1. Manuals
  2. Brands
  3. Blade Network Technologies Manuals
  4. Switch
  5. RackSwitch G8000
  6. Application manual

Blade Network Technologies RackSwitch G8000 Application Manual

Blade ice switch user manual
Hide thumbs Also See for RackSwitch G8000:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Quick Manual
TM
RackSwitch G8000
Application Guide
Version 1.0
Part Number: BMD00041, November 2008
2350 Mission College Blvd.
Suite 600
Santa Clara, CA 95054
www.bladenetwork.net

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the RackSwitch G8000 and is the answer not in the manual?

Questions and answers

Related Manuals for Blade Network Technologies RackSwitch G8000

Summary of Contents for Blade Network Technologies RackSwitch G8000

  • Page 1 RackSwitch G8000 Application Guide Version 1.0 Part Number: BMD00041, November 2008 2350 Mission College Blvd. Suite 600 Santa Clara, CA 95054 www.bladenetwork.net...
  • Page 2 RackSwitch G8000 Application Guide Copyright © 2009 Blade Network Technologies, Inc., 2350 Mission College Blvd., Suite 600, Santa Clara, California, 95054, USA. All rights reserved. Part Number: BMD00041. This document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation.

  • Page 3: Table Of Contents

    Who Should Use This Guide 11 What You’ll Find in This Guide 12 Typographic Conventions 13 How to Get Help 14 Chapter 1: Accessing the Switch 15 Configuring an IP Interface 16 Using Telnet 17 Using the Browser-Based Interface 18...
  • Page 4 RackSwitch G8000 Application Guide Chapter 3: VLANs 47 Overview 48 VLANs and Port VLAN ID Numbers 49 VLAN numbers 49 PVID numbers 50 VLAN Tagging 51 VLAN Topologies and Design Considerations 55 VLAN configuration rules 55 Multiple VLANs with Tagging Adapters 56...
  • Page 5 Using 802.1p Priority to Provide QoS 111 802.1p configuration example 112 Queuing and Scheduling 112 Chapter 7: Remote Monitoring 113 Overview 113 RMON group 1—Statistics 114 RMON group 2—History 115 RMON group 3—Alarms 116 RMON group 9—Events 118 BMD00041, November 2008 RackSwitch G8000 Application Guide...
  • Page 6 RackSwitch G8000 Application Guide Chapter 8: Basic IP Routing 119 IP Routing Benefits 120 Routing Between IP Subnets 121 Example of Subnet Routing 123 Using VLANs to segregate Broadcast Domains 124 Configuration example 124 Dynamic Host Configuration Protocol 127 Chapter 9: IGMP 129...
  • Page 7 Figure 5-3:Implementing Multiple Spanning Tree Groups 88 Figure 6-1:QoS Model 94 Figure 6-2:Layer 3 IPv4 packet 106 Figure 6-3:Layer 2 802.1q/802.1p VLAN tagged packet 111 Figure 8-1:The Router Legacy Network 121 Figure 8-2:Switch-Based Routing Topology 123 Figure 10-1:Uplink Failure Detection example 136 BMD00041, November 2008...
  • Page 8 RackSwitch G8000 Application Guide BMD00041, November 2008...
  • Page 9 Tables Table 1-1: Table 1-2: Table 1-3: Table 1-4: Table 4-1: Table 5-1: Table 6-1: Table 6-2: Table 6-3: Table 8-1: Table 8-2: Table 8-3: BMD00041, November 2008 User Access Levels 29 Blade OS-proprietary Attributes for RADIUS 29 Default TACACS+ Authorization Levels 31 Alternate TACACS+ Authorization Levels 31 Actor vs.
  • Page 10 RackSwitch G8000 Application Guide BMD00041, November 2008...

  • Page 11: Preface

    Preface The RackSwitch G8000 Application Guide describes how to configure and use the software on the RackSwitch G8000 switch. For documentation about installing the switch physically, see the Installation Guide for your switch. Who Should Use This Guide This Application Guide is intended for network installers and system administrators engaged in configuring and maintaining a network.

  • Page 12: What You'll Find In This Guide

    RackSwitch G8000 Application Guide What You’ll Find in This Guide This guide will help you plan, implement, and administer RS G8000 software. Where possible, each section provides feature overviews, usage examples, and configuration instructions. Chapter 1, “Accessing the Switch,” istration tasks. This chapter also discusses different methods to manage the switch for remote administrators using specific IP addresses, authentication, and Secure Shell (SSH).

  • Page 13: Typographic Conventions

    This also shows book titles, special terms, or words to be emphasized. Command items shown inside brackets are optional and can be used or excluded as the situation demands. Do not type the brackets. RackSwitch G8000 Application Guide Example View the readme.txt file. Main# Main# sys To establish a Telnet session, enter: host# telnet <IP address>...

  • Page 14: How To Get Help

    RackSwitch G8000 Application Guide How to Get Help If you need help, service, or technical assistance, call Blade Network Technologies Technical Support: US toll free calls: 1-800-414-5268 International calls: 1-408-834-7871 You also can visit our website at the following address: http://www.bladenetwork.net...

  • Page 15: Chapter 1: Accessing The Switch

    Accessing the Switch The Blade OS software provides means for accessing, configuring, and viewing information and statistics about the RackSwitch G8000. This chapter discusses different methods of access- ing the switch and ways to secure the switch for remote administrators: “Configuring an IP Interface”...

  • Page 16: Configuring An Ip Interface

    Telnet program from an external management station to access and control the switch. The G8000 supports a command-line interface (CLI) that you can use to configure and control the switch over the network using the Telnet program. You can use the CLI to perform many basic network management functions.

  • Page 17: Using Telnet

    Telnet access provides the same options for user access and administra- tor access as those available through the console port. To configure the switch for Telnet access, the switch must have an IP address. The switch can get its IP address in one of two ways:...

  • Page 18: Using The Browser-Based Interface

    Web browser. The BBI provides access to the common configuration, management and operation features of the switch through your Web browser. For more information, refer to the RackSwitch G8000 BBI Quick Guide. Configuring BBI access via HTTP By default, BBI access via HTTP is enabled.
  • Page 19 Once BBI access is granted to the client, the BBI can be used as described in the RackSwitch G8000 BBI Quick Guide. The BBI is organized at a high level as follows: Context buttons –...

  • Page 20: Using Snmp

    RackSwitch G8000 Command Reference. Default configuration The G8000 has two SNMP v3 users by default. Both of the following users have access to all the MIBs supported by the switch: 1) username 1: adminmd5 (password adminmd5). Authentication used is MD5.

  • Page 21: User Configuration

    To configure an SNMP user name, enter the following command: RS G8000 (config)# snmp-server user <1-16> name <1-32> User configuration: Users can be configured to use the authentication/privacy options. The G8000 supports two authentication algorithms: MD5 and SHA, as specified in the following command: snmp-server user <1-16> authentication-protocol md5|sha...
  • Page 22 Assign the user to the user group. Use the group table to link the user to a particular access group. RS G8000 (config)# snmp-server group 5 user-name admin RS G8000 (config)# snmp-server group 5 group-name admingrp Chapter 1: Accessing the Switch...

  • Page 23: Configuring Snmp Trap Hosts

    Configuring SNMP Trap Hosts SNMPv1 trap host Configure an entry in the notify table. RS G8000 (config)# snmp-server notify 10 name public RS G8000 (config)# snmp-server notify 10 tag v1trap Specify the IP address and other trap parameters in the targetAddr and targetParam tables.

  • Page 24: Snmpv3 Trap Host Configuration

    SNMPv3. The following example shows how to configure a SNMPv3 user v3trap with authentication only: RS G8000 (config)# snmp-server user 11 name v3trap RS G8000 (config)# snmp-server user 11 authentication-protocol md5 Changing authentication password; validation required:...

  • Page 25: Securing Access To The Switch

    Securing Access to the Switch Secure switch management is needed for environments that perform significant management functions across the Internet. The following features are addressed in this section: “RADIUS Authentication and Authorization” on page 26 “TACACS+ Authentication” on page 30 “End User Access Control”...

  • Page 26: Radius Authentication And Authorization

    A centralized server that stores all the user authorization information A client, in this case, the switch The G8000—acting as the RADIUS client—communicates to the RADIUS server to authenti- cate and authorize a remote administrator using the protocol definitions specified in RFC 2138 and 2866.

  • Page 27: Configuring Radius

    If desired, you may change the default UDP port number used to listen to RADIUS. The well-known port for RADIUS is 1812. RS G8000 (config)# radius-server port <UDP port number> Configure the number retry attempts for contacting the RADIUS server, and the timeout period.

  • Page 28: Radius Authentication Features In Blade Os

    Time-out value = 1-10 seconds Retries = 1-3 The switch will time out if it does not receive a response from the RADIUS server in 1-3 retries. The switch will also automatically retry connecting to the RADIUS server before it declares the server down.

  • Page 29: Switch User Accounts

    Telnet/SSH. Secure backdoor provides switch access when the RADIUS servers cannot be reached. – To obtain the RADIUS backdoor password for your G8000, contact Technical Support. All user privileges, other than those assigned to the Administrator, have to be defined in the RADIUS dictionary.

  • Page 30: Tacacs+ Authentication

    TACACS+ Authentication Blade OS supports authentication and authorization with networks using the Cisco Systems TACACS+ protocol. The G8000 functions as the Network Access Server (NAS) by interacting with the remote client and initiating authentication and authorization sessions with the TACACS+ access server. The remote user is defined as someone requiring management access to the G8000 through a data port.

  • Page 31: Tacacs+ Authentication Features In Blade Os

    1-3. The authorization levels must be defined on the TACACS+ TACACS+ level Table 1-4. Use the following command to set the alternate TACACS+ autho- tacacs-server privilege-mapping TACACS+ level 0 - 1 6 - 8 14 - 15 RackSwitch G8000 Application Guide Chapter 1: Accessing the Switch...

  • Page 32: Command Authorization And Logging

    The adminis- trator has an option to allow secure backdoor access via Telnet/SSH. Secure backdoor provide switch access when the TACACS+ servers cannot be reached. – To obtain the TACACS+ backdoor password for your G8000, contact Technical Support. Accounting Accounting is the action of recording a user's activities on the device for the purposes of billing and/or security.

  • Page 33: Configuring Tacacs+ Authentication

    If desired, you may change the default TCP port number used to listen to TACACS+. The well-known port for TACACS+ is 49. RS G8000 (config)# tacacs-server port <TCP port number> Configure the number of retry attempts, and the timeout period.

  • Page 34: Secure Shell

    Telnet does not provide this level of security. The Telnet method of managing a G8000 does not provide a secure connection. SSH is a protocol that enables remote administrators to log securely into the G8000 over a net- work to execute management commands.

  • Page 35: Generating Rsa Host And Server Keys For Ssh Access

    To support the SSH server feature, two sets of RSA keys (host and server keys) are required. The host key is 1024 bits and is used to identify the G8000. The server key is 768 bits and is used to make it impossible to decipher a captured session by breaking into the G8000 at a later time.

  • Page 36: End User Access Control

    If RADIUS authentication is used, the user password on the Radius server will override the user password on the G8000. Also note that the password change command on the switch only modifies the use switch password and has no effect on the user password on the Radius server.

  • Page 37: Listing Current Users

    2: name john Logging into an End User account Once an end user account is configured and enabled, the user can login to the switch using the username/password combination. The level of switch access is determined by the COS estab- lished for the end user account.
  • Page 38 RackSwitch G8000 Application Guide Chapter 1: Accessing the Switch BMD00041, November 2008...

  • Page 39: Chapter 2: Port-Based Network Access Control

    LAN port that has point-to-point connection characteristics. It prevents access to ports that fail authentication and authorization. This feature provides security to ports of the G8000 that connect to servers. The following topics are discussed in this section: “Extensible Authentication Protocol over LAN”...

  • Page 40: Extensible Authentication Protocol Over Lan

    RackSwitch G8000 Application Guide Extensible Authentication Protocol over LAN The G8000 can provide user-level security for its ports using the IEEE 802.1X protocol, which is a more secure alternative to other methods of port-based network access control. Any device attached to an 802.1X-enabled port that fails authentication is prevented access to the network and denied services offered through that port.

  • Page 41: 802.1X Authentication Process

    Figure 2-1 Authenticating a Port Using EAPoL BMD00041, November 2008 EAPOL G8000 (Authenticator) Ethernet (RADIUS Client) Port Unauthorized EAPOL-Start Radius-Access-Request Radius-Access-Challenge Radius-Access-Request Radius-Access-Accept EAP-Success Port Authorized Chapter 2: Port-based Network Access Control RackSwitch G8000 Application Guide RADIUS Server RADIUS-EAP UDP/IP...

  • Page 42: Eapol Message Exchange

    RADIUS packet to the server. The RADIUS authentication server chooses an EAP-supported authentication algorithm to verify the client’s identity, and sends an EAP-Request packet to the client via the G8000 authenticator. The client then replies to the RADIUS server with an EAP-Response containing its credentials.

  • Page 43: 802.1X Port States

    You can configure this state that allows full access to the port. Use the 802.1X global configuration commands (dot1x) to configure 802.1X authentication for all ports in the switch. Use the 802.1X port commands to configure a single port. BMD00041, November 2008...

  • Page 44: Supported Radius Attributes

    RackSwitch G8000 Application Guide Supported RADIUS attributes The G8000 802.1X Authenticator relies on external RADIUS servers for authentication with EAP. Table 2 RADIUS-EAP authentication based on the guidelines specified in Annex D of the 802.1X standard and RFC 3580. Table 2 Support for RADIUS Attributes...

  • Page 45: Configuration Guidelines

    For example, if a G8000 is connected to another G8000, and if 802.1X is enabled on both switches, the two connected ports must be con- figured in force-authorized mode.
  • Page 46 RackSwitch G8000 Application Guide Chapter 2: Port-based Network Access Control BMD00041, November 2008...

  • Page 47: Chapter 3: Vlans

    HAPTER VLANs This chapter describes network design and topology considerations for using Virtual Local Area Networks (VLANs). VLANs commonly are used to split up groups of network users into man- ageable broadcast domains, to create logical segmentation of workgroups, and to enforce security policies among logical segments.

  • Page 48: Overview

    Ports are grouped into broadcast domains by assigning them to the same VLAN. Frames received in one VLAN can only be forwarded within that VLAN, and multicast, broadcast, and unknown unicast frames are flooded only to ports in the same VLAN. The G8000 supports jumbo frames up to 9,216 bytes.

  • Page 49: Vlans And Port Vlan Id Numbers

    VLANs and Port VLAN ID Numbers VLAN numbers The G8000 supports up to 1024 VLANs per switch. Even though the maximum number of VLANs supported at any given time is 1024, each can be identified with any number between 1 and 4094. VLAN 1 is the default VLAN for all ports.

  • Page 50: Pvid Numbers

    RS G8000 (config)# interface port 7 RS G8000 (config-if)# pvid 7 Each port on the switch can belong to one or more VLANs, and each VLAN can have any number of switch ports in its membership. Any port that belongs to multiple VLANs, however,...

  • Page 51: Vlan Tagging

    VLAN. For example, a port with a PVID of 3 (PVID =3) assigns all untagged frames received on this port to VLAN 3. Any untagged frames received by the switch are classified with the PVID of the receiving port.

  • Page 52: Figure 3-1:Default Vlan Settings

    When a VLAN is configured, ports are added as members of the VLAN, and the ports are defined as either tagged or untagged (see The default configuration settings for the G8000 has all ports set as untagged members of VLAN 1 with all ports configured as PVID = 1. In the default configuration example shown in...

  • Page 53: Figure 3-3:802.1Q Tagging (After Port-Based Vlan Assignment)

    VLAN 2 (PVID = 2). Port 5 is configured as a tagged member of VLAN 2, and port 7 is configured as an untagged member of VLAN 2. – The port assignments in the following figures are not meant to match the G8000. Figure 3-2 Port-based VLAN assignment...

  • Page 54: Figure 3-5:802.1Q Tagging (After 802.1Q Tag Assignment)

    Figure port 5, which is configured as a tagged member of VLAN 2. However, the tagged packet is stripped (untagged) as it leaves the switch through port 7, which is configured as an untagged member of VLAN 2. Figure 3-5 802.1Q tagging (after 802.1Q tag assignment)

  • Page 55: Vlan Topologies And Design Considerations

    By default, the G8000 software is configured so that tagging is disabled on all ports. By default, the G8000 software is configured so that all ports are members of VLAN 1. If you configure Spanning Tree, note that Spanning Tree Groups 2-128 may contain only one VLAN.

  • Page 56: Multiple Vlans With Tagging Adapters

    VLAN 1 VLAN 2 Description This switch is configured with three VLANs that represent three differ- ent IP subnets. Five ports are connected downstream to servers. Two ports are connected upstream to routing switches. Uplink ports are members of all three VLANs, with VLAN tagging enabled.
  • Page 57 Description This server is a member of VLAN 1 and has presence in only one IP subnet. The associated switch port is only a member of VLAN 1, so tagging is disabled. This server is a member of VLAN 1 and has presence in only one IP subnet.

  • Page 58: Vlan Configuration Example

    VLAN configuration example Use the following procedure to configure the example network shown in Enable VLAN tagging on server ports that support multiple VLANs. RS G8000 (config)# interface port 5 RS G8000 (config-if)# tagging RS G8000 (config-if)# exit Enable tagging on uplink ports that support multiple VLANs.

  • Page 59: Private Vlans

    Traffic sent to an isolated port is blocked by the Private VLAN, except the traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports. BMD00041, November 2008 RackSwitch G8000 Application Guide Chapter 3: VLANs...

  • Page 60: Configuration Guidelines

    Select a VLAN and define the Private VLAN type as primary. RS G8000 (config)# vlan 100 RS G8000 (config-vlan)# enable RS G8000 (config-vlan)# member 2 RS G8000 (config-vlan)# private-vlan type primary RS G8000 (config-vlan)# private-vlan enable RS G8000 (config-vlan)# exit Chapter 3: VLANs...
  • Page 61 RS G8000 (config)# vlan 110 RS G8000 (config-vlan)# enable RS G8000 (config-vlan)# member 3 RS G8000 (config-vlan)# member 4 RS G8000 (config-vlan)# private-vlan type isolated RS G8000 (config-vlan)# private-vlan map 100 RS G8000 (config-vlan)# private-vlan enable RS G8000 (config-vlan)# exit Verify the configuration.
  • Page 62 RackSwitch G8000 Application Guide Chapter 3: VLANs BMD00041, November 2008...

  • Page 63: Chapter 4: Ports And Trunking

    HAPTER Ports and Trunking Trunk groups can provide super-bandwidth, multi-link connections between switches or other trunk-capable devices. A trunk group is a group of ports that act together, combining their bandwidth to create a single, larger virtual link. This chapter provides configuration back- ground and examples for trunking multiple ports together: ““Overview”...

  • Page 64: Overview

    (portchannels) and up to 52 LACP trunk groups, consisting of 1-8 ports in each group. Trunk groups are also useful for connecting a G8000 to third-party devices that support link aggregation, such as Cisco routers and switches with EtherChannel technology (not ISL trunk- ing technology) and Sun's Quad Fast Ethernet Adapter.

  • Page 65: Before You Configure Static Trunks

    Before you configure static trunks When you create and enable a static trunk, the trunk members (switch ports) take on certain settings necessary for correct operation of the trunking feature. Before you configure your trunk, you must consider these settings, along with specific config-...
  • Page 66 RackSwitch G8000 Application Guide All trunk members must be in the same Spanning Tree Group (STG) and can belong to only one Spanning Tree Group (STG). However if all ports are tagged, then all trunk ports can belong to multiple STGs.

  • Page 67: Port Trunking Example

    In the example below, three ports are trunked between two switches. Figure 4-1 Port Trunk Group Configuration Example Prior to configuring each switch in the above example, you must connect to the appropriate switch’s Command Line Interface (CLI) as the administrator.
  • Page 68 Connect the switch ports that will be members in the trunk group. Trunk group 3 (on the G8000) is now connected to trunk group 1 (on the other switch). – In this example, two G8000 switches are used. If a third-party device supporting link...

  • Page 69: Configurable Trunk Hash Algorithm

    You can select a minimum of one or a maximum of two parameters to create one of the following configurations: Source MAC (SMAC): RS G8000 (config)# portchannel hash source-mac-address Destination MAC (DMAC): RS G8000 (config)# portchannel hash destination-mac-address Source MAC (SMAC) + Destination MAC (DMAC):...

  • Page 70: Link Aggregation Control Protocol

    The Admin key is local significant, which means the partner switch does not need to use the same Admin key value. For example, consider two switches, an Actor (the G8000) and a Partner (another switch), as shown in Table Table 4-1 Actor vs.
  • Page 71 It provides for the controlled addition and removal of physical links for the link aggrega- tion. Each port on the switch can have one of the following LACP modes. off (default) The user can configure this port in to a regular static trunk group.

  • Page 72: Lacp Configuration Guidelines

    VLAN membership. Select a range of ports and define the admin key. Only ports with the same admin key can form a LACP trunk group. RS G8000 (config)# interface port 2-6 RS G8000 (config-if)# lacp key 100 Set the LACP mode.

  • Page 73: Chapter 5: Spanning Tree

    HAPTER Spanning Tree When multiple paths exist on a network, Spanning Tree Protocol configures the network so that a switch uses only the most efficient path. The following topics are discussed in this chapter: “Overview” on page 74 “Rapid Spanning Tree Protocol” on page 80 “Per VLAN Rapid Spanning Tree”...

  • Page 74: Overview

    Spanning Tree Protocol detects and eliminates logical loops in a bridged or switched network. When multiple paths exist, Spanning Tree configures the network so that a switch uses only the most efficient path. If that path fails, Spanning Tree automatically sets up another active path on the network to sustain network operations.

  • Page 75: Bridge Protocol Data Units (Bpdus)

    Determining the Path for Forwarding BPDUs When determining which port to use for forwarding and which port to block, the G8000 uses information in the BPDU, including each bridge ID. A technique based on the “lowest root cost” is then computed to determine the most efficient path for forwarding.

  • Page 76: Spanning Tree Group Configuration Guidelines

    A value of 0 indicates that the default cost will be computed for an auto-negoti- ated link speed. Use the following command to modify the port path cost: RS G8000 (config-if)# spanning-tree stp 1 path-cost <0-200000000> Spanning Tree Group configuration guidelines This section provides important information on configuring Spanning Tree Groups (STGs):...
  • Page 77 VLANs. Assign the VLAN to the STG using the following command: RS G8000 (config-if)# spanning-tree stp 1 vlan <1-4094> If the association between the spanning-tree group and a VLAN is broken, the spanning- tree parameters are cleared. Reconfigure all of the parameters for the STG.

  • Page 78: Adding And Removing Ports From Stgs

    For example, assume that VLAN 2 belongs to STG 2. You add an untagged port (port 5) that belongs to STG 2 to VLAN 2. The port becomes a member of STG 2, and the switch displays a message to inform you that the PVID changed from 1 to 2: "Port 5 is an UNTAGGED port and its PVID changed from 1 to 2.
  • Page 79 VLAN members, Spanning Tree will be off on all ports belonging to that VLAN. The relationship between port, trunk groups, VLANs, and Spanning Trees is shown in Table 5-1. BMD00041, November 2008 RackSwitch G8000 Application Guide Chapter 5: Spanning Tree...

  • Page 80: Rapid Spanning Tree Protocol

    RSTP. There are new STP parameters to support RSTP, and some values to existing parameters are different. RSTP is compatible with devices that run 802.1D (1998) Spanning Tree Protocol. If the switch detects 802.1D (1998) BPDUs, it responds with 802.1D (1998)-compatible data units. RSTP is not compatible with Per VLAN Spanning Tree (PVST+) protocol.

  • Page 81: Port Type And Link Type

    When RSTP is turned on, STP parameters apply only to STP Group 1. When RSTP is turned on, STG 2-128 are turned off. When RSTP is turned on, all VLANs are moved to Spanning Tree Group 1. BMD00041, November 2008 RackSwitch G8000 Application Guide Chapter 5: Spanning Tree...

  • Page 82: Rstp Configuration Example

    RackSwitch G8000 Application Guide RSTP configuration example This section provides steps to configure Rapid Spanning Tree on the G8000, using the Command-Line Interface (ISCLI). Rapid Spanning Tree Protocol is the default setting on the G8000. Configure Rapid Spanning Tree Rapid Spanning Tree is the default Spanning Tree mode on the G8000.

  • Page 83: Bmd00041, November

    PVRST+ is based on IEEE 802.1w Rapid Spanning Tree Protocol. In PVRST mode, the G8000 supports a maximum of 128 Spanning Tree Groups (STGs). Multiple STGs provide multiple data paths, which can be used for load-balancing and redun- dancy.

  • Page 84: Why Do We Need Multiple Spanning Trees

    The following examples describe why we need multiple spanning trees. Figure 5-1, VLAN 1 and VLAN 2 pass traffic between switch 1 and switch 2. If you have a single Spanning Tree Group, the switches see an apparent physical loop, and one VLAN may become blocked, affecting connectivity, even though no logical loop exists.

  • Page 85: Pvrst Configuration Guidelines

    Tree Groups: By default, STGs 2-128 are empty, and STG 1 contains all configured VLANs until indi- vidual VLANs are assigned to other STGs. The G8000 allows only one VLAN per STG, except for STG 1. If the ports are tagged, each port sends out a special BPDU containing the tagged informa- tion.

  • Page 86: Multiple Spanning Tree Protocol

    The Common Internal Spanning Tree (CIST) provides a common form of Spanning Tree Pro- tocol, with one Spanning-Tree instance that can be used throughout the MSTP region. CIST allows the switch to interoperate with legacy equipment, including devices that run IEEE 802.1D (1998).

  • Page 87: Mstp Configuration Guidelines

    When MSTP is turned on, the switch automatically moves all VLANs to the CIST. When MSTP is turned off, the switch moves all VLANs from the CIST to STG 1. When enabling MSTP, Region Name must be configured, and a default version number of 0 (zero) is configured automatically.

  • Page 88: Figure 5-3:Implementing Multiple Spanning Tree Groups

    RackSwitch G8000 Application Guide Enterprise Routing Switch (MSTP Group 1 root) Passing VLAN 1 Blocking VLAN 2 Server 1 VLAN 2 Figure 5-3 Implementing Multiple Spanning Tree Groups Chapter 5: Spanning Tree Server 2 Server 3 VLAN 2 VLAN 1...

  • Page 89: Configuring Multiple Spanning Tree Groups

    Configuring Multiple Spanning Tree Groups This configuration shows how to configure MSTP Groups on the switch, as shown Figure 5-3. Configure port membership and define the Spanning Tree groups for VLAN 1. Enable tagging on uplink ports that share VLANs. Port 51 and port 52 connect to the Enter- prise Routing switches.
  • Page 90 Add server ports 3, 4, and 5 to VLAN 2. Add uplink ports 51 and 52 to VLAN 2. Assign VLAN 2 to Spanning Tree Group 2. RS G8000 (config)# vlan 2 RS G8000 (config-vlan)# enable RS G8000 (config-vlan)# member 1...

  • Page 91: Fast Uplink Convergence

    Fast Uplink Convergence Fast Uplink Convergence enables the G8000 to recover quickly from the failure of the primary link or trunk group in a Layer 2 network using Spanning Tree Protocol. Normal recovery can take as long as 50 seconds, while the backup link transitions from Blocking to Listening to Learning and then Forwarding states.
  • Page 92 RackSwitch G8000 Application Guide Chapter 5: Spanning Tree BMD00041, November 2008...

  • Page 93: Chapter 6: Quality Of Service

    HAPTER Quality of Service Quality of Service features allow you to allocate network resources to mission-critical applica- tions at the expense of applications that are less sensitive to such factors as time delays or net- work congestion. You can configure your network to prioritize specific types of traffic, ensuring that each type receives the appropriate Quality of Service (QoS) level.

  • Page 94: Overview

    RackSwitch G8000 Application Guide Overview QoS helps you allocate guaranteed bandwidth to the critical applications, and limit bandwidth for less critical applications. Applications such as video and voice must have a certain amount of bandwidth to work correctly; using QoS, you can provide that bandwidth when necessary.

  • Page 95: Using Acl Filters

    ACLs are used to control whether packets are forwarded or blocked at the switch ports. ACLs can provide basic security for access to the network. For example, you can use an ACL to per- mit one host to access a part of the network, and deny another host access to the same area.

  • Page 96: Ip Standard Acls

    RackSwitch G8000 Application Guide IP Standard ACLs The switch supports up to 127 IP ACLs (standard and extended). IP Standard ACLs are num- bered from 1-1000. Use IP Standard ACLs to filter traffic using source IP address/network mask and destination IP address/network/mask.
  • Page 97 To create an IP Extended ACL: RS G8000 (config)# access-list ip extended 1001 RS G8000 (config-ext-nacl)# To delete an IP Extended ACL: RS G8000 (config)# no access-list ip extended 1001 RS G8000 (config)# BMD00041, November 2008 Protocol Name icmp...

  • Page 98: Understanding Acl Priority

    The other assigned ACLs are considered in numeric order, from highest to lowest. In the following example, the switch considers ACL 1003 before ACL 1001 because ACL 1003 has a higher priority. The order in which the ACLs are assigned to a port does not affect their priority.

  • Page 99: Viewing Acl Statistics

    To delete an ACL from a port: RS G8000 (config)# interface port 1 RS G8000 (config-if)# no ip access-group 1001 in RS G8000 (config-if)# exit Each port retains its assigned ACLs, even if the port becomes a member of a trunk group (portchannel).

  • Page 100: Acl Configuration Examples

    Use this configuration to block traffic to a specific host. All traffic that ingresses port 1 is denied if it is destined for the host at IP address 100.10.1.1 Configure an Access Control List. RS G8000 (config)# access-list ip standard 1 RS G8000 (config-std-nacl)# deny any host 100.10.1.1 RS G8000 (config-std-nacl)# exit Assign the ACL to port 1.
  • Page 101 All traffic that ingresses port 10 with source IP from the class 100.10.1.0/24 and destination IP 200.20.2.2 is denied. Configure an Access Control List. RS G8000 (config)# access-list ip standard 2 RS G8000 (config-std-nacl)# deny 100.10.1.0 255.255.255.0 RS G8000 (config-std-nacl)# exit Assign the ACL to port 10.
  • Page 102 Use this configuration to block HTTP traffic on a port. Configure an Access Control List. RS G8000 (config)# access-list ip extended 1002 RS G8000 (config-ext-nacl)# deny tcp any any eq 80 RS G8000 (config-ext-nacl)# exit Add the ACL to a port.
  • Page 103 Configure one IP ACL for each type of traffic that you want to permit. RS G8000 (config)# access-list ip extended 1103 RS G8000 (config-ext-nacl)# permit tcp any any eq 80 RS G8000 (config-ext-nacl)# exit RS G8000 (config)# access-list ip extended 1104...
  • Page 104 RackSwitch G8000 Application Guide Assign the ACLs to a port. RS G8000 (config)# interface port 7 RS G8000 (config-if)# ip access-group 1103 in RS G8000 (config-if)# ip access-group 1104 in RS G8000 (config-if)# ip access-group 1105 in RS G8000 (config-if)# ip access-group 1106 in...

  • Page 105: Using Storm Control Filters

    Using Storm Control Filters The G8000 provides filters that can limit the number of the following packet types transmitted by switch ports: Broadcast packets Multicast packets Unknown unicast packets (destination lookup failure) Broadcast storms Excessive transmission of broadcast or multicast traffic can result in a broadcast storm.

  • Page 106: Using Dscp Values To Provide Qos

    DSCP is a measure of the Quality of Service (QoS) level of the packet. The switch can classify traffic by reading the DiffServ Code Point (DSCP) or IEEE 802.1p priority value, or by using filters to match specific criteria. When network traffic attributes match those specified in a traffic pattern, the policy instructs the switch to perform specified actions on each packet that passes through it.
  • Page 107 Read the DSCP value of ingress packets. Map the DSCP value to an 802.1p priority. The switch can use the DSCP value to direct traffic prioritization. With DiffServ, you can establish policies to direct traffic. A policy is a traffic-controlling...

  • Page 108: Per Hop Behavior

    RackSwitch G8000 Application Guide Per Hop Behavior The DSCP value determines the Per Hop Behavior (PHB) of each packet. The PHB is the for- warding treatment given to packets at each hop. QoS policies are built by applying a set of rules to packets, based on the DSCP value, as they hop through the network.

  • Page 109: Qos Levels

    QoS Levels Table 6-3 shows the default service levels provided by the switch, listed from highest to lowest importance: Table 6-3 Default QoS Service Levels Service Level Critical Network Control Premium Platinum Gold Silver Bronze Standard BMD00041, November 2008 RackSwitch G8000 Application Guide Default PHB 802.1p Priority...
  • Page 110 RackSwitch G8000 Application Guide DSCP-to-802.1p mapping The switch can use the DSCP value of ingress packets to set the 802.1p priority value. Use the following command to view the default settings. RS G8000 (config)# show qos dscp Current DSCP Remarking Configuration: DSCP New 802.1p Prio...

  • Page 111: Using 802.1P Priority To Provide Qos

    Using 802.1p Priority to Provide QoS The G8000 provides Quality of Service functions based on the priority bits in a packet’s VLAN header. (The priority bits are defined by the 802.1p standard within the IEEE 802.1Q VLAN header.) The 802.1p bits, if present in the packet, specify the priority that should be given to packets during forwarding.

  • Page 112: 802.1P Configuration Example

    RS G8000 (config)# qos transmit-queue weight-cos 10 Queuing and Scheduling The G8000 has up to eight output Class of Service (COS) queues per port, into which each packet is placed. Each packet’s 802.1p priority determines its COS queue. Each COS queue uses Weighted Round Robin (WRR) scheduling, with user configurable weight from 1 to 15.

  • Page 113: Chapter 7: Remote Monitoring

    Notify administrators by issuing a syslog message or SNMP trap. Overview The RMON MIB provides an interface between the RMON agent on the switch and an RMON management application. The RMON MIB is described in RFC 1757. The RMON standard defines objects that are suitable for the management of Ethernet net- works.

  • Page 114: Rmon Group 1-Statistics

    Configure the RMON statistics on a port. RS G8000 (config)# interface port 1 RS G8000 (config-if)# rmon collection-stats 1 RS G8000 (config-if)# rmon collection-stats owner “port 1 rmon” This configuration enables RMON statistics on port 1. View RMON statistics for the port.

  • Page 115: Rmon Group 2-History

    Data is stored in buckets, which store data gathered during discreet sampling intervals. At each configured interval, the History index takes a sample of the current Ethernet statistics, and places them into a bucket. History data buckets reside in dynamic memory. When the switch is re-booted, the buckets are emptied.

  • Page 116: Configuring Rmon History

    The RMON Alarm group allows you to define a set of thresholds used to determine network performance. When a configured threshold is crossed, an alarm is generated. For example, you can configure the switch to issue an alarm if more than 1,000 CRC errors occur during a 10- minute time interval.

  • Page 117: Configuring Rmon Alarms

    Use one of the following commands to correlate an Alarm index to an Event index: RS G8000 (config)# rmon alarm <alarm number> rise-event <event number> RS G8000 (config)# rmon alarm <alarm number> fall-event <event number> When the alarm threshold is reached, the corresponding event is triggered.

  • Page 118: Rmon Group 9-Events

    RS G8000 (config)# rmon alarm 1 rising-threshold 200 RS G8000 (config)# rmon alarm 1 sample-type delta RS G8000 (config)# rmon alarm 1 owner "Alarm for icmpInEchos" This configuration creates an RMON alarm that checks icmpInEchos on the switch once every minute. If the statistic exceeds 200 within a 60 second interval, an alarm is generated that triggers event index 110.

  • Page 119: Chapter 8: Basic Ip Routing

    HAPTER Basic IP Routing This chapter provides configuration background and examples for using the G8000 to perform IP routing functions. The following topics are addressed in this chapter: “IP Routing Benefits” on page 120 “Routing Between IP Subnets” on page 121 “Example of Subnet Routing”...

  • Page 120: Ip Routing Benefits

    RackSwitch G8000 Application Guide IP Routing Benefits The switch uses a combination of configurable IP switch interfaces and IP routing options. The switch IP routing capabilities provide the following benefits: Connects the server IP subnets to the rest of the backbone network.

  • Page 121: Figure 8-1:The Router Legacy Network

    The physical layout of most corporate networks has evolved over time. Classic hub/router topologies have given way to faster switched topologies, particularly now that switches are increasingly intelligent. The G8000 is intelligent and fast enough to perform routing functions on a par with wire speed Layer 2 switching.
  • Page 122 This is a situation that switching alone cannot cure. Instead, the router is flooded with cross- subnet communication. This compromises efficiency in two ways: Routers can be slower than switches. The cross-subnet side trip from the switch to the router and back again adds two hops for the data, slowing throughput considerably.

  • Page 123: Figure 8-2:Switch-Based Routing Topology

    Example of Subnet Routing Consider the role of the G8000 in the following configuration example: Server subnet 1: 100.20.10.2-254 Figure 8-2 Switch-Based Routing Topology The switch connects the Gigabit Ethernet and Fast Ethernet trunks from various switched sub- nets throughout one building. Common servers are placed on another subnet attached to the switch.

  • Page 124: Configuration Example

    Database servers Terminal Servers Assign an IP interface for each subnet attached to the switch. Since there are four IP subnets connected to the switch, four IP interfaces are needed: Table 8-2 Subnet Routing Example: IP Interface Assignments Interface Devices...
  • Page 125 Default router Web servers Database servers Terminal Servers – To perform this configuration, you must be connected to the switch Command Line Interface (CLI) as the administrator. Add the switch ports to their respective VLANs. The VLANs shown in RS G8000 (config)# vlan 1...
  • Page 126 RS G8000 (config-ip-if)# enable RS G8000 (config-ip-if)# exit Configure the default gateway to the routers’ addresses. The default gateway allows the switch to send outbound traffic to the router: RS G8000 (config)# ip gateway address 205.21.17.1 RS G8000 (config)# ip gateway enable Enable IP routing.

  • Page 127: Dynamic Host Configuration Protocol

    IP address when a device is connected to a differ- ent place in the network. The switch accepts gateway configuration parameters if they have not been configured manually. The switch ignores DHCP gateway parameters if the gateway is configured.
  • Page 128 RackSwitch G8000 Application Guide Chapter 8: Basic IP Routing BMD00041, November 2008...

  • Page 129: Chapter 9: Igmp

    IP Multicast source that provides the data streams and the cli- ents that want to receive the data. The G8000 can perform IGMP Snooping, and connect to static multicast routers (Mrouters). The following topics are discussed in this chapter: “IGMP Snooping”...

  • Page 130: Igmp Snooping

    If a host fails to respond with a Membership Report, the Mrouter stops sending the multicast to that path. The host can send a Leave Report to the switch, which sends a proxy Leave Report to the Mrouter. The multicast path is terminated immediately.

  • Page 131: Igmpv3 Snooping

    FastLeave In normal IGMP operation, when the switch receives an IGMPv2 Leave message, it sends a Group-Specific Query to determine if any other devices in the same group (and on the same port) are still interested in the specified multicast group traffic. The switch removes the affili-...

  • Page 132: Igmp Snooping Configuration Example

    To disable snooping on EXCLUDE mode reports, use the following command: RS G8000 (config) By default, the switch snoops the first eight sources listed in the IGMPv3 Group Record. Use the following command to change the number of snooping sources: RS G8000 (config) IGMPv3 Snooping is compatible with IGMPv1 and IGMPv2 Snooping.
  • Page 133 View dynamic IGMP information. RS G8000# show ip igmp groups Note: Local groups (224.0.0.x) are not snooped/relayed and will not appear. Source -------------- --------------- ------- ------ -------- 10.1.1.1 10.1.1.5 10.10.10.43 RS G8000# show ip igmp mrouter VLAN Port ------ ------- These commands display information about IGMP Groups and Mrouters learned by the switch.

  • Page 134: Static Multicast Router

    For each MRouter, configure a port or trunk group (1-52, po1-po104), VLAN (1-4094) and version (1-3). RS G8000 (config)# ip igmp mrouter 5 1 2 The IGMP version is set for each VLAN, and cannot be configured separately for each Mrouter.

  • Page 135: Chapter 10: High Availability

    HAPTER High Availability The RackSwitch G8000 supports high-availability network topologies. The following topics are discussed in this chapter: “Uplink Failure Detection” on page 136. BMD00041, November 2008...

  • Page 136: Uplink Failure Detection

    The following figure shows a basic UFD configuration, with a Failure Detection Pair (FDP) that consists of one LtM (Link to Monitor) and one LtD (Link to Disable). When the switch detects a link failure in the LtM, it disables the ports in the LtD. The servers detect the disabled ports, which triggers a NIC failover.

  • Page 137: Configuration Guidelines

    If Spanning Tree Protocol (STP) is enabled on ports in the LtM, then the switch monitors the STP state and the link status on ports in the LtM. The switch automatically disables the ports in the LtD when it detects a link failure or STP BLOCKING state.

  • Page 138: Configuring Ufd

    The following procedure pertains to the example shown in Configure Network Adapter Teaming on the servers. Assign the Link to Monitor (LtM) ports. RS G8000 (config)# ufd fdp ltm port 2 Assign the Link to Disable (LtD) ports. RS G8000 (config)# ufd fdp ltd port 16 Turn on Uplink Failure Detection (UFD).

  • Page 139: Troubleshooting

    PPENDIX Troubleshooting This section discusses some tools to help you troubleshoot common problems on the RackSwitch G8000: “Monitoring Ports” on page 140 BMD00041, November 2008...

  • Page 140: Appendix A: Troubleshooting

    The G8000 enables you to mirror port traffic for all layer 2 and layer 3. Port mirroring can be used as a troubleshooting tool or to enhance the security of your network. For example, an IDS server can be connected to the monitor port to detect intruders attacking the network.

  • Page 141: Configuring Port Mirroring

    Configuring Port Mirroring To configure port mirroring for the example shown in Specify the monitoring port, the mirroring port(s), and the port-mirror direction. RS G8000 (config)# port-mirroring monitor-port 3 mirroring-port 2 in RS G8000 (config)# port-mirroring monitor-port 3 Enable port mirroring.
  • Page 142 RackSwitch G8000 Application Guide Appendix A: Troubleshooting BMD00041, November 2008...

  • Page 143: Bmd00041, November

    ... 129 ... 13 Numerics ... 111 802.1p ... 51 802.1Q VLAN tagging ... 95 Access Control List (ACL) accessing the switch ... 26 RADIUS authentication ... 25 security TACACS+ authentication using the Browser-based Interface ... 29 administrator account ... 97...
  • Page 144 RackSwitch G8000 Application Guide ...20 IBM Director ...97 ICMP IEEE standards ...74 802.1D ...111 802.1p ...51 802.1Q ...74 802.1s ...74 802.1w ...40 802.1X ...97, 129 IGMP ...130 IGMP Snooping ...131 IGMPv3 Internet Group Management Protocol (IGMP) IP address ...124 routing example ...17...
  • Page 145 VLANs ... 50 port members PVID routing security Spanning-Tree Protocol tagging topologies ... 51 RackSwitch G8000 Application Guide ... 13 ... 69 ... 65 ... 13 ... 136 ... 29 ... 47 ... 65 ... 50 ... 56 ...

Table of Contents

Save PDF