Supermicro SSE-F3548S User Manual Download Page 328

Page: 328 / 366

Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide

328

Security

Supermicro switches support four methods of user authentication:

•

RADIUS – Remote Authentication Dial-In User Service (RADIUS) uses AAA service for ID

verification, granting access and tracking actions of remote users.

•

TACACS –

Terminal Access Controller Access Control System (TACACS)

provides accounting

information and administrative control for authentication and authorization. RADIUS encrypts

only password, whereas TACACS encrypts username as well, hence it is more secure.

•

SSH -

Secure Shell (SSH)

is a protocol for secure remote connection to a device. SSH provides more

security than telnet by encryption of messages during authentication.

•

SSL –

Secure Socket Layer (SSL)

provides server authentication, encryption and message integrity

as well as HTTP client authentication.

13.1

Login Authentication Mode

Supermicro switches allow configuration of the user login authentication mechanism.

Follow the steps below to configure Login Authentication Mechanism.

Step Command

Description

Step 1 configure terminal

Enters the configuration mode

Step 2 login authentication { local | radius | tacacs }

Configure the login authentication

mechanism to be used for switch

access.

Local – Use the local database in switch

to authenticate users.

Radius – Use RADUIS server to

authenticate users.

Tacacs – Use TACACS server to

authenticate users.

Step 3 End

Exits the configuration mode.

Step 4 show system information

Displays the Login Authentication

mechanism.

Step 5 write startup-config

Optional step – saves this configuration

to be part of startup configuration.

The “no login authentication” command resets the login authentication to its default of

‘local’.

The example below shows the commands used to configure Login Authentication mechanism.

Summary of Contents for SSE-F3548S

Page 1: ...Supermicro SSE F3548S SSE F3548SR Configuration User s Guide 1 SSE F3548S SSE F3548SR Switch Configuration User s Guide Revision 1 0 ...

Page 2: ...IZED REPRESENTATIVE SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF THIS WARRANTY SHOULD THE SOFTWARE AND OR MATERIALS PROVE DEFECTIVE YOU AND NOT SUPER MICRO COMPUTER INC OR A SUPER MICRO COMPUTER INC AUTHORIZED REPRESENTATIVE ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICE REPAIR OR CORRECTION LIMITATION OF LIABILITY UNDER NO CIRCUMSTANCES INCLUDING NEGLIGENCE SHALL SUPER MICRO COMPU...

Page 3: ...Supermicro SSE F3548S SSE F3548SR Configuration User s Guide 3 Document Revision History Date Revision Description 07 03 2018 1 0 Initial document ...

Page 4: ... 17 2 2 Management Access 18 2 2 1 User Login 18 2 2 2 Enable 19 2 2 3 Enable Password 19 2 2 4 IP Authorized Manager 20 2 3 Interface Properties 22 2 3 1 Description 22 2 3 2 Negotiation 25 2 3 3 Speed 28 2 3 4 Duplex Operation 32 2 3 5 MTU 32 2 3 6 Flow Control 34 2 3 7 Storm Control 36 2 3 8 Forward Error Correction FEC Mode 37 2 4 Time Management 38 2 4 1 NTP Server 39 2 4 2 Enable Disable NTP...

Page 5: ...ging Buffer 58 2 6 6 Facility 59 2 6 7 Traps 60 2 6 8 Clear Log Buffer 62 2 6 9 Clear Log File 63 2 7 Configuration Management 63 2 7 1 Save Startup Config 63 2 7 2 Save Running Configuration to File 64 2 7 3 Configuring Startup Config File Name 65 2 7 4 Copy Startup config 66 2 7 5 Copy File 66 2 7 6 Deleting a Saved Configuration 67 2 7 7 Firmware Upgrade 67 2 7 8 Boot up Options 68 2 7 9 Reset ...

Page 6: ...Based VLANs 97 3 10 Protocol Based VLANs 100 3 11 Acceptable Frame Types 104 3 12 Ingress Filter 105 3 13 VLAN Configuration Example 107 3 14 Private Edge VLAN Protected Ports 113 3 14 1 Unprotected Port 113 3 14 2 Protected Port 113 3 14 3 Community Port 113 3 15 Unprotected Ports Configuration 114 3 16 Protected Ports Configuration 114 3 17 Community Ports Configuration 114 3 17 1 Configuration ...

Page 7: ...r to Switch MLAG Topology 149 5 2 2 Topology 2 Switch to Switch MLAG Topology 150 5 2 3 Topology 3 Single Uplink Switch Topology 151 5 2 4 Topology 4 Redundant Uplink Switch Topology 152 5 3 Default Configuration 153 5 4 MLAG Configurations 153 5 4 1 MLAG System ID 153 5 4 2 MLAG System Priority 154 5 4 3 Keep Alive Time 155 5 4 4 IPL Interface 156 5 4 5 MLAG Port Channels 156 5 4 6 Other Configur...

Page 8: ...Cost Long Short 178 6 17 Transmit Hold Count 179 6 18 Root Guard 180 6 19 Topology Change Guard 181 6 20 Port Fast 183 6 21 Auto Edge 184 6 22 Link Type 185 6 23 Spanning Tree Configuration Examples 187 7 IGMP Snooping 192 7 1 IGMP Snooping Support 193 7 2 Enabling IGMP Snooping 194 7 3 IGMP Version 195 7 4 Multicast Router Ports 196 7 4 1 Router Port Timeouts 196 7 4 2 Static Router Ports 197 7 5...

Page 9: ...ving MAC Extended ACLs 222 8 2 4 Applying MAC Extended ACLs to Interfaces 223 8 2 5 ACL Ingress Port Configuration 223 8 2 6 ACL Egress Port Configuration 225 8 2 7 Displaying MAC Extended ACLs 226 8 2 8 MAC Extended ACL Configuration 227 8 3 IP Standard ACL 228 8 3 1 Creating IP Standard ACLs 229 8 3 2 Modifying IP Standard ACLs 231 8 3 3 Removing IPStandard ACLs 231 8 3 4 Applying IP ACLs to Int...

Page 10: ...sification and Marking 253 9 2 CoS Based QoS 254 9 2 1 Egress Queuing 254 9 2 2 Scheduling 255 9 2 3 Default Priority 255 9 2 4 Bandwidth Management 256 9 3 Port Based Rate Limit 256 9 4 HOLBlocking Prevention 256 9 5 Enabling QoS 256 9 6 ConfiguringPolicy Based QoS 257 9 7 Configuring CoS Based QoS 265 10 Port Mirroring 271 10 1 Port Mirroring Defaults 271 10 2 Configure Port Mirroring in CLI 271...

Page 11: ...UDP Port 298 11 7 5 Authentication Traps 299 11 7 6 Link State Trap 300 11 8 Sub Agent 302 11 9 SNMPConfigurationExample 304 12 RMON 312 12 1 RMON Groups 314 12 1 1 Alarm group 314 12 1 2 Event Group 315 12 1 3 Statistics 315 12 2 RMON Configuration 315 12 2 1 EnablingRMON 315 12 2 2 Configuring Alarms and Events 316 12 2 3 Configuring Statistics 318 12 2 4 RMON Configuration Example 319 12 2 5 Co...

Page 12: ...er 334 13 3 4 TACACS Login Authentication Mode 335 13 3 5 TACACS Authorization Status 338 13 3 6 TACACS Privilege 339 13 4 SSH 340 13 5 SSL 342 13 5 1 Secure HTTP https 342 13 5 2 Certificate Signing Request CSR 343 13 5 3 SSL Certificate 345 14 LLDP 347 14 1 1 EnablingLLDP 348 14 1 2 Configuring LLDP Parameters 348 14 1 3 Configuring LLDP Timers 354 14 1 4 LLDPConfiguration 357 ...

Page 13: ... 10Gb or 1Gb mode to connect to existing low speed network devices SSE F3548S R also offer six ports running at 100Gbps for access to high speed backbone networks or storage servers These 100Gbps ports can also operate at 40Gbps or each can be split in to four different ports to run at 25Gbps or 10Gbps This document explains the configuration for Supermicro switch models SSE SSE G3548S R 1 1Featur...

Page 14: ...pper Cable CBL NTWK 0944 MS28C10M 1m 25GbE SFP28 to SFP28 Passive SFP28 Copper Cable CBL NTWK 0944 MS28C15M 1 5m 25GbE SFP28 to SFP28 Passive SFP28 Copper Cable CBL NTWK 0944 MS28C20M 2m 25GbE SFP28 to SFP28 Passive SFP28 Copper Cable CBL NTWK 0944 MS28C25M 2 5m 25GbE SFP28 to SFP28 Passive SFP28 Copper Cable CBL NTWK 0944 MS28C30M 3m 25GbE SFP28 to SFP28 Passive SFP28 Transceiver Module AOM SFP28...

Page 15: ...Supermicro switches After you log into the switch CLI you are automatically placed in the user EXEC mode This mode supports show commands and minimal configuration commands To enter the configuration mode use the command configure terminal For example SMIS configure terminal SMIS config To exit to EXEC mode use the command exit or end 1 3 1 Console Port The SSE G3548S R has an RJ45 connector for t...

Page 16: ...ith a prefix length of 1 32 subnet mask A valid IP subnet mask Step 3 end Exits the configuration mode Step 4 show ip interface Displays the management interface IP configuration The manual IP address configuration is saved automatically as part of the start up config The no ip address command resets the switch IP address to 0 0 0 0 The example below shows the commands used to configure the manage...

Page 17: ... management interface IP address through DHCP SMIS configure terminal SMIS config ip address dhcp SMIS config end 2 1 3 Default IP Gateway To configure default gateway on the switch follow the steps below Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 ip gateway ip address Configure IP gateway ip address IP address of a directly connected router Step 3 End ...

Page 18: ...h a password are authenticated while accessing the switch to the configured privilege level Users with privilege level 1 or above can execute all show commands To execute configuration commands access with privilege level 15 is required Follow the steps below to configure the username Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 username user name passwor...

Page 19: ...cro switches provide support for configuring access to various CLI commands This is achieved by Enable password and privilege levels Fifteen privilege levels can be specified Follow the steps below to enable a privilege level Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 enable 1 15 Enable Level Enable a privilege level Enable Level Specify 1 15 any of the...

Page 20: ... pwd1 2 2 4 IP Authorized Manager Supermicro switches allow configuration of IP authorized managers This feature enhances security on the switch by using IP addresses to authorize computers are allowed to Access the switch s web browser interface Telnet into the switch s console interface Use SNMP or SSH Follow the steps below to configure authorized managers for the switch Step Command Descriptio...

Page 21: ...rite startup config Optional step saves this configuration to be part of startup configuration If IP Authorized Managers are configured in a Supermicro switch access to the switch via telnet ssh etc is possible only by those hosts allowed to access Other hosts will not be permitted access The no authorized manager ip source ip address subnet mask prefix length 1 32 command deletes the particular a...

Page 22: ...ff FEC Mode Off 2 3 1 Description Supermicro switches allow users to configure a description string to the interfaces This description string will be useful to identify the interfaces easily Follow the steps below to configure interface description string Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 interface interface type interface id or interface range...

Page 23: ...its the configuration mode Step 5 show interface description Displays the interface description configuration Step 6 write startup config Optional step saves this configuration to be part of startup configuration The example below shows the commands used to configure interface description SMIS configure terminal SMIS config interface Fx 0 22 SMIS config if description Server_Cluster_0100 SMIS conf...

Page 24: ...wn Fx0 16 up down Fx0 17 up down Fx0 18 up down Fx0 19 up down Fx0 20 up down Fx0 21 up down Fx0 22 up down Server_Cluster_0100 Fx0 23 up down Fx0 24 up down Fx0 25 up down Fx0 26 up down Fx0 27 up down Fx0 28 up down Fx0 29 up down Fx0 30 up down Fx0 31 up down Fx0 32 up down Fx0 33 up down Fx0 34 up down Fx0 35 up down Fx0 36 up down Fx0 37 up down ...

Page 25: ...down 2 3 2 Negotiation Interface speed can be negotiated between connected devices if both ends support negotiation Auto negotiation is disabed by default for all the ports It can be enabled for 100G CX ports Follow the steps below to configure Interface Negotiation Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 interface interface type interface id or inte...

Page 26: ...aces Step3 Negotiation Enable Interface Negotiation Step 4 End Exits the configuration mode Step 5 show interface status Displays the interface configuration Step 6 write startup config Optional step saves this configuration to be part of startup configuration The no negotiation command disables interface negotiation The example below shows the commands used to configure Interface Negotiation SMIS...

Page 27: ...ted Full 10 Gbps No Negotiation Fx0 16 not connected Full 10 Gbps No Negotiation Fx0 17 not connected Full 10 Gbps No Negotiation Fx0 18 not connected Full 10 Gbps No Negotiation Fx0 19 not connected Full 10 Gbps No Negotiation Fx0 20 not connected Full 10 Gbps No Negotiation Fx0 21 not connected Full 10 Gbps No Negotiation Fx0 22 not connected Full 10 Gbps No Negotiation Fx0 23 not connected Full...

Page 28: ...s No Negotiation Fx0 44 not connected Full 10 Gbps No Negotiation Fx0 45 not connected Full 10 Gbps No Negotiation Fx0 46 not connected Full 10 Gbps No Negotiation Fx0 47 not connected Full 10 Gbps No Negotiation Fx0 48 not connected Full 10 Gbps No Negotiation Cx0 1 not connected Full 100 Gbps No Negotiation Cx0 2 not connected Full 100 Gbps Auto Cx0 3 not connected Full 100 Gbps No Negotiation C...

Page 29: ...0 To provide multiple interfaces or ranges separate with a comma E g int range fx 0 1 10 fx 0 20 If multiple interfaces are provided the next step will perform the particular configuration on all these interfaces Step 3 speed 1000 10000 25000 40000 100000 Configure interface speed as 10 100 1000 or 10000 Mbps Step 4 End Exits the configuration mode Step 5 show interface status Displays the interfa...

Page 30: ...Fx0 11 not connected Full 25 Gbps No Negotiation Fx0 12 not connected Full 25 Gbps No Negotiation Fx0 13 not connected Full 25 Gbps No Negotiation Fx0 14 not connected Full 25 Gbps No Negotiation Fx0 15 not connected Full 25 Gbps No Negotiation Fx0 16 not connected Full 25 Gbps No Negotiation Fx0 17 not connected Full 25 Gbps No Negotiation Fx0 18 not connected Full 25 Gbps No Negotiation Fx0 19 n...

Page 31: ...nnected Full 25 Gbps No Negotiation Fx0 39 not connected Full 25 Gbps No Negotiation Fx0 40 not connected Full 25 Gbps No Negotiation Fx0 41 not connected Full 25 Gbps No Negotiation Fx0 42 not connected Full 25 Gbps No Negotiation Fx0 43 not connected Full 25 Gbps No Negotiation Fx0 44 not connected Full 1 Gbps No Negotiation Fx0 45 not connected Full 25 Gbps No Negotiation Fx0 46 not connected F...

Page 32: ...nnel interface id is in slot port format for all physical interfaces To configure multiple interfaces use the interface range command To provide a range use a hyphen between the start and end interface numbers E g int range fx 0 1 10 To provide multiple interfaces or ranges separate with a comma E g int range fx 0 1 10 fx 0 20 If multiple interfaces are provided the next step will perform the part...

Page 33: ...ot connect Bridge Port Type Customer Bridge Port Hardware Address is 00 25 90 80 81 98 MTU 1500 bytes Full duplex 10 Gbps No Negotiation HOL Block Prevention enabled Input flow control is off output flow control is off Link Up Down Trap is enabled Reception Counters Octets 0 Unicast Packets 0 Unicast Packets Rate 0 Sec Broadcast Packets 0 Broadcast Packets Rate 0 Sec Multicast Packets 0 Multicast ...

Page 34: ...TU size is 9000 2 3 6 Flow Control Flow control enables Ethernet ports to control traffic during congestion to avoid packet loss If a port experiences congestion and cannotreceive any more traffic it notifies other ports by sending a pause frame to stop sending until the condition clears Upon receipt of a pause frame the sending device stops sending any data packets to prevent any loss of data pac...

Page 35: ...on on all these interfaces Step 3 flowcontrol send receive on off Configure flow control Send The port can send pause frames but cannot receive pause frames from a connected device Receive The port cannot send pause frames but can receive pause frames from a connected device On Enable flow control Off Disable flow control Step 4 End Exits the configuration mode Step 5 show flow control interface i...

Page 36: ...e traffic rate drops below the falling threshold before resuming normal forwarding Follow the steps below to configure Storm control Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 interface interface type interface id or interface range interface type interface id Enters the interface configuration mode interface type may be any of the following fx ethernet...

Page 37: ...S show interfaces fx 0 22 storm control Fx0 22 DLF Storm Control Disabled Broadcast Storm Control Enabled Broadcast Storm Control 50000 Multicast Storm Control Disabled 2 3 8 Forward Error Correction FEC Mode Supermicro switches allow users to enable FEC mode on the interfaces FEC mode is useful in a noisy link where errors in transmission require retransmissions Follow the steps below to enable F...

Page 38: ...6 write startup config Optional step saves this configuration to be part of startup configuration The example below shows the commands used to configure the interface description SMIS configure terminal SMIS config interface Fx 0 22 SMIS config if fec mode SMIS config if end SMIS SMIS sh int Fx 0 22 2 4 Time Management The system time and date on Supermicro switches can be managed by Network Time ...

Page 39: ... switch Only 1 server can be configured prefer at a time Step 3 End Exits the configuration mode Step 4 show ntp Displays the NTP configuration Step 5 write startup config Optional step saves this configuration to be part of startup configuration The enable agent command enables the agent NTP servers can be deleted only when NTP status is disabled If a key is configured on Supermicro switches acti...

Page 40: ...itches only after configuring at least one NTP server The example below shows the commands used to configure NTP SMIS configure terminal SMIS config ntp enable SMIS config end SMIS show ntp NTP ntp running unicast mode Server Key Prefer 200 200 200 10 100 YES 100 100 100 1 500 Key Key Time zone offset not set 2 4 3 NTP Authentication Supermicro switches support NTP authentication by the NTP server...

Page 41: ...ands used to configure NTP SMIS config ntp key 200 For server1 SMIS config show ntp NTP ntp is enabled Server Key Prefer Key Key 200 For server1 Time zone offset not set 2 4 4 NTP Broadcast NTP server messages can be broadcast or unicast By default Supermicro switches receive unicast NTP messages Follow the below steps to configure Supermicro switches to receive NTP broadcast messages from the NTP...

Page 42: ...e time the moment the switch starts up and keeps track of system date and time The system clock can also be manually configured The system time configured manually remains accurate until next restart Manual configuration of system clock is useful when the system time cannot be obtained from any other source such as NTP associations Follow the steps below to set the system clock Step Command Descri...

Page 43: ...ne std Standard time text e g PST offset Time zone offset in hh mm ss format This is the value needed to be added to local time to get to UST This value is positive if the local time zone is in west of the Prime Merdian otherwise it is negative dst Day light savings time text e g PDT Step 3 end Exits the configuration mode Step 4 show system information Displays the time zone configuration Step 5 ...

Page 44: ...up Flash Area Normal NTP Broadcast Mode No NTP ntp is disabled Server Key Prefer Key Key Time zone offset value PST8 2 5 System Management Supermicro switches can be administered by configuring various operations Switch Name Switch Location Switch Contact System MTU Port mirroring MAC aging Reload or reset Defaults System Management Parameter Default Value Switch name SMIS System contact http www ...

Page 45: ...ration The device name configuration is automatically stored as part of startup config file The example below shows the commands used to configure the switch name SMIS configure terminal SMIS config device name switch1 switch1 config end switch1 show system information Switch Name switch1 Switch Base MAC Address 00 30 48 e3 70 bc SNMP EngineID 80 00 08 1c 04 46 53 System Contact http www supermicr...

Page 46: ...Step 4 show system information Displays the System information configuration Step 5 write startup config Optional step saves this configuration to be part of startup configuration The System Contact configuration is automatically stored as part of the startup config file The example below shows the commands used to configure the switch contact SMIS configure terminal SMIS config system contact Use...

Page 47: ...ation location name Configure System Location location name Location of the switch specified as a string of maximum size 256 Step 3 End Exits the configuration mode Step 4 show system information Displays the System Location configuration Step 5 write startup config Optional step saves this configuration to be part of startup configuration The System Location configuration is automatically stored ...

Page 48: ...ansmitted on all interfaces of the switch is 1500 bytes The MTU size can be increased for all interfaces of the switch at the same time by using the system MTU command Follow the steps below to configure the system MTU Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 system mtu frame size 1500 9216 Configure System MTU frame size Specify MTU of frame in range...

Page 49: ... is 9200 Fx0 6 MTU size is 9200 Fx0 7 MTU size is 9200 Fx0 8 MTU size is 9200 Fx0 9 MTU size is 9200 Fx0 10 MTU size is 9200 Fx0 11 MTU size is 9200 Fx0 12 MTU size is 9200 Fx0 13 MTU size is 9200 Fx0 14 MTU size is 9200 Fx0 15 MTU size is 9200 Fx0 16 MTU size is 9200 Fx0 17 MTU size is 9200 Fx0 18 MTU size is 9200 Fx0 19 MTU size is 9200 Fx0 20 MTU size is 9200 Fx0 21 MTU size is 9200 Fx0 22 MTU ...

Page 50: ... Fx0 30 MTU size is 9200 Fx0 31 MTU size is 9200 Fx0 32 MTU size is 9200 Fx0 33 MTU size is 9200 Fx0 34 MTU size is 9200 Fx0 35 MTU size is 9200 Fx0 36 MTU size is 9200 Fx0 37 MTU size is 9200 Fx0 38 MTU size is 9200 Fx0 39 MTU size is 9200 Fx0 40 MTU size is 9200 Fx0 41 MTU size is 9200 Fx0 42 MTU size is 9200 Fx0 43 MTU size is 9200 Fx0 44 MTU size is 9200 Fx0 45 MTU size is 9200 Fx0 46 MTU size...

Page 51: ...rds it to another port for transmission A packet with a static address that arrives on a VLAN on which a static MAC address has been configured is flooded to all ports and not learned A static address is created by specifying the destination MAC unicast address and theVLAN from which it is received Packets received with this destination address are forwarded to the interface specified with the int...

Page 52: ...ional step saves this configuration to be part of startup configuration The no mac address table static multicast aa aa aa aa aa aa vlan vlan id 1 4069 recv port interface type interface id andno mac address table static unicast aa aa aa aa aa aa vlan vlan id 1 4069 recv port interface type interface id command deletes the particular static MAC entry The no mac address table static multicast aa aa...

Page 53: ... time Step 5 write startup config Optional step saves this configuration to be part of startup configuration The no mac address table aging time command resets MAC aging to its default value of 300 seconds The example below shows the commands used to configure MAC Aging SMIS configure terminal SMIS config mac address table aging time 50000 SMIS config end SMIS show mac address table aging time Mac...

Page 54: ...ion mode Step 2 logging disable Disable Syslog Step 3 End Exits the configuration mode Step 4 show logging Displays the Syslog configuration Step 5 write startup config Optional step saves this configuration to be part of startup configuration The logging enable command enables the Syslog feature The example below shows the commands used to disable Syslog SMIS configure terminal SMIS config loggin...

Page 55: ...rver Step 3 End Exits the configuration mode Step 4 show logging Displays the Syslog configuration Step 5 write startup config Optional step saves this configuration to be part of startup configuration The no logging ip address command deletes the Syslog server The example below shows the commands used to configure a Syslog server SMIS configure terminal SMIS config logging 192 168 1 3 SMIS config...

Page 56: ...onal step saves this configuration to be part of startup configuration The no logging console command disables console logging The example below shows the commands used to enable Syslog console SMIS configure terminal SMIS config logging console SMIS config end SMIS show logging System Log Information Syslog logging enabled Number of messages 0 Console logging enabled Number of messages 0 File log...

Page 57: ...part of startup configuration The no logging file command disables the logging of system message in a file The example below shows the commands used to enable storing logs in a file SMIS configure terminal SMIS config logging file log1 SMIS config end SMIS show logging file LogFile 2 Entries 129 Apr 29 10 11 30 2013 INTF 1 Interface Fx0 22 status changed to UP 129 Apr 29 10 11 31 2013 INTF 1 Inter...

Page 58: ...to UP 129 Apr 29 10 11 31 2013 INTF 1 Interface Fx0 22 status changed to UP 2 6 5 Logging Buffer The log messages are stored in a circular internal buffer in which older messages are overwritten once the buffer is full The Syslog buffer size is configurable in Supermicro switches Follow the steps below to configure the Syslog buffer Step Command Description Step 1 configure terminal Enters the con...

Page 59: ... 2013 DHC 7 Rcvd Msg 13cb8128 type 1 135 Apr 29 10 11 07 2013 DHC 7 Rcvd Event 4 135 Apr 29 10 11 07 2013 DHC 7 Rcvd Msg 13cf4258 type 1 135 Apr 29 10 11 08 2013 DHC 7 Rcvd Event 4 135 Apr 29 10 11 08 2013 DHC 7 Rcvd Msg 13cf4858 type 1 LogFile 0 Entries 2 6 6 Facility The Syslog facility provides approximate details regarding which part of the system the Syslog message originated from Follow the ...

Page 60: ...50 Entries LogBuffer 0 Entries LogFile 0 Entries 2 6 7 Traps Supermicro switches provide an option for specifying the type of traps that are to be logged Follow the steps below to configure logging traps Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 logging trap level 0 7 alerts critical debugging emergencies errors informational notification warnings Conf...

Page 61: ...nfiguration The no logging trap command resets trap logging to its default value of Critical The example below shows the commands used to configure logging traps SMIS configure terminal SMIS config logging trap 5 SMIS end SMIS config show logging System Log Information Syslog logging enabled Number of messages 0 Console logging disabled Number of messages 0 File logging disabled Number of messages...

Page 62: ...eps below to clear the log buffer Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 clear log buffer Clear Logging Buffer Step 3 End Exits the configuration mode Step 4 show logging Displays the Syslog configuration Step 5 write startup config Optional step saves this configuration to be part of startup configuration The example below shows the commands used t...

Page 63: ...ing enabled Number of messages 0 Console logging disabled Number of messages 0 File logging disabled Number of messages 0 Log File Name File Max Entries 500 TimeStamp option enabled Trap logging Critical Log server IP None Facility Default local0 Buffered size 50 Entries LogBuffer 0 Entries LogFile 0 Entries 2 7Configuration Management This section describes the steps to save and manage the config...

Page 64: ...saved to a file either in local flash memory or to a remote TFTP server Follow the steps below to write an existing switch configuration to a file Step Command Description Step 1 write flash filename tftp ip address filename Configure Writing of Switch Configuration to a file in the local flash memory or in a remote TFTP server filename name of the configuration file Step 2 show stored config file...

Page 65: ...he steps below to configure the startup configuration Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 set startup config filename Configure Startup config file name filename name of the configuration file Step 3 End Exits the configuration mode Step 4 show startup config Displays the configured startup configuration file contents The example below shows the ...

Page 66: ... txt Copied startup config flash mnt config5 txt SMIS 2 7 5 Copy File The copy command copies the configuration file from flash memory to a remote TFTP server and vice versa This command can be used to copy files in the local flash memory also Follow the steps below to copy the configuration file to a remote site flash Step Command Description Step 1 copy flash filenametftp ipaddress filename copy...

Page 67: ...onfig1 txt SMIS SMIS erase startup config Do you really want to delete startup configuration y n Deleted startup configuration file SMIS 2 7 7 Firmware Upgrade Supermicro switches support dual firmware images The default firmware image is referred as normal and the backup firmware image is referred as the fallback image The firmware upgrade command updates both the normal and fallback images This ...

Page 68: ...onfigure Switch Boot Up options Step 3 End Exits the configuration mode Step 4 show system information Displays the system information configuration The boot up configuration is automatically stored as part of the startup config file The example below shows the commands used to configure the switch boot up options SMIS configure terminal SMIS config set boot up fallback SMIS config end SMIS show s...

Page 69: ...actory defaults SMIS config reset to factory defaults This command will reset settings to the factory defaults After resetting to factory defaults the switch will be reloaded immediately Do you really want to execute this command and reload the switch y n 2 8 Zero Touch Provisioning Zero Touch Provisioning ZTP helps to auto provision Supermicro switches without manual intervention ZTP also helps t...

Page 70: ...s is sent to switches from the DHCP server using standard DHCP option 66 tftp server name This field needs to be configured in IP address format e g xxx xxx xxx xxx Switches cannot accept server names as domain name resolution is not supported These options can be added to dhcpd conf as shown in the example below The lines in bold are newly required other lines are shown for clarity Need to add th...

Page 71: ...ration restore feature is enabled in Supermicro switches by default The default management IP address configuration is DHCP mode Hence when switches boot up with DHCP it gets the configuration file and applies the configuration The diagram below shows how a switch restores the configuration in ZTP and non ZTP cases ...

Page 72: ... User s Guide 72 Restore Local Config If no local config factory defaults Is Static or DHCP IP Got Got ZTP options Download Config File Switch Boots up Restore ZTP config file Static IP DHCP IP No Yes Yes No Success ZTP config restore failed Failed ...

Page 73: ...terface on the system settings page in the system management group 2 8 3 ZTP Firmware Upgrade This section explains details on using ZTP to automatically upgrade firmware on Supermicro switches 2 8 3 1 DHCP Server Configuration Switches expect the following information from the DHCP server to upgrade the firmware supplied along with DHCP IP 1 Firmware Image File Name 2 TFTP Server IP Address Firmw...

Page 74: ... firmware upgrade feature is enabled in Supermicro switches by default The default management IP address configuration is DHCP mode Hence when switches boot up with DHCP it gets the firmware image file and checks whether an upgrade is needed or not The diagram below shows how a switch upgrades the firmware in ZTP option space smc op option smc op config file name code 1 text option smc op fw img f...

Page 75: ... Guide 75 No firmware upgrade Got DHCP Got ZTP options Download Firmware File Upgrade Firmware Reload Switch No Yes Yes No Success Failed Is ZTP firmware different than current running firmware No Is Static or DHCP IP Switch Boots up Static IP DHCP IP Yes ...

Page 76: ...witches advertise its vendor class information on DHCP discover and request packets The DHCP vendor class option 60 is used for this purpose The SSE G3548S R switch advertises the vendor class as SSE F3548 This vendor class information can be used in DHCP servers to send ZTP options only to the relevant switch models The example below shows a DHCP server configuration that uses vendor class inform...

Page 77: ... tracking disable Disabling uplink failure tracking feature Step 7 End Exits the configuration mode Step 8 show link status tracking Displays the link status tracking configuration Step 9 write startup config Optional step saves this configuration to be part of startup configuration For example if it is desired to bring down all fourteen ports from fx 0 1 to fx 0 14 when uplink interfaces fx 0 15 ...

Page 78: ...ng ports across multiple switches Figure VLAN 1 VLANs on a Switched LAN VLANs work in same way as physical LANs The packets from the end stations of a VLAN are switched only to other end stations or network devices inside that VLAN To reach devices in another VLAN the packets have to be routed from one VLAN to another Supermicro L2 L3 switches support such Inter VLAN routing to route packets acros...

Page 79: ...protocol VLAN is found that VLAN ID is used as the VLAN for this packet If a protocol VLAN is not found proceed to the next step Step 3 This step identifies the VLAN based on a port based VLAN configuration If the received port is in access mode the configured access VLAN default is VLAN 1 is used as the VLAN for this packet If the received port is in trunk mode the configured trunk native VLAN de...

Page 80: ...dure Packet has VLAN tag VLAN ID 0 Found Src MAC in MAC VLAN Found Proto VLAN Found VLAN Use VLAN ID from VLAN tag Use MAC VLAN ID Use Protocol VLAN ID Use Access VLAN ID Yes Yes Yes Yes No No No No Is Access Port Use Trunk Native VLAN ID No Is Trunk Port Use PVID as VLAN ID No Is Hybrid Port Yes Yes Yes ...

Page 81: ...n Users can modify the port members of this VLAN 1 by adding or removing any ports to this VLAN 1 as either tagged or untagged ports The easier way is to change the port modes to either Access or Trunk ports and configure the relevant VLANs The Access and Trunk modes are described in detail in later sections VLAN 1 cannot be deleted by the user Instead a user can remove all the ports from VLAN 1 t...

Page 82: ...an number or list of vlan numbers Multiple vlan numbers can be provided as comma separated values Consecutive vlan numbers can be provided as a range such as 5 10 User can configure VLANs with identifiers 1 to 4069 Step 3 show vlan Displays the configured VLANs Step 4 write startup config Optional step Save these VLAN configuration to be part of startup configuration The examples below show variou...

Page 83: ...mples show ways to remove VLANs Delete a VLAN with identifier 10 SMIS configure terminal SMIS config no vlan 10 Delete VLANs with identifier 20 to 30 50 and 100 SMIS configure terminal SMIS config no vlan 20 30 50 100 SMIS config vlan exit 3 7 VLAN Name VLANs can be associated with a label name string for easier configuration and identification Follow the steps below to add or modify a name string...

Page 84: ...n 50 SMIS config vlan name main_user_vlan SMIS config vlan exit Follow the steps below to remove a name string from any VLAN in a Supermicro switch Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 vlan vlan list Enters the VLAN configuration mode vlan list may be any VLAN number or list of VLAN numbers Multiple VLAN numbers can be provided as comma separated ...

Page 85: ...lly ports are associated with VLANs as either access port members or trunk port members Supermicro switches support an additional port mode called hybrid Port Channel interfaces also can be configured as VLAN member ports Figure VLAN 4 Port Based VLANs 3 8 1 Access Ports Access ports carry the traffic of only one VLAN Any switch port can be configured as an access port Usually switch ports connect...

Page 86: ...l physical interfaces It may be the port channel identifier for port channel interfaces To configure multiple interfaces use the interface range command To provide a range use a hypen between the start and end interface numbers E g int range fx 0 1 10 To provide multiple interfaces or ranges use separate with a comma E g int range fx 0 1 10 fx 0 20 Step 3 switchport mode access Sets the port mode ...

Page 87: ...config vlan exit SMIS config interface po 1 SMIS config if switchport mode access SMIS config if switchport access vlan 10 SMIS config if exit 3 8 2 Trunk Ports Trunk ports carry the traffic of one or more VLANs Any switch port can be configured as a trunk port Usually switch ports connected between switches are configured as trunk ports to carry multiple VLAN traffic across switches Switch ports ...

Page 88: ...ace id Enters the interface mode interface type may be any of the following fx ethernet fx cx ethernet cx port channel po interface id is in slot port format for all physical interfaces It may be a port channel identifier for port channel interfaces To configure multiple interfaces use the interface range command To provide a range use a hypen between the start and end interface numbers E g int ra...

Page 89: ...can be configured by following the steps below Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 interface interface type interface id or interface range interface type interface id Enters the interface mode interface type may be any of the following fx ethernet fx cx ethernet cx port channel po interface id is in slot port format for all physical interfaces I...

Page 90: ...k except for the given list of VLANs Step 4e switchport trunk allowed vlan all This command sets the default behavior of allowing all VLANs configured in the switch as allowed VLANs on this trunk Step 4f switchport trunk allowed vlan none This command removes all the allowed VLANs from this trunk Step 5 show vlan port config port iftype ifnum and show running config Displays the configured allowed...

Page 91: ...y be cases in which untagged packets need to be carried over a trunk interface This is achieved by using the native VLAN feature of the trunk interface Any VLAN can be configured on any trunk interface as a native VLAN Trunk interfaces will send native VLAN packets as untagged packets without adding the 802 1Q VLAN tag header Similarly any untagged packets received on a trunk interface will be con...

Page 92: ... 1 10 To provide multiple interfaces or ranges separate with a comma E g int range fx 0 1 10 fx 0 20 Step 3 switchport mode trunk Sets the port mode as a trunk port Step 4 switchport trunk native vlan vlan id vlan id The VLAN identifiers may be from 1 to 4069 If the given VLAN does not exist switch will provide a warning message In this case the native VLAN traffic will be dropped until the VLAN b...

Page 93: ...itchport trunk native vlan SMIS config if exit 3 8 3 Hybrid Ports Hybrid ports carry both untagged and 802 1Q tagged packets Hybrid ports carry the traffic of one or more VLANs Any switch port can be configured as a hybrid port In Supermicro switches all switch ports by default come up in hybrid mode Users need to explicitly add the hybrid ports to all the required VLANs as either tagged or untagg...

Page 94: ...figure any port as a hybrid port Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 vlan vlan list vlan list may be any VLAN number or list of VLAN numbers Multiple VLAN numbers can be provided as comma separated values Consecutive VLAN numbers can be provided as a range such as 5 10 If multiple VLANs are provided the ports configuration provided in the next st...

Page 95: ...range of ports is provided in the format fx 0 1 10 which specifies the ports from fx 0 1 to fx 0 10 Use the no form of this command to remove forbidden ports from this VLAN If ports list is not provided to the no command all the forbidden ports are removed from this VLAN Step 4 Exit Exits the VLAN configuration mode Step 5 interface interface type interface id or interface range interface type int...

Page 96: ...rid mode The switchport pvid command will be accepted only when a port is in hybrid mode A port can be configured as a tagged port for multiple VLANs A port can be configured as an untagged port for multiple VLANs This is useful for MAC based VLANs For a port based VLAN configuration having a port as untagged in multiple VLANs is not a recommended configuration as all the received untagged packets...

Page 97: ...SMIS config if switchport pvid 100 SMIS config if exit 3 9 MAC Based VLANs When end users move often from one place to another but remain inside the same LAN it is difficult to maintain the same VLAN for an end user in a port based VLAN configuration MAC based VLAN features are used to provide the same VLAN to any end user irrespective of the switch port the end user is connecting to The switch ad...

Page 98: ...s list up to three ports or ranges of ports separated by spaces The range of ports is provided in the format fx 0 1 10 which specifies the ports from fx 0 1 to fx 0 10 Step 4 Exit Exits the VLAN configuration mode Step 5 mac vlan ucast_mac vlan vlan id Configures MAC VLAN mapping entry ucast_mac Unicast MAC address This VLAN will be applied to all incoming untagged packets from this unicast MAC ad...

Page 99: ...configuration mode Step 2 no mac vlan ucast_mac Removes MAC VLAN mapping entry ucast_mac Unicast MAC address for which MAC VLAN mapping is to be removed Step 3 show mac vlan Displays the configured MAC based VLANs Step 4 write startup config Optional step saves this VLAN configuration to be part of startup configuration The examples below show various ways to configure MAC based VLANs Create a VLA...

Page 100: ...er or list of VLAN numbers Multiple VLAN numbers can be provided as comma separated values Consecutive VLAN numbers can be provided as a range such as 5 10 Step 3 ports ports list untagged Adds the required ports for this VLAN as untagged ports ports list up to three ports or three ranges of ports separated by spaces The range of ports is provided in a format like fx 0 1 10 which refers to ports f...

Page 101: ...he start and end interface numbers E g int range fx 0 1 10 To provide multiple interfaces or ranges separate with a comma E g int range fx 0 1 10 fx 0 20 Step 7 switchport map protocols group Group id integer 0 2147483647 vlan vlan id 1 4069 Associates the group to the VLAN on the above interface Group id Protocol Group Identifier vlan id VLAN identifier Step 8 switchport pvid vlan id Configures t...

Page 102: ...re multiple interfaces use the interface range command To provide a range use a hypen between the start and end interface numbers E g int range fx 0 1 10 To provide multiple interfaces or ranges separate with a comma E g int range fx 0 1 10 fx 0 20 Step 3 no switchport map protocols group Group id integer 0 2147483647 Removes the protocol groups from interface mode Group id Protocol Group Identifi...

Page 103: ...to configure protocol based VLANs Assign all IP traffic to VLAN 20 and all other traffic to VLAN 30 on ports fx 0 1 to fx 0 10 SMIS configure terminal SMIS config vlan 20 30 SMIS config vlan po fx 0 1 10 untagged SMIS config vlan exit SMIS config map protocol arp enet v2 protocols group 1 SMIS config map protocol ip enet v2 protocols group 2 SMIS config int range fx 0 1 10 SMIS config if switchpor...

Page 104: ...s the configuration mode Step 2 interface interface type interface id or interface range interface type interface id Enters the interface mode interface type may be any of the following fx ethernet fx cx ethernet cx port channel po interface id is in slot port format for all physical interfaces It may be a port channel identifier for port channel interfaces To configure multiple interfaces use the...

Page 105: ...o configure acceptable frame types on switch ports Configure fx 0 1 to fx 0 10 to accept only untagged and priority tagged packets SMIS configure terminal SMIS config interface range fx 0 1 10 SMIS config if switchport acceptable frame type untaggedAndPrioritytagged SMIS config if exit Configure port channel interface 1 to accept only tagged packets SMIS configure terminal SMIS config interface po...

Page 106: ...face range command To provide a range use a hypen between the start and end interface numbers E g int range fx 0 1 10 To provide multiple interfaces or ranges separate with a comma E g int range fx 0 1 10 fx 0 20 Step 3 switchport ingress filter or no switchport ingress filter This command enables ingress filtering function This is the default behavior The no form of this command disables ingress ...

Page 107: ...t Fx 0 41 is a trunk port connected to storage which carries VLAN 20 and 30 3 Ports Fx 0 20 to Fx 0 40 are access ports for VLAN 10 4 Ports Fx 0 15 and Fx 0 16 are part of a trunk port channel that carries all the VLANs to other switches with native VLAN 10 Figure VLAN 8 VLAN Configuration Example SMIS configure terminal Create all the VLANs first SMIS config vlan 10 20 30 SMIS config vlan exit Co...

Page 108: ...hannel trunk interface on fx 0 15 and fx 0 16 SMIS config interface port channel 1 SMIS config if exit SMIS config interface range fx 0 15 16 SMIS config if channel group 1 mode on SMIS config if exit SMIS config interface port channel 1 SMIS config if switchport mode trunk SMIS config if switchport trunk native vlan 10 SMIS config if end Check the running configuration for accuracy SMIS show runn...

Page 109: ...ode trunk switchport trunk native vlan 10 interface Fx 0 4 switchport mode trunk switchport trunk native vlan 10 interface Fx 0 5 switchport mode trunk switchport trunk native vlan 10 interface Fx 0 6 switchport mode trunk switchport trunk native vlan 10 interface Fx 0 7 switchport mode trunk switchport trunk native vlan 10 interface Fx 0 8 switchport mode trunk switchport trunk native vlan 10 int...

Page 110: ...ce Fx 0 21 switchport mode access switchport access vlan 10 interface Fx 0 22 switchport mode access switchport access vlan 10 interface Fx 0 23 switchport mode access switchport access vlan 10 interface Fx 0 24 switchport mode access switchport access vlan 10 interface Fx 0 25 switchport mode access switchport access vlan 10 interface Fx 0 26 switchport mode access switchport access vlan 10 inter...

Page 111: ...itchport access vlan 10 interface Fx 0 32 switchport mode access switchport access vlan 10 interface Fx 0 33 switchport mode access switchport access vlan 10 interface Fx 0 34 switchport mode access switchport access vlan 10 interface Fx 0 35 switchport mode access switchport access vlan 10 interface Fx 0 36 switchport mode access switchport access vlan 10 interface Fx 0 37 switchport mode access ...

Page 112: ...s fx 0 1 14 fx 0 17 19 fx 0 41 48 cx 0 1 6 po 1 Hybrid Tagged Ports None Hybrid Untagged Ports fx 0 11 14 fx 0 17 19 fx 0 41 48 cx 0 1 6 Hybrid Forbidden Ports None Access Ports None Trunk Ports fx 0 1 10 po 1 Name Status Permanent Vlan ID 10 Member Ports fx 0 1 10 fx 0 20 40 po 1 Hybrid Tagged Ports None Hybrid Untagged Ports None Hybrid Forbidden Ports None Access Ports fx 0 20 40 Trunk Ports fx...

Page 113: ...f they are in the same VLAN Switch ports can be configured to operate in one of the following three modes 3 14 1 Unprotected Port By default all the ports in the switch are unprotected ports Unprotected ports can send and receive traffic with all the other ports including other unprotected protected and community ports based on the VLAN membership 3 14 2 Protected Port Protected ports can send and...

Page 114: ...ation page in port manager There is no limit on the number of protected ports that can be supported by the switch 3 17 Community Ports Configuration Any port can be configured as a community port with the below CLI command in interface configuration mode switchport protected group group number This can be done in the web interface by changing the port mode to Protected Port and entering the group ...

Page 115: ...Supermicro SSE F3548S SSE F3548SR Configuration User s Guide 115 ...

Page 116: ... 2 The Fx ports 25 to 48 should be able to communicate among themselves and also should be able to communicate with uplink ports Cx 0 1 and Cx 0 2 The ports 1 to 24 should not be able to communicate with the ports 25 to 48 and vice versa The required configuration for this example is given below The uplink ports can be left with the default configuration as unprotected ports The downlink ports 1 t...

Page 117: ...ion User s Guide 117 SMIS configure term SMIS config interface range fx 0 1 24 SMIS config if switchport protected group 1 SMIS config if exit SMIS config interface range fx 0 25 48 SMIS config if switchport protected group 2 SMIS config if exit ...

Page 118: ... 200 Gbps bandwidth When ports are set to 10Gig speed users can aggregate eight 10Gig ports to get an aggregated uplink with up to 80 Gbps Incremental bandwidth Users can start aggregation with a fewer number of ports and then increase the number of ports in aggregation up to eight incrementally based on the bandwidth requirements Redundancy When one of the physical links fails traffic will be dis...

Page 119: ...ults The Link Aggregation feature is enabled by default in Supermicro switches When a port channel interface is created it will be added to VLAN 1 by default Port channels use the MAC address of the first physical link added to it The default LACP system priority is 32768 The default LACP port priority is 128 The default LACP timeout is long 30 seconds The default LACP wait time is 2 seconds 4 4 S...

Page 120: ...state The member ports that could not reach agreement on LACP parameters will stay in the independent state Switches do not send traffic on member ports in independent state When one or more member ports reach the bundle state the port channel status will be up The port channel status will be down when all its member ports are either physically down or in the independent state Ports can be configu...

Page 121: ...Creating Port Channels Port channel creation involves two steps the first is to create the port channel interfaces and the second is to add member ports to the port channel interfaces 4 6 1 1 Creating Port Channel Interfaces Follow the steps below to create port channel interfaces in Supermicro switches Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 interfa...

Page 122: ...e po 1 2 Step 3 description string Optional step adds any name string to the port channel interfaces using the description command The string may be up to 64 characters in length The port channel description strings will not affect the member ports description strings configurations Step 4 mtu framesize Optional step Configures the MTU for the port channel interfaces framesize may be any number fr...

Page 123: ...figuration mode Step 8 show interface port channel channel group Displays the configured port channel number information show etherchannel channel group number detail load balance port por t channel summary protocol Step 9 write startup config Optional step saves this port channel configuration to be part of startup configuration 4 6 1 2 Adding Member Ports to Port Channels Users can add up to eig...

Page 124: ...nterface type may be any of the following fx ethernet fx cx ethernet cx interface id is in slot port format for allphysical interfaces To configure multiple interfaces usethe interface range command Toprovide a range use a hyphen between the start and end interfacenumbers E g int range fx 0 1 10 To provide multiple interfaces or ranges separate with a comma E g int range fx 0 1 10 fx 0 20 Step 3 c...

Page 125: ...port channel with member ports cx 0 1 and cx 0 2 SMIS configure terminal SMIS config interface port channel 10 SMIS config if exit SMIS config int range cx 0 1 2 SMIS config if channel group 10 mode active For LACP aggregation use the active or passive mode For static link aggregation use mode on Step 4 End Exits the interface configuration mode Step 5 show interface port channel channel group Dis...

Page 126: ...follow the same steps used to create the port channels as explained in the Creating Port Channel Interfaces section The example below shows the steps to modify the parameters of a port channel interface Modify port channel 10 as a trunk interface to allow VLANs 100 to 200 with a native VLAN 100 SMIS configure terminal SMIS config interface port channel 10 SMIS config if switchport mode trunk SMIS ...

Page 127: ...e interface mode Or interface range interface type interface id interface type may be any of the following fx ethernet fx cx ethernet cx interface id is in slot port format for all physical interfaces To configure multiple interfaces use the interface range command To provide a range use a hyphen between the start and end interface numbers E g int range fx 0 1 10 To provide multiple interfaces or ...

Page 128: ... changed to the default configurations After removing any port from a port channel users must verify and change the port VLAN MTU and spanning tree configurations as needed The example below shows the steps necessary to remove a member port from a port channel interface Remove port cx 0 3 from port channel interface 10 SMIS configure terminal SMIS config int cx 0 3 SMIS config if no channel group ...

Page 129: ...terface numbers E g int range fx0 1 10 To provide multiple interfaces or ranges separate with a comma E g int range fx 0 1 10 fx 0 1 20 Step 3 no channel group Removes the member ports from the port channel Step 4 channel group channel group number mode Configures the interfaces as member active passive on ports with the given port mode For LACP aggregation use the active or passive mode For stati...

Page 130: ...oving Port Channels Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 no interface port channel channel group Removes the port channel interface number Or channel group number may be any number from 1 to 65535 no interface range port channel channel group number To remove multiple port channel interfaces use the no interface range number information show ether...

Page 131: ...n When a port channel is removed all its member ports will be automatically added to VLAN 1 The MTU and spanning tree configurations of that port will not automatically be changed to their default configurations The example below shows the necessary steps to remove a port channel interface Remove port channel 10 and add all its member ports to VLAN 10 as access ports SMIS configure terminal SMIS c...

Page 132: ...s the active member ports If both end devices have the same LACP system priority the device with the numerically lower MAC address will get to decide the active member ports The default LACP system priority value is 32768 Follow the steps below to modify the LACP system priority Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 lacp system priority system prio...

Page 133: ...y value get selected as active member ports If multiple ports have the same port priority value the ports with the numerically lower port numbers will be selected as the active member ports The default LACP port priority is 128 Follow the steps below to modify the LACP port priority Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 interface interface type int...

Page 134: ...Configures the LACP port priority port priority may be any value from 0 to 65535 Step 4 End Exits the configuration mode Step 5 show running config Displays the configured port priority information show etherchannel Step 6 write startup config Optional step saves this port priority configuration to be part of startup configuration The no lacp port priority command resets the LACP port priority to ...

Page 135: ...t can have a different LACP timeout selection Also the LACP timeout selection does not need to match on both end devices An LACP port with a long timeout can be connected to a port which has a short timeout When the long timeout value is chosen LACP messages are expected to be received once every 30 seconds When the short timeout value is chosen LACP messages are expected to be received once every...

Page 136: ...e numbers E g int range fx 0 1 10 To provide multiple interfaces or ranges separate with a comma E g int range fx 0 1 10 fx 0 20 Step 3 lacp timeout long short Configures the LACP port timeout long LACP messages are expected to be received once every 30 seconds short LACP messages are expected to be received once every second Step 4 End Exits the configuration mode Step 5 show running config Displ...

Page 137: ...dding any member port to aggregation The default LACP wait time period is two seconds Users can choose any time interval from 0 to 10 seconds as the LACP wait time The LACP wait time is port specific and users can configure different LACP wait times on different member ports Follow the steps below to modify the LACP wait time Step Command Description Step 1 configure terminal Enters the configurat...

Page 138: ... 6 5 Load Balancing Supermicro switches support load balancing on aggregated links Switches distribute outgoing traffic on all member ports that are in a bundle state The distribution decision to transmit a packet on any particular member port is decided by a hash algorithm Supermicro switches support the following hash algorithms Source MAC Base Packets will be distributed across the member ports...

Page 139: ...tion when the traffic has multiple streams Users need to choose the right hash algorithm based on their common traffic scenarios The load balance algorithm selection can be configured for individual port channel interfaces or it can be configured globally for all port channel interfaces The load balancing algorithm on both ends of a port channel need not be the same The default load balancing algo...

Page 140: ...nation IP addresses SMIS configure terminal SMIS config port channel load balance src dest ip SMIS config if exit The link aggregation feature is enabled by default in Supermicro switches Users can disable link aggregation if needed Follow the steps below to disable the link aggregation feature given port channel algorithm will be applied to all port channel interfaces Step 3 End Exits the configu...

Page 141: ...ow Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 set port channel enable Enables the link aggregation feature Step 3 End Exits the configuration mode Step 4 show etherchannel Displays link aggregation feature status Step 5 write startup config Optional step saves this configuration to be part of startup configuration 4 6 6 Link Aggregation Configuration Ex...

Page 142: ... 3 4 SMIS config if channel group 1 mode active SMIS config if exit Configure the VLAN requirements for the port channel 1 interface SMIS config int port channel 1 SMIS config if switchport mode trunk SMIS config if switchport trunk native vlan 20 SMIS config if exit Create the port channel 2 interface SMIS config int port channel 2 SMIS config if exit Add member ports to the port channel 2 interf...

Page 143: ...D Hardware Version Firmware OS Boot Loader ID Hardware Version Firmware OS Boot Loader 0 SSE F3548 1 0 0 0 6 0 0 0 0 0 SSE F3548 1 0 0 0 6 0 0 0 0 0 SSE F3548 1 0 0 0 6 0 0 0 0 ip address dhcp interface port channel 1 exit interface port channel 2 exit interface port channel 3 exit vlan 1 ports fx 0 1 19 untagged ports fx 0 22 48 untagged ports po 2 untagged exit vlan 10 ports po 3 untagged exit v...

Page 144: ...p Listing Group 1 Protocol LACP Ports in the Group Port Cx0 3 Port State Down Not in Bundle Channel Group 1 Mode Active Pseudo port channel Po1 LACP port priority 128 LACP Wait time 2 secs LACP Activity Active LACP Timeout Long Aggregation State Aggregation Defaulted Port Cx0 4 Port State Down Not in Bundle Channel Group 1 Mode Active Pseudo port channel Po1 LACP port priority 128 LACP Wait time 2...

Page 145: ...ty Passive LACP Timeout Long Aggregation State Aggregation Defaulted Port Fx0 21 Port State Down Not in Bundle Channel Group 2 Mode On Pseudo port channel Po2 LACP port priority 128 LACP Wait time 2 secs LACP Activity Passive LACP Timeout Long Aggregation State Aggregation Defaulted LACP Port Admin Oper Port Port Port State Priority Key Key Number State Fx0 20 Down 128 2 2 0x14 0x44 Fx0 21 Down 12...

Page 146: ...oup 3 Mode Active Pseudo port channel Po3 LACP port priority 128 LACP Wait time 2 secs LACP Activity Active LACP Timeout Long Aggregation State Aggregation Defaulted LACP Port Admin Oper Port Port Port State Priority Key Key Number State Fx0 1 Down 128 3 3 0x31 0x45 Fx0 2 Down 128 3 3 0x32 0x45 Port channel Po3 Number of Ports 2 HotStandBy port null Port state Port channel Ag Not Inuse Protocol LA...

Page 147: ...LAG control information between peer switches however it also carries data traffic for devices that are attached to only one of the MLAG peers 5 1 1 Terminologies 5 1 1 1 IPL Inter Peer Link The link connecting two MLAG peer switches is referred as an Inter Peer Link IPL This link should be configured as a LACP port channel It can have many member ports as supported by the switch model 5 1 1 2 Pee...

Page 148: ...figuration User s Guide 148 5 1 1 5 Single Homed Device A single homed device is a device connected to only one peer switch This connection could be a regular single physical link connection or a connection through a port channel interface ...

Page 149: ...itches in the MLAG Switches A and B are connected through an IPL port channel interface The server is connected to both MLAG peer switches either through regular bonding or by a teaming LACP interface on the server side On the switch side the ports connected to the server are configured with the same MLAG enabled port channel number Bonding Teaming MLAG Port Channel IPL PO Switch B Switch A ...

Page 150: ...r switches in the MLAG Switches A and B are connected through an IPL port channel interface Switch C is connected to both MLAG peer switches through a regular LACP port channel interface On the Switch A and Switch B sides the ports connected to Switch C are configured with the same MLAG enabled port channel number Switch A Switch B MLAG Port Channel Switch C LACP PO IPL PO ...

Page 151: ...nected to MLAG peer switches Switch A and Switch B through a regular LACP port channel interface On the Switch A and Switch B sides the ports connected to the server are configured with the same MLAG enabled port channel number Similarly the ports connected to Uplink Switch 1 are configured with the same MLAG port channel number The reason for LAG in the uplink switch is to make sure the uplink sw...

Page 152: ...ected to MLAG peer switches Switch A and Switch B through the MLAG port channel interface On the Switch A and Switch B sides the ports connected to the server are configured with the same MLAG enabled port channel number Similarly the ports connected to Uplink Switch 1 and Uplink Switch 2 are configured with the same MLAG port channel number The reason for MLAG in the uplink switches is to make su...

Page 153: ...peers The MLAG system ID must be configured the same in both peer switches If this condition is not met the peer connection will not be established All the MLAG links connected to different partner devices in the switch will use this globally configured MLAG system ID The LACP globally unique system identifier is formed by combining the MLAG system ID and the MLAG system priority Follow the steps ...

Page 154: ...ority must be configured the same in both peer switches If this condition is not met the peer connection will not be established All the MLAG links connected to different partner devices in the switch will use this globally configured MLAG system priority The LACP globally unique system identifier is formed by combining the MLAG system ID and the MLAG system priority Follow the steps below to conf...

Page 155: ... secondary switch based on the switch system MAC address The switch with the lower MAC address will be the primary switch Follow the steps below to configure MLAG Keep alive time Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 mlag keepalive time 3 90 Configure the MLAG keepalive time Step 3 End Exits the configuration mode Step 4 show mlag detail Displays t...

Page 156: ...channel should exist as a LACP port channel prior to this IPL interface configuration Step 3 End Exits the configuration mode Step 4 show mlag detail Displays the MLAG configuration details Step 5 show mlag stp Displays the MLAG Spanning Tree details The no mlag interface command deletes the IPL interface The IPL interface cannot be deleted when IPL is in the established state swA configure termin...

Page 157: ...e switch and the partner device swA configure terminal swA config interface port channel 1 swA config if mlag enable swA end swA show mlag interface MLAGId Local Status Peer Status Po 1 UP UP The show interface port channel command also shows the basic port channel details for MLAG port channels 5 4 6 Other Configurations MLAG peer switches exchange only the dynamic learned specific information Th...

Page 158: ...Supermicro SSE F3548S SSE F3548SR Configuration User s Guide 158 QoS configurations related to MLAG interfaces MAC aging time Static MAC entries MTU on MLAG and IPL interfaces ...

Page 159: ...a loop free topology Spanning tree calculations are based on the following three key factors Bridge Identifier Combination of switch MAC address and switch spanning tree priority Path Cost Spanning tree path cost to the root switch Port Identifier Combination of port number and port priority When a switch boots up it assumes its role as the root switch It sends out spanning tree BPDUs with its bri...

Page 160: ...ction Procedure Spanning tree protocol selects one switch as the root switch for every switched LAN This root switch is used as the reference point to decide the spanning tree topology Based on the connections to this root switch the redundant links on the LAN are identified and blocked Spanning tree runs an election process to elect one switch as the root switch Spanning tree selects the switch w...

Page 161: ...oot switch 6 2 Spanning Tree Support Supermicro switches support STP RSTP and MSTP protocols based on standards IEEE 802 1D 2004 and 802 1s 6 3 Spanning TreeDefaults Parameter Default Value Spanning tree global status Enabled Spanning tree port status Enabled Spanning tree mode MST Switch priority 32768 Port priority 128 Port cost Port Speed Default Path Cost 10 Mbps 2000000 100 Mbps 200000 1 Gbps...

Page 162: ...ing tree information Step 5 write startup config Optional step saves this spanning tree configuration to be part of startup configuration The spanning tree command enables the spanning tree globally The examples below show ways to disable enable the spanning tree function on Supermicro switches Disable the spanning tree SMIS configure terminal SMIS config no spanning tree SMIS config end Enable th...

Page 163: ... 10 To provide multiple interfaces or ranges use separate with a comma E g int range fx 0 1 10 fx 0 20 Step 3 To disable the spanning tree in RST mode spanning tree disable To disable the default MST instance spanning tree spanning tree disable To disable the particular MST instance spanning tree spanning tree mst instance id disable Disables the spanning tree on the port instance id The MST insta...

Page 164: ...tch was configured earlier in RST mode follow the steps below to change to MST mode Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 spanning tree mode mst Configures the switch to operate in MST mode Step 3 end Exits the configuration mode Step 4 show spanning tree Displays the spanning tree mode information Step 5 write startup config Optional step saves th...

Page 165: ... as a range such as 5 10 User can configure VLANs with identifiers 1 to 4069 Step 4 name name string Configures the MST region name name string Alphanumeric case sensitive string with maximum length of 32 characters The default name is system MAC address Step 5 revision revision number Configures the MST region revision number revision number The MST revision number may be from 0 to 65535 The defa...

Page 166: ...tree mst configuration SMIS config mst noinstance 10 vlan 201 250 SMIS config mst end Delete the MST instance 10 SMIS configure terminal SMIS config spanning tree mst configuration SMIS config mst noinstance 10 SMIS config mst end 6 7 Configuring RSTP Spanning tree is enabled by default in MST mode in Supermicro switches Follow the steps below to change to RSTP Step Command Description Step 1 conf...

Page 167: ...smit and receive only STP BPDUs and will drop any received RSTP and MSTP BPDUS In MSTP mode the default compatibility is MSTP and in RSTP mode the default compatibility is RSTP Follow the steps below to configure the spanning tree compatibility Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 To force the spanning tree compatibility as STP spanning tree compa...

Page 168: ...teps below to change spanning tree priority Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 To configure the switch priority in RST mode spanning tree priority priority value To configure the switch priority for the default MST instance 0 spanning tree priority priority value To configure the switch priority for particular MST instance spanning tree mst inst...

Page 169: ...tance 0 SMIS configure terminal SMIS config spanning tree priority 4096 SMIS config end Configure the spanning tree switch priority as 4096 for the MST instance 10 SMIS configure terminal SMIS config spanning tree mst 10 priority 4096 SMIS config end 6 10 Port Priority When spanning tree detects multiple paths to the root switch in a loop condition it selects the port with the lowest path cost as ...

Page 170: ...interfaces or ranges use separate with a comma E g int range fx 0 1 10 fx 0 20 Step 3 To configure the port priority in RST mode spanning tree port priority priority value To configure the port priority for the default MST instance 0 spanning tree port priority priority value To configure the port priority for particular MST instance spanning tree mst instance id port priority priority value Confi...

Page 171: ...ity as 112 for the default MST instance 0 on port fx 0 1 SMIS configure terminal SMIS config interface fx 0 1 SMIS config if spanning tree port priority 112 SMIS config if end Configure the spanning tree port priority as 64 for the MST instance 10 on port cx 0 1 SMIS configure terminal SMIS config interface cx 0 1 SMIS config if spanning tree mst 10 port priority 64 SMIS config if end 6 11 Path Co...

Page 172: ...0 1 10 To provide multiple interfaces or ranges use separate with a comma E g int range fx 0 1 10 fx 0 20 Step 3 To configure the port priority in RST mode spanning tree cost cost value To configure the port priority for the default MST instance 0 spanning tree cost cost value To configure the port priority for particular MST instance spanning tree mst instance id cost cost value Configures the po...

Page 173: ...igure the spanning tree port priority as 200 for the default MST instance 0 on port fx 0 1 SMIS configure terminal SMIS config interface fx 0 1 SMIS config if spanning tree cost 200 SMIS config if end Configure the spanning tree port priority as 20 for the MST instance 10 on port cx 0 1 SMIS configure terminal SMIS config interface cx 0 1 SMIS config if spanning tree mst 10 cost20 SMIS config if e...

Page 174: ...anning tree hello time command resets the spanning tree port hello time to the default value of 2 seconds Follow the steps below to change the hello time for ports in MSTP Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 interface interface type interface id or interface range interface type interface id Enters the port interface mode interface type may be an...

Page 175: ...o configure the spanning tree port hello time Configure the spanning tree port hello time as 1 second in RST mode SMIS configure terminal SMIS config spanning tree hello time 1 SMIS config end Configure the MSTP hello time as 1 second for the port fx 0 1 SMIS configure terminal SMIS config interface fx 0 1 SMIS config if spanning tree mst hello time 1 SMIS config if end 6 13 Max Age Switches maint...

Page 176: ...priority values Step 5 write startup config Optional step saves this spanning tree configuration to be part of startup configuration The no spanning tree max age command resets the spanning tree max age to the default value of 20 The example below shows how to configure the spanning tree max age Configure the max age as 12 SMIS configure terminal SMIS config spanning tree max age12 SMIS config end...

Page 177: ... to be part of startup configuration The no spanning tree forward time command resets the spanning tree forwarding time to the default value of 15 The example below shows how to configure the spanning tree forward time Configure the forwarding time as 12 seconds SMIS configure terminal SMIS config spanning tree forward time 12 SMIS config end 6 15 Max Hops MSTP uses a hop count to decide the valid...

Page 178: ...ning tree was originally designed with 16 bit path costs This was good enough for fast Ethernet and Gigabit Ethernet speed links but not for 10Gb and higher speed ports Hence spanning tree protocol introduced support for 32 bit path costs The 16 bit path costs method is referred to as the short path cost method and the 32 bit path cost method is referred to as the long path costs method In MSTP an...

Page 179: ... helps control the BPDU burst traffic The switch limits the number of BPDUs sent in one second with the transmit hold count A higher transmit hold count value of allows switches to send more number of BPDUs for faster convergence But it might lead to high switch CPU utilization The default transmit hold count is 3 Follow the steps below to change the transmit hold count value Step Command Descript...

Page 180: ...ny switch becoming the root switch to maintain the optimized topology The root guard feature helps prevent any unexpected switch from becoming the root switch If the root guard feature is enabled on a port it prevents any switches connected to that port from becoming the root switch If any superior BPDU is received on the root guard enabled port the switch moves that port from a forwarding state t...

Page 181: ...n to be part of startup configuration The no spanning tree restricted role command resets the root guard feature to the default value of disabled The example below shows how to enable the root guard feature Enable the root guard feature on ports cx 0 1 and cx 0 2 SMIS configure terminal SMIS config interface range cx 0 1 2 SMIS config if spanning tree restricted role SMIS config if end 6 19 Topolo...

Page 182: ...mbers E g int range fx 0 1 10 To provide multiple interfaces or ranges use separate with a comma E g int range fx 0 1 10 fx 0 20 Step 3 spanning tree restricted tcn Enables the topology guard feature The default option is the topology guard feature disabled Step 4 end Exits the configuration mode Step 5 show spanning tree detail Displays the spanning tree topology guard information Step 6 write st...

Page 183: ...rs and servers Configuring port fast on ports that are connected to other switches might cause network loops The port fast feature is disabled on all ports by default Follow the steps below to enable the port fast feature on the ports Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 interface interface type interface id or interface range interface type inter...

Page 184: ...eature is used to detect the other end of a device attached to a port If no BPDU is received for a period of time on auto edge enabled ports the switch marks them as edge ports assuming they are not connected to other switches This helps quickly move the port to a forwarding state Also switches do not send topology change notifications when an edge port s status changes The auto edge feature is en...

Page 185: ...e part of startup configuration The example below shows how to disable the auto edge feature Disable the auto edge feature on ports cx 0 1 and cx 0 2 SMIS configure terminal SMIS config interface range cx 0 1 2 SMIS config if no spanning tree auto edge SMIS config if end 6 22 Link Type Spanning tree decides the link type based on the duplex mode of the ports It detects full duplex ports as point t...

Page 186: ...10 To provide multiple interfaces or ranges use separate with a comma E g int range fx 0 1 10 fx 0 20 Step 3 To configure the link type as point to point spanning tree link type point to point To configure the link type as shared spanning tree link type shared Configures the link type Step 4 end Exits the configuration mode Step 5 show spanning tree detail Displays the spanning tree auto edge info...

Page 187: ...s the root switch for the VLAN 100 instance 3 Configure switch C as the root switch for the VLAN 200 instance 4 Configure port fx 0 1 40 in all switches as port fast Figure MSTP Eg 1Spanning Tree MSTP Configuration Example Configurations on switch A SMIS configure terminal Create the VLANs 100 and 200 SMIS config vlan 100 200 SMIS config vlan exit Create MST instance for vlan 100 and 200 SMIS conf...

Page 188: ...g if exit Save this spanning tree configuration SMIS write startup config Building configuration Please wait May take a few minutes OK SMIS Configurations on switch B SMIS configure terminal Create the VLANs 100 and 200 SMIS config vlan 100 200 SMIS config vlan exit Create MST instance for vlan 100 and 200 SMIS config spanning tree mst configuration SMIS config mst instance 1 vlan 100 SMIS config ...

Page 189: ... 100 Bridge Address 00 30 48 a1 11 01 Priority 4096 Root Address 00 30 48 a1 11 01 Priority 4096 Root this switch for MST01 Fx0 47 of MST01 is Designated Forwarding Port info port id 128 47 priority 128 cost 200000 Designated root address 00 30 48 a1 11 01 priority 4096 cost 0 Designated bridge address 00 30 48 a1 11 01 priority 4096 port id 128 47 SMIS Save this spanning tree configuration SMIS w...

Page 190: ...led can cause temporary bridging loops Use with CAUTION SMIS config if exit Configure switch C as the root switch for VLAN 200 instance SMIS config spanning tree mst 2 priority 4096 SMIS config end Check the spanning tree MST configurations SMIS show spanning tree mst 2 detail MST02 Vlans mapped 200 Bridge Address 00 30 48 e3 56 12 Priority 4096 Root Address 00 30 48 e3 56 12 Priority 4096 Root th...

Page 191: ...Supermicro SSE F3548S SSE F3548SR Configuration User s Guide 191 SMIS write startup config Building configuration Please wait May take a few minutes OK SMIS ...

Page 192: ...witches wastes network bandwidth and computing resources In IP TV and other similar multicast intensive deployments this problem leads to considerable underutilization of network and compute resources Figure IGS 1 Multicast Forwarding without IGMP Snooping The IGMP snooping function helps switches to forward IPv4 multicast traffic to only the ports that require IPv4 multicast traffic This function...

Page 193: ...rmicro switches support the forwarding of multicast traffic based on MAC and IP addresses Supermicro switches support up to 255 multicast groups Parameter Default Value IGMP snooping global status Disabled IGMP snooping status in VLAN Disabled Multicast forwarding mode MAC based Send query on topology change Disabled Proxy report Enabled Router port purge interval 125 seconds Port purge interval 2...

Page 194: ... be provided as a range such as 5 10 If multiple VLANs are provided the next step will enable IGMP snooping on all these VLANs Step 4 ip igmp snooping Enables IGMP snooping on VLAN Step 5 end Exits the configuration mode Step 6 show ip igmp snooping globals show ip igmp snooping vlan vlan Displays the IGMP snooping information Step 7 write startup config Optional step saves this IGMP snooping conf...

Page 195: ...rminal Enters the configuration mode Step 2 vlan vlan list Enters the VLAN configuration mode vlan list may be any VLAN number or list of VLAN numbers Multiple VLAN numbers can be provided as comma separated values Consecutive VLAN numbers can be provided as a range such as 5 10 If multiple VLANs are provided the next step will be applied on all these VLANs Step 3 ip igmp snooping version v1 v2 v3...

Page 196: ...s router ports until IGMP control messages are received again This period of time is called the router port timeout value By default Supermicro switches have a router port timeout value of 125 seconds This value can be changed by following the steps below Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 ip igmp snooping mrouter time out timeout Configures the...

Page 197: ...10 If multiple VLANs are provided the next step will configurethe router ports for all these VLANs Step 3 ip igmp snooping mrouter interface type interface id Configures the router port interface type may be any of the following fx ethernet fx cx ethernet cx portchannel po interface id is in slot port format for all physical interfaces It may be the port channel identifier for port channel interfa...

Page 198: ...nd on that port the switch will assume no other IGMP hosts are connected on that port for the same group and will delete the corresponding port from the group entry on the multicast table Switches follow the above process only for IGMP version 2 leave messages The following parameters are used to control the leave message handling procedure in Supermicro switches Group Query Interval This configur...

Page 199: ...ow ip igmp snooping globals Displays the IGMP snooping group query interval information Step 5 write startup config Optional step saves this IGMP snooping configuration to be part of the startup configuration The no ip igmp snooping group query interval command resets the group query interval value to its default value of 2 seconds The example below shows the commands used to configure the group q...

Page 200: ...y message retry count as 3 SMIS configure terminal SMIS config ip igmp snooping retry count 3 SMIS config end 7 5 3 Immediate Leave The switch can be configured to immediately remove a port from the group entry on the multicast table if it receives an IGMP leave message without sending out group specific query messages This function is called immediate leave and it is configurable per a VLAN basis...

Page 201: ...ve command can be used to disable the immediate leave function for any VLAN The example below shows the commands used to enable the immediate leave function Enable the immediate leave for the VLANs 10 and 20 SMIS configure terminal SMIS config vlan 10 20 SMIS config vlan ip igmp snooping fast leave SMIS config vlan end 7 6 IGMP Snooping Querier The IGMP snooping function needs an IGMP router on th...

Page 202: ...t group entries in switches will not time out Supermicro switches do not act as an IGMP querier by default Users can configure the switch to act as an IGMP querier for any required VLANs When a Supermicro switch acts as an IGMP querier it sends queries every 125 seconds This periodic time interval can be configured for every VLAN Follow the steps below to configure a switch as an IGMP querier for ...

Page 203: ...ws the commands used to configure the switch to act as an IGMP querier Configure the switch to act as an IGMP querier for VLAN 10 and set the querier periodic interval to 300 seconds SMIS configure terminal SMIS config vlan 10 SMIS config vlan ip igmp snooping querier SMIS config vlan ip igmp snooping query interval 300 SMIS config vlan end 7 7 Report Forward When IGMP snooping is enabled Supermic...

Page 204: ...GMP host member reports only to the router port The example below shows the commands used to configure IGMP member report forwarding Configure the switch to forward the IGMP member report to all ports SMIS configure terminal SMIS config ip igmp snooping report forward all ports SMIS config end 7 8 Port Timeout Port Purge Interval A switch recognizes an IGMP host s connected ports by snooping the I...

Page 205: ...alue of 260 seconds The example below shows the commands used to configure the port purge interval value Configure the port purge interval value to 900 seconds SMIS configure terminal SMIS config ip igmp snooping port purge interval 900 SMIS config end 7 9 Report Suppression Interval Supermicro switches forward the IGMP member reports sent by the hosts to IGMP multicast routers To avoid forwarding...

Page 206: ...ppression interval value as 90 seconds SMIS configure terminal SMIS config ip igmp snooping report suppression interval 90 SMIS config end 7 10 Proxy Reporting IGMP snooping switches maintain the states of IGMP host members This information helps the switches send summarized IGMP reports to IGMP multicast routers This function of IGMP snooping is called proxy reporting This proxy reporting feature...

Page 207: ... enable the switch to send general IGMP queries when spanning tree topology change events occur When enabled in RSTP mode switches send general IGMP queries to all ports except for router ports In MSTP mode switches send general IGMP queries to all ports except for the router ports of the VLANs associated with topology changed MST instance Follow the steps below to enable the switch to send genera...

Page 208: ...de Step 2 no ip igmp snooping Disables IGMP snooping globally Step 3 vlan vlan list Enters the VLAN configuration mode vlan list may be any VLAN number or list of VLAN numbers Multiple VLAN numbers can be provided as comma separated values Consecutive VLAN numbers can be provided as a range such as 5 10 If multiple VLANs are provided the next step will disable IGMP snooping on all these VLANs Step...

Page 209: ...for this group 3 Use IGMP v2 for group 225 0 0 1 and also enable fast leave since hosts are directly connected to the switch 4 Disable the proxy reporting 5 Enable the switch to send general IGMP queries when spanning tree topology changes Figure IGS 4IGMP Snooping Configuration Example SMIS configure terminal Create all the required VLANs first SMIS config vlan 10 20 SMIS config vlan exit Add mem...

Page 210: ...nterface SMIS config int port channel 1 SMIS config if exit Add member ports to the port channel 1 interface SMIS config int range cx 0 3 4 SMIS config if channel group 1 mode active SMIS config if exit Configure the VLAN requirements for the port channel 1 interface SMIS config int port channel 1 SMIS config if switchport mode trunk SMIS config if switchport trunk native vlan 10 SMIS config if ex...

Page 211: ...ble proxy reporting SMIS config no ip igmp snooping proxy reporting Req 5 Enable the switch to send general IGMP queries when spanning tree topology changes SMIS config ip igmp snooping send query enable Check the running configuration for accuracy SMIS show running config Building configuration ID Hardware Version Firmware OS Boot Loader0 SSE F3548 1 0 0 0 6 0 0 0 0interface port channel 1 exit v...

Page 212: ...an 20 switchport mode trunk interface Fx 0 4 switchport trunk allowed vlan 20 switchport mode trunk interface Fx 0 5 switchport trunk allowed vlan 20 switchport mode trunk interface Fx 0 6 switchport trunk allowed vlan 20 switchport mode trunk interface Fx 0 7 switchport trunk allowed vlan 20 switchport mode trunk interface Fx 0 8 switchport trunk allowed vlan 20 switchport mode trunk interface Fx...

Page 213: ... 10 switchport mode access interface Fx 0 22 switchport access vlan 10 switchport mode access interface Fx 0 23 switchport access vlan 10 switchport mode access interface Fx 0 24 switchport access vlan 10 switchport mode access interface Fx 0 25 switchport access vlan 10 switchport mode access interface Fx 0 26 switchport access vlan 10 switchport mode access interface Fx 0 27 switchport access vl...

Page 214: ...s interface Fx 0 31 switchport access vlan 10 switchport mode access interface Fx 0 32 switchport access vlan 10 switchport mode access interface Fx 0 33 switchport access vlan 10 switchport mode access interface Fx 0 34 switchport access vlan 10 switchport mode access interface Fx 0 35 switchport access vlan 10 switchport mode access interface Fx 0 36 switchport access vlan 10 switchport mode acc...

Page 215: ... 0 40 switchport access vlan 10 switchport mode access interface Cx 0 1 switchport trunk allowed vlan 20 switchport mode trunk interface Cx 0 3 channel group 1 mode active interface Cx 0 4 channel group 1 mode active interfacepo 1 switchport trunk native vlan 10 switchport mode trunk exit ip igmp snooping noip igmp snooping proxy reporting vlan 20 ip igmp snooping fast leave ip igmp snooping versi...

Page 216: ...al is 260 seconds Report forward interval is 5 seconds Group specific query interval is 2 seconds Reports are forwarded on router ports Group specific query retry count is 2 SMIS show ip igmp snooping vlan 10 Snooping VLAN Configuration for the VLAN 10 IGMP Snooping enabled IGMP Operating version is V3 Fast leave is disabled Snooping switch is acting as Non Querier Query interval is 125 seconds SM...

Page 217: ... s Guide 217 Snooping switch is configured as Querier Snooping switch is acting as Querier Query interval is 125 seconds SMIS Save this port channel configuration SMIS write startup config Building configuration Please wait May take a few minutes OK SMIS ...

Page 218: ...r 2 Layer 3 and Layer 4 headers ASIC then looks up the ACL tables to find a matching ACL rule for the extracted content of the packet ASIC compares the values of the configured fields only and treats all other fields as do not care Once a matching ACL is found ASIC stops looking in that ACL table ASIC applies the configured action of the matching ACL rule to the matched packet This could result in...

Page 219: ...raffic based on fields in an IP header ICMP header TCP header and UDP header Users can configure the traffic flow based on source IP address destination IP address protocol field in IP header TOS field in IP header or by using a DSCP priority in an IP header Users can also configure the traffic flow based on ICMP message type ICMP message code TCP port number or UDP port number Users can choose to...

Page 220: ...ority ACL rules take precedence over lower priority rules In case of multiple rules with the same priority value rules that were created earlier will take precedence over those created later If the user does not specify the priority all rules will have a priority value of 1 by default 8 2 1 Creating MAC Extended ACLs Follow the steps below to create a MAC Extended ACL Step Command Description Step...

Page 221: ...gn a priority for this ACL rule This priority is an optional parameter It can be any value from 1 to 255 The default value is 1 Redirect ACL rule needs additional interface type interface id parameters to definethe port to which the packets matching this ACL rule need to be redirected Step 4 show access lists Displays the configured ACL rules Step 5 write startup config Optional step Saves this AC...

Page 222: ...h a deny permit or redirect rule the previously configured rule and its parameters for that ACL will be completely overwritten with the newly provided rules and parameters When an ACL rule is modified it is removed from the hardware ACL table and added back based on the priority of the rule The below example shows a MAC Extended ACL rule 50 that is created and later modified with different paramet...

Page 223: ...hysical interfaces by default If users prefer to apply any MAC Extended ACL only to certain ports the steps below need to be followed 8 2 5 ACL Ingress Port Configuration User can associate an ACL with multiple ingress ports Follow the steps below to add ingress port s to an ACL Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 Interface interface type interfa...

Page 224: ...his port access list number the ACL number that needs to be removed from this interface access list name the name of the ACL which needs to be removed from this interface Step 4 show access lists Displays the configured ACL rules to make sure this port is removed from required ACL Step 5 write startup config Optional step Saves this ACL configuration to be part of startup configuration 1 When a MA...

Page 225: ...dded access list name the name of the ACL that needs to be added Step 4 show access lists Displays the configured ACL rules to make sure this port is added to the required ACL Step 5 write startup config Optional step Saves this ACL configuration to be part of startup configuration The example below shows applying a MAC Extended ACL rule 100 to egress port fx 0 1 SMIS configure terminal SMIS confi...

Page 226: ...mands used for removing a MAC Extended ACL from a port SMIS configure terminal SMIS config int fx 0 1 SMIS config if no mac access group 100 in 8 2 7 Displaying MAC Extended ACLs Step Command Description Step 1 show access lists or show access lists mac access list number 1 32768 access list name Enters the configuration mode access list number the ACL number that needs to be displayed access list...

Page 227: ...be inactive The below example displays a MAC Extended ACL SMIS show access lists mac 100 Extended MAC Access List 100 Filter Priority 1 Protocol Type 0 EncapType 0 Vlan Id Destination MAC Address 00 25 90 01 02 03 Source MAC Address 00 00 00 00 00 00 In Port List Fx0 2 Out Port ALLFilter Action Deny Status Active 8 2 8 MAC Extended ACL Configuration This example describes the commands required to ...

Page 228: ...IP Standard ACL can be defined with only one rule To implement multiple rule ACLs configure multiple IP Standard ACLs There is no implied deny all rule in Supermicro switch ACLs By default all packets not matching a configured ACL rule will be forwarded automatically For any traffic to be denied it has to be configured with an explicit deny rule The permit rule is widely used for QoS applications ...

Page 229: ...ated later If the user does not specify the priority all rules will have a priority value of 1 by default The priority for the IP standard ACL rule deny any any is fixed as 1 Users cannot configure the deny any any rule with different priority value Since this rule will drop all the IP packets this rule is added at the end of the IP ACL table on the hardware IP Standard ACLs and IP Extended ACLs s...

Page 230: ...rtup config Optional step Saves this ACL configuration to be part of startup configuration Every ACL is applied to all ports by default If any ACL needs to be applied only to particular ports it needs to be configured as described in section Applying IP ACL to Interfaces The examples below show different ways to create IP Standard ACLs Create a deny IP Standard ACL with ACL number 100 to deny all ...

Page 231: ...config std nacl deny 172 10 0 0 255 255 0 0 any Modify this ACL rule 50 to deny traffic destined to a particular host IP instead of to any SMIS configure terminal SMIS config ip access list standard 50 SMIS config std nacl deny 172 10 0 0 255 255 0 0 host 172 50 0 1 8 3 3 Removing IPStandard ACLs Follow the below steps to remove IP Standard ACLs Step Command Description Step 1 configure terminal E...

Page 232: ... Defines the port or port lists on which this IP Standard Extended ACL needs to be applied Step 3 ip access group access list number 1 32768 access list name in Adds the IP Standard Extended ACL to this ingress port access list number the ACL number that needs to be added access list name the name of the ACL which needs to be added Step 4 show access lists Displays the configured ACL rules to make...

Page 233: ...emoved from all the ports it was applied to that ACL will become a switch wide ACL applied to all physical ports 2 IP Standard and Extended ACLs can be added only to physical ports like fx or cx ports ACLs cannot be added to Layer 3 vlan interfaces or port channel interfaces 3 An IP Standard Extended ACL can be applied to many ports by following the above steps In the same way many IP Standard Ext...

Page 234: ...0 out SMIS config if exit Removing anIPStandard Extended ACL from an egressport Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 interface interface type interface id The egress port from which this IP Standard or Extended ACL needs to be removed Step 3 no ip access group access list number 1 32768 access list name out Removes the IP Standard Extended ACL fro...

Page 235: ...cess list name the name of the ACL that needs to be displayed Theshow command displays the following information for every IP Standard ACL Source IP Address Configured source host or subnet IP address Displays 0 0 0 0 for any source IP Source IP Address Mask Configured source subnet IP mask For host IP address the mask will be displayed as 255 255 255 255 Destination IP Address Configured destinat...

Page 236: ...he following ACL requirements on the network setup shown in Figure ACL 2 ACL 1 Deny all traffic going from 172 20 0 0 network to 172 100 0 0 network but allow only server 172 20 20 1 to access the 172 100 0 1 gateway ACL 2 Redirect all traffic destined to IP 172 10 0 0 network to server 172 10 10 10 Figure ACL 2 IP Standard ACL Example 1 ACL 1 Configuration This ACL has two rules one to allow traf...

Page 237: ...es are useful when all traffic is denied by a rule and a few specific hosts are to be permitted IP Extended ACLs allow users to configure traffic flow with the following fields IP Protocol Source IP Address Destination IP Address Type Of Service TOS DSCP TCP Source Port Destination Port TCP message type acknowledgement reset UDP Source Port Destination Port ICMP Message Type Message Code IP Extend...

Page 238: ... dest ip address mask tos value 0 255 dscp value 0 63 priority value 1 255 or permit ip ospf pim protocol type 1 255 any host src ip address src ip address mask any host dest ip address dest ip address mask tos value 0 255 dscp value 0 63 priority value 1 255 or redirect interface type interface id ip ospf pim protocol type 1 255 any host src ip address src ip address mask any host dest ip address...

Page 239: ... the configured ACL rule Step 5 write startup config Optional step Saves this ACL configuration to be part of startup configuration The examples below show various ways to create an IP Extended ACL for IP traffic Create a deny IP Extended ACL with ACL number 100 to deny all traffic from IP 172 10 10 10 with TOS8 SMIS configure terminal SMIS config ip access list extended 100 SMIS config ext nacl d...

Page 240: ...scp value 0 63 priority short 1 255 or redirect interface type interface id tcp any host src ip address src ip address src mask eq port number 0 65535 any host dest ip address dest ip address dest mask eq port number 0 65535 ack rst tos value 0 255 dscp value 0 63 priority short 1 255 Configures a deny permit or redirect ACL rule The source and destination IP addresses are provided with the keywor...

Page 241: ...4 show access lists Displays the configured ACL rule Step 5 write startup config Optional step Saves this ACL configuration to be part of startup configuration The examples below show various ways to create IP Extended ACLs for TCP traffic Create a deny IP Extended ACL with ACL number 100 to deny all traffic toTCP port 23 SMIS configure terminal SMIS config ip access list extended 100 SMIS config ...

Page 242: ...riority short 1 255 or redirect interface type interface id tcp any host src ip address src ip address src mask eq port number 0 65535 any host dest ip address dest ip address dest mask eq port number 0 65535 tos value 0 255 dscp value 0 63 priority short 1 255 Configuresa deny permit or redirect ACL rule The source and destination IP addresses can be provided with keyword host The keyword anycan ...

Page 243: ... ACLs for TCP traffic Create a deny IP Extended ACL with ACL number 100 to deny all traffic toUDP port 1350 SMIS configure terminal SMIS config ip access list extended 100 SMIS config ext nacl deny udp any anyeq 1350 Create a deny IP Extended ACL with ACL name acl_cw3 to deny all UDP traffic on 172 20 0 0 network SMIS configure terminal SMIS config ip access list extended acl_cw3 SMIS config ext n...

Page 244: ...mit or redirect ACL rule The source and destination IP addresses can be provided with keyword host The keyword anycan be used to refer to any IP addresses To configure a network IP the address and mask should be provided To apply this rule to ICMP packets with specific message types or message codes usersshould provide matching values for ICMP message types and ICMP message codes The priority keyw...

Page 245: ...fy an ACL with a deny permit or redirect rule the previously configured rule and its parameters for that ACL will be completely overwritten with the newly provided rules and parameters When an ACL rule is modified it is removed from the hardware ACL table and added back based on the priority of the rule The example below shows an IP Extended ACL rule 100 being created and then modified with differ...

Page 246: ... procedure used for IP Standard ACLs Hence refer to the section Apply IP ACL to Interfaces 8 3 17 Displaying IP Extended ACLs Step Command Description Step 1 show access lists or show access lists ext ip access list number 1 32768 access list name Enters the configuration mode access list number the ACL number that needs to be displayed access list name the name of the ACL that needs to be display...

Page 247: ...eeds to be applied to all ports Ports Till will be 65535 Destination Ports From Starting TCP UDP destination port If the ACL needs to be applied to only one port the Ports From will specify that port If the ACL needs to be applied to all ports Ports From will be 0 Destination Ports Till Starting TCP UDP destination port If the ACL needs to be applied to only one port the Ports Till will specify th...

Page 248: ...5 0 0 Destination IP address 0 0 0 0 Destination IP address mask 0 0 0 0 In Port List ALL Out Port ALL Filter TOS Filter DSCP Filter Source Ports From 0 Filter Source Ports Till 65535 Filter Destination Ports From 25 Filter Destination Ports Till 25 Filter Action Permit Status Active IP Extended ACLs with ICMP rules display the following fields SMIS show access lists ext ip 100 Extended IP Access ...

Page 249: ...0 Filter Source Ports Till 65535 Filter Destination Ports From 1001 Filter Destination Ports Till 65535 Filter Action Deny Status Active 8 4IP Extended ACL Configuration Example 1 This example describes the commands required to implement the following ACL requirements on the network setup shown in Figure ACL 3 ACL 1 Allow SMTP TCP traffic fromthe 172 20 0 0 network and deny all other TCP traffic f...

Page 250: ... create the deny rule for the subnet 172 20 0 0 SMIS configure terminal SMIS config ip access list extended acl_1b SMIS config ext nacl deny tcp 172 20 0 0 255 255 0 0 any ACL 2 Configuration SMIS configure terminal SMIS config ip access list extended 100 SMIS config ext nacl redirect fx 0 1 icmp any 172 10 0 0 255 255 0 0 ACL 3 Configuration SMIS configure terminal SMIS config ip access list exte...

Page 251: ...service CoS value as a 3 bit field in the VLAN Header Layer 2 CoS values range from 0 for low priority to 7 for high priority The sameforwarding treatment is provided to packets with the same class information and different treatment to packets withdifferent class information The class information in the packet can be assigned by end hosts or byother switches or routers based on a configured polic...

Page 252: ...ions at the egress interface include queuing and scheduling Queuing evaluates the CoS value and determines in which of the eight egress queues to placethe packet Scheduling services the eight egress queues based on a configured scheduling algorithm Parameter Default Value QoS Status Disabled Class Map None Policy Map None Default Priority 0 Minimum Bandwidth 0 Maximum Bandwidth 0 Weight 1 Scheduli...

Page 253: ...cro switches marking can be configured using a policy map 9 1 1 1 ClassMap and PolicyMap IP standard IP extended and Layer 2 MAC access control lists ACLs can be used to define a group ofpackets with the same characteristics class Only the permit action of ACL s is permitted for use with QoS The Deny and Redirect ACL actions are not applicable for QoS Afteran ACL is associated with a class map it ...

Page 254: ...h traffic class is mapped to eight egress queues in the switch The traffic class is taken from the CoS value of the ingress packet If an ingress packet does not have a CoS untagged packets the port default priority will be used Ingress Packets CoS to Traffic class mappingEgress QueueEgress Packets Figure QoS 3 Egress Queuing The above figure shows the egress queuing procedure When a tagged packet ...

Page 255: ...priority queues can send packets even when high priority queues are not empty DeficitWRR Bandwidth allocation can be unfair when the average packet sizes are different between the queues and their flows This behavior can result in service degradation for queues with smaller average packet sizes Deficit Weighted Round Robin DWRR is a modified weighted round robin scheduling that can handle packets ...

Page 256: ...c that exceeds the rate limit is dropped Supermicro switches support output rate limits 9 4HOLBlocking Prevention Supermicro switches provide eight egress queues per port Each queue has a dynamic packet limit based on the availability of packet buffer memory When a switch receives packets at a fast rate destined to a particular egress port its egress port queuesbecome filled up When the egress que...

Page 257: ...cription Step 1 configure terminal Enters the configuration mode Step2 Create MAC Extended or IP Standard or IP Extended ACL If required apply ACL to specific Interface s Refer to the ACL Configuration Guide atwww supermicro com products nfo networking cfm Step 3 class map class map number 1 65535 Creates a class map and enters the class map configuration mode class map number QoS class map number...

Page 258: ... Uponexecution of theclass command the switch enters the policy map class configuration mode class map number The class map number to associate the policy in range of 1 65535 Step 8 set cos new cos 0 7 ipdscp new dscp 0 63 ip precedence new precedence 0 7 Optional Configures the in profile action by setting a class of service CoS differentiatedservices code point DSCP or IP precedence value in the...

Page 259: ...before the class map configuration i e after associating the ACL with a classmap using the match command the ACL cannot be associated with an interface These commands either delete the particular configuration or reset it to its default value no class map class map number 1 65535 no policy map policy map number 1 65535 no class class map number 1 65535 Before deleting a classmap any policy map ass...

Page 260: ...nfig pmap c end SMIS config mac access list extended mac2 SMIS config ext macl permit host 00 b0 d0 86 bb f7 any SMIS config ext macl exit SMIS config interface Fx 0 3 SMIS config if mac access group mac2 in SMIS config if exit SMIS config class map 10 SMIS config cmap match access group mac access list mac2 SMIS config cmap exit SMIS config policy map 10 SMIS config pmap class 10 Existing policym...

Page 261: ...ntry In profile action policed cos6 Policy Map 10 is active Class Map 10 In Profile Entry In profile action policed cos7 SMIS show class map DiffServ Configurations Class map 5 Filter ID mac1 Filter Type MAC FILTER DiffServ Configurations Class map 10 Filter ID mac2 Filter Type MAC FILTER SMIS show running config ...

Page 262: ...ts cx 0 1 3 untagged exit mac access list extended mac1 permit host 00 30 48 14 c8 29 any exit mac access list extended mac2 permit host 00 b0 d0 86 bb f7 any exit interface Fx 0 3 mac access group mac1 in mac access group mac2 in exit setqos enable class map 5 match access group mac access list mac1 exit class map 10 match access group mac access list mac2 exit policy map 5 class 5 setcos 6 exit ...

Page 263: ... its DSCP is marked down to a value of 10 and transmitted SMIS configure terminal SMIS config ip access list standard 1 SMIS config std nacl permit 20 1 0 0 255 255 0 0 any SMIS config std nacl exit SMIS config set qos enable SMIS config class map 1 SMIS config cmap match access group ip access list 1 SMIS config cmap exit SMIS config policy map 1 SMIS config pmap class 1 Existing policymap config...

Page 264: ...000 Out profile action policed dscp 10 SMIS show class map DiffServ Configurations Class map 1 Filter ID 1 Filter Type IP FILTER SMIS show running config Building configuration ID Hardware Version Firmware OS Boot Loader 0 SSE F3548 1 0 0 0 6 0 0 0 0 vlan 1 ports fx 0 1 24 untagged ports cx 0 1 3 untagged exit ip access list standard 1 permit 20 1 0 0 255 255 0 0 any exit ...

Page 265: ...raffic class Traffic class value 0 7 Maps a priority to a traffic class in the switch The frame received with the configured priority will be processed in the configured traffic class Priority Priority of the packet in range of 0 7 Class Traffic class in range of 0 7 Step 3 interface interface type interface id or interface range interface type interface id Optional Enters the interface configurat...

Page 266: ...eue minimum and maximum bandwidth weight Configures the queue weights in range of 0 15 minbandwidth Configures the minimum bandwidth for the queue in range of 64 16777152 maxbandwidth Configures the maximum bandwidth for the queue in range of 64 16777152 Step 7 End Exits the configuration mode Step 8 show vlan port config port interface type interface id show vlan traffic classes Displays the port...

Page 267: ...port Fx 0 10 Vlan Port configuration table Port Fx0 10 Port Vlan ID 1 Port Access Vlan ID 1 Port Acceptable Frame Type Admit All Port Ingress Filtering Disabled Port Mode Hybrid Port Gvrp Status Disabled Port Gmrp Status Disabled Port Gvrp Failed Registrations 0 Gvrp last pdu origin 00 00 00 00 00 00 Port Restricted Vlan Registration Disabled Port Restricted Group Registration Disabled Mac Based S...

Page 268: ...config interface Fx 0 8 SMIS config if cosq scheduling algorithm wrr SMIS config if end SMIS show cosq algorithm CoSq Algorithm Interface Algorithm Fx0 1 StrictPriority Fx0 2 StrictPriority Fx0 3 StrictPriority Fx0 4 StrictPriority Fx0 5 StrictPriority Fx0 6 StrictPriority Fx0 7 StrictPriority Fx0 8 WeightedRoundRobin Fx0 9 StrictPriority Fx0 10 StrictPriority Fx0 11 StrictPriority Fx0 12 StrictPr...

Page 269: ...Fx0 24 StrictPriority Cx0 1 StrictPriority Cx0 2 StrictPriority Cx0 3 StrictPriority Cx0 3 StrictPriority Example 3 Egress Bandwidth SMIS configure terminal SMIS config set qos enable SMIS config interface Fx 0 15 SMIS config if traffic class 6 weight 7 minbandwidth 6400 maxbandwidth 6400000 SMIS config if end SMIS show cosq weights bw interface Fx 0 15 CoSq Weights and Bandwidths Interface CoSqId...

Page 270: ...0 0 Fx0 15 5 1 0 0 Fx0 15 6 7 6400 6400000 Fx0 15 7 1 0 0 Example 4 Egress Queue SMIS configure terminal SMIS config vlan map priority 2 traffic class 7 SMIS config end SMIS show vlan traffic classes Priority to Traffic Class Queue Mapping Priority Traffic Class Queue 0 0 1 1 2 7 3 3 4 4 5 5 ...

Page 271: ...10 1 Port Mirroring Defaults Parameter Default Value Port mirroring Disabled Port mirroring direction Both 10 2 Configure Port Mirroring in CLI Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 Monitor session session number 1 4 destination interface interface type interface id Configure Port Mirroring session_number 1 indicates only one session is supported D...

Page 272: ... one session it can not be used in another session unless the port is removed first Destination port does not have this restriction The mirroring action is carried out only when both destination port and source port s are in place for the same session Hence the execution to carry out a mirroring action generally is composed of these commands The first command will establish the mirroring session w...

Page 273: ...e commands used to configure Port Mirroring SMIS configure terminal SMIS config monitor session destination interface fx 0 48 SMIS config monitor session source interface fx 0 22 SMIS config monitor session source interface fx 0 23 SMIS config monitor session source interface fx 0 24 SMIS config monitor session source interface fx 0 25 SMIS config end SMIS show port monitoring Port Monitoring is e...

Page 274: ...sabled Fx0 30 Disabled Disabled Fx0 31 Disabled Disabled Fx0 32 Disabled Disabled Fx0 33 Disabled Disabled Fx0 34 Disabled Disabled Fx0 35 Disabled Disabled Fx0 36 Disabled Disabled Fx0 37 Disabled Disabled Fx0 38 Disabled Disabled Fx0 39 Disabled Disabled Fx0 40 Disabled Disabled Fx0 41 Disabled Disabled Fx0 42 Disabled Disabled Fx0 43 Disabled Disabled Fx0 44 Disabled Disabled Fx0 45 Disabled Di...

Page 275: ...ntary traps to SNMP managers Traps are sent to alert the SNMP managers on events happening on the switch The SNMP manager is an NMS application It monitors and manages switches by communicating to the SNMP agents running on the switch The SNMP manager application provides command or graphical interfaces to the network administrators to help them manage the networks There are three versions of SNMP...

Page 276: ...ticate user login V3 noAuthNoPriv User name None User configuration is used to authenticate user login V3 Auth MD5 or SHA None MD5 or SHA algorithm is used to verify user login V3 Priv None DES DES is used to encrypt all SNMP messages SNMP uses multiple messages between managers and agents The below table describes the SNMP messages Message Type Originator Receiver Purpose get request Manager Agen...

Page 277: ...rs SNMP users have a specified username authentication password privacy password if required and authentication and privacy algorithms to use SNMP Groups When a user is created it is associated with an SNMP group SNMPv3 groups are the means by which users are assigned their views and access control policy SNMP View An SNMP MIB view is a defined list of objects within the MIB that can be used to co...

Page 278: ...ad access to the entire MIB but write access only for certain MIB objects 11 3 1 Configuration Steps The sequence of steps for SNMP Configuration in Supermicro switches are 1 Create a User Name 2 Create a community name and associate user with the community Optional 3 Create a group and associate the user name with the group name 4 The view is then defined to include or exclude whole part MIB sub ...

Page 279: ...t Parameters Internet test1 Storage Type Volatile Context None SNMP Port 161 SNMP Trap Port 162 Trap Status Enabled Authentication Trap Disabled Link State Trap Enabled Switch Name SMIS System Contact http www supermicro com System Location Supermicro 11 5 Enable Disablethe SNMP Agent The SNMP Agent is enabled by default in Supermicro switches Follow the steps below to disable the SNMP agent Step ...

Page 280: ...d Enable the SNMP agent SMIS configure terminal SMIS config enable snmpagent SMIS config end 11 5 1 Switch Name Supermicro switches can be assigned a name for identification purposes The default switch name isSMIS The switch name is also used as a prompt Follow the steps below to configure the switch name Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 devic...

Page 281: ...Initiated Config Restore Option No restore Config Restore Filename iss conf Config Save IP Address 0 0 0 0 Device Up Time 0 days 0 hrs 1 mins 11 secs Boot up Flash Area Normal NTP Broadcast Mode No NTP ntp is disabled Server Key Prefer Key Key Time zone offset not set 11 5 2 Switch Contact Supermicro switches provide an option to configure the switch in charge Contact details usually anemail ID Fo...

Page 282: ...4 46 53 System Contact User1 at CA System Location Supermicro Logging Option Console Logging Login Authentication Mode Local Snoop Forward Mode MAC based Config Restore Status Not Initiated Config Restore Option No restore Config Restore Filename iss conf Config Save IP Address 0 0 0 0 Device Up Time 0 days 0 hrs 50 mins 51 secs Boot up Flash Area Normal NTP Broadcast Mode No NTP ntp is disabled S...

Page 283: ...gure system location SMIS configure terminal SMIS config system location Santa Clara SMIS config end SMIS show system information Switch Name SMIS Switch Base MAC Address 00 30 48 e3 70 bc SNMP EngineID 80 00 08 1c 04 46 53 System Contact http www supermicro com System Location Santa Clara Logging Option Console Logging Login Authentication Mode Local Snoop Forward Mode MAC based Config Restore St...

Page 284: ...teps below to configure the SNMP Engine Identifier Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 snmpengineid EngineIdentifier Configures the SNMP Engine Identifier EngineIdentifier Hexadecimal number with length between 5 and 32 octets Each octet should be separated by a period Step 3 end Exits the configuration mode Step 4 show snmpengineID Displays the ...

Page 285: ...terminal Enters the configuration mode Step 2 snmp community index CommunityIndex name CommunityName security SecurityName context name volatile nonvolatile transporttag TransportTagIdentifier none Configures the SNMP community CommunityIndex Alphanumericvalue with a maximum of 32 characters CommunityName Alphanumeric value with a maximum of 255 characters SecurityName This is the user name associ...

Page 286: ...nsport Tag Storage Type Volatile Row Status Active Community Index PUBLIC Community Name PUBLIC Security Name none Context Name Transport Tag Storage Type Volatile Row Status Active Community Index test1 Community Name test1 Security Name user1 Context Name Transport Tag Storage Type Non volatile Row Status Active 11 6 3 User SNMP user configuration is used only for SNMPv3 An SNMP user requests an...

Page 287: ...racters Use volatileif the value need not be stored in NVRAM Use nonvolatile if the value must be stored in NVRAM and available after restart Step 3 end Exits the configuration mode Step 4 show snmp user Displays the SNMP user information Step 5 write startup config Optional step saves this SNMP configuration to be part of the startup configuration The no snmp user UserName command deletes the spe...

Page 288: ...53 User templateSHA Authentication Protocol SHA Privacy Protocol DES_CBC Storage Type Volatile Row Status Active 11 6 4 Group A group identifies a set of users in SNMPv3 Follow the steps below to configure an SNMP group Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 snmp group GroupName user UserName security model v1 v2c v3 volatile nonvolatile Configures ...

Page 289: ...the specified group The example below shows the commands used to configure the SNMP group SMIS configure terminal SMIS config snmp group group5 user user5 security model v3 SMIS end SMIS show snmp group Security Model v1 Security Name none Group Name iso Storage Type Volatile Row Status Active Security Model v2c Security Name none Group Name iso Storage Type Volatile Row Status Active Security Mod...

Page 290: ...eps below to configure the SNMP view Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 snmpview ViewName OIDTree mask OIDMask included excluded volatile nonvolatile Configures the SNMP view ViewName Alphanumeric value with a maximum of 40 characters OIDTree OID number with a maximum of 32 numbers OIDMask OID number with a maximum of 32 numbers Use includedto s...

Page 291: ...ve View Name view1 Subtree OID 1 3 6 1 Subtree Mask 1 1 1 1 View Type Included Storage Type Volatile Row Status Active View Name Restricted Subtree OID 1 Subtree Mask 1 View Type Excluded Storage Type Non volatile Row Status Active 11 6 6 Group Access Group access defines the access policy for a set of users belonging to a particular group Group access is used only for SNMPv3 Follow the steps belo...

Page 292: ... sub tree used in notification Alphanumeric value with a maximum of 40 characters Use volatileif the value need not be stored in NVRAM Use nonvolatile if the value must be stored in NVRAM and available after restart Step 3 end Exits the configuration mode Step 4 show snmp group access Displays the SNMP group access information Step 5 write startup config Optional step saves this SNMP configuration...

Page 293: ...w iso Write View iso Notify View iso Storage Type Volatile Row Status Active Group Name iso Read View iso Write View iso Notify View iso Storage Type Volatile Row Status Active Group Name group5 Read View view1 Write View view2 Notify View Storage Type Non volatile Row Status Active Group Name Initial Read View Restricted Write View Rrestricted Notify View Restricted Storage Type Non volatile Row ...

Page 294: ...ep 2 snmptargetaddr TargetAddressName param ParamName IPAddress IP6Address timeout Seconds 1 1500 retries RetryCount 1 3 taglist TagIdentifier none volatile nonvolatile Configures the SNMP target address information TargetAddressName Alphanumeric value with a maximum of 40 characters ParamName The parameter to be notified to the specific target Alphanumeric value with a maximum of 40 characters IP...

Page 295: ...ow shows the commands used to configure the SNMP target address SMIS configure terminal SMIS config snmptargetaddr host1 param param1 192 168 1 10 taglist tg1 SMIS end SMIS show snmptargetaddr Target Address Name host1 IP Address 192 168 1 10 Tag List tg1 Parameters param1 Storage Type Volatile Row Status Active 11 7 2 Target Parameters Target parameters define the MIB objects that should be notif...

Page 296: ...M Use nonvolatile if the value must be stored in NVRAM and available after restart Step 3 end Exits the configuration mode Step 4 show snmptargetparam Displays the SNMP target parameters information Step 5 write startup config Optional step saves this SNMP configuration to be part of the startup configuration The no snmptargetparams ParamName command deletes the specified SNMP target parameters in...

Page 297: ...tus Active 11 7 3 SNMP Notify Notify is used to specify the type of notifications to be sent to particular targets that are grouped under a particular tag Follow the steps below to configure the SNMP Notification Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 snmp notify NotifyName tag TagName type Trap Inform volatile nonvolatile Configures the SNMP Notify...

Page 298: ...cified SNMP notification The example below shows the commands used to configure the SNMP notification SMIS configure terminal SMIS config snmp notify PUBLIC tag tag1 type trap nonvolatile SMIS config end SMIS show snmpnotif Notify Name PUBLIC Notify Tag tag1 Notify Type trap Storage Type Non volatile Row Status Active Notify Name iss Notify Tag iss Notify Type trap Storage Type Volatile Row Status...

Page 299: ...s default value of 162 The example below shows the commands used to configure the SNMP UDP port for traps SMIS configure terminal SMIS config snmp server trap udp port 170 SMIS config end SMIS config show snmp server traps SNMP Trap Listen Port is 170 Currently enabled traps linkup linkdown Login Authentication Traps DISABLED 11 7 5 Authentication Traps Traps can be generated when a user login aut...

Page 300: ...config show snmp server traps SNMP Trap Listen Port is 162 Currently enabled traps linkup linkdown Login Authentication Traps ENABLED 11 7 6 Link State Trap Link state traps are enabled for all interfaces by default in Supermicro switches Traps are generated when an interface toggles its state from Up to down or vice versa Follow the steps below to disable SNMP Link state trap Step Command Descrip...

Page 301: ...a E g int range fx 0 1 10 fx 0 20 If multiple interfaces are provided the next step will perform the particular configuration on all these interfaces Step 3 no snmp trap link status Disables the SNMP link state trap on the particular interface Step 4 end Exits the configuration mode Step 5 show snmp Displays the SNMP information Step 6 write startup config Optional step saves this SNMP configurati...

Page 302: ...Broadcast Packets 0 Multicast Packets 9 Pause Frames 0 Undersize Frames 0 Oversize Frames 0 CRC Error Frames 0 Discarded Packets 0 Error Packets 0 Unknown Protocol 0 Transmission Counters Octets 9043 Unicast Packets 0 Non Unicast Packets 74 Pause Frames 0 Discarded Packets 0 Error Packets 0 11 8 Sub Agent Supermicro switches can act as a Sub Agent to another SNMP agent SNMP Agent and Sub Agent com...

Page 303: ...nfiguration An SNMP Agent must be disabled before enabling an SNMP Sub Agent The disable snmpsubagent command disables the SNMP Sub Agent The example below shows the commands used to enable the SNMP Sub Agent SMIS configure terminal SMIS config disable snmpagent SMIS config enable snmpsubagent master ip4 192 168 1 80 SMIS config end SMIS show snmpagentx information Agentx Subagent is enabled Trans...

Page 304: ...l and the authentication and privacy passwords b Creates an SNMP user user2 Specify the authentication protocol and password 2 Creates SNMP groups a Create groupcalled superusersand associateuser1 with this group b Create groupcalled generalusers and associate user1 with this group 3 Create views a Creates an SNMP view full which will allow access to everything from the specified Object Identifier...

Page 305: ...curity model v3 volatile SMIS config snmp view full 1 3 6 1 included volatile SMIS config snmp view restricted 1 3 6 1 included volatile SMIS config snmp view restricted 1 3 6 3 10 2 1 excluded volatile SMIS config snmp access superuser v3 auth read full write full notify full SMIS config snmp access generalusers v3 noauth read full write restricted notify full SMIS config end SMIS show snmp user ...

Page 306: ...Privacy Protocol None Storage Type Volatile Row Status Active Engine ID 80 00 08 1c 04 46 53 User templateMD5 Authentication Protocol MD5 Privacy Protocol None Storage Type Volatile Row Status Active Engine ID 80 00 08 1c 04 46 53 User templateSHA Authentication Protocol SHA Privacy Protocol DES_CBC Storage Type Volatile Row Status Active SMIS show snmp group Security Model v1 ...

Page 307: ...Name none Group Name iso Storage Type Volatile Row Status Active Security Model v3 Security Name user1 Group Name superuser Storage Type Volatile Row Status Active Security Model v3 Security Name user2 Group Name generalusers Storage Type Volatile Row Status Active Security Model v3 Security Name initial Group Name initial Storage Type Non volatile Row Status Active ...

Page 308: ...n volatile Row Status Active Security Model v3 Security Name templateSHA Group Name initial Storage Type Non volatile Row Status Active SMIS show snmp group access Group Name iso Read View iso Write View iso Notify View iso Storage Type Volatile Row Status Active Group Name iso Read View iso Write View iso Notify View iso Storage Type Volatile ...

Page 309: ...estricted Storage Type Non volatile Row Status Active Group Name initial Read View iso Write View iso Notify View iso Storage Type Non volatile Row Status Active Group Name initial Read View iso Write View iso Notify View iso Storage Type Non volatile Row Status Active Group Name superuser Read View full Write View full Notify View full Storage Type Volatile ...

Page 310: ...otify View full Storage Type Volatile Row Status Active SMIS show snmp viewtree View Name iso Subtree OID 1 Subtree Mask 1 View Type Included Storage Type Non volatile Row Status Active View Name full Subtree OID 1 3 6 1 Subtree Mask 1 1 1 1 View Type Included Storage Type Volatile Row Status Active View Name restricted Subtree OID 1 ...

Page 311: ...tree Mask 1 1 1 1 View Type Included Storage Type Volatile Row Status Active View Name restricted Subtree OID 1 3 6 3 10 2 1 Subtree Mask 1 1 1 1 1 1 1 View Type Excluded Storage Type Volatile Row Status Active SMIS show running config Building configuration ID Hardware Version Firmware OS Boot Loader 0 SSE F3548 1 0 0 0 6 0 0 0 0 vlan 1 ports fx 0 1 24 untagged ports cx 0 1 3 untagged ...

Page 312: ... while SNMP is often used for device based management The data collected in RMON deals mainly with traffic patterns rather than the status of individual devices as in SNMP RMON is implemented basedon SNMP RMON sends traps to the management device to notify the abnormality of the alarm variables by using the SNMP trap mechanism Traps in RMON and those in SNMP have different monitored targets trigge...

Page 313: ...ment devices A monitor provides two ways of data gathering Using RMON probesfrom which Management devices can get data directly and control network resources In this approach management devices can obtain all RMON MIB information RMON agents in routers and switches Management devices exchange data with RMON agents using SNMP operations which due to system resources limitation may not cover all MIB...

Page 314: ... the value of the monitored alarm variable at the specified interval When the value of the monitored variable is greater than or equal to the upper threshold an upper event is triggered when the value of the monitored variable is smaller than or equal to the lower threshold a lower event is triggered The event is then handledas specified in the event group If the value of a specified alarm MIB var...

Page 315: ...cs on an interface and saves the statistics in the history record table The statistics data includes bandwidth utilization number of error packets and total number of packets 12 1 3 2Ethernet statistics group The statistics group specifies collection of various traffic statistics information on an Ethernet interface and saves it in the Ethernet statistics table The statistics data includes network...

Page 316: ...he event group so an event must already be createdfor the alarm to call Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 rmon alarm alarm number mib object id 255 sample interval time 1 65535 absolute delta rising threshold value 0 2147483647 rising event number 1 65535 falling threshold value 0 2147483647 falling event number 1 65535 owner ownername 127 Opti...

Page 317: ...scription event description 127 log owner ownername 127 trap community 127 Optional Add an event in the RMON event table that is associated with an RMON event number Number Event number Description Description of the event Log Used to generate a log entry Owner Owner of the event in range 1 127 characters Trap Used to generate a trap The SNMP community string is to be passed for the specifiedtrap ...

Page 318: ... statistics group and stores them in the Ethernet history table Multiple history entries can be configured on one interface however all should have different values Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 interface interface type interface id or interface range interface type interface id Optional Enters the interface configuration mode interface typ...

Page 319: ...roup of statistics string of length 127 Step 5 show rmon statistics stats index 1 65535 alarms events history history index 1 65535 overview Display RMON statistics history and overview The no rmon collection stats index 1 65535 and no rmon collection history index 1 65535 commands delete the RMON collection configuration 12 2 4 RMON Configuration Example A sample RMON configuration of alarms even...

Page 320: ... ifEntry 1 5 which has Received 0 octets 0 packets 0 broadcast and 0 multicast packets 0 undersized and 0 oversized packets 0 fragments and 0 jabbers 0 CRC alignment errors and 0 collisions of packets received of length in octets 64 0 65 127 0 128 255 0 256 511 0 512 1023 0 1024 1518 0 SMIS show rmon events RMON is enabled Event 1 is active owned by smicro1 Description is rise Event firing causes ...

Page 321: ...and 0 multicast packets 0 undersized and 0 oversized packets 0 fragments and 0 jabbers 0 CRC alignment errors and 0 collisions of dropped packet events is 0 Network utilization is estimated at 0 Sample 3 began measuring at Apr 29 10 14 12 2013 Received 0 octets 0 packets 0 broadcast and 0 multicast packets 0 undersized and 0 oversized packets 0 fragments and 0 jabbers 0 CRC alignment errors and 0 ...

Page 322: ...econd s Requested of time intervals ie buckets is 2 Granted of time intervals ie buckets is 2 SMIS show rmon statistics 1 alarms events history 1 RMON is enabled Collection 1 on Fx0 5 is active and owned by monitor Monitors ifEntry 1 5 which has Received 0 octets 0 packets 0 broadcast and 0 multicast packets 0 undersized and 0 oversized packets 0 fragments and 0 jabbers 0 CRC alignment errors and ...

Page 323: ... by smicro1 Description is fall Event firing causes log and trap to community NETMAN Time last sent is Apr 29 10 11 01 2013 Entry 1 is active and owned by Monitors ifEntry 1 5 every 20 second s Requested of time intervals ie buckets is 2 Granted of time intervals ie buckets is 2 Sample 4 began measuring at Apr 29 10 14 32 2013 Received 0 octets 0 packets 0 broadcast and 0 multicast packets 0 under...

Page 324: ... Firmware OS Boot Loader 0 SSE F3548 1 0 0 0 6 0 0 0 0vlan 1 ports fx 0 1 24 untagged ports cx 0 1 3 untagged exit set rmon enable rmon event 1 description rise log owner smicro1 trap PUBLIC rmon event 2 description fall log owner smicro1 trap NETMAN rmon alarm 1 1 3 6 1 6 3 16 1 2 1 4 1 4 110 111 110 101 2 absolute rising thresh old 2 1 falling threshold 1 2 owner smicro1 interface Fx 0 5 rmon co...

Page 325: ...s separate with a comma E g int range fx 0 1 10 fx 0 20 If multiple interfaces are provided the next step will perform the particular configuration on all these interfaces Step 3 rate limit output rate value kbps 1 10000000 burst value kbits 1 10000000 Enables the egress rate limit for the interface s set to the closest rate kbps and burst size kbits as the hardware capabilities Rate limiting is a...

Page 326: ... the configuration mode Step 4 show interfaces interface type interface id Displays theinterface configuration The example below shows the commands used to disable HOL blocking SMIS configure terminal SMIS config interface Fx 0 4 SMIS config if no hol blocking prevention SMIS config if end SMIS show interface Fx 0 4 Fx0 4 up line protocol is down not connect Bridge Port Type Customer Bridge Port H...

Page 327: ...Guide 327 Pause Frames 0 Undersize Frames 0 Oversize Frames 0 CRC Error Frames 0 Discarded Packets 0 Error Packets 0 Unknown Protocol 0 Transmission Counters Octets 0 Unicast Packets 0 Non Unicast Packets 0 Pause Frames 0 Discarded Packets 0 Error Packets 0 ...

Page 328: ...ge integrity as well as HTTP client authentication 13 1 Login Authentication Mode Supermicro switches allow configuration of the user login authentication mechanism Follow the steps below to configure Login Authentication Mechanism Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 login authentication local radius tacacs Configure the login authentication mech...

Page 329: ... NTP Broadcast Mode No NTP ntp is disabled Server Key Prefer Key Key Time zone offset not set 13 2 RADIUS A sequence of events occurs during RADIUS client server communication at the time of user login The username and password are encrypted by the client and sent to RADIUS server The client receives a response from the RADIUS server o ACCEPT User authentication is successful o REJECT User authent...

Page 330: ...or accounting or both ip address serverIP address timeout Specify RADIUS server timeout in range 1 120 retransmit Specify number of retries to attempt to connect to RADIUS server in range 1 254 key Specify authentication key Step 3 End Exits the configuration mode Step 4 show radius server show radius statistics Displays the RADIUS configuration Step 5 write startup config Optional step saves this...

Page 331: ...access accept packets 0 No of access reject packets 0 No of access challenge packets 0 No of malformed access responses 0 No of bad authenticators 0 No of pending requests 0 No of time outs 0 No of unknown types 0 13 3 TACACS TACACS provides access control to switch through a client server model similar to RADIUS except that it provides enhanced security by encryption of all messages and reliabili...

Page 332: ... is specified only one connection to one of the configured TACACS servers is permitted port Specify TCP port in range 1 65535 timeout Specify TACACS server timeout in range 0 255 seconds key Authentication key of maximum length 64 characters Step 3 End Exits the configuration mode Step 4 show tacacs Displays the TACACS configuration Step 5 write startup config Optional step saves this configuratio...

Page 333: ...r Errors rcvd 0 Author Follows rcvd 0 Author Sess timeouts 0 Acct start reqs sent 0 Acct WD reqs sent 0 Acct Stop reqs sent 0 Acct Success rcvd 0 Acct Errors rcvd 0 Acct Follows rcvd 0 Acct Sess timeouts 0 Malformed Pkts rcvd 0 Socket failures 0 Connection failures 0 13 3 2 TACACS Re tries Supermicro switches retry transmission of messages to the TACACS server if there is no response from the serv...

Page 334: ...lable servers to be used at a time Follow the steps below to configure TACACS server to be used Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 tacacs use server address ip address Configure TACACS server to be used Step 3 End Exits the configuration mode Step 4 show tacacs Displays the TACACS configuration Step 5 write startup config Optional step saves thi...

Page 335: ... Author Pass Repl rcvd 0 Author Fails rcvd 0 Author Errors rcvd 0 Author Follows rcvd 0 Author Sess timeouts 0 Acct start reqs sent 0 Acct WD reqs sent 0 Acct Stop reqs sent 0 Acct Success rcvd 0 Acct Errors rcvd 0 Acct Follows rcvd 0 Acct Sess timeouts 0 Malformed Pkts rcvd 0 Socket failures 0 Connection failures 0 13 3 4 TACACS Login Authentication Mode Supermicro switches provide an option to c...

Page 336: ...ication tacacs command deletes the TACACS login mode The example below shows the commands used to configure the TACACS login mode to be used SMIS configure terminal SMIS config aaa authentication tacacs chap SMIS config end SMIS show tacacs Server 1 Address 192 168 2 11 Single Connection no TCP port 49 Timeout 5 Key Type 0 Secret Key testing123 Mode Chap Client uses server 192 168 2 11 Authen Star...

Page 337: ...rcvd 0 Author Errors rcvd 0 Author Follows rcvd 0 Author Sess timeouts 0 Acct start reqs sent 0 Acct WD reqs sent 0 Acct Stop reqs sent 0 Acct Success rcvd 0 Acct Errors rcvd 0 Acct Follows rcvd 0 Acct Sess timeouts 0 Malformed Pkts rcvd 0 Socket failures 0 Connection failures 0 ...

Page 338: ...onfigured in TACACS server Follow the steps below to configure the TACACS authorization to be used Step Command Description Step 1 configure terminal Enters the configuration mode Configures TACACS authorization Step 2 aaa authorization group Tacacs to be used Step 3 End Exits the configuration mode Step 4 show tacacs Displays the TACACS configuration Step 5 write startup config Optional step save...

Page 339: ...s sent 0 Acct WD reqs sent 0 Acct Stop reqs sent 0 Acct Success rcvd 0 Acct Errors rcvd 0 Acct Follows rcvd 0 Acct Sess timeouts 0 Malformed Pkts rcvd 0 Socket failures 0 Connection failures 0 13 3 6 TACACS Privilege Req Description Comments 1 0 The privilege configured in TACACS server should be used while logging in to Supermicro switch using TACACS authentication There are many types of service...

Page 340: ...aa authorization 1 3 If this function is not enabled using the command in Req 2 switch should behave as before It means the irrespective of the privilege configured on the TACACS server it will login the users with the default privilege 1 1 4 The TACACS privilege function should work in telnet ssh and Web login 1 5 The new authorization status configuration Req 2 should be saved and restored 13 4 ...

Page 341: ...p 5 write startup config Optional step saves this configuration to be part of startup configuration The no ip ssh version compatibility cipher des cbc 3des cbc auth hmac md5 hmac sha1 port 1024 65535 command disables SSH The example below shows the commands used to configure SSH SMIS configure terminal SMIS config ip ssh version compatibility SMIS config end SMIS show ip ssh Version Both Cipher Al...

Page 342: ...ore being sent over theInternet HTTP with SSL encryption HTTPS provides a secure connection to allow such functions as configuringa switch from a Web browser Follow the steps below to configure Secure HTTP Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 ip http secure server ciphersuite rsa null md5 rsa null sha rsa des sha rsa 3des sha dh rsa des sha dh rsa...

Page 343: ...etwork devices These services provide centralized security key and certificate management for the participating devices CA servers are called as trustpoints e g thawte com Supermicro switches create a Certificate Signing Request CSR using RSA key pair and Switch Identification Follow the steps below to configure Certificate Signing Request CSR Step Command Description Step 1 ssl gen cert req algo ...

Page 344: ...ject CN SMIS Subject Public Key Info Public Key Algorithm rsaEncryption RSA Public Key 1024 bit Modulus 1024 bit 00 a1 8f 42 73 55 7d 7f 81 9e 12 30 67 a4 45 da ec 02 77 ed 5a 72 87 1b 75 72 a5 64 ed c9 2a a4 bd 3c 21 9d 9d b4 e9 0d a8 70 16 09 34 a6 38 64 2c a4 39 71 bc d6 67 d4 86 a3 df 54 bc 8e f2 c6 ca f9 16 33 11 e4 cc 5f d9 70 f6 2a bd c8 ec 92 3a 5b f1 63 a2 28 60 db 20 3b ef 89 4b 4d a4 87...

Page 345: ...d be specified in PEM format Follow the steps below to configure SSL server certificate Step Command Description Step 1 ip http secure Configure Cipher Suite and Crypto Key RSA of your choice using ip http secure command Step 2 ssl gen cert req algo rsa sn Enter the subject name and create certificate request by using the ssl gen cert req algo rsa sn command Step 3 show ssl server cert The show ss...

Page 346: ...RTIFICATE Join all the remaining lines as single line to avoid line breaks processed Copy paste these joined texts in Enter Certificate prompt This prompt appears after entering the ssl serv cert command in CLI This step would configure the certificate and save it to flash Step 6 show ssl server cert Displays the SSL configuration ...

Page 347: ...LAN name MAC or PHY configuration or status link aggregation and maximum frame size Provide support for notifications through traps An LLDP agent operates in any one of the following three modes 1 Transmit only mode The agent can only transmit the information about the capabilities and the status of the local system 2 Receive only mode The agent can only receive information about the capabilities ...

Page 348: ...able Enables LLDP in the switch Step 3 End Exits the configuration mode Step 4 show lldp Displays the LLDP global configuration details The set lldp disable command disables LLDP in the switch 14 1 2 Configuring LLDP Parameters Once LLDP is enabled globally it is enabled on all supported interfaces by default Supermicro switches provide a user configuration to place an interface in only send or on...

Page 349: ... will perform the particular configuration on all these interfaces Step 3 lldp transmit receive Optional Sets LLDP admin status on an interface to Transmit or Receive Step 4 lldp notification remote table chg mis configuration Optional Enables LLDP trap notification on an interface remote table chg Trap notification for change in neighbor s table mis configuration Trap notification for mis configu...

Page 350: ... component if alias management interface alias port comp port component mac addr MAC address nw addr network address if name interface name local locally assigned The default value for chassi id subtype is mac addr Note To use the if alias option the management interface must have been configured with valid description Step 8 End Exits the configuration mode Step 9 show lldp interface interface ty...

Page 351: ... capab mgmt addr all ipv4 ucast_addr ipv6 ip6_addr no lldptlv select dot1tlv port vlan id protocol vlan id all vlan id vlan name all vlan id no lldptlv select dot3TLV macphy config link aggregation max framesize 14 1 2 1Configuring LLDP TLV Supermicro switches provide support for user configuration of LLDP TLV s The TLV types supported by Supermicro switches are Basic TLV DOT1 TLV and DOT3 TLV The...

Page 352: ...nterfaces To configure multiple interfaces use the interface range command To provide a range use a hyphen between the start and end interface numbers E g int range fx 0 1 10 To provide multiple interfaces or Chassis ID Sender MAC address Port ID TLV Sender Port number TTL Time to Live End of LLDP PDU Basic TLV Mandatory Port Description System Name System Description System Capabilities Managemen...

Page 353: ...nt interface If no management address is present or configured in the system the switch sMAC address will be usedfor transmission mgmt addr ipv4 ucast addr Enables the transmission of a particular ipv4 address on the current interface mgmt addr ipv6 ipv6 addr Enables the transmission of a particular ipv6 address on the current interface Step 4 lldptlv select dot1tlv port vlan id protocol vlan id a...

Page 354: ...o switches allow for user configuration of LLDP timers Transmit Interval Holdtime Multiplier ReinitializationDelay Transmit Delay Notification Delay 14 1 3 1Message Transmit Interval The message transmit interval is the period between transmission of the periodic LLDP advertisements The default message transmit interval is 30 seconds Supermicro switches allow for user configuration of the message ...

Page 355: ...2 10 Step 3 End Exits the configuration mode Step 4 show lldp Displays the LLDP global information The no lldpholdtime multiplier command resets the message transmit holdtimemultiplierto its default value 14 1 3 3ReinitializationDelay When LLDP ports are disabled or the link goes down LLDP is reinitialized on a port The delay between the port going down and the reinitialization is called the reini...

Page 356: ...ays the LLDP global information The no lldptx delay commandresets the message transmit delayto its default value 14 1 3 5Notification Interval The Notification Interval is the time interval between successive periodic SNMP notifications about LLDP MIB changes Any change in LLDP neighbors that occurs between SNMP notifications is not transmitted only state changes that exist at the expiry of the no...

Page 357: ...l SMIS config set lldp enable SMIS config end SMIS show lldp LLDP is enabled Transmit Interval 30 Holdtime Multiplier 4 Reinitialization Delay 2 Tx Delay 2 Notification Interval 5 Chassis Id SubType Mac Address Chassis Id 00 30 48 e3 04 75 SMIS show lldp neighbors Capability Codes R Router B Bridge T Telephone C DOCSIS Cable Device W WLAN Access Point P Repeater S Station O Other Fx 0 22 Fx 0 21 S...

Page 358: ...lization delay 10 SMIS config lldp transmit interval 100 SMIS config lldp transmit interval 10 SMIS config end SMIS config interface Fx 0 21 SMIS config if lldp notification remote table chg SMIS config if lldp port id subtype if name SMIS config if lldptlv select basic tlv port descrmgmt addr all SMIS config if exit SMIS config vlan 1 SMIS config vlan name vlan1 SMIS config vlan exit SMIS config ...

Page 359: ...CSIS Cable Device W WLAN Access Point P Repeater S Station O Other Chassis ID Local Intf Hold time Capability Port Id 00 30 48 e3 70 bc Fx0 21 120 Fx0 22 Total Entries Displayed 1 SMIS show lldp errors Total Memory Allocation Failures 0 Total Input Queue Overflows 0 Total Table Overflows 0 SMIS show lldp traffic Total Frames Out 71 Total Entries Aged 0 Total Frames In 28 Total Frames Received In E...

Page 360: ... Remote Table Last Change Time 217700 Remote Table Inserts 1 Remote Table Deletes 0 Remote Table Drops 0 Remote Table Ageouts 0 Remote Table Updates 0 SMIS show lldp local Fx 0 21 Port Id SubType Interface Name Port Id Slot0 21 Port Description Enabled TxTlvs Port Description Management Address Mac Phy Extended 802 3 TLV Info MAC PHY Configuration Status Auto Neg Support Status Supported Enabled A...

Page 361: ...tion Aggregated Port Id 21 Maximum Frame Size 1500 Extended 802 1 TLV Info Port VLAN Id 1 Port Protocol VLAN Id Protocol VLAN Id Support Protocol VLAN Status TxStatus 0 Supported DisabledDisabled Vlan Name Vlan Id Vlan Name TxStatus 1 vlan1 Enabled SMIS show running config Building configuration ID Hardware Version Firmware OS Boot Loader 0 SSE F3548 1 0 0 0 6 0 0 0 0 ...

Page 362: ...nterval 100 lldp chassis id subtype if name interface Fx 0 21 lldp notification remote table chg lldptlv select basic tlv port descrmgmt addr all lldptlv select dot3tlv macphy config lldptlv select dot1tlv vlan name 1 exit Switch B SMIS configure terminal SMIS config set lldp enable SMIS config end SMIS show lldp LLDP is enabled Transmit Interval 30 Holdtime Multiplier 4 Reinitialization Delay 2 ...

Page 363: ...Point P Repeater S Station O Other Chassis ID Local Intf Hold time Capability Port Id 00 30 48 e3 04 75 Fx0 22 120 Fx0 21 Total Entries Displayed 1 SMIS show lldp statistics Remote Table Last Change Time 80900 Remote Table Inserts 4 Remote Table Deletes 3 Remote Table Drops 0 Remote Table Ageouts 3 Remote Table Updates 7 SMIS config show lldp traffic Total Frames Out 52 Total Entries Aged 3 Total ...

Page 364: ...IS config show lldp interface Fx 0 22 Fx0 22 Tx State Enabled Rx State Enabled Tx SEM State IDLE Rx SEM State WAIT FOR FRAME Notification Status Disabled Notification Type Mis configuration SMIS show lldp local Fx 0 22 Port Id SubType Interface Alias Port Id Fx0 22 Port Description Enabled TxTlvs Extended 802 3 TLV Info MAC PHY Configuration Status Auto Neg Support Status Supported Enabled Adverti...

Page 365: ...ion Aggregated Port Id 22 Maximum Frame Size 1500 Extended 802 1 TLV Info Port VLAN Id 1 Port Protocol VLAN Id Protocol VLAN Id Support Protocol VLAN Status TxStatus 0 Supported Enabled Disabled Vlan Name Vlan Id Vlan Name TxStatus 1 Disabled SMIS show running config Building configuration ID Hardware Version Firmware OS Boot Loader 0 SSE F3548 1 0 0 0 6 0 0 0 0 vlan 1 ...

Page 366: ...366 341 ports fx 0 1 24 untagged ports cx 0 1 3 untagged exit setlldp enable ...

Search results

Summary of Contents for SSE-F3548S

Reviews:

Related manuals for SSE-F3548S

Brands by name

Popular brands

Supermicro SSE-F3548S, User Manual

Search results

Summary of Contents for SSE-F3548S

Reviews:

Related manuals for SSE-F3548S

Brands by name

Popular brands