Supermicro SSE-F3548S User Manual

page of 366

/ 366
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

SSE-F3548S/SSE-F3548SR

Switch Configuration

Guide

User's

Revision 1.0

Supermicro SSE-F3548S/SSE-F3548SR Configuration User's Guide

Table of Contents

Need help?

Do you have a question about the SSE-F3548S and is the answer not in the manual?

Questions and answers

Summary of Contents for Supermicro SSE-F3548S

Page 1 SSE-F3548S/SSE-F3548SR Switch Configuration Guide User’s Revision 1.0 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 2 Please Note: For the most up-to-date version of this manual, please see our web site at www.supermicro.com. Super Micro Computer, Inc. (“Supermicro”) reserves the right to make changes to the product described in this manual at any time and without notice. This product, including software, if any, and documentation may not, in whole or in part, be copied, photocopied, reproduced, translated or reduced to any medium or machine without prior written consent.
Page 3: Document Revision History
Document Revision History Date Revision Description 07/03/2018 Initial document. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 4: Table Of Contents
Forward Error Correction (FEC) Mode ................37 Time Management ....................... 38 2.4.1 NTP Server ........................39 2.4.2 Enable/Disable NTP ......................40 2.4.3 NTP Authentication ......................40 2.4.4 NTP Broadcast ........................41 2.4.5 System Clock ........................42 2.4.6 Time Zone ........................43 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 5 Boot-up Options ....................... 68 2.7.9 Reset to Factory Defaults ....................69 Zero Touch Provisioning ....................69 2.8.1 ZTP Config Restore ......................69 2.8.2 ZTP Info ..........................73 2.8.3 ZTP Firmware Upgrade ..................... 73 2.8.4 Disable ZTP ........................76 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 6 3.17 Community Ports Configuration ................. 114 3.17.1 Configuration Example 1....................114 3.17.2 Configuration Example 2....................116 Link Aggregation .......................... 118 Link Aggregation Support ................... 119 Link Aggregation Numbers ..................119 Link Aggregation Defaults ................... 119 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 7 Root Switch Election Procedure .................. 160 Spanning Tree Support ....................161 Spanning TreeDefaults ....................161 Enabling/Disabling Spanning Tree ................162 6.4.1 Enable/Disable Spanning Tree Globally ................162 6.4.2 Enable/Disable Spanning Tree on Ports ................162 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 8 Static Router Ports ......................197 Leaving a Multicast Group ..................198 7.5.1 Group Query Interval ...................... 198 7.5.2 Group Query Retry Count ....................199 7.5.3 Immediate Leave ......................200 IGMP Snooping Querier ....................201 Report Forward ......................203 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 9 8.3.8 IP Standard ACL Configuration Example 1 ............... 236 8.3.9 IP Extended ACLs ......................237 8.3.10 Creating IP Extended ACLs for IP Traffic ................238 8.3.11 Creating IP Extended ACLs for TCP Traffic ............... 240 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 10 Interface Numbers ..................... 277 11.3 SNMP Configuration ....................277 11.3.1 Configuration Steps ......................278 11.4 SNMP Defaults ......................278 11.5 Enable/Disablethe SNMP Agent .................. 279 11.5.1 Switch Name ........................280 11.5.2 Switch Contact ....................... 281 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 11 Configuring Statistics ...................... 318 12.2.4 RMON Configuration Example ..................319 12.2.5 Configuring Port Rate Limit ..................... 324 12.2.6 Configuring HOL Blocking Prevention ................326 13 Security ............................328 13.1 Login Authentication Mode ..................328 13.2 RADIUS ........................329 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 12 13.5.2 Certificate Signing Request (CSR) ..................343 13.5.3 SSL Certificate......................... 345 14 LLDP ............................347 14.1.1 EnablingLLDP ........................348 14.1.2 Configuring LLDP Parameters ..................348 14.1.3 Configuring LLDP Timers ....................354 14.1.4 LLDPConfiguration ......................357 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 13: Introduction
25GbE servers. These 48 ports can also run in 10Gb or 1Gb mode to connect to existing low speed network devices. SSE-F3548S/R also offer six ports running at 100Gbps for access to high-speed backbone networks or storage servers. These 100Gbps ports can also operate at 40Gbps or each can be split in to four different ports to run at 25Gbps or 10Gbps.
Page 14: Cables
Ethernet, QSFP28, 100GbE, Passive, 2.5M Ethernet CBL-NTWK-0942-MQ28C30M Ethernet, QSFP28, 100GbE, Passive, 3M Ethernet CBL-NTWK-0943-SQ28C10M Ethernet, QSFP28, 100GbE, Passive, 1M QSFP28 transceiver module for short rage fiber QSFP28 Transceiver Module AOM-100GBE-SR4-FT cables (up to 100m), 100G, 850nm, MMF Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 15: Management Interface
1.3 Management Interface The Supermicro switch command line interface (CLI) is accessible through an RS232 console port, or viaTelnet and SSH connections. The CLI is designed to follow industry standard CLI commands. Standard features including context sensitive “help” and auto-completion-on-tab-key are supported.
Page 16: System Configuration
SMIS(config)# end 2.1.2 DHCP Supermicro switches can be configured to obtain the management IP address through DHCP protocol. In this case, the switch acts as a DHCP client and obtains an IP address for any DHCP server on the LAN.
Page 17: Default Ip Gateway
The “no ip gateway” command resets the switch IP gateway to its default value of 0.0.0.0. The example below shows the commands used to configure the IP gateway. SMIS# configure terminal SMIS(config)# ip gateway 10.1.1.1 SMIS(config)# end Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 18: Management Access
2.2 Management Access Supermicro switches enable access control of the switch by various mechanisms: • User name and password • Enable password • Authorized Managers Defaults – Management Access Parameter Default Value User Name/Password/Privilege ADMIN/ADMIN/15 Privilege (For configured users) Enable Password...
Page 19: Enable
Local Peer 2.2.2 Enable Supermicro switches provide support for configuring access to various CLI commands. This is achieved by Enable password and privilege levels. Fifteen privilege levels can be specified. Follow the steps below to enable a privilege level.
Page 20: Ip Authorized Manager
SMIS# configure terminal SMIS(config)# enable password level 10 pwd1 2.2.4 IP Authorized Manager Supermicro switches allow configuration of IP authorized managers. This feature enhances security on the switch by using IP addresses to authorize computers are allowed to: • Access the switch’s web browser interface •...
Page 21 Optional step – saves this configuration to be part of startup configuration. If IP Authorized Managers are configured in a Supermicro switch, access to the switch via telnet, ssh, etc. is possible only by those hosts allowed to access. Other hosts will not be permitted access.
Page 22: Interface Properties
Flow Control FEC Mode 2.3.1 Description Supermicro switches allow users to configure a description string to the interfaces. This description string will be useful to identify the interfaces easily. Follow the steps below to configure interface description string. Step Command...
Page 23 SMIS(config-if)# description Server_Cluster_0100 SMIS(config-if)# end SMIS # sh int description Interface Status Protocol Description --------- ------ -------- ----------- Fx0/1 down Fx0/2 down Fx0/3 down Fx0/4 down Fx0/5 down Fx0/6 down Fx0/7 down Fx0/8 down Fx0/9 down Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 24 Fx0/21 down Fx0/22 down Server_Cluster_0100 Fx0/23 down Fx0/24 down Fx0/25 down Fx0/26 down Fx0/27 down Fx0/28 down Fx0/29 down Fx0/30 down Fx0/31 down Fx0/32 down Fx0/33 down Fx0/34 down Fx0/35 down Fx0/36 down Fx0/37 down Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 25: Negotiation
Follow the steps below to configure Interface Negotiation. Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 Enters the interface configuration interface <interface-type><interface-id> mode. interface range <interface-type><interface-id> …. interface-type – may be any of the following: cx-ethernet Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 26 # sh int status Port Status Duplex Speed Negotiation ---- ------ ------ ----- ----------- Fx0/1 not connected Full 10 Gbps No-Negotiation Fx0/2 not connected Full 10 Gbps No-Negotiation Fx0/3 not connected Full 10 Gbps No-Negotiation Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 27 Fx0/27 not connected Full 10 Gbps No-Negotiation Fx0/28 not connected Full 10 Gbps No-Negotiation Fx0/29 not connected Full 10 Gbps No-Negotiation Fx0/30 not connected Full 10 Gbps No-Negotiation Fx0/31 not connected Full 10 Gbps No-Negotiation Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 28: Speed
25G FX ports can be configured to operate at 25G, 10G or 1G speeds. 100G CX ports can be configured to operate at 100G or 40G speeds. Follow the steps below to configure the Interface speed. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 29 The “no speed” command restores the default interface speed. The example below shows the commands used to configure the interface speed. SMIS# configure terminal SMIS(config)# interface Fx 0/44 SMIS(config-if)# speed 1000 SMIS(config-if)# end SMIS# show interface status Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 30 Fx0/22 not connected Full 25 Gbps No-Negotiation Fx0/23 not connected Full 25 Gbps No-Negotiation Fx0/24 not connected Full 25 Gbps No-Negotiation Fx0/25 not connected Full 25 Gbps No-Negotiation Fx0/26 not connected Full 25 Gbps No-Negotiation Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 31 Cx0/2 not connected Full 100 Gbps No-Negotiation Cx0/3 not connected Full 100 Gbps No-Negotiation Cx0/4 not connected Full 100 Gbps No-Negotiation Cx0/5 not connected Full 100 Gbps No-Negotiation Cx0/6 not connected Full 100 Gbps No-Negotiation Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 32: Duplex Operation
2.3.4 Duplex Operation The Supermicro F3548 switch doesn’t support half-duplex operation on its physical interfaces. 2.3.5 MTU The default maximum transmission unit (MTU) size for frames received and transmitted is 1500 bytes. The MTU size can be increased for an interface.
Page 33 Octets: 0 Unicast Packets: 0 Unicast Packets Rate: 0/Sec Broadcast Packets: 0 Broadcast Packets Rate: 0/Sec Multicast Packets: 0 Multicast Packets Rate: 0/Sec Overall Packets Rate: 0/Sec Pause Frames: 0 Undersize Frames: 0 Oversize Frames: 0 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 34: Flow Control
Follow the steps below to configure Flow Control. Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 Enters the interface configuration interface <interface-type><interface-id> mode. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 35 The example below shows the commands used to configure Flow Control. SMIS# configure terminal SMIS(config)# interface fx 0/22 SMIS(config-if)# flowcontrol send on SMIS(config-if)# end SMIS# show flow-control interface fx 0/22 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 36: Storm Control
Step 3 storm-control { broadcast |multicast | dlf } level Configure Storm control for broadcast <kbps (1-10000000)> or multicast or DLF packets. Level – Threshold level in kbps, in range 1-10000000. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 37: Forward Error Correction (Fec) Mode
: Disabled 2.3.8 Forward Error Correction (FEC) Mode Supermicro switches allow users to enable FEC mode on the interfaces. FEC mode is useful in a noisy link where errors in transmission require retransmissions. Follow the steps below to enable FEC mode on the interface.
Page 38: Time Management
SMIS SMIS# sh int Fx 0/22 2.4 Time Management The system time and date on Supermicro switches can be managed by Network Time Protocol (NTP) or configured manually. NTP provides synchronization of network resources by a synchronized network timestamp. Supermicro switches can function as an NTP client over UDP and receive the time from an NTP server in the network.
Page 39: Ntp Server
2.4.1 NTP Server Supermicro switches can synchronize their time with that of an NTP server. Follow the below steps to configure NTP server parameters. Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 ntp server <ip_address> [key (1-65535)] [prefer] Configure the NTP server.
Page 40: Enable/Disable Ntp
Optional step – saves this configuration to be part of startup configuration. The “ntp disable” command disables NTP in the switch. NTP can be enabled in Supermicro switches only after configuring at least one NTP server. The example below shows the commands used to configure NTP.
Page 41: Ntp Broadcast
Time zone offset not set 2.4.4 NTP Broadcast NTP server messages can be broadcast or unicast. By default, Supermicro switches receive unicast NTP messages. Follow the below steps to configure Supermicro switches to receive NTP broadcast messages from the NTP server. Step Command Description...
Page 42: System Clock
Time zone offset not set 2.4.5 System Clock The system clock in Supermicro switches run from the time the moment the switch starts up and keeps track of system date and time. The system clock can also be manually configured. The system time configured manually remains accurate until next restart.
Page 43: Time Zone
The example below shows the commands used to configure the time zone offset. SMIS# configure terminal SMIS(config)# tz posix PST8 SMIS(config)# end SMIS# show system information Switch Name: SMIS Switch Base MAC Address: 00:30:48:e3:70:bc SNMP EngineID: 80.00.08.1c.04.46.53 System Contact: http://www.supermicro.com/support Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 44: System Management
[NTP] ntp is disabled Server Key Prefer =============== ===== ====== Key # Key ======= ==================================== Time zone offset value: PST8 2.5 System Management Supermicro switches can be administered by configuring various operations. • Switch Name • Switch Location • Switch Contact •...
Page 45: Switch Name
2.5.1 Switch Name Supermicro switches can be assigned a name for identification purpose. The default switch name is SMIS. The switch name is also used as a prompt. Follow the steps below to configure the Switch Name. Step Command Description...
Page 46: Switch Contact
Key # Key ======= ==================================== Time zone offset not set 2.5.2 Switch Contact Supermicro switches provide an option to configure the switch in charge of contact details, usually an email ID. Follow the steps below to configure the switch contact. Step Command...
Page 47: System Location
=============== ===== ====== Key # Key ======= ==================================== Time zone offset not set 2.5.3 System Location Supermicro switches provide option to configure the switch location details. Follow the steps below to configure the system location. Step Command Description Step 1...
Page 48: System Mtu
The “no system mtu” command resets the system MTU to its default value of 1500 bytes. The example below shows the commands used to configure the system MTU. SMIS# configure terminal SMIS(config)# system mtu 9200 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 49 Fx0/16 MTU size is 9200 Fx0/17 MTU size is 9200 Fx0/18 MTU size is 9200 Fx0/19 MTU size is 9200 Fx0/20 MTU size is 9200 Fx0/21 MTU size is 9200 Fx0/22 MTU size is 9200 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 50 Fx0/41 MTU size is 9200 Fx0/42 MTU size is 9200 Fx0/43 MTU size is 9200 Fx0/44 MTU size is 9200 Fx0/45 MTU size is 9200 Fx0/46 MTU size is 9200 Fx0/47 MTU size is 9200 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 51: Static Mac
Static MAC addresses can be unicast or multicast. Forwarding Behavior for Static MAC: • Supermicro switches provide flexibility to configure forwarding behavior for static MAC addresses, i.e. how a port that receives a packet forwards it to another port for transmission. •...
Page 52 SMIS(config)# mac-address-table static unicast 90:4e:e5:0c:03:75 vlan 1 interface fx 0/14 status permanent SMIS(config)# end SMIS# show mac-address-table static unicast Vlan Mac Address Status Ports ---- ----------- ------ ----- 90:4e:e5:0c:03:75 Permanent Fx0/14 Total Mac Addresses displayed: 1 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 53: Mac Aging
90:4c:e5:0b:04:77 Learnt Fx0/21 94:d7:23:94:88:d8 Learnt Fx0/21 Total Mac Addresses displayed: 2 2.6 System Logging (Syslog) Supermicro switches send system message output to a klogging process called System Message Logging (Syslog). Logging can be done at various locations: • Console •...
Page 54: Enable/Disable Syslog
Trap Logging Critical MAC Address table update Logging Disabled Facility Local0 2.6.1 Enable/Disable Syslog Syslog is enabled by default in Supermicro switches. Follow the steps below to disableSyslog. Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 logging disable Disable Syslog.
Page 55: Syslog Server
Facility: Default (local0) Buffered size: 50 Entries LogBuffer: (0 Entries) LogFile(0 Entries) 2.6.2 Syslog Server In Supermicro switches, Syslog messages can be re-directed to a Syslog server. Follow the steps below to configure the Syslog server. Step Command Description Step 1...
Page 56: Console Log
Trap logging: Critical Log server IP: None Facility: Default (local0) Buffered size: 50 Entries LogBuffer: (0 Entries) LogFile: (0 Entries) 2.6.4 Log File System logging messages can be stored as a log file in the switch NVRAM. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 57 Console logging: disabled(Number of messages 0) File logging: enabled(Number of messages 2) Log File Name: log1 File Max Entries: 500 TimeStamp option: enabled Trap logging: Critical Log server IP: None Facility: Default (local0) Buffered size: 50 Entries Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 58: Logging Buffer
2.6.5 Logging Buffer The log messages are stored in a circular internal buffer in which older messages are overwritten once the buffer is full. The Syslog buffer size is configurable in Supermicro switches. Follow the steps below to configure the Syslog buffer.
Page 59: Facility
Displays the Syslog configuration. Step 5 write startup-config Optional step – saves this configuration to be part of startup configuration. The “nologging facility” command resets the logging facility to its default value of Local0. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 60: Traps
Buffered size: 50 Entries LogBuffer: (0 Entries) LogFile: (0 Entries) 2.6.7 Traps Supermicro switches provide an option for specifying the type of traps that are to be logged. Follow the steps below to configure logging traps. Step Command Description Step 1...
Page 61 TimeStamp option: enabled Trap logging: Notification Log server IP: None Facility: Default (local0) Buffered size: 200 Entries LogBuffer: (11 Entries) <135> Apr 29 10:11:05 2013:DHC-7:Exitting DHCPC Task Ini <135> Apr 29 10:11:05 2013:DHC-7:Entered in DhcpCIntSelectTaskMain fn Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 62: Clear Log Buffer
File logging: disabled(Number of messages 0) Log File Name: File Max Entries: 500 TimeStamp option: enabled Trap logging: Critical Log server IP: None Facility: Default (local0) Buffered size: 50 Entries LogBuffer: (0 Entries) LogFile: (0 Entries) Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 63: Clear Log File
The default startup configuration file name is iss.conf. This startup configuration file is stored in the flash memory. Follow the steps below to write existing switch configuration as startup-config. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 64: Save Running Configuration To File
The example below shows the commands used to write an existing switch configuration to a file. SMIS# write flash: r1sw1.conf Building configuration, please wait. May take a few minutes ... [OK] SMIS# writetftp://192.168.1.100/r1sw1.conf Building configuration, please wait. May take a few minutes ... Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 65: Configuring Startup Config File Name
2.7.3 Configuring Startup Config File Name Supermicro switches provide an option to select a file stored in flash memory as the startup configuration file that gets loaded when the switch is powered on or restarted. Follow the steps below to configure the startup configuration.
Page 66: Copy Startup-Config
1 exit 2.7.4 Copy Startup-config Supermicro switches support copying the switch startup configuration to a file in flash or remote location. Follow the steps below to copy startup-config to a file in a remote location or flash. Step Command...
Page 67: Deleting A Saved Configuration
SMIS# 2.7.7 Firmware Upgrade Supermicro switches support dual firmware images. The default firmware image is referred as “normal” and the backup firmware image is referred as the “fallback” image. The “firmware upgrade” command updates both the normal and fallback images.
Page 68: Boot-Up Options
“set boot-up {normal | fallback}”. 2.7.8 Boot-up Options Supermicro switches support dual firmware images (“normal” and “fallback”). The switch boots up from the normal firmware image by default. Users can configure the switch to boot from the fallback firmware image.
Page 69: Reset To Factory Defaults
Key # Key ======= ==================================== Time zone offset not set 2.7.9 Reset to Factory Defaults Supermicro switches can be reset to the factory defaults using a CLI command. Follow the steps below to reset to the factory defaults. Step Command Description...
Page 70 These options can be added to dhcpd.conf as shown in the example below. The lines in bold are newly required, other lines are shown for clarity. # Need to add the lines below to define option 43.1 for Supermicro switches. option space smc-op;...
Page 71 2.8.1.2 Switch Configuration Restore A ZTP configuration restore feature is enabled in Supermicro switches by default. The default management IP address configuration is DHCP mode. Hence, when switches boot up with DHCP, it gets the configuration file and applies the configuration.
Page 72 Switch Boots Static IP DHCP IP Is Static or DHCP IP Restore Local Config. If no local config, factory defaults options Failed Download Config File? Success ZTP config restore failed. Restore ZTP config file. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 73: Ztp Info
This information can be seen in the web interface on the “system settings” page in the “system management” group. 2.8.3 ZTP Firmware Upgrade This section explains details on using ZTP to automatically upgrade firmware on Supermicro switches. 2.8.3.1 DHCP Server Configuration Switches expect the following information from the DHCP server to upgrade the firmware supplied along with DHCP IP.
Page 74: Switch Firmware Upgrade
SSE-F3548-fw-1.0.1.4.installer 2.8.3.2 Switch Firmware Upgrade The ZTP firmware upgrade feature is enabled in Supermicro switches by default. The default management IP address configuration is DHCP mode. Hence, when switches boot up with DHCP, it gets the firmware image file and checks whether an upgrade is needed or not.
Page 75 Switch Boots Static IP DHCP IP Is Static or DHCP IP? No firmware upgrade DHCP? Got ZTP options? Failed Download Firmware File? Success Is ZTP firmware different than current running firmware? Upgrade Firmware & Reload Switch Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 76: Disable Ztp
The example below shows a DHCP server subclass "vendor-class" "F3548" { configuration that uses vendor class option smc-op.config-file-name "iss-11.conf"; information to send ZTP options for Supermicro switch SSE-F3548S/R. option smc-op.fw-img-file-name " SSE-F3548-fw- "; 1.0.1.4.installer option tftp-server-name "172.31.33.5"; Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 77: Tracking Uplink Failures
2.9 Tracking Uplink Failures The Uplink Failure Tracking Feature (ULFT) is useful for Supermicro switches. This helps servers move to redundant Ethernet ports in case any switch uplink fails. The user can configure one or more groups for ULFT. Each group can have one or more uplinks and one or more downstream ports.
Page 78: Vlan
VLAN. To reach devices in another VLAN, the packets have to be routed from one VLAN to another. Supermicro L2/L3 switches support such Inter VLAN routing to route packets across different VLANs. Inter VLAN routing is done by creating “Layer 3 Interface VLANs”.
Page 79 VLAN based on the forwarding logic. If there are no other member ports for this VLAN, the packet will most likely be dropped unless it was routed or sent to the CPU or redirected by an ACL rule. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 80 VLAN ID VLAN tag Use Protocol VLAN ID Found Proto VLAN ? Access VLAN ID Is Access Port? Use Trunk Native VLAN ID Is Trunk Port? Use PVID as VLAN ID Is Hybrid Port? Found VLAN Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 81: Vlan Numbers
3.4 VLAN Defaults Supermicro switches boot up with VLAN 1, which is a default Layer 2 VLAN. The switchable ports of all switches are added to this default VLAN 1 as hybrid ports. This default setup helps switch forwarding traffic across all the ports without the need of any user configuration.
Page 82: Creating Vlans
Supermicro switches do not create VLANs by default except for VLAN 1. Users need to create all the VLANs used on their network in Supermicro switches. Trunk ports will be able to carry only VLANs created in Supermicro switches. 3.5 Creating VLANs Follow the steps below to create VLANs in Supermicro switches.
Page 83: Vlan Name
SMIS(config-vlan)# exit 3.7 VLAN Name VLANs can be associated with a label name string for easier configuration and identification. Follow the steps below to add or modify a name string to any VLAN in Supermicro switches. Step Command Description Step 1 configure terminal Enters the configuration mode.
Page 84 Associate name main_user_vlan to VLAN 50. SMIS# configure terminal SMIS(config)# vlan 50 SMIS(config-vlan)# name main_user_vlan SMIS(config-vlan)# exit Follow the steps below to remove a name string from any VLAN in a Supermicro switch. Step Command Description Step 1 configure terminal Enters the configuration mode.
Page 85: Port Based Vlans
The traffic sent on the ports is decided by the VLAN membership and mode of the ports. Usually ports are associated with VLANs as either “access” port members or “trunk” port members. Supermicro switches support an additional port mode called “hybrid”.
Page 86 <iftype> <ifnum> Displays the configured mode and accesses the VLAN for this interface. Step 6 write startup-config Optional step – saves this VLAN configuration to be part of startup configuration. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 87: Trunk Ports
VLANs 1 to 1024 need to be created in the switch using the “vlan” command. A switch adds the VLAN tag header to all packets sent out on the trunk port except for native VLAN traffic. Supermicro switches support only IEEE 802.1Q encapsulation for VLAN tag headers. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 88 Optional step – saves this VLAN configuration to be part of startup configuration. The “no switchport mode” command will change the port mode to the default hybrid mode. For more details about hybrid mode, refer to the Hybrid Ports section. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 89 E.g.: int range fx 0/1-10, fx 0/20 switchport mode trunk Step 3 Sets the port mode as trunk port. Step 4 Use any one of the below steps 4a to 4f based on The vlan-list parameter used in the Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 90 “vlan” command. The examples below show examples of configurations to allow VLANs on trunk ports. Configure to allow only VLANs 2 to 20 on trunk interface fx 0/1. SMIS# configure terminal SMIS(config)# vlan 2-20 SMIS(config-vlan)# exit Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 91 Switch A Switch B VLAN 20 & 30 0/1VLAN 20 & 0/40VLAN VLAN 20 & 30 VLAN 40 Users can configure a native VLAN for trunk interfaces by following the steps below. Step Command Description Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 92 <iftype> <ifnum> Displays the configured native VLAN for this trunk interface. show running-config Step 6 write startup-config Optional step – saves this VLAN configuration to be part of startup configuration. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 93: Hybrid Ports
Hybrid ports carry the traffic of one or more VLANs. Any switch port can be configured as a hybrid port. In Supermicro switches, all switch ports by default come up in hybrid mode. Users need to explicitly add the hybrid ports to all the required VLANs as either tagged or untagged interfaces.
Page 94 VLAN. If ports-list is not provided to the no command, all the tagged ports are removed from this VLAN. Step 3b ports <ports-list> untagged Adds the untagged ports list to this Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 95 To configure multiple interfaces, use the “interface range …” command. To provide a range, use a hypen (-) between the start and end interface numbers. E.g.: int range fx 0/1-10 To provide multiple interfaces or Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 96 Configure a VLAN 10 with ports fx 0/1 to fx 0/10 as untagged ports and add port cx 0/1 as a tagged port to this VLAN. SMIS# configure terminal SMIS(config)# vlan 10 SMIS(config-vlan)# ports fx 0/1-10 untagged SMIS(config-vlan)# ports cx 0/1 tagged SMIS(config-vlan)# exit SMIS(config)# interface range fx 0/1-10 SMIS(config-if)# switchport mode hybrid Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 97: Mac Based Vlans
VLAN. If MAC VLAN mapping is not found for the received source MAC address, a protocol based VLAN or port based VLAN is used. Supermicro switches support 1024 MAC based VLANs. Figure VLAN-6: MAC Based VLANs Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 98 This VLAN will be applied to all incoming untagged packets from this unicast MAC address. vlan-id - VLAN identifiers may be any VLAN number from 1 to 4069. The VLAN must have already been created in this switch. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 99 Create a VLAN 10 and configure MAC address 00:30:40:10:10:10 to VLAN 10 for the ports fx 0/1 to 10 SMIS# configure terminal SMIS(config)# vlan 10 SMIS(config-vlan)# ports fx 0/1-10 untagged SMIS(config-vlan)# exit SMIS(config)# mac-vlan 00:30:40:10:10:10 vlan 10 Remove MAC VLAN for MAC address 00:30:40:20:20:20. SMIS# configure terminal SMIS(config)# no mac-vlan 00:30:40:20:20:20 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 100: Protocol Based Vlans
The protocol or ethertype field in the Layer 2 header is used to classify the packets to different VLANs. Protocol VLAN features are enabled by default in Supermicro switches. The protocol based VLAN features configuration is a three-step process, as shown in the diagram below.
Page 101 If the VLAN does not exist, create it first. Step 9 Exit Exits the interface configuration mode. Step 10 show vlan protocols-group Displays the configured protocol based VLANs. show protocol-vlan Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 102 Step 6 no vlan <vlan-list> Removes the VLANs created for protocol based VLANs. If the VLAN is shared with a MAC or vlan <vlan-list> port based VLAN, then remove only the Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 103 SMIS# configure terminal SMIS(config)# int range fx 0/1-10 SMIS(config-if)# no switchport map protocols-group 1 SMIS(config-if)# no switchport map protocols-group 2 SMIS(config-if)# exit SMIS(config)# no map protocol arp enet-v2 SMIS(config)#no map protocol ip enet-v2 SMIS(config)# no vlan 20 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 104: Acceptable Frame Types
3.11 Acceptable Frame Types By default, Supermicro switch ports accept all frames types – tagged, untagged and priority tagged. Priority tagged packets have a VLAN tag header with a VLAN identifier of 0. For access ports, the default acceptable frame type is untagged and priority tagged only.
Page 105: Ingress Filter
3.12 Ingress Filter By default, Supermicro switch has the ingress filter enabled. The ingress filter drops packets that do not match the configured VLAN membership. For example, if the switch has two VLANs configured as 10 and 20, the ports configured with only VLAN 10 can accept packets with the VLAN header having VLAN identifier 20.
Page 106 The “no swithcport ingress-filter” command disables the ingress filter. The examples below show how to enable ingress filter on switch ports. Disable ingress filter for ports fx 0/1 to fx 0/10. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 107: Vlan Configuration Example
20 & 30 Trunk Links VLAN 10, 20 & 30 SMIS# configure terminal # Create all the VLANs first SMIS(config)# vlan 10,20,30 SMIS(config-vlan)# exit # Configure VLANs for ports fx 0/1-10 SMIS(config)# interface range fx 0/1-10 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 108 Firmware OS Boot Loader SSE-F3548 1.0.0.0 0.0.0.0 ip address 172.31.30.120 interface port-channel 1 exit # Vlans and hybrid mode member ports configurations vlan 1 ports fx 0/11-14 untagged ports fx 0/17-19 untagged ports fx 0/41-48 untagged Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 109 Fx 0/7 switchport mode trunk switchport trunk native vlan 10 interface Fx 0/8 switchport mode trunk switchport trunk native vlan 10 interface Fx 0/9 switchport mode trunk switchport trunk native vlan 10 interface Fx 0/10 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 110 10 interface Fx 0/25 switchport mode access switchport access vlan 10 interface Fx 0/26 switchport mode access switchport access vlan 10 interface Fx 0/27 switchport mode access switchport access vlan 10 interface Fx 0/28 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 111 10 interface Fx 0/36 switchport mode access switchport access vlan 10 interface Fx 0/37 switchport mode access switchport access vlan 10 interface Fx 0/38 switchport mode access switchport access vlan 10 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 112 Hybrid Forbidden Ports: None Access Ports: fx 0/20-40 Trunk Ports: fx 0/1-10 po 1 Name: Status: Permanent ---------------------------------------------------- Vlan ID: 20 Member Ports: fx 0/1-10 po 1 Hybrid Tagged Ports: None Hybrid Untagged Ports: None Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 113: Private Edge Vlan/Protected Ports
Protected ports are also called isolated ports. 3.14.3 Community Port Community ports can send and receive traffic with unprotected ports and other ports in the same community. Port Mode Communicates with Unprotected Ports Unprotected Ports Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 114: Unprotected Ports Configuration
Configure all the 48 downlink Fx ports as isolated (or protected) ports. These 48 ports should not be able to communicate with each other. All these 48 ports should communicate only with the uplink ports cx 0/1 and cx 0/2. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 115 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 116: Configuration Example 2
The required configuration for this example is given below. The uplink ports can be left with the default configuration as unprotected ports. The downlink ports 1 to 24 can be configured as one community (group) and ports 25 to 48 can be configured as another community (group). Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 117 SMIS# configure term SMIS(config)# interface range fx 0/1-24 SMIS(config-if)# switchport protected group 1 SMIS(config-if)# exit SMIS(config)# interface range fx 0/25-48 SMIS(config-if)# switchport protected group 2 SMIS(config-if)# exit Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 118: Link Aggregation
Fx 0/1 Cx 0/4 Fx 0/2 Switch B Port channel 1 between switches Port channel 2 between server and switch The “port channel”, “channel group” and “ether channels” are used synonymously to refer to aggregate links Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 119: Link Aggregation Support
Supermicro switches support both static and dynamic link aggregations. Dynamic link aggregation support is based on the Link Aggregation Control Protocol (LACP). Supermicro switches support only Layer 2 level link aggregation. Hence, only switching ports can be aggregated. Supermicro switches do not support the Multiple Chassis Link Aggregation (MLAG) feature 4.2 Link Aggregation Numbers...
Page 120: Dynamic Link Aggregation - Lacp
4.5 Dynamic Link Aggregation - LACP Supermicro switches support dynamic link aggregation through IEEE 802.3ad Link Aggregation Control Protocol (LACP). Users can add one or more ports to an LACP mode port channel. When more than eight member ports are configured, only the first eight member ports reaching the “bundle” state will be used for data traffic.
Page 121: Link Aggregation Port Channel
Port channel creation involves two steps: the first is to create the port channel interfaces and the second is to add member ports to the port channel interfaces. 4.6.1.1 Creating Port Channel Interfaces Follow the steps below to create port channel interfaces in Supermicro switches. Step Command...
Page 122 Configures the MTU for the port channel interfaces. framesize may be any number from Port channel MTU will be used on its all member ports. Step 5 VLAN Configurations Optional step – configures the VLAN Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 123 Users can add up to eight member ports to static port channels. For LACP port channels, users can add more than eight ports, but only the first eight member ports reaching a bundle state will be part of the port channel for data transfer. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 124 <interface-type><interface-id> Step 3 channel-group <channel-group-number> mode Configures the interfaces as member {active | passive | on} ports for the given port channel. channel-group-number – The port channel to which these member ports are added. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 125 The examples below show various ways to create port channels. Create an LACP port channel with member ports cx 0/1 and cx 0/2. SMIS# configure terminal SMIS(config)# interface port-channel 10 SMIS(config-if)# exit SMIS(config)# int range cx 0/1-2 SMIS(config-if)# channel-group 10 mode active Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 126: Modifying Port Channels
The example below shows the steps necessary to add a new member port to an existing port channel interface. Add port fx 0/3 to static port channel interface 10. SMIS# configure terminal SMIS(config)# int fx 0/3 SMIS(config-if)# channel-group 10 mode on Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 127 E.g.: int range fx 0/1-10 To provide multiple interfaces or ranges, separate with a comma (,). E.g.: int range fx 0/1-10, fx 0/20 Step 3 no channel-group Removes the member ports from the port channel. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 128 “no channel-group” command. After removing the port from the port channel interface, the channel-group command can be configuredwith the required port mode. S Step Commands Description Step 1 configure terminal Enters the configuration mode Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 129 For static link aggregation, use the mode on. channel-group-number – The port channel to which these member ports are added. Step 5 Exits the interface configuration mode. show interface port-channel <channel-group- Step 6 Displays the configured port channel Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 130: Removing Port Channels
<channel-group- Removes the port channel interface. number> channel-group-number – may be any number from 1 to 65535. no interface range port-channel <channel-group- number> …. To remove multiple port channel interfaces, use the “no interface range Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 131: Lacp Parameters
SMIS# configure terminal SMIS(config)# no int port-channel 10 SMIS(config)# interface range cx 0/1-2 SMIS(config-if)# switchport mode access SMIS(config-if)# switchport access vlan 10 SMIS(config-if)# exit 4.6.4 LACP Parameters Users can configure the following LACP parameters on Supermicro switches. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 132 Step 3 Exit Exits the configuration mode. Step 4 show running-config Displays the configured LACP system priority value. Step 5 write startup-config Optional step – saves this LACP configuration to be part of startup configuration. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 133 – may be any of the …. following: fx-ethernet – fx cx-ethernet – cx interface-id is in slot/port format for all physical interfaces. To configure multiple interfaces, use the “interface range …” command. To Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 134 The “no lacp port-priority” command resets the LACP port priority to the default value of 128. The example below shows the steps necessary to configure the port priority. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 135 Description Step 1 configure terminal Enters the configuration mode. Step 2 interface <interface-type><interface-id> Enters the interface mode. interface range <interface-type><interface-id> interface-type – may be any of the …. following: fx-ethernet – fx cx-ethernet – cx Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 136 30 seconds. short – LACP messages are expected to be received once every second. Step 4 End Exits the configuration mode. Step 5 show running-config Displays the configured port priority information. show etherchannel Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 137 Follow the steps below to modify the LACP wait time Step Command Description Step 1 configure terminal Enters the configuration mode. Step 2 interface <interface-type><interface-id> Enters the interface mode. interface range <interface-type><interface-id> interface-type – may be any of the Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 138: Load Balancing
Supermicro switches support load balancing on aggregated links. Switches distribute outgoing traffic on all member ports that are in a bundle state. The distribution decision to transmit a packet on any particular member port is decided by a hash algorithm. Supermicro switches support the following hash algorithms:Source MAC Base •...
Page 139 {src-mac | dest-mac | src-dest-mac| src-ip | dest-ip | src-dest-ip} [ identifier to which this load balancing <channel-group> ] algorithm is configured. channel-group number is an optional parameter for this configuration. When channel-group is not provided, the Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 140 SMIS# configure terminal SMIS(config)# port-channel load-balance src-dest-ip SMIS(config-if)# exit The link aggregation feature is enabled by default in Supermicro switches. Users can disable link aggregation if needed. Follow the steps below to disable the link aggregation feature. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 141: Link Aggregation Configuration Example
1. Aggregate ports Cx 0/3 and Cx 0/4 with LACP mode. Also configure this aggregation as a trunk interface with native VLAN 20. 2. Aggregate ports Cx 0/1 and Cx 0/2 with LACP mode. Configure this aggregation as an access port on VLAN 10. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 142 # Add member ports to the port channel 2 interface SMIS(config)# int range fx 0/20-21 SMIS(config-if)# channel-group 2 mode on SMIS(config-if)# exit # Create the port channel 3 interface SMIS(config)# int port-channel 3 SMIS(config-if)# exit Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 143 Cx 0/1 channel-group 3 mode active interface Cx 0/2 channel-group 3 mode active interface Cx 0/3 channel-group 1 mode active interface Cx 0/4 channel-group 1 mode active interface po 1 switchport trunk native vlan 20 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 144 LACP Activity: Active LACP Timeout: Long Aggregation State: Aggregation, Defaulted LACP Port Admin Oper Port Port Port State Priority Key Key Number State --------------------------------------------------------------------- Cx0/3 Down 128 0x33 0x45 Cx0/4 Down 128 0x34 0x45 Port-channel: Po1 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 145 0x15 0x44 Port-channel: Po2 ------------------ Number of Ports = 2 HotStandBy port = null Port state = Port-channel Ag-Not-Inuse Protocol = Manual Default Port = None Channel Group Listing --------------------- Group: 3 ---------- Protocol: LACP Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 146 Port state = Port-channel Ag-Not-Inuse Protocol = LACP Default Port = None SMIS# # Save this port channel configuration. SMIS# write startup-config Building configuration, please wait. May take a few minutes . . . [OK] SMIS# Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 147: Mlag
The device connected to both the peer switches using a LACP aggregation link is referred as partner device. For example, in the topology diagrams shown in “Topologies” section, the switch “Switch C” and “Servers” are partner devices for MLAG switches. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 148 5.1.1.5 Single Homed Device A single homed device is a device connected to only one peer switch. This connection could be a regular single physical link connection or a connection through a port channel interface. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 149: Topologies
The server is connected to both MLAG peer switches either through regular bonding or by a teaming LACP interface on the server side. On the switch side, the ports connected to the server are configured with the same MLAG enabled port channel number. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 150: Topology 2 - Switch To Switch Mlag Topology
Switch C is connected to both MLAG peer switches through a regular LACP port channel interface. On the Switch A and Switch B sides, the ports connected to Switch C are configured with the same MLAG enabled port channel number. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 151: Topology 3 - Single Uplink Switch Topology
MLAG port channel number. The reason for LAG in the uplink switch is to make sure the uplink switch does not send the same packet (broadcast or multicast) to both MLAG peer switches. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 152: Topology 4 - Redundant Uplink Switch Topology
2 are configured with the same MLAG port channel number. The reason for MLAG in the uplink switches is to make sure the uplink switch does not send the same packet (broadcast or multicast) to both the MLAG peer switches. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 153: Default Configuration
<aa:aa:aa:aa:aa:aa> Configure the system ID <aa:aa:aa:aa:aa:aa> Specify unicast MAC address to be used as the MLAG system ID Step 3 Exits the configuration mode. Step 4 show mlag detail Displays the MLAG configuration details Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 154: Mlag System Priority
Displays the MLAG configuration details The “no mlag system-priority” command deletes the MLAG system priority. When the MLAG system priority is deleted, both the IPL and the MLAG port channel connected to partner devices will go DOWN. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 155: Keep Alive Time
30 swA#end swA# show mlag detail System Identifier: 00:01:02:03:04:05 System Priority: 32768 Keep Alive Time: 30 IPL Interface: po1 Peer System Identifier: 00:01:02:03:04:05 IPL Link Status: Up Peer Connection State: ESTABLISHED MLAG Role: PRIMARY Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 156: Ipl Interface
MLAG Role: PRIMARY 5.4.5 MLAG Port Channels As the link connecting MLAG peers to MLAG partner switches, the MLAG port channel interfaces should be created on both peer switches with the same port channel number. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 157: Other Configurations
Hence, users need to make sure MLAG peer switches are configured correctly. The following configurations have to be similar across MLAG peer switches for correct functionality. Requirements Comments VLAN configurations for MLAG interfaces Spanning tree configurations for MLAG interfaces ACL configurations related to MLAG interfaces Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 158 QoS configurations related to MLAG interfaces MAC aging time Static MAC entries MTU on MLAG and IPL interfaces Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 159: Spanning Tree
BPDU exchange between switches takes a few seconds in large LANs. To avoid any temporary loops while forming spanning tree topology, the switch ports are moved through different states to reach the forwarding state. Switch ports stay in one of the following spanning tree states: Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 160: Root Switch Election Procedure
ID.The bridge ID has two components: the priority and the MAC address of the switch. The spanning tree priority occupies the most significant two bytes of the bridge ID. The default spanning tree priority is 32768. STP Priority - 2 bytes Switch MAC – 6 bytes (Default 32768) Bridge ID Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 161: Spanning Tree Support
If the priorities of all switches are same, the switch MAC addresses decide the lowest bridge ID and hence the switch with the lowest MAC address will be elected as the root switch. 6.2 Spanning Tree Support Supermicro switches support STP, RSTP and MSTP protocols based on standards IEEE 802.1D 2004 and 802.1s. 6.3 Spanning TreeDefaults...
Page 162: Enabling/Disabling Spanning Tree
SMIS# configure terminal SMIS(config)# spanning-tree SMIS(config)# end 6.4.2 Enable/Disable Spanning Tree on Ports Spanning tree is enabled by default on all the ports and port channels in Supermicro switches. Follow the steps below to disable spanning tree on ports. Step Command Description...
Page 163 <interface- type><interface-id> Step 6 write startup-config Optional step – saves this spanning tree configuration to be part of startup configuration. The “no spanning-tree disable” command enables spanning tree on ports. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 164: Configuring Mst
SMIS(config-if)# nospanning-tree disable SMIS(config)# end 6.5 Configuring MST Spanning tree is enabled by default in MST mode in Supermicro switches. In case the switch was configured earlier in RST mode, follow the steps below to change to MST mode. Step Command...
Page 165 Optional step – saves this spanning tree configuration to be part of startup configuration. The “no name” command removes the configured MST region name. The “no revision” command resets the configured MST region revision number to its default value of 0. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 166: Configuring Rstp
SMIS# configure terminal SMIS(config)# spanning-tree mst configuration SMIS(config-mst)# noinstance 10 SMIS(config-mst)# end 6.7 Configuring RSTP Spanning tree is enabled by default in MST mode in Supermicro switches. Follow the steps below to change to RSTP. Step Command Description Step 1...
Page 167: Spanning Tree Compatibility
Displays the spanning tree mode information. Step 5 write startup-config Optional step – saves this spanning tree configuration to be part of startup configuration. The “no spanning-tree compatibility” command resets the spanning tree compatibility mode to the default value. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 168: Configuring The Root Switch (Or) Priority
– The MST instance identifier may be from 1 to 16. Step 3 Exits the configuration mode. Step 4 show spanning-tree bridge priority Displays the spanning tree configuration parameters including the show spanning-tree switch priority values. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 169: Port Priority
It will not affect the root port selection of the switch on which the port priority is changed. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 170 Step 5 Displays the spanning tree port show spanning-tree interface <interface- parameters including the port priority type><interface-id> values. Step 6 write startup-config Optional step – saves this spanning tree configuration to be part of startup configuration. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 171: Path Cost
The default path cost for the ports are calculated based on the port speed. The table below shows the default path costs for different speeds. Port Speed Default Path Cost 10 Mbps 2000000 100 Mbps 200000 1 Gbps 20000 10 Gbps 2000 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 172 Displays the spanning tree port show spanning-tree interface <interface- parameters including the port path cost type><interface-id> values. Step 6 write startup-config Optional step – saves this spanning tree configuration to be part of startup configuration. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 173: Hello Time
In MSTP, the hello time is configurable on individual ports. In RSTP, the hello time is configured commonly for all ports. Follow the steps below to change the hello time for RSTP. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 174 (-) between the start and end interface numbers. E.g.: int range fx 0/1-10 To provide multiple interfaces or ranges, use separate with a comma (,). E.g.: int range fx 0/1-10, fx 0/20 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 175: Max Age
The max age time affects failure detection and reconfiguration. A smaller max age time will help detect failures quickly. It is advisable to choose a max age time based on the maximum number of switches on the network between any two hosts. The default max age time is 20 seconds. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 176: Forwarding Time
The default forwarding time is 15 seconds. Hence, the switch waits for 15 seconds in the listening state and waits for another 15 seconds in the learning state before going to the forwarding state. The forwarding time value should maintain the following relation with max age: 2*(Forward Time -1)≥MaxAge Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 177: Max Hops
The default max hops count is 20. Follow the steps below to change the max hops. Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 To configure the max age time: Configures the switch MSTP max hops Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 178: Path Cost Long/Short
The 16-bit path costs method is referred to as the short path cost method and the 32-bit path cost method is referred to as the long path costs method. In MSTP and RSTP modes, Supermicro switches support long path costs by default. In STP compatible RSTP mode, Supermicro switches uses short path costs by default.
Page 179: Transmit Hold Count
Step 3 Exits the configuration mode. Step 4 show spanning-tree detail Displays the spanning tree hold count information. Step 5 write startup-config Optional step – saves this spanning tree configuration to be part of startup Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 180: Root Guard
– may be any of the following: fx-ethernet – fx cx-ethernet – cx port-channel – po interface-id is in slot/port format for all physical interfaces. It may be the port channel identifier for port channel interfaces. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 181: Topology Change Guard
Topology change BPDUs received on the topology change guard enabled ports will be dropped. The topology guard feature is disabled on all ports by default. Follow the steps below to enable the topology guard feature on the ports. Step Command Description Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 182 The example below shows how to enable the topology guard feature. Enable the topology guard feature on ports cx 0/1 and cx 0/2 SMIS# configure terminal SMIS(config)# interface range cx 0/1-2 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 183: Port Fast
E.g.: int range fx 0/1-10 To provide multiple interfaces or ranges, use separate with a comma (,). E.g.: int range fx 0/1-10, fx 0/20 Step 3 spanning-tree portfast Enables the port fast feature. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 184: Auto Edge
– may be any of the following: fx-ethernet – fx cx-ethernet – cx port-channel – po interface-id is in slot/port format for all physical interfaces. It may be the port channel identifier for port channel interfaces. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 185: Link Type
In point-to-point links, spanning tree negotiates with other end switches to move the ports rapidly to the forwarding state. Users can override the link type of ports as either point-to-point links or as shared links. Follow the steps below to configure the link type of the ports. Step Command Description Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 186 The example below shows the way to configure the link type. Configure the port fx 0/1 as a point-to-point link. SMIS# configure terminal SMIS(config)# interface fx 0/1 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 187: Spanning Tree Configuration Examples
# Create the VLANs 100 and 200 SMIS(config)# vlan 100,200 SMIS(config-vlan)# exit # Create MST instance for vlan 100 and 200 SMIS(config)# spanning-tree mst configuration SMIS(config-mst)# instance 1 vlan 100 SMIS(config-mst)# instance 2 vlan 200 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 188 SMIS(config-mst)# instance 2 vlan 200 SMIS(config-mst)# exit # Configure the port fx 0/1-40 as port fast SMIS(config)# interface range fx 0/1-40 SMIS(config-if)# spanning-tree portfast Warning: portfast should only be enabled on ports connected to a single host. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 189 Building configuration, Please wait. May take a few minutes ... [OK] SMIS#Configurations on switch C SMIS# configure terminal # Create the VLANs 100 and 200 SMIS(config)# vlan 100,200 SMIS(config-vlan)# exit # Create MST instance for vlan 100 and 200 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 190 Fx0/47 of MST02 is Designated, Forwarding Port info port id 128.47 priority 128 cost 200000 Designated root address 00:30:48:e3:56:12 priority 4096 cost 0 Designated bridge address 00:30:48:e3:56:12priority 4096 port id 128.47 SMIS# # Save this spanning tree configuration. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 191 SMIS# write startup-config Building configuration, Please wait. May take a few minutes ... [OK] SMIS# Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 192: Igmp Snooping
IGMP router’s connected ports by snooping the IGMP control messages sent by IGMP routers. The switch maintains a multicast forwarding table based on the hosts joined and router connected ports for every multicast group and updates the multicast forwarding table when hosts leave multicast groups. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 193: Igmp Snooping Support
Traffic 7.1 IGMP Snooping Support Supermicro switches support IGMP snooping for all three IGMP versions (1, 2 and 3). Supermicro switches support the forwarding of multicast traffic based on MAC and IP addresses. Supermicro switches support up to 255 multicast groups.
Page 194: Enabling Igmp Snooping
7.2 Enabling IGMP Snooping IGMP snooping is disabled by default in Supermicro switches. IGMP snooping needs to be enabled globally and also needs to be enabled in VLANs individually. Follow the steps below to enable IGMP snooping. Step Command Description...
Page 195: Igmp Version
SMIS(config-vlan)# end 7.3 IGMP Version The IGMP protocol standard has three versions: v1, v2 and v3.Supermicro switches support IGMP snooping for all three versions. Supermicro IGMP snooping support interoperates with different IGMP versions as defined in the IGMP protocol standard.
Page 196: Multicast Router Ports
IGMP control messages are received again. This period of time is called the router port timeout value. By default, Supermicro switches have a router port timeout value of 125 seconds. This value can be changed by following the steps below.
Page 197: Static Router Ports
VLAN. If a VLAN identifier is not provided it displays the router portsfor all the VLANs on the switch. Step 7 write startup-config Optional step – saves this IGMP snooping configuration to be part of the startup configuration. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 198: Leaving A Multicast Group
Switches follow the above process only for IGMP version 2 leave messages. The following parameters are used to control the leave message handling procedure in Supermicro switches. Group Query Interval – This configures the amount of time a switch will wait to get response for its group specific queries from IGMP hosts.
Page 199: Group Query Retry Count
Follow the steps below to configure the group specific query message retry count. Step Command Description Step 1 configure terminal Enters the configuration mode. Step 2 ip igmp snooping retry-count<count> Configures the group specific query Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 200: Immediate Leave
– may be any VLAN number or list of VLAN numbers. Multiple VLAN numbers can be provided as comma- separated values. Consecutive VLAN numbers can be provided as a range, such as 5-10. If multiple VLANs are provided, the next Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 201: Igmp Snooping Querier
IGMP routers on the network. In these cases, switches will have multicast hosts and sources on the same subnet as shown in the figure below. Figure IGS-3: Multicast Deployment Without IGMP Routers Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 202 IGMP router. This will make hosts send periodic IGMP reports and hence the multicast group entries in switches will not time out. Supermicro switches do not act as an IGMP querier by default. Users can configure the switch to act as an IGMP querier for any required VLANs.
Page 203: Report Forward
SMIS(config-vlan)# end 7.7 Report Forward When IGMP snooping is enabled, Supermicro switches forward IGMP host member reports to IGMP routers. When a switch has not recognized any router ports, it forwards IGMP host member reports to all ports except the port on which the host member report was received. When a switch recognizes a router port, it forwards the IGMP host member reports to only the recognized router port.
Page 204: Port Timeout (Port Purge Interval)
This time period is called the port purge interval value. Once a host port is removed from the multicast forwarding table for any group, it will no longer receive the multicast traffic for that group. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 205: Report Suppression Interval
Supermicro switches have a port purge interval value of 260 seconds by default. Users can change this value by following the steps below. Step Command Description Step 1 configure terminal Enters the configuration mode. Step 2 ip igmp snooping port-purge-interval<timeout>...
Page 206: Proxy Reporting
This proxy reporting feature helps reduce IGMP control message traffic on the network by preventing the forwarding of every host report to the IGMP routers. Proxy reporting is enabled by default in Supermicro switches. Users can disable or enable the proxy reporting feature by following the steps below.
Page 207: Sending Queries Whentopology Changes
This helps switches correctly recognize member ports based on the new spanning tree topology. Supermicro switches do not send general IGMP queries by default when spanning tree topology changes. Users can enable the switch to send general IGMP queries when spanning tree topology change events occur.
Page 208: Disabling Igmp Snooping
SMIS(config)# ip igmp snooping send-query enable SMIS(config)# end 7.12 Disabling IGMP Snooping IGMP snooping is disabled by default in Supermicro switches. After enabling IGMP snooping, it must be disabled globally and also in VLANs individually. Follow the steps below to disable IGMP snooping. Step Command...
Page 209: Igmp Snooping Configuration Example
VLAN 20 VLAN 20 225.0.0.1 225.0.0.10 Source 225.0.0.10 Receiver Hosts 225.0.0.1 Receiver Hosts Source SMIS# configure terminal # Create all the required VLANs first SMIS(config)# vlan 10,20 SMIS(config-vlan)# exit # Add member ports to VLAN 10 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 210 SMIS(config-if)# switchport trunk native vlan 10 SMIS(config-if)# exit # Req.1 Enable IGMP Snooping SMIS(config)# ip igmp snooping SMIS(config)# vlan 10,20 SMIS(config-vlan)# ip igmp snooping SMIS(config-vlan)# exit # Req.2 Configure the switch as a querier for group 225.0.0.1 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 211 Boot Loader0 SSE-F3548 1.0.0.0 0.0.0.0interface port-channel 1 exit vlan 1 ports fx 0/11-19 untagged ports fx 0/41-48 untagged ports cx 0/2 untagged exit vlan 10 ports fx 0/20-40 untagged ports po 1 untagged exit vlan 20 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 212 Fx 0/7 switchport trunk allowed vlan 20 switchport mode trunk interface Fx 0/8 switchport trunk allowed vlan 20 switchport mode trunk interface Fx 0/9 switchport trunk allowed vlan 20 switchport mode trunk Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 213 Fx 0/25 switchport access vlan 10 switchport mode access interface Fx 0/26 switchport access vlan 10 switchport mode access interface Fx 0/27 switchport access vlan 10 switchport mode access interface Fx 0/28 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 214 Fx 0/34 switchport access vlan 10 switchport mode access interface Fx 0/35 switchport access vlan 10 switchport mode access interface Fx 0/36 switchport access vlan 10 switchport mode access interface Fx 0/37 switchport access vlan 10 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 215 1 mode active interfacepo 1 switchport trunk native vlan 10 switchport mode trunk exit ip igmp snooping noip igmp snooping proxy-reporting vlan 20 ip igmp snooping fast-leave ip igmp snooping version v2 ip igmp snooping querier exit Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 216 Query interval is 125 seconds SMIS# show ip igmp snooping vlan 20 Snooping VLAN Configuration for the VLAN 20 IGMP Snooping enabled IGMP configured version is V2 IGMP Operating version is V2 Fast leave is enabled Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 217 Snooping switch is configured as Querier Snooping switch is acting as Querier Query interval is 125 seconds SMIS# # Save this port channel configuration. SMIS# write startup-config Building configuration, Please wait. May take a few minutes ... [OK] SMIS# Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 218: Acl
Permit • The switch permits all packets matching this ACL Supermicro switches implement ACL in hardware ASIC (Application Specific Integrated Circuit) to provide line rate ACL processing for all incoming traffic. User configured ACL rules are programmed in an ACL table in ASIC. Layer 2 MAC extended ACLs and Layer 3 IP ACLs are implemented in two separate hardware tables, which are TCAM tables in ASIC.
Page 219: Mac Extended Acl
To implement multiple rule ACLs, configure multiple MAC Extended ACLs. There is no implied deny all rule in Supermicro switch ACLs. By default, all packets not matching a configured ACL rule will be forwarded automatically. For any traffic to be denied, it has to be configured with an explicit deny rule.
Page 220: Creating Mac Extended Acls
{ any | host<src-mac-address>}{ any configured as any, the switch will not | host<dest-mac-address> } priority<value (1- check that source or destination MAC 65535)>][ Vlan<vlan-id (1-4069)>] address to match the packets for this [priority<value (1-255)>] ACL. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 221 The below examples show various ways of creatinga a MAC Extended ACL. Create a deny MAC Extended ACL with ACL number 100 to deny all traffic from MAC 00:25:90:01:02:03 SMIS# configure terminal SMIS(config)# mac access-list extended 100 SMIS(config-ext-macl)# deny host 00:25:90:01:02:03 any Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 222: Modifying Mac Extended Acls
SMIS(config)# mac access-list extended 50 SMIS(config-ext-macl)# deny host 00:25:90:01:02:03 host 00:25:90:01:02:04 8.2.3 Removing MAC Extended ACLs Follow the steps below to remove MAC Extended ACLs. Step Command Description Step 1 configure terminal Enters the configuration mode Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 223: Applying Mac Extended Acls To Interfaces
Displays the configured ACL rules to make sure this port is added to the required ACL. Step 5 write startup-config Optional step – Saves this ACL configuration to be part of startup configuration. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 224 3. A MAC Extended ACL can be applied to many ports by following the above steps. In the same way, many MAC Extended ACLs can be applied to a single port. The example below shows the commands for removing a MAC Extended ACL from a port. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 225: Acl Egress Port Configuration
The egress port from which this MAC Interface <interface-type><interface- Extended ACL needs to be removed. id> Step 3 Removes the MAC Extended ACL from no mac access-group { <short (1-32768)> | this port. <string(32)>} in access-list-number – the ACL number Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 226: Displaying Mac Extended Acls
Vlan Id Configured VLAN identifier. Destination MAC Configured destination host MAC address. Displays 00:00:00:00:00:00 Address for any destination MAC address Source MAC Address Configured source host MAC address. Displays 00:00:00:00:00:00 for any source MAC address Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 227: Mac Extended Acl Configuration
ACL 1 – Deny all traffic going from Server A to the gateway. ACL 2 – Redirect all vlan 20 traffic coming from the gateway to Server B. Figure ACL-1: MAC Extended ACL Example 1 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 228: Ip Standard Acl
To implement multiple rule ACLs, configure multiple IP Standard ACLs. There is no implied deny all rule in Supermicro switch ACLs. By default, all packets not matching a configured ACL rule will be forwarded automatically. For any traffic to be denied, it has to be configured with an explicit deny rule.
Page 229: Creating Ip Standard Acls
[ {any | host<ip_addr> | <ip_addr><ip_mask> } ] The source and destination IP [priority<value (1-255)>] addresses are provided with the keyword host. The keyword anyis used to refer to any permit { any | host<src-ip-address> | <src-ip- Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 230 SMIS(config)# ip access-list standard acl_cw3 SMIS(config-std-nacl)# permit host 172.10.10.1 any Create a redirect IP Standard ACL to redirect all packets from subnet 172.20.20.X going to IP 172.20.0.1 to interface fx 0/10. SMIS# configure terminal SMIS(config)# ip access-list standard 1 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 231: Modifying Ip Standard Acls
ACL is removed properly Step 4 write startup-config Optional step – Saves this ACL configuration to be part of startup configuration. The example below shows how to remove an IP StandardACL . Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 232: Applying Ip Acls To Interfaces
The example below shows applying anIP Standard ACL rule 100 to ports fx 0/1 and fx 0/10. SMIS# configure terminal SMIS(config)# interface fx 0/1 SMIS(config-if)# ip access-group 100 in SMIS(config-if)# exit SMIS(config)# int fx 0/10 SMIS(config-if)# ip access-group 100 in Removing anIPStandard / Extended ACL from a port Step Command Description Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 233: Acl Egress Port Configuration
Step 2 interface <interface-type><interface-id> Defines the egress port on which this IP Standard / Extended ACL needs to be applied Step 3 Adds the IP Standard / Extended ACL to ip access-group { <access-list-number (1-32768)> Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 234 Displays the configured ACL rules to make sure this port has been removed from the required ACL Step 5 write startup-config Optional step – Saves this ACL configuration to be part of startup configuration. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 235: Displaying Ip Standard Acls
ALL. Filter Action Configured ACL action rule – deny,permit or redirect Current status of the ACL. The status should normally be active. In case Status of configuration errors, the ACL status may be inactive. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 236: Ip Standard Acl Configuration Example 1
This ACL has two rules; one to allow traffic from 172.20.20.1 and the other to deny all traffic from the 172.20.0.0 network. A permit rule needs to be created first. SMIS# configure terminal SMIS(config)# ip access-list standard acl_1a Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 237: Ip Extended Acls
Users can define IP Extended ACLs with deny, permit or redirect action rules. An IP Extended ACL can be defined only with one rule. There is no implied deny all rule in Supermicro switch ACLs. By default, all packets not matching a configured ACL rule will be forwarded automatically. For any traffic to be denied, it has to be configured with an explicit deny rule.
Page 238: Creating Ip Extended Acls For Ip Traffic
} [ {tos<value (0-255)> | IPv4 header of the received dscp<value (0-63)>} ] [priority<value (1-255)>] packets.Hence users have to provide the TOS byte value combining the precedence and type of service fields of Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 239 SMIS(config-ext-nacl)# deny ospf 172.20.1.0 255.255.255.0 any Create a redirect IP Extended ACL to redirect all packets from subnet 172.20.20.X going to IP 172.20.0.1with DSCP value 10 to interface fx 0/10. SMIS# configure terminal SMIS(config)# ip access-list extended 100 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 240: Creating Ip Extended Acls For Tcp Traffic
0 to 255. The user provided priority<short(1-255)>] TOS value will be matched exactly against the type of service byte on the IPv4 header of the received packets. Hence users have to provide the TOS byte value combining the precedence Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 241 SMIS(config-ext-nacl)# deny tcp any 172.20.0.0 255.255.0.0 Create a redirect IP Extended ACL to redirect all packets from subnet 172.20.20.X going to IP 172.20.0.1with TCP ports equal to 1000 to interface fx 0/10. SMIS# configure terminal SMIS(config)# ip access-list extended 500 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 242: Creating Ip Extended Acls For Udp Traffic
[ priority<short(1-255)>] and type of service fields of IP header. This TOS configuration is optional. To apply this rule to packets with specified DSCP values, use the keyword dscp and the specific DSCP values to be Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 243: Creating Ip Extended Acls For Icmp Traffic
SMIS(config-ext-nacl)# redirect fx 0/10 udp 172.20.20.0 255.255.255.0 host 172.20.0.1 eq 1000 8.3.13 Creating IP Extended ACLs for ICMP Traffic Follow the steps below to create an IP Extended ACL for TCP traffic. Step Command Description Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 244 The examples below show various ways to create IP Extended ACLs for ICMPpackets. Create a deny IP Extended ACL with ACL number 100 to deny all ICMP “traceroute” messages. SMIS# configure terminal SMIS(config)# ip access-list extended 100 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 245: Modifying Ip Extended Acls
Follow the steps below to remove IP Extended ACLs. Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 no ip access-list extended { <access-list-number(1- Deletes an IP Extended ACL using theip- Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 246: Applying Ip Extended Acls To Interfaces
Source IP Address Configured source subnet IP mask. For host IP address, the mask will be Mask displayed as 255.255.255.255. Destination IP Configured destination host or subnet IP address. Displays 0.0.0.0 for Address any destination IP. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 247 Displays “No ICMP codes to be filtered” if the ACL is applied to all ICMP message codes. The examplesbelow display different IP Extended ACLs. IP Extended ACLs with IP/OSPF/PIM rules display the following fields: Filter Priority Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 248 Source IP address mask : 0.0.0.0 Destination IP address : 172.10.0.0 Destination IP address mask : 255.255.0.0 In Port List : ALL Out Port : ALL Filter Action : Redirect to Fx0/1 Status : Active SMIS# Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 249: Ip Extended Acl Configuration Example 1
ACL 2 – Redirect all ICMP traffic destined to the IP 172.10.0.0 network to server 172.10.10.10. ACL 3 –Deny all UDP traffic going to 172.100.0.0 with a destination UDP port greater than 1000. Figure ACL-3: IP Extended ACL Example 1 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 250 SMIS# configure terminal SMIS(config)# ip access-list extended 100 SMIS(config-ext-nacl)# redirect fx 0/1 icmp any 172.10.0.0 255.255.0.0 ACL 3 Configuration SMIS# configure terminal SMIS(config)# ip access-list extended 200 SMIS(config-ext-nacl)# deny udp any 172.100.0.0 255.255.0.0 eq 1000 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 251: Qos
Implementing QoS makes network performance morepredictable and bandwidth utilization more effective. The QoS implementation in Supermicro switches is based on the Differentiated Services (DiffServ)architecture. DiffServarchitecture specifies that each packetis classified upon entry into the network.The classification is carried in the IP packet header using six bits from the deprecated IP type of service(ToS) field to carry the classification (class) information.
Page 252: Policy-Based Qos
Weight Scheduling Algorithm Strict Queuing Rate Limit Burst Size Enabled The default priority to traffic classqueue mapping: Priority Traffic Class queue 9.1 Policy-Based QoS Supermicro switch features based on QoS Policies are: • QoS Classification Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 253: Classification And Marking
9.1.1 Classification and Marking Classification is the process of distinguishing one kind of traffic from another by examining the fieldsin the packet. Supermicro switches use ACL’s to specify the fields in the frame or packet based on which incoming IP traffic is classified.
Page 254: Cos-Based Qos
Default Priority 9.2.1 Egress Queuing The CoS priority of a packet is mapped to a traffic class.Supermicro switchesprovide support to configure the mapping of CoS priority to a traffic class.Each traffic class is mapped to eight egress queues in the switch.
Page 255: Scheduling
The Class of Service (CoS) priority field is taken from the VLAN header of a received packet. If the received packet does not have a VLAN header, the default port priority is used as the CoS value. Supermicro switches provide an option to configure the default priority.
Page 256: Bandwidth Management
Traffic that exceeds the rate limit is dropped. Supermicro switches support output rate limits. 9.4 HOLBlocking Prevention Supermicro switches provide eight egress queues per port. Each queue has a dynamic packet limit based on the availability of packet buffer memory. When a switch receives packets at a fast rate destined to a particular egress port, its egress port queuesbecome filled up.
Page 257: Configuringpolicy-Based Qos
The IP access group / MAC access group can be used as matchcriteria. mac-access-list - Accesses list created based on MAC addresses for non-IP traffic ip-access-list - Accesses list created based on IP addresses. The IP-access list can either bedefined as a Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 258 Average traffic rate in kilobitsper second (Kbps), in range 64-1048572 exceed-action - Indicates the action of the switch whenthe specified rate is exceeded. drop - drops the packet Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 259 MAC address of 00:30:48:14:c8:29to be sent to any host. SMIS# configure terminal SMIS(config)# mac access-list extended mac1 SMIS(config-ext-macl)# permit host :14:c8:29 00:30:48 SMIS(config-ext-macl)# exit SMIS(config)# set qos enable SMIS(config)# interface Fx 0/3 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 260 SMIS(config-pmap)# class 10 Existing policymap configurations have been deleted. Please apply the policymap to make it active. SMIS(config-pmap-c)# set cos 7 SMIS(config-pmap-c)# end SMIS# show policy-map DiffServ Configurations: ------------------------ Quality of Service has been enabled Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 261 SMIS# show class-map DiffServ Configurations: ------------------------ Class map 5 -------------- Filter ID : mac1 Filter Type : MAC-FILTER DiffServ Configurations: ------------------------ Class map 10 -------------- Filter ID : mac2 Filter Type : MAC-FILTER SMIS# show running-config Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 262 Fx 0/3 mac access-group mac1 in mac access-group mac2 in exit setqos enable class-map 5 match access-group mac-access-list mac1 exit class-map 10 match access-group mac-access-list mac2 exit policy-map 5 class 5 setcos 6 exit Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 263 SMIS(config-pmap)# class 1 Existing policymap configurations have been deleted. Please apply the policymap to make it active. SMIS(config-pmap-c)# police 500000 exceed-action policed-dscp-transmit 10 SMIS(config-pmap-c)# end SMIS# show policy-map DiffServ Configurations: ------------------------ Quality of Service has been enabled Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 264 SMIS# show running-config Building configuration... ID Hardware Version Firmware OS Boot Loader SSE-F3548 1.0.0.0 0.0.0.0 vlan 1 ports fx 0/1-24 untagged ports cx 0/1-3 untagged exit ip access-list standard 1 permit 20.1.0.0 255.255.0.0 any exit Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 265: Configuring Cos-Based Qos
– cx interface-id is in slot/port format for all physical interfaces. To configure multiple interfaces, use the “interface range …” command. To provide a range use a hyphen (-) between the start and end interface Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 266 1. The “no switchport priority default” command resets the default priority configuration to its default valueof 0. The “no vlan map-priority <priority value (0-7)>” command resets the egress CoS queue mapping to its default value. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 267 Port Restricted Vlan Registration : Disabled Port Restricted Group Registration : Disabled Mac Based Support : Disabled Port-and-Protocol Based Support : Enabled Default Priority Filtering Utility Criteria : Default Allowed Vlans on Trunk : 1-4069 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 268 CoSq Algorithm ----------------- Interface Algorithm --------- --------- Fx0/1 StrictPriority Fx0/2 StrictPriority Fx0/3 StrictPriority Fx0/4 StrictPriority Fx0/5 StrictPriority Fx0/6 StrictPriority Fx0/7 StrictPriority Fx0/8 WeightedRoundRobin Fx0/9 StrictPriority Fx0/10 StrictPriority Fx0/11 StrictPriority Fx0/12 StrictPriority Fx0/13 StrictPriority Fx0/14 StrictPriority Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 269 SMIS(config)# interface Fx 0/15 SMIS(config-if)# traffic-class 6 weight 7 minbandwidth 6400 maxbandwidth 6400000 SMIS(config-if)# end SMIS# show cosq weights-bw interface Fx 0/15 CoSq Weights and Bandwidths --------------------------- Interface CoSqIdCoSqWeightMinBwMaxBw --------- ------ ---------- ----- ----- Fx0/15 Fx0/15 Fx0/15 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 270 6400 6400000 Fx0/15 Example 4: Egress Queue SMIS# configure terminal SMIS(config)# vlan map-priority 2 traffic-class 7 SMIS(config)# end SMIS# show vlan traffic-classes Priority to Traffic Class Queue Mapping --------------------------------------- Priority Traffic Class Queue --------- ------------------- Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 271: Port Mirroring
10 Port Mirroring Supermicro switches support Port Mirroring function. Users can configure the Port mirroring session(s) to provide a method to monitor networking traffic flow on another port. Port mirroring feature allow user to configure up to 4 independent sessions. Each session will have one destination port and as many source ports as available in the Switch.
Page 272 In CLI, user can only add one source port at a time to any session. In the same session, user’s new command for direction of same port, will overwrite the previous configuration of the same source port. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 273 Disabled Disabled Fx0/6 Disabled Disabled Fx0/7 Disabled Disabled Fx0/8 Disabled Disabled Fx0/9 Disabled Disabled Fx0/10 Disabled Disabled Fx0/11 Disabled Disabled Fx0/12 Disabled Disabled Fx0/13 Disabled Disabled Fx0/14 Disabled Disabled Fx0/15 Disabled Disabled Fx0/16 Disabled Disabled Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 274 Disabled Disabled Fx0/42 Disabled Disabled Fx0/43 Disabled Disabled Fx0/44 Disabled Disabled Fx0/45 Disabled Disabled Fx0/46 Disabled Disabled Fx0/47 Disabled Disabled Fx0/48 Disabled Disabled Cx0/1 Disabled Disabled Cx0/2 Disabled Disabled Cx0/3 Disabled Disabled Cx0/4 Disabled Disabled Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 275: Snmp
USM (User based Security Model) and VACM (View based Access Control Model) are the main features in SNMPv3. USM provides user authentication and message encryption. VACM provides MIB access control by associating views and users. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 276: Snmp Support
Security level specifies the permitted security within the particular security model. The security levels in Supermicro switches are • NoAuthNoPriv • AuthNoPriv • AuthPriv The security model and level combinations possible in Supermicro switch are listed in the table below. Security Security Level Authentication Encryption Purpose Model Community string and...
Page 277: Interface Numbers
SNMP view. • ReadView - Specifies Read access for an SNMP view • WriteView - Specifies Write access for an SNMP view • NotifyView - Specifies SNMP view for which the group will receive notifications. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 278: Configuration Steps
MIB, but write access only for certain MIB objects. 11.3.1 Configuration Steps The sequence of steps for SNMP Configuration in Supermicro switches are: 1. Create a User Name 2. Create a community name and associate user with the community (Optional).
Page 279: Enable/Disablethe Snmp Agent
System Contact SMIS System Location http://www.supermicro.com Supermicro 11.5 Enable/Disablethe SNMP Agent The SNMP Agent is enabled by default in Supermicro switches. Follow the steps below to disable the SNMP agent. Step Command Description configure terminal Step 1 Enters the configuration mode...
Page 280: Switch Name
SMIS(config)# end 11.5.1 Switch Name Supermicro switches can be assigned a name for identification purposes. The default switch name isSMIS. The switch name is also used as a prompt. Follow the steps below to configure the switch name. Step Command...
Page 281: Switch Contact
Key # Key ======= ==================================== Time zone offset not set 11.5.2 Switch Contact Supermicro switches provide an option to configure the switch in charge Contact details, usually anemail Follow the steps below to configure the switch contact. Step Command Description Step 1...
Page 282: System Location
=============== ===== ====== Key # Key ======= ==================================== Time zone offset not set 11.5.3 System Location Supermicro switches provide an option to configure the switch location details. Follow the steps below to configure system location. Step Command Description Step 1 configure terminal...
Page 283 Config Restore Status: Not Initiated Config Restore Option: No restore Config Restore Filename: iss.conf Config Save IP Address: 0.0.0.0 Supermicro L2/L3 Switches Configuration Guide 43 Device Up Time: 0 days 0 hrs 51 mins 39 secs Boot-up Flash Area: Normal NTP Broadcast Mode: No...
Page 284: Access Control
Optional step – saves this SNMP configuration to be part of the startup configuration. The example below shows the commands used to configure the SNMP Engine Identifier. SMIS# configure terminal SMIS(config)# snmpengineid 80.00.08.1c.44.44 SMIS(config)# end SMIS# show snmpengineid EngineId: 80.00.08.1c.44.44 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 285: Community
255 characters. Step 3 Exits the configuration mode. show snmp community Step 4 Displays the SNMP community information. Step 5 write startup-config Optional step – saves this SNMP configuration to be part of the startup configuration. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 286: User
The “no snmp community index <CommunityIndex> ”command deletes the specified community index. SNMP User Name is also referred to as SNMP Security Name in Supermicro switches. The example below shows the commands used to configure the SNMP community. SMIS(config)# snmp community index test1 name test1 security user1 nonvolatile...
Page 287 The example below shows the commands used to configure the SNMP user. SMIS# configure terminal SMIS(config)# snmp user user5 auth md5 abc123 priv DES xyz123 SMIS# end SMIS# show snmp user Engine ID: 80.00.08.1c.04.46.53 User: user5 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 288: Group
Security-model – Use v1 or v2c or v3. UserName - Alphanumeric value with a maximum of 40 characters. Use volatileif the value need not be stored in NVRAM. Use nonvolatile if the value must be Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 289 Security Model: v3 Security Name: user5 Group Name: group5 Storage Type: Volatile Row Status: Active ------------------------------ Security Model: v3 Security Name: initial Group Name: initial Storage Type: Non-volatile Row Status: Active ------------------------------ Security Model: v3 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 290: View
Use volatileif the value need not be stored in NVRAM. Use nonvolatile if the value must be stored in NVRAM and available after restart. Step 3 Exits the configuration mode. Step 4 show snmpviewtree Displays the SNMP view information. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 291: Group Access
Step 2 snmp access <GroupName> {v1 | v2c | v3 {auth | Configures the SNMP group access. noauth | priv}}[read <ReadView | none>] [write <WriteView | none>] [notify <NotifyView | none>] GroupName - Alphanumeric value with Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 292 The“ no snmp access <GroupName> {v1 | v2c | v3 {auth | noauth | priv}}” commanddeletes the specified SNMP group access. The sequence of steps to delete a group that is associated with a group access and view: 1. Delete the view 2. Delete the group access. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 293 Write View: Rrestricted Notify View: Restricted Storage Type: Non-volatile Row Status: Active ------------------------------ Group Name: Initial Read View: iso Write View: iso Notify View: iso Storage Type: Non-volatile Row Status: Active ------------------------------ Group Name: initial Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 294: Trap
Seconds – Specifies the timeout within which the target should be reachable. RetryCount – Specifies the number of retries to reach the target. TagIdentifier- A set of targets can be grouped under a tag Identifier. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 295: Target Parameters
Step Command Description Step 1 configure terminal Enters the configuration mode snmptargetparams<ParamName> user Step 2 Configures the SNMP target <UserName>security-model {v1 | v2c | v3 {auth | parameters. noauth | priv}}message-processing {v1 | v2c | v3} Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 296 The example below shows the commands used to configure the SNMP target parameters. SMIS# configure terminal SMIS(config)# snmptargetparamsparam4 user user4 security-model v2c message-processing v2c SMIS# end SMIS# show snmptargetparam Target Parameter Name: Internet Message Processing Model: v2c Security Model: v2c Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 297: Snmp Notify
Alphanumeric value with a maximum of 255 characters. Type – Notification can be Trap or Inform. Use volatileif the value need not be stored in NVRAM. Use nonvolatile if the value must be Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 298: Trap Udp Port
Notify Tag: iss1 Notify Type: trap Storage Type: Volatile Row Status: Active ------------------------------ 11.7.4 Trap UDP Port The default UDP port for traps is 162. Supermicro switches providean option for users to change this trap UDP port. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 299: Authentication Traps
Login Authentication Traps DISABLED. 11.7.5 Authentication Traps Traps can be generated when a user login authentication fails at the SNMP agent. In Supermicro switches, authentication traps are disabled by default. Follow the steps below to enable an SNMP authentication trap.
Page 300: Link-State Trap
Login Authentication Traps ENABLED. 11.7.6 Link-State Trap Link-state traps are enabled for all interfaces by default in Supermicro switches. Traps are generated when an interface toggles its state from Up to down or vice-versa. Follow the steps below to disable SNMP Link-state trap.
Page 301 Optional step – saves this SNMP configuration to be part of the startup configuration. The “snmp trap link-status” command enables SNMP link-state traps. The example below shows the commands used to disable the SNMP Link-state trap. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 302: Sub-Agent
11.8 Sub-Agent Supermicro switches can act as a Sub-Agent to another SNMP agent. SNMP Agent and Sub-Agent communication is via a protocol called AgentX. The Sub-Agent feature is disabled by default. Follow the steps below to configure an SNMP Sub-Agent.
Page 303 Master IP Address:192.168.1.80 Master PortNo:705 SMIS(config)# show snmpagentx statistics Tx Statistics Transmitted Packets:1 Open PDU:1 Index Allocate PDU:0 Index DeAllocate PDU:0 Register PDU:0 Add Agent Capabilities PDU:0 Notify PDU:0 Ping PDU:0 Remove Agent Capabilities PDU:0 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 304: Snmpconfigurationexample
Creates an SNMP view ‘restricted’which will allow access to everything from the specified OID onwards, and also adds a restriction to anything on a particular sub-tree. 4) Create group access a. Access for superusers- fullread/write and notify privilege to the ‘full’ view Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 305 User : user1 Authentication Protocol : MD5 Privacy Protocol : None Storage Type : Volatile Row Status : Active ------------------------------ Engine ID : 80.00.08.1c.04.46.53 User : user2 Authentication Protocol : SHA Privacy Protocol : DES_CBC Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 306 : Active ------------------------------ Engine ID : 80.00.08.1c.04.46.53 User : templateSHA Authentication Protocol : SHA Privacy Protocol : DES_CBC Storage Type : Volatile Row Status : Active ------------------------------ SMIS# show snmp group Security Model : v1 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 307 Security Name : user2 Group Name : generalusers Storage Type : Volatile Row Status : Active ------------------------------ Security Model : v3 Security Name : initial Group Name : initial Storage Type : Non-volatile Row Status : Active Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 308 Write View : iso Notify View : iso Storage Type : Volatile Row Status : Active ------------------------------ Group Name : iso Read View : iso Write View : iso Notify View : iso Storage Type : Volatile Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 309 Write View : iso Notify View : iso Storage Type : Non-volatile Row Status : Active ------------------------------ Group Name : superuser Read View : full Write View : full Notify View : full Storage Type : Volatile Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 310 Row Status : Active ------------------------------ View Name : full Subtree OID : 1.3.6.1 Subtree Mask : 1.1.1.1 View Type : Included Storage Type : Volatile Row Status : Active ------------------------------ View Name : restricted Subtree OID : 1 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 311 View Type : Excluded Storage Type : Volatile Row Status : Active ------------------------------ SMIS# show running-config Building configuration... ID Hardware Version Firmware OS Boot Loader SSE-F3548 1.0.0.0 0.0.0.0 vlan 1 ports fx 0/1-24 untagged ports cx 0/1-3 untagged Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 312: Rmon
RMON provides statistics and alarm functionality to monitor managed devices. • The statistics function tracks traffic information on the network segments connecting to its ports. For e.g. number of oversize packets received. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 313 SNMP operations, which, due to system resources limitation, may not cover all MIB information but four groups of information, alarm, event, history, and statistics, in most cases. Supermicro supports minimal RMON agent implementation for Ethernet interfaces. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 314: Rmon Groups
Workstations Figure RMON-1: RMON Operation 12.1 RMON Groups Supermicro supports four groups from RMON MIB1 defined by RMON specifications: event group, alarm group, history group and statistics group. 12.1.1 Alarm group The RMON alarm group monitors specified alarm variables, such as total number of received packets on an interface.
Page 315: Event Group
Collection history None Alarms None Events None 12.2.1 EnablingRMON RMON is disabled by default in Supermicro switches. Follow the below steps to enable RMON. Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 set rmon enable Enable RMON in the switch.
Page 316: Configuring Alarms And Events
- Used to test each mib variable directly. delta - Used to test the change between samples of a variable. rising-threshold - A number at which the alarm is triggered. This value ranges between 0 and 2147483647. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 317 RMON alarm function as described in SNMP Configuration guide (www.supermicro.com). Step 4 Exit from Configuration mode. Step 5 show rmon [statistics [<stats-index (1-65535)>]] Display RMON statistics, alarms, events [alarms] [events] [history [history-index (1-65535)] history and overview. [overview]] Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 318: Configuring Statistics
Step 3 rmon collection stats <index (1-65535)> [owner (Optional) Enable RMON statistic <ownername (127)>] collection on the interface index - Statistics table index, in range 1- 65535 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 319: Rmon Configuration Example
65535)>” commands delete the RMON collection configuration. 12.2.4 RMON Configuration Example A sample RMON configuration of alarms, events and collection statistics and History in a Supermicro switch is specified below. 1) Enable RMON 2) Create events for Rising and falling threshold.
Page 320 Time last sent is Apr 29 10:12:20 2013 Logging Event With Description : rise Event 2 is active, owned by smicro1 Description is fall Event firing causes log and trap to community NETMAN, Time last sent is Apr 29 10:11:01 2013 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 321 0 fragments and 0 jabbers, 0 CRC alignment errors and 0 collisions, # of dropped packet events is 0 Network utilization is estimated at 0 SMIS# show rmon alarms RMON is enabled Alarm 1 is active, owned by smicro1 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 322 0 CRC alignment errors and 0 collisions. # of packets received of length (in octets): 64: 0, 65-127: 0, 128-255: 0, 256-511: 0, 512-1023: 0, 1024-1518: 0 Alarm 1 is active, owned by smicro1 Monitors 1.3.6.1.6.3.16.1.2.1.4.1.4.110.111.110.101 every 2 second(s) Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 323 0 fragments and 0 jabbers, 0 CRC alignment errors and 0 collisions, # of dropped packet events is 0 Network utilization is estimated at 0 Sample 5 began measuring at Apr 29 10:14:52 2013 Received 0 octets, 0 packets, Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 324: Configuring Port Rate Limit
1 owner monitor rmon collection history 1 buckets 2 interval 20 exit 12.2.5 Configuring Port Rate Limit Rate limit is disabled by default in Supermicro switches. Follow the below steps to enable the port rate limit. Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 325 Displays the rate limit configuration on rate-limit an interface The “no rate-limit output” command disablesthe ratelimit on a particular interface. The example below shows the commands used to configure the rate limit. SMIS# configure terminal Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 326: Configuring Hol Blocking Prevention
Rate Limit : 500000 Kbps Burst Size : 4800 Kbps 12.2.6 Configuring HOL Blocking Prevention HOL is enabled by default in Supermicro switches. Follow the steps below to disable HOL blocking. Step Command Description Step 1 configure terminal Enters the configuration mode...
Page 327 Pause Frames Undersize Frames Oversize Frames CRC Error Frames Discarded Packets Error Packets Unknown Protocol Transmission Counters Octets Unicast Packets Non-Unicast Packets Pause Frames Discarded Packets Error Packets Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 328: Security
SSL –Secure Socket Layer (SSL) provides server authentication, encryption and message integrity as well as HTTP client authentication. 13.1 Login Authentication Mode Supermicro switches allow configuration of the user login authentication mechanism. Follow the steps below to configure Login Authentication Mechanism. Step Command Description...
Page 329: Radius
Along with ACCEPT or REJECT packets, service options (Telnet, SSH, rlogin, or privileged EXEC services) and connection parameters like user timeouts are sent by RADIUS server. Defaults – RADIUS Parameter Default Value Server None Timeout 3 seconds Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 330: Radius Server
Re-transmit None 13.2.1 RADIUS Server Supermicro switches function as a RADIUS client. The RADIUS server to be contacted for authentication can be configured in the switch. Follow the steps below to configure RADIUSserver Parameters. Step Command Description Step 1 configure terminal...
Page 331: Tacacs
TCP. Defaults – TACACS Parameter Default Value TACACS server None TACACS server re-tries TACACS TCP port TACACS Authentication Mode TACACS Authorization status Diabled Privilege Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 332: Tacacs Server
13.3.1 TACACS Server Supermicro switches allow configuration of multiple TACACS servers. One of these servers provides the authentication support. Follow the steps below to configure TACACS server. Step Command Description Step 1 configure terminal Enters the configuration mode Step 2 tacacs-server host <ip-address>...
Page 333: Tacacs Re-Tries
Connection failures : 0 13.3.2 TACACS Re-tries Supermicro switches retry transmission of messages to the TACACS server, if there is no response from the server. This retry count can be configured by user. Follow the steps below to configure TACACS server re-tries.
Page 334: Tacacs Use-Server
SMIS(config)# end 13.3.3 TACACS use-server Supermicro switches provide option to configure multiple TACACS servers. User can specify one of these available servers to be used at a time. Follow the steps below to configure TACACS server to be used. Step Command...
Page 335: Tacacs Login Authentication Mode
Connection failures : 0 13.3.4 TACACS Login Authentication Mode Supermicro switches provide an option to configure TACACS login authentication mode. Users can specify one of the mode PAP or CHAP . In TACACS+ mode, authentication request is sent to the configured TACACS+ server. The user name and passwords are authenticated using TACACS+ server.
Page 336 Authen. Fails rcvd. Authen. Get User rcvd. : 0 Authen. Get Pass rcvd. : 0 Authen. Sess. timeouts : 0 Author. Requests sent Author. Pass Add rcvd. : 0 Author. Pass Repl rcvd : 0 Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 337 Acct. start reqs. sent Acct. WD reqs. sent Acct. Stop reqs. sent Acct. Success rcvd. : 0 Acct. Errors rcvd. Acct. Follows rcvd. Acct. Sess. timeouts Malformed Pkts. rcvd. : 0 Socket failures Connection failures Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide...
Page 338: Tacacs Authorization Status
13.3.5 TACACS Authorization Status Supermicro switches provide an option to configure TACACS authorization status. Users can specify one of the option Enable or Disable. If authorization status is enabled, during TACACS+ authentication switch will also send out the authorization request to TACACS+ server. The authorization requests are used to get privilege levels for TACACS+ users.
Page 339: Tacacs Privilege
Description Comments The privilege configured in TACACS+ server should This is an umbrella requirement be used while logging in to Supermicro switch to cover the functionality. using TACACS+ authentication. There are many types of service used by different vendors on the market. For Supermicro switches the supported service type is ‘config’.
Page 340: Ssh
Web login. The new authorization status configuration (Req. 2) should be saved and restored. 13.4 Supermicro switches act as a SSH client and support both SSH version 1 and SSH version 2. Parameter Default Value SSH status...
Page 341 Step 1 configure terminal Enters the configuration mode versioncompatibility- Specify whether Step 2 ip ssh {version compatibility | cipher ([des-cbc] [3des-cbc]) | auth ([hmac-md5] [hmac-sha1]) | switch should process both version 1 port <(1024-65535)>} and version 2 SSL messages. cipher – Specify the encryption algorithm.
Page 342: Ssl
SMIS(config)# end SMIS# show ip ssh Version Cipher Algorithm : 3DES-CBC Authentication : HMAC-MD5 Trace Level : None 13.5 SSL provides server authentication, encryption, and message integrity, as well asHTTP client authentication, to allow secure HTTP communications.To use this feature, thecryptographic (encrypted) software image must be installed on the switch.
Page 343: Certificate Signing Request (Csr)
(CA).Certificate authorities (CAs) manage certificate requests and issue certificates to participating network devices. These services provide centralized security key and certificate management for the participating devices. CA servers are called as trustpoints, e.g. thawte.com. Supermicro switches c reate a Certificate Signing Request (CSR) using RSA key pair and Switch Identification.
Page 344 SMIS# show ssl server-cert Certificate: Data: Version: 1 (0x0) Serial Number: 10 (0xa) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, ST=CA, L=SanJose, O=Supermicro, OU=Switch, CN=Switch/Email =support@supermicro.com Validity Not Before: Aug 11 22:18:10 2011 GMT Not After : Sep 10 22:18:10 2011 GMT Subject: CN=SMIS...
Page 345: Ssl Certificate
Identification information. E.g. When you request an SSL certificate, a third party (such as Thawte) verifies your organization’s information and issues a unique certificate to you with that information. SSL Certificate can be configured in Supermicro switches. The certificate should be specified in PEM format.
Page 346 Step 5 ssl server-cert Open the generate certificate file cert.pem. Delete first line (---BEGIN CERTIFICATE ---) and last line (----END CERTIFICATE--). Join all the remaining lines as single line to avoid line breaks processed. Copy paste these joined texts in “Enter Certificate”...
Page 347: Lldp
14 LLDP LLDP is a neighbor discovery protocol that is used for network devices to advertise information about themselves to other devices on the network. This protocol runs over the data-link layer, which allows two systems running different network layer protocols to learn about each other. Devices in a LAN maintain operations-related configuration information in management information bases (MIBs).
Page 348: Enablinglldp
14.1.2 Configuring LLDP Parameters Once LLDP is enabled globally, it is enabled on all supported interfaces by default. Supermicro switches provide a user configuration to place an interface in only send or only receive mode. Other LLDP parameters that can be configured in Supermicro switches are Notification type, Chassis-ID Sub-type and Port-ID Sub-type.
Page 349 interface-type – may be any of the following: fx-ethernet – fx cx-ethernet – cx port-channel – po interface-id is in slot/port format for all physical interfaces. To configure multiple interfaces, use the “interface range …” command. To provide a range use a hyphen (-) between the start and end interface numbers.
Page 350 The default value for port-id-subtype is if-name. Note: The if-alias option can be used only for the interfaces which havevalid description configured. Step 6 Exit Exitsinterface configuration mode. Step 7 lldp chassis-id-subtype { chassis-comp (Optional) <string(255)> | if-alias | port-comp <string(255)> | Configures LLDPchassis IDsubtype and mac-addr | nw-addr | if-name | local <string(255)>...
Page 351 14.1.2.1 Configuring LLDP TLV Supermicro switches provide support for user configuration of LLDP TLV’s. The TLV types supported by Supermicro switches are: Basic TLV, DOT1 TLV and DOT3 TLV. The figure below displays the TLV types and Basic TLV DOT1 TLV DOT3 TLV •...
Page 352 Basic TLV - •Chassis ID - Sender MAC address •Port ID TLV - Sender Port number Mandatory •TTL - Time to Live •End of LLDP PDU •Port Description Basic TLV - •System Name •System Description Optional •System Capabilities •Management Address •Port VLAN ID DOT1 TLV •Port Protocol VLAN ID...
Page 353 ranges, separate with a comma (,). E.g.: int range fx 0/1-10, fx 0/20 If multiple interfaces are provided, the next step will perform the particular configuration on all these interfaces. Step 3 lldptlv-select basic-tlv { [port-descr] [sys-name] (Optional) [sys-descr] [sys-capab] [mgmt-addr {all | ipv4 Enables the basic TLV transmission on a <ucast_addr>...
Page 354: Configuring Lldp Timers
The message transmit interval is the period between transmission of the periodic LLDP advertisements.The default message transmit interval is 30 seconds. Supermicro switches allow for user configuration of the message transmit interval. Follow the below steps to change the message transmit interval.
Page 355 The TTL is calculated as:the minimum of ((Transmission Interval * Holdtime Multiplier), or 65536) The default holdtime multiplier is 4 seconds. The default TTL is: 4*30 = 120 seconds. Supermicro switches allow for the user configuration of the message transmit holdtimemultiplier. Follow the steps below to change the message transmit holdtimemultiplier.
Page 356 Transmit Delay. The transmit delay helps prevent unnecessary LLDP transmissions when rapid changes occur in local LLDP MIB objects. Supermicro switches allow for user configuration of the message transmit delay. Follow the steps below to change the message transmit delay...
Page 357: Lldpconfiguration
14.1.4 LLDPConfiguration The example below shows the commands used to configure LLDP by connecting two switches: Switch A and Switch B. Fx 0/21 Fx 0/22 Switch A Switch B Figure LLDP-3: LLDP Configuration Example Switch A SMIS# configure terminal SMIS(config)# set lldp enable SMIS(config)# end SMIS# show lldp LLDP is enabled...
Page 358 Chassis ID Local Intf Hold-time Capability Port Id ---------- ---------- --------- ---------- ------- 00:30:48:e3:70:bc Fx0/21 Fx0/22 Total Entries Displayed : 1 SMIS(config)# lldp chassis-id-subtype if-name SMIS(config)# lldpholdtime-multiplier 7 SMIS(config)# lldp notification-interval 100 SMIS(config)# lldpreinitialization-delay 5 SMIS(config)# lldpreinitialization-delay 9 SMIS(config)# lldpreinitialization-delay 10 SMIS(config)# lldp transmit-interval 100 SMIS(config)# lldp transmit-interval 10 SMIS(config)# end...
Page 359 LLDP is enabled Transmit Interval : 10 Holdtime Multiplier Reinitialization Delay : 10 Tx Delay Notification Interval : 100 Chassis Id SubType : Interface Name Chassis Id : eth0 SMIS# show lldp neighbors Capability Codes : (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device, (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other Chassis ID Local Intf Hold-time Capability...
Page 360 Total TLVs Discarded SMIS# show lldp interface Fx 0/21 Fx0/21: Tx State : Enabled Rx State : Enabled Tx SEM State : IDLE Rx SEM State : WAIT FOR FRAME Notification Status : Enabled Notification Type : Remote Table Change SMIS# show lld statistics Remote Table Last Change Time : 217700 Remote Table Inserts...
Page 361 10base-T(FD) 100base-TX(HD) 100base-TX(FD) Asym and SymmPAUSE(FD) 1000base-T(FD) Operational MAU Type : 30 -Link Aggregation Capability & Status : Not Capable, Not In Aggregation Aggregated Port Id : 21 -Maximum Frame Size : 1500 Extended 802.1 TLV Info -Port VLAN Id -Port &...
Page 362 vlan 1 ports fx 0/1-24 untagged ports cx 0/1-3 untagged name vlan1 exit setlldp enable lldp transmit-interval 10 lldpholdtime-multiplier 7 lldpreinitialization-delay 10 lldp notification-interval 100 lldp chassis-id-subtype if-name interface Fx 0/21 lldp notification remote-table-chg lldptlv-select basic-tlv port-descrmgmt-addr all lldptlv-select dot3tlv macphy-config lldptlv-select dot1tlv vlan-name 1 exit Switch B...
Page 363 Tx Delay Notification Interval : 5 Chassis Id SubType : Mac Address Chassis Id : 00:30:48:e3:70:bc SMIS# show lldp neighbors Capability Codes : (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device, (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other Chassis ID Local Intf Hold-time Capability Port Id...
Page 364 Total Frames Received In Error : 0 Total Frames Discarded Total TLVS Unrecognized Total TLVs Discarded SMIS(config)# show lldp errors Total Memory Allocation Failures : 0 Total Input Queue Overflows Total Table Overflows SMIS(config)# show lldp interface Fx 0/22 Fx0/22: Tx State : Enabled Rx State...
Page 365 10base-T(FD) 100base-TX(HD) 100base-TX(FD) Asym and SymmPAUSE(FD) 1000base-T(FD) Operational MAU Type : 30 -Link Aggregation Capability & Status : Not Capable, Not In Aggregation Aggregated Port Id : 22 -Maximum Frame Size : 1500 Extended 802.1 TLV Info -Port VLAN Id -Port &...
Page 366 ports fx 0/1-24 untagged ports cx 0/1-3 untagged exit setlldp enable 366 |341...

This manual is also suitable for:

Sse-f3548sr

Supermicro SSE-F3548S User Manual

1 Introduction

2 System Configuration

3 Vlan

4 Link Aggregation

5 Mlag

6 Spanning Tree

7 IGMP Snooping

8 Acl

9 Qos

10 Port Mirroring

11 Snmp

12 Rmon

13 Security

14 Lldp

Quick Links

Need help?

Questions and answers

Related Manuals for Supermicro SSE-F3548S

Summary of Contents for Supermicro SSE-F3548S