Page 1 Summit 300-48 Switch Software User Guide Software Version 6.2a Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 http://www.extremenetworks.com Published: May 2004 Part number: 123007-00 Rev. 02...
Page 2 Extreme Solution Partners Logo, ServiceWatch, Summit, the Summit7i Logo, and the Color Purple, among others, are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and other countries. Other names and marks may be the property of their respective owners.
Page 3: Table Of Contents
Security Features Under License Control Software Factory Defaults Chapter 2 Accessing the Switch Understanding the Command Syntax Syntax Helper Command Shortcuts Summit 300-48 Switch Numerical Ranges Names Symbols Line-Editing Keys Command History Common Commands Summit 300-48 Switch Software User Guide...
Page 4 Saving Changes Filtering Information Do a GET When Configuring a VLAN Sending Screen Output to Extreme Networks Using the Simple Network Time Protocol Configuring and Using SNTP SNTP Configuration Commands SNTP Example Show Odometer Command Summit 300-48 Switch Software User Guide...
Page 5 Displaying VLAN Settings Chapter 6 Wireless Networking Overview of Wireless Networking Summary of Wireless Features Wireless Devices Altitude 300-2d Detachable Antenna Bridging Managing the Altitude 300 Wireless Show Commands Configuring RF Properties Configuring RF Monitoring Summit 300-48 Switch Software User Guide Contents...
Page 6 Network Security Policies for Wireless Interfaces Policy Design Policy Examples Policies and RADIUS Support RADIUS Attributes CLI Commands for Security on the Switch Security Profile Commands Secure Web Login Access Creating Certificates and Private Key Example Wireless Configuration Processes Summit 300-48 Switch Software User Guide...
Page 7 The permit-established Keyword Adding Access Mask, Access List, and Rate Limit Entries Deleting Access Mask, Access List, and Rate Limit Entries Verifying Access Control List Configurations Access Control List Commands Access Control List Examples Summit 300-48 Switch Software User Guide Contents...
Page 8 Logging Local Logging Remote Logging Logging Configuration Changes Logging Commands RMON About RMON RMON Features of the Switch Configuring RMON Event Actions Chapter 13 Spanning Tree Protocol (STP) Overview of the Spanning Tree Protocol Summit 300-48 Switch Software User Guide...
Page 9 Configuring DHCP/BOOTP Relay Verifying the DHCP/BOOTP Relay Configuration UDP-Forwarding Configuring UDP-Forwarding UDP-Forwarding Example ICMP Packet Processing UDP-Forwarding Commands Appendix A Safety Information Important Safety Information Power Power Cord Connections Lithium Battery Appendix B Supported Standards Summit 300-48 Switch Software User Guide Contents...
Page 10 Accessing the Bootloader CLI Boot Option Commands Appendix D Troubleshooting LEDs Using the Command-Line Interface Port Configuration VLANs Debug Tracing Debug Trace for Wireless TOP Command Contacting Extreme Technical Support Index Index of Commands Summit 300-48 Switch Software User Guide...
Page 11 Figures Summit 300-48 Switch Software User Guide Example of a port-based VLAN on the Summit 300-48 switch Single port-based VLAN spanning two switches Two port-based VLANs spanning two switches Physical diagram of tagged and untagged traffic Logical diagram of tagged and untagged traffic...
Page 12 Figures Summit 300-48 Switch Software User Guide...
Page 13 Tables Summit 300-48 Switch Software User Guide Notice Icons Text Conventions ExtremeWare Summit 300-48 Factory Defaults Command Syntax Symbols Line-Editing Keys Common Commands Default Accounts DNS Commands Ping Command Parameters SNMP Configuration Commands RADIUS Commands Multiselect List Box Key Definitions...
Page 14 Default Code Point-to-QoS Profile Mapping Status Monitoring Commands Port Monitoring Display Keys Fault Levels Assigned by the Switch Fault Log Subsystems Logging Commands Event Actions STP Configuration Commands STP Disable and Reset Commands Relative Route Priorities Summit 300-48 Switch Software User Guide...
Page 15 Summit 300-48 Switch Software User Guide Basic IP Commands Route Table Configuration Commands ICMP Configuration Commands Router Show Commands Router Reset and Disable Commands UDP-Forwarding Commands Bootstrap Command Options Bootloader Command Options Boot Option Commands Tables...
Page 16 Tables Summit 300-48 Switch Software User Guide...
Page 17: Preface
• Internet Protocol (IP) concepts • Simple Network Management Protocol (SNMP) NOTE If the information in the release notes shipped with your switch differs from the information in this guide, follow the release notes. Conventions Table 1 and Table 2 list conventions that are used throughout this guide.
Page 18: Related Publications
The publications related to this one are: • ExtremeWare Release Notes • Summit 300-48 Switch Release Notes Documentation for Extreme Networks products is available on the World Wide Web at the following location: • http://www.extremenetworks.com/ Summit 300-48 Switch Software User Guide...
Page 19: Extremeware Overview
• Security Licensing on page 22 • Software Factory Defaults on page 22 ExtremeWare is the full-featured software operating system that is designed to run on the Summit 300-48 switch. This section describes the supported ExtremeWare features for the Summit 300-48 switch. Summary of Features The Summit 300-48 switch supports the following ExtremeWare features: •...
Page 20: Unified Access
For more information on VLANs, see Chapter 5, “Virtual LANs (VLANs)”. Spanning Tree Protocol The Summit 300-48 supports the IEEE 802.1D Spanning Tree Protocol (STP), which is a bridge-based mechanism for providing fault tolerance on networks. STP enables you to implement parallel paths for network traffic, and ensure that: •...
Page 21: Quality Of Service
For information on load sharing, see Chapter 4, “Configuring Ports on a Switch”. ESRP-Aware Switches Extreme switches that are not running ESRP, but are connected on a network that has other Extreme switches running ESRP are ESRP-aware. When ESRP-aware switches are attached to ESRP-enabled switches, the ESRP-aware switches reliably perform fail-over and fail-back scenarios in the prescribed recovery times.
Page 22: Security Licensing
Certain additional ExtremeWare security features, such as the use of Secure Shell (SSH2) encryption, may be under United States export restriction control. Extreme Networks ships these security features in a disabled state. You can obtain information on enabling these features at no charge from Extreme Networks.
Page 23 Table 3: ExtremeWare Summit 300-48 Factory Defaults (continued) Item IP multicast routing IGMP IGMP snooping SNTP Port Mirroring Wireless NOTE For default settings of individual ExtremeWare features, see the applicable individual chapters in this guide. Summit 300-48 Switch Software User Guide...
Page 24 ExtremeWare Overview Summit 300-48 Switch Software User Guide...
Page 25: Accessing The Switch
If an asterisk (*) appears in front of the command-line prompt, it indicates that you have outstanding configuration changes that have not been saved. For more information on saving configuration changes, see Appendix C, “Software Upgrade and Boot Options”. Summit 300-48 Switch Software User Guide...
Page 26: Syntax Helper
1:1-1:3,1:6 Summit 300-48 Switch Numerical Ranges Commands that require you to enter one or more slot:port numbers on a Summit 300-48 switch use the parameter in the syntax. A portlist can be a range of numbers, for example: <portlist>...
Page 27: Names
Names All named components of the switch configuration must have a unique name. Names must begin with an alphabetical character and are delimited by white space, unless enclosed in quotation marks. Symbols You may see a variety of symbols shown as part of the command syntax. These symbols explain how to enter the command, and you do not type them as part of the command itself.
Page 28: Command History
ExtremeWare “remembers” the last 49 commands you entered. You can display a list of these commands by using the following command: history Common Commands Table 6 describes common commands used to manage the switch. Commands specific to a particular feature are described in the other chapters of this guide. Table 6: Common Commands Command clear session <number>...
Page 29 <name> disable bootp vlan [<name> | all] disable cli-config-logging disable clipaging disable idletimeouts disable ports <portlist> Summit 300-48 Switch Software User Guide Description Configures a recovery option for instances where an exception occurs in ExtremeWare. Specify one of the following: •...
Page 30: Configuring Management Access
If you specify the keyword all, the switch erases the currently selected configuration image in flash memory and reboots. As a result, all parameters are reset to default settings. Summit 300-48 Switch Software User Guide...
Page 31: User Account
Summit 300-48:2> Administrator Account An administrator-level account can view and change all switch parameters. It can also add and delete users, and change the password associated with any account name. The administrator can disconnect a management session that has been established by way of a Telnet connection. If this happens, the user logged on by way of the Telnet connection is notified that the session has been terminated.
