Summary of Contents for Extreme Networks ExtremeWare XOS Guide
Page 1
ExtremeWare XOS Concepts Guide Software Version 10.1 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 http://www.extremenetworks.com Published: February 2004 Part number: 100150-00 Rev 02...
Page 2
Extreme Networks, Inc., which may be registered or pending registration in certain jurisdictions. The Extreme Turbodrive logo is a service mark of Extreme Networks, which may be registered or pending registration in certain jurisdictions. Specifications are subject to change without notice.
Contents Preface Introduction Terminology Conventions Related Publications Part 1 Using ExtremeWare XOS Chapter 1 ExtremeWare XOS Overview Virtual Routers Virtual LANs (VLANs) Spanning Tree Protocol Quality of Service Unicast Routing IP Multicast Routing Load Sharing Chapter 2 Accessing the Switch Understanding the Command Syntax Syntax Helper Command Shortcuts...
Page 4
Contents User Account Administrator Account Default Accounts Creating a Management Account Domain Name Service Client Services Checking Basic Connectivity Ping Traceroute Chapter 3 Managing the Switch Overview Understanding the XOS Shell Configuring the Number of Active Shell Sessions Using the Console Interface Using the 10/100 Ethernet Management Port Using Telnet Connecting to Another Host Using Telnet...
Page 5
Contents Chapter 4 Configuring Slots and Ports on a Switch Configuring a Slot on a Modular Switch Configuring Ports on a Switch Enabling and Disabling Switch Ports Configuring Switch Port Speed and Duplex Setting Jumbo Frames Enabling Jumbo Frames Path MTU Discovery IP Fragmentation with Jumbo Frames IP Fragmentation within a VLAN Load Sharing on the Switch...
Page 6
Contents FDB Configuration Examples MAC-Based Security Displaying FDB Entries Chapter 7 Quality of Service (QoS) Overview of Policy-Based Quality of Service Applications and Types of QoS Voice Applications Video Applications Critical Database Applications Web Browsing Applications File Server Applications Configuring QoS QoS Profiles Traffic Groupings Explicit Class of Service (802.1p and DiffServ) Traffic Groupings...
Page 7
Contents Filtering Events Sent to Targets Formatting Event Messages Displaying Real-Time Log Messages Displaying Events Logs Uploading Events Logs Displaying Counts of Event Occurrences Displaying Debug Information Chapter 9 Security Security Overview Network Access Security IP Access Lists (ACLs) Creating IP Access Lists ACL File Syntax Example ACL Rule Entries Using Access Lists on the Switch...
Page 8
Contents STP Configurations Basic STP Configuration Multiple STPDs on a Port VLAN Spanning Multiple STPDs EMISTP Deployment Constraints Per-VLAN Spanning Tree STPD VLAN Mapping Native VLAN Rapid Spanning Tree Protocol RSTP Terms RSTP Concepts RSTP Operation STP Rules and Restrictions Configuring STP on the Switch STP Configuration Examples Displaying STP Settings...
Page 9
Contents Verifying the IP Unicast Routing Configuration Routing Configuration Example Configuring DHCP/BOOTP Relay Verifying the DHCP/BOOTP Relay Configuration UDP Echo Server Chapter 13 Interior Gateway Protocols Overview RIP Versus OSPF Overview of RIP Routing Table Split Horizon Poison Reverse Triggered Updates Route Advertisement of VLANs RIP Version 1 Versus RIP Version 2 Overview of OSPF...
Page 10
Contents BGP Peer Groups BGP Route Flap Dampening BGP Route Selection Stripping Out Private AS Numbers from Route Updates Route Re-Distribution BGP Static Network Chapter 15 IP Multicast Routing Overview PIM Overview IGMP Overview Configuring IP Multicasting Routing Configuration Examples PIM-DM Configuration Example Configuration for IR1 Configuration for ABR1...
Contents Debug Mode System Health Check System Odometer Contacting Extreme Technical Support Appendix C Supported Protocols, MIBs, and Standards Index Index of Commands ExtremeWare XOS 10.1 Concepts Guide...
Page 12
Contents ExtremeWare XOS 10.1 Concepts Guide...
This guide provides the required information to configure ExtremeWare XOS software running on either modular or stand-alone switches from Extreme Networks. The guide is intended for use by network administrators who are responsible for installing and setting up network equipment. It assumes a basic working knowledge of: •...
• ExtremeWare XOS release notes • ExtremeWare XOS 10.1 Command Reference Guide • Extreme Networks BlackDiamond 10K-Series Switch Installation Guide Documentation for Extreme Networks products is available on the World Wide Web at the following location: http://www.extremenetworks.com/ ExtremeWare XOS 10.1 Concepts Guide...
ExtremeWare XOS is the full-featured software operating system that is designed to run on the Extreme Networks BlackDiamond 10800 family of switches. NOTE ExtremeWare XOS 10.1 only supports Extreme Networks BlackDiamond 10800 family products. This does not include other BlackDiamond families, Alpine , and Summit “i”, Summit 24e3, and Summit 200 series platforms.
ExtremeWare XOS Overview Virtual LANs (VLANs) ExtremeWare XOS has a VLAN feature that enables you to construct your broadcast domains without being restricted by physical connections. A VLAN is a group of location- and topology-independent devices that communicate as if they were on the same physical local area network (LAN). Implementing VLANs on your network has the following three advantages: •...
• OSPF version 2 • BGP version 4 NOTE For more information on IP unicast routing, see Chapter 12. For more information on RIP, see Chapter 20. IP Multicast Routing The switch can use IP multicasting to allow a single IP host to transmit a packet to a group of IP hosts. ExtremeWare XOS supports multicast routes that are learned by the Protocol Independent Multicast (dense mode or sparse mode).
Page 20
ExtremeWare XOS Overview ExtremeWare XOS 10.1 Concepts Guide...
Accessing the Switch This chapter covers the following topics: • Understanding the Command Syntax on page 21 • Line-Editing Keys on page 24 • Command History on page 25 • Common Commands on page 25 • Configuring Management Access on page 27 •...
Accessing the Switch 3 The value part of the command specifies how you want the parameter to be set. Values include numerics, strings, or addresses, depending on the parameter. 4 After entering the complete command, press [Return]. NOTE If an asterisk (*) appears in front of the command line prompt, it indicates that you have outstanding configuration changes that have not been saved.
Understanding the Command Syntax configure engineering delete port 1:3,4:6 Similarly, on the stand-alone switch, instead of entering the command configure vlan engineering delete port 1-3,6 you could enter the following shortcut: configure engineering delete port 1-3,6 Although it is helpful to have unique names for system components, this is not a requirement. If ExtremeWare XOS encounters any ambiguity in the components within your command, it generates a message requesting that you clarify the object you specified.
Accessing the Switch Symbols You may see a variety of symbols shown as part of the command syntax. These symbols explain how to enter the command, and you do not type them as part of the command itself. Table 3 summarizes command syntax symbols.
Command History Table 4: Line-Editing Keys (continued) Key(s) Description [Ctrl] + H or Deletes character to left of cursor and shifts remainder of line to left. Backspace Delete or [Ctrl] + D Deletes character under cursor and shifts remainder of line to left. [Ctrl] + K Deletes characters from under cursor to end of line.
Page 26
Accessing the Switch Table 5: Common Commands (continued) Command Description configure banner Configures the banner string. You can enter up to 24 rows of 79-column text that is displayed before the login prompt of each session. Press [Return] at the beginning of a line to terminate the command and apply the banner.
Configuring Management Access Table 5: Common Commands (continued) Command Description unconfigure switch {all} Resets all switch parameters (with the exception of defined user accounts, and date and time information) to the factory defaults. If you specify the keyword all, the switch erases the currently selected configuration image in flash memory and reboots.
Accessing the Switch If an asterisk (*) appears in front of the command line prompt, it indicates that you have outstanding configuration changes that have not been saved. For example: * BD-1.19 # Default Accounts By default, the switch is configured with two accounts, as shown in Table 6. Table 6: Default Accounts Account Name Access Level...
Domain Name Service Client Services NOTE If you forget your password while logged out of the command line interface, contact your local technical support representative, who will advise on your next course of action. Creating a Management Account The switch can have a total of 16 management accounts. You can use the default names (admin and user), or you can create new names and passwords for the accounts.
Accessing the Switch For example, if you specify the domain “xyz-inc.com” as the default domain, then a command such as will be taken as if it had been entered ping accounting1 ping accounting1.xyz-inc.com Checking Basic Connectivity The switch offers the following commands for checking basic connectivity: •...
Page 31
Checking Basic Connectivity where: • is the IP address of the destination endstation. ip_address • is the hostname of the destination endstation. To use the hostname, you must first hostname configure DNS. • uses the specified source address in the ICMP packet. If not specified, the address of the from transmitting interface is used.
Page 32
Accessing the Switch ExtremeWare XOS 10.1 Concepts Guide...
Managing the Switch This chapter covers the following topics: • Overview on page 33 • Understanding the XOS Shell on page 34 • Using the Console Interface on page 34 • Using the 10/100 Ethernet Management Port on page 34 •...
Managing the Switch Understanding the XOS Shell When you login to ExtremeWare XOS from a terminal, you enter the XOS shell and the XOS shell prompt is displayed. At the shell prompt, you input the commands to be executed on the switch. After the switch processes and executes a command, the results are relayed to and displayed on your terminal.
Using Telnet The management port on the MSM is a DTE port. The TCP/IP configuration for the management port is done using the same syntax as used for VLAN configuration. The VLAN mgmt comes preconfigured with only the 10/100 UTP management port as a member. When you configure the IP address for the VLAN mgmt, it gets assigned to the primary MSM.
Managing the Switch Configuring Switch IP Parameters To manage the switch by way of a Telnet connection or by using an SNMP Network Manager, you must first configure the switch IP parameters. Using a BOOTP or DHCP Server If you are using IP and you have a Bootstrap Protocol (BOOTP) server set up correctly on your network, you must provide the following information to the BOOTP server: •...
Page 37
Using Telnet The switch comes configured with a default VLAN named default. To use Telnet or an SNMP Network Manager, you must have at least one VLAN on the switch, and it must be assigned an IP address and subnet mask. IP addresses are always assigned to each VLAN. The switch can be assigned multiple IP addresses.
Managing the Switch 7 Save your configuration changes so that they will be in effect after the next switch reboot, by typing: save 8 When you are finished using the facility, log out of the switch by typing: logout quit Disconnecting a Telnet Session An administrator-level account can disconnect a Telnet management session.
Using SNMP To view the files you retrieved, enter the command at the command prompt. Enabling the TFTP Server By default, the TFTP server is disabled on the switch. You can choose to enable the TFTP server by using the following command: enable tftp To disable the TFTP server on the switch, use the following command disable tftp...
Managing the Switch There is no way to configure the switch to allow SNMPv1/v2c access and prevent SNMPv3 access. Most of the commands that support SNMPv1/v2c use the keyword ; most of the commands that snmp support SNMPv3 use the keyword snmpv3 Accessing Switch Agents To have access to the SNMP agent residing in the switch, at least one VLAN must have an IP address...
SNMP, SNMPv1 and SNMPv2c provided no privacy and little (or no) security. The following six RFCs provide the foundation for Extreme Networks implementation of SNMPv3: • RFC 3410, Introduction to version 3 of the Internet-standard Network Management Framework, provides an overview of SNMPv3.
An Extreme switch has one SNMPv3 engine, identified by its snmpEngineID. The first four octets are fixed to 80:00:07:7C, which represents the Extreme Networks Vendor ID. By default, the additional octets for the snmpEngineID are generated from the device MAC address. Every SNMPv3 engine necessarily maintains two objects: SNMPEngineBoots, which is the number of reboots the agent has experienced and SNMPEngineTime, which is the engine local time since reboot.
Page 43
Using SNMP SNMPEngineBoots can also be configured from the command line. SNMPEngineBoots can be set to any desired value but will latch on its maximum, 2147483647. To set the SNMPEngineBoots, use the following command: configure snmpv3 engine-boots <(1-2147483647)> Users, Groups, and Security SNMPv3 controls access and security using the concepts of users, groups, security models, and security levels.
Managing the Switch Users are associated with groups using the following command: configure snmpv3 add group {hex} <group_name> user {hex} <user_name> {sec-model [snmpv1| snmpv2 | usm]} {volatile} To show which users are associated with a group, use the following command: show snmpv3 group {{hex} <group_name>...
Using SNMP relationship between a MIB view and an access group. The users of the access group can then read, write, or receive notifications from the part of the MIB defined in the MIB view as configured in the access group. A view name, a MIB subtree/mask, and an inclusion or exclusion define every MIB view.
Page 46
Managing the Switch name also points to the filter profile used to filter the notifications. Finally, the notification tags are added to a notification table so that any target addresses using that tag will receive notifications. Target Addresses A target address is similar to the earlier concept of a trap receiver. To configure a target address, use the following command: configure snmpv3 add target-addr {hex} <addr_name>...
Page 47
Using SNMP When you create a filter profile, you are only associating a filter profile name with a target parameter name. The filters that make up the profile are created and associated with the profile using a different command. To create a filter profile, use the following command: configure snmpv3 add filter-profile {hex} <profile_name>...
Managing the Switch Configuring Notifications Since the target parameters name is used to point to a number of objects used for notifications, configure the target parameter name entry first. You can then configure the target address, filter profiles and filters, and any necessary notification tags. Authenticating Users ExtremeWare XOS provides two methods to authenticate users who login to the switch: •...
Using the Simple Network Time Protocol Configuring and Using SNTP To use SNTP, follow these steps: 1 Identify the host(s) that are configured as NTP server(s). Additionally, identify the preferred method for obtaining NTP updates. The options are for the NTP server to send out broadcasts, or for switches using NTP to query the NTP server(s) directly.
Page 50
Managing the Switch Table 8: Time zone configuration command options (continued) absolute_day Specifies a specific day of a specific year on which to begin or end DST. Format is: <month> <day> <year> where: • <month> is specified as 1-12 • <day> is specified as 1-31 •...
Page 51
Using the Simple Network Time Protocol Table 9: Greenwich mean time offsets Offset in GMT Offset Hours in Minutes Common Time Zone References Cities +0:00 GMT - Greenwich Mean London, England; Dublin, Ireland; Edinburgh, Scotland; Lisbon, Portugal; UT or UTC - Universal (Coordinated) Reykjavik, Iceland;...
Managing the Switch Table 9: Greenwich mean time offsets (continued) Offset in GMT Offset Hours in Minutes Common Time Zone References Cities +11:00 +660 +12:00 +720 IDLE - International Date Line East Wellington, New Zealand; Fiji, Marshall Islands NZST - New Zealand Standard NZT - New Zealand SNTP Example In this example, the switch queries a specific NTP server and a backup NTP server.
Configuring Slots and Ports on a Switch This chapter covers the following topics: • Configuring a Slot on a Modular Switch on page 53 • Configuring Ports on a Switch on page 54 • Jumbo Frames on page 56 • Load Sharing on the Switch on page 58 •...
Configuring Slots and Ports on a Switch clear slot <slot> All configuration information related to the slot and the ports on the module is erased. If a module is present when you issue this command, the module is reset to default settings. To display information about a particular slot, use the following command: show slot <slot number>...
Configuring Ports on a Switch Even though a port is disabled, the link remains enabled for diagnostic purposes. Configuring Switch Port Speed and Duplex Setting By default, the switch is configured to use autonegotiation to determine the port speed and duplex setting for each port.
Configuring Slots and Ports on a Switch Table 10: Support for Autonegotiation on Various Ports Autonegotiation Speed Duplex 1 G fiber On/Off Not configurable; Full duplex 1 G copper at 1000 Mbps Not configurable Not configurable 1 G copper at 10/100 On/Off 10/100 Mbps Full/Half duplex...
Jumbo Frames • The source host sets the path MTU low enough that its datagrams can be delivered without fragmentation. • The source host does not set the DF bit in the datagram headers. If it is willing to have datagrams fragmented, a source host can choose not to set the DF bit in datagram headers.
Configuring Slots and Ports on a Switch Load Sharing on the Switch Load sharing allows you to increase bandwidth and availability by using a group of ports to carry traffic in parallel between switches. Load sharing allows the switch to use multiple ports as a single logical port.
Switch Port-Mirroring configure sharing <master_port> delete ports <port_list> Load-Sharing Examples This section provides examples of how to define load-sharing on modular and stand-alone switches. Cross-Module Load Sharing on a Modular Switch The following example defines a load-sharing group that contains ports 9 through 12 on slot 3, ports 7 through 10 on slot 5, and uses the first port in the slot 3 group as the master logical port 9: enable sharing 3:9 grouping 3:9-3:12, 5:7-5:10 In this example, logical port 3:9 represents physical ports 3:9 through 3:12 and 5:7 through 5:10.
8:4 configure mirroring add port 8:1 Extreme Discovery Protocol The Extreme Discovery Protocol (EDP) is used to gather information about neighbor Extreme Networks switches. EDP is used to by the switches to exchange topology information. Information communicated using EDP includes: •...
Virtual LANs (VLANs) This chapter covers the following topics: • Overview of Virtual LANs on page 61 • Types of VLANs on page 62 • VLAN Names on page 70 • Configuring VLANs on the Switch on page 71 • Displaying VLAN Settings on page 72 Setting up Virtual Local Area Networks (VLANs) on the switch eases many time-consuming tasks of network administration while increasing efficiency in network operations.
Virtual LANs (VLANs) Types of VLANs VLANs can be created according to the following criteria: • Physical port • 802.1Q tag • Ethernet, LLC SAP, or LLC/SNAP Ethernet protocol type • MAC address • A combination of these criteria Port-Based VLANs In a port-based VLAN, a VLAN name is given to a group of one or more ports on the switch.
Page 63
Types of VLANs Spanning Switches with Port-Based VLANs To create a port-based VLAN that spans two switches, you must do two things: 1 Assign the port on each switch to the VLAN. 2 Cable the two switches together using one port on each switch per VLAN. Figure 2 illustrates a single VLAN that spans a BlackDiamond switch and another Extreme switch.
Virtual LANs (VLANs) Figure 3: Two port-based VLANs spanning two switches System 1 Accounting Engineering System 2 EX_063 VLAN Accounting spans system 1 and system 2 by way of a connection between system 2, port 29 and system 1, slot 1, port 6. VLAN Engineering spans system 1 and system 2 by way of a connection between system 2, port 32, and system 1, slot 8, port 6.
Page 65
Types of VLANs Uses of Tagged VLANs Tagging is most commonly used to create VLANs that span switches. The switch-to-switch connections are typically called trunks. Using tags, multiple VLANs can span multiple switches using one or more trunks. In a port-based VLAN, each VLAN requires its own pair of trunk ports, as shown in Figure 3. Using tags, multiple VLANs can span two switches with a single trunk.
Page 66
Virtual LANs (VLANs) Figure 4: Physical diagram of tagged and untagged traffic = Marketing System 1 = Sales = Tagged port Marketing & Sales 802.1Q Tagged server System 2 EX_064 Figure 5 is a logical diagram of the same network. Figure 5: Logical diagram of tagged and untagged traffic Marketing Sales...
Types of VLANs • The server connected to port 25 on system 1 is a member of both VLAN Marketing and VLAN Sales. • All other stations use untagged traffic. As data passes out of the switch, the switch determines if the destination port requires the frames to be tagged or untagged.
Page 68
Virtual LANs (VLANs) Figure 6: Protocol-based VLANs 192.207.35.1 192.207.36.1 My Company 192.207.35.0 192.207.36.0 Finance Personnel = IP traffic = All other traffic EX_065 Predefined Protocol Filters The following protocol filters are predefined on the switch: • IP • NetBIOS • DECNet •...
Types of VLANs configure protocol <name> add [etype | llc | snap] <hex> {[etype | llc | snap] <hex>} ... Supported protocol types include: — —EtherType. etype The values for are four-digit hexadecimal numbers taken from a list maintained by the etype IEEE.
Virtual LANs (VLANs) VLAN Names Each VLAN is given a name that can be up to 32 characters. VLAN names can use standard alphanumeric characters. The following characters are not permitted in a VLAN name: • Space • Comma • Quotation mark VLAN names must begin with an alphabetical letter.
Configuring VLANs on the Switch Configuring VLANs on the Switch This section describes the commands associated with setting up VLANs on the switch. Configuring a VLAN involves the following steps: 1 Create and name the VLAN. 2 Assign an IP address and mask (if applicable) to the VLAN, if needed. NOTE Each IP address and mask assigned to a VLAN must represent a unique IP subnet.
Virtual LANs (VLANs) configure sales tag 120 configure sales add port 1-3 tagged configure default delete port 4,7 configure sales add port 4,7 The following modular switch example creates a protocol-based VLAN named ipsales. Slot 5, ports 6 through 8, and slot 6, ports 1, 3, and 4-6 are assigned to the VLAN. In this example, you can add untagged ports to a new VLAN without first deleting them from the default VLAN, because the new VLAN uses a protocol other than the default protocol.
Displaying VLAN Settings Displaying Protocol Information To display protocol information, use the following command: show protocol {<name>} This command displays protocol information, which includes: show • Protocol name • List of protocol fields • VLANs that use the protocol ExtremeWare XOS 10.1 Concepts Guide...
Page 74
Virtual LANs (VLANs) ExtremeWare XOS 10.1 Concepts Guide...
Forwarding Database (FDB) This chapter describes the following topics: • Overview of the FDB on page 75 • FDB Configuration Examples on page 77 • MAC-Based Security on page 78 • Displaying FDB Entries on page 78 Overview of the FDB The switch maintains a database of all media access control (MAC) addresses received on all of its ports.
Forwarding Database (FDB) FDB Entry Types FDB entries may be dynamic or static, and may be permanent or non-permanent. The following describes the types of entries that can exist in the FDB: • Dynamic entries—A dynamic entry is learned by the switch by examining packets to determine the source MAC address, VLAN, and port information.
FDB Configuration Examples Non-permanent static entries are created by the switch software for various reasons, typically upon switch boot up. They are identified by the “s” flag in output. show fdb If the FDB entry aging time is set to zero, all entries in the database are considered static, non-aging entries.
Forwarding Database (FDB) create fdbentry 00:A0:23:12:34:56 vlan net34 dynamic qosprofile qp2 This entry has the following characteristics: • MAC address is 00:A0:23:12:34:56. • VLAN name is net34. • The entry will be learned dynamically. • QoS profile qp2 will be applied as an egress QoS profile when the entry is learned. Overriding 802.1p Priority This example associates the QoS profile qp5 with the wildcard permanent FDB entry any-mac on VLAN v110:...
Page 79
Displaying FDB Entries —Specifies the broadcast MAC address. May be used as an alternate to the • broadcast-mac colon-separated byte form of the address ff:ff:ff:ff:ff:ff • —Displays all permanent entries, including the ingress and egress QoS profiles. permanent • —Displays the entries for a set of ports or slots and ports. ports <portlist>...
Page 80
Forwarding Database (FDB) ExtremeWare XOS 10.1 Concepts Guide...
Page 81
Quality of Service (QoS) This chapter covers the following topics: • Overview of Policy-Based Quality of Service on page 82 • Applications and Types of QoS on page 82 • Configuring QoS on page 84 • QoS Profiles on page 84 •...
Quality of Service (QoS) Overview of Policy-Based Quality of Service Policy-based QoS allows you to protect bandwidth for important categories of applications or specifically limit the bandwidth associated with less critical traffic. For example, if voice–over-IP traffic requires a reserved amount of bandwidth to function properly, using policy-based QoS, you can reserve sufficient bandwidth critical to this type of application.
Applications and Types of QoS Video Applications Video applications are similar in needs to voice applications, with the exception that bandwidth requirements are somewhat larger, depending on the encoding. It is important to understand the behavior of the video application being used. For example, in the playback of stored video streams, some applications can transmit large amounts of data for multiple streams in one “spike,”...
Quality of Service (QoS) Table 11: Traffic Type and QoS Guidelines Traffic Type Key QoS Parameters Web browsing Minimum bandwidth for critical applications, maximum bandwidth for non-critical applications File server Minimum bandwidth Configuring QoS To configure QoS, you define how your switch responds to different categories of traffic by creating and configuring QoS profiles.
Traffic Groupings — When configured to do so, the priority of a QoS profile can determine the 802.1p bits used in the priority field of a transmitted packet (described later). — The priority of a QoS profile determines the DiffServ code point value used in an IP packet when the packet is transmitted (described later).
Quality of Service (QoS) Table 13: Traffic Groupings by Precedence (continued) • DiffServ (IP TOS) • 802.1P Physical Groupings • Source port Explicit Class of Service (802.1p and DiffServ) Traffic Groupings This category of traffic groupings describes what is sometimes referred to as explicit packet marking, and refers to information contained within a packet intended to explicitly determine a class of service.
Traffic Groupings Observing 802.1p Information When ingress traffic that contains 802.1p prioritization information is detected by the switch, the traffic is mapped to various hardware queues on the egress port of the switch. Eight hardware queues are supported. The transmitting hardware queue determines the bandwidth management and priority characteristics used when transmitting packets.
Page 88
Quality of Service (QoS) Figure 8: IP packet header encapsulation DiffServ code point bits Version Type-of-service Total length Identification Flags Fragment offset Time-to-live Protocol Header checksum Source address Destination address Options (+ padding) Data (variable) EW_023 Observing DiffServ Information When a packet arrives at the switch on an ingress port, the switch examines the first six of eight TOS bits, called the code point.
Verifying Configuration and Performance You can change the QoS profile assignment for all 64 code points using the following command: configure diffserv examination code-point <code-point> qosprofile <qosprofile> Once assigned, the rest of the switches in the network prioritize the packet using the characteristics specified by the QoS profile.
Quality of Service (QoS) QoS Monitor The QoS monitor is a utility that monitors the hardware queues associated with any port(s). The QoS monitor keeps track of the number of frames that a specific queue is responsible for transmitting on a physical port.
Status Monitoring and Statistics This chapter describes the following topics: • Status Monitoring on page 91 • Slot Diagnostics on page 91 • Port Statistics on page 93 • Port Errors on page 94 • Port Monitoring Display Keys on page 95 •...
Status Monitoring and Statistics If you run the diagnostic routine on an I/O module, that module is taken offline while the diagnostic test is performed. Traffic to and from the ports on the module are temporarily unavailable. Once the diagnostic test is completed, the I/O module is reset and becomes operational again. You must enter the Bootloader to run the diagnostic routine on the MSM module.
Port Statistics • 2—XOS secondary image • 3—Diagnostics for image 1 (initiates diagnostics for the primary image) • 4—Diagnostics for image 2 (initiates diagnostics for the secondary image) For example, to run diagnostics on the primary image, use the following command: boot 3 When the test is finished, the MSM reboots and runs the XOS software.
Status Monitoring and Statistics Port Errors The switch keeps track of errors for each port. To view port transmit errors, use the following command: show ports {<port_list>} txerrors The switch collects the following port transmit error information: • Port Number •...
Port Monitoring Display Keys Port Monitoring Display Keys Table 16 describes the keys used to control the displays that appear when you issue any of the show commands. port Table 16: Port monitoring display keys Key(s) Description Displays the previous page of ports. Displays the next page of ports.
Status Monitoring and Statistics The following sample output displays the temperature information: PowerSupply 1 information: Temperature: 30.1 deg C To view the current temperature of the fan trays, use the following command: show fans {detail} The following sample output displays the temperature information: FanTray 1 information: Temperature: 25.1 deg C...
System Redundancy Table 17: System redundancy terms (continued) Term Description Node Manager The Node Manager is a process that performs leader election between multiple nodes in the system. In simple terms, the Node Manager elects the primary and backup MSMs. If there is only one MSM installed, that MSM becomes the primary MSM.
Status Monitoring and Statistics • Slot ID—The number of the slot where the node is installed. • MAC address—The MAC address is used to determine the primary node if all other parameters are equal. Configuring Node Parameters To configure the parameters of a node, use the following command: configure node slot <slot_id>...
Page 99
System Redundancy 1 Relaying configuration information from the master to the backup 2 Ensuring that each individual process running on the system is in sync with the backup 3 Checkpointing any new state changes from the master to the backup Relaying Configuration Information This is the first level of checkpointing that is required to facilitate a failover: the primary’s configuration information is transferred to the backup MSM, and the backup MSM ignores their own flash...
Status Monitoring and Statistics show checkpoint-data {<process>} This command displays, in percentages, the amount of copying completed by each process and the traffic statistics between the process on both the primary and the backup MSMs. Viewing Node Statistics ExtremeWare XOS allows you to view node statistic information. Each node installed in your system is self-sufficient and runs the XOS management applications.
Event Management System/Logging — Matching parameters (for example, only messages with source IP addresses in the 10.1.2.0/24 subnet) — Severity level (for example, only messages of severity critical, error, or warning) • Change the format of event messages (for example, display the date as “12-May-2003” or “2003-05-12”) •...
Status Monitoring and Statistics Filtering Events Sent to Targets Not all event messages are sent to every enabled target. Each target receives only the messages that it is configured for. Target Configuration To specify the messages to send to an enabled target, you will set a message severity level, a filter name, and a match expression.
Page 103
Event Management System/Logging Table 19: Severity levels assigned by the switch (continued) Level Description Debug-Verbose A condition has been detected that may interest a developer analyzing some system behavior at a more verbose level than provided by the debug summary information. Debug-Data A condition has been detected that may interest a developer inspecting the data underlying some system behavior.
Page 104
Status Monitoring and Statistics InBPDU STP In BPDU subcomponent Warning OutBPDU STP Out BPDU subcomponent Warning System STP System subcomponent Error The display above lists the components, subcomponents, and the default severity threshold assigned to them. A period (.) is used to separate component, subcomponent, and condition names in EMS. For example, you can refer to the InBPDU subcomponent of the STP component as STP.InBPDU.
Page 105
Event Management System/Logging Filtering By Components and Conditions. You may want to send the messages that come from a specific component that makes up ExtremeWare XOS, or send the message generated by a specific condition. For example, you might want to send only the messages that come from the STP component, or send the message that occurs when the IP.Forwarding.SlowPathDrop condition occurs.
Page 106
Status Monitoring and Statistics ------- ----------- ----------------------- -------- InBPDU -------- CreatPortMsgFail -E------ -------- Include/Exclude: I - Include, E - Exclude Component Unreg: * - Component/Subcomponent is not currently registered Severity Values: C - Critical, E - Error, W - Warning, N - Notice, I - Info Debug Severity : S - Debug-Summary,...
Page 107
Event Management System/Logging number of sources available on the Internet and in various language references describing the operation of regular expressions. Table 20 shows some examples of regular expressions. Table 20: Simple regular expressions Regular Expression Matches Does Not Match port port 2:3 poor...
Status Monitoring and Statistics The string type is used to match a specific string value of an event parameter, such as a user name. A string can be specified as a simple regular expression. Match Versus Strict-Match. The keywords control the filter behavior for match strict-match incidents whose event definition does not contain all the parameters specified in a...
Event Management System/Logging The same example would appear as: May 29 12:17:20.11 SNTP: <Warn:SNTP.RslvSrvrFail> tSntpc: (sntpcLib.c:606) The SNTP server parameter value (TheWrongServer.example.com) can not be resolved. Displaying Real-Time Log Messages You can configure the system to maintain a running real-time display of log messages on the console display or on a (telnet) session.
Status Monitoring and Statistics You must specify the TFTP host and the filename to use in uploading the log. There are many options you can use to select the log entries of interest. You can select to upload only those messages that conform to the specified: •...
Event Management System/Logging will be similar to the following: Comp SubComp Condition Severity Occurred In Notified ------- ----------- ----------------------- ------------- -------- -- -------- InBPDU Drop Error Occurred : # of times this event has occurred since last clear or reboot Flags : (*) Not all applications responded in time with there count values In(cluded): Set to Y(es) if one or more targets filter includes this event...
Page 112
Status Monitoring and Statistics ExtremeWare XOS 10.1 Concepts Guide...
— Authenticating Users Using RADIUS or TACACS+ on page 129 Security Overview Extreme Networks products incorporate a number of features designed to enhance the security of your network. No one feature can insure security, but by using a number of features in concert, you can substantially improve the security of your network.
Security Access lists are typically applied to traffic that crosses layer 3 router boundaries, but it is possible to use access lists within a layer 2 VLAN. Access lists in ExtremeWare XOS apply to all traffic. This is somewhat different from the behavior in ExtremeWare.
Page 115
IP Access Lists (ACLs) protocol udp; source-port 190; destination-port 1200-1400; } then { permit; ACL rule entries are evaluated in order, from the beginning of the file to the end, as follows: • If the packet matches all the match conditions, the action in the then statement is taken and evaluation process terminates.
Page 116
Security Table 21: ACL Match Conditions Applicable Match Conditions Description IP Protocols source-address <prefix> IP source address and mask. All IP destination-address <prefix> IP destination address and mask. All IP protocol <number> IP protocol field. In place of the numeric value, you can specify All IP one of the following text synonyms (the field values are also listed): egp(8), esp(5), gre(47), icmp(1), igmp(2),ipip(4), ipv6(41),...
IP Access Lists (ACLs) Table 21: ACL Match Conditions (continued) Applicable Match Conditions Description IP Protocols ICMP-code <number> ICMP code field. This value or keyword provides more specific ICMP information than the icmp-type. Since the value’s meaning depends upon the associated icmp-type, you must specify the icmp-type along with the icmp-code.In place of the numeric value, you can specify one of the following text synonyms (the field values also listed).
Security source-address 10.203.134.0/24; destination-address 140.158.18.16/32; protocol udp; source-port 190; destination-port 1200-1400; } then { accept; The following rule entry accepts TCP packets from the 10.203.134.0/24 subnet with a source port larger than 190 and ACK & SYN bits set, and also increments the counter tcpcnt: entry tcpacl { source-address 10.203.134.0/24;...
Switch Protection After the ACL has been checked, it can be applied to an interface. To apply an ACL, use the following command: configure access-list <aclname> [any | ports <portlist>] {ingress} If you use the keyword, the ACL is applied to all the interfaces, and is referred to as the wildcard ACL.
Security Policies Policies are a more general concept than routing access profiles and route maps. ExtremeWare XOS uses policies to implement routing access profiles and route maps. A central manager processes policies, and various policy clients, such as BGP or OSPF, get the policies from the central manager. The following sections apply to creating and using policies: •...
Page 121
Switch Protection origin egp; Policy entries are evaluated in order, from the beginning of the file to the end, as follows: • If a match occurs, the action in the then statement is taken: — if the action contains an explicit permit or deny, the evaluation process terminates. —...
Page 122
Security Table 23: Policy Match Conditions (continued) Match Condition Description nlri [<ipaddress> | any]/<mask-length> {exact}; Where, <ipaddress> and <mask> are in dotted decimal nlri [<ipaddress> | any] mask <mask> {exact}; format, <mask-length> is an integer in the range [0 - 32]. Keyword any matches any IP address with a given (or larger) mask/mask-length.
Page 123
Switch Protection Table 25: Policy Regular Expression Examples Attribute Regular Expression Example Matches Zero or more occurrences “1234*” 1234 of AS number 1234 1234 1234 Start of As path set “10 12 { 34” 10 12 34 { 99 33 10 12 { 34 37 End of As path set “12 } 34”...
Page 124
Security Policy Action Statements Table 26 lists the possible action statements. These are the actions taken when the policy match conditions are met in a policy entry. Table 26: Policy Actions Action Description accounting-index <number> value <number>; Sets the accounting index for a route. This is used in the import policy.
• “Translating a Route Map to a Policy” on page 127 Translating an Access Profile to a Policy You may be more familiar with using access profiles on other Extreme Networks’ switches. This example shows the policy equivalent to an access-profile.
Page 126
Security then permit; entry entry-25 nlri 22.44.66.0/23 exact; then deny; The policy above can be optimized by combining some of the if into a single expression. The compact form of the policy will look like this: entry permit_entry If match any { nlri 22.16.0.0/14;...
Page 127
Switch Protection Translating a Route Map to a Policy You may be more familiar with using route maps on other Extreme Networks’ switches. This example shows the policy equivalent to a route map. ExtremeWare Route Map: Route Map : rt...
Page 128
Security as-path 20; as-path 30; as-path 40; as-path 40; permit; entry entry-40 then local-preference 120; weight 2; permit; entry entry-50 match any { origin incomplete; community 19661200; then dampening half-life 20 reuse-limit 1000 suppress-limit 3000 max-suppress 40 permit; entry entry-60 { next-hop 192.168.1.5;...
Management Access Security Using Policies After the policy file has been transferred on the switch, it can be checked to see if it is syntactically correct. Use the following command to check the policy syntax: check policy <policy-name> To apply a policy, use the command appropriate to the client. Some examples include: configure bgp import-policy [<policy-name>...
Security RADIUS Remote Authentication Dial In User Service (RADIUS, RFC 2138) is a mechanism for authenticating and centrally administrating access to network nodes. The ExtremeWare XOS RADIUS implementation allows authentication for Telnet or console access to the switch. NOTE You cannot configure RADIUS and TACACS+ at the same time. You can define a primary and secondary RADIUS server for the switch to contact.
Page 131
• User-Password • Service-Type • Login-IP-Host Using RADIUS Servers with Extreme Switches Extreme Networks switches have two levels of user privilege: • Read-only • Read-write Because no CLI commands are available to modify the privilege level, access rights are determined when you log in.
Security Extreme switches grant a RADIUS-authenticated user read-write privilege if a Service-Type value of 6 is transmitted as part of the Access-Accept message from the Radius server. Other Service-Type values, or no value, result in the switch granting read-only access to the user. Different implementations of RADIUS handle attribute transmission differently.
Spanning Tree Protocol (STP) This chapter covers the following topics: • Overview of the Spanning Tree Protocol on page 135 • Spanning Tree Domains on page 137 • STP Configurations on page 142 • Per-VLAN Spanning Tree on page 148 •...
Spanning Tree Protocol (STP) STP Terms Table 27 describes the terms associated with STP. Table 27: STP terms Term Description autobind If enabled, autobind automatically adds or removes ports from the STPD. If ports are added to the carrier VLAN, the member ports of the VLAN are automatically added to the STPD.
Spanning Tree Domains Spanning Tree Domains The switch can be partitioned into multiple virtual bridges. Each virtual bridge can run an independent Spanning Tree instance. Each Spanning Tree instance is called a Spanning Tree Domain (STPD). Each STPD has its own root bridge and active path. After an STPD is created, one or more VLANs can be assigned to it.
Spanning Tree Protocol (STP) Specifying the Carrier VLAN The following example: • Creates and enables an STPD named s8 • Creates a VLAN named v5 • Assigns VLAN v5 to STPD s8 • Creates the same tag ID for the VLAN and the STPD (the carrier VLAN’s StpdID must be identical to the VLANid of one of the member VLANs) create vlan v5 configure vlan v5 tag 100...
Spanning Tree Domains Encapsulation Modes You can configure ports within an STPD to accept specific BPDU encapsulations. This STP port encapsulation is separate from the STP mode of operation. For example, you can configure a port to accept the PVST+ BPDU encapsulation while running in 802.1D mode. An STP port has three encapsulation modes: •...
Spanning Tree Protocol (STP) STP States Each port that belongs to a member VLAN participating in STP exists in one of the following states: • Blocking A port in the blocking state does not accept ingress traffic, perform traffic forwarding, or learn MAC source addresses.
Page 141
Spanning Tree Domains STP ports mode is changed to match, otherwise the STP ports inherit either the carrier VLANs encapsulation mode on that port or the STPD default encapsulation mode. To remove ports, use the following command: configure stpd <stpd_name> delete vlan <vlan_name> ports [all | <port_list>} If you manually delete a protected VLAN or port, only that VLAN or port is removed.
Spanning Tree Protocol (STP) Rapid Root Failover ExtremeWare XOS supports rapid root failover for faster STP failover recovery times in STP 802.1d mode. If the active root port link goes down ExtremeWare XOS recalculates STP and elects a new root port.
Page 143
STP Configurations • Engineering is the carrier VLAN on STPD2. • Marketing is a member of both STPD1 and STPD2 and is a protected VLAN. Figure 9: Multiple Spanning Tree domains Sales, Personnel, Marketing Manufacturing, Engineering, Marketing Switch A Switch Y Switch B Switch Z Switch M...
Page 144
Spanning Tree Protocol (STP) Figure 10: Tag-based STP configuration Marketing & Sales Marketing, Sales & Engineering Switch 1 Switch 3 Switch 2 Sales & Engineering EX_049 The tag-based network in Figure 10 has the following configuration: • Switch 1 contains VLAN Marketing and VLAN Sales. •...
STP Configurations Multiple STPDs on a Port Traditional 802.1d STP has some inherent limitations when addressing networks that have multiple VLANs and multiple STPDs. For example, consider the sample depicted in Figure 11. Figure 11: Limitations of traditional STPD EX_050 The two switches are connected by a pair of parallel links.
Spanning Tree Protocol (STP) Alternatively, the same VLAN may span multiple large geographical areas (because they belong to the same enterprise) and may traverse a great many nodes. In this case, it is desirable to have multiple STP domains operating in a single VLAN, one for each looped area. The justifications include the following: •...
Page 147
STP Configurations Figure 13: VLANs traverse domains inside switches Correct Wrong EX_052 • The VLAN partition feature is deployed under the premise that the overall inter-domain topology for that VLAN is loop-free. Consider the case in Figure 14, VLAN red (the only VLAN in the figure) spans domains 1, 2, and 3.
Spanning Tree Protocol (STP) Per-VLAN Spanning Tree Switching products that implement Per-VLAN Spanning Tree (PVST) have been in existence for many years and are widely deployed. To support STP configurations that use PVST, ExtremeWare XOS has an operational mode called PVST+. NOTE In this document, PVST and PVST+ are used interchangeably.
Rapid Spanning Tree Protocol RSTP Terms Table 28 describes the terms associated with RSTP. Table 28: RSTP terms Term Description root port Provides the shortest path to the root bridge. All bridges except the root bridge, contain one root port. For more information about the root port, see “Port Roles” on page 149.
Page 150
Spanning Tree Protocol (STP) Table 29: RSTP port roles (continued) Port Role Description Backup Supports the designated port on the same attached LAN segment. Backup ports only exist when the bridge is connected as a self-loop or to a shared-media segment. When RSTP stabilizes, all: •...
Page 151
Rapid Spanning Tree Protocol To change the existing configuration of a port in an STPD, and return the port to factory defaults, use the following command: unconfigure stpd <stpd_name> ports link-type <port_list> To display detailed information about the ports in an STPD, use the following command: show stpd <stpd_name>...
Spanning Tree Protocol (STP) Table 32: Derived timers (continued) Timer Description Recent root The timer starts when a port leaves the root port role. When this timer is running, another port cannot become a root port unless the associated port is put into the blocking state.
Page 153
Rapid Spanning Tree Protocol The following sections provide more information about RSTP behavior. Root Port Rapid Behavior In Figure 15, the diagram on the left displays the initial network topology with a single bridge having the following: • Two ports connected to a shared LAN segment •...
Page 154
Spanning Tree Protocol (STP) Designated Port Rapid Behavior When a port becomes a new designated port, or the STP priority changes on an existing designated port, the port becomes an unsynced designated port. In order for an unsynced designated port to rapidly move into the forwarding state, the port must propose a confirmation of its role on the attached LAN segment, unless the port is an edge port.
Page 155
Rapid Spanning Tree Protocol • All other ports in the network are in the forwarding state. Figure 16: Initial network configuration A , 0 A , 1 A , 2 A , 1 A , 2 A , 3 Designated Root Blocked port...
Page 156
Spanning Tree Protocol (STP) 2 Bridge E believes that bridge A is the root bridge. When bridge E receives the BPDU on its root port from bridge F, bridge E: • Determines that it received an inferior BPDU • Immediately begins the max age timer on its root port •...
Page 157
Rapid Spanning Tree Protocol 4 Bridge D believes that bridge A is the root bridge. When bridge D receives the BPDU from bridge E on its alternate port, bridge D: • Immediately begins the max age timer on its alternate port •...
Page 158
Spanning Tree Protocol (STP) 6 To complete the topology change: • Bridge D moves the port that received the agree message into the forwarding state. • Bridge F confirms that its receiving port (the port that received the “propose” message) is the root port, and immediately replies with an “agree”...
STP Rules and Restrictions STP Rules and Restrictions This section summarizes the rules and restrictions for configuring STP. • The carrier VLAN must span all of the ports of the STPD. • The StpdID must be the VLANid of one of its member VLANs, and that VLAN cannot be partitioned.
• Port mode NOTE The device supports the RFC 1493 Bridge MIB, RSTP-03, and Extreme Networks STP MIB. Parameters of the s0 default STPD support RFC 1493 and RSTP-03. Parameters of any other STPD support the Extreme Networks STP MIB.
Page 161
Configuring STP on the Switch • Assigns the Engineering VLAN to the STPD • Assigns the carrier VLAN • Enables STP create vlan engineering configure vlan engineering tag 150 configure vlan engineering add ports 2:5-2:10 tagged create stpd backbone_st enable stpd backbone_st auto-bind vlan engineering configure stpd backbone_st tag 150 enable stpd backbone_st By default, the port encapsulation mode for user-defined STPDs is...
Page 162
Spanning Tree Protocol (STP) create stpd s1 configure stpd s1 add green ports all configure stpd s1 tag 200 configure stpd s1 add red ports 1:1-1:2 emistp enable stpd s1 create stpd s2 configure stpd s2 add yellow ports all configure stpd s2 tag 300 configure stpd s2 add red ports 1:3-1:4 emistp enable stpd s2...
Displaying STP Settings In this example, the commands configure switch A in STPD1 for rapid reconvergence. Use the same commands to configure each switch and STPD in the network. create stpd stpd1 configure stpd stpd1 mode dot1w create vlan sales create vlan personnel create vlan marketing configure vlan sales tag 100...
Page 164
Spanning Tree Protocol (STP) To display the STP state of a port, use the following command: show stpd <stpd_name> ports {<port_list> {detail}} This command displays the following information: • STPD port configuration • STPD port mode of operation • STPD path cost •...
Virtual Router Redundancy Protocol This chapter covers the following topics: • Overview on page 165 • Determining the VRRP Master on page 166 • Additional VRRP Highlights on page 168 • VRRP Operation on page 169 • VRRP Configuration Parameters on page 171 •...
Virtual Router Redundancy Protocol VRRP Terms Table 33 describes terms associated with VRRP. Table 33: VRRP Terms Term Description virtual router A VRRP router is a group of one or more physical devices that acts as the default gateway for hosts on the network. The virtual router is identified by a virtual router identifier (VRID) and an IP address.
Page 167
Determining the VRRP Master VRRP Tracking Example Figure 26 is an example of VRRP tracking. Figure 26: VRRP tracking VRRP master 200.1.1.1/24 (track-vlan) vlan vlan1 Host 2: Router 200.1.1.14/24 Gateway: 200.1.1.1 L2 switch or hub 10.10.10.121 Host 1: 200.1.1.13/24 Gateway: VRRP backup 200.1.1.1 200.1.1.2/24...
Virtual Router Redundancy Protocol Electing the Master Router VRRP uses an election algorithm to dynamically assign responsibility for the master router to one of the VRRP routers on the network. A VRRP router is elected master if the router has the highest priority (the range is 1 - 255).
VRRP Operation • VRRP and Spanning Tree can be simultaneously enabled on the same switch. VRRP Operation This section describes two VRRP network configuration: • A simple VRRP network • A fully-redundant VRRP network Simple VRRP Network Configuration Figure 27 shows a simple VRRP network. Figure 27: Simple VRRP network Switch A Switch B...
Virtual Router Redundancy Protocol If the master router fails, the backup router assumes forwarding responsibility for traffic addressed to the virtual router MAC address. However, because the IP address associated with the master router is not physically located on the backup router, the backup router cannot reply to TCP/IP messages (such as pings) sent to the virtual router.
VRRP Configuration Parameters VRRP Configuration Parameters Table 34 lists the parameters that are configured on a VRRP router. Table 34: VRRP Configuration Parameters Parameter Description vrid Virtual router identifier. Configured item in the range of 1- 255. This parameter has no default value. priority Priority value to be used by this VRRP router in the master election process.
Virtual Router Redundancy Protocol VRRP Examples This section provides the configuration syntax for the two VRRP networks discussed in this chapter. Configuring the Simple VRRP Network The following illustration shows the simple VRRP network described in Figure 27. Figure 29: Simple VRRP network Switch A Switch B Switch A = Master...
VRRP Examples Configuring the Fully-Redundant VRRP Network The following illustration shows the fully-redundant VRRP network configuration described in Figure 28. Figure 30: Fully-redundant VRRP configuration Switch A Switch B Master for virtual IP 192.168.1.3 Master for virtual IP 192.168.1.5 Master VRID = 1 Master VRID = 2 Backup for virtual IP 192.168.1.5 Backup for virtual IP 192.168.1.3...
IP Unicast Routing This chapter describes the following topics: • Overview of IP Unicast Routing on page 175 • Proxy ARP on page 178 • Relative Route Priorities on page 179 • Configuring IP Unicast Routing on page 179 • Routing Configuration Example on page 180 •...
IP Unicast Routing Router Interfaces The routing software and hardware routes IP traffic between router interfaces. A router interface is simply a VLAN that has an IP address assigned to it. As you create VLANs with IP addresses belonging to different IP subnets, you can also choose to route between the VLANs.
Overview of IP Unicast Routing Populating the Routing Table The switch maintains an IP routing table for both network routes and host routes. The table is populated from the following sources: • Dynamically, by way of routing protocol packets or by ICMP redirects exchanged with other routers •...
IP Unicast Routing Multiple Routes When there are multiple, conflicting choices of a route to a particular destination, the router picks the route with the longest matching network mask. If these are still equal, the router picks the route using the following criteria (in the order specified): •...
Relative Route Priorities For example, an IP host is configured with a class B address of 100.101.102.103 and a mask of 255.255.0.0. The switch is configured with the IP address 100.101.102.1 and a mask of 255.255.255.0. The switch is also configured with a proxy ARP entry of IP address 100.101.0.0 and mask 255.255.0.0, without parameter.
IP Unicast Routing configure vlan <vlan_name> ipaddress <ipaddress> {<ipNetmask>} Ensure that each VLAN has a unique IP address. 3 Configure a default route using the following command: configure iproute add default <gateway> {vr <vrname>} {<metric>} {multicast-only | unicast-only} Default routes are used when the router has no other dynamic or static route to the requested destination.
Page 181
Routing Configuration Example Figure 32: Unicast routing configuration example 192.207.35.1 192.207.36.1 MyCompany 192.207.35.0 192.207.36.0 Finance Personnel = IP traffic NetBIOS NetBIOS = NetBIOS traffic NetBIOS NetBIOS EX_047 The stations connected to the system generate a combination of IP traffic and NetBIOS traffic. The IP traffic is filtered by the protocol-sensitive VLANs.
IP Unicast Routing The example in Figure 32 is configured as follows: create vlan Finance create vlan Personnel create vlan MyCompany configure Finance protocol ip configure Personnel protocol ip configure Finance add port 1:*,3:* configure Personnel add port 2:*,4:* configure MyCompany add port all configure Finance ipaddress 192.207.35.1 configure Personnel ipaddress 192.207.36.1 configure rip add vlan Finance...
Configuring DHCP/BOOTP Relay UDP Echo Server You can use UDP Echo packets to measure the transit time for data between the transmitting and receiving end. To enable UDP echo server support, use the following command: rtlookup To disable UDP echo server support, use the following command: enable bootp vlan ExtremeWare XOS 10.1 Concepts Guide...
Page 184
IP Unicast Routing ExtremeWare XOS 10.1 Concepts Guide...
Page 185
Interior Gateway Protocols This chapter describes the following topics: • Overview on page 186 • Overview of RIP on page 187 • Overview of OSPF on page 188 • Route Re-Distribution on page 193 • RIP Configuration Example on page 196 •...
Interior Gateway Protocols Overview The switch supports the use of two interior gateway protocols (IGPs); the Routing Information Protocol (RIP), and the Open Shortest Path First (OSPF) protocol. RIP is a distance-vector protocol, based on the Bellman-Ford (or distance-vector) algorithm. The distance-vector algorithm has been in use for many years, and is widely deployed and understood.
Overview of RIP Overview of RIP RIP is an Interior Gateway Protocol (IGP) first used in computer routing in the Advanced Research Projects Agency Network (ARPAnet) as early as 1969. It is primarily intended for use in homogeneous networks of moderate size. To determine the best path to a distant network, a router using RIP always selects the path that has the least number of hops.
Interior Gateway Protocols RIP Version 1 Versus RIP Version 2 A new version of RIP, called RIP version 2, expands the functionality of RIP version 1 to include: • Variable-Length Subnet Masks (VLSMs). • Support for next-hop addresses, which allows for optimization of routes in certain environments. •...
Overview of OSPF Database Overflow The OSPF database overflow feature allows you to limit the size of the LSDB and to maintain a consistent LSDB across all the routers in the domain, which ensures that all routers have a consistent view of the network.
Page 190
Interior Gateway Protocols in LSA traffic, and reduces the computations needed to maintain the LSDB. Routing within the area is determined only by the topology of the area. The three types of routers defined by OSPF are as follows: • Internal Router (IR)—An internal router has all of its interfaces within the same area. •...
Page 191
Overview of OSPF • External routes originating from the NSSA can be propagated to other areas, including the backbone area. The CLI command to control the NSSA function is similar to the command used for configuring a stub area, as follows: configure ospf area <area-identifier>...
Page 192
Interior Gateway Protocols Figure 33: Virtual link using Area 1 as a transit area Virtual link Area 2 Area 1 Area 0 EX_044 Virtual links are also used to repair a discontiguous backbone area. For example, in Figure 34, if the connection between ABR1 and the backbone fails, the connection using ABR2 provides redundancy so that the discontiguous area can continue to communicate with the backbone using the virtual link.
Route Re-Distribution Point-to-Point Support You can manually configure the OSPF link type for a VLAN. Table 37 describes the link types. Table 37: OSPF Link Types Link Type Number of Routers Description Auto Varies ExtremeWare XOS automatically determines the OSPF link type based on the interface type.
Interior Gateway Protocols Figure 35: Route re-distribution OSPF AS Backbone Area 0.0.0.0 Area 121.2.3.4 ASBR ASBR RIP AS EX_046 Configuring Route Re-Distribution Exporting routes from one protocol to another, and from that protocol to the first one, are discreet configuration functions. For example, to run OSPF and RIP simultaneously, you must first configure both protocols and then verify the independent operation of each.
Route Re-Distribution Re-Distributing Routes into OSPF Enable or disable the exporting of BGP, RIP, static, and direct (interface) routes to OSPF using the following commands: enable ospf export [bgp | direct | e-bgp | i-bgp | rip | static] [cost <cost> type [ase-type-1 | ase-type-2] {tag <number>} | <policy-map>] disable ospf export [bgp | direct | e-bgp | i-bgp | rip | static] These commands enable or disable the exporting of RIP, static, and direct routes by way of LSA to other...
Interior Gateway Protocols RIP Configuration Example Figure 36 illustrates a BlackDiamond switch that has three VLANs defined as follows: • Finance — Protocol-sensitive VLAN using the IP protocol. — All ports on slots 1 and 3 have been assigned. — IP address 192.207.35.1. •...
Configuring OSPF In this configuration, all IP traffic from stations connected to slots 1 and 3 have access to the router by way of the VLAN Finance. Ports on slots 2 and 4 reach the router by way of the VLAN Personnel. All other traffic (NetBIOS) is part of the VLAN MyCompany.
Page 198
Interior Gateway Protocols configure ospf vlan [<vlan-name> | all] timer <retransmit-interval> <transit-delay> <hello-interval> <dead-interval> {<wait-timer-interval>} You can configure the following parameters: • Retransmit interval—The length of time that the router waits before retransmitting an LSA that is not acknowledged. If you set an interval that is too short, unnecessary retransmissions will result. The default value is 5 seconds.
OSPF Configuration Example OSPF Configuration Example Figure 37 is an example of an autonomous system using OSPF routers. The details of this network follow. Figure 37: OSPF configuration example Area 0 IR 2 IR 1 10.0.1.1 10.0.1.2 10.0.3.2 10.0.2.2 Headquarters ABR 2 ABR 1 10.0.3.1...
Interior Gateway Protocols • Two internal routers Area 6 is a stub area connected to the backbone by way of ABR1. It is located in Los Angeles and has the following characteristics: • Network number 161.48.x.x • One identified VLAN (LA_161_48_2) •...
Displaying OSPF Settings To display information about one or all OSPF areas, use the following command: show ospf area {<area-identifier>} option displays information about all OSPF areas in a detail format. detail To display information about OSPF interfaces for an area, a VLAN, or for all interfaces, use the following command: show ospf interfaces {vlan <vlan-name>...
Page 202
Interior Gateway Protocols ExtremeWare XOS 10.1 Concepts Guide...
Page 203
Exterior Gateway Routing Protocols This chapter covers the following topics: • Overview on page 204 • BGP Attributes on page 204 • BGP Communities on page 205 • BGP Features on page 205 This chapter describes how to configure the Border Gateway Protocol (BGP), an exterior routing protocol available on the switch.
Exterior Gateway Routing Protocols Overview BGP is an exterior routing protocol that was developed for use in TCP/IP networks. The primary function of BGP is to allow different autonomous systems (ASs) to exchange network reachability information. An autonomous system is a set of routers that are under a single technical administration. This set of routers uses a different routing protocol (such as OSPF) for intra-AS routing.
BGP Communities BGP Communities A BGP community is a group of BGP destinations that require common handling. ExtremeWare XOS supports the following well-known BGP community attributes: • no-export • no-advertise • no-export-subconfed BGP Features This section describes the following BGP features supported by ExtremeWare XOS: •...
Page 206
Exterior Gateway Routing Protocols Figure 38: Route reflectors AS 100 1.1.1.1 3.3.3.3 10.0.0.1 2.2.2.2 20.0.0.1 Non-client Client 10.0.0.2 20.0.0.2 30.0.0.2 4.4.4.4 30.0.0.1 Route Reflector Client Cluster EX_042 The topology shown in Figure 38 minimizes the number of BGP peering sessions required in an AS by making use of route reflectors.
Page 208
Exterior Gateway Routing Protocols Route Confederation Example Figure 39 shows an example of a confederation. Figure 39: Routing confederation AS 200 SubAS 65001 EBGP 192.1.1.6/30 192.1.1.5/30 192.1.1.9/30 192.1.1.17/30 192.1.1.22/30 IBGP 192.1.1.21/30 192.1.1.18/30 EBGP EBGP 192.1.1.13/30 192.1.1.14/30 192.1.1.10/30 IBGP SubAS 65002 EX_043 In this example, AS 200 has five BGP speakers.
Page 209
BGP Features create bgp neighbor 192.1.1.18 remote-AS-number 65001 enable bgp neighbor all To configure router B, use the following commands: create vlan ba configure vlan ba add port 1 configure vlan ba ipaddress 192.1.1.5/30 enable ipforwarding vlan ba configure ospf add vlan ba area 0.0.0.0 create vlan bc configure vlan bc add port 2 configure vlan bc ipaddress 192.1.1.22/30...
Page 210
Exterior Gateway Routing Protocols enable bgp neighbor all To configure router D, use the following commands: create vlan db configure vlan db add port 1 configure vlan db ipaddress 192.1.1.10/30 enable ipforwarding vlan db configure ospf add vlan db area 0.0.0.0 create vlan de configure vlan de add port 2 configure vlan de ipaddress 192.1.1.14/30...
BGP Features Route Aggregation Route aggregation is the process of combining the characteristics of several routes so that they are advertised as a single route. Aggregation reduces the amount of information that a BGP speaker must store and exchange with other BGP speakers. Reducing the information that is stored and exchanged also reduces the size of the routing table.
Exterior Gateway Routing Protocols • password Adding Neighbors to a BGP Peer Group To create a new neighbor and add it to a BGP peer group, use the following command: create bgp neighbor <remoteaddr> peer-group <peer-group-name> {multi-hop} The new neighbor is created as part of the peer group and inherits all of the existing parameters of the peer group.
BGP Features Configuring Route Flap Dampening BGP route flap dampening can be enabled on a per BGP peer session basis, for a BGP peer group, or for a set of routes, using a route map. To enable route flap dampening over BGP peer sessions, use the following command: configure bgp neighbor [all | <remoteaddr>] {address-family [ipv4-unicast | ipv4-multicast]} dampening {{half-life <half-life-minutes>...
Exterior Gateway Routing Protocols • shortest length (shortest AS path) • lowest origin code • lowest MED • route from external peer • lowest cost to Next Hop • lowest routerID Stripping Out Private AS Numbers from Route Updates Private AS numbers are AS numbers in the range 64512 through 65534. You can remove private AS numbers from the AS path attribute in updates that are sent to external BGP (EBGP) neighbors.
IP Multicast Routing This chapter covers the following topics: • Overview on page 217 — PIM Overview on page 218 — PIM Overview on page 218 — IGMP Overview on page 219 • Configuring IP Multicasting Routing on page 220 •...
You can run either PIM-DM or PIM-SM per VLAN. PIM Mode Interoperation An Extreme Networks switch can function as a PIM multicast border router (PMBR). A PMBR integrates PIM-SM and PIM-DM traffic. When forwarding PIM-DM traffic into a PIM-SM network, the PMBR notifies the RP that the PIM-DM network exists.
Overview The PMBR also forwards PIM-SM traffic to a PIM-DM network, based on the (*.*.RP) entry. The PMBR sends a join message to the RP and the PMBR forwards traffic from the RP into the PIM-DM network. No commands are required to enable PIM mode interoperation. PIM mode interoperation is automatically enabled when a dense mode interface and a sparse mode interface are enabled on the same switch.
IP Multicast Routing configure igmp snooping {vlan} <vlanname> ports <portlist> add static router To remove these entries, use the corresponding command: configure igmp snooping {vlan} <vlanname> ports <portlist> delete static group [<ip_address> | all] configure igmp snooping vlan <vlanname> ports <portlist> delete static router To display the IGMP snooping static groups, use the following command: show igmp snooping vlan <name>...
Configuration Examples Configuration Examples Figure 40 and Figure 41 are used in Chapter 13 to describe the OSPF configuration on a switch. Refer to Chapter 13 for more information about configuring OSPF. In Figure 40, the system labeled IR1 is configured for IP multicast routing, using PIM-DM.
IP Multicast Routing Configuration for IR1 The router labeled IR1 has the following configuration: configure vlan HQ_10_0_1 ipaddress 10.0.1.2 255.255.255.0 configure vlan HQ_10_0_2 ipaddress 10.0.2.2 255.255.255.0 configure ospf add vlan all area 0.0.0.0 enable ipforwarding enable ospf enable ipmcforwarding configure pim add vlan all dense enable pim The following example configures PIM-SM.
Software Upgrade and Boot Options This appendix describes the following topics: • Downloading a New Image on page 227 • Saving Configuration Changes on page 229 • Using TFTP to Upload the Configuration on page 231 • Using TFTP to Download the Configuration on page 232 •...
Software Upgrade and Boot Options Before the download begins, you are asked if you want to install the image immediately after the download is finished. If you install the image immediately after download, you must reboot the switch. Enter to install the image after download. Enter to install the image at a later time.
Saving Configuration Changes Table 38 describes the image version fields. Table 38: Image version fields Field Description major Specifies the ExtremeWare XOS Major version number. minor Specifies the ExtremeWare XOS Minor version number. patch Identifies a specific patch release. build Specifies the ExtremeWare XOS build number.
Software Upgrade and Boot Options NOTE Configuration files have a .cfg file extension. When you enter the name of the file in the CLI, the system automatically adds the .cfg file extension. If you have made a mistake, or you must revert to the configuration as it was before you started making changes, you can tell the switch to use the backup configuration on the next reboot.
You can upload the current configuration to a TFTP server on your network. The uploaded configuration file retains your system configuration and is saved in XML format. This allows you to send a copy of the configuration file to the Extreme Networks Technical Support department for problem-solving purposes.
Interaction with the Bootloader is only required under special circumstances, and should be done only under the direction of Extreme Networks Customer Support. The necessity of using these functions implies a non-standard problem which requires the assistance of Extreme Networks Customer Support.
Page 233
Accessing the Bootloader To access the Bootloader, follow these steps: 1 Attach a serial cable to the console port of the switch. 2 Attach the other end of the serial cable to a properly configured terminal or terminal emulator, power cycle the switch and depress any ASCII key on the keyboard of the terminal during the boot up process.
Page 234
Software Upgrade and Boot Options ExtremeWare XOS 10.1 Concepts Guide...
Troubleshooting If you encounter problems when using the switch, this appendix may be helpful. If you have a problem not listed here or in the release notes, contact your local technical support representative. LEDs Power LED does not light: Check that the power cable is firmly connected to the device and to the supply outlet. On powering-up, the MGMT LED lights yellow: The device has failed its Power On Self Test (POST) and you should contact your supplier for advice.
Switch does not power up: All products manufactured by Extreme Networks use digital power supplies with surge protection. In the event of a power surge, the protection circuits shut down the power supply. To reset, unplug the switch for 1 minute, plug it back in, and attempt to power up the switch.
Page 237
Using the Command Line Interface The Telnet workstation cannot access the device: Check that the device IP address, subnet mask and default router are correctly configured, and that the device has been reset. Ensure that you enter the IP address of the switch correctly when invoking the Telnet facility.
Troubleshooting Port Configuration No link light on 10/100 Base port: If patching from a hub or switch to another hub or switch, ensure that you are using a CAT5 cross-over cable. This is a CAT5 cable that has pins 1&2 on one end connected to pins 3&6 on the other end. Excessive RX CRC errors: When a device that has auto-negotiation disabled is connected to an Extreme switch that has auto-negotiation enabled, the Extreme switch links at the correct speed, but in half duplex mode.
Using the Command Line Interface you already have a VLAN using untagged traffic on a port. Only one VLAN using untagged traffic can be configured on a single physical port. VLAN configuration can be verified by using the following command: show vlan {<vlan_name>...
Troubleshooting The switch keeps aging out endstation entries in the switch Forwarding Database (FDB): Reduce the number of topology changes by disabling STP on those systems that do not use redundant paths. Specify that the endstation entries are static or permanent. Debug Mode The Event Management System (EMS) provides a standardized way to filter and store messages generated by the switch.
Nov-13-2003 Contacting Extreme Technical Support If you have a network issue that you are unable to resolve, contact Extreme Networks technical support. Extreme Networks maintains several Technical Assistance Centers (TACs) around the world to answer networking questions and resolve network problems. You can contact technical support by phone at: •...
Page 242
Troubleshooting ExtremeWare XOS 10.1 Concepts Guide...
Supported Protocols, MIBs, and Standards The following is a list of software standards and protocols supported by ExtremeWare XOS. General Routing and Switching RFC 1812 Requirements for IP Version 4 Routers RFC 793 Transmission Control Protocol RFC 1519 An Architecture for IP Address Allocation RFC 826 Ethernet Address Resolution Protocol: Or with CIDR converting network protocol addresses to 48.bit...
Page 244
Supported Protocols, MIBs, and Standards RFC 1058 Routing Information Protocol RFC 2453 RIP Version 2 OSPF RFC 2328 OSPF Version 2 RFC 1765 OSPF Database Overflow RFC 1587 The OSPF NSSA Option RFC 2370 The OSPF Opaque LSA Option BGP4 RFC 1771 A Border Gateway Protocol 4 (BGP-4) RFC 1745 BGP4/IDRP for IP---OSPF Interaction RFC 1965 Autonomous System Confederations for...
Page 245
Management - SNMP & MIBs RFC 1157 Simple Network Management Protocol RFC 3412 Message Processing and Dispatching for the (SNMP) Simple Network Management Protocol (SNMP) RFC-1215 Convention for defining traps for use with RFC 3413 Simple Network Management Protocol the SNMP (SNMP) Applications RFC 1901 Introduction to Community-based SNMPv2 RFC 3414 User-based Security Model (USM) for...
Page 246
Supported Protocols, MIBs, and Standards DiffServ - Standards and MIBs RFC 2474 Definition of the Differentiated Services Field RFC 2597 Assured Forwarding PHB Group (DS Field) in the IPv4 and IPv6 Headers RFC 2598 An Expedited Forwarding PHB RFC 2475 An Architecture for Differentiated Services ExtremeWare XOS 10.1 Concepts Guide...
Page 247
Index Numerics creating description 1d mode, STP mandatory parameters neighbors redistributing to OSPF access control lists route aggregation access levels route reflectors access lists, description route selection accounts BlackDiamond switch, port configuration creating blackhole entries, FDB deleting Bootloader viewing accessing ACL match conditions 116, 121, 124 prompt...
Page 248
Index image downloading database applications, and QoS primary and secondary database overflow, OSPF upgrading default interfaces, router gateway Internet Group Management Protocol. See IGMP passwords IP address, entering STP domain IP multicast routing users configuring default VLAN description 19, 217 deleting a session example DHCP relay, configuring...
Page 249
Index passwords default MAC-based security forgetting management access path MTU discovery management port permanent entries, FDB Management Switch Fabric Module. See MSM Per-VLAN Spanning Tree. See PVST+ manually bind ports master port, load sharing mode interoperation match conditions, ACL 116, 121, 124 multicast border router (PMBR) maximum Telnet session PIM-DM...
Page 250
Index DiffServ, configuring edge examples point-to-point source port operation file server applications overview maximum bandwidth port roles minimum bandwidth alternate priority backup profiles designated default edge description root parameters propogating topology information traffic groupings receiving bridge behavior description root port rapid behavior explicit packet marking terms source port...
Page 251
Index Terminal Access Controller Access Control System Plus. See 1D mode TACACS+ advanced example TFTP and VLANs connecting to another host and VRRP enabling the server autobind ports server basic configuration example using bridge priority traceroute carrier vlan command traceroute configurable parameters traffic groupings configuration examples...
Page 252
Index examples interfaces IP address 166, 171 IP address owner MAC address master determining master down interval 168, 171 master router multicast address operation preempt mode priority 166, 168, 171 redundancy route table tracking skew time 168, 171 tracking, description virtual router virtual router identifier (VRID) 166, 171...
Page 255
Index of Commands show ports rxerrors show ports sharing logout show ports stats show ports txerrors show powersupplies show protocol mtrace show qosprofile 89, 90 show session show slot show snmpv3 access nslookup show snmpv3 filter show snmpv3 filter-profile show snmpv3 group ping 27, 29, 30 show snmpv3 mib-view...
Page 256
Index of Commands ExtremeWare XOS 10.1 Concepts Guide...