Juniper EX2500 Configuration Manual
  1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Network Router
  5. EX2500
  6. Configuration manual

Juniper EX2500 Configuration Manual

Juniper networks switch user manual
Hide thumbs Also See for EX2500:
Table of Contents

Advertisement

Quick Links

Enlarged version
Juniper Networks
EX2500 Ethernet Switch

Configuration Guide

Release 3.0
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Part Number: 530-029705-01, Revision 2

Advertisement

Table of Contents
loading

Related Manuals for Juniper EX2500

Summary of Contents for Juniper EX2500

  • Page 1: Configuration Guide

    Juniper Networks EX2500 Ethernet Switch Configuration Guide Release 3.0 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 408-745-2000 www.juniper.net Part Number: 530-029705-01, Revision 2...
  • Page 2 Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

  • Page 3: Table Of Contents

    Dynamic Host Configuration Protocol ... 4 Using Telnet ... 5 Using the EX2500 Web Device Manager ... 5 Configuring EX2500 Web Device Manager Access via HTTP ... 6 Configuring EX2500 Web Device Manager Access via HTTPS... 6 Using SNMP ... 7 SNMPv1, SNMPv2...
  • Page 4 Chapter 3 Table of Contents TACACS+ Authentication... 14 How TACACS+ Authentication Works ... 14 TACACS+ Authentication Features in the EX2500 Switch ... 14 Command Authorization and Logging ... 16 Configuring TACACS+ Authentication on the Switch ... 16 Secure Shell ... 17 Configuring SSH Features on the Switch ...
  • Page 5 PVRST Configuration Guidelines ... 38 Configuring PVRST ... 38 Multiple Spanning Tree Protocol ... 39 MSTP Region ... 39 Common Internal Spanning Tree... 39 MSTP Configuration Guidelines... 39 Multiple Spanning Tree Groups Configuration Example ... 40 Fast Uplink Convergence ... 41 Configuration Guidelines ...
  • Page 6 EX2500 Ethernet Switch Configuration Guide Chapter 7 Chapter 8 Part 2 Appendix A Part 3 Table of Contents History MIB Object ID... 67 Configuring RMON History ... 67 RMON Group 3—Alarms ... 68 Alarm MIB Objects... 68 Configuring RMON Alarms ... 68 RMON Group 9—Events...
  • Page 7 List of Figures Figure 1: Default VLAN Settings ... 24 Figure 2: Port-Based VLAN Assignment ... 25 Figure 3: 802.1Q Tagging (after Port-Based VLAN Assignment) ... 25 Figure 4: 802.1Q Tag Assignment ... 25 Figure 5: 802.1Q Tagging (after 802.1Q Tag Assignment) ... 26 Figure 6: Sample Network with Multiple VLANs...
  • Page 8 EX2500 Ethernet Switch Configuration Guide viii List of Figures...
  • Page 9 List of Tables Table 1: Notice Icons ... xii Table 2: EX2500 Text and Syntax Conventions... xii Table 3: EX2500 Ethernet Switch Documentation ... xiii Table 4: User Access Levels ... 13 Table 5: EX2500-Proprietary Attributes for RADIUS ... 13 Table 6: Default TACACS+ Authorization Levels ...
  • Page 10 EX2500 Ethernet Switch Configuration Guide List of Tables...

  • Page 11: About This Guide

    List of Technical Publications on page xiii Documentation Feedback on page xiii Requesting Technical Support on page xiii Objectives This guide describes how to configure and use the software on the EX2500 Ethernet Switch. This guide documents Release 3.0 of the EX2500 Ethernet Switch. For NOTE: additional information—either corrections to or information that might have been...

  • Page 12: Table 1: Notice Icons

    EX2500 Ethernet Switch Configuration Guide Documentation Conventions Table 1 describes the notice icons used in this manual. Table 2 describes the EX2500 text and syntax conventions. Table 1: Notice Icons Icon Table 2: EX2500 Text and Syntax Conventions Convention Usage...

  • Page 13: Table 3: Ex2500 Ethernet Switch Documentation

    EX2500 Ethernet Switch Web Device Manager Guide EX2500 Ethernet Switch Configuration Guide Describes how to configure and use the software on the EX2500 Ethernet Switch. EX2500 Ethernet Switch Command Reference Describes how to configure and use the software with your EX2500 Ethernet EX2500 Ethernet Switch 3.0 Release Notes...

  • Page 14: Self-Help Online Tools And Resources

    EX2500 Ethernet Switch Configuration Guide Self-Help Online Tools and Resources For quick and easy problem resolution, the Juniper Networks online self-service portal—the Customer Support Center (CSC)—provides the following features: To verify service entitlement by product and serial number, use our Serial Number Entitlement (SNE) Tool at http://tools.juniper.net/SerialNumber/EntitlementSearch/ .

  • Page 15: Ex2500 Ethernet Switch Applications

    Part 1 EX2500 Ethernet Switch Applications This configuration guide will help you plan, implement, and administer EX2500 software. Where possible, each chapter provides feature overviews, usage examples, and configuration instructions. “Accessing the Switch” on page 3 describes how to access the switch to perform administration tasks.
  • Page 16 EX2500 Ethernet Switch Configuration Guide EX2500 Ethernet Switch Applications...

  • Page 17: Accessing The Switch

    Chapter 1 Accessing the Switch The EX2500 software provides a means for accessing, configuring, and viewing information and statistics about the EX2500 Ethernet Switch. This chapter discusses different methods of accessing the switch and ways to secure the switch for remote administrators:...

  • Page 18: Dynamic Host Configuration Protocol

    EX2500 Ethernet Switch Configuration Guide 3. Configure the management IP address, subnet mask, and default gateway. Once you configure the IP address for your switch, you can connect to the management port and use the Telnet program from an external management station to access and control the switch.

  • Page 19: Using Telnet

    IP address: telnet <switch IP address> Using the EX2500 Web Device Manager The EX2500 Web Device Manager is a Web-based management interface for interactive switch access through your Web browser. The Web Device Manager provides access to the common configuration, management and operation features of the switch through your Web browser.

  • Page 20: Configuring Ex2500 Web Device Manager Access Via Http

    EX2500 Web Device Manager access on the switch via HTTP: ex2500(config)# [no] access http enable The default HTTP Web server port to access the EX2500 Web Device Manager is port 80. However, you can change the default Web server port with the following command: ex2500(config)# access http port <TCP port number>...

  • Page 21: Using Snmp

    HP-OpenView. SNMPv1, SNMPv2 To access the SNMP agent on the EX2500 switch, the read and write community strings on the SNMP manager should be configured to match those on the switch. The default read community string on the switch is public, and the default write community string is private.

  • Page 22: Snmpv3

    EX2500 Ethernet Switch Command Reference. Default Configuration The EX2500 switch has two SNMPv3 users by default. Both of the following users have access to all the MIBs supported by the switch: 1. username 1: adminmd5 (password adminmd5). Authentication used is MD5.

  • Page 23: Configuring Snmp Trap Hosts

    The SNMPv2 trap host configuration is similar to the SNMPv1 trap host configuration. Wherever you specify the model, use snmpv2 instead of snmpv1. ex2500(config)# snmp-server read-community public ex2500(config)# snmp-server target-address 1 name v2trap2 address 10.70.70.190 ex2500(config)# snmp-server target-address 1 parameters-name v2param2 ex2500(config)# snmp-server target-address 1 taglist v2param2...

  • Page 24: Snmpv3 Trap Host Configuration

    11 tag v3trap ex2500(config)# snmp-server notify 11 name v3trap ex2500(config)# snmp-server notify 11 tag v3trap ex2500(config)# snmp-server target-address 11 name v3trap address 47.81.25.66 ex2500(config)# snmp-server target-address 11 taglist v3trap ex2500(config)# snmp-server target-address 11 parameters-name v3param ex2500(config)# snmp-server target-parameters 11 name v3param...

  • Page 25: Radius Authentication And Authorization

    RADIUS Authentication and Authorization The EX2500 switch supports the RADIUS (Remote Authentication Dial-in User Service) method the switch. This method is based on a client/server model. The Remote Access Server (RAS)—the switch—is a client to the back-end database server. A remote user (the remote administrator) interacts only with the RAS, not the back-end server and database.

  • Page 26: Radius Authentication Features In The Ex2500 Switch

    4. Configure the number of retry attempts for contacting the RADIUS server, and RADIUS Authentication Features in the EX2500 Switch The EX2500 switch supports the following RADIUS authentication features: Securing Access to the Switch RADIUS. The well-known port for RADIUS is 1812.

  • Page 27: Switch User Accounts

    RADIUS servers cannot be reached. You always can access the switch via the console port, by using noradius and the administrator password, whether secure backdoor is enabled or not. To obtain the RADIUS backdoor password for your EX2500 switch, contact NOTE: technical support.

  • Page 28: Tacacs+ Authentication

    The EX2500 switch supports ASCII inbound login to the device. PAP, CHAP, and ARAP login methods; TACACS+ change password requests; and one-time password authentication are not supported.

  • Page 29: Table 6: Default Tacacs+ Authorization Levels

    It follows the authentication and authorization actions. If the authentication and authorization are not performed via TACACS+, no TACACS+ accounting messages are sent out. The EX2500 switch supports the following TACACS+ accounting attributes: (console, telnet, ssh, or http)

  • Page 30: Command Authorization And Logging

    TACACS+ server. Use the following command to enable TACACS+ Command Logging: ex2500(config) The following examples illustrate the format of EX2500 commands sent to the TACACS+ server: authorization request, cmd=shell, cmd-arg=interface ip accounting request, cmd=shell, cmd-arg=interface ip...

  • Page 31: Secure Shell

    To support the SSH server feature, two sets of RSA keys (host and server keys) are required. The host key is 1024 bits and is used to identify the EX2500 switch. The server key is 768 bits and is used to make it impossible for someone to decipher a captured session by breaking into the EX2500 switch at a later time.

  • Page 32: Ssh Integration With Radius And Tacacs+ Authentication

    SSH clients. End User Access Control The EX2500 switch allows an administrator to define end user accounts that permit end users to perform operation tasks via the switch CLI commands. Once end user accounts are configured and enabled, the switch requires username-password authentication.

  • Page 33: Considerations For Configuring End User Accounts

    Web Device Manager, and SSHv1 or SSHv2 access to the switch. If RADIUS authentication is used, the user password on the RADIUS server will override the user password on the EX2500 switch. Also note that the password change command on the switch only modifies the use switch password and has no effect on the user password on the RADIUS server.

  • Page 34: Listing Current Users

    EX2500 Ethernet Switch Configuration Guide Listing Current Users The following command displays defined user accounts and whether or not each user is currently logged in to the switch. ex2500# show access user Usernames: user oper admin Current User ID table:...

  • Page 35: Vlans

    When a switch port is configured to be a member of a VLAN, it is added to a group of ports (workgroup) that belong to one broadcast domain.

  • Page 36: Vlans And Port Vlan Id Numbers

    VLANs and Port VLAN ID Numbers VLAN Numbers The EX2500 switch supports up to 1024 VLANs per switch. Even though the maximum number of VLANs supported at any given time is 1024, each can be identified with any number between 1 and 4094. VLAN 1 is the default VLAN for the data ports.

  • Page 37: Vlan Tagging

    VLAN Tagging EX2500 software supports 802.1Q VLAN tagging, providing standards-based VLAN support for Ethernet systems. Tagging places the VLAN identifier in the frame header of a packet, allowing each port to belong to multiple VLANs. When you add a port to multiple VLANs, you also must enable tagging on that port.

  • Page 38: Figure 1: Default Vlan Settings

    (see Figure 2 through Figure 5). The default configuration settings for the EX2500 switch have all ports set as untagged members of VLAN 1 with all ports configured as PVID = 1. In the default configuration example shown in Figure 1, all incoming packets are assigned to VLAN 1 by the default port VLAN identifier (PVID =1).

  • Page 39: Figure 2: Port-Based Vlan Assignment

    As shown in Figure 3, the untagged packet is marked (tagged) as it leaves the switch through port 5, which is configured as a tagged member of VLAN 2. The untagged packet remains unchanged as it leaves the switch through port 7, which is configured as an untagged member of VLAN 2.

  • Page 40: Vlan Topologies And Design Considerations

    Outgoing untagged packet changed (tag removed) By default, the EX2500 software is configured so that tagging is disabled on all ports. By default, the EX2500 software is configured so that all data ports are members of VLAN 1. By default, the EX2500 software is configured so that the management port is a member of VLAN 4095 (the management VLAN).

  • Page 41: Multiple Vlans Configuration Example

    Uplink ports are members of all three VLANs, with VLAN tagging enabled. Server 1 This server is a member of VLAN 1 and has presence in only one IP subnet. The associated switch port is only a member of VLAN 1, so tagging is disabled.
  • Page 42 EX2500 Ethernet Switch Configuration Guide Table 8: Components of Sample Network with Multiple VLANs (2 of 2) Component Description Server 5 A member of VLAN 1 and VLAN 2, this server can communicate only with Server 1, Server 2, and Server 3.

  • Page 43: Private Vlans

    Private VLANs Private VLANs provide Layer 2 isolation between the ports within the same broadcast domain. Private VLANs can control traffic within a VLAN domain, and provide port-based security for host servers. Use private VLANs to partition a VLAN domain into sub-domains. Each sub-domain is comprised of one primary VLAN and one or more secondary VLANs, as follows: Primary VLAN—Carries unidirectional traffic downstream from promiscuous ports.

  • Page 44: Private Vlan Configuration Guidelines

    EX2500 Ethernet Switch Configuration Guide Private VLAN Configuration Guidelines The following guidelines apply when configuring private VLANs: Private VLAN Configuration Example Follow this procedure to configure a private VLAN. 1. Select a VLAN and define the private VLAN type as primary.

  • Page 45: Spanning Tree Protocol

    Spanning Tree Protocol (STP) detects and eliminates logical loops in a bridged or switched network. When multiple paths exist, Spanning Tree configures the network so that a switch uses only the most efficient path. If that path fails, Spanning Tree automatically sets up another active path on the network to sustain network operations.

  • Page 46: Bridge Protocol Data Units (Bpdus)

    When determining which port to use for forwarding and which port to block, the EX2500 switch uses information in the BPDU, including each bridge ID. A technique based on the “lowest root cost” is then computed to determine the most efficient path for forwarding.

  • Page 47: Port Priority

    Use the following command to configure the spanning-tree port priority (Interface Port mode): ex2500(config-if)# spanning-tree stp 1 priority <0-240, in steps of 16> Port Path Cost The port path cost assigns lower values to high-bandwidth ports, such as 10 Gigabit Ethernet, to encourage their use.

  • Page 48: Creating A Vlan

    For example, assume that VLAN 2 belongs to STG 2. You add an untagged port (port 5) that belongs to STG 2 to VLAN 2. The port becomes a member of STG 2, and the switch displays a message to inform you that the PVID changed from 1 to 2:...

  • Page 49: Rapid Spanning Tree Protocol

    RSTP, and some values to existing parameters are different. RSTP is compatible with devices that run 802.1D (1998) Spanning Tree Protocol. If the switch detects 802.1D (1998) BPDUs, it responds with 802.1D (1998)-compatible data units. RSTP is not compatible with Per VLAN Spanning Tree (PVST+) protocol.

  • Page 50: Port Type And Link Type

    This section provides important information about configuring Rapid Spanning Tree Groups: RSTP Configuration Example This section provides steps to configure Rapid Spanning Tree on the EX2500 switch, using the command-line interface (CLI). Rapid Spanning Tree Protocol is the default setting on the EX2500 switch.

  • Page 51: Per Vlan Rapid Spanning Tree

    Spanning Tree Groups (STGs). PVRST+ is based on IEEE 802.1w Rapid Spanning Tree Protocol. In PVRST mode, the EX2500 switch supports a maximum of 128 Spanning Tree Groups (STGs). Multiple STGs provide multiple data paths, which can be used for load balancing and redundancy.

  • Page 52: Pvrst Configuration Guidelines

    VLAN 2, STG 2 By default, STGs 2 through 128 are empty, and STG 1 contains all configured VLANs until individual VLANs are assigned to other STGs. The EX2500 switch allows only one VLAN per STG, except for STG 1.

  • Page 53: Multiple Spanning Tree Protocol

    When MSTP is turned on, the switch automatically moves all VLANs to the CIST. When MSTP is turned off, the switch moves all VLANs from the CIST to STG 1. When enabling MSTP, you must configure a Region Name, and a default version number of 0 (zero) is configured automatically.

  • Page 54: Multiple Spanning Tree Groups Configuration Example

    Server 1 VLAN 2 Multiple Spanning Tree Groups Configuration Example This configuration shows how to configure MSTP Groups on the switch, as shown in Figure 9. 1. Configure port membership and define the Spanning Tree Groups (STGs) for Multiple Spanning Tree Protocol...

  • Page 55: Fast Uplink Convergence

    NOTE: Fast Uplink Convergence Fast Uplink Convergence enables the EX2500 switch to recover quickly from the failure of the primary link or trunk group in a Layer 2 network using Spanning Tree Protocol. Normal recovery can take as long as 50 seconds, while the backup link transitions from Blocking to Listening to Learning and then Forwarding states.

  • Page 56: Configuration Guidelines

    Sets the bridge priority to 61440 so that it does not become the root switch. Increases the cost of all ports by 30000, across all VLANs and Spanning Tree Groups. This ensures that traffic never flows through the EX2500 switch to get to another switch unless there is no other path.

  • Page 57: Ports And Trunking

    45, you can create a virtual link between the switches, operating at up to 120 gigabits per second, depending on how many physical ports are combined. Each EX2500 switch supports up to 12 static trunk groups (portchannels) and up to 24 Link Aggregation Control Protocol (LACP trunk groups, consisting of 1 to 12 ports in each group.

  • Page 58: Built-In Fault Tolerance

    Before Configuring Static Trunks When you create and enable a static trunk, the trunk members (switch ports) take on certain settings necessary for correct operation of the trunking feature. Before you configure your trunk, you must consider these settings, along with specific configuration rules, as follows: 1.

  • Page 59: Port Trunking Configuration Example

    You must first connect to the each switch’s command line interface (CLI) as the administrator. For details about accessing and using any of the menu commands NOTE: described in this example, see the EX2500 Ethernet Switch Command Reference. Chapter 4: Ports and Trunking TRUNK 3: PORTS 2, 9, AND 16 EX2500...
  • Page 60 1 member 1,11,18 ex2500(config)# portchannel 1 enable ex2500(config)# show portchannel 1 Trunk group 3 (on the EX2500 switch) is now connected to trunk group 1 (on the other switch). In this example, two EX2500 switches are used. If a third-party device...

  • Page 61: Configurable Trunk Hash Algorithm

    You can select a minimum of one or a maximum of two parameters to create one of the following configurations: Source MAC (SMAC): ex2500(config)# portchannel hash source-mac-address Destination MAC (DMAC): ex2500(config)# portchannel hash destination-mac-address Source MAC (SMAC) + Destination MAC (DMAC):...

  • Page 62: Table 11: Actor Vs. Partner Lacp Configuration

    The Link Aggregation ID (LAG ID) is constructed mainly from the system ID and the port’s admin key, as follows: For example, consider two switches, an Actor (the EX2500 switch) and a Partner (another switch), as shown in Table 11.

  • Page 63: Lacp Configuration Guidelines

    Optionally Reducing LACP Timeout The LACP timeout period is the number of seconds that elapse before the switch invalidates LACP data from a remote partner. The default LACP timeout value is (90 seconds). long...
  • Page 64 We recommend that you use the default long timeout to reduce LAPDU processing. If the CPU utilization rate of your switch remains at 100% for periods of 90 seconds or more, consider using static trunks instead of LACP. However, if CPU use is low, you can set the LACP timeout value on the switch to short (3 seconds), instead.

  • Page 65: Quality Of Service

    QoS features allow you to prioritize network traffic, thereby providing better service for selected applications. Figure 11 on page 52 shows the basic QoS model used by the switch. QoS Overview...

  • Page 66: Using Acl Filters

    ACLs are used to control whether packets are forwarded or blocked at the switch ports. ACLs can provide basic security for access to the network. For example, you can use an ACL to permit one host to access a part of the network, and deny another host access to the same area.

  • Page 67: Mac Extended Acls

    If the packet matches the ACL’s rules, the ACL performs its configured action: either permit or deny the packet. The EX2500 switch supports the following ACL types: MAC Extended ACLs IP Standard ACLs...

  • Page 68: Ip Extended Acls

    EX2500 Ethernet Switch Configuration Guide IP Extended ACLs The switch supports up to 128 IP ACLs (standard and extended), numbered from 128 through 254. Use IP Extended ACLs to filter traffic using the following criteria: To create an IP Extended ACL:...

  • Page 69: Understanding Acl Priority

    ACL’s configured action takes place. The other assigned ACLs are considered in numeric order, from lowest to highest. In the following example, the switch considers ACL 128 before ACL 130 because ACL 128 has a higher priority. The order in which the ACLs are assigned to a port does not affect their priority.

  • Page 70: Assigning Acls To A Port

    128 in ex2500(config-if)# exit To delete an ACL from a port: ex2500(config)# interface port 1 ex2500(config-if)# no ip access-group 128 in ex2500(config-if)# exit Viewing ACL Statistics ACL statistics display how many packets hit (matched) each ACL. Use ACL statistics to check filter performance, and debug the ACL filters.

  • Page 71: Acl Example 2-Blocking Traffic From A Source To A Destination

    Use this configuration to block HTTP traffic on a port. 1. Configure an Access Control List. ex2500(config)# access-list ip 170 extended ex2500(config-ext-nacl)# deny tcp any any eq 80 ex2500(config-ext-nacl)# exit 2. Add the ACL to a port. ex2500(config)# interface port 12...

  • Page 72: Acl Example 4-Blocking All Except Certain Packets

    3. Configure one MAC ACL for each type of traffic that you want to permit (ARP). 4. Assign the ACLs to a port. Using ACL Filters ex2500(config)# access-list ip 200 extended ex2500(config-ext-nacl)# permit tcp any any eq 80 ex2500(config-ext-nacl)# exit ex2500(config)# access-list ip 210 extended ex2500(config-ext-nacl)# permit tcp any any eq 443...

  • Page 73: Using Storm Control Filters

    Using Storm Control Filters The EX2500 switch provides filters that can limit the number of the following packet types transmitted by switch ports: Broadcast packets Multicast packets Unknown unicast packets (destination lookup failure) Broadcast Storms Excessive transmission of broadcast or multicast traffic can result in a broadcast storm.

  • Page 74: Using Dscp Values To Provide Qos

    DSCP is a measure of the Quality of Service (QoS) level of the packet. The switch can classify traffic by reading the DiffServ Code Point (DSCP) or IEEE 802.1p priority value, or by using filters to match specific criteria. When network traffic attributes match those specified in a traffic pattern, the policy instructs the switch to perform specified actions on each packet that passes through it.

  • Page 75: Per Hop Behavior

    Per Hop Behavior The DSCP value determines the Per Hop Behavior (PHB) of each packet. The PHB is the forwarding treatment given to packets at each hop. QoS policies are built by the application of a set of rules to packets, based on the DSCP value, as they hop through the network.

  • Page 76: Qos Levels

    Silver Bronze Standard DSCP Mapping The switch can use the DSCP value of ingress packets to set the COS queue. Use the following command to view the default settings: ex2500(config)# show qos dscp -------- Use the following command to turn on DSCP re-marking globally:...

  • Page 77: Using 802.1P Priority To Provide Qos

    Using 802.1p Priority to Provide QoS The EX2500 switch provides Quality of Service (QoS) functions based on the priority bits in a packet’s VLAN header. (The priority bits are defined by the 802.1p standard within the IEEE 802.1Q VLAN header.) The 802.1p bits, if present in the packet, specify the priority that should be given to packets during forwarding.

  • Page 78: Queuing And Scheduling

    EX2500 Ethernet Switch Configuration Guide Queuing and Scheduling The EX2500 switch has eight output Class of Service (COS) queues per port, into which each packet is placed. Each packet’s 802.1p priority determines its COS queue. Higher COS queue numbers provide forwarding precedence.

  • Page 79: Remote Monitoring

    RMON Group 9—Events on page 69 RMON Overview RMON allows the switch to track events and trigger alarms when a threshold is reached and to notify administrators by issuing a syslog message or SNMP trap. The RMON MIB provides an interface between the RMON agent on the switch and an RMON management application.

  • Page 80: Rmon Group 1-Statistics

    You must configure RMON statistics for the port before you can view ex2500(config)# interface port 1 ex2500(config-if)# rmon enable ex2500(config)# interface port 1 ex2500(config-if)# rmon collection-stats 1 ex2500(config-if)# rmon collection-stats owner “port 1 rmon” This configuration enables RMON statistics on port 1. (config)# ex2500 show rmon statistics...

  • Page 81: Rmon Group 2-History

    2. Configure the RMON History parameters for a port. ex2500(config-if)# rmon collection-history 1 buckets 30 ex2500(config-if)# rmon collection-history 1 interval 120 ex2500(config-if)# rmon collection-history 1 owner “rmon port 1 history” This configuration enables RMON History collection on port 1. Chapter 6: Remote Monitoring...

  • Page 82: Rmon Group 3-Alarms

    .0 to specify end node. Configuring RMON Alarms Configure the RMON Alarm parameters to track ICMP messages. ex2500(config)# rmon alarm 1 oid 1.3.6.1.2.1.5.8.0 alarm-type rising rise-event 110 ex2500(config)# rmon alarm 1 interval-time 60 ex2500(config)# rmon alarm 1 rising-threshold 200 ex2500(config)# rmon alarm 1 sample-type delta ex2500(config)# rmon alarm 1 owner "Alarm for icmpInEchos"...

  • Page 83: Rmon Group 9-Events

    When an alarm is generated, it triggers a corresponding event notification. Use the following commands to correlate an Event index to an alarm: ex2500(config)# rmon alarm <alarm number> rise-event <event number> ex2500(config)# rmon alarm <alarm number> fall-event <event number> RMON events use SNMP and syslogs to send notifications. Therefore, an SNMP trap host must be configured for trap event notification to work properly.
  • Page 84 EX2500 Ethernet Switch Configuration Guide RMON Group 9—Events...

  • Page 85: Chapter 7 Igmp

    This process is used to set up a client/server relationship between an IP Multicast source that provides the data streams and the clients that want to receive the data. The EX2500 switch can perform IGMP Snooping, and connect to static multicast routers (Mrouters). The following topics are discussed in this chapter:...

  • Page 86: Fastleave

    2. Hosts that want to receive the multicast data stream send Membership Reports 3. The switch sets up a path between the Mrouter and the host, and blocks all 4. Periodically, the Mrouter sends Membership Queries to ensure that the host 5.

  • Page 87: Igmpv3 Snooping

    Exclude list. To disable snooping on EXCLUDE mode reports, use the following command: ex2500(config) By default, the switch snoops the first eight sources listed in the IGMPv3 Group Record. Use the following command to change the number of snooping sources: ex2500(config) IGMPv3 Snooping is compatible with IGMPv1 and IGMPv2 Snooping.

  • Page 88: Static Multicast Router

    ), VLAN (1 through 4094), and version (1 through 3). po24 ex2500(config)# ip igmp mrouter 5 1 2 The IGMP version is set for each VLAN, and cannot be configured separately for each Mrouter. ex2500(config)# show ip igmp mrouter...

  • Page 89: High Availability Through Uplink Failure Detection

    Pair (FDP) that consists of one LtM (Link to Monitor) and one LtD (Link to Disable). When the switch detects a link failure in the LtM, it disables the ports in the LtD. The servers detect the disabled ports, which triggers a NIC failover.

  • Page 90: Failure Detection Pair

    Failure Detection Pair consists of the following groups of ports: Spanning Tree Protocol with UFD If Spanning Tree Protocol (STP) is enabled on ports in the LtM, then the switch monitors the STP state and the link status on ports in the LtM. The switch automatically disables the ports in the LtD when it detects a link failure or STP BLOCKING state.

  • Page 91: Ufd Configuration Example

    NIC 2 is a non-primary adapter. NIC 1 is connected to port 16, and NIC 2 is connected to port 17. Port 2 is connected to a Layer 2/3 routing switch. The following procedure pertains to the example shown in Figure 14: 1.
  • Page 92 EX2500 Ethernet Switch Configuration Guide Monitoring UFD...

  • Page 93: Appendixes

    Part 2 Appendixes “Monitoring Ports with Port Mirroring” on page 81 discusses the main tool for troubleshooting your switch—monitoring ports. Appendixes...
  • Page 94 EX2500 Ethernet Switch Configuration Guide Appendixes...

  • Page 95: Appendix A Monitoring Ports With Port Mirroring

    As an example, an IDS server can be connected to the monitor port to detect intruders attacking the network. The EX2500 switch can mirror all types of Layer 2 and Layer 3 traffic. Up to four monitor ports can be configured. Each monitor port can receive mirrored traffic from multiple switch ports, but each specific switch port is permitted to be mirrored to only one monitor port.

  • Page 96: Configuring Port Mirroring

    As shown in Figure 15, port 2 is acting as a monitor port, receiving mirrored traffic from three other switch ports: ingress traffic from port 4, egress traffic from port 7, and both ingress and egress traffic from port 10. A sniffer could be attached to port 2 in order to monitor the mirrored traffic on ports 4, 7, and 10.

  • Page 97: Part 3 Indexes

    Part 3 Indexes Index on page 85 Indexes...
  • Page 98 EX2500 Ethernet Switch Configuration Guide Indexes...

  • Page 99: Index

    Per Hop Behavior edge ports ...36 end user access control EtherChannel as used with port trunking events, RMON EX2500 documentation EXCLUDE mode, IGMPv3 Failure Detection Pair Fast Uplink Convergence fault tolerance with port trunking filtering criteria ...27 filters. See ACLs frame tagging.
  • Page 100 EX2500 Ethernet Switch Configuration Guide help, requesting ... xiii high availability, overview ... 75 history, RMON ... 67 HP-OpenView ... 7 IBM Director ... 7 ICMP ... 54 icons, notice ... xii IEEE standards 802.1D ... 31 802.1p ... 63 802.1Q...
  • Page 101 802.1p priority ...63 ACLs ...52 COS queuing and scheduling ...64 DSCP ...60 DSCP mapping, viewing ...62 EX2500 QoS model ...52 overview ...51 QoS default service levels ...62 storm control filters ...59 Quality of Service. See QoS. RADIUS authentication ...11 port 1812 and 1645 ...55...
  • Page 102 EX2500 Ethernet Switch Configuration Guide ... 54 ... 75 configuration ... 77 configuration guidelines example ... 75 Failure Detection Pair ... 76 monitoring ... 77 overview ... 75 UFD with Spanning Tree Protocol Uplink Failure Detection. See UFD. user access control ...

Table of Contents