Download Print this page

Extreme Networks ExtremeWare XOS Guide Manual

Concepts guide

Hide thumbs Also See for ExtremeWare XOS Guide:

Command reference manual (2024 pages)

,

Manual (698 pages)

,

Manual (256 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual See also: Manual

ExtremeWare XOS Concepts Guide

Software Version 11.1

Extreme Networks, Inc.

3585 Monroe Street

Santa Clara, California 95051

(888) 257-3000

(408) 579-2800

http://www.extremenetworks.com

Published: December 2004

Part number: 100170-00 Rev 01

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the ExtremeWare XOS Guide and is the answer not in the manual?

Questions and answers

Summary of Contents for Extreme Networks ExtremeWare XOS Guide

Page 1 ExtremeWare XOS Concepts Guide Software Version 11.1 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 (408) 579-2800 http://www.extremenetworks.com Published: December 2004 Part number: 100170-00 Rev 01...
Page 2 Purple Extreme Solution Partners Logo, ServiceWatch, Summit, the Summit7i Logo, and the Color Purple, among others, are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and other countries. Other names and marks may be the property of their respective owners.
Page 3: Table Of Contents
Contents Preface............................17 Introduction ..........................17 Terminology........................17 Conventions..........................18 Related Publications .........................18 Using ExtremeWare XOS Publications Online .................19 Part 1: Using ExtremeWare XOS Chapter 1: ExtremeWare XOS Overview................... 23 Platforms and Required Software Versions ...................23 Summary of Features.........................23 Feature Highlights of ExtremeWare XOS 11.1 ................24 Software Licensing ........................27 Upgrading to Core License—Aspen 8810 Switch Only ............27 Advanced Core License—BlackDiamond 10K Switch Only............28...
Page 4 Contents Chapter 3: Managing the Switch ....................43 Overview ..........................43 Understanding the ExtremeWare XOS Shell .................44 Using the Console Interface .......................44 Using the 10/100 Ethernet Management Port ................44 Authenticating Users .........................45 RADIUS Client ........................45 TACACS+ ...........................45 Configuring RADIUS Client and TACACS+ ................45 Management Accounts......................46 Using Telnet ..........................46 About the Telnet Client ......................46...
Page 5 Contents Chapter 4: Managing the ExtremeWare XOS Software..............71 Overview of the ExtremeWare XOS Software .................71 Understanding the ExtremeWare XOS Software ..............71 Using the ExtremeWare XOS File System..................72 Moving or Renaming Files on the Switch ................72 Copying Files on the Switch ....................73 Displaying Files on the Switch ....................74 Deleting Files From the Switch .....................74 Managing the Configuration File ....................75...
Page 6 Contents Enabling PoE to the Switch ....................104 Power Reserve Budget Per Slot...................104 PD Disconnect Precedence ....................105 Port Disconnect or Fault ....................106 Port Power Reset.......................107 PoE Usage Threshold......................107 Legacy Devices .........................107 PoE Operator Limits ......................108 LEDs............................108 Configuring PoE ........................108 Enabling Inline Power......................109 Reserving Power for a Slot....................109 Setting the Disconnect Precedence ..................110 Configuring the Usage Threshold ..................111...
Page 7 Contents Using sFlow..........................143 Configuring sFlow......................144 Displaying sFlow Information....................146 RMON............................147 About RMON ........................147 Supported RMON Groups of the Switch ................148 Configuring RMON ......................149 Event Actions ........................150 Displaying RMON Information ....................150 Chapter 8: Virtual LANs ....................... 151 Overview of Virtual LANs......................151 Benefits ...........................151 Virtual Routers and VLANs—BlackDiamond 10K Switch Only..........152 Types of VLANs........................152 Port-Based VLANs ......................152...
Page 8 Contents FDB Configuration Examples ....................177 Configuring the FDB Aging Time....................177 MAC-Based Security........................178 Displaying FDB Entries ......................178 Chapter 11: Policies and ACLs ..................... 179 Policy Manager ........................179 Creating and Editing Policies....................179 Using the Edit Command ....................180 Using a Separate Machine ....................180 Checking Policies ......................180 Refreshing Policies......................181 Applying Policies ........................181...
Page 9 Contents Egress Traffic Rate Limiting—Aspen 8810 Switch Only ..............220 Bi-Directional Rate Shaping—BlackDiamond 10K Switch Only............221 Bandwidth Settings ......................222 Configuring Bi-Directional Rate Shaping................223 Chapter 13: Security ........................225 Security Overview........................225 Network Access Security ......................225 MAC Address Security ......................225 Limiting Dynamic MAC Addresses..................226 MAC Address Lock Down ....................227 Network Login ........................228 Web-Based, MAC-based, and 802.1x Authentication ............228...
Page 10 Contents Part 2: Using Switching and Routing Protocols Chapter 15: Ethernet Automatic Protection Switching..............267 Licensing ..........................267 Overview of the EAPS Protocol ....................267 Fast Convergence ......................269 Fault Detection and Recovery ....................269 Link Down Message Sent by a Transit Node .................270 Ring Port Down Event Sent by Hardware Layer ..............270 Polling ..........................271 Restoration Operations.......................271...
Page 11 Contents Encapsulation Modes......................297 STP States ........................298 Binding Ports........................299 Rapid Root Failover ......................301 STP and Hitless Failover—BlackDiamond 10K Switch Only...........301 STP Configurations........................302 Basic STP Configuration ....................302 Multiple STPDs on a Port ....................305 VLAN Spanning Multiple STPDs ..................305 EMISTP Deployment Constraints ..................306 Per VLAN Spanning Tree......................308 STPD VLAN Mapping......................308 Native VLAN ........................308...
Page 12 Contents Advanced ESRP Features......................339 ESRP Tracking........................339 ESRP Port Restart ......................342 ESRP Host Attach ......................342 ESRP Port Weight and Don’t Count ..................343 ESRP Groups ........................344 Displaying ESRP Information ....................345 Using ELRP with ESRP......................345 Using ELRP with ESRP to Recover Loops ................346 Configuring ELRP......................346 Displaying ELRP Information....................347 ESRP Examples ........................348...
Page 13 Contents IP Multinetting ........................372 Multinetting Topology ......................372 How Multinetting Affects Other Features ................373 Configuring IP Multinetting ....................377 IP Multinetting Examples ....................377 Configuring DHCP/BOOTP Relay ....................378 Configuring the DHCP Relay Agent Option (Option 82) ............378 Verifying the DHCP/BOOTP Relay Configuration ..............379 UDP Echo Server ......................380 Chapter 20: Interior Gateway Protocols ..................
Page 14 Contents BGP Route Flap Dampening ....................405 BGP Route Selection ......................407 Stripping Out Private AS Numbers from Route Updates ............407 Route Redistribution ......................408 BGP Static Network......................408 Chapter 22: IP Multicast Routing....................409 Overview ..........................409 PIM Overview........................409 IGMP Overview .........................411 Configuring IP Multicasting Routing..................412 Configuration Examples ......................413 PIM-DM Configuration Example ..................413 PIM-SM Configuration Example ..................414...
Page 15 Contents Using Standalone ELRP to Perform Loop Tests ................440 About Standalone ELRP.....................440 Configuring Standalone ELRP.....................441 Displaying Standalone ELRP Information................442 Using the Rescue Software Image.....................442 Debug Mode ...........................443 Saving Debug Information to the External Memory Card ..............444 Managing Files on the External Memory Card ...............444 TOP Command........................446 TFTP Server Requirements.......................446 System Health Check ......................446...
Page 16 Contents ExtremeWare XOS 11.1 Concepts Guide...
Page 17: Preface
This guide provides the required information to configure ExtremeWare XOS software version 11.1 running on switches from Extreme Networks. The guide is intended for use by network administrators who are responsible for installing and setting up network equipment. It assumes a basic working knowledge of: Local area networks (LANs) ●...
Page 18: Conventions
ExtremeWare XOS release notes ● ExtremeWare XOS 11.1 Command Reference Guide ● Extreme Networks Consolidated XOS Hardware Installation Guide ● Documentation for Extreme Networks products is available on the World Wide Web at the following location: http://www.extremenetworks.com/ ExtremeWare XOS 11.1 Concepts Guide...
Page 19: Using Extremeware Xos Publications Online
Related Publications Using ExtremeWare XOS Publications Online You can access ExtremeWare XOS publications by downloading them from the Extreme Networks ® World Wide Web location or from your ExtremeWare product CD. Publications are provided in Adobe Portable Document Format (PDF). Displaying or printing PDF files requires that your computer be ®...
Page 20 Preface ExtremeWare XOS 11.1 Concepts Guide...
Page 21: Part 1: Using Extremeware Xos
Using ExtremeWare XOS...
Page 23: Chapter 1: Extremeware Xos Overview
Platforms and Required Software Versions ExtremeWare ® XOS is the full-featured software operating system that is designed to run on the Extreme Networks ® devices. ExtremeWare XOS supports the following platforms: BlackDiamond ® 10800 family of switches—ExtremeWare XOS 10.1 and higher ●...
Page 24: Feature Highlights Of Extremeware Xos 11.1
Network Login support ● CLEARFlow ● NOTE For more information on Extreme Networks switch components, see the Extreme Networks Consolidated XOS Hardware Installation Guide. Feature Highlights of ExtremeWare XOS 11.1 Virtual Routers NOTE Although the Aspen 8810 switch supports the three system virtual routers (VR-Default, VR-Mgmt, VR-Control), the BlackDiamond 10K switch additionally supports user-created virtual routers.
Page 25: Quality Of Service
To access the switch using the Secure Shell (SSH), you must download, install, and enable the SSH software module. Once installed, you use the SSH to access the switch. You obtain the SSH software module through your Extreme Networks support account on the website, once you provide the required information.
Page 26 With software version 11.0, you can use the Extreme Standby Routing Protocol (ESRP). ESRP is an Extreme Networks proprietary protocol that allows multiple switches to provide redundant routing services to users. ESRP also provides Layer 2 redundancy; the Layer 3 and Layer 2 redundancy can be used separately or together.
Page 27: Software Licensing
Software Licensing Some Extreme Networks products have capabilities that are enabled by using a software key. Keys are typically unique to the switch and are not transferable. Keys are stored in NVRAM and, once enabled, persist through reboots, software upgrades, power outages, and reconfigurations.
Page 28: Advanced Core License-Blackdiamond 10K Switch Only
After the license key is installed, it should not be necessary to enter the information again. However, Extreme Networks recommends keeping the certificate for your records. You can obtain a regular license; you cannot downgrade licenses. The software key contains all the necessary information on the license level.
Page 29: Security Licensing
Security Features Under License Control ExtremeWare XOS software supports the SSH2 protocol, which allows the encryption of sessions between an SSH2 client and an Extreme Networks switch, as well as the Secure Copy Protocol (SCP). The encryption methods used are under export restriction control.
Page 30 ExtremeWare XOS Overview Table 3: ExtremeWare XOS version 11.1 global factory defaults (Continued) Item Default Setting ESRP Disabled All traffic is part of the default queue (QP1). QoS—802.1p replacement Disabled QoS—DiffServ examination Disabled Autonegotiation • 10 G modules—autonegotiation OFF, speed 10000 Mbps, full- duplex •...
Page 31: Chapter 2: Accessing The Switch
Accessing the Switch This chapter covers the following topics: Understanding the Command Syntax on page 31 ● Line-Editing Keys on page 34 ● Command History on page 35 ● Common Commands on page 35 ● Configuring Management Access on page 37 ●...
Page 32: Syntax Helper
Accessing the Switch Syntax Helper The CLI has a built-in syntax helper. If you are unsure of the complete syntax for a particular command, enter as much of the command as possible and press [Tab] or [?]. The syntax helper provides a list of options for the remainder of the command and places the cursor at the end of the command you have entered so far, ready for the next option.
Page 33: Modular Switch Numerical Ranges
NOTE If you use the same name across categories (for example, STPD and VLAN names), Extreme Networks recommends that you specify the identifying keyword as well as the actual name. If you do not use the keyword, the system may return an error message.
Page 34: Limits
Accessing the Switch Table 4: Command syntax symbols Symbol Description angle brackets < > Enclose a variable or value. You must specify the variable or value. For example, in the syntax configure vlan <vlan> ipaddress <ipaddress> you must supply a VLAN name for <vlan name> and an address for <ipaddress> when entering the command.
Page 35: Command History
Command History Table 5: Line-editing keys (Continued) Key(s) Description [Ctrl] + E Moves cursor to last character in line. [Ctrl] + L Clears screen and movers cursor to beginning of line. [Ctrl] + P or Up Arrow Displays previous command in command history buffer and places cursor at end of command.
Page 36 Accessing the Switch Table 6: Common commands (Continued) Command Description Configures a recovery option for instances where an configure sys-recovery-level [all | exception occurs in ExtremeWare XOS. none] Configures the system date and time. The format is as configure time <month> <day> <year> follows: <hour>...
Page 37: Configuring Management Access
Configuring Management Access Table 6: Common commands (Continued) Command Description Enables a particular software feature license. Specify enable license <key> <license_key> as an integer. The command does not unconfigure switch {all} clear licensing information. This license cannot be disabled once it is enabled on the switch. Enables SSH2 sessions.
Page 38: Administrator Account
Accessing the Switch Administrator Account A person with an administrator-level account can view and change all switch parameters. With this level, you can also add and delete users, as well as change the password associated with any account name (to erase the password, issue the command).
Page 39: Creating A Management Account
Configuring Management Access To add a password to the default admin account: 1 Log in to the switch using the name admin. 2 At the password prompt, press [Return]. 3 Add a default admin password of green by entering the following command: configure account admin green To add a password to the default user account: 1 Log in to the switch using the name user.
Page 40: Failsafe Account
The failsafe account is immediately saved to NVRAM. NOTE The information that you use to configure the failsafe account cannot be recovered by Extreme Networks. Technical support cannot retrieve passwords or account names for this account. Protect this information carefully.
Page 41: Domain Name Service Client Services
Domain Name Service Client Services Domain Name Service Client Services The Domain Name Service (DNS) client in ExtremeWare XOS augments the following commands to allow them to accept either IP addresses or host names: ● telnet ● download bootrom ● download image ●...
Page 42: Traceroute
Accessing the Switch {tos <tos>} {interval <interval>} {vr <vrid>} <host> {from <source IP address>} {with record-route} Options for the ping command are described in Table Table 8: Ping command parameters Parameter Description count Specifies the number of ping requests to send. start-size Specifies the size, in bytes, of the packet to be sent, or the starting size if incremental packets are to be sent.
Page 43: Chapter 3: Managing The Switch
Managing the Switch This chapter covers the following topics: Overview on page 43 ● Understanding the ExtremeWare XOS Shell on page 44 ● Using the Console Interface on page 44 ● Using the 10/100 Ethernet Management Port on page 44 ●...
Page 44: Understanding The Extremeware Xos Shell
Managing the Switch Understanding the ExtremeWare XOS Shell When you log in to ExtremeWare XOS from a terminal, you enter the shell with a shell prompt displayed. At the prompt, you input the commands to be executed on the switch. After the switch processes and executes a command, the results are relayed to and displayed on your terminal.
Page 45: Authenticating Users
Authenticating Users The switch uses the Ethernet management port only for host operation, not for switching or routing. The TCP/IP configuration for the management port is done using the same syntax as used for virtual LAN (VLAN) configuration. The VLAN mgmt comes preconfigured with only the management port as a member.
Page 46: Management Accounts
Managing the Switch Management Accounts ExtremeWare XOS supports two levels of management accounts (local database of accounts and passwords): User and Administrator. A user level account can view but not change all manageable parameters, with the exception of the user account database and SNMP community strings. An administrator level account can view and change all manageable parameters.
Page 47: Connecting To Another Host Using Telnet
Using Telnet For information about the Telnet server on the switch, see the following sections: Configuring Telnet Access to the Switch on page 49 ● Disconnecting a Telnet Session on page 50 ● Connecting to Another Host Using Telnet You can Telnet from the current CLI session to another host using the following command: telnet {vr <vr_name>} [<host_name>...
Page 48: Manually Configuring The Ip Settings
Managing the Switch address to get their IP address, so you cannot configure the BOOTP or DHCP server to assign multiple specific IP addresses to a switch depending solely on the MAC address. Manually Configuring the IP Settings If you are using IP without a BOOTP server, you must enter the IP parameters for the switch in order for the SNMP Network Manager or Telnet software to communicate with the device.
Page 49: Configuring Telnet Access To The Switch
Using Telnet 6 Configure the default route for the switch using the following command: configure iproute add default <gateway> {vr <vrname>} {<metric>} {multicast-only | unicast-only} For example: configure iproute add default 123.45.67.1 7 Save your configuration changes so that they will be in effect after the next switch reboot. If you want to save your changes to the currently booted configuration, use the following ■...
Page 50: Disconnecting A Telnet Session
Chapter “Software Upgrade and Boot Options.” Extreme Networks recommends using a TFTP server that supports blocksize negotiation (as described in RFC 2348, TFTP Blocksize Option), to enable faster file downloads and larger file downloads. For detailed information about downloading ACLs, see Chapter 13, “Security.”...
Page 51: Understanding System Redundancy
Understanding System Redundancy The TFTP session defaults to port 69. If you do not specify a virtual router, VR-Mgmt is used. For example, to connect to a remote TFTP server with an IP address of 10.123.45.67 and “get” or retrieve an ExtremeWare XOS configuration file named XOS1.cfg from that host, use the following command: tftp 10.123.45.67 -g -r XOS1.cfg When you “get”...
Page 52: Replicating Data Between Nodes
Managing the Switch Configuring the Node Priority To configure the priority of an MSM node, use the following command: configure node slot <slot_id> priority <node_pri> If you do not configure any priorities, MSM-A has a higher priority than MSM-B. For the slot_id parameter, enter A for the MSM installed in slot A or B for the MSM installed in slot B.
Page 53 Understanding System Redundancy Replicating data consists of the following three steps: 1 Configuration synchronization—Relays current and saved configuration information from the master to the backup 2 Bulk checkpoint—Ensures that each individual application running on the system is synchronized with the backup 3 Dynamic checkpoint—Checkpoints any new state changes from the master to the backup To monitor the checkpointing status, use the command.
Page 54: Viewing Node Status
Managing the Switch Dynamic Checkpointing After an application transfers its saved state to the backup MSM, dynamic checkpointing requires that any new configuration information or state changes that occur on the master be immediately relayed to the backup. This ensures that the backup has the most up-to-date and accurate information. Viewing Checkpoint Statistics Use the following command to view and check the status of one or more processes being copied from the master to the backup MSM:...
Page 55: Understanding Power Supply Management
PSU if an unsafe condition arises. For more information about the power supply controller, see the Extreme Networks Consolidated XOS Hardware Installation Guide. If you have an Aspen Power over Ethernet (PoE) G48P module installed in the Aspen 8810 switch, there are specific power budget requirements and configurations associated with PoE that are not described in this section.
Page 56: Removing A Power Supply
Each network manager program provides its own user interface to the management facilities. Please note, when using a network manager program to create a VLAN, Extreme Networks does not support the SNMP create and wait operation. To create a VLAN with SNMP, use the create and go operation.
Page 57: Enabling And Disabling Snmpv1/V2C And Snmpv3
Using the Simple Network Management Protocol The following sections describe how to get started if you want to use an SNMP manager. It assumes you are already familiar with SNMP management. If not, refer to the following publication: The Simple Book by Marshall T.
Page 58: Supported Mibs
Managing the Switch By default, SNMP access and SNMPv1/v2c traps are enabled. SNMP access and SNMP traps can be disabled and enabled independently—you can disable SNMP access but still allow SNMP traps to be sent, or vice versa. Supported MIBs In addition to private MIBs, the switch supports the standard MIBs listed in Appendix Configuring SNMPv1/v2c Settings...
Page 59: Snmpv3
SNMP, SNMPv1 and SNMPv2c, provided no privacy and little security. The following six RFCs provide the foundation for the Extreme Networks implementation of SNMPv3: RFC 2570, Introduction to version 3 of the Internet-standard Network Management Framework, provides an ●...
Page 60: Message Processing
USM Timeliness Mechanisms An Extreme Networks switch has one SNMPv3 engine, identified by its snmpEngineID. The first four octets are fixed to 80:00:07:7C, which represents the Extreme Networks vendor ID. By default, the additional octets for the snmpEngineID are generated from the device MAC address.
Page 61 Using the Simple Network Management Protocol SNMPEngineBoots can also be configured from the command line. SNMPEngineBoots can be set to any desired value but will latch on its maximum, 2147483647. To set the SNMPEngineBoots, use the following command: configure snmpv3 engine-boots <(1-2147483647)> Users, Groups, and Security SNMPv3 controls access and security using the concepts of users, groups, security models, and security levels.
Page 62 Managing the Switch A number of default (permanent) groups are already defined. These groups are: admin, initial, v1v2c_ro, v1v2c_rw. To display information about the access configuration of a group or all groups, use the following command: show snmpv3 access {[[hex <hex_group_name>] | <group_name>]} Users are associated with groups using the following command: configure snmpv3 add group [[hex <hex_group_name>] | <group_name>] user [[hex <hex_user_name>] | <user_name>] {sec-model [snmpv1| snmpv2c | usm]} {volatile}...
Page 63: Snmpv3 Mib Access Control
Using the Simple Network Management Protocol SNMPv3 MIB Access Control SNMPv3 provides a fine-grained mechanism for defining which parts of the MIB can be accessed. This is referred to as the View-Based Access Control Model (VACM). MIB views represent the basic building blocks of VACM. They are used to define a subset of the information in the MIB.
Page 64: Snmpv3 Notification
Managing the Switch SNMPv3 Notification SNMPv3 can use either SNMPv1 traps or SNMPv2c notifications to send information from an agent to the network manager. The terms trap and notification are used interchangeably in this context. Notifications are messages sent from an agent to the network manager, typically in response to some state change on the agent system.
Page 65 Using the Simple Network Management Protocol To create a target parameter name and to set the message processing and security settings associated with it, use the following command: configure snmpv3 add target-params [[hex <hex_param_name>] | <param_name>] user [[hex <hex_user_name>] | <user_name>] mp-model [snmpv1 | snmpv2c | snmpv3] sec-model [snmpv1 | snmpv2c | usm] {sec-level [noauth | authnopriv | priv]} {volatile} To display the options associated with a target parameters name or all target parameters names, use the following command:...
Page 66: Using The Simple Network Time Protocol
Managing the Switch To remove the association of a filter profile or all filter profiles with a parameter name, use the following command: configure snmpv3 delete filter-profile [all |[[hex <hex_profile_name>] | <profile_name>] {param [[hex <hex_param_name>] | <param_name>}]] Notification Tags When you create a target address, either you associate a list of notification tags with the target or by default, the defaultNotify tag is associated with the target.
Page 67: Configuring And Using Sntp
Using the Simple Network Time Protocol Configuring and Using SNTP To use SNTP, follow these steps: 1 Identify the host(s) that are configured as NTP server(s). Additionally, identify the preferred method for obtaining NTP updates. The options are for the NTP server to send out broadcasts or for switches using NTP to query the NTP server(s) directly.
Page 68 Managing the Switch Table 10: Time zone configuration command options (Continued) floating_day Specifies the day, week, and month of the year to begin or end Daylight Savings Time each year. Format is: <week> <day> <month> where: • <week> is specified as [first | second | third | fourth | last] •...
Page 69 Using the Simple Network Time Protocol 6 You can verify the configuration using the following commands: ■ show sntp-client This command provides configuration and statistics associated with SNTP and its connectivity to the NTP server. ■ show switch {detail} This command indicates the GMT offset, the Daylight Savings Time configuration and status, and the current local time.
Page 70: Sntp Example
Managing the Switch Table 11: Greenwich Mean Time offsets (Continued) Offset in GMT Offset Hours in Minutes Common Time Zone References Cities +4:00 +240 ZP4 - Russia Zone 3 Abu Dhabi, UAE; Muscat; Tblisi; Volgograd; Kabul +5:00 +300 ZP5 - Russia Zone 4 +5:30 +330 IST - India Standard Time...
Page 71: Chapter 4: Managing The Extremeware Xos Software
Managing the ExtremeWare XOS Software This chapter covers the following topics: Overview of the ExtremeWare XOS Software on page 71 ● Using the ExtremeWare XOS File System on page 72 ● Managing the Configuration File on page 75 ● Managing ExtremeWare XOS Processes on page 75 ●...
Page 72: Using The Extremeware Xos File System
Managing the ExtremeWare XOS Software Process control—With process control, you can stop and start processes, restart failed processes, and update the software for a specific process or set of processes. Memory protection—With memory protection, each function can be bundled into a single application module running as a memory protected process under real-time scheduling.
Page 73: Copying Files On The Switch
Using the ExtremeWare XOS File System Examples The following example renames the configuration file named Test.cfg to Final.cfg: mv Test.cfg Final.cfg The following command moves the configuration file named test1.cfg from the switch to the external memory card: mv test1.cfg memorycard test1.cfg Copying Files on the Switch The copy function allows you to make a copy of an existing file before you alter or edit the file.
Page 74: Displaying Files On The Switch
Managing the ExtremeWare XOS Software Example The following example copies an existing configuration file named test.cfg and names the copied configuration file test_rev2.cfg: cp test.cfg test_rev2.cfg Displaying Files on the Switch To display a list of the configuration and policy files stored on your switch, use the following command: Output from this command includes the file size, date and time the file was last modified, and the file name.
Page 75: Managing The Configuration File
Managing the Configuration File Managing the Configuration File The configuration is the customized set of parameters that you have selected to run on the switch. Table 12 describes some of the key areas of configuration file management in ExtremeWare XOS. Table 12: Configuration file management Task Behavior...
Page 76: Displaying Process Information
Managing the ExtremeWare XOS Software Displaying Process Information To display information about the processes in the system, use the following command: show process {<name>} {detail} {slot <slotid>} Where the following is true: —Specifies the name of the process. ● name —Specifies more detailed process information, including memory usage statistics, process ID ●...
Page 77: Understanding Memory Protection
Understanding Memory Protection Understanding Memory Protection ExtremeWare XOS provides memory management capabilities. With ExtremeWare XOS, each process runs in a protected memory space. This infrastructure prevents one process from overwriting or corrupting the memory space of another process. For example, if one process experiences a loop condition, is under some type of attack, or is experiencing some type of problem, that process cannot take over or overwrite another processes’...
Page 78 Managing the ExtremeWare XOS Software ExtremeWare XOS 11.1 Concepts Guide...
Page 79: Chapter 5: Configuring Slots And Ports On A Switch
Configuring Slots and Ports on a Switch This chapter covers the following topics: Configuring a Slot on a Modular Switch on page 79 ● Configuring Ports on a Switch on page 80 ● Jumbo Frames on page 83 ● Load Sharing on the Switch on page 86 ●...
Page 80: I/O Ports On Aspen 8810 Msm Module
Configuring Slots and Ports on a Switch To display information about a particular slot, use the following command: show slot Information displayed includes: Module type, part number and serial number. ● Current state (power down, operational, diagnostic, mismatch). ● Port information. ●...
Page 81: Enabling And Disabling Switch Ports
Configuring Ports on a Switch You can also use wildcard combinations (*) to specify multiple modular slot and port combinations. The following wildcard combinations are allowed: —Specifies all ports on a particular I/O module. ● slot:* —Specifies a contiguous series of ports on a particular I/O module. ●...
Page 82 The system then stops transmitting or receiving traffic from that link. Once the fault is alleviated, the system puts the link back up and the traffic automatically resumes. The Extreme Networks implementation of LFS conforms to the IEEE standard 802.3ae-2002. NOTE On the BlackDiamond 10K switch, the 10 Gbps module must have the serial number 804405-00-09 or higher to support LFS.
Page 83: Jumbo Frames
The switch only performs IP fragmentation, or participates in maximum transmission unit (MTU) negotiation on behalf of devices that support jumbo frames. You need jumbo frames when running the Extreme Networks VMAN implementation. When you are working on the BlackDiamond 10K switch, the switch enables jumbo frames when you configure VMANs.
Page 84: Jumbo Frames On The Aspen 8810 Switch Only
Configuring Slots and Ports on a Switch Jumbo Frames on the Aspen 8810 Switch Only The following information applies to jumbo frames on the Aspen 8810 switch only: The Aspen 8810 switch supports jumbo frames on the entire switch; you cannot enable or disable ●...
Page 85: Ip Fragmentation With Jumbo Frames
Jumbo Frames Using path MTU discovery, a source host assumes that the path MTU is the MTU of the first hop (which is known). The host sends all datagrams on that path with the “don’t fragment” (DF) bit set, which restricts fragmentation. If any of the datagrams must be fragmented by an Extreme switch along the path, the Extreme switch discards the datagrams and returns an ICMP Destination Unreachable message to the sending host, with a code meaning “fragmentation needed and DF set”.
Page 86: Ip Fragmentation Within A Vlan
Load sharing, link aggregation, and trunking are terms that have been used interchangeably in Extreme Networks documentation to refer to the same feature, which allows multiple physical ports to be aggregated into one logical port. Refer to IEEE 802.3ad for more information on this feature.
Page 87: Load-Sharing Algorithms
In order to seamlessly add or delete bandwidth when running control protocols, Extreme Networks recommends that you create a load- sharing group consisting of only one port. Then add your protocols to that port. If you need increased bandwidth, you can the add ports to the existing load-sharing group;...
Page 88 Configuring Slots and Ports on a Switch You can control the field examined by the switch for address-based load sharing when the load-sharing group is created by using the following command: enable sharing {<master_port>} grouping <port_list> {algorithm address-based [L2 | L3]} by using the following command after the load-sharing group has been created: configure sharing {<master_port>} algorithm address-based [L2 | L3]...
Page 89: Configuring Switch Load Sharing
Load Sharing on the Switch Configuring Switch Load Sharing To set up a switch for load sharing among ports, you must create a load-sharing group of ports. The first port in the load-sharing group is configured to be the “master” logical port, or the primary port. This is the reference port used in configuration commands.
Page 90: Load-Sharing Examples
Configuring Slots and Ports on a Switch Load-Sharing Examples This section provides examples of how to define load sharing, or link aggregation, on modular switches. Cross-Module Load Sharing on a Modular Switch The following example defines a load-sharing group that contains ports 9 through 12 on slot 3, ports 7 through 10 on slot 5, and uses the port 9 in the slot 3 group as the primary logical port: enable sharing 3:9 grouping 3:9-3:12, 5:7-5:10 In this example, logical port 3:9 represents physical ports 3:9 through 3:12 and 5:7 through 5:10.
Page 91: Switch Port Mirroring
Switch Port Mirroring The following is an example of the display you see when you display load sharing, or link aggregation, on the Aspen 8810 switch: Load Sharing Monitor Config Current Ld Share Ld Share Link Link Up Master Master Algorithm Group Status...
Page 92: Switch Port Mirroring On The Blackdiamond 10K Switch Only
Configuring Slots and Ports on a Switch Switch Port Mirroring on the BlackDiamond 10K Switch Only The traffic filter on the BlackDiamond 10K switch can be defined based on one of the following criteria: Physical port—All data that traverses the port, regardless of VLAN configuration, is copied to the ●...
Page 93: Switch Port-Mirroring Examples
Switch Port Mirroring The mirroring filters are not confined to a single module; they can have ports that span multiple ● modules. You cannot use the management port at all in switch port-mirroring configurations. ● Switch Port-Mirroring Examples The following example removes all port-mirroring configuration from the switch: disable mirroring NOTE When you change the mirroring configuration, the switch stops sending egress packets from the monitor port until...
Page 94: Extreme Discovery Protocol
Port number 2:1 in all vlans Extreme Discovery Protocol The Extreme Discovery Protocol (EDP) is used to gather information about neighbor Extreme Networks switches. EDP is used to by the switches to exchange topology information. Information communicated using EDP includes: Switch MAC address (switch ID) ●...
Page 95 Extreme Discovery Protocol Transmit PDUs with errors ● Switch PDUs received ● VLAN PDUs received ● Received PDUs with errors ● To view EDP port information on the switch, use the following command: show edp The following is sample output from the show edp command (the screen display was interrupted in the following sample):...
Page 96: Software-Controlled Redundant Port And Smart Redundancy
Configuring Slots and Ports on a Switch Software-Controlled Redundant Port and Smart Redundancy Using the software-controlled redundant port feature you can back up a specified Ethernet port (primary) with a redundant, dedicated Ethernet port; both ports are on the same switch. If the primary port fails, the switch will establish a link on the redundant port and the redundant port becomes active.
Page 97: Guidelines For Software-Controlled Redundant Ports And Port Groups
Software-Controlled Redundant Port and Smart Redundancy is restored on that port. If you do not want the automatic restoration of the primary link when it becomes active, disable Smart Redundancy. Guidelines for Software-Controlled Redundant Ports and Port Groups Software-controlled redundant ports and port groups have the following limitations: You cannot have any Layer 2 protocols configured on any of the VLANs that are present on the ●...
Page 98: Verifying Software-Controlled Redundant Port Configurations
Configuring Slots and Ports on a Switch To disable the Smart Redundancy feature, use the following command: disable smartredundancy <port_list> Verifying Software-Controlled Redundant Port Configurations You can verify the software-controlled redundant port configuration by issuing a variety of CLI commands. To display the redundant ports as well as which are active or members of load-sharing groups, use the following command: show ports redundant...
Page 99: Displaying Port Configuration Information
Displaying Port Configuration Information MinBw = 0% MaxBw = 100% Pri = 6 MinBw = 0% MaxBw = 100% Pri = 7 MinBw = 0% MaxBw = 100% Pri = 8 Ingress Rate Shaping : Unsupported Ingress IPTOS Examination: Disabled Egress IPTOS Replacement: Disabled Egress 802.1p Replacement:...
Page 100 Configuring Slots and Ports on a Switch 5:106 VR-Default AUTO AUTO 5:107 VR-Default AUTO AUTO 5:108 VR-Default AUTO AUTO ================================================================================ Link Status: A-Active R-Ready Port State: D-Disabled E-Enabled NOTE On 10 Gbps ports, the Media Primary column displays NONE when no module is installed, and SR, LR, or ER depending on the module installed when there is one present.
Page 101 Displaying Port Configuration Information Aspen 8810 Switch Only. The following command displays more specific information for slot 3, port 1 on an Aspen 8810 switch: show ports 3:1 information detail Following is sample output from this command: Port: Virtual-router: VR-Default Type: Random Early drop: Disabled...
Page 102 Configuring Slots and Ports on a Switch Admin state: Enabled with auto-speed sensing auto-duplex Link State: Active, 100Mbps, full-duplex Link Counter: Up 1 time(s) VLAN cfg: Name: peggy, Internal Tag = 4094, MAC-limit = No-limit STP cfg: Protocol: Name: peggy Protocol: ANY Match all protocols.
Page 103: Chapter 6: Power Over Ethernet
Power Over Ethernet Power over Ethernet (PoE) is an effective method of supplying 48 VDC power to certain types of powered devices (PDs) through Category 5 or Category 3 twisted pair Ethernet cables. PDs include wireless access points, IP telephones, laptop computers, web cameras, and other devices. With PoE, a single Ethernet cable supplies power and the data connection, reducing costs associated with separate power cabling and supply.
Page 104: Power Delivery
Power Over Ethernet NOTE If your chassis has an inline power module and there is not enough power to supply the configured inline power for the slot, that slot will not power on; the slot will not function in data-only mode without enough power for inline power.
Page 105: Pd Disconnect Precedence
NOTE Extreme Networks recommends that you fully populate a single PoE module with PDs until the power usage is just below the usage threshold, instead of spacing PDs evenly across PoE modules.
Page 106: Port Disconnect Or Fault
Power Over Ethernet port priority than those ports already receiving power). When you configure the deny-port value, the switch disregards the configured PoE port priority and port numbering. When the switch is configured for lowest-priority mode, PDs are denied power based on the port’s configured PoE priority.
Page 107: Port Power Reset
Power Delivery Port Power Reset You can set ports to experience a power-down, discover, power-up cycle without returning the power to the slot’s reserved power budget. This function allows you to reset PDs without losing their claim to the reserved power budget. The following command power cycles the specified ports: reset inline-power ports <port_list>...
Page 108: Poe Operator Limits
Power Over Ethernet To disable the non-standard power detection method that allows the switch to use legacy PDs, use the following command: disable inline-power legacy slot PoE Operator Limits You set the power limit that a PD can draw on the specified ports. The range is 3000 to 16800 mW, and the default value is 15400 mW.
Page 109: Enabling Inline Power
Configuring PoE NOTE If your chassis has an inline power module and there is not enough power to supply a slot, that slot will not power on; the slot will not function in data-only mode without enough power for inline power. To configure inline power, or PoE, you must accomplish the following tasks: Enable inline power to the system, slot, and/or port.
Page 110: Setting The Disconnect Precedence
0. NOTE Extreme Networks recommends that you fully populate a single PoE module with PDs until the power usage is just below the usage threshold, instead of spacing PDs evenly across PoE modules. To reset the power budget for a PoE module to the default value of 50 W, use the following command: unconfigure inline-power budget slot <slot>...
Page 111: Configuring The Usage Threshold
Configuring PoE Use the following command to configure the disconnect precedence for the switch: configure inline-power disconnect-precedence [deny-port | lowest-priority] To return the disconnect precedence to the default value of deny port, use the following command: unconfigure inline-power disconnect-precedence To display the currently configured disconnect precedence, use the following command: show inline-power To reduce the chances of ports fluctuating between powered and non-powered states, newly inserted PDs are not powered when the actual delivered power for the module is within approximately 19 W of...
Page 112: Configuring The Switch To Detect Legacy Pds
Power Over Ethernet To configure the usage threshold, issue the following command: configure inline-power usage-threshold <threshold> To reset the usage threshold to 70%, use the following command: unconfigure inline-power usage-threshold To display the currently configured usage threshold, use the following command: show inline-power Configuring the Switch to Detect Legacy PDs The PoE module can detect non-standard, legacy PDs, which do not conform to the IEEE 802.3af...
Page 113: Configuring Poe Port Labels
Displaying PoE Settings and Statistics To display the current operator limit on each port, use the following command: show inline-power configuration ports <port_list> Configuring PoE Port Labels You can assign labels to a single or group of PoE ports using a string of up to 15 characters. Use the following command to assign a label to PoE ports: configure inline-power label <string>...
Page 114 Power Over Ethernet The command provides status for the following areas: Configured inline power status—The status of the inline power for the switch: enabled or disabled. ● System power surplus—The surplus amount of power on the system, in watts, available for ●...
Page 115 Displaying PoE Settings and Statistics Displaying System Power Data Additionally, you can view the distribution of power, as well as currently required and allocated power, on the entire switch including the power supplies by using the following command: show power budget Following is sample output from this command: State Watts...
Page 116: Displaying Slot Poe Information
Power Over Ethernet Displaying Slot PoE Information You can display PoE status and statistics per slot. Displaying Slot PoE Status Use the following command to display PoE status for each slot: show inline-power slot <slot> The command provides the following information: Inline power status—The status of inline power.
Page 117: Displaying Port Poe Information
Displaying PoE Settings and Statistics Total ports faulted—Displays the number of ports in a fault state. ● Total ports disabled—Displays the number of ports in a disabled state. ● Following is sample output from this command: Inline-Power Slot Statistics Slot: Firmware status : Operational Firmware revision...
Page 118 Power Over Ethernet Displaying Port PoE Status To display the PoE status per port, use the following command: show inline-power info {detail} ports <port_list> This command provides the following information: State—Displays the port power state: ● Disabled ■ Searching ■ Delivering ■...
Page 119 Displaying PoE Settings and Statistics The detail command lists all inline power information for the selected ports. Detail output displays the following information: Configured Admin State ● Inline Power State ● MIB Detect Status ● Label ● Operator Limit ● PD Class ●...
Page 120 Power Over Ethernet The command provides the following information: State—Displays the port power state: ● Disabled ■ Searching ■ Delivering ■ Faulted ■ Disconnected ■ Other ■ Denied ■ PD’s power class—Displays the class type of the connected PD: ● “-----”: disabled or searching ■...
Page 121: Chapter 7: Status Monitoring And Statistics
Status Monitoring and Statistics This chapter describes the following topics: Status Monitoring on page 121 ● Viewing Port Statistics on page 121 ● Viewing Port Errors on page 122 ● Using the Port Monitoring Display Keys on page 123 ● Slot Diagnostics on page 123 ●...
Page 122: Viewing Port Errors
Status Monitoring and Statistics The switch collects the following port statistical information: Link Status—The current status of the link. Options are: ● Ready (the port is ready to accept a link). ■ Active (the link is present at this port). ■...
Page 123: Using The Port Monitoring Display Keys
Using the Port Monitoring Display Keys The switch collects the following port receive error information: Receive Bad CRC Frames (RX CRC)—The total number of frames received by the port that were of ● the correct length but contained a bad FCS value. Receive Oversize Frames (RX Over)—The total number of good frames received by the port greater ●...
Page 124: Running Diagnostics On I/O And Management Modules
The LED behavior described in this section relates only to the behavior associated with a diagnostic test. For more detailed information about all of the MSM and I/O module LEDs, see the Extreme Networks Consolidated XOS Hardware Installation Guide. ExtremeWare XOS 11.1 Concepts Guide...
Page 125 Slot Diagnostics MSM LED Behavior—BlackDiamond 10K Switch Table 16 describes the BlackDiamond MSM LED behavior during a diagnostic test. Table 16: BlackDiamond 10K switch MSM LED behavior Color Indicates Green blinking Normal operation is occurring. Amber blinking Diagnostic test in progress. Amber Diagnostic failure has occurred.
Page 126: Displaying Diagnostic Test Results
Status Monitoring and Statistics I/O Module LED Behavior—Aspen 8810 Switch Table 19 describes the Aspen I/O module LED behavior during a diagnostic test. Table 19: Aspen 8810 switch I/O module LED behavior Color Indicates DIAG Normal operation is occurring. Amber blinking Diagnostic test in progress.
Page 127: Understanding The System Health Checker-Aspen 8810 Switch Only
Occasional increments of these counters does not mean faulty hardware is detected or that hardware requires replacement. If you see persistent increments of these counters, please contact Extreme Networks Technical Support. In addition, you can enable the system health checker to check the backplane, CPU, and I/O modules by periodically sending diagnostic packets and checking the validity of the looped back diagnostic packets.
Page 128: Enabling And Disabling Backplane Diagnostic Packets On The Switch
To configure the frequency of sending backplane diagnostic packets, use the following command: configure sys-health-check interval <interval> NOTE Extreme Networks does not recommend configuring an interval of less than the default interval. Doing so can cause excessive CPU utilization. System Health Check Examples This section provides examples for using the system health checker on the BlackDiamond 10K switch and the Aspen 8810 switch.
Page 129 7 NOTE Extreme Networks does not recommend configuring an interval of less than 6 seconds. Doing this can cause excessive CPU utilization. Disabling Backplane Diagnostics. Building upon the previous example, the following example disables...
Page 130: Setting The System Recovery Level
Status Monitoring and Statistics configure sys-health-check interval 7 NOTE Extreme Networks does not recommend configuring an interval of less than 5 seconds. Doing this can cause excessive CPU utilization. Disabling Backplane Diagnostics. Building upon the previous example, the following example disables...
Page 131: Event Management System/Logging
Event Management System/Logging The following sample output displays the current status and temperature of the installed modules and power controllers: Field Replaceable Units Temp (C) Status ------------------------------------------------ Slot-1 : 10G6X 36.37 Normal Slot-2 : G60X 35.31 Normal Slot-3 Slot-4 Slot-5 Slot-6 : G60X 34.68...
Page 132: Sending Event Messages To Log Targets
● The first six types of targets exist by default; but before enabling any syslog host, you must add the host’s information to the switch using the command. Extreme Networks EPICenter configure syslog can be a syslog target. By default, the memory buffer and NVRAM targets are already enabled and receive messages. To start...
Page 133: Filtering Events Sent To Targets
Event Management System/Logging Use the following command to stop sending messages to the target: disable log target [console | memory-buffer | nvram | primary-msm | backup-msm | session | syslog [all | <ipaddress> | <ipPort>] {vr <vr_name>} [local0 ... local7]]] NOTE Refer to your UNIX documentation for more information about the syslog host facility.
Page 134 Status Monitoring and Statistics To display the current log configuration of the targets, use the following command: show log configuration target {console | memory-buffer | nvram | primary-msm | backup- msm | session | syslog {<ipaddress> | <ipPort> | vr <vr_name>} [local0 ... local7]} To configure a target, you use specific commands for severity, filters, and formats.
Page 135 Event Management System/Logging You can use more than one command to configure the severity level of the messages sent to a target. The most direct way to set the severity level of all the sent messages is to use the following command: configure log target [console | memory-buffer | nvram | primary-msm | backup-msm | session | syslog [all | <ipaddress>...
Page 136 Status Monitoring and Statistics For example, you can refer to the InBPDU subcomponent of the STP component as STP.InBPDU. On the CLI, you can abbreviate or TAB complete any of these. A component or subcomponent often has several conditions associated with it. To see the conditions associated with a component, use the following command: show log events [<event condition>...
Page 137 Event Management System/Logging The first step is to create the filter using the command. You can create a filter create log filter from scratch, or copy another filter to use as a starting point. (It may be easiest to copy an existing filter and modify it.) To create a filter, use the following command: create log filter <name>...
Page 138 Status Monitoring and Statistics Component Unreg: * - Component/Subcomponent is not currently registered Severity Values: C - Critical, E - Error, W - Warning, N - Notice, I - Info Debug Severity : S - Debug-Summary, V - Debug-Verbose, D - Debug-Data + - Debug Severities, but log debug-mode not enabled If Match parameters present: Parameter Flags: S - Source,...
Page 139 Event Management System/Logging Table 21: Simple regular expressions Regular Expression Matches Does Not Match port port 2:3 poor import cars portable structure ..ar baar bazaar rebar port.*vlan port 2:3 in vlan test add ports to vlan port/vlan myvlan$ delete myvlan myvlan port 2:3 error in myvlan ports 2:4,3:4 myvlan link down...
Page 140: Formatting Event Messages
Status Monitoring and Statistics incidents, of severity and above, with a specific source MAC address, use the following notice command: configure log filter myFilter add events aaa.radius.requestInit severity notice match source mac-address 00:01:30:23:C1:00 The string type is used to match a specific string value of an event parameter, such as a user name. A string can be specified as a simple regular expression.
Page 141: Displaying Real-Time Log Messages
Event Management System/Logging The same example then appears as: Jun 25 22:49:10.63 <dm.info> devmgr: (dm.c:134) PowerSupply:4 Powered On Displaying Real-Time Log Messages You can configure the system to maintain a running real-time display of log messages on the console display or on a (Telnet) session. To turn on the log display on the console, use the following command: enable log target console This setting may be saved to the FLASH configuration and is restored on boot-up (to the console display session).
Page 142: Displaying Counts Of Event Occurrences
Status Monitoring and Statistics You must specify the TFTP host and the filename to use in uploading the log. There are many options you can use to select the log entries of interest. You can select to upload only those messages that conform to the specified: Severity ●...
Page 143: Displaying Debug Information
Using sFlow Occurred : # of times this event has occurred since last clear or reboot Flags : (*) Not all applications responded in time with there count values In(cluded): Set to Y(es) if one or more targets filter includes this event Notified : # of times this event has occurred when 'Included' was Y(es) Displaying Debug Information...
Page 144: Configuring Sflow
Status Monitoring and Statistics NOTE On an Aspen 8810 switch, sFlow and mirroring are mutually exclusive. You can enable either sFlow, or mirroring, but not both. However, you should be aware of a few limitations in the current release. The current release supports: Generic port statistics reported to the sFlow collector ●...
Page 145 Using sFlow Configuring the Remote Collector Address You can specify up to four remote collectors to send the sFlow data to. Typically, you would configure the IP address of each collector. You may also specify a UDP port number different from the default value of 6343, and/or a virtual router different from the default of VR-Mgmt.
Page 146: Displaying Sflow Information
Status Monitoring and Statistics that the polling interval is 20 seconds and there are 40 counters to poll. Two ports will be polled each second, until all 40 are polled. To configure the polling interval, use the following command: configure sflow poll-interval <seconds> Global Sampling Rate.
Page 147: Rmon
RMON RMON Using the Remote Monitoring (RMON) capabilities of the switch allows network administrators to improve system efficiency and reduce the load on the network. The following sections explain more about the RMON concept and the RMON features supported by the switch.
Page 148: Supported Rmon Groups Of The Switch
Status Monitoring and Statistics Supported RMON Groups of the Switch The IETF defines nine groups of Ethernet RMON statistics. The switch supports the following four of these groups, as defined in RFC 1757: Statistics ● History ● Alarms ● Events ●...
Page 149: Configuring Rmon
Network Management Protocol,” in Chapter Configuring RMON RMON requires one probe per LAN segment, and standalone RMON probes traditionally have been expensive. Therefore, the approach taken by Extreme Networks has been to build an inexpensive ExtremeWare XOS 11.1 Concepts Guide...
Page 150: Event Actions
Status Monitoring and Statistics RMON probe into the agent of each system. This allows RMON to be widely deployed around the network without costing more than traditional network management. The switch accurately maintains RMON statistics at the maximum line rate of all of its ports. To enable or disable the collection of RMON statistics on the switch, use one of the following commands: enable rmon...
Page 151: Chapter 8: Virtual Lans
Virtual LANs This chapter covers the following topics: Overview of Virtual LANs on page 151 ● Types of VLANs on page 152 ● VLAN Names on page 159 ● Configuring VLANs on the Switch on page 160 ● Displaying VLAN Settings on page 162 ●...
Page 152: Virtual Routers And Vlans-Blackdiamond 10K Switch Only
VLAN, you must remove it from the default VLAN, unless the new VLAN uses a protocol other than the default protocol any. A port can be a member of only one port-based VLAN. On the Extreme Networks switch in Figure 2, ports 9 through 14 are part of VLAN Marketing;...
Page 153 2 Cable the two switches together using one port on each switch per VLAN. Figure 3 illustrates a single VLAN that spans a BlackDiamond switch and another Extreme Networks switch. All ports on the system 1 switch belong to VLAN Sales. Ports 1 through 29 on the system 2 switch also belong to VLAN Sales.
Page 154 Virtual LANs Figure 3: Single port-based VLAN spanning two switches Sales System 1 System 2 EX_061 To create multiple VLANs that span two switches in a port-based VLAN, a port on system 1 must be cabled to a port on system 2 for each VLAN you want to have span across the switches. At least one port on each switch must be a member of the corresponding VLANs, as well.
Page 155: Tagged Vlans
Types of VLANs VLAN Accounting spans system 1 and system 2 by way of a connection between system 2, port 29 and system 1, slot 1, port 6. VLAN Engineering spans system 1 and system 2 by way of a connection between system 2, port 32, and system 1, slot 8, port 6.
Page 156 Virtual LANs Figure 5: Physical diagram of tagged and untagged traffic = Marketing System 1 = Sales = Tagged port Marketing & Sales 802.1Q Tagged server System 2 EX_064 Figure 6 is a logical diagram of the same network. Figure 6: Logical diagram of tagged and untagged traffic Marketing Sales System 1...
Page 157: Protocol-Based Vlans
Types of VLANs As data passes out of the switch, the switch determines if the destination port requires the frames to be tagged or untagged. All traffic coming from and going to the server is tagged. Traffic coming from and going to the trunk ports is tagged.
Page 158 Virtual LANs Figure 7: Protocol-based VLANs 192.207.35.1 192.207.36.1 My Company 192.207.35.0 192.207.36.0 Finance Personnel = IP traffic = All other traffic EX_065 Predefined Protocol Filters The following protocol filters are predefined on the switch: ● ● NetBIOS ● DECNet ● IPX_8022 ●...
Page 159: Precedence Of Tagged Packets Over Protocol Filters
VLAN Names 2 Configure the protocol using the following command: configure protocol <name> add [etype | llc | snap] <hex> {[etype | llc | snap] <hex>} ... Supported protocol types include: —EtherType. ■ etype The values for are four-digit hexadecimal numbers taken from a list maintained by the etype IEEE.
Page 160: Default Vlan
NOTE If you use the same name across categories (for example, STPD and EAPS names), Extreme Networks recommends that you specify the identifying keyword as well as the actual name. If you do not use the keyword, the system may return an error message.
Page 161: Vlan Configuration Examples
VLAN name. You can use the VLAN name alone (unless you are also using this name for another category such as STPD or EAPS, in which case Extreme Networks recommends including the keyword vlan). The following modular switch example creates a protocol-based VLAN named ipsales. Slot 5, ports 6 through 8, and slot 6, ports 1, 3, and 4-6 are assigned to the VLAN.
Page 162: Displaying Vlan Settings
Virtual LANs untagged ports to a new VLAN without first deleting them from the default VLAN, because the new VLAN uses a protocol other than the default protocol. create vlan ipsales configure ipsales protocol ip configure ipsales add port 5:6-5:8,6:1,6:3-6:6 The following modular switch example defines a protocol filter, myprotocol and applies it to the VLAN named myvlan.
Page 163: Displaying Protocol Information
VLANs. For the MAN provider, the tagging numbers and methods used by the customer are transparent to the provider. You establish a private path through the public network using the Extreme Networks VMAN feature, which creates a bidirectional virtual data connection. A given tunnel switches Layer 2 traffic; the specified tunnel traffic is completely isolated from other traffic or tunnels.
Page 164: Guidelines For Configuring Vmans
Virtual LANs NOTE On the BlackDiamond 10K switch, the system also examines the packet’s inner 802.1p tag and then directs the packet to the appropriate egress queue on the egress port. See Chapter 12 for more information on Quality of Service (QoS) and configuring the 802.1p replacement feature.
Page 165: Configuring Vmans
Tunneling (VMANs) Configuring VMANs You configure VMANs slightly differently on the BlackDiamond 10K switch and on the Aspen 8810 switch. Configuring VMANs—Aspen 8810 Switch Only On the Aspen 8810 switch, you cannot configure both VLANs and VMANs on the same slot; all ports on each slot must belong exclusively to either VLANs or VMANs.
Page 166 Virtual LANs Figure 8: Sample VMAN configuration on BlackDiamond 10K switch Engineering & BlackDiamond 10808 BlackDiamond 6808 Science Building EX_101 The VMAN is from the building to port 1, slot 1 on the BlackDiamond 10808 switch and from port 1, slot 6 on the BlackDiamond 10808 switch to the BlackDiamond 6808 switch: create vman vman_tunnel_1 configure vman vman_tunnel_1 tag 100...
Page 167: Displaying Vman Configurations
Tunneling (VMANs) Displaying VMAN Configurations You can display the VMAN configuration and associated EAPS domains by issuing the show vman command. You can also display VMAN information, as well as all the VLANs, by issuing the show display. port information detail To display information on all VMANs, use the following command: show vman The following is sample output from the...
Page 168 Virtual LANs ExtremeWare XOS 11.1 Concepts Guide...
Page 169: Chapter 9: Virtual Routers
Virtual Routers This chapter describes the following topics: Virtual Routers Overview on page 169 ● Using Virtual Routers—BlackDiamond 10K Switch Only on page 171 ● Virtual Router Configuration Example on page 174 ● Virtual Routers Overview ExtremeWare XOS supports virtual routers. This capability allows a single physical switch to be split into multiple virtual routers.
Page 170 Virtual Routers NOTE User virtual routers are supported only on the BlackDiamond 10K switch. System Virtual Routers The system virtual routers are the three virtual routers created at boot-up time. These system virtual routers cannot be deleted or renamed. They are named VR-Mgmt, VR-Control, and VR-Default (previous to release 11.0 these virtual routers were named VR-0, VR-1, and VR-2, respectively).
Page 171: Virtual Router Configuration Domain-Blackdiamond 10K Switch Only
Using Virtual Routers—BlackDiamond 10K Switch Only Virtual Router Configuration Domain—BlackDiamond 10K Switch Only When you create virtual routers, you must configure each virtual router separately, configuring routing protocols and VLANs for each one. To simplify the configuration process, the concept of a virtual router configuration domain was introduced in ExtremeWare XOS 11.0.
Page 172: Creating Virtual Routers
Virtual Routers Add any required routing protocols to the virtual router ● Configure the routing protocols and VLANs ● The following sections describe how to do these tasks. Creating Virtual Routers To create a user virtual router, issue the following command: create virtual-router <vr-name>...
Page 173: Displaying Ports And Protocols
Using Virtual Routers—BlackDiamond 10K Switch Only Adding a protocol to a virtual router does not enable that protocol. You must then specifically enable and configure any protocol that you add. To add a protocol to a virtual router, use the following command: configure vr <vr-name>...
Page 174: Virtual Router Configuration Example
Virtual Routers You can also configure routing protocols, by using the standard ExtremeWare XOS commands. The routing configurations of the different virtual routers are independent of each other. Virtual Router Configuration Example In the following example: The user virtual router helix is created ●...
Page 175: Chapter 10: Forwarding Database
Forwarding Database This chapter describes the following topics: Overview of the FDB on page 175 ● FDB Configuration Examples on page 177 ● Configuring the FDB Aging Time on page 177 ● MAC-Based Security on page 178 ● Displaying FDB Entries on page 178 ●...
Page 176: Fdb Entry Types
Forwarding Database You can enter and update entries using the command line interface (CLI). ● Certain static entries are added by the system upon switch boot-up. ● FDB Entry Types FDB entries may be dynamic or static, and the entries may be permanent or non-permanent. The following describes the types of entries that can exist in the FDB: Dynamic entries—A dynamic entry is learned by the switch by examining packets to determine the ●...
Page 177: Disabling Mac Address Learning
FDB Configuration Examples Permanent entries—Permanent entries are retained in the database if the switch is reset or a power ● off/on cycle occurs. Permanent entries must be created by the system administrator through the CLI. Permanent entries are static, meaning they do not age or get updated. Disabling MAC Address Learning By default, MAC address learning is enabled on all ports.
Page 178: Mac-Based Security
Forwarding Database MAC-Based Security MAC-based security allows you to control the way the FDB is learned and populated. By managing entries in the FDB, you can block and control packet flows on a per-address basis. MAC-based security allows you to limit the number of dynamically-learned MAC addresses allowed per virtual port.
Page 179: Chapter 11: Policies And Acls
Policies and ACLs This chapter describes the following topics: Policy Manager on page 179 ● Creating and Editing Policies on page 179 ● Checking Policies on page 180 ● Refreshing Policies on page 181 ● Applying Policies on page 181 ●...
Page 180: Using The Edit Command
Policies and ACLs When you create a policy file, name the file with the policy name that you will use when applying the policy, and use “.pol” as the filename extension. For example, the policy name “boundary” refers to the text file “boundary.pol”.
Page 181: Refreshing Policies
Applying Policies This command can only determine if the syntax of the policy file is correct and can be loaded into the policy manager database. Since a policy can be used by multiple applications, a particular application may have additional constraints on allowable policies. Refreshing Policies When a policy file is changed (such as adding, deleting an entry, adding/deleting/modifying a statement), the information in the policy database does not change until the policy is refreshed.
Page 182: Applying Routing Policies
Policies and ACLs Applying Routing Policies To apply a routing policy, use the command appropriate to the client. Different protocols support different ways to apply policies, but there are some generalities. Policies applied with commands that use the keyword control the routes imported to the protocol from the switch routing import-policy table.
Page 183: Acl Policy File Syntax
ACL Policies ACL Policy File Syntax An ACL policy file contains one or more rule entries. Each rule entry consists of: a rule entry name, unique within the same ACL. ● zero or more match conditions. If no match condition is specified, all packets are matched. ●...
Page 184 Policies and ACLs Rule Evaluation—Aspen 8810 Only On the Aspen 8810, all matching rule actions in a policy are applied to a given packet. Conflicting actions (deny vs. permit, etc) are resolved by the relative matching rule order in the policy file. This means that multiple counters can be incremented for a single packet.
Page 185 ACL Policies Table 24: ACL match conditions (Continued) Applicable Match Conditions Description IP Protocols source-address <prefix> IP source address and mask. All IP destination-address <prefix> IP destination address and mask. All IP protocol <number> IP protocol field. In place of the numeric value, you can specify All IP one of the following text synonyms (the field values are also listed): egp(8), esp(5), gre(47), icmp(1), igmp(2), ipip(4),...
Page 186 Policies and ACLs Table 24: ACL match conditions (Continued) Applicable Match Conditions Description IP Protocols ICMP-code <number> ICMP code field. This value or keyword provides more specific ICMP information than the icmp-type. Because the value's meaning depends upon the associated icmp-type, you must specify the icmp-type along with the icmp-code.
Page 187: Acl Evaluation Precedence
ACL Policies ACL Evaluation Precedence This section discusses the precedence for evaluation among ACL rules. Precedence within an ACL An ACL is a policy file that contains one or more rules. In ExtremeWare XOS, each rule can be one of following types: L2 rule—a rule containing only Layer 2 (L2) matching conditions, such as Ethernet MAC address ●...
Page 188: Acl Metering-Aspen 8810 Only
Policies and ACLs Fragmented packet handling Two keywords are used to support fragmentation in ACLs: fragments—FO field > 0 (FO means the fragment offset field in the IP header.)—BlackDiamond 10K ● only. first-fragments—FO == 0. ● Policy file syntax checker. The keyword cannot be used in a rule with L4 information.
Page 189: Example Acl Rule Entries
ACL Policies To delete the meter, use the following command: delete meter <metername> Configuring the ACL Meter After the ACL meter is created, you will configure it. Configuring the ACL meter sets allowable traffic limits, and the actions to take with out of limit traffic. Use the following command to configure an ACL meter: configure meter <metername>...
Page 190: Displaying And Clearing Acl Counters
Policies and ACLs source-address 10.203.134.0/24; protocol TCP; source-port > 190; tcp-flags syn_ack; } then { permit; count tcpcnt ; qosprofile qp3; The following example denies ICMP echo request packets from the 10.203.134.0/24 subnet, and increments the counter icmpcnt: entry icmp { source-address 10.203.134.0/24;...
Page 191: Routing Policy File Syntax
Routing Policies protocol involved, but these policies are sometimes more efficient and easier to implement than access lists. Routing policies can also modify and filter routing information received and advertised by a switch. The following sections apply to creating and using policies: Routing Policy File Syntax on page 191 ●...
Page 192 Policies and ACLs Often a policy will have a rule entry at the end of the policy with no match conditions. This entry will match anything not otherwise processed, so that user can specify an action to override the default deny action.
Page 193 Routing Policies Table 26: Policy match conditions (Continued) Match Condition Description route-origin [direct | static | icmp | egp | ggp | hello Matches the origin (different from BGP route origin) of a | rip | isis | esis | cisco-igrp | ospf | bgp | idrp | route.
Page 194 Policies and ACLs Table 28: Policy regular expression examples (Continued) Attribute Regular Expression Example Matches Path of any length that begins with AS numbers 4, 5, “4 5 6 .*” 4 5 6 4 5 6 7 8 9 Path of any length that ends with AS numbers 4, 5, 6 “.* 4 5 6 $”...
Page 195: Policy Examples
Translating a route map to a policy on page 197 ● Translating an access profile to a policy You may be more familiar with using access profiles on other Extreme Networks switches. This example shows the policy equivalent to an ExtremeWare access profile. ExtremeWare XOS 11.1 Concepts Guide...
Page 196 Policies and ACLs ExtremeWare Access-Profile: Seq_No Action IP Address IP Mask Exact permit 22.16.0.0 255.252.0.0 permit 192.168.0.0 255.255.192.0 deny 255.0.0.0 permit 10.10.0.0 255.255.192.0 deny 22.44.66.0 255.255.254.0 Equivalent ExtremeWare XOS policy map definition: entry entry-5 nlri 22.16.0.0/14; then permit; entry entry-10 nlri 192.168.0.0/18 exact;...
Page 197 Translating a route map to a policy You may be more familiar with using route maps on other Extreme Networks switches. This example shows the policy equivalent to an ExtremeWare route map. ExtremeWare route map: Route Map : rt...
Page 198 Policies and ACLs Here is the equivalent policy: entry entry-10 origin incomplete; then permit; entry entry-20 community 6553800; then deny; entry entry-30 then next-hop 10.201.23.10; as-path 20; as-path 30; as-path 40; as-path 40; permit; entry entry-40 then local-preference 120; weight 2; permit;...
Page 199 Routing Policies entry entry-60 { next-hop 192.168.1.5; then community 949616660; permit; entry deny_rest { then deny; ExtremeWare XOS 11.1 Concepts Guide...
Page 200 Policies and ACLs ExtremeWare XOS 11.1 Concepts Guide...
Page 201: Chapter 12: Quality Of Service
Bi-Directional Rate Shaping—BlackDiamond 10K Switch Only on page 221 ● Policy-based Quality of Service (QoS) is a feature of ExtremeWare XOS and the Extreme Networks switch architecture that allows you to specify different service levels for traffic traversing the switch.
Page 202: Applications And Types Of Qos
Quality of Service NOTE Policy-based QoS has no impact on switch performance. Using even the most complex traffic groupings has no cost in terms of switch performance. Applications and Types of QoS Different applications have different QoS requirements. The following applications are ones that you will most commonly encounter and need to prioritize: Voice applications ●...
Page 203: Critical Database Applications
Applications and Types of QoS Critical Database Applications Database applications, such as those associated with Enterprise Resource Planning (ERP), typically do not demand significant bandwidth and are tolerant of delay. You can establish a minimum bandwidth using a priority less than that of delay-sensitive applications. Web Browsing Applications QoS needs for Web browsing applications cannot be generalized into a single category.
Page 204: Configuring Qos
Quality of Service Configuring QoS NOTE With software version 11.0, you can create access control lists (ACLs) with QoS actions. The QoS forwarding information you configured in an ACL takes precedence over QoS configuration using the CLI commands. Refer to Chapter 11 for more information on ACLs.
Page 205: Qos Profiles
QoS Profiles QoS Profiles QoS profiles are configured differently on the Aspen 8810 switch and on the BlackDiamond 10K switch. QoS Profiles on the Aspen 8810 Switch Only The Aspen 8810 switch has two default queues, QP1 and QP8, which are based on traffic flows. QP1 has the lowest priority, and QP8 has the highest priority.
Page 206: Qos Profiles On The Blackdiamond 10K Switch
Quality of Service A QoS profile switch does not alter the behavior of the switch until it is assigned to a traffic grouping. The default QoS profiles cannot be deleted. The settings for the default QoS parameters on the Aspen 8810 switch are summarized in Table Table 31: Default QoS profile parameters on the Aspen 8810 switch...
Page 207: Traffic Groupings
Traffic Groupings The default QoS profiles cannot be deleted. Also by default, a QoS profile maps directly to a specific hardware queue across all physical ports. The settings for the default QoS parameters on the BlackDiamond 10K switch are summarized in Table Table 32: Default QoS profile parameters on the BlackDiamond 10K switch Minimum...
Page 208: Acl-Based Traffic Groupings
Quality of Service Table 33: Traffic groupings by precedence Access List Groupings (ACLs) • IP ACL • MAC ACL Explicit Packet Class of Service Groupings • DiffServ (IP TOS) • 802.1p Physical/Logical Groupings • Source port • VLAN NOTE The source port and VLAN QoS apply only to untagged packets, and 802.1p QoS applies only to tagged packets. If you use 802.1p or DiffServ QoS in conjunction with ACLs, you must configure the 802.1p or DiffServ action within the ACL itself.
Page 209 Layer 2 switch boundary. Configuring 802.1p Priority Extreme Networks switches support the standard IEEE 802.1p priority bits that are part of a tagged Ethernet packet. The 802.1p bits can be used to prioritize the packet and to assign that packet to a particular QoS profile.
Page 210 Quality of Service Table 34: Default 802.1p priority value-to-QoS profile mapping (Continued) BlackDiamond 10K Switch Aspen 8810 Switch Default QoS Priority Value Default QoS Profile Profile Changing the default 802.1p mapping. By default, a QoS profile is mapped to a queue, and each QoS profile has configurable parameters.
Page 211: Configuring Diffserv
Traffic Groupings The 802.1p priority information is replaced according to the queue that is used when transmitting from the switch. The mapping is described in Table 35. This mapping cannot be changed. Table 35: Queue to 802.1p priority replacement value Black Diamond 10K 802.1p Priority Switch Hardware...
Page 212 Quality of Service Figure 11: IP packet header encapsulation DiffServ code point bits Version Type-of-service Total length Identification Flags Fragment offset Time-to-live Protocol Header checksum Source address Destination address Options (+ padding) Data (variable) EW_023 Observing DiffServ code points as a traffic grouping mechanism for defining QoS policies and overwriting the Diffserv code point fields are supported.
Page 213 Traffic Groupings Changing the default DiffServ code point mapping . You can change the QoS profile assignment for each of the 64 code points using the following command: configure diffserv examination code-point <code-point> {qosprofile} <qosprofile> Once assigned, the rest of the switches in the network prioritize the packet using the characteristics specified by the QoS profile.
Page 214 [{qosprofile} <qosprofile> | priority <value>] code- point <code_point> NOTE Extreme Networks recommends that you use the qosprofile <qosprofile> value to configure this parameter. By doing so, the queue used to transmit a packet determines the DiffServ value replaced in the IP packet.
Page 215: Physical And Logical Groupings
Traffic Groupings source-address 10.1.2.0/24 } then { Qosprofile qp3; replace-dscp; 2 Configure the switch so that other switches can signal calls of service that this switch should observe by entering the following: enable diffserv examination ports all NOTE The switch only observes the DiffServ code points if the traffic does not match the configured access list. Otherwise, the ACL QoS setting overrides the QoS DiffServ configuration.
Page 216 Quality of Service NOTE On the BlackDiamond 10K switch, this command applies only to untagged packets. On the Aspen 8810 switch, this command applies to all packets. Verifying Physical and Logical Groupings You can display QoS settings on the ports or VLANs. NOTE On the BlackDiamond 10K switch, the screen displays both ingress and egress QoS settings.
Page 217 Traffic Groupings Ingress IPTOS Examination: Disabled Egress IPTOS Replacement: Disabled Egress 802.1p Replacement: Disabled NetLogIn: Disabled Smart redundancy: Enabled Software redundant port: Disabled NOTE To ensure that you display the QoS information, you must use the detail variable. BlackDiamond 10K switch display. You display information on the egress QoS profiles and the ingress QoS profiles (shown as Ingress Rate Shaping), as well as the minimum and maximum available bandwidth and priority on the BlackDiamond 10 K switch using the show ports <port_list>...
Page 218 Quality of Service IQP8 MinBw= 0% MaxBw=100% Pri=8 Ingress IPTOS: Disabled Egress IPTOS: Replacement disabled Egress 802.1p: Replacement disabled Smart Redundancy: Unsupported VLANs monitored for stats: Unsupported Unsupported Software redundant port: Unsupported jitter-tolerance: Unsupported Following is sample output of this command for a BlackDiamond 10K switch 1 Gbps port: Port: Virtual-router: VR-Default Type:...
Page 219: Verifying Qos Configuration And Performance
Verifying QoS Configuration and Performance NOTE To ensure that you display the QoS information, you must use the detail variable. Verifying QoS Configuration and Performance You can display a variety of QoS measures using the CLI. Monitoring Performance—BlackDiamond 10K Switch Only NOTE This command is not supported on the Aspen 8810 switch.
Page 220: Guidelines For Configuring Qos
Guidelines for Configuring QoS The following are useful guidelines for configuring QoS: If you are using DiffServ for QoS parameters, Extreme Networks recommends that you also ● configure 802.1p or port-based QoS parameters to ensure that high-priority traffic is not dropped prior to reaching the Master Switch Module (MSM).
Page 221: Bi-Directional Rate Shaping-Blackdiamond 10K Switch Only
Bi-Directional Rate Shaping—BlackDiamond 10K Switch Only The following is sample output from the command for configured egress show configuration vlan rate limiting: Aspen.2 # show configuration vlan # Module vlan configuration. create virtual-router "VR-Default" configure virtual-router VR-Default add ports 3:1-48 create vlan "Default"...
Page 222: Bandwidth Settings
Quality of Service Table 38: Ingress queue mapping for I/O modules on the BlackDiamond 10K switch I/O module Ingress queues Priority value 1 Gbps module IQP1 1 to 4 IQP2 5 to 8 10 Gbps module IQP1 IQP2 IQP3 IQP4 IQP5 IQP6 IQP7...
Page 223: Configuring Bi-Directional Rate Shaping
Bi-Directional Rate Shaping—BlackDiamond 10K Switch Only Table 39: Maximum committed rates per port for I/O module on the BlackDiamond 10K switch I/O module MSM configuration Maximum committed rate 1 Gbps module Single MSM 200 Mbps Dual MSM 400 Mbps 10 Gbps module Single MSM 2 Gbps Dual MSM...
Page 224 Quality of Service To display the parameters for rate shaping (the values for the IQPs), use the following commands: show qosprofile {ingress | egress} {ports [ all | <port_list>]} show ports {<port_list>} information {detail} Additionally, you can monitor the performance on the BlackDiamond 10K switch by using the following command: show ports <port_list>...
Page 225: Chapter 13: Security
● Security Overview Extreme Networks products incorporate a number of features designed to enhance the security of your network. No one feature can insure security, but by using a number of features in concert, you can substantially improve the security of your network. The features described in this chapter are part of an...
Page 226: Limiting Dynamic Mac Addresses
Security NOTE You can either limit dynamic MAC FDB entries, or lock down the current MAC FDB entries, but not both. You can also prioritize or stop packet flows based on the source MAC address of the ingress VLAN or the destination MAC address of the egress VLAN.
Page 227: Mac Address Lock Down
MAC Address Security This command displays the MAC security information for the specified VLAN. show ports {mgmt | <portlist>} info {detail} This command displays detailed information, including MAC security information, for the specified port. Limiting MAC Addresses with ESRP Enabled If you configure a MAC address limit on VLANS that have ESRP enabled, you should add an additional back-to-back link (that has no MAC address limit on these ports) between the ESRP-enabled switches.
Page 228: Network Login
Extreme Networks supports a smooth transition from web-based to 802.1x authentication. MAC-based authentication is used for supplicants that do not support a network login mode, or supplicants that are not aware of the existence of such security measure, for example an IP phone.
Page 229 Network Login If a MAC address is detected on a MAC-based enabled network login port, an authentication request will be sent once to the AAA application. AAA tries to authenticate the MAC address against the configured radius server and its configured parameters (timeout, retries, etc.). The credentials used for this are the supplicant’s MAC address in ASCII representation, and a locally configured password on the switch.
Page 230: Campus And Isp Modes
Security Disadvantages of Web-based Authentication: The login process involves manipulation of IP addresses and must be done outside the scope of a ● normal computer login process. It is not tied to Windows login. The client must bring up a login page and initiate a login.
Page 231: Interoperability Requirements
Network Login Table 40 contains the Vendor Specific Attribute (VSA) definitions for web-based and 802.1x network login. The Extreme Network Vendor ID is 1916. Table 40: VSA Definitions for Web-based and 802.1x Network Login Attribute Value Type Sent-in Description Extreme: Netlogin- String Access-Accept Name of destination VLAN after successful...
Page 232: Multiple Supplicant Support
Security A Windows XP 802.1x supplicant can be authenticated as a computer or as a user. Computer authentication requires a certificate installed in the computer certificate store, and user authentication requires a certificate installed in the individual user's certificate store. By default, the Windows XP machine performs computer authentication as soon as the computer is powered on, or at link-up when no user is logged into the machine.
Page 233: Exclusions And Limitations
MAC-based authentication. Configuring Network Login In the following configuration example shows both the Extreme Networks switch configuration, and the Radius server entries needed to support the example. VLAN corp is assumed to be a corporate subnet which has connections to DNS, WINS servers etc. and network routers. VLAN temp is a temporary VLAN and is created to provide connections to unauthenticated Network Login clients.
Page 234 Security create vlan "temp" create vlan "corp" # Configuration information for VLAN temp. # No VLAN-ID is associated with VLAN temp. configure vlan "temp" protocol "ANY" (Default) configure vlan "temp" qosprofile "QP1" (Default) configure vlan temp qosprofile ingress IQP1 (Default) configure vlan "temp"...
Page 235: Web-Based Authentication User Login Using Campus Mode
Network Login Web-Based Authentication User Login Using Campus Mode When web-based authentication is used in Campus mode, the user will follow these steps: 1 Set up the Windows IP configuration for DHCP. 2 Plug into the port that has web-based network login enabled. 3 Log in to Windows.
Page 236: Displaying Network Login Settings
● NOTE Because network login is sensitive to state changes during the authentication process, Extreme Networks recommends that you do not log out until the login process is complete. The login process is complete when you receive a permanent address.
Page 237: Mac-Based Authentication
Network Login To configure the network login redirect page, use the following command: configure netlogin redirect-page <url> Where defines the redirection information for the users once logged in. This redirection <url> information is used only in case the redirection info is missing from RADIUS server. For example, redirects all users to this URL configure netlogin base-url http://www.extremenetworks.com after they get logged in.
Page 238: Dhcp Server
Security To add a MAC address to the table, use the following command: configure netlogin add mac-list [<mac> {<mask>} | default] {encrypted} {<password>} To remove a MAC address from the table, use the following command: configure netlogin delete mac-list [<mac> {<mask>} | default] To display the MAC address table, use the following command: show netlogin mac-list When a client needs authentication the best match will be used to authenticate to the server.
Page 239: Displaying Dhcp Information
Denial of Service Protection The following commands allow you to configure the server. To configure the range of IP addresses assigned by the DHCP server, use the following command: configure vlan <vlan_name> dhcp-address-range <ipaddress1> - <ipaddress2> To remove the address range information, use the following command: unconfigure vlan <vlan_name>...
Page 240: Configuring Denial Of Service Protection
Security hardware at wire speed. However, there are some operations in any switch or router that are more costly than others, and although normal traffic is not a problem, exception traffic must be handled by the switch’s CPU in software. Some packets that the switch processes in the CPU software include: learning new traffic ●...
Page 241: Management Access Security
Management Access Security To configure the alert threshold, use the following command: configure dos-protect type l3-protect alert-threshold <packets> To configure the notification threshold, use the following command: configure dos-protect type l3-protect notify-threshold <packets> To configure the ACL expiration time, use the following command: configure dos-protect acl-expire <seconds>...
Page 242: Radius
Security RADIUS Remote Authentication Dial In User Service (RADIUS), in RFC 2138, is a mechanism for authenticating and centrally administrating access to network nodes. The ExtremeWare XOS RADIUS implementation allows authentication for Telnet or console access to the switch. NOTE You cannot enable RADIUS and TACACS+ at the same time.
Page 243: Configuring Radius
Authenticating Users Using RADIUS or TACACS+ Configuring RADIUS Accounting Extreme Networks switches are capable of sending RADIUS accounting information. As with RADIUS authentication, you can specify two servers for receipt of accounting information. To specify RADIUS accounting servers, use the following command: configure radius-accounting [primary | secondary] server [<ipaddress>...
Page 244 For a RADIUS server to identify the administrative privileges of a user, Extreme Networks switches expect a RADIUS server to transmit the Service-Type attribute in the Access-Accept packet, after successfully authenticating the user.
Page 245 Concurrent connections’ and fill in the desired number of maximum sessions. Extreme RADIUS Extreme Networks provides its users, free of charge, a radius server based on Merit RADIUS. Extreme RADIUS provides per-command authentication capabilities in addition to the standard set of radius features.
Page 246 Security get changes in the users file to take place. Extreme RADIUS uses the file named profiles to specify command lists that are either permitted or denied to a user based on their login identity. Changes to the profiles file require the RADIUS server to be shutdown and restarted. Sending a HUP signal to the RADIUS process is not enough to force changes to the profiles file to take effect.
Page 247 Building on this example configuration, you can use RADIUS to perform per-command authentication to differentiate user capabilities. To do so, use the Extreme-modified RADIUS Merit software that is available from the Extreme Networks by contacting Extreme Networks technical support. The software ™...
Page 248: Tacacs
Security Extreme:Extreme-CLI-Authorization = Enabled albert Password = "", Service-Type = Administrative, Profile-Name = "Profile1" Filter-Id = "unlim" Extreme:Extreme-CLI-Authorization = Enabled lulu Password = "", Service-Type = Administrative, Profile-Name = "Profile1" Filter-Id = "unlim" Extreme:Extreme-CLI-Authorization = Enabled gerald Password = "", Service-Type = Administrative, Profile-Name "Profile2" Filter-Id = "unlim"...
Page 249: Secure Shell 2
Because SSH2 is currently under U.S. export restrictions, you must first obtain a security-enabled version of the ExtremeWare software from Extreme Networks before you can enable SSH2. You must enable SSH2 on the switch before you can connect to the switch using an external SSH2 client.
Page 250: Using Scp2 From An External Ssh2 Client
Security NOTE The pregenerated key must be one that was generated by the switch. To get such key, you can use the command show configuration exsshd to display the key on the console. Copy the key to a text editor and remove the carriage return/line feeds from the key.
Page 251 Secure Shell 2 To transfer the primary configuration file from the switch to your current Linux directory using SCP2, use the following command: [user@linux-server]# scp2 admin@192.168.0.120:/config/primary.cfg ./primary.cfg To copy the policy filename test.pol from your Linux system to the switch, use the following command: [user@linux-server]# scp2 ./test.pol admin@192.168.0.120:/config/test.pol ExtremeWare XOS 11.1 Concepts Guide...
Page 252 Security ExtremeWare XOS 11.1 Concepts Guide...
Page 253: Chapter 14: Clearflow
CLEARFlow This chapter describes the following topics: Overview on page 253 ● Configuring CLEARFlow on page 253 ● Adding CLEARFlow Rules to ACLs on page 254 ● CLEARFlow Rule Examples on page 261 ● Overview CLEARFlow is a broad framework for implementing security, monitoring, and anomaly detection in ExtremeWare XOS software.
Page 254: Displaying Clearflow Configuration And Activity
CLEARFlow To enable CLEARFlow, use the following command: enable clear-flow When you disable the CLEARFlow agent on the switch, CLEARFlow sampling stops, and all rules are left in the current state. To disable CLEARFlow, use the following command: disable clear-flow NOTE Any actions triggered while CLEARFlow is enabled will continue when CLEARFlow is disabled, unless explicitly stopped.
Page 255: Clearflow Rule Types
Adding CLEARFlow Rules to ACLs Or you can specify an optional clause: else entry <CLFrulename> { <match-conditions>; then { <actions>; } else { <actions>; In the CLEARFlow rule syntax, the <CLFrulename> is the name of the rule (maximum of 31 characters). The <match-conditions>...
Page 256 CLEARFlow Count Rule Type A CLEARFlow count rule compares a counter with the threshold value. The following is the syntax for a CLEARFlow count rule: entry <CLFrulename> { count <counterName> REL_OPER <countThreshold> ; period <interval>; then { <actions>; } else { <actions>;...
Page 257 Adding CLEARFlow Rules to ACLs statement is optional and sets the sampling interval, in seconds. This period <interval> statement specifies how often the rule is evaluated by the CLEARFlow agent. If not specified, the default value is 5 seconds. statement is optional, and sets a hysteresis value for the threshold. hysteresis <hysteresis>...
Page 258 CLEARFlow the hysteresis value will not cause the statement to become false. For statements using the REL_OPER > or >=, the hysteresis value is subtracted from the threshold; for < or <=, the hysteresis value is added to the threshold. For example, if the match condition had the clauses ratio counter1 counter2 >= 5 hysteresis...
Page 259: Clearflow Rule Actions
Adding CLEARFlow Rules to ACLs or >=, the hysteresis value is subtracted from the threshold; for < or <=, the hysteresis value is added to the threshold. For example, if the match condition had the clauses delta- ratio counter1 counter2 >= 5 , then the condition would only be true after the ratio of the deltas of the counters hysteresis 1 reached at least 5.
Page 260 CLEARFlow QoS Profile This action modifies an existing ACL rule to set the QoS profile for traffic that matches that rule. To change the ACL to forward to QoS profile <QPx>, use the following syntax: qosprofile <ACLRuleName> <QPx> For example: qosprofile acl_rule_1 QP3 Mirror This action modifies an existing ACL rule to mirror traffic that matches that rule, or to stop mirroring...
Page 261: Clearflow Rule Examples
CLEARFlow Rule Examples This action executes a CLI command. There is no authentication or checking the validity of each command. If a command fails, the CLI will log a message in the EMS log. To execute a CLI command, use the following syntax: cli <cliCommand>...
Page 262: Delta Rule Type Example
CLEARFlow Since there is no period configured for the statement, the message is sent only once. snmptrap entry acl_rule1 { if { destination-address 192.168.16.0/24; destination-port 2049; protocol tcp; } then { count counter1; entry cflow_count_rule_example if { count counter1 > 1000000 ; period 10 ;...
Page 263: Ratio Rule Type Example
CLEARFlow Rule Examples snmptrap 123 "Traffic to 192.168.16.0/24 falls below rate limit"; qosprofile acl_rule1 QP1; cli "configure qosprofile qp3 maxbw 100 ports all" ; Ratio Rule Type Example In this example, every 2 seconds the CLEARFlow agent will request the counter1 and counter2 statistics from the hardware.
Page 264: Delta-Ratio Rule Type Example
CLEARFlow Delta-Ratio Rule Type Example In this example, every 2 seconds, the CLEARFlow agent will request the tcpSynCounter and tcpCounter values from the hardware. After it receives the two counter values, it will first calculate the delta for each of the counters and then check each counter’s delta value for its minimum value, which is 100. If both of the counters’...
Page 265: Part 2: Using Switching And Routing Protocols
Using Switching and Routing Protocols...
Page 267: Chapter 15: Ethernet Automatic Protection Switching
Ethernet Automatic Protection Switching This chapter covers the following topics: Licensing on page 267 ● Overview of the EAPS Protocol on page 267 ● Fault Detection and Recovery on page 269 ● Multiple EAPS Domains on page 272 ● Configuring EAPS on a Switch on page 274 ●...
Page 268 Ethernet Automatic Protection Switching An Ethernet ring built using EAPS can have resilience comparable to that provided by SONET rings, at a lower cost and with fewer restraints (such as ring size). The EAPS technology developed by Extreme Networks to increase the availability and robustness of Ethernet rings is described in RFC 3619: Extreme Networks’...
Page 269: Fast Convergence
Fault Detection and Recovery Figure 14: EAPS operation Secondary port Direction of is logically blocked health-check Master message node EW_071 If the ring is complete, the master node logically blocks all data traffic in the transmit and receive directions on the secondary port to prevent a loop. If the master node detects a break in the ring, it unblocks its secondary port and allows data traffic to be transmitted and received through it.
Page 270: Link Down Message Sent By A Transit Node
Ethernet Automatic Protection Switching A master node detects a ring fault in one of three ways: Link down message sent by a transit node ● Ring port down event sent by hardware layers ● Polling response ● Link Down Message Sent by a Transit Node When any transit node detects a loss of link connectivity on any of its ring ports, it immediately sends a “link down”...
Page 271: Polling
Fault Detection and Recovery Polling The master node transmits a health check packet on the control VLAN at a user-configurable interval (see Figure 14). If the ring is complete, the master node receives the health-check packet on its secondary port (the control VLAN is not blocked on the secondary port). When the master node receives the health-check packet, it resets its failtimer and continues normal operation.
Page 272: Multiple Eaps Domains
Ethernet Automatic Protection Switching Multiple EAPS Domains This section illustrates how you can work with more than one EAPS domain. EAPS Data VLAN Spanning Two Rings Connected by One Switch Figure 16 shows how a data VLAN could span two rings interconnected by a common switch—a “figure eight”...
Page 273: Multiple Eaps Domains Per Ring-Spatial Reuse
Multiple EAPS Domains Multiple EAPS Domains per Ring—Spatial Reuse To take advantage of the spatial reuse technology and broaden the use of the ring’s bandwidth, EAPS supports multiple EAPS domains running on the ring at the same time (Figure 17). Figure 17: Multiple EAPS domains per ring Master EAPS 1 Transit EAPS 2...
Page 274: Configuring Eaps On A Switch
Ethernet Automatic Protection Switching Figure 18: Multiple EAPS domains sharing a common link with EAPS shared ports Controller EAPS1 EAPS2 link ID=1 Common link Partner S 10 Master Master node node EW_095 The switches on either end of the common link must be configured as controller and a partner. For information about configuring common links, see “Configuring EAPS Shared Ports”...
Page 275: Creating And Deleting An Eaps Domain
NOTE If you use the same name across categories (for example, STPD and EAPS names), Extreme Networks recommends that you specify the identifying keyword as well as the actual name. If you do not use the keyword, the system may return an error message.
Page 276: Configuring Eaps Polling Timers
Ethernet Automatic Protection Switching Configuring EAPS Polling Timers To set the values of the polling timers the master node uses for the EAPS health check packet that is circulated around the ring for an EAPS domain, use the following commands: configure eaps <name>...
Page 277: Configuring The Primary And Secondary Ports
Configuring EAPS on a Switch Configuring the Primary and Secondary Ports Each node on the ring connects to the ring through two ring ports. As part of the protection switching scheme, one port must be configured as the primary port, and the other must be configured as the secondary port.
Page 278: Configuring The Eaps Protected Vlans
Ethernet Automatic Protection Switching The following command example adds the control VLAN “keys” to the EAPS domain “eaps_1”. configure eaps eaps_1 add control vlan keys Configuring the EAPS Protected VLANs You must configure one or more protected VLANs for each EAPS domain. The protected VLANs are the data-carrying VLANs.
Page 279: Unconfiguring An Eaps Ring Port
Configuring EAPS on a Switch To disable the EAPS function for the entire switch, use the following command: disable eaps Unconfiguring an EAPS Ring Port Unconfiguring an EAPS port sets its internal configuration state to INVALID, which causes the port to appear in the Idle state with a port status of Unknown when you use the show eaps {<eapsDomain>} command to display the status information about the port.
Page 280 Ethernet Automatic Protection Switching p_10 p_11 p_12 p_13 p_14 p_15 p_16 p_17 p_18 p_19 p_20 p_21 p_22 p_23 p_24 p_25 p_26 p_27 p_28 p_29 p_30 NOTE You may see a slightly different display, depending on whether you display the master node or the transit node. The display from the command shows all the information shown in the show eaps detail...
Page 281 Configuring EAPS on a Switch Table 42: show eaps display fields (Continued) Field Description State On a transit node, the command displays one of the following states: • Idle—The EAPS domain has been enabled, but the configuration is not complete. •...
Page 282: Configuring Eaps Shared Ports
Ethernet Automatic Protection Switching Table 42: show eaps display fields (Continued) Field Description Tag status Tagged status of the control VLAN: • Tagged—The control VLAN has this port assigned to it, and the port is tagged in the VLAN. • Untagged—The control VLAN has this port assigned to it, but the port is untagged in the control VLAN.
Page 283: Steady State
Configuring EAPS Shared Ports If the common link fails, both the controller and partner go into a “blocking” state. The partner never actually does any blocking. Only the controller is responsible for blocking to prevent a superloop while at the same time maintaining connectivity. When the common link fails, the controller keeps one of its ports in the forwarding state and marks it as “Active-Open,”...
Page 284: Common Link Failures
Ethernet Automatic Protection Switching Common Link Failures If a single common link fails, the configured controller (S1) and partner (S2) take steps to prevent a superloop. Assuming there is a single data VLAN configured on all three EAPS domains, the controller (S1) keeps one port open (called “Active-Open”).
Page 285: Creating And Deleting A Shared Port
Configuring EAPS Shared Ports Creating and Deleting a Shared Port To configure a common link, you must create a shared port on each switch belonging to the common link. To create a shared port, use the following command: create eaps shared-port <ports> where ports is the common link port.
Page 286: Unconfiguring An Eaps Shared Port
Ethernet Automatic Protection Switching —If the controller or partner switch’s segment timer expires, that switch keeps the ● send-alert segment up, with the failed flag set, and sends a warning message to the log. All segments, including the controller and partner shared ports belonging to the same common link, must use the same segment timer expiry action.
Page 287 Configuring EAPS Shared Ports Table 43: show eaps shared-port display fields Field Description Shared Port Displays the port number of the shared port. Mode Indicates whether the switch on either end of the common link is a controller or partner. The mode is configured by the user. Link ID The link ID is the unique common link identifier configured by the user.
Page 288 Ethernet Automatic Protection Switching Table 43: show eaps shared-port display fields (Continued) Field Description Segment Timer expiry action • Segment down—Specifies that if the controller or partner switch detect a down segment, that segment stays down and a query is not sent through the ring.
Page 289: Eaps Shared Port Configuration Rules
EAPS Shared Port Configuration Rules EAPS Shared Port Configuration Rules The following rules apply to EAPS shared port configurations: The controller and partner shared ports on either side of a common link must have the same ● link ID. Each common link in the network must have a unique link ID. ●...
Page 290: Basic Core Configuration
Ethernet Automatic Protection Switching Basic Core Configuration This configuration, shown in Figure 22, shows a core with access rings. In this topology, there are two EAPS common links. Figure 22: EAPS shared port basic core configuration Master node S 12 P1:2 P1:3 Controller...
Page 291: Combined Basic Core And Right Angle Configuration
EAPS Shared Port Configuration Examples Combined Basic Core and Right Angle Configuration Figure 24 shows a combination Basic Core and Right Angle configuration. Figure 24: Basic core and right angle configuration Master node EAPS5 S 14 EAPS4 Partner link ID=3 Controller Controller Common...
Page 292: Large Core And Access Rings Configuration
Ethernet Automatic Protection Switching Large Core and Access Rings Configuration Figure 25 shows a single large core ring with multiple access rings hanging off of it. This is an extension of a basic core configuration. Figure 25: Large core and access ring configuration Master node EAPS3...
Page 293: Advanced Configuration
EAPS Shared Port Configuration Examples Advanced Configuration Figure 26 shows an extension of the Basic Core and Right Angle configuration. Figure 26: Advanced configuration Partner Controller Controller Master Master node EAPS2 EAPS3 link ID=2 link ID=4 Common Common EAPS5 link Common link link...
Page 294 Ethernet Automatic Protection Switching ExtremeWare XOS 11.1 Concepts Guide...
Page 295: Chapter 16: Spanning Tree Protocol
Spanning Tree Protocol This chapter covers the following topics: Overview of the Spanning Tree Protocol on page 295 ● Spanning Tree Domains on page 295 ● STP Configurations on page 302 ● Per VLAN Spanning Tree on page 308 ● Rapid Spanning Tree Protocol on page 308 ●...
Page 296: Member Vlans
Spanning Tree Protocol The key points to remember when configuring VLANs and STP are: Each VLAN forms an independent broadcast domain. ● STP blocks paths to create a loop-free environment. ● Within any given STPD, all VLANs belonging to it use the same spanning tree. ●...
Page 297: Stpd Modes
Spanning Tree Domains Assigns VLAN v5 to STPD s8. ● Creates the same tag ID for the VLAN and the STPD (the carrier VLAN’s VLANid must be identical ● to the STPDs StpdID). create vlan v5 configure vlan v5 tag 100 configure vlan v5 add ports 1:1-1:20 tagged create stpd s8 configure stpd s8 add vlan v5 ports all emistp...
Page 298: Stp States
Extreme Multiple Instance Spanning Tree Protocol (EMISTP) mode ● EMISTP mode is proprietary to Extreme Networks and is an extension of STP that allows a physical port to belong to multiple STPDs by assigning the port to multiple VLANs. EMISTP adds significant flexibility to STP network design.
Page 299: Binding Ports
Spanning Tree Domains Listening ● A port in the listening state does not accept ingress traffic, perform traffic forwarding, or learn MAC source addresses. The port does receive STP BPDUs. This is the first transitional state a port enters after being in the blocking state. The bridge listens for BPDUs from neighboring bridge(s) to determine whether the port should or should not be blocked.
Page 300 Spanning Tree Protocol ), the STP port mode is changed to match; otherwise, the STP port inherits either the pvst-plus carrier VLANs encapsulation mode on that port or the STPD’s default encapsulation mode. To remove ports, use the following command: configure stpd <stpd_name>...
Page 301: Rapid Root Failover
Spanning Tree Domains To learn more about the member VLANs, see “Member VLANs” on page 296. For more detailed information about these CLI commands, see the ExtremeWare XOS Command Reference Guide. Rapid Root Failover ExtremeWare XOS supports rapid root failover for faster STP failover recovery times in STP 802.1D mode.
Page 302: Stp Configurations
Spanning Tree Protocol STP Configurations When you assign VLANs to an STPD, pay careful attention to the STP configuration and its effect on the forwarding of VLAN traffic. This section describes three types of STP configurations: Basic STP ● Multiple STPDs on a single port (which uses EMISTP) ●...
Page 303 STP Configurations Figure 27: Multiple STPDs Sales, Personnel, Marketing Manufacturing, Engineering, Marketing Switch A Switch Y Switch B Switch Z Switch M STPD 1 STPD 2 Sales, Personnel, Manufacturing, Engineering, Marketing EX_048 When the switches in this configuration boot-up, STP configures each STPD such that the topology contains no active loops.
Page 304 Spanning Tree Protocol Figure 28: Incorrect tag-based STPD configuration Marketing & Sales Marketing, Sales & Engineering Switch 1 Switch 3 Switch 2 Sales & Engineering EX_049 The tag-based network in Figure 28 has the following configuration: Switch 1 contains VLAN Marketing and VLAN Sales. ●...
Page 305: Multiple Stpds On A Port
STP Configurations Multiple STPDs on a Port Traditional 802.1D STP has some inherent limitations when addressing networks that have multiple VLANs and multiple STPDs. For example, consider the sample depicted in Figure Figure 29: Limitations of traditional STPD EX_050 The two switches are connected by a pair of parallel links. Both switches run two VLANs, A and B. To achieve load-balancing between the two links using the traditional approach, you would have to associate A and B with two different STPDs, called S1 and S2, respectively, and make the left link carry VLAN A traffic while the right link carries VLAN B traffic (or vice versa).
Page 306: Emistp Deployment Constraints
Spanning Tree Protocol Alternatively, the same VLAN may span multiple large geographical areas (because they belong to the same enterprise) and may traverse a great many nodes. In this case, it is desirable to have multiple STP domains operating in a single VLAN, one for each looped area. The justifications include the following: The complexity of the STP algorithm increases, and performance drops, with the size and complexity ●...
Page 307 STP Configurations Figure 31: VLANs traverse domains inside switches Correct Wrong EX_052 The VLAN partition feature is deployed under the premise that the overall interdomain topology for ● that VLAN is loop-free. Consider the case in Figure 32, VLAN red (the only VLAN in the figure) spans STPDs 1, 2, and 3.
Page 308: Per Vlan Spanning Tree
Spanning Tree Protocol Per VLAN Spanning Tree Switching products that implement Per VLAN Spanning Tree (PVST) have been in existence for many years and are widely deployed. To support STP configurations that use PVST, ExtremeWare XOS has an operational mode called PVST+. NOTE In this document, PVST and PVST+ are used interchangeably.
Page 309: Rstp Concepts
Rapid Spanning Tree Protocol RSTP Concepts This section describes important RSTP concepts. Port Roles RSTP uses information from BPDUs to assign port roles for each LAN segment. Port roles are not user- configurable. Port role assignments are determined based on the following criteria: A unique bridge identifier (MAC address) associated with each bridge ●...
Page 310 Spanning Tree Protocol Table 45: RSTP link types Port Link Type Description Auto Specifies the switch to automatically determine the port link type. An auto link behaves like a point-to-point link if the link is in full-duplex mode or if link aggregation is enabled on the port.
Page 311: Rstp Operation
Rapid Spanning Tree Protocol Table 47: Derived timers Timer Description The root port uses the topology change notification (TCN) timer when it detects a change in the network topology. The TCN timer stops when the topology change timer expires or upon receipt of a topology change acknowledgement. The default value is the same as the value for the bridge hello timer.
Page 312: Root Port Rapid Behavior
Spanning Tree Protocol RSTP attempts to transition root ports and designated ports to the forwarding state and alternate ports and backup ports to the blocking state as rapidly as possible. A port transitions to the forwarding state if any of the following is true. The port: Has been in either a root or designated port role long enough that the spanning tree information ●...
Page 313: Designated Port Rapid Behavior
Rapid Spanning Tree Protocol Figure 33: Example of root port rapid behavior Inital topology New topology Bridge Bridge Backup Designated Backup Designated port port port port LAN segment Superior STP bridge priority Root bridge EX_054 If the backup port receives the BPDU first, STP processes this packet and temporarily elects this port as the new root port while the designated port’s role remains unchanged.
Page 314: Receiving Bridge Behavior
Spanning Tree Protocol Receiving Bridge Behavior The receiving bridge must decide whether or not to accept a proposal from a port. Upon receiving a proposal for a root port, the receiving bridge: Processes the BPDU and computes the new STP topology. ●...
Page 315 Rapid Spanning Tree Protocol The following steps describe how the network reconverges. 1 If the link between bridge A and bridge F goes down, bridge F detects the root port is down. At this point, bridge F: Immediately disables that port from the STP. ●...
Page 316 Spanning Tree Protocol 3 As shown in Figure 37, when bridge F receives the superior BPDU and configuration update from bridge E, bridge F: Decides that the receiving port is the root port. ● Determines that bridge E is the root bridge. ●...
Page 317 Rapid Spanning Tree Protocol 5 Upon receiving the proposal, bridge E (as shown in Figure 39): Performs a configuration update. ● Changes its receiving port to a root port. ● The existing designated port enters the blocking state. Bridge E then sends: A “propose”...
Page 318: Stp Rules And Restrictions
Spanning Tree Protocol Figure 41: Final network configuration A , 0 A , 1 A , 2 Root Designated port port A , 5 A , 4 A , 3 EX_055h Compatibility With STP (802.1D) RSTP interoperates with legacy STP protocols; however, the rapid convergence benefits are lost when interacting with legacy STP bridges.
Page 319: Configuring Stp On The Switch
Configuring STP on the Switch Automatically adding ports to an STPD (known as STP autobind) cannot be configured on a ● Netlogin VLAN. STP cannot be configured on the following ports: ● A mirroring target port. ■ A software-controlled redundant port. ■...
Page 320: Stp Configuration Examples
Spanning Tree Protocol NOTE The device supports the RFC 1493 Bridge MIB, RSTP-03, and Extreme Networks STP MIB. Parameters of the s0 default STPD support RFC 1493 and RSTP-03. Parameters of any other STPD support the Extreme Networks STP MIB.
Page 321: Emistp Configuration Example
STP Configuration Examples EMISTP Configuration Example Figure 42 is an example of EMISTP. Figure 42: EMISTP configuration example VLAN red VLAN green VLAN yellow VLAN red VLAN red VLAN brown VLAN red VLAN blue EX_051 NOTE By default, all ports added to a user-defined STPD are in emistp mode, unless otherwise specified. The following commands configure the switch located between S1 and S2: create vlan red configure red tag 100...
Page 322: Rstp 802.1W Configuration Example
Spanning Tree Protocol RSTP 802.1w Configuration Example Figure 43 is an example of a network with multiple STPDs that can benefit from RSTP. For RSTP to work, you need to do the following: Create an STPD. ● Configure the mode of operation for the STPD. ●...
Page 323: Displaying Stp Settings
Displaying STP Settings configure vlan sales add ports 1:1,2:1 tagged configure vlan personnel add ports 1:1,2:1 tagged configure vlan marketing add ports 1:1,2:1 tagged configure stpd stpd1 add vlan sales ports all configure stpd stpd1 add vlan personnel ports all configure stpd stpd1 add vlan marketing ports all configure stpd stpd1 ports link-type point-to-point 1:1,2:1 configure stpd stpd1 tag 100...
Page 324 Spanning Tree Protocol If you have a VLAN that spans multiple STPDs, use the command to show vlan <vlan_name> stpd display the STP configuration of the ports assigned to that specific VLAN. The command displays the following: ● STPD port configuration ●...
Page 325: Chapter 17: Extreme Standby Router Protocol
ESRP can provide better resiliency than using Spanning Tree Protocol (STP) or Virtual Router Redundancy Protocol (VRRP). Extreme Networks recommends that all switches participating in ESRP run the same version of ExtremeWare XOS.
Page 326: Esrp And Elrp
Extreme Standby Router Protocol ESRP and ELRP Support for the Extreme Loop Recovery Protocol (ELRP) was introduced in ExtremeWare XOS 11.1. For more information about ELRP, see “Using ELRP with ESRP” on page 345. For more information about standalone ELRP, see “Using Standalone ELRP to Perform Loop Tests”...
Page 327 ESRP Concepts Figure 44: Example of a basic ESRP topology ESRP Core Switch #1 ESRP Core Switch #2 State Domain Group State Domain Group Master corpnet1 Slave corpnet1 Master corpnet2 Slave corpnet2 Slave corpnet3 Master corpnet3 Corpnet1, Corpnet2 Corpnet3 advertised ESRP advertised virtual mac: virtual mac: 00:E0:2B:00:00:80...
Page 328: Esrp-Aware Switches
342. Configuring ESRP-Aware Switches For an Extreme Networks switch to be ESRP-aware, you must create an ESRP domain on the aware switch, add a master VLAN to that ESRP domain, and configure a domain ID, if necessary. To participate as an ESRP-aware switch, the following must be true: The ESRP domain name must identical on all switches (ESRP-enabled and ESRP-aware) participating ●...
Page 329: Standard And Extended Esrp
ESRP Concepts Displaying ESRP-Aware Information To display ESRP-aware information, use the following command: show esrp {<name>} The display includes the group number and MAC address for the master of the group, as well as the age of the information. Standard and Extended ESRP ESRP has two modes of operation: standard and extended.
Page 330: Esrp Domains
Extreme Standby Router Protocol In extended mode, the active port count considers the number of active ports and the port weight configuration also considers the bandwidth of those ports. You enable port weight only on the load- shared master port. Domain ID ●...
Page 331: Linking Esrp Switches
ESRP Concepts Linking ESRP Switches When considering system design using ESRP, Extreme Networks recommends using a direct link. Direct links between ESRP switches are useful under the following conditions: A direct link can provide a more direct routed path, if the ESRP switches are routing and supporting ●...
Page 332: Determining The Esrp Master
Extreme Standby Router Protocol 2 If the MSMs are not in sync, replicate all saved images and configurations from the primary to the backup using the command. synchronize 3 Initiate failover using the command. run msm-failover For more detailed information about verifying the status of the MSMs and system redundancy, see “Understanding System Redundancy”...
Page 333: Pre-Master Switch Behavior
Determining the ESRP Master Pre-Master Switch Behavior A pre-master switch is ready to transition to master, but is going through possible loop detection prior to changing to the master state. Upon entering the pre-master state, the switch sends ESRP packets to other switches on that same VLAN.
Page 334: Esrp Failover Time
Extreme Standby Router Protocol CAUTION Configure the pre-master state timeout only with guidance from Extreme Networks personnel. Misconfiguration can severely degrade the performance of ESRP and your switch. ESRP Failover Time ESRP Failover time is largely determined by the following factors: ESRP hello timer setting.
Page 335 Determining the ESRP Master Table 48 describes the ESRP election algorithms. Each algorithm considers the election factors in a different order of precedence. The election algorithms that use sticky and weight are only available in extended mode. Table 48: ESRP election algorithms Election Algorithm Description ports >...
Page 336: Configuring An Esrp Domain On A Switch
Extreme Standby Router Protocol NOTE If you have a network that contains a combination of switches running ExtremeWare XOS and ExtremeWare, only the ports-track-priority-mac election algorithm is compatible with ExtremeWare releases prior to version 6.0. Configuring an ESRP Domain on a Switch To create, configure, and enable a basic ESRP domain, complete the following steps: 1 Create and configure the master VLAN.
Page 337: Configuring The Esrp Domain Id
Configuring an ESRP Domain on a Switch NOTE If you use the same name across categories (for example, STPD and ESRP names) Extreme Networks recommends that you specify the appropriate keyword as well as the actual name. If you do not specify the keyword, the switch may display an error message.
Page 338: Enabling And Disabling An Esrp Domain
Extreme Standby Router Protocol The following example adds the VLAN as the master VLAN to ESRP domain sales esrp1 configure esrp esrp1 add master sales To delete a master VLAN, you must first disable the ESRP domain before removing the master VLAN using the command.
Page 339: Advanced Esrp Features
Advanced ESRP Features Advanced ESRP Features This section describes the following advanced ESRP features: ESRP Tracking on page 339 ● ESRP Port Restart on page 342 ● ESRP Host Attach on page 342 ● ESRP Port Weight and Don’t Count on page 343 ●...
Page 340 Extreme Standby Router Protocol ESRP VLAN Tracking You can configure an ESRP domain to track port connectivity to a specified VLAN as criteria for ESRP failover. The number of VLAN active ports are tracked. If the switch is no longer connected to the specified VLAN, the switch automatically relinquishes master status and remains in slave mode.
Page 341 Advanced ESRP Features ESRP Tracking Example Figure 45 is an example of ESRP tracking. Figure 45: ESRP tracking ESRP master 200.1.1.1/24 vlan esrp1 (track-vlan) vlan vlan1 Host 2: Router 200.1.1.14/24 Gateway: 200.1.1.1 L2 switch 10.10.10.121 Host 1: 200.1.1.13/24 Gateway: ESRP slave 200.1.1.1 200.1.1.2/24 EX_094...
Page 342: Esrp Port Restart
Extreme Standby Router Protocol ESRP Port Restart You can configure ESRP to restart ports in the ESRP master domain when the downstream switch is from a third-party vendor. This action takes down and restarts the port link to clear and refresh the downstream ARP table.
Page 343: Esrp Port Weight And Don't Count
Advanced ESRP Features Figure 46: ESRP host attach OSPF/BGP-4 EX_095 ESRP VLANs that share ESRP HA ports must be members of different ESRP groups. Each port can have a maximum of seven VLANs. If you use load sharing with the ESRP HA feature, configure the load-sharing group first and then enable HA on the group.
Page 344: Esrp Groups
Extreme Standby Router Protocol changes due to frequent client activities like rebooting and unplugging laptops. This port is known as a don’t-count port. To configure the port weight on either a host attach port or a normal port, use the following command: configure esrp ports <ports>...
Page 345: Displaying Esrp Information
Displaying ESRP Information Displaying ESRP Information To view ESRP information, use the following command: show esrp Output from this command includes: The operational state of an ESRP domain and the state of its neighbor ● ESRP port configurations ● To view more detailed information about an ESRP domain, use the following command and specify the domain name: show esrp {<name>} Output from this command includes:...
Page 346: Using Elrp With Esrp To Recover Loops
Extreme Standby Router Protocol Using ELRP with ESRP to Recover Loops ELRP sends loop-detect packets to notify ESRP about loops in the network. In an ESRP environment, when the current master goes down, one of the slaves becomes the master and continues to forward Layer 2 and Layer 3 traffic for the ESRP domain.
Page 347: Displaying Elrp Information
Using ELRP with ESRP To disable the use of ELRP by ESRP in the pre-master state, use the following command: configure esrp <esrpDomain> elrp-premaster-poll disable Configuring Master Polling If you enable the use of ELRP by ESRP in the master state, ESRP requests that ELRP packets are periodically sent to ensure that there is no loop in the network while ESRP is in the master state.
Page 348: Esrp Examples
The example shown in Figure 48 uses a number of Extreme Networks devices as edge switches that perform Layer 2 switching for ESRP domain esrp1 and VLAN Sales. The edge switches are dual-homed to the BlackDiamond 10808 switches. The BlackDiamond 10808 switches perform Layer 2 switching between the edge switches and Layer 3 routing to the outside world.
Page 349 ESRP Examples Figure 48: Single ESRP domain using Layer 2 and Layer 3 redundancy OSPF or RIP Domain - esrp1, Domain - esrp1, VLAN - Sales VLAN - Sales (master) (standby) EX_097 The BlackDiamond 10808 switch, acting as master for ESRP domain esrp1, performs both Layer 2 switching and Layer 3 routing services for VLAN Sales.
Page 350 IP address for the VLANs participating in ESRP must be identical. ● NOTE If your network has switches running ExtremeWare and ExtremeWare XOS participating in ESRP, Extreme Networks recommends that the ExtremeWare XOS switches operate in ESRP standard mode. To change the mode of operation, use the command.
Page 351: Multiple Domains Using Layer 2 And Layer 3 Redundancy
ESRP Examples Multiple Domains Using Layer 2 and Layer 3 Redundancy The example shown in Figure 49 illustrates an ESRP configuration that has multiple domains using Layer 2 and Layer 3 redundancy. Figure 49: Multiple ESRP domains using Layer 2 and Layer 3 redundancy OSPF or RIP Sales master,...
Page 352 Extreme Standby Router Protocol Configuration commands for the first BlackDiamond switch are as follows: create vlan sales configure vlan sales tag 10 configure vlan sales add ports 1:1-1:2 configure vlan sales add ports 1:3 tagged configure vlan sales ipaddress 10.1.2.3/24 create vlan engineering configure vlan engineering tag 20 configure vlan engineering add ports 1:4...
Page 353: Esrp Cautions
ESRP Cautions ESRP Cautions This section describes important details to be aware of when configuring ESRP. Configuring ESRP and IP Multinetting When configuring ESRP and IP multinetting on the same switch, the same set of IP addresses must be configured for all involved VLANs. ESRP and STP A switch running ESRP should not simultaneously participate in STP for the same VLAN(s).
Page 354 Extreme Standby Router Protocol ExtremeWare XOS 11.1 Concepts Guide...
Page 355: Chapter 18: Virtual Router Redundancy Protocol
Virtual Router Redundancy Protocol This chapter covers the following topics: Overview on page 355 ● Determining the VRRP Master on page 355 ● Additional VRRP Highlights on page 358 ● VRRP Operation on page 359 ● VRRP Configuration Parameters on page 361 ●...
Page 356: Vrrp Tracking
Virtual Router Redundancy Protocol VRRP Tracking Tracking information is used to track various forms of connectivity from the VRRP router to the outside world. ExtremeWare XOS supports the use of the following VRRP tracking options: VRRP VLAN Tracking ● VRRP Route Table Tracking ●...
Page 357 Layer 2 switch between it and another VRRP node. In cases where a Layer 2 switch is used to connect VRRP nodes, Extreme Networks recommends that those nodes have priorities of less than 255. ExtremeWare XOS 11.1 Concepts Guide...
Page 358: Electing The Master Router
Virtual Router Redundancy Protocol Electing the Master Router VRRP uses an election algorithm to dynamically assign responsibility for the master router to one of the VRRP routers on the network. A VRRP router is elected master if the router has the highest priority (the range is 1 to 254;...
Page 359: Vrrp Operation
VRRP Operation VRRP and the Spanning Tree Protocol (STP) can be simultaneously enabled on the same switch. ● Extreme Networks does not recommend simultaneously enabling VRRP and ESRP on the same ● switch. VRRP Operation This section describes two VRRP network configurations: A simple VRRP network ●...
Page 360: Fully Redundant Vrrp Network
Virtual Router Redundancy Protocol physical interface. Each physical interface on each backup router must have a unique IP address. The virtual router IP address is also used as the default gateway address for each host on the network. If the master router fails, the backup router assumes forwarding responsibility for traffic addressed to the virtual router MAC address.
Page 361: Vrrp Configuration Parameters
VRRP Configuration Parameters VRRP Configuration Parameters Table 49 lists the parameters that you configure on a VRRP router. Table 49: VRRP configuration parameters Parameter Description vrid This is the virtual router identifier and is a configured item in the range of 1- to 255. This parameter has no default value. priority This priority value to be used by this VRRP router in the master election process.
Page 362: Vrrp Examples
Virtual Router Redundancy Protocol VRRP Examples This section provides the configuration syntax for the two VRRP networks discussed in this chapter. Configuring the Simple VRRP Network Figure 53 shows the simple VRRP network described in “Simple VRRP Network Configuration” section. Figure 53: Simple VRRP network Switch A Switch B...
Page 363: Configuring The Fully Redundant Vrrp Network
VRRP Examples Configuring the Fully Redundant VRRP Network Figure 54 shows the fully redundant VRRP network configuration described in the “Fully Redundant VRRP Network” section. Figure 54: Fully redundant VRRP configuration Switch A Switch B Master for virtual IP 192.168.1.3 Master for virtual IP 192.168.1.5 Master VRID = 1 Master VRID = 2...
Page 364: Vrrp Cautions
Virtual Router Redundancy Protocol VRRP Cautions This section describes important details to be aware of when configuring VRRP. Assigning Multiple Virtual IP Addresses It is possible to assign multiple virtual IP addresses to the same VRID for a VRRP VR. In this case, you must meet the following conditions: Multiple virtual IP addresses must be on the same subnet.
Page 365: Chapter 19: Ip Unicast Routing
IP Unicast Routing This chapter describes the following topics: Overview of IP Unicast Routing on page 365 ● Proxy ARP on page 368 ● Relative Route Priorities on page 369 ● Configuring IP Unicast Routing on page 370 ● Verifying the IP Unicast Routing Configuration on page 370 ●...
Page 366: Populating The Routing Table
IP Unicast Routing NOTE Each IP address and mask assigned to a VLAN must represent a unique IP subnet. You cannot configure the same IP address and subnet on different VLANs. Figure 55, a BlackDiamond switch is depicted with two VLANs defined; Finance and Personnel. All ports on slots 1 and 3 are assigned to Finance;...
Page 367: Dynamic Routes
Overview of IP Unicast Routing NOTE If you define a default route and subsequently delete the VLAN on the subnet associated with the default route, the invalid default route entry remains. You must manually delete the configured default route. Dynamic Routes Dynamic routes are typically learned by way of RIP or OSPF.
Page 368: Proxy Arp
IP Unicast Routing NOTE If you define multiple default routes, the route that has the lowest metric is used. If multiple default routes have the same lowest metric, the system picks one of the routes. You can also configure blackhole routes—traffic to these destinations is silently dropped. IP Route Sharing IP route sharing allows multiple equal-cost routes to be used concurrently.
Page 369: Proxy Arp Between Subnets
Relative Route Priorities Proxy ARP Between Subnets In some networks, it is desirable to configure the IP host with a wider subnet than the actual subnet mask of the segment. You can use proxy ARP so that the router answers ARP requests for devices outside of the subnet.
Page 370: Configuring Ip Unicast Routing
IP Unicast Routing Configuring IP Unicast Routing This section describes the commands associated with configuring IP unicast routing on the switch. To configure routing: 1 Create and configure two or more VLANs. 2 Assign each VLAN that will be using routing an IP address using the following command: configure vlan <vlan_name>...
Page 371 Routing Configuration Example MyCompany ● Port-based VLAN. ■ All ports on slots 1 through 4 have been assigned. ■ Figure 56: Unicast routing configuration example 192.207.35.1 192.207.36.1 MyCompany 192.207.35.0 192.207.36.0 Finance Personnel = IP traffic NetBIOS NetBIOS = NetBIOS traffic NetBIOS NetBIOS EX_047...
Page 372: Ip Multinetting
Multinetting can be a critical element in a transition strategy, allowing a legacy assignment of IP addresses to coexist with newly configured hosts. However, because of the additional constraints introduced in troubleshooting and bandwidth, Extreme Networks recommends that you use multinetting as a transitional tactic only, and not as a long-term network design strategy.
Page 373: How Multinetting Affects Other Features
IP Multinetting Figure 57: Multinetted Network Topology Transit VLAN multi network Primary subnet Secondary Host subnet-1 Secondary subnet-2 BD10K EX_102 Figure 57 shows a multinetted VLAN named multi. VLAN multi has three IP subnets so three IP addresses have been configured for the VLAN. One of the subnets is the primary subnet and can be connected to any transit network (for example, the Internet).
Page 374 IP Unicast Routing Route Manager The Route Manager will install a route corresponding to each of the secondary interfaces. The route origin will be direct, will be treated as a regular IP route, and can be used for IP data traffic forwarding. These routes can also be redistributed into the various routing protocol domains if you configure route redistribution.
Page 375 IP Multinetting RIP. This section describes the behavior of the Routing Information Protocol (RIP) in an IP multinetting environment: RIP does not send any routing information update on the secondary interfaces. However, RIP will ● advertise networks corresponding to secondary interfaces in its routing information packet to the primary interface.
Page 376 IP Unicast Routing Multicast Routing Protocols For Protocol-Independent Multicast (PIM), the following behavior changes should be noted in a multinetting environment: PIM does not peer with any other PIM router on a secondary subnet. ● PIM also processes data packets from the host on secondary subnets. ●...
Page 377: Configuring Ip Multinetting
IP Multinetting It is possible for a VRRP VR to have additional virtual IP addresses assigned to it. In this case, the following conditions must be met: Multiple virtual IP addresses for the same VRID must be on the same subnet. ●...
Page 378: Configuring Dhcp/Bootp Relay
IP Unicast Routing segment consisting of two subnets (192.168.36.0 and 172.16.45.0). The second multinetted segment spans three ports (1:8, 2:9, and 3:10). RIP is enabled on both multinetted segments. configure default delete port 5:5 create vlan multinet configure multinet ipaddress 192.168.34.1 configure multinet add secondary-ipaddress 192.168.35.1 configure multinet add secondary-ipaddress 192.168.37.1 configure multinet add port 5:5...
Page 379: Verifying The Dhcp/Bootp Relay Configuration
Configuring DHCP/BOOTP Relay The DHCP relay agent option consists of two pieces of data, called sub-options. The first is the agent circuit ID sub-option, and the second is the agent remote ID sub-option. When the DHCP relay agent option is enabled on switches running ExtremeWare XOS, the value of these sub-options is set as follows: Agent circuit ID sub-option: Contains the ID of the port on which the original DHCP request packet ●...
Page 380: Udp Echo Server
IP Unicast Routing UDP Echo Server You can use UDP echo packets to measure the transit time for data between the transmitting and receiving end. To enable UDP echo server support, use the following command: enable udp-echo-server {vr <vrid>}{udp-port <port>} To disable UDP echo server support, use the following command: disable udp-echo-server {vr <vrid>} ExtremeWare XOS 11.1 Concepts Guide...
Page 381: Chapter 20: Interior Gateway Protocols
Interior Gateway Protocols This chapter describes the following topics: Overview on page 381 ● Overview of RIP on page 382 ● Overview of OSPF on page 384 ● Route Redistribution on page 389 ● RIP Configuration Example on page 391 ●...
Page 382: Rip Versus Ospf
Interior Gateway Protocols RIP Versus OSPF The distinction between RIP and OSPF lies in the fundamental differences between distance-vector protocols and link-state protocols. Using a distance-vector protocol, each router creates a unique routing table from summarized information obtained from neighboring routers. Using a link-state protocol, every router maintains an identical routing table created from information obtained from all routers in the autonomous system (AS).
Page 383: Split Horizon
Overview of RIP IP address of the next router ● Timer that tracks the amount of time since the entry was last updated ● The router exchanges an update message with each neighbor every 30 seconds (default value), or when there is a change to the overall routed topology (also called triggered updates).
Page 384: Overview Of Ospf
MSM-1 ships with a Core license. The Aspen 8810 switch ships with an Advanced Edge license; you can obtain a Core License for the switch from Extreme Networks. A subset of OSPF, called OSPF Edge Mode, is available with an Advanced Edge license.
Page 385 To re-enable opaque LSAs across the entire system, use the following command: enable ospf capability opaque-lsa If your network uses opaque LSAs, Extreme Networks recommends that all routers on your OSPF network support opaque LSAs. Routers that do not support opaque LSAs do not store or flood them. At minimum a well interconnected subsection of your OSPF network must support opaque LSAs to maintain reliability of their transmission.
Page 386: Areas
Interior Gateway Protocols Areas OSPF allows parts of a network to be grouped together into areas. The topology within an area is hidden from the rest of the AS. Hiding this information enables a significant reduction in LSA traffic and reduces the computations needed to maintain the LSDB. Routing within the area is determined only by the topology of the area.
Page 387: Virtual Links
Overview of OSPF Not-So-Stubby-Areas Not-so-stubby-areas (NSSAs) are similar to the existing OSPF stub area configuration option but have the following two additional capabilities: External routes originating from an ASBR connected to the NSSA can be advertised within the ● NSSA. External routes originating from the NSSA can be propagated to other areas, including the backbone ●...
Page 388 Interior Gateway Protocols Figure 58: Virtual link using area 1 as a transit area Virtual link Area 2 Area 1 Area 0 EX_044 Virtual links are also used to repair a discontiguous backbone area. For example, in Figure 59, if the connection between ABR1 and the backbone fails, the connection using ABR2 provides redundancy so that the discontiguous area can continue to communicate with the backbone using the virtual link.
Page 389: Point-To-Point Support
Route Redistribution Point-to-Point Support You can manually configure the OSPF link type for a VLAN. Table 52 describes the link types. Table 52: OSPF link types Link Type Number of Routers Description Auto Varies ExtremeWare XOS automatically determines the OSPF link type based on the interface type.
Page 390: Configuring Route Redistribution
Interior Gateway Protocols Figure 60: Route redistribution OSPF AS Backbone Area 0.0.0.0 Area 121.2.3.4 ASBR ASBR RIP AS EX_046 Configuring Route Redistribution Exporting routes from one protocol to another and from that protocol to the first one are discreet configuration functions. For example, to run OSPF and RIP simultaneously, you must first configure both protocols and then verify the independent operation of each.
Page 391: Ospf Timers And Authentication
RIP Configuration Example The cost metric is inserted for all Border Gateway Protocol (BGP), RIP, static, and direct routes injected into OSPF. If the cost metric is set to 0, the cost is inserted from the route. For example, in the case of BGP export, the cost equals the multiple exit discriminator (MED) or the path length.
Page 392 Interior Gateway Protocols All ports on slots 2 and 4 have been assigned. ■ IP address 192.207.36.1. ■ MyCompany ● Port-based VLAN. ■ All ports on slots 1 through 4 have been assigned. ■ Figure 61: RIP configuration example 192.207.35.1 192.207.36.1 MyCompany 192.207.35.0...
Page 393: Configuring Ospf
Configuring OSPF Each switch that is configured to run OSPF must have a unique router ID. Extreme Networks recommends that you manually set the router ID of the switches participating in OSPF, instead of having the switch automatically choose its router ID based on the highest interface IP address. Not performing this configuration in larger, dynamic environments could result in an older LSDB remaining in use.
Page 394: Ospf Configuration Example
Interior Gateway Protocols Dead router wait interval (Dead Interval)—The interval after which a neighboring router is declared ● down because hello packets are no longer received from the neighbor. This interval should be a multiple of the hello interval. The default value is 40 seconds. Router wait interval (Wait Timer Interval)—The interval between the interface coming up and the ●...
Page 395: Configuration For Abr1
OSPF Configuration Example Area 0 is the backbone area. It is located at the headquarters and has the following characteristics: Two internal routers (IR1 and IR2) ● Two area border routers (ABR1 and ABR2) ● Network number 10.0.x.x ● Two identified VLANs (HQ_10_0_2 and HQ_10_0_3) ●...
Page 396: Configuration For Ir1
Interior Gateway Protocols Configuration for IR1 The router labeled IR1 has the following configuration: configure vlan HQ_10_0_1 ipaddress 10.0.1.2 255.255.255.0 configure vlan HQ_10_0_2 ipaddress 10.0.2.2 255.255.255.0 enable ipforwarding configure ospf add vlan all area 0.0.0.0 enable ospf Displaying OSPF Settings You can use a number of commands to display settings for OSPF.
Page 397: Chapter 21: Exterior Gateway Routing Protocols
Exterior Gateway Routing Protocols This chapter covers the following topics: Overview on page 398 ● BGP Attributes on page 398 ● BGP Communities on page 398 ● BGP Features on page 399 ● This chapter describes how to configure the Border Gateway Protocol (BGP), an exterior routing protocol available on the switch.
Page 398: Overview
Exterior Gateway Routing Protocols Overview BGP is an exterior routing protocol that was developed for use in TCP/IP networks. The primary function of BGP is to allow different autonomous systems (ASs) to exchange network reachability information. An AS is a set of routers that are under a single technical administration. This set of routers uses a different routing protocol, for example Open Shortest Path First (OSPF), for intra-AS routing.
Page 399: Bgp Features
BGP Features BGP Features This section describes the following BGP features supported by ExtremeWare XOS: Route Reflectors on page 399 ● Route Confederations on page 401 ● Route Aggregation on page 404 ● Using the Loopback Interface on page 404 ●...
Page 400 Exterior Gateway Routing Protocols 2.2.2.2 is called a route reflector and is responsible for reflecting routes between its clients. Routes received from the client 3.3.3.3 by the router 2.2.2.2 are reflected to 4.4.4.4 and vice-versa. Routes received from 1.1.1.1 are reflected to all clients. To configure router 1.1.1.1, use the following commands: create vlan to_rr configure vlan to_rr add port 1:1...
Page 401: Route Confederations
BGP Features To configure router 4.4.4.4, use the following commands: create vlan to_rr configure vlan to_rr add port 1:1 configure vlan to_rr ipaddress 30.0.0.1/24 enable ipforwarding vlan to_rr configure bgp router 4.4.4.4 configure bgp as-number 100 create bgp neighbor 30.0.0.2 remote-as 100 enable bgp neighbor all enable bgp Route Confederations...
Page 402 Exterior Gateway Routing Protocols between sub-AS 65001 and sub-AS 65002. Router B and router D are EBGP peers. EBGP is also used between the confederation and outside ASs. To configure router A, use the following commands: create vlan ab configure vlan ab add port 1 configure vlan ab ipaddress 192.1.1.6/30 enable ipforwarding vlan ab configure ospf add vlan ab area 0.0.0.0...
Page 403 BGP Features configure bgp add confederation-peer sub-AS-number 65002 enable bgp neighbor all To configure router C, use the following commands: create vlan ca configure vlan ca add port 1 configure vlan ca ipaddress 192.1.1.18/30 enable ipforwarding vlan ca configure ospf add vlan ca area 0.0.0.0 create vlan cb configure vlan cb add port 2 configure vlan cb ipaddress 192.1.1.21/30...
Page 404: Route Aggregation
Exterior Gateway Routing Protocols enable ipforwarding vlan ed configure ospf add vlan ed area 0.0.0.0 enable ospf configure bgp as-number 65002 configure bgp routerid 192.1.1.13 configure bgp confederation-id 200 enable bgp create bgp neighbor 192.1.1.14 remote-AS-number 65002 enable bgp neighbor 192.1.1.14 Route Aggregation Route aggregation is the process of combining the characteristics of several routes so that they are advertised as a single route.
Page 405: Bgp Route Flap Dampening
BGP Features Each BGP peer group is assigned a unique name when it is created. To create or delete peer groups, use the following command: create bgp peer-group <peer-group-name> delete bgp peer-group <peer-group-name> Changes made to the parameters of a peer group are applied to all neighbors in the peer group. Modifying the following parameters will automatically disable and enable the neighbors before changes take effect: remote-as...
Page 406 Exterior Gateway Routing Protocols Minimizing the Route Flap The route flap dampening feature minimizes the flapping problem as follows. Suppose that the route to network 172.25.0.0 flaps. The router (in which route dampening is enabled) assigns network 172.25.0.0 a penalty of 1000 and moves it to a “history” state in which the penalty value is monitored. The router continues to advertise the status of the route to neighbors.
Page 407: Bgp Route Selection
BGP Features Viewing the Route Flap Dampening Configuration To view the configured values of the route flap dampening parameters for a BGP neighbor, use the following command: show bgp [neighbor {detail} | neighbor <remoteaddr>] To view the configured values of the route flap dampening parameters for a BGP peer group, use the following command: show bgp peer-group {detail | <peer-group-name>...
Page 408: Route Redistribution
Exterior Gateway Routing Protocols Route Redistribution BGP, OSPF, and RIP can be enabled simultaneously on the switch. Route redistribution allows the switch to exchange routes, including static and direct routes, between any two routing protocols. Exporting routes from OSPF to BGP and from BGP to OSPF are discrete configuration functions. To run OSPF and BGP simultaneously, you must first configure both protocols and then verify the independent operation of each.
Page 409: Chapter 22: Ip Multicast Routing
IP Multicast Routing This chapter covers the following topics: Overview on page 409 ● Configuring IP Multicasting Routing on page 412 ● Configuration Examples on page 413 ● For more information on IP multicasting, refer to the following publications: RFC 1112—Host Extension for IP Multicasting ●...
Page 410: Pim Sparse Mode
MSM-1 ships with a Core license. The Aspen 8810 switch ships with an Advanced Edge license; you can obtain a Core License for the switch from Extreme Networks. A subset of PIM, called PIM Edge Mode, is available with an Advanced Edge license.
Page 411: Igmp Overview
You can run either PIM-DM or PIM-SM per virtual LAN (VLAN). PIM Mode Interoperation An Extreme Networks switch can function as a PIM multicast border router (PMBR). A PMBR integrates PIM-SM and PIM-DM traffic. When forwarding PIM-DM traffic into a PIM-SM network, the PMBR acts as a virtual first hop and encapsulates the initial traffic to RP.
Page 412: Configuring Ip Multicasting Routing
IP Multicast Routing Static IGMP To receive multicast traffic, a host must explicitly join a multicast group by sending an IGMP report; then, the traffic is forwarded to that host. In some situations, you would like multicast traffic to be forwarded to a port where a multicast-enabled host is not available (for example, when you test multicast configurations).
Page 413: Configuration Examples
Configuration Examples 3 Enable PIM on all IP multicast routing interfaces using the following command: configure pim add vlan [<vlan_name> | all] {dense | sparse} {passive} 4 Enable PIM on the router using the following command: enable pim Configuration Examples Figure 65 Figure 66 are used in...
Page 414: Pim-Sm Configuration Example
IP Multicast Routing The router labeled IR1 has the following configuration: configure vlan HQ_10_0_1 ipaddress 10.0.1.2 255.255.255.0 configure vlan HQ_10_0_2 ipaddress 10.0.2.2 255.255.255.0 configure ospf add vlan all area 0.0.0.0 enable ipforwarding enable ospf enable ipmcforwarding configure pim add vlan all dense enable pim PIM-SM Configuration Example Figure...
Page 415 Configuration Examples configure vlan LA_161_48_2 ipaddress 161.48.2.2 255.255.255.0 configure vlan CHI_160_26_26 ipaddress 160.26.26.1 255.255.255.0 configure ospf add vlan all area 0.0.0.0 enable ipforwarding enable ipmcforwarding configure pim add vlan all sparse tftp TFTP_SERV -g -r rp_list.pol configure pim crp HQ_10_0_3 rp_list 30 configure pim cbsr HQ_10_0_3 30 ExtremeWare XOS 11.1 Concepts Guide...
Page 416 IP Multicast Routing ExtremeWare XOS 11.1 Concepts Guide...
Page 417 Appendixes...
Page 419: Appendix A: Software Upgrade And Boot Options
For more information about installing the external compact flash memory card into the external compact flash slot of the MSM, please refer to the Extreme Networks Consolidated XOS Hardware Installation Guide. Selecting the partition to use when downloading an image. For more information, see “Selecting a...
Page 420: Installing A Modular Software Package
Software Upgrade and Boot Options If you download and install the software image on the active partition, the switch automatically reboots after the download and installation is completed. The following message appears when downloading and installing on the active partition: Image will be installed to the active partition, a reboot required.
Page 421: Selecting A Primary Or A Secondary Image
Downloading a New Image NOTE Do not terminate a process that was installed since the last reboot unless you have saved your configuration. If you have installed a software module and you terminate the newly installed process without saving your configuration, your module may not be loaded when you attempt to restart the process with the command.
Page 422: Software Signatures
Software Upgrade and Boot Options Table 53: Image version fields (Continued) Field Description patch Identifies a specific patch release. build Specifies the ExtremeWare XOS build number. This value is reset to zero for each new major and minor release. Software Signatures Each ExtremeWare XOS image contains a unique signature.
Page 423: Understanding Hitless Upgrade-Blackdiamond 10K Switch Only
Performing a Hitless Upgrade The steps described in this section assume the following: You have received the new software image from Extreme Networks, and the image is on either a ● TFTP server, PC, or an external compact flash memory card. See “Downloading a New Image”...
Page 424: Detailed Steps
Software Upgrade and Boot Options Detailed Steps To perform a hitless upgrade to install and upgrade the ExtremeWare XOS software on your system, complete the following steps: 1 View your selected and booted partition using the following command: show switch Output from this command includes the selected and booted images and if they are in the primary or the secondary partition.
Page 425: Hitless Upgrade Examples
Using the assumptions described below, the following examples perform a hitless upgrade for a core software image on the BlackDiamond 10K switch: You have received the new software image from Extreme Networks named bd10K-11.1.0.14.xos. ● You do not know your selected or booted partitions.
Page 426: Saving Configuration Changes
Software Upgrade and Boot Options Saving Configuration Changes The configuration is the customized set of parameters that you have selected to run on the switch. As you make configuration changes, the new settings are stored in run-time memory. Settings that are stored in run-time memory are not retained by the switch when the switch is rebooted.
Page 427: Viewing A Configuration
Markup Language (XML) format. This allows you to send a copy of the configuration file to the Extreme Networks Technical Support department for problem-solving purposes. You are unable to view configuration files with a text editor. To view your current switch configuration, use the command available on your switch.
Page 428: Using Tftp To Download The Configuration
Software Upgrade and Boot Options Where the following is true: —Is the host name of the TFTP server ● host-name —Is the IP address of the TFTP server ● ip_address —Puts the specified file from the local host and copies it to the TFTP server ●...
Page 429: Automatic Synchronization Of Configuration Files
Interaction with the Bootloader is required only under special circumstances and should be done only under the direction of Extreme Networks Customer Support. The necessity of using these functions implies a nonstandard problem which requires the assistance of Extreme Networks Customer Support.
Page 430: Upgrading The Bootrom-Blackdiamond 10K Switch Only
Upgrade the BootROM from a TFTP server or an external compact flash memory card installed in the compact flash slot of the MSM, after the switch has booted. Upgrade the BootROM only when asked to do so by an Extreme Networks technical representative. To upgrade the BootROM, use the following command: download bootrom [[<ipaddress>...
Page 431: Upgrading The Firmware-Aspen 8810 Switch Only
Upgrading the Firmware—Aspen 8810 Switch Only Upgrading the Firmware—Aspen 8810 Switch Only Firmware images are bundled with ExtremeWare XOS software images. ExtremeWare XOS automatically compares the existing firmware image flashed into the hardware with the firmware image bundled with the ExtremeWare XOS image when you: Download a new version of ExtremeWare XOS to the active partition.
Page 432 Software Upgrade and Boot Options ExtremeWare XOS 11.1 Concepts Guide...
Page 433: Appendix B: Troubleshooting
Troubleshooting This appendix describes some troubleshooting tips on the following topics: LEDs on page 433 ● Using the Command Line Interface on page 434 ● Using Standalone ELRP to Perform Loop Tests on page 440 ● Using the Rescue Software Image on page 442 ●...
Page 434: Using The Command Line Interface
Switch does not power up: All products manufactured by Extreme Networks use digital power supplies with surge protection. In the event of a power surge, the protection circuits shut down the power supply. To reset the power, unplug the switch for 1 minute, plug it back in, and attempt to power-up the switch.
Page 435 Using the Command Line Interface no parity ■ XON/OFF flow control enabled ■ For console port access, you may need to press [Return] several times before the welcome prompt appears. The SNMP Network Manager cannot access the device: Check that: The Simple Network Management Protocol (SNMP) access is enabled for the system.
Page 436: Port Configuration
Because the other network device is not participating in autonegotiation (and does not advertise its capabilities), parallel detection on the Extreme Networks switch is able only to sense 10 Mbps versus 100 Mbps speed and not the duplex mode. Therefore, the switch establishes the link in half-duplex mode using the correct speed.
Page 437: Vlans
● configure port <port #> auto off you are connecting the Extreme Networks switch to devices that do not support autonegotiation. By default, the Extreme Networks switch has autonegotiation set to On for Gigabit ports. You are using multimode fiber (MMF) when using a 1000BASE-SX Gigabit Ethernet Interface ●...
Page 438: Stp
Troubleshooting You have connected an endstation directly to the switch and the endstation fails to boot correctly: The switch has the Spanning Tree Protocol (STP) enabled, and the endstation is booting before the STP initialization process is complete. Specify that STP has been disabled for that VLAN, or turn off STP for the switch ports of the endstation and devices to which it is attempting to connect;...
Page 439: Esrp
Using the Command Line Interface ESRP ESRP names: There are restrictions on Extreme Standby Router Protocol (ESRP) names. They cannot contain whitespaces and cannot start with a numeric value. You cannot enable an ESRP domain: Before you enable a specific ESRP domain, it must have a domain ID. A domain ID is either a user- configured number or the 802.1Q tag (VLANid) of the tagged master VLAN.
Page 440: Using Standalone Elrp To Perform Loop Tests
Troubleshooting Using Standalone ELRP to Perform Loop Tests Having a tool to determine if the network has any loops is extremely useful. There are various other protocols that can exploit this tool to prevent network loops. There are also situations where you might want to check the topology for the existence or absence of a loop.
Page 441: Configuring Standalone Elrp
<vlan_name> ports [<ports> | all] interval <sec> —(This command is backward compatible with retry <count> [log | print | print-and-log] Extreme Networks switches running the ExtremeWare software.) ● run elrp <vlan_name> {ports <ports>} {interval <sec>} {retry <count>} These commands start one-time, non-periodic ELRP packet transmission on the specified ports of the VLAN using the specified count and interval.
Page 442: Displaying Standalone Elrp Information
Troubleshooting Displaying Standalone ELRP Information To display summary ELRP information, use the following command: show elrp The following information about ELRP appears: State of ELRP (enabled/disabled). ● Clients registered with ELRP ● ELRP packets transmitted ● ELRP packets received ● For more detailed information about the output associated with the command, see the show elrp...
Page 443: Debug Mode
Options.” If you are unable to recover the switch with the rescue image, or the switch does not reboot, please contact Extreme Networks Technical Support. Debug Mode The Event Management System (EMS) provides a standard way to filter and store messages generated by the switch.With EMS, you must enable debug mode to display debug information.
Page 444: Saving Debug Information To The External Memory Card
MSM. For more information about installing an external compact flash memory card, please refer to the Extreme Networks Consolidated XOS Hardware Installation Guide.
Page 445 Saving Debug Information to the External Memory Card Displaying Files To display a list of the files stored on your card, including configuration and policy files, use the following command: ls {memorycard} Output from this command includes the file size, date and time the file was last modified, and the file name.
Page 446: Top Command
UNIX documentation. TFTP Server Requirements Extreme Networks recommends using a TFTP server that supports blocksize negotiation (as described in RFC 2348, TFTP Blocksize Option), to enable faster file downloads and larger file downloads. System Health Check...
Page 447: Enabling And Disabling Backplane Diagnostic Packets On The Switch
System Health Check Backplane diagnostic packets are disabled by default. Once this feature is enabled, the system health ● checker tests the packet path for a specific I/O module every 6 seconds by default. The Management Switch Fabric Module (MSM) sends and receives diagnostic packets from the I/O module to determine the state and connectivity.
Page 448: System Odometer
Troubleshooting NOTE Extreme Networks does not recommend configuring an interval of less than the default interval. Doing so can cause excessive CPU utilization. System Odometer Each field replaceable component contains a system odometer counter in EEPROM. The show command displays an approximate days of service duration for an individual component odometers since the component was manufactured.
Page 449: Corrupted Bootrom On The Aspen 8810 Switch
BootROM image. Finally, a corrupted compact flash can be recovered from either the Alternate or Default BootROM. For more information, please refer to the Extreme Networks Consolidated XOS Hardware Installation Guide. Inserting Powered Devices in the PoE Module—Aspen...
Page 450: Contacting Extreme Technical Support
When the test is finished, the MSM reboots and runs the ExtremeWare XOS software. Contacting Extreme Technical Support If you have a network issue that you are unable to resolve, contact Extreme Networks technical support. Extreme Networks maintains several Technical Assistance Centers (TACs) around the world to answer networking questions and resolve network problems.
Page 451: Appendix C: Supported Protocols, Mibs, And Standards
Supported Protocols, MIBs, and Standards The following is a list of software standards and protocols supported by ExtremeWare XOS. General Routing and Switching RFC 1812 Requirements for IP Version 4 Routers RFC 793 Transmission Control Protocol RFC 1519 An Architecture for IP Address Allocation RFC 826 Ethernet Address Resolution Protocol: Or with CIDR converting network protocol addresses to 48.bit Ethernet...
Page 452 Supported Protocols, MIBs, and Standards OSPF RFC 2328 OSPF Version 2 RFC 1765 OSPF Database Overflow RFC 1587 The OSPF NSSA Option RFC 2370 The OSPF Opaque LSA Option BGP4 RFC 1771 A Border Gateway Protocol 4 (BGP-4) RFC 1745 BGP4/IDRP for IP---OSPF Interaction RFC 1965 Autonomous System Confederations for BGP RFC 2385 Protection of BGP Sessions via the TCP MD5 Signature Option...
Page 453 Management - SNMP & MIBs RFC 1157 Simple Network Management Protocol RFC 2572 Message Processing and Dispatching for the (SNMP) Simple Network Management Protocol (SNMP) RFC 1215 Convention for defining traps for use with RFC 2573 Simple Network Management Protocol the SNMP (SNMP) Applications RFC 1901 Introduction to Community-based SNMPv2...
Page 454 Supported Protocols, MIBs, and Standards DiffServ - Standards and MIBs RFC 2474 Definition of the Differentiated Services Field RFC 2597 Assured Forwarding PHB Group (DS Field) in the IPv4 and IPv6 Headers RFC 2598 An Expedited Forwarding PHB RFC 2475 An Architecture for Differentiated Services ExtremeWare XOS 11.1 Concepts Guide...
Page 455: Glossary
MAC, IP addresses, IP type, or QoS queue. Once classified, the packets can be forwarded, counted, queued, or dropped. In Extreme Networks XOS software, you configure ACLs by creating a file, called a policy file (with a .pol file extension). The system parses the policy file and loads the ACL into the hardware.
Page 456 I/O module. The parameters differ across platforms and modules. blackholing In Extreme Networks implementation, you can configure the switch so that traffic is silently dropped. Although this traffic appears as received, it does not appear as transmitted (because it is dropped).
Page 457 B (continued) BOOTP Bootstrap Protocol. BOOTP is an Internet protocol used by a diskless workstation to discover its own IP address, the IP address of a BOOTP server on the network, and a file that can be loaded into memory to boot the machine.
Page 458 LAN segment. Each LAN segment has only one designated port. Device Manager The Device Manager is an Extreme Networks-proprietary process that runs on every node and is responsible for monitoring and controlling all of the devices in the system. The Device Manager is useful for system redundancy.
Page 459 QoS by implementing complex classification and mapping functions at the network boundary or access points. In the Extreme Networks implementation, you can configure the desired QoS by replacing or mapping the values in the DS field to egress queues that are assigned varying priorities and bandwidths.
Page 460 Layer 2 and routing services to users. ESRP-aware device This is an Extreme Networks device that is not running ESRP itself but that is connected on a network with other Extreme Networks switches that are running ESRP. These ESRP-aware devices also fail over.
Page 461 E (continued) ESRP groups An ESRP group runs multiple instances of ESRP within the same VLAN (or broadcast domain). To provide redundancy at each tier, use a pair of ESRP switches on the group. ESRP instance You enable ESRP on a per domain basis; each time you enable ESRP is an ESRP instance.
Page 462 In the Extreme Networks implementation, hitless failover means that designated configurations survive a change of primacy between the two MSMs with all details intact. Thus, those features run seamlessly during and after control of the system changes from one MSM to another.
Page 463 Internet Router Discovery Protocol. Used with IP, IRDP enables a host to determine the address of a router that it can use as a default gateway. In Extreme Networks implementation, IP multinetting requires a few changes for the IRDP. jumbo frames These are Ethernet frames that are larger that 1522 bytes (including the 4 bytes in the CRC).
Page 464 Glossary L (continued) link type In OSPF, there are four link types that you can configure: auto, broadcast, point-to-point, and passive. load sharing Load sharing, also known as trunking or link aggregation, conforms to IEEE 802.3ad. This feature is the grouping of multiple network links into one logical high-bandwidth link.
Page 465 Capable of sending multiple transmissions simultaneously, MMF is commonly used for communications of 2 kilometers or less. Master Switch Fabric Module. This Extreme Networks-proprietary name refers to the module that holds both the control plane and the switch fabric for switches that run the ExtremeWare XOS software.
Page 466 BGP next hop gateway address, community values, and other information. node In the Extreme Networks implementation, a node is a CPU that runs the management application on the switch. Each MSM installed in the chassis is a node.
Page 467 O (continued) OSI reference model The 7-layer standard model for network architecture is the basis for defining network protocol standards and the way that data passes through the network. Each layer specifies particular network functions; the highest layer is closest to the user, and the lowest layer is closest to the media carrying the information.
Page 468 POST Power On Self Test. On Extreme Networks switches, the POST runs upon powering-up the device. If the MGMT LED is yellow after the POST completes, contact your supplier for advice.
Page 469 Quality of Service. Policy-enabled QoS is a network service that provides the ability to prioritize different types of traffic and to manage bandwidth over a network. QoS uses various methods to prioritize traffic, including IEEE 802.1p values and IP DiffServ values. RADIUS Remote Authentication Dial In User Service.
Page 470 You can also set traps using SNMP, which send notifications of network events to the system log. Secure Shell. Extreme Networks uses version 2 of SSH, which is SSH2. This feature allows you to encrypt Telnet session data between a switch and an SSH2 client on a remote system.
Page 471 Spanning Tree Domain. An STPD is an STP instance that contains one or more VLANs. The switch can run multiple STPDs, and each STPD has its own root bridge and active path. In the Extreme Networks implementation of STPD, each domain has a carrier VLAN (for carrying STP information) and one or more protected VLANs (for carrying the data).
Page 472 The identity of the virtual router you are working in currently displays in the prompt line of the CLI. The virtual routers discussed in relation to Extreme Networks switches themselves are not the same as the virtual router in VRRP.
Page 473 V (continued) virtual router MAC address In VRRP, RFC 2338 assigns a static MAC address for the first five octets of the VRRP virtual router. These octets are set to 00-00-5E-00- 01. When you configure the VRRP VRID, the last octet of the MAC address is dynamically assigned the VRID number.
Page 474 Glossary V (continued) VRRP Virtual Router Redundancy Protocol. VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN. The VRRP router controlling the IP address(es) associated with a virtual router is called the master router, and forwards packets sent to these IP addresses.
Page 475: Index Of Commands
Index of Commands configure eaps secondary port, 277 configure eaps shared-port domain, 285 check policy, 180 configure eaps shared-port mode, 285 clear access-list counter, 190 configure eaps shared-port segment-timeout, 285 clear counters, 142, 247 configure edp advertisement-interval, 95 clear inline-power stats ports, 113 configure elrp-client one-shot, 441 clear log counters, 142 configure elrp-client periodic, 441...
Page 476 Index of Commands configure ip-mtu vlan, 84, 85 configure snmpv3 add filter subtree type, 65 configure iproute add default, 45, 49, 370 configure snmpv3 add filter-profile param, 65 configure iproute priority, 369 configure snmpv3 add group user, 62 configure jumbo-frame size, 84 configure snmpv3 add mib-view, 63 configure log filter, 137, 139 configure snmpv3 add mib-view subtree, 63...
Page 477 Index of Commands configure vrrp vlan vrid add track-ping, 356 disable netlogin logout-privilege, 237 configure vrrp vlan vrid add track-vlan, 356 disable netlogin ports vlan, 236 configure vrrp vlan vrid delete track-iproute, 356 disable netlogin session-refresh, 237 configure vrrp vlan vrid delete track-ping, 356 disable ospf capability opaque-lsa, 385 configure vrrp vlan vrid delete track-vlan, 356 disable ospf export, 390...
Page 478 Index of Commands enable license, 37 enable log debug-mode, 143, 443 ping, 37, 41, 42 enable log target, 132 enable log target console, 141 enable log target session, 141 enable netlogin, 237 quit, 49 enable netlogin logout-privilege, 237 enable netlogin session-refresh, 237 enable ospf, 370 enable ospf capability opaque-lsa, 385 reboot, 53, 54, 422...
Page 479 Index of Commands show inline-power configuration ports, 111, 113, show snmpv3 target-params, 65 show snmpv3 user, 61 show inline-power info ports, 106, 118 show sntp-client, 69 show inline-power slot, 110, 116 show stpd, 301, 323 show inline-power stats ports, 119 show stpd ports, 310, 323 show inline-power stats slot, 116 show switch, 52, 53, 67, 69, 247, 421, 424...
Page 480 Index of Commands use configuration, 75, 426 use image, 421, 424 virtual-router, 173 ExtremeWare XOS 11.1 Concepts Guide...
Page 481: Index
Index Symbols action modifiers, ACL, 184 action statements, policy, 194 # prompt, 38 actions, ACL, 184 * prompt, 38 active interface, 410 .cfg file, 426 Address Resolution Protocol. See ARP .pol file, 180 address-based load-sharing, 87, 88 .xmod file, 420 admin account, 38 .xos file, 420 Advanced Core license, 28...
Page 482 Index BGP (continued) autonomous system, 398 campus mode authentication, 230 autonomous system path, 398 carrier vlan, STP, 296 cluster, 399 checkpointing community, 398 bulk, 53 description, 398 dynamic, 54 examples statistics, displaying, 54 route confederations, 401–404 CLEARFlow route reflector, 399–401 configuring, 253 features, 399 enabling and disabling, 253...
Page 483 Index configuration DHCP relay primary and secondary, 426 and IP multinetting, 376 returning to factory default, 427 configuring, 378 viewing current, 427 viewing, 379 configuration command prompt, 38 DHCP server configuration domain, virtual routers, 171 and IP multinetting, 376 configuration file description, 238 .cfg file, 426 diagnostics...
Page 484 Index EAPS (continued) EMISTP hellotime, 276 description, 298 licensing, 267 example, 305 link down message, 270 rules, 306 master node, 268, 275 multiple domains per switch, 272 and dual MSM systems, 133 names, 33 configuring targets overview, 25 components, 135 polling, 270 conditions, 136 polling timers, configuring, 276...
Page 485 Index ESRP (continued) extended mode, ESRP domain, 325, 329 displaying data, 345 Extreme Discovery Protocol. See EDP domain ID, 330 Extreme Loop Recovery Protocol. See ELRP domains, description, 330 Extreme Multiple Instance Spanning. don’t count, 343 EMISTP election algorithms, 334 Extreme Standby Router Protocol.
Page 486 Index IP fragmentation, 85 IP multicast routing Greenwich Mean Time Offsets (table), 69 configuring, 412 groups description, 409 ESRP, 344 example, 413 SNMPv3, 61 IGMP description, 411 snooping, 411 snooping filters, 412 hardware support, 23 PIM mode interoperation, 411 History, RMON, 148 PIM multicast border router (PMBR), 411 hitless failover PIM-DM, 410...
Page 487 Index IP unicast routing (continued) link types, configuring in RSTP, 310 populating, 366 link-state advertisement. See LSA static routes, 367 link-state database. See LSDB verifying the configuration, 370 link-state protocol, description, 382 IRDP, and IP multinetting, 374 load sharing ISP mode, 230 algorithms, 87, 88 and control protocols, 87 and ESRP don’t count, 343...
Page 488 Index mgmt VLAN, 45 MIBs, supported, 58, 453 opaque LSAs, OSPF, 385 modular switch Open Shortest Path First. See OSPF jumbo frames, 83 OSPF load sharing, configuring, 89 advantages, 382 monitor port, 91 and ESRP, 334 port number, 80 and IP multinetting, 374 port-mirroring, 91, 92 area 0, 386 slot configuration, 79...
Page 489 Index policy file and IP multinetting, 376 copying, 73, 445 mode interoperation, 411 deleting, 74, 445 multicast border router (PMBR), 411 displaying, 74, 445 PIM-DM renaming, 72, 445 description, 410 policy match conditions, 192 example, 413 policy-based QoS. See QoS PIM-SM polling interval, sFlow, 145 description, 410...
Page 490 Index power checking, PoE modules, 103 proxy ARP (continued) power management responding to requests, 368 consumption, 55 subnets, 369 initial system boot-up, 55 public community, SNMP, 58 loss of power, 56 PVST+ replacement power supply, 56 description, 298, 308 Power over Ethernet. native VLAN, 308 See PoE VLAN mapping, 308...
Page 491 Index QoS (continued) read-only switch access, 58 minimum bandwidth, 206 read-write switch access, 58 monitoring real-time performance, 219 reboot overview, 25 MSM, 422 peak rates, 206 switch, 422 priority, 205, 206 receive errors, port, 122 profiles redundant ports, software-controlled default, 206, 207 configuring, 97 description, 204 description, 96...
Page 492 Index route confederations, 401 SSH2, 50 route flap dampening, 405 Telnet, 46 route reflectors, 399 TFTP, 50 route selection, 407 severity levels, EMS, 134 router interfaces, 365 sFlow router types, OSPF, 386 configuring, 144 Routing Information Protocol. See RIP displaying configuration, 146 routing protocols and virtual routers, 172 displaying statistics, 146 routing table entries, RIP, 382...
Page 493 Index SNMPv3 overview, 25 filter profiles and filters, 65 TCP port number, 250 groups, 61 standard mode, ESRP domain, 325, 329 MIB access control, 63 start process, 75 notification, 64 static IGMP, 412 overview, 59 static networks, and BGP, 408 security, 60 static routes, 367 security name, 61...
Page 494 Index STP (continued) system redundancy port states bulk checkpointing, 53 blocking, 298 configuring node priority, 52 disabled, 299 determining the primary node, 51 displaying, 323 dynamic checkpointing, 54 forwarding, 299 failover, 52 learning, 299 node election, 51 listening, 299 relaying configurations, 53 protected VLAN, 296 viewing PVST+, description, 308...
Page 495 Index TFTP tunneling, 163, 167 connecting to another host, 50 See also VMANs default port, 51 Type of Service. See TOS description, 50 maximum number of sessions, 50 server, 419 UDP echo server, 380 server requirements, 50, 446 untagged frames, VLANs, 153, 160 using, 50, 427 upgrading the image, 419 timeout interval, EDP, 95...
Page 496 Index virtual routers (continued) jumbo frames, 83 displaying information, 173 names, 33 overview, 24 tagging ports, 164 system, 170 troubleshooting, 87, 165 troubleshooting, 24 tunneling, 163 user, 170 voice applications, and QoS, 202 VLAN tagging, 155 VRRP VLANid, 155 advertisement interval, 358, 361 VLANs and ESRP, 353, 359, 364 and load sharing, 90...

This manual is also suitable for:

Extremeware xos 11.1

Save PDF