Page 1 ExtremeWare 7.2e Installation and User Guide Software Version 7.2e Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 http://www.extremenetworks.com Published: June 11, 2004 Part number: 100157-00 Rev 03...
Page 2 Solution Partners Logo, ServiceWatch, Summit, the Summit7i Logo, and the Color Purple, among others, are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and other countries. Other names and marks may be the property of their respective owners.
Page 3: Table Of Contents
Contents Introduction Conventions Related Publications Using ExtremeWare Publications Online Chapter 1 Summit 400-48t Switch Overview and Installation Summary of Features Hardware Software Summit 400-48t Switch Physical Features Summit 400-48t Switch Front View Summit 400-48t Switch Rear View Summit 400-48t Switch LEDs Mini-GBIC Type and Support Mini-GBIC Type and Specifications Port Connections...
Page 4 Contents Switch Installation Determining the Switch Location Following Safety Information Installing the Switch Rack Mounting Free-Standing Desktop Mounting of Multiple Switches Installing or Replacing a Mini-Gigabit Interface Connector (Mini-GBIC) Safety Information Preparing to Install or Replace a Mini-GBIC Removing and Inserting a Mini-GBIC Connecting Equipment to the Console Port Powering On the Switch Checking the Installation...
Page 5 Contents SNMPv3 Overview Message Processing SNMPv3 Security MIB Access Control Notification Authenticating Users RADIUS Client TACACS+ Configuring RADIUS Client and TACACS+ Using Network Login Using the Simple Network Time Protocol Configuring and Using SNTP SNTP Example Chapter 3 Accessing the Switch Understanding the Command Syntax Syntax Helper Command Shortcuts...
Page 6 Contents Jumbo Frames Enabling Jumbo Frames Jumbo Frames Example Path MTU Discovery IP Fragmentation with Jumbo Frames IP Fragmentation within a VLAN Load Sharing on the Switch Static Load Sharing Load-Sharing Algorithm Configuring Switch Load Sharing Load-Sharing Example Verifying the Load-Sharing Configuration Switch Port-Mirroring Summit 400 Switch Port-Mirroring Example Extreme Discovery Protocol...
Page 7 Contents Associating QoS Profiles with an FDB Entry FDB Configuration Examples Displaying FDB Entries Chapter 7 Quality of Service (QoS) Overview of Policy-Based Quality of Service Applications and Types of QoS Voice Applications Video Applications Critical Database Applications Web Browsing Applications File Server Applications Configuring QoS QoS Profiles...
Page 8 Contents Compatibility with previous ExtremeWare commands Logging Configuration Changes RMON About RMON RMON Features of the Switch Configuring RMON Event Actions Chapter 9 Security Security Overview Network Access Security MAC-Based VLANs IP Access Lists (ACLs) Access Masks Access Lists Rate Limits How Access Control Lists Work Access Mask Precedence Numbers Specifying a Default Rule...
Page 9 Contents Adding an Access Profile Entry Deleting an Access Profile Entry Applying Access Profiles Routing Profiles for RIP Routing Access Profiles for OSPF Routing Access Profiles for PIM Denial of Service Protection Configuring Denial of Service Protection Creating Trusted Ports Management Access Security Authenticating Users Using RADIUS or TACACS+ RADIUS Client...
Page 10 Contents Port Modes STPD BPDU Tunneling Rapid Root Failover STP Configurations Basic STP Configuration VLAN Spanning Multiple STPDs EMISTP and PVST+ Deployment Constraints Per-VLAN Spanning Tree STPD VLAN Mapping Native VLAN Rapid Spanning Tree Protocol RSTP Terms RSTP Concepts RSTP Operation STP Rules and Restrictions Configuring STP on the Switch STP Configuration Examples...
Page 11 Contents Overview RIP Versus OSPF Overview of RIP Routing Table Split Horizon Poison Reverse Triggered Updates Route Advertisement of VLANs RIP Version 1 Versus RIP Version 2 Overview of OSPF Link-State Database Areas Point-to-Point Support Route Re-Distribution Configuring Route Re-Distribution RIP Configuration Example Configuring OSPF Configuring OSPF Wait Interval...
Page 12 Contents Configuration for IR1 Configuration for ABR1 Chapter 15 Using ExtremeWare Vista on the Summit 400 ExtremeWare Vista Overview Setting Up Your Browser Accessing ExtremeWare Vista Navigating within ExtremeWare Vista Browser Controls Status Messages Configuring the Summit 400 using ExtremeWare Vista IP Forwarding License OSPF...
Page 13 Contents Supported Protocols, MIBs, and Standards Appendix B Software Upgrade and Boot Options Downloading a New Image Selecting a Primary or a Secondary Image Understanding the Image Version String Software Signatures Rebooting the Switch Saving Configuration Changes Returning to Factory Defaults Using TFTP to Upload the Configuration Using TFTP to Download the Configuration Downloading a Complete Configuration...
Page 14 Contents ExtremeWare 7.2.0 Software User Guide...
Page 15: Introduction
If the information in the release notes shipped with your switch differs from the information in this guide, follow the release notes. Conventions Table 1 and Table 2 list conventions that are used throughout this guide. ExtremeWare 7.2e Installation and User Guide...
Page 16: Related Publications
Italics emphasize a point or denote new terms at the place where they are defined in the text. Related Publications The publications related to this one are: • ExtremeWare 7.2e Release Notes • ExtremeWare 7.2e Command Reference Guide ExtremeWare 7.2e Installation and User Guide...
Page 17: Using Extremeware Publications Online
NOTE If you activate a cross-referencing link from the ExtremeWare 7.2e Installation and User Guide PDF file to the command reference PDF file when the command reference PDF file is closed (that is, not currently open on your computer desktop), the system will close the user guide PDF file and open the command reference PDF file.
Page 18 Preface ExtremeWare 7.2e Installation and User Guide...
Page 19: Summit 400-48T Switch Overview And Installation
— Logging In for the First Time on page 39 • Installing Optional Features on page 39 Summary of Features Hardware The Summit 400-48t supports the following ExtremeWare features: • 48 copper ports 10/100/1000BASE-T • 4 fiber SFP (mini-GBIC 1000BASE-SX, 1000BASE-LX, and 1000BASE-ZX) ExtremeWare 7.2e Installation and User Guide...
Page 20: Software
• TACACS+ support • Console command line interface (CLI) connection • Telnet CLI connection • SSH2 connection • ExtremeWare Vista Web-based management interface • Simple Network Management Protocol (SNMP) support • Remote Monitoring (RMON) ExtremeWare 7.2e Installation and User Guide...
Page 21: Summit 400-48T Switch Physical Features
10/100/1000BASE-T ports—For more information about these 48 ports, see “Port Connections” on page 27. Console Port—Use the console port (9-pin, “D” type connector) to attach a terminal and access the CLI through a serial connection. Use the console port to carry out local management. ExtremeWare 7.2e Installation and User Guide...
Page 22: Summit 400-48T Switch Rear View
VLAN and attempts to route traffic through it. Extreme Networks does not recommend that you use the management port to route traffic to any front panel port on the switch. The management port is designed only for switch management purposes.
Page 23: Summit 400-48T Switch Leds
The Summit switch has no power. Fan LED Color Indicates Green, solid All fans are operating normally. Amber, One or more fans has failed. The switch continues to operate blinking unless over-heating occurs. The Summit switch has no power. ExtremeWare 7.2e Installation and User Guide...
Page 24: Mini-Gbic Type And Support
The Summit 400-48t supports only the SFP mini-GBIC. NOTE Only mini-GBICs that have been certified by Extreme Networks (available from Extreme Networks) should be inserted into the mini-GBIC receptacles on the Summit 400-48t. This section describes the mini-GBIC types and specifications.
Page 25: Mini-Gbic Type And Specifications
Total system budget 11.5 dB Total optical system budget for the SX mini-GBIC is 11.5 dB. Extreme Networks recommends that 3 dB of the total budget be reserved for losses induced by cable splices, connectors, and operating margin. While 8.5 dB remains available for cable-induced attenuation, the 1000BASE-SX standard specifies supported distances of 275 meters over 62.5 micron multimode fiber and 550 meters over 50 micron...
Page 26 (for example 0.25 dB/km), Extreme Networks recommends that 3 dB of the total budget be reserved for losses induced by cable splices, connectors, and operating margin. Figure 3 shows the total optical system budget between long range GBICs in various end-to-end combinations (ZX, ZX Rev 03, LX70, and LX100).
Page 27: Port Connections
When sharing ports, only the fiber port or only the copper port can be active at the same time. If copper port 1 goes down while transmitting packets, fiber port 1X activates and becomes the primary link. See Figure 4 for a diagram of these combination ports. ExtremeWare 7.2e Installation and User Guide...
Page 28: Software Overview
VLAN Marketing devices receive the frame. • VLANs provide extra security. Devices in VLAN Marketing can only communicate with devices on VLAN Sales using routing services. • VLANs ease the change and movement of devices on networks. ExtremeWare 7.2e Installation and User Guide...
Page 29: Spanning Tree Protocol
The load sharing algorithm allows the switch to use multiple ports as a single logical port. For example, VLANs see the load-sharing group as a single virtual port. The algorithm also guarantees packet sequencing between clients. For more information on load sharing, see Chapter 4. ExtremeWare 7.2e Installation and User Guide...
Page 30: Esrp-Aware Switches
Software Licensing Some Extreme Networks products have capabilities that are enabled by using a license key. Keys are typically unique to the switch, and are not transferable. Keys are stored in NVRAM and, once entered, persist through reboots, software upgrades, and reconfigurations. The following sections describe the features that are associated with license keys.
Page 31: Security Licensing
Certain additional ExtremeWare security features, such as the use of Secure Shell (SSH2) encryption, may be under United States export restriction control. Extreme Networks ships these security features in a disabled state. You can obtain information on enabling these features at no charge from Extreme Networks.
Page 32: Software Factory Defaults
Summit 400-48t software supports the SSH2 protocol. SSH2 allows the encryption of Telnet session data between an SSH2 client and an Extreme Networks switch. The software also enables the switch to function as an SSH2 client, sending encrypted data to an SSH2 server on a remote system. This version of software also supports the Secure Copy Protocol (SCP).
Page 33: Switch Installation
• Units are not stacked more than four high if the switch is free-standing. Following Safety Information Before installing or removing any components of the switch, or before carrying out any maintenance procedures, read the safety information provided in this guide. ExtremeWare 7.2e Installation and User Guide...
Page 34: Installing The Switch
Free-Standing The Summit 400-48t is supplied with four self-adhesive rubber pads. Apply the pads to the underside of the device by sticking a pad in the marked area at each corner of the switch. ExtremeWare 7.2e Installation and User Guide...
Page 35: Desktop Mounting Of Multiple Switches
WARNING! Mini-GBICs can emit invisible laser radiation. Avoid direct eye exposure to beam. Mini-GBICs are a class 1 laser device. Use only devices approved by Extreme Networks. If a non-supported device is detected, a message is written to the syslog.
Page 36: Removing And Inserting A Mini-Gbic
Figure 6: Mini-GBIC modules Module A Module B XM_024 Mini-GBICs are a 3.3 V Class 1 laser device. Use only devices approved by Extreme Networks. WARNING! Mini-GBICs can emit invisible laser radiation. Avoid direct eye exposure to beam. NOTE Remove the LC fiber-optic connector from the mini-GBIC prior to removing the mini-GBIC from the switch.
Page 37: Connecting Equipment To The Console Port
Pin Number Direction DCD (data carrier detect) RXD (receive data) TXD (transmit data) DTR (data terminal ready) GND (ground) — DSR (data set ready) RTS (request to send) CTS (clear to send Not Connected ExtremeWare 7.2e Installation and User Guide...
Page 38: Powering On The Switch
If the switch passes the POST, the MGMT LED is blinking slowly (once per second). If the switch fails the POST, the MGMT LED is amber. For more information on the LEDs, see “Summit 400-48t Switch Rear View” on page 22. ExtremeWare 7.2e Installation and User Guide...
Page 39: Logging In For The First Time
Installing Optional Features Extreme Networks offers two hardware products that extend the capabilities of the Summit 400-48t. The Summit XEN Card is an additional card that adds one or two 10 Gigabit uplink modules through the back of the Summit 400-48t.
Page 40: Installing The Summit Xen Card
CAUTION The Summit XEN Card cannot be hot-swapped. Before installing the Summit XEN Card into the Summit 400-48t, you must turn off the switch. Use only XENPAK modules approved by Extreme Networks. To install the Summit XEN Card: 1 Disconnect the AC power from the Summit 400.
Page 41 XENPAK modules become very hot after prolonged use. Take care when removing a XENPAK from the chassis. If the module is too hot to touch, disengage the module and allow it to cool before removing it completely. ExtremeWare 7.2e Installation and User Guide...
Page 42: Installing The External Power System
The EPS-T can be mounted in a rack, or placed free-standing on a tabletop. CAUTION Do not use the rack mount kits to suspend the EPS-T from under a table or desk, or to attach the EPS-T to a wall. ExtremeWare 7.2e Installation and User Guide...
Page 43 See Figure 11 for details on the connector key and Figure 12 to locate the connectors on the EPS-160 and the switch. Table 12 gives the wire-to-pin connections for the connector on the rear panel of the EPS-160. NOTE The cable length is 1 meter. ExtremeWare 7.2e Installation and User Guide...
Page 44 +12 V 8 Connect the other end of each EPS-160 power supply cable to the Extreme switch. This connector end can only be inserted into the switch with the end marked TOP facing up. ExtremeWare 7.2e Installation and User Guide...
Page 45: Adding A Second Eps-160 To The Eps-T
2 Disconnect the AC power cord from the EPS-160. 3 Remove the redundant power cable from the EPS-160. 4 Loosen the thumbscrews on the front of the tray and slide the EPS out of the EPS-T. ExtremeWare 7.2e Installation and User Guide...
Page 46 Summit 400-48t Switch Overview and Installation ExtremeWare 7.2e Installation and User Guide...
Page 47: Overview
— ExtremeWare Vista web access using a standard web browser. — SNMP access using EPICenter or another SNMP manager. • Download software updates and upgrades. For more information, see Appendix B, Software Upgrade and Boot Options. ExtremeWare 7.2e Installation and User Guide...
Page 48: Chapter 2 Managing The Switch
Before you can start a Telnet session, you must set up the IP parameters described in “Configuring Switch IP Parameters” later in this chapter. Telnet is enabled by default. ExtremeWare 7.2e Installation and User Guide...
Page 49: Connecting To Another Host Using Telnet
Therefore, if you are using BOOTP relay through a router, the BOOTP server relays packets based on the gateway portion of the BOOTP packet. NOTE For more information on DHCP/BOOTP relay, see Chapter 12. ExtremeWare 7.2e Installation and User Guide...
Page 50 (CIDR). CIDR uses a forward slash plus the number of bits in the subnet mask. Using CIDR notation, the command identical to the one above would be: configure vlan default ipaddress 123.45.67.8 / 24 ExtremeWare 7.2e Installation and User Guide...
Page 51: Disconnecting A Telnet Session
To re-enable Telnet on the switch, at the console port use the following: enable telnet You must be logged in as an administrator to enable or disable Telnet. NOTE For more information on Access Profiles, see Chapter 9. ExtremeWare 7.2e Installation and User Guide...
Page 52: Using Secure Shell 2 (Ssh2)
There is no way to configure the switch to allow SNMPv1/v2c access and prevent SNMPv3 access. Most of the commands that support SNMPv1/v2c use the keyword , most of the commands that snmp support SNMPv3 use the keyword snmpv3 ExtremeWare 7.2e Installation and User Guide...
Page 53: Accessing Switch Agents
An access profile permits or denies a named list of IP addresses and subnet masks. To configure SNMPv1/v2c read/write access to use an access profile, use the following command: configure snmp access-profile readwrite [<access-profile> | none] ExtremeWare 7.2e Installation and User Guide...
Page 54: Displaying Snmp Settings
SNMP trap groups allow you to specify which SNMP traps to send to a particular trap receiver. This functionality was made possible by the underlying support for SNMPv3. Essentially, a number of predefined filters are associated with a trap receiver, so that only those traps are sent. If you have ExtremeWare 7.2e Installation and User Guide...
Page 55 1.3.6.1.2.1.14.16.2 ospfVirtIfStateChange ospfNbrStateChange ospfVirtNbrStateChange ospfIfConfigError ospfVirtIfConfigError ospfIfAuthFailure ospfVirtIfAuthFailure ospfIfRxBadPacket ospfVirtIfRxBadPacket ospfTxRetransmit ospfVirtIfTxRetransmit ospfOriginateLsa ospfMaxAgeLsa ospfLsdbOverflow ospfLsdbApproachingOverflow ping-traceroute-traps pingTestFailed pingNotifications, 1.3.6.1.2.1.80.0 pingTestCompleted tracerouteTestFailed traceRouteNotifications, 1.3.6.1.2.1.81.0 tracerouteTestCompleted vrrp-traps vrrpTrapNewMaster vrrpNotifications, 1.3.6.1.2.1.68.0 vrrpTrapAuthFailure ExtremeWare 7.2e Installation and User Guide...
Page 56: Snmpv3
MIB. The prior standard versions of SNMP, SNMPv1 and SNMPv2c provided no privacy and little (or no) security. The following six RFCs provide the foundation for Extreme Networks implementation of SNMPv3: • RFC 3410, Introduction to version 3 of the Internet-standard Network Management Framework, provides an overview of SNMPv3.
Page 57: Snmpv3 Overview
{hex} <param name> user {hex} <user name> mp-model [snmpv1 | snmpv2c | snmpv3] sec-model [snmpv1 | snmpv2c | usm] {sec-level [noauth | authnopriv | priv]} {volatile} ExtremeWare 7.2e Installation and User Guide...
Page 58: Snmpv3 Security
There is one SNMPv3 engine on an Extreme switch, identified by its snmpEngineID. The first four octets are fixed to 80:00:07:7C, which represents the Extreme Networks Vendor ID. By default, the additional octets for the snmpEngineID are generated from the device MAC address. Every SNMPv3 engine necessarily maintains two objects: SNMPEngineBoots, which is the number of reboots the agent has experienced and SNMPEngineTime, which is the engine local time since reboot.
Page 59 {{hex} <group name>} user [all-non-defaults | {{hex} <user name> {sec-model [snmpv1|snmpv2c|usm]}}] Security Models and Levels. For compatibility, SNMPv3 supports three security models: • SNMPv1—no security ExtremeWare 7.2e Installation and User Guide...
Page 60: Mib Access Control
To define a MIB view which includes only the System group, use the following subtree/mask combination: 1.3.6.1.2.1.1 / 1.1.1.1.1.1.1.0 The mask can also be expressed in hex notation (this is used for the ExtremeWare CLI): 1.3.6.1.2.1.1 / fe ExtremeWare 7.2e Installation and User Guide...
Page 61: Notification
IP address and port for the receiver. The parameters name also is used to indicate the filter profile used for notifications. The target parameters are discussed in the section “Target Parameters” on page 62. ExtremeWare 7.2e Installation and User Guide...
Page 62 The MIB subtree and mask are discussed in the section “MIB Access Control” on page 60, as filters are closely related to MIB views. You can add filters together, including and excluding different subtrees of the MIB until your filter meets your needs. ExtremeWare 7.2e Installation and User Guide...
Page 63: Authenticating Users
You can then configure the target address, filter profiles and filters, and any necessary notification tags. Authenticating Users ExtremeWare provides two methods to authenticate users who login to the switch: • RADIUS client • TACACS+ ExtremeWare 7.2e Installation and User Guide...
Page 64: Radius Client
NTP server, or the switch listens to broadcast NTP updates. In addition, the switch supports the configured setting for Greenwich Mean time (GMT) offset and the use of Daylight Saving Time. These features have been tested for year 2000 compliance. ExtremeWare 7.2e Installation and User Guide...
Page 65: Configuring And Using Sntp
• <month> is specified as [january | february | march | april | may | june | july | august | september | october | november | december] or 1-12 Default for beginning is first sunday april; default for ending is last sunday october. ExtremeWare 7.2e Installation and User Guide...
Page 66 NTP updates are distributed using GMT time. To properly display the local time in logs and other timestamp information, the switch should be configured with the appropriate offset to GMT based on geographical location. Table 15 describes GMT offsets. ExtremeWare 7.2e Installation and User Guide...
Page 67 WAST - West Australian Standard +8:00 +480 CCT - China Coast, Russia Zone 7 +9:00 +540 JST - Japan Standard, Russia Zone 8 +10:00 +600 EAST - East Australian Standard GST - Guam Standard Russia Zone 9 ExtremeWare 7.2e Installation and User Guide...
Page 68: Sntp Example
Cupertino, CA, and an update occurs every 20 minutes. The commands to configure the switch are as follows: configure timezone -480 autodst configure sntp-client update interval 1200 enable sntp-client configure sntp-client primary server 10.0.1.1 configure sntp-client secondary server 10.0.1.2 ExtremeWare 7.2e Installation and User Guide...
Page 69: Accessing The Switch
If the command does not include a parameter or values, skip to step 3. If the command requires more information, continue to step 2. 2 If the command includes a parameter, enter the parameter name and values. ExtremeWare 7.2e Installation and User Guide...
Page 70: Syntax Helper
For example, instead of entering the switch command: configure vlan engineering delete port 1-3,6 you could enter the following shortcut: configure engineering delete port 1-3,6 ExtremeWare 7.2e Installation and User Guide...
Page 71: Switch Numerical Ranges
If you do not specify an argument, the command will prompt, asking if you want to reboot the switch now. Do not type the braces. ExtremeWare 7.2e Installation and User Guide...
Page 72: Limits
For a detailed description of the commands and their options, see the ExtremeWare 7.2e Command Reference Guide. Table 18: Common Commands Command Description clear session <number> Terminates a Telnet session from the switch. ExtremeWare 7.2e Installation and User Guide...
Page 73 Telnet sessions remain open until you close the Telnet client. disable ports [<portlist> | all] Disables a port on the switch. disable ssh2 Disables SSH2 Telnet access to the switch. ExtremeWare 7.2e Installation and User Guide...
Page 74: Configuring Management Access
In addition to the management levels, you can optionally use an external RADIUS server to provide CLI command authorization checking for each command. For more information on RADIUS, see “RADIUS Client” in Chapter 2. ExtremeWare 7.2e Installation and User Guide...
Page 75: User Account
• This user cannot view the SNMP community strings. Changing the Default Password Default accounts do not have passwords assigned to them. Passwords can have a minimum of zero characters and can have a maximum of 30 characters. ExtremeWare 7.2e Installation and User Guide...
Page 76: Creating A Management Account
3 Add a new user by using the following command: create account [admin | pppuser | user] <username> 4 Enter the password at the prompt. 5 Re-enter the password at the prompt. ExtremeWare 7.2e Installation and User Guide...
Page 77: Domain Name Service Client Services
<domain_name> For example, if you specify the domain “xyz-inc.com” as the default domain, then a command such as will be taken as if it had been entered ping accounting1 ping accounting1.xyz-inc.com ExtremeWare 7.2e Installation and User Guide...
Page 78: Checking Basic Connectivity
<host name/ip> {from <source IP address>} {ttl <number>} {port <port number>} where: • is the IP address of the destination endstation. ip_address • is the hostname of the destination endstation. To use the hostname, you must first hostname configure DNS. ExtremeWare 7.2e Installation and User Guide...
Page 79 ICMP packet. If not specified, the address of the • from transmitting interface is used. • configures the switch to trace the hops until the time-to-live has been exceeded for the switch. • uses the specified UDP port number. port ExtremeWare 7.2e Installation and User Guide...
Page 80 Accessing the Switch ExtremeWare 7.2e Installation and User Guide...
Page 81: Configuring Ports
For a description of cabling for combination ports, see “Uplink Redundancy” on page 27. For information on configuring combination ports, see “Configuring Automatic Failover for ExtremeWare 7.2e Installation and User Guide...
Page 82: Turning Off Autonegotiation For A Gigabit Ethernet Port
On the Summit 400-48t, you can configure the Interpacket Gap for 1 or 10 Gigabit Ethernet ports. The Interpacket Gap, sometimes referred to as the Interframe Gap, is the transmit packet byte-time delay between successive data packets mandated by the IEEE for Ethernet networks. Byte-time is the amount ExtremeWare 7.2e Installation and User Guide...
Page 83: Jumbo Frames
12. Thus, by increasing the Interpacket Gap, packet transmission is slowed and packet loss can be minimized or prevented. The Interpacket Gap value need not be modified when interconnecting Extreme Networks switches over 10 Gigabit Ethernet links. Use the following command to modify the Interpacket Gap: configure port <port>...
Page 84: Jumbo Frames Example
Jumbo frame-to-jumbo frame fragmentation is not supported. Only jumbo frame-to-normal frame fragmentation is supported. To configure VLANs for IP fragmentation, follow these steps: 1 Enable jumbo frames on the incoming port. 2 Add the port to a VLAN. ExtremeWare 7.2e Installation and User Guide...
Page 85: Ip Fragmentation Within A Vlan
Static load sharing is a grouping of ports specifically configured to load share. The switch ports at each end must be configured as part of a load-sharing group. Additionally, you can choose the load-sharing algorithm used by the group. This feature is supported between Extreme Networks switches only, but ExtremeWare 7.2e Installation and User Guide...
Page 86: Load-Sharing Algorithm
• mac-source-dest—Indicates that the switch should examine the MAC source and destination addresses. This feature is available for the address-based load-sharing algorithm, only. To verify your configuration, use the following command: show sharing address-based ExtremeWare 7.2e Installation and User Guide...
Page 87: Configuring Switch Load Sharing
VLAN when load sharing becomes enabled. Verifying the Load-Sharing Configuration The screen output resulting from the show ports sharing command lists the ports that are involved in load sharing and the master logical port identity. ----------------------------------- ExtremeWare 7.2e Installation and User Guide...
Page 88: Switch Port-Mirroring
[<port>] tagged To configure the switch for port mirroring, use the following command: configure mirroring add [<mac_address> | vlan <vlan name> {ports <port number>} | ports <portnumber> {vlan <vlan name>}] ExtremeWare 7.2e Installation and User Guide...
Page 89: Summit 400 Switch Port-Mirroring Example
1 default Extreme Discovery Protocol The Extreme Discovery Protocol (EDP) is used to gather information about neighbor Extreme Networks switches. EDP is used by the switches to exchange topology information. EDP is also used by the Extreme Standby Router Protocol (ESRP).
Page 90: Automatic Failover Examples
To allow the redundant uplink feature to be used again, issue this command: configure ports 3 preferred-medium fiber ExtremeWare 7.2e Installation and User Guide...
Page 91: Overview Of Virtual Lans
• VLANs ease the change and movement of devices—With traditional networks, network administrators spend much of their time dealing with moves and changes. If users move to a different subnetwork, the addresses of each endstation must be updated manually. ExtremeWare 7.2e Installation and User Guide...
Page 92: Types Of Vlans
For the members of the different IP VLANs to communicate, the traffic must be routed by the switch. This means that each VLAN must be configured as a router interface with a unique IP address. ExtremeWare 7.2e Installation and User Guide...
Page 93 VLAN Accounting; ports 21 through 24 and ports 2X through 4X are part of VLAN Engineering. On system 1, all ports on slot 1 are part of VLAN Accounting; all ports on slot 8 are part of VLAN Engineering. ExtremeWare 7.2e Installation and User Guide...
Page 94: Tagged Vlans
A single port can be a member of only one port-based VLAN. All additional VLAN membership for the port must be accompanied by tags. In addition to configuring the VLAN tag for the port, the server must have a Network Interface Card (NIC) that supports 802.1Q tagging. ExtremeWare 7.2e Installation and User Guide...
Page 95 Figure 16: Physical diagram of tagged and untagged traffic = Marketing = Sales = Tagged port System 1 Marketing & Sales 802.1Q Tagged server 50015 System 2 ES4K008 Figure 17 is a logical diagram of the same network. ExtremeWare 7.2e Installation and User Guide...
Page 96: Vlan Names
Each VLAN is given a name that can be up to 32 characters. VLAN names can use standard alphanumeric characters. The following characters are not permitted in a VLAN name: • Space • Comma ExtremeWare 7.2e Installation and User Guide...
Page 97: Default Vlan
2 Assign an IP address and mask (if applicable) to the VLAN, if needed. NOTE Each IP address and mask assigned to a VLAN must represent a unique IP subnet. You cannot configure the same IP subnet on different VLANs. ExtremeWare 7.2e Installation and User Guide...
Page 98: Vlan Configuration Examples
To display VLAN settings, use the following command: show vlan {<vlan name> | detail | stats {vlan} <vlan name>} command displays summary information about a specific VLAN, which includes: show • Name. • VLANid. ExtremeWare 7.2e Installation and User Guide...
Page 99: Mac-Based Vlans
10 and 11 because of membership in group 100: * Summit400 # show mac-vlan Port Vlan Group State MacVlanDiscover Discover MacVlanDiscover Discover MacVlanDiscover Discover MacVlanDiscover Discover MacVlanDiscover Discover Total Entries in Database:2 Vlan Group 00:00:00:00:00:aa sales ExtremeWare 7.2e Installation and User Guide...
Page 100: Mac-Based Vlan Limitations
To configure the primary and/or secondary server and file name, use the following command: configure download server [primary | secondary] [<ip address> | <hostname>] <filename> To enable timed interval downloads, use the following command: download configuration every <time> ExtremeWare 7.2e Installation and User Guide...
Page 101 00:00:00:00:00:01 mac-group any engineering configure mac-vlan add mac-address 00:00:00:00:ab:02 mac-group any engineering configure mac-vlan add mac-address 00:00:00:00:cd:04 mac-group any sales configure mac-vlan add mac-address 00:00:00:00:ab:50 mac-group any sales configure mac-vlan add mac-address 00:00:00:00:cd:60 mac-group any sales save ExtremeWare 7.2e Installation and User Guide...
Page 102 Virtual LANs (VLANs) ExtremeWare 7.2e Installation and User Guide...
Page 103: Overview Of The Fdb
The ability to learn MAC addresses can be enabled or disabled on a port-by-port basis. You can also limit the number of addresses that can be learned, or you can “lock down” the current entries and prevent additional MAC address learning. ExtremeWare 7.2e Installation and User Guide...
Page 104: Fdb Entry Types
A locked static entry is an entry that was originally learned dynamically, but has been made static (locked) using the MAC address lock-down feature. It is identified by the “s” and “l” flags in show output. See “Network Login” on page 150 for more information about MAC address lock-down. ExtremeWare 7.2e Installation and User Guide...
Page 105: Disabling Mac Address Learning
The FDB entry is not actually created until the MAC address is encountered as the source MAC address in a packet. Thus, initially the entry may not appear in the output. Once the entry has been show fdb ExtremeWare 7.2e Installation and User Guide...
Page 106: Fdb Configuration Examples
• MAC address is 00:A0:23:12:34:56. • VLAN name is net34. • The entry will be learned dynamically. • QoS profile qp2 will be applied as an egress QoS profile when the entry is learned. ExtremeWare 7.2e Installation and User Guide...
Page 107: Displaying Fdb Entries
—Displays the entries for a VLAN. vlan <vlan name> With no options, the command displays all FDB entries. See the ExtremeWare 7.2e Command Reference Guide for details of the commands related to the FDB. ExtremeWare 7.2e Installation and User Guide...
Page 108 Forwarding Database (FDB) ExtremeWare 7.2e Installation and User Guide...
Page 109 Policy-based QoS is an effective control mechanism for networks that have heterogeneous traffic patterns. Using Policy-based QoS, you can specify the service level that a particular traffic type receives. ExtremeWare 7.2e Installation and User Guide...
Page 110: Quality Of Service (Qos)
“spike,” with the expectation that the end-stations will buffer significant amounts of video-stream data. This can present a problem to the network infrastructure, because it must be capable of buffering the transmitted spikes ExtremeWare 7.2e Installation and User Guide...
Page 111: Critical Database Applications
Traffic Type Key QoS Parameters Voice Minimum bandwidth, priority Video Minimum bandwidth, priority, buffering (varies) Database Minimum bandwidth Web browsing Minimum bandwidth for critical applications, maximum bandwidth for non-critical applications File server Minimum bandwidth ExtremeWare 7.2e Installation and User Guide...
Page 112: Configuring Qos
Also by default, a QoS profile maps directly to a specific hardware queue across all physical ports. The settings for the default QoS parameters are summarized in Table 22. Table 22: QoS Parameters Minimum Maximum Profile Name Hardware Queue Priority Buffer Bandwidth Bandwidth 100% ExtremeWare 7.2e Installation and User Guide...
Page 113: Traffic Groupings
• Access list precedence determined by user configuration Destination Address MAC-Based Groupings • Permanent • Dynamic • Blackhole Explicit Packet Class of Service Groupings • DiffServ (IP TOS) • 802.1P Physical/Logical Groupings • VLAN • Source port ExtremeWare 7.2e Installation and User Guide...
Page 114: Ip-Based Traffic Groupings
This can be done when you create a permanent FDB entry using the following command: create fdbentry <mac_address> vlan <vlan name> ports [<portlist> | all] {qosprofile <qosprofile>}{ingress-qosprofile <inqosprofile>} For example: create fdbentry 00:11:22:33:44:55 vlan default port 4:1 qosprofile qp2 ExtremeWare 7.2e Installation and User Guide...
Page 115: Explicit Class Of Service (802.1P And Diffserv) Traffic Groupings
An advantage of explicit packet marking is that the class of service information can be carried throughout the network infrastructure, without repeating what can be complex traffic grouping policies at each switch location. Another advantage is that end stations can perform their own packet marking ExtremeWare 7.2e Installation and User Guide...
Page 116 QoS profile. The default mapping of each 802.1p priority value to QoS profile is shown in Table 24. Table 24: 802.1p Priority Value-to-QoS Profile Default Mapping Priority Value QoS Profile ExtremeWare 7.2e Installation and User Guide...
Page 117: Configuring Diffserv
DiffServ field. The TOS field is used by the switch to determine the type of service provided to the packet. Observing DiffServ code points as a traffic grouping mechanism for defining QoS policies and overwriting the Diffserv code point fields are supported. Figure 19 shows the encapsulation of an IP packet header. ExtremeWare 7.2e Installation and User Guide...
Page 118 Because the code point uses six bits, it has 64 possible values (2 = 64). Be default, the values are grouped and assigned to the default QoS profiles listed in Table 25. Table 25: Default Code Point-to-QoS Profile Mapping Code Point QoS Profile ExtremeWare 7.2e Installation and User Guide...
Page 119: Physical And Logical Groupings
<portlist> qosprofile <qosprofile> In the following example, all traffic sourced from port 7 uses the QoS profile named qp3 when being transmitted. configure ports 7 qosprofile qp3 ExtremeWare 7.2e Installation and User Guide...
Page 120: Verifying Configuration And Performance
QoS Monitor Behavior The QoS monitor on the Summit 400-48t behaves slightly different than other Extreme switches. The QoS monitor captures the statistics at the ingress port but displays the statistics unchanged at the egress ExtremeWare 7.2e Installation and User Guide...
Page 121: Displaying Qos Profile Information
• For destination MAC-based grouping (other than permanent), clear the MAC FDB using the command . This command should also be issued after a configuration is implemented, as clear fdb the configuration must be in place before an entry is made in the MAC FDB. For permanent ExtremeWare 7.2e Installation and User Guide...
Page 122: Traffic Rate-Limiting
The Summit 400 switch rate-limiting method is based on creating a rate limit, a specific type of access control list. Traffic that matches a rate limit is constrained to the limit set in the access control list. Rate limits are discussed in “Rate Limits” on page 143. ExtremeWare 7.2e Installation and User Guide...
Page 123: Port Statistics
• Transmitted Byte Count (Tx Byte Count)—The total number of data bytes successfully transmitted by the port. • Received Packet Count (Rx Pkt Count)—The total number of good packets that have been received by the port. ExtremeWare 7.2e Installation and User Guide...
Page 124: Port Errors
FCS value. • Receive Jabber Frames (RX Jab)—The total number of frames received by the port that was of greater than the support maximum length and had a Cyclic Redundancy Check (CRC) error. ExtremeWare 7.2e Installation and User Guide...
Page 125: Port Monitoring Display Keys
Event Management System/Logging Beginning in ExtremeWare 7.1.0, the system responsible for logging and debugging was updated and enhanced. We use the general term, event, for any type of occurrence on a switch which could generate ExtremeWare 7.2e Installation and User Guide...
Page 126: Sending Event Messages To Log Targets
Use the following command to stop sending messages to the target: ExtremeWare 7.2e Installation and User Guide...
Page 127: Filtering Events Sent To Targets
The switch may need to be reset. Error A problem has been detected which is interfering with the normal operation of the system and that the system is not functioning as expected. ExtremeWare 7.2e Installation and User Guide...
Page 128 This is somewhat similar to the fault log subsystems used in previous versions. Not all conditions have been placed in the component/subcomponent structure of EMS, but all the conditions will be moved over time into this ExtremeWare 7.2e Installation and User Guide...
Page 129 STP.InBPDU.Trace, use the following command: show log events stp.inbpdu.trace detail The output produced by the command is similar to the following: Comp SubComp Condition Severity Parameters ------- ----------- ----------------------- ------------- ---------- ExtremeWare 7.2e Installation and User Guide...
Page 130 Subsequent filter items on the list are compared if necessary. If the list of filter items has been exhausted with no match, the event is excluded, and is blocked by the filter. To examine the configuration of a filter, use the following command: ExtremeWare 7.2e Installation and User Guide...
Page 131 “Formatting Event Messages”. Simple Regular Expressions. A simple regular expression is a string of single characters including the dot character (.), which are optionally combined with quantifiers and constraints. A dot matches any ExtremeWare 7.2e Installation and User Guide...
Page 132 Use the keyword to specify multiple parameter type/value pairs that must match those in the incident. For example, to allow only those events with specific source and destination MAC addresses, use the following command: ExtremeWare 7.2e Installation and User Guide...
Page 133: Formatting Event Messages
The same example would appear as: 05/29/2003 12:16:36 <Warn:SNTP> The SNTP server parameter value (TheWrongServer.example.com) can not be resolved. In order to provide some detailed information to technical support, you set the current session format using the following command: ExtremeWare 7.2e Installation and User Guide...
Page 134: Displaying Real-Time Log Messages
The displayed messages can be formatted differently from the format configured for the targets, and you can choose to display the messages in order of newest to oldest, or in chronological order (oldest to newest). ExtremeWare 7.2e Installation and User Guide...
Page 135: Uploading Events Logs
Output of the command: show log counters stp.inbpdu severity debug-summary will be similar to the following: Comp SubComp Condition Severity Occurred In Notified ------- ----------- ----------------------- ------------- -------- -- -------- InBPDU Drop Error Debug-Summary ExtremeWare 7.2e Installation and User Guide...
Page 136: Displaying Debug Information
Listed below are earlier commands with their new command equivalents. Enable / disable log display The following commands related to the serial port console: enable log display disable log display are equivalent to using the console-display option in the following commands: ExtremeWare 7.2e Installation and User Guide...
Page 137: Logging Configuration Changes
(if telnet was used). Configuration logging applies only to commands that result in a configuration change. To enable configuration logging, use the following command: enable cli-config-logging To disable configuration logging, use the following command: disable cli-config-logging CLI configuration logging is enabled by default. ExtremeWare 7.2e Installation and User Guide...
Page 138: Rmon
The RMON Ethernet Statistics group provides traffic and error statistics showing packets, bytes, broadcasts, multicasts, and errors on a LAN segment or VLAN. Information from the Statistics group is used to detect changes in traffic and error patterns in critical areas of the network. ExtremeWare 7.2e Installation and User Guide...
Page 139: Configuring Rmon
By default, RMON is disabled. However, even in the disabled state, the switch responds to RMON queries and sets for alarms and events. By enabling RMON, the switch begins the processes necessary for collecting switch statistics. ExtremeWare 7.2e Installation and User Guide...
Page 140: Event Actions
Send trap to all trap receivers. Notify and log Send trap; place entry in RMON log. To be notified of events using SNMP traps, you must configure one or more trap receivers, as described in Chapter 2. ExtremeWare 7.2e Installation and User Guide...
Page 141: Security
— Secure Shell 2 (SSH2) on page 177 Security Overview Extreme Networks products incorporate a number of features designed to enhance the security of your network. No one feature can insure security, but by using a number of features in concert, you can substantially improve the security of your network.
Page 142: Mac-Based Vlans
The Summit 400-48t supports up to 16 access lists. Each entry that makes up an access list contains a unique name and specifies a previously created access mask. The access list also includes a list of values ExtremeWare 7.2e Installation and User Guide...
Page 143: Rate Limits
Like an access list, a rate limit includes a list of values to compare with the incoming packets and an action to take for packets that match. Additionally, a rate limit specifies an action to take when ExtremeWare 7.2e Installation and User Guide...
Page 144: How Access Control Lists Work
When a match is found, the packet is processed. If the access list is of type deny, the packet is dropped. If the list is of type permit, the packet is ExtremeWare 7.2e Installation and User Guide...
Page 145: Access Mask Precedence Numbers
To add an access mask entry, use the following command: create access-mask <name> ... To add an access list entry, use the following command: create access-list <name> ... To add a rate limit entry, use the following command: create rate-limit <name> ... ExtremeWare 7.2e Installation and User Guide...
Page 146: Deleting Access Mask, Access List, And Rate Limit Entries
{<name> | port <portlist>} To view the rate limit configuration use the following command: show rate-limit {<name> | ports <portlist>} To view the access mask configuration use the following command: show access-mask {<name>} ExtremeWare 7.2e Installation and User Guide...
Page 147: Access Control List Examples
25000 create access-list denytcp ipproto_mask ipprotocol tcp ports 2,10 deny create access-list denyudp ipproto_mask ipprotocol udp ports 2,10 deny Figure 21 illustrates the outcome of the access control list. ExtremeWare 7.2e Installation and User Guide...
Page 148 When a TCP session begins, there is a three-way handshake that includes a sequence of a SYN, SYN/ACK, and ACK packets. Figure 23 shows an illustration of the handshake that occurs when host A initiates a TCP session to host B. After this sequence, actual data can be passed. ExtremeWare 7.2e Installation and User Guide...
Page 149 The commands to create this access control list is as follows: create access-mask icmp_mask ipprotocol icmp-type icmp-code create access-list denyping icmp_mask ipprotocol icmp icmp-type 8 icmp-code 0 deny The output for this access list is shown in Figure 25. ExtremeWare 7.2e Installation and User Guide...
Page 150: Network Login
Network Login: Campus mode and ISP mode. The authentication types and modes of operation can be used in any combination. The following sections describe these choices. ExtremeWare 7.2e Installation and User Guide...
Page 151: Authentication Types
A workstation running Windows XP supports 802.1x natively, and does not require additional authentication software. Extreme Networks uses a combination of secure certificates and RADIUS server to authenticate the user and configure the switch so that the user is placed on the correct VLAN. When a new user accesses the network, 802.1x authenticates the user through a RADIUS server to a user in an NT domain.
Page 152 Windows login. One has to specifically bring up a login page and initiate a login. • Supplicants cannot be re-authenticated transparently. Cannot be re-authenticated from the authenticator side. • Does not support more secure methods of authentication. ExtremeWare 7.2e Installation and User Guide...
Page 153: Modes Of Operation
You can create two types of user accounts for authenticating Network Login users: • netlogin-only enabled • netlogin-only disabled Netlogin-Only Enabled A netlogin-only enabled user can only log in using Network Login and cannot access the switch using the same login. ExtremeWare 7.2e Installation and User Guide...
Page 154: Interoperability Requirements
(destination vlan for port movement after authentication) and Extreme-Netlogin-Vlan (authorization for network login only) are brought back as VSAs. Extreme-NetLogin-only Table 30 and Table 31 show VSA definitions for both web-based network login and 802.1x network login. ExtremeWare 7.2e Installation and User Guide...
Page 155: Multiple Supplicant Support
-Vlan on switch) after successful authentication. NOTE The Extreme Networks vendor ID is 1916. Multiple Supplicant Support An important enhancement over the IEEE 802.1x standard, is that ExtremeWare supports multiple clients (supplicants) to be individually authenticated on the same port. This feature makes it possible for two client stations to be connected to the same port, with one being authenticated and the other not.
Page 156: Exclusions And Limitations
The following example demonstrates the first network login configuration step for a Summit 48si edge switch: create vlan temp configure temp ipaddress 192.168.1.1/24 configure temp add port 1-48 configure vlan temp dhcp-address-range 192.168.1.11 - 192.168.1.200 configure vlan temp dhcp-options default-gateway 192.168.1.1 enable netlogin port 1-48 vlan temp ExtremeWare 7.2e Installation and User Guide...
Page 157: Web-Based Authentication User Login Using Campus Mode
At this point, the client will have its temporary IP address. In this example, the client should have obtained the an IP address in the range 198.162.32.20 - 198.162.32.80. ExtremeWare 7.2e Installation and User Guide...
Page 158 Because network login is sensitive to state changes during the authentication process, Extreme Networks recommends that you do not log out until the login process is complete. The login process is complete when you receive a permanent address. ExtremeWare 7.2e Installation and User Guide...
Page 159: Dhcp Server On The Switch
DNS server on the switch in terms of the interface (to which the network login port is connected) IP-address. To configure the network login base URL, use the following command: configure netlogin base-url <url> ExtremeWare 7.2e Installation and User Guide...
Page 160: Switch Protection
The capabilities of routing access profiles are specific to the type of routing protocol involved, but are sometimes more efficient and easier to implement than access lists. ExtremeWare 7.2e Installation and User Guide...
Page 161: Using Routing Access Profiles
If no match is found, the operation is implicitly denied. To configure the access profile mode, use the following command: configure access-profile <access profile> mode [permit | deny | none] ExtremeWare 7.2e Installation and User Guide...
Page 162: Adding An Access Profile Entry
... N Group of AS numbers, where N and N are AS numbers or a range of AS numbers ... N Any AS numbers other than the ones in the group Matches any number ExtremeWare 7.2e Installation and User Guide...
Page 163: Deleting An Access Profile Entry
This command configures the access profile to permit AS paths beginning with AS number 111 and ending with any additional AS number, or beginning and ending with AS number 111. Deleting an Access Profile Entry To delete an access profile entry, use the following command: ExtremeWare 7.2e Installation and User Guide...
Page 164: Applying Access Profiles
VLANs on the switch, but no access to the router that connects to the Internet. The remote router that connects to the Internet has a local interface connected to the corporate backbone. The IP address of the local interface connected to the corporate backbone is 10.0.0.10/24. ExtremeWare 7.2e Installation and User Guide...
Page 165: Routing Access Profiles For Ospf
OSPF (for example, link authentication and the use of IP address ranges). If you are using the OSPF protocol, the switch can be configured to use an access profile to determine any of the following: ExtremeWare 7.2e Installation and User Guide...
Page 166 Internet. As a result, all routes to the Internet will be done through external routes. Suppose the network administrator wishes to only allow access to certain internet addresses falling within the range 192.1.1.0/24 to the internal backbone. ExtremeWare 7.2e Installation and User Guide...
Page 167: Routing Access Profiles For Pim
Internet access for multicast traffic to users on the VLAN Engsvrs. This is accomplished by preventing the learning of routes that originate from the switch labeled Internet by way of PIM on the switch labeled Engsvrs. ExtremeWare 7.2e Installation and User Guide...
Page 168: Denial Of Service Protection
After enabling DoS Protection, you can use monitor the traffic for the port or the switch by issuing the following command: show cpu-dos-protect [ports <portnumber>] CPU DoS Protection must be enabled for the command to have valid values. show ExtremeWare 7.2e Installation and User Guide...
Page 169: Creating Trusted Ports
In some cases, traffic from a switch port or group of ports will never cause an attack. These ports can be configured as trusted ports and are not examined under DoS criteria. Trusted ports can prevent innocent hosts from being blocked, or ensure that when an innocent host responds to an attack that the ExtremeWare 7.2e Installation and User Guide...
Page 170: Management Access Security
The privileges assigned to the user (admin versus nonadmin) at the RADIUS server take precedence over the configuration in the local switch database. To configure the RADIUS servers, use the following command: ExtremeWare 7.2e Installation and User Guide...
Page 171 After you configure RADIUS accounting server information, you must enable accounting before the switch begins transmitting the information. You must enable RADIUS authentication for accounting information to be generated. You can enable and disable accounting without affecting the current state of RADIUS authentication. ExtremeWare 7.2e Installation and User Guide...
Page 172 • User-Password • Service-Type • Login-IP-Host Using RADIUS Servers with Extreme Switches Extreme Networks switches have two levels of user privilege: • Read-only • Read-write Because there are no CLI commands available to modify the privilege level, access rights are determined when you log in.
Page 173 To configure the Funk SBR server, the file ‘vendor.ini’ must be modified to change the Extreme Networks configuration value of ‘ignore-ports’ to yes as shown in the example below: vendor-product = Extreme Networks dictionary = Extreme ignore-ports = yes port-number-usage = per-port-type help-id = 2000 ExtremeWare 7.2e Installation and User Guide...
Page 174 ‘Max-Concurrent connections’ and fill in the desired number of maximum sessions. Extreme RADIUS Extreme Networks provides its users, free of charge, a radius server based on Merit RADIUS. Extreme RADIUS provides per-command authentication capabilities in addition to the standard set of radius features.
Page 175 Building on this example configuration, you can use RADIUS to perform per-command authentication to differentiate user capabilities. To do so, use the Extreme-modified RADIUS Merit software that is available from the Extreme Networks by contacting Extreme Networks technical support. The software is available in compiled format for Solaris ™...
Page 176: Configuring Tacacs
Terminal Access Controller Access Control System Plus (TACACS+) is a mechanism for providing authentication, authorization, and accounting on a centralized server, similar in function to the RADIUS client. The ExtremeWare version of TACACS+ is used to authenticate prospective users who are ExtremeWare 7.2e Installation and User Guide...
Page 177: Secure Shell 2 (Ssh2)
Because SSH2 is currently under U.S. export restrictions, you must first obtain a security-enabled version of the ExtremeWare software from Extreme Networks before you can enable SSH2. The procedure for obtaining a security-enabled version of the ExtremeWare software is described in “Security Licensing”...
Page 178: Using Scp2 From An External Ssh2 Client
SSH2 client. CAUTION You can download a configuration to an Extreme Networks switch using SCP. If you do this, you cannot save this configuration. If you save this configuration and reboot the switch, the configuration will be corrupted.
Page 179: Ssh2 Client Functions On The Switch
SSH2 Client Functions on the Switch In ExtremeWare version 6.2.1 or later, an Extreme Networks switch can function as an SSH2 client. This means you can connect from the switch to a remote device running an SSH2 server, and send commands to that device.
Page 180 Security ExtremeWare 7.2e Installation and User Guide...
Page 181: Ethernet Automatic Protection Switching
EAPS domain. On that ring domain, one switch, or node, is designated the master node (see Figure 29), while all other nodes are designated as transit nodes. ExtremeWare 7.2e Installation and User Guide...
Page 182 Like the master node, each transit node is also configured with a primary port and a secondary port on the ring, but the primary/secondary port distinction is ignored as long as the node is configured as a transit node. ExtremeWare 7.2e Installation and User Guide...
Page 183: Eaps Terms
VLAN A VLAN that sends and receives EAPS messages. You must configure one control VLAN for each EAPS domain. ExtremeWare 7.2e Installation and User Guide...
Page 184: Fault Detection And Recovery
Master node EW_072 A master node detects a ring fault in one of three ways: • Link-down message sent by a transit node • Ring port down event sent by hardware layers ExtremeWare 7.2e Installation and User Guide...
Page 185: Link Down Message Sent By A Transit Node
It will logically block the protected VLANs on its secondary port, flush its FDB, and send a “flush FDB” message to its associated transit nodes. ExtremeWare 7.2e Installation and User Guide...
Page 186: Configuring Eaps On A Switch
The following command example creates an EAPS domain named “eaps_1”: create eaps eaps_1 To delete an EAPS domain, use the following command: delete eaps <name> The following command example deletes the EAPS domain “eaps_1”: delete eaps eaps_1 ExtremeWare 7.2e Installation and User Guide...
Page 187: Defining The Eaps Mode Of The Switch
Use the parameter to send an alert when the failtimer expires. expiry-action send-alert Instead of going into a “failed” state, the master node remains in a “Complete” or “Init” state, maintains ExtremeWare 7.2e Installation and User Guide...
Page 188: Configuring The Primary And Secondary Ports
If the domain is active, you cannot delete the domain or modify the configuration of the control VLAN. To configure the EAPS control VLAN for the domain, use the following command: configure eaps <name> add control vlan <vlan_name> ExtremeWare 7.2e Installation and User Guide...
Page 189: Configuring The Eaps Protected Vlans
As long as the ring is complete, the master node blocks the protected VLANs on its secondary port. The following command example adds the protected VLAN “orchid” to the EAPS domain “eaps_1.” configure eaps eaps_1 add protect vlan orchid ExtremeWare 7.2e Installation and User Guide...
Page 190: Enabling And Disabling An Eaps Domain
The results for this command are as follows: EAPS Enabled: Yes Number of EAPS instances: 1 EAPSD-Bridge links: 2 Vlan Domain State Mo En Port Port Control-Vlan (VID) count ------------ ------------ -- -- ------- ------- ------------------ ----- eaps1 Complete cvlan (0100) ExtremeWare 7.2e Installation and User Guide...
Page 191 4096. Each time a VLAN is added to EAPS, this count increments by 1. Name: The configured name for this EAPS domain. (Instance= ) The instance number is created internally by the system. ExtremeWare 7.2e Installation and User Guide...
Page 192 VLAN to this EAPS domain or this port has not been added to the control VLAN. Hello Timer interval: The configured value of the timer in seconds, specifying the time that the master node waits between transmissions of health-check packets. ExtremeWare 7.2e Installation and User Guide...
Page 193 The count of protected VLANs configured on this EAPS domain. 1. These fields apply only to transit nodes; they are not displayed for a master node. 2. This list is displayed when you use the detail keyword in the show eaps command. ExtremeWare 7.2e Installation and User Guide...
Page 194 Ethernet Automatic Protection Switching ExtremeWare 7.2e Installation and User Guide...
Page 195: Overview Of The Spanning Tree Protocol
• Redundant paths are disabled when the main paths are operational. • Redundant paths are enabled if the main path fails. NOTE STP is not supported in conjunction with ESRP. ExtremeWare 7.2e Installation and User Guide...
Page 196: Spanning Tree Domains
• Default VLAN is a member of STPD s0 To configure the mode of operation of an STPD, use the following command: configure stpd <spanning tree name> mode [dot1d | dot1w] All STP parameters default to the IEEE 802.1d values, as appropriate. ExtremeWare 7.2e Installation and User Guide...
Page 197: Port Modes
<vlan name> disable ignore-bpdu vlan <vlan name> If you have a known topology and have switches outside of your network within your STPD, use this feature to keep the root bridge within your network. ExtremeWare 7.2e Installation and User Guide...
Page 198: Rapid Root Failover
• Marketing is defined on all switches (switch A, switch B, switch Y, switch Z, and switch M). Two STPDs are defined: • STPD1 contains VLANs Sales and Personnel. • STPD2 contains VLANs Manufacturing and Engineering. The VLAN Marketing is a member of both STPD1 and STPD2. ExtremeWare 7.2e Installation and User Guide...
Page 199 Within a single STPD, you must be extra careful when configuring your VLANs. Figure 32 illustrates a network that has been incorrectly set up using a single STPD so that the STP configuration disables the ability of the switches to forward VLAN traffic. ExtremeWare 7.2e Installation and User Guide...
Page 200: Vlan Spanning Multiple Stpds
In a typical large enterprise network, for example, VLANs span multiple sites and/or buildings. Each site represents a redundant looped area. However, between any two sites the topology is usually very simple. ExtremeWare 7.2e Installation and User Guide...
Page 201: Emistp And Pvst+ Deployment Constraints
STPD, then that port cannot be in another VLAN that is in a different STPD, or not in a STPD at all. EMISTP and PVST+ are supported only in compatibility mode.Newly created EMISTP VLANs are not associated with STPD s0 by default. ExtremeWare 7.2e Installation and User Guide...
Page 202: Per-Vlan Spanning Tree
If a network topology change or failure occurs, RSTP rapidly recovers network connectivity by confirming the change locally before propagating that change to other ExtremeWare 7.2e Installation and User Guide...
Page 203: Rstp Terms
Port role assignments are determined based on the following criteria: • A unique bridge identifier (MAC address) associated with each bridge • The path cost associated with each bridge port • A port identifier associated with each bridge port ExtremeWare 7.2e Installation and User Guide...
Page 204 By default, all ports are broadcast links. Point-to-point Specifies a port attached to a LAN segment with only two bridges. A port with port-to-port link type can participate in rapid reconfiguration. Used for 802.1w configurations. ExtremeWare 7.2e Installation and User Guide...
Page 205 If the bridge operates in 1w mode and receives an inferior BPDU, the timer expires early. The default value is the same as the STPD bridge max age parameter. ExtremeWare 7.2e Installation and User Guide...
Page 206: Rstp Operation
RSTP rapid transition rules, a forward delay timer starts and STP behavior takes over. • Is now a root port and no other ports have a recent role assignment that contradicts with its root port role. ExtremeWare 7.2e Installation and User Guide...
Page 207 The previous root port is now an alternate port. Depending on your STP implementation, STP may set the new root port to the forwarding state before setting the old root port to the blocking state. This may cause a loop. ExtremeWare 7.2e Installation and User Guide...
Page 208 This section describes the RSTP rapid behavior following a topology change. In this example, the bridge priorities are assigned based on the order of their alphabetical letters; bridge A has a higher priority than bridge F. ExtremeWare 7.2e Installation and User Guide...
Page 209 • Sends a BPDU message on its designated port to bridge E Figure 36: Down link detected A , 0 A , 1 A , 2 Down link BPDU F , 0 A , 2 A , 3 Designated Root port port EW_103b ExtremeWare 7.2e Installation and User Guide...
Page 210 • Determines that bridge E is the root bridge. Figure 38: Communicating new root bridge status to neighbors A , 0 A , 1 A , 2 Designated port Root port E , 1 E , 0 A , 3 EW_103d ExtremeWare 7.2e Installation and User Guide...
Page 211 • An “agree” message from its root port to bridge D. Figure 40: Communicating port status to neighbors A , 0 A , 1 A , 2 Designated Root port port E , 1 A , 4 A , 3 Agree BPDU EW_103f ExtremeWare 7.2e Installation and User Guide...
Page 212 802.1d mode until the bridge stops receiving 802.1d BPDUs. Each time the bridge receives an 802.1d BPDU, the timer restarts. When the port migration timer expires, no more 802.1d BPDUs have been received and the bridge returns to its configured setting, 802.1w mode. ExtremeWare 7.2e Installation and User Guide...
Page 213: Stp Rules And Restrictions
After you have created the STPD, you can optionally configure STP parameters for the STPD. NOTE You should not configure any STP parameters unless you have considerable knowledge and experience with STP. The default STP parameters are adequate for most networks. ExtremeWare 7.2e Installation and User Guide...
Page 214: Stp Configuration Examples
• Create an STPD • Configure the mode of operation for the STPD • Create the VLANs and assign the ports • Add the VLANs to the STPD • Configure the port link types ExtremeWare 7.2e Installation and User Guide...
Page 215 1,2 tagged configure stpd stpd1 add vlan sales configure stpd stpd1 add vlan personnel configure stpd stpd1 add vlan marketing configure stpd stpd1 ports link-type point-to-point 1,2 enable stpd stpd1 ExtremeWare 7.2e Installation and User Guide...
Page 216: Displaying Stp Settings
The command displays the following: • STPD port configuration • STPD port mode of operation • STPD path cost • STPD priority • STPD state (root bridge, and so on) • Port role (root bridge, edge port, etc.) ExtremeWare 7.2e Installation and User Guide...
Page 217 Displaying STP Settings • STPD port state (forwarding, blocking, and so on) • Configured port link type • Operational port link type ExtremeWare 7.2e Installation and User Guide...
Page 218 Spanning Tree Protocol (STP) ExtremeWare 7.2e Installation and User Guide...
Page 219: Overview Of Ip Unicast Routing
Each host using the IP unicast routing functionality of the switch must have a unique IP address assigned. In addition, the default gateway assigned to the host must be the IP address of the router interface. ExtremeWare 7.2e Installation and User Guide...
Page 220: Router Interfaces
Ethernet MAC addresses. Traffic between the two VLANs is routed using the IP addresses. Figure 44: Routing between VLANs 192.207.35.1 192.207.36.1 192.207.35.0 192.207.36.0 Finance Personnel 8 - 15 24 - 48 192.207.35.11 192.207.36.12 ES4K024 ExtremeWare 7.2e Installation and User Guide...
Page 221: Populating The Routing Table
When there are multiple, conflicting choices of a route to a particular destination, the router picks the route with the longest matching network mask. If these are still equal, the router picks the route using the following criteria (in the order specified): • Directly attached network interfaces • ICMP redirects ExtremeWare 7.2e Installation and User Guide...
Page 222: Subnet-Directed Broadcast Forwarding
Using these commands together, you can achieve a 100% reduction on the Summit switches. Proxy ARP Proxy Address Resolution Protocol (ARP) was first invented so that ARP-capable devices could respond to ARP Request packets on behalf of ARP-incapable devices. Proxy ARP can also be used to achieve ExtremeWare 7.2e Installation and User Guide...
Page 223: Arp-Incapable Devices
Table 40 lists the relative priorities assigned to routes depending upon the learned source of the route. NOTE Although these priorities can be changed, do not attempt any manipulation unless you are expertly familiar with the possible consequences. ExtremeWare 7.2e Installation and User Guide...
Page 224: Configuring Ip Unicast Routing
{[broadcast | ignore-broadcast]}{vlan <vlan name>} 5 Turn on RIP or OSPF using one of the following commands: enable ripp enable ospf For more information on configuring RIPP and OSPF, see “Interior Gateway Protocols” on page 231. ExtremeWare 7.2e Installation and User Guide...
Page 225: Verifying The Ip Unicast Routing Configuration
In this configuration, all IP traffic from stations connected to ports 5 and 6 have access to the switch by way of the VLAN Finance. Ports 21 and 22 reach the switch by way of the VLAN Personnel.. The example in Figure 45 is configured as follows: create vlan Finance ExtremeWare 7.2e Installation and User Guide...
Page 226: Icmp Packet Processing
{vlan <vlan name>} disable icmp redirects {vlan <vlan name>} To enable or disable the generation of ICMP time exceeded messages on one or all VLANs, use the following commands: enable icmp time-exceeded {vlan <vlan name>} ExtremeWare 7.2e Installation and User Guide...
Page 227: Configuring Dhcp/Bootp Relay
Configuring the DHCP Relay Agent Option (Option 82) After configuring and enabling the DHCP/BOOTP relay feature, you can enable the DHCP relay agent option feature. This feature inserts a piece of information, called option 82, into any DHCP request ExtremeWare 7.2e Installation and User Guide...
Page 228: Verifying The Dhcp/Bootp Relay Configuration
Verifying the DHCP/BOOTP Relay Configuration To verify the DHCP/BOOTP relay configuration, use the following command: show ipconfig This command displays the configuration of the BOOTP relay service, and the addresses that are currently configured. ExtremeWare 7.2e Installation and User Guide...
Page 229: Udp-Forwarding
67 ipaddress 10.1.1.1 configure backbonedhcp add 67 ipaddress 10.1.1.2 configure labdhcp add 67 vlan labsvrs configure marketing udp-profile backbonedhcp configure operations udp-profile backbonedhcp configure labuser udp-profile labdhcp ExtremeWare 7.2e Installation and User Guide...
Page 230: Udp Echo Server
You can use UDP Echo packets to measure the transit time for data between the transmitting and receiving end. To enable UDP echo server support, use the following command: enable udp-echo-server To disable UDP echo server support, use the following command: disable udp-echo-server ExtremeWare 7.2e Installation and User Guide...
Page 231 • RFC 1058—Routing Information Protocol (RIP) • RFC 1723—RIP Version 2 • RFC 2178—OSPF Version 2 • Interconnections: Bridges and Routers by Radia Perlman ISBN 0-201-56332-0 Published by Addison-Wesley Publishing Company ExtremeWare 7.2e Installation and User Guide...
Page 232: Chapter 13 Interior Gateway Protocols
• Support for load balancing to multiple routers based on the actual cost of the link. • Support for hierarchical topologies where the network is divided into areas. The details of RIP and OSPF are explained later in this chapter. ExtremeWare 7.2e Installation and User Guide...
Page 233: Overview Of Rip
In this case, a router advertises a route over the same interface that supplied the route, but the route uses a hop count of 16, defining it as unreachable. To enable poison reverse, issue this command: enable rip poisonreverse To disable poison reverse, issue this command: disable rip poisonreverse ExtremeWare 7.2e Installation and User Guide...
Page 234: Triggered Updates
The shortest path tree provides the route to each destination in the autonomous system. When several equal-cost routes to a destination exist, traffic can be distributed among them. The cost of a route is described by a single metric. ExtremeWare 7.2e Installation and User Guide...
Page 235: Link-State Database
• —Specifies the timeout, in seconds, after which the system ceases to be in overflow state. A timeout timeout value of zero leaves the system in overflow state until OSPF is disabled and re-enabled. ExtremeWare 7.2e Installation and User Guide...
Page 236: Areas
Any OSPF network that contains more than one area is required to have an area configured as area 0.0.0.0, also called the backbone. All areas in an autonomous system must be connected to the backbone. When designing networks, you should start with area 0.0.0.0, and then expand into other areas. ExtremeWare 7.2e Installation and User Guide...
Page 237 ABRs for that NSSA is elected to perform translation (as indicated in the NSSA specification). The option should not be used on NSSA internal routers. Doing so inhibits correct operation of the election algorithm. Normal Area A normal area is an area that is not: • Area 0. ExtremeWare 7.2e Installation and User Guide...
Page 238 Virtual links are also used to repair a discontiguous backbone area. For example, in Figure 47, if the connection between ABR1 and the backbone fails, the connection using ABR2 provides redundancy so that the discontiguous area can continue to communicate with the backbone using the virtual link. ExtremeWare 7.2e Installation and User Guide...
Page 239: Point-To-Point Support
The number of routers in an OSPF point-to-point link is determined per-VLAN, not per-link. NOTE All routers in the VLAN must have the same OSPF link type. If there is a mismatch, OSPF attempts to operate, but may not be reliable. ExtremeWare 7.2e Installation and User Guide...
Page 240: Route Re-Distribution
Then you can configure the routes to export from OSPF to RIP and the routes to export from RIP to OSPF. Likewise, for any other combinations of protocols, you must separately configure each to export routes to the other. ExtremeWare 7.2e Installation and User Guide...
Page 241 These commands enable or disable the exporting of static, direct, and OSPF-learned routes into the RIP domain. You can choose which types of OSPF routes are injected, or you can simply choose , which ospf will inject all learned OSPF routes regardless of type. The default setting is disabled. ExtremeWare 7.2e Installation and User Guide...
Page 242: Rip Configuration Example
ExtremeWare allows you to configure the OSPF wait interval, rather than using the router dead interval. CAUTION Do not configure OSPF timers unless you are comfortable exceeding OSPF specifications. Non-standard settings might not be reliable under all circumstances. To specify the timer intervals, use the following command: ExtremeWare 7.2e Installation and User Guide...
Page 243: Ospf Configuration Example
Area 0 IR 2 IR 1 10.0.1.1 10.0.1.2 10.0.3.2 10.0.2.2 Headquarters ABR 2 ABR 1 10.0.3.1 10.0.2.1 161.48.2.2 Los Angeles 161.48.2.1 160.26.26.1 160.26.25.1 Virtual link 160.26.26.2 Chicago 160.26.25.2 Area 5 Area 6 (stub) EW_018 ExtremeWare 7.2e Installation and User Guide...
Page 244: Configuration For Ir1
LA_161_48_2 area 0.0.0.6 configure ospf add vlan Chi_160_26_26 area 0.0.0.5 configure ospf add vlan all area 0.0.0.0 enable ospf Configuration for IR1 The router labeled IR1 has the following configuration: ExtremeWare 7.2e Installation and User Guide...
Page 245: Displaying Ospf Settings
A common use of this command is to omit all optional parameters, resulting in the following shortened form: show ospf lsdb The shortened form displays all areas and all types in a summary format. Authentication Authentication is supported at two different levels: interface, and domain or area. ExtremeWare 7.2e Installation and User Guide...
Page 246: Summarizing Level 1 Ip Routing Information
This feature forces the router to set the overload bit (also known as the hippity bit) in its non-pseudo node link-state packets. Normally the setting of the overload bit is allowed only when a router runs into ExtremeWare 7.2e Installation and User Guide...
Page 247: Default Routes To Nearest Level 1/2 Switch For Level 1 Only Switches
The level 1/2 switch that is attached to the level 2 backbone network when at least one of area addresses of level 2 LSP received from other level 2 or level 1/2 switches is not in the list of the level 1 union area address set. ExtremeWare 7.2e Installation and User Guide...
Page 248 Interior Gateway Protocols ExtremeWare 7.2e Installation and User Guide...
Page 249: Ip Multicast Routing Overview
• A router-to-router multicast routing protocol (such as Protocol Independent Multicast- Sparse Mode (PIM-SM). • A method for the IP host to communicate its multicast group membership to a router (for example, Internet Group Management Protocol (IGMP)). ExtremeWare 7.2e Installation and User Guide...
Page 250: Pim Sparse Mode (Pim-Sm) Overview
[<vlan name> | all] For example, to add a VLAN named lobby, as an active interface, you would enter: configure pim add vlan lobby To configure an RP and its associated groups statically, enter the following command: ExtremeWare 7.2e Installation and User Guide...
Page 251: Igmp Overview
IGMP is enabled by default on the switch. However, the switch can be configured to disable the generation of periodic IGMP query packets. IGMP should be enabled when the switch is configured to perform IP unicast or IP multicast routing. ExtremeWare 7.2e Installation and User Guide...
Page 252: Igmp Snooping
For details on creating access profiles, see the section, “Routing Access Profiles” on page 160. For the access profiles used as IGMP snooping filters, all the profile entries ExtremeWare 7.2e Installation and User Guide...
Page 253: Multicast Tools
When the request reaches the first-hop router, the filled in request is sent back to the system requesting the trace. The request will also be returned if the maximum hop limit is reached. ExtremeWare 7.2e Installation and User Guide...
Page 254: Configuring Ip Multicasting Routing
HQ_10_0_1 ipaddress 10.0.1.2 255.255.255.0 configure vlan HQ_10_0_2 ipaddress 10.0.2.2 255.255.255.0 configure ospf add vlan all enable ipforwarding enable ospf enable ipmcforwarding configure pim add vlan HQ_10_0_1 enable pim The following example configures PIM-SM. ExtremeWare 7.2e Installation and User Guide...
Page 255: Configuration For Abr1
224.0.0.0 240.0.0.0 enable loopback HQ_10_0_3 configure pim crp HQ_10_0_3 rp-list 30 configure pim cbsr HQ_10_0_3 30 configure pim spt-threshold 16 8 ExtremeWare 7.2e Installation and User Guide...
Page 256 IP Multicast Routing ExtremeWare 7.2e Installation and User Guide...
Page 257: Chapter 15 Using Extremeware Vista On The Summit
• After downloading a newer version of the switch image, clear the browser disk and memory cache to see the updated menus. You must clear the cache while on the main ExtremeWare Vista Logon page, so that all underlying.GIF files are updated. ExtremeWare 7.2e Installation and User Guide...
Page 258: Accessing Extremeware Vista
• Turn off one or more of the browser toolbars to maximize the viewing space of the ExtremeWare Vista content screen. • If you will be using ExtremeWare Vista to send an email to the Extreme Networks Technical Support department, configure the email settings in your browser.
Page 259 Accessing ExtremeWare Vista Figure 51: Home Page for ExtremeWare Vista 2 Click Logon to open the Username and Password dialog box shown in Figure 52. Figure 52: Username and Password Dialog Box ExtremeWare 7.2e Installation and User Guide...
Page 260: Navigating Within Extremeware Vista
When you choose one of the main buttons, that menu expands to reveal the submenu links available under that function. If another function list is open at the time, that list contracts so that only the active menu is open. ExtremeWare 7.2e Installation and User Guide...
Page 261: Browser Controls
Figure 54. These configuration tasks are described in the following sections: • IP Forwarding on page 262 • License on page 263 • OSPF on page 264 • Ports on page 270 ExtremeWare 7.2e Installation and User Guide...
Page 262: Ip Forwarding
VLANs. Before submitting a change, users must select the appropriate value for all fields. The configuration box has the following selectable fields: VLAN name Unicast Forwarding—Either enable or disable Broadcast Forwarding—Either enable or disable Multicast Forwarding—Enable, disable, or don’t change ExtremeWare 7.2e Installation and User Guide...
Page 263: License
The License window allows you to enable the Advanced Edge license by submitting a valid license key purchased from Extreme Networks. See Figure 56 for an example of this window. For more information on levels of licensing, see “Software Licensing” on page 30.
Page 264: Ospf
NOTE Before you can make global changes to OSPF, you must first disable OSPF Export Static and OSPF Export RIP. From this portion of the window, you can: ExtremeWare 7.2e Installation and User Guide...
Page 265 Enter an area ID in the same format as an IP address, (for example, 1.2.3.4). This portion of the window is also shown in Figure 57. For further details see “Backbone Area (Area 0.0.0.0)” on page 236. ExtremeWare 7.2e Installation and User Guide...
Page 266 ID. You can also set the area type, the cost, and determine whether to translate for NSSA or not. You may only translate for area type NSSA. ExtremeWare 7.2e Installation and User Guide...
Page 267 As shown in Figure 60, the top table lists the existing OSPF IP interface configuration. The table consists of the following fields: VLAN name Area ID OSPF—Either enabled or disabled Priority—Always set to zero for Summit 400 Interface—Either passive or non-passive ExtremeWare 7.2e Installation and User Guide...
Page 268 ID or an area ID, the top table displays those values. In the following box you can configure the timers for the virtual link (transit delay, hello interval, router dead time, and retransmit interval). For further information on virtual links, see “Virtual Links” on page 238. ExtremeWare 7.2e Installation and User Guide...
Page 269 Message Digest 5 (MD5) key for the interface. If you choose MD5, select a numerical ID between 0 and 255, then select a key value between the range of 0 to 65,535. ExtremeWare 7.2e Installation and User Guide...
Page 270: Ports
Configuration Duplex—The duplex mode, either autonegotiation (auto), half, or full Actual Duplex—The duplex setting, either half or full Primary Media—The primary wiring media, either unshielded twisted-pair (UTP) or fiber (SX, LX, or Redundant Media—The backup wiring media, always unshielded twisted-pair (UTP) ExtremeWare 7.2e Installation and User Guide...
Page 271 Speed—The setting for port speed, either 10, 100, or 1000 Duplex—The autonegotiation setting for the duplex setting, either half or full QoS Profile—A QoS profile in the format of QPn, where n is from 1 to 8 ExtremeWare 7.2e Installation and User Guide...
Page 272: Rip
— Default setting = 30 seconds • Change the route timeout. The default setting is 180 seconds. • Change the RIP garbage time. The timer granularity is 10 seconds. The default setting is 120 seconds. ExtremeWare 7.2e Installation and User Guide...
Page 273 For more information about setting RIP parameters globally, see “Overview of RIP” on page 233. Configure RIP for an IP interface Following the global configuration section is for configuring RIP for an individual IP interface. Figure 66 shows an example of this section of the window. ExtremeWare 7.2e Installation and User Guide...
Page 274 V1 Compatible—Transmit RIP v2 format packets to the broadcast address. V2 Only—Transmit RIP v2 format packets to the RIP multicast address. If no VLAN is specified, the setting is applied to all VLANs. The default setting is V2 Only. ExtremeWare 7.2e Installation and User Guide...
Page 275: Snmp
Name—The system name is the name that you have assigned to this switch. The default name is the model name of the switch (for example, Summit 400-48t switch). Location —The location of this switch. ExtremeWare 7.2e Installation and User Guide...
Page 276 The last two boxes in the section allow you to add a trap receiver or to delete a trap receiver. For further information on SNMP and trap receivers, see “Using SNMP” on page 52. ExtremeWare 7.2e Installation and User Guide...
Page 277: Spanning Tree
From this window, you can configure all aspects of a Spanning Tree Domain (STPD). The window is divided into two sections. In the top section, you can create or delete a Spanning Tree Domain (STPD) as shown in Figure 69. ExtremeWare 7.2e Installation and User Guide...
Page 278 Select a STPD, change the parameter values as described above, and click Configure. The Configure Spanning Tree Parameters box is shown in Figure 69 and Figure 70. • Assign VLANs to a STPD, as shown in Figure 70. • Unconfigure STPD, as shown in Figure 70. ExtremeWare 7.2e Installation and User Guide...
Page 279 STP Domain—The name of the STP domain. See Figure 71 for an example of the table. • Configure Spanning Tree ports. Add or change the above parameters for STP ports. See Figure 72 for an example of this configuration box. ExtremeWare 7.2e Installation and User Guide...
Page 280 Using ExtremeWare Vista on the Summit 400 Figure 71: Spanning Tree Configuration (3 of 4) Figure 72: Spanning Tree Configuration (4 of 4) ExtremeWare 7.2e Installation and User Guide...
Page 281: Switch
This stand-alone button causes the Summit 400 to reboot immediately. Figure 73: Switch Configuration User Accounts This window allows you to control access to the system. As shown in Figure 74, the top table provides: • The user’s name ExtremeWare 7.2e Installation and User Guide...
Page 282: Virtual Lan
The top section of the window allows you to create or delete a VLAN, as shown in Figure 75. When naming a VLAN, be sure to following the naming guidelines described in “VLAN Names” on page 96. ExtremeWare 7.2e Installation and User Guide...
Page 283 Netmask—Specifies a subnet mask in dotted-quad notation (e.g. 255.255.255.0). 802.1Q Tag—Adds an 802.1Q tag to the VLAN. Acceptable values range from 1 to 4094. Spanning Tree Domain—Assigns the VLAN to a STPD. QoS Profile—Assigns a QoS profile to the VLAN. ExtremeWare 7.2e Installation and User Guide...
Page 284: Access List
The top section of the window, as shown in Figure 77, displays information about existing access masks. The following mask features are shown in a table format: Dest Mac—Ethernet destination MAC address Src Mac—Ethernet source MAC address VLAN ID—VLAN identifier (VLANid) ExtremeWare 7.2e Installation and User Guide...
Page 285 Figure 77: Access List Configuration (1 of 3) As Figure 77 shows, the next section of the window allows you to create, reset, modify or delete an access mask. Use the checkboxes to specify an option. ExtremeWare 7.2e Installation and User Guide...
Page 286 As shown in Figure 79, the final section of this window allows you to create, modify, or delete an access list. You can also create, modify or reset a rate limit. See the previous section for definitions of these fields. ExtremeWare 7.2e Installation and User Guide...
Page 287: Reviewing Extremeware Vista Statistical Reports
IP Configuration—Contains the global IP configuration statistics and router interface statistics IP Route—Contains the IP Route table IP Statistics—Contains global IP statistics Ports—Contains the physical port statistics Port Collisions—Contains Ethernet collision summary Port Errors—Contains Ethernet port errors Port Utilization—Contains link utilization information ExtremeWare 7.2e Installation and User Guide...
Page 288: Event Log
This window allows you to review the contents of the FDB table. It also gives summary information about the contents of the view and allows you tailor the view by various parameters. The view of the FDB, as shown in Figure 81, consists of the following entries: ExtremeWare 7.2e Installation and User Guide...
Page 289 Dynamic—Number of dynamic entries in this view Discarded—Number of entries discarded Aging Time—The current time setting for removing entries from the FDB The View Options allow you to filter and restrict the amount of information presented in the FDB view. ExtremeWare 7.2e Installation and User Guide...
Page 290: Ip Arp
MAC Address—The MAC address associated with the IP address Age—The age of the entry Flags—Identifier for static entry (m), proxy ARP (p), and trailers requested (t) Static—Either yes for a static entry or no for dynamic VLAN—VLAN name VLAN ID ExtremeWare 7.2e Installation and User Guide...
Page 291: Ip Configuration
RIP—Routing Information Protocol (RIP) is either enabled or disabled. IRDP—ICMP Router Discovery Protocol (IRDP) shows the generation of ICMP router advertisement messages on one or all VLANs. The setting is either enabled or disabled; the default setting is enabled. ExtremeWare 7.2e Installation and User Guide...
Page 292 Figure 84: IP Configuration Statistics Router Interface Statistics The Router Interface Statistics table gives the details of individual VLANs. It contains the following fields: VLAN name State—up or down IP Address—in dotted-quad notation ExtremeWare 7.2e Installation and User Guide...
Page 293: Ip Route
The Summit 400 dynamically builds and maintains the routing table, and determines the best path for each of its routes. The IP route table contains the following fields: Destination—The destination address Gateway—The gateway address Mtr—The cost metric Flags—For example, U for ub; G for gateway; and U for unicast ExtremeWare 7.2e Installation and User Guide...
Page 294: Ip Statistics
IP routing, see “Populating the Routing Table” on page 221. Figure 85: IP Route Table IP Statistics This window provides ICMP error reporting statistics and error counts from the switch as a whole, and also on individual interfaces. For information about error counts: ExtremeWare 7.2e Installation and User Guide...
Page 295 Global ICMP Statistics table provides information about error counts found in the following areas: • In Bad Code • In Too Short • In Bad Length • In Router Advertisements • Out Router Advertisements ExtremeWare 7.2e Installation and User Guide...
Page 296 • Interface ID • IP Address • Netmask • Broadcast Address • Amount in and out of the switch for the following units: packets, octets, multicast packets, broadcast packets, errors, discards, and unknown protocols ExtremeWare 7.2e Installation and User Guide...
Page 297: Ports
This window provides information about active ports as reported by the Summit 400 hardware. As shown in Figure 89, the report consists of the following fields: Port Number Port Speed Link State Received Packet Count Transmitted Packet Count Received Byte Count Transmitted Byte Count Collisions ExtremeWare 7.2e Installation and User Guide...
Page 298: Port Collisions
Figure 89: Physical Port Statistics Port Collisions This window provides information about Ethernet collisions that occur when the port is operating in half-duplex mode. An example of this window is shown in Figure 90. ExtremeWare 7.2e Installation and User Guide...
Page 299: Port Errors
• Rx Lost • Rx Bad Cyclic Redundancy Check (CRC) • Rx Undersize • Rx Oversize • Rx Fragments • Rx Jabber • Rx Alignment • Tx Errored • Tx Deferred • Tx Late Collisions ExtremeWare 7.2e Installation and User Guide...
Page 300: Port Utilization
Tx Pkt/Sec—Transmission packet rate Peak Tx Pkt/Sec—Peak packet rate transmitted Rx Byte/Sec—Received byte rate Peak Rx Byte/Sec—Peak received bytes rate Tx Byte/Sec—Transmission byte rate Peak Tx Byte/Sec—Peak transmission byte rate Bandwidth—Bandwidth utilization Peak Bandwidth—Peak bandwidth utilization ExtremeWare 7.2e Installation and User Guide...
Page 301: Rip
Rcvd Pkts—Received RIP packets Sent Pkts—Sent RIP packets Rcvd Bad Pkts—Received bad RIP packets Rcvd Bad Routes—Received bad routes Sent Trig Updts—Sent triggered updates Peer Age (sec)—Age in seconds Version—RIP version Bad Pkts—Bad Packets ExtremeWare 7.2e Installation and User Guide...
Page 302: Switch
Secondary Configuration—File size, date and time of the download Switch Temperature—Either normal or over, for over-temperature Internal Power Supply—Power supply information. If at full capacity it is displayed in green. If it installed but not operating, it is displayed in red. ExtremeWare 7.2e Installation and User Guide...
Page 303: Locating Support Information
Contact Support—For customer support telephone numbers and URLs Email Support—To send an email directly to customer support Help The Help window provides the URL to the ExtremeWare 7.2e Installation and User Manual. See Figure 95 for an example of this window. ExtremeWare 7.2e Installation and User Guide...
Page 304: Tftp Download
As shown in Figure 97, you need to provide the following information: TFTP Server Address—Obtain this address from your Customer Support Representative Filename—The filename of the software image to download Container—The location, either primary or secondary, where you want to store the downloaded image ExtremeWare 7.2e Installation and User Guide...
Page 305 Locating Support Information Figure 96: TFTP Download Contact Support The Contact Support window contains the mailing address, telephone number, fax number, and URL for Customer Support. An example of this window is shown in Figure 97. ExtremeWare 7.2e Installation and User Guide...
Page 306 When you click the submenu link for Email Support, the browser closes the ExtremeWare Vista page and opens your browser’s email window. You can then send an email directly to customer support as shown in Figure 98. ExtremeWare 7.2e Installation and User Guide...
Page 307: Logging Out Of Extremeware Vista
Logging Out of ExtremeWare Vista When you click the Logout button in the task frame, it causes an immediate exit from ExtremeWare Vista. Be sure you want to exit the application because there is no confirmation screen. ExtremeWare 7.2e Installation and User Guide...
Page 308 Using ExtremeWare Vista on the Summit 400 ExtremeWare 7.2e Installation and User Guide...
Page 309: Appendix A Technical Specifications
AC Line Frequency: 50 Hz to 60 Hz Input Voltage Options: 90 VAC to 264 VAC, auto-ranging Current Rating: 4A at 100 VAC; 2A at 240 VAC Heat Dissipation, Watts/BTU 160 W/0.152 BTU per second ExtremeWare 7.2e Installation and User Guide...
Page 310 Korean MIC Mark (MIC Approval, Emissions and Immunity) Mexico NOM/NYCE (Product Safety and EMC Approval) GOST (Russia) Taiwan CNS 13438:1997 Class A (BSMI Approval, Emissions) Environmental Certification Marks CE (European Community) TUV/GS (German Notified Body) TUV/S (Argentina) ExtremeWare 7.2e Installation and User Guide...
Page 311: Supported Protocols, Mibs, And Standards
• Newtear CERT (http://www.cert.org) • Bonk • CA--97.28.Teardrop_Land -Teardrop and “LAND” • Winnuke attack • Raped • IP Options Attack • Simping • CA--98-13-tcp-denial-of-service • Sping • CA--98.01.smurf • Ascend • CA--96.26.ping • Stream ExtremeWare 7.2e Installation and User Guide...
Page 312 IGMP Snooping with Configurable Router Registration (PIM-SM): Protocol Specification--two non-passive Forwarding interfaces Static IGMP Membership RFC 1112 Host extensions for IP multicasting IGMP Filters RFC 2236 Internet Group Management Protocol, Mtrace, draft-letf-idmr-traceroute-imp-07 Version 2 Mrinfo ExtremeWare 7.2e Installation and User Guide...
Page 313 Simple Network Management Protocol IEEE-802.1x MIB ExtremeWare vendor MIB (includes ACL, MAC FDB, IP Extreme extensions to 802.1x-MIB FDB, MAC Address Security, QoS policy and VLAN configuration and statistics, STP and others) ExtremeWare 7.2e Installation and User Guide...
Page 314 RFC 1191 Path MTU Discovery the Bridge Network Control Protocol of the RFC 3032 MPLS Label Stack Encoding Point-to-Point Protocol • RFC 1473 The Definitions of Managed Objects for the IP Network Control Protocol of the Point-to-Point Protocol ExtremeWare 7.2e Installation and User Guide...
Page 315 Allocation IEEE 802.1v VLAN classification by Protocol and Port VLAN Translation Port-based VLANs RFC 2674 Definitions of Managed Objects for Bridges MAC-based VLANs with Traffic Classes, Multicast Filtering, and Virtual LAN Virtual MANs Extensions ExtremeWare 7.2e Installation and User Guide...
Page 316 Technical Specifications ExtremeWare 7.2e Installation and User Guide...
Page 317: Software Upgrade And Boot Options
The switch can store up to two images: a primary and a secondary. When you download a new image, you must select into which image space (primary or secondary) the new image should be placed. If not ExtremeWare 7.2e Installation and User Guide...
Page 318: Understanding The Image Version String
Major Version 7.0.0 (Build 61) 7.0.0b61 Minor Version 7.0.1 (Build 4) 7.0.1b4 Sustaining Version 7.0.0 (Build 68) 7.0.0b68 Patch Version 7.0.0 (Build 61) patch.030131-01-r1 7.0.0b61 patch.030131-01-r1 Technology Version 7.0.0 (Build 68) tech2.ipv6-r4 7.0.0b68 tech2.ipv6-r4 ExtremeWare 7.2e Installation and User Guide...
Page 319: Software Signatures
To save the configuration, use the following command: save configuration {primary | secondary} To use the configuration, use the following command: use configuration [primary | secondary] The configuration takes effect on the next reboot. ExtremeWare 7.2e Installation and User Guide...
Page 320: Returning To Factory Defaults
• Modify the configuration using a text editor, and later download a copy of the file to the same switch, or to one or more different switches. • Send a copy of the configuration file to the Extreme Networks Technical Support department for problem-solving purposes.
Page 321: Using Tftp To Download The Configuration
We recommend that you either download small incremental configurations, or schedule downloads during maintenance windows. ExtremeWare 7.2e Installation and User Guide...
Page 322: Scheduled Incremental Configuration Download
Upgrading BootROM Upgrading BootROM is done using TFTP (from the CLI), after the switch has booted. Upgrade the BootROM only when asked to do so by an Extreme Networks technical representative. To upgrade the BootROM, use the following command: download bootrom [<ip address> | <hostname>] <filename>...
Page 323 1K XMODEM protocol. (You can use a Windows Hyperterminal program to accomplish this step.) After the transfer is complete, the switch restores the console port to 9600 bps and begins the boot process. ExtremeWare 7.2e Installation and User Guide...
Page 324 Software Upgrade and Boot Options ExtremeWare 7.2e Installation and User Guide...
Page 325: Troubleshooting
{mgmt | <portlist>} configuration Switch does not power up: All products manufactured by Extreme Networks use digital power supplies with surge protection. In the event of a power surge, the protection circuits shut down the power supply. To reset, unplug the switch for 1 minute, plug it back in, and attempt to power up the switch.
Page 326: Cable Diagnostics
Summit400-48t:30 # show port 1 cable diagnostics Port Pair Length Status Pair A 0 meters Open or Short Pair B 0 meters Open or Short Pair C 0 meters Open or Short Pair D 0 meters Open or Short ExtremeWare 7.2e Installation and User Guide...
Page 327: Using The Command-Line Interface
A network problem may be preventing you accessing the device over the network. Try accessing the device through the console port. Check that the community strings configured for the device and the Network Manager are the same. ExtremeWare 7.2e Installation and User Guide...
Page 328: Port Configuration
Extreme show ports rxerrors switch may display a constant increment of CRC errors. This is characteristic of a duplex mismatch between devices. This is NOT a problem with the Extreme switch. ExtremeWare 7.2e Installation and User Guide...
Page 329: Vlans
Remember that VLAN names are only locally significant through the command-line interface. For two switches to communicate across a 802.1Q link, the VLAN ID for the VLAN on one switch should have a corresponding VLAN ID for the VLAN on the other switch. ExtremeWare 7.2e Installation and User Guide...
Page 330: Stp
VLANs, as follows: show debug-trace show debug-trace {vlan <vlan name>} commands should only be used under the guidance of Extreme Networks technical debug personnel. To reset all debug-tracing to the default level, use the following command: clear debug-trace ExtremeWare 7.2e Installation and User Guide...
Page 331: Top Command
In minimal mode, only the CPU, NVRAM, management port, and minimal tasks are active. The following commands are supported in minimal mode: • reboot • unconfigure switch all • unconfigure switch • use image • use configuration • download bootrom ExtremeWare 7.2e Installation and User Guide...
Page 332: Contacting Extreme Technical Support
• clear log diag-status Contacting Extreme Technical Support If you have a network issue that you are unable to resolve, contact Extreme Networks technical support. Extreme Networks maintains several Technical Assistance Centers (TACs) around the world to answer networking questions and resolve network problems. You can contact technical support by phone at: •...
Page 333: Index Of Commands
Index of Commands configure ip-mtu vlan 83, 85 configure iproute add default 48, 51, 224 clear counters 135, 176 configure iproute priority clear debug-trace configure jumbo-frame size clear fdb configure log display clear log counters configure log filter clear session 51, 72 configure log filter events match configure access-profile add...
Page 334 Index of Commands configure radius-accounting timeout create account 73, 76 configure reboot-loop-protection threshold create eaps configure rip vlan export-filter create fdbentry vlan blackhole configure rip vlan import-filter create fdbentry vlan dynamic 105, 115 configure rip vlan trusted-gateway create fdbentry vlan ports 106, 114 configure sharing address-based create log filter...
Page 335 Index of Commands disable stpd rapid-root-failover enable snmp traps exceed-committed-rate ports disable telnet 51, 74 enable sntp-client disable udp-echo-server enable ssh2 74, 178 disable web enable stpd download bootrom 77, 322 enable stpd rapid-root-failver download configuration 77, 100, 321 enable telnet 51, 74 download configuration cancel enable udp-echo-server...
Page 336 Index of Commands show ipfdb 222, 225 show iproute unconfigure bootprelay dhcp-agent information policy show log show log components unconfigure eaps primary port show log configuration filter unconfigure eaps secondary port show log configuration target unconfigure switch 74, 320 show log counters upload configuration 77, 320, 321 show log events...
Page 337 Address Resolution Protocol. See ARP controls account admin fonts Advanced Edge license 30, 263 setting up agent circuit ID sub-option buttons in ExtremeWare Vista agent remote ID sub-option aging entries, FDB ExtremeWare 7.2e Installation and User Guide...
Page 338 Equal Cost Multi-Path (ECMP) routing. See IP route sharing default ER XENPAK passwords error level messages in ExtremeWare Vista routes errors, port settings ESRP, load sharing and STP domain ESRP-awareness users establishing a Telnet session default route ExtremeWare 7.2e Installation and User Guide...
Page 339 IP configuration statistics aging entries IP multicast routing blackhole entries configuring contents description 29, 249 creating a permanent entry example IGMP 251 to 253 displaying PIM-SM dynamic entries IP route sharing ExtremeWare 7.2e Installation and User Guide...
Page 340 DHCP server as part of configuring disabling description introduction dynamic settings, displaying ESRP web-based example noAuthnoPriv introduced non-aging entries, FDB load-sharing group, description notice icons master port ExtremeWare 7.2e Installation and User Guide...
Page 341 64, 170 errors,viewing client configuration mode 197, 214 description 64, 170 monitoring display keys Merit server configuration (example) priority, STP per-command authentication receive errors per-command configuration (example) statistics, viewing 123, 297 RFC 2138 attributes ExtremeWare 7.2e Installation and User Guide...
Page 342 OSPF targets routing access policies trap receiver access profile 161 to 164 trap receivers deny using none SNMPEngineBoots OSPF snmpEngineID permit SNMPEngineTime SNTP configuring using Daylight Savings Time Routing Information Protocol. See RIP description ExtremeWare 7.2e Installation and User Guide...
Page 343 197, 214 server troubleshooting using STPD modes timed configuration download, MAC-based VLANs stub area, OSPF timers, PIM-SM sub-options, DHCP relay agent option command traceroute Summit 400 switch traffic groupings AC power socket traffic rate-limiting ExtremeWare 7.2e Installation and User Guide...
Page 344 Vista See ExtremeWare Vista VLAN tagging VLAN traffic grouping VLANs administration using ExtremeWare Vista and ExtremeWare Vista and STP assigning a tag benefits configuration examples configuring default description disabling route advertising displaying settings IP fragmentation ExtremeWare 7.2e Installation and User Guide...

Extreme Networks ExtremeWare 7.2e Installation And User Manual

Introduction

Conventions

Related Publications

Chapter 1 Summit 400-48T Switch Overview and Installation

Summary of Features

Summit 400-48T Switch Physical Features

Summit 400-48T Switch Leds

Mini-GBIC Type and Support

Port Connections

Software Overview

Software Licensing

Software Factory Defaults

Switch Installation

Determining the Switch Location

Following Safety Information

Installing the Switch

Installing or Replacing a Mini-Gigabit Interface Connector (Mini-GBIC)

Connecting Equipment to the Console Port

Powering on the Switch

Checking the Installation

Logging in for the First Time

Installing Optional Features

Overview

Chapter 2 Managing the Switch

Using the Console Interface

Using the 10/100/1000 Ethernet Management Port

Using Telnet

Using Secure Shell 2 (SSH2)

Using SNMP

Authenticating Users

Using Network Login

Using the Simple Network Time Protocol

Chapter 3 Accessing the Switch

Understanding the Command Syntax

Line-Editing Keys

Command History

Common Commands

Configuring Management Access

Domain Name Service Client Services

Checking Basic Connectivity

Chapter 4 Configuring Ports

Enabling and Disabling Switch Ports

Configuring Switch Port Speed and Duplex Setting

Jumbo Frames

Load Sharing on the Switch

Switch Port-Mirroring

Extreme Discovery Protocol

Configuring Automatic Failover for Combination Ports

Chapter 5 Virtual Lans (Vlans)

Overview of Virtual Lans

Types of Vlans

VLAN Names

Configuring Vlans on the Switch

Displaying VLAN Settings

MAC-Based Vlans

Chapter 6 Forwarding Database (FDB)

Overview of the FDB

Associating Qos Profiles with an FDB Entry

FDB Configuration Examples

Displaying FDB Entries

Chapter 7 Quality of Service (Qos)

Overview of Policy-Based Quality of Service

Applications and Types of Qos

Configuring Qos

Qos Profiles

Traffic Groupings

IP-Based Traffic Groupings

MAC-Based Traffic Groupings

Explicit Class of Service (802.1P and Diffserv) Traffic Groupings

Configuring Diffserv

Physical and Logical Groupings

Verifying Configuration and Performance

Modifying a Qos Configuration

Traffic Rate-Limiting

Chapter 8 Status Monitoring and Statistics

Port Statistics

Port Errors

Port Monitoring Display Keys

Setting the System Recovery Level