Page 32: Creating A Management Account
Creating a Management Account The switch can have a total of 16 management accounts. You can use the default names (admin and user), or you can create new names and passwords for the accounts. Passwords can have a minimum of 0 characters and can have a maximum of 31 characters.
Page 33: Domain Name Service Client Services
<domain_name> config dns-client delete <ipaddress> nslookup <hostname> show dns-client Summit 300-48 Switch Software User Guide utility can be used to return the IP address of a hostname. Description Adds a DNS name server(s) to the available server list for the DNS client. Up to three name servers can be configured.
Page 34: Checking Basic Connectivity
Traceroute command enables you to trace the routed path between the switch and a destination traceroute endstation. The command syntax is: traceroute traceroute [<ip_address> | <hostname>] {from <src_ipaddress>} {ttl <TTL>} {port <port>}...
Page 35 ICMP packet. If not specified, the address of the from transmitting interface is used. configures the switch to trace up to the time-to-live number of the switch. • • uses the specified UDP port number.
Page 36 Accessing the Switch Summit 300-48 Switch Software User Guide...
Page 37: Overview
• Access the CLI by connecting a terminal (or workstation with terminal-emulation software) to the console port. • Access the switch remotely using TCP/IP through one of the switch ports. Remote access includes: — Telnet using the CLI interface. — SSH2 using the CLI interface.
Page 38: Using The Console Interface
Managing the Switch Using the Console Interface The CLI built into the switch is accessible by way of the 9-pin, RS-232 port labeled console, located on the front of the Summit 300-48 switch. After the connection has been established, you will see the switch prompt and you can log in.
Page 39 IP address of the VLAN. All VLANs within a switch that are configured to use BOOTP to get their IP address use the same MAC address. Therefore, if you are using DHCP/BOOTP relay through a router, the BOOTP server must be capable of differentiating its relay based on the gateway portion of the BOOTP packet.
Page 40: Disconnecting A Telnet Session
Your changes take effect immediately. NOTE As a general rule, when configuring any IP addresses for the switch, you can express a subnet mask by using dotted decimal notation, or by using classless inter-domain routing notation (CIDR). CIDR uses a forward slash plus the number of significant bits in the subnet mask.
Page 41: Controlling Telnet Access
Because SSH2 is currently under U.S. export restrictions, you must first obtain a security-enabled version of the ExtremeWare software from Extreme Networks before you can enable SSH2. The procedure for obtaining a security-enabled version of the ExtremeWare software is described in Chapter 1.
Page 42: Using Snmp
Managing the Switch You can specify a list of predefined clients that are allowed SSH2 access to the switch. To do this, you must create an access profile that contains a list of allowed IP addresses. For more information on creating access profiles, refer to Chapter 10.
Page 43: Supported Mibs
• System contact (optional) — The system contact is a text field that enables you to enter the name of the person(s) responsible for managing the switch. • System name — The system name is the name that you have assigned to this switch. The default name is the model name of the switch (for example, Summit1 switch).
Page 44: Displaying Snmp Settings
Displaying SNMP Settings To display the SNMP settings configured on the switch, use the following command: show management This command displays the following information: • Enable/disable state for Telnet, SSH2, and SNMP, and web •...
Page 45: Authenticating Users
RADIUS port number to use when talking to the RADIUS server. The default port value is 1645. The client IP address is the IP address used by the RADIUS server for communicating back to the switch. RADIUS commands are described in Table 11.
Page 46 Configures the authentication string used to communicate with the RADIUS server. Displays the current RADIUS client configuration and statistics. Unconfigures the radius client configuration. [type] [version] -------------- --------- type = nas type=nas type nas AAA server application, © [prefix] -------- pm1. pm2. Summit 300-48 Switch Software User Guide...
Page 47 RADIUS Per-Command Configuration Example Building on this example configuration, you can use RADIUS to perform per-command authentication to differentiate user capabilities. To do so, use the Extreme-modified RADIUS Merit software that is available from the Extreme Networks web server at http://www.extremenetworks.com/extreme/support/otherapps.htm or by contacting Extreme...
Page 48 We has these capabilities. gerald with support for per-command authentication: users . We also know that lulu eric clear counter Summit 300-48 Switch Software User Guide...
Page 49: Using Extremeware Vista
When you access the home page of the switch, you are presented with the Logon screen. Controlling Web Access By default, web access is enabled on the switch. To configure Vista web access to be disabled, use the following command:...
Page 50: Accessing Extremeware Vista
• Turn off one or more of the browser toolbars to maximize the viewing space of the ExtremeWare Vista content screen. • If you will be using ExtremeWare Vista to send an email to the Extreme Networks Technical Support department, configure the email settings in your browser.
Page 51 Single item All items Contiguous items Selected noncontiguous items Summit 300-48 Switch Software User Guide Key Sequence Click the item using the mouse. Click the first item, and drag to the last item. Click the first desired item, and drag to the last desired item.
Page 52: Saving Changes
If you select Yes, the changes are saved to the selected configuration area. To change the selected configuration area, you must go to the Configuration task button, Switch option. Filtering Information Some pages have a Filter button. The Filter button is used to display a subset of information on a given page.
Page 53: Do A Get When Configuring A Vlan
Sending Screen Output to Extreme Networks If Extreme Networks requests that you email the output of a particular ExtremeWare Vista screen, follow these steps: 1 Click the content frame of the screen that you must send.
Page 54: Greenwich Mean Time Offsets
4 If you would like this switch to use a directed query to the NTP server, configure the switch to use the NTP server(s). If the switch listens to NTP broadcasts, skip this step. To configure the switch to use a directed query, use the following command: config sntp-client [primary | secondary] server [<ip_address>...
Page 55 +480 +9:00 +540 +10:00 +600 +11:00 +660 +12:00 +720 Summit 300-48 Switch Software User Guide Common Time Zone References Cities YST - Yukon Standard AHST - Alaska-Hawaii Standard CAT - Central Alaska HST - Hawaii Standard NT - Nome IDLW - International Date Line...
Page 56: Sntp Configuration Commands
10.0.1.2 Show Odometer Command Use the show odometer command to display the number of consecutive days that the Summit 300-48 switch has been in service. The following is a sample of the output generated from issuing the...
Page 57: Configuring Ports On A Switch
By default, all ports are enabled. To enable or disable one or more ports, use the following command: [enable | disable] ports <portlist> For example, to disable slot 1, ports 3, 5, and 12 through 15 on a Summit 300-48 switch, use the following command:...
Page 58: Configuring Switch Port Speed And Duplex Setting
Configuring Switch Port Speed and Duplex Setting By default, the switch is configured to use autonegotiation to determine the port speed and duplex setting for each port. You can manually configure the duplex setting and the speed of 10/100 Mbps ports.
Page 59: Load Sharing On The Switch
If the failed port becomes active again, traffic is redistributed to include that port. This feature is supported between Extreme Networks switches only, but may be compatible with third-party trunking or link-aggregation algorithms. Check with an Extreme Networks technical representative for more information.
Page 60: Configuring Switch Load Sharing
The following rules apply to the Summit 300-48 switch: • Ports on the switch must be of the same port type. For example, if you use 100 Mpbs ports, all ports on the switch must be 100 Mpbs ports.
Page 61: Load-Sharing Example
A maximum of eight ports in a load-share group is allowed. Load-Sharing Example This section provides an example of how to define load-sharing on a Summit 300-48 switch. Load-Sharing on a Summit 300-48 Switch The following example defines a load-sharing group that contains ports 1:9 through 1:12, and uses the...
Page 62: Port-Mirroring Commands
Deletes a particular mirroring filter definition. Disables port-mirroring. Dedicates a port to be the mirror output port. Port must be active before enabling mirroring. Displays the port-mirroring configuration. Summit 300-48 Switch Software User Guide...
Page 63: Port-Mirroring Example
1:3 tagged config mirroring add port 1:1 Extreme Discovery Protocol The Extreme Discovery Protocol (EDP) is used to gather information about neighbor Extreme Networks switches. EDP is used by the switches to exchange topology information. Information communicated using EDP includes: •...
Page 64 Configuring Ports on a Switch Summit 300-48 Switch Software User Guide...
Page 65: Virtual Lans (Vlans)
The term VLAN is used to refer to a collection of devices that communicate as if they were on the same physical LAN. Any set of ports (including all ports on the switch) is considered a VLAN. LAN segments are not restricted by the hardware that physically connects them. The segments are defined by flexible user groups you create with the command-line interface.
Page 66: Types Of Vlans
VLAN. The Summit 300-48 switch supports L2 port-based VLANs. For example, on the Summit 300-48 switch in Figure 1, ports 1:1 through 1:12 are part of VLAN Sales; ports 1:13 through 1:24, and port 1:51 are part of VLAN Marketing; ports 1:25 through 1:36, and port 1:50 are part of VLAN Finance, and ports 1:37 through 1:48, and port 1:52 are part of VLAN Corporate.
Page 67: Single Port-Based Vlan Spanning Two Switches
BlackDiamond switch belong to VLAN Sales. Ports 1:1 through 1:24, and port 1:26 on the Summit 300-48 switch also belong to VLAN Sales. The two switches are connected using slot 8, port 4 on system 1 (the BlackDiamond switch), and port 1:26 on system 2 (the Summit 300-48 switch).
Page 68: Tagged Vlans
Tagged VLANs Tagging is a process that inserts a marker (called a tag) into the Ethernet frame. The tag contains the identification number of a specific VLAN, called the VLANid. The Summit 300-48 switch supports L2 tagged VLANs. System 2...
Page 69 VLAN named default with an 802.1Q VLAN tag (VLANid) of 1 assigned. Not all ports in the VLAN must be tagged. As traffic from a port is forwarded out of the switch, the switch determines (in real time) if each destination port should use tagged or untagged packet formats for that VLAN.
Page 70: Physical Diagram Of Tagged And Untagged Traffic
Slot 1, Port 2 Slot 7, Ports 1-16 In Figure 4 and Figure 5: • The trunk port on each switch carries traffic for both VLAN Marketing and VLAN Sales. • The trunk port on each switch is tagged. 1:49...
Page 71: Vlan Names
• All other stations use untagged traffic. As data passes out of the switch, the switch determines if the destination port requires the frames to be tagged or untagged. All traffic coming from and going to the server is tagged. Traffic coming from and going to the trunk ports is tagged.
Page 72: Renaming A Vlan
• You cannot create a new VLAN named default. Configuring VLANs on the Switch This section describes the commands associated with setting up VLANs on the switch. Configuring a VLAN involves the following steps: 1 Create and name the VLAN.
Page 73: Vlan Configuration Examples
1:4-1:8 tagged The following Summit 300-48 switch example creates a VLAN named sales, with the VLANid 120. The VLAN uses both tagged and untagged ports. Ports 1:1 through 1:3 are tagged, and ports 1:4 and 1:7 are untagged.
Page 74 Virtual LANs (VLANs) Summit 300-48 Switch Software User Guide...
Page 75: Wireless Networking
The Summit 300-48 switch and the Altitude 300 extend network service to wireless 802.11a/b/g clients within a fully integrated network infrastructure. Ports on the Summit 300-48 switch handle all of the management functions typically associated with an access point. The Altitude 300 serves as the radio transmitter and receiver, inheriting configuration information as soon as it is attached to the switch and as changes are made to the wireless profiles after the system is deployed.
Page 76: Summary Of Wireless Features
Because the intelligence normally associated with an access point is maintained in the Summit 300-48 switch, the cost of implementing radio access is greatly reduced. The network can still be expanded as needed, but it becomes much easier to maintain security and reliability at reduced cost.
Page 77: Altitude 300-2D Detachable Antenna
Wireless bridging on an Summit 300-48 switch allows wireless users within the same VLAN to communicate with other wireless users on the same Summit 300-48 switch via layer 2 bridging. Wireless bridging can be enabled or disabled for each wireless port, and the setting is locally significant on each Altitude 300.
Page 78: Managing The Altitude
It is not necessary to configure the individual Altitude 300 ports. You set port attributes on the Summit 300-48 switch, copying them as needed to new ports that you configure. Each time you make a change to wireless configuration on the switch, that change is implemented in the wireless network. Upgrading wireless software becomes extremely easy, since it is only necessary to upgrade the switch, and not the Altitude 300s.
Page 79: Configuring Rf Properties
• Each RF profile applies to a specific interface (A or G), so changing a profile only affects the specified interface. • Each Summit 300-48 switch ships with default profiles for each supported wireless port. Table 22: RF Configuration Commands Command create rf-profile <name>...
Page 80: Configuring Rf Monitoring
1-255 Indicates the number of transmission attempts of a frame, the length of which is greater than rts-threshold, made before a failure condition is indicated. Summit 300-48 Switch Software User Guide...
Page 81: Ap Detection
<portlist> interface [1|2] ap-scan off-channel (at|every) <time> configure wireless port <portlist> interface [1|2] ap-scan off-channel <add|del> Summit 300-48 Switch Software User Guide Description Use this command to start the wireless port scan on the indicated port and interface for the Altitude 300.
Page 82 Received Signal Strength statistics Ad-hoc or BSSID network (in detail output only) Count of beacon packets seen from this AP (in detail output only) Count of PROBE RESP packets sent from the AP (in detail output only) Summit 300-48 Switch Software User Guide...
Page 83: Managing Wireless Clients
<portlist> interface [1|2] client-scan results <MAC|all> clear wireless port <portlist> interface [1|2] client-scan counters <MAC|all> Summit 300-48 Switch Software User Guide Description List of supported rates WEP information from beacon and probe packets WPA information, including authentication and supported...
Page 84: Client Scan Results
Wireless port and interface on which this client is seen MAC address of the source Number of PROBE REQ packets seen from this source RSSI of last received PROBE REQ packet Channel on which last PROBE REQ was received Summit 300-48 Switch Software User Guide...
Page 85: Collecting Client Information
Last state change Encryption Type Authentication Type ESSID Wireless Port Summit 300-48 Switch Software User Guide Description Time last PROBE REQ was seen from this source Client is associated to the Altitude 300 (Y | N) Description Command to show details of the current client state (see Table 31).
Page 86 Using the mac-layer command includes information on the operation of the 802.11 MAC layer. Use this command to show the information collected on a per-client basis. Using the diagnostic command will display counters and errors contained in the extremeWirelessClientDiagTable. Summit 300-48 Switch Software User Guide...
Page 87: Configuring Wireless Switch Properties
Command configure wireless ports <portlist> detected-station-timeout Configuring Wireless Switch Properties Table 35 lists the wireless configuration command that applies to the switch as a whole. Table 36 lists the command properties Table 35: Switch-Level Wireless Configuration Commands Command configure wireless <property>...
Page 88: Configuring Country Codes
• European Union and the Rest of the World. If you do not program the country code in the Summit 300-48 switch, then the switch inherits the country code of the first Altitude 300 that connects to it, if the Altitude is not programmed for the 'European Union and the Rest of World.
Page 89: Configuring Wireless Ports
Configuring Wireless Interfaces Each wireless port on the Summit 300-48 switch contains two interfaces. Interface 1 supports 802.11A, and interface 2 supports 802.11G radio signals. The you to configure one of the two individual interfaces (1|2) on a port or ports. You can move an...
Page 90: Force Disassociation
If you do not specify the every or time parameters, the user is immediately disassociated. • cancel-scheduler parameter disables forced disassociation. • mac-address indicates the MAC address of the client network interface card. Summit 300-48 Switch Software User Guide...
Page 91: Event Logging And Reporting
Event Logging and Reporting The Summit 300-48 switch supports the following enhancements for wireless event logging and reporting: • Enumerated type fields are included in syslog messages for filtering by external tools. • An additional CLI command is included for more granularity (...
Page 92 Wireless Networking Summit 300-48 Switch Software User Guide...
Page 93: Overview Of Security
“thick” access points. Unified Access Security provides the following capabilities: • Consolidated management — Up to 48 wireless ports from a single Summit 300-48 switch, greater network support with reduced management overhead •...
Page 94: User Access Security
• Single authentication infrastructure — Single set of policies, RADIUS, and certificate servers Table 43 summarizes the security options available with the Summit 300-48 switch. Campus mode refers to a network with multiple users who connect at different places. ISP mode refers to a network with stationary users who access the network through the same port each time.
Page 95 Access (WPA) based 802.1x. It is possible to configure both versions (legacy and WPA) on the same Summit 300-48 switch port. When a client associates to the Summit 300-48 switch port, it indicates 802.11 open authentication. Then if 802.1x is enabled on the port, the client is able to associate, and further authentication is performed.
Page 96: Encryption
CCMP/AES/TKIP WPA-Only Support To support WPA clients, the Summit 300-48 switch port sets the privacy bit in the beacon frames it advertises. The switch also advertises the set of supported unicast and multicast cipher suites and the configured and supported authentication modes as part of the association request.
Page 97: Web-Based And 802.1X Authentication
When web-based network login is enabled on a switch port, that port is placed into a non-forwarding state until authentication takes place. To authenticate, a user (supplicant) must open a web browser and provide the appropriate credentials. These credentials are either approved, in which case the port is placed in forwarding mode, or not approved, in which case the port remains blocked.
Page 98 TLS, which requires client and server certificates. With TTLS, the client can use the MD5 mode of username/password authentication. If you plan to use 802.1x authentication, refer to the documentation for your particular RADIUS server, and 802.1x client on how to set up a PKI configuration. Summit 300-48 Switch Software User Guide...
Page 99: Campus And Isp Modes
A netlogin-only disabled user can log in using network login and can also access the switch using Telnet, SSH, or HTTP. A netlogin-only enabled user can only log in using network login and cannot access the switch using the same login.
Page 100: Exclusions And Limitations
• Enabling a port for wireless access, will automatically disable wired netlogin on that port. Configuring Network Login The following configuration example shows the Extreme Networks switch configuration and the associated RADIUS server entries for network login. VLAN corp is assumed to be a corporate subnet...
Page 101 RADIUS server Vendor Specific Attributes (VSA) Extreme-Netlogin-Vlan. Since the VLAN, wlan-mgmt, is the same, there will be no port movement. Campus Mode: Wired clients connected to ports 1:2 - 1:5, VLAN temp, are logged into the network in Campus mode, because the port moves to the VLAN corp following authentication.
Page 102 1:15 - 1:20 interface 2 security-profile web-based-netlogin # DNS Client Configuration configure dns-client add name-server 10.0.1.1 configure dns-client add name-server 10.0.1.85 The following is a sample of the settings for the RADIUS server: #RADIUS server setting (VSAs)(optional) Summit 300-48 Switch Software User Guide...
Page 103: Web-Based Authentication User Login Using Campus Mode
— Windows NT/2000/XP—use the ipconfig/release address from the switch. If you have more than one Ethernet adapter, specify the adapter by using a number for the adapter following the ipconfig command. You can find the adapter number using the command At this point, the client has a temporary IP address.
Page 104: Dhcp Server On The Switch
NOTE Because network login is sensitive to state changes during the authentication process, Extreme Networks recommends that you do not log out until the login process is complete. The login process is complete when you receive a permanent IP address.
Page 105: Network Login Configuration Commands
The session-refresh purpose of this command is to log out users who are indirectly connected to the switch, such as through a hub. The command also monitors and logs out users who have disconnected the computer or have closed the logout window.
Page 106: Displaying Network Login Settings
Enables DHCP on a specified port in a VLAN. Enables network login on a specified port in a VLAN. Disables DHCP on a specified port in a VLAN. Disables network login on a specified port in a VLAN. Summit 300-48 Switch Software User Guide...
Page 107: Wireless Network Login Considerations
If no RADIUS VSA is present, then the traffic is assigned to the untagged VLAN on the port. NOTE During authentication the RADIUS packets use the Summit 300-48 switch address as the client IP address. The Altitude 300 address is not disclosed. MAC RADIUS MAC RADIUS is a mechanism for authenticating users in a legacy environment.
Page 108 • Ability to divide users into meaningful groups • Network resources required by users • Desired access restrictions based on resources, locations, times, and security level • Acceptable level of network management and user training • Anticipated changes in the network Summit 300-48 Switch Software User Guide...
Page 109: Policy Examples
Altitude 300 as a component of network access and include time restrictions for certain locations. Policies and RADIUS Support The authentication features of the Summit 300-48 switch are tightly integrated with RADIUS. You can specify the following types of RADIUS access control policies: •...
Page 110: Vendor-Specific Attributes
EXTREME_USER_LOCATION The following rules apply for VSAs: • For locations, the switch receives Extreme VSA containing the location of the Altitude 300. The RADIUS server uses the location VSA to determine whether to allow or deny access. • For WPA and legacy 802.1 clients, the RADIUS server sends the VLAN value to use for the client.
Page 111: Cli Commands For Security On The Switch
Table 51 lists the properties for the security profile configuration command. Table 51: Security Profile Command Property Values Case ssid-in-beacon <value> Summit 300-48 Switch Software User Guide Description Creates a new profile identified by the string name. The optional copy argument specifies the name of...
Page 112: Security Configuration Options
• wep128 Choices: • wep64 • wep128 Choices: • wep64 • wep128 • tkip • Choices: • wep64 • wep128 • tkip • Choices: • wep64 • wep128 Choices: • wep64 • wep128 Summit 300-48 Switch Software User Guide...
Page 113: Secure Web Login Access
< [ none | <access-profile > ] > port <port number> show session HTTPS is allowed only in an SSH build with the appropriate license enabled. Summit 300-48 Switch Software User Guide Network Authentication Encryption mac-radius Choices: •...
Page 114: Creating Certificates And Private Key
The certificate and private key file should be in PEM format and generated using RSA as the cryptography algorithm. Description Displays whether the switch has a valid private/public key pair and the state of HTTPS access (enabled or disabled). Summit 300-48 Switch Software User Guide...
Page 115: Example Wireless Configuration Processes
Configure the VLAN, Wireless Port IP Addresses and RF-profiles: 1 Create a vlan to be use as the wireless management VLAN. create vlan manage-wireless Summit 300-48 Switch Software User Guide Description Displays the following information: • HTTPS port configured. This is the port on which the clients will connect.
Page 116: Security Configuration Examples
Security Configuration Examples Refer to the examples in this section when configuring any of the available wireless security options for the Summit 300-48 switch. The examples encompass most typical security scenarios. NOTE Because of the requirement to add potential wireless ports to the wireless management-vlan as untagged ports, adding a wireless port to a data/client vlan requires that the port be added as a tagged port.
Page 117 5 Configure the Dot11 Authentication, Network Authentication and Multicast Cipher/Encryption and also assign the “default-user-vlan” parameter. config security-profile wep-secure dot11-auth open network-auth none encryption wep64 config security-profile wep-secure default-user-vlan wep-vlan Summit 300-48 Switch Software User Guide Example Wireless Configuration Processes...
Page 118 Warning: At least one WEP key has to be specified before applying this security profile to the interface 6 Configure the security profile with WEP key to match the encryption length indicated in Step 5. config security-profile wep-secure wep key add 0 hex aaaaaaaaaaaaaccccccccccccc Summit 300-48 Switch Software User Guide...
Page 119 4 Add the wireless port to the VLAN. config vlan web-vlan add ports 1:5 tagged 5 Configure the Dot11 Authentication, Network Authentication and Multicast Cipher/Encryption and also assign the “default-user-vlan” parameter. Summit 300-48 Switch Software User Guide Example Wireless Configuration Processes...
Page 120 7 Configure the security profile to use the 0 key you just defined as the default encryption key. config security-profile web-based-128 wep default-key-index 0 8 Configure the name of the ESS config security-profile web-based-128 ess-name web-based-128-ess abcdefaaaaaaaaaaaaaaaaaaaa Summit 300-48 Switch Software User Guide...
Page 121 Invalid number of bytes in key. Expected <xx> bytes, got <yy> bytes. 7 Configure the security profile to use the 0 key you just defined as the default encryption key. Summit 300-48 Switch Software User Guide Example Wireless Configuration Processes...
Page 122 2 Create a VLAN (dot1x-vlan) for the potential clients that will connect to the network using this security-profile. create vlan dot1x-vlan 3 Configure the tag for the VLAN config vlan dot1x-vlan tag 10 4 Add the wireless port to the VLAN. config vlan dot1x-vlan add ports 1:5 tagged abcdefaaaaaaaaaaaaaaaaaaaa Summit 300-48 Switch Software User Guide...
Page 123 5 Configure the Dot11 Authentication, Network Authentication and Multicast Cipher/Encryption and also assign the “default-user-vlan” parameter. config security-profile open-wpa-64 dot11-auth open network-auth wpa encryption wep64 config security-profile open-wpa-64 default-user-vlan wpa-vlan 6 Configure the name of the ESS Summit 300-48 Switch Software User Guide Example Wireless Configuration Processes...
Page 124 6 Configure the name of the ESS config security-profile open-wpa-tkip ess-name open-wpa-tkip-ess Open - WPA (Dynamic) - AES 1 Create a security profile (open-wpa-aes) by copying from the default unsecure profile. create security-profile open-wpa-aes copy unsecure Summit 300-48 Switch Software User Guide...
Page 125 1 Create a security profile (open-wpapsk-128) by copying from the default unsecure profile. create security-profile open-wpapsk-128 copy unsecure 2 Create a VLAN (wpa-vlan) for the potential clients that will connect to the network using this security-profile. create vlan wpa-vlan Summit 300-48 Switch Software User Guide Example Wireless Configuration Processes...
Page 126 7 Configure the name of the ESS config security-profile open-wpapsk-tkip ess-name open-wpapsk-tkip-ess Open - WPA PSK (Pre-Shared Key) - AES 1 Create a security profile (open-wpapsk-aes) by copying from the default unsecure profile. create security-profile open-wpapsk-aes copy unsecure Summit 300-48 Switch Software User Guide...
Page 127 Invalid number of bytes in key. Expected <xx> bytes, got <yy> bytes. 7 Configure the security profile to use the 0 key you just defined as the default encryption key. Summit 300-48 Switch Software User Guide Example Wireless Configuration Processes...
Page 128 2 Create a VLAN (web-vlan) for the potential clients that will connect to the network using this security-profile. create vlan web-vlan 3 Configure the tag for the web-vlan config vlan web-vlan tag 10 4 Add the wireless port to the VLAN. Summit 300-48 Switch Software User Guide...
Page 129 Invalid number of bytes in key. Expected <xx> bytes, got <yy> bytes. 7 Configure the security profile to use the 0 key you just defined as the default encryption key. Summit 300-48 Switch Software User Guide Example Wireless Configuration Processes...
Page 130 2 Create a VLAN (mac-vlan) for the potential clients that will connect to the network using this security-profile. create vlan mac-vlan 3 Configure the tag for the mac-vlan config vlan mac-vlan tag 10 4 Add the wireless port to the VLAN. Summit 300-48 Switch Software User Guide...
Page 131: Profile Assignment Example
AP is being operated (i.e. The selected “country-code” global wireless parameter). config wireless ports 1:5 interface 1 channel 0 config wireless ports 1:5 interface 2 channel 11 Summit 300-48 Switch Software User Guide Example Wireless Configuration Processes...
Page 132 Unified Access Security Summit 300-48 Switch Software User Guide...
Page 133: Power Over Ethernet
Power Over Ethernet This chapter explains how to configure the Summit 300-48 switch to supply power to devices using the Power over Ethernet (PoE) capability. It contains the following sections: • Overview on page 133 • Port Power Management on page 134 •...
Page 134: Port Power Management
Power Over Ethernet Port Power Management When you connect PDs, the Summit 300-48 switch automatically discovers and classifies those that are AF-complaint. The following functions are supported for delivering power to the port: • Enabling the port for discovery and classification •...
Page 135 Port Connection Order The Summit 300-48 switch software tracks the order of connection for powered devices. The connection order is recorded at the time a device is first discovered and classified. The connection order is reset if the device is disconnected.
Page 136: Port Power Events
Description Use this command to set the maximum power available for PDs on a per port basis. Use this command to specify that a user-defined limit will apply to the indicated port. Summit 300-48 Switch Software User Guide...
Page 137: Load Sharing Power Supplies
ExtremeWare 6.2a.1.1.2 provides new firmware to support an advanced PoE controller. Previous versions of ExtremeWare 6.2a.1 cannot be used on Summit 300-48 switches containing the new PoE controller. If you attempt to install previous versions on a switch containing the new controller, an error...
Page 138 306 W command for planning. This output is a snapshot of Description Use this command to select the power supply operating mode Use this command to set the power supply operating mode to redundant (default). Summit 300-48 Switch Software User Guide...
Page 139: Per-Port Leds
Wait for the LED to extinguish before reconnecting to the port. Configuring Power Over Ethernet Use the inline power commands in Table 60 to configure PoE on Summit 300-48 switch ports. NOTE Configuration parameters affecting operational parameters require the port or slot to be first disabled.
Page 140 PoE controller disconnects one of the ports to prevent overload on the power supply. There are two controls: • lowest-priority—next port connected causes a shutdown of the lowest priority port. • deny-port—next port is denied power, regardless of priority. • The default is deny-port. Summit 300-48 Switch Software User Guide...
Page 141 Command show inline-power show inline-power configuration port <portlist> show inline-power slot <slotlist> Summit 300-48 Switch Software User Guide Description Sets the violation precedence for the specified ports. A value of advertised-class will remove/deny power in the case an 802.3af compliant PD consumes power beyond its advertised class limit. There are three controls: •...
Page 142 Prints out how many ports are faulted, powered, and waiting for power for the slot. Provides power configuration for each slot. Provides power configuration details for the port. Shows status of power for the port. Summit 300-48 Switch Software User Guide...
Page 143: Forwarding Database (Fdb)
FDB are flooded to all members of the VLAN. FDB Entry Types The Summit 300-48 switch supports up to 8,191 layer 2 FDB entries and 2,047 layer 3 FDB entries. The following are four types of entries in the FDB: •...
Page 144: How Fdb Entries Get Added
Forwarding Database (FDB) interface are stored as permanent. The Summit 300-48 switches support a maximum of 128 permanent entries. Once created, permanent entries stay the same as when they were created. For example, the permanent entry store is not updated when any of the following take place: —...
Page 145: Configuring Fdb Entries
<name> blackhole {source-mac | dest-mac | both} delete fdbentry {<mac_address> vlan <name> | all} disable learning port <portlist> Summit 300-48 Switch Software User Guide Description Clears dynamic FDB entries that match the filter. When no options are specified, the command clears all FDB entries.
Page 146: Fdb Configuration Examples
<portlist> • — Displays all permanent entries, including the ingress and egress QoS profiles. permanent With no options, the command displays all FDB entries. Description Enables MAC address learning on one or more ports. Summit 300-48 Switch Software User Guide...
Page 147: Access Policies
Each packet arriving on an ingress port is compared to the access list in sequential order and is either forwarded to a specified QoS profile or dropped. These forwarded packets can also be modified by changing the 802.1p value and/or the DiffServe code point. Using access lists has no impact on switch performance.
Page 148: Access Masks
Access Masks There are between twelve and fourteen access masks available in the Summit 300-48, depending on which features are enabled on the switch. Each access mask is created with a unique name and defines a list of fields that will be examined by any access control list that uses that mask (and by any rate limit that uses the mask).
Page 149: Rate Limits
If the list is of type permit, the packet is forwarded. A permit access list can also apply a QoS profile to the packet and modify the packet’s 802.1p value and the DiffServe code point. Summit 300-48 Switch Software User Guide Using Access Control Lists...
Page 150: Access Mask Precedence Numbers
NOTE If your default rule denies traffic, you should not apply this rule to the Summit 300-48 port used as a management port. The following example shows an access control list that is used to specify an default rule to explicitly...
Page 151: The Permit-Established Keyword
For each of the following features that you enable, the system will use one access mask. When the feature is disabled, the mask will again be available. The features are: • IGMP or OSPF (both would share a single mask) • DiffServ examination • QoS monitor Summit 300-48 Switch Software User Guide...
Page 152: Deleting Access Mask, Access List, And Rate Limit Entries
{name | ports <portlist>} To view the access mask configuration use the following command: show access-mask {name} Access Control List Commands Table 63 describes the commands used to configure access control lists. Summit 300-48 Switch Software User Guide...
Page 153: Access Control List Configuration Commands
[permit {qosprofile <qosprofile>} {set code-point <code_point>} {set dot1p <dot1p_value>} | permit-established | deny] Summit 300-48 Switch Software User Guide Description Creates an access list. The list is applied to all ingress packets. Options include: • <name> — Specifies the access control list name.
Page 154 • egressport — Specify the egress port • ports — Specifies the ingress port(s) on which this rule is applied. • precedence — Specifies the access mask precedence number. The range is 1 to 25,600. Summit 300-48 Switch Software User Guide...
Page 155 {set dot1p <dot1p_value>} limit <rate_in_Mbps> {exceed-action [drop | set code-point <code_point>} delete access-list <name> Summit 300-48 Switch Software User Guide Description Creates a rate limit. The rule is applied to all ingress packets. Options include: • <rule_name> — Specifies the rate limit name.
Page 156: Access Control List Examples
Deletes an access mask. Any access lists or rate limits that reference this mask must first be deleted. Deletes a rate limit. Displays access-list information. Displays access-list information. Displays access-list information. 10.10.20.1 10.10.20.100 NET20 VLAN LB48009 Summit 300-48 Switch Software User Guide...
Page 157: Access Control List Denies All Tcp And Udp Traffic
10.10.10.100/32 ports 1:2 permit qp1 create access-list tcp2_1 ip_addr_mask ipprotocol tcp dest-ip 10.10.10.100/32 source-ip 10.10.20.100/32 ports 1:10 permit qp1 Figure 9 illustrates the outcome of this access list. Summit 300-48 Switch Software User Guide 10.10.20.1 NET20 VLAN ICMP Using Access Control Lists 10.10.20.100...
Page 158: Access List Allows Tcp Traffic
This step may not be intuitive. Pay attention to the destination and source address, the ingress port that the rule is applied to, and the desired affect. NOTE This rule has a higher precedence than the rule “tcp2_1” and “tcp1_2”. ICMP 10.10.20.100 Host B EW_035 EW_036 Summit 300-48 Switch Software User Guide...
Page 159: Permit-Established Access List Filters Out Syn Packet To Destination
The commands to create this rate limit is as follows: create access-mask port2_mask source-ip/24 ports precedence 100 create rate-limit port2_limit port2_mask source-ip 10.10.10.0/24 ports 1:2 permit qp1 set code-point 7 limit 10 exceed-action drop Summit 300-48 Switch Software User Guide 10.10.20.100 10.10.20.1 NET20 VLAN...
Page 160 Access Policies Summit 300-48 Switch Software User Guide...
Page 161: Overview Of Policy-Based Quality Of Service
• Modifying a QoS Configuration on page 172 • Traffic Rate-Limiting on page 172 Policy-based Quality of Service (QoS) is a feature of ExtremeWare and the Extreme switch architecture that allows you to specify different service levels for traffic traversing the switch. Policy-based QoS is an effective control mechanism for networks that have heterogeneous traffic patterns.
Page 162: Applications And Types Of Qos
Summit 300-48 switches support up to four physical queues per port. NOTE As with all Extreme switch products, QoS has no impact on switch performance. Using even the most complex traffic groupings has no cost in terms of switch performance.
Page 163: Web Browsing Applications
Table 65 lists the commands used to configure QoS. Table 65: QoS Configuration Commands Command config ports <portlist> qosprofile <qosprofile> config vlan <name> qosprofile <qosprofile> Summit 300-48 Switch Software User Guide ™ -based applications. In addition, Web-based Key QoS Parameters Minimum bandwidth, priority...
Page 164: Traffic Groupings
Access list based traffic groupings are defined using access lists. Access lists are discussed in detail in Chapter 10. By supplying a named QoS profile at the end of the access list command syntax, you can Summit 300-48 Switch Software User Guide...
Page 165: Mac-Based Traffic Groupings
FDB: clear fdb Blackhole MAC Address Using the option configures the switch to not forward any packets to the destination MAC blackhole address on any ports for the VLAN specified. The option is configured using the following...
Page 166: Explicit Class Of Service (802.1P And Diffserv) Traffic Groupings
Observing 802.1p Information When ingress traffic that contains 802.1p prioritization information is detected by the switch, the traffic is mapped to various hardware queues on the egress port of the switch. The Summit 300-48 switch Summit 300-48 Switch Software User Guide...
Page 167 Configuring 802.1p Priority When a packet is transmitted by the switch, you can configure the 802.1p priority field that is placed in the 802.1Q tag. You can configure the priority to be a number between 0 and 7, using the following command: config vlan <name>...
Page 168: Configuring Diffserv
Contained in the header of every IP packet is a field for IP Type of Service (TOS), now also called the DiffServ field. The TOS field is used by the switch to determine the type of service provided to the packet.
Page 169 Observing DiffServ Information When a packet arrives at the switch on an ingress port, the switch examines the first six of eight TOS bits, called the code point. The switch can assign the QoS profile used to subsequently transmit the packet based on the code point.
Page 170: Physical And Logical Groupings
QoS profile when the traffic is transmitted out to any other port. To configure a source port traffic grouping, use the following command: config ports <portlist> qosprofile <qosprofile> In the following modular switch example, all traffic sourced from port 7 uses the QoS profile named qp3 when being transmitted. config ports 7 qosprofile qp3...
Page 171: Verifying Configuration And Performance
<portlist> info {detail} show vlan Verifying Configuration and Performance After you have created QoS policies that manage the traffic through the switch, you can use the QoS monitor to determine whether the application performance meets your expectations. QoS Monitor The QoS monitor is a utility that monitors the incoming packets on a port or ports.
Page 172: Displaying Qos Profile Information
VLAN, as documented. You can also save and reboot the switch. Traffic Rate-Limiting The Summit 300-48 rate-limiting method is based on creating a rate limit, a specific type of access control list. Traffic that matches a rate limit is constrained to the limit set in the access control list. Rate limits are discussed in Chapter 10, “Access Policies”.
Page 173: Status Monitoring
In this way, statistics can help you get the best out of your network. Status Monitoring The status monitoring facility provides information about the switch. This information may be useful for your technical support representative if you have a problem. ExtremeWare includes many show commands that display information about different switch functions and facilities.
Page 174: Chapter 12 Status Monitoring And Statistics
Status Monitoring and Statistics Table 71 describes commands that are used to monitor the status of the switch. Table 71: Status Monitoring Commands Command show log {<priority>} show log config show memory {detail} show switch Description Displays the current snapshot of the log. Options include: •...
Page 175: Port Statistics
• Transmitted Byte Count (Tx Byte Count) — The total number of data bytes successfully transmitted by the port. • Received Packet Count (Rx Pkt Count) — The total number of good packets that have been received by the port. Summit 300-48 Switch Software User Guide Description Displays the output for the following commands: •...
Page 176: Port Errors
• Receive Oversize Frames (RX Over) — The total number of good frames received by the port greater than the supported maximum length of 1,522 bytes. • Receive Undersize Frames (RX Under) — The total number of frames received by the port that were less than 64 bytes long. Summit 300-48 Switch Software User Guide...
Page 177: Port Monitoring Display Keys
• — Configures ExtremeWare to log an error into the syslog and automatically reboot the system after any exception. The default setting is Summit 300-48 Switch Software User Guide none Port Monitoring Display Keys show...
Page 178: Logging
Information that is useful when performing detailed troubleshooting procedures. By default, log entries that are assigned a critical or warning level remain in the log after a switch reboot. Issuing a clear log command does not remove these static entries. To remove log entries of...
Page 179: Local Logging
• Message — The message contains the log information with text that is specific to the problem. Local Logging The switch maintains 1,000 messages in its internal log. You can display a snapshot of the log at any time by using the following command: show log {<priority>}...
Page 180: Logging Configuration Changes
• priority — Filters the log to display messages with the selected priority or higher (more critical). Priorities include critical, emergency, error, alert, warning, notice, info, and debug. If not specified, informational priority messages and higher are displayed. through local7 Summit 300-48 Switch Software User Guide...
Page 181 {<priority>} show log config Summit 300-48 Switch Software User Guide Description Configures the syslog host address and filters messages sent to the syslog host. Up to 4 syslog servers can be configured. Options include: •...
Page 182: Rmon
The workstation does not have to be on the same network as the probe, and can manage the probe by in-band or out-of-band connections. RMON Features of the Switch The IETF defines nine groups of Ethernet RMON statistics. The switch supports the following four of these groups: • Statistics •...
Page 183: Configuring Rmon
RMON requires one probe per LAN segment, and standalone RMON probes traditionally have been expensive. Therefore, Extreme’s approach has been to build an inexpensive RMON probe into the agent of each system. This allows RMON to be widely deployed around the network without costing more than traditional network management.
Page 184: Event Actions
Notify and log Send trap; place entry in RMON log. To be notified of events using SNMP traps, you must configure one or more trap receivers, as described in Chapter 3, “Managing the Switch”. Summit 300-48 Switch Software User Guide...
Page 185: Spanning Tree Domains
STP is a part of the 802.1D bridge specification defined by the IEEE Computer Society. To explain STP in terms used by the 802.1D specification, the switch will be referred to as a bridge. Overview of the Spanning Tree Protocol STP is a bridge-based mechanism for providing fault tolerance on networks.
Page 186: Chapter 13 Spanning Tree Protocol (Stp)
• Within any given STPD, all VLANs belonging to it use the same spanning tree NOTE Ensure that multiple STPD instances within a single switch do not see each other in the same broadcast domain. This could happen if, for example, another external bridge is used to connect VLANs belonging to separate STPDs.
Page 187: Multiple Spanning Tree Domains
• Marketing is defined on all switches (switch A, switch B, switch Y, switch Z, and switch M). Two STPDs are defined: • STPD1 contains VLANs Sales and Personnel. • STPD2 contains VLANs Manufacturing and Engineering. The VLAN Marketing is a member of the default STPD, but not assigned to either STPD1 or STPD2.
Page 188: Configuring Stp On The Switch
STP topology. • All VLANs in each switch are members of the same STPD. STP can block traffic between switch 1 and switch 3 by disabling the trunk ports for that connection on each switch. Switch 2 has no ports assigned to VLAN marketing. Therefore, if the trunk for VLAN marketing on switches 1 and 3 is blocked, the traffic for VLAN marketing will not be able to traverse the switches.
Page 189: Stp Configuration Commands
<stpd_name> add vlan <name> config stpd <stpd_name> forwarddelay <value> config stpd <stpd_name> hellotime <value> Summit 300-48 Switch Software User Guide Description Adds a VLAN to the STPD. Specifies the time (in seconds) that the ports in this STPD spend in the listening and learning states when the switch is the Root Bridge.
Page 190 Enables the STP protocol on one or more ports. If STPD is enabled for a port, bridge protocol data units (BPDUs) will be generated on that port if STP is enabled for the associated STPD. The default setting is enabled. Summit 300-48 Switch Software User Guide...
Page 191: Stp Configuration Example
Displaying STP Settings STP Configuration Example The following Summit 300-48 switch example creates and enables an STPD named Backbone_st. It assigns the Manufacturing VLAN to the STPD. It disables STP on ports 1:1 through 1:7 and port 1:12. create stpd backbone_st...
Page 192: Disabling And Resetting Stp
Disables STP on one or more ports. Disabling STP on one or more ports puts those ports in forwarding state; all BPDUs received on those ports will be disregarded. Restores default STP values to a particular STPD or to all STPDs. Summit 300-48 Switch Software User Guide...
Page 193: Overview Of Ip Unicast Routing
Each host using the IP unicast routing functionality of the switch must have a unique IP address assigned. In addition, the default gateway assigned to the host must be the IP address of the router interface.
Page 194: Ip Unicast Routing
IP address and subnet on different VLANs. In Figure 17, a Summit 300-48 switch is depicted with two VLANs defined; Finance and Personnel. Ports 2 and 4 are assigned to Finance; ports 3 and 5 are assigned to Personnel. Finance belongs to the IP network 192.207.35.0;...
Page 195 Route sharing is useful only in instances where you are constrained for bandwidth. This is typically not the case using Extreme switches. Using route sharing makes router troubleshooting more difficult because of the complexity in predicting the path over which the traffic will travel.
Page 196: Proxy Arp
When the IP host tries to communicate with the host at address 100.101.45.67, the IP hosts communicates as if the two hosts are on the same subnet, and sends out an IP ARP Request. The switch answers on behalf of the device at address 100.101.45.67, using its own MAC address. All subsequent data packets from 100.101.102.103 are sent to the switch, and the switch routes the packets to...
Page 197: Relative Route Priorities
[ bootp | icmp | static ] <priority> Configuring IP Unicast Routing This section describes the commands associated with configuring IP unicast routing on the switch. To configure routing, follow these steps: 1 Create and configure two or more VLANs.
Page 198: Verifying The Ip Unicast Routing Configuration
Specify the IP address of the entry. Deletes one or all proxy ARP entries. Configures the IP ARP timeout period. The default setting is 20 minutes. A setting of 0 disables ARP aging. The maximum aging time is 32,767 minutes. Summit 300-48 Switch Software User Guide...
Page 199 Table 81: Route Table Configuration Commands Command config iproute add <ipaddress> <mask> <gateway> <metric> config iproute add blackhole <ipaddress> <mask> Summit 300-48 Switch Software User Guide Description Disables the generation and processing of BOOTP packets. Disables the forwarding of BOOTP requests.
Page 200 An ICMP Router Discover Protocol (IRDP) client always uses the router with the highest preference level. Change this setting to encourage or discourage the use of this router. The default setting is 0. the parameter problem packet type. Summit 300-48 Switch Software User Guide...
Page 201 Summit 300-48 Switch Software User Guide Description Disables the loose source route IP option. Disables the record route IP option. Disables the record timestamp IP option.
Page 202: Routing Configuration Example
{vlan <name>} unconfig icmp unconfig irdp Routing Configuration Example Figure 18 illustrates a Summit 300-48 switch with two VLANs defined as follows: • Finance — Contains ports 2 and 4. — IP address 192.207.35.1. • Personnel —...
Page 203: Displaying Router Settings
{<ipaddress> <netmask> | vlan <name>] disable bootp vlan [<name> | all] disable bootprelay Summit 300-48 Switch Software User Guide Description Displays the IP Address Resolution Protocol (ARP) table. You can filter the display by IP address, VLAN, or permanent entries.
Page 204: Configuring Dhcp/Bootp Relay
Configuration Protocol (DHCP) or BOOTP requests coming from clients on subnets being serviced by the switch and going to hosts on different subnets. This feature can be used in various applications, including DHCP services between Windows NT servers and clients running Windows 95. To configure the relay function, follow these steps: 1 Configure VLANs and IP unicast routing.
Page 205: Verifying The Dhcp/Bootp Relay Configuration
“rules” defining the UDP port, and destination IP address or VLAN. A VLAN can make use of a single UDP-forwarding profile. UDP packets directed toward a VLAN use an all-ones broadcast on that VLAN. Summit 300-48 Switch Software User Guide functions are adequate, you may bootprelay...
Page 206: Udp-Forwarding Example
<udp_port> are forwarded to either the destination IP address (unicast or subnet directed broadcast) or to the specified VLAN as an all-ones broadcast. Deletes a forwarding entry from the specified udp-profile name. Summit 300-48 Switch Software User Guide...
Page 207 <profile_name> delete udp-profile <profile_name> show udp-profile {<profile_name>} unconfig udp-profile vlan [<name> | all] Summit 300-48 Switch Software User Guide Description Assigns a UDP-forwarding profile to the source VLAN. Once the UDP profile is associated with the VLAN, the switch picks...
Page 208 IP Unicast Routing Summit 300-48 Switch Software User Guide...
Page 209: Safety Information
Too much humidity can cause a fire. Too little humidity can produce electrical shock and fire. NOTE For more information about the Summit 300-48 temperature and humidity ranges, see Appendix B. Power The Summit 300-48 switch has two power inputs on the switch.
Page 210: Power Cord
When not in use, replace dust cover. Using this module in ways other than those described in this manual can result in intense heat that can cause fire, property damage, or personal injury. ), Type SVT or SJT, Summit 300-48 Switch Software User Guide...
Page 211: Lithium Battery
• The weight of the lithium contained in each coin cell is approximately 0.035 grams. • Two types of batteries are used interchangeably: — CR chemistry uses manganese dioxide as the cathode material. — BR chemistry uses poly-carbonmonofluoride as the cathode material. Summit 300-48 Switch Software User Guide Important Safety Information...
Page 212 Safety Information Summit 300-48 Switch Software User Guide...
Page 213: Supported Standards
Supported Standards The following is a list of software standards supported by ExtremeWare for the Summit 300-48 switch. Standards and Protocols RFC 1122 Host requirements IEEE 802.1D-1998 (802.1p) Packet priority IEEE 802.1Q VLAN tagging RFC 2474 DiffServ Precedence RFC 783 TFTP...
Page 214 Supported Standards Summit 300-48 Switch Software User Guide...
Page 215 — Indicates the secondary image. secondary The switch can store up to two images; a primary and a secondary. When you download a new image, you must select into which image space (primary or secondary) the new image should be placed. If not indicated, the primary image space is used.
Page 216: Appendix C Software Upgrade And Boot Options
The configuration takes effect on the next reboot. NOTE If the switch is rebooted while in the middle of a configuration save, the switch boots to factory default settings. The configuration that is not in the process of being saved is unaffected.
Page 217: Using Tftp To Upload The Configuration
• Modify the configuration using a text editor, and later download a copy of the file to the same switch, or to one or more different switches. • Send a copy of the configuration file to the Extreme Networks Technical Support department for problem-solving purposes.
Page 218: Using Tftp To Download The Configuration
To download a complete configuration, use the following command: download configuration [<hostname> | <ipaddress>] <filename> After the ASCII configuration is downloaded by way of TFTP, you are prompted to reboot the switch. The downloaded configuration file is stored in current switch memory during the rebooting process, and is not retained if the switch has a power failure.
Page 219: Remember To Save
(*) appears before the command line prompt when using the CLI. Upgrading and Accessing BootROM The Summit 300-48 switch has a two-stage BootROM. The first stage, called bootstrap, does basic initialization of the switch processor and will load one of two second-stage bootloaders (called primary and secondary).
Page 220: Accessing The Bootloader Cli
To access the Bootloader CLI, follow these steps: 1 Attach a serial cable to the serial console port of the switch. 2 Attach the other end of the serial cable to a properly configured terminal or terminal emulator. 3 Power cycle or reboot the switch.
Page 221: Boot Option Commands
{configuration} {primary | secondary} show configuration upload configuration [<ipaddress> | <hostname>] <filename> {every <time>} upload configuration cancel Summit 300-48 Switch Software User Guide Description Configures the TFTP server(s) used by a scheduled incremental configuration download. Downloads a BOOT ROM image from a TFTP server.
Page 222 Configures the switch to use a particular configuration on the next reboot. Options include the primary configuration area or the secondary configuration area. Configures the switch to use a particular image on the next reboot. Summit 300-48 Switch Software User Guide...
Page 223: Appendix D Troubleshooting
Troubleshooting If you encounter problems when using the switch, this appendix may be helpful. If you have a problem not listed here or in the release notes, contact your local technical support representative. LEDs Power LED does not light: Check that the power cable is firmly connected to the device and to the supply outlet.
Page 224: Using The Command-Line Interface
Ensure that you enter the IP address of the switch correctly when invoking the Telnet facility. Check that Telnet access was not disabled for the switch. If you attempt to log in and the maximum number of Telnet sessions are being used, you should receive an error message indicating so.
Page 225: Port Configuration
When a device that has auto-negotiation disabled is connected to a Extreme switch that has auto-negotiation enabled, the Extreme switch links at the correct speed, but in half duplex mode. The Extreme switch 10/100 physical interface uses a method called parallel detection to bring up the link.
Page 226: Vlans
Check to ensure that the transmit fiber goes to the receive fiber side of the other device, and vice-versa. All gigabit fiber cables are of the cross-over type. The Extreme switch has auto-negotiation set to on by default for gigabit ports. These ports need to be set to auto off (using the command ) if you are connecting it to config port <port #>...
Page 227: Stp
The switch has STP enabled, and the endstation is booting before the STP initialization process is complete. Specify that STP has been disabled for that VLAN, or turn off STP for the switch ports of the endstation and devices to which it is attempting to connect, and then reboot the endstation.
Page 228: Top Command
CPU utilization by process. Contacting Extreme Technical Support If you have a network issue that you are unable to resolve, contact Extreme Networks technical support. Extreme Networks maintains several Technical Assistance Centers (TACs) around the world to answer networking questions and resolve network problems.
Page 229 Contacting Extreme Technical Support • (408) 579-2826 or by email at: • support@extremenetworks.com You can also visit the support website at: • http://www.extremenetworks.com/extreme/support/techsupport.asp to download software updates (requires a service contract) and documentation. Summit 300-48 Switch Software User Guide...
Page 230 Troubleshooting Summit 300-48 Switch Software User Guide...
Page 231 Address Resolution Protocol. See ARP admin account Advanced Encryption Standard. See AES aging entries, FDB alarm actions alarms, RMON Altitude 300 Summit 300-48 Switch Software User Guide Altitude 300-2d Altitude 300-2i AP detection AP scan configuration commands (table) results (table)
Page 232 DTIM dynamic entries, FDB EAP-MD5 EAPOL and DHCP EAP-TLS EAP-TLS (Transport Layer Security) EAP-TTLS EAP-TTLS (Tunneled TLS) commands (table) description enabling a switch port encryption errors, port ESS name ESSID establishing a Telnet session Summit 300-48 Switch Software User Guide...
Page 233 Greenwich Mean Time Offsets (table) History, RMON home page HTTP and HTTPS access commands (table) HTTP clients HTTPS Summit 300-48 Switch Software User Guide ICMP configuration commands (table) IEEE 802.1Q IEEE 802.1x comparison with web-based authentication image downloading...
Page 234: Network Login Configuration Commands
(table) port port budget example port connection order port priorities port reset porting budgeting commands (table) power events keyword Summit 300-48 Switch Software User Guide...
Page 235 (table) verifying video applications voice applications web browsing applications QoS monitor description real-time display Summit 300-48 Switch Software User Guide Quality of Service. See QoS Radio Frequency See RF RADIUS client configuration configuration commands (table) description Merit server configuration (example)
Page 236 22, 41 disconnecting a session logging maximum sessions opening a session using Temporal Key Integrity Protocol. See TKIP TFTP server using time-based authentication TKIP command traceroute traffic groupings traffic rate-limiting transmit errors troubleshooting trunks UDP-Forwarding Summit 300-48 Switch Software User Guide...
Page 237 QoS web login access web-based and 802.1x authentication web-based authentication Wi-Fi protected access (WPA) wi-fi security cipher suites (table) wired equivalent privacy (WEP) authentication Summit 300-48 Switch Software User Guide wireless bridging clients configuration examples configuring interfaces device management...
Page 238 238 - Index Summit 300-48 Switch Software User Guide...
Page 239: Index Of Commands
Summit 300-48 Switch Software User Guide config iparp delete config iparp delete proxy config iparp timeout config iproute add config iproute add blackhole...
Page 240 151, 153 151, 154 29, 32 145, 165 151, 155 188, 190 29, 72 152, 155 152, 156 152, 156 29, 73 29, 199, 203 199, 203 29, 180, 181 104, 106 Summit 300-48 Switch Software User Guide...
Page 241 Summit 300-48 Switch Software User Guide download configuration download configuration cancel download configuration every download configuration incremental download image...
Page 242 174, 179, 181 174, 181 41, 44, 49, 114 59, 61 59, 169, 171, 172 59, 176 59, 175 59, 176 165, 170, 172 152, 156 40, 113 59, 60 54, 172, 174, 219 Summit 300-48 Switch Software User Guide...
Page 243 Summit 300-48 Switch Software User Guide 73, 104, 171, 172 33, 38 33, 34 202, 204 202, 204 30, 216 33, 217, 221...
Page 244 244 - Index of Commands Summit 300-48 Switch Software User Guide...

Extreme Networks Summit 300-48 Software User's Manual

Chapter 1 Extremeware Overview

Chapter 2 Accessing the Switch

Chapter 3 Managing the Switch

Chapter 4 Configuring Ports on a Switch

Chapter 5 Virtual Lans (Vlans)

Chapter 6 Wireless Networking

Chapter 7 Unified Access Security

Chapter 8 Power over Ethernet

Chapter 9 Forwarding Database (FDB)

Chapter 10 Access Policies

Chapter 11 Quality of Service (Qos)

Chapter 12 Status Monitoring and Statistics

Chapter 13 Spanning Tree Protocol (STP)

Chapter 14 IP Unicast Routing

Quick Links

Need help?

Questions and answers

Related Manuals for Extreme Networks Summit 300-48

Summary of Contents for Extreme Networks Summit 300-48