page 1205: ...device name config service dhcp 2 Enter into DHCP Subnet configuration mode device name config dhcp subnet 10 0 0 0 8 3 Define the IP address range with a hexadecimal circuit ID value when the VLAN ta...

Page 1206: ...ode and set the unknown circuit ID policy to deny device name config dhcp subnet exit device name config dhcp unknown circuit id deny 5 Exit DHCP configuration mode and enable the DHCP server operatio...

Page 1207: ...16 with the name SUB device name config dhcp subnet 10 10 0 0 16 name SUB 4 Create a range for circuit ID hostA tag 23 VLAN 10 and port 1 with the name RAN1 device name config dhcp subnet range 10 10...

Page 1208: ...undry NetIron M2404C and M2404F Metro Access Switches Configuring DHCP Features Rev 03 DHCP Server 2008 Foundry Networks Inc Page 42 of 63 7 Enable the DHCP server device name config service dhcp enab...

Page 1209: ...s and the server is on a different subnet Figure 8 DHCP Relay Example NOTE When a super VLAN user port is configured on the relay agent DHCP client packets will only be relayed if the following access...

Page 1210: ...23 the result in the automatic circuit ID assignment will be as follows in string format 00023000200000000001 in hexadecimal format 30 30 30 32 33 30 30 30 32 30 30 30 30 30 30 30 30 30 30 31 The circ...

Page 1211: ...t ID is shown in Figure 14 Circuit ID Type one byte Length one byte VLAN Tag two bytes Slot one byte Port one byte Figure 14 Format of the Binary Circuit ID Circuit ID type one byte this field has a c...

Page 1212: ...ysical port through which it connects to the network Figure 16 is an example of a metropolitan Ethernet network in which a centralized DHCP server assigns IP addresses to subscribers connected to a de...

Page 1213: ...ween the two DHCP relay agents at the DHCP server Figure 17 Multiple DCHP Relay Agents DHCP Relay Agent Default Configuration Table 13 shows the default DHCP relay agent configuration Table 13 DHCP Re...

Page 1214: ...The ip dhcp server command in Global Configuration mode sets an IP address for the DHCP server The no form of this command removes the DHCP server IP address Command Syntax device name config ip dhcp...

Page 1215: ...cp relay dhcp server address A B C D NOTE Up to three DHCP servers per port and up to three DHCP servers per VLAN can be configured Argument Description A B C D Specifies the IP address of the DHCP se...

Page 1216: ...s the value of the Option 82 relay tag ip dhcp relay bootp reply ttl value Specifies the time to live value in the relay packet dhcp relay information policy Determines the actions to be performed on...

Page 1217: ...ckets transmitted by the DHCP client arrive at the relay agent device their information Option 82 field is kept unchanged global pass transparent When packets transmitted by the DHCP client arrive at...

Page 1218: ...id command in Global Configuration mode defines the circuit ID to a specified port and VLAN when the user wants to use a circuit ID different from that which is automatically generated The no form of...

Page 1219: ...ly ttl value command in Global Configuration mode specifies the time to live value in the relay packet Command Syntax device name config ip dhcp relay bootp reply ttl value 1 255 Argument Description...

Page 1220: ...tted by the DHCP client arrive at the relay agent device they are dropped replace When packets transmitted by the DHCP client arrive at the relay agent device their information Option 82 field is repl...

Page 1221: ...fied VLAN Note that this option can only be used in Interface Configuration mode Displaying DHCP Relay Agent and Option 82 Information Table 16 lists the commands displaying the DHCP Relay Agent Infor...

Page 1222: ...ip dhcp relay information policy Example device name show ip dhcp relay information policy DHCP Relay information policy is drop Displaying the Option 82 Relay Tag The show ip dhcp relay tag command...

Page 1223: ...nfig interface sw1 device name config if sw1 ip address 20 2 1 201 18 device name config if sw1 exit 3 Create a VLAN and relate it to the IP interface sw1 device name config vlan device name config vl...

Page 1224: ...1 5 1 1 7 device name config vlan default exit 8 View the DHCP relay agent configuration device name show dhcp GLOBAL SETTING dhcp relay dhcp server address 20 2 1 252 interface name state sw5 enabled...

Page 1225: ...cy replace is defined for packets incoming from clients The tag is configured for the identification of the DHCP relay agent 1 Configure the DHCP server IP address device name config ip dhcp server 10...

Page 1226: ...users device name config if sw1 interface sw2 device name config if sw2 ip address 10 10 0 1 16 device name config if sw2 dhcp relay device name config if sw2 exit 3 Create the VLAN for the connectio...

Page 1227: ...nfig ip dhcp server 20 20 0 2 7 Enable Option 82 device name config interface sw2 device name config if sw2 dhcp relay information device name config if sw2 exit 8 Assign a tag value to the DHCP relay...

Page 1228: ...The following provides a list of acronyms that are used in this document and lists their meaning Table 17 Acronyms Acronym Meaning ARP Address Resolution Protocol BOOTP Bootstrap Protocol DHCP Dynamic...

Page 1229: ...mib RFC 951 Bootstrap Protocol BOOTP RFC 1542 Clarifications and Extensions for the Bootstrap Protocol RFC 2131 Dynamic Host Configuration Protocol RFC 2132 DHCP Options and BOOTP Vendor Extensions RF...

Page 1230: ...TARGETED PEER MODE 21 MPLS CONFIGURATION IN PRIVILEGED ENABLE MODE 22 CONFIGURING STATIC LABEL SWITCHED PATHS 25 CONFIGURING LABEL SWITCHED PATHS 28 GLOBAL MODE H VPLS CONFIGURATION COMMAND 36 H VPLS...

Page 1231: ...ry NetIron M2404C and M2404F Metro Access Switches Configuring MPLS and H VPLS Rev 03 Table of Figures 2008 Foundry Networks Inc Page 2 of 113 SUPPORTED PLATFORMS 113 SUPPORTED STANDARDS MIBS AND RFCS...

Page 1232: ...Connection 11 Figure 8 LSR Configuration Flow 11 Figure 9 MPLS Configuration Flow in LDP Mode 19 Figure 10 VC Type 40 Figure 11 Establishing Two Static PWs between Two HUBs and a Spoke Device dual ho...

Page 1233: ...Ps The incoming labels are used as an index into a label information base which specifies the next hop interface for the packet as well as the new label to be attached to the packet Nodes in the core...

Page 1234: ...is used to build routing tables However static configuration of routes is also an option MPLS devices then build label forwarding tables by negotiating label mappings with each peer for each routing...

Page 1235: ...9 indicates port 0 Since LER 2 is the egress LER there is no further need for a label The existing label is discarded and the packet is forwarded onto IP network 172 16 Label swapping as described in...

Page 1236: ...ch the LSR is not the egress and no mapping exists the LSR must wait until a label from a downstream LSR is received before mapping the FEC and passing corresponding labels to upstream LSRs An LSR may...

Page 1237: ...further deployed into Hierarchical VPLS without having to spread the full mesh of pseudowires outside the provider core network While traveling along a PW packets contain a stack of two labels Both l...

Page 1238: ...dowire is operating in raw mode service delimiting tags are never sent over the pseudowire If a service delimiting tag is present when the packet is received from a user by the PE it must be removed f...

Page 1239: ...ce for the VLAN in question Hierarchical VPLS H VPLS The VPLS model described in the previous sections relies on a full mesh of pseudowires which implement any to any connectivity in the provider core...

Page 1240: ...MTU and PE devices are directly connected to each other over a Layer 2 connection Consequently a transport label is not needed The packet format is shown in Figure 7 Figure 7 Packet Format over the Di...

Page 1241: ...IP address of interface sw0 Global Egress Label Range 28672 131071 Ingress Egress Marking Rule none Global Ingress Label Range 28672 131071 LDP Transport address Default transport address Hello Hold T...

Page 1242: ...on a specific IP interface mpls global label space Enables the use of a global label space for the selected interface mpls egress label range Specifies the range for the egress label value on a specif...

Page 1243: ...range Argument Description 28672 131071 Specifies the minimum egress label value in the range 28672 131071 The minimum egress label value must be less than the maximum egress label value 28672 131071...

Page 1244: ...in IP Interface Configuration mode sets the time in seconds for LDP to wait before it tears down an adjacency in case it has not received a hello message from the peer The no form of this command set...

Page 1245: ...gress label range Specifies the range for the ingress label value on a global device label pool router ldp Enables the LDP protocol and accesses LDP protocol configuration mode mpls tunnel label Speci...

Page 1246: ...672 131071 Specifies maximum egress label value in the range 28672 131071 The maximum egress label value must be greater than the minimum egress label value Adding Ingress Egress Marking Rule The mpls...

Page 1247: ...28672 131071 The minimum ingress label value must be less than the maximum ingress label value 28672 131071 Specifies maximum ingress label value in the range 28672 131071 The maximum ingress label v...

Page 1248: ...ue of the transport label value for the first uplink port 16 1048575 Specifies the value of the transport label value for the second uplink port MPLS Configuration in LDP Mode Configuration Flow The f...

Page 1249: ...and will close this session Command Syntax device name config router targeted peer A B C D device name config router peer A B C D device name config router no targeted peer A B C D Argument Descriptio...

Page 1250: ...eep alive message from the peer LDP entity shutdown Temporarily disables the targeted peer Changing the LDP Targeted Peer The targeted peer command in LDP Targeted Peer mode changes the active targete...

Page 1251: ...eepalive hold time interval in seconds Administratively Shutting Down a Targeted Peer The shutdown command in LDP Peer Configuration mode administratively disables a specific LDP targeted peer The no...

Page 1252: ...SP NAME prefix A B C D M size octets ttl label ttl count count timeout timeout draft3 rfc Argument Description lsp LSP NAME Optional Specifies the name of the LSP to ping prefix A B C D M Optional Spe...

Page 1253: ...M size octets ttl label ttl count count timeout timeout draft3 rfc Argument Description lsp LSP NAME Optional Specifies the name of the LSP to trace prefix A B C D M Optional Specifies the prefix of...

Page 1254: ...le 7 Static LSP Configuration Commands Command Description mpls static lsp Creates a new static LSP and enters the Static LSP Configuration mode nexthop Specifies the IP address of the next LSR mpls l...

Page 1255: ...pecifies the IP address of the next LSR IF NAME The outgoing interface to use for reaching the next LSR in format swN The range is 0 255 Enabling the LSP Hold Timer The mpls lsp hold timer command in...

Page 1256: ...nt Description 32 1023 The label carried by incoming traffic IF NAME The name of the interface used by incoming traffic Specifying a Label to Push The push command in Static LSP Configuration mode det...

Page 1257: ...ds have been used to configure the corresponding components of the LSP ingress lsr id egress lsr id persistent path Explanations on these commands can be found in this section of the document When con...

Page 1258: ...st reroute mode Sets the desired fast reroute FRR mode for a specific LSP backup setup priority Specifies setup priority for backup LSPs which LSPs will protect the current LSP backup holding priority...

Page 1259: ...the command removes any value previously defined Command Syntax device name config lsp NAME commit rate 1 1000000 device name config lsp NAME no commit rate Argument Description 1 1000000 The average...

Page 1260: ...LSR ID value Setting LSP Setup Priority The setup priority command in LSP Configuration mode specifies setup priority for a specific LSP The no form of this command sets this parameter to its default...

Page 1261: ...record route Enabling Disabling Recording of LSP Labels after Signaling The record labels command in LSP Configuration mode enables disables LSP label recording of the signaling protocol The no form...

Page 1262: ...reroute mode facility device name config lsp NAME no fast reroute mode Argument Description facility Specifies fast reroute protection mode using the facility backup method Setting Setup Priority for...

Page 1263: ...he default value By default max backup hops value is 32 Command Syntax device name config lsp NAME max backup hops 0 255 device name config lsp NAME no max backup hops Argument Description 0 255 Speci...

Page 1264: ...s a new path and enters LSP Path Configuration mode If path with the same name already exists then only the mode changes The no form of this command deletes the specified path Command Syntax device na...

Page 1265: ...mode vpls revertive mode Enables disables VPLS revertive mode Setting the Device Qualified Unqualified H VPLS Mode The vpls mode command in Global Configuration mode sets the global operation mode fo...

Page 1266: ...s revertive mode command in Global configuration node enables disables VPLS revertive mode Enabling this mode forces VPLS to switch from backup SDPs to primary SDPs after all primary SDPs are restored...

Page 1267: ...shutdown Disables the specified VPLS service customer name Stores general text information regarding the customer description Stores a description for a specified VLL VPLS VPN path mtu Sets MTU value...

Page 1268: ...id can only be configured when qualified mode is chosen on the device In qualified operation mode the vlan argument is mandatory description WORD Optional Description of the SAP option Optional Specif...

Page 1269: ...name config vpls ID no secure saps Configuring the VC type of Spoke Service Distribution Paths SDP for a specific VPLS The vc type command in VPLS configuration mode changes the encapsulation type of...

Page 1270: ...DP protocol is used to negotiate labels A single spoke SDP can be defined per VPN The backup spoke SDP is an option When a hardware failure occurs on the selected uplink port link loss the MPLS Hardwa...

