manualshive.com logo in svg

Intel 480T, User Manual

Share
Download
Intel 480T User Manual Download Page 265

C   H   A   P   T   E   R   1 4

Access Policies

263

Applying Access Profiles

Once the access profile is defined, apply it to one or more routing 
protocols or VLANs. When an access profile is applied to a protocol 
function (for example, the export of RIP routes) or a VLAN, this 
forms an access policy. A profile can be used by multiple routing 
protocol functions or VLANs, but a protocol function or VLAN can 
use only one access profile.

Routing Access Policies for RIP

If the RIP protocol is being used, the switch can be configured to 
use an access profile to determine any of the following:

Trusted Neighbor

 — Use an access profile to determine trusted 

RIP router neighbors for the VLAN on the switch running RIP. To 
configure a trusted neighbor policy, use the following command:

config rip vlan [<name> | all] trusted-gateway 

[<access_profile> | none]

Import Filter

 — Use an access profile to determine which RIP 

routes are accepted as valid routes. This policy can be combined 
with the trusted neighbor policy to accept selected routes only 
from a set of trusted neighbors. To configure an import filter 
policy, use the following command:

config rip vlan [<name> | all] import-filter 

[<access_profile> | none]

Export Filter

 — Use an access profile to determine which RIP 

routes are advertised into a particular VLAN, using the following 
command:

config rip vlan [<name> | all] export-filter 

[<access_profile> | none]

Examples

In the example shown in Figure 29, a switch is configured with two 
VLANs, 

Engsvrs

 and 

Backbone

. The RIP protocol is used to 

communicate with other routers on the network. The administrator 
wants to allow all internal access to the VLANs on the switch, but 
no access to the router that connects to the Internet. The remote 
router that connects to the Internet has a local interface connected to 
the corporate backbone. The IP address of the local interface 
connected to the corporate backbone is 10.0.0.10/24.

Summary of Contents for 480T

Page 1: ...A14542 001 100044 00 Rev 01 Intel NetStructure 480T Routing Switch User Guide Intel NetStructure 480T Routing Switch User Guide...

Page 2: ...ent to infringe First Edition May 2000 A14542 001 Year 2000 Capable An Intel product when used in accordance with its associated documentation is Year 2000 Capable when upon installation it accurately...

Page 3: ...aring 20 Software Licensing 20 Router Licensing 20 480T Switch Front View 22 480T Switch Rear View 23 AC Connector 23 Serial Number 23 Console Port 23 Management Port 24 MAC Address 24 Switch LEDs 24...

Page 4: ...eating a Management Account 47 Methods of Managing the Switch 48 Using the Console Interface 48 Using Access Profiles 49 Creating an Access Profile 49 Access Profile Rules 51 Using Telnet 51 Connectin...

Page 5: ...uring Port Speed and Duplex Setting 76 Turning Off Autonegotiation for a Gigabit Ethernet Port 76 Port Commands 77 Jumbo Frames 80 Enabling Jumbo Frames 80 Load Sharing 80 Load Sharing Algorithms 81 C...

Page 6: ...mands 107 MAC Based VLAN Example 108 Timed Configuration Download for MAC Based VLANs 108 Chapter 6 Forwarding Database FDB 111 Overview of the FDB 111 FDB Contents 111 FDB Entry Types 111 How FDB Ent...

Page 7: ...ass of Service 802 1p and Differentiated Services Traffic Groupings 137 Configuring DiffServ 141 Physical and logical groupings 145 Verifying Configuration and Performance 146 Displaying QoS Informati...

Page 8: ...the IP Unicast Routing Configuration 175 VLAN Aggregation 176 VLAN Aggregation Properties 177 VLAN Aggregation Limitations 178 Isolation Option for Communication Between Sub VLANs 178 VLAN Aggregatio...

Page 9: ...Authentication 208 Configuring RIP 208 RIP Configuration Example 212 Displaying RIP Settings 214 Resetting and Disabling RIP 215 Configuring OSPF 216 OSPF Configuration Example 220 Configuration for...

Page 10: ...ss Policies 253 Access Lists 253 Routing Access Policies 254 Using IP Access Lists 254 The established Keyword 256 Adding and Deleting Access List Entries 256 Access Lists for ICMP 256 Verifying Acces...

Page 11: ...ing RMON 285 Event Actions 286 Chapter 16 Using Web Device Manager 287 Enabling and Disabling Web Access 287 Setting Up Your Browser 288 Accessing Web Device Manager 289 Navigating Web Device Manager...

Page 12: ...Image 305 Rebooting the Switch 306 Saving Configuration Changes 307 Returning to Factory Defaults 307 Using TFTP to Upload the Configuration 308 Using TFTP to Download the Configuration 309 Downloadin...

Page 13: ...inistrators who are responsible for installing and setting up network equipment and assumes a basic working knowledge of the following Local Area Networks LANs Ethernet concepts Ethernet switching and...

Page 14: ...information as it appears on the screen Screen displays bold This typeface indicates how you would type a particular command The words enter and type When you see the word enter in this guide you must...

Page 15: ...lated publications Command Line Interface Reference Guide Intel NetStructure 480T Routing Switch Quick Start Guide Late Breaking News Documentation for Intel products is available on the World Wide We...

Page 16: ...14 P R E F A C E...

Page 17: ...tch in your network configuration Software factory default settings Summary of Features The features of the 480T switch include the following Virtual local area networks VLANs including support for IE...

Page 18: ...et filtering IGMP snooping to control IP multicast traffic Distance Vector Multicast Routing Protocol DVMRP Protocol Independent Multicast Dense Mode PIM DM IPX IPX RIP and IPX SAP support Load sharin...

Page 19: ...m Multimode Fiber 400 500 160 200 500 Meters 550 Meters 220 Meters 275 Meters 1000BASE LX 50 125 m Multimode Fiber 50 125 m Multimode Fiber 62 5 125 m Multimode Fiber 10 Single mode Fiber 400 500 500...

Page 20: ...000BASE SX 1000BASE LX and 1000LH ports operate in full duplex mode only Virtual LANs VLANs The local management software has a VLAN feature that enables you to construct your broadcast domains withou...

Page 21: ...ning Tree Protocol Quality of Service QoS The local management software has Policy Based Quality of Service QoS features that enable you to specify service levels for different traffic groups By defau...

Page 22: ...single logical port For example VLANs see the load sharing group as a single virtual port The algorithm also guarantees packet sequencing between clients For information refer to Chapter 4 Load Shari...

Page 23: ...cense enables support of additional routing protocols and functions including the following IP routing using OSPF IP multicast routing using DVMRP IP multicast routing using PIM Dense Mode IPX routing...

Page 24: ...rts 13 through 16 use modular GBIC connectors Note For information on supported media types and distances refer to Table 2 Note For information on switch LEDs refer to the Switch LEDs section in this...

Page 25: ...and 200 240 VAC operation Serial Number Use this serial number for fault reporting purposes Console Port Use the console port 9 pin D type connector for connecting a terminal and carrying out local ou...

Page 26: ...s LED Color Indicates 1000BASE X Port Status LEDs GBIC LEDs Link activity Green Orange Green flashing steady Off Link is present port is enabled Frames are being transmitted received on this port Link...

Page 27: ...and Power 2 Green Orange Off Either or both LEDs green indicates the Switch is powered up A orange power LED indicates a power overheat or fan failure on the corresponding PSU Both LEDs off indicates...

Page 28: ...user with no password Web network management Enabled CLI idle timeout Enabled 15 minutes Telnet Enabled SNMP access Enabled SNMP read community string public SNMP write community string private RMON E...

Page 29: ...able of switching or routing VLAN MacVLanDiscover is used only when using the MAC VLAN feature 802 1Q tagging All packets are untagged on the default VLAN default Spanning Tree Protocol Disabled for t...

Page 30: ...Note For default settings of individual features refer to individual chapters in this guide IPX routing Disabled NTP Disabled DNS Disabled Port mirroring Disabled Table 5 Global Factory Defaults cont...

Page 31: ...n Self Test POST Following Safety Information Before installing or removing any components of the switch or before carrying out any maintenance procedures you must read the safety information provided...

Page 32: ...han four high if the switch is free standing Installing the Switch The switch can be mounted in a rack or placed free standing on a tabletop Rack Mounting Caution The rack mount kits must not be used...

Page 33: ...provided 8 Connect the switch to the redundant power supply if applicable 9 Connect cables Free Standing The switch is supplied with four self adhesive rubber pads Apply the pads to the underside of...

Page 34: ...al Powering On the Switch To turn on power to the switch connect the AC power cable to the switch and then to the wall outlet The 480T switch has no on off switch Checking the Installation After plugg...

Page 35: ...ault user name admin to log in with administrator privileges For example login admin Administrator capabilities allow you to access all switch functions 4 At the password prompt press Return The defau...

Page 36: ...4 GBIC module GBICs are a Class 1 laser device Use only modules approved by the switch manufacturer Note Ensure that the SC fiber optic connector is removed from the GBIC prior to removing the GBIC fr...

Page 37: ...iguring the switch for management Security options for switch management Switch management methods Configuring SNMP Checking basic connectivity Using the Simple Network Time Protocol SNTP For configur...

Page 38: ...es a parameter enter the parameter name and values B The value part of the command specifies how you want the parameter to be set Values include numerics strings or addresses depending on the paramete...

Page 39: ...All named components of the switch configuration must have a unique name Components are named using the create command When you enter a command to configure a named component you do not need to use t...

Page 40: ...lose a variable or value You must specify the variable or value For example in the syntax config vlan name ipaddress ip_address you must supply a VLAN name for name and an address for ip_address when...

Page 41: ...Symbols continued Symbol Description Table 7 Line Editing Keys Key s Description Backspace Deletes the characters to the left of the cursor and shifts the remainder of the line to left Delete or Ctrl...

Page 42: ...N or Down Arrow Displays the next command in the command history buffer and places cursor at end of command Ctrl U Clears all characters typed from the cursor to the beginning of the line Ctrl W Delet...

Page 43: ...he time uses a 24 hour clock format You cannot set the year past 2036 config timezone gmt_offset autodst noautodst Configures the time zone information to the configured offset from GMT time The forma...

Page 44: ...console sessions remain open until the switch is rebooted or you logoff Telnet sessions remain open until you close the Telnet client disable port portlist Disables a port on the switch disable telne...

Page 45: ...none port tcp_port_number Enables Telnet access to the switch By default Telnet is enabled with no access profile and uses TCP port number 23 To cancel a previously configured access profile use the n...

Page 46: ...tion checking for each command For more information on RADIUS refer to RADIUS Client later in this chapter unconfig switch all Resets all switch parameters with the exception of defined user accounts...

Page 47: ...delete users and change the password associated with any account name The administrator can disconnect a management session that has been established by way of a Telnet connection If this happens the...

Page 48: ...t admin account 1 Log in to the switch using the name admin 2 At the password prompt press Return 3 Add a default admin password Type config account admin 4 Enter the new password at the prompt 5 Re e...

Page 49: ...total of 16 management accounts You can use the default names admin and user or you can create new names and passwords for the accounts Passwords can have a minimum of 0 characters and can have a max...

Page 50: ...using TCP IP through one of the switch ports or through the dedicated 10 100 unshielded twisted pair UTP Ethernet management port on switches that are so equipped Remote access includes the following...

Page 51: ...d to specifically permit or deny users access to an application Access is restricted by assigning an access profile to the service that is being used for remote access First create and configure the a...

Page 52: ...e same logic applies but the configuration is more tricky For example the address 141 251 24 128 27 represents any host from subnet 141 251 24 128 config access profile access_profile mode permit deny...

Page 53: ...e deny config access profile testpro add ipaddress 192 168 10 10 32 The following command applies the access profile testpro to Telnet enable telnet access profile testpro To view the contents of an a...

Page 54: ...and telnet ipaddress hostname port_number If the TCP port number is not specified the Telnet session defaults to port 23 Only VT100 emulation is supported Configuring Switch IP Parameters To manage th...

Page 55: ...s If you are using IP without a BOOTP server you must enter the IP parameters for the switch in order for the SNMP Network Manager Telnet software or Web interface to communicate with the device To as...

Page 56: ...ault VLAN by using the following command config vlan name ipaddress ipaddress subnet_mask For example config vlan default ipaddress 123 45 67 8 255 255 255 0 Your changes take effect immediately Note...

Page 57: ...ng the following command show session 3 Terminate the session by using the following command clear session session_number Controlling Telnet Access By default Telnet services are enabled on the switch...

Page 58: ...itch uses its local database for authentication The privileges assigned to the user admin versus non admin at the RADIUS server take precedence over the configuration in the local switch database Per...

Page 59: ...primary secondary Configure either the primary or secondary RADIUS server ipaddress hostname The IP address or hostname of the server being configured udp_port The UDP port to use to contact the RADUI...

Page 60: ...ify itself when communicating with the RADIUS server The accounting server and the RADIUS authentication server can be the same config radius accounting primary secondary shared secret string Configur...

Page 61: ...ted are as follows User Name User Password Service Type Login IP Host enable radius accounting Enables RADIUS accounting The RADIUS client must also be enabled show radius Displays the current RADIUS...

Page 62: ...unicast only multicast only Adds a static address to the routing table Use a value of 255 255 255 255 for mask to indicate a host entry config iproute add default gateway metric unicast only multicast...

Page 63: ...ostname Table 13 describes the commands used to configure DNS show ipconfig vlan name Displays configuration information for one or all VLANs show iproute priority vlan name permanent ipaddress mask o...

Page 64: ...r Greenwich Mean time GMT offset and the use of Daylight Savings Time Table 13 DNS Commands Command Description config dns client add ipaddress Adds a DNS name server s to the available server list fo...

Page 65: ...ime To properly display the local time in logs and other timestamp information the switch should be config ured with the appropriate offset to GMT based on geographi cal location Table 14 describes GM...

Page 66: ...European FWT French Winter MET Middle European MEWT Middle European Winter SWT Swedish Winter Paris France Berlin Germany Amsterdam The Netherlands Brussels Belgium Vienna Austria Madrid Spain Rome I...

Page 67: ...West Australian Standard 8 00 480 CCT China Coast Russia Zone 7 9 00 540 JST Japan Standard Russia Zone 8 10 00 600 EAST East Australian Standard GST Guam Standard Russia Zone 9 11 00 660 12 00 720 ID...

Page 68: ...o use a directed query to the NTP server configure the switch to use the NTP server s If the switch listens to NTP broadcasts skip this step To config ure the switch to use a directed query use the fo...

Page 69: ...ion Commands Command Description config sntp client primary secondary server ipaddress host_name Configures an NTP server for the switch to obtain time information Queries are first sent to the primar...

Page 70: ...Any properly configured standard Web browser that supports frames such as Netscape Navigator 3 0 or above or Microsoft Internet Explorer 3 0 or above can manage the switch over a TCP IP network For m...

Page 71: ...er you must reboot the switch for the changes to take effect Apply an access profile only when Web Device Manager is enabled Using SNMP Any Network Manager running the Simple Network Management Protoc...

Page 72: ...net masks To configure SNMP read access to use an access profile use the command config snmp access profile readonly access_profile none Use the none option to remove a previously configured access pr...

Page 73: ...a location for this switch Table 16 describes SNMP configuration commands Table 16 SNMP Configuration Commands Command Description config snmp access profile readonly access_profile none Assigns an ac...

Page 74: ...he name of the system contact A maximum of 255 characters is allowed config snmp syslocation string Configures the location of the switch A maximum of 255 characters is allowed config snmp sysname str...

Page 75: ...ttings use the commands in Table 17 Checking Basic Connectivity The switch offers the following commands for checking basic connectivity ping traceroute Table 17 SNMP Reset and Disable Commands Comman...

Page 76: ...ceroute The traceroute command enables you to trace the routed path between the switch and a destination endstation The traceroute command syntax is traceroute ip_address hostname where ip_address is...

Page 77: ...settings Port commands Load sharing on the switch Port mirroring Enabling and Disabling Ports By default all ports are enabled To enable or disable one or more ports use the following command enable d...

Page 78: ...on the switch except the Gigabit only Ethernet ports GBICs can be configured for half duplex or full duplex operation By default the ports autonegotiate the duplex setting To configure port speed and...

Page 79: ...following auto off The port will not autonegotiate the settings speed The speed of the port for 10 100 Mbps or 100 1000 Mbps ports only duplex The duplex setting half or full duplex config ports port...

Page 80: ...t is received on a port with jumbo frames disabled or if the jumbo frame needs to be forwarded out of a port that has jumbo frames disabled enable learning ports portlist Enables MAC address learning...

Page 81: ...tistics For more information refer to Chapter 8 Quality of Service show ports portlist rxerrors Displays real time receive error statistics For more information on error statistics refer to Chapter 15...

Page 82: ...U size use the following command config jumbo frame size jumbo_frame_mtu The jumbo_frame_mtu range is 1522 to 9216 The value describes the maximum size on the wire and includes 4 bytes of CRC plus ano...

Page 83: ...orithm selection is not intended for use in predictive traffic engineering You can configure one of three load sharing algorithms on the switch as follows Port based Uses the ingress port to determine...

Page 84: ...number To enable or disable a load sharing group use the following commands enable sharing port grouping portlist port based address based round robin disable sharing port Load Sharing Example The fo...

Page 85: ...ch uses a traffic filter that copies a group of traffic to the monitor port The traffic filter can be defined based on one of the following criteria Physical port All data that traverses the port rega...

Page 86: ...g mirroring add port 1 vlan default Table 20 Port Mirroring Configuration Commands Command Description config mirroring add mac mac_address vlan name port port Adds a single mirroring filter definitio...

Page 87: ...on communicated using EDP includes the following Switch MAC address switch ID Switch software version information Switch IP address Switch VLAN IP information Switch port number EDP Commands Table 21...

Page 88: ...86 C H A P T E R 4 Configuring Switch Ports...

Page 89: ...t communicate as if they were on the same physical LAN Any set of ports including all ports on the switch is considered a VLAN LAN segments are not restricted by the hardware that physically connects...

Page 90: ...ange and movement of devices With traditional networks network administrators spend much of their time dealing with moves and changes If users move to a different subnetwork the addresses of each ends...

Page 91: ...the different IP VLANs to communicate the traffic must be routed by the switch or external router This means that each VLAN must be configured as a router interface with a unique IP address Spanning S...

Page 92: ...igure 6 Single port based VLAN spanning two switches To create multiple VLANs that span two switches in a port based VLAN a port on System 1 must be cabled to a port on System 2 for each VLAN you want...

Page 93: ...reate multiple VLANs that span multiple switches in a daisy chained fashion Each switch must have a dedicated port for each VLAN Each dedicated port must be connected to a port that is a member of its...

Page 94: ...he port must be accompanied by tags In addition to configuring the VLAN tag for the port the server must have a Network Interface Card NIC that supports 802 1Q tagging Assigning a VLAN Tag Each VLAN m...

Page 95: ...affic for both VLAN Marketing and VLAN Sales The trunk port on each switch is tagged Switch 1 Switch 2 Marketing Sales M S Tagged port 480t_001 3 4 2 1 7 8 6 5 11 12 10 9 13 16 15 14 S S S M M M 3 4 2...

Page 96: ...ts VLANs uses untagged traffic In other words a port can simultaneously be a member of one port based VLAN and multiple tag based VLANs For the purposes of VLAN classification packets arriving on a po...

Page 97: ...s Predefined Protocol Filters The following protocol filters are predefined on the switch IP IPX NetBIOS DECNet IPX_8022 IPX_SNAP AppleTalk 480t_003 IP traffic All other traffic 1 Finance Personnel My...

Page 98: ...config protocol protocol_name add protocol_type hex_value Supported protocol types include etype EtherType The values for etype are four digit hexadecimal numbers taken from a list maintained by the...

Page 99: ...forwarded to the VLAN until a protocol is assigned to it Precedence of Tagged Packets Over Protocol Filters If a VLAN is configured to accept tagged packets on a particular port incoming packets that...

Page 100: ...t VLAN is untagged on all ports It has an internal VLANid of 1 Configuring VLANs on the Switch This section describes the commands associated with setting up VLANs on the switch Configuring a VLAN inv...

Page 101: ...EtherType the DSAP SSAP combination for LLC or the SNAP encoded Ethernet protocol type for SNAP config vlan name add port portlist tagged untagged nobroadcast Adds one or more ports to a VLAN You can...

Page 102: ...the VLAN name alone The following example creates a tag based VLAN named video It assigns the VLANid 1000 Ports 4 through 8 are added as tagged ports to the VLAN create vlan video config video tag 100...

Page 103: ...protocol ip config ipsales add port 6 8 The following example defines a protocol filter myprotocol and applies it to the VLAN named myvlan This is a command syntax example only and has no real world...

Page 104: ...otocol protocol This show command displays protocol information including the following Protocol name List of protocol fields VLANs that use the protocol Deleting VLANs To delete a VLAN or to return V...

Page 105: ...d otherwise have to be manually configured in each switch GVRP can also be run by network servers These servers are usually configured to join several VLANs and then signal the network switches of the...

Page 106: ...remove ports from these VLANs GVRP assumes that the VLANs for which it carries information operate using VLAN tags unless explicitly configured otherwise Typically you must configure any untagged VLAN...

Page 107: ...into one of the designated ports on the switch and is mapped to the appropriate VLAN Connectivity is maintained to the network with all of the benefits of the configured VLAN in terms of QoS routing...

Page 108: ...ive in that VLAN Upon removal of the configured MAC to VLAN endstation all other endstations lose connectivity Groups are used as a security measure to allow a MAC address to enter into a VLAN only wh...

Page 109: ...the MAC to VLAN database The feature is intended to support one client per physical port Once a client MAC address has successfully registered the VLAN association remains until the port connection is...

Page 110: ...ts 5 6 enable mac vlan mac group 200 ports 9 12 config mac vlan add mac address 00 00 00 00 00 01 mac group 10 engineering config mac vlan add mac address 00 00 00 00 00 02 mac group any marketing con...

Page 111: ...most recent MAC to VLAN database This feature is different from the normal download configuration command in that it allows incremental configuration without the automatic rebooting of the switch The...

Page 112: ...110 C H A P T E R 5 Virtual LANs VLANs...

Page 113: ...forwarded or filtered FDB Contents Each FDB entry consists of the MAC address of the device an identifier for the port on which it was received and an identifier for the VLAN to which the device belo...

Page 114: ...y can either be a unicast or multicast MAC address All entries entered by way of the command line interface are stored as permanent The 480T switch can support a maximum of 64 permanent entries Once c...

Page 115: ...ith an FDB Entry You can associate a QoS profile with a MAC address and VLAN of a device that will be dynamically learned The FDB treats the entry like a dynamic entry it is learned it can be aged out...

Page 116: ...mbers associated with MAC address dynamic Specifies that the entry will be learned dynamically Used to associated a QoS profile with a dynamically learned entry qosprofile QoS profile associated with...

Page 117: ...AC address is 00 D0 B7 2F 02 00 VLAN name is net34 The entry will be learned dynamically QoS profile qp2 will be applied when the entry is learned Displaying FDB Entries To display FDB entries use the...

Page 118: ...tire FDB of all entries by using the commands listed in Table 27 Table 27 Removing FDB Entry Commands Command Description clear fdb mac_address vlan name portlist Clears dynamic FDB entries that match...

Page 119: ...specification defined by the IEEE Computer Society To explain STP in terms used by the 802 1D specification the switch will be referred to as a bridge Overview of the Spanning Tree Protocol STP is a b...

Page 120: ...use the same spanning tree Care must be taken to ensure that multiple STPD instances within a single switch do not see each other in the same broadcast domain This could happen if for example another...

Page 121: ...on the forwarding of VLAN traffic Figure 12 illustrates a network that uses VLAN tagging for trunk connections The following four VLANs have been defined Sales is defined on Switch A Switch B and Swi...

Page 122: ...ging loops are prevented The VLAN Marketing which has not been assigned to either STPD1 or STPD2 communicates using all five switches The topology has no loops because STP has already blocked the port...

Page 123: ...or three switches form a triangular loop that is not permitted in an STP topology All VLANs in each switch are members of the same STPD STP may block traffic between Switch 1 and Switch 3 by disabling...

Page 124: ...lowing command enable stpd stpd_name All VLANs belong to an STPD If you do not want to run STP on a VLAN you must add the VLAN to an STPD that is disabled Once you have created the STPD you can option...

Page 125: ...ame maxage value Specifies the maximum age of a BPDU in this STPD The range is 6 through 40 The default setting is 20 seconds Note that the time must be greater than or equal to 2 Hello Time 1 and les...

Page 126: ...eate stpd stpd_name Creates an STPD When created an STPD has the following default parameters Bridge priority 32 768 Hello time 2 seconds Forward delay 15 seconds enable ignore stp vlan name Configure...

Page 127: ...configuration STPD state Root Bridge and so on STPD port state forwarding blocking and so on Disabling and Resetting STP To disable STP or return STP settings to their defaults use the commands liste...

Page 128: ...one or more ports Disabling STP on one or more ports puts those ports in forwarding state all BPDUs received on those ports are disregarded unconfig stpd stpd_name Restores default STP values to a pa...

Page 129: ...ticular traffic type receives The main benefit of Policy based QoS is that it allows you to protect bandwidth for important categories of applications or specifically limit the bandwidth associated wi...

Page 130: ...a QoS profile A QoS profile is characterized by minimum and maximum bandwidth and prioritization settings that define a desired class of service The building blocks are defined as follows Traffic grou...

Page 131: ...ames and their queues are described in Table 30 1 Each physical port contains these hardware queues The parameters that make up a QoS profile include the following Minimum bandwidth The minimum percen...

Page 132: ...y of a QoS profile determines the 802 1p bits used in the priority field of a transmitted packet The priority of a QoS profile determines the DiffServ code point value used in an IP packet when the pa...

Page 133: ...s Once parameters are set you should monitor both the hardware queues using the QoS Monitor tool and monitor the performance of the application to determine if the actual behavior of the applications...

Page 134: ...spike with the expectation that the end stations will buffer significant amounts of video stream data This can pose an issue with the network infrastructure because it must be capable of buffering th...

Page 135: ...pplications With some dependencies on the network operating system file serving typically poses the greatest demand on bandwidth though file server applications are very tolerant of latency jitter and...

Page 136: ...raffic groupings are placed in the QoS profile named Qp1 The supported traffic groupings and their options by QoS mode are listed in Table 32 The groupings are listed in order of precedence highest to...

Page 137: ...ate limiting MAC based traffic groupings are configured using the following command create fdbentry mac_address vlan name blackhole port portlist dynamic qosprofile qosprofile Permanent MAC addresses...

Page 138: ...ate fdbentry 00 11 22 33 44 55 vlan default blackhole MAC Address Broadcast Unknown Rate Limiting It is possible to assign broadcast and unknown destination packets to a QoS profile that has the desir...

Page 139: ...arking on an application specific basis The 480T switch can observe and manipulate packet marking information with no performance penalty The documented capabilities for 802 1p priority markings or Di...

Page 140: ...ueue determines the bandwidth management and priority characteristics used when transmitting packets To control the mapping of 802 1p prioritization values to hardware queues 802 1p prioritization val...

Page 141: ...d on ingress is preserved when transmitting the packet This behavior is not affected by the switching or routing configuration of the switch However the switch is capable of inserting and or overwriti...

Page 142: ...pe dot1p_priority qosprofile qosprofile Configures the default QoS profile to 802 1p priority mapping The value for dot1p_priority is an integer between 0 and 7 disable dot1p replacement ports portlis...

Page 143: ...mit the packet based on the code point The QoS profile controls a hardware queue used when transmitting the packet out of the switch and determines the forwarding characteristics of a particular code...

Page 144: ...ransmitted by the switch The DiffServ code point value used in overwriting a packet is determined by the 802 1p priority value As described in the section Overwriting 802 1p Priority Information the 8...

Page 145: ...ou can change the 802 1p priority to DiffServ code point mapping to any code point value using the following command config diffserv replacement priority vpri code_point code_point ports portlist all...

Page 146: ...the diffserv field in an IP packet disable diffserv replacement ports portlist all Disables the replacement of diffserv code points in packets transmitted by the switch enable diffserv examination por...

Page 147: ...med qp3 when being transmitted config ports 7 qosprofile qp3 VLAN A VLAN traffic grouping indicates that all intra VLAN switched traffic and all routed traffic sourced from the named VLAN uses the ind...

Page 148: ...e traffic grouping perspective by using one or more of the following applicable commands show fdb permanent Displays destination MAC entries and their QoS profiles show switch Displays general switch...

Page 149: ...ounter and any overflow information into the switch log The log notification appears if one of the queues experiences an overflow condition since the last time it was sampled An overflow entry indicat...

Page 150: ...also be issued after a policy is first formed as the policy must be in place before an entry is made in the MAC FDB For permanent destination MAC based grouping re apply the QoS profile to the static...

Page 151: ...ion The default setting is 0 maxbw The maximum bandwidth percentage this queue is permitted to use for transmission The default setting is 100 priority The service priority for this queue Settings inc...

Page 152: ...150 C H A P T E R 8 Quality of Service QoS...

Page 153: ...lient workstations do not need to be refreshed or aged out In addition to providing layer 3 routing redundancy for IP and IPX ESRP also provides for layer 2 redundancy These layered redundancy feature...

Page 154: ...ayer 2 switches from other vendors but the recovery times vary The VLANs associated with the ports connecting an ESRP aware switch to an ESRP enabled switch must be configured using an 802 1Q tag on t...

Page 155: ...In order for a VLAN to be recognized as participating in ESRP the assigned IP address or the IPX NETid for the separate switches must be identical Other aspects of the VLAN including its name are ign...

Page 156: ...The default priority setting is 0 A priority setting of 255 loses the election and remains in standby mode System MAC address The switch with the higher MAC address has priority ESRP Election Algorit...

Page 157: ...ive no forwarding occurs between the member ports of the VLAN this prevents loops and maintains redundancy Electing the Master Switch A new master can be elected in one of the following ways A communi...

Page 158: ...ration the priority settings and timer settings must be identical for all affected VLANs ESRP and VLAN aggregation ESRP can be used to provide redundant default router protection to VLAN aggregation c...

Page 159: ...operational ESRP Commands Table 41 describes the commands used to configure ESRP Table 41 ESRP Commands Command Description config vlan name add track route ipaddress masklength Configures an ESRP en...

Page 160: ...ss priority_track_ports_mac ESRP priority tracking information active ports MAC address priority_mac ESRP priority MAC address The default setting is ports_track_priority_mac If no tracking informatio...

Page 161: ...ld Each switch is dual homed using active ports to two VLAN Sales switches as many as four could be used ESRP is enabled on each VLAN Sales switch only for the VLAN that interconnects to the bottom sw...

Page 162: ...VLAN The switch in standby mode does however exchange ESRP packets with the VLAN Sales master switch There are four paths between the VLAN Sales switches All the paths are used to send ESRP packets a...

Page 163: ...ctive links for the VLAN and the priority are identical to both switches The commands used to configure the VLAN Sales switches are as follows create vlan sales config sales add port 1 4 config sales...

Page 164: ...for each VLAN The Sales standby Engineering master switch has a separate physical port for each VLAN connected to the third bottom switch In this example the master and standby switches are configure...

Page 165: ...te vlan eng config eng add port 1 4 config eng ipaddr 10 4 5 6 24 enable esrp sales enable esrp eng config eng esrp priority 5 Displaying ESRP Information To verify the operational state of an ESRP VL...

Page 166: ...164 C H A P T E R 9 Enterprise Standby Router Protocol...

Page 167: ...PF Overview of IP Unicast Routing The switch provides full layer 3 IP unicast routing It exchanges routing information with other routers on the network using either the Routing Information Protocol R...

Page 168: ...subnet on different VLANs In Figure 18 a 480T switch is depicted with two VLANs defined Finance and Personnel All ports 1 and 3 are assigned to Finance ports 2 and 4 are assigned to Personnel Finance...

Page 169: ...ault route Dynamic Routes Dynamic routes are typically learned by way of RIP or OSPF Routers that use RIP or OSPF exchange information in their routing tables in the form of advertisements Using dynam...

Page 170: ...e route that has the lowest metric is used If there are multiple default routes that have the same lowest metric the system picks one of the routes You can also configure blackhole routes traffic to t...

Page 171: ...ays Once configured the system responds to ARP Requests on behalf of the device as long as the following conditions are satisfied The valid IP ARP Request is received on a router interface The target...

Page 172: ...the same subnet and sends out an IP ARP request The switch answers on behalf of the device at address 100 101 45 67 using its own MAC address All subsequent data packets from 100 101 102 103 are sent...

Page 173: ...resented by a different VLAN and each of those VLANs has its own IP address All of the VLANs share the same physical port s The switch routes IP traffic from one subnet to another all within the same...

Page 174: ...Remove the port from the default VLAN using the following command config default delete port 2 3 Create a dummy protocol by using the following command create protocol mnet 4 Create the multinetted s...

Page 175: ...Multinetted VLAN groups must contain identical port assignments IP Multinetting Examples The following example configures the switch to have one multinetted segment port 5 that contains three subnets...

Page 176: ...create vlan net34 create vlan net35 create vlan net37 config net34 ipaddress 192 67 34 1 config net35 ipaddress 192 67 35 1 config net37 ipaddress 192 67 37 1 config net34 protocol ip config net35 pro...

Page 177: ...and config vlan name ipaddress ipaddress mask Ensure that each VLAN has a unique IP address 3 Configure a default route using the following command config iproute add default gateway metric unicast on...

Page 178: ...h the desired IP address but without any member ports unless it is running ESRP The sub VLANs use the IP address of the super VLAN as the default router address Groups of clients are then assigned to...

Page 179: ...ration between sub VLANs while using the same default router address among the sub VLANs Hosts are located on the sub VLAN Each host can assume any IP address within the address range of the super VLA...

Page 180: ...a network A sub VLAN cannot be a super VLAN and vice versa Sub VLANs are not assigned an IP address Typically a super VLAN has no ports associated with it except in the case of running ESRP If a clie...

Page 181: ...config ospf add vsuper Table 43 VLAN Aggregation Commands Command Description config vlan super vlan name add secondary ip ipaddress mask Adds a secondary IP address to the super VLAN for responding...

Page 182: ...dicates the membership of sub VLANs in a super VLAN show iparp Indicates an ARP entry that contains sub VLAN information Communication with a client on a sub VLAN must occur before an entry is made in...

Page 183: ...ling the directed forwarding of broadcast UDP packets UDP forwarding allows applications such as multiple DHCP relay services from differing sets of VLANs to be directed to different DHCP servers The...

Page 184: ...ets directed toward a VLAN use an all ones broadcast on that VLAN UPD Forwarding Example In this example the VLAN Marketing and the VLAN Operations are pointed toward a specific backbone DHCP server w...

Page 185: ...on config udp profile profile_name add udp_port vlan name ipaddress dest_ipaddress Adds a forwarding entry to the specified UDP forwarding profile name All broadcast packets sent to udp_port are forwa...

Page 186: ...source VLANs to which the profile is applied unconfig udp profile vlan name all Removes the UDP forwarding profile configuration for one or all VLANs Table 44 UDP Forwarding Commands continued Command...

Page 187: ...ut filtering requests that belong to the same subnet of the receiving router interface config iparp delete ipaddress Deletes an entry from the ARP table Specify the IP address of the entry config ipar...

Page 188: ...or all VLANs If no argument is provided enables broadcast forwarding for all VLANs To enable ipforwarding must be enabled on the VLAN The default setting is disabled enable ipforwarding vlan name Ena...

Page 189: ...icast only Adds a default gateway to the routing table A default gateway must be located on a configured IP interface If no metric is specified the default metric of 1 is used Use the unicast only or...

Page 190: ...Description Table 47 ICMP Configuration Commands Command Description config irdp mininterval maxinterval lifetime preference Configures the router advertisement message timers using seconds Specify mi...

Page 191: ...e icmp parameter problem vlan name Enables the generation of an ICMP parameter problem message type 12 when the switch cannot properly process the IP header or IP option information The default settin...

Page 192: ...sages type 3 code 0 and host unreachable messages type 3 code 1 when a packet cannot be forwarded to the destination because of unreachable route or host ICMP packet processing on one or all VLANs The...

Page 193: ...e VLAN using the IP protocol Ports 2 and 4 have been assigned IP address 192 207 36 1 MyCompany Port based VLAN All ports have been assigned enable irdp vlan name Enables the generation of ICMP router...

Page 194: ...ess to the router by way of the VLAN Finance Ports 2 and 4 reach the router by way of the VLAN Personnel All other traffic NetBIOS is part of the VLAN MyCompany The example in Figure 20 is configured...

Page 195: ...plays the IP Address Resolution Protocol ARP table You can filter the display by IP address VLAN or permanent entries show ipconfig vlan name Displays configuration information for one or all VLANs sh...

Page 196: ...e forwarding of BOOTP requests disable icmp address mask vlan name Disables the generation of an ICMP address mask reply messages If a VLAN is not specified the command applies to all IP interfaces di...

Page 197: ...ces disable icmp useredirects Disables the changing of routing table information when an ICMP redirect message is received disable ipforwarding broadcast vlan name Disables routing of broadcasts to ot...

Page 198: ...196 C H A P T E R 1 0 IP Unicast Routing...

Page 199: ...dditional information RFC 1058 Routing Information Protocol RIP RFC 1723 RIP Version 2 RFC 2178 OSPF Version 2 Overview The switch supports the use of the Routing Information Protocol RIP and the Open...

Page 200: ...em Each router builds a shortest path tree using itself as the root The link state protocol ensures that updates sent to neighboring routers are acknowledged by the neighbors verifying that all router...

Page 201: ...mber of hops Each router that data must traverse is considered to be one hop Routing Table The routing table in a router using RIP contains an entry for every known destination network Each routing ta...

Page 202: ...ic for a route and it is required to send an update message immediately even if it is not yet time for a regular update message to be sent This will generally result in faster convergence but may also...

Page 203: ...router has an identical database maintained from the perspective of that router From the link state database LSDB each router constructs a tree of shortest paths using itself as the root The shortest...

Page 204: ...pes of routers defined by OSPF are as follows Internal Router IR An internal router has all of its interfaces within the same area Area Border Router ABR An ABR has interfaces in multiple areas It is...

Page 205: ...you want to configure the VLAN to be part of a different OSPF area use the following command config ospf vlan name area areaid If this is the first instance of the OSPF area being used you must creat...

Page 206: ...ated in the NSSA specification The option should not be used on NSSA internal routers Doing so inhibits correct operation of the election algorithm Normal Area A normal area is an area that is not any...

Page 207: ...22 if the connection between ABR1 and the backbone fails the connection using ABR2 provides redundancy so that the discontiguous area can continue to communicate with the backbone using the virtual l...

Page 208: ...utonomous system and a RIP autonomous system Figure 23 Route re distribution Configuring Route Re Distribution Exporting routes from OSPF to RIP and from RIP to OSPF are discreet configuration functio...

Page 209: ...by special routing applications Use the number zero if you do not have specific requirements for using a tag The tag value in this instance has no relationship with 802 1Q VLAN tagging Verify the con...

Page 210: ...uration Commands Command Description config rip add vlan name all Configures RIP on an IP interface If no VLAN is specified then all is assumed When an IP interface is created per interface RIP config...

Page 211: ...fy none Do not transmit any packets on this interface v1only Transmit RIP v1 format packets to the broadcast address v1comp Transmit RIP v2 format packets to the broadcast address v2only Transmit RIP...

Page 212: ...owing rules apply when using RIP aggregation Subnet routes are aggregated to the nearest class network route when crossing a class boundary Within a class boundary no routes are aggregated If aggregat...

Page 213: ...RIP uses the route metric obtained from the route origin enable rip originate default always cost metric tag number Configures a default route to be advertised by RIP if no other default route is adv...

Page 214: ...tocol sensitive VLAN using the IP protocol Ports 2 and 4 have been assigned IP address 192 207 36 1 MyCompany Port based VLAN All ports have been assigned enable rip triggerupdate Enables triggered up...

Page 215: ...uter by way of the VLAN Finance Ports 2 and 4 reach the router by way of the VLAN Personnel All other traffic NetBIOS is part of the VLAN MyCompany The example in Figure 24 is configured as follows cr...

Page 216: ...To display settings for RIP use the commands listed in Table 52 Table 52 RIP Show Commands Command Description show rip stat vlan name Displays RIP specific statistics for a VLAN show rip stat detail...

Page 217: ...ation of subnet information on a RIP v2 interface disable rip export static direct ospf ospf intra ospf inter ospf extern1 ospf extern2 static metric metric tag number Disables the distribution of non...

Page 218: ...is specified the advertised cost is determined from the OSPF metric table and corresponds to the active highest bandwidth port in the VLAN config ospf area areaid vlan name all priority number Config...

Page 219: ...600 hello _interval Default 10 Minimum 1 Maximum 65 535 dead_interval Default 40 Minimum 1 Maximum 2 147 483 647 config ospf add virtual link routerid areaid Adds a virtual link to another ABR Specify...

Page 220: ...res an OSPF area as a stub area config ospf asbr filter access_profile none Configures a route filter for non OSPF routes exported into OSPF If none is specified no RIP and static routes are filtered...

Page 221: ...is originated by OSPF by way of RIP and static route re distribution If always is specified OSPF always advertises the default route If always is not specified OSPF adds the default LSA if there is a...

Page 222: ...ce routes which correspond to the interface that has OSPF enabled are ignored enable ospf export rip cost metric ase type 1 ase type 2 tag number Enables the distribution of RIP routes into the OSPF d...

Page 223: ...area border routers ABR1 and ABR2 Network number 10 0 x x 2 identified VLANs HQ_10_0_2 and HQ_10_0_3 160 26 25 2 Area 0 10 0 1 1 10 0 3 2 10 0 3 1 160 26 25 1 161 48 2 2 161 48 2 1 10 0 2 1 H Q _ 1 0...

Page 224: ...the backbone by way of ABR1 It is located in Los Angeles and has the following characteristics Network number 161 48 x x 1 identified VLAN LA_161_48_2 3 internal routers Uses default routes for inter...

Page 225: ...or IR1 The following is the configuration for the router labeled IR1 config vlan HQ_10_0_1 ipaddress 10 0 1 2 255 255 255 0 config vlan HQ_10_0_2 ipaddress 10 0 2 2 255 255 255 0 config ospf add vlan...

Page 226: ...table of the current LSDB You can filter the display using the area ID and LSA type The default setting is all with no detail If detail is specified each entry includes complete LSA information show...

Page 227: ...utes in the OSPF domain disable ospf export static Disables exporting of statically configured routes into the OSPF domain unconfig ospf vlan name area areaid Resets one or all OSPF interfaces to the...

Page 228: ...226 C H A P T E R 1 1 RIP and OSPF...

Page 229: ...DVMRP Version 3 draft_ietf_dvmrp_v3_07 PIM DM Version 2 draft_ietf_pim_v2_dm_03 The following URLs point to the Web sites for the IETF Working Groups IETF DVMRP Working Group http www ietf org html ch...

Page 230: ...ge routing and multicast information between routers Like RIP DVMRP periodically sends the entire routing table to its neighbors DVMRP has a mechanism that allows it to prune and graft multicast trees...

Page 231: ...snooping is the strict recognition of multicast routers only if the remote devices have joined the DVMRP 224 0 0 4 or PIM 244 0 0 13 multicast groups IGMP snooping is enabled by default on the switch...

Page 232: ...able dvmrp enable pim Table 57 describes the commands used to configure IP multicast routing Table 57 IP Multicast Routing Configuration Commands Command Description enable dvmrp Enables DVMRP on the...

Page 233: ...to 2 147 483 647 seconds 68 years The default setting is 35 seconds config dvmrp timer route_report_interval route_replacement_time Configures the global DVMRP timers Specify the following route_repo...

Page 234: ...of time before a hello message is sent out by the PIM DM router The range is 1 to 65 519 seconds The default setting is 30 seconds Table 57 IP Multicast Routing Configuration Commands continued Comma...

Page 235: ...nto a Group Specific Query sent in response to a Leave group message The range is 1 to 25 seconds The default setting is 1 second config igmp snooping timer router_timeout host_timeout Configures the...

Page 236: ...e the system labeled IR1 is configured for IP multicast routing Figure 26 IP multicast routing configuration example 160 26 25 2 Area 0 10 0 1 1 10 0 3 2 10 0 3 1 160 26 25 1 161 48 2 2 161 48 2 1 10...

Page 237: ...ticast routing components use the commands listed in Table 59 Table 59 IP Multicast Routing Show Commands Command Description show dvmrp vlan name route detail Displays the DVMRP configuration and sta...

Page 238: ...d IGMP is disabled on all router interfaces disable igmp snooping Disables IGMP snooping IGMP snooping can be disabled only if IP multicast routing is not being used Disabling IGMP snooping allows all...

Page 239: ...are and hardware routes IPX traffic between IPX router interfaces A router interface is simply a VLAN that has an IPX network identifier NetID and IPX encapsulation type assigned to it As you create V...

Page 240: ...n assigned to Exec Thus port 4 belongs to both the Personnel VLAN running IP and the Exec VLAN running IPX Traffic within each VLAN is switched using the Ethernet MAC address Traffic between Exec and...

Page 241: ...PX RIP Routers that use IPX RIP exchange information in their routing tables in the form of advertisements Using dynamic routes the routing table contains only networks that are reachable Table 61 IPX...

Page 242: ...e network using IPX RIP IPX RIP Routing The switch supports the use of IPX RIP for unicast routing IPX RIP is different from IP RIP However many of the concepts are the same The 480T switch supports t...

Page 243: ...tes service advertisement protocol SAP advertisements to other IPX routers on the network Each SAP advertisement contains the following Service type Server name Server NetID Server node address The se...

Page 244: ...s command displays the IPX NetID setting and encapsulation type show ipxconfig This command is analogous to the show ipconfig command for the IP protocol It displays summary global IPX configuration i...

Page 245: ...g For convenience IPX specific protocol filters have been defined and named in the default configuration of the switch Each filter is associated with a protocol encapsulation type The IPX specific pro...

Page 246: ...es Protocol NLSP is running in the IPX network config ipxroute add dest_netid default next_hop_id next_hop_node_addr hops tics Adds a static IPX route entry in the IPX route table Specify next_hop_id...

Page 247: ...ddress socket Deletes an IPX service from the service table config vlan name xnetid netid enet_ii enet_8023 enet_8022 enet_snap Configures a VLAN to run IPX routing Specify enet_ii Uses standard Ether...

Page 248: ...all Disables IPX RIP on one or all interfaces config ipxrip vlan name all delay msec Configures the time between each IPX RIP packet within an update interval The default setting is 55 milliseconds co...

Page 249: ...ket within an update interval The default setting is 55 milliseconds config ipxsap vlan name all max packet size number Configures the MTU size of the IPX SAP packets The default setting is 432 bytes...

Page 250: ...otocol with the filter IPX_8022 Port 4 and port 5 have been assigned to Exec Exec is configured for IPX NetID 2516 and IPX encapsulation type 802 2 Support Port 7 has been assigned to Support Support...

Page 251: ...and Support use enet_8022 as the encapsulation type The IPX configuration shown in example in Figure 28 is as follows create vlan Exec create vlan Support config Exec protocol ipx_8022 config Exec add...

Page 252: ...stics for the IPX router and one or all VLANs Table 66 IPX Show Commands continued Command Description Table 67 IPX Reset and Disable Commands Command Description disable ipxrip Disables IPX RIP on th...

Page 253: ...SAP settings on one or all VLANs to the default Removes import and export filters and resets the MTU size update interval and inter packet delay unconfig vlan name xnetid Removes the IPX NetID of a V...

Page 254: ...252 C H A P T E R 1 3 IPX Routing...

Page 255: ...quality of service QoS purposes There are two categories of access policies Access lists Routing access policies Access Lists Access lists are used to perform packet filtering and forwarding decision...

Page 256: ...ecedence number determines the order in which each criteria rule is examined by the switch Once a matching entry in the access list is found the packet is acted upon and either forwarded or dropped En...

Page 257: ...ss list example performs packet filtering in this sequence as determined by the precedence value Deny UDP port 32 and TCP port 23 traffic to the 10 2 XX network All other TCP port 23 traffic destined...

Page 258: ...list To add an entry you must supply a unique name and optionally a unique precedence number To modify an existing entry you must delete the entry and retype it or create a new entry with a new unique...

Page 259: ...ress and mask ICMP type code Physical source port optional Numbered precedence optional Verifying Access List Configurations To verify access list settings you may view the access list configuration a...

Page 260: ...he access list name The access list name can be between 1 and 16 characters ip Specifies an IP access list destination Specifies an IP destination address and subnet mask A mask length of 32 indicates...

Page 261: ...port numbers destination Specifies an IP destination address and subnet mask A mask length of 32 indicates a host entry source Specifies an IP source address and subnet mask permit established Specifi...

Page 262: ...access list that looks at UDP port numbers destination Specifies an IP destination address and subnet mask A mask length of 32 indicates a host entry source Specifies an IP source address and subnet m...

Page 263: ...Specifies the ICMP_CODE number The ICMP code is a number from 0 to 255 permit Specifies the packets that match the access list description are permitted to be forward by this switch An optional QoS pr...

Page 264: ...lter or Spanning Tree Domain You must also indicate the type of access list IP address or VLAN to be used To create an access profile use the following command create access profile access_profile typ...

Page 265: ...Use an access profile to determine which RIP routes are accepted as valid routes This policy can be combined with the trusted neighbor policy to accept selected routes only from a set of trusted neig...

Page 266: ...net add 10 0 0 10 32 config rip vlan backbone trusted gateway nointernet In addition if the administrator wants to restrict any user belonging to the VLAN Engsvrs from reaching the VLAN Sales IP addre...

Page 267: ...rarea filter access_profile none External Filter For switches configured to support multiple OSPF areas an ABR function an access profile can be applied to an OSPF area that filters a set of OSPF exte...

Page 268: ...inistrator wishes to only allow access to certain internet addresses falling within the range 192 1 1 0 24 to the internal backbone Figure 30 OSPF access policy example To configure the switch labeled...

Page 269: ...following command config dvmrp vlan name all import filter access_profile none Export Filter Use an access profile to determine which DVMRP routes are advertised into a particular VLAN using the foll...

Page 270: ...following Trusted Neighbor Use an access profile to determine trusted PIM DM router neighbors for the VLAN on the switch running PIM DM To configure a trusted neighbor policy use the following comman...

Page 271: ...ive protocol timers to age out entries Changes to profiles applied to OSPF typically require rebooting the switch or disabling and re enabling OSPF on the switch Removing a Routing Access Policy To re...

Page 272: ...ies the addresses that match the access profile description The default setting is permit config dvmrp vlan name all export filter access_profile none Configures DVMRP to filter out certain routes whe...

Page 273: ...routes config rip vlan name all export filter access profile none Configures RIP to suppress certain routes when performing route advertisements config rip vlan name all import filter access_profile...

Page 274: ...272 C H A P T E R 1 4 Access Policies...

Page 275: ...aily records you see trends emerging and notice problems arising before they cause major network faults This way statistics can help you get the best out of your network Status Monitoring The status m...

Page 276: ...e critical Priorities include critical emergency alert error warning notice info and debug If not specified all messages are displayed show memory detail Displays the current system memory information...

Page 277: ...link is present at this port Transmitted Packet Count Tx Pkt Count The number of packets that have been successfully transmitted by the port Transmitted Byte Count Tx Byte Count The total number of da...

Page 278: ...smit Deferred Frames TX Deferred The total number of frames that were transmitted by the port after the first transmission attempt was deferred by other network traffic Transmit Errored Frames TX Erro...

Page 279: ...frames received by the port that occurs if a frame has a CRC error and does not contain an integral number of octets Receive Frames Lost RX Lost The total number of frames received by the port that we...

Page 280: ...gned a critical or warning level remain in the log after a switch reboot Issuing a clear log command does not remove these static entries To remove log entries of all levels including warning or criti...

Page 281: ...info and debug If not specified all messages are displayed Table 73 Fault Log Subsystems Subsystem Description Syst General system related information Examples include memory power supply security vi...

Page 282: ...display When using a Telnet connection if your Telnet session is disconnected because of the inactivity timer or for other reasons the log display is automatically halted To restart the log display us...

Page 283: ...re logged to the system log Each log entry includes the user account name that performed the change and the source IP address of the client if Telnet was used Configuration logging applies only to com...

Page 284: ...e syslog facility level for local use local0 local7 priority Filters the log to display messages with the selected priority or higher more critical Priorities include critical emergency alert error wa...

Page 285: ...757 which allows you to monitor LANs remotely A typical RMON setup consists of the following two components RMON probe An intelligent remotely controlled device or software agent that continually coll...

Page 286: ...ups and discusses how they can be used Statistics The RMON Ethernet Statistics group provides traffic and error statistics showing packets bytes broadcasts multicasts and errors on a LAN segment or VL...

Page 287: ...aps are defined in RFC 1757 for rising and falling thresholds Effective use of the Events group saves you time Rather than having to watch real time graphs for important occurrences you can depend on...

Page 288: ...r alarms and events By enabling RMON the switch begins the processes necessary for collecting switch statistics Event Actions The actions that you can define for each alarm are shown in Table 75 To be...

Page 289: ...command line interface CLI commands available for configuring and monitoring the switch If a particular command is not available using Web Device Manager you must use the CLI to access the desired fun...

Page 290: ...downloading a newer version of the switch image clear the browser disk and memory cache to see the updated menu screens You must clear the cache while at the main Logon screen so that all underlying G...

Page 291: ...OK If you have entered the name and password of an administrator level account you have access to all Web Device Manager pages If you have used a user level account name and password you only have acc...

Page 292: ...appearing at the CLI prompt even though actual configuration values have not changed Content Frame The content frame contains the main body of information in Web Device Manager For example if you sele...

Page 293: ...e displayed reads Request was submitted successfully Standalone Buttons At the bottom of some of the content frames is a section that contains standalone buttons Standalone buttons are used to perform...

Page 294: ...tion Filtering Information Some pages have a Filter button The Filter button is used to display a subset of information on a given page For example on the OSPF configuration page you can configure aut...

Page 295: ...AN and then delete it the default VLAN is shown in the VLAN name window but the VLAN information contained in the lower portion of the page is not updated Click the get button to update the display In...

Page 296: ...294 C H A P T E R 1 6 Using Web Device Manager...

Page 297: ...y to configure new network devices Graphical device manager for Intel switches hubs and routers Autodiscovery which finds supported Intel devices on the network The Device Tree which shows all the sup...

Page 298: ...CD ROM 2 Choose the version of Intel Device View you want to install Click Install for Windows to install Intel Device View for use on this PC only Click Install for Web to install Intel Device View...

Page 299: ...pears Web Version If you want to manage devices from any PC on the network using Intel Device View install the Web version From your desktop click Start then point to Programs Intel Device View Intel...

Page 300: ...t 1 Start Intel Device View The Device Install Wizard appears If it doesn t appear click Install from the Device menu or double click the appropriate MAC address in the Device Tree under Unconfig ured...

Page 301: ...ce Discovery service begins searching for supported Intel network devices on your network As it discovers devices the Device Discovery service adds an icon for each device to the Device Tree on the le...

Page 302: ...the device image To Add a Device to the Device Tree 1 Right click anywhere on the Device Tree 2 Click Add Device on the menu that appears 3 In the Add Device dialog box type the IP address of the swit...

Page 303: ...ck Delete on the menu that appears Deleting a device from the Device Tree does not affect the actual device To Find a Device in the Device Tree 1 Right click anywhere on the Device Tree 2 Click Find o...

Page 304: ...session try accessing the switch s Local Management Managing a Switch To manage an Intel 480T switch double click the switch icon in the Device Tree In the example shown below the switch has been assi...

Page 305: ...ent 10Mbps or 100Mbps Group 2 History Records periodic statistical samples from variables available in the statistics group Group 3 Alarms Allows you to set a sampling interval and alarm thresholds fo...

Page 306: ...in the Device Tree then point to RMON 2 Click the RMON option you want to view You can also access RMON features by using LANDesk Network Manager or an SNMP application that supports RMON such as Ope...

Page 307: ...e image are released you should upgrade the software running on your system The image is upgraded by using a download procedure from either a Trivial File Transfer Protocol TFTP server on the network...

Page 308: ...ge space primary or secondary the new image should be placed If not indicated the primary image space is used You can select which image the switch will load on the next reboot by using the following...

Page 309: ...e configuration area currently in use If you have made a mistake or you must revert to the configuration as it was before you started making changes you can tell the switch to use the secondary config...

Page 310: ...very day so that the TFTP server can archive the configuration on a daily basis Because the filename is not changed the configured file stored in the TFTP server is overwritten every day To upload the...

Page 311: ...ig command which generates a complete switch configuration in an ASCII format As part of the complete configuration download the switch is automatically rebooted To download a complete configuration u...

Page 312: ...chedule the switch to download a partial or incremental configuration on a regular basis You could use this feature to update the configuration of the switch regularly from a centrally administered TF...

Page 313: ...tch variables during the boot process If necessary BootROM can be upgraded after the switch has booted using TFTP In the event the switch does not boot properly some boot option functions can be acces...

Page 314: ...for the image stored in primary or 2 for the image stored in secondary Then press the f key to boot from newly selected on board flash memory To boot to factory default configuration press the d key...

Page 315: ...to specify an incremental configuration download download configuration cancel Cancels a previously scheduled configuration download download configuration every hour Schedules a configuration downlo...

Page 316: ...run time configuration to the specified TFTP server If every time is specified the switch automatically saves the configuration to the server once per day at the specified time If the time option is n...

Page 317: ...ches x Width 17 36 inches x Depth 19 20 inches Weight with single PSU 21 7 lbs with dual PSU 27 4 lbs Environmental Requirements Operating Temperature 0 to 40 C Storage Temperature 25 to 70 C Operatin...

Page 318: ...llowing EN standards EN60950 1992 A3 1995 plus Deviations EN60825 1 1994 all 1996 ZB ZC Electromagnetic Compatibility FCC part 15 Class A CSA C108 8 M11983 A VCCI Class A EN55022 Class A EN50082 1 199...

Page 319: ...IP router requirement RFC 783 TFTP RFC 1542 BootP RFC 854 Telnet RFC 768 UDP RFC 791 IP RFC792 ICMP RFC 793 TCP RFC 826 ARP RFC 2068 HTTP RFC 2131 BootP DHCP relay RFC 2030 Simple Network Time Protoco...

Page 320: ...318 A P P E N D I X A...

Page 321: ...Check that the power cable is firmly connected to the device and to the supply outlet On powering up the MGMT LED lights orange The device has failed its Power On Self Test POST and you should contac...

Page 322: ...ce different power strip outlet and power cord Using the Command Line Interface The initial welcome prompt does not display Check that your terminal or terminal emulator is correctly configured For co...

Page 323: ...ess is enabled Check that the port through which you are trying to access the device has not been disabled If it is enabled check the connections and network cabling at the port Check that the port th...

Page 324: ...assword for an administrator level user contact your supplier Port Configuration No link light on 10 100 Base port If patching from a hub or switch to another hub or switch ensure that you are using a...

Page 325: ...r goes to the receive fiber side of the other device and vice versa All gigabit fiber cables are of the cross over type The switch has auto negotiation set to on by default for gigabit ports These por...

Page 326: ...s you must use quotation marks whenever referring to the VLAN name 802 1Q links do not work correctly Remember that VLAN names are only locally significant through the command line interface For two s...

Page 327: ...STP initialization process is complete Specify that STP has been disabled for that VLAN or turn off STP for the switch ports of the endstation and devices to which it is attempting to connect and the...

Page 328: ...326 A P P E N D I X B...

Page 329: ...nce will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning this equipment off and on the user...

Page 330: ...f the Canadian Department of Communications CE Compliance Statement This certifies that the Intel NetStructure 480T Routing Switch complies with the EU Directive 89 336 EEC using the EMC standards EN5...

Page 331: ...ay from sources of heat including direct sunlight Away from sources of vibration or physical shock Isolated from strong electromagnetic fields produced by electrical devices In regions that are suscep...

Page 332: ...lever le capot Ne pas utiliser le syst me quand le capot est enlev WARNUNG Das System wurde f r den Betrieb in einer normalen B roumgebung entwickelt Der entwickelt Der Standort sollte sauber und stau...

Page 333: ...omunicazione reti o linee di modem Non avviare il sistema senza aver prima messo a posto il coperchio ADVERTENCIAS El sistema est dise ado para funcionar en un entorno de trabajo normal Escoja un luga...

Page 334: ...xcept as set forth below provided that you deliver the product along with a return material authorization RMA number either to the company from whom you purchased it or to Intel North America only If...

Page 335: ...NEITHER ASSUMES NOR AUTHORIZES ANYONE TO ASSUME FOR IT ANY OTHER LIABILITIES Some states do not allow the exclusion or limitation of incidental or consequential damages so the above limitations or exc...

Page 336: ...g with a return material authorization RMA number either to a the company from whom you purchased it or b to Intel North America only if purchased in Europe you must deliver the product to a If you sh...

Page 337: ...ONE TO ASSUME FOR IT ANY OTHER LIABILITIES Critical Control Applications Intel specifically disclaims liability for use of the hardware product in critical control applications including for example o...

Page 338: ...cidera de le remplacer ou de le r parer gratuitement l exception des cas num r s ci apr s condition que le produit soit renvoy avec un num ro d autorisation de retour du mat riel ARM a la soci t aupr...

Page 339: ...UN TEL DOMMAGE A DEJA ETE PORTEE A LA CONNAISSANCE D INTEL Y COMPRIS MAIS SANS QUE CETTE ENUMERATION SOIT LIMITATIVE UNE PRIVATION DE JOUISSANCE UN NON RESPECT DE LA PROPRIETE INTELLECTUELLE UNE INTE...

Page 340: ...danneggiati a causa di abuso incidente uso inappropriato negligenza alterazione riparazione disastro installazione o controllo inadeguati Se il prodotto viene considerato difettoso per altri motivi I...

Page 341: ...UESTE LIMITAZIONI SULLE RESPONSABILIT POTENZIALI SONO STATE FATTORE DECISIVO NELLA DETERMINAZIONE DEL PREZZO DEL PRODOTTO INTEL NON ASSUME N AUTORIZZA ALCUNO AD ASSUMERE PER S NESSUN ALTRA RESPONSABIL...

Page 342: ...allation oder unvorschriftsm igem Testen aus Wenn das Hardwareprodukt aus anderen Gr nden besch digt ist liegt die Entscheidung bei Intel ob die Hardware mit Ausnahme der im folgenden beschriebenen Ei...

Page 343: ...IN WESENTLICHER FAKTOR BEI DER FESTLEGUNG DES PREISES F R DAS HARDWAREPRODUKT INTEL BERNIMMT KEINE WEITERE HAFTUNG UND ERTEILT DRITTEN KEINERLEI BEFUGNIS F R INTEL EINE WEITERE HAFTUNG ZU BERNEHMEN St...

Page 344: ...de reemplazar o reparar el producto sin cargo alguno excepto los descritos a continuaci n siempre que el producto se entregue con un n mero de autorizaci n de devoluci n de material RMA a a la empresa...

Page 345: ...ELEMENTO ESENCIAL A LA HORA DE DETERMINAR EL PRECIO DEL PRODUCTO INTEL NO ASUME NI AUTORIZA QUE NINGUNA PERSONA ASUMA EN SU LUGAR NINGUNA OTRA RESPONSABILIDAD Aplicaciones de control cr tico Intel de...

Page 346: ...344 A P P E N D I X C...

Page 347: ...ll 81 298 47 0800 Other areas For support in other countries use the following table to dial the toll free support number Using the table locate the country from which you are calling dial the access...

Page 348: ...1 3 0 0 800 111 1111 await dial tone then 800 838 7136 Portugal 3 05017 1 288 await dial tone then 800 838 7136 Russia 1 2 3 755 5042 await dial tone then 800 838 7136 Spain 900 99 00 11 await dial t...

Page 349: ...iguration commands table 49 creating 49 example 51 reverse mask 50 rules 51 SNMP 70 Telnet 55 use 49 Web Device Manager 68 accounts creating 47 admin account 46 aging entries FDB 111 alarm actions 286...

Page 350: ...9 default VLAN 98 deleting a session 55 DHCP and UDP Forwarding 181 DHCP relay configuring 180 DiffServ configuring 141 disabling a switch port 75 disabling route advertising RIP 200 disconnecting a T...

Page 351: ...an Time Offsets table 63 GVRP configuration commands table 105 179 description 103 example 103 H hardware address 24 heat dissipation 316 history command 40 History RMON 284 home page 68 289 host conf...

Page 352: ...ation commands table 244 configuration example 248 configuring 241 disabling 250 protocol filters 243 protocol based VLANs 243 reset and disable commands table 250 resetting 250 router interfaces 237...

Page 353: ...VLANs 97 non aging entries FDB 112 Not So Stubby_Area See NSSA NSSA See OSPF NTP see SNTP O Open Shortest Path First See OSPF OSPF advantages 198 area 0 203 areas 202 backbone area 203 configuration...

Page 354: ...27 DiffServ configuring 141 examples MAC address 135 source port 145 VLAN 145 FDB entry association 113 file server applications 133 IP TOS configuration commands table 144 maximum bandwidth 130 minim...

Page 355: ...IM DM 268 removing 269 RIP 263 using 262 Routing Information Protocol See RIP routing table populating 167 routing table populating IPX 239 routing See IP unicast routing S saving changes using Web De...

Page 356: ...tion marks 315 certifications marks 316 dimensions 315 disabling a port 75 electromagnetic compatibility 316 enabling a port 75 environmental requirements 315 free standing installation 31 front view...

Page 357: ...tag 92 benefits 87 configuration commands table 99 configuration examples 100 configuring 98 default 98 delete and reset commands table 102 description 18 disabling route advertising 200 displaying se...

Page 358: ...356 I N D E X...

Page 359: ...main 62 config dns client delete 62 config dot1p type 139 140 config dot1q ethertype 99 config download server 310 313 config dvmrp add vlan 230 config dvmrp delete vlan 231 config dvmrp timer 231 con...

Page 360: ...f lsa batching timer 219 config ospf metric table 219 config ospf originate default 219 config ospf priority 216 config ospf routerid 219 config ospf spf hold time 219 config ospf timer 217 config osp...

Page 361: ...271 create account 41 47 create fdbentry 114 135 create ospf area 203 219 create protocol 100 create stpd 122 124 create vlan 42 100 D delete access list 256 261 delete access profile 50 271 delete a...

Page 362: ...69 288 download bootrom 61 313 download configuration 61 309 313 download configuration cancel 310 313 download configuration every 310 313 download configuration incremental 310 download image 61 30...

Page 363: ...export 167 207 211 enable rip originate default 211 enable rip poisonreverse 211 enable rip splithorizon 211 enable rip triggerupdate 212 enable rmon 286 enable route sharing 168 enable sharing 78 82...

Page 364: ...9 show ports info 79 143 145 146 153 show ports packet 79 show ports qosmonitor 79 147 show ports rxerrors 79 276 show ports stats 79 275 show ports txerrors 79 276 show ports utilization 79 show prot...

Page 365: ...I N D E X 363 upload configuration 61 308 314 upload configuration cancel 308 314 use configuration 307 314 use image 306 314 X xping 246...

Page 366: ...364 I N D E X...

Page 367: ...A14542 001 100044 00 Rev 01 Intel NetStructure 480T Routing Switch User Guide Intel NetStructure 480T Routing Switch User Guide...

Reviews:

No comments

Brands by name

Popular brands

Load more brands