Page 1 Summit24e3 Switch Installation and User Guide Software Version 2.0 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 http://www.extremenetworks.com Published: August 2002 Part number: 100102-00 Rev. 02...
Page 2: Routing Information Protocol (Rip) Version 1 And Rip Version
Chassis, SummitLink, SummitGbX, SummitRPS and the Extreme Networks logo are trademarks of Extreme Networks, Inc., which may be registered or pending registration in certain jurisdictions. The Extreme Turbodrive logo is a service mark of Extreme Networks, which may be registered or pending registration in certain jurisdictions. Specifications are subject to change without notice.
Page 3: Table Of Contents
Mini-GBIC Type and Hardware/Software Support Mini-GBIC Type and Specifications Safety Information Chapter 2 Switch Installation Determining the Switch Location Following Safety Information Installing the Switch Rack Mounting Free-Standing Stacking the Switch and Other Devices Summit24e3 Switch Installation and User Guide...
Page 4 Command Shortcuts Summit24e3 Switch Numerical Ranges Names Symbols Line-Editing Keys Command History Common Commands Configuring Management Access User Account Administrator Account Default Accounts Creating a Management Account Domain Name Service Client Services 4 - Contents Summit24e3 Switch Installation and User Guide...
Page 5 SNTP Configuration Commands SNTP Example Chapter 6 Configuring Ports on a Switch Enabling and Disabling Switch Ports Configuring Switch Port Speed and Duplex Setting Switch Port Commands Load Sharing on the Switch Load-Sharing Algorithms Configuring Switch Load Sharing Load-Sharing Example...
Page 6 Verifying the Load-Sharing Configuration Switch Port-Mirroring Port-Mirroring Commands Port-Mirroring Example Extreme Discovery Protocol EDP Commands Chapter 7 Virtual LANs (VLANs) Overview of Virtual LANs Benefits Types of VLANs Port-Based VLANs Tagged VLANs VLAN Names Default VLAN Renaming a VLAN Configuring VLANs on the Switch...
Page 7 Creating Auto-Constrain NAT Rules Advanced Rule Matching Configuring Timeouts Displaying NAT Settings Disabling NAT Chapter 11 Ethernet Automatic Protection Switching Overview of the EAPS Protocol Fault Detection and Recovery Restoration Operations Summit24e3 Switch Installation and User Guide Contents - 7...
Page 8 Commands for Configuring and Monitoring EAPS Creating and Deleting an EAPS Domain Defining the EAPS Mode of the Switch Configuring EAPS Polling Timers Configuring the Primary and Secondary Ports Configuring the EAPS Control VLAN Configuring the EAPS Protected VLANs Enabling and Disabling an EAPS Domain...
Page 9 ARP-Incapable Devices Proxy ARP Between Subnets Relative Route Priorities Configuring IP Unicast Routing Verifying the IP Unicast Routing Configuration IP Commands Routing Configuration Example Displaying Router Settings Resetting and Disabling Router Settings Summit24e3 Switch Installation and User Guide Contents - 9...
Page 10 Configuring OSPF Wait Interval Displaying OSPF Settings OSPF LSD Display Resetting and Disabling OSPF Settings Chapter 17 IP Multicast Routing Overview IGMP Overview Configuring IP Multicasting Routing Displaying IP Multicast Routing Settings 10 - Contents Summit24e3 Switch Installation and User Guide...
Page 11 Upgrading and Accessing BootROM Upgrading BootROM Accessing the BootROM menu Boot Option Commands Appendix E Troubleshooting LEDs Using the Command-Line Interface Port Configuration VLANs Debug Tracing TOP Command Contacting Extreme Technical Support Summit24e3 Switch Installation and User Guide Contents - 11...
Page 12: Index Of Commands
Index Index of Commands 12 - Contents Summit24e3 Switch Installation and User Guide...
Page 13 Fitting the mounting bracket Null-modem cable pin-outs PC-AT serial null-modem cable pin-outs Mini-GBIC modules Example of a port-based VLAN on the Summit24e3 switch Single port-based VLAN spanning two switches Two port-based VLANs spanning two switches Physical diagram of tagged and untagged traffic...
Page 14 14 - Figures Summit24e3 Switch Installation and User Guide...
Page 15 Tables Summit24e3 Switch Installation and User Guide Notice Icons Text Conventions Summit24e3 Switch LED Behavior Mini-GBIC Types and Distances 1000BASE-SX Specifications Console Connector Pinouts ExtremeWare Summit24e3 Factory Defaults Command Syntax Symbols Line-Editing Keys Common Commands Default Accounts DNS Commands Ping Command Parameters...
Page 16 802.1p Configuration Commands DiffServ Configuration Commands Default Code Point-to-QoS Profile Mapping DLCS Configuration Commands Status Monitoring Commands Port Monitoring Display Keys Fault Levels Assigned by the Switch Fault Log Subsystems Logging Commands Event Actions STP Configuration Commands STP Disable and Reset Commands...
Page 17: Preface
• Internet Protocol (IP) concepts • Simple Network Management Protocol (SNMP) NOTE If the information in the release notes shipped with your switch differs from the information in this guide, follow the release notes. Conventions Table 1 and Table 2 list conventions that are used throughout this guide.
Page 18: Related Publications
The publications related to this one are: • ExtremeWare Release Notes • Summit24e3 Switch Release Notes Documentation for Extreme Networks products is available on the World Wide Web at the following location: • http://www.extremenetworks.com/ Summit24e3 Switch Installation and User Guide...
Page 19: Summit24E3 Switch Overview
• Wire-speed Internet Protocol (IP) routing • DHCP/BOOTP Relay • Network Address Translation (NAT) • Extreme Standby Router Protocol (ESRP) - Aware support • Ethernet Automated Protection Switching (EAPS) support • Routing Information Protocol (RIP) version 1 and RIP version 2 •...
Page 20: Summit24E3 Switch Front View
Use the console port (9-pin, “D” type connector) for connecting a terminal and carrying out local management. Reset Button The reset button is used to hard reset the switch. Use a non-conductive tool to push the reset button. NOTE See Table 4 for information about supported mini-GBIC types and distances.
Page 21: Summit24E3 Switch Rear View
This label shows the unique Ethernet MAC address assigned to this device. NOTE The Summit24e3 switch certification and safety label is located on the bottom of the switch. Summit24e3 Switch LEDs Table 3 describes the light emitting diode (LED) behavior on the Summit24e3 switch.
Page 22: Port Connections
10/100 Mbps ports on the Summit24e3 switch autonegotiates for half- or full-duplex operation. Mini-GBIC Type and Hardware/Software Support The Summit24e3 switch supports the SFP GBIC, also known as the mini-GBIC. The system uses identifier bits to determine the media type of the mini-GBIC that is installed. The Summit24e3 supports only the mini-GBIC.
Page 23: Safety Information
If you see an amber blinking mini-GBIC port status LED on your Summit24e3 switch, you do not have an Extreme-supported mini-GBIC installed in your switch. To correct this problem, make sure you install an Extreme-supported mini-GBIC into the port on the switch.
Page 24 Summit24e3 Switch Overview Summit24e3 Switch Installation and User Guide...
Page 25: Switch Installation
Determining the Switch Location The Summit24e3 switch is suited for use in the office, where it can be free-standing or mounted in a standard 19-inch equipment rack. Alternately, the device can be rack-mounted in a wiring closet or equipment room.
Page 26: Following Safety Information
The Summit24e3 switch can be mounted in a rack, or placed free-standing on a tabletop. Rack Mounting CAUTION Do not use the rack mount kits to suspend the switch from under a table or desk, or to attach the switch to a wall. To rack mount the Summit24e3 switch: 1 Place the switch upright on a hard flat surface, with the front facing you.
Page 27: Free-Standing
This relates only to physically placing the devices on top of one another. Apply the pads to the underside of the device by sticking a pad at each corner of the switch. Place the devices on top of one another, ensuring that the corners align.
Page 28: Powering On The Switch
Shell Ground Powering On the Switch To turn on power to the switch, connect the AC power cable to the switch and then to the wall outlet. Turn the on/off switch to the on position. Checking the Installation After turning on power to the Summit24e3 switch, the device performs a Power On Self-Test (POST).
Page 29: Logging In For The First Time
The MGMT LED flashes until the switch successfully passes the POST. If the switch passes the POST, the MGMT LED blinks at a slow rate (1 blink per second). If the switch fails the POST, the MGMT LED shows a solid amber light.
Page 30: Installing Or Replacing A Mini-Gigabit Interface Connector (Mini-Gbic)
• Do not stretch the fiber. • Make sure the bend radius of the fiber is not less than 2 inches. In addition to the previously described tasks, Extreme Networks recommends the following when installing or replacing mini-GBICs on an active network: •...
Page 31: Installing And Removing A Mini-Gbic
If you see an amber blinking Mini-GBIC port status LED on your Summit24e3 switch, you do not have an Extreme-supported mini-GBIC installed in your switch. To correct this problem, make sure you install an Extreme-supported mini-GBIC into the port on the switch.
Page 32 Switch Installation Summit24e3 Switch Installation and User Guide...
Page 33: Extremeware Overview
• Wire-speed Internet Protocol (IP) routing • DHCP/BOOTP Relay • Network Address Translation (NAT) • Extreme Standby Router Protocol (ESRP) - Aware support • Ethernet Automated Protection Switching (EAPS) support • Routing Information Protocol (RIP) version 1 and RIP version 2 •...
Page 34: Virtual Lans (Vlans)
• Redundant paths are disabled when the main paths are operational. • Redundant paths are enabled if the main traffic paths fail. A single spanning tree can span multiple VLANs. NOTE For more information on STP, see Chapter 14, “Spanning Tree Protocol (STP)”. Summit24e3 Switch Installation and User Guide...
Page 35: Quality Of Service
For information on load sharing, see Chapter 6, “Configuring Ports on a Switch”. ESRP-Aware Switches Extreme switches that are not running ESRP, but are connected on a network that has other Extreme switches running ESRP are ESRP-aware. When ESRP-aware switches are attached to ESRP-enabled switches, the ESRP-aware switches reliably perform fail-over and fail-back scenarios in the prescribed recovery times.
Page 36: Software Licensing
ExtremeWare Overview and the FDB timer used by the other vendor’s layer 2 switch. As such, ESRP can be used with layer 2 switches from other vendors, but the recovery times vary. The VLANs associated with the ports connecting an ESRP-aware switch to an ESRP-enabled switch must be configured using an 802.1Q tag on the connecting port, or, if only a single VLAN is involved, as...
Page 37: Security Licensing
Certain additional ExtremeWare security features, such as the use of Secure Shell (SSH2) encryption, may be under United States export restriction control. Extreme Networks ships these security features in a disabled state. You can obtain information on enabling these features at no charge from Extreme Networks.
Page 38: Software Factory Defaults
STPD named s0. 802.1Q tagging All packets are untagged on the default VLAN (default). Spanning Tree Protocol Disabled for the switch; enabled for each port in the STPD. Forwarding database aging period 300 seconds (5 minutes) IP Routing...
Page 39: Accessing The Switch
If an asterisk (*) appears in front of the command-line prompt, it indicates that you have outstanding configuration changes that have not been saved. For more information on saving configuration changes, see Appendix D, “Software Upgrade and Boot Options”. Summit24e3 Switch Installation and User Guide...
Page 40: Syntax Helper
1-3,6 Summit24e3 Switch Numerical Ranges Commands that require you to enter one or more port numbers on a Summit24e3 switch use the parameter in the syntax. A portlist can be a range of numbers, for example: <portlist>...
Page 41: Names
Names All named components of the switch configuration must have a unique name. Names must begin with an alphabetical character and are delimited by whitespace, unless enclosed in quotation marks. Symbols You may see a variety of symbols shown as part of the command syntax. These symbols explain how to enter the command, and you do not type them as part of the command itself.
Page 42: Command History
ExtremeWare “remembers” the last 49 commands you entered. You can display a list of these commands by using the following command: history Common Commands Table 10 describes common commands used to manage the switch. Commands specific to a particular feature are described in the other chapters of this guide. Table 10: Common Commands Command clear session <number>...
Page 43 Disables the timer that disconnects all sessions. Once disabled, console sessions remain open until the switch is rebooted or you logoff. Telnet sessions remain open until you close the Telnet client. Disables a port on the switch.
Page 44: Configuring Management Access
In addition to the management levels, you can optionally use an external RADIUS server to provide CLI command authorization checking for each command. For more information on RADIUS, see “RADIUS Client” in Chapter 5, “Managing the Switch”. User Account A user-level account has viewing access to all manageable parameters, with the exception of: •...
Page 45: Administrator Account
Summit24e3:2> Administrator Account An administrator-level account can view and change all switch parameters. It can also add and delete users, and change the password associated with any account name. The administrator can disconnect a management session that has been established by way of a Telnet connection. If this happens, the user logged on by way of the Telnet connection is notified that the session has been terminated.
Page 46: Creating A Management Account
Creating a Management Account The switch can have a total of 16 management accounts. You can use the default names (admin and user), or you can create new names and passwords for the accounts. Passwords can have a minimum of 0 characters and can have a maximum of 31 characters.
Page 47: Domain Name Service Client Services
<ipaddress> config dns-client default-domain <domain_name> config dns-client delete <ipaddress> nslookup <hostname> show dns-client Checking Basic Connectivity The switch offers the following commands for checking basic connectivity: • ping • traceroute Summit24e3 Switch Installation and User Guide utility can be used to return the IP address of a hostname.
Page 48: Ping
Traceroute command enables you to trace the routed path between the switch and a destination traceroute endstation. The command syntax is: traceroute traceroute [<ip_address> | <hostname>] {from <src_ipaddress>} {ttl <TTL>} {port <port>}...
Page 49: Overview
• Access the CLI by connecting a terminal (or workstation with terminal-emulation software) to the console port. • Access the switch remotely using TCP/IP through one of the switch ports. Remote access includes: — Telnet using the CLI interface. — SSH2 using the CLI interface.
Page 50: Using The Console Interface
Managing the Switch Using the Console Interface The CLI built into the switch is accessible by way of the 9-pin, RS-232 port labeled console, located on the front of the Summit 24e3 switch. Once the connection is established, you will see the switch prompt and you can log in.
Page 51 IP address of the VLAN using the command-line interface, Telnet, or Web interface. All VLANs within a switch that are configured to use BOOTP to get their IP address use the same MAC address. Therefore, if you are using BOOTP relay through a router, the BOOTP server must be capable of differentiating its relay based on the gateway portion of the BOOTP packet.
Page 52: Disconnecting A Telnet Session
Your changes take effect immediately. NOTE As a general rule, when configuring any IP addresses for the switch, you can express a subnet mask by using dotted decimal notation, or by using classless inter-domain routing notation (CIDR). CIDR uses a forward slash plus the number of bits in the subnet mask.
Page 53: Using Secure Shell 2 (Ssh2)
Enabling SSH2 Because SSH2 is currently under U.S. export restrictions, before enabling SSH2, you must first obtain a security license from Extreme Networks. The procedure for obtaining a security license key is described in Chapter 3, “ExtremeWare Overview”. To enable SSH2, use the following command: enable ssh2 {port <tcp_port_number>}...
Page 54: Using Snmp
ISBN 0-13-8121611-9 Published by Prentice Hall. Accessing Switch Agents To have access to the SNMP agent residing in the switch, at least one VLAN must have an IP address assigned to it. Supported MIBs In addition to private MIBs, the switch supports the standard MIBs listed in Appendix C.
Page 55: Displaying Snmp Settings
Displaying SNMP Settings To display the SNMP settings configured on the switch, use the following command: show management This command displays the following information: • Enable/disable state for Telnet, SSH2, and SNMP •...
Page 56: Authenticating Users
RADIUS port number to use when talking to the RADIUS server. The default port value is 1645. The client IP address is the IP address used by the RADIUS server for communicating back to the switch. RADIUS commands are described in Table 15.
Page 57: Radius Commands
RADUIS server. The default UDP port setting is 1645. • client-ip <ipaddress> — The IP address used by the switch to identify itself when communicating with the RADIUS server. The RADIUS server defined by this command is used for user name authentication and CLI command authentication.
Page 58 Unconfigures the radius accounting client configuration. AAA server application, © [type] [version] [prefix] -------------- --------- type = nas type=nas type nas type proxy type=Ascend:NAS v1 type=NAS+RAD_RFC+ACCT_RFC type=nas type=nas type=nas type=nas -------- pm1. pm2. Summit24e3 Switch Installation and User Guide...
Page 59 RADIUS Per-Command Configuration Example Building on this example configuration, you can use RADIUS to perform per-command authentication to differentiate user capabilities. To do so, use the Extreme-modified RADIUS Merit software that is available from the Extreme Networks web server at http://www.extremenetworks.com/extreme/support/otherapps.htm or by contacting Extreme...
Page 60: Configuring Tacacs
RADIUS client. The ExtremeWare version of TACACS+ is used to authenticate prospective users who are command, the enable command, but can perform no other functions on the switch. We has these capabilities. gerald with support for per-command authentication:...
Page 61 TACACS+ is used to communicate between the switch and an authentication database. NOTE You cannot use RADIUS and TACACS+ at the same time. You can configure two TACACS+ servers, specifying the primary server address, secondary server address, and UDP port number to be used for TACACS+ sessions.
Page 62: Using Network Login
• Until authentication takes place, ports on the VLAN are kept in a non-forwarding state. • each mode requires the user to open a web browser with the IP address of the switch. This is the only address that the client can reach in a non-authenticated state.
Page 63 VLAN. In this case, network login can be enabled on one port for each VLAN. Example Configuration Using Campus Mode This example creates a permanent VLAN named corp on the switch. This VLAN will be used for authentication through a RADIUS server. The RADIUS server is 10.201.26.243 and the IP address of the switch is 10.201.26.11.
Page 64 — Windows NT/2000—use the ipconfig command line utility. Use the command ipconfig/release to release the IP configuration and ipconfig/renew to get the temporary IP address from the switch. If you have more than one Ethernet adapter, specify the adapter by using a number for the adapter following the ipconfig command.
Page 65: Using Network Login In Isp Mode
Using Network Login in ISP Mode In ISP mode, a RADIUS server might be used to provide user authentication. No Extreme-specific lines are required for the dictionary or the user file. Configuring ISP Mode Configure the switch to use network login in ISP mode, using this command: enable netlogin ports <portlist>...
Page 66: Dhcp Server On The Switch
Managing the Switch DHCP Server on the Switch A DHCP server with limited configuration capabilities is included in the switch to provide IP addresses to clients. DHCP is enabled on a per port, per VLAN basis. To enable or disable DHCP on a port in a VLAN, use one of the following commands: enable dhcp ports <portlist>...
Page 67: Disabling Network Login
4 If you would like this switch to use a directed query to the NTP server, configure the switch to use the NTP server(s). If the switch listens to NTP broadcasts, skip this step. To configure the switch to use a directed query, use the following command: config sntp-client [primary | secondary] server [<ip_address>...
Page 68: Greenwich Mean Time Offsets
NTP queries are first sent to the primary server. If the primary server does not respond within 1 second, or if it is not synchronized, the switch queries the secondary server (if one is configured). If the switch cannot obtain the time, it restarts the query process. Otherwise, the switch waits for the...
Page 69: Sntp Configuration Commands
Marshall Islands NZST - New Zealand Standard NZT - New Zealand Description Configures an NTP server for the switch to obtain time information. Queries are first sent to the primary server. If the primary server does not respond within 1 second, or if it is not synchronized, the switch queries the second server.
Page 70: Sntp Example
SNTP Example In this example, the switch queries a specific NTP server and a backup NTP server. The switch is located in Cupertino, CA, and an update occurs every 20 minutes. The commands to configure the switch are as follows:...
Page 71: Configuring Ports On A Switch
By default, all ports are enabled. To enable or disable one or more ports, use the following command: [enable | disable] ports <portlist> For example, to disable ports 3, 5, and 12 through 15 on a Summit24e3 switch, use the following command: disable ports 3,5,12-15 Even though a port is disabled, the link remains enabled for diagnostic purposes.
Page 72: Switch Port Commands
The string can be up to 16 characters. Configures the part of the packet examined by the switch when selecting the egress port for transmitting load-sharing data. This feature is available using the address-based load-sharing algorithm, only.
Page 73: Load Sharing On The Switch
Load sharing must be enabled on both ends of the link or a network loop may result. The load-sharing algorithms do not need to be the same on both ends. This feature is supported between Extreme Networks switches only, but may be compatible with third-party trunking or link-aggregation algorithms. Check with an Extreme Networks technical representative for more information.
Page 74: Configuring Switch Load Sharing
The following rules apply to the Summit24e3 switch: • Ports on the switch must be of the same port type. For example, if you use 100 Mpbs ports, all ports on the switch must be 100 Mpbs ports. • Ports on the switch are divided into a maximum of eight groups.
Page 75: Load-Sharing Example
Do not disable a port that is part of a load-sharing group. Disabling the port prevents it from forwarding traffic, but still allows the link to initialize. As a result, a partner switch does not receive a valid indication that the port is not in a forwarding state, and the partner switch will continue to forward packets.
Page 76: Port-Mirroring Commands
3 tagged config mirroring add port 1 Extreme Discovery Protocol The Extreme Discovery Protocol (EDP) is used to gather information about neighbor Extreme Networks switches. EDP is used to by the switches to exchange topology information. Information communicated using EDP includes: •...
Page 77: Edp Commands
Summit24e3 Switch Installation and User Guide Description Disables the EDP on one or more ports. Enables the generation and processing of EDP messages on one or more ports. The default setting is enabled. Displays EDP information. Extreme Discovery Protocol...
Page 78 Configuring Ports on a Switch Summit24e3 Switch Installation and User Guide...
Page 79: Virtual Lans (Vlans)
The term “VLAN” is used to refer to a collection of devices that communicate as if they were on the same physical LAN. Any set of ports (including all ports on the switch) is considered a VLAN. LAN segments are not restricted by the hardware that physically connects them. The segments are defined by flexible user groups you create with the command-line interface.
Page 80: Types Of Vlans
• A combination of these criteria Port-Based VLANs In a port-based VLAN, a VLAN name is given to a group of one or more ports on the switch. A port can be a member of only one port-based VLAN. The Summit24e3 switch supports L2 port-based VLANs.
Page 81 2 for each VLAN you want to have span across the switches. At least one port on each switch must be a member of the corresponding VLANs, as well. Figure 9 illustrates two VLANs spanning two switches. On system 1, ports 1 through 8, and port 26 are part of VLAN Accounting;...
Page 82: Tagged Vlans
VLAN named default with an 802.1Q VLAN tag (VLANid) of 1 assigned. Not all ports in the VLAN must be tagged. As traffic from a port is forwarded out of the switch, the switch determines (in real time) if each destination port should use tagged or untagged packet formats for that VLAN.
Page 83 Slot 7, Ports 1-8 & 17-24 In Figure 10 and Figure 11: • The trunk port on each switch carries traffic for both VLAN Marketing and VLAN Sales. • The trunk port on each switch is tagged. • The server connected to port 16 on system 1 has a NIC that supports 802.1Q tagging.
Page 84: Vlan Names
Virtual LANs (VLANs) As data passes out of the switch, the switch determines if the destination port requires the frames to be tagged or untagged. All traffic coming from and going to the server is tagged. Traffic coming from and going to the trunk ports is tagged.
Page 85: Renaming A Vlan
• Once you change the name of the default VLAN, it cannot be changed back to default. • You cannot create a new VLAN named default. • You cannot change the VLAN name MacVlanDiscover. Although the switch accepts a name change, once it is rebooted, the original name is recreated.
Page 86: Vlan Configuration Examples
4-8 tagged The following Summit24e3 switch example creates a VLAN named sales, with the VLANid 120. The VLAN uses both tagged and untagged ports. Ports 1 through 3 are tagged, and ports 4 and 7 are untagged.
Page 87: Overview Of The Fdb
• Nonaging entries — If the aging time is set to zero, all aging entries in the database are defined as static, nonaging entries. This means that they do not age, but they are still deleted if the switch is reset.
Page 88: How Fdb Entries Get Added
Entries are added into the FDB in the following two ways: • The switch can learn entries. The system updates its FDB with the source MAC address from a packet, the VLAN, and the port identifier on which the source packet is received.
Page 89: Fdb Configuration Commands
{<mac_address> vlan <name> | all} disable learning port <portlist> enable learning port <portlist> Summit24e3 Switch Installation and User Guide Description Clears dynamic FDB entries that match the filter. When no options are specified, the command clears all FDB entries.
Page 90: Fdb Configuration Examples
— Displays the entries for a slot and port combination. ports <portlist> • — Displays all permanent entries, including the ingress and egress QoS profiles. permanent With no options, the command displays all FDB entries. Summit24e3 Switch Installation and User Guide...
Page 91: Overview Of Access Policies
Each packet arriving on an ingress port is compared to the access list in sequential order and is either forwarded to a specified QoS profile or dropped. These forwarded packets can also be modified by changing the 802.1p value and/or the DiffServe code point. Using access lists has no impact on switch performance.
Page 92: Routing Access Policies
There are between twelve and fourteen access masks available in the Summit24e3, depending on which features are enabled on the switch. Each access mask is created with a unique name and defines a list of fields that will be examined by any access control list that uses that mask (and by any rate limit that uses the mask).
Page 93: Rate Limits
The rate limit specified in the command line does not precisely match the actual rate limit imposed by the hardware, due to hardware constraints. See the release notes for the exact values of the actual rate limits, if required for your implementation. Summit24e3 Switch Installation and User Guide Using Access Control Lists...
Page 94: How Access Control Lists Work
Specifying a Default Rule You can specify a default access control list to define the default access to the switch. You should use an access mask with a low precedence for the default rule access control list. If no other access control list entry is satisfied, the default rule is used to determine whether the packet is forwarded or dropped.
Page 95: The Permit-Established Keyword
For example, a global rule (an access control list using an access mask without “ports” defined), will require 5 rules, one for each of the 5 blocks of ports on the hardware. Summit24e3 Switch Installation and User Guide...
Page 96: Deleting Access Mask, Access List, And Rate Limit Entries
{name | ports <portlist>} To view the access mask configuration use the following command: show access-mask {name} Access Control List Commands Table 25 describes the commands used to configure access control lists. Summit24e3 Switch Installation and User Guide...
Page 97: Access Control List Configuration Commands
• permit — Specifies the packets that match the access list description are permitted to be forward by this switch. An optional QoS profile can be assigned to the access list, so that the switch can prioritize packets accordingly. •...
Page 98 — Specify the egress port • ports — Specifies the ingress port(s) on which this rule is applied. • precedence — Specifies the access mask precedence number. The range is 1 to 25,600. Summit24e3 Switch Installation and User Guide...
Page 99 • permit — Specifies the packets that match the access list description are permitted to be forward by this switch. An optional QoS profile can be assigned to the access list, so that the switch can prioritize packets accordingly. •...
Page 100: Access Control List Examples
This example uses an access list that permits TCP sessions (Telnet, FTP, and HTTP) to be established in one direction. The switch, shown in Figure 12, is configured as follows: • Two VLANs, NET10 VLAN and NET20 VLAN, are defined.
Page 101: Access Control List Denies All Tcp And Udp Traffic
10.10.10.100/32 ports 2 permit qp1 create access-list tcp2_1 ip_addr_mask ipprotocol tcp dest-ip 10.10.10.100/32 source-ip 10.10.20.100/32 ports 10 permit qp1 Figure 14 illustrates the outcome of this access list. Summit24e3 Switch Installation and User Guide 10.10.20.1 NET20 VLAN ICMP Using Access Control Lists 10.10.20.100...
Page 102 NOTE This rule has a higher precedence than the rule “tcp2_1” and “tcp1_2”. Figure 16 shows the final outcome of this access list. ICMP 10.10.20.100 Host B EW_035 EW_036 Summit24e3 Switch Installation and User Guide...
Page 103: Permit-Established Access List Filters Out Syn Packet To Destination
The commands to create this rate limit is as follows: create access-mask port2_mask source-ip/24 ports precedence 100 create rate-limit port2_limit port2_mask source-ip 10.10.10.0/24 port 2 permit qp1 set code-point 7 limit 10 exceed-action drop Summit24e3 Switch Installation and User Guide 10.10.20.100 10.10.20.1 NET20 VLAN...
Page 104: Using Routing Access Policies
Adding an Access Profile Entry Next, configure the access profile, using the following command: config access-profile <access_profile> add {<seq_number>} {permit | deny} [ipaddress <ipaddress> <mask> {exact}] The following sections describe the command. config access-profile add Summit24e3 Switch Installation and User Guide...
Page 105: Deleting An Access Profile Entry
Routing Access Policies for RIP If you are using the RIP protocol, the switch can be configured to use an access profile to determine: • Trusted Neighbor — Use an access profile to determine trusted RIP router neighbors for the VLAN on the switch running RIP.
Page 106 RIP protocol is used to communicate with other routers on the network. The administrator wants to allow all internal access to the VLANs on the switch, but no access to the router that connects to the Internet. The remote router that connects to the Internet has a local interface connected to the corporate backbone.
Page 107: Routing Access Policies For Ospf
• ASBR Filter — For switches configured to support RIP and static route re-distribution into OSPF, an access profile can be used to limit the routes that are advertised into OSPF for the switch as a whole. To configure an ASBR filter policy, use the following command: config ospf asbr-filter [<access_profile>...
Page 108: Making Changes To A Routing Access Policy
Propagation of changes applied to RIP access policies depends on the protocol timer to age-out entries. NOTE Changes to profiles applied to OSPF typically require rebooting the switch, or disabling and re-enabling OSPF on the switch. Removing a Routing Access Policy To remove a routing access policy, you must remove the access profile from the routing protocol or VLAN.
Page 109: Routing Access Policy Commands
<area_id> external-filter [<access_profile> | none] config ospf area <area_id> interarea-filter [<access_profile> | none] Summit24e3 Switch Installation and User Guide Description Adds an entry to the access profile. The explicit sequence number, and permit or deny attribute should be specified if the access profile mode is none.
Page 110 Description Configures the router to use the access policy to limit the routes that are advertised into OSPF for the switch as a whole for switches configured to support RIP and static route re-distribution into OSPF. Configures the router to use the access policy to...
Page 111: Overview
(public) addresses. In implementing NAT, you must configure at least two separate VLANs involved. One VLAN is configured as inside, and corresponds to the private IP addresses you would like to translate into other Summit24e3 Switch Installation and User Guide...
Page 112: Network Address Translation (Nat)
NAT operates by replacing the inside IP packet’s source IP and Layer 4 port with an outside IP and Layer 4 port. The NAT switch maintains a connection table to map the return packets on the outside VLAN back into their corresponding inside sessions.
Page 113: Nat Modes
IP addresses. ICMP traffic is not translated in this mode. You must add a dynamic NAT rule for the same IP address range to allow for ICMP traffic. Summit24e3 Switch Installation and User Guide Configuring VLANs for NAT...
Page 114: Configuring Nat
All return packets must arrive on the same outside VLAN on which the session went out. For most configurations, make sure that the outside IP addresses specified in the rule are part of the outside VLAN ’s subnet range, so that the switch can proxy the address resolution protocol (ARP) for those addresses.
Page 115: Creating Static And Dynamic Nat Rules
IP addresses the switch will translate the inside IP addresses to. If the netmask for both the source and NAT addresses is /32, the switch will use static NAT translation. If the netmask for both the source and NAT addresses are not both /32, the switch will use dynamic NAT translation.
Page 116: Advanced Rule Matching
Description Configures the timeout for a TCP session that has been torn down or reset. The default setting is 60 seconds. Configures the timeout for an ICMP packet. The default setting is 3 seconds. Summit24e3 Switch Installation and User Guide...
Page 117: Displaying Nat Settings
Disabling NAT To disable NAT, use the following command: disable nat Summit24e3 Switch Installation and User Guide Description Configures the timeout for an entry with an unacknowledged TCP SYN state. The default setting is 60 seconds.
Page 118 Network Address Translation (NAT) Summit24e3 Switch Installation and User Guide...
Page 119: Ethernet Automatic Protection Switching
EAPS protection switching is similar to what can be achieved with the Spanning Tree Protocol (STP), but offers the advantage of converging in less than a second when a link in the ring breaks. In order to use EAPS, you must enable EDP on the switch. For more information on EDP, refer to Chapter 6.
Page 120: Gigabit Ethernet Fiber Eaps Man Ring
Like the master node, each transit node is also configured with a primary port and a secondary port on the ring, but the primary/secondary port distinction is ignored as long as the node is configured as a transit node. Summit24e3 Switch Installation and User Guide...
Page 121: Fault Detection And Recovery
NOTE The control VLAN is not blocked. Messages sent on the control VLAN must be allowed into the switch for the master node to determine whether the ring is complete. Summit24e3 Switch Installation and User Guide...
Page 122: Eaps Fault Detection And Protection Switching
VLANs, flushes its FDB, and sends a “flush FDB” message to its associated transit nodes. S4 sends "link down" message to master node Master node opens secondary port to allow traffic to pass Master node EW_072 Summit24e3 Switch Installation and User Guide...
Page 123: Restoration Operations
Summit24e3 Switch Installation and User Guide Commands for Configuring and Monitoring EAPS Description Configures the switch as either the EAPS master node or as an EAPS transit node for the specified domain. Configures the values of the polling timers the...
Page 124: Creating And Deleting An Eaps Domain
EAPS domain names and VLAN names must be unique; Do not use the same name string to identify both an EAPS domain and a VLAN. NOTE Only a single EAPS domain per switch is supported by the Summit24e3. The following command example creates EAPS domain eaps_1 on the switch: create eaps eaps_1 To delete an EAPS domain, use the following command: delete eaps <name>...
Page 125: Defining The Eaps Mode Of The Switch
The following command example identifies this switch as the master node for the domain named eaps_1. config eaps eaps_1 mode master The following command example identifies this switch as a transit node for the domain named eaps_1. config eaps eaps_1 mode transit Configuring EAPS Polling Timers...
Page 126: Configuring The Primary And Secondary Ports
To configure a node port as primary or secondary, use the following command: config eaps <name> [primary | secondary] port <port number> The following command example adds port 2 of the switch to the EAPS domain “eaps_1” as the primary port.
Page 127: Configuring The Eaps Protected Vlans
Enabling and Disabling an EAPS Domain To enable a specific EAPS domain, use the following command: enable eaps <name> To disable a specific EAPS domain, use the following command: disable eaps <name> Summit24e3 Switch Installation and User Guide Commands for Configuring and Monitoring EAPS...
Page 128: Enabling And Disabling Eaps
Ethernet Automatic Protection Switching Enabling and Disabling EAPS To enable the EAPS function for the entire switch, use the following command: enable eaps To disable the EAPS function for the entire switch, use the following command: disable eaps Unconfiguring an EAPS Ring Port...
Page 129: Show Eaps Display Fields
Fail Timer interval: 3 sec 0020 1003 1001 Description Current state of EAPS on this switch: • Yes—EAPS is enabled on the switch. • no—EAPS is not enabled. Number of EAPS domains created. There can only be one EAPS domain on this platform.
Page 130 Indicates whether EAPS is enabled on this domain. • Yes—EAPS is enabled on this domain. • no—EAPS is not enabled. The configured EAPS mode for this switch: transit or master. The port numbers assigned as the EAPS primary and secondary ports. On the master node, the port distinction indicates which port is blocked to avoid a loop.
Page 131 1. These fields apply only to transit nodes; they are not displayed for a master node. 2. This list is displayed when you use the detail keyword in the show eaps command. Summit24e3 Switch Installation and User Guide Description The configured value of the timer. This value is set internally by the EAPS software.
Page 132 Ethernet Automatic Protection Switching Summit24e3 Switch Installation and User Guide...
Page 133: Overview Of Policy-Based Quality Of Service
• Dynamic Link Context System on page 144 Policy-based Quality of Service (QoS) is a feature of ExtremeWare and the Extreme switch architecture that allows you to specify different service levels for traffic traversing the switch. Policy-based QoS is an effective control mechanism for networks that have heterogeneous traffic patterns.
Page 134: Applications And Types Of Qos
Quality of Service (QoS) NOTE As with all Extreme switch products, QoS has no impact on switch performance. Using even the most complex traffic groupings has no cost in terms of switch performance. Applications and Types of QoS Different applications have different QoS requirements. The following applications are ones that you will most commonly encounter and need to prioritize: •...
Page 135: Web Browsing Applications
Table 32 lists the commands used to configure QoS. Table 32: QoS Configuration Commands Command config ports <portlist> qosprofile <qosprofile> config vlan <name> qosprofile <qosprofile> Summit24e3 Switch Installation and User Guide ™ -based applications. In addition, Web-based Key QoS Parameters Minimum bandwidth, priority...
Page 136: Traffic Groupings
Access list based traffic groupings are defined using access lists. Access lists are discussed in detail in Chapter 9. By supplying a named QoS profile at the end of the access list command syntax, you can Summit24e3 Switch Installation and User Guide...
Page 137: Mac-Based Traffic Groupings
FDB: clear fdb Blackhole MAC Address Using the option configures the switch to not forward any packets to the destination MAC blackhole address on any ports for the VLAN specified. The option is configured using the following...
Page 138: Explicit Class Of Service (802.1P And Diffserv) Traffic Groupings
Configuring 802.1p Priority Extreme switches support the standard 802.1p priority bits that are part of a tagged Ethernet packet. The 802.1p bits can be used to prioritize the packet, and assign it to a particular QoS profile. When a packet arrives at the switch, the switch examines the 802.1p priority field maps it to a specific hardware queue when subsequently transmitting the packet.
Page 139 Configuring 802.1p Priority When a packet is transmitted by the switch, you can configure the 802.1p priority field that is placed in the 802.1Q tag. You can configure the priority to be a number between 0 and 7, using the following command: config vlan <name>...
Page 140: Configuring Diffserv
Observing DiffServ Information When a packet arrives at the switch on an ingress port, the switch examines the first six of eight TOS bits, called the code point. The switch can assign the QoS profile used to subsequently transmit the packet based on the code point.
Page 141 An access list can be used to change the DiffServ code point in the packet prior to the packet being transmitted by the switch. This is done with no impact on switch performance. To replace the DiffServ code point, you will use an access list to set the new code point value. See Chapter 9, “Access Policies”, for more information on using access lists.
Page 142: Physical And Logical Groupings
QoS profile when the traffic is transmitted out to any other port. To configure a source port traffic grouping, use the following command: config ports <portlist> qosprofile <qosprofile> In the following modular switch example, all traffic sourced from port 7 uses the QoS profile named qp3 when being transmitted. config ports 7 qosprofile qp3...
Page 143: Verifying Configuration And Performance
Verifying Configuration and Performance Once you have created QoS policies that manage the traffic through the switch, you can use the QoS monitor to determine whether the application performance meets your expectations. QoS Monitor The QoS monitor is a utility that monitors the incoming packets on a port or ports. The QoS monitor keeps track of the number of frames and the frames per second, sorted by 802.1p value, on each...
Page 144: Modifying A Qos Configuration
The Dynamic Link Context System (DLCS) is a feature that snoops WINS NetBIOS packets and creates a mapping between a user name, the IP address or MAC address, and the switch/port. Based on the information in the packet, DLCS can detect when an end station boots up or a user logs in or out, and dynamically maps the end station name to the current IP address and switch/port.
Page 145: Dlcs Guidelines
EEM Policy Manager or ExtremeWare EPICenter Policy Manager. • When the host is moved from one port to another port on a switch, the old entry does not age out unless the host is rebooted or a user login operation is performed after the host is moved.
Page 146 Quality of Service (QoS) Summit24e3 Switch Installation and User Guide...
Page 147: Status Monitoring
In this way, statistics can help you get the best out of your network. Status Monitoring The status monitoring facility provides information about the switch. This information may be useful for your technical support representative if you have a problem. ExtremeWare includes many show commands that display information about different switch functions and facilities.
Page 148 Displays the current system memory information. Specify the detail option to view task-specific memory usage. Displays the current switch information, including: • sysName, sysLocation, sysContact • MAC address • Current time and time, system uptime, and time zone •...
Page 149: Port Statistics
To view port statistics, use the following command: show ports <portlist> stats The following port statistic information is collected by the switch: • Link Status — The current status of the link. Options are: — Ready (the port is ready to accept a link).
Page 150: Port Monitoring Display Keys
To view port receive errors, use the following command: show ports <portlist> rxerrors The following port receive error information is collected by the switch: • Receive Bad CRC Frames (RX CRC) — The total number of frames received by the port that were of the correct length, but contained a bad FCS value.
Page 151: Setting The System Recovery Level
Information that is useful when performing detailed troubleshooting procedures. By default, log entries that are assigned a critical or warning level remain in the log after a switch reboot. Issuing a clear log command does not remove these static entries. To remove log entries of all...
Page 152: Local Logging
• Message — The message contains the log information with text that is specific to the problem. Local Logging The switch maintains 1,000 messages in its internal log. You can display a snapshot of the log at any time by using the following command: show log {<priority>}...
Page 153: Remote Logging
Remote Logging In addition to maintaining an internal log, the switch supports remote logging by way of the UNIX syslog host facility. To enable remote logging, follow these steps: 1 Configure the syslog host to accept and log messages. 2 Enable remote logging by using the following command:...
Page 154 • priority — Filters the log to display message with the selected priority or higher (more critical). Priorities include critical, emergency, alert, error, warning, notice, info, and debug. If not specified, all messages are displayed. Summit24e3 Switch Installation and User Guide...
Page 155: Rmon
The workstation does not have to be on the same network as the probe, and can manage the probe by in-band or out-of-band connections. RMON Features of the Switch The IETF defines nine groups of Ethernet RMON statistics. The switch supports the following four of these groups: • Statistics •...
Page 156: Configuring Rmon
RMON requires one probe per LAN segment, and standalone RMON probes traditionally have been expensive. Therefore, Extreme’s approach has been to build an inexpensive RMON probe into the agent of each system. This allows RMON to be widely deployed around the network without costing more than traditional network management.
Page 157: Event Actions
By default, RMON is disabled. However, even in the disabled state, the switch response to RMON queries and sets for alarms and events. By enabling RMON, the switch begins the processes necessary for collecting switch statistics. Event Actions The actions that you can define for each alarm are shown in Table 44.
Page 158 Status Monitoring and Statistics Summit24e3 Switch Installation and User Guide...
Page 159: Spanning Tree Protocol (Stp)
STP is a part of the 802.1D bridge specification defined by the IEEE Computer Society. To explain STP in terms used by the 802.1D specification, the switch will be referred to as a bridge. Overview of the Spanning Tree Protocol STP is a bridge-based mechanism for providing fault tolerance on networks.
Page 160: Defaults
• Within any given STPD, all VLANs belonging to it use the same spanning tree NOTE Ensure that multiple STPD instances within a single switch do not see each other in the same broadcast domain. This could happen if, for example, another external bridge is used to connect VLANs belonging to separate STPDs.
Page 161 • Marketing is defined on all switches (switch A, switch B, switch Y, switch Z, and switch M). Two STPDs are defined: • STPD1 contains VLANs Sales and Personnel. • STPD2 contains VLANs Manufacturing and Engineering. The VLAN Marketing is a member of the default STPD, but not assigned to either STPD1 or STPD2.
Page 162: Configuring Stp On The Switch
STP topology. • All VLANs in each switch are members of the same STPD. STP can block traffic between switch 1 and switch 3 by disabling the trunk ports for that connection on each switch. Switch 2 has no ports assigned to VLAN marketing. Therefore, if the trunk for VLAN marketing on switches 1 and 3 is blocked, the traffic for VLAN marketing will not be able to traverse the switches.
Page 163: Stp Configuration Commands
Adds a VLAN to the STPD. Specifies the time (in seconds) that the ports in this STPD spend in the listening and learning states when the switch is the Root Bridge. The range is 4 through 30. The default setting is 15 seconds.
Page 164 2 * (Hello Time + 1) and less than, or equal to 2 * (Forward Delay –1). Specifies the path cost of the port in this STPD. The range is 1 through 65,535. The switch automatically assigns a default path cost based on the speed of the port, as follows: n For a 10 Mbps port, the default cost is 100.
Page 165: Stp Configuration Example
STP Configuration Example The following Summit24e3 switch example creates and enables an STPD named Backbone_st. It assigns the Manufacturing VLAN to the STPD. It disables STP on ports 1 through 7 and port 12. create stpd backbone_st config stpd backbone_st add vlan manufacturing...
Page 166 Spanning Tree Protocol (STP) Table 46: STP Disable and Reset Commands Command unconfig stpd {<stpd_name>} Description Restores default STP values to a particular STPD or to all STPDs. Summit24e3 Switch Installation and User Guide...
Page 167: Overview Of Ip Unicast Routing
Each host using the IP unicast routing functionality of the switch must have a unique IP address assigned. In addition, the default gateway assigned to the host must be the IP address of the router interface.
Page 168: Ip Unicast Routing
IP address and subnet on different VLANs. In Figure 28, a Summit24e3 switch is depicted with two VLANs defined; Finance and Personnel. Ports 2 and 4 are assigned to Finance; ports 3 and 5 are assigned to Personnel. Finance belongs to the IP network 192.207.35.0;...
Page 169 If you define multiple default routes, the route that has the lowest metric is used. If multiple default routes have the same lowest metric, the system picks one of the routes. You can also configure blackhole routes — traffic to these destinations is silently dropped. Summit24e3 Switch Installation and User Guide Overview of IP Unicast Routing...
Page 170: Subnet-Directed Broadcast Forwarding
The section describes some example of how to use proxy ARP with the switch. ARP-Incapable Devices To configure the switch to respond to ARP Requests on behalf of devices that are incapable of doing so, you must configure the IP address and MAC address of the ARP-incapable device using the use the following command: config iparp add proxy <ipaddress>...
Page 171: Proxy Arp Between Subnets
When the IP host tries to communicate with the host at address 100.101.45.67, the IP hosts communicates as if the two hosts are on the same subnet, and sends out an IP ARP Request. The switch answers on behalf of the device at address 100.101.45.67, using its own MAC address. All subsequent data packets from 100.101.102.103 are sent to the switch, and the switch routes the packets to...
Page 172: Configuring Ip Unicast Routing
[rip | bootp | icmp | static | ospf-intra | ospf-inter | ospf-as-external | ospf-extern1 | ospf-extern2] <priority> Configuring IP Unicast Routing This section describes the commands associated with configuring IP unicast routing on the switch. To configure routing, follow these steps: 1 Create and configure two or more VLANs.
Page 173: Basic Ip Commands
255.255.255.255 is assumed. When mac_address is not specified, the MAC address of the switch is used in the ARP Response. When always is specified, the switch answers ARP Requests without filtering requests that belong to the same subnet of the receiving router interface.
Page 174 Deletes a static address from the routing table. Deletes a blackhole address from the routing table. Deletes a default gateway from the routing table. Changes the priority for all routes from a particular route origin. Disables load sharing for multiple routes. Summit24e3 Switch Installation and User Guide...
Page 175: Icmp Configuration Commands
{vlan <name>} Summit24e3 Switch Installation and User Guide Description Enables load sharing if multiple routes to the same destination are available. Only paths with the same lowest cost are shared. The default setting is disabled.
Page 176 IP interfaces. Enables the generation of ICMP port unreachable messages (type 3, code 3) when a TPC or UDP request is made to the switch, and no application is waiting for the request, or access policy denies the request. The default setting is enabled.
Page 177: Routing Configuration Example
Table 50: ICMP Configuration Commands (continued) Command unconfig irdp Routing Configuration Example Figure 29 illustrates a Summit24e3 switch that has two VLANs defined as follows: • Finance — Contains ports 2 and 4. — IP address 192.207.35.1. • Personnel — Contains ports 3 and 5.
Page 178: Displaying Router Settings
Permanent IP ARP entries are not affected. Removes the dynamic entries in the IP forwarding database. If no options are specified, all IP FDB entries are removed. Disables the generation and processing of BOOTP packets. Summit24e3 Switch Installation and User Guide...
Page 179: Configuring Dhcp/Bootp Relay
Configuration Protocol (DHCP) or BOOTP requests coming from clients on subnets being serviced by the switch and going to hosts on different subnets. This feature can be used in various applications, including DHCP services between Windows NT servers and clients running Windows 95. To configure the relay function, follow these steps: 1 Configure VLANs and IP unicast routing.
Page 180: Verifying The Dhcp/Bootp Relay Configuration
“rules” defining the UDP port, and destination IP address or VLAN. A VLAN can make use of a single UDP-forwarding profile. UDP packets directed toward a VLAN use an all-ones broadcast on that VLAN. functions are adequate, you may bootprelay Summit24e3 Switch Installation and User Guide...
Page 181: Udp-Forwarding Example
<profile_name> add <udp_port> [vlan <name> | ipaddress <dest_ipaddress>] config udp-profile <profile_name> delete <udp_port> [vlan <name> | ipaddress <dest_ipaddress>] Summit24e3 Switch Installation and User Guide Description Adds a forwarding entry to the specified UDP-forwarding profile name. All broadcast packets sent to <udp_port>...
Page 182 [<name> | all] Description Assigns a UDP-forwarding profile to the source VLAN. Once the UDP profile is associated with the VLAN, the switch picks up any broadcast UDP packets that matches with the user configured UDP port number, and forwards those packets to the user-defined destination.
Page 183: Overview
Published by Addison-Wesley Publishing Company Overview The switch supports the use of two interior gateway protocols (IGPs); the Routing Information Protocol (RIP) and the Open Shortest Path First (OSPF) protocol for IP unicast routing. RIP is a distance-vector protocol, based on the Bellman-Ford (or distance-vector) algorithm. The distance-vector algorithm has been in use for many years, and is widely deployed and understood.
Page 184: Rip Versus Ospf
To determine the best path to a distant network, a router using RIP always selects the path that has the least number of hops. Each router that data must traverse is considered to be one hop. Summit24e3 Switch Installation and User Guide...
Page 185: Routing Table
• Support for next-hop addresses, which allows for optimization of routes in certain environments. • Multicasting. RIP version 2 packets can be multicast instead of being broadcast, reducing the load on hosts that do not support routing protocols. Summit24e3 Switch Installation and User Guide Overview of RIP...
Page 186: Overview Of Ospf
All routers within an area have the exact same LSDB. Table 54 describes LSA type numbers. Table 54: LSA Type Numbers Type Number Description Router LSA Network LSA Summary LSA AS summary LSA AS external LSA NSSA external LSA Link local Area scoping AS scoping Summit24e3 Switch Installation and User Guide...
Page 187: Areas
The three types of routers defined by OSPF are as follows: • Internal Router (IR) An internal router has all of its interfaces within the same area. Summit24e3 Switch Installation and User Guide Overview of OSPF...
Page 188 <area_id> nssa {summary | nosummary} stub-default-cost <cost> {translate} option determines whether type 7 LSAs are translated into type 5 LSAs. When translate configuring an OSPF area as an NSSA, the should only be used on NSSA border routers, translate Summit24e3 Switch Installation and User Guide...
Page 189 Virtual links are also used to repair a discontiguous backbone area. For example, in Figure 31, if the connection between ABR1 and the backbone fails, the connection using ABR2 provides redundancy so that the discontiguous area can continue to communicate with the backbone using the virtual link. Summit24e3 Switch Installation and User Guide...
Page 190: Point-To-Point Support
OSPF routers and does not elect a DR or BDR. If you have three or more routers on the VLAN, OSPF will fail to synchronize if the neighbor is not configured. EW_017 Summit24e3 Switch Installation and User Guide...
Page 191: Route Re-Distribution
Both RIP and OSPF can be enabled simultaneously on the switch. Route re-distribution allows the switch to exchange routes, including static routes, between the two routing protocols. Figure 32 is an example of route re-distribution between an OSPF autonomous system and a RIP autonomous system.
Page 192: Ospf Timers And Authentication
Table 56: RIP Configuration Commands Command config rip add vlan [<name> | all] Description Configures RIP on an IP interface. When an IP interface is created, per-interface RIP configuration is disabled by default. , which ospf Summit24e3 Switch Installation and User Guide...
Page 193 {vlan <name>} config rip updatetime {<seconds>} config rip vlan [<name> | all] cost <number> enable rip Summit24e3 Switch Installation and User Guide Description Disables RIP on an IP interface. When RIP is disabled on the interface, the parameters are not reset to their defaults.
Page 194 Default setting is enabled. Enables triggered updates. Triggered updates are a mechanism for immediately notifying a router’s neighbors when the router adds or deletes routes, or changes the metric of a route. The default setting is enabled. Summit24e3 Switch Installation and User Guide...
Page 195: Rip Configuration Example
RIP Configuration Example Figure 33 illustrates a switch that has two VLANs defined as follows: • Finance — Contains ports 2 and 4 — IP address 192.207.35.1. • Personnel — Contains ports 3 and 5 — IP address 192.207.36.1. Figure 33: RIP configuration example 192.207.35.1...
Page 196: Displaying Rip Settings
Disables split horizon. Disables triggered updates. Resets all RIP parameters to match the default VLAN. Does not change the enable/disable state of the RIP settings. If no VLAN is specified, all VLANs are reset. Summit24e3 Switch Installation and User Guide...
Page 197: Configuring Ospf
Configuring OSPF Each switch that is configured to run OSPF must have a unique router ID. It is recommended that you manually set the router ID of the switches participating in OSPF, instead of having the switch automatically choose its router ID based on the highest interface IP address. Not performing this configuration in larger, dynamic environments could result in an older link state database remaining in use.
Page 198 Configures an OSPF area as a stub area. exported into OSPF. If none is specified, no RIP and static routes are filtered. Configures OSPF database overflow. Configures an aggregated OSPF external route using the IP addresses specified. Summit24e3 Switch Installation and User Guide...
Page 199 10 Mbps is 10, for 100 Mbps is 5, and for 4 Gbps is 1. Configures the OSPF router ID. If automatic is specified, the switch uses the largest IP interface address as the OSPF router ID. The default setting is automatic.
Page 200 OSPF enabled are ignored. Enables the distribution of RIP routes into the OSPF domain. Once enabled, the OSPF router is considered to be an ASBR. The default tag number is 0. The default setting is disabled. Summit24e3 Switch Installation and User Guide...
Page 201: Configuring Ospf Wait Interval
NOTE The OSPF standard specifies that wait times are equal to the dead router wait interval. Summit24e3 Switch Installation and User Guide Description Enables the distribution of static routes into the OSPF domain.
Page 202: Displaying Ospf Settings
If detail is specified, each entry includes complete LSA information. Displays virtual link information about a particular router or all routers. command. You can specify show ospf lsdb stats option summary option displays the Summit24e3 Switch Installation and User Guide...
Page 203: Resetting And Disabling Ospf Settings
{vlan <name> | area <areaid>} Resets one or all OSPF interfaces to the default Summit24e3 Switch Installation and User Guide Description Deletes an OSPF area. Once an OSPF area is removed, the associated OSPF area and OSPF interface information is removed.
Page 204 Interior Gateway Routing Protocols Summit24e3 Switch Installation and User Guide...
Page 205: Chapter 17 Ip Multicast Routing
Periodically, the router queries the multicast group to see if the group is still in use. If the group is still active, a single IP host responds to the query, and group registration is maintained. Summit24e3 Switch Installation and User Guide...
Page 206: Configuring Ip Multicasting Routing
IP unicast or IP multicast routing. IGMP Snooping IGMP snooping is a layer 2 function of the switch. It does not require multicast routing to be enabled. The feature reduces the flooding of IP multicast traffic. IGMP snooping optimizes the usage of network bandwidth, and prevents multicast traffic from being flooded to parts of the network that do not need it.
Page 207: Displaying Ip Multicast Routing Settings
Enables IGMP on a router interface. If no VLAN is specified, IGMP is enabled on all router interfaces. The default setting is enabled. Enables IGMP snooping on the switch. If forward-mcrouter-only is specified, the switch forwards all multicast traffic to the multicast router, only.
Page 208: Deleting And Resetting Ip Multicast Settings
Disables the router-side IGMP processing on a router interface. No IGMP query is generated, but the switch continues to respond to IGMP queries received from other devices. If no VLAN is specified, IGMP is disabled on all router interfaces.
Page 209: Safety Information
Safety Information Important Safety Information WARNING! Read the following safety information thoroughly before installing your Extreme Networks switch. Failure to follow this safety information can lead to personal injury or damage to the equipment. Installation, maintenance, removal of parts, and removal of the unit and components must be done by qualified service personnel only.
Page 210: Power Cord
The battery in the bq4830/DS1644 device is encapsulated and not user-replaceable. If service personnel disregard the instructions and attempt to replace the bq4830/DS1644, replace the lithium battery with the same or equivalent type, as recommended by the manufacturer. ), Type SVT or SJT, Summit24e3 Switch Installation and User Guide...
Page 211 • The weight of the lithium contained in each coin cell is approximately 0.035 grams. • Two types of batteries are used interchangeably: — CR chemistry uses manganese dioxide as the cathode material. — BR chemistry uses poly-carbonmonofluoride as the cathode material. Summit24e3 Switch Installation and User Guide Important Safety Information...
Page 212 Safety Information Summit24e3 Switch Installation and User Guide...
Page 213: Technical Specifications
Power Supply AC Line Frequency Input Voltage Options Current Rating Switch Power-Off Temperature power-off Summit24e3 Switch Installation and User Guide Summit24e3 Height: 1.75 inches (4.44 cm) Width: 17 inches (43.18 cm) Depth: 8 inches (20.32 cm) Weight: 8 lbs (3.6 kg)
Page 214 0° to 40° C (32° to 104° F) Storage Temperature -40° to 70 ° C (-40° to 158° F) Operating Humidity 10% to 95% relative humidity, noncondensing Standards EN60068 to Extreme IEC68 schedule Certification Marks CE (European Community) TUV/GS (German Notified Body) TUV/S (Argentina) GOST (Russian Federation)
Page 215: Supported Standards
Supported Standards The following is a list of software standards supported by ExtremeWare for the Summit24e3 switch. Standards and Protocols RFC 1058 RIP RFC 1723 RIP v2 RFC 1112 IGMP RFC 2236 IGMP v2 RFC 2328 OSPF v2 (incl. MD5 authentication)
Page 216 Supported Standards Summit24e3 Switch Installation and User Guide...
Page 217: Downloading A New Image
— Indicates the secondary image. secondary The switch can store up to two images; a primary and a secondary. When you download a new image, you must select into which image space (primary or secondary) the new image should be placed. If not indicated, the primary image space is used.
Page 218: Rebooting The Switch
To reboot the switch, use the following command: reboot { time <date> <time> | cancel} where is the date and is the time (using a 24-hour clock format) when the switch will be date time rebooted. The values use the following format:...
Page 219: Saving Configuration Changes
• Modify the configuration using a text editor, and later download a copy of the file to the same switch, or to one or more different switches. • Send a copy of the configuration file to the Extreme Networks Technical Support department for problem-solving purposes.
Page 220 — Specifies the time of day you want the configuration automatically uploaded on a every <time> daily basis. If not specified, the current configuration is immediately uploaded to the TFTP server. To cancel a previously scheduled configuration upload, use the following command: upload configuration cancel Summit24e3 Switch Installation and User Guide...
Page 221: Using Tftp To Download The Configuration
To download a complete configuration, use the following command: download configuration [<hostname> | <ipaddress>] <filename> After the ASCII configuration is downloaded by way of TFTP, you are prompted to reboot the switch. The downloaded configuration file is stored in current switch memory during the rebooting process, and is not retained if the switch has a power failure.
Page 222: Scheduled Incremental Configuration Download
Upgrading BootROM Upgrading BootROM is done using TFTP (from the CLI), after the switch has booted. Upgrade the BootROM only when asked to do so by an Extreme Networks technical representative. To upgrade the BootROM, use the following command: download bootrom [<hostname> | <ipaddress>] <filename>]...
Page 223: Accessing The Bootrom Menu
Interaction with the BootROM menu is only required under special circumstances, and should be done only under the direction of Extreme Networks Customer Support. The necessity of using these functions implies a non-standard problem which requires the assistance of Extreme Networks Customer Support.
Page 224 If no parameters are specified, the image is saved to the current image. Reboots the switch at the date and time specified. If you do not specify a reboot time, the reboot happens immediately following the command, and any previously scheduled reboots are cancelled.
Page 225: Troubleshooting
Troubleshooting If you encounter problems when using the switch, this appendix may be helpful. If you have a problem not listed here or in the release notes, contact your local technical support representative. LEDs Power LED does not light: Check that the power cable is firmly connected to the device and to the supply outlet.
Page 226: Using The Command-Line Interface
Ensure that you enter the IP address of the switch correctly when invoking the Telnet facility. Check that Telnet access was not disabled for the switch. If you attempt to log in and the maximum number of Telnet sessions are being used, you should receive an error message indicating so.
Page 227: Port Configuration
When a device that has auto-negotiation disabled is connected to a Extreme switch that has auto-negotiation enabled, the Extreme switch links at the correct speed, but in half duplex mode. The Extreme switch 10/100 physical interface uses a method called parallel detection to bring up the link.
Page 228: Vlans
Check to ensure that the transmit fiber goes to the receive fiber side of the other device, and vice-versa. All gigabit fiber cables are of the cross-over type. The Extreme switch has auto-negotiation set to on by default for gigabit ports. These ports need to be set to auto off (using the command ) if you are connecting it to config port <port #>...
Page 229: Stp
CPU utilization by process. Contacting Extreme Technical Support If you have a network issue that you are unable to resolve, contact Extreme Networks technical support. Extreme Networks maintains several Technical Assistance Centers (TACs) around the world to answer networking questions and resolve network problems.
Page 230 Troubleshooting • support@extremenetworks.com You can also visit the support website at: • http://www.extremenetworks.com/extreme/support/techsupport.asp to download software updates (requires a service contract) and documentation. Summit24e3 Switch Installation and User Guide...
Page 231 ARP incapable device proxy ARP between subnets proxy ARP, description of responding to ARP requests Summit24e3 Switch Installation and User Guide table, displaying autonegotiation backbone area, OSPF blackhole entries, FDB boot option commands (table)
Page 232: Igmp Configuration Commands
Equal Cost Multi-Path (ECMP) routing. See IP route sharing errors, port establishing a Telnet session Events, RMON export restrictions Extreme Discovery Protocol See EDP ExtremeWare factory defaults features adding an entry aging entries blackhole entries...
Page 233 LEDs Summit24e3 license keys licensing Advanced Edge functionality description Edge functionality license keys ordering Summit24e3 Switch Installation and User Guide verifying line-editing keys link-state database link-state protocol, description load sharing algorithms configuring description load-sharing group, description master port...
Page 234 Quality of Servce. See QoS rack mounting the switch RADIUS and TACACS+ client configuration configuation commands (table) description Merit server configuration (example) per-command authentication per-command configuration (example) RFC 2138 attributes servers TCP port 34, 133 56, 61 Summit24e3 Switch Installation and User Guide...
Page 235 OSPF permit removing using Routing Information Protocol. See RIP routing table, populating routing. See IP unicast routing Summit24e3 Switch Installation and User Guide safety information saving configuration changes scheduling configuration download secondary image security licensing description obtaining serial port. See console port...
Page 236 VLAN tagging VLANs and STP assigning a tag benefits configuration commands (table) configuration examples configuring default description disabling route advertising displaying settings 56, 61 mixing port-based and tagged names port-based renaming routing tagged trunks Summit24e3 Switch Installation and User Guide...
Page 237 UDP-Forwarding voice applications, QoS web browsing applications, and QoS weight, Summit24e3 switch Summit24e3 Switch Installation and User Guide Index - 237...
Page 238 238 - Index Summit24e3 Switch Installation and User Guide...
Page 239 Summit24e3 Switch Installation and User Guide config iparp timeout config iproute add config iproute add blackhole config iproute add default 89, 137...
Page 240 95, 98 104, 110 43, 46 89, 137 188, 200 95, 99 162, 164 43, 86 96, 99 96, 100 96, 100 43, 86 43, 173, 178 173, 179 43, 153, 154 124, 127, 128 Summit24e3 Switch Installation and User Guide...
Page 241 Summit24e3 Switch Installation and User Guide disable sntp-client disable ssh2 disable stpd disable stpd port disable syslog disable tacacs disable tacacs-accounting...
Page 242 137, 144 172, 178 172, 178, 180 172, 178 172, 178 148, 152, 154 148, 155 52, 55 192, 202 73, 75 73, 141, 142, 144 73, 150 73, 149 73, 149 137, 142, 143 Summit24e3 Switch Installation and User Guide...
Page 243 Summit24e3 Switch Installation and User Guide 96, 100 73, 74 68, 144, 148, 222 86, 142, 144 47, 50 47, 48 176, 179...
Page 244 244 - Index of Commands Summit24e3 Switch Installation and User Guide...

This manual is also suitable for:

Summit24e3

Extreme Networks Summit Summit24 Installation And User Manual

Routing Information Protocol (RIP) Version 1 and RIP Version

Notice Icons

Preface

Introduction

Conventions

Related Publications

Chapter 1 Summit24E3 Switch Overview

Summary of Features

Summit24E3 Switch Front View

Summit24E3 Switch LED Behavior

Summit24E3 Switch Rear View

Summit24E3 Switch Leds

Port Connections

Full-Duplex

Mini-GBIC Type and Hardware/Software Support

Chapter 2 Switch Installation

Determining the Switch Location

Following Safety Information

Installing the Switch

Connecting Equipment to the Console Port

Console Connector Pinouts

Powering on the Switch

Checking the Installation

Logging in for the First Time

Installing or Replacing a Mini-Gigabit Interface Connector (Mini-GBIC)

Caution

Chapter 3 Extremeware Overview

Summary of Features

Software Licensing

Security Licensing

Software Factory Defaults

Chapter 4 Accessing the Switch

Understanding the Command Syntax

Command Syntax Symbols

Line-Editing Keys

Command History

Common Commands

Configuring Management Access

Default Accounts

Checking Basic Connectivity

DNS Commands

Domain Name Service Client Services

Chapter 5 Managing the Switch

Overview

Using the Console Interface

Using Telnet

Using Secure Shell 2 (SSH2)

Using SNMP

Authenticating Users

RADIUS Commands

Using Network Login

Network Login Configuration Commands

Using the Simple Network Time Protocol

Greenwich Mean Time Offsets

SNTP Configuration Commands

Chapter 6 Configuring Ports on a Switch

Enabling and Disabling Switch Ports

Switch Port Commands

Load Sharing on the Switch

Switch Port-Mirroring

Extreme Discovery Protocol

Switch Port-Mirroring Configuration Commands

EDP Commands

Chapter 7 Virtual Lans (Vlans)

Overview of Virtual Lans

Types of Vlans

VLAN Names

Configuring Vlans on the Switch

VLAN Configuration Commands

Displaying VLAN Settings

Chapter 8 Forwarding Database (FDB)

Overview of the FDB

Configuring FDB Entries

FDB Configuration Commands

Displaying FDB Entries

Chapter 9 Access Policies

Overview of Access Policies

Using Access Control Lists

Access Control List Configuration Commands