HPE Aruba 3810 Multicast And Routing Manual Download Page 137 | Manualshive

Page: 137 / 456

background image

This output indicates ARP throttle is enabled, filtering ARP packets according to the default packet threshold and
aging-time settings. ARP packets from a device identified as 000f20-aeaec0 are excluded from ARP throttling,
and statistics indicate 4 blacklisted clients and the ARP packet traffic of 180 clients being tracked.

switch# show ip arp-throttle

Source MAC Based ARP Attack Detection Information

Enabled : Yes

Remediation Mode : Filter

Threshold (pkt) : 30

Blacklist Age (sec) : 300

Excluded MAC List

-----------------

000f20-aeaec0

Clients in Blacklist : 4

Clients Being Tracked : 180

NOTE:

The “Clients in Blacklist” and “Clients being Tracked” counters shown above operate only when ARP
throttle is enabled. Rebooting the switch restarts the counters from zero. Executing any of the
following commands causes the switch to reset these counters to zero:

•

ip arp-throttle enable

(Starts the counters from zero.)

•

no ip arp-throttle enable

(Resets the counters to zero.)

•

ip arp-throttle remediation-mode <monitor | filter>

(Restarts the counters from zero if the

ip arp-throttle remediation-mode

setting is

changed.)

NOTE:

If a failover occurs on a 5400R switch, the switch maintains the blacklist status of any currently
blacklisted clients. However, the current list of tracked clients is cleared and restarted.

Identifying blacklisted and restored clients

The switch event log records an entry when

ip arp-throttle

blacklists a client, removes a client from the blacklist,

or drops an ARP packet received from a blacklisted client. Use the show logging command to display entries for
these actions.

Example

switch# show logging -r

Keys: W=Warning I=Information

M=Major D=Debug E=Error

---- Reverse event Log listing: Events Since Boot ----

W 02/16/16 22:57:16 02539 arpt: ST1-CMDR: Client 20fdf1-e0935b exceeds the limit of ARP packets and is blacklisted.

W 02/16/16 22:57:16 02541 arpt: ST1-CMDR: An ARP packet from blacklist client 20fdf1-e0935b is dropped. (4 times in 60 seconds)

W 02/16/16 22:57:03 02539 arpt: ST1-CMDR: Client d0bf9c-13c149 exceeds the limit of ARP packets and is blacklisted.

I 02/16/16 21:52:05 02540 arpt: ST1-CMDR: Client 20fdf1-e0935b is moved out of blacklist due to inactivity.

Chapter 5 Routing Basics

137

«
...
135
136
137
138
139
...
»

Summary of Contents for Aruba 3810

Page 1: ...Aruba 3810 5400R Multicast and Routing Guide for ArubaOS Switch 16 08 Part Number 5200 5492 Published December 2018 Edition 1 ...

Page 2: ...ter Software Computer Software Documentation and Technical Data for Commercial Items are licensed to the U S Government under vendor s standard commercial license Links to third party websites take you outside the Hewlett Packard Enterprise website Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website Acknowledgments In...

Page 3: ...or leaving a multicast domain 27 Informs the VLAN which IGMP proxy domains to use with joins on the VLAN 28 Viewing the IGMP proxy data 28 IGMP general operation and features 29 Options 29 Number of IP multicast addresses allowed 30 How IGMP operates 30 Operation with or without IP addressing 31 Automatic fast leave IGMP 32 Default enabled IGMP operation solves the delayed leave problem 33 Forced ...

Page 4: ... PIM hello messages on the current VLAN 56 Changing maximum time before the routing switch transmits the initial PIM hello message on the VLAN 57 Changing the interval the routing switch waits for the graft ack from another router before resending the graft request 57 Changing the number of times the routing switch retries sending the same graft packet to join a flow 57 Enabling the LAN prune dela...

Page 5: ...ent multicast PIM 86 Configuring PIM SM on the router 87 Global configuration context for supporting PIM SM 87 Configuring global context commands 87 VLAN context commands for configuring PIM SM 89 Enabling or disabling IGMP in a VLAN 89 Enabling or disabling PIM SM per VLAN 89 Changing the interval for PIM SM neighbor notification 90 Changing the randomized delay setting for PIM SM neighbor notif...

Page 6: ...lt BSR configuration settings 112 Displaying the current RP set 112 Displaying C RP data 113 Displaying the router s C RP status and configuration 113 Listing non default C RP configuration settings 114 PIM SM overview 115 PIM SM features 115 PIM SM operation and router types 116 PIM SM operation 116 Rendezvous point tree RPT 116 Shortest path tree SPT 117 Shortest path tree operation 117 Restrict...

Page 7: ...Configuration commands 138 Show commands 141 MIB 143 Disabling the directed broadcasts 143 Disabling replies to broadcast ping requests 143 Disabling all ICMP unreachable messages 144 Disabling ICMP redirects 144 IP interfaces 144 IP tables and caches 144 ARP cache table 144 ARP cache 145 IP route table 145 Routing paths 145 Administrative distance 145 IP forwarding cache 146 IP route exchange pro...

Page 8: ...tocol RIP 169 Overview of RIP 169 Configuring RIP parameters 169 Enabling RIP 169 Enabling RIP on the routing switch and entering the RIP router context 170 Enabling IP RIP on a VLAN 171 Configuring a RIP authentication key 171 Changing the RIP type on a VLAN interface 171 Changing the cost of routes learned on a VLAN interface 171 Configuring for redistribution 172 Modifying default metric for re...

Page 9: ...Png 194 Additional commands 194 VLAN VLAN ID IPv6 195 Show running config 195 Show running config vlan 196 Chapter 11 Open Shortest Path First Protocol OSPF 197 Configuring OSPF on the routing switch 197 Enabling IP routing 197 Enabling global OSPF routing 197 Changing the RFC 1583 OSPF compliance setting 198 Assigning the routing switch to OSPF areas 199 Configuring an OSPF backbone or normal are...

Page 10: ...link 219 Configuring a passive OSPF interface 220 Configuring the calculation interval 221 Viewing OSPF information 222 Viewing general OSPF configuration information 222 Viewing OSPF area information 224 Viewing OSPF external link state information 225 Viewing OSPF interface information 227 Viewing OSPF interface information for a specific VLAN or IP address 228 Viewing OSPF packet statistics for...

Page 11: ...he interface settings 261 Configuring OSPF authentication on a virtual link 261 About OSPF passive 261 About configuring shortest path first SPF scheduling 262 Graceful shutdown of OSPF routing 262 Modules operating in nonstop mode 262 OSPF equal cost multipath ECMP for different subnets available through the same next hop routes 262 Global OSPF Cost Setting 263 router ospf reference cost 264 Chap...

Page 12: ... 295 Viewing the MAC address for a routing switch 295 Configuring Option 82 296 Operating notes 298 Overview of DHCP 299 DHCP packet forwarding 299 Unicast forwarding 299 Broadcast forwarding 299 Enabling DHCP relay operation 299 Hop count in DHCP requests 300 DHCP Option 82 300 Option 82 server support 301 General DHCP Option 82 requirements and operation 301 Requirements 301 General DHCP relay o...

Page 13: ... 322 Configuring the Authentication Data Field 322 Pinging the virtual IP of a backup router 322 Enabling the response to a ping request 322 Controlling ping responses 323 Viewing VRRP ping information 323 Operational notes 327 Specifying the time a router waits before taking control of the VIP 327 Viewing VRRP configuration data 327 Viewing the VRRP global configuration 327 Viewing all VR configu...

Page 14: ... IPv6 summary 354 Error messages Track interface 355 Chapter 17 Border Gateway Protocol BGP 356 Introduction 356 Configuring BGP globally 357 Configuring a BGP routing process 357 Configuring a fixed router ID for local BGP routing process 358 Specifying the networks to be advertised by the BGP routing process 358 Adjusting BGP network timers 358 Re enabling state contained within nodes of BGP pro...

Page 15: ...rivate AS number from updates to EBGP peer 370 Acting as a route reflector for the peer 370 Shutting down the BGP peering session without removing peer configuration 370 Enabling or disabling advertisement of route refresh capability in open message 370 Synchronizing BGP IGP 371 Specifying routes to export into BGP 371 Specifying route map to be exported in or out of BGP 371 BGP path attributes 37...

Page 16: ...rocedure 400 Verification 401 BGP show routines 401 BGP solution use cases 408 Solution 1 Campus iBGP 408 Solution 2 Remote site iBGP 410 Troubleshooting BGP 410 Debug log messages 410 No BGP peer relationship established 411 Chapter 18 Bidirectional Forwarding Detection BFD 412 Commands 412 Per session command VLAN 412 Set intervals 412 Echo intervals 414 Enable BFD under OSPF 415 Enable BFD unde...

Page 17: ...way 447 Service filtering 448 Wireless printer service process 449 Wireless Printer advertising printer service 449 Host 2 queries for printers 450 iPhone 1 queries for printers 450 Limitations of the mDNS gateware and Chromecast 451 Profile and rule limit details 451 mdns enable 451 Create mDNS reflection 452 Create or delete a mDNS profile 452 rule 452 Set the specific mDNS profile for VLAN 453 ...

Page 18: ... vlan context of config where x represents the VLAN ID For example switch vlan 128 switch eth x eth x indicates the interface context of config where x represents the interface For example switch eth 48 switch Stack Stack indicates that stacking is enabled switch Stack config Stack config indicates the config context while stacking is enabled switch Stack stacking Stack stacking indicates the stac...

Page 19: ...here the feature is of use Configuring and displaying IGMP CLI show ip igmp vlan Syntax show ip igmp vlan vid Description Displays IGMP configuration for a specified VLAN or for all VLANs on the switch Example output switch config show ip igmp vlan 1 IGMP Service Protocol Info Total VLANs with IGMP enabled 30 Current count of multicast groups joined 20 VLAN ID 2 VLAN Name VLAN2 IGMP version 2 Quer...

Page 20: ...P configurations on the switch VLAN ID VLAN name IGMP enabled Querier 1 DEFAULT_VLAN Yes No 22 VLAN 2 Yes Yes 33 VLAN 3 No Yes You could use the CLI to display this data as follows Listing of IGMP configuration for all VLANs in the switch switch config show ip igmp config IGMP Service Config Control unknown multicast Yes Yes Forced fast leave timeout 0 4 Delayed flush timeout 0 0 VLAN ID VLAN Name...

Page 21: ...s switch config show ip igmp statistics IGMP Service Statistics Total VLAN s with IGMP enabled 33 Current count of multicast groups joined 21 IGMP Joined Group Statistics VLAN ID VLAN Name Total Filtered Standard Static 1 DEFAULT_VLAN 52 50 0 2 22 VLAN 2 80 75 5 0 33 VLAN 3 1100 1000 99 1 show ip igmp vlan vid Use this command to view the IGMP historical counters for a VLAN Syntax show ip igmp vla...

Page 22: ...information switch vlan 2 show ip igmp groups IGMP Group Address Information VLAN ID Group Address Expires UpTime Last Reporter Type 22 239 20 255 7 1h 2m 5s 1h 14m 5s 192 168 0 2 Filter 22 239 20 255 8 1h 2m 5s 1h 14m 5s 192 168 0 2 Standard 22 239 20 255 9 1h 2m 5s 1h 14m 5s 192 168 0 2 Static show ip igmp vlan group Syntax show ip igmp vlan vid group ip addr Example output Here is an example of...

Page 23: ... Guide for your switch You can also combine the ip igmp command with other IGMP related commands as described in the following sections vlan ip igmp Syntax vlan vid ip igmp auto port list blocked port list forward port list Used in the VLAN context specifies how each port should handle IGMP traffic Default auto NOTE Where a static multicast filter is configured on a port and an IGMP filter created...

Page 24: ...1 a2 forward a3 a4 blocked a5 a6 The following command displays the VLAN and per port configuration resulting from the above commands switch show ip igmp vlan 1 config vlan ip igmp querier Syntax no vlan vid ip igmp querier This command disables or re enables the ability for the switch to become querier if necessary The no version of the command disables the querier function on the switch The show...

Page 25: ...he command disables IGMP fast leave on the specified ports in the selected VLAN Use show running to display the ports per VLAN on which fast leave is disabled Default Enabled ip igmp forcedfastleave For information about forced fast leave see Forced fast leave IGMP on page 33 Syntax no vlan vid ip igmp forcedfastleave port list Enables IGMP forced fast leave on the specified ports in the selected ...

Page 26: ...stered IGMP streams detected on the switch Syntax igmp delayed flush time period Where leaves have been sent for IGMP groups enables the switch to continue to flush the groups for a specified period of time This command is applied globally to all IGMP configured VLANs on the switch Range 0 255 Default Disabled 0 Syntax show igmp delayed flush Displays the current igmp delayed flush setting Prevent...

Page 27: ...nclusive of the multicast address range to associate with this domain for example 234 0 0 1 If all is selected the multicast addresses in the range of 224 0 1 0 to 239 255 255 255 are included in this domain NOTE Addresses 224 0 0 0 to 224 0 0 255 are never used because these addresses are reserved for protocols high bound ip address The high boundary inclusive of the multicast address range to as...

Page 28: ...at is a proxy is not sent back out on the VLAN that the IGMP join came in on If no unicast route exists to the border router no proxy IGMP packets are sent Viewing the IGMP proxy data Syntax show igmp proxy entries domains vlans Shows the currently active IGMP proxy entries domains or VLANs Showing active IGMP proxy entries switch config show igmp proxy entries Total number of multicast routes 2 M...

Page 29: ...s and multicast traffic is generated by one or more servers inside or outside of the local network Switches in the network that support IGMP can then be configured to direct the multicast traffic to only the ports where needed If multiple VLANs are configured you can configure IGMP on a per VLAN basis Enabling IGMP allows detection of IGMP queries and report packets used to manage IP multicast tra...

Page 30: ...sses in the range of 224 0 0 0 to 239 255 255 255 Also incoming IGMP packets intended for reserved or well known multicast addresses automatically flood through all ports except the port on which the packets entered the switch Number of IP multicast addresses allowed The number of IGMP filters addresses and static multicast filters available is 2 038 Additionally 16 static multicast filters are al...

Page 31: ...o the network The multicast group specified in the join request is determined by the requesting application running on the IGMP client When a networking device with IGMP enabled receives the join request for a specific group it forwards any IP multicast traffic it receives for that group through the port on which the join request was received When the client is ready to leave the multicast group i...

Page 32: ... IGMP Depending on the switch model fast leave is enabled or disabled in the default configuration On switches that do not support data driven IGMP unregistered multicast groups are flooded to the VLAN rather than pruned In this scenario fast leave IGMP can actually increase the problem of multicast flooding by removing the IGMP group filter before the Querier has recognized the IGMP leave The Que...

Page 33: ...ple even if all of the devices on port A6 in the figure belong to different VLANs fast leave does not operate on port A6 Default enabled IGMP operation solves the delayed leave problem Fast leave IGMP is enabled by default When fast leave is disabled and multiple IGMP clients are connected to the same port on an IGMP device switch or router if only one IGMP client joins a given multicast group the...

Page 34: ...ueriers on the same VLAN so multicast traffic is only flooded on interfaces that contain queriers that are on the same VLAN as the multicast traffic On switch bootup all VLANs that are IGMP enabled are guaranteed one multicast filter You can always reboot the switch to recreate this configuration where each IGMP enabled VLAN has a multicast filter NOTE Joined multicast traffic continues to be forw...

Page 35: ...rts connected to a querier for any VLAN In the following example igmp filter unknown mcast has been configured The multicast traffic only goes to the querier on the same VLAN as the multicast server Table 4 Multicast filter table on distribution switch VLAN ID Member Ports 100 1 Table Continued Chapter 2 Multimedia traffic control with IP multicast IGMP 35 ...

Page 36: ...lticast Status Disabled To display information about IGMP multicast filtering by interface use the show ip igmp command IGMP proxy forwarding When a network has a border router connecting a PIM SM domain to a PIM DM domain the routers that are completely within the PIM DM domain have no way to discover multicast flows in the PIM SM domain When an IGMP join occurs on a router entirely within the PI...

Page 37: ...rward joins from VLAN 1 toward Border Router 2 as is VLAN 4 on Routing Switch 3 2 Configure VLAN 2 on Routing Switch 2 to forward joins toward Border Router 1 3 When the host connected in VLAN 1 issues an IGMP join for multicast address 235 1 1 1 the join is proxied by Routing Switch 1 onto VLAN 2 and onto VLAN 4 The routing information table in Routing Switch 1 indicates that the packet to Border...

Page 38: ...for multicasts to arrive from different border routers based on the shortest path back to the source of the traffic The configured domain names must be associated with one or more VLANs for which the proxy joins are to be done All routers in the path between the edge router receiving the initial IGMP packets and the border router have to be configured to forward IGMP using IGMP proxy All upstream ...

Page 39: ...ce in the VLAN such as a multicastrouter to act as Querier Although the switch automatically ceases Querier operation in an IGMP enabled VLAN if it detects another Querier on the VLAN you can also use the switch s CLI to disable the Querier capability for that VLAN NOTE A Querier is required for proper IGMP operation For this reason if you disable the Querier function on a switch ensure that there...

Page 40: ...0 0 x 232 0 0 x 224 128 0 x 232 128 0 x 225 0 0 x 233 0 0 x 225 128 0 x 233 128 0 x 226 0 0 x 234 0 0 x 226 128 0 x 234 128 0 x 227 0 0 x 235 0 0 x 227 128 0 x 235 128 0 x 228 0 0 x 236 0 0 x 228 128 0 x 236 128 0 x 229 0 0 x 237 0 0 x 229 128 0 x 237 128 0 x 230 0 0 x 238 0 0 x 230 128 0 x 238 128 0 x 231 0 0 x 239 0 0 x 231 128 0 x 239 128 0 x 1 X is any value from 0 to 255 NOTE With aliasing li...

Page 41: ...ceptance of multicast MAC addresses in the IP multicast address range in ARP requests and replies Default Disabled Example Switch config ip arp mcast replies IGMPv3 The Internet Group Management Protocol IGMP is used by IPv4 systems hosts and routers to report their IP multicast group membership to any neighboring multicast routers This chapter is to describe version 3 of IGMP Version 1 specified ...

Page 42: ... version 3 DUT 2 config no vlan 60 ip igmp querier In the preceding figure DUT 1 becomes the igmpv3 querier Client 1 start receiving multicast traffic for group 235 6 6 6 from source 60 0 0 100 and client 2 start receiving multicast traffic for group 235 6 6 6 from source 60 0 0 200 NOTE If multiple igmp version devices are available in the network the igmp querier device must have the lower versi...

Page 43: ...gmp Options last member query interval Sets the time interval that the querier waits to receive a response from members to a group specific query message It also specifies the amount of time between successive group specific query messages the default value is 1 second query max response time Sets the time interval to wait for a response to a query the default value is 10 seconds robustness Sets t...

Page 44: ...Sets the interval in seconds between IGMP queries the default is 125 ip igmp query max response time Syntax ip igmp query max response time no ip igmp query max response time Parameters 10 128 The number of seconds to wait for a response to a query the default value is 10 The no version resets the value to its default value of 10 seconds ip igmp robustness Syntax ip igmp robustness no ip igmp robu...

Page 45: ...Active Group Addresses Tracking Vers Mode Uptime Expires 235 6 6 6 Filter 3 INC 0m 3s 4m 17s 235 6 6 7 Filter 3 EXC 0m 3s 4m 16s Sample configuration is as shown switch vlan 60 show run Running configuration JL253A Configuration Editor Created on release WC 16 02 0000x Ver 0d 13 ef 7c 5f fc 6b fb 9f fc f3 ff 37 ef 09 hostname switch name module 1 type jl253a igmp lookup mode ip snmp server communi...

Page 46: ...ers Mode Uptime Expires 235 6 6 6 Filter 3 INC 1m 38s 4m 13s 235 6 6 7 Filter 3 EXC 1m 38s 4m 19s show ip igmp vlan group This command is used to show IGMP group information for a VLAN Syntax show ip igmp vlan vid group Example output Below is the output when version is set to 3 Port and source ipv4 address options are introduced under group The following output captures the details of these optio...

Page 47: ...rt Mode Uptime Expires Configured Mode 1 INC 2m 38s 3m 13s auto Usage errors Error condition Error message Attempt to pass a nonexistent group ipv4 address Group address is not found show ip igmp vlan group source This command is used to show IGMP group source information for a VLAN Syntax show ip igmp vlan vid group ip4 addr source ip4 addr Example output Below is the output when version is set t...

Page 48: ...Expires Timer Timer Timer Forwarded Blocked 1 3 INC 8m 53s 3m 24s 0m 0s 1 0 Group Address 235 6 6 6 Source Address 60 0 0 100 Source Type Filter Port Mode Uptime Expires Configured Mode 1 INC 8m 54s 3m 23s auto show ip igmp vlan counters This command is used to show IGMP counters for a VLAN Syntax show ip igmp vlan vid counters Example output Below is the output when version is set to 3 switch vla...

Page 49: ...ve 0 Membership Timeout 0 show ip igmp vlan statistics This command is used to show IGMP statistics for a VLAN Syntax show ip igmp vlan vid statistics Example output Below is the output when version is set to 3 switch vlan 60 show ip igmp vlan 60 statistics IGMP Statistics VLAN ID 60 VLAN Name VLAN60 Number of Filtered Groups 2 Number of Standard Groups 0 Number of Static Groups 0 Total Multicast ...

Page 50: ...ig This command is used to show the IGMP configuration for a VLAN Syntax show ip igmp vlan vid config Example output Below is the output when version is set to 3 switch vlan 60 show ip igmp vlan 60 config IGMP Service VLAN Config VLAN ID 60 VLAN NAME VLAN60 IGMP Enabled No Yes Querier Allowed Yes No IGMP Version 2 3 Strict Mode No Last Member Query Interval Seconds 1 1 Querier Interval 125 125 Que...

Page 51: ... vid group Example output switch show ip igmp vlan 60 group IGMP ports and group information for group 235 6 6 6 VLAN ID 60 VLAN Name VLAN60 Group Address 235 6 6 6 Last Reporter 10 255 128 1 Group Type Filter V1 V2 Filter Sources Sources Port Vers Mode Uptime Expires Timer Timer Timer Forwarded Blocked 1 3 INC 15m 47s 2m 44s 0m 0s 1 0 Group Address 235 6 6 6 Source Address 60 0 0 100 Source Type ...

Page 52: ...load This command is used to reset IGMP on all interfaces when error state is displayed Syntax igmp reload Example output IGMP application is in Error State as System Resources are exhausted Traffic will flood Please disable IGMP on all VLANs or Issue the Command igmp reload to take it out of Error Refer to your product manual for information on IGMP resource consumption this is the ouput for igmp...

Page 53: ...ables or disables IP multicast routing on the routing switch IP routing must be enabled before enabling multicast routing using the command ip routing Default Disabled Enabling or disabling PIM at the global level placing the CLI in the PIM context Syntax router pim enable no router pim Enables or disables PIM at the global level and places the CLI in the PIM context IP routing and IP multicast ro...

Page 54: ...ng switch s software MRT is full routing resources for active flows are exhausted Default Disabled NOTE In this state the routing switch does not accept any additional flows Configuring PIM in the Global and PIM context In Figure 12 Bandwidth conservation in switches with PIM DM state refresh on page 74 the 1 routing switch is directly connected to the multicast sources for the network For this ex...

Page 55: ...IM interface on page 67 PIM VLAN interface configuration context Enabling multicast routing on the VLAN interface to which the CLI is currently set Syntax ip pim dense no ip pim dense NOTE Set the IP address in the VLAN prior to configuring PIM vlan vid ip pim dense no vlan vid ip pim dense Enables multicast routing on the VLAN interface to which the CLI is currently set The no form disables PIM o...

Page 56: ...kets to inform neighboring routers of its presence The routing switch also uses this setting to compute the hello hold time which is included in hello packets sent to neighbor routers hello hold time tells neighbor routers how long to wait for the next hello packet from the routing switch If another packet does not arrive within that time the router removes the neighbor adjacency on that VLAN from...

Page 57: ...rval 1 10 vlan vid ip pim dense graft retry interval 1 10 Graft packets result when a downstream router transmits a request to join a flow The upstream router responds with a graft acknowledgment packet If the graft ack acknowledgement is not received within the time period of the graft retry interval it resends the graft packet The command graft retry interval 1 10 changes the interval in seconds...

Page 58: ...delay 250 2000 ip pim dense override interval 500 6000 vlan vid ip pim dense override interval 500 6000 A routing switch sharing a VLAN with other multicast routers uses these two values to compute the lan prune delay setting for how long to wait for a PIM DM Join after receiving a prune packet from downstream for a particular multicast group Defaults propagation delay 500 milliseconds override in...

Page 59: ...hold the routing switch does not forward the packet Changing this parameter on a routing switch requires knowledge of the TTL setting of incoming multicast packets A value that is too high can allow multicast traffic to go beyond your internal network A value that is too low may prevent some intended hosts from receiving the desired multicast traffic Default 0 forwards multicast traffic regardless...

Page 60: ...a source address for multicast routing on these other VLANs In this example the multicast source transmits packets with a TTL time to live of 192 To prevent these packets from moving beyond routers 2 and 3 you would configure the TTL in the downstream routers below routers 2 and 3 at 190 It is not necessary to configure the TTL on routers 1 3 Video Server Note the common subnet instance in multine...

Page 61: ... 38 10 1 ip rip 10 38 11 1 ip pim dense ip addr 10 38 10 1 exit Note Dashedlinesindicateconfiguration settings affecting multicast routing Multinetting and IGMP enabled in VLAN 25 Multicast Routing Configuration for Global Level Enables IP routing required for multicast routing Indicatesthesource IP addressformulticastpackets forwarded on this VLAN Multicast Routing Configuration for VLAN 25 Multi...

Page 62: ...ce on which the router receives the multicast flow Showing the route entry data on the 2 routing switch The next figure displays the show ip mroute output on the 2 routing switch shown in Figure 9 Multicast network with a multinetted VLAN on page 60 This case illustrates two multicast groups from the same multicast source switch config show ip mroute IP Multicast Route Entries Total number of entr...

Page 63: ...ing switch is receiving datagrams for the current multicast group This value is 0 0 0 0 if the routing switch has not detected the upstream next hop router s IP address This field is empty if the multicast server is directly connected to the routing switch VLAN The interface on which the router receives the multicast flow Up Time Sec The elapsed time in seconds since the routing switch learned the...

Page 64: ...e multicast routers contend to determine the path to the multicast source When this value differs between routers PIM selects the router with the lowest value If Metric Pref is the same between contending multicast routers then PIM selects the router with the lowest Metric value to provide the path for the specified multicast traffic Different vendors assign differing values for this setting Asset...

Page 65: ...aces on a router where there are connected PIM DM neighbors and or joined hosts If there are ultimately no receivers for the flow downstream the flow will be pruned back to the originator router This prune state is maintained on all PIM DM routers by state refresh message sends by the originator and corresponding prune replies from downstream routers However if a prune reply is not received i e th...

Page 66: ...ce VLAN When a neighbor adjacency expires and that neighbor was the last one on the interface multicast data and state refresh packets will no longer be sent out that interface Receipt of a periodic PIM hello message from the neighboring PIM router resets this timer to the hold time value stored in the hello message If the ip addr is specified then detailed information for the specified neighbor i...

Page 67: ...cast network with a multinetted VLAN switch config show ip pim interface 29 PIM Interface VLAN 29 IP Address 10 29 30 1 Mode dense Hello Interval sec 30 Hello Delay sec 5 Graft Retry Interval sec 3 Max Graft Retries 2 Override Interval msec 2500 Lan Prune Delay Yes Propagation Delay msec 500 Lan Delay Enabled No SR TTL Threshold 2 State Refresh Capable No Table 7 PIM interface configuration settin...

Page 68: ...erval 500 6000 Propagation delay msec 500 vlan vid ip pim dense propagation delay 250 2000 SR TTL threshold router hops 0 vlan vid ip pim dense ttl threshold 0 255 LAN prune delay Yes vlan vid ip pim dense lan prune delay LAN delay enabled No Shows Yes if all multicast routers on the current VLAN interface enabled LAN prune delay Otherwise shows No State refresh capable N A Indicates whether the V...

Page 69: ...the path for the specified multicast traffic Different vendors assign differing values for this setting Assert Timer The time remaining until the routing switch ceases to wait for a response from another multicast router to negotiate the best path back to the multicast source If this timer expires without a response from any contending multicast routers the routing switch assumes it is the best pa...

Page 70: ...lue decrements until Reset by a state refresh packet originating from the upstream multicast router The upstream multicast router issues state refresh packets for the current group as long as it either continues to receive traffic for the current flow or receives state refresh packets for the current flow from another upstream multicast router Reset by a new flow for the current multicast group on...

Page 71: ...ed on information provided by the unicast routing tables PIM sets up a distribution tree for the multicast traffic The PIM DM and PIM SM protocols on the switches enable and control multicast traffic routing IGMP provides the multicast traffic link between a host and a multicast router running PIM DM or PIM SM IGMP and either PIM DM or PIM SM must be enabled on VLANs whose member ports have direct...

Page 72: ...st group address destination but may reach many hosts in different subnets depending on which hosts have issued joins for the same multicast group PIM routes the multicast traffic for a particular S G pair on paths between the source unicast address and the VLANs where it is requested by joins from hosts connected to those VLANs Physical destinations for a particular multicast group can be hosts i...

Page 73: ...rk use one or more multinetted VLANs there must be at least one subnet common to all routers on the VLAN This is necessary to provide a continuous forwarding path for the multicast traffic on the VLAN See PIM VLAN interface configuration context on page 55 Multicast flow management This section provides details on how the routing switch manages forwarding and pruned flows This information is usefu...

Page 74: ...andwidth for other uses NOTE Some vendors multicast routers do not offer the state refresh feature In this case PIM DM must periodically advertise an active multicast group to these devices by repeating the flood prune cycle on the paths to such routers For better traffic management in multicast intensive networks where some multicast routers do not offer the state refresh feature you may want to ...

Page 75: ...outing c Router PIM and any non default global PIM settings you want to apply d Router RIP Router OSPF and or a static route 3 If you selected RIP or OSPF in step 2 enable the same option on each VLAN where you want multicast routing to operate 4 Enable the following in each VLAN context where you want multicast routing to operate a IP RIP or IP OSPF b IP PIM c Any non default VLAN level IP PIM se...

Page 76: ... distributed trunking consistency parameters global feature feature Shows all the feature options available in command dhcp snooping Display DHCP snooping peer consistency details igmp Display IGMP peer consistency details loop protect Display Loop protect peer consistency details mld Display MLD peer consistency details PIM DM Display PIM DM peer consistency details Show distributed trunking Loca...

Page 77: ...al feature pim dm PIM DM Enabled VLANs on Local 20 30 PIM DM Enabled VLANs on Peer 20 30 Show distributed trunking PIM DM enabled show distributed trunking consistency parameters global Local Peer Peer config unavailable Image Version KB 15 16 0000x KB 15 16 0000x IP Routing Enabled Disabled Peer keepalive interval 1000 0 PIM DM Support Enabled Enabled IGMP enabled VLANs on Local IGMP enabled VLAN...

Page 78: ...ot supported NOTE If the switch platforms do not match an error message will return similar to inconsistent criteria Operating notes PIM DM operating rules The routing switch supports 2046 multicast flows in hardware See Flow capacity on page 79 The multicast routing table MRT that PIM DM creates allows up to 128 outbound VLANs at any given time PIM DM supports multicast routing across 128 VLANs 1...

Page 79: ...utomatically removes the PIM configuration for that VLAN Troubleshooting Symptom Noticeable slowdown in some multicast traffic If the switch is supporting more than 1022 active flows this generates the message Unable to learn HW IP multicast groups table FULL in the Event Log because there is no room in the hardware MRT to add another multicast group Software will route any multicast packets sent ...

Page 80: ...iving router May also occur if a connected router is disconnected then reconnected Bad TTL in State Refresh pkt from IP source ip addr counter The switch detected a TTL of 0 zero in the PIM portion of a state refresh packet This is not the IP TTL Failed alloc of HW alpha str for flow multicast address source address dup msg cnt There are more than 2046 active flows The switch routes the excess thr...

Page 81: ...moving some VLANs to another router Free up system resources by disabling another feature such as one of the spanning tree protocols or either the RIP or the OSPF routing protocol Unless you are using static routes you will need to retain a minimum of one unicast routing protocol Another option that may help is to reduce the number of configured QoS filters Move some hosts that create multicast de...

Page 82: ...cvd text str pkt with bad len from ip addr counter A peer router may be sending incorrectly formatted PIM packets Rcvd hello from ip address on vid vlan id counter Indicates a misconfiguration where two routers are directly connected with different subnets on the same connected interface Rcvd pkt from rtr ip address unkwn pkt type value counter A packet received from the router at ip address is an...

Page 83: ... was sent The message indicates the failure type the packet type and the VLAN ID on which the packet was sent Unable to alloc text str table counter The router was not able to create some tables PIM DM uses Indicates that the router is low on memory resources Remedies include one or more of the following Reduce the number of configured VLANs by moving some VLANs to another router Free up system re...

Page 84: ...re memory for a flow Router memory is oversubscribed Reduce the number of VLANs or the number of features in use Remedies include one or more of the following Reduce the number of configured VLANs by moving some VLANs to another router Free up system resources by disabling another feature such as one of the spanning tree protocols or either the RIP or the OSPF routing protocol Unless you are using...

Page 85: ...ipMRouteInterfaceHCOutMcastOctets ipMRouteBoundaryTable ipMRouteBoundaryEntry ipMRouteBoundaryIfIndex ipMRouteBoundaryAddress ipMRouteBoundaryAddressMask ipMRouteBoundaryStatus OBJECT TYPE ipMRouteScopeNameTable ipMRouteScopeNameEntry ipMRouteScopeNameAddress ipMRouteScopeNameAddressMask ipMRouteScopeNameLanguage ipMRouteScopeNameString ipMRouteScopeNameDefault ipMRouteScopeNameStatus Chapter 3 PI...

Page 86: ... a C RP to the BSR for the current domain This step includes the option to allow the C RP to be a candidate for either all possible multicast groups or for up to four multicast groups and or ranges of groups Use the command rp candidate source ip vlan vid group addr group mask Optional Use the command rp address ip addr group addr group mask to statically configure the router as the RP for a speci...

Page 87: ...tion Enable or disable PIM traps Default disabled Configuring PIM SM on the router Global configuration context for supporting PIM SM Before configuring specific PIM SM settings it is necessary to enable IP routing IP multicast routing an IP routing protocol and PIM in the global configuration context Also if the router operates as an edge router for any end points receivers expected to join multi...

Page 88: ...IM The no router pim command deletes the PIM configuration Default Disabled enable Enables PIM globally disable Disables PIM globally Disabling PIM does not delete the PIM configuration Configuring for PIM support at the global level Using the topology shown in the following figure router B is directly connected to the DR for multicast group X In this case suppose that you want to globally configu...

Page 89: ...n be configured as a C BSR or a C RP Enabling or disabling IGMP in a VLAN IGMP must be enabled in VLANs on edge routers where multicast receivers end points are connected and will be requesting to join multicast groups Syntax no ip igmp no vlan vid ip igmp Enables or disables IGMP operation in the current VLAN Configuring IGMP on the router is required in VLANs supporting edge router operation Ena...

Page 90: ... hold time tells neighbor routers how long to wait for the next hello packet from the router If another packet does not arrive within that time the router removes the neighbor adjacency on that VLAN from the routing table which removes any flows running on that interface Shortening the hello interval reduces the hello hold time This changes how quickly other routers will stop sending traffic to th...

Page 91: ...rune delay setting Uses the no form of the command to disable the LAN prune delayoption Default Enabled Changing the Lan prune delay interval Syntax ip pim sparse propagation delay 250 2000 vlan vid ip pim sparse propagation delay 250 2000 ip pim sparse override interval 500 6000 vlan vid ip pim sparse override interval 500 6000 A router sharing a VLAN with other multicast routers uses these two v...

Page 92: ...ntext PIM SM support must be configured in each VLAN where you want PIM SM forwarding of multicast traffic This illustrates the following per VLAN configuration steps Enabling PIM SM on VLAN 120 and allowing the default any option to select a source IP address for PIM SM packets forwarded from this VLAN Because the VLAN in this example is configured with only one IP address 120 10 10 2 it is this ...

Page 93: ... disables the router from being a BSR candidate if this option has been enabled See the BSR candidate command below Enabling or disabling a BSR Candidate Enable or disable BSR candidate operation on a router Syntax bsr candidate no bsr candidate router pim bsr candidate no router pim bsr candidate Disables or re enables the router for advertising itself as a Candidate BSR on the VLAN interface spe...

Page 94: ...alue specifies the length number of significant bits taken into account when allocating this distribution A longer hash mask length results in fewer multicast groups in each block of group addresses assigned to the various RPs Because multiple blocks of addresses are typically assigned to each C RP this results in a wider dispersal of addresses and enhances load sharing of the multicast traffic of...

Page 95: ... operation in the following way Specify the VLAN interface from which the RP IP address will be selected for advertising the router as an RP candidate NOTE Only one VLAN on the router can be configured for this purpose at any time Enable the router as an RP candidate Specify the multicast groups for which the router is a CRP Default Disabled NOTE When executed without specifying a multicast group ...

Page 96: ...st octet are wildcards 228 0 0 64 32 Defines a single multicast address of 228 0 0 64 There are no wildcards in this group prefix 228 0 0 64 25 Creates an error condition caused by the mask failing to include the last rightmost nonzero bit in the lowest order nonzero octet That is this mask supports an address of 228 0 0 128 but not 228 0 0 64 NOTE The larger the mask the smaller the range of mult...

Page 97: ...orting RP before assuming that it has become unavailable Syntax rp candidate hold time 30 255 Changes the hold time a C RP includes in its advertisements to the BSR Also if C RP is configured but disabled this command re enables it Default 150 seconds Range 30 255 seconds Changing a C RP s election priority This priority is significant when multiple C RPs in a given domain are configured to suppor...

Page 98: ...terval in seconds at which periodic PIM SM join prune messages are to be sent on the router s PIM SM interfaces This setting is applied to every PIM SM interface on the router Default 60 seconds NOTE All routers in a PIM SM domain should have the same join prune interval setting Changing the shortest path tree SPT operation Generally using the SPT option eliminates unnecessary levels of PIM SM tra...

Page 99: ...ut override the C RP has precedence over a static RP configured for the same multicast group s Configuring PIM SM support in the router PIM context This example assumes the following IP routing IP multicast routing and at least one routing method RIP OSPF and or static IP routes are already configured in the global configuration context An IP routing method RIP or OSPF and PIM sparse are already c...

Page 100: ...port with override Note The static RP takes precedence over the C RP for multicast groups in the range of 231 128 64 0 18 because the mask configured for the static RP meets the criteria of being either equal to or greater than the mask configured for the same group in the C RP For example if the mask for the static RP was 17 or less the override would not take effect even though configured and th...

Page 101: ...F overrides can be specified NOTE These static RPF override entries are not distributed The manually configured static multicast RPF override is restored on subsequent reboots The command is executed in PIM context rpf override no rpf override source ip addr mask length rpf ip addr Add edit or delete up to eight RPF override entries The multicast RPF override has a multicast source address source ...

Page 102: ... Specifying the source parameter to troubleshoot misconfigurations switch pim show ip pim rpf override source 10 1 1 1 Static RPF Override Multicast Source RPF IP Address 10 1 1 1 32 11 2 2 1 Displaying PIM route data The commands in this section display multicast routing information on packets sent from multicast sources to IP multicast groups detected by the routing switch Listing basic route da...

Page 103: ... Expire Time sec 292 Multicast Routing Protocol PIM SM Unicast Routing Protocol connected Showing intermediate PIM router Flows show their adjacent PIM neighbor towards the source switch config show ip mroute IP Multicast Route Entries Total number of entries 2 Group Address Source Address Neighbor VLAN 239 255 12 42 10 0 0 10 20 0 0 1 20 239 255 255 255 10 0 0 10 20 0 0 1 20 Showing new RP specia...

Page 104: ...does not expire When other PIM SM routers or locally connected hosts are no longer interested in an active flow the related mroute on a DR moves to a blocking state and an mroute in this state does not expire either In both cases the mroute is only removed from the system when it is no longer needed and so the displayed value for expire time in these situations is not meaningful For an mroute on a...

Page 105: ...st flow are receiving datagrams Pruned The router has not detected any joins from the current multicast flow and is not currently forwarding datagrams in the current VLAN Forwarding The router has received a join for the current multicast flow and is forwarding datagrams in the current VLAN Up Time sec Indicates the elapsed time in seconds since the router learned the displayed information about t...

Page 106: ...e sec 0 Expire Time sec 0 Multicast Routing Protocol PIM SM Unicast Routing Protocol Metric 0 Metric Pref 0 Assert Timer 0 RP tree No Downstream Interfaces VLAN State Up Time sec Expire Time sec Listing all VLANs having currently active PIM flows Syntax show ip mroute interface vid This command displays exactly the same output as the command show ip pim interface vid See Listing currently configur...

Page 107: ... to disable SPT operation See Changing the shortest path tree SPT operation on page 98 Traps Enables the following SNMP traps neighbor loss Sends a trap if a neighbor router is lost all Enables all of the above traps none No traps are set Output with PIM enabled switch config show ip pim PIM Global Parameters PIM Status Enabled State Refresh Interval sec 60 Join Prune Interval sec 60 SPT Threshold...

Page 108: ... 9 PIM interface configuration settings Field Default Control command VLAN N A vlan vid ip pim IP N A vlan vid ip pim all ip addr Mode dense n a PIM Dense only Hello interval sec 300 ip pim hello interval 5 30 Hello delay 5 The router includes this value in the Hello packets that it sends to neighbor routers Neighbor routers use this value to determine how long to wait for another Hello packet fro...

Page 109: ...a These commands enable listings of either all PIM neighbors the router detects or the data for a specific PIM neighbor Syntax show ip pim neighbor Lists PIM neighbor information for all PIM neighbors connected to the router IP Address Lists the IP address of a neighbor multicast router VLAN Lists the VLAN through which the router connects to the indicated neighbor Up Time Shows the elapsed time d...

Page 110: ...ec 678 Expire Time sec 93 DR Priority 1 Display pending join requests Use the show ip pim pending command to display the pending joins on a PIM router A pending join can be an IGMPv2 join host join or PIM G or S G join PIM router joins PIM SM only received by a router for which there is no active multicast flow to satisfy the received join This aids in determining what flows are being requested on...

Page 111: ... Displaying BSR data The router provides BSR information through both IP PIM and the running configuration Displaying BSR status and configuration Syntax show ip pim bsr Lists the identity configuration and time data of the currently elected BSR for the domain plus the BSR candidate configuration the C RP configuration and the supported multicast groups on the current router Figure 17 Listing BSR ...

Page 112: ...tries configured on any router in the domain To view the static RP set information for any static RPs configured on a particular router you must access the CLI of that specific router Syntax show ip pim rp set learned static Without options this command displays the multicast group support for both the learned C RP assignments and any statically configured RP assignments learned Displays only the ...

Page 113: ... 150 Displaying only the static RP set data applies to current router only switch config show ip pim rp set static Status and Counters PIM SM Static RP Set Information Group Address Group Mask RP Address Override 231 100 128 255 255 255 255 255 100 10 10 1 Yes Displaying C RP data Displaying the router s C RP status and configuration Syntax show ip pim rp candidate config rp candidate Lists the cu...

Page 114: ...andidate RP Full C RP configuration listing Listing non default C RP configuration settings The show running command includes the current non default C RP configuration settings on the router Figure 19 Non default C RP configuration listing 114 Aruba 3810 5400R Multicast and Routing Guide for ArubaOS Switch 16 08 ...

Page 115: ...SM can be used to reduce the effect of multicast traffic flows in network areas where they are not needed And because PIM SM does not automatically flood traffic it is a logical choice in lower bandwidth situations PIM SM features PIM SM on the switches covered in this guide include Routing protocol support PIM uses whichever IP unicast routing protocol is running on the router These can include R...

Page 116: ...e multicast traffic delivery within a PIM SM domain From a pool of eligible DR candidates in each VLAN one DR is elected for each VLAN interface having at least one PIM SM router In a multinetted domain this DR supports multicast traffic from a source on any subnet in the VLAN From a pool of eligible BSR candidates in the domain one BSR is elected for the entire domain From a pool of eligible C RP...

Page 117: ...multicast source and the multicast receiver In this case when the edge router begins receiving group traffic from the multicast source through the SPT it sends a prune message to the RP tree to terminate sending the requested group traffic on that route This results in entries for both the RP path and the STP in the routing table When completed the switchover from the RPT to a shorter SPT can redu...

Page 118: ...ns when enabling PIM SM DT To enable PIM SM DT configure PIM SM and DT in the same VLAN PIM SM DT is not supported on a switch with v1 modules The command no allow v1 modules can be used to disable any v1 modules Since there can be multiple combinations of DT and PIM SM configured in multiple VLANs PIM SM DT feature should be enabled on the first combination of PIM SM DT in same VLAN and disabled ...

Page 119: ...VLAN configuration for that router If it is necessary to prevent a router from operating as a DR on a given VLAN disable DR operation by configuring the DR priority as zero 0 BSR Before a DR can forward encapsulated packets for a specific multicast group to an RP it must know which router in the domain is the elected RP for that multicast group The BSR function enables this operation by doing the ...

Page 120: ... unavailable in the domain RP Instead of flooding multicast traffic as is done with PIM DM PIM SM uses a set of multiple routers to operate as RPs Each RP controls multicast traffic forwarding for one or more multicast groups as follows Receives traffic from multicast sources S via a DR Receives multicast joins from routers requesting multicast traffic Forwards the requested multicast traffic to t...

Page 121: ... identifies the multicast groups the RP is enabled to support If multiple C RPs have group prefixes configured so that any of these RPs can support a given multicast group then the following criteria are used to select the RP to support the group Procedure 1 The C RP configured with the longest group prefix mask applicable to the multicast group is selected to support the group Step 2 of this proc...

Page 122: ...Ps for all multicast groups unless there is a need to ensure that a specific group or range of groups is always supported by the same routing switch See Static RP static RP on page 122 Redundant Group Coverage Provides Fault Tolerance If a C RP elected to support a particular multicast group or range of groups becomes unavailable the router is excluded from the RP set If the multicast group config...

Page 123: ...c RP configuration options override enabled on the static RP A group mask on the static RP that equals or exceeds the group mask on the C RP for the same multicast group s For override configuration information see Statically configuring an RP to accept multicast traffic on page 98 Operating rules for static RPs Static RPs can be configured on the same routers as C RPs Where a C RP and a static RP...

Page 124: ...ndancy in case an RP becomes unavailable If the C RP supporting a particular multicast group becomes unavailable another C RP is elected to support the group as long as there is redundancy in the C RP configuration for multiple routers Note that is cases where routers are statically configured to support a specific group or range of groups the C RP prioritization mechanism allows for redundant sup...

Page 125: ... ospf enable If desired configure static routes to the destination subnets Use ip route dest ip address mask bits next hop ip addr Per VLAN PIM SM configuration These steps configure PIM SM in the VLAN interface context for each VLAN configured on the router switch vlan vid _ Procedure 1 Enable IGMP Use ip igmp Repeat this action on every router and switch having membership in the VLAN NOTE You ca...

Page 126: ...s that you leave the PIM SM traffic control settings at their default settings You can then assess performance and make configuration changes when needed 4 Option Change one or more of the traffic control settings for the pim sparse of a given VLAN on which PIM SM is enabled Note that some VLAN context control settings apply to both PIM SM and PIM DM Features accessed in VLAN vid pim sparse contex...

Page 127: ...dvertise as the BSR Candidate and enable the router to advertise itself as a candidate BSR in a PIM SM domain Use bsr candidate source ip vlan vid 2 Option To make NSR candidate selection occur quickly and predictably set a different priority on each BSR candidate in the domain Use bsr candidate priority 3 Do one of the following to configure RP operation a Recommended Enable C RP operation and co...

Page 128: ...or a multicast group Configuring only one router in a domain as an RP for supporting traffic for a specific multicast group eliminates support redundancy for that group In this case if that router becomes unavailable the group will be excluded from the domain Excluding multicast groups If all of the C RPs and static RPs if any in a domain are configured to exclude some multicast groups or ranges o...

Page 129: ...IP addresses acquired through DHCP PIM SM operation requires statically configured IP addresses and does not operate with IP addresses acquired from a DHCP server Chapter 4 PIM SM Sparse Mode 129 ...

Page 130: ... IP addresses see the Management and Configuration Guide for your switch Viewing the IP route table The IP route table is displayed by entering the CLI command show ip route from any context level in the console CLI Here is an example of an entry in the IP route table Increasing ARP age timeout CLI The address resolution protocol ARP age is the amount of time the switch keeps a MAC address learned...

Page 131: ...nfig file You can also view the value of the ARP age timer in the configuration file The ip arp age 1000 value is shown in bold below switch config show running config Running configuration J9091A Configuration Editor Created on release K 15 XX hostname 8200LP module 2 type J8702A module 3 type J8702A module 4 type J8702A ip default gateway 15 255 120 1 ip arp age 1000 snmp server community public...

Page 132: ... enable OSPF operation For more information on the router ID see IP global parameters for routing switches on page 146 and Changing the router ID on page 150 Changing the router ID Syntax ip router id ip addr The ip addr can be any valid unique IP address switch config ip router id 209 157 22 26 NOTE You can specify an IP address used for an interface on the routing switch but do not specify an IP...

Page 133: ... context for example switch config vlan 1 Then enter the command to enable local proxy ARP switch vlan 1 ip local proxy arp Syntax no ip local proxy arp Enables the local proxy ARP option You must be in VLAN context to execute this command When enabled on a VLAN the switch responds to all ARP requests received on the VLAN ports with its own hardware address The no option disables the local proxy A...

Page 134: ...t traffic ARP throttle monitors ARP packet traffic as described above and also drops ARP packets received from blacklisted clients Non default ARP throttle settings persist when ARP throttle is disabled ip arp throttle enable This command enables or disables ARP throttle operation for monitoring or filtering of ARP packets received by the switch from other devices Default disabled Enabling ARP thr...

Page 135: ...me 600 ip arp throttle threshold Specifies the number of ARP packets per five second period that the switch can receive from another device Default 30 Exceeding this rate places the source device on the blacklist If the switch is configured to filter ARP packets as described for remediation mode page yy then the ARP packets received from blacklisted devices are dropped Syntax ip arp throttle thres...

Page 136: ...Remediation Mode Filter Threshold pkt 30 Blacklist Age sec 300 Excluded MAC List 001018 0158c8 01555d c95d0a Clients in Blacklist 3 Clients Being Tracked 190 Restore the client having the MAC address 001018 0158c8 to IP ARP throttling and then use show ip arp throttle to view the result in the Excluded MAC List switch config no ip arp throttle exclude mac 001018 0158c8 switch config show ip arp th...

Page 137: ...Restarts the counters from zero if the ip arp throttle remediation mode setting is changed NOTE If a failover occurs on a 5400R switch the switch maintains the blacklist status of any currently blacklisted clients However the current list of tracked clients is cleared and restarted Identifying blacklisted and restored clients The switch event log records an entry when ip arp throttle blacklists a ...

Page 138: ...ding unnecessary administrative overhead IP directed broadcasts would only be forwarded if permitted by the associated access list An implicit deny at the end of an access list drops all IP directed broadcasts that are not authorized according to the access list entries NOTE IP routing must be enabled on the switch for this feature to work CLI commands The optional association of access list with ...

Page 139: ...access list extended wol acl 10 permit ip 192 168 1 10 0 0 0 0 182 168 1 1 0 0 0 255 exit ip directed broadcast access group wol acl ip routing snmp server community public unrestricted oobm ip address dhcp bootp exit vlan 1 name DEFAULT_VLAN no untagged 1 23 24 untagged 2 22 25 26 ip address dhcp bootp exit vlan 10 name VLAN10 untagged 1 ip address 192 168 1 1 255 255 255 0 exit vlan 20 name VLAN...

Page 140: ...ACL which is associated with IP Directed Broadcast and on attempt an error message will be shown to user The same ACL wol acl can be applied to any other interface like VLAN port and tunnel wol acl entries ip access list extended wol acl 10 permit ip 192 168 1 1 255 255 255 0 182 168 1 1 55 255 255 0 20 deny ip 172 168 1 1 255 255 255 0 162 168 1 1 255 255 255 0 Exit 140 Aruba 3810 5400R Multicast...

Page 141: ...rected Broadcast ACL switch show statistics aclv4 wol acl ip directed broadcast HitCounts for ip directed broadcast ACL wol acl Total 0 10 permit ip 192 168 1 1 255 255 255 0 182 168 1 1 55 255 255 0 0 20 deny ip 172 168 1 1 255 255 255 0 162 168 1 1 255 255 255 0 Clear command The hit count statistics for ACL on IP directed broadcast can be cleared using clear command Syntax clear statistics aclv...

Page 142: ...show access list ip directed broadcast switch show access list ip directed broadcast Access Lists for IP Directed Broadcast IPv4 wol acl Type Extended If user uses already existing show access list ACL_NAME STR command the status of ACL on IP Directed Broadcast will be shown applied as in this example below switch sh access list wol acl Access Control Lists Name wol acl Type Extended Applied Yes S...

Page 143: ...ensitive An empty string indicates that no access list is associated with the IP directed broadcast feature This object can be configured only when the value of the object hpicfDBroadcastFwdEnable is set to enable Disabling the directed broadcasts switch config no ip directed broadcast Disabling replies to broadcast ping requests By default devices are enabled to respond to broadcast ICMP echo pac...

Page 144: ...cannot configure 192 168 1 1 24 and 192 168 1 2 24 on the same routing switch You can configure multiple IP addresses on the same VLAN The number of IP addresses you can configure on an individual VLAN interface is 32 You can use any of the IP addresses you configure on the routing switch for Telnet Web management or SNMP access as well as for routing NOTE All devices support configuration and dis...

Page 145: ...no router hops to the destination Static route which is a user configured route Route learned through RIP Route learned through OSPF Administrative distance The IP route table contains the best path to a destination When the software receives paths from more than one of the sources listed above the software compares the administrative distance of each path and selects the path with the lowest admi...

Page 146: ...e interval depends on the number of entries in the table The age timer ranges from 12 seconds full table to 36 seconds empty table Entries are aged only if they are not being used by traffic If you have an entry that is always being used in hardware it will never age If there is no traffic it will age in 12 to 36 seconds The age timer is not configurable NOTE You cannot add static entries to the I...

Page 147: ...etwork The router sends the IP address of a device in the ARP request and receives the device s MAC address in an ARP reply Enabled Configuring ARP parameters on page 151 ARP age The amount of time the device keeps a MAC address learned through ARP in the device s ARP cache The device resets the timer to zero each time the ARP entry is refreshed and removes the entry if the timer reaches the ARP a...

Page 148: ... for your switch Directed broadcast forwarding A directed broadcast is a packet containing all ones or in some cases all zeros in the host portion of the destination IP address When a router forwards such a broadcast it sends a copy of the packet out each of its enabled IP interfaces You also can enable or disable this parameter on an individual interface basis See IP interface parameters for rout...

Page 149: ...rding method broadcast or multicast Hold time Maximum advertisement interval Minimum advertisement interval Router preference level Disabled A 21 A 159 Static route An IP route you place in the IP route table No entries A 25 Default network route The router uses the default network route if the IP route table does not contain a route to the destination Enter an explicit default route 0 0 0 0 0 0 0...

Page 150: ...rameters Some parameters can be configured globally and overridden for individual VLAN interfaces Other parameters can be configured on individual VLAN interfaces NOTE For IP configuration information when routing is not enabled see the Management and Configuration Guide for your switch Configuring IP addresses You can configure IP addresses on the routing switch s VLAN interfaces For more informa...

Page 151: ...evice s interface when the routing switch knows the IP address of the interface ARP is enabled by default and cannot be disabled How ARP works A routing switch needs to know a destination s MAC address when forwarding traffic because the routing switch encapsulates the IP packet in a Layer 2 packet MAC layer packet and sends the Layer 2 packet to a MAC interface on a device directly attached to th...

Page 152: ...nder so all devices that receive the request learn the MAC address and IP address of the sender and can update their own ARP caches accordingly NOTE The ARP request broadcast is a MAC broadcast which means the broadcast goes only to devices that are directly attached to the routing switch A MAC broadcast is not routed to other networks However some routers including routing switches can be configu...

Page 153: ...cted broadcast is an IP broadcast to all devices within a single directly attached network or subnet A net directed broadcast goes to all devices on a given network A subnet directed broadcast goes to all devices within a given subnet NOTE A less common type the all subnets broadcast goes to all directly attached subnets Forwarding for this broadcast type also is supported but most networks use IP...

Page 154: ... subnet of the packet is directly connected to the device but the host specified in the destination IP address of the packet is not on the network Network The device cannot reach the network specified in the destination IP address of the packet Port The destination host does not have the destination TCP or UDP port specified in the packet In this case the host sends the ICMP Port Unreachable messa...

Page 155: ...te is added to the routing table as soon as a route to the gateway address is learned dest ip addr mask bits The route destination and network mask length for the destination IP address Alternatively you can enter the mask itself For example you can enter either 10 0 0 0 24 or 10 0 0 0 255 255 255 0 for a route destination of 10 0 0 0 255 255 255 0 next hop ip addr This IP address is the gateway f...

Page 156: ...P set destination metric distance name name str Assigns a name to a static route The no form of the command deletes the specified route for the specified destination next hop pair 156 Aruba 3810 5400R Multicast and Routing Guide for ArubaOS Switch 16 08 ...

Page 157: ...nfiguring Names for Static Routes for IPv4 Figure 25 Output Displaying Names of Static Routes Figure 26 Output for a Specified Named Static Route Figure 27 Detailed Output of Named Static Routes Chapter 6 Static Routing 157 ...

Page 158: ...e FE80 127 exists For a tunnel it would be FE80 127 tun3 blackhole Specifies a null route where IP traffic for the specified destination is discarded and no ICMP error notification is returned to the sender reject Specifies a null route where IP traffic for the specified destination is discarded and an ICMP error notification is returned to the sender metric Specifies an integer value that is asso...

Page 159: ...uring Names for Static Routes for IPv6 Figure 29 Output for Unnamed Static Routes in IPv6 Figure 30 Output for Named Static Routes in IPv6 Figure 31 Output for a Specified Named Static Route in IPv6 Chapter 6 Static Routing 159 ...

Page 160: ...gured static routes Configuring the default route You can also assign the default route and enter it in the routing table The default route is used for all traffic that has a destination network not reachable through any other IP routing table entry For example if 208 45 228 35 is the IP address of your ISP router all non local traffic could be directed to the ISP by entering this command switch c...

Page 161: ...the interface is in RIP If RIP is enabled the routing switch can learn about routes from the advertisements other RIP routers send to the routing switch If the RIP route has a lower administrative distance than any other routes from different sources to the same destination the routing switch places the route in the IP route table OSPF See RIP but substitute OSPF for RIP Default route This is a sp...

Page 162: ...5 6 15 is reachable through port A2 and assumes that local interfaces within that subnet are on the same port Routing switch A deduces that IP interface 207 95 7 188 is also on port A2 The software automatically removes a static route from the route table if the next hop VLAN used by that route becomes unavailable When the VLAN becomes available again the software automatically re adds the route t...

Page 163: ...ges Commands ip route Within the config context Syntax ip route IP ADDR MASK LENGTH blackhole logging ipv6 route IPV6 ADDR MASK LENGTH blackhole logging Description Configures the debug logging for a static blackhole route for either IPv4 or IPv6 Options logging Allows the packets received on the blackhole route to be logged When logging is enabled on the switch for blackhole routes the debug logs...

Page 164: ...P address 20 20 20 2 switch config no ip route 20 20 20 2 32 blackhole no ipv6 route 2001 2 128 blackhole Disable debug logging for the blackhole route with destination IPv6 address switch config no ipv6 route 2001 2 128 blackhole ip route 20 20 20 0 24 blackhole logging Enable debug logging for IPv4 blackhole route 20 20 20 0 Switch config ip route 20 20 20 0 24 blackhole logging ipv6 route 2001 ...

Page 165: ...figuration in the configuration tree and enables logging for any debug type The command sys debug ip fib blackhole will enable the command debug ip fib blackhole automatically See example below Parameters blackhole Configures blackhole debug logging for persistence Usage no sys debug ip fib blackhole no sys debug ipv6 fib blackhole sys debug ip fib blackhole Stack switch name config show debug Deb...

Page 166: ... mac address 5cb901 26c880 exit hostname Stack switch name sys debug ip fib blackhole sys debug ipv6 fib blackhole sys debug destination buffer no rest interface Modifying existing commands no sys debug FILTER TYPE FILTER OPTIONS Syntax sys debug FILTER TYPE FILTER OPTIONS no sys debug FILTER TYPE FILTER OPTIONS Description Used to configure the type of messages displayed in the log Options Filter...

Page 167: ...ng switch config no sys debug ip fib blackhole Show commands enhancement show ip route Syntax show ip route Description Show if logging is enabled for the blackhole route show ip route Switch show ip route IP Route Entries Destination Gateway VLAN Type Sub Type Metric Dist 20 20 20 2 32 blackhole static 1 1 show ipv6 route show ipv6 route Destination Gateway T ST Distance Metric 2001 2 128 blackho...

Page 168: ...e 2001 2 128 blackhole logging Restrictions No support for web UI No support for dynamic blackhole routes No support for sampling or time interval based logging All packets matching the blackhole route would be logged Performance and scale impact not considered 168 Aruba 3810 5400R Multicast and Routing Guide for ArubaOS Switch 16 08 ...

Page 169: ...r hops may be the same but the route has an administratively higher cost and is thus less likely to be used than other lower cost routes A RIP route can have a maximum cost of 15 Any destination with a higher cost is considered unreachable Although limiting to larger networks the low maximum hop count prevents endless loops in the network The switches support the following RIP types Version 1 V1 c...

Page 170: ...es all protocol specific information from the global context and interface context All protocol parameters are set to default values NOTE The no router rip command also disables RIP routing If you disable RIP the switch retains all the configuration information for the disabled protocol in flash memory If you subsequently restart RIP the existing configuration will be applied The auto summary form...

Page 171: ... have the echo of the secret typing replaced with asterisks The input for key string is prompted for interactively For more information see the Access Security Guide for your switch Changing the RIP type on a VLAN interface When you enable RIP on a VLAN interface RIPv2 only is enabled by default You can change the RIP type to one of the following on an individual VLAN interface basis Version 1 onl...

Page 172: ...ommand prevents any routes with a destination address that is included in the range specified by the address mask pair from being redistributed by RIP NOTE Do not enable redistribution until you have configured the redistribution filters Otherwise the network might become overloaded with routes that you did not intend to redistribute Example To configure the switch to filter out redistribution of ...

Page 173: ... did not intend to redistribute Syntax no router rip redistribute connected static ospf route map name Enables redistribution of the specified route type to the RIP domain static Redistribute from manually configured routes connected Redistribute from locally connected networks ospf Redistribute from OSPF routes route map name Optionally specify the name of a route map to apply during redistributi...

Page 174: ... will appear similar to the following General RIP information listing switch config show ip rip RIP global parameters RIP protocol enabled Auto summary enabled Default Metric 4 Distance 120 Route changes 0 Queries 0 RIP interface information IP Address Status Send mode Recv mode Metric Auth 100 1 0 1 enabled V2 only V2 only 5 none 100 2 0 1 enabled V2 only V2 only 5 none 100 3 0 1 enabled V2 only ...

Page 175: ... of RIP on the VLAN interface Send mode Format of the RIP updates RIP 1 RIP 2 or RIP 2 version 1 compatible Recv mode The switch can process RIP 1 RIP 2 or RIP 2 version 1 compatible update messages Metric Path cost a measurement used to determine the best RIP route path 1 is the best 15 is the worst 16 is unreachable Auth RIP messages can be required to include an authentication key if enabled on...

Page 176: ...ation for 100 4 0 1 IP Address 100 4 0 1 Status enabled Send Mode V2 only Recv mode V2 only Metric 1 Auth none Bad packets received 0 Bad routes received 0 Sent updates 0 For definitions of the fields in see Viewing general RIP information on page 174 The RIP interface information also includes the following fields Bad packets received Number of packets that were received on this interface and wer...

Page 177: ...llowing fields are displayed IP address IP address of the RIP peer neighbor Bad routes The number of route entries that were not processed for any reason Last update timeticks How many seconds have passed since the routing switch received an update from this peer neighbor To show the RIP peer information for a specific peer with IP address 100 1 0 100 enter show ip rip peer 100 1 0 100 Example of ...

Page 178: ...show ip rip restrict command at any context level Example of show IP rip restrict output switch show ip rip restrict RIP restrict list IP Address Mask 192 0 2 0 255 255 255 0 The display shows if any routes identified by the IP Address and Mask fields are being restricted from redistribution The restrict filters are configured by the router rip restrict command See Configuring for redistribution o...

Page 179: ...rs Parameter Description Default RIP version The version of the protocol that is supported on the interface The version can be one of the following Version 1 only Version 2 only Version 1 or Version 2 V2 only metric A numeric cost the routing switch adds to RIP routes learned on the interface This parameter applies only to RIP routes 1 IP address The routes that a routing switch learns or advertis...

Page 180: ...nto RIP the routing switch can use RIP to advertise the route to its RIP neighbors To configure redistribution perform the following tasks Procedure 1 Configure redistribution filters to permit or deny redistribution for a route based on the destination network address or interface optional 2 Enable redistribution Defining RIP redistribution filters Route redistribution imports and translates diff...

Page 181: ...gns a cost of 16 infinity or unreachable to a route before advertising it on the same interface as the one on which the routing switch learned the route This is the default These loop prevention methods are configurable on an individual VLAN interface basis NOTE These methods are in addition to RIP s maximum valid route cost of 15 Chapter 8 Routing Information Protocol RIP 181 ...

Page 182: ...D5 is the standard authentication algorithm for RIPv2 It provides a greatly enhanced probability that a system being attacked will detect and ignore hostile messages Figure 33 MD5 use case diagram Configuration commands Configure MD5 authentication for RIPv2 and MD5 keychain for RIPv2 interfaces by using the following commands Syntax no ip rip authentication type none text md5 Enable disable or co...

Page 183: ...configuration command This is a VLAN context command that can be entered in a VLAN context or following the vlan vlan id command No authentication for RIP interfaces is the default configuration md5 auth key chain Set the RIP MD5 authentication key chain maximum 32 characters Using MD5 auth key chain switch vlan 10 ip rip md5 auth key chain NOTE simpleand none authentication is supported on all RI...

Page 184: ...uthentication will fail If the md5 auth key chain is configured but authentication type not set to MD5 the authentication will fail If the authentication type MD5 is configured and the md5 auth key chain is already configured the MD5 authentication will begin working If the md5 auth key chain is configured but the authentication type set to MD5 the MD5 authentication will begin working When the MD...

Page 185: ...nt date and time or time needs to be sync with the SNTP server Error messages Configuring MD5 authentication for RIP v1 or RIP v1 or v2 interface switch vlan 10 ip rip v1 only switch vlan 10 ip rip authentication type md5 Only RIPv2 interfaces support MD5 authentication switch vlan 10 ip rip v1 or v2 switch vlan 10 ip rip authentication type md5 Only RIPv2 interfaces support MD5 authentication Con...

Page 186: ...nfiguration for imported routesUpdates the metric for imported routes based on the value configured Router ripng default metric for routes imported from protocols other than RIPng vlan id ipv6 ripng metric for routes received from other RIPng peer Configuration of RIPng timers update timeout and garbage collect Update timer defines interval between update messages Timeout timer defines route aging...

Page 187: ...on context use the following commands to configure enable disable a RIPng setting Enable Disable RIPng global Syntax router ripng enable disable Description From within the configuration context enable RIPng globally or disable RIPng globally Configure a RIPng setting Syntax router ripng no router ripng Description From within the configuration context configure a RIPng setting or enter RIPng cont...

Page 188: ...protocol Options connected Redistribute locally connected networks ospf3 Redistribute OSPFv3 routes static Redistribute manually configured routes include all Include blackhole and reject routes NOTE Include all option is only for static routes route map Redistribute a route map NOTE Route map option comes only after we specify the protocol static connected ospf3 Usage no redistribute connected ro...

Page 189: ...ge router ripng timers garbage collect 5 65535 router ripng timers timeout 5 65535 router ripng timers update 5 65535 Enable Disable RIPng traps Syntax router ripng trap Description Enable Disable RIPng traps Options Traps are generated as the result of finding an unusual condition while parsing an RIPng packet or a processing a timer event If more than one type of unusual condition is encountered...

Page 190: ...v6 ripng no ipv6 ripng Description Enables disables configures the RIPng protocol for IPv6 on the interface The argument no disables or disconfigures RIPng on the interface Options enable Enable RIPng on the VLAN metric Set the metric for the interface poison reverse Enable Disable poison reverse Show commands If RIPng is not configured on the switch any show commands related to RIPng are executed...

Page 191: ...120 HP 3810M 24GT 1s config Show IPv6 ripng interface Syntax show ipv6 ripng interface Description Displays basic config interface and peer information as shown below Options VLAN Specify the VLAN of the interface requesting detailed information VLAN ID Enter a VLAN identifier or a VLAN name Usage show ipv6 ripng interface vlan VLAN ID RIPng interface information switch config show ipv6 ripng RIPn...

Page 192: ...b23 ccff fef4 fc40 0 30 NOTE Since RIPng does not have an active peering mechanism this command shows only those RIPng peers from which a route was taken and added to the routing table For example if two peers advertise the same route s with the same metric only one of them will be shown as peer Show IPv6 RIPng redistribute Syntax show ipv6 ripng redistribute Description List the protocols that ar...

Page 193: ...Png Traps Enabled RIPng Traps Enabled Interface State Change Interface Configuration Error Interface Bad Packet Receive Error Show IPv6 route RIPng Syntax show ipv6 route ripng Description Show the IPv6 routing table The output can be restricted to a specific destination or type of route Options IPv6 ADDR The destination IPv6 address for which to display the routes Usage show ipv6 route IPv6 ADDR ...

Page 194: ...Protocol Active Routes Connected 5 Ripng 4000 Debug commands Debug IPv6 RIPng Syntax debug ipv6 ripng Description Enable debug messages for RIPng Options database Show RIPng database changes events Show RIPng events trigger Show RIPng trigger messages Usage debug ipv6 ripng database events trigger Additional commands Following CLI commands are enhanced to accommodate RIPng 194 Aruba 3810 5400R Mul...

Page 195: ...ayer 3 routing protocols Options show running config router bgp Show the running configuration for bgp show running config router ospf Show the running configuration for ospf show running config router ospf3 Show the running configuration for OSPFv3 show running config router rip Show the running configuration for RIP show running config router ripng Show the running configuration for RIPng show r...

Page 196: ...s the IPv6 ripng vlan configuration along with other vlan specific configuration show running config vlan switch config show running config vlan 15 vlan 15 name VLAN15 tagged Trk10 no ip address ipv6 enable ipv6 address 3005 10 64 ipv6 ripng enable 196 Aruba 3810 5400R Multicast and Routing Guide for ArubaOS Switch 16 08 ...

Page 197: ...onfiguration level to enable OSPF on the routing switch and to enter the OSPF router context This enables you to proceed with assigning OSPF areas including area border router ABR and autonomous system boundary router ASBR configuration and to modify OSPF global parameter settings as needed The enable form of the command enables OSPF routing and the disable form of the command disables OSPF routin...

Page 198: ... on page 258 Syntax no rfc1583 compatibility Executed at the global configuration level to toggle routing switch operation compliance between RFC 1583 and RFC 2328 rfc1583 compatibility Configures the routing switch for external route preference rules compliant with RFC 1583 no rfc1583 compatibility Configures the routing switch for external route preference rules compliant with RFC 2328 Default C...

Page 199: ...r whole number or dotted decimal format The routing switch automatically converts whole numbers to the dotted decimal format For example if you enter an area ID of 1 it appears in the switch s configuration as 0 0 0 1 and an area ID of 256 appears in the switch configuration as 0 0 1 0 An area ID can be a value selected to match the IP address of a VLAN belonging to the area or a value correspondi...

Page 200: ...t used In the default configuration a routing switch acting as an ABR for a stub area or NSSA injects type 3 summary routes into the area For an NSSA the routing switch also injects a type 7 default route into the area no summary Where the routing switch is an ABR for a stub area or an NSSA this option reduces the amount of link state advertisement LSA traffic entering the area from the backbone b...

Page 201: ...uting switch to the state where injection of type 3 summary routes and the type 7 default external routes is enabled with metric type set to type2 Default Enabled with metric type type2 NOTE Different routers in the NSSA can be configured with different metric type values Examples The following examples of configuring a stub area and an NSSA on a routing switch use an arbitrary cost of 10 Figure 3...

Page 202: ...rea you must also assign the new subnet to an area If all subnets in the VLAN should be assigned to the same area just execute ip ospf area ospf area id But if different subnets belong in different areas you must explicitly assign the new subnet to the desired area Also to assign a VLAN to an OSPF area the VLAN must be configured with at least one IP address Otherwise executing this command result...

Page 203: ...he area assignment ip ospf lo ipaddress Specifies the loopback interface by its IP address to assign to a configured OSPF area area ospf area id Identifies the OSPF area to which the loopback interface is assigned You can enter a value for the OSPF area in the format of an IP address or a number in the range 0 to 4 294 967 295 Example To assign user defined loopback interface 3 on the switch to ar...

Page 204: ...bution on page 205 Example Assigning loopback IP addresses to OSPF areas The loopback IP address 13 3 4 5 of loopback 2 is advertised only in OSPF area 0 0 0 111 The IP addresses 14 2 3 4 and 15 2 3 4 of loopback 1 are advertised in all OSPF areas The lines in bold below show that the IP address of loopback interface 2 is assigned to OSPF area 111 switch config interface loopback 1 switch lo 1 ip ...

Page 205: ...nds switch config router ospf restrict 10 0 0 0 8 NOTE In the default configuration redistribution is permitted for all routes from supported sources Enabling route redistribution This step enables ASBR operation on a routing switch and must be executed on each routing switch connected to external routes you want to redistribute in your OSPF domain The basic form of the redistribute command redist...

Page 206: ... metric 0 16777215 Globally assigns the cost metric to apply to all external routes redistributed by the ASBR By using different cost metrics for different ASBRs you can prioritize the ASBRs in your AS Default 10 Example To assign a default metric of 4 to all routes imported into OSPF on an ASBR enter the following commands switch switch config router ospf default metric 4 Modifying the redistribu...

Page 207: ...Defines the range of route advertisements to either summarize for injection into the backbone area or to prevent from being injected into the backbone area The ip addr value specifies the IP address portion of the range and mask length specifies the leftmost significant bits in the address The ABR for the specified area compares the IP address of each outbound route advertisement with the address ...

Page 208: ...ecified then the range will advertise the specified cost as the cost of the summarized route Assigning a cost The cost parameter provides a way to define a fixed user assigned cost of an LSA type 3 summarized prefix Setting a summary cost to an area This example shows how to set the summary cost to 100 for area 10 with an address range of 10 10 0 0 16 switch ospf area 10 range 10 10 0 0 16 type su...

Page 209: ...can be a normal or stub area or an NSSA switch ospf area 30 range 10 0 0 0 8 switch ospf area 30 range 10 0 0 0 8 type summary Defining a range of internal routes to block from advertising to the backbone For the same range of routes you can use either of the following commands to block injection of a range of summary routes type 3 LSAs from area 30 into the backbone switch config area 30 range 10...

Page 210: ...ra area 1 255 Changes the administrative distance for routes within OSPF areas Default 110 range 1 255 Changing OSPF trap generation choices Optional OSPF traps defined by RFC 1850 are supported on the routing switches OSPF trap generation is disabled by default but you can use the following command to enable generation of any or all of the supported OSPF traps Syntax no trap trap name all Used in...

Page 211: ...et virtual interface retransmit packet ospfVirtlfTxRetransmit Example Enabling OSPF traps If you wanted to monitor the neighbor state change and interface receive bad packet traps you would use the following commands to configure the routing switch to enable the desired trap The show command verifies the resulting OSPF trap configuration switch ospf trap neighbor state change switch ospf trap inte...

Page 212: ...t interfaces in the VLAN ip ospf dead interval 1 65535 Assigns the specified dead interval to all networks configured on the VLAN ip ospf ip address dead interval 1 65535 Assigns the specified dead interval to the specified subnet on the VLAN ip ospf all dead interval 1 65535 Assigns the specified dead interval to all networks configured on the VLAN Operates the same as the ip ospf dead interval o...

Page 213: ...s the same as the ip ospf priority option Default 1 range 0 255 Changing retransmit interval per interface Syntax ip ospf ip address all retransmit interval 0 3600 Used in the VLAN context to enable changing the retransmission interval for LSAs on an interface Allows different settings for different subnet interfaces in the VLAN ip ospf priority 1 255 Assigns the specified retransmit interval to a...

Page 214: ...u wanted to quickly reconfigure per interface OSPF settings for VLAN 30 such as those listed below you could use the commands shown in Figure Figure 36 Reconfiguring per interface settings in a multinetted VLAN on page 214 Assign a cost of 5 to the two subnets in area 1 and a cost of 10 to the subnet in area 5 Assign a dead interval of 45 seconds to the subnets in area 1 and retain the default set...

Page 215: ... of the command shown in the next syntax description It is not necessary to disable the currently configured OSPF password Default Disabled Configuring OSPF MD5 authentication Syntax ip ospf md5 auth key chain chainname string no ip ospf ip address authentication Used in the VLAN interface context to configure MD5 authentication for all interfaces in the VLAN or for a specific subnet The MD5 authe...

Page 216: ...link connection area id This must be the same for both ABRs in the link and is the area number of the virtual link transit area in either decimal or dotted decimal format ip address On an ABR directly connected to the backbone area this value must be the IP address of an ABR in the same area needing a virtual link to the backbone area as a substitute for a direct physical connection On the ABR tha...

Page 217: ...r default settings or reconfigure as needed see Changing the dead interval on a virtual link on page 217 Changing the dead interval on a virtual link For more information see Adjusting virtual link performance by changing the interface settings on page 261 Syntax area area id virtual link ip address dead interval 1 65535 Used in the router OSPF context on both ABRs in a virtual link to change the ...

Page 218: ...P address of the interface on the opposite end of the virtual link See the description of ip address in the syntax description under Configuring a virtual link on page 216 Use show ip ospf virtual link ip address to view the current setting Changing the retransmitting interval on a virtual link Syntax area area id virtual link ip address retransmit interval 1 3600 Used in the router OSPF context o...

Page 219: ...rtual links within a network on page 217 to 60 seconds On routing switch A IP address 10 0 0 1 you would use the following command to reconfigure the current hello interval to 60 seconds switch ospf area 1 virtual link 209 157 22 1 hello interval 60 On routing switch C IP address 209 157 22 1 you would use the following command to reconfigure the current hello interval to 60 seconds switch ospf ar...

Page 220: ...d form of the command It is not necessary to disable the currently configured OSPF MD5 authentication Default Disabled Configuring a passive OSPF interface For more information see About OSPF passive on page 261 Enter this command in VLAN context switch vlan 1 ip ospf passive Syntax ip ospf ip addr passive no ip ospf ip addr passive Configures passive OSPF for an AS ip addr Optionally you can conf...

Page 221: ...ions during periods of network topology changes SPF calculations occur at the interval set by the spf throttle command This command is executed in ospf context Default 5 seconds start interval 1 600 Specifies the initial SPF schedule delay in seconds wait interval 1 600 specifies the amount of time to wait until the next SPF calculation occurs in seconds max wait time 1 600 Specifies the maximum t...

Page 222: ...reater than the current event 110 seconds The SPF timer is scheduled to run after 7 seconds The current SPF wait time is doubled to 20 seconds If any topology event occurs during the dynamic wait interval SPF is scheduled according to the formula Last SPF current dynamic wait interval time of occurrence of the event The dynamic wait interval keeps doubling until the max wait time is reached If the...

Page 223: ...tion J8693A Configuration Editor Created on release K 15 07 0000x Ver 01 2f 2e hostname switch module 1 type J86yyA module 2 type J86xxA vlan 1 name DEFAULT_VLAN untagged 1 4 7 48 A1 A4 ipv6 address fe80 2 link local ip address dhcp bootp ipv6 enable no untagged 5 6 exit power over ethernet pre std detect router ospf spf throttle start interval 3 wait interval 3 max wait time 500 exit snmp server ...

Page 224: ...ernal LSAs currently in the routing switch s link state database External LSA Checksum Sum Sum of the checksums of all external LSAs currently in the routing switch s link state database quick check for whether database is in sync with other routers in the routing domain Originate New LSA Count Count of the number of times this switch has originated a new LSA Receive New LSA Count Count of the num...

Page 225: ...se for this area Chksum Hex Sum of the checksums of all LSAs currently in the area s link state database This value can be compared to the value for other routers in the area to verify database synchronization Example show ip ospf area output switch config show ip ospf area OSPF Area Information Area ID Type Cost SPFR ABR ASBR LSA Checksum 0 0 0 0 normal 0 1 0 0 1 0x0000781f 192 147 60 0 normal 0 ...

Page 226: ...using the link state id or sequence number options sequence number integer Subset option to filter displayed external link state data to show LSAs with the specified sequence number Can also be filtered by using the link state id or router id options link state id ip addr Subset option to filter displayed external link state data to show LSAs with the specified ID only Can also be filtered by usin...

Page 227: ...or disabled Whether OSPF is currently enabled on this interface Area ID The ID of the area that this interface is in State The current state of the interface The value will be one of the following DOWN The underlying VLAN is down WAIT RCC The underlying VLAN is up but we are waiting to hear hellos from other routers on this interface before we run designated router election Pt to Pt When network i...

Page 228: ...assive Whether the interface sends link state advertisements LSAs to all other routers in the same Autonomous System AS Example Output for show ip ospf interface switch show ip ospf interface OSPF Interface Status IP Address Status Area ID State Auth type Cost Pri Passive 10 3 18 36 enabled 10 3 16 0 DOWN none 1 1 no 10 3 53 36 enabled 10 3 48 0 BDR none 1 1 no OSPF interface configuration Admin A...

Page 229: ...ddress of the router that has been elected DR on this interface Backup Desig Rtr IP address of the router that has been elected BDR on this interface Events Number of times the interface state has changed Passive Whether the interface sends LSAs to all other routers in the same Autonomous System AS Neighbors Number of neighbors If you use show ip ospf interface vlan vlan id the output is the same ...

Page 230: ...r Router ID Pri IP Address NbIfState State QLen Events Status 1 1 1 1 n a 10 2 1 1 n a FULL 0 6 None show ip ospf neighbor detail switch show ip ospf neighbor detail OSPF Neighbor Information for neighbor 10 2 1 2 IP Address 10 2 1 2 Router ID 2 2 2 2 State FULL Interface vlan 1 Designated Router n a Area backbone Backup Designated Router n a Priority n a Retransmit Queue Length 0 Options 0x42 Nei...

Page 231: ...ospf interface vlan vlan id ip address Displays the following information for OSPF enabled VLANs and or subnets vlan id Displays OSPF packet statistics for all subnets configured on the VLAN ip address Displays OSPF packet statistics only for a specified VLAN subnet Displaying OSPF statistics for VLAN traffic switch ospf show ip ospf statistics vlan 1 OSPF statistics for VLAN 1 OSPF Interface Stat...

Page 232: ...Tx Rx LSU Packet Count Number of link state update packets sent received on each subnet interface Tx Rx LSA Packet Count Number of link state acknowledgement packets sent received on each subnet interface OSPF errors Number of errors detected on the VLAN subnet during OSPF packet exchange Displaying OSPF statistics for subnet traffic switch ospf show ip ospf statistics 10 0 0 2 OSPF Interface Stat...

Page 233: ...uter id sequence number and or type Default All OSPF areas configured on the routing switch ospf area id Used to restrict display of LSA database or advertisements to show only the data from a specific OSPF area Can also be used with other subset options router id sequence number external link state id and or type to further define the source of displayed information link state id ip addr Used to ...

Page 234: ... switch displays an output similar to the following for all configured areas show ip ospf link state output OSPF Link State Database for Area 0 0 0 0 Advertising LSA Type Link State ID Router ID Age Sequence Checksum Router 10 0 8 32 10 0 8 32 65 0x80000281 0x0000a7b6 Router 10 0 8 33 10 0 8 33 1638 0x80000005 0x0000a7c8 Network 10 3 2 37 10 0 8 37 1695 0x80000006 0x00000443 Summary 10 3 16 0 10 0...

Page 235: ...54000000050a030e00ffffff0003000001 000202010a0008210a00082180000006a5c90024010000010a0008230a03112104000002 000102010a0008230a00082380000015755d006c010000070a030600ffffff0003000001 000202020a0302250a0008258000000702440024ffffff000a0008250a0008230a000820 000202030a0310000a00082180000008c043001cffffff0000000002 000102030a0310000a00082380000009a859001cffffff0000000001 000002030a0310000a00082480000009...

Page 236: ...dvertising Router 16 93 223 84 Link State ID 192 22 23 24 LSA Sequence 0x80000001 LSA Checksum 0x323e LSA Option Bits E 1 MC 0 N P 0 EA 0 DC 1 Network Mask 255 255 255 0 Attached Router ID 2 2 2 3 Attached Router ID 192 93 226 105 Output for show IP OSPF link state detail for summary of LSA detailed output This is an example of show ip ospf link state detail summary of LSA for AS Boundary Router s...

Page 237: ...on Bits E 1 MC 0 N P 0 EA 0 DC 1 LSA Metric 10 Network Mask 255 255 255 0 Bit E 0 External Metric Type1 Forwarding Address 0 0 0 0 External Route Tag 0 Viewing OSPF neighbor information Syntax show ip ospf neighbor ip addr To display OSPF information for all neighbors enter show ip ospf neighbor at any CLI level ip addr can be specified to retrieve detailed information for the specific neighbor on...

Page 238: ...dress of this routing switch s interface with the neighbor NbIfState The neighbor interface state The possible values are DR This neighbor is the elected designated router for the interface BDR This neighbor is the elected backup designated router for the interface blank This neighbor is neither the DR or the BDR for the interface Table Continued 238 Aruba 3810 5400R Multicast and Routing Guide fo...

Page 239: ...adjacencies EXCHANGE The switch is describing its entire link state database by sending DD packets to the neighbor Each DD packet has a DD sequence number and is explicitly acknowledged Only one DD packet can be outstanding at any time In this state link state request packets can also be sent asking for the neighbor s more recent advertisements All adjacencies in exchange state or greater are used...

Page 240: ...stribute at any CLI context level Example of output for show ip ospf redistribute switch show ip ospf redistribute OSPF redistributing Route type Status connected enabled static enabled rip enabled The display shows whether redistribution of each of the route types connected static and RIP is enabled Viewing OSPF redistribution filter restrict information As described under Configuring external ro...

Page 241: ...e same as the OSPF neighbor states Virtual neighbors should never stay in the 2WAY state IP Address IP address of the virtual neighbor that the routing switch is using to communicate to that virtual neighbor Events The number of times the virtual neighbor s state has changed Notice from the syntax statement that ip address can be specified to display detailed information for a particular virtual n...

Page 242: ...rom the syntax statement that ip address can be specified to display detailed information for a particular virtual neighbor If an area id is specified only virtual neighbors belonging to that area are shown Example To get OSPF virtual link information for IP address 10 0 8 33 enter show ip ospf virtual link 10 0 8 33 A display similar to the following is shown Output for the show ip ospf virtual l...

Page 243: ...displays The number of times that the SPF algorithm was executed for each OSPF area to which the routing switch is assigned The event that resulted in the last ten executions of the SPF algorithm on the routing switch Possible events reasons are as follows Re init OSPF was enabled or disabled on the routing switch Router LS update A router type 1 link state advertisement was received Network LS up...

Page 244: ...ason why the SPF algorithm was executed Time Time when the SPF computation began Displaying OSPF route information Syntax show ip ospf To display OSPF route and other OSPF configuration information enter show ip ospf at any CLI level Output for show IP OSPF switch show ip ospf OSPF Configuration Information OSPF protocol enabled Router ID 10 0 8 35 Currently defined areas Stub Stub Stub Area ID Ty...

Page 245: ...s information Field Description OSPF protocol enabled or disabled indicates if OSPF is currently enabled Router ID The router ID that this routing switch is currently using to identify itself Currently defined areas Area ID The identifier for this area Type The type of OSPF area normal or stub Stub Default Cost The metric for any default route we injected into a stub area if the routing switch is ...

Page 246: ...e connection the lower the cost For example a fast Ethernet interface cost is 1 and a Ethernet interface cost is 10 NOTE The remaining interface and virtual link information is the same as for the previously described OSPF show commands Viewing OSPF traps enabled In the default configuration OSPF traps are disabled Use this command to view which OSPF traps have been enabled Syntax show ip ospf tra...

Page 247: ...e current IP load sharing configuration Use the show running command to view the currently active IP load sharing configuration and show config to view the IP load sharing configuration in the startup config file While in its default configuration IP load sharing does not appear in the command output If IP load sharing is configured with non default settings disabled or configured for either two o...

Page 248: ...omous System AS summary link Describes the route to an ASBR in an OSPF normal or backbone area of the same AS Propagated through backbone area to other areas 5 AS external link Describes the route to a destination in another AS external route Originated by ASBR in normal or backbone areas of an AS and propagates through backbone area to other normal areas For injection into an NSSA ABR converts ty...

Page 249: ...y LSAs between its border areas You can reduce summary LSA flooding by configuring area ranges An area range enables you to assign an aggregate address to a range of IP addresses This aggregate address is advertised instead of all the individual addresses it represents You can assign up to eight ranges in an OSPF area In the following example routers R2 and R5 are ABRs because they both have membe...

Page 250: ... themselves DRs both priority and router ID are used to select the DR and BDRs Priority is configurable by using the vlan vid ip ospf priority 0 255 command at the interface level You can use this parameter to help bias one router as the DR For more information see Changing priority per interface on page 213 If two neighbors share the same priority the router with the highest router ID is designat...

Page 251: ... received that addresses the BDR Change in the neighbor state occurs such as Neighbor state transitions from 2 or higher Communication to a neighbor is lost Neighbor declares itself to be the DR or BDR for the first time OSPF area types OSPF is built upon a hierarchy of network areas All areas for a given OSPF domain reside in the same AS An AS is defined as a number of contiguous networks all of ...

Page 252: ... or more ABRs physically or through a virtual link and supports type 3 summary LSAs and type 5 external link LSAs to and from the backbone area ASBRs are allowed in normal areas Not so stubby area NSSA This area is available and connects to the backbone area through one or more ABRs NSSAs are intended for use where an ASBR exists in an area where you want to control the following Advertising the A...

Page 253: ...llowing Summary routes to other areas in the AS External routes to other ASs You can configure the stub area ABR to do the following Suppress advertising some or all of the area s summarized internal routes into the backbone area Suppress LSA traffic from other areas in the AS by replacing type 3 summary LSAs and the default external route from the backbone area with the default summary route 0 0 ...

Page 254: ...stination but one of the following happens A second ASBR comes on line A second ASBR that is already on line begins advertising an equivalent route to the same destination In either of these cases the switch with the higher router ID floods the AS external LSAs and the other switch flushes its equivalent AS external LSAs One of the ASBRs starts advertising a route that is no longer equivalent to t...

Page 255: ...the same destination network 21 0 9 0 24 as shown in following example Example of show ip route command output with multiple next hop routes switch show ip route IP Route Entries Destination Gateway VLAN Type Sub Type Metric Dist 1 0 0 0 8 10 0 8 1 1 static 1 1 10 0 8 0 21 DEFAULT_VLAN 1 connected 1 0 12 0 9 0 24 VLAN3 3 connected 1 0 15 0 0 0 8 10 0 8 1 1 static 1 1 21 0 9 0 24 162 130 101 2 2 os...

Page 256: ...ributes traffic across the three possible next hop routes in such a way that all traffic for a specific host is sent to the same next hop router As shown in the following figure one possible distribution of traffic to host devices is Traffic to host 10 10 0 1 passes through next hop router 12 0 9 2 Traffic to host 10 10 0 2 passes through next hop router 13 0 9 3 Traffic to host 10 10 0 3 passes t...

Page 257: ...tion when there is only one IP address configured on the VLAN or you want all subnets in the VLAN to belong to the same OSPF area b ip ospf ip address area ospf area id assigns an individual subnet to the specified area 6 Optional Assign loopback interfaces to OSPF areas by using the ip ospf area command at the loopback interface configuration level See Assigning loopback addresses to an area on p...

Page 258: ...nd determine whether any adjustments to non default settings is warranted NOTE Set global level parameters in the ospf context of the CLI To access this context level ensure that routing is enabled then execute router ospf at the global CONFIG level For example switch config router ospf switch ospf Use the VLAN interface context to set interface level OSPF parameters for the desired VLAN To access...

Page 259: ...LANs or subnets on the routing switch into different areas you need to re execute this command for each area In this case the routing switch will operate as an ABR for each of the configured areas NOTE Each ABR must either be directly connected to the backbone area 0 or be configured with a virtual link to the backbone area through another ABR that is directly connected to the backbone area See Co...

Page 260: ...ypes external inter area and intra area The switch selects one route over another based on the source of the route information To do so the switch can use the administrative distances assigned to the sources to influence route choices You can change the distance settings in the OSPF global context to enable preference of one route type over another Adjusting performance by changing the VLAN or sub...

Page 261: ...ging the interface settings Optional The OSPF interface parameters for this process are automatically set to their default values for virtual links No change to the defaults is usually required unless needed for specific network conditions These parameters are a subset of the parameters described under Adjusting performance by changing the VLAN or subnet interface settings on page 211 The cost and...

Page 262: ...ct on the saved switch configuration Prior to a switch shutdown the CLI SNMP reload command or the CLI boot command is executed to initiate the sending of OSPF empty hello list messages on the interfaces that are part of the OSPF routing configuration After a small delay approximately 2 seconds that allows the messages to be transmitted on all applicable interfaces the boot or reload command conti...

Page 263: ...ffic for different hosts on the same subnet will go through the same next hop router For example if subnet 10 32 0 0 includes two servers at 10 32 0 11 and 10 32 0 22 all traffic from router A to these servers will go through router B Global OSPF Cost Setting The OSPF cost global configuration command implements a parameter at the global level which modifies the default cost calculation The config...

Page 264: ...take precedence over the global level cost Command context Required context config Parameters ospf ospfv3 Select the correct version of OSPF 0 16777215 Specifies the global cost range for OSPF at the VLAN level Use cases Use cases for the configuration of costs automatically from global level to VLAN level 1 Verify that the globally configured cost is applied at the VLAN level when configured with...

Page 265: ...he configuration by saving the configuration write mem and rebooting the system 7 When the area is already configured for VLAN only OSPF cost will be applied Chapter 11 Open Shortest Path First Protocol OSPF 265 ...

Page 266: ...cifies a sequence number for the entry permit Permits the prefix when a successful match is made deny Denies the prefix when a successful match is made prefix prefix length Specifies an IPv4 or IPv6 network prefix and its mask length in CIDR notation For example 10 1 4 1 24 ge min length Specifies a minimum mask length of the prefix to match min length must have a value between 1 and 32 for IPv4 o...

Page 267: ...0 permit 10 1 4 1 255 255 255 0 ge 24 le 24 Sequence numbers which are optional determine the order in which prefix list entries are evaluated during match operations If you do not specify a sequence number for an entry the switch uses a number that is 5 more than the highest sequence number already used in the list For the first entry in a prefix list the default value of the sequence number is 5...

Page 268: ...nd each entry in the list not including descriptions If summary is specified the listing displays the name of the list and a summary of the entries but not the entries themselves If detail is specified the listing displays the summary information the description if it exists and the entries in the list Example In a switch that contains two prefix lists a standard display looks like this switch sho...

Page 269: ...tion see Route maps on page 275 Syntax route map name permit deny seq seq num Creates a route map and enters the route map context name Specifies the name of the route map permit Instructs the policy engine to permit the route if the match succeeds deny Instructs the policy engine to deny the route if the match succeeds seq seq num Specifies a sequence number for the route map If a sequence number...

Page 270: ... route maps are displayed All sequences of a route map are displayed For example switch config show route map Map3 Routemap information route map Map3 permit seq 10 match interface vlan 11 12 13 match metric 25 exit route map Map3 permit seq 20 match interface vlan 21 22 23 match metric 25 exit Using match commands For more information see Match commands on page 276 Matching VLANs Syntax match int...

Page 271: ...ith either an IPv4 IP or IPv6 address respectively IP addr IPv6 addr Specifies the IPv4 IP or IPv6 address respectively to match with IP addr IPv6 addr Optional additional addresses A single command can specify multiple IPv4 IP or IPv6 addresses A match succeeds if any of the addresses matches logical OR name Specifies the name of a prefix list to match the next hop against Matching route sources ...

Page 272: ...The no form of the command deletes the match clause from the sequence type 1 Matches against an OSPF external route with a type 1 metric type 2 Matches against an OSPF external route with a type 2 metric Matching source protocols Syntax match source protocol connected static rip ospf ospfv3 no match source protocol connected static rip ospf ospfv3 Matches the protocol type of the destination prefi...

Page 273: ...op address The no form of the command deletes the set clause from the sequence ip ipv6 Specifies setting either an IPv4 IP or IPv6 address respectively IP addr IPv6 addr Specifies the IPv4 IP or IPv6 address respectively to set Setting the route metric Syntax set metric value no set metric value Sets the route metric to the specified value The no form of the command deletes the set clause from the...

Page 274: ...icy provides an additional method for controlling entries in the route table This approach applies predetermined policies to define how the routing switch accepts routes from peers propagates routes to peers and redistributes routes between different protocols Route policy can often provide finer control and greater flexibility over route table entries than traditional methods Route policy is embo...

Page 275: ...route map Map1 10 At this point you are ready to enter match and set commands described below When you have finished entering match and set commands an exit command exits the route map context and returns to the general configuration context When entering match commands most allow only one command of a given type in a sequence For instance you can enter match source protocol rip or match source pr...

Page 276: ...ence number is required route map name permit deny seq seq num To create a new sequence in an existing route map that is under the same route map name use the route map command with a different sequence number Sequence numbers are significant they determine the order of evaluation of sequences in route maps the sequence with the lowest number is evaluated first Match commands The match commands de...

Page 277: ...gure 47 Network for redistribution example on page 277 is defined with simple VLANs and a basic routing configuration In the RIP domains the RIP protocol is assigned to each VLAN that a router connects to Routers in the RIP domains redistribute connected routes this is the default setting when RIP is enabled For simplicity all VLANs in the OSPF domain are assigned to the backbone area area 0 Borde...

Page 278: ...untagged A1 A18 C1 C12 exit vlan 31 name VLAN31 untagged A1 A6 ip address 10 3 31 2 255 255 255 0 exit vlan 33 name VLAN33 untagged A7 A12 ip address 10 3 33 2 255 255 255 0 exit vlan 21 name VLAN21 untagged A13 A18 ip address 10 2 21 1 255 255 255 0 exit vlan 37 name VLAN37 untagged C1 C6 ip address 10 3 37 1 255 255 255 0 exit vlan 29 name VLAN29 untagged C7 C12 ip address 10 2 29 1 255 255 255 ...

Page 279: ... has only OSPF enabled The North router enables both routing protocols but has fewer VLANs Listed below are the routing tables that result for three representative routers South A border router attached to both RIP and OSPF domains East A router within the OSPF domain Southeast A router within the RIP domain South config show ip route IP Route Entries Destination Gateway VLAN Type Sub Type Metric ...

Page 280: ...d those connected routes on the RIP side there is no inter domain communication Thus host Z can ping host X and host L but not host M or host B And host M can ping host L but not host X or host Y or host A And so on Basic inter domain protocol redistribution Route redistribution allows border routers to distribute routes between adjacent routing domains Thus the North router can redistribute route...

Page 281: ...10 1 16 x 10 2 21 x and 10 2 29 x VLANs 15 16 21 and 29 are missing Host computer M cannot ping host X because there is no route to it though it can ping through the invisible South router to host Y or host Z The problem is that those missing subnets are directly connected to the North and South border routers and directly connected routes must be explicitly redistributed with a redistribute conne...

Page 282: ...refix list Odds seq 5 permit 10 1 11 1 255 255 255 0 ge 24 le 24 ip prefix list Odds seq 10 permit 10 1 13 1 255 255 255 0 ge 24 le 24 Then matching that prefix list in a route map route map PermitOdds permit seq 10 match ip address prefix list Odds exit And finally applying that route map to the redistribution of RIP routes in the North router router ospf area backbone redistribute connected redi...

Page 283: ...10 2 21 1 21 rip 2 120 10 3 31 0 24 10 2 21 1 21 rip 2 120 10 3 32 0 24 10 2 21 1 21 rip 2 120 10 3 33 0 24 10 2 21 1 21 rip 2 120 10 3 34 0 24 10 2 21 1 21 rip 2 120 10 3 37 0 24 10 2 21 1 21 rip 2 120 127 0 0 0 8 reject static 0 0 127 0 0 1 32 lo0 connected 1 0 To not lose the even numbered routes 10 1 12 x and 10 1 14 x in the OSPF domain reinstate the original redistribution in the North route...

Page 284: ...pf External2 10 110 10 3 31 0 24 10 3 32 1 32 ospf IntraArea 2 110 10 3 31 0 24 10 3 33 2 33 ospf IntraArea 2 110 10 3 32 0 24 VLAN32 32 connected 1 0 10 3 33 0 24 VLAN33 33 connected 1 0 10 3 34 0 24 VLAN34 34 connected 1 0 10 3 37 0 24 10 3 33 2 33 ospf IntraArea 2 110 127 0 0 0 8 reject static 0 0 127 0 0 1 32 lo0 connected 1 0 However it falls short in the southern RIP domain The northern RIP ...

Page 285: ...N23 23 connected 1 0 10 2 29 0 24 10 2 21 1 21 rip 2 120 10 3 31 0 24 10 2 21 1 21 rip 2 120 10 3 32 0 24 10 2 21 1 21 rip 2 120 10 3 33 0 24 10 2 21 1 21 rip 2 120 10 3 34 0 24 10 2 21 1 21 rip 2 120 10 3 37 0 24 10 2 21 1 21 rip 2 120 127 0 0 0 8 reject static 0 0 127 0 0 1 32 lo0 connected 1 0 In addition to using route maps to filter routes you can also use them to apply properties to the rout...

Page 286: ...n the following example tags are set as the routes pass through the North router from the northern RIP domain to the OSPF domain and those tags are used for matching when the routes pass out of the OSPF domain through the South router to the southern RIP domain Establish prefix lists on the North router to separate the odd and even routes ip prefix list Odds seq 5 permit 10 1 11 1 255 255 255 0 ge...

Page 287: ...he North router It denies the even routes from the northern RIP domain and it permits the OSPF routes The route table from the Southeast router shows the results Southeast config show ip route IP Route Entries Destination Gateway VLAN Type Sub Type Metric Dist 10 1 11 0 24 10 2 21 1 21 rip 2 120 10 1 13 0 24 10 2 21 1 21 rip 2 120 10 1 15 0 24 10 2 21 1 21 rip 2 120 10 1 16 0 24 10 2 21 1 21 rip 2...

Page 288: ...ns a hold time value This value specifies the maximum amount of time the host should consider an advertisement to be valid until a newer advertisement arrives When a new advertisement arrives the hold time is reset The hold time is always longer than the maximum advertisement interval Therefore if the hold time for an advertisement expires the host can reasonably conclude that the router interface...

Page 289: ...tisement If the hold time of an advertisement expires the host discards the advertisement concluding that the router interface that sent the advertisement is no longer available The value must be greater than the value of the maxadvertinterval parameter and cannot be greater than 9000 The default is three times the value of the maxadvertinterval parameter maxadvertinterval Specifies the maximum am...

Page 290: ...s and Counters ICMP Router Discovery Protocol Global Status Disabled VLAN Name Status Advertising Min int Max int Holdtime Preference Address sec sec sec DEFAULT_VLAN Enabled multicast 450 600 1800 0 VLAN20 Enabled multicast 450 600 1800 0 VLAN30 Enabled multicast 450 600 1800 0 290 Aruba 3810 5400R Multicast and Routing Guide for ArubaOS Switch 16 08 ...

Page 291: ... DHCP Option 12 to send a hostname This feature allows you to include the hostname in the DHCP packet sent to the DHCP server This is disabled by default The command must be executed from the global configuration level Syntax dhcp host name option no dhcp host name option Sends the hostname option with DHCP packets Use the no form of the command to not include the hostname in the packet The maximu...

Page 292: ...mmand for example switch config switch config vlan 1 switch vlan 1 Syntax ip bootp gateway ip addr Allows you to configure an IP address for the DHCP relay agent to use for DHCP requests The IP address must have been configured on the interface Default Lowest numbered IP address If the IP address has not already been configured on the interface VLAN you will see the message shown in the following ...

Page 293: ...tch config vlan 1 switch vlan 1 ip helper address ip addr To remove the DHCP server helper address enter the no form of the command switch vlan 1 no ip helper address ip addr Operating notes You can configure up to 4000 IP helper addresses on a routing switch The helper addresses are shared between the DHCP relay agent and UDP forwarder feature A maximum of sixteen IP helper addresses is supported...

Page 294: ...ay hop count function only from the CLI A new MIB variable hpDhcpRelayHopCount is introduced to support SNMP management of the hop count increment by the DHCP relay agent in a switch Verifying the DHCP relay configuration Viewing the DHCP relay setting Use the show config command or show running for the running config file to display the current DHCP relay setting NOTE The DHCP relay and hop count...

Page 295: ...t Hop Count Increment Displaying hop count status switch show dhcp relay Status and Counters DHCP Relay Agent DHCP Relay Agent Enabled Yes DHCP Request Hop Count Increment Disabled Option 82 Handle Policy Replace Remote ID MAC Address Client Requests Server Responses Valid Dropped Valid Dropped 1425 2 1425 0 Viewing the MAC address for a routing switch To view the MAC address for a given routing s...

Page 296: ... MAC address of the switch on which the packet was received from the client To use the incoming VLAN s IP address or the Management VLAN IP address if configured for the remote ID instead of the switch MAC address use the ip or mgmt vlan option below drop Configures the routing switch to unconditionally drop any client DHCP packet received with existing Option 82 fields This means that such packet...

Page 297: ...IP address of the optional management VLAN configured on the routing switch Requires that a management VLAN is already configured on the switch If the management VLAN is multinetted the primary IP address configured for the management VLAN is used for the remote ID If you enter the dhcp relay option 82 command without specifying either ip or mac the MAC address of the switch on which the packet wa...

Page 298: ...will be routed to the same DHCP servers When using 802 1X on a switch a port s VLAN membership may be changed by a RADIUS server responding to a client authentication request In this case the DHCP servers accessible from the port may change if the VLAN assigned by the RADIUS server has different DHCP helper addresses than the VLAN used by unauthenticated clients Where multiple DHCP servers are ass...

Page 299: ...o the DHCP server During this process the DHCP relay agent increases the hop count by one before forwarding the DHCP message to the server A DHCP server includes the hop count from the DHCP request that it receives in the response that it returns to the client DHCP packet forwarding The DHCP relay agent on the routing switch forwards DHCP client packets to all DHCP servers that are configured in t...

Page 300: ... to append an Option 82 field to such client requests This field includes two suboptions for identifying the routing switch by MAC address or IP address and the routing switch port the client is using to access the network A DHCP server with Option 82 capability can read the appended field and use this data as criteria for selecting the IP addressing it will return to the client through the usual ...

Page 301: ...questing DHCP Option 82 support One IP helper address configured on each VLAN supporting DHCP clients General DHCP relay operation with Option 82 Typically the first primary Option 82 relay agent to receive a client s DHCP request packet appends an Option 82 field to the packet and forwards it toward the DHCP server identified by the IP helper address configured on the VLAN in which the client pac...

Page 302: ...lying the same IP addressing policy to DHCP client requests from ports in different VLANs on the same routing switch Configuring this option means the management VLAN s IP address appears in the remote ID subfield of all DHCP requests originating with clients connected to the routing switch regardless of the VLAN on which the requests originate Use the MAC address option if on a given routing swit...

Page 303: ...only five IP addressing assignments at any one time for the circuit ID port and remote ID MAC address corresponding to port 10 on the selected relay agent Similarly if you want to define specific ranges of addresses for clients on different ports in the same VLAN you can configure the server with the range of IP addresses allowed for each circuit ID port associated with the remote ID IP address fo...

Page 304: ...ider using the keep option Keep Append an Option 82 field If the relay agent receives a client request that already has one or more Option 82 fields keep causes the relay agent to retain such fields and forward the request without adding another Option 82 field But if the incoming client request does not already have any Option 82 fields the relay agent appends an Option 82 field before forwarding...

Page 305: ...add an Option 82 field and forward the request As a general guideline configure drop on relay agents at the edge of a network where an inbound client request with an appended Option 82 field may be unauthorized a security risk or for some other reason should not be allowed Multiple Option 82 relay agents in a client request path Where the client is one router hop away from the DHCP server only the...

Page 306: ...by the DHCP server In this case the DHCP policy boundary is at relay agent C In the previous two examples the boundary was with relay A Validation of server response packets A valid Option 82 server response to a client request packet includes a copy of the Option 82 fields the server received with the request With validation disabled most variations of Option 82 information are allowed and the co...

Page 307: ...remote ID and circuit ID combination that did not originate with the given relay agent append Drop the server response packet Forward server response packet to a downstream device replace or drop1 Drop the server response packet Drop the server response packet keep2 Forward server response packet to a downstream device Forward server response packet to a downstream device The server response packe...

Page 308: ... relay agent giaddr null see RFC 2131 Multinetted VLANs On a multinetted VLAN each interface can form an Option 82 policy boundary within that VLAN if the routing switch is configured to use IP for the remote ID suboption That is if the routing switch is configured with IP as the remote ID option and a DHCP client request packet is received on a multinetted VLAN the IP address used in the Option 8...

Page 309: ...l udp commands configured in VLANs on the switch Default Disabled Configuring UDP broadcast forwarding on individual VLANs This command routes an inbound UDP broadcast packet received from a client on the VLAN to the unicast or broadcast address configured for the UDP port type Syntax no ip forward protocol udp ip address port number port name Used in a VLAN context to configure or remove a server...

Page 310: ...or in the subnet at the specified broadcast address For more information on UDP port numbers refer to TCP UDP port number ranges on page 312 port name Allows use of common names for certain well known UDP port numbers You can type in the specific name instead of having to recall the corresponding number dns Domain name service 53 ntp Network time protocol 123 netbios ns NetBIOS name service 137 ne...

Page 311: ...status and configured forwardig addresses for inbound UDP broadcast traffic for all VLANs configured on the routing switch switch config show ip forward protocol IP Forwarder Addresses UDP Broadcast Forwarding Disabled VLAN 1 IP Forward Addresses UDP Port 15 75 11 43 37 15 75 11 255 53 15 75 12 255 1813 VLAN 2 IP Forward Addresses UDP Port 15 75 12 255 1812 Displaying IP forward protocol status an...

Page 312: ... Port Numbers Messages related to UDP broadcast forwarding Message Meaning udp bcast forward IP Routing support must be enabled first Appears in the CLI if an attempt to enable UDP broadcast forwarding has been made without IP routing being enabled first Enable IP routing then enable UDP broadcast forwarding UDP broadcast forwarder feature enabled UDP broadcast forwarding has been globally enabled...

Page 313: ...the configured port number will be Forwarded to a specific host if a unicast server address is configured for that port number Broadcast on the appropriate destination subnet if a subnet address is configured for that port number A UDP forwarding entry for a particular UDP port number is always configured in a specific VLAN and applies only to client UDP broadcast requests received inbound on that...

Page 314: ...roadcast packets as limited broadcasts to other subnets use the broadcast address that covers the subnet you want to reach For example if VLAN 1 has an IP address of 15 75 10 1 24 15 75 10 1 255 255 255 0 you can configure the following unicast and limited broadcast addresses for UDP packet forwarding to subnet 15 75 11 0 Forwarding destination type IP address UDP unicast to a single device in the...

Page 315: ...hese IP addresses without interruption Advantages to using VRRP include Minimizing failover time and bandwidth overhead if a primary router becomes unavailable Minimizing service disruptions during a failover Providing backup for a load balanced routing solution Addressing failover problems at the router level instead of on the network edge Avoiding the need to make configuration changes in the en...

Page 316: ...ped Default Enabled Example Enabling and displaying the global VRRP configuration The following commands enable VRRP at the global configuration level and then display the current global VRRP configuration switch config router vrrp switch config show vrrp config global VRRP Global Configuration Information VRRP Enabled Yes Traps Enabled Yes Creating a VR and entering the VR context Syntax no vrrp ...

Page 317: ...ss it becomes the owner and the priority becomes 255 For backup VRs the priority is between 1 254 Syntax virtual ip address ipv4 addr virtual ip addressipv6 addr Used in a VR context of a VLAN to assign an IPv4 address for IPv4 or an IPv6 address for IPv6 to a VR instance Note This command had a subnet option in prior versions This is not needed now because the subnet is provided when the VLAN IP ...

Page 318: ...or VR 1 is also 10 10 10 1 24 Figure 54 VIP assignment for owner and backup Reconfiguring the priority for a backup When you configure a backup in a VR it is given a default priority of 100 This command is intended for use where it is necessary to establish a precedence among the backup routers on the same network or subnet in a given VR Syntax priority 1 254 Used in a VR context of a VLAN where t...

Page 319: ...s the link local address of the real interface over which the packet is transmitted Specifies the VIP to designate as the source for VRRP advertisements from the VR If there is only one VIP configured on the VR the default setting lowest is sufficient Where there are multiple VIPs in the same VR and you want to designate an advertisement source other than the lowest IP Address use this command For...

Page 320: ...sables dynamic VRRP operation on that VR Default Disabled Dynamically changing the priority of the VR NOTE You can configure tracked interfaces or VLANs on the backup router only Configuring track interface Syntax no track interface port list trunk list Allows you to specify a port or port list or trunk or trunk list that will be tracked by this virtual router If the port or trunk is down the virt...

Page 321: ...ter the expiration of the preempt delay time However if while waiting for the preempt delay time to expire a master goes down the VR tries to take control of the virtual IP Removing all tracked entities Syntax no track Allows you to remove tracking for all configured track entities ports trunks and VLANs The command is executed in VRID instance context Example switch vlan 25 vrid 1 no track Viewin...

Page 322: ...d authentication data is appended at the end of an IPv6 VRRP packet that is being sent The authentication data consists of 8 bytes of zeros Configuring the Authentication Data Field switch vlan 2 vrid 1 null auth compatibility Pinging the virtual IP of a backup router Enabling the response to a ping request The backup router can be enabled to respond to pings using the following command For more i...

Page 323: ...h Router1 vlan 2 vrid 1 exit switch Router1 vlan 2 exit switch Router1 config Viewing VRRP ping information Display IPv4 global VRRP configuration information by entering the show vrrp config global command Display IPv6 global VRRP configuration information by entering the show vrrp ipv6 config global command Example of VRRP global configuration information switch config show vrrp config global VR...

Page 324: ...RID Pkts Rx 0 Checksum Error Pkts Rx 0 Bad Version Pkts Rx 0 Virtual Routers Respond To Ping Requests Yes VRRP Virtual Router Statistics Information VLAN ID 10 Virtual Router ID 1 Protocol Version 3 State Master Up Time 26 mins Virtual MAC Address 00005e 000101 Master s IP Address 2130 21 Associated IP Addr Count 1 Near Failovers 0 Advertise Pkts Rx 0 Become Master 1 Zero Priority Rx 0 Zero Priori...

Page 325: ...witch show vrrp ipv6 config VRRP Global Configuration Information VRRP Enabled Yes Traps Enabled Yes Virtual Routers Respond To Ping Requests No VRRP Nonstop Enabled No VRRP Virtual Router Configuration Information VLAN ID 10 Virtual Router ID 10 Administrative Status Disabled Enabled Mode Uninitialized Owner Priority 100 255 Advertisement Interval 1 1 Preempt Mode True True Preempt Delay Time 0 0...

Page 326: ... Priority 100 255 Advertisement Interval 1 1 Preempt Mode True True Preempt Delay Time 0 0 Respond To Virtual IP Ping Requests Yes Yes Version 2 3 IPv6 Address fe80 216 b9ff fed1 5280 Example IP route information This example shows the gateway information for IP routes A designation of reject means that the IP traffic for that route is discarded Blackhole reject routes are added when a backup VR b...

Page 327: ...g the Pre empt Delay Timer PDT on page 347 Syntax no preempt delay time 1 1600 Allows you to specify a time in seconds that this router will wait before taking control of the VIP and beginning to route packets You can configure the timer on VRRP owner and backup routers NOTE If you have configured the preempt delay time PDT with a non zero value you must use the no form of the command to change it...

Page 328: ...nistrative Status Disabled Disabled Mode Uninitialized Owner Priority 100 255 Advertisement Interval 1 1 Preempt Mode True True Preempt Delay Time 0 0 Respond To Virtual IP Ping Requests Yes Yes Version 2 2 Null authentication compatibility False False Primary IP Address Lowest IP Address 10 10 10 100 VRRP Virtual Router Configuration Information VLAN ID 20 Virtual Router ID 20 Administrative Stat...

Page 329: ...216 b9ff fed1 5280 Viewing a specific VR configuration Syntax show vrrp vlan 23 vrid 10 config Displays the configuration for a specific VR in a specific VLAN Displaying the IPv4 configuration for a specific VR The following command displays the configuration of a VR identified as VR 10 in VLAN 23 switch config show vrrp vlan 23 vrid 10 config VRRP Virtual Router Configuration Information Vlan ID ...

Page 330: ...ion level If global VRRP is disabled these commands produce the following output Example statistics command output if global VRRP is disabled VRRP Global Statistics Information VRRP Enabled No Viewing global VRRP statistics only Syntax show vrrp statistics global show vrrp ipv6 statistics global Displays the global VRRP statistics for the router VRRP Enabled Yes No Invalid VRID Pkts Rx VRRP packet...

Page 331: ...nt of time the router has been up since the last reboot Virtual MAC Address The virtual MAC address for the VR instance master s IP Address The IP address used as the source IP address in the last advertisement packet received from the VR master If this VR is the master this is the primary IP address of the VR If the VR is disabled this value appears as 0 0 0 0 for IPv4 and 0 0 0 0 0 ffff 0 0 for ...

Page 332: ... set to 0 zero Bad Type Pkts The number of VRRP packets received with packet type not equal to 1 that is not an advertisement packet Mismatched Addr List Pkts The number of VRRP packets received wherein the list of VIPs does not match the locally configured VIPs for a VR Mismatched Auth Type Pkts The number of VRRP packets received with the authentication type not equal to 0 zero which is no authe...

Page 333: ... Near Failovers 0 Advertise Pkts Rx 0 Become Master 1 Zero Priority Rx 0 Zero Priority Tx 0 Bad Length Pkts 0 Bad Type Pkts 0 Mismatched Interval Pkts 0 Mismatched Addr List Pkts 0 Mismatched IP TTL Pkts 0 Mismatched Auth Type Pkts 0 Viewing statistics for all VRRP instances in a VLAN Syntax show vrrp vlan vid statistics Displays the VRRP statistics for all VRs configured on the specified VLAN The...

Page 334: ...Pkts 0 Viewing statistics for a specific VRRP instance Syntax show vrrp vlan vid vrid 1 255 statistics show vrrp ipv6 vlanvidvrid 1 255 statistics Displays the VRRP statistics for a specific VR configured on a specific VLAN The actual statistics data per VR is the same as for the show vrrp statistics command Note that show vrrp vlan vid vrid 1 255 and show vrrp vlan vid vrid 1 255 statistics produ...

Page 335: ...ommand switch show vrrp ipv6 statistics VRRP Global Statistics Information VRRP Enabled Yes Invalid VRID Pkts Rx 0 Checksum Error Pkts Rx 0 Bad Version Pkts Rx 0 Virtual Routers Respond To Ping Requests Yes VRRP Virtual Router Statistics Information VLAN ID 10 Virtual Router ID 1 Protocol Version 3 State Master Up Time 26 mins Virtual MAC Address 00005e 000101 Master s IP Address 2130 21 Associate...

Page 336: ...ble The owner normally operates as the master for a VR But if it becomes unavailable then a failover to a backup router belonging to the same VR occurs and this backup becomes the current master If the owner recovers a failback occurs and master status reverts to the owner Using more than one backup provides additional redundancy if both the owner and the highest priority backup fail another lower...

Page 337: ...R configuration Operation VRID Virtual Router ID 1 1 All routers in the same VR have the same VRID Status owner backup One owner and one or more backups are allowed in a given VR Virtual IP Address 10 10 100 1 10 10 100 1 The IP address configured for VLAN 100 in R1 the owner is also configured as the VIP for VRRP in both R1 and R2 Table Continued Chapter 16 Virtual Router Redundancy Protocol VRRP...

Page 338: ...ut period for receiving master advertisements expires on Router 2 the VR initiates a failover to Router 2 and it becomes the new master of the VR 3 Router 2 advertises itself as the master of the VR supporting the gateway and Takes control of the VR s virtual IP address Begins transmitting ARP responses that associate the VR s VIP with the shared source MAC address for VR 1 4 Host A routed traffic...

Page 339: ...0 100 1 is a real IP address configured on VLAN 100 in Router 1 and is the VIP associated with VR 1 If the configured owner in a VR becomes unavailable it is no longer the master for the VR and a backup router in the VR is elected to assume the role of master as described under Backup router on page 340 A subnetted VLAN allows multiple VIPs However if there are 32 or fewer IP addresses in a VLAN i...

Page 340: ...5 Example of using VRRP to provide redundant network access on page 337 illustrates this point VR priority operation In a backup router s VR configuration the virtual router priority defaults to 100 The priority for the configured owner is automatically set to the highest value 255 In a VR where there are two or more backup routers the priority settings can be reconfigured to define the order in w...

Page 341: ...or reachability Autoconfiguration of unicast addresses Resolution of destination addresses Changes to link layer addresses An instance of Neighbor Discovery is triggered on a device when a new or changed IPv6 address is detected VRRPv3 provides a faster failover to a backup router by not using standard ND procedures A failover to a backup router can occur in approximately three seconds without any...

Page 342: ...VRs All routers in the same VR must belong to the same network or subnet The router supports the following maximums 32 VRs 16 for the 2930F switch per VLAN in any combination of masters and backups 512 128 for the 2930F switch IPv4 and IPv6 VRs in combination 2046 Virtual IP addresses 512 128 for the 2930F switch VR sessions on the switch 512 128 for the 2930F switch VRRPv2 and VRRPv3 sessions in ...

Page 343: ...an interface in the same network or subnet as is the owner configured in step 1 enter the global configuration context and enable VRRP router vrrp ipv4 enableor router vrrp ipv6 enable b Configure and enter the same VR instance as was configured for the owner in step 1 vlan vid vrrp vrid 1 255 for IPv4 vrrp ipv6 vrid 1 255 for IPv6 c Optional If there is only one backup router or if you want the p...

Page 344: ...ion switch config router vrrp switch config vlan 10 switch vlan 10 vrrp vrid 1 switch vlan 10 vrid 1 owner switch vlan 10 vrid 1 virtual ip address 10 10 10 1 switch vlan 10 vrid 1 enable switch vlan 10 vrid 1 show vrrp vlan 10 vrid 1 config VRRP Virtual Router Configuration Information VLAN ID 10 Virtual Router ID 1 Administrative Status Disabled Enabled Mode Uninitialized owner Priority 100 255 ...

Page 345: ...subnets and it is necessary to apply VRRP to all of these subnets it is necessary to associate more than one VIP with a VR Because a VLAN on the routers supports up to 32 16 for the 2930F switch VRs applying VRRP to a higher number of subnets in the VLAN requires multiple VIPs in one or more VRs If the owner of a VR is associated with multiple VIPs the backup routers belonging to the same VR must ...

Page 346: ... always uses priority 255 and never relinquishes control voluntarily Failover operation Failover operation involves handing off the VR s control of the virtual IP to another VR Once a failover command is issued the VR begins sending advertisements with priority zero instead of the configured priority When the VR detects a peer VR taking control it releases control of the virtual IP and ceases VR o...

Page 347: ...trol of the VIP It does not transition to the master state until the timer period expires The timer value configured should be long enough to allow OSPF convergence following OSPF updates The PDT is applied only during initialization of the router that is when the router is rebooting with the VRRP parameters present in the startup config file VRRP preempt mode with LACP and older devices There can...

Page 348: ...avior It works in the same way that VRRP works currently PDT is greater than or equal to the master down time 3 times the advertisement interval 1 An owner VR after reboot waits for the master down time If the owner router does not receive a packet during this time it becomes the master If it receives a VRRP advertisement from its peer during this time it waits until the expiration of the preempt ...

Page 349: ...en routers sometimes called flapping Deleting an IP address used to support a VR VR limitsA VLAN allows up to 32 16 for the 2930F switch VRs and a VR allows up to 32 IP addresses This means that one VR can support up to 32 subnets This capacity enables use of VRRP on all subnets in a VLAN that has more than 32 subnets Upgrading from VRRPv2Upgrading from a software version that only supports VRRPv2...

Page 350: ...address that IP address becomes unavailable to all other applications and routing protocols such as RIP and OSPF To avoid operational issues Hewlett Packard Enterprise recommends that VRRP is not run on the same interface VLAN with other routing protocols such as RIP and OSPF VRRP Services enhancements Initially VRRP virtual IP address supported ping service only Now VRRP will support all the IP s...

Page 351: ...config VRRP Global Configuration Information VRRP Enabled Yes Traps Enabled Yes VRRP Nonstop Enabled No VRRP Virtual Router Configuration Information VLAN ID 21 Virtual Router ID 21 Administrative Status Disabled Enabled Mode Uninitialized Backup Priority 100 252 Advertisement Interval 1 1 Preempt Mode True True Preempt Delay Time 0 1 Respond To Virtual IP Ping Requests Yes Yes Version 2 3 Null au...

Page 352: ... Pkts 0 Mismatched Auth Type Pkts 0 BFD Administrative Status Disabled BFD Operational Status Disabled show vrrp ipv6 config Syntax show vrrp ipv6 config Description Displays VRRP virtual router configuration Information Example switch show vrrp ipv6 config VRRP Global Configuration Information VRRP Enabled Yes Traps Enabled Yes VRRP Nonstop Enabled No VRRP Virtual Router Configuration Information...

Page 353: ...265 Master s IP Address fe80 a21d 48ff fe8f a800 Associated IP Addr Count 1 Near Failovers 0 Advertise Pkts Rx 0 Become Master 1 Zero Priority Rx 0 Zero Priority Tx 0 Bad Length Pkts 0 Bad Type Pkts 0 Mismatched Interval Pkts 0 Mismatched Addr List Pkts 0 Mismatched IP TTL Pkts 0 Mismatched Auth Type Pkts 0 BFD Administrative Status Disabled BFD Operational Status Disabled VRRP Show command enhanc...

Page 354: ... mins Owner Backup Pre True Master Addr fe80 5265 f3ff feb4 29c0 State Master Virtual Addr fe80 100 10 11 Vlan 3501 VRID 1 Pri 198 Up Time 19 days Owner Backup Pre True Master Addr fe80 e207 1bff fec2 b543 State Backup Virtual Addr aacc 1 55 fe80 1 Vlan 3502 VRID 2 Pri 198 Up Time 19 days Owner Backup Pre True Master Addr fe80 e207 1bff fec2 b543 State Backup Virtual Addr aacc 2 55 fe80 2 Vlan 350...

Page 355: ...able LACP on a VRRP tracked port You cannot enable LACP on a port that is being tracked by a VR Too many entities to track You have selected too many entities to be tracked by the VR Cannot track trunk LACP member You cannot track the specified trunk or LACP member VRRP tracked port is not allowed in trunk You cannot add this tracked port to a trunk VRRP tracked port is not allowed in LACP You can...

Page 356: ...selection Provides scalability A router that advertises BGP messages is called a BGP speaker The BGP speaker establishes peer relationships with other BGP speakers to exchange routing information When a BGP speaker receives a new route or a route better than the current one from another AS it advertises the route to all the other BGP peers in the local AS BGP can be configured to run on a router i...

Page 357: ...tised by the BGP routing process on page 358 no bgp timers keep alive hold time To adjust BGP network timers use the bgp timers command in router configuration mode Adjusting BGP network timers on page 358 no enable disable Re enables the state contained within this node and all child nodes of the Border Gateway Protocol BGP process Disabled Re enabling state contained within nodes of BGP processe...

Page 358: ...network command To remove an entry from the routing table use the no form of this command BGP networks can be learned from connected routes from dynamic routing and from static route sources The maximum number of network commands you can use is determined by the resources of the router such as the configured NVRAM or RAM Adjusting BGP network timers Syntax no bgp timers keep alive hold time To adj...

Page 359: ...ystems Enabling comparison of MED for paths from neighbors in different autonomous systems on page 361 no bgp allowas in num loops Specifies the number of time an Autonomous System number can appear in the AS_PATH Enabling comparison of MED for paths from neighbors in different autonomous systems on page 361 no bgp bestpath as path ignore Configures Border Gateway Protocol BGP to not consider the ...

Page 360: ...d in router configuration mode Assigning value of infinity to routes missing MED attribute on page 362 no bgp default metric med out Causes a BGP MED to be set on routes when they are advertised to peers Setting BGP MED on routes when advertised to peers on page 362 no distance bgp ext dist int dist loc dist A route s preference specifies how active routes that are learned from BGP compared to oth...

Page 361: ...he comparison use the no form of this command The MED is one of the parameters that is considered when selecting the best path among many alternative paths The path with a lower MED is preferred over a path with a higher MED During the best path selection process MED comparison is done only among paths from the same autonomous system The bgp always compare med command is used to change this behavi...

Page 362: ...er Gateway Protocol BGP routing process to assign a value of infinity max possible to routes that are missing the Multi Exit Discriminator MED attribute making the path without a MED value the least desirable path use the bgp bestpath med missing as worst command in router configuration mode To return the router to the default behavior assign a value of 0 to the missing MED use the no form of this...

Page 363: ...ful restart restart time val stalepath time val Configures BGP graceful restart timers Configuring BGP graceful restart timers on page 363 no bgp log neighbor changes prefix list prefix list name Enables or disables BGP event logging Enabling event logging on page 364 no neighbor ipv4 addr description desc Describes a neighbor Describing a neighbor on page 364 Configuring BGP graceful restart time...

Page 364: ...ies whether to enable or disable dynamic capabilities Enabling or disabling dynamic capabilities on page 367 no neighbor ipv4 addr updated source ipv4 addr Specifies the IP address to be used on the local end of the TCP connection with the peer Specifying the IP address for local end of TCP connection with peer on page 367 no neighbor ipv4 addr allowas in num loops Specifies the number of times th...

Page 365: ... database before it is exported into BGP Defaults to 0 if no specified or if un configured by using no version of command Specifying the amount of time route is present in database before exported to BGP on page 368 no neighbor ipv4 addr weight weight Preferences are the first criteria of comparison for route selection This value defaults to the globally configured preference if it is not specifie...

Page 366: ... ipv4 addr remove private as Specifies whether the private AS should be removed from the as path attribute of updates to the EBGP peer Removing the private AS number from updates to EBGP peer on page 370 no neighbor ipv4 addr route reflector client Acts as a route reflector for the peer Acting as a route reflector for the peer on page 370 no neighbor ipv4 addr shutdown Shuts down the BGP peering s...

Page 367: ...ecifying the IP address for local end of TCP connection with peer Syntax no neighbor ipv4 addr updated source ipv4 addr Specifies the IP address to be used on the local end of the TCP connection with the peer This is the address of a broadcast NBMA or loopback interface and the local address of a point to point interface For external peers the local address must be on an interface that is shared w...

Page 368: ...um number of routes for installation into the RIB Syntax no neighbor ipv4 addr maximum prefix max routes Specifies the maximum number of routes that BGP will accept for installation into the RIB The value defaults to unlimited if not specified or if using the no version of the command Specifying the amount of time route is present in database before exported to BGP Syntax no neighbor ipv4 addr out...

Page 369: ... to use Setting the timer for a BGP peer Syntax no neighbor ipv4 addr timers keep alive hold time To set the timers for a specific BGP peer use the neighbor timers command in router configuration mode To clear the timers for a specific BGP peer use the no form of this command The values of keep alive and hold time default to 60 and 180 seconds respectively The timers configured for a specific neig...

Page 370: ...r Syntax no neighbor ipv4 addr route reflector client Acts as a route reflector for the peer Shutting down the BGP peering session without removing peer configuration Syntax no neighbor ipv4 addr shutdown Shuts down the BGP peering session without removing the associated peer configuration Enabling or disabling advertisement of route refresh capability in open message Syntax no neighbor ipv4 addr ...

Page 371: ... name Specifying route map to be exported in or out of BGP Syntax no neighbor ipv4 addr route map route map name in out Route maps control the redistribution of routes between protocols Only after configuring a route map can it then be specified in BGP Use this command to specify a configured route map to be exported into or out of BGP When the in version of this command is configured all IPv4 ann...

Page 372: ...N is a well known mandatory attribute that defines the origin of routing information that is how a route became a BGP route There are three types IGP Has the highest priority Routes added to the BGP routing table using the network command have the IGP attribute EGP Has the second highest priority Routes obtained via EGP have the EGP attribute Incomplete Has the lowest priority The source of routes...

Page 373: ...ority to the route with the shortest AS_PATH length if other factors are the same As shown in the above figure the BGP router in AS50 gives priority to the route passing AS40 for sending data to the destination 8 0 0 0 In some applications you can apply a routing policy to control BGP route selection by modifying the AS_PATH length By configuring an AS path filtering list you can filter routes bas...

Page 374: ...een two neighboring ASs each of which does not advertise the attribute to any other AS Similar to metrics used by IGP MED is used to determine the best route for traffic going into an AS When a BGP router obtains multiple routes to the same destination but with different next hops it considers the route with the smallest MED value the best route if other conditions are the same As shown below traf...

Page 375: ...ntifies a collection of destination addresses having identical attributes without physical boundaries in between and having nothing to do with the local AS Well known community attributes involve Internet By default all routes belong to the Internet community Routes with this attribute can be advertised to all BGP peers No_Export After being received routes with this attribute cannot be advertised...

Page 376: ...r id has been specified and the route was received with an ORIGIN_ID In the latter case the ORIGIN_ID is used instead of the router ID from the Open message If bgp bestpath compare cluster list length has been specified prefer the route with the lowest CLUSTER_LIST length Prefer the route with the lowest neighbor address NOTE CLUSTER_IDs of route reflectors form a CLUSTER_LIST If a route reflector...

Page 377: ...CAL_PREF and MED Router C installs both the two routes to its route table for load sharing After that Router C forwards to Router D and Router E the route that has AS_PATH unchanged but has NEXT_HOP changed to Router C other BGP transitive attributes are those of the best route BGP route advertisement rules The current BGP implementation supports the following route advertisement rules When multip...

Page 378: ...te was received from a non client peer then the route is advertised to all its configured clients Route reflection introduces two new discretionary attributes Originator ID and Cluster List which are used in determining the best path as defined in BGP route selection on page 375 In an Autonomous System more than one route reflector can be configured BGP graceful restart GR When a BGP speaker shuts...

Page 379: ...oute refresh capability allows the router to request the peer to re advertise the routes thereby avoiding the requirement to keep a copy of all the routes that were received from all the peers BGP basic configuration The following configuration tasks are described as required or optional Task Remarks Configuring BGP connection Required Controlling route distribution and reception Configuring BGP r...

Page 380: ...By default the global router ID is used Specify a neighbor and its AS number neighbor ip address remote as as number Required Configure a description for a neighbor neighbor ip address description description text Optional Not configured by default CAUTION Since a router can reside in only one AS the router can run only one BGP process Specifying the source interface for TCP connections BGP uses T...

Page 381: ... view Enter BGP view bgp as number Enable MD5 authentication when establishing a TCP connection to the peer peer group peer group name ip address password cipher simple password Optional Not enabled by default Allowing establishment of an eBGP connection to a non directly connected peer In general direct physical links should be available between eBGP peers If not you can use the neighbor ip addre...

Page 382: ...able Using a routing policy makes route control more flexible Configuring BGP route inbound and outbound filtering policies Follow these steps to configure BGP route reception filtering policies To do Use the command Remarks Enter global Configuration context configuration Enter BGP context bgp as number Apply filter policy on the inbound or the outbound for each peer neighbor ip address route map...

Page 383: ...rtisements to an iBGP peer do not take the local router as the next hop Configure the AS_PATH attribute Configure repeating times of local AS number in routes from a peer neighbor ip address allow as in number Optional The local AS number cannot be repeated in routes from the peer Specify a fake AS number for a peer neighbor ip address local as as number Optional Not specified by default This comm...

Page 384: ... eBGP peers only that is eBGP peers in other ASs can only find the fake AS number The neighbor as override command is used only in specific networking environments Inappropriate use of the command may cause routing loops Tuning and optimizing BGP networks Prerequisites BGP connections have been created Configuring a BGP keepalive interval and holdtime After establishing a BGP connection two router...

Page 385: ...Follow these steps To do Use the command Remarks Enter the global configuration context configuration Enter the BGP context bgp as number Advertise the community attribute to a peer neighbor ip address send community Enabled by default CAUTION When configuring the BGP community you must configure a routing policy to define the community attribute and then apply the routing policy to the route adve...

Page 386: ...the GR Restarter and GR Helper simultaneously Follow these steps to configure BGP GR To do Use the command Remarks Enter the global Configuration context configuration Enable BGP and enter its view bgp as number Configure graceful restart bgp graceful restart staleparth time stale path time Required Disabled by default Configure the maximum time allowed for the peer to reestablish a BGP session gr...

Page 387: ...routes show ip route Display only the BGP routes in the IP routing table show ip route bgp ip4 addr Display the routes whose community information matches the supplied community numbers and also the AS_PATH information matches the supplied regular expression show ip bgp community comm num regexp aspath reg ex Display the routes whose community information matches exactly the supplied community num...

Page 388: ... Switch C so that Switch C can access the network 8 1 1 0 24 connected to Router A Figure 63 Network diagram for BGP basic configuration Configuration procedure Procedure 1 Configure IP addresses for interfaces omitted 2 Configure iBGP a To prevent route flapping caused by port state changes this example uses loopback interfaces to establish iBGP connections b Because loopback interfaces are virtu...

Page 389: ...h vlan 300 ip ospf switch vlan 300 show ip bgp summary Peer Information Remote Address Remote AS Local AS State Admin Status 2 2 2 2 65009 65009 Established Start 5 The output information shows that Switch C has established an iBGP peer relationship with Switch B 6 Configure eBGP a The eBGP peers Switch A and Switch B usually belonging to different carriers are located in different ASs Their loopb...

Page 390: ...valid best i internal e external s stale Origin codes i IGP e EGP incomplete Network Nexthop Metric LocalPref Weight AsPath 8 1 1 0 24 0 32768 I 8 1 1 0 24 0 0 0 0 0 0 I 12 Display the BGP routing table on Switch B switch show ip bgp Local AS 100 Local Router id 20 0 0 1 BGP Table Version 0 Status codes valid best i internal e external s stale Origin codes i IGP e EGP incomplete Network Nexthop Me...

Page 391: ... 1 1 BGP Table Version 0 Status codes valid best i internal e external s stale Origin codes i IGP e EGP incomplete Network Nexthop Metric LocalPref Weight AsPath e 2 2 2 2 32 3 1 1 1 0 0 65009 e 3 1 1 0 24 3 1 1 1 0 0 65009 e 8 1 1 0 24 0 0 65008i e 8 1 1 0 24 0 0 65008i 18 Two routes 2 2 2 2 32 and 9 1 1 0 24 have been added in Switch A s routing table 19 Display the BGP routing table on Switch C...

Page 392: ...ation procedure Procedure 1 Configure IP addresses for interfaces omitted 2 Configure eBGP 3 Configure Switch A switch config router bgp 10 switch bgp bgp router id 1 1 1 1 switch bgp neighbor 200 1 2 2 remote as 20 switch bgp network 9 1 1 0 255 255 255 0 8 switch bgp exit 4 Configure Switch B switch config bgp 20 switch bgp bgp router id 2 2 2 2 switch bgp neighbor 200 1 2 1 remote as 10 switch ...

Page 393: ... Version 1 Status codes valid best i internal e external s stale Origin codes i IGP e EGP incomplete Network Nexthop Metric LocalPref Weight AsPath i 9 1 1 0 24 200 1 3 1 0 100 10i 9 Switch C learned route 9 1 1 0 24 from Switch B 10 Configure the BGP community 11 Configure a routing policy route map bgp out permit seq 10 switch route map bgp out set community no export switch route map bgp out ex...

Page 394: ...nections between SwitchB and Switch C and between Switch C and Switch D Switch C is a route reflector with clients Switch B and D Switch D can learn route 1 0 0 0 8 from Switch C Figure 65 Network diagram for BGP route reflector configuration Configuration procedure Procedure 1 Configure IP addresses for interfaces omitted 2 Configure BGP connections 3 Configure Switch A switch config router bgp 1...

Page 395: ... 1 1 1 remote as 200 switch bgp exit 8 Configure the route reflector 9 Configure Switch C switch config router bgp 200 switch bgp neighbor 193 1 1 2 route reflector client switch bgp neighbor 194 1 1 2 route reflector client switch bgp exit 10 Verify the above configuration 11 Display the BGP routing table on Switch B switch config show ip bgp Local AS 200 Local Router id 200 1 2 2 BGP Table Versi...

Page 396: ...ections are between Switch B and Switch D and between Switch C and Switch D OSPF is the IGP protocol in AS 200 Configure the routing policies Switch D should use the route 1 0 0 0 8 from Switch C as the optimal route Figure 66 Network diagram for BGP path selection configuration Device Interface IP address Device Interface IP address Switch A Vlan101 1 0 0 0 8 Switch D Vlan400 195 1 1 1 24 Vlan100...

Page 397: ...pf exit 5 Configure Switch D switch config router ospf switch ospf enable switch ospf area 0 switch ospf network 194 1 1 0 0 0 0 255 switch ospf network 195 1 1 0 0 0 0 255 switch ospf exit 6 Configure BGP connections 7 Configure Switch A switch config router bgp 100 switch bgp neighbor 192 1 1 2 remote as 200 switch bgp neighbor 193 1 1 2 remote as 200 8 Add network 1 0 0 0 8 to the BGP routing t...

Page 398: ...tch ip address prefix list pl_1 switch route policy set metric 50 switch route policy route map apply_med_50 permit seq 20 switch route policy exit switch config route map apply_med_100 permit switch route policy match ip address prefix list pl_1 switch route policy set metric 100 switch route policy route map apply_med_100 permit seq 20 switch route policy exit 16 Apply routing policy apply_med_5...

Page 399: ... permit seq 20 21 Apply routing policy localpref to routes from peer 193 1 1 1 switch config router bgp 200 switch bgp neighbor 193 1 1 1 route map localpref in switch bgp exit 22 Display the routing table on Switch D switch config show ip bgp Local AS 100 Local Router id 194 1 1 1 BGP Table Version 1 Status codes valid best i internal e external s stale Origin codes i IGP e EGP incomplete Network...

Page 400: ...epath time 360 switch bgp neighbor 200 1 1 1 remote as 65009 5 Add network 8 0 0 0 8 to the BGP routing table switch bgp network 8 0 0 0 8 6 Enable GR for BGP Peer switch bgp neighbor 200 1 1 1 graceful restart 7 Configure Switch B 8 Configure IP addresses for interfaces omitted 9 Configure the eBGP connection switch bgp router bgp 65009 10 Configure BGP GR restart time and stalepath timeout Optio...

Page 401: ...to redistribute direct routes switch bgp redistribute connected 19 BGP Configuration Example 20 Enable GR for BGP Peer switch bgp neighbor 9 1 1 1 graceful restart Verification After completing the above configuration perform an active standby switchover on Switch B Switch A and Switch C should be able to ping each other without any packet drops Also ensure that there are no flaps of BGP learned r...

Page 402: ...isplays specific information on the route and the BGP path attributes of the route switch bgp show ip bgp 11 0 0 0 8 Local AS 100 Local Router id Network 11 0 0 0 8 Nexthop 10 0 102 40 Peer 10 0 102 40 Origin incomplete Metric 0 Local Pref Weight 0 Calc Local Pref 100 Best No Valid Yes Type external Stale No AS Path 200 Communities 200 20 100 50 Network 11 0 0 0 8 Nexthop 10 0 102 153 Peer 10 0 10...

Page 403: ...Metric Dist 0 0 0 0 0 10 0 0 1 1 static 1 1 10 0 0 0 16 DEFAULT_VLAN 1 connected 1 0 11 0 0 0 8 10 0 102 153 1 bgp 0 20 22 0 0 0 8 10 0 102 40 1 bgp 0 20 33 0 0 0 8 10 0 102 40 1 bgp 0 20 99 0 0 0 8 DEFAULT_VLAN 1 static 1 1 127 0 0 0 8 reject static 0 0 127 0 0 1 32 lo0 connected 1 0 Synopsis show ip route bgp ipv4 addr Displays only the BGP routes in the IP routing table ipv4 addr IP address ent...

Page 404: ...ight AsPath e 11 0 0 0 8 10 0 102 40 0 0 200 e 11 0 0 0 8 10 0 102 153 0 0 200 i e 22 0 0 0 8 10 0 102 40 0 0 200 Synopsis show ip bgp community comm num regexp aspath reg ex Displays the routes whose community information matches the supplied community numbers and also the AS_PATH information matches the supplied regular expression switch bgp show ip bgp community 20 regexp 2 Local AS 100 Local R...

Page 405: ... 8 10 0 102 198 0 0 300 400 Synopsis show ip bgp ipv4 addr masklen longer prefix route community Displays basic route information destination and nexthop and the communities tagged to the route in full This show routine is especially helpful when you want to look at the communities that are tagged to all routes at a glance switch bgp show ip bgp 22 0 0 0 8 route community Local AS 100 Local Router...

Page 406: ...oute Map Out Password Cfg Hold Time 180 Cfg Keep Alive 60 Neg Hold Time 180 Neg Keep Alive 60 Capability Announced Received Route Refresh No Yes Dynamic No No Graceful Restart ipv4 uni Yes No Multi protocol ipv4 uni Yes Yes Message Type Sent Received Opens 1 1 Notifications 0 0 Capability 0 0 Updates 1 1 Keepalives 4 4 Route Refresh 0 0 Total 6 6 Prefix Activity Sent Received Prefixes Current 1 3 ...

Page 407: ... 0 3 200 i 0 2 300 250 2 Synopsis show ip bgp redistribute Displays the list of protocols whose routes are being redistributed into BGP switch show ip bgp redistribute Route type RouteMap static rtmap static rip Synopsis show ip bgp summary Displays a summarized view of global BGP configuration and current BGP neighbor peering state Chapter 17 Border Gateway Protocol BGP 407 ...

Page 408: ... have been used with devices E and F facing the client or server network edges With the introduction of BGP functionality it becomes possible to position solutions at locations B C and D With proper filtering a routing switch with 20 000 routes can be used in an iBGP deployment A device at location C represents the boundary between interior gateway protocol IGP domains and the BGP core Functionali...

Page 409: ...le internal AS deployments with Campus iBGP solution on page 409 Figure 69 Multiple internal AS deployments with Campus iBGP solution The core routing switch device C can establish eBGP peering with the Enterprise Core It is possible to utilize the foundation Campus iBGP feature to satisfy some of these solutions A Enterprise Core Router B Enterprise Core Router Campus Edge C Campus Core Routing S...

Page 410: ...tables so the diagram above requires that 1 only default routes are taken from the internet and 2 multiple VRF instances do not exist at a single physical remote site The deployment of device A may require additional traffic shaping and scalability features If you prefer extending BGP routing to devices B or C you can use BGP functionality on a routing switch In this deployment model the routing s...

Page 411: ...sages successfully Solution 1 Use the show ip bgp neighbor command to verify the peer s IP address 2 If the loopback interface is used check whether the neighbor connect interface command is configured 3 If the peer is a non direct eBGP peer check whether the neighbor ebgp multihop command is configured 4 Check whether a route to the peer is available in the routing table 5 Use the ping command to...

Page 412: ...he specified interval the session is considered down Commands Per session command VLAN All configuration commands described in this section belong to VLAN context That is the configuration will be applied to all the sessions under the VLAN identified by the VLAN ID Set intervals This command helps to assign the minimum transmit interval and minimum receive interval in the range 1 to 20 seconds Det...

Page 413: ...kets in the range 1 to 5 that are allowed to be missed before BFD session times out NOTE If min transmit interval or min receive interval value is configured as 1 sec the value of detect multiplier should be at least 3 If detect multiplier value is 1 the value of min transmit interval and min receive interval should be at least 3 sec Set intervals configuration J9850A Configuration Editor Created ...

Page 414: ...t interval is 500 milliseconds Zero indicates that the local end is not interested in receiving echo packets from the peer Syntax bfd min echo receive interval MILLISECONDS Description Update the minimum receive interval for echo packets of all the sessions under the current VLAN When minimum echo receive interval is set to 0 milliseconds for the BFD session under OSPF incoming BFD echo packets ar...

Page 415: ...FD session Switch show bfd session 1 BFD Session Information Session 1 Min Tx Interval sec 3 Min Rx Interval sec 3 Min Echo Rx Interval msec 700 Detect Multiplier 5 Authentication Mode NONE Password Application OSPF Local Discriminator 1 Remote Discriminator 1 Echo Enabled Local Diagnostic No diagnostics configured VLAN Source IP Destination IP State Pkt In Pkt Drop Pkt Out 20 100 100 100 100 100 ...

Page 416: ...name switch module A type j9989a module C type j9550a module F type j9987a snmp server community public unrestricted oobm ip address dhcp bootp exit vlan 1 name DEFAULT_VLAN untagged A2 A24 C1 C24 F1 F24 ip address dhcp bootp exit ip routing router ospf area 0 0 0 2 area 0 0 0 3 area backbone enable exit bfd enable bfd echo src ip address 2 2 2 2 vlan 20 untagged A1 bfd min transmit interval 10 mi...

Page 417: ...ID bfd IP ADDR no vrrp vrid VR ID bfd IP ADDR Description Enable BFD in VRRP for VLAN specific IP address Options BFD Configure Bidirectional Forwarding Detection BFD for the VLAN IP ADDR Configure the IP address of the peer to enable BFD for the VR NOTE BFD for VRRP is applicable only for two router redundant systems Only one BFD VRRP session will be maintained for the multiple VRIDs configured o...

Page 418: ...Packets Received 5 Total Number of Control Packets Dropped 0 Session VLAN SourceIP DestIP Echo State Application 1 10 100 100 100 100 100 100 100 102 Enabled Up VRRP switch show bfd 1 BFD Session Information Min Echo Rx in msecs 700 Session VLAN Source IP Destination IP Echo State Application 1 10 100 100 100 100 100 100 100 102 Enabled Up VRRP Set BFD authentication mode and password This command...

Page 419: ...ntication password using a pre encrypted string copied from a compatible HP networking device Password will be prompted interactively as above and set the entered value in the configuration Simple password switch vlan 10 bfd authentication keyed sha1 1 key simple Enter password Re enter password Without include or encrypt credentials J9850A Configuration Editor Created on release KB 16 02 0000x Ve...

Page 420: ...dhcp bootp exit vlan 1 name DEFAULT_VLAN untagged A2 A24 C1 C24 F1 F24 ip address dhcp bootp exit ip routing router ospf area 0 0 0 2 area 0 0 0 3 area backbone enable exit bfd enable bfd echo src ip address 2 2 2 2 vlan 20 untagged A1 bfd min transmit interval 10 min receive interval 10 detect multiplier 3 bfd min echo receive interval 700 bfd authentication meticulous Keyed sha1 1 key simple hp1...

Page 421: ...area backbone ip ospf 100 100 100 100 bfd exit How to input encrypted password switch vlan 20 bfd authentication keyed sha1 2 key encrypted aH4ihIbkKOGNXpHneZEJqVRuqiqYDxOhLCh0TDtPjUA HP 5406Rzl2 vlan 20 exit J9850A Configuration Editor Created on release KB 16 02 0000x Ver 0b fc 59 f4 7b ff ff fc ff ff 3f ef 0d hostname switch name module A type j9989a module C type j9550a module F type j9987a in...

Page 422: ...OTE Maximum of 64 BFD sessions are supported show run output Reboot with saved config BFD authentication password will not be displayed Include credentials Disabled Encrypt credentials Disabled The plain text password in the config will be used to update the protocol data structures Download config file Password ignored BFD authentication password will not be displayed Include credentials Disabled...

Page 423: ...ully establish a BFD session BFD should be configured on the local router interface as well as the next hop router interface BFD starts monitoring a given static route once the corresponding BFD session reaches the UP state Connectivity to the next hop router may be lost due to an event like an interface down or a neighbor going down in such a scenario BFD can detect such failures and trigger corr...

Page 424: ...ing the same next hop IP and BFD source IP It is recommended that you keep the total number of static routes whose next hop shares the same physical link under 64 BFD is supported on single hop ipv4 static routes Multi hop functionality is not supported BFD neighbors must be no more than one IP hop away for Echo mode BFD for Static Route is not supported over management VLAN BFD source IP address ...

Page 425: ...way ip bfd source ip destination ip IP Address on self device BFD is enabled between self device and the peer device for the static route configured with gateway as Nexthop IP Address Method 1 switch config ip route 172 192 4 0 24 172 16 4 2 bfd source ip 172 16 4 1 switch config switch config show running config Running configuration J9850A Configuration Editor Created on release KB 16 04 0000x V...

Page 426: ...4 1 bfd source ip 172 16 4 2 switch config switch config show run Running configuration J9850A Configuration Editor Created on release KB 16 04 0000x Ver 10 1b 7f bf bb ff 7c 59 fc 7b ff ff fc ff ff 3f ef 01 hostname switch module A type j9989a ip route 15 212 178 0 255 255 255 0 172 16 4 1 bfd source ip 172 16 4 2 ip routing snmp server community public unrestricted oobm ip address dhcp bootp exi...

Page 427: ...arameters are obtained directly from VLAN 10 Switch 1 Ip route destination network network mask vlan gateway vlan bfd destination ip IP Address configured on peer device BFD is enabled between self device and the peer device for the static route configured with gateway as Nexthop Vlan Id Method 2 switch config ip route 192 172 4 0 24 vlan 10 bfd destination ip 172 16 4 2 switch config switch confi...

Page 428: ... 1 10 172 16 4 1 172 16 4 2 Enabled Up STATIC Switch config Switch 2 switch config ip route 0 0 0 0 0 0 0 0 172 16 4 1 bfd source ip 172 16 4 2 switch config show running config Running configuration J9850A Configuration Editor Created on release KB 16 04 0000x Ver 10 1b 7f bf bb ff 7c 59 fc 7b ff ff fc ff ff 3f ef 01 hostname switch module A type j9989a ip route 0 0 0 0 0 0 0 0 172 16 4 1 bfd sou...

Page 429: ...n between STATIC and OSPF applications When BFD is enabled for both STATIC and OSPF applications over the same pair of source and destination IPs a single BFD session can be used to monitor the connectivity Switch 1 switch config ip route 200 1 12 0 255 255 255 0 172 16 4 2 bfd source ip 172 16 4 1 switch config show run Running configuration J9850A Configuration Editor Created on release KB 16 04...

Page 430: ...d 4330 Total Number of Control Packets Received 4333 Total Number of Control Packets Dropped 4 Session VLAN Source IP Destination IP Echo State Application 1 10 172 16 4 1 172 16 4 2 Enabled Up OSPF STATIC Switch 2 switch config ip route 0 0 0 0 0 172 16 4 1 bfd source ip 172 16 4 2 switch config switch config show running config Running configuration J9850A Configuration Editor Created on release...

Page 431: ...he previous example If BFD configuration is removed on SWITCH 1 on vlan 10 on EITHER OSPF or STATIC still the BFD session is maintained as UP on SWITCH2 with OSPF STATIC applications SWITCH1 maintains the session only with BFD enabled application in this case If OSPF or STATIC Configuration itself is removed on SWITCH 1 on vlan 10 still the BFD session is maintained as UP on SWITCH2 with OSPF STAT...

Page 432: ...rce ip 172 16 4 1 ip route 192 172 5 0 24 vlan 10 bfd destination ip 172 16 4 2 ip route 192 172 6 0 24 172 16 4 2 bfd source ip 172 16 4 1 ip routing snmp server community public unrestricted oobm ip address dhcp bootp exit bfd enable bfd echo src ip address 2 2 2 2 vlan 1 name DEFAULT_VLAN no untagged A1 untagged A2 A21 L1 L24 ip address dhcp bootp exit vlan 10 name VLAN10 untagged A1 ip address...

Page 433: ...16 4 2 ip routing snmp server community public unrestricted oobm ip address dhcp bootp exit bfd enable bfd echo src ip address 3 3 3 3 vlan 1 name DEFAULT_VLAN no untagged A1 untagged A2 A24 ip address dhcp bootp exit vlan 10 name VLAN10 untagged A1 ip address 172 16 4 2 255 255 255 0 exit no allow v2 modules Switch config show bfd Bidirectional Forwarding Detection BFD Information Administrative ...

Page 434: ...ext config Example When a BFD session is shared by only static route application Switch config show bfd session Bidirectional Forwarding Detection BFD Information Administrative Status Enabled Echo Source IP 2 2 2 2 Maximum number of sessions supported 128 Number of sessions reserved for internal use 0 Total Number of Sessions 1 Number of Sessions Up 1 Number of Sessions Down 0 Global Statistics T...

Page 435: ... sessions reserved for internal use 0 Total Number of Sessions 1 Number of Sessions Up 1 Number of Sessions Down 0 Global Statistics Total Number of Control Packets Transmitted 16 Total Number of Control Packets Received 15 Total Number of Control Packets Dropped 4 Session VLAN Source IP Destination IP Echo State Application 1 10 172 16 4 1 172 16 4 2 Enabled Up OSPF STATIC Switch config show bfd ...

Page 436: ...D echo packets transmitted by the switch Set BFD source IP address for echo packets configuration switch config bfd echo src ip address 2 2 2 2 ATTENTION Make sure that echo packet source IP configured does not belong to same subnet as the IP address assigned to any VLAN on the switch Running configuration J9850A Configuration Editor Created on release KB 16 02 0000x Ver 0b fc 59 f4 7b ff ff fc ff...

Page 437: ...lobal settings options enable Enable BFD globally disable Disable BFD globally echo src ip address Set the source IP address for BFD echo packets transmitted by the switch Enable BFD session Configuration J9850A Configuration Editor Created on release KB 16 02 0000x Ver 0b fc 59 f4 7b ff ff fc ff ff 3f ef 0d hostname switch module A type j9989a module F type j9987a no rest interface password minim...

Page 438: ...n Syntax no debug bfd packet event session SESS ID Description Enable BFD debug logging Options BFD Enable BFD debug logging session Display debug messages for a specific session SESS ID A BFD session number to display debug messages for packet Display important fields of BFD packets event Display BFD state machine events Clear BFD statistics This command helps to reset the specified BFD counter S...

Page 439: ...sion 1 BFD Session Information Session 1 Min Tx Interval sec 10 Min Rx Interval sec 10 Min Echo Rx Interval msec 700 Detect Multiplier 3 Authentication Mode NONE Password Application OSPF Local Discriminator 1 Remote Discriminator 1 Echo Enabled Local Diagnostic No diagnostics configured VLAN Source IP Destination IP State Pkt In Pkt Drop Pkt Out 3 100 100 100 100 100 100 100 101 Up 322 0 320 Clea...

Page 440: ... commands to display the status of a VXLAN feature tunnels and tunnel statistics Show all BFD sessions This command displays all the current BFD sessions in the switch Detailed output is displayed if the user provides the session number NOTE Auth Mode information is shown in the command bfd session SESSION NUMBER Syntax show bfd session Description Show Bidirectional Forwarding Detection BFD infor...

Page 441: ...n Switch show bfd session 1 BFD Session Information Session 1 Min Tx in secs 3 Min Rx in secs 3 Min Echo Rx in msecs 500 Detect multiplier 5 Auth Mode keyed SHA1 Password hp123 Application OSPF Local Discriminator 1 Remote Discriminator 1 Echo Enabled Local Diagnostic No diagnostics configured VLAN Source IP Destination IP State Pkt In Pkt Drop Pkt Out 3 100 100 100 100 100 100 100 101 Up 322 0 32...

Page 442: ...is supported When BFD sessions are using authentication the sessions might go down after a switchover Priority settings for BFD packets When the interfaces are over subscribed BFD packets have to be prioritized so that these pkts are not overwhelmed by other data packets CoS values must be explicitly configured in the appropriate egress QoS service policy CoS values for BFD packets can be set usin...

Page 443: ...e com info networking Hewlett Packard Enterprise My Networking website www hpe com networking support Hewlett Packard Enterprise My Networking Portal www hpe com networking mynetworking Hewlett Packard Enterprise Networking Warranty www hpe com networking warranty General websites Hewlett Packard Enterprise Information Library www hpe com info EIL For additional websites see Support and other reso...

Page 444: ...ide a mechanism for accessing software updates through the product interface Review your product documentation to identify the recommended software update method To download product updates Hewlett Packard Enterprise Support Center www hpe com support hpesc Hewlett Packard Enterprise Support Center Software downloads www hpe com support downloads Software Depot www hpe com support softwaredepot To...

Page 445: ...r product s service level Hewlett Packard Enterprise strongly recommends that you register your device for remote support If your product includes additional remote support details use search to locate that information Remote support and Proactive Care information HPE Get Connected www hpe com services getconnected HPE Proactive Care services www hpe com services proactivecare HPE Proactive Care s...

Page 446: ... Packard Enterprise product environmental and safety information and compliance data including RoHS and REACH see www hpe com info ecodata For Hewlett Packard Enterprise environmental information including company programs product recycling and energy efficiency see www hpe com info environment Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets you...

Page 447: ...ectly streaming it via Wi Fi from the Internet or a local network The media is selected by users to play on devices by enabling Chromecast mobile and web applications Casting a tab for sites that are not Google Cast enabled mirrors most Google Chrome browser content running on the device MAC OSX and Windows Chromecast uses a simple multicast protocol for discovery and launch This protocol enables ...

Page 448: ...global default which allows or denies traffic that does not match any rule After a match is found other filter rules are ignored NOTE Service filtering cannot block the connection between devices For example if the client knows the remote device s IP address they can still establish a connection without utilizing the mDNS protocol Service filtering functions to keep names and addresses out service...

Page 449: ...e Procedure 1 Wireless Printer 2 sends an mDNS response advertising printer services in VLAN 3 2 Switch 2 does not have any inbound filter in VLAN 3 so it receives the wireless printer service announcement 3 Switch 2 checks the outbound filter in VLAN 3 There is no specific outbound filter on VLAN 3 so it floods the service announcement in VLAN 3 except at the source port 4 Switch 2 checks the ref...

Page 450: ... VLAN 3 therefore it will flood the query in VLAN 3 except the source port 11 Reflection is not enabled in Switch 2 therefore it will not pass any further reflection 12 Wireless printer 2 responses to the query and switch 2 does not have any inbound and outbound filters therefore it will flood the response to VLAN 3 except the source port 13 Switch 1 receives the packet as there are no inbound fil...

Page 451: ...he mDNS gateway and Chromecast features IPv6 is not supported In distributed environment enable gateway in one switch to avoid loops Chromecast v1 DIAL over SSDP is not supported Custom filters are not supported For example rule name service tv rule name instance ipad mDNS commands are not available from the web and the menu If the user configures both permit and deny for same service instance and...

Page 452: ...ptions gateway Enable VLAN for mDNS gateway Create or delete a mDNS profile This command will be supported on config context in manager mode This is a context command Separate context is created for this Syntax mdns profile PROFILE NAME no mdns profile PROFILE NAME Description Create or delete an mDNS profile rule Syntax rule rule id instance service NAME action permit deny no rule rule id instanc...

Page 453: ...ofile for a particular VLAN Based on the rule the filter permits or denies traffic Options VLAN LIST Set the global mDNS profile This command is supported in the configure context in manager mode Syntax mdns default filter in out action permit deny Description Used to set the default action for all VLANs If there is no specific rule for a particular VLAN the default action will be applied By defau...

Page 454: ...xamples show mdns mDNS Configuration mDNS Enabled Show mDNS gateway Syntax show mdns gateway Description Display the reflection VLAN list of the mDNS gateway Options gateway mDNS gateway Example show mDNS gateway mDNS Gateway Configuration Gateway VLAN List 1 10 12 Show mDNS profile configuration Syntax show mdns profile Description 454 Aruba 3810 5400R Multicast and Routing Guide for ArubaOS Swit...

Page 455: ...les ID Instance Service Action 1 ANY AppleTV Deny 2 MyComputer ANY Permit Show mDNS profile name Syntax show mdns profile PROFILE NAME Description Display mDNS profile name information Options PROFILE NAME Specify the profile name Example mDNS profile configuration Profile Name Students VLANs 1 3 25 Rules ID Instance Service Action 1 ANY AppleTV Deny 2 MyComputer ANY Permit Show mDNS mDNS enable m...

Page 456: ... or disable mDNS debug logging Usage debug mdns no debug mdns RMON table RMON event Details RMON_mDNS_ENABLED Proposed Display I 05 22 13 20 39 20 04633 mDNS mDNS is enabled RMON_mDNS_DISABLED Proposed Display I 05 22 13 20 39 20 04633 mDNS mDNS is disabled RMON_mDNS_PKT_MAX_LIMIT Proposed Display W 05 22 13 20 49 12 04635 mDNS mDNS packets are dropped It has exceeded the maximum limit of d packet...

Reviews:

No comments

Related manuals for Aruba 3810

Brand: CALIENT Pages: 22

Brand: Lantronix Pages: 40

Brand: Lantronix Pages: 2

SISTP1040-551-LRT

Brand: Lantronix Pages: 2

Brand: Lantronix Pages: 2

SISPM1040-3 L Series

Brand: Lantronix Pages: 2

SISPM1040 L3 Series

Brand: Lantronix Pages: 36

SecureLinx Spider

Brand: Lantronix Pages: 18

Brand: Lantronix Pages: 8

Brand: Lantronix Pages: 6

SISPM1040-582-LRT

Brand: Lantronix Pages: 272

Xpress-Pro SW 52000

Brand: Lantronix Pages: 8

Brand: Zektor Pages: 17

Brand: NETGEAR Pages: 36

Brand: Conrad Pages: 8

Brand: CYP Pages: 32

Brand: TRENDnet Pages: 11

Brand: N-Tron Pages: 169

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands