background image

VLANs 41 

 

 
 

VLANs and IP interfaces 

Carefully consider how you create VLANs within the switch, so that communication with the switch remains 
possible. In order to access the switch for remote configuration, trap messages, and other management functions, 
be sure that at least one IP interface on the switch has a VLAN defined. 

You can also inadvertently cut off access to management functions if you exclude the ports from the VLAN 
membership. For example, if all IP interfaces are left on VLAN 1 (the default), and all ports are configured for VLAN 
2, and then switch management features are effectively cut off.  

To remedy this, keep all ports used for remote switch management on the default VLAN and assign an IP interface 
to the default VLAN. 

For more information on configuring IP interfaces, see the “Configuring an IP interface” section in the “Accessing 
the switch” chapter. 

VLAN topologies and design considerations 

By default, all switch ports are configured to the default VLAN 1. This configuration groups all ports into the same 
broadcast domain. The VLAN has an 802.1Q VLAN ID of 1. VLAN tagging is turned off, because, by default, all 
ports are members of a single VLAN only.  

If configuring Spanning Tree Protocol (

/cfg/l2/stp

), note that each of spanning tree groups 2-32 may contain 

only one VLAN. If configuring Multiple Spanning Tree Protocol (

/cfg/l2/mrst

), each of spanning tree groups 1-

32 may contain multiple VLANs. 

VLAN configuration rules 

VLANs operate according to specific configuration rules which must be considered when creating VLANs. For 
example:  

 

We recommend that all ports involved in trunking and Port Mirroring have the same VLAN configuration. If a 
port is on a trunk with a mirroring port, the VLAN configuration cannot be changed. For more information on 
port trunking, see the “Port trunking example” section in the “Ports and trunking” chapter. 

 

All ports that are involved in Port Mirroring must have memberships in the same VLANs. If a port is configured 
for Port Mirroring, the port’s VLAN membership cannot be changed. For more information on configuring Port 
Mirroring, see the “Port Mirroring” section in the “Troubleshooting tools” appendix. 

 

When you delete a VLAN, untagged ports are moved to the default VLAN (VLAN 1). Tagged ports that belong 
only to the deleted VLAN are moved to the VLAN identified by the PVID. Tagged ports that belong to multiple 
VLANs are removed from the deleted VLAN only. 

Summary of Contents for N8406-022A

Page 1: ...N8406 022A 1Gb Intelligent L2 Switch Application Guide Part number 856 126757 106 00 First edition July 2008 ...

Page 2: ...trued as constituting an additional warranty NEC shall not be liable for technical or editorial errors or omissions contained herein Microsoft Windows and Windows NT are U S registered trademarks of Microsoft Corporation SunOS and Solaris are trademarks of Sun Microsystems Inc in the U S and other countries Cisco is a registered trademark of Cisco Systems Inc and or its affiliates in the U S and c...

Page 3: ... control 27 Setting up user IDs 27 Ports and trunking Introduction 28 Ports on the switch 28 Port trunk groups 28 Statistical load distribution 29 Built in fault tolerance 29 Before you configure trunks 29 Trunk group configuration rules 29 Port trunking example 30 Configuring trunk groups AOS CLI example 31 Configuring trunk groups BBI example 32 Configurable Trunk Hash algorithm 34 Link Aggregat...

Page 4: ...onfiguration guidelines 57 RSTP configuration example 57 Multiple Spanning Tree Protocol 59 MSTP region 59 Common Internal Spanning Tree 59 MSTP configuration guidelines 59 MSTP configuration example 59 IGMP Snooping Introduction 64 Overview 64 FastLeave 64 IGMP Filtering 65 Static multicast router 65 IGMP Snooping configuration example 65 Remote monitoring Introduction 74 Overview 74 RMON group 1...

Page 5: ...Accessing the switch 5 Customer support tools 94 ...

Page 6: ... the network IGMP Snooping describes how to use IGMP to conserve bandwidth in a multicast switching environment Remote Monitoring describes how to configure the RMON agent on the switch so the switch can exchange network monitoring data High Availability describes how the switch supports high availability network topologies This release provides Uplink Failure Detection Troubleshooting tools descr...

Page 7: ...h is configured to use Rapid Spanning Tree Protocol STG 1 contains management VLAN 4095 To access the switch management interface Use the Enclosure Manager Card internal DHCP server through Enclosure Based IP Addressing Assign a static IP interface to the switch management interface interface 256 Connecting through the console port Using a null modem cable you can directly connect to the switch th...

Page 8: ...ference Guide AOS The ISCLI provides a tree based command structure for users familiar with similar products An example of a typical ISCLI command is displayed below Switch config spanning tree stp 1 enable For complete information about the ISCLI refer to the Command Reference Guide ISCLI Configuring an IP interface An IP interface address must be set on the switch to provide management access to...

Page 9: ...rts and monitoring ports Layer 2 Configure Layer 2 features including trunk groups VLANs and Spanning Tree Protocol RMON menu Configure Remote Monitoring RMON functions Layer 3 Configure all of the IP related information including IGMP Snooping Uplink Failure Detection Configure a Failover Pair of Links to Monitor and Links to Disable Statistics These menus provide access to the switch statistics ...

Page 10: ...gure an SNMP user name enter the following command from the CLI cfg sys ssnmp snmpv3 usm 6 User configuration Users can be configured to use the authentication privacy options Currently we support two authentication algorithms MD5 and SHA These can be specified using the command cfg sys ssnmp snmpv3 usm x auth md5 sha 1 To configure a user with name test authentication type MD5 and authentication ...

Page 11: ...r tree 1 3 6 1 4 1 11 2 3 7 11 33 1 2 3 2 c sys ssnmp snmpv3 view 11 name usr tree 1 3 6 1 4 1 11 2 3 7 11 33 1 2 3 3 CLI oper equivalent To configure an SNMP user equivalent to the CLI oper use the following configuration c sys ssnmp snmpv3 usm 5 name oper c sys ssnmp snmpv3 access 4 name opergrp rview oper wview oper nview oper c sys ssnmp snmpv3 group 4 uname oper gname opergrp c sys ssnmp snmp...

Page 12: ...sys ssnmp snmpv3 group 10 model snmpv1 uname v1trap gname v1trap 3 Configure an entry in the notify table c sys ssnmp snmpv3 notify 10 name v1trap tag v1trap 4 Specify the IP address and other trap parameters in the targetAddr and targetParam tables The c sys ssnmp snmpv3 tparam x uname command is used to specify the user name used with this targetParam table c sys ssnmp snmpv3 taddr 10 name v1tra...

Page 13: ...the traps with both privacy and authentication with authentication only or without privacy or authentication This is configured in the access table using the command c sys ssnmp snmpv3 access x level and c sys ssnmp snmpv3 tparam x The user in the user table should be configured accordingly It is not necessary to configure the community table for SNMPv3 traps because the community string is not us...

Page 14: ...k is set to 255 255 255 128 This defines the following range of allowed IP addresses 192 192 192 1 to 192 192 192 127 The following source IP addresses are granted or not granted access to the switch A host with a source IP address of 192 192 192 21 falls within the defined range and would be allowed to access the switch A host with a source IP address of 192 192 192 192 falls outside the defined ...

Page 15: ...condary server IP Current secondary RADIUS server 0 0 0 0 New pending secondary RADIUS server 10 10 1 2 2 Configure the primary RADIUS secret and secondary RADIUS secret RADIUS Server secret Enter new RADIUS secret 1 32 character secret RADIUS Server secret2 Enter new RADIUS second secret 1 32 character secret CAUTION If you configure the RADIUS secret using any method other than a direct console ...

Page 16: ...tem folder and select Radius c Enter the IP address of the primary and secondary RADIUS servers and enter the RADIUS secret for each server Enable the RADIUS server CAUTION If you configure the RADIUS secret using any method other than a direct console connection the secret may be transmitted over the network as clear text d Click Submit Open Select ...

Page 17: ...gure RADIUS backdoor and secure backdoor for Telnet SSH HTTP and HTTPS access User accounts for RADIUS users The user accounts listed in the following table can be defined in the RADIUS server dictionary file Table 2 User access levels User account Description and tasks performed User User interaction with the switch is completely passive nothing can be changed on the switch Users may display info...

Page 18: ...on authorization and accounting with networks using the Cisco Systems TACACS protocol The switch functions as the Network Access Server NAS by interacting with the remote client and initiating authentication and authorization sessions with the TACACS access server The remote user is defined as someone requiring management access to the switch either through a data or management port TACACS offers ...

Page 19: ...dmin none If the remote user is authenticated by the authentication server the switch verifies the privileges of the remote user and authorizes the appropriate access When both the primary and secondary authentication servers are not reachable the administrator has an option to allow backdoor access via the console only or console and Telnet access The default is disable for Telnet access and enab...

Page 20: ...ION If you configure the TACACS secret using any method other than a direct console connection the secret may be transmitted over the network as clear text 3 If desired you may change the default TCP port number used to listen to TACACS 4 The well known port for TACACS is 49 TACACS Server port Current TACACS port 49 Enter new TACACS port 1 65000 port number 5 Configure the number retry attempts fo...

Page 21: ...BI example 1 Configure TACACS authentication for the switch a Click the Configure context button b Open the System folder and select Tacacs c Enter the IP address of the primary and secondary TACACS servers and enter the TACACS secret Enable TACACS d Click Submit Open Select ...

Page 22: ...Accessing the switch 22 e Configure custom privilege level mapping optional Click Submit to accept each mapping change 2 Apply verify and save the configuration 1 Apply 3 Save 2 Verify ...

Page 23: ...he following SSH clients are supported SSH 3 0 1 for Linux freeware SecureCRT 4 1 8 VanDyke Technologies Inc OpenSSH_3 9 for Linux FC 3 FedoraCore 3 for SCP commands PuTTY Release 0 58 Simon Tatham for Windows Configuring SSH and SCP features AOS CLI example Before you can use SSH commands use the following commands to turn on SSH and SCP Enabling or disabling SSH To enable the SSH feature connect...

Page 24: ... password new password Re enter new SCP only administrator password new password New SCP only administrator password accepted IMPORTANT The SCP only administrator password must be different from the regular administrator password Using SSH and SCP client commands The following shows the format for using some client commands The examples below use 205 178 15 157 as the IP address of a sample switch...

Page 25: ...e end of putcfg to notify the remote client of the difference between the new and the current configurations putcfg_apply runs the apply command after the putcfg is done putcfg_apply_save saves the new configuration to the flash after putcfg_apply is done The putcfg_apply and putcfg_apply_save commands are provided because extra apply and save commands are usually required after a putcfg SSH and S...

Page 26: ...ed the switch automatically generates them during the system reboot This process may take several minutes to complete The switch can also automatically regenerate the RSA server key To set the interval of RSA server key autogeneration use the following command cfg sys sshd intrval number of hours 0 24 A value of 0 denotes that RSA server key autogeneration is disabled When greater than 0 the switc...

Page 27: ...length for TACACS RADIUS Telnet SSH console and BBI access If RADIUS authentication is used the user password on the Radius server will override the user password on the switch Also note that the password change command on the switch modifies only the use switch password and has no effect on the user password on the Radius server RADIUS authentication and user password cannot be used concurrently ...

Page 28: ...net ports of the switch including the port name and function NOTE The actual mapping of switch ports to NIC interfaces is dependant on the operating system software the type of server blade and the enclosure type For more information see the User s Guide Table 7 Ethernet switch port names Port number Port alias 1 Downlink1 2 Downlink2 3 Downlink3 4 Downlink4 5 Downlink5 6 Downlink6 7 Downlink7 8 D...

Page 29: ...tion 5 Consider how the existing spanning tree will react to the new trunk configuration See the Spanning Tree Protocol chapter for spanning tree group configuration guidelines 6 Consider how existing VLANs will be affected by the addition of a trunk Trunk group configuration rules The trunking feature operates according to specific configuration rules When creating trunks consider the following r...

Page 30: ...trunk groups are configured as follows Trunk group 1 is configured by default on the crosslink ports 17 and 18 which connect the switches 1 and 2 together Since this is the default configuration you do not need to configure trunk group 1 on either switch By default ports 17 and 18 are disabled Trunk groups 2 5 consist of two Gigabit uplink ports each configured to act as a single link to the upstr...

Page 31: ...4 Trunk group 4 add 24 Add port 24 to trunk group 4 Trunk group 4 ena Enable trunk group 4 Trunk group 4 apply Make your changes active cfg l2 trunk 2 Select trunk group 2 Trunk group 2 add 21 Add port 21 to trunk group 2 Trunk group 2 add 22 Add port 22 to trunk group 2 Trunk group 2 ena Enable trunk group 2 Trunk group 2 apply Make your changes active Trunk group 2 save Save for restore after re...

Page 32: ...32 Configuring trunk groups BBI example 1 Configure trunk groups a Click the Configure context button on the Toolbar b Open the Layer 2 folder and select Trunk Groups c Click a Trunk Group number to select it Open Select ...

Page 33: ...add ports select each port in the Ports Available list and click Add e Click Submit 2 Apply verify and save the configuration 3 Examine the trunking information on each switch a Click the Dashboard context button on the Toolbar 1 Apply 3 Save 2 Verify ...

Page 34: ...e the particular parameters for the switch Trunk Hash algorithm instead of having to utilize the defaults You can configure new default behavior for Layer 2 traffic and Layer 3 traffic using the CLI menu cfg l2 thash You can select a minimum of one or a maximum of two parameters to create one of the following configurations Source IP SIP Destination IP DIP Source MAC SMAC Destination MAC DMAC Sour...

Page 35: ...h as shown in the following table Table 8 Actor vs partner LACP configuration Actor Switch Partner Switch 1 Partner Switch 2 Port 20 admin key 100 Port 1 admin key 50 Port 21 admin key 100 Port 2 admin key 50 Port 22 admin key 200 Port 3 admin key 60 Port 23 admin key 200 Port 4 admin key 60 In the configuration shown in the table above Actor switch ports 20 and 21 aggregate to form an LACP trunk ...

Page 36: ...0 Set port 20 adminkey to 100 Current LACP port adminkey 20 New pending LACP port adminkey 100 6 Set the LACP mode on port 21 cfg l2 lacp port 21 Select port 21 LACP port 21 mode active Set port 21 to LACP active mode 7 Define the admin key on port 21 LACP port 21 adminkey 100 Set port 21 adminkey to 100 Current LACP port adminkey 21 New pending LACP port adminkey 100 8 Apply and verify the config...

Page 37: ...adcast domains by assigning them to the same VLAN Multicast broadcast and unknown unicast frames are flooded only to ports in the same VLAN VLANs and port VLAN ID numbers VLAN numbers This switch supports up to 1 000 VLANs per switch Even though the maximum number of VLANs supported at any given time is 1 000 each can be identified with any number between 1 and 4095 VLAN 1 is the default VLAN and ...

Page 38: ...entifier VID the 12 bit portion of the VLAN tag in the frame header that identifies an explicit VLAN Port VLAN identifier PVID a classification mechanism that associates a port with a specific VLAN For example a port with a PVID of 3 PVID 3 assigns all untagged frames received on this port to VLAN 3 Tagged frame a frame that carries VLAN tagging information in the header The VLAN tagging informati...

Page 39: ...e following figure the untagged incoming packet is assigned directly to VLAN 2 PVID 2 Port 5 is configured as a tagged member of VLAN 2 and port 7 is configured as an untagged member of VLAN 2 Figure 3 Port based VLAN assignment As shown in the following figure the untagged packet is marked tagged as it leaves the switch through port 5 which is configured as a tagged member of VLAN 2 The untagged ...

Page 40: ...1Q tag assignment As shown in the following figure the tagged packet remains unchanged as it leaves the switch through port 5 which is configured as a tagged member of VLAN 2 However the tagged packet is stripped untagged as it leaves the switch through port 7 which is configured as an untagged member of VLAN 2 Figure 6 802 1Q tagging after 802 1Q tag assignment NOTE Using the boot conf factory co...

Page 41: ...ed off because by default all ports are members of a single VLAN only If configuring Spanning Tree Protocol cfg l2 stp note that each of spanning tree groups 2 32 may contain only one VLAN If configuring Multiple Spanning Tree Protocol cfg l2 mrst each of spanning tree groups 1 32 may contain multiple VLANs VLAN configuration rules VLANs operate according to specific configuration rules which must...

Page 42: ... 1 and 3 Port 20 is tagged to accept traffic from VLANs 1 2 and 3 Port 23 is an untagged member of VLAN 2 Switch 2 Switch 2 is configured for VLANS 1 3 and 4 Port 2 is tagged to accept traffic from VLANS 3 and 4 Port 4 is configured only for VLAN 3 so VLAN tagging is off Port 20 is tagged to accept traffic from VLANs 1 and 3 Port 23 is an untagged member of VLAN 4 CPU Blade Server 1 This high use ...

Page 43: ...AN 1 and VLAN 2 and has tagging enabled NOTE All PCs connected to a tagged port must have an Ethernet adapter with VLAN tagging capability installed Configuring the example network These examples describe how to configure ports and VLANs on Switch 1 and Switch 2 Configuring ports and VLANs on Switch 1 AOS CLI example To configure ports and VLANs on Switch 1 do the following 1 On Switch 1 enable VL...

Page 44: ...cfg port 23 tagpvid Disable tagpvid Current tag pvid support enabled Enter new tag pvid support d e d UNTAG on pvid apply Apply the port configurations save Save the port configurations Configuring ports and VLANs on Switch 2 AOS CLI example To configure ports and VLANs on Switch 2 do the following 1 On Switch 2 enable VLAN tagging on the necessary ports Port 4 connection to server 2 remains untag...

Page 45: ...2 VLAN 4 add 23 Port 23 is an UNTAGGED port and its current PVID is 1 Confirm changing PVID from 1 to 4 y n y Current ports for VLAN 4 2 Pending new ports for VLAN 4 23 cfg port 4 tagpvid Current tag pvid support enabled Enter new tag pvid support d e d UNTAG on pvid cfg port 23 tagpvid Current tag pvid support enabled Enter new tag pvid support d e d UNTAG on pvid apply Apply the port configurati...

Page 46: ...VLANs 46 c Click a port number to select it d Enable the port and enable VLAN tagging e Click Submit ...

Page 47: ...er the VLAN name VLAN ID number and enable the VLAN To add ports select each port in the Ports Available list and click Add Since all ports are configured for VLAN 1 by default configure only those ports that belong to VLAN 2 The crosslink ports 17 and 18 must belong to VLANs 1 and 2 c Click Submit Open Select ...

Page 48: ...c entry can be added to a port that is a member of a trunk group as follows Static manually configured trunk group Dynamic LACP trunk group The trunk group supports the FDB static entry If the port with the static entry fails other ports in the trunk handle the traffic If the port is removed from the trunk the static entry is removed from the trunk but remains configured on the port The FDB inform...

Page 49: ...ablish a path much like a hello packet in IP routing BPDUs contain information about the transmitting bridge and its ports including bridge and MAC addresses bridge priority port priority and port path cost If the ports are tagged each port sends out a special BPDU containing the tagged information The generic action of a switch on receiving a BPDU is to compare the received BPDU to its own BPDU t...

Page 50: ...o the STG STGs 1 31 are enabled by default and assigned an ID number from 1 to 31 STG 32 is disabled by default and contains the management VLAN 4095 An STG cannot be deleted only disabled If you disable the STG while it still contains VLAN members Spanning Tree will be off on all ports belonging to that VLAN Adding a VLAN to a Spanning Tree Group If no VLANs exist beyond the default VLAN 1 see th...

Page 51: ...the trunk group This ensures that the trunk group remains in the Forwarding state Multiple Spanning Trees Each switch supports a maximum of 32 Spanning Tree Groups STGs Multiple STGs provide multiple data paths which can be used for load balancing and redundancy You enable independent links on two switches using multiple STGs by configuring each path with a different VLAN and then assigning each V...

Page 52: ...e even though they are members of their respective VLANs Table 11 VLAN participation in Spanning Tree Groups VLAN 1 VLAN 2 Switch 1 Spanning Tree Group 1 Port 17 Spanning Tree Group 2 Port 18 Switch 2 Spanning Tree Group 1 Port 17 Spanning Tree Group 2 Port 18 Configuring Multiple Spanning Tree Groups This section explains how to assign each VLAN to its own Spanning Tree Group on the switches 1 an...

Page 53: ...mbership as described in the Configuring ports and VLANs on Switch 2 CLI example section in the VLANs chapter of this guide 2 Add VLAN 2 to Spanning Tree Group 2 cfg l2 stp 2 Select Spanning Tree Group 2 Spanning Tree Group 2 add 2 Add VLAN 2 3 VLAN 2 is automatically removed from Spanning Tree Group 1 4 Apply and save apply Apply the port configurations save Save the port configurations Configuri...

Page 54: ...nd save the configuration Port Fast Forwarding Port Fast Forwarding permits a port that participates in Spanning Tree to bypass the Listening and Learning states and enter directly into the Forwarding state While in the Forwarding state the port listens to the BPDUs to learn if there is a loop and if dictated by normal STG behavior following priorities etc the port transitions into the Blocking st...

Page 55: ...orwarding state and sends multicasts of addresses in the forwarding database FDB and ARP table over the secondary link so that upstream switches can learn the new path Configuration guidelines When you enable Fast Uplink Convergence the switch software automatically makes the following configuration changes Increases the bridge priority to 65500 so that it does not become the root switch Increases...

Page 56: ...1D BPDUs it responds with 802 1D compatible data units RSTP is not compatible with Per VLAN Spanning Tree PVST protocol Port state changes The port state controls the forwarding and learning processes of Spanning Tree In RSTP the port state has been consolidated to the following discarding learning and forwarding Table 12 RSTP vs STP port states Port operational status STP port state RSTP port sta...

Page 57: ...e 1 Configure port and VLAN membership on the switch as described in the Configuring ports and VLANs CLI example section in the VLANs chapter of this guide 2 Set the Spanning Tree mode to Rapid Spanning Tree cfg l2 mrst Select Multiple Spanning Tree menu Multiple Spanning Tree mode rstp Set mode to Rapid Spanning Tree Multiple Spanning Tree on Turn Rapid Spanning Tree on 3 Apply and save the chang...

Page 58: ... and MSTP 58 b Open the MSTP RSTP folder and select General c Select RSTP mode and set the MSTP RSTP state to ON d Click Submit 3 Apply verify and save the configuration Open Select 1 Apply 3 Save 2 Verify ...

Page 59: ...dges outside of the region and provides a single Spanning Tree instance to interact with them CIST is the default spanning tree group When VLANs are removed from STG 1 32 the VLANs automatically become members of the CIST CIST port configuration includes Hello time Edge port status enable disable and Link Type These parameters do not affect Spanning Tree Groups 1 32 They apply only when the CIST i...

Page 60: ...otocol BBI example 1 Configure port and VLAN membership on the switch as described in the Configuring ports and VLANs BBI example section in the VLANs chapter of this guide 2 Configure MSTP general parameters a Click the Configure context button on the Toolbar b Open the MSTP RSTP folder and select General c Enter the region name and revision level Select MSTP mode and set the MSTP RSTP state to O...

Page 61: ...P 61 3 Configure Common Internal Spanning Trees CIST bridge parameters a Open the MSTP RSTP folder and select CIST Bridge b Enter the Bridge Priority Maximum Age and Forward Delay values c Click Submit Open Select ...

Page 62: ...RSTP and MSTP 62 4 Configure Common Internal Spanning Tree CIST port parameters a Open the MSTP RSTP folder and select CIST Ports b Click a port number to select it Open Select ...

Page 63: ...RSTP and MSTP 63 c Enter the Port Priority Path Cost and select the Link Type Set the CIST Port State to ON d Click Submit 5 Apply verify and save the configuration 1 Apply 3 Save 2 Verify ...

Page 64: ...blished the switch blocks the IP Multicast stream from flowing through any port that does not connect to a host member thus conserving bandwidth The client server path is set up as follows An IP Multicast Router Mrouter sends Membership Queries to the switch which forwards them to all ports in a given VLAN Hosts that want to receive the multicast data stream send Membership Reports to the switch w...

Page 65: ...he range of IP addresses configured If you configure the filter to deny IP multicasts then IGMP Membership Reports from multicast groups within the range are dropped You can configure a secondary filter to allow IP multicasts to a small range of addresses within a larger range that a primary filter is configured to deny The two filters work together to allow IP multicasts to a small subset of addr...

Page 66: ...le 1 Enable IGMP Filtering on the switch cfg l3 igmp igmpflt Select IGMP Filtering menu IGMP Filter ena Enable IGMP Filtering Current status disabled New status enabled 2 Define an IGMP Filter cfg l3 igmp igmpflt Select IGMP Filtering menu IGMP Filter filter 1 Select Filter 1 Definition menu IGMP Filter 1 Definition range 224 0 1 0 Enter first IP address of the range Current multicast address2 Ent...

Page 67: ...Static Multicast Router add 20 Add port 20 as Static Mrouter port Enter VLAN number 1 4094 1 Enter the VLAN number Enter the version number of mrouter 1 2 2 Enter the IGMP version number 2 Apply verify and save the configuration Static Multicast Router apply Apply the configuration Static Multicast Router cur View the configuration Static Multicast Router save Save the configuration Configuring IG...

Page 68: ...IGMP Snooping 68 c Enable IGMP Snooping d Click Submit 3 Apply verify and save the configuration 1 Apply 3 Save 2 Verify ...

Page 69: ...BBI example 1 Configure IGMP Snooping 2 Enable IGMP Filtering a Click the Configure context button b Open the IGMP folder and select IGMP Filters click the underlined text not the folder c Enable IGMP Filtering globally d Click Submit Open Select ...

Page 70: ...oping 70 3 Define the IGMP Filter a Select Layer 3 IGMP IGMP Filters Add Filter b Enable the IGMP Filter Assign the range of IP multicast addresses and the filter action allow or deny c Click Submit Open Select ...

Page 71: ...IGMP Snooping 71 4 Assign the filter to a port and enable IGMP Filtering on the port a Select Layer 3 IGMP IGMP Filters Switch Ports b Select a port from the list Open Select ...

Page 72: ...IGMP Snooping 72 c Enable IGMP Filtering on the port Select a filter in the IGMP Filters Available list and click Add d Click Submit 5 Apply verify and save the configuration 1 Apply 3 Save 2 Verify ...

Page 73: ...onfigure Static Mrouter a Click the Configure context button b Open the Switch folder and select IP Menu IGMP IGMP Static MRouter c Enter a port number VLAN ID number and IGMP version number d Click Submit 2 Apply verify and save the configuration 1 Apply 3 Save 2 Verify ...

Page 74: ...to monitor traffic flowing through the switch The switch supports the following RMON Groups as described in RFC 1757 Group 1 Statistics Group 2 History Group 3 Alarms Group 9 Events RMON group 1 statistics The switch supports collection of Ethernet statistics as outlined in the RMON statistics MIB in reference to etherStatsTable You can enable RMON statistics on a per port basis and you can view t...

Page 75: ...ors 22 etherStatsUndersizePkts 0 etherStatsOversizePkts 0 etherStatsFragments 2 etherStatsJabbers 0 etherStatsCollisions 0 etherStatsPkts64Octets 27445 etherStatsPkts65to127Octets 12253 etherStatsPkts128to255Octets 1046 etherStatsPkts256to511Octets 619 etherStatsPkts512to1023Octets 7283 etherStatsPkts1024to1518Octets 38 Configuring RMON Statistics BBI example 1 Configure ports a Click the Configur...

Page 76: ...Remote monitoring 76 2 Select a port 3 Enable RMON on the port ...

Page 77: ...e of an ifIndex object type as described in RFC1213 and RFC1573 The most common data type for the history sample is as follows 1 3 6 1 2 1 2 2 1 1 x mgmt interfaces ifTable ifIndex interface The last digit x represents the interface on which to monitor which corresponds to the port number 1 24 History sampling is done per port by utilizing the interface number to specify the port number Configure ...

Page 78: ...gure an RMON History group a Click the Configure context button b Open the Switch folder and select RMON History Add History Group 2 Configure RMON History Group parameters 3 Click Submit 4 Apply verify and save the configuration Open Select 1 Apply 3 Save 2 Verify ...

Page 79: ...ect Identifiers OIDs correlate to the ones tracked by the History group An example of an ICMP stat is as follows 1 3 6 1 2 1 5 1 0 mgmt icmp icmpInMsgs The last digit x represents the interface on which to monitor which corresponds to the interface number or port number as follows 1 256 IF 1 256 257 port 1 258 port 2 280 port 24 This value represents the alarm s MIB OID as a string Note that for n...

Page 80: ...ner Alarm_for_icmpInEchos 2 Apply and save the configuration RMON Alarm 5 apply Make your changes active RMON Alarm 5 save Save for restore after reboot This configuration creates an RMON alarm that checks icmpInEchos on the switch once every minute If the statistic exceeds 200 within a 60 second interval an alarm is generated that triggers event index 5 Configure RMON Alarms BBI example 1 1 Confi...

Page 81: ...rising limit of two billion and a rising event index of 6 This configuration creates an RMON alarm that checks ifInOctets on port 19 once every hour If the statistic exceeds two billion an alarm is generated that triggers event index 6 2 Click Submit 3 Apply verify and save the configuration 1 Apply 3 Save 2 Verify ...

Page 82: ...arm Group Configure RMON Alarm Group parameters to check icmpInEchos with a polling interval of 60 a rising limit of 200 and a rising event index of 5 This configuration creates an RMON alarm that checks icmpInEchos on the switch once every minute If the statistic exceeds 200 within a 60 second interval an alarm is generated that triggers event index 5 2 Click Submit Open Select ...

Page 83: ...p event notification to work properly RMON uses a SYSLOG host to send syslog messages Therefore an existing SYSLOG host cfg sys syslog must be configured for event log notification to work properly Each log event generates a SYSLOG of type RMON that corresponds to the event Configuring RMON Events AOS CLI example 1 Configure the RMON Event parameters cfg rmon event 5 Select RMON Event 5 RMON Event...

Page 84: ...ontext button b Open the Switch folder and select RMON Event Add Event Group Configure RMON Event Group parameters This configuration creates an RMON event that sends a SYSLOG message each time it is triggered by an alarm 2 Click Submit 3 Apply verify and save the configuration Open Select 1 Apply 3 Save 2 Verify ...

Page 85: ...ch in the chassis The switch automatically enables the downlink ports when the uplink returns to service The following figure shows a basic UFD configuration with a Failure Detection Pair FDP that consists of one LtM Link to Monitor and one LtD Link to Disable When the switch detects a link failure in the LtM it disables the ports in the LtD The server blade detects the disabled downlink port whic...

Page 86: ...n it detects a link failure or STP Blocking state When the switch determines that ports in the LtM are in STP Forwarding State then it automatically enables the ports in the LtD to fall back to normal operation Configuration guidelines This section provides important information about configuring UFD UFD is required only when uplink path redundancy is not available on the blade switches Four Failu...

Page 87: ...a different Layer 2 3 routing switch The interconnect ports 17 18 are disabled In this example the port 1 of a NIC is the primary network adapter the port 2 of the NIC is a non primary adapter The port 1 of the NIC on the CPU blade server 1 and the CPU blade server 2 are connected to port 1 and port 2 on the Switch 1 The port 2 of the NIC on the CPU blade server 1 and the CPU blade server 2 are co...

Page 88: ... Monitor trunk group 2 3 Assign downlink ports 1 16 to disable when an uplink failure occurs Main cfg ufd fdp 1 ltd Select Link to Disable menu Failover Link to Disable addport 1 Add port 1 as a Link to Disable Failover Link to Disable addport 2 Add port 2 as a Link to Disable 4 Turn UFD on Main cfg ufd on Turn Uplink Failure Detection on Uplink Failure Detection apply Make your changes active Upl...

Page 89: ...ts Available list and click Add to place the ports into the Link to Monitor LtM Select ports in the LtD Ports Available list and click Add to place the ports into the Link to Disable LtD e Click Submit 2 Apply verify and save the configuration 1 Apply 3 Save 2 Verify ...

Page 90: ...g ingress traffic traffic entering the switch on port 23 and egress traffic traffic leaving the switch on port 1 You can attach a device to port 20 to monitor the traffic on ports 23 and 1 Figure 11 Port Mirroring Egress traffic Mirrored traffic Ingress traffic Egress traffic Legend Interconnect Switch A 18 17 16 15 4 3 2 1 18 17 16 15 4 3 2 1 Server 2 Server 1 10 100 1000 X Connects Interconnect ...

Page 91: ...Monitor ingress traffic on port 23 Port 20 add 11 Select port 11 to mirror Enter port mirror direction in out or both out Monitor egress traffic on port 1 3 Enable Port Mirroring cfg pmirr mirr ena Enable port mirroring 4 Apply and save the configuration PortMirroring apply Apply the configuration PortMirroring save Save the configuration 5 View the current configuration PortMirroring cur Display ...

Page 92: ...ample 1 Configure Port Mirroring a Click the Configure context button b Open the Switch folder and select Port Based Port Mirroring click the underlined text not the folder c Click a port number to select a monitoring port d Click Add Mirrored Port Open Select ...

Page 93: ...ls 93 e Enter a port number for the mirrored port and select the Port Mirror Direction f Click Submit 2 Apply verify and save the configuration 3 Verify the Port Mirroring information on the switch 1 Apply 3 Save 2 Verify ...

Page 94: ...ptional is the maximum distance to trace 1 16 devices Msec delay optional is the number of milliseconds to wait for the response Statistics and state information The switch keeps track of a large number of statistics and many of these are error condition counters The statistics and state information can be very useful when troubleshooting a LAN or Real Server problem For more information about ava...

Reviews: