Page 1 Part No. 060179-10, Rev. C April 2004 OmniSwitch 6624/6648 Network Configuration Guide www.alcatel.com...
Page 2 The functionality described in this guide is subject to change without notice. Copyright © 2004 by Alcatel Internetworking, Inc. All rights reserved. This document may not be repro- duced in whole or in part without the express written permission of Alcatel Internetworking, Inc.
Page 3: Table Of Contents
Configuring the Flow Control Wait Time ............1-10 Restoring the Flow Control Wait Time ............1-11 Setting Interface Line Speed ..................1-11 Configuring Duplex Mode ..................1-12 Enabling and Disabling Interfaces .................1-12 Configuring Inter-frame Gap Values ..............1-13 Resetting Statistics Counters ..................1-14 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 4 Configuring a Source Learning Time Limit ..............3-7 Configuring the Number of MAC Addresses Allowed ...........3-8 Configuring Authorized MAC Addresses ...............3-8 Configuring an Authorized MAC Address Range ............3-9 Selecting the Security Violation Mode .................3-10 Displaying Learned Port Security Information .............3-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 5 Selecting the VLAN Bridge Protocol (802.1D or 802.1w) ........5-11 Enabling/Disabling the VLAN BPDU Switching Status ........5-11 Configuring VLAN Bridge Priority ...............5-11 Configuring VLAN Bridge Hello Time ..............5-12 Configuring VLAN Bridge Max Age Time ............5-12 Configuring VLAN Bridge Forward Delay Time ..........5-13 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 6 Verifying VLAN Port Associations and Mobile Port Properties ........6-19 Understanding ‘show vlan port’ Output ..............6-19 Understanding ‘show vlan port mobile’ Output .............6-20 Chapter 7 Defining VLAN Rules ....................7-1 In This Chapter ........................7-1 VLAN Rules Specifications ....................7-2 VLAN Rules Defaults ....................7-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 7 AIP Specifications ......................8-2 AMAP Defaults ......................8-2 GMAP Defaults ......................8-2 AMAP Overview ......................8-3 AMAP Transmission States ..................8-3 Discovery Transmission State ................8-4 Common Transmission State ................8-4 Passive Reception State ..................8-4 Common Transmission and Remote Switches ............8-5 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 8 Deleting a Static Aggregate Group ..............10-8 Adding and Deleting Ports in a Static Aggregate Group ........10-9 Adding Ports to a Static Aggregate Group ............10-9 Removing Ports from a Static Aggregate Group ...........10-12 viii OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 9 Modifying Dynamic Aggregate Partner Port Parameters ........11-26 Modifying the Partner Port System Administrative State ......11-26 Modifying the Partner Port Administrative Key ...........11-28 Modifying the Partner Port System ID ............11-28 Modifying the Partner Port System Priority ..........11-29 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 10 Internet Control Message Protocol (ICMP) ............12-15 ICMP Control Table ..................12-18 ICMP Statistics Table ..................12-18 Using the Ping Command ..................12-19 Tracing an IP Route ....................12-19 Displaying TCP Information ................12-19 Displaying UDP Information ................12-20 Verifying the IP Configuration ...................12-20 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 11 Chapter 14 Configuring RDP ....................... 14-1 In This Chapter ......................14-1 RDP Specifications .......................14-2 RDP Defaults ........................14-2 Quick Steps for Configuring RDP ................14-3 RDP Overview ......................14-5 RDP Interfaces .......................14-6 Security Concerns ....................14-7 Enabling/Disabling RDP ....................14-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 12 VRRP Specifications .....................16-2 VRRP Defaults ......................16-2 Quick Steps for Configuring VRRP ................16-3 VRRP Overview ......................16-4 Why Use VRRP? ....................16-5 Definition of a Virtual Router ................16-5 VRRP MAC Addresses ..................16-6 ARP Requests ....................16-6 ICMP Redirects ....................16-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 13 Common Entries ....................17-16 Directory Entries ...................17-17 Directory Searches ..................17-18 Retrieving Directory Search Results .............17-18 Directory Modifications ................17-18 Directory Compare and Sort ................17-19 The LDAP URL ....................17-19 Password Policies and Directory Servers ............17-20 OmniSwitch 6624/6648 Network Configuration Guide April 2004 xiii...
Page 14 Enabling DHCP Relay for Authentication Clients ..........18-30 Configuring a DHCP Gateway for the Relay ............18-31 Configuring the Server Authority Mode ..............18-32 Configuring Single Mode ..................18-32 Configuring Multiple Mode .................18-34 Specifying Accounting Servers ...................18-35 Verifying the AVLAN Configuration .................18-36 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 15 Configuring a Secure Socket Layer for a Policy Server ........20-6 Loading Policies From an LDAP Server ..............20-6 Removing LDAP Policies From the Switch ............20-6 Interaction With CLI Policies ................20-7 Verifying the Policy Server Configuration ..............20-7 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 16 Trusted and Untrusted Ports .................21-20 Configuring Trusted Ports ................21-21 Using Trusted Ports With Policies ..............21-21 Verifying the QoS Port and Queue Configuration ..........21-21 Creating Policies ......................21-22 Quick Steps for Creating Policies ................21-22 ASCII-File-Only Syntax ..................21-23 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 17 ICMP Policy Example ..................21-51 802.1p and ToS/DSCP Marking and Mapping ............21-51 Chapter 22 Configuring ACLs ...................... 22-1 In This Chapter ......................22-1 ACL Specifications .......................22-2 ACL Defaults ........................22-2 Quick Steps for Creating ACLs ..................22-3 OmniSwitch 6624/6648 Network Configuration Guide April 2004 xvii...
Page 18 Configuring and Removing a Static Neighbor ............23-6 Configuring a Static Neighbor .................23-6 Removing a Static Neighbor ................23-7 Configuring and Removing a Static Querier ............23-7 Configuring a Static Querier ................23-7 Removing a Static Querier ................23-7 xviii OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 19 Using Port Mirroring with External RMON Probes ..........24-11 Creating a Mirroring Session ................24-12 Unblocking Ports (Protection from Spanning Tree) ..........24-12 Enabling or Disabling Mirroring Status ...............24-13 Creating a Mirroring Session and Enabling Mirroring Status ......24-13 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 20 Disabling an IP Address from Receiving Switch Logging Output ....25-10 Displaying Switch Logging Status ...............25-10 Configuring the Switch Logging File Size ............25-11 Clearing the Switch Logging Files ...............25-11 Displaying Switch Logging Records ..............25-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 21 Appendix A Software License and Copyright Statements .............A-1 Alcatel License Agreement .................... A-1 ALCATEL INTERNETWORKING, INC. (“AII”) SOFTWARE LICENSE AGREEMENT ......................A-1 Third Party Licenses and Notices .................. A-4 A. Booting and Debugging Non-Proprietary Software .......... A-4 B. The OpenLDAP Public License: Version 2.4, 8 December 2000 ..... A-4 C.
Page 22 Contents xxii OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 23: About This Guide
The software features described in this manual are shipped standard with your OmniSwitch 6624 or 6648. These features are used when setting up your OmniSwitch in a network of switches and routers.
Page 24: Who Should Read This Manual
The audience for this user guide is network administrators and IT support personnel who need to config- ure, maintain, and monitor switches and routers in a live network. However, anyone wishing to gain knowledge on how fundamental software features are implemented in the OmniSwitch 6624 or 6648 will benefit from the material in this configuration guide.
Page 25: How Is The Information Organized
OmniSwitch. It is not intended as a comprehensive refer- ence to all CLI commands available in the OmniSwitch. For such a reference to all OmniSwitch 6624 or OmniSwitch 6648 CLI commands, consult the OmniSwitch CLI Reference Guide.
Page 26 The OmniSwitch 6624/6648 Switch Management Guide is the primary user guide for the basic software features on a single switch. This guide contains information on the switch directory structure, basic file and directory utilities, switch access security, SNMP, and web-based management.
Page 27: Related Documentation
The following are the titles and descriptions of all the OmniSwitch 6624/6648 user manuals: OmniSwitch 6624/6648 Getting Started Guide • Describes the hardware and software procedures for getting an OmniSwitch 6624 or 6648 up and running. Also provides information on fundamental aspects of OmniSwitch software and stacking architecture.
Page 28: User Manual Cd
About This Guide User Manual CD All user guides for the OmniSwitch 6624 and 6648 are included on the User Manual CD that accompa- nied your switch. This CD also includes user guides for other Alcatel data enterprise products. In addition, it contains a stand-alone version of the on-line help system that is embedded in the OmniVista network management application.
Page 29: In This Chapter
“Configuring Auto Negotiation, Crossover, and Flow Control Settings” on page 1-16 • For information about CLI commands that can be used to view Ethernet port parameters, see the OmniSwitch CLI Reference Guide. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 1-1...
Page 30: Chapter 1 Configuring Ethernet Ports
Port Mirroring Support Fast Ethernet and Gigabit Ethernet ports 802.1Q Hardware Tagging Fast Ethernet and Gigabit Ethernet ports Maximum Frame Size 1522 bytes if frame is 802.1Q is tagged, 1518 bytes otherwise page 1-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 31: Ethernet Port Defaults
42 Mbps (Fast Ethernet) 496 Mbps (Gigabit Ethernet) Auto negotiation interfaces autoneg Enable Crossover interfaces crossover Auto for all copper ports; Disable for all fiber modules Flow (pause) interfaces flow Enable OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 1-3...
Page 32: Configuring Ethernet Ports Tutorial
0 to 100 Mbps for Fast Ethernet, or 0 to 996 Mbps for Gigabit Ethernet. For example, to configure the peak flood rate value for the interface in slot 1, port 1 to 42 Mbps enter: -> interfaces 1/1 flood rate 42 page 1-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 33 Bytes transmitted : Lost Frames Unicast Frames Broadcast Frames Multicast Frames UnderSize Frames OverSize Frames Collision Frames Error Frames For more information about available show commands, refer to the OmniSwitch CLI Reference Guide. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 1-5...
Page 34: Ethernet Ports Overview
802.1Q is tagged. Otherwise, 1518 bytes are supported. OmniSwitch 6648 LINK/ACT LINK/ACT CONSOLE EXPANSION/STACKING EXPANSION TEMP LINK/ACT LINK/ACT 10/100 Ethernet Ports 1 through 48 Optional Stacking or Gigabit Ethernet Modules, Ports 49, 50, 51, and 52 page 1-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 35: Omniswitch 6624
Ethernet Ports Overview OmniSwitch 6624 The OmniSwitch 6624 provides 24 10/100 Mbps ports and two expansion slots. The expansion slots are empty by default. Optionally, they can hold either four Gigabit Ethernet ports or two Gigabit Ethernet ports and two stacking connections. Port numbers 1 through 24 support both 10 Mbps Ethernet and 100 Mbps Fast Ethernet interfaces.
Page 36: Setting Ethernet Port Parameters
1 through 48 on the OmniSwitch 6648 and ports 1 through 24 on the OmniSwitch 6624. Likewise, Gigabit Ethernet is only supported on OmniSwitch 6648 ports 49 through 52 and OmniSwitch 6624 and 6600-U24 ports 25 through 28 when the optional Gigabit expansion modules are installed.
Page 37: Setting Flow Control
To disable flow control on a range of ports, enter no flow followed by the slot number, a slash (/), the first port number, a hyphen, and the last port number. For example, to disable flow control on ports 1 through 3 on slot 2 enter: -> no flow 2/1-3 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 1-9...
Page 38: Setting Flow Control Wait Time
For example, to configure the flow control wait time as 96 microseconds on slot 2 port 3 and document the interface type as Fast Ethernet enter: -> flow fastethernet 2/3 wait 96 page 1-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 39: Restoring The Flow Control Wait Time
(-), the last port number, and the desired speed. For example, to set the line speed on ports 1 through 3 on slot 2 at 100 Mbps enter: -> interfaces 2/1-3 speed 100 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 1-11...
Page 40: Configuring Duplex Mode
To enable or disable an entire slot enter interfaces followed by the slot number, admin, and the desired administrative setting (either up or down). For example, to administratively disable slot 2 enter: -> interfaces 2 admin down page 1-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 41: Configuring Inter-Frame Gap Values
Note. This command is only valid on Gigabit ports. Gigabit Ethernet is supported only on ports 49 through 51 on the OmniSwitch 6648 and ports 25 through 28 on the OmniSwitch 6624 and 6600-U24 when Gigabit Ethernet expansion modules are installed.
Page 42: Resetting Statistics Counters
You cannot configure specific ports or ranges of ports. Note. To enable flood multicasting on an interface, see “Enabling Maximum Flood Rate for Multicast Traffic” on page 1-15. page 1-14 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 43: Enabling Maximum Flood Rate For Multicast Traffic
To configure the peak flood rate for an entire slot enter interfaces followed by the slot number, flood rate, and the flood rate in bytes. For example, to configure the peak flood rate on slot 2 as 42 bytes enter: -> interfaces 2 flood rate 42 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 1-15...
Page 44: Configuring A Port Alias
To enable or disable auto negotiation on an entire switch enter interfaces followed by the slot number, autoneg, and either enable or disable. For example, to enable auto negotiation on slot 2 enter: -> interfaces 2 autoneg enable page 1-16 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 45: Configuring Crossover Settings
To configure crossover settings on an entire switch enter interfaces followed by the slot number, cross- over, and the desired setting. For example, to set the crossover configuration to auto on slot 2 enter: -> interfaces 2 crossover auto OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 1-17...
Page 46: Enabling And Disabling Flow
For example, to enable flow control on port 3 on slot 2 and document the port as Fast Ethernet enter: -> interfaces fastethernet 2/3 flow enable Note. If auto negotiation is disabled and then later enabled on an interface, the original flow setting will then be restored. page 1-18 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 47: Verifying Ethernet Port Configuration
These commands can be quite useful in troubleshooting and resolving potential configuration issues or problems on your switch. For more information about the resulting displays from these commands, see the OmniSwitch CLI Reference Guide. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 1-19...
Page 48 Verifying Ethernet Port Configuration Configuring Ethernet Ports page 1-20 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 49: Chapter 2 Managing Source Learning
Creating a static MAC address table entry on page 2-4. • Configuring the MAC address table aging time on page 2-6. • Displaying MAC address table information on page 2-7. • OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 2-1...
Page 50: Source Learning Specifications
The show mac-address-table command is also useful for monitoring general source learning activity and verifying dynamic VLAN assignments of addresses received on mobile ports. Create VLAN 200, if it does not already exist, using the following command: -> vlan 200 page 2-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 51 To verify the new aging time value for VLAN 200, enter show mac-address-table aging-time vlan followed by 200. For example, -> show mac-address-table aging-time vlan 200 Mac Address Aging Time (seconds) for Vlan 200 = 1200 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 2-3...
Page 52: Mac Address Table Overview
Traffic sent to or from a filtered MAC address is dropped. Enter bridging for regular traffic flow to or from the MAC address. For more information about Layer 2 filtering, see Chapter 21, “Configuring QoS.” page 2-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 53: Configuring Static Mac Addresses
VLAN 455: -> mac-address-table 00:95:2A:00:3E:4C linkagg 2 455 For more information about configuring a link aggregate of ports, see Chapter 10, “Configuring Static Link Aggregation” Chapter 11, “Configuring Dynamic Link Aggregation.” OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 2-5...
Page 54: Configuring Mac Address Table Aging Time
-> no mac-address-table aging-time vlan 255 To display the aging time value for one or all VLANs, use the show mac-address-table aging-time command. For more information about this command, see the OmniSwitch CLI Reference Guide. page 2-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 55: Displaying Mac Address Table Information
For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show mac-address-table and show mac-address-table aging-time commands is also given in “Sample MAC Address Table Configuration” on page 2-2. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 2-7...
Page 56 Displaying MAC Address Table Information Managing Source Learning page 2-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 57: In This Chapter
Selecting the security violation mode for an LPS port on page 3-10. • Displaying LPS configuration information on page 3-10. • For more information about source MAC address learning, see Chapter 2, “Managing Source Learning.” OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 3-1...
Page 58: Chapter 3 Configuring Learned Port Security
Maximum number of configurable MAC address ranges per LPS port. Maximum number of learned MAC addresses per OmniSwitch 6624/6648 (applies to all ports on the switch). Maximum number of learned MAC addresses per stack of OmniSwitch 6624/6648 switches (applies across all stack ports).
Page 59: Sample Learned Port Security Configuration
00:00:00:00:00:00 ff:ff:ff:ff:ff:ff 00:da:92:00:1a:20 configured To verify the new source learning time limit value, use the show port-security shutdown command. For example: -> show port-security shutdown LPS Shutdown = 30 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 3-3...
Page 60: Learned Port Security Overview
LPS functionality is supported on the following 10/100 and Gigabit Ethernet port types: Fixed (non-mobile) • Mobile • 802.1Q tagged • Authenticated • The following port types are not supported: Link aggregate • Tagged (trunked) link aggregate • page 3-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 61: How Lps Authorizes Source Mac Addresses
MAC address entry in the LPS table until the switch configuration file is saved and the switch is rebooted. If a reboot occurs before this is done, all dynamically learned MAC addresses in the LPS table are cleared. OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 62: Static Configuration Of Authorized Mac Addresses
To view the contents of the LPS table, use the show port-security command. Refer to the OmniSwitch CLI Reference Guide for more information about this command. page 3-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 63: Enabling/Disabling Learned Port Security
MAC addresses learned meets or exceeds the maximum number of addresses allowed, even if the LPS time limit has not expired. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 3-7...
Page 64: Configuring The Number Of Mac Addresses Allowed
-> port-security 4/12 no mac 00:20:95:00:fa:5c Note that when a MAC address is cleared from the LPS table, it is automatically cleared from the source learning MAC address table at the same time. page 3-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 65: Configuring An Authorized Mac Address Range
00:da:25:59:0c:10–ff:ff:ff:ff:ff:ff and 00:00:00:00:00:00–00:da:25:00:00:9a: -> port-security 2/8 mac-range low pp:da:25:59:0c -> port-security 2/10 mac-range high 00:da:25:00:00:9a Refer to the OmniSwitch CLI Reference Guide for more information about this command. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 3-9...
Page 66: Selecting The Security Violation Mode
For more information about the resulting display from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show port-security and show port-security shutdown commands is also given in “Sample Learned Port Security Configuration” on page 3-3. page 3-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 67: Chapter 4 Configuring Vlans
In a switch-based network, such as one comprised of Alcatel switching systems, a broadcast domain—or VLAN— can span multiple physical switches and can include ports from a variety of media types. For example, a single VLAN could span three different switches located in different buildings and include 10/100 Ethernet, Gigabit Ethernet, 802.1q tagged ports and/or a link aggregate of ports.
Page 68: Vlan Specifications
Maximum authenticated VLANs per stack MAC Router Mode Supported Single CLI Command Prefix Recognition All VLAN management commands support prefix recognition. See the “Using the CLI” chapter in the OmniSwitch 6624/6648 Switch Management Guide for more information. VLAN Defaults Parameter Description Command Default...
Page 69: Sample Vlan Configuration
To verify that ports 3/2-4 were assigned to VLAN 255, use the show vlan port command. For example: -> show vlan 255 port port type status --------+---------+-------------- default inactive default inactive default inactive OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 4-3...
Page 70: Vlan Management Overview
This eliminates the need to physically change a network device connection or location when adding or removing devices from the VLAN broadcast domain. The VLAN management software handles the following VLAN configuration tasks performed on an Alcatel switch: Creating or modifying VLANs.
Page 71: Creating/Modifying Vlans
Creating/Modifying VLANs Creating/Modifying VLANs The initial configuration for all Alcatel switches consists of a default VLAN 1 and all switch ports are initially assigned to this VLAN. When a switching module is added to the switch, the module’s physical ports are also assigned to VLAN 1. If additional VLANs are not configured on the switch, then the entire switch is treated as one large broadcast domain.
Page 72: Enabling/Disabling The Vlan Administrative Status
-> vlan 455 name Marketing-IP-Network Defining VLAN Port Assignments Alcatel switches support static and dynamic assignment of physical switch ports to a VLAN. Regardless of how a port is assigned to a VLAN, once the assignment occurs, a VLAN port association (VPA) is created and tracked by VLAN management software on each switch.
Page 73: Changing The Default Vlan Assignment For A Port
VLAN and not the matching rule VLAN. Chapter 6, “Assigning Ports to VLANs,” Chapter 7, “Defining VLAN Rules,” for more informa- tion and examples of dynamic VLAN port assignment. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 4-7...
Page 74: Configuring Vlan Rule Classification
MAC address vlan mac vlan mac range Network address vlan ip vlan ipx Protocol vlan protocol Custom (user-defined) vlan user Port vlan port page 4-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 75: Enabling/Disabling Vlan Mobile Tag Classification
If 802.1Q tagging is required on a fixed (non-mobile) port, then the vlan 802.1q command is still used to statically tag VLANs for the port. See Chapter 9, “Configuring 802.1Q,” for more information. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 4-9...
Page 76: Enabling/Disabling Spanning Tree For A Vlan
For more information about mobile port commands and Layer 2 authentication for Alcatel switches, see Chapter 6, “Assigning Ports to VLANs,” Chapter 18, “Config- uring Authenticated VLANs.” page 4-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 77: Configuring Vlan Router Ports
To view a list of VLAN IP router ports configured on the switch, use the show vlan router ip command. For more information about this command, see the OmniSwitch CLI Reference Guide. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 4-11...
Page 78: Modifying An Ip Router Port
-> vlan 1504 mtu-ip 576 To view the current MTU size for IP router VLANs, use the show vlan router ip command. For more information about this command, see the OmniSwitch CLI Reference Guide. page 4-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 79: What Is Single Mac Router Mode
What is Single MAC Router Mode? The OmniSwitch 6624/6648 operates only in single MAC router mode. In this mode, each router port VLAN is assigned the same MAC address, which is the base chassis MAC address for the switch. As a result, up to 4094 IP router port VLANs are supported per single switch or per stack of switches.
Page 80: Bridging Vlans Across Multiple Switches
The key is that the port must belong to the same VLAN on each switch. To carry multiple VLANs between switches across a single physical connection cable, use the 802.1Q tagging feature (see Chapter 9, “Configuring 802.1Q”). page 4-14 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 81: Verifying The Vlan Configuration
For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show vlan and show vlan port commands is also given in “Sample VLAN Configuration” on page 4-3. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 4-15...
Page 82 Verifying the VLAN Configuration Configuring VLANs page 4-16 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 83: Chapter 5 Configuring Spanning Tree Parameters
STP Bridge Protocol Data Units (BPDU) received on switch ports and port link up and down states in the event of a CMM fail over to a backup CMM. In addition, the Alcatel distributed implementation incorporates the following Spanning Tree features: Configures a physical topology into a single Spanning Tree to ensure that there is only one data path •...
Page 84: Spanning Tree Specifications
802.1Q tagged ports Link aggregate of ports CLI Command Prefix Recognition All Spanning Tree commands support prefix recognition. See the “Using the CLI” chapter in the OmniSwitch 6624/6648 Switch Management Guide for more information. Spanning Tree Defaults Parameter Description Command...
Page 85: Spanning Tree Overview
Spanning Tree Overview Spanning Tree Overview Alcatel switches support the use of the traditional STP defined in the IEEE 802.1D standard and the Rapid Spanning Tree Algorithm and Protocol (RSTP) defined in the IEEE 802.1w standard. RSTP expedites topology changes by allowing blocked ports to transition directly into a forwarding state, bypassing listen- ing and learning states.
Page 86 (except for the root bridge). Data travels back and forth between bridges over forwarding port connections that form the best, non-redundant path to the root. The active topology ensures that network loops do not exist. page 5-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 87: Bridge Protocol Data Units (Bpdu)
Each switch chassis is assigned a dedicated base MAC address. This is the MAC address that is combined with the priority value to provide a unique Bridge ID for the switch. For more information about the base MAC address, the OmniSwitch 6624/6648 Hardware Users Guide.
Page 88: Topology Examples
If a new switch is added to the network, the Spanning Tree topology is automatically recalculated to include the monitor- ing of links to the new switch. page 5-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 89 Switch D than the path between Switch B and Switch A. As a result, a network loop is avoided. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 5-7...
Page 90: Spanning Tree Operating Modes
The following diagram shows a switch running in the flat STP mode. All ports, regardless of their default VLAN configuration or tagged VLAN assignments, are considered part of one Spanning Tree instance. page 5-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 91: Using 1X1 Spanning Tree Mode
However, if a VLAN appears as the configured default VLAN for the port, then BPDU are not tagged and the single Spanning Tree instance applies. To change the Spanning Tree operating mode to 1x1, enter the following command: -> bridge mode 1x1 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 5-9...
Page 92: Configuring Stp Vlan Parameters
Tree instance. If a switch is running in the flat STP mode, disabling Spanning Tree on VLAN 1 disables the instance for all VLANs. For more information about configuring VLANs, see Chapter 4, “Configuring VLANs.” page 5-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 93: Selecting The Vlan Bridge Protocol (802.1D Or 802.1W)
Note. Configuring a VLAN with a priority value that will cause the VLAN to become the root is recom- mended, instead of relying on the STP comparison of switch base MAC addresses to determine the root. OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 94: Configuring Vlan Bridge Hello Time
Spanning Tree mode, then the max age value is defined for VLAN 1. Specify- ing a low max age time may cause STP to reconfigure the topology more often. page 5-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 95: Configuring Vlan Bridge Forward Delay Time
-> bridge 455 forward delay 10 To view the VLAN forward delay time value, use the show spantree command. For more information about this command, see the OmniSwitch CLI Reference Guide. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 5-13...
Page 96: Configuring Stp Port Parameters
For example, the following command disables STP for link aggregate 29 associated with VLAN 755: -> bridge 755 29 disable page 5-14 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 97: Configuring Port Priority
Chapter 11, “Configuring Dynamic Link Aggregation.” To view the STP priority for a port, use the show spantree ports command. For more information about this command, see the OmniSwitch CLI Reference Guide. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 5-15...
Page 98: Configuring Port Path Cost
If the path cost for a link aggregate is set to zero, the following default values used are based on link speed and link aggregate size. Note that for Gigabit ports the aggregate size is not applicable in this case: page 5-16 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 99: Configuring Port Mode
Spanning Tree instance) then the port’s slot/port designation followed by mode and then enter either forwarding, blocking or dynamic. For example, the following command sets the mode for port 1 on slot 8 for VLAN 10 to forwarding. -> bridge 10 8/1 mode forwarding OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 5-17...
Page 100: Mode For Link Aggregate Ports
If the switch is running in the 1x1 Spanning Tree mode, then the connection type applies to the specified VLAN STP instance associated with the port. If the switch is running in the flat Spanning Tree mode, then page 5-18 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 101: Connection Type On Link Aggregate Ports
Aggregation,” Chapter 11, “Configuring Dynamic Link Aggregation.” To view the port connection type, use the show spantree ports command. For more information about this command, see the OmniSwitch CLI Reference Guide. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 5-19...
Page 102: Sample Spanning Tree Configuration
The path cost for each port connection defaults to a value based on the link speed. For example, the • connection between Switch B and Switch C is a 100 Mbps link, which defaults to a path cost of 19. page 5-20 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 103: Example Network Configuration Steps
VLAN 255 on Switch D will have the lowest Bridge ID priority value of all four switches, which will qualify it as the Spanning Tree root VLAN for the VLAN 255 broadcast domain. OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 104 Cost Role Tx Port Cnx Cnx Desig Bridge ID -----+---+---+----+----+-----+-----+----+---+-----+---+---+---------------------- 7 ENA FORW ROOT NPT NPT 000A-00:d0:95:00:00:01 7 ENA BLOCK BACK NPT NPT 8000-00:d0:95:00:00:04 3/10 7 ENA BLOCK ALTN 3/10 NPT NPT 8000-00:d0:95:00:00:03 page 5-22 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 105: Verifying The Spanning Tree Configuration
For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show spantree and show spantree ports commands is also given in “Example Network Configuration Steps” on page 5-21. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 5-23...
Page 106 Verifying the Spanning Tree Configuration Configuring Spanning Tree Parameters page 5-24 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 107: Chapter 6 Assigning Ports To Vlans
Configuration procedures described in this chapter include: Statically assigning ports to VLANs on page 6-4. • Dynamically assigning ports to VLANs (port mobility) page 6-10. • Configuring mobile port properties (including authentication) on page 6-16. • OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 6-1...
Page 108: Port Assignment Specifications
Enable Layer 2 authentication on the vlan port authenticate Disabled mobile port Enable 802.1x port-based access vlan port 802.1x Disabled control on a mobile port page 6-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 109: Sample Vlan Port Assignment
-> show vlan port mobile 3/4 Mobility : on, Config Default Vlan: 255, Default Vlan Enabled: off, Default Vlan Perm : on, Default Vlan Restore: on, Authentication : off, Ignore BPDUs : off OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 6-3...
Page 110: Statically Assigning Ports To Vlans
VLAN management software on each switch. To display a list of all VPAs, use the show vlan port command. For more information, see “Verifying VLAN Port Associations and Mobile Port Properties” on page 6-19. page 6-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 111: How Dynamic Port Assignment Works
The following example shows how mobile ports are dynamically assigned using VLAN mobile tagging to classify mobile port traffic. This example includes diagrams showing the initial VLAN port assignment configuration and a diagram showing how the configuration looks after mobile port traffic is classified. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 6-5...
Page 112 VLAN 4. All three ports, however, retain their default VLAN 1 assignment, but now have an additional VLAN • port assignment that carries the matching traffic on the appropriate rule VLAN. page 6-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 113 Network 130.0.0.0 VLAN 1 VLAN 3 Default VLAN Network 138.0.0.0 Port 3 Port 1 Port 2 130.0.0.1 138.0.0.1 140.0.0.1 Dynamic VPA Default VLAN Tagged Mobile Port Traffic Triggers Dynamic VLAN Assignment OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 6-7...
Page 114: Vlan Rule Classification
VLAN 1 is the configured default VLAN for each port. • Three additional VLANs are configured on the switch, each one has an IP network address rule defined • for one of the IP subnets. page 6-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 115 VLAN 3 network address rule. Port 3 is assigned to VLAN 4 because the workstation is transmitting IP traffic on network 140.0.0.0 • that matches the VLAN 4 network address rule. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 6-9...
Page 116: Configuring Dynamic Vlan Port Assignment
VLAN should carry the traffic based on the type of classification, if any, defined for a particular VLAN. See “Dynamically Assigning Ports to VLANs” on page 6-4 for more information and examples of dynamic VLAN port assignment. page 6-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 117: Enabling/Disabling Port Mobility
The port is included in the Spanning Tree algorithm. • Mobility remains off on the port even if the port’s link is disabled or disconnected. Rebooting the • switch, however, will restore the port’s original mobile status. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 6-11...
Page 118 Spanning Tree is enabled on both the ports and their assigned VLANs) is not allowed. If mobility is required on this type of port, enable mobility and the BPDU ignore parameter when the port is not active. page 6-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 119: Understanding Mobile Port Properties
Mobile port receives IP and IPX protocol packets and one VLAN has an IP protocol rule and another • VLAN has an IPX protocol rule. The mobile port is dynamically assigned to both VLANs, which are now considered secondary VLANs for that port. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 6-13...
Page 120 VLAN. configured default VLAN. Restricts dynamic assignment to mobile port traffic that matches one or more VLAN rules. How Mobile Port Traffic that Does Not Match any VLAN Rules is Classified page 6-14 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 121 VPA again. VPAs created from occasional network users Appropriate for devices that only send occa- (e.g., laptop) are not unnecessarily retained. sional traffic. How Mobile Port VLAN Assignments Age OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 6-15...
Page 122: Configuring Mobile Port Properties
(e.g., mobile ports with default VLAN enabled or non-mobile, fixed ports). “Understanding Mobile Port Properties” on page 6-13 for an overview and illustrations of how this property affects mobile port behavior. page 6-16 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 123: Enable/Disable Default Vlan Restore
Only mobile ports are eligible for authentication. If enabled, the mobile port participates in the Layer 2 authentication process supported by Alcatel switches. This process restricts switch access at the VLAN level. The user is required to enter a valid login ID and password before gaining membership to a VLAN.
Page 124: Enable/Disable 802.1X Port-Based Access Control
Only mobile ports are eligible for 802.1X port-based access control. If enabled, the mobile port partici- pates in the authentication and authorization process defined in the IEEE 802.1X standard and supported by Alcatel switches. For more information, see Chapter 19, “Configuring 802.1X.”...
Page 125: Chapter 24 Diagnosing Switch Problems
Mobile port traffic is filtered for the VPA; only traffic received on the port that matches VLAN rules is forwarded. Occurs when a mobile port’s VLAN is administratively disabled or the port’s default VLAN status is disabled. Does not apply to fixed ports. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 6-19...
Page 126: Understanding 'Show Vlan Port Mobile' Output
Another example of the output for the show vlan port mobile command is also given in “Sample VLAN Port Assignment” on page 6-3. For more information about the resulting display from this command, see the OmniSwitch CLI Reference Guide. page 6-20 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 127: Chapter 7 Defining Vlan Rules
For information about creating and managing VLANs, see Chapter 4, “Configuring VLANs.” For information about enabling port mobility and defining mobile port properties, see Chapter 6, “Assign- ing Ports to VLANs.” OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 7-1...
Page 128: Defining Vlan Rules
802.1Q tagged fixed ports. Link aggregate ports. CLI Command Prefix Recognition All VLAN management commands support prefix recognition. See the “Using the CLI” chapter in the OmniSwitch 6624/6648 Switch Management Guide for more information. VLAN Rules Defaults Parameter Description Command...
Page 129: Sample Vlan Rule Configuration
For example: -> show vlan rules Legend: type: * = binding rule type vlan rule -----------------+------+------------------------------------------------------- ip-net 21.0.0.0, 255.0.0.0 protocol ipx-e2 mac-ip-port* 1500 00:da:95:00:ce:3f, 21.0.0.43, 3/10 dhcp-mac-range 00:da:95:00:59:10, 00:da:95:00:59:9f OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 7-3...
Page 130: Vlan Rules Overview
“Port Rules” on page 7-7 Use the show vlan rules command to display a list of rules already configured on the switch. For more information about this command, refer to the OmniSwitch CLI Reference Guide. page 7-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 131: Dhcp Rules
IP address as part of the rule, similar to IP network address rule defini- tions. The following DHCP rule types are available: DHCP MAC Address • DHCP MAC Range • DHCP Port • DHCP Generic • OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 7-5...
Page 132: Binding Rules
Service Access Protocol (DSAP/SSAP) header values, or a Sub-network Access Protocol (SNAP) type. Note that specifying a SNAP protocol type restricts classification of mobile port traffic to the ethertype value found in the IEEE 802.2 SNAP LLC frame header. page 7-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 133: Custom (User Defined) Rules
VLAN assignments that are defined using port rules are exempt from the port’s default VLAN restore status. See Chapter 6, “Assigning Ports to VLANs,” for more information regarding a port’s default VLAN restore status and other mobile port properties. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 7-7...
Page 134: Understanding Vlan Rule Precedence
VLAN. The frame is then compared to other rules of lower precen- dence in the table or carried on the mobile port’s default VLAN (if the mobile port’s default VLAN is enabled) if the frame does not match any other VLAN rules. page 7-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 135 VLAN. tocol do not match. Frame only contains a matching Frame is allowed; its source is port and/or protocol; source MAC not assigned to the rule’s VLAN. address does not match. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 7-9...
Page 136 Frame source is assigned to the MAC address. rule’s VLAN. 13. MAC Range Frame contains a source MAC Frame source is assigned to the address that falls within a specified rule’s VLAN. range of MAC addresses. page 7-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 137: Configuring Vlan Rule Definitions
Authenticated VLANs (AVLANs). However, these rules are not active until the avlan port-bound command is issued for the AVLAN. Note that these rules only apply to traffic received on authenti- cated ports. See Chapter 18, “Configuring Authenticated VLANs,” for more information. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 7-11...
Page 138: Defining Dhcp Mac Address Rules
DHCP MAC range rule described in the next section. Use the no form of the vlan dhcp mac command to remove a DHCP MAC address rule. -> vlan 255 no dhcp mac 00:00:da:59:0c:11 page 7-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 139: Defining Dhcp Mac Range Rules
-> vlan 255 dhcp port 4/1-5 5/12-20 6/10-15 Use the no form of the vlan dhcp port command to remove a DHCP port rule. -> vlan 255 no dhcp port 2/10-12 3/1-5 6/1-9 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 7-13...
Page 140: Defining Dhcp Generic Rules
Note that MAC-port-IP, MAC-port-Protocol, MAC-port, and port-IP binding rules are also supported on Authenticated VLANs (AVLANs). See Chapter 18, “Configuring Authenticated VLANs,” for more infor- mation. The following subsections provide information about how to define each of the binding rule types. page 7-14 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 141: How To Define A Mac-Port-Ip Address Binding Rule
-> vlan 455 no binding mac-port-protocol 00:00:20:11:4a:29 dsapssap 04/04 Note that this binding rule type is also supported on AVLANs. See Chapter 18, “Configuring Authenti- cated VLANs,” for more information. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 7-15...
Page 142: How To Define A Mac-Port Binding Rule
IP subnet address parameter value to identify which rule to remove. -> vlan 1502 no binding ip-port 172.16.6.4 Note that this binding rule type is also supported on AVLANs. See Chapter 18, “Configuring Authenti- cated VLANs,” for more information. page 7-16 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 143: How To Define A Port-Protocol Binding Rule
If dealing with a large number of MAC addresses, consider using MAC address range rules described in the next section. Use the no form of the vlan mac command to remove a MAC address rule. -> vlan 255 no mac 00:00:da:59:0c:11 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 7-17...
Page 144: Defining Mac Range Rules
Each class includes a range of IP addresses. The range an IP network address belongs to determines the default class for the IP network when a subnet mask is not specified. page 7-18 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 145: Defining Ipx Network Address Rules
IPX network address rule. Note that it is only necessary to specify the IPX network address to identify which rule to remove: -> vlan 1220 no ipx 250c OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 7-19...
Page 146: Defining Protocol Rules
IEEE 802.2 SNAP LLC frame header. Use the no form of the vlan protocol command to remove a protocol rule. -> vlan 1504 no protocol dsapssap f0/f0 page 7-20 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 147: Defining Custom (User) Rules
Note that it is possible to define a port rule for a non-mobile (fixed, untagged) port, however, the rule is not active until mobility is enabled on the port. Use the no form of the vlan port command to remove a port rule. -> vlan 755 no port 2/3 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 7-21...
Page 148: Application Example: Dhcp Rules
DHCP Relay functionality in external Router 2 to obtain their IP addresses from the DHCP server in the Branch VLAN. Both DHCP servers are assigned to their VLANs through IP network address rules. page 7-22 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 149 Branch VLAN DHCP Port Rule DHCP Client 6 Branch VLAN DHCP Port Rule DHCP Client 7 Branch VLAN DHCP MAC Address Rule DHCP Client 8 Branch VLAN DHCP MAC Address Rule OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 7-23...
Page 150 . With DHCP Relay enabled, this VLAN router can provide connectivity between the server in the Branch and the DHCP VLAN DHCP clients in the Production VLAN DHCP Port and MAC Rule Application Example page 7-24 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 151: Verifying Vlan Rule Configuration
For more information about the resulting display from this command, see the OmniSwitch CLI Reference Guide. An example of the output for the show vlan rules command is also given in “Sample VLAN Rule Configuration” on page 7-3. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 7-25...
Page 152 Verifying VLAN Rule Configuration Defining VLAN Rules page 7-26 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 153: Using Interswitch Protocols
8 Using Interswitch Protocols Alcatel Interswitch Protocols (AIP) are used to discover adjacent switches and retain mobile port informa- tion across switches. The following protocols are supported: Alcatel Mapping Adjacency Protocol (AMAP), which is used to discover the topology of •...
Page 154: Chapter 8 Using Interswitch Protocols
Command Default GMAP status gmap Disabled Gap time interval gmap gap time 133 milliseconds Update time interval gmap update time 300 seconds Hold time gmap hold time 4320 minutes (72 hours) page 8-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 155: Amap Overview
AMAP Overview AMAP Overview The Alcatel Mapping Adjacency Protocol (AMAP) is used to discover the topology of OmniSwitches or Omni S/Rs in a particular installation. Using this protocol, each switch determines which OmniSwitches or Omni S/Rs are adjacent to it by sending and responding to Hello update packets. For the purposes of...
Page 156: Discovery Transmission State
Hello packet in reply. If a port transitions to the passive reception state, any remote switch entries for that port are deleted. page 8-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 157: Common Transmission And Remote Switches
To change the discovery timeout interval, use either of these forms of the command with the desired value (any value between 1 and 65535). Note that use of the time command keyword is optional. For example: -> amap discovery 60 -> amap discovery time 60 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 8-5...
Page 158: Configuring The Amap Common Timeout Interval
Remote Host Description = Switch C Remote Host Base MAC = 00:20:da:99:96:60 Local Interface = 5/1, VLAN = 1 Remote Interface = 1/8, VLAN = 7 Remote IP Address Configured = 1 192.206.184.20 page 8-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 159 Local interface 5/1 OmniSwitch 7800 Remote Switch C Local Remote interface 1/8 0020da:999660 interface Remote interface 2/8 Remote interface 4/8 See the OmniSwitch CLI Reference Guide for information about the show amap command. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 8-7...
Page 160: Gmap Overview
To display whether or not GMAP is active or inactive, enter the following command: -> show gmap To activate GMAP on the switch, enter the following command: -> gmap enable To deactivate GMAP on the switch, enter the following command: -> gmap disable page 8-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 161: Configuring The Gmap Gap Time Interval
To change the updatetime interval, use either of these forms of the command with the desired value (any value between 1 and 65535). Note that use of the time command keyword is optional. For example: -> gmap update 1200 -> gmap update time 60 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 8-9...
Page 162: Configuring The Gmap Hold Time
VLAN Src Switch ID Timeout(sec) --------------+---------+------+--------------+------------ 000502:c07f11 1809B 0020da:ecc770 3536 0020da:ecc770 3536 00105a:1873b9 1809B 0020da:ecc770 3536 0020da:ecc770 3536 See the OmniSwitch CLI Reference Guide for information about the show gmap command. page 8-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 163: Chapter 9 Configuring 802.1Q
For information on creating and managing VLANs, see Chapter 4, “Configuring VLANs.” For information on creating and managing link aggregation groups, see Chapter 10, “Configuring Static Link Aggregation” Chapter 11, “Configuring Dynamic Link Aggregation.” OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 9-1...
Page 164: 802.1Q Specifications
The following table shows the default settings of the configurable 802.1Q parameters. 802.1Q Defaults Parameter Description Command Default Value/Comments What type of frames accepted vlan 802.1q frame type Both tagged and untagged frames are accepted page 9-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 165: 802.1Q Overview
802.1Q Overview 802.1Q Overview Alcatel’s 802.1Q is an IEEE standard for sending frames through the network tagged with VLAN identifi- cation. This chapter details procedures for configuring and monitoring 802.1Q tagging on a single port in a switch or a link aggregation group in a switch.
Page 166 The procedures below use CLI commands that are thoroughly described in “802.1Q Commands” of the OmniSwitch CLI Reference Guide. Note. 802.1Q on the OmniSwitch 6624 and 6648 do not have the “force tag internal” feature, available on other OmniSwitch products.
Page 167: Configuring An 802.1Q Vlan
The VLAN used to handle traffic on the tagged port must be created prior to using the vlan 802.1q command. Creating a VLAN is described in Chapter 4, “Configuring VLANs.” For more specific information, see the vlan 802.1q command section in the OmniSwitch CLI Reference Guide. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 9-5...
Page 168: Enabling Tagging With Link Aggregation
Note. The link aggregation group must be created first before it can be set to use 802.1Q tagging For more specific information, see the vlan 802.1q command section in the OmniSwitch CLI Reference Guide. page 9-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 169: Configuring The Frame Type
Note. You cannot configure a link aggregation group to accept only tagged frames. For more specific information, see the vlan 802.1q frame type command section in the OmniSwitch CLI Reference Guide. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 9-7...
Page 170: Show 802.1Q Information
TAG PORT 3/4 VLAN 2 -> show 802.1q 2 Tagged VLANS Internal Description -------------+-------------------------------------------------+ TAG AGGREGATE 2 VLAN 3 To display all VLANs, enter the following command: -> show vlan port page 9-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 171: Application Example
Check the configuration using the show 802.1q command, as follows: -> show 802.1q 1/1 Acceptable Frame Type Any Frame Type Force Tag Internal Tagged VLANS Internal Description -------------+-------------------------------------------------+ TAG PORT 1/1 VLAN 2 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 9-9...
Page 172 3 802.1q 5 as shown below: -> vlan 3 802.1q 5 Check the configuration using the show 802.1q command, as follows: -> show 802.1q 5 Tagged VLANS Internal Description -------------+-------------------------------------------------+ TAG AGGREGATE 5 VLAN 3 page 9-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 173: Verifying 802.1Q Configuration
Displays 802.1Q tagging information for a single port or a link aggrega- tion group. For more information about the resulting display, see Chapter 15, “802.1Q Commands,” in the OmniSwitch CLI Reference Guide. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 9-11...
Page 174 Verifying 802.1Q Configuration Configuring 802.1Q page 9-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 175: Configuring Static Link Aggregation
10 Configuring Static Link Aggregation Alcatel’s static link aggregation software, also known as OmniChannel, allows you to combine several physical links into one large virtual link known as a link aggregation group. Using link aggregation can provide the following benefits: Scalability.
Page 176: Static Link Aggregation Specifications
(composed of up to eight OmniSwitch 6600 Series switches) Maximum number of link aggregation groups per OmniSwitch 6624 or 6600-U24 switch Maximum number of link aggregation groups per OmniSwitch 6648 switch Number of links per group supported on a single...
Page 177: Quick Steps For Configuring Static Link Aggregation
Assign all the necessary ports sequentially (beginning with port number 1, 9, 17, or 25 on the OmniSwitch 6624 and 6600-U24 or beginning with port number 1, 9, 17, 25, 33, 41, 49, or 51 on the OmniSwitch 6648) to the static link aggregation group on the local switch with the static agg agg num command.
Page 178 -> static agg 1/9 agg num 1 -> static agg 1/10 agg num 1 -> static agg 1/11 agg num 1 -> static agg 1/12 agg num 1 -> vlan 10 port default 1 page 10-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 179: Static Link Aggregation Overview
You can create up to 4 link aggregation (both static and dynamic) groups on a single OmniSwitch 6624 or 6600-U24 switch, up to 8 link aggregation groups on a single 6648 switch, and up to 30 link aggregation groups per stack.
Page 180: Relationship To Other Features
Spanning Tree. For more information on Spanning Tree see Chapter 5, “Configuring Spanning Tree • Parameters.” Note. See “Application Example” on page 10-14 for tutorials on using link aggregation with other features. page 10-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 181: Configuring Static Link Aggregation Groups
Configuring Static Link Aggregation Configuring Static Link Aggregation Groups Configuring Static Link Aggregation Groups This section describes how to use Alcatel’s Command Line Interface (CLI) commands to configure static link aggregate groups. See “Configuring Mandatory Static Link Aggregate Parameters” on page 10-7 more information.
Page 182: Creating And Deleting A Static Link Aggregate Group
-> static linkagg 5 size 8 You can create up to 4 link aggregation (both static and dynamic) groups on a single OmniSwitch 6624 or 6600-U24 switch, up to 8 link aggregation groups on a single 6648 switch, and up to 30 link aggregation groups per stack Note.
Page 183: Adding And Deleting Ports In A Static Aggregate Group
In addition, ports must be assigned sequentially and the first port configured must begin with port number 1, 9, 17, or 25 on an OmniSwitch 6624 and 6600-U24 or 1, 9, 17, 25, 33, 41, 49, or 51 on an OmniSwitch 6648.
Page 184 OmniSwitch 6624 CONSOLE EXPANSION EXPANSION/STACKING TEMP LINK/ACT LINK/ACT LINK/ACT LINK/ACT Size = 4 OmniSwitch 6624 CONSOLE EXPANSION EXPANSION/STACKING TEMP LINK/ACT LINK/ACT LINK/ACT LINK/ACT Size = 8 OmniSwitch 6624/6600-U24 Valid Port Assignment Locations page 10-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 185 TEMP LINK/ACT LINK/ACT LINK/ACT LINK/ACT Size = 4 OmniSwitch 6648 LINK/ACT LINK/ACT LINK/ACT LINK/ACT CONSOLE EXPANSION/STACKING EXPANSION TEMP LINK/ACT LINK/ACT LINK/ACT LINK/ACT Size = 8 OmniSwitch 6648 Valid Port Assignment Locations OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 10-11...
Page 186: Removing Ports From A Static Aggregate Group
Configuring Static Link Aggregation Groups Configuring Static Link Aggregation On an OmniSwitch 6624 or 6600-U24 you must install either an OS6600-GNI-C2 or OS6600-GNI-U2 expansion module in the left-hand expansion slot before you can use ports 25 and 26 for link aggregation and you must install either an OS6600-GNI-C2 or OS6600-GNI-U2 expansion module in the right-hand expansion/stacking slot before you can use ports 27 and 28 for link aggregation.
Page 187: Modifying Static Aggregation Group Parameters
To disable a static aggregate group by entering static linkagg followed by the number of the group and admin state disable. For example, to disable static aggregate group 1 you would enter: -> static linkagg 1 admin state disable OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 10-13...
Page 188: Application Example
Create VLAN 8 by entering: -> vlan 8 Configure 802.1Q tagging with a tagging ID of 8 on static aggregate group 1 (on VLAN 8) by entering: -> vlan 8 802.1q 1 page 10-14 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 189 Repeat steps 1 through 4 on Switch B. All the commands would be the same except you would substi- tute the appropriate port numbers. Note. Optional. Use the show 802.1q command to display 802.1Q configurations. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 10-15...
Page 190: Displaying Static Link Aggregation Configuration And Statistics
Port position in the aggregate : 0, Primary port : NONE Note. See the “Link Aggregation Commands” chapter in the OmniSwitch CLI Reference Guide for complete documentation of show commands for link aggregation. page 10-16 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 191: Configuring Dynamic Link Aggregation
11 Configuring Dynamic Link Aggregation Alcatel’s dynamic link aggregation software allows you to combine several physical links into one large virtual link known as a link aggregation group. Using link aggregation can provide the following benefits: Scalability. You can configure up to 30 link aggregation groups that can consist of 2, 4, or 8 on a •...
Page 192: Dynamic Link Aggregation Specifications
All dynamic link aggregation configuration com- mands support prefix recognition. (Dynamic link aggregation show commands do not support prefix recognition.) See the “Using the CLI” chapter in the OmniSwitch 6624/6648 Switch Management Guide for more information. page 11-2 OmniSwitch 6624/6648 Network Configuration Guide...
Page 193: Dynamic Link Aggregation Default Values
Actor Port Priority lacp agg actor port priority Partner Port Administrative Port lacp agg partner admin port Partner Port Priority lacp agg partner admin port priority OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 11-3...
Page 194: Quick Steps For Configuring Dynamic Link Aggregation
Configure ports (the number of ports should be less than or equal to the size value set in Step 1) in sequential order (beginning with port number 1, 9, 17, or 25 on the OmniSwitch 6624 and 6600-U24 or beginning with port number 1, 9, 17, 25, 33, 41, 49, or 51 on the OmniSwitch 6648) with the same actor...
Page 195 -> lacp agg 1/5 actor admin key 2 -> lacp agg 1/6 actor admin key 2 -> lacp agg 1/7 actor admin key 2 -> lacp agg 1/8 actor admin key 2 -> vlan 2 port default 2 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 11-5...
Page 196 -> lacp agg 2/13 actor admin key 2 -> lacp agg 2/14 actor admin key 2 -> lacp agg 2/15 actor admin key 2 -> lacp agg 2/16 actor admin key 2 -> vlan 2 port default 2 page 11-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 197: Dynamic Link Aggregation Overview
You can create up to 4 link aggregation (both dynamic and static) groups on a single OmniSwitch 6624 or 6600-U24 switch, up to 8 link aggregation groups on a single 6648 switch, and up to 30 link aggregation groups per stack.
Page 198 Line Interface (CLI) commands to configure dynamic aggregate groups and see “Displaying Dynamic Link Aggregation Configuration and Statistics” on page 11-36 for information on using the CLI to moni- tor dynamic aggregate groups. page 11-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 199: Relationship To Other Features
Spanning Tree. For more information on Spanning Tree see Chapter 5, “Configuring Spanning Tree • Parameters.” Note. See “Application Examples” on page 11-32 for tutorials on using link aggregation with other features. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 11-9...
Page 200: Configuring Dynamic Link Aggregate Groups
Configuring Dynamic Link Aggregate Groups Configuring Dynamic Link Aggregation Configuring Dynamic Link Aggregate Groups This section describes how to use Alcatel’s Command Line Interface (CLI) commands to create, modify, and delete dynamic aggregate groups. See “Configuring Mandatory Dynamic Link Aggregate Parame- ters”...
Page 201: Creating And Deleting A Dynamic Aggregate Group
-> lacp linkagg 2 size 8 You can create up to 4 link aggregation (both dynamic and static) groups on a single OmniSwitch 6624 or 6600-U24 switch, up to 8 link aggregation groups on a single 6648 switch, and up to 30 link aggregation groups per stack.
Page 202: Configuring Ports To Join And Removing Ports In A Dynamic Aggregate Group
In addition, ports must be configured sequentially and the first port configured must begin with port number 1, 9, 17, or 25 on an OmniSwitch 6624 and 6600-U24 or 1, 9, 17, 25, 33, 41, 49, or 51 on an OmniSwitch 6648.
Page 203 OmniSwitch 6624 CONSOLE EXPANSION EXPANSION/STACKING TEMP LINK/ACT LINK/ACT LINK/ACT LINK/ACT Size = 4 OmniSwitch 6624 CONSOLE EXPANSION EXPANSION/STACKING TEMP LINK/ACT LINK/ACT LINK/ACT LINK/ACT Size = 8 OmniSwitch 6624/6600-U24 Valid Port Configuration Locations OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 11-13...
Page 204 TEMP LINK/ACT LINK/ACT LINK/ACT LINK/ACT Size = 4 OmniSwitch 6648 LINK/ACT LINK/ACT LINK/ACT LINK/ACT CONSOLE EXPANSION/STACKING EXPANSION TEMP LINK/ACT LINK/ACT LINK/ACT LINK/ACT Size = 8 OmniSwitch 6648 Valid Port Configuration Locations page 11-14 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 205 Configuring Dynamic Link Aggregation Configuring Dynamic Link Aggregate Groups On an OmniSwitch 6624 or 6600-U24 you must install either an OS6600-GNI-C2 or OS6600-GNI-U2 expansion module in the left-hand expansion slot before you can use ports 25 and 26 for link aggregation and you must install either an OS6600-GNI-C2 or OS6600-GNI-U2 expansion module in the right-hand expansion/stacking slot before you can use ports 27 and 28 for link aggregation.
Page 206: Removing Ports From A Dynamic Aggregate Group
The following is an example of how to delete ports in the proper sequence from the console -> lacp agg no 4/24 -> lacp agg no 4/23 -> lacp agg no 4/22 page 11-16 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 207: Modifying Dynamic Link Aggregate Group Parameters
The table on page 11-3 lists default group and port settings for Alcatel’s dynamic link aggregation soft- ware. These parameters ensure compliance with the IEEE 802.3ad specification. For most networks, these default values do not need to be modified or will be modified automatically by switch software. However,...
Page 208: Modifying The Dynamic Aggregate Group Administrative State
0 through 65535. For example, to configure dynamic aggregate group 4 with an administrative key of 10 you would enter: -> lacp linkagg 4 actor admin key 10 page 11-18 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 209: Modifying The Dynamic Aggregate Group Actor System Priority
(in the hexadecimal format of xx:xx:xx:xx:xx:xx), which is used as the system ID. For example, to configure the system ID on dynamic aggregate group 4 as 00:20:da:81:d5:b0 you would enter: -> lacp linkagg 4 actor system id 00:20:da:81:d5:b0 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 11-19...
Page 210: Modifying The Dynamic Aggregate Group Partner Administrative Key
To restore the dynamic aggregate group partner system priority to its default (i.e., 0) value use the no form of the lacp linkagg partner system priority command by entering lacp linkagg followed by the dynamic aggregate group number and no partner system priority. page 11-20 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 211: Modifying The Dynamic Aggregate Group Partner System Id
All of the commands to modify actor port parameters allow you to add the ethernet, fastethernet, and gigaethernet keywords before the slot and port number to document the interface type or make the command look consistent with early-generation Alcatel CLI syntax. However, these keywords do not modify a port’s configuration. See Chapter 1, “Configuring Ethernet Ports,”...
Page 212: Modifying The Actor Port System Administrative State
Specifying this keyword has no effect because the system always deter- mines its value. When this bit (bit 6) is set by the system, it indicates that the actor is using defaulted partner information administratively configured for the partner. page 11-22 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 213: Modifying The Actor Port System Id
You can configure the actor port system ID by entering lacp agg, the slot number, a slash (/), the port number, actor system id, and the user specified actor port system ID (i.e., MAC address) in the hexadeci- mal format of xx:xx:xx:xx:xx:xx. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 11-23...
Page 214: Modifying The Actor Port System Priority
(/), the port number, and no actor system priority. For example, to remove a user-configured system priority from dynamic aggregate actor port 5 in slot 2 you would enter: -> lacp agg 2/5 no actor system priority page 11-24 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 215: Modifying The Actor Port Priority
(/), the port number, and no actor port priority. For example, to remove a user-configured actor priority from dynamic aggregate actor port 1 in slot 2 you would enter: -> lacp agg 2/1 no actor port priority OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 11-25...
Page 216: Modifying Dynamic Aggregate Partner Port Parameters
All of the commands to modify partner port parameters allow you to add the ethernet, fastethernet, and gigaethernet keywords before the slot and port number to document the interface type or make the command look consistent with early-generation Alcatel CLI syntax. However, these keywords do not modify a port’s configuration. See Chapter 1, “Configuring Ethernet Ports,”...
Page 217 For example, to restore bits 0 (active) and 2 (aggregate) to their default settings on dynamic aggregate partner port 1 in slot 7 you would enter: -> lacp agg 7/1 partner admin state no active no aggregate OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 11-27...
Page 218: Modifying The Partner Port Administrative Key
00:00:00:00:00:00. The following subsections describe how to configure a user-specified value and how to restore the value to its default value with the lacp agg partner admin system id command. page 11-28 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 219: Modifying The Partner Port System Priority
CLI syntax. For example, to modify the administrative priority of dynamic aggregate partner port 49 in slot 4 to 100 and specify that the port is a Gigabit Ethernet port you would enter: -> lacp agg gigaethernet 4/49 partner admin system priority 100 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 11-29...
Page 220: Modifying The Partner Port Administrative Status
To configure the partner port priority to a value ranging from 0 to 255 by entering lacp agg, the slot number, a slash (/), the port number, partner admin port priority, and the user-specified partner port priority. page 11-30 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 221 (/), the port number, and no partner admin port priority. For example, to remove a user-configured partner port priority from dynamic aggregate partner port 3 in slot 4 you would enter: -> lacp agg 4/3 no partner admin port priority OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 11-31...
Page 222: Application Examples
Note. Although you would need to configure both the local (i.e., Switch A) and remote (i.e., Switches B and C) switches, only the steps to configure the local switch are provided since the steps to configure the remote switches are not significantly different. page 11-32 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 223: Link Aggregation And Spanning Tree Example
-> bridge 10 5 mode priority 15 Repeat steps 1 through 5 on Switch B. All the commands would be the same except you would substi- tute the appropriate port numbers. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 11-33...
Page 224: Link Aggregation And Qos Example
8 and 9 above by entering: -> policy rule vlan12_rule enable condition vlan12_condition action vlan12_action Enable your 802.1p QoS settings by entering qos apply as shown below: -> qos apply page 11-34 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 225 Repeat steps 1 through 9 on Switch C. All the commands would be the same except you would substi- tute the appropriate port numbers. Note. If you do not use the qos apply command any QoS policies you configured will be lost on the next switch reboot. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 11-35...
Page 226: Displaying Dynamic Link Aggregation Configuration And Statistics
For example, to display detailed statistics for port 1 in slot 2 that is attached to dynamic link aggregate group 1 you would enter: -> show linkagg port 2/1 page 11-36 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 227 Partner Admin State : act0.tim0.agg1.syn1.col1.dis1.def1.exp0, Partner Oper State : act0.tim0.agg1.syn0.col1.dis1.def1.exp0 Note. See the “Link Aggregation Commands” chapter in the OmniSwitch CLI Reference Guide for complete documentation of show commands for link aggregation. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 11-37...
Page 228 Displaying Dynamic Link Aggregation Configuration and Statistics Configuring Dynamic Link Aggregation page 11-38 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 229: Chapter 12 Configuring Ip
Open Shortest Path First (OSPF). For more information on these protocols see Chapter 13, “Configuring RIP,” in this manual; or “Configuring OSPF” in the OmniSwitch 6624/6648 Advanced Routing Configura- tion Guide. In This Chapter This chapter describes IP and how to configure it through the Command Line Interface (CLI). It includes instructions for enabling IP forwarding, as well as basic IP configuration commands (e.g.,...
Page 230: Ip Specifications
Using only IP, which is always enabled on the switch, devices connected to ports on the same VLAN are able to communicate at Layer 2. The initial configuration for all Alcatel switches consists of a default VLAN 1. All switch ports are initially assigned to this VLAN. When another switch is added (stacked), all of that switch’s ports are also assigned to VLAN 1.
Page 231: Ip Overview
But some applications can safely use UDP to send datagrams that do not require the extra overhead added by TCP. For more information on UDP, see Chapter 15, “Configuring DHCP Relay.” OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 12-3...
Page 232: Application-Layer Protocols
SNMP agents on an IP network. Network administrators use SNMP to monitor network perfor- mance and manage network resources. For more information, see the “Using SNMP” chapter in the OmniSwitch 6624/6648 Switch Management Guide. Telnet—Used for remote connections to a device. You can telnet to a switch and configure the switch •...
Page 233: Ip Forwarding
Note. Router port IP addresses must be unique. You cannot have two router ports with the same IP address. For more information on VLANs and router ports, see Chapter 4, “Configuring VLANs.” OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 12-5...
Page 234: Creating A Static Route
0.0.0.0, and the IP address of the next hop (gateway). For example, to create a default route through gateway 171.11.2.1 you would enter: -> ip static-route 0.0.0.0 mask 0.0.0.0 gateway 171.11.2.1 page 12-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 235: Configuring Address Resolution Protocol (Arp)
Note. Because most hosts support the use of address resolution protocols to determine and cache address information (called dynamic address resolution), you generally do not need to specify permanent ARP entries. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 12-7...
Page 236: Deleting A Permanent Entry From The Arp Table
The switch uses the MAC Address table timeout value as the ARP timeout value. Use the mac-address-table aging-time command to set the timeout value. page 12-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 237: Ip Configuration
TTL value of 75, you would enter: -> ip default-ttl 75 The default hop count is 64. The valid range is 1 to 255. Use the show ip config command to display the default TTL value. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 12-9...
Page 238: Ip-Directed Broadcasts
SNMP trap. Decay value. A decay value is set. The running penalty total is divided by the decay value every • minute. page 12-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 239 Threshold = 2000 Decay = 25 10 TCP closed port packets Do Not Generate DoS Attack Warning 10 UDP closed port packets OmniSwitch 6648 Trap Minute 1 Penalty Total = 100 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 12-11...
Page 240 For example, to assign a penalty value of 10 to TCP/UDP packets destined for closed ports, enter the following: -> ip dos scan udp open-port-penalty 10 page 12-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 241: Enabling/Disabling Ip Services
To enable or disable more than one service in a single command line, enter each service name separated by a space. For example, the following command enables the telnet, ftp, and snmp service ports: -> ip service telnet ftp snmp OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 12-13...
Page 242 The following table lists ip service command options for specifying TCP/UDP services and also includes the well-known port number associated with each service: service port telnet http secure-http avlan-http avlan-secure-http avlan-telnet udp-relay network-time snmp proprietary 1024 proprietary 1025 page 12-14 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 243: Managing Ip
Time-Exceeded Message—Sent by the switch if an IP packet’s TTL field reaches zero. The TTL field • prevents packets from continuously circulating the internetwork if the internetwork contains a routing loop. Once a packet’s TTL field reaches 0, the switch discards the packet. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 12-15...
Page 244 (obsolete) information reply (obsolete) address mask request address mask reply page 12-16 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 245 For example: -> icmp messages enable To disable all ICMP messages, enter the same command with the disable keyword. For example: -> icmp messages enable OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 12-17...
Page 246: Icmp Control Table
The ICMP Statistics Table displays ICMP statistics and errors. This data can be used to monitor and trou- bleshoot IP on the switch. Use the show icmp statistics command to display the table. page 12-18 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 247: Using The Ping Command
10 you would enter: -> traceroute 172.22.2.115 max-hop 10 Displaying TCP Information Use the show tcp statistics command to display TCP statistics. Use the show tcp ports command to display TCP port information. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 12-19...
Page 248: Displaying Udp Information
Displays the statistics on detected port scans for the switch. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. page 12-20 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 249: Chapter 13 Configuring Rip
– Configuring RIP Redistribution Policies (see page 13-10) – Configuring RIP Redistribution Filters (see page 13-10) RIP Security • – Configuring Authentication Type (see page 13-14) – Configuring Passwords (see page 13-15) OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 13-1...
Page 250: Rip Specifications
Redistribution Filter Metric ip rip redist-filter metric Redistribution Filter Control ip rip redist-filter redist-control all-subnets Redistribution Filter Route Tag ip rip redist-filter route-tag RIP Interface Authentication ip rip interface auth-type none page 13-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 251: Quick Steps For Configuring Rip Routing
Enable the RIP interface using the ip rip interface status command. For example: -> ip rip interface 171.11.1.1 status enable Enable redistribution of local routes on the switch using the ip rip redist command. For example: -> ip rip redist local OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 13-3...
Page 252: Rip Overview
Open Shortest Path First (OSPF)—An IGP that provides a routing function similar to RIP but uses • different techniques to determine the best route for a datagram. OSPF is part of Alcatel’s optional Advanced Routing Software. For more information see the “Configuring OSPF” chapter in the OmniSwitch 6624/6648 Advanced Routing Configuration Guide.
Page 253: Rip Version 2
VLAN 2, and a physical connection has been made between the switches. Therefore, workstations connected to VLAN 1 on Switch 1 can communicate with workstations connected to VLAN 3 on Switch 2. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 13-5...
Page 254: Loading Rip
-> ip rip status enable Use the ip rip status disable command to disable RIP routing on the switch. Use the show ip rip command to display the current RIP status. page 13-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 255: Creating A Rip Interface
Only RIPv2 broadcast packets (not multicast) will be sent by the switch. • none. Interface will not forward RIP packets. • The default RIP send option is v2. Use the show ip rip interface command to display the current interface send option. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 13-7...
Page 256: Configuring The Rip Interface Receive Option
-> ip rip route-tag 1 The valid route tag value range is 1 to 2147483647. The default is 0. Use the show ip rip command to display the current route tag value. page 13-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 257: Rip Options
RIP. Basically, redistribution makes a non-RIP route look like a RIP route. Configuring RIP redistribution consists of the following tasks: Enabling RIP Redistribution Configuring a RIP Redistribution Policy OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 13-9...
Page 258: Enabling Rip Redistribution
Note. If you are configuring more than one route type, you must repeat the command for each one. Use the show ip rip redist command to display the status of RIP policies. page 13-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 259: Configuring A Redistribution Metric
Note. You must first configure a redistribution policy before configuring a filter for a route type. See “Configuring a RIP Redistribution Policy” on page 13-10 for information on configuring redistribution policies. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 13-11...
Page 260: Creating A Redistribution Filter
For example, if you wanted to redistribute all OSPF routes to the 172.22.0.0 network except routes to subnetwork 3 you would used the following commands: -> ip rip redist-filter ospf 172.22.0.0 255.255.0.0 effect permit -> ip rip redist-filter ospf 172.22.3.0 255.255.255.0 effect deny page 13-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 261: Configuring A Redistribution Filter Metric
For example, if you wanted to configure a route tag value of 1 for OSPF routes to the 172.22.0.0 network you would enter: -> ip rip redist-filter ospf 172.22.0.0 255.255.0.0 route-tag 1 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 13-13...
Page 262: Rip Security
For example, to configure RIP interface 172.22.2.115 for simple authentication you would enter: -> ip rip interface 172.22.2.115 auth-type simple To configure RIP interface 172.22.2.115 for MD5 authentication you would enter: -> ip rip interface 172.22.2.115 md5 auth-type md5 page 13-14 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 263: Configuring Passwords
Displays general RIP redistribution parameters. show ip rip redist-filter Displays currently-configured RIP redistribution filters. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 13-15...
Page 264 Verifying the RIP Configuration Configuring RIP page 13-16 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 265: 14 Configuring Rdp
“Defining the Advertisement Interval” on page 14-9. • “Setting the Advertisement Lifetime” on page 14-10. • “Setting the Preference Levels for Router IP addresses” on page 14-10. • “Verifying the RDP Configuration” on page 14-11. • OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 14-1...
Page 266: Rdp Specifications
(3 * maximum advertisement interval) considered valid ment-lifetime Preference level for IP addresses ip router-discovery contained in an advertisement packet interface preference- level page 14-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 267: Quick Steps For Configuring Rdp
To verify the configuration for a specific RDP interface, specify the interface IP address when using the show ip router-discovery interface command. The display is similar to the one shown below. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 14-3...
Page 268 = 1800 secs, Preference Level = 0x0, #Packets sent = 3, #Packets received = 0, For more information about this command, refer to the “RDP Commands” chapter in the OmniSwitch CLI Reference Guide. page 14-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 269: Rdp Overview
ICMP messages on Network 17.0.0.0. RDP enabled routers RS-1 and RS-2 pick up these packets on their RDP interfaces 1/1 and 1/2 and respond with router advertisement ICMP messages. RS-1 and RS-2 also periodically send out router advertisements on their RDP interfaces. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 14-5...
Page 270: Rdp Interfaces
See “Defining the Advertisement Interval” on page 14-9 “Setting the Advertisement Life- time” on page 14-10 for more information. page 14-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 271: Security Concerns
Chapter 21, “Configuring QoS,” for more information about DoS attacks.) Note. Security concerns associated with using RDP are generic to the feature as defined in RFC 1256 and not specific to this implementation. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 14-7...
Page 272: Enabling/Disabling Rdp
Advertisement time interval defined by Maximum = 600 seconds maximum and minimum values. Minimum = 450 seconds (0.75 * maximum value) Advertisement lifetime. 1800 seconds (3 * maximum value) Router IP address preference level. page 14-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 273: Specifying An Advertisement Destination Address
Make sure that the value specified with this command is less than the current maximum advertisement interval value. By default, this value is set to 0.75 * default maximum interval value (450 seconds if the maximum interval is set to its default value of 600 seconds). OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 14-9...
Page 274: Setting The Advertisement Lifetime
Note that router IP address preference levels are only compared with the preference levels of other routers that exist on the same subnet. Set preference levels low to discourage selection of a specific router. page 14-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 275: Verifying The Rdp Configuration
For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show ip router-discovery and show ip router-discovery interface commands is also given in “Quick Steps for Configuring RDP” on page 14-3. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 14-11...
Page 276 Verifying the RDP Configuration Configuring RDP page 14-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 277: 15 Configuring Dhcp Relay
Setting the Relay Forwarding Option to Standard, Per-VLAN, or AVLAN on page 15-10. • Using automatic IP configuration to obtain an IP address for the switch on page 15-11. • For information about the IP protocol, see Chapter 12, “Configuring IP.” OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 15-1...
Page 278: Dhcp Relay Specifications
Automatic switch IP configuration for ip helper boot-up Disabled default VLAN 1. Automatic switch IP configuration packet ip helper boot-up enable BootP type (BootP or DHCP) page 15-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 279: Quick Steps For Setting Up Dhcp Relay
Forward Delay (seconds) = 15 Max number of hops Forward option = standard Forwarding Address: 128.100.16.1 For more information about this display, see the “DHCP Relay” chapter in the OmniSwitch CLI Reference Guide. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 15-3...
Page 280: Dhcp Relay Overview
Dynamic—DHCP assigns an IP address to a host for a limited period of time (or until the host explic- itly relinquishes the address). Manual—The network administrator assigns a host’s IP address and DHCP simply conveys the assigned address to the host. page 15-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 281: Dhcp And The Omniswitch
Using DHCP Relay with authenticated VLANs and clients also requires relay configuration of the router port address of the authenticated VLAN. See Chapter 18, “Configuring Authenticated VLANs,” for more information about this procedure. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 15-5...
Page 282: External Dhcp Relay Application
The DHCP server will assign a different IP address to each of the clients. The switch does not need an IP address assigned and all DHCP clients will be members of either a default VLAN or an IP protocol VLAN. page 15-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 283: Internal Dhcp Relay
DHCP Relay entity, it will be forwarded from VLAN 3 to VLAN 2. All the DHCP-ready clients in VLAN 3 must be members of the same VLAN, and the switch must have the DHCP Relay function configured. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 15-7...
Page 284: Dhcp Relay Implementation
If an IP address is not specified with this syntax, then all IP helper addresses are deleted. The following command deletes an IP helper address: -> ip helper no address 125.255.17.11 page 15-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 285: Per-Vlan Dhcp
DHCP server. The default values can be accepted for forward delay, hop count, and relay forwarding option. Alternately the relay function may be provided by an external router connected to the switch; in this case, the relay would be configured on the external router. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 15-9...
Page 286: Setting The Forward Delay
By default, the forwarding option is set to standard. To change the forwarding option value, enter ip helper followed by standard, avlan only, or per-vlan only. For example, -> ip helper avlan only -> ip helper standard -> ip helper per-vlan only page 15-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 287: Using Automatic Ip Configuration
DHCP request packet to obtain an IP address for default VLAN 1. To disable automatic IP configuration for the switch, use the ip helper boot-up command with the disable option, as shown below: -> ip helper boot-up disable OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 15-11...
Page 288: Verifying The Dhcp Relay Configuration
Displays the number of packets the DHCP Relay service has received and transmitted, the number of packets dropped due to forward delay and maximum hops violations, and the number of packets processed since the last time these statistics were displayed. page 15-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 289: 16 Configuring Vrrp
• VRRP authentication—see “Configuring VRRP Authentication” on page 16-10. • VRRP traps—see “Setting VRRP Traps” on page 16-12. • Verifying the VRRP configuration—see “Verifying the VRRP Configuration” on page 16-12. • OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 16-1...
Page 290: Vrrp Specifications
Virtual routers are disabled (off). abled Priority priority Preempt mode preempt | no preempt Preempt mode is enabled. Advertising interval advertising] interval 1 second VRRP authentication authenticate | no authenticate Authentication is not enabled. page 16-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 291: Quick Steps For Configuring Vrrp
VRRP trap generation: Enabled Admin VRID VLAN Address(es) Status Priority AuthType Preempt Interval ----+ ----+ -------------+----------+----------+----------+--------+--------- 10.10.2.3 Enabled Simple For more information about this display, see the OmniSwitch CLI Reference Guide. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 16-3...
Page 292: Vrrp Overview
OmniSwitch B will respond to ARP requests for IP address B using the interface’s physical MAC address. It will not respond to ARP requests for IP address A or to the virtual router MAC address. page 16-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 293: Why Use Vrrp
Advertisement Interval is the time interval between VRRP advertisements, and Skew Time is calcu- lated based on the VRRP router’s priority value as follows: Skew Time = (256 - Priority) / 256 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 16-5...
Page 294: Vrrp Mac Addresses
OmniSwitch becomes the master router. For VRRP interfaces, gratuitous ARP requests/responses are delayed at system boot until both the address and the virtual router MAC address are configured. ICMP Redirects ICMP redirects are not sent out over VRRP interfaces. page 16-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 295: Configuration Overview
100. Note that the IP address owner will be automatically assigned a value of 255 if you do not specify the priority. See “Configuring Virtual Router Priority” on page 16-9 for more information about how priority is used. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 16-7...
Page 296: Specifying An Ip Address For A Virtual Router
In this example, virtual router 6 is disabled. (A virtual router must be disabled before IP addresses may be added/removed from the router.) IP address 10.10.2.3 is then removed from the virtual router with the no form of the vrrp ip command. page 16-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 297: Configuring The Advertisement Interval
255 when the router is enabled. To set the priority, use the vrrp command with the priority keyword and the desired value. For example: -> vrrp 6 4 disable -> vrrp 6 4 priority 50 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 16-9...
Page 298: Setting Preemption For Virtual Routers
VRRP header. If the virtual router is configured for authentication, it will also authenticate the packet. (The authentication process is transparent to the user.) page 16-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 299: Enabling/Disabling A Virtual Router
In this example, a virtual router is created on VLAN 3 with a VRID of 7. An IP address is then assigned to the virtual router. The virtual router is then enabled on the switch. OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 300: Setting Vrrp Traps
MIB. By default traps are enabled. In order for VRRP traps to be generated correctly, traps in general must be enabled on the switch through the SNMP CLI. See the OmniSwitch 6624/6648 Switch Management Guide for more information about enabling SNMP traps globally.
Page 301: Vrrp Application Example
Configure the IP addresses for each virtual router. -> vrrp 1 5 ip 10.10.2.250 -> vrrp 2 5 ip 10.10.2.245 Enable the virtual routers. -> vrrp 1 5 enable -> vrrp 2 5 enable OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 16-13...
Page 302 VRRP Application Example Configuring VRRP Note. The same VRRP configuration must be set up on each OmniSwitch 6624/6648 stack. The VRRP router that contains, or owns, the IP address will automatically become the master for that virtual router. If the IP address is a virtual address, the virtual router with the highest priority will become the master router.
Page 303: Managing Authentication Servers
• For information about using servers for authenticating users to manage the switch, see the “Switch Secu- rity” chapter in the OmniSwitch 6624/6648 Switch Management Guide. For information about using servers to retrieve authentication information for Layer 2 Authentication users (authenticated VLANs), see Chapter 18, “Configuring Authenticated VLANs.”...
Page 304: Chapter 17 Managing Authentication Servers
Authenticated Switch Access type CLI Command Prefix Recognition The aaa radius-server and aaa ldap-server commands support prefix recognition. See the “Using the CLI” chapter in the OmniSwitch 6624/6648 Switch Management Guide for more infor- mation. page 17-2 OmniSwitch 6624/6648 Network Configuration Guide...
Page 305: Server Defaults
Number of retries on the server before the retransmit switch tries a backup server Timeout for server replies to authentication timeout requests Whether a Secure Socket Layer is configured ssl | no ssl no ssl for the server OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 17-3...
Page 306: Quick Steps For Configuring Authentication Servers
Authenticated VLANs, see “AVLAN Configuration Overview” on page 18-4. For a quick overview of using the configured authentication servers with Authenticated Switch Access, see the OmniSwitch 6624/6648 Switch Management Guide. page 17-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 307: Server Overview
The switch also polls the server for privilege information (authoriza- tion) if it has been configured on the server; otherwise, the local user database is polled for the privileges. For RADIUS and LDAP, additional servers may be configured as backups. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 17-5...
Page 308: Authenticated Vlans
OmniSwitch 6648 OmniSwitch 6648 The switch polls the servers for login information to Authenticated authenticate users through Authenticated VLAN 2 the switch. VLAN 1 Ethernet clients Servers Used for Authenticated VLANs page 17-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 309: Port-Based Network Access Control (802.1X)
OmniSwitch 6648 OmniSwitch 6648 authorization OmniSwitch granted RADIUS server Basic 802.1X Components For more information about configuring 802.1X ports on the switch, see Chapter 19, “Configuring 802.1X.” OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 17-7...
Page 310: Ace/Server
Attributes are not supported on ACE/Servers. These values must be configured on the switch through the user commands. See the “Switch Security” chapter of the OmniSwitch 6624/6648 Switch Management Guide for more information about setting up the local user database.
Page 311: Radius Servers
Standard Attributes The following tables list RADIUS server attributes 1–39 and 60–63, their descriptions, and whether the Alcatel RADIUS client in the switch supports them. Attribute 26 is for vendor-specific information and is discussed in “Vendor-Specific Attributes for RADIUS” on page 17-11.
Page 312 Not supported. These attributes are used for dial-up sessions; Called-Station-Id not applicable to the RADIUS client in the switch. Calling-Station-Id NAS-Identifier Proxy-State Login-LAT-Service Login-LAT-Node Login-LAT-Group Framed-AppleTalk-Link Framed-AppleTalk-Network Framed-AppleTalk-Zone CHAP-Challenge NAS-Port-Type Port-Limit Login-LAT-Port page 17-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 313: Vendor-Specific Attributes For Radius
42 Alcatel-Acce-Priv-F-W2 hex. Configures functional write privileges for the user. The Alcatel-Auth-Group attribute is used for Ethernet II only. If a different protocol, or more than one protocol is required, use the Alcatel-Auth-Group-Protocol attribute instead. For example: Alcatel-Auth-Group-Protocol 23: IP_E2 IP_SNAP Alcatel-Auth-Group-Protocol 24: IPX_E2 In this example, authenticated users on VLAN 23 may use Ethernet II or SNAP encapsulation.
Page 314: Configuring Functional Privileges On The Server
Managing Authentication Servers Configuring Functional Privileges on the Server Configuring the functional privileges attributes (Alcatel-Acce-Priv-F-x) can be cumbersome because it requires using read and write bitmasks for command families on the switch. To display the functional bitmasks of the desired command families, use the show aaa priv hexa command.
Page 315: Radius Accounting Server Attributes
47 Acct-Input-Packets (Authenticated VLANs only) Tracked per port. 48 Acct-Output-Packets (Authenticated VLANs only) Tracked per port. 49 Acct-Terminal-Cause Indicates how the session was terminated: NAS-ERROR USER-ERROR LOST CARRIER USER-REQUEST STATUS-FAIL OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 17-13...
Page 316: Configuring The Radius Client
“Server Defaults” on page 17-3. To remove a RADIUS server, use the no form of the command: -> no aaa radius-server rad1 Note that only one server may be deleted at a time. page 17-14 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 317: Ldap Servers
Install the directory server software on the server. Copy the relevant schema LDIF files from the Alcatel software CD to the configuration directory on the server. (Each server type has a command line tool or a GUI tool for importing LDIF files.) Database LDIF files may also be copied and used as templates.
Page 318: Ldif File Structure
This is how the entry would appear with actual data in it. dn: uid=yname, ou=people, o=yourcompany objectClass: top objectClass: person objectClass: organizational Person cn: your name sn: last name givenname: first name page 17-16 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 319: Directory Entries
The general structure of entries in a directory tree is shown in the following illustration. It also includes example entries at various branches in the tree. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 17-17...
Page 320: Directory Searches
All attributes are automatically deleted when requests to delete the last value of an attribute are submitted. Attributes can also be deleted by specifying delete value operations without attaching any values. page 17-18 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 321: Directory Compare And Sort
TCP/IP port number for directory server. If using TCP/IP and default port number (389), port need not be specified in the URL. SSL port number for directory server (default is 636). <base_dn> DN of directory entry where search is initiated. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 17-19...
Page 322: Password Policies And Directory Servers
Account Lockout • Reset Password Failure Count • LDAP Error Messages (e.g., Invalid Username/Password, Server Data Error, etc.) • For instructions on installing LDAP-enabled directory servers, refer to the vendor-specific instructions. page 17-20 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 323: Directory Server Schema For Ldap Authentication
To display the functional bitmasks of the desired command families, use the show aaa priv hexa command. On the LDAP server, configure the functional privilege attributes with the bitmask values. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 17-21...
Page 324: Ldap Accounting Attributes
OmniSwitch 6624/6648 Switch Management Guide. Configuring Authentication Key Attributes The alp2key tool is provided on the Alcatel software CD for computing SNMP authentication keys.The alp2key application is supplied in two versions, one for Unix (Solaris 2.5.1 or higher) and one for Windows (NT 4.0 and higher).
Page 325 Log-in fail error code: nn. For error code descriptions refer to the vendor-specific listing for the • specific directory server in use. Log-out reason code, for example PASSWORD EXPIRED(7) or AUTHENTICATION FAILURE(21) • OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 17-23...
Page 326: Dynamic Logging
ASA x—for an authenticated user session, where x is the num- ber of the session AVLAN—for Authenticated VLAN session in single authority mode AVLAN y—for Authenticated VLAN session in multiple authority mode, where y is relevant VLAN page 17-24 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 327: Configuring The Ldap Authentication Client
In this example, the switch will be able to communicate with an LDAP server (called ldap2) that has an IP address of 10.10.3.4, a domain name of cn=manager, a password of tpub, and a searchbase of c=us. These parameters must match the same parameters configured on the server itself. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 17-25...
Page 328: Modifying An Ldap Authentication Server
To delete an LDAP server from the switch configuration, use the no form of the command with the rele- vant server name. -> no aaa ldap-server topanga5 The topanga5 server is removed from the configuration. page 17-26 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 329: Verifying The Authentication Server Configuration
An example of the output for this command is given in “Quick Steps For Configuring Authentication Servers” on page 17-4. For more information about the output of this command, see the OmniSwitch CLI Reference Guide. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 17-27...
Page 330 Verifying the Authentication Server Configuration Managing Authentication Servers page 17-28 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 331: Configuring Authenticated Vlans
Layer 2 Authentication is different from another feature in the switch called Authenticated Switch Access, which is used to grant individual users access to manage the switch. For more information about Authenti- cated Switch Access, see the “Switch Security” chapter in the OmniSwitch 6624/6648 Switch Manage- ment Guide.
Page 332: Authenticated Network Overview
Authentication clients—Authentication clients login through the switch to get access to authenticated VLANs. There are three types of clients: AV-Client. This is an Alcatel-proprietary authentication client. The AV-Client does not require an IP • address prior to authentication. The client software must be installed on the user’s end station. This chapter describes how to install and configure the client.
Page 333 Authentication agent in the switch—Authentication is enabled when the server(s) and the server author- ity mode is specified on the switch. See “Configuring the Server Authority Mode” on page 18-32. These components are described in more detail in the next sections. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 18-3...
Page 334: Avlan Configuration Overview
Setting up switch communication with authenti- aaa radius-server cation servers aaa authentication vlan single-mode Enabling authentication and setting the authority aaa authentication vlan multiple-mode mode for servers aaa accounting vlan Specifying accounting for AVLAN sessions. page 18-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 335: Sample Avlan Configuration
-> aaa radius-server rad1 host 10.10.1.2 key wwwtoe timeout 3 -> aaa ldap server ldap2 host 199.1.1.1 dn manager password foo base c=us Chapter 17, “Managing Authentication Servers,” for more information about setting up external serv- ers for authentication. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 18-5...
Page 336 = ldap2 -> show aaa accounting vlan All authenticated vlans 1rst authentication server = rad3, 2nd authentication server = local For more information about these commands, see the OmniSwitch CLI Reference Guide. page 18-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 337: Setting Up Authentication Clients
Setting Up Authentication Clients The following sections describe the Telnet authentication client, Web browser authentication client, and Alcatel’s proprietary AV-Client. For information about removing a particular client from an authenticated network, see “Removing a User From an Authenticated Network” on page 18-26.
Page 338: Configuring The Web Browser Client Language File
(to include a company logo, for example). The names of these files are: topA.html, topB.html, bottomA.html, bottomB.html, and myLogo.gif. The directory also contains files that must be installed on Mac OS Web browser clients as described in the next sections. page 18-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 339 Disconnect the Mac’s network connection before setting root access. Otherwise, the NetInfo Manager application in the Mac OS will send multiple DNS requests, and the process to set root access will take longer. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 18-9...
Page 340 Quit the current session and relogon as the root user. Make sure Ethernet-DCHP is selected in the Network Utility. Reconnect the Ethernet cable. If you are using a self-signed SSL certificate, or the certificate provided by Alcatel (wv-cert.pem), see “DNS Name and Web Browser Clients” on page 18-11.
Page 341: Ssl For Web Browser Clients
Authority (CA) or a self-signed (private) certificate must be installed on the switch. A self-signed certificate is provided by Alcatel (wv-cert.pem). If you are using a well-known certificate or some other self-signed certificate, you should replace the wv-cert.pem file with the relevant file.
Page 342: Installing The Av-Client
When the Select Network Protocol window appears, select Microsoft from the list of manufacturers and Microsoft 32-bit DLC from the list of Network Protocols. Click Follow the prompts requesting Windows files. page 18-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 343: Loading The Av-Client Software
After installing the update, it is recommended that the system be rebooted. Loading the AV-Client Software Windows 2000 and Windows NT Download the AV-Client from the Alcatel website onto the Windows desktop. Double-click the AV-Client icon. The installation routine begins and the following window displays: OmniSwitch 6624/6648 Network Configuration Guide...
Page 344 Configuring Authenticated VLANs We recommend that you follow the instructions on the screen regarding closing all Windows programs before proceeding with the installation. Click on the Next button. The following window displays. page 18-14 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 345 This window gives you the option of restarting your PC workstation now, or later. You cannot use the AV-Client until you restart your computer. If you decide to restart now, be sure to remove any disks from their drives. Click the Finish button to end the installation procedure. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 18-15...
Page 346: Windows 95 And Windows 98
Configuring Authenticated VLANs Windows 95 and Windows 98 Download the AV-Client from the Alcatel website onto the Windows desktop. Double-click the AV-Client icon. The installation routine begins and the following window displays: We recommend that you follow the instructions on the screen regarding closing all Windows programs before proceeding with the installation.
Page 347 Click on the box next to “View the single sign-on Notes” to select this option. Click on the Finish button to end the installation process. Remember that you must restart your computer before you can run the AV-Client. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 18-17...
Page 348: Setting The Av-Client As Primary Network Login
OK. You can also browse to the directory where the AV-Client is installed and click OK. Select “Alcatel AVLAN Login Provider”. Select Alcatel AVLAN Login Provider as the Primary Network Login on the Configuration tab. Complete the setup as prompted by Windows.
Page 349 Note. If the user reboots the PC workstation, the client’s session with the network server is automatically terminated. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 18-19...
Page 350 The configuration utility includes a screen that lists each component, version and build date for the AV- Client. To view this screen, click on the Version tab and a screen similar to the following will display. page 18-20 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 351: Logging Into The Network Through An Av-Client
The user is now logged into the network and has access to all network resources in the VLAN with which this user shares membership. Note. If authentication is successful but an error was made while configuring VLANs, the user station may not move into the VLAN the user requested. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 18-21...
Page 352: Logging Off The Av-Client
When the AV-Client is logged into the network, the AV-Client icon on the Windows desktop has a blue background. When the logoff procedure is completed, the screen disappears and the background is gone from the AV-Client icon. page 18-22 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 353: Configuring The Av-Client For Dhcp
IP address will never be released. Increasing the value of the delay parameter can prevent this from happening. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 18-23...
Page 354 When you click on a box next to an option, the option is activated in the configuration window. When you click one of the features, an indicator is activated directly below the feature. Specify the number of seconds for the delay for the selected feature. page 18-24 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 355 To apply the change, click the Apply button. When you click the OK button, the screen will close and the change will take effect. If you decide not to implement the change, click the Cancel button and the screen will close without implementing a change. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 18-25...
Page 356: Configuring Authenticated Vlans
For more information about the output display for the aaa avlan no and show avlan user commands, see the OmniSwitch CLI Reference Guide. Note. The MAC addresses of users may also be found in the log files generated by accounting servers. page 18-26 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 357: Configuring Authentication Ip Addresses
Existing users on default vlan are not flushed. Users now do not belong to and cannot traffic in the default VLAN prior to authentication. Note that any existing users in the default VLAN are not flushed. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 18-27...
Page 358: Port Binding And Authenticated Vlans
By default, authentication clients cannot traffic in the default VLAN for the authentication port unless the avlan default-traffic command is enabled. See “Setting Up the Default VLAN for Authentication Clients” on page 18-27. page 18-28 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 359: Setting Up A Dns Path
IP addresses prior to authentication as well as after authenticating. The relay may be used to serve IP addresses both before and after authentication. Note. For more information about configuring DHCP relay in general, see Chapter 15, “Configuring DHCP Relay.” OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 18-29...
Page 360: Enabling Dhcp Relay For Authentication Clients
If you want to specify that the relay only be used for packets coming in on an authenticated port, enter the ip helper avlan only command. -> ip helper avlan only page 18-30 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 361: Configuring A Dhcp Gateway For The Relay
IP address if they do not belong to the VLAN associated with this gate- way address.) To remove a gateway address from the configuration, use the no form of the aaa avlan default dhcp command. For example: -> no aaa avlan default dhcp OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 18-31...
Page 362: Configuring The Server Authority Mode
In the illustration shown here, the Ethernet clients connect to the switch and initially belong to VLAN 1. Additional VLANs have been configured as authenticated VLANs. LDAP and RADIUS servers are configured with VLAN ID information for the clients. page 18-32 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 363 Chapter 17, “Managing Authentication Servers.”) To disable authenticated VLANs, use the no form of the command. Note that the mode does not have to specified. For example: -> no aaa authentication vlan OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 18-33...
Page 364: Configuring Multiple Mode
Authenticated VLAN 3 OmniSwitch 6648 OmniSwitch 6648 Authenticated LDAP server VLAN 4 Authentication Clients OmniSwitch for VLANs 3 & 4 Authenticated VLAN 5 RADIUS servers for VLAN 5 Authentication Network—Multiple Mode page 18-34 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 365: Specifying Accounting Servers
In the following example, single-mode authentication is already set up on the switch, the aaa accounting vlan command configures a RADIUS server (rad1) for accounting. The local logging feature in the switch (local) is the backup accounting mechanism. -> aaa accounting vlan rad1 local OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 18-35...
Page 366: Verifying The Avlan Configuration
Displays the current global configuration for authenticated VLANs. show aaa avlan auth-ip Displays the IP addresses for authenticated VLANs. For more information about these commands, see the OmniSwitch CLI Reference Guide. page 18-36 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 367: Chapter 19 Configuring 802.1X
“Enabling 802.1X on Ports” on page 19-8 • “Setting 802.1X Switch Parameters” on page 19-8 • “Configuring 802.1X Port Parameters” on page 19-9 • “Verifying the 802.1X Port Configuration” on page 19-11 • OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 19-1...
Page 368: 802.1X Specifications
Amount of time that must expire re-authperiod 3600 seconds before a re-authentication attempt is made. Whether or not the port is re- no reauthentication | no reauthentication authenticated. reauthentication page 19-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 369 Description Keyword Default Whether any traffic will be open-unique | open-global open-unique allowed or restricted after authenticating the 802.1X port Note. By default, accounting is disabled for 802.1X authentication sessions. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 19-3...
Page 370: Quick Steps For Configuring 802.1X
= 3600 supp-timeout (seconds) = 30 server-timeout (seconds) = 30 max-req re-authperiod (seconds) = 3600 reauthentication = no See the OmniSwitch CLI Reference Guide for information about the fields in this display. page 19-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 371: 802.1X Overview
The keyword open-global specifies that any frames will be allowed on the port after the supplicant is authenticated. (The open-unique state is the default). See “Setting 802.1X Switch Parameters” on page 19-8 for more information about configuring this command. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 19-5...
Page 372: 802.1X Ports And Dhcp
802.1X authentication sessions may be logged if servers are set up for 802.1X accounting. Accounting may also be done through the local Switch Logging feature. For information about setting up accounting for 802.1X, see “Configuring Accounting for 802.1X” on page 19-11. page 19-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 373: Compared To Authenticated Vlans
For information about configuring VLANs with authentication, see Chapter 4, “Configuring VLANs.” Both 802.1X and authenticated VLANs may use the same RADIUS authentication server. See Chapter 17, “Managing Authentication Servers,”for information about using a RADIUS server for authentication. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 19-7...
Page 374: Setting Up Port-Based Network Access Control
-> vlan port 3/1 802.1x enable The vlan port 802.1x command enables 802.1X on port 1 of slot 3. The port will be set up with defaults listed in “802.1X Defaults” on page 19-2. page 19-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 375: Configuring 802.1X Port Parameters
To modify the transmit timeout, use the 802.1x command with the tx-period keyword. To modify the supplicant or user timeout, use the 802.1x command with the supp-timeout keyword. For example: OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 19-9...
Page 376: Configuring The Maximum Number Of Requests
25 seconds. To manually re-authenticate a port, use the 802.1x re-authenticate command. For example: -> 802.1x re-authentication 3/1 This command initiates a re-authentication process for port 1 on slot 3. page 19-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 377: Initializing An 802.1X Port
802.1x Displays information about accounting servers configured for 802.1X port-based network access control. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 19-11...
Page 378 Verifying the 802.1X Port Configuration Configuring 802.1X page 19-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 379: Chapter 20 Managing Policy Servers
20 Managing Policy Servers Quality of Service (QoS) policies that are configured through Alcatel’s PolicyView network management application are stored on a Lightweight Directory Access Protocol (LDAP) server. PolicyView is an OmniVista application that runs on an attached workstation. In This Chapter This chapter describes how LDAP directory servers are used with the switch for policy management.
Page 380: Policy Server Specifications
636 (SSL enabled) Priority value assigned to a server, used to preference 0 (lowest) determine search order Whether a Secure Socket Layer is configured ssl | no ssl no ssl for the server page 20-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 381: Policy Server Overview
See your server documentation for additional details on setting up the server. See the next sections of this chapter for information about modifying policy server parameters or viewing information about policy servers. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 20-3...
Page 382: Modifying Policy Servers
-> no policy server 10.10.2.3 If the policy server is not created on the default port, the no form of the command must include the port number. For example: -> no policy server 10.10.2.4 5000 page 20-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 383: Modifying The Port Number
LDAP server to modify parameters on the server itself. Modifying the Searchbase The searchbase name is “o=alcatel.com” by default. To modify the searchbase name, enter the policy server command with the searchbase keyword. For example: -> policy server 10.10.2.3 searchbase "ou=qo,o=company,c=us"...
Page 384: Configuring A Secure Socket Layer For A Policy Server
To flush LDAP policies from the switch, use the policy server flush command. Note that any policies configured directly on the switch through the CLI are not affected by this command. -> policy server flush page 20-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 385: Interaction With Cli Policies
Displays the names of policies originating on a directory server that have been downloaded to the switch. show policy server events Displays any events related to a directory server. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 20-7...
Page 386 Verifying the Policy Server Configuration Managing Policy Servers page 20-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 387: Chapter 21 Configuring Qos
21 Configuring QoS Alcatel’s QoS software provides a way to manipulate flows coming through the switch based on user- configured policies. The flow manipulation (generally referred to as Quality of Service or QoS) may be as simple as allowing/denying traffic, or as complicated as remapping 802.1p bits from a Layer 2 network to ToS values in a Layer 3 network.
Page 388: Qos Specifications
Maximum number of IP addresses 16000 CLI Command Prefix Recognition Some QoS commands support prefix recognition. See the “Using the CLI” chapter in the OmniSwitch 6624/6648 Switch Management Guide for more information. page 21-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 389: Qos General Overview
OmniSwitch OmniSwitch 6648 The Internet Prioritization OmniSwitch 6648 policy OmniSwitch 6648 video feed OmniSwitch 6648 Best Effort email server Sample QoS Setup OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-3...
Page 390: Qos Policy Overview
WebView, however, to override policies created in PolicyView. And vice versa. This chapter discusses policy configuration using the CLI. For information about using WebView to configure the switch, see the OmniSwitch 6624/6648 Switch Management Guide. For information about configuring policies through PolicyView, see the PolicyView online help.
Page 391: Interaction With Other Features
LDAP server. LDAP policies may only be modified through PolicyView. For information about setting up a policy server and managing LDAP policies, see Chapter 20, “Managing Policy Servers.” OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-5...
Page 392: Condition Combinations
IP address or network group destination MAC or MAC group destination VLAN destination slot/port or port group destination interface type 802.1p bridging — source slot/port or port group source interface type page 21-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 393: Condition/Action Combinations
TCP/UDP port bridged is enabled IP protocol source IP address or network group 802.1p routing/bridging when qos classifyl3 source TCP/UDP port bridged is enabled IP protocol OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-7...
Page 394 IP address or network group disposition multicast rules only destination IP address or network group destination MAC or MAC group destination VLAN destination slot/port or port group destination interface type page 21-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 395: Qos Defaults
OmniVista applications Type of messages logged debug qos info Whether fragments are classified qos classify fragments Whether bridged traffic may be qos classifyl3 bridged classified with Layer 3 condi- tions OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-9...
Page 396: Qos Port Defaults
Whether the rule is saved to save Save option is enabled. flash immediately *However, policy rules configured with source and destination conditions and actions with disposi- tion, priority, or 802.1P configured are automatically bidirectional. page 21-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 397: Policy Action Defaults
Policy Port Groups—The switch has built-in policy port groups for each slot. The groups are called • Slot01, Slot02, etc. Use the show policy port group command to view the built-in groups. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-11...
Page 398: Qos Configuration Overview
Applying the Configuration. All policy rule configuration and some global parameters must be specifically applied through the qos apply command before they are active on the switch. See “Applying the Configuration” on page 21-46. page 21-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 399: Configuring Global Qos Parameters
Layer 2 traffic, one for source and one for desti- nation. For more information about ACLs, see Chapter 22, “Configuring ACLs.” OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-13...
Page 400: Using The Qos Log
For example: -> qos log lines 30 The number of lines in the log is changed. To activate the change, enter the qos apply command. page 21-14 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 401: Log Detail Level
To disable immediate forwarding of events to the console, enter the following command: -> qos no log console To activate the change, enter the qos apply command. For more information about the qos apply command, see “Applying the Configuration” on page 21-46. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-15...
Page 402: Displaying The Qos Log
By decreas- ing the wait time, you can free some memory that the switch is using to keep track of flows; the default value is 300 seconds. page 21-16 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 403: Fragment Classification
The timeout will not be active on the switch until you enter the qos apply command. (For more informa- tion about the qos apply command, see “Applying the Configuration” on page 21-46.) The timeout does not take effect if the qos classify fragments command has not been entered. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-17...
Page 404: Classifying Bridged Traffic As Layer 3
For a list of global defaults, see “QoS Defaults” on page 21-9. Note. The qos reset command only affects the global configuration. It does not affect any policy configu- ration. page 21-18 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 405: Verifying Global Settings
Displays global information about the QoS configuration. show qos statistics Displays statistics about QoS events. For more information about the syntax and displays of these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-19...
Page 406: Qos Ports And Queues
• Shared Queues On the OmniSwitch 6624/6648, flows always share queues. Four queues are available at startup for each port. Trusted and Untrusted Ports By default switch ports are not trusted; that is, they do not recognize 802.1p or ToS/DSCP settings in packets of incoming traffic.
Page 407: Configuring Trusted Ports
Displays information for all QoS queues or only those queues associated with a particular slot/port. See the OmniSwitch CLI Reference Guide for more information about the syntax and displays for these commands. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-21...
Page 408: Creating Policies
Create a policy action with the policy action command. For example: -> policy action action2 priority 7 Create a policy rule with the policy rule command. For example: -> policy rule my_rule condition cond3 action action2 page 21-22 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 409: Ascii-File-Only Syntax
QoS object’s origin be modified. The blt keyword indicates built-in; this keyword cannot be used on the command line. For information about built-in policies and QoS groups, see “How Policies Are Used” on page 21-4. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-23...
Page 410: Creating Policy Conditions
To remove a classification parameter from the condition, use no with the relevant keyword. For example: -> policy condition c3 no source ip The specified parameter (in this case, a source IP address) will be removed from the condition (c3) at the next qos apply. page 21-24 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 411: Deleting Policy Conditions
“Condition/Action Combinations” on page 21-7. See the OmniSwitch CLI Reference Guide for details about command syntax. policy action keywords disposition 802.1p priority minimum bandwidth maximum bandwidth maximum depth maximum buffers OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-25...
Page 412: Removing Action Parameters
The rule (rule5) will only take effect after the qos apply command is entered. For more information about the qos apply command, see “Applying the Configuration” on page 21-46. The policy rule command may specify the following keywords: policy rule keywords precedence save page 21-26 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 413: Rule Precedence
Specifying Precedence for a Particular Rule To specify a precedence value for a particular rule, use the policy rule command with the precedence keyword. For example: -> policy rule r1 precedence 200 condition c1 action a1 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-27...
Page 414: Saving Rules
In this example, when a flow comes into the switch and matches source IP address 10.10.2.3, the switch will apply both policies (Rule1 and Rule2) to the flow. On the OmniSwitch 6624/6648, a source IP address may be combined with priority and maximum bandwidth actions at the same time, so both rules are used.
Page 415: Logging Rules
To reconfigure the rule as saved, use the policy rule command with the save option. For example: -> policy rule rule5 save For more information about the configuration snapshot, write memory, and copy running-config working commands, see the OmniSwitch 6624/6648 Switch Management Guide and the OmniSwitch CLI Reference Guide. For more information about applying rules, see “Applying the Configuration”...
Page 416: Verifying Policy Configuration
(+) sign. The rule will not be used to classify traffic until the next qos apply. Only mac1 is actively being used on the switch to classify traffic. page 21-30 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 417 Although my_rule5 is administratively active, it is still pending and not yet applied to the configuration. Only mac1 is displayed here because it is active on the switch. See the OmniSwitch CLI Reference Guide for more information about the output of these commands. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-31...
Page 418: Testing Conditions
The display shows Layer 2 or Layer 3 information, depending on what kind of traffic you are attempting to classify. In this example, the display indicates that the switch found a rule, yuba, to classify destination traffic with the specified Layer 2 information. page 21-32 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 419 To activate any policy rules that have not been applied, use the qos apply command. To delete rules that have not been applied (and any other QoS configuration not already applied), use the qos revert command. See “Applying the Configuration” on page 21-46. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-33...
Page 420: Using Condition Groups In Policies
See the OmniSwitch CLI Reference Guide for more information about the output of this display. See “Verifying Condition Group Configuration” on page 21-42 for more information about using show commands to display information about condition groups. page 21-34 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 421: Creating Network Groups
In this example, netgroup3 is configured for condition c4 as source network group: -> policy condition c4 source network group netgroup3 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-35...
Page 422: Creating Services
An IP protocol (TCP or UDP), source IP port and/or destination IP port (or port range) must be associated with a service. IP port numbers are well-known port numbers defined by the IANA. For example, port numbers for FTP are 20 and 21; Telnet is 23. page 21-36 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 423: Creating Service Groups
The service group may then be associated with a condition through the policy condition command. For example: -> policy condition c6 service group serv_group OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-37...
Page 424: Creating Mac Groups
This command creates a condition called cond3 that may be used in a policy rule to classify traffic by source MAC addresses. The MAC addresses are specified in the MAC group. For more information about configuring conditions, see “Creating Policy Conditions” on page 21-24. page 21-38 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 425: Creating Port Groups
Note. Port group configuration is not active until the qos apply command is entered. To delete ports from a port group, use no and the relevant port number(s). -> policy port group techpubs no 2/1 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-39...
Page 426: Port Groups And Maximum Bandwidth
Port Groups and Maximum Bandwidth On the OmniSwitch 6624/6648, if a policy is configured with a port group in the condition and a policy action with maximum bandwidth, the bandwidth sent out over the ports in the port group is distributed over the active ports in a source port group.
Page 427 For flows that match a rule with a protocol condition, and the rule specifies a maximum bandwidth • action, maximum bandwidth will be applied to each port the flow egresses regardless of physical port location. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-41...
Page 428: Verifying Condition Group Configuration
When the qos apply command is entered, the plus sign (+) will be removed from netgroup1 in the display. See “Applying the Configuration” on page 21-46 for more information about the qos apply command. page 21-42 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 429: Using Map Groups
Configuring QoS Using Map Groups Using Map Groups Map groups are used to map 802.1p, ToS, or DSCP values to different values. On the OmniSwitch 6624/ 6648, the following mapping scenarios are supported: 802.1p to 802.1p • ToS or DSCP to 802.1p (the reverse is not supported) •...
Page 430: How Map Groups Work
To delete mapping values from a group, use no and the relevant values: -> policy map group tosGroup no 1-2:4 The specified values will be deleted from the map group at the next qos apply. page 21-44 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 431: Verifying Map Group Configuration
When the qos apply command is entered, the plus sign (+) will be removed from tosGroup in the display. “Applying the Configuration” on page 21-46 for more information about the qos apply command. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-45...
Page 432: Applying The Configuration
For more information about disabling/re-enabling a policy rule, see “Creating Policy Rules” on page 21-26. page 21-46 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 433: Deleting The Pending Configuration
Or, to delete all policy rule configuration, enter qos apply. If qos apply is entered, the empty set of pending policies will be written to the applied policies and all policy rule configuration will be deleted. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-47...
Page 434: Interaction With Ldap Policies
Sends Layer 2, Layer 3, or multicast information to the classifier to see how the switch will handle the packet. Use the applied keyword to examine only applied conditions. For more information about these commands, see the OmniSwitch CLI Reference Guide. page 21-48 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 435: Policy Applications
OmniSwitch ingress flow queues for egress traffic policy condition classifies the flow policy action determines how packets are queued OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-49...
Page 436: Basic Commands
First, create a condition for the traffic. In this example, the condition is called ip_traffic2. A policy action (flowShape) is then created to enforce a maximum bandwidth requirement for the flow. page 21-50 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 437: Icmp Policy Example
For Layer 2 flows, you cannot have more than one action that maps DSCP. • In this example, a policy rule (marking) is set up to mark flows from 10.10.3.0 with an 802.1p value of 5: OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 21-51...
Page 438 -> policy rule RuleA condition SubnetA action map_action -> policy rule RuleB condition SubnetB action map_action Subnet A OmniSwitch 10.10.5.0 OmniSwitch 6648 Network C OmniSwitch 6648 OmniSwitch 6648 Mapping Subnet B OmniSwitch 6648 policy 12.12.2.0 Mapping Application page 21-52 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 439: Chapter 22 Configuring Acls
22-10. Creating Policy Rules for ACLs. Policy rules for ACLs are basically QoS policy rules. Specific • parameters for ACLs are described in this chapter. See “Configuring ACLs” on page 22-10. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 22-1...
Page 440: Acl Specifications
Note that in the current software release, the deny and drop options produce the same effect; that is, that traffic is silently dropped. For more information about QoS defaults in general, see Chapter 21, “Configuring QoS.” page 22-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 441: Quick Steps For Creating Acls
-> vlan 2 router ip 192.68.82.1 Apply the policy configuration using the qos apply command. For details about using this command, “Applying the Configuration” on page 21-46 Chapter 21, “Configuring QoS.” OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 22-3...
Page 442: Acl Overview
Note. QoS policy rules may also be used for traffic prioritization and other network scenarios. For a general discussion of QoS policy rules, see Chapter 21, “Configuring QoS.” page 22-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 443: Rule Precedence
-> policy rule r1 precedence 100 condition c1 action a1 -> policy rule r2 precedence 100 condition c1 action a2 When traffic comes into the switch that matches c1, the switch will use rule r1. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 22-5...
Page 444: Example: Layer 3 Rules With Compatible Actions
In this example, when a flow comes into the switch and matches source IP address 10.10.2.3, the switch will apply both policies (Rule1 and Rule2) to the flow. On the OmniSwitch 6624/6648, a source IP address may be combined with priority and maximum bandwidth actions at the same time, so both rules are used.
Page 445: Interaction With Other Features
IP address cannot be included in a condition with a source IP network group. For more information about supported combinations, see “Condition Combinations” on page 21-6 “Condition/Action Combinations” on page 21-7 Chapter 21, “Configuring QoS.” OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 22-7...
Page 446: Acl Configuration Overview
Policies may then be set up to allow routed traffic through the switch. Note that in the current release of Alcatel’s QoS software, the drop and deny keywords produce the same result (flows are silently dropped; no ICMP message is sent).
Page 447 If you set the bridged disposition to deny or drop, and you configure Layer 2 ACLs, you will need two rules for each type of filter. For more information, see “Layer 2 ACLs” on page 22-12. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 22-9...
Page 448: Creating Condition Groups For Acls
IP port, or destination IP port. Or, the condition may simply refer to the network group, MAC group, port group, or service group. Typically ACLs use group keywords in policy conditions. A single rule, therefore, filters traffic for multiple addresses or ports. page 22-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 449: Creating Policy Actions For Acls
In this example, any traffic matching condition c3 will match rule7; rule7 is configured with the highest precedence value. If any other Layer 3 rules are configured for traffic with a source address of 10.10.4.8, OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 450: Layer 2 Acls
If the default bridged disposition is set to drop or deny, any rules for allowing Layer 2 traffic through the switch must be configured in two instances, once for source and once for destination. page 22-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 451: Layer 2 Acl: Example 1
Filter2 is created with cond5. Now when Layer 2 flows with a MAC address starting with 0020da arrive on the switch destined for any Ethernet interface, the flows will be allowed on the switch. OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 452: Layer 3 Acls
Traffic with a source IP address of 192.68.82.0, a source IP port of 23, using protocol 6, will match condi- tion addr2, which is part of FilterL31. The action for the filter (Block) is set to deny traffic. The flow will be dropped on the switch. page 22-14 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 453: Layer 3 Acl: Example 2
If a destination group is specified, the corresponding single value keyword cannot be combined in the same condition. For example, if a destination port is specified, a destination port group cannot be speci- fied in the same condition. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 22-15...
Page 454: Verifying The Acl Configuration
The following example shows all policy rules configured on the switch: -> show policy rule Policy From Prec Enab Inact Refl Log Save my_rule Cnd/Act: cond5 -> action2 +my_rule5 Cnd/Act: cond2 -> pri2 mac1 Cnd/Act: dmac1 -> pri2 page 22-16 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 455 See the OmniSwitch CLI Reference Guide for more information about the output of these commands. OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 456: Acl Application Example
An example of what these commands look like together on consecutive command lines: -> policy service traffic_in source ip port 23 protocol 6 -> policy condition outside_cond service traffic_in -> policy action outside_action disposition drop -> policy rule outside condition outside_cond action outside_action page 22-18 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 457: Configuring Ip Multicast Switching
This mechanism is often referred to as IGMP snooping (or IGMP gleaning). Alcatel’s implementation of IGMP snooping is called IP Multicast Switching (IPMS). IPMS allows OmniSwitch 6600 Series switches to efficiently deliver multicast traffic in hardware at wire speed.
Page 458: Ipms Specifications
0 to 4294967295 seconds Querier Timeout 0 to 4294967295 seconds Querier Aging and Election Timeout 0 to 4294967295 seconds IPMS Default Values The table below lists default values for Alcatel’s IPMS software. Parameter Description Command Default Value/Comments Administrative Status ip multicast switching...
Page 459: Ipms Overview
The network interfaces verify that a multicast packet is received by the switch on the source (or expected) port. Note. Jumbo multicast packets are not supported. The maximum MTU size supported by Alcatel’s IPMS software is 1500. IPMS Example The figure on the following page shows an IPMS network where video content can be provided to clients that request it.
Page 460: Reserved Multicast Addresses
In IGMPv2, each membership report contains only one multicast group. In IGMPv3, membership reports contain many multicast groups up to the Maximum Transmission Unit (MTU) size of the interface. IGMPv3 uses source filtering and reports multicast memberships to neighboring routers by sending membership reports. page 23-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 461: Configuring Ipms On A Switch
-> ip multicast switching Disabling IPMS To disable IPMS you use the no form of the ip multicast switching command as shown below: -> no ip multicast switching OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 23-5...
Page 462: Configuring The Igmp Proxy Version
For example, to configure port 4 in slot 10 with designated VLAN 2 as a static neighbor that uses IGMP Version 3 you would enter: -> ip multicast static-neighbor 2 4/10 v3 page 23-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 463: Removing A Static Neighbor
(/), and the port number. For example, to remove port 4 in slot 10 with designated VLAN 2 as a static querier you would enter: -> ip multicast no static-querier 2 4/10 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 23-7...
Page 464: Configuring And Removing A Static Member
For example, to remove a static member with an IP address of 11.0.0.1 on port 10 in slot 3 with desig- nated VLAN 3 you would enter: -> ip multicast no static-neighbor 11.0.0.1 3/10 3 page 23-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 465: Modifying Ipms Parameters
Restoring the Leave Timeout To restore the leave timeout to its default (i.e., 1 second) value you use the no form of the ip multicast leave-timeout command by entering: -> ip multicast no leave-timeout OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 23-9...
Page 466: Modifying The Query Interval
Restoring the Membership Timeout To restore the membership timeout to its default (i.e., 260 seconds) value you use the no form of the multicast membership-timeout command by entering: -> ip multicast no membership-timeout page 23-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 467: Modifying The Neighbor Timeout
Restoring the Querier Timeout To restore the neighbor querier to its default (i.e., 260 seconds) value you use the no form of the multicast querier-timeout command by entering: -> ip multicast no querier-timeout OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 23-11...
Page 468: Modifying The Querier Aging And Election Timeout
To restore the querier aging and election timeout to its default (i.e., 255 seconds) value you use the no form of the ip multicast other-querier-timeout command by entering: -> ip multicast no other-querier-timeout page 23-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 469: Ipms Application Example
Configure the client attached to Port 2 as a static querier belonging to VLAN 5 by entering: -> ip multicast static-querier 5 1/2 Modify the membership timeout from its default value of 260 seconds to 3600 seconds by entering: -> ip multicast membership-timeout 3600 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 23-13...
Page 470 -> show ip multicast neighbors Source IP VLAN Slot/Port Expire Type Version --------------------+----+---------+------+-------+------- None 1/5 Never Static IGMPv2 ->show ip multicast queriers Source IP VLAN Slot/Port Expire Type Version --------------------+----+---------+------+-------+-------- None 1/2 Never Static IGMPv2 page 23-14 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 471: Displaying Ipms Configurations And Statistics
Configuring IP Multicast Switching Displaying IPMS Configurations and Statistics Displaying IPMS Configurations and Statistics Alcatel’s IP Multicast Switching (IPMS) show commands provide tools to monitor IPMS traffic and settings and to troubleshoot problems. These commands are described below: show ip multicast switching Displays the current IPMS configuration on a switch.
Page 472 Displaying IPMS Configurations and Statistics Configuring IP Multicast Switching page 23-16 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 473: Diagnosing Switch Problems
Configuring Port Mirroring Direction—see “Configuring Port Mirroring Direction” on page 24-14. • Enabling or Disabling a Port Mirroring Session—see “Enabling or Disabling a Port Mirroring Session • (Shorthand)” on page 24-14. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 24-1...
Page 474 “Resetting Health Statistics for the Switch” on page 24-29. • For information about additional Diagnostics features such as Switch Logging and System Debugging/ Memory Management commands, see Chapter 25, “Using Switch Logging” Chapter 26, “Monitoring Memory.” page 24-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 475: Port Mirroring
Mirroring Sessions supported 6624—1 session per switch in a stack. For exam- ple, a stack of 4 OmniSwitch 6624 can support 4 mirroring sessions. 6648 — sessions per switch in a stack. For exam- ple, a stack of 4 OmniSwitch 6648 can support 8 mirroring sessions.
Page 476: Quick Steps For Configuring Port Mirroring
----------+----------+----------+--------------+----------+---------- bidirectional 7 For more information about this command, see “Displaying Port Mirroring Status” on page 24-15 or the “Port Mirroring and Monitoring Commands” chapter in the OmniSwitch CLI Reference Guide. page 24-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 477: Remote Monitoring (Rmon)
RMON Traps Supported RisingAlarm/FallingAlarm These traps are generated whenever an Alarm entry crosses either its Rising Threshold or its Falling Threshold and generates an event con- figured for sending SNMP traps. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 24-5...
Page 478: Rmon Probe Defaults
For more information about these commands, see “Displaying a List of RMON Probes” on page 24-19, “Displaying Statistics for a Particular RMON Probe” on page 24-20 or the “RMON Commands” chapter in the OmniSwitch CLI Reference Guide. page 24-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 479: Switch Health
A Resource Threshold was exceeded by its cor- responding utilization value in the previous cycle, but is not exceeded in the current cycle. Threshold Crossing Traps Supported Device, module, port-level threshold crossings. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 24-7...
Page 480: Switch Health Defaults
(e.g., memory). The display is similar to the one shown below: Memory Threshold = 85 For more information about this command, see “Displaying Health Threshold Limits” on page 24-26 the “Health Monitoring Commands” chapter in the OmniSwitch CLI Reference Guide. page 24-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 481: Port Mirroring
Port mirroring runs in the Chassis Management software and is supported for Ethernet (10 Mbps), Fast Ethernet (100 Mbps) and Gigabit Ethernet (1000 Mpbs) ports. One port mirroring session is supported per OmniSwitch 6624 in a stack and up to two port mirroring sessions are supported per OmniSwitch 6648 in a stack.
Page 482: How Port Mirroring Works
Bridging Spanning Tree until you protect it from Spanning Tree updates by specifying an unblocked VLAN as part of the configuration command line. The mirroring port does not transmit or receive any traffic on its own. page 24-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 483: Using Port Mirroring With External Rmon Probes
D..and port mirroring sends copies of the NMS Workstation Management frames to the mirroring port. OmniSwitch 6648 Mirroring Port Mirrored Port OmniSwitch 6648 RMON Probe OmniSwitch Port Mirroring Using External RMON Probe OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 24-11...
Page 484: Creating A Mirroring Session
CLI command can be used to create a mirroring session between a mirrored (active) port and a mirroring port. One port mirroring session is supported per OmniSwitch 6624 in a stack and up to two port mirroring sessions are supported per OmniSwitch 6648 in a stack.
Page 485: Enabling Or Disabling Mirroring Status
2/port 3, and the mirroring port located in slot 6/port 4. The mirroring status is disabled (i.e., port mirroring is turned off): -> port mirroring 6 source disable Note. You can modify the parameters of a port mirroring session that has been disabled. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 24-13...
Page 486: Configuring Port Mirroring Direction
ID number and the keyword enable. The following command enables port mirroring session 6 (turning port mirroring on): -> port mirroring 6 enable page 24-14 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 487: Displaying Port Mirroring Status
To delete a mirroring session, enter the no port mirroring command, followed by the port mirroring session ID number. For example: -> no port mirroring 6 In this example, port mirroring session 6 is deleted. Note. The port mirroring session identifier must always be specified. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 24-15...
Page 488: Remote Monitoring (Rmon)
OmniSwitch 6648 Mirrored Port Mirroring Port OmniSwitch 6648 RMON Probe OmniSwitch D..and port mirroring sends copies of the Management frames to the mirroring port. Port Mirroring Using External RMON Probe page 24-16 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 489: Ethernet Statistics
The Event group controls generation and notification of events from the switch to NMS stations. For example, customized reports based on the type of Alarm can be generated, printed and/or logged. Note. The following RMON groups are not implemented: Host, HostTopN, Matrix, Filter and Packet Capture. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 24-17...
Page 490: Enabling Or Disabling Rmon Probes
The following command enables all currently defined (disabled) RMON Alarm probes: -> rmon probes alarm enable Notes. Network activity on subnetworks attached to an RMON probe can be monitored by Network Management Software (NMS) applications. page 24-18 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 491: Displaying Rmon Tables
A display showing all current alarm RMON probes should appear, as shown in the following example: Entry Slot/Port Flavor Status Duration System Resources -------+-----------+-----------+----------+---------------+-------------------- 31927 1/35 Alarm Active 00:25:51 608 bytes OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 24-19...
Page 492: Displaying Statistics For A Particular Rmon Probe
-> show rmon probes 4005 Probe’s Owner: Hawk Switch Auto Probe on Slot 4, Port 5 Entry 4005 Flavor = Ethernet, Status = Active Time = 48 hrs 54 mins, System Resources (bytes) = 275 page 24-20 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 493: Sample Display For History Probe
= delta value Alarm Startup Alarm = rising alarm Alarm Variable = 1.3.6.1.2.1.16.1.1.1.5.4008 Entry 11235 Flavor = Alarm, Status = Active Time = 48 hrs 48 mins, System Resources (bytes) = 1677 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 24-21...
Page 494: Displaying A List Of Rmon Events
[Rising trap] “Rising Event,” an Alarm condition detected by the RMON probe in which a trap was generated based on a Rising Threshold Alarm, with an elapsed time of 39 minutes since the last change in status. page 24-22 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 495: Monitoring Switch Health
Maximum utilization level over the last hour (percentage) • Threshold level • Additionally, Health Monitoring provides the capacity to specify thresholds for the resource utilization levels it monitors, and generates traps based on the specified threshold criteria. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 24-23...
Page 496 —Displays health statistics for the switch, as percentages of total resource capacity. See • page 24-28 for more information. health statistics reset—Resets health statistics for the switch. See page 24-29 for details. • page 24-24 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 497: Configuring Resource And Temperature Thresholds
Note. When you specify a new value for a threshold limit, the value is automatically applied across all levels of the switch (switch, module and port). You cannot select differing values for each level. OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 498: Displaying Health Threshold Limits
Note. For detailed definitions of each of the threshold types, refer to “Configuring Resource and Tempera- ture Thresholds” on page 24-25, as well as Chapter 35, “Health Monitoring Commands,” in the OmniSwitch CLI Reference Guide. page 24-26 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 499: Configuring Sampling Intervals
To view the sampling interval, enter the show health interval command. The currently configured health sampling interval (measured in seconds) will be displayed, as shown below: -> show health interval Sampling Interval = 5 OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 24-27...
Page 500: Viewing Health Statistics For The Switch
Threshold limit. For example, if the Current value for Memory displays as 85* and the Threshold Limit displays as 80, the asterisk indicates that the Current value has exceeded the Threshold Limit value. page 24-28 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 501: Viewing Health Statistics For A Specific Interface
To reset health statistics for the switch, enter the health statistics reset command, as shown below: -> health statistics reset OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 24-29...
Page 502 Monitoring Switch Health Diagnosing Switch Problems page 24-30 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 503: Chapter 25 Using Switch Logging
“Displaying Switch Logging Records” on page 25-12 • Notes. Switch logging commands are not intended for use with low-level hardware and software debugging. It is strongly recommended that you contact an Alcatel Customer Service representative for assistance with debugging functions. OmniSwitch 6624/6648 Network Configuration Guide...
Page 504: Switch Logging Specifications
LANPOWER (108) Severity Levels/Types Supported 2 (Alarm - highest severity), 3 (Error), 4 (Alert), 5 (Warning) 6 (Info - default), 7 (Debug 1), 8 (Debug 2), 9 (Debug 3 - lowest severity) page 25-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 505: Switch Logging Defaults
No application ID or severity level defaults. The user must specify these values Enabling/Disabling switch logging swlog output Flash Memory and Console Output Switch logging file size swlog output flash 128000 bytes file-size OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 25-3...
Page 506: Quick Steps For Configuring Switch Logging
Only Applications not at the level ‘info’ (6) are shown Application ID Level ---------------------------- BRIDGE(10) warning (5) For more information about this command, or the “Switch Logging Commands” chapter in the OmniSwitch CLI Reference Guide. page 25-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 507: Switch Logging Overview
See the “Working with Configuration Files” chapter of the OmniSwitch 6624/6648 Switch Management Guide for details. OmniSwitch 6624/6648 Network Configuration Guide...
Page 508: Switch Logging Commands Overview
25-8. Numeric CLI Keyword Application ID Equivalent IDLE APPID_IDLE DIAG APPID_DIAGNOSTICS IPC-DIAG APPID_IPC_DIAGNOSTICS QDRIVER APPID_QDRIVER QDISPATCHER APPID_QDISPATCHER IPC-LINK APPID_IPC_LINK NI-SUPERVISION APPID_NI_SUP_AND_PROBER INTERFACE APPID_ESM_DRIVER 802.1Q APPID_802.1Q VLAN APPID_VLAN_MGR APPID_GROUPMOBILITY (RESERVED) BRIDGE APPID_SRCLEANING page 25-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 509 APPID_CLI SNMP APPID_SNMP_AGENT APPID_WEBMGT MIPGW APPID_MIPGW SESSION APPID_SESSION_MANAGER TRAP APPID_TRAP_MANAGER POLICY APPID_POLICY_MANAGER APPID_DRC SYSTEM APPID_SYSTEM_SERVICES HEALTH APPID_HEALTHMON NAN-DRIVER APPID_NAN_DRIVER RMON APPID_RMON TELNET APPID_TELNET APPID_PSM APPID_FTP SMNI APPID_SMNI DISTRIB APPID_DISTRIB EPILOGUE APPID_EPILOGUE OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 25-7...
Page 510: Specifying The Severity Level
The following command makes the same assignment by using the severity level and application numbers. -> swlog appid 75 level 3 No confirmation message appears on the screen for either command. page 25-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 511: Removing The Severity Level
IP address to which output will be sent. For exam- ple, if the target IP address is 168.23.9.100, you would enter: -> swlog output socket ipaddr 168.23.9.100 No confirmation message will appear on the screen. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 25-9...
Page 512: Disabling An Ip Address From Receiving Switch Logging Output
For this example, switch logging is enabled. Switch logging information is being sent to the switch’s flash memory and to the console. Additionally, the severity level for the chassis application ID has been set to the “debug3” (or “9”) severity level. page 25-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 513: Configuring The Switch Logging File Size
Note. Use the command, which is described in the OmniSwitch 6624/6648 Switch Management Guide, to determine the amount of available flash memory. For example, to set the switch logging file to 500000 bytes enter: ->...
Page 514: Displaying Switch Logging Records
The Log Message field specifies the condition recorded by the switch logging feature. The informa- • tion in this field usually wraps around to the next line of the screen display as shown in this example. page 25-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 515: Chapter 26 Monitoring Memory
Notes. System Debug (kTrace and sysTrace) commands are intended for use by qualified Alcatel Customer Support personnel to assist customers in diagnosing or debugging system performance. For information about these commands, see the chapter titled, “Memory Monitoring Commands”...
Page 516: Memory Monitoring Specifications
Standard Out (console)/ Supported Switch Logging/ sysTrace Buffer. Memory Monitoring Defaults The following table shows Memory Monitoring default values: Parameter Description CLI Command Default Value/Comments Memory Monitoring debug memory monitor Disabled page 26-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 517: Quick Steps For Configuring Memory Monitoring
850216 1588017 65536 5130020 25675316 For more information about this command, see “Displaying the Memory Monitor Log” on page 26-5 the “Switch Logging Commands” chapter in the OmniSwitch CLI Reference Guide. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 26-3...
Page 518: Debug Memory Commands Overview
To enable memory monitoring, enter: -> debug memory monitor enable No confirmation message will appear onscreen. To disable Memory Monitoring, enter: -> debug memory monitor disable No confirmation message will appear onscreen. page 26-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 519: Displaying The Memory Monitor Log
The Calling Function field displays the function that called the above-mentioned function. The Previous Caller field displays the function that called the above-mentioned function. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 26-5...
Page 520: Displaying The Memory Monitor Global Statistics
(currently and cumulatively) since the memory log was last enabled. For example, statistics displayed above indicate that 33741 bytes of memory are currently allo- cated and 687952 bytes were cumulatively allocated since the last enable. page 26-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 521: Displaying The Memory Monitor Task Statistics
L3Hre Health 127649 221312 222236 Ipedr 31500 105868 NanDrvr 74396 Ftpd Telnetd 9552 9552 tCS_CVM tssApp65535_3 SsApp 49088 198284 SesMgr 69200 202029 SNMPagt 26347 210129 --Output continues on the following page-- OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 26-7...
Page 522 (currently and cumulatively) since the memory log was enabled. For example, statistics displayed in the second entry in the table indicate that 16169 bytes of memory are currently allocated and 20168 bytes were cumulatively allocated for the cliConsole task. page 26-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 523: Displaying The Memory Monitor Size Statistics
(in bytes). For example, statistics displayed in the last entry in the table indicate that 5130020 bytes are currently allocated and 25675316 bytes were cumula- tively allocated for the memory range greater than or equal to 65536 bytes. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page 26-9...
Page 524 Configuring Debug Memory Commands Monitoring Memory page 26-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 525: Appendix A Software License And Copyright Statements
A Software License and Copyright Statements This appendix contains Alcatel and third-party software vendor license and copyright statements. Alcatel License Agreement ALCATEL INTERNETWORKING, INC. (“AII”) SOFTWARE LICENSE AGREEMENT IMPORTANT. Please read the terms and conditions of this license agreement carefully before opening this package.
Page 526 Licensee’s computer or made non-readable. AII may terminate this License Agreement upon the breach by Licensee of any term hereof. Upon such termination by AII, Licensee agrees to return to AII or destroy the Licensed Materials and all copies and portions thereof. page A-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 527 Run-Time Module) are third part beneficiaries to this License Agree- ment with full rights of enforcement. Please refer to the section entitled “Third Party Licenses and Notices” on page A-4 for the third party license and notice terms. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page A-3...
Page 528: Third Party Licenses And Notices
OpenLDAP is a trademark of the OpenLDAP Foundation. Copyright 1999-2000 The OpenLDAP Foundation, Redwood City, California, USA. All Rights Reserved. Permission to copy and distributed verbatim copies of this document is granted. page A-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 529: Linux
“work based on the Program” means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 530 Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software inter- change; or, page A-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 531 Many people have made generous contributions to the wide range of software distributed through that system in reliance on OmniSwitch 6624/6648 Network Configuration Guide April 2004 page A-7...
Page 532 SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS page A-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 533 If this is what you want to do, use the GNU Library General Public License instead of this License. URLWatch: For notice when this page changes, fill in your email address. Maintained by: Webmaster, Linux Online Inc. Last modified: 09-Aug-2000 02:03AM. Views since 16-Aug-2000: 177203. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page A-9...
Page 534: University Of California
ITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. page A-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 535: Apptitude, Inc
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. K. Sun Microsystems, Inc. This product contains Coronado ASIC, which includes a component derived from designs licensed from Sun Microsystems, Inc. OmniSwitch 6624/6648 Network Configuration Guide April 2004 page A-11...
Page 536: Wind River Systems, Inc
* written prior permission. The University of Delaware makes no * representations about the suitability this software for any * purpose. It is provided "as is" without express or implied * warranty. ************************************************************************* page A-12 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 537: Index
24-4 aaa radius-server command 19-8 21-22, 21-49 RADIUS authentication 17-14 13-3 aaa vlan no command 18-26 RMON 24-6 Access Control Lists source learning see ACLs Spanning Tree Algorithm and Protocol 5-6, 5-20 OmniSwitch 6624/6648 Network Configuration Guide April 2004 Index-1...
Page 538 DHCP Relay 15-2 VRRP 16-6 dynamic link aggregation 11-3 binding VLAN rules 7-6, 7-14 Ethernet ports BPDU interswitch protocols see Bridge Protocol Data Units 12-2 bridge forward delay command 5-13 IPMS 23-2 Index-2 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 539 21-17 defaults 11-3 frame type deleting groups 11-11 displaying 11-36 group actor administrative key 11-18 GMAP group actor system ID 11-19 see Group Mobility Advertisement Protocol group actor system priority 11-19 OmniSwitch 6624/6648 Network Configuration Guide April 2004 Index-3...
Page 540 12-10 Maximum Transmission Unit size 4-12 ICMP 12-15 ip router primary-address command 12-9 ping 12-19 ip router router-id command 12-9 protocols 12-3 ip router-discovery command 14-8 router ID 12-9 router port 12-5 Index-4 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 541 11-28 mac-address-table-aging-time command lacp agg partner admin system priority command 11-29 lacp linkagg actor admin key command 11-18 lacp linkagg actor system id command 11-19 OmniSwitch 6624/6648 Network Configuration Guide April 2004 Index-5...
Page 542 12-19 port mirroring session policies creating 24-12 application examples 21-49 deleting 24-15 applied 21-46 enabling/disabling 24-14 built-in 21-11 port mirroring source destination command 24-12, 24-13, conditions 21-24 24-14 for ACLs 22-11 Index-6 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 543 21-20 RIP interface qos port trusted command 21-21 creating 13-7 qos reset command 21-18 deleting 13-7 qos revert command 21-47 enabling 13-7 qos stats interval command 21-18 metric 13-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004 Index-7...
Page 544 5-13 show 802.1q command 9-8, 9-11 hello time 5-12 show 802.1x command 19-4 maximum age time 5-12 show aaa accounting vlan command 18-6 priority 5-11 show aaa authentication alvan command 18-6 Index-8 OmniSwitch 6624/6648 Network Configuration Guide April 2004...
Page 545 25-11 vlan ipx command 7-19 swlog command 25-6 vlan mac command 7-17 swlog output command 25-9 vlan mac range command 7-18 swlog output flash file-size command 25-11 vlan mobile-tag command 4-9, 6-5 OmniSwitch 6624/6648 Network Configuration Guide April 2004 Index-9...
Page 546 5-10 Spanning Tree status 4-10 VLAN ID VRRP 16-1 ACLs 16-7 application example 16-3, 16-13 ARP request 16-6 backup router 16-6 defaults 16-2 MAC address 16-6 master router 16-5 virtual routers 16-5 Index-10 OmniSwitch 6624/6648 Network Configuration Guide April 2004...

This manual is also suitable for:

Omniswitch 6648

Alcatel OmniSwitch 6624 Network Configuration Manual

About this Guide

Chapter 1 Configuring Ethernet Ports

Setting Trap Port Link Messages

Setting Flow Control

Setting Flow Control Wait Time

Setting Interface Line Speed

Configuring Duplex Mode

Enabling and Disabling Interfaces

Configuring Inter-Frame Gap Values

Configuring Flood Rates

Resetting Statistics Counters

Configuring a Port Alias

Configuring Auto Negotiation, Crossover, and Flow Control Settings

Chapter 2 Managing Source Learning

Chapter 3 Configuring Learned Port Security

Chapter 4 Configuring Vlans

Creating/Modifying Vlans" on Page

Defining VLAN Port Assignments" on Page

Enabling/Disabling VLAN Mobile Tag Classification" on Page

Enabling/Disabling Spanning Tree for a VLAN" on Page

Configuring VLAN Router Ports" on Page

Verifying the VLAN Configuration" on Page

Chapter 5 Configuring Spanning Tree Parameters

Chapter 6 Assigning Ports to Vlans

Chapter 24 Diagnosing Switch Problems

Chapter 7 Defining VLAN Rules

Chapter 8 Using Interswitch Protocols

Chapter 9 Configuring 802.1Q

Chapter 10 Configuring Static Link Aggregation

Chapter 11 Configuring Dynamic Link Aggregation

Quick Links

Related Manuals for Alcatel OmniSwitch 6624

Summary of Contents for Alcatel OmniSwitch 6624