Page 1271: ...ce name config interface lo1 device name config if lo1 ip address 1 1 1 1 32 device name config if lo1 exit device name config ip route 2 2 2 2 32 55 0 0 2 device name config mpls ingress 2 2 2 2 32 d...

Page 1272: ...s group id group id lsp WORD device name config vpls ID no spoke sdp static backup UU SS PP AGID remote peer A B C D Argument Description static Configures the static spoke SDP backup Optional Specifi...

Page 1273: ...the specified VPLS service When the service is disabled SDPs are not operational and the statistics are reset The no form of the command enables the configured VPLS service By default the VPLS VLL VPN...

Page 1274: ...nfiguration command Table 12 VPLS in SAP Mode Configuration Command Command Description ingress scheduler policy Applies ingress scheduler policy to the SAP egress scheduler policy Applies egress sche...

Page 1275: ...yntax device name config vpls sap UU SS PP VLAN ID egress scheduler policy SCHEDULER POLICY NAME device name config vpls sap UU SS PP VLAN ID no egress scheduler policy Argument Description SCHEDULAR...

Page 1276: ...are not attached to a customer site Command Syntax device name config vpls sap UU SS PP VLAN ID customer site CUSTOMER SITE NAME device name config vpls sap UU SS PP VLAN ID no customer site Argument...

Page 1277: ...mode creates a Customer Site The no form of this command removes the specified Customer Site Command Syntax device name config customer site NAME device name config customer site NAME device name conf...

Page 1278: ...ifies the name of the Scheduler Policy that is to be applied Displaying MPLS Information Table 14 lists the MPLS display command Table 14 MPLS Display Command Command Description show mpls interface D...

Page 1279: ...the LSP show mpls lsp hold timer Displays the length of the hold timer Displaying the Status of MPLS LSPs The show mpls lsp command in Privileged Enable Configuration mode displays the current state o...

Page 1280: ...27 Backup FRR outgoing information Bypass if Bypass Lbl MP Label Dest MAC address Interface Port 1025 28672 28674 00 12 F2 87 F0 0B sw12 1 1 28 Table 16 Tunnel States Displayed by the show mpls lsp C...

Page 1281: ...mode displays the current hold timer value Command Syntax device name show mpls lsp hold timer Example device name show mpls lsp hold timer lsp hold timer 5 Displaying Static LSP Information Table 17...

Page 1282: ...nformation about current LDP sessions Displaying Information on LDP Peers The show mpls ldp peer command in Privileged Enable mode displays details on the LDP peers already discovered Command Syntax d...

Page 1283: ...ncies The show mpls ldp discovery command in Privileged Enable mode displays information about current LDP Hello Adjacencies Command Syntax device name show mpls ldp discovery Example device name show...

Page 1284: ...guration Commands Command Description show running config ldp Enables displaying the LDP tunnel configuration show running config lsp Enables displaying the LSP running configuration Displaying the Cu...

Page 1285: ...id 30 30 30 30 egress lsr id 1 1 1 1 mpls lsp 3_to_1_Backup guarded destination 1 30 3 1 path backup hop 1 43 3 2 strict hop 1 54 3 2 strict hop 1 65 3 2 strict hop 1 60 3 2 strict hop 100 200 3 1 str...

Page 1286: ...xit ingress lsr id 30 30 30 30 egress lsr id 50 50 50 50 Static LSP configuration Displaying the Current LSP Running Configuration The show runnig config lsp command in Privileged Enable mode enables...

Page 1287: ...30 30 egress lsr id 1 1 1 1 mpls lsp 4_to_2_Guard guarded destination 100 200 3 2 path Guard hop 1 43 3 2 strict hop 1 54 3 2 strict hop 1 65 3 2 strict hop 1 60 3 2 strict exit ingress lsr id 30 30 3...

Page 1288: ...LS configuration show vpls uplink ports Displays information about the VPLS uplink ports Displaying the Current VPLS Configuration The show vpls command in Privileged Enable mode displays details abou...

Page 1289: ...dual homing This example demonstrates unqualified configuration on all devices using Loopback interfaces static routes and static LSPs Figure 11 Establishing Two Static PWs between Two HUBs and a Spok...

Page 1290: ...p lsp 2 pop DeviceA config static lsp lsp 2 label map 32 sw1 DeviceA config static lsp lsp 2 no shutdown DeviceA config static lsp lsp 2 exit 6 Set VPLS mode and define VPLS instance 12 DeviceA config...

Page 1291: ...33 sw2 DeviceB config static lsp lsp 2 no shutdown DeviceB config static lsp lsp 2 exit 6 Set VPLS mode and define VPLS instance 12 DeviceB config vpls mode unqualified DeviceB config vpls 12 DeviceB...

Page 1292: ...ic lsp lsp 1 nexthop 11 0 0 2 sw1 Spoke config static lsp lsp 1 no shutdown Spoke config static lsp lsp 1 exit Spoke config mpls static lsp lsp 2 Spoke config static lsp lsp 2 pop Spoke config static...

Page 1293: ...s 11 0 0 2 8 DeviceA config if sw1 mpls rsvp DeviceA config if sw1 exit DeviceA config vlan DeviceA config vlan create v11 11 DeviceA config vlan config v11 DeviceA config vlan v11 add ports 1 1 27 un...

Page 1294: ...ce 12 DeviceA config vpls mode unqualified DeviceA config vpls 12 DeviceA config vpls 12 def vc id 10 DeviceA config vpls 12 sap 1 1 1 DeviceA config vpls 12 spoke sdp ldp peer 1 1 1 1 lsp lsp 1 Devic...

Page 1295: ...1 ingress lsr id 3 3 3 3 DeviceB config lsp lsp 1 egress lsr id 1 1 1 1 DeviceB config lsp lsp 1 exit 8 Set VPLS mode and define VPLS instance 12 DeviceB config vpls mode unqualified DeviceB config v...

Page 1296: ...3 3 3 32 12 0 0 2 6 Set the LSR ID of the device Spoke config mpls lsr id 1 1 1 1 7 Enable and configure LDP protocol Spoke config router ldp Spoke config router transport address 1 1 1 1 Spoke config...

Page 1297: ...ishing Two Dynamic PWs between Two HUBs and a Spoke Device dual homing Device A Configuration 1 Create interface sw1 and VLAN v11 DeviceA configure terminal DeviceA config interface sw1 DeviceA config...

Page 1298: ...mode unqualified DeviceA config vpls 12 DeviceA config vpls 12 def vc id 10 DeviceA config vpls 12 sap 1 1 1 DeviceA config vpls 12 spoke sdp ldp peer 1 1 1 1 DeviceA config vpls 12 exit DeviceA conf...

Page 1299: ...tance 12 DeviceB config vpls mode unqualified DeviceB config vpls 12 DeviceB config vpls 12 def vc id 10 DeviceB config vpls 12 sap 1 1 1 DeviceB config vpls 12 spoke sdp ldp peer 1 1 1 1 DeviceB conf...

Page 1300: ...config ip route 2 2 2 2 32 11 0 0 2 Spoke config ip route 3 3 3 3 32 12 0 0 2 6 Set the LSR ID of the device Spoke config mpls lsr id 1 1 1 1 7 Enable and configure LDP protocol Spoke config router l...

Page 1301: ...twork control protocol used by a host to request specific qualities of service from the network for particular application data streams or flows RSVP is also used by routers to deliver quality of serv...

Page 1302: ...ast Reroute is a mechanism that facilitates fast local repair of LSPs in case of link or node failures It extends RSVP to request link or node protection by appending a Fast Reroute object in the Path...

Page 1303: ...and the Merge Point in that order Types of Local Protection Methods There are two different methods for local protection One to One backup method and Facility Backup Method This device supports the l...

Page 1304: ...The head end also determines what constraints should be requested for the backup paths of a protected LSP To indicate that an LSP should be locally protected the head end LSR either sets the local pr...

Page 1305: ...zero Ingress nodes that wish to narrow the scope of a SESSION to the ingress egress pair may place their IP address here as a globally unique identifier IPv4 tunnel sender address IPv4 address for a s...

Page 1306: ...the bypass tunnel and to start sending the control traffic for the protected LSP onto the bypass tunnel The backup tunnel is identified by using the sender template specific method The SESSION is unc...

Page 1307: ...ore optimal path by noticing failures reported via the IGP Note that in the case of inter area TE LSP TE LSP spanning areas the head end LSR will have to rely exclusively on Path Error messages to be...

Page 1308: ...p LSPs and possibly for the protected LSP Each of these Path messages will have a different SENDER_TEMPLATE The protected LSP can be recognized because it will include the FAST_REROUTE object or have...

Page 1309: ...E default configuration Table 22 RSVP TE Default Configuration Parameter Default Value Local repair delay interval 1000 milliseconds LSP holding priority 3 LSP setup priority 4 Number of refresh timeo...

Page 1310: ...lliseconds Hello persist parameter 1 Hello tolerance parameter 5 Hello TTL parameter 255 Refresh interval 0 globally defined value Number of unresponded refresh attempts 0 RR decay in Router and IP In...

Page 1311: ...priority Sets the setup priority of the LSPs lsp holding priority Sets the holding priority of LSPs fast reroute retry interval Specifies the time interval between retries when trying to set up a bac...

Page 1312: ...val in milliseconds between the refresh PATH and RESV messages The no form of this command sets the interval to its default value To maintain path states and resource reservations on the routers in an...

Page 1313: ...ription 1 214783647 Specifies the number of refresh timeout periods Setting the Default LSP Setup Priority Non Signaled Parameter The lsp setup priority command in Router Configuration mode sets the s...

Page 1314: ...apid retransmission interval for each consecutive unacknowledged RSVP Notify message A value of 0 indicates a constant retransmission rate The no form of this command sets the Notify RR decay to the d...

Page 1315: ...oresaffoninif device name config router no rsvp extensions bypassfastreroute noresaffoninif Argument Description bypassfastreroute Enables support for facility backup protection for LSPs If this optio...

Page 1316: ...svp init path interval Argument Description 1000 214783647 Specifies the retransmission interval in milliseconds Setting the Maximum Number of Times to Resend Initial Path Message The rsvp init path l...

Page 1317: ...val Defines the interval between sending consecutive Hello messages mpls rsvp hello decay Defines the interval between sending consecutive Hello messages mpls rsvp hello tolerance Specifies the number...

Page 1318: ...interval command in IP Interface Configuration mode specifies the time interval in milliseconds to wait before a message is resent in case no acknowledgement is received This is true but for Notify m...

Page 1319: ...the PATH and RESV Un Responded Refresh Attempts The mpls rsvp refresh multiple command in IP Interface Configuration mode specifies the number of un responded PATH or RESV refresh attempts which will...

Page 1320: ...ies the hello interval value in milliseconds The interval can be defined manually using the mpls rsvp hello interval command in IP Interface Configuration mode Setting the Percentage Increase of Hello...

Page 1321: ...Hello TTL The mpls rsvp hello ttl command in IP Interface Configuration mode defines the Time To Live that will be set in the IP header of all Hello packets that are sent to the neighbor associated wi...

Page 1322: ...ress 11 0 0 1 8 deviceA config if sw1 mpls rsvp deviceA config if sw1 ospf hello interval 1 deviceA config if sw1 ospf dead interval 3 deviceA config if sw1 exit deviceA config interface sw2 deviceA c...

Page 1323: ...1 0 0 2 8 deviceB config if sw2 mpls rsvp deviceB config if sw2 ospf hello interval 1 deviceB config if sw2 ospf dead interval 3 deviceB config if sw2 exit deviceB config interface lo1 deviceB config...

Page 1324: ...sw1 deviceC config vlan v12 exit deviceC config vlan config v13 deviceC config vlan v13 add ports 1 1 28 untagged deviceC config vlan v13 add ports default 1 1 28 deviceC config vlan v13 rif sw2 devi...

Page 1325: ...mpls lsr id 3 3 3 3 deviceC config router ldp deviceC config router transport address 3 3 3 3 deviceC config router targeted peer 1 1 1 1 deviceC config router peer 1 1 1 1 exit deviceC config router...

Page 1326: ...p 3_1 ingress lsr id 3 3 3 3 deviceC config lsp 3_1 egress lsr id 1 1 1 1 deviceC config lsp 3_1 path primary_deviceC_to_deviceA deviceC config tunnel path hop 12 0 0 2 strict deviceC config tunnel pa...

Page 1327: ...config hqos DeviceA config hqos shaper profile ingress 66 2000 2000 10 10 Shaping profile parameters may be rounded DeviceA config hqos shaper profile ingress 65 59904 69632 10 10 Shaping profile par...

Page 1328: ...g hqos in fc be vpt 0 yellow DeviceA config hqos in fc be queue 2 parent 200_1 DeviceA config hqos in fc be exit DeviceA config hqos in 20 fc ef DeviceA config hqos in fc ef vpt 5 yellow DeviceA confi...

Page 1329: ...s 2 2 2 2 DeviceA config router exit DeviceA config VLAN Configuration 6 Create the following VLANs and the appropriate ports are added removed to from each VLAN and bind the uplink vlans to the logic...

Page 1330: ...router rsvp 12 Disable the Local Repair Delay and enable support for facility backup protection for LSPs DeviceA config router local repair delay disabled DeviceA config router rsvp extensions bypass...

Page 1331: ...iceA config lsp backup_DeviceC exit DeviceA config VPLS Configuration 22 Set VPLS mode and the VPLS instance to 100 DeviceA config vpls mode qualified DeviceA config vpls 100 23 Set the vc type to 0x0...

Page 1332: ...config if sw2 interface sw3 DeviceB config if sw3 mpls DeviceB config if sw3 ip address 20 3 1 1 24 DeviceB config if sw3 exit 4 Specify all routes learned by the OSPF protocol and set route marking p...

Page 1333: ...DeviceB config vlan exit DeviceB config LDP Configuration 8 Set the LSR ID of the device DeviceB config mpls lsr id 3 3 3 3 9 Enable the LDP protocol DeviceB config router ldp 10 Define a transport ad...

Page 1334: ...iceB config mpls lsp backup_DeviceB 19 Set LSP guarded destination and path DeviceB config lsp backup_DeviceB guarded destination 20 1 1 1 DeviceB config lsp backup_DeviceB path DeviceB_right 20 Defin...

Page 1335: ...lan 2 2 Set interface speed and duplex mode for the following interface DeviceC config if 1 1 4 interface 1 1 8 DeviceC config if 1 1 8 speed 100 DeviceC config if 1 1 8 duplex full DeviceC config if...

Page 1336: ...default DeviceC config vlan default remove ports 1 1 4 1 1 8 1 1 27 1 1 28 DeviceC config vlan default exit DeviceC config vlan create 30 30 DeviceC config vlan config 30 DeviceC config vlan 30 add p...

Page 1337: ...te DeviceC config lsp toESS record labels 3 Set FRR mode DeviceC config lsp toESS fast reroute mode facility 4 Configure path hops DeviceC config lsp toESS path toESS DeviceC config tunnel path hop 20...

Page 1338: ...ce to 100 DeviceC config vpls mode qualified DeviceC config vpls 100 2 Set the vc type to 0x04 Ethernet tagged mode and virtual circuit ID to 100 DeviceC config vpls 100 vc type vlan DeviceC config vp...

Page 1339: ...tion related to processing the VPLS LDP LSP and RSVP Tunnel features will be displayed Use the no form of this command to disable the display of the debug information Command Syntax device name debug...

Page 1340: ...ate Machines FSM Enabling Displaying RSVP LSP related Debug Information The debug mpls rsvp tunnel command in Privileged Enable mode enables displaying debug information related to the RSVP LSP featur...

Page 1341: ...itched Path LSR Label Switch Router MP Merge Point MPLS Multi Protocol Label Switching MTU Maximum Transmission Unit OSPF Open Shortest Path First routing protocol PE Provider Edge router PLR Point of...

Page 1342: ...this feature RFC 3031 Multiprotocol Label Switching Architecture RFC 3036 LDP Specification RFC 3063 MPLS Loop Prevention Mechanism RFC4379 Detecting Multi Protocol Label Switched MPLS Data Plane Fail...

Page 1343: ...ITES 17 TRAFFIC MONITORING DEFAULT CONFIGURATION 17 CONFIGURING AND DISPLAYING A MONITOR SESSION 17 CONFIGURATION EXAMPLES 19 WATCHDOG FEATURES 21 OVERVIEW 21 WATCHDOG DEFAULT CONFIGURATION 22 CONFIGU...

Page 1344: ...Foundry NetIron M2404C and M2404F Metro Access Switches Troubleshooting and Monitoring Rev 03 Table of Figures 2008 Foundry Networks Inc Page 2 of 55 SUPPORTED STANDARDS MIBS AND RFCS 54...

Page 1345: ...Switches Troubleshooting and Monitoring Rev 03 Table of Figures 2008 Foundry Networks Inc Page 3 of 55 Table of Figures Figure 1 Example of Monitor Session Configuration on Interface 15 Figure 2 Examp...

Page 1346: ...iled 2 BiST by request At any time a user may request BiST execution by using the self test command in Privileged Enable mode The BiST allows the user to perform the self test available in CLI enable...

Page 1347: ...Flapping Test Checks the frequency of port flapping CPU Resources Test Checks percentage of CPU utilization Periodic test RAM Resources Test Checks percentage of RAM utilization Periodic test BiST Com...

Page 1348: ...Self Test Results The show self test command in Privileged Enable mode issues a report on the current built in test status generated by the previous BiST If the argument full is not specified the com...

Page 1349: ...e Validity Passed PROM Device Access Validity Passed Power Supply Test Power Supply 1 Passed Power Supply Fan 1 Passed Power Supply 2 Passed Power Supply Fan 2 Passed On board Power Test On board Powe...

Page 1350: ...values to the destination On the screen each router that is crossed between the source computer and the destination IP address will be displayed Table 3 lists the commands for troubleshooting connecti...

Page 1351: ...to reach the destination host or until the maximum TTL is reached By default the TTL value is 64 To determine when a datagram reaches its destination traceroute sets the UDP destination port number in...

Page 1352: ...eachable message is returned The possible ping character output Each exclamation mark indicates receipt of a reply Each period indicates that the network server timed out while waiting for a reply Com...

Page 1353: ...4F Metro Access Switches Troubleshooting and Monitoring Rev 03 Diagnosing Connectivity Problems 2008 Foundry Networks Inc Page 11 of 55 Sending 5 80 byte ICMP Echoes to 212 29 220 136 timeout 30 sec d...

Page 1354: ...wn limit Sets a limit to the rate of the Layer 2 unknown packets on the configured interface Storm Protection Default Configuration Table 6 shows the default values for protecting the device from mult...

Page 1355: ...g new address Enabled Max Packet Size MRU 1528 Setting a Rate Limit to Layer 2 Unknown Packets The unknown limit command in Interface Configuration mode sets a limit to the rate of the Layer 2 unknown...

Page 1356: ...1 1 end device name show interface 1 1 1 Name Type 100BaseTX L3 EnableState enable Link down Duplex speed mode autonegotiate Duplex speed status unknown Flow control mode disable Flow control status...

Page 1357: ...ort with source ports and source VLANs The user configures monitor sessions by using parameters that specify the source of network traffic to the monitor For example in Figure 1 all traffic on ports 1...

Page 1358: ...port for that monitor session NOTE In the case of the Tx monitor session the copies of the packets are forwarded to the monitoring destination port before the 802 1q header is changed and packets are...

Page 1359: ...ot define different monitoring directions transmit receive for both a VLAN list and an interface list concurrently such as the transmit source defined to be a VLAN list and the receive source defined...

Page 1360: ...d to create a new monitor session NOTE If the user wants to monitor the traffic on the LAG ports the user needs to define all the LAG ports in the source port list NOTE On the advanced uplink ports th...

Page 1361: ...Session Configuration The show monitor session command in Privileged Enable mode displays the monitor session configuration Command Syntax device name show monitor session Example device name config...

Page 1362: ...on Figure 2 and shows how to configure the monitor session on a VLAN Interface 1 1 4 mirrors the traffic on VLANs 100 and 101 The traffic is monitored both for Rx and Tx 1 Set the destination interfa...

Page 1363: ...cations Table 9 lists the Watchdog commands Table 9 Watchdog Commands Command Description service sw watchdog Enables access to Watchdog Configuration mode and its configuration options sw watchdog sy...

Page 1364: ...ion sets the reset loop detection time period and specifies the interface to be used as the maintenance port when reset loop is detected The no form of the command disables the Reset Loop Detection an...

Page 1365: ...ost and the SNMP Request Failure Detection resets the device The rationale is that the missing or invalid SNMP request indicates lost management network link and resetting the device provides manageme...

Page 1366: ...yntax device name sw watchdog no sw watchdog task suspension all TASK NAME Argument Description all All CPU tasks will be monitored TASK NAME Name of the CPU task to be monitored e g tLacp Enables mon...

Page 1367: ...usp added to watchdog device name sw watchdog sw watchdog task suspension tWebTask tWebTask_Susp added to watchdog Displaying the Watchdog Configuration The show sw watchdog command in Privileged Enab...

Page 1368: ...ing Operational Indicators Indicator Monitored As Temperature Measured value CPU usage Measured value RAM usage Measured value Fan Pass Fail Power supply Pass Fail Overview There are two types of moni...

Page 1369: ...red when the measured value crosses the limit of 5 in either direction 1 An alert is triggered when the last measurement was 4 and the latest measurement is 6 2 No new alerts are triggered as long as...

Page 1370: ...imit Values for Monitoring Alert Default Parameter Values Parameter Default Value Limit value for temperature monitoring alert 55 C 131 F Limit value for CPU usage monitoring alert 75 Limit value for...

Page 1371: ...o change the default limit settings see Setting the Limit for Triggering Alerts 6 To set the scale for triggering alerts at delta points see Setting the Scale for Triggering Alerts Enabling Periodic M...

Page 1372: ...r can use the command without arguments to enter into Monitoring Configuration mode in which the user can set the CPU usage monitoring parameters The CPU usage monitor constantly collects samples of C...

Page 1373: ...command in Global Configuration mode enables or disables monitoring of the power supply The no form of this command restores power supply monitoring to the default state The user can use the command w...

Page 1374: ...e temperature monitoring scale to Celsius or Fahrenheit The no form of this command restores temperature monitoring to the default state The user can use the command without arguments to enter into Mo...

Page 1375: ...ing configuration to default settings log Enables logging alert notifications for a configured indicator status led Enables LED alert notification for the configured indicator trap Enables SNMP trap a...

Page 1376: ...ifications for a Specific Indicator The log command in Monitoring Configuration mode enables logging alert notifications for the configured indicator If logging alert notification is enabled an alert...

Page 1377: ...ble Argument Description enable Enables or activates monitoring alerts disable Disables or deactivates monitoring alerts Examples This example disables the unit status LED for fans device name config...

Page 1378: ...seconds between polling instances Valid values are 1 24 hours or 1 1440 minutes or 1 86400 seconds The default period for fan port or power supply monitoring is 60 seconds The default period for tempe...

Page 1379: ...cated along the scale on both sides of a limit value at distances that are whole multiples of a specified difference value Specifying a zero value disables the delta alerts Command Syntax device name...

Page 1380: ...show fan Displays the fan status Displaying the Monitor Settings The show monitor command in Privileged Enable mode displays the periodic monitoring settings of all enabled indicators Command Syntax...

Page 1381: ...g Enabled Limit value 1000Kb Example 2 Display a summary of enabled indicators device name show monitor brief Power Supply Test Period 60 sec Fan Test Period 60 sec Temperature Test Period 20 sec CPU...

Page 1382: ...erature reaches its higher limit 55 C or 131 F default the device can send an SNMP trap to the trap destination Command Syntax device name show temperature high limit Argument Description high limit O...

Page 1383: ...tus the device can send an SNMP trap to the trap destination The trap is recorded in the trap log as follows 5 22 101 15 07 21 10 4 1 23 trap p3 5 ent t5router comm public reportshardwarepsstatus 02 0...

Page 1384: ...name configure terminal device name config log cli console trap debugging device name config log nvram history trap errors Traps are displayed on the CLI console Note that the CPU usage is checked at...

Page 1385: ...monitor ram usage period seconds 5 device name config monitor ram usage end 7 Display RAM usage monitoring configuration device name show monitor ram usage Period 5 sec Fault LED Enabled Traps Enabled...

Page 1386: ...ng Access to Switch Providing secure terminal access to the network is done by using passwords and assigning privilege levels Password protection restricts access to the network or network device Priv...

Page 1387: ...ide important information that should be used by the system administrator for monitoring and troubleshooting The logging subsystem takes messages initiated by various software processes within the app...

Page 1388: ...useful when displaying large files for example the configuration file or if the user wants to exclude output that the user does not need to see To filter the command output Enter a show command follow...

Page 1389: ...uration Table 22 shows the default parameters for CPU utilization Table 22 CPU Utilization Default Configuration Parameter Default Value CPU Utilization Monitoring Enabled Using CPU Commands Setting t...

Page 1390: ...04F Metro Access Switches Troubleshooting and Monitoring Rev 03 CPU Utilization Commands 2008 Foundry Networks Inc Page 48 of 55 Command Syntax device name show cpu utilization Example device name sho...

Page 1391: ...request generates a failure and the packet is dropped Buffers cannot be created at interrupt level consequently a miss queues its request for more buffers to the RP Because an additional buffer cannot...

Page 1392: ...the permanent buffer settings To set the buffer definitions to their defaults use the no form of the command The new buffer settings take effect only when the user reboots the device The buffers defau...

Page 1393: ...ospf 0 500000 middle permanent 0 16 big permanent 0 16 large permanent 0 16 Displaying the Buffers The show buffers command in Privileged Enable mode displays the current buffer tuning settings and u...

Page 1394: ...buffers Command Parameter Description permanent The permanent number of allocated buffers in the pool These buffers are always in the pool and cannot be trimmed away in free list The number of buffer...

Page 1395: ...f 55 Acronyms The following table provides a list of acronyms that are used in this document and lists their meaning Table 27 Acronyms Acronym Meaning BiST Built in Self Test CLI Command Line Interfac...

Page 1396: ...B disman ping mib RFC 791 Internet Protocol DARPA Internet Program Protocol Specifications Protecting the switch from multicast and Layer 2 unknown packet storms No standards are supported by this fea...

Page 1397: ...Information No standards are supported by this feature No MIBs are supported by this feature No RFCs are supported by this feature CPU Utilization Commands No standards are supported by this feature P...

Page 1398: ...ATION 10 IGMP SNOOPING DEFAULT CONFIGURATION 15 IP UNICAST ROUTING DEFAULT CONFIGURATION 16 IRDP DEFAULT CONFIGURATION 16 LINK AGGREGATION DEFAULT CONFIGURATION 17 MAC ADDRESS TABLE DEFAULT CONFIGURAT...

Page 1399: ...nc Page 2 of 38 TELNET DEFAULT CONFIGURATION 33 TLS DEFAULT CONFIGURATION 34 TRAFFIC MONITORING DEFAULT CONFIGURATION 34 USER PRIVILEGE LEVELS DEFAULT CONFIGURATION 34 VLAN DEFAULT CONFIGURATION 34 VT...

Page 1400: ...e Named access list Not created Exact match Disabled ACL Default Configuration Table 2 shows the ACL default configuration Table 2 ACL Default Configuration Parameter Default Value Access Control List...

Page 1401: ...Value Tiny buffers 16 bytes 1 Small buffers 64 bytes 1 Middle buffers 128 bytes 1 Big buffers 1500 bytes 1 Large buffers 4096 bytes 1 CFM OAM Default Configuration Table 6 shows the CFM OAM default co...

Page 1402: ...loopback messages 1 second Connectivity Diagnosing Default Configuration Table 7 shows the connectivity diagnosing default configuration Table 7 Connectivity Diagnosing Default Configuration Paramete...

Page 1403: ...er Default Value DHCP relay agent Disabled DHCP relay option 82 Disabled DHCP relay agent information policy for option 82 Drop packets DHCP Server Default Configuration Table 11 shows the DHCP server...

Page 1404: ...ult Configuration Parameter Default Value DNS servers None specified EFM OAM Default Configuration Table 14 shows the EFM OAM default configuration Table 14 EFM OAM Default Configuration Parameter Def...

Page 1405: ...tiation For Fast Ethernet and Giga Ethernet Copper Auto negotiation Flow Control mode Disabled Default VLAN 1 Broadcast rate limit Unlimited Multicast rate limit Unlimited Unknown rate limit Unlimited...

Page 1406: ...cfg Application software System Loader password none GMRP Default Configuration Table 18 shows the GMRP default configuration Table 18 GMRP Default Configuration Parameter Default Value GMRP global e...

Page 1407: ...that no shaping profile is predefined in the system WRED Default Configuration Default WRED profiles defined as part of the default configuration for all queues network queues service ingress queues...

Page 1408: ...ofile L1 low priority scheduler is enabled Low0 low 1 L2 low priority scheduler is enabled Low0 low Low0 1 L1 high priority scheduler is enabled High1 high 1 L2 high priority scheduler is enabled High...

Page 1409: ...Control nc 8 16 Green Table 24 shows the default configuration of 8 low priority queues enabled for unicast traffic Table 24 Default Configuration of 8 Low Priority Queues Enabled for Unicast Traffic...

Page 1410: ...1 9 9 Yellow Low 1 l1 1 9 9 Green High 2 h2 1 9 9 Green Expedited ef 1 9 9 Green High 1 h1 1 9 9 Green Network Control nc 1 9 9 Green Table 28 shows the default configuration of 2 low priority egress...

Page 1411: ...is enabled with default profile on all network queues Shaping is by default disabled on all queues MPLS EXP remarking is always enabled on all network interfaces Traffic will be mapped to network que...

Page 1412: ...l1 Green 3 High 2 h2 Yellow 4 High 2 h2 Green 4 Expedited ef Yellow 5 Expedited ef Green 5 High 1 h1 Yellow 6 High 1 h1 Green 6 Network Control nc Yellow 7 Network Control nc Green 7 IGMP Snooping Def...

Page 1413: ...the Dynamic Routing Protocols See Table 35 IP Forwarding Enabled Debug Router Manager Disabled Processing LSRR packets Enabled Table 35 Administrative Distances of the Dynamic Routing Protocols Defaul...

Page 1414: ...ink Aggregation Disabled Global Link Aggregation Control Protocol LACP Disabled Per port Link Aggregation Control Protocol LACP Disabled LACP system priority 32768 LACP port mode Active LACP port prio...

Page 1415: ...configuration Table 40 MPLS Default Configuration Parameter Default Value MPLS functionality on interface Disabled LDP Disabled VPLS Disabled RSVP Disabled MPLS Egress Label Range 28672 131071 MPLS In...

Page 1416: ...ding of LSP Labels after Signaling Disabled LSP Fast Reroute Disabled LSP Textual Description None Fast Re Route Mode Disabled Setup Priority for Backup LSPs 0 Holding Priority for Backup LSPs 7 Maxim...

Page 1417: ...ebug Disabled Table 42 MSTP Path Cost Default Configuration IEEE802 1s Link Speed Recommended Value Recommended Range Range 100 Kbps 200 000 000 20 000 000 200 000 000 1 200 000 000 1 Mbps 20 000 000...

Page 1418: ...vel 255 Recalculation Cycle 15 seconds EtherType 0x889C Multicast address prefix 01 A0 12 10 00 00 Hello packets monitoring Enabled Service Is not used Hello interval 15 seconds Connectivity Timeout 9...

Page 1419: ...efault Configuration Table 45 shows the OSPF default configuration Table 45 OSPF Default Configuration Parameter Default Value Open Shortest Path First OSPF Disabled Reference bandwidth for cost calcu...

Page 1420: ...0 seconds IP interface Hello Interval 10 seconds IP interface network type Broadcast IP interface Router Priority 1 IP interface Retransmission Interval 5 seconds IP interface Transmit Delay 1 second...

Page 1421: ...rt Enabled Limit values for monitoring alert See Table 49 Delta value for monitoring alert Disabled Monitoring period See Table 50 Table 49 Limit Values for Monitoring Alert Default Configuration Para...

Page 1422: ...eter Default Value Proxy ARP per IP interface state Disabled QoS Default Configuration Table 53 shows the QoS default configuration Table 53 QoS Default Configuration Feature Default Value Priority to...

Page 1423: ...ssignment Default Configuration Priority Queue 7 7 6 6 5 5 4 4 3 3 2 2 1 1 0 0 Table 55 Priority Remark Default Configuration Queue Priority 7 7 6 6 4 4 3 3 2 2 1 1 0 0 Table 56 Tail drop Profiles Def...

Page 1424: ...ty 5 Yellow maximum 100 128 pps the value cannot be changed by the user Yellow minimum 25 32 pps 2 Yellow mark probability 5 Green maximum 100 128 pps the value cannot be changed by the user Green min...

Page 1425: ...onfiguration Table 60 RSVP TE Default Configuration Parameter Default Value Local repair delay interval 1000 milliseconds LSP holding priority 3 LSP setup priority 4 Number of refresh timeout periods...

Page 1426: ...ds RR limit in IP Interface Configuration mode 2 RIP Default Configuration Table 61 shows the RIP default configuration Table 61 RIP Default Configuration Parameter Default Value Connected IP interfac...

Page 1427: ...0 000 20 000 000 1 200 000 000 10 Mbps 2 000 000 200 000 2 000 000 1 200 000 000 100 Mbps 200 000 20 000 200 000 1 200 000 000 1 Gbps 20 000 2 000 200 000 1 200 000 000 10 Gbps 2 000 200 20 000 1 200...

Page 1428: ...statistics 50 Probe data length 64 bytes Probe timeout 3 seconds Bucket size 50 Traps Not generated Probe priority 3 Jitter error Disabled Latency error Disabled Frame loss error Disabled Script File...

Page 1429: ...shows the SSH default configuration Table 68 SSH Default Configuration Parameter Default Value SSH Disabled Storm Protection Default Configuration Table 69 shows the storm protection default configur...

Page 1430: ...ug Spanning Tree Protocol STP Disabled Super VLAN Default Configuration Table 71 shows the Super VLAN default configuration Table 71 Super VLAN Default Configuration Parameter Default Value Super VLAN...

Page 1431: ...s TLS Disabled TLS port Residential port EtherType 0x8100 IEEE control packets tunneling Disabled Traffic Monitoring Default Configuration Table 75 shows the traffic monitoring default configuration T...

Page 1432: ...78 VTY Default Configuration Parameter Default Value Terminal length 25 lines The MOTD and login banners Not configured default host name Foundry Advanced VTY mode Disabled Watchdog Default Configura...

Page 1433: ...nfiguration Table 81 802 1x Default Configuration Parameter Default Value Maximum number of requests 2 Re authentication Disabled Re authentication period 3600 seconds Quiet timer period 60 seconds Pe...

Page 1434: ...Registration Protocol HQoS Hierarchical Quality of Service IRDP ICMP Router Discovery Protocol LAN Local Area Network LDP Label Distribution Protocol MAC Media Access Control MPLS Multi Protocol Labe...

Page 1435: ...tro Access Switches Appendix A Default Configuration Rev 01 Acronyms 2008 Foundry Networks Inc Page 38 of 38 Acronym Meaning VLAN Virtual LAN VPLS Virtual Private LAN Service VTY Virtual Telnet Type W...

Page 1436: ...ry Networks Page 1 of 8 Appendix B Products Capabilities This appendix lists the main features of the NetIron M2404 products OVERVIEW 2 MAIN FEATURES 2 PRODUCT APPLICATIONS 4 TECHNICAL SUMMARY 5 ACRON...

Page 1437: ...n addition the devices support 802 1ad Provider Bridge to provide Ethernet based L2VPN services IEEE 802 1ad formalizes the definition of Ethernet frames with multiple VLAN tags It also formally label...

Page 1438: ...The ability to classify traffic according to C VLAN and or S VLAN provides full QinQ ACL support MPLS The device supports LSR functionality including FRR RSVP TE and OSPF TE Those features enhance the...

Page 1439: ...tions Aggregation node in campus environments Single tenant multi service H VPLS spoke using MPLS Multi tenant multi service H VPLS spoke using MPLS Both H VPLS scenarios with dual homing for resilien...

Page 1440: ...eues Flexible per customer site service EVC queues allocation MEF compatible service ingress service egress shaping scheduling 2 level Hierarchical scheduling customer site service Each scheduler use...

Page 1441: ...oute TDM OAM Local loopback for TDM port BER test on the local TDM port OAM Protocols SAA end to end jitter latency and frame loss approximation OAM mechanisms packets sent in one SAA test interval be...

Page 1442: ...mer VLAN DDoS Distributed Denial of Service DoSAP Domain Service Access Point DoS Denial of Service FRR Fast Re Route HQoS Hierarchical Quality of Service IP VPN IP virtual private network LAN Local A...

Page 1443: ...Appendix B Products Capabilities Rev 01 Acronyms 2008 Foundry Networks Inc Page 8 of 8 Acronym Meaning TLS Transparent LAN services VLAN Virtual LAN VPLS Virtual private LAN Service...

Reviews:

No comments

Related manuals for NetIron M2404C

JDS Uniphase SB Series User Manual preview
SB Series
Brand: JDS Uniphase Pages: 40
D-Link DUB-1340 Datasheet preview
DUB-1340
Brand: D-Link Pages: 2
D-Link DKVM-4U Specifications preview
DKVM-4U
Brand: D-Link Pages: 2
D-Link DKVM-16 - KVM Switch Manual preview
DKVM-16 - KVM Switch
Brand: D-Link Pages: 24
D-Link Dis-200G Series Web Ui Reference Manual preview
Dis-200G Series
Brand: D-Link Pages: 161
D-Link Dis-200G Series Quick Installation Manual preview
Dis-200G Series
Brand: D-Link Pages: 16
D-Link Dis-200G Series Hw Installation Manual preview
Dis-200G Series
Brand: D-Link Pages: 47
D-Link DGS-3130-30PS Quick Installation Manual preview
DGS-3130-30PS
Brand: D-Link Pages: 25
D-Link DGS-3100 SERIES Hardware Installation Manual preview
DGS-3100 SERIES
Brand: D-Link Pages: 54
D-Link DGS-3100 SERIES Cli Manual preview
DGS-3100 SERIES
Brand: D-Link Pages: 220
D-Link DGS-3000-28SC Quick Installation Manual preview
DGS-3000-28SC
Brand: D-Link Pages: 24
D-Link DGS-1248T - Switch Manual preview
DGS-1248T - Switch
Brand: D-Link Pages: 52
D-Link DGS-1216T - Switch Getting Started Manual preview
DGS-1216T - Switch
Brand: D-Link Pages: 42
D-Link DGS-1216T - Switch Quick Installation Guid preview
DGS-1216T - Switch
Brand: D-Link Pages: 10
D-Link DGS-1010MP Installation Manual preview
DGS-1010MP
Brand: D-Link Pages: 8
D-Link DES-3350SR Command Line Interface Reference Manual preview
DES-3350SR
Brand: D-Link Pages: 379
D-Link DES-3326SR Manual preview
DES-3326SR
Brand: D-Link Pages: 240
D-Link DES-3350SR User Manual preview
DES-3350SR
Brand: D-Link Pages: 188

Brands by name

Popular brands

Load more brands