EW_XOSConcepts11_5

ExtremeWare XOS 11.5 supports only the Summit X450 family of switches and the BlackDiamond 8800 series switch.

ExtremeWare XOS Concepts GuideSoftware Version 11.5

Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (408) 579-2800 (888) 257-3000 http://www.extremenetworks.com Published: June 2006 Part number: 100228-00 Rev 01


Alpine, Alpine 3804, Alpine 3802, Altitude, BlackDiamond, BlackDiamond 6808, BlackDiamond 6816, EPICenter, Ethernet Everywhere, Extreme Ethernet Everywhere, Extreme Networks, Extreme Turbodrive, Extreme Velocity, ExtremeWare, ExtremeWorks, GlobalPx Content Director, the Go Purple Extreme Solution Partners Logo, Sentriant, ServiceWatch, Summit, Summit24, Summit48, Summit1i, Summit4, Summit5i, Summit7i, Summit 48i, SummitRPS, SummitGbX, Triumph, vMAN, the Extreme Networks logo, the Alpine logo, the BlackDiamond logo, the Summit logos, the Extreme Turbodrive logo, and the Color Purple, among others, are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and other countries. Other names and marks may be the property of their respective owners. 2006 Extreme Networks, Inc. All Rights Reserved. Specifications are subject to change without notice. Merit is a registered trademark of Merit Network, Inc. Solaris and Java are trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Avaya is a trademark of Avaya, Inc. All other registered trademarks, trademarks and service marks are property of their respective owners.

123456789

Authors: Hugh Bussell, Megan Mahar, Peggy Murphy Production: Megan Mahar

2

ExtremeWare XOS 11.5 Concepts Guide


ContentsPreface......................................................................................................................................... 23Introduction .............................................................................................................................23 Terminology........................................................................................................................23 Conventions..............................................................................................................................23 Platform-Dependent Conventions ..........................................................................................24 Text Conventions.................................................................................................................24 Related Publications .................................................................................................................25 Using ExtremeWare XOS Publications Online .........................................................................25

Part 1: Using ExtremeWare XOSChapter 1: ExtremeWare XOS Overview........................................................................................... 29Platforms and Required Software Versions ...................................................................................29 Summary of Features.................................................................................................................30 Feature Highlights of ExtremeWare XOS 11.5 ........................................................................31 Software Licensing ....................................................................................................................37 The BlackDiamond 10808 Switch Only .................................................................................39 The BlackDiamond 12804 Switch Only .................................................................................39 Obtaining a License Voucher ................................................................................................40 Enabling and Verifying Licenses ...........................................................................................40 Security Licensing...............................................................................................................40 Software Factory Defaults ..........................................................................................................41

Chapter 2: Accessing the Switch.................................................................................................... 43Understanding the Command Syntax...........................................................................................43 Syntax Helper .....................................................................................................................44 Command Shortcuts ............................................................................................................45 Names ...............................................................................................................................45 Symbols .............................................................................................................................46 Limits ................................................................................................................................46 Port Numbering ........................................................................................................................46 Stand-alone Switch Numerical Ranges ..................................................................................47 Modular Switch Numerical Ranges........................................................................................47 Line-Editing Keys......................................................................................................................48 Command History......................................................................................................................48 Common Commands..................................................................................................................48 Accessing the Switch the First Time............................................................................................50 Safe Defaults Setup Method.................................................................................................51 Configuring Management Access ................................................................................................52 Account Access Levels.........................................................................................................52 Configuring the Banner ........................................................................................................53 Startup Screen and Prompt Text ...........................................................................................53 Default Accounts.................................................................................................................55


3


Contents Creating a Management Account...........................................................................................55 Failsafe Account .................................................................................................................56 Managing Passwords .................................................................................................................56 Applying a Password to the Default Account ..........................................................................57 Applying Security to Passwords.............................................................................................57 Displaying Passwords...........................................................................................................59 Access to Both MSM Console PortsModular Switches Only.........................................................59 Domain Name Service Client Services .........................................................................................59 Checking Basic Connectivity.......................................................................................................60 Ping...................................................................................................................................60 Traceroute ..........................................................................................................................61 Displaying Switch Information ....................................................................................................62

Chapter 3: Managing the Switch .................................................................................................... 63Overview ..................................................................................................................................63 Understanding the ExtremeWare XOS Shell .................................................................................64 Using the Console Interface .......................................................................................................64 Using the 10/100 Ethernet Management Port ..............................................................................65 Using EPICenter to Manage the Network .....................................................................................65 Authenticating Users .................................................................................................................66 RADIUS Client ....................................................................................................................66 TACACS+ ...........................................................................................................................66 Management Accounts.........................................................................................................66 Using Telnet .............................................................................................................................66 About the Telnet Client ........................................................................................................67 About the Telnet Server .......................................................................................................67 Connecting to Another Host Using Telnet...............................................................................68 Configuring Switch IP Parameters .........................................................................................68 Configuring Telnet Access to the Switch ................................................................................70 Disconnecting a Telnet Session ............................................................................................72 Using Secure Shell 2.................................................................................................................73 Using the Trivial File Transfer Protocol ........................................................................................73 Connecting to Another Host Using TFTP ................................................................................74 Understanding System Redundancy with Dual MSMs InstalledModular Switches Only ..................75 Node Election .....................................................................................................................75 Replicating Data Between Nodes ..........................................................................................76 Viewing Node Status............................................................................................................78 Understanding Hitless Failover SupportModular Switches Only...................................................79 Protocol Support for Hitless Failover .....................................................................................79 Platform Support for Hitless Failover.....................................................................................81 Hitless Failover Caveats .......................................................................................................82 Understanding Power Supply Management ..................................................................................83 Using Power SuppliesModular Switches Only ......................................................................83 Using Power SuppliesSummit X450 Family of Switches Only ...............................................86 Displaying Power Supply Information ....................................................................................86 Using the Simple Network Management Protocol .........................................................................87 Enabling and Disabling SNMPv1/v2c and SNMPv3 ................................................................87 Accessing Switch Agents......................................................................................................88 Supported MIBs ..................................................................................................................88

4



Contents Configuring SNMPv1/v2c Settings ........................................................................................88 Displaying SNMP Settings....................................................................................................89 SNMPv3.............................................................................................................................89 Message Processing.............................................................................................................90 SNMPv3 Security ................................................................................................................91 SNMPv3 MIB Access Control ...............................................................................................93 SNMPv3 Notification...........................................................................................................94 Using the Simple Network Time Protocol.....................................................................................97 Configuring and Using SNTP ................................................................................................97 SNTP Example..................................................................................................................100

Chapter 4: Managing the ExtremeWare XOS Software.................................................................... 101Overview of the ExtremeWare XOS Software ...............................................................................101 Understanding the ExtremeWare XOS Software ....................................................................101 Using the ExtremeWare XOS File System...................................................................................102 Moving or Renaming Files on the Switch .............................................................................103 Copying Files on the Switch ...............................................................................................104 Displaying Files on the Switch ............................................................................................105 Transferring Files to and from the Switch ............................................................................107 Deleting Files from the Switch............................................................................................109 Managing the Configuration File ...............................................................................................110 Managing ExtremeWare XOS Processes .....................................................................................111 Displaying Process Information...........................................................................................111 Stopping a Process............................................................................................................112 Starting a Process .............................................................................................................113 Understanding Memory Protection ............................................................................................114 Monitoring CPU Utilization.......................................................................................................114 Disabling CPU Monitoring ..................................................................................................115 Enabling CPU Monitoring ...................................................................................................115 Displaying CPU Utilization History ......................................................................................115

Chapter 5: Configuring Slots and Ports on a Switch....................................................................... 119Configuring a Slot on a Modular Switch .....................................................................................119 Overview...........................................................................................................................119 I/O Ports on BlackDiamond 8810 MSM Module ...................................................................120 I/O Ports on BlackDiamond 8806 MSM Module ...................................................................121 Disabling MSM I/O PortsBlackDiamond 8800 a-series and e-series Modules Only ...........................................................................................122 Configuring Ports on a Switch...................................................................................................122 Port Numbering ................................................................................................................123 Enabling and Disabling Switch Ports ...................................................................................124 Configuring Switch Port Speed and Duplex Setting ...............................................................124 Jumbo Frames ........................................................................................................................127 Jumbo Frames on the BlackDiamond 8800 Series Switch and Summit X450 Family of Switches Only................................................................................128 Enabling Jumbo Frames.....................................................................................................128 Path MTU Discovery ..........................................................................................................129 IP Fragmentation with Jumbo Frames..................................................................................129 IP Fragmentation within a VLAN .........................................................................................130


5


Contents Link Aggregation on the Switch ................................................................................................130 Link Aggregation Overview..................................................................................................131 Link Aggregation and Software-Controlled Redundant PortsSummit X450 Family of Switches Only ...................................................................................................................132 Dynamic versus Static Load Sharing....................................................................................132 Load-Sharing Algorithms....................................................................................................132 LACPDynamic Link Aggregation.......................................................................................135 Guidelines for Load Sharing ...............................................................................................137 Configuring Switch Load Sharing ........................................................................................139 Load-Sharing Examples .....................................................................................................141 Displaying Switch Load Sharing..........................................................................................142 Switch Port Mirroring...............................................................................................................143 Guideline for Switch Port Mirroring on Summit X450 Family of Switches Only ........................144 Guidelines for Switch Port Mirroring on the BlackDiamond 8800 Series Switch Only ...............145 Guidelines for Switch Port Mirroring on the BlackDiamond 10808 and 12804 Switch Only......146 Switch Port-Mirroring Rules and Restrictions for All Switches ................................................146 Switch Port-Mirroring Examples ..........................................................................................147 Verifying the Switch Port-Mirroring Configuration .................................................................148 Extreme Discovery Protocol ......................................................................................................148 Software-Controlled Redundant Port and Smart Redundancy .......................................................149 Guidelines for Software-Controlled Redundant Ports and Port Groups .....................................150 Configuring Software-Controlled Redundant Ports.................................................................151 Verifying Software-Controlled Redundant Port Configurations.................................................151 Configuring Automatic Failover for Combination PortsSummit X450 Family of Switches Only ......152 Displaying Port Configuration Information..................................................................................154

Chapter 6: Link Layer Discovery Protocol...................................................................................... 155Overview ................................................................................................................................155 LLDP Packets .........................................................................................................................157 Transmitting LLDP Messages ...................................................................................................158 Receiving LLDP Messages........................................................................................................159 Managing LLDP ......................................................................................................................159 Supported TLVs ......................................................................................................................160 Mandatory TLVs ................................................................................................................163 Optional TLVs ...................................................................................................................164 Configuring LLDP....................................................................................................................169 Enabling and Disabling LLDP .............................................................................................169 Configuring the System Description TLV Advertisement.........................................................170 Configuring LLDP Timers ...................................................................................................170 Configuring SNMP for LLDP ...............................................................................................170 Configuring Optional TLV Advertisements ............................................................................171 Unconfiguring LLDP ..........................................................................................................175 Displaying LLDP Settings.........................................................................................................175 Displaying LLDP Port Configuration Information and Statistics ..............................................175 Displaying LLDP Information Detected from Neighboring Ports ..............................................176

Chapter 7: Connectivity Fault ManagementBlackDiamond 10808 and 12804 Switch Only............ 177Overview of CFM Elements .......................................................................................................177 Ping and Traceroute ................................................................................................................180 Supported Instances for CFM ...................................................................................................181

6



Contents Configuring CFM .....................................................................................................................181 Creating Maintenance Domains ..........................................................................................182 Creating and Associating MAs.............................................................................................183 Creating MPs and the CCM Transmission Interval .................................................................184 Executing Layer 2 Ping and Traceroute Messages .................................................................185 Displaying CFM.......................................................................................................................185 CFM Example .........................................................................................................................186

Chapter 8: Power Over Ethernet.................................................................................................... 187Extreme Networks PoE Devices.................................................................................................187 Summary of PoE Features ........................................................................................................187 Power Checking for PoE Module ...............................................................................................188 Power Delivery ........................................................................................................................188 Enabling PoE to the Switch ................................................................................................188 Power Reserve Budget Per Slot on Modular Switches ............................................................189 PD Disconnect Precedence on Modular Switches..................................................................190 Port Disconnect or Fault ....................................................................................................191 Port Power Reset...............................................................................................................191 PoE Usage Threshold.........................................................................................................191 Legacy Devices .................................................................................................................192 PoE Operator Limits ..........................................................................................................192 Configuring PoE ......................................................................................................................193 Enabling Inline Power........................................................................................................193 Reserving Power for a Slot on Modular Switches...................................................................194 Setting the Disconnect Precedence on Modular Switches ......................................................194 Configuring the Usage Threshold ........................................................................................196 Configuring the Switch to Detect Legacy PDs .......................................................................196 Configuring the Operator Limit ...........................................................................................197 Configuring PoE Port Labels ...............................................................................................197 Power Cycling Connected PDs ............................................................................................197 Displaying PoE Settings and Statistics ......................................................................................197 Clearing Statistics .............................................................................................................197 Displaying System Power Information..................................................................................198 Displaying Slot PoE Information on Modular Switches...........................................................199 Displaying PoE Status and Statistics on Stand-alone Switches...............................................200 Displaying Port PoE Information .........................................................................................200

Chapter 9: Status Monitoring and Statistics .................................................................................. 203Overview of Status Monitoring ..................................................................................................203 Viewing Port Statistics .............................................................................................................203 Viewing Port Errors ..................................................................................................................204 Using the Port Monitoring Display Keys .....................................................................................206 Performing Switch Diagnostics .................................................................................................206 Running Diagnostics on the BlackDiamond 10808 Switch and the BlackDiamond 8800 Series Switch ...............................................................................207 Running Diagnostics on the BlackDiamond 12804 Switch ....................................................208 Running Diagnostics on the Summit X450 Family of Switches...............................................209 Observing LED Behavior During a Diagnostic Test.................................................................210 Displaying Diagnostic Test Results......................................................................................214


7


Contents Using the System Health Checker .............................................................................................214 Understanding the System Health CheckerBlackDiamond 10808 and BlackDiamond 12804 Switches Only ..................................................................................214 Understanding the System Health CheckerBlackDiamond 8800 Series Switch Only .............215 Understanding the System Health CheckerSummit X450 Family of Switches Only................216 Enabling Backplane Diagnostic Packets on the SwitchModular Switches Only......................216 Configuring Backplane Diagnostic Packets on the SwitchModular Switches Only ..................216 Disabling Backplane Diagnostic Packets on the SwitchModular Switches Only .....................217 Displaying the System Health Check SettingAll Platforms ..................................................217 System Health Check Examples: Backplane DiagnosticsModular Switches Only ...................217 Setting the System Recovery Level............................................................................................219 Configuring Software Recovery............................................................................................219 Configuring Hardware RecoverySummit X450 Family of Switches Only................................220 Configuring Module RecoveryModular Switches Only .........................................................222 Using ELSM ...........................................................................................................................229 About ELSM .....................................................................................................................229 ELSM Hello Messages .......................................................................................................230 ELSM Port States..............................................................................................................230 Link States .......................................................................................................................231 ELSM Link States .............................................................................................................232 ELSM Timers ....................................................................................................................233 Configuring ELSM on a Switch ...........................................................................................233 Displaying ELSM Information .............................................................................................236 Using ELSM with Layer 2 Control Protocols .........................................................................238 ELSM Configuration Example .............................................................................................239 Viewing Fan Information ..........................................................................................................239 Viewing the System Temperature ..............................................................................................240 System Temperature OutputModular Switches Only...........................................................240 System Temperature OutputSummit X450 Family of Switches Only ....................................241 Power Supply TemperatureModular Switches Only.............................................................241 Fan Tray TemperatureBlackDiamond 10808 Switch Only...................................................242 Using the Event Management System/Logging ...........................................................................242 Sending Event Messages to Log Targets...............................................................................243 Filtering Events Sent to Targets ..........................................................................................244 Displaying Real-Time Log Messages ....................................................................................252 Displaying Event Logs........................................................................................................252 Uploading Event Logs ........................................................................................................253 Displaying Counts of Event Occurrences ..............................................................................253 Displaying Debug Information.............................................................................................254 Logging Configuration Changes...........................................................................................254 Using sFlow............................................................................................................................255 Licensing .........................................................................................................................256 Sampling Mechanisms.......................................................................................................256 Configuring sFlow..............................................................................................................257 Additional sFlow Configuration Options ...............................................................................259 sFlow Configuration Example..............................................................................................261 Displaying sFlow Information..............................................................................................261 Using RMON ..........................................................................................................................261 About RMON ....................................................................................................................262 Supported RMON Groups of the Switch ...............................................................................262 Configuring RMON ............................................................................................................264

8



Contents Event Actions ...................................................................................................................265 Displaying RMON Information ............................................................................................265

Chapter 10: Virtual LANs ............................................................................................................. 267Overview of Virtual LANs..........................................................................................................267 Benefits ...........................................................................................................................267 Virtual Routers and VLANsBlackDiamond 10808 and 12804 Switch Only...........................268 Types of VLANs.......................................................................................................................268 Port-Based VLANs .............................................................................................................269 Tagged VLANs ..................................................................................................................271 Protocol-Based VLANs .......................................................................................................273 Precedence of Tagged Packets Over Protocol Filters .............................................................275 Default VLAN....................................................................................................................275 VLAN Names ..........................................................................................................................275 Renaming a VLAN .............................................................................................................276 Configuring VLANs on the Switch .............................................................................................276 Creating and Configuring VLANs .........................................................................................276 Enabling and Disabling VLANs ...........................................................................................277 VLAN Configuration Examples ............................................................................................278 Displaying VLAN Settings.........................................................................................................279 Displaying Protocol Information ..........................................................................................280 Tunneling (vMANs)..................................................................................................................281 Overview...........................................................................................................................281 Licensing .........................................................................................................................284 QoS Queue on Egress Port with vMAN packets .....................................................................284 Guidelines for Configuring vMANs.......................................................................................285 Configuring vMANs............................................................................................................286 Displaying vMAN Configurations .........................................................................................290 MAC-in-MAC TunnelingBlackDiamond 10808 and 12804 Switch Only .....................................291 Guidelines for Using MAC-in-MAC Tunnels ..........................................................................294 Configuring MAC-in-MAC Tunnels .......................................................................................294 Displaying MAC-in-MAC Tunneling Information ....................................................................296 Example of MAC-in-MAC Tunneling.....................................................................................297

Chapter 11: Forwarding Database................................................................................................. 301Overview of the FDB ................................................................................................................301 FDB Contents ...................................................................................................................301 How FDB Entries Get Added...............................................................................................302 FDB Entry Types ...............................................................................................................302 Differing FDB Table SizesBlackDiamond 8800 Series Switch and Summit X450 Family of Switches Only......................................................................................303 FDB Configuration Examples ....................................................................................................304 Adding a Permanent Static Entry ........................................................................................304 Configuring the FDB Aging Time.........................................................................................304 Clearing FDB Entries .........................................................................................................304 Displaying FDB Entries ............................................................................................................305


9


Contents MAC-Based Security................................................................................................................305 Disabling MAC Address Learning ........................................................................................306 Disabling Egress Flooding ..................................................................................................306 Displaying Learning and Flooding Settings...........................................................................308 Multicast FDB with Multiport EntryBlackDiamond 8800 Series Switch and Summit X450 Family of Switches Only......................................................................................309

Chapter 12: Virtual Routers.......................................................................................................... 311Virtual Routers Overview ..........................................................................................................311 Types of Virtual Routers .....................................................................................................312 Virtual Router Configuration DomainBlackDiamond 10808 and BlackDiamond 12804 Switches Only ..................................................................................313 Using Virtual RoutersBlackDiamond 10808 and BlackDiamond 12804 Switches Only ...............314 Creating Virtual Routers .....................................................................................................314 Configuring Ports to a Single or to Multiple Virtual Router(s) .................................................314 Adding Routing Protocols to a Virtual Router........................................................................315 Displaying Ports and Protocols............................................................................................316 Configuring the Routing Protocols and VLANs ......................................................................316 Virtual Router Configuration Example ........................................................................................317

Chapter 13: Policy Manager ........................................................................................................ 319Policy Manager .......................................................................................................................319 Creating and Editing Policies....................................................................................................319 Using the Edit Command ...................................................................................................320 Using a Separate Machine .................................................................................................320 Checking Policies ..............................................................................................................320 Refreshing Policies............................................................................................................321 Applying Policies ....................................................................................................................321 Applying ACL Policies........................................................................................................321 Applying Routing Policies ..................................................................................................322

Chapter 14: Access Lists (ACLs)................................................................................................... 323ACLs......................................................................................................................................323 ACL Rule Syntax .....................................................................................................................324 Matching All Egress Packets...............................................................................................325 Types of Rule Entries.........................................................................................................325 Match Conditions ..............................................................................................................326 Actions.............................................................................................................................326 Action Modifiers................................................................................................................326 ACL Rule Syntax Details ....................................................................................................328 IPv6 ACL Address MasksBlackDiamond 10808 and BlackDiamond 12804 Only ..................332 vMAN ACLsBlackDiamond 10808 and BlackDiamond 12804 Switches Only .............................332 vMAN ACL Actions ............................................................................................................333 vMAN ACL Action Modifiers ...............................................................................................333 vMAN ACL examplesBlackDiamond 10808 and BlackDiamond 12804 Only ........................334 Dynamic ACLs ........................................................................................................................334 Creating the Dynamic ACL Rule ..........................................................................................334 Configuring the ACL Rule on the Interface ...........................................................................335

10



Contents ACL Evaluation PrecedenceBlackDiamond 10808 and BlackDiamond 12804 Switches Only ......336 Rule Evaluation.................................................................................................................336 Precedence of Dynamic ACLs .............................................................................................336 Precedence of ACL Entries Within a Policy File ....................................................................336 Precedence Among Interface Types.....................................................................................336 ACL Evaluation PrecedenceBlackDiamond 8800 Series and Summit X450 Family Switches Only .........................................................................................337 Rule Evaluation.................................................................................................................337 Precedence of Dynamic ACLs .............................................................................................337 Precedence of ACL Entries Within a Policy File ....................................................................338 Precedence Among Interface Types.....................................................................................338 Redundant Rules ..............................................................................................................338 Applying ACL Policy Files ........................................................................................................338 Displaying and Clearing ACL Counters .................................................................................339 Example ACL Rule Entries .................................................................................................339 ACL Mechanisms ....................................................................................................................341 ACL Masks and RulesBlackDiamond 8800 Original Series Modules and Summit X450 Series Switches Only ....................................................................................341 ACL Slices and RulesBlackDiamond 8800 a-series and e-series Modules and Summit X450a and X450e Series Switches Only..................................................................347 Policy Based Routing...............................................................................................................356 Configuring Policy Based Routing .......................................................................................357

Chapter 15: Routing Policies ....................................................................................................... 359Routing Policies......................................................................................................................359 Routing Policy File Syntax..................................................................................................359 Applying Routing Policies ..................................................................................................364 Policy Examples ................................................................................................................364

Chapter 16: Quality of Service ..................................................................................................... 369Overview of Policy-Based Quality of Service ...............................................................................369 Applications and Types of QoS .................................................................................................370 Voice Applications.............................................................................................................370 Video Applications.............................................................................................................370 Critical Database Applications ............................................................................................371 Web Browsing Applications ................................................................................................371 File Server Applications .....................................................................................................371 Configuring QoS......................................................................................................................372 Configuring QoS on the BlackDiamond 8800 Series Switch and the Summit X450 Family of Switches Only ..........................................................................373 QoS Profiles ...........................................................................................................................373 QoS Profiles on the BlackDiamond 8800 Series Switch and the Summit X450 Family of Switches Only ..........................................................................373 QoS Profiles on the BlackDiamond 10808 and 12804 Switch...............................................375 Traffic Groupings ....................................................................................................................376 Precedence of Traffic Groupings .........................................................................................376 ACL-Based Traffic Groupings..............................................................................................378 Explicit Class of Service (802.1p and DiffServ) Traffic Groupings ..........................................378 Physical and Logical Groupings ..........................................................................................385


11


Contents Verifying QoS Configuration and Performance ............................................................................387 Monitoring PerformanceBlackDiamond 10808 and 12804 Switch Only.....................................................................................................387 Displaying QoS Profile Information......................................................................................387 Guidelines for Configuring QoS.................................................................................................388 Metering Using ACLsBlackDiamond 8800 Series Switch, Summit X450 Family of Switches, and BlackDiamond 12804 R-Series Switch Only ........................................................................389 Creating the ACL Meter......................................................................................................389 Configuring the ACL Meter .................................................................................................390 Associating the Meter with an ACL......................................................................................390 Displaying Meters..............................................................................................................390 Egress Traffic Rate LimitingBlackDiamond 8800 Series Switch and Summit X450 Family of Switches Only......................................................................................391 Applying Egress Bandwidth to a PortBlackDiamond 10808 and 12804 Switch Only ..................392 Applying Egress Bandwidth to a QoS Queue...............................................................................393 Bi-Directional Rate ShapingBlackDiamond 10808 Switch Only ................................................393 Bandwidth Settings ...........................................................................................................394 Configuring Bi-Directional Rate Shaping..............................................................................395 Hierarchical QoSBlackDiamond 12804 R-Series Switch Only...................................................396 HQoS Implementation .......................................................................................................397 Guidelines for Using Ingress-Only and Ingress and Egress HQoS ............................................402 Configuring HQoS Ingress and Egress Queues ......................................................................403 Displaying HQoS ...............................................................................................................405 HQoS Example..................................................................................................................408

Chapter 17: Security ................................................................................................................... 411Security Overview....................................................................................................................411 Safe Defaults Mode .................................................................................................................413 MAC Address Security .............................................................................................................413 Limiting Dynamic MAC Addresses.......................................................................................414 MAC Address Lock Down ...................................................................................................415 Gratuitous ARP Protection..................................................................................................416 DHCP Server ..........................................................................................................................417 Enabling and Disabling DHCP ............................................................................................417 Configuring the DHCP Server..............................................................................................417 Displaying DHCP Information .............................................................................................418 Denial of Service Protection .....................................................................................................418 Configuring Simulated Denial of Service Protection ..............................................................419 Configuring Denial of Service Protection ..............................................................................419 Authenticating Users Using RADIUS or TACACS+ ......................................................................420 RADIUS ...........................................................................................................................421 Configuring RADIUS ..........................................................................................................424 TACACS+ .........................................................................................................................429 Secure Shell 2 ........................................................................................................................434 Enabling SSH2 for Inbound Switch Access ..........................................................................434 Using ACLs to Control SSH2 Access ...................................................................................436 Using SCP2 from an External SSH2 Client ..........................................................................437 SSH2 Client Functions on the Switch..................................................................................437

12



Contents Secure Socket Layer ................................................................................................................438 Enabling and Disabling SSL ...............................................................................................439 Creating Certificates and Private Keys .................................................................................440 Displaying SSL Information ................................................................................................442

Chapter 18: Network Login .......................................................................................................... 443Network Login Overview ...........................................................................................................443 Web-Based, MAC-Based, and 802.1x Authentication............................................................444 Multiple Supplicant Support ..............................................................................................445 Campus and ISP Modes .....................................................................................................446 Network Login and Hitless FailoverModular Switches Only .................................................446 Configuring Network Login .......................................................................................................447 Enabling or Disabling Network Login on the Switch ..............................................................448 Enabling or Disabling Network Login on a Specific Port ........................................................448 Configuring the Move Fail Action ........................................................................................448 Displaying Network Login Settings ......................................................................................448 Exclusions and Limitations.................................................................................................449 Authenticating Users ...............................................................................................................449 Creating User Accounts on the RADIUS Server.....................................................................449 Configuring Local Database Authentication ..........................................................................453 802.1x Authentication.............................................................................................................457 Interoperability Requirements.............................................................................................458 Enabling and Disabling 802.1x Network Login .....................................................................458 802.1x Network Login Configuration Example......................................................................459 Configuring Guest VLANs ...................................................................................................460 Post-authentication VLAN Movement ..................................................................................461 Web-Based Authentication .......................................................................................................462 Enabling and Disabling Web-Based Network Login ...............................................................462 Configuring the Base URL ..................................................................................................462 Configuring the Redirect Page ............................................................................................463 Configuring Session Refresh ...............................................................................................463 Configuring Logout Privilege...............................................................................................463 Web-Based Network Login Configuration Example ................................................................463 Web-Based Authentication User Login.................................................................................465 MAC-Based Authentication ......................................................................................................467 Enabling and Disabling MAC-Based Network Login ...............................................................467 Associating a MAC Address to a Specific Port ......................................................................468 Adding and Deleting MAC Addresses...................................................................................468 Displaying the MAC Address List ........................................................................................468 Secure MAC Configuration Example ....................................................................................469 MAC-Based Network Login Configuration Example................................................................469 Additional Network Login Configuration Details ..........................................................................470 Configuring Netlogin MAC-Based VLANsBlackDiamond 8800 Series Switch and the Summit X450 Family of Switches Only ..........................................................................470

Chapter 19: CLEAR-Flow .............................................................................................................. 473Overview ................................................................................................................................473 Configuring CLEAR-Flow ..........................................................................................................473 Displaying CLEAR-Flow Configuration and Activity................................................................474


13


Contents Adding CLEAR-Flow Rules to ACLs ...........................................................................................474 CLEAR-Flow Rule Match Type ............................................................................................475 CLEAR-Flow Rule Match Conditions....................................................................................476 CLEAR-Flow Rule Actions ..................................................................................................482 CLEAR-Flow Rule Examples .....................................................................................................487 Count Expression Example .................................................................................................487 Delta Expression Example ..................................................................................................488 Ratio Expression Example ..................................................................................................489 Delta-Ratio Expression Example..........................................................................................490

Part 2: Using Switching and Routing ProtocolsChapter 20: Ethernet Automatic Protection Switching.................................................................... 493Licensing ...............................................................................................................................493 Overview of the EAPS Protocol .................................................................................................494 Fast Convergence ..............................................................................................................495 EAPS and Hitless FailoverModular Switches Only..............................................................495 Fault Detection and Recovery ...................................................................................................496 Link Down Message Sent by a Transit Node .........................................................................497 Ring Port Down Event Sent by Hardware Layer .....................................................................497 Polling .............................................................................................................................498 Restoration Operations.......................................................................................................498 Multiple EAPS Domains...........................................................................................................499 EAPS Data VLAN Spanning Two Rings Connected by One Switch...........................................499 Multiple EAPS Domains per RingSpatial Reuse.................................................................500 Multiple EAPS Rings Sharing a Common Link ......................................................................502 Configuring EAPS on a Switch ..................................................................................................503 Creating and Deleting an EAPS Domain...............................................................................504 Defining the EAPS Mode of the Switch................................................................................504 Configuring EAPS Polling Timers ........................................................................................505 Configuring the Primary and Secondary Ports .......................................................................506 Configuring the EAPS Control VLAN ....................................................................................507 Adding the EAPS Protected VLANs .....................................................................................508 Enabling and Disabling Fast Convergence ............................................................................508 Enabling and Disabling an EAPS Domain.............................................................................508 Enabling and Disabling EAPS on the Switch ........................................................................509 Unconfiguring an EAPS Ring Port .......................................................................................509 Disabling EAPS Loop Protection Warning Messages ..............................................................510 Displaying EAPS Status Information....................................................................................511 Configuring EAPS Shared Ports ................................................................................................514 Steady State .....................................................................................................................515 Common Link Failures .......................................................................................................515 Flushing the FDBs.............................................................................................................517 Creating and Deleting a Shared Port....................................................................................517 Defining the Mode of the Shared Port..................................................................................517 Configuring the Link ID of the Shared Port...........................................................................517 Configuring the Shared Port Segment Timer.........................................................................518 Unconfiguring an EAPS Shared Port....................................................................................518 Displaying EAPS Shared-Port Status Information..................................................................518 EAPS Shared Port Configuration Rules ......................................................................................521

14



Contents EAPS Shared Port Configuration Examples ................................................................................522 Basic Configuration ...........................................................................................................522 Basic Core Configuration....................................................................................................523 Right Angle Configuration ..................................................................................................523 Combined Basic Core and Right Angle Configuration ............................................................524 Large Core and Access Rings Configuration..........................................................................525 Advanced Configuration .....................................................................................................526

Chapter 21: Spanning Tree Protocol............................................................................................. 527Overview of the Spanning Tree Protocol.....................................................................................527 Spanning Tree Domains ...........................................................................................................527 Member VLANs .................................................................................................................528 STPD Modes.....................................................................................................................529 Encapsulation Modes.........................................................................................................530 STP States .......................................................................................................................532 Binding Ports....................................................................................................................532 Rapid Root Failover ...........................................................................................................534 STP and Hitless FailoverModular Switches Only ................................................................535 STP Configurations..................................................................................................................536 Basic STP Configuration ....................................................................................................536 Multiple STPDs on a Port ...................................................................................................539 VLANs Spanning Multiple STPDs........................................................................................539 EMISTP Deployment Constraints ........................................................................................540 Per VLAN Spanning Tree..........................................................................................................542 STPD VLAN Mapping.........................................................................................................542 Native VLAN .....................................................................................................................542 Rapid Spanning Tree Protocol ..................................................................................................542 RSTP Concepts .................................................................................................................543 RSTP Operation ................................................................................................................546 Multiple Spanning Tree Protocol...............................................................................................553 MSTP Concepts ................................................................................................................553 MSTP Operation................................................................................................................562 STP Rules and Restrictions ......................................................................................................564 Configuring STP on the Switch .................................................................................................564 STP Configuration Examples ..............................................................................................566 Displaying STP Settings...........................................................................................................571

Chapter 22: Extreme Standby Router Protocol ............................................................................... 575Licensing ...............................................................................................................................575 Overview of ESRP ...................................................................................................................576 ESRP Modes of Operation ..................................................................................................576 ESRP and ELRP................................................................................................................576 Reasons to Use ESRP ........................................................................................................577 ESRP Concepts.......................................................................................................................577 ESRP-Aware Switches .......................................................................................................578 Standard and Extended ESRP ............................................................................................580 ESRP Domains .................................................................................................................581 Linking ESRP Switches......................................................................................................582 ESRP and Hitless FailoverModular Switches Only..............................................................582


15


Contents Determining the ESRP Master ..................................................................................................583 Master Switch Behavior .....................................................................................................584 Pre-Master Switch Behavior................................................................................................584 Slave Switch Behavior .......................................................................................................584 Neutral Switch Behavior ....................................................................................................584 Electing the Master Switch.................................................................................................584 ESRP Failover Time...........................................................................................................585 ESRP Election Algorithms ..................................................................................................585 Configuring an ESRP Domain on a Switch .................................................................................587 Creating and Deleting an ESRP Domain...............................................................................588 Configuring the ESRP Domain ID........................................................................................589 Adding VLANs to an ESRP Domain .....................................................................................589 Enabling and Disabling an ESRP Domain ............................................................................590 Advanced ESRP Features.........................................................................................................590 ESRP Tracking..................................................................................................................590 ESRP Port Restart .............................................................................................................593 ESRP Host Attach .............................................................................................................594 ESRP Port Weight and Dont Count .....................................................................................595 ESRP Groups ....................................................................................................................595 Displaying ESRP Information ...................................................................................................596 Using ELRP with ESRP............................................................................................................597 Using ELRP with ESRP to Recover Loops ............................................................................597 Configuring ELRP..............................................................................................................598 Displaying ELRP Information..............................................................................................599 ESRP Examples ......................................................................................................................600 Single Domain Using Layer 2 and Layer 3 Redundancy.........................................................600 Multiple Domains Using Layer 2 and Layer 3 Redundancy ....................................................602 ESRP Cautions .......................................................................................................................604 Configuring ESRP and IP Multinetting.................................................................................604 ESRP and STP..................................................................................................................604 ESRP and VRRP ...............................................................................................................604 ESRP Groups and Host Attach............................................................................................604 Port Configurations and ESRP ............................................................................................604

Chapter 23: Virtual Router Redundancy Protocol........................................................................... 605Licensing ...............................................................................................................................605 Overview of VRRP ...................................................................................................................606 Determining the VRRP Master ..................................................................................................606 VRRP Tracking..................................................................................................................606 Electing the Master Router.................................................................................................609 Additional VRRP Highlights......................................................................................................609 VRRP Operation ......................................................................................................................610 Simple VRRP Network Configuration ...................................................................................610 Fully Redundant VRRP Network..........................................................................................611 VRRP Configuration Parameters................................................................................................612 VRRP Examples ......................................................................................................................613 Configuring the Simple VRRP Network ................................................................................613 Configuring the Fully Redundant VRRP Network...................................................................614

16



Contents VRRP Cautions .......................................................................................................................615 Assigning Multiple Virtual IP Addresses...............................................................................615 VRRP and ESRP ...............................................................................................................615

Chapter 24: IPv4 Unicast Routing................................................................................................. 617Overview of IPv4 Unicast Routing .............................................................................................617 Router Interfaces ..............................................................................................................618 Populating the Routing Table .............................................................................................618 Proxy ARP ..............................................................................................................................621 ARP-Incapable Devices ......................................................................................................622 Proxy ARP Between Subnets ..............................................................................................622 Configuring IPv4 Unicast Routing .............................................................................................622 Verifying the IPv4 Unicast Routing Configuration .......................................................................623 Routing Configuration Example.................................................................................................623 IPv4 Multinetting ....................................................................................................................625 Multinetting Topology ........................................................................................................625 How Multinetting Affects Other Features .............................................................................626 Configuring IPv4 Multinetting.............................................................................................630 IP Multinetting Examples ...................................................................................................630 Configuring DHCP/BOOTP Relay ...............................................................................................631 Configuring the DHCP Relay Agent Option (Option 82) .........................................................631 Verifying the DHCP/BOOTP Relay Configuration ...................................................................632 UDP Forwarding......................................................................................................................632 Configuring UDP Forwarding ..............................................................................................633 UDP Echo Server ..............................................................................................................634

Chapter 25: IPv6 Unicast Routing................................................................................................. 635Overview of IPv6 Unicast Routing .............................................................................................635 Router Interfaces ..............................................................................................................636 Specifying IPv6 Addresses .................................................................................................636 Neighbor Discovery Protocol ...............................................................................................638 Populating the Routing Table .............................................................................................639 Configuring IP Unicast Routing ................................................................................................642 Verifying the IP Unicast Routing Configuration .....................................................................642 Routing Configuration Example.................................................................................................643 Tunnel Configuration Examples ................................................................................................644 6in4 Tunnel Configuration Example ....................................................................................645 6to4 Tunnel Configuration Example .............................................

Documents

EW_XOSConcepts11_5