OmniSwitch os6900 Network Configuration Manual

page of 942

/ 942
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Part No. 060319-10, Rev. G

June 2013

OmniSwitch AOS Release 7

Network Configuration Guide

www.alcatel-lucent.com

Table of Contents

Summary of Contents for OmniSwitch os6900

Page 1 Part No. 060319-10, Rev. G June 2013 OmniSwitch AOS Release 7 Network Configuration Guide www.alcatel-lucent.com...
Page 2 This user guide documents AOS Release 7 for the OmniSwitch 10K and OmniSwitch 6900. The functionality described in this guide is subject to change without notice. Copyright © 2013 by Alcatel-Lucent. All rights reserved. This document may not be reproduced in whole or in part without the express written permission of Alcatel-Lucent.
Page 3: Table Of Contents
Enabling and Disabling Enhanced Port Performance (EPP) ........1-8 Configuring Energy Efficient Ethernet (802.3az) ............1-9 Clearing Ethernet Port Violations .................1-11 Link Monitoring ......................1-12 Monitoring Interface Errors ...................1-12 Monitoring Interface Flapping ................1-12 Monitoring Window ....................1-13 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 4 Configuring the Source Learning Status .................3-8 Increasing the MAC Address Table Size ................3-9 Displaying Source Learning Information ..............3-10 Chapter 4 Configuring VLANs ....................4-1 In This Chapter ........................4-1 VLAN Specifications ......................4-2 VLAN Defaults ......................4-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 5 Configuring Spanning Tree Parameters ............. 6-1 In This Chapter ........................6-2 Spanning Tree Specifications ..................6-3 Spanning Tree Bridge Parameter Defaults ..............6-4 Spanning Tree Port Parameter Defaults ................6-4 Multiple Spanning Tree (MST) Region Defaults ............6-5 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 6 Limiting BPDU Transmission ................6-43 Sample Spanning Tree Configuration ................6-44 Example Network Overview ..................6-44 Example Network Configuration Steps ..............6-45 Sample MST Region Configuration ................6-47 Sample MSTI Configuration ..................6-49 Verifying the Spanning Tree Configuration ..............6-52 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 7 Modifying Dynamic Aggregate Partner Port Parameters ........8-21 Application Examples ....................8-27 Sample Network Overview ..................8-27 Link Aggregation and Spanning Tree Example .............8-28 Link Aggregation and QoS Example ..............8-29 Displaying Dynamic Link Aggregation Configuration and Statistics ......8-30 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 8 MCLAG Concepts and Components ..............10-9 Benefits of MCLAG .....................10-11 MCLAG Principle ....................10-11 MCLAG Loop Detection ..................10-12 MCLAG Topologies ....................10-13 Basic MCLAG Building Block ................10-13 Recommended Topologies ...................10-13 Topologies Not Recommended ................10-15 Unsupported Topologies ..................10-15 viii OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 9 Quick Steps for Configuring ERP with VLAN Stacking ..........11-12 ERP Configuration Overview and Guidelines ............11-13 Configuring an ERP Ring ...................11-14 Adding VLANs to Ring Ports ................11-14 Configuring an RPL Port ..................11-15 Setting the Wait-to-Restore Timer ...............11-15 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 10 Verifying the MVRP Configuration ................12-15 Chapter 13 Configuring 802.1AB ....................13-1 In This Chapter ......................13-1 802.1AB Specifications ....................13-2 802.1AB Defaults Table ....................13-2 Quick Steps for Configuring 802.1AB ................13-3 802.1AB Overview .......................13-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 11 LACP ........................14-11 SPB ........................14-12 MVRP ........................14-12 Virtual Chassis and MC-LAG ................14-13 Interfaces ......................14-13 Configuring Auto-Fabric .....................14-14 Enabling/Disabling Auto-Fabric ................14-14 Starting the Discovery Process ................14-14 Configuring Auto-Fabric Protocols ..............14-14 Configuring Discovery Interval ................14-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 12 Quick Steps for Configuring VRF Route Leak ............15-37 Configuring VRF Route Leak ................15-38 Verifying VRF Route Leak Configuration ............15-39 Chapter 16 Configuring Multiple VRF ..................16-1 In This Chapter ......................16-1 VRF Specifications .......................16-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 13 Modifying an IPv6 Interface ................17-15 Removing an IPv6 Interface .................17-15 Assigning IPv6 Addresses ...................17-16 Removing an IPv6 Address ..................17-17 Configuring IPv6 Tunnel Interfaces ................17-18 Creating an IPv6 Static Route ..................17-19 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 xiii...
Page 14 Configuring the RIP Forced Hold-Down Interval ..........19-9 Configuring the RIP Update Interval ..............19-9 Configuring the RIP Invalid Timer ..............19-10 Configuring the RIP Garbage Timer ..............19-10 Configuring the RIP Hold-Down Timer ..............19-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 15 External DHCP Relay Application ................21-7 Internal DHCP Relay .....................21-8 DHCP Relay Implementation ..................21-9 Global DHCP ......................21-9 Per-VLAN DHCP ....................21-9 Configuring BOOTP/DHCP Relay Parameters ...........21-10 Setting the Forward Delay ..................21-10 Setting Maximum Hops ..................21-11 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 16 Configuring the VRRPv3 Virtual Router Priority ..........22-21 Setting Preemption for VRRPv3 Virtual Routers ..........22-22 Enabling/Disabling a VRRPv3 Virtual Router ............22-23 Setting VRRPv3 Traps ..................22-23 Verifying the VRRPv3 Configuration ................22-24 Creating Tracking Policies ..................22-25 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 17 Displaying Server Load Balancing Status and Statistics ..........23-22 Chapter 24 Configuring IP Multicast Switching ..............24-1 In This Chapter ......................24-1 IPMS Specifications ......................24-2 IPMSv6 Specifications ....................24-3 IPMS Default Values ....................24-3 IPMSv6 Default Values ....................24-5 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 xvii...
Page 18 Enabling and Disabling the MLD Spoofing ............24-34 Enabling and Disabling the MLD Zapping ............24-34 Limiting MLD Multicast Groups .................24-35 IPMS Application Example ..................24-37 IPMSv6 Application Example ..................24-39 Displaying IPMS Configurations and Statistics ............24-41 xviii OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 19 Setting the Statistics Interval ................25-42 Returning the Global Configuration to Defaults ..........25-42 Verifying Global Settings ..................25-42 Creating Policies ......................25-43 Quick Steps for Creating Policies ................25-43 ASCII-File-Only Syntax ..................25-44 Creating Policy Conditions ..................25-45 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 20 Modifying LDAP Policy Server Parameters ............26-4 Disabling the Policy Server From Downloading Policies ........26-4 Modifying the Port Number ...................26-5 Modifying the Policy Server Username and Password ..........26-5 Modifying the Searchbase ..................26-5 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 21 Enabling MAC Authentication ................27-28 Enabling UNP on Ports ..................27-28 Configuring UNP Port Parameters ...............27-29 Configuring Profiles ....................27-33 Configuring VLAN Classification Profiles ............27-33 Configuring Service Classification Profiles ............27-34 Enabling Dynamic VLAN Profile Configuration ..........27-35 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 22 Authentication Server Specifications ................29-2 Server Defaults ......................29-3 RADIUS Authentication Servers ................29-3 TACACS+ Authentication Servers ................29-3 LDAP Authentication Servers ................29-3 Quick Steps For Configuring Authentication Servers ..........29-4 Server Overview ......................29-5 Backup Authentication Servers ................29-5 xxii OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 23 Learned Port Security Defaults ..................31-2 Sample Learned Port Security Configuration ...............31-3 Learned Port Security Overview ...................31-5 LPS Learning Window ...................31-5 MAC Address Types ....................31-6 How LPS Authorizes Source MAC Addresses ............31-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 xxiii...
Page 24 What Happens to the Mirroring Port ..............32-16 Mirroring on Multiple Ports .................32-16 Using Port Mirroring with External RMON Probes ..........32-16 Remote Port Mirroring ..................32-18 Creating a Mirroring Session ................32-19 Unblocking Ports (Protection from Spanning Tree) ..........32-20 xxiv OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 25 Chapter 33 Configuring VLAN Stacking ................... 33-1 In This Chapter ......................33-1 VLAN Stacking Specifications ..................33-2 VLAN Stacking Defaults ....................33-2 VLAN Stacking Overview ....................33-4 How VLAN Stacking Works .................33-6 VLAN Stacking Services ..................33-7 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 26 Configuring a Maintenance Association ..............35-10 Configuring a Maintenance End Point ..............35-11 Configuring a Virtual Maintenance End Point .............35-11 Configuring Loopback ..................35-12 Configuring Linktrace ..................35-12 Configuring the Fault Alarm Time ...............35-12 xxvi OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 27 Appendix A Software License and Copyright Statements ............. A-1 Alcatel-Lucent License Agreement ................A-1 ALCATEL-LUCENT SOFTWARE LICENSE AGREEMENT ......A-1 Third Party Licenses and Notices .................. A-4 Index ........................Index-1 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 xxvii...
Page 28 Contents xxviii OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 29: About This Guide
About This Guide This OmniSwitch AOS Release 7 Network Configuration Guide describes basic attributes of your switch and basic switch administration tasks. The software features described in this manual are shipped standard with your switches. These features are used when readying a switch for integration into a live network environment.
Page 30: What Is In This Manual
This guide provides overview material on software features, how-to procedures, and tutorials that will enable you to begin configuring your OmniSwitch. However, it is not intended as a comprehensive refer- ence to all CLI commands available in the OmniSwitch. For such a reference to all CLI commands, consult the OmniSwitch CLI Reference Guide.
Page 31: Documentation Roadmap
OmniSwitch AOS Release 7 Data Center Switching Guide When you are ready to connect your switch to the network, you will need to learn how the OmniSwitch implements fundamental software features, such as 802.1Q, VLANs, Spanning Tree, and network routing protocols.
Page 32 Documentation Roadmap About This Guide The OmniSwitch AOS Release 7 Data Center Switching Guide includes configuration information for data center networks using virtualization technologies (SPBM and UNP) and Data Center Bridging protocols (PFC, ETC, and DCBX). Anytime The OmniSwitch CLI Reference Guide contains comprehensive information on all CLI commands supported by the switch.
Page 33: Related Documentation
About This Guide Related Documentation Related Documentation The following are the titles and descriptions of all the related OmniSwitch user manuals: • OmniSwitch 10K and OmniSwitch 6900 Getting Started Guides Describes the hardware and software procedures for getting an OmniSwitch up and running. Also provides information on fundamental aspects of OmniSwitch software architecture.
Page 34: Technical Support
(open or closed) that you have reported to Alcatel-Lucent’s technical support, open a new case or access helpful release notes, technical bulletins, and manuals. Access additional information on Alcatel-Lucent’s Service Programs: Web: service.esd.alcatel-lucent.com Phone: 1-800-995-2696 Email: esd.support@alcatel-lucent.com page xxvi OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 35 1 Configuring Ethernet Ports The Ethernet software is responsible for a variety of functions that support Ethernet, Gigabit Ethernet, and 10 Gigabit Ethernet ports on OmniSwitch Series switches. These functions include diagnostics, software loading, initialization, configuration of line parameters, gathering statistics, and responding to administrative requests from SNMP or CLI.
Page 36: Chapter 1 Configuring Ethernet Ports
Supported 802.1Q Hardware Tagging Supported Jumbo Frame Configuration Supported on 1/10/40 Gigabit Ethernet ports Enhance Port Performance Supported on OS6900 with 10-Gigabit transceivers (EPP) Maximum Frame Size 1553 bytes (10/100 Mbps) 9216 bytes (1/10/40 Gbps) Ethernet Port Defaults The following table shows Ethernet port default values:...
Page 37 Configuring Ethernet Ports Ethernet Port Defaults Parameter Description Command Default Value/Comments Digital Diagnostics Monitoring interfaces ddm Disabled (DDM) Enhanced Port Performance interfaces Disabled (EPP) OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 1-3...
Page 38: Ethernet Ports Overview
MDI (Media Dependent Interface), which is the standard for end stations. For example: -> interfaces 2/1 crossover auto -> interfaces 2/2-5 crossover mdi -> interfaces 3 crossover mdix page 1-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 39: Setting Interface Line Speed
CLI are cleared; SNMP values are not cleared and continue to main- tain cumulative totals. For example: -> clear interfaces 2/1-3 l2-statistics cli Note that when the cli parameter is not specified both CLI and SNMP statistics are cleared. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 1-5...
Page 40: Enabling And Disabling Interfaces
Traps can be enabled using the interfaces ddm-trap if any of the above values crosses the pre-defined low or high thresholds of the transceiver. For example: -> interfaces ddm-trap enable page 1-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 41: Configuring Flood Rate Limiting
Note. The OmniSwitch currently does not support the transmitting of PAUSE frames. Note that if autonegotiation and flow control are both enabled for an interface, then autonegotiation deter- mines how the interface processes PAUSE frames.
Page 42: Enabling And Disabling Enhanced Port Performance (Epp)
Enable EPP - If it’s determined that the issue is with the link parter, enable EPP. EPP - Product and Transceiver Support Only certain transceivers support enabling EPP. Additionally, depending on the revision of the OmniSwitch, there are port restrictions due to the power requirements of enabling EPP as shown in the table below. Product...
Page 43: Configuring Energy Efficient Ethernet (802.3Az)
• Disconnect cable from link partner Copper Cable • Connect free cable end to unused port of OS6900 • View the Link-Quality Good - The link partner should be diagnosed and enabling EPP may help. Fair or Poor - The direct-attached copper cable should be replaced.
Page 44 The LLDP option in IEEE 802.3az standard is not currently supported. To enable the EEE capability on the switch use the interfaces eee command. For example, enter: -> interfaces 1/1 eee enable page 1-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 45: Clearing Ethernet Port Violations
To clear all the MAC address violation logs and activate the port or link aggregate, use the interfaces wait-to-shutdown command. For example: -> clear violation port 1/10 -> clear violation linkagg 10-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 1-11...
Page 46: Link Monitoring
-> interfaces 1/1 link-monitoring link-flap-threshold 5 In this example, the port is shutdown if the number of link flaps exceeds the threshold value of five during the link monitoring window timeframe. page 1-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 47: Monitoring Window
• An interface recovers from a violation due to the automatic recovery timer mechanism. • An interface is made operationally up when the cable is plugged in. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 1-13...
Page 48: Configuring The Wait-To-Shutdown Timer
• The timer value can be modified when the WTS timer is running; however, the new timer value does not take effect until after the current running timer expires. page 1-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 49 -> interfaces 1/1 wait-to-shutdown 30000 To disable the WTR timer mechanism, set the timer value to zero. For example: -> interfaces 1/1 wait-to-shutdown 0 By default, the WTS time is disabled. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 1-15...
Page 50: Displaying Link Monitoring Information
Displays the administrative status, link status, violations, recovery time, maximum recovery attempts and the value of the wait-to-restore timer. For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. Link Fault Propagation The Link Fault Propagation (LFP) feature provides a mechanism to propagate a local interface failure into another local interface.
Page 51: Interaction With Interfaces Violation Recovery
WTR timer has expired. “Clearing Ethernet Port Violations” on page 1-11 for information of clearning port violations. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 1-17...
Page 52: Configuring Link Fault Propagation
Destination Port(s) : 0/3 1/10-13, Group-Src-Ports Status : up, Admin Status : enable, Wait To Shutdown : 10 See the OmniSwitch CLI Reference Guide for more information about LFP commands. page 1-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 53: Lfp Application Example
To allow the switch to use the standby interface the link on OS-1 would need to be disabled so that interface 1/1 on the access switch leaves the LACP group. -> link-fault-propagation group 1 source port 2/1 3/1 destination linkagg 1 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 1-19...
Page 54 Link Fault Propagation Configuring Ethernet Ports page 1-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 55: Chapter 2 Configuring Udld
• “Clearing UDLD Statistics” on page 2-8. • “Verifying the UDLD Configuration” on page 2-8. • “Verifying the UDLD Configuration” on page 2-8. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 2-1...
Page 56: Udld Specifications
Disabled UDLD status of a port udld port Disabled UDLD operational mode udld mode Normal Probe-message advertisement timer udld probe-timer 15 seconds Echo-based detection timer udld echo-wait-timer 8 seconds page 2-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 57: Quick Steps For Configuring Udld
-> show udld statistics port 1/42 UDLD Port Statistics Hello Packet Send Echo Packet Send Flush Packet Recvd UDLD Neighbor Statistics Neighbor ID Hello Pkts Recv Echo Pkts Recv --------------+--------------------+-------------- OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 2-3...
Page 58: Udld Overview
On fiber-optic or twisted-pair links, one of the interfaces cannot send or receive traffic. • On fiber-optic or twisted-pair links, one of the interfaces is down while the other is up. • One of the fiber strands in the cable is disconnected. page 2-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 59: Mechanisms To Detect Unidirectional Links
UDLD restarts the link-up sequence to re-synchronize with potentially out-of-sync neighbors. UDLD shuts down the port, after the continuous messages, if the link state is undetermined. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 2-5...
Page 60: Enabling And Disabling Udld
• “Verifying the UDLD Configuration” on page 2-8. Note. See the “UDLD Commands” chapter in the OmniSwitch CLI Reference Guide for complete documentation of UDLD CLI commands. Enabling and Disabling UDLD By default, UDLD is disabled on all switch ports. To enable UDLD on a switch, use the udld command.
Page 61: Configuring The Operational Mode
Use the no form of this command to reset the timer. For example, the following command resets the timer for port 6 of slot 4: -> no udld port 4/6 echo-wait-timer The following command resets the timer for multiple ports: -> no udld port 1/8-21 echo-wait-timer OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 2-7...
Page 62: Clearing Udld Statistics
Displays the UDLD status for all ports or for a specific port. For more information about the resulting display from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show udld configuration port and show udld statistics port commands is also given in “Quick Steps for Configuring UDLD”...
Page 63: In This Chapter
“Configuring MAC Address Table Aging Time” on page 3-7. • “Configuring the Source Learning Status” on page 3-8. • “Increasing the MAC Address Table Size” on page 3-9. • “Displaying Source Learning Information” on page 3-10. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 3-1...
Page 64: Managing Source Learning
Source Learning Specifications Managing Source Learning Source Learning Specifications The functionality described in this chapter is supported on the OmniSwitch unless otherwise stated in the following Specifications table or specifically noted within any section of this chapter. Platforms Supported OmniSwitch 10K, 6900 RFCs supported 2674—Definitions of Managed Objects for Bridges with...
Page 65: Mac Address Table Overview
MAC address in the display output. The asterisk indicates that this is an invalid MAC address. When the port link comes up, however, the MAC address is then considered valid and the asterisk no longer appears next to the address in the display. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 3-3...
Page 66: Configuring Static Mac Addresses
For more information about this command, see the OmniSwitch CLI Reference Guide. Static MAC Addresses on Link Aggregate Ports Static MAC Addresses are not assigned to physical ports that belong to a link aggregate. Instead, they are assigned to a link aggregate ID that represents a collection of physical ports.
Page 67: Using Static Multicast Mac Addresses
-> mac-learning vlan 20 port 1/1 multicast mac-address 01:25:9a:5c:2f:10 Use the no form of the mac-learning multicast mac-address command to delete static multicast MAC address entries: -> no mac-learning vlan 20 port 1/1 multicast mac-address 01:25:9a:5c:2f:10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 3-5...
Page 68: Static Multicast Mac Addresses On Link Aggregate Ports
To verify the static MAC address configuration and other table entries, use the show mac-learning show mac-learning commands. For more information about these commands, see the OmniSwitch CLI Reference Guide. Static Multicast MAC Addresses on Link Aggregate Ports Static multicast MAC addresses are not assigned to physical ports that belong to a link aggregate. Instead, they are assigned to a link aggregate ID that represents a collection of physical ports.
Page 69: Configuring Mac Address Table Aging Time
VLANs back to the default value: -> mac-learning aging-time default To display the aging time value use the show mac-learning aging-time command. For more information about this command, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 3-7...
Page 70: Configuring The Source Learning Status
Statically configured MAC addresses are not cleared when source learning is disabled for the port or aggregate. In addition, configuring a new static MAC address is allowed even when source learning is disabled. page 3-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 71: Increasing The Mac Address Table Size
Increasing the MAC Address Table Size Increasing the MAC Address Table Size There are two source learning modes available for the OmniSwitch: centralized and distributed. Enabling the distributed mode for the switch increases the table size for the switch. To enable the distributed MAC source learning mode for the chassis, use the mac-learning mode command.
Page 72: Displaying Source Learning Information
Displays the current status of the distributed MAC source learning mode. For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. page 3-10 OmniSwitch AOS Release 7 Network Configuration Guide...
Page 73: Chapter 4 Configuring Vlans
This chapter describes how to define and manage VLAN configurations through the Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. Configuration procedures described in this chapter include: •...
Page 74: Configuring Vlans
VLAN Spanning Tree state spantree vlan admin-state Enabled VLAN IP router interface ip interface None VLAN port associations vlan members untagged All ports initially associated with default VLAN 1. page 4-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 75: Sample Vlan Configuration
To verify that ports 3/2-4 were assigned to VLAN 100, use the show vlan members command. For example: -> show vlan 100 members port type status --------+---------+-------------- default inactive default inactive default inactive OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 4-3...
Page 76: Vlan Management Overview
This eliminates the need to physically change a network device connection or location when adding or removing devices from the VLAN broadcast domain. The OmniSwitch VLAN management software handles the following VLAN configuration tasks: •...
Page 77: Adding/Removing A Vlan
4-10. To view a list of VLANs already configured on the switch, use the show vlan command. See “Verifying the VLAN Configuration” on page 4-13 for more information. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 4-5...
Page 78: Enabling/Disabling The Vlan Administrative Status
-> vlan 455 name “Marketing IP Network” Assigning Ports to VLANs The OmniSwitch supports static assignment of physical switch ports to a VLAN. Once the assignment occurs, a VLAN port association (VPA) is created and tracked by VLAN management software on each switch.
Page 79: Changing The Default Vlan Assignment For A Port
802.1Q tagging (or trunking), allows a single network link to carry traffic for multiple VLANs. The OmniSwitch implements the IEEE 802.1Q standard for sending frames through the network tagged with VLAN identification. This section details procedures for configuring and monitoring 802.1Q tagging on a single switch port or link aggregate group.
Page 80 To display all VLANs, enter the following command: -> show vlan port Note. The link aggregation group must be created first before it can be set to use 802.1Q tagging page 4-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 81: Enabling/Disabling Spanning Tree For A Vlan
VLAN 10: -> mac-learning vlan 10 disable Disabling source learning on a VLAN causes the VLAN to be flooded with unknown unicast traffic. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 4-9...
Page 82: Configuring Vlan Ip Interfaces
If a VLAN does not have an IP interface, the ports associated with that VLAN are in essence firewalled from other VLANs. For information about configuring IP interfaces, see Chapter 15, “Configuring IP.” page 4-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 83: Bridging Vlans Across Multiple Switches
The Spanning Tree algorithm determined that if all connections between switches were active, a network loop would exist that could cause unnecessary broadcast traffic on the network. The path between Switch OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 84 This is how a logical grouping of users can traverse a physical network setup without routing and is one of the many benefits of using VLANs. page 4-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 85: Verifying The Vlan Configuration
Does not apply to fixed ports. The following example displays VPA information for all ports in VLAN 200: -> show vlan 200 members port type status --------+---------+-------------- 3/24 default inactive 5/12 qtagged blocking OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 4-13...
Page 86 • VLAN 200 is an 802.1Q-tagged VLAN for port 5/12, which is an active port but currently blocked from forwarding traffic. For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. page 4-14...
Page 87: Configuring High Availability Vlans
This chapter describes the basic components of high availability VLANs and how to configure them through the Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. Configuration procedures described in this chapter include: •...
Page 88: High Availability Vlans Specifications
CLI Command Prefix Recognition All high availability VLAN configuration commands with the high availability VLAN prefix support prefix recognition. See the “Using the CLI” chapter in the OmniSwitch AOS Release 7 Switch Management Guide for more information. High Availability Default Values The table below lists default values for high availability VLAN software.
Page 89: Quick Steps For Creating High Availability Vlans
-> vlan 10 members port 1/3 untagged -> vlan 10 members port 1/4 untagged -> vlan 10 members port 1/5 untagged -> server-cluster 1 vlan 10 port 1/3-5 mac-address 01:00:11:22:33:44 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 5-3...
Page 90: High Availability Vlan Overview
The HA VLAN feature on the OmniSwitch provides an elegant and flexible way to connect the server cluster nodes directly to the ingress network. This involves multicasting the service requests on the config- ured ports.
Page 91: Traffic Flows In High Availability Vlan
This provides a high level of availability in that if one of the server connections goes down, the other connections still forward traffic to one of the redundant servers. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 5-5...
Page 92: Configuring High Availability Vlans On A Switch
(the default) a VLAN when you configure it enter vlan followed by the VLAN ID number and enable. For example, to create VLAN 10 and administratively enable it enter -> vlan 10 enable page 5-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 93: Adding And Removing Server Cluster Ports
To assign L3 mode to a high availability VLAN use the server-cluster id command. For example, to assign “L3” mode to the server cluster “2”, enter the command as: -> server-cluster 2 mode l3 -> server-cluster 5 port all OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 5-7...
Page 94: Assigning And Removing Mac Addresses
-> server-cluster mac-address vlan 30 no mac 01:00:00:3f:4c:10. Note. Removing the last MAC address from an HA VLAN is not allowed. Deleting the VLAN is required when there is only one MAC address left. page 5-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 95: Application Examples
In this example, a packet can be an L2 or IP switched packet and Egress port can also be a linkagg port. Create a server cluster that will become the HA VLAN by using the command server-cluster configure the mode. For example: -> server-cluster 1 mode l2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 5-9...
Page 96 -> vlan 10 members port 1/3 untagged -> vlan 10 members port 1/4 untagged -> vlan 10 members port 1/5 untagged -> server-cluster 1 vlan 10 port 1/3-5 mac-address 01:00:11:22:33:44 page 5-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 97: Example 2: Layer 3 Server Cluster
Create a default VLAN for the HA VLAN ports with the vlan command as shown below: -> vlan 12 Assign member ports to the new default VLAN with the vlan members untagged command as shown below: OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 5-11...
Page 98 -> vlan 12 members port 1/5 tagged -> ip interface "vlan 12" -> ip interface "vlan 12" address 10.135.33.13/24 vlan 12 -> server-cluster 2 ip 10.135.33.12 mac-address static 01:00:5e:22:33:44 page 5-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 99: Example 3: Layer 3 Server Cluster With Ip Multicast Address To Cluster (Igmp)
Egress port can be a linkagg port as well. Note. When a server cluster tries to send a bridged or routed packet to itself, a copy of the packet goes back to the sender’s (server cluster) port. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 5-13...
Page 100: Configuration Example
: 01:00:11:22:33:44, Cluster Mac Type : Static, IGMP-Mode : Enabled, Cluster Multicast IP : 225.0.0.23, Administrative State : Enabled, Operational State : Disabled, Operational Flag : No IGMP members page 5-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 101 -> server-cluster 3 igmp-mode enable -> server-cluster 3 ip-multicast 225.0.0.23 Note. In order to process IGMP reports, it is required to enable IP mulitcast by using the ip multicast admin-state enable command. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 5-15...
Page 102: Displaying High Availability Vlan Status
: 12, Administrative State: Enabled, Operational State : Disabled, Operational Flag : VPA is not forwarding Note. For more information on the CLI commands, See the OmniSwitch CLI Reference Guide. page 5-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 103: Chapter 6 Configuring Spanning Tree Parameters
Spanning Tree bridge, VLAN, and port parameter values. It is only necessary to configure the Spanning Tree parameters to change how the topol- ogy is calculated and maintained. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-1...
Page 104: In This Chapter
This chapter provides an overview about how Spanning Tree works and how to configure Spanning Tree parameters through the Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. Configuration procedures described in this chapter include: •...
Page 105: Spanning Tree Specifications
Maximum flat mode Multiple Spanning 16 MSTI, in addition to the Common and Internal Spanning Tree Instances (MSTI) per switch Tree instance (also referred to as MSTI 0). OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-3...
Page 106: Spanning Tree Bridge Parameter Defaults
Type of BPDU to be used on a port when spantree pvst+compatibil- auto (IEEE BPDUs are used per vlan PVST+ mode is enabled until a PVST+ BPDU is detected) page 6-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 107: Multiple Spanning Tree (Mst) Region Defaults
The number of Multiple Spanning Tree spantree msti 0 (flat mode instance) Instances (MSTI) The VLAN to MSTI mapping spantree msti vlan All VLANs are mapped to the Common Internal Spanning Tree (CIST) instance OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-5...
Page 108: Spanning Tree Overview
During the process of calculating the Spanning Tree topology, each port on every bridge is assigned a port role based on how the port and/or its bridge participates in the active Spanning Tree topology. page 6-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 109 Port is included in the active topology. Forwarding Forwarding Port is transmitting and receiving data and is Root, Designated included in the active topology. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-7...
Page 110 When a bridge first comes up, it assumes it is the root and starts transmitting Configuration BPDU on all its active ports advertising its own bridge ID as the root bridge ID. page 6-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 111 BPDU with the TC flag set and the Spanning Tree returns to an active, stable topology. Note. You can restrict the propagation of TCNs on a port. To restrict TCN propagation on a port, see “Configuring STP Port Parameters” on page 6-33. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-9...
Page 112: Topology Examples
If a new switch is added to the network, the Spanning Tree topology is automatically recalculated to include the monitoring of links to the new switch. page 6-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 113 Switch D than the path between Switch B and Switch A. As a result, a network loop is avoided. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 114: Mst General Overview
The following diagrams help to further explain how MSTP works by comparing how port states are determined on per-VLAN STP/RSTP mode, flat mode STP/RSTP, and flat mode MSTP switches. page 6-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 115 • The 4/8 to 5/2 connection and the 4/2 to 5/1 connection are considered redundant connections so they are both blocked in favor of the 3/1 to 2/1 connection. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-13...
Page 116 CIST BPDU contains only MSTI information. “Sample MSTI Configuration” on page 6-49 for more information about how to direct VLAN traffic over separate data paths using MSTP. page 6-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 117: Comparing Mstp With Stp And Rstp
VLANs not mapped to an MSTI are associated with the CIST instance. See “What is the Common and Internal Spanning Tree Instance” on page 6-17 for more information. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-15...
Page 118: What Is A Multiple Spanning Tree Region
The maximum number of hops for the region is not one of the attributes that defines membership in the region. See “Sample MST Region Configuration” on page 6-47 for a tutorial on how to configure MST region parameters. page 6-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 119: What Is The Common Spanning Tree
Configure MSTIs – Every switch has a default Common and Internal Spanning Tree (CIST) instance 0, which is also referred to as MSTI 0. Configuration of additional MSTI is required to segment switch OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 120: Mst Interoperability And Migration
Once the protocol is changed, MSTP features are available for configuration. Multiple Spanning Tree Instances (MSTI) are now configurable for defining data paths for VLAN traffic. See “How MSTP Works” on page 6-12 for more information. page 6-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 121 MSTP. • This implementation of MSTP is compliant with the IEEE 802.1Q 2005 standard and thus provides interconnectivity with MSTP compliant systems. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-19...
Page 122: Spanning Tree Operating Modes
VLAN configuration or tagged VLAN assignments, are considered part of one Spanning Tree instance. To see an example of a flat mode switch with MSTP (802.1s) as the active protocol, see Chapter 6, “Configuring Spanning Tree Parameters.” page 6-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 123: Using Per-Vlan Spanning Tree Mode
However, if a VLAN appears as the configured default VLAN for the port, then BPDU are not tagged and the single Spanning Tree instance applies. To change the Spanning Tree operating mode to per-VLAN, enter the following command: -> spantree mode per-vlan OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-21...
Page 124: Using Per-Vlan Spanning Tree Mode With Pvst
The PVST+ compatibility mode allows OmniSwitch ports to operate in the per-VLAN mode when connected to another OmniSwitch or in the Cisco PVST+ mode when connected to a Cisco switch. As a result, both the Alcatel-Lucent per-VLAN and Cisco PVST+ modes can co-exist on the same OmniSwitch and interoperate correctly with a Cisco switch using the standard Spanning Tree protocols (STP or RSTP).
Page 125: Omniswitch Pvst+ Interoperability
Cisco uses the standard IEEE BPDU format for the native VLAN (VLAN 1) over an 802.1Q trunk. Thus, by default the Common Spanning Tree (CST) instance of the native VLAN 1 for all Cisco switches and the STP instance for the default VLAN of a port on an OmniSwitch interoperates and successfully creates a loop-free topology.
Page 126 OmniSwitch running in per-VLAN PVST+ mode. • Both Cisco and OmniSwitch support two default path cost modes; long or short. It is recommended that the same default path cost mode be configured in the same way on all switches so that the path costs for similar interface types are consistent when connecting ports between OmniSwitch and Cisco Switches.
Page 127: Using Spanning Tree Configuration Commands
Primary port functionality. The path cost assigned to the aggregate link is not the same between OmniSwitch and Cisco switches since vendor-specific formulas are used to derive the path cost. Manual configuration is recommended to match the Cisco path cost assignment for an aggregate link.
Page 128: Configuring Stp Bridge Parameters
VLANs and all active ports are then excluded from any Spanning Tree calculations and remain in a forwarding state. The following is a summary of Spanning Tree bridge configuration commands. For more information about these commands, see the OmniSwitch CLI Reference Guide. Commands Used for ...
Page 129: Selecting The Spantree Protocol
Multiple Spanning Tree Instance (MSTI). In both cases, the default priority value is assigned. Note that priority value for an MSTI must be a multiple of 4096. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 130: Configuring The Bridge Hello Time
(per-VLAN or flat). For example, the following commands change the hello time value for the flat mode instance to 10: page 6-28 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 131: Configuring The Bridge Max-Age Time
Therefore, if this value is changed for the root bridge, all other bridges associated with the same instance adopt this value as well. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 132: Enabling/Disabling The Vlan Bpdu Switching Status
For example, the following commands enable BPDU switching on VLAN 10 and disable it on VLAN 20: -> spantree vlan 10 bpdu-switching enable -> spantree vlan 20 bpdu-switching disable page 6-30 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 133: Configuring The Path Cost Mode
32-bit: -> spantree path-cost-mode 32bit Note. Cisco supports two default path cost modes: long or short just like in OmniSwitch per vlan implementation. If you have configured PVST+ mode in the OmniSwitch, it is recommended that the same default path cost mode must be configured in the same way in all the switches, so that, the path costs for similar interface types are consistent when connecting ports between OmniSwitch and Cisco Switches.
Page 134 The exception to this is if the port path cost is administratively set to zero, which resets the path cost to the default value. In addition, AVC does not have any effect on root bridges. page 6-32 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 135: Configuring Stp Port Parameters
Port state (forwarding or blocking) is dynamically determined by the Spanning Tree Algorithm, not manually set. The following is a summary of Spanning Tree port configuration commands. For more information about these commands, see the OmniSwitch CLI Reference Guide. Commands Used for ...
Page 136: Enabling/Disabling Spanning Tree On A Port
(per-VLAN or flat). For exam- ple, the following command disables the Spanning Tree status on port 1/24 for the flat mode instance: -> spantree cist port 1/24 disable page 6-34 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 137: Spanning Tree On Link Aggregate Ports
-> spantree vlan 755 linkagg 10 disable For more information about configuring an aggregate of ports, see Chapter 7, “Configuring Static Link Aggregation,” Chapter 8, “Configuring Dynamic Link Aggregation.” OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-35...
Page 138: Configuring Port Priority
-> spantree vlan 755 linkagg 10 priority 9 For more information about configuring an aggregate of ports, see Chapter 7, “Configuring Static Link Aggregation,” Chapter 8, “Configuring Dynamic Link Aggregation.” page 6-36 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 139: Configuring Port Path Cost
To change the port path cost value for the flat mode instance regardless of which mode (per-VLAN or flat) is active for the switch, use the spantree cist path-cost command. For example, the following command OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-37...
Page 140: Path Cost For Link Aggregate Ports
Note that for Gigabit ports the aggre- gate size is not applicable in this case: Aggregate Size Default Path Link Speed (number of links) Cost Value 10 Mbps page 6-38 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 141 -> spantree vlan 755 linkagg 10 path-cost 19 For more information about configuring an aggregate of ports, see Chapter 7, “Configuring Static Link Aggregation,” Chapter 8, “Configuring Dynamic Link Aggregation.” OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-39...
Page 142: Configuring Port Mode
-> spantree vlan 755 linkagg 10 mode blocking For more information about configuring an aggregate of ports, see Chapter 7, “Configuring Static Link Aggregation,” Chapter 8, “Configuring Dynamic Link Aggregation.” page 6-40 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 143: Configuring Port Connection Type
For example, the following command defines the connection type for port 8/1 associated with VLAN 10. -> spantree vlan 10 port 8/1 connection autoptp OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-41...
Page 144: Configuring The Edge Port Status
-> spantree vlan 10 port 8/23 auto-edge enable -> spantree vlan 10 port 8/23 admin-edge disable Note. If auto-edge is enabled on a port, then the admin-edge value is overridden. page 6-42 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 145: Restricting Port Roles (Root Guard)
Both of these commands apply to all ports and link aggregates and are supported when the switch is running in either the per-VLAN mode or the flat mode. For example: -> spantree cist txholdcount 5 -> spantree vlan 10 txholdcount 5 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-43...
Page 146: Sample Spanning Tree Configuration
Ports 2/1-3, 2/8-10, 3/1-3, and 3/8-10 provide connections to other switches and are all assigned to VLAN 255 on their respective switches. The Spanning Tree administrative status for each port is enabled by default. page 6-44 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 147: Example Network Configuration Steps
-> vlan 255 members port 2/1-3 untagged Change the Spanning Tree protocol for VLAN 255 to RSTP (Rapid Spanning Tree Protocol) on each switch using the following command: -> spantree vlan 255 protocol rstp OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-45...
Page 148 Cnx Edg Desig Bridge ID -----+---+---+----+----+-----+-----+----+-----+---+---+---------------------- 7 ENA FORW ROOT NPT Edg 000A-00:d0:95:00:00:01 7 ENA BLOCK BACK NPT No 8000-00:d0:95:00:00:04 3/10 7 ENA BLOCK ALTN 3/10 NPT No 8000-00:d0:95:00:00:03 page 6-46 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 149: Sample Mst Region Configuration
For example: -> spantree mst region name “Alcatel Marketing” Configure the MST Region revision level using the spantree mst region revision-level command. For example: -> spantree mst region revision-level 2000 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-47...
Page 150 Revision Max hops = 3, Cist Instance Number All switches configured with the exact same values as shown in the above example are considered members of the Alcatel-Lucent Marketing MST region. page 6-48 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 151: Sample Msti Configuration
200, and 250 on Switch A: -> vlan 100 members port 3/1 untagged -> vlan 150 members port 4/2 untagged -> vlan 200 members port 4/8 untagged -> vlan 250 members port 2/12 untagged OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-49...
Page 152 MSTI 1 selects one of the data paths between its VLANs as the best path, rather than the CIST data paths, as shown in the diagram on page 6-51. page 6-50 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 153 Another solution to this scenario is to assign all VLANs to an MSTI, leaving no VLANs controlled by the CIST. As a result, the CIST BPDU contains only MSTI information. See “How MSTP Works” on page 6-12 for more information. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 6-51...
Page 154: Verifying The Spanning Tree Configuration
(per-VLAN or flat) for the switch For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show spantree vlan and show spantree vlan ports commands is also given in “Example Network Configuration Steps”...
Page 155: Configuring Static Link Aggregation
This chapter describes the basic components of static link aggregation and how to configure them through the Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. Configuration procedures described in this chapter include: •...
Page 156: Static Link Aggregation Specifications
The table below lists default values and the commands to modify them for static aggregate groups. Parameter Description Command Default Value/Comments Administrative State linkagg static agg admin-state enabled Group Name linkagg static agg name No name configured page 7-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 157: Quick Steps For Configuring Static Link Aggregation
-> linkagg static port 1/9-12 agg 1 Create a VLAN for this static link aggregate group with the vlan members command. For example: -> vlan 10 members default 1 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 7-3...
Page 158 And an example of what these commands look like entered sequentially on the command line on the remote switch: -> linkagg static agg 1 size 4 -> linkagg static port 1/9-12 agg 1 -> vlan 10 port default 1 page 7-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 159: Static Link Aggregation Overview
• an OmniSwitch 10000 switch and an early-generation Alcatel-Lucent switch. Note. Static aggregate groups cannot be created between an OmniSwitch and some switches from other vendors. The figure below shows a static aggregate group that has been configured between Switch A and Switch B.
Page 160: Relationship To Other Features
“Modifying Static Aggregation Group Parameters” on page 7-9 for more information. Note. See the “Link Aggregation Commands” chapter in the OmniSwitch CLI Reference Guide for complete documentation of CLI commands for link aggregation. Configuring Mandatory Static Link Aggregate Parameters When configuring static link aggregates on a switch you must perform the following steps: Create the Static Aggregate Group on the Local and Remote Switches.
Page 161: Creating And Deleting A Static Link Aggregate Group
-> linkagg static agg 5 size 8 name static1 admin-state disable Note. If you want to specify spaces within a name for a static aggregate group the name must be specified within quotes (for example, “Static Aggregate Group 5”). OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 7-7...
Page 162: Adding And Deleting Ports In A Static Aggregate Group
-> no linkagg static port 1/24 -> no linkagg static port 1/23 -> no linkagg static port 1/22 page 7-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 163: Modifying Static Aggregation Group Parameters
To disable a static aggregate group by entering linkagg static agg followed by the number of the group and admin-state disable. For example, to disable static aggregate group 1, enter: -> linkagg static agg 1 admin-state disable OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 7-9...
Page 164: Application Example
-> vlan 8 members linkagg 1 tagged Repeat steps 1 through 4 on Switch B. Substitute the port numbers of the commands with the appropriate port numbers of Switch B. page 7-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 165: Displaying Static Link Aggregation Configuration And Statistics
These detailed views provide excellent tools for diagnosing and troubleshooting problems. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 7-11...
Page 166 Port position in the aggregate : 0, Primary port : YES Note. See the “Link Aggregation Commands” chapter in the OmniSwitch CLI Reference Guide for complete documentation of show commands for link aggregation. page 7-12 OmniSwitch AOS Release 7 Network Configuration Guide...
Page 167: Configuring Dynamic Link Aggregation
This chapter describes the basic components of dynamic link aggregation and how to configure them through the Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. Configuration procedures described in this chapter include: •...
Page 168: Dynamic Link Aggregation Specifications
Maximum number of link aggregation groups Maximum number of ports per link aggregate Number of ports per group when maximum groups are configured Maximum number of linkagg ports per system page 8-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 169: Dynamic Link Aggregation Default Values
Actor Port Priority linkagg lacp port actor port priority Partner Port Administrative Port linkagg lacp port partner admin- port Partner Port Priority linkagg lacp port partner admin port-priority OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 8-3...
Page 170: Quick Steps For Configuring Dynamic Link Aggregation
-> linkagg lacp port 8/3 actor admin-key 5 Create a VLAN for this dynamic link aggregate group with the vlan command. For example: -> vlan 2 members linkagg 2 page 8-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 171 -> linkagg lacp port 6/1-2 actor admin-key 5 -> linkagg lacp port 7/3 actor admin-key 5 -> linkagg lacp port 8/1 actor admin-key 5 -> vlan 2 port default 2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 8-5...
Page 172: Dynamic Link Aggregation Overview
The figure on the following page shows a dynamic aggregate group that has been configured between Switch A and Switch B. The dynamic aggregate group links four ports on Switch A to four ports on Switch B. page 8-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 173 OmniSwitch 10K switch and an early-generation Alcatel-Lucent switch. • an OmniSwitch 10K switch and switch of another vendor, if that vendor supports IEEE 802.3ad LACP. “Configuring Dynamic Link Aggregate Groups” on page 8-8 for information on using Command Line Interface (CLI) commands to configure dynamic aggregate groups and see “Displaying Dynamic Link...
Page 174: Relationship To Other Features
“Modifying Dynamic Link Aggregate Group Parameters” on page 8-12 for more information. Note. See the “Link Aggregation Commands” chapter in the OmniSwitch CLI Reference Guide for complete documentation of show commands for link aggregation. page 8-8 OmniSwitch AOS Release 7 Network Configuration Guide...
Page 175: Configuring Mandatory Dynamic Link Aggregate Parameters
-> linkagg lacp agg 3 size 2 actor admin-key 10 Note. The optional keywords for this command can be entered in any order as long as they are entered after size and the user-specified number of links. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 8-9...
Page 176: Configuring Ports To Join And Removing Ports In A Dynamic Aggregate Group
Note. The actor admin-state and partner admin-state keywords have additional parameters, which are described in “Modifying the Actor Port System Administrative State” on page 8-17 “Modifying the Partner Port System Administrative State” on page 8-21, respectively. page 8-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 177: Removing Ports From A Dynamic Aggregate Group
The following is an example of how to delete ports in the proper sequence from the console: -> no linkagg lacp port 4/6 -> no linkagg lacp port 4/5 -> no linkagg lacp port 4/4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 8-11...
Page 178: Modifying Dynamic Link Aggregate Group Parameters
“Modifying the Dynamic Aggregate Group Partner System Priority” on page 8-16) • Group remote (partner) switch system ID (see “Modifying the Dynamic Aggregate Group Partner System ID” on page 8-16) page 8-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 179: Modifying The Dynamic Aggregate Group Name
For example, to disable dynamic aggregate group 4, enter: -> linkagg lacp agg 4 admin-state disable OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 8-13...
Page 180: Modifying The Dynamic Aggregate Group Actor System Priority
For example, to restore the actor system priority to its default value on dynamic aggregate group 4, enter: -> no linkagg lacp agg 4 actor system-priority page 8-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 181: Modifying The Dynamic Aggregate Group Actor System Id
For example, to remove the user-configured partner administrative key from dynamic aggregate group 4, enter: -> no linkagg lacp agg 4 partner admin-key OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 8-15...
Page 182: Modifying The Dynamic Aggregate Group Partner System Priority
For example, to remove the user-configured partner system ID from dynamic aggregate group 4, enter: -> no linkagg lacp agg 4 partner system-id page 8-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 183: Modifying Dynamic Link Aggregate Actor Port Parameters
When this bit (bit 3) is set by the system, the port is allocated to the correct dynamic aggregation group. If this bit is not set by the system, the port is not allocated to the correct dynamic aggregation group. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 8-17...
Page 184 For example, to restore bits 0 (active) and 2 (aggregate) to their default settings on dynamic aggregate actor port 2 in slot 5, enter: -> no linkagg lacp port 5/2 actor admin-state active aggregate page 8-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 185: Modifying The Actor Port System Id
For example, to modify the system priority of dynamic aggregate actor port 5 in slot 2 to 200 you would enter: -> linkagg lacp port 2/5 actor system-priority 200 For example, to modify the system priority of dynamic aggregate actor port 5 in slot 2 to 200, enter: OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 8-19...
Page 186: Modifying The Actor Port Priority
(/), the port number, and no actor port priority. For example, to remove a user-configured actor priority from dynamic aggregate actor port 1 in slot 2 you would enter: -> no linkagg lacp port 2/1 actor port-priority page 8-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 187: Modifying Dynamic Aggregate Partner Port Parameters
If this bit is not enabled, the port is not allocated to the correct aggregation group. By default, this value is disabled. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 8-21...
Page 188 For example, to restore bits 0 (active) and 2 (aggregate) to their default settings on dynamic aggregate partner port 1 in slot 7, enter: -> no linkagg lacp port 7/1 partner admin-state active aggregate page 8-22 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 189: Modifying The Partner Port Administrative Key
00:00:00:00:00:00. The following subsections describe how to configure a user-specified value and how to restore the value to its default value with the linkagg lacp port partner admin system-id command. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 8-23...
Page 190: Modifying The Partner Port System Priority
For example, to modify the administrative priority of dynamic aggregate partner port 49 in slot 4 to 100 and specify that the port is a Gigabit Ethernet port , enter: -> linkagg lacp port 4/49 partner admin-system-priority 100 page 8-24 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 191: Modifying The Partner Port Administrative Status
For example, to modify the port priority of dynamic aggregate partner port 3 in slot 4 to 100 you would enter: -> linkagg lacp port 4/3 partner admin-port priority 100 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 8-25...
Page 192 For example, to remove a user-configured partner port priority from dynamic aggregate partner port 3 in slot 4 you would enter: -> no linkagg lacp port 4/3 partner admin-port priority page 8-26 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 193: Application Examples
Note. Although you need to configure both the local ( Switch A) and remote ( Switches B and C) switches, only the steps to configure the local switch are provided since the steps to configure the remote switches are similar. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 8-27...
Page 194: Link Aggregation And Spanning Tree Example
-> spantree vlan 10 linkagg 5 priority 15 Repeat steps 1 through 5 on Switch B. Substitute the port numbers of the commands with the appropriate port numbers of Switch B. page 8-28 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 195: Link Aggregation And Qos Example
Repeat steps 1 through 9 on Switch C. Use the same commands as mentioned in the previous steps. Substitute the port numbers of the commands with the appropriate port numbers of Switch C. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 196: Displaying Dynamic Link Aggregation Configuration And Statistics
These detailed views provide excellent tools for diagnosing and troubleshooting problems. page 8-30 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 197 When the multi-chassis link aggregation feature is activated on the switch, the show linkagg port command displays the output as MC-Dynamic Aggregable Port. See the “Link Aggregation Commands” chapter in the OmniSwitch CLI Reference Guide for complete documentation of show commands for link aggregation.
Page 198 Displaying Dynamic Link Aggregation Configuration and Statistics Configuring Dynamic Link Aggregation page 8-32 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 199: Chapter 9 Configuring Virtual Chassis
All devices participating in the Virtual Chassis must have a valid license to join the VC. For more information on the components of a Virtual Chassis, see “Virtual Chassis Overview” on page 9-7 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 9-1...
Page 200: In This Chapter
This chapter describes the basic components of a Virtual Chassis and how to configure them through the Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of the commands, see the OmniSwitch CLI Reference Guide. The following information and configuration procedures are included in this chapter: •...
Page 201: Virtual Chassis Specifications
Valid Virtual Chassis protocol hello interval 1-10 Maximum number of member ports per Virtual Fabric Link Licenses Required Advanced Notes: Distributed MAC Learning Mode is not supported on a Virtual Chassis OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 9-3...
Page 202: Virtual Chassis Default Values
Chassis group identifier virtual-chassis chassis-group Chassis priority virtual-chassis configured- chassis-priority Hello-interval virtual-chassis configured- 5 second hello-interval Control VLAN virtual-chassis configured- 4094 control-vlan Default virtual-fabric link virtual-chassis vf-link default- vlan page 9-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 203: Quick Steps For Configuring A Virtual Chassis
Chassis_2-> virtual-chassis vf-link 0 member-port 1/24 Chassis_2-> write memory Chassis_2-> convert-configuration to vc_dir Reload both chassis from the newly created vc_dir directory: Chassis_1-> reload from vc_dir no rollback-timeout Chassis_2-> reload from vc_dir no rollback-timeout OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 9-5...
Page 204 (VFL). Use the -> show virtual-chassis vf-link member-port Chassis/VFLink ID Chassis/Slot/Port Oper Is Primary -------------------+------------------+----------+------------- 1/1/1 1/1/24 2/1/1 2/1/24 page 9-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 205: Virtual Chassis Overview
Virtual Chassis Basic Topology Virtual Chassis Concepts and Components Virtual Chassis is an OmniSwitch feature that requires specific building blocks to provide full functional- ity. The following sections highlight the various components of a Virtual Chassis architecture. Virtual Chassis - The entity consisting of multiple physical switches connected using the virtual-fabric links.
Page 206: Converting To Virtual Chassis Mode
The following shows an example of how to convert two switches that are in standalone mode to virtual chassis mode. • The VFL member ports configuration should reflect the switch’s current physical connections. page 9-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 207 Standalone Mode Virtual Chassis Mode interfaces 1/1 admin-state enabled interfaces 1/1/1 admin-state enabled (chassis 1) interfaces 1/1 admin-state enabled interfaces 2/1/1 admin-state enabled (chassis 2) OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 9-9...
Page 208: Virtual Chassis - Boot-Up
1. Highest chassis priority value 2. Longest chassis uptime 3. Smallest Chassis ID value 4. Smallest chassis MAC address page 9-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 209: Virtual Chassis - Redundancy
“Configuring EMP IP Addresses” on page 9-21 for information on configuring the EMP IP addresses. Also, see the “Split Chassis Detection - OS10K CMMs” on page 9-12 for information on EMP communication between CMMs. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 9-11...
Page 210: Virtual Chassis - Upgrading
The new images are copied to the Slave chassis prior to rebooting and the entire virtual chassis is synchronized when it comes back up. Perform a flash synchronization on the Master chassis so that the Master’s secondary CMM is updated. page 9-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 211: Performing An Issu Upgrade
As a result of this process both chassis are now running with the upgraded code and the Master and Slave chassis will have changed roles. Enter ‘copy running certified flash-synchro’ to certify the configuration. Enter ‘reload chassis-id 2’ to have the original Master resume its Master role. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 9-13...
Page 212: Virtual Chassis Topologies
Tree is not needed in this network because there are no loops. In this topology, the physical loop around the virtual chassis ports and Virtual Fabric Link is prevented. page 9-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 213 Data Center VC In the topology shown below, edge switches are connected through virtual chassis and core switches are dual attached. Corporate Network Virtual Chassis DC Data Center VC OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 9-15...
Page 214: Interaction With Other Features
VFL then no additional ports from the port group can be added to the same VFL and an error will be reported. • When configuring PFC over VFL on an OmniSwitch 6900, the VFL should not have more than 8 ports comprising the VFL. Multicast Load Balancing IP Multicast traffic load balancing may not be optimized on VFL member ports that belong to the same port group as listed in the table above.
Page 215: Virtual Chassis Configuration Guidelines
The following sections provide configuration guidelines to follow when configuring a virtual chassis on an OmniSwitch. The configuration commands related to the virtual chassis functionality vary depending on whether they are executed while a switch is operating in standalone mode (conversion process) or virtual chassis mode (runtime configuration).
Page 216 VFL. Additionally, 10-Gbps and 40-Gbps links cannot be mixed in the same VFL. Any type of 10Gbps or 40-Gbps transceiver or direct-attached cable can be used for creating the VFL. • 10GBase-T ports cannot be members of a VFL. page 9-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 217: Configuring The Chassis Identifier
The duplicate chassis identifier must be corrected by re-configuring the switch locally via EMP port access. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 9-19...
Page 218: Configuring The Virtual Chassis Group Identifier
Failure to adhere to this recommendation will lead the switches whose values depart from the master chassis' settings to assume the Inconsistent role and Misconfigured-Hello-Interval status. page 9-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 219: Configuring The Control Vlan
Configuring the Virtual Chassis EMP IP Address - Virtual Chassis Mode Use the ip interface command to modify the Virtual Chassis EMP IP address as shown below. These commands would be issued after the virtual chassis is operational: OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 9-21...
Page 220 This allows for the graceful removal of the switch from the active virtual chassis topology. page 9-22 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 221: Virtual Chassis Configuration Example
VC_Core-> ip interface master emp address 10.255.100.100 mask 255.255.255.0 VLAN Configuration Now that the virtual chassis group is operational, the rest of the configuration is carried out on the Master chassis. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 9-23...
Page 222: Link Aggregation Configuration
SW1-> linkagg lacp agg 1 actor admin-key 1 SW1-> linkagg lacp port 1/1-4 actor admin-key 1 SW1-> vlan 100 members linkagg 1 untagged SW1-> vlan 200 members linkagg 1 tagged page 9-24 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 223: Displaying Virtual Chassis Configuration And Status
For more information about the output details that result from these commands, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide...
Page 224 Displaying Virtual Chassis Configuration and Status Configuring Virtual Chassis page 9-26 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 225: Configuring Multi-Chassis Link Aggregation
A loop or duplicate packet prevention mechanism is implemented so that non-unicast frames received on the Virtual Fabric Link are not flooded out any local MCLAG ports For more information on components of MCLAG, see “MCLAG Concepts and Components” on page 10-9 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 10-1...
Page 226: In This Chapter
This chapter describes the basic components of MCLAG and how to configure them through the Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. The following information and configuration procedures are included in this chapter: •...
Page 227: Multi-Chassis Link Aggregation Specifications
Maximum number of Virtual Fabric Links Maximum number of ports per Virtual Fabric Link Note. MCLAG between an OS6900 and OS10K is not supported. In addition, each multi-chassis peer switch must run the same version of the OmniSwitch AOS Release 7 software for MCLAG support.
Page 228: Multi-Chassis Link Aggregation Default Values
4094 VLAN range on the virtual fabric multi-chassis vf-link default- 1-4094 vlan Aggregate Identifier ranges linkagg range local peer multi- Local: 0-47 chassis Remote: 48-95 Multi-chassis: 96-127 page 10-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 229: Quick Steps For Configuring Mclag
OS10K [Chassis 1] -> show multi-chassis status Multi-Chassis Operational Configured --------------------+---------------+--------------- Chassis ID Chassis Role Unassigned Status Standalone Chassis-Type OS10K Hello Interval IPC VLAN 4094 4094 Chassis-Group OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 10-5...
Page 230 Is Primary ---------------+--------------+--------------+------------ Disabled 1/17 Disabled Disabled 3/17 Disabled OS10K [Chassis 2] -> show multi-chassis vf-link member-port VFLink ID Slot/Port Oper Is Primary ---------------+--------------+--------------+------------ Disabled 2/17 Disabled Disabled 4/17 Disabled page 10-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 231 Oper Is Primary ---------------+--------------+--------------+------------ 2/17 4/17 OS10K [Chassis 1] -> show multi-chassis status Multi-Chassis Operational Configured ---------------------+---------------------+------------------- Chassis ID Chassis Role Primary Status Hello Interval IPC VLAN 4904 4094 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 10-7...
Page 232 Note. Multi chassis peers in the same domain must maintain identical configuration and operational parameters. Ensure that the mandatory parameters are the same on both peers. For more information, see “Recommended Configuration Parameters” on page 10-33 page 10-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 233: Mclag Overview
MCLAG provides increased bandwidth, load balancing and resiliency for L2 edge devices in a network. An edge switch is dual homed to two Omniswitch through Link Aggregation Control Protocol or Static Aggregation. MCLAG enhances link aggregation by eliminating blocked redundant links to provide fast switch over between edge and core switches without implementing Spanning Tree.
Page 234 PCs, servers, and printers. These devices dual home (active/active) into MCLAG groups aggregated across a pair of OmniSwitch multi-chassis peers. Multi-Chassis Peer Switches are switches that terminate the aggregate links coming from multiple edge devices.
Page 235: Benefits Of Mclag
Port A, it will not be flooded out on either Port B or Port C. Additionally, it cannot be sent back out of the same port where it was received. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 10-11...
Page 236: Mclag Loop Detection
Loop Detection is flagged when the PDU is returned to the transmitting peer, causing the following to occur. • A log message is sent for loop detect event. • A SNMP trap is generated, and • The offending port is shutdown. page 10-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 237: Mclag Topologies
Tree is not needed in this network because there are no loops. In this topology, the physical loop around the MCLAG ports and Virtual Fabric Link is prevented by the MCLAG. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 238 Layer 3 devic es are dual-attached (ECMP L2 Bridging routing) to th e MC-LAG core, but NOT via L3 Routing MC-LAG aggregates. MC-LAG MC-LAG MC-LAG MCLAG at the Aggregation Layer page 10-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 239: Topologies Not Recommended
In the topology shown below, MCLAG is not supported since Spanning Tree cannot run with a “back- door” connection and will result in a loop. Spanning tree cannot run on the dual- homed aggregates. MC-LAG MC-LAG MC-LAG Back-door Connection Causing Physical Loop OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 10-15...
Page 240 This topology introduces the risk of a possible loop indicated by the arrows. Since Spanning Tree will not run over the MCLAG aggregates, this loop cannot be prevented. L2 Bridging MC-LAG MC-LAG MC-LAG MC-LAG MC-LAG Loop!!! Edge Switch to Multiple MCLAG Domains page 10-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 241 The following topology illustrates that Switch B is required to keep separate system resources, such as MAC tables, ports, software applications per virtual domain. MC-LAG Pairs: • A – B • B - C MC-LAG MC-LAG Overlapping MCLAG Switch Pairs OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 10-17...
Page 242: Mclag Packet Flow
Step 3: MAC Learning • Switch M will learn MAC@= MAC on the MCLAG aggregate L • Switch M will learn MAC@= MAC on the MCLAG aggregate L as well. page 10-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 243 IP-based. • MAC addresses learned on an MCLAG aggregate on one of the MCLAG peers are also learned on the other peer on the same MCLAG aggregate. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 10-19...
Page 244 A loop/duplicate packet prevention mechanism is implemented so that non-unicast frames received on the Virtual Fabric Link are not flooded out any local MCLAG ports. • Downstream traffic always prefers the local MCLAG ports, if these are available. page 10-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 245: Interaction With Other Features
Interaction with Other Features Interaction with Other Features This section contains important information about how other OmniSwitch features interact with MCLAG instances. Refer to the specific chapter for each feature to get more detailed information about how to configure and use the feature. MCLAG interaction with other features like: Spanning Tree Protocol •...
Page 246: Multicast
The MC-LAG VLAN VIP is used to create a common IP address for both multi-chassis peer switches. > The SLB VIP is used to create a common IP address for the SLB servers. page 10-22 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 247: High Availability Vlans
The following table provides a list of UNP-related commands, whether or not the command is part of the mandatory configuration required on the local and peer switch, and a brief description of the MCLAG impact if there is a configuration mismatch involving these commands: OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 10-23...
Page 248 Source Learning Commands no mac learning dynamic Optional MAC flush is propagated to the peer switch, so performing this command is not necessary on the peer. page 10-24 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 249: Ipv4
IP address bound to the same VIP VLAN interface. • The VIP VLAN interface is the gateway for devices connected through the respective IP network. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 10-25...
Page 250: Omniswitch Aos Consistency Recommendations
“Recommended Configuration Parameters” on page 10-33. OmniSwitch AOS Release 7 Software Both peer switches operating in a multi-chassis domain must run the same version of the OmniSwitch AOS Release 7 software. OmniSwitch AOS Release 7 Hardware MCLAG is not supported between two different type of OmniSwitch models. For example, only two OmniSwitch 10K or two OmniSwitch 6900 switches can serve as peers within the same multi-chassis domain.
Page 251: Configuring Mclag
• A switch reboot is required after the chassis ID is configured. For information about configuring the Chassis ID, see “Configuring the Chassis ID” on page 10-30 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 10-27...
Page 252 The hello interval parameter must match between chassis peers. The hello protocol runs across the VFL link between the peers. For more information on Virtual Fabric Link, see “Creating the Virtual Fabric Link (VFL)” on page 10-30 page 10-28 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 253 ECMP to upstream L3 networks is highly recommended to: > Eliminate STP on uplinks. > Provide Robust failover. > Load balance upstream traffic. For more information on VIP VLAN, see “Configuring the VIP VLAN” on page 10-32 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 10-29...
Page 254: Configuring The Chassis Id
VLANs configured on the multi-chassis peers as tagged VLANs. To configure the VFL default VLAN, use the multi-chassis vf-link default-vlan command. For example: -> multi-chassis vf-link default-vlan 2 page 10-30 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 255: Configuring The Hello Interval
MCLAG aggregates can be configured using either static or dynamic link aggregation. The key point when configuring the aggregates is that from the edge switch’s point of view, it looks like the edge is connected to a single chassis. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 10-31...
Page 256: Configuring The Vip Vlan
Use the show vlan command to verify the VIP VLAN configuration for the switch. Use the show ip inter- face command to verify the IP interface configuration for VIP VLANs. page 10-32 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 257: Recommended Configuration Parameters
Inconsistency between some of the non-mandatory MCLAG aggregate parameters prevents a particular MCLAG or all MCLAG aggregates from becoming operational. The mandatory parameters for MCLAG and the impact of their violation are: as follows: OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 10-33...
Page 258 LACP System Priority (a constant hard-coded value). Even though not widely used, the management interface provides the ability to change these parameters on a per-aggregate basis. As a result, these parameters are always treated as per-MCLAG aggregate. page 10-34 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 259: Mclag Configuration Examples
OS10K [M2] -> ip interface vlan-30 address 30.30.30.1/24 vlan 30 OS10K [M2] -> ip interface vlan-50 address 50.50.50.2/24 vlan 50 [Configure appropriate routing protocol on VLANs 30 and 50] OS10K [S1] -> vlan 10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 10-35...
Page 260 OS10K [S1] -> linkagg lacp port 1/1-2 actor admin-key 1 OS10K [S1] -> linkagg lacp port 1/3-4 actor admin-key 1 OS10K [S1] -> vlan 10 members linkagg 96 untagged page 10-36 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 261: Example 2: Mclag Group Id Configuration
The topology used in this sample MCLAG configuration is only one of many examples in which a dupli- cate MAC address condition can occur. Configuring a unique group ID for each multi-chassis group is recommended for all MCLAG topologies. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 10-37...
Page 262: Displaying Mclag Configuration And Statistics
Displays the per-multi-chassis aggregate consistency parameters of linkagg both the local and peer chassis given the aggregate identifier. For more information about the output details that result from these commands, see the OmniSwitch CLI Reference Guide. page 10-38 OmniSwitch AOS Release 7 Network Configuration Guide...
Page 263: 11 Configuring Erp
RPL is unblocked to allow the flow of traffic to continue through the ring. Alcatel-Lucent OmniSwitch also supports ERPv2 according to the ITU-T recommendation G.8032 03/2010. ERPv2 implementation helps maintain a loop-free topology in multi-ring and ladder networks that contain interconnection nodes, interconnected shared links, master rings and sub-rings.
Page 264: Erp Specifications
Range for ring ID 1 - 2147483647 Range for remote MEPID 1 - 8191 Range for wait-to-restore timer 1 - 12 minutes Range for guard timer 1 - 200 centi-seconds page 11-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 265: Erp Defaults
The NNI-SVLAN association type ethernet-service svlan nni ERPv2 Defaults: The Ethernet Ring Protection (ERP) erp-ring virtual-channel Enabled Ring Virtual Channel. Revertive mode on a specified node. erp-ring revertive Enabled OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 11-3...
Page 266: Erp Overview
FDB — The Filtering Database that stores filtered data according to the R-APS messages recieved. This database also maintains an association table that identifies the master rings for a given sub-ring. page 11-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 267: Erp Timers
R-APS message to circulate around the ring. This calculated value is required to prevent any looping scenarios within the ring. • Refer to the “ERP Specifications” on page 11-2 for timer defaults and valid ranges. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 11-5...
Page 268: Erp Basic Operation
• All nodes in the ring flush all the dynamic MAC addresses learned on their ring ports. The ring is now operating in the protection mode, as shown below: page 11-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 269: Overlapping Protected Vlans Between Erp Rings On Same Node
Overlapping Protected VLANs Between ERP Rings on same Node In a network where all connected nodes cannot belong to a single ERP ring, the OmniSwitch supports multiple ERP rings with a single shared node. The network example below shows two ERP rings connected with a shared node.
Page 270: Erpv2 Basic Operation
Consider the following OmniSwitch multi-ring and ladder network with the Master or Major Ring with five ring nodes. The Sub-ring, ladder networks, RPLs and Shared Links are also depicted as part of the illustration.
Page 271 When specifying a SVLAN, the configuration must check that the ring port(s) are members of this VLAN, tagged or untagged. The VLAN and VPAs must be created first. Note. All the nodes and ring ports must be configured with the same default or untagged VLAN. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 11-9...
Page 272: Interaction With Other Features
-> erp-ring 1 port1 1/1 port2 1/2 service-vlan 4000 level 2 Interaction With Other Features This section contains important information about interaction of ERP with other OmniSwitch features. Refer to the specific chapter for each feature to get more detailed information about how to configure and use the feature.
Page 273: Quick Steps For Configuring Erp With Standard Vlans
-> vlan 11-20 members port 1/1-2 tagged Enable the ERP ring configuration using the erp-ring enable command. -> erp-ring 1 enable Display the ERP configuration using the show erp command. -> show erp OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 11-11...
Page 274: Quick Steps For Configuring Erp With Vlan Stacking
-> ethernet-service svlan 1002 nni port 1/2-2 Enable the ERP ring configuration using the erp-ring enable command. -> erp-ring 1 enable Display the ERP configuration using the show erp command. -> show erp page 11-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 275: Erp Configuration Overview And Guidelines
The Service VLAN can belong to only one ERP ring at a time and must be a static VLAN. Note that the service VLAN is also a protected VLAN. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 11-13...
Page 276: Configuring An Erp Ring
ERP ring configuration. For more information about this command, see the OmniSwitch CLI Reference Guide. Removing an ERP Ring To delete an ERP ring from the switch configuration, use the no form of the erp-ring command. For example: ->...
Page 277: Configuring An Rpl Port
To verify the RPL node configuration for the switch, use the show erp command. For more information about this command, see the OmniSwitch CLI Reference Guide. Setting the Wait-to-Restore Timer The wait-to-restore (WTR) timer determines the number of minutes the RPL owner waits before blocking the RPL port after the ERP ring has recovered from a link failure.
Page 278: Configuring Erp With Vlan Stacking Nnis
To verify the configured Guard Timer, use the show erp command. For more information about this command, see the OmniSwitch CLI Reference Guide. Configuring ERP with VLAN Stacking NNIs A VLAN Stacking Network Network Interface (NNI) can participate in an ERP ring. However, an NNI is created through an association of a port with an SVLAN.
Page 279: Clearing Erp Statistics
Use the show erp command to verify the configured VLAN Stacking ERP ring configuration. For more information about these commands, see the OmniSwitch CLI Reference Guide. Clearing ERP Statistics To clear ERP statistics for all rings in the switch, use the clear erp statistics command.
Page 280: Erpv2 Configuration Overview And Guidelines
ERPv2 Configuration Overview and Guidelines The following section details the guidelines and prerequisites for configuring ERPv2 and details on how to configure the ERPv2 related parameters using OmniSwitch CLI. Configuring the sample ERPv2 ring network involves the following tasks: Optional: Configure tagged ports or link aggregate ports before configuring ERP.
Page 281: Sample Switch Configuration
Step 4 : Enable the rings. -> erp-ring 1 enable -> erp-ring 2 enable Note. The traffic VLANs could be added or deleted as needed at any time during the configuration. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 11-19...
Page 282 Interconnection Node of the Sub-Ring When virtual channel is disabled, R-APS message received from sub-ring ports are processed but not flooded to major ring. For example, -> erp-ring 3 virtual-channel disable page 11-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 283 When the command is accepted, the RPL owner node blocks its RPL port, and transmits an R-APS (NR, RB) message in both directions. Upon receiving the R-APS (NR, RB), each node unblocks its blocking ports and performs a flush operation when applicable. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 11-21...
Page 284: Sample Ethernet Ring Protection Configuration
Assign VLANs 11-20 as a protected VLANs to ERP ring 1. Use the default settings for the guard timer and WTR timer values. These values can be adjusted as necessary. page 11-22 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 285: Example Erp Configuration Steps
Ring Port Type : non-rpl, Ethoam Event : disabled The above command shows the forwarding status of the port, the type of ring port (RPL or non-RPL), and ETHOAM event status. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 11-23...
Page 286: Sample Erpv2 Ring Configuration
Switch A and B form a shared link. • Switch B is configured to be the main RPL node. • Switches A, B, F, and G form the Sub Ring. page 11-24 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 287: Configuring Shared Link
Sample ERPv2 Ring Configuration The following sub-sections provide the details on prerequisites and different configurations for switches to set up an ERPv2 ring network, using Alcatel-Lucent OmniSwitch CLI commands. Configuring Shared Link The following configurations must be performed on Switch A and Switch B.
Page 288: Configuring Switches In Main Ring
-> vlan 200-400 members port 1/1 tagged -> vlan 200-400 members port 1/6 tagged -> erp-ring 2 port1 1/1 port2 1/6 service-vlan 200 level 1 -> erp-ring 2 enable page 11-26 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 289: Verifying The Erp Configuration
Displays a list of SVLANs configured for the switch. For more information about the displays that result from these commands, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 11-27...
Page 290 Verifying the ERP Configuration Configuring ERP page 11-28 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 291: 12 Configuring Mvrp
This chapter describes the MVRP feature and how to configure it through the Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. This chapter provides an overview of MVRP and includes the following information: •...
Page 292: Mvrp Specifications
MVRP Specifications Configuring MVRP MVRP Specifications IEEE Standards Supported IEEE 802.1ak-2007 Amendment 7: Multiple Registration Protocol IEEE 802.1Q-2005 Corrigendum 2008 Platforms Supported OmniSwitch 10K, 6900 Maximum MVRP VLANs 4094 page 12-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 293: Mvrp Defaults
Restrict VLAN advertisement mvrp restrict-vlan-advertise- not restricted ment Restrict static VLAN registration mvrp static-vlan-restrict By default, ports are assigned to the static VLAN based on MVRP PDU processing. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 12-3...
Page 294: Quick Steps For Configuring Mvrp
LeaveAll Timer (msec) : 30000, Periodic Timer (sec) : 1, Periodic Tx Status : disabled See the OmniSwitch CLI Reference Guide for information about the fields in this display. page 12-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 295: Mrp Overview
However, the forwarding port does not join that VLAN on its own until an advertisement for that VLAN is received on that same port. The following example illustrates the VLAN advertisements. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 12-5...
Page 296 30 Port 5 receives the advertisement and Switch C creates VLAN 50 as a dynamic VLAN. Port 5 of Switch C becomes a member of VLAN 50. page 12-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 297 Dynamic Learning of VLAN 50 Note. Every port on a switch is not a member of all the VLANs. Only those ports that receive the advertisement become members of the VLAN being advertised. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 12-7...
Page 298: Interaction With Other Features
Configuring MVRP Interaction With Other Features This section contains important information about how other OmniSwitch features interact with MVRP. Refer to the specific chapter for each feature to get more detailed information about how to configure and use the feature.
Page 299: Configuring Mvrp
If this operation is not done, the VLANs learned earlier are maintained. To modify the maximum number of dynamic VLANs the switch is allowed to create, use the mvrp maximum-vlan command as shown: -> mvrp maximum-vlan 150 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 12-9...
Page 300: Configuring Mvrp Registration
Applicant Mode : participant, Join Timer (msec) : 600, Leave Timer (msec) : 1800, LeaveAll Timer (msec) : 30000, Periodic Timer (sec) : 1, Periodic Tx status : disabled page 12-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 301: Configuring The Mvrp Applicant Mode
Ports in the MVRP active applicant state send MVRP VLAN declarations even when they are in the STP blocking state, thereby preventing the STP bridge protocol data units (BPDUs) from being pruned from the other ports. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 12-11...
Page 302: Modifying Mvrp Timers
The Join timer value of port 1/2 is now set to 600 ms. To set the Leave timer value of port 1/2 to 1800 ms, enter the command as shown: -> mvrp port 1/2 timer leave 1800 page 12-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 303: Restricting Vlan Registration
-> mvrp port 1/9 static-vlan-restrict vlan 5 Note. This command does not apply to dynamic VLANs. Here, the port 1/9 is restricted from becoming a MVRP member of VLAN 5. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 12-13...
Page 304: Restricting Vlan Advertisement
To enable the propagation of dynamic VLANs on the specified port, use the no form of the command. To restrict VLAN 5 from being propagated to port 1/1, enter the command as shown: -> no mvrp port 1/1 restrict-vlan-advertisement vlan 5 page 12-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 305: Verifying The Mvrp Configuration
Clears MVRP statistics for all the ports, an aggregate of ports, or a specific port. For more information about the output details that result from these commands, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide...
Page 306 Verifying the MVRP Configuration Configuring MVRP page 12-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 307: 13 Configuring 802.1Ab
“Setting the Transmit Delay” on page 13-10. • “Setting the Reinit Delay” on page 13-10. • “Setting the Notification Interval” on page 13-10. • “Verifying 802.1AB Configuration” on page 13-11. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 13-1...
Page 308: 802.1Ab Specifications
Disable Management TLV lldp tlv management Disable 802.1 TLV lldp tlv dot1 Disable 802.3 TLV lldp tlv dot3 Disable LLDP Media Endpoint Device lldp tlv med Disable page 13-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 309: Quick Steps For Configuring 802.1Ab
System Name = (null), System Description = (null), Capabilites Supported = none supported, Capabilites Enabled = none enabled, For more information about this display, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 13-3...
Page 310: 802.1Ab Overview
Port Description TLV • System Name TLV • System Description TLV • System capabilities TLV • Management address TLV Note. This optional TLV set is required for all LLDP implementation. page 13-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 311: Lldp-Media Endpoint Devices
"plug and play" networking. This is achieved by advertising the VLAN information. • Device location discovery to allow creation of location databases for VoIP, E911 services. • Extended and automated power management of Power-over-Ethernet endpoints. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 13-5...
Page 312: Lldp Agent Operation
TTL mentioned in the previous LLDPDU, then the local device discards the related entry from its database. This is called the aging time and can be set by the user. page 13-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 313: Configuring 802.1Ab
TLVs transmission in the LLDPDUs on a specific port, a slot, or all ports on a switch. When enabled, the LLDPDU administrative status must be in the transmit state. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 13-7...
Page 314: Enabling And Disabling 802.1 Tlv
-> lldp port 2/4 tlv dot3 mac-phy enable To disable the 802.3 TLV on a switch, enter the lldp tlv dot3 command, as shown: -> lldp chassis tlv dot3 mac-phy disable page 13-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 315: Enabling And Disabling Med Tlv
TLV to advertise an 802.1p priority value for specific protocols on a specific port, a slot, or all ports on a switch. The LLDPDU administrative status must be enabled and set to transmit and receive before using OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 316: Setting The Transmit Interval
For example, to set the notification value to 130 seconds, enter: -> lldp notification interval 130 Note: In a specified interval, generating more than one notification-event is not possible. page 13-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 317: Verifying 802.1Ab Configuration
Displays Application Priority TLV information of the remote system. For more information about the resulting display, see Chapter 13, “802.1AB Commands,” in the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 13-11...
Page 318 Verifying 802.1AB Configuration Configuring 802.1AB page 13-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 319: Configuring Dynamic Automatic Fabric
After LACP discovery window expires, SPB auto discovery will occur if enabled. Then, MVRP auto discovery will occur if enabled. For more information on Auto-Fabric, see “Auto-Fabric Overview” on page 14-7 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 14-1...
Page 320: In This Chapter
This chapter describes the basic components of Auto-Fabric and its operation and configuration through the Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of the commands, see the OmniSwitch CLI Reference Guide. The following information and configuration procedures are included in this chapter: •...
Page 321: Auto-Fabric Specifications
Auto-Fabric Specifications Auto-Fabric Specifications The table below lists specifications for Auto-Fabric: Platforms Supported OmniSwitch 10K, 6900 Modes Supported Standalone or Virtual Chassis Ports Supported Ports with default configuration Notes: OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 14-3...
Page 322: Auto-Fabric Default Values
Auto-fabric configuration save inter- auto-fabric config-save inter- 300 seconds Auto-fabric configuration save auto-fabric config-save admin- disabled administrative state state Auto-fabric discovery interval auto-fabric discovery-interval 1 minute page 14-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 323: Quick Steps For Configuring Auto-Fabric
-> auto-fabric discovery interval 30 The discovered configuration can automatically be saved to the configuration file periodically for spec- ified intervals. -> auto-fabric config-save admin-state enable -> auto-fabric config-save interval 3000 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 14-5...
Page 324 Auto-Fabric Status : Pending Admin-Status Global : Enabled, Port : Enabled LACP Global : Enabled, Port : Enabled SPB-M Global : Enabled, Port : Enabled MVRP Global : Enabled, Port : Enabled page 14-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 325: Auto-Fabric Overview
If only an MVRP configuration is discovered on a port and there are no VLAN registrations for that port, during the next discovery window the MVRP configuration will be removed and the auto-discov- ery process will again run on that port. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 14-7...
Page 326: Auto-Fabric Discovery Window
For a port which has MVRP enabled through auto-fabric but no VLAN registrations, if the removal of MVRP would result in the port returning to its default state, then auto-fabric will be enabled on that port. page 14-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 327: Auto-Fabric Discovery Examples
OS6900 Auto-fabric in the Core OS6900 with no boot.cfg configuration file, auto-fabric enabled by default. The switch has multiple connections to the core (which has auto-fabric enabled on the connected ports). LLDP exchanges port properties and auto discovers LACP ports.
Page 328: The Core Is Manually Configured For Lacp, Spb, And Mvrp
LLDP runs on the edge switch, the core may or may not have LLDP enabled. LACP is manually configured on core and sends LACP frames to OS6900. OS6900 honors the LACP frames since it is running auto-fabric and forms LAG with ports with same admin key. There could be multiple or single LAG groups based on the admin key advertised.
Page 329: Interaction With Other Features
Neighbor device is also booting up with this device (Max aggregate size exceeded) - Connecting more ports than is supported for a link aggregate is not supported. The number of physical connections should not be greater than the maximum number of link aggregate ports supported for the OmniSwitch. •...
Page 330: Spb
Since this is globally enabled this remains enabled through out. MVRP is supported only when the switch is operating in flat Spanning Tree mode and it is not supported in the per-VLAN mode. page 14-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 331: Virtual Chassis And Mc-Lag
If there is a port up seen in the device, auto-fabric discovery will start for the port in the next discovery window. If an auto-fabric discovery window is not running, it will start immediately. If it is running, it will start immediately after completion of the existing run. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 14-13...
Page 332: Configuring Auto-Fabric
Configuring Auto-Fabric Configuring Dynamic Automatic Fabric Configuring Auto-Fabric This section describes commands to configure virtual chassis on an OmniSwitch. • “Enabling/Disabling Auto-Fabric” on page 14-14 • “Starting the Discovery Process” on page 14-14 • “Configuring Auto-Fabric Protocols” on page 14-14 •...
Page 333: Configuring And Saving The Discovered Configuration
To automatically save the discovered configuration use the auto-fabric config-save interval auto- fabric config-save admin-state commands. For example: -> auto-fabric config-save admin-state enable -> auto-fabric config-save interval 600 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 14-15...
Page 334: Displaying Auto-Fabric Configuration And Status
Displays details about the interface configured and operational parameters. For more information about the output details that result from these commands, see the OmniSwitch CLI Reference Guide. page 14-16 OmniSwitch AOS Release 7 Network Configuration Guide...
Page 335: Chapter 15 Configuring Ip
(for example, default-ttl). CLI commands are used in the configuration examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. This chapter provides an overview of IP and includes information about the following procedures: •...
Page 336 • VRF Route Leak – Quick Steps for Configuring VRF Route Leak (page 15-37) – Configuring VRF Route Leak (page 15-38) – Verifying VRF Route Leak Configuration (page 15-39) page 15-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 337: Ip Specifications
Maximum number of GRE tunnel interfaces per switch Maximum number of IPIP tunnel interfaces per switch Routing protocols supported over the tunnel RIP, OSPF, BGP interfaces Maximum next hops per ECMP entry OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 15-3...
Page 338: Ip Defaults
-> vlan 20 members port 1/2 untagged Create an IP interface on VLAN 10 using the ip interface command. For example: -> ip interface vlan-10 address 171.10.1.1 vlan 10 page 15-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 339: Ip Overview
SNMP agents on an IP network. Network administrators use SNMP to monitor network perfor- mance and manage network resources. For more information, see the “Using SNMP” chapter in the OmniSwitch AOS Release 6 Switch Management Guide. • Telnet—Used for remote connections to a device. You can telnet to a switch and configure the switch and the network by using the CLI.
Page 340: Chapter 24 Configuring Ip Multicast Switching
For more information, see “Internet Control Message Protocol (ICMP)” on page 15-29. • Multicast Services—Includes IP multicast switching (IPMS). For more information, see Chapter 24, “Configuring IP Multicast Switching.” page 15-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 341: Ip Forwarding
VLAN 3 on Switch 2. Switch 1 Switch 2 IP Router Interface Physical VLAN 2 VLAN 2 Connection VLAN 1 VLAN 3 120.0.0.0 120.0.0.0 110.0.0.1 110.0.0.2 130.0.0.1 130.0.0.2 IP Forwarding OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 15-7...
Page 342: Configuring An Ip Interface
-> ip interface Accounting address 71.0.0.1 mask 255.0.0.0 vlan 955 forward e2 no local-proxy-arp no primary -> ip interface Accounting address 71.0.0.1/8 vlan 955 -> ip interface Accounting address 71.0.0.1 vlan 955 page 15-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 343: Modifying An Ip Router Interface
To view a list of IP interfaces configured on the switch, use the show ip interface command. For more information about this command, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 15-9...
Page 344: Configuring A Loopback0 Interface
The following example command configures a BGP peering session using a Loopback0 IP interface address: -> ip bgp neighbor 2.2.2.2 update-source Loopback0 See the OmniSwitch AOS Release 7 Advanced Routing Configuration Guide for more information. page 15-10 OmniSwitch AOS Release 7 Network Configuration Guide...
Page 345: Creating A Static Route Or Recursive Static Route
To create a recursive static route use the follows parameter: -> ip static-route 171.11.0.0 follows 192.168.10.1 A route to the 192.168.10.1 address must be learned by a dynamic routing protocol for the recursive static route to be active. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 15-11...
Page 346: Creating A Default Route
ARP entry: -> arp 2.2.3.40 01:4a:22:03:44:5c When configuring a static multicast ARP entry, do not use any of the following multicast addresses: 01:00:5E:00:00:00 to 01:00:5E:7F:FF:FF 01:80:C2:XX.XX.XX 33:33:XX:XX:XX:XX page 15-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 347: Deleting A Permanent Entry From The Arp Table
The switch uses the MAC Address table time-out value as the ARP time-out value. Use the mac-learning aging-time command to set the time-out value. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 15-13...
Page 348: Local Proxy Arp
The following arp filter command example creates an ARP filter, which blocks the switch from responding to ARP packets that contain a sender IP address that starts with 198: -> arp filter 198.0.0.0 mask 255.0.0.0 sender block page 15-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 349 Use the show arp filter command to verify the ARP filter configuration. For more information on ARP Filtering and other ARP filter commands, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 15-15...
Page 350: Ip Configuration
-> ip route-pref ospf 15 To display the current route preference configuration, use the show ip route-pref command: -> show ip route-pref Protocol Route Preference Value ------------+------------------------ Local Static OSPF EBGP IBGP page 15-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 351: Configuring The Time-To-Live (Ttl) Value
Set. A set statement is used to modify route information before the route is redistributed into the receiving protocol. This statement is only applied if all the criteria of the route map is met and the action permits redistribution. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 15-17...
Page 352 Refer to the “IP Commands” chapter in the OmniSwitch CLI Reference Guide for more information about the ip route-map command parameters and usage guidelines. Once a route map is created, it is then applied using the ip redist command.
Page 353 For example, the following command deletes only the match tag 8 statement from route map redistipv4 sequence 10: -> no ip route-map redistipv4 sequence-number 10 match tag 8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 15-19...
Page 354 -> ip route-map rm_1 sequence-number 10 action permit -> ip route-map rm_1 sequence-number 10 match tag 5 -> ip route-map rm_1 sequence-number 10 match tag 8 -> ip route-map rm_1 sequence-number 10 match ipv4-interface to-finance page 15-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 355 BGP network. The route map can also specify the modification of route information before the route is redistributed. See “Using Route Maps” on page 15-17 for more information. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 15-21...
Page 356 Redistributes into BGP all routes learned on the intf_ospf interface and sets the metric for such routes to 255. • Redistributes into BGP all other routes that are not processed by sequence 10 or 20, and sets the tag for such routes to eight. page 15-22 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 357: Ip-Directed Broadcasts
172.28.255.255, for an existing IP interface 172.28.0.0/16. • in the range 224.x.x.x - 255.255.255.254. • Source IP address equals one of Switch IP Inter- face addresses. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 15-23...
Page 358 10, TCP packets destined for open ports are given a penalty of 5, and UDP packets destined for open ports are given a penalty of 20. The decay is set to 2, and the switch port scan penalty value threshold is set to 2000: page 15-24 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 359 This value would be divided by 2 (due to decay) and decreased to 2150. The switch would record a port scan and generate a trap to warn the administrator: OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 15-25...
Page 360 For example, to assign a penalty value of 10 to TCP/UDP packets destined for closed ports, enter the following: -> ip dos scan udp open-port-penalty 10 page 15-26 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 361: Arp Poisoning
To verify the number of attacks detected for configured ARP poison restricted addresses, use the show ip dos arp-poison command. For more information about this command, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 362: Enabling/Disabling Ip Services
The following table lists ip service command options for specifying TCP/UDP services and also includes the well-known port number associated with each service: service port telnet http https network-time snmp page 15-28 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 363: Managing Ip
Time-Exceeded Message—Sent by the switch if an IP packet’s TTL field reaches zero. If the internetwork contains a routing loop, the TTL field prevents packets from continuously circulating the internetwork. Once a packet TTL field reaches 0, the switch discards the packet. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 15-29...
Page 364 Note. Enabling host-unreachable and net-unreachable messages are not recommended as it can cause the switch instability due to high-CPU conditions depending upon the volume of traffic required by these messages. Chapter 15, “IP Commands,” for specifics on the ICMP message commands. page 15-30 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 365: Using The Ping Command
Interval. Use the interval keyword to set the frequency, in seconds, that the switch polls the host. • Time-out. Use the time-out keyword to set the number of seconds the program waits for a response before timing out. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 15-31...
Page 366: Tracing An Ip Route
Use the port keyword to set the destination port number to be used in the probing packets. Displaying TCP Information Use the show tcp statistics command to display TCP statistics. Use the show tcp ports command to display TCP port information. page 15-32 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 367: Displaying Udp Information
A switch can support up to 127 IPIP tunnel interfaces. • IPIP tunnel interfaces are included in the maximum number of IP interfaces that are supported on the switch. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 15-33...
Page 368: Tunneling Operation
VLAN-based interface is available for its destination IP address. The switch supports assigning an IP address as well as routes to a tunnel interface. This section describes how to configure a tunnel interface using GRE and IPIP, using Command Line Interface (CLI) commands. page 15-34 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 369: Configuring A Tunnel Interface
Note. An interface can be configured only as a VLAN or a Tunnel interface. Note. To display information about the configured tunnels on the switch, use the show ip interface. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 15-35...
Page 370: Verifying The Ip Configuration
Displays the number of attacks detected for a restricted address. For more information about the displays that result from these commands, see the OmniSwitch CLI Reference Guide. page 15-36 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 371: Vrf Route Leak
-> ip route-pref import 100 Redistribute imported routes to other routing protocols that are imported and added to the RDB from other VRFs using the ip redist command. For example, OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 15-37...
Page 372: Configuring Vrf Route Leak
“Using Route Maps” on page 15-17. To disable exporting of routes from the VRF to the GRT, use the no form of this command as shown: -> no ip export R1 page 15-38 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 373: Verifying Vrf Route Leak Configuration
For more information about the output details that result from the show commands, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 15-39...
Page 374 VRF Route Leak Configuring IP page 15-40 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 375: Chapter 16 Configuring Multiple Vrf
This chapter describes the Multiple VRF feature and how to configure it through the Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. This chapter provides an overview of Multiple VRF and includes the following information: •...
Page 376: Vrf Specifications
Configuring Multiple VRF VRF Specifications The VRF functionality described in this chapter is supported on the OmniSwitch 10K and OmniSwitch 6900, unless otherwise stated in the following specifications table or specifically noted within any other section of this chapter. Note that any maximum limits provided in this table are subject to available system resources.
Page 377: Quick Steps For Configuring Multiple Vrf
Quick Steps for Configuring Multiple VRF Quick Steps for Configuring Multiple VRF The initial configuration for an OmniSwitch consists of a default VRF instance. This instance is always available and is not removable. The following procedure provides a quick tutorial for creating two additional VRF instances and configuring IPv4 protocols to run in each instance: Note.
Page 378 To verify the configuration of a protocol within a VRF instance, use the show commands related to that protocol. For example, the show ip interface command displays the IP interfaces associated with the current CLI VRF context: -> vrf IpOne IpOne: -> show ip interface page 16-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 379 200.1.1.1 255.255.255.0 DOWN vlan 200 See the OmniSwitch CLI Reference Guide for information about the fields in the above displays. An example of what the Quick Steps configuration commands look like when entered sequentially on the switch: -> vlan 100 ->...
Page 380: Multiple Vrf Overview
When an IP packet for Customer C is received on a PE 1 or PE 3 interface associated with VRF C, the VRF C instance determines how to route the packet through the provider backbone so that it reaches the intended Customer C destination. page 16-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 381: Service Provider
Customer C Site 1 PE 1 Customer B VRF C Site 3 VRF B VRF B VRF C Customer C Site 2 VRF C PE 3 Example Multiple VRF Configuration OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 16-7...
Page 382: Vrf Profiles
It is also possible to enter configuration commands for other non-default instances from within the default VRF CLI context. For more information about how to do this and additional examples of using the VRF page 16-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 383: Ascii-File-Only Syntax
VRF. For example, RADIUS in vrf-1, LDAP in vrf-2, SNMP in vrf-3. • Level 3 - A management service may appear in multiple VRFs. For example, SSH and Telnet in vrf-1 and vrf-2. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 16-9...
Page 384 Default VRF Only Single VRF for all services Single VRF per service, each service can be on a dif- ferent VRF Multiple VRFs per service, any service on any VRF page 16-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 385: Vrf Interaction With Other Features
Refer to the specific chapter for each feature to get more detailed information about how to configure and use the feature. All OmniSwitch AOS applications fall into one of the following three categories in relation to the Multiple VRF feature: •...
Page 386: Aaa Radius/Tacacs+/Ldap Servers
More than one VRF including the default VRF can be used for Telnet / SSH sessions. • FTP session “to” the switch is VRF aware. • A maximum of four combined FTP sessions are allowed simultaneously across all VRFs on the switch. page 16-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 387: Webview
SNMPv3 is required to manage VRF instances; SNMPv1 and v2 are not supported. • Configuring the management station to use SNMPv3 is required to receive traps from VRF-aware applications. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 16-13...
Page 388: Vlans
A VRF instance is identified by a name, which is specified at the time the instance is configured. For example, the following command creates the IpOne instance: page 16-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 389 CLI command prompt indicates the active context by displaying the name of the VRF instance as part of the actual prompt. Any subsequent commands entered on this command line are applied to the IpOne instance. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 16-15...
Page 390: Configuring The Vrf Profile
-> vrf LowProfVrf500 profile low +++ WARNING: Memory usage over 80%, creating VRF ->vrf LowProfVrf512 profile low ERROR: resource allocation failure +++ ERROR: Memory usage over 90%, VRF creation failed page 16-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 391: Selecting A Vrf Instance
VLAN 100 is only allowed within the context of the IpOne instance. • A VRF instance can have multiple VLAN associations, even though a VLAN can only have one VRF association. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 16-17...
Page 392: Configuring Routing Protocols For A Specific Vrf Instance
To view a list of VRF instances configured on the switch, use the show vrf command. For more informa- tion about this command, see the OmniSwitch CLI Reference Guide. page 16-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 393: Verifying The Vrf Configuration
IpOne from within the context of the default VRF CLI: -> vrf IpOne show ip interface For more information about the displays that result from these commands, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide...
Page 394 Verifying the VRF Configuration Configuring Multiple VRF page 16-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 395: Chapter 17 Configuring Ipv6
17-18) • Creating a Static Route (see page 17-19) • Configuring the Route Preference of a Router (see page 17-20) • Configuring Route Map Redistribution (see page 17-21) OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 17-1...
Page 396: Ipv6 Specifications
Configured Tunnels - 255 6to4 Tunnels - 1 Maximum IPv6 global unicast or anycast addressess Maximum IPv6 global unicast addresses per IPv6 interface Maximum IPv6 addresses assigned via VRRP configuration page 17-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 397 Configuring IPv6 IPv6 Specifications Maximum IPv6 hardware routes when there OS10K / OS6900 - 256 (prefix >= 65) are no IPv4 routes present (includes dynamic OS10K (U48/C48) - 8K (prefix <= 64) and static routes) OS10K (U32S) - 6K (prefix <= 64) OS10K (U32E) - 8K (prefix <= 64)
Page 398: Ipv6 Defaults
Hop Limit ipv6 hop-limit Path MTU entry minimum life- ipv6 pmtu-lifetime 10 minutes time Neighbor stale lifetime ipv6 neighbor stale-lifetime 10 minutes Local Unicast Global ID ipv6 address global-id None page 17-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 399: Quick Steps For Configuring Ipv6 Routing
-> ipv6 rip interface v6if-v300 IPv6 routing is now configured for VLAN 200 and VLAN 300 interfaces, but it is not active until at least one port in each VLAN goes active. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 17-5...
Page 400: Ipv6 Overview
Embedded IPv4 addresses in the four lower-order bytes of the IPv6 address. The remainder of this section provides a brief overview of the new IPv6 address notation, autoconfigura- tion of addresses, and tunneling of IPv6 over IPv4. page 17-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 401: Ipv6 Addressing
Link-local unicast 1111111010 FE80::/10 Unique Local IPv6 uni- 11111100 FC00::/7 cast Global unicast everything else Note that anycast addresses are unicast addresses that are not identifiable by a known prefix. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 17-7...
Page 402: Ipv6 Address Notation
128-bit IPv6 address followed by a slash (/) and a number representing the prefix length (IPv6-address/prefix-length). For example, the following IPv6 address has a prefix length of 64 bits: FE80::2D0:95FF:FE12:FAB2/64 page 17-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 403: Autoconfiguration Of Ipv6 Addresses
DAD is not performed for anycast addresses, 6to4 tunnels, or VRRP virtual router addresses. Please refer to RFCs 2462, 2464, and 3513 for more technical information about autoconfiguration and IPv6 address notation. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 17-9...
Page 404: Globally Unique Local Ipv6 Unicast Addresses
A 40-bit global identifier is used to make the local IPv6 address prefixes globally unique. This global ID can either be explicitly configured, or created using the pseudo-algorithm recommended in RFC 4193. page 17-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 405: Tunneling Ipv6 Over Ipv4
6to4 well-known prefix, as described above. IPv6 hosts serviced by the 6to4 border router have at least one IPv6 router interface configured with a 6to4 address. Note that additional IPv6 interfaces or external IPv6 routing protocols are not required on the 6to4 border router. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 17-11...
Page 406 IPv6 router interface is also required on the relay router to transmit 6to4 traffic to/from IPv6 hosts connected to an IPv6 domain. Therefore, the relay router participates in both the IPv4 and IPv6 routing domains. page 17-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 407: Configured Tunnels
RIPng and OSPFv3 to run over a configured tunnel. For more information about IPv6 configured tunnels, see “Configuring IPv6 Tunnel Interfaces” on page 17-18. For more detailed information about configured tunnels, refer to RFC 4213. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 17-13...
Page 408: Configuring An Ipv6 Interface
(or tunnel) followed by a VLAN ID (or tunnel ID). For example, the following two commands create an IPv6 interface for VLAN 200 and an interface for tunnel 35: -> ipv6 interface v6if-v200 vlan 200 -> ipv6 interface v6if-tunnel-35 tunnel 35 page 17-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 409: Configuring A Unique Local Ipv6 Unicast Address
Use the show ipv6 interface command to verify the interface configuration for the switch. For more infor- mation about this command, see the OmniSwitch CLI Reference Guide. Configuring a Unique Local IPv6 Unicast Address ipv6 address global-id command is used to create a new value for the global ID. A 5-byte global ID value can be manually specified or automatically generated: ->...
Page 410: Assigning Ipv6 Addresses
PC is not required. • IPv6 VLAN or tunnel interfaces are only eligible for stateless autoconfiguration of their link-local addresses. Manual configuration of addresses is required for all additional addresses. page 17-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 411: Removing An Ipv6 Address
-> no ipv6 address 2001:db8:4100:1000::20 v6if-v200 Note that the subnet router anycast address is automatically deleted when the last unicast address of the same subnet is removed from the interface. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 17-17...
Page 412: Configuring Ipv6 Tunnel Interfaces
To use this protocol on a configured tunnel, a dynamic routing protocol interface is created for the tunnel interface. For example, the following command creates a RIPng interface for tunnel v6if-tunnel- 137: -> ipv6 rip interface v6if-tunnel-137 page 17-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 413: Creating An Ipv6 Static Route
BGP) as well as any static routes that are configured. Use the show ipv6 routes command to display the IPv6 Forwarding table. Note. A static route is not active unless the gateway it is using is active. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 17-19...
Page 414: Configuring The Route Preference Of A Router
-> ipv6 route-pref ospf 15 To display the current route preference configuration, use the show ipv6 route-pref command: -> show ipv6 route-pref Protocol Route Preference Value ------------+------------------------ Local Static OSPF EBGP IBGP page 17-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 415: Configuring Route Map Redistribution
Refer to the “IP Commands” chapter in the OmniSwitch CLI Reference Guide for more information about the ip route-map command parameters and usage guidelines. Once a route map is created, it is then applied using the ipv6 redist command.
Page 416 To verify a route map configuration, use the show ip route-map command: -> show ip route-map Route Maps: configured: 1 max: 200 Route Map: ospf-to-rip Sequence Number: 10 Action permit match tag 8 set tag 5 page 17-22 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 417 Route Map: rm_1 Sequence Number: 10 Action permit match tag 8 set metric 1 Route Map: rm_1 Sequence Number: 20 Action permit match ip4 interface to-finance set metric 5 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 17-23...
Page 418 -> ipv6 access-list ip6addr address 2001::1/64 action permit redist-control no- subnets For more information about configuring access list commands, see the “IP Commands” chapter in the OmniSwitch CLI Reference Guide. page 17-24 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 419 -> ipv6 redist ospf into rip route-map ospf-to-rip admin-state disable The following command example enables the administrative status: -> ipv6 redist ospf into rip route-map ospf-to-rip admin-state enable OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 17-25...
Page 420 Redistributes into RIPng all routes learned on the intf_ospf interface and sets the metric for such routes to 255. • Redistributes into RIPng all other routes (those not processed by sequence 10 or 20) and sets the tag for such routes to eight. page 17-26 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 421: Verifying The Ipv6 Configuration
6to4 Displays the UDP Over IPv6 Listener Table. Contains information about UDP/IPv6 endpoints. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch AOS Release 7 Network Configuration Guide...
Page 422 Verifying the IPv6 Configuration Configuring IPv6 page 17-28 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 423: Chapter 18 Configuring Ipsec
(AH) and the Encapsulating Security Payload (ESP), and through the use of cryptographic key manage- ment procedures and protocols. Note. The OmniSwitch currently supports IPsec for IPv6 only. In This Chapter This chapter describes the basic components of IPsec and how to configure them through the Command Line Interface (CLI).
Page 424: Ipsec Specifications
IPsec security policy status ipsec policy Disabled IPsec discard policy status ipsec policy Enabled IPsec SA status ipsec sa Disabled Key length AES-CBC ipsec sa 128 bits page 18-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 425: Quick Steps For Configuring An Ipsec Ah Policy
-> ipsec sa ALLinMD5_SA ah source 664:1:1:1::1 destination 664:1:1:1::199 spi 2001 authentication HMAC-MD5 admin-state enable Use the following show commands to verify the IPsec configuration: -> show ipsec policy -> show ipsec sa -> show ipsec key sa-authentication OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 18-3...
Page 426: Quick Steps For Configuring An Ipsec Discard Policy
-> ipsec policy Discard_ALLinMD5 source 664:1:1:1::1/64 destination 664:1:1:1::199/64 protocol any in discard admin-state enable Use the following show commands to verify the IPsec configuration: -> show ipsec policy -> show ipsec ipv6 statistics page 18-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 427: Ipsec Overview
Unlike ESP, AH does not provide confidentiality. IPsec on an OmniSwitch operates in Transport mode. In transport mode only the payload of the IPv6 packet is encapsulated, and an IPsec header (AH or ESP) is inserted between the original IPv6 header and the upper-layer protocol header.
Page 428: Authentication Header (Ah)
It authenticates the packet by calculating the checksum via hash-based message authentication code (HMAC) using a secret key and either HMAC-MD-5 or HMAC-SHA1 hash functions. page 18-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 429: Ipsec On The Omniswtich
SA. The policy is used to specificy which IPsec protocols are used such as AH or ESP while the SA specifies the algorithms such as AES and HMAC-MD5. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 430: Securing Traffic Using Ipsec
Keys are used for encrypting and authenticating the traffic. Key lengths must match what is required by the encryption or authentication algorithm specified in the SA. Key values may be specified either in hexa- decimal format or as a string. page 18-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 431: Discarding Traffic Using Ipsec
Configuring IPsec IPsec Overview Note. The OmniSwitch currently supports manually configured SAs only. Discarding Traffic using IPsec In order to discard IPv6 datagrams, a policy is configured in the same manner as an IPsec security policy, the difference being that the action is set to ‘discard’ instead of ‘ipsec’. A discard policy can prevent IPv6 traffic from traversing the network.
Page 432: Configuring Ipsec On The Omniswitch
Restrict IPsec commands to authorized users only. This is described in Chapter 6, “Managing Switch User Accounts.” in the OmniSwitch AOS Release 7 Switch Management Guide. Configuring IPsec for securing IPv6 traffic on a switch requires several steps which are explained below •...
Page 433: Configuring An Ipsec Policy
-> ipsec policy tcp_in source 3ffe::/16 destination 4ffe::/16 protocol tcp in ipsec description “Any 3ffe to any 4ffe” admin-state enable Use the no form of the command to remove the configured IPsec policy. For example: -> no ipsec policy tcp_in OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 18-11...
Page 434: Enabling And Disabling A Policy
Policy telnet_malicious can be configured to handle a known malicious system that otherwise would fall under the telnet_ipsec policy. Its priority of 1 ensures that it always takes precedence and discards any incoming telnet connection attempts from the known malicious system. page 18-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 435: Assigning An Action To A Policy
View a specific security policy to view additional details. You can also verify the configuration of a specific security policy by using the show ipsec policy command followed by the name of the security policy. For example: OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 18-13...
Page 436: Configuring An Ipsec Rule
= 3ffe:1:1:1::99 Destination = 3ffe:1:1:1::1 Protocol = TCP Direction = in Action = ipsec State = active Rules: 1 : esp, 2 : ah Description: IPsec on all inbound TCP page 18-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 437: Configuring An Ipsec Sa
You can use the encryption parameter to specify the encryption algorithm to be used for the traffic covered by the SA. This parameter can only be used when the SA type is ESP. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 438: Verifying Ipsec Sa
-> ipsec key tcp_in_ah sa-authentication 0x11223344556677889900112233445566 The above command configures an IPsec SA key named tcp_in_ah. This IPsec SA key will be used for the AH authentication protocol and has a value of 0x11223344556677889900112233445566. page 18-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 439 -> show ipsec key sa-authentication Authentication Keys Name Length (bits) --------------------+---------------- tcp_in_ah sa_1 sa_5 The above command shows the number of manually configured SAs along with their authentication key lengths in bits respectively. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 18-17...
Page 440 ESP authentication success = 25 ESP authentication failure = 0 Packet not valid No memory available Outbound: Successful = 5135 Policy violation No SA found = 19 Packet not valid No memory available page 18-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 441: Additional Examples
“ESP from 200” admin- state enable -> ipsec key tcp_out_esp sa-encryption 12345678 -> ipsec key tcp_out_esp sa-authentication 12345678901234567890 -> ipsec key tcp_in_esp sa-encryption 12345678 -> ipsec key tcp_in_esp sa-authentication 123456789012345678 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 18-19...
Page 442 “ESP from 100” admin- state enable -> ipsec key tcp_out_esp sa-encryption 12345678 -> ipsec key tcp_out_esp sa-authentication 12345678901234567890 -> ipsec key tcp_in_esp sa-encryption 12345678 -> ipsec key tcp_in_esp sa-authentication 123456789012345678 page 18-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 443: Discarding Ripng Packets
-> ipsec policy DISCARD_UDPin source fe80::200 destination ff02::9 protocol udp in discard Switch B -> ipsec policy DISCARD_UDPout source fe80::200 destination ff02::9 protocol udp out discard -> ipsec policy DISCARD_UDPin source fe80::100 destination ff02::9 protocol udp in discard OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 18-21...
Page 444: Verifying Ipsec Configuration
Displays IPsec statistics for IPv6 traffic. For more information about the resulting displays form these commands, see the “IPsec Commands” chap- ter in the OmniSwitch CLI Reference Guide. Examples of the above commands and their outputs are given in the section “Configuring IPsec on the...
Page 445: Chapter 19 Configuring Rip
(e.g., OSPF and BGP). CLI commands are used in the configuration examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. This chapter provides an overview of RIP and includes information about the following procedures: •...
Page 446: Rip Specifications
RIP Interface Send Version ip rip interface send-version RIP Interface Receive Version ip rip interface recv-version both RIP Host Route ip rip host-route enable RIP Route Tag ip rip host-route page 19-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 447: Quick Steps For Configuring Rip Routing
Create an RIP interface on VLAN 2 by using the ip rip interface command. For example: -> ip rip interface vlan-2 Note For more information on VLANs and router ports, see Chapter 4, “Configuring VLANs.” OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 19-3...
Page 448: Rip Overview
Advanced Routing Software. For more information see the “Configuring OSPF” chapter in the OmniSwitch AOS Release 7 Advanced Routing Configuration Guide. When RIP is initially enabled on a switch, it issues a request for routing information, and listens for responses to the request.
Page 449: Rip Version 2
Unlike unicast, which sends one packet per destination, multicast sends one packet to all devices in any subnetwork that has at least one device requesting the multicast traffic. For more information on IPMS, Chapter 24, “Configuring IP Multicast Switching.” OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 19-5...
Page 450: Rip Routing
Note. In simple networks where only IP forwarding is required, you need not use RIP. If you are not using RIP, it is best not to load it to save switch resources. page 19-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 451: Enabling Rip
RIPv1 packets you would enter: -> ip rip interface rip-1 send-version v1 The Send options are: • v1. Only RIPv1 packets is sent by the switch. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 19-7...
Page 452: Configuring The Rip Interface Receive Option
The valid metric range is 1 to 15. To change the default value use the ip rip interface metric command. Use the show ip rip interface command to display the current interface metric. page 19-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 453: Rip Options
Enter the command and the update interval value, in seconds. For example, to set an update - interval value of 45 seconds, you would enter: -> ip rip update-interval 45 The valid update interval range is 1 to 120. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 19-9...
Page 454: Configuring The Rip Invalid Timer
50% above their default values. For exam- ple: -> ip rip update-interval 45 -> ip rip invalid-timer 270 -> ip rip garbage-timer 180 page 19-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 455: Enabling A Rip Host Route
The default is to enable a default host route. Use the no ip rip host-route command to disable the host route. Use the show ip rip command to display the current host route status. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 19-11...
Page 456: Configuring Redistribution
Refer to the “IP Commands” chapter in the OmniSwitch CLI Reference Guide for more information about the ip route-map command parameters and usage guidelines. Once a route map is created, it is then applied using the ip redist command.
Page 457 To verify a route map configuration, use the show ip route-map command: -> show ip route-map Route Maps: configured: 1 max: 200 Route Map: ospf-to-rip Sequence Number: 10 Action permit match tag 8 set tag 5 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 19-13...
Page 458 Route Map: rm_1 Sequence Number: 10 Action permit match tag 8 set metric 1 Route Map: rm_1 Sequence Number: 20 Action permit match ipv4 interface to-finance set metric 5 page 19-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 459 -> ipv6 access-list ip6addr address 2001::1/64 action permit redist-control no- subnets For more information about configuring access list commands, see the “IP Commands” chapter in the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 19-15...
Page 460 -> ip redist ospf into rip route-map ospf-to-rip admin-state disable The following command example enables the administrative status: -> ip redist ospf into rip route-map ospf-to-rip admin-state enable page 19-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 461 Redistributes into RIP all routes learned on the intf_ospf interface and sets the metric for such routes to 255. • Redistributes into RIP all other routes (those not processed by sequence 10 or 20) and sets the tag for such routes to eight. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 19-17...
Page 462: Rip Security
Enter the IP address of the RIP interface, and then enter a 16-byte text string. For example to configure a password “nms” you would enter: -> ip rip interface rip-1 auth-key nms page 19-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 463: Verifying The Rip Configuration
Displays active RIP neighbors (peers). show ip redist Displays the currently configured RIP redistribution filters. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch AOS Release 7 Network Configuration Guide...
Page 464 Verifying the RIP Configuration Configuring RIP page 19-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 465: Chapter 20 Configuring Bfd
This chapter describes the basic components of BFD and how to configure them through the Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. Configuration procedures described in this chapter include: •...
Page 466: Bfd Specifications
BFD status for the OSPF protocol ip ospf bfd-state Disabled BFD status for an OSPF interface ip ospf interface bfd-state Disabled BFD session status with all BGP ip bgp bfd-state all-neighbors Disabled neighbors page 20-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 467: Quick Steps For Configuring Bfd
The value set with this command overrides the global transmit value configured for the routing instance. For example: -> ip bfd interface bfd-vlan-101 transmit 500 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 20-3...
Page 468 Note. BFD parameters are not configurable once the BFD administrative status is enabled on the interface. Enable the BFD protocol for the routing instance globally using the ip bfd admin-state command. For example: -> ip bfd admin-state enable page 20-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 469: Quick Steps For Configuring Bfd Support For Layer 3 Protocols
= 300, Applications Registered = STATIC-ROUTING OSPF See the “BFD Commands” chapter in the OmniSwitch CLI Reference Guide for information about the fields in this display. Quick Steps for Configuring BFD Support for Layer 3 Protocols BFD runs on top of Layer 3 protocol traffic that is forwarded between two systems. This implementation of BFD supports the following protocols: •...
Page 470 192.10.150.42 Enabled Down Enabled See the “VRRP Commands” chapter in the OmniSwitch CLI Reference Guide for information about the fields in this display. Configuring BFD Support for Static Routes Enable BFD support for a specific static route using the ip static-route bfd-state...
Page 471: Bfd Overview
Gateway Metric --------------------+-----------------+--------- See the “IP Commands” chapter in the OmniSwitch CLI Reference Guide for information about the fields in this display. BFD Overview Detecting communication failures as soon as possible is the first step in any network recovery process;...
Page 472: Benefits Of Using Bfd For Failure Detection
BFD control packets. This design also enables fast systems on shared medium with a slow system to detect failures more rapidly between fast systems while allowing the slow system to participate to the best of its ability. page 20-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 473: Operational Mode And Echo Function
There is no specific definition for Echo packet format. The only requirement is that the transmitting system is able to use the packet contents to distinguish between the various BFD sessions so that packets are correctly processed for the appropriate session. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 20-9...
Page 474: Bfd Session Establishment
The BFD control packet contains information about how quickly a system would like to send packets to its peer, as well as how rapidly it is willing to receive packets from the peer. The BFD detection time is not page 20-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 475: Configuring Bfd
“Configuring the BFD Receive Time Interval” on page 20-12). • Multiplier (see “Configuring the BFD Multiplier” on page 20-13). • Echo interval (see “Configuring the BFD Echo interval” on page 20-13). OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 20-11...
Page 476: Configuring The Bfd Transmit Time Interval
BFD allows you to change the default value and set the receive time interval from the valid range. To change the global receive time interval for BFD control packets, use the ip bfd receive command. For example: page 20-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 477: Configuring The Bfd Echo Interval
The above command assigns a multiplier value of 5 to all BFD sessions. To change the BFD multiplier for a specific session, use the ip bfd interface multiplier command. For example: -> ip bfd interface bfd-vlan-101 multiplier 5 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 20-13...
Page 478: Enabling Or Disabling Bfd Status
BFD session parameters. To see additional detail for a specific interface, use the show ip bfd interfaces command and specify an interface name. For example: -> show ip bfd interfaces one Interface Name = one, page 20-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 479: Configuring Bfd Support For Layer 3 Protocols
Router Id = 10.172.18.16, OSPF Version Number = 2, Admin Status = Enabled, Area Border Router ? = No, AS Border Router Status = Disabled, Route Tag = 0, OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 20-15...
Page 480 BFD-enabled interfaces. For example: -> show ip bfd interfaces Interface Admin Min Rx Min EchoRx Detect OperStatus Name Status Interval Interval Interval Multiplier ---------+--------+---------+---------+----------+----------+---------- enabled enabled page 20-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 481 Whenever there is any change to the interface/neighbor list or interface/neighbor state, OSPF immediately informs BFD about the changes. Additionally, whenever BFD detects any changes to the other end, BFD updates its database accordingly and informs OSPF for its fastest convergence. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 20-17...
Page 482 -> ip bgp bfd-state all-neighbors enable To disable BFD for all configured BGP neighbors, use the ip bgp bfd-state all-neighbors with the disable keyword, as shown below: page 20-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 483: Configuring Bfd Support For Vrrp Tracking
To associate VRRP protocol with BFD liveliness detection, register VRRP with BFD at the protocol level using the vrrp bfd-state command as shown below: -> vrrp bfd-state enable Note. VRRP protocol supports BFD in the echo-only operational mode. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 20-19...
Page 484 BFD interface/session configuration and operation status. Once the track policy is configured, the BFD session is established with the remote IP address. BFD session is also established with the BFD neighbors. page 20-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 485 To verify the static routes on which BFD is enabled, use the show ip router database command with the protocol static option. For example: -> show ip router database protocol static OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 20-21...
Page 486 Total IPRM IPv4 routes: 7 Destination Gateway Interface Protocol Metric Misc-Info -------------------+---------------+------------+--------+-------+-----+----------- +b 100.0.0.0/8 100.1.1.10 v1001 STATIC 128.251.40.0/24 172.28.4.254 STATIC Inactive Static Routes Destination Gateway Metric --------------------+-----------------+--------- page 20-22 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 487: Bfd Application Example
Note. Configuring a BFD session explicitly with an IP interface name on individual routers is optional, and must be used if user defined BFD session parameters need to be applied. All the steps for explicit configuration are mentioned as optional. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 20-23...
Page 488 -> ip interface vlan-20 vlan 20 address 20.0.0.2 mask 255.0.0.0 -> vlan 20 members port 2/3-5 -> ip router router-id 2.2.2.2 These commands created VLANs 12, 23, and 20. page 20-24 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 489 Now the area should be created. In this case, we create area 0.0.0.1. The command for this step is below (the command is the same on each router): -> ip ospf area 0.0.0.1 Area 0.0.0.1 is created and enabled. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 20-25...
Page 490 “Step 1: Prepare the Routers” on page 20-24. Router 1 -> ip bfd interface vlan-31 -> ip bfd interface vlan-31 admin-state enable -> ip bfd interface vlan-12 -> ip bfd interface vlan-12 admin-state enable page 20-26 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 491 OSPF with BFD and then enable BFD on all OSPF interfaces. Repeat the following steps on each router: -> ip bfd admin-state enable -> ip ospf bfd-state enable -> ip ospf bfd-state all-interfaces enable OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 20-27...
Page 492: Verifying The Bfd Configuration
Displays the BFD status for static routes. protocol static For more information about the resulting displays form these commands, see the Omniswitch CLI Refer- ence Guide. Examples of the above commands and their outputs are given in the section “Configuring BFD”...
Page 493: Chapter 21 Configuring Dhcp Relay
Using automatic IP configuration to obtain an IP address for the switch on page 21-12. • Configuring relay for generic UDP service ports on page 21-13. For information about the IP protocol, see Chapter 15, “Configuring IP.” OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 21-1...
Page 494: Dhcp Relay Specifications
Maximum of 256 VLAN relay services. Per-VLAN service Maximum number of UDP relay services allowed per switch Maximum number of VLANs to which forwarded UDP service port traffic is allowed page 21-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 495: Dhcp Relay Defaults
Disabled default VLAN 1 Automatic switch IP configuration packet ip helper boot-up enable BootP type (BootP or DHCP) Relay Agent Information Option ip helper agent-informa- Disabled tion OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 21-3...
Page 496: Quick Steps For Setting Up Dhcp Relay
= standard mode, Bootup Option = Disable Forwarding address list (Standard mode): 128.100.16.1 For more information about this display, see the “DHCP Relay” chapter in the OmniSwitch CLI Reference Guide. page 21-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 497: Dhcp Relay Overview
Alternately, the relay function can be provided by an external router connected to the switch; in this case, the relay is configured on the external router. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 21-5...
Page 498: Dhcp
The unique characteristics of the DHCP protocol require a good plan before setting up the switch in a DHCP environment. Since DHCP clients initially have no IP address, placement of these clients in a VLAN is hard to determine. The DHCP feature on OmniSwitch provides two services to the network users: • DHCP Relay Agent •...
Page 499: External Dhcp Relay Application
DHCP clients. This subnet address allows the DHCP server to locate the segment on which the requesting client resides. In this example, all clients attached to the OmniSwitch are DHCP-ready and have the same subnet address (130.0.0.0) inserted into each of the requests by the DHCP Relay function of the router.
Page 500: Internal Dhcp Relay
DHCP Relay entity, it is forwarded from VLAN 3 to VLAN 2. All the DHCP-ready clients in VLAN 3 must be members of the same VLAN, and the switch must have the DHCP Relay function configured. page 21-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 501: Dhcp Relay Implementation
DHCP Relay Implementation The OmniSwitch allows you to configure the DHCP Relay feature in one of two ways. You can set up a global DHCP Relay or you can set up the DHCP Relay based on the DHCP packet from the client. Both of these choices provide the same configuration options and capabilities.
Page 502: Configuring Bootp/Dhcp Relay Parameters
DHCP Relay discards the packet. The forward delay time value applies to all defined IP helper addresses. The following command sets the forward delay value of 10 seconds: -> ip helper forward-delay 10 page 21-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 503: Setting Maximum Hops
To change the forwarding option value, enter ip helper followed by standard or per-vlan-only. For example: -> ip helper standard -> ip helper per-vlan-only OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 21-11...
Page 504: Using Automatic Ip Configuration
For more information about these commands, refer to the OmniSwitch CLI Reference Guide. Enabling Automatic IP Configuration By default, this function is disabled on the switch. To enable automatic IP configuration and specify the...
Page 505: Configuring Udp Port Relay
UDP Port Relay on the generic service port. The second step involves specifying a VLAN that relays and forwards the traffic destined for the generic service port. Both steps are required and are described below. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 21-13...
Page 506: Enabling/Disabling Udp Port Relay
To remove a VLAN association with a UDP service port, use the no form of the ip udp relay service vlan command. For example, the following command removes the VLAN 6 association with the NBNS well-known service port: -> no ip udp relay service nbns vlan 6 page 21-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 507: How The Relay Agent Processes Dhcp Packets From The Client
Configuring DHCP Relay Configuring UDP Port Relay For more information about using the ip udp relay service vlan command, see the OmniSwitch CLI Reference Guide. How the Relay Agent Processes DHCP Packets from the Client The following table describes how the relay agent processes DHCP packets received from clients when the Option-82 feature is enabled for the switch: If the DHCP packet from the client ...
Page 508 Note. These policies apply to all DHCP packets received on all switch ports. In addition, if a packet that contains existing Option-82 data also contains a gateway IP address that matches a local subnet address, the relay agent drops the packet. page 21-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 509: Verifying The Dhcp Relay Configuration
Verifying the DHCP Relay Configuration To display information about the DHCP Relay and BOOTP/DHCP, use the show commands listed below. For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the...
Page 510 Verifying the DHCP Relay Configuration Configuring DHCP Relay page 21-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 511: Chapter 22 Configuring Vrrp
This chapter describes VRRPv2/VRRPv3 and how to configure it through the Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. This chapter provides an overview of VRRP and includes information about the following: •...
Page 512 VRRP tracking—see “Creating Tracking Policies” on page 22-25. • VRRPv3 tracking—see “Creating Tracking Policies” on page 22-25. • Verifying the VRRP configuration—see “Verifying the VRRPv3 Configuration” on page 22-24. page 22-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 513: Vrrp Specifications
Default advertising interval for vrrp group all the virtual routers in the group. Default priority value for all the vrrp group virtual routers in the group. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 22-3...
Page 514 In addition, other defaults for VRRP include: Description Command Default VRRP traps vrrp trap Enabled VRRP delay vrrp delay 45 seconds page 22-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 515: Quick Steps For Creating A Virtual Router
VRRP trap generation: Enabled VRRP startup delay: 45 (expired) Admin VRID VLAN Address(es) Status Priority Preempt Interval ----+-----+----------------+----------+----------+--------+--------- 10.10.2.3 Enabled For more information about this display, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 22-5...
Page 516: Vrrp Overview
In this example, each physical router is configured with a virtual router, VRID 1 which is associated with IP address A. OmniSwitch A is the master router because it contains the physical interface to which IP address A is assigned. OmniSwitch B is the backup router. The client is configured with a gateway address of IP A.
Page 517: Why Use Vrrp?
(00:00:5E:00:01:01). It will also forward packets for IP address B and respond to ARP requests for IP address B using the OmniSwitch’s physical MAC address. OmniSwitch B uses IP address B to access the LAN. However, IP address B is not backed up. Therefore, when OmniSwitch B becomes unavailable, IP address B also becomes unavailable.
Page 518: Vrrp Mac Addresses
MAC address. Gratuitous ARP requests for the virtual router IP address or MAC address are broadcast when the OmniSwitch becomes the master router. For VRRP interfaces, gratuitous ARP requests are delayed at system boot until both the address and the virtual router MAC address are configured.
Page 519: Vrrp Startup Delay
VLAN (either acting as master or backup), RDP will advertise all VLAN IP addresses. However, if virtual routers are active, RDP will advertise IP addresses for any master routers; RDP will not adver- tise IP addresses for backup routers. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 22-9...
Page 520: Vrrp Configuration Overview
Note that the IP address owner is automatically assigned a value of 255, which overrides any value that you may have already configured. See “Configuring Virtual Router Priority” on page 22-12 for more information about how priority is used. page 22-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 521: Specifying An Ip Address For A Virtual Router
Virtual router 7 on VLAN 3 is deleted from the configuration. (The virtual router does not have to be disabled before you delete it.) For more information about the vrrp command syntax, see the OmniSwitch CLI Reference Guide. Specifying an IP Address for a Virtual Router An IP address must be specified before a virtual router may be enabled.
Page 522: Configuring The Advertisement Interval
When there is more than one backup router and if their priority values are very nearly equal, the skew time may not be sufficient to overcome delays caused by network traffic loads. This may cause a page 22-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 523: Enabling/Disabling A Virtual Router
For example: -> vrrp 7 3 admin-state disable -> vrrp 7 3 priority 200 -> vrrp 7 3 admin-state enable OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 22-13...
Page 524: Setting Vrrp Traps
MIB. In order for VRRP traps to be generated correctly, traps in general must be enabled on the switch through the SNMP CLI. See the OmniSwitch AOS Release 7 Switch Management Guide for more information about enabling SNMP traps globally.
Page 525: Changing Default Parameter Values For A Virtual Router Group
The virtual routers can also be grouped under a virtual router group as another way of simplifying the configuration and management tasks. A virtual router group can be created using the vrrp group command as follows: -> vrrp group 25 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 22-15...
Page 526 Note. You can specify a parameter such as interval, priority, preempt or all in the vrrp group set command to set and/or override the existing value with the new default values. The all option resets and/or page 22-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 527 -> vrrp group 25 admin-state enable-all Note. Even though a virtual router may be assigned to a group, its parameter values and administrative status can still be modified individually. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 22-17...
Page 528: Verifying The Vrrp Configuration
Displays the virtual routers that are associated with a group. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. page 22-18 OmniSwitch AOS Release 7 Network Configuration Guide...
Page 529: Vrrpv3 Configuration Overview
Note that the IP address owner is automatically assigned a value of 255, which overrides any value that you may have already configured. See “Configuring the VRRPv3 Virtual Router Priority” on page 22-21 for more information about how priority is used. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 22-19...
Page 530: Specifying An Ipv6 Address For A Vrrpv3 Virtual Router
VRRPv3 virtual router is enabled or disabled. For more information about the vrrp3 command syntax, see the OmniSwitch CLI Reference Guide. To delete a VRRPv3 virtual router, use the no form of the vrrp3 command with the relevant VRID and VLAN ID.
Page 531: Configuring The Vrrpv3 Advertisement Interval
The priority parameter may be used to control the order in OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 532: Setting Preemption For Vrrpv3 Virtual Routers
If this virtual router takes over for an unavailable router, a router with a higher priority will not be able to preempt it. For more information about priority, see “Configuring the VRRPv3 Virtual Router Priority” on page 22-21. page 22-22 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 533: Enabling/Disabling A Vrrpv3 Virtual Router
In order for VRRPv3 traps to be generated correctly, traps in general must be enabled on the switch through the SNMP CLI. See the OmniSwitch AOS Release 7 Switch Management Guide for more informa- tion about enabling SNMP traps globally.
Page 534: Verifying The Vrrpv3 Configuration
Displays the tracking policies associated with VRRPv3 virtual routers. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. page 22-24...
Page 535: Creating Tracking Policies
IP address becomes unreachable, both virtual routers will have their priorities decremented, and the backup may temporarily take over if the master discovers that the IP address is unreachable before the backup. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 22-25...
Page 536: Vrrp Application Example
VRID 2 Backup 2 Master 2 10.10.2.245 10.10.2.250 10.10.2.245 VLAN 5 clients 1 and 2 clients 3 and 4 default gateway 10.10.2.245 default gateway 10.10.2.250 VRRP Redundancy and Load Balancing page 22-26 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 537 In this scenario, the master of VRID 1 will respond to ARP requests for IP address A using the virtual router MAC address for VRID 1 (00:00:5E:00:01:01). OmniSwitch 1 is the master for VRID 1 since it contains the physical interface to which 10.10.2.250 is assigned. If OmniSwitch A should become unavail- able, OmniSwitch B will become master for VRID 1.
Page 538: Vrrp Tracking Example
3 and 4 through IP address 10.10.2.245. For example, if the port that provides access to the Inter- net on OmniSwitch A fails, virtual router 1 will continue to be the default router for clients 1 and 2, but clients 1 and 2 will not be able to access the Internet.
Page 539 3/1 on switch A is functioning again we want switch A to reestablish itself as the master. See “Setting Preemption for Virtual Routers” on page 22-12 for more information about enabling preemption. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 22-29...
Page 540: Vrrpv3 Application Example
-> vrrp3 1 5 address 213:100:1::56 -> vrrp3 2 5 address 213:100:1::57 Enable the VRRPv3 virtual routers. -> vrrp3 1 5 admin-state enable -> vrrp3 2 5 admin-state enable page 22-30 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 541: Vrrpv3 Tracking Example
. For example, if the port that provides access to the 213:100:1::56 Internet on OmniSwitch A fails, virtual router 1 will continue to be the default router for clients 1 and 2, but clients 1 and 2 will not be able to access the Internet.
Page 542 3/1 on switch A is functioning again we want switch A to reestablish itself as the master. See “Setting Preemption for Virtual Routers” on page 22-12 for more information about enabling preemption. page 22-32 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 543 SLB cluster). SLB clusters are identified and accessed using either a Virtual IP (VIP) address or a QoS policy condition. Traffic is always routed to VIP clusters and either bridged or routed to policy condition clusters. The OmniSwitch operates at wire speed to process client requests and then forward them to the physical servers within the cluster.
Page 544: Chapter 23 Configuring Server Load Balancing
Server health checking Ping, link checks High availability support Hardware-based failover, VRRP, Chassis Management Module (CMM) redundancy Networking protocols supported Virtual IP (VIP) addresses Maximum number of probes on a switch page 23-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 545: Server Load Balancing Default Values
None configured SLB probe expected status ip slb probe status SLB probe send string ip slb probe send None configured SLB probe expect string ip slb probe expect None configured OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 23-3...
Page 546: Quick Steps For Configuring Server Load Balancing
Admin status = Enabled, Operational Status = Discovery, Weight = 1, Availability (%) = 0 Server 128.241.130.135 Admin status = Disabled, Operational Status = Disabled, Weight = 8, Availability (%) = 0 page 23-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 547: Quick Steps For Configuring A Qos Policy Condition Cluster
Server 103.10.50.1 Admin status = Enabled, Operational status = In Service, Weight = 1, Availability (%) = 100 Server 103.10.50.2 Admin status = Enabled, Operational status = In Service, OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 23-5...
Page 548 Once a cluster is created, the Virtual IP or condition cannot be modified. To modify these values, delete the cluster and re-create the cluster with the different VIP and conditions. page 23-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 549: Server Load Balancing Overview
VLAN domain. The Layer-2 or Layer-3 mode is selected when the condition cluster is configured on the switch. See “Configuring an SLB Cluster with a QoS Policy Condition” on page 23-12 for more information. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 23-7...
Page 550: Server Load Balancing Example
Loopback Address: Loopback Address: Loopback Address: Loopback Address: 128.241.130.204 128.241.130.204 128.241.130.204 128.241.130.204 OmniSwitch 7800 Switch Intranet Internet Client A Client B Example of a Server Load Balancing (SLB) Cluster page 23-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 551: Weighted Round Robin Distribution Algorithm
Weighted Round Robin Algorithm Note. See “Modifying the Relative Weight of a Physical Server” on page 23-16 for information on modifying the relative weights of servers in an SLB cluster. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 23-9...
Page 552: Server Health Monitoring
The switch is making another attempt to bring up the server. In Release 5.1.6 and later you can configure probes to monitor the health of clusters and servers. See “Configuring SLB Probes” on page 23-18 for more information. page 23-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 553: Configuring Server Load Balancing On A Switch
-> ip slb admin-state enable Disabling SLB To disable SLB switch wide, use the ip slb admin-state command by entering: -> ip slb admin-state disable OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 23-11...
Page 554: Configuring And Deleting Slb Clusters
How to Create a QoS Policy Condition Use the policy condition command to create a QoS policy condition. For example, the following command creates a source port condition named “cond1”: page 23-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 555: Automatic Configuration Of Slb Policy Rules
See Chapter 25, “Configuring QoS,” for more information on configuring and displaying QoS policies. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 23-13...
Page 556: Assigning Servers To And Removing Servers From A Cluster
For example, to remove a server with an IP address of 10.105.16.121 from an SLB cluster called “Web_Server” you would enter: -> no ip slb server ip 10.105.16.121 cluster Web_Server page 23-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 557: Modifying Optional Parameters
-> ip slb cluster Web_Server ping timeout 1000 Note. You can modify the ping period with the ip slb cluster ping period command, which is described “Modifying the Ping Period” on page 23-15. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 23-15...
Page 558: Modifying The Ping Retries
-> ip slb server ip 10.105.16.118 cluster Web_Server weight 0 Assigning a weight of 0 (zero) to a server prevents this server from being assigned any new connections.This server becomes a backup server. page 23-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 559: Taking Clusters And Servers On/Off Line
For example, to administratively enable a server with an IP address of 10.105.16.121 that belongs to an SLB cluster called “Web_Server”, you would enter: -> ip slb server ip 10.105.16.121 cluster Web_Server admin-state enable OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 23-17...
Page 560: Configuring Slb Probes
For example, to delete an SLB probe called “server_probe1”, enter: -> no ip slb probe server_probe1 page 23-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 561: Associating A Probe With A Cluster
For example, to set the period for an HTTP SLB probe called “server_probe1” to 120 seconds, enter: -> ip slb probe server_probe1 http period 120 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 23-19...
Page 562: Modifying The Probe Retries
URL. Note. The URL should be the relative web page name to be retrieved. page 23-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 563: Modifying The Probe Status
(http, https, udp, or tcp), expect, and the user-specified ASCII string. For example, to set the TCP/UDP port for an HTTP SLB probe called “server_probe1” to “test”, enter: -> ip slb probe server_probe1 http expect test OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 23-21...
Page 564: Displaying Server Load Balancing Status And Statistics
-> show ip slb clusters statistics -> show ip slb cluster Intranet statistics page 23-22 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 565 Period Retries Timeout Method -----------------------+-------+-------+--------+------ web_server 60000 12000 HTTP mail_server 60000 3000 SMTP mis_servers 3600000 24000 Ping In the example above there are three probes configured on the switch. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 23-23...
Page 566 Password Expect Status = 200, = /, Note See the “Server Load Balancing Commands” chapter in the OmniSwitch CLI Reference Guide for complete syntax information on SLB show commands. page 23-24 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 567: In This Chapter
This chapter describes the basic components of IPMS and how to configure them through the Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. Configuration procedures described in this chapter include: •...
Page 568: Ipms Specifications
OS10K - 4K OS10K - 2K (XNI-U32S) OS6900 (X20/X40) - 2K OS6900 (T20/T40) - 4K (Note: Mixing an XNI-U32S with other modules in the same chassis reduces the maximum entries to page 24-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 569: Ipmsv6 Specifications
Administrative Status ip multicast admin-state disabled IGMP Querier Forwarding ip multicast querier- disabled forwarding IGMP Version ip multicast version version 2 IGMP Query Interval ip multicast query-interval 125 seconds OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-3...
Page 570 Source Timeout ip multicast source-timeout 30 seconds IGMP Querying ip multicast querying disabled IGMP Robustness ip multicast robustness IGMP Spoofing ip multicast spoofing disabled IGMP Zapping ip multicast zapping disabled page 24-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 571: Ipmsv6 Default Values
Source Timeout ipv6 multicast source-timeout 30 seconds MLD Querying ipv6 multicast querying disabled MLD Robustness ipv6 multicast robustness MLD Spoofing ipv6 multicast spoofing disabled MLD Zapping ipv6 multicast zapping disabled OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-5...
Page 572: Ipms Overview
Multicast Stream (destination IP address) Multicast Server (source IP address) Ports on end stations send IGMP requests to receive multicast traffic. Network A Network B Example of an IPMS Network page 24-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 573: Reserved Ip Multicast Addresses
IPMS uses decisions made by the routing protocols and forwards multicast traffic to ports that request group membership. See the OmniSwitch AOS Release 7 Advanced Routing Configuration Guide for more information on IP multicast routing protocols.
Page 574: Igmp Version 3
IGMPv3 also supports Source Specific Multicast (SSM) by allowing hosts to report interest in receiving packets only from specific source addresses or from all but specific source addresses. page 24-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 575: Configuring Ipms On A Switch
“IPMS Application Example” on page 24-37 that shows how to use CLI commands to configure a sample network. Note. See the “IP Multicast Switching Commands” chapter in the OmniSwitch CLI Reference Guide for complete documentation of IPMS CLI commands. Enabling and Disabling IP Multicast Status IP Multicast Switching and Routing is disabled by default on a switch.
Page 576: Enabling And Disabling Igmp Querier-Forwarding
By default, the version of Internet Group Management Protocol (IGMP) membership is Version 2. The following subsections describe how to configure IGMP protocol version ranging from 1 to 3 with the ip multicast version command. page 24-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 577: Configuring And Removing An Igmp Static Neighbor
4095), a space, followed by port, a space, and the link aggregation group number. For example, to configure link aggregation group 7 with designated VLAN 2 as a static neighbor you would enter: -> ip multicast static-neighbor vlan 2 port 7 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-11...
Page 578: Configuring And Removing An Igmp Static Querier
IGMP static group ports receive IGMP reports generated on the specified IP Multicast group address. The following subsections describe how to configure and remove a static group with the ip multicast static-group command. page 24-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 579: Configuring An Igmp Static Group
For example, to remove an IGMP static member with an IP address of 225.0.0.1 on port 10 in slot 3 with designated VLAN 3 you would enter: -> no ip multicast static-group 225.0.0.1 vlan 3 port 3/10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-13...
Page 580: Modifying Ipms Parameters
10 in tenths of seconds. The following subsections describe how to configure the IGMP last member query interval and restore it by using the ip multicast last-member-query-interval command. page 24-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 581: Modifying The Igmp Query Response Interval
6000 tenths-of-seconds you would enter: -> ip multicast query-response-interval 6000 You can also modify the IGMP query response interval on the specified VLAN by entering: -> ip multicast vlan 3 query-response-interval 6000 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-15...
Page 582: Modifying The Igmp Router Timeout
-> ip multicast router-timeout 0 Or, as an alternative, enter: -> ip multicast router-timeout To restore the IGMP router timeout to its default value. page 24-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 583: Modifying The Source Timeout
You can also restore the source timeout on the specified VLAN by entering: -> ip multicast vlan 2 source-timeout 0 Or, as an alternative, enter: -> ip multicast vlan 2 source-timeout To restore the source timeout to its default value. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-17...
Page 584: Enabling And Disabling Igmp Querying
You can modify the IGMP robustness variable from 1 to 7 on the system if no VLAN is specified, by entering ip multicast robustness followed by the new value. For example, to set the value of IGMP robustness to 3 you would enter: -> ip multicast robustness 3 page 24-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 585: Enabling And Disabling The Igmp Spoofing
To disable IGMP spoofing on the system if no VLAN is specified, use the ip multicast spoofing command as shown below: -> ip multicast spoofing disable Or, as an alternative, enter: OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-19...
Page 586: Enabling And Disabling The Igmp Zapping
You can also disable IGMP zapping on the specified VLAN by entering: -> ip multicast vlan 2 zapping disable Or, as an alternative, enter: -> ip multicast vlan 2 zapping To restore the IGMP zapping to its default setting. page 24-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 587: Limiting Igmp Multicast Groups
To set the IGMP group limit for a port and drop any requests above the limit, use the ip multicast port max-group command as shown below: -> ip multicast port 1/1 max-group 25 action drop OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-21...
Page 588: Ipmsv6 Overview
Multicast Group (dynamically built) Multicast Stream (destination IPv6 address) Multicast Server (source IPv6 address) Ports on end stations send MLD requests to receive multicast traffic. Network A Network B page 24-22 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 589: Reserved Ipv6 Multicast Addresses
MLDv2 also supports Source Specific Multicast (SSM) by allowing hosts to report interest in receiving packets only from specific source addresses or from all but specific source addresses. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-23...
Page 590: Configuring Ipmsv6 On A Switch
“Configuring and Removing an MLD Static Group” on page 24-27) Note. See the “IP Multicast Switching Commands” chapter in the OmniSwitch CLI Reference Guide for complete documentation of IPMSv6 CLI commands. Enabling and Disabling IPv6 Multicast Status IPv6 Multicast is disabled by default on a switch. The following subsections describe how to enable and...
Page 591: Enabling And Disabling Mld Querier-Forwarding
To change the MLD version to Version 2 (MLDv2) on the system if no VLAN is specified, use the ipv6 multicast version command as shown below: -> ipv6 multicast version 2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-25...
Page 592: Configuring And Removing An Mld Static Neighbor
4095), a space, followed by port, a space, and the link aggregation group number. For example, to configure link aggregation group 7 with designated VLAN 2 as a static neighbor you would enter: -> ipv6 multicast static-neighbor vlan 2 port 7 page 24-26 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 593: Configuring And Removing An Mld Static Querier
MLD static group ports receive MLD reports generated on the specified IPv6 Multicast group address. The following subsections describe how to configure and remove an MLD static group by using the ipv6 multicast static-group command. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-27...
Page 594: Configuring An Mld Static Group
For example, to remove an MLD static member with an IPv6 address of on port 10 in slot 3 with ff05::5 designated VLAN 3 you would enter: -> no ipv6 multicast static-group ff05::5 vlan 3 port 3/10 page 24-28 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 595: Modifying Ipmsv6 Parameters
600 milliseconds on the system if no VLAN is specified, you would enter: -> ipv6 multicast last-member-query-interval 2200 You can also modify the MLD last member query interval on the specified VLAN by entering: -> ipv6 multicast vlan 3 last-member-query-interval 2200 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-29...
Page 596: Modifying The Mld Query Response Interval
-> ipv6 multicast query-response-interval 0 Or, as an alternative, enter: -> ipv6 multicast query-response-interval To restore the MLD query response interval to its default value. page 24-30 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 597: Modifying The Mld Router Timeout
The default source timeout (i.e., expiry time of IPv6 multicast sources) is 30 seconds. The following subsections describe how to configure a user-specified source timeout value and restore it by using the ipv6 multicast source-timeout command. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-31...
Page 598: Enabling And Disabling The Mld Querying
You can disable the MLD querying by entering ipv6 multicast querying followed by the disable keyword. For example, to disable the MLD querying you would enter: disable -> ipv6 multicast querying page 24-32 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 599: Modifying The Mld Robustness Variable
To restore the MLD robustness to its default value. You can also modify the MLD robustness variable from 1 to 7 on the specified VLAN by entering: -> ipv6 multicast vlan 2 robustness 0 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-33...
Page 600: Enabling And Disabling The Mld Spoofing
By default MLD (i.e., processing membership and source filter removals immediately without waiting for the specified time period for the protocol– this mode facilitates IP TV applications looking for quick page 24-34 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 601: Limiting Mld Multicast Groups
To set the MLD global group limit and drop any requests above the limit, use the ip multicast max- group command as shown below: -> ipv6 multicast max-group 25 action drop OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-35...
Page 602 To set the MLD group limit for a port and drop any requests above the limit, use the ip multicast port max-group command as shown below: -> ipv6 multicast port 1/1 max-group 25 action drop page 24-36 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 603: Ipms Application Example
Configure the client attached to Port 2 as a static querier belonging to VLAN 5 by entering: -> ip multicast static-querier vlan 5 port 1/2 Modify the robustness variable from its default value of 2 to 7 by entering: -> ip multicast robustness 7 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-37...
Page 604 Total 1 Neighbors Host Address VLAN Port Static Count Life ---------------+-----+-----+-------+------+----- 1.0.0.2 -> show ip multicast querier Total 1 Queriers Host Address VLAN Port Static Count Life ---------------+-----+-----+-------+------+----- 1.0.0.3 page 24-38 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 605: Ipmsv6 Application Example
Configure the client attached to Port 2 as a static MLD querier belonging to VLAN 5 by entering: -> ipv6 multicast static-querier vlan 5 port 1/2 Modify the robustness variable from its default value of 2 to 7 by entering: -> ipv6 multicast robustness 7 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-39...
Page 606 Total 1 Neighbors Host Address VLAN Port Static Count Life -------------------------+-----+-----+-------+------+----- fe80::2a0:ccff:fed3:2853 -> show ipv6 multicast querier Total 1 Queriers Host Address VLAN Port Static Count Life -------------------------+-----+-----+-------+------+----- fe80::2a0:ccff:fed3:2854 page 24-40 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 607: Displaying Ipms Configurations And Statistics
234.0.0.4 0.0.0.0 exclude 229.0.0.1 0.0.0.0 2/13 exclude Note. See the “IP Multicast Switching Commands” chapter in the OmniSwitch CLI Reference Guide for complete documentation on IPMS show commands. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 24-41...
Page 608: Displaying Ipmsv6 Configurations And Statistics
3333::1 exclude ff05::9 2/13 exclude Note. See the “IPv6 Multicast Switching Commands” chapter in the OmniSwitch CLI Reference Guide for complete documentation on IPMS show commands. page 24-42 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 609: Chapter 25 Configuring Qos
Data Center Bridging (DCB) protocols are also supported and implemented using embedded profiles in the same manner that QoS profiles are applied. DCB and QoS profiles are mutually exclusive in that if the OmniSwitch Data Center software license is installed, only DCB profiles are applied. For more informa- tion, see Chapter 2, “Configuring Data Center Bridging,”...
Page 610 In This Chapter Configuring QoS • “Traffic Policing and Shaping” on page 25-22. • “QoS Defaults” on page 25-34. • “Configuring QoS” on page 25-38. • “Policy Applications” on page 25-74. page 25-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 611: Qos Specifications
QoS Specifications QoS Specifications The QoS functionality described in this chapter is supported on the OmniSwitch 10K and OmniSwitch 6900 switches, unless otherwise stated in the following QoS Specifications table or specifically noted within any other section of this chapter. Note that any maximum limits provided in the QoS Specifica- tions table are subject to available system resources.
Page 612: Qos General Overview
IP also calls QoS to validate and/or prioritize packets originating from the switch. The general order of events with respect to the OmniSwitch implementation of QoS are as follows: Classification—Packets are classified and marked according to policies and traffic behavior. This is accomplished on the ingress using technologies, such as 802.1p, IP precedence and Diffserv Code Point...
Page 613 Traffic Policing and Shaping—Packet flows are policed or shaped to limit the rate of traffic received or sent by the switch. See “Traffic Policing and Shaping” on page 25-22. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-5...
Page 614: Classification
0 (lowest) to 7 (highest) and maps to the ToS precedence values. The OmniSwitch output queuing capability uses these CoS values to determine the forwarding treatment by prioritizing flows based on application and network requirements. For more information about output queue (congestion) management, see “Congestion Management”...
Page 615: Classifying Bridged Traffic As Layer 3
This is done by adding up to four MAC addresses or four ranges of MAC addresses to the predefined QoS “alaPhone” MAC address group. See “Creating MAC Groups” on page 25-57 for more information. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-7...
Page 616: Configuring Trusted Ports
The QoS CPU priority policy action is used in a policy to assign a priority value to traffic destined for the CPU. See the policy action cpu priority command page in the OmniSwitch CLI Reference Guide for more information. Configuring Trusted Ports By default switch ports are untrusted;...
Page 617: Using Trusted Ports With Policies
Action Combinations” on page 25-33 for more information. Note. 802.1p mapping can also be set for Layer 3 traffic, which typically has the 802.1p bits set to zero. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-9...
Page 618: Congestion Management
The queue management and related QoS functions are implemented using a framework based on Queue Sets (QSets). A QSet is a set of eight aggregate VOQs (OmniSwitch 10K) or a set of eight egress port queues (OmniSwitch 6900) that are associated with each switch port.
Page 619: How It Works
LAG, the QSI and profile for the port reverts back to the default values. The following example diagram is specific to the OmniSwitch 10K architecture and QSet profiles, but the relationship shown between switch ports, QSet instances, and profiles as they apply to unicast traffic is the same for both the OmniSwitch 10K and OmniSwitch 6900.
Page 620 • QSP 1 and QSP 4 apply the default WRED profile 1 (WRP 1) to the QSI for port 1/1 and port 2/1. (WRED is only supported on the OmniSwitch 6900). • The QSet framework shown in this example applies to unicast traffic. Selecting QSPs only applies to unicast VOQ queue management.
Page 621 To view the QSet profile configuration for the switch, use the show qos qsp command. See the OmniSwitch CLI Reference Guide for more information about the qos qsi qsp and related show commands. QSet Profile Mapping (Unicast) This sections contains a unicast queue mapping table for each of the four pre-defined QSet profiles (QSPs).
Page 622 2.1, 2.2, 2.3 AF2 WFQ (starvable) 1.1, 1.2, 1.3 AF1 WFQ (starvable) 4, 3, 2, 4, 3, 2, 4.0, 3.0, BE not guaranteed 1, 0 1, 0 2.0, 1.0, 0.0 page 25-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 623: Multicast And Unicast Traffic Distribution
OS10K-XNI-U16L (8 x 10G, 8 x 1G) However, for non-default QSet profiles (QSP 2–4) and non-default DCB profiles (DCP 1–7, 9–128) on the OmniSwitch 6900 and the OmniSwitch 10K modules listed above, the multicast and unicast queue mapping is as follows:...
Page 624 Priority Weight 7, 6 Avg(W7,W6) 5, 4 Avg(W5,W4) 3, 2 Avg(W3,W2) 1, 0 Avg(W1,W0) Note: Wn = Weight of UCn Avg(Wn,Wm) = Average of Weights of UCn & UCm page 25-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 625 This will affect multicast hosts not in the congestion path. When a multicast source is attached to a port on a OmniSwitch 6900, make sure that PFC is not enabled for that particular priority on the ingress. This can be done by configuring the port to use DCP 8 (all prior- ities are lossless) or for instance, DCB-1 (priority 4 and 5 are lossless, so multicast may be sent at any other priority other than priority 4 or 5).
Page 626: Omniswitch 10K Queue Management
Congestion Management Configuring QoS OmniSwitch 10K Queue Management The OmniSwitch 10K is an input-queue switch. Queue management is done on the ingress based on a virtual output queue (VOQ) architecture that is inherent to the switch. • The ingress queue management function on each switch NI allocates a set of eight physical VOQs for every port in the system, including ports that belong to the NI.
Page 627 The OmniSwitch 10K implementation of VOQ means that packets only cross the switch shortly before they exit the system. And, because egress bandwidth capacity is checked before packets are sent across the switch, adverse traffic patterns do not disrupt rate guarantees.
Page 628: Congestion Avoidance
The queue gain (a numeric value used to determine the instantaneous average queue length). The OmniSwitch 6900 supports the use of one WRED profile (WRP 1), which is applied to TCP traffic when the profile is enabled for the QSet instance. By default, WRP 1 is associated with each QSet profile and applied to each unicast queue within the QSet instance associated with the QSet profile.
Page 629 Green 100% The minimum and maximum threshold values are a percentage of the maximum average queue length. The OmniSwitch 6900 average queue length is calculated as follows: Total Number of Cells : 46080 Total Number of Ports : 64 Number of Queuss : 8...
Page 630: Traffic Policing And Shaping
Min-Th: 90, Max-Th: 100, Max-Pb: 24, Gain: See the OmniSwitch CLI Reference Guide for more information about the qos qsi wred and show qos wrp commands. Traffic Policing and Shaping Traffic policing and shaping mechanisms are used to limit the rate of traffic. The main difference between the two is how they handle traffic that violates the specified rate.
Page 631: Shaping
• Single-Rate TCM (srTCM)—Packets are marked based on a Committed Information Rate (CIR) value and two associated burst size values: Committed Burst Size (CBS) and Peak Burst Size (PBS). OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-23...
Page 632 There is no explicit CLI command to specify the mode in which the TCM meter operates. This mode is determined by whether or not the PIR is configured for the policy action and if the value of the PIR is page 25-24 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 633 The rule is not active on the switch until the qos apply command is entered. When the rule is activated, any flows coming into the switch from source IP address 10.10.5.3 is metered and marked according to the TCM policier parameters specified in the tcm1 policy action. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-25...
Page 634: Configuring Policy Bandwidth Policing
For example: -> qos port 1/10 dei egress -> qos port 1/11 dei ingress See the OmniSwitch CLI Reference Guide for more information about these commands. Configuring Policy Bandwidth Policing policy action maximum bandwidth policy action maximum depth commands are used to configure QoS policy actions.
Page 635: Port Groups And Maximum Bandwidth
Doing so, effects egress rate limiting/egress policing on the ingress port itself. The limitation of bridged port traffic only on OmniSwitch 10K desti- nation ports applies in this case as well.
Page 636: Configuring Port Bandwidth Shaping
CLI commands. For more informa- tion about these commands, see the OmniSwitch CLI Reference Guide. Note the following when configuring the ingress or egress bandwidth limit for a port: • Maximum bandwidth limiting is done using a granularity of 64K bps. Any value specified that is not a multiple of 64K is rounded up to the next highest multiple of 64K.
Page 637: Qos Policy Overview
PolicyView. And vice versa. This section discusses policy configuration using the CLI. For information about using WebView to configure the switch, see the OmniSwitch AOS Release 7 Switch Management Guide. For information about configuring policies through PolicyView, see the PolicyView online help.
Page 638: Policy Lists
• User Network Profile (UNP)—This type of policy list is associated with the Universal Network Profile (UNP) that is supported on the OmniSwitch 6900. The rules in this list are applied to device traffic that was classified into the profile.
Page 639: Policy Conditions
Layer 2 and Layer 3 rules are always effected on bridged and routed traffic. As a result, combining source or destination TCP/UDP port and IP protocol in a condition is allowed. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 640: Policy Actions
Stamp/ Redirect Redirect Port Permanent Drop Priority Max BW Port Linkagg Disable Gateway IP Mirror Drop Priority Stamp/Map Max BW Redirect Port Redirect Linkagg Port Disable Permanent Gateway IP page 25-32 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 641: Condition And Action Combinations
(a rule that uses the “multicast” keyword and only applies to IGMP traffic) destination slot/port or port group all actions bridging only OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-33...
Page 642: Qos Defaults
The maximum ingress bandwidth qos port maximum ingress-bandwidth port bandwidth The default 802.1p value inserted qos port default 802.1p into packets received on untrusted ports. page 25-34 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 643: Queue Management Defaults
QSet instance. See “Congestion Management” on page 25-10 for more information. OmniSwitch 10 Queue Management Defaults The following are the default QSet and queue profile settings applied with QSP 1 on the OmniSwitch 10K: QSP 1 Default Bandwidth...
Page 644: Policy Rule Defaults
WRP 1 QP1–QP8 CIR PIR 0%, 100% WFQ Mode WERR WFQ Weight The following are the default drop precedence settings applied with WRP 1 on the OmniSwitch 6900: WRP 1 Yellow Green Minimum queue threshold Maximum queue threshold Drop probability...
Page 645: Policy Action Defaults
The switch network group—The switch has a default network group, called switch, that includes all IP addresses configured for the switch itself. This default network group can be used in policies. See “Creating Network Groups” on page 25-54 for more information about network groups. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-37...
Page 646: Configuring Qos
Applying the Configuration. All policy rule configuration and some global parameters must be specifically applied through the qos apply command before they are active on the switch. See “Applying the Configuration” on page 25-71. page 25-38 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 647: Configuring Global Qos Parameters
Layer 2 and Layer 3 information, etc. For a detailed explanation about the types of infor- mation that can be logged, see the debug qos command page in the OmniSwitch CLI Reference Guide. A brief summary of the available keywords is given here: debug qos keywords...
Page 648: Number Of Lines In The Qos Log
-> qos no forward log To activate the change, enter the qos apply command. For more information about the qos apply command, see “Applying the Configuration” on page 25-71. page 25-40 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 649: Forwarding Log Events To The Console
QoS log messages can be sent to the switch logging utility, which is an event logging application available on the OmniSwitch. The configuration of the switch logging utility then determines if QoS messages are sent to a log file in the switch’s flash file system, displayed on the switch console, and/or sent to a remote syslog server.
Page 650: Setting The Statistics Interval
Displays global information about the QoS configuration. show qos statistics Displays statistics about QoS events. For more information about the syntax and displays of these commands, see the OmniSwitch CLI Refer- ence Guide. page 25-42 OmniSwitch AOS Release 7 Network Configuration Guide...
Page 651: Creating Policies
This section describes generally how to use these commands. For additional details about command syntax, see the OmniSwitch CLI Reference Guide. Note. A policy rule can include a policy condition or a policy action that was created through PolicyView rather than the CLI.
Page 652: Ascii-File-Only Syntax
QoS object’s origin be modified. The blt keyword indicates built-in; this keyword cannot be used on the command line. For information about built-in policies and QoS groups, see “How Policies Are Used” on page 25-29. page 25-44 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 653: Creating Policy Conditions
(multicast only) ethertype The condition is not activated on the switch until you enter the qos apply command. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-45...
Page 654: Creating Policy Actions
For information about supported combinations of condition and action parameters, see “Policy Conditions” on page 25-31 “Policy Actions” on page 25-32. See the OmniSwitch CLI Reference Guide for details about command syntax. page 25-46 OmniSwitch AOS Release 7 Network Configuration Guide...
Page 655: Creating Policy Rules
Policy rule rule5 combines the condition and the action, so that traffic arriving on the switch from 10.10.8.9 is placed into the highest priority queue. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-47...
Page 656: Configuring A Rule Validity Period
By default, rules are enabled. Rules are disabled or re-enabled through the policy rule command using the disable and enable options. For example: -> policy rule rule5 disable This command prevents rule5 from being used to classify traffic. page 25-48 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 657: Rule Precedence
-> policy rule rule5 save For more information about the configuration snapshot, write memory, and copy running-config working commands, see the OmniSwitch AOS Release 7 Switch Management Guide and the OmniSwitch CLI Reference Guide. For more information about applying rules, see “Applying the Configuration”...
Page 658: Creating Policy Lists
Note that the no default-list option was used to create the rules. Using this option is recommended when creating a policy list for a UNP. See “Guidelines for Configuring Policy Lists” on page 25-51. page 25-50 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 659 If the QoS status of an individual rule is disabled, then the rule is disabled for all policy lists, even if a list to which the policy belongs is enabled. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-51...
Page 660: Verifying Policy Configuration
Use the applied keyword to display information about applied rules only. show active policy rule Displays applied policy rules that are active (enabled) on the switch. page 25-52 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 661: Using Condition Groups In Policies
10.0.1.166 +netgroup1 10.10.5.1/255.255.255.0 10.10.5.2/255/255/255.0 See the OmniSwitch CLI Reference Guide for more information about the output of this display. See “Verifying Condition Group Configuration” on page 25-59 for more information about using show commands to display information about condition groups.
Page 662: Creating Network Groups
-> no policy network group netgroup3 If the network group is not currently associated with any condition or action, the network group netgroup3 is deleted from the configuration after the next qos apply. page 25-54 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 663: Creating Services
In the next example, a policy service called ftp2 is created with port numbers for FTP (20 and 21): -> policy service ftp2 protocol 6 source ip port 20-21 destination ip port 20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 664: Creating Service Groups
Note. Service group configuration must be specifically applied to the configuration with the qos apply command. To delete a service from the service group, use no with the relevant service name. For example: -> policy service group serv_group no telnet1 page 25-56 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 665: Creating Mac Groups
To delete addresses from a MAC group, use no and the relevant address(es): -> policy mac group macgrp2 no 08:00:20:00:00:00 This command specifies that MAC address 08:00:20:00:00:00 is deleted from macgrp2 at the next qos apply. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-57...
Page 666: Creating Port Groups
The port group techpubs are deleted at the next qos apply. If techpubs is associated with a policy condition, an error message displays instead: ERROR: techpubs is being used by condition 'cond4' page 25-58 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 667: Verifying Condition Group Configuration
Use the applied keyword to display informa- tion about applied groups only. See the OmniSwitch CLI Reference Guide for more information about the syntax and output for these commands. OmniSwitch AOS Release 7 Network Configuration Guide...
Page 668: Using Map Groups
“Creating Policy Rules” on page 25-47. -> policy rule r3 condition Traffic action tosMap Apply the configuration. For more information about this command, see “Applying the Configuration” on page 25-71. -> qos apply page 25-60 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 669: How Map Groups Work
To delete mapping values from a group, use no and the relevant values: -> policy map group tosGroup no 1-2:4 The specified values are deleted from the map group at the next qos apply. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-61...
Page 670: Verifying Map Group Configuration
To display only information about applied map groups, use the applied keyword with the command. For more information about the output of this command, see the OmniSwitch CLI Reference Guide. page 25-62 OmniSwitch AOS Release 7 Network Configuration Guide...
Page 671: Using Access Control Lists
Since FilterA has an action (BlockTraffic) that is set to deny traffic, the flow would be denied on the switch. Note that although this example contains only Layer 2 conditions, it is possible to combine Layer 2 and Layer 3 conditions in the same policy. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-63...
Page 672 -> policy rule p7 condition p7 action p7 -> qos apply Note. For pure Layer 2 packets, trusted ports retain the 802.1p value of the packet and queue the packets according to that priority value. page 25-64 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 673: Layer 3 Acls
Note that although this example contains only Layer 2 conditions, it is possible to combine Layer 2 and Layer 3 conditions in the same policy. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-65...
Page 674: Ipv6 Acls
Chapter 24, “Configuring IP Multicast Switching.” Multicast traffic has its own global disposition. By default, the global disposition is accept. To change the default, use the qos default multicast disposition command. page 25-66 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 675: Using Acl Security Features
ARP DoS attacks. No configuration is required to use this feature, it is always available and active on the switch. Note that ARPs intended for use by a local subnet, AVLAN, VRRP, and Local Proxy ARP are not discarded. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-67...
Page 676: Configuring A Userports Group
-> qos no user-port filter Note that any changes to the UserPorts profile (e.g., adding or removing a traffic type) are not made until qos apply command is performed. page 25-68 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 677: Configuring Icmp Drop Rules
Note that the above example ACL would prevent FTP sessions. See the policy condition established command page in the OmniSwitch CLI Reference Guide for more information. An ACL can also be defined using the tcpflags parameter to examine and qualify specific TCP flags indi- vidually or in combination with other flags.
Page 678 If the flag only appears as part of the mask, then the match value is zero. See the policy condition tcpflags command page in the OmniSwitch CLI Reference Guide for more information. page 25-70 OmniSwitch AOS Release 7 Network Configuration Guide...
Page 679: Applying The Configuration
Policy settings that have been configured but not applied through the qos apply command can be returned to the last applied settings through the qos revert command. For example: -> qos revert OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-71...
Page 680: Interaction With Ldap Policies
The qos apply, qos revert, and qos flush commands do not affect policies created through the Policy- View application. Separate commands are used for loading and flushing LDAP policies on the switch. See Chapter 29, “Managing Authentication Servers,” for information about managing LDAP policies. page 25-72 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 681: Verifying The Applied Policy Configuration
Displays information about all pending and applied policy map groups or a particular map group. Use the applied keyword to display informa- tion about applied groups only. For more information about these commands, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 682: Policy Applications
Note. If multiple addresses, services, or ports must be given the same priority, use a policy condition group to specify the group and associate the group with the condition. See “Using Condition Groups in Policies” on page 25-53 for more information about groups. page 25-74 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 683: Basic Commands
Note that QoS ports can also be configured for bandwidth shaping through the qos port maximum ingress-bandwidth and qos port maximum egress-bandwidth commands. Traffic Prioritization Example In this example, IP traffic is routed from the 10.10.4.0 network through the OmniSwitch. OmniSwitch Network 1 10.10.4.0...
Page 684: Redirection Policies
-> policy rule L4LARULE condition L4LACOND action REDIRECTLA Note that in both examples above, the rules are not active on the switch until the qos apply command is entered on the command line. page 25-76 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 685: Policy Based Mirroring
This policy (icmpRule) drops all ICMP traffic. To limit the dropped traffic to ICMP echo requests (pings) and/or replies, use the policy condition icmptype to specify the appropriate condition. For example, -> policy condition echo icmptype 8 -> policy condition reply icmptype 0 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-77...
Page 686: P And Tos/Dscp Marking And Mapping
With these conditions and action set up, two policy rules can be configured for mapping Subnet A and Subnet B to the ToS network: -> policy rule RuleA condition SubnetA action map_action -> policy rule RuleB condition SubnetB action map_action page 25-78 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 687: Policy Based Routing
Note. If the routing table has a default route of 0.0.0.0, traffic matching a PBR policy is redirected to the route specified in the policy. For information about viewing the routing table, see Chapter 15, “Configur- ing IP.” OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-79...
Page 688 For example: 174.26.1.0 173.10.2.0 10.3.0.0 Firewall 173.5.1.0 173.5.1.254 OmniSwitch Using a Built-In Port Group page 25-80 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 689 -> policy rule r1 condition c1 action a1 ! route 1,9,17,33,(1+(n*8)) -> policy condition c2 source ip 12.0.0.1 mask 255.0.0.7 -> policy action a2 permanent gateway-ip 10.0.0.2 -> policy rule r2 condition c2 action a2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-81...
Page 690 -> ip slb server ip 10.0.0.6 cluster pbr_servers -> ip slb server ip 10.0.0.7 cluster pbr_servers -> ip slb cluster pbr_servers ping period 1 -> ip slb cluster pbr_servers ping timeout 1000 page 25-82 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 691 IPv6 example using an IPv6 gateway address -> policy condition c9 source ipv6 2000::1 mask e000::7 -> policy action a9 permanent gateway-ipv6 2607:f0d0:2001:000a:0000:0000:0010 -> policy rule r9 condition c9 action a9 -> qos apply OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 25-83...
Page 692 Policy Applications Configuring QoS page 25-84 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 693: In This Chapter
Command Line Interface (CLI) if manual reconfiguration is necessary. For more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. Throughout this chapter the term policy server is used to refer to LDAP directory servers used to store policies.
Page 694: Chapter 26 Managing Policy Servers
Priority value assigned to a server, used to preference 0 (lowest) determine search order Whether a Secure Socket Layer is configured ssl | no ssl no ssl for the server page 26-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 695: Policy Server Overview
See your server documentation for additional details on setting up the server. See the next sections of this chapter for information about modifying policy server parameters or viewing information about policy servers. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 26-3...
Page 696: Modifying Policy Servers
If the policy server is not created on the default port, the no form of the command must include the port number. For example: -> no policy server 10.10.2.4 5000 page 26-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 697: Modifying The Port Number
For example: -> policy server 10.10.2.3 searchbase "ou=qo,o=company,c=us" Note that the searchbase path must be a valid path in the server directory structure. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 26-5...
Page 698: Configuring A Secure Socket Layer For A Policy Server
To flush LDAP policies from the switch, use the policy server flush command. Note that any policies configured directly on the switch through the CLI are not affected by this command. -> policy server flush page 26-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 699: Interaction With Cli Policies
Displays the names of policies originating on a directory server that have been downloaded to the switch. show policy server events Displays any events related to a directory server. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 26-7...
Page 700 Verifying the Policy Server Configuration Managing Policy Servers page 26-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 701: In This Chapter
This chapter provides an overview of the UNP feature and describes how to configure the port-based func- tionality and profile attributes through the Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of commands, see the OmniSwitch CLI Refer- ence Guide.
Page 702: Unp Specifications
UNP classification rules MAC address, MAC-range, IP address, and VLAN tag Number of QoS policy lists per switch 32 (includes the default list) Number of QoS policy lists per UNP page 27-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 703: Unp Defaults
UNP Profile Configuration Defaults Description Keyword Default VLAN classification profiles unp vlan-profile None Service classification profiles unp spb-profile None QoS Policy Lists unp vlan-profileunp spb-profile No list is assigned. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 27-3...
Page 704: Quick Steps For Configuring Unp
1000 list2 See the OmniSwitch CLI Reference Guide for information about the fields in this display. Quick Steps for Configuring Global UNP Parameters The global UNP parameters described in this section are disabled by default. Enabling these parameters is optional based on the need for the functionality they provide.
Page 705: Quick Steps For Configuring Unp Port Parameters
Auth Server Down Timeout (Sec) : 120 See the OmniSwitch CLI Reference Guide for information about the fields in this display. Quick Steps for Configuring UNP Port Parameters By default UNP functionality is disabled on all switch ports. The commands described in this section are used to enable UNP on one or more switch ports and configure authentication and classification parame- ters that are applied to device traffic received on that port.
Page 706: Quick Steps For Configuring Unp Classification Rules
Active See the OmniSwitch CLI Reference Guide for information about the fields in this display. Quick Steps for Configuring UNP Classification Rules When classification is enabled for a UNP port, UNP classification rules are applied to traffic received on that port to determine the UNP VLAN assignment for the traffic.
Page 707: Quick Steps For Configuring Qos Policy Lists
--------+-------------------------------- admin See the OmniSwitch CLI Reference Guide for information about the fields in this display. Quick Steps for Configuring QoS Policy Lists Assigning a QoS policy list to Universal Network Profiles (UNP) is done to further enforce device access to network resources.
Page 708 -> show unp Name Vlan Policy List Name --------------------------------+-----+------------------------------- Sales list1 Guest_user 1000 temp_rules See the OmniSwitch CLI Reference Guide for information about the fields in this display. page 27-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 709: Unp Overview
SPB service access point (SAP). The OmniSwitch supports two separate traffic domains: VLAN and service. The availability of both a VLAN profile and a service profile provides an efficient method for network access control and dynamic assignment of device traffic to one of these domains.
Page 710: Service Profiles
QoS policy list name. Specifies the name of an existing list of QoS policy rules. The rules within the list are applied to all members of the profile group to enforce access to network resources. Only one page 27-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 711 For more information about SPB services and SAPs, see Chapter 3, “Configuring Shortest Path Bridg- ing,” in the OmniSwitch AOS Release 7 Data Center Switching Guide Dynamic SAP Configuration When device traffic is assigned to a service profile, UNP first checks the switch configuration to see if a SAP already exists for the VLAN tag, I-SID, and BVLAN ID values as defined in the service profile.
Page 712: Unp Port Types
VLANs. These VLANs carry many of the same attributes as standard VLANs, such as: • The VLAN status (enabled or disabled) is configurable. • Additional ports (tagged and untagged) can be assigned to dynamic VLANs. page 27-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 713: Device Authentication And Classification
Note that configuring a service profile as the server down UNP is not supported. Enabling MAC authentication is optional with UNP; an administrator may decide to use UNP classifica- tion rules instead. When enabled, however, MAC authentication takes precedence over classification rules. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 27-13...
Page 714 6. IP address Packet contains a matching source IP address. 7. VLAN tag Packet contains a matching VLAN ID tag. For more information, see “Configuring UNP Classification Rules” on page 27-36. page 27-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 715: How It Works
UNP port and profile configuration: • “VLAN Domain Authentication and Classification” on page 27-16. • “Service Domain Authentication and Classification” on page 27-21. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 27-15...
Page 716 VLAN. Untagged Default UNP exists? packets are blocked in the default VLAN. The following diagrams show how the device MAC address and UNP port assignment is handled based on page 27-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 717 UNP dynamic VLAN. • If there is a profile with this advertised VLAN and the VLAN type is MVRP, this VLAN is converted to a UNP dynamic VLAN. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 27-17...
Page 718 UNP dynamic VLAN. • If there is a profile with this advertised VLAN and the VLAN type is MVRP, this VLAN is converted to a UNP dynamic VLAN. page 27-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 719 UNP dynamic VLAN. • If there is a profile with this advertised VLAN and the VLAN type is MVRP, this VLAN is converted to a UNP dynamic VLAN. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 27-19...
Page 720 If the profile VLAN is an MVRP VLAN, the VLAN is converted to UNP dynamic VLAN. > If the profile VLAN does not exist, then a UNP dynamic VLAN is created. page 27-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 721 Default UNP exists? UNP exists? VLAN tag matches Tagged packets are blocked UNP tag value? in tagged VLAN. Untagged packets are blocked in the default VLAN. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 27-21...
Page 722 SAP: • The SAP already exists but is attached to a different I-SID/BLVAN. • Switch resources are not available or configuration limits have reached the maximum number allowed. page 27-22 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 723: Interaction With Other Features
Interaction With Other Features This section contains important information about how Universal Network Profile (UNP) functionality interacts with other OmniSwitch features. Refer to the specific chapter for each feature to get more detailed information about how to configure and use the feature.
Page 724: Multi-Chassis Link Aggregation (Mclag)
Multi-Chassis Link Aggregation Supported on UNP bridge ports only. (MCLAG) aggregates. STP port enable or disable Not supported. 802.1q Not supported. Supported on untagged ports. Ethernet Services (VLAN Stacking) Not supported. page 27-24 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 725: Quality Of Service (Qos)
• If a policy rule is disabled, it is no longer active in any policy list to which it belongs, even if the list is still enabled. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 27-25...
Page 726: Service Assurance Agent
OmniVista will make the necessary notifications and network modifications. Shortest Path Bridging The OmniSwitch supports both a VLAN and service domain for traffic classification. The VLAN domain is identified by a VLAN ID. The service domain is identified by a Shortest Path Bridging (SPB) service instance identifier (I-SID), which is translated into a Service Manger service ID to represent a virtual forwarding instance (VFI).
Page 727: Unp Configuration Overview
Configure a default UNP for the UNP port. The default UNP is applied to traffic when other classifica- tion methods do not provide a profile name. See “Configuring a Default UNP” on page 27-31. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 27-27...
Page 728: Configuring Unp Port-Based Access Control
The UNP port type determines which domain to which traffic received on the port is classified. There are two UNP port type options: bridge (VLAN domain) and access (service domain). page 27-28 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 729: Configuring Unp Port Parameters
-> unp port 1/15-20 mac-authentication enable To disable MAC authentication, use the unp port mac-authentication command with the disable option. -> unp port 1/10 mac-authentication disable -> unp port 1/15-20 mac-authentication disable OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 27-29...
Page 730 A default UNP is configured for the port. See “Configuring a Default UNP” on page 27-31. • The trust VLAN tag function is enabled for the port. See “Configuring the Trust VLAN Tag Status” on page 27-31. page 27-30 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 731 VLAN ID on the switch. • On access ports, the trust VLAN tag option is enabled but the SAP does not exist and cannot be dynamically created for whatever reason. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 27-31...
Page 732 To create a new customer domain ID, use the unp customer-domain command. For example: -> unp customer-domain 10 Use the show unp customer-domain command to display a list of existing customer domain IDs. page 27-32 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 733: Configuring Profiles
For example, the following command assigns SAA profile “unp_saa1” to VLAN profile “unp1”: -> unp vlan-profile unp1 vlan 500 saa-profile unp_saa1 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 27-33...
Page 734: Configuring Service Classification Profiles
However, the list will remain inactive for the UNP until the list is enabled or configured using the QoS policy list commands (see “Configuring QoS Policy Lists” on page 27-37). page 27-34 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 735: Enabling Dynamic Vlan Profile Configuration
VLAN that is a MVRP VLAN, then the MVRP VLAN is automatically converted to a dynamic UNP VLAN (UNP-DYN-VLAN). OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 27-35...
Page 736: Configuring Unp Classification Rules
For example, the following command applies the”unp1” VLAN profile and the “vm-2” service profile to device packets that contain the specified VLAN ID: -> unp classification vlan-tag 100 vlan-profile unp1 spb-profile vm-2 page 27-36 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 737: Configuring Qos Policy Lists
Up to 32 policy lists (including the default list) are supported per switch. Only one policy list per UNP is allowed, but a policy list can be associated with multiple profiles. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 738: Enabling Dynamic Vlan Configuration
However, the unp commands to enable dynamic VLAN configuration and create the UNP are saved in the “! DA-UNP:” section of boot.cfg (see the following sample boot.cfg file). As a result, the VLAN is created again on the next switch bootup. page 27-38 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 739 1.1.1.2 mask 255.0.0.0 unp-name unpTemp2 unp port 1/10 enable unp port 1/10 classification enable unp port 1/10 trust-tag enable unp port 1/11 enable unp port 1/11 mac-authentication enable OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 27-39...
Page 740: Configuring An Authentication Server Down Unp
The authentication down UNP and related timer value are applied to all traffic received on all UNP ports in the event the RADIUS server becomes unreachable. To verify if this setting is enabled or disabled, use show unp global configuration command page 27-40 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 741: Unp Application Example
The illustration below shows the sample UNP configuration described in this section. In this configura- tion, • Pre-defined UNPs on the OmniSwitch 6900 are associated with a profile name, VLAN ID, and option- ally any classification rules and/or a QoS policy list. •...
Page 742: Unp Cli Configuration Example
Enable MAC authentication for the switch and specify the RADIUS server to use for authenticating non-supplicants using the aaa device-classification mac command. -> aaa device-classification mac rad1 Configure UNP VLANs and Profile Parameters Configure VLANs 10, 20, and 30 on the OmniSwitch using the vlan command. -> vlan 10 ->...
Page 743 An authentication server down timer is initiated for the device when the device is assigned to the VLAN associated with this UNP. -> unp auth-server-down-unp temp_unp OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 27-43...
Page 744: Verifying The Unp Configuration
MC Conf Status : Sync, -> show unp Name Vlan Policy List Name Status MC Conf Status ------------------+------+-----------------+--------+------------- Sales list1 Active Sync Finance 1000 list2 Inactive Out Of Sync page 27-44 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 745 0/10 00:80:df:00:00:04 00:80:df:00:00:04 30.0.0.5 Block Remote 0/11 00:80:df:00:00:05 00:80:df:00:00:05 40.0.0.5 Active Local For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 27-45...
Page 746 Verifying the UNP Configuration Configuring Universal Network Profiles page 27-46 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 747: In This Chapter
28 Configuring Application Fingerprinting The OmniSwitch Application Fingerprinting (AFP) feature attempts to detect and identify remote applica- tions by scanning IP packets and comparing the packets to pre-defined bit patterns (application signa- tures). Once an application is identified, AFP collects and stores information about the application flow in a database on the local switch.
Page 748: Chapter 28 Configuring Application Fingerprinting
The Application Fingerprinting (AFP) functionality described in this chapter is supported on the OmniSwitch 10K and OmniSwitch 6900, unless otherwise stated in the following specifications table or specifically noted within any other section of this chapter. Note that any rate limit specifications provided in this table are subject to available system resources.
Page 749: Afp Defaults
Description: Real Time Streaming Protocol, rtsp/1.0 200 ok App Name: sip Description: Session Initiation Protocol, (invite|register|cancel|message|subscribe|notify) sip[\x09-\x0d -~]*sip/[0-2]\. [0-9] App Name: smb Description: Samba - Server Message Block, \xffsmb[\x72\x25] OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 28-3...
Page 750 App Group: mail = smtp App Group: network = bgp dhcp rtsp smb App Group: p2p = hotline App Group: remote_access = ciscovpn citrix rdp ssh vnc App Group: voip = sip page 28-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 751: Quick Steps For Configuring Afp
Legend: * = Port or App-Group is invalid Port Operation Mode App-group/Policy-list --------+----------------+---------------------------------------- 1/2/1 Monitoring Testing13 1/2/1 list1 1/2/1 list2 See the OmniSwitch CLI Reference Guide for information about the fields in this display. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 28-5...
Page 752: Afp Overview
Configuring Application Fingerprinting AFP Overview The OmniSwitch Application Fingerprinting (AFP) feature attempts to detect and identify remote applica- tions by scanning IP packets received on an AFP port and comparing the packet contents against predefined bit patterns or signatures. Once the application is identified, the switch can collect the source and destination information, apply QoS, or generate an SNMP Trap.
Page 753: Application Fingerprinting Modes
-> policy condition c1 appfp-group my-p2p -> policy action a1 disposition drop -> policy rule r1 condition c1 action a1 no default-list -> policy list drop_my-p2p type appfp -> policy list afp-p2p rule r1 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 28-7...
Page 754: Using The Application Regex Signature File
28-7). Combining multiple application signatures into one group eases configuration; specifying a single group name when configuring the AFP operation requires less steps than having to configure AFP for each individual application. page 28-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 755: Application Fingerprinting Database
In addition, a packet counter for each application on the ingress Application Fingerprinting port is kept for statistics generation. The database classification entries and statistics are displayed using Application Fingerprinting show commands (see “Verifying the AFP Configuration” on page 28-19). OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 28-9...
Page 756: Interaction With Other Features
Interaction With Other Features This section contains important information about how Application Fingerprinting (AFP) functionality interacts with other OmniSwitch features. Refer to the specific chapter for each feature to get more detailed information about how to configure and use the feature.
Page 757: Configuring Afp
Configuring Application Fingerprinting Configuring AFP Configuring AFP This section provides the following information about how to configure and activate the OmniSwitch implementation of Application Fingerprinting: • “Configuration Guidelines” on page 28-11. • “Enabling/Disabling AFP” on page 28-12. • “Enabling/Disabling Trap Generation” on page 28-12 •...
Page 758: Enabling/Disabling Afp
By default, AFP trap generation is disabled for the switch. Verifying the Trap Generation Status Use the show app-fingerprint configuration command to verify the trap generation status. For example: page 28-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 759: Changing The Regex Signature Filename
A default REGEX signature file, named “app-regex.txt” is provided in the “/flash/app-signature/” direc- tory on the OmniSwitch. This file is a user-configurable ASCII text file. Adding, removing, or changing application signatures and groups defined in this file is allowed. It is also possible to use a completely different signature file instead of the default “app-regex.txt”...
Page 760: Defining Application Regex Signatures And Groups
Maximum characters allowed for the “App-group:” field is 24. • Enter a list of application signature names (already defined in the signature file) after the “=” with a space between each name page 28-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 761 App names: smtp App-group: network App names: bgp dhcp rtsp smb App Group: App names: hotline App-group: remote_access App names: ciscovpn citrix rdp ssh vnc App Group: voip App names: sip OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 28-15...
Page 762 App-name: HTTP-Hp-OpVw-OvAccep Description: HTTP-Misc-Hp-OpVw-OvAccep-BO OvAcceptLang\x3den\x2dusaAAAAAAAAAAAAAAAAAAAA App-name: HTTP-null-byte Description: HTTP-Misc-asp-null-byte-dis-3 /6fNY7wiRTr/VhR9aOCw5WKprcOxYFD57s1kDpoCCekW0Sxhywdx.*wcanQ.*wcanQ App-group: Static = Apache-mod_cache-DoS BO-Multicast HTTP-null-byte HTTP-Hp-OpVw-OvAccep App-group: AttackMon = TCP-Syn-BDos App-group: AttackBlock = UDP-Flood App-group: AttackRateLmt = DNS-Attack page 28-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 763: Configuring Afp Port Modes
In this example, port 1/11 and aggregate 5 are configured as UNP and AFP ports. AFP will determine if traffic received on this port and aggregate is associated with a UNP. If so, the QoS policy list associated OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 764 Testing13 1/2/1 list1 1/2/1 list2 -> show app-fingerprint linkagg Legend: * = Port or App-Group is invalid Port Operation Mode App-group/Policy-list --------+----------------+---------------------------------------- 0/100 Monitoring Testing16 0/100 list3 0/100 list4 page 28-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 765: Verifying The Afp Configuration
AFP ports. show app-fingerprint statistics Displays packet count statistics for the number of packets sampled and packets matched. Also includes the application signature name for the matched packet counts. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 28-19...
Page 766 Verifying the AFP Configuration Configuring Application Fingerprinting page 28-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 767: In This Chapter
“LDAP Servers” on page 29-14. For information about using servers for authenticating users to manage the switch, see the “Switch Secu- rity” chapter in the OmniSwitch AOS Release 7 Switch Management Guide. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 768: Authentication Server Specifications
RFC 2989–Criteria for Evaluating AAA Protocols for Network Access Maximum number of authentication servers in single authority mode Maximum number of authentication servers in multiple authority mode Maximum number of servers per Authenticated Switch Access type page 29-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 769: Server Defaults
Timeout for server replies to authentication timeout requests Whether a Secure Socket Layer is configured ssl | no ssl no ssl for the server OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 29-3...
Page 770: Quick Steps For Configuring Authentication Servers
/network directory of the switch. Configure authentication on the switch. This step is described in other chapters. For a quick overview of using the configured authentication servers with Authenticated Switch Access, see the OmniSwitch AOS Release 7 Switch Management Guide.
Page 771: Server Overview
(authorization) if it has been configured on the server; otherwise, the local user database is polled for the privileges. For RADIUS, TACACS+, and LDAP, additional servers can be configured as backups. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 29-5...
Page 772 OmniSwitch OmniSwitch lege information about the checks the switch for privi- user. lege information. Servers Used for Authenticated Switch Access page 29-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 773: Radius Servers
6 Service-Type Framed-User (2) if authentication request type is: - supplicant/802.1x authentication - captive-portal authentication - ASA authentication Call-Check (10) if authentication request type is: - MAC based authentication OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 29-7...
Page 774 Not supported. These attributes are used for dial-up sessions; Called-Station-Id not applicable to the RADIUS client in the switch. Calling-Station-Id NAS-Identifier Proxy-State Login-LAT-Service Login-LAT-Node Login-LAT-Group Framed-AppleTalk-Link Framed-AppleTalk-Network Framed-AppleTalk-Zone CHAP-Challenge NAS-Port-Type Port-Limit Login-LAT-Port page 29-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 775 Alcatel-Lucent-Auth-Group-Protocol 24: IPX_E2 In this example, authenticated users on VLAN 23 can use Ethernet II or SNAP encapsulation. Authenticated users on VLAN 24 can use IPX with Ethernet II. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 29-9...
Page 776: Radius Accounting Server Attributes
47 Acct-Input-Packets (Authenticated VLANs only) Tracked per port. 48 Acct-Output-Packets (Authenticated VLANs only) Tracked per port. 49 Acct-Terminal-Cause Indicates how the session was terminated: NAS-ERROR USER-ERROR LOST CARRIER USER-REQUEST STATUS-FAIL page 29-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 777: Configuring The Radius Client
29-3. To remove a RADIUS server, use the no form of the command: -> no aaa radius-server rad1 Note that only one server can be deleted at a time. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 29-11...
Page 778: Tacacs+ Server
A maximum of 50 simultaneous TACACS+ sessions can be supported when no other authentication mechanism is activated. • Accounting of commands performed by the user on the remote TACACS+ process is not supported in the boot.cfg file at boot up time. page 29-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 779: Configuring The Tacacs+ Client
29-3. To remove a TACACS+ server, use the no form of the command: -> no aaa tacacs+-server tac1 Note that only one server can be deleted at a time. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 29-13...
Page 780: Ldap Servers
For example, the port number configured on the server must be the same as the port number configured on the switch. See “Configuring the LDAP Authentication Client” on page 29-25 for information about using this command. page 29-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 781: Ldap Server Details
The most common LDIF entries describe people in companies and organizations. The structure for such an entry might look like the following: dn: <distinguished name> objectClass: top objectClass: person objectClass: organizational Person cn: <common name> sn: <surname> <list of optional attributes> OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 29-15...
Page 782: Directory Entries
DN attributes are separated by commas as shown in this example: cn=your name, ou=your function, o= your company, c=US As there are other conventions used, please refer to the appropriate RFC specification for further details. page 29-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 783: Directory Searches
LDAP client application. The LDAP-enabled directory server uses the DNs to find the entries to either add or modify their attribute values. Attributes are automatically created for requests to add values if the attributes are not already contained in the entries. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 29-17...
Page 784: Directory Compare And Sort
TCP/IP port number for directory server. If using TCP/IP and default port number (389), port need not be specified in the URL. SSL port number for directory server (default is 636). page 29-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 785: Password Policies And Directory Servers
Account Lockout • Reset Password Failure Count • LDAP Error Messages (e.g., Invalid Username/Password, Server Data Error, etc.) For instructions on installing LDAP-enabled directory servers, refer to the vendor-specific instructions. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 29-19...
Page 786: Directory Server Schema For Ldap Authentication
A key computed from the user password with the alp2key tool. allowedtime The periods of time the user is allowed to log into the switch. switchgroups The VLAN ID and protocol (IP_E2, IP_SNAP, IPX_E2, IPX_NOV, IPX_LLC, IPX_SNAP). page 29-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 787: Configuring Functional Privileges On The Server
On the LDAP server, configure the functional privilege attributes with the bitmask values. For more information about configuring users on the switch, see the Switch Security chapter of the OmniSwitch AOS Release 7 Switch Management Guide. Configuring Authentication Key Attributes The alp2key tool is provided on the Alcatel-Lucent software CD for computing SNMP authentication keys.The alp2key application is supplied in two versions, one for Unix (Solaris 2.5.1 or higher) and one...
Page 788: Ldap Accounting Attributes
User account ID or username client entered to log-in: variable length digits. • Time Stamp (YYYYMMDDHHMMSS (YYYY:year, MM:month, DD:day, HH:hour, MM:minute, SS:second) • Switch serial number: Alcatel-Lucent.BOP.<switch name>.<MAC address> • Client IP address: variable length digits. page 29-22 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 789 Log-in fail error code: nn. For error code descriptions refer to the vendor-specific listing for the specific directory server in use. • Log-out reason code, for example PASSWORD EXPIRED(7) or AUTHENTICATION FAILURE(21). OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 29-23...
Page 790: Dynamic Logging
If the organizational unit ou=bop.logging exists somewhere in the tree under searchbase, logging records are written on the server. See the documentation of the server manufacturer for more information about setting up the server. page 29-24 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 791: Configuring The Ldap Authentication Client
Note. The server must be configured with the appropriate schema before the aaa ldap-server command is configured. The keywords for the aaa ldap-server command are listed here: Required for creating: optional: host type retransmit password timeout base port OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 29-25...
Page 792: Creating An Ldap Authentication Server
The switch can now communicate with the server on port 635. To remove SSL from the server, use no with the ssl keyword. For example: -> aaa ldap-server ldap2 no ssl SSL is now disabled for the server. page 29-26 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 793: Verifying The Authentication Server Configuration
An example of the output for this command is given in “Quick Steps For Configuring Authentication Servers” on page 29-4. For more information about the output of this command, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide...
Page 794 Verifying the Authentication Server Configuration Managing Authentication Servers page 29-28 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 795: In This Chapter
30-4. • Configuring an example Port Mapping Session—see “Sample Port Mapping Configuration” on page 30-5. • Verifying a Port Mapping Session—see “Verifying the Port Mapping Configuration” on page 30-6. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 30-1...
Page 796: Chapter 30 Configuring Port Mapping
-> port-mapping 8 enable Note. You can verify the configuration of the port mapping session by entering show port-mapping followed by the session ID. -> show port-mapping 8 SessionID USR-PORT NETWORK-PORT -----------+----------------+------------------ page 30-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 797: Creating/Deleting A Port Mapping Session
To delete a previously created mapping session, use the no form of the port-mapping command. For example, to delete the port mapping session 6, enter: -> no port-mapping 6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 30-3...
Page 798: Enabling/Disabling A Port Mapping Session
To restore the direction of a port mapping session to its default (bidirectional), enter port-mapping followed by the session ID and bidirectional keyword. For example, to restore the direction (bidirectional) of the port mapping session 5, enter: -> port-mapping 5 bidirectional page 30-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 799: Sample Port Mapping Configuration
Ports 2/1 and 2/2 on Switch A do not interact with each other and do not interact with the ports on Switch B. • Ports 2/1, 2/2, and 3/1 on Switch B interact with all the ports of the network except with ports 2/1 and 2/2 on Switch A. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 30-5...
Page 800: Example Port Mapping Configuration Steps
Displays the configuration of one or more port mapping sessions. For more information about the displays that result from these commands, see the OmniSwitch CLI Reference Guide. page 30-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 801: Chapter 31 Configuring Learned Port Security
This chapter provides an over of the LPS feature and describes how to configure LPS parameters through the Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. The following information and procedures are included in this chapter: •...
Page 802: Learned Port Security Specifications
MAC address range per LPS port. port-security mac-range 00:00:00:00:00:00– ff:ff:ff:ff:ff:ff LPS port violation mode. port-security port violation restrict Number of bridged MAC addresses port-security learn-trap- learned before a trap is sent. threshold page 31-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 803: Sample Learned Port Security Configuration
Max MAC filtered : Low MAC Range 00:00:00:00:00:00, High MAC Range ff:ff:ff:ff:ff:ff, Violating MAC NULL VLAN MAC TYPE OPERATION -------------------------+--------+-----------------+----------------- 00:11:22:22:22:22 STATIC bridging 00:11:22:22:22:21 STATIC bridging 00:11:22:22:22:21 PSEUDO-STATIC bridging OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 31-3...
Page 804 To verify the new source learning time limit value, use the show port-security learning-window command. For example: -> show port-security learning-window Learning-Window 500 min, Convert-to-static DISABLE, No Aging ENABLE, Boot Up ENABLE, Remaining Learning Window = 25018 sec, page 31-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 805: Learned Port Security Overview
Stop dynamically learned MAC address aging. When this option is enabled, MAC addresses learned during the learning window time will not age out or get flushed, even after the learning window closes. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 806: Mac Address Types
Is the no aging disable port or restrict a dynamic filtered address option enabled? unlearned packet MAC address learned as MAC address learned as a pseudo-static address a dynamic bridged address page 31-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 807: Dynamic Configuration Of Authorized Mac Addresses
LPS table. All traffic that is received on port 2/10 is compared to the 00:da:95:00:59:0c entry. If any traffic received on this port OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 808: Static Configuration Of Authorized Mac Addresses
If the LPS port is shut down or the network device is disconnected from the port, the LPS table entries and the source learning MAC address table entries for the port are automatically cleared. page 31-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 809: Interaction With Other Features
Interaction With Other Features This section contains important information about how Universal Network Profile (UNP) functionality interacts with other OmniSwitch features. Refer to the specific chapter for each feature to get more detailed information about how to configure and use the feature.
Page 810: Configuring Learned Port Security
Disables all learning on the port. When LPS is locked: • Existing MAC addresses are retained. • No additional learning is allowed. • Static MAC addresses are still allowed. page 31-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 811 (configured and dynamic) in the LPS table for the specified port. For example: -> no port-security port 5/10 After LPS is removed, all the dynamic and static MAC addresses are flushed and unrestricted learning of new MAC addresses is enabled. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 31-11...
Page 812: Configuring The Lps Learning Window
This type of address is treated as a regular statically configured address and will not age out, even after the learning window closes. However, pseudo-static MAC addresses are not saved in the switch configuration. page 31-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 813 Note. After the boot-up option is enabled (either by default or explicitly configured), perform the write memory command to save the port-security learning-window command to the switch configuration (boot.cfg file). This will ensure that the learning window will automatically start when the switch reboots. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 31-13...
Page 814: Configuring The Number Of Bridged Mac Addresses Allowed
The violation mode configured for the LPS port is applied (see “Selecting the Security Violation Mode” on page 31-16 for more information). • An SNMP trap is generated. • An event is entered into the switch log. page 31-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 815: Configuring An Authorized Mac Address Range
00:da:25:59:0c:10–ff:ff:ff:ff:ff:ff and 00:00:00:00:00:00–00:da:25:00:00:9a: -> port-security port 2/8 mac-range low pp:da:25:59:0c -> port-security port 2/10 mac-range high 00:da:25:00:00:9a Refer to the OmniSwitch CLI Reference Guide for more information about this command. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 816: Selecting The Security Violation Mode
Action Reason Timer -------+----------+-------------------+----------------+-------- src lrn simulated down lps shutdown simulated down policy udld admin down udld To clear all the LPS violation information use the show violation command. page 31-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 817: Displaying Learned Port Security Information
Displays the address violations that occur on ports with LPS restrictions. For more information about the resulting display from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show port-security, show port-security learning-window and show violation commands is also given in “Sample Learned Port Security Configu-...
Page 818 Displaying Learned Port Security Information Configuring Learned Port Security page 31-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 819: In This Chapter
32-21. • Configuring a Port Monitoring Session—see “Configuring a Port Monitoring Session” on page 32-25. • Enabling a Port Monitoring Session—see “Enabling a Port Monitoring Session” on page 32-25. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-1...
Page 820 Configuring Sampling Intervals—see “Configuring Sampling Intervals” on page 32-45. For information about additional Diagnostics features such as Switch Logging and System Debugging/ Memory Management commands, see Chapter 34, “Using Switch Logging.” page 32-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 821: Port Mirroring Overview
Fast Ethernet (100 Mbps) Gigabit Ethernet (1 Gbps) 10 Gigabit Ethernet (10 Gbps) 40 Gigabit Ethernet (40 Gbps) Mirroring Sessions Supported OmniSwitch 10K - 2 (OS10-XNI-U32 supports 1 session) OmniSwitch 6900 - 2 Combined Mirroring/Monitoring Ses- OmniSwitch 10K - 3 sions per Chassis...
Page 822: Quick Steps For Configuring Port Mirroring
Enable For more information about this command, see “Displaying Port Mirroring Status” on page 32-22 or the “Port Mirroring and Monitoring Commands” chapter in the OmniSwitch CLI Reference Guide. page 32-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 823: Port Monitoring Overview
Data File Creation port-monitoring source Enabled Data File Size port-monitoring source File Overwriting port-monitoring source Enabled Time before session is deleted port-monitoring source 0 seconds Capture-type port-monitoring source brief OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-5...
Page 824: Quick Steps For Configuring Port Monitoring
Bidirectional ON brief For more information about this command, see “Port Monitoring” on page 32-24 or the “Port Mirroring and Monitoring Commands” chapter in the OmniSwitch CLI Reference Guide. page 32-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 825: Sflow Overview
Receiver IP Address sflow receiver 0.0.0.0 Receiver Data File Size sflow receiver 1400 Bytes Receiver Version Number sflow receiver Receiver Destination Port sflow receiver 6343 Sampler Rate sflow sampler OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-7...
Page 826 Overview Diagnosing Switch Problems Parameter Description CLI Command Default Value/Comments Sample Header Size sflow sampler 128 Bytes Poller Interval Value sflow poller 5 seconds page 32-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 827: Quick Steps For Configuring Sflow
ID. The display is similar to the one shown below: -> show sflow sampler 1 Instance Interface Receiver Rate Sample-Header-Size ----------------------------------------------------------------- 2/ 1 2048 2/ 2 2048 2/ 3 2048 2/ 4 2048 2/ 5 2048 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-9...
Page 828 2/ 7 2/ 8 2/ 9 2/10 For more information about this command, see “sFlow” on page 32-29 or the “sFlow Commands” chapter in the OmniSwitch CLI Reference Guide. page 32-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 829: Remote Monitoring (Rmon) Overview
RMON Traps Supported RisingAlarm/FallingAlarm These traps are generated whenever an Alarm entry crosses either its Rising Threshold or its Falling Threshold and generates an event con- figured for sending SNMP traps. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-11...
Page 830: Rmon Probe Defaults
“Displaying a List of RMON Probes” on page 32-37, “Displaying Statistics for a Particular RMON Probe” on page 32-38, or the “RMON Commands” chapter in the OmniSwitch CLI Reference Guide. page 32-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 831: Switch Health Overview
A Resource Threshold was exceeded by its cor- responding utilization value in the previous cycle, but is not exceeded in the current cycle. Threshold Crossing Traps Supported Device, module, port-level threshold crossings. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-13...
Page 832: Switch Health Defaults
Memory Threshold = 85 For more information about this command, see “Displaying Health Threshold Limits” on page 32-44 the “Health Monitoring Commands” chapter in the OmniSwitch CLI Reference Guide. page 32-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 833: Port Mirroring
When a frame is transmitted by the mirrored port, a copy of the frame is made, tagged with the mirroring port as the destination, and sent back over the switch backplane to the mirroring port. The diagram below illustrates the data flow between the mirrored and mirroring ports. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-15...
Page 834: What Happens To The Mirroring Port
You can also move the mirrored port so that the mirroring port receives data from different ports. In this way, you can roam the switch and monitor traffic at various ports. page 32-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 835 D..and port mirroring sends copies of the Management frames to the mirroring port. NMS Workstation Mirroring Port Mirrored Port RMON Probe OmniSwitch Port Mirroring Using External RMON Probe OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-17...
Page 836: Remote Port Mirroring
On the intermediate and destination switches, source learning must be disabled or overridden on the ports belonging to the Remote Port Mirroring VLAN. • The mac-learning vlan disable command can be used to override source learning on an OmniSwitch. The following types of traffic are not mirrored: •...
Page 837: Creating A Mirroring Session
-> port-mirroring 1 source 1/2-6 destination 2/4 In the following example, ports 1/9, 2/7, and 3/5 are mirrored on destination port 2/4 in session 1: -> port-mirroring 1 source 1/9 2/7 3/5 destination 2/4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-19...
Page 838: Unblocking Ports (Protection From Spanning Tree)
2/port 3, and the mirroring port located in slot 6/port 4. The mirroring status is disabled (i.e., port mirroring is turned off): -> port-mirroring 6 source disable Note. You can modify the parameters of a port mirroring session that has been disabled. page 32-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 839: Configuring Port Mirroring Direction
ID number and the keyword enable. The following command enables port mirroring session 6 (turning port mirroring on): -> port-mirroring 6 enable OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-21...
Page 840: Displaying Port Mirroring Status
To delete a mirroring session, enter the no port-mirroring command, followed by the port mirroring session ID number. For example: -> no port-mirroring 6 In this example, port mirroring session 6 is deleted. Note. The port mirroring session identifier must always be specified. page 32-22 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 841: Configuring Remote Port Mirroring
-> policy rule r_is1 condition c_is1 action a_is1 -> qos apply Note. If the intermediate switches are not OmniSwitches, refer to the vendor documentation for instructions on disabling or overriding source learning. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-23...
Page 842: Port Monitoring
You can select to dump real-time packets to a file. Once a file is captured, you can FTP it to a Sniffer or PC for viewing. page 32-24 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 843: Configuring A Port Monitoring Session
To delete a port monitoring session, use the no form of the port-monitoring command by entering no port-monitoring, followed by the port monitoring session ID. For example, to delete port monitoring session 6, enter: -> no port-monitoring 6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-25...
Page 844: Pausing A Port Monitoring Session
-> port-monitoring 6 source 2/3 file /flash/user_port size 3 To select the the type of port monitoring information captured, use the port-monitoring source command by entering port-monitoring, followed by the user-specified session ID number, source, the page 32-26 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 845: Configuring Port Monitoring Direction
If the mode of capture-type is set to ‘brief’, only the first 64 bytes of packets will be captured. If the mode of capture-type is set to ‘full’, then the full packet is captured regardless of the packet size. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 846: Displaying Port Monitoring Status And Data
| 00:26:42:42:03:00:00:00:00:00 00:20:DA:BF:5B:76 | 08:00:20:95:F3:89 | | 08:00:45:00:00:6B:CF:87:40:00 Note. For more information about the displays that result from these commands, see the OmniSwitch CLI Reference Guide. The show port-monitoring command displays only 170 packets from the port monitor file. page 32-28...
Page 847: Sflow
The receiver module has the details about the destination hosts where the sFlow datagrams are sent out. If there are multiple destinations then each destination has an instance of the receiver. All these receivers are attached to the sFlow manager instance and to an associated sample/poller. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-29...
Page 848: Sampler
For example, to configure sFlow sampler session 1 on port 2/3 and to specify the rate and sample-hdr-size, enter: -> sflow sampler 1 port 2/3 receiver 6 rate 512 sample-hdr-size 128 page 32-30 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 849: Configuring A Fixed Primary Address
UDP Port = 6343 Timeout = 65535 Packet Size= 1400 DatagramVer= 5 Note. For more information about the displays that result from these commands, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-31...
Page 850: Displaying A Sflow Sampler
2048 2/ 4 2048 2/ 5 2048 Note. For more information about the displays that result from these commands, see the OmniSwitch CLI Reference Guide. Displaying a sFlow Poller show sflow poller command is used to display the poller table.
Page 851: Displaying A Sflow Agent
= 1.3; Alcatel-Lucent; 6.1.1 Agent IP = 127.0.0.1 Note. For more information about the displays that result from these commands, see the OmniSwitch CLI Reference Guide. Deleting a sFlow Session To delete a sFlow receiver session, use the release form at the end of the...
Page 852: Remote Monitoring (Rmon)
RMON software is fully integrated in the Chassis Management software and works with the Ethernet software to acquire statistical information. However, it does not monitor the CMM module’s onboard Ethernet Management port on OmniSwitch chassis-based switches (which is reserved for management purposes).
Page 853: Ethernet Statistics
Alarm can be generated, printed and/or logged. Note. The following RMON groups are not implemented: Host, HostTopN, Matrix, Filter, and Packet Capture. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-35...
Page 854: Enabling Or Disabling Rmon Probes
The following command enables all currently defined (disabled) RMON Alarm probes: -> rmon probes alarm enable Note. Network activity on subnetworks attached to an RMON probe can be monitored by Network Management Software (NMS) applications. page 32-36 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 855: Displaying Rmon Tables
A display showing all current alarm RMON probes must appear, as shown in the following example: Entry Slot/Port Flavor Status Duration System Resources -------+-----------+-----------+----------+---------------+-------------------- 31927 1/35 Alarm Active 00:25:51 608 bytes OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-37...
Page 856: Displaying Statistics For A Particular Rmon Probe
The display shown here identifies RMON Probe 4005’s Owner description and interface location (OmniSwitch Auto Probe on slot 4, port 5), Entry number (4005), probe Flavor (Ethernet statistics), and Status (Active). Additionally, the display indicates the amount of time that has elapsed since the last change in status (48 hours, 54 minutes), and the amount of memory allocated to the probe, measured in bytes (275).
Page 857: Sample Display For History Probe
Alarm Startup Alarm = rising alarm Alarm Variable = 1.3.6.1.2.1.16.1.1.1.5.4008 Entry 11235 Flavor = Alarm, Status = Active Time = 48 hrs 48 mins, System Resources (bytes) = 1677 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-39...
Page 858: Displaying A List Of Rmon Events
[Rising trap] “Rising Event,” an Alarm condition detected by the RMON probe in which a trap was generated based on a Rising Threshold Alarm, with an elapsed time of 39 minutes since the last change in status. page 32-40 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 859: Monitoring Switch Health
Maximum utilization level over the last hour (percentage) • Threshold level Additionally, Health Monitoring provides the capacity to specify thresholds for the resource utilization levels it monitors and generates traps based on the specified threshold criteria. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-41...
Page 860 See page 32-45 more information.. • show health —Displays health statistics for the switch, as percentages of total resource capacity. See page 32-46 for more information. page 32-42 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 861: Configuring Resource Thresholds
Note. When you specify a new value for a threshold limit, the value is automatically applied across all levels of the switch (switch, module, and port). You cannot select differing values for each level. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 862: Displaying Health Threshold Limits
Note. For detailed definitions of each of the threshold types, refer to “Configuring Resource Thresholds” on page 32-43, as well as Chapter 44, “Health Monitoring Commands,” in the OmniSwitch CLI Reference Guide. page 32-44 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 863: Configuring Sampling Intervals
(measured in seconds) is displayed, as shown below: -> show health configuration Rx Threshold = 80, TxRx Threshold = 80, Memory Threshold = 80, CPU Threshold = 80, Sampling Interval (Secs) = 10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 32-45...
Page 864: Viewing Health Statistics For The Switch
Threshold limit. For example, if the Current value for Memory is displayed as 85* and the Threshold Limit is displayed as 80, the asterisk indicates that the Current value has exceeded the Threshold Limit value. page 32-46 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 865: Viewing Health Statistics For A Specific Interface
1 minute period. 1 Hr. Avg. refers to the average resource bandwidth used over a 1 hour period, and 1 Hr. Max. refers to the maximum resource bandwidth used over a 1 hour period. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 866 Monitoring Switch Health Diagnosing Switch Problems page 32-48 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 867: Chapter 33 Configuring Vlan Stacking
Command Line Interface (CLI). CLI commands are used in the configura- tion examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. This chapter provides an overview of VLAN Stacking and includes the following topics: •...
Page 868: Vlan Stacking Specifications
Traffic engineering profile attributes ethernet-service sap-profile ingress bandwidth = shared for a VLAN Stacking Service Access ingress bandwidth mbps = 0 Point (SAP). CVLAN tag is preserved. SVLAN priority mapping = 0 page 33-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 869 802.3ad, UDLD, OAM, LACP- VLAN Stacking user port. Marker Tunneled Frames: STP, MVRP, Discarded Frames: 802.1ab, VTP VLAN, Uplink Fast, PVST, PAGP, DTP, CDP OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 33-3...
Page 870: Vlan Stacking Overview
The following illustration shows how VLAN Stacking uses the above components to tunnel customer traf- fic through a service provider network: page 33-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 871 Customer A Site 1 Transit Bridge Customer B EMAN Site 2 Provider Edge 1 Provider Edge 3 Customer B Site 1 NNI Port UNI Port NNI Port VLAN Stacking Elements OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 33-5...
Page 872: How Vlan Stacking Works
VLAN Translation replaces the CVLAN Tag with SVLAN Tag. The packet is sent out the network port with a single tag (SVLAN). MAC DA ETYPE MAC SA Payload SVLAN Tag 0x0800 page 33-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 873: Vlan Stacking Services
UNI Port Profile—This type of profile is associated with each UNI port and configures how Span- ning Tree, and other control packets are processed on the UNI port. See the “Configuring VLAN Stacking Services” on page 33-11 for more information. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 33-7...
Page 874: Interaction With Other Features
Configuring VLAN Stacking Interaction With Other Features This section contains important information about VLAN Stacking interaction with other OmniSwitch features. Refer to the specific chapter for each feature to get more detailed information about how to configure and use the feature.
Page 875: Quick Steps For Configuring Vlan Stacking
-> ethernet-service uni-profile uni_1 l2-protocol stp discard (Optional) Associate the “uni_1” profile with port 1/49 using the ethernet-service uni uni-profile command. -> ethernet-service uni port 1/49 uni-profile uni_1 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 33-9...
Page 876 : sap-video1 SAP Id : 30 UNIs : 1/3 CVLAN(s) : 30, 40 sap-profile : sap-video2 See the OmniSwitch CLI Reference Guide for information about the fields in this display. page 33-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 877: Configuring Vlan Stacking Services
It is only necessary to configure a UNI profile if the default attribute values are not sufficient. See “Configuring a UNI Profile” on page 33-20. The following table provides a summary of commands used in these procedures: OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 33-11...
Page 878: Configuring Svlans
To delete an SVLAN from the switch configuration, use the no form of the ethernet-service svlan command. For example, to delete SVLAN 300 enter: -> no ethernet-service svlan 300 page 33-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 879: Configuring A Vlan Stacking Service
: default-sap-profile -> show ethernet-service service-name CustomerABC Service Name : CustomerABC SVLAN : 255 NNI(s) : 1/22 SAP Id : 10 UNIs : 2/10, 2/11 CVLAN(s) : 500, 600 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 33-13...
Page 880: Configuring Vlan Stacking Network Ports
• A mismatch of TPID values on NNI ports that are connected together is not supported; VLAN Stack- ing will not work between switches using different NNI TPID values. page 33-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 881: Configuring A Vlan Stacking Service Access Point
User Network Interface (UNI) ports. See “Configuring VLAN Stacking User Ports” on page 33-17. • Customer VLANs (CVLANs). See “Configuring the Type of Customer Traffic to Tunnel” on page 33-17. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 33-15...
Page 882 SAPs configured for the switch. Use the show ethernet-service command to display a list of VLAN Stacking services and the SAPs associated with each service. page 33-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 883: Configuring Vlan Stacking User Ports
SAP 20 UNI ports are dropped. In addition to specifying one or more CVLANs, it is also possible to specify the following parameters when using the ethernet-service sap cvlan command: OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 33-17...
Page 884: Configuring A Service Access Point Profile
UNI ports and CVLANs. Ingress rate limiting ingress-bandwidth The rate at which customer frames ingress on UNI ports. Egress rate limiting egress-bandwidth The rate at which customer frames egress on UNI ports. page 33-18 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 885 Egress bandwidth can be configured only for SVLANs. • A CVLAN-UNI combination associated with a SAP having egress bandwidth configuration is unique and it cannot be configured on any other SAP with egress bandwidth configuration. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 33-19...
Page 886: Configuring A Uni Profile
UNI port. For example, the following command associates the uni_1 profile to UNI port 1/1: -> ethernet-service uni port 1/1 uni-profile uni_1 page 33-20 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 887 For example: -> ethernet-service uni port 1/1 uni-profile default-uni-profile Use the show ethernet-service uni command to display the profile associations for each UNI port. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 33-21...
Page 888: Vlan Stacking Application Example
UNI 1/1 MAN CLOUD NNI 3/1 NNI 3/1 SVLAN 200 UNI 2/1 UNI 2/1 CVLAN 10 CVLAN 10 Customer B Customer B Site 1 Site 2 VLAN Stacking Application page 33-22 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 889: Vlan Stacking Configuration Example
Configure SAP 30 on PE1 and PE2 to accept only customer traffic that is tagged with CVLAN 10 using the ethernet-service sap cvlan command. -> ethernet-service sap 30 cvlan 10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 33-23...
Page 890 The following is an example of what the sample configuration commands look like entered sequentially on the command line of the provider edge switches: -> ethernet-service svlan 100 -> ethernet-service service-name CustomerA svlan 100 -> ethernet-service svlan 100 nni port 3/1 page 33-24 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 891 -> ethernet-service sap 30 service-name CustomerB -> ethernet-service sap 30 uni 2/1 -> ethernet-service sap 30 cvlan 10 -> ethernet-service sap-profile map_pbit priority map-inner-to-outer-p -> ethernet-service sap 30 sap-profile map_pbit OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 33-25...
Page 892: Verifying The Vlan Stacking Configuration
Displays SAP profile attribute values. For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show ethernet-service command is also given in “Quick Steps for Configuring VLAN Stacking”...
Page 893: Chapter 34 Using Switch Logging
This chapter describes the switch logging feature, how to configure it and display switch logging information through the Command Line Interface (CLI). CLI commands are used in the configuration examples. For more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. In This Chapter The following procedures are described: •...
Page 894: Switch Logging Specifications
Severity Levels/Types Supported 2 (Alarm - highest severity), 3 (Error), 4 (Alert), 5 (Warning) 6 (Info - default), 7 (Debug 1), 8 (Debug 2), 9 (Debug 3 - lowest severity) page 34-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 895: Switch Logging Defaults
Default severity level is info. The numeric equivalent for info is 6 Enabling/Disabling switch logging swlog output Flash Memory and Console Output Switch logging file size swlog output 1250K bytes flash-file-size OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 34-3...
Page 896: Quick Steps For Configuring Switch Logging
Hash Table entries age limit : 60 seconds, Switch Log Preamble : Enabled, Switch Log Debug : Disabled, Switch Log Duplicate Detection : Enabled, Console Display Level : debug3, page 34-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 897: Switch Logging Overview
Notes. Although switch logging provides complementary functionality to switch debugging facilities, the switch logging commands are not intended for use with low-level hardware and software debugging functions. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 34-5...
Page 898: Switch Logging Commands Overview
CLI Keyword Application ID Equivalent IDLE APPID_IDLE DIAG APPID_DIAGNOSTICS IPC-DIAG APPID_IPC_DIAGNOSTICS QDRIVER APPID_QDRIVER QDISPATCHER APPID_QDISPATCHER IPC-LINK APPID_IPC_LINK NI-SUPERVISION APPID_NI_SUP_AND_PROBER INTERFACE APPID_ESM_DRIVER 802.1Q APPID_802.1Q VLAN APPID_VLAN_MGR APPID_GROUPMOBILITY (RESERVED) BRIDGE APPID_SRCLEANING page 34-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 899 APPID_CLI SNMP APPID_SNMP_AGENT APPID_WEBMGT MIPGW APPID_MIPGW SESSION APPID_SESSION_MANAGER TRAP APPID_TRAP_MANAGER POLICY APPID_POLICY_MANAGER APPID_DRC SYSTEM APPID_SYSTEM_SERVICES HEALTH APPID_HEALTHMON NAN-DRIVER APPID_NAN_DRIVER RMON APPID_RMON TELNET APPID_TELNET APPID_PSM APPID_FTP SMNI APPID_SMNI DISTRIB APPID_DISTRIB OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 34-7...
Page 900: Specifying The Severity Level
The following command makes the same assignment by using the severity level and application numbers. -> swlog appid 75 level 3 No confirmation message appears on the screen for either command. page 34-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 901: Specifying The Switch Logging Output Device
IP address to which output is sent. For example, if the target IP address is 168.23.9.100, you would enter: -> swlog output socket ipaddr 168.23.9.100 No confirmation message appears on the screen. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 34-9...
Page 902: Disabling An Ip Address From Receiving Switch Logging Output
To disable a specific configured output IP address from receiving switch logging output, use the same command as above but specify an IPv4 or IPv6 address. For example: -> no swlog output socket 174.16.5.1 page 34-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 903: Configuring The Switch Logging File Size
No confirmation message appears on the screen. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 34-11...
Page 904: Displaying Switch Logging Records
ID, or severity level. For details, refer to the OmniSwitch CLI Reference Guide. The following sample screen output shows a display of all the switch logging information.
Page 905: Chapter 35 Configuring Ethernet Oam
“Configuring Ethernet OAM” on page 35-9. • “Verifying the Ethernet OAM Configuration” on page 35-14. For information about configuring Ethernet OAM Service Assurance Agent (SAA), see Chapter 36, “Configuring Service Assurance Agent.”. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 35-1...
Page 906: Ethernet Oam Specifications
MEP priority-defect Number of Loopback messages ethoam loopback Fault notification alarm time ethoam fault-alarm-time 250 centiseconds Fault notification generation reset ethoam fault-reset-time 1000 centiseconds time page 35-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 907: Ethernet Oam Overview
CFM uses a hierarchical Maintenance Domain (MD) infrastructure to manage and administer Ethernet networks. • Each domain is made up of Maintenance Endpoints (MEPs) and Maintenance Intermediate Points (MIPs). OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 35-3...
Page 908 The following illustration shows an example of the CFM Maintenance Domain hierarchy: Customer Domain Provider Domain Operator Operator Operator Domain Domain Domain Access Network Access Network Core Network Customer Customer Network Network Maintenance End Point Maintenance Intermediate Point page 35-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 909: Fault Management
Frame delay measurement is performed between peer MEPs (measurements to MIPs are not done) within the same MA. Although the OmniSwitch implementation of ETH-DM is compliant with ITU-T Y.1731, delay measurement can be performed for both ITU-T Y.1731 and IEEE 802.1ag MEPs.
Page 910: Chapter 36 Configuring Service Assurance Agent
If a previous delay value is not available, which is the case when a DM request is first made, then jitter is not calculated. page 35-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 911 • The OmniSwitch MD format must be configured as “none”. • ITU-T Y.1731 uses the “icc-based” format for a MEG, so the OmniSwitch MA format must also be configured to use the “icc-based” format. • When the OmniSwitch MA is configured with the “icc-based” format, the MA name is automatically padded with zeros if the name specified is less than 13 characters.
Page 912: Quick Steps For Configuring Ethernet Oam
Enable the maintenance entity to initiate transmitting loopback messages to obtain loopback replies using the ethoam loopback command. For example: -> ethoam loopback target-endpoint 15 source-endpoint 100 domain esd.alcatel- lucent.com association alcatel-sales page 35-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 913: Configuring Ethernet Oam
Note that with this implementation of Ethernet OAM, it is only possible to delete an MD when there is no Maintenance Association, End Point, or Intermediate Point associated with the MD. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 914: Configuring A Maintenance Association
-> ethoam association alcatel-sales domain esd.alcatel-lucent.com endpoint-list 100-200 To remove the MEP list from an Ethernet OAM Maintenance Association, enter: -> no ethoam association alcatel-sales domain esd.alcatel-lucent.com endpoint- list 100-200 page 35-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 915: Configuring A Maintenance End Point
-> ethoam end-point 100 domain esd.alcatel-lucent.com association alcatel-sales ccm enable To configure the priority values for Continuity Check Messages and Linktrace Messages transmitted by a MEP, use the ethoam endpoint priority command. For example: OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 35-11...
Page 916: Configuring Loopback
Ethernet frame delay measurement (ETH-DM) is an on-demand OAM function used to measure frame delay (latency) and delay variation (jitter) between MEPs. There are two types of ETH-DM supported: one-way and two-way. page 35-12 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 917 This method does not require clock synchronization between the transmitting and receiving MEPs. • Two-way ETH-DM is an on-demand OAM performance measurement. To schedule continuous two- way delay measurement, see Chapter 36, “Configuring Service Assurance Agent,” for more informa- tion. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 35-13...
Page 918: Verifying The Ethernet Oam Configuration
Also, displays the statistics of all the MAs and matching MEPs for all the MDs. show ethoam config-error Displays the configuration error for a specified VLAN, port or linkagg. page 35-14 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 919: In This Chapter
In This Chapter This chapter describes the various types of SAAs that can be configured on an OmniSwitch. Configuration procedures described in this chapter include: •...
Page 920: Saa Specifications
Default Value/Comments Time interval between test iterations saa interval 150 minutes SAA description saa descr “DEFAULT” SAA jitter threshold saa jitter-threshold 0 (disabled) SAA round-trip-time threshold saa rtt-threshold 0 (disabled) page 36-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 921: Quick Steps For Configuring Saa
-> saa saa1 start -> saa saa2 start at 2009-10-13,09:00:00.0 Stop the SAA using the saa stop command. -> saa saa1 stop -> saa saa2 stop at 2009-10-13,10:00:00.0 OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 36-3...
Page 922: Service Assurance Agent Overview
XML file on the local switch. The name of the XML file and the logging time interval are config- urable SAA XML parameters. Configuring Service Assurance Agent This section describes how to use OmniSwitch Command Line Interface (CLI) commands to configure Service Assurance Agent (SAA) on a switch. Consider the following guidelines when configuring SAA functionality: •...
Page 923: Configuring An Saa Id
An Ethernet OAM loopback (ETH-LB) SAA and two-way frame delay measurement (ETH-DMM) SAA are supported to generate traffic in a continuous, reliable, and predictable manner to support these func- tions. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 36-5...
Page 924: Configuring Saa Spb Session Parameters
SPB advertises these BVLAN-BMAC pairs to the SAA feature, which in turn creates and starts MAC ping sessions based on the parameters configured with this command. page 36-6 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 925: Generating An Saa Xml History File
(for example, interval time, VLAN priority). See the saa saa spb command page in the OmniSwitch CLI Reference Guide for more information. To reset all SPB SAA session parameters back to their default values, use the saa spb reset command.
Page 926 <min>188</min> <avg>2123</avg> <max>6765</max> </rtt> <jitter> <min>0</min> <avg>1580</avg> <max>4283</max> </jitter> </index> <index id="2"> <lastRunTime>987731823</lastRunTime> <reason>Iteration successful</reason> <pktsSent>10</pktsSent> <pktsRcvd>10</pktsRcvd> <interPktDelay>1000</interPktDelay> <rtt> <min>183</min> <avg>7268</avg> <max>16151</max> </rtt> <jitter> <min>6</min> <avg>3500</avg> <max>15960</max> </jitter> </index> page 36-8 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 927: Verifying The Saa Configuration
Displays session parameters applies to SPB SAAs. show saa xml Displays configuration information for the SAA XML history file. show saa statistics Displays latest record, aggregated record or history. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 36-9...
Page 928 Verifying the SAA Configuration Configuring Service Assurance Agent page 36-10 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 929: Alcatel-Lucent License Agreement
This License Agreement does not convey to Licensee an interest in or to the Licensed Materials, but only a limited right to use revocable in accordance with the terms of this License Agreement. OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 930 Licensee’s computer or made non-readable. Alcatel-Lucent may terminate this License Agreement upon the breach by Licensee of any term hereof. Upon such termination by page A-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 931 License Agreement with full rights of enforcement. Please refer to the section entitled “Third Party Licenses and Notices” on page -4 for the third party license and notice terms. OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page A-3...
Page 932: Third Party Licenses And Notices
/flash/foss. Also, if needed, we provide all FOSS (Free and Open Source Software) source code used into this release at the following URL: https://service.esd.alcatel-lucent.com/portal/page/portal/EService/release page A-4 OmniSwitch AOS Release 7 Network Configuration Guide June 2013...
Page 933 6-28 dynamic link aggregation 8-4, 8-27, 9-5, 10-5 bridge max age command 6-29, 6-31 high availability VLANs bridge mode command 6-20 ICMP policies 25-77 bridge msti priority command 6-28 15-4 OmniSwitch AOS 7 Network Configuration Guide June 2013 Index-1...
Page 934 8-21 port monitoring 32-5, 32-7 port partner administrative system ID 8-23 25-34 port partner administrative system priority 8-24 19-2 port partner port administrative status 8-25 RMON 32-12 ports 8-10 RRSTP Index-2 OmniSwitch AOS 7 Network Configuration Guide June 2013...
Page 935 15-27 defaults ip helper address command 21-9 deleting egress ports ip helper boot-up command 21-12 deleting high availability VLANs ip helper forward delay command 21-10 displaying 5-16 OmniSwitch AOS 7 Network Configuration Guide June 2013 Index-3...
Page 936 8-21 ip slb probe url command 23-20 lacp agg partner admin system id command 8-23 ip slb probe username command 23-20 lacp agg partner admin system priority command 8-24 Index-4 OmniSwitch AOS 7 Network Configuration Guide June 2013...
Page 937 25-29 MAC address table 3-1, 3-3 Policy Based Routing 25-79 aging time precedence 25-49 duplicate MAC addresses redirect linkagg 25-76 learned MAC addresses redirect port 25-76 static MAC addresses rules 25-47 OmniSwitch AOS 7 Network Configuration Guide June 2013 Index-5...
Page 938 32-20 qos flush command 25-72 port mirroring command 32-21 compared to policy server flush command 26-7 port mirroring session qos forward log command 25-40 creating 32-19 QoS log deleting 32-22 Index-6 OmniSwitch AOS 7 Network Configuration Guide June 2013...
Page 939 23-12, 23-17 RIP interface configuration steps 23-11 creating 19-7 defaults 23-3 deleting 19-7 deleting clusters 23-14 enabling 19-7 deleting servers 23-14 metric 19-8 disabling 23-11 password 19-18 disabling clusters 23-17 OmniSwitch AOS 7 Network Configuration Guide June 2013 Index-7...
Page 940 Spanning Tree port parameters 6-33 show port monitoring file command 32-28 connection type 6-41 show port-security command 31-3 link aggregate ports 6-35, 6-36, 6-38, 6-40, 6-42 show port-security shutdown command 31-4 mode 6-40 Index-8 OmniSwitch AOS 7 Network Configuration Guide June 2013...
Page 941 User Datagram Protocol subnet mask 15-11 see UDP switch health users application examples 32-14 functional privileges 29-21 defaults 32-14 monitoring 32-41 specifications 32-13 Vendor Specific Attributes switch health statistics see VSAs resetting 32-47 OmniSwitch AOS 7 Network Configuration Guide June 2013 Index-9...
Page 942 22-19 Advertisement Interval 22-21 application examples 22-31 Preemption 22-22 Traps 22-23 Virtual Router 22-19 Virtual Router Priority 22-21 VSAs for LDAP servers 29-20 for RADIUS authentication 29-7 RADIUS accounting servers 29-11 Index-10 OmniSwitch AOS 7 Network Configuration Guide June 2013...

OmniSwitch os6900 Network Configuration Manual

About this Guide

Chapter 1 Configuring Ethernet Ports

Chapter 2 Configuring UDLD

Chapter 3 Managing Source Learning

Chapter 4 Configuring Vlans

Configuring Vlans

Chapter 32 Diagnosing Switch Problems

Chapter 5 Configuring High Availability Vlans

Chapter 6 Configuring Spanning Tree Parameters

Chapter 7 Configuring Static Link Aggregation

Configuring Static Link Aggregation

Chapter 8 Configuring Dynamic Link Aggregation

Configuring Dynamic Link Aggregation

Chapter 9 Configuring Virtual Chassis

Configuring Multi-Chassis Link Aggregation

Chapter 10 Configuring Multi-Chassis Link Aggregation

Chapter 11 Configuring ERP

Quick Links

Summary of Contents for OmniSwitch os6900