manualshive.com logo in svg

Intel 480T, Руководство пользователя

Поделиться
Скачать
Intel 480T Скачать руководство пользователя страница 258

256

C   H   A   P   T   E   R   1 4

Access Policies

The 

established

 Keyword

Access lists support the use of the 

established

 keyword. This 

keyword allows directional control of attempts to open a TCP 
session. Sessions can be explicitly permitted in the entry. For 
example, the following entry permits TCP sessions originated from 
anywhere in the 10.1.0.0 network, only:

create access-list TCPout tcp destination 10.1.0.0/

16 range any source 0.0.0.0/0 range any permit-

established port any

In this example, the 

established

 keyword allows only TCP 

packets with the ACK or RST bit set to destination 10.1.0.0. from 
anywhere, but not to any other destination. 

Adding and Deleting Access List Entries

You can add and delete entries in the access list. To add an entry, 
you must supply a unique name and, optionally, a unique 
precedence number. To modify an existing entry, you must delete 
the entry and retype it, or create a new entry with a new unique 
name. 

To delete an access list entry, use the command:

delete access-list <name>

Maximum Entries

You can use up to a maximum of 255 entries with an assigned 
precedence. In addition to the 255 entries, you can also create 
entries that do not use precedence, with the following restrictions:

A source IP address must use wild-cards or be completely 
specified (32 bit mask).

The layer 4 source and destination ports must use wildcards or be 
completely specified (no ranges).

No physical source port can be specified.

Access Lists for ICMP

Access lists for ICMP traffic processing are handled in a slightly 
different manner. An access list for ICMP is only effective for 
traffic routed by the switch. ICMP traffic may either be forwarded 

Содержание 480T

Страница 1: ...A14542 001 100044 00 Rev 01 Intel NetStructure 480T Routing Switch User Guide Intel NetStructure 480T Routing Switch User Guide...

Страница 2: ...ent to infringe First Edition May 2000 A14542 001 Year 2000 Capable An Intel product when used in accordance with its associated documentation is Year 2000 Capable when upon installation it accurately...

Страница 3: ...aring 20 Software Licensing 20 Router Licensing 20 480T Switch Front View 22 480T Switch Rear View 23 AC Connector 23 Serial Number 23 Console Port 23 Management Port 24 MAC Address 24 Switch LEDs 24...

Страница 4: ...eating a Management Account 47 Methods of Managing the Switch 48 Using the Console Interface 48 Using Access Profiles 49 Creating an Access Profile 49 Access Profile Rules 51 Using Telnet 51 Connectin...

Страница 5: ...uring Port Speed and Duplex Setting 76 Turning Off Autonegotiation for a Gigabit Ethernet Port 76 Port Commands 77 Jumbo Frames 80 Enabling Jumbo Frames 80 Load Sharing 80 Load Sharing Algorithms 81 C...

Страница 6: ...mands 107 MAC Based VLAN Example 108 Timed Configuration Download for MAC Based VLANs 108 Chapter 6 Forwarding Database FDB 111 Overview of the FDB 111 FDB Contents 111 FDB Entry Types 111 How FDB Ent...

Страница 7: ...ass of Service 802 1p and Differentiated Services Traffic Groupings 137 Configuring DiffServ 141 Physical and logical groupings 145 Verifying Configuration and Performance 146 Displaying QoS Informati...

Страница 8: ...the IP Unicast Routing Configuration 175 VLAN Aggregation 176 VLAN Aggregation Properties 177 VLAN Aggregation Limitations 178 Isolation Option for Communication Between Sub VLANs 178 VLAN Aggregatio...

Страница 9: ...Authentication 208 Configuring RIP 208 RIP Configuration Example 212 Displaying RIP Settings 214 Resetting and Disabling RIP 215 Configuring OSPF 216 OSPF Configuration Example 220 Configuration for...

Страница 10: ...ss Policies 253 Access Lists 253 Routing Access Policies 254 Using IP Access Lists 254 The established Keyword 256 Adding and Deleting Access List Entries 256 Access Lists for ICMP 256 Verifying Acces...

Страница 11: ...ing RMON 285 Event Actions 286 Chapter 16 Using Web Device Manager 287 Enabling and Disabling Web Access 287 Setting Up Your Browser 288 Accessing Web Device Manager 289 Navigating Web Device Manager...

Страница 12: ...Image 305 Rebooting the Switch 306 Saving Configuration Changes 307 Returning to Factory Defaults 307 Using TFTP to Upload the Configuration 308 Using TFTP to Download the Configuration 309 Downloadin...

Страница 13: ...inistrators who are responsible for installing and setting up network equipment and assumes a basic working knowledge of the following Local Area Networks LANs Ethernet concepts Ethernet switching and...

Страница 14: ...information as it appears on the screen Screen displays bold This typeface indicates how you would type a particular command The words enter and type When you see the word enter in this guide you must...

Страница 15: ...lated publications Command Line Interface Reference Guide Intel NetStructure 480T Routing Switch Quick Start Guide Late Breaking News Documentation for Intel products is available on the World Wide We...

Страница 16: ...14 P R E F A C E...

Страница 17: ...tch in your network configuration Software factory default settings Summary of Features The features of the 480T switch include the following Virtual local area networks VLANs including support for IE...

Страница 18: ...et filtering IGMP snooping to control IP multicast traffic Distance Vector Multicast Routing Protocol DVMRP Protocol Independent Multicast Dense Mode PIM DM IPX IPX RIP and IPX SAP support Load sharin...

Страница 19: ...m Multimode Fiber 400 500 160 200 500 Meters 550 Meters 220 Meters 275 Meters 1000BASE LX 50 125 m Multimode Fiber 50 125 m Multimode Fiber 62 5 125 m Multimode Fiber 10 Single mode Fiber 400 500 500...

Страница 20: ...000BASE SX 1000BASE LX and 1000LH ports operate in full duplex mode only Virtual LANs VLANs The local management software has a VLAN feature that enables you to construct your broadcast domains withou...

Страница 21: ...ning Tree Protocol Quality of Service QoS The local management software has Policy Based Quality of Service QoS features that enable you to specify service levels for different traffic groups By defau...

Страница 22: ...single logical port For example VLANs see the load sharing group as a single virtual port The algorithm also guarantees packet sequencing between clients For information refer to Chapter 4 Load Shari...

Страница 23: ...cense enables support of additional routing protocols and functions including the following IP routing using OSPF IP multicast routing using DVMRP IP multicast routing using PIM Dense Mode IPX routing...

Страница 24: ...rts 13 through 16 use modular GBIC connectors Note For information on supported media types and distances refer to Table 2 Note For information on switch LEDs refer to the Switch LEDs section in this...

Страница 25: ...and 200 240 VAC operation Serial Number Use this serial number for fault reporting purposes Console Port Use the console port 9 pin D type connector for connecting a terminal and carrying out local ou...

Страница 26: ...s LED Color Indicates 1000BASE X Port Status LEDs GBIC LEDs Link activity Green Orange Green flashing steady Off Link is present port is enabled Frames are being transmitted received on this port Link...

Страница 27: ...and Power 2 Green Orange Off Either or both LEDs green indicates the Switch is powered up A orange power LED indicates a power overheat or fan failure on the corresponding PSU Both LEDs off indicates...

Страница 28: ...user with no password Web network management Enabled CLI idle timeout Enabled 15 minutes Telnet Enabled SNMP access Enabled SNMP read community string public SNMP write community string private RMON E...

Страница 29: ...able of switching or routing VLAN MacVLanDiscover is used only when using the MAC VLAN feature 802 1Q tagging All packets are untagged on the default VLAN default Spanning Tree Protocol Disabled for t...

Страница 30: ...Note For default settings of individual features refer to individual chapters in this guide IPX routing Disabled NTP Disabled DNS Disabled Port mirroring Disabled Table 5 Global Factory Defaults cont...

Страница 31: ...n Self Test POST Following Safety Information Before installing or removing any components of the switch or before carrying out any maintenance procedures you must read the safety information provided...

Страница 32: ...han four high if the switch is free standing Installing the Switch The switch can be mounted in a rack or placed free standing on a tabletop Rack Mounting Caution The rack mount kits must not be used...

Страница 33: ...provided 8 Connect the switch to the redundant power supply if applicable 9 Connect cables Free Standing The switch is supplied with four self adhesive rubber pads Apply the pads to the underside of...

Страница 34: ...al Powering On the Switch To turn on power to the switch connect the AC power cable to the switch and then to the wall outlet The 480T switch has no on off switch Checking the Installation After plugg...

Страница 35: ...ault user name admin to log in with administrator privileges For example login admin Administrator capabilities allow you to access all switch functions 4 At the password prompt press Return The defau...

Страница 36: ...4 GBIC module GBICs are a Class 1 laser device Use only modules approved by the switch manufacturer Note Ensure that the SC fiber optic connector is removed from the GBIC prior to removing the GBIC fr...

Страница 37: ...iguring the switch for management Security options for switch management Switch management methods Configuring SNMP Checking basic connectivity Using the Simple Network Time Protocol SNTP For configur...

Страница 38: ...es a parameter enter the parameter name and values B The value part of the command specifies how you want the parameter to be set Values include numerics strings or addresses depending on the paramete...

Страница 39: ...All named components of the switch configuration must have a unique name Components are named using the create command When you enter a command to configure a named component you do not need to use t...

Страница 40: ...lose a variable or value You must specify the variable or value For example in the syntax config vlan name ipaddress ip_address you must supply a VLAN name for name and an address for ip_address when...

Страница 41: ...Symbols continued Symbol Description Table 7 Line Editing Keys Key s Description Backspace Deletes the characters to the left of the cursor and shifts the remainder of the line to left Delete or Ctrl...

Страница 42: ...N or Down Arrow Displays the next command in the command history buffer and places cursor at end of command Ctrl U Clears all characters typed from the cursor to the beginning of the line Ctrl W Delet...

Страница 43: ...he time uses a 24 hour clock format You cannot set the year past 2036 config timezone gmt_offset autodst noautodst Configures the time zone information to the configured offset from GMT time The forma...

Страница 44: ...console sessions remain open until the switch is rebooted or you logoff Telnet sessions remain open until you close the Telnet client disable port portlist Disables a port on the switch disable telne...

Страница 45: ...none port tcp_port_number Enables Telnet access to the switch By default Telnet is enabled with no access profile and uses TCP port number 23 To cancel a previously configured access profile use the n...

Страница 46: ...tion checking for each command For more information on RADIUS refer to RADIUS Client later in this chapter unconfig switch all Resets all switch parameters with the exception of defined user accounts...

Страница 47: ...delete users and change the password associated with any account name The administrator can disconnect a management session that has been established by way of a Telnet connection If this happens the...

Страница 48: ...t admin account 1 Log in to the switch using the name admin 2 At the password prompt press Return 3 Add a default admin password Type config account admin 4 Enter the new password at the prompt 5 Re e...

Страница 49: ...total of 16 management accounts You can use the default names admin and user or you can create new names and passwords for the accounts Passwords can have a minimum of 0 characters and can have a max...

Страница 50: ...using TCP IP through one of the switch ports or through the dedicated 10 100 unshielded twisted pair UTP Ethernet management port on switches that are so equipped Remote access includes the following...

Страница 51: ...d to specifically permit or deny users access to an application Access is restricted by assigning an access profile to the service that is being used for remote access First create and configure the a...

Страница 52: ...e same logic applies but the configuration is more tricky For example the address 141 251 24 128 27 represents any host from subnet 141 251 24 128 config access profile access_profile mode permit deny...

Страница 53: ...e deny config access profile testpro add ipaddress 192 168 10 10 32 The following command applies the access profile testpro to Telnet enable telnet access profile testpro To view the contents of an a...

Страница 54: ...and telnet ipaddress hostname port_number If the TCP port number is not specified the Telnet session defaults to port 23 Only VT100 emulation is supported Configuring Switch IP Parameters To manage th...

Страница 55: ...s If you are using IP without a BOOTP server you must enter the IP parameters for the switch in order for the SNMP Network Manager Telnet software or Web interface to communicate with the device To as...

Страница 56: ...ault VLAN by using the following command config vlan name ipaddress ipaddress subnet_mask For example config vlan default ipaddress 123 45 67 8 255 255 255 0 Your changes take effect immediately Note...

Страница 57: ...ng the following command show session 3 Terminate the session by using the following command clear session session_number Controlling Telnet Access By default Telnet services are enabled on the switch...

Страница 58: ...itch uses its local database for authentication The privileges assigned to the user admin versus non admin at the RADIUS server take precedence over the configuration in the local switch database Per...

Страница 59: ...primary secondary Configure either the primary or secondary RADIUS server ipaddress hostname The IP address or hostname of the server being configured udp_port The UDP port to use to contact the RADUI...

Страница 60: ...ify itself when communicating with the RADIUS server The accounting server and the RADIUS authentication server can be the same config radius accounting primary secondary shared secret string Configur...

Страница 61: ...ted are as follows User Name User Password Service Type Login IP Host enable radius accounting Enables RADIUS accounting The RADIUS client must also be enabled show radius Displays the current RADIUS...

Страница 62: ...unicast only multicast only Adds a static address to the routing table Use a value of 255 255 255 255 for mask to indicate a host entry config iproute add default gateway metric unicast only multicast...

Страница 63: ...ostname Table 13 describes the commands used to configure DNS show ipconfig vlan name Displays configuration information for one or all VLANs show iproute priority vlan name permanent ipaddress mask o...

Страница 64: ...r Greenwich Mean time GMT offset and the use of Daylight Savings Time Table 13 DNS Commands Command Description config dns client add ipaddress Adds a DNS name server s to the available server list fo...

Страница 65: ...ime To properly display the local time in logs and other timestamp information the switch should be config ured with the appropriate offset to GMT based on geographi cal location Table 14 describes GM...

Страница 66: ...European FWT French Winter MET Middle European MEWT Middle European Winter SWT Swedish Winter Paris France Berlin Germany Amsterdam The Netherlands Brussels Belgium Vienna Austria Madrid Spain Rome I...

Страница 67: ...West Australian Standard 8 00 480 CCT China Coast Russia Zone 7 9 00 540 JST Japan Standard Russia Zone 8 10 00 600 EAST East Australian Standard GST Guam Standard Russia Zone 9 11 00 660 12 00 720 ID...

Страница 68: ...o use a directed query to the NTP server configure the switch to use the NTP server s If the switch listens to NTP broadcasts skip this step To config ure the switch to use a directed query use the fo...

Страница 69: ...ion Commands Command Description config sntp client primary secondary server ipaddress host_name Configures an NTP server for the switch to obtain time information Queries are first sent to the primar...

Страница 70: ...Any properly configured standard Web browser that supports frames such as Netscape Navigator 3 0 or above or Microsoft Internet Explorer 3 0 or above can manage the switch over a TCP IP network For m...

Страница 71: ...er you must reboot the switch for the changes to take effect Apply an access profile only when Web Device Manager is enabled Using SNMP Any Network Manager running the Simple Network Management Protoc...

Страница 72: ...net masks To configure SNMP read access to use an access profile use the command config snmp access profile readonly access_profile none Use the none option to remove a previously configured access pr...

Страница 73: ...a location for this switch Table 16 describes SNMP configuration commands Table 16 SNMP Configuration Commands Command Description config snmp access profile readonly access_profile none Assigns an ac...

Страница 74: ...he name of the system contact A maximum of 255 characters is allowed config snmp syslocation string Configures the location of the switch A maximum of 255 characters is allowed config snmp sysname str...

Страница 75: ...ttings use the commands in Table 17 Checking Basic Connectivity The switch offers the following commands for checking basic connectivity ping traceroute Table 17 SNMP Reset and Disable Commands Comman...

Страница 76: ...ceroute The traceroute command enables you to trace the routed path between the switch and a destination endstation The traceroute command syntax is traceroute ip_address hostname where ip_address is...

Страница 77: ...settings Port commands Load sharing on the switch Port mirroring Enabling and Disabling Ports By default all ports are enabled To enable or disable one or more ports use the following command enable d...

Страница 78: ...on the switch except the Gigabit only Ethernet ports GBICs can be configured for half duplex or full duplex operation By default the ports autonegotiate the duplex setting To configure port speed and...

Страница 79: ...following auto off The port will not autonegotiate the settings speed The speed of the port for 10 100 Mbps or 100 1000 Mbps ports only duplex The duplex setting half or full duplex config ports port...

Страница 80: ...t is received on a port with jumbo frames disabled or if the jumbo frame needs to be forwarded out of a port that has jumbo frames disabled enable learning ports portlist Enables MAC address learning...

Страница 81: ...tistics For more information refer to Chapter 8 Quality of Service show ports portlist rxerrors Displays real time receive error statistics For more information on error statistics refer to Chapter 15...

Страница 82: ...U size use the following command config jumbo frame size jumbo_frame_mtu The jumbo_frame_mtu range is 1522 to 9216 The value describes the maximum size on the wire and includes 4 bytes of CRC plus ano...

Страница 83: ...orithm selection is not intended for use in predictive traffic engineering You can configure one of three load sharing algorithms on the switch as follows Port based Uses the ingress port to determine...

Страница 84: ...number To enable or disable a load sharing group use the following commands enable sharing port grouping portlist port based address based round robin disable sharing port Load Sharing Example The fo...

Страница 85: ...ch uses a traffic filter that copies a group of traffic to the monitor port The traffic filter can be defined based on one of the following criteria Physical port All data that traverses the port rega...

Страница 86: ...g mirroring add port 1 vlan default Table 20 Port Mirroring Configuration Commands Command Description config mirroring add mac mac_address vlan name port port Adds a single mirroring filter definitio...

Страница 87: ...on communicated using EDP includes the following Switch MAC address switch ID Switch software version information Switch IP address Switch VLAN IP information Switch port number EDP Commands Table 21...

Страница 88: ...86 C H A P T E R 4 Configuring Switch Ports...

Страница 89: ...t communicate as if they were on the same physical LAN Any set of ports including all ports on the switch is considered a VLAN LAN segments are not restricted by the hardware that physically connects...

Страница 90: ...ange and movement of devices With traditional networks network administrators spend much of their time dealing with moves and changes If users move to a different subnetwork the addresses of each ends...

Страница 91: ...the different IP VLANs to communicate the traffic must be routed by the switch or external router This means that each VLAN must be configured as a router interface with a unique IP address Spanning S...

Страница 92: ...igure 6 Single port based VLAN spanning two switches To create multiple VLANs that span two switches in a port based VLAN a port on System 1 must be cabled to a port on System 2 for each VLAN you want...

Страница 93: ...reate multiple VLANs that span multiple switches in a daisy chained fashion Each switch must have a dedicated port for each VLAN Each dedicated port must be connected to a port that is a member of its...

Страница 94: ...he port must be accompanied by tags In addition to configuring the VLAN tag for the port the server must have a Network Interface Card NIC that supports 802 1Q tagging Assigning a VLAN Tag Each VLAN m...

Страница 95: ...affic for both VLAN Marketing and VLAN Sales The trunk port on each switch is tagged Switch 1 Switch 2 Marketing Sales M S Tagged port 480t_001 3 4 2 1 7 8 6 5 11 12 10 9 13 16 15 14 S S S M M M 3 4 2...

Страница 96: ...ts VLANs uses untagged traffic In other words a port can simultaneously be a member of one port based VLAN and multiple tag based VLANs For the purposes of VLAN classification packets arriving on a po...

Страница 97: ...s Predefined Protocol Filters The following protocol filters are predefined on the switch IP IPX NetBIOS DECNet IPX_8022 IPX_SNAP AppleTalk 480t_003 IP traffic All other traffic 1 Finance Personnel My...

Страница 98: ...config protocol protocol_name add protocol_type hex_value Supported protocol types include etype EtherType The values for etype are four digit hexadecimal numbers taken from a list maintained by the...

Страница 99: ...forwarded to the VLAN until a protocol is assigned to it Precedence of Tagged Packets Over Protocol Filters If a VLAN is configured to accept tagged packets on a particular port incoming packets that...

Страница 100: ...t VLAN is untagged on all ports It has an internal VLANid of 1 Configuring VLANs on the Switch This section describes the commands associated with setting up VLANs on the switch Configuring a VLAN inv...

Страница 101: ...EtherType the DSAP SSAP combination for LLC or the SNAP encoded Ethernet protocol type for SNAP config vlan name add port portlist tagged untagged nobroadcast Adds one or more ports to a VLAN You can...

Страница 102: ...the VLAN name alone The following example creates a tag based VLAN named video It assigns the VLANid 1000 Ports 4 through 8 are added as tagged ports to the VLAN create vlan video config video tag 100...

Страница 103: ...protocol ip config ipsales add port 6 8 The following example defines a protocol filter myprotocol and applies it to the VLAN named myvlan This is a command syntax example only and has no real world...

Страница 104: ...otocol protocol This show command displays protocol information including the following Protocol name List of protocol fields VLANs that use the protocol Deleting VLANs To delete a VLAN or to return V...

Страница 105: ...d otherwise have to be manually configured in each switch GVRP can also be run by network servers These servers are usually configured to join several VLANs and then signal the network switches of the...

Страница 106: ...remove ports from these VLANs GVRP assumes that the VLANs for which it carries information operate using VLAN tags unless explicitly configured otherwise Typically you must configure any untagged VLAN...

Страница 107: ...into one of the designated ports on the switch and is mapped to the appropriate VLAN Connectivity is maintained to the network with all of the benefits of the configured VLAN in terms of QoS routing...

Страница 108: ...ive in that VLAN Upon removal of the configured MAC to VLAN endstation all other endstations lose connectivity Groups are used as a security measure to allow a MAC address to enter into a VLAN only wh...

Страница 109: ...the MAC to VLAN database The feature is intended to support one client per physical port Once a client MAC address has successfully registered the VLAN association remains until the port connection is...

Страница 110: ...ts 5 6 enable mac vlan mac group 200 ports 9 12 config mac vlan add mac address 00 00 00 00 00 01 mac group 10 engineering config mac vlan add mac address 00 00 00 00 00 02 mac group any marketing con...

Страница 111: ...most recent MAC to VLAN database This feature is different from the normal download configuration command in that it allows incremental configuration without the automatic rebooting of the switch The...

Страница 112: ...110 C H A P T E R 5 Virtual LANs VLANs...

Страница 113: ...forwarded or filtered FDB Contents Each FDB entry consists of the MAC address of the device an identifier for the port on which it was received and an identifier for the VLAN to which the device belo...

Страница 114: ...y can either be a unicast or multicast MAC address All entries entered by way of the command line interface are stored as permanent The 480T switch can support a maximum of 64 permanent entries Once c...

Страница 115: ...ith an FDB Entry You can associate a QoS profile with a MAC address and VLAN of a device that will be dynamically learned The FDB treats the entry like a dynamic entry it is learned it can be aged out...

Страница 116: ...mbers associated with MAC address dynamic Specifies that the entry will be learned dynamically Used to associated a QoS profile with a dynamically learned entry qosprofile QoS profile associated with...

Страница 117: ...AC address is 00 D0 B7 2F 02 00 VLAN name is net34 The entry will be learned dynamically QoS profile qp2 will be applied when the entry is learned Displaying FDB Entries To display FDB entries use the...

Страница 118: ...tire FDB of all entries by using the commands listed in Table 27 Table 27 Removing FDB Entry Commands Command Description clear fdb mac_address vlan name portlist Clears dynamic FDB entries that match...

Страница 119: ...specification defined by the IEEE Computer Society To explain STP in terms used by the 802 1D specification the switch will be referred to as a bridge Overview of the Spanning Tree Protocol STP is a b...

Страница 120: ...use the same spanning tree Care must be taken to ensure that multiple STPD instances within a single switch do not see each other in the same broadcast domain This could happen if for example another...

Страница 121: ...on the forwarding of VLAN traffic Figure 12 illustrates a network that uses VLAN tagging for trunk connections The following four VLANs have been defined Sales is defined on Switch A Switch B and Swi...

Страница 122: ...ging loops are prevented The VLAN Marketing which has not been assigned to either STPD1 or STPD2 communicates using all five switches The topology has no loops because STP has already blocked the port...

Страница 123: ...or three switches form a triangular loop that is not permitted in an STP topology All VLANs in each switch are members of the same STPD STP may block traffic between Switch 1 and Switch 3 by disabling...

Страница 124: ...lowing command enable stpd stpd_name All VLANs belong to an STPD If you do not want to run STP on a VLAN you must add the VLAN to an STPD that is disabled Once you have created the STPD you can option...

Страница 125: ...ame maxage value Specifies the maximum age of a BPDU in this STPD The range is 6 through 40 The default setting is 20 seconds Note that the time must be greater than or equal to 2 Hello Time 1 and les...

Страница 126: ...eate stpd stpd_name Creates an STPD When created an STPD has the following default parameters Bridge priority 32 768 Hello time 2 seconds Forward delay 15 seconds enable ignore stp vlan name Configure...

Страница 127: ...configuration STPD state Root Bridge and so on STPD port state forwarding blocking and so on Disabling and Resetting STP To disable STP or return STP settings to their defaults use the commands liste...

Страница 128: ...one or more ports Disabling STP on one or more ports puts those ports in forwarding state all BPDUs received on those ports are disregarded unconfig stpd stpd_name Restores default STP values to a pa...

Страница 129: ...ticular traffic type receives The main benefit of Policy based QoS is that it allows you to protect bandwidth for important categories of applications or specifically limit the bandwidth associated wi...

Страница 130: ...a QoS profile A QoS profile is characterized by minimum and maximum bandwidth and prioritization settings that define a desired class of service The building blocks are defined as follows Traffic grou...

Страница 131: ...ames and their queues are described in Table 30 1 Each physical port contains these hardware queues The parameters that make up a QoS profile include the following Minimum bandwidth The minimum percen...

Страница 132: ...y of a QoS profile determines the 802 1p bits used in the priority field of a transmitted packet The priority of a QoS profile determines the DiffServ code point value used in an IP packet when the pa...

Страница 133: ...s Once parameters are set you should monitor both the hardware queues using the QoS Monitor tool and monitor the performance of the application to determine if the actual behavior of the applications...

Страница 134: ...spike with the expectation that the end stations will buffer significant amounts of video stream data This can pose an issue with the network infrastructure because it must be capable of buffering th...

Страница 135: ...pplications With some dependencies on the network operating system file serving typically poses the greatest demand on bandwidth though file server applications are very tolerant of latency jitter and...

Страница 136: ...raffic groupings are placed in the QoS profile named Qp1 The supported traffic groupings and their options by QoS mode are listed in Table 32 The groupings are listed in order of precedence highest to...

Страница 137: ...ate limiting MAC based traffic groupings are configured using the following command create fdbentry mac_address vlan name blackhole port portlist dynamic qosprofile qosprofile Permanent MAC addresses...

Страница 138: ...ate fdbentry 00 11 22 33 44 55 vlan default blackhole MAC Address Broadcast Unknown Rate Limiting It is possible to assign broadcast and unknown destination packets to a QoS profile that has the desir...

Страница 139: ...arking on an application specific basis The 480T switch can observe and manipulate packet marking information with no performance penalty The documented capabilities for 802 1p priority markings or Di...

Страница 140: ...ueue determines the bandwidth management and priority characteristics used when transmitting packets To control the mapping of 802 1p prioritization values to hardware queues 802 1p prioritization val...

Страница 141: ...d on ingress is preserved when transmitting the packet This behavior is not affected by the switching or routing configuration of the switch However the switch is capable of inserting and or overwriti...

Страница 142: ...pe dot1p_priority qosprofile qosprofile Configures the default QoS profile to 802 1p priority mapping The value for dot1p_priority is an integer between 0 and 7 disable dot1p replacement ports portlis...

Страница 143: ...mit the packet based on the code point The QoS profile controls a hardware queue used when transmitting the packet out of the switch and determines the forwarding characteristics of a particular code...

Страница 144: ...ransmitted by the switch The DiffServ code point value used in overwriting a packet is determined by the 802 1p priority value As described in the section Overwriting 802 1p Priority Information the 8...

Страница 145: ...ou can change the 802 1p priority to DiffServ code point mapping to any code point value using the following command config diffserv replacement priority vpri code_point code_point ports portlist all...

Страница 146: ...the diffserv field in an IP packet disable diffserv replacement ports portlist all Disables the replacement of diffserv code points in packets transmitted by the switch enable diffserv examination por...

Страница 147: ...med qp3 when being transmitted config ports 7 qosprofile qp3 VLAN A VLAN traffic grouping indicates that all intra VLAN switched traffic and all routed traffic sourced from the named VLAN uses the ind...

Страница 148: ...e traffic grouping perspective by using one or more of the following applicable commands show fdb permanent Displays destination MAC entries and their QoS profiles show switch Displays general switch...

Страница 149: ...ounter and any overflow information into the switch log The log notification appears if one of the queues experiences an overflow condition since the last time it was sampled An overflow entry indicat...

Страница 150: ...also be issued after a policy is first formed as the policy must be in place before an entry is made in the MAC FDB For permanent destination MAC based grouping re apply the QoS profile to the static...

Страница 151: ...ion The default setting is 0 maxbw The maximum bandwidth percentage this queue is permitted to use for transmission The default setting is 100 priority The service priority for this queue Settings inc...

Страница 152: ...150 C H A P T E R 8 Quality of Service QoS...

Страница 153: ...lient workstations do not need to be refreshed or aged out In addition to providing layer 3 routing redundancy for IP and IPX ESRP also provides for layer 2 redundancy These layered redundancy feature...

Страница 154: ...ayer 2 switches from other vendors but the recovery times vary The VLANs associated with the ports connecting an ESRP aware switch to an ESRP enabled switch must be configured using an 802 1Q tag on t...

Страница 155: ...In order for a VLAN to be recognized as participating in ESRP the assigned IP address or the IPX NETid for the separate switches must be identical Other aspects of the VLAN including its name are ign...

Страница 156: ...The default priority setting is 0 A priority setting of 255 loses the election and remains in standby mode System MAC address The switch with the higher MAC address has priority ESRP Election Algorit...

Страница 157: ...ive no forwarding occurs between the member ports of the VLAN this prevents loops and maintains redundancy Electing the Master Switch A new master can be elected in one of the following ways A communi...

Страница 158: ...ration the priority settings and timer settings must be identical for all affected VLANs ESRP and VLAN aggregation ESRP can be used to provide redundant default router protection to VLAN aggregation c...

Страница 159: ...operational ESRP Commands Table 41 describes the commands used to configure ESRP Table 41 ESRP Commands Command Description config vlan name add track route ipaddress masklength Configures an ESRP en...

Страница 160: ...ss priority_track_ports_mac ESRP priority tracking information active ports MAC address priority_mac ESRP priority MAC address The default setting is ports_track_priority_mac If no tracking informatio...

Страница 161: ...ld Each switch is dual homed using active ports to two VLAN Sales switches as many as four could be used ESRP is enabled on each VLAN Sales switch only for the VLAN that interconnects to the bottom sw...

Страница 162: ...VLAN The switch in standby mode does however exchange ESRP packets with the VLAN Sales master switch There are four paths between the VLAN Sales switches All the paths are used to send ESRP packets a...

Страница 163: ...ctive links for the VLAN and the priority are identical to both switches The commands used to configure the VLAN Sales switches are as follows create vlan sales config sales add port 1 4 config sales...

Страница 164: ...for each VLAN The Sales standby Engineering master switch has a separate physical port for each VLAN connected to the third bottom switch In this example the master and standby switches are configure...

Страница 165: ...te vlan eng config eng add port 1 4 config eng ipaddr 10 4 5 6 24 enable esrp sales enable esrp eng config eng esrp priority 5 Displaying ESRP Information To verify the operational state of an ESRP VL...

Страница 166: ...164 C H A P T E R 9 Enterprise Standby Router Protocol...

Страница 167: ...PF Overview of IP Unicast Routing The switch provides full layer 3 IP unicast routing It exchanges routing information with other routers on the network using either the Routing Information Protocol R...

Страница 168: ...subnet on different VLANs In Figure 18 a 480T switch is depicted with two VLANs defined Finance and Personnel All ports 1 and 3 are assigned to Finance ports 2 and 4 are assigned to Personnel Finance...

Страница 169: ...ault route Dynamic Routes Dynamic routes are typically learned by way of RIP or OSPF Routers that use RIP or OSPF exchange information in their routing tables in the form of advertisements Using dynam...

Страница 170: ...e route that has the lowest metric is used If there are multiple default routes that have the same lowest metric the system picks one of the routes You can also configure blackhole routes traffic to t...

Страница 171: ...ays Once configured the system responds to ARP Requests on behalf of the device as long as the following conditions are satisfied The valid IP ARP Request is received on a router interface The target...

Страница 172: ...the same subnet and sends out an IP ARP request The switch answers on behalf of the device at address 100 101 45 67 using its own MAC address All subsequent data packets from 100 101 102 103 are sent...

Страница 173: ...resented by a different VLAN and each of those VLANs has its own IP address All of the VLANs share the same physical port s The switch routes IP traffic from one subnet to another all within the same...

Страница 174: ...Remove the port from the default VLAN using the following command config default delete port 2 3 Create a dummy protocol by using the following command create protocol mnet 4 Create the multinetted s...

Страница 175: ...Multinetted VLAN groups must contain identical port assignments IP Multinetting Examples The following example configures the switch to have one multinetted segment port 5 that contains three subnets...

Страница 176: ...create vlan net34 create vlan net35 create vlan net37 config net34 ipaddress 192 67 34 1 config net35 ipaddress 192 67 35 1 config net37 ipaddress 192 67 37 1 config net34 protocol ip config net35 pro...

Страница 177: ...and config vlan name ipaddress ipaddress mask Ensure that each VLAN has a unique IP address 3 Configure a default route using the following command config iproute add default gateway metric unicast on...

Страница 178: ...h the desired IP address but without any member ports unless it is running ESRP The sub VLANs use the IP address of the super VLAN as the default router address Groups of clients are then assigned to...

Страница 179: ...ration between sub VLANs while using the same default router address among the sub VLANs Hosts are located on the sub VLAN Each host can assume any IP address within the address range of the super VLA...

Страница 180: ...a network A sub VLAN cannot be a super VLAN and vice versa Sub VLANs are not assigned an IP address Typically a super VLAN has no ports associated with it except in the case of running ESRP If a clie...

Страница 181: ...config ospf add vsuper Table 43 VLAN Aggregation Commands Command Description config vlan super vlan name add secondary ip ipaddress mask Adds a secondary IP address to the super VLAN for responding...

Страница 182: ...dicates the membership of sub VLANs in a super VLAN show iparp Indicates an ARP entry that contains sub VLAN information Communication with a client on a sub VLAN must occur before an entry is made in...

Страница 183: ...ling the directed forwarding of broadcast UDP packets UDP forwarding allows applications such as multiple DHCP relay services from differing sets of VLANs to be directed to different DHCP servers The...

Страница 184: ...ets directed toward a VLAN use an all ones broadcast on that VLAN UPD Forwarding Example In this example the VLAN Marketing and the VLAN Operations are pointed toward a specific backbone DHCP server w...

Страница 185: ...on config udp profile profile_name add udp_port vlan name ipaddress dest_ipaddress Adds a forwarding entry to the specified UDP forwarding profile name All broadcast packets sent to udp_port are forwa...

Страница 186: ...source VLANs to which the profile is applied unconfig udp profile vlan name all Removes the UDP forwarding profile configuration for one or all VLANs Table 44 UDP Forwarding Commands continued Command...

Страница 187: ...ut filtering requests that belong to the same subnet of the receiving router interface config iparp delete ipaddress Deletes an entry from the ARP table Specify the IP address of the entry config ipar...

Страница 188: ...or all VLANs If no argument is provided enables broadcast forwarding for all VLANs To enable ipforwarding must be enabled on the VLAN The default setting is disabled enable ipforwarding vlan name Ena...

Страница 189: ...icast only Adds a default gateway to the routing table A default gateway must be located on a configured IP interface If no metric is specified the default metric of 1 is used Use the unicast only or...

Страница 190: ...Description Table 47 ICMP Configuration Commands Command Description config irdp mininterval maxinterval lifetime preference Configures the router advertisement message timers using seconds Specify mi...

Страница 191: ...e icmp parameter problem vlan name Enables the generation of an ICMP parameter problem message type 12 when the switch cannot properly process the IP header or IP option information The default settin...

Страница 192: ...sages type 3 code 0 and host unreachable messages type 3 code 1 when a packet cannot be forwarded to the destination because of unreachable route or host ICMP packet processing on one or all VLANs The...

Страница 193: ...e VLAN using the IP protocol Ports 2 and 4 have been assigned IP address 192 207 36 1 MyCompany Port based VLAN All ports have been assigned enable irdp vlan name Enables the generation of ICMP router...

Страница 194: ...ess to the router by way of the VLAN Finance Ports 2 and 4 reach the router by way of the VLAN Personnel All other traffic NetBIOS is part of the VLAN MyCompany The example in Figure 20 is configured...

Страница 195: ...plays the IP Address Resolution Protocol ARP table You can filter the display by IP address VLAN or permanent entries show ipconfig vlan name Displays configuration information for one or all VLANs sh...

Страница 196: ...e forwarding of BOOTP requests disable icmp address mask vlan name Disables the generation of an ICMP address mask reply messages If a VLAN is not specified the command applies to all IP interfaces di...

Страница 197: ...ces disable icmp useredirects Disables the changing of routing table information when an ICMP redirect message is received disable ipforwarding broadcast vlan name Disables routing of broadcasts to ot...

Страница 198: ...196 C H A P T E R 1 0 IP Unicast Routing...

Страница 199: ...dditional information RFC 1058 Routing Information Protocol RIP RFC 1723 RIP Version 2 RFC 2178 OSPF Version 2 Overview The switch supports the use of the Routing Information Protocol RIP and the Open...

Страница 200: ...em Each router builds a shortest path tree using itself as the root The link state protocol ensures that updates sent to neighboring routers are acknowledged by the neighbors verifying that all router...

Страница 201: ...mber of hops Each router that data must traverse is considered to be one hop Routing Table The routing table in a router using RIP contains an entry for every known destination network Each routing ta...

Страница 202: ...ic for a route and it is required to send an update message immediately even if it is not yet time for a regular update message to be sent This will generally result in faster convergence but may also...

Страница 203: ...router has an identical database maintained from the perspective of that router From the link state database LSDB each router constructs a tree of shortest paths using itself as the root The shortest...

Страница 204: ...pes of routers defined by OSPF are as follows Internal Router IR An internal router has all of its interfaces within the same area Area Border Router ABR An ABR has interfaces in multiple areas It is...

Страница 205: ...you want to configure the VLAN to be part of a different OSPF area use the following command config ospf vlan name area areaid If this is the first instance of the OSPF area being used you must creat...

Страница 206: ...ated in the NSSA specification The option should not be used on NSSA internal routers Doing so inhibits correct operation of the election algorithm Normal Area A normal area is an area that is not any...

Страница 207: ...22 if the connection between ABR1 and the backbone fails the connection using ABR2 provides redundancy so that the discontiguous area can continue to communicate with the backbone using the virtual l...

Страница 208: ...utonomous system and a RIP autonomous system Figure 23 Route re distribution Configuring Route Re Distribution Exporting routes from OSPF to RIP and from RIP to OSPF are discreet configuration functio...

Страница 209: ...by special routing applications Use the number zero if you do not have specific requirements for using a tag The tag value in this instance has no relationship with 802 1Q VLAN tagging Verify the con...

Страница 210: ...uration Commands Command Description config rip add vlan name all Configures RIP on an IP interface If no VLAN is specified then all is assumed When an IP interface is created per interface RIP config...

Страница 211: ...fy none Do not transmit any packets on this interface v1only Transmit RIP v1 format packets to the broadcast address v1comp Transmit RIP v2 format packets to the broadcast address v2only Transmit RIP...

Страница 212: ...owing rules apply when using RIP aggregation Subnet routes are aggregated to the nearest class network route when crossing a class boundary Within a class boundary no routes are aggregated If aggregat...

Страница 213: ...RIP uses the route metric obtained from the route origin enable rip originate default always cost metric tag number Configures a default route to be advertised by RIP if no other default route is adv...

Страница 214: ...tocol sensitive VLAN using the IP protocol Ports 2 and 4 have been assigned IP address 192 207 36 1 MyCompany Port based VLAN All ports have been assigned enable rip triggerupdate Enables triggered up...

Страница 215: ...uter by way of the VLAN Finance Ports 2 and 4 reach the router by way of the VLAN Personnel All other traffic NetBIOS is part of the VLAN MyCompany The example in Figure 24 is configured as follows cr...

Страница 216: ...To display settings for RIP use the commands listed in Table 52 Table 52 RIP Show Commands Command Description show rip stat vlan name Displays RIP specific statistics for a VLAN show rip stat detail...

Страница 217: ...ation of subnet information on a RIP v2 interface disable rip export static direct ospf ospf intra ospf inter ospf extern1 ospf extern2 static metric metric tag number Disables the distribution of non...

Страница 218: ...is specified the advertised cost is determined from the OSPF metric table and corresponds to the active highest bandwidth port in the VLAN config ospf area areaid vlan name all priority number Config...

Страница 219: ...600 hello _interval Default 10 Minimum 1 Maximum 65 535 dead_interval Default 40 Minimum 1 Maximum 2 147 483 647 config ospf add virtual link routerid areaid Adds a virtual link to another ABR Specify...

Страница 220: ...res an OSPF area as a stub area config ospf asbr filter access_profile none Configures a route filter for non OSPF routes exported into OSPF If none is specified no RIP and static routes are filtered...

Страница 221: ...is originated by OSPF by way of RIP and static route re distribution If always is specified OSPF always advertises the default route If always is not specified OSPF adds the default LSA if there is a...

Страница 222: ...ce routes which correspond to the interface that has OSPF enabled are ignored enable ospf export rip cost metric ase type 1 ase type 2 tag number Enables the distribution of RIP routes into the OSPF d...

Страница 223: ...area border routers ABR1 and ABR2 Network number 10 0 x x 2 identified VLANs HQ_10_0_2 and HQ_10_0_3 160 26 25 2 Area 0 10 0 1 1 10 0 3 2 10 0 3 1 160 26 25 1 161 48 2 2 161 48 2 1 10 0 2 1 H Q _ 1 0...

Страница 224: ...the backbone by way of ABR1 It is located in Los Angeles and has the following characteristics Network number 161 48 x x 1 identified VLAN LA_161_48_2 3 internal routers Uses default routes for inter...

Страница 225: ...or IR1 The following is the configuration for the router labeled IR1 config vlan HQ_10_0_1 ipaddress 10 0 1 2 255 255 255 0 config vlan HQ_10_0_2 ipaddress 10 0 2 2 255 255 255 0 config ospf add vlan...

Страница 226: ...table of the current LSDB You can filter the display using the area ID and LSA type The default setting is all with no detail If detail is specified each entry includes complete LSA information show...

Страница 227: ...utes in the OSPF domain disable ospf export static Disables exporting of statically configured routes into the OSPF domain unconfig ospf vlan name area areaid Resets one or all OSPF interfaces to the...

Страница 228: ...226 C H A P T E R 1 1 RIP and OSPF...

Страница 229: ...DVMRP Version 3 draft_ietf_dvmrp_v3_07 PIM DM Version 2 draft_ietf_pim_v2_dm_03 The following URLs point to the Web sites for the IETF Working Groups IETF DVMRP Working Group http www ietf org html ch...

Страница 230: ...ge routing and multicast information between routers Like RIP DVMRP periodically sends the entire routing table to its neighbors DVMRP has a mechanism that allows it to prune and graft multicast trees...

Страница 231: ...snooping is the strict recognition of multicast routers only if the remote devices have joined the DVMRP 224 0 0 4 or PIM 244 0 0 13 multicast groups IGMP snooping is enabled by default on the switch...

Страница 232: ...able dvmrp enable pim Table 57 describes the commands used to configure IP multicast routing Table 57 IP Multicast Routing Configuration Commands Command Description enable dvmrp Enables DVMRP on the...

Страница 233: ...to 2 147 483 647 seconds 68 years The default setting is 35 seconds config dvmrp timer route_report_interval route_replacement_time Configures the global DVMRP timers Specify the following route_repo...

Страница 234: ...of time before a hello message is sent out by the PIM DM router The range is 1 to 65 519 seconds The default setting is 30 seconds Table 57 IP Multicast Routing Configuration Commands continued Comma...

Страница 235: ...nto a Group Specific Query sent in response to a Leave group message The range is 1 to 25 seconds The default setting is 1 second config igmp snooping timer router_timeout host_timeout Configures the...

Страница 236: ...e the system labeled IR1 is configured for IP multicast routing Figure 26 IP multicast routing configuration example 160 26 25 2 Area 0 10 0 1 1 10 0 3 2 10 0 3 1 160 26 25 1 161 48 2 2 161 48 2 1 10...

Страница 237: ...ticast routing components use the commands listed in Table 59 Table 59 IP Multicast Routing Show Commands Command Description show dvmrp vlan name route detail Displays the DVMRP configuration and sta...

Страница 238: ...d IGMP is disabled on all router interfaces disable igmp snooping Disables IGMP snooping IGMP snooping can be disabled only if IP multicast routing is not being used Disabling IGMP snooping allows all...

Страница 239: ...are and hardware routes IPX traffic between IPX router interfaces A router interface is simply a VLAN that has an IPX network identifier NetID and IPX encapsulation type assigned to it As you create V...

Страница 240: ...n assigned to Exec Thus port 4 belongs to both the Personnel VLAN running IP and the Exec VLAN running IPX Traffic within each VLAN is switched using the Ethernet MAC address Traffic between Exec and...

Страница 241: ...PX RIP Routers that use IPX RIP exchange information in their routing tables in the form of advertisements Using dynamic routes the routing table contains only networks that are reachable Table 61 IPX...

Страница 242: ...e network using IPX RIP IPX RIP Routing The switch supports the use of IPX RIP for unicast routing IPX RIP is different from IP RIP However many of the concepts are the same The 480T switch supports t...

Страница 243: ...tes service advertisement protocol SAP advertisements to other IPX routers on the network Each SAP advertisement contains the following Service type Server name Server NetID Server node address The se...

Страница 244: ...s command displays the IPX NetID setting and encapsulation type show ipxconfig This command is analogous to the show ipconfig command for the IP protocol It displays summary global IPX configuration i...

Страница 245: ...g For convenience IPX specific protocol filters have been defined and named in the default configuration of the switch Each filter is associated with a protocol encapsulation type The IPX specific pro...

Страница 246: ...es Protocol NLSP is running in the IPX network config ipxroute add dest_netid default next_hop_id next_hop_node_addr hops tics Adds a static IPX route entry in the IPX route table Specify next_hop_id...

Страница 247: ...ddress socket Deletes an IPX service from the service table config vlan name xnetid netid enet_ii enet_8023 enet_8022 enet_snap Configures a VLAN to run IPX routing Specify enet_ii Uses standard Ether...

Страница 248: ...all Disables IPX RIP on one or all interfaces config ipxrip vlan name all delay msec Configures the time between each IPX RIP packet within an update interval The default setting is 55 milliseconds co...

Страница 249: ...ket within an update interval The default setting is 55 milliseconds config ipxsap vlan name all max packet size number Configures the MTU size of the IPX SAP packets The default setting is 432 bytes...

Страница 250: ...otocol with the filter IPX_8022 Port 4 and port 5 have been assigned to Exec Exec is configured for IPX NetID 2516 and IPX encapsulation type 802 2 Support Port 7 has been assigned to Support Support...

Страница 251: ...and Support use enet_8022 as the encapsulation type The IPX configuration shown in example in Figure 28 is as follows create vlan Exec create vlan Support config Exec protocol ipx_8022 config Exec add...

Страница 252: ...stics for the IPX router and one or all VLANs Table 66 IPX Show Commands continued Command Description Table 67 IPX Reset and Disable Commands Command Description disable ipxrip Disables IPX RIP on th...

Страница 253: ...SAP settings on one or all VLANs to the default Removes import and export filters and resets the MTU size update interval and inter packet delay unconfig vlan name xnetid Removes the IPX NetID of a V...

Страница 254: ...252 C H A P T E R 1 3 IPX Routing...

Страница 255: ...quality of service QoS purposes There are two categories of access policies Access lists Routing access policies Access Lists Access lists are used to perform packet filtering and forwarding decision...

Страница 256: ...ecedence number determines the order in which each criteria rule is examined by the switch Once a matching entry in the access list is found the packet is acted upon and either forwarded or dropped En...

Страница 257: ...ss list example performs packet filtering in this sequence as determined by the precedence value Deny UDP port 32 and TCP port 23 traffic to the 10 2 XX network All other TCP port 23 traffic destined...

Страница 258: ...list To add an entry you must supply a unique name and optionally a unique precedence number To modify an existing entry you must delete the entry and retype it or create a new entry with a new unique...

Страница 259: ...ress and mask ICMP type code Physical source port optional Numbered precedence optional Verifying Access List Configurations To verify access list settings you may view the access list configuration a...

Страница 260: ...he access list name The access list name can be between 1 and 16 characters ip Specifies an IP access list destination Specifies an IP destination address and subnet mask A mask length of 32 indicates...

Страница 261: ...port numbers destination Specifies an IP destination address and subnet mask A mask length of 32 indicates a host entry source Specifies an IP source address and subnet mask permit established Specifi...

Страница 262: ...access list that looks at UDP port numbers destination Specifies an IP destination address and subnet mask A mask length of 32 indicates a host entry source Specifies an IP source address and subnet m...

Страница 263: ...Specifies the ICMP_CODE number The ICMP code is a number from 0 to 255 permit Specifies the packets that match the access list description are permitted to be forward by this switch An optional QoS pr...

Страница 264: ...lter or Spanning Tree Domain You must also indicate the type of access list IP address or VLAN to be used To create an access profile use the following command create access profile access_profile typ...

Страница 265: ...Use an access profile to determine which RIP routes are accepted as valid routes This policy can be combined with the trusted neighbor policy to accept selected routes only from a set of trusted neig...

Страница 266: ...net add 10 0 0 10 32 config rip vlan backbone trusted gateway nointernet In addition if the administrator wants to restrict any user belonging to the VLAN Engsvrs from reaching the VLAN Sales IP addre...

Страница 267: ...rarea filter access_profile none External Filter For switches configured to support multiple OSPF areas an ABR function an access profile can be applied to an OSPF area that filters a set of OSPF exte...

Страница 268: ...inistrator wishes to only allow access to certain internet addresses falling within the range 192 1 1 0 24 to the internal backbone Figure 30 OSPF access policy example To configure the switch labeled...

Страница 269: ...following command config dvmrp vlan name all import filter access_profile none Export Filter Use an access profile to determine which DVMRP routes are advertised into a particular VLAN using the foll...

Страница 270: ...following Trusted Neighbor Use an access profile to determine trusted PIM DM router neighbors for the VLAN on the switch running PIM DM To configure a trusted neighbor policy use the following comman...

Страница 271: ...ive protocol timers to age out entries Changes to profiles applied to OSPF typically require rebooting the switch or disabling and re enabling OSPF on the switch Removing a Routing Access Policy To re...

Страница 272: ...ies the addresses that match the access profile description The default setting is permit config dvmrp vlan name all export filter access_profile none Configures DVMRP to filter out certain routes whe...

Страница 273: ...routes config rip vlan name all export filter access profile none Configures RIP to suppress certain routes when performing route advertisements config rip vlan name all import filter access_profile...

Страница 274: ...272 C H A P T E R 1 4 Access Policies...

Страница 275: ...aily records you see trends emerging and notice problems arising before they cause major network faults This way statistics can help you get the best out of your network Status Monitoring The status m...

Страница 276: ...e critical Priorities include critical emergency alert error warning notice info and debug If not specified all messages are displayed show memory detail Displays the current system memory information...

Страница 277: ...link is present at this port Transmitted Packet Count Tx Pkt Count The number of packets that have been successfully transmitted by the port Transmitted Byte Count Tx Byte Count The total number of da...

Страница 278: ...smit Deferred Frames TX Deferred The total number of frames that were transmitted by the port after the first transmission attempt was deferred by other network traffic Transmit Errored Frames TX Erro...

Страница 279: ...frames received by the port that occurs if a frame has a CRC error and does not contain an integral number of octets Receive Frames Lost RX Lost The total number of frames received by the port that we...

Страница 280: ...gned a critical or warning level remain in the log after a switch reboot Issuing a clear log command does not remove these static entries To remove log entries of all levels including warning or criti...

Страница 281: ...info and debug If not specified all messages are displayed Table 73 Fault Log Subsystems Subsystem Description Syst General system related information Examples include memory power supply security vi...

Страница 282: ...display When using a Telnet connection if your Telnet session is disconnected because of the inactivity timer or for other reasons the log display is automatically halted To restart the log display us...

Страница 283: ...re logged to the system log Each log entry includes the user account name that performed the change and the source IP address of the client if Telnet was used Configuration logging applies only to com...

Страница 284: ...e syslog facility level for local use local0 local7 priority Filters the log to display messages with the selected priority or higher more critical Priorities include critical emergency alert error wa...

Страница 285: ...757 which allows you to monitor LANs remotely A typical RMON setup consists of the following two components RMON probe An intelligent remotely controlled device or software agent that continually coll...

Страница 286: ...ups and discusses how they can be used Statistics The RMON Ethernet Statistics group provides traffic and error statistics showing packets bytes broadcasts multicasts and errors on a LAN segment or VL...

Страница 287: ...aps are defined in RFC 1757 for rising and falling thresholds Effective use of the Events group saves you time Rather than having to watch real time graphs for important occurrences you can depend on...

Страница 288: ...r alarms and events By enabling RMON the switch begins the processes necessary for collecting switch statistics Event Actions The actions that you can define for each alarm are shown in Table 75 To be...

Страница 289: ...command line interface CLI commands available for configuring and monitoring the switch If a particular command is not available using Web Device Manager you must use the CLI to access the desired fun...

Страница 290: ...downloading a newer version of the switch image clear the browser disk and memory cache to see the updated menu screens You must clear the cache while at the main Logon screen so that all underlying G...

Страница 291: ...OK If you have entered the name and password of an administrator level account you have access to all Web Device Manager pages If you have used a user level account name and password you only have acc...

Страница 292: ...appearing at the CLI prompt even though actual configuration values have not changed Content Frame The content frame contains the main body of information in Web Device Manager For example if you sele...

Страница 293: ...e displayed reads Request was submitted successfully Standalone Buttons At the bottom of some of the content frames is a section that contains standalone buttons Standalone buttons are used to perform...

Страница 294: ...tion Filtering Information Some pages have a Filter button The Filter button is used to display a subset of information on a given page For example on the OSPF configuration page you can configure aut...

Страница 295: ...AN and then delete it the default VLAN is shown in the VLAN name window but the VLAN information contained in the lower portion of the page is not updated Click the get button to update the display In...

Страница 296: ...294 C H A P T E R 1 6 Using Web Device Manager...

Страница 297: ...y to configure new network devices Graphical device manager for Intel switches hubs and routers Autodiscovery which finds supported Intel devices on the network The Device Tree which shows all the sup...

Страница 298: ...CD ROM 2 Choose the version of Intel Device View you want to install Click Install for Windows to install Intel Device View for use on this PC only Click Install for Web to install Intel Device View...

Страница 299: ...pears Web Version If you want to manage devices from any PC on the network using Intel Device View install the Web version From your desktop click Start then point to Programs Intel Device View Intel...

Страница 300: ...t 1 Start Intel Device View The Device Install Wizard appears If it doesn t appear click Install from the Device menu or double click the appropriate MAC address in the Device Tree under Unconfig ured...

Страница 301: ...ce Discovery service begins searching for supported Intel network devices on your network As it discovers devices the Device Discovery service adds an icon for each device to the Device Tree on the le...

Страница 302: ...the device image To Add a Device to the Device Tree 1 Right click anywhere on the Device Tree 2 Click Add Device on the menu that appears 3 In the Add Device dialog box type the IP address of the swit...

Страница 303: ...ck Delete on the menu that appears Deleting a device from the Device Tree does not affect the actual device To Find a Device in the Device Tree 1 Right click anywhere on the Device Tree 2 Click Find o...

Страница 304: ...session try accessing the switch s Local Management Managing a Switch To manage an Intel 480T switch double click the switch icon in the Device Tree In the example shown below the switch has been assi...

Страница 305: ...ent 10Mbps or 100Mbps Group 2 History Records periodic statistical samples from variables available in the statistics group Group 3 Alarms Allows you to set a sampling interval and alarm thresholds fo...

Страница 306: ...in the Device Tree then point to RMON 2 Click the RMON option you want to view You can also access RMON features by using LANDesk Network Manager or an SNMP application that supports RMON such as Ope...

Страница 307: ...e image are released you should upgrade the software running on your system The image is upgraded by using a download procedure from either a Trivial File Transfer Protocol TFTP server on the network...

Страница 308: ...ge space primary or secondary the new image should be placed If not indicated the primary image space is used You can select which image the switch will load on the next reboot by using the following...

Страница 309: ...e configuration area currently in use If you have made a mistake or you must revert to the configuration as it was before you started making changes you can tell the switch to use the secondary config...

Страница 310: ...very day so that the TFTP server can archive the configuration on a daily basis Because the filename is not changed the configured file stored in the TFTP server is overwritten every day To upload the...

Страница 311: ...ig command which generates a complete switch configuration in an ASCII format As part of the complete configuration download the switch is automatically rebooted To download a complete configuration u...

Страница 312: ...chedule the switch to download a partial or incremental configuration on a regular basis You could use this feature to update the configuration of the switch regularly from a centrally administered TF...

Страница 313: ...tch variables during the boot process If necessary BootROM can be upgraded after the switch has booted using TFTP In the event the switch does not boot properly some boot option functions can be acces...

Страница 314: ...for the image stored in primary or 2 for the image stored in secondary Then press the f key to boot from newly selected on board flash memory To boot to factory default configuration press the d key...

Страница 315: ...to specify an incremental configuration download download configuration cancel Cancels a previously scheduled configuration download download configuration every hour Schedules a configuration downlo...

Страница 316: ...run time configuration to the specified TFTP server If every time is specified the switch automatically saves the configuration to the server once per day at the specified time If the time option is n...

Страница 317: ...ches x Width 17 36 inches x Depth 19 20 inches Weight with single PSU 21 7 lbs with dual PSU 27 4 lbs Environmental Requirements Operating Temperature 0 to 40 C Storage Temperature 25 to 70 C Operatin...

Страница 318: ...llowing EN standards EN60950 1992 A3 1995 plus Deviations EN60825 1 1994 all 1996 ZB ZC Electromagnetic Compatibility FCC part 15 Class A CSA C108 8 M11983 A VCCI Class A EN55022 Class A EN50082 1 199...

Страница 319: ...IP router requirement RFC 783 TFTP RFC 1542 BootP RFC 854 Telnet RFC 768 UDP RFC 791 IP RFC792 ICMP RFC 793 TCP RFC 826 ARP RFC 2068 HTTP RFC 2131 BootP DHCP relay RFC 2030 Simple Network Time Protoco...

Страница 320: ...318 A P P E N D I X A...

Страница 321: ...Check that the power cable is firmly connected to the device and to the supply outlet On powering up the MGMT LED lights orange The device has failed its Power On Self Test POST and you should contac...

Страница 322: ...ce different power strip outlet and power cord Using the Command Line Interface The initial welcome prompt does not display Check that your terminal or terminal emulator is correctly configured For co...

Страница 323: ...ess is enabled Check that the port through which you are trying to access the device has not been disabled If it is enabled check the connections and network cabling at the port Check that the port th...

Страница 324: ...assword for an administrator level user contact your supplier Port Configuration No link light on 10 100 Base port If patching from a hub or switch to another hub or switch ensure that you are using a...

Страница 325: ...r goes to the receive fiber side of the other device and vice versa All gigabit fiber cables are of the cross over type The switch has auto negotiation set to on by default for gigabit ports These por...

Страница 326: ...s you must use quotation marks whenever referring to the VLAN name 802 1Q links do not work correctly Remember that VLAN names are only locally significant through the command line interface For two s...

Страница 327: ...STP initialization process is complete Specify that STP has been disabled for that VLAN or turn off STP for the switch ports of the endstation and devices to which it is attempting to connect and the...

Страница 328: ...326 A P P E N D I X B...

Страница 329: ...nce will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning this equipment off and on the user...

Страница 330: ...f the Canadian Department of Communications CE Compliance Statement This certifies that the Intel NetStructure 480T Routing Switch complies with the EU Directive 89 336 EEC using the EMC standards EN5...

Страница 331: ...ay from sources of heat including direct sunlight Away from sources of vibration or physical shock Isolated from strong electromagnetic fields produced by electrical devices In regions that are suscep...

Страница 332: ...lever le capot Ne pas utiliser le syst me quand le capot est enlev WARNUNG Das System wurde f r den Betrieb in einer normalen B roumgebung entwickelt Der entwickelt Der Standort sollte sauber und stau...

Страница 333: ...omunicazione reti o linee di modem Non avviare il sistema senza aver prima messo a posto il coperchio ADVERTENCIAS El sistema est dise ado para funcionar en un entorno de trabajo normal Escoja un luga...

Страница 334: ...xcept as set forth below provided that you deliver the product along with a return material authorization RMA number either to the company from whom you purchased it or to Intel North America only If...

Страница 335: ...NEITHER ASSUMES NOR AUTHORIZES ANYONE TO ASSUME FOR IT ANY OTHER LIABILITIES Some states do not allow the exclusion or limitation of incidental or consequential damages so the above limitations or exc...

Страница 336: ...g with a return material authorization RMA number either to a the company from whom you purchased it or b to Intel North America only if purchased in Europe you must deliver the product to a If you sh...

Страница 337: ...ONE TO ASSUME FOR IT ANY OTHER LIABILITIES Critical Control Applications Intel specifically disclaims liability for use of the hardware product in critical control applications including for example o...

Страница 338: ...cidera de le remplacer ou de le r parer gratuitement l exception des cas num r s ci apr s condition que le produit soit renvoy avec un num ro d autorisation de retour du mat riel ARM a la soci t aupr...

Страница 339: ...UN TEL DOMMAGE A DEJA ETE PORTEE A LA CONNAISSANCE D INTEL Y COMPRIS MAIS SANS QUE CETTE ENUMERATION SOIT LIMITATIVE UNE PRIVATION DE JOUISSANCE UN NON RESPECT DE LA PROPRIETE INTELLECTUELLE UNE INTE...

Страница 340: ...danneggiati a causa di abuso incidente uso inappropriato negligenza alterazione riparazione disastro installazione o controllo inadeguati Se il prodotto viene considerato difettoso per altri motivi I...

Страница 341: ...UESTE LIMITAZIONI SULLE RESPONSABILIT POTENZIALI SONO STATE FATTORE DECISIVO NELLA DETERMINAZIONE DEL PREZZO DEL PRODOTTO INTEL NON ASSUME N AUTORIZZA ALCUNO AD ASSUMERE PER S NESSUN ALTRA RESPONSABIL...

Страница 342: ...allation oder unvorschriftsm igem Testen aus Wenn das Hardwareprodukt aus anderen Gr nden besch digt ist liegt die Entscheidung bei Intel ob die Hardware mit Ausnahme der im folgenden beschriebenen Ei...

Страница 343: ...IN WESENTLICHER FAKTOR BEI DER FESTLEGUNG DES PREISES F R DAS HARDWAREPRODUKT INTEL BERNIMMT KEINE WEITERE HAFTUNG UND ERTEILT DRITTEN KEINERLEI BEFUGNIS F R INTEL EINE WEITERE HAFTUNG ZU BERNEHMEN St...

Страница 344: ...de reemplazar o reparar el producto sin cargo alguno excepto los descritos a continuaci n siempre que el producto se entregue con un n mero de autorizaci n de devoluci n de material RMA a a la empresa...

Страница 345: ...ELEMENTO ESENCIAL A LA HORA DE DETERMINAR EL PRECIO DEL PRODUCTO INTEL NO ASUME NI AUTORIZA QUE NINGUNA PERSONA ASUMA EN SU LUGAR NINGUNA OTRA RESPONSABILIDAD Aplicaciones de control cr tico Intel de...

Страница 346: ...344 A P P E N D I X C...

Страница 347: ...ll 81 298 47 0800 Other areas For support in other countries use the following table to dial the toll free support number Using the table locate the country from which you are calling dial the access...

Страница 348: ...1 3 0 0 800 111 1111 await dial tone then 800 838 7136 Portugal 3 05017 1 288 await dial tone then 800 838 7136 Russia 1 2 3 755 5042 await dial tone then 800 838 7136 Spain 900 99 00 11 await dial t...

Страница 349: ...iguration commands table 49 creating 49 example 51 reverse mask 50 rules 51 SNMP 70 Telnet 55 use 49 Web Device Manager 68 accounts creating 47 admin account 46 aging entries FDB 111 alarm actions 286...

Страница 350: ...9 default VLAN 98 deleting a session 55 DHCP and UDP Forwarding 181 DHCP relay configuring 180 DiffServ configuring 141 disabling a switch port 75 disabling route advertising RIP 200 disconnecting a T...

Страница 351: ...an Time Offsets table 63 GVRP configuration commands table 105 179 description 103 example 103 H hardware address 24 heat dissipation 316 history command 40 History RMON 284 home page 68 289 host conf...

Страница 352: ...ation commands table 244 configuration example 248 configuring 241 disabling 250 protocol filters 243 protocol based VLANs 243 reset and disable commands table 250 resetting 250 router interfaces 237...

Страница 353: ...VLANs 97 non aging entries FDB 112 Not So Stubby_Area See NSSA NSSA See OSPF NTP see SNTP O Open Shortest Path First See OSPF OSPF advantages 198 area 0 203 areas 202 backbone area 203 configuration...

Страница 354: ...27 DiffServ configuring 141 examples MAC address 135 source port 145 VLAN 145 FDB entry association 113 file server applications 133 IP TOS configuration commands table 144 maximum bandwidth 130 minim...

Страница 355: ...IM DM 268 removing 269 RIP 263 using 262 Routing Information Protocol See RIP routing table populating 167 routing table populating IPX 239 routing See IP unicast routing S saving changes using Web De...

Страница 356: ...tion marks 315 certifications marks 316 dimensions 315 disabling a port 75 electromagnetic compatibility 316 enabling a port 75 environmental requirements 315 free standing installation 31 front view...

Страница 357: ...tag 92 benefits 87 configuration commands table 99 configuration examples 100 configuring 98 default 98 delete and reset commands table 102 description 18 disabling route advertising 200 displaying se...

Страница 358: ...356 I N D E X...

Страница 359: ...main 62 config dns client delete 62 config dot1p type 139 140 config dot1q ethertype 99 config download server 310 313 config dvmrp add vlan 230 config dvmrp delete vlan 231 config dvmrp timer 231 con...

Страница 360: ...f lsa batching timer 219 config ospf metric table 219 config ospf originate default 219 config ospf priority 216 config ospf routerid 219 config ospf spf hold time 219 config ospf timer 217 config osp...

Страница 361: ...271 create account 41 47 create fdbentry 114 135 create ospf area 203 219 create protocol 100 create stpd 122 124 create vlan 42 100 D delete access list 256 261 delete access profile 50 271 delete a...

Страница 362: ...69 288 download bootrom 61 313 download configuration 61 309 313 download configuration cancel 310 313 download configuration every 310 313 download configuration incremental 310 download image 61 30...

Страница 363: ...export 167 207 211 enable rip originate default 211 enable rip poisonreverse 211 enable rip splithorizon 211 enable rip triggerupdate 212 enable rmon 286 enable route sharing 168 enable sharing 78 82...

Страница 364: ...9 show ports info 79 143 145 146 153 show ports packet 79 show ports qosmonitor 79 147 show ports rxerrors 79 276 show ports stats 79 275 show ports txerrors 79 276 show ports utilization 79 show prot...

Страница 365: ...I N D E X 363 upload configuration 61 308 314 upload configuration cancel 308 314 use configuration 307 314 use image 306 314 X xping 246...

Страница 366: ...364 I N D E X...

Страница 367: ...A14542 001 100044 00 Rev 01 Intel NetStructure 480T Routing Switch User Guide Intel NetStructure 480T Routing Switch User Guide...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды