Page of 165
Download Table of ContentsContents Print This PagePrint Bookmark

HP GbE2c - Blc Layer 2/3 Fiber SFP Option Application Manual

Ethernet blade switch for c-class bladesystem.
Hide thumbs
HP GbE2c Ethernet Blade Switch for c-Class BladeSystem
Application Guide
Part number: 418119-003
Third edition: December 2006

Advertising

   Related Manuals for HP GbE2c - Blc Layer 2/3 Fiber SFP Option

   Summary of Contents for HP GbE2c - Blc Layer 2/3 Fiber SFP Option

  • Page 1

    HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Application Guide Part number: 418119-003 Third edition: December 2006...

  • Page 2

    Legal notices © 2004, 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents Accessing the switch Introduction ............................. 8 Additional references ..........................8 Typographical conventions........................9 Management Network..........................9 Connecting through the console port....................10 Connecting through Telnet........................10 Connecting through Secure Shell......................10 Using the command line interfaces ......................10 Configuring an IP interface......................... 11 Using the Browser-based Interface......................

  • Page 4: Table Of Contents

    802.1x port states..........................41 Supported RADIUS attributes ......................41 EAPoL configuration guidelines ......................42 Port-based traffic control ......................... 42 VLANs Introduction ............................43 Overview.............................. 43 VLANs and port VLAN ID numbers ......................43 VLAN numbers ..........................43 PVID numbers ........................... 43 Viewing and configuring PVIDs......................

  • Page 5: Table Of Contents

    Overview.............................. 70 Using ACL filters ............................ 71 Summary of packet classifiers ......................71 Summary of ACL actions ........................72 Understanding ACL precedence......................72 Using ACL Groups ..........................74 ACL Metering and Re-marking ......................... 74 Metering ............................74 Re-marking ............................75 Viewing ACL statistics..........................

  • Page 6: Table Of Contents

    Neighbors and adjacencies ......................109 Link-State Database ......................... 109 Shortest Path First Tree ........................109 Internal versus external routing......................109 OSPF implementation in GbE2c software ....................110 Configurable parameters ......................... 110 Defining areas ..........................110 Interface cost ..........................112 Electing the designated router and backup ..................112 Summarizing routes.........................

  • Page 7: Table Of Contents

    Other network troubleshooting techniques ....................162 Console and Syslog messages ......................162 Ping .............................. 162 Trace route............................. 163 Statistics and state information ......................163 Customer support tools ........................163 Index Accessing the switch 7...

  • Page 8: Introduction, Additional References

    Accessing the switch Introduction This guide will help you plan, implement, and administer the switch software for the HP GbE2c Ethernet Blade Switch and the HP GbE2c Layer 2/3 Ethernet Blade Switch. Where possible, each section provides feature overviews, usage examples, and configuration instructions.

  • Page 9: Typographical Conventions, Management Network

    Typographical conventions The following table describes the typographic styles used in this guide: Table 1 Typographic conventions Typeface or symbol Meaning Example This type depicts onscreen computer output and AaBbCc123 Main# prompts. This type displays in command examples and shows AaBbCc123 Main# sys text that must be typed in exactly as shown.

  • Page 10: Connecting Through The Console Port, Connecting Through Telnet, Connecting Through Secure Shell

    Connecting through the console port Using a null modem cable, you can directly connect to the switch through the console port. A console connection is required in order to configure Telnet or other remote access applications. For more information on establishing console connectivity to the switch, see the HP GbE2c Ethernet Blade Switch for c-Class BladeSystem User Guide.

  • Page 11: Configuring An Ip Interface, Using The Browser-based Interface

    Configuring an IP interface An IP interface address must be set on the switch to provide management access to the switch over an IP network. By default, the management interface is set up to request its IP address from a Bootstrap Protocol (BOOTP) server. If you have a BOOTP server on your network, add the Media Access Control (MAC) address of the switch to the BOOTP configuration file located on the BOOTP server.

  • Page 12: Using Simple Network Management Protocol, Snmp V1.0, Snmp V3.0, Default Configuration

    Statistics—These menus provide access to the switch statistics and state information. Dashboard—These menus display settings and operating status of a variety of switch features. Using Simple Network Management Protocol The switch software provides SNMP v1.0 and SNMP v3.0 support for access through any network management software, such as HP-OpenView.

  • Page 13: User Configuration

    User configuration Users can be configured to use the authentication/privacy options. The GbE2c supports two authentication algorithms: MD5 and SHA, as specified in the following command: /cfg/sys/ssnmp/snmpv3/usm <x>/auth md5|sha To configure a user with name 'admin,' authentication type MD5, and authentication password of 'admin,' privacy option DES with privacy password of 'admin,' use the following CLI commands: >>...

  • Page 14: View Based Configurations

    View based configurations CLI user equivalent To configure an SNMP user equivalent to the CLI 'user,' use the following configuration: /c/sys/ssnmp/snmpv3/usm 4 name "usr" (Configure the user) /c/sys/ssnmp/snmpv3/access 3 name "usrgrp" (Configure access group 3) rview "usr" wview "usr" nview "usr" /c/sys/ssnmp/snmpv3/group 4 (Assign user to access group 3) uname usr...

  • Page 15: Configuring Snmp Trap Hosts, Snmpv1 Trap Host

    Configuring SNMP trap hosts SNMPv1 trap host Configure a user with no authentication or password. /c/sys/ssnmp/snmpv3/usm 10 (Configure user named “v1trap”) name "v1trap" Configure an access group and group table entries for the user. Use the following command to specify which traps can be received by the user: /c/sys/ssnmp/snmpv3/access <x>/nview /c/sys/ssnmp/snmpv3/access 10...

  • Page 16: Snmpv2 Trap Host Configuration, Snmpv3 Trap Host Configuration

    SNMPv2 trap host configuration The SNMPv2 trap host configuration is similar to the SNMPv1 trap host configuration. Wherever you specify the model, specify snmpv2 instead of snmpv1. c/sys/ssnmp/snmpv3/usm 10 (Configure user named “v2trap”) name "v2trap" /c/sys/ssnmp/snmpv3/access 10 (Define access group to view SNMPv2 traps) name "v2trap"...

  • Page 17: Secure Access To The Switch, Setting Allowable Source Ip Address Ranges

    See the HP GbE2c Ethernet Blade Switch for c-Class BladeSystem User Guide for a complete list of supported MIBs. Secure access to the switch Secure switch management is needed for environments that perform significant management functions across the Internet. The following are some of the functions for secured management: Limiting management users to a specific IP address range.

  • Page 18: Radius Authentication And Authorization

    In this example, the management network is set to 192.192.192.0 and management mask is set to 255.255.255.128. This defines the following range of allowed IP addresses: 192.192.192.1 to 192.192.192.127. The following source IP addresses are granted or not granted access to the switch: A host with a source IP address of 192.192.192.21 falls within the defined range and would be allowed to access the switch.

  • Page 19

    Configure the primary RADIUS secret and secondary RADIUS secret. >> RADIUS Server# secret Enter new RADIUS secret: <1-32 character secret> >> RADIUS Server# secret2 Enter new RADIUS second secret: <1-32 character secret> CAUTION: If you configure the RADIUS secret using any method other than a direct console connection, the secret may be transmitted over the network as clear text.

  • Page 20: Radius Authentication Features

    CAUTION: If you configure the RADIUS secret using any method other than a direct console connection, the secret may be transmitted over the network as clear text. Click Submit. Apply, verify, and save the configuration. RADIUS authentication features The switch supports the following RADIUS authentication features: Supports RADIUS client on the switch, based on the protocol definitions in RFC 2138 and RFC 2866.

  • Page 21: Tacacs+ Authentication

    User accounts for RADIUS users The user accounts listed in the following table can be defined in the RADIUS server dictionary file. Table 2 User access levels User account Description and tasks performed User User interaction with the switch is completely passive; nothing can be changed on the switch. Users may display information that has no security or privacy implications, such as switch statistics and current operational state information.

  • Page 22: How Tacacs+ Authentication Works, Tacacs+ Authentication Features, Authorization

    TACACS+ offers full packet encryption whereas RADIUS offers password-only encryption in authentication requests. TACACS+ separates authentication, authorization, and accounting. How TACACS+ authentication works TACACS+ works much in the same way as RADIUS authentication. Remote administrator connects to the switch and provides user name and password. NOTE: The user name and password can have a maximum length of 128 characters.

  • Page 23: Accounting, Configuring Tacacs+ Authentication On The Switch (cli Example)

    Accounting Accounting is the action of recording a user’s activities on the device for the purposes of billing and/or security. It follows the authentication and authorization actions. If the authentication and authorization is not performed via TACACS+, no TACACS+ accounting messages are sent out. You can use TACACS+ to record and track software logins, configuration changes, and interactive commands.

  • Page 24: Configuring Tacacs+ Authentication On The Switch (bbi Example)

    Configure custom privilege-level mapping (optional). >> TACACS+ Server# usermap 2 Current privilege mapping for remote privilege 2: not set Enter new local privilege mapping: user >> TACACS+ Server# usermap 3 user >> TACACS+ Server# usermap 4 user >> TACACS+ Server# usermap 5 oper Apply and save the configuration.

  • Page 25: Secure Shell And Secure Copy

    Configure custom privilege-level mapping (optional). Click Submit to accept each mapping change. Apply, verify, and save the configuration. Secure Shell and Secure Copy Secure Shell (SSH) and Secure Copy (SCP) use secure tunnels to encrypt and secure messages between a remote administrator and the switch.

  • Page 26

    Configuring SSH and SCP features (CLI example) Before you can use SSH commands, use the following commands to turn on SSH and SCP. Enabling or disabling SSH To enable the SSH feature, connect to the switch CLI and enter the following commands: >>...

  • Page 27: Using Ssh And Scp Client Commands

    Using SSH and SCP client commands The following shows the format for using some client commands. The examples below use 205.178.15.157 as the IP address of a sample switch. Logging in to the switch Enter the following command to log in to the switch: ssh <user>@<switch IP address>...

  • Page 28: Ssh And Scp Encryption Of Management Messages

    SSH and SCP encryption of management messages The following encryption and authentication methods are supported for SSH and SCP: Server Host Authentication—Client RSA authenticates the switch at the beginning of every connection Key Exchange—RSA Encryption—AES256-CBC, AES192-CBC, 3DES-CBC, 3DES, ARCFOUR User Authentication—Local password authentication, RADIUS, TACACS+ Generating RSA host and server keys for SSH access To support the SSH server feature, two sets of RSA keys (host and server keys) are required.

  • Page 29: User Access Control, Setting Up User Ids

    User access control The switch allows an administrator to define end user accounts that permit end users to perform limited actions on the switch. Once end user accounts are configured and enabled, the switch requires username/password authentication. For example, an administrator can assign a user who can log into the switch and perform operational commands (effective only until the next switch reboot).

  • Page 30: Ports On The Switch, Introduction

    Ports and trunking Introduction The first part of this chapter describes the different types of ports used on the switch. This information is useful in understanding other applications described in this guide, from the context of the embedded switch/server environment. For specific information on how to configure ports for speed, auto-negotiation, and duplex modes, see the port commands in the HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Command Reference Guide.

  • Page 31: Port Trunk Groups, Statistical Load Distribution, Built-in Fault Tolerance, Before You Configure Trunks

    Port trunk groups When using port trunk groups between two switches, you can create an aggregate link operating at up to five Gigabits per second, depending on how many physical ports are combined. The switch supports up to 12 trunk groups per switch, each with up to six ports per trunk group.

  • Page 32: Port Trunking Example

    You cannot configure a trunk member as a monitor port in a Port Mirroring configuration. A monitor port cannot monitor trunks; however, trunk members can be monitored. Port trunking example In this example, the Gigabit uplink ports on each switch, and the crosslink ports are configured into a total of five trunk groups: two on each switch, and one trunk group at the crosslink between the two switches.

  • Page 33: Configuring Trunk Groups (cli Example)

    Configuring trunk groups (CLI example) On Switch 1, configure trunk groups 5 and 3: >> # /cfg/l2/trunk 5 (Select trunk group 5) >> Trunk group 5# add 23 (Add port 23 to trunk group 5) >> Trunk group 5# add 24 (Add port 24 to trunk group 5) >>...

  • Page 34: Configuring Trunk Groups (bbi Example)

    Configuring trunk groups (BBI example) Configure trunk groups. Click the Configure context button on the Toolbar. Open the Layer 2 folder, and select Trunk Groups. Click a Trunk Group number to select it. Ports and trunking 34...

  • Page 35

    Enable the Trunk Group. To add ports, select each port in the Ports Available list, and click Add Click Submit. Apply, verify, and save the configuration. Examine the trunking information on each switch. Click the Dashboard context button on the Toolbar. Ports and trunking 35...

  • Page 36: Configurable Trunk Hash Algorithm

    Select Trunk Groups. Information about each configured trunk group is displayed. Make sure that trunk groups consist of the expected ports and that each port is in the expected state. Configurable Trunk Hash algorithm This feature allows you to configure the particular parameters for the GbE2c Trunk Hash algorithm instead of having to utilize the defaults.

  • Page 37: Link Aggregation Control Protocol

    Link Aggregation Control Protocol Link Aggregation Control Protocol (LACP) is an IEEE 802.3ad standard for grouping several physical ports into one logical port (known as a dynamic trunk group or Link Aggregation group) with any device that supports the standard. Refer to the IEEE 802.3ad-2002 for a full description of the standard.

  • Page 38: Configuring Lacp

    Configuring LACP Use the following procedure to configure LACP for port 20 and port 21 to participate in link aggregation. Set the LACP mode on port 20. >> # /cfg/l2/lacp/port 20 (Select port 20) >> LACP port 20# mode active (Set port 20 to LACP active mode) Define the admin key on port 20.

  • Page 39: Port-based Network Access And Traffic Control Port-based Network Access Control, Extensible Authentication Protocol Over Lan

    Port-based Network Access and traffic control Port-based Network Access control Port-based Network Access control provides a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connection characteristics. It prevents access to ports that fail authentication and authorization.

  • Page 40: Eapol Message Exchange

    The following figure shows a typical message exchange initiated by the client. Figure 2 Using EAPoL to authenticate a port EAPoL Message Exchange During authentication, EAPOL messages are exchanged between the client and the switch authenticator, while RADIUS-EAP messages are exchanged between the switch authenticator and the Radius authentication server. Authentication is initiated by one of the following methods: Switch authenticator sends an EAP-Request/Identity packet to the client.

  • Page 41: X Port States, Supported Radius Attributes

    802.1x port states The state of the port determines whether the client is granted access to the network, as follows: Unauthorized—While in this state, the port discards all ingress and egress traffic except EAP packets. Authorized—When the client is authenticated successfully, the port transitions to the authorized state allowing all traffic to and from the client to flow normally.

  • Page 42: Eapol Configuration Guidelines, Port-based Traffic Control

    EAPoL configuration guidelines When configuring EAPoL, consider the following guidelines: The 802.1x port-based authentication is currently supported only in point-to-point configurations, that is, with a single supplicant connected to an 802.1x-enabled switch port. When 802.1x is enabled, a port has to be in the authorized state before any other Layer 2 feature can be operationally enabled.

  • Page 43: Vlans Introduction, Overview, Vlans And Port Vlan Id Numbers, Vlan Numbers, Pvid Numbers

    VLANs Introduction This chapter describes network design and topology considerations for using Virtual Local Area Networks (VLANs). VLANs are commonly used to split up groups of network users into manageable broadcast domains, to create logical segmentation of workgroups, and to enforce security policies among logical segments. The following topics are discussed in this chapter: VLANs and Port VLAN ID Numbers VLAN Tagging...

  • Page 44: Viewing And Configuring Pvids, Vlan Tagging

    Viewing and configuring PVIDs You can view PVIDs from the following CLI commands: Port information >> /info/port Port Tag RMON PVID NAME VLAN(s) ---- --- ---- ---- -------------- ------------------------------- 1 Downlink1 1 Downlink2 1 Downlink3 1 Downlink4 1 Downlink5 1 Downlink6 1 Downlink7 Port configuration >>...

  • Page 45

    Figure 3 Default VLAN settings NOTE: The port numbers specified in these illustrations may not directly correspond to the physical port configuration of your switch model. When you configure VLANs, you configure the switch ports as tagged or untagged members of specific VLANs. See the following figures.

  • Page 46

    Figure 5 802.1Q tagging (after port-based VLAN assignment) In the following figure, the tagged incoming packet is assigned directly to VLAN 2 because of the tag assignment in the packet. Port 5 is configured as a tagged member of VLAN 2, and port 7 is configured as an untagged member of VLAN 2.

  • Page 47: Vlans And Ip Interfaces, Vlan Topologies And Design Considerations, Vlan Configuration Rules

    VLANs and IP interfaces Carefully consider how you create VLANs within the switch, so that communication with the switch remains possible. In order to access the switch for remote configuration, trap messages, and other management functions, be sure that at least one IP interface on the switch has a VLAN defined. You can also inadvertently cut off access to management functions if you exclude the ports from the VLAN membership.

  • Page 48

    Figure 8 Multiple VLANs with VLAN tagging The features of this VLAN are described in the following table: Table 10 Multiple VLANs with tagging Component Description Switch 1 Switch 1 is configured for VLANS 1, 2, and 3. Port 1 is tagged to accept traffic from VLANs 1 and 2.

  • Page 49: Configuring The Example Network

    Table 10 Multiple VLANs with tagging Component Description PC #3 This PC is a member of VLAN 1 and VLAN 2. Via VLAN 1, it can communicate with Server 1 and PC 5. Via VLAN 2, it can communicate with Server 1, PC 1, and PC 5. PC #4 This PC is a member of VLAN 3, and it can communicate with Server 1, Server 2, and PC 1.

  • Page 50

    Configure the VLANs and their member ports. Since all ports are by default configured for VLAN 1, configure only those ports that belong to VLAN 2. Crosslink ports 17 and 18 must belong to VLANs 1 and 2. >> /cfg/l2/vlan 2 >>...

  • Page 51

    Configure the VLANs and their member ports. Since all ports are by default configured for VLAN 1, configure only those ports that belong to other VLANs. >> /cfg/l2/vlan 3 >> VLAN 3# add 2 Current ports for VLAN 3: empty Pending new ports for VLAN 3: 2 >>...

  • Page 52

    Click a port number to select it. Enable the port and enable VLAN tagging. Click Submit. VLANs 52...

  • Page 53

    Configure the VLANs and their member ports. Open the Virtual LANs folder, and select Add VLAN. Enter the VLAN name, VLAN ID number, and enable the VLAN. To add ports, select each port in the Ports Available list and click Add. Since all ports are configured for VLAN 1 by default, configure only those ports that belong to VLAN 2.

  • Page 54: Fdb Static Entries, Trunking Support For Fdb Static Entries, Configuring A Static Fdb Entry

    The external Layer 2 switches should also be configured for VLANs and tagging. Apply, verify, and save the configuration. FDB static entries Static entries in the Forwarding Database (FDB) allow the switch to forward packets without flooding ports to perform a lookup.

  • Page 55: Overview, Introduction, Bridge Protocol Data Units, Determining The Path For Forwarding Bpdus

    Spanning Tree Protocol Introduction When multiple paths exist on a network, Spanning Tree Protocol (STP) configures the network so that a switch uses only the most efficient path. The following topics are discussed in this chapter: Overview Bridge Protocol Data Units (BPDUs) Spanning Tree Group (STG) configuration guidelines Multiple Spanning Trees Overview...

  • Page 56: Spanning Tree Group Configuration Guidelines, Default Spanning Tree Configuration

    Port path cost The port path cost assigns lower values to high-bandwidth ports, such as Gigabit Ethernet, to encourage their use. The objective is to use the fastest links so that the route with the lowest cost is chosen. A value of 0 indicates that port cost is computed dynamically based on link speed.

  • Page 57: Adding And Removing Ports From Stgs, Assigning Cost To Ports And Trunk Groups

    Adding and removing ports from STGs Information on adding and removing ports from STGs is as follows: By default, all ports belong to VLAN 1 and STG 1. Each port is always a member of at least one VLAN. Each VLAN is always a member of at least one STG. Port membership within VLANs can be changed, and VLAN membership within STGs can be changed.

  • Page 58: Vlan Participation In Spanning Tree Groups, Configuring Multiple Spanning Tree Groups

    Figure 9 Two VLANs on one instance of Spanning Tree Protocol In the following figure, VLAN 1 and VLAN 2 belong to different Spanning Tree Groups. The two instances of spanning tree separate the topology without forming a loop, so that both VLANs can forward packets between the switches without losing connectivity.

  • Page 59

    Configuring Switch 1 (CLI example) Configure port and VLAN membership on Switch 1 as described in the “Configuring ports and VLANs on Switch 1 (CLI example)” section, in the “VLANs” chapter of this guide. Add VLAN 2 to Spanning Tree Group 2. >>...

  • Page 60: Port Fast Forwarding

    Enter the Spanning Tree Group number and set the Switch Spanning Tree State to on. To add a VLAN to the Spanning Tree Group, select the VLAN in the VLANs Available list, and click Add. VLAN 2 is automatically removed from Spanning Tree Group 1. Scroll down, and click Submit.

  • Page 61: Configuring Port Fast Forwarding, Fast Uplink Convergence, Configuration Guidelines, Configuring Fast Uplink Convergence

    Configuring Port Fast Forwarding Use the following CLI commands to enable Port Fast Forwarding on an external port. >> # /cfg/l2/stp 1/port 20 (Select port 20) >> Spanning Tree Port 20# fastfwd ena (Enable Port Fast Forwarding) >> Spanning Tree Port 20# apply (Make your changes active) >>...

  • Page 62: Rapid Spanning Tree Protocol, Introduction, Port State Changes, Port Type And Link Type

    RSTP and MSTP Introduction Rapid Spanning Tree Protocol (IEEE 802.1w) enhances the Spanning Tree Protocol (IEEE 802.1d) to provide rapid convergence on Spanning Tree Group 1. Multiple Spanning Tree Protocol (IEEE 802.1s) extends the Rapid Spanning Tree Protocol to provide both rapid convergence and load balancing in a VLAN environment. The following topics are discussed in this chapter: Rapid Spanning Tree Protocol (RSTP) Multiple Spanning Tree Protocol (MSTP)

  • Page 63: Rstp Configuration Guidelines, Rstp Configuration Example

    Link type The link type determines how the port behaves in regard to Rapid Spanning Tree. The link type corresponds to the duplex mode of the port. A full-duplex link is point-to-point (p2p), while a half-duplex link should be configured as shared.

  • Page 64

    Select RSTP mode, and set the MSTP/RSTP state to ON. Click Submit. Apply, verify, and save the configuration. RSTP and MSTP 64...

  • Page 65: Multiple Spanning Tree Protocol, Mstp Region, Common Internal Spanning Tree, Mstp Configuration Guidelines

    Multiple Spanning Tree Protocol IEEE 802.1s Multiple Spanning Tree extends the IEEE 802.1w Rapid Spanning Tree Protocol through multiple Spanning Tree Groups. MSTP maintains up to 128 spanning-tree instances that correspond to STP Groups 1-128. In Multiple Spanning Tree Protocol (MSTP), several VLANs can be mapped to each Spanning-Tree instance. Each Spanning-Tree instance is independent of other instances.

  • Page 66

    Assign VLANs to Spanning Tree Groups. >> /cfg/l2/stp 2 (Select Spanning Tree Group 2) >> Spanning Tree Group 2# add 2 (Add VLAN 2) >> Spanning Tree Group 2# apply (Apply the configurations) Configuring Multiple Spanning Tree Protocol (BBI example) Configure port and VLAN membership on the switch, as described in the “Configuring ports and VLANs (BBI example)”...

  • Page 67

    Configure Common Internal Spanning Trees (CIST) bridge parameters. Open the MSTP/RSTP folder, and select CIST-Bridge. Enter the Bridge Priority, Maximum Age, and Forward Delay values. Click Submit. RSTP and MSTP 67...

  • Page 68

    Configure Common Internal Spanning Tree (CIST) port parameters. Open the MSTP/RSTP folder, and select CIST-Ports. Click a port number to select it. RSTP and MSTP 68...

  • Page 69

    Enter the Port Priority, Path Cost, and select the Link Type. Set the CIST Port State to ON. Click Submit. Apply, verify, and save the configuration. RSTP and MSTP 69...

  • Page 70: Quality Of Service Introduction, Overview

    Quality of Service Introduction Quality of Service features allow you to allocate network resources to mission-critical applications at the expense of applications that are less sensitive to such factors as time delays or network congestion. You can configure your network to prioritize specific types of traffic, ensuring that each type receives the appropriate Quality of Service (QoS) level.

  • Page 71: Using Acl Filters, Summary Of Packet Classifiers

    Queue and schedule traffic: Place packets in one of two COS queues Schedule transmission based on the COS queue weight Using ACL filters Access Control Lists are filters that allow you to classify and segment traffic, so you can provide different levels of service to different traffic types.

  • Page 72: Summary Of Acl Actions, Understanding Acl Precedence

    Table 15 Well-known application ports Number TCP/UDP Number TCP/UDP Number TCP/UDP Application Application Application tftp snmp 1985 gopher snmptrap Table 16 Well-krown TCP flag values Flag Value 0x0020 0x0010 0x0008 0x0004 0x0002 0x0001 Packet Format Ethernet format (eth2, SNAP, LLC) Ethernet tagging format Egress port packets Note that the egress port ACL will not match a broadcast, multicast, unknown unicast, or Layer 3 packet.

  • Page 73

    Table 17 ACI Precedence Groups Precedence Group ACLs Packet Classifiers Precedence Level Precedence Group 2 ACL 128 – ACL 254 Source MAC address Destination MAC address Ethernet type VLAN ID 802.1p Packet format Precedence Group 3 ACL 255 – ACL 381 Source IP Address Destination IP Address IP protocol...

  • Page 74: Using Acl Groups, Acl Metering And Re-marking, Metering

    Using ACL Groups Access Control Lists (ACLs) allow you to classify packets according to a particular content in the packet header, such as the source address, destination address, source port number, destination port number, and others. Packet classifiers identify flows for more processing. You can define a traffic profile by compiling a number of ACLs into an ACL Group, and assigning the ACL Group to a port.

  • Page 75: Re-marking, Viewing Acl Statistics, Acl Configuration Examples, Configure Access Control Lists (cli Example)

    Using meters, you set a Committed Rate in Kb/s (1024 bits per second in each Kb/s). All traffic within this Committed Rate is In-Profile. Additionally, you set a Maximum Burst Size that specifies an allowed data burst larger than the Committed Rate for a brief period.

  • Page 76: Configure Access Control Lists And Groups (bbi Example 1)

    In this example, all traffic that ingresses on port 20 with source IP from the class 100.10.1.0/24 and destination IP 200.20.1.116 is denied. Example 3: Use this configuration to block traffic from a source that is destined for a specific egress port. >>...

  • Page 77

    Configure the ACL parameters. Set the Filter Action to Deny, the Ethernet Type to IPv4, and the Destination IP Address to 100.10.1.116. Click Submit. Quality of Service 77...

  • Page 78

    Apply, verify, and save the configuration. Add ACL 1 to port 1. Click the Configure context button on the Toolbar. Select Switch Ports (click the underlined text, not the folder). Select a port. Quality of Service 78...

  • Page 79

    Add the ACL to the port. Click Submit. Apply, verify, and save the configuration. Quality of Service 79...

  • Page 80: Using Dscp Values To Provide Qos, Differentiated Services Concepts, Per Hop Behavior

    Using DSCP values to provide QoS The six most significant bits in the TOS byte of the IP header are defined as DiffServ Code Points (DSCP). Packets are marked with a certain value depending on the type of treatment the packet must receive in the network device. DSCP is a measure of the Quality of Service (QoS) level of the packet.

  • Page 81: Qos Levels, Using 802.1p Priorities To Provide Qos

    Table 19 Class selector priority classes Priority Class Selector DSCP Lowest QoS levels The following table shows the default service levels provided by the GbE2c, listed from highest to lowest importance: Table 20 Default QoS service levels Service Level Default PHB 802.1p Priority Critical Network Control...

  • Page 82: P Configuration (cli Example)

    Use the /cfg/qos/8021p/cur command to display the mapping between 802.1p values, Class of Service queues (COSq), and COSq scheduling weights. >> 802.1p# cur Current priority to COS queue configuration: Number of COSq: 2 Priority COSq Weight -------- ---- ------ 802.1p configuration (CLI example) Configure a port’s default 802.1 priority.

  • Page 83: P Configuration (bbi Example)

    802.1p configuration (BBI example) Configure a port’s default 802.1p priority. Click the Configure context button on the Toolbar. Select Switch Ports (click the underlined text, not the folder). Select a port. Quality of Service 83...

  • Page 84

    Set the 802.1p priority value. Click Submit. Map the 802.1p priority value to a COS queue. Click the Configure context button on the Toolbar. Open the 802.1p folder, and select Priority - CoS. Quality of Service 84...

  • Page 85

    Select an 802.1p priority value. Select a Class of Service queue (CoSQ) to correlate with the 802.1p priority value. Click Submit. Set the COS queue scheduling weight. Click the Configure context button on the Toolbar. Open the 802.1p folder, and select CoS - Weight. Quality of Service 85...

  • Page 86: Queuing And Scheduling

    Select a Class of Service queue (CoS). Enter a value for the weight of the Class of Service queue. Click Submit. Apply, verify, and save the configuration. Queuing and scheduling The GbE2c has two output Class of Service queues (COSq) per port (0-1), into which each packet is placed. Each packet’s 802.1p priority determines its COSq, except when an ACL action sets the COSq of the packet.

  • Page 87: Ip Routing Benefits, Routing Between Ip Subnets

    Basic IP routing This chapter provides configuration background and examples for using the GbE2c Layer 2/3 Ethernet Blade Switch to perform IP routing functions. The following topics are addressed in this chapter: IP Routing Benefits Routing Between IP Subnets Example of Subnet Routing Defining IP Address Ranges for the Local Route Cache Dynamic Host Configuration Protocol NOTE:...

  • Page 88

    Figure 14 Router legacy network In this example, a corporate campus has migrated from a router-centric topology to a faster, more powerful, switch- based topology. As is often the case, the legacy of network growth and redesign has left the system with a mix of illogically distributed subnets.

  • Page 89: Example Of Subnet Routing

    Take a closer look at the GbE2c in the following configuration example: Figure 15 Switch-based routing topology The GbE2c connects the Gigabit Ethernet and Fast Ethernet trunks from various switched subnets throughout one building. Common servers are placed on another subnet attached to the switch. Primary and backup routers are attached to the switch on yet another subnet.

  • Page 90

    Assign an IP interface for each subnet attached to the switch. Since there are four IP subnets connected to the switch, four IP interfaces are needed Table 022 Subnet routing example: IP interface assignments Interface Devices IP Interface Address IF 1 Primary and Secondary Default Routers 205.21.17.3 IF 2...

  • Page 91: Using Vlans To Segregate Broadcast Domains

    Using VLANs to segregate broadcast domains In the previous example, devices that share a common IP network are all in the same broadcast domain. If you want to limit the broadcasts on your network, you could use VLANs to create distinct broadcast domains. For example, as shown in the following procedure, you could create one VLAN for the client trunks, one for the routers, and one for the servers.

  • Page 92: Dynamic Host Configuration Protocol, Dhcp Relay Agent

    Add each IP interface to the appropriate VLAN. Now that the ports are separated into three VLANs, the IP interface for each subnet must be placed in the appropriate VLAN. The settings are made as follows: >> VLAN 3# /cfg/l3/if 1 (Select IP interface 1 for def.

  • Page 93: Dhcp Relay Agent Configuration

    switch. The servers respond as a UDP Unicast message back to the switch, with the default gateway and IP address for the client. The destination IP address in the server response represents the interface address on the switch that received the client request. This interface address tells the switch on which VLAN to send the server response to the client.

  • Page 94: Stability, Routing Updates, Ripv1, Ripv2

    Routing Information Protocol In a routed environment, routers communicate with one another to keep track of available routes. Routers can learn about available routes dynamically, using the Routing Information Protocol (RIP). GbE2c software supports RIP version 1 (RIPv1) and RIP version 2 (RIPv2) for exchanging TCP/IP route information with other routers. NOTE: RIP is available only on the GbE2c Layer 2/3 Ethernet Blade Switch.

  • Page 95: Ripv2 In Ripv1 Compatibility Mode, Rip Features, Poison, Triggered Updates, Multicast, Default, Metric, Authentication

    RIPv2 in RIPv1 compatibility mode GbE2c software allows you to configure RIPv2 in RIPv1compatibility mode, for using both RIPv2 and RIPv1 routers within a network. In this mode, the regular routing updates use broadcast UDP data packet to allow RIPv1 routers to receive those packets.

  • Page 96: Rip Configuration Example

    RIP configuration example NOTE: An interface RIP disabled uses all the default values of the RIP, no matter how the RIP parameters are configured for that interface. RIP sends out RIP regular updates to include an Up interface, but not a Down interface.

  • Page 97: Igmp Snooping Introduction, Overview, Fastleave

    IGMP Snooping Introduction IGMP Snooping allows the switch to forward multicast traffic only to those ports that request it. IGMP Snooping prevents multicast traffic from being flooded to all data ports. The switch learns which server hosts are interested in receiving multicast traffic, and forwards it only to ports connected to those servers.

  • Page 98: Igmp Filtering, Static Multicast Router, Igmp Snooping Configuration Example

    IGMP Filtering With IGMP Filtering, you can allow or deny a port to send and receive multicast traffic to certain multicast groups. Unauthorized users are restricted from streaming multicast traffic across the network. If access to a multicast group is denied, IGMP Membership Reports from the port for that group are dropped, and the port is not allowed to receive IP multicast traffic from that group.

  • Page 99

    View dynamic IGMP information. >> /info/l3/igmp (Select IGMP Information menu) >> IGMP Multicast# dump (Show IGMP Group information) >> Switch-A - IGMP Multicast# dump Group VLAN Version Port ----------- ------ --------- ------------- 238.1.0.0 238.1.0.1 >> IGMP Multicast# mrouter (Select MRouter Information menu) >>...

  • Page 100

    Assign the IGMP Filter to a port. >> //cfg/l3/igmp/igmpflt (Select IGMP Filtering menu) >>IGMP Filter# port 24 (Select port 24) >>IGMP Port 24# filt ena (Enable IGMP Filtering on the port) Current port 24 filtering: disabled New port 24 filtering: enabled >>IGMP Port 24# add 1 (Add IGMP Filter 1 to the port) >>IGMP Port 24# apply...

  • Page 101

    Enable IGMP Snooping. Click Submit. Apply, verify, and save the configuration. IGMP Snooping 101...

  • Page 102

    Configuring IGMP Filtering (BBI example) Configure IGMP Snooping. Enable IGMP Filtering. Click the Configure context button. Open the IGMP folder, and select IGMP Filters (click the underlined text, not the folder). Enable IGMP Filtering globally. Click Submit. IGMP Snooping 102...

  • Page 103

    Define the IGMP Filter. Select Layer 3 > IGMP > IGMP Filters > Add Filter. Enable the IGMP Filter. Assign the range of IP multicast addresses and the filter action (allow or deny). Click Submit. IGMP Snooping 103...

  • Page 104

    Assign the filter to a port and enable IGMP Filtering on the port. Select Layer 3 > IGMP > IGMP Filters > Switch Ports. Select a port from the list. IGMP Snooping 104...

  • Page 105

    Enable IGMP Filtering on the port. Select a filter in the IGMP Filters Available list, and click Add. Click Submit. Apply, verify, and save the configuration. Configuring a Static Multicast Router (BBI example) Configure Static Mrouter. Click the Configure context button. Open the Switch folder and select IP Menu >...

  • Page 106

    Apply, verify, and save the configuration. IGMP Snooping 106...

  • Page 107: Ospf Overview, Types Of Ospf Areas

    OSPF GbE2c software supports the Open Shortest Path First (OSPF) routing protocol. The GbE2c implementation conforms to the OSPF version 2 specifications detailed in Internet RFC 1583. The following sections discuss OSPF support for the GbE2c Ethernet Blade Switch: OSPF Overview: This section provides information on OSPF concepts, such as types of OSPF areas, types of routing devices, neighbors, adjacencies, link state database, authentication, and internal versus external routing.

  • Page 108: Types Of Ospf Routing Devices

    Figure 17 OSPF area types Types of OSPF routing devices As shown in the figure, OSPF uses the following types of routing devices: Internal Router (IR)—a router that has all of its interfaces within the same area. IRs maintain LSDBs identical to those of other routing devices within the local area.

  • Page 109: Neighbors And Adjacencies, Link-state Database, Shortest Path First Tree, Internal Versus External Routing

    Neighbors and adjacencies In areas with two or more routing devices, neighbors and adjacencies are formed. Neighbors are routing devices that maintain information about each others’ health. To establish neighbor relationships, routing devices periodically send hello packets on each of their interfaces. All routing devices that share a common network segment, appear in the same area, and have the same health parameters (hello and dead intervals) and authentication parameters respond to each other’s hello packets and become neighbors.

  • Page 110: Ospf Implementation In Gbe2c Software, Configurable Parameters, Defining Areas

    OSPF implementation in GbE2c software The GbE2c Ethernet Blade Switch supports a single instance of OSPF and up to 4 K routes on the network. The follow- ing sections describe OSPF implementation in GbE2c software: Configurable Parameters Defining Areas Interface Cost Electing the Designated Router and Backup Summarizing Routes Default Routes...

  • Page 111: Assigning The Area Index, Using The Area Id To Assign The Ospf Area Number

    Assigning the area index The aindex <area index> option is actually just an arbitrary index (0-2) used only by the switch. This index does not necessarily represent the OSPF area number, though for configuration simplicity, it should where possible. For example, both of the following sets of commands define OSPF area 0 (the backbone) and area 1 because that information is held in the area ID portion of the command.

  • Page 112: Interface Cost, Electing The Designated Router And Backup, Summarizing Routes, Default Routes

    Interface cost The OSPF link-state algorithm (Dijkstra’s algorithm) places each routing device at the root of a tree and determines the cumulative cost required to reach each destination. Usually, the cost is inversely proportional to the bandwidth of the interface. Low cost indicates high bandwidth. You can manually enter the cost for the output route with the following command: >>...

  • Page 113: Virtual Links

    Figure 19 Injecting default routes In more complex OSPF areas with multiple ABRs or ASBRs (such as area 0 and area 2 in the figure), there are multiple routes leading from the area. In such areas, traffic for unrecognized destinations cannot tell which route leads upstream without further configuration.

  • Page 114: Router Id, Authentication

    Router ID Routing devices in OSPF areas are identified by a router ID. The router ID is expressed in IP address format. The IP address of the router ID is not required to be included in any IP interface range or in any OSPF area. The router ID can be configured in one of the following two ways: Dynamically—OSPF protocol configures the lowest IP interface IP address as the router ID.

  • Page 115: Host Routes For Load Balancing

    Enable OSPF authentication for Area 2 on switch 4. >> # /cfg/l3/ospf/aindex 2/auth password Configure a simple text password up to eight characters for the virtual link between Area 2 and Area 0 on switches 2 and 4. >> # /cfg/l3/ospf/virt 1/key packard Use the following commands to configure MD5 authentication on the switches shown in the figure: Enable OSPF MD5 authentication for Area 0 on switches 1, 2, and 3 >>...

  • Page 116: Ospf Features Not Supported In This Release, Ospf Configuration Examples

    OSPF features not supported in this release The following OSPF features are not supported in this release: Summarizing external routes Filtering OSPF routes Using OSPF to forward multicast routes Configuring OSPF on non-broadcast multi-access networks (such as frame relay, X.25, and ATM) OSPF configuration examples A summary of the basic steps for configuring OSPF on the GbE2c is listed here.

  • Page 117

    Define the backbone. The backbone is always configured as a transit area using areaid 0.0.0.0 >> Open Shortest Path First # aindex 0(Select menu for area index 0) >> OSPF Area (index) 0 # areaid 0.0.0.0(Set the ID for backbone area 0) >>...

  • Page 118

    Configure an IP interface. Enter the IP address, subnet mask, and enable the interface. Click Submit. Apply, verify, and save the configuration. OSPF 118...

  • Page 119

    Enable OSPF. Open the OSPF Routing Protocol folder, and select General. Enable OSPF. Click Submit. OSPF 119...

  • Page 120

    Configure OSPF Areas. Open the OSPF Areas folder, and select Add OSPF Area. Configure the OSPF backbone area 0. Click Submit. OSPF 120...

  • Page 121

    Select Add OSPF Area. Configure the OSPF area 1. Click Submit. OSPF 121...

  • Page 122

    Configure OSPF Interfaces. Open the OSPF Interfaces folder, and select Add OSPF Interface. OSPF 122...

  • Page 123

    Configure the OSPF Interface 1, and attach it to the backbone area 0. Click Submit. Select Add OSPF Interface. OSPF 123...

  • Page 124: Example 2: Virtual Links

    Configure the OSPF Interface 2, and attach it to the stub area 1. Click Submit. Apply, verify, and save the configuration. Example 2: Virtual links In the example shown in the following figure, area 2 is not physically connected to the backbone as is usually required.

  • Page 125

    In this example, two IP interfaces are needed on Switch A: one for the backbone network on 10.10.7.0/24 and one for the transit area network on 10.10.12.0/24. >> # /cfg/l3/if 1 (Select menu for IP interface 1) >> IP Interface 1 # addr 10.10.7.1 (Set IP address on backbone network) >>...

  • Page 126: Configuring Ospf For A Virtual Link On Switch B

    Configuring OSPF for a virtual link on Switch B Configure IP interfaces on each network that will be attached to OSPF areas. Two IP interfaces are needed on Switch B: one for the transit area network on 10.10.12.0/24 and one for the stub area network on 10.10.24.0/24.

  • Page 127: Example 3: Summarizing Routes

    Configure the virtual link. The nbr router ID configured in this step must be the same as the router ID that was configured for Switch A in step 2. >> OSPF Interface 2 # ../virt 1 (Specify a virtual link number) >>...

  • Page 128: Verifying Ospf Configuration

    Define the backbone. >> Open Shortest Path First # aindex 0 (Select menu for area index 0) >> OSPF Area (index) 0 # areaid 0.0.0.0(Set the ID for backbone area 0) >> OSPF Area (index) 0 # type transit (Define backbone as transit type) >>...

  • Page 129: Remote Monitoring Introduction, Overview

    Remote monitoring Introduction Remote Monitoring (RMON) allows network devices to exchange network monitoring data. RMON performs the following major functions: Gathers cumulative statistics for Ethernet interfaces Tracks a history of statistics for Ethernet interfaces Creates and triggers alarms for user-defined events Overview The RMON MIB provides an interface between the RMON agent on the switch and an RMON management application.

  • Page 130

    View RMON statistics for the port. >> /stats/port 23 (Select Port 23 Stats) >> Port Statistics# rmon ------------------------------------------------------------------ RMON statistics for port 23: etherStatsDropEvents: etherStatsOctets: 7305626 etherStatsPkts: 48686 etherStatsBroadcastPkts: 4380 etherStatsMulticastPkts: 6612 etherStatsCRCAlignErrors: etherStatsUndersizePkts: etherStatsOversizePkts: etherStatsFragments: etherStatsJabbers: etherStatsCollisions: etherStatsPkts64Octets: 27445 etherStatsPkts65to127Octets: 12253 etherStatsPkts128to255Octets:...

  • Page 131

    Select a port. Enable RMON on the port. Click Submit. Remote monitoring 131...

  • Page 132: History Mib Objects

    Apply, verify, and save the configuration. RMON group 2—history The RMON History group allows you to sample and archive Ethernet statistics for a specific interface during a specific time interval. NOTE: RMON port statistics must be enabled for the port before an RMON history group can monitor the port. Data is stored in buckets, which store data gathered during discreet sampling intervals.

  • Page 133

    Configure RMON History (BBI example) Configure an RMON History group. Click the Configure context button. Open the Switch folder, and select RMON > History > Add History Group. Configure RMON History Group parameters. Click Submit. Apply, verify, and save the configuration. Remote monitoring 133...

  • Page 134: Alarm Mib Objects

    RMON group 3—alarms The RMON Alarm group allows you to define a set of thresholds used to determine network performance. When a configured threshold is crossed, an alarm is generated. For example, you can configure the switch to issue an alarm if more than 1,000 CRC errors occur during a 10-minute time interval.

  • Page 135

    Configure RMON Alarms (CLI example 2) Configure the RMON Alarm parameters to track ICMP messages. >> /cfg/rmon/alarm 5 (Select RMON Alarm 5) >> RMON Alarm 5# oid 1.3.6.1.2.1.5.8.0 >> RMON Alarm 5# intrval 60 >> RMON Alarm 5# almtype rising >>...

  • Page 136

    Configure RMON Alarm Group parameters to check ifInOctets on port 20 once every hour. Enter a rising limit of two billion, and a rising event index of 6. This configuration creates an RMON alarm that checks ifInOctets on port 20 once every hour. If the statistic exceeds two billion, an alarm is generated that triggers event index 6.

  • Page 137

    Configure RMON Alarms (BBI example 2) Configure an RMON Alarm group. Click the Configure context button. Open the Switch folder, and select RMON > Alarm > Add Alarm Group. Configure RMON Alarm Group parameters to check icmpInEchos, with a polling interval of 60, a rising limit of 200, and a rising event index of 5.

  • Page 138

    Apply, verify, and save the configuration. RMON group 9—events The RMON Event group allows you to define events that are triggered by alarms. An event can be a log message, an SNMP trap message, or both. When an alarm is generated, it triggers a corresponding event notification. Use the /cfg/rmon/alarm x/revtidx and /fevtidx commands to correlate an event index to an alarm.

  • Page 139

    Configuring RMON Events (BBI example 1) Configure an RMON Event group. Click the Configure context button. Open the Switch folder, and select RMON > Event > Add Event Group. Configure RMON Event Group parameters. This configuration creates an RMON event that sends a SYSLOG message each time it is triggered by an alarm.

  • Page 140: High Availability Introduction, Uplink Failure Detection

    High availability Introduction Switches support high availability network topologies. This release provides information about Uplink Failure Detection and Virtual Router Redundancy Protocol (VRRP). VRRP is available only on the GbE2c Layer 2/3 Ethernet Blade Switch. Uplink Failure Detection Uplink Failure Detection (UFD) is designed to support Network Adapter Teaming on HP server blades. For details about Network Adapter Teaming on HP ProLiant server blades, see the white paper at the following location: http://h18004.www1.hp.com/products/servers/networking/whitepapers.html.

  • Page 141: Failure Detection Pair, Spanning Tree Protocol With Ufd, Configuration Guidelines, Monitoring Uplink Failure Detection

    Failure Detection Pair To use UFD, you must configure a Failure Detection Pair and then turn UFD on. A Failure Detection Pair consists of the following groups of ports: Link to Monitor (LtM) The Link to Monitor group consists of one uplink port (20-24), or one trunk group that contains only uplink ports. The switch monitors the LtM for link failure.

  • Page 142: Configuring Uplink Failure Detection

    Configuring Uplink Failure Detection The preceding figure shows a basic UFD configuration. Port 21 on Blade Switch 1 is connected to a Layer 2/3 routing switch outside of the chassis. Port 20 and port 22 on Blade Switch 2 form a trunk that is connected to a different Layer 2/3 routing switch.

  • Page 143

    Configuring Uplink Failure Detection (BBI example) Configure Uplink Failure Detection. Click the Configure context button. Open the Switch folder, and select Uplink Failure Detection (click the underlined text, not the folder). Turn Uplink Failure Detection on, and then select FDP. High availability 143...

  • Page 144

    Enable the FDP. Select ports in the LtM Ports Available list, and click Add to place the ports into the Link to Monitor (LtM). Select ports in the LtD Ports Available list, and click Add to place the ports into the Link to Disable (LtD).

  • Page 145: Vrrp Overview, Vrrp Components

    VRRP overview In a high-availability network topology, no device can create a single point-of-failure for the network or force a single point-of-failure to any other part of the network. This means that your network will remain in service despite the failure of any single device.

  • Page 146: Vrrp Operation, Selecting The Master Vrrp Router, Failover Methods

    VRRP operation Only the virtual router master responds to ARP requests. Therefore, the upstream routers only forward packets destined to the master. The master also responds to ICMP ping requests. The backup does not forward any traffic, nor does it respond to ARP requests. If the master is not available, the backup becomes the master and takes over responsibility for packet forwarding and responding to ARP requests.

  • Page 147: Active-active Redundancy, Gbe2c Extensions To Vrrp, Tracking Vrrp Router Priority, Virtual Router Deployment Considerations

    Active-Active redundancy In an active-active configuration, shown in the following figure, two switches provide redundancy for each other, with both active at the same time. Each switch processes traffic on a different subnet. When a failure occurs, the remaining switch can process traffic on all subnets. The following figure shows an Active-Active configuration example.

  • Page 148: Assigning Vrrp Virtual Router Id, Configuring The Switch For Tracking, High Availability Configurations, Active-active Configuration

    Assigning VRRP virtual router ID During the software upgrade process, VRRP virtual router IDs are assigned automatically if failover is enabled on the switch. When configuring virtual routers at any point after upgrade, virtual router ID numbers (/cfg/l3/vrrp/vr #/vrid) must be assigned. The virtual router ID may be configured as any number between 1 and 255.

  • Page 149

    a higher priority. Traffic is forwarded to Switch B, which forwards it to Switch A through the crosslink (ports 17-18). Return traffic uses default gateway 2 (192.168.2.1), and is forwarded through the Layer 2 switch at the bottom of the drawing.

  • Page 150

    Enable tracking on ports. Set the priority of Virtual Router 1 to 101, so that it becomes the Master. /cfg/l3/vrrp/vr 1 (Select VRRP virtual router 1) >> VRRP Virtual Router 1# track/ports/ena (Set tracking on ports) >> VRRP Virtual Router 1 Priority Tracking# .. >>...

  • Page 151

    >> VRRP Virtual Router 2# track/ports/ena (Set tracking on ports) >> VRRP Virtual Router 2 Priority Tracking# .. >> VRRP Virtual Router 2# prio 101 (Set the VRRP priority) Turn off Spanning Tree Protocol globally. Apply and save changes. /cfg/l2/stg 1/off (Turn off STG) >>...

  • Page 152

    Configure port 20 as a member of VLAN 10 and port 21 as a member of VLAN 20. Enable each VLAN. Click Submit. Configure the following client and server interfaces: IF 1 IP address = 192.168.1.100 Subnet mask = 255.255.255.0 VLAN 10 IF 2 IP address = 10.10.12.1...

  • Page 153

    Configure an IP interface. Enter the IP address, subnet mask, and VLAN membership. Enable the interface. Click Submit. Configure the default gateways. Each default gateway points to one of the Layer 2 routers. Open the Default Gateways folder, and select Add Default Gateway. High availability 153...

  • Page 154

    Configure the IP address for each default gateway. Enable the default gateways. Click Submit. Turn on VRRP and configure two Virtual Interface routers. Open the Virtual Router Redundancy Protocol folder, and select General. High availability 154...

  • Page 155

    Enable VRRP processing. Click Submit. Open the Virtual Routers folder, and select Add Virtual Router. High availability 155...

  • Page 156

    Configure the IP address for Virtual Router 1 (VR1). Enable tracking on ports, and set the priority to 101. Enable The Virtual Router. Click Submit. Select Add Virtual Router. High availability 156...

  • Page 157

    Configure the IP address for Virtual Router 2 (VR2). Enable tracking on ports, but set the priority to 100 (default value). Enable The Virtual Router. Click Submit. Turn off Spanning Tree globally. Open the Spanning Tree Groups folder, and select Add Spanning Tree Group. High availability 157...

  • Page 158

    Enter Spanning Tree Group ID 1 and set the Switch Spanning Tree State to off. Click Submit. Apply, verify, and save the configuration. High availability 158...

  • Page 159: Troubleshooting Tools Introduction, Port Mirroring

    Troubleshooting tools Introduction This appendix discusses some tools to help you use the Port Mirroring feature to troubleshoot common network problems on the switch. Port Mirroring The Port Mirroring feature on the switch is very useful for troubleshooting any connection-oriented problem. Any traffic in or out of one or more ports can be mirrored to a single monitoring port to which a network monitor can be attached.

  • Page 160: Configuring Port Mirroring (cli Example)

    Configuring Port Mirroring (CLI example) To configure Port Mirroring for the example shown in the preceding figure: Specify the monitoring port. >> # /cfg/pmirr/monport 20 (Select port 20 for monitoring) Select the ports that you want to mirror. >> Port 20 # add 23 (Select port 23 to mirror) >>...

  • Page 161: Configuring Port Mirroring (bbi Example)

    Configuring Port Mirroring (BBI example) Configure Port Mirroring. Click the Configure context button. Open the Switch folder, and select Port-Based Port Mirroring (click the underlined text, not the folder). Click a port number to select a monitoring port. Click Add Mirrored Port. Troubleshooting tools 161...

  • Page 162: Other Network Troubleshooting Techniques, Console And Syslog Messages, Ping

    Enter a port number for the mirrored port, and select the Port Mirror Direction. Click Submit. Apply, verify, and save the configuration. Verify the Port Mirroring information on the switch. Other network troubleshooting techniques Other network troubleshooting techniques include the following. Console and Syslog messages When a switch experiences a problem, review the console and Syslog messages.

  • Page 163: Trace Route, Statistics And State Information, Customer Support Tools

    Trace route To identify the route used for station-to-station connectivity across the network, execute the following command: traceroute <host name> | <IP address> [<max-hops> [ msec delay ]] The IP address is the hostname or IP address of the target station. Max-hops (optional) is the maximum distance to trace (1-16 devices).

  • Page 164

    Index Fast Uplink Convergence, 61 meter, 74 fault tolerance, port trunking, 31 mirroring ports, 159 FDB static entries, 54 monitoring ports, 159 frame tagging, 44 MSTP, 62 802.1x port states, 41 multi-links between switches, using port trunking, 30 multiple spanning tree groups, 57 default gateway, 89 accessing the switch: defining source IP addresses, 17;...

  • Page 165

    Remote Authentication Dial-in User SNMP, 12 trunking: configuration rules, 31 Service (RADIUS): authentication, SNMP, 110 typographical conventions, 9 18; SSH/SCP, 28 SNMP v1.0, 12 Remote monitoring (RMON), 129 SNMP v3.0, 12 RIP (Routing Information Protocol): Spanning Tree Protocol (STP), multiple advertisements, 94;...

Comments to this Manuals

Symbols: 0
Latest comments: