Alcatel OmniSwitch 6800 Series Network Configuration Manual
  1. Manuals
  2. Brands
  3. Alcatel Manuals
  4. Switch
  5. OmniSwitch 6800
  6. Network configuration manual

Alcatel OmniSwitch 6800 Series Network Configuration Manual

Hide thumbs Also See for OmniSwitch 6800 Series:
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
Table of Contents

Advertisement

Quick Links

See also: Troubleshooting Manual
Part No. 060198-10, Rev. A
November 2004
OmniSwitch 6800 Series
Network Configuration Guide
www.alcatel.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the OmniSwitch 6800 Series and is the answer not in the manual?

Questions and answers

Related Manuals for Alcatel OmniSwitch 6800 Series

Summary of Contents for Alcatel OmniSwitch 6800 Series

  • Page 1 Part No. 060198-10, Rev. A November 2004 OmniSwitch 6800 Series Network Configuration Guide www.alcatel.com...
  • Page 2 The functionality described in this guide is subject to change without notice. Copyright © 2004 by Alcatel Internetworking, Inc. All rights reserved. This document may not be repro- duced in whole or in part without the express written permission of Alcatel Internetworking, Inc.

  • Page 3: Table Of Contents

    Ethernet Port Defaults (All Port Types) ................1-2 10/100/1000 Ethernet Port Defaults ................1-3 Combo Ethernet Port Defaults ..................1-3 Ethernet Ports Overview ....................1-4 OmniSwitch 6800 Series Combo Ports ..............1-4 Valid Port Settings ....................1-5 OmniSwitch 6800 Series Chassis ................1-5 OmniSwitch 6800-24 ..................1-5 OmniSwitch 6800-48 ..................1-6 10/100/1000 Crossover Supported ................1-6...
  • Page 4 Learned Port Security Specifications ................3-2 Learned Port Security Defaults ..................3-2 Sample Learned Port Security Configuration ..............3-3 Learned Port Security Overview ..................3-4 How LPS Authorizes Source MAC Addresses ............3-5 Dynamic Configuration of Authorized MAC Addresses .........3-5 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 5 What is Single MAC Router Mode? ...............4-13 Bridging VLANs Across Multiple Switches ..............4-14 Verifying the VLAN Configuration ................4-15 Chapter 5 Configuring Spanning Tree Parameters ............. 5-1 In This Chapter ........................5-1 Spanning Tree Specifications ..................5-2 Spanning Tree Defaults ....................5-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 6 How Dynamic Port Assignment Works ..............6-5 VLAN Mobile Tag Classification ..............6-5 VLAN Rule Classification ................6-8 Configuring Dynamic VLAN Port Assignment .............6-10 Enabling/Disabling Port Mobility ................6-11 Ignoring Bridge Protocol Data Units (BPDU) ..........6-11 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 7 Defining IPX Network Address Rules ..............7-17 Defining Protocol Rules ..................7-18 Defining Port Rules ....................7-19 Application Example: DHCP Rules ................7-20 The VLANs .....................7-20 DHCP Servers and Clients ................7-20 Verifying VLAN Rule Configuration ................7-23 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 8 Chapter 10 Configuring Static Link Aggregation ..............10-1 In This Chapter ......................10-1 Static Link Aggregation Specifications ................10-2 Static (OmniChannel) Link Aggregation Default Values ..........10-2 Quick Steps for Configuring Static Link Aggregation ..........10-3 viii OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 9 Configuring and Deleting the Dynamic Aggregate Group Actor Administrative Key ..................11-15 Modifying the Dynamic Aggregate Group Actor System Priority ....11-16 Modifying the Dynamic Aggregate Group Actor System ID .......11-16 Modifying the Dynamic Aggregate Group Partner Administrative Key ..11-17 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 10 IP Configuration ......................12-9 Configuring the Router Primary Address ...............12-9 Configuring the Router ID ..................12-9 Configuring the Time-to-Live (TTL) Value ............12-9 IP-Directed Broadcasts ..................12-10 Denial of Service (DoS) Filtering ................12-10 Enabling/Disabling IP Services ................12-13 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 11 Configuring a Redistribution Filter Metric ............13-13 Configuring the Redistribution Filter Route Control Action ......13-13 Configuring a Redistribution Filter Route Tag ..........13-13 RIP Security ........................13-14 Configuring Authentication Type ................13-14 Configuring Passwords ..................13-15 Verifying the RIP Configuration .................13-15 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 12 Enabling BOOTP/DHCP Relay ................15-9 Setting the Forward Delay ..................15-10 Setting Maximum Hops ..................15-10 Setting the Relay Forwarding Option ..............15-10 Using Automatic IP Configuration ................15-11 Enabling Automatic IP Configuration ..............15-11 Verifying the DHCP Relay Configuration ..............15-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 13 LDAP Authentication Servers ................17-3 Quick Steps For Configuring Authentication Servers ..........17-4 Server Overview ......................17-5 Backup Authentication Servers ................17-5 Authenticated Switch Access .................17-5 Authenticated VLANs ....................17-6 Port-Based Network Access Control (802.1X) ............17-7 OmniSwitch 6800 Series Network Configuration Guide November 2004 xiii...
  • Page 14 SSL for Web Browser Clients ...............18-11 DNS Name and Web Browser Clients ............18-11 Installing the AV-Client ..................18-12 Loading the Microsoft DLC Protocol Stack ..........18-12 Loading the AV-Client Software ..............18-13 Setting the AV-Client as Primary Network Login ........18-18 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 15 Configuring 802.1X Port Timeouts ..............19-9 Configuring the Maximum Number of Requests ..........19-10 Re-authenticating an 802.1X Port ..............19-10 Initializing an 802.1X Port ................19-11 Configuring Accounting for 802.1X ..............19-11 Verifying the 802.1X Port Configuration ..............19-11 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 16 Setting the Global Default Dispositions ...............21-12 Setting the Global Default Servicing Mode ............21-13 Using the QoS Log ....................21-13 What Kind of Information Is Logged ............21-13 Number of Lines in the QoS Log ..............21-14 Log Detail Level ....................21-14 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 17 Port Groups and Minimum/Maximum Bandwidth ........21-40 Verifying Condition Group Configuration ............21-42 Using Map Groups ......................21-43 Sample Map Group Configuration ...............21-43 How Map Groups Work ..................21-44 Creating Map Groups ...................21-44 Verifying Map Group Configuration ..............21-45 OmniSwitch 6800 Series Network Configuration Guide November 2004 xvii...
  • Page 18 Multicast Filtering ACLs ..................22-12 Verifying the ACL Configuration ................22-13 ACL Application Example ..................22-15 Chapter 23 Configuring IP Multicast Switching ..............23-1 In This Chapter ......................23-1 IPMS Specifications ......................23-2 IPMS Default Values ....................23-2 xviii OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 19 Modifying the Multicast Priority ................23-13 Configuring the Multicast Priority ..............23-13 Restoring the Multicast Priority ..............23-13 Modifying the Maximum Ingress Bandwidth ............23-14 Configuring the Maximum Ingress Bandwidth ..........23-14 Restoring the Maximum Ingress ..............23-14 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 20 Sample Display for Ethernet Statistics Probe ..........24-20 Sample Display for History Probe ..............24-21 Sample Display for Alarm Probe ..............24-21 Displaying a List of RMON Events ..............24-22 Displaying a Specific RMON Event .............24-22 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 21 Enabling/Disabling Memory Monitoring Functions ..........26-4 Displaying the Memory Monitor Log ..............26-5 Displaying the Memory Monitor Global Statistics ..........26-6 Displaying the Memory Monitor Task Statistics ...........26-7 Displaying the Memory Monitor Size Statistics ............26-9 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 22 I. Agranat ......................A-11 J. RSA Security Inc..................... A-11 K. Sun Microsystems, Inc..................A-11 L. Wind River Systems, Inc................. A-12 M. Network Time Protocol Version 4 ..............A-12 Index ........................Index-1 xxii OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 23: About This Guide

    SFP 1000 Mbps (1Gbps) ports. In addition, OmniSwitch 6800 Series switches offer fixed stacking ports. The stacking ports on OmniSwitch 6800 Series switches allow two to eight switches to be assembled and managed as one virtual chassis known as a stack.

  • Page 24: Who Should Read This Manual

    The audience for this user guide is network administrators and IT support personnel who need to config- ure, maintain, and monitor switches and routers in a live network. However, anyone wishing to gain knowledge on how fundamental software features are implemented in the OmniSwitch 6800 Series will benefit from the material in this configuration guide.

  • Page 25: How Is The Information Organized

    Pertinent Documentation: OmniSwitch 6800 Series Getting Started Guide Release Notes The OmniSwitch 6800 Series Getting Started Guide provides all the information you need to get your switch up and running the first time. This guide provides information on unpacking the switch, rack mounting the switch, installing stacking cables, installing backup power supplies, unlocking access control, setting the switch’s IP address, setting up a password, and setting up stacks.
  • Page 26 The OmniSwitch 6800 Series Switch Management Guide is the primary user guide for the basic software features on a single switch. This guide contains information on the switch directory structure, basic file and directory utilities, switch access security, SNMP, and web-based management.

  • Page 27: Related Documentation

    About This Guide Related Documentation Related Documentation The following are the titles and descriptions of all the OmniSwitch 6800 Series user manuals: OmniSwitch 6800 Series Getting Started Guide • Describes the hardware and software procedures for getting an OmniSwitch 6800 Series switch up and running.

  • Page 28: User Manual Cd

    Additionally, with 24-hour-a-day access to Alcatel’s Service and Support web page, you’ll be able to view and update any case (open or closed) that you have reported to Alcatel’s technical support, open a new case or access helpful release notes, technical bulletins, and manuals. For more infor- mation on Alcatel’s Service Programs, see our web page at eservice.ind.alcatel.com, call us at 1-800-995-...

  • Page 29: Chapter 1 Configuring Ethernet Ports

    The Ethernet software is responsible for a variety of functions that support the Ethernet and Gigabit Ether- net ports on OmniSwitch 6800 Series switches. These functions include diagnostics, software loading, initialization, configuration of line parameters, gathering statistics, and responding to administrative requests from SNMP or CLI.

  • Page 30: Ethernet Specifications

    Interface Alias interfaces alias None configured Inter-Frame Gap interfaces ifg 12 bytes Maximum Frame Size interfaces max frame 1553 (untagged) Ethernet packets 1553 (tagged) Ethernet packets 9216 Gigabit Ethernet packets page 1-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 31: 10/100/1000 Ethernet Port Defaults

    Auto Duplex Mode interfaces hybrid duplex Auto Auto negotiation interfaces hybrid Enable autoneg Crossover interfaces hybrid Auto for all copper ports; crossover Disable for all fiber modules OmniSwitch 6800 Series Network Configuration Guide November 2004 page 1-3...

  • Page 32: Ethernet Ports Overview

    You can use either the copper 10/100/1000 port or the equivalent fiber SFP port but not both at the same time. By default, combo ports are set to preferred fiber, which means that the OmniSwitch 6800 Series switch will use the fiber SFP port instead of the equivalent copper RJ-45 port if both ports are enabled and have a valid link.

  • Page 33: Valid Port Settings

    RJ-45 10/100/1000 Mbps ports (ports 1–20). In addition, the OmniSwitch 6800-24 has four combo ports (ports 21–24) that are shared between four copper RJ-45 10/100/1000 Mbps ports and four SFP 1000 Mbps (1Gbps) ports. See the OmniSwitch 6800 Series Hardware Users Guide for more information on OmniSwitch 6800-24 hardware features.

  • Page 34: Omniswitch 6800-48

    Crossover) media is supported on OmniSwitch 6800 Series 10/100/1000 ports. Therefore, either straight-through or crossover cable can be used between two OmniSwitch 6800 Series switches as long as auto negotiation is configured on both sides of the link. See “Configuring Auto Negotiation and Crossover...

  • Page 35: Setting Ethernet Parameters For All Port Types

    (/), the first port number, a hyphen (-), the last port number, and port link disable. For example, to disable trap port link messages ports 3 through 5 on slot 2 enter: -> trap 2/3-5 port link disable OmniSwitch 6800 Series Network Configuration Guide November 2004 page 1-7...

  • Page 36: Resetting Statistics Counters

    (-), the last port number, admin, and the desired administrative setting (either up or down). For example, to administratively disable ports 1 through 3 on slot 2 enter: -> interfaces 2/1-3 admin down page 1-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 37: Configuring Flood Rates

    Note. To enable maximum flood rate on an interface and to disable any flood multicast configuration use the interface flood command, which is described in “Enabling the Maximum Flood Rate” on page 1-9. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 1-9...

  • Page 38: Configuring Flood Rate Values

    (slot) in megabits per second. Note. Although you can configure a flood rate equal to the line rate you should not do so. Alcatel recom- mends that you always configure the flood rate to be less than the line speed.

  • Page 39: Configuring A Port Alias

    (not applied for combined traffic, which is the case for OmniSwitch 6600, 7700, 7800, 8800 switches). The accuracy/resolution is limited because the OmniSwitch 6800 Series ASIC makes an internal assumption of packet size when it converts bits/seconds to packets/seconds.
  • Page 40 For example, to set the maximum frame size on port 3 on slot 2 to 9216 bytes and document the port as Gigabit Ethernet enter: -> interfaces gigaethernet 2/3 max frame 9216 page 1-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 41: Setting Ethernet Parameters For Non Combo Ports

    For example, to configure the line speed on slot 2 port 3 at 100 Mbps and docu- ment the interface type as Fast Ethernet enter: -> interfaces fastethernet 2/3 speed 100 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 1-13...

  • Page 42: Configuring Duplex Mode

    For example, to set the inter-frame gap value on port 20 on slot 2 to 10 bytes enter: -> interfaces 2/20 ifg 10 page 1-14 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 43: Configuring Auto Negotiation And Crossover Settings

    For example, to enable auto negotiation on port 3 on slot 2 and document the port as Ethernet enter: -> interfaces ethernet 2/3 autoneg enable Note. Please refer to “Autonegotiation Guidelines” on page 1-6 for guidelines on configuring autonegotia- tion. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 1-15...

  • Page 44: Configuring Crossover Settings

    For example, to set the crossover configuration to auto on port 3 on slot 2 and document the port as Fast Ethernet enter: -> interfaces fastethernet 2/3 crossover auto page 1-16 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 45: Setting Combo Ethernet Port Parameters

    Setting the Combo Port Type and Mode By default, all combo ports on OmniSwitch 6800 Series switches are set to preferred fiber. The following subsections describe how to set a single combo port, a range of combo ports, or all combo ports on an entire switch to forced fiber (see “Setting Combo Ports to Forced Fiber”...

  • Page 46: Setting Combo Ports To Preferred Copper

    For example, to set port 47 on slot 1 to forced copper and document the interface type as Gigabit Ethernet enter: -> interfaces gigaethernet 1/47 hybrid forced-copper page 1-18 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 47: Setting Combo Ports To Preferred Fiber

    -> interfaces 2 hybrid copper speed 100 Note. using the interface hybrid speed command to set all combo ports on a switch will not affect the configurations of the non combo ports. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 1-19...

  • Page 48: Configuring Duplex Mode For Combo Ports

    (auto, full, or half). For example, to set the duplex mode on the fiber combo port 47 on slot 2 to full enter: -> interfaces 2/47 hybrid fiber duplex full page 1-20 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 49: Configuring Auto Negotiation And Crossover For Combo Ports

    For example, to enable auto negotiation on copper combo ports 45 through 48 on slot 2 enter: -> interfaces 2/45-48 hybrid copper autoneg enable OmniSwitch 6800 Series Network Configuration Guide November 2004 page 1-21...

  • Page 50: Configuring Crossover Settings For Combo Ports

    For example, to set the crossover configuration to auto on copper combo ports 45 through 48 on slot 2 enter: -> interfaces 2/45-48 hybrid copper crossover auto page 1-22 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 51 For example, to set the crossover configuration to auto on copper combo port 47 on slot 2 and document the combo port as Gigabit Ethernet enter: -> interfaces gigaethernet hybrid copper 2/3 crossover auto OmniSwitch 6800 Series Network Configuration Guide November 2004 page 1-23...

  • Page 52: Combo Port Application Example

    Configuring Ethernet Ports Combo Port Application Example The figure below shows a sample application example for using OmniSwitch 6800 Series combo ports. Workstations A bd and B are connected with 100 Mbps links to copper combo ports 1/45 and 1/46, respec- tively.
  • Page 53 FC - ForcedCopper PC - PreferredCopper C - Copper In the output above combo ports 1/47 and 1/48 are set to preferred fiber. (To configure combo ports as preferred fiber use the interfaces hybrid preferred-fiber command.) OmniSwitch 6800 Series Network Configuration Guide November 2004 page 1-25...

  • Page 54: Verifying Ethernet Port Configuration

    These commands can be quite useful in troubleshooting and resolving potential configuration issues or problems on your switch. For more information about the resulting displays from these commands, see the OmniSwitch CLI Reference Guide. page 1-26 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 55: Chapter 2 Managing Source Learning

    Creating a static MAC address table entry on page 2-4. • Configuring the MAC address table aging time on page 2-5. • Displaying MAC address table information on page 2-7. • OmniSwitch 6800 Series Network Configuration Guide November 2004 page 2-1...

  • Page 56: Source Learning Specifications

    The show mac-address-table command is also useful for monitoring general source learning activity and verifying dynamic VLAN assignments of addresses received on mobile ports. Create VLAN 200, if it does not already exist, using the following command: -> vlan 200 page 2-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 57 Mac Address Aging Time (seconds) for Vlan 2 = 1200 Mac Address Aging Time (seconds) for Vlan 50 = 1200 Mac Address Aging Time (seconds) for Vlan 1000 = 1200 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 2-3...

  • Page 58: Mac Address Table Overview

    MAC address. When the port link comes up, however, the MAC address is then considered valid and the asterisk no longer appears next to the address in the display. page 2-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 59: Configuring Static Mac Addresses

    MAC is aged out of the MAC address table. Source learning always starts tracking MAC address age from the time since the last packet was received. OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 60 To display the aging time value for one or all VLANs, use the show mac-address-table aging-time command. For more information about this command, see the OmniSwitch CLI Reference Guide. page 2-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 61: Displaying Mac Address Table Information

    For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show mac-address-table and show mac-address-table aging-time commands is also given in “Sample MAC Address Table Configuration” on page 2-2. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 2-7...
  • Page 62 Displaying MAC Address Table Information Managing Source Learning page 2-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 63: Configuring Learned Port Security

    Selecting the security violation mode for an LPS port on page 3-10. • Displaying LPS configuration information on page 3-10. • For more information about source MAC address learning, see Chapter 2, “Managing Source Learning.” OmniSwitch 6800 Series Network Configuration Guide November 2004 page 3-1...

  • Page 64: Learned Port Security Specifications

    Source learning time limit. port-security shutdown disabled Configured MAC addresses per LPS port-security mac none port. MAC address range per LPS port. port-security mac-range 00:00:00:00:00:00– ff:ff:ff:ff:ff:ff LPS port violation mode. port-security violation restrict page 3-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 65: Sample Learned Port Security Configuration

    00:00:00:00:00:00 ff:ff:ff:ff:ff:ff 00:da:92:00:1a:20 configured To verify the new source learning time limit value, use the show port-security shutdown command. For example: -> show port-security shutdown LPS Shutdown = 30 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 3-3...

  • Page 66: Learned Port Security Overview

    LPS functionality is supported on the following Ethernet and Gigabit Ethernet port types: Fixed (non-mobile) • Mobile • 802.1Q tagged • Authenticated • The following port types are not supported: Link aggregate • Tagged (trunked) link aggregate • page 3-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 67: How Lps Authorizes Source Mac Addresses

    MAC address entry in the LPS table until the switch configuration file is saved and the switch is rebooted. If a reboot occurs before this is done, all dynamically learned MAC addresses in the LPS table are cleared. OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 68: Static Configuration Of Authorized Mac Addresses

    To view the contents of the LPS table, use the show port-security command. Refer to the OmniSwitch CLI Reference Guide for more information about this command. page 3-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 69: Enabling/Disabling Learned Port Security

    MAC addresses learned meets or exceeds the maximum number of addresses allowed, even if the LPS time limit has not expired. OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 70: Configuring The Number Of Mac Addresses Allowed

    -> port-security 4/12 no mac 00:20:95:00:fa:5c Note that when a MAC address is cleared from the LPS table, it is automatically cleared from the source learning MAC address table at the same time. page 3-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 71: Configuring An Authorized Mac Address Range

    00:da:25:59:0c:10–ff:ff:ff:ff:ff:ff and 00:00:00:00:00:00–00:da:25:00:00:9a: -> port-security 2/8 mac-range low pp:da:25:59:0c -> port-security 2/10 mac-range high 00:da:25:00:00:9a Refer to the OmniSwitch CLI Reference Guide for more information about this command. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 3-9...

  • Page 72: Selecting The Security Violation Mode

    For more information about the resulting display from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show port-security and show port-security shutdown commands is also given in “Sample Learned Port Security Configuration” on page 3-3. page 3-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 73: Chapter 4 Configuring Vlans

    In a switch-based network, such as one comprised of Alcatel switching systems, a broadcast domain—or VLAN— can span multiple physical switches and can include ports from a variety of media types. For example, a single VLAN could span three different switches located in different buildings and include 10/100 Ethernet, Gigabit Ethernet, 802.1q tagged ports and/or a link aggregate of ports.

  • Page 74: Configuring Vlans

    No router port defined. VLAN IP router MTU size vlan mtu-ip 1500 bytes VLAN authentication status vlan authentication Disabled VLAN port associations vlan port default All ports initially associated with default VLAN 1. page 4-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 75: Sample Vlan Configuration

    To verify that ports 3/2-4 were assigned to VLAN 255, use the show vlan port command. For example: -> show vlan 255 port port type status --------+---------+-------------- default inactive default inactive default inactive OmniSwitch 6800 Series Network Configuration Guide November 2004 page 4-3...

  • Page 76: Vlan Management Overview

    This eliminates the need to physically change a network device connection or location when adding or removing devices from the VLAN broadcast domain. The VLAN management software handles the following VLAN configuration tasks performed on an Alcatel switch: Creating or modifying VLANs.

  • Page 77: Creating/Modifying Vlans

    Creating/Modifying VLANs Creating/Modifying VLANs The initial configuration for all Alcatel switches consists of a default VLAN 1 and all switch ports are initially assigned to this VLAN. When a switching module is added to the switch, the module’s physical ports are also assigned to VLAN 1. If additional VLANs are not configured on the switch, then the entire switch is treated as one large broadcast domain.

  • Page 78: Enabling/Disabling The Vlan Administrative Status

    -> vlan 455 name Marketing-IP-Network Defining VLAN Port Assignments Alcatel switches support static and dynamic assignment of physical switch ports to a VLAN. Regardless of how a port is assigned to a VLAN, once the assignment occurs, a VLAN port association (VPA) is created and tracked by VLAN management software on each switch.

  • Page 79: Changing The Default Vlan Assignment For A Port

    VLAN and not the matching rule VLAN. Chapter 6, “Assigning Ports to VLANs,” Chapter 7, “Defining VLAN Rules,” for more informa- tion and examples of dynamic VLAN port assignment. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 4-7...

  • Page 80: Configuring Vlan Rule Classification

    Binding vlan binding mac-ip-port vlan binding mac-port vlan binding port-protocol MAC address vlan mac vlan mac range Network address vlan ip vlan ipx Protocol vlan protocol Port vlan port page 4-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 81: Enabling/Disabling Vlan Mobile Tag Classification

    If 802.1Q tagging is required on a fixed (non-mobile) port, then the vlan 802.1q command is still used to statically tag VLANs for the port. See Chapter 9, “Configuring 802.1Q,” for more information. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 4-9...

  • Page 82: Enabling/Disabling Spanning Tree For A Vlan

    VLAN. Also, STP is enabled/disabled on individual ports. So even if STP is enabled for the VLAN, a port assigned to that VLAN must also have STP enabled. Chapter 5, “Configuring Spanning Tree Parameters.” page 4-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 83: Enabling/Disabling Vlan Authentication

    The following vlan router ip command example assigns IP network address 21.0.0.1 to a VLAN 455 router port with a Class A subnet mask, forwarding status, and Ethernet-II encapsulation: -> vlan 455 router ip 21.0.0.1 mask 255.0.0.0 forward e2 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 4-11...

  • Page 84: Modifying An Ip Router Port

    -> vlan 455 router ip 40.0.0.1 255.255.255.0 forward Use the show vlan show vlan router ip commands to verify VLAN IP router port changes. For more information about these commands, see the OmniSwitch CLI Reference Guide. page 4-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 85: What Is Single Mac Router Mode

    To determine the total number of VLANs configured on the switch, and the number of VLANs with IP router ports defined, use the show vlan router mac status command. For more information about this command, see the OmniSwitch CLI Reference Guide. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 4-13...

  • Page 86: Bridging Vlans Across Multiple Switches

    The key is that the port must belong to the same VLAN on each switch. To carry multiple VLANs between switches across a single physical connection cable, use the 802.1Q tagging feature (see Chapter 9, “Configuring 802.1Q”). page 4-14 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 87: Verifying The Vlan Configuration

    For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show vlan and show vlan port commands is also given in “Sample VLAN Configuration” on page 4-3. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 4-15...
  • Page 88 Verifying the VLAN Configuration Configuring VLANs page 4-16 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 89: Chapter 5 Configuring Spanning Tree Parameters

    Based on the IEEE 802.1D standard, the Alcatel STP implementation distributes the Spanning Tree load between the primary management switch in the stack and the other switches in the stack. This ensures a Spanning Tree that continues to respond to STP Bridge Protocol Data Units (BPDU) received on switch ports and port link up and down states in the event of a management fail over to a backup management switch.

  • Page 90: Spanning Tree Specifications

    0 (cost is based on port speed) Spanning Tree root. Port state management mode bridge slot/port mode Dynamic (Spanning Tree Algo- rithm determines port state) Type of port connection bridge slot/port connection auto point to point page 5-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 91 Spanning Tree Overview Spanning Tree Overview Alcatel switches support the use of the traditional STP defined in the IEEE 802.1D standard and the Rapid Spanning Tree Algorithm and Protocol (RSTP) defined in the IEEE 802.1w standard. RSTP expedites topology changes by allowing blocked ports to transition directly into a forwarding state, bypassing listen- ing and learning states.
  • Page 92 (except for the root bridge). Data travels back and forth between bridges over forwarding port connections that form the best, non-redundant path to the root. The active topology ensures that network loops do not exist. page 5-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 93: Spanning Tree Overview

    When a bridge receives BPDU on its designated port that contains information that is less attractive • (lower priority values and/or higher path costs), it forwards its own information to other LANs to which it is connected for consideration. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 5-5...

  • Page 94: Topology Examples

    If a new switch is added to the network, the Spanning Tree topology is automatically recalculated to include the monitor- ing of links to the new switch. page 5-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 95 Switch D than the path between Switch B and Switch A. As a result, a network loop is avoided. OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 96: Spanning Tree Operating Modes

    The following diagram shows a switch running in the flat STP mode. All ports, regardless of their default VLAN configuration or tagged VLAN assignments, are considered part of one Spanning Tree instance. page 5-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 97: Using 1X1 Spanning Tree Mode

    However, if a VLAN appears as the configured default VLAN for the port, then BPDU are not tagged and the single Spanning Tree instance applies. To change the Spanning Tree operating mode to 1x1, enter the following command: -> bridge mode 1x1 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 5-9...

  • Page 98: Configuring Stp Vlan Parameters

    Tree instance. If a switch is running in the flat STP mode, disabling Spanning Tree on instance 0 disables the instance for all VLANs. For more information about configuring VLANs, see Chapter 4, “Configuring VLANs.” page 5-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 99: Ascii-File-Only Syntax

    To determine the current protocol selection for the switch or an individual VLAN, use the show spantree command. For more information about this command, see the OmniSwitch CLI Reference Guide. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 5-11...

  • Page 100: Enabling/Disabling The Vlan Bpdu Switching Status

    Configuration BPDU. When a bridge is attempting to become the root or if it has become the root or a designated bridge, it sends Configuration BPDU out all forwarding ports once every hello time value. page 5-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 101 -> bridge 0 hello time 8 To view the VLAN bridge hello time value, use the show spantree command. For more information about this command, see the OmniSwitch CLI Reference Guide. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 5-13...

  • Page 102: Configuring Vlan Bridge Max Age Time

    -> bridge 0 forward delay 15 To view the VLAN forward delay time value, use the show spantree command. For more information about this command, see the OmniSwitch CLI Reference Guide. page 5-14 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 103: Configuring Stp Port Parameters

    For example, the following command disables STP for link aggregate 29 associated with VLAN 755: -> bridge 755 29 disable OmniSwitch 6800 Series Network Configuration Guide November 2004 page 5-15...

  • Page 104: Configuring Port Priority

    Chapter 11, “Configuring Dynamic Link Aggregation.” To view the STP priority for a port, use the show spantree ports command. For more information about this command, see the OmniSwitch CLI Reference Guide. page 5-16 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 105: Configuring Port Path Cost

    If the path cost for a link aggregate is set to zero, the following default values used are based on link speed and link aggregate size. Note that for Gigabit ports the aggregate size is not applicable in this case: OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 106: Configuring Port Mode

    For example, the following commands set the mode for port 1/8 for VLAN 10 to forwarding and the mode for port 2/1 for the flat STP instance to blocking: -> bridge 10 1/8 mode forwarding -> bridge 0 2/1 mode blocking page 5-18 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 107: Mode For Link Aggregate Ports

    If the switch is running in the 1x1 Spanning Tree mode, then the connection type applies to the specified VLAN STP instance associated with the port. If the switch is running in the flat Spanning Tree mode, then OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 108: Connection Type On Link Aggregate Ports

    Chapter 11, “Configuring Dynamic Link Aggregation.” To view the port connection type, use the show spantree ports command. For more information about this command, see the OmniSwitch CLI Reference Guide. page 5-20 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 109: Sample Spanning Tree Configuration

    The path cost for each port connection defaults to a value based on the link speed. For example, the • connection between Switch B and Switch C is a 100 Mbps link, which defaults to a path cost of 19. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 5-21...

  • Page 110: Example Network Configuration Steps

    VLAN 255 on Switch D will have the lowest Bridge ID priority value of all four switches, which will qualify it as the Spanning Tree root VLAN for the VLAN 255 broadcast domain. page 5-22 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 111 Port Cnx Cnx Desig Bridge ID -----+---+---+----+----+-----+-----+----+---+-----+---+---+---------------------- 7 ENA FORW ROOT NPT NPT 000A-00:d0:95:00:00:01 7 ENA BLOCK BACK NPT NPT 8000-00:d0:95:00:00:04 3/10 7 ENA BLOCK ALTN 3/10 NPT NPT 8000-00:d0:95:00:00:03 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 5-23...

  • Page 112: Verifying The Spanning Tree Configuration

    For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show spantree and show spantree ports commands is also given in “Example Network Configuration Steps” on page 5-22. page 5-24 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 113: Chapter 6 Assigning Ports To Vlans

    Configuration procedures described in this chapter include: Statically assigning ports to VLANs on page 6-4. • Dynamically assigning ports to VLANs (port mobility) page 6-10. • Configuring mobile port properties (including authentication) on page 6-16. • OmniSwitch 6800 Series Network Configuration Guide November 2004 page 6-1...

  • Page 114: Port Assignment Specifications

    Enable Layer 2 authentication on the vlan port authenticate Disabled mobile port Enable 802.1x port-based access vlan port 802.1x Disabled control on a mobile port page 6-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 115: Sample Vlan Port Assignment

    -> show vlan port mobile 3/4 Mobility : on, Config Default Vlan: 255, Default Vlan Enabled: off, Default Vlan Perm : on, Default Vlan Restore: on, Authentication : off, Ignore BPDUs : off OmniSwitch 6800 Series Network Configuration Guide November 2004 page 6-3...

  • Page 116: Statically Assigning Ports To Vlans

    VLAN management software on each switch. To display a list of all VPAs, use the show vlan port command. For more information, see “Verifying VLAN Port Associations and Mobile Port Properties” on page 6-19. page 6-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 117: How Dynamic Port Assignment Works

    The following example shows how mobile ports are dynamically assigned using VLAN mobile tagging to classify mobile port traffic. This example includes diagrams showing the initial VLAN port assignment configuration and a diagram showing how the configuration looks after mobile port traffic is classified. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 6-5...
  • Page 118 VLAN 4. All three ports, however, retain their default VLAN 1 assignment, but now have an additional VLAN • port assignment that carries the matching traffic on the appropriate rule VLAN. page 6-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 119 Network 130.0.0.0 VLAN 1 VLAN 3 Default VLAN Network 138.0.0.0 Port 3 Port 1 Port 2 130.0.0.1 138.0.0.1 140.0.0.1 Dynamic VPA Default VLAN Tagged Mobile Port Traffic Triggers Dynamic VLAN Assignment OmniSwitch 6800 Series Network Configuration Guide November 2004 page 6-7...

  • Page 120: Vlan Rule Classification

    VLAN 1 is the configured default VLAN for each port. • Three additional VLANs are configured on the switch, each one has an IP network address rule defined • for one of the IP subnets. page 6-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 121 VLAN 3 network address rule. Port 3 is assigned to VLAN 4 because the workstation is transmitting IP traffic on network 140.0.0.0 • that matches the VLAN 4 network address rule. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 6-9...

  • Page 122: Configuring Dynamic Vlan Port Assignment

    VLAN should carry the traffic based on the type of classification, if any, defined for a particular VLAN. See “Dynamically Assigning Ports to VLANs” on page 6-4 for more information and examples of dynamic VLAN port assignment. page 6-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 123: Enabling/Disabling Port Mobility

    The port is included in the Spanning Tree algorithm. • Mobility remains off on the port even if the port’s link is disabled or disconnected. Rebooting the • switch, however, will restore the port’s original mobile status. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 6-11...

  • Page 124: Understanding Mobile Port Properties

    Configured default VLAN associations are identified with a value of default in the type field. For more information, see “Verifying VLAN Port Associations and Mobile Port Properties” on page 6-19. page 6-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 125: What Is A Secondary Vlan

    Dynamic secondary VLAN associations are identified with a value of mobile in the type field. For more information, see “Verifying VLAN Port Associations and Mobile Port Properties” on page 6-19. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 6-13...
  • Page 126 VLAN. Restricts dynamic assignment to mobile port traffic that matches one or more VLAN rules. How Mobile Port Traffic that Does Not Match any VLAN Rules is Classified page 6-14 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 127 VPA again. VPAs created from occasional network users Appropriate for devices that only send occa- (e.g., laptop) are not unnecessarily retained. sional traffic. How Mobile Port VLAN Assignments Age OmniSwitch 6800 Series Network Configuration Guide November 2004 page 6-15...

  • Page 128: Configuring Mobile Port Properties

    (e.g., mobile ports with default VLAN enabled or non-mobile, fixed ports). “Understanding Mobile Port Properties” on page 6-12 for an overview and illustrations of how this property affects mobile port behavior. page 6-16 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 129: Enable/Disable Default Vlan Restore

    Only mobile ports are eligible for authentication. If enabled, the mobile port participates in the Layer 2 authentication process supported by Alcatel switches. This process restricts switch access at the VLAN level. The user is required to enter a valid login ID and password before gaining membership to a VLAN.

  • Page 130: Enable/Disable 802.1X Port-Based Access Control

    Only mobile ports are eligible for 802.1X port-based access control. If enabled, the mobile port partici- pates in the authentication and authorization process defined in the IEEE 802.1X standard and supported by Alcatel switches. For more information, see Chapter 19, “Configuring 802.1X.”...

  • Page 131: Verifying Vlan Port Associations And Mobile Port Properties

    Mobile port traffic is filtered for the VPA; only traffic received on the port that matches VLAN rules is forwarded. Occurs when a mobile port’s VLAN is administratively disabled or the port’s default VLAN status is disabled. Does not apply to fixed ports. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 6-19...

  • Page 132: Understanding 'Show Vlan Port Mobile' Output

    Another example of the output for the show vlan port mobile command is also given in “Sample VLAN Port Assignment” on page 6-3. For more information about the resulting display from this command, see the OmniSwitch CLI Reference Guide. page 6-20 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 133: Chapter 7 Defining Vlan Rules

    For information about creating and managing VLANs, see Chapter 4, “Configuring VLANs.” For information about enabling port mobility and defining mobile port properties, see Chapter 6, “Assign- ing Ports to VLANs.” OmniSwitch 6800 Series Network Configuration Guide November 2004 page 7-1...

  • Page 134: Defining Vlan Rules

    Parameter Description Command Default IP network address rule subnet mask vlan ip The IP address class range; Class A, B, or C. IPX network address rule encapsulation vlan ipx Ethernet-II page 7-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 135: Sample Vlan Rule Configuration

    For example: -> show vlan rules Legend: type: * = binding rule type vlan rule -----------------+------+------------------------------------------------------- ip-net 21.0.0.0, 255.0.0.0 protocol ipx-e2 mac-ip-port* 1500 00:da:95:00:ce:3f, 21.0.0.43, 3/10 dhcp-mac-range 00:da:95:00:59:10, 00:da:95:00:59:9f OmniSwitch 6800 Series Network Configuration Guide November 2004 page 7-3...

  • Page 136: Vlan Rules Overview

    If clients are connected to mobile ports, DHCP rules are used to classify this type of traffic for the purposes of transmitting and receiving DHCP frames to and from the server. page 7-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 137 IP address as part of the rule, similar to IP network address rule defini- tions. The following DHCP rule types are available: DHCP MAC Address • DHCP MAC Range • DHCP Port • DHCP Generic • OmniSwitch 6800 Series Network Configuration Guide November 2004 page 7-5...

  • Page 138: Binding Rules

    IP protocol rules also capture DHCP traffic, if no other DHCP rule exists that would classify the DHCP traffic into another VLAN. Therefore, it is not necessary to combine DHCP rules with IP protocol rules for the same VLAN. page 7-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 139: Port Rules

    VLAN assignments that are defined using port rules are exempt from the port’s default VLAN restore status. See Chapter 6, “Assigning Ports to VLANs,” for more information regarding a port’s default VLAN restore status and other mobile port properties. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 7-7...

  • Page 140: Understanding Vlan Rule Precedence

    If a non-critical match occurs, the frame is still processed even if it does not match all other paramters. page 7-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 141 VLAN. match. Frame only contains a matching Frame is allowed; its source is protocol; port does not match. not assigned to the rule’s VLAN. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 7-9...

  • Page 142: Configuring Vlan Rule Definitions

    It is possible to create a protocol rule based on Ether type, SNAP type, or DSAP/SSAP values. • However, using predefined rules (such as MAC address, network address, and generic protocol rules) is recommended to ensure accurate results when capturing mobile port traffic. page 7-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 143: Defining Dhcp Mac Address Rules

    To define a DHCP MAC address rule, enter vlan followed by an existing VLAN ID then dhcp mac followed by a valid MAC address. For example, the following command defines a DHCP MAC address rule for VLAN 255: -> vlan 255 dhcp mac 00:00:da:59:0c:11 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 7-11...

  • Page 144: Defining Dhcp Mac Range Rules

    -> vlan 255 dhcp port 4/1-5 5/12-20 6/10-15 Use the no form of the vlan dhcp port command to remove a DHCP port rule. -> vlan 255 no dhcp port 2/10-12 3/1-5 6/1-9 page 7-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 145: Defining Dhcp Generic Rules

    Note that MAC-port-IP and MAC-port binding rules are also supported on Authenticated VLANs (AVLANs). See Chapter 18, “Configuring Authenticated VLANs,” for more information. The following subsections provide information about how to define each of the binding rule types. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 7-13...

  • Page 146: How To Define A Mac-Port-Ip Address Binding Rule

    VLAN 1503. The second command specifies that frames received on mobile port 4/1 must contain a DSAP/SSAP protocol value of F0/F0 to qualify for dynamic assignment to VLAN 1504. page 7-14 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 147: Defining Mac Address Rules

    If dealing with a large number of MAC addresses, consider using MAC address range rules described in the next section. Use the no form of the vlan mac command to remove a MAC address rule. -> vlan 255 no mac 00:00:da:59:0c:11 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 7-15...

  • Page 148: Defining Mac Range Rules

    -> vlan 1200 ip 31.0.0.0 255.0.0.0 In this example, frames received on any mobile port must contain a network 31.0.0.0 source IP address (e.g., 31.0.0.10, 31.0.0.4) to qualify for dynamic assignment to VLAN 1200. page 7-16 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 149: Defining Ipx Network Address Rules

    IPX router port encapsulation. If there is a mismatch, connectivity with other IPX devices may not occur. See Chapter 4, “Configuring VLANs,” for information about defining VLAN IPX router ports. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 7-17...

  • Page 150: Defining Protocol Rules

    IEEE 802.2 SNAP LLC frame header. Use the no form of the vlan protocol command to remove a protocol rule. -> vlan 1504 no protocol dsapssap f0/f0 page 7-18 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 151: Defining Port Rules

    Note that it is possible to define a port rule for a non-mobile (fixed, untagged) port, however, the rule is not active until mobility is enabled on the port. Use the no form of the vlan port command to remove a port rule. -> vlan 755 no port 2/3 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 7-19...

  • Page 152: Application Example: Dhcp Rules

    DHCP Relay functionality in external Router 2 to obtain their IP addresses from the DHCP server in the Branch VLAN. Both DHCP servers are assigned to their VLANs through IP network address rules. page 7-20 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 153 Branch VLAN DHCP Port Rule DHCP Client 6 Branch VLAN DHCP Port Rule DHCP Client 7 Branch VLAN DHCP MAC Address Rule DHCP Client 8 Branch VLAN DHCP MAC Address Rule OmniSwitch 6800 Series Network Configuration Guide November 2004 page 7-21...
  • Page 154 . With DHCP Relay enabled, this VLAN router can provide connectivity between the server in the Branch and the DHCP VLAN DHCP clients in the Production VLAN DHCP Port and MAC Rule Application Example page 7-22 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 155: Verifying Vlan Rule Configuration

    For more information about the resulting display from this command, see the OmniSwitch CLI Reference Guide. An example of the output for the show vlan rules command is also given in “Sample VLAN Rule Configuration” on page 7-3. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 7-23...
  • Page 156 Verifying VLAN Rule Configuration Defining VLAN Rules page 7-24 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 157 8 Using Interswitch Protocols Alcatel Interswitch Protocols (AIP) are used to discover adjacent switches and retain mobile port informa- tion across switches. The following protocols are supported: Alcatel Mapping Adjacency Protocol (AMAP), which is used to discover the topology of •...

  • Page 158: Using Interswitch Protocols

    Default GMAP status gmap Disabled Gap time interval gmap gap time 133 milliseconds Update time interval gmap update time 300 seconds Hold time gmap hold time 4320 minutes (72 hours) page 8-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 159: Amap Overview

    AMAP Overview AMAP Overview The Alcatel Mapping Adjacency Protocol (AMAP) is used to discover the topology of OmniSwitches in a particular installation. Using this protocol, each switch determines which OmniSwitches are adjacent to it by sending and responding to Hello update packets. For the purposes of AMAP, adjacent switches are...

  • Page 160: Discovery Transmission State

    Hello packet in reply. If a port transitions to the passive reception state, any remote switch entries for that port are deleted. page 8-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 161: Common Transmission And Remote Switches

    To change the discovery timeout interval, use either of these forms of the command with the desired value (any value between 1 and 65535). Note that use of the time command keyword is optional. For example: -> amap discovery 60 -> amap discovery time 60 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 8-5...

  • Page 162: Configuring The Amap Common Timeout Interval

    To change the common timeout interval, use either of these forms of the command with the desired value (any value between 1 and 65535). Note that use of the time command keyword is optional. For example: -> amap common 600 -> amap common time 600 page 8-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 163: Displaying Amap Information

    Remote Device = OS6800, Remote Base MAC = 00:20:da:99:96:60, Remote Interface = 4/8, Remote Vlan = 455, Number of Remote IP Address(es) Configured = 3, Remote IP(s) = 192.206.183.10 192.206.184.20 192.206.185.30 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 8-7...
  • Page 164 Remote Switch C 0020da:999660 Local interface 5/1 Local Remote interface 1/8 interface Remote interface 2/8 Remote interface 4/8 See the OmniSwitch CLI Reference Guide for information about the show amap command. page 8-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 165: Gmap Overview

    To display whether or not GMAP is active or inactive, enter the following command: -> show gmap To activate GMAP on the switch, enter the following command: -> gmap enable To deactivate GMAP on the switch, enter the following command: -> gmap disable OmniSwitch 6800 Series Network Configuration Guide November 2004 page 8-9...

  • Page 166: Configuring The Gmap Gap Time Interval

    To change the updatetime interval, use either of these forms of the command with the desired value (any value between 1 and 65535). Note that use of the time command keyword is optional. For example: -> gmap update 1200 -> gmap update time 60 page 8-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 167: Configuring The Gmap Hold Time

    Src Switch ID Timeout(sec) --------------+---------+------+--------------+------------ 000502:c07f11 1809B 0020da:ecc770 3536 0020da:ecc770 3536 00105a:1873b9 1809B 0020da:ecc770 3536 0020da:ecc770 3536 See the OmniSwitch CLI Reference Guide for information about the show gmap command. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 8-11...
  • Page 168 Configuring GMAP Using Interswitch Protocols page 8-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 169: Chapter 9 Configuring 802.1Q

    For information on creating and managing VLANs, see Chapter 4, “Configuring VLANs.” For information on creating and managing link aggregation groups, see Chapter 10, “Configuring Static Link Aggregation” Chapter 11, “Configuring Dynamic Link Aggregation.” OmniSwitch 6800 Series Network Configuration Guide November 2004 page 9-1...

  • Page 170: 802.1Q Specifications

    The following table shows the default settings of the configurable 802.1Q parameters. 802.1Q Defaults Parameter Description Command Default Value/Comments What type of frames accepted vlan 802.1q frame type Both tagged and untagged frames are accepted page 9-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 171: 802.1Q Overview

    802.1Q Overview 802.1Q Overview Alcatel’s 802.1Q is an IEEE standard for sending frames through the network tagged with VLAN identifi- cation. This chapter details procedures for configuring and monitoring 802.1Q tagging on a single port in a switch or a link aggregation group in a switch.
  • Page 172 QoS and trusted ports, see Chapter 21, “Configuring QoS.” Alcatel’s 802.1Q tagging is done at wire speed, providing high-performance throughput of tagged frames. The procedures below use CLI commands that are thoroughly described in “802.1Q Commands” of the OmniSwitch CLI Reference Guide.

  • Page 173: Configuring An 802.1Q Vlan

    The VLAN used to handle traffic on the tagged port must be created prior to using the vlan 802.1q command. Creating a VLAN is described in Chapter 4, “Configuring VLANs.” For more specific information, see the vlan 802.1q command section in the OmniSwitch CLI Reference Guide. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 9-5...

  • Page 174: Enabling Tagging With Link Aggregation

    Note. The link aggregation group must be created first before it can be set to use 802.1Q tagging For more specific information, see the vlan 802.1q command section in the OmniSwitch CLI Reference Guide. page 9-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 175: Configuring The Frame Type

    Note. You cannot configure a link aggregation group to accept only tagged frames. For more specific information, see the vlan 802.1q frame type command section in the OmniSwitch CLI Reference Guide. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 9-7...

  • Page 176: Show 802.1Q Information

    TAG PORT 3/4 VLAN 2 -> show 802.1q 2 Tagged VLANS Internal Description -------------+-------------------------------------------------+ TAG AGGREGATE 2 VLAN 3 To display all VLANs, enter the following command: -> show vlan port page 9-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 177: Application Example

    Check the configuration using the show 802.1q command, as follows: -> show 802.1q 1/1 Acceptable Frame Type Any Frame Type Force Tag Internal Tagged VLANS Internal Description -------------+-------------------------------------------------+ TAG PORT 1/1 VLAN 2 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 9-9...
  • Page 178 3 802.1q 5 as shown below: -> vlan 3 802.1q 5 Check the configuration using the show 802.1q command, as follows: -> show 802.1q 5 Tagged VLANS Internal Description -------------+-------------------------------------------------+ TAG AGGREGATE 5 VLAN 3 page 9-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 179: Verifying 802.1Q Configuration

    Displays 802.1Q tagging information for a single port or a link aggrega- tion group. For more information about the resulting display, see Chapter 15, “802.1Q Commands,” in the OmniSwitch CLI Reference Guide. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 9-11...
  • Page 180 Verifying 802.1Q Configuration Configuring 802.1Q page 9-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 181: Chapter 10 Configuring Static Link Aggregation

    • Gigabit Ethernet backbones. Note. This chapter only covers static link aggregation for OmniSwitch 6800 Series switches. Please refer to the OmniSwitch 7700/7800/8800 Network Configuration Guide for information on configuring static link aggregation on OmniSwitch 7700, 7800, and 8800 switches or to the OmniSwitch 6624/6648 Network Configuration Guide for information on configuring static link aggregation on OmniSwitch 6600 Family switches.

  • Page 182: Static Link Aggregation Specifications

    The table below lists default values and the commands to modify them for static (OmniChannel) aggre- gate groups. Parameter Description Command Default Value/Comments Administrative State static linkagg admin state enabled Group Name static linkagg name No name configured page 10-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 183: Quick Steps For Configuring Static Link Aggregation

    -> static agg 1/11 agg num 1 -> static agg 1/12 agg num 1 Create a VLAN for this static link aggregate group with the vlan command. For example: -> vlan 10 port default 1 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 10-3...
  • Page 184 -> static agg 1/9 agg num 1 -> static agg 1/10 agg num 1 -> static agg 1/11 agg num 1 -> static agg 1/12 agg num 1 -> vlan 10 port default 1 page 10-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 185: Static Link Aggregation Overview

    OmniSwitch 6800 Series switch and an OmniSwitch 7700/7800, 8800 or OmniSwitch 6600 Family switch; or between an OmniSwitch 6800 Series switch and an early-generation Alcatel switch such as an Omni Switch/Router. However, static aggregate groups cannot be created between OmniSwitch 6800 Series switches and some switches from other vendors.

  • Page 186: Relationship To Other Features

    Spanning Tree. For more information on Spanning Tree see Chapter 5, “Configuring Spanning Tree • Parameters.” Note. See “Application Example” on page 10-11 for tutorials on using link aggregation with other features. page 10-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 187: Configuring Static Link Aggregation Groups

    Configuring Static Link Aggregation Configuring Static Link Aggregation Groups Configuring Static Link Aggregation Groups This section describes how to use Alcatel’s Command Line Interface (CLI) commands to configure static link aggregate groups. See “Configuring Mandatory Static Link Aggregate Parameters” on page 10-7 more information.

  • Page 188: Creating And Deleting A Static Link Aggregate Group

    You can create up to 32 static and/or dynamic link aggregation groups can be configured on a standalone switch or a stack consisting of up to eight OmniSwitch 6800 Series switches. Note. The number of links assigned to a static aggregate group should always be close to the number of physical links that you plan to use.

  • Page 189: Adding And Deleting Ports In A Static Aggregate Group

    -> static agg no 1/24 -> static agg no 1/23 -> static agg no 1/22 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 10-9...

  • Page 190: Modifying Static Aggregation Group Parameters

    To disable a static aggregate group by entering static linkagg followed by the number of the group and admin state disable. For example, to disable static aggregate group 1 you would enter: -> static linkagg 1 admin state disable page 10-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 191: Application Example

    Create VLAN 8 by entering: -> vlan 8 Configure 802.1Q tagging with a tagging ID of 8 on static aggregate group 1 (on VLAN 8) by enter- ing: -> vlan 8 802.1q 1 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 10-11...
  • Page 192 Repeat steps 1 through 4 on Switch B. All the commands would be the same except you would substi- tute the appropriate port numbers. Note. Optional. Use the show 802.1q command to display 802.1Q configurations. page 10-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 193: Displaying Static Link Aggregation Configuration And Statistics

    Port position in the aggregate : 0, Primary port : NONE Note. See the “Link Aggregation Commands” chapter in the OmniSwitch CLI Reference Guide for complete documentation of show commands for link aggregation. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 10-13...
  • Page 194 Displaying Static Link Aggregation Configuration and Statistics Configuring Static Link Aggregation page 10-14 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 195: Chapter 11 Configuring Dynamic Link Aggregation

    Scalability. You can configure up to 32 link aggregation groups that can consist of 2, 4, or 8 links in a • single standalone switch or a stack consisting of up to eight OmniSwitch 6800 Series switches. Reliability. If one of the physical links in a link aggregate group goes down (unless it is the last one) •...

  • Page 196: Dynamic Link Aggregation Specifications

    CLI Command Prefix Recognition All dynamic link aggregation configuration com- mands support prefix recognition. See the “Using the CLI” chapter in the OmniSwitch 6800 Switch Man- agement Guide for more information. page 11-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 197: Dynamic Link Aggregation Default Values

    Actor Port Priority lacp agg actor port priority Partner Port Administrative Port lacp agg partner admin port Partner Port Priority lacp agg partner admin port priority OmniSwitch 6800 Series Network Configuration Guide November 2004 page 11-3...

  • Page 198: Quick Steps For Configuring Dynamic Link Aggregation

    -> lacp agg 2/15 actor admin key 2 -> lacp agg 2/16 actor admin key 2 Create a VLAN for this dynamic link aggregate group with the vlan command. For example: -> vlan 2 port default 2 page 11-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 199 -> lacp agg 1/6 actor admin key 2 -> lacp agg 1/7 actor admin key 2 -> lacp agg 1/8 actor admin key 2 -> vlan 2 port default 2 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 11-5...
  • Page 200 -> lacp agg 2/14 actor admin key 2 -> lacp agg 2/15 actor admin key 2 -> lacp agg 2/16 actor admin key 2 -> vlan 2 port default 2 page 11-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 201: Dynamic Link Aggregation Overview

    You can create up to 32 link aggregation groups on a standalone switch and up to 32 groups in a stack consisting of up to 8 OmniSwitch 6800 Series switches. You can create Virtual LANs (VLANs), configure Quality of Service (QoS) conditions, 802.1Q framing, and other networking features on link aggregation groups because switch software treats these virtual links just like physical links.
  • Page 202 Dynamic aggregate groups can be created between two OmniSwitch 6800 Series switches; between an OmniSwitch 6800 Series switch and an OmniSwitch 7700/7800, 8800 or OmniSwitch 6600 Series switch; or between an OmniSwitch 6800 Series switch and another vendor’s switch if that vendor supports IEEE 802.3ad LACP.

  • Page 203: Relationship To Other Features

    Spanning Tree. For more information on Spanning Tree see Chapter 5, “Configuring Spanning Tree • Parameters.” Note. See “Application Examples” on page 11-29 for tutorials on using link aggregation with other features. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 11-9...

  • Page 204: Configuring Dynamic Link Aggregate Groups

    Configuring Dynamic Link Aggregate Groups Configuring Dynamic Link Aggregation Configuring Dynamic Link Aggregate Groups This section describes how to use Alcatel’s Command Line Interface (CLI) commands to create, modify, and delete dynamic aggregate groups. See “Configuring Mandatory Dynamic Link Aggregate Parame- ters”...

  • Page 205: Creating And Deleting A Dynamic Aggregate Group

    You can create up to 32 link aggregation (both static and dynamic) groups can be configured on a standal- one switch or a stack consisting of up to eight OmniSwitch 6800 Series switches. In addition, you can also specify optional parameters shown in the table below. These parameters must be entered after size and the user-specified number of links.

  • Page 206: Configuring Ports To Join And Removing Ports In A Dynamic Aggregate Group

    For example, to configure actor administrative key of 10, a local system ID (MAC address) of 00:20:da:06:ba:d3, and a local priority of 65535 to slot 4 port 1, enter: -> lacp agg 4/1 actor admin key 10 actor system id 00:20:da:06:ba:d3 actor system priority 65535 page 11-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 207: Removing Ports From A Dynamic Aggregate Group

    The following is an example of how to delete ports in the proper sequence from the console -> lacp agg no 4/24 -> lacp agg no 4/23 -> lacp agg no 4/22 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 11-13...

  • Page 208: Modifying Dynamic Link Aggregate Group Parameters

    The table on page 11-3 lists default group and port settings for Alcatel’s dynamic link aggregation soft- ware. These parameters ensure compliance with the IEEE 802.3ad specification. For most networks, these default values do not need to be modified or will be modified automatically by switch software. However,...

  • Page 209: Modifying The Dynamic Aggregate Group Administrative State

    0 through 65535. For example, to configure dynamic aggregate group 4 with an administrative key of 10 you would enter: -> lacp linkagg 4 actor admin key 10 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 11-15...

  • Page 210: Modifying The Dynamic Aggregate Group Actor System Priority

    (in the hexadecimal format of xx:xx:xx:xx:xx:xx), which is used as the system ID. For example, to configure the system ID on dynamic aggregate group 4 as 00:20:da:81:d5:b0 you would enter: -> lacp linkagg 4 actor system id 00:20:da:81:d5:b0 page 11-16 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 211: Modifying The Dynamic Aggregate Group Partner Administrative Key

    To restore the dynamic aggregate group partner system priority to its default (i.e., 0) value use the no form of the lacp linkagg partner system priority command by entering lacp linkagg followed by the dynamic aggregate group number and no partner system priority. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 11-17...

  • Page 212: Modifying The Dynamic Aggregate Group Partner System Id

    All of the commands to modify actor port parameters allow you to add the ethernet, fastethernet, and gigaethernet keywords before the slot and port number to document the interface type or make the command look consistent with early-generation Alcatel CLI syntax. However, these keywords do not modify a port’s configuration. See Chapter 1, “Configuring Ethernet Ports,”...

  • Page 213: Modifying The Actor Port System Administrative State

    Specifying this keyword has no effect because the system always deter- mines its value. When this bit (bit 6) is set by the system, it indicates that the actor is using defaulted partner information administratively configured for the partner. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 11-19...

  • Page 214: Modifying The Actor Port System Id

    You can configure the actor port system ID by entering lacp agg, the slot number, a slash (/), the port number, actor system id, and the user specified actor port system ID (i.e., MAC address) in the hexadeci- mal format of xx:xx:xx:xx:xx:xx. page 11-20 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 215: Modifying The Actor Port System Priority

    (/), the port number, and no actor system priority. For example, to remove a user-configured system priority from dynamic aggregate actor port 5 in slot 2 you would enter: -> lacp agg 2/5 no actor system priority OmniSwitch 6800 Series Network Configuration Guide November 2004 page 11-21...

  • Page 216: Modifying The Actor Port Priority

    (/), the port number, and no actor port priority. For example, to remove a user-configured actor priority from dynamic aggregate actor port 1 in slot 2 you would enter: -> lacp agg 2/1 no actor port priority page 11-22 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 217: Modifying Dynamic Aggregate Partner Port Parameters

    All of the commands to modify partner port parameters allow you to add the ethernet, fastethernet, and gigaethernet keywords before the slot and port number to document the interface type or make the command look consistent with early-generation Alcatel CLI syntax. However, these keywords do not modify a port’s configuration. See Chapter 1, “Configuring Ethernet Ports,”...
  • Page 218 For example, to restore bits 0 (active) and 2 (aggregate) to their default settings on dynamic aggregate partner port 1 in slot 7 you would enter: -> lacp agg 7/1 partner admin state no active no aggregate page 11-24 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 219: Modifying The Partner Port Administrative Key

    00:00:00:00:00:00. The following subsections describe how to configure a user-spec- ified value and how to restore the value to its default value with the lacp agg partner admin system id command. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 11-25...

  • Page 220: Modifying The Partner Port System Priority

    CLI syntax. For example, to modify the administrative priority of dynamic aggregate partner port 49 in slot 4 to 100 and specify that the port is a Gigabit Ethernet port you would enter: -> lacp agg gigaethernet 4/49 partner admin system priority 100 page 11-26 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 221: Modifying The Partner Port Administrative Status

    To configure the partner port priority to a value ranging from 0 to 255 by entering lacp agg, the slot number, a slash (/), the port number, partner admin port priority, and the user-specified partner port priority. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 11-27...
  • Page 222 For example, to remove a user-configured partner port priority from dynamic aggregate partner port 3 in slot 4 you would enter: -> lacp agg 4/3 no partner admin port priority page 11-28 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 223: Application Examples

    Command Line Interface (CLI) commands. Sample Network Overview The figure below shows two VLANs on Switch A (a stack of four OmniSwitch 6800 Series switches) that use two different link aggregation groups. VLAN 10 has been configured on dynamic aggregate group 5 with Spanning Tree Protocol (STP) with the highest (15) priority possible.

  • Page 224: Link Aggregation And Spanning Tree Example

    -> bridge 10 5 mode priority 15 Repeat steps 1 through 5 on Switch B. All the commands would be the same except you would substi- tute the appropriate port numbers. page 11-30 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 225: Link Aggregation And Qos Example

    8 and 9 above by entering: -> policy rule vlan12_rule enable condition vlan12_condition action vlan12_action Enable your 802.1p QoS settings by entering qos apply as shown below: -> qos apply OmniSwitch 6800 Series Network Configuration Guide November 2004 page 11-31...
  • Page 226 Repeat steps 1 through 9 on Switch C. All the commands would be the same except you would substi- tute the appropriate port numbers. Note. If you do not use the qos apply command any QoS policies you configured will be lost on the next switch reboot. page 11-32 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 227: Displaying Dynamic Link Aggregation Configuration And Statistics

    For example, to display detailed statistics for port 1 in slot 2 that is attached to dynamic link aggregate group 1 you would enter: -> show linkagg port 2/1 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 11-33...
  • Page 228 Partner Admin State : act0.tim0.agg1.syn1.col1.dis1.def1.exp0, Partner Oper State : act0.tim0.agg1.syn0.col1.dis1.def1.exp0 Note. See the “Link Aggregation Commands” chapter in the OmniSwitch CLI Reference Guide for complete documentation of show commands for link aggregation. page 11-34 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 229: Chapter 12 Configuring Ip

    – Using the Ping Command (see page 12-19) – Tracing an IP Route (see page 12-19) – Displaying TCP Information (see page 12-19) – Displaying User Datagram Protocol (UDP) Information (see page 12-20) OmniSwitch 6800 Series Network Configuration Guide November 2004 page 12-1...

  • Page 230: Ip Specifications

    Using only IP, which is always enabled on the switch, devices connected to ports on the same VLAN are able to communicate at Layer 2. The initial configuration for all Alcatel switches consists of a default VLAN 1. All switch ports are initially assigned to this VLAN. When another switch is added (stacked), all of that switch’s ports are also assigned to VLAN 1.

  • Page 231: Ip Overview

    But some applications can safely use UDP to send datagrams that do not require the extra overhead added by TCP. For more information on UDP, see Chapter 15, “Configuring DHCP Relay.” OmniSwitch 6800 Series Network Configuration Guide November 2004 page 12-3...

  • Page 232: Application-Layer Protocols

    Router Discovery Protocol (RDP)—Used to advertise and discover routers on the LAN. For more • information, see Chapter 14, “Configuring RDP.” Multicast Services—Includes IP multicast switching (IPMS). For more information, see Chapter 23, • “Configuring IP Multicast Switching.” page 12-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 233: Ip Forwarding

    Note. Router port IP addresses must be unique. You cannot have two router ports with the same IP address. For more information on VLANs and router ports, see Chapter 4, “Configuring VLANs.” OmniSwitch 6800 Series Network Configuration Guide November 2004 page 12-5...

  • Page 234: Creating A Static Route

    0.0.0.0, and the IP address of the next hop (gateway). For example, to create a default route through gateway 171.11.2.1 you would enter: -> ip static-route 0.0.0.0 mask 0.0.0.0 gateway 171.11.2.1 page 12-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 235: Configuring Address Resolution Protocol (Arp)

    Note. Because most hosts support the use of address resolution protocols to determine and cache address information (called dynamic address resolution), you generally do not need to specify permanent ARP entries. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 12-7...

  • Page 236: Deleting A Permanent Entry From The Arp Table

    The switch uses the MAC Address table timeout value as the ARP timeout value. Use the mac-address-table aging-time command to set the timeout value. page 12-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 237: Ip Configuration

    TTL value of 75, you would enter: -> ip default-ttl 75 The default hop count is 64. The valid range is 1 to 255. Use the show ip config command to display the default TTL value. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 12-9...

  • Page 238: Ip-Directed Broadcasts

    SNMP trap. Decay value. A decay value is set. The running penalty total is divided by the decay value every • minute. page 12-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 239 TCP open = 5 Threshold = 2000 Decay = 2 10 TCP closed port packets Do Not Generate DoS Attack Warning 10 UDP closed port packets Trap Minute 1 Penalty Total = 100 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 12-11...
  • Page 240 For example, to assign a penalty value of 10 to TCP/UDP packets destined for closed ports, enter the following: -> ip dos scan udp open-port-penalty 10 page 12-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 241: Enabling/Disabling Ip Services

    To enable or disable more than one service in a single command line, enter each service name separated by a space. For example, the following command enables the telnet, ftp, and snmp service ports: -> ip service telnet ftp snmp OmniSwitch 6800 Series Network Configuration Guide November 2004 page 12-13...
  • Page 242 The following table lists ip service command options for specifying TCP/UDP services and also includes the well-known port number associated with each service: service port telnet http secure-http avlan-http avlan-secure-http avlan-telnet udp-relay network-time snmp proprietary 1024 proprietary 1025 page 12-14 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 243: Managing Ip

    Time-Exceeded Message—Sent by the switch if an IP packet’s TTL field reaches zero. The TTL field • prevents packets from continuously circulating the internetwork if the internetwork contains a routing loop. Once a packet’s TTL field reaches 0, the switch discards the packet. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 12-15...
  • Page 244 (obsolete) information reply (obsolete) address mask request address mask reply page 12-16 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 245 For example: -> icmp messages enable To disable all ICMP messages, enter the same command with the disable keyword. For example: -> icmp messages enable OmniSwitch 6800 Series Network Configuration Guide November 2004 page 12-17...

  • Page 246: Icmp Control Table

    The ICMP Statistics Table displays ICMP statistics and errors. This data can be used to monitor and trou- bleshoot IP on the switch. Use the show icmp statistics command to display the table. page 12-18 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 247: Using The Ping Command

    10 you would enter: -> traceroute 172.22.2.115 max-hop 10 Displaying TCP Information Use the show tcp statistics command to display TCP statistics. Use the show tcp ports command to display TCP port information. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 12-19...

  • Page 248: Displaying Udp Information

    Displays the statistics on detected port scans for the switch. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. page 12-20 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 249: Chapter 13 Configuring Rip

    – Configuring RIP Redistribution Policies (see page 13-10) – Configuring RIP Redistribution Filters (see page 13-11) RIP Security • – Configuring Authentication Type (see page 13-14) – Configuring Passwords (see page 13-15) OmniSwitch 6800 Series Network Configuration Guide November 2004 page 13-1...

  • Page 250: Rip Specifications

    Redistribution Filter Metric ip rip redist-filter metric Redistribution Filter Control ip rip redist-filter redist-control all-subnets Redistribution Filter Route Tag ip rip redist-filter route-tag RIP Interface Authentication ip rip interface auth-type none page 13-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 251: Quick Steps For Configuring Rip Routing

    Enable the RIP interface using the ip rip interface status command. For example: -> ip rip interface 171.11.1.1 status enable Enable redistribution of local routes on the switch using the ip rip redist command. For example: -> ip rip redist local OmniSwitch 6800 Series Network Configuration Guide November 2004 page 13-3...

  • Page 252: Rip Overview

    Open Shortest Path First (OSPF)—An IGP that provides a routing function similar to RIP but uses • different techniques to determine the best route for a datagram. OSPF is part of Alcatel’s optional Advanced Routing Software. For more information see the “Configuring OSPF” chapter in the OmniSwitch 6800 Advanced Routing Configuration Guide.

  • Page 253: Rip Version 2

    VLAN 2, and a physical connection has been made between the switches. Therefore, workstations connected to VLAN 1 on Switch 1 can communicate with workstations connected to VLAN 3 on Switch 2. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 13-5...

  • Page 254: Enabling Rip

    -> ip rip status enable Use the ip rip status disable command to disable RIP routing on the switch. Use the show ip rip command to display the current RIP status. page 13-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 255: Creating A Rip Interface

    • none. Interface will not forward RIP packets. • The default RIP send option is v2. Use the show ip rip interface command to display the current interface send option. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 13-7...

  • Page 256: Configuring The Rip Interface Receive Option

    -> ip rip route-tag 1 The valid route tag value range is 1 to 2147483647. The default is 0. Use the show ip rip command to display the current route tag value. page 13-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 257: Rip Options

    RIP. Basically, redistribution makes a non-RIP route look like a RIP route. Configuring RIP redistribution consists of the following tasks: Enabling RIP Redistribution Configuring a RIP Redistribution Policy OmniSwitch 6800 Series Network Configuration Guide November 2004 page 13-9...

  • Page 258: Enabling Rip Redistribution

    Note. If you are configuring more than one route type, you must repeat the command for each one. Use the show ip rip redist command to display the status of RIP policies. page 13-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 259: Configuring A Redistribution Metric

    Note. You must first configure a redistribution policy before configuring a filter for a route type. See “Configuring a RIP Redistribution Policy” on page 13-10 for information on configuring redistribution policies. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 13-11...

  • Page 260: Creating A Redistribution Filter

    For example, if you wanted to redistribute all OSPF routes to the 172.22.0.0 network except routes to subnetwork 3 you would used the following commands: -> ip rip redist-filter ospf 172.22.0.0 255.255.0.0 effect permit -> ip rip redist-filter ospf 172.22.3.0 255.255.255.0 effect deny page 13-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 261: Configuring A Redistribution Filter Metric

    For example, if you wanted to configure a route tag value of 1 for OSPF routes to the 172.22.0.0 network you would enter: -> ip rip redist-filter ospf 172.22.0.0 255.255.0.0 route-tag 1 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 13-13...

  • Page 262: Rip Security

    For example, to configure RIP interface 172.22.2.115 for simple authentication you would enter: -> ip rip interface 172.22.2.115 auth-type simple To configure RIP interface 172.22.2.115 for MD5 authentication you would enter: -> ip rip interface 172.22.2.115 md5 auth-type md5 page 13-14 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 263: Configuring Passwords

    Displays general RIP redistribution parameters. show ip rip redist-filter Displays currently-configured RIP redistribution filters. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 13-15...
  • Page 264 Verifying the RIP Configuration Configuring RIP page 13-16 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 265: Chapter 14 Configuring Rdp

    14-9. • “Setting the Advertisement Lifetime” on page 14-10. • “Setting the Preference Levels for Router IP Addresses” on page 14-10. • “Verifying the RDP Configuration” on page 14-11. • OmniSwitch 6800 Series Network Configuration Guide November 2004 page 14-1...

  • Page 266: Configuring Rdp

    (3 * maximum advertisement interval) considered valid ment-lifetime Preference level for IP addresses ip router-discovery contained in an advertisement packet interface preference- level page 14-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 267: Quick Steps For Configuring Rdp

    To verify the configuration for a specific RDP interface, specify the interface IP address when using the show ip router-discovery interface command. The display is similar to the one shown below. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 14-3...
  • Page 268 Preference Level = 0x0, #Packets sent = 3, #Packets received = 0, For more information about this command, refer to the “RDP Commands” chapter in the OmniSwitch CLI Reference Guide. page 14-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 269: Rdp Overview

    ICMP messages on Network 17.0.0.0. RDP enabled routers RS-1 and RS-2 pick up these packets on their RDP interfaces 1/1 and 1/2 and respond with router advertisement ICMP messages. RS-1 and RS-2 also periodically send out router advertisements on their RDP interfaces. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 14-5...

  • Page 270: Rdp Interfaces

    See “Defining the Advertisement Interval” on page 14-9 “Setting the Advertisement Life- time” on page 14-10 for more information. page 14-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 271: Security Concerns

    DoS attacks.) Note. Security concerns associated with using RDP are generic to the feature as defined in RFC 1256 and not specific to this implementation. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 14-7...

  • Page 272: Enabling/Disabling Rdp

    Advertisement time interval defined by Maximum = 600 seconds maximum and minimum values. Minimum = 450 seconds (0.75 * maximum value) Advertisement lifetime. 1800 seconds (3 * maximum value) Router IP address preference level. page 14-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 273: Specifying An Advertisement Destination Address

    By default, this value is set to 0.75 * default maximum interval value (450 seconds if the maximum interval is set to its default value of 600 seconds). OmniSwitch 6800 Series Network Configuration Guide November 2004 page 14-9...

  • Page 274: Setting The Advertisement Lifetime

    Note that router IP address preference levels are only compared with the preference levels of other routers that exist on the same subnet. Set preference levels low to discourage selection of a specific router. page 14-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 275: Verifying The Rdp Configuration

    Guide. An example of the output for the show ip router-discovery and show ip router-discovery interface commands is also given in “Quick Steps for Configuring RDP” on page 14-3. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 14-11...
  • Page 276 Verifying the RDP Configuration Configuring RDP page 14-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 277: Chapter 15 Configuring Dhcp Relay

    15-10. • Using automatic IP configuration to obtain an IP address for the switch on page 15-11. • For information about the IP protocol, see Chapter 12, “Configuring IP.” OmniSwitch 6800 Series Network Configuration Guide November 2004 page 15-1...

  • Page 278: Configuring Dhcp Relay

    Automatic switch IP configuration for ip helper boot-up Disabled default VLAN 1. Automatic switch IP configuration packet ip helper boot-up enable BootP type (BootP or DHCP) page 15-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 279: Quick Steps For Setting Up Dhcp Relay

    Forward Delay (seconds) = 15 Max number of hops Forward option = standard Forwarding Address: 128.100.16.1 For more information about this display, see the “DHCP Relay” chapter in the OmniSwitch CLI Reference Guide. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 15-3...

  • Page 280: Dhcp Relay Overview

    Dynamic—DHCP assigns an IP address to a host for a limited period of time (or until the host explic- itly relinquishes the address). Manual—The network administrator assigns a host’s IP address and DHCP simply conveys the assigned address to the host. page 15-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 281: Dhcp And The Omniswitch

    DHCP frames. In this example, DHCP Relay is supported within an external router, which forwards request frames from the incoming router port to the outgoing router port attached to the OmniSwitch. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 15-5...
  • Page 282 The DHCP server will assign a different IP address to each of the clients. The switch does not need an IP address assigned and all DHCP clients will be members of either a default VLAN or an IP protocol VLAN. page 15-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 283: Internal Dhcp Relay

    DHCP Relay entity, it will be forwarded from VLAN 3 to VLAN 2. All the DHCP-ready clients in VLAN 3 must be members of the same VLAN, and the switch must have the DHCP Relay function configured. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 15-7...

  • Page 284: Dhcp Relay Implementation

    If an IP address is not specified with this syntax, then all IP helper addresses are deleted. The following command deletes an IP helper address: -> ip helper no address 125.255.17.11 page 15-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 285: Per-Vlan Dhcp

    DHCP server. The default values can be accepted for forward delay, hop count, and relay forwarding option. Alternately the relay function may be provided by an external router connected to the switch; in this case, the relay would be configured on the external router. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 15-9...

  • Page 286: Setting The Forward Delay

    By default, the forwarding option is set to standard. To change the forwarding option value, enter ip helper followed by standard, avlan only, or per-vlan only. For example, -> ip helper avlan only -> ip helper standard -> ip helper per-vlan only page 15-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 287: Using Automatic Ip Configuration

    DHCP request packet to obtain an IP address for default VLAN 1. To disable automatic IP configuration for the switch, use the ip helper boot-up command with the disable option, as shown below: -> ip helper boot-up disable OmniSwitch 6800 Series Network Configuration Guide November 2004 page 15-11...

  • Page 288: Verifying The Dhcp Relay Configuration

    Displays the number of packets the DHCP Relay service has received and transmitted, the number of packets dropped due to forward delay and maximum hops violations, and the number of packets processed since the last time these statistics were displayed. page 15-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 289: Chapter 16 Configuring Vrrp

    VRRP traps—see “Setting VRRP Traps” on page 16-13. • VRRP tracking—see “Creating Tracking Policies” on page 16-14. • Verifying the VRRP configuration—see “Verifying the VRRP Configuration” on page 16-15. • OmniSwitch 6800 Series Network Configuration Guide November 2004 page 16-1...

  • Page 290: Configuring Vrrp

    Authentication is not enabled. In addition, other defaults for VRRP include: Description Command Default VRRP traps vrrp trap Disabled VRRP tracking vrrp track Enabled VRRP delay vrrp delay 45 seconds page 16-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 291: Quick Steps For Creating A Virtual Router

    VRRP trap generation: Enabled Admin VRID VLAN Address(es) Status Priority AuthType Preempt Interval ----+ ----+ -------------+----------+----------+----------+--------+--------- 10.10.2.3 Enabled Simple For more information about this display, see the OmniSwitch CLI Reference Guide. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 16-3...

  • Page 292: Vrrp Overview

    OmniSwitch B will respond to ARP requests for IP address B using the interface’s physical MAC address. It will not respond to ARP requests for IP address A or to the virtual router MAC address. page 16-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 293: Why Use Vrrp

    Advertisement Interval is the time interval between VRRP advertisements, and Skew Time is calcu- lated based on the VRRP router’s priority value as follows: Skew Time = (256 - Priority) / 256 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 16-5...

  • Page 294: Vrrp Mac Addresses

    The startup delay may be modified to allow more or less time for the router to stabilize its routing tables. In addition to the startup delay, the switch has an ARP delay (which is not configurable). page 16-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 295: Vrrp Tracking

    RDP will advertise IP addresses for any master routers; RDP will not adver- tise IP addresses for backup routers. For more information about RDP, see Chapter 14, “Configuring RDP.” OmniSwitch 6800 Series Network Configuration Guide November 2004 page 16-7...

  • Page 296: Configuration Overview

    100. Note that the IP address owner will be automatically assigned a value of 255 if you do not specify the priority. See “Configuring Virtual Router Priority” on page 16-10 for more information about how priority is used. page 16-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 297: Specifying An Ip Address For A Virtual Router

    In this example, virtual router 6 is disabled. (A virtual router must be disabled before IP addresses may be added/removed from the router.) IP address 10.10.2.3 is then removed from the virtual router with the no form of the vrrp ip command. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 16-9...

  • Page 298: Configuring The Advertisement Interval

    255 when the router is enabled. To set the priority, use the vrrp command with the priority keyword and the desired value. For example: -> vrrp 6 4 disable -> vrrp 6 4 priority 50 page 16-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 299: Setting Preemption For Virtual Routers

    VRRP header. If the virtual router is configured for authentication, it will also authenticate the packet. (The authentication process is transparent to the user.) OmniSwitch 6800 Series Network Configuration Guide November 2004 page 16-11...

  • Page 300: Enabling/Disabling A Virtual Router

    In this example, a virtual router is created on VLAN 3 with a VRID of 7. An IP address is then assigned to the virtual router. The virtual router is then enabled on the switch. page 16-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 301: Setting Vrrp Traps

    -> vrrp delay 75 The switch will now wait 75 seconds after a switch reboot before it will be available to take over as master for another router. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 16-13...

  • Page 302: Creating Tracking Policies

    Typically you should not configure the same IP address tracking policies on physical VRRP routers that back up each other; otherwise, the priority will be decremented for both master and backup when the entity being tracked goes down. page 16-14 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 303: Verifying The Vrrp Configuration

    Displays information about tracking policies on the switch. show vrrp track-association Displays the tracking policies associated with virtual routers. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 16-15...

  • Page 304: Vrrp Application Example

    Configure the IP addresses for each virtual router. -> vrrp 1 5 ip 10.10.2.250 -> vrrp 2 5 ip 10.10.2.245 Enable the virtual routers. -> vrrp 1 5 enable -> vrrp 2 5 enable page 16-16 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 305 10.10.2.245 is assigned. If OmniSwitch B should become unavail- able, OmniSwitch A will become master for 10.10.2.245. This configuration provides uninterrupted service for the end hosts. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 16-17...

  • Page 306: Vrrp Tracking Example

    1’s priority will be temporarily decremented to 50, allowing backup router 1 to take over and provide connectivity for those workstations. When port 3/1 on VRRP router A comes back up, master 1 will take over again. page 16-18 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 307 Note. The preempt option must be enabled on virtual router 1; otherwise the original master will not be able to take over. See “Setting Preemption for Virtual Routers” on page 16-11 for more information about enabling preemption. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 16-19...
  • Page 308 VRRP Application Example Configuring VRRP page 16-20 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 309: Managing Authentication Servers

    OmniSwitch 6800 Switch Management Guide. For information about using servers to retrieve authentication information for Layer 2 Authentication users (authenticated VLANs), see Chapter 18, “Configuring Authenticated VLANs.” OmniSwitch 6800 Series Network Configuration Guide November 2004 page 17-1...

  • Page 310: Authentication Server Specifications

    CLI Command Prefix Recognition The aaa radius-server and aaa ldap-server commands support prefix recognition. See the “Using the CLI” chapter in the OmniSwitch 6800 Switch Management Guide for more informa- tion. page 17-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 311: Server Defaults

    Timeout for server replies to authentication timeout requests Whether a Secure Socket Layer is configured ssl | no ssl no ssl for the server OmniSwitch 6800 Series Network Configuration Guide November 2004 page 17-3...

  • Page 312: Quick Steps For Configuring Authentication Servers

    Authenticated VLANs, see “AVLAN Configuration Overview” on page 18-4. For a quick overview of using the configured authentication servers with Authenticated Switch Access, see the OmniSwitch 6800 Switch Management Guide. page 17-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 313: Server Overview

    For RADIUS and LDAP, additional servers may be configured as backups. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 17-5...

  • Page 314: Authenticated Vlans

    RADIUS or LDAP servers The switch polls the servers for login information to Authenticated authenticate users through Authenticated VLAN 2 the switch. VLAN 1 Ethernet clients Servers Used for Authenticated VLANs page 17-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 315: Port-Based Network Access Control (802.1X)

    Authenticator PAE Server Supplicant authentication request login request authorization OmniSwitch granted RADIUS server Basic 802.1X Components For more information about configuring 802.1X ports on the switch, see Chapter 19, “Configuring 802.1X.” OmniSwitch 6800 Series Network Configuration Guide November 2004 page 17-7...

  • Page 316: Ace/Server

    To clear the secret on the switch, enter the following command: -> aaa ace-server clear When you clear the secret on the switch, the secret must also be cleared on the ACE/Server as described by the RSA Security ACE/Server documentation. page 17-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 317: Radius Servers

    Standard Attributes The following tables list RADIUS server attributes 1–39 and 60–63, their descriptions, and whether the Alcatel RADIUS client in the switch supports them. Attribute 26 is for vendor-specific information and is discussed in “Vendor-Specific Attributes for RADIUS” on page 17-11.
  • Page 318 Not supported. These attributes are used for dial-up sessions; Called-Station-Id not applicable to the RADIUS client in the switch. Calling-Station-Id NAS-Identifier Proxy-State Login-LAT-Service Login-LAT-Node Login-LAT-Group Framed-AppleTalk-Link Framed-AppleTalk-Network Framed-AppleTalk-Zone CHAP-Challenge NAS-Port-Type Port-Limit Login-LAT-Port page 17-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 319: Vendor-Specific Attributes For Radius

    42 Alcatel-Acce-Priv-F-W2 hex. Configures functional write privileges for the user. The Alcatel-Auth-Group attribute is used for Ethernet II only. If a different protocol, or more than one protocol is required, use the Alcatel-Auth-Group-Protocol attribute instead. For example: Alcatel-Auth-Group-Protocol 23: IP_E2 IP_SNAP Alcatel-Auth-Group-Protocol 24: IPX_E2 In this example, authenticated users on VLAN 23 may use Ethernet II or SNAP encapsulation.

  • Page 320: Configuring Functional Privileges On The Server

    Managing Authentication Servers Configuring Functional Privileges on the Server Configuring the functional privileges attributes (Alcatel-Acce-Priv-F-x) can be cumbersome because it requires using read and write bitmasks for command families on the switch. To display the functional bitmasks of the desired command families, use the show aaa priv hexa command.

  • Page 321: Radius Accounting Server Attributes

    47 Acct-Input-Packets (Authenticated VLANs only) Tracked per port. 48 Acct-Output-Packets (Authenticated VLANs only) Tracked per port. 49 Acct-Terminal-Cause Indicates how the session was terminated: NAS-ERROR USER-ERROR LOST CARRIER USER-REQUEST STATUS-FAIL OmniSwitch 6800 Series Network Configuration Guide November 2004 page 17-13...

  • Page 322: Configuring The Radius Client

    “Server Defaults” on page 17-3. To remove a RADIUS server, use the no form of the command: -> no aaa radius-server rad1 Note that only one server may be deleted at a time. page 17-14 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 323: Ldap Servers

    Install the directory server software on the server. Copy the relevant schema LDIF files from the Alcatel software CD to the configuration directory on the server. (Each server type has a command line tool or a GUI tool for importing LDIF files.) Database LDIF files may also be copied and used as templates.

  • Page 324: Ldap Server Details

    The most common LDIF entries describe people in companies and organizations. The structure for such an entry might look like the following: dn: <distinguished name> objectClass: top objectClass: person objectClass: organizational Person cn: <common name> sn: <surname> <list of optional attributes> page 17-16 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 325: Directory Entries

    DN attributes are separated by commas as shown in this example: cn=your name, ou=your function, o= your company, c=US As there are other conventions used, please refer to the appropriate RFC specification for further details. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 17-17...

  • Page 326: Directory Searches

    LDAP client application. The LDAP-enabled directory server uses the DNs to find the entries to either add or modify their attribute values. Attributes are automatically created for requests to add values if the attributes are not already contained in the entries. page 17-18 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 327: Directory Compare And Sort

    TCP/IP port number for directory server. If using TCP/IP and default port number (389), port need not be specified in the URL. SSL port number for directory server (default is 636). OmniSwitch 6800 Series Network Configuration Guide November 2004 page 17-19...

  • Page 328: Password Policies And Directory Servers

    Account Lockout • Reset Password Failure Count • LDAP Error Messages (e.g., Invalid Username/Password, Server Data Error, etc.) • For instructions on installing LDAP-enabled directory servers, refer to the vendor-specific instructions. page 17-20 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 329: Directory Server Schema For Ldap Authentication

    To display the functional bitmasks of the desired command families, use the show aaa priv hexa command. On the LDAP server, configure the functional privilege attributes with the bitmask values. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 17-21...

  • Page 330: Ldap Accounting Attributes

    OmniSwitch 6800 Switch Management Guide. Configuring Authentication Key Attributes The alp2key tool is provided on the Alcatel software CD for computing SNMP authentication keys.The alp2key application is supplied in two versions, one for Unix (Solaris 2.5.1 or higher) and one for Windows (NT 4.0 and higher).
  • Page 331 Log-in fail error code: nn. For error code descriptions refer to the vendor-specific listing for the • specific directory server in use. Log-out reason code, for example PASSWORD EXPIRED(7) or AUTHENTICATION FAILURE(21) • OmniSwitch 6800 Series Network Configuration Guide November 2004 page 17-23...

  • Page 332: Dynamic Logging

    If the organizational unit ou=bop.logging exists somewhere in the tree under searchbase, logging records are written on the server. See the server manufacturer’s documentation for more information about setting up the server. page 17-24 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 333: Configuring The Ldap Authentication Client

    Note. The server should be configured with the appropriate schema before the aaa ldap-server command is configured. The keywords for the aaa ldap-server command are listed here: Required for creating: optional: host type retransmit password timeout base port OmniSwitch 6800 Series Network Configuration Guide November 2004 page 17-25...

  • Page 334: Creating An Ldap Authentication Server

    The switch will now be able to communicate with the server on port 635. To remove SSL from the server, use no with the ssl keyword. For example: -> aaa ldap-server ldap2 no ssl SSL is now disabled for the server. page 17-26 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 335: Removing An Ldap Authentication Server

    An example of the output for this command is given in “Quick Steps For Configuring Authentication Servers” on page 17-4. For more information about the output of this command, see the OmniSwitch CLI Reference Guide. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 17-27...
  • Page 336 Verifying the Authentication Server Configuration Managing Authentication Servers page 17-28 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 337: Chapter 18 Configuring Authenticated Vlans

    “Setting Up the DHCP Server” on page 18-29. • Authentication server authority mode—see “Configuring the Server Authority Mode” on • page 18-32. Accounting servers—see “Specifying Accounting Servers” on page 18-35. • OmniSwitch 6800 Series Network Configuration Guide November 2004 page 18-1...

  • Page 338: Configuring Authenticated Vlans

    Authentication clients—Authentication clients login through the switch to get access to authenticated VLANs. There are three types of clients: AV-Client. This is an Alcatel-proprietary authentication client. The AV-Client does not require an IP • address prior to authentication. The client software must be installed on the user’s end station. This chapter describes how to install and configure the client.
  • Page 339 Authentication agent in the switch—Authentication is enabled when the server(s) and the server author- ity mode is specified on the switch. See “Configuring the Server Authority Mode” on page 18-32. These components are described in more detail in the next sections. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 18-3...

  • Page 340: Avlan Configuration Overview

    Setting up switch communication with authenti- aaa radius-server cation servers aaa authentication vlan single-mode Enabling authentication and setting the authority aaa authentication vlan multiple-mode mode for servers aaa accounting vlan Specifying accounting for AVLAN sessions. page 18-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 341: Sample Avlan Configuration

    -> aaa radius-server rad1 host 10.10.1.2 key wwwtoe timeout 3 -> aaa ldap server ldap2 host 199.1.1.1 dn manager password foo base c=us Chapter 17, “Managing Authentication Servers,” for more information about setting up external serv- ers for authentication. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 18-5...
  • Page 342 -> show aaa accounting vlan All authenticated vlans 1rst authentication server = rad3, 2nd authentication server = local For more information about these commands, see the OmniSwitch CLI Reference Guide. page 18-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 343: Setting Up Authentication Clients

    Setting Up Authentication Clients The following sections describe the Telnet authentication client, Web browser authentication client, and Alcatel’s proprietary AV-Client. For information about removing a particular client from an authenticated network, see “Removing a User From an Authenticated Network” on page 18-26.

  • Page 344: Configuring The Web Browser Client Language File

    (to include a company logo, for example). The names of these files are: topA.html, topB.html, bottomA.html, bottomB.html, and myLogo.gif. The directory also contains files that must be installed on Mac OS Web browser clients as described in the next sections. page 18-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 345 Disconnect the Mac’s network connection before setting root access. Otherwise, the NetInfo Manager application in the Mac OS will send multiple DNS requests, and the process to set root access will take longer. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 18-9...
  • Page 346 Quit the current session and relogon as the root user. Make sure Ethernet-DCHP is selected in the Network Utility. Reconnect the Ethernet cable. If you are using a self-signed SSL certificate, or the certificate provided by Alcatel (wv-cert.pem), see “DNS Name and Web Browser Clients” on page 18-11.

  • Page 347: Ssl For Web Browser Clients

    Authority (CA) or a self-signed (private) certificate must be installed on the switch. A self-signed certificate is provided by Alcatel (wv-cert.pem). If you are using a well-known certificate or some other self-signed certificate, you should replace the wv-cert.pem file with the relevant file.

  • Page 348: Installing The Av-Client

    When the Select Network Protocol window appears, select Microsoft from the list of manufacturers and Microsoft 32-bit DLC from the list of Network Protocols. Click Follow the prompts requesting Windows files. page 18-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 349: Loading The Av-Client Software

    After installing the update, it is recommended that the system be rebooted. Loading the AV-Client Software Windows 2000 and Windows NT Download the AV-Client from the Alcatel website onto the Windows desktop. Double-click the AV-Client icon. The installation routine begins and the following window displays: OmniSwitch 6800 Series Network Configuration Guide...
  • Page 350 Configuring Authenticated VLANs We recommend that you follow the instructions on the screen regarding closing all Windows programs before proceeding with the installation. Click on the Next button. The following window displays. page 18-14 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 351 AV-Client until you restart your computer. If you decide to restart now, be sure to remove any disks from their drives. Click the Finish button to end the installation procedure. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 18-15...

  • Page 352: Windows 95 And Windows 98

    Configuring Authenticated VLANs Windows 95 and Windows 98 Download the AV-Client from the Alcatel website onto the Windows desktop. Double-click the AV-Client icon. The installation routine begins and the following window displays: We recommend that you follow the instructions on the screen regarding closing all Windows programs before proceeding with the installation.
  • Page 353 Click on the box next to “View the single sign-on Notes” to select this option. Click on the Finish button to end the installation process. Remember that you must restart your computer before you can run the AV-Client. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 18-17...

  • Page 354: Setting The Av-Client As Primary Network Login

    OK. You can also browse to the directory where the AV-Client is installed and click OK. Select “Alcatel AVLAN Login Provider”. Select Alcatel AVLAN Login Provider as the Primary Network Login on the Configuration tab. Complete the setup as prompted by Windows.
  • Page 355 Note. If the user reboots the PC workstation, the client’s session with the network server is automatically terminated. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 18-19...
  • Page 356 The configuration utility includes a screen that lists each component, version and build date for the AV- Client. To view this screen, click on the Version tab and a screen similar to the following will display. page 18-20 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 357: Logging Into The Network Through An Av-Client

    The user is now logged into the network and has access to all network resources in the VLAN with which this user shares membership. Note. If authentication is successful but an error was made while configuring VLANs, the user station may not move into the VLAN the user requested. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 18-21...

  • Page 358: Logging Off The Av-Client

    When the AV-Client is logged into the network, the AV-Client icon on the Windows desktop has a blue background. When the logoff procedure is completed, the screen disappears and the background is gone from the AV-Client icon. page 18-22 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 359: Configuring The Av-Client For Dhcp

    IP address will never be released. Increasing the value of the delay parameter can prevent this from happening. OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 360 When you click on a box next to an option, the option is activated in the configuration window. When you click one of the features, an indicator is activated directly below the feature. Specify the number of seconds for the delay for the selected feature. page 18-24 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 361 To apply the change, click the Apply button. When you click the OK button, the screen will close and the change will take effect. If you decide not to implement the change, click the Cancel button and the screen will close without implementing a change. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 18-25...

  • Page 362: Configuring Authenticated Vlans

    For more information about the output display for the aaa avlan no and show avlan user commands, see the OmniSwitch CLI Reference Guide. Note. The MAC addresses of users may also be found in the log files generated by accounting servers. page 18-26 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 363: Configuring Authentication Ip Addresses

    Existing users on default vlan are not flushed. Users now do not belong to and cannot traffic in the default VLAN prior to authentication. Note that any existing users in the default VLAN are not flushed. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 18-27...

  • Page 364: Port Binding And Authenticated Vlans

    By default, authentication clients cannot traffic in the default VLAN for the authentication port unless the avlan default-traffic command is enabled. See “Setting Up the Default VLAN for Authentication Clients” on page 18-27. page 18-28 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 365: Setting Up A Dns Path

    IP addresses prior to authentication as well as after authenticating. The relay may be used to serve IP addresses both before and after authentication. Note. For more information about configuring DHCP relay in general, see Chapter 15, “Configuring DHCP Relay.” OmniSwitch 6800 Series Network Configuration Guide November 2004 page 18-29...

  • Page 366: Enabling Dhcp Relay For Authentication Clients

    If you want to specify that the relay only be used for packets coming in on an authenticated port, enter the ip helper avlan only command. -> ip helper avlan only page 18-30 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 367: Configuring A Dhcp Gateway For The Relay

    IP address if they do not belong to the VLAN associated with this gate- way address.) To remove a gateway address from the configuration, use the no form of the aaa avlan default dhcp command. For example: -> no aaa avlan default dhcp OmniSwitch 6800 Series Network Configuration Guide November 2004 page 18-31...

  • Page 368: Configuring The Server Authority Mode

    In the illustration shown here, the Ethernet clients connect to the switch and initially belong to VLAN 1. Additional VLANs have been configured as authenticated VLANs. LDAP and RADIUS servers are configured with VLAN ID information for the clients. page 18-32 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 369 Chapter 17, “Managing Authentication Servers.”) To disable authenticated VLANs, use the no form of the command. Note that the mode does not have to specified. For example: -> no aaa authentication vlan OmniSwitch 6800 Series Network Configuration Guide November 2004 page 18-33...

  • Page 370: Configuring Multiple Mode

    VLAN 2 Authenticated VLAN 3 Authenticated LDAP server VLAN 4 Authentication Clients OmniSwitch for VLANs 3 & 4 Authenticated VLAN 5 RADIUS servers for VLAN 5 Authentication Network—Multiple Mode page 18-34 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 371: Specifying Accounting Servers

    In the following example, single-mode authentication is already set up on the switch, the aaa accounting vlan command configures a RADIUS server (rad1) for accounting. The local logging feature in the switch (local) is the backup accounting mechanism. -> aaa accounting vlan rad1 local OmniSwitch 6800 Series Network Configuration Guide November 2004 page 18-35...

  • Page 372: Verifying The Avlan Configuration

    Displays the current global configuration for authenticated VLANs. show aaa avlan auth-ip Displays the IP addresses for authenticated VLANs. For more information about these commands, see the OmniSwitch CLI Reference Guide. page 18-36 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 373: Chapter 19 Configuring 802.1X

    “Enabling 802.1X on Ports” on page 19-8 • “Setting 802.1X Switch Parameters” on page 19-8 • “Configuring 802.1X Port Parameters” on page 19-9 • “Verifying the 802.1X Port Configuration” on page 19-11 • OmniSwitch 6800 Series Network Configuration Guide November 2004 page 19-1...

  • Page 374: 802.1X Specifications

    Amount of time that must expire re-authperiod 3600 seconds before a re-authentication attempt is made. Whether or not the port is re- no reauthentication | no reauthentication authenticated. reauthentication page 19-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 375 Description Keyword Default Whether any traffic will be open-unique | open-global open-unique allowed or restricted after authenticating the 802.1X port Note. By default, accounting is disabled for 802.1X authentication sessions. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 19-3...

  • Page 376: Quick Steps For Configuring 802.1X

    (seconds) = 30 server-timeout (seconds) = 30 max-req re-authperiod (seconds) = 3600 reauthentication = no See the OmniSwitch CLI Reference Guide for information about the fields in this display. page 19-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 377: 802.1X Overview

    The keyword open-global specifies that any frames will be allowed on the port after the supplicant is authenticated. (The open-unique state is the default). See “Setting 802.1X Switch Parameters” on page 19-8 for more information about configuring this command. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 19-5...

  • Page 378: 802.1X Ports And Dhcp

    802.1X authentication sessions may be logged if servers are set up for 802.1X accounting. Accounting may also be done through the local Switch Logging feature. For information about setting up accounting for 802.1X, see “Configuring Accounting for 802.1X” on page 19-11. page 19-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 379: Compared To Authenticated Vlans

    Chapter 4, “Configuring VLANs.” Both 802.1X and authenticated VLANs may use the same RADIUS authentication server. See Chapter 17, “Managing Authentication Servers,” for information about using a RADIUS server for authentication. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 19-7...

  • Page 380: Setting Up Port-Based Network Access Control

    -> vlan port 3/1 802.1x enable The vlan port 802.1x command enables 802.1X on port 1 of slot 3. The port will be set up with defaults listed in “802.1X Defaults” on page 19-2. page 19-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 381: Configuring 802.1X Port Parameters

    To modify the transmit timeout, use the 802.1x command with the tx-period keyword. To modify the supplicant or user timeout, use the 802.1x command with the supp-timeout keyword. For example: OmniSwitch 6800 Series Network Configuration Guide November 2004 page 19-9...

  • Page 382: Configuring The Maximum Number Of Requests

    25 seconds. To manually re-authenticate a port, use the 802.1x re-authenticate command. For example: -> 802.1x re-authentication 3/1 This command initiates a re-authentication process for port 1 on slot 3. page 19-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 383: Initializing An 802.1X Port

    Displays information about accounting servers configured for 802.1X port-based network access control. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 19-11...
  • Page 384 Verifying the 802.1X Port Configuration Configuring 802.1X page 19-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 385: Chapter 20 Managing Policy Servers

    20 Managing Policy Servers Quality of Service (QoS) policies that are configured through Alcatel’s PolicyView network management application are stored on a Lightweight Directory Access Protocol (LDAP) server. PolicyView is an OmniVista application that runs on an attached workstation. In This Chapter This chapter describes how LDAP directory servers are used with the switch for policy management.

  • Page 386: Policy Server Specifications

    Priority value assigned to a server, used to preference 0 (lowest) determine search order Whether a Secure Socket Layer is configured ssl | no ssl no ssl for the server page 20-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 387: Policy Server Overview

    See your server documentation for additional details on setting up the server. See the next sections of this chapter for information about modifying policy server parameters or viewing information about policy servers. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 20-3...

  • Page 388: Modifying Policy Servers

    If the policy server is not created on the default port, the no form of the command must include the port number. For example: -> no policy server 10.10.2.4 5000 page 20-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 389: Modifying The Port Number

    LDAP server to modify parameters on the server itself. Modifying the Searchbase The searchbase name is “o=alcatel.com” by default. To modify the searchbase name, enter the policy server command with the searchbase keyword. For example: -> policy server 10.10.2.3 searchbase "ou=qo,o=company,c=us"...

  • Page 390: Configuring A Secure Socket Layer For A Policy Server

    To flush LDAP policies from the switch, use the policy server flush command. Note that any policies configured directly on the switch through the CLI are not affected by this command. -> policy server flush page 20-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 391: Interaction With Cli Policies

    Displays the names of policies originating on a directory server that have been downloaded to the switch. show policy server events Displays any events related to a directory server. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 20-7...
  • Page 392 Verifying the Policy Server Configuration Managing Policy Servers page 20-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 393: Chapter 21 Configuring Qos

    21 Configuring QoS Alcatel’s QoS software provides a way to manipulate flows coming through the switch based on user- configured policies. The flow manipulation (generally referred to as Quality of Service or QoS) may be as simple as allowing/denying traffic, or as complicated as remapping 802.1p bits from a Layer 2 network to ToS values in a Layer 3 network.

  • Page 394: Qos Specifications

    Maximum number of group entries 512 per group CLI Command Prefix Recognition Some QoS commands support prefix recognition. See the “Using the CLI” chapter in the OmniSwitch 6800 Switch Management Guide for more information. page 21-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 395: Qos General Overview

    QoS is implemented on the switch through the use of user-defined policies. The following simplified illus- tration shows how video traffic may receive priority over email traffic. OmniSwitch The Internet Prioritization policy video feed Best Effort email server Sample QoS Setup OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-3...

  • Page 396: Qos Policy Overview

    The switch does not allow you to create invalid condition/action combinations; if you enter an invalid combination, an error message will display. A list of valid condition and condition/action combinations is given in “Condition Combinations” on page 21-6 “Action Combinations” on page 21-7. page 21-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 397: Interaction With Other Features

    LDAP server. LDAP policies may only be modified through PolicyView. For information about setting up a policy server and managing LDAP policies, see Chapter 20, “Managing Policy Servers.” OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-5...

  • Page 398: Condition Combinations

    Layer 1 Layer 2 Layer 3 Layer 4 Layer 1 None* Layer 2 Layer 3 None* Layer 4 *However, 802.1P (Layer 2) conditions are allowed in combination with Layer 4 conditions. page 21-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 399: Action Combinations

    Use the following policy action combinations table as a guide when creating policy rules. For more infor- mation about policy condition combinations, see “Condition Combinations” on page 21-6. Policy Action Combinations Table Drop Priority Stamp/Map Max BW Min Bw Drop Priority Stamp/Map Max BW OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-7...

  • Page 400: Qos Defaults

    Whether log messages are sent qos log console to the console Whether log messages are avail- qos forward log able to OmniVista applications Type of messages logged debug qos info page 21-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 401: Qos Port Defaults

    Whether the rule is saved to save Save option is enabled. flash immediately *However, policy rules configured with source and destination conditions and actions with disposi- tion, priority, or 802.1P configured are automatically bidirectional. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-9...

  • Page 402: Policy Action Defaults

    Policy Port Groups—The switch has built-in policy port groups for each slot. The groups are called • Slot01, Slot02, etc. Use the show policy port group command to view the built-in groups. page 21-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 403: Qos Configuration Overview

    Applying the Configuration. All policy rule configuration and some global parameters must be specifically applied through the qos apply command before they are active on the switch. See “Applying the Configuration” on page 21-46. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-11...

  • Page 404: Configuring Global Qos Parameters

    Layer 2 traffic, one for source and one for desti- nation. For more information about ACLs, see Chapter 22, “Configuring ACLs.” page 21-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 405: Setting The Global Default Servicing Mode

    -> debug qos no rule To turn off debugging (which effectively turns off logging), enter the following: -> no debug qos Enter the qos apply command to activate the setting. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-13...

  • Page 406: Number Of Lines In The Qos Log

    “Applying the Configuration” on page 21-46. If event forwarding is disabled, PolicyView will still be able to query the QoS software for events, but the events will not be sent in real time. page 21-14 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 407: Displaying The Qos Log

    (which manages policies downloaded from an LDAP server) through the qos forward log command. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-15...

  • Page 408: Clearing The Qos Log

    For a list of global defaults, see “QoS Defaults” on page 21-8. Note. The qos reset command only affects the global configuration. It does not affect any policy configu- ration. page 21-16 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 409: Verifying Global Settings

    Displays global information about the QoS configuration. show qos statistics Displays statistics about QoS events. For more information about the syntax and displays of these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-17...

  • Page 410: Qos Ports And Queues

    Note that the QoS servicing mode only applies to destination ports because it is at this point where traffic shapping is effected on the flows. In addition, different ports can use different servicing modes. page 21-18 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 411: Configuring The Servicing Mode For A Port

    0 through 5 for each queuing scheme. Use the following SPQ and WFQ queue mapping tables to determine how packets are directed to the appropriate queues: OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-19...

  • Page 412: Trusted And Untrusted Ports

    For more information about configuring 802.1Q for fixed ports, see Chapter 9, “Configuring 802.1Q.” Mobile ports are also always trusted; however, mobile ports may or may not accept Q-tagged traffic. page 21-20 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 413: Configuring Trusted Ports

    Rule2 puts the condition and the action together. -> qos port 3/2 trusted -> policy condition Traffic destination port 3/2 802.1p 4 -> policy action SetBits 802.1p 7 -> policy rule Rule2 condition Traffic action SetBits OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-21...

  • Page 414: Verifying The Qos Port And Queue Configuration

    Displays information for all QoS queues or only those queues associated with a particular slot/port. See the OmniSwitch CLI Reference Guide for more information about the syntax and displays for these commands. page 21-22 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 415: Creating Policies

    Create a policy action with the policy action command. For example: -> policy action action2 priority 7 Create a policy rule with the policy rule command. For example: -> policy rule my_rule condition cond3 action action2 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-23...

  • Page 416: Ascii-File-Only Syntax

    QoS object’s origin be modified. The blt keyword indicates built-in; this keyword cannot be used on the command line. For information about built-in policies and QoS groups, see “How Policies Are Used” on page 21-4. page 21-24 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 417: Creating Policy Conditions

    To remove a classification parameter from the condition, use no with the relevant keyword. For example: -> policy condition c3 no source ip The specified parameter (in this case, a source IP address) will be removed from the condition (c3) at the next qos apply. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-25...

  • Page 418: Deleting Policy Conditions

    21-6 “Action Combinations” on page 21-7. See the OmniSwitch CLI Reference Guide for details about command syntax. policy action keywords disposition shared 802.1p priority dcsp minimum bandwidth maximum bandwidth page 21-26 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 419: Removing Action Parameters

    The rule (rule5) will only take effect after the qos apply command is entered. For more information about the qos apply command, see “Applying the Configuration” on page 21-46. The policy rule command may specify the following keywords: policy rule keywords precedence save OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-27...

  • Page 420: Disabling Rules

    Note. Minimum bandwidth rules have the highest precedence over all other rules in the system. They are enforced internally and cannot be overridden by user-configured settings. In addition, specifying a mini- mum bandwidth value implies a maximum bandwidth of the same value. page 21-28 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 421: Saving Rules

    To remove the save option from a policy rule, use no with the save keyword. For example: -> policy rule rule5 no save OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-29...

  • Page 422: Logging Rules

    -> policy rule rule5 no log Deleting Rules To remove a policy rule, use the no form of the command. -> no policy rule rule1 The rule will be deleted after the next qos apply. page 21-30 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 423: Verifying Policy Configuration

    (+) sign. The rule will not be used to classify traffic until the next qos apply. Only mac1 is actively being used on the switch to classify traffic. OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 424: Testing Conditions

    -> *IfType -> *MAC 000000:000000 -> 080020:D1E51 *VLAN -> *802.1p L3/L4: 0.0.0.0 -> 0.0.0.0 *TOS/DSCP : 0/0 Using pending l2 policies Classify L2 Destination: *Matches rule ‘yuba’: action pri3 (accept) page 21-32 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 425 To activate any policy rules that have not been applied, use the qos apply command. To delete rules that have not been applied (and any other QoS configuration not already applied), use the qos revert command. See “Applying the Configuration” on page 21-46. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-33...

  • Page 426: Using Condition Groups In Policies

    See the OmniSwitch CLI Reference Guide for more information about the output of this display. See “Verifying Condition Group Configuration” on page 21-42 for more information about using show commands to display information about condition groups. page 21-34 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 427: Creating Network Groups

    In this example, netgroup3 is configured for condition c4 as source network group: -> policy condition c4 source network group netgroup3 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-35...

  • Page 428: Creating Services

    An IP protocol (TCP or UDP), source IP port and/or destination IP port (or port range) must be associated with a service. IP port numbers are well-known port numbers defined by the IANA. For example, port numbers for FTP are 20 and 21; Telnet is 23. page 21-36 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 429: Creating Service Groups

    The service group may then be associated with a condition through the policy condition command. For example: -> policy condition c6 service group serv_group OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-37...

  • Page 430: Creating Mac Groups

    This command creates a condition called cond3 that may be used in a policy rule to classify traffic by source MAC addresses. The MAC addresses are specified in the MAC group. For more information about configuring conditions, see “Creating Policy Conditions” on page 21-25. page 21-38 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 431: Creating Port Groups

    Note. Port group configuration is not active until the qos apply command is entered. To delete ports from a port group, use no and the relevant port number(s). -> policy port group techpubs no 2/1 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-39...

  • Page 432: Port Groups And Minimum/Maximum Bandwidth

    -> policy action MaxBw maximum bandwidth 10k -> policy rule PortRule condition Ports action MaxBw In this example, if both ports 1 and 2 are active ports, 10000 bps is sent over each port. page 21-40 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 433 The maximum traffic received by a destination port is unpredictable and is affected by how many source ports are sending traffic to the destination port. However, each source port in the above example is restricted to sending only 10k to any of the specified destination ports. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-41...

  • Page 434: Verifying Condition Group Configuration

    When the qos apply command is entered, the plus sign (+) will be removed from netgroup1 in the display. See “Applying the Configuration” on page 21-46 for more information about the qos apply command. page 21-42 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 435: Using Map Groups

    “Creating Policy Rules” on page 21-27. -> policy rule r3 condition Traffic action tosMap Apply the configuration. For more information about this command, see “Applying the Configuration” on page 21-46. -> qos apply OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-43...

  • Page 436: How Map Groups Work

    To delete mapping values from a group, use no and the relevant values: -> policy map group tosGroup no 1-2:4 The specified values will be deleted from the map group at the next qos apply. page 21-44 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 437: Verifying Map Group Configuration

    When the qos apply command is entered, the plus sign (+) will be removed from tosGroup in the display. “Applying the Configuration” on page 21-46 for more information about the qos apply command. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-45...

  • Page 438: Applying The Configuration

    For more information about disabling/re-enabling a policy rule, see “Creating Policy Rules” on page 21-27. page 21-46 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 439: Deleting The Pending Configuration

    Or, to delete all policy rule configuration, enter qos apply. If qos apply is entered, the empty set of pending policies will be written to the applied policies and all policy rule configuration will be deleted. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-47...

  • Page 440: Interaction With Ldap Policies

    Sends Layer 2, Layer 3, or multicast information to the classifier to see how the switch will handle the packet. Use the applied keyword to examine only applied conditions. For more information about these commands, see the OmniSwitch CLI Reference Guide. page 21-48 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 441: Policy Applications

    OmniSwitch ingress flow queues for egress traffic policy condition classifies the flow policy action determines how packets are queued OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-49...

  • Page 442: Basic Commands

    10.10.4.0 will be given the highest priority. Bandwidth Shaping Example In this example, a specific flow from a source IP address is sent to a queue that will support its maximum bandwidth requirement. page 21-50 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 443: Icmp Policy Example

    The port on which the flow arrives (the ingress port) must be a trusted port. For more information • about trusted ports, see “Trusted and Untrusted Ports” on page 21-20. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 21-51...
  • Page 444 Subnet A and Subnet B to the ToS network: -> policy rule RuleA condition SubnetA action map_action -> policy rule RuleB condition SubnetB action map_action Subnet A OmniSwitch 10.10.5.0 Network C Mapping Subnet B policy 12.12.2.0 Mapping Application page 21-52 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 445: Chapter 22 Configuring Acls

    Creating Policy Rules for ACLs. Policy rules for ACLs are basically QoS policy rules. Specific • parameters for ACLs are described in this chapter. See “Configuring ACLs” on page 22-8. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 22-1...

  • Page 446: Acl Specifications

    Note that in the current software release, the deny and drop options produce the same effect; that is, that traffic is silently dropped. For more information about QoS defaults in general, see Chapter 21, “Configuring QoS.” page 22-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 447: Quick Steps For Creating Acls

    -> policy rule lab_rule1 condition Lab3 action Yes precedence 65535 Apply the policy configuration using the qos apply command. For details about using this command, “Applying the Configuration” on page 21-46 Chapter 21, “Configuring QoS.” OmniSwitch 6800 Series Network Configuration Guide November 2004 page 22-3...

  • Page 448: Acl Overview

    Note. QoS policy rules may also be used for traffic prioritization and other network scenarios. For a general discussion of QoS policy rules, see Chapter 21, “Configuring QoS.” page 22-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 449: Rule Precedence

    Note. See Chapter 21, “Configuring QoS,” for more information about valid condition/action combina- tions. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 22-5...

  • Page 450: Example: Rules With Conflicting Actions

    IP address cannot be included in a condition with a source IP network group. For more information about supported combinations, see “Condition Combinations” on page 21-6 “Action Combinations” on page 21-7 Chapter 21, “Configuring QoS.” page 22-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 451: Acl Configuration Overview

    Policies may then be set up to allow routed traffic through the switch. Note that in the current release of Alcatel’s QoS software, the drop and deny keywords produce the same result (flows are silently dropped; no ICMP message is sent).

  • Page 452: Creating Condition Groups For Acls

    Command syntax is described in detail in the OmniSwitch CLI Reference Guide. The basic commands for configuring ACL rules are the same as those for configuring policy rules: policy condition policy action policy rule page 22-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 453: Creating Policy Conditions For Acls

    (accept) or denied (deny). For example: -> policy action a1 disposition accept If you do not specify a disposition for the policy action, the default (accept) will be used. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 22-9...

  • Page 454: Creating Policy Rules For Acls

    Note that combining Layer 2 and Layer 3 conditions in the same policy is supported. Refer to “Condition Combinations” on page 21-6 “Action Combinations” on page 21-7 Chapter 21, “Configuring QoS.” page 22-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 455: Layer 2 Acl Example

    Note that combining Layer 2 and Layer 3 conditions in the same policy is supported. Refer to “Condition Combinations” on page 21-6 “Action Combinations” on page 21-7 Chapter 21, “Configuring QoS.” OmniSwitch 6800 Series Network Configuration Guide November 2004 page 22-11...

  • Page 456: Layer 3 Acl: Example 1

    Note that the destination parameters are used for the client from which the switch will receive the IGMP request. The multicast ip or multicast network group keyword is required in the condition configured for a multicast ACL. page 22-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 457: Verifying The Acl Configuration

    Indicates that the policy rule has been modified or has been created since the last qos apply. Indicates the policy object is pending deletion. Indicates that the policy object differs between the pend- ing/applied objects. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 22-13...
  • Page 458 See the OmniSwitch CLI Reference Guide for more information about the output of these commands. page 22-14 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 459: Acl Application Example

    -> policy service traffic_in source ip port 23 protocol 6 -> policy condition outside_cond service traffic_in -> policy action outside_action disposition drop -> policy rule outside condition outside_cond action outside_action OmniSwitch 6800 Series Network Configuration Guide November 2004 page 22-15...
  • Page 460 ACL Application Example Configuring ACLs page 22-16 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 461: Configuring Ip Multicast Switching

    This mechanism is often referred to as IGMP snooping (or IGMP gleaning). Alcatel’s implementation of IGMP snooping is called IP Multicast Switching (IPMS). IPMS allows OmniSwitch 6800 Series switches to efficiently deliver multicast traffic in hardware at wire speed.

  • Page 462: Ipms Specifications

    0 to 4294967295 seconds Multicast Priority urgent, high, medium, or low Maximum Ingress Bandwidth 1 to 1000 megabits IPMS Default Values The table below lists default values for Alcatel’s IPMS software. Parameter Description Command Default Value/Comments Administrative Status ip multicast switching...

  • Page 463: Ipms Overview

    The network interfaces verify that a multicast packet is received by the switch on the source (or expected) port. Note. Jumbo multicast packets are not supported. The maximum MTU size supported by Alcatel’s IPMS software is 1500. IPMS Example The figure on the following page shows an IPMS network where video content can be provided to clients that request it.

  • Page 464: Ip Multicast Routing

    IPMS uses decisions made by the routing protocols and forwards multicast traffic to ports that request group membership. See the OmniSwitch 6800 Series Advanced Routing Configuration Guide for more information on IP multicast routing protocols.

  • Page 465: Pim-Sm

    IGMP version 2 (IGMPv2) handles forwarding by IP multicast destination address only. IGMP version 3 (IGMPv3) handles forwarding by source IP address and IP multicast desti- nation address. OmniSwitch 6800 Series switches support IGMPv2 and IGMPv3. Note. See “Configuring the IGMP Proxy Version”...
  • Page 466 Exclude list forwarding is not supported as it is not a requirement for SSM, and specifically Protocol Independent Multicast–Source Specific Multicast (PIM-SSM). See the OmniSwitch 6800 Series Advanced Routing Configuration Guide for more information on SSM. page 23-6...

  • Page 467: Configuring Ipms On A Switch

    -> ip multicast switching Disabling IPMS To disable IPMS you use the no form of the ip multicast switching command as shown below: -> no ip multicast switching OmniSwitch 6800 Series Network Configuration Guide November 2004 page 23-7...

  • Page 468: Configuring The Igmp Proxy Version

    VLAN number (which must be between 0 and 4095), a space, either the port (designate the slot number of the port, a slash (/), and the port number) or linkagg and the link aggregation group number, and either v2 or v3. page 23-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 469: Removing A Static Neighbor

    For example, to configure port 4 in slot 10 with designated VLAN 2 as a static querier that uses IGMP Version 3 you would enter: -> ip multicast static-querier 2 4/10 v3 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 23-9...

  • Page 470: Removing A Static Querier

    For example, to remove a static member with an IP address of 11.0.0.1 on port 10 in slot 3 with desig- nated VLAN 3 you would enter: -> ip multicast no static-neighbor 11.0.0.1 3/10 3 page 23-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 471: Modifying Ipms Parameters

    260 seconds. The following subsections describe how to configure a user-specified membership timeout value and how to restore it with the ip multicast membership-timeout command. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 23-11...

  • Page 472: Configuring The Membership Timeout

    You can modify the IPMS querier timeout from 0 to 4294967295 seconds by entering ip multicast querier-timeout followed by the new value. For example, to set the querier timeout to 360 seconds you would enter: -> ip multicast querier-timeout 360 page 23-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 473: Restoring The Querier Timeout

    To restore the IP multicast priority to its default (i.e., low) value you use the no form of the ip multicast priority command by entering: -> ip multicast no priority OmniSwitch 6800 Series Network Configuration Guide November 2004 page 23-13...

  • Page 474: Modifying The Maximum Ingress Bandwidth

    To restore the IP multicast maximum ingress bandwidth to its default (i.e., 10 megabits) value you use the no form of the ip multicast max-ingress-bandwidth command by entering: -> ip multicast no max-ingress-bandwidth page 23-14 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 475: Ipms Application Example

    Configure the client attached to Port 2 as a static querier belonging to VLAN 5 by entering: -> ip multicast static-querier 5 1/2 Modify the membership timeout from its default value of 260 seconds to 3600 seconds by entering: -> ip multicast membership-timeout 3600 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 23-15...
  • Page 476 Source IP VLAN Slot/Port Expire Type Version --------------------+----+---------+------+-------+------- None 1/5 Never Static IGMPv2 ->show ip multicast queriers Source IP VLAN Slot/Port Expire Type Version --------------------+----+---------+------+-------+-------- None 1/2 Never Static IGMPv2 page 23-16 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 477: Displaying Ipms Configurations And Statistics

    Configuring IP Multicast Switching Displaying IPMS Configurations and Statistics Displaying IPMS Configurations and Statistics Alcatel’s IP Multicast Switching (IPMS) show commands provide tools to monitor IPMS traffic and settings and to troubleshoot problems. These commands are described below: show ip multicast switching Displays the current IPMS configuration on a switch.
  • Page 478 Displaying IPMS Configurations and Statistics Configuring IP Multicast Switching page 23-18 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 479: Diagnosing Switch Problems

    Configuring Port Mirroring Direction—see “Configuring Port Mirroring Direction” on page 24-13. • Enabling or Disabling a Port Mirroring Session—see “Enabling or Disabling a Port Mirroring Session • (Shorthand)” on page 24-14. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 24-1...
  • Page 480 “Resetting Health Statistics for the Switch” on page 24-29. • For information about additional Diagnostics features such as Switch Logging and System Debugging/ Memory Management commands, see Chapter 25, “Using Switch Logging” Chapter 26, “Monitoring Memory.” page 24-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 481: Port Mirroring

    Spanning Tree Enabled (Spanning Tree Disable) Mirroring Status Configuration port mirroring source destination Disabled Mirroring Session Configuration port mirroring Disabled Mirroring Session Deletion port mirroring No Mirroring Sessions Configured OmniSwitch 6800 Series Network Configuration Guide November 2004 page 24-3...

  • Page 482: Quick Steps For Configuring Port Mirroring

    7 For more information about this command, see “Displaying Port Mirroring Status” on page 24-15 or the “Port Mirroring and Monitoring Commands” chapter in the OmniSwitch CLI Reference Guide. page 24-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 483: Remote Monitoring (Rmon)

    RMON Traps Supported RisingAlarm/FallingAlarm These traps are generated whenever an Alarm entry crosses either its Rising Threshold or its Falling Threshold and generates an event con- figured for sending SNMP traps. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 24-5...

  • Page 484: Rmon Probe Defaults

    “Displaying a List of RMON Probes” on page 24-19, “Displaying Statistics for a Particular RMON Probe” on page 24-20 or the “RMON Commands” chapter in the OmniSwitch CLI Reference Guide. page 24-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 485: Switch Health

    A Resource Threshold was exceeded by its cor- responding utilization value in the previous cycle, but is not exceeded in the current cycle. Threshold Crossing Traps Supported Device, module, port-level threshold crossings. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 24-7...

  • Page 486: Switch Health Defaults

    (e.g., memory). The display is similar to the one shown below: Memory Threshold = 85 For more information about this command, see “Displaying Health Threshold Limits” on page 24-26 the “Health Monitoring Commands” chapter in the OmniSwitch CLI Reference Guide. page 24-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 487: Port Mirroring

    Note. Both the mirrored and mirroring ports must be connected and up (enabled) to start mirroring. What Ports Can Be Mirrored? OmniSwitch 6800 Series switches support mirroring between any 10/100/1000 port to any other 10/100/ 100 port and between any SFP to any other SFP port.

  • Page 488: What Happens To The Mirroring Port

    RMON probe are first forwarded out the mirrored port. After being received on the mirrored port, copies of the frames are mirrored out the mirroring port—the probe attached to the mirror- ing port receives the management frames. page 24-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 489: Creating A Mirroring Session

    To create a mirroring session, enter the port mirroring source destination command, and include the port mirroring session ID number and the source and destination slot/ports, as shown in the following example: -> port mirroring 6 source 2/3 destination 2/4 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 24-11...

  • Page 490: Unblocking Ports (Protection From Spanning Tree)

    VLAN ID number). See “Enabling or Disabling a Port Mirroring Session (Shorthand)” on page 24-14 for details. Note. A port that is part of an aggregate link cannot be mirrored. page 24-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 491: Creating A Mirroring Session And Enabling Mirroring Status

    ID number, the source and destination slot/ports, and bidirectional, inport, or outport. Note. Optionally, you can also specify the optional unblocked VLAN ID number and either enable or disable on the same command line. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 24-13...

  • Page 492: Enabling Or Disabling A Port Mirroring Session (Shorthand)

    To disable a port mirroring session, enter the port mirroring command, followed by the port mirroring session ID number and the keyword disable. The following command disables port mirroring session 6 (turning port mirroring off): -> port mirroring 6 disable page 24-14 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 493: Displaying Port Mirroring Status

    To delete a mirroring session, enter the no port mirroring command, followed by the port mirroring session ID number. For example: -> no port mirroring 6 In this example, port mirroring session 6 is deleted. Note. The port mirroring session identifier must always be specified. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 24-15...

  • Page 494: Remote Monitoring (Rmon)

    C. Management frames from the NMS Workstation are sent to the mirrored port..NMS Workstation Mirrored Port Mirroring Port RMON Probe OmniSwitch D..and port mirroring sends copies of the Management frames to the mirroring port. Port Mirroring Using External RMON Probe page 24-16 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 495: Ethernet Statistics

    Alarm can be generated, printed and/or logged. Note. The following RMON groups are not implemented: Host, HostTopN, Matrix, Filter and Packet Capture. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 24-17...

  • Page 496: Enabling Or Disabling Rmon Probes

    The following command enables all currently defined (disabled) RMON Alarm probes: -> rmon probes alarm enable Notes. Network activity on subnetworks attached to an RMON probe can be monitored by Network Management Software (NMS) applications. page 24-18 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 497: Displaying Rmon Tables

    A display showing all current alarm RMON probes should appear, as shown in the following example: Entry Slot/Port Flavor Status Duration System Resources -------+-----------+-----------+----------+---------------+-------------------- 31927 1/35 Alarm Active 00:25:51 608 bytes OmniSwitch 6800 Series Network Configuration Guide November 2004 page 24-19...

  • Page 498: Displaying Statistics For A Particular Rmon Probe

    -> show rmon probes 4005 Probe’s Owner: Switch Auto Probe on Slot 4, Port 5 Entry 4005 Flavor = Ethernet, Status = Active Time = 48 hrs 54 mins, System Resources (bytes) = 275 page 24-20 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 499: Sample Display For History Probe

    = delta value Alarm Startup Alarm = rising alarm Alarm Variable = 1.3.6.1.2.1.16.1.1.1.5.4008 Entry 11235 Flavor = Alarm, Status = Active Time = 48 hrs 48 mins, System Resources (bytes) = 1677 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 24-21...

  • Page 500: Displaying A List Of Rmon Events

    [Rising trap] “Rising Event,” an Alarm condition detected by the RMON probe in which a trap was generated based on a Rising Threshold Alarm, with an elapsed time of 39 minutes since the last change in status. page 24-22 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 501: Monitoring Switch Health

    Maximum utilization level over the last hour (percentage) • Threshold level • Additionally, Health Monitoring provides the capacity to specify thresholds for the resource utilization levels it monitors, and generates traps based on the specified threshold criteria. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 24-23...
  • Page 502 —Displays health statistics for the switch, as percentages of total resource capacity. See • page 24-28 for more information. health statistics reset—Resets health statistics for the switch. See page 24-29 for details. • page 24-24 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 503: Configuring Resource And Temperature Thresholds

    Note. When you specify a new value for a threshold limit, the value is automatically applied across all levels of the switch (switch, module and port). You cannot select differing values for each level. OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 504: Displaying Health Threshold Limits

    Note. For detailed definitions of each of the threshold types, refer to “Configuring Resource and Tempera- ture Thresholds” on page 24-25, as well as Chapter 35, “Health Monitoring Commands,” in the OmniSwitch CLI Reference Guide. page 24-26 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 505: Configuring Sampling Intervals

    To view the sampling interval, enter the show health interval command. The currently configured health sampling interval (measured in seconds) will be displayed, as shown below: -> show health interval Sampling Interval = 5 OmniSwitch 6800 Series Network Configuration Guide November 2004 page 24-27...

  • Page 506: Viewing Health Statistics For The Switch

    Threshold limit. For example, if the Current value for Memory displays as 85* and the Threshold Limit displays as 80, the asterisk indicates that the Current value has exceeded the Threshold Limit value. page 24-28 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 507: Viewing Health Statistics For A Specific Interface

    To reset health statistics for the switch, enter the health statistics reset command, as shown below: -> health statistics reset OmniSwitch 6800 Series Network Configuration Guide November 2004 page 24-29...
  • Page 508 Monitoring Switch Health Diagnosing Switch Problems page 24-30 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 509: Chapter 25 Using Switch Logging

    “Displaying Switch Logging Records” on page 25-12 • Notes. Switch logging commands are not intended for use with low-level hardware and software debugging. It is strongly recommended that you contact an Alcatel Customer Service representative for assistance with debugging functions. OmniSwitch 6800 Series Network Configuration Guide...

  • Page 510: Switch Logging Specifications

    Severity Levels/Types Supported 2 (Alarm - highest severity), 3 (Error), 4 (Alert), 5 (Warning) 6 (Info - default), 7 (Debug 1), 8 (Debug 2), 9 (Debug 3 - lowest severity) page 25-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 511: Switch Logging Defaults

    No application ID or severity level defaults. The user must specify these values Enabling/Disabling switch logging swlog output Flash Memory and Console Output Switch logging file size swlog output flash 128000 bytes file-size OmniSwitch 6800 Series Network Configuration Guide November 2004 page 25-3...

  • Page 512: Quick Steps For Configuring Switch Logging

    Only Applications not at the level ‘info’ (6) are shown Application ID Level ---------------------------- BRIDGE(10) warning (5) For more information about this command, or the “Switch Logging Commands” chapter in the OmniSwitch CLI Reference Guide. page 25-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 513: Switch Logging Overview

    See the “Working with Configuration Files” chapter of the OmniSwitch 6800 Switch Management Guide for details. OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 514: Switch Logging Commands Overview

    Numeric CLI Keyword Application ID Equivalent IDLE APPID_IDLE DIAG APPID_DIAGNOSTICS IPC-DIAG APPID_IPC_DIAGNOSTICS QDRIVER APPID_QDRIVER QDISPATCHER APPID_QDISPATCHER IPC-LINK APPID_IPC_LINK NI-SUPERVISION APPID_NI_SUP_AND_PROBER INTERFACE APPID_ESM_DRIVER 802.1Q APPID_802.1Q VLAN APPID_VLAN_MGR APPID_GROUPMOBILITY (RESERVED) BRIDGE APPID_SRCLEANING page 25-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 515 SNMP APPID_SNMP_AGENT APPID_WEBMGT MIPGW APPID_MIPGW SESSION APPID_SESSION_MANAGER TRAP APPID_TRAP_MANAGER POLICY APPID_POLICY_MANAGER APPID_DRC SYSTEM APPID_SYSTEM_SERVICES HEALTH APPID_HEALTHMON NAN-DRIVER APPID_NAN_DRIVER RMON APPID_RMON TELNET APPID_TELNET APPID_PSM APPID_FTP SMNI APPID_SMNI DISTRIB APPID_DISTRIB EPILOGUE APPID_EPILOGUE OmniSwitch 6800 Series Network Configuration Guide November 2004 page 25-7...

  • Page 516: Specifying The Severity Level

    The following command makes the same assignment by using the severity level and application numbers. -> swlog appid 75 level 3 No confirmation message appears on the screen for either command. page 25-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 517: Removing The Severity Level

    IP address to which output will be sent. For exam- ple, if the target IP address is 168.23.9.100, you would enter: -> swlog output socket ipaddr 168.23.9.100 No confirmation message will appear on the screen. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 25-9...

  • Page 518: Disabling An Ip Address From Receiving Switch Logging Output

    For this example, switch logging is enabled. Switch logging information is being sent to the switch’s flash memory and to the console. Additionally, the severity level for the chassis application ID has been set to the “debug3” (or “9”) severity level. page 25-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 519: Configuring The Switch Logging File Size

    No confirmation message will appear on the screen. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 25-11...

  • Page 520: Displaying Switch Logging Records

    The Log Message field specifies the condition recorded by the switch logging feature. The informa- • tion in this field usually wraps around to the next line of the screen display as shown in this example. page 25-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 521: Chapter 26 Monitoring Memory

    Notes. System Debug (kTrace and sysTrace) commands are intended for use by qualified Alcatel Customer Support personnel to assist customers in diagnosing or debugging system performance. For information about these commands, see the chapter titled, “Memory Monitoring Commands”...

  • Page 522: Memory Monitoring Specifications

    Standard Out (console)/ Supported Switch Logging/ sysTrace Buffer. Memory Monitoring Defaults The following table shows Memory Monitoring default values: Parameter Description CLI Command Default Value/Comments Memory Monitoring debug memory monitor Disabled page 26-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 523: Quick Steps For Configuring Memory Monitoring

    1588017 65536 5130020 25675316 For more information about this command, see “Displaying the Memory Monitor Log” on page 26-5 the “Switch Logging Commands” chapter in the OmniSwitch CLI Reference Guide. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 26-3...

  • Page 524: Debug Memory Commands Overview

    To enable memory monitoring, enter: -> debug memory monitor enable No confirmation message will appear onscreen. To disable Memory Monitoring, enter: -> debug memory monitor disable No confirmation message will appear onscreen. page 26-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 525: Displaying The Memory Monitor Log

    The Calling Function field displays the function that called the above-mentioned function. The Previous Caller field displays the function that called the above-mentioned function. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 26-5...

  • Page 526: Displaying The Memory Monitor Global Statistics

    (currently and cumulatively) since the memory log was last enabled. For example, statistics displayed above indicate that 33741 bytes of memory are currently allo- cated and 687952 bytes were cumulatively allocated since the last enable. page 26-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 527: Displaying The Memory Monitor Task Statistics

    Health 127649 221312 222236 Ipedr 31500 105868 NanDrvr 74396 Ftpd Telnetd 9552 9552 tCS_CVM tssApp65535_3 SsApp 49088 198284 SesMgr 69200 202029 SNMPagt 26347 210129 --Output continues on the following page-- OmniSwitch 6800 Series Network Configuration Guide November 2004 page 26-7...
  • Page 528 (currently and cumulatively) since the memory log was enabled. For example, statistics displayed in the second entry in the table indicate that 16169 bytes of memory are currently allocated and 20168 bytes were cumulatively allocated for the cliConsole task. page 26-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 529: Displaying The Memory Monitor Size Statistics

    (in bytes). For example, statistics displayed in the last entry in the table indicate that 5130020 bytes are currently allocated and 25675316 bytes were cumula- tively allocated for the memory range greater than or equal to 65536 bytes. OmniSwitch 6800 Series Network Configuration Guide November 2004 page 26-9...
  • Page 530 Configuring Debug Memory Commands Monitoring Memory page 26-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 531: Appendix A Software License And Copyright Statements

    A Software License and Copyright Statements This appendix contains Alcatel and third-party software vendor license and copyright statements. Alcatel License Agreement ALCATEL INTERNETWORKING, INC. (“AII”) SOFTWARE LICENSE AGREEMENT IMPORTANT. Please read the terms and conditions of this license agreement carefully before opening this package.
  • Page 532 Licensee’s computer or made non-readable. AII may terminate this License Agreement upon the breach by Licensee of any term hereof. Upon such termination by AII, Licensee agrees to return to AII or destroy the Licensed Materials and all copies and portions thereof. page A-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 533 Run-Time Module) are third part beneficiaries to this License Agree- ment with full rights of enforcement. Please refer to the section entitled “Third Party Licenses and Notices” on page A-4 for the third party license and notice terms. OmniSwitch 6800 Series Network Configuration Guide November 2004 page A-3...

  • Page 534: Third Party Licenses And Notices

    OpenLDAP is a trademark of the OpenLDAP Foundation. Copyright 1999-2000 The OpenLDAP Foundation, Redwood City, California, USA. All Rights Reserved. Permission to copy and distributed verbatim copies of this document is granted. page A-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 535: Linux

    “work based on the Program” means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 536 Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software inter- change; or, page A-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 537 Many people have made generous contributions to the wide range of software distributed through that system in reliance on OmniSwitch 6800 Series Network Configuration Guide November 2004 page A-7...
  • Page 538 SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS page A-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 539 License. URLWatch: For notice when this page changes, fill in your email address. Maintained by: Webmaster, Linux Online Inc. Last modified: 09-Aug-2000 02:03AM. Views since 16-Aug-2000: 177203. OmniSwitch 6800 Series Network Configuration Guide November 2004 page A-9...

  • Page 540: University Of California

    ITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. page A-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 541: Apptitude, Inc

    MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. K. Sun Microsystems, Inc. This product contains Coronado ASIC, which includes a component derived from designs licensed from Sun Microsystems, Inc. OmniSwitch 6800 Series Network Configuration Guide November 2004 page A-11...

  • Page 542: Wind River Systems, Inc

    * written prior permission. The University of Delaware makes no * representations about the suitability this software for any * purpose. It is provided "as is" without express or implied * warranty. ************************************************************************* page A-12 OmniSwitch 6800 Series Network Configuration Guide November 2004...

  • Page 543: Index

    6-3, 6-6, 6-8 aaa ldap-server command policies 21-49 LDAP authentication 17-25 policy map groups 21-43 aaa radius-server command 19-8 port mirroring 24-4 RADIUS authentication 17-14 21-23, 21-49 aaa vlan no command 18-26 13-3 OmniSwitch 6800 Series Network Configuration Guide November 2004 Index-1...
  • Page 544 26-9 debug memory monitor show log task command 26-7 debug messages 25-8 debugging memory backup router see memory monitoring VRRP 16-6 default route binding VLAN rules 7-6, 7-13 12-6 Index-2 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 545 VLAN port assignment Web browser authentication clients 18-8 mobile ports DHCP VLAN rules secondary VLANs 6-13 directed broadcast 12-10 VLAN rules disposition ACLs 22-4, 22-7 global defaults for QoS rules 21-12 OmniSwitch 6800 Series Network Configuration Guide November 2004 Index-3...
  • Page 546 23-8 interfaces alias command 1-11 ip multicast leave-timeout command 23-11 interfaces autoneg command 1-15 ip multicast max-ingress-bandwidth command 23-14 interfaces crossover command 1-16 ip multicast membership-timeout command 23-11 Index-4 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 547 VLANs 18-35 deleting static members 23-10 LDAP authentication servers deleting static neighbors 23-9 directory entries 17-17 deleting static queriers 23-10 functional privileges 17-21 disabling 23-7 passwords for 17-20 displaying 23-17 OmniSwitch 6800 Series Network Configuration Guide November 2004 Index-5...
  • Page 548 21-34, 22-8 authentication 6-17 policy port groups 21-39 BPDU ignore 6-11 policy rule command 21-23 default VLAN membership 6-12 policy server command 20-4 restore default VLAN 6-12 defaults 20-2 Index-6 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 549 14-9 advertisement lifetime 14-10 application examples 21-23, 21-49 defaults 14-2 ASCII-file-only syntax 5-11, 21-24 disable 14-8 configuration overview 21-11 enable 14-8 defaults 21-8 example 14-5 enabled/disabled 21-12 interface 14-6 OmniSwitch 6800 Series Network Configuration Guide November 2004 Index-7...
  • Page 550 12-19 displaying specific 24-22 show udp ports command 12-20 RMON probes show udp statistics command 12-20 displaying list 24-19 SNMP displaying statistics 24-20 attributes for LDAP authentication servers 17-22 enabling/disabling 24-18 Index-8 OmniSwitch 6800 Series Network Configuration Guide November 2004...
  • Page 551 10-10 traps displaying 10-13 port link messages enabling 10-10 trusted ports group names 10-10 see also ports groups 10-5 used with QoS policies 21-21 overview 10-5 TTL value 12-9 specifications 10-2 OmniSwitch 6800 Series Network Configuration Guide November 2004 Index-9...
  • Page 552 7-3, 7-20 binding 7-6, 7-13 defaults DHCP 7-4, 7-11, 7-12, 7-13 MAC address 7-6, 7-15 MAC range 7-16 network address 7-6, 7-16, 7-17 port 7-7, 7-19 precedence protocol 7-6, 7-18 types Index-10 OmniSwitch 6800 Series Network Configuration Guide November 2004...

Table of Contents

Save PDF