manualshive.com logo in svg

Fujitsu PSWITCH 2048P, User Manual

Share
Download
Fujitsu PSWITCH 2048P User Manual Download Page 108

 
 
FUJITSU PSWITCH 

 

User’s Guide 

108 

     

December/2018 

IPSG  uses  two  enforcement  mechanisms:  the  L2FDB  to  enforce  the  source  MAC 

address and ingress VLAN and an ingress classifier to enforce the source IP address 

or {source IP, source MAC} pair. 

3.1.5.11.2.

 

IPv6 Source Guard 

IPv6 source guard (IPv6SG) is a security feature that filters IPv6 packets based on 

source ID. The source ID is either a source IPv6 address or {source IPv6 address and 

source  MAC  address  pair}.  The  network  administrator  configures  whether 

enforcement includes the source MAC address. 

The  DHCPv6  snooping  binding  database  and  static  IPv6SG  entries  configured  by 

administrator are identified as authorized source IDs. 

Initially,  all  IPv6  traffic on  the  IPv6SG  enabled port  is  blocked except  for  DHCPv6 

packets.  After  a  client  receives  an  IP  address  from  the  DHCPv6  server,  or  after  a 

static  IPv6  source  binding  is  configured  by  the administrator,  all  traffic with  that 

IPv6 source address is permitted from that client. Traffic from other hosts is denied. 

For  each  source  ID  in  the  binding  database  and  for  all  manual  IPv6SG  entries, 

IPv6SG  notifies  the  driver  to  install an  ingress  classifier  rule  permitting  matching 

packets. If source MAC checking is configured, the classifier verifies that the {source 

IPv6  address,  source  MAC  address}  pair  matches  a  DHCP  binding.  The  hardware 

drops  unauthorized  packets.  If  the  number  of  stations  on  a  port  exceeds  the 

available number of classifier rules, then the hardware installs rules for the number 

of source IDs that fit. Traffic from other sources is dropped. 

IPv6SG is enabled on physical and LAG ports. IPv6SG is disabled by default. Zero, 

multicast and loopback IPv6 addresses are not allowed to configure as IPv6 static 

source guard entry. 

3.1.5.12.

 

Dynamic ARP Inspection 

Dynamic  ARP  Inspection  (DAI)  is  a  security  feature  that  rejects  invalid  and 

malicious ARP packets. The feature prevents a class of man-in-the-middle attacks, 

where  an  unfriendly  station  intercepts  traffic  for  other  stations  by  poisoning  the 

ARP  caches  of  its  neighbors.  The  miscreant  sends  ARP  requests  or  responses 

mapping another station IP address to its own MAC address. 

DAI  drops ARP  packets  whose  sender  MAC  address  and  sender  IP  address  do  not 

match an entry in the DHCP Snooping binding database. 

Summary of Contents for PSWITCH 2048P

Page 1: ...CA92344 1879 04 FUJITSU PSWITCH 2048T FUJITSU PSWITCH 2048P FUJITSU PSWITCH 4032P User s Guide Network Management December 2018 ...

Page 2: ...without prior notice Fujitsu assumes no liability for damages to third party copyrights or other rights arising from the use of any information in this manual No part of this manual may be reproduced in any form without the prior written permission of Fujitsu Microsoft Windows Windows Server and Hyper V are trademarks or registered trademarks of Microsoft Corporation in the USA and other countries...

Page 3: ...lear reaction control in nuclear facility aircraft flight control air traffic control mass transport control medical life support system missile launch control in weapon system The Customer shall not use the Product without securing the sufficient safety required for the High Safety Required Use In addition Fujitsu or other affiliate s name shall not be liable against the Customer and or any third...

Page 4: ... to the Console of the Switch 22 2 3 Accessing Management Port 23 2 4 Initial Configuration of the switch 24 2 4 1 Checking version and system information 24 2 4 2 Setting the System Clock of the Switch 24 2 4 3 Enabling Disabling Posts 25 2 4 4 1G SFP module 26 2 4 5 Firmware Update 26 2 4 6 Backup and Restore Configuration 27 2 5 System Logging 27 2 6 How to collect diagnostic information 29 2 7...

Page 5: ...HM 148 3 2 10 LDAP 148 3 3 Switch Parameters 149 3 4 Software Feature List 151 3 5 Software Feature Combination Matrix 153 3 6 Management Information Base MIB 155 4 Maintenance 157 4 1 Preparation 157 4 2 How to Replace the Switch FRU Field Replaceable Unit 158 4 3 How to Replace FAN Unit 166 4 4 How to Replace Power Unit CRU Customer Replaceable Unit 167 4 5 Battery Power 169 4 6 How to Replace B...

Page 6: ...el with forty eight 10GbE BASE T ports and six 40GbE QSFP ports The FUJITSU PSWITCH 2048P is a model with forty eight 10GbE SFP ports and six 40GbE QSFP ports The FUJITSU PSWITCH 4032P is a model with thirty two 40GbE QSFP ports 1 1 Front View FUJITSU PSWITCH 2048T Figure 1 1 Front View FUJITSU PSWITCH 2048T FUJITSU PSWITCH 2048P Figure 1 2 Front View FUJITSU PSWITCH 2048P ...

Page 7: ...side of FUJITSU PSWITCH 2048T are not intended to be used by customer Please do not use those interfaces In FUJITSU PSWITCH 2048T a seal which is the same color black as the main body of the switch is pasted to cover those ports 1 2 Rear View FUJITSU PSWITCH 2048T Figure 1 4 Rear View FUJITSU PSWITCH 2048T FUJITSU PSWITCH 2048P Figure 1 5 Rear View FUJITSU PSWITCH 2048P V ...

Page 8: ...unted on this switch are designed to provide 1 1 redundancy and hot pluggable The three fan trays 2 fans per tray on the rear side are not redundant and not hot pluggable 1 3 LED Identification 1 3 1 Front LEDs Figure 1 7 Front LED Identification Top Left FUJITSU PSWITCH 2048T Top Right FUJITSU PSWITCH 2048P Bottom FUJITSU PSWITCH 4032P I ...

Page 9: ...Off No power or the locator function is disabled Blinking Blue The locator function is enabled 10Gbase T Port LEDs Off No link Link LED Solid Green A valid 10Gbps link Link LED Solid Yellow A valid 1Gbps link Link LED Blinking Green Packet transmission or reception in progress ACT LED 10G SFP slot LEDs Off No link Link LED Solid Green A valid 10Gbps link Link LED Solid Yellow A valid 1Gbps link Li...

Page 10: ...ed including incompatible airflow direction Located LED Off No power or the locator function is disabled Blinking Blue The locator function is enabled 40G QSFP slot LEDs Off No link Link LED Solid Green A valid 10G 40Gbps link Link LED Blinking Green 10G 40G speed Packet transmission or reception in progress ACT LED Management Port LEDs Off No link is established on the port Solid Yellow A valid l...

Page 11: ...reen Power is ok Solid Yellow Power supply critical event causing a shutdown failure Blinking Yellow Power supply warning events where the power supply continues to operate Management Port LEDs Off No link is established on the port Solid Yellow A valid link at 10 100Mbps is established on the port Link LED Solid Green A valid link at 1000Mbps is established on the port Link LED Blinking Green Act...

Page 12: ...Component Specification Switch fabric capacity FUJITSU PSWITCH 2048T P Non blocking full wire speed on all packet sizes FUJITSU PSWITCH 4032P 1 428 Mpps Forwarding architecture Store and forward or cut through Port packet forwarding rate at 64 Bytes 59 523 809 pps 40GbE 14 880 952 pps 10GbE MAC address entries supported 96K entries 1 000 000 seconds programable Default 300 seconds Spanning Tree Su...

Page 13: ...tivity Table 1 5 System Specification Port Specification FUJITSU PSWITCH 2048T P Component Specification Speed Capability 1G 10Gbps or 10 40Gbps Full Duplex Flow Control Support the IEEE 802 3x PAUSE frame Table 1 6 Port Specifications FUJITSU PSWITCH 2048T P FUJITSU PSWITCH 4032P Component Specification Speed Capability 10 40Gbps Full Duplex Flow Control Support the IEEE 802 3x PAUSE frame Table ...

Page 14: ... another device on the rack mounted device Be careful not to exceed the limit of the power supply of rackmounted equipment Be careful to ensure that the rack mounted equipment is properly insulated 2 1 1 1 Installation of L shaped brackets and rack rails Attach the L shaped brackets to the front of the server as shown in the figure below Please attach so that the L shape brackets with model name a...

Page 15: ...User s Guide FUJITSU PSWITCH December 2018 15 Figure 2 1 Attachment of L shaped bracket Figure 2 2 Withdrawing the inner rail FUJITSU PSWITCH 2048T P FUJITSU PSWITCH 4032P ...

Page 16: ...ail 2 1 1 2 Rack Mounting Insert this device from the rear side of the rack You can see the unit label on the L shaped bracket from the rear side of the rack Figure 2 4 Label MODEL PY SWX48T SERIAL MAGU Label on which the model name and the serial number are written PSWITCH V V ...

Page 17: ... the rack rail to the rack Figure 2 5 Attachment of outer rail to the rack 2 Insert the unit onto the rack To reduce the weight of the device remove the both power supply units form the device Then insert the inner rail into the outer rail and mount the device in the rack V ...

Page 18: ... s Guide 18 December 2018 Figure 2 6 Insert the device onto the rack Fix the bracket assembly to the frame Figure 2 7 Fix the bracket to the frame When removing the equipment from the rail please refer to the figure below ...

Page 19: ...rack 2 1 2 Attachment of Power Supply Unit Please insert the both two power supply units PSUs 2 1 3 Inserting of SFP modules Install the modules required for SFP slot and QSFP slot Figure 2 9 Inserting a SFP QSFP module into a slot Inserting a SFP module Inserting a QSFP module ...

Page 20: ...an be hot swapped It is not necessary to turn off the unit when inserting or removing a module However when inserting or removing a module unplug the network cable from the module beforehand SFP QSFP modules are not included with the switch 2 1 4 Connection to a Power Source Plug the power cable s plug into the power socket of the PSU Plug the other end of the cable into a grounded 3 pin AC power ...

Page 21: ...lit in green Next connect the console to check the status of the firmware Follow the instructions for connecting to the switch console in the next chapter and log in to the system with user admin You can check the version number of the current Runtime firmware with the show version command Please refer to the article 2 4 1 Checking version and system information Check the firmware version number a...

Page 22: ...figure the terminal with the following settings Items Value Baud Rate 115200 Data Bit 8 Parity none Stop Bit 1 Flow Control none 4 Login to the system with user admin There is no default password Initially the switch does not have IP address However the DHCP client on the management port is enabled by default IP address and other network properties are automatically assigned by DHCP You can config...

Page 23: ...d to enable SSH at this point For future reference following is a set of commands to enable SSH access configure Config crypto key generate dsa Config crypto key generate rsa Config exit ip ssh server enable New user account is added with the following command configure Config username username password password level privilege level Finally if you make your settings persistent enter the following...

Page 24: ... Name ET 7648BRA FOS System Location System Contact System Object ID 1 3 6 1 4 1 4413 System Up Time 0 days 4 hrs 12 mins 40 secs Current SNTP Synchronized Time SNTP Client Mode Is Disabled 2 4 2 Setting the System Clock of the Switch The time stamp is recoded in the system logs and other system resources based on the system clock to indicate when a certain event takes place Setting correct time s...

Page 25: ...nfig sntp server time a nist gov Config clock timezone 9 Config sntp client mode unicast You can check the result of the setting with the show sntp command and the show clock command Routing show sntp Last Update Time Jan 30 07 42 23 2017 Last Unicast Attempt Time Jan 30 07 43 28 2017 Last Attempt Status Success Routing show clock 16 47 22 UTC 9 00 Jan 30 2017 Time source is SNTP 2 4 3 Enabling Di...

Page 26: ...order to download the firmware image into the switch a TFTP server is necessary outside of the switch In the following example assume that IP address of the TFTP server is 192 168 1 10 and the name of the firmware image is fjtor runtime Before start updating firmware the TFTP server must be correctly configured and the communication between the TFTP server and the switch must be established As in ...

Page 27: ...am second config tftp 192 168 1 10 second config bkup The restoration of the configuration file is a reverse operation of the backup If you restore the startup config bkup file above into the switch use the following command and reload the configuration or reboot the switch copy tftp 192 168 1 10 startup config bkup nvram startup config reload configuration The configuration file is checked at the...

Page 28: ...t severitylevel Enter Logging Severity Level emergency 0 alert 1 critical 2 error 3 warning 4 notice 5 info 6 debug 7 Config logging persistent 6 In addition you can also save the system log into a remote host In this case system logging is needed to be enabled And a logging host is needed to be configured for logging and registered to the switch For the setting see FUJITSU PSWITCH CLI Command Ref...

Page 29: ...et Server IP 192 168 1 10 Path Filename tech support txt Data Type TechSupport Management access will be blocked for the duration of the transfer Are you sure you want to start y n y File transfer in progress Management access will be blocked for the duration of the transfer please wait File transfer operation completed successfully 2 7 POST Control Power On Self Test POST runs during system boot ...

Page 30: ...OST test items Tests which consume time to run are MAC loopback test and PHY loopback test These tests can be skipped with the following command With no post command disable the MAC loopback test Config no post maclb With no post command disable the PHY loopback test Config no post phylb Also you can enable only Basic POST tests with post basic command Config post basic With copy command copy the ...

Page 31: ... If the management port or the network interface is properly connected to the network remote management of the switch is available through these port or interface 3 1 1 1 Command Line Interface CLI The command line interface CLI is a text based way to manage and monitor the system You can access the CLI by using a direct serial connection or by using a remote logical connection with telnet or SSH ...

Page 32: ...ported versions The SNMP agent supports the SNMPv1 SNMPv2c or SNMPv3 protocols SNMP version 3 SNMPv3 adds security and remote configuration enhancements to SNMP The software has the ability to configure SNMP server users and traps for SNMPv3 Any user can connect to the switch using the SNMPv3 protocol but for authentication and encryption you need to configure a new user profile 3 1 1 2 2 MIB The ...

Page 33: ...e base protocol provides operations to retrieve configure copy and delete configuration datastores The switch supports running and start up configuration to be get or modified The syntax and XML encoding of the protocol operations are formally defined in the XML schema in RFC4741 Appendix B The configuration can be defined in multiple formats such as XML and text For text format configuration stat...

Page 34: ... configuration lock Lock the running configuration to prevent other users via another NETCONF session from changing it unlock Release a locked running configuration close session Request graceful termination of a NETCONF session kill session Force the termination of a NETCONF session 3 1 1 4 2 NETCONF Tag Elements and Values Following are examples of the NETCONF protocol operations with tag elemen...

Page 35: ...se from the switch rpc reply message id 201 xmlns urn ietf params xml ns netconf base 1 0 data config text Configration text config text data rpc reply rpc message id 201 xmlns urn ietf params xml ns netconf base 1 0 get show command show interfaces status all show command get rpc rpc reply message id 201 xmlns urn ietf params xml ns netconf base 1 0 data config text config text data rpc reply rpc...

Page 36: ...switch Usage rpc message id 201 xmlns urn ietf params xml ns netconf base 1 0 get config target running target default operation merge default operation error option continue on error error option config text ip telnet server enable config text edit config rpc rpc reply message id 201 xmlns urn ietf params xml ns netconf base 1 0 ok rpc reply rpc message id 201 xmlns urn ietf params xml ns netconf...

Page 37: ...ll be merge and only for running configuration error option Set the option to handle configuration error continue on error Continue to process configuration data on error The error option support only continue on error mod e config text Configuration in CLI format Switch not allows any show command in rpc reply message id 201 xmlns urn ietf params xml ns netconf base 1 0 rpc error error type appli...

Page 38: ... target Configuraiton that needs to be changed running or startup source Source configuration running or startup delete config Usage Response from the switch rpc message id 201 xmlns urn ietf params xml ns netconf base 1 0 copy config target startup target source running source copy config rpc rpc reply message id 201 xmlns urn ietf params xml ns netconf base 1 0 ok rpc reply rpc reply message id ...

Page 39: ... Usage Response from the switch Supported tag elements and values Tag Element Description Value target Configuraiton that needs to be unlocked running or startup rpc reply message id 201 xmlns urn ietf params xml ns netconf base 1 0 ok rpc reply rpc message id 201 xmlns urn ietf params xml ns netconf base 1 0 lock target startup target lock rpc rpc message id 201 xmlns urn ietf params xml ns netco...

Page 40: ...database information This database application usually used to maintain database that schema is follow the Open vSwitch or VTEP The software provides the OVSDB server but not used all VTEP schema because some action is not support by hardware designed of this switch if provide the standard schema would happen the user confuse In the next section would description this modify schema In the other ha...

Page 41: ...ess for OVSDB management Network manager can configure hardware VTEP through OVSDB client application or switch CLI interface 3 1 1 5 1 Schema Format Hardware_vtep database schema DCVPN switch which support OVSDB hardware_vtep database schema can be managed by network virtualization controller using OVSDB protocol The Hardware_vtep database schema designs according to OVSDB protocol Management thr...

Page 42: ...tus to database clients Column target Connection method for managers Supported methods are list below ssl ip port The server use ssl transport protocol assigned specific ip address and optional ssl port default 6640 to connect to client tcp ip port The server use tcp transport protocol assigned specific ip address and optional tcp port default 6640 to connect to client pssl port ip The server use ...

Page 43: ...econds since this manager last successfully connected to database status sec_since_disconnect The amount of seconds since this manager last disconnected from database status locks_held The list of the names of OVSDB locks that the connection holds status locks_waiting The list of the names of OVSDB locks that the connection is currently waiting to acquire status locks_lost The list of the names of...

Page 44: ...e physical port The port name must be switch physical or trunk port name description An extended description for the physical port Tunnel Table This table maintains tunnels created by physical_switch Multiple logical switches utilize tunnel specified by local and remote tunnel end points If a tunnel does not added to any logical switch this row will be removed from tunnel table Column local Tunnel...

Page 45: ...ddresses learned by network virtualize controller Column MAC A MAC address that has been learned by the NVC logical_switch This column map to a row of logical switch table locator Hypervisor or emote VTEP This column maps to a row of physical locator table ipaddr The IP address to which this MAC corresponds Mcast_Macs_Local Table This table maintains multicast MAC addresses learned on physical por...

Page 46: ...or_Set Table This table includes a set of one or more physical locators Column locators Set of 1 or more physical locators Each of entry maps to a row of physical locator table Physical_Locator Table This table includes local and remote VTEP IP addresses Column encapsulation_type Must be vxlan_over_ipv4 dst_ip VTEP IPv4 address Supported configurable Tables The following columns of each table are ...

Page 47: ...1 isRoot true Physical_Switch columns ports type key type uuid refTable Physical_Port min 0 max unlimited name type key type string minLength 1 maxLength 64 description type key type string maxLength 2000 management_ips type key type string min 0 max unlimited tunnel_ips type key type string min 0 max 1 tunnels type key type uuid refTable Tunnel min 0 max unlimited maxRows 1 indexes name Physical_...

Page 48: ...columns MAC type string logical_switch type key type uuid refTable Logical_Switch locator type key type uuid refTable Physical_Locator ipaddr type string isRoot true maxRows 32768 Mcast_Macs_Local columns MAC type string logical_switch type key type uuid refTable Logical_Switch locator_set type key type uuid refTable Physical_Locator_Set ipaddr type string isRoot true Mcast_Macs_Remote columns MAC...

Page 49: ...tes such changes You need to save the changes to make them permanent by CLI command copy The startup config is one of the permanent configurations saved in the storage This configuration is used at the startup of the switch The switch has a capability to store three different configurations in the permanent storage They are called as the first config second config and third config The startup conf...

Page 50: ...n This feature reduces the initial effort of introducing the switch in to network 3 1 1 10 Other functions There are many other various management functions available on the switch You can make use of common CLI commands like ping and traceroute The system has a built in sFlow agent that can monitor network traffic on each port and generate sFlow data to a sFlow collector sFlow helps to provide vi...

Page 51: ...s Generation of PAUSE frames Symmetric Flow Control Enabled Enabled Asymmetric Flow Control Enabled Disabled No Flow Control Disabled Disabled Table 3 1 Flow Control 802 3x Flow control the MAC control PAUSE operation allows traffic from one device to be throttled for a specified period of time and is defined for devices that are directly connected A device that wishes to inhibit transmission of d...

Page 52: ... Table 3 2 Port Locator 3 1 2 4 MAC Address Tables 3 1 2 4 1 Forwarding Aging Learning Forwarding Aging and Learning are considered to be one component with three related functions Those functions are summarized as follows Forwarding Forwarding occurs when a frame is processed completely by either the bridge function or the routing function At layer 2 frames are forwarded according to their MAC ad...

Page 53: ...h address associates with a unique VLAN Care must be taken in the administration of networks as multiple instances of a MAC address each on a different VLAN can quickly eat up address entries Each VLAN is associated with its own forwarding database Hence the number of forwarding databases equals the number of VLANs supported The MAC address stored is supplemented by a 2 byte VLAN ID The first 2 by...

Page 54: ... source ports then the packet is immediately discarded If the ingress port is a member of the set of source ports then the packet is admitted At the egress port if the destination port number is in the set of destination ports the packet is transmitted If the destination port is not in the set of destination ports then the packet is discarded Static entries are never aged and can only be removed b...

Page 55: ... that the user is allowed to take all of the dynamically locked MAC addresses on a port and move them to a static state Port Security helps secure the network by preventing unknown devices from forwarding packets into the network The user can lock down a port and only a specified number of addresses can be learned on that port For instance if the users want to ensure that only a single device can ...

Page 56: ... and path cost A LAG failure of one or more of the links does not stop traffic in any manner Upon failure the flows mapped to a link are dynamically reassigned to the remaining links of the LAG Similarly when links are added to a LAG the conversations may need to be shifted to a new link member Before any relocation of a conversation the system ensures reordered frames do not exist The LAG compone...

Page 57: ...nd continue forwarding traffic through the other connected links within that same LAG LACP can also detect switch or port failures that do not result in loss of link 3 1 2 5 3 LAG Interaction with Other Features From a system perspective a LAG is treated just as a physical port with the same configuration parameters for administrative enable disable spanning tree port priority and path cost as any...

Page 58: ...pending upon platform capabilities Typically an administrator is able to choose from hash algorithms utilizing the following attributes of a packet to determine the outgoing port Source MAC VLAN EtherType and incoming port associated with the packet Source IP and Source TCP UDP fields of the packet Destination MAC VLAN EtherType and incoming port associated with the packet Destination IP and Desti...

Page 59: ... STP mode but LAG interface doesn t care LAG must be not VPC interface and VPC peer link 3 1 2 6 VPC Virtual Port Channel or Multi Chassis LAG Like standard LAGs virtual port channels VPCs allow one or more Ethernet links to be aggregated together to increase speed and provide redundancy VPCs are also known as multi chassis or multi switch link aggregation groups MLAGs With standard LAGs the aggre...

Page 60: ...d LACPDUs between the Secondary and Primary VPC devices Control messages such as VPC member port related events FDB MFDB entries configuration details In addition to supporting best effort delivery of these messages The switch supports both Synchronous Reliable Control Message Delivery and Asynchronous Reliable Control Message Delivery mechanisms If the message is received by the peer it sends an ...

Page 61: ...ailover The switch supports configuration of a unique VPC MAC address and VPC system priority which enable fast failover in the event a primary switch failure The secondary switch advertises these VPC values instead of the switch MAC address and system priority in LACP PDUs sent on VPC member ports The secondary switch also uses the VPC MAC address in the designated bridge ID field in STP BPDUs se...

Page 62: ... interface link up 3 1 2 7 Virtual LAN IEEE 802 1Q 802 1Q VLAN is an implementation of the Virtual Local Area Network specification 802 1Q Operating at layer 2 of the OSI model the VLAN is a means of parsing a single network into logical user groups or organizations as if they physically resided on a dedicated LAN segment of their own The VLAN identifier is part of the 802 1Q tag which is added to...

Page 63: ...he feature allows incoming untagged packets to be assigned to a VLAN Protocol based VLAN classifies traffic based on protocol of the packet and the ingress port This feature only support on physical port interface 3 1 2 7 4 IP Subnet Based VLAN The feature allows incoming untagged packets to be assigned to a VLAN and classifies traffic based on source IP address of packets 3 1 2 7 5 VLAN Ingress F...

Page 64: ... ports can act like access or trunk ports or a hybrid of both When a port is in General mode all VLAN features are configurable When ingress filtering is on the frame is dropped if the port is not a member of the VLAN identified by the VLAN ID in the tag If ingress filtering is off all tagged frames are forwarded The port decides whether to forward or drop the frame when the port receives the fram...

Page 65: ...while exiting the metro core Figure 3 3 Double VLAN 3 1 2 7 9 Private VLANs The Private VLANs feature separates a regular VLAN domain into two or more subdomains Each subdomain is defined or represented by a primary VLAN and a secondary VLAN A private VLAN can have multiple VLAN pairs with each pair identifying a subdomain 3 1 2 7 10 GARP Generic Attribute Registration Protocol GARP is a protocol ...

Page 66: ...working devices This is achieved by using GARP to propagate attributes This feature only support on physical port interface and LAG 3 1 2 7 13 MRP Multicast Registration Protocol MRP replaces the Generic Attribute Registration Protocol GARP functionality MRP is a protocol that provides a generic framework to register and de register attribute value MRP allows devices to register membership in VLAN...

Page 67: ...st bridge ID which is computed from the unique identifier of the bridge and its configurable priority number When two switches have an equal bridge ID value the switch with the lowest MAC address is the root bridge After the root bridge is elected each switch finds the lowest cost path to the root bridge The port that connects the switch to the lowest cost path is the root port on the switch The s...

Page 68: ...within MSTP Regions MST Regions Regions are one or more interconnected MSTP bridges with identical MSTP settings The MSTP standard lets administrators assign VLAN traffic to unique paths 3 1 2 8 4 MSTP in the Network In the following diagram of a small 802 1D bridged network STP is necessary to create an environment with full connectivity and without loops Figure 3 4 STP in a Small Bridged Network...

Page 69: ...rough Switch A before arriving at Switch C If the Port 2 on Switch B and Switch C could be used these inefficiencies could be eliminated MSTP does just that by allowing the configuration of MSTIs based upon a VLAN or groups of VLANs In this simple case VLAN 10 could be associated with Multiple Spanning Tree Instance MSTI 1 with an active topology similar to Figure 3 5 and VLAN 20 could be associat...

Page 70: ...have to be the same on each and every bridge That means that Switch B would have to add VLAN 10 to its list of supported VLANs shown in Figure 3 6 with a This is necessary with MSTP to allow the formation of Regions made up of all switches that exchange the same MST Configuration Identifier It is within only these MST Regions that multiple instances can exist It will also allow the election of Reg...

Page 71: ...y Ports frames allocated to the CIST or MSTIs are forwarded or not forwarded alike 7 The CIST provides full and simple connectivity between all LANs and Bridges in the network 3 1 2 8 5 Classic STP Multiple STP and Rapid STP Classic STP provides a single path between end stations avoiding and eliminating loops Multiple Spanning Tree Protocol MSTP is specified in IEEE 802 1s and supports multiple i...

Page 72: ...o receive packets are numerous including heavy traffic software problems incorrect configuration and unidirectional link failure It can be configured to prevent a blocked port from transitioning to the forwarding state when the port stops receiving BPDUs for some reason such as a unidirectional link failure When a non designated port no longer receives BPDUs the spanning tree algorithm considers t...

Page 73: ...o hosts that typically drop BPDUs If an operational edge port receives a BPDU it immediately loses its operational status In that case if BPDU filtering is enabled on this port then it drops the BPDUs received on this port Ports that have the Edge Port feature enabled continue to transmit BPDUs The BPDU filtering feature prevents ports configured as edge ports from sending BPDUs If BPDU filtering ...

Page 74: ...er spanning tree modes on the switch The switch running PVSTP PVRSTP transmits IEEE spanning tree BPDUs along with SSTP BPDUs The SSTP BPDUs are transmitted as untagged packets on an access or native VLAN and transmitted as tagged packets on other VLANs If the switch running PVSTP PVRSTP receives an IEEE spanning tree BPDU then the switch will include the BPDU in an access VLAN or native VLAN inst...

Page 75: ...l the ports of the corresponding VLAN The SSTP BPDUs are multicast over the region The interoperation between a switch that runs a standard IEEE spanning tree protocol and a switch that runs PVSTP PVRSTP is achieved using CIST In other words to communicate with each other a switch running the standard IEEE spanning tree protocol uses its CIST and a switch running PVSTP PVRSTP uses an access VLAN o...

Page 76: ...ould be a physical port or a port channel When group action is DOWN Link Down Relay behavior of upstream downstream will like below When all upstream ports link down downstream ports will become inactive When one of upstream port link up downstream ports will become active When group action is UP Backup Port behavior of upstream downstream will like below When all upstream ports link down downstre...

Page 77: ... group won t take effect and considered as disabled This feature only supports one to one Backup Port group Configuring this feature on the group that has more than one port in upstream or more than one port in downstream won t take effect and considered as disabled 3 1 2 10 2 Upstream threshold If the link down ports of upstream reaches the threshold i e link up upstream ports are less than 11 al...

Page 78: ...N is configured If neither is true the session is inactive The switch supports remote port mirroring and VLAN mirroring Traffic from to all the physical ports which are members of that particular VLAN is mirrored The source for a port mirroring session can be either physical ports or VLAN Up to four RSPAN sessions can be configured on the switch and up to four RSPAN VLANs are supported An RSPAN VL...

Page 79: ...LD supports two modes normal and aggressive In normal mode a port s state is classified as undetermined if an anomaly exists An anomaly might be the absence of its own information in received UDLD messages or the failure to receive UDLD messages An undetermined state has no effect on the operation of the port The port is not disabled and continues operating When operating in UDLD normal mode a por...

Page 80: ...been completely received SF mode is used in most applications while CT mode is used in latency sensitive applications The primary benefit of CT mode compared with SF is low latency While CT mode is enabled CT eligibility is evaluated on every incoming packet depending on its source destination and other existing conditions based on the flow There are conditions that must be checked before allowing...

Page 81: ...C addresses it enables scalability of the backbone network The PBB of this product supports the followings IB Component Customer network port matching S tag C tag or any frames Point to point connection One backbone MAC address Since multicast is not supported PBB networks can not have more than three BEBs that use the same I SID 3 1 2 15 1 Frame Encapsulation A comparison between each type of Eth...

Page 82: ... assignment is determined by the I tag and the I tag assignment is determined by the customer frame received This product provides several options for mapping customer frames to service instances BCB devices do not need to be PBB compliant As B tag has the same TPID as S tag as long as the device supports TPID 0x88A8 VLAN tag transfer the encapsulated frame can be handled as Q in Q frame and forwa...

Page 83: ... set C tag is mapped to the I SID and the C tag in the frame is saved Multiple tags can be mapped to the same I SID 3 1 2 15 3 B domain The B domain is similar to the B component described in IEEE 802 1ah This domain faces the backbone network and learns and transfers PBB frames When a PBB frame has a known I SID by this switch it is decapsulated and forwarded to the corresponding I domain A B tag...

Page 84: ... unknown unicast and multicast are not allowed on this network In order to enable this function PBB TE must be disabled Since multicasting within the SPBM network is not supported the SPBM network can not have more than two BEBs that use the same I SID 3 1 2 16 1 IS IS Intermediate System to Intermediate System Intermediate System to Intermediate System IS IS is a link state routing protocol used ...

Page 85: ...sis enable isis spbm exit interface 0 39 isis enable isis spbm exit mim backbone source mac 00 00 00 11 11 11 mim b domain 4000 interface 0 37 interface 0 39 exit mim i domain 10000 interface 0 1 match dot1ad 256 bridge 4000 flooding mac 00 00 00 22 22 22 exit router isis hostname BEB2 vlan database vlan 256 4000 exit configure interface 0 37 isis enable isis spbm exit interface 0 39 isis enable i...

Page 86: ...tomatic VLAN uplink Synchronization AVS VLAN administration is greatly automated These characteristics mean that the switch are very easy and secure for integration in any data center networking environment There are just two easy steps to integrate 1 Simply connect the switch with the upstream network No STP LAG and VLAN configuration is required 2 On the switch downlink ports assign VLANs for th...

Page 87: ...d normal switch mode Downlink ports are pinned only to uplink ports of the same pin group Each interfaces can only be part of a single pin group Packet switching between downlink ports is possible even when pinning is enabled Data loops are avoided with disabled switching between uplink ports Uplink port will filter traffic from downlink port returning on its uplink ports Mac address learning on u...

Page 88: ...nditions must match in order to successfully get a downlink port pinned to an uplink port 1 Downlink port and uplink port must have link status up and must belong to the same pin group 2 The uplink port must house ALL VLANs of the downlink port If the uplink port chosen by the round robin algorithm does not host all VLANs configured on the downlink port pinning process searches for another appropr...

Page 89: ...m down to up re pinning process waits per default 10 seconds to pin downlink ports to it This timer is user configurable 3 1 2 17 7 Link down relay In a pin group if there is no uplink port with link status up link down relay feature will shut down all downlink ports of that pin group 3 1 2 17 8 Internal network Within a pin group internal network is used to realize traffic switching between downl...

Page 90: ... state down Pinning process waits for downlink port up status With link state up Pinning process is waiting for the re pinning timer to expire Pinning Pinning in progress Disable Pinning is administratively disabled with port command no pinning used for internal metwork Do not wire uplink port and downlink in a same Pin Group because it may cause network loop When LAG interface is set as uplink an...

Page 91: ...MLDv2 protocol packets and bridge IPv6 multicast data based on destination IPv6 Multicast MAC Addresses The switch can be configured to perform MLD Snooping and IGMP Snooping simultaneously 3 1 3 3 Snooping querier The IGMP MLD Snooping Querier is an extension to the IGMP MLD Snooping feature It enhances the switch capability to simulate an IGMP MLD router in a Layer 2 network thus removing the ne...

Page 92: ...tiple times to aid reliability 3 1 3 6 MLD Multicast Listener Discovery v1 v2 Multicast Listener Discovery MLD protocol enables IPv6 routers to discover the presence of multicast listeners the nodes who wish to receive the multicast data packets on its directly attached interfaces On IPv6 multicast routers MLD replaces the functionality performed by IGMP on IPv4 networks MLD discovers which multic...

Page 93: ... up from a down state They are also transmitted when a graft is sent in response to a new member s subscription to an existing group or when a new group is subscribed When messages arrive the reverse path to the source of the message is discovered by examining the routing table If the message arrived on the interface that would be used to transmit the message back to the source the message is tran...

Page 94: ...th relatively plentiful bandwidth and with at least one multicast member in each subnet PIM DM assumes that all hosts are part of a multicast group and forwards packets to hosts until informed that group membership has changed A group membership change results in the multicast delivery tree being pruned The PIM DM protocol operates as follows 1 The first message for any source group pair is forwar...

Page 95: ... are generated periodically by the router directly attached to the Source Routing must be enabled on the switch and the applicable interfaces before PIM DM becomes enabled and operational The switch supports PIM DM Version 2 The PIM DM feature supports distributing both IPv4 and IPv6 routes 3 1 3 9 PIM SM Protocol Independent Multicast Sparse Mode As with PIM DM PIM SM is not dependent on any part...

Page 96: ...for a new group it looks up the RP associated with the group and sends a join message to the RP Upon reception of the first data packet the DR at the receiver s end automatically switches to the source s shortest path tree by initiating a PIM Join towards the source After sending the PIM Join as said above the DR also prunes the RP tree by initiating a PIM Prune message towards the RP This ensures...

Page 97: ...ast routing protocol parameters should be tuned to allow rapid detection of topology changes and prompt updating of the routing table PIM generally generates a high control load during the recovery time and this is directly proportional to the number of multicast route entries mostly receivers that need to be recovered 3 1 3 9 4 Source Specific Multicast PIM SSM Protocol Independent Multicast Sour...

Page 98: ...tem to move from one part of the network to another while maintaining the same IP address This option is optional and can be specified while configuring the DHCP on the interfaces IPv6 DHCPv6 client interactions are described by RFC 3315 The DHCPv6 client can configuration of IPv6 global address auto configuration on the network port service port as well as host and routing interfaces 3 1 4 2 DHCP...

Page 99: ...ed on trusted ports from DHCPv4 servers For RELEASE and DECLINE messages from the DHCPv4 client the DHCPv4 snooping compares the receive interface and VLAN with the client s interface and VLAN in the bindings database If the interfaces do not match the application drops the message IPv6 DHCPv6 snooping works only with DHCPv6 stateful server DHCPv6 snooping creates a tentative binding from SOLICIT ...

Page 100: ...isible to it In this case a L2 Relay agent can be used to add the further information that the L3 relay agent and DHCP server may need to complete the task required by the network administrator The DHCP relay agent s role was expanded by RFC 3046 which specifies the DHCP relay agent information option more commonly referred to as DHCP option 82 The relay agent may add this option to packets it rel...

Page 101: ...red to access the switch management interface A valid user can be defined on the switch locally or a Remote Authentication Server RAS The switch can be used with RADIUS TACACS and LDAP servers as the authentication server The system supports three privilege levels 0 1 and 15 for both users and commands where level 15 has the highest authority User level 0 blocks all the access which is convenient ...

Page 102: ...e authenticated tacacs yes yes no ldap yes yes no ias no no yes Use internal 802 1X authentication server ias Table 3 4 Authentication methods applicable for each authentication type The switch has an internal 802 1X authentication server ias feature that enables to separately create maintain and authenticate users for network 802 1X access 3 1 5 4 Password Management The following configuration i...

Page 103: ...the RADIUS server authentication 3 1 5 5 2 802 1X MAC based Authenticator The MAC Based Authentication is an extension to the 802 1X IEEE standard This feature focuses on supporting authentication of multiple clients per port that is though a port is authorized by one of the clients connected to the port the other clients that are connected to the same port of the switch do not have access to the ...

Page 104: ... on the server only when requests are received from a client that shares an encrypted secret with the server This secret is never transmitted over the network in an attempt to maintain a secure environment Any requests from clients that are not appropriately configured with the secret or access from unauthorized devices are silently discarded by the server RADIUS conforms to a client server model ...

Page 105: ...the switch the switch prompts for the user login credentials and requests services from the TACACS client The client then uses the configured list of servers for authentication and provides results back to the switch You can configure each server host with a specific connection type port timeout and shared key or you can use global configuration for the key and timeout 3 1 5 8 LDAP Lightweight Dir...

Page 106: ...TCP Flag TCP Flag SYN set and Source Port 1024 or TCP Control Flags 0 and TCP Sequence Number 0 or TCP Flags FIN URG and PSH set and TCP Sequence Number 0 or TCP Flags SYN and FIN set L4 Port Source TCP UDP Port Destination TCP UDP Port ICMPv4 Limiting the size of ICMP Ping packets TCP Port Source TCP Port Destination TCP Port UDP Port Source UDP Port Destination UDP Port TCP Flag Sequence TCP Fla...

Page 107: ... switch 3 1 5 11 Source Guard 3 1 5 11 1 IP Source Guard IP Source Guard IPSG is a security feature that filters IP packets based on source ID The source ID may either be source IP address or a source IP address source MAC address pair The network administrator configures whether enforcement includes the source MAC address The network administrator can configure static authorized source IDs The DH...

Page 108: ...he binding database and for all manual IPv6SG entries IPv6SG notifies the driver to install an ingress classifier rule permitting matching packets If source MAC checking is configured the classifier verifies that the source IPv6 address source MAC address pair matches a DHCP binding The hardware drops unauthorized packets If the number of stations on a port exceeds the available number of classifi...

Page 109: ...k Time Protocol RFC 1305 useful for situations where the full performance of NTP is not justified SNTP can operate in unicast mode point to point or broadcast mode point to multipoint Various NTP implementations can operate as either a client or a server To an NTP or SNTP server NTP and SNTP clients are indistinguishable Likewise to an NTP or SNTP client NTP and SNTP servers are indistinguishable ...

Page 110: ...quired Samples are not aggregated into a flow table on the switch they are forwarded immediately over the network to the sFlow receiver The sFlow system is tolerant to packet loss in the network because statistical modeling means the loss is equivalent to a slight change in the sampling rate sFlow receiver can receive data from multiple switches providing a real time synchronized view of the whole...

Page 111: ...of being sampled irrespective of the Packet Flow s to which it belongs Packet Flow Sampling is accomplished as follows A packet arrives on an interface A decision is made on whether or not to sample the packet The mechanism involves a counter that is decremented with each packet When the counter reaches zero a sample is taken A sample method which to take one packet from N coming packets is not ad...

Page 112: ...cated in the application layer the Statistics Manager draws required statistical information from components such as the NIM at the request of the client The Statistics Manager maintains a pool of current counters that may be updated or reset depending upon the client s requirements The components of the Statistics Manager outlined in the following sections communicate with each other internally t...

Page 113: ...countered CE This software WRED considers packets for early discard only when the number of packets queued for transmission on a port exceeds the relevant minimum WRED threshold Four thresholds are available for configuration The green yellow and red thresholds operate on TCP packets The fourth threshold operates on non TCP packets When ECN is enabled and congestion is experienced packets that are...

Page 114: ...other priorities PFC uses a unique control packet defined in IEEE 802 1Qbb therefore PFC is not compatible with 802 3x Flow Control FC An interface that is configured for PFC automatically disables FC When PFC is disabled on an interface the FC configuration for the interface becomes active Any FC frames received on a PFC configured interface are ignored 3 1 8 1 2 CN Congestion Notification Conges...

Page 115: ...duces a new 4 bit field called the Priority Group ID PGID ETS allows one or more priorities to be assigned to a PGID Each PGID is allocated a percentage of available bandwidth on the link Once allocated a PGID may only use the available bandwidth up to the maximum percentage allocated The CoS Queuing feature allows the switch administrator to directly configure certain aspects of the device hardwa...

Page 116: ... the enhanced Ethernet transport service over the native Ethernet cloud in combination with other data center technologies like PFC ETS CN and DCBX Only transit switch functionality is supported FCoE Forwarders FCF functionality is not supported The FCoE Initialization Protocol FIP is used to perform the functions of FC_BB_E device discovery initialization and maintenance FIP uses a separate Ether...

Page 117: ...an operate with either mode of the ER of connected virtualized server In EVB mode the bridge do reflect relay service to forward received frames on a same port EVB station use VDP protocol to associate VSI and apply VSI filter configuration on station facing bridge port SBP of EVB Bridge If both EVB station and bridge supports S channel the EVB station can support multiple ERs 3 1 8 4 DCVPN Gatewa...

Page 118: ...ated with a specific VNID on a given router However the VLAN ID used has no significance beyond that router and so the same ID can be used on other routers In this case the number of tenant networks is not limited to VLAN ID space i e 4096 All ingress ports that are members of specified VLAN ID are treated as access ports for the VPN identified by VNID This defines the access port set for the spec...

Page 119: ... functions are not supported IPv6 coexists with IPv4 Like IPv4 IPv6 routing can be enabled on the physical and VLAN interfaces Each Layer 3 routing interface can be used for IPv4 IPv6 or both Using IPv6 does not affect to higher layer protocols such as UDP and TCP For this reason a single dual IP stack provided by the Linux operating system is used for both IPv4 and IPv6 transfers A single socket ...

Page 120: ...r of IPv4 and IPv6 has many similarities Even in IPv6 the address still has a network prefix part network part and a device interface specific part host part Although the length of the network part is still variable it is standard for most users to use a 64 bit network prefix length The remaining 64 bits are the interface specific part which is called an Interface ID in IPv6 Depending on the under...

Page 121: ...f IPv6 packets can be received by the CPU per second Configuration change to enable or disable the generation of IPv6 redirect packet to the source node A negative IPv6 neighbor entry that resolves CPU churn problems caused by consecutive CPU bound IPv6 data communications due to unreachability of the data destination host or next hop Configurable options that allow you to send router advertisemen...

Page 122: ... connected devices The ARP cache has five kinds of entries local static dynamic gateway negative Static entries are manually configured entries and are not subject to aging Dynamic entries associate the neighboring device s IP address with the MAC address A gateway entry is a dynamic entry whose IP address is the next hop address of one or more routes on the routing table Since the absence of a ga...

Page 123: ...method of the industry also called administrative distance in determining route priorities The priority ranges from 1 to 255 The default priority of different types of routes can be set If there are multiple routes to the same destination the routing table selects the route with the lowest priority value as the optimal route A route with a priority of 255 is never selected as an optimal route The ...

Page 124: ...ng interface can be set by option setting For port based routing interfaces VLAN IDs are not reserved If the port based routing interface is not created all VLAN IDs can be used for other usage The VLAN routing interface is created by enabling routing on the VLAN The VLAN routing interface includes all the physical ports that are members of the VLAN A routing interface is considered as up when one...

Page 125: ...2 protocol on the routing interface is not recommended as the network may have unpredictable behavior if the L2 protocol function is enabled on the port included in the VLAN routing interface 3 1 9 9 3 IP MTU Maximum Transmission Unit IP MTU is the maximum length of IP packets that can be sent on the routing interface The default for the IP MTU on each routing interface is the Layer 2 or link MTU ...

Page 126: ... for router to router links not for router to host links The implementation of the unnumbered interface follows the industry standard practices and guidance described in RFC 5309 Each routing interface can be borrowed from an IP address from the loopback interface and can be used for all routing activities The IP unnumbered function was originally developed to avoid wasting the entire subnet on a ...

Page 127: ...to the SSH client is 10 1 1 1 For management traffic such as ping and traceroute you can use software to set the source IP address When the administrator sets the source address the software binds the socket used to send the packet to that source address The bind operation sets the source address before the route lookup The routing table for the default route on the network and service port is sep...

Page 128: ...rger than the IP MTU on the outgoing interface IPv4 packets larger than the IP MTU are discarded and an ICMP destination unreachable message is sent to the source of the data packet IPv4 packets sent by the router follow different paths Applications typically send these packets to the socket via the IP stack The IP stack forwards these packets using its own routing table which contains the routing...

Page 129: ...routing table Static A static route is a route that you add manually to the routing table Static Reject Packets that match reject routes are discarded not forwarded The router may send an ICMP destination unreachable message 3 1 9 13 Route Redistribution This product supports route redistribution between routing protocols Network administrators may redistribute configured static routes or directly...

Page 130: ...vice running RIP can receive a default network via an update from another device running RIP or can send a default network using RIP In either case the default network is advertised to other RIP neighbors via RIP 3 1 9 14 1 Authentication in RIP By default the software will receive RIP version 1 RIPv 1 and RIPv 2 packets but only RIPv 1 packets will be sent It is also possible to configure the sof...

Page 131: ...of large scale networks are improved Aggregating the IP address means that there is no entry for the child route route created for any combination of individual IP addresses included in the summary address in the RIP routing table the size of the table becomes smaller This means that the router will be able to handle more routes When RIP determines that an aggregate address is required for the RIP...

Page 132: ...ol is performed globally or per interface Filtering is controlled by the IPv6 distribution list Input distribution lists control route reception and input filtering is applied to advertisements received from neighbors Only routes that pass input filtering are inserted into the RIP local routing table and become candidates for insertion into the IPv6 routing table The output distribution list contr...

Page 133: ...network connecting only routers Hiding the transit only network speeds up the convergence of the network and reduces the vulnerability to remote attacks against routers in the transit only network 3 1 9 15 2 Automatic Exiting of Stub Router Mode OSPF goes into stub router mode and notifies other routers not to use the router as a transit point This is accomplished by setting the metric of the tran...

Page 134: ...is product this routing table is called RTO Note that RTO accepts ECMP routes but RTO does not combine routes from different sources to create ECMP routes In Figure 3 14 assume that OSPF is configured only on one of the links between Router A and Router B On Router A OSPF reports to RTO the route to 20 0 0 0 8 where 10 1 1 2 is the next hop If the user configures a static route to 20 0 0 0 8 that ...

Page 135: ...6 OSPFv3 is an Open Shortest Path First OSPF routing protocol for IPv6 This is similar to OSPFv2 in terms of link state database intra inter area and AS external routes and virtual links Also it differs from the corresponding part of IPv4 in several respects Peering was done using the link local address the protocol was not a network centric but a link the addressing semantics were migrated to the...

Page 136: ...ream This switch supports BGP version 4 The following BGP features are supported Proprietary BGP MIB support for reporting status variables and internal counters Support for inbound and outbound neighbor specific route maps iBGP BGP peer between BGP routers on the same AS eBGP BGP peer between BGP routers at different AS Handling the BGP RTO full condition Support for the maximum number of BGP nei...

Page 137: ...forwarding role are handed over to the backup VRRP router 3 1 9 17 2 VRRP Router Priority The VRRP router priority is a value between 1 and 255 which determines which router is the master The higher the number the higher the priority If the virtual IP address is the IP address of the VLAN routing interface on one of the routers in the VRRP group the router with the same IP address as the virtual I...

Page 138: ...n the case of the default gateway is a virtual router that does not respond to pings You can enable the system to respond to the ping sent to the virtual IP address by enabling the accept mode of the VRRP function This feature allows for response to pings for virtual routers but does not allow VRRP masters to accept other types of packets The VRRP master responds to both fragmented ICMP echo reque...

Page 139: ... VRRP router decreases by the priority decrement value When a tracked route is added to the routing table the priority is incremented by the same value 3 1 9 18 ECMP Equal Cost Multi Path 3 1 9 18 1 ECMP Hash Selection Users can choose the load balancing sharing algorithm used to select the final ECMP route Using the CLI you can select a combination of various IP header fields including the intern...

Page 140: ...ion That is if the destination UDP port of the packet matches the entry on the ingress interface that packet is processed according to the interface configuration If the packet does not match the entry on the ingress interface the packet is processed according to the global IP helper configuration The network administrator can set a discard relay entry that instructs to discard the packet that mat...

Page 141: ...DHCP client packet When the relay agent receives a broadcast UDP packet on the routing interface it checks whether the interface is configured to relay the destination UDP port If configured the relay agent unicasts the packet to the configured server IP address If it is not configured the relay agent checks whether there is a global configuration of the destination UDP port If there is a global c...

Page 142: ...ter Administrators cannot log into the switch and manage the switch via one of the IP addresses on the non default VR The service port and the network port are always associated with the default router so the customers are able to manage the switch via these interfaces SNMP Management Only the default router can be managed via SNMP AAA The Authentication Authorization and Accounting protocols incl...

Page 143: ...rs on the same physical switch This requires support for BGP extended communities and route targets IPv6 VRF Lite supports only IPv4 IPv6 data forwarding and protocols are not supported IP Multicast VRF supports only IPv4 unicast routing Policy Based Routing PBR is a routing policy feature useful in overriding routing decisions with programmable rules PBR is supported only in the default router DH...

Page 144: ...ccess vlan 20 Hostname Interface 0 5 exit 3 2 1 2 tagging VLAN This section explains how to set up when sending and receiving tagged packets from two VLANs in each VLAN on one port Conditions Assign VLAN 10 with tagging to port 0 1 Assign VLAN 20 with tagging to port 0 5 Commands Hostname vlan database Hostname Vlan vlan 10 20 Hostname Vlan exit Hostname configure Hostname Config interface 0 1 Hos...

Page 145: ... static Hostname Interface lag 1 switchport mode trunk 3 2 3 VPC This section explains how to set up VPC connection from two switches connected by two peer links one from port 1 to the other switch Conditions SW1 Set port 1 to VPC and connect ports 2 and 3 to SW2 as peer links SW2 Set port 1 to VPC and connect ports 2 and 3 to SW1 as peer links Commands SW1 SW1 configure SW1 Config feature vpc SW1...

Page 146: ...P address in the ACL Conditions Allow only packets from specific MAC address Commands Hostname configure Hostname Config mac access list extended mac1 Hostname Config mac access list permit 00 00 00 00 aa bb ff ff ff ff 00 00 any Hostname Config mac access list exit Conditions Only packets from specific IP addresses are blocked Commands Hostname configure Hostname Config ip access list ip1 Hostnam...

Page 147: ...Set the interface 0 19 port as the target port Commands Hostname configure Hostname Config monitor session 1 source interface 0 1 Hostname Config monitor session 1 destination interface 0 19 Hostname Config monitor session 1 mode 3 2 7 LLDP function Conditions Enables the sending and receiving of LLDP in port 0 15 Commands Hostname configure Hostname Config interface 0 15 Hostname Interface 0 15 l...

Page 148: ...face 0 1 3 2 9 EHM Conditions Set interfaces 0 1 0 8 as Uplink ports of EHM Set interfaces 0 9 0 17 as Downlink ports of EHM Commands Hostname configure Hostname Config pin group ehm1 Hostname Config interface 0 1 0 8 Hostname Interface 0 1 0 8 pin group ehm1 uplink Hostname Config interface 0 9 0 17 Hostname Interface 0 9 0 17 pin group ehm1 downlink Hostname Interface 0 9 0 17 exit 3 2 10 LDAP C...

Page 149: ... 192 168 15 44 Escape character is User test001 Password login success When you login to the switch as the user test002 who is under ou User ou hyocen o fujitsu dc com you have to type user name as following User test002 ou User Password login success 3 3 Switch Parameters Parameter name Default value Switching method Store Forward 10G SFP 10G base T FUJITSU PSWITCH 2048T Transmission speed 100 10...

Page 150: ...s IP interfaces Only generate link local address Management account User name admin Password n a DHCP client Service Port OOB DHCPv4 Enabled Other disabled DNS client Domain Name Lookup Enabled Number of retries 2 times Retry timeout period 3 seconds LLMNR Enabled telnet SSH auto logoff 5 minutes Console auto logoff 5 minutes System Log System log transmission Not supported Facility 0 kern 1 user ...

Page 151: ...ne Interface CLI Telnet and SSH access NETCONF Network Configuration Protocol SNMP Simple Network Management Protocol RMON Remote Monitoring Configuration Management Triple configuration files Configuration import export Configuration script OVSDB Open vSwitch Database DHCP Dynamic Host Configuration Protocol DHCP client DHCP snooping DHCP relay DHCP L2 relay DHCP server Auto discovery Layer 2 Swi...

Page 152: ...management Multiple user support Priviledge level Accounting monitoring user activity Authentication 802 1X 802 1X Port based authenticator 802 1X MAC based authenticator RADIUS client support TACACS client support LDAP client support DoS attack protection IP IPv6 Source Guard Dynamic ARP Inspection System Utility SNTP Simple Network Time Protocol sFlow Sampled flow Ping Traceroute Uploading and d...

Page 153: ...v1 v2 and RIPng OSPF OSPFv2 and OSPFv3 adjustable Reference Bandwidth Authentication ASCII MD5 BGP4 IPv4 IPv6 VRRP Authentication ASCII MD5 ECMP Multinetting UDP Relay IP Helper DNS Client and DNS Relay Link Local Multicast Name Resolution LLMNR Virtual Routing and Forwarding VRF Table 3 10 Functions supported by this switch 3 5 Software Feature Combination Matrix There are some combinations of fe...

Page 154: ...ayer 2 functions can not be used in combination with Layer 3 functions RIP RIPng OSPF BGP IGMP DVMRP PIM SM PIM DM VRF PBB SPB EHM Loop detection STP VPC GVRP MVRP GMRP MMRP For the following functions there are the following notes regarding combination with Layer 3 functions VPC It is not possible to use RIP OSPF BGP on the same interface GVRP MVRP You can not share the same VLAN on a Layer 3 int...

Page 155: ... Last updated 2003 08 25 IANA RTPROTO MIB Published by IANA Last updated 2000 09 26 IEEE8021 CN MIB IEEE 802 1Qau 2010 IEEE8021 PAE MIB IEEE 802 1X 2001 IEEE8021 PFC MIB IEEE 802 1Qbb Last updated 2010 02 08 IEEE8021 TC MIB IEEE 802 1Q 2005 IF MIB RFC 2863 INET ADDRESS MIB RFC 3291 IP FORWARD MIB draft ietf ipv6 rfc2096 update 07 txt IP MIB RFC 2011 IPMROUTE STD MIB RFC 2932 IPV6 ICMP MIB RFC 2466...

Page 156: ...MMUNITY MIB RFC 3584 SNMP FRAMEWORK MIB RFC 3411 SNMP MPD MIB RFC 3412 SNMP NOTIFICATION MIB RFC 3413 SNMP TARGET MIB RFC 3413 SNMP USER BASED SM MIB RFC 3414 SNMPv2 MIB RFC 3418 SNMP VIEW BASED ACM MIB RFC 3415 TCP MIB RFC 4022 TRANSPORT ADDRESS MIB RFC 3419 UDP MIB RFC 4113 VRRP MIB RFC 2787 Vendor MIB BROADCOM REF MIB FASTPATH QOS MIB FASTPATH QOS DIFFSERV PRIVATE MIB FASTPATH QOS COS MIB FASTP...

Page 157: ...C Another management network IP address may also be needed if the management port of this switch does not have any IP address yet Please make sure beforehand that one or two IP addresses are available for this purpose Other requirements for maintenance support The preparation for the following items and information are also expected for the efficient support Console cable which is packed together ...

Page 158: ...s responsibility will exempted In the following explanation it is assumed that a terminal PC referred to as FST S is used which has a file transfer service and stores configuration files and necessary firmware images and so on Main unit maintenance parts include FAN Unit and Power Unit When replacing the main unit please replace the FAN unit and the power supply unit together It is principle that ...

Page 159: ...where each cable is connected 4 To reduce the weight of the device remove the both power supply units form the failed device 5 Unmount the failed device from the 19 inch rack Figure 4 3 Unmount device from rack 6 Insert the both power supply units to the failed device 7 Remove the SFP modules from the failed device Please refer to the installation procedure of the SFP module described in 13 ...

Page 160: ... procedure of the rack rail and the L shaped bracket described in 9 9 Replace the failed device with the spare device Remove the rack rail and L shaped bracket from the failed device And attach the rack rails and L shaped brackets to the spare device Figure 4 4 Attachment of rack rail Figure 4 5 Attachment of L shaped bracket You can see the unit label on the L shaped bracket FUJITSU PSWITCH 2048T...

Page 161: ... power supply units form the spare device 11 Insert the spare device onto the rack Insert this device from the rear side of the rack You can see the unit label on the L shaped bracket from the rear side of the rack MODEL PY SWX48T SERIAL MAGU Label on which the model name and the serial number are written PSWITCH V V ...

Page 162: ...s Guide 162 December 2018 Figure 4 7 Insert the device onto the rack Figure 4 8 Fix the bracket to the frame 12 Insert the both power supply units to the device 13 Insert the removed SFP modules to their original positions ...

Page 163: ...re device to the terminal PC FST S with a serial cable Insert the RJ 45 connector to the console port on the device This connection is used for configuration restoration and firmware upgrade Figure 4 10 Console Port Connection 15 Connect the management port of the spare device to the terminal PC with a LAN cable ...

Page 164: ...iguration of the device and for updating the firmware of the device 16 Plug in the power cable to the power connector and power on the switch 1 Plug the power cable s plug into the power socket of the PSU In the same way connect the other power cable into the other PSU Figure 4 12 Power Supply Unit 2 Lock the power cable as shown below ...

Page 165: ...Restore configuration file 21 If SNTP server is not valid set the time manually to the spare device 22 Connect all the network cables to the switch ports 23 Check the system status Check the firmware version with the show version command Command Execution Example ET 7648BRA FOS show version Current Runtime Version 1 0 8 Current Runtime Build Time Wed Jun 21 11 07 38 CST 2017 First Runtime Version ...

Page 166: ...rational Power Modules Unit Power supply Description Type State 1 1 PSU 1 Removable Operational 1 2 PSU 2 Removable Not present Power Consumption Unit Power supply Current mA Voltage mV Watt mW 1 1 8758 11869 103948 1 2 0 0 0 Battery Status GOOD Please confirm that the state of Temperature Sensors are Level1 or Normal Please confirm that the state of Fans are Operational Please confirm that the st...

Page 167: ...vice and are possible to be installed and replaced as hot plug unit during the switch in operation This switch has two power units The Power units provide 1 1 redundant and support hot swapping In the following explanation it is assumed that a terminal PC referred to as FST S is used to check the power unit status after replacement Hot Swap The case in which replaced without power off of the switc...

Page 168: ...s Unit Power supply Description Type State 1 1 PSU 1 Removable Operational 1 2 PSU 2 Removable Operational Power Consumption Unit Power supply Current mA Voltage mV Watt mW 1 1 8758 11869 103948 1 2 0 0 0 Battery Status GOOD Please confirm the State of Power Modules are Operational Cold Swap The case in which replaced with power off of the switch 1 Plug out the power cable from the failed power un...

Page 169: ... 9929 52 Operational 1 5 Fan 5 Removable 9929 52 Operational 1 6 Fan 6 Removable 10031 52 Operational Power Modules Unit Power supply Description Type State 1 1 PSU 1 Removable Operational 1 2 PSU 2 Removable Operational Power Consumption Unit Power supply Current mA Voltage mV Watt mW 1 1 8758 11869 103948 1 2 0 0 0 Battery Status GOOD Please confirm the State of Power Modules are Operational 4 5...

Page 170: ...reflected on the system LED and it blinks yellow Additionally these events are checked very one hour and if error is detected the event is reported with SNMP trap and recorded in the system log 4 6 How to Replace Battery FRU Field Replaceable Unit Maintenance procedures of Field Replaceable Unit can only be performed by Fujitsu service personnel or Fujitsu trained technical personnel Please be awa...

Page 171: ... Ports Left side 4 places Right side 4 places Side on PSU FAN 9 places Side on Ports 6 places Total 23 places PSWITCH 4032P Side on PSU FAN Side on Ports Left side 3 places Right side 3 places Side on PSU FAN 6 places Side on Ports 6 places Total 18 places 2 Remove the top cover of the switch 2 Remove the battery ...

Page 172: ...re 4 14 Location of Battery 1 Insert the tip of tweezers into the gap between the battery and the minus terminal of the battery holder and hold down the battery with your finger not to jump it up PSWITCH 2048T PSWITCH 2048P PSWITCH 4032P Battery Battery ...

Page 173: ...attery from the holder 3 Install the new battery 1 Facing up the positive terminal side of the battery push the battery against the positive terminal in the holder to set it into the holder At this time be careful not to bend the contact pin red circle in the picture which is positive terminal of the holder ...

Page 174: ...ecember 2018 2 As in the picture push the left side of the battery with your finger to set the battery into the holder 3 Make sure that the contact pin red circle in the picture of the positive terminal of the battery holder is not bent ...

Page 175: ...e battery Use show environment command Command Execution Example ET 7648BRA FOS show environment Temperature Sensors Unit Sensor Description Temp C State Max_Temp C 1 1 MAC 38 Level 1 41 1 2 10GE 39 Level 1 41 1 3 System CPLD 40 Level 1 44 1 4 CPU 31 Level 1 35 Fans Unit Fan Description Type Speed Duty level State 1 1 Fan 1 Removable 10031 52 Operational 1 2 Fan 2 Removable 9929 52 Operational 1 3...

Page 176: ...ns of Device Temperature In this product the state of the internal temperature sensor is defined as follows When the state of the internal temperature sensor reaches the following state take measures as indicated in the Action column You can refer the state of the internal temperature sensor by executing show environment command on the CLI The temperatureStateChange trap will be issued when the te...

Page 177: ...nvironment temperature if it does not complying with the operating condition take appropriate action to meet the operating condition Review the condition in around the device improve the ventilation condition of the device Level2 Warning 45 60 40 55 No action is required This device may be in this state when it is under high load or if the environmental temperature exceeds 30 Level1 Normal 30 45 2...

Page 178: ...ing information used in IP host function IPv4 Number of routes registered 8160 Number of static routes registered 64 Routing information used in IP host function IPv6 Number of RA routes registered 7 Number of static routes registered 64 Filtering information Maximum number of MAC filter definitions Multicast 1024 Unicast 20 Maximum IPv6 filter definitions n a ACL definitions No software limit AAA...

Page 179: ...X on management port IEEE 802 3ab 1000BASE T on management port IEEE 802 3x Flow Control IEEE 802 3z 1000BASE X IEEE 802 3ae 10Gb s Ethernet IEEE 802 3ba 40Gb s Ethernet Interface Information Interface 10G BASE T RJ45 port x 48 Quad Small Form factor Pluggable QSFP slot x 6 10 100 1000Mbps Management port x 1 External Console port RJ45 x 1 USB port x 1 Reset button x 1 out of support coverage Micr...

Page 180: ...mSATA SSD System memory 4GB DDR3 SDRAM Network Protocol and Standards Compatibility Network protocol compatibility IEEE 802 3 10Base T on management port IEEE 802 3u 100Base TX on management port IEEE 802 3ab 1000BASE T on management port IEEE 802 3x Flow Control IEEE 802 3z 1000BASE X IEEE 802 3ae 10Gb s Ethernet IEEE 802 3ba 40Gb s Ethernet Interface Information Interface Small Form factor Plugg...

Page 181: ... Management port CPU Intel Rangeley C2338 Processor Flash 16MB SPI Flash x 1 Storage 8GB mSATA SSD System memory 4GB DDR3 SDRAM Network Protocol and Standards Compatibility Network protocol compatibility IEEE 802 3 10Base T on management port IEEE 802 3u 100Base TX on management port IEEE 802 3ab 1000BASE T on management port IEEE 802 3x Flow Control IEEE 802 3ae 10Gb s Ethernet IEEE 802 3ba 40Gb ...

Page 182: ...40 x 460 x 44 mm 17 32 x 18 11 x 1 73 inch Weight 8 8 kg Included PSU x2 Environmental Specifications Operating temperature 0 to 40 C Storage temperature 20 to 70 C Operating humidity 10 to 90 RH Storage humidity 5 to 95 RH Table 6 3 Technical specification FUJITSU PSWITCH 4032P ...

Page 183: ...ps github com onie o nie blob master COPYI NG https github com openc omputeproject onie relea ses tag 2015 05 Add Functions Memtest86 5 01 GPL v2 http www memtest org http www memtest org download 5 01 memtest 86 5 01 tar gz Add Functions Linux kernel 3 2 25 GPLv2 https www gnu org lice nses old licenses gpl 2 0 html https www kernel org p ub linux kernel v3 x Modify Functions Runtime Linux kernel...

Page 184: ...VS 2 3 0 Apache License V2 0 http openvswitch org http openvswitch org rel eases openvswitch 2 3 0 t ar gz Modify Functions Libnetconf 0 9 BSD 3 Clause https www openhub ne t p libnetconf https github com cesnet libnetconf Modify Functions Linux Pam 1 1 8 BSP GPL https en wikipedia org wiki Linux_PAM https fedorahosted org r eleases l i linux pam No Flashrom 0 9 9 GPL https en wikipedia org wiki F...

Page 185: ...ftware and to any other program whose authors commit to using it Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead You can apply it to your programs too When we speak of free software we are referring to freedom not price Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software and c...

Page 186: ...any free program is threatened constantly by software patents We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary To prevent this we have made it clear that any patent must be licensed for everyone s free use or not licensed at all The precise terms and conditions for copying distribution and modificati...

Page 187: ... also meet all of these conditions a You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change b You must cause any work that you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this License c If t...

Page 188: ...hree years to give any third party for a charge no more than your cost of physically performing source distribution a complete machine readable copy of the corresponding source code to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange or c Accompany it with the information you received as to the offer to distribute corresponding source c...

Page 189: ...ks based on it 6 Each time you redistribute the Program or any work based on the Program the recipient automatically receives a license from the original licensor to copy distribute or modify the Program subject to these terms and conditions You may not impose any further restrictions on the recipients exercise of the rights granted herein You are not responsible for enforcing compliance by third ...

Page 190: ...r by copyrighted interfaces the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries so that distribution is permitted only in or among countries not thus excluded In such case this License incorporates the limitation as if written in the body of this License 9 The Free Software Foundation may publish...

Page 191: ...NCE OF THE PROGRAM IS WITH YOU SHOULD THE PROGRAM PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR CORRECTION 12 IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER OR ANY OTHER PARTY WHO MAY MODIFY AND OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE BE LIABLE TO YOU FOR DAMAGES INCLUDING ANY GENERAL SPECIAL INCIDENTAL OR CONSEQUEN...

Page 192: ...se or at your option any later version This program is distributed in the hope that it will be useful but WITHOUT ANY WARRANTY without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE See the GNU General Public License for more details You should have received a copy of the GNU General Public License along with this program if not write to the Free Software Foundati...

Page 193: ... any to sign a copyright disclaimer for the program if necessary Here is a sample alter the names Yoyodyne Inc hereby disclaims all copyright interest in the program Gnomovision which makes passes at compilers written by James Hacker signature of Ty Coon 1 April 1989 Ty Coon President of Vice This General Public License does not permit incorporating your program into proprietary programs If your p...

Page 194: ...inition control means i the power direct or indirect to cause the direction or management of such entity whether by contract or otherwise or ii ownership of fifty percent 50 or more of the outstanding shares or iii beneficial ownership of such entity You or Your shall mean an individual or Legal Entity exercising permissions granted by this License Source form shall mean the preferred form for mak...

Page 195: ...resentatives including but not limited to communication on electronic mailing lists source code control systems and issue tracking systems that are managed by or on behalf of the Licensor for the purpose of discussing and improving the Work but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as Not a Contribution Contributor shall mean...

Page 196: ...those notices that do not pertain to any part of the Derivative Works and d If the Work includes a NOTICE text file as part of its distribution then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file excluding those notices that do not pertain to any part of the Derivative Works in at least one of the following places ...

Page 197: ...or FITNESS FOR A PARTICULAR PURPOSE You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License 8 Limitation of Liability In no event and under no legal theory whether in tort including negligence contract or otherwise unless required by applicable law such as deliberate and ...

Page 198: ... version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License supplemented by the additional permissions listed below 0 Additional Definitions As used herein this License refers to version 3 of the GNU Lesser General Public License and the GNU GPL refers to version 3 of the GNU General Public License The Library refers to a c...

Page 199: ...tion but excluding the System Libraries of the Combined Work 1 Exception to Section 3 of the GNU GPL You may convey a covered work under sections 3 and 4 of this License without being bound by section 3 of the GNU GPL 2 Conveying Modified Versions If you modify a copy of the Library and in your modifications a facility refers to a function or data to be supplied by an Application that uses the fac...

Page 200: ...minent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License b Accompany the Combined Work with a copy of the GNU GPL and this license document c For a Combined Work that displays copyright notices during execution include the copyright notice for the Library among these notices as well as a reference directing the us...

Page 201: ...combined library under terms of your choice if you do both of the following a Accompany the combined library with a copy of the same work based on the Library uncombined with any other library facilities conveyed under the terms of this License b Give prominent notice with the combined library that part of it is a work based on the Library and explaining where to find the accompanying uncombined f...

Page 202: ... of acceptance of any version is permanent authorization for you to choose that version for the Library Red Hat eCos Public License v1 1 Full name Red Hat eCos Public License v1 1 Short identifier RHeCos 1 1 Other web pages for this license http ecos sourceware org old license html Notes None Text Red Hat eCos Public License v1 1 1 DEFINITIONS 1 1 Contributor means each entity that creates or cont...

Page 203: ... means Source Code of computer software code which is described in the Source Code notice required by Exhibit A as Original Code and which at the time of its release under this License is not already Covered Code governed by this License 1 11 Source Code means the preferred form of the Covered Code for making modifications to it including all modules it contains plus any associated interface defin...

Page 204: ...n exclusive license subject to third party intellectual property claims a to use reproduce modify display perform sublicense and distribute the Modifications created by such Contributor or portions thereof either on an unmodified basis with other Modifications as Covered Code or as part of a Larger Work and b under patents now or hereafter owned or controlled by Contributor to Utilize the Contribu...

Page 205: ...umenting the changes You made to create that Covered Code and the date of any change You must include a prominent statement that the Modification is derived directly or indirectly from Original Code provided by the Initial Developer and including the name of the Initial Developer in a the Source Code and b in any notice in an Executable version or related documentation in which You describe the or...

Page 206: ...nse including a description of how and where You have fulfilled the obligations of Section 3 2 The notice must be conspicuously included in any notice in an Executable version related documentation or collateral in which You describe recipients rights relating to the Covered Code You may distribute the Executable version of Covered Code under a license of Your choice which may contain terms differ...

Page 207: ... LICENSE This License applies to code to which the Initial Developer has attached the notice in Exhibit A and to related Covered Code Red Hat may include Covered Code in products without such additional products becoming subject to the terms of this License and may license such additional products on different terms from those contained in this License Red Hat may license the Source Code of Red Ha...

Page 208: ...SE OR NON INFRINGING THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU SHOULD ANY COVERED CODE PROVE DEFECTIVE IN ANY RESPECT YOU NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR ASSUME THE COST OF ANY NECESSARY SERVICING REPAIR OR CORRECTION THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE NO USE OF ANY COVERED CODE IS AUTHORIZED HEREUNDE...

Page 209: ...ense is held to be unenforceable such provision shall be reformed only to the extent necessary to make it enforceable This License shall be governed by California law provisions except to the extent applicable law if any provides otherwise excluding its conflict of law provisions With respect to disputes in which at least one party is a citizen of or an entity chartered or registered to do busines...

Page 210: ...ven if such marks are included in the Original Code You may contact Red Hat for permission to display the Red Hat and eCos marks in either the documentation or the Executable version beyond that required in Exhibit B Inability to Comply Due to Contractual Obligation To the extent that Red Hat is limited contractually from making third party code available under this License Red Hat may choose to i...

Page 211: ...ED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT...

Page 212: ...the documentation and or other materials provided with the distribution THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCI...

Page 213: ...copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN...

Page 214: ... in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http ...

Page 215: ...IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS...

Page 216: ...wing conditions are aheared to The following conditions apply to all code found in this distribution be it the RC4 RSA lhash DES etc code not just the SSL code The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson tjh cryptsoft com Copyright remains Eric Young s and as such any Copyright notices in the code are not to be r...

Page 217: ...ledgement This product includes cryptographic software written by Eric Young eay cryptsoft com The word cryptographic can be left out if the rouines from the library being used are not cryptographic related 4 If you include any Windows specific code or a derivative thereof from the apps directory application code you must include an acknowledgement This product includes software written by Tim Hud...

Page 218: ...RICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The licence and distribution terms for any publically available version or derivative of this code cannot be changed i e this code cannot simply be copied and put under another distribution licence including the GNU Public Licence ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands