OmniSwitch os6900 Скачать руководство пользователя страница 434 | Manualshive

Страница: 434 / 942

OmniSwitch os6900 Скачать руководство пользователя страница 434

Configuring IPsec on the OmniSwitch

Configuring IPsec

page 18-12

OmniSwitch AOS Release 7 Network Configuration Guide

June 2013

Enabling and Disabling a Policy

You can administratively enable or disable the configured security policy by using the keywords

admin-

state enable/disable

after the command as shown below:

-> ipsec policy tcp_in admin-state disable

The above command disables the configured IPsec security policy.

Note.

Policies cannot be enabled until at least one rule is configured. See

“Configuring an IPsec Rule” on

.

Assigning a Priority to a Policy

You can use the optional

priority

parameter to assign a priority to the configured IPsec policy so that if

IPv6 traffic matches more than one configured policy, the policy with the highest priority is applied to the
traffic. The policy with the lower value has the higher priority. For example:

-> ipsec policy tcp_in priority 500

Note.

If two security policies have the same priority then the one configured first will be processed first.

Policy Priority Example

-> ipsec policy telnet_deny priority 1000 source ::/0 destination ::/0 port 23

protocol tcp in discard

-> ipsec policy telnet_ipsec priority 200 source 3ffe:1200::/32 destination ::/0

port 23 protocol tcp in ipsec admin-state disable

-> ipsec policy telnet_ipsec rule 1 esp

-> ipsec policy telnet_ipsec admin-state enable

-> ipsec policy telnet_clear priority 100 source 3ffe:1200::1 destination ::/0

port 23 protocol tcp in none

-> ipsec policy telnet_malicious priority 1 source 3ffe:1200::35 destination ::/

0 port 23 protocol tcp in discard

1

Policy

telnet_deny

is the lowest priority policy. It will discard any incoming telnet connection

attempts.

2

Policy

telnet_ipsec

covers a subset of the source addresses of telnet_deny. With its greater priority, it

overrides telnet_deny and allows incoming telnet connections from addresses starting with the prefix
3ffe:1200::/32 as long as they are protected by ESP.

3

The policy

telnet_clear

overrides telnet_ipsec, allowing telnet connection attempts from the host to be

accepted without any IPsec protection.

4

Policy

telnet_malicious

can be configured to handle a known malicious system that otherwise would

fall under the telnet_ipsec policy. Its priority of 1 ensures that it always takes precedence and discards any
incoming telnet connection attempts from the known malicious system.

«
...
432
433
434
435
436
...
»

Содержание os6900

Страница 1: ...Part No 060319 10 Rev G June 2013 OmniSwitch AOS Release 7 Network Configuration Guide www alcatel lucent com...

Страница 2: ...Alcatel Lucent Xylan OmniSwitch OmniStack and Alcatel Lucent OmniVista are registered trademarks of Alcatel Lucent OmniAccess Omni Switch Router PolicyView RouterView SwitchManager VoiceView WebView...

Страница 3: ...4 Configuring Ethernet Port Parameters 1 4 Enabling and Disabling Autonegotiation 1 4 Configuring Crossover Settings 1 4 Setting Interface Line Speed 1 5 Configuring Duplex Mode 1 5 Setting Trap Port...

Страница 4: ...DLD 2 6 Enabling and Disabling UDLD 2 6 Configuring the Operational Mode 2 7 Configuring the Probe Timer 2 7 Configuring the Echo Wait Timer 2 7 Clearing UDLD Statistics 2 8 Verifying the UDLD Configu...

Страница 5: ...Specifications 5 2 High Availability Default Values 5 2 Quick Steps for Creating High Availability VLANs 5 3 High Availability VLAN Overview 5 4 High Availability VLAN Operational Mode 5 4 Traffic Fl...

Страница 6: ...ration Commands 6 25 Configuring STP Bridge Parameters 6 26 Selecting the Spantree Protocol 6 27 Configuring the Bridge Priority 6 27 Configuring the Bridge Hello Time 6 28 Configuring the Bridge Max...

Страница 7: ...n Configuration and Statistics 7 11 Chapter 8 Configuring Dynamic Link Aggregation 8 1 In This Chapter 8 1 Dynamic Link Aggregation Specifications 8 2 Dynamic Link Aggregation Default Values 8 3 Quick...

Страница 8: ...9 17 Virtual Chassis Configuration Guidelines 9 17 Configuring the Chassis Identifier 9 19 Configuring the Virtual Chassis Group Identifier 9 20 Creating the Virtual Fabric Link VFL 9 20 Configuring t...

Страница 9: ...C VLAN 10 31 Configuring Aggregate Identifier Ranges 10 31 Configuring MCLAG Aggregates 10 31 Configuring the VIP VLAN 10 32 Recommended Configuration Parameters 10 33 Verifying Parameter Consistency...

Страница 10: ...in Sub Ring 11 26 Verifying the ERP Configuration 11 27 Chapter 12 Configuring MVRP 12 1 In This Chapter 12 1 MVRP Specifications 12 2 MVRP Defaults 12 3 Quick Steps for Configuring MVRP 12 4 MRP Ove...

Страница 11: ...etting the Reinit Delay 13 10 Setting the Notification Interval 13 10 Verifying 802 1AB Configuration 13 11 Chapter 14 Configuring Dynamic Automatic Fabric 14 1 In This Chapter 14 2 Auto Fabric Specif...

Страница 12: ...ng the Router ID 15 16 Configuring the Route Preference of a Router 15 16 Configuring the Time to Live TTL Value 15 17 Configuring Route Map Redistribution 15 17 IP Directed Broadcasts 15 23 Denial of...

Страница 13: ...g VRF Instances 16 14 Configuring the VRF Profile 16 16 Selecting a VRF Instance 16 17 Assigning IP Interfaces to a VRF Instance 16 17 Configuring Routing Protocols for a Specific VRF Instance 16 18 R...

Страница 14: ...ing IPsec 18 9 Configuring IPsec on the OmniSwitch 18 10 Configuring an IPsec Master Key 18 10 Configuring an IPsec Policy 18 11 Configuring an IPsec SA 18 15 Additional Examples 18 19 Configuring ESP...

Страница 15: ...FD Protocol Works 20 8 Operational Mode and Echo Function 20 9 BFD Packet Formats 20 9 BFD Session Establishment 20 10 Configuring BFD 20 11 Configuring BFD Session Parameters 20 11 Configuring BFD Su...

Страница 16: ...VRRP Configuration Overview 22 10 Basic Virtual Router Configuration 22 10 Creating Deleting a Virtual Router 22 10 Specifying an IP Address for a Virtual Router 22 11 Configuring the Advertisement In...

Страница 17: ...0 Configuring Server Load Balancing on a Switch 23 11 Enabling and Disabling Server Load Balancing 23 11 Configuring and Deleting SLB Clusters 23 12 Assigning Servers to and Removing Servers from a Cl...

Страница 18: ...abling and Disabling the IGMP Zapping 24 20 Limiting IGMP Multicast Groups 24 21 IPMSv6 Overview 24 22 IPMSv6 Example 24 22 Reserved IPv6 Multicast Addresses 24 23 MLD Version 2 24 23 Configuring IPMS...

Страница 19: ...Policy Bandwidth Policing 25 26 Configuring Port Bandwidth Shaping 25 28 QoS Policy Overview 25 29 How Policies Are Used 25 29 Policy Lists 25 30 Interaction With Other Features 25 30 Valid Policies...

Страница 20: ...er 3 ACLs 25 65 IPv6 ACLs 25 66 Multicast Filtering ACLs 25 66 Using ACL Security Features 25 67 Applying the Configuration 25 71 Interaction With LDAP Policies 25 72 Verifying the Applied Policy Conf...

Страница 21: ...7 6 Quick Steps for Configuring QoS Policy Lists 27 7 UNP Overview 27 9 Profile Types 27 9 UNP Port Types 27 12 Customer Domains 27 12 UNP VLANs 27 12 Device Authentication and Classification 27 13 Ho...

Страница 22: ...ngerprinting Modes 28 7 Using the Application REGEX Signature File 28 8 Application Fingerprinting Database 28 9 Interaction With Other Features 28 10 General 28 10 QoS 28 10 sFLOW 28 10 Configuring A...

Страница 23: ...ng Deleting a Port Mapping Session 30 3 Creating a Port Mapping Session 30 3 Deleting a Port Mapping Session 30 3 Enabling Disabling a Port Mapping Session 30 4 Enabling a Port Mapping Session 30 4 Di...

Страница 24: ...In This Chapter 32 1 Port Mirroring Overview 32 3 Port Mirroring Specifications 32 3 Port Mirroring Defaults 32 3 Quick Steps for Configuring Port Mirroring 32 4 Port Monitoring Overview 32 5 Port Mo...

Страница 25: ...nfiguring capture type 32 27 Displaying Port Monitoring Status and Data 32 28 sFlow 32 29 sFlow Manager 32 29 Receiver 32 29 Sampler 32 30 Poller 32 30 Configuring a sFlow Session 32 30 Configuring a...

Страница 26: ...h Logging Specifications 34 2 Switch Logging Defaults 34 3 Quick Steps for Configuring Switch Logging 34 4 Switch Logging Overview 34 5 Switch Logging Commands Overview 34 6 Enabling Switch Logging 34...

Страница 27: ...Specifications 36 2 SAA Defaults 36 2 Quick Steps for Configuring SAA 36 3 Service Assurance Agent Overview 36 4 Configuring Service Assurance Agent 36 4 Configuring an SAA ID 36 5 Configuring SAA SPB...

Страница 28: ...Contents xxviii OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 29: ...r anyone wishing to gain knowledge on how fundamental software features are implemented in the OmniSwitch Series switches will benefit from the material in this configuration guide When Should I Read...

Страница 30: ...mniVista includes a complete context sensitive on line help system This guide provides overview material on software features how to procedures and tutorials that will enable you to begin configuring...

Страница 31: ...h Management Guide Once you have your switch up and running you will want to begin investigating basic aspects of its hardware and software Information about switch hardware is provided in the OmniSwi...

Страница 32: ...nd UNP and Data Center Bridging protocols PFC ETC and DCBX Anytime The OmniSwitch CLI Reference Guide contains comprehensive information on all CLI commands supported by the switch This guide includes...

Страница 33: ...mation on all the major software features and protocols included in the base software package Chapters cover Layer 2 information Ethernet and VLAN configuration Layer 3 information routing protocols s...

Страница 34: ...unctionality and on site hardware replacement through our global network of highly qualified service delivery partners With 24 hour access to Alcatel Lucent s Service and Support web page you ll be ab...

Страница 35: ...rative requests from SNMP or CLI In This Chapter This chapter describes the Ethernet port parameters of the switch and how to configure them through the Command Line Interface CLI CLI Commands are use...

Страница 36: ...Supported 802 1Q Hardware Tagging Supported Jumbo Frame Configuration Supported on 1 10 40 Gigabit Ethernet ports Enhance Port Performance EPP Supported on OS6900 with 10 Gigabit transceivers Maximum...

Страница 37: ...efaults OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 1 3 Digital Diagnostics Monitoring DDM interfaces ddm Disabled Enhanced Port Performance EPP interfaces Disabled Parameter D...

Страница 38: ...terfaces 2 1 3 autoneg enable interfaces 2 autoneg enable Configuring Crossover Settings To configure crossover settings on a single port a range of ports or an entire slot use the interfaces crossove...

Страница 39: ...auto interfaces 3 duplex full Setting Trap Port Link Messages The interfaces link trap command can be used to enable or disable trap port link messages on a specific port a range of ports or all ports...

Страница 40: ...The interfaces max frame size command can be used to configure the maximum frame size in bytes on a specific port a range of ports or all ports on a switch For example interfaces 2 3 max frame 9216 i...

Страница 41: ...mode Configuring flow control is done to specify whether or not an interface transmits honors or both transmits and honors PAUSE frames PAUSE frames are used to temporarily pause the flow of traf fic...

Страница 42: ...quality of the interface 2 Diagnose any link quality issues If the Link Quality is not Good Perform a few basic trouble shooting steps to determine if the issue is with the link partner and whether en...

Страница 43: ...with the defi cient receive channels For example interfaces 2 1 epp enable After enabling EPP continue to monitor the Link Quality Configuring Energy Efficient Ethernet 802 3az Energy Efficient Ethern...

Страница 44: ...rate in legacy mode This allows EEE capable switches to be deployed in existing networks avoiding backward compatibility issues EEE is only applicable to 10GBase T ports The LLDP option in IEEE 802 3a...

Страница 45: ...the port has exceeded the maximum value A device with a secure MAC address that is configured or learned on one of the secure ports attempts to access another secure port Consider the following regard...

Страница 46: ...or frames and alignment errors When a configurable number of errors is detected within the duration of a link monitoring window the interface is shut down To configure the number of errors allowed bef...

Страница 47: ...erfaces link monitoring admin status command For example interfaces 1 1 link monitoring admin status enable All the statistics link errors and link flaps for a port are reset to zero when Link Monitor...

Страница 48: ...guring the Wait to Shutdown Timer The wait to shutdown WTS timer is used to implement a delay before an interface is made non opera tional for other applications such as data control and management On...

Страница 49: ...ll continue to send packets to the interface The link status of the remote connected port will be down when the WTS timer is running since the port is physically down The interfaces wait to shutdown c...

Страница 50: ...the source ports in the group go down LFP waits a configured amount of time then shuts down another set of interfaces configured as destination ports that are associated with the same group When any...

Страница 51: ...ggregation at the time of the violation are shut down A link aggregate port remains in a violation state even if the port leaves the link aggregate If a port that is not a member of a link aggregate a...

Страница 52: ...ple link fault propagation group 1 destination port 1 5 8 2 3 4 Configure the LFP wait to shutdown timer This timer specifies the amount of time that LFP will wait before shutting down all the destina...

Страница 53: ...ation Example In this example When interfaces 2 1 and 3 1 on OS 1 are down the access switch will keep interface 1 1 as active and traffic will still be forwarded to OS 1 even though it has no network...

Страница 54: ...Link Fault Propagation Configuring Ethernet Ports page 1 20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 55: ...he Layer 2 communication is functioning properly All connected devices must support UDLD for the protocol to successfully identify and disable unidirectional links When UDLD detects a unidirectional l...

Страница 56: ...tch 10K 6900 Maximum number of UDLD ports per system Up to maximum physical ports per system Parameter Description Command Default UDLD administrative state udld Disabled UDLD status of a port udld po...

Страница 57: ...rt 6 of slot 1 as 17 seconds using the following command udld port 1 6 probe timer 17 Note Optional Verify the UDLD global configuration by entering the show udld configuration command or verify the U...

Страница 58: ...l depends on explicit information instead of implicit information If the protocol is unable to retrieve any explicit information the port is not put in the shutdown state instead it is marked as Undet...

Страница 59: ...r the interfaces that are affected by the configuration change UDLD sends a message to the neighbors to flush the part of their caches affected by the status change This UDLD message is intended to sy...

Страница 60: ...ling UDLD By default UDLD is disabled on all switch ports To enable UDLD on a switch use the udld command For example the following command enables UDLD on a switch udld enable To disable UDLD on a sw...

Страница 61: ...ange of ports For example udld port 1 8 21 probe timer 18 Use the no form of this command to reset the timer For example the following command resets the timer for port 4 of slot 6 no udld port 6 4 pr...

Страница 62: ...ted below For more information about the resulting display from these commands see the OmniSwitch CLI Refer ence Guide An example of the output for the show udld configuration port and show udld stati...

Страница 63: ...re on the same LAN segment If the destination address is not found in the MAC address table then the packet is forwarded to all other switches that are connected to the same LAN If the MAC address tab...

Страница 64: ...raffic Classes Multicast Filtering and Virtual LAN Extensions Maximum number of learned MAC addresses when centralized MAC source learning mode is enabled OS10K 32K Module 32K Chassis OS6900 128K Maxi...

Страница 65: ...ecorded in the MAC address table Assigning a MAC address to the silent device s port creates a record in the MAC address table and ensures that packets destined for the silent device are forwarded out...

Страница 66: ...mac learning command For more information about this command see the OmniSwitch CLI Reference Guide Static MAC Addresses on Link Aggregate Ports Static MAC Addresses are not assigned to physical ports...

Страница 67: ...ddress is enabled For example MAC addresses with a prefix of 01 03 05 13 etc are multicast MAC addresses If a multicast prefix value is not present then the address is treated as a regular MAC address...

Страница 68: ...the OmniSwitch CLI Reference Guide Static Multicast MAC Addresses on Link Aggregate Ports Static multicast MAC addresses are not assigned to physical ports that belong to a link aggregate Instead the...

Страница 69: ...eived For example the following sets the aging time for all VLANs to 1200 seconds 20 minutes mac learning aging time 1200 A MAC address learned on any VLAN port ages out when the time since a packet w...

Страница 70: ...switch is forwarding to another switch within the ring This functionality is also useful in Transparent LAN Service configurations where the service provider device does not need to learn the MAC addr...

Страница 71: ...command When distributed MAC source learning mode is disabled the switch operates in the centralized MAC source learning mode the default Enabling or disabling the distributed MAC source learning mod...

Страница 72: ...w commands listed below For more information about the resulting displays from these commands see the OmniSwitch CLI Refer ence Guide show mac learning Displays a list of all MAC addresses known to th...

Страница 73: ...er ports and or a link aggregate of ports In This Chapter This chapter describes how to define and manage VLAN configurations through the Command Line Interface CLI CLI commands are used in the config...

Страница 74: ...a Networks 802 1D Media Access Control Bridges Maximum VLANs per switch 4094 Maximum Tagged VLANs per Port 4094 Maximum Untagged VLANs per Port One untagged VLAN default VLAN per port Maximum VLAN Por...

Страница 75: ...h a description for example Finance IP Network using the following command vlan 100 name Finance IP Network 2 Define an IP interface using the following command to assign an IP host address of 21 0 0...

Страница 76: ...or deleting VLANs modifying the status of VLAN properties for example administrative Spanning Tree and authentication status changing the VLAN description or configuring VLAN router interfaces VLAN po...

Страница 77: ...are enabled when the VLAN is created The name parameter for VLAN is optional Note Quotation marks are required if the description contains multiple words separated by spaces If the description consist...

Страница 78: ...Marketing IP Network Assigning Ports to VLANs The OmniSwitch supports static assignment of physical switch ports to a VLAN Once the assignment occurs a VLAN port association VPA is created and tracke...

Страница 79: ...remove a default VPA When this is done VLAN 1 is restored as the default VLAN for the port no vlan 955 members port 2 5 Using 802 1Q Tagging Another method for assigning ports to VLANs involves confi...

Страница 80: ...example to configure port 3 4 to carry traffic for VLAN 5 enter the following command at the CLI prompt vlan 5 members port 4 3 tagged Port 4 3 is now configured to carry packets tagged with VLAN 5 ev...

Страница 81: ...vlan admin state command is used to enable disable a Spanning Tree instance for an existing VLAN In the following examples Spanning Tree is disabled on VLAN 255 and enabled on VLAN 755 spantree vlan 2...

Страница 82: ...where to forward packets based on the destination MAC address of the packet routing makes the decision on where to forward packets based on the IP network address assigned to the packet for example 2...

Страница 83: ...AN 10 The workstations can communicate with each other because the ports to which they are connected are also assigned to VLAN 10 It is important to note that connection cables do not have to connect...

Страница 84: ...idged across physical switch connections within the VLAN 10 domain the workstations are basically unaware that the switches even exist Each workstation believes that the others are all part of the sam...

Страница 85: ...finitions show vlan members Displays a list of VLAN port assignments show ip interface Displays VLAN IP router interface information Type Description default The port was statically assigned to the VL...

Страница 86: ...provides the following information VLAN 200 is the configured default VLAN for port 3 24 which is currently not active VLAN 200 is an 802 1Q tagged VLAN for port 5 12 which is an active port but curr...

Страница 87: ...r more details about the syntax of commands see the OmniSwitch CLI Reference Guide Configuration procedures described in this chapter include Creating a VLAN on page 5 6 Adding and Removing Server Clu...

Страница 88: ...tch port not eligible for high availability VLAN assignment Mirroring ports CLI Command Prefix Recognition All high availability VLAN configuration commands with the high availability VLAN prefix supp...

Страница 89: ...as shown below vlan 10 members port 1 3 untagged vlan 10 members port 1 4 untagged vlan 10 members port 1 5 untagged 4 Assign mac address for the new server cluster by using the command server cluste...

Страница 90: ...N decides on which requests a particular node has to handle Apart from service request paths the nodes are internally connected to share information related to the service load information service req...

Страница 91: ...VLAN MAC address are sent out the egress ports that are members of the same VLAN The MAC address is virtual to the server cluster individual servers may have different physical MAC address Since all...

Страница 92: ...luster Ports on page 5 7 4 Assign MAC Addresses To assign MAC addresses to the HA VLAN server cluster use the server cluster mac address command which is described in Assigning and Removing MAC Addres...

Страница 93: ...rver cluster ports from a high availability VLAN use the no form of server cluster port linkagg command For example no server cluster 1 port 1 21 no server cluster 3 linkagg 1 Assigning and Modifying...

Страница 94: ...ddress 00 25 9a 5c 2f 10 to high availability VLAN 20 you would enter server cluster mac address vlan 20 mac 00 25 9a 5c 2f 10 To add more than one MAC address to a high availability VLAN enter each a...

Страница 95: ...L2 server cluster through 3 ports 1 3 1 4 1 5 A server cluster can be configured with a unique MAC address and a VLAN with a port list The traffic which ingresses on 1 1 or 1 2 destined to the server...

Страница 96: ...dress For example server cluster 1 vlan 10 port mac address 01 00 11 22 33 44 Note Optional You can display the configuration of high availability VLANs with the show server clus ter command For examp...

Страница 97: ...red 1 3 1 4 1 5 The ingress ports are on a different VLAN as the server cluster IP inter face However all the egress ports need to be in the same VLAN as the IP interface of server cluster The other t...

Страница 98: ...2 mac address static 01 00 5e 22 33 44 Note Optional You can display the configuration of high availability VLANs with the show server clus ter command For example show server cluster 2 Cluster Id 2 C...

Страница 99: ...ough 3 ports 1 3 1 4 1 5 There is no provision for port list configuration and Ports are derived dynamically using the IGMP snooping of the reports from the server cluster IGMP v2 reports The traffic...

Страница 100: ...3 12 mac address static 01 00 11 22 33 44 5 If you want to assign a dynamic mac address for the server cluster enter the command as follows server cluster 3 ip 10 135 33 12 mac address dynamic 6 Enabl...

Страница 101: ...r 3 mode L3 vlan 12 vlan 12 members port 1 3 untagged vlan 12 members port 1 4 untagged vlan 12 members port 1 5 untagged server cluster 3 ip 10 135 33 12 mac address static 01 00 11 22 33 44 ip multi...

Страница 102: ...35 33 203 14 L3 01 12 11 22 33 45 10 135 33 203 15 L3 01 00 5e 00 00 44 10 135 33 203 225 0 1 2 cluster igmp To display the status and configuration of a single high availability VLAN cluster enter sh...

Страница 103: ...y into a single Spanning Tree to ensure that there is only one data path between any two switches Supports fault tolerance within the network topology The Spanning Tree is reconfigured in the event of...

Страница 104: ...mmand Line Interface CLI CLI commands are used in the configuration examples for more details about the syntax of commands see the OmniSwitch CLI Reference Guide Configuration procedures described in...

Страница 105: ...Trees 802 1w Rapid Spanning Tree Protocol Spanning Tree operating modes supported Flat mode one spanning tree instance per switch Per VLAN mode one spanning tree instance per VLAN Spanning Tree port e...

Страница 106: ...nds Maximum aging time allowed for Spanning Tree information learned from the network spantree max age 20 seconds Spanning Tree port state transi tion time spantree forward delay 15 seconds Path cost...

Страница 107: ...at or per VLAN or protocol is active on the switch Parameter Description Command Default The MST region name spantree mst region name blank The revision level for the MST region spantree mst region re...

Страница 108: ...ddition to the CST instance Each MSTI is mapped to a set of VLANs As a result the flat mode can now support the forwarding of VLAN traffic over separate data paths This section provides a Spanning Tre...

Страница 109: ...ot bridge does not have a root port Designated Port The designated bridge provides the LAN with the shortest path to the root The designated port connects the LAN to this bridge Backup Port Any operat...

Страница 110: ...ding or discarding for each bridge port based on the role the port plays in the active Spanning Tree topology The following events trigger the transmitting and or processing of BPDU in order to discov...

Страница 111: ...address 2 The best root path cost 3 If root path costs are equal the bridge ID of the bridge sending the BPDU 4 If the previous three values tie then the port ID lowest priority value then lowest por...

Страница 112: ...A eventually receives the same packets back and the cycle starts over again This causes severe congestion on the network often referred to as a broadcast storm Physical Topology Example The Spanning...

Страница 113: ...AN from Switch B to Switch A All ports on Switch D are designated ports because Switch D is the root and each port connects to a LAN Ports 2 10 3 1 and 3 8 are the root ports for Switches A B and C re...

Страница 114: ...tree that uses 802 1D STP or 802 1w RSTP to provide a loop free network topology The Alcatel Lucent flat spanning tree mode applies a single CST instance on a per switch basis The per VLAN mode is an...

Страница 115: ...8 and 5 2 and 4 2 and 5 1 are seen as redundant because they are both controlled by the VLAN 200 Spanning Tree instance and connect to the same switches The VLAN 200 Spanning Tree instance determines...

Страница 116: ...ions are compared to each other across VLANs to determine which connection provides the best path However because VLANs 200 and 250 are associated to MSTI 2 it is possible to change the port path cost...

Страница 117: ...set of VLANs a one to many association STP and RSTP in the flat mode apply one Spanning Tree instance to all VLANs a one to all association STP and RSTP in the per VLAN mode apply a single Spanning Tr...

Страница 118: ...el and have the same VLANs mapped to the same MSTI The CST for the entire network sees Switches A B and C as one virtual bridge that is running a single Spanning Tree instance As a result CST blocks t...

Страница 119: ...Instance The Common and Internal Spanning Tree CIST instance is the Spanning Tree calculated by the MST region IST and the network CST The CIST is represented by the single Spanning Tree flat mode ins...

Страница 120: ...s not recommended The per VLAN mode is a proprietary implementation that creates a separate Spanning Tree instance for each VLAN configured on the switch The MSTP implementation is in compliance with...

Страница 121: ...switch to flat mode MSTP Making a backup copy of the switch boot cfg file before changing the protocol to MSTP is highly recommended Having a backup copy makes it easier to revert to the non MSTP conf...

Страница 122: ...ss VLANs Multiple connections between switches are considered redundant paths even if they are associated with different VLANs Spanning Tree parameters are configured for the single flat mode instance...

Страница 123: ...ches If a port in VLAN 10 and a port in VLAN 20 both connect to the same switch within their respective VLANs they are not considered redundant data paths and STP does not block them However if two po...

Страница 124: ...r VLAN Spanning Tree mode allows OmniSwitch ports to transmit and receive either the standard IEEE BPDUs or Cisco s proprietary PVST BPDUs When the PVST mode is enabled a user port operates in the def...

Страница 125: ...lity command is used to enable or disable the PVST interoperability mode globally for all switch ports and link aggregates or on a per port link aggregate basis By default PVST compatibility is disabl...

Страница 126: ...ror message Also the existing per vlan priority values are restored when changing from PVST mode back to per VLAN mode For more information on priority refer Configuring the Bridge Priority on page 6...

Страница 127: ...e is also known as MSTI 0 vlan command applies to the specified VLAN instance These commands referred to as explicit commands allow the configuration of a particular Spanning Tree instance independent...

Страница 128: ...t active unless Spanning Tree is enabled on the VLAN and at least one active port is assigned to the VLAN Use the spantree vlan admin state command to enable or disable a VLAN Spanning Tree instance I...

Страница 129: ...dge Priority A bridge is identified within the Spanning Tree by its bridge ID an eight byte hex number The first two bytes of the bridge ID contain a priority value and the remaining six bytes contain...

Страница 130: ...interval is the number of seconds a bridge waits between transmissions of Configuration BPDU When a bridge is attempting to become the root or if it has become the root or a designated bridge it sends...

Страница 131: ...the topology more often To change the bridge max age time value for a VLAN instance regardless of which mode per VLAN or flat is active for the switch use the spantree max age command with the vlan pa...

Страница 132: ...For example the following commands change the forward delay time value for the flat mode instance to 10 spantree forward delay 10 spantree cist forward delay 10 Note The forward delay time is not con...

Страница 133: ...pports two default path cost modes long or short just like in OmniSwitch per vlan implementation If you have configured PVST mode in the OmniSwitch it is recommended that the same default path cost mo...

Страница 134: ...way to prevent undesirable ports from becoming the root for an MSTI To change the default status of the AVC on the switch and to globally enable this feature for all MSTIs use the spantree auto vlan...

Страница 135: ...summary of Spanning Tree port configuration commands For more information about these commands see the OmniSwitch CLI Reference Guide Commands Used for spantree cist Configuring the port Spanning Tree...

Страница 136: ...isable To change the port Spanning Tree status for the flat mode instance use the spantree cist command Note that this command is available when the switch is running in either mode per VLAN or flat F...

Страница 137: ...t represents a collection of physical ports To enable or disable the Spanning Tree status for a link aggregate use the spantree vlan or spantree cist commands described above but specify a link aggreg...

Страница 138: ...n with VLAN ID 10 spantree vlan 10 port 10 1 priority 3 To change the port priority value for the flat mode instance use the spantree priority command with the cist and port parameters Note that this...

Страница 139: ...and the path_cost is set to zero the following IEEE 802 1D recommended default path cost values based on link speed are used Spanning Tree is automatically enabled on a port and the path cost is set...

Страница 140: ...e Ports Physical ports that belong to a link aggregate do not participate in the Spanning Tree Algorithm Instead the algorithm is applied to the aggregate logical link virtual port that represents a c...

Страница 141: ...he linkagg parameter and a link aggregate control ID number For example the following command sets the path cost for link aggregate 10 associated with VLAN 755 to 19 spantree vlan 755 linkagg 10 path...

Страница 142: ...de per VLAN or flat is active for the switch use the spantree vlan mode command For example the following command sets the mode for port 8 1 for VLAN 10 to forwarding spantree vlan 10 port 8 1 mode fo...

Страница 143: ...ort is always allowed to transition to the role of root port regardless of the alternate port connection type Note Configure ports that will connect to a host PC workstation server etc as edge ports s...

Страница 144: ...an aggregate of ports see Chapter 7 Configuring Static Link Aggregation and Chapter 8 Configuring Dynamic Link Aggregation Configuring the Edge Port Status There are two methods for determining the e...

Страница 145: ...s to prevent bridges external to the core region of the network from influencing the Spanning Tree topology However note that enabling the restricted role status for a port may impact connectivity wit...

Страница 146: ...ch was calculated based on both configured and default Spanning Tree parameter values Example Active Spanning Tree Topology In the above example topology Each switch is operating in the per VLAN Spann...

Страница 147: ...work loop condition is avoided Redundant connections also exist between Switch A and Switch B Although the path cost value for both of these connections is the same ports 2 8 and 3 3 are in a discardi...

Страница 148: ...ion show spantree vlan 255 Spanning Tree Parameters for Vlan 255 Spanning Tree Status ON Protocol IEEE RAPID STP mode per vlan 1 STP per Vlan Priority 32768 0x0FA0 Bridge ID 8000 00 d0 95 00 00 04 Des...

Страница 149: ...the bridge is acting as the root of the MST region This section provides a tutorial for defining a sample MST region configuration as shown in the diagram below In order for switches A B and C in the...

Страница 150: ...create and map MSTIs to VLANs 4 Configure 3 as the maximum number of hops for the region using the spantree mst region max hops command For example spantree mst region max hops 3 Note Optional Verify...

Страница 151: ...he spantree mode command For example spantree mode flat Note that defining an MSTP configuration requires the use of explicit Spanning Tree commands which are available in both the flat and per VLAN m...

Страница 152: ...ing the spantree msti path cost command For example the PPC for ports associated with the CIST instance is set to the default of 200 000 for 100 MB connections The following commands change the PPC va...

Страница 153: ...as redundant for that instance In addition the CIST data path remains available for CIST VLAN traffic Another solution to this scenario is to assign all VLANs to an MSTI leaving no VLANs controlled by...

Страница 154: ...ee bridge information for a VLAN instance show spantree cist ports Displays Spanning Tree port information for the flat mode Common and Internal Spanning Tree CIST instance show spantree msti ports Di...

Страница 155: ...hernet backbones to Gigabit Ethernet backbones In This Chapter This chapter describes the basic components of static link aggregation and how to configure them through the Command Line Interface CLI C...

Страница 156: ...ion Default Values The table below lists default values and the commands to modify them for static aggregate groups Platforms Supported OmniSwitch 10K 6900 Maximum number of link aggregation groups 12...

Страница 157: ...tatic agg size command For example linkagg static agg 1 size 4 2 Assign all the necessary ports with the linkagg static port agg command For example linkagg static port 1 1 4 agg 1 3 Create a VLAN for...

Страница 158: ...egate Size 4 Number of Selected Ports 4 Number of Reserved Ports 4 Number of Attached Ports 4 Primary Port 1 1 You can also use the show linkagg port port command to display information on specific po...

Страница 159: ...ribes static link aggregation For information on dynamic link aggregation please refer to Chapter 8 Configuring Dynamic Link Aggregation Static Link Aggregation Operation Static link aggregate groups...

Страница 160: ...6 for more information Note See Quick Steps for Configuring Static Link Aggregation on page 7 3 for a brief tutorial on configuring these mandatory parameters Alcatel Lucent s link aggregation softwar...

Страница 161: ...reate static aggregate group 5 that consists of eight links on a switch enter linkagg static agg 5 size 8 Note The number of links assigned to a static aggregate group must always be close to the numb...

Страница 162: ...the linkagg static port agg command by entering linkagg static port followed by the slot number a slash the port number agg and the number or ID of the static aggregate group For example to assign po...

Страница 163: ...egate group the name must be specified within quotes for example Static Aggregate Group 4 Deleting a Static Aggregate Group Name To remove a name from a static aggregate group use the no form of the l...

Страница 164: ...2 41 2 42 2 43 and 2 44 on Switch B Sample Network Using Static Link Aggregation Follow the steps below to configure this network Note Only the steps to configure the local i e Switch A switch are pr...

Страница 165: ...ic and dynamic enter show linkagg Number Aggregate SNMP Id Size Admin State Oper State Att Sel Ports 1 Static 40000001 4 ENABLED DOWN 0 0 2 Static 40000002 8 ENABLED DOWN 0 0 10 Dynamic 40000010 8 ENA...

Страница 166: ...c link aggregate group 1 enter show linkagg port 4 1 A screen similar to the following would be displayed Static Aggregable Port SNMP Id 2001 Slot Port 4 1 Administrative State ENABLED Operational Sta...

Страница 167: ...of dynamic link aggregation and how to configure them through the Command Line Interface CLI CLI commands are used in the configuration examples for more details about the syntax of commands see the O...

Страница 168: ...table below lists specifications for dynamic aggregation groups and ports Platforms Supported OmniSwitch 10K 6900 IEEE Specifications Supported 802 3ad Aggregation of Multiple Link Segments Maximum n...

Страница 169: ...er system id 00 00 00 00 00 00 Group Partner System Priority linkagg lacp agg partner system priority 0 Group Partner Administrative Key linkagg lacp agg partner admin key 0 Actor Port Administrative...

Страница 170: ...5 linkagg lacp port 5 4 actor admin key 5 linkagg lacp port 6 1 2 actor admin key 5 linkagg lacp port 7 3 actor admin key 5 linkagg lacp port 8 1 actor admin key 5 3 Create a VLAN for this dynamic li...

Страница 171: ...Actor Oper Key 0 Partner System Id 00 20 da 81 d5 b1 Partner System Priority 0 Partner Admin Key 5 Partner Oper Key 0 When multi chassis link aggregation feature is activated on the switch the show li...

Страница 172: ...ation interacts with other software features Link aggregation groups are identified by unique MAC addresses which are created by the switch but can be modified by the user at any time Load balancing f...

Страница 173: ...for information on using Command Line Interface CLI commands to configure dynamic aggregate groups and see Displaying Dynamic Link Aggregation Configuration and Statistics on page 8 30 for informatio...

Страница 174: ...roups This section describes how to use Alcatel Lucent s Command Line Interface CLI commands to create modify and delete dynamic aggregate groups See Configuring Mandatory Dynamic Link Aggregate Param...

Страница 175: ...describe how to create and delete dynamic aggregate groups with the linkagg lacp agg size command Creating a Dynamic Aggregate Group To configure a dynamic aggregate group enter linkagg lacp agg follo...

Страница 176: ...gate Group To configure ports with the same administrative key which allows them to be aggregated enter lacp port followed by the slot number a slash the port number actor admin key and the user speci...

Страница 177: ...or administrative key of 10 to slot 4 port 1 enter linkagg lacp port 4 1 actor admin key 10 Removing Ports from a Dynamic Aggregate Group To remove a port from a dynamic aggregate group use the no for...

Страница 178: ...Aggregate Groups on page 8 8 for more information Modifying Dynamic Aggregate Group Parameters This section describes how to modify the following dynamic aggregate group parameters Group name see Mod...

Страница 179: ...ame command by entering linkagg lacp agg followed by the dynamic aggregate group number and no name For example to remove any user configured name from dynamic aggregate group 4 enter no linkagg lacp...

Страница 180: ...er For example to remove an administrative key from dynamic aggregate group 4 enter no linkagg lacp agg 4 actor admin key Modifying the Dynamic Aggregate Group Actor System Priority By default the dyn...

Страница 181: ...group number and actor system id For example to remove the user configured system ID from dynamic aggregate group 4 enter no linkagg lacp agg 4 actor system id Modifying the Dynamic Aggregate Group Pa...

Страница 182: ...ple to reset the partner system priority of dynamic aggregate group 4 to its default value enter no linkagg lacp agg 4 partner system priority Modifying the Dynamic Aggregate Group Partner System ID B...

Страница 183: ...LACPDU frames The following subsections describe how to configure user specified values and how to restore them to their default values with the linkagg lacp agg admin state command Configuring Actor...

Страница 184: ...tore bits 0 active and 2 aggregate to their default settings on dynamic aggregate actor port 2 in slot 5 enter no linkagg lacp port 5 2 actor admin state active aggregate collect Specifying this keywo...

Страница 185: ...enter linkagg lacp port 7 3 actor system id 00 20 da 06 ba d3 For example to modify the system ID of the dynamic aggregate actor port 3 in slot 7 to 00 20 da 06 ba d3 and document that the port is 10...

Страница 186: ...restore the value to its default value with the linkagg lacp port actor port priority command Configuring the Actor Port Priority You can configure the actor port priority to a value by entering linka...

Страница 187: ...are used for LACPDU frames and 2 indicating that this port is available for aggregation are set in LACPDU frames The following subsections describe how to configure user specified values and how to re...

Страница 188: ...ggregate or synchronize keywords For example to restore bits 0 active and 2 aggregate to their default settings on dynamic aggregate partner port 1 in slot 7 enter no linkagg lacp port 7 1 partner adm...

Страница 189: ...the slot number a slash the port number partner admin key and the user specified partner port administrative key For example to modify the administrative key of a dynamic aggregate group partner port...

Страница 190: ...ash the port number and the partner admin system id parameters For example to remove a user configured system ID from dynamic aggregate partner port 2 in slot 6 enter no linkagg lacp port 6 2 partner...

Страница 191: ...example to modify the administrative status of dynamic aggregate partner port 1 in slot 7 to 200 you would enter linkagg lacp port 7 1 partner admin port 200 For example to modify the administrative...

Страница 192: ...y 100 Restoring the Partner Port Priority To remove a user configured partner port priority from a dynamic aggregate group partner port configuration use the no form of the linkagg lacp port partner a...

Страница 193: ...Spanning Tree Protocol STP with the highest priority 15 possible And VLAN 12 has been configured on dynamic aggregate group 7 with 802 1Q tagging and 802 1p priority bit settings Sample Network Using...

Страница 194: ...g Tree Protocol STP has been disabled on this VLAN STP is enabled by default enable it on VLAN 10 by entering vlan 10 stp enable Note Optional Use the show spantree ports command to determine if the S...

Страница 195: ...onfigure 802 1Q tagging with a tagging ID VLAN ID of 12 on dynamic aggregate group 7 by entering vlan 12 members 7 5 If the QoS Manager has been disabled it is enabled by default enable it by entering...

Страница 196: ...wide link aggregate group and link aggregate port information respectively For example to display global statistics on all link aggregate groups both dynamic and static enter show linkagg agg A screen...

Страница 197: ...in System Priority 20 Partner Oper System Priority 20 Partner Admin System Id 00 00 00 00 00 00 Partner Oper System Id 00 00 00 00 00 00 Partner Admin Key 8 Partner Oper Key 0 Attached Agg Id 0 Actor...

Страница 198: ...Displaying Dynamic Link Aggregation Configuration and Statistics Configuring Dynamic Link Aggregation page 8 32 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 199: ...chassis configuration With the introduction of the Virtual Chassis feature a switch can now operate in two modes Virtual Chassis or Standalone When a switch operates in Virtual Chassis this will caus...

Страница 200: ...ut the syntax of the commands see the OmniSwitch CLI Reference Guide The following information and configuration procedures are included in this chapter Virtual Chassis Specifications on page 9 3 Virt...

Страница 201: ...of physical switches in a Virtual Chassis Note Must be the same platform type 2 Valid chassis identifier 1 or 2 Valid chassis group identifier 0 255 Valid chassis priority 0 255 Maximum number of Vir...

Страница 202: ...ameter Description Command Default Value Comments Chassis Identifier virtual chassis configured chassis id 0 Chassis group identifier virtual chassis chassis group 0 Chassis priority virtual chassis c...

Страница 203: ...igned to it and the underlying interfaces admin istratively enabled A vcboot cfg file containing the generic virtual chassis configuration present must be present in the running directory Note Multi C...

Страница 204: ...4 2 Use the show virtual chassis consistency command to check the consistency of the virtual chassis show virtual chassis consistency Legend denotes mandatory consistency which will affect chassis sta...

Страница 205: ...ge with support for all protocols A Virtual Chassis can be upgraded using ISSU to minimize network impact Virtual Chassis Basic Topology Virtual Chassis Concepts and Components Virtual Chassis is an O...

Страница 206: ...s and VFL links vcboot cfg A file containing information pertaining to the virtual chassis as a whole including L2 and L3 configuration management configuration user ports configuration etc Similar to...

Страница 207: ...ts it will not be affected 3 The vcsetup cfg and vcboot cfg files will be automatically created within vc_dir directory 4 The images from the current running directory will be automatically copied to...

Страница 208: ...s to start up error mode if either one of the following conditions occur The vcsetup cfg and vcboot cfg configuration files are present in the running directory but no valid advanced license is instal...

Страница 209: ...chassis fail the chassis will reboot and the first in line Slave chassis will take over becoming the new Master chassis The first in line is derived from the same election criteria that were used to s...

Страница 210: ...is scenario Using directly connected CMM EMP ports could result in a scenario where the Primary CMM on one switch is directly connected to the Secondary CMM on the other switch if a local CMM takeover...

Страница 211: ...loads it comes back as a Slave chassis To restore the role of Master to the original Master chassis the current Master can be rebooted and the original Master will take over assuming the Master role P...

Страница 212: ...Features on page 9 16 Basic Virtual Chassis Building Block The building block below can be used to connect to the edge or core devices in the network and is comprised of two switches connected with a...

Страница 213: ...guration Guide June 2013 page 9 15 Virtual Chassis at the Core Data Center VC In the topology shown below edge switches are connected through virtual chassis and core switches are dual attached Data C...

Страница 214: ...uration that does not adhere to this requirement then upon boot up only one configured VFL member port from each group of ports listed above will be enabled The configuration of the remaining ports of...

Страница 215: ...tch is still operating in standalone mode For a thorough description of the configuration process while a switch is already operating in virtual chassis mode please refer to the CLI guide General Virt...

Страница 216: ...ue group identifier This configuration may cause problems for the RCD Remote Chassis Detection protocol used to detect virtual chassis topology splits as well as other unpredictable issues The virtual...

Страница 217: ...ges to the control VLAN will only take effect after the next reboot of the switch The control VLAN must be the same between the switches comprising the virtual chassis For more information on the Cont...

Страница 218: ...he virtual chassis vf link create and virtual chassis vf link member port commands For example virtual chassis vf link 0 create virtual chassis vf link 0 member port 1 1 virtual chassis vf link 0 memb...

Страница 219: ...sis and can be used for remote access to the entire Virtual Chassis The Chassis EMP IP address is assigned to each switch comprising the virtual chassis EMP CHAS1 or EMP CHAS2 This address can be used...

Страница 220: ...S1 EMP CMMA CHAS2 EMP CMMB CHAS2 A direct connection to the associated CMM s console port is required before attempting to change IP address information using the modify boot parameters command as sho...

Страница 221: ...al chassis vf link 0 create Chassis_2 virtual chassis vf link 0 member port 1 24 25 Chassis_1 ip interface local emp address 10 255 100 2 mask 255 255 255 0 Chassis_2 write memory Chassis_2 convert co...

Страница 222: ...ort 1 1 10 actor admin key 1 VC_Core linkagg lacp port 1 1 11 actor admin key 1 VC_Core linkagg lacp port 2 1 10 actor admin key 1 VC_Core linkagg lacp port 2 1 11 actor admin key 1 VC_Core vlan 100 m...

Страница 223: ...out the output details that result from these commands see the OmniSwitch CLI Reference Guide show virtual chassis topology Displays details about the configured and operational parameters related to...

Страница 224: ...Displaying Virtual Chassis Configuration and Status Configuring Virtual Chassis page 9 26 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 225: ...without running Layer 2 loop detection protocols such as the Spanning Tree Protocol between the edge and aggregation switches while still detecting data loop conditions failure detection and converge...

Страница 226: ...ation examples for more details about the syntax of commands see the OmniSwitch CLI Reference Guide The following information and configuration procedures are included in this chapter Quick Steps for...

Страница 227: ...run the same version of the OmniSwitch AOS Release 7 software for MCLAG support Platforms Supported OmniSwitch 10K 6900 Maximum number of MCLAG aggregates on multi chassis domain 128 Maximum number o...

Страница 228: ...s Parameter Description Command Default Value Comments Multi chassis chassis ID multi chassis chassis id N A Not an MCLAG peer switch Multi chassis chassis group ID multi chassis chassis group 0 Hello...

Страница 229: ...ti chassis chassis group command as shown below OS10K Chassis 1 multi chassis chassis group 10 OS10K Chassis 2 multi chassis chassis group 10 3 Create a virtual fabric link between chassis peers using...

Страница 230: ...al 0 127 48 95 Peer N A N A 0 47 Multi Chassis N A N A 96 127 7 Verify the virtual fabric link configuration and default VLAN settings using the show multi chassis vf link command as shown below OS10K...

Страница 231: ...s Type OS10K OS10K OK Hello Interval 1 1 OK IPC VLAN 4094 4094 OK Chassis Group 10 10 OK STP Path Cost Mode Auto Auto OK STP Mode Per VLAN Per VLAN OK 10 Save the configuration and reload using the wr...

Страница 232: ...l Peer Status Chassis ID 1 2 OK Hello Interval 1 1 OK IPC VLAN 4094 4094 OK STP Path Cost Mode Auto Auto OK STP Mode Per VLAN Per VLAN OK OS10K Chassis 2 show multi chassis consistency Consistency Loc...

Страница 233: ...ing blocks to provide full functionality The following sections highlight the various components of MCLAG The Multi Chassis Domain is a virtual entity consisting of two peer switches the virtual fabri...

Страница 234: ...ion between edge devices and the peer switches Virtual Fabric Link VFL is an aggregated group of 10G ports that connects the multi chassis peer switches As one of the basic building blocks of a MCLAG...

Страница 235: ...mer investment Example of a MCLAG Group Network An important characteristic of this solution relates to the absence of a logical loop between the edge and multi chassis peer switches even though a phy...

Страница 236: ...ude a set of MCLAG aggregate ports The loop detection mechanism generates multicast Loop Detect PDU at regular intervals In a MCLAG network the source MAC is reserved and the MAC is unique to each cha...

Страница 237: ...ommended on page 10 15 Unsupported Topologies on page 10 15 Basic MCLAG Building Block The following diagram illustrates the basic building block that can be used to construct more flexible and comple...

Страница 238: ...MCLAG at the Aggregation Layer In the topology shown below edge switches are connected through MCLAG and core switches are dual attached MCLAG at the Aggregation Layer MC LAG MC LAG MC LAG MC LAG MC L...

Страница 239: ...w across the Virtual Fabric Link Still Spanning Tree is not required as there are no logical loops in this network Edge Switches Without MCLAG Unsupported Topologies In the topology shown below MCLAG...

Страница 240: ...rs need to have consistent configurations for example LACP System ID in order for the edge switch to be able to negotiate the four links as part of the same aggregate Edge Switch to Multiple MCLAG Dom...

Страница 241: ...7 Network Configuration Guide June 2013 page 10 17 The following topology illustrates that Switch B is required to keep separate system resources such as MAC tables ports software applications per vir...

Страница 242: ...non unicast traffic switch S1 will select a different port of the aggregate MCLAG A to send the ARP request In this example assume that the request goes through one of the ports connected to M1 repre...

Страница 243: ...low ARP Reply Over MCLAG The ARP reply is a unicast packet as follows Source MAC MACB Destination MAC MACA 5 Step 5 MACB Learning As the ARP reply packet traverses the system on its way back via the p...

Страница 244: ...lease 7 Network Configuration Guide June 2013 A loop duplicate packet prevention mechanism is implemented so that non unicast frames received on the Virtual Fabric Link are not flooded out any local M...

Страница 245: ...ecting MCLAG devices using the PVST protocol Spanning Tree can run on MCLAG chassis peers even though Spanning Tree is disabled on MC LAG ports In this case One of the MCLAG chassis peers should be th...

Страница 246: ...ng so will only cause a slight increase in the amount of control traffic that is sent over the VFL on the IPC VLAN There is no benefit to enabling IPMS on an IPC VLAN Source Learning MCLAG is supporte...

Страница 247: ...configuration does not match on both peers Universal Network Profiles The Universal Network Profile UNP configuration must be the same on both MCLAG peer switches Any inconsistencies in the configurat...

Страница 248: ...each switch local and peer unp linkagg classification Mandatory Peer learns MAC MAC is not classified but may get assigned to a different UNP on each switch local and peer unp linkagg trust tag Manda...

Страница 249: ...d The IP interfaces configured on a VIP VLAN have limited functionality Routing protocols and VRRP cannot be configured on such IP interfaces A VIP VLAN IP interface supports two types of IP address o...

Страница 250: ...stency Recommendations In addition to ensuring that the MCLAG configuration is the same between peer switches configuring the same values for the following non MCLAG features is highly recommended MAC...

Страница 251: ...elines to follow when configuring MCLAG on an OmniSwitch General MCLAG functionality is only active for switches on which an MCLAG chassis ID is configured The Spanning Tree protocol can run on MCLAG...

Страница 252: ...main uses a unique group ID For information about configuring the chassis group ID see Configuring the Group ID on page 10 30 and Example 2 MCLAG Group ID Configuration on page 10 37 Virtual Fabric Li...

Страница 253: ...address The management address is a unique IP address used by each switch within a multi chassis system to provide management services Each peer switch must have a unique management IP address The vi...

Страница 254: ...group ID number for each peer switch within a group For example multi chassis chassis group 1 By default the chassis group ID is set to 0 In a network environment where more than one pair of MCLAG pee...

Страница 255: ...vlan command to modify the IPC VLAN For example multi chassis ipc vlan 4093 Configuring Aggregate Identifier Ranges The aggregate identifier ranges are the valid ranges defined for standard aggregate...

Страница 256: ...tual IP interface for a VIP VLAN use the ip interface command with the vip address parameter For example the following command creates a virtual IP interface for VIP VLAN 10 ip interface vip vlan 10 v...

Страница 257: ...nfigured identical on both the chassis MAC Address Aging Timer MCLAG member ports port speed and duplex Static MAC Entries QoS Configuration Port Security Configuration IGMP Snooping Configuration IP...

Страница 258: ...es the ability to change these parameters on a per aggregate basis As a result these parameters are always treated as per MCLAG aggregate Parameter Violation Impact Global Parameters Chassis ID must b...

Страница 259: ...propriate routing protocol on VLANs 20 and 50 OS10K M2 vlan 30 OS10K M2 vlan 50 OS10K M2 ip interface vlan 30 address 30 30 30 1 24 vlan 30 OS10K M2 ip interface vlan 50 address 50 50 50 2 24 vlan 50...

Страница 260: ...OS10K M2 multi chassis vf link create OS10K M2 multi chassis vf link member port 8 1 OS10K M2 multi chassis vf link member port 8 17 OS10K M2 multi chassis vip vlan 10 OS10K M2 ip interface vip vlan...

Страница 261: ...ss condition within the network To ensure that a globally unique MAC address is assigned to each MCLAG virtual IP interface configure the multi chassis group ID on each switch within each MCLAG group...

Страница 262: ...chassis status Displays the configured and operational parameters related to the multi chassis feature on the local chassis show multi chassis vf link Displays the configured and operational paramete...

Страница 263: ...op free topology in multi ring and ladder networks that contain interconnection nodes interconnected shared links master rings and sub rings The following chapter details the different functionalities...

Страница 264: ...rced Switch Manual Switch Clear for Manual Forced Switch Dual end blocking not supported ITU T Y 1731 IEEE 802 1ag ERP packet compliant with OAM PDU format for CCM Supported Platforms OmniSwitch 10K 6...

Страница 265: ...status for the node erp ring rpl node Disabled The wait to restore timer value for the RPL node erp ring wait to restore 5 minutes The guard timer value for the ring node erp ring guard timer 50 centi...

Страница 266: ...art of one master ring The sub rings connected to the interconnection nodes are open The sub rings cannot use shared links ERP and ERPv2 Terms Ring Protection Link RPL and RB A designated link between...

Страница 267: ...er are as follows The timer is started when the RPL node receives an R APS NR message that indicates ring protection is no longer required The timer is stopped when the RPL owner receives an R APS SF...

Страница 268: ...ng nodes of the failure condition At this point the ring is operating in protection mode When this mode is invoked the RPL is unblocked forming a new traffic pattern on the ring for example traffic is...

Страница 269: ...wner blocks the RPL Once the WTR timer expires the RPL owner blocks the RPL and transmits an R APS NR RB message indicating that RPL is blocked RB On receiving the R APS NR RB message ring nodes flush...

Страница 270: ...le ERP instances are supported per physical ring A shared link can only be part of the master ring The sub rings connected to the interconnection nodes are not closed and cannot use the shared links C...

Страница 271: ...c destination mac address of 01 19 A7 00 00 00 R APS messages must be tagged in order to identify the ring ID Note The Service VLAN must be tagged no support of untagged service VLAN The sub ring and...

Страница 272: ...e VLAN may carry data traffic and if enabled and configured to do so IPMS will perform regular multicast snooping on that VLAN Disabling IPMS on the ERP Service VLAN is recommended if IP multicast rou...

Страница 273: ...2 tagged 2 Create ERP ring ID 1 ERP Service VLAN and MEG Level and associate two ports to the ring using the erp ring command erp ring 1 port1 1 1 port2 1 2 service vlan 1001 level 1 3 Configure the R...

Страница 274: ...1001 and configure them for use with ERP using the ethernet service svlan nni command ethernet service nni port 1 1 ethernet service nni port 1 2 ethernet service svlan 1001 nni port 1 1 ethernet ser...

Страница 275: ...Setting the Guard Timer on page 11 15 6 Configure the ring port to receive the loss of connectivity event for a Remote Ethernet OAM endpoint See Configuring ERP with VLAN Stacking NNIs on page 11 16 7...

Страница 276: ...agg 1 port2 linkagg 2 service vlan 500 level 1 erp ring 1 enable 4 Repeat Steps 1 through 6 for each switch that participates in the ERP ring Make sure to use the same VLAN ID and MEG level for the se...

Страница 277: ...estore Timer The wait to restore WTR timer determines the number of minutes the RPL owner waits before blocking the RPL port after the ERP ring has recovered from a link failure By default the WTR tim...

Страница 278: ...or the service VLAN and the associated NNI ports as the ring ports For example erp ring 1 port1 1 1 port2 1 2 service vlan 1001 level 2 erp ring 1 enable Note the following when configuring an ERP rin...

Страница 279: ...ce VLAN for the ring Use the show erp command to verify the configured VLAN Stacking ERP ring configuration For more information about these commands see the OmniSwitch CLI Reference Guide Clearing ER...

Страница 280: ...mer values These values can be adjusted as necessary The following sub sections provide the details on prerequisites and different configurations for switches to set up an ERPv2 ring network using Alc...

Страница 281: ...A sub ring on the interconnection node can be configured using the following command Switch 3 erp ring 3 sub ring port 1 3 service vlan 10 level 2 Sample Switch Configuration The following configurat...

Страница 282: ...Interconnection Node of the Sub Ring When R APS virtual channel is enabled on the interconnection node of a sub ring all the R APS messages received from sub ring port are processed and flooded to maj...

Страница 283: ...When the ERPv2 node is operating with ERPv1 node in the same ring it operates in different way for compatibility In this mode revertive mode is always assumed it operates in revertive mode regardless...

Страница 284: ...RP ring with ERP ring ID 1 on all switches in the network 2 Define an ERP Service VLAN as VLAN 10 on all switches 3 Set the Management Entity Group MEG level to 2 for all switches 4 Switch C is the RP...

Страница 285: ...1 erp ring 1 enable 3 Verify the ERP ring configuration on any switch using the following command show erp ring 1 Legend Inactive Configuration Ring Id 1 Ring Port1 2 1 Ring Port2 1 2 Ring Status enab...

Страница 286: ...ology In addition a tutorial is also included that provides steps on how to configure the example network topology using the Command Line Interface CLI Example ERPv2 Overview The following diagram sho...

Страница 287: ...ed Step 2 Create the ERP rings 1 and 2 on Switch A Switch A erp ring 1 port1 2 1 port2 2 2 service vlan 10 level 1 Switch A erp ring 2 sub ring port 1 6 service vlan 200 level 1 Step 3 Create traffic...

Страница 288: ...ing 1 port1 1 2 port2 2 1 service vlan 10 level 1 vlan 100 300 erp ring 1 enable vlan 100 300 members port 1 2 tagged vlan 100 300 members port 2 1 tagged Configuring Secondary RPL Node The following...

Страница 289: ...tch CLI Reference Guide show erp Displays the ERP configuration information for all rings a specific ring or for a specific ring port show erp statistics Displays the ERP statistics for all rings a sp...

Страница 290: ...Verifying the ERP Configuration Configuring ERP page 11 28 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 291: ...the other MVRP enabled switches MVRP helps to maintain VLAN configuration dynamically based on current network configurations In This Chapter This chapter describes the MVRP feature and how to config...

Страница 292: ...AOS Release 7 Network Configuration Guide June 2013 MVRP Specifications IEEE Standards Supported IEEE 802 1ak 2007 Amendment 7 Multiple Registration Protocol IEEE 802 1Q 2005 Corrigendum 2008 Platfor...

Страница 293: ...mvrp registration normal Applicant mode of the port mvrp applicant active Timer value for join timer mvrp timer join 600 milliseconds Timer value for leave timer mvrp timer leave 1800 milliseconds Ti...

Страница 294: ...es MVRP on port 1 2 of the switch mvrp port 1 2 enable 6 Optional Restrict a port from becoming a member of the statically created VLAN by using the mvrp static vlan restrict command For example the f...

Страница 295: ...f VLANs Each MVRP device that receives the declaration in the network creates or updates a dynamic VLAN registration entry in the filtering database to indicate that the VLAN is registered on the rece...

Страница 296: ...member of these VLANs 4 Port 4 on Switch C receives the advertisements VLANs 10 20 and 30 are created as VLANs on Switch C and Port 4 become a member of VLANs 10 20 and 30 5 Port 5 advertises VLANs 1...

Страница 297: ...ber of this VLAN 5 Port 1 on Switch A receives the advertisement creates dynamic VLAN 50 Port 1 becomes a member of VLAN 50 The resulting configuration is depicted as follows Dynamic Learning of VLAN...

Страница 298: ...ures interact with MVRP Refer to the specific chapter for each feature to get more detailed information about how to configure and use the feature STP MVRP feature is supported only in STP flat mode I...

Страница 299: ...wever for the port to become an active participant MVRP must be globally enabled on the switch By default MVRP is disabled on the ports To enable MVRP on a specified port use the mvrp port command For...

Страница 300: ...the mvrp registration command For example to configure port 2 of slot 1 in normal mode enter the following mvrp port 1 2 registration normal To view the registration mode of the port use the show mvrp...

Страница 301: ...onfigurations for all the ports including timer values registration and applicant modes enter the following show mvrp port enable Port Join Leave LeaveAll Periodic Registration Applicant Periodic Time...

Страница 302: ...in MVRP Join timer The maximum time an MVRP instance waits before making declaration for VLANs Leave timer The wait time taken to remove the port from the VLAN after receiving a Leave message on that...

Страница 303: ...vice By default the dynamic VLAN registrations are not restricted and the VLAN can either be created on the device or mapped to another port To restrict a VLAN from being dynamically learned on the de...

Страница 304: ...nd as shown no mvrp port 1 2 static vlan restrict vlan 5 9 Restricting VLAN Advertisement VLANs learned by a switch through MVRP can either be propagated to other switches or be blocked This helps pru...

Страница 305: ...gates show mvrp configuration Displays the global configuration for MVRP show mvrp linkagg Displays the MVRP configuration for a specific port or an aggregate of ports show mvrp port Displays the MVRP...

Страница 306: ...Verifying the MVRP Configuration Configuring MVRP page 12 16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 307: ...In This Chapter This chapter describes the basic components of 802 1AB and how to configure them through the Command Line Interface CLI The CLI commands are used in the configuration examples for mor...

Страница 308: ...number of network policies that can be configured on the switch 32 Parameter Description Command Default Value Comments Transmit time interval for LLDPDUs lldp transmit interval 30 seconds Transmit h...

Страница 309: ...LDPDUs To set the interval for a 20 second delay use the lldp transmit delay command For example lldp transmit delay 20 6 Set the LLDPDUs transmit fast start count required for LLDP Fast Restart mecha...

Страница 310: ...DU the information is updated in the related MIB By exchanging information with all the neighbors each device gets to know its neighbor on each port The information contained in the LLDPDU is transmit...

Страница 311: ...as an edge device for example IP phone and IP PBX among others In such a case the switch stops sending LLDPDU and starts sending MED LLDPDU on the port connected to the edge device LLDP Media Endpoint...

Страница 312: ...n and Reception LLDP operates in a one way direction so that the information in the LLDPDUs flows from one device to another LLDPDUs are not exchanged as an information request by one device and a res...

Страница 313: ...mand at the CLI prompt lldp 1 5 lldpdu disable Enabling and Disabling Notification The lldp notification command is used to control per port notification status about the remote device change on a spe...

Страница 314: ...ansmit state To enable the 802 1 TLV LLDPDU transmission on a switch enter the lldp tlv dot1 command lldp chassis tlv dot1 port vlan enable To enable the 802 1 TLV on port 1 of slot 5 enter the follow...

Страница 315: ...Disabling Application Priority TLV The lldp tlv application command is used to include the LLDP DCBx Application Priority TLV in the LLDPDUs transmitted on a specific port a slot or all ports on a swi...

Страница 316: ...r the lldp transmit hold multiplier command For example to set the transmit hold multiplier value to 2 enter lldp transmit hold multiplier 2 Note The Time To Live is a multiple of the transmit interva...

Страница 317: ...lays system wide statistics show lldp statistics Displays port statistics show lldp local system Displays local system information show lldp local port Displays port information show lldp local manage...

Страница 318: ...Verifying 802 1AB Configuration Configuring 802 1AB page 13 12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 319: ...s LAN environment to help reduce administrative overhead This feature is supported in both standalone or virtual chassis mode Auto discovery will not operate until after the virtual chassis setup is c...

Страница 320: ...or more details about the syntax of the commands see the OmniSwitch CLI Reference Guide The following information and configuration procedures are included in this chapter Auto Fabric Specifications o...

Страница 321: ...Release 7 Network Configuration Guide June 2013 page 14 3 Auto Fabric Specifications The table below lists specifications for Auto Fabric Platforms Supported OmniSwitch 10K 6900 Modes Supported Standa...

Страница 322: ...ommand Default Value Comments Auto fabric administrative state auto fabric admin state enabled if no configuration file exists Auto fabric protocols state auto fabric protocols enabled Auto fabric con...

Страница 323: ...d auto configuration for the default discovery window 3 After the LACP discovery window expires the switch will perform SPB auto discovery 4 After the SPB discovery the switch will perform MVRP auto d...

Страница 324: ...val 1 minute Global Auto Fabric LACP Discovery Status Enabled Global Auto Fabric SPB Discovery Status Enabled Global Auto Fabric MVRP Discovery Status Enabled Auto Fabric Config Save Timer Status Disa...

Страница 325: ...very it must be in it s default state If the port is in its default state the system will attempt to determine a port can be a member of an existing or new link aggregate by analyzing any received LAC...

Страница 326: ...h no LACP discov ered no SPB M adjacencies formed and if MVRP is enabled no VLAN registrations Then the MVRP configuration is removed and the auto fabric discovery window is started If a LACP frame is...

Страница 327: ...Multiple ports with same admin key are detected and LAG is formed and configured on both core and edge switches 4 After LACP discovery window expires SPB discovery starts SPB BVLANs and control BVLAN...

Страница 328: ...rs the LACP frames since it is running auto fabric and forms LAG with ports with same admin key There could be multiple or single LAG groups based on the admin key advertised 4 After LACP discovery wi...

Страница 329: ...n already formed aggregate or a new aggregate id Neighbor device is also booting up with this device Max aggregate size not exceeded If there are fewer ports than the maximum possible size of an aggre...

Страница 330: ...0x8000 If there are any BVLANs manually configured that are not in the range of 4000 4015 SPB M discov ery will not run If there are any VLANs configured except BVLANs in the 4000 4015 range SPB disco...

Страница 331: ...y configured There are no default MVRP VLANs MVRP does not have an auto discovery time limit Operation is continuous until the administrator makes changes Virtual Chassis and MC LAG Auto Fabric cannot...

Страница 332: ...state enable auto fabric interface 1 1 admin state enable Starting the Discovery Process The discovery can be manually started To manually begin the discovery process use the auto fabric discovery st...

Страница 333: ...uration file boot cfg post discovery if the write memory command is given Automatically The system will save the discovered configuration to the configuration file boot cfg at set periods automaticall...

Страница 334: ...CLI show commands to display the current configuration and status of auto fabric These commands include the following For more information about the output details that result from these commands see...

Страница 335: ...f Internet Protocol is supported IPv4 and IPv6 For more information about using IPv6 see Chapter 17 Configuring IPv6 In This Chapter This chapter describes IP and how to configure it through the Comma...

Страница 336: ...P Information see page 15 32 Displaying User Datagram Protocol UDP Information see page 15 33 Service Assurance Agent SAA see page 15 33 Tunneling Generic Routing Encapsulation page 15 33 IP Encapsula...

Страница 337: ...apsulation GRE 1702 Generic Routing Encapsulation over IPV4 Networks 2003 IP Encapsulation within IP Maximum router interfaces per system 4094 IP Maximum router interfaces per VLAN 16 Maximum HW route...

Страница 338: ...ts to a different VLAN on a switch create an IP interface on each VLAN The following steps provide a quick tutorial of how to enable IP forwarding between VLANs from scratch If active VLANs have alrea...

Страница 339: ...at provides reliable connection oriented full duplex data streams While the role of TCP is to add reliability to IP TCP relies upon IP to do the actual deliver ing of datagrams UDP A secondary transpo...

Страница 340: ...ce with its physi cal MAC address For more information see Configuring Address Resolution Protocol ARP on page 15 12 Virtual Router Redundancy Protocol VRRP Used to back up routers For more informatio...

Страница 341: ...ter interface the ports associated with that VLAN are in essence firewalled from other VLANs IP multinetting is also supported A network is said to be multinetted when multiple IP subnets are brought...

Страница 342: ...sulation for the interface defaults to Ethernet II The encapsulation determines the framing type the interface uses when generating frames that are forwarded out of VLAN ports Select an encapsulation...

Страница 343: ...Accounting interface ip interface Accounting address 40 0 0 1 The subnet mask for the Accounting interface was previously set to 255 255 255 0 The above example resets the mask to the default value o...

Страница 344: ...otal number of IP interfaces allowed per VLAN or switch To change the address remove the interface using the no ip interface Loopback0 command and readd it with the new address Loopback0 Address Adver...

Страница 345: ...1 0 24 gateway 171 11 2 1 When you create a static route the default metric value of 1 is used However you can change the priority of the route by increasing its metric value The lower the metric valu...

Страница 346: ...cified IP address responds with an ARP reply packet containing its hardware address The switch receives the ARP reply packet stores the hardware address in its ARP cache for future use and begins exch...

Страница 347: ...e ARP Table Permanent entries do not age out of the ARP table Use the no arp command to delete a permanent entry from the ARP table When deleting an ARP entry you only need to enter the IP address For...

Страница 348: ...RP filtering is used to determine whether the switch responds to ARP requests that contain a specific IP address ARP filtering is used in conjunction with the Local Proxy ARP application however it is...

Страница 349: ...l filter use the no form of the arp filter command For example no arp filter 198 0 0 0 To clear all ARP filters from the switch configuration use the clear arp filter command For example clear arp fil...

Страница 350: ...172 22 2 115 Configuring the Router ID By default the router primary address of the router is used as the router ID However if a primary address has not been explicitly configured the router ID defau...

Страница 351: ...eceiving network In addition a route map can also contain statements that modify route parameters before they are redistributed When a route map is created a name is given to identify the group of sta...

Страница 352: ...xample ip route map ospf to bgp sequence number 10 action permit The above command creates the ospf to bgp route map assigns a sequence number of 10 to the route map and specifies a permit action To o...

Страница 353: ...ap Use the no form of the ip route map command to delete an entire route map a route map sequence or a specific statement within a sequence To delete an entire route map enter no ip route map followed...

Страница 354: ...Number 20 Action permit match ip4 interface to finance set metric 5 Sequence 10 and sequence 20 are both linked to route map rm_1 and are processed in ascending order according to their sequence numb...

Страница 355: ...fault or denied redistribution For example ip access list ipaddr address 16 24 2 1 16 action deny redist control all subnets ipv6 access list ip6addr address 2001 1 64 action permit redist control no...

Страница 356: ...ve status ip redist ospf into bgp route map ospf to bgp status enable Route Map Redistribution Example The following example configures the redistribution of OSPF routes into a BGP network using a rou...

Страница 357: ...ing ICMP Ping of Death Ping packets that exceed the largest IP datagram size 65535 bytes are sent to a host and crash the system SYN Attack Floods a system with a series of TCP SYN packets resulting i...

Страница 358: ...nd SNMP traps are generated The switch can be set to detect various types of port scans by monitoring for TCP or UDP packets sent to open or closed ports Monitoring is done in the following manner Pac...

Страница 359: ...ackets are received along with 200 UDP open port packets This would bring the total penalty value to 4300 as shown using the following equa tion 100 previous minute value 10 TCP X 10 penalty 10 UDP X...

Страница 360: ...nalty command with a penalty value For example to assign a penalty value of 10 to TCP UDP packets destined for closed ports enter the following ip dos scan close port penalty 10 To assign a penalty va...

Страница 361: ...n progress when the total penalty value of the switch crosses the port scan penalty value threshold To enable SNMP trap generation enter the ip dos trap command as shown ip dos trap enable To disable...

Страница 362: ...default It has no impact on ports that are opened by loading applications such as RIP and BGP In addition the ip service command allows you to designate which service to enable or disable by specifyi...

Страница 363: ...Unreachable Message Usually means that a failure has occurred in the route lookup of the destination IP in the packet Host Unreachable Message Usually indicates delivery failure such as an unresolved...

Страница 364: ...or distinguishing between a request or a reply and the unreachable command has options distinguishing between a network host protocol or port For example to enable an echo request message enter the fo...

Страница 365: ...inimum packet gap times Use the show icmp control command to display the table ICMP Statistics Table The ICMP Statistics Table displays the ICMP statistics and errors This data can be used to monitor...

Страница 366: ...packet from the local switch to a specified destination This command displays the individual hops to the destination as well as timing information When using this command enter the name of the destina...

Страница 367: ...lation within IP IPIP Generic Routing Encapsulation GRE encapsulates a packet to be carried over the GRE tunnel with a GRE header The resulting packet is then encapsulated with an outer header by the...

Страница 368: ...of the following are satisfied Both source and destination addresses are assigned The source address of the tunnel is one of the switch s IP interface addresses that is either a VLAN or Loopback0 int...

Страница 369: ...ace command as shown ip interface gre address 24 24 24 1 mask 255 255 255 0 To configure an IPIP tunnel use the ip interface tunnel command as shown ip interface ipip tunnel source 23 23 23 1 destinat...

Страница 370: ...se Displays a list of all routes static and dynamic that exist in the IP router database show ip config Displays IP configuration parameters show ip protocols Displays switch routing protocol informat...

Страница 371: ...ay in another VRF Quick Steps for Configuring VRF Route Leak The following steps provide a quick tutorial on how to configure VRF Route Leak Each step describes a specific operation and provides the C...

Страница 372: ...routes To export routes from the default VRF enter the ip export command at the CLI prompt as shown ip export route map R1 To export routes from a specific VRF specify the VRF globally or enter into t...

Страница 373: ...hat are imported and added to the RDB from other VRFs use the ip route pref command with the import parameter For example ip route pref import 100 Leaked routes are only for forwarding If a local rout...

Страница 374: ...VRF Route Leak Configuring IP page 15 40 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 375: ...ribes the Multiple VRF feature and how to configure it through the Command Line Interface CLI CLI commands are used in the configuration examples for more details about the syntax of commands see the...

Страница 376: ...Switch 10K 6900 OmniSwitch License Requirements Advanced License required on OmniSwitch 6900 only Routing Protocols Supported Static IPv4 RIPv2 OSPFv2 BGP4 Maximum number of max profile VRF instances...

Страница 377: ...s now the active VRF CLI context Any commands entered at this point apply to this instance unless the commands entered are not supported in multiple VRF instances 2 Create a second VRF instance IpTwo...

Страница 378: ...he ip bgp neighbor ip bgp neighbor remote as and ip bgp neighbor admin state commands For example IpTwo ip bgp neighbor 102 1 1 10 IpTwo ip bgp neighbor 102 1 1 10 remote as 1000 IpTwo ip bgp neighbor...

Страница 379: ...lan 100 vlan 101 vlan 102 vrf IpOne IpOne vrf IpTwo IpTwo vrf IpOne IpOne ip interface intf100 address 100 1 1 1 24 vlan 100 IpOne ip interface intf101 address 101 1 1 1 24 vlan 101 IpOne ip router ro...

Страница 380: ...lementation of VRF functionality does not require a BGP MPLS configuration in the provider network Instead VRF instances can route and forward IP traffic between customer sites using point to point La...

Страница 381: ...2013 page 16 7 Example Multiple VRF Configuration VRF A Customer A Site 1 PE 2 PE 1 PE 3 Service Provider VRF A VRF B VRF C IP Network VRF B Customer B Site 1 VRF C Customer C Site 1 VRF A Customer A...

Страница 382: ...rivate network needs its own address space but does not need a routing protocol to share many routes may only need a default route A combination of low and max profiles is allowed on the switch Howeve...

Страница 383: ...ip load rip vrf vrfOne ip rip status enable vrf vrfOne ip rip interface intf100 status enable In this example vrfOne is added to the beginning of the IP and RIP configuration command lines This indic...

Страница 384: ...tion Guide June 2013 Level Description Telnet SSH SFTP SCP Radius SNMP HTTP HTTPS NTP LDAP TACACS Syslog 0 Default VRF Only Yes Yes 1 Single VRF for all services Yes Yes 2 Single VRF per service each...

Страница 385: ...cross multiple VRF instances Non VRF Aware Switch applications that have no association with any VRF instance even the default instance Note that configuration of this type of application is only allo...

Страница 386: ...r router ID number and primary IP address that is explicit to the associated VRF instance BGP neighbors defined for a specific VRF instance and address family IPv4 and IPv6 peer with neighbors accessi...

Страница 387: ...y condition applies This parameter can also specify the default VRF and a no form of the command exists to remove a VRF condition parameter For example qos policy condition c1 vrf engr_vrf qos policy...

Страница 388: ...the following command configures the forwarding of specific UDP packets to VLAN 100 within the context of the vrfTwo instance ip udp dns vlan 100 When a VRF instance is deleted all UDP DHCP Relay con...

Страница 389: ...rf IpOne IpOne In this example instance IpOne is created and made the active VRF context at the same time Note that the CLI command prompt indicates the active context by displaying the name of the VR...

Страница 390: ...e is created A max profile VRF supports dynamic routing protocols and other supported VRF limits To create a VRF instance with low profile capabilities use the vrf command with the profile low paramet...

Страница 391: ...not display the instance name Assigning IP Interfaces to a VRF Instance When a VRF instance is created or an existing instance is selected any IP interface subsequently config ured is associated with...

Страница 392: ...context then the BGP routing instance is associated with IpOne All traffic for the BGP instance is routed and forwarded on the interfaces associated with VRF IpOne For more information about the inter...

Страница 393: ...e 200 1 1 1 255 255 255 0 DOWN NO vlan 200 IpOne vrf default show ip interface Total 6 interfaces Name IP Address Subnet Mask Status Forward Device EMP 192 168 10 1 255 255 255 0 DOWN NO EMP Loopback...

Страница 394: ...Verifying the VRF Configuration Configuring Multiple VRF page 16 20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 395: ...pter describes IPv6 and how to configure it through Command Line Interface CLI The CLI commands are used in the configuration examples for more details about the syntax of commands see the OmniSwitch...

Страница 396: ...gram Interface API for IPv6 3587 IPv6 Global Unicast Address Format 3595 Textual Conventions for IPv6 Flow Label 3596 DNS Extensions to Support IP Version 6 4007 IPv6 Scoped Address Architecture 4022...

Страница 397: ...tes OS10K OS6900 256 prefix 65 OS10K U48 C48 8K prefix 64 OS10K U32S 6K prefix 64 OS10K U32E 8K prefix 64 OS6900 8K Note Exceeding these limits or having IPv4 routes will result in some traffic being...

Страница 398: ...p command Description Command Default Global status of IPv6 on the switch N A Enabled Interfaces ipv6 interface loopback 6to4 tunnels ipv6 interface tunnel_6to4 Prefixes ipv6 prefix None Hop Limit ipv...

Страница 399: ...v300 interface by using the ipv6 address command For example ipv6 address 2001 db8 4100 2 64 eui 64 v6if v300 Note Optional To verify the IPv6 interface configuration enter show ipv6 interface For ex...

Страница 400: ...he IPv6 header is only twice the size of the IPv4 header despite the significant increase in address size Improved support for header options Improved header option encoding allows more efficient forw...

Страница 401: ...be used on multiple interfaces Unicast Standard unicast addresses similar to IPv4 Unique Local IPv6 Unicast IPv6 unicast address format that is globally unique and intended for local communications us...

Страница 402: ...the double colon is only allowed once within a single address So if the address was1234 531F 0 0 BCD2 F34A 0 0 a double colon could not replace both sets of zeros For example the first two versions of...

Страница 403: ...ollowing example FE80 2d0 95ff fe6b 5ccd 64 Note that when this example address was created the MAC address was modified by complementing the second bit of the leftmost byte and by inserting the hex v...

Страница 404: ...ess Use the well known prefix FC00 7 to to allow for easy filtering at site boundaries Allow sites to be combined or privately interconnected without creating any address conflicts or requir ing renum...

Страница 405: ...4 network or decapsulated IPv4 header stripped for transmission to an IPv6 destination An IPv6 6to4 tunnel interface is identified by its assigned address which is derived by combining a 6to4 well kno...

Страница 406: ...4 IPv6 Domains In this scenario 6to4 sites have connectivity to native IPv6 domains through a relay router which is connected to both the IPv4 and IPv6 domains The 6to4 border routers are still used b...

Страница 407: ...uring IPv6 Tunnel Interfaces on page 17 18 For more detailed informa tion and scenarios by using 6to4 tunnels refer to RFC 3056 Configured Tunnels A configured tunnel is where the endpoint addresses a...

Страница 408: ...not active until at least one port associated with the VLAN goes active A link local address is automatically configured for an IPv6 interface except for 6to4 tunnels when the interface is configured...

Страница 409: ...ipv6 address local unicast command can be used to generate a unique local address using the configured global id Modifying an IPv6 Interface The ipv6 interface command is also used to modify existing...

Страница 410: ...et prefix length of 64 bits To use the MAC address of an interface or device as the interface ID specify the eui 64 option with this command For example ipv6 address 2001 db8 4100 1000 64 eui 64 v6if...

Страница 411: ...otation Refer to RFC 4291 for more technical address information Removing an IPv6 Address To remove an IPv6 address from an interface use the no form of the ipv6 address command as shown no ipv6 addre...

Страница 412: ...entify tunnel endpoints The router that the 6to4 tunnel interface is configured on will encapsulate IPv6 packets in IPv4 headers and send them to the IPv4 destination address where they will be proces...

Страница 413: ...xample above the IPv6 interface name for the gateway was included This parameter is required only when a link local address is specified as the gateway When you create a static route the default metri...

Страница 414: ...r local static OSPFv3 RIPng EBGP and IBGP highest to lowest Use the ipv6 route pref command to change the route preference value of a router For example to configure the route preference of an OSPF ro...

Страница 415: ...control redistribution of routes between protocols Such criteria is defined by configuring route map statements There are three different types of statements Action An action statement configures the...

Страница 416: ...s with a tag value of eight are redistrib uted into the RIP network All other routes with a different tag value are dropped Note Configuring match statements is not required However if a route map doe...

Страница 417: ...ly the match tag 8 statement from route map redistipv4 sequence 10 no ip route map redistipv4 sequence number 10 match tag 8 Configuring Route Map Sequences A route map may consist of one or more sequ...

Страница 418: ..._1 sequence number 10 match tag 8 ip route map rm_1 sequence number 10 match ipv6 interface to finance Configuring Access Lists An IP access list provides a convenient way to add multiple IPv4 or IPv6...

Страница 419: ...the router interface are processed based on the contents of the ospf to rip route map Routes that match criteria specified in this route map are either allowed or denied redistribution into the RIPng...

Страница 420: ...nce number 20 action permit ip route map ospf to rip sequence number 20 match ipv6 interface intf_ospf ip route map ospf to rip sequence number 20 set metric 255 ip route map ospf to rip sequence numb...

Страница 421: ...tunnel information show ipv6 routes Displays the IPv6 Forwarding Table show ipv6 route pref Displays the configured route preference of a router show ipv6 router database Displays a list of all routes...

Страница 422: ...Verifying the IPv6 Configuration Configuring IPv6 page 17 28 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 423: ...e Authentication Header AH and the Encapsulating Security Payload ESP and through the use of cryptographic key manage ment procedures and protocols Note The OmniSwitch currently supports IPsec for IPv...

Страница 424: ...128 192 or 256 bits Authentication Algorithms Supported for AH HMAC SHA1 96 HMAC MD5 96 and AES XCBC MAC 96 Key lengths supported for Authentication Algorithms HMAC MD5 128 bits HMAC SHA1 160 bits AE...

Страница 425: ...psec policy ALLoutMD5 rule 1 ah ipsec policy ALLinMD5 rule 1 ah 4 Enable the policies A policy cannot be enabled until the rules are defined Now that rules have been defined enable the policy using th...

Страница 426: ...r keys need to be defined 1 Define the policy The commands below use similar policy information as in the previous example but the action has been changed to discard ipsec policy Discard_ALLoutMD5 sou...

Страница 427: ...ntegrity Authentication Header AH to provide connectionless integrity and data origin authentication for IPv6 datagrams and to provide optional protection against replay attacks Unlike ESP AH does not...

Страница 428: ...mmonly used algorithms are AES and 3DES These algorithms are used for encrypting IPv6 packets Advanced Encryption Standard Cipher Block Chaining AES CBC The AES CBC mode comprises three different key...

Страница 429: ...indicates the value of the upper layer protocol being protected for example UDP or TCP in the transport mode The payload length field in the AH header indicates the length of the header The SPI in com...

Страница 430: ...Therefore to cover all traffic between a source and destination two policies would need to be defined IPsec Policy Rules Rules are created and applied to policies Rules determine what type of encrypt...

Страница 431: ...currently supports manually configured SAs only Discarding Traffic using IPsec In order to discard IPv6 datagrams a policy is configured in the same manner as an IPsec security policy the difference b...

Страница 432: ...d Disabling a Policy on page 18 12 Configure the authentication and encryption keys required for manually configured IPsec Security associations SA This is described in Configuring IPsec SA Keys on pa...

Страница 433: ...order to cover all traffic between source and destination a minimum of two policies need to be defined one policy for inbound traffic and another policy for outbound traffic To configure an IPsec poli...

Страница 434: ...000 source 0 destination 0 port 23 protocol tcp in discard ipsec policy telnet_ipsec priority 200 source 3ffe 1200 32 destination 0 port 23 protocol tcp in ipsec admin state disable ipsec policy telne...

Страница 435: ...source 0 destination 3ffe 200 200 4001 99 protocol udp in ipsec description IPsec on all inbound UDP admin state enable The following table lists the various protocols that can be specified refer to t...

Страница 436: ...ich a rule should get applied to the payload The policy name config ured for the IPsec policy rule should be the same as the policy name configured for the IPsec security policy It s possible to first...

Страница 437: ...h source 3ffe 1 1 1 1 destination 3ffe 1 1 1 99 spi 9902 authentication hmac sha1 description HMAC SHA1 on traffic from 1 to 99 The above commands configure bi directional IPsec SAs of AH type for dat...

Страница 438: ...SA To display the configured IPsec SA use the show ipsec sa command For example show ipsec sa Name Type Source Destination SPI Encryption Authentication State tcp_in_ah ah 3ffe 1 1 1 99 3ffe 1 1 1 1 9...

Страница 439: ...must be unique Use the no form of this command to delete the configured IPsec SA key For example no ipsec key tcp_in_ah Verifying IPsec SA Key To display the encryption key values which are configured...

Страница 440: ...nitor the incoming and outgoing packets for the configured parameters by using the show ipsec ipv6 statistics command Inbound Successful 2787 Policy violation 0 No SA found 0 Unknown SPI 0 AH replay c...

Страница 441: ...from 200 ipsec policy tcp_out rule 1 esp ipsec policy tcp_in rule 1 esp ipsec policy tcp_out admin state enable ipsec policy tcp_in admin state enable ipsec sa tcp_out_esp esp source 3ffe 100 destinat...

Страница 442: ...cy tcp_in rule 1 esp ipsec policy tcp_out admin state enable ipsec policy tcp_in admin state enable ipsec sa tcp_out_esp esp source 3ffe 200 destination 3ffe 100 spi 1001 encryption des cbc authentica...

Страница 443: ...ll RIPng packets Discarding RIPng Packets Switch A ipsec policy DISCARD_UDPout source fe80 100 destination ff02 9 protocol udp out discard ipsec policy DISCARD_UDPin source fe80 200 destination ff02 9...

Страница 444: ...the resulting displays form these commands see the IPsec Commands chap ter in the OmniSwitch CLI Reference Guide Examples of the above commands and their outputs are given in the section Configuring I...

Страница 445: ...g RIP send receive option and RIP interface metric It also details RIP redistribution which allows a RIP network to exchange routing information with networks running different protocols e g OSPF and...

Страница 446: ...aximum Number of Peers 100 Maximum Number of Routes 10K Description Command Default RIP Status ip rip admin state disable RIP Forced Hold Down Interval ip rip force holddowntimer 0 RIP Update Interval...

Страница 447: ...untagged 4 Assign an active port to VLAN 2 by using the vlan members command For example the following command assigns port 2 on slot 1 to VLAN 2 vlan 2 members port 1 2 untagged 5 Configure an IP int...

Страница 448: ...routing information and listens for responses to the request If a switch configured to supply RIP hears the request it responds with a response packet based on information in its routing database The...

Страница 449: ...ity to specify the network mask with each network in a packet Because RIPv1 switches ignore the network mask in RIPv2 packets their calculation of the network mask could possibly be wrong For this rea...

Страница 450: ...switches Therefore workstations connected to VLAN 1 on Switch 1 can communicate with workstations connected to VLAN 3 on Switch 2 RIP Routing Loading RIP When the switch is initially configured RIP m...

Страница 451: ...15 Configuring IP for more information Enabling a RIP Interface Once you have created a RIP interface you must enable it to enable RIP routing Use the ip rip interface admin state command followed by...

Страница 452: ...he Receive options are v1 Only RIPv1 packets is received by the switch v2 Only RIPv2 packets is received by the switch both Both RIPv1 and RIPv2 packets is received by the switch none Interface ignore...

Страница 453: ...so expired During this time the switch accepts any advertisements for better paths that are received Note that the RIP forced hold down timer is not the same as the RIP hold down timer The forced hold...

Страница 454: ...ter which an expired route is removed from the RIB Enter the command and the garbage timer value in seconds For example to set a garbage timer value of 180 seconds you would enter ip rip garbage timer...

Страница 455: ...s command allows a direct connection to the host without using the RIP table If a switch is directly attached to a host on a network use the ip rip host route command to enable a default route to the...

Страница 456: ...used to control redistribution of routes between protocols Such criteria is defined by configuring route map statements There are three different types of statements Action An action statement config...

Страница 457: ...th a tag value of eight are redistrib uted into the RIP network All other routes with a different tag value are dropped Note Configuring match statements is not required However if a route map does no...

Страница 458: ...he match tag 8 statement from route map redistipv4 sequence 10 no ip route map redistipv4 sequence number 10 match tag 8 Configuring Route Map Sequences A route map consists of one or more sequences o...

Страница 459: ...umber 10 match tag 8 ip route map rm_1 sequence number 10 match ipv4 interface to finance Configuring Access Lists An IP access list provides a convenient way to add multiple IPv4 or IPv6 addresses to...

Страница 460: ...Routes that match criteria specified in this route map are either allowed or denied redistribution into the RIP network The route map can also specify the modification of route information before the...

Страница 461: ...umber 20 action permit ip route map ospf to rip sequence number 20 match ipv4 interface intf_ospf ip route map ospf to rip sequence number 20 set metric 255 ip route map ospf to rip sequence number 30...

Страница 462: ...hentication is used md5 MD5 authentication is used For example to configure the RIP interface rip 1 for simple authentication you would enter ip rip interface rip 1 auth type simple To configure the R...

Страница 463: ...esult from these commands see the OmniSwitch CLI Refer ence Guide show ip rip Displays the RIP status and general configuration parameters e g forced hold down timer show ip rip routes Displays the RI...

Страница 464: ...Verifying the RIP Configuration Configuring RIP page 19 20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 465: ...t faults in the bidirectional paths between adjacent forwarding engines including data link s and forwarding engines BFD is not intended to directly control liveliness information instead the applicat...

Страница 466: ...led Global transmit time interval for BFD control packets ip bfd transmit 300 milliseconds Global receive time interval for BFD control packets ip bfd receive 300 milliseconds Global BFD detection tim...

Страница 467: ...f non default BFD session parameters are required for BFD sessions that must be run separate from the IP interface ip bfd interface bfd_int_1 2 Optional Configure a global transmit time interval for a...

Страница 468: ...emand mode is not supported The default operational mode is Asynchronous with the echo func tion enabled However Static Routing and VRRP protocol support BFD in the echo only operational mode 8 Option...

Страница 469: ...stered STATIC ROUTING OSPF See the BFD Commands chapter in the OmniSwitch CLI Reference Guide for information about the fields in this display Quick Steps for Configuring BFD Support for Layer 3 Proto...

Страница 470: ...protocol using the vrrp bfd state command For example vrrp bfd state enable 2 Enable BFD for a specific track policy using the vrrp track address bfd state command For exam ple vrrp track 2 address 1...

Страница 471: ...Detecting communication failures as soon as possible is the first step in any network recovery process until a failure is detected network convergence can t begin By rapidly detecting failures BFD ena...

Страница 472: ...ms sharing a BFD interface begin sending BFD control packets to each other over the bidirectional forwarding path The packets are transmitted periodically at the negotiated rate The BFD control packet...

Страница 473: ...l packets are sent because Echo packets are then used to detect session liveliness In addi tion transmitting Echo packets is only allowed over a single hop transmitting BFD control packets is allowed...

Страница 474: ...e system has not yet acknowledged it The session stays at Init until the local system receives a control packet with Init or Up in its state field in which case the session state moves to Up or until...

Страница 475: ...and RX interval fields This means that the system with the slower rate deter mines the BFD control packet transmission speed Configuring BFD Configuring BFD for your network requires the following ap...

Страница 476: ...waits between each successive transmission of control packets BFD allows you to change the default value and set the transmit time interval from the valid range To change the global transmit time inte...

Страница 477: ...the echo interval to 500 milliseconds globally on all BFD sessions To change the BFD echo time interval for a particular BFD session use the ip bfd interface echo inter val command For example ip bfd...

Страница 478: ...rs can be changed To disable a BFD session use the ip bfd interface status command with the disable keyword For example ip bfd interface bfd vlan 101 admin state disable To verify the BFD status and c...

Страница 479: ...guring BFD Support for VRRP Tracking on page 20 19 Configuring BFD Support for Static Routes on page 20 21 Configuring BFD Support for OSPF The steps below show how to configure and verify BFD support...

Страница 480: ...BFD on the interface named vlan 10 To enable BFD on all configured OSPF interfaces use the ip ospf bfd state all interfaces command For example ip ospf bfd state all interfaces enable To disable BFD f...

Страница 481: ...ith them Use the show ip bfd sessions command to view BFD sessions with all BFD neighbors as shown below show ip bfd sessions Legends Neg Negotiated Discr Discriminator Intvl Interval in milliseconds...

Страница 482: ...bgp Admin Status disabled Operational Status down Autonomous System Number 1 BGP Router Id 0 0 0 0 Confederation Identifier 0 IGP Synchronization Status disabled Minimum AS Origin Interval seconds 15...

Страница 483: ...Discr Intvl Intvl Intvl 1 v1001 101 1 1 11 UP 1 300 300 300 2 v2000 200 1 1 1 UP 0 0 0 300 show ip bfd sessions 1 Local discriminator 1 Neighbor IP Address 100 1 1 10 Requested Session Type ASYNC Int...

Страница 484: ...ol level enable BFD for a particular VRRP track policy using the vrrp track address bfd state command Ensure that the track policy is associated with at least one of the virtual routers For example vr...

Страница 485: ...static routing To change the default BFD status for a particular static route and to enable BFD support use the ip static route bfd state command For example ip static route 10 1 1 1 mask 255 0 0 0 g...

Страница 486: ...use b indicates BFD enabled static route r indicates recursive static route with following address in brackets Total IPRM IPv4 routes 7 Destination Gateway Interface Protocol Metric Tag Misc Info b 1...

Страница 487: ...ree routers On all three routers OSPF is associated with BFD for faster failure detection of any router on the network Example OSPF Network using the BFD Protocol The following steps are used to confi...

Страница 488: ...12 ip interface vlan 12 vlan 12 address 12 0 0 1 mask 255 0 0 0 vlan 12 members port 2 2 vlan 10 ip interface vlan 10 vlan 10 address 10 0 0 1 mask 255 0 0 0 vlan 10 members port 2 3 5 ip router rout...

Страница 489: ...vlan 30 ip interface vlan 30 vlan 30 address 30 0 0 3 mask 255 0 0 0 vlan 30 members port 2 3 5 ip router router id 3 3 3 3 These commands created VLANs 23 31 and 30 VLAN 23 handles the backbone conne...

Страница 490: ...ospf interface vlan 12 admin state enable ip ospf interface vlan 23 ip ospf interface vlan 23 area 0 0 0 0 ip ospf interface vlan 23 admin state enable ip ospf interface vlan 20 ip ospf interface vla...

Страница 491: ...so applied as the default parameter values for the interface The following steps change the default global BFD parameter values for the example network the commands used are the same on each router Se...

Страница 492: ...guration To display information such as the BFD status for different session parameters and Layer 3 protocols use the show commands listed in the following table For more information about the resulti...

Страница 493: ...LANs that have IP routing enabled In This Chapter This chapter describes the basic components of DHCP Relay and how to configure them CLI commands are used in the configuration examples For more detai...

Страница 494: ...ions and BOOTP Vendor Extensions 3046 DHCP Relay Agent Information Option 2001 DHCP Relay Implementation Global DHCP Per VLAN DHCP DHCP Relay Service BOOTP DHCP Bootstrap Protocol Dynamic Host Configu...

Страница 495: ...rvice ip udp relay service BOOTP DHCP Forward delay time value for DHCP Relay ip helper forward delay 3 seconds Maximum number of hops ip helper maximum hops 4 hops Packet forwarding option ip helper...

Страница 496: ...ip helper address 128 100 16 1 2 Set the forward delay timer for the DHCP relay To set the timer for a 15 second delay use the follow ing command ip helper forward delay 15 3 Set the maximum hop coun...

Страница 497: ...t has not been exceeded If the forward delay time is not met or the maximum hop count is exceeded the BOOTP DHCP packet is discarded by the DHCP Relay The forwarding option allows you to specify if th...

Страница 498: ...an IP address to a host for a limited period of time or until the host explicitly relinquishes the address Manual The network administrator assigns a host IP address and DHCP simply conveys the assign...

Страница 499: ...g router port to the outgoing router port attached to the OmniSwitch DHCP Clients are Members of the Same VLAN The external router inserts the subnet address of the first hop segment into the DHCP req...

Страница 500: ...a DHCP request frame to the DHCP server using the local broadcast address For these locally attached stations the frame is simply switched from one station to another In this case the DHCP server and...

Страница 501: ...to and from the specified address If multiple DHCP servers are used one IP address must be configured for each server To delete an IP address use the no form of the ip helper address command The IP ad...

Страница 502: ...the IP address to the DHCP server or to the next hop to the DHCP server The default values can be accepted for forward delay hop count and relay forwarding option Alternately the relay function can be...

Страница 503: ...acket The following syntax is used to set a maximum of four hops ip helper maximum hops 4 The hops value represents the maximum number of relays The default maximum hops value is set to four This maxi...

Страница 504: ...subnet mask for the IP address the mask is applied to the VLAN 1 router port address Otherwise a default mask is determined based upon the class of the IP address For example if the IP address is a C...

Страница 505: ...relay service command can also be used to enable or disable relay for DHCP well known ports 67 and 68 If the BOOTP DHCP relay service is disabled the ip helper configuration is not retained and all de...

Страница 506: ...y service and ip udp relay port command see the OmniSwitch CLI Reference Guide Specifying a Forwarding VLAN To specify which VLAN s UDP Port Relay forwards traffic destined for a generic UDP service p...

Страница 507: ...the slot port information does not identify an actual port associated with the Circuit ID VLAN then the agent tries to deliever the packet back to the port where the device is located 5 If the slot po...

Страница 508: ...ing parameters are available with this command to specify the policy action drop The DHCP Option 82 data is dropped the default keep The existing Option 82 field information in the DHCP packet is reta...

Страница 509: ...how ip helper Displays the current forward delay time the maximum number of hops the forwarding option standard and each of the DHCP server IP addresses configured show ip helper statistics Displays t...

Страница 510: ...Verifying the DHCP Relay Configuration Configuring DHCP Relay page 21 18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 511: ...is no longer supported in this release In This Chapter This chapter describes VRRPv2 VRRPv3 and how to configure it through the Command Line Interface CLI CLI commands are used in the configuration e...

Страница 512: ...terval on page 22 21 VRRPv3 Virtual router priority see Configuring the VRRPv3 Virtual Router Priority on page 22 21 Preempting VRRPv3 virtual routers see Setting Preemption for VRRPv3 Virtual Routers...

Страница 513: ...m number of IP addresses per instance 16 Description Keyword Default Virtual router enabled or dis abled enable disable Virtual routers are disabled Priority priority 100 Preempt mode preempt no preem...

Страница 514: ...lts for VRRP include Default preempt mode for all the virtual routers in the group vrrp group preempt Parameter value that is to be set and or override with the new default value in all the virtual ro...

Страница 515: ...10 2 3 Note IP can be used as an optional parameter instead of Address in the above example 3 Repeat steps 1 through 2 on all of the physical switches that will participate in backing up the address...

Страница 516: ...onfigured with a virtual router VRID 1 which is associated with IP address A OmniSwitch A is the master router because it contains the physical interface to which IP address A is assigned OmniSwitch B...

Страница 517: ...a VLAN Each VRRP router may backup one or more virtual routers The VRRP router containing the physical interfaces to which the virtual router IP addresses are assigned is called the IP address owner...

Страница 518: ...be used to modify this behavior resulting in the VRRP virtual MAC being used as the source This command has no effect on VRRP advertisements which will always be sent using the VRRP virtual MAC as the...

Страница 519: ...rtual routers Configuring Collective Management Functionality This feature provides user with the flexibility to manage the virtual routers on the switch collectively and also the capability to group...

Страница 520: ...or information about configuring VRRP parameters see the remaining sections of this chapter Basic Virtual Router Configuration At least two virtual routers must be configured on the LAN a master route...

Страница 521: ...vrrp address command as described in the next section to specify an IP address or addresses To delete a virtual router use the no form of the vrrp command with the relevant VRID and VLAN ID For examp...

Страница 522: ...before interval Configuring Virtual Router Priority VRRP functions with one master virtual router and at least one backup virtual router A priority value determines the role each router plays It also...

Страница 523: ...es associated with the physical router always becomes the master router if it is available regardless of the preempt mode setting and the priority values of the backup routers In the above example th...

Страница 524: ...routers remain in the initialize state They will remain in this state until the timer expires at which point they will negotiate to determine whether to become the master or a backup To set a delay t...

Страница 525: ...r individually or via group This is because the configured values take priority over the default values For the modified default values to effect the virtual routers which are configured with a value...

Страница 526: ...onds priority as 150 and preempting mode as no preempt These parameters can be modified at any time but will not have any effect on the virtual routers in the group until you disable then apply the gr...

Страница 527: ...enables all the virtual routers in the group except the virtual routers that are disabled individually To enable all the virtual routers in the group including those which are disabled individually yo...

Страница 528: ...figuration for all virtual routers or for a particular virtual router show vrrp statistics Displays statistics about VRRP packets for all virtual routers configured on the switch or for a particular v...

Страница 529: ...Pv3 parameters see the remaining sections of this chapter Basic VRRPv3 Virtual Router Configuration At least two VRRPv3 virtual routers must be configured on the LAN a master router and a backup route...

Страница 530: ...with a priority of 75 and no preempt VRRPv3 advertisements will be sent at intervals of 200 centiseconds vrrp3 7 2 priority 75 no preempt interval 200 Note All VRRPv3 virtual routers with the same VRI...

Страница 531: ...dress and the virtual router MAC address In addition to creating duplicate IP MAC address messages both routers will begin forwarding packets sent to the virtual router MAC address This will result in...

Страница 532: ...there is more than one backup router and if the backup routers have priority values that are very nearly equal the skew time may not be sufficient to overcome delays caused by network traffic loads an...

Страница 533: ...again to modify the parameters For example vrrp3 7 3 admin state disable vrrp3 7 3 priority 200 vrrp3 7 3 admin state enable In this example VRRPv3 virtual router 7 on VLAN 3 is disabled The VRRPv3 vi...

Страница 534: ...ion about the displays that result from these commands see the OmniSwitch CLI Refer ence Guide show vrrp3 Displays the VRRPv3 virtual router configuration for all virtual routers or for a particular v...

Страница 535: ...ore a tracking policy for the virtual router can be added VRRP tracking does not override IP address ownership the IP address owner will always have prior ity to become master if it is available Assoc...

Страница 536: ...st in load balancing outgoing traffic The figure below shows two virtual routers with their hosts splitting traffic between them Half of the hosts are configured with a default route to virtual router...

Страница 537: ...he IP address is a virtual address the virtual router with the highest priority will become the master router In this scenario the master of VRID 1 will respond to ARP requests for IP address A using...

Страница 538: ...e master for virtual router 1 has a priority of 100 and the backup for virtual router 1 has a priority of 75 The virtual router configuration for VRID 1 and 2 on VRRP router A is as follows vrrp 1 5 p...

Страница 539: ...ented to 50 allowing backup router 1 to take over and provide connectivity for those workstations When port 3 1 on VRRP router A comes backup master 1 will take over again Note Preempt must be set on...

Страница 540: ...1 57 The CLI commands used to configure this setup are as follows 1 First create two VRRPv3 virtual routers for VLAN 5 Note that VLAN 5 must already be created and available on the switch vrrp3 1 5 vr...

Страница 541: ...uter MAC address for VRID 2 00 00 5E 00 02 02 OmniSwitch B is the master for VRID 2 since it contains the physical interface to which 213 100 1 57 is assigned If OmniSwitch B should become unavailable...

Страница 542: ...dmin state enable priority 50 port 3 1 vrrp3 1 5 track association 1 If port 3 1 on VRR3 router A goes down the master for virtual router A is still functioning but worksta tion clients 1 and 2 will n...

Страница 543: ...ning workload and flexibility you can tailor workload requirements individually to servers within a cluster In This Chapter This chapter describes the basic components of Server Load Balancing and how...

Страница 544: ...orms Supported OmniSwitch 10K 6900 Maximum number of clusters 16 Maximum number of physical servers per cluster 16 Layer 3 classification Destination IP address QoS policy condition Layer 2 classifica...

Страница 545: ...admin status Enabled Administrative status of physical servers in an SLB cluster ip slb server ip cluster Enabled Relative weight of a physical server in an SLB cluster ip slb server ip cluster 1 SLB...

Страница 546: ...h the ip slb server ip cluster command For example ip slb server ip 128 241 130 127 cluster WorldWideWeb ip slb server ip 128 241 130 109 cluster WorldWideWeb weight 4 ip slb server ip 128 241 130 115...

Страница 547: ...re the SLB cluster using the ip slb cluster command with the condition parameter For example ip slb cluster Intranet condition c1 3 Assign physical servers to the SLB condition cluster and specify a r...

Страница 548: ...4 255 255 255 255 2500 IP Dst TCP Port 80 An example of what the configuration commands look like entered sequentially on the command line policy network group SOURCE 100 0 0 1 100 0 0 2 100 0 0 3 10...

Страница 549: ...ervers with a loopback interface Condition A QoS policy condition name is assigned to the cluster virtual server Client requests that meet the criteria of the policy condition are bridged Layer 2 mode...

Страница 550: ...30 204 and sends to the appropriate physical server depending on configuration and the operational states of the physical servers The switch then transmits the requested data from the physical server...

Страница 551: ...nistrator a relative weight of 30 which is the largest weight in the SLB cluster called WorldWideWeb Server A handles twice as much traffic as Server C which has a weight of 15 three times the traffic...

Страница 552: ...ay link and ping status of physical servers These health checks performed by the switch are used by the SLB software to determine the operational states of servers The possible operational states are...

Страница 553: ...servers to a logical SLB cluster use the ip slb server ip cluster command which is described in Assigning Servers to and Removing Servers from a Cluster on page 23 14 Note Routing which is enabled by...

Страница 554: ...that uses VIP classification to bridge or route client requests to the cluster servers use the ip slb cluster command with the vip parameter For example to configure an SLB cluster called Web_Server w...

Страница 555: ...ould be created Note that the user configured policy condition associated with an SLB cluster is the condition used for the automatically configured SLB policy rule For example if you configured an SL...

Страница 556: ...an existing logical SLB cluster with the ip slb server ip cluster command by entering ip slb server ip the IP address of the server in dotted decimal format cluster and the name of the SLB cluster For...

Страница 557: ...page 23 16 Modifying the Ping Period You can modify this value with the ip slb cluster ping period command by entering ip slb cluster the name of the SLB cluster ping period and the user specified nu...

Страница 558: ...121 cluster Web_Server weight 5 Server weights are relative For example if Servers A and B have respective weights of 5 and 10 within a cluster Server A would get half the traffic of server B Since we...

Страница 559: ...led WorldWideWeb on line you would enter ip slb cluster WorldWideWeb admin state enable Taking an SLB Cluster Off Line You can take a Server Load Balancing SLB cluster off line with the ip slb cluster...

Страница 560: ...ck the health of logical clusters and physical servers Supported features include Support for server health monitoring using Ethernet link state detection Support for server health monitoring using IP...

Страница 561: ...0 255 11 127 that belongs to a cluster called WorldWideWeb enter ip slb server ip 10 255 11 127 cluster WorldWideWeb probe server_probe1 Modifying SLB Probes The following subsections describe how to...

Страница 562: ...erver_probe1 http retries 10 Configuring a Probe User Name To configure a user name sent to a server as credentials for an HTTP GET operation to verify the health of the server use the ip slb probe us...

Страница 563: ...onfigure an ASCII string sent to a server to invoke a response from it and to verify its health use the ip slb probe send command by entering ip slb probe followed by the user configured probe name th...

Страница 564: ...show ip slb cluster command provides detailed configuration information and statistics for individual SLB clusters To use the show ip slb cluster command enter the command followed by the name of the...

Страница 565: ...een similar to the following is displayed Cluster Web_Server VIP 10 123 11 14 Server 10 123 11 4 Admin weight 3 Admin status Enabled Oper status In Service Availability time 95 Ping failures 0 Last pi...

Страница 566: ...on a single probe enter show ip slb probes followed by the probe name as shown in the example below show ip slb probes phttp Probe phttp Type HTTP Period seconds 60 Timeout milliseconds 3000 Retries...

Страница 567: ...ng The switch then learns on which ports multicast group subscribers are attached and can intelligently deliver traffic only to the respective ports Alcatel Lucent s implementation of IGMP snooping is...

Страница 568: ...RFC 2710 Multicast Listener Discovery MLD for IPv6 RFC 2933 Internet Group Management Protocol MIB RFC 3019 IP Version 6 Management Information Base for The Multicast Listener Discovery Protocol RFC 3...

Страница 569: ...ement Protocol Version 3 IGMPv3 and Multicast Listener Discovery Protocol Version 2 MLDv2 for Source Specific Multicas Platforms Supported OmniSwitch 10K 6900 MLD Versions Supported MLDv1 MLDv2 MLD Qu...

Страница 570: ...Query Response Interval ip multicast query response interval 100 tenths of seconds IGMP Router Timeout ip multicast router timeout 90 seconds Source Timeout ip multicast source timeout 30 seconds IGM...

Страница 571: ...ing disabled MLD Version ipv6 multicast version version 1 MLD Query Interval ipv6 multicast query interval 125 seconds MLD Last Member Query Interval ipv6 multicast last member query interval 1000 mil...

Страница 572: ...ternet Group Management Protocol IGMP requests are received The network interfaces verify that a multicast packet is received by the switch on the source or expected port IPMS Example The figure on th...

Страница 573: ...Multicast Sparse Mode PIM SM and Dense Mode PIM DM which is described in PIM on page 24 8 Distance Vector Multicast Routing Protocol DVMRP which is described in DVMRP on page 24 8 The multicast routin...

Страница 574: ...DVMRP is a distributed multicast routing protocol that dynamically generates per source delivery trees based upon routing exchanges When a multicast source begins to transmit the multicast data is flo...

Страница 575: ...LI commands Enabling and Disabling IP Multicast Status IP Multicast Switching and Routing is disabled by default on a switch The following subsections describe how to enable and disable IP Multicast S...

Страница 576: ...ble Disabling the IGMP Querier forwarding You can disable the IGMP querier forwarding by entering ip multicast querier forwarding followed by the disable keyword For example to disable the IGMP querie...

Страница 577: ...iguring and Removing an IGMP Static Neighbor IGMP static neighbor ports receive all multicast streams on the designated VLAN and also receive IGMP reports for the VLAN The following subsections descri...

Страница 578: ...space the slot number of the port a slash and the port number For example to configure port 10 in slot 4 with designated VLAN 2 as an IGMP static querier you would enter ip multicast static querier vl...

Страница 579: ...group as an IPMS static group by entering ip multicast static group followed by vlan a space VLAN number which must be between 0 and 4095 a space followed by port a space and the link aggregation gro...

Страница 580: ...ery interval 60 You can also modify the IGMP query interval on the specified VLAN by entering ip multicast vlan 2 query interval 60 Restoring the IGMP Query Interval To restore the IGMP query interval...

Страница 581: ...member query interval To restore the IGMP last member query interval to its default value You can also restore the IGMP last member query interval on the specified VLAN by entering ip multicast vlan...

Страница 582: ...ter Timeout The default IGMP router timeout i e expiry time of IP multicast routers is 90 seconds The following subsections describe how to configure a user specified router timeout value and how to r...

Страница 583: ...ource timeout from 1 to 65535 seconds by entering ip multicast source timeout followed by the new value For example to set the source timeout to 360 seconds on the system if no VLAN is specified you w...

Страница 584: ...p multicast querying disable Or as an alternative enter ip multicast querying To restore the IGMP querying to its default setting You can also disable the IGMP querying on the specified VLAN by enteri...

Страница 585: ...cast robustness followed by the value 0 as shown below ip multicast vlan 2 robustness 0 Or as an alternative enter ip multicast vlan 2 robustness To restore the IGMP robustness to its default value En...

Страница 586: ...litates IP TV applications looking for quick changes between IP multicast groups is disabled on a switch The following subsections describe how to enable and disable IGMP zapping by using the ip multi...

Страница 587: ...er port Port settings override VLAN settings which override global settings If the maximum number of groups is reached an action can be configured to either drop the new member ship request or replace...

Страница 588: ...MLD requests are received The network interfaces verify that a multicast packet is received by the switch on the source or expected port IPMSv6 Example The figure on the following page shows an IPMSv...

Страница 589: ...resses Both MLDv1 and MLDv2 are supported Note See Configuring the MLD Version 2 on page 24 25 for information on configuring the IGMP version MLDv2 uses source filtering and reports multicast members...

Страница 590: ...ubsections describe how to enable and disable IPv6 Multicast by using the ip multicast helper address command Note If IPv6 Multicast switching and routing is enabled on the system the VLAN configurati...

Страница 591: ...keyword For example to disable the MLD querier forwarding on the system if no VLAN is specified you would enter ipv6 multicast querier forwarding disable Or as an alternative enter ipv6 multicast quer...

Страница 592: ...e VLAN The following subsections describe how to configure and remove a static neighbor port by using the ipv6 multicast max group command Configuring an MLD Static Neighbor You can configure a port a...

Страница 593: ...e the slot number of the port a slash and the port number For example to configure port 10 in slot 4 with designated VLAN 2 as an MLD static querier you would enter ipv6 multicast static querier vlan...

Страница 594: ...6 multicast static group followed by vlan a space VLAN number which must be between 0 and 4095 a space followed by port a space and the link aggregation group number For example to configure link aggr...

Страница 595: ...160 Restoring the MLD Query Interval To restore the MLD query interval to its default value on the system if no VLAN is specified use the ipv6 multicast query interval command by entering no ipv6 mul...

Страница 596: ...rval i e the time period to reply to an MLD query message is 10000 in milliseconds The following subsections describe how to configure the MLD query response interval and restore it by using the ipv6...

Страница 597: ...MLD router timeout to 360 seconds on the system if no VLAN is specified you would enter ipv6 multicast router timeout 360 You can also modify the MLD router timeout on the specified VLAN by entering i...

Страница 598: ...To restore the source timeout to its default value You can also restore the source timeout on the specified VLAN by entering ipv6 multicast vlan 2 source timeout 0 Or as an alternative enter ipv6 mul...

Страница 599: ...ess variable and restore it by using the ipv6 multicast robustness command Configuring the MLD Robustness Variable You can modify the MLD robustness variable from 1 to 7 on the system if no vlan is sp...

Страница 600: ...an also enable MLD spoofing on the specified VLAN by entering ipv6 multicast vlan 2 spoofing enable Disabling the MLD Spoofing To disable MLD spoofing on the system if no VLAN is specified you use the...

Страница 601: ...pping on the specified VLAN by entering ipv6 multicast vlan 2 zapping disable Or as an alternative enter ipv6 multicast vlan 2 zapping To restore the MLD zapping to its default setting Limiting MLD Mu...

Страница 602: ...up limit for a VLAN and replace any requests above the limit use the ip multicast vlan max group command as shown below ipv6 multicast vlan 10 max group 25 action replace To set the MLD group limit fo...

Страница 603: ...gure this network Note All the steps following Step 1 which must be executed first can be entered in any order 1 Enable IP Multicast Switching and Routing switch wide by entering ip multicast admin st...

Страница 604: ...w ip multicast querier commands to confirm your settings as shown below show ip multicast Status Enabled Querying Disabled Proxying Disabled Spoofing Disabled Zapping Disabled Querier Forwarding Disab...

Страница 605: ...s network Note All the steps following Step 1 which must be executed first can be entered in any order 1 Enable IP Multicast Switching and Routing switch wide by entering ipv6 multicast admin state en...

Страница 606: ...icast querier commands to confirm your settings as shown below show ipv6 multicast Status Enabled Querying Disabled Proxying Disabled Spoofing Disabled Zapping Disabled Querier Forwarding Disabled Ver...

Страница 607: ...or complete documentation on IPMS show commands show ip multicast Displays the general IP Multicast switching and routing configuration parameters on a switch show ip multicast group Displays all dete...

Страница 608: ...on IPMS show commands show ipv6 multicast Displays the general IPv6 Multicast switching and routing configuration parameters on a switch show ipv6 multicast group Displays all detected multicast grou...

Страница 609: ...hat is used for Layer 2 and Layer 3 4 filtering See Using Access Control Lists on page 25 63 This implementation of QoS integrates traffic management with QoS scheduling Embedded profiles apply the Qo...

Страница 610: ...figuring QoS page 25 2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 Traffic Policing and Shaping on page 25 22 QoS Defaults on page 25 34 Configuring QoS on page 25 38 Policy Applica...

Страница 611: ...5120 OS10K XNI U32S OS10K GNI C48E OS10K GNI U48E Maximum number of bandwidth policy rules 2560 OmniSwitch 10K 512 OmniSwitch 6900 Maximum number of validity periods 64 Maximum number of policy servic...

Страница 612: ...ministrator can gain more control over networks where different types of traffic or flows are in use or where network congestion is high Preferential treatment can be given to individ ual flows as req...

Страница 613: ...ority traffic See Congestion Manage ment on page 25 10 3 Congestion Avoidance Weighted Random Early Detection WRED is used for admission control and bandwidth management Packets that are not high prio...

Страница 614: ...ents For more information about output queue congestion management see Congestion Management on page 25 10 How Traffic is Classified and Marked The OmniSwitch provides the following tools and techniqu...

Страница 615: ...ation about filtering The Layer 3 classification of bridged traffic is no different from the classification of normal Layer 3 routed traffic Note that this implementation of QoS always performs Layer...

Страница 616: ...LAG PDUs Such packets go directly to the CPU via a set of queues without traversing the switch fabric In addition packets from the CPU go directly to local ports without going through the fabric The...

Страница 617: ...P 0K 50K No No ethernet 1 11 No Yes 0 0 802 1P 0K No No ethernet 1 12 No Yes 0 0 802 1P 0K No No ethernet Using Trusted Ports With Policies Whether or not the port is trusted is important if you want...

Страница 618: ...ework involves the following elements QSet instance QSI A QSI is a logical entity that refers to a set of eight queues Each port in the switch is automatically associated with a QSI On the OmniSwitch...

Страница 619: ...as they apply to unicast traffic is the same for both the OmniSwitch 10K and OmniSwitch 6900 See QSet Profiles on page 25 12 for more information Queue Set QSet Framework Unicast Traffic In this examp...

Страница 620: ...raffic The multicast queue framework is not user configurable in that there are no user configurable profiles However the type of profile assigned to a port can determine the class of service for mult...

Страница 621: ...en the port joined the LAG the port is associated with QSP 1 when it leaves the LAG The qos qsi qsp command is used to change the QSP for a specific QSet instance QSI For example qos qsi port 1 2 qsp...

Страница 622: ...0 0 0 Straight SP0 with starvation Queue ID Queue Type Scheduling Weight 802 1p ToS DSCP Notes 8 EF SP 20 X 5 X 5 5 6 Protected EF 7 WFQ7 6 WFQ 20 7 6 7 6 7 x 6 x WFQ 6 WFQ5 WFQ 12 5 5 5 x WFQ 5 WFQ4...

Страница 623: ...icast UC 0 7 108 Cos 7 CPU Generated Packets 127 maximum weight For example When sending two streams of 100 MC Lower Priority and 100 MC Higher Priority the distribu tion should be 10 and 50 packets w...

Страница 624: ...Robin WRR Profiles Note Wn Weight of UCn Avg Wn Wm Average of Weights of UCn UCm Queues Priority Precedence UC7 7 Highest MC3 7 6 UC6 6 UC5 5 MC2 5 4 UC4 4 UC3 3 MC1 3 2 UC2 2 UC1 1 MC0 1 0 UC0 0 Lowe...

Страница 625: ...ng unicast queue behavior For example DCB Profile 1 TC 0 Priority 0 3 TC 1 Priority 4 5 TC 2 Priority 6 7 TC 0 has UC0 through UC3 in Round Robin so MC0 priority 0 and 1 and MC1 priority 2 and 3 will...

Страница 626: ...on the egress port speed thus providing efficient use of the fabric bandwidth The following diagram shows the components within the system that provide the QoS features and input based queuing using...

Страница 627: ...because egress bandwidth capacity is checked before packets are sent across the switch adverse traffic patterns do not disrupt rate guarantees OmniSwitch 10K Queue Size The queue size is an aggregate...

Страница 628: ...pplied to ingress traffic using a QoS policy rule see Configuring Tri Color Marking on page 25 24 for more information Note that all packets that are not marked with a specific color are treated as gr...

Страница 629: ...hen congestion of green yellow and red traffic occurs without WRED green has the highest prece dence and red and yellow are dropped When congestion of yellow and red traffic occurs without WRED yellow...

Страница 630: ...d determines the delay a packet may experience while wait ing for the queue to clear out other packets that arrived first To verify the WRED profile configuration use the show qos wrp command For exam...

Страница 631: ...hat defines and applies the shaping and scheduling configuration for each VOQ in the QSet See Congestion Management on page 25 10 for more information Tri Color Marking This implementation of a Tri Co...

Страница 632: ...using the following QoS policy action command parameters cir Committed Information Rate in bits per second cbs Committed Burst Size in bytes pir Peak Information Rate in bits per second pbs Peak Burs...

Страница 633: ...ingle Rate TCM srTCM mode To configure the meter to operate in the Two Rate TCM trTCM mode use the pir parameter and specify a peak information rate value that is greater than the committed informatio...

Страница 634: ...lly so that DEI bit marking and mapping is enabled for all ports Individual ports can be configured to override the global setting Configuring the DEI Bit Setting By default DEI bit marking egress and...

Страница 635: ...idth policy Although bandwidth policies are applied to ingress ports it is possible to specify a destination port or destination port group in a bandwidth policy as well Doing so effects egress rate l...

Страница 636: ...s port maxi mum egress bandwidth and qos port maximum ingress bandwidth CLI commands For more informa tion about these commands see the OmniSwitch CLI Reference Guide Note the following when configuri...

Страница 637: ...ection discusses policy configuration using the CLI For information about using WebView to configure the switch see the OmniSwitch AOS Release 7 Switch Management Guide For information about configuri...

Страница 638: ...ports are always untrusted by default For information about configuring ports with 802 1Q see Chapter 4 Configuring VLANs LDAP Policy Management Policies can also be configured through the PolicyView...

Страница 639: ...s can be combined in Layer 2 Layer 3 and Layer 4 conditions In a given rule ToS or DSCP can be specified for a condition with priority specified for the action Individual items and their corresponding...

Страница 640: ...ions Table ACL disposition accept drop deny Priority CoS 802 1p ToS DCSP Stamping and Mapping only applies to the outer 802 1p value cannot modify the inner value Maximum Bandwidth Maximum Depth Tri C...

Страница 641: ...row represents a policy condition or conditions combined with the policy action or actions in the same row Mirroring Yes Yes Yes Yes Yes Yes No Yes N A Policy Condition Action Combinations Conditions...

Страница 642: ...level 5 Number of lines in QoS log qos log lines 10000 Whether log messages are sent to the console qos log console no Whether log messages are avail able to OmniVista applications qos forward log no...

Страница 643: ...gement Defaults The following are the default QSet and queue profile settings applied with QSP 1 on the OmniSwitch 10K The following are the default drop precedence settings applied with WRP 1 on the...

Страница 644: ...le command Port QSI Default QSP 1 Admin Status Enabled WRP 1 Admin Status Disabled Statistics Admin Status Disabled Statistics Interval 10 seconds Bandwidth 100 QSP 1 Default Bandwidth 100 WRED Profil...

Страница 645: ...lt network group called switch that includes all IP addresses configured for the switch itself This default network group can be used in policies See Creating Network Groups on page 25 54 for more inf...

Страница 646: ...ou do not need to change the port defaults See QoS Port Defaults on page 25 34 for a list of port defaults See Classification on page 25 6 and Traffic Policing and Shaping on page 25 22 for informatio...

Страница 647: ...ng the QoS Log The QoS software in the switch creates its own log for QoS specific events You can modify the number of lines in the log or change the level of detail given in the log The PolicyView ap...

Страница 648: ...t reboot Log Detail Level To change the level of detail in the QoS log use the qos log level command The log level determines the amount of detail that is given in the QoS log The qos log level comman...

Страница 649: ...ommand For more information about the qos apply command see Applying the Configuration on page 25 71 Use the swlog output command to configure switch logging to output logging events to the console No...

Страница 650: ...e network interfaces for QoS statistics use the qos stats interval command with the desired interval time in seconds The default is 60 seconds For example qos stats interval 30 Statistics are displaye...

Страница 651: ...icy rule configured through the CLI but it cannot be modified through the CLI Policies are not used to classify traffic until the qos apply command is entered See Applying the Config uration on page 2...

Страница 652: ...d saved in an ASCII file typically through the snapshot command the commands included in the file include syntax indicating the origin of the command The origin specifies where the rule condition cond...

Страница 653: ...up options in this command refer to groups of addresses services or ports that you config ure separately through policy group commands Rather than create a separate condition for each address service...

Страница 654: ...Policy Actions This section describes how to configure policy actions in general Creating policy actions for particular types of network situations is described later in this chapter To create or modi...

Страница 655: ...e ERROR a6 is being used by rule my_rule In this case the action is not deleted The action a6 must first be removed from the policy rule my_rule See Creating Policy Rules on page 25 47 for more inform...

Страница 656: ...d with a rule using the policy rule command For example the following commands create a validity period named vp01 and associate it with rule r01 policy validity period vp01 hours 13 00 to 19 00 days...

Страница 657: ...rule and both rules have the same precedence value the rule that was configured first in the list takes precedence Specifying Precedence for a Particular Rule To specify a precedence value for a parti...

Страница 658: ...which a policy list is applied is determined by the type of list that is configured There are two types of policy lists Default This list is always available on every switch and is not configurable By...

Страница 659: ...rules first before attempting to create a list The policy list rules command requires that the specified policy rules must already exist in the switch configuration See Creating Policies on page 25 4...

Страница 660: ...ist at the time the rule was created The following command removes the rule from the default list policy rule r2 condition c1 action a1 no default list To add an existing rule to the default list use...

Страница 661: ...uration 1 Create the group and group entries In this example a network group is created policy network group netgroup1 10 10 5 1 10 10 5 2 2 Attach the group to a policy condition For more information...

Страница 662: ...ecified so the IPv4 addresses are assumed to be host addresses policy network group netgroup2 10 10 5 1 10 10 5 2 In the next example a policy network group called netgroup3 is created with two IPv4 a...

Страница 663: ...ommand With this command there are two different methods for configuring a service You can specify the protocol and the IP port or you can use shortcut keywords The following table lists the keyword c...

Страница 664: ...te the service group which includes the policy service s Use the policy service group command For example policy service group serv_group telnet1 ftp2 In this example a policy service group called ser...

Страница 665: ...ing MAC Groups MAC groups are made up of multiple MAC addresses that you want to attach to a condition To create a MAC group use the policy mac group command For example policy mac group macgrp2 08 00...

Страница 666: ...the built in groups use the show policy port group command To create a port group use the policy port group command For example policy port group techpubs 2 1 3 1 3 2 3 3 The port group can then be a...

Страница 667: ...ys information about all pending and applied policy network groups or a particular network group Use the applied keyword to dis play information about applied groups only show policy service Displays...

Страница 668: ...information about map groups and how to set them up see How Map Groups Work on page 25 61 and Creating Map Groups on page 25 61 policy map group tosGroup 1 2 5 4 5 5 6 7 2 Attach the map group to a po...

Страница 669: ...same map group but instead specifies mapping 802 1p to ToS policy action Map2 map tos to 802 1p using Group2 In this case if ToS traffic comes into the switch and matches a policy that specifies the M...

Страница 670: ...n this case remove the map group from the action then enter the no policy map group command policy action tosMap no map group no policy map group tosGroup The map group is deleted at the next qos appl...

Страница 671: ...s spoofing ICMP drop rules and TCP connection rules Layer 2 ACLs Layer 2 filtering filters traffic at the MAC layer Layer 2 filtering can be done for both bridged and routed packets As MAC addresses a...

Страница 672: ...icy port group VoIP 1 4 6 1 8 2 3 5 policy condition p0 destination port group VoIP policy condition p1 destination port group VoIP policy condition p2 destination port group VoIP policy condition p3...

Страница 673: ...P address of 192 68 82 0 a source IP port of 23 using protocol 6 matches condi tion addr2 which is part of FilterL31 The action for the filter Block is set to deny traffic The flow is dropped on the s...

Страница 674: ...IPv6 traffic as it is for IPv4 traffic IPv6 policies do not support the use of network groups service groups map groups or MAC groups IPv6 multicast policies are not supported Anti spoofing and other...

Страница 675: ...le for improving network security and preventing mali cious activity on the network UserPorts A port group that identifies its members as user ports to prevent source address spoofing of IP and ARP tr...

Страница 676: ...ministratively shutdown to block all traffic By default spoofed traffic is filtered on user ports To specify additional types of traffic to look for on these ports and select how the port deals with s...

Страница 677: ...n is considered established The following is an example ACL policy using the established condition parameter policy condition c destination ip 192 168 10 0 mask 255 255 255 0 established policy condit...

Страница 678: ...ide June 2013 Note that if a flag is specified on the command line after the any or all keyword then the match value is one If the flag only appears as part of the mask then the match value is zero Se...

Страница 679: ...ommands become active immediately Other global commands must specifically be applied The commands are listed in the following table Port and Policy Commands All port parameters and policy parameters m...

Страница 680: ...ample there are two new pending policies and three applied policies If you enter qos flush the configuration then looks like In this scenario you can do one of two things To write the applied policies...

Страница 681: ...group Displays information about all pending and applied policy network groups or a particular network group Use the applied keyword to dis play information about applied groups only show policy servi...

Страница 682: ...zation and bandwidth policing can be the most common types of QoS policies For these policies any condition can be created the policy action indicates how the traffic must be prioritized or how the ba...

Страница 683: ...the traffic from Network 1 first create a condition for the traffic that you want to prioritize In this example the condition is called ip_traffic Then create an action to priori tize the traffic as...

Страница 684: ...irected flow then redirected packets are the final post routing packets If a route does not exist for the redirected flow the flow is not redirected to the specified port or link aggregate ID and is b...

Страница 685: ...the following regarding the use and configuration of mirroring policies Only one policy based MTP session is supported at any given time As a result all mirroring policies must specify the same desti...

Страница 686: ...n 802 1p value of 5 policy condition my_condition source ip 10 10 3 0 mask 255 255 255 0 policy action my_action 802 1p 5 policy rule marking condition my_condition action my_action In the next exampl...

Страница 687: ...n source or destination IP address source or destination network group source or destination TCP UDP port a service or service group IP protocol or built in source port group Traffic can be redirected...

Страница 688: ...way ip 173 5 1 254 policy rule Redirect_All condition Traffic3 action Firewall Note that the functionality of the firewall is important In the example the firewall is sending the traffic to be routed...

Страница 689: ...ample illustrates how ACLs can be used to select a subset of the source IP address to be matched and then routed to various gateway IP addresses using conditions actions and rules The next hop gateway...

Страница 690: ...8 policy rule r8 condition c8 action a8 qos apply Note the following regarding the use and configuration of IPv4 non contiguous masks Automatic resolution via Address Resolution Protocol ARP for next...

Страница 691: ...twork Configuration Guide June 2013 page 25 83 IPv6 example using an IPv6 gateway address policy condition c9 source ipv6 2000 1 mask e000 7 policy action a9 permanent gateway ipv6 2607 f0d0 2001 000a...

Страница 692: ...Policy Applications Configuring QoS page 25 84 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 693: ...n the switch When policies are created on the directory server through PolicyView the PolicyView application automatically configures the switch to communicate with the server This chapter includes in...

Страница 694: ...10K 6900 LDAP Policy Servers RFCs Supported RFC 2251 Lightweight Directory Access Protocol v3 RFC 3060 Policy Core Information Model Version 1 Specification Maximum number of policy servers supported...

Страница 695: ...S policies stored on an LDAP server and QoS policies configured directly on the switch For more information about creating policies directly on the switch see Chapter 25 Configuring QoS Information ab...

Страница 696: ...ding policies to the switch By default policy servers are enabled to download policies To disable a server use the policy server command with the admin state keyword and disable option policy server 1...

Страница 697: ...reen policy server 10 10 2 3 policy server 10 10 2 3 port number 5000 show policy server Server IP Address port enabled status primary 1 10 10 2 3 389 Yes Up X 2 10 10 2 3 5000 No Down To remove an en...

Страница 698: ...sable SSL use no ssl with the command policy server 10 10 2 3 no ssl SSL is disabled for the 10 10 2 3 policy server No additional policies can be saved to the directory server from the PolicyView app...

Страница 699: ...applied from PolicyView or vice versa it activates all current configuration For more information about configuring policies through the CLI see Chapter 25 Configuring QoS Verifying the Policy Server...

Страница 700: ...Verifying the Policy Server Configuration Managing Policy Servers page 26 8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 701: ...iations with Shortest Path Bridging SPB services based on the VLAN ID contained in device packets Default profile classification for untagged traffic or traffic not classified through other methods Ba...

Страница 702: ...10K 6900 Number of UNPs per switch 4K includes static and dynamic profiles Number of UNP users per switch 2K Authentication type MAC based authentication Profile type VLAN or Shortest Path Bridging S...

Страница 703: ...tomer Domain ID assignment unp unp customer domain 0 The MAC authentication status for the UNP port unp mac authentication Disabled Alternate pass UNP for MAC authentication unp mac authentication pas...

Страница 704: ...ists on page 27 7 unp name serverA qos policy list name serverA_rules Note Verify the UNP profile configuration using the show unp command For example show unp Name Vlan Policy List Name serverA 500 s...

Страница 705: ...ent based on UNP authentication and classification unp port 1 10 25 enable 2 Use the unp default vlan profile command to designate an existing profile as the default UNP for the port Devices are assig...

Страница 706: ...es are applied to traffic received on that port to determine the UNP VLAN assignment for the traffic The following quick steps provide a brief tutorial for configuring classification rules 1 To config...

Страница 707: ...twork Profiles UNP is done to further enforce device access to network resources A policy list consists of one or more QoS policy rules the list is assigned a name which is used to associate the list...

Страница 708: ...AOS Release 7 Network Configuration Guide June 2013 Verify the UNP association for the policy list using the show unp command show unp Name Vlan Policy List Name Sales 100 list1 Guest_user 1000 temp_r...

Страница 709: ...e based on the Provider Backbone Bridge Network PBBN architecture This type of profile creates an associa tion between device traffic that is classified into the profile and a SPB service access point...

Страница 710: ...amic profiles are saved in the switch configuration and profile attributes are configurable in the same manner as manually created profiles Service Profiles UNP service classification profiles are man...

Страница 711: ...he service profile does not exist the dynamic SAP is not created UNP also provides dynamic SAP configuration for UNP access port traffic that is not classified by a UNP service profile Because there i...

Страница 712: ...service Customer Domains UNP customer domains provide an additional method for segregating device traffic A domain is identi fied by a numerical ID which can be assigned to UNP ports and profile class...

Страница 713: ...requires no agent or special protocol on the device the source MAC address of the device is veri fied through a remote RADIUS server Additional methods for UNP classification include the following UNP...

Страница 714: ...ication and classification are disabled on a UNP port traffic received on that port is blocked unless a default UNP or trust VLAN tag is configured for that port Rule Type and Precedence When UNP port...

Страница 715: ...determine the dynamic VLAN or SPB service assignment for devices connected through the UNP ports When UNP is enabled on a switch port the following device classification process is triggered when the...

Страница 716: ...ication A C B D Tagged packets are blocked in tagged VLAN Untagged packets are blocked in the default VLAN RADIUS server configured Default UNP exists UNP exists Trust VLAN enabled and packet is tagge...

Страница 717: ...ic VLAN In this case the remote chassis will do following If there is no profile with this advertised VLAN then the request to convert is dropped If there is a profile with this advertised VLAN but th...

Страница 718: ...VLAN is dropped If there is a profile with this advertised VLAN but the VLAN doesn t exist then the VLAN is created as a UNP dynamic VLAN If there is a profile with this advertised VLAN and the VLAN t...

Страница 719: ...a profile with this advertised VLAN but the VLAN doesn t exist then the VLAN is created as a UNP dynamic VLAN If there is a profile with this advertised VLAN and the VLAN type is MVRP this VLAN is con...

Страница 720: ...his advertised VLAN and the VLAN type is MVRP the VLAN is converted to a UNP dynamic VLAN 3 In a MCLAG configuration after the UNP dynamic profile is created in the local chassis a request is sent to...

Страница 721: ...n enabled enabled Send MAC to RADIUS server for authentication A B Tagged packets are blocked in tagged VLAN Untagged packets are blocked in the default VLAN RADIUS server configured Default UNP exist...

Страница 722: ...the switch will filter the packets intended for the SAP The SAP already exists but is attached to a different I SID BLVAN Switch resources are not available or configuration limits have reached the m...

Страница 723: ...ta Center Switching Guide Learned Port Security The UNP and Learned Port Security LPS features are supported on the same port with the following conditions When LPS is enabled or disabled on a UNP por...

Страница 724: ...guring a MCLAG VIP interface for a dynamic UNP VLAN is not allowed For more information about UNP interaction with MCLAG see Chapter 10 Configuring Multi chassis Link Aggregation Multiple VLAN Registr...

Страница 725: ...nly the policy rules in the list are applied to traffic from devices to which the profile was applied Any default list policy rules are not applied in this case If a QoS policy list is not specified f...

Страница 726: ...s sent to OmniVista and OmniVista will make the necessary notifications and network modifications Shortest Path Bridging The OmniSwitch supports both a VLAN and service domain for traffic classificati...

Страница 727: ...ling Dynamic VLAN Configuration on page 27 38 Enable or disable dynamic configuration of VLAN classification profiles A dynamic profile is created only when specific traffic conditions occur on UNP br...

Страница 728: ...ticating non supplicants on UNP ports The servers specified with this command must already be configured through the aaa radius server command The following example command specifies authentication se...

Страница 729: ...on the UNP port The configuration of UNP port parameters described in this section is only allowed on UNP enabled switch ports Make sure UNP is enabled first before attempting to configure any UNP por...

Страница 730: ...more information about configuring VLAN and service profiles see Configuring Profiles on page 27 33 Enabling Classification By default when UNP is enabled on the port classification is disabled This m...

Страница 731: ...Device traffic received on the port does not match any UNP classification rules On bridge ports only The UNP VLAN obtained from the matching classification rule does not exist in the switch configura...

Страница 732: ...device traffic is blocked on that port Assigning a Customer Domain ID This implementation of UNP supports assigning UNP ports to a customer domain A customer domain is identified by a numerical ID val...

Страница 733: ...ive or does not already exist in the switch configuration is allowed However the list will remain inactive for the UNP until the list is enabled or configured using the QoS policy list commands see Co...

Страница 734: ...port If so a SAP is assigned using the VLAN tag values of the traffic If not the traffic is learned as filtering on the port Two other configurable service profile attributes include specifying the mu...

Страница 735: ...namic profile configuration enable Use the disable option with the dynamic profile configuration command to disable this functionality For example unp dynamic profile configuration disable Dynamic pro...

Страница 736: ...hes more than one rule MAC address VLAN tag MAC address MAC address range VLAN tag MAC address range IP address VLAN tag IP address VLAN tag When a classification rule is removed or modified all MAC a...

Страница 737: ...vice is assigned to the profile To create a UNP policy list use the policy list command to specify a list name and then use the policy list rules command to specify the names of one or more existing Q...

Страница 738: ...for the switch To enable this functionality use the unp dynamic vlan configuration command unp dynamic vlan configuration enable Use the disable option with the dynamic vlan configuration command to...

Страница 739: ...enable vlan 451 admin state enable vlan 777 admin state enable vlan 887 888 admin state enable DA UNP unp dynamic vlan configuration enable unp name temp1 vlan 450 unp name unpTemp vlan 10 unp name u...

Страница 740: ...To create this type of UNP use the unp auth server down unp command unp auth server down unp down_unp After a device is classified into the VLAN for this UNP an attempt to re authenticate the device...

Страница 741: ...lied Universal Network Profile Application Example As soon as the network devices connected to the UNP ports start sending traffic the switch applies the UNP port and profile configuration to determin...

Страница 742: ...ith VLAN 10 and a MAC classification rule using the unp vlan profile and unp classification mac address commands unp name unp1 vlan 10 unp classification mac address 11 11 11 11 11 11 3 Configure UNP2...

Страница 743: ...ofile rules to classify traffic unp port 1 1 10 classification enable 5 Configure a default UNP if necessary using the unp default vlan profile command This UNP is applied when all other options fail...

Страница 744: ...fig uration status for the UNP component by displaying Sync Out of Sync or Local show unp global configuration Dynamic Vlan Configuration Enabled MC Conf Status Sync Dynamic Profile Configuration Enab...

Страница 745: ...h multi chassis peer switch the device MAC address was learned show unp user Total users 3 User Learning Port Username Mac address IP Vlan UNP Status Source 1 1 00 00 00 00 00 01 00 00 00 00 00 01 10...

Страница 746: ...Verifying the UNP Configuration Configuring Universal Network Profiles page 27 46 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 747: ...ministrator can obtain more detailed information about protocols running on a specific device or make sure that certain QoS actions are automatically applied wherever an application might be running I...

Страница 748: ...ise stated in the following specifications table or specifically noted within any other section of this chapter Note that any rate limit specifications provided in this table are subject to available...

Страница 749: ...application signature app fingerprint trap Disabled Application REGEX Signatures App Name bgp Description Border Gateway Protocol xff xff xff xff xff xff xff xff xff xff xff xff xff xff xff xff x01 x...

Страница 750: ...ransfer Protocol 220 x09 x0d e smtp simple mail App Name ssh Description Secure Shell ssh 12 0 9 App Name vnc Description Virtual Network Computing rfb 00 1 9 00 0 9 x0a Application Groups App Group c...

Страница 751: ...n Fingerprint ing Modes on page 28 7 for more information 3 Optional By default the app regex txt file located in the flash app signature directory on the switch contains the REGEX signatures to which...

Страница 752: ...egate triggers the sampling of IP packets on that port or aggregate The sampled IP packets are compared against REGEX application signatures stored in the default app regex txt file located in the fla...

Страница 753: ...the Monitoring Mode When a port is configured to operate in AFP monitoring mode the name of an application group of signa tures is specified This triggers the switch to sample ingress IP packets on t...

Страница 754: ...th the UNP policy condition c1 appfp group p2p policy action a1 disposition drop policy rule r1 condition c1 action a1 no default list policy list list1 type unp policy list list1 rules r1 qos apply u...

Страница 755: ...AC VLAN Dest IP Src IP Dest Port Src Port Each database entry is subject to a 15 minute aging period If the database fills up older entries are aged out before the 15 minute limit fast aging However f...

Страница 756: ...sources especially when the QoS and or UNP modes are running on AFP ports A QoS policy list is used by the AFP QoS and UNP modes to specify the name of an application group of signatures to apply to A...

Страница 757: ...different application groups for each mode to avoid conflicts or inconsistencies in how traffic is processed For example if monitoring mode is set to use application group named appgroup1 then config...

Страница 758: ...gs or the REGEX signature text file from the switch To enable AFP functionality use the app fingerprint admin state command with the enable option For example app fingerprint admin state enable When g...

Страница 759: ...ingerprint signature file net regex txt Verifying the REGEX Signature Filename The show app fingerprint configuration command displays the name of the REGEX signature filename that AFP is using for pa...

Страница 760: ...packet not from the beginning of the packet payload The or any combination of the three characters may not work properly on hex value data in the packet payload for example the may not work properly...

Страница 761: ...col REGEX signature TRTPHOTL x01 x02 App Name jabber Description open instant messenger protocol REGEX signature stream stream x09 x0d x09 x0d xmlns jabber App Name sip Description Session Initiation...

Страница 762: ...ack xc0 xa8 x05 xca x01 x00 example x04fake App name Apache mod_cache DoS Description Apache Headers mod_cache DoS Cache x2dControl max x2dage x3d s x2dmaxage x3d max x2dstale x3d max x2dage x3d min x...

Страница 763: ...nitor app group my p2p app fingerprint linkagg 10 monitor app group my p2p In this example ports 2 1 through 2 5 and aggregate 10 are configured as AFP ports that will pattern match and monitor ingres...

Страница 764: ...st name with the AFP port but the UNP mode uses a policy list assigned to a UNP associated with traffic received on the AFP port The monitoring mode does just that monitors application group traffic b...

Страница 765: ...neration and the name of the REGEX signature file currently in use show app fingerprint port Displays the AFP port configuration for the switch including the opera tional mode and application group ap...

Страница 766: ...Verifying the AFP Configuration Configuring Application Fingerprinting page 28 20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 767: ...must be configured on the servers but it primarily addresses configuring the switch through the Command Line Interface CLI to communicate with the servers to retrieve authentication information about...

Страница 768: ...789 Connectionless Lightweight X 5000 Directory Access Protocol RFC 2247 Using Domains in LDAP X 500 Distinguished Names RFC 2251 Lightweight Directory Access Protocol v3 RFC 2252 Lightweight Director...

Страница 769: ...ion Servers Defaults for the aaa ldap server command are as follows Description Keyword Default Number of retries on the server before the switch tries a backup server retransmit 3 Timeout for server...

Страница 770: ...ration by entering the show aaa server command For example show aaa server Server name rad1 Server type RADIUS IP Address 1 10 10 2 1 IP Address 2 10 10 3 5 Retry number 3 Timeout in sec 2 Authenticat...

Страница 771: ...he same type configured through the aaa radius server aaa tacacs server and aaa ldap server commands respectively In addition each authentication method Authenticated Switch Access Authenticated VLANs...

Страница 772: ...is then used for user authentica tion and the RADIUS server is used for user authorization The switch polls the server for login information and checks the switch for privi lege information LDAP or T...

Страница 773: ...llowing tables list RADIUS server attributes 1 39 and 60 63 their descriptions and whether the Alcatel Lucent RADIUS client in the switch supports them Attribute 26 is for vendor specific informa tion...

Страница 774: ...Not supported These attributes are used for dial up sessions not applicable to the RADIUS client in the switch 24 State Sent in challenge response packets 25 Class Used to pass information from the s...

Страница 775: ...users on VLAN 23 can use Ethernet II or SNAP encapsulation Authenticated users on VLAN 24 can use IPX with Ethernet II Num RADIUS VSA Type Description 1 Alcatel Lucent Auth Group integer The authentic...

Страница 776: ...Type Four values must be included in the dictionary file 1 acct start 2 acct stop 6 failure and 7 acct on Start and stop correspond to login logout The accounting on message is sent when the RADIUS c...

Страница 777: ...nter the server name and the desired parameter to be modified aaa radius server rad1 key mozart If you are modifying the server and have just entered the aaa radius server command to create or modify...

Страница 778: ...uring authentication if a user is not found on the primary TACACS server the authentication fails The client does not try to authenticate with the other servers in a multiple server configuration If t...

Страница 779: ...s otna Note that the shared secret must be configured exactly the same as on the server aaa tacacs server tac1 host 10 10 5 2 10 10 5 5 key otna To modify a TACACS server enter the server name and the...

Страница 780: ...n Server 1 Install the directory server software on the server 2 Copy the relevant schema LDIF files from the Alcatel Lucent software CD to the configuration direc tory on the server Each server type...

Страница 781: ...ons to send various media file types such as JPEG graphics through electronic mail An LDIF file entry used to define an organizational unit would look like this dn distinguished name objectClass top o...

Страница 782: ...often a number of attributes that are defined by values Object classes define all required and optional attributes a set of object classes is referred to as a schema As a minimum every entry must incl...

Страница 783: ...scope The filters are used to test the existence of object class attributes and enable LDAP to emulate a read of entry listings during the searches All search preferences are implemented by means of a...

Страница 784: ...f any web browser just as HTTP or FTP URLs are entered When LDAP searches are initiated LDAP checks the validity of the LDAP URLs parsing the various components contained within the URLs to process th...

Страница 785: ...irectory servers refer to the vendor specific instructions base_dn DN of directory entry where search is initiated attributes Attributes to be returned for entry search results All attributes are retu...

Страница 786: ...ons must be configured before the aaa ldap server command is configured Vendor Specific Attributes for LDAP Servers The following are Vendor Specific Attributes VSAs for Authenticated Switch Access an...

Страница 787: ...hentication keys The alp2key application is supplied in two versions one for Unix Solaris 2 5 1 or higher and one for Windows NT 4 0 and higher To configure the bop shakey or bop md5key attributes on...

Страница 788: ...e directory servers for billing purposes The following sections describe accounting server attributes AccountStartTime User account start times are tracked in the AccountStartTime attribute of the dir...

Страница 789: ...e client entered to log in variable length digits Fields For Layer 2 Authentication Only Number of bytes received on the port during the client session from log in to log out variable length digits Nu...

Страница 790: ...LDAP server Dynamic entries are stored in the LDAP enabled directory server database from the time the user successfully logs in until the user logs out The entries are removed when the user logs out...

Страница 791: ...he server Note The server must be configured with the appropriate schema before the aaa ldap server command is configured The keywords for the aaa ldap server command are listed here Field Possible Va...

Страница 792: ...thentication Server A Secure Socket Layer SSL can be set up on the server for additional security When SSL is enabled the server identity is authenticated The authentication requires a certificate fro...

Страница 793: ...name no aaa ldap server topanga5 The topanga5 server is removed from the configuration Verifying the Authentication Server Configuration To display information about authentication servers use the fol...

Страница 794: ...Verifying the Authentication Server Configuration Managing Authentication Servers page 29 28 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 795: ...Network ports of a unidirectional port mapping session can be shared with other unidirectional sessions but cannot be shared with any sessions configured in the bidirectional mode Network ports of dif...

Страница 796: ...ork port 1 3 2 Enable the port mapping session with the port mapping command For example port mapping 8 enable Note You can verify the configuration of the port mapping session by entering show port m...

Страница 797: ...mapping session 3 with network ports of link aggregation group 7 to 9 enter port mapping 3 network port linkagg 7 port mapping 3 network port linkagg 8 port mapping 3 network port linkagg 9 You can s...

Страница 798: ...the user ports of a port mapping session from all the switch ports To disable this flooding and to receive traffic from only the network ports enter port mapping 5 unknown unicast flooding disable Co...

Страница 799: ...rt mapping sessions In the network diagram the Switch A is configured as follows Port mapping session 1 is created with user ports 2 1 2 2 and network ports 1 1 1 2 and is configured in the unidirecti...

Страница 800: ...port mapping 1 unidirectional 2 Create two port mapping sessions on Switch A using the following commands port mapping 1 user port 2 1 2 network port 1 1 2 port mapping 2 user port 3 1 3 network port...

Страница 801: ...e methods for handling unauthorized traffic administratively disable the LPS port stop all traffic on the port port remains up or only block traffic that violates LPS criteria In This Chapter This cha...

Страница 802: ...r LPS port 1000 Maximum number of filtered MAC addresses allowed per LPS port 100 Maximum number of configurable MAC address ranges per LPS port 1 Parameter Description Command Default LPS status for...

Страница 803: ...umber of learned MAC addresses allowed on the same ports to 25 using the following command port security port 1 6 8 maximum 25 3 Configure the amount of time in which source learning is allowed on all...

Страница 804: ...e 7 Network Configuration Guide June 2013 To verify the new source learning time limit value use the show port security learning window command For example show port security learning window Learning...

Страница 805: ...traffic is received all traffic is stopped LPS functionality is supported on the following port types Fixed 802 1Q tagged Universal Network Profile UNP The following port types are not supported Link...

Страница 806: ...Filtered MAC addresses that are dynamically learned as filtered address up to the maxi mum number of filtered addresses allowed on the LPS port How LPS Authorizes Source MAC Addresses When a packet is...

Страница 807: ...o change LPS admin disable No change No change Flushed Flushed Enable after disable No change No change Flushed Flushed LPS admin locked No change No change No change No change Enable after locked No...

Страница 808: ...arning Window on page 31 12 for more information Use the LPS port security convert to static command to manually convert all dynamic addresses on a specific port to static MAC addresses Note Staticall...

Страница 809: ...d on the same port UNP first authenticates and classifies any MAC addresses received then LPS rules are applied If a MAC address violates any of the LPS rules for the port the address may get filtered...

Страница 810: ...addresses allowed on an LPS port This procedure is described in Configuring an Authorized MAC Address Range on page 31 15 Specifying whether or not an LPS port shuts down all traffic or only restricts...

Страница 811: ...port security 5 21 24 admin state disable To disable all the LPS ports on a chassis use the port security chassis admin state command as shown port security chassis admin state disable When LPS is dis...

Страница 812: ...if the number of bridged addresses learned does not exceed the maximum allowed However after the window has closed the switch will continue to learn dynamic filtered MAC addresses until the maximum nu...

Страница 813: ...Cs to static MACs is disabled To enable this option for the learning window use the following command port security learning window 30 convert to static enable The following command disables this opti...

Страница 814: ...idged MAC addresses the port must learn before a trap is sent Once this value is reached a trap is sent for every MAC learned thereafter By default when one bridged MAC addresses is learned on an LPS...

Страница 815: ...y port 4 1 mac range low 00 20 da 00 00 10 high 00 20 da 00 00 50 The following command examples configure a MAC address range for a range of ports port security port 4 1 5 mac range low 00 20 da 00 0...

Страница 816: ...nd selects the shutdown mode for port 1 on slot 4 port security port 4 1 violation shutdown To configure the security violation mode for multiple LPS ports specify a range of ports or multiple slots F...

Страница 817: ...e commands see the OmniSwitch CLI Refer ence Guide An example of the output for the show port security show port security learning window and show violation commands is also given in Sample Learned Po...

Страница 818: ...Displaying Learned Port Security Information Configuring Learned Port Security page 31 18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 819: ...ring Station NMS if those limits are violated In This Chapter This chapter describes port mirroring port monitoring remote monitoring RMON probes sFlow and switch health features and explains how to c...

Страница 820: ...a see Displaying Port Monitoring Status and Data on page 32 28 Configuring a sFlow Session see Configuring a sFlow Session on page 32 30 Configuring a Fixed Primary Address see Configuring a Fixed Pri...

Страница 821: ...Gbps 10 Gigabit Ethernet 10 Gbps 40 Gigabit Ethernet 40 Gbps Mirroring Sessions Supported OmniSwitch 10K 2 OS10 XNI U32 supports 1 session OmniSwitch 6900 2 Combined Mirroring Monitoring Ses sions per...

Страница 822: ...0 unblocked vlan 7 Note Optional To verify the port mirroring configuration enter show port mirroring status followed by the port mirroring session ID number The display is similar to the one shown be...

Страница 823: ...bit Ethernet 40 Gbps Monitoring Sessions Supported OmniSwitch 10K 1 OmniSwitch 6900 1 Combined Mirroring Monitoring Ses sions per Chassis OmniSwitch 10K 3 OmniSwitch 6900 2 File Type Supported ENC fil...

Страница 824: ...of the port to be monitored and enable For example port monitoring 6 source 2 3 enable 3 Optional Configure optional parameters For example to create a file called monitor1 for port monitoring session...

Страница 825: ...ource and destination VLANs source and destination priorities source and destination IP addressessource and destination ports tcp flags and tos Polling In octets Out octets Number of Rx Unicast packet...

Страница 826: ...ch Problems page 32 8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 Sample Header Size sflow sampler 128 Bytes Poller Interval Value sflow poller 5 seconds Parameter Description CLI C...

Страница 827: ...Name Golden Address IP_V4 198 206 181 3 UDP Port 6343 Timeout 65535 Packet Size 1400 DatagramVer 5 For more information about this command see sFlow on page 32 29 or the sFlow Commands chapter in the...

Страница 828: ...ommand by entering sflow poller followed by the instance ID port list receiver and the interval For example sflow poller 1 2 6 10 receiver 1 interval 30 Note Optional To verify the sFlow poller config...

Страница 829: ...group Alarms group Events group RMON Functionality Not Supported RMON 10 group RMON2 Host group HostTopN group Matrix group Filter group Packet Capture group An external RMON probe that includes RMON...

Страница 830: ...stats The display is similar to the one shown below Entry Slot Port Flavor Status Duration System Resources 1011 1 11 Ethernet Active 11930 27 05 272 bytes 3 To view statistics for a particular RMON...

Страница 831: ...erage utilization level during last hour Maximum utilization level during last hour Resource Utilization Raw Sample Values Saved for previous 60 seconds Resource Utilization Current Sample Values Stor...

Страница 832: ...hreshold 80 Sampling Interval Secs 10 2 Enter the appropriate command to change the required health threshold or health sampling interval parameter settings or reset all health statistics for the swit...

Страница 833: ...are and is supported for Ethernet ports In addition the switch supports N to 1 port mirroring where up to 128 source ports can be mirrored to a single destination port Refer to the Port Mirroring Spec...

Страница 834: ...Ports If mirroring is enabled on multiple ports and the same traffic is passing through these ports then only one copy of each packet is sent to the mirroring destination When the packet is mirrored f...

Страница 835: ...port These frames from the mirroring port are marked as if they are received on the mirrored port before being sent over the switch backplane to an NMS station Therefore management frames destined fo...

Страница 836: ...ee must be disabled for the Remote Port Mirroring VLAN on all switches There must not be any physical loop present in the Remote Port Mirroring VLAN Remote port mirroring RPMIR MTP port can have tagge...

Страница 837: ...ession enter the port mirroring source destination command and include the port mirroring session ID number the source and destination slot ports and the remote port mirroring VLAN ID as shown in the...

Страница 838: ...tes Enabling or Disabling Mirroring Status Mirroring Status is the parameter using which you can enable or disable a mirroring session i e turn port mirroring on or off There are two ways to do this C...

Страница 839: ...The mirroring direction is unidirectional and inward bound port mirroring 6 source 2 3 destination 6 4 inport In this example the command specifies port mirroring session 6 with the mirrored active p...

Страница 840: ...ring status command To display all port mirroring sessions enter show port mirroring status 6 Session Mirror Mirror Unblocked Config Oper Destination Direction Vlan Status Status 1 2 1 NONE Enable On...

Страница 841: ...rt mirroring 8 destination 1 2 rpmir vlan 1000 Configuring Intermediate Switch Follow the steps given below to configure all the Intermediate Switches vlan 1000 spantree vlan 1000 admin state disable...

Страница 842: ...packets to and from a specific Ethernet port Port monitoring has the following features Software commands to enable and display captured port data Captures data in Network General file format A file...

Страница 843: ...erwards See the sections below for more information on using these keywords Enabling a Port Monitoring Session To disable a port monitoring session use the port monitoring source command by entering p...

Страница 844: ...directory when you configure and enable a port monitoring session This file can be FTPed for later analysis To configure a user specified file use the port monitoring source CLI command by entering po...

Страница 845: ...he port to be monitored a slash the port number of the port file the name of the file and overwrite on For example to configure port monitoring session 6 on port 2 3 with a data file called user_port...

Страница 846: ...00 00 20 DA 8F 92 C6 BPDU 00 26 42 42 03 00 00 00 00 00 00 20 DA C7 2D D6 08 00 20 95 F3 89 UDP 08 00 45 00 00 6B FE 4A 40 00 00 20 DA A3 89 F6 08 00 20 95 F3 89 UDP 08 00 45 00 00 6B CF 89 40 00 00...

Страница 847: ...agent running on the switch router combines interface counters and traffic flow packet samples preferably on all the interfaces into sFlow datagrams that are sent across the network to an sFlow collec...

Страница 848: ...parameters can be entered after the IP address For example to configure sFlow receiver session 6 on switch 10 255 11 28 and to specify the packet size and timeout value enter sflow receiver 6 name sf...

Страница 849: ...to generate the IP packtes and sent the sFlow data grams out into the network sFlow agent requires an IP address configured to it The agents IP address can be configured using the sflow agent command...

Страница 850: ...2 1 2048 128 1 2 3 1 2048 128 1 2 4 1 2048 128 1 2 5 1 2048 128 Note For more information about the displays that result from these commands see the OmniSwitch CLI Reference Guide Displaying a sFlow...

Страница 851: ...ide Deleting a sFlow Session To delete a sFlow receiver session use the release form at the end of the sflow agent command by enter ing sflow receiver followed by the receiver index and release For ex...

Страница 852: ...MON probe frames and Management frames to and from the mirroring and mirrored ports Frames received from an RMON probe attached to the mirroring port can be seen as being received by the mirrored port...

Страница 853: ...cs group includes port utilization and error statistics measured by the RMON probe for each monitored Ethernet interface on the switch Examples of these statistics include CRC Cyclic Redundancy Check...

Страница 854: ...le The following command enables RMON Alarm probe number 11235 rmon probes alarm 11235 enable To enable or disable an entire group of RMON probes of a particular flavor type such as Ethernet Statistic...

Страница 855: ...he statistics probes enter show rmon probes stats A display showing all current statistics RMON probes must appear as shown in the following example Entry Slot Port Flavor Status Duration System Resou...

Страница 856: ...the following sections Sample Display for Ethernet Statistics Probe The display shown here identifies RMON Probe 4005 s Owner description and interface location OmniSwitch Auto Probe on slot 4 port 5...

Страница 857: ...tion and interface location Analyzer t 128 251 18 166 on slot 1 port 35 as well as the Alarm Rising Threshold of the probe and Alarm Falling Threshold maximum allowable values beyond which an alarm is...

Страница 858: ...linked to ether StatsCollisions 2008 Rising trap Rising Event an Alarm condition detected by the RMON probe in which a trap was generated based on a Rising Threshold Alarm with an elapsed time of 39...

Страница 859: ...ealth Monitoring provides the following data to the NMS Switch level Input Output Memory and CPU Utilization Levels Module level and Port level Input Output Utilization Levels For each monitored resou...

Страница 860: ...lth threshold Configures threshold limits for input traffic RX output input traffic TX RX memory usage CPU usage and chassis temperature See page 32 43 for more information show health configuration D...

Страница 861: ...Switch CLI Reference Guide Note When you specify a new value for a threshold limit the value is automatically applied across all levels of the switch switch module and port You cannot select differing...

Страница 862: ...idual thresholds for input traffic RX output input traffic TX RX memory usage and CPU usage To view all health thresholds enter the following command show health configuration Rx Threshold 80 TxRx Thr...

Страница 863: ...r example to specify a sampling interval value of 6 seconds enter the following command health interval 6 Valid values for the seconds parameter include 1 2 3 4 5 6 10 12 15 20 or 30 Note If the sampl...

Страница 864: ...Resources field displays the device resources that are being measured for example Receive displays statistics for traffic received by the switch Transmit Receive displays statistics for traffic transm...

Страница 865: ...e 80 01 01 01 01 In the screen sample shown above the port 04 03 Resources field displays the port resources that are being measured for example Receive displays statistics for traffic received by the...

Страница 866: ...Monitoring Switch Health Diagnosing Switch Problems page 32 48 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 867: ...basis CVLAN inner tag 802 1p bit mapping to SVLAN outer tag 802 1p bit CVLAN inner tag DSCP mapping to SVLAN outer tag 802 1p bit Profiles for saving and applying traffic engineering parameter values...

Страница 868: ...if profiles assigns priority or bandwidth Maximum number of SAP profile VLAN transla tion or double tagging rules 8K 4K on OS10K XNI U32 module Maximum number of customer VLANs CVLANs associated with...

Страница 869: ...page 33 3 Treatment of customer protocol control frames ingressing on a VLAN Stacking user port ethernet service uni profile Processed Frames 802 3ad UDLD OAM LACP Marker Tunneled Frames STP MVRP Disc...

Страница 870: ...ort is switched to other network ports It is also possible for the same switch to function as a both a PE Bridge and a Transit Bridge Tunnel SVLAN A tunnel also referred to as an SVLAN is a logical en...

Страница 871: ...S Release 7 Network Configuration Guide June 2013 page 33 5 VLAN Stacking Elements Provider LAN Customer A Customer A Site 2 Site 2 Customer B Site 1 Site 1 Provider Edge 2 Provider Edge 1 Provider Ed...

Страница 872: ...o customer packets an 802 1Q tag that contains the tunnel ID associated to that customer s provider bridge port and or VLANs The encapsulated traffic is then transmitted through the Ethernet metro are...

Страница 873: ...c Service Access Point SAP A SAP is associated with a VLAN Stacking service name and a SAP profile The SAP binds UNI ports and customer traffic received on those ports to the service The profile speci...

Страница 874: ...ts are trusted and use 802 1p classification If there is a conflict between VLAN Stacking Service attributes and the QoS configuration the VLAN Stacking attributes are given precedence over QoS polici...

Страница 875: ...s a VLAN Stacking User Network Interface UNI port and associate the port with SAP ID 10 using the ethernet service sap uni command ethernet service sap 10 uni port 1 49 6 Associate traffic from custom...

Страница 876: ...tagged 40 sap profile sap video2 Service Name CustomerABC SVLAN 255 NNI s 1 22 SAP Id 10 UNIs 2 10 2 11 CVLAN s 500 600 sap profile default sap profile show ethernet service service name CustomerABC S...

Страница 877: ...ports One or more UNI ports are associated with a SAP to identify to the service which ports will receive customer traffic that the service will process for tunneling through the provider network When...

Страница 878: ...switch configuration use the no form of the ethernet service svlan command For example to delete SVLAN 300 enter no ethernet service svlan 300 Commands Used for ethernet service svlan Creating SVLANs...

Страница 879: ...amed Video Service and asso ciates the service with SVLAN 300 ethernet service service name Video Service svlan 300 The SVLAN ID specified with this command must already exist in the switch configurat...

Страница 880: ...nni port 2 1 When a port is converted to a NNI port the default VLAN for the port is changed to a VLAN that is reserved for the VLAN Stacking application At this point the port is no longer configurab...

Страница 881: ...h a SVLAN The ethernet service svlan nni command is used to associate the NNI with an SVLAN For example the following command associates NNI 2 1 with SVLAN 300 ethernet service svlan 300 nni port 2 1...

Страница 882: ...rovider network edge the type of customer traffic to service parameters to apply to the traffic and the service that will process the traffic for tunneling through the provider network Consider the fo...

Страница 883: ...t UNI profile is assigned to the port at the time the port is configured This profile defines how control frames received on the UNI ports are processed While Spanning Tree frames are automati cally t...

Страница 884: ...er the following when configuring the type of customer traffic to tunnel If no customer traffic is associated with a VLAN Stacking SAP then the SAP does not process any traffic for the service Only on...

Страница 885: ...r priority settings Use the bandwidth not assigned and priority not assigned parameters to prevent the profile from triggering QoS allocation of switch resources When a profile is created using these...

Страница 886: ...g UNI port profile The UNI profile determines how control frames ingressing on UNI ports are processed For example the following command creates a UNI profile to specify that VLAN Stacking should disc...

Страница 887: ...ne 2013 page 33 21 To change the profile associated with the UNI port back to the default profile specify default uni profile for the profile name For example ethernet service uni port 1 1 uni profile...

Страница 888: ...all CVLANs into SVLAN 100 and Customer B traffic CVLAN 10 only into SVLAN 200 In addition the CVLAN 10 inner tag priority bit value is mapped to the SVLAN out tag priority value The customer traffic...

Страница 889: ...ing the ethernet service svlan nni command Associate each port with both SVLAN 100 and SVLAN 200 ethernet service svlan 100 nni port 3 1 ethernet service svlan 200 nni port 3 1 4 Configure a VLAN Stac...

Страница 890: ...figuration using the show ethernet service command show ethernet service Service Name CustomerA SVLAN 100 NNI s 3 1 SAP Id 20 UNIs 1 1 CVLAN s all sap profile default sap profile Service Name Customer...

Страница 891: ...ice sap 20 uni 1 1 ethernet service sap 20 cvlan all ethernet service svlan 200 ethernet service service name CustomerB svlan 200 ethernet service svlan 200 nni port 3 1 ethernet service sap 30 servic...

Страница 892: ...t for the show ethernet service command is also given in Quick Steps for Configuring VLAN Stacking on page 33 9 show ethernet service vlan Displays the SVLAN configuration for the switch show ethernet...

Страница 893: ...rmation can be helpful in resolving configuration or authentication issues as well as general switch errors This chapter describes the switch logging feature how to configure it and display switch log...

Страница 894: ...e IP Address Application ID Levels Supported IDLE 255 DIAG 0 IPC DIAG 1 QDRIVER 2 QDISPATCHER 3 IPC LINK 4 NI SUPERVISION 5 INTERFACE 6 802 1Q 7 VLAN 8 GM 9 BRIDGE 10 STP 11 LINKAGG 12 QOS 13 RSVP 14...

Страница 895: ...ues Global Switch Logging Defaults Parameter Description CLI Command Default Value Comments Enabling Disabling switch logging swlog Enabled Switch logging severity level swlog appid Default severity l...

Страница 896: ...pid bridge level warning Here the application ID specifies bridging and the severity is set to the warning level 3 Specify the output device to which the switch logging information must be sent swlog...

Страница 897: ...rol back to the calling application You can specify the path to where the log file is printed in the flash file system of the switch You can also send the log file to other output devices such as the...

Страница 898: ...y The swlog appid command is used to assign the severity levels to the applications The syntax for the swlog appid command requires that you identify a switch application and assign it a severity leve...

Страница 899: ...ING MODULE 24 APPID_L3HRE SLB 25 APPID_SLB EIPC 26 APPID_EIPC CHASSIS 64 APPID_CHASSISUPER PORT MGR 65 APPID_PORT_MANAGER CONFIG 66 APPID_CONFIGMANAGER CLI 67 APPID_CLI SNMP 68 APPID_SNMP_AGENT WEB 69...

Страница 900: ...erity level or 5 to the system application ID number 75 by using the severity level and application names swlog appid system level warning The following command makes the same assignment by using the...

Страница 901: ...tput to the console enter the following command swlog output console To disable the switch logging output to the console enter the following command no swlog output console No confirmation message app...

Страница 902: ...tput To disable all configured output IP addresses from receiving switch logging output enter the following command no swlog output socket No confirmation message appears on the screen To disable a sp...

Страница 903: ...ory available in flash For example to set the switch logging file to 500000 bytes enter swlog output flash file size 500000 Clearing the Switch Logging Files You can clear the data stored in the switc...

Страница 904: ...or all the switch logging information to scroll to the console screen show log swlog Displaying file contents for swlog2 log FILEID fileName swlog2 log endPtr 32 configSize 64000 currentSize 64000 mod...

Страница 905: ...etection resiliency and monitoring capability for end to end service guarantee in an Ethernet network In This Chapter This chapter describes the Ethernet OAM feature how to configure it and display Et...

Страница 906: ...on Command Default Value Comments MHF value assigned to a MD ethoam domain mhf none ID permission value for MD entry ethoam domain id permission none MHF value assigned to a MA ethoam association mhf...

Страница 907: ...is sold to a customer and is designated by a VLAN tag on the User to Network Interface UNI Elements of Service OAM Maintenance End Points MEPs and Maintenance Intermediate Points MIPs MEPs initiate O...

Страница 908: ...en 0 and 7 to help identify and differentiate the MD within the domain hierarchy For example different organizations such as operators levels 0 1 2 service providers levels 3 4 and customers levels 5...

Страница 909: ...MEPs It detects only loss of connectivity and remote MAC defect MIP CCM Database Support Per section 19 4 of the IEEE 802 1ag 5 2 draft standard an MHF may optionally maintain a MIP CCM database as it...

Страница 910: ...ame Timestamp indicating when the DMM frame was received Timestamp indicating the time at which the receiving MEP transmitted the DMR frame back to the sending MEP When a MEP receives a DMR frame the...

Страница 911: ...mniSwitch 802 1ag and Y 1731 CFM with the following minor configuration requirements The OmniSwitch MD format must be configured as none ITU T Y 1731 uses the icc based format for a MEG so the OmniSwi...

Страница 912: ...stratively enable the Ethernet OAM Maintenance End Point using the ethoam endpoint admin state command For example ethoam endpoint 100 domain esd alcatel lucent com association alcatel sales admin sta...

Страница 913: ...his is also the phase where Maintenance Intermediate Points MIP and Maintenance End Points MEP are identified and set up Any port on a switch is referred to as a Maintenance Point MP An MP can be eith...

Страница 914: ...el lucent com Note that with this implementation of Ethernet OAM it is only possible to delete an MA when there is no Maintenance End Point MEP or Maintenance Intermediate Point MIP associated with th...

Страница 915: ...nd interface status TLVs The use of Virtual MEP allows to create a MEP on a virtual port thus saving the use of physical port To configure a virtual MEP use the ethoam endpoint command For example to...

Страница 916: ...ages LTMs and detecting Linktrace replies LTR use the ethoam linktrace command For example ethoam linktrace 10 aa ac 12 12 ad end point 4 domain esd alcatel lucent com association alcatel_sales flag f...

Страница 917: ...TH DM The ethoam two way delay command is used to configure a two way ETH DM to monitor roundtrip performance between two MEPs For example the following command is used to initiate the transmission of...

Страница 918: ...configuration Displays all the default MD information for all the VLANs or a specific VLAN show ethoam default domain configuration Displays the values of scalar Default MD objects show ethoam vlan D...

Страница 919: ...onitoring to generate traffic in a continuous reliable and predictable manner thus enabling the measurement of network performance and health In This Chapter This chapter describes the various types o...

Страница 920: ...owever when an agent is configured the following default parameter values are applied unless otherwise specified IEEE Standards Supported N A Platforms Supported OmniSwitch 10K 6900 Parameter Descript...

Страница 921: ...ping destination ip 123 22 45 66 source ip 123 35 42 125 type of service 5 inter pkt delay 1500 num pkts 8 payload size 1000 3 Configure SAA saa2 for MAC ping using the saa type mac ping command For...

Страница 922: ...nfig urable SAA XML parameters Configuring Service Assurance Agent This section describes how to use OmniSwitch Command Line Interface CLI commands to configure Service Assurance Agent SAA on a switch...

Страница 923: ...AC Address Ping SAA L2 SAAs enhance the service level monitoring by enabling performance measurement against any L2 address within the provider network To configure SAA for MAC use the saa type mac pi...

Страница 924: ...ype of SAA is configured the SAA start and stop parameters are defined using the saa start and saa stop commands For example saa saa1 start saa saa1 stop Both commands provide the ability to define a...

Страница 925: ...from SPB use the saa spb flush command For example saa spb flush Note that the saa spb flush command does not change any of the SPB SAA session parameter values Use the show saa spb command to displa...

Страница 926: ...rtt min 3766 min avg 10141 avg max 32919 max rtt jitter min 271 min avg 9540 avg max 26537 max jitter index saaId saaId id 13 name saa2 index id 1 lastRunTime 987731883 lastRunTime reason Iteration s...

Страница 927: ...ation about SAA on the switch use the show commands listed below show saa Displays generic configuration parameters for all the configured SAAs show saa type config Displays configured SAAs for the gi...

Страница 928: ...Verifying the SAA Configuration Configuring Service Assurance Agent page 36 10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...

Страница 929: ...system Licensee agrees not to assign sublicense transfer pledge lease rent or share their rights under this License Agreement Licensee may retain the program media for backup purposes with retention o...

Страница 930: ...E EXCLUSION OF IMPLIED WARRANTIES SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO LICENSEE THIS WARRANTY GIVES THE LICENSEE SPECIFIC LEGAL RIGHTS LICENSEE MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM STATE TO...

Страница 931: ...the event of any breach hereunder shall not be deemed a waiver by that party as to subsequent enforcement of rights or subsequent actions in the event of future breaches 13 Notes to United States Gov...

Страница 932: ...Notices applicable to any software distributed alone or in connection with the product to which this document pertains are contained in files within the software itself located at flash foss Also if...

Страница 933: ...37 24 39 IPv6 17 5 Layer 3 ACLs 25 65 policies 25 74 policy map groups 25 60 Port Mapping 30 2 30 6 port mirroring 32 4 port monitoring 32 6 32 9 QoS 25 43 25 74 RIP 19 3 RMON 32 12 Server Load Balanc...

Страница 934: ...6 4 11 3 Spanning Tree Port 6 4 static link aggregation 7 2 switch health 32 14 switch logging 34 3 UDLD 2 2 VLANs 4 2 VRRP 22 3 Denial of Service see DoS DHCP 21 6 DHCP Relay 21 1 21 10 application...

Страница 935: ...ports 5 7 deleting high availability VLANs 5 7 displaying 5 16 specifications 5 2 traffic flow 5 5 Hot Standby Routing Protocol see HSRP HSRP not compatible with VRRP 22 3 I ICMP 15 29 control 15 31 Q...

Страница 936: ...ip slb probe expect command 23 21 ip slb probe password command 23 20 ip slb probe period command 23 19 ip slb probe port command 23 20 ip slb probe retries command 23 20 ip slb probe send command 23...

Страница 937: ...static link aggregation 7 1 lldp lldpdu command 13 3 lldp notification command 13 3 lldp tlv dot1 command 13 8 lldp tlv dot3 command 13 8 lldp tlv management command 13 3 lldp tlv med command 13 9 lo...

Страница 938: ...ring status 32 20 N to 1 port mirroring 32 19 specifications 32 3 unblocking ports 32 20 port mirroring command 32 21 port mirroring session creating 32 19 deleting 32 22 enabling disabling 32 21 port...

Страница 939: ...ications 19 2 unloading 19 6 update interval 19 9 verification 19 19 verify information about 19 19 RIP interface creating 19 7 deleting 19 7 enabling 19 7 metric 19 8 password 19 18 receive option 19...

Страница 940: ...nd 32 22 show port monitoring file command 32 28 show port security command 31 3 show port security shutdown command 31 4 show qos log command 25 41 show rmon events command 32 37 show rmon probes com...

Страница 941: ...MAC addresses 3 3 static route IP 15 11 17 19 metric 15 11 17 19 subnet mask 15 11 subnet mask 15 11 switch health application examples 32 14 defaults 32 14 monitoring 32 41 specifications 32 13 switc...

Страница 942: ...description 4 6 high availability VLANs 5 1 IP multinetting 15 7 IP router ports 15 8 MAC address aging time 3 7 operational status 4 5 port assignment 4 7 Spanning Tree status 4 9 VLAN ID 4 4 VRRP 2...

Отзывы:

Нет отзывов