Blade Network Technologies RACKSWITCH G8124 Application Manual
  1. Manuals
  2. Brands
  3. Blade Network Technologies Manuals
  4. Switch
  5. BLADEOS RackSwitch G8124
  6. Application manual

Blade Network Technologies RACKSWITCH G8124 Application Manual

Bladeos 6.5
Hide thumbs Also See for RACKSWITCH G8124:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual, Quick Manual
BLADEOS
6.5
Application Guide
RackSwitch
G8124/G8124-E
Part Number: BMD00220, October 2010
2051 Mission College Blvd.
Santa Clara, CA 95054
www.bladenetwork.net

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the RACKSWITCH G8124 and is the answer not in the manual?

Questions and answers

Related Manuals for Blade Network Technologies RACKSWITCH G8124

Summary of Contents for Blade Network Technologies RACKSWITCH G8124

  • Page 1 ™ BLADEOS Application Guide ™ RackSwitch G8124/G8124-E Part Number: BMD00220, October 2010 2051 Mission College Blvd. Santa Clara, CA 95054 www.bladenetwork.net...

  • Page 2: Mstp Configuration Example

    BLADEOS 6.5.2 Application Guide Copyright © 2010 BLADE Network Technologies, Inc., 2051 Mission College Blvd., Santa Clara, California, 95054, USA. All rights reserved. Part Number: BMD00220. This document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation.

  • Page 3: Table Of Contents

    Contents Preface Who Should Use This Guide What You’ll Find in This Guide Additional References Typographic Conventions How to Get Help Part 1: Getting Started Chapter 1: Switch Administration Administration Interfaces Command Line Interface Browser-Based Interface Establishing a Connection Using the Switch Management Ports Using the Switch Data Ports Using Telnet Using Secure Shell...
  • Page 4 BLADEOS 6.5.2 Application Guide Chapter 2: Initial Setup Information Needed for Setup Default Setup Options Stopping and Restarting Setup Manually Setup Part 1: Basic System Configuration Setup Part 2: Port Configuration Setup Part 3: VLANs Setup Part 4: IP Configuration IP Interfaces Default Gateways IP Routing...
  • Page 5 Chapter 4: Authentication & Authorization Protocols RADIUS Authentication and Authorization How RADIUS Authentication Works Configuring RADIUS on the Switch RADIUS Authentication Features in BLADEOS Switch User Accounts RADIUS Attributes for BLADEOS User Privileges TACACS+ Authentication How TACACS+ Authentication Works TACACS+ Authentication Features in BLADEOS Authorization Accounting Command Authorization and Logging...
  • Page 6 BLADEOS 6.5.2 Application Guide Part 3: Switch Basics Chapter 6: VLANs VLANs Overview VLANs and Port VLAN ID Numbers VLAN Numbers PVID Numbers VLAN Tagging VLAN Topologies and Design Considerations VLAN Configuration Rules Multiple VLANs with Tagging Adapters VLAN Configuration Example Private VLANs Private VLAN Ports Configuration Guidelines...
  • Page 7 Per-VLAN Spanning Tree Groups Using Multiple STGs to Eliminate False Loops STP/PVST+ Defaults and Guidelines Adding a VLAN to a Spanning Tree Group Creating a VLAN Rules for VLAN Tagged Ports Adding and Removing Ports from STGs Switch-Centric Configuration Configuring Multiple STGs Rapid Spanning Tree Protocol Port State Changes RSTP Configuration Guidelines...
  • Page 8 BLADEOS 6.5.2 Application Guide Part 4: Advanced Switching Features Chapter 10: Deployment Profiles Available Profiles Selecting Profiles Automatic Configuration Changes Chapter 11: Virtualization Chapter 12: Virtual NICs Defining Server Ports Enabling the vNIC Feature vNIC IDs vNIC IDs on the Switch vNIC Interface Names on the Server vNIC Bandwidth Metering vNIC Groups...
  • Page 9 VLAN Maps VM Policy Bandwidth Control VM Policy Bandwidth Control Commands Bandwidth Policies vs. Bandwidth Shaping VMready Information Displays VMready Configuration Example Chapter 14: FCoE and CEE Fibre Channel over Ethernet The FCoE Topology FCoE Requirements Converged Enhanced Ethernet Turning CEE On or Off Effects on Link Layer Discovery Protocol Effects on 802.1p Quality of Service Effects on Flow Control...
  • Page 10 BLADEOS 6.5.2 Application Guide Part 5: IP Routing Chapter 15: Basic IP Routing IP Routing Benefits Routing Between IP Subnets Example of Subnet Routing Using VLANs to Segregate Broadcast Domains Configuration Example ECMP Static Routes OSPF Integration ECMP Route Hashing Configuring ECMP Static Routes Dynamic Host Configuration Protocol Chapter 16: Internet Protocol Version 6...
  • Page 11 Chapter 18: Internet Group Management Protocol IGMP Snooping IGMP Groups FastLeave IGMPv3 Snooping IGMP Snooping Configuration Example Static Multicast Router IGMP Querier IGMP Filtering Chapter 19: Border Gateway Protocol Internal Routing Versus External Routing Forming BGP Peer Routers What is a Route Map? Incoming and Outgoing Route Maps Precedence Configuration Overview...
  • Page 12 BLADEOS 6.5.2 Application Guide Interface Cost Electing the Designated Router and Backup Summarizing Routes Default Routes Virtual Links Router ID Authentication Configuring Plain Text OSPF Passwords Configuring MD5 Authentication Host Routes for Load Balancing OSPF Features Not Supported in This Release OSPFv2 Configuration Examples Example 1: Simple OSPF Domain Example 2: Virtual Links...
  • Page 13 Part 6: High Availability Fundamentals Chapter 22: Basic Redundancy Trunking for Link Redundancy Hot Links Forward Delay Preemption FDB Update Configuration Guidelines Configuring Hot Links Active MultiPath Protocol Health Checks FDB Flush Configuration Guidelines Configuration Example Chapter 23: Layer 2 Failover Monitoring Trunk Links Setting the Failover Limit Manually Monitoring Port Links...
  • Page 14 BLADEOS 6.5.2 Application Guide Part 7: Network Management Chapter 25: Link Layer Discovery Protocol LLDP Overview Enabling or Disabling LLDP Global LLDP Setting Transmit and Receive Control LLDP Transmit Features Scheduled Interval Minimum Interval Time-to-Live for Transmitted Information Trap Notifications Changing the LLDP Transmit State Types of Information Transmitted LLDP Receive Features...
  • Page 15 Part 8: Monitoring Chapter 27: Remote Monitoring RMON Overview RMON Group 1—Statistics RMON Group 2—History History MIB Object ID Configuring RMON History RMON Group 3—Alarms Alarm MIB objects Configuring RMON Alarms RMON Group 9—Events Chapter 28: sFLOW sFlow Statistical Counters sFlow Network Sampling sFlow Example Configuration Chapter 29: Port Mirroring...
  • Page 16 BLADEOS 6.5.2 Application Guide Contents BMD00220, October 2010...

  • Page 17: Preface

    Preface The BLADEOS 6.5.2 Application Guide describes how to configure and use the BLADEOS 6.5 software on the RackSwitch G8124/G8124-E (collectively referred to as G8124 throughout this document). For documentation on installing the switch physically, see the Installation Guide for your G8124.
  • Page 18 BLADEOS 6.5.2 Application Guide Part 2: Securing the Switch Chapter 3, “Securing Administration,” administration connections, and configuring end-user access control. Chapter 4, “Authentication & Authorization Protocols,” administration for remote administrators. This includes using Remote Authentication Dial-in User Service (RADIUS), as well as TACACS+ and LDAP. Chapter 5, “Access Control Lists,”...
  • Page 19 Part 5: IP Routing Chapter 15, “Basic IP Routing,” subnets, BOOTP, and DHCP Relay. Chapter 16, “Internet Protocol Version 6,” management. Chapter 17, “Routing Information Protocol,” implements standard Routing Information Protocol (RIP) for exchanging TCP/IP route information with other routers. Chapter 18, “Internet Group Management Protocol,”...

  • Page 20: Additional References

    Part 9: Appendices Appendix A, Additional References Additional information about installing and configuring the G8124 is available in the following guides: RackSwitch G8124 Installation Guide BLADEOS 6.5 Command Reference BLADEOS 6.5 ISCLI Reference Guide BLADEOS 6.5 BBI Quick Guide Preface describes how to configure the RMON agent on the switch, “sFLOW, described how to use the embedded sFlow agent for sampling network...

  • Page 21: Typographic Conventions

    Typographic Conventions The following table describes the typographic styles used in this book. Table 1 Typeface or Symbol ABC123 ABC123 <ABC123> AaBbCc123 This block type depicts menus, buttons, and BMD00220, October 2010 Typographic Conventions Meaning This type is used for names of commands, files, and directories used within the text.

  • Page 22: How To Get Help

    BLADEOS 6.5.2 Application Guide How to Get Help If you need help, service, or technical assistance, call BLADE Network Technologies Technical Support: US toll free calls: 1-800-414-5268 International calls: 1-408-834-7871 You also can visit our web site at the following address: http://www.bladenetwork.net Click the Support tab.

  • Page 23: Part 1: Getting Started

    Part 1: Getting Started BMD00220, October 2010...
  • Page 24 BLADEOS 6.5.2 Application Guide Part 1: Getting Started BMD00220, October 2010...

  • Page 25: Chapter 1: Switch Administration

    HAPTER Switch Administration Your RackSwitch G8124 (G8124) is ready to perform basic switching functions right out of the box. Some of the more advanced features, however, require some administrative configuration before they can be used effectively. The extensive BLADEOS switching software included in the G8124 provides a variety of options for accessing the switch to perform configuration, and to view switch information and statistics.

  • Page 26: Command Line Interface

    BLADEOS 6.5.2 Application Guide Command Line Interface The BLADEOS Command Line Interface (CLI) provides a simple, direct method for switch administration. Using a basic terminal, you are presented with an organized hierarchy of menus, each with logically-related sub-menus and commands. These allow you to view detailed information and statistics about the switch, and to perform any necessary configuration and switch software maintenance.

  • Page 27: Establishing A Connection

    Establishing a Connection The factory default settings permit initial switch administration through only the built-in serial port. All other forms of access require additional switch configuration before they can be used. Remote access using the network requires the accessing terminal to have a valid, routable connection to the switch interface.
  • Page 28 BLADEOS 6.5.2 Application Guide Configure a management IP address. The switch reserves four management interfaces: Using IPv4: RS G8124(config)# interface ip [127|128] RS G8124(config-ip-if)# ip address <management interface IPv4 address> RS G8124(config-ip-if)# ip netmask <IPv4 subnet mask> RS G8124(config-ip-if)# enable RS G8124(config-ip-if)# exit IF 127 supports IPv4 management port A and uses IPv4 default gateway 3.

  • Page 29: Using The Switch Data Ports

    Using the Switch Data Ports You also can configure in-band management through any of the switch data ports. To allow in-band management, use the following procedure: Log on to the switch. Enter IP interface mode. RS G8124> enable RS G8124# configure terminal RS G8124(config)# interface ip <IP interface number>...

  • Page 30: Using Telnet

    BLADEOS 6.5.2 Application Guide Note – IPv4 gateway 1 and 2, and IPv6 gateway 1, are used for in-band data networks. IPv4 and IPv6 gateways 3 and 4 are reserved for out-of-band management ports (see Management Ports” on page Once you configure the IP address and you have an existing network connection, you can use the Telnet program from an external management station to access and control the switch.

  • Page 31: Using Secure Shell

    Using Secure Shell Although a remote network administrator can manage the configuration of a G8124 via Telnet, this method does not provide a secure connection. The Secure Shell (SSH) protocol enables you to securely log into another device over a network to execute commands remotely. As a secure alternative to using Telnet to manage switch configuration, SSH ensures that all data sent over the network is encrypted and secure.

  • Page 32: Using A Web Browser

    BLADEOS 6.5.2 Application Guide Using a Web Browser The switch provides a Browser-Based Interface (BBI) for accessing the common configuration, management and operation features of the G8124 through your Web browser. By default, BBI access via HTTP is enabled on the switch. You can also access the BBI directly from an open Web browser window.
  • Page 33 Generate the HTTPS certificate. Accessing the BBI via HTTPS requires that you generate a certificate to be used during the key exchange. A default certificate is created the first time HTTPS is enabled, but you can create a new certificate defining the information you want to be used in the various fields. RS G8124(config)# access https generate-certificate Country Name (2 letter code) []: State or Province Name (full name) []:...

  • Page 34: Bbi Summary

    BLADEOS 6.5.2 Application Guide BBI Summary The BBI is organized at a high level as follows: Context buttons—These buttons allow you to select the type of action you wish to perform. The Configuration button provides access to the configuration elements for the entire switch. The Statistics button provides access to the switch statistics and state information.

  • Page 35: Using Simple Network Management Protocol

    Using Simple Network Management Protocol BLADEOS provides Simple Network Management Protocol (SNMP) version 1, version 2, and version 3 support for access through any network management software, such as IBM Director or HP-OpenView. Note – SNMP read and write functions are enabled by default. For best security practices, if SNMP is not needed for your network, it is recommended that you disable these functions prior to connecting the switch to the network.

  • Page 36: Bootp/Dhcp Client Ip Address Services

    BLADEOS 6.5.2 Application Guide BOOTP/DHCP Client IP Address Services For remote switch administration, the client terminal device must have a valid IP address on the same network as a switch interface. The IP address on the client device may be configured manually, or obtained automatically using IPv6 stateless address configuration, or an IPv4 address may obtained automatically via BOOTP or DHCP relay as discussed below.

  • Page 37: Global Bootp Relay Agent Configuration

    Global BOOTP Relay Agent Configuration To enable the G8124 to be a BOOTP (or DHCP) forwarder, enable the BOOTP relay feature, configure up to four global BOOTP server IPv4 addresses on the switch, and enable BOOTP relay on the interface(s) on which the client requests are expected. Generally, you should configure BOOTP for the switch IP interface that is closest to the client, so that the BOOTP server knows from which IPv4 subnet the newly allocated IPv4 address should come.

  • Page 38: Switch Login Levels

    BLADEOS 6.5.2 Application Guide Switch Login Levels To enable better switch management and user accountability, three levels or classes of user access have been implemented on the G8124. Levels of access to CLI, Web management functions, and screens increase as needed to perform various switch management tasks. Conceptually, access classes are defined as follows: User interaction with the switch is completely passive—nothing can be changed on the G8124.

  • Page 39: Setup Vs. The Command Line

    BLADEOS 6.5.2 Application Guide Setup vs. the Command Line Once the administrator password is verified, you are given complete access to the switch. If the switch is still set to its factory default configuration, the system will ask whether you wish to run Setup (see “Initial Setup”...
  • Page 40 BLADEOS 6.5.2 Application Guide Chapter 1: Switch Administration BMD00220, October 2010...

  • Page 41: Chapter 2: Initial Setup

    HAPTER Initial Setup To help with the initial process of configuring your switch, the BLADEOS software includes a Setup utility. The Setup utility prompts you step-by-step to enter all the necessary information for basic configuration of the switch. Whenever you log in as the system administrator under the factory default configuration, you are asked whether you wish to run the Setup utility.

  • Page 42: Default Setup Options

    Enter Password: Enter admin as the default administrator password. If the factory default configuration is detected, the system prompts: RackSwitch G8124 18:44:05 Wed Jan 3, 2009 The switch is booted with factory default configuration. To ease the configuration of the switch, a "Set Up" facility which will prompt you with those configuration items that are essential to the operation of the switch is provided.

  • Page 43: Setup Part 1: Basic System Configuration

    Setup Part 1: Basic System Configuration When Setup is started, the system prompts: "Set Up" will walk you through the configuration of System Date and Time, Spanning Tree, Port Speed/Mode, VLANs, and IP interfaces. [type Ctrl-C to abort "Set Up"] Enter y if you will be configuring VLANs.

  • Page 44: Setup Part 2: Port Configuration

    BLADEOS 6.5.2 Application Guide Enter the minute of the current time at the prompt: Enter minutes [55]: Enter the minute as a number from 00 to 59. To keep the current minute, press <Enter>. Enter the seconds of the current time at the prompt: Enter seconds [37]: Enter the seconds as a number from 00 to 59.
  • Page 45 Configure Gigabit Ethernet port flow parameters. The system prompts: Gig Link Configuration: Port Flow Control: Current Port EXT1 flow control setting: Enter new value ["rx"/"tx"/"both"/"none"]: Enter rx to enable receive flow control, tx for transmit flow control, both to enable both, or none to turn flow control off for the port.

  • Page 46: Setup Part 3: Vlans

    BLADEOS 6.5.2 Application Guide Setup Part 3: VLANs If you chose to skip VLANs configuration back in Part 2, skip to on page Select the VLAN to configure, or skip VLAN configuration at the prompt: VLAN Config: Enter VLAN number from 2 to 4094, NULL at end: If you wish to change settings for individual VLANs, enter the number of the VLAN you wish to configure.

  • Page 47: Setup Part 4: Ip Configuration

    IP interfaces are used for defining the networks to which the switch belongs. Up to 128 IP interfaces can be configured on the RackSwitch G8124 (G8124). The IP address assigned to each IP interface provides the switch with an IP presence on your network. No two IP interfaces can be on the same IP network.
  • Page 48 BLADEOS 6.5.2 Application Guide If configuring VLANs, specify a VLAN for the interface. This prompt appears if you selected to configure VLANs back in Part 1: Current VLAN: Enter new VLAN [1-4094]: Enter the number for the VLAN to which the interface belongs, or press <Enter> without specifying a VLAN number to accept the current setting.

  • Page 49: Default Gateways

    Default Gateways At the prompt, select an IP default gateway for configuration, or skip default gateway configuration: IP default gateways: Enter default gateway number: (1-4) Enter the number for the IP default gateway to be configured. To skip default gateway configuration, press <Enter>...

  • Page 50: Setup Part 5: Final Steps

    BLADEOS 6.5.2 Application Guide Setup Part 5: Final Steps When prompted, decide whether to restart Setup or continue: Would you like to run from top again? [y/n] Enter y to restart the Setup utility from the beginning, or n to continue. When prompted, decide whether you wish to review the configuration changes: Review the changes made? [y/n] Enter y to review the changes made during this session of the Setup utility.

  • Page 51: Optional Setup For Telnet Support

    Optional Setup for Telnet Support Note – This step is optional. Perform this procedure only if you are planning on connecting to the G8124 through a remote Telnet connection. Telnet is enabled by default. To change the setting, use the following command: >>...
  • Page 52 BLADEOS 6.5.2 Application Guide Chapter 2: Initial Setup BMD00220, October 2010...

  • Page 53: Part 2: Securing The Switch

    Part 2: Securing the Switch BMD00220, October 2010...
  • Page 54 BLADEOS 6.5.2 Application Guide Part 2: Securing the Switch BMD00220, October 2010...

  • Page 55: Chapter 3: Securing Administration

    HAPTER Securing Administration Secure switch management is needed for environments that perform significant management functions across the Internet. Common functions for secured management are described in the following sections: “Secure Shell and Secure Copy” on page 55 “End User Access Control” on page 62 Note –...

  • Page 56: Configuring Ssh/Scp Features On The Switch

    BLADEOS 6.5.2 Application Guide Although SSH and SCP are disabled by default, enabling and using these features provides the following benefits: Identifying the administrator using Name/Password Authentication of remote administrators Authorization of remote administrators Determining the permitted actions and customizing service for individual administrators Encryption of management messages Encrypting messages between the remote administrator and switch Secure copy support...

  • Page 57: Configuring The Scp Administrator Password

    Configuring the SCP Administrator Password To configure the SCP-only administrator password, enter the following command (the default password is admin): RS G8124(config)# [no] ssh scp-password Changing SCP-only Administrator password; validation required... Enter current administrator password: <password> Enter new SCP-only administrator password: <new password> Re-enter new SCP-only administrator password: <new password>...

  • Page 58: To Load A Switch Configuration File From The Scp Host

    BLADEOS 6.5.2 Application Guide To Load a Switch Configuration File from the SCP Host Syntax: >> scp [-4|-6] <local filename> <username>@<switch IP address>:putcfg Example: >> scp ad4.cfg scpadmin@205.178.15.157:putcfg To Apply and Save the Configuration When loading a configuration file to the switch, the apply and save commands are still required, in order for the configuration commands to take effect.

  • Page 59: To Copy The Switch Image And Boot Files To The Scp Host

    To Copy the Switch Image and Boot Files to the SCP Host Syntax: >> scp [-4|-6] <username>@<switch IP address>:getimg1 <local filename> >> scp [-4|-6] <username>@<switch IP address>:getimg2 <local filename> >> scp [-4|-6] <username>@<switch IP address>:getboot <local filename> Example: >> scp scpadmin@205.178.15.157:getimg1 6.1.0_os.img To Load Switch Configuration Files from the SCP Host Syntax: >>...

  • Page 60: Generating Rsa Host And Server Keys For Ssh Access

    BLADEOS 6.5.2 Application Guide Generating RSA Host and Server Keys for SSH Access To support the SSH server feature, two sets of RSA keys (host and server keys) are required. The host key is 1024 bits and is used to identify the G8124. The server key is 768 bits and is used to make it impossible to decipher a captured session by breaking into the G8124 at a later time.

  • Page 61: Ssh/Scp Integration With Tacacs+ Authentication

    SSH/SCP Integration with TACACS+ Authentication SSH/SCP is integrated with TACACS+ authentication. After the TACACS+ server is enabled on the switch, all subsequent SSH authentication requests will be redirected to the specified TACACS+ servers for authentication. The redirection is transparent to the SSH clients. SecurID Support SSH/SCP can also work with SecurID, a token card-based authentication method.

  • Page 62: End User Access Control

    BLADEOS 6.5.2 Application Guide End User Access Control BLADEOS allows an administrator to define end user accounts that permit end users to perform operation tasks via the switch CLI commands. Once end user accounts are configured and enabled, the switch requires username/password authentication. For example, an administrator can assign a user, who can then log into the switch and perform operational commands (effective only until the next switch reboot).

  • Page 63: User Access Control

    The administrator can choose the number of days allowed before each password expires. When a strong password expires, the user is allowed to log in one last time (last time) to change the password. A warning provides advance notice for users to change the password. Use the Strong Password commands to configure Strong Passwords.

  • Page 64: Listing Current Users

    BLADEOS 6.5.2 Application Guide Listing Current Users The following command displays defined user accounts and whether or not each user is currently logged into the switch. RS G8124# show access user Usernames: user oper admin Current User ID table: 1: name jane 2: name john Logging into an End User Account Once an end user account is configured and enabled, the user can login to the switch using the...

  • Page 65: Chapter 4: Authentication & Authorization Protocols

    HAPTER Authentication & Authorization Protocols Secure switch management is needed for environments that perform significant management functions across the Internet. The following are some of the functions for secured IPv4 management and device access: “RADIUS Authentication and Authorization” on page 65 “TACACS+ Authentication”...

  • Page 66: How Radius Authentication Works

    BLADEOS 6.5.2 Application Guide How RADIUS Authentication Works Remote administrator connects to the switch and provides user name and password. Using Authentication/Authorization protocol, the switch sends request to authentication server. Authentication server checks the request against the user ID database. Using RADIUS protocol, the authentication server instructs the switch to grant or deny administrative access.

  • Page 67: Radius Authentication Features In Bladeos

    RADIUS Authentication Features in BLADEOS BLADEOS supports the following RADIUS authentication features: Supports RADIUS client on the switch, based on the protocol definitions in RFC 2138 and RFC 2866. Allows RADIUS secret password up to 32 bytes and less than 16 octets. Supports secondary authentication server so that when the primary authentication server is unreachable, the switch can send client authentication requests to the secondary authentication server.

  • Page 68: Switch User Accounts

    BLADEOS 6.5.2 Application Guide Switch User Accounts The user accounts listed in Table 3 User Account User Operator Administrator RADIUS Attributes for BLADEOS User Privileges When the user logs in, the switch authenticates his/her level of access by sending the RADIUS access request, that is, the client authentication request, to the RADIUS authentication server.

  • Page 69: Tacacs+ Authentication

    TACACS+ Authentication BLADEOS supports authentication and authorization with networks using the Cisco Systems TACACS+ protocol. The G8124 functions as the Network Access Server (NAS) by interacting with the remote client and initiating authentication and authorization sessions with the TACACS+ access server.

  • Page 70: Tacacs+ Authentication Features In Bladeos

    BLADEOS 6.5.2 Application Guide TACACS+ Authentication Features in BLADEOS Authentication is the action of determining the identity of a user, and is generally done when the user first attempts to log in to a device or gain access to its services. BLADEOS supports ASCII inbound login to the device.

  • Page 71: Accounting

    Accounting Accounting is the action of recording a user's activities on the device for the purposes of billing and/or security. It follows the authentication and authorization actions. If the authentication and authorization is not performed via TACACS+, there are no TACACS+ accounting messages sent out.

  • Page 72: Configuring Tacacs+ Authentication On The Switch

    BLADEOS 6.5.2 Application Guide Configuring TACACS+ Authentication on the Switch Configure the IPv4 addresses of the Primary and Secondary TACACS+ servers, and enable TACACS authentication. Specify the interface port (optional). RS G8124(config)# tacacs-server primary-host 10.10.1.1 RS G8124(config)# tacacs-server primary-host mgtb-port RS G8124(config)# tacacs-server secondary-host 10.10.1.2 RS G8124(config)# tacacs-server secondary-host data-port RS G8124(config)# tacacs-server enable...

  • Page 73: Ldap Authentication And Authorization

    LDAP Authentication and Authorization BLADEOS supports the LDAP (Lightweight Directory Access Protocol) method to authenticate and authorize remote administrators to manage the switch. LDAP is based on a client/server model. The switch acts as a client to the LDAP server. A remote user (the remote administrator) interacts only with the switch, not the back-end server and database.

  • Page 74: Configuring Ldap Authentication On The Switch

    BLADEOS 6.5.2 Application Guide Configuring LDAP Authentication on the Switch Turn LDAP authentication on, then configure the IPv4 addresses of the Primary and Secondary LDAP servers. Specify the interface port (optional). >> # ldap-server enable >> # ldap-server primary-host 10.10.1.1 mgta-port >>...

  • Page 75: Chapter 5: Access Control Lists

    HAPTER Access Control Lists Access Control Lists (ACLs) are filters that permit or deny traffic for security purposes. They can also be used with QoS to classify and segment traffic in order to provide different levels of service to different traffic types. Each filter defines the conditions that must match for inclusion in the filter, and also the actions that are performed when a match is made.

  • Page 76: Summary Of Packet Classifiers

    BLADEOS 6.5.2 Application Guide Summary of Packet Classifiers ACLs allow you to classify packets according to a variety of content in the packet header (such as the source address, destination address, source port number, destination port number, and others). Once classified, packet flows can be identified for more processing. Regular ACLs, IPv6 ACLs, and VMaps allow you to classify packets based on the following packet attributes: Ethernet header options (for regular ACLs and VMaps only)
  • Page 77 TCP/UDP header options (for all ACLs) TCP/UDP application source port as shown in Table 8 TCP/UDP Port Application ftp-data telnet smtp time name whois domain tftp gopher TCP/UDP application destination port and mask as shown in TCP/UDP flag value as shown in Table 9 Flag Packet format (for regular ACLs and VMaps only)

  • Page 78: Summary Of Acl Actions

    BLADEOS 6.5.2 Application Guide Summary of ACL Actions Once classified using ACLs, the identified packet flows can be processed differently. For each ACL, an action can be assigned. The action determines how the switch treats packets that match the classifiers assigned to the ACL. G8124 ACL actions include the following: Pass or Drop the packet Re-mark the packet with a new DiffServ Code Point (DSCP) Re-mark the 802.1p field...

  • Page 79: Acl Metering And Re-Marking

    ACL Metering and Re-Marking You can define a profile for the aggregate traffic flowing through the G8124 by configuring a QoS meter (if desired) and assigning ACLs to ports. Note – When you add ACLs to a port, make sure they are ordered correctly in terms of precedence (see “ACL Order of Precedence”...

  • Page 80: Acl Port Mirroring

    BLADEOS 6.5.2 Application Guide ACL Port Mirroring For regular ACLs and VMaps, packets that match an ACL on a specific port can be mirrored to another switch port for network diagnosis and monitoring. The source port for the mirrored packets cannot be a portchannel, but may be a member of a portchannel.

  • Page 81: Acl Configuration Examples

    ACL Configuration Examples ACL Example 1 Use this configuration to block traffic to a specific host. All traffic that ingresses on port 1 is denied if it is destined for the host at IP address 100.10.1.1 Configure an Access Control List. RS G8124(config)# access-control list 1 ipv4 destination-ip-address 100.10.1.1 RS G8124(config)# access-control list 1 action deny...

  • Page 82: Vlan Maps

    BLADEOS 6.5.2 Application Guide ACL Example 3 Use this configuration to block traffic from a specific IPv6 source address. All traffic that ingresses in port 2 with source IP from class 2001:0:0:5:0:0:0:2/128 is denied. Configure an Access Control List. RS G8124(config)# access-control list6 3 ipv6 source-address 2001:0:0:5:0:0:0:2 128 RS G8124(config)# access-control list6 3 action deny Add ACL 2 to port EXT2.
  • Page 83 VMAPs are configured using the following ISCLI configuration command path: RS G8124(config)# access-control vmap <VMAP ID> ? action ethernet ipv4 meter mirror packet-format re-mark statistics tcp-udp Once a VMAP filter is created, it can be assigned or removed using the following configuration commands: For a regular VLAN, use config-vlan mode: RS G8124(config)# vlan <VLAN ID>...

  • Page 84: Using Storm Control Filters

    BLADEOS 6.5.2 Application Guide Using Storm Control Filters The G8124 provides filters that can limit the number of the following packet types transmitted by switch ports: Broadcast packets Multicast packets Unknown unicast packets (destination lookup failure) Broadcast Storms Excessive transmission of broadcast or multicast traffic can result in a broadcast storm. A broadcast storm can overwhelm your network with constant broadcast or multicast traffic, and degrade network performance.

  • Page 85: Part 3: Switch Basics

    Part 3: Switch Basics This section discusses basic switching functions: VLANs Port Trunking Spanning Tree Protocols (Spanning Tree Groups, Rapid Spanning Tree Protocol, and Multiple Spanning Tree Protocol) Quality of Service BMD00220, October 2010...
  • Page 86 BLADEOS 6.5.2 Application Guide Part 3: Switch Basics BMD00220, October 2010...

  • Page 87: Chapter 6: Vlans

    HAPTER VLANs This chapter describes network design and topology considerations for using Virtual Local Area Networks (VLANs). VLANs commonly are used to split up groups of network users into manageable broadcast domains, to create logical segmentation of workgroups, and to enforce security policies among logical segments.

  • Page 88: Vlans Overview

    VLAN. The RackSwitch G8124 (G8124) supports jumbo frames with a Maximum Transmission Unit (MTU) of 9,216 bytes. Within each frame, 18 bytes are reserved for the Ethernet header and CRC trailer.

  • Page 89: Pvid Numbers

    PVID Numbers Each port in the switch has a configurable default VLAN number, known as its PVID. By default, the PVID for all non-management ports is set to 1, which correlates to the default VLAN ID. The PVID for each port can be configured to any VLAN number between 1 and 4094. Use the following command to view PVIDs: RS G8124# show interface information Alias Port Tag RMON Lrn Fld PVID...

  • Page 90: Vlan Tagging

    BLADEOS 6.5.2 Application Guide VLAN Tagging BLADEOS software supports 802.1Q VLAN tagging, providing standards-based VLAN support for Ethernet systems. Tagging places the VLAN identifier in the frame header of a packet, allowing each port to belong to multiple VLANs. When you add a port to multiple VLANs, you also must enable tagging on that port.
  • Page 91 Figure 1 802.1Q Switch Port 1 PVID = 1 Incoming untagged Data packet By default: All ports are assigned PVID = 1 All ports are untagged members of VLAN 1 Note – The port numbers specified in these illustrations may not directly correspond to the physical port configuration of your switch model.
  • Page 92 BLADEOS 6.5.2 Application Guide Figure 2 Untagged packet C R C Data B efore As shown in Figure which is configured as a tagged member of VLAN 2. The untagged packet remains unchanged as it leaves the switch through port 7, which is configured as an untagged member of VLAN 2. Figure 3 PVID = 2 Untagged memeber...
  • Page 93 Figure 4 Tagged packet C R C Data B efore As shown in Figure which is configured as a tagged member of VLAN 2. However, the tagged packet is stripped (untagged) as it leaves the switch through port 7, which is configured as an untagged member of VLAN 2.

  • Page 94: Vlan Topologies And Design Considerations

    BLADEOS 6.5.2 Application Guide VLAN Topologies and Design Considerations By default, the G8124 software is configured so that tagging is disabled on all ports. By default, the G8124 software is configured so that all data ports are members of VLAN 1. By default, the BLADEOS software is configured so that the management ports (MGTA and MGTB) are members of VLAN 4095 (the management VLAN).

  • Page 95: Multiple Vlans With Tagging Adapters

    Multiple VLANs with Tagging Adapters Figure 6 illustrates a network topology described in page Figure 6 Enterprise Routing Switch Server 1 VLAN 1 BMD00220, October 2010 Multiple VLANs with VLAN-Tagged Gigabit Adapters Server 2 Server 3 VLAN 1 VLAN 2 BLADEOS 6.5.2 Application Guide Note –...
  • Page 96 BLADEOS 6.5.2 Application Guide The features of this VLAN are described below: Component G8124 switch Server 1 Server 2 Server 3 Server 4 Server 5 Enterprise Routing switches Note – VLAN tagging is required only on ports that are connected to other switches or on ports that connect to tag-capable end-stations, such as servers with VLAN-tagging adapters.

  • Page 97: Vlan Configuration Example

    VLAN Configuration Example Use the following procedure to configure the example network shown in Enable VLAN tagging on server ports that support multiple VLANs. RS G8124(config)# interface port 5 RS G8124(config-if)# tagging RS G8124(config-if)# exit Enable tagging on uplink ports that support multiple VLANs. RS G8124(config)# interface port 19 RS G8124(config-if)# tagging RS G8124(config-if)# exit...

  • Page 98: Private Vlans

    BLADEOS 6.5.2 Application Guide Private VLANs Private VLANs provide Layer 2 isolation between the ports within the same broadcast domain. Private VLANs can control traffic within a VLAN domain, and provide port-based security for host servers. Use Private VLANs to partition a VLAN domain into sub-domains. Each sub-domain is comprised of one primary VLAN and one or more secondary VLANs, as follows: Primary VLAN—carries unidirectional traffic downstream from promiscuous ports.

  • Page 99: Configuration Guidelines

    Configuration Guidelines The following guidelines apply when configuring Private VLANs: The default VLAN 1 cannot be a Private VLAN. The management VLAN 4095 cannot be a Private VLAN. The management port cannot be a member of a Private VLAN. IGMP Snooping must be disabled on isolated VLANs. Each secondary port’s (isolated port and community ports) PVID must match its corresponding secondary VLAN ID.
  • Page 100 BLADEOS 6.5.2 Application Guide Chapter 6: VLANs BMD00220, October 2010...

  • Page 101: Chapter 7: Ports And Trunking

    HAPTER Ports and Trunking Trunk groups can provide super-bandwidth, multi-link connections between the RackSwitch G8124 (G8124) and other trunk-capable devices. A trunk group is a group of ports that act together, combining their bandwidth to create a single, larger virtual link. This chapter provides configuration background and examples for trunking multiple ports together: “Trunking...

  • Page 102: Trunking Overview

    BLADEOS 6.5.2 Application Guide Trunking Overview When using port trunk groups between two switches, as shown in link between the switches, operating with combined throughput levels that depends on how many physical ports are included. Each G8124 supports up to 12 trunk groups. Two trunk types are available: static trunk groups (portchannel), and dynamic LACP trunk groups.

  • Page 103: Before You Configure Static Trunks

    Before You Configure Static Trunks When you create and enable a static trunk, the trunk members (switch ports) take on certain settings necessary for correct operation of the trunking feature. Before you configure your trunk, you must consider these settings, along with specific configuration rules, as follows: Read the configuration rules provided in the section, page...

  • Page 104: Trunk Group Configuration Rules

    Prior to configuring each switch in the above example, you must connect to the appropriate switches as the administrator. Note – For details about accessing and using any of the commands described in this example, see the RackSwitch G8124 ISCLI Reference. Chapter 7: Ports and Trunking Port Trunk Group Configuration Example ®...
  • Page 105 Follow these steps on the G8124: Define a trunk group. RS G8124(config)# portchannel 3 port 2,9,16 RS G8124(config)# portchannel 3 enable Verify the configuration. # show portchannel information Examine the resulting information. If any settings are incorrect, make appropriate changes. Repeat the process on the other switch.

  • Page 106: Configurable Trunk Hash Algorithm

    BLADEOS 6.5.2 Application Guide Configurable Trunk Hash Algorithm Traffic in a trunk group is statistically distributed among member ports using a hash process where various address and attribute bits from each transmitted frame are recombined to specify the particular trunk port the frame will use. The switch can be configured to use a variety of hashing options.

  • Page 107: Link Aggregation Control Protocol

    Link Aggregation Control Protocol Link Aggregation Control Protocol (LACP) is an IEEE 802.3ad standard for grouping several physical ports into one logical port (known as a dynamic trunk group or Link Aggregation group) with any device that supports the standard. Please refer to IEEE 802.3ad-2002 for a full description of the standard.

  • Page 108: Configuring Lacp

    BLADEOS 6.5.2 Application Guide Each port on the switch can have one of the following LACP modes. off (default) The user can configure this port in to a regular static trunk group. active The port is capable of forming an LACP trunk. This port sends LACPDU packets to partner system ports.

  • Page 109: Chapter 8: Spanning Tree Protocols

    Spanning Tree Protocols When multiple paths exist between two points on a network, Spanning Tree Protocol (STP), or one of its enhanced variants, can prevent broadcast loops and ensure that the RackSwitch G8124 (G8124) uses only the most efficient network path.

  • Page 110: Global Stp Control

    BLADEOS 6.5.2 Application Guide Rapid Spanning Tree Protocol (RSTP) IEEE 802.1D (2004) RSTP mode is an enhanced version of STP. It provides more rapid convergence of the Spanning Tree network path states on STG 1. RSTP is the default Spanning Tree mode on the G8124. See on page 124 Per-VLAN Rapid Spanning Tree (PVRST) PVRST mode is based on RSTP to provide rapid Spanning Tree convergence, but allows for...

  • Page 111: Stp/Pvst+ Mode

    STP/PVST+ Mode Using STP, network devices detect and eliminate logical loops in a bridged or switched network. When multiple paths exist, Spanning Tree configures the network so that a switch uses only the most efficient path. If that path fails, Spanning Tree automatically sets up another active path on the network to sustain network operations.

  • Page 112: Bridge Protocol Data Units

    BLADEOS 6.5.2 Application Guide Bridge Protocol Data Units Bridge Protocol Data Units Overview To create a Spanning Tree, the switch generates a configuration Bridge Protocol Data Unit (BPDU), which it then forwards out of its ports. All switches in the Layer 2 network participating in the Spanning Tree gather information about other switches in the network through an exchange of BPDUs.

  • Page 113: Port Priority

    Port Priority The port priority helps determine which bridge port becomes the root port or the designated port. The case for the root port is when two switches are connected using a minimum of two links with the same path-cost. The case for the designated port is in a network topology that has multiple bridge ports with the same path-cost connected to a single segment, the port with the lowest port priority becomes the designated port for the segment.

  • Page 114: Configuring Fast Uplink Convergence

    BLADEOS 6.5.2 Application Guide Fast Uplink Configuration Guidelines When you enable Fast Uplink Convergence, BLADEOS automatically makes the following configuration changes: The bridge priority is set to 65535 so that it does not become the root switch. The cost of all ports is increased by 3000, across all VLANs and STGs. This ensures that traffic never flows through the G8124 to get to another switch unless there is no other path.

  • Page 115: Simple Stp Configuration

    Simple STP Configuration Figure 9 depicts a simple topology using a switch-to-switch link between two G8124 1 and 2. Figure 9 Enterprise Routing Switches BLADE Switch 1 To prevent a network loop among the switches, STP must block one of the links between them. In this case, it is desired that STP block the link between the BLADE switches, and not one of the G8124 uplinks or the Enterprise switch trunk.
  • Page 116 BLADEOS 6.5.2 Application Guide Figure 10 Enterprise Routing Switches BLADE Switch 1 In this example, port 10 on each G8124 is used for the switch-to-switch link. To ensure that the G8124 switch-to-switch link is blocked during normal operation, the port path cost is set to a higher value than other paths in the network.

  • Page 117: Per-Vlan Spanning Tree Groups

    Per-VLAN Spanning Tree Groups STP/PVST+ mode supports a maximum of 127 STGs, with each STG acting as an independent, simultaneous instance of STP. Multiple STGs provide multiple data paths which can be used for load-balancing and redundancy. To enable load balancing between two G8124s using multiple STGs, configure each path with a different VLAN and then assign each VLAN to a separate STG.

  • Page 118: Stp/Pvst+ Defaults And Guidelines

    BLADEOS 6.5.2 Application Guide STP/PVST+ Defaults and Guidelines In STP/PVST+ configuration, up to 128 STGs are available on the switch. STG 1 is the default STG. Although ports can be added to or deleted from default STG 1, the STG itself cannot be deleted from the system.

  • Page 119: Creating A Vlan

    Creating a VLAN When you create a VLAN, that VLAN automatically belongs to STG 1, the default STG. To place the VLAN in a different STG, follow these steps: Create the VLAN. Add the VLAN to an existing STG. The VLAN is automatically removed from its old STG before being placed into the new STG. Each VLANs must be contained within a single STG;...

  • Page 120: Adding And Removing Ports From Stgs

    BLADEOS 6.5.2 Application Guide Adding and Removing Ports from STGs When you add a port to a VLAN that belongs to an STG, the port is also added to that STG. However, if the port you are adding is an untagged port and is already a member of another STG, that port will be removed from its current STG and added to the new STG.

  • Page 121: Switch-Centric Configuration

    Switch-Centric Configuration STP/PVST+ is switch-centric: STGs are enforced only on the switch where they are configured. The STG ID is not transmitted in the Spanning Tree BPDU. Each Spanning Tree decision is based entirely on the configuration of the particular switch. For example, in responsible for the proper configuration of its own ports, VLANs, and STGs.

  • Page 122: Configuring Multiple Stgs

    BLADEOS 6.5.2 Application Guide Configuring Multiple STGs This configuration shows how to configure the three instances of STGs on the switches A, B, C, and D illustrated in By default Spanning Trees 2 to 127 are empty, and STG 1 contains all configured VLANs until individual VLANs are explicitly assigned to other STGs.
  • Page 123 Configure the following on application switch C: Add port 8 to VLAN 3 and define STG 2 for VLAN 3. RS G8124(config)# vlan 3 RS G8124(config-vlan)# enable RS G8124(config-vlan)# member 8 RS G8124(config-vlan)# exit RS G8124(config)# spanning-tree stp 2 vlan 3 VLAN 3 is automatically removed from STG 1.

  • Page 124: Rapid Spanning Tree Protocol

    BLADEOS 6.5.2 Application Guide Rapid Spanning Tree Protocol Note – Rapid Spanning Tree Protocol (RSTP) is enabled by default on the G8124. RSTP provides rapid convergence of the Spanning Tree and provides the fast re-configuration critical for networks carrying delay-sensitive traffic such as voice and video. RSTP significantly reduces the time to reconfigure the active topology of the network when changes occur to the physical topology or its configuration parameters.

  • Page 125: Rstp Configuration Guidelines

    RSTP Configuration Guidelines This section provides important information about configuring RSTP. When RSTP is turned on, the following occurs: STP parameters apply only to STG 1. Only STG 1 is available. All other STGs are turned off. All VLANs, including management VLANs, are moved to STG 1. RSTP Configuration Example This section provides steps to configure RSTP.

  • Page 126: Per-Vlan Rapid Spanning Tree Groups

    BLADEOS 6.5.2 Application Guide Per-VLAN Rapid Spanning Tree Groups PVRST is based on IEEE 802.1w Rapid Spanning Tree Protocol (RSTP). Like RSTP, PVRST mode provides rapid Spanning Tree convergence. However, similar to the way standard STP is enhanced by PVST+ (see per-VLAN STGs on the switch.

  • Page 127: Multiple Spanning Tree Protocol

    Multiple Spanning Tree Protocol Multiple Spanning Tree Protocol (MSTP) extends Rapid Spanning Tree Protocol (RSTP), allowing multiple Spanning Tree Groups (STGs) which may each include multiple VLANs. MSTP was originally defined in IEEE 802.1s (2002) and was later included in IEEE 802.1Q (2003). In MSTP mode, the G8124 supports up to 32 instances of Spanning Tree, corresponding to STGs 1-32, with each STG acting as an independent, simultaneous instance of STP.

  • Page 128: Mstp Configuration Guidelines

    BLADEOS 6.5.2 Application Guide MSTP Configuration Guidelines This section provides important information about configuring Multiple Spanning Tree Groups: When MSTP is turned on, the switch automatically moves all VLANs to the CIST. When MSTP is turned off, the switch moves all VLANs from the CIST to STG 1. When you enable MSTP, you must configure the Region Name.

  • Page 129: Mstp Configuration Example 2

    MSTP Configuration Example 2 This configuration shows how to configure MSTP Groups on the switch, as shown in Figure 13 Enterprise Routing Switch MSTP Group 1 Root Passing VLAN 1 Blocking VLAN 2 This example shows how multiple Spanning Trees can provide redundancy without wasting any uplink ports.
  • Page 130 BLADEOS 6.5.2 Application Guide Configure port membership and define the STGs for VLAN 1. Enable tagging on uplink ports that share VLANs. Port 19 and port 20 connect to the Enterprise Routing switches. RS G8124(config)# interface port 19 RS G8124(config-if)# tagging RS G8124(config-if)# exit RS G8124(config)# interface port 20 RS G8124(config-if)# tagging...

  • Page 131: Port Type And Link Type

    Port Type and Link Type For use in RSTP, MSTP, and PVRST modes, BLADEOS Spanning Tree configuration includes parameters for edge port and link type. Note – Although edge port and link type parameters are configured with global commands on ports, they only take effect when RSTP, MSTP, or PVRST is turned on.
  • Page 132 BLADEOS 6.5.2 Application Guide Chapter 8: Spanning Tree Protocols BMD00220, October 2010...

  • Page 133: Chapter 9: Quality Of Service

    HAPTER Quality of Service Quality of Service features allow you to allocate network resources to mission-critical applications at the expense of applications that are less sensitive to such factors as time delays or network congestion. You can configure your network to prioritize specific types of traffic, ensuring that each type receives the appropriate Quality of Service (QoS) level.
  • Page 134 BLADEOS 6.5.2 Application Guide Figure 14 shows the basic QoS model used by the switch. Figure 14 Ingress Ports The basic QoS model works as follows: Classify traffic: Read DSCP value. Read 802.1p priority value. Match ACL filter parameters. Perform actions: Define bandwidth and burst parameters Select actions to perform on in-profile and out-of-profile traffic Deny packets...

  • Page 135: Using Acl Filters

    Using ACL Filters Access Control Lists (ACLs) are filters that allow you to classify and segment traffic, so you can provide different levels of service to different traffic types. Each filter defines the conditions that must match for inclusion in the filter, and also the actions that are performed when a match is made. BLADEOS 6.5 supports up to 127 ACLs when the switch is operating in the Balanced deployment mode (see “Deployment Profiles”...

  • Page 136: Acl Metering And Re-Marking

    BLADEOS 6.5.2 Application Guide ACL Metering and Re-Marking You can define a profile for the aggregate traffic flowing through the G8124 by configuring a QoS meter (if desired) and assigning ACLs to ports. When you add ACLs to a port, make sure they are ordered correctly in terms of precedence.

  • Page 137: Using Dscp Values To Provide Qos

    Using DSCP Values to Provide QoS The switch uses the Differentiated Services (DiffServ) architecture to provide QoS functions. DiffServ is described in IETF RFCs 2474 and 2475. The six most significant bits in the TOS byte of the IP header are defined as DiffServ Code Points (DSCP).

  • Page 138: Per Hop Behavior

    BLADEOS 6.5.2 Application Guide Per Hop Behavior The DSCP value determines the Per Hop Behavior (PHB) of each packet. The PHB is the forwarding treatment given to packets at each hop. QoS policies are built by applying a set of rules to packets, based on the DSCP value, as they hop through the network.

  • Page 139: Qos Levels

    QoS Levels Table 13 shows the default service levels provided by the switch, listed from highest to lowest importance: Table 13 Service Level Critical Network Control Premium Platinum Gold Silver Bronze Standard BMD00220, October 2010 Default QoS Service Levels Default PHB 802.1p Priority EF, CS5 AF41, AF42, AF43, CS4...

  • Page 140: Dscp Re-Marking And Mapping

    BLADEOS 6.5.2 Application Guide DSCP Re-Marking and Mapping The switch can use the DSCP value of ingress packets to re-mark the DSCP to a new value, and to set an 802.1p priority value. Use the following command to view the default settings. RS G8124# show qos dscp Current DSCP Remarking Configuration: OFF DSCP...

  • Page 141: Dscp Re-Marking Configuration Example

    DSCP Re-Marking Configuration Example Turn DSCP re-marking on globally, and define the DSCP-DSCP-802.1p mapping. You can use the default mapping. RS G8124(config)# qos dscp re-marking RS G8124(config)# qos dscp dscp-mapping <DSCP value (0-63)> <new value> RS G8124(config)# qos dscp dot1p-mapping <DSCP value (0-63)> <802.1p value> Enable DSCP re-marking on a port.

  • Page 142: Using 802.1P Priority To Provide Qos

    BLADEOS 6.5.2 Application Guide Using 802.1p Priority to Provide QoS The G8124 provides Quality of Service functions based on the priority bits in a packet’s VLAN header. (The priority bits are defined by the 802.1p standard within the IEEE 802.1Q VLAN header.) The 802.1p bits, if present in the packet, specify the priority that should be given to packets during forwarding.

  • Page 143: Queuing And Scheduling

    Queuing and Scheduling The G8124 can be configured to have either 2 or 8 output Class of Service (COS) queues per port, into which each packet is placed. Each packet’s 802.1p priority determines its COS queue, except when an ACL action sets the COS queue of the packet. Note –...
  • Page 144 BLADEOS 6.5.2 Application Guide Chapter 9: Quality of Service BMD00220, October 2010...

  • Page 145: Part 4: Advanced Switching Features

    Part 4: Advanced Switching Features BMD00220, October 2010...
  • Page 146 BLADEOS 6.5.2 Application Guide Part 4: Advanced Switching Features BMD00220, October 2010...

  • Page 147: Chapter 10: Deployment Profiles

    HAPTER Deployment Profiles The BLADEOS software for the RackSwitch G8124 can be configured to operate in different modes for different deployment scenarios. Each deployment profile sets different capacity levels for basic switch resources, such as the number of IP routes and ARP entries, in order to optimize the switch for different types of networks.
  • Page 148 BLADEOS 6.5.2 Application Guide The properties of each mode are compared in the following table. Table 14 Switch Feature ACLs ARP entries Dynamic routes VM Policy Bandwidth Control VMAPs VMready Note – Throughout this guide, where feature capacities are listed, values reflect those of the Default profile only, unless otherwise noted.

  • Page 149: Selecting Profiles

    Selecting Profiles To change the deployment profile, the new profile must first be selected, and the switch must then be rebooted to use the new profile. Note – Before changing profiles, it is recommended that you save the active switch configuration to a backup file so that it may be restored later if desired.
  • Page 150 BLADEOS 6.5.2 Application Guide Chapter 10: Deployment Profiles BMD00220, October 2010...

  • Page 151: Chapter 11: Virtualization

    Virtualization allows resources to be allocated in a fluid manner based on the logical needs of the data center, rather than on the strict, physical nature of components. The following virtualization features are included in BLADEOS 6.5 on the RackSwitch G8124 (G8124): Virtual Local Area Networks (VLANs)
  • Page 152 BLADEOS 6.5.2 Application Guide Chapter 11: Virtualization BMD00220, October 2010...

  • Page 153: Chapter 12: Virtual Nics

    HAPTER Virtual NICs A Network Interface Controller (NIC) is a component within a server that allows the server to be connected to a network. The NIC provides the physical point of connection, as well as internal software for encoding and decoding network packets. Virtualizing the NIC helps to resolve issues caused by limited NIC slot availability.

  • Page 154: Defining Server Ports

    BLADEOS 6.5.2 Application Guide Each vNIC can be independently allocated a symmetric percentage of the 10Gbps bandwidth on the link (from NIC to switch, and from switch to NIC). The G8124 can be used as the single point of vNIC configuration. The following restrictions apply to vNICs: vNICs are not supported simultaneously with VM groups (see same switch ports.

  • Page 155: Vnic Ids

    vNIC IDs vNIC IDs on the Switch BLADEOS 6.5 supports up to four vNICs attached to each server port. Each vNIC is provided its own independent virtual pipe on the port. On the switch, each vNIC is identified by its port and vNIC number as follows: <port number or alias>.<vNIC pipe number (1-4)>...

  • Page 156: Vnic Bandwidth Metering

    BLADEOS 6.5.2 Application Guide vNIC Bandwidth Metering BLADEOS 6.5 supports bandwidth metering for vNIC traffic. By default, each of the four vNICs on any given port is allowed an equal share (25%) of NIC capacity when enabled. However, you may configure the percentage of available switch port bandwidth permitted to each vNIC. vNIC bandwidth can be configured as a value from 1 to 100, with each unit representing 1% (or 100Mbps) of the 10Gbps link.

  • Page 157: Vnic Groups

    vNIC Groups vNICs can be grouped together, along with uplink ports and trunks, as well as other ports that were defined as server ports but not connected to vNICs. Each vNIC group is essentially a separate virtual network within the switch. Elements within a vNIC group have a common logical function and can communicate with each other, while elements in different vNIC groups are separated.
  • Page 158 BLADEOS 6.5.2 Application Guide Other vNIC group rules are as follows: vNIC groups may have one or more vNIC members. However, any given vNIC can be a member of only one vNIC group. All vNICs on a given port must belong to different vNIC groups. All members of a vNIC group must have the same vNIC pipe index.

  • Page 159: Vnic Teaming Failover

    vNIC Teaming Failover For NIC failover in a non-virtualized environment, when a service group’s uplink ports fail or are disconnected, the switch disables the affected group’s server ports, causing the server to failover to the backup NIC and switch. However, in a virtualized environment, disabling the affected server ports would disrupt all vNIC pipes on those ports, not just those that have lost their uplinks (see Figure 19 Primary...
  • Page 160 BLADEOS 6.5.2 Application Guide Figure 20 Primary Switch VNIC Group 1 Port 1 VNIC Group 2 Port 2 Upon Port 1 link failure, the switch informs the server hypervisor for failover on affected VNICs only By default, vNIC Teaming Failover is disabled on each vNIC group, but can be enabled or disabled independently for each vNIC group using the following commands: RS G8124(config)# vnic vnicgroup <group number>...

  • Page 161: Vnic Configuration Example

    vNIC Configuration Example Consider the following example configuration: Figure 21 Port VNIC Group 1 VLAN 1000 Port Port Port Port Figure 21 has the following vNIC network characteristics: vNIC group 1 has an outer tag for VLAN 1000. The group is comprised of vNIC pipes 1.1 and 2.1, switch server port 4 (a non-vNIC port), and uplink port 11.
  • Page 162 BLADEOS 6.5.2 Application Guide Define the server ports. RS G8124(config)# system server-ports port 1-5 Configure the external trunk to be used with vNIC group 2. RS G8124(config)# portchannel 1 port 13,14 RS G8124(config)# portchannel 1 enable Enable the vNIC feature on the switch. RS G8124 # vnic enable Configure the virtual pipes for the vNICs attached to each server port: RS G8124(config)# vnic port 1 index 1...
  • Page 163 Add ports, trunks, and virtual pipes to their vNIC groups. RS G8124(config)# vnic vnicgroup 1 RS G8124(vnic group config)# vlan 1000 RS G8124(vnic group config)# member 1.1 RS G8124(vnic group config)# member 2.1 RS G8124(vnic group config)# port 4 RS G8124(vnic group config)# port 10 RS G8124(vnic group config)# failover RS G8124(vnic group config)# enable RS G8124(vnic group config)# exit...

  • Page 164: Vnics For Iscsi On Emulex Eraptor 2

    BLADEOS 6.5.2 Application Guide vNICs for iSCSI on Emulex Eraptor 2 The BLADEOS vNIC feature works with standard network applications like iSCSI as previously described. However, the Emulex Eraptor 2 NIC expects iSCSI traffic to occur only on a single vNIC pipe.

  • Page 165: Chapter 13: Vmready

    HAPTER VMready Virtualization is used to allocate server resources based on logical needs, rather than on strict physical structure. With appropriate hardware and software support, servers can be virtualized to host multiple instances of operating systems, known as virtual machines (VMs). Each VM has its own presence on the network and runs its own service applications.

  • Page 166: Ve Capacity

    BLADEOS 6.5.2 Application Guide VE Capacity When VMready is enabled, the switch will automatically discover VEs that reside in hypervisors directly connected on the switch ports. BLADEOS 6.5 supports up to 2048 VEs. Once this limit is reached, the switch will reject additional VEs. Note –...

  • Page 167: Local Vm Groups

    Local VM Groups The configuration for local VM groups is maintained on the switch (locally) and is not directly synchronized with hypervisors. Local VM groups may include only local elements: local switch ports and trunks, and only those VEs connected to one of the switch ports or pre-provisioned on the switch.
  • Page 168 BLADEOS 6.5.2 Application Guide The following rules apply to the local VM group configuration commands: key: Add LACP trunks to the group. port: Add switch server ports or switch uplink ports to the group. Note that VM groups and vNICs (see portchannel: Add static port trunks to the group.

  • Page 169: Distributed Vm Groups

    Distributed VM Groups Distributed VM groups allow configuration profiles to be synchronized between the G8124 and associated hypervisors and VEs. This allows VE configuration to be centralized, and provides for more reliable VE migration across hypervisors. Using distributed VM groups requires a virtualization management server. The management server acts as a central point of access to configure and maintain multiple hypervisors and their VEs (VMs, virtual switches, and so on).

  • Page 170: Initializing A Distributed Vm Group

    BLADEOS 6.5.2 Application Guide Note – The bandwidth shaping parameters in the VM profile are used by the hypervisor virtual switch software. To set bandwidth policies for individual VEs, see on page 178. Once configured, the VM profile may be assigned to a distributed VM group as shown in the following section.

  • Page 171: Synchronizing The Configuration

    Synchronizing the Configuration When the configuration for a distributed VM group is modified, the switch updates the assigned virtualization management server. The management server then distributes changes to the appropriate hypervisors. For VM membership changes, hypervisors modify their internal virtual switch port groups, adding or removing server port memberships to enforce the boundaries defined by the distributed VM groups.

  • Page 172: Virtualization Management Servers

    BLADEOS 6.5.2 Application Guide Virtualization Management Servers The G8124 can connect with a virtualization management server to collect configuration information about associated VEs. The switch can also automatically push VM group configuration profiles to the virtualization management server, which in turn configures the hypervisors and VEs, providing enhanced VE mobility.

  • Page 173: Vcenter Scans

    vCenter Scans Once the vCenter is assigned, the switch will periodically scan the vCenter to collect basic information about all the VEs in the datacenter, and more detailed information about the local VEs that the switch has discovered attached to its own ports. The switch completes a vCenter scan approximately every two minutes.

  • Page 174: Exporting Profiles

    BLADEOS 6.5.2 Application Guide Exporting Profiles VM profiles for discovered VEs in distributed VM groups are automatically synchronized with the virtual management server and the appropriate hypervisors. However, VM profiles can also be manually exported to specific hosts before individual VEs are defined on them. By exporting VM profiles to a specific host, BNT port groups will be available to the host’s internal virtual switches so that new VMs may be configured to use them.

  • Page 175: Pre-Provisioning Ves

    BLADEOS 6.5.2 Application Guide Pre-Provisioning VEs VEs may be manually added to VM groups in advance of being detected on the switch ports. By pre-provisioning the MAC address of VEs that are not yet active, the switch will be able to later recognize the VE when it becomes active on a switch port, and immediately assign the proper VM group properties without further configuration.

  • Page 176: Vlan Maps

    BLADEOS 6.5.2 Application Guide VLAN Maps A VLAN map (VMAP) is a type of Access Control List (ACL) that is applied to a VLAN or VM group rather than to a switch port as with regular ACLs (see a virtualized environment, VMAPs allow you to create traffic filtering and metering policies that are associated with a VM group VLAN, allowing filters to follow VMs as they migrate between hypervisors.
  • Page 177 Once a VMAP filter is created, it can be assigned or removed using the following commands: For regular VLANs, use config-vlan mode: RS G8124(config)# vlan <VLAN ID> RS G8124(config-vlan)# [no] vmap <VMAP ID> [serverports| non-serverports] For a VM group, use the global configuration mode: RS G8124(config)# [no] virt vmgroup <ID>...

  • Page 178: Vm Policy Bandwidth Control

    BLADEOS 6.5.2 Application Guide VM Policy Bandwidth Control Note – VM policy bandwidth control is supported only when the switch is operating with the Default deployment profile (see VM policy bandwidth control commands will not be available. In a virtualized environment where VEs can migrate between hypervisors and thus move among different ports on the switch, traffic bandwidth policies must be attached to VEs, rather than to a specific switch port.

  • Page 179: Bandwidth Policies Vs. Bandwidth Shaping

    BLADEOS 6.5.2 Application Guide Bandwidth Policies vs. Bandwidth Shaping VM Profile Bandwidth Shaping differs from VM Policy Bandwidth Control. VM Profile Bandwidth Shaping (see “VM Profiles” on page 169) is configured per VM group and is enforced on the server by a virtual switch in the hypervisor. Shaping is unidirectional and limits traffic transmitted from the virtual switch to the G8124.

  • Page 180: Vmready Information Displays

    BLADEOS 6.5.2 Application Guide VMready Information Displays The G8124 can be used to display a variety of VMready information. Note – Some displays depict information collected from scans of a VMware vCenter and may not be available without a valid vCenter. If a vCenter is assigned (see page 172), scan information might not be available for up to two minutes after the switch boots or when VMready is first enabled.
  • Page 181 If a vCenter is available, more verbose information can be obtained using the following ISCLI privileged EXEC command option: RS G8124# show virt vm -v Index MAC Address, IP Address ----- ------------ 00:50:56:9c:21:2f 172.16.46.15 00:50:56:72:ec:86 172.16.46.51 00:50:56:4f:f2:85 172.16.46.10 00:50:56:7c:1c:ca 172.16.46.11 00:50:56:4e:62:f5 172.16.46.50 00:50:56:9c:00:c8...

  • Page 182: Vcenter Hypervisor Hosts

    BLADEOS 6.5.2 Application Guide vCenter Hypervisor Hosts If a vCenter is available, the following ISCLI privileged EXEC command displays the name and UUID of all VMware hosts, providing an essential overview of the data center: RS G8124# show virt vmware hosts UUID --------------------------------------------------------------- 00a42681-d0e5-5910-a0bf-bd23bd3f7800...

  • Page 183: Vcenter Ves

    vCenter VEs If a vCenter is available, the following ISCLI privileged EXEC command displays a list of all known VEs: RS G8124# show virt vmware vms UUID ---------------------------------------------------------------------- 001cdf1d-863a-fa5e-58c0-d197ed3e3300 001c1fba-5483-863f-de04-4953b5caa700 001c0441-c9ed-184c-7030-d6a6bc9b4d00 001cc06e-393b-a36b-2da9-c71098d9a700 001c6384-f764-983c-83e3-e94fc78f2c00 001c7434-6bf9-52bd-c48c-a410da0c2300 001cad78-8a3c-9cbe-35f6-59ca5f392500 001cf762-a577-f42a-c6ea-090216c11800 001c41f3-ccd8-94bb-1b94-6b94b03b9200 001cf17b-5581-ea80-c22c-3236b89ee900 001c4312-a145-bf44-7edd-49b7a2fc3800 001caf40-a40a-de6f-7b44-9c496f123b00 vCenter VE Details If a vCenter is available, the following ISCLI privileged EXEC command displays detailed information about a specific VE:...

  • Page 184: Vmready Configuration Example

    BLADEOS 6.5.2 Application Guide VMready Configuration Example This example has the following characteristics: A VMware vCenter is fully installed and configured prior to VMready configuration and includes a “bladevm” administration account and a valid SSL certificate. The distributed VM group model is used. The VM profile named “Finance”...
  • Page 185 Define the VM group. RS G8124(config)# virt vmgroup 1 profile Finance RS G8124(config)# virt vmgroup 1 vm arctic RS G8124(config)# virt vmgroup 1 vm monster RS G8124(config)# virt vmgroup 1 vm sierra RS G8124(config)# virt vmgroup 1 vm 00:50:56:4f:f2:00 RS G8124(config)# virt vmgroup 1 portchannel 1 When VMs are added, the server ports on which they appear are automatically added to the VM group.
  • Page 186 BLADEOS 6.5.2 Application Guide Chapter 13: VMready BMD00220, October 2010...

  • Page 187: Chapter 14: Fcoe And Cee

    FCoE and CEE This chapter provides conceptual background and configuration examples for using Converged Enhanced Ethernet (CEE) features of the RackSwitch G8124, with an emphasis on Fibre Channel over Ethernet (FCoE) solutions. The following topics are addressed in this chapter: “Fibre Channel over Ethernet”...
  • Page 188 BLADEOS 6.5.2 Application Guide “Enhanced Transmission Selection” on page 204 Enhanced Transmission Selection (ETS) provides a method for allocating link bandwidth based on the 802.1p priority value in each packet’s VLAN tag. Using ETS, different types of traffic (such as LAN, SAN, and management) that are sensitive to different handling criteria can be configured either for specific bandwidth characteristics, low-latency, or best-effort transmission, despite sharing converged links as in an FCoE environment.

  • Page 189: Fibre Channel Over Ethernet

    With server virtualization, servers capable of hosting both Fibre Channel and Ethernet applications will provide advantages in server efficiency, particularly as FCoE-enabled network adapters provide consolidated SAN and LAN traffic capabilities. The RackSwitch G8124 with BLADEOS 6.5 software is compliant with the INCITS T11.3, FC-BB-5 FCoE specification. The FCoE Topology In an end-to-end Fibre Channel network, switches and end devices generally establish trusted, point-to-point links.
  • Page 190 BLADEOS 6.5.2 Application Guide Figure 22 on page FCoE Forwarder (FCF). The FCF acts as a Fibre Channel gateway to and from the FCoE network. For the FCoE portion of the network, the FCF is connected to the FCoE-enabled G8124, which is connected to a server (running Fibre Channel applications) through an FCoE-enabled Converged Network Adapter (CNA) known in Fibre Channel as Ethernet Nodes (ENodes).

  • Page 191: Fcoe Requirements

    FCoE Requirements The following are required for implementing FCoE using the RackSwitch G8124 (G8124) with BLADEOS 6.5 software: The G8124 must be connected to the Fibre Channel network through an FCF such as a Cisco Nexus 5000 Series Switch. For each G8124 port participating in FCoE, the connected server must use the supported FCoE CNA.

  • Page 192: Converged Enhanced Ethernet

    BLADEOS 6.5.2 Application Guide Converged Enhanced Ethernet Converged Enhanced Ethernet (CEE) refers to a set of IEEE standards designed to allow different physical networks with different data handling requirements to be converged together, simplifying management, increasing efficiency and utilization, and leveraging legacy investments without sacrificing evolutionary growth.

  • Page 193: Effects On 802.1P Quality Of Service

    Effects on 802.1p Quality of Service While CEE is off (the default), the G8124 allows 802.1p priority values to be used for Quality of Service (QoS) configuration (see can be changed by the administrator. When CEE is turned on, 802.1p QoS is replaced by ETS (see on page 204).

  • Page 194: Effects On Flow Control

    BLADEOS 6.5.2 Application Guide If the prior, non-CEE configuration used 802.1p priority values for different purposes, or does not expect bandwidth allocation as shown in administrator should reconfigure ETS settings as appropriate. Each time CEE is turned on or off, the appropriate ETS or 802.1p QoS default settings shown in Table 16 on page 193 configurations are cleared.

  • Page 195: Fcoe Initialization Protocol Snooping

    FCoE Initialization Protocol Snooping FCoE Initialization Protocol (FIP) snooping is an FCoE feature. In order to enforce point-to-point links for FCoE traffic outside the regular Fibre Channel topology, Ethernet ports used in FCoE can be automatically and dynamically configured with Access Control Lists (ACLs). Using FIP snooping, the G8124 examines the FIP frames normally exchanged between the FCF and ENodes to determine information about connected FCoE devices.

  • Page 196: Port Fcf And Enode Detection

    BLADEOS 6.5.2 Application Guide Port FCF and ENode Detection When FIP snooping is enabled on a port, the port is placed in FCF auto-detect mode by default. In this mode, the port assumes connection to an ENode unless FIP packets show the port is connected to an FCF.

  • Page 197: Fcoe Acl Rules

    FCoE ACL Rules When FIP Snooping is enabled on a port, the switch automatically installs the appropriate ACLs to enforce the following rules for FCoE traffic: Ensure that FIP frames from ENodes may only be addressed to FCFs. Flag important FIP packets for switch processing. Ensure no end device uses an FCF MAC address as its source.

  • Page 198: Viewing Fip Snooping Information

    BLADEOS 6.5.2 Application Guide Viewing FIP Snooping Information ACLs automatically generated under FIP snooping are independent of regular, manually configure ACLs, and are not listed with regular ACLs in switch information and statistics output. Instead, FCoE ACLs are shown using the following CLI commands: RS G8124# show fcoe fips information RS G8124# show fcoe fips port <ports>...

  • Page 199: Fip Snooping Configuration

    FIP Snooping Configuration In this example, as shown in FCF device, and port 3 for an ENode. FIP snooping can be configured on these ports using the following ISCLI commands: Enable VLAN tagging on the FCoE ports: RS G8124(config)# interface port 2,3 RS G8124(config-if)# tagging RS G8124(config-if)# exit Place FCoE ports into a VLAN supported by the FCF and CNAs (typically VLAN 1002):...

  • Page 200: Priority-Based Flow Control

    BLADEOS 6.5.2 Application Guide Priority-Based Flow Control Priority-based Flow Control (PFC) is defined in IEEE 802.1Qbb. PFC extends the IEEE 802.3x standard flow control mechanism. Under standard flow control, when a port becomes busy, the switch manages congestion by pausing all the traffic on the port, regardless of the traffic type. PFC provides more granular flow control, allowing the switch to pause specified types of traffic on the port, while other traffic on the port continues.

  • Page 201: Global Configuration

    Global Configuration PFC requires CEE to be turned on on, standard flow control is disabled on all ports, and PFC is enabled on all ports for 802.1p priority value 3. While CEE is turned on, PFC cannot be disabled for priority value 3. This default is chosen because priority value 3 is commonly used to identify FCoE traffic in a CEE environment and must be guaranteed lossless behavior.

  • Page 202: Pfc Configuration Example

    BLADEOS 6.5.2 Application Guide PFC Configuration Example Note – DCBX may be configured to permit sharing or learning PFC configuration with or from external devices. This example assumes that PFC configuration is being performed manually. See “Data Center Bridging Capability Exchange” on page 211 This example is consistent with the network shown in following topology is used.
  • Page 203 Enable PFC for the FCoE traffic. Note – PFC is enabled on priority 3 by default. If using the defaults, the manual configuration commands shown in this step are not necessary. RS G8124(config)# cee global pfc priority 3 enable RS G8124(config)# cee global pfc priority 3 description "FCoE" Enable PFC for the business-critical LAN application: RS G8124(config)# cee global pfc priority 4 enable RS G8124(config)# cee global pfc priority 4 description "Critical LAN"...

  • Page 204: Enhanced Transmission Selection

    BLADEOS 6.5.2 Application Guide Enhanced Transmission Selection Enhanced Transmission Selection (ETS) is defined in IEEE 802.1Qaz. ETS provides a method for allocating port bandwidth based on 802.1p priority values in the VLAN tag. Using ETS, different amounts of link bandwidth can specified for different traffic types (such as for LAN, SAN, and management).
  • Page 205 802.1p priority values may be assigned by the administrator for a variety of purposes. However, when CEE is turned on, the G8124 sets the initial default values for ETS configuration as follows: Figure 23 Typical Traffic Type Latency-Sensitive LAN Latency-Sensitive LAN Latency-Sensitive LAN Latency-Sensitive LAN In the assignment model shown in...

  • Page 206: Priority Groups

    BLADEOS 6.5.2 Application Guide Priority Groups For ETS use, each 801.2p priority value is assigned to a priority group which can then be allocated a specific portion of available link bandwidth. To configure a priority group, the following is required: CEE must be turned on function.

  • Page 207: Assigning Priority Values To A Priority Group

    Assigning Priority Values to a Priority Group Each priority group may be configured from its corresponding ETS Priority Group, available using the following command: RS G8124(config)# cee global ets priority-group <group number (0-7, or 15)> priorities <priority list> where priority list is one or more 802.1p priority values (with each separated by a comma). For example, to assign priority values 0 through 2: RS G8124(config)# cee global ets priority-group <group number (0-7, or 15)>...

  • Page 208: Allocating Bandwidth

    BLADEOS 6.5.2 Application Guide Allocating Bandwidth Allocated Bandwidth for PGID 0 Through 7 The administrator may allocate a portion of the switch’s available bandwidth to PGIDs 0 through 7. Available bandwidth is defined as the amount of link bandwidth that remains after priorities within PGID 15 are serviced (see PGIDs are fully subscribed.

  • Page 209: Configuring Ets

    If PGID 15 has low traffic levels, most of the switch’s bandwidth will be available to serve priority groups 0 through 7. However, if PGID 15 consumes a larger part of the switch’s total bandwidth, the amount available to the other groups is reduced. Note –...
  • Page 210 BLADEOS 6.5.2 Application Guide This example can be configured using the following commands: Turn CEE on. RS G8124(config)# cee enable Note – Turning CEE on will automatically change some 802.1p QoS and 802.3x standard flow control settings and menus (see Configure each allocated priority group with a description (optional), list of 802.1p priority values, and bandwidth allocation: RS G8124(config)# cee global ets priority-group 2 priorities 0,1,2...

  • Page 211: Data Center Bridging Capability Exchange

    Data Center Bridging Capability Exchange Data Center Bridging Capability Exchange (DCBX) protocol is a vital element of CEE. DCBX allows peer CEE devices to exchange information about their advanced capabilities. Using DCBX, neighboring network devices discover their peers, negotiate peer configurations, and detect misconfigurations.

  • Page 212: Enabling And Disabling Dcbx

    BLADEOS 6.5.2 Application Guide Enabling and Disabling DCBX When CEE is turned on, DCBX can be enabled and disabled on a per-port basis, using the following commands: RS G8124(config)# [no] cee port <port alias or number> dcbx enable Note – DCBX and vNICs (see the same G8124.
  • Page 213 These flags are available for the following CEE features: Application Protocol DCBX exchanges information regarding FCoE and FIP snooping, including the 802.1p priority value used for FCoE traffic. The advertise flag is set or reset using the following command: RS G8124(config)# [no] cee port <port alias or number> dcbx app_proto advertise The willing flag is set or reset using the following command: RS G8124(config)# [no] cee port <port alias or number>...

  • Page 214: Configuring Dcbx

    BLADEOS 6.5.2 Application Guide Configuring DCBX Consider an example consistent in this chapter: FCoE is used on ports 2 and 3. CEE features are also used with LANs on ports 1 and 4. All other ports are disabled or are connected to regular (non-CEE) LAN devices. In this example, the G8124 acts as the central point for CEE configuration.
  • Page 215 Disable DCBX for each non-CEE port as appropriate: RS G8124(config)# no cee port 5-24 dcbx enable Save the configuration. BMD00220, October 2010 BLADEOS 6.5.2 Application Guide Chapter 14: FCoE and CEE...
  • Page 216 BLADEOS 6.5.2 Application Guide Chapter 14: FCoE and CEE BMD00220, October 2010...

  • Page 217: Part 5: Ip Routing

    Part 5: IP Routing This section discusses Layer 3 switching functions. In addition to switching traffic at near line rates, the application switch can perform multi-protocol routing. This section discusses basic routing and advanced routing protocols: Basic Routing IPv6 Host Management Routing Information Protocol (RIP) Internet Group Management Protocol (IGMP) Border Gateway Protocol (BGP)
  • Page 218 BLADEOS 6.5.2 Application Guide Part 5: IP Routing BMD00220, October 2010...

  • Page 219: Chapter 15: Basic Ip Routing

    HAPTER Basic IP Routing This chapter provides configuration background and examples for using the G8124 to perform IP routing functions. The following topics are addressed in this chapter: “IP Routing Benefits” on page 219 “Routing Between IP Subnets” on page 219 “Example of Subnet Routing”...
  • Page 220 BLADEOS 6.5.2 Application Guide For example, consider the following topology migration: Figure 24 Internet Internet In this example, a corporate campus has migrated from a router-centric topology to a faster, more powerful, switch-based topology. As is often the case, the legacy of network growth and redesign has left the system with a mix of illogically distributed subnets.

  • Page 221: Example Of Subnet Routing

    Example of Subnet Routing Consider the role of the G8124 in the following configuration example: Figure 25 Server subnet 1: 100.20.10.2-254 The switch connects the Gigabit Ethernet and Fast Ethernet trunks from various switched subnets throughout one building. Common servers are placed on another subnet attached to the switch. A primary and backup router are attached to the switch on yet another subnet.

  • Page 222: Using Vlans To Segregate Broadcast Domains

    BLADEOS 6.5.2 Application Guide Using VLANs to Segregate Broadcast Domains If you want to control the broadcasts on your network, use VLANs to create distinct broadcast domains. Create one VLAN for each server subnet, and one for the router. Configuration Example This section describes the steps used to configure the example topology shown in page 221.
  • Page 223 Determine which switch ports and IP interfaces belong to which VLANs. The following table adds port and VLAN information: Table 22 Devices Default router Web servers Database servers Terminal Servers Note – To perform this configuration, you must be connected to the switch Command Line Interface (CLI) as the administrator.
  • Page 224 BLADEOS 6.5.2 Application Guide Assign a VLAN to each IP interface. Now that the ports are separated into VLANs, the VLANs are assigned to the appropriate IP interface for each subnet. From RS G8124(config)# interface ip 1 RS G8124(config-ip-if)# ip address 205.21.17.3 RS G8124(config-ip-if)# ip netmask 255.255.255.0 RS G8124(config-ip-if)# vlan 1 RS G8124(config-ip-if)# enable...

  • Page 225: Ecmp Static Routes

    ECMP Static Routes Equal-Cost Multi-Path (ECMP) is a forwarding mechanism that routes packets along multiple paths of equal cost. ECMP provides equally-distributed link load sharing across the paths. The hashing algorithm used is based on the source IP address (SIP). ECMP routes allow the switch to choose between several next hops toward a given destination.

  • Page 226: Configuring Ecmp Static Routes

    BLADEOS 6.5.2 Application Guide Configuring ECMP Static Routes To configure ECMP static routes, add the same route multiple times, each with the same destination IP address, but with a different gateway IP address. These routes become ECMP routes. Add a static route (IP address, subnet mask, gateway, and interface number). RS G8124(config)# ip route 10.10.1.1 255.255.255.255 100.10.1.1 1 Add another static route with the same IP address and mask, but a different gateway address.

  • Page 227: Dynamic Host Configuration Protocol

    Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP) is a transport protocol that provides a framework for automatically assigning IP addresses and configuration information to other IP hosts or clients in a large TCP/IP network. Without DHCP, the IP address must be entered manually for each network device.
  • Page 228 BLADEOS 6.5.2 Application Guide When a switch receives a UDP broadcast on port 67 from a DHCP client requesting an IP address, the switch acts as a proxy for the client, replacing the client source IP (SIP) and destination IP (DIP) addresses.

  • Page 229: Chapter 16: Internet Protocol Version

    HAPTER Internet Protocol Version 6 Internet Protocol version 6 (IPv6) is a network layer protocol intended to expand the network address space. IPv6 is a robust and expandable protocol that meets the need for increased physical address space. The switch supports the following RFCs for IPv6-related features: RFC 1981 RFC 2460 RFC 2461...

  • Page 230: Ipv6 Limitations

    BLADEOS 6.5.2 Application Guide IPv6 Limitations The following IPv6 features are not supported in this release. Dynamic Host Control Protocol for IPv6 (DHCPv6) Border Gateway Protocol for IPv6 (BGP) Routing Information Protocol for IPv6 (RIPng) Multicast Listener Discovery (MLD) Most other BLADEOS 6.5 features permit IP addresses to be configured using either IPv4 or IPv6 address formats.

  • Page 231: Ipv6 Address Format

    IPv6 Address Format The IPv6 address is 128 bits (16 bytes) long and is represented as a sequence of eight 16-bit hex values, separated by colons. Each IPv6 address has two parts: Subnet prefix representing the network to which the interface is connected Local identifier, either derived from the MAC address or user-configured The preferred hexadecimal format is as follows: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx...

  • Page 232: Ipv6 Address Types

    BLADEOS 6.5.2 Application Guide IPv6 Address Types IPv6 supports three types of addresses: unicast (one-to-one), multicast (one-to-many), and anycast (one-to-nearest). Multicast addresses replace the use of broadcast addresses. Unicast Address Unicast is a communication between a single host and a single receiver. Packets sent to a unicast address are delivered to the interface identified by that address.

  • Page 233: Ipv6 Address Autoconfiguration

    Anycast Packets sent to an anycast address or list of addresses are delivered to the nearest interface identified by that address. Anycast is a communication between a single sender and a list of addresses. Anycast addresses are allocated from the unicast address space, using any of the defined unicast address formats.

  • Page 234: Ipv6 Interfaces

    BLADEOS 6.5.2 Application Guide IPv6 Interfaces Each IPv6 interface supports multiple IPv6 addresses. You can manually configure up to two IPv6 addresses for each interface, or you can allow the switch to use stateless autoconfiguration. You can manually configure two IPv6 addresses for each interface, as follows: Initial IPv6 address is a global unicast or anycast address.

  • Page 235: Neighbor Discovery

    Neighbor Discovery Neighbor Discovery Overview The switch uses Neighbor Discovery protocol (ND) to gather information about other router and host nodes, including the IPv6 addresses. Host nodes use ND to configure their interfaces and perform health detection. ND allows each node to determine the link-layer addresses of neighboring nodes, and to keep track of each neighbor’s information.

  • Page 236: Host Vs. Router

    BLADEOS 6.5.2 Application Guide Host vs. Router Each IPv6 interface can be configured as a router node or a host node, as follows: A router node’s IP address is configured manually. Router nodes can send Router Advertisements. A host node’s IP address is autoconfigured. Host nodes listen for Router Advertisements that convey information about devices on the network.

  • Page 237: Supported Applications

    Supported Applications The following applications have been enhanced to provide IPv6 support. Ping The ping command supports IPv6 addresses. Use the following format to ping an IPv6 address: ping <host name>|<IPv6 address> [-n <tries (0-4294967295)>] [-w <msec delay (0-4294967295)>] [-l <length (0/32-65500/2080)>] [-s <IP source>] [-v <TOS (0-255)>] [-f] [-t] To ping a link-local address (begins with FE80), provide an interface index, as follows: ping <IPv6 address>%<Interface index>...
  • Page 238 BLADEOS 6.5.2 Application Guide Secure Shell (SSH) connections over IPv6 are supported. The following syntax is required from the client: ssh -u <IPv6 address> Example: ssh -u 2001:2:3:4:0:0:0:142 TFTP The TFTP commands support both IPv4 and IPv6 addresses. Link-local addresses are not supported.

  • Page 239: Configuration Guidelines

    Configuration Guidelines When you configure an interface for IPv6, consider the following guidelines: IPv6 only supports static routes. Support for subnet router anycast addresses is not available. A single interface can accept either IPv4 or IPv6 addresses, but not both IPv4 and IPv6 addresses.

  • Page 240: Ipv6 Configuration Examples

    BLADEOS 6.5.2 Application Guide IPv6 Configuration Examples This section provides steps to configure IPv6 on the switch. IPv6 Example 1 The following example uses IPv6 host mode to autoconfigure an IPv6 address for the interface. By default, the interface is assigned to VLAN 1. Enable IPv6 host mode on an interface.
  • Page 241 Configure the IPv6 default gateway. RS G8124(config)# ip gateway6 1 address 2001:BA98:7654:BA98:FEDC:1234:ABCD:5412 RS G8124(config)# ip gateway6 1 enable Configure Neighbor Discovery advertisements for the interface (optional) RS G8124(config)# interface ip 3 RS G8124(config-ip-if)# no ipv6 nd suppress-ra Verify the configuration. RS G8124(config-ip-if)# show layer3 BMD00220, October 2010 BLADEOS 6.5.2 Application Guide...
  • Page 242 BLADEOS 6.5.2 Application Guide Chapter 16: Internet Protocol Version 6 BMD00220, October 2010...

  • Page 243: Chapter 17: Routing Information Protocol

    HAPTER Routing Information Protocol In a routed environment, routers communicate with one another to keep track of available routes. Routers can learn about available routes dynamically using the Routing Information Protocol (RIP). BLADEOS software supports RIP version 1 (RIPv1) and RIP version 2 (RIPv2) for exchanging TCP/IPv4 route information with other routers.

  • Page 244: Routing Updates

    BLADEOS 6.5.2 Application Guide Routing Updates RIP sends routing-update messages at regular intervals and when the network topology changes. Each router “advertises” routing information by sending a routing information update every 30 seconds. If a router doesn’t receive an update from another router for 180 seconds, those routes provided by that router are declared invalid.

  • Page 245: Ripv2 In Ripv1 Compatibility Mode

    BLADEOS 6.5.2 Application Guide RIPv2 in RIPv1 Compatibility Mode BLADEOS allows you to configure RIPv2 in RIPv1compatibility mode, for using both RIPv2 and RIPv1 routers within a network. In this mode, the regular routing updates use broadcast UDP data packet to allow RIPv1 routers to receive those packets. With RIPv1 routers as recipients, the routing updates have to carry natural or host mask.
  • Page 246 BLADEOS 6.5.2 Application Guide Default The RIP router can listen and supply a default route, usually represented as IPv4 0.0.0.0 in the routing table. When a router does not have an explicit route to a destination network in its routing table, it uses the default route to forward those packets.

  • Page 247: Rip Configuration Example

    RIP Configuration Example Note – An interface RIP disabled uses all the default values of the RIP, no matter how the RIP parameters are configured for that interface. RIP sends out RIP regular updates to include an UP interface, but not a DOWN interface. Add VLANs for routing interfaces.
  • Page 248 BLADEOS 6.5.2 Application Guide Use the following command to check the current valid routes in the routing table of the switch: >> # show ip route For those RIP routes learned within the garbage collection period, that are routes phasing out of the routing table with metric 16, use the following command: >>...

  • Page 249: Chapter 18: Internet Group Management Protocol

    HAPTER Internet Group Management Protocol Internet Group Management Protocol (IGMP) is used by IPv4 Multicast routers to learn about the existence of host group members on their directly attached subnet (see RFC 2236). The IPv4 Multicast routers get this information by broadcasting IGMP Membership Queries and listening for IPv4 hosts reporting their host group memberships.

  • Page 250: Igmp Snooping

    BLADEOS 6.5.2 Application Guide IGMP Snooping IGMP Snooping allows the switch to forward multicast traffic only to those ports that request it. IGMP Snooping prevents multicast traffic from being flooded to all ports. The switch learns which server hosts are interested in receiving multicast traffic, and forwards it only to ports connected to those servers.

  • Page 251: Igmp Groups

    IGMP Groups The G8124 supports a maximum of 1000 IGMP entries, on a maximum of 1024 VLANs. One IGMP entry is allocated for each unique join request, based on the VLAN and IGMP group address. If multiple ports join the same IGMP group using the same VLAN, only a single IGMP entry is used.
  • Page 252 BLADEOS 6.5.2 Application Guide The switch supports the following IGMPv3 filter modes: INCLUDE mode: The host requests membership to a multicast group and provides a list of IPv4 addresses from which it wants to receive traffic. EXCLUDE mode: The host requests membership to a multicast group and provides a list of IPv4 addresses from which it does not want to receive traffic.

  • Page 253: Igmp Snooping Configuration Example

    IGMP Snooping Configuration Example This section provides steps to configure IGMP Snooping on the switch. Configure port and VLAN membership on the switch. Add VLANs to IGMP Snooping. RS G8124(config)# ip igmp snoop vlan 1 Enable IGMPv3 Snooping (optional). RS G8124(config)# ip igmp snoop igmpv3 enable Enable the IGMP feature.

  • Page 254: Static Multicast Router

    BLADEOS 6.5.2 Application Guide Static Multicast Router A static multicast router (Mrouter) can be configured for a particular port on a particular VLAN. A static Mrouter does not have to be learned through IGMP Snooping. Any data port can accept a static Mrouter.

  • Page 255: Igmp Querier

    IGMP Querier IGMP Querier allows the switch to perform the multicast router (Mrouter) role and provide Mrouter discovery when the network or virtual LAN (VLAN) does not have a router. When IGMP Querier is enabled on a VLAN, the switch acts as an IGMP querier in a Layer 2 network environment.

  • Page 256: Igmp Filtering

    BLADEOS 6.5.2 Application Guide IGMP Filtering With IGMP Filtering, you can allow or deny a port to send and receive multicast traffic to certain multicast groups. Unauthorized users are restricted from streaming multicast traffic across the network. If access to a multicast group is denied, IGMP Membership Reports from the port are dropped, and the port is not allowed to receive IPv4 multicast traffic from that group.

  • Page 257: Configure Igmp Filtering

    Configure IGMP Filtering Enable IGMP Filtering on the switch. >> # ip igmp filtering Define an IGMP filter with IPv4 information. >> # ip igmp profile 1 range 224.0.0.0 226.0.0.0 >> # ip igmp profile 1 action deny >> # ip igmp profile 1 enable Assign the IGMP filter to a port.
  • Page 258 BLADEOS 6.5.2 Application Guide Chapter 18: Internet Group Management Protocol BMD00220, October 2010...

  • Page 259: Chapter 19: Border Gateway Protocol

    HAPTER Border Gateway Protocol Border Gateway Protocol (BGP) is an Internet protocol that enables routers on an IPv4 network to share and advertise routing information with each other about the segments of the IPv4 address space they can access within their network and with routers on external networks. BGP allows you to decide what is the “best”...

  • Page 260: Internal Routing Versus External Routing

    AS 20 was not present (as indicated in would not learn the route to AS 50, and the bottom router would not learn the route to AS 11, even though the two AS 20 routers are connected via the RackSwitch G8124. Figure 26 Typically, an AS has one or more border routers—peer routers that exchange routes with other...

  • Page 261: Forming Bgp Peer Routers

    Forming BGP Peer Routers Two BGP routers become peers or neighbors once you establish a TCP connection between them. For each new route, if a peer is interested in that route (for example, if a peer would like to receive your static routes and the new route is static), an update message is sent to that peer containing the new route.

  • Page 262: Incoming And Outgoing Route Maps

    BLADEOS 6.5.2 Application Guide Figure 27 Incoming and Outgoing Route Maps You can have two types of route maps: incoming and outgoing. A BGP peer router can be configured to support up to eight route maps in the incoming route map list and outgoing route map list.

  • Page 263: Precedence

    Precedence You can set a priority to a route map by specifying a precedence value with the following command (Route Map mode): RS G8124(config)# route-map <map number> RS G8124(config-route-map)# RS G8124(config-route-map)# exit The smaller the value the higher the precedence. If two route maps have the same precedence value, the smaller number has higher precedence.
  • Page 264 BLADEOS 6.5.2 Application Guide Set up the BGP attributes. If you want to overwrite the attributes that the peer router is sending, then define the following BGP attributes: Specify the AS numbers that you want to prepend to a matched route and the local preference for the matched route.

  • Page 265: Aggregating Routes

    Aggregating Routes Aggregation is the process of combining several different routes in such a way that a single route can be advertised, which minimizes the size of the routing table. You can configure aggregate routes in BGP either by redistributing an aggregate route into BGP or by creating an aggregate entry in the BGP routing table.

  • Page 266: Bgp Attributes

    BLADEOS 6.5.2 Application Guide BGP Attributes The following two BGP attributes are discussed in this section: Local preference and metric (Multi-Exit Discriminator). Local Preference Attribute When there are multiple paths to the same destination, the local preference attribute indicates the preferred path.

  • Page 267: Selecting Route Paths In Bgp

    Selecting Route Paths in BGP BGP selects only one path as the best path. It does not rely on metric attributes to determine the best path. When the same network is learned via more than one BGP peer, BGP uses its policy for selecting the best route to that network.

  • Page 268: Bgp Failover Configuration

    BLADEOS 6.5.2 Application Guide BGP Failover Configuration Use the following example to create redundant default gateways for a G8124 at a Web Host/ISP site, eliminating the possibility, should one gateway go down, that requests will be forwarded to an upstream router unknown to the switch. As shown in Figure both ISPs to allow the switch to use their peer routers as default gateways.
  • Page 269 Define the VLANs. For simplicity, both default gateways are configured in the same VLAN in this example. The gateways could be in the same VLAN or different VLANs >> # vlan 1 >> (config-vlan)# member <port number> Define the IP interfaces with IPv4 addresses. The switch will need an IP interface for each default gateway to which it will be connected.

  • Page 270: Default Redistribution And Route Aggregation Example

    BLADEOS 6.5.2 Application Guide Default Redistribution and Route Aggregation Example This example shows you how to configure the switch to redistribute information from one routing protocol to another and create an aggregate route entry in the BGP routing table to minimize the size of the routing table.
  • Page 271 Configure internal peer router 1 and external peer router 2 with IPv4 addresses. >> # router bgp >> (config-router-bgp)# neighbor 1 remote-address 10.1.1.4 >> (config-router-bgp)# neighbor 1 remote-as 135 >> (config-router-bgp)# neighbor 2 remote-address 20.20.20.2 >> (config-router-bgp)# neighbor 2 remote-as 200 Configure redistribution for Peer 1.
  • Page 272 BLADEOS 6.5.2 Application Guide Chapter 19: Border Gateway Protocol BMD00220, October 2010...

  • Page 273: Chapter 20: Ospf

    OSPF version 2 specifications detailed in Internet RFC 1583, and OSPF version 3 specifications in RFC 2740. The following sections discuss OSPF support for the RackSwitch G8124: “OSPFv2 Overview” on page such as types of OSPF areas, types of routing devices, neighbors, adjacencies, link state database, authentication, and internal versus external routing.

  • Page 274: Types Of Ospf Areas

    BLADEOS 6.5.2 Application Guide Types of OSPF Areas An AS can be broken into logical units known as areas. In any AS with multiple areas, one area must be designated as area 0, known as the backbone. The backbone acts as the central OSPF area. All other areas in the AS must be connected to the backbone.

  • Page 275: Types Of Ospf Routing Devices

    Types of OSPF Routing Devices As shown in Figure Internal Router (IR)—a router that has all of its interfaces within the same area. IRs maintain LSDBs identical to those of other routing devices within the local area. Area Border Router (ABR)—a router that has interfaces in multiple areas. ABRs maintain one LSDB for each connected area and disseminate routing information between areas.

  • Page 276: Neighbors And Adjacencies

    BLADEOS 6.5.2 Application Guide Neighbors and Adjacencies In areas with two or more routing devices, neighbors and adjacencies are formed. Neighbors are routing devices that maintain information about each others’ health. To establish neighbor relationships, routing devices periodically send hello packets on each of their interfaces. All routing devices that share a common network segment, appear in the same area, and have the same health parameters (hello and dead intervals) and authentication parameters respond to each other’s hello packets and become neighbors.

  • Page 277: The Shortest Path First Tree

    BLADEOS 6.5.2 Application Guide The Shortest Path First Tree The routing devices use a link-state algorithm (Dijkstra’s algorithm) to calculate the shortest path to all known destinations, based on the cumulative cost required to reach the destination. The cost of an individual interface in OSPF is an indication of the overhead required to send packets across it.

  • Page 278: Ospfv2 Implementation In Bladeos

    BLADEOS 6.5.2 Application Guide OSPFv2 Implementation in BLADEOS BLADEOS supports a single instance of OSPF and up to 4K routes on the network. The following sections describe OSPF implementation in BLADEOS: “Configurable Parameters” on page 278 “Defining Areas” on page 279 “Interface Cost”...

  • Page 279: Defining Areas

    Defining Areas If you are configuring multiple areas in your OSPF domain, one of the areas must be designated as area 0, known as the backbone. The backbone is the central OSPF area and is usually physically connected to all other areas. The areas inject routing information into the backbone which, in turn, disseminates the information into other areas.

  • Page 280: Using The Area Id To Assign The Ospf Area Number

    BLADEOS 6.5.2 Application Guide Using the Area ID to Assign the OSPF Area Number The OSPF area number is defined in the areaid <IP address> option. The octet format is used in order to be compatible with two different systems of notation used by other OSPF network vendors. There are two valid ways to designate an area ID: Placing the area number in the last octet (0.0.0.n) Most common OSPF vendors express the area ID number as a single number.

  • Page 281: Interface Cost

    Interface Cost The OSPF link-state algorithm (Dijkstra’s algorithm) places each routing device at the root of a tree and determines the cumulative cost required to reach each destination. Usually, the cost is inversely proportional to the bandwidth of the interface. Low cost indicates high bandwidth. You can manually enter the cost for the output route with the following command (Interface IP mode): RS G8124(config-ip-if)# Electing the Designated Router and Backup...

  • Page 282: Default Routes

    BLADEOS 6.5.2 Application Guide Default Routes When an OSPF routing device encounters traffic for a destination address it does not recognize, it forwards that traffic along the default route. Typically, the default route leads upstream toward the backbone until it reaches the intended area or an external router. Each G8124 acting as an ABR automatically inserts a default route into each attached area.

  • Page 283: Virtual Links

    Virtual Links Usually, all areas in an OSPF AS are physically connected to the backbone. In some cases where this is not possible, you can use a virtual link. Virtual links are created to connect one area to the backbone through another non-backbone area (see The area which contains a virtual link must be a transit area and have full routing information.

  • Page 284: Authentication

    BLADEOS 6.5.2 Application Guide Authentication OSPF protocol exchanges can be authenticated so that only trusted routing devices can participate. This ensures less processing on routing devices that are not listening to OSPF packets. OSPF allows packet authentication and uses IP multicast when sending and receiving packets. Routers participate in routing domains based on pre-defined passwords.

  • Page 285: Configuring Plain Text Ospf Passwords

    Configuring Plain Text OSPF Passwords To configure simple plain text OSPF passwords on the switches shown in following commands: Enable OSPF authentication for Area 0 on switches 1, 2, and 3. RS G8124(config-router-ospf)# RS G8124(config-router-ospf)# Configure a simple text password up to eight characters for each OSPF IP interface in Area 0 on switches 1, 2, and 3.

  • Page 286: Configuring Md5 Authentication

    BLADEOS 6.5.2 Application Guide Configuring MD5 Authentication Use the following commands to configure MD5 authentication on the switches shown in Enable OSPF MD5 authentication for Area 0 on switches 1, 2, and 3. RS G8124(config-router-ospf)# Configure MD5 key ID for Area 0 on switches 1, 2, and 3. RS G8124(config-router-ospf)# RS G8124(config-router-ospf)# Assign MD5 key ID to OSPF interfaces on switches 1, 2, and 3.

  • Page 287: Host Routes For Load Balancing

    Host Routes for Load Balancing BLADEOS implementation of OSPF includes host routes. Host routes are used for advertising network device IP addresses to external networks, accomplishing the following goals: ABR Load Sharing As a form of load balancing, host routes can be used for dividing OSPF traffic among multiple ABRs.

  • Page 288: Ospfv2 Configuration Examples

    BLADEOS 6.5.2 Application Guide OSPFv2 Configuration Examples A summary of the basic steps for configuring OSPF on the G8124 is listed here. Detailed instructions for each of the steps is covered in the following sections: Configure IP interfaces. One IP interface is required for each desired network (range of IP addresses) being assigned to an OSPF area on the switch.

  • Page 289: Example 1: Simple Ospf Domain

    Example 1: Simple OSPF Domain In this example, two OSPF areas are defined—one area is the backbone and the other is a stub area. A stub area does not allow advertisements of external routes, thus reducing the size of the database. Instead, a default summary route of IP address 0.0.0.0 is automatically inserted into the stub area.
  • Page 290 BLADEOS 6.5.2 Application Guide Define the backbone. The backbone is always configured as a transit area using areaid 0.0.0.0. RS G8124(config-router-ospf)# area 0 area-id 0.0.0.0 RS G8124(config-router-ospf)# area 0 type transit RS G8124(config-router-ospf)# area 0 enable Define the stub area. RS G8124(config-router-ospf)# area 1 area-id 0.0.0.1 RS G8124(config-router-ospf)# area 1 type stub RS G8124(config-router-ospf)# area 1 enable...

  • Page 291: Example 2: Virtual Links

    Example 2: Virtual Links In the example shown in required. Instead, area 2 will be connected to the backbone via a virtual link through area 1. The virtual link must be configured at each endpoint. Figure 35 Note – OSPFv2 supports IPv4 only. IPv6 is supported in OSPFv3 (see in BLADEOS”...
  • Page 292 BLADEOS 6.5.2 Application Guide Enable OSPF. RS G8124(config)# router ospf RS G8124(config-router-ospf)# enable Define the backbone. RS G8124(config-router-ospf)# area 0 area-id 0.0.0.0 RS G8124(config-router-ospf)# area 0 type transit RS G8124(config-router-ospf)# area 0 enable Define the transit area. The area that contains the virtual link must be configured as a transit area. RS G8124(config-router-ospf)# area 1 area-id 0.0.0.1 RS G8124(config-router-ospf)# area 1 type transit RS G8124(config-router-ospf)# area 1 enable...
  • Page 293 Configuring OSPF for a Virtual Link on Switch #2 Configure IP interfaces on each network that will be attached to OSPF areas. In this example, two IP interfaces are needed: Interface 1 for the transit area network on 10.10.12.0/24 Interface 2 for the stub area network on 10.10.24.0/24 RS G8124(config)# interface ip 1 RS G8124(config-ip-if)# ip address 10.10.12.2 RS G8124(config-ip-if)# ip netmask 255.255.255.0...

  • Page 294: Other Virtual Link Options

    BLADEOS 6.5.2 Application Guide Define the stub area. RS G8124(config-router-ospf)# area 2 area-id 0.0.0.2 RS G8124(config-router-ospf)# area 1 type stub RS G8124(config-router-ospf)# area 1 enable RS G8124(config-router-ospf)# exit Attach the network interface to the backbone. RS G8124(config)# interface ip 1 RS G8124(config-ip-if)# ip ospf area 1 RS G8124(config-ip-if)# ip ospf enable RS G8124(config-ip-if)# exit...

  • Page 295: Example 3: Summarizing Routes

    Example 3: Summarizing Routes By default, ABRs advertise all the network addresses from one area into another area. Route summarization can be used for consolidating advertised addresses and reducing the perceived complexity of the network. If network IP addresses in an area are assigned to a contiguous subnet range, you can configure the ABR to advertise a single summary route that includes all individual IP addresses within the area.
  • Page 296 BLADEOS 6.5.2 Application Guide Enable OSPF. RS G8124(config)# router ospf RS G8124(config-router-ospf)# enable Define the backbone. RS G8124(config-router-ospf)# area 0 area-id 0.0.0.0 RS G8124(config-router-ospf)# area 0 type transit RS G8124(config-router-ospf)# area 0 enable Define the stub area. RS G8124(config-router-ospf)# area 1 area-id 0.0.0.1 RS G8124(config-router-ospf)# area 1 type stub RS G8124(config-router-ospf)# area 1 enable RS G8124(config-router-ospf)# exit...

  • Page 297: Verifying Ospf Configuration

    Use the hide command to prevent a range of addresses from advertising to the backbone. RS G8124(config)# router ospf RS G8124(config-router-ospf)# area-range 2 address 36.128.200.0 255.255.255.0 RS G8124(config-router-ospf)# area-range 2 area 0 RS G8124(config-router-ospf)# area-range 2 hide RS G8124(config-router-ospf)# exit Verifying OSPF Configuration Use the following commands to verify the OSPF configuration on your switch: show ip ospf...

  • Page 298: Ospfv3 Implementation In Bladeos

    BLADEOS 6.5.2 Application Guide OSPFv3 Implementation in BLADEOS OSPF version 3 is based on OSPF version 2, but has been modified to support IPv6 addressing. In most other ways, OSPFv3 is similar to OSPFv2: They both have the same packet types and interfaces, and both use the same mechanisms for neighbor discovery, adjacency formation, LSA flooding, aging, and so on.

  • Page 299: Ospfv3 Uses Independent Command Paths

    OSPFv3 Uses Independent Command Paths Though OSPFv3 and OSPFv2 are very similar, they are configured independently. They each have their own separate menus in the CLI, and their own command paths in the ISCLI. OSPFv3 base menus and command paths are located as follows: In the CLI >>...

  • Page 300: Ospfv3 Limitations

    BLADEOS 6.5.2 Application Guide OSPFv3 Limitations BLADEOS 6.5 does not currently support the following OSPFv3 features: Multiple instances of OSPFv3 on one IPv6 link. Authentication via IPv6 Security (IPsec) OSPFv3 Configuration Example The following example depicts the OSPFv3 equivalent configuration of Routes”...
  • Page 301 Enable OSPFv3. RS G8124(config)# ipv6 router ospf RS G8124(config-router-ospf3)# enable This is equivalent to the OSPFv2 enable option in the router ospf command path. Define the backbone. RS G8124(config-router-ospf3)# area 0 area-id 0.0.0.0 RS G8124(config-router-ospf3)# area 0 type transit RS G8124(config-router-ospf3)# area 0 enable This is identical to OSPFv2 configuration.
  • Page 302 BLADEOS 6.5.2 Application Guide Configure route summarization by specifying the starting address and prefix length of the range of addresses to be summarized. RS G8124(config)# ipv6 router ospf RS G8124(config-router-ospf3)# area-range 1 address 36:0:0:0:0:0:0:0 32 RS G8124(config-router-ospf3)# area-range 1 area 0 RS G8124(config-router-ospf3)# area-range 1 enable This differs from OSPFv2 only in that the OSPFv3 command path is used, and the address and prefix are specified in IPv6 format.

  • Page 303: Chapter 21: Protocol Independent Multicast

    Mode (PIM-DM). Note – BLADEOS 6.5 does not support IPv6 for PIM. The following sections discuss PIM support for the RackSwitch G8124: “PIM Overview” on page 303 “Supported PIM Modes and Features” on page 304 “Basic PIM Settings” on page 305 “Additional Sparse Mode Settings”...

  • Page 304: Supported Pim Modes And Features

    BLADEOS 6.5.2 Application Guide PIM-SM is a reverse-path routing mechanism. Client receiver stations advertise their willingness to join a multicast group. The local routing and switching devices collect multicast routing information and forward the request toward the station that will provide the multicast content. When the join requests reach the sending station, the multicast data is sent toward the receivers, flowing in the opposite direction of the original join requests.

  • Page 305: Basic Pim Settings

    The following PIM modes and features are not currently supported in BLADEOS 6.5: Hybrid Sparse-Dense Mode (PIM-SM/DM). Sparse Mode and Dense Mode may be configured on separate IP interfaces on the switch, but are not currently supported simultaneously on the same IP interface.

  • Page 306: Defining A Pim Network Component

    BLADEOS 6.5.2 Application Guide Defining a PIM Network Component The G8124 can be attached to a maximum of two independent PIM network components. Each component represents a different PIM network, and can be defined for either PIM-SM or PIM-DM operation. Basic PIM component configuration is performed using the following commands: RS G8124(config)# ip pim component <1-2>...

  • Page 307: Pim Neighbor Filters

    PIM Neighbor Filters The G8124 accepts connection to up to 72 PIM interfaces. By default, the switch accepts all PIM neighbors attached to the PIM-enabled interfaces, up to the maximum number. Once the maximum is reached, the switch will deny further PIM neighbors. To ensure that only the appropriate PIM neighbors are accepted by the switch, the administrator can use PIM neighbor filters to specify which PIM neighbors may be accepted or denied on a per-interface basis.

  • Page 308: Additional Sparse Mode Settings

    BLADEOS 6.5.2 Application Guide Additional Sparse Mode Settings Specifying the Rendezvous Point Using PIM-SM, at least one PIM-capable router must be a candidate for use as a Rendezvous Point (RP) for any given multicast group. If desired, the G8124 can act as an RP candidate. To assign a configured switch IP interface as a candidate, use the following procedure.

  • Page 309: Influencing The Designated Router Selection

    Influencing the Designated Router Selection Using PIM-SM, All PIM-enabled IP interfaces are considered as potential Designate Routers (DR) for their domain. By default, the interface with the highest IP address on the domain is selected. However, if an interface is configured with a DR priority value, it overrides the IP address selection process.

  • Page 310: Using Pim With Other Features

    BLADEOS 6.5.2 Application Guide Using PIM with Other Features PIM with ACLs or VMAPs If using ACLs or VMAPs, be sure to permit traffic for local hosts and routers. PIM with IGMP If using IGMP (see IGMP static joins can be configured with a PIM-SM or PIM-DM multicast group IPv4 address. Using the ISCLI: RS G8124(config)# ip mroute <multicast group IPv4 address>...

  • Page 311: Pim Configuration Examples

    PIM Configuration Examples Example 1: PIM-SM with Dynamic RP This example configures PIM Sparse Mode for one IP interface, with the switch acting as a candidate for dynamic Rendezvous Point (RP) selection. Globally enable the PIM feature: RS G8124(config)# ip pim enable Configure a PIM network component with dynamic RP settings, and set it for PIM Sparse Mode: RS G8124(config)# ip pim component 1 RS G8124(config-ip-pim-comp)# mode sparse...
  • Page 312 BLADEOS 6.5.2 Application Guide Example 2: PIM-SM with Static RP The following commands can be used to modify the prior example configuration to use a static RP: RS G8124(config)# ip pim static-rp enable RS G8124(config)# ip pim component 1 RS G8124(config-ip-pim-comp)# rp-static rp-address 225.1.0.0 255.255.0.0 10.10.1.1 RS G8124(config-ip-pim-comp)# exit Where 225.1.0.0 255.255.0.0 is the multicast group base address and mask, and 10.10.1.1 is the RP...
  • Page 313 Configure the PIM-SM component as shown in the prior examples, or if using PIM-DM independently, enable the PIM feature. RS G8124(config)# ip pim enable Configure a PIM component and set the PIM mode: RS G8124(config)# ip pim component 2 RS G8124(config-ip-pim-comp)# mode dense RS G8124(config-ip-pim-comp)# exit Define an IP interface for use with PIM: RS G8124(config)# interface ip 102...
  • Page 314 BLADEOS 6.5.2 Application Guide Chapter 21: Protocol Independent Multicast BMD00220, October 2010...

  • Page 315: Part 6: High Availability Fundamentals

    Part 6: High Availability Fundamentals Internet traffic consists of myriad services and applications which use the Internet Protocol (IP) for data delivery. However, IP is not optimized for all the various applications. High Availability goes beyond IP and makes intelligent switching decisions to provide redundant network configurations. BMD00220, October 2010...
  • Page 316 BLADEOS 6.5.2 Application Guide : High Availability Fundamentals BMD00220, October 2010...

  • Page 317: Chapter 22: Basic Redundancy

    HAPTER Basic Redundancy BLADEOS 6.5 includes various features for providing basic link or device redundancy: “Trunking for Link Redundancy” on page 317 “Hot Links” on page 318 “Active MultiPath Protocol” on page 320 Trunking for Link Redundancy Multiple switch ports can be combined together to form robust, high-bandwidth trunks to other devices.

  • Page 318: Hot Links

    BLADEOS 6.5.2 Application Guide Hot Links For network topologies that require Spanning Tree to be turned off, Hot Links provides basic link redundancy with fast recovery. Hot Links consists of up to 25 triggers. A trigger consists of a pair of layer 2 interfaces, each containing an individual port, trunk, or LACP adminkey.

  • Page 319: Configuration Guidelines

    Configuration Guidelines The following configuration guidelines apply to Hot links: Ports that are configured as Hot Link interfaces must have STP disabled. When Hot Links is turned on, MSTP, RSTP, and PVRST must be turned off. When Hot Links is turned on, UplinkFast must be disabled. A port that is a member of the Master interface cannot be a member of the Backup interface.

  • Page 320: Active Multipath Protocol

    BLADEOS 6.5.2 Application Guide Active MultiPath Protocol Active MultiPath Protocol (AMP) allows you to connect three switches in a loop topology, and load-balance traffic across all uplinks (no blocking). When an AMP link fails, upstream communication continues over the remaining AMP link. Once the failed AMP link re-establishes connectivity, communication resumes to its original flow pattern.

  • Page 321: Health Checks

    When the AMP loop is broken, the STP port states are set to forwarding or blocking, depending on the switch priority and port/trunk precedence, as follows: An aggregator's port/trunk has higher precedence over an access switch's port/trunk. Static trunks have highest precedence, followed by LACP trunks, then physical ports. Between two static trunks, the trunk with the lower trunk ID has higher precedence.

  • Page 322: Configuration Example

    BLADEOS 6.5.2 Application Guide AMP ports cannot be used as monitoring ports in a port-mirroring configuration. Do not configure AMP ports as Layer 2 Failover control ports. For IGMP, IP-based multicast entries support only Layer 2 (MAC) based multicast forwarding for IGMP Snooping.
  • Page 323 Configuring an Access Switch Perform the following steps to configure AMP on an access switch: Turn off Spanning Tree. >> # spanning-tree mode disable Turn AMP on. >> # active-multipath enable Define the AMP group links, and enable the AMP group. >>...
  • Page 324 BLADEOS 6.5.2 Application Guide Chapter 22: Basic Redundancy BMD00220, October 2010...

  • Page 325: Chapter 23: Layer 2 Failover

    HAPTER Layer 2 Failover The primary application for Layer 2 Failover is to support Network Adapter Teaming. With Network Adapter Teaming, all the NICs on each server share the same IP address, and are configured into a team. One NIC is the primary link, and the other is a standby link. For more details, refer to the documentation for your Ethernet adapter.

  • Page 326: Setting The Failover Limit

    BLADEOS 6.5.2 Application Guide Figure 41 is a simple example of Layer 2 Failover. One G8124 is the primary, and the other is used as a backup. In this example, all ports on the primary switch belong to a single trunk group, with Layer 2 Failover enabled, and Failover Limit set to 2.

  • Page 327: Manually Monitoring Port Links

    Manually Monitoring Port Links The Manual Monitor allows you to configure a set of ports and/or trunks to monitor for link failures (a monitor list), and another set of ports and/or trunks to disable when the trigger limit is reached (a control list).

  • Page 328: L2 Failover With Other Features

    BLADEOS 6.5.2 Application Guide L2 Failover with Other Features L2 Failover works together with Link Aggregation Control Protocol (LACP) and with Spanning Tree Protocol (STP), as described below. LACP Link Aggregation Control Protocol allows the switch to form dynamic trunks. You can use the admin key to add up to two LACP trunks to a failover trigger using automatic monitoring.

  • Page 329: Configuring Layer 2 Failover

    Configuring Layer 2 Failover Use the following procedure to configure a Layer 2 Failover Manual Monitor. Specify the links to monitor. >> # failover trigger 1 mmon monitor member 1-5 Specify the links to disable when the failover limit is reached. >>...
  • Page 330 BLADEOS 6.5.2 Application Guide Chapter 23: Layer 2 Failover BMD00220, October 2010...

  • Page 331: Chapter 24: Virtual Router Redundancy Protocol

    HAPTER Virtual Router Redundancy Protocol The BNT RackSwitch G8124 (G8124) supports IPv4 high-availability network topologies through an enhanced implementation of the Virtual Router Redundancy Protocol (VRRP). Note – BLADEOS 6.5 does not support IPv6 for VRRP. The following topics are discussed in this chapter: “VRRP Overview”...

  • Page 332: Vrrp Overview

    BLADEOS 6.5.2 Application Guide VRRP Overview In a high-availability network topology, no device can create a single point-of-failure for the network or force a single point-of-failure to any other part of the network. This means that your network will remain in service despite the failure of any single device. To achieve this usually requires redundancy for all vital network components.

  • Page 333: Master And Backup Virtual Router

    Master and Backup Virtual Router Within each virtual router, one VRRP router is selected to be the virtual router master. See “Selecting the Master VRRP Router” on page 334 Note – If the IPv4 address owner is available, it will always become the virtual router master. The virtual router master forwards packets sent to the virtual router.

  • Page 334: Selecting The Master Vrrp Router

    BLADEOS 6.5.2 Application Guide Selecting the Master VRRP Router Each VRRP router is configured with a priority between 1–254. A bidding process determines which VRRP router is or becomes the master—the VRRP router with the highest priority. The master periodically sends advertisements to an IPv4 multicast address. As long as the backups receive these advertisements, they remain in the backup state.

  • Page 335: Active-Active Redundancy

    Active-Active Redundancy In an active-active configuration, shown in other, with both active at the same time. Each switch processes traffic on a different subnet. When a failure occurs, the remaining switch can process traffic on all subnets. For a configuration example, see Figure 42 Internet Internet...

  • Page 336: Bladeos Extensions To Vrrp

    BLADEOS 6.5.2 Application Guide BLADEOS Extensions to VRRP This section describes VRRP enhancements that are implemented in BLADEOS. BLADEOS supports a tracking function that dynamically modifies the priority of a VRRP router, based on its current state. The objective of tracking is to have, whenever possible, the master bidding processes for various virtual routers in a LAN converge on the same switch.

  • Page 337: Virtual Router Deployment Considerations

    Virtual Router Deployment Considerations Assigning VRRP Virtual Router ID During the software upgrade process, VRRP virtual router IDs will be automatically assigned if failover is enabled on the switch. When configuring virtual routers at any point after upgrade, virtual router ID numbers must be assigned. The virtual router ID may be configured as any number between 1 and 255.

  • Page 338: High Availability Configurations

    BLADEOS 6.5.2 Application Guide High Availability Configurations Figure 43 shows an example configuration where two G8124s are used as VRRP routers in an active-active configuration. In this configuration, both switches respond to packets. Figure 43 Internet Internet Enterprise Routing Switch Although this example shows only two switches, there is no limit on the number of switches used in a redundant configuration.
  • Page 339 Task 1: Configure G8124 1 Configure client and server interfaces. RS G8124(config)# interface ip 1 RS G8124(config-ip-if)# ip address 192.168.1.100 255.255.255.0 RS G8124(config-ip-if)# vlan 10 RS G8124(config-ip-if)# enable RS G8124(config-ip-if)# exit RS G8124(config)# interface ip 2 RS G8124(config-ip-if)# ip address 192.168.2.101 255.255.255.0 RS G8124(config-ip-if)# vlan 20 RS G8124(config-ip-if)# enable RS G8124(config-ip-if)# exit...
  • Page 340 BLADEOS 6.5.2 Application Guide Enable tracking on ports. Set the priority of Virtual Router 1 to 101, so that it becomes the Master. RS G8124(config-vrrp)# virtual-router 1 track ports RS G8124(config-vrrp)# virtual-router 1 priority 101 RS G8124(config-vrrp)# virtual-router 2 track ports RS G8124(config-vrrp)# exit Configure ports.
  • Page 341 Task 2: Configure G8124 2 Configure client and server interfaces. RS G8124(config)# interface ip 1 RS G8124(config-ip-if)# ip address 192.168.1.101 255.255.255.0 RS G8124(config-ip-if)# vlan 10 RS G8124(config-ip-if)# enable RS G8124(config-ip-if)# exit RS G8124(config)# interface ip 2 RS G8124(config-ip-if)# ip address 192.168.2.100 255.255.255.0 RS G8124(config-ip-if)# vlan 20 RS G8124(config-ip-if)# enable RS G8124(config-ip-if)# exit...
  • Page 342 BLADEOS 6.5.2 Application Guide Enable tracking on ports. Set the priority of Virtual Router 2 to 101, so that it becomes the Master. RS G8124(config-vrrp)# virtual-router 1 track ports RS G8124(config-vrrp)# virtual-router 2 track ports RS G8124(config-vrrp)# virtual-router 2 priority 101 RS G8124(config-vrrp)# exit Configure ports.

  • Page 343: Part 7: Network Management

    Part 7: Network Management BMD00220, October 2010...
  • Page 344 BLADEOS 6.5.2 Application Guide Part 7: Network Management BMD00220, October 2010...

  • Page 345: Chapter 25: Link Layer Discovery Protocol

    HAPTER Link Layer Discovery Protocol The BLADEOS software support Link Layer Discovery Protocol (LLDP). This chapter discusses the use and configuration of LLDP on the switch: “LLDP Overview” on page 345 “Enabling or Disabling LLDP” on page 346 “LLDP Transmit Features” on page 347 “LLDP Receive Features”...

  • Page 346: Enabling Or Disabling Lldp

    BLADEOS 6.5.2 Application Guide The LLDP information to be distributed by the G8124 ports, and that which has been collected from other LLDP stations, is stored in the switch’s Management Information Base (MIB). Network Management Systems (NMS) can use Simple Network Management Protocol (SNMP) to access this MIB information.

  • Page 347: Lldp Transmit Features

    LLDP Transmit Features Numerous LLDP transmit options are available, including scheduled and minimum transmit interval, expiration on remote systems, SNMP trap notification, and the types of information permitted to be shared. Scheduled Interval The G8124 can be configured to transmit LLDP information to neighboring devices once each 5 to 32768 seconds.

  • Page 348: Time-To-Live For Transmitted Information

    BLADEOS 6.5.2 Application Guide Time-to-Live for Transmitted Information The transmitted LLDP information is held by remote systems for a limited time. A time-to-live parameter allows the switch to determine how long the transmitted data should be held before it expires. The hold time is configured as a multiple of the configured transmission interval. RS G8124(config)# lldp holdtime-multiplier <multiplier>...

  • Page 349: Changing The Lldp Transmit State

    If SNMP trap notification is enabled, the notification messages can also appear in the system log. This is enabled by default. To change whether the SNMP trap notifications for LLDP events appear in the system log, use the following command: RS G8124(config)# [no] logging log lldp Changing the LLDP Transmit State When the port is disabled, or when LLDP transmit is turned off for the port using the LLDP...
  • Page 350 BLADEOS 6.5.2 Application Guide LLDP transmissions can also be configured to enable or disable inclusion of optional information, using the following command (Interface Port mode): RS G8124(config)# interface port 1 RS G8124(config-if)# [no] lldp tlv <type> RS G8124(config-if)# exit where type is an LLDP information option from Table 24 Type portdesc...

  • Page 351: Lldp Receive Features

    LLDP Receive Features Types of Information Received When the LLDP receive option is enabled on a port (see page 346), the port may receive the following information from LLDP-capable remote systems: Chassis Information Port Information LLDP Time-to-Live Port Description System Name System Description System Capabilities Supported/Enabled Remote Management Address...

  • Page 352: Time-To-Live For Received Information

    BLADEOS 6.5.2 Application Guide To view detailed information for a remote device, specify the Index number as found in the summary. For example, in keeping with the sample summary, to list details for the first remote device (with an Index value of 1), use the following command: RS G8124(config)# show lldp remote-device 1 Local Port Alias: 3 Remote Device Index...

  • Page 353: Lldp Example Configuration

    LLDP Example Configuration Turn LLDP on globally. RS G8124(config)# lldp enable Set the global LLDP timer features. RS G8124(config)# lldp transmission-delay 30 RS G8124(config)# lldp transmission-delay 2 RS G8124(config)# lldp holdtime-multiplier 4 RS G8124(config)# lldp reinit-delay 2 RS G8124(config)# lldp trap-notification-interval Set LLDP options for each port.
  • Page 354 BLADEOS 6.5.2 Application Guide Chapter 25: Link Layer Discovery Protocol BMD00220, October 2010...

  • Page 355: Chapter 26: Simple Network Management Protocol

    HAPTER Simple Network Management Protocol BLADEOS provides Simple Network Management Protocol (SNMP) version 1, version 2, and version 3 support for access through any network management software, such as IBM Director or HP-OpenView. Note – SNMP read and write functions are enabled by default. For best security practices, if SNMP is not needed for your network, it is recommended that you disable these functions prior to connecting the switch to the network.

  • Page 356: Snmp Version 3

    BLADEOS 6.5.2 Application Guide SNMP Version 3 SNMP version 3 (SNMPv3) is an enhanced version of the Simple Network Management Protocol, approved by the Internet Engineering Steering Group in March, 2002. SNMPv3 contains additional security and authentication features that provide data origin authentication, data integrity checks, timeliness indicators and encryption to protect against threats such as masquerade, modification of information, message stream modification and disclosure.

  • Page 357: User Configuration Example

    User Configuration Example To configure a user with name “admin,” authentication type MD5, and authentication password of “admin,” privacy option DES with privacy password of “admin,” use the following CLI commands. RS G8124(config)# snmp-server user 5 name admin RS G8124(config)# snmp-server user 5 authentication-protocol md5 authentication-password Changing authentication password;...

  • Page 358: Configuring Snmp Trap Hosts

    BLADEOS 6.5.2 Application Guide Configuring SNMP Trap Hosts SNMPv1 Trap Host Configure a user with no authentication and password. >> # /cfg/sys/ssnmp/snmpv3/usm 10/name "v1trap" Configure an access group and group table entries for the user. Use the following menu to specify which traps can be received by the user: /cfg/sys/ssnmp/snmpv3/access >>...

  • Page 359: Snmpv2 Trap Host Configuration

    Use the community table to specify which community string is used in the trap. /c/sys/ssnmp/snmpv3/comm 10 index v1trap name public uname v1trap SNMPv2 Trap Host Configuration The SNMPv2 trap host configuration is similar to the SNMPv1 trap host configuration. Wherever you specify the model, use snmpv2 instead of snmpv1.

  • Page 360: Snmpv3 Trap Host Configuration

    BLADEOS 6.5.2 Application Guide SNMPv3 Trap Host Configuration To configure a user for SNMPv3 traps, you can choose to send the traps with both privacy and authentication, with authentication only, or without privacy or authentication. This is configured in the access table using the following commands: RS G8124(config)# snmp-server access <1-32>...

  • Page 361: Snmp Mibs

    SNMP MIBs The BLADEOS SNMP agent supports SNMP version 3. Security is provided through SNMP community strings. The default community strings are “public” for SNMP GET operation and “private” for SNMP SET operation. The community string can be modified only through the Command Line Interface (CLI).
  • Page 362 BLADEOS 6.5.2 Application Guide The BLADEOS SNMP agent supports the following generic traps as defined in RFC 1215: ColdStart WarmStart LinkDown LinkUp AuthenticationFailure The SNMP agent also supports two Spanning Tree traps as defined in RFC 1493: NewRoot TopologyChange The following are the enterprise SNMP traps supported in BLADEOS: Table 25 Trap Name altSwDefGwUp...
  • Page 363 Table 25 Trap Name altSwStgTopologyChanged altSwStgBlockingState altSwCistNewRoot altSwCistTopologyChanged Signifies that there was a CIST topology change. altSwHotlinksMasterUp altSwHotlinksMasterDn altSwHotlinksBackupUp altSwHotlinksBackupDn altSwHotlinksNone BMD00220, October 2010 BLADEOS-Supported Enterprise SNMP Traps (continued) Description Signifies that there was a STG topology change. An altSwStgBlockingState trap is sent when port state is changed in blocking state.

  • Page 364: Switch Images And Configuration Files

    BLADEOS 6.5.2 Application Guide Switch Images and Configuration Files This section describes how to use MIB calls to work with switch images and configuration files. You can use a standard SNMP tool to perform the actions, using the MIBs listed in Table 26 lists the MIBS used to perform operations associated with the Switch Image and Configuration files.

  • Page 365: Loading A New Switch Image

    Loading a New Switch Image To load a new switch image with the name “MyNewImage-1.img” into image2, follow the steps below. This example shows an FTP/TFTP server at IPv4 address 192.168.10.10, though IPv6 is also supported. Set the FTP/TFTP server address where the switch image resides: Set agTransferServer.0 "192.168.10.10"...

  • Page 366: Saving The Switch Configuration

    BLADEOS 6.5.2 Application Guide Saving the Switch Configuration To save the switch configuration to a FTP/TFTP server follow the steps below. This example shows a FTP/TFTP server at IPv4 address 192.168.10.10, though IPv6 is also supported. Set the FTP/TFTP server address where the configuration file is saved: Set agTransferServer.0 "192.168.10.10"...

  • Page 367: Part 8: Monitoring

    Part 8: Monitoring The ability to monitor traffic passing through the G8124 can be invaluable for troubleshooting some types of networking problems. This sections cover the following monitoring features: Remote Monitoring (RMON) sFLOW Port Mirroring BMD00220, October 2010...
  • Page 368 BLADEOS 6.5.2 Application Guide Part 8: Monitoring BMD00220, October 2010...

  • Page 369: Chapter 27: Remote Monitoring

    HAPTER Remote Monitoring Remote Monitoring (RMON) allows network devices to exchange network monitoring data. RMON allows the switch to perform the following functions: Track events and trigger alarms when a threshold is reached. Notify administrators by issuing a syslog message or SNMP trap. RMON Overview The RMON MIB provides an interface between the RMON agent on the switch and an RMON management application.

  • Page 370: Rmon Group 1-Statistics

    BLADEOS 6.5.2 Application Guide RMON Group 1—Statistics The switch supports collection of Ethernet statistics as outlined in the RMON statistics MIB, in reference to etherStatsTable. You can configure RMON statistics on a per-port basis. RMON statistics are sampled every second, and new data overwrites any old data on a given port. Note –...

  • Page 371: Rmon Group 2-History

    BLADEOS 6.5.2 Application Guide RMON Group 2—History The RMON History Group allows you to sample and archive Ethernet statistics for a specific interface during a specific time interval. History sampling is done per port. Note – RMON port statistics must be enabled for the port before an RMON History Group can monitor the port.

  • Page 372: Configuring Rmon History

    BLADEOS 6.5.2 Application Guide Configuring RMON History Perform the following steps to configure RMON History on a port. Enable RMON on a port. RS G8124(config)# interface port 1 RS G8124(config-if)# rmon RS G8124(config-if)# exit Configure the RMON History parameters for a port. RS G8124(config)# rmon history 1 interface-oid 1.3.6.1.2.1.2.2.1.1.<x>...

  • Page 373: Rmon Group 3-Alarms

    RMON Group 3—Alarms The RMON Alarm Group allows you to define a set of thresholds used to determine network performance. When a configured threshold is crossed, an alarm is generated. For example, you can configure the switch to issue an alarm if more than 1,000 CRC errors occur during a 10-minute time interval.

  • Page 374: Rmon Group 9-Events

    BLADEOS 6.5.2 Application Guide RMON Group 9—Events The RMON Event Group allows you to define events that are triggered by alarms. An event can be a log message, an SNMP trap, or both. When an alarm is generated, it triggers a corresponding event notification. Use the following commands to correlate an Event index to an alarm: RS G8124(config)# rmon alarm <alarm number>...

  • Page 375: Chapter 28: Sflow

    HAPTER sFLOW The G8124 supports sFlow technology for monitoring traffic in data networks. The switch includes an embedded sFlow agent which can be configured to provide continuous monitoring information of IPv4 traffic to a central sFlow analyzer. The switch is responsible only for forwarding sFlow information. A separate sFlow analyzer is required elsewhere on the network in order to interpret sFlow data.

  • Page 376: Sflow Example Configuration

    BLADEOS 6.5.2 Application Guide sFlow sampling has the following restrictions: Sample Rate—The fastest sFlow sample rate is 1 out of every 256 packets. ACLs—sFlow sampling is performed before ACLs are processed. For ports configured both with sFlow sampling and one or more ACLs, sampling will occur regardless of the action of the ACL.

  • Page 377: Chapter 29: Port Mirroring

    HAPTER Port Mirroring The BLADEOS port mirroring feature allows you to mirror (copy) the packets of a target port, and forward them to a monitoring port. Port mirroring functions for all layer 2 and layer 3 traffic on a port. This feature can be used as a troubleshooting tool or to enhance the security of your network. For example, an IDS server or other traffic sniffer device or analyzer can be connected to the monitoring port in order to detect intruders attacking the network.

  • Page 378: Configuring Port Mirroring

    BLADEOS 6.5.2 Application Guide The G8124 supports three monitor ports. Each monitor port can receive mirrored traffic from any number of target ports. BLADEOS does not support “one to many” or “many to many” mirroring models where traffic from a specific port traffic is copied to multiple monitor ports. For example, port 1 traffic cannot be monitored by both port 3 and 4 at the same time, nor can port 2 ingress traffic be monitored by a different port than its egress traffic.

  • Page 379: Part 9: Appendices

    Part 9: Appendices BMD00220, October 2010...
  • Page 380 BLADEOS 6.5.2 Application Guide Part 9: Appendices BMD00220, October 2010...

  • Page 381: Appendix A: Glossary

    PPENDIX Glossary Converged Network Adapter. A device used for I/O consolidation such as that in Converged Enhanced Ethernet (CEE) environments implementing Fibre Channel over Ethernet (FCoE). The CNA performs the duties of both a Network Interface Card (NIC) for Local Area Networks (LANs) and a Host Bus Adapter (HBA) for Storage Area Networks (SANs).
  • Page 382 BLADEOS 6.5.2 Application Guide Tracking In VRRP, a method to increase the priority of a virtual router and thus master designation (with preemption enabled). Tracking can be very valuable in an active/active configuration. You can track the following: Virtual Interface Router. A VRRP address is an IP interface address shared between two or more virtual routers.

  • Page 383: Index

    Index Symbols ... 21 Numerics ... 193 802.1p QoS ... 90, 204 802.1Q VLAN tagging ... 204 802.1Qaz ETS ... 200 802.1Qbb PFC ... 194, 200 802.3x flow control ... 135 Access Control List (ACL) Access Control Lists. See ACLs..
  • Page 384 BLADEOS 6.5.2 Application Guide configuration rules ... 192 ... 191 FCoE ... 104 Trunking configuring ... 268 BGP failover ... 214 DCBX ... 209 ... 199 FIP snooping ... 222 IP routing ... 288 OSPF ... 202 ... 105 port trunking ...
  • Page 385 ... 355 IBM Director IBM DirectorSNMP, IBM Director ... 76 ICMP IEEE standards ... 109, 110 802.1D ... 142 802.1p ... 90 802.1Q ... 204 802.1Qaz ... 200 802.1Qbb ... 127 802.1s ... 200 802.3x ... 76, 249 to 257 IGMP ...
  • Page 386 BLADEOS 6.5.2 Application Guide ... 88 packet size password ... 38, 68 administrator account ... 38, 68 default ... 38, 68 user account ... 38 passwords ... 88 payload size ... 138 Per Hop Behavior (PHB) ... 187, 194, 200 ...
  • Page 387 ... 189, 192 ... 61 SecurID security ... 73 LDAP authentication ... 377 port mirroring ... 65 RADIUS authentication ... 69 TACACS+ ... 87 VLANs segmentation. See IP subnets. segments. See IP subnets..154, 166 server ports ... 77 service ports ...
  • Page 388 BLADEOS 6.5.2 Application Guide ... 47 VLANs ... 87 broadcast domains ... 89 default PVID example showing multiple VLANs ... 197 FCoE ... 88 ID numbers ... 48 interface ... 224 IP interface configuration ... 111 multiple spanning trees ... 90 multiple VLANs ...

This manual is also suitable for:

Rackswitch g8124-e

Table of Contents

Save PDF