Extreme Networks ExtremeWare 7.2e Скачать руководство пользователя страница 147 | Manualshive

Страница: 147 / 344

background image

IP Access Lists (ACLs)

ExtremeWare 7.2e Installation and User Guide

147

Access Control List Examples

This section presents three access control list examples:

•

Using the permit-establish keyword

•

Filtering ICMP packets

•

Using a rate limit

Using the Permit-Established Keyword

This example uses an access list that permits TCP sessions (Telnet, FTP, and HTTP) to be established in
one direction.

The switch, shown in Figure 20, is configured as follows:

•

Two VLANs, NET10 VLAN and NET20 VLAN, are defined.

•

The NET10 VLAN is connected to port 2 and the NET20 VLAN is connected to port 10

•

The IP addresses for NET10 VLAN is 10.10.10.1/24.

•

The IP address for NET20 VLAN is 10.10.20.1/24.

•

The workstations are configured using addresses 10.10.10.100 and 10.10.20.100.

•

IP Forwarding is enabled.

Figure 20: Permit-established access list example topology

The following sections describe the steps used to configure the example.

Step 1—Deny IP Traffic.

First, create an access-mask that examines the IP protocol field for each packet. Then create two
access-lists, one that blocks all TCP, one that blocks UDP. Although ICMP is used in conjunction with IP,
it is technically not an IP data packet. Thus, ICMP data traffic, such as ping traffic, is not affected.

The following commands creates the access mask and access lists:

create access-mask ipproto_mask ipprotocol ports precedence 25000

create access-list denytcp ipproto_mask ipprotocol tcp ports 2,10 deny

create access-list denyudp ipproto_mask ipprotocol udp ports 2,10 deny

Figure 21 illustrates the outcome of the access control list.

ES4K009

10.10.10.1

10.10.10.100

10.10.20.100

10.10.20.1

NET20 VLAN

NET10 VLAN

«
...
145
146
147
148
149
...
»

Содержание ExtremeWare 7.2e

Страница 1: ...s Inc 3585 Monroe Street Santa Clara California 95051 888 257 3000 http www extremenetworks com ExtremeWare 7 2e Installation and User Guide Software Version 7 2e Published June 11 2004 Part number 10...

Страница 2: ...r respective owners 2004 Extreme Networks Inc All Rights Reserved Specifications are subject to change without notice Adobe and Reader are registered trademarks of Adobe Systems Incorporated NetWare a...

Страница 3: ...tures 21 Summit 400 48t Switch Front View 21 Summit 400 48t Switch Rear View 22 Summit 400 48t Switch LEDs 23 Mini GBIC Type and Support 24 Mini GBIC Type and Specifications 25 Port Connections 27 Upl...

Страница 4: ...First Time 39 Installing Optional Features 39 Installing the Summit XEN Card 40 Installing the External Power System 42 Rack Mounting the EPS T 42 Adding a second EPS 160 to the EPS T 45 Removing an...

Страница 5: ...er 70 Command Shortcuts 70 Switch Numerical Ranges 71 Names 71 Symbols 71 Limits 72 Line Editing Keys 72 Command History 72 Common Commands 72 Configuring Management Access 74 User Account 75 Administ...

Страница 6: ...tocol 89 Configuring Automatic Failover for Combination Ports 89 Automatic Failover Examples 90 Chapter 5 Virtual LANs VLANs Overview of Virtual LANs 91 Benefits 91 Types of VLANs 92 Port Based VLANs...

Страница 7: ...Class of Service 802 1p and DiffServ Traffic Groupings 115 Configuring DiffServ 117 Physical and Logical Groupings 119 Verifying Configuration and Performance 120 QoS Monitor 120 Displaying QoS Profil...

Страница 8: ...t and Rate Limit Entries 145 Deleting Access Mask Access List and Rate Limit Entries 146 Verifying Access Control List Configurations 146 Access Control List Examples 147 Network Login 150 Authenticat...

Страница 9: ...tch 179 Chapter 10 Ethernet Automatic Protection Switching Overview of the EAPS Protocol 181 EAPS Terms 183 Fault Detection and Recovery 184 Link Down Message Sent by a Transit Node 185 Ring Port Down...

Страница 10: ...STP Settings 216 Chapter 12 IP Unicast Routing Overview of IP Unicast Routing 219 Router Interfaces 220 Populating the Routing Table 221 Subnet Directed Broadcast Forwarding 222 Proxy ARP 222 ARP Inc...

Страница 11: ...ait Interval 242 OSPF Configuration Example 243 Configuration for ABR1 244 Configuration for IR1 244 Displaying OSPF Settings 245 OSPF LSDB Display 245 Authentication 245 Summarizing Level 1 IP Routin...

Страница 12: ...using ExtremeWare Vista 261 IP Forwarding 262 License 263 OSPF 264 Ports 270 RIP 272 SNMP 275 Spanning Tree 277 Switch 281 User Accounts 281 Virtual LAN 282 Access List 284 Reviewing ExtremeWare Vista...

Страница 13: ...Configuration 320 Using TFTP to Download the Configuration 321 Downloading a Complete Configuration 321 Downloading an Incremental Configuration 321 Scheduled Incremental Configuration Download 322 R...

Страница 14: ...14 ExtremeWare 7 2 0 Software User Guide Contents...

Страница 15: ...nsible for installing and setting up network equipment It assumes a basic working knowledge of Local area networks LANs Ethernet concepts Ethernet switching and bridging concepts Routing concepts Inte...

Страница 16: ...ption Screen displays This typeface indicates command syntax or represents information as it appears on the screen The words enter and type When you see the word enter in this guide you must type some...

Страница 17: ...d information in the command reference guide PDF file This quick referencing capability enables you to easily find detailed information in the command reference guide for any command mentioned in the...

Страница 18: ...18 ExtremeWare 7 2e Installation and User Guide Preface...

Страница 19: ...efaults on page 32 Switch Installation on page 33 Determining the Switch Location on page 33 Following Safety Information on page 33 Installing the Switch on page 34 Installing or Replacing a Mini Gig...

Страница 20: ...re queues Policy Based Quality of Service PB QoS Wire speed Internet Protocol IP routing Extreme Standby Router Protocol ESRP Aware support Ethernet Automated Protection Switching EAPS support Jumbo f...

Страница 21: ...uplink redundancy When sharing ports only the fiber port or only the copper port can be active at the same time For more information on cabling and configuring this feature see Uplink Redundancy on p...

Страница 22: ...not recommend that you use the management port to route traffic to any front panel port on the switch The management port is designed only for switch management purposes There are two LEDs for the ma...

Страница 23: ...t status Each of the 48 copper 10 100 1000BASE T ports has an associated LED located above the port Fiber port status Each of the four optical fiber ports has an associated LED located above the port...

Страница 24: ...d Amber blinking Off The internal power supply is operating normally The internal power supply has failed or the AC cord is not connected Check the cord connection If the power supply has failed repla...

Страница 25: ...ble length restriction LX Mini GBIC Specifications Table 6 describes the specifications for the LX mini GBIC Table 4 Mini GBIC types and distances Standard Media Type Mhz Km Rating Maximum Distance Me...

Страница 26: ...alculating the maximum distance attainable using optical cable with a specified loss per kilometer for example 0 25 dB km Extreme Networks recommends that 3 dB of the total budget be reserved for loss...

Страница 27: ...d the first four of the 10 100 1000BASE T ports are designed as combination ports for uplink redundancy When sharing ports only the fiber port or only the copper port can be active at the same time If...

Страница 28: ...ity see Configuring Ports on page 81 The Summit 400 48 switch Gigabit Ethernet port failover from the fiber link to the copper link takes 4 5 seconds The Summit 400 48t switch Gigabit Ethernet port fa...

Страница 29: ...bandwidth and priority For more information on Quality of Service see Chapter 7 Unicast Routing The switch can route IP traffic between the VLANs that are configured as virtual router interfaces Both...

Страница 30: ...1Q tag on the connecting port or if only a single VLAN is involved as untagged To display ESRP aware information use the following command show esrp aware vlan vlan name The display includes the group...

Страница 31: ...stalled it should not be necessary to enter the information again However we recommend keeping the certificate for your records You can upgrade the licensing of an existing product by purchasing a vou...

Страница 32: ...Global Factory Defaults Item Default Setting Serial or Telnet user account admin with no password and user with no password Web network management Enabled Telnet Enabled SSH2 Disabled SNMP Enabled SN...

Страница 33: ...ckets are supplied with the switch When deciding where to install the switch ensure that The switch is accessible and cables can be connected easily Water or moisture cannot enter the case of the unit...

Страница 34: ...d fully tighten with a suitable screwdriver as shown in Figure 5 Figure 5 Fitting the mounting bracket 5 Repeat steps 2 through 4 for the other side of the switch 6 Leave a half rack space between the...

Страница 35: ...read the safety information in this section WARNING Mini GBICs can emit invisible laser radiation Avoid direct eye exposure to beam Mini GBICs are a class 1 laser device Use only devices approved by E...

Страница 36: ...of mini GBIC modules Figure 6 Mini GBIC modules Mini GBICs are a 3 3 V Class 1 laser device Use only devices approved by Extreme Networks WARNING Mini GBICs can emit invisible laser radiation Avoid d...

Страница 37: ...nsole port settings are set as follows Baud rate 9600 Data bits 8 Stop bit 1 Parity None Flow control None NOTE If you set the switch console port flow control to XON XOFF rather than None you will be...

Страница 38: ...orts are temporarily disabled the port LED is off and the MGMT LED flashes fast The MGMT LED flashes until the switch successfully passes the POST If the switch passes the POST the MGMT LED is blinkin...

Страница 39: ...t by typing config vlan default ipaddress 123 45 67 8 255 255 255 0 Your changes take effect immediately 6 Save your configuration changes so that they will be in effect after the next switch reboot b...

Страница 40: ...he Summit XEN Card 1 Disconnect the AC power from the Summit 400 2 Use a standard screwdriver to remove the blank plate to expose the opening for the card 3 Install the XENPAK optical transceiver modu...

Страница 41: ...to the card by turning the two captive screws clockwise until they are hand tight 7 Place the Summit XEN Card into the supplied drawer and carefully slide the drawer into the switch housing until the...

Страница 42: ...e EPS 160 installs into an existing EPS T rack mountable chassis Each individual EPS 160 ships with an AC cord for use in the USA and a special redundant power supply cable CAUTION The Extreme Externa...

Страница 43: ...e mounting bracket 5 Repeat steps 2 through 4 for the other side of the EPS T 6 Insert the EPS T into a 19 inch rack CAUTION Do not attach the AC power cord to the EPS 160 until it is properly mounted...

Страница 44: ...upply cable to the Extreme switch This connector end can only be inserted into the switch with the end marked TOP facing up Table 12 Connection Specifications for the Redundant Connector Diagram Pin W...

Страница 45: ...it is ready Table 3 on page 23 shows all the indicators for the power supply Adding a second EPS 160 to the EPS T To install an individual EPS 160 into the EPS T 1 Remove the EPS 160 from the packing...

Страница 46: ...46 ExtremeWare 7 2e Installation and User Guide Summit 400 48t Switch Overview and Installation...

Страница 47: ...can manage the switch using the following methods Access the CLI by connecting a terminal or workstation with terminal emulation software to the console port Access the switch remotely using TCP IP th...

Страница 48: ...The management port is a DTE port and is not capable of supporting switching or routing functions The TCP IP configuration for the management port is done using the same syntax as used for VLAN config...

Страница 49: ...et up correctly on your network you must provide the following information to the BOOTP server Switch Media Access Control MAC address found on the rear label of the switch IP address Subnet address m...

Страница 50: ...in prompt enter your user name and password Note that they are both case sensitive Ensure that you have entered a user name and password with administrator privileges If you are logging in for the fir...

Страница 51: ...ivileges 2 Determine the session number of the session you want to terminate by using the following command show session 3 Terminate the session by using the following command clear session number Con...

Страница 52: ...ch Network Manager provides its own user interface to the management facilities The following sections describe how to get started if you want to use an SNMP manager It assumes you are already familia...

Страница 53: ...ded to the switch using the configure snmp add community command To configure a trap receiver on a switch use the following command configure snmp add trapreceiver ip address port number community hex...

Страница 54: ...are enabled on the switch for all ports SNMPv1 traps for link up and link down are not supported ExtremeWare uses SNMPv2 traps You can disable or re enable the sending of these traps on a per port ba...

Страница 55: ...ing private use the following command configure snmp add trapreceiver 10 20 30 44 port 9347 community private trap group link up down traps system traps Table 13 lists the currently defined SNMP trap...

Страница 56: ...Model USM system traps extremeOverheat extremeFanFailed extremeFanOK extremePowerSupplyFail extremePowerSupplyGood extremeModuleStateChange extremeHealthCheckFailed extremeCpuUtilizationRisingTrap ex...

Страница 57: ...t exchanges are sniffed examined and information is learned about the contents The access control subsystem provides the ability to configure whether access to a managed object in a local MIB is allow...

Страница 58: ...eID will be propagated to both of the MSMs The snmpEngineID can be configured from the command line but once the snmpEngineID is changed default users will be reverted back to their original passwords...

Страница 59: ...ead write view defines the subtree that can be written to and notify view defines the subtree that notifications can originate from MIB views are discussed in the section MIB Access Control There are...

Страница 60: ...a 16 octet key is provided as input to DES CBS encryption protocol which generates an encrypted PDU to be transmitted DES uses bytes 1 7 to make a 56 bit key This key encrypted itself is placed in ms...

Страница 61: ...messages sent from an agent to the network manager typically in response to some state change on the agent system With SNMPv3 you can define precisely which traps you want sent to which receiver by de...

Страница 62: ...params hex param name user hex user name mp model snmpv1 snmpv2c snmpv3 sec model snmpv1 snmpv2c usm sec level noauth authnopriv priv volatile To display the options associated with a target paramete...

Страница 63: ...iated with tags currently in an internal structure called snmpNotifyTable will be notified To add an entry to the table use the following command configure snmpv3 add notify hex notify name tag hex ta...

Страница 64: ...login is a feature designed to control the admission of user packets into a network by giving addresses only to users that have been properly authenticated Network login is controlled by an administr...

Страница 65: ...and time in terms of a floating day as follows configure timezone name MET 60 autodst name MDT begins every last sunday march at 1 ends every last sunday october at 1 You can also specify a specific d...

Страница 66: ...for the sntp client update interval before querying again 5 Optionally the interval for which the SNTP client updates the real time clock of the switch can be changed using the following command conf...

Страница 67: ...ST Yukon Standard 10 00 600 AHST Alaska Hawaii Standard CAT Central Alaska HST Hawaii Standard 11 00 660 NT Nome 12 00 720 IDLW International Date Line West 1 00 60 CET Central European FWT French Win...

Страница 68: ...tch are as follows configure timezone 480 autodst configure sntp client update interval 1200 enable sntp client configure sntp client primary server 10 0 1 1 configure sntp client secondary server 10...

Страница 69: ...ence Guide Some commands are also described in this user guide in order to describe how to use the features of the ExtremeWare software However only a subset of commands are described here and in some...

Страница 70: ...ames followed by an ellipses to indicate that there are more names than can be displayed The syntax helper also provides assistance if you have entered an incorrect command Abbreviated Syntax Abbrevia...

Страница 71: ...or example in the syntax configure vlan vlan name ipaddress ipaddress you must supply a VLAN name for vlan name and an address for ip_address when entering the command Do not type the angle brackets s...

Страница 72: ...ine Editing Keys Key s Description Backspace Deletes character to left of cursor and shifts remainder of line to left Delete or Ctrl D Deletes character under cursor and shifts remainder of line to le...

Страница 73: ..._timezone_ID GMT_offset autodst name dst_timezone_ID dst_offset begins every floatingday on absoluteday at time_of_day ends every floatingday on absoluteday at time_of_day noautodst Configures the tim...

Страница 74: ...clear licensing information This license cannot be disabled once it is enabled on the switch enable ssh2 access profile access profile none port tcp_port_number Enables SSH2 sessions By default SSH2...

Страница 75: ...been terminated If you have logged on with administrator capabilities the command line prompt ends with a sign For example Summit18 Prompt Text The prompt text is taken from the SNMP sysname setting...

Страница 76: ...ollowing command configure account user 4 Enter the new password at the prompt 5 Re enter the new password at the prompt NOTE If you forget your password while logged out of the command line interface...

Страница 77: ...first create another administrator level account Remember to manually delete the default account again every time you download a configuration Domain Name Service Client Services The Domain Name Serv...

Страница 78: ...s traceroute host name ip from source IP address ttl number port port number where ip_address is the IP address of the destination endstation hostname is the hostname of the destination endstation To...

Страница 79: ...de 79 from uses the specified source address in the ICMP packet If not specified the address of the transmitting interface is used ttl configures the switch to trace the hops until the time to live ha...

Страница 80: ...80 ExtremeWare 7 2e Installation and User Guide Accessing the Switch...

Страница 81: ...Even though a port is disabled the link remains enabled for diagnostic purposes Configuring Switch Port Speed and Duplex Setting When configuring the speed and duplex setting for a port autonegotiatio...

Страница 82: ...the system to autonegotiate use the following command configure ports portlist mgmt all auto on Summit 400 ports do not advertise or support flow control frames Turning Off Autonegotiation for a Gigab...

Страница 83: ...en endstations that support larger frame sizes for more efficient transfers of bulk data Both endstations involved in the transfer must be capable of supporting jumbo frames The switch only performs I...

Страница 84: ...nd DF set When the source host receives the message sometimes called a Datagram Too Big message the source host reduces its assumed path MTU and retransmits the datagrams The path MTU discovery proces...

Страница 85: ...ragmentation can only be used for traffic that stays within the same VLAN To use IP fragmentation for traffic that is set to other VLANs you must configure all ports in the VLAN for jumbo frame suppor...

Страница 86: ...llowing command configure sharing address based ip dest ip source ip source dest mac dest mac source mac source dest where ip dest Indicates that the switch should examine the IP destination address i...

Страница 87: ...see the ExtremeWare Software User Guide To define a load sharing group you assign a group of ports to a single logical port number To enable or disable a load sharing group use the following commands...

Страница 88: ...fic You can define the traffic filter based on the physical port All data that traverses the port regardless of VLAN configuration is copied to the monitor port Up to eight mirroring filters and one m...

Страница 89: ...port configure mirroring add port 1 default Extreme Discovery Protocol The Extreme Discovery Protocol EDP is used to gather information about neighbor Extreme Networks switches EDP is used by the swi...

Страница 90: ...k is not used even if available Automatic Failover Examples If we can establish port 4 as the primary uplink and port 4X as the redundant uplink port using the CLI configure ports 4 preferred medium c...

Страница 91: ...m The segments are defined by flexible user groups you create with the command line interface Benefits Implementing VLANs on your networks has the following advantages VLANs help to control traffic Wi...

Страница 92: ...port based VLAN you must remove it from the default VLAN unless the new VLAN uses a protocol other than the default protocol any A port can be a member of only one port based VLAN On the Summit 400 s...

Страница 93: ...t 4 on system 1 the BlackDiamond switch and port 1X on system 2 the Summit 400 switch Figure 14 Single port based VLAN spanning two switches To create multiple VLANs that span two switches in a port b...

Страница 94: ...ytes This may affect packet error counters in other devices and may also lead to connectivity problems if non 802 1Q bridges or routers are placed in the path Uses of Tagged VLANs Tagging is most comm...

Страница 95: ...switch the switch determines in real time if each destination port should use tagged or untagged packet formats for that VLAN The switch adds and strips tags as required by the port configuration for...

Страница 96: ...d goes to the other stations on this network is not tagged Mixing Port Based and Tagged VLANs You can configure the switch using a combination of port based and tagged VLANs A given port can be a memb...

Страница 97: ...Default VLAN The switch ships with one default VLAN that has the following properties The VLAN name is default It contains all the ports on a new or initialized switch The default VLAN is untagged on...

Страница 98: ...keyword vlan after you have created the unique VLAN name You can use the VLAN name alone The following example creates a tag based VLAN named video It assigns the VLANid 1000 Ports 4 through 8 are ad...

Страница 99: ...rt MAC Based VLAN Guidelines When using the MAC to VLAN mapping consider the following guidelines A port can only accept connections from an endstation host and should not be connected to a layer 2 re...

Страница 100: ...ted with it allowing it to be plugged into any port that is in MacVlanDiscover mode ports 10 15 in this case The MAC address 00 00 00 00 00 01 has a group number of 10 associated with it and can only...

Страница 101: ...incremental configuration without the automatic rebooting of the switch The following example shows an incremental configuration file for MAC based VLAN information that updates the database and save...

Страница 102: ...102 ExtremeWare 7 2e Installation and User Guide Virtual LANs VLANs...

Страница 103: ...entifier for the port and VLAN on which it was received The age of the entry The number of IP FDB entries that use this MAC address as a next hop or last hop Flags Frames destined for MAC addresses th...

Страница 104: ...ers the MAC address in the packets that it examines A permanent dynamic entry is typically used to associate QoS profiles with the FDB entry Permanent dynamic entries are identified by the p and d fla...

Страница 105: ...en exceeded Blackhole entries are treated like permanent entries in the event of a switch reset or power off on cycle Blackhole entries are never aged out of the database Disabling MAC Address Learnin...

Страница 106: ...order to use this feature you must create a wildcard permanent FDB entry named any mac and apply the QoS profile to the individual MAC entry NOTE For more information on QoS profiles see Chapter 7 FDB...

Страница 107: ...tatic entries can be deleted if the switch is reset Displaying FDB Entries To display FDB entries use the following command show fdb mac_address permanent ports portlist vlan vlan name where the follo...

Страница 108: ...108 ExtremeWare 7 2e Installation and User Guide Forwarding Database FDB...

Страница 109: ...page 115 Configuring DiffServ on page 117 Physical and Logical Groupings on page 119 Verifying Configuration and Performance on page 120 Verifying Configuration and Performance on page 120 Modifying a...

Страница 110: ...for each traffic type are given below and summarized in Table 21 Consider them as general guidelines and not strict recommendations Once QoS parameters are set you can monitor the performance of the...

Страница 111: ...is may be created by some Java based applications In addition Web based applications are generally tolerant of latency jitter and some packet loss however small packet loss may have a large impact on...

Страница 112: ...ttributes such as bandwidth The parameters that make up a QoS profile include Priority The level of priority assigned to a hardware queue on a physical port There are eight different available priorit...

Страница 113: ...ermined precedence for which traffic grouping will apply In general the more specific traffic grouping takes precedence By default all traffic groupings are placed in the QoS profile Qp1 The supported...

Страница 114: ...e 2000 create access list alist amask dest ip 10 1 2 1 24 source ip 10 1 1 1 24 permit qosprofile qp3 To create a MAC based traffic grouping use this command create fdbentry 00 11 22 33 44 55 vlan Def...

Страница 115: ...nfigures the switch to not forward any packets to the destination MAC address on any ports for the VLAN specified The blackhole option is configured using the following command create fdbentry mac_add...

Страница 116: ...priority field maps it to a specific hardware queue when subsequently transmitting the packet The 802 1p priority field is located directly following the 802 1Q type field and preceding the 802 1Q VL...

Страница 117: ...nsmitting the packet This behavior is not affected by the switching or routing configuration of the switch However the switch is capable of replacing the 802 1p priority information To replace 802 1p...

Страница 118: ...ble DiffServ information use the following command enable diffserv examination ports portlist all To disable DiffServ information use the following command disable diffserv examination ports portlist...

Страница 119: ...e To display the DiffServ configuration use the following command show ports mgmt portlist info detail NOTE The show ports command displays only the default code point mapping Physical and Logical Gro...

Страница 120: ...t hardware queues QP1 QP8 associated with any port s The QoS monitor keeps track of the number of frames and the frames per second that a specific ingress queue is responsible for transmitting on a ph...

Страница 121: ...0 0 Displaying QoS Profile Information The QoS monitor can also be used to verify the QoS configuration and monitor the use of the QoS policies that are in place To display QoS information on the swi...

Страница 122: ...al groupings of a source port or VLAN re apply the QoS profile to the source port or VLAN as documented You can also save and reboot the switch Traffic Rate Limiting The Summit 400 switch rate limitin...

Страница 123: ...y for viewing port statistic information The summary information lists values for the current counter against each port on each operational module in the system and it is refreshed approximately every...

Страница 124: ...expired Transmit Deferred Frames TX Deferred The total number of frames that were transmitted by the port after the first transmission attempt was deferred by other network traffic Transmit Errored Fr...

Страница 125: ...eboot shutdown Where the following is true none Configures the level to no recovery all Configures ExtremeWare to log an error into the syslog and automatically reboot the system after any task except...

Страница 126: ...played both on the console and from telnet sessions display stored log messages from the memory buffer or NVRAM upload event logs stored in memory to a TFTP server display counts of event occurrences...

Страница 127: ...t matches any messages the expression that matches any message is displayed as Match none from the command line And finally each target has a format associated with it To display the current log confi...

Страница 128: ...e filter can specify exactly which message it will pass Constructing a filter is discussed in the section Filtering By Components and Conditions Components and Conditions Beginning with the introducti...

Страница 129: ...A component or subcomponent will often have several conditions associated with it To see the conditions associated with a component use the following command show log events event condition all event...

Страница 130: ...event condition to pass You might create a filter from scratch if you wanted to pass a small set of events and block most If you want to exclude a small set of events there is a default filter that pa...

Страница 131: ...or this filter since no match was configured for this filter Matches are discussed in the section Matching Expressions Each time a filter item is added to or deleted from a given filter the events spe...

Страница 132: ...nvram session syslog host name ip udp port local0 local7 filter filter name severity severity only Each event in ExtremeWare is defined with a message format and zero or more parameter types The show...

Страница 133: ...meter types in the match criteria need not be present in the event definition Formatting Event Messages Event messages are made up of a number of items The individual items can be formatted however EM...

Страница 134: ...ing only affects the current session and is lost when you log off the session The messages that are displayed depend on the configuration and format of the target See the section Filtering Events Sent...

Страница 135: ...rences of events Even when an event is filtered from all log targets the event is counted The exception to this is events of any of the debug severities which are only counted when the log debug mode...

Страница 136: ...your targets will still affect which messages are passed on or blocked NOTE Previous versions of ExtremeWare used the debug trace command to enable debugging Not all systems in ExtremeWare were conver...

Страница 137: ...mmand related to remote syslog hosts configure syslog add host name ip udp port local0 local7 severity is equivalent to the following two commands configure syslog add hostname IP udp port local0 loca...

Страница 138: ...lligent remotely controlled device or software agent that continually collects statistics about a LAN segment or VLAN The probe transfers the information to a management workstation on request or when...

Страница 139: ...both log and send a trap The RMON traps are defined in RFC 1757 for rising and falling thresholds Effective use of the Events group saves you time Rather than having to watch real time graphs for imp...

Страница 140: ...you can define for each alarm are shown in Table 29 To be notified of events using SNMP traps you must configure one or more trap receivers as described in Chapter 2 Table 29 Event Actions Action High...

Страница 141: ...sers Using RADIUS or TACACS on page 170 Secure Shell 2 SSH2 on page 177 Security Overview Extreme Networks products incorporate a number of features designed to enhance the security of your network No...

Страница 142: ...describe how to use access control lists Access Masks There are sixteen access masks available in the Summit 400 48t depending on which features are enabled on the switch Each access mask is created w...

Страница 143: ...initiate a new TCP session see The permit established Keyword on page 145 Permit Forward the packet You can send the packet to a particular QoS profile and modify the packet s 802 1p value and or Diff...

Страница 144: ...limit value can be set at 8 16 24 32 1000 Mbps NOTE The rate limit specified in the command line does not precisely match the actual rate limit imposed by the hardware due to hardware constraints See...

Страница 145: ...efault rule is specified the default behavior is to forward the packet NOTE If your default rule denies traffic you should not apply this rule to the Summit 400 48t port used as a management port Once...

Страница 146: ...ntrol list using an access mask without ports defined will require 5 rules one for each of the 5 blocks of ports on the hardware The maximum number of rate limiting rules allowed is 315 63 5 This numb...

Страница 147: ...10 10 100 and 10 10 20 100 IP Forwarding is enabled Figure 20 Permit established access list example topology The following sections describe the steps used to configure the example Step 1 Deny IP Tr...

Страница 148: ...tocol tcp dest ip 10 10 20 100 32 source ip 10 10 10 100 32 ports 2 permit qp1 create access list tcp2_1 ip_addr_mask ipprotocol tcp dest ip 10 10 10 100 32 source ip 10 10 20 100 32 ports 10 permit q...

Страница 149: ...t 23 ports 10 permit established NOTE This step may not be intuitive Pay attention to the destination and source address the ingress port that the rule is applied to and the desired affect NOTE This r...

Страница 150: ...thenticated Network Login is controlled by an administrator on a per port per VLAN basis When Network Login is enabled on a port in a VLAN that port will not forward any packets until authentication t...

Страница 151: ...e the switch so that the user is placed on the correct VLAN When a new user accesses the network 802 1x authenticates the user through a RADIUS server to a user in an NT domain The reply from the RADI...

Страница 152: ...ation happens transparently Authentication happens at layer 2 Does not involve getting a temporary IP address and subsequent release of the address to a get a more permanent IP address Allows for peri...

Страница 153: ...2 1x client if using 802 1x authentication Modes of Operation Network login has two modes of operation Campus mode ISP mode Campus Mode Campus mode is meant for mobile users who tend to move from one...

Страница 154: ...alled in the computer certificate store and user authentication requires a certificate installed in the individual user s certificate store By default the XP machine performs computer authentication a...

Страница 155: ...others use 802 1x There are certain restrictions for multiple supplicant support Web based mode will not support Campus mode for multiple supplicant because once the first MAC gets authenticated the...

Страница 156: ...port has been added for Network Login Network Login and MAC limits cannot be used together on the same switch see Network Login on page 150 EAP NAK cannot be used to negotiate 802 1x authentication ty...

Страница 157: ...needed files Once the user has installed the certificate from the Certificate Authority and downloaded the 802 1x client the user can reconnect to the network using 802 1x without the need to authenti...

Страница 158: ...ess A page opens with a link for Network Login 6 Click the Network Login link A dialog box opens requesting a username and password 7 Enter the username and password configured on the RADIUS server Af...

Страница 159: ...isplaying DHCP Information To display the DHCP configuration including the DHCP range DHCP lease timer network login lease timer DHCP enabled ports IP address MAC address and time assigned to each end...

Страница 160: ...val Session refresh is disabled by default To enable or disable network login logout privilege use one of the following commands enable netlogin logout privilege disable netlogin logout privilege This...

Страница 161: ...figuring an Access Profile Mode After the access profile is created you must configure the access profile mode The access profile mode determines whether the items in the list are to be permitted acce...

Страница 162: ...and ignore all addresses within the subnet If you are using off byte boundary subnet masking the same logic applies but the configuration is more tricky For example the network address 141 251 24 128...

Страница 163: ...AS number 1 followed by any AS number from 2 8 and ending with either AS number 11 13 or 15 configure access profile AS1 add 20 deny as path 111 2 8 This command configures the access profile to deny...

Страница 164: ...le none Import Filter Use an access profile to determine which RIP routes are accepted as valid routes This policy can be combined with the trusted neighbor policy to accept selected routes only from...

Страница 165: ...s to build the access policy would be create access profile nosales ipaddress configure access profile nosales mode deny configure access profile nosales add 10 2 1 0 24 configure rip vlan backbone im...

Страница 166: ...iated LSAs in that area time out ASBR Filter For switches configured to support RIP and static route re distribution into OSPF an access profile can be used to limit the routes that are advertised int...

Страница 167: ...Neighbor Use an access profile to determine trusted PIM router neighbors for the VLAN on the switch running PIM To configure a trusted neighbor policy use the following command configure pim vlan vla...

Страница 168: ...U with packets requiring costly processing DoS Protection is designed to help prevent this degraded performance by attempting to characterize the problem and filter out the offending traffic so that o...

Страница 169: ...but not class D address with checksum errors and non IP packets Broadcast traffic IP multicast unknown These are IPMC packets that do not have corresponding IPMC FDB entries Learning packets These ar...

Страница 170: ...tremeWare provides two methods to authenticate users who login to the switch RADIUS client TACACS RADIUS Client Remote Authentication Dial In User Service RADIUS RFC 2138 is a mechanism for authentica...

Страница 171: ...and disable radius Configuring RADIUS Accounting Extreme switches are capable of sending RADIUS accounting information As with RADIUS authentication you can specify two servers for receipt of accounti...

Страница 172: ...erver for communicating back to the switch RADIUS RFC 2138 Attributes The RADIUS RFC 2138 optional attributes supported are as follows User Name User Password Service Type Login IP Host Using RADIUS S...

Страница 173: ...secret is incorrectly sent to the switch resulting in an inability to authenticate As a work around do not configure a shared secret for RADIUS accounting and authentication servers on the switch Lim...

Страница 174: ...articular command The asterisk cannot be used as the beginning of a command Reserved words for commands are matched exactly to those in the profiles file Due to the exact match it is not enough to sim...

Страница 175: ...thentication enable the CLI authorization function and indicate a profile name for that user If authorization is enabled without specifying a valid profile the user is unable to perform any commands N...

Страница 176: ...ve Profile Name Profile1 Filter Id unlim Extreme Extreme CLI Authorization Enabled lulu Password Service Type Administrative Profile Name Profile1 Filter Id unlim Extreme Extreme CLI Authorization Ena...

Страница 177: ...the F Secure SSH client products from Data Fellows corporation These applications are available for most operating systems For more information see the Data Fellows website at http www datafellows co...

Страница 178: ...pregenerated key The key generation process generates the SSH2 private host key The SSH2 public host key is derived from the private host key and is automatically transmitted to the SSH2 client at th...

Страница 179: ...h can function as an SSH2 client This means you can connect from the switch to a remote device running an SSH2 server and send commands to that device You can also use SCP2 to transfer files to and fr...

Страница 180: ...180 ExtremeWare 7 2e Installation and User Guide Security...

Страница 181: ...ge of converging in less than a second when a link in the ring breaks An Ethernet ring built using EAPS can have resilience comparable to that provided by SONET rings at a lower cost and with fewer re...

Страница 182: ...ks the secondary port for all non control traffic belonging to this EAPS domain thereby avoiding a loop in the ring like STP Layer 2 switching and learning mechanisms operate per existing standards on...

Страница 183: ...ther information about neighbor Extreme switches Extreme switches use EDP to exchange topology information master node A switch or node that is designated the master in an EAPS domain ring The master...

Страница 184: ...the switch for the master node to determine whether the ring is complete To avoid loops in the network the control VLAN must be NOT be configured with an IP address and ONLY ring ports may be added to...

Страница 185: ...e master node will receive the health check packet on its secondary port the control VLAN is not blocked on the secondary port When the master node receives the health check packet it resets its failt...

Страница 186: ...all its associated transit nodes to flush their forwarding databases When the transit nodes receive the message to flush their forwarding databases they perform these steps 1 Flush their forwarding d...

Страница 187: ...hese commands apply only to the master node If you configure the polling timers for a transit node they will be ignored If you later reconfigure that transit node as the master node the polling timer...

Страница 188: ...ports As part of the protection switching scheme one port must be configured as the primary port the other must be configured as the secondary port If the ring is complete the master node prevents a...

Страница 189: ...High priority setting by itself should ensure that the control VLAN traffic gets through a congested port first you should not need to set the QoS profile minimum bandwidth minbw or maximum bandwidth...

Страница 190: ...S port sets its internal configuration state to INVALID which causes the port to appear in the Idle state with a port status of Unknown when you use the show eaps name detail command to display the st...

Страница 191: ...s 1 EAPSD Bridge links 2 Name eaps1 instance 0 State Links Up Running Yes Enabled Yes Mode Transit Primary port 10 Port status Up Tag status Tagged Secondary port 20 Port status Up Tag status Tagged H...

Страница 192: ...tinue to remain in COMPLETE or INIT state with it s secondary port blocking Running Yes This EAPS domain is running No This EAPS domain is not running Enabled Indicates whether EAPS is enabled on this...

Страница 193: ...This value is set internally by the EAPS software Last update 1 Displayed only for transit nodes indicates the last time the transit node received a hello packet from the master node identified by its...

Страница 194: ...194 ExtremeWare 7 2e Installation and User Guide Ethernet Automatic Protection Switching...

Страница 195: ...switch makes your network more fault tolerant The following sections explain more about STP and the STP features supported by ExtremeWare NOTE STP is a part of the 802 1d bridge specification defined...

Страница 196: ...ning tree If you delete a STPD the VLANs that were members of that STPD are also deleted You must remove all VLANs associated with the STP before deleting the STPD to preserve the VLAN configuration S...

Страница 197: ...STPDs running in this mode have a one to one relationship with VLANs and send and process packets in PVST format With this implementation on the Summit 400 PVST is also limited to supporting a single...

Страница 198: ...spanning tree name detail STP Configurations When you assign VLANs to an STPD pay careful attention to the STP configuration and its effect on the forwarding of VLAN traffic This section describes tw...

Страница 199: ...te and all bridging loops are prevented The VLAN Marketing which has been assigned to both STPD1 and STPD2 communicates using all five switches The topology has no loops because STP has already blocke...

Страница 200: ...rketing Therefore if the trunk for VLAN marketing on switches 1 and 3 is blocked the traffic for VLAN marketing will not be able to traverse the switches NOTE If an STPD contains multiple VLANs all VL...

Страница 201: ...STPDS you do not have to create a separate domain for VLAN red Instead VLAN red is piggybacked onto those domains local to other VLANs Figure 33 VLAN Spanning Multiple STPDs In addition the configurat...

Страница 202: ...tiple non PVST VLANs to be in the same STP domain Native VLAN In PVST the native VLAN must be peered with default VLAN on Extreme devices as both are the only VLAN allowed to send and receive untagged...

Страница 203: ...rtest path to the root bridge All bridges except the root bridge contain one root port For more information about the root port see Port Roles on page 203 designated port Provides the shortest path co...

Страница 204: ...ent To prevent loops in the network there is only one designated port on each LAN segment To select the designated port all bridges that are connected to a particular segment listen to each other s BP...

Страница 205: ...The range is 1 to 10 seconds Forward delay A port moving from the blocking state to the forwarding state uses the forward delay timer to transition through the listening and learning states In RSTP th...

Страница 206: ...nfirmed If an edge port receives a BPDU it enters an inconsistency state An inconsistency state puts the edge port into the blocking state and starts the message age timer Every time the edge port rec...

Страница 207: ...d bridge Figure 34 Example of root port rapid behavior If the backup port receives the BPDU first STP processes this packet and temporarily elects this port as the new root port while the designated p...

Страница 208: ...forwarding state after receiving a single agree message Receiving Bridge Behavior The receiving bridge must decide whether or not to accept a proposal from a port Upon receiving a proposal for a root...

Страница 209: ...n The preceding steps describe how the network reconverges 1 If the link between bridge A and bridge F goes down bridge F detects the root port is down At this point bridge F Immediately deletes that...

Страница 210: ...update bridge E Regards itself as the new root bridge Sends BPDU messages on both of its root ports to bridges F and D respectively Figure 37 New root bridge selected 3 When bridge F receives the supe...

Страница 211: ...t confirmation of its designated role and to rapidly move the port into the designated state Figure 39 Sending a propose message to confirm a port role 5 Upon receiving the proposal bridge E Performs...

Страница 212: ...cting with legacy STP bridges Each RSTP bridge contains a port protocol migration state machine to ensure that the ports in the STPD operate in the correct configured mode The state machine is a proto...

Страница 213: ...to that port If a port supports 802 1w STPD then the port must be configured with a default VLAN If not the BPDUs for that STPD are not flooded when the STPD is disabled If an STPD contains both PVST...

Страница 214: ...his section provides three configuration examples Basic 802 1d STP RSTP 802 1w Basic 802 1d Configuration Example The following example creates and enables an STPD named Backbone_st It assigns the Man...

Страница 215: ...lan personnel create vlan marketing configure vlan sales add ports 1 2 tagged configure vlan personnel add ports 1 2 tagged configure vlan marketing add ports 1 2 tagged configure stpd stpd1 add vlan...

Страница 216: ...ree name ports portlist detail This command displays the following information STPD port configuration STPD port mode of operation STPD path cost STPD priority STPD state root bridge and so on Port ro...

Страница 217: ...Displaying STP Settings ExtremeWare 7 2e Installation and User Guide 217 STPD port state forwarding blocking and so on Configured port link type Operational port link type...

Страница 218: ...218 ExtremeWare 7 2e Installation and User Guide Spanning Tree Protocol STP...

Страница 219: ...1256 ICMP Router Discovery Messages RFC 1812 Requirements for IP Version 4 Routers NOTE For more information on interior gateway protocols see Chapter 13 Overview of IP Unicast Routing The switch pro...

Страница 220: ...igure the IP address belonging to the same subnet on different VLANs In Figure 44 a switch is depicted with two VLANs defined Finance and Personnel Port 8 15 are assigned to Finance ports 24 48 are as...

Страница 221: ...le when an update for the network is not received for a period of time as determined by the routing protocol Static Routes Static routes are manually entered into the routing table Static routes are u...

Страница 222: ...he path over which the traffic will travel Subnet Directed Broadcast Forwarding You can enable or disable the hardware forwarding of subnet directed broadcast IP packets This allows the switch to forw...

Страница 223: ...some networks it is desirable to configure the IP host with a wider subnet than the actual subnet mask of the segment Proxy ARP can be used so that the router answers ARP Requests for devices outside...

Страница 224: ...ress ipaddress netmask mask length Ensure that each VLAN has a unique IP address 3 Configure a default route using the following command configure iproute add default gateway metric Default routes are...

Страница 225: ...t and VLAN for each host show ipconfig Displays configuration information for one or more VLANs Routing Configuration Example Figure 45 illustrates a switch that has three VLANs defined as follows Fin...

Страница 226: ...chables time exceeded parameter problems redirects time stamp and address mask requests To enable or disable the generation of an ICMP address mask reply on one or all VLANs use the following commands...

Страница 227: ...lists are described in Chapter 9 Configuring DHCP BOOTP Relay Once IP unicast routing is configured you can configure the switch to forward Dynamic Host Configuration Protocol DHCP or BOOTP requests c...

Страница 228: ...o disable the DHCP relay agent option use the following command unconfigure bootprelay dhcp agent information option In some instances a DHCP server may not properly handle a DHCP request packet conta...

Страница 229: ...packets by port number that are used and where they are to be forwarded You must give the profile a unique name in the same manner as a VLAN protocol filter or Spanning Tree Domain Next configure a VL...

Страница 230: ...ver You can use UDP Echo packets to measure the transit time for data between the transmitting and receiving end To enable UDP echo server support use the following command enable udp echo server To d...

Страница 231: ...ge 242 Configuring OSPF on page 242 OSPF Configuration Example on page 243 Displaying OSPF Settings on page 245 This chapter assumes that you are already familiar with IP unicast routing If not refer...

Страница 232: ...dentical routing table created from information obtained from all routers in the autonomous system Each router builds a shortest path tree using itself as the root The link state protocol ensures that...

Страница 233: ...ds default value or if there is a change to the overall routed topology also called triggered updates If a router does not receive an update message from its neighbor within the route timeout period 1...

Страница 234: ...version 1 to include Variable Length Subnet Masks VLSMs Support for next hop addresses which allows for optimization of routes in certain environments Multicasting RIP version 2 packets can be multica...

Страница 235: ...e domain which ensures that all routers have a consistent view of the network Consistency is achieved by Limiting the number of external LSAs in the database of each router Ensuring that all routers h...

Страница 236: ...e capable router so that it becomes the elected DR For transmission to continue reliably across the network the backup designated router BDR must also support opaque LSAs NOTE Opaque LSAs are supporte...

Страница 237: ...to reduce memory consumption and computation requirements on OSPF routers Use the following command to configure an OSPF area as a stub area configure ospf area stub stub default cost Not So Stubby A...

Страница 238: ...area that connects to the backbone A virtual link must be established between two ABRs that have a common area with one ABR connected to the backbone Figure 46 illustrates a virtual link NOTE Virtual...

Страница 239: ...e OSPF link type based on the interface type This is the default setting Broadcast Any Routers must elect a designated router DR and a backup designated router BDR during synchronization Ethernet is a...

Страница 240: ...re distribution Configuring Route Re Distribution Exporting routes from one protocol to another and from that protocol to the first one are discreet configuration functions For example to run OSPF an...

Страница 241: ...s ase type 1 Enable or disable the export of virtual IP addresses to other OSPF routers using the following commands enable ospf export direct rip static cost number ase type 1 ase type 2 tag number d...

Страница 242: ...ddress 192 207 35 1 configure Personnel ipaddress 192 207 36 1 enable ipforwarding configure rip add vlan all enable rip Configuring OSPF Each switch that is configured to run OSPF must have a unique...

Страница 243: ...alue is 5 seconds NOTE The OSPF standard specifies that wait times are equal to the dead router wait interval OSPF Configuration Example Figure 49 is an example of an autonomous system using OSPF rout...

Страница 244: ...l routers Uses default routes for inter area routing Two router configurations for the example in Figure 49 are provided in the following section Configuration for ABR1 The router labeled ABR1 has the...

Страница 245: ...ering criteria for the show ospf lsdb command You can specify multiple search criteria and only results matching all of the criteria are displayed This allows you to control the displayed entries in l...

Страница 246: ...d on the level 1 area Matches are included in the level 2 LSP You can also configure the level 2 router to disregard the summary information This effectively acts as a filter preventing reachability i...

Страница 247: ...ot attach to any level 1 2 switch it is part of a level 1 only network a switch that attaches to at least one level 1 2 switch but none of the level 1 2 switches are attached to a level 2 backbone net...

Страница 248: ...248 ExtremeWare 7 2e Installation and User Guide Interior Gateway Protocols...

Страница 249: ...04 The following URLs point to the Web sites for the IETF Working Groups IEFT PIM Working Group http www ietf org html charters pim charter html IP Multicast Routing Overview IP multicast routing is a...

Страница 250: ...r receiving and distributing multicast packets RPs are elected by a bootstrap router BSR The job of the BSR is to broadcast bootstrap messages disseminate RP information and to elect the RP You may on...

Страница 251: ...router neighbors for the VLAN on the switch running PIM To configure a trusted neighbor policy enter the following command configure pim vlan vlan name all trusted gateway access profile none For exa...

Страница 252: ...hin a VLAN sends an IGMP leave message then the router will not receive any responses to the query and the router immediately will remove the VLAN from the multicast group Static IGMP In order to rece...

Страница 253: ...d troubleshooting A request is sent to a multicast router and the router responds with the following information code version system multicast information interface information interface IP address in...

Страница 254: ...timeout seconds maximum hops number Configuring IP Multicasting Routing To configure IP multicast routing you must do the following 1 Configure the system for IP unicast routing 2 Enable multicast ro...

Страница 255: ...re ospf add vlan all enable ipforwarding enable ipmcforwarding configure pim add vlan all sparse create access profile rp list ipaddress configure rp list add ipaddress 224 0 0 0 240 0 0 0 enable loop...

Страница 256: ...256 ExtremeWare 7 2e Installation and User Guide IP Multicast Routing...

Страница 257: ...nly a subset of the CLI some commands for the Summit 400 are not available using ExtremeWare Vista If a particular command is not represented in ExtremeWare Vista you must use the CLI to achieve the d...

Страница 258: ...maximize the amount of information displayed in the content frame The recommended resolution is 1024 x 768 pixels You can also use 800 x 600 pixels Turn off one or more of the browser toolbars to maxi...

Страница 259: ...e Vista ExtremeWare 7 2e Installation and User Guide 259 Figure 51 Home Page for ExtremeWare Vista 2 Click Logon to open the Username and Password dialog box shown in Figure 52 Figure 52 Username and...

Страница 260: ...remeWare Vista pages use a common HTML frameset comprised of two frames a content frame and a task frame The content frame contains the main body of information in ExtremeWare Vista The task frame con...

Страница 261: ...ed by incorrectly configured settings Success Displays informational messages after you click Submit The message displayed reads Request was submitted successfully These informational messages indicat...

Страница 262: ...across VLANs For an example of this window see Figure 55 In the top of the window is a table that shows each existing IP interface configuration The configuration box that follows allows you to use th...

Страница 263: ...24 Subnet Directed Broadcast Forwarding on page 222 IP Multicast Routing Overview on page 249 Figure 55 IP Interface Configuration License The License window allows you to enable the Advanced Edge lic...

Страница 264: ...IP static and direct interface routes to OSPF 2 Create or delete an OSPF area 3 Configure a range of IP addresses in an OSPF area 4 Configure an OSPF area 5 Configure an IP interface for OSPF 6 Config...

Страница 265: ...ications Use 0 if you do not have specific requirements for using a tag The tag value in this instance has no relationship with 802 1Q VLAN tagging Set the OSPF router ID to a user specified value or...

Страница 266: ...to add a range to an area set a netmask or to specify advertising If advertised the range is exported as a single LSA by the ABR You can also delete a range of IP addresses in an OSPF area Figure 58...

Страница 267: ...ate a VLAN with an area ID Configure OSPF for each VLAN area Configure a route filter for non OSPF routes exported into OSPF Configure the timers for one interface in the same OSPF area Configure misc...

Страница 268: ...F for each VLAN by VLAN name or area ID The third box shown in Figure 60 allows you to Select the VLAN by name that is being changed Enable or disable OSPF on the interface Specify whether the interfa...

Страница 269: ...configure an interface This section is shown at the bottom of Figure 62 The table displays the interface and whether an interface type is currently configured The configuration box allows you to speci...

Страница 270: ...either active or ready Autonegotiation Indicates whether to autonegotiate the port speed and the duplex mode Autonegotiation is either enabled or disabled Configuration Speed The setting for port spe...

Страница 271: ...arameters before submitting the change The selectable fields are Port Number Port numbers 1 to 48 or from 1 to 50 if you have the optional XEN card installed State The port state either enabled or dis...

Страница 272: ...window you can make multiple changes with a single update Enable or disable RIP for the switch Enable or disable aggregation Enable or disable redistribution of OSPF static routes through RIP Enable o...

Страница 273: ...alues Use the Submit button to submit the changes to the system Figure 65 RIP Global Configuration For more information about setting RIP parameters globally see Overview of RIP on page 233 Configure...

Страница 274: ...on used in receive mode Rx The RIP version used in transmission mode Tx Enable or disable RIP on a VLAN Configure RIP on a VLAN Set the Tx mode values for the selected VLANs The pull down menu allows...

Страница 275: ...figuration for the VLAN to the default values Use the Submit button to submit the changes to the system SNMP The SNMP window is divided into two sections The top section allows you to enter system gro...

Страница 276: ...ve a maximum of 127 characters and can be enclosed by double quotation marks Trap Information As shown in Figure 68 the lower section of the SNMP window allows you to enable SNMP and configure trap re...

Страница 277: ...n and User Guide 277 Figure 68 Configure Trap Options Spanning Tree From this window you can configure all aspects of a Spanning Tree Domain STPD The window is divided into two sections In the top sec...

Страница 278: ...col Data Units BPDUs from this STPD when it is the Root Bridge Bridge forward delay a value between 4 and 30 seconds default 15 seconds The bridge forward delay specifies the time that the ports in th...

Страница 279: ...t port The range is 0 through 31 where 0 indicates the lowest priority The default setting is 16 Path Cost Specifies the path cost of the port in this STPD The range is 1 through 65 535 The switch aut...

Страница 280: ...280 ExtremeWare 7 2e Installation and User Guide Using ExtremeWare Vista on the Summit 400 Figure 71 Spanning Tree Configuration 3 of 4 Figure 72 Spanning Tree Configuration 4 of 4...

Страница 281: ...n the switch is rebooted To retain the settings and have them load when you reboot the switch you must save the configuration to nonvolatile storage The switch can store two different configurations a...

Страница 282: ...s to the system Only users with read write authority have permission to change the switch s configuration There is also a checkbox to delete a user For more information on controlling user access see...

Страница 283: ...n example of the Configure VLAN Information Use the following fields to make changes to a VLAN IP Address Either changes the IP address or unconfigures the IP address The Unconfigure button resets the...

Страница 284: ...also known as access control lists ACLs are used to perform packet filtering and forwarding decisions on incoming traffic Each packet arriving on an ingress port is compared to the access list in seq...

Страница 285: ...et mask Dest L4 Port Destination UDP layer 4 port Src IP Source IP address Src IP Mask Source IP subnet mask Src L4 Port ICMP Source UDP layer 4 port ICMP TCP Permit Estb TCP permit established Egr Po...

Страница 286: ...st a rate limit can only be applied to a single port Each port has its own rate limit defined separately Each entry that makes up a rate limit contains a unique name and specifies a previously created...

Страница 287: ...atistics in the task bar to reveal the submenu links The following links appear in the submenu Event Log Contains system event log entries FDB Contains Forwarding Database entries IP ARP Contains the...

Страница 288: ...the levels of importance that the system can assign to a fault A fault level can either be classified as critical warning informational or debug By default log entries that are assigned a critical or...

Страница 289: ...y information is located at the bottom of the view The summary information contains the Total Total number of entries in this database view Static Number of static entries in this view Permanent Numbe...

Страница 290: ...P Use the IP ARP to find the MAC address associated with an IP address The IP ARP table contains the following fields Destination The destination IP address MAC Address The MAC address associated with...

Страница 291: ...sabled Ipmc Routing Indicates whether IP multicast forwarding is enabled or disabled on the switch This setting is either enabled or disabled Use Redirects Indicates whether the switch can modify the...

Страница 292: ...er advertisements The default setting is 450 seconds Lifetime The client aging timer setting the default is 1 800 seconds Preference The preference level of the router An IRDP client always uses the r...

Страница 293: ...t unreachable messages type 3 code 3 when a TPC or UDP request is made to the switch and no application is waiting for the request or access policy denies the request IGMP IGMP is enabled or disabled...

Страница 294: ...OSPFInter RIP OSPFExtern1 OSPFExtern2 BOOTP As shown in Figure 85 you can also use the View Options to restrict different aspects of the view For more information on IP routing see Populating the Rou...

Страница 295: ...rough the switch As shown at the top of Figure 86 these statistics are grouped into four logical groups Inbound traffic Outbound traffic Bad packets received Other types of errors Figure 86 Global IP...

Страница 296: ...nterface IP Statistics The Router Interface IP Statistics give detailed traffic details at the VLAN level as shown in Figure 88 For each interface the table provides VLAN name Interface ID IP Address...

Страница 297: ...rface IP Statistics Ports This window provides information about active ports as reported by the Summit 400 hardware As shown in Figure 89 the report consists of the following fields Port Number Port...

Страница 298: ...g ExtremeWare Vista on the Summit 400 Figure 89 Physical Port Statistics Port Collisions This window provides information about Ethernet collisions that occur when the port is operating in half duplex...

Страница 299: ...lisions Port Errors In this window you can review Ethernet link errors As shown in Figure 91 the table reflects the following information for each active port Link State Rx Lost Rx Bad Cyclic Redundan...

Страница 300: ...ort speed either 10 100 1000 or auto Link Status Either active A or ready R Rx Pkt Sec Received packets rate Peak Rx Pkt Sec Peak received packet rate Tx Pkt Sec Transmission packet rate Peak Tx Pkt S...

Страница 301: ...on Protocol Statistics table shows the number of route changes and the number of queries As shown in Figure 93 at the interface level the Router Interface Statistics table shows the following fields V...

Страница 302: ...age Selected Primary or secondary image and version number of the image Software Image Booted Actual image running Configuration Selected Either primary or secondary Configuration Booted Either primar...

Страница 303: ...tatus Figure 94 Hardware Status Locating Support Information ExtremeWare Vista provides a central location to find support information and to download the most current software images Click Support in...

Страница 304: ...e images using Trivial File Transfer Protocol TFTP from this window As shown in Figure 97 you need to provide the following information TFTP Server Address Obtain this address from your Customer Suppo...

Страница 305: ...e 7 2e Installation and User Guide 305 Figure 96 TFTP Download Contact Support The Contact Support window contains the mailing address telephone number fax number and URL for Customer Support An examp...

Страница 306: ...a on the Summit 400 Figure 97 Support Address Email Support When you click the submenu link for Email Support the browser closes the ExtremeWare Vista page and opens your browser s email window You ca...

Страница 307: ...n and User Guide 307 Figure 98 Email Support Logging Out of ExtremeWare Vista When you click the Logout button in the task frame it causes an immediate exit from ExtremeWare Vista Be sure you want to...

Страница 308: ...308 ExtremeWare 7 2e Installation and User Guide Using ExtremeWare Vista on the Summit 400...

Страница 309: ...ons Height 1 73 inches 4 40 cm Width 17 6 inches 44 1 cm Depth 16 4 inches 41 6 cm Weight Weight 11 lbs 4 98 kg Temperature and Humidity Operating Temperature 0 to 40 C 32 to 104 F Storage Temperature...

Страница 310: ...03 Class A Canada Emissions Europe 89 336 EEC EMC Directive ETSI EN 300 386 2001 EU Telecommunications Emissions and Immunity EN55022 1998 Class A European Emissions EN55024 1998 includes IEC EN 61000...

Страница 311: ...etwork Ingress Filtering Defeating Denial of Service Attacks which employ IP Source Address Spoofing RPF Unicast Reverse Path Forwarding Control Wire speed ACLs Rate Limiting by ACLs IP Broadcast Forw...

Страница 312: ...FC 2131 Dynamic Host Configuration Protocol RFC 1591 Domain Name System Structure and Delegation RFC 1122 Requirements for Internet Hosts Communication Layers RFC 768 User Datagram Protocol RFC 791 In...

Страница 313: ...rotocol SNMPv3 RFC 3415 View based Access Control Model VACM for the Simple Network Management Protocol ExtremeWare vendor MIB includes ACL MAC FDB IP FDB MAC Address Security QoS policy and VLAN conf...

Страница 314: ...GET but not SET support for a subset of the MPLS LSR MIB as defined in the Internet Draft draft ietf mpls lsr mib 07 txt and a subset of the MPLS LDP MIB as defined in the Internet Draft draft ietf m...

Страница 315: ...ion SNMPv3 user based security with encryption authentication RFC 1492 An Access Control Protocol Sometimes Called TACACS RFC 2138 Remote Authentication Dial In User Service RADIUS RFC 2139 RADIUS Acc...

Страница 316: ...316 ExtremeWare 7 2e Installation and User Guide Technical Specifications...

Страница 317: ...cted to the serial port using the XMODEM protocol Downloading a new image involves the following steps Load the new image onto a TFTP server on your network if you will be using TFTP Load the new imag...

Страница 318: ...r various ExtremeWare versions Table 44 Image version fields Field Description major Specifies the ExtremeWare Major version number sub_major Specifies the ExtremeWare Sub major version number minor S...

Страница 319: ...meters that you have selected to run on the switch As you make configuration changes the new settings are stored in run time memory Settings that are stored in run time memory are not retained by the...

Страница 320: ...py of the file to the same switch or to one or more different switches Send a copy of the configuration file to the Extreme Networks Technical Support department for problem solving purposes Automatic...

Страница 321: ...TP you are prompted to reboot the switch The downloaded configuration file is stored in current switch memory during the rebooting process and is not retained if the switch has a power failure When th...

Страница 322: ...d only when the save command is issued or if the configuration file itself contains the save command If the configuration currently running in the switch does not match the configuration that the swit...

Страница 323: ...orming a serial download of an image For example to change the image that the switch boots from in flash memory press 1 for the image stored in primary or 2 for the image stored in secondary Then pres...

Страница 324: ...324 ExtremeWare 7 2e Installation and User Guide Software Upgrade and Boot Options...

Страница 325: ...are powered up Both ends of the Gigabit link are set to the same autonegotiation state The Gigabit link must be enabled or disabled on both sides If the two sides are different typically the side wit...

Страница 326: ...there is an open or short For example the following command set tests the Ethernet cable inserted into port 1 The four copper pairs do not all have the same length which might indicate a kink in the...

Страница 327: ...rrectly configured and that the device has been reset Ensure that you enter the IP address of the switch correctly when invoking the Telnet facility Check that Telnet access was not disabled for the s...

Страница 328: ...switch to another hub or switch ensure that you are using a CAT5 cross over cable This is a CAT5 cable that has pins 1 2 on one end connected to pins 3 6 on the other end Also try running the cable d...

Страница 329: ...1 2 ERROR Protocol conflict on port 1 5 you already have a VLAN using untagged traffic on a port Only one VLAN using untagged traffic can be configured on a single physical port VLAN configuration can...

Страница 330: ...orwarding Database FDB Reduce the number of topology changes by disabling STP on those systems that do not use redundant paths Specify that the endstation entries are static or permanent Debug Tracing...

Страница 331: ...EPROM You can use the show switch command to see how long an individual component has been in service since it was manufactured Reboot Loop Protection If the system reboots due to a failure that remai...

Страница 332: ...k issue that you are unable to resolve contact Extreme Networks technical support Extreme Networks maintains several Technical Assistance Centers TACs around the world to answer networking questions a...

Страница 333: ...ooping delete static router 252 configure igmp snooping filter 253 configure iparp add proxy 223 configure ip mtu vlan 83 85 configure iproute add default 48 51 224 configure iproute priority 224 conf...

Страница 334: ...gure stpd mode 196 configure stpd port link type 205 configure syslog 137 configure sys recovery level 73 125 configure time 73 configure timezone 65 73 configure vlan ipaddress 50 224 configure vlan...

Страница 335: ...able ospf export 241 enable ospf export rip 241 enable ospf export static 221 241 enable pim 254 enable ports 81 enable radius 171 enable radius accounting 172 enable rip 224 enable rip export 241 ena...

Страница 336: ...dress based 86 show snmpv3 access 59 show snmpv3 filter 63 show snmpv3 filter profile 63 show snmpv3 group 59 show snmpv3 mib view 61 show snmpv3 notify 63 show snmpv3 target addr 62 show snmpv3 targe...

Страница 337: ...ced Edge license 30 263 agent circuit ID sub option 228 agent remote ID sub option 228 aging entries FDB 104 alarm actions 140 Alarms RMON 139 areas OSPF 236 ARP communicating with devices outside sub...

Страница 338: ...n 196 users 75 default route 330 default VLAN 97 delete access list 146 access masks 146 access profile 163 BOOTP relay 227 EAPS domain 186 filter 63 group 59 MIB view 61 OSPF area using ExtremeWare V...

Страница 339: ...LED 23 FDB 103 to 107 adding an entry 103 aging entries 104 blackhole entries 105 contents 103 creating a permanent entry example 106 displaying 107 dynamic entries 104 entries 103 non aging entries 1...

Страница 340: ...ring group description 85 master port 87 static 85 verifying the configuration 87 logging configuration changes 137 fault level 288 subsystem 288 timestamp 288 using ExtremeWare Vista 288 logging in 3...

Страница 341: ...ys 125 priority STP 214 receive errors 124 statistics viewing 123 297 status LED 23 STP state displaying 216 transmit errors 124 troubleshooting 328 utilization 300 port based VLANs 92 port mirroring...

Страница 342: ...s profile 161 to 164 deny 161 none 161 OSPF 165 permit 161 PIM 167 RIP 164 using 161 Routing Information Protocol See RIP routing table populating 221 routing See IP unicast routing RSTP alternate por...

Страница 343: ...228 Summit 400 switch AC power socket 22 certification marks 310 dimensions 309 electromagnetic compatibility 310 environmental requirements 309 free standing installation 34 front view 21 hardware fe...

Страница 344: ...ng 87 verifying the installation 38 video applications and QoS 110 viewing accounts 77 Virtual LANs See VLANs virtual link OSPF 238 Vista See ExtremeWare Vista VLAN tagging 94 VLAN traffic grouping 12...

Отзывы:

Нет отзывов

Похожие инструкции для ExtremeWare 7.2e

Бренд: Baracoda Страницы: 9

Бренд: Novation Страницы: 93

BREEZE-MANAGING EXTERNAL BREEZE REPORTS

Бренд: MACROMEDIA Страницы: 18

Бренд: Adobe Страницы: 323

Blank Media LYT1015

Бренд: JVC Страницы: 22

Бренд: JVC Страницы: 43

JLIP VIDEO CAPTURE

Бренд: JVC Страницы: 56

GR-DVL500U - Digital Camcorder

Бренд: JVC Страницы: 72

GZMG27US - Everio Camcorder - 680 KP

Бренд: JVC Страницы: 72

GZ-MG77U - Everio Camcorder - 2.18 MP

Бренд: JVC Страницы: 72

Digital Photo Navigator ImageMixer with VCD LYT1116-001A

Бренд: JVC Страницы: 50

GZMG21US - Everio Camcorder - 680 KP

Бренд: JVC Страницы: 72

Бренд: Kenwood Страницы: 21

Бренд: Kenwood Страницы: 40

Бренд: Kenwood Страницы: 52

Бренд: Kenwood Страницы: 68

Бренд: Samsung Страницы: 1

Бренд: Samsung Страницы: 2

